From c1c2a80c1bc34b23507bf80a6fb12a672c94097c Mon Sep 17 00:00:00 2001
From: Dale Ghent <daleg@umbc.edu>
Date: Wed, 20 Dec 2006 20:07:02 +0000
Subject: [PATCH] solaris10-avoid-direct-cred-access-20061220

avoid a panic after we muck with groups by being less evil
---
 src/afs/SOLARIS/osi_groups.c | 18 ++++++++++++++++--
 src/afs/afs_dynroot.c        |  4 ++++
 src/afs/afs_nfsclnt.c        |  4 ++++
 src/afs/afs_osi_pag.c        | 27 ++++++++++++++++++++++++++-
 src/afs/afs_user.c           |  2 ++
 5 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/src/afs/SOLARIS/osi_groups.c b/src/afs/SOLARIS/osi_groups.c
index 82f779aba..d7eaeee3a 100644
--- a/src/afs/SOLARIS/osi_groups.c
+++ b/src/afs/SOLARIS/osi_groups.c
@@ -13,6 +13,12 @@
  * setpag
  *
  */
+
+#include <unistd.h>
+#ifdef AFS_SUN510_ENV
+#include <sys/cred.h>
+#endif
+
 #include <afsconfig.h>
 #include "afs/param.h"
 
@@ -124,8 +130,13 @@ afs_getgroups(struct cred *cred, gid_t * gidset)
     AFS_STATCNT(afs_getgroups);
 
     gidset[0] = gidset[1] = 0;
+#if defined(AFS_SUN510_ENV)
+    savengrps = ngrps = crgetngroups(cred);
+    gp = crgetgroups(cred);
+#else
     savengrps = ngrps = cred->cr_ngroups;
     gp = cred->cr_groups;
+#endif
     while (ngrps--)
 	*gidset++ = *gp++;
     return savengrps;
@@ -137,8 +148,6 @@ static int
 afs_setgroups(struct cred **cred, int ngroups, gid_t * gidset,
 	      int change_parent)
 {
-    int ngrps;
-    int i;
     gid_t *gp;
 
     AFS_STATCNT(afs_setgroups);
@@ -149,8 +158,13 @@ afs_setgroups(struct cred **cred, int ngroups, gid_t * gidset,
     }
     if (!change_parent)
 	*cred = (struct cred *)crcopy(*cred);
+#if defined(AFS_SUN510_ENV)
+    crsetgroups(*cred, ngroups, gidset);
+    gp = crgetgroups(*cred);
+#else
     (*cred)->cr_ngroups = ngroups;
     gp = (*cred)->cr_groups;
+#endif
     while (ngroups--)
 	*gp++ = *gidset++;
     mutex_exit(&curproc->p_crlock);
diff --git a/src/afs/afs_dynroot.c b/src/afs/afs_dynroot.c
index 80879c7b4..a0e961890 100644
--- a/src/afs/afs_dynroot.c
+++ b/src/afs/afs_dynroot.c
@@ -795,7 +795,11 @@ afs_DynrootVOPRemove(struct vcache *avc, struct AFS_UCRED *acred, char *aname)
     struct afs_dynSymlink *tps;
     int found = 0;
 
+#if defined(AFS_SUN510_ENV)
+    if (crgetruid(acred))
+#else
     if (acred->cr_uid)
+#endif
 	return EPERM;
 
     ObtainWriteLock(&afs_dynSymlinkLock, 97);
diff --git a/src/afs/afs_nfsclnt.c b/src/afs/afs_nfsclnt.c
index ae676da6f..b172fd670 100644
--- a/src/afs/afs_nfsclnt.c
+++ b/src/afs/afs_nfsclnt.c
@@ -198,7 +198,11 @@ afs_nfsclient_reqhandler(struct afs_exporter *exporter,
     }
 /*    ObtainWriteLock(&afs_xnfsreq); */
     pag = PagInCred(*cred);
+#if defined(AFS_SUN510_ENV)
+    uid = crgetuid(*cred);
+#else
     uid = (*cred)->cr_uid;
+#endif
     if ((afs_nfsexporter->exp_states & EXP_CLIPAGS) && pag != NOPAG) {
 	uid = pag;
     } else if (pag != NOPAG) {
diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c
index 2de0d6297..7a33329df 100644
--- a/src/afs/afs_osi_pag.c
+++ b/src/afs/afs_osi_pag.c
@@ -368,10 +368,18 @@ afs_getpag_val()
 {
     int pagvalue;
     struct AFS_UCRED *credp = u.u_cred;
-    int gidset0, gidset1;
+    gid_t gidset0, gidset1;
+#ifdef AFS_SUN510_ENV
+    const gid_t *gids;
+
+    gids = crgetgroups(*credp);
+    gidset0 = gids[0];
+    gidset1 = gids[1];
+#else
 
     gidset0 = credp->cr_groups[0];
     gidset1 = credp->cr_groups[1];
+#endif
     pagvalue = afs_get_pag_from_groups(gidset0, gidset1);
     return pagvalue;
 }
@@ -431,6 +439,8 @@ afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred)
 	    av->uid = -2;	/* XXX nobody... ? */
 	else
 	    av->uid = acred->cr_uid;	/* bsd creds don't have ruid */
+#elif defined(AFS_SUN510_ENV)
+        av->uid = crgetruid(acred);
 #else
 	av->uid = acred->cr_ruid;	/* default when no pag is set */
 #endif
@@ -492,11 +502,19 @@ PagInCred(const struct AFS_UCRED *cred)
 {
     afs_int32 pag;
     gid_t g0, g1;
+#if defined(AFS_SUN510_ENV)
+    const gid_t *gids;
+    int ngroups;
+#endif
 
     AFS_STATCNT(PagInCred);
     if (cred == NULL || cred == afs_osi_credp) {
 	return NOPAG;
     }
+#if defined(AFS_SUN510_ENV)
+    gids = crgetgroups(cred);
+    ngroups = crgetngroups(cred);
+#endif
 #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
     if (cred == NOCRED || cred == FSCRED) {
 	return NOPAG;
@@ -521,7 +539,11 @@ PagInCred(const struct AFS_UCRED *cred)
 	goto out;
     }
 #elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_DUX40_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV)
+#if defined(AFS_SUN510_ENV)
+    if (ngroups < 2) {
+#else
     if (cred->cr_ngroups < 2) {
+#endif
 	pag = NOPAG;
 	goto out;
     }
@@ -532,6 +554,9 @@ PagInCred(const struct AFS_UCRED *cred)
 #elif defined(AFS_LINUX26_ENV)
     g0 = GROUP_AT(cred->cr_group_info, 0);
     g1 = GROUP_AT(cred->cr_group_info, 1);
+#elif defined(AFS_SUN510_ENV)
+    g0 = gids[0];
+    g1 = gids[1];
 #else
     g0 = cred->cr_groups[0];
     g1 = cred->cr_groups[1];
diff --git a/src/afs/afs_user.c b/src/afs/afs_user.c
index 4fdd3ba71..31de6f034 100644
--- a/src/afs/afs_user.c
+++ b/src/afs/afs_user.c
@@ -610,6 +610,8 @@ afs_GCPAGs_perproc_func(AFS_PROC * pproc)
     pag = PagInCred(pcred);
 #if defined(AFS_DARWIN_ENV) || defined(AFS_FBSD40_ENV) || defined(AFS_LINUX22_ENV)
     uid = (pag != NOPAG ? pag : pcred->cr_uid);
+#elif defined(AFS_SUN510_ENV)
+    uid = (pag != NOPAG ? pag : crgetruid(pcred));
 #else
     uid = (pag != NOPAG ? pag : pcred->cr_ruid);
 #endif
-- 
2.39.5