diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2001-04-05 06:12:38 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2001-04-05 06:12:38 +0000 |
| commit | 2955f0b360cea0479d4c7252bbcb9a7faa2e0474 (patch) | |
| tree | 16933a9f63f4221ae42a6a2465986b7e7c207b8c /sys | |
| parent | 406dd7d1d43c4fa441f8a94a51471d6afc5d51b3 (diff) | |
| download | src-2955f0b360cea0479d4c7252bbcb9a7faa2e0474.tar.gz src-2955f0b360cea0479d4c7252bbcb9a7faa2e0474.zip | |
o Rather than arbitrarily construct a credential in the nfs_statfs()
VFS operation, make use of the calling process's credential. This
solution may not be ideal (there are a number of other possible
proposals, including making use of the proc0 credential, adding a
credential argument to the VFSOP, and switching from a hard-coded
ucred to a hard-coded nfscred), it is simple and appears to
work. The arguments against using simply crget() are fairly
strong: it is the only place in the code (other than a nearly
identical invocation in ncp) where crget() is invoked, other than
in the process credential creation code; as ucred becomes extensible,
this use of crget() without appropriate context results in less and
less meaningful credential data. The implementation here will
probably be tweaked as a result of experimentation and further
exploration of the requirements. In the mean-time, it allows
progress to be made in ucred expansion for new security models without
causing a crash every time df is used on an NFS mounted file system.
This code has been interop tested against FreeBSD and Solaris NFS
servers. While using the process credentials should not introduce
interop problems, please let me know if any turn out to exist.
Reviewed by: freebsd-arch
Notes
Notes:
svn path=/head/; revision=75218
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/nfs/nfs_vfsops.c | 8 | ||||
| -rw-r--r-- | sys/nfsclient/nfs_vfsops.c | 8 |
2 files changed, 4 insertions, 12 deletions
diff --git a/sys/nfs/nfs_vfsops.c b/sys/nfs/nfs_vfsops.c index b22a8554e954..7f8be03082e3 100644 --- a/sys/nfs/nfs_vfsops.c +++ b/sys/nfs/nfs_vfsops.c @@ -254,7 +254,6 @@ nfs_statfs(mp, sbp, p) struct nfsmount *nmp = VFSTONFS(mp); int error = 0, v3 = (nmp->nm_flag & NFSMNT_NFSV3), retattr; struct mbuf *mreq, *mrep, *md, *mb, *mb2; - struct ucred *cred; struct nfsnode *np; u_quad_t tquad; @@ -265,14 +264,12 @@ nfs_statfs(mp, sbp, p) if (error) return (error); vp = NFSTOV(np); - cred = crget(); - cred->cr_ngroups = 1; if (v3 && (nmp->nm_state & NFSSTA_GOTFSINFO) == 0) - (void)nfs_fsinfo(nmp, vp, cred, p); + (void)nfs_fsinfo(nmp, vp, p->p_ucred, p); nfsstats.rpccnt[NFSPROC_FSSTAT]++; nfsm_reqhead(vp, NFSPROC_FSSTAT, NFSX_FH(v3)); nfsm_fhtom(vp, v3); - nfsm_request(vp, NFSPROC_FSSTAT, p, cred); + nfsm_request(vp, NFSPROC_FSSTAT, p, p->p_ucred); if (v3) nfsm_postop_attr(vp, retattr); if (error) { @@ -310,7 +307,6 @@ nfs_statfs(mp, sbp, p) } nfsm_reqdone; vput(vp); - crfree(cred); return (error); } diff --git a/sys/nfsclient/nfs_vfsops.c b/sys/nfsclient/nfs_vfsops.c index b22a8554e954..7f8be03082e3 100644 --- a/sys/nfsclient/nfs_vfsops.c +++ b/sys/nfsclient/nfs_vfsops.c @@ -254,7 +254,6 @@ nfs_statfs(mp, sbp, p) struct nfsmount *nmp = VFSTONFS(mp); int error = 0, v3 = (nmp->nm_flag & NFSMNT_NFSV3), retattr; struct mbuf *mreq, *mrep, *md, *mb, *mb2; - struct ucred *cred; struct nfsnode *np; u_quad_t tquad; @@ -265,14 +264,12 @@ nfs_statfs(mp, sbp, p) if (error) return (error); vp = NFSTOV(np); - cred = crget(); - cred->cr_ngroups = 1; if (v3 && (nmp->nm_state & NFSSTA_GOTFSINFO) == 0) - (void)nfs_fsinfo(nmp, vp, cred, p); + (void)nfs_fsinfo(nmp, vp, p->p_ucred, p); nfsstats.rpccnt[NFSPROC_FSSTAT]++; nfsm_reqhead(vp, NFSPROC_FSSTAT, NFSX_FH(v3)); nfsm_fhtom(vp, v3); - nfsm_request(vp, NFSPROC_FSSTAT, p, cred); + nfsm_request(vp, NFSPROC_FSSTAT, p, p->p_ucred); if (v3) nfsm_postop_attr(vp, retattr); if (error) { @@ -310,7 +307,6 @@ nfs_statfs(mp, sbp, p) } nfsm_reqdone; vput(vp); - crfree(cred); return (error); } |