libsys: retire getnucred in favor of getepinfo

The getnucred() function was used by UDS to obtain credentials of user processes in a form used in the UDS API, namely the ucred structure. Since the NetBSD merge, this structure has changed drastically (aside from being renamed to "uucred"), and it is no longer in UDS's best interest to use this structure internally. Therefore, getnucred() is no longer a useful API either, and instead we directly use the previously private getepinfo() function to obtain credentials. Change-Id: I80bc809de716ec0a9b7497cb109d2f2708a629d5
2016-01-27 23:24:56 +00:00 · 2016-01-27 23:24:56 +00:00 · 462713495a
commit 462713495a
parent dd96967135
9 changed files with 35 additions and 79 deletions
--- a/distrib/sets/lists/minix-man/mi
+++ b/distrib/sets/lists/minix-man/mi
@ -476,7 +476,7 @@
 ./usr/man/man2/fstatvfs1.2                              minix-man
 ./usr/man/man2/getgid.2                                 minix-man
 ./usr/man/man2/getitimer.2                              minix-man
-./usr/man/man2/getnucred.2                              minix-man
+./usr/man/man2/getnucred.2                              minix-man       obsolete
 ./usr/man/man2/getpeereid.2                             minix-man
 ./usr/man/man2/getpeername.2                            minix-man
 ./usr/man/man2/getpid.2                                 minix-man
--- a/minix/include/minix/syslib.h
+++ b/minix/include/minix/syslib.h
@ -266,6 +266,7 @@ int srv_kill(pid_t pid, int sig);
 int getprocnr(pid_t pid, endpoint_t *proc_ep);
 int mapdriver(const char *label, devmajor_t major, const int *domains,
 	int nr_domains);
+pid_t getepinfo(endpoint_t proc_ep, uid_t *uidp, gid_t *gidp);
 pid_t getnpid(endpoint_t proc_ep);
 uid_t getnuid(endpoint_t proc_ep);
 gid_t getngid(endpoint_t proc_ep);
--- a/minix/lib/libsys/getepinfo.c
+++ b/minix/lib/libsys/getepinfo.c
@ -4,7 +4,7 @@

 #include <sys/ucred.h>

-static pid_t
+pid_t
 getepinfo(endpoint_t proc_ep, uid_t *uid, gid_t *gid)
 {
 	message m;
@ -52,24 +52,3 @@ getngid(endpoint_t proc_ep)

 	return gid;
 }
-
-int
-getnucred(endpoint_t proc_ep, struct uucred *ucred)
-{
-	uid_t uid;
-	gid_t gid;
-	int r;
-
-	if (ucred == NULL)
-		return EFAULT;
-
-	if ((r = getepinfo(proc_ep, &uid, &gid)) < 0)
-		return r;
-
-	/* Only two fields are used for now; ensure the rest is zeroed out. */
-	memset(ucred, 0, sizeof(struct uucred));
-	ucred->cr_uid = uid;
-	ucred->cr_gid = gid;
-
-	return r;
-}
--- a/minix/man/man2/Makefile
+++ b/minix/man/man2/Makefile
@ -1,6 +1,6 @@
 MAN=	accept.2 access.2 bind.2 brk.2 chdir.2 chmod.2 chown.2 \
 	chroot.2 close.2 connect.2 creat.2 dup.2 execve.2 exit.2 fcntl.2 \
-	fork.2 getgid.2 getitimer.2 getnucred.2 getpeereid.2 \
+	fork.2 getgid.2 getitimer.2 getpeereid.2 \
 	getpeername.2 getpid.2 getpriority.2 getsockname.2 getsockopt.2 \
 	gettimeofday.2 getuid.2 intro.2 ioctl.2 kill.2 link.2 listen.2 \
 	lseek.2 mkdir.2 mknod.2 mount.2 open.2 ptrace.2 \
--- a/minix/man/man2/getnucred.2
+++ b/minix/man/man2/getnucred.2
@ -1,41 +0,0 @@
-.TH GETNUCRED 2
-.SH NAME
-getnucred \- obtain the credentials that correspond to the given endpoint.
-.SH SYNOPSIS
-.ft B
-#include <sys/socket.h>
-.in +5
-.ti -5
-#include <sys/ucred.h>
-
-.ti -5
-int getnucred(endpoint_t \fIproc_ep\fP,  struct uucred * \fIucred\fP);
-.br
-.ft P
-.SH DESCRIPTION
-Given an endpoint \fIproc_ep\fP, this function will fill in \fIucred\fP 
-with the \fIpid\fP, \fIuid\fP, and \fIgid\fP that correspond to that 
-endpoint.
-.SH RETURN VALUES
-On success, this function returns 0 and \fIucred\fP will be filled in. 
-On error, -1 is returned and \fIerrno\fP is set.
-.SH ERRORS
-.TP 15
-[EFAULT]
-The address pointed to by \fIucred\fP is not in a valid part of the 
-process address space.
-[EPERM]
-The user calling this function has insufficient privileges. Only a user 
-with an euid of 0 may call this function.
-[ESRCH]
-The endpoint was not found. This is caused by an invalid endpoint or an 
-endpoint for a process that no longer exists.
-.SH SEE ALSO
-.BR getpid(2),
-.BR getuid(2),
-.BR getgid(2),
-.BR getnpid(2),
-.BR getnuid(2),
-.BR getngid(2)
-.SH HISTORY
-This function first appeared in Minix 3.1.8.
--- a/minix/net/uds/ioc_uds.c
+++ b/minix/net/uds/ioc_uds.c
@ -549,9 +549,15 @@ do_getsockopt_peercred(devminor_t minor, endpoint_t endpt, cp_grant_id_t grant)

 	peer_minor = uds_fd_table[minor].peer;

-	/* Obtain the peer's credentials and copy them out. */
-	if ((rc = getnucred(uds_fd_table[peer_minor].owner, &cred)) < 0)
-		return rc;
+	/*
+	 * Obtain the peer's credentials and copy them out.  Ignore failures;
+	 * in that case, the caller will simply get no credentials.
+	 */
+	memset(&cred, 0, sizeof(cred));
+	cred.cr_uid = -1;
+	cred.cr_gid = -1;
+	(void)getepinfo(uds_fd_table[peer_minor].owner, &cred.cr_uid,
+	    &cred.cr_gid);

 	return sys_safecopyto(endpt, grant, 0, (vir_bytes) &cred,
 	    sizeof(struct uucred));
@ -674,10 +680,10 @@ send_fds(devminor_t minor, struct msg_control *msg_ctrl,
 	from_ep = uds_fd_table[minor].owner;

 	/* Obtain this socket's credentials. */
-	if ((rc = getnucred(from_ep, &data->cred)) < 0)
+	if ((rc = getepinfo(from_ep, &data->cred.uid, &data->cred.gid)) < 0)
 		return rc;

-	dprintf(("UDS: minor=%d cred={%d,%d,%d}\n", minor, data->cred.pid,
+	dprintf(("UDS: minor=%d cred={%d,%d}\n", minor,
 	    data->cred.uid, data->cred.gid));

 	totalfds = data->nfiledes;
@ -809,6 +815,7 @@ recv_cred(devminor_t minor, struct ancillary *data,
 {
 	struct msghdr msghdr;
 	struct cmsghdr *cmsg;
+	struct uucred *cred;

 	dprintf(("UDS: recv_cred(%d)\n", minor));

@ -822,7 +829,10 @@ recv_cred(devminor_t minor, struct ancillary *data,
 	cmsg->cmsg_len = CMSG_LEN(sizeof(struct uucred));
 	cmsg->cmsg_level = SOL_SOCKET;
 	cmsg->cmsg_type = SCM_CREDS;
-	memcpy(CMSG_DATA(cmsg), &data->cred, sizeof(struct uucred));
+	cred = (struct uucred *)CMSG_DATA(cmsg);
+	memset(cred, 0, sizeof(*cred));
+	cred->cr_uid = data->cred.uid;
+	cred->cr_gid = data->cred.gid;

 	return OK;
 }
@ -893,8 +903,7 @@ do_recvmsg(devminor_t minor, endpoint_t endpt, cp_grant_id_t grant)
 	socklen_t clen_desired = 0;

 	dprintf(("UDS: do_recvmsg(%d)\n", minor));
-	dprintf(("UDS: minor=%d credentials={pid:%d,uid:%d,gid:%d}\n", minor,
-	    uds_fd_table[minor].ancillary_data.cred.pid,
+	dprintf(("UDS: minor=%d credentials={uid:%d,gid:%d}\n", minor,
 	    uds_fd_table[minor].ancillary_data.cred.uid,
 	    uds_fd_table[minor].ancillary_data.cred.gid));

--- a/minix/net/uds/uds.h
+++ b/minix/net/uds/uds.h
@ -28,11 +28,23 @@
 #define dprintf(x)
 #endif

+/*
+ * A light version of the "uucred" credentials structure.  We basically do not
+ * support passing around groups lists, and by not using struct uucred as
+ * storage, we save memory for those groups lists as well.  Note that the
+ * original Linux uucred structure has a 'cr_pid' field as well, but this is
+ * unsupported in NetBSD's version of the structure (and rightly so).
+ */
+struct luucred {
+	uid_t uid;
+	gid_t gid;
+};
+
 /* ancillary data to be sent */
 struct ancillary {
 	int fds[OPEN_MAX];
 	int nfiledes;
-	struct uucred cred;
+	struct luucred cred;
 };

 #define UDS_R	0x1
--- a/minix/tests/test56.c
+++ b/minix/tests/test56.c
@ -42,6 +42,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stddef.h>
 #include <sys/socket.h>
 #include <sys/ucred.h>
 #include <sys/stat.h>
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@ -53,9 +53,4 @@ struct uucred {
 	gid_t		cr_groups[NGROUPS_MAX];	/* groups */
 };

-#if defined(__minix)
-#include <minix/type.h>
-
-int getnucred(endpoint_t proc_ep, struct uucred *ucred);
-#endif /* defined(__minix) */
 #endif /* !_SYS_UCRED_H_ */