diff --git a/distrib/sets/lists/minix-man/mi b/distrib/sets/lists/minix-man/mi index 9c80534db..6ce70fc75 100644 --- a/distrib/sets/lists/minix-man/mi +++ b/distrib/sets/lists/minix-man/mi @@ -476,7 +476,7 @@ ./usr/man/man2/fstatvfs1.2 minix-man ./usr/man/man2/getgid.2 minix-man ./usr/man/man2/getitimer.2 minix-man -./usr/man/man2/getnucred.2 minix-man +./usr/man/man2/getnucred.2 minix-man obsolete ./usr/man/man2/getpeereid.2 minix-man ./usr/man/man2/getpeername.2 minix-man ./usr/man/man2/getpid.2 minix-man diff --git a/minix/include/minix/syslib.h b/minix/include/minix/syslib.h index 905472cb8..3f5717fdc 100644 --- a/minix/include/minix/syslib.h +++ b/minix/include/minix/syslib.h @@ -266,6 +266,7 @@ int srv_kill(pid_t pid, int sig); int getprocnr(pid_t pid, endpoint_t *proc_ep); int mapdriver(const char *label, devmajor_t major, const int *domains, int nr_domains); +pid_t getepinfo(endpoint_t proc_ep, uid_t *uidp, gid_t *gidp); pid_t getnpid(endpoint_t proc_ep); uid_t getnuid(endpoint_t proc_ep); gid_t getngid(endpoint_t proc_ep); diff --git a/minix/lib/libsys/getepinfo.c b/minix/lib/libsys/getepinfo.c index 26427f14c..ed5b83672 100644 --- a/minix/lib/libsys/getepinfo.c +++ b/minix/lib/libsys/getepinfo.c @@ -4,7 +4,7 @@ #include -static pid_t +pid_t getepinfo(endpoint_t proc_ep, uid_t *uid, gid_t *gid) { message m; @@ -52,24 +52,3 @@ getngid(endpoint_t proc_ep) return gid; } - -int -getnucred(endpoint_t proc_ep, struct uucred *ucred) -{ - uid_t uid; - gid_t gid; - int r; - - if (ucred == NULL) - return EFAULT; - - if ((r = getepinfo(proc_ep, &uid, &gid)) < 0) - return r; - - /* Only two fields are used for now; ensure the rest is zeroed out. */ - memset(ucred, 0, sizeof(struct uucred)); - ucred->cr_uid = uid; - ucred->cr_gid = gid; - - return r; -} diff --git a/minix/man/man2/Makefile b/minix/man/man2/Makefile index 12dd8d088..3db88c945 100644 --- a/minix/man/man2/Makefile +++ b/minix/man/man2/Makefile @@ -1,6 +1,6 @@ MAN= accept.2 access.2 bind.2 brk.2 chdir.2 chmod.2 chown.2 \ chroot.2 close.2 connect.2 creat.2 dup.2 execve.2 exit.2 fcntl.2 \ - fork.2 getgid.2 getitimer.2 getnucred.2 getpeereid.2 \ + fork.2 getgid.2 getitimer.2 getpeereid.2 \ getpeername.2 getpid.2 getpriority.2 getsockname.2 getsockopt.2 \ gettimeofday.2 getuid.2 intro.2 ioctl.2 kill.2 link.2 listen.2 \ lseek.2 mkdir.2 mknod.2 mount.2 open.2 ptrace.2 \ diff --git a/minix/man/man2/getnucred.2 b/minix/man/man2/getnucred.2 deleted file mode 100644 index 31e317d46..000000000 --- a/minix/man/man2/getnucred.2 +++ /dev/null @@ -1,41 +0,0 @@ -.TH GETNUCRED 2 -.SH NAME -getnucred \- obtain the credentials that correspond to the given endpoint. -.SH SYNOPSIS -.ft B -#include -.in +5 -.ti -5 -#include - -.ti -5 -int getnucred(endpoint_t \fIproc_ep\fP, struct uucred * \fIucred\fP); -.br -.ft P -.SH DESCRIPTION -Given an endpoint \fIproc_ep\fP, this function will fill in \fIucred\fP -with the \fIpid\fP, \fIuid\fP, and \fIgid\fP that correspond to that -endpoint. -.SH RETURN VALUES -On success, this function returns 0 and \fIucred\fP will be filled in. -On error, -1 is returned and \fIerrno\fP is set. -.SH ERRORS -.TP 15 -[EFAULT] -The address pointed to by \fIucred\fP is not in a valid part of the -process address space. -[EPERM] -The user calling this function has insufficient privileges. Only a user -with an euid of 0 may call this function. -[ESRCH] -The endpoint was not found. This is caused by an invalid endpoint or an -endpoint for a process that no longer exists. -.SH SEE ALSO -.BR getpid(2), -.BR getuid(2), -.BR getgid(2), -.BR getnpid(2), -.BR getnuid(2), -.BR getngid(2) -.SH HISTORY -This function first appeared in Minix 3.1.8. diff --git a/minix/net/uds/ioc_uds.c b/minix/net/uds/ioc_uds.c index 23d8563df..8271f4377 100644 --- a/minix/net/uds/ioc_uds.c +++ b/minix/net/uds/ioc_uds.c @@ -549,9 +549,15 @@ do_getsockopt_peercred(devminor_t minor, endpoint_t endpt, cp_grant_id_t grant) peer_minor = uds_fd_table[minor].peer; - /* Obtain the peer's credentials and copy them out. */ - if ((rc = getnucred(uds_fd_table[peer_minor].owner, &cred)) < 0) - return rc; + /* + * Obtain the peer's credentials and copy them out. Ignore failures; + * in that case, the caller will simply get no credentials. + */ + memset(&cred, 0, sizeof(cred)); + cred.cr_uid = -1; + cred.cr_gid = -1; + (void)getepinfo(uds_fd_table[peer_minor].owner, &cred.cr_uid, + &cred.cr_gid); return sys_safecopyto(endpt, grant, 0, (vir_bytes) &cred, sizeof(struct uucred)); @@ -674,10 +680,10 @@ send_fds(devminor_t minor, struct msg_control *msg_ctrl, from_ep = uds_fd_table[minor].owner; /* Obtain this socket's credentials. */ - if ((rc = getnucred(from_ep, &data->cred)) < 0) + if ((rc = getepinfo(from_ep, &data->cred.uid, &data->cred.gid)) < 0) return rc; - dprintf(("UDS: minor=%d cred={%d,%d,%d}\n", minor, data->cred.pid, + dprintf(("UDS: minor=%d cred={%d,%d}\n", minor, data->cred.uid, data->cred.gid)); totalfds = data->nfiledes; @@ -809,6 +815,7 @@ recv_cred(devminor_t minor, struct ancillary *data, { struct msghdr msghdr; struct cmsghdr *cmsg; + struct uucred *cred; dprintf(("UDS: recv_cred(%d)\n", minor)); @@ -822,7 +829,10 @@ recv_cred(devminor_t minor, struct ancillary *data, cmsg->cmsg_len = CMSG_LEN(sizeof(struct uucred)); cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_type = SCM_CREDS; - memcpy(CMSG_DATA(cmsg), &data->cred, sizeof(struct uucred)); + cred = (struct uucred *)CMSG_DATA(cmsg); + memset(cred, 0, sizeof(*cred)); + cred->cr_uid = data->cred.uid; + cred->cr_gid = data->cred.gid; return OK; } @@ -893,8 +903,7 @@ do_recvmsg(devminor_t minor, endpoint_t endpt, cp_grant_id_t grant) socklen_t clen_desired = 0; dprintf(("UDS: do_recvmsg(%d)\n", minor)); - dprintf(("UDS: minor=%d credentials={pid:%d,uid:%d,gid:%d}\n", minor, - uds_fd_table[minor].ancillary_data.cred.pid, + dprintf(("UDS: minor=%d credentials={uid:%d,gid:%d}\n", minor, uds_fd_table[minor].ancillary_data.cred.uid, uds_fd_table[minor].ancillary_data.cred.gid)); diff --git a/minix/net/uds/uds.h b/minix/net/uds/uds.h index cfcafdf99..741b4bd47 100644 --- a/minix/net/uds/uds.h +++ b/minix/net/uds/uds.h @@ -28,11 +28,23 @@ #define dprintf(x) #endif +/* + * A light version of the "uucred" credentials structure. We basically do not + * support passing around groups lists, and by not using struct uucred as + * storage, we save memory for those groups lists as well. Note that the + * original Linux uucred structure has a 'cr_pid' field as well, but this is + * unsupported in NetBSD's version of the structure (and rightly so). + */ +struct luucred { + uid_t uid; + gid_t gid; +}; + /* ancillary data to be sent */ struct ancillary { int fds[OPEN_MAX]; int nfiledes; - struct uucred cred; + struct luucred cred; }; #define UDS_R 0x1 diff --git a/minix/tests/test56.c b/minix/tests/test56.c index 4ce66e5f5..583468dd5 100644 --- a/minix/tests/test56.c +++ b/minix/tests/test56.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index 17ca57ce6..1b2af303d 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -53,9 +53,4 @@ struct uucred { gid_t cr_groups[NGROUPS_MAX]; /* groups */ }; -#if defined(__minix) -#include - -int getnucred(endpoint_t proc_ep, struct uucred *ucred); -#endif /* defined(__minix) */ #endif /* !_SYS_UCRED_H_ */