From eb8e55bba7740a87e07ef07bb4b789e6d4e36f0d Mon Sep 17 00:00:00 2001 From: Marc Dionne Date: Thu, 29 Oct 2009 19:23:28 -0400 Subject: [PATCH] Unix client: wrappers for credentials structure access This patch introduces and makes use of wrappers for access to credentials structure members: cr_uid (afs_ucred_t *) cr_ruid(afs_ucred_t *) cr_gid (afs_ucred_t *) cr_rgid(afs_ucred_t *) cr_group_info(afs_ucred_t *) Inline functions are also introduced to set values: set_cr_uid (afs_ucred_t *, uid_t) set_cr_ruid(afs_ucred_t *, uid_t) set_cr_gid (afs_ucred_t *, gid_t) set_cr_rgid(afs_ucred_t *, gid_t) set_cr_group_info(afs_ucred_t *, struct group_info *) This will allow an architecture to make use of an alternate structure to hold credentials. In particular it will allow the linux client to be modified to use the kernel credentials structure directly instead of shadowing it into our own local structure. There should be no functional change. Change-Id: I7739196a0691a9c30887043b085e4878e88780ae Reviewed-on: http://gerrit.openafs.org/768 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/afs/DARWIN/osi_vnodeops.c | 2 +- src/afs/IRIX/osi_vnodeops.c | 2 +- src/afs/LINUX/osi_cred.c | 46 ++++++++++++++++----------------- src/afs/LINUX/osi_groups.c | 10 +++---- src/afs/LINUX/osi_machdep.h | 6 +++++ src/afs/LINUX/osi_nfssrv.c | 26 +++++++++---------- src/afs/LINUX24/osi_cred.c | 32 +++++++++++------------ src/afs/LINUX24/osi_machdep.h | 6 +++++ src/afs/UKERNEL/afs_usrops.c | 28 ++++++++++---------- src/afs/VNOPS/afs_vnop_create.c | 2 +- src/afs/VNOPS/afs_vnop_dirops.c | 2 +- src/afs/VNOPS/afs_vnop_write.c | 2 +- src/afs/afs.h | 22 ++++++++++++++++ src/afs/afs_disconnected.c | 2 +- src/afs/afs_dynroot.c | 4 +-- src/afs/afs_nfsclnt.c | 13 +++++----- src/afs/afs_osi.c | 2 +- src/afs/afs_osi_gcpags.c | 10 +++---- src/afs/afs_osi_pag.c | 14 +++++----- src/afs/afs_pag_call.c | 2 +- src/afs/afs_pag_cred.c | 4 +-- src/afs/afs_pioctl.c | 26 +++++++++---------- src/afs/afs_user.c | 4 +-- src/afs/exporter.h | 2 +- src/afsweb/nsafs.c | 8 +++--- 25 files changed, 156 insertions(+), 121 deletions(-) diff --git a/src/afs/DARWIN/osi_vnodeops.c b/src/afs/DARWIN/osi_vnodeops.c index a2fd4e16f..63fd91f27 100644 --- a/src/afs/DARWIN/osi_vnodeops.c +++ b/src/afs/DARWIN/osi_vnodeops.c @@ -1423,7 +1423,7 @@ afs_vop_rename(ap) * run mv as the user, thus: */ printf("su %d -c /bin/mv /afs/.:mount/%d:%d:%d:%d/%s /afs/.:mount/%d:%d:%d:%d/%s\n", - (cn_cred(tcnp))->cr_uid, fvc->f.fid.Cell, fvc->f.fid.Fid.Volume, + cr_uid(cn_cred(tcnp)), fvc->f.fid.Cell, fvc->f.fid.Fid.Volume, fvc->f.fid.Fid.Vnode, fvc->f.fid.Fid.Unique, fname, tvc->f.fid.Cell, tvc->f.fid.Fid.Volume, tvc->f.fid.Fid.Vnode, tvc->f.fid.Fid.Unique, tname); diff --git a/src/afs/IRIX/osi_vnodeops.c b/src/afs/IRIX/osi_vnodeops.c index b594526ae..6354de3bc 100644 --- a/src/afs/IRIX/osi_vnodeops.c +++ b/src/afs/IRIX/osi_vnodeops.c @@ -976,7 +976,7 @@ OSI_VC_DECL(avc); /* at least one daemon is idle, so ask it to do the store. * Also, note that we don't lock it any more... */ tb = afs_BQueue(BOP_STORE, avc, 0, 1, acred, - (afs_size_t) acred->cr_uid, 0L, (void *)0); + (afs_size_t) cr_uid(acred), 0L, (void *)0); /* sleep waiting for the store to start, then retrieve error code */ while ((tb->flags & BUVALID) == 0) { tb->flags |= BUWAIT; diff --git a/src/afs/LINUX/osi_cred.c b/src/afs/LINUX/osi_cred.c index 266929c95..bbd4a73f4 100644 --- a/src/afs/LINUX/osi_cred.c +++ b/src/afs/LINUX/osi_cred.c @@ -42,7 +42,7 @@ crfree(cred_t * cr) return; } - put_group_info(cr->cr_group_info); + put_group_info(cr_group_info(cr)); kfree(cr); } @@ -54,13 +54,13 @@ crdup(cred_t * cr) { cred_t *tmp = crget(); - tmp->cr_uid = cr->cr_uid; - tmp->cr_ruid = cr->cr_ruid; - tmp->cr_gid = cr->cr_gid; - tmp->cr_rgid = cr->cr_rgid; + set_cr_uid(tmp, cr_uid(cr)); + set_cr_ruid(tmp, cr_ruid(cr)); + set_cr_gid(tmp, cr_gid(cr)); + set_cr_rgid(tmp, cr_rgid(cr)); - get_group_info(cr->cr_group_info); - tmp->cr_group_info = cr->cr_group_info; + get_group_info(cr_group_info(cr)); + set_cr_group_info(tmp, cr_group_info(cr)); return tmp; } @@ -70,14 +70,14 @@ crref(void) { cred_t *cr = crget(); - cr->cr_uid = current_fsuid(); - cr->cr_ruid = current_uid(); - cr->cr_gid = current_fsgid(); - cr->cr_rgid = current_gid(); + set_cr_uid(cr, current_fsuid()); + set_cr_ruid(cr, current_uid()); + set_cr_gid(cr, current_fsgid()); + set_cr_rgid(cr, current_gid()); task_lock(current); get_group_info(current_group_info()); - cr->cr_group_info = current_group_info(); + set_cr_group_info(cr, current_group_info()); task_unlock(current); return cr; @@ -98,28 +98,28 @@ crset(cred_t * cr) if (current->cred != current->real_cred) return; new_creds = prepare_creds(); - new_creds->fsuid = cr->cr_uid; - new_creds->uid = cr->cr_ruid; - new_creds->fsgid = cr->cr_gid; - new_creds->gid = cr->cr_rgid; + new_creds->fsuid = cr_uid(cr); + new_creds->uid = cr_ruid(cr); + new_creds->fsgid = cr_gid(cr); + new_creds->gid = cr_rgid(cr); #else - current->fsuid = cr->cr_uid; - current->uid = cr->cr_ruid; - current->fsgid = cr->cr_gid; - current->gid = cr->cr_rgid; + current->fsuid = cr_uid(cr); + current->uid = cr_ruid(cr); + current->fsgid = cr_gid(cr); + current->gid = cr_rgid(cr); #endif /* using set_current_groups() will sort the groups */ - get_group_info(cr->cr_group_info); + get_group_info(cr_group_info(cr)); task_lock(current); #if defined(STRUCT_TASK_HAS_CRED) old_info = current->cred->group_info; - new_creds->group_info = cr->cr_group_info; + new_creds->group_info = cr_group_info(cr); commit_creds(new_creds); #else old_info = current->group_info; - current->group_info = cr->cr_group_info; + current->group_info = cr_group_info(cr); #endif task_unlock(current); diff --git a/src/afs/LINUX/osi_groups.c b/src/afs/LINUX/osi_groups.c index 4d2dbd95c..a034ce2fe 100644 --- a/src/afs/LINUX/osi_groups.c +++ b/src/afs/LINUX/osi_groups.c @@ -39,9 +39,9 @@ afs_setgroups(cred_t **cr, struct group_info *group_info, int change_parent) AFS_STATCNT(afs_setgroups); - old_info = (*cr)->cr_group_info; + old_info = cr_group_info(*cr); get_group_info(group_info); - (*cr)->cr_group_info = group_info; + set_cr_group_info(*cr, group_info); put_group_info(old_info); crset(*cr); @@ -65,8 +65,8 @@ afs_getgroups(cred_t * cr) { AFS_STATCNT(afs_getgroups); - get_group_info(cr->cr_group_info); - return cr->cr_group_info; + get_group_info(cr_group_info(cr)); + return cr_group_info(cr); } int @@ -209,7 +209,7 @@ setpag(cred_t **cr, afs_uint32 pagvalue, afs_uint32 *newpag, code = __setpag(cr, pagvalue, newpag, change_parent); #ifdef LINUX_KEYRING_SUPPORT - if (code == 0 && (*cr)->cr_rgid != NFSXLATOR_CRED) { + if (code == 0 && cr_rgid(*cr) != NFSXLATOR_CRED) { (void) install_session_keyring(NULL); if (current_session_keyring()) { diff --git a/src/afs/LINUX/osi_machdep.h b/src/afs/LINUX/osi_machdep.h index fb8a5f507..2ff0896f3 100644 --- a/src/afs/LINUX/osi_machdep.h +++ b/src/afs/LINUX/osi_machdep.h @@ -166,6 +166,12 @@ typedef struct afs_cred { /* maps to task field: */ typedef struct afs_cred afs_ucred_t; typedef struct task_struct afs_proc_t; +#define cr_group_info(cred) ((cred)->cr_group_info) +static inline void +set_cr_group_info(afs_ucred_t *cred, struct group_info *group_info) { + cred->cr_group_info = group_info; +} + #if !defined(current_cred) #define current_gid() (current->gid) #define current_uid() (current->uid) diff --git a/src/afs/LINUX/osi_nfssrv.c b/src/afs/LINUX/osi_nfssrv.c index 7c61403f5..edfa61f37 100644 --- a/src/afs/LINUX/osi_nfssrv.c +++ b/src/afs/LINUX/osi_nfssrv.c @@ -120,14 +120,14 @@ svcauth_afs_accept(struct svc_rqst *rqstp, u32 *authp) ns->code = EACCES; ns->client_addr = *addr; ns->client_addrlen = rqstp->rq_addrlen; - ns->client_uid = rqstp->rq_cred.cr_uid; - ns->client_gid = rqstp->rq_cred.cr_gid; - if (rqstp->rq_cred.cr_group_info->ngroups > 0) - ns->client_g0 = GROUP_AT(rqstp->rq_cred.cr_group_info, 0); + ns->client_uid = cr_uid(&rqstp->rq_cred); + ns->client_gid = cr_gid(&rqstp->rq_cred); + if (cr_group_info(&rqstp->rq_cred)->ngroups > 0) + ns->client_g0 = GROUP_AT(cr_group_info(&rqstp->rq_cred), 0); else ns->client_g0 = -1; - if (rqstp->rq_cred.cr_group_info->ngroups > 1) - ns->client_g1 = GROUP_AT(rqstp->rq_cred.cr_group_info, 1); + if (cr_group_info(&rqstp->rq_cred)->ngroups > 1) + ns->client_g1 = GROUP_AT(cr_group_info(&rqstp->rq_cred), 1); else ns->client_g1 = -1; @@ -138,15 +138,15 @@ svcauth_afs_accept(struct svc_rqst *rqstp, u32 *authp) } credp = crget(); - credp->cr_uid = rqstp->rq_cred.cr_uid; - credp->cr_gid = rqstp->rq_cred.cr_gid; - get_group_info(rqstp->rq_cred.cr_group_info); - credp->cr_group_info = rqstp->rq_cred.cr_group_info; + set_cr_uid(credp, cr_uid(&rqstp->rq_cred)); + set_cr_gid(credp, cr_gid(&rqstp->rq_cred)); + get_group_info(cr_group_info(&rqstp->rq_cred)); + set_cr_group_info(credp, cr_group_info(&rqstp->rq_cred)); /* avoid creating wildcard entries by mapping anonymous * clients to afs_nobody */ - if (credp->cr_uid == -1) - credp->cr_uid = -2; + if (cr_uid(credp) == -1) + set_cr_uid(credp, -2); code = afs_nfsclient_reqhandler(0, &credp, addr->sin_addr.s_addr, &ns->uid, &outexp); if (!code && outexp) EXP_RELE(outexp); @@ -191,7 +191,7 @@ int osi_linux_nfs_initreq(struct vrequest *av, afs_ucred_t *cr, int *code) *code = ns->code; if (!ns->code) { - cr->cr_ruid = NFSXLATOR_CRED; + cr_ruid(cr) = NFSXLATOR_CRED; av->uid = ns->uid; } return 1; diff --git a/src/afs/LINUX24/osi_cred.c b/src/afs/LINUX24/osi_cred.c index 9a52a2a3e..b760f976e 100644 --- a/src/afs/LINUX24/osi_cred.c +++ b/src/afs/LINUX24/osi_cred.c @@ -52,10 +52,10 @@ crdup(cred_t * cr) { cred_t *tmp = crget(); - tmp->cr_uid = cr->cr_uid; - tmp->cr_ruid = cr->cr_ruid; - tmp->cr_gid = cr->cr_gid; - tmp->cr_rgid = cr->cr_rgid; + set_cr_uid(tmp, cr_uid(cr)); + set_cr_ruid(tmp, cr_ruid(cr)); + set_cr_gid(tmp, cr_gid(cr)); + set_cr_rgid(tmp, cr_rgid(cr)); memcpy(tmp->cr_groups, cr->cr_groups, NGROUPS * sizeof(gid_t)); tmp->cr_ngroups = cr->cr_ngroups; @@ -68,10 +68,10 @@ crref(void) { cred_t *cr = crget(); - cr->cr_uid = current_fsuid(); - cr->cr_ruid = current_uid(); - cr->cr_gid = current_fsgid(); - cr->cr_rgid = current_gid(); + set_cr_uid(cr, current_fsuid()); + set_cr_ruid(cr, current_uid()); + set_cr_gid(cr, current_fsgid()); + set_cr_rgid(cr, current_gid()); memcpy(cr->cr_groups, current->groups, NGROUPS * sizeof(gid_t)); cr->cr_ngroups = current->ngroups; @@ -94,15 +94,15 @@ crset(cred_t * cr) if (current->cred != current->real_cred) return; new_creds = prepare_creds(); - new_creds->fsuid = cr->cr_uid; - new_creds->uid = cr->cr_ruid; - new_creds->fsgid = cr->cr_gid; - new_creds->gid = cr->cr_rgid; + new_creds->fsuid = cr_uid(cr); + new_creds->uid = cr_ruid(cr); + new_creds->fsgid = cr_gid(cr); + new_creds->gid = cr_rgid(cr); #else - current->fsuid = cr->cr_uid; - current->uid = cr->cr_ruid; - current->fsgid = cr->cr_gid; - current->gid = cr->cr_rgid; + current->fsuid = cr_uid(cr); + current->uid = cr_ruid(cr); + current->fsgid = cr_gid(cr); + current->gid = cr_rgid(cr); #endif memcpy(current->groups, cr->cr_groups, NGROUPS * sizeof(gid_t)); current->ngroups = cr->cr_ngroups; diff --git a/src/afs/LINUX24/osi_machdep.h b/src/afs/LINUX24/osi_machdep.h index b7206ecc9..24bcd6791 100644 --- a/src/afs/LINUX24/osi_machdep.h +++ b/src/afs/LINUX24/osi_machdep.h @@ -168,6 +168,12 @@ typedef struct afs_cred { /* maps to task field: */ typedef struct afs_cred afs_ucred_t; typedef struct task_struct afs_proc_t; +#define cr_group_info(cred) ((cred)->cr_group_info) +static inline void +set_cr_group_info(afs_ucred_t *cred, struct group_info *group_info) { + cred->cr_group_info = group_info; +} + #if !defined(current_cred) #define current_gid() (current->gid) #define current_uid() (current->uid) diff --git a/src/afs/UKERNEL/afs_usrops.c b/src/afs/UKERNEL/afs_usrops.c index a52dc0e6c..9d4a3535b 100644 --- a/src/afs/UKERNEL/afs_usrops.c +++ b/src/afs/UKERNEL/afs_usrops.c @@ -1493,12 +1493,12 @@ uafs_Init(char *rn, char *mountDirParam, char *confDirParam, afs_osi_Alloc(sizeof(struct usr_ucred)); usr_assert(afs_global_ucredp != NULL); afs_global_ucredp->cr_ref = 1; - afs_global_ucredp->cr_uid = geteuid(); - afs_global_ucredp->cr_gid = getegid(); - afs_global_ucredp->cr_ruid = getuid(); - afs_global_ucredp->cr_rgid = getgid(); - afs_global_ucredp->cr_suid = afs_global_ucredp->cr_ruid; - afs_global_ucredp->cr_sgid = afs_global_ucredp->cr_rgid; + set_cr_uid(afs_global_ucredp, geteuid()); + set_cr_gid(afs_global_ucredp, getegid()); + set_cr_ruid(afs_global_ucredp, getuid()); + set_cr_rgid(afs_global_ucredp, getgid()); + afs_global_ucredp->cr_suid = cr_ruid(afs_global_ucredp); + afs_global_ucredp->cr_sgid = cr_rgid(afs_global_ucredp); st = getgroups(NGROUPS, &afs_global_ucredp->cr_groups[0]); usr_assert(st >= 0); afs_global_ucredp->cr_ngroups = (unsigned long)st; @@ -1983,8 +1983,8 @@ syscallThread(void *argp) */ u.u_viceid = getuid(); crp = u.u_cred; - crp->cr_uid = getuid(); - crp->cr_ruid = getuid(); + set_cr_uid(crp, getuid()); + set_cr_ruid(crp, getuid()); crp->cr_suid = getuid(); crp->cr_groups[0] = getgid(); crp->cr_ngroups = 1; @@ -2579,8 +2579,8 @@ uafs_mkdir_r(char *path, int mode) usr_vattr_null(&attrs); attrs.va_type = VREG; attrs.va_mode = mode; - attrs.va_uid = u.u_cred->cr_uid; - attrs.va_gid = u.u_cred->cr_gid; + attrs.va_uid = cr_uid(u.u_cred); + attrs.va_gid = cr_gid(u.u_cred); dirP = NULL; code = afs_mkdir(VTOAFS(parentP), nameP, &attrs, &dirP, u.u_cred); VN_RELE(parentP); @@ -2678,8 +2678,8 @@ uafs_open_r(char *path, int flags, int mode) usr_vattr_null(&attrs); attrs.va_type = VREG; attrs.va_mode = mode; - attrs.va_uid = u.u_cred->cr_uid; - attrs.va_gid = u.u_cred->cr_gid; + attrs.va_uid = cr_uid(u.u_cred); + attrs.va_gid = cr_gid(u.u_cred); if (flags & O_TRUNC) { attrs.va_size = 0; } @@ -3505,8 +3505,8 @@ uafs_symlink_r(char *target, char *source) usr_vattr_null(&attrs); attrs.va_type = VLNK; attrs.va_mode = 0777; - attrs.va_uid = u.u_cred->cr_uid; - attrs.va_gid = u.u_cred->cr_gid; + attrs.va_uid = cr_uid(u.u_cred); + attrs.va_gid = cr_gid(u.u_cred); code = afs_symlink(VTOAFS(dirP), nameP, &attrs, target, u.u_cred); VN_RELE(dirP); if (code != 0) { diff --git a/src/afs/VNOPS/afs_vnop_create.c b/src/afs/VNOPS/afs_vnop_create.c index 9f7815706..fb6abc32d 100644 --- a/src/afs/VNOPS/afs_vnop_create.c +++ b/src/afs/VNOPS/afs_vnop_create.c @@ -271,7 +271,7 @@ afs_create(OSI_VC_DECL(adp), char *aname, struct vattr *attrs, } InStatus.Mask = AFS_SETMODTIME | AFS_SETMODE | AFS_SETGROUP; InStatus.ClientModTime = osi_Time(); - InStatus.Group = (afs_int32) acred->cr_gid; + InStatus.Group = (afs_int32) cr_gid(acred); if (AFS_NFSXLATORREQ(acred)) { /* * XXX The following is mainly used to fix a bug in the HP-UX diff --git a/src/afs/VNOPS/afs_vnop_dirops.c b/src/afs/VNOPS/afs_vnop_dirops.c index bf506b24f..913de752f 100644 --- a/src/afs/VNOPS/afs_vnop_dirops.c +++ b/src/afs/VNOPS/afs_vnop_dirops.c @@ -99,7 +99,7 @@ afs_mkdir(OSI_VC_DECL(adp), char *aname, struct vattr *attrs, InStatus.Mask = AFS_SETMODTIME | AFS_SETMODE | AFS_SETGROUP; InStatus.ClientModTime = osi_Time(); InStatus.UnixModeBits = attrs->va_mode & 0xffff; /* only care about protection bits */ - InStatus.Group = (afs_int32) acred->cr_gid; + InStatus.Group = (afs_int32) cr_gid(acred); tdc = afs_GetDCache(adp, (afs_size_t) 0, &treq, &offset, &len, 1); ObtainWriteLock(&adp->lock, 153); diff --git a/src/afs/VNOPS/afs_vnop_write.c b/src/afs/VNOPS/afs_vnop_write.c index b47b0f63a..5e76c1018 100644 --- a/src/afs/VNOPS/afs_vnop_write.c +++ b/src/afs/VNOPS/afs_vnop_write.c @@ -745,7 +745,7 @@ afs_close(OSI_VC_DECL(avc), afs_int32 aflags, afs_ucred_t *acred) /* at least one daemon is idle, so ask it to do the store. * Also, note that we don't lock it any more... */ tb = afs_BQueue(BOP_STORE, avc, 0, 1, acred, - (afs_size_t) acred->cr_uid, (afs_size_t) 0, + (afs_size_t) cr_uid(acred), (afs_size_t) 0, (void *)0); /* sleep waiting for the store to start, then retrieve error code */ while ((tb->flags & BUVALID) == 0) { diff --git a/src/afs/afs.h b/src/afs/afs.h index 0c6b8597c..677f918ba 100644 --- a/src/afs/afs.h +++ b/src/afs/afs.h @@ -1399,4 +1399,26 @@ extern int afsd_dynamic_vcaches; #define afsd_dynamic_vcaches 0 #endif +/* Wrappers for access to credentials structure members */ +#define cr_uid(cred) ((cred)->cr_uid) +#define cr_gid(cred) ((cred)->cr_gid) +#define cr_ruid(cred) ((cred)->cr_ruid) +#define cr_rgid(cred) ((cred)->cr_rgid) + +static_inline void +set_cr_uid(afs_ucred_t *cred, uid_t uid) { + cred->cr_uid = uid; +} +static_inline void +set_cr_gid(afs_ucred_t *cred, gid_t gid) { + cred->cr_gid = gid; +} +static_inline void +set_cr_ruid(afs_ucred_t *cred, uid_t uid) { + cred->cr_ruid = uid; +} +static_inline void +set_cr_rgid(afs_ucred_t *cred, gid_t gid) { + cred->cr_rgid = gid; +} #endif /* _AFS_H_ */ diff --git a/src/afs/afs_disconnected.c b/src/afs/afs_disconnected.c index f7433229f..1289a2e00 100644 --- a/src/afs/afs_disconnected.c +++ b/src/afs/afs_disconnected.c @@ -713,7 +713,7 @@ afs_ProcessOpCreate(struct vcache *avc, struct vrequest *areq, InStatus.Mask = AFS_SETMODTIME | AFS_SETMODE | AFS_SETGROUP; InStatus.ClientModTime = avc->f.m.Date; InStatus.Owner = avc->f.m.Owner; - InStatus.Group = (afs_int32) acred->cr_gid; + InStatus.Group = (afs_int32) cr_gid(acred); /* Only care about protection bits. */ InStatus.UnixModeBits = avc->f.m.Mode & 0xffff; diff --git a/src/afs/afs_dynroot.c b/src/afs/afs_dynroot.c index b57c881f9..4edcf70f1 100644 --- a/src/afs/afs_dynroot.c +++ b/src/afs/afs_dynroot.c @@ -798,7 +798,7 @@ afs_DynrootVOPRemove(struct vcache *avc, afs_ucred_t *acred, char *aname) #if defined(AFS_SUN510_ENV) if (crgetruid(acred)) #else - if (acred->cr_uid) + if (cr_uid(acred)) #endif return EPERM; @@ -838,7 +838,7 @@ afs_DynrootVOPSymlink(struct vcache *avc, afs_ucred_t *acred, { struct afs_dynSymlink *tps; - if (acred->cr_uid) + if (cr_uid(acred)) return EPERM; if (afs_CellOrAliasExists(aname)) return EEXIST; diff --git a/src/afs/afs_nfsclnt.c b/src/afs/afs_nfsclnt.c index 5fe7a9b35..98450323f 100644 --- a/src/afs/afs_nfsclnt.c +++ b/src/afs/afs_nfsclnt.c @@ -203,10 +203,10 @@ afs_nfsclient_reqhandler(struct afs_exporter *exporter, #if defined(AFS_SUN510_ENV) uid = crgetuid(*cred); #else - uid = (*cred)->cr_uid; + uid = cr_uid(*cred); #endif /* Do this early, so pag management knows */ - (*cred)->cr_rgid = NFSXLATOR_CRED; /* Identify it as nfs xlator call */ + set_cr_rgid(*cred, NFSXLATOR_CRED); /* Identify it as nfs xlator call */ if ((afs_nfsexporter->exp_states & EXP_CLIPAGS) && pag != NOPAG) { uid = pag; } else if (pag != NOPAG) { @@ -226,7 +226,7 @@ afs_nfsclient_reqhandler(struct afs_exporter *exporter, } np = afs_FindNfsClientPag(uid, host, 0); afs_Trace4(afs_iclSetp, CM_TRACE_NFSREQH, ICL_TYPE_INT32, pag, - ICL_TYPE_LONG, (*cred)->cr_uid, ICL_TYPE_INT32, host, + ICL_TYPE_LONG, cr_uid(*cred), ICL_TYPE_INT32, host, ICL_TYPE_POINTER, np); /* If remote-pags are enabled, we are no longer interested in what PAG * they claimed, and from here on we should behave as if they claimed @@ -253,7 +253,7 @@ afs_nfsclient_reqhandler(struct afs_exporter *exporter, } np = afs_GetNfsClientPag(uid, host); np->pag = pag; - np->client_uid = (*cred)->cr_uid; + np->client_uid = cr_uid(*cred); } else { if (pag == NOPAG) { if ((code = setpag(cred, np->pag, &pag, 0))) { @@ -590,11 +590,12 @@ afs_iauth_verify(long id, fsid_t * fsidp, long host, int uid, if (code) { /* ensure anonymous cred. */ - credp->cr_uid = credp->cr_ruid = (uid_t) - 2; /* anonymous */ + set_cr_uid(credp, (uid_t) -2; /* anonymous */ + set_cr_ruid(credp, (uid_t) -2; } /* Mark this thread as an NFS translator thread. */ - credp->cr_rgid = NFSXLATOR_CRED; + set_cr_rgid(credp, NFSXLATOR_CRED); AFS_GUNLOCK(); return 0; diff --git a/src/afs/afs_osi.c b/src/afs/afs_osi.c index 47ccfcc88..f075ef27c 100644 --- a/src/afs/afs_osi.c +++ b/src/afs/afs_osi.c @@ -115,7 +115,7 @@ osi_Init(void) #else memset(&afs_osi_cred, 0, sizeof(afs_ucred_t)); #if defined(AFS_LINUX26_ENV) - afs_osi_cred.cr_group_info = groups_alloc(0); + set_cr_group_info(&afs_osi_cred, groups_alloc(0)); #endif #if defined(AFS_DARWIN80_ENV) afs_osi_cred.cr_ref = 1; /* kauth_cred_get_ref needs 1 existing ref */ diff --git a/src/afs/afs_osi_gcpags.c b/src/afs/afs_osi_gcpags.c index 40f317179..1f8d0ab67 100644 --- a/src/afs/afs_osi_gcpags.c +++ b/src/afs/afs_osi_gcpags.c @@ -424,7 +424,7 @@ afs_osi_proc2cred(afs_proc_t * pr) } pcred = proc_ucred(pr); cr.cr_ref = 1; - cr.cr_uid = pcred->cr_uid; + set_cr_uid(&cr, cr_uid(pcred)); cr.cr_ngroups = pcred->cr_ngroups; memcpy(cr.cr_groups, pcred->cr_groups, NGROUPS * sizeof(gid_t)); @@ -445,7 +445,7 @@ afs_osi_proc2cred(afs_proc_t * pr) || (pr->p_stat == SSTOP)) { pcred_readlock(pr); cr.cr_ref = 1; - cr.cr_uid = pr->p_cred->pc_ucred->cr_uid; + set_cr_uid(&cr, cr_uid(pr->p_cred->pc_ucred)); cr.cr_ngroups = pr->p_cred->pc_ucred->cr_ngroups; memcpy(cr.cr_groups, pr->p_cred->pc_ucred->cr_groups, NGROUPS * sizeof(gid_t)); @@ -471,14 +471,14 @@ afs_osi_proc2cred(afs_proc_t * pr) || (pr->state == TASK_UNINTERRUPTIBLE) || (pr->state == TASK_STOPPED)) { cr.cr_ref = 1; - cr.cr_uid = task_uid(pr); + set_cr_uid(&cr, task_uid(pr)); #if defined(AFS_LINUX26_ENV) #if defined(STRUCT_TASK_HAS_CRED) get_group_info(pr->cred->group_info); - cr.cr_group_info = pr->cred->group_info; + set_cr_group_info(&cr, pr->cred->group_info); #else get_group_info(pr->group_info); - cr.cr_group_info = pr->group_info; + set_cr_group_info(&cr, pr->group_info); #endif #else cr.cr_ngroups = pr->ngroups; diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c index 1bedaea55..424cdcf9e 100644 --- a/src/afs/afs_osi_pag.c +++ b/src/afs/afs_osi_pag.c @@ -455,11 +455,11 @@ afs_InitReq(register struct vrequest *av, afs_ucred_t *acred) if (acred == NOCRED) av->uid = -2; /* XXX nobody... ? */ else - av->uid = acred->cr_uid; /* bsd creds don't have ruid */ + av->uid = cr_uid(acred); /* bsd creds don't have ruid */ #elif defined(AFS_SUN510_ENV) av->uid = crgetruid(acred); #else - av->uid = acred->cr_ruid; /* default when no pag is set */ + av->uid = cr_uid(acred); /* default when no pag is set */ #endif } return 0; @@ -571,7 +571,7 @@ PagInCred(afs_ucred_t *cred) return NOPAG; } #elif defined(AFS_LINUX26_ENV) - if (cred->cr_group_info->ngroups < NUMPAGGROUPS) { + if (cr_group_info(cred)->ngroups < NUMPAGGROUPS) { pag = NOPAG; goto out; } @@ -590,8 +590,8 @@ PagInCred(afs_ucred_t *cred) g1 = cred->cr_groupset.gs_union.un_groups[1]; #elif defined(AFS_LINUX26_ONEGROUP_ENV) #elif defined(AFS_LINUX26_ENV) - g0 = GROUP_AT(cred->cr_group_info, 0); - g1 = GROUP_AT(cred->cr_group_info, 1); + g0 = GROUP_AT(cr_group_info(cred), 0); + g1 = GROUP_AT(cr_group_info(cred), 1); #elif defined(AFS_SUN510_ENV) g0 = gids[0]; g1 = gids[1]; @@ -601,7 +601,7 @@ PagInCred(afs_ucred_t *cred) #endif #endif #if defined(AFS_LINUX26_ONEGROUP_ENV) - pag = (afs_int32) afs_get_pag_from_groups(cred->cr_group_info); + pag = (afs_int32) afs_get_pag_from_groups(cr_group_info(cred)); #else pag = (afs_int32) afs_get_pag_from_groups(g0, g1); #endif @@ -609,7 +609,7 @@ PagInCred(afs_ucred_t *cred) out: #endif #if defined(AFS_LINUX26_ENV) && defined(LINUX_KEYRING_SUPPORT) - if (pag == NOPAG && cred->cr_rgid != NFSXLATOR_CRED) { + if (pag == NOPAG && cr_rgid(cred) != NFSXLATOR_CRED) { struct key *key; afs_uint32 upag, newpag; diff --git a/src/afs/afs_pag_call.c b/src/afs/afs_pag_call.c index 431c09cee..e5b8eaa89 100644 --- a/src/afs/afs_pag_call.c +++ b/src/afs/afs_pag_call.c @@ -425,7 +425,7 @@ afs_syscall_pioctl(path, com, cmarg, follow) /* Set up credentials */ memset(&ccred, 0, sizeof(ccred)); pag = PagInCred(credp); - ccred.uid = credp->cr_uid; + ccred.uid = cr_uid(credp); if (pag != NOPAG) { afs_get_groups_from_pag(pag, &g0, &g1); ccred.group0 = g0; diff --git a/src/afs/afs_pag_cred.c b/src/afs/afs_pag_cred.c index ad3237aa3..79c4de3fe 100644 --- a/src/afs/afs_pag_cred.c +++ b/src/afs/afs_pag_cred.c @@ -99,7 +99,7 @@ int afspag_PUnlog(char *ain, afs_int32 ainSize, afs_ucred_t **acred) return EIO; /* Inappropriate ioctl for device */ pag = PagInCred(*acred); - uid = (pag == NOPAG) ? (*acred)->cr_uid : pag; + uid = (pag == NOPAG) ? cr_uid(*acred) : pag; i = UHash(uid); ObtainWriteLock(&afs_xuser, 823); for (tu = afs_users[i]; tu; tu = tu->next) { @@ -187,7 +187,7 @@ int afspag_PSetTokens(char *ain, afs_int32 ainSize, afs_ucred_t **acred) #endif } pag = PagInCred(*acred); - uid = (pag == NOPAG) ? (*acred)->cr_uid : pag; + uid = (pag == NOPAG) ? cr_uid(*acred) : pag; /* now we just set the tokens */ tu = afs_GetUser(uid, tcell->cellnum, WRITE_LOCK); if (!tu->cellinfo) diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c index 4ff344a20..3a445008f 100644 --- a/src/afs/afs_pioctl.c +++ b/src/afs/afs_pioctl.c @@ -3237,9 +3237,9 @@ DECL_PIOCTL(PSetSysName) ain += t + 1; num = count; } - if ((*acred)->cr_gid == RMTUSER_REQ || - (*acred)->cr_gid == RMTUSER_REQ_PRIV) { /* Handles all exporters */ - if (allpags && (*acred)->cr_gid != RMTUSER_REQ_PRIV) { + if (cr_gid(*acred) == RMTUSER_REQ || + cr_gid(*acred) == RMTUSER_REQ_PRIV) { /* Handles all exporters */ + if (allpags && cr_gid(*acred) != RMTUSER_REQ_PRIV) { return EPERM; } pag = PagInCred(*acred); @@ -3977,21 +3977,21 @@ HandleClientContext(struct afs_ioctl *ablob, int *com, #ifdef AFS_AIX41_ENV setuerror(0); #endif - newcred->cr_gid = isroot ? RMTUSER_REQ_PRIV : RMTUSER_REQ; + set_cr_gid(newcred, isroot ? RMTUSER_REQ_PRIV : RMTUSER_REQ); #ifdef AFS_AIX51_ENV newcred->cr_groupset.gs_union.un_groups[0] = g0; newcred->cr_groupset.gs_union.un_groups[1] = g1; #elif defined(AFS_LINUX26_ENV) #ifdef AFS_LINUX26_ONEGROUP_ENV - newcred->cr_group_info = groups_alloc(1); /* not that anything sets this */ + set_cr_group_info(newcred, groups_alloc(1)); /* not that anything sets this */ l = (((g0-0x3f00) & 0x3fff) << 14) | ((g1-0x3f00) & 0x3fff); h = ((g0-0x3f00) >> 14); h = ((g1-0x3f00) >> 14) + h + h + h; - GROUP_AT(newcred->cr_group_info, 0) = ((h << 28) | l); + GROUP_AT(cr_group_info(newcred), 0) = ((h << 28) | l); #else - newcred->cr_group_info = groups_alloc(2); - GROUP_AT(newcred->cr_group_info, 0) = g0; - GROUP_AT(newcred->cr_group_info, 1) = g1; + set_cr_group_info(newcred, groups_alloc(2)); + GROUP_AT(cr_group_info(newcred), 0) = g0; + GROUP_AT(cr_group_info(newcred), 1) = g1; #endif #else newcred->cr_groups[0] = g0; @@ -4013,15 +4013,15 @@ HandleClientContext(struct afs_ioctl *ablob, int *com, return EINVAL; } if (exporter->exp_states & EXP_PWSYNC) { - if (uid != credp->cr_uid) { + if (uid != cr_uid(credp)) { crfree(newcred); return ENOEXEC; /* XXX Find a better errno XXX */ } } - newcred->cr_uid = uid; /* Only temporary */ + set_cr_uid(newcred, uid); /* Only temporary */ code = EXP_REQHANDLER(exporter, &newcred, hostaddr, &pag, &outexporter); /* The client's pag is the only unique identifier for it */ - newcred->cr_uid = pag; + set_cr_uid(newcred, pag); *acred = newcred; if (!code && *com == PSETPAG) { /* Special case for 'setpag' */ @@ -4709,7 +4709,7 @@ DECL_PIOCTL(PNFSNukeCreds) return EINVAL; memcpy(&addr, ain, sizeof(afs_int32)); - if ((*acred)->cr_gid == RMTUSER_REQ_PRIV && !addr) { + if (cr_gid(*acred) == RMTUSER_REQ_PRIV && !addr) { tu = afs_GetUser(areq->uid, -1, SHARED_LOCK); if (!tu->exporter || !(addr = EXP_GETHOST(tu->exporter))) { afs_PutUser(tu, SHARED_LOCK); diff --git a/src/afs/afs_user.c b/src/afs/afs_user.c index bad9926ac..c7c68269c 100644 --- a/src/afs/afs_user.c +++ b/src/afs/afs_user.c @@ -608,11 +608,11 @@ afs_GCPAGs_perproc_func(afs_proc_t * pproc) pag = PagInCred(pcred); #if defined(AFS_DARWIN_ENV) || defined(AFS_FBSD40_ENV) || defined(AFS_LINUX22_ENV) - uid = (pag != NOPAG ? pag : pcred->cr_uid); + uid = (pag != NOPAG ? pag : cr_uid(pcred)); #elif defined(AFS_SUN510_ENV) uid = (pag != NOPAG ? pag : crgetruid(pcred)); #else - uid = (pag != NOPAG ? pag : pcred->cr_ruid); + uid = (pag != NOPAG ? pag : cr_ruid(pcred); #endif hash = UHash(uid); diff --git a/src/afs/exporter.h b/src/afs/exporter.h index ecaa8c0fe..e38c0fc2f 100644 --- a/src/afs/exporter.h +++ b/src/afs/exporter.h @@ -43,7 +43,7 @@ #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV) #define AFS_NFSXLATORREQ(cred) 0 #else -#define AFS_NFSXLATORREQ(cred) ((cred)->cr_rgid == NFSXLATOR_CRED) +#define AFS_NFSXLATORREQ(cred) (cr_rgid(cred) == NFSXLATOR_CRED) #endif struct afs_exporter; diff --git a/src/afsweb/nsafs.c b/src/afsweb/nsafs.c index 2182d9cd2..d0a1e2457 100644 --- a/src/afsweb/nsafs.c +++ b/src/afsweb/nsafs.c @@ -305,8 +305,8 @@ nsafs_set_id_from_ints(int viceid, int group0, int group1) u.u_viceid = viceid; crp = u.u_cred; - crp->cr_uid = viceid; - crp->cr_ruid = viceid; + set_cr_uid(crp, viceid); + set_cr_ruid(crp, viceid); crp->cr_suid = viceid; crp->cr_groups[0] = group0; crp->cr_groups[1] = group1; @@ -331,8 +331,8 @@ nsafs_set_id_from_strings(char *viceid, char *group0, char *group1) } else { u.u_viceid = getuid(); crp = u.u_cred; - crp->cr_uid = getuid(); - crp->cr_ruid = getuid(); + set_cr_uid(crp, getuid()); + set_cr_ruid(crp, getuid()); crp->cr_suid = getuid(); crp->cr_groups[0] = getgid(); crp->cr_ngroups = 1; -- 2.39.5