diff options
-rw-r--r-- | config/spl-build.m4 | 46 | ||||
-rw-r--r-- | include/sys/cred.h | 59 | ||||
-rw-r--r-- | module/spl/spl-cred.c | 94 |
3 files changed, 24 insertions, 175 deletions
diff --git a/config/spl-build.m4 b/config/spl-build.m4 index 1eda1772a..91318efc3 100644 --- a/config/spl-build.m4 +++ b/config/spl-build.m4 @@ -35,9 +35,7 @@ AC_DEFUN([SPL_AC_CONFIG_KERNEL], [ SPL_AC_2ARGS_VFS_FSYNC SPL_AC_INODE_TRUNCATE_RANGE SPL_AC_FS_STRUCT_SPINLOCK - SPL_AC_CRED_STRUCT SPL_AC_KUIDGID_T - SPL_AC_GROUPS_SEARCH SPL_AC_PUT_TASK_STRUCT SPL_AC_5ARGS_PROC_HANDLER SPL_AC_KVASPRINTF @@ -1136,26 +1134,6 @@ AC_DEFUN([SPL_AC_FS_STRUCT_SPINLOCK], [ ]) dnl # -dnl # 2.6.29 API change, -dnl # check whether 'struct cred' exists -dnl # -AC_DEFUN([SPL_AC_CRED_STRUCT], [ - AC_MSG_CHECKING([whether struct cred exists]) - SPL_LINUX_TRY_COMPILE([ - #include <linux/cred.h> - ],[ - struct cred *cr __attribute__ ((unused)); - cr = NULL; - ],[ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_CRED_STRUCT, 1, [struct cred exists]) - ],[ - AC_MSG_RESULT(no) - ]) -]) - - -dnl # dnl # User namespaces, use kuid_t in place of uid_t dnl # where available. Not strictly a user namespaces thing dnl # but it should prevent surprises @@ -1185,30 +1163,6 @@ AC_DEFUN([SPL_AC_KUIDGID_T], [ ]) dnl # -dnl # Custom SPL patch may export this symbol. -dnl # -AC_DEFUN([SPL_AC_GROUPS_SEARCH], - [AC_MSG_CHECKING([whether groups_search() is available]) - SPL_LINUX_TRY_COMPILE_SYMBOL([ - #include <linux/cred.h> - #ifdef HAVE_KUIDGID_T - #include <linux/uidgid.h> - #endif - ], [ - #ifdef HAVE_KUIDGID_T - groups_search(NULL, KGIDT_INIT(0)); - #else - groups_search(NULL, 0); - #endif - ], [groups_search], [], [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_GROUPS_SEARCH, 1, [groups_search() is available]) - ], [ - AC_MSG_RESULT(no) - ]) -]) - -dnl # dnl # 2.6.x API change, dnl # __put_task_struct() was exported in RHEL5 but unavailable elsewhere. dnl # diff --git a/include/sys/cred.h b/include/sys/cred.h index 3ba5c141b..4f62b00fd 100644 --- a/include/sys/cred.h +++ b/include/sys/cred.h @@ -29,49 +29,38 @@ #include <sys/types.h> #include <sys/vfs.h> -#ifdef HAVE_CRED_STRUCT - typedef struct cred cred_t; -#define kcred ((cred_t *)(init_task.cred)) -#define CRED() ((cred_t *)current_cred()) - -#else - -typedef struct task_struct cred_t; - -#define kcred ((cred_t *)&init_task) -#define CRED() ((cred_t *)current) - -#endif /* HAVE_CRED_STRUCT */ +#define kcred ((cred_t *)(init_task.cred)) +#define CRED() ((cred_t *)current_cred()) #ifdef HAVE_KUIDGID_T - /* - * Linux 3.8+ uses typedefs to redefine uid_t and gid_t. We have to rename the - * typedefs to recover the original types. We then can use them provided that - * we are careful about translating from k{g,u}id_t to the original versions - * and vice versa. - */ - #define uid_t xuid_t - #define gid_t xgid_t - #include <linux/uidgid.h> - #undef uid_t - #undef gid_t - - #define KUID_TO_SUID(x) (__kuid_val(x)) - #define KGID_TO_SGID(x) (__kgid_val(x)) - #define SUID_TO_KUID(x) (KUIDT_INIT(x)) - #define SGID_TO_KGID(x) (KGIDT_INIT(x)) - #define KGIDP_TO_SGIDP(x) (&(x)->val) +/* + * Linux 3.8+ uses typedefs to redefine uid_t and gid_t. We have to rename the + * typedefs to recover the original types. We then can use them provided that + * we are careful about translating from k{g,u}id_t to the original versions + * and vice versa. + */ +#define uid_t xuid_t +#define gid_t xgid_t +#include <linux/uidgid.h> +#undef uid_t +#undef gid_t + +#define KUID_TO_SUID(x) (__kuid_val(x)) +#define KGID_TO_SGID(x) (__kgid_val(x)) +#define SUID_TO_KUID(x) (KUIDT_INIT(x)) +#define SGID_TO_KGID(x) (KGIDT_INIT(x)) +#define KGIDP_TO_SGIDP(x) (&(x)->val) #else /* HAVE_KUIDGID_T */ - #define KUID_TO_SUID(x) (x) - #define KGID_TO_SGID(x) (x) - #define SUID_TO_KUID(x) (x) - #define SGID_TO_KGID(x) (x) - #define KGIDP_TO_SGIDP(x) (x) +#define KUID_TO_SUID(x) (x) +#define KGID_TO_SGID(x) (x) +#define SUID_TO_KUID(x) (x) +#define SGID_TO_KGID(x) (x) +#define KGIDP_TO_SGIDP(x) (x) #endif /* HAVE_KUIDGID_T */ diff --git a/module/spl/spl-cred.c b/module/spl/spl-cred.c index 602bd74e8..a03f459e0 100644 --- a/module/spl/spl-cred.c +++ b/module/spl/spl-cred.c @@ -32,11 +32,6 @@ #define DEBUG_SUBSYSTEM S_CRED -#ifdef HAVE_GROUPS_SEARCH -/* Symbol may be exported by custom kernel patch */ -#define cr_groups_search(gi, grp) groups_search(gi, grp) -#else -/* Implementation from 2.6.30 kernel */ static int #ifdef HAVE_KUIDGID_T cr_groups_search(const struct group_info *group_info, kgid_t grp) @@ -66,14 +61,6 @@ cr_groups_search(const struct group_info *group_info, gid_t grp) } return 0; } -#endif - -#ifdef HAVE_CRED_STRUCT - -/* - * As of 2.6.29 a clean credential API appears in the linux kernel. - * We attempt to layer the Solaris API on top of the linux API. - */ /* Hold a reference on the credential and group info */ void @@ -137,87 +124,6 @@ groupmember(gid_t gid, const cred_t *cr) return rc; } -#else /* HAVE_CRED_STRUCT */ - -/* - * Until very recently all credential information was embedded in - * the linux task struct. For this reason to simulate a Solaris - * cred_t we need to pass the entire task structure around. - */ - -/* Hold a reference on the credential and group info */ -void crhold(cred_t *cr) { } - -/* Free a reference on the credential and group info */ -void crfree(cred_t *cr) { } - -/* Return the number of supplemental groups */ -int -crgetngroups(const cred_t *cr) -{ - int lock, rc; - - lock = (cr != current); - if (lock) - task_lock((struct task_struct *)cr); - - get_group_info(cr->group_info); - rc = cr->group_info->ngroups; - put_group_info(cr->group_info); - - if (lock) - task_unlock((struct task_struct *)cr); - - return rc; -} - -/* - * Return an array of supplemental gids. The returned address is safe - * to use as long as the caller has taken a reference with crhold(). - * The caller is responsible for releasing the reference with crfree(). - */ -gid_t * -crgetgroups(const cred_t *cr) -{ - gid_t *gids; - int lock; - - lock = (cr != current); - if (lock) - task_lock((struct task_struct *)cr); - - get_group_info(cr->group_info); - gids = KGID_TO_SGID(cr->group_info->blocks[0]); - put_group_info(cr->group_info); - - if (lock) - task_unlock((struct task_struct *)cr); - - return gids; -} - -/* Check if the passed gid is available is in supplied credential. */ -int -groupmember(gid_t gid, const cred_t *cr) -{ - int lock, rc; - - lock = (cr != current); - if (lock) - task_lock((struct task_struct *)cr); - - get_group_info(cr->group_info); - rc = cr_groups_search(cr->group_info, gid); - put_group_info(cr->group_info); - - if (lock) - task_unlock((struct task_struct *)cr); - - return rc; -} - -#endif /* HAVE_CRED_STRUCT */ - /* Return the effective user id */ uid_t crgetuid(const cred_t *cr) |