PERFORCE change 21372 for review

Brian Feldman green at freebsd.org
Fri Nov 22 15:59:33 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=21372

Change 21372 by green at green_laptop_2 on 2002/11/22 07:58:33

	Use real ucreds in the NFS server's request structures for
	consistency, and compare only the relevant parts of each
	instead of relying on all of ucred's "bookkeeping" being
	invalid.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/nfsserver/nfs.h#5 edit
.. //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_serv.c#17 edit
.. //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_srvsock.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_syscalls.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/nfsserver/nfs.h#5 (text+ko) ====

@@ -254,7 +254,7 @@
 	u_int32_t		nd_retxid;	/* Reply xid */
 	struct timeval		nd_starttime;	/* Time RPC initiated */
 	fhandle_t		nd_fh;		/* File handle */
-	struct ucred		nd_cr;		/* Credentials */
+	struct ucred		*nd_cr;		/* Credentials */
 };
 
 /* Bits for "nd_flag" */
@@ -272,8 +272,10 @@
 		 !bcmp((caddr_t)&(o)->nd_fh, (caddr_t)&(n)->nd_fh, NFSX_V3FH))
 
 #define NFSW_SAMECRED(o, n) \
-	(!bcmp((caddr_t)&(o)->nd_cr, (caddr_t)&(n)->nd_cr, \
-		sizeof (struct ucred)))
+	((o)->nd_cr->cr_uid == (n)->nd_cr->cr_uid && \
+	 (o)->nd_cr->cr_ngroups == (n)->nd_cr->cr_ngroups && \
+	 bcmp((o)->nd_cr->cr_groups, (n)->nd_cr->cr_groups, \
+	     (n)->nd_cr->cr_ngroups * sizeof(gid_t)) == 0)
 
 /*
  * Defines for WebNFS

==== //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_serv.c#17 (text+ko) ====

@@ -171,7 +171,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct vnode *vp = NULL;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
@@ -238,7 +238,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct nfs_fattr *fp;
 	struct vattr va;
 	struct vattr *vap = &va;
@@ -287,7 +287,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct vattr va, preat;
 	struct vattr *vap = &va;
 	struct nfsv2_sattr *sp;
@@ -442,7 +442,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct nfs_fattr *fp;
 	struct nameidata nd, ind, *ndp = &nd;
 	struct vnode *vp, *dirp = NULL;
@@ -631,7 +631,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct iovec iv[(NFS_MAXPATHLEN+MLEN-1)/MLEN];
 	struct iovec *ivp = iv;
 	struct mbuf *mp;
@@ -736,7 +736,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct iovec *iv;
 	struct iovec *iv2;
 	struct mbuf *m;
@@ -982,7 +982,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct iovec *ivp;
 	int i, cnt;
 	struct mbuf *mp;
@@ -1229,7 +1229,7 @@
 	    mrep = nfsd->nd_mrep;
 	    md = nfsd->nd_md;
 	    dpos = nfsd->nd_dpos;
-	    cred = &nfsd->nd_cr;
+	    cred = nfsd->nd_cr;
 	    v3 = (nfsd->nd_flag & ND_NFSV3);
 	    LIST_INIT(&nfsd->nd_coalesce);
 	    nfsd->nd_mreq = NULL;
@@ -1364,7 +1364,7 @@
 		splx(s);
 		mrep = nfsd->nd_mrep;
 		nfsd->nd_mrep = NULL;
-		cred = &nfsd->nd_cr;
+		cred = nfsd->nd_cr;
 		v3 = (nfsd->nd_flag & ND_NFSV3);
 		forat_ret = aftat_ret = 1;
 		error = nfsrv_fhtovp(&nfsd->nd_fh, 1, &vp, cred, slp,
@@ -1576,7 +1576,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct nfs_fattr *fp;
 	struct vattr va, dirfor, diraft;
 	struct vattr *vap = &va;
@@ -1859,7 +1859,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct vattr va, dirfor, diraft;
 	struct vattr *vap = &va;
 	u_int32_t *tl;
@@ -2050,7 +2050,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct nameidata nd;
 	caddr_t bpos;
 	int error = 0, len, dirfor_ret = 1, diraft_ret = 1;
@@ -2148,7 +2148,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	caddr_t bpos;
 	int error = 0, len, len2, fdirfor_ret = 1, fdiraft_ret = 1;
 	int tdirfor_ret = 1, tdiraft_ret = 1;
@@ -2375,7 +2375,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct nameidata nd;
 	caddr_t bpos;
 	int error = 0, rdonly, len, dirfor_ret = 1, diraft_ret = 1;
@@ -2496,7 +2496,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct vattr va, dirfor, diraft;
 	struct nameidata nd;
 	struct vattr *vap = &va;
@@ -2680,7 +2680,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct vattr va, dirfor, diraft;
 	struct vattr *vap = &va;
 	struct nfs_fattr *fp;
@@ -2826,7 +2826,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	caddr_t bpos;
 	int error = 0, len, dirfor_ret = 1, diraft_ret = 1;
 	int v3 = (nfsd->nd_flag & ND_NFSV3);
@@ -2972,7 +2972,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	char *bp, *be;
 	struct mbuf *mp;
 	struct dirent *dp;
@@ -3263,7 +3263,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	char *bp, *be;
 	struct mbuf *mp;
 	struct dirent *dp;
@@ -3601,7 +3601,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct vattr bfor, aft;
 	struct vnode *vp = NULL;
 	nfsfh_t nfh;
@@ -3752,7 +3752,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct statfs *sf;
 	struct nfs_statfs *sfp;
 	caddr_t bpos;
@@ -3830,7 +3830,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct nfsv3_fsinfo *sip;
 	caddr_t bpos;
 	int error = 0, rdonly, getret = 1, pref;
@@ -3905,7 +3905,7 @@
 	struct mbuf *mrep = nfsd->nd_mrep, *md = nfsd->nd_md;
 	struct sockaddr *nam = nfsd->nd_nam;
 	caddr_t dpos = nfsd->nd_dpos;
-	struct ucred *cred = &nfsd->nd_cr;
+	struct ucred *cred = nfsd->nd_cr;
 	struct nfsv3_pathconf *pc;
 	caddr_t bpos;
 	int error = 0, rdonly, getret = 1;

==== //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_srvsock.c#8 (text+ko) ====

@@ -354,34 +354,32 @@
 		}
 		nfsm_adv(nfsm_rndup(len));
 		tl = nfsm_dissect(u_int32_t *, 3 * NFSX_UNSIGNED);
-		/*
-		 * XXX: This credential should be managed using crget(9)
-		 * and related calls.  Right now, this tramples on any
-		 * extensible data in the ucred, fails to initialize the
-		 * mutex, and worse.  This must be fixed before FreeBSD
-		 * 5.0-RELEASE.
-		 */
-		bzero((caddr_t)&nd->nd_cr, sizeof (struct ucred));
-		nd->nd_cr.cr_ref = 1;
-		nd->nd_cr.cr_uid = fxdr_unsigned(uid_t, *tl++);
-		nd->nd_cr.cr_gid = fxdr_unsigned(gid_t, *tl++);
+		nd->nd_cr = crget();
+		nd->nd_cr->cr_uid = nd->nd_cr->cr_ruid =
+		    nd->nd_cr->cr_svuid = fxdr_unsigned(uid_t, *tl++);
+		nd->nd_cr->cr_groups[0] = nd->nd_cr->cr_rgid =
+		    nd->nd_cr->cr_svgid = fxdr_unsigned(gid_t, *tl++);
 		len = fxdr_unsigned(int, *tl);
 		if (len < 0 || len > RPCAUTH_UNIXGIDS) {
 			m_freem(mrep);
+			crfree(nd->nd_cr);
+			nd->nd_cr = NULL;
 			return (EBADRPC);
 		}
 		tl = nfsm_dissect(u_int32_t *, (len + 2) * NFSX_UNSIGNED);
 		for (i = 1; i <= len; i++)
 		    if (i < NGROUPS)
-			nd->nd_cr.cr_groups[i] = fxdr_unsigned(gid_t, *tl++);
+			nd->nd_cr->cr_groups[i] = fxdr_unsigned(gid_t, *tl++);
 		    else
 			tl++;
-		nd->nd_cr.cr_ngroups = (len >= NGROUPS) ? NGROUPS : (len + 1);
-		if (nd->nd_cr.cr_ngroups > 1)
-		    nfsrvw_sort(nd->nd_cr.cr_groups, nd->nd_cr.cr_ngroups);
+		nd->nd_cr->cr_ngroups = (len >= NGROUPS) ? NGROUPS : (len + 1);
+		if (nd->nd_cr->cr_ngroups > 1)
+		    nfsrvw_sort(nd->nd_cr->cr_groups, nd->nd_cr->cr_ngroups);
 		len = fxdr_unsigned(int, *++tl);
 		if (len < 0 || len > RPCAUTH_MAXSIZ) {
 			m_freem(mrep);
+			crfree(nd->nd_cr);
+			nd->nd_cr = NULL;
 			return (EBADRPC);
 		}
 		if (len > 0)
@@ -676,6 +674,8 @@
 		if (nam) {
 			FREE(nam, M_SONAME);
 		}
+		if (nd->nd_cr != NULL)
+			crfree(nd->nd_cr);
 		free((caddr_t)nd, M_NFSRVDESC);
 		return (error);
 	}

==== //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_syscalls.c#11 (text+ko) ====

@@ -365,6 +365,8 @@
 		}
 		if (error || (slp->ns_flag & SLP_VALID) == 0) {
 			if (nd) {
+				if (nd->nd_cr != NULL)
+					crfree(nd->nd_cr);
 				free((caddr_t)nd, M_NFSRVDESC);
 				nd = NULL;
 			}
@@ -491,6 +493,8 @@
 			if (slp->ns_so->so_proto->pr_flags & PR_CONNREQUIRED)
 				nfs_slpunlock(slp);
 			if (error == EINTR || error == ERESTART) {
+				if (nd->nd_cr != NULL)
+					crfree(nd->nd_cr);
 				free((caddr_t)nd, M_NFSRVDESC);
 				nfsrv_slpderef(slp);
 				s = splnet();
@@ -504,6 +508,8 @@
 			break;
 		    };
 		    if (nd) {
+			if (nd->nd_cr != NULL)
+				crfree(nd->nd_cr);
 			FREE((caddr_t)nd, M_NFSRVDESC);
 			nd = NULL;
 		    }
@@ -578,6 +584,8 @@
 		for (nwp = LIST_FIRST(&slp->ns_tq); nwp; nwp = nnwp) {
 			nnwp = LIST_NEXT(nwp, nd_tq);
 			LIST_REMOVE(nwp, nd_tq);
+			if (nwp->nd_cr != NULL)
+				crfree(nwp->nd_cr);
 			free((caddr_t)nwp, M_NFSRVDESC);
 		}
 		LIST_INIT(&slp->ns_tq);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list