diff options
39 files changed, 331 insertions, 362 deletions
diff --git a/lib/libkvm/kvm_file2.c b/lib/libkvm/kvm_file2.c index e0538f559c7..d1e5f72d328 100644 --- a/lib/libkvm/kvm_file2.c +++ b/lib/libkvm/kvm_file2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_file2.c,v 1.34 2014/02/05 03:49:00 guenther Exp $ */ +/* $OpenBSD: kvm_file2.c,v 1.35 2014/03/30 21:54:49 guenther Exp $ */ /* * Copyright (c) 2009 Todd C. Miller <Todd.Miller@courtesan.com> @@ -271,7 +271,6 @@ kvm_deadfile_byid(kvm_t *kd, int op, int arg, size_t esize, int *cnt) struct processlist allprocess; struct proc proc; struct process *pr, process; - struct pcred pcred; struct ucred ucred; char *filebuf = NULL; int i, nfiles; @@ -335,20 +334,14 @@ kvm_deadfile_byid(kvm_t *kd, int op, int arg, size_t esize, int *cnt) continue; } - if (KREAD(kd, (u_long)process.ps_cred, &pcred)) { - _kvm_err(kd, kd->program, "can't read pcred at %lx", - (u_long)process.ps_cred); - goto cleanup; - } - if (KREAD(kd, (u_long)pcred.pc_ucred, &ucred)) { + if (KREAD(kd, (u_long)process.ps_ucred, &ucred)) { _kvm_err(kd, kd->program, "can't read ucred at %lx", - (u_long)pcred.pc_ucred); + (u_long)process.ps_ucred); goto cleanup; } process.ps_mainproc = &proc; proc.p_p = &process; - process.ps_cred = &pcred; - pcred.pc_ucred = &ucred; + process.ps_ucred = &ucred; if (op == KERN_FILE_BYUID && arg >= 0 && proc.p_ucred->cr_uid != (uid_t)arg) { diff --git a/lib/libkvm/kvm_proc2.c b/lib/libkvm/kvm_proc2.c index 64fdaff900f..88449be2a5d 100644 --- a/lib/libkvm/kvm_proc2.c +++ b/lib/libkvm/kvm_proc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_proc2.c,v 1.20 2014/03/22 11:18:05 florian Exp $ */ +/* $OpenBSD: kvm_proc2.c,v 1.21 2014/03/30 21:54:49 guenther Exp $ */ /* $NetBSD: kvm_proc.c,v 1.30 1999/03/24 05:50:50 mrg Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -108,7 +108,6 @@ kvm_proclist(kvm_t *kd, int op, int arg, struct process *pr, { struct kinfo_proc kp; struct session sess; - struct pcred pcred; struct ucred ucred; struct proc proc, proc2, *p; struct process process, process2; @@ -142,15 +141,10 @@ kvm_proclist(kvm_t *kd, int op, int arg, struct process *pr, } if (proc.p_stat == SIDL) continue; - if (KREAD(kd, (u_long)process.ps_cred, &pcred)) { - _kvm_err(kd, kd->program, "can't read pcred at %lx", - (u_long)process.ps_cred); - return (-1); - } process_pid = proc.p_pid; - if (KREAD(kd, (u_long)pcred.pc_ucred, &ucred)) { + if (KREAD(kd, (u_long)process.ps_ucred, &ucred)) { _kvm_err(kd, kd->program, "can't read ucred at %lx", - (u_long)pcred.pc_ucred); + (u_long)process.ps_ucred); return (-1); } if (KREAD(kd, (u_long)process.ps_pgrp, &pgrp)) { @@ -245,7 +239,7 @@ kvm_proclist(kvm_t *kd, int op, int arg, struct process *pr, break; case KERN_PROC_RUID: - if (pcred.p_ruid != (uid_t)arg) + if (ucred.cr_ruid != (uid_t)arg) continue; break; @@ -286,7 +280,7 @@ kvm_proclist(kvm_t *kd, int op, int arg, struct process *pr, vmp = &vm; #define do_copy_str(_d, _s, _l) kvm_read(kd, (u_long)(_s), (_d), (_l)-1) - FILL_KPROC(&kp, do_copy_str, &proc, &process, &pcred, + FILL_KPROC(&kp, do_copy_str, &proc, &process, &ucred, &pgrp, process.ps_mainproc, proc.p_p, &sess, vmp, limp, sap, 0, 1); @@ -343,7 +337,7 @@ kvm_proclist(kvm_t *kd, int op, int arg, struct process *pr, (u_long)p); return (-1); } - FILL_KPROC(&kp, do_copy_str, &proc, &process, &pcred, + FILL_KPROC(&kp, do_copy_str, &proc, &process, &ucred, &pgrp, p, proc.p_p, &sess, vmp, limp, sap, 1, 1); diff --git a/sys/arch/alpha/alpha/trap.c b/sys/arch/alpha/alpha/trap.c index 4187e09b57b..e4003e60079 100644 --- a/sys/arch/alpha/alpha/trap.c +++ b/sys/arch/alpha/alpha/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.70 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: trap.c,v 1.71 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: trap.c,v 1.52 2000/05/24 16:48:33 thorpej Exp $ */ /*- @@ -463,10 +463,9 @@ do_fault: v = (caddr_t)a0; typ = SEGV_MAPERR; if (rv == ENOMEM) { - printf("UVM: pid %u (%s), uid %u killed: " - "out of swap\n", p->p_pid, p->p_comm, - p->p_cred && p->p_ucred ? - p->p_ucred->cr_uid : -1); + printf("UVM: pid %u (%s), uid %d killed: " + "out of swap\n", p->p_pid, p->p_comm, + p->p_ucred ? (int)p->p_ucred->cr_uid : -1); i = SIGKILL; } else { i = SIGSEGV; diff --git a/sys/arch/amd64/amd64/trap.c b/sys/arch/amd64/amd64/trap.c index 0478cd12e99..84985e5a4c2 100644 --- a/sys/arch/amd64/amd64/trap.c +++ b/sys/arch/amd64/amd64/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.34 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: trap.c,v 1.35 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: trap.c,v 1.2 2003/05/04 23:51:56 fvdl Exp $ */ /*- @@ -409,8 +409,7 @@ faultcommon: if (error == ENOMEM) { printf("UVM: pid %d (%s), uid %d killed: out of swap\n", p->p_pid, p->p_comm, - p->p_cred && p->p_ucred ? - (int)p->p_ucred->cr_uid : -1); + p->p_ucred ? (int)p->p_ucred->cr_uid : -1); sv.sival_ptr = (void *)fa; trapsignal(p, SIGKILL, T_PAGEFLT, SEGV_MAPERR, sv); } else { diff --git a/sys/arch/arm/arm/fault.c b/sys/arch/arm/arm/fault.c index c88500b5629..8143bdb0c5b 100644 --- a/sys/arch/arm/arm/fault.c +++ b/sys/arch/arm/arm/fault.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fault.c,v 1.14 2013/09/10 12:35:25 patrick Exp $ */ +/* $OpenBSD: fault.c,v 1.15 2014/03/30 21:54:49 guenther Exp $ */ /* $NetBSD: fault.c,v 1.46 2004/01/21 15:39:21 skrll Exp $ */ /* @@ -417,8 +417,7 @@ data_abort_handler(trapframe_t *tf) if (error == ENOMEM) { printf("UVM: pid %d (%s), uid %d killed: " "out of swap\n", p->p_pid, p->p_comm, - (p->p_cred && p->p_ucred) ? - p->p_ucred->cr_uid : -1); + p->p_ucred ? (int)p->p_ucred->cr_uid : -1); sd.signo = SIGKILL; } else sd.signo = SIGSEGV; @@ -706,8 +705,7 @@ prefetch_abort_handler(trapframe_t *tf) if (error == ENOMEM) { printf("UVM: pid %d (%s), uid %d killed: " "out of swap\n", p->p_pid, p->p_comm, - (p->p_cred && p->p_ucred) ? - p->p_ucred->cr_uid : -1); + p->p_ucred ? (int)p->p_ucred->cr_uid : -1); trapsignal(p, SIGKILL, 0, SEGV_MAPERR, sv); } else trapsignal(p, SIGSEGV, 0, SEGV_MAPERR, sv); diff --git a/sys/arch/sh/sh/trap.c b/sys/arch/sh/sh/trap.c index eeb4f4bea8e..4c1b9c1812b 100644 --- a/sys/arch/sh/sh/trap.c +++ b/sys/arch/sh/sh/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.23 2014/03/29 18:09:30 guenther Exp $ */ +/* $OpenBSD: trap.c,v 1.24 2014/03/30 21:54:49 guenther Exp $ */ /* $NetBSD: exception.c,v 1.32 2006/09/04 23:57:52 uwe Exp $ */ /* $NetBSD: syscall.c,v 1.6 2006/03/07 07:21:50 thorpej Exp $ */ @@ -434,8 +434,7 @@ tlb_exception(struct proc *p, struct trapframe *tf, uint32_t va) if (err == ENOMEM) { printf("UVM: pid %d (%s), uid %d killed: out of swap\n", p->p_pid, p->p_comm, - p->p_cred && p->p_ucred ? - (int)p->p_ucred->cr_uid : -1); + p->p_ucred ? (int)p->p_ucred->cr_uid : -1); trapsignal(p, SIGKILL, tf->tf_expevt, SEGV_MAPERR, sv); } else trapsignal(p, SIGSEGV, tf->tf_expevt, SEGV_MAPERR, sv); diff --git a/sys/arch/sparc64/sparc64/trap.c b/sys/arch/sparc64/sparc64/trap.c index 51eab3abc0d..42734cf7f43 100644 --- a/sys/arch/sparc64/sparc64/trap.c +++ b/sys/arch/sparc64/sparc64/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.79 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: trap.c,v 1.80 2014/03/30 21:54:49 guenther Exp $ */ /* $NetBSD: trap.c,v 1.73 2001/08/09 01:03:01 eeh Exp $ */ /* @@ -886,10 +886,9 @@ kfault: sv.sival_ptr = (void *)sfva; if (rv == ENOMEM) { - printf("UVM: pid %d (%s), uid %u killed: out of swap\n", + printf("UVM: pid %d (%s), uid %d killed: out of swap\n", p->p_pid, p->p_comm, - p->p_cred && p->p_ucred ? - p->p_ucred->cr_uid : -1); + p->p_ucred ? (int)p->p_ucred->cr_uid : -1); trapsignal(p, SIGKILL, access_type, SEGV_MAPERR, sv); } else { trapsignal(p, SIGSEGV, access_type, SEGV_MAPERR, sv); diff --git a/sys/arch/vax/vax/trap.c b/sys/arch/vax/vax/trap.c index c20b397b083..d7e06b1d49d 100644 --- a/sys/arch/vax/vax/trap.c +++ b/sys/arch/vax/vax/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.49 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: trap.c,v 1.50 2014/03/30 21:54:49 guenther Exp $ */ /* $NetBSD: trap.c,v 1.47 1999/08/21 19:26:20 matt Exp $ */ /* * Copyright (c) 1994 Ludd, University of Lule}, Sweden. @@ -199,11 +199,9 @@ if(faultdebug)printf("trap accflt type %lx, code %lx, pc %lx, psl %lx\n", (u_int)frame->pc, (u_int)frame->code); } if (rv == ENOMEM) { - printf("UVM: pid %d (%s), uid %u killed: " - "out of swap\n", - p->p_pid, p->p_comm, - p->p_cred && p->p_ucred ? - p->p_ucred->cr_uid : -1); + printf("UVM: pid %d (%s), uid %d killed: " + "out of swap\n", p->p_pid, p->p_comm, + p->p_ucred ? (int)p->p_ucred->cr_uid : -1); sig = SIGKILL; typ = 0; } else { diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index f372f573ffc..1792b23782f 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: linux_misc.c,v 1.88 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: linux_misc.c,v 1.89 2014/03/30 21:54:49 guenther Exp $ */ /* $NetBSD: linux_misc.c,v 1.27 1996/05/20 01:59:21 fvdl Exp $ */ /*- @@ -1484,7 +1484,7 @@ linux_sys_setfsuid(p, v, retval) uid_t uid; uid = SCARG(uap, uid); - if (p->p_cred->p_ruid != uid) + if (p->p_ucred->cr_ruid != uid) return sys_nosys(p, v, retval); else return (0); @@ -1542,7 +1542,7 @@ linux_sys_getuid(p, v, retval) register_t *retval; { - *retval = p->p_cred->p_ruid; + *retval = p->p_ucred->cr_ruid; return (0); } @@ -1553,7 +1553,7 @@ linux_sys_getgid(p, v, retval) register_t *retval; { - *retval = p->p_cred->p_rgid; + *retval = p->p_ucred->cr_rgid; return (0); } diff --git a/sys/compat/linux/linux_sched.c b/sys/compat/linux/linux_sched.c index fa071ca93c9..02c15c20f90 100644 --- a/sys/compat/linux/linux_sched.c +++ b/sys/compat/linux/linux_sched.c @@ -1,4 +1,4 @@ -/* $OpenBSD: linux_sched.c,v 1.16 2014/02/12 05:47:36 guenther Exp $ */ +/* $OpenBSD: linux_sched.c,v 1.17 2014/03/30 21:54:49 guenther Exp $ */ /* $NetBSD: linux_sched.c,v 1.6 2000/05/28 05:49:05 thorpej Exp $ */ /*- @@ -211,16 +211,16 @@ linux_sys_sched_setparam(struct proc *cp, void *v, register_t *retval) return (error); if (SCARG(uap, pid) != 0) { - struct pcred *pc = cp->p_cred; + struct ucred *uc = cp->p_ucred; if ((p = pfind(SCARG(uap, pid))) == NULL) return (ESRCH); if (!(cp == p || - pc->pc_ucred->cr_uid == 0 || - pc->p_ruid == p->p_cred->p_ruid || - pc->pc_ucred->cr_uid == p->p_cred->p_ruid || - pc->p_ruid == p->p_ucred->cr_uid || - pc->pc_ucred->cr_uid == p->p_ucred->cr_uid)) + uc->cr_uid == 0 || + uc->cr_ruid == p->p_ucred->cr_ruid || + uc->cr_uid == p->p_ucred->cr_ruid || + uc->cr_ruid == p->p_ucred->cr_uid || + uc->cr_uid == p->p_ucred->cr_uid)) return (EPERM); } @@ -245,16 +245,16 @@ linux_sys_sched_getparam(struct proc *cp, void *v, register_t *retval) return (EINVAL); if (SCARG(uap, pid) != 0) { - struct pcred *pc = cp->p_cred; + struct ucred *uc = cp->p_ucred; if ((p = pfind(SCARG(uap, pid))) == NULL) return (ESRCH); if (!(cp == p || - pc->pc_ucred->cr_uid == 0 || - pc->p_ruid == p->p_cred->p_ruid || - pc->pc_ucred->cr_uid == p->p_cred->p_ruid || - pc->p_ruid == p->p_ucred->cr_uid || - pc->pc_ucred->cr_uid == p->p_ucred->cr_uid)) + uc->cr_uid == 0 || + uc->cr_ruid == p->p_ucred->cr_ruid || + uc->cr_uid == p->p_ucred->cr_ruid || + uc->cr_ruid == p->p_ucred->cr_uid || + uc->cr_uid == p->p_ucred->cr_uid)) return (EPERM); } @@ -286,16 +286,16 @@ linux_sys_sched_setscheduler(struct proc *cp, void *v, register_t *retval) return (error); if (SCARG(uap, pid) != 0) { - struct pcred *pc = cp->p_cred; + struct ucred *uc = cp->p_ucred; if ((p = pfind(SCARG(uap, pid))) == NULL) return (ESRCH); if (!(cp == p || - pc->pc_ucred->cr_uid == 0 || - pc->p_ruid == p->p_cred->p_ruid || - pc->pc_ucred->cr_uid == p->p_cred->p_ruid || - pc->p_ruid == p->p_ucred->cr_uid || - pc->pc_ucred->cr_uid == p->p_ucred->cr_uid)) + uc->cr_uid == 0 || + uc->cr_ruid == p->p_ucred->cr_ruid || + uc->cr_uid == p->p_ucred->cr_ruid || + uc->cr_ruid == p->p_ucred->cr_uid || + uc->cr_uid == p->p_ucred->cr_uid)) return (EPERM); } @@ -323,16 +323,16 @@ linux_sys_sched_getscheduler(struct proc *cp, void *v, register_t *retval) */ if (SCARG(uap, pid) != 0) { - struct pcred *pc = cp->p_cred; + struct ucred *uc = cp->p_ucred; if ((p = pfind(SCARG(uap, pid))) == NULL) return (ESRCH); if (!(cp == p || - pc->pc_ucred->cr_uid == 0 || - pc->p_ruid == p->p_cred->p_ruid || - pc->pc_ucred->cr_uid == p->p_cred->p_ruid || - pc->p_ruid == p->p_ucred->cr_uid || - pc->pc_ucred->cr_uid == p->p_ucred->cr_uid)) + uc->cr_uid == 0 || + uc->cr_ruid == p->p_ucred->cr_ruid || + uc->cr_uid == p->p_ucred->cr_ruid || + uc->cr_ruid == p->p_ucred->cr_uid || + uc->cr_uid == p->p_ucred->cr_uid)) return (EPERM); } diff --git a/sys/dev/systrace.c b/sys/dev/systrace.c index 981883ce190..a9c66b455eb 100644 --- a/sys/dev/systrace.c +++ b/sys/dev/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.65 2014/03/27 04:38:40 guenther Exp $ */ +/* $OpenBSD: systrace.c,v 1.66 2014/03/30 21:54:48 guenther Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -524,8 +524,8 @@ systraceioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p) if (suser(p, 0) == 0) fst->issuser = 1; - fst->p_ruid = p->p_cred->p_ruid; - fst->p_rgid = p->p_cred->p_rgid; + fst->p_ruid = p->p_ucred->cr_ruid; + fst->p_rgid = p->p_ucred->cr_rgid; fdplock(p->p_fd); error = falloc(p, &f, &fd); @@ -666,7 +666,7 @@ systrace_redirect(int code, struct proc *p, void *v, register_t *retval) struct str_policy *strpolicy; struct fsystrace *fst = NULL; struct emul *oldemul; - struct pcred *pc; + struct ucred *uc; uid_t olduid; gid_t oldgid; int policy, error = 0, report = 0, maycontrol = 0, issuser = 0; @@ -701,8 +701,8 @@ systrace_redirect(int code, struct proc *p, void *v, register_t *retval) maycontrol = 1; issuser = 1; } else if (!ISSET(pr->ps_flags, PS_SUGID | PS_SUGIDEXEC)) { - maycontrol = fst->p_ruid == p->p_cred->p_ruid && - fst->p_rgid == p->p_cred->p_rgid; + maycontrol = fst->p_ruid == p->p_ucred->cr_ruid && + fst->p_rgid == p->p_ucred->cr_rgid; } if (!maycontrol) { @@ -787,9 +787,9 @@ systrace_redirect(int code, struct proc *p, void *v, register_t *retval) goto out_unlock; oldemul = pr->ps_emul; - pc = p->p_cred; - olduid = pc->p_ruid; - oldgid = pc->p_rgid; + uc = p->p_ucred; + olduid = uc->cr_ruid; + oldgid = uc->cr_rgid; /* Elevate privileges as desired */ if (issuser) { @@ -813,12 +813,12 @@ systrace_redirect(int code, struct proc *p, void *v, register_t *retval) if (issuser) { if (ISSET(strp->flags, STR_PROC_SETEUID)) { - if (pc->pc_ucred->cr_uid == strp->seteuid) + if (uc->cr_uid == strp->seteuid) systrace_seteuid(p, strp->saveuid); CLR(strp->flags, STR_PROC_SETEUID); } if (ISSET(strp->flags, STR_PROC_SETEGID)) { - if (pc->pc_ucred->cr_gid == strp->setegid) + if (uc->cr_gid == strp->setegid) systrace_setegid(p, strp->savegid); CLR(strp->flags, STR_PROC_SETEGID); } @@ -858,8 +858,8 @@ systrace_redirect(int code, struct proc *p, void *v, register_t *retval) } /* Report if effective uid or gid changed */ - if (olduid != p->p_cred->p_ruid || - oldgid != p->p_cred->p_rgid) { + if (olduid != p->p_ucred->cr_ruid || + oldgid != p->p_ucred->cr_rgid) { systrace_msg_ugid(fst, strp); REACQUIRE_LOCK; @@ -883,17 +883,17 @@ out: uid_t systrace_seteuid(struct proc *p, uid_t euid) { - struct pcred *pc = p->p_cred; - uid_t oeuid = pc->pc_ucred->cr_uid; + struct ucred *uc = p->p_ucred; + uid_t oeuid = uc->cr_uid; - if (pc->pc_ucred->cr_uid == euid) + if (oeuid == euid) return (oeuid); /* * Copy credentials so other references do not see our changes. */ - pc->pc_ucred = crcopy(pc->pc_ucred); - pc->pc_ucred->cr_uid = euid; + p->p_ucred = uc = crcopy(uc); + uc->cr_uid = euid; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (oeuid); @@ -902,17 +902,17 @@ systrace_seteuid(struct proc *p, uid_t euid) gid_t systrace_setegid(struct proc *p, gid_t egid) { - struct pcred *pc = p->p_cred; - gid_t oegid = pc->pc_ucred->cr_gid; + struct ucred *uc = p->p_ucred; + gid_t oegid = uc->cr_gid; - if (pc->pc_ucred->cr_gid == egid) + if (oegid == egid) return (oegid); /* * Copy credentials so other references do not see our changes. */ - pc->pc_ucred = crcopy(pc->pc_ucred); - pc->pc_ucred->cr_gid = egid; + p->p_ucred = uc = crcopy(uc); + uc->cr_gid = egid; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (oegid); @@ -1250,7 +1250,7 @@ systrace_attach(struct fsystrace *fst, pid_t pid) * special privileges using setuid() from being * traced. This is good security.] */ - if ((proc->p_cred->p_ruid != p->p_cred->p_ruid || + if ((proc->p_ucred->cr_ruid != p->p_ucred->cr_ruid || ISSET(proc->p_p->ps_flags, PS_SUGID | PS_SUGIDEXEC)) && (error = suser(p, 0)) != 0) goto out; @@ -1261,7 +1261,7 @@ systrace_attach(struct fsystrace *fst, pid_t pid) * compiled with permanently insecure mode turned * on. */ - if ((proc->p_pid == 1) && (securelevel > -1)) { + if ((proc->p_p->ps_pid == 1) && (securelevel > -1)) { error = EPERM; goto out; } @@ -1310,8 +1310,8 @@ systrace_execve1(char *path, struct proc *p) */ if (fst->issuser || - fst->p_ruid != p->p_cred->p_ruid || - fst->p_rgid != p->p_cred->p_rgid) { + fst->p_ruid != p->p_ucred->cr_ruid || + fst->p_rgid != p->p_ucred->cr_rgid) { rw_exit_write(&fst->lock); return; } @@ -1471,8 +1471,8 @@ systrace_scriptname(struct proc *p, char *dst) if (!fst->issuser && (ISSET(p->p_p->ps_flags, PS_SUGID | PS_SUGIDEXEC) || - fst->p_ruid != p->p_cred->p_ruid || - fst->p_rgid != p->p_cred->p_rgid)) { + fst->p_ruid != p->p_ucred->cr_ruid || + fst->p_rgid != p->p_ucred->cr_rgid)) { error = EPERM; goto out; } @@ -1715,8 +1715,8 @@ systrace_msg_ugid(struct fsystrace *fst, struct str_process *strp) struct str_msg_ugid *msg_ugid = &strp->msg.msg_data.msg_ugid; struct proc *p = strp->proc; - msg_ugid->uid = p->p_cred->p_ruid; - msg_ugid->gid = p->p_cred->p_rgid; + msg_ugid->uid = p->p_ucred->cr_ruid; + msg_ugid->gid = p->p_ucred->cr_rgid; return (systrace_make_msg(strp, SYSTR_MSG_UGID)); } diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c index 8d521876505..83090e72a92 100644 --- a/sys/kern/exec_elf.c +++ b/sys/kern/exec_elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec_elf.c,v 1.96 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: exec_elf.c,v 1.97 2014/03/30 21:54:48 guenther Exp $ */ /* * Copyright (c) 1996 Per Fogelstrom @@ -1169,13 +1169,13 @@ ELFNAMEEND(coredump_notes)(struct proc *p, void *iocookie, size_t *sizep) else cpi.cpi_sid = 0; - cpi.cpi_ruid = p->p_cred->p_ruid; + cpi.cpi_ruid = p->p_ucred->cr_ruid; cpi.cpi_euid = p->p_ucred->cr_uid; - cpi.cpi_svuid = p->p_cred->p_svuid; + cpi.cpi_svuid = p->p_ucred->cr_svuid; - cpi.cpi_rgid = p->p_cred->p_rgid; + cpi.cpi_rgid = p->p_ucred->cr_rgid; cpi.cpi_egid = p->p_ucred->cr_gid; - cpi.cpi_svgid = p->p_cred->p_svgid; + cpi.cpi_svgid = p->p_ucred->cr_svgid; (void)strlcpy(cpi.cpi_name, p->p_comm, sizeof(cpi.cpi_name)); diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index a80576c7459..aef28cb4634 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init_main.c,v 1.208 2014/03/29 18:09:31 guenther Exp $ */ +/* $OpenBSD: init_main.c,v 1.209 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: init_main.c,v 1.84.4.1 1996/06/02 09:08:06 mrg Exp $ */ /* @@ -114,7 +114,6 @@ struct session session0; struct pgrp pgrp0; struct proc proc0; struct process process0; -struct pcred cred0; struct plimit limit0; struct vmspace vmspace0; struct sigacts sigacts0; @@ -293,9 +292,8 @@ main(void *framep) timeout_set(&pr->ps_realit_to, realitexpire, pr); /* Create credentials. */ - p->p_cred = &cred0; - p->p_ucred = crget(); - p->p_ucred->cr_ngroups = 1; /* group 0 */ + pr->ps_ucred = crget(); + pr->ps_ucred->cr_ngroups = 1; /* group 0 */ /* Initialize signal state for process 0. */ signal_init(); diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c index 4edf52736ca..7f1bcc3ea65 100644 --- a/sys/kern/kern_acct.c +++ b/sys/kern/kern_acct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_acct.c,v 1.27 2013/06/03 16:55:22 guenther Exp $ */ +/* $OpenBSD: kern_acct.c,v 1.28 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_acct.c,v 1.42 1996/02/04 02:15:12 christos Exp $ */ /*- @@ -202,8 +202,8 @@ acct_process(struct proc *p) acct.ac_io = encode_comp_t(r->ru_inblock + r->ru_oublock, 0); /* (6) The UID and GID of the process */ - acct.ac_uid = p->p_cred->p_ruid; - acct.ac_gid = p->p_cred->p_rgid; + acct.ac_uid = pr->ps_ucred->cr_ruid; + acct.ac_gid = pr->ps_ucred->cr_rgid; /* (7) The terminal from which the process was started */ if ((pr->ps_flags & PS_CONTROLT) && diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 12473a37993..c1b5ee0f28b 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_descrip.c,v 1.105 2014/03/08 22:54:29 tedu Exp $ */ +/* $OpenBSD: kern_descrip.c,v 1.106 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_descrip.c,v 1.42 1996/03/30 22:24:38 christos Exp $ */ /* @@ -390,7 +390,7 @@ restart: struct socket *so = (struct socket *)fp->f_data; so->so_pgid = (long)SCARG(uap, arg); - so->so_siguid = p->p_cred->p_ruid; + so->so_siguid = p->p_ucred->cr_ruid; so->so_sigeuid = p->p_ucred->cr_uid; break; } diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index a4a0fef0048..5b1122ddf56 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_event.c,v 1.55 2014/01/22 02:31:30 guenther Exp $ */ +/* $OpenBSD: kern_event.c,v 1.56 2014/03/30 21:54:48 guenther Exp $ */ /*- * Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org> @@ -225,7 +225,7 @@ filt_procattach(struct knote *kn) * setuid/setgid privs (unless you're root). */ if (pr != curproc->p_p && - (pr->ps_cred->p_ruid != curproc->p_cred->p_ruid || + (pr->ps_ucred->cr_ruid != curproc->p_ucred->cr_ruid || (pr->ps_flags & PS_SUGID)) && suser(curproc, 0) != 0) return (EACCES); diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index b0118c6f481..2790e48f98f 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exec.c,v 1.139 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: kern_exec.c,v 1.140 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_exec.c,v 1.75 1996/02/09 18:59:28 christos Exp $ */ /*- @@ -494,10 +494,10 @@ sys_execve(struct proc *p, void *v, register_t *retval) * If process does execve() while it has a mismatched real, * effective, or saved uid/gid, we set PS_SUGIDEXEC. */ - if (p->p_ucred->cr_uid != p->p_cred->p_ruid || - p->p_ucred->cr_uid != p->p_cred->p_svuid || - p->p_ucred->cr_gid != p->p_cred->p_rgid || - p->p_ucred->cr_gid != p->p_cred->p_svgid) + if (cred->cr_uid != cred->cr_ruid || + cred->cr_uid != cred->cr_svuid || + cred->cr_gid != cred->cr_rgid || + cred->cr_gid != cred->cr_svgid) atomic_setbits_int(&pr->ps_flags, PS_SUGIDEXEC); else atomic_clearbits_int(&pr->ps_flags, PS_SUGIDEXEC); @@ -519,11 +519,11 @@ sys_execve(struct proc *p, void *v, register_t *retval) if (pr->ps_tracevp && !(pr->ps_traceflag & KTRFAC_ROOT)) ktrcleartrace(pr); #endif - p->p_ucred = crcopy(cred); + p->p_ucred = cred = crcopy(cred); if (attr.va_mode & VSUID) - p->p_ucred->cr_uid = attr.va_uid; + cred->cr_uid = attr.va_uid; if (attr.va_mode & VSGID) - p->p_ucred->cr_gid = attr.va_gid; + cred->cr_gid = attr.va_gid; /* * For set[ug]id processes, a few caveats apply to @@ -574,7 +574,7 @@ sys_execve(struct proc *p, void *v, register_t *retval) closef(fp, p); break; } - if ((error = VOP_OPEN(vp, flags, p->p_ucred, p)) != 0) { + if ((error = VOP_OPEN(vp, flags, cred, p)) != 0) { fdremove(p->p_fd, indx); closef(fp, p); vrele(vp); @@ -594,8 +594,15 @@ sys_execve(struct proc *p, void *v, register_t *retval) goto exec_abort; } else atomic_clearbits_int(&pr->ps_flags, PS_SUGID); - p->p_cred->p_svuid = p->p_ucred->cr_uid; - p->p_cred->p_svgid = p->p_ucred->cr_gid; + + /* reset the saved ugids */ + if (cred->cr_uid != cred->cr_svuid || + cred->cr_gid != cred->cr_svgid) { + /* make sure we have unshared ucreds */ + p->p_ucred = cred = crcopy(cred); + cred->cr_svuid = cred->cr_uid; + cred->cr_svgid = cred->cr_gid; + } if (pr->ps_flags & PS_SUGIDEXEC) { int i, s = splclock(); diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index 1dbac28a8b5..d559c72fae0 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exit.c,v 1.137 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: kern_exit.c,v 1.138 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_exit.c,v 1.39 1996/04/22 01:38:25 christos Exp $ */ /* @@ -638,7 +638,7 @@ process_zap(struct process *pr) /* * Decrement the count of procs running with this uid. */ - (void)chgproccnt(pr->ps_cred->p_ruid, -1); + (void)chgproccnt(pr->ps_ucred->cr_ruid, -1); /* * Release reference to text vnode @@ -654,8 +654,7 @@ process_zap(struct process *pr) pool_put(&rusage_pool, pr->ps_ru); KASSERT(TAILQ_EMPTY(&pr->ps_threads)); limfree(pr->ps_limit); - crfree(pr->ps_cred->pc_ucred); - pool_put(&pcred_pool, pr->ps_cred); + crfree(pr->ps_ucred); pool_put(&process_pool, pr); nprocesses--; diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c index bea11e5f45b..3cec607e7bb 100644 --- a/sys/kern/kern_fork.c +++ b/sys/kern/kern_fork.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_fork.c,v 1.161 2014/03/28 17:57:11 mpi Exp $ */ +/* $OpenBSD: kern_fork.c,v 1.162 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_fork.c,v 1.29 1996/02/09 18:59:34 christos Exp $ */ /* @@ -175,9 +175,8 @@ process_new(struct proc *p, struct process *parent, int flags) (caddr_t)&pr->ps_endcopy - (caddr_t)&pr->ps_startcopy); /* post-copy fixups */ - pr->ps_cred = pool_get(&pcred_pool, PR_WAITOK); - memcpy(pr->ps_cred, parent->ps_cred, sizeof(*pr->ps_cred)); - crhold(parent->ps_cred->pc_ucred); + pr->ps_ucred = parent->ps_ucred; + crhold(pr->ps_ucred); pr->ps_limit->p_refcnt++; /* bump references to the text vnode (for procfs) */ @@ -251,7 +250,7 @@ fork1(struct proc *curp, int flags, void *stack, pid_t *tidptr, * the variable nthreads is the current number of procs, maxthread is * the limit. */ - uid = curp->p_cred->p_ruid; + uid = curp->p_ucred->cr_ruid; if ((nthreads >= maxthread - 5 && uid != 0) || nthreads >= maxthread) { static struct timeval lasttfm; diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index de0c2d55861..d2f81f9e9a1 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_ktrace.c,v 1.64 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: kern_ktrace.c,v 1.65 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_ktrace.c,v 1.23 1996/02/09 18:59:36 christos Exp $ */ /* @@ -635,16 +635,16 @@ ktrwriteraw(struct proc *curp, struct vnode *vp, struct ucred *cred, int ktrcanset(struct proc *callp, struct process *targetpr) { - struct pcred *caller = callp->p_cred; - struct pcred *target = targetpr->ps_cred; + struct ucred *caller = callp->p_ucred; + struct ucred *target = targetpr->ps_ucred; - if ((caller->pc_ucred->cr_uid == target->p_ruid && - target->p_ruid == target->p_svuid && - caller->p_rgid == target->p_rgid && /* XXX */ - target->p_rgid == target->p_svgid && + if ((caller->cr_uid == target->cr_ruid && + target->cr_ruid == target->cr_svuid && + caller->cr_rgid == target->cr_rgid && /* XXX */ + target->cr_rgid == target->cr_svgid && (targetpr->ps_traceflag & KTRFAC_ROOT) == 0 && !ISSET(targetpr->ps_flags, PS_SUGID)) || - caller->pc_ucred->cr_uid == 0) + caller->cr_uid == 0) return (1); return (0); diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index 9512e05f925..c749d5352ae 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_proc.c,v 1.56 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: kern_proc.c,v 1.57 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_proc.c,v 1.14 1996/02/09 18:59:41 christos Exp $ */ /* @@ -70,7 +70,6 @@ struct pool rusage_pool; struct pool ucred_pool; struct pool pgrp_pool; struct pool session_pool; -struct pool pcred_pool; static void orphanpg(struct pgrp *); #ifdef DEBUG @@ -106,8 +105,6 @@ procinit(void) &pool_allocator_nointr); pool_init(&session_pool, sizeof(struct session), 0, 0, 0, "sessionpl", &pool_allocator_nointr); - pool_init(&pcred_pool, sizeof(struct pcred), 0, 0, 0, "pcredpl", - &pool_allocator_nointr); } struct uidinfo * @@ -477,7 +474,7 @@ db_show_all_procs(db_expr_t addr, int haddr, db_expr_t count, char *modif) "%-12.12s %-16s\n", ppr ? ppr->ps_pid : -1, pr->ps_pgrp ? pr->ps_pgrp->pg_id : -1, - pr->ps_cred->p_ruid, p->p_stat, + pr->ps_ucred->cr_ruid, p->p_stat, p->p_flag | pr->ps_flags, (p->p_wchan && p->p_wmesg) ? p->p_wmesg : "", p->p_comm); diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 0d10d52a389..71e527ffc78 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_prot.c,v 1.58 2014/03/24 03:48:00 guenther Exp $ */ +/* $OpenBSD: kern_prot.c,v 1.59 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_prot.c,v 1.33 1996/02/09 18:59:42 christos Exp $ */ /* @@ -46,7 +46,6 @@ #include <sys/systm.h> #include <sys/ucred.h> #include <sys/proc.h> -#include <sys/malloc.h> #include <sys/filedesc.h> #include <sys/pool.h> @@ -142,7 +141,7 @@ int sys_getuid(struct proc *p, void *v, register_t *retval) { - *retval = p->p_cred->p_ruid; + *retval = p->p_ucred->cr_ruid; return (0); } @@ -171,7 +170,7 @@ int sys_getgid(struct proc *p, void *v, register_t *retval) { - *retval = p->p_cred->p_rgid; + *retval = p->p_ucred->cr_rgid; return (0); } @@ -196,19 +195,19 @@ sys_getgroups(struct proc *p, void *v, register_t *retval) syscallarg(int) gidsetsize; syscallarg(gid_t *) gidset; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; u_int ngrp; int error; if ((ngrp = SCARG(uap, gidsetsize)) == 0) { - *retval = pc->pc_ucred->cr_ngroups; + *retval = uc->cr_ngroups; return (0); } - if (ngrp < pc->pc_ucred->cr_ngroups) + if (ngrp < uc->cr_ngroups) return (EINVAL); - ngrp = pc->pc_ucred->cr_ngroups; - error = copyout((caddr_t)pc->pc_ucred->cr_groups, - (caddr_t)SCARG(uap, gidset), ngrp * sizeof(gid_t)); + ngrp = uc->cr_ngroups; + error = copyout(uc->cr_groups, SCARG(uap, gidset), + ngrp * sizeof(gid_t)); if (error) return (error); *retval = ngrp; @@ -315,7 +314,7 @@ sys_getresuid(struct proc *p, void *v, register_t *retval) syscallarg(uid_t *) euid; syscallarg(uid_t *) suid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; uid_t *ruid, *euid, *suid; int error1 = 0, error2 = 0, error3 = 0; @@ -324,11 +323,11 @@ sys_getresuid(struct proc *p, void *v, register_t *retval) suid = SCARG(uap, suid); if (ruid != NULL) - error1 = copyout(&pc->p_ruid, ruid, sizeof(*ruid)); + error1 = copyout(&uc->cr_ruid, ruid, sizeof(*ruid)); if (euid != NULL) - error2 = copyout(&pc->pc_ucred->cr_uid, euid, sizeof(*euid)); + error2 = copyout(&uc->cr_uid, euid, sizeof(*euid)); if (suid != NULL) - error3 = copyout(&pc->p_svuid, suid, sizeof(*suid)); + error3 = copyout(&uc->cr_svuid, suid, sizeof(*suid)); return (error1 ? error1 : error2 ? error2 : error3); } @@ -342,7 +341,7 @@ sys_setresuid(struct proc *p, void *v, register_t *retval) syscallarg(uid_t) euid; syscallarg(uid_t) suid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; uid_t ruid, euid, suid; int error; @@ -350,9 +349,9 @@ sys_setresuid(struct proc *p, void *v, register_t *retval) euid = SCARG(uap, euid); suid = SCARG(uap, suid); - if ((ruid == -1 || ruid == pc->p_ruid) && - (euid == -1 || euid == pc->pc_ucred->cr_uid) && - (suid == -1 || suid == pc->p_svuid)) + if ((ruid == -1 || ruid == uc->cr_ruid) && + (euid == -1 || euid == uc->cr_uid) && + (suid == -1 || suid == uc->cr_svuid)) return (0); /* no change */ /* @@ -360,47 +359,47 @@ sys_setresuid(struct proc *p, void *v, register_t *retval) * to the current value of one of the three (root is not limited). */ if (ruid != (uid_t)-1 && - ruid != pc->p_ruid && - ruid != pc->pc_ucred->cr_uid && - ruid != pc->p_svuid && + ruid != uc->cr_ruid && + ruid != uc->cr_uid && + ruid != uc->cr_svuid && (error = suser(p, 0))) return (error); if (euid != (uid_t)-1 && - euid != pc->p_ruid && - euid != pc->pc_ucred->cr_uid && - euid != pc->p_svuid && + euid != uc->cr_ruid && + euid != uc->cr_uid && + euid != uc->cr_svuid && (error = suser(p, 0))) return (error); if (suid != (uid_t)-1 && - suid != pc->p_ruid && - suid != pc->pc_ucred->cr_uid && - suid != pc->p_svuid && + suid != uc->cr_ruid && + suid != uc->cr_uid && + suid != uc->cr_svuid && (error = suser(p, 0))) return (error); /* + * Copy credentials so other references do not see our changes. + */ + p->p_ucred = uc = crcopy(uc); + + /* * Note that unlike the other set*uid() calls, each * uid type is set independently of the others. */ - if (ruid != (uid_t)-1 && ruid != pc->p_ruid) { + if (ruid != (uid_t)-1 && ruid != uc->cr_ruid) { /* * Transfer proc count to new user. */ - (void)chgproccnt(pc->p_ruid, -1); + (void)chgproccnt(uc->cr_ruid, -1); (void)chgproccnt(ruid, 1); - pc->p_ruid = ruid; - } - if (euid != (uid_t)-1 && euid != pc->pc_ucred->cr_uid) { - /* - * Copy credentials so other references do not see our changes. - */ - pc->pc_ucred = crcopy(pc->pc_ucred); - pc->pc_ucred->cr_uid = euid; + uc->cr_ruid = ruid; } - if (suid != (uid_t)-1 && suid != pc->p_svuid) - pc->p_svuid = suid; + if (euid != (uid_t)-1) + uc->cr_uid = euid; + if (suid != (uid_t)-1) + uc->cr_svuid = suid; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (0); @@ -415,7 +414,7 @@ sys_getresgid(struct proc *p, void *v, register_t *retval) syscallarg(gid_t *) egid; syscallarg(gid_t *) sgid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; gid_t *rgid, *egid, *sgid; int error1 = 0, error2 = 0, error3 = 0; @@ -424,11 +423,11 @@ sys_getresgid(struct proc *p, void *v, register_t *retval) sgid = SCARG(uap, sgid); if (rgid != NULL) - error1 = copyout(&pc->p_rgid, rgid, sizeof(*rgid)); + error1 = copyout(&uc->cr_rgid, rgid, sizeof(*rgid)); if (egid != NULL) - error2 = copyout(&pc->pc_ucred->cr_gid, egid, sizeof(*egid)); + error2 = copyout(&uc->cr_gid, egid, sizeof(*egid)); if (sgid != NULL) - error3 = copyout(&pc->p_svgid, sgid, sizeof(*sgid)); + error3 = copyout(&uc->cr_svgid, sgid, sizeof(*sgid)); return (error1 ? error1 : error2 ? error2 : error3); } @@ -442,7 +441,7 @@ sys_setresgid(struct proc *p, void *v, register_t *retval) syscallarg(gid_t) egid; syscallarg(gid_t) sgid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; gid_t rgid, egid, sgid; int error; @@ -450,9 +449,9 @@ sys_setresgid(struct proc *p, void *v, register_t *retval) egid = SCARG(uap, egid); sgid = SCARG(uap, sgid); - if ((rgid == -1 || rgid == pc->p_rgid) && - (egid == -1 || egid == pc->pc_ucred->cr_gid) && - (sgid == -1 || sgid == pc->p_svgid)) + if ((rgid == -1 || rgid == uc->cr_rgid) && + (egid == -1 || egid == uc->cr_gid) && + (sgid == -1 || sgid == uc->cr_svgid)) return (0); /* no change */ /* @@ -460,41 +459,41 @@ sys_setresgid(struct proc *p, void *v, register_t *retval) * to the current value of one of the three (root is not limited). */ if (rgid != (gid_t)-1 && - rgid != pc->p_rgid && - rgid != pc->pc_ucred->cr_gid && - rgid != pc->p_svgid && + rgid != uc->cr_rgid && + rgid != uc->cr_gid && + rgid != uc->cr_svgid && (error = suser(p, 0))) return (error); if (egid != (gid_t)-1 && - egid != pc->p_rgid && - egid != pc->pc_ucred->cr_gid && - egid != pc->p_svgid && + egid != uc->cr_rgid && + egid != uc->cr_gid && + egid != uc->cr_svgid && (error = suser(p, 0))) return (error); if (sgid != (gid_t)-1 && - sgid != pc->p_rgid && - sgid != pc->pc_ucred->cr_gid && - sgid != pc->p_svgid && + sgid != uc->cr_rgid && + sgid != uc->cr_gid && + sgid != uc->cr_svgid && (error = suser(p, 0))) return (error); /* + * Copy credentials so other references do not see our changes. + */ + p->p_ucred = uc = crcopy(uc); + + /* * Note that unlike the other set*gid() calls, each * gid type is set independently of the others. */ if (rgid != (gid_t)-1) - pc->p_rgid = rgid; - if (egid != (gid_t)-1) { - /* - * Copy credentials so other references do not see our changes. - */ - pc->pc_ucred = crcopy(pc->pc_ucred); - pc->pc_ucred->cr_gid = egid; - } + uc->cr_rgid = rgid; + if (egid != (gid_t)-1) + uc->cr_gid = egid; if (sgid != (gid_t)-1) - pc->p_svgid = sgid; + uc->cr_svgid = sgid; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (0); @@ -508,7 +507,7 @@ sys_setregid(struct proc *p, void *v, register_t *retval) syscallarg(gid_t) rgid; syscallarg(gid_t) egid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; struct sys_setresgid_args sresgidargs; gid_t rgid, egid; @@ -521,8 +520,8 @@ sys_setregid(struct proc *p, void *v, register_t *retval) * gid when the real gid is specified and either its value would * change, or where the saved and effective gids are different. */ - if (rgid != (gid_t)-1 && (rgid != pc->p_rgid || - pc->p_svgid != (egid != (gid_t)-1 ? egid : pc->pc_ucred->cr_gid))) + if (rgid != (gid_t)-1 && (rgid != uc->cr_rgid || + uc->cr_svgid != (egid != (gid_t)-1 ? egid : uc->cr_gid))) SCARG(&sresgidargs, sgid) = rgid; else SCARG(&sresgidargs, sgid) = (gid_t)-1; @@ -538,7 +537,7 @@ sys_setreuid(struct proc *p, void *v, register_t *retval) syscallarg(uid_t) ruid; syscallarg(uid_t) euid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; struct sys_setresuid_args sresuidargs; uid_t ruid, euid; @@ -551,8 +550,8 @@ sys_setreuid(struct proc *p, void *v, register_t *retval) * uid when the real uid is specified and either its value would * change, or where the saved and effective uids are different. */ - if (ruid != (uid_t)-1 && (ruid != pc->p_ruid || - pc->p_svuid != (euid != (uid_t)-1 ? euid : pc->pc_ucred->cr_uid))) + if (ruid != (uid_t)-1 && (ruid != uc->cr_ruid || + uc->cr_svuid != (euid != (uid_t)-1 ? euid : uc->cr_uid))) SCARG(&sresuidargs, suid) = ruid; else SCARG(&sresuidargs, suid) = (uid_t)-1; @@ -567,44 +566,44 @@ sys_setuid(struct proc *p, void *v, register_t *retval) struct sys_setuid_args /* { syscallarg(uid_t) uid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; uid_t uid; int error; uid = SCARG(uap, uid); - if (pc->pc_ucred->cr_uid == uid && - pc->p_ruid == uid && - pc->p_svuid == uid) + if (uc->cr_uid == uid && + uc->cr_ruid == uid && + uc->cr_svuid == uid) return (0); - if (uid != pc->p_ruid && - uid != pc->p_svuid && - uid != pc->pc_ucred->cr_uid && + if (uid != uc->cr_ruid && + uid != uc->cr_svuid && + uid != uc->cr_uid && (error = suser(p, 0))) return (error); /* + * Copy credentials so other references do not see our changes. + */ + p->p_ucred = uc = crcopy(uc); + + /* * Everything's okay, do it. */ - if (uid == pc->pc_ucred->cr_uid || - suser(p, 0) == 0) { + if (uid == uc->cr_uid || suser(p, 0) == 0) { /* * Transfer proc count to new user. */ - if (uid != pc->p_ruid) { - (void)chgproccnt(pc->p_ruid, -1); + if (uid != uc->cr_ruid) { + (void)chgproccnt(uc->cr_ruid, -1); (void)chgproccnt(uid, 1); } - pc->p_ruid = uid; - pc->p_svuid = uid; + uc->cr_ruid = uid; + uc->cr_svuid = uid; } - /* - * Copy credentials so other references do not see our changes. - */ - pc->pc_ucred = crcopy(pc->pc_ucred); - pc->pc_ucred->cr_uid = uid; + uc->cr_uid = uid; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (0); } @@ -616,24 +615,24 @@ sys_seteuid(struct proc *p, void *v, register_t *retval) struct sys_seteuid_args /* { syscallarg(uid_t) euid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; uid_t euid; int error; euid = SCARG(uap, euid); - if (pc->pc_ucred->cr_uid == euid) + if (uc->cr_uid == euid) return (0); - if (euid != pc->p_ruid && euid != pc->p_svuid && + if (euid != uc->cr_ruid && euid != uc->cr_svuid && (error = suser(p, 0))) return (error); /* * Copy credentials so other references do not see our changes. */ - pc->pc_ucred = crcopy(pc->pc_ucred); - pc->pc_ucred->cr_uid = euid; + p->p_ucred = uc = crcopy(uc); + uc->cr_uid = euid; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (0); } @@ -645,34 +644,34 @@ sys_setgid(struct proc *p, void *v, register_t *retval) struct sys_setgid_args /* { syscallarg(gid_t) gid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; gid_t gid; int error; gid = SCARG(uap, gid); - if (pc->pc_ucred->cr_gid == gid && - pc->p_rgid == gid && - pc->p_svgid == gid) + if (uc->cr_gid == gid && + uc->cr_rgid == gid && + uc->cr_svgid == gid) return (0); - if (gid != pc->p_rgid && - gid != pc->p_svgid && - gid != pc->pc_ucred->cr_gid && + if (gid != uc->cr_rgid && + gid != uc->cr_svgid && + gid != uc->cr_gid && (error = suser(p, 0))) return (error); - if (gid == pc->pc_ucred->cr_gid || - suser(p, 0) == 0) { - pc->p_rgid = gid; - pc->p_svgid = gid; - } - /* * Copy credentials so other references do not see our changes. */ - pc->pc_ucred = crcopy(pc->pc_ucred); - pc->pc_ucred->cr_gid = gid; + p->p_ucred = uc = crcopy(uc); + + if (gid == uc->cr_gid || suser(p, 0) == 0) { + uc->cr_rgid = gid; + uc->cr_svgid = gid; + } + + uc->cr_gid = gid; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (0); } @@ -684,24 +683,24 @@ sys_setegid(struct proc *p, void *v, register_t *retval) struct sys_setegid_args /* { syscallarg(gid_t) egid; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; gid_t egid; int error; egid = SCARG(uap, egid); - if (pc->pc_ucred->cr_gid == egid) + if (uc->cr_gid == egid) return (0); - if (egid != pc->p_rgid && egid != pc->p_svgid && + if (egid != uc->cr_rgid && egid != uc->cr_svgid && (error = suser(p, 0))) return (error); /* * Copy credentials so other references do not see our changes. */ - pc->pc_ucred = crcopy(pc->pc_ucred); - pc->pc_ucred->cr_gid = egid; + p->p_ucred = uc = crcopy(uc); + uc->cr_gid = egid; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (0); } @@ -714,7 +713,7 @@ sys_setgroups(struct proc *p, void *v, register_t *retval) syscallarg(int) gidsetsize; syscallarg(const gid_t *) gidset; } */ *uap = v; - struct pcred *pc = p->p_cred; + struct ucred *uc = p->p_ucred; u_int ngrp; int error; @@ -723,12 +722,11 @@ sys_setgroups(struct proc *p, void *v, register_t *retval) ngrp = SCARG(uap, gidsetsize); if (ngrp > NGROUPS) return (EINVAL); - pc->pc_ucred = crcopy(pc->pc_ucred); - error = copyin((caddr_t)SCARG(uap, gidset), - (caddr_t)pc->pc_ucred->cr_groups, ngrp * sizeof(gid_t)); + p->p_ucred = uc = crcopy(uc); + error = copyin(SCARG(uap, gidset), uc->cr_groups, ngrp * sizeof(gid_t)); if (error) return (error); - pc->pc_ucred->cr_ngroups = ngrp; + uc->cr_ngroups = ngrp; atomic_setbits_int(&p->p_p->ps_flags, PS_SUGID); return (0); } diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index bec11baaf07..133029ac393 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_resource.c,v 1.49 2014/01/24 04:26:51 guenther Exp $ */ +/* $OpenBSD: kern_resource.c,v 1.50 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_resource.c,v 1.38 1996/10/23 07:19:38 matthias Exp $ */ /*- @@ -104,7 +104,7 @@ sys_getpriority(struct proc *curp, void *v, register_t *retval) if (SCARG(uap, who) == 0) SCARG(uap, who) = curp->p_ucred->cr_uid; LIST_FOREACH(pr, &allprocess, ps_list) - if (pr->ps_cred->pc_ucred->cr_uid == SCARG(uap, who) && + if (pr->ps_ucred->cr_uid == SCARG(uap, who) && pr->ps_nice < low) low = pr->ps_nice; break; @@ -161,7 +161,7 @@ sys_setpriority(struct proc *curp, void *v, register_t *retval) if (SCARG(uap, who) == 0) SCARG(uap, who) = curp->p_ucred->cr_uid; LIST_FOREACH(pr, &allprocess, ps_list) - if (pr->ps_cred->pc_ucred->cr_uid == SCARG(uap, who)) { + if (pr->ps_ucred->cr_uid == SCARG(uap, who)) { error = donice(curp, pr, SCARG(uap, prio)); found++; } @@ -178,13 +178,13 @@ sys_setpriority(struct proc *curp, void *v, register_t *retval) int donice(struct proc *curp, struct process *chgpr, int n) { - struct pcred *pcred = curp->p_cred; + struct ucred *ucred = curp->p_ucred; struct proc *p; int s; - if (pcred->pc_ucred->cr_uid && pcred->p_ruid && - pcred->pc_ucred->cr_uid != chgpr->ps_cred->pc_ucred->cr_uid && - pcred->p_ruid != chgpr->ps_cred->pc_ucred->cr_uid) + if (ucred->cr_uid != 0 && ucred->cr_ruid != 0 && + ucred->cr_uid != chgpr->ps_ucred->cr_uid && + ucred->cr_ruid != chgpr->ps_ucred->cr_uid) return (EPERM); if (n > PRIO_MAX) n = PRIO_MAX; diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 2d9d0b39710..0b39125ce26 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.162 2014/03/26 05:27:18 guenther Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.163 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -84,19 +84,24 @@ int cansignal(struct process *, struct process *, int); struct pool sigacts_pool; /* memory pool for sigacts structures */ /* - * Can process pr, send the signal signum to process qr? + * Can thread p, send the signal signum to process qr? */ int cansignal(struct process *pr, struct process *qr, int signum) { - struct pcred *pc = pr->ps_cred; + struct ucred *uc = pr->ps_ucred; + struct ucred *quc = qr->ps_ucred; - if (pc->pc_ucred->cr_uid == 0) + if (uc->cr_uid == 0) return (1); /* root can always signal */ if (pr == qr) return (1); /* process can always signal itself */ + /* optimization: if the same creds then the tests below will pass */ + if (uc == quc) + return (1); + if (signum == SIGCONT && qr->ps_session == pr->ps_session) return (1); /* SIGCONT in session */ @@ -118,17 +123,17 @@ cansignal(struct process *pr, struct process *qr, int signum) case SIGHUP: case SIGUSR1: case SIGUSR2: - if (pc->p_ruid == qr->ps_cred->p_ruid || - pc->pc_ucred->cr_uid == qr->ps_cred->p_ruid) + if (uc->cr_ruid == quc->cr_ruid || + uc->cr_uid == quc->cr_ruid) return (1); } return (0); } - if (pc->p_ruid == qr->ps_cred->p_ruid || - pc->p_ruid == qr->ps_cred->p_svuid || - pc->pc_ucred->cr_uid == qr->ps_cred->p_ruid || - pc->pc_ucred->cr_uid == qr->ps_cred->p_svuid) + if (uc->cr_ruid == quc->cr_ruid || + uc->cr_ruid == quc->cr_svuid || + uc->cr_uid == quc->cr_ruid || + uc->cr_uid == quc->cr_svuid) return (1); return (0); } @@ -579,6 +584,7 @@ sys_kill(struct proc *cp, void *v, register_t *retval) return (ESRCH); type = STHREAD; } else { + /* XXX use prfind() */ if ((p = pfind(pid)) == NULL) return (ESRCH); if (p->p_flag & P_THREAD) @@ -654,12 +660,12 @@ killpg1(struct proc *cp, int signum, int pgid, int all) #define CANDELIVER(uid, euid, pr) \ (euid == 0 || \ - (uid) == (pr)->ps_cred->p_ruid || \ - (uid) == (pr)->ps_cred->p_svuid || \ - (uid) == (pr)->ps_cred->pc_ucred->cr_uid || \ - (euid) == (pr)->ps_cred->p_ruid || \ - (euid) == (pr)->ps_cred->p_svuid || \ - (euid) == (pr)->ps_cred->pc_ucred->cr_uid) + (uid) == (pr)->ps_ucred->cr_ruid || \ + (uid) == (pr)->ps_ucred->cr_svuid || \ + (uid) == (pr)->ps_ucred->cr_uid || \ + (euid) == (pr)->ps_ucred->cr_ruid || \ + (euid) == (pr)->ps_ucred->cr_svuid || \ + (euid) == (pr)->ps_ucred->cr_uid) /* * Deliver signum to pgid, but first check uid/euid against each @@ -1471,8 +1477,8 @@ coredump(struct proc *p) * ... but actually write it as UID */ cred = crdup(cred); - cred->cr_uid = p->p_cred->p_ruid; - cred->cr_gid = p->p_cred->p_rgid; + cred->cr_uid = cred->cr_ruid; + cred->cr_gid = cred->cr_rgid; NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index ae39c479078..67647f82c47 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.245 2014/03/22 06:05:45 guenther Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.246 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -1408,12 +1408,12 @@ again: break; case KERN_PROC_UID: - if (p->p_ucred->cr_uid != (uid_t)arg) + if (pr->ps_ucred->cr_uid != (uid_t)arg) continue; break; case KERN_PROC_RUID: - if (p->p_cred->p_ruid != (uid_t)arg) + if (pr->ps_ucred->cr_ruid != (uid_t)arg) continue; break; @@ -1501,7 +1501,7 @@ fill_kproc(struct proc *p, struct kinfo_proc *ki, int isthread, struct tty *tp; struct timespec ut, st; - FILL_KPROC(ki, strlcpy, p, pr, p->p_cred, p->p_ucred, pr->ps_pgrp, + FILL_KPROC(ki, strlcpy, p, pr, pr->ps_ucred, pr->ps_pgrp, p, pr, s, p->p_vmspace, pr->ps_limit, pr->ps_sigacts, isthread, show_pointers); diff --git a/sys/kern/subr_log.c b/sys/kern/subr_log.c index ae0a2a8eaf9..da8704c042e 100644 --- a/sys/kern/subr_log.c +++ b/sys/kern/subr_log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_log.c,v 1.18 2014/01/21 01:48:44 tedu Exp $ */ +/* $OpenBSD: subr_log.c,v 1.19 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: subr_log.c,v 1.11 1996/03/30 22:24:44 christos Exp $ */ /* @@ -296,7 +296,7 @@ logioctl(dev_t dev, u_long com, caddr_t data, int flag, struct proc *p) case TIOCSPGRP: logsoftc.sc_pgid = *(int *)data; - logsoftc.sc_siguid = p->p_cred->p_ruid; + logsoftc.sc_siguid = p->p_ucred->cr_ruid; logsoftc.sc_sigeuid = p->p_ucred->cr_uid; break; diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c index 09fac32bd96..621b923b516 100644 --- a/sys/kern/sys_generic.c +++ b/sys/kern/sys_generic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_generic.c,v 1.85 2014/01/21 01:48:45 tedu Exp $ */ +/* $OpenBSD: sys_generic.c,v 1.86 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: sys_generic.c,v 1.24 1996/03/29 00:25:32 cgd Exp $ */ /* @@ -476,7 +476,7 @@ sys_ioctl(struct proc *p, void *v, register_t *retval) struct socket *so = (struct socket *)fp->f_data; so->so_pgid = tmp; - so->so_siguid = p->p_cred->p_ruid; + so->so_siguid = p->p_ucred->cr_ruid; so->so_sigeuid = p->p_ucred->cr_uid; error = 0; break; diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 499210728a6..2500fef5ae7 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_process.c,v 1.59 2014/03/26 05:23:42 guenther Exp $ */ +/* $OpenBSD: sys_process.c,v 1.60 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: sys_process.c,v 1.55 1996/05/15 06:17:47 tls Exp $ */ /*- @@ -205,7 +205,7 @@ sys_ptrace(struct proc *p, void *v, register_t *retval) * process which revokes its special privileges using * setuid() from being traced. This is good security.] */ - if ((tr->ps_cred->p_ruid != p->p_cred->p_ruid || + if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && (error = suser(p, 0)) != 0) return (error); @@ -688,7 +688,7 @@ process_checkioperm(struct proc *p, struct process *tr) { int error; - if ((tr->ps_cred->p_ruid != p->p_cred->p_ruid || + if ((tr->ps_ucred->cr_ruid != p->p_ucred->cr_ruid || ISSET(tr->ps_flags, PS_SUGIDEXEC | PS_SUGID)) && (error = suser(p, 0)) != 0) return (error); diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c index 67fb49c4ea4..0e2f78af63c 100644 --- a/sys/kern/sys_socket.c +++ b/sys/kern/sys_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_socket.c,v 1.17 2013/09/28 15:21:55 millert Exp $ */ +/* $OpenBSD: sys_socket.c,v 1.18 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: sys_socket.c,v 1.13 1995/08/12 23:59:09 mycroft Exp $ */ /* @@ -103,7 +103,7 @@ soo_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p) case SIOCSPGRP: so->so_pgid = *(int *)data; - so->so_siguid = p->p_cred->p_ruid; + so->so_siguid = p->p_ucred->cr_ruid; so->so_sigeuid = p->p_ucred->cr_uid; return (0); diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c index e1379d4c9e7..40528697c33 100644 --- a/sys/kern/tty_pty.c +++ b/sys/kern/tty_pty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty_pty.c,v 1.64 2014/03/22 06:05:45 guenther Exp $ */ +/* $OpenBSD: tty_pty.c,v 1.65 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: tty_pty.c,v 1.33.4.1 1996/06/02 09:08:11 mrg Exp $ */ /* @@ -1133,7 +1133,7 @@ retry: if ((snd.ni_vp->v_mount->mnt_flag & MNT_RDONLY) == 0) { gid = tty_gid; /* get real uid */ - uid = p->p_cred->p_ruid; + uid = p->p_ucred->cr_ruid; VATTR_NULL(&vattr); vattr.va_uid = uid; diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 583c6514ed1..64239b2d8a7 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket.c,v 1.125 2014/03/28 08:33:51 sthen Exp $ */ +/* $OpenBSD: uipc_socket.c,v 1.126 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */ /* @@ -120,9 +120,9 @@ socreate(int dom, struct socket **aso, int type, int proto) so->so_type = type; if (suser(p, 0) == 0) so->so_state = SS_PRIV; - so->so_ruid = p->p_cred->p_ruid; + so->so_ruid = p->p_ucred->cr_ruid; so->so_euid = p->p_ucred->cr_uid; - so->so_rgid = p->p_cred->p_rgid; + so->so_rgid = p->p_ucred->cr_rgid; so->so_egid = p->p_ucred->cr_gid; so->so_cpid = p->p_p->ps_pid; so->so_proto = prp; diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 88928920569..527251ed44d 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.203 2014/03/08 22:54:30 tedu Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.204 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -1662,8 +1662,8 @@ dofaccessat(struct proc *p, int fd, const char *path, int amode, int flag) if (!(flag & AT_EACCESS)) { cred = crcopy(cred); - cred->cr_uid = p->p_cred->p_ruid; - cred->cr_gid = p->p_cred->p_rgid; + cred->cr_uid = cred->cr_ruid; + cred->cr_gid = cred->cr_rgid; } if (amode & R_OK) diff --git a/sys/net/bpf.c b/sys/net/bpf.c index e150a2e795d..d917d3d9db0 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.90 2013/12/24 23:29:38 tedu Exp $ */ +/* $OpenBSD: bpf.c,v 1.91 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -869,7 +869,7 @@ bpfioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct proc *p) */ case TIOCSPGRP: /* Process or group to send signals to */ d->bd_pgid = *(int *)addr; - d->bd_siguid = p->p_cred->p_ruid; + d->bd_siguid = p->p_ucred->cr_ruid; d->bd_sigeuid = p->p_ucred->cr_uid; break; diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c index d36479b438e..2f46811cd5e 100644 --- a/sys/net/if_tun.c +++ b/sys/net/if_tun.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_tun.c,v 1.120 2013/10/24 11:31:43 mpi Exp $ */ +/* $OpenBSD: if_tun.c,v 1.121 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: if_tun.c,v 1.24 1996/05/07 02:40:48 thorpej Exp $ */ /* @@ -671,7 +671,7 @@ tunioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p) break; case TIOCSPGRP: tp->tun_pgid = *(int *)data; - tp->tun_siguid = p->p_cred->p_ruid; + tp->tun_siguid = p->p_ucred->cr_ruid; tp->tun_sigeuid = p->p_ucred->cr_uid; break; case TIOCGPGRP: diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index f87ea5ced82..7435817edbf 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.269 2014/02/04 01:04:03 tedu Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.270 2014/03/30 21:54:48 guenther Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1279,7 +1279,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) pool_put(&pf_rule_pl, rule); break; } - rule->cuid = p->p_cred->p_ruid; + rule->cuid = p->p_ucred->cr_ruid; rule->cpid = p->p_p->ps_pid; switch (rule->af) { @@ -1455,7 +1455,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) break; } pf_rule_copyin(&pcr->rule, newrule, ruleset); - newrule->cuid = p->p_cred->p_ruid; + newrule->cuid = p->p_ucred->cr_ruid; newrule->cpid = p->p_p->ps_pid; switch (newrule->af) { diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 3f7afbf84db..7a461e616f6 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.181 2014/03/29 18:09:31 guenther Exp $ */ +/* $OpenBSD: proc.h,v 1.182 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */ /*- @@ -154,7 +154,7 @@ struct process { * pid semantics we have right now, it's unavoidable. */ struct proc *ps_mainproc; - struct pcred *ps_cred; /* Process owner's identity. */ + struct ucred *ps_ucred; /* Process owner's identity. */ LIST_ENTRY(process) ps_list; /* List of all processes. */ TAILQ_HEAD(,proc) ps_threads; /* Threads in this process. */ @@ -260,8 +260,7 @@ struct proc { /* substructures: */ struct filedesc *p_fd; /* Ptr to open files structure. */ struct vmspace *p_vmspace; /* Address space. */ -#define p_cred p_p->ps_cred -#define p_ucred p_cred->pc_ucred +#define p_ucred p_p->ps_ucred #define p_rlimit p_p->ps_limit->pl_rlimit int p_flag; /* P_* flags. */ @@ -382,21 +381,6 @@ struct proc { #define THREAD_PID_OFFSET 1000000 -/* - * MOVE TO ucred.h? - * - * Shareable process credentials (always resident). This includes a reference - * to the current user credentials as well as real and saved ids that may be - * used to change ids. - */ -struct pcred { - struct ucred *pc_ucred; /* Current credentials. */ - uid_t p_ruid; /* Real user id. */ - uid_t p_svuid; /* Saved effective user id. */ - gid_t p_rgid; /* Real group id. */ - gid_t p_svgid; /* Saved effective group id. */ -}; - #ifdef _KERNEL struct uidinfo { @@ -472,7 +456,6 @@ extern struct pool rusage_pool; /* memory pool for zombies */ extern struct pool ucred_pool; /* memory pool for ucreds */ extern struct pool session_pool; /* memory pool for sessions */ extern struct pool pgrp_pool; /* memory pool for pgrps */ -extern struct pool pcred_pool; /* memory pool for pcreds */ int ispidtaken(pid_t); pid_t allocpid(void); diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index d7c695b52a9..2e43d2e10be 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.h,v 1.143 2014/03/26 05:23:41 guenther Exp $ */ +/* $OpenBSD: sysctl.h,v 1.144 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: sysctl.h,v 1.16 1996/04/09 20:55:36 cgd Exp $ */ /* @@ -448,7 +448,6 @@ struct kinfo_proc { * pre-filled with zeros; for libkvm, src is a kvm address * p - source struct proc * pr - source struct process - * pc - source struct pcreds * uc - source struct ucreds * pg - source struct pgrp * paddr - kernel address of the source struct proc @@ -463,7 +462,7 @@ struct kinfo_proc { #define PTRTOINT64(_x) ((u_int64_t)(u_long)(_x)) -#define FILL_KPROC(kp, copy_str, p, pr, pc, uc, pg, paddr, \ +#define FILL_KPROC(kp, copy_str, p, pr, uc, pg, paddr, \ praddr, sess, vm, lim, sa, isthread, show_addresses) \ do { \ memset((kp), 0, sizeof(*(kp))); \ @@ -485,11 +484,11 @@ do { \ (kp)->p__pgid = (pg)->pg_id; \ \ (kp)->p_uid = (uc)->cr_uid; \ - (kp)->p_ruid = (pc)->p_ruid; \ + (kp)->p_ruid = (uc)->cr_ruid; \ (kp)->p_gid = (uc)->cr_gid; \ - (kp)->p_rgid = (pc)->p_rgid; \ - (kp)->p_svuid = (pc)->p_svuid; \ - (kp)->p_svgid = (pc)->p_svgid; \ + (kp)->p_rgid = (uc)->cr_rgid; \ + (kp)->p_svuid = (uc)->cr_svuid; \ + (kp)->p_svgid = (uc)->cr_svgid; \ \ memcpy((kp)->p_groups, (uc)->cr_groups, \ MIN(sizeof((kp)->p_groups), sizeof((uc)->cr_groups))); \ diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index bf8c34a4669..5bb37e5b1db 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ucred.h,v 1.7 2014/03/24 00:19:48 guenther Exp $ */ +/* $OpenBSD: ucred.h,v 1.8 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: ucred.h,v 1.12 1995/06/01 22:44:50 jtc Exp $ */ /* @@ -41,7 +41,11 @@ struct ucred { u_int cr_ref; /* reference count */ uid_t cr_uid; /* effective user id */ + uid_t cr_ruid; /* Real user id. */ + uid_t cr_svuid; /* Saved effective user id. */ gid_t cr_gid; /* effective group id */ + gid_t cr_rgid; /* Real group id. */ + gid_t cr_svgid; /* Saved effective group id. */ short cr_ngroups; /* number of groups */ gid_t cr_groups[NGROUPS]; /* groups */ }; diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c index 6f9816803a4..dc3da547776 100644 --- a/sys/ufs/ufs/ufs_quota.c +++ b/sys/ufs/ufs/ufs_quota.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ufs_quota.c,v 1.32 2013/12/12 19:00:10 tedu Exp $ */ +/* $OpenBSD: ufs_quota.c,v 1.33 2014/03/30 21:54:48 guenther Exp $ */ /* $NetBSD: ufs_quota.c,v 1.8 1996/02/09 22:36:09 christos Exp $ */ /* @@ -1002,14 +1002,14 @@ ufs_quotactl(struct mount *mp, int cmds, uid_t uid, caddr_t arg, int cmd, type, error; if (uid == -1) - uid = p->p_cred->p_ruid; + uid = p->p_ucred->cr_ruid; cmd = cmds >> SUBCMDSHIFT; switch (cmd) { case Q_SYNC: break; case Q_GETQUOTA: - if (uid == p->p_cred->p_ruid) + if (uid == p->p_ucred->cr_ruid) break; /* FALLTHROUGH */ default: |