From 2955f0b360cea0479d4c7252bbcb9a7faa2e0474 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 5 Apr 2001 06:12:38 +0000 Subject: [PATCH] o Rather than arbitrarily construct a credential in the nfs_statfs() VFS operation, make use of the calling process's credential. This solution may not be ideal (there are a number of other possible proposals, including making use of the proc0 credential, adding a credential argument to the VFSOP, and switching from a hard-coded ucred to a hard-coded nfscred), it is simple and appears to work. The arguments against using simply crget() are fairly strong: it is the only place in the code (other than a nearly identical invocation in ncp) where crget() is invoked, other than in the process credential creation code; as ucred becomes extensible, this use of crget() without appropriate context results in less and less meaningful credential data. The implementation here will probably be tweaked as a result of experimentation and further exploration of the requirements. In the mean-time, it allows progress to be made in ucred expansion for new security models without causing a crash every time df is used on an NFS mounted file system. This code has been interop tested against FreeBSD and Solaris NFS servers. While using the process credentials should not introduce interop problems, please let me know if any turn out to exist. Reviewed by: freebsd-arch --- sys/nfs/nfs_vfsops.c | 8 ++------ sys/nfsclient/nfs_vfsops.c | 8 ++------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/sys/nfs/nfs_vfsops.c b/sys/nfs/nfs_vfsops.c index b22a8554e954..7f8be03082e3 100644 --- a/sys/nfs/nfs_vfsops.c +++ b/sys/nfs/nfs_vfsops.c @@ -254,7 +254,6 @@ nfs_statfs(mp, sbp, p) struct nfsmount *nmp = VFSTONFS(mp); int error = 0, v3 = (nmp->nm_flag & NFSMNT_NFSV3), retattr; struct mbuf *mreq, *mrep, *md, *mb, *mb2; - struct ucred *cred; struct nfsnode *np; u_quad_t tquad; @@ -265,14 +264,12 @@ nfs_statfs(mp, sbp, p) if (error) return (error); vp = NFSTOV(np); - cred = crget(); - cred->cr_ngroups = 1; if (v3 && (nmp->nm_state & NFSSTA_GOTFSINFO) == 0) - (void)nfs_fsinfo(nmp, vp, cred, p); + (void)nfs_fsinfo(nmp, vp, p->p_ucred, p); nfsstats.rpccnt[NFSPROC_FSSTAT]++; nfsm_reqhead(vp, NFSPROC_FSSTAT, NFSX_FH(v3)); nfsm_fhtom(vp, v3); - nfsm_request(vp, NFSPROC_FSSTAT, p, cred); + nfsm_request(vp, NFSPROC_FSSTAT, p, p->p_ucred); if (v3) nfsm_postop_attr(vp, retattr); if (error) { @@ -310,7 +307,6 @@ nfs_statfs(mp, sbp, p) } nfsm_reqdone; vput(vp); - crfree(cred); return (error); } diff --git a/sys/nfsclient/nfs_vfsops.c b/sys/nfsclient/nfs_vfsops.c index b22a8554e954..7f8be03082e3 100644 --- a/sys/nfsclient/nfs_vfsops.c +++ b/sys/nfsclient/nfs_vfsops.c @@ -254,7 +254,6 @@ nfs_statfs(mp, sbp, p) struct nfsmount *nmp = VFSTONFS(mp); int error = 0, v3 = (nmp->nm_flag & NFSMNT_NFSV3), retattr; struct mbuf *mreq, *mrep, *md, *mb, *mb2; - struct ucred *cred; struct nfsnode *np; u_quad_t tquad; @@ -265,14 +264,12 @@ nfs_statfs(mp, sbp, p) if (error) return (error); vp = NFSTOV(np); - cred = crget(); - cred->cr_ngroups = 1; if (v3 && (nmp->nm_state & NFSSTA_GOTFSINFO) == 0) - (void)nfs_fsinfo(nmp, vp, cred, p); + (void)nfs_fsinfo(nmp, vp, p->p_ucred, p); nfsstats.rpccnt[NFSPROC_FSSTAT]++; nfsm_reqhead(vp, NFSPROC_FSSTAT, NFSX_FH(v3)); nfsm_fhtom(vp, v3); - nfsm_request(vp, NFSPROC_FSSTAT, p, cred); + nfsm_request(vp, NFSPROC_FSSTAT, p, p->p_ucred); if (v3) nfsm_postop_attr(vp, retattr); if (error) { @@ -310,7 +307,6 @@ nfs_statfs(mp, sbp, p) } nfsm_reqdone; vput(vp); - crfree(cred); return (error); }