From owner-freebsd-arch  Wed Dec 12 19:59:14 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from bazooka.trit.org (bazooka.trit.org [63.198.170.138])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6274B37B417; Wed, 12 Dec 2001 19:59:04 -0800 (PST)
Received: by bazooka.trit.org (Postfix, from userid 1000)
	id AA8603E2F; Thu, 13 Dec 2001 03:59:03 +0000 (UTC)
Received: from bazooka (localhost [127.0.0.1])
	by bazooka.trit.org (Postfix) with ESMTP
	id A875C3C12E; Thu, 13 Dec 2001 03:59:03 +0000 (UTC)
To: Robert Watson <rwatson@freebsd.org>
Cc: arch@freebsd.org
Subject: Re: MFC'ing xucred definition 
In-Reply-To: <Pine.NEB.3.96L.1011206162805.21187K-100000@fledge.watson.org>; from rwatson@freebsd.org on "Thu, 6 Dec 2001 16:29:04 -0500 (EST)"
Date: Thu, 13 Dec 2001 03:58:58 +0000
From: Dima Dorfman <dima@trit.org>
Message-Id: <20011213035903.AA8603E2F@bazooka.trit.org>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

Robert Watson <rwatson@freebsd.org> wrote:
> I've actually been thinking about modifying xucred in -CURRENT to export
> additional information from a kernel ucred, such as real and saved ids,
> now that we have that information in ucred.

Some users of xucred wouldn't know what to do with these extra fields,
since they just use xucred to pass a uid/gid to/from the kernel.  The
NFS export stuff is one of these, I think.

> Before we MFC xucred, it
> might make sense to make a few tweaks to xucred, including changing the
> first _cr_unused0 into a version number, and teaching applications how to
> understand the version number. 

I don't know what other tweaks you had in mind (perhaps making it
larger?), but the version number seems like a good idea.

I've attached a patch that makes the first field a version number, and
teaches the existing applications about it (mostly, it teaches them
set the version when writing an xucred, and return EINVAL if it
doesn't match when reading an xucred).  It compiles and seems to run,
but I have not done extensive testing with it.  Please review.

(Note that this patch changes something inside lomac which looks like
it was copied verbatim from uipc_usrreq.c.  I don't know anything
about lomac, but my guess is that this code should be kept somewhat in
sync (although I haven't seen any posts/warnings to that effect).  If
anyone can shed any light on this, I'd appreciate it).

Thanks.

Index: lib/libc/gen/getpeereid.3
===================================================================
RCS file: /ref/cvsf/src/lib/libc/gen/getpeereid.3,v
retrieving revision 1.3
diff -u -r1.3 getpeereid.3
--- lib/libc/gen/getpeereid.3	2001/12/02 23:50:40	1.3
+++ lib/libc/gen/getpeereid.3	2001/12/09 23:48:36
@@ -118,7 +118,8 @@
 The argument
 .Fa s
 does not refer to a socket of type
-.Dv SOCK_STREAM .
+.Dv SOCK_STREAM ,
+or the kernel returned invalid data.
 .El
 .Sh SEE ALSO
 .Xr connect 2 ,
Index: lib/libc/gen/getpeereid.c
===================================================================
RCS file: /ref/cvsf/src/lib/libc/gen/getpeereid.c,v
retrieving revision 1.1
diff -u -r1.1 getpeereid.c
--- lib/libc/gen/getpeereid.c	2001/08/17 22:09:15	1.1
+++ lib/libc/gen/getpeereid.c	2001/12/10 07:25:39
@@ -34,6 +34,7 @@
 #include <sys/ucred.h>
 #include <sys/un.h>
 
+#include <errno.h>
 #include <unistd.h>
 
 int
@@ -47,6 +48,8 @@
 	error = getsockopt(s, LOCAL_PEERCRED, 1, &xuc, &xuclen);
 	if (error != 0)
 		return (error);
+	if (xuc.cr_xversion != XUCRED_VERSION)
+		return (EINVAL);
 	*euid = xuc.cr_uid;
 	*egid = xuc.cr_gid;
 	return (0);
Index: sbin/mountd/mountd.c
===================================================================
RCS file: /ref/cvsf/src/sbin/mountd/mountd.c,v
retrieving revision 1.59
diff -u -r1.59 mountd.c
--- sbin/mountd/mountd.c	2001/09/20 02:15:17	1.59
+++ sbin/mountd/mountd.c	2001/12/09 23:48:36
@@ -211,7 +211,7 @@
 struct grouplist *grphead;
 char exname[MAXPATHLEN];
 struct xucred def_anon = {
-	0,
+	XUCRED_VERSION,
 	(uid_t)-2,
 	1,
 	{ (gid_t)-2 },
@@ -2050,6 +2050,7 @@
 	struct group *gr;
 	int ngroups, groups[NGROUPS + 1];
 
+	cr->cr_xversion = XUCRED_VERSION;
 	/*
 	 * Set up the unprivileged user.
 	 */
Index: sys/kern/uipc_usrreq.c
===================================================================
RCS file: /ref/cvsf/src/sys/kern/uipc_usrreq.c,v
retrieving revision 1.77
diff -u -r1.77 uipc_usrreq.c
--- sys/kern/uipc_usrreq.c	2001/11/17 03:07:07	1.77
+++ sys/kern/uipc_usrreq.c	2001/12/09 23:48:36
@@ -711,6 +711,7 @@
 		 * (which is now).
 		 */
 		memset(&unp3->unp_peercred, '\0', sizeof(unp3->unp_peercred));
+		unp3->unp_peercred.cr_xversion = XUCRED_VERSION;
 		unp3->unp_peercred.cr_uid = td->td_proc->p_ucred->cr_uid;
 		unp3->unp_peercred.cr_ngroups = td->td_proc->p_ucred->cr_ngroups;
 		memcpy(unp3->unp_peercred.cr_groups, td->td_proc->p_ucred->cr_groups,
@@ -1397,6 +1398,7 @@
 {
 
 	bzero(&unp->unp_peercred, sizeof(unp->unp_peercred));
+	unp->unp_peercred.cr_xversion = XUCRED_VERSION;
 	unp->unp_peercred.cr_uid = p->p_ucred->cr_uid;
 	unp->unp_peercred.cr_ngroups = p->p_ucred->cr_ngroups;
 	bcopy(p->p_ucred->cr_groups, unp->unp_peercred.cr_groups,
Index: sys/netinet/tcp_subr.c
===================================================================
RCS file: /ref/cvsf/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.118
diff -u -r1.118 tcp_subr.c
--- sys/netinet/tcp_subr.c	2001/11/22 04:50:43	1.118
+++ sys/netinet/tcp_subr.c	2001/12/09 23:48:36
@@ -920,6 +920,7 @@
 	if (error)
 		goto out;
 	bzero(&xuc, sizeof(xuc));
+	xuc.cr_xversion = XUCRED_VERSION;
 	xuc.cr_uid = inp->inp_socket->so_cred->cr_uid;
 	xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups;
 	bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups,
@@ -976,6 +977,7 @@
 	if (error)
 		goto out;
 	bzero(&xuc, sizeof(xuc));
+	xuc.cr_xversion = XUCRED_VERSION;
 	xuc.cr_uid = inp->inp_socket->so_cred->cr_uid;
 	xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups;
 	bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups,
Index: sys/netinet/udp_usrreq.c
===================================================================
RCS file: /ref/cvsf/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.100
diff -u -r1.100 udp_usrreq.c
--- sys/netinet/udp_usrreq.c	2001/11/08 02:13:17	1.100
+++ sys/netinet/udp_usrreq.c	2001/12/09 23:48:36
@@ -652,6 +652,7 @@
 	if (error)
 		goto out;
 	bzero(&xuc, sizeof(xuc));
+	xuc.cr_xversion = XUCRED_VERSION;
 	xuc.cr_uid = inp->inp_socket->so_cred->cr_uid;
 	xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups;
 	bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups,
Index: sys/netinet6/udp6_usrreq.c
===================================================================
RCS file: /ref/cvsf/src/sys/netinet6/udp6_usrreq.c,v
retrieving revision 1.19
diff -u -r1.19 udp6_usrreq.c
--- sys/netinet6/udp6_usrreq.c	2001/11/08 02:13:18	1.19
+++ sys/netinet6/udp6_usrreq.c	2001/12/09 23:48:36
@@ -485,6 +485,7 @@
 		goto out;
 	}
 	bzero(&xuc, sizeof(xuc));
+	xuc.cr_xversion = XUCRED_VERSION;
 	xuc.cr_uid = inp->inp_socket->so_cred->cr_uid;
 	xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups;
 	bcopy(inp->inp_socket->so_cred->cr_groups, xuc.cr_groups,
Index: sys/security/lomac/kernel_socket.c
===================================================================
RCS file: /ref/cvsf/src/sys/security/lomac/kernel_socket.c,v
retrieving revision 1.2
diff -u -r1.2 kernel_socket.c
--- sys/security/lomac/kernel_socket.c	2001/12/03 00:21:18	1.2
+++ sys/security/lomac/kernel_socket.c	2001/12/09 23:48:36
@@ -266,6 +266,7 @@
 		 * (which is now).
 		 */
 		memset(&unp3->unp_peercred, '\0', sizeof(unp3->unp_peercred));
+		unp3->unp_peercred.cr_xversion = XUCRED_VERSION;
 		unp3->unp_peercred.cr_uid = td->td_proc->p_ucred->cr_uid;
 		unp3->unp_peercred.cr_ngroups = td->td_proc->p_ucred->cr_ngroups;
 		memcpy(unp3->unp_peercred.cr_groups, td->td_proc->p_ucred->cr_groups,
Index: sys/sys/ucred.h
===================================================================
RCS file: /ref/cvsf/src/sys/sys/ucred.h,v
retrieving revision 1.26
diff -u -r1.26 ucred.h
--- sys/sys/ucred.h	2001/10/11 23:38:17	1.26
+++ sys/sys/ucred.h	2001/12/09 23:48:36
@@ -73,12 +73,13 @@
  * any need to change the size of this or layout of its used fields.
  */
 struct xucred {
-	u_short	_cr_unused0;		/* compatibility with old ucred */
+	u_short cr_xversion;		/* structure layout version */
 	uid_t	cr_uid;			/* effective user id */
 	short	cr_ngroups;		/* number of groups */
 	gid_t	cr_groups[NGROUPS];	/* groups */
 	void	*_cr_unused1;		/* compatibility with old ucred */
 };
+#define	XUCRED_VERSION	1
 
 #ifdef _KERNEL
 
Index: usr.sbin/inetd/builtins.c
===================================================================
RCS file: /ref/cvsf/src/usr.sbin/inetd/builtins.c,v
retrieving revision 1.36
diff -u -r1.36 builtins.c
--- usr.sbin/inetd/builtins.c	2001/07/17 07:12:57	1.36
+++ usr.sbin/inetd/builtins.c	2001/12/09 23:48:36
@@ -569,7 +569,7 @@
 		getcredfail = EAFNOSUPPORT;
 		break;
 	}
-	if (getcredfail != 0) {
+	if (getcredfail != 0 || uc.cr_xversion != XUCRED_VERSION) {
 		if (*idbuf == '\0')
 			iderror(lport, fport, s,
 			    getcredfail == ENOENT ? ID_NOUSER : ID_UNKNOWN);



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message