diff options
author | Philip Guenther <guenther@cvs.openbsd.org> | 2014-03-24 00:19:49 +0000 |
---|---|---|
committer | Philip Guenther <guenther@cvs.openbsd.org> | 2014-03-24 00:19:49 +0000 |
commit | d8290a491b942a98582508cc9b6718832261d4ad (patch) | |
tree | 71b9f523f4979b625ecfdd3fb49c43a38cef3053 | |
parent | f75538b630ba05fcf2635e8fe5e4f51c32f429ea (diff) |
Split the API: struct ucred remains the kernel internal structure while
struct xucred becomes the structure for syscalls (mount(2) and nfssvc(2)).
ok deraadt@ beck@
-rw-r--r-- | sbin/mountd/mountd.c | 34 | ||||
-rw-r--r-- | sys/kern/kern_prot.c | 16 | ||||
-rw-r--r-- | sys/kern/vfs_subr.c | 12 | ||||
-rw-r--r-- | sys/nfs/nfs.h | 4 | ||||
-rw-r--r-- | sys/sys/mount.h | 4 | ||||
-rw-r--r-- | sys/sys/ucred.h | 13 |
6 files changed, 51 insertions, 32 deletions
diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c index a0115c3d297..06470ebdcc5 100644 --- a/sbin/mountd/mountd.c +++ b/sbin/mountd/mountd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mountd.c,v 1.72 2013/11/22 04:12:48 deraadt Exp $ */ +/* $OpenBSD: mountd.c,v 1.73 2014/03/24 00:19:48 guenther Exp $ */ /* $NetBSD: mountd.c,v 1.31 1996/02/18 11:57:53 fvdl Exp $ */ /* @@ -40,7 +40,6 @@ #include <sys/socket.h> #include <sys/stat.h> #include <syslog.h> -#include <sys/ucred.h> #include <rpc/rpc.h> #include <rpc/pmap_clnt.h> @@ -139,10 +138,10 @@ int check_options(struct dirlist *); int chk_host(struct dirlist *, in_addr_t, int *, int *); void del_mlist(char *, char *); struct dirlist *dirp_search(struct dirlist *, char *); -int do_mount(struct exportlist *, struct grouplist *, int, struct ucred *, +int do_mount(struct exportlist *, struct grouplist *, int, struct xucred *, char *, int, struct statfs *); int do_opt(char **, char **, struct exportlist *, struct grouplist *, - int *, int *, struct ucred *); + int *, int *, struct xucred *); struct exportlist *ex_search(fsid_t *); struct exportlist *get_exp(void); void free_dir(struct dirlist *); @@ -164,7 +163,7 @@ void hang_dirp(struct dirlist *, struct grouplist *, struct exportlist *, void mntsrv(struct svc_req *, SVCXPRT *); void nextfield(char **, char **); void out_of_mem(void); -void parsecred(char *, struct ucred *); +void parsecred(char *, struct xucred *); int put_exlist(struct dirlist *, XDR *, struct dirlist *, int *); int scan_tree(struct dirlist *, in_addr_t); void send_umntall(int signo); @@ -179,12 +178,11 @@ struct exportlist *exphead; struct mountlist *mlhead; struct grouplist *grphead; char exname[MAXPATHLEN]; -struct ucred def_anon = { - 1, - (uid_t) -2, - (gid_t) -2, - 0, - { 0, } +struct xucred def_anon = { + .cr_uid = (uid_t) -2, + .cr_gid = (gid_t) -2, + .cr_ngroups = 0, + .cr_groups = { 0, } }; int resvport_only = 1; int opt_flags; @@ -690,7 +688,7 @@ get_exportlist(void) struct dirlist *dirhead; struct statfs fsb, *ofsp, *fsp; struct hostent *hpe; - struct ucred anon; + struct xucred anon; union { struct ufs_args ua; struct iso_args ia; @@ -1324,7 +1322,7 @@ free_dir(struct dirlist *dp) */ int do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp, - int *has_hostp, int *exflagsp, struct ucred *cr) + int *has_hostp, int *exflagsp, struct xucred *cr) { char *cp, *endcp, *cpopt, savedc, savedc2 = 0; char *cpoptarg, *cpoptend; @@ -1559,7 +1557,7 @@ out_of_mem(void) */ int do_mount(struct exportlist *ep, struct grouplist *grp, int exflags, - struct ucred *anoncrp, char *dirp, int dirplen, struct statfs *fsb) + struct xucred *anoncrp, char *dirp, int dirplen, struct statfs *fsb) { struct sockaddr_in sin, imask; union { @@ -1806,7 +1804,7 @@ get_line(void) * Parse a description of a credential. */ void -parsecred(char *namelist, struct ucred *cr) +parsecred(char *namelist, struct xucred *cr) { gid_t groups[NGROUPS + 1]; char *name, *names; @@ -1817,10 +1815,8 @@ parsecred(char *namelist, struct ucred *cr) /* * Set up the unprivileged user. */ - cr->cr_ref = 1; - cr->cr_uid = (uid_t)-2; - cr->cr_gid = (gid_t)-2; - cr->cr_ngroups = 0; + *cr = def_anon; + /* * Get the user's password table entry. */ diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 6a42a3a61b5..4e7c7171315 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_prot.c,v 1.56 2013/04/06 03:44:34 tedu Exp $ */ +/* $OpenBSD: kern_prot.c,v 1.57 2014/03/24 00:19:48 guenther Exp $ */ /* $NetBSD: kern_prot.c,v 1.33 1996/02/09 18:59:42 christos Exp $ */ /* @@ -837,6 +837,20 @@ crdup(struct ucred *cr) } /* + * Convert the userspace xucred to a kernel ucred + */ +void +crfromxucred(struct ucred *cr, const struct xucred *xcr) +{ + cr->cr_ref = 1; + cr->cr_uid = xcr->cr_uid; + cr->cr_gid = xcr->cr_gid; + cr->cr_ngroups = xcr->cr_ngroups; + memcpy(cr->cr_groups, xcr->cr_groups, + sizeof(cr->cr_groups[0]) * xcr->cr_ngroups); +} + +/* * Get login name, if available. */ /* ARGSUSED */ diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index ca729adaae6..51f2c51d366 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_subr.c,v 1.211 2014/01/21 01:48:45 tedu Exp $ */ +/* $OpenBSD: vfs_subr.c,v 1.212 2014/03/24 00:19:48 guenther Exp $ */ /* $NetBSD: vfs_subr.c,v 1.53 1996/04/22 01:39:13 christos Exp $ */ /* @@ -1397,11 +1397,8 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep, if (mp->mnt_flag & MNT_DEFEXPORTED) return (EPERM); np = &nep->ne_defexported; - np->netc_exflags = argp->ex_flags; - np->netc_anon = argp->ex_anon; - np->netc_anon.cr_ref = 1; mp->mnt_flag |= MNT_DEFEXPORTED; - return (0); + goto finish; } if (argp->ex_addrlen > MLEN || argp->ex_masklen > MLEN || argp->ex_addrlen < 0 || argp->ex_masklen < 0) @@ -1449,9 +1446,10 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep, error = EPERM; goto out; } +finish: np->netc_exflags = argp->ex_flags; - np->netc_anon = argp->ex_anon; - np->netc_anon.cr_ref = 1; + /* fill in the kernel's ucred from userspace's xucred */ + crfromxucred(&np->netc_anon, &argp->ex_anon); return (0); out: free(np, M_NETADDR); diff --git a/sys/nfs/nfs.h b/sys/nfs/nfs.h index 1dcaa29cbcf..3326af33122 100644 --- a/sys/nfs/nfs.h +++ b/sys/nfs/nfs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs.h,v 1.51 2009/09/02 18:20:54 thib Exp $ */ +/* $OpenBSD: nfs.h,v 1.52 2014/03/24 00:19:48 guenther Exp $ */ /* $NetBSD: nfs.h,v 1.10.4.1 1996/05/27 11:23:56 fvdl Exp $ */ /* @@ -107,7 +107,7 @@ struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_int32_t nsd_haddr; /* IP address of client */ - struct ucred nsd_cr; /* Cred. uid maps to */ + struct xucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verifier */ diff --git a/sys/sys/mount.h b/sys/sys/mount.h index 724a5e684d2..4cd3ecb308b 100644 --- a/sys/sys/mount.h +++ b/sys/sys/mount.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mount.h,v 1.117 2013/12/01 16:40:56 krw Exp $ */ +/* $OpenBSD: mount.h,v 1.118 2014/03/24 00:19:48 guenther Exp $ */ /* $NetBSD: mount.h,v 1.48 1996/02/18 11:55:47 fvdl Exp $ */ /* @@ -62,7 +62,7 @@ struct fid { struct export_args { int ex_flags; /* export related flags */ uid_t ex_root; /* mapping for root uid */ - struct ucred ex_anon; /* mapping for anonymous user */ + struct xucred ex_anon; /* mapping for anonymous user */ struct sockaddr *ex_addr; /* net address to which exported */ int ex_addrlen; /* and the net address length */ struct sockaddr *ex_mask; /* mask of valid bits in saddr */ diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index a75c073d200..bf8c34a4669 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ucred.h,v 1.6 2003/08/15 20:32:20 tedu Exp $ */ +/* $OpenBSD: ucred.h,v 1.7 2014/03/24 00:19:48 guenther Exp $ */ /* $NetBSD: ucred.h,v 1.12 1995/06/01 22:44:50 jtc Exp $ */ /* @@ -48,11 +48,22 @@ struct ucred { #define NOCRED ((struct ucred *)-1) /* no credential available */ #define FSCRED ((struct ucred *)-2) /* filesystem credential */ +/* + * Userspace version, for use in syscalls arguments + */ +struct xucred { + uid_t cr_uid; /* user id */ + gid_t cr_gid; /* group id */ + short cr_ngroups; /* number of groups */ + gid_t cr_groups[NGROUPS]; /* groups */ +}; + #ifdef _KERNEL #define crhold(cr) (cr)->cr_ref++ #define SUSER_NOACCT 0x1 /* don't mark accounting flags */ +void crfromxucred(struct ucred *, const struct xucred *); struct ucred *crcopy(struct ucred *cr); struct ucred *crdup(struct ucred *cr); void crfree(struct ucred *cr); |