View | Details | Raw Unified | Return to bug 213527 | Differences between
and this patch

Collapse All | Expand All

(-)sys/compat/linux/linux_misc.c (-2 / +1 lines)
Lines 1316-1323 Link Here
1316
	error = copyin(args->grouplist, linux_gidset, ngrp * sizeof(l_gid_t));
1316
	error = copyin(args->grouplist, linux_gidset, ngrp * sizeof(l_gid_t));
1317
	if (error)
1317
	if (error)
1318
		goto out;
1318
		goto out;
1319
	newcred = crget();
1319
	newcred = crget(ngrp + 1);
1320
	crextend(newcred, ngrp + 1);
1321
	p = td->td_proc;
1320
	p = td->td_proc;
1322
	PROC_LOCK(p);
1321
	PROC_LOCK(p);
1323
	oldcred = p->p_ucred;
1322
	oldcred = p->p_ucred;
(-)sys/compat/linux/linux_uid16.c (-1 / +1 lines)
Lines 179-186 Link Here
179
		free(linux_gidset, M_LINUX);
179
		free(linux_gidset, M_LINUX);
180
		return (error);
180
		return (error);
181
	}
181
	}
182
	newcred = crget();
183
	p = td->td_proc;
182
	p = td->td_proc;
183
	newcred = crget(p->p_ucred->cr_agroups);
184
	PROC_LOCK(p);
184
	PROC_LOCK(p);
185
	oldcred = crcopysafe(p, newcred);
185
	oldcred = crcopysafe(p, newcred);
186
186
(-)sys/fs/nfs/nfs_commonsubs.c (-1 / +1 lines)
Lines 3290-3296 Link Here
3290
			 * Create a credential just like svc_getcred(),
3290
			 * Create a credential just like svc_getcred(),
3291
			 * but using the group list provided.
3291
			 * but using the group list provided.
3292
			 */
3292
			 */
3293
			cr = crget();
3293
			cr = crget(nidp->nid_ngroup);
3294
			cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid;
3294
			cr->cr_uid = cr->cr_ruid = cr->cr_svuid = nidp->nid_uid;
3295
			crsetgroups(cr, nidp->nid_ngroup, grps);
3295
			crsetgroups(cr, nidp->nid_ngroup, grps);
3296
			cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
3296
			cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
(-)sys/kern/init_main.c (-2 / +2 lines)
Lines 517-523 Link Here
517
	callout_init(&td->td_slpcallout, 1);
517
	callout_init(&td->td_slpcallout, 1);
518
518
519
	/* Create credentials. */
519
	/* Create credentials. */
520
	newcred = crget();
520
	newcred = crget(1);
521
	newcred->cr_ngroups = 1;	/* group 0 */
521
	newcred->cr_ngroups = 1;	/* group 0 */
522
	newcred->cr_uidinfo = uifind(0);
522
	newcred->cr_uidinfo = uifind(0);
523
	newcred->cr_ruidinfo = uifind(0);
523
	newcred->cr_ruidinfo = uifind(0);
Lines 841-847 Link Here
841
		panic("cannot fork init: %d\n", error);
841
		panic("cannot fork init: %d\n", error);
842
	KASSERT(initproc->p_pid == 1, ("create_init: initproc->p_pid != 1"));
842
	KASSERT(initproc->p_pid == 1, ("create_init: initproc->p_pid != 1"));
843
	/* divorce init's credentials from the kernel's */
843
	/* divorce init's credentials from the kernel's */
844
	newcred = crget();
844
	newcred = crget(initproc->p_ucred->cr_agroups);
845
	sx_xlock(&proctree_lock);
845
	sx_xlock(&proctree_lock);
846
	PROC_LOCK(initproc);
846
	PROC_LOCK(initproc);
847
	initproc->p_flag |= P_SYSTEM | P_INMEM;
847
	initproc->p_flag |= P_SYSTEM | P_INMEM;
(-)sys/kern/kern_jail.c (-1 / +1 lines)
Lines 2403-2409 Link Here
2403
	if ((error = pwd_chroot(td, pr->pr_root)))
2403
	if ((error = pwd_chroot(td, pr->pr_root)))
2404
		goto e_revert_osd;
2404
		goto e_revert_osd;
2405
2405
2406
	newcred = crget();
2406
	newcred = crget(p->p_ucred->cr_agroups);
2407
	PROC_LOCK(p);
2407
	PROC_LOCK(p);
2408
	oldcred = crcopysafe(p, newcred);
2408
	oldcred = crcopysafe(p, newcred);
2409
	newcred->cr_prison = pr;
2409
	newcred->cr_prison = pr;
(-)sys/kern/kern_loginclass.c (-1 / +1 lines)
Lines 216-222 Link Here
216
	newlc = loginclass_find(lcname);
216
	newlc = loginclass_find(lcname);
217
	if (newlc == NULL)
217
	if (newlc == NULL)
218
		return (EINVAL);
218
		return (EINVAL);
219
	newcred = crget();
219
	newcred = crget(p->p_ucred->cr_agroups);
220
220
221
	PROC_LOCK(p);
221
	PROC_LOCK(p);
222
	oldcred = crcopysafe(p, newcred);
222
	oldcred = crcopysafe(p, newcred);
(-)sys/kern/kern_prot.c (-15 / +22 lines)
Lines 492-498 Link Here
492
492
493
	uid = uap->uid;
493
	uid = uap->uid;
494
	AUDIT_ARG_UID(uid);
494
	AUDIT_ARG_UID(uid);
495
	newcred = crget();
495
	newcred = crget(p->p_ucred->cr_agroups);
496
	uip = uifind(uid);
496
	uip = uifind(uid);
497
	PROC_LOCK(p);
497
	PROC_LOCK(p);
498
	/*
498
	/*
Lines 606-612 Link Here
606
606
607
	euid = uap->euid;
607
	euid = uap->euid;
608
	AUDIT_ARG_EUID(euid);
608
	AUDIT_ARG_EUID(euid);
609
	newcred = crget();
609
	newcred = crget(p->p_ucred->cr_agroups);
610
	euip = uifind(euid);
610
	euip = uifind(euid);
611
	PROC_LOCK(p);
611
	PROC_LOCK(p);
612
	/*
612
	/*
Lines 661-667 Link Here
661
661
662
	gid = uap->gid;
662
	gid = uap->gid;
663
	AUDIT_ARG_GID(gid);
663
	AUDIT_ARG_GID(gid);
664
	newcred = crget();
664
	newcred = crget(p->p_ucred->cr_agroups);
665
	PROC_LOCK(p);
665
	PROC_LOCK(p);
666
	oldcred = crcopysafe(p, newcred);
666
	oldcred = crcopysafe(p, newcred);
667
667
Lines 759-765 Link Here
759
759
760
	egid = uap->egid;
760
	egid = uap->egid;
761
	AUDIT_ARG_EGID(egid);
761
	AUDIT_ARG_EGID(egid);
762
	newcred = crget();
762
	newcred = crget(p->p_ucred->cr_agroups);
763
	PROC_LOCK(p);
763
	PROC_LOCK(p);
764
	oldcred = crcopysafe(p, newcred);
764
	oldcred = crcopysafe(p, newcred);
765
765
Lines 831-838 Link Here
831
831
832
	MPASS(ngrp <= ngroups_max + 1);
832
	MPASS(ngrp <= ngroups_max + 1);
833
	AUDIT_ARG_GROUPSET(groups, ngrp);
833
	AUDIT_ARG_GROUPSET(groups, ngrp);
834
	newcred = crget();
834
	newcred = crget(ngrp);
835
	crextend(newcred, ngrp);
835
	/* crextend(newcred, ngrp); */
836
	PROC_LOCK(p);
836
	PROC_LOCK(p);
837
	oldcred = crcopysafe(p, newcred);
837
	oldcred = crcopysafe(p, newcred);
838
838
Lines 889-895 Link Here
889
	ruid = uap->ruid;
889
	ruid = uap->ruid;
890
	AUDIT_ARG_EUID(euid);
890
	AUDIT_ARG_EUID(euid);
891
	AUDIT_ARG_RUID(ruid);
891
	AUDIT_ARG_RUID(ruid);
892
	newcred = crget();
892
	newcred = crget(p->p_ucred->cr_agroups);
893
	euip = uifind(euid);
893
	euip = uifind(euid);
894
	ruip = uifind(ruid);
894
	ruip = uifind(ruid);
895
	PROC_LOCK(p);
895
	PROC_LOCK(p);
Lines 958-964 Link Here
958
	rgid = uap->rgid;
958
	rgid = uap->rgid;
959
	AUDIT_ARG_EGID(egid);
959
	AUDIT_ARG_EGID(egid);
960
	AUDIT_ARG_RGID(rgid);
960
	AUDIT_ARG_RGID(rgid);
961
	newcred = crget();
961
	newcred = crget(p->p_ucred->cr_agroups);
962
	PROC_LOCK(p);
962
	PROC_LOCK(p);
963
	oldcred = crcopysafe(p, newcred);
963
	oldcred = crcopysafe(p, newcred);
964
964
Lines 1026-1032 Link Here
1026
	AUDIT_ARG_EUID(euid);
1026
	AUDIT_ARG_EUID(euid);
1027
	AUDIT_ARG_RUID(ruid);
1027
	AUDIT_ARG_RUID(ruid);
1028
	AUDIT_ARG_SUID(suid);
1028
	AUDIT_ARG_SUID(suid);
1029
	newcred = crget();
1029
	newcred = crget(p->p_ucred->cr_agroups);
1030
	euip = uifind(euid);
1030
	euip = uifind(euid);
1031
	ruip = uifind(ruid);
1031
	ruip = uifind(ruid);
1032
	PROC_LOCK(p);
1032
	PROC_LOCK(p);
Lines 1107-1113 Link Here
1107
	AUDIT_ARG_EGID(egid);
1107
	AUDIT_ARG_EGID(egid);
1108
	AUDIT_ARG_RGID(rgid);
1108
	AUDIT_ARG_RGID(rgid);
1109
	AUDIT_ARG_SGID(sgid);
1109
	AUDIT_ARG_SGID(sgid);
1110
	newcred = crget();
1110
	newcred = crget(p->p_ucred->cr_agroups);
1111
	PROC_LOCK(p);
1111
	PROC_LOCK(p);
1112
	oldcred = crcopysafe(p, newcred);
1112
	oldcred = crcopysafe(p, newcred);
1113
1113
Lines 1776-1784 Link Here
1776
1776
1777
/*
1777
/*
1778
 * Allocate a zeroed cred structure.
1778
 * Allocate a zeroed cred structure.
1779
 * If ngroups > cr_smallgroups, use it to extend the group buffer.
1779
 */
1780
 */
1780
struct ucred *
1781
struct ucred *
1781
crget(void)
1782
crget(int ngroups)
1782
{
1783
{
1783
	register struct ucred *cr;
1784
	register struct ucred *cr;
1784
1785
Lines 1790-1798 Link Here
1790
#ifdef MAC
1791
#ifdef MAC
1791
	mac_cred_init(cr);
1792
	mac_cred_init(cr);
1792
#endif
1793
#endif
1793
	cr->cr_groups = cr->cr_smallgroups;
1794
	if (ngroups > sizeof (cr->cr_smallgroups) / sizeof (cr->cr_smallgroups[0]))
1794
	cr->cr_agroups =
1795
	    crextend (cr, ngroups);
1795
	    sizeof(cr->cr_smallgroups) / sizeof(cr->cr_smallgroups[0]);
1796
	else {
1797
	    cr->cr_groups = cr->cr_smallgroups;
1798
	    cr->cr_agroups = sizeof(cr->cr_smallgroups) / sizeof(cr->cr_smallgroups[0]);
1799
	}
1796
	return (cr);
1800
	return (cr);
1797
}
1801
}
1798
1802
Lines 1877-1883 Link Here
1877
{
1881
{
1878
	struct ucred *newcr;
1882
	struct ucred *newcr;
1879
1883
1880
	newcr = crget();
1884
	newcr = crget(cr->cr_agroups);
1881
	crcopy(newcr, cr);
1885
	crcopy(newcr, cr);
1882
	return (newcr);
1886
	return (newcr);
1883
}
1887
}
Lines 1971-1976 Link Here
1971
	/* Truncate? */
1975
	/* Truncate? */
1972
	if (n <= cr->cr_agroups)
1976
	if (n <= cr->cr_agroups)
1973
		return;
1977
		return;
1978
    /* No need to allocate more than we are willing to use? */
1979
	if (n > ngroups_max + 1)
1980
		n = ngroups_max + 1;
1974
1981
1975
	/*
1982
	/*
1976
	 * We extend by 2 each time since we're using a power of two
1983
	 * We extend by 2 each time since we're using a power of two
(-)sys/kern/sys_capability.c (-1 / +1 lines)
Lines 103-110 Link Here
103
	if (IN_CAPABILITY_MODE(td))
103
	if (IN_CAPABILITY_MODE(td))
104
		return (0);
104
		return (0);
105
105
106
	newcred = crget();
107
	p = td->td_proc;
106
	p = td->td_proc;
107
	newcred = crget(p->p_ucred->cr_agroups);
108
	PROC_LOCK(p);
108
	PROC_LOCK(p);
109
	oldcred = crcopysafe(p, newcred);
109
	oldcred = crcopysafe(p, newcred);
110
	newcred->cr_flags |= CRED_FLAG_CAPMODE;
110
	newcred->cr_flags |= CRED_FLAG_CAPMODE;
(-)sys/kern/vfs_export.c (-2 / +2 lines)
Lines 129-135 Link Here
129
		}
129
		}
130
		np = &nep->ne_defexported;
130
		np = &nep->ne_defexported;
131
		np->netc_exflags = argp->ex_flags;
131
		np->netc_exflags = argp->ex_flags;
132
		np->netc_anon = crget();
132
		np->netc_anon = crget(argp->ex_anon.cr_ngroups);
133
		np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
133
		np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
134
		crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
134
		crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
135
		    argp->ex_anon.cr_groups);
135
		    argp->ex_anon.cr_groups);
Lines 208-214 Link Here
208
		goto out;
208
		goto out;
209
	}
209
	}
210
	np->netc_exflags = argp->ex_flags;
210
	np->netc_exflags = argp->ex_flags;
211
	np->netc_anon = crget();
211
	np->netc_anon = crget(argp->ex_anon.cr_ngroups);
212
	np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
212
	np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
213
	crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
213
	crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
214
	    argp->ex_anon.cr_groups);
214
	    argp->ex_anon.cr_groups);
(-)sys/rpc/rpcsec_gss/svc_rpcsec_gss.c (-1 / +1 lines)
Lines 445-451 Link Here
445
	}
445
	}
446
446
447
	uc = &client->cl_ucred;
447
	uc = &client->cl_ucred;
448
	cr = client->cl_cred = crget();
448
	cr = client->cl_cred = crget(uc->gidlen);
449
	cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
449
	cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
450
	cr->cr_rgid = cr->cr_svgid = uc->gid;
450
	cr->cr_rgid = cr->cr_svgid = uc->gid;
451
	crsetgroups(cr, uc->gidlen, uc->gidlist);
451
	crsetgroups(cr, uc->gidlen, uc->gidlist);
(-)sys/rpc/svc_auth.c (-1 / +1 lines)
Lines 175-181 Link Here
175
	switch (flavor) {
175
	switch (flavor) {
176
	case AUTH_UNIX:
176
	case AUTH_UNIX:
177
		xcr = (struct xucred *) rqst->rq_clntcred;
177
		xcr = (struct xucred *) rqst->rq_clntcred;
178
		cr = crget();
178
		cr = crget(xcr->cr_ngroups);
179
		cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid;
179
		cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid;
180
		crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups);
180
		crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups);
181
		cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
181
		cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
(-)sys/security/audit/audit_syscalls.c (-7 / +5 lines)
Lines 445-455 Link Here
445
			return (EINVAL);
445
			return (EINVAL);
446
		if (udata.au_aupinfo.ap_pid < 1)
446
		if (udata.au_aupinfo.ap_pid < 1)
447
			return (ESRCH);
447
			return (ESRCH);
448
		newcred = crget();
448
		if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL)
449
		if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL) {
450
			crfree(newcred);
451
			return (ESRCH);
449
			return (ESRCH);
452
		}
450
		newcred = crget(tp->p_ucred->cr_agroups);
453
		if ((error = p_cansee(td, tp)) != 0) {
451
		if ((error = p_cansee(td, tp)) != 0) {
454
			PROC_UNLOCK(tp);
452
			PROC_UNLOCK(tp);
455
			crfree(newcred);
453
			crfree(newcred);
Lines 587-593 Link Here
587
	if (error)
585
	if (error)
588
		return (error);
586
		return (error);
589
	audit_arg_auid(id);
587
	audit_arg_auid(id);
590
	newcred = crget();
588
	newcred = crget(td->td_proc->p_ucred->cr_agroups);
591
	PROC_LOCK(td->td_proc);
589
	PROC_LOCK(td->td_proc);
592
	oldcred = td->td_proc->p_ucred;
590
	oldcred = td->td_proc->p_ucred;
593
	crcopy(newcred, oldcred);
591
	crcopy(newcred, oldcred);
Lines 652-658 Link Here
652
	if (error)
650
	if (error)
653
		return (error);
651
		return (error);
654
	audit_arg_auditinfo(&ai);
652
	audit_arg_auditinfo(&ai);
655
	newcred = crget();
653
	newcred = crget(td->td_proc->p_ucred->cr_agroups);
656
	PROC_LOCK(td->td_proc);
654
	PROC_LOCK(td->td_proc);
657
	oldcred = td->td_proc->p_ucred;
655
	oldcred = td->td_proc->p_ucred;
658
	crcopy(newcred, oldcred);
656
	crcopy(newcred, oldcred);
Lines 715-721 Link Here
715
	if (aia.ai_termid.at_type != AU_IPv6 &&
713
	if (aia.ai_termid.at_type != AU_IPv6 &&
716
	    aia.ai_termid.at_type != AU_IPv4)
714
	    aia.ai_termid.at_type != AU_IPv4)
717
		return (EINVAL);
715
		return (EINVAL);
718
	newcred = crget();
716
	newcred = crget(td->td_proc->p_ucred->cr_agroups);
719
	PROC_LOCK(td->td_proc);	
717
	PROC_LOCK(td->td_proc);	
720
	oldcred = td->td_proc->p_ucred;
718
	oldcred = td->td_proc->p_ucred;
721
	crcopy(newcred, oldcred);
719
	crcopy(newcred, oldcred);
(-)sys/security/mac/mac_syscalls.c (-2 / +1 lines)
Lines 192-200 Link Here
192
	if (error)
192
	if (error)
193
		goto out;
193
		goto out;
194
194
195
	newcred = crget();
196
197
	p = td->td_proc;
195
	p = td->td_proc;
196
	newcred = crget(p->p_ucred->cr_agroups);
198
	PROC_LOCK(p);
197
	PROC_LOCK(p);
199
	oldcred = p->p_ucred;
198
	oldcred = p->p_ucred;
200
199
(-)sys/security/mac_lomac/mac_lomac.c (-1 / +1 lines)
Lines 2235-2241 Link Here
2235
	if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) {
2235
	if (subj->mac_lomac.ml_flags & MAC_LOMAC_FLAG_UPDATE) {
2236
		dodrop = 0;
2236
		dodrop = 0;
2237
		mtx_unlock(&subj->mtx);
2237
		mtx_unlock(&subj->mtx);
2238
		newcred = crget();
2238
		newcred = crget(p->p_ucred->cr_agroups);
2239
		/*
2239
		/*
2240
		 * Prevent a lock order reversal in mac_proc_vm_revoke;
2240
		 * Prevent a lock order reversal in mac_proc_vm_revoke;
2241
		 * ideally, the other user of subj->mtx wouldn't be holding
2241
		 * ideally, the other user of subj->mtx wouldn't be holding
(-)sys/sys/ucred.h (-1 / +1 lines)
Lines 109-115 Link Here
109
void	proc_set_cred_init(struct proc *p, struct ucred *cr);
109
void	proc_set_cred_init(struct proc *p, struct ucred *cr);
110
struct ucred	*proc_set_cred(struct proc *p, struct ucred *cr);
110
struct ucred	*proc_set_cred(struct proc *p, struct ucred *cr);
111
void	crfree(struct ucred *cr);
111
void	crfree(struct ucred *cr);
112
struct ucred	*crget(void);
112
struct ucred	*crget(int ngroups);
113
struct ucred	*crhold(struct ucred *cr);
113
struct ucred	*crhold(struct ucred *cr);
114
void	cru2x(struct ucred *cr, struct xucred *xcr);
114
void	cru2x(struct ucred *cr, struct xucred *xcr);
115
void	crsetgroups(struct ucred *cr, int n, gid_t *groups);
115
void	crsetgroups(struct ucred *cr, int n, gid_t *groups);

Return to bug 213527