From: Dale Ghent Date: Wed, 20 Dec 2006 20:09:06 +0000 (+0000) Subject: STABLE14-solaris10-avoid-direct-cred-access-20061220 X-Git-Tag: openafs-stable-1_4_3rc1~44 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=06134df4374c7fb359a7258dabcd775b152d1ec2;p=packages%2Fo%2Fopenafs.git STABLE14-solaris10-avoid-direct-cred-access-20061220 avoid a panic after we muck with groups by being less evil (cherry picked from commit c1c2a80c1bc34b23507bf80a6fb12a672c94097c) --- diff --git a/src/afs/SOLARIS/osi_groups.c b/src/afs/SOLARIS/osi_groups.c index 82f779aba..d7eaeee3a 100644 --- a/src/afs/SOLARIS/osi_groups.c +++ b/src/afs/SOLARIS/osi_groups.c @@ -13,6 +13,12 @@ * setpag * */ + +#include +#ifdef AFS_SUN510_ENV +#include +#endif + #include #include "afs/param.h" @@ -124,8 +130,13 @@ afs_getgroups(struct cred *cred, gid_t * gidset) AFS_STATCNT(afs_getgroups); gidset[0] = gidset[1] = 0; +#if defined(AFS_SUN510_ENV) + savengrps = ngrps = crgetngroups(cred); + gp = crgetgroups(cred); +#else savengrps = ngrps = cred->cr_ngroups; gp = cred->cr_groups; +#endif while (ngrps--) *gidset++ = *gp++; return savengrps; @@ -137,8 +148,6 @@ static int afs_setgroups(struct cred **cred, int ngroups, gid_t * gidset, int change_parent) { - int ngrps; - int i; gid_t *gp; AFS_STATCNT(afs_setgroups); @@ -149,8 +158,13 @@ afs_setgroups(struct cred **cred, int ngroups, gid_t * gidset, } if (!change_parent) *cred = (struct cred *)crcopy(*cred); +#if defined(AFS_SUN510_ENV) + crsetgroups(*cred, ngroups, gidset); + gp = crgetgroups(*cred); +#else (*cred)->cr_ngroups = ngroups; gp = (*cred)->cr_groups; +#endif while (ngroups--) *gp++ = *gidset++; mutex_exit(&curproc->p_crlock); diff --git a/src/afs/afs_dynroot.c b/src/afs/afs_dynroot.c index 1d2563ef4..ba1bbe646 100644 --- a/src/afs/afs_dynroot.c +++ b/src/afs/afs_dynroot.c @@ -639,7 +639,11 @@ afs_DynrootVOPRemove(struct vcache *avc, struct AFS_UCRED *acred, char *aname) struct afs_dynSymlink *tps; int found = 0; +#if defined(AFS_SUN510_ENV) + if (crgetruid(acred)) +#else if (acred->cr_uid) +#endif return EPERM; ObtainWriteLock(&afs_dynSymlinkLock, 97); diff --git a/src/afs/afs_nfsclnt.c b/src/afs/afs_nfsclnt.c index 5f16f661a..a40d835cc 100644 --- a/src/afs/afs_nfsclnt.c +++ b/src/afs/afs_nfsclnt.c @@ -176,6 +176,7 @@ afs_nfsclient_reqhandler(exporter, cred, host, pagparam, outexporter) extern struct unixuser *afs_FindUser(), *afs_GetUser(); register struct unixuser *au = 0; afs_int32 pag, code = 0; + uid_t uid; AFS_ASSERT_GLOCK(); AFS_STATCNT(afs_nfsclient_reqhandler); @@ -206,9 +207,14 @@ afs_nfsclient_reqhandler(exporter, cred, host, pagparam, outexporter) pag = NOPAG; /* No unixuser struct so pag not trusted */ } } - np = afs_FindNfsClientPag((*cred)->cr_uid, host, 0); +#if defined(AFS_SUN510_ENV) + uid = crgetuid(*cred); +#else + uid = (*cred)->cr_uid; +#endif + np = afs_FindNfsClientPag(uid, host, 0); afs_Trace4(afs_iclSetp, CM_TRACE_NFSREQH, ICL_TYPE_INT32, pag, - ICL_TYPE_LONG, (*cred)->cr_uid, ICL_TYPE_INT32, host, + ICL_TYPE_LONG, uid, ICL_TYPE_INT32, host, ICL_TYPE_POINTER, np); if (!np) { /* Even if there is a "good" pag coming in we don't accept it if no nfsclientpag struct exists for the user since that would mean that the translator rebooted and therefore we ignore all older pag values */ diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c index 9c33f3ff3..8137c8bf4 100644 --- a/src/afs/afs_osi_pag.c +++ b/src/afs/afs_osi_pag.c @@ -368,10 +368,18 @@ afs_getpag_val() { int pagvalue; struct AFS_UCRED *credp = u.u_cred; - int gidset0, gidset1; + gid_t gidset0, gidset1; +#ifdef AFS_SUN510_ENV + const gid_t *gids; + + gids = crgetgroups(*credp); + gidset0 = gids[0]; + gidset1 = gids[1]; +#else gidset0 = credp->cr_groups[0]; gidset1 = credp->cr_groups[1]; +#endif pagvalue = afs_get_pag_from_groups(gidset0, gidset1); return pagvalue; } @@ -422,6 +430,8 @@ afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred) av->uid = -2; /* XXX nobody... ? */ else av->uid = acred->cr_uid; /* bsd creds don't have ruid */ +#elif defined(AFS_SUN510_ENV) + av->uid = crgetruid(acred); #else av->uid = acred->cr_ruid; /* default when no pag is set */ #endif @@ -483,11 +493,19 @@ PagInCred(const struct AFS_UCRED *cred) { afs_int32 pag; gid_t g0, g1; +#if defined(AFS_SUN510_ENV) + const gid_t *gids; + int ngroups; +#endif AFS_STATCNT(PagInCred); if (cred == NULL || cred == afs_osi_credp) { return NOPAG; } +#if defined(AFS_SUN510_ENV) + gids = crgetgroups(cred); + ngroups = crgetngroups(cred); +#endif #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV) if (cred == NOCRED || cred == FSCRED) { return NOPAG; @@ -512,7 +530,11 @@ PagInCred(const struct AFS_UCRED *cred) goto out; } #elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_DUX40_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV) +#if defined(AFS_SUN510_ENV) + if (ngroups < 2) { +#else if (cred->cr_ngroups < 2) { +#endif pag = NOPAG; goto out; } @@ -523,6 +545,9 @@ PagInCred(const struct AFS_UCRED *cred) #elif defined(AFS_LINUX26_ENV) g0 = GROUP_AT(cred->cr_group_info, 0); g1 = GROUP_AT(cred->cr_group_info, 1); +#elif defined(AFS_SUN510_ENV) + g0 = gids[0]; + g1 = gids[1]; #else g0 = cred->cr_groups[0]; g1 = cred->cr_groups[1]; diff --git a/src/afs/afs_user.c b/src/afs/afs_user.c index 8d3e7dcd7..24b252474 100644 --- a/src/afs/afs_user.c +++ b/src/afs/afs_user.c @@ -598,6 +598,8 @@ afs_GCPAGs_perproc_func(AFS_PROC * pproc) pag = PagInCred(pcred); #if defined(AFS_DARWIN_ENV) || defined(AFS_FBSD40_ENV) || defined(AFS_LINUX22_ENV) uid = (pag != NOPAG ? pag : pcred->cr_uid); +#elif defined(AFS_SUN510_ENV) + uid = (pag != NOPAG ? pag : crgetruid(pcred)); #else uid = (pag != NOPAG ? pag : pcred->cr_ruid); #endif