DEVEL15-solaris10-avoid-direct-cred-access-20061220

author Dale Ghent <daleg@umbc.edu>

Wed, 20 Dec 2006 20:08:32 +0000 (20:08 +0000)

committer Derrick Brashear <shadow@dementia.org>

Wed, 20 Dec 2006 20:08:32 +0000 (20:08 +0000)
author Dale Ghent <daleg@umbc.edu>
Wed, 20 Dec 2006 20:08:32 +0000 (20:08 +0000)
committer Derrick Brashear <shadow@dementia.org>
Wed, 20 Dec 2006 20:08:32 +0000 (20:08 +0000)
diff --git a/src/afs/SOLARIS/osi_groups.c b/src/afs/SOLARIS/osi_groups.c

index 82f779a..d7eaeee 100644 (file)
--- a/src/afs/SOLARIS/osi_groups.c
+++ b/src/afs/SOLARIS/osi_groups.c
@@ -13,6 +13,12 @@
  * setpag
  *
  */
+
+#include <unistd.h>
+#ifdef AFS_SUN510_ENV
+#include <sys/cred.h>
+#endif
+
 #include <afsconfig.h>
 #include "afs/param.h"
 
@@ -124,8 +130,13 @@ afs_getgroups(struct cred *cred, gid_t * gidset)
     AFS_STATCNT(afs_getgroups);
 
     gidset[0] = gidset[1] = 0;
+#if defined(AFS_SUN510_ENV)
+    savengrps = ngrps = crgetngroups(cred);
+    gp = crgetgroups(cred);
+#else
     savengrps = ngrps = cred->cr_ngroups;
     gp = cred->cr_groups;
+#endif
     while (ngrps--)
        *gidset++ = *gp++;
     return savengrps;
@@ -137,8 +148,6 @@ static int
 afs_setgroups(struct cred **cred, int ngroups, gid_t * gidset,
              int change_parent)
 {
-    int ngrps;
-    int i;
     gid_t *gp;
 
     AFS_STATCNT(afs_setgroups);
@@ -149,8 +158,13 @@ afs_setgroups(struct cred **cred, int ngroups, gid_t * gidset,
     }
     if (!change_parent)
        *cred = (struct cred *)crcopy(*cred);
+#if defined(AFS_SUN510_ENV)
+    crsetgroups(*cred, ngroups, gidset);
+    gp = crgetgroups(*cred);
+#else
     (*cred)->cr_ngroups = ngroups;
     gp = (*cred)->cr_groups;
+#endif
     while (ngroups--)
        *gp++ = *gidset++;
     mutex_exit(&curproc->p_crlock);
diff --git a/src/afs/afs_dynroot.c b/src/afs/afs_dynroot.c

index 80879c7..a0e9618 100644 (file)
--- a/src/afs/afs_dynroot.c
+++ b/src/afs/afs_dynroot.c
@@ -795,7 +795,11 @@ afs_DynrootVOPRemove(struct vcache *avc, struct AFS_UCRED *acred, char *aname)
     struct afs_dynSymlink *tps;
     int found = 0;
 
+#if defined(AFS_SUN510_ENV)
+    if (crgetruid(acred))
+#else
     if (acred->cr_uid)
+#endif
        return EPERM;
 
     ObtainWriteLock(&afs_dynSymlinkLock, 97);
diff --git a/src/afs/afs_nfsclnt.c b/src/afs/afs_nfsclnt.c

index ae676da..b172fd6 100644 (file)
--- a/src/afs/afs_nfsclnt.c
+++ b/src/afs/afs_nfsclnt.c
@@ -198,7 +198,11 @@ afs_nfsclient_reqhandler(struct afs_exporter *exporter,
     }
 /*    ObtainWriteLock(&afs_xnfsreq); */
     pag = PagInCred(*cred);
+#if defined(AFS_SUN510_ENV)
+    uid = crgetuid(*cred);
+#else
     uid = (*cred)->cr_uid;
+#endif
     if ((afs_nfsexporter->exp_states & EXP_CLIPAGS) && pag != NOPAG) {
        uid = pag;
     } else if (pag != NOPAG) {
diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c

index 2de0d62..7a33329 100644 (file)
--- a/src/afs/afs_osi_pag.c
+++ b/src/afs/afs_osi_pag.c
@@ -368,10 +368,18 @@ afs_getpag_val()
 {
     int pagvalue;
     struct AFS_UCRED *credp = u.u_cred;
-    int gidset0, gidset1;
+    gid_t gidset0, gidset1;
+#ifdef AFS_SUN510_ENV
+    const gid_t *gids;
+
+    gids = crgetgroups(*credp);
+    gidset0 = gids[0];
+    gidset1 = gids[1];
+#else
 
     gidset0 = credp->cr_groups[0];
     gidset1 = credp->cr_groups[1];
+#endif
     pagvalue = afs_get_pag_from_groups(gidset0, gidset1);
     return pagvalue;
 }
@@ -431,6 +439,8 @@ afs_InitReq(register struct vrequest *av, struct AFS_UCRED *acred)
            av->uid = -2;       /* XXX nobody... ? */
        else
            av->uid = acred->cr_uid;    /* bsd creds don't have ruid */
+#elif defined(AFS_SUN510_ENV)
+        av->uid = crgetruid(acred);
 #else
        av->uid = acred->cr_ruid;       /* default when no pag is set */
 #endif
@@ -492,11 +502,19 @@ PagInCred(const struct AFS_UCRED *cred)
 {
     afs_int32 pag;
     gid_t g0, g1;
+#if defined(AFS_SUN510_ENV)
+    const gid_t *gids;
+    int ngroups;
+#endif
 
     AFS_STATCNT(PagInCred);
     if (cred == NULL || cred == afs_osi_credp) {
        return NOPAG;
     }
+#if defined(AFS_SUN510_ENV)
+    gids = crgetgroups(cred);
+    ngroups = crgetngroups(cred);
+#endif
 #if defined(AFS_DARWIN_ENV) || defined(AFS_XBSD_ENV)
     if (cred == NOCRED || cred == FSCRED) {
        return NOPAG;
@@ -521,7 +539,11 @@ PagInCred(const struct AFS_UCRED *cred)
        goto out;
     }
 #elif defined(AFS_SGI_ENV) || defined(AFS_SUN5_ENV) || defined(AFS_DUX40_ENV) || defined(AFS_LINUX20_ENV) || defined(AFS_XBSD_ENV)
+#if defined(AFS_SUN510_ENV)
+    if (ngroups < 2) {
+#else
     if (cred->cr_ngroups < 2) {
+#endif
        pag = NOPAG;
        goto out;
     }
@@ -532,6 +554,9 @@ PagInCred(const struct AFS_UCRED *cred)
 #elif defined(AFS_LINUX26_ENV)
     g0 = GROUP_AT(cred->cr_group_info, 0);
     g1 = GROUP_AT(cred->cr_group_info, 1);
+#elif defined(AFS_SUN510_ENV)
+    g0 = gids[0];
+    g1 = gids[1];
 #else
     g0 = cred->cr_groups[0];
     g1 = cred->cr_groups[1];
diff --git a/src/afs/afs_user.c b/src/afs/afs_user.c

index 4fdd3ba..31de6f0 100644 (file)
--- a/src/afs/afs_user.c
+++ b/src/afs/afs_user.c
@@ -610,6 +610,8 @@ afs_GCPAGs_perproc_func(AFS_PROC * pproc)
     pag = PagInCred(pcred);
 #if defined(AFS_DARWIN_ENV) || defined(AFS_FBSD40_ENV) || defined(AFS_LINUX22_ENV)
     uid = (pag != NOPAG ? pag : pcred->cr_uid);
+#elif defined(AFS_SUN510_ENV)
+    uid = (pag != NOPAG ? pag : crgetruid(pcred));
 #else
     uid = (pag != NOPAG ? pag : pcred->cr_ruid);
 #endif
author	Dale Ghent <daleg@umbc.edu>
	Wed, 20 Dec 2006 20:08:32 +0000 (20:08 +0000)
committer	Derrick Brashear <shadow@dementia.org>
	Wed, 20 Dec 2006 20:08:32 +0000 (20:08 +0000)
src/afs/SOLARIS/osi_groups.c		patch \| blob \| history
src/afs/afs_dynroot.c		patch \| blob \| history
src/afs/afs_nfsclnt.c		patch \| blob \| history
src/afs/afs_osi_pag.c		patch \| blob \| history
src/afs/afs_user.c		patch \| blob \| history