From: David van Moolenbroek Date: Wed, 27 Jan 2016 23:24:56 +0000 (+0000) Subject: libsys: retire getnucred in favor of getepinfo X-Git-Url: http://zhaoyanbai.com/repos/Bv9ARM.ch04.html?a=commitdiff_plain;h=462713495a372174ead432b3f482801bef47474a;p=minix.git libsys: retire getnucred in favor of getepinfo The getnucred() function was used by UDS to obtain credentials of user processes in a form used in the UDS API, namely the ucred structure. Since the NetBSD merge, this structure has changed drastically (aside from being renamed to "uucred"), and it is no longer in UDS's best interest to use this structure internally. Therefore, getnucred() is no longer a useful API either, and instead we directly use the previously private getepinfo() function to obtain credentials. Change-Id: I80bc809de716ec0a9b7497cb109d2f2708a629d5 --- diff --git a/distrib/sets/lists/minix-man/mi b/distrib/sets/lists/minix-man/mi index 9c80534db..6ce70fc75 100644 --- a/distrib/sets/lists/minix-man/mi +++ b/distrib/sets/lists/minix-man/mi @@ -476,7 +476,7 @@ ./usr/man/man2/fstatvfs1.2 minix-man ./usr/man/man2/getgid.2 minix-man ./usr/man/man2/getitimer.2 minix-man -./usr/man/man2/getnucred.2 minix-man +./usr/man/man2/getnucred.2 minix-man obsolete ./usr/man/man2/getpeereid.2 minix-man ./usr/man/man2/getpeername.2 minix-man ./usr/man/man2/getpid.2 minix-man diff --git a/minix/include/minix/syslib.h b/minix/include/minix/syslib.h index 905472cb8..3f5717fdc 100644 --- a/minix/include/minix/syslib.h +++ b/minix/include/minix/syslib.h @@ -266,6 +266,7 @@ int srv_kill(pid_t pid, int sig); int getprocnr(pid_t pid, endpoint_t *proc_ep); int mapdriver(const char *label, devmajor_t major, const int *domains, int nr_domains); +pid_t getepinfo(endpoint_t proc_ep, uid_t *uidp, gid_t *gidp); pid_t getnpid(endpoint_t proc_ep); uid_t getnuid(endpoint_t proc_ep); gid_t getngid(endpoint_t proc_ep); diff --git a/minix/lib/libsys/getepinfo.c b/minix/lib/libsys/getepinfo.c index 26427f14c..ed5b83672 100644 --- a/minix/lib/libsys/getepinfo.c +++ b/minix/lib/libsys/getepinfo.c @@ -4,7 +4,7 @@ #include -static pid_t +pid_t getepinfo(endpoint_t proc_ep, uid_t *uid, gid_t *gid) { message m; @@ -52,24 +52,3 @@ getngid(endpoint_t proc_ep) return gid; } - -int -getnucred(endpoint_t proc_ep, struct uucred *ucred) -{ - uid_t uid; - gid_t gid; - int r; - - if (ucred == NULL) - return EFAULT; - - if ((r = getepinfo(proc_ep, &uid, &gid)) < 0) - return r; - - /* Only two fields are used for now; ensure the rest is zeroed out. */ - memset(ucred, 0, sizeof(struct uucred)); - ucred->cr_uid = uid; - ucred->cr_gid = gid; - - return r; -} diff --git a/minix/man/man2/Makefile b/minix/man/man2/Makefile index 12dd8d088..3db88c945 100644 --- a/minix/man/man2/Makefile +++ b/minix/man/man2/Makefile @@ -1,6 +1,6 @@ MAN= accept.2 access.2 bind.2 brk.2 chdir.2 chmod.2 chown.2 \ chroot.2 close.2 connect.2 creat.2 dup.2 execve.2 exit.2 fcntl.2 \ - fork.2 getgid.2 getitimer.2 getnucred.2 getpeereid.2 \ + fork.2 getgid.2 getitimer.2 getpeereid.2 \ getpeername.2 getpid.2 getpriority.2 getsockname.2 getsockopt.2 \ gettimeofday.2 getuid.2 intro.2 ioctl.2 kill.2 link.2 listen.2 \ lseek.2 mkdir.2 mknod.2 mount.2 open.2 ptrace.2 \ diff --git a/minix/man/man2/getnucred.2 b/minix/man/man2/getnucred.2 deleted file mode 100644 index 31e317d46..000000000 --- a/minix/man/man2/getnucred.2 +++ /dev/null @@ -1,41 +0,0 @@ -.TH GETNUCRED 2 -.SH NAME -getnucred \- obtain the credentials that correspond to the given endpoint. -.SH SYNOPSIS -.ft B -#include -.in +5 -.ti -5 -#include - -.ti -5 -int getnucred(endpoint_t \fIproc_ep\fP, struct uucred * \fIucred\fP); -.br -.ft P -.SH DESCRIPTION -Given an endpoint \fIproc_ep\fP, this function will fill in \fIucred\fP -with the \fIpid\fP, \fIuid\fP, and \fIgid\fP that correspond to that -endpoint. -.SH RETURN VALUES -On success, this function returns 0 and \fIucred\fP will be filled in. -On error, -1 is returned and \fIerrno\fP is set. -.SH ERRORS -.TP 15 -[EFAULT] -The address pointed to by \fIucred\fP is not in a valid part of the -process address space. -[EPERM] -The user calling this function has insufficient privileges. Only a user -with an euid of 0 may call this function. -[ESRCH] -The endpoint was not found. This is caused by an invalid endpoint or an -endpoint for a process that no longer exists. -.SH SEE ALSO -.BR getpid(2), -.BR getuid(2), -.BR getgid(2), -.BR getnpid(2), -.BR getnuid(2), -.BR getngid(2) -.SH HISTORY -This function first appeared in Minix 3.1.8. diff --git a/minix/net/uds/ioc_uds.c b/minix/net/uds/ioc_uds.c index 23d8563df..8271f4377 100644 --- a/minix/net/uds/ioc_uds.c +++ b/minix/net/uds/ioc_uds.c @@ -549,9 +549,15 @@ do_getsockopt_peercred(devminor_t minor, endpoint_t endpt, cp_grant_id_t grant) peer_minor = uds_fd_table[minor].peer; - /* Obtain the peer's credentials and copy them out. */ - if ((rc = getnucred(uds_fd_table[peer_minor].owner, &cred)) < 0) - return rc; + /* + * Obtain the peer's credentials and copy them out. Ignore failures; + * in that case, the caller will simply get no credentials. + */ + memset(&cred, 0, sizeof(cred)); + cred.cr_uid = -1; + cred.cr_gid = -1; + (void)getepinfo(uds_fd_table[peer_minor].owner, &cred.cr_uid, + &cred.cr_gid); return sys_safecopyto(endpt, grant, 0, (vir_bytes) &cred, sizeof(struct uucred)); @@ -674,10 +680,10 @@ send_fds(devminor_t minor, struct msg_control *msg_ctrl, from_ep = uds_fd_table[minor].owner; /* Obtain this socket's credentials. */ - if ((rc = getnucred(from_ep, &data->cred)) < 0) + if ((rc = getepinfo(from_ep, &data->cred.uid, &data->cred.gid)) < 0) return rc; - dprintf(("UDS: minor=%d cred={%d,%d,%d}\n", minor, data->cred.pid, + dprintf(("UDS: minor=%d cred={%d,%d}\n", minor, data->cred.uid, data->cred.gid)); totalfds = data->nfiledes; @@ -809,6 +815,7 @@ recv_cred(devminor_t minor, struct ancillary *data, { struct msghdr msghdr; struct cmsghdr *cmsg; + struct uucred *cred; dprintf(("UDS: recv_cred(%d)\n", minor)); @@ -822,7 +829,10 @@ recv_cred(devminor_t minor, struct ancillary *data, cmsg->cmsg_len = CMSG_LEN(sizeof(struct uucred)); cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_type = SCM_CREDS; - memcpy(CMSG_DATA(cmsg), &data->cred, sizeof(struct uucred)); + cred = (struct uucred *)CMSG_DATA(cmsg); + memset(cred, 0, sizeof(*cred)); + cred->cr_uid = data->cred.uid; + cred->cr_gid = data->cred.gid; return OK; } @@ -893,8 +903,7 @@ do_recvmsg(devminor_t minor, endpoint_t endpt, cp_grant_id_t grant) socklen_t clen_desired = 0; dprintf(("UDS: do_recvmsg(%d)\n", minor)); - dprintf(("UDS: minor=%d credentials={pid:%d,uid:%d,gid:%d}\n", minor, - uds_fd_table[minor].ancillary_data.cred.pid, + dprintf(("UDS: minor=%d credentials={uid:%d,gid:%d}\n", minor, uds_fd_table[minor].ancillary_data.cred.uid, uds_fd_table[minor].ancillary_data.cred.gid)); diff --git a/minix/net/uds/uds.h b/minix/net/uds/uds.h index cfcafdf99..741b4bd47 100644 --- a/minix/net/uds/uds.h +++ b/minix/net/uds/uds.h @@ -28,11 +28,23 @@ #define dprintf(x) #endif +/* + * A light version of the "uucred" credentials structure. We basically do not + * support passing around groups lists, and by not using struct uucred as + * storage, we save memory for those groups lists as well. Note that the + * original Linux uucred structure has a 'cr_pid' field as well, but this is + * unsupported in NetBSD's version of the structure (and rightly so). + */ +struct luucred { + uid_t uid; + gid_t gid; +}; + /* ancillary data to be sent */ struct ancillary { int fds[OPEN_MAX]; int nfiledes; - struct uucred cred; + struct luucred cred; }; #define UDS_R 0x1 diff --git a/minix/tests/test56.c b/minix/tests/test56.c index 4ce66e5f5..583468dd5 100644 --- a/minix/tests/test56.c +++ b/minix/tests/test56.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index 17ca57ce6..1b2af303d 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -53,9 +53,4 @@ struct uucred { gid_t cr_groups[NGROUPS_MAX]; /* groups */ }; -#if defined(__minix) -#include - -int getnucred(endpoint_t proc_ep, struct uucred *ucred); -#endif /* defined(__minix) */ #endif /* !_SYS_UCRED_H_ */