D51153.diff
No OneTemporary
Actions

Size

11 KB

Referenced Files

None

Subscribers

None

D51153.diff
View Options

	diff --git a/sys/fs/fuse/fuse_internal.h b/sys/fs/fuse/fuse_internal.h
	--- a/sys/fs/fuse/fuse_internal.h
	+++ b/sys/fs/fuse/fuse_internal.h
	@@ -208,9 +208,9 @@
	if (basecred->cr_uid == usercred->cr_uid &&
	basecred->cr_uid == usercred->cr_ruid &&
	basecred->cr_uid == usercred->cr_svuid &&
	- basecred->cr_groups[0] == usercred->cr_groups[0] &&
	- basecred->cr_groups[0] == usercred->cr_rgid &&
	- basecred->cr_groups[0] == usercred->cr_svgid)
	+ basecred->cr_gid == usercred->cr_gid &&
	+ basecred->cr_gid == usercred->cr_rgid &&
	+ basecred->cr_gid == usercred->cr_svgid)
	return (0);

	return (EPERM);
	diff --git a/sys/fs/fuse/fuse_ipc.c b/sys/fs/fuse/fuse_ipc.c
	--- a/sys/fs/fuse/fuse_ipc.c
	+++ b/sys/fs/fuse/fuse_ipc.c
	@@ -868,7 +868,7 @@

	ihead->pid = pid;
	ihead->uid = cred->cr_uid;
	- ihead->gid = cred->cr_groups[0];
	+ ihead->gid = cred->cr_gid;
	}

	/*
	diff --git a/sys/fs/fuse/fuse_vnops.c b/sys/fs/fuse/fuse_vnops.c
	--- a/sys/fs/fuse/fuse_vnops.c
	+++ b/sys/fs/fuse/fuse_vnops.c
	@@ -884,7 +884,7 @@
	return (EXTERROR(ENOSYS, "FUSE_COPY_FILE_RANGE does not "
	"support different credentials for infd and outfd"));

	- if (incred->cr_groups[0] != outcred->cr_groups[0])
	+ if (incred->cr_gid != outcred->cr_gid)
	return (EXTERROR(ENOSYS, "FUSE_COPY_FILE_RANGE does not "
	"support different credentials for infd and outfd"));

	diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c
	--- a/sys/fs/nfs/nfs_commonport.c
	+++ b/sys/fs/nfs/nfs_commonport.c
	@@ -379,7 +379,8 @@
	{

	cred->cr_uid = 0;
	- cred->cr_groups[0] = 0;
	+ cred->cr_gid = 0;
	+ /* XXXKE Fix this if cr_gid gets separated out. */
	cred->cr_ngroups = 1;
	}

	diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c
	--- a/sys/fs/nfsclient/nfs_clrpcops.c
	+++ b/sys/fs/nfsclient/nfs_clrpcops.c
	@@ -6933,7 +6933,8 @@
	if ((dp->nfsdi_flags & NFSDI_TIGHTCOUPLED) == 0) {
	tcred = NFSNEWCRED(cred);
	tcred->cr_uid = flp->nfsfl_ffm[mirror].user;
	- tcred->cr_groups[0] = flp->nfsfl_ffm[mirror].group;
	+ tcred->cr_gid = flp->nfsfl_ffm[mirror].group;
	+ /* XXXKE Fix this if cr_gid gets separated out. */
	tcred->cr_ngroups = 1;
	} else
	tcred = cred;
	diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
	--- a/sys/kern/kern_prot.c
	+++ b/sys/kern/kern_prot.c
	@@ -287,7 +287,7 @@

	td->td_retval[0] = td->td_ucred->cr_rgid;
	#if defined(COMPAT_43)
	- td->td_retval[1] = td->td_ucred->cr_groups[0];
	+ td->td_retval[1] = td->td_ucred->cr_gid;
	#endif
	return (0);
	}
	@@ -307,7 +307,7 @@
	sys_getegid(struct thread td, struct getegid_args uap)
	{

	- td->td_retval[0] = td->td_ucred->cr_groups[0];
	+ td->td_retval[0] = td->td_ucred->cr_gid;
	return (0);
	}

	@@ -1080,7 +1080,7 @@
	gid != oldcred->cr_svgid && /* allow setgid(saved gid) */
	#endif
	#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
	- gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
	+ gid != oldcred->cr_gid && /* allow setgid(getegid()) */
	#endif
	(error = priv_check_cred(oldcred, PRIV_CRED_SETGID)) != 0)
	goto fail;
	@@ -1092,7 +1092,7 @@
	*/
	if (
	#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
	- gid == oldcred->cr_groups[0] \|\|
	+ gid == oldcred->cr_gid \|\|
	#endif
	/* We are using privs. */
	priv_check_cred(oldcred, PRIV_CRED_SETGID) == 0)
	@@ -1121,7 +1121,7 @@
	* In all cases permitted cases, we are changing the egid.
	* Copy credentials so other references do not see our changes.
	*/
	- if (oldcred->cr_groups[0] != gid) {
	+ if (oldcred->cr_gid != gid) {
	change_egid(newcred, gid);
	setsugid(p);
	}
	@@ -1167,7 +1167,7 @@
	(error = priv_check_cred(oldcred, PRIV_CRED_SETEGID)) != 0)
	goto fail;

	- if (oldcred->cr_groups[0] != egid) {
	+ if (oldcred->cr_gid != egid) {
	change_egid(newcred, egid);
	setsugid(p);
	}
	@@ -1393,12 +1393,12 @@

	if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid &&
	rgid != oldcred->cr_svgid) \|\|
	- (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
	+ (egid != (gid_t)-1 && egid != oldcred->cr_gid &&
	egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
	(error = priv_check_cred(oldcred, PRIV_CRED_SETREGID)) != 0)
	goto fail;

	- if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
	+ if (egid != (gid_t)-1 && oldcred->cr_gid != egid) {
	change_egid(newcred, egid);
	setsugid(p);
	}
	@@ -1406,9 +1406,9 @@
	change_rgid(newcred, rgid);
	setsugid(p);
	}
	- if ((rgid != (gid_t)-1 \|\| newcred->cr_groups[0] != newcred->cr_rgid) &&
	- newcred->cr_svgid != newcred->cr_groups[0]) {
	- change_svgid(newcred, newcred->cr_groups[0]);
	+ if ((rgid != (gid_t)-1 \|\| newcred->cr_gid != newcred->cr_rgid) &&
	+ newcred->cr_svgid != newcred->cr_gid) {
	+ change_svgid(newcred, newcred->cr_gid);
	setsugid(p);
	}
	proc_set_cred(p, newcred);
	@@ -1547,17 +1547,17 @@

	if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid &&
	rgid != oldcred->cr_svgid &&
	- rgid != oldcred->cr_groups[0]) \|\|
	+ rgid != oldcred->cr_gid) \|\|
	(egid != (gid_t)-1 && egid != oldcred->cr_rgid &&
	egid != oldcred->cr_svgid &&
	- egid != oldcred->cr_groups[0]) \|\|
	+ egid != oldcred->cr_gid) \|\|
	(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
	sgid != oldcred->cr_svgid &&
	- sgid != oldcred->cr_groups[0])) &&
	+ sgid != oldcred->cr_gid)) &&
	(error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID)) != 0)
	goto fail;

	- if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
	+ if (egid != (gid_t)-1 && oldcred->cr_gid != egid) {
	change_egid(newcred, egid);
	setsugid(p);
	}
	@@ -1626,8 +1626,8 @@
	error1 = copyout(&cred->cr_rgid,
	uap->rgid, sizeof(cred->cr_rgid));
	if (uap->egid)
	- error2 = copyout(&cred->cr_groups[0],
	- uap->egid, sizeof(cred->cr_groups[0]));
	+ error2 = copyout(&cred->cr_gid,
	+ uap->egid, sizeof(cred->cr_gid));
	if (uap->sgid)
	error3 = copyout(&cred->cr_svgid,
	uap->sgid, sizeof(cred->cr_svgid));
	@@ -1737,7 +1737,7 @@

	groups_check_positive_len(cred->cr_ngroups);

	- if (gid == cred->cr_groups[0])
	+ if (gid == cred->cr_gid)
	return (true);

	return (group_is_supplementary(gid, cred));
	@@ -3015,7 +3015,7 @@
	change_egid(struct ucred *newcred, gid_t egid)
	{

	- newcred->cr_groups[0] = egid;
	+ newcred->cr_gid = egid;
	}

	/*-
	diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
	--- a/sys/kern/vfs_syscalls.c
	+++ b/sys/kern/vfs_syscalls.c
	@@ -2253,10 +2253,10 @@
	cred = td->td_ucred;
	if ((flag & AT_EACCESS) == 0 &&
	((cred->cr_uid != cred->cr_ruid \|\|
	- cred->cr_rgid != cred->cr_groups[0]))) {
	+ cred->cr_rgid != cred->cr_gid))) {
	usecred = crdup(cred);
	usecred->cr_uid = cred->cr_ruid;
	- usecred->cr_groups[0] = cred->cr_rgid;
	+ usecred->cr_gid = cred->cr_rgid;
	td->td_ucred = usecred;
	} else
	usecred = cred;
	diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
	--- a/sys/netpfil/pf/pf.c
	+++ b/sys/netpfil/pf/pf.c
	@@ -4976,7 +4976,7 @@
	}
	INP_RLOCK_ASSERT(inp);
	pd->lookup.uid = inp->inp_cred->cr_uid;
	- pd->lookup.gid = inp->inp_cred->cr_groups[0];
	+ pd->lookup.gid = inp->inp_cred->cr_gid;
	INP_RUNLOCK(inp);

	return (1);
	@@ -5760,7 +5760,7 @@
	if (inp != NULL) {
	INP_LOCK_ASSERT(inp);
	pd->lookup.uid = inp->inp_cred->cr_uid;
	- pd->lookup.gid = inp->inp_cred->cr_groups[0];
	+ pd->lookup.gid = inp->inp_cred->cr_gid;
	pd->lookup.done = 1;
	}

	diff --git a/sys/netsmb/smb_conn.c b/sys/netsmb/smb_conn.c
	--- a/sys/netsmb/smb_conn.c
	+++ b/sys/netsmb/smb_conn.c
	@@ -422,7 +422,7 @@
	if (uid == SMBM_ANY_OWNER)
	uid = realuid;
	if (gid == SMBM_ANY_GROUP)
	- gid = cred->cr_groups[0];
	+ gid = cred->cr_gid;
	vcp->vc_uid = uid;
	vcp->vc_grp = gid;

	@@ -765,7 +765,7 @@
	if (uid == SMBM_ANY_OWNER)
	uid = realuid;
	if (gid == SMBM_ANY_GROUP)
	- gid = cred->cr_groups[0];
	+ gid = cred->cr_gid;
	ssp = smb_zmalloc(sizeof(*ssp), M_SMBCONN, M_WAITOK);
	smb_co_init(SSTOCP(ssp), SMBL_SHARE, "smbss ilock", "smbss");
	ssp->obj.co_free = smb_share_free;
	diff --git a/sys/rpc/authunix_prot.c b/sys/rpc/authunix_prot.c
	--- a/sys/rpc/authunix_prot.c
	+++ b/sys/rpc/authunix_prot.c
	@@ -93,9 +93,10 @@

	if (!xdr_uint32_t(xdrs, &cred->cr_uid))
	return (FALSE);
	- if (!xdr_uint32_t(xdrs, &cred->cr_groups[0]))
	+ if (!xdr_uint32_t(xdrs, &cred->cr_gid))
	return (FALSE);

	+ /* XXXKE Fix this is cr_gid gets separated out. */
	if (xdrs->x_op == XDR_ENCODE) {
	ngroups = cred->cr_ngroups - 1;
	if (ngroups > NGRPS)
	@@ -105,7 +106,7 @@
	if (!xdr_uint32_t(xdrs, &ngroups))
	return (FALSE);
	for (i = 0; i < ngroups; i++) {
	- if (i + 1 < ngroups_max + 1) {
	+ if (i < ngroups_max) {
	if (!xdr_uint32_t(xdrs, &cred->cr_groups[i + 1]))
	return (FALSE);
	} else {
	@@ -115,7 +116,7 @@
	}

	if (xdrs->x_op == XDR_DECODE) {
	- if (ngroups + 1 > ngroups_max + 1)
	+ if (ngroups > ngroups_max)
	cred->cr_ngroups = ngroups_max + 1;
	else
	cred->cr_ngroups = ngroups + 1;
	diff --git a/sys/rpc/svc_auth_unix.c b/sys/rpc/svc_auth_unix.c
	--- a/sys/rpc/svc_auth_unix.c
	+++ b/sys/rpc/svc_auth_unix.c
	@@ -83,12 +83,13 @@
	str_len = RNDUP(str_len);
	buf += str_len / sizeof (int32_t);
	xcr->cr_uid = IXDR_GET_UINT32(buf);
	- xcr->cr_groups[0] = IXDR_GET_UINT32(buf);
	+ xcr->cr_gid = IXDR_GET_UINT32(buf);
	gid_len = (size_t)IXDR_GET_UINT32(buf);
	if (gid_len > NGRPS) {
	stat = AUTH_BADCRED;
	goto done;
	}
	+ /* XXXKE Fix this if cr_gid gets separated out. */
	for (i = 0; i < gid_len; i++) {
	if (i + 1 < XU_NGROUPS)
	xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf);
	diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
	--- a/sys/security/audit/audit.c
	+++ b/sys/security/audit/audit.c
	@@ -279,7 +279,7 @@
	cru2x(cred, &ar->k_ar.ar_subj_cred);
	ar->k_ar.ar_subj_ruid = cred->cr_ruid;
	ar->k_ar.ar_subj_rgid = cred->cr_rgid;
	- ar->k_ar.ar_subj_egid = cred->cr_groups[0];
	+ ar->k_ar.ar_subj_egid = cred->cr_gid;
	ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;
	ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;
	ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
	diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c
	--- a/sys/security/audit/audit_arg.c
	+++ b/sys/security/audit/audit_arg.c
	@@ -408,7 +408,7 @@
	cred = p->p_ucred;
	ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid;
	ar->k_ar.ar_arg_euid = cred->cr_uid;
	- ar->k_ar.ar_arg_egid = cred->cr_groups[0];
	+ ar->k_ar.ar_arg_egid = cred->cr_gid;
	ar->k_ar.ar_arg_ruid = cred->cr_ruid;
	ar->k_ar.ar_arg_rgid = cred->cr_rgid;
	ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid;
	diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c
	--- a/sys/ufs/ufs/ufs_vnops.c
	+++ b/sys/ufs/ufs/ufs_vnops.c
	@@ -2064,9 +2064,13 @@
	*/
	ucred.cr_ref = 1;
	ucred.cr_uid = ip->i_uid;
	+
	+ /*
	+ * XXXKE Fix this is cr_gid gets separated out
	+ */
	ucred.cr_ngroups = 1;
	ucred.cr_groups = &ucred_group;
	- ucred.cr_groups[0] = dp->i_gid;
	+ ucred.cr_gid = ucred_group = dp->i_gid;
	ucp = &ucred;
	}
	#endif
	@@ -2823,9 +2827,13 @@
	*/
	ucred.cr_ref = 1;
	ucred.cr_uid = ip->i_uid;
	+
	+ /*
	+ * XXXKE Fix this is cr_gid gets separated out
	+ */
	ucred.cr_ngroups = 1;
	ucred.cr_groups = &ucred_group;
	- ucred.cr_groups[0] = pdir->i_gid;
	+ ucred.cr_gid = ucred_group = pdir->i_gid;
	ucp = &ucred;
	#endif
	} else {

File Metadata

Mime Type: text/plain
Expires: Sun, Feb 15, 8:07 PM (3 h, 9 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28754376
Default Alt Text: D51153.diff (11 KB)

D51153.diffNo OneTemporaryActions

D51153.diffView Options

File Metadata

Event Timeline

D51153.diff
No OneTemporary
Actions

D51153.diff
View Options