summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Guenther <guenther@cvs.openbsd.org>2014-03-24 00:19:49 +0000
committerPhilip Guenther <guenther@cvs.openbsd.org>2014-03-24 00:19:49 +0000
commitd8290a491b942a98582508cc9b6718832261d4ad (patch)
tree71b9f523f4979b625ecfdd3fb49c43a38cef3053
parentf75538b630ba05fcf2635e8fe5e4f51c32f429ea (diff)
Split the API: struct ucred remains the kernel internal structure while
struct xucred becomes the structure for syscalls (mount(2) and nfssvc(2)). ok deraadt@ beck@
-rw-r--r--sbin/mountd/mountd.c34
-rw-r--r--sys/kern/kern_prot.c16
-rw-r--r--sys/kern/vfs_subr.c12
-rw-r--r--sys/nfs/nfs.h4
-rw-r--r--sys/sys/mount.h4
-rw-r--r--sys/sys/ucred.h13
6 files changed, 51 insertions, 32 deletions
diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c
index a0115c3d297..06470ebdcc5 100644
--- a/sbin/mountd/mountd.c
+++ b/sbin/mountd/mountd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mountd.c,v 1.72 2013/11/22 04:12:48 deraadt Exp $ */
+/* $OpenBSD: mountd.c,v 1.73 2014/03/24 00:19:48 guenther Exp $ */
/* $NetBSD: mountd.c,v 1.31 1996/02/18 11:57:53 fvdl Exp $ */
/*
@@ -40,7 +40,6 @@
#include <sys/socket.h>
#include <sys/stat.h>
#include <syslog.h>
-#include <sys/ucred.h>
#include <rpc/rpc.h>
#include <rpc/pmap_clnt.h>
@@ -139,10 +138,10 @@ int check_options(struct dirlist *);
int chk_host(struct dirlist *, in_addr_t, int *, int *);
void del_mlist(char *, char *);
struct dirlist *dirp_search(struct dirlist *, char *);
-int do_mount(struct exportlist *, struct grouplist *, int, struct ucred *,
+int do_mount(struct exportlist *, struct grouplist *, int, struct xucred *,
char *, int, struct statfs *);
int do_opt(char **, char **, struct exportlist *, struct grouplist *,
- int *, int *, struct ucred *);
+ int *, int *, struct xucred *);
struct exportlist *ex_search(fsid_t *);
struct exportlist *get_exp(void);
void free_dir(struct dirlist *);
@@ -164,7 +163,7 @@ void hang_dirp(struct dirlist *, struct grouplist *, struct exportlist *,
void mntsrv(struct svc_req *, SVCXPRT *);
void nextfield(char **, char **);
void out_of_mem(void);
-void parsecred(char *, struct ucred *);
+void parsecred(char *, struct xucred *);
int put_exlist(struct dirlist *, XDR *, struct dirlist *, int *);
int scan_tree(struct dirlist *, in_addr_t);
void send_umntall(int signo);
@@ -179,12 +178,11 @@ struct exportlist *exphead;
struct mountlist *mlhead;
struct grouplist *grphead;
char exname[MAXPATHLEN];
-struct ucred def_anon = {
- 1,
- (uid_t) -2,
- (gid_t) -2,
- 0,
- { 0, }
+struct xucred def_anon = {
+ .cr_uid = (uid_t) -2,
+ .cr_gid = (gid_t) -2,
+ .cr_ngroups = 0,
+ .cr_groups = { 0, }
};
int resvport_only = 1;
int opt_flags;
@@ -690,7 +688,7 @@ get_exportlist(void)
struct dirlist *dirhead;
struct statfs fsb, *ofsp, *fsp;
struct hostent *hpe;
- struct ucred anon;
+ struct xucred anon;
union {
struct ufs_args ua;
struct iso_args ia;
@@ -1324,7 +1322,7 @@ free_dir(struct dirlist *dp)
*/
int
do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp,
- int *has_hostp, int *exflagsp, struct ucred *cr)
+ int *has_hostp, int *exflagsp, struct xucred *cr)
{
char *cp, *endcp, *cpopt, savedc, savedc2 = 0;
char *cpoptarg, *cpoptend;
@@ -1559,7 +1557,7 @@ out_of_mem(void)
*/
int
do_mount(struct exportlist *ep, struct grouplist *grp, int exflags,
- struct ucred *anoncrp, char *dirp, int dirplen, struct statfs *fsb)
+ struct xucred *anoncrp, char *dirp, int dirplen, struct statfs *fsb)
{
struct sockaddr_in sin, imask;
union {
@@ -1806,7 +1804,7 @@ get_line(void)
* Parse a description of a credential.
*/
void
-parsecred(char *namelist, struct ucred *cr)
+parsecred(char *namelist, struct xucred *cr)
{
gid_t groups[NGROUPS + 1];
char *name, *names;
@@ -1817,10 +1815,8 @@ parsecred(char *namelist, struct ucred *cr)
/*
* Set up the unprivileged user.
*/
- cr->cr_ref = 1;
- cr->cr_uid = (uid_t)-2;
- cr->cr_gid = (gid_t)-2;
- cr->cr_ngroups = 0;
+ *cr = def_anon;
+
/*
* Get the user's password table entry.
*/
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 6a42a3a61b5..4e7c7171315 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_prot.c,v 1.56 2013/04/06 03:44:34 tedu Exp $ */
+/* $OpenBSD: kern_prot.c,v 1.57 2014/03/24 00:19:48 guenther Exp $ */
/* $NetBSD: kern_prot.c,v 1.33 1996/02/09 18:59:42 christos Exp $ */
/*
@@ -837,6 +837,20 @@ crdup(struct ucred *cr)
}
/*
+ * Convert the userspace xucred to a kernel ucred
+ */
+void
+crfromxucred(struct ucred *cr, const struct xucred *xcr)
+{
+ cr->cr_ref = 1;
+ cr->cr_uid = xcr->cr_uid;
+ cr->cr_gid = xcr->cr_gid;
+ cr->cr_ngroups = xcr->cr_ngroups;
+ memcpy(cr->cr_groups, xcr->cr_groups,
+ sizeof(cr->cr_groups[0]) * xcr->cr_ngroups);
+}
+
+/*
* Get login name, if available.
*/
/* ARGSUSED */
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index ca729adaae6..51f2c51d366 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vfs_subr.c,v 1.211 2014/01/21 01:48:45 tedu Exp $ */
+/* $OpenBSD: vfs_subr.c,v 1.212 2014/03/24 00:19:48 guenther Exp $ */
/* $NetBSD: vfs_subr.c,v 1.53 1996/04/22 01:39:13 christos Exp $ */
/*
@@ -1397,11 +1397,8 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
if (mp->mnt_flag & MNT_DEFEXPORTED)
return (EPERM);
np = &nep->ne_defexported;
- np->netc_exflags = argp->ex_flags;
- np->netc_anon = argp->ex_anon;
- np->netc_anon.cr_ref = 1;
mp->mnt_flag |= MNT_DEFEXPORTED;
- return (0);
+ goto finish;
}
if (argp->ex_addrlen > MLEN || argp->ex_masklen > MLEN ||
argp->ex_addrlen < 0 || argp->ex_masklen < 0)
@@ -1449,9 +1446,10 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
error = EPERM;
goto out;
}
+finish:
np->netc_exflags = argp->ex_flags;
- np->netc_anon = argp->ex_anon;
- np->netc_anon.cr_ref = 1;
+ /* fill in the kernel's ucred from userspace's xucred */
+ crfromxucred(&np->netc_anon, &argp->ex_anon);
return (0);
out:
free(np, M_NETADDR);
diff --git a/sys/nfs/nfs.h b/sys/nfs/nfs.h
index 1dcaa29cbcf..3326af33122 100644
--- a/sys/nfs/nfs.h
+++ b/sys/nfs/nfs.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: nfs.h,v 1.51 2009/09/02 18:20:54 thib Exp $ */
+/* $OpenBSD: nfs.h,v 1.52 2014/03/24 00:19:48 guenther Exp $ */
/* $NetBSD: nfs.h,v 1.10.4.1 1996/05/27 11:23:56 fvdl Exp $ */
/*
@@ -107,7 +107,7 @@ struct nfsd_srvargs {
struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */
uid_t nsd_uid; /* Effective uid mapped to cred */
u_int32_t nsd_haddr; /* IP address of client */
- struct ucred nsd_cr; /* Cred. uid maps to */
+ struct xucred nsd_cr; /* Cred. uid maps to */
int nsd_authlen; /* Length of auth string (ret) */
u_char *nsd_authstr; /* Auth string (ret) */
int nsd_verflen; /* and the verifier */
diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index 724a5e684d2..4cd3ecb308b 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: mount.h,v 1.117 2013/12/01 16:40:56 krw Exp $ */
+/* $OpenBSD: mount.h,v 1.118 2014/03/24 00:19:48 guenther Exp $ */
/* $NetBSD: mount.h,v 1.48 1996/02/18 11:55:47 fvdl Exp $ */
/*
@@ -62,7 +62,7 @@ struct fid {
struct export_args {
int ex_flags; /* export related flags */
uid_t ex_root; /* mapping for root uid */
- struct ucred ex_anon; /* mapping for anonymous user */
+ struct xucred ex_anon; /* mapping for anonymous user */
struct sockaddr *ex_addr; /* net address to which exported */
int ex_addrlen; /* and the net address length */
struct sockaddr *ex_mask; /* mask of valid bits in saddr */
diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h
index a75c073d200..bf8c34a4669 100644
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ucred.h,v 1.6 2003/08/15 20:32:20 tedu Exp $ */
+/* $OpenBSD: ucred.h,v 1.7 2014/03/24 00:19:48 guenther Exp $ */
/* $NetBSD: ucred.h,v 1.12 1995/06/01 22:44:50 jtc Exp $ */
/*
@@ -48,11 +48,22 @@ struct ucred {
#define NOCRED ((struct ucred *)-1) /* no credential available */
#define FSCRED ((struct ucred *)-2) /* filesystem credential */
+/*
+ * Userspace version, for use in syscalls arguments
+ */
+struct xucred {
+ uid_t cr_uid; /* user id */
+ gid_t cr_gid; /* group id */
+ short cr_ngroups; /* number of groups */
+ gid_t cr_groups[NGROUPS]; /* groups */
+};
+
#ifdef _KERNEL
#define crhold(cr) (cr)->cr_ref++
#define SUSER_NOACCT 0x1 /* don't mark accounting flags */
+void crfromxucred(struct ucred *, const struct xucred *);
struct ucred *crcopy(struct ucred *cr);
struct ucred *crdup(struct ucred *cr);
void crfree(struct ucred *cr);