D46918.diff
No OneTemporary
Actions

Size

5 KB

Referenced Files

None

Subscribers

None

D46918.diff
View Options

	diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c
	--- a/sys/fs/nfs/nfs_commonport.c
	+++ b/sys/fs/nfs/nfs_commonport.c
	@@ -75,6 +75,7 @@

	NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock);
	NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd);
	+NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid);

	int nfs_pnfsio(task_fn_t , void );

	@@ -258,7 +259,8 @@
	KASSERT(nfscr->nfsc_ngroups >= 0,
	("newnfs_copycred: negative nfsc_ngroups"));
	cr->cr_uid = nfscr->nfsc_uid;
	- crsetgroups(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups);
	+ crsetgroups_fallback(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups,
	+ NFSD_VNET(nfsrv_defaultgid));
	}

	/*
	diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c
	--- a/sys/fs/nfs/nfs_commonsubs.c
	+++ b/sys/fs/nfs/nfs_commonsubs.c
	@@ -4051,8 +4051,9 @@
	*/
	cr = crget();
	cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid;
	- crsetgroups(cr, nidp->nid_ngroup, grps);
	- cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
	+ crsetgroups_fallback(cr, nidp->nid_ngroup, grps,
	+ NFSD_VNET(nfsrv_defaultgid));
	+ cr->cr_rgid = cr->cr_svgid = cr->cr_gid;
	cr->cr_prison = curthread->td_ucred->cr_prison;
	prison_hold(cr->cr_prison);
	#ifdef MAC
	diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
	--- a/sys/fs/nfsserver/nfs_nfsdport.c
	+++ b/sys/fs/nfsserver/nfs_nfsdport.c
	@@ -3311,7 +3311,11 @@
	NFSVNO_EXPORTANON(exp) \|\|
	(nd->nd_flag & ND_AUTHNONE) != 0) {
	nd->nd_cred->cr_uid = credanon->cr_uid;
	- nd->nd_cred->cr_gid = credanon->cr_gid;
	+ /*
	+ * 'credanon' is already a 'struct ucred' that was built
	+ * internally with calls to crsetgroups_fallback(), so
	+ * we don't need a fallback here.
	+ */
	crsetgroups(nd->nd_cred, credanon->cr_ngroups,
	credanon->cr_groups);
	} else if ((nd->nd_flag & ND_GSS) == 0) {
	diff --git a/sys/fs/nfsserver/nfs_nfsdsocket.c b/sys/fs/nfsserver/nfs_nfsdsocket.c
	--- a/sys/fs/nfsserver/nfs_nfsdsocket.c
	+++ b/sys/fs/nfsserver/nfs_nfsdsocket.c
	@@ -1422,13 +1422,11 @@
	nfsrv_createrootcred(void)
	{
	struct ucred *cr;
	- gid_t grp;

	cr = crget();
	cr->cr_uid = cr->cr_ruid = cr->cr_svuid = UID_ROOT;
	- grp = GID_WHEEL;
	- crsetgroups(cr, 1, &grp);
	- cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
	+ crsetgroups_fallback(cr, 0, NULL, GID_WHEEL);
	+ cr->cr_rgid = cr->cr_svgid = cr->cr_gid;
	cr->cr_prison = curthread->td_ucred->cr_prison;
	prison_hold(cr->cr_prison);
	#ifdef MAC
	diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c
	--- a/sys/kern/vfs_export.c
	+++ b/sys/kern/vfs_export.c
	@@ -61,6 +61,10 @@
	#include <rpc/types.h>
	#include <rpc/auth.h>

	+#include <fs/nfs/nfsport.h>
	+
	+NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid);
	+
	static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structure");

	#if defined(INET) \|\| defined(INET6)
	@@ -133,8 +137,8 @@
	np->netc_exflags = argp->ex_flags;
	np->netc_anon = crget();
	np->netc_anon->cr_uid = argp->ex_uid;
	- crsetgroups(np->netc_anon, argp->ex_ngroups,
	- argp->ex_groups);
	+ crsetgroups_fallback(np->netc_anon, argp->ex_ngroups,
	+ argp->ex_groups, NFSD_VNET(nfsrv_defaultgid));
	np->netc_anon->cr_prison = &prison0;
	prison_hold(np->netc_anon->cr_prison);
	np->netc_numsecflavors = argp->ex_numsecflavors;
	@@ -212,8 +216,8 @@
	np->netc_exflags = argp->ex_flags;
	np->netc_anon = crget();
	np->netc_anon->cr_uid = argp->ex_uid;
	- crsetgroups(np->netc_anon, argp->ex_ngroups,
	- argp->ex_groups);
	+ crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, argp->ex_groups,
	+ NFSD_VNET(nfsrv_defaultgid));
	np->netc_anon->cr_prison = &prison0;
	prison_hold(np->netc_anon->cr_prison);
	np->netc_numsecflavors = argp->ex_numsecflavors;
	diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
	--- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
	+++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
	@@ -537,7 +537,7 @@
	cr = client->cl_cred = crget();
	cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
	cr->cr_rgid = cr->cr_svgid = uc->gid;
	- crsetgroups(cr, uc->gidlen, uc->gidlist);
	+ crsetgroups_fallback(cr, uc->gidlen, uc->gidlist, uc->gid);
	cr->cr_prison = curthread->td_ucred->cr_prison;
	prison_hold(cr->cr_prison);
	*crp = crhold(cr);
	diff --git a/sys/rpc/svc_auth.c b/sys/rpc/svc_auth.c
	--- a/sys/rpc/svc_auth.c
	+++ b/sys/rpc/svc_auth.c
	@@ -187,10 +187,12 @@
	if ((xprt->xp_tls & (RPCTLS_FLAGS_CERTUSER \|
	RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER &&
	flavor == AUTH_UNIX) {
	+ if (xprt->xp_ngrps <= 0)
	+ return (FALSE);
	cr = crget();
	cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xprt->xp_uid;
	crsetgroups(cr, xprt->xp_ngrps, xprt->xp_gidp);
	- cr->cr_rgid = cr->cr_svgid = xprt->xp_gidp[0];
	+ cr->cr_rgid = cr->cr_svgid = cr->cr_gid;
	cr->cr_prison = curthread->td_ucred->cr_prison;
	prison_hold(cr->cr_prison);
	*crp = cr;
	@@ -200,10 +202,12 @@
	switch (flavor) {
	case AUTH_UNIX:
	xcr = (struct xucred *) rqst->rq_clntcred;
	+ if (xcr->cr_ngroups <= 0)
	+ return (FALSE);
	cr = crget();
	cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid;
	crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups);
	- cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
	+ cr->cr_rgid = cr->cr_svgid = cr->cr_gid;
	cr->cr_prison = curthread->td_ucred->cr_prison;
	prison_hold(cr->cr_prison);
	*crp = cr;

File Metadata

Mime Type: text/plain
Expires: Wed, Feb 5, 7:26 PM (5 h, 19 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16479447
Default Alt Text: D46918.diff (5 KB)

D46918.diffNo OneTemporaryActions

D46918.diffView Options

File Metadata

Event Timeline

D46918.diff
No OneTemporary
Actions

D46918.diff
View Options