From c0511d3b58c985e17c0c23585ea7d16b6f52fe61 Mon Sep 17 00:00:00 2001 From: Brian Feldman Date: Sun, 18 Feb 2001 13:30:20 +0000 Subject: [PATCH] Switch to using a struct xucred instead of a struct xucred when not actually in the kernel. This structure is a different size than what is currently in -CURRENT, but should hopefully be the last time any application breakage is caused there. As soon as any major inconveniences are removed, the definition of the in-kernel struct ucred should be conditionalized upon defined(_KERNEL). This also changes struct export_args to remove dependency on the constantly-changing struct ucred, as well as limiting the bounds of the size fields to the correct size. This means: a) mountd and friends won't break all the time, b) mountd and friends won't crash the kernel all the time if they don't know what they're doing wrt actual struct export_args layout. Reviewed by: bde --- sbin/mountd/mountd.c | 24 ++++++++++++------------ sys/kern/vfs_export.c | 12 ++++++++++-- sys/kern/vfs_subr.c | 12 ++++++++++-- sys/netinet/tcp_subr.c | 21 ++++++++++++++++----- sys/netinet/tcp_timewait.c | 21 ++++++++++++++++----- sys/netinet/udp_usrreq.c | 10 ++++++++-- sys/netinet6/udp6_usrreq.c | 14 +++++++++----- sys/nfs/nfs.h | 2 +- sys/nfs/nfs_syscalls.c | 8 +++++++- sys/nfsclient/nfs.h | 2 +- sys/nfsclient/nfs_nfsiod.c | 8 +++++++- sys/nfsclient/nfsargs.h | 2 +- sys/nfsclient/nfsstats.h | 2 +- sys/nfsserver/nfs.h | 2 +- sys/nfsserver/nfs_syscalls.c | 8 +++++++- sys/nfsserver/nfsrvstats.h | 2 +- sys/sys/mount.h | 6 +++--- sys/sys/param.h | 2 +- sys/sys/ucred.h | 13 +++++++++++++ usr.sbin/inetd/builtins.c | 2 +- usr.sbin/mountd/mountd.c | 24 ++++++++++++------------ 21 files changed, 138 insertions(+), 59 deletions(-) diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c index ffb1b6ebb525..2f46a9f2ca9c 100644 --- a/sbin/mountd/mountd.c +++ b/sbin/mountd/mountd.c @@ -161,9 +161,9 @@ int chk_host __P((struct dirlist *, u_int32_t, int *, int *)); void del_mlist __P((char *, char *)); struct dirlist *dirp_search __P((struct dirlist *, char *)); int do_mount __P((struct exportlist *, struct grouplist *, int, - struct ucred *, char *, int, struct statfs *)); + struct xucred *, char *, int, struct statfs *)); int do_opt __P((char **, char **, struct exportlist *, struct grouplist *, - int *, int *, struct ucred *)); + int *, int *, struct xucred *)); struct exportlist *ex_search __P((fsid_t *)); struct exportlist *get_exp __P((void)); void free_dir __P((struct dirlist *)); @@ -184,7 +184,7 @@ void hang_dirp __P((struct dirlist *, struct grouplist *, void mntsrv __P((struct svc_req *, SVCXPRT *)); void nextfield __P((char **, char **)); void out_of_mem __P((void)); -void parsecred __P((char *, struct ucred *)); +void parsecred __P((char *, struct xucred *)); int put_exlist __P((struct dirlist *, XDR *, struct dirlist *, int *)); int scan_tree __P((struct dirlist *, u_int32_t)); static void usage __P((void)); @@ -202,11 +202,12 @@ struct exportlist *exphead; struct mountlist *mlhead; struct grouplist *grphead; char exname[MAXPATHLEN]; -struct ucred def_anon = { +struct xucred def_anon = { + 0, + (uid_t)-2, 1, - (uid_t) -2, - 1, - { (gid_t) -2 } + { (gid_t)-2 }, + NULL }; int force_v2 = 0; int resvport_only = 1; @@ -732,7 +733,7 @@ get_exportlist() struct dirlist *dirhead; struct statfs fsb, *fsp; struct hostent *hpe; - struct ucred anon; + struct xucred anon; char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc; int len, has_host, exflags, got_nondir, dirplen, num, i, netgrp; @@ -1332,7 +1333,7 @@ do_opt(cpp, endcpp, ep, grp, has_hostp, exflagsp, cr) struct grouplist *grp; int *has_hostp; int *exflagsp; - struct ucred *cr; + struct xucred *cr; { char *cpoptarg, *cpoptend; char *cp, *endcp, *cpopt, savedc, savedc2; @@ -1591,7 +1592,7 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb) struct exportlist *ep; struct grouplist *grp; int exflags; - struct ucred *anoncrp; + struct xucred *anoncrp; char *dirp; int dirplen; struct statfs *fsb; @@ -1842,7 +1843,7 @@ get_line() void parsecred(namelist, cr) char *namelist; - struct ucred *cr; + struct xucred *cr; { char *name; int cnt; @@ -1854,7 +1855,6 @@ parsecred(namelist, cr) /* * Set up the unprivileged user. */ - cr->cr_ref = 1; cr->cr_uid = -2; cr->cr_groups[0] = -2; cr->cr_ngroups = 1; diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c index 38c18952beec..3c99779ca7b0 100644 --- a/sys/kern/vfs_export.c +++ b/sys/kern/vfs_export.c @@ -2319,7 +2319,11 @@ vfs_hang_addrlist(mp, nep, argp) return (EPERM); np = &nep->ne_defexported; np->netc_exflags = argp->ex_flags; - np->netc_anon = argp->ex_anon; + bzero(&np->netc_anon, sizeof(np->netc_anon)); + np->netc_anon.cr_uid = argp->ex_anon.cr_uid; + np->netc_anon.cr_ngroups = argp->ex_anon.cr_ngroups; + bcopy(argp->ex_anon.cr_groups, np->netc_anon.cr_groups, + sizeof(np->netc_anon.cr_groups)); np->netc_anon.cr_ref = 1; mp->mnt_flag |= MNT_DEFEXPORTED; return (0); @@ -2363,7 +2367,11 @@ vfs_hang_addrlist(mp, nep, argp) goto out; } np->netc_exflags = argp->ex_flags; - np->netc_anon = argp->ex_anon; + bzero(&np->netc_anon, sizeof(np->netc_anon)); + np->netc_anon.cr_uid = argp->ex_anon.cr_uid; + np->netc_anon.cr_ngroups = argp->ex_anon.cr_ngroups; + bcopy(argp->ex_anon.cr_groups, np->netc_anon.cr_groups, + sizeof(np->netc_anon.cr_groups)); np->netc_anon.cr_ref = 1; return (0); out: diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 38c18952beec..3c99779ca7b0 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -2319,7 +2319,11 @@ vfs_hang_addrlist(mp, nep, argp) return (EPERM); np = &nep->ne_defexported; np->netc_exflags = argp->ex_flags; - np->netc_anon = argp->ex_anon; + bzero(&np->netc_anon, sizeof(np->netc_anon)); + np->netc_anon.cr_uid = argp->ex_anon.cr_uid; + np->netc_anon.cr_ngroups = argp->ex_anon.cr_ngroups; + bcopy(argp->ex_anon.cr_groups, np->netc_anon.cr_groups, + sizeof(np->netc_anon.cr_groups)); np->netc_anon.cr_ref = 1; mp->mnt_flag |= MNT_DEFEXPORTED; return (0); @@ -2363,7 +2367,11 @@ vfs_hang_addrlist(mp, nep, argp) goto out; } np->netc_exflags = argp->ex_flags; - np->netc_anon = argp->ex_anon; + bzero(&np->netc_anon, sizeof(np->netc_anon)); + np->netc_anon.cr_uid = argp->ex_anon.cr_uid; + np->netc_anon.cr_ngroups = argp->ex_anon.cr_ngroups; + bcopy(argp->ex_anon.cr_groups, np->netc_anon.cr_groups, + sizeof(np->netc_anon.cr_groups)); np->netc_anon.cr_ref = 1; return (0); out: diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 654101404a8c..7ec84296aee1 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -900,6 +900,7 @@ SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist, CTLFLAG_RD, 0, 0, static int tcp_getcred(SYSCTL_HANDLER_ARGS) { + struct xucred xuc; struct sockaddr_in addrs[2]; struct inpcb *inp; int error, s; @@ -917,19 +918,25 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = SYSCTL_OUT(req, inp->inp_socket->so_cred, sizeof(struct ucred)); + bzero(&xuc, sizeof(xuc)); + xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; + xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; + bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups, + sizeof(xuc.cr_groups)); + error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); out: splx(s); return (error); } SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, - 0, 0, tcp_getcred, "S,ucred", "Get the ucred of a TCP connection"); + 0, 0, tcp_getcred, "S,xucred", "Get the xucred of a TCP connection"); #ifdef INET6 static int tcp6_getcred(SYSCTL_HANDLER_ARGS) { + struct xucred xuc; struct sockaddr_in6 addrs[2]; struct inpcb *inp; int error, s, mapped = 0; @@ -963,8 +970,12 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = SYSCTL_OUT(req, inp->inp_socket->so_cred, - sizeof(struct ucred)); + bzero(&xuc, sizeof(xuc)); + xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; + xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; + bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups, + sizeof(xuc.cr_groups)); + error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); out: splx(s); return (error); @@ -972,7 +983,7 @@ out: SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0, 0, - tcp6_getcred, "S,ucred", "Get the ucred of a TCP6 connection"); + tcp6_getcred, "S,xucred", "Get the xucred of a TCP6 connection"); #endif diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 654101404a8c..7ec84296aee1 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -900,6 +900,7 @@ SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist, CTLFLAG_RD, 0, 0, static int tcp_getcred(SYSCTL_HANDLER_ARGS) { + struct xucred xuc; struct sockaddr_in addrs[2]; struct inpcb *inp; int error, s; @@ -917,19 +918,25 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = SYSCTL_OUT(req, inp->inp_socket->so_cred, sizeof(struct ucred)); + bzero(&xuc, sizeof(xuc)); + xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; + xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; + bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups, + sizeof(xuc.cr_groups)); + error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); out: splx(s); return (error); } SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, - 0, 0, tcp_getcred, "S,ucred", "Get the ucred of a TCP connection"); + 0, 0, tcp_getcred, "S,xucred", "Get the xucred of a TCP connection"); #ifdef INET6 static int tcp6_getcred(SYSCTL_HANDLER_ARGS) { + struct xucred xuc; struct sockaddr_in6 addrs[2]; struct inpcb *inp; int error, s, mapped = 0; @@ -963,8 +970,12 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = SYSCTL_OUT(req, inp->inp_socket->so_cred, - sizeof(struct ucred)); + bzero(&xuc, sizeof(xuc)); + xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; + xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; + bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups, + sizeof(xuc.cr_groups)); + error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); out: splx(s); return (error); @@ -972,7 +983,7 @@ out: SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0, 0, - tcp6_getcred, "S,ucred", "Get the ucred of a TCP6 connection"); + tcp6_getcred, "S,xucred", "Get the xucred of a TCP6 connection"); #endif diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 468064fe7150..5588956e70e3 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -606,6 +606,7 @@ SYSCTL_PROC(_net_inet_udp, UDPCTL_PCBLIST, pcblist, CTLFLAG_RD, 0, 0, static int udp_getcred(SYSCTL_HANDLER_ARGS) { + struct xucred xuc; struct sockaddr_in addrs[2]; struct inpcb *inp; int error, s; @@ -623,14 +624,19 @@ udp_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = SYSCTL_OUT(req, inp->inp_socket->so_cred, sizeof(struct ucred)); + bzero(&xuc, sizeof(xuc)); + xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; + xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; + bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups, + sizeof(xuc.cr_groups)); + error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); out: splx(s); return (error); } SYSCTL_PROC(_net_inet_udp, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, - 0, 0, udp_getcred, "S,ucred", "Get the ucred of a UDP connection"); + 0, 0, udp_getcred, "S,xucred", "Get the xucred of a UDP connection"); static int udp_output(inp, m, addr, control, p) diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index bb0ae73b885f..ca9ce2fe25a8 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -474,6 +474,7 @@ udp6_ctlinput(cmd, sa, d) static int udp6_getcred(SYSCTL_HANDLER_ARGS) { + struct xucred xuc; struct sockaddr_in6 addrs[2]; struct inpcb *inp; int error, s; @@ -484,7 +485,7 @@ udp6_getcred(SYSCTL_HANDLER_ARGS) if (req->newlen != sizeof(addrs)) return (EINVAL); - if (req->oldlen != sizeof(struct ucred)) + if (req->oldlen != sizeof(struct xucred)) return (EINVAL); error = SYSCTL_IN(req, addrs, sizeof(addrs)); if (error) @@ -498,9 +499,12 @@ udp6_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = SYSCTL_OUT(req, inp->inp_socket->so_cred, - sizeof(struct ucred)); - + bzero(&xuc, sizeof(xuc)); + xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; + xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; + bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups, + sizeof(xuc.cr_groups)); + error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); out: splx(s); return (error); @@ -508,7 +512,7 @@ out: SYSCTL_PROC(_net_inet6_udp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0, 0, - udp6_getcred, "S,ucred", "Get the ucred of a UDP6 connection"); + udp6_getcred, "S,xucred", "Get the xucred of a UDP6 connection"); static int udp6_abort(struct socket *so) diff --git a/sys/nfs/nfs.h b/sys/nfs/nfs.h index 5c5a8237f13f..6423e5ac6af6 100644 --- a/sys/nfs/nfs.h +++ b/sys/nfs/nfs.h @@ -197,7 +197,7 @@ struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_int32_t nsd_haddr; /* Ip address of client */ - struct ucred nsd_cr; /* Cred. uid maps to */ + struct xucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verfier */ diff --git a/sys/nfs/nfs_syscalls.c b/sys/nfs/nfs_syscalls.c index 4eb5c86eaf73..2d46568f08cb 100644 --- a/sys/nfs/nfs_syscalls.c +++ b/sys/nfs/nfs_syscalls.c @@ -260,7 +260,13 @@ nfssvc(p, uap) FREE(nuidp->nu_nam, M_SONAME); } nuidp->nu_flag = 0; - nuidp->nu_cr = nsd->nsd_cr; + bzero(&nuidp->nu_cr, sizeof(nuidp->nu_cr)); + nuidp->nu_cr.cr_uid = nsd->nsd_cr.cr_uid; + nuidp->nu_cr.cr_ngroups = + nsd->nsd_cr.cr_ngroups; + bcopy(nsd->nsd_cr.cr_groups, + nuidp->nu_cr.cr_groups, + sizeof(nuidp->nu_cr.cr_groups)); if (nuidp->nu_cr.cr_ngroups > NGROUPS) nuidp->nu_cr.cr_ngroups = NGROUPS; nuidp->nu_cr.cr_ref = 1; diff --git a/sys/nfsclient/nfs.h b/sys/nfsclient/nfs.h index 5c5a8237f13f..6423e5ac6af6 100644 --- a/sys/nfsclient/nfs.h +++ b/sys/nfsclient/nfs.h @@ -197,7 +197,7 @@ struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_int32_t nsd_haddr; /* Ip address of client */ - struct ucred nsd_cr; /* Cred. uid maps to */ + struct xucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verfier */ diff --git a/sys/nfsclient/nfs_nfsiod.c b/sys/nfsclient/nfs_nfsiod.c index 4eb5c86eaf73..2d46568f08cb 100644 --- a/sys/nfsclient/nfs_nfsiod.c +++ b/sys/nfsclient/nfs_nfsiod.c @@ -260,7 +260,13 @@ nfssvc(p, uap) FREE(nuidp->nu_nam, M_SONAME); } nuidp->nu_flag = 0; - nuidp->nu_cr = nsd->nsd_cr; + bzero(&nuidp->nu_cr, sizeof(nuidp->nu_cr)); + nuidp->nu_cr.cr_uid = nsd->nsd_cr.cr_uid; + nuidp->nu_cr.cr_ngroups = + nsd->nsd_cr.cr_ngroups; + bcopy(nsd->nsd_cr.cr_groups, + nuidp->nu_cr.cr_groups, + sizeof(nuidp->nu_cr.cr_groups)); if (nuidp->nu_cr.cr_ngroups > NGROUPS) nuidp->nu_cr.cr_ngroups = NGROUPS; nuidp->nu_cr.cr_ref = 1; diff --git a/sys/nfsclient/nfsargs.h b/sys/nfsclient/nfsargs.h index 5c5a8237f13f..6423e5ac6af6 100644 --- a/sys/nfsclient/nfsargs.h +++ b/sys/nfsclient/nfsargs.h @@ -197,7 +197,7 @@ struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_int32_t nsd_haddr; /* Ip address of client */ - struct ucred nsd_cr; /* Cred. uid maps to */ + struct xucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verfier */ diff --git a/sys/nfsclient/nfsstats.h b/sys/nfsclient/nfsstats.h index 5c5a8237f13f..6423e5ac6af6 100644 --- a/sys/nfsclient/nfsstats.h +++ b/sys/nfsclient/nfsstats.h @@ -197,7 +197,7 @@ struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_int32_t nsd_haddr; /* Ip address of client */ - struct ucred nsd_cr; /* Cred. uid maps to */ + struct xucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verfier */ diff --git a/sys/nfsserver/nfs.h b/sys/nfsserver/nfs.h index 5c5a8237f13f..6423e5ac6af6 100644 --- a/sys/nfsserver/nfs.h +++ b/sys/nfsserver/nfs.h @@ -197,7 +197,7 @@ struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_int32_t nsd_haddr; /* Ip address of client */ - struct ucred nsd_cr; /* Cred. uid maps to */ + struct xucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verfier */ diff --git a/sys/nfsserver/nfs_syscalls.c b/sys/nfsserver/nfs_syscalls.c index 4eb5c86eaf73..2d46568f08cb 100644 --- a/sys/nfsserver/nfs_syscalls.c +++ b/sys/nfsserver/nfs_syscalls.c @@ -260,7 +260,13 @@ nfssvc(p, uap) FREE(nuidp->nu_nam, M_SONAME); } nuidp->nu_flag = 0; - nuidp->nu_cr = nsd->nsd_cr; + bzero(&nuidp->nu_cr, sizeof(nuidp->nu_cr)); + nuidp->nu_cr.cr_uid = nsd->nsd_cr.cr_uid; + nuidp->nu_cr.cr_ngroups = + nsd->nsd_cr.cr_ngroups; + bcopy(nsd->nsd_cr.cr_groups, + nuidp->nu_cr.cr_groups, + sizeof(nuidp->nu_cr.cr_groups)); if (nuidp->nu_cr.cr_ngroups > NGROUPS) nuidp->nu_cr.cr_ngroups = NGROUPS; nuidp->nu_cr.cr_ref = 1; diff --git a/sys/nfsserver/nfsrvstats.h b/sys/nfsserver/nfsrvstats.h index 5c5a8237f13f..6423e5ac6af6 100644 --- a/sys/nfsserver/nfsrvstats.h +++ b/sys/nfsserver/nfsrvstats.h @@ -197,7 +197,7 @@ struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_int32_t nsd_haddr; /* Ip address of client */ - struct ucred nsd_cr; /* Cred. uid maps to */ + struct xucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verfier */ diff --git a/sys/sys/mount.h b/sys/sys/mount.h index ea5a71a3b6c8..345f5a0e8623 100644 --- a/sys/sys/mount.h +++ b/sys/sys/mount.h @@ -245,11 +245,11 @@ typedef struct fhandle fhandle_t; struct export_args { int ex_flags; /* export related flags */ uid_t ex_root; /* mapping for root uid */ - struct ucred ex_anon; /* mapping for anonymous user */ + struct xucred ex_anon; /* mapping for anonymous user */ struct sockaddr *ex_addr; /* net address to which exported */ - int ex_addrlen; /* and the net address length */ + u_char ex_addrlen; /* and the net address length */ struct sockaddr *ex_mask; /* mask of valid bits in saddr */ - int ex_masklen; /* and the smask length */ + u_char ex_masklen; /* and the smask length */ char *ex_indexfile; /* index file for WebNFS URLs */ }; diff --git a/sys/sys/param.h b/sys/sys/param.h index 3b17118fbcde..161577dca1f4 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -46,7 +46,7 @@ #define BSD4_3 1 #define BSD4_4 1 #undef __FreeBSD_version -#define __FreeBSD_version 500016 /* Master, propagated to newvers */ +#define __FreeBSD_version 500017 /* Master, propagated to newvers */ #ifndef NULL #define NULL 0 diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index 5fb8d6dc9879..63adce8f0bc2 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -57,6 +57,19 @@ struct ucred { #define NOCRED ((struct ucred *)0) /* no credential available */ #define FSCRED ((struct ucred *)-1) /* filesystem credential */ +/* + * This is the external representation of struct ucred, based upon the + * size of a 4.2-RELEASE struct ucred. There will probably never be + * any need to change the size of this or layout of its used fields. + */ +struct xucred { + u_short _cr_unused0; /* compatibility with old ucred */ + uid_t cr_uid; /* effective user id */ + short cr_ngroups; /* number of groups */ + gid_t cr_groups[NGROUPS]; /* groups */ + void *_cr_unused1; /* compatibility with old ucred */ +}; + #ifdef _KERNEL struct proc; diff --git a/usr.sbin/inetd/builtins.c b/usr.sbin/inetd/builtins.c index cb594a14f32f..00839327991b 100644 --- a/usr.sbin/inetd/builtins.c +++ b/usr.sbin/inetd/builtins.c @@ -338,7 +338,7 @@ ident_stream(s, sep) /* Ident service (AKA "auth") */ struct sockaddr_in6 sin6[2]; #endif struct sockaddr_storage ss[2]; - struct ucred uc; + struct xucred uc; struct timeval tv = { 10, 0 diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index ffb1b6ebb525..2f46a9f2ca9c 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -161,9 +161,9 @@ int chk_host __P((struct dirlist *, u_int32_t, int *, int *)); void del_mlist __P((char *, char *)); struct dirlist *dirp_search __P((struct dirlist *, char *)); int do_mount __P((struct exportlist *, struct grouplist *, int, - struct ucred *, char *, int, struct statfs *)); + struct xucred *, char *, int, struct statfs *)); int do_opt __P((char **, char **, struct exportlist *, struct grouplist *, - int *, int *, struct ucred *)); + int *, int *, struct xucred *)); struct exportlist *ex_search __P((fsid_t *)); struct exportlist *get_exp __P((void)); void free_dir __P((struct dirlist *)); @@ -184,7 +184,7 @@ void hang_dirp __P((struct dirlist *, struct grouplist *, void mntsrv __P((struct svc_req *, SVCXPRT *)); void nextfield __P((char **, char **)); void out_of_mem __P((void)); -void parsecred __P((char *, struct ucred *)); +void parsecred __P((char *, struct xucred *)); int put_exlist __P((struct dirlist *, XDR *, struct dirlist *, int *)); int scan_tree __P((struct dirlist *, u_int32_t)); static void usage __P((void)); @@ -202,11 +202,12 @@ struct exportlist *exphead; struct mountlist *mlhead; struct grouplist *grphead; char exname[MAXPATHLEN]; -struct ucred def_anon = { +struct xucred def_anon = { + 0, + (uid_t)-2, 1, - (uid_t) -2, - 1, - { (gid_t) -2 } + { (gid_t)-2 }, + NULL }; int force_v2 = 0; int resvport_only = 1; @@ -732,7 +733,7 @@ get_exportlist() struct dirlist *dirhead; struct statfs fsb, *fsp; struct hostent *hpe; - struct ucred anon; + struct xucred anon; char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc; int len, has_host, exflags, got_nondir, dirplen, num, i, netgrp; @@ -1332,7 +1333,7 @@ do_opt(cpp, endcpp, ep, grp, has_hostp, exflagsp, cr) struct grouplist *grp; int *has_hostp; int *exflagsp; - struct ucred *cr; + struct xucred *cr; { char *cpoptarg, *cpoptend; char *cp, *endcp, *cpopt, savedc, savedc2; @@ -1591,7 +1592,7 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb) struct exportlist *ep; struct grouplist *grp; int exflags; - struct ucred *anoncrp; + struct xucred *anoncrp; char *dirp; int dirplen; struct statfs *fsb; @@ -1842,7 +1843,7 @@ get_line() void parsecred(namelist, cr) char *namelist; - struct ucred *cr; + struct xucred *cr; { char *name; int cnt; @@ -1854,7 +1855,6 @@ parsecred(namelist, cr) /* * Set up the unprivileged user. */ - cr->cr_ref = 1; cr->cr_uid = -2; cr->cr_groups[0] = -2; cr->cr_ngroups = 1;