diff options
| author | csjp <csjp@FreeBSD.org> | 2006-01-28 19:24:40 +0000 |
|---|---|---|
| committer | csjp <csjp@FreeBSD.org> | 2006-01-28 19:24:40 +0000 |
| commit | 34b8c6a4409682b1153fbd6a38ebe68a3d107a92 (patch) | |
| tree | 548a570898537062aeefe097d3c1dce9772b05f8 /sys/nfsserver/nfs_srvsock.c | |
| parent | 597a7332d8b12ce2f47cbd5c59a94534a4da9637 (diff) | |
| download | FreeBSD-src-34b8c6a4409682b1153fbd6a38ebe68a3d107a92.zip FreeBSD-src-34b8c6a4409682b1153fbd6a38ebe68a3d107a92.tar.gz | |
Manage the ucred for the NFS server using the crget/crfree API defined in
kern_prot.c. This API handles reference counting among many other things.
Notably, if MAC is compiled into the kernel, it will properly initialize the
MAC labels when the ucred is allocated.
This work is in preparation for a new MAC entry point which will be responsible
for properly initializing policy specific labels for the NFS server credential.
Utilization of the crfree/crget APIs reduce the complexity associated with
this label's management.
Submitted by: green (with changes) [1]
Obtained from: TrustedBSD Project
Discussed with: rwatson, alfred
[1] I moved the ucred allocation outside the scope of the NFS server lock to
prevent M_WAIKOK allocations from occurring with non-sleep-able locks held.
Additionally, to reduce complexity, the ucred persist as long as the NFS
server descriptor.
Diffstat (limited to 'sys/nfsserver/nfs_srvsock.c')
| -rw-r--r-- | sys/nfsserver/nfs_srvsock.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/sys/nfsserver/nfs_srvsock.c b/sys/nfsserver/nfs_srvsock.c index 55eeb0a..b17474c 100644 --- a/sys/nfsserver/nfs_srvsock.c +++ b/sys/nfsserver/nfs_srvsock.c @@ -39,10 +39,13 @@ __FBSDID("$FreeBSD$"); * Socket operations for use by nfs */ +#include "opt_mac.h" + #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/mount.h> @@ -362,16 +365,10 @@ nfs_getreq(struct nfsrv_descript *nd, struct nfsd *nfsd, int has_header) } nfsm_adv(nfsm_rndup(len)); tl = nfsm_dissect_nonblock(u_int32_t *, 3 * NFSX_UNSIGNED); - /* - * XXX: This credential should be managed using crget(9) - * and related calls. Right now, this tramples on any - * extensible data in the ucred, and worse. This wasn't - * fixed before FreeBSD 5.3-RELEASE. - */ - bzero((caddr_t)&nd->nd_cr, sizeof (struct ucred)); - refcount_init(&nd->nd_cr.cr_ref, 1); - nd->nd_cr.cr_uid = fxdr_unsigned(uid_t, *tl++); - nd->nd_cr.cr_gid = fxdr_unsigned(gid_t, *tl++); + nd->nd_cr->cr_uid = nd->nd_cr->cr_ruid = + nd->nd_cr->cr_svuid = fxdr_unsigned(uid_t, *tl++); + nd->nd_cr->cr_groups[0] = nd->nd_cr->cr_rgid = + nd->nd_cr->cr_svgid = fxdr_unsigned(gid_t, *tl++); len = fxdr_unsigned(int, *tl); if (len < 0 || len > RPCAUTH_UNIXGIDS) { m_freem(mrep); @@ -380,12 +377,12 @@ nfs_getreq(struct nfsrv_descript *nd, struct nfsd *nfsd, int has_header) tl = nfsm_dissect_nonblock(u_int32_t *, (len + 2) * NFSX_UNSIGNED); for (i = 1; i <= len; i++) if (i < NGROUPS) - nd->nd_cr.cr_groups[i] = fxdr_unsigned(gid_t, *tl++); + nd->nd_cr->cr_groups[i] = fxdr_unsigned(gid_t, *tl++); else tl++; - nd->nd_cr.cr_ngroups = (len >= NGROUPS) ? NGROUPS : (len + 1); - if (nd->nd_cr.cr_ngroups > 1) - nfsrvw_sort(nd->nd_cr.cr_groups, nd->nd_cr.cr_ngroups); + nd->nd_cr->cr_ngroups = (len >= NGROUPS) ? NGROUPS : (len + 1); + if (nd->nd_cr->cr_ngroups > 1) + nfsrvw_sort(nd->nd_cr->cr_groups, nd->nd_cr->cr_ngroups); len = fxdr_unsigned(int, *++tl); if (len < 0 || len > RPCAUTH_MAXSIZ) { m_freem(mrep); @@ -709,6 +706,7 @@ nfsrv_dorec(struct nfssvc_sock *slp, struct nfsd *nfsd, NFSD_UNLOCK(); MALLOC(nd, struct nfsrv_descript *, sizeof (struct nfsrv_descript), M_NFSRVDESC, M_WAITOK); + nd->nd_cr = crget(); NFSD_LOCK(); nd->nd_md = nd->nd_mrep = m; nd->nd_nam2 = nam; @@ -718,6 +716,8 @@ nfsrv_dorec(struct nfssvc_sock *slp, struct nfsd *nfsd, if (nam) { FREE(nam, M_SONAME); } + if (nd->nd_cr != NULL) + crfree(nd->nd_cr); free((caddr_t)nd, M_NFSRVDESC); return (error); } |
