Mercurial > illumos > illumos-gate
changeset 4321:a8930ec16e52
PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris
4994017 data structure sharing between rpcbind and libnsl leads to accidents
6549510 Need the ability to store SIDs in the Solaris cred_t
6549515 PSARC 2007/064: uid_t and gid_t to become unsigned
line wrap: on
line diff
--- a/usr/src/cmd/allocate/allocate3.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/allocate/allocate3.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -279,7 +279,7 @@ else if (!DEV_ALLOCATED(fip->fi_stat)) (void) printf("owner=/FREE%s", KV_DELIMITER); else - (void) printf("owner=%ld%s", fip->fi_stat.st_uid, + (void) printf("owner=%u%s", fip->fi_stat.st_uid, KV_DELIMITER); } (void) printf("files=%s", dm->dmap_devlist);
--- a/usr/src/cmd/bnu/ct.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/bnu/ct.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -532,8 +531,8 @@ if (*_Tty != '\0') { CDEBUG(5, "chmod/chown %s\n", _Tty); if (chown(_Tty , UUCPUID, TTYGID) < 0 ) { - CDEBUG(5, "Can't chown to uid=%ld, ", (long) UUCPUID); - CDEBUG(5, "gid=%ld\n", (long) TTYGID); + CDEBUG(5, "Can't chown to uid=%u, ", UUCPUID); + CDEBUG(5, "gid=%u\n", TTYGID); } if (chmod(_Tty , TTYMOD) < 0) { CDEBUG(5, "Can't chmod to %lo\n", (unsigned long) TTYMOD);
--- a/usr/src/cmd/bnu/in.uucpd.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/bnu/in.uucpd.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -67,7 +66,8 @@ #endif /* check for stupidity */ char lastlog[] = "/var/adm/lastlog"; -struct passwd nouser = { "", "nope", -1, -1, "", "", "", "", "" }; +struct passwd nouser = { + "", "nope", (uid_t)-1, (gid_t)-1, "", "", "", "", "" }; #ifdef ATTSVR4 struct spwd noupass = { "", "nope" }; #endif
--- a/usr/src/cmd/chown/chown.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/chown/chown.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -56,8 +56,8 @@ static struct passwd *pwd; static struct group *grp; static struct stat stbuf; -static uid_t uid = -1; -static gid_t gid = -1; +static uid_t uid = (uid_t)-1; +static gid_t gid = (gid_t)-1; static int status = 0; /* total number of errors received */ static int hflag = 0, rflag = 0, @@ -196,7 +196,7 @@ } else { if (isnumber(grpp)) { errno = 0; - gid = (gid_t)strtol(grpp, NULL, 10); + gid = (gid_t)strtoul(grpp, NULL, 10); if (errno != 0) { if (errno == ERANGE) { (void) fprintf(stderr, gettext( @@ -221,7 +221,7 @@ } else { if (isnumber(argv[0])) { errno = 0; - uid = (uid_t)strtol(argv[0], NULL, 10); + uid = (uid_t)strtoul(argv[0], NULL, 10); if (errno != 0) { if (errno == ERANGE) { (void) fprintf(stderr, gettext(
--- a/usr/src/cmd/cmd-inet/usr.lib/pppoe/options.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/cmd-inet/usr.lib/pppoe/options.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -22,7 +21,7 @@ /* * PPPoE Server-mode daemon option parsing. * - * Copyright 2000-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -2295,9 +2294,9 @@ (void) fprintf(fp, "\t %s: debug level %d", sep->se_name, sep->se_debug); if (sep->se_flags & SEF_UIDSET) - (void) fprintf(fp, ", UID %ld", sep->se_uid); + (void) fprintf(fp, ", UID %u", sep->se_uid); if (sep->se_flags & SEF_GIDSET) - (void) fprintf(fp, ", GID %ld", sep->se_gid); + (void) fprintf(fp, ", GID %u", sep->se_gid); if (sep->se_flags & SEF_WILD) (void) fprintf(fp, ", wildcard"); else if (sep->se_flags & SEF_NOWILD)
--- a/usr/src/cmd/cpio/cpio.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/cpio/cpio.c Fri May 25 05:43:42 2007 -0700 @@ -442,10 +442,10 @@ static -gid_t Lastgid = -1; /* Used with -t & -v to record current gid */ +gid_t Lastgid = (gid_t)-1; /* Used with -t & -v to record current gid */ static -uid_t Lastuid = -1; /* Used with -t & -v to record current uid */ +uid_t Lastuid = (uid_t)-1; /* Used with -t & -v to record current uid */ static long Args, /* Mask of selected options */
--- a/usr/src/cmd/filesync/main.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/filesync/main.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -683,6 +682,6 @@ my_umask = umask(0); if (opt_debug & DBG_MISC) - fprintf(stderr, "MISC: my_uid=%ld, my_gid=%ld, my_umask=%03o\n", + fprintf(stderr, "MISC: my_uid=%u, my_gid=%u, my_umask=%03o\n", my_uid, my_gid, my_umask); }
--- a/usr/src/cmd/find/find.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/find/find.c Fri May 25 05:43:42 2007 -0700 @@ -1398,7 +1398,7 @@ #else cp = uid & ((NUID) - 1); #endif - if (uid >= 0 && nc[cp].id == uid && nc[cp].name[0]) + if (nc[cp].id == uid && nc[cp].name[0]) return (nc[cp].name); pw = getpwuid(uid); if (!pw) @@ -1423,7 +1423,7 @@ #else cp = gid & ((NGID) - 1); #endif - if (gid >= 0 && gc[cp].id == gid && gc[cp].name[0]) + if (gc[cp].id == gid && gc[cp].name[0]) return (gc[cp].name); gr = getgrgid(gid); if (!gr) @@ -1566,13 +1566,13 @@ if (cp != NULL) (void) sprintf(uname, "%-8s ", cp); else - (void) sprintf(uname, "%-8ld ", stp->st_uid); + (void) sprintf(uname, "%-8u ", stp->st_uid); cp = getgroup(stp->st_gid); if (cp != NULL) (void) sprintf(gname, "%-8s ", cp); else - (void) sprintf(gname, "%-8ld ", stp->st_gid); + (void) sprintf(gname, "%-8u ", stp->st_gid); if (pmode[0] == 'b' || pmode[0] == 'c') (void) sprintf(fsize, "%3ld,%4ld",
--- a/usr/src/cmd/getfacl/getfacl.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/getfacl/getfacl.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -311,7 +310,7 @@ passwdp = getpwuid(uid); if (passwdp == (struct passwd *)NULL) { /* could not get passwd information: display uid instead */ - (void) sprintf(uidp, "%ld", (long)uid); + (void) sprintf(uidp, "%u", uid); return (uidp); } else return (passwdp->pw_name); @@ -326,7 +325,7 @@ groupp = getgrgid(gid); if (groupp == (struct group *)NULL) { /* could not get group information: display gid instead */ - (void) sprintf(gidp, "%ld", (long)gid); + (void) sprintf(gidp, "%u", gid); return (gidp); } else return (groupp->gr_name);
--- a/usr/src/cmd/grpck/grpck.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/grpck/grpck.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -30,6 +29,7 @@ #pragma ident "%Z%%M% %I% %E% SMI" +#include <sys/param.h> #include <sys/types.h> #include <unistd.h> #include <stdlib.h> @@ -210,7 +210,7 @@ badchar = 0; baddigit = 0; badlognam = 0; - gid = (gid_t)0; + gid = 0; ngroups++; /* Increment number of groups found */ /* Check that entry is not a nameservice redirection */ @@ -274,7 +274,7 @@ } if (baddigit > 0) error(BADGID); - else if (gid < (gid_t)0) + else if (gid > (gid_t)MAXUID) error(BADGID); }
--- a/usr/src/cmd/id/id.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/id/id.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -38,6 +38,7 @@ #include <string.h> #include <project.h> #include <stdlib.h> +#include <alloca.h> #define PWNULL ((struct passwd *)0) #define GRNULL ((struct group *)0) @@ -73,7 +74,8 @@ int c, aflag = 0, project_flag = 0; struct passwd *pwp; int i, j; - gid_t groupids[NGROUPS_UMAX]; + int groupmax = sysconf(_SC_NGROUPS_MAX); + gid_t *groupids = alloca(groupmax * sizeof (gid_t)); struct group *gr; char *user = NULL; @@ -167,10 +169,10 @@ else if (mode == ALLGROUPS) { pgid(gid); if (user) - i = getusergroups(NGROUPS_UMAX, groupids, user, + i = getusergroups(groupmax, groupids, user, prgid); else - i = getgroups(NGROUPS_UMAX, groupids); + i = getgroups(groupmax, groupids); if (i == -1) perror("getgroups"); else if (i > 0) { @@ -193,16 +195,16 @@ if (aflag) { if (user) - i = getusergroups(NGROUPS_UMAX, groupids, user, + i = getusergroups(groupmax, groupids, user, prgid); else - i = getgroups(NGROUPS_UMAX, groupids); + i = getgroups(groupmax, groupids); if (i == -1) perror("getgroups"); else if (i > 0) { (void) printf(" groups="); for (idp = groupids; i--; idp++) { - (void) printf("%d", (int)*idp); + (void) printf("%u", *idp); if (gr = getgrgid(*idp)) (void) printf("(%s)", gr->gr_name); @@ -229,10 +231,10 @@ */ else { if (user) - i = getusergroups(NGROUPS_UMAX, groupids, user, + i = getusergroups(groupmax, groupids, user, prgid); else - i = getgroups(NGROUPS_UMAX, groupids); + i = getgroups(groupmax, groupids); if (i == -1) perror("getgroups"); else if (i > 1) { @@ -240,7 +242,7 @@ for (idp = groupids; i--; idp++) { if (*idp == egid) continue; - (void) printf("%d", (int)*idp); + (void) printf("%u", *idp); if (gr = getgrgid(*idp)) (void) printf("(%s)", gr->gr_name); @@ -309,7 +311,7 @@ if (nflag && (pw = getpwuid(uid)) != PWNULL) (void) printf("%s", pw->pw_name); else - (void) printf("%u", (int)uid); + (void) printf("%u", uid); } static void @@ -320,7 +322,7 @@ if (nflag && (gr = getgrgid(gid)) != GRNULL) (void) printf("%s", gr->gr_name); else - (void) printf("%u", (int)gid); + (void) printf("%u", gid); } static void @@ -348,7 +350,7 @@ } if (s != NULL) (void) printf("%s=", s); - (void) printf("%u", (int)id); + (void) printf("%u", id); switch ((int)how) { case UID: case EUID:
--- a/usr/src/cmd/lastcomm/lc_utils.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/lastcomm/lc_utils.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,8 +19,8 @@ * CDDL HEADER END */ /* - * Copyright (c) 1999-2000 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -281,7 +280,7 @@ static char uidname[NMAX]; if ((pw = getpwuid(uid)) == NULL) { - (void) sprintf(uidname, "%ld", uid); + (void) sprintf(uidname, "%u", uid); return (uidname); } return (pw->pw_name);
--- a/usr/src/cmd/logger/logger.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/logger/logger.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -176,7 +175,7 @@ if ((tag == NULL) && ((tag = getlogin()) == NULL)) { u = getuid(); if ((pw = getpwuid(u)) == NULL) { - (void) sprintf(fmt_uid, "%ld", u); + (void) sprintf(fmt_uid, "%u", u); tag = fmt_uid; } else tag = pw->pw_name;
--- a/usr/src/cmd/login/login.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/login/login.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -271,7 +271,7 @@ /* * Illegal passwd entries. */ -static struct passwd nouser = { "", "no:password", ~ROOTUID }; +static struct passwd nouser = { "", "no:password", (uid_t)-1 }; /* ONC_PLUS EXTRACT END */ /*
--- a/usr/src/cmd/logins/logins.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/logins/logins.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ @@ -400,7 +399,7 @@ displayhead->nextuid = NULL; displayhead->loginID = ""; displayhead->freefield = ""; - displayhead->userID = -1; + displayhead->userID = (uid_t)-1; } @@ -856,7 +855,7 @@ struct pwdinfo *pwdinfo; /* Password aging info */ /* Write the general information */ - (void) fprintf(stdout, "%s:%ld:%s:%ld:%s", + (void) fprintf(stdout, "%s:%u:%s:%u:%s", current->loginID, current->userID, current->groupname == NULL ? "" : current->groupname, @@ -868,7 +867,7 @@ * there if it's supposed to be written) */ for (psecgrp = current->secgrplist; psecgrp; psecgrp = psecgrp->next) { - (void) fprintf(stdout, ":%s:%ld", + (void) fprintf(stdout, ":%s:%u", psecgrp->groupname, psecgrp->groupID); } @@ -926,7 +925,7 @@ struct pwdinfo *pwdinfo; /* Password aging info */ /* Write general information */ - (void) fprintf(stdout, "%-14s %-6ld %-14s %-6ld %s\n", + (void) fprintf(stdout, "%-14s %-6u %-14s %-6u %s\n", current->loginID, current->userID, current->groupname == NULL ? "" : current->groupname, current->groupID, current->freefield); @@ -936,7 +935,7 @@ * (it only exists if it is to be written) */ for (psecgrp = current->secgrplist; psecgrp; psecgrp = psecgrp->next) { - (void) fprintf(stdout, " %-14s %-6ld\n", + (void) fprintf(stdout, " %-14s %-6u\n", psecgrp->groupname, psecgrp->groupID); }
--- a/usr/src/cmd/lp/cmd/lpsched/disp1.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/lp/cmd/lpsched/disp1.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -140,7 +140,7 @@ rp->secure->user = Strdup(pw->pw_name); else { rp->secure->user = Strdup(BIGGEST_NUMBER_S); - (void) sprintf (rp->secure->user, "%ld", md->uid); + (void) sprintf (rp->secure->user, "%u", md->uid); } if ((rp->request->actions & ACT_SPECIAL) == ACT_HOLD)
--- a/usr/src/cmd/lp/cmd/lpsched/files.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/lp/cmd/lpsched/files.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -153,7 +153,7 @@ (void) strftime(time_buf, sizeof (time_buf), NULL, localtime(&(rp->secure->date))); - fdprintf(fd, "= %s, uid %d, gid %d, size %ld, %s\n", + fdprintf(fd, "= %s, uid %u, gid %u, size %ld, %s\n", rp->secure->req_id, rp->secure->uid, rp->secure->gid, rp->secure->size, time_buf); if (rp->slow)
--- a/usr/src/cmd/lp/lib/secure/secure.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/lp/lib/secure/secure.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -125,9 +125,9 @@ * anything strange. */ if ( - secp->uid > MAXUID || secp->uid < -1 + secp->uid > MAXUID || !secp->user - || secp->gid > MAXUID || secp->gid < -1 + || secp->gid > MAXUID || secp->size == 0 || secp->date <= 0 ) { @@ -180,7 +180,7 @@ break; case SC_UID: - (void)fdprintf(fd, "%ld\n", secbufp->uid); + (void)fdprintf(fd, "%u\n", secbufp->uid); break; case SC_USER: @@ -188,7 +188,7 @@ break; case SC_GID: - (void)fdprintf(fd, "%ld\n", secbufp->gid); + (void)fdprintf(fd, "%u\n", secbufp->gid); break; case SC_SIZE: @@ -267,4 +267,3 @@ return; } -
--- a/usr/src/cmd/oamuser/group/add_group.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/oamuser/group/add_group.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -81,7 +80,7 @@ while (fgets(buf, GRPBUFSIZ, etcgrp) != NULL) { /* Check for NameService reference */ if (!newdone && (buf[0] == '+' || buf[0] == '-')) { - (void) fprintf(etctmp, "%s::%ld:\n", group, gid); + (void) fprintf(etctmp, "%s::%u:\n", group, gid); newdone = 1; } @@ -92,7 +91,7 @@ (void) fclose(etcgrp); if (!newdone) { - (void) fprintf(etctmp, "%s::%ld:\n", group, gid); + (void) fprintf(etctmp, "%s::%u:\n", group, gid); } if (rename(GRPTMP, GROUP) < 0) {
--- a/usr/src/cmd/oamuser/group/gid.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/oamuser/group/gid.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -19,11 +18,15 @@ * * CDDL HEADER END */ +/* + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ /* All Rights Reserved */ -#pragma ident "%Z%%M% %I% %E% SMI" /* SVr4.0 1.5 */ +#pragma ident "%Z%%M% %I% %E% SMI" /* SVr4.0 1.5 */ #include <sys/types.h> #include <stdio.h> @@ -64,7 +67,7 @@ "r")) == NULL) return (-1); - if (fscanf(fptr, "%ld\n", &next) == EOF) { + if (fscanf(fptr, "%u\n", &next) == EOF) { (void) pclose(fptr); return (DEFRID + 1); } @@ -98,7 +101,7 @@ gid = -1; last = next; - } while (fscanf(fptr, "%ld\n", &next) != EOF); + } while (fscanf(fptr, "%u\n", &next) != EOF); (void) pclose(fptr);
--- a/usr/src/cmd/oamuser/user/useradd.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/oamuser/user/useradd.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -557,7 +557,7 @@ /* set gid flag */ nargv[argindex++] = "-g"; - (void) sprintf(gidstring, "%ld", gid); + (void) sprintf(gidstring, "%u", gid); nargv[argindex++] = gidstring; /* shell */ @@ -577,7 +577,7 @@ /* set uid flag */ nargv[argindex++] = "-u"; - (void) sprintf(uidstring, "%ld", uid); + (void) sprintf(uidstring, "%u", uid); nargv[argindex++] = uidstring; if (oflag) nargv[argindex++] = "-o"; @@ -641,7 +641,7 @@ "user id"); exit(EX_ID_EXISTS); } - (void) sprintf(uidstring, "%ld", uid); + (void) sprintf(uidstring, "%u", uid); } break;
--- a/usr/src/cmd/oamuser/user/usermod.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/oamuser/user/usermod.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -587,7 +586,7 @@ if (group) { /* set gid flag */ nargv[argindex++] = "-g"; - (void) sprintf(gidstring, "%ld", gid); + (void) sprintf(gidstring, "%u", gid); nargv[argindex++] = gidstring; } @@ -608,7 +607,7 @@ if (uidstr) { /* set uid flag */ nargv[argindex++] = "-u"; - (void) sprintf(uidstring, "%ld", uid); + (void) sprintf(uidstring, "%u", uid); nargv[argindex++] = uidstring; }
--- a/usr/src/cmd/pfexec/pfexec.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/pfexec/pfexec.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -211,8 +210,8 @@ { char *value; uid_t uid, euid; - gid_t gid = -1; - gid_t egid = -1; + gid_t gid = (gid_t)-1; + gid_t egid = (gid_t)-1; struct passwd *pwent; execattr_t *exec; priv_set_t *lset = NULL; @@ -296,7 +295,7 @@ * Set gids/uids and privileges. * */ - if ((gid != -1) || (egid != -1)) { + if ((gid != (gid_t)-1) || (egid != (gid_t)-1)) { if ((setregid(gid, egid) == -1)) { (void) fprintf(stderr, "%s: ", cmd_realpath); (void) fprintf(stderr, gettext("can't set gid\n"));
--- a/usr/src/cmd/pg/pg.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/pg/pg.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -21,7 +20,7 @@ */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -132,7 +131,7 @@ static int fnum, /* which file argument we're in */ pipe_in, /* set when stdin is a pipe */ out_is_tty; /* set if stdout is a tty */ -static gid_t my_pgid; +static pid_t my_pgid; static void on_brk(), end_it(); @@ -1617,9 +1616,9 @@ struct termio ntty; for (;;) { - gid_t my_tgid; - my_tgid = (gid_t)tcgetpgrp(1); - if (my_tgid < (gid_t)0 || my_tgid == my_pgid) + pid_t my_tgid; + my_tgid = tcgetpgrp(1); + if (my_tgid == -1 || my_tgid == my_pgid) break; (void) kill(-my_pgid, SIGTTOU); }
--- a/usr/src/cmd/prstat/prtable.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/prstat/prtable.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -49,7 +48,7 @@ (void) memset(&plwp_tbl, 0, sizeof (plwp_t *) * PLWP_TBL_SZ); } -static int +static uid_t pwd_getid(char *name) { struct passwd *pwd; @@ -60,12 +59,12 @@ } void -pwd_getname(int uid, char *name, int length) +pwd_getname(uid_t uid, char *name, int length) { struct passwd *pwd; if ((pwd = getpwuid(uid)) == NULL) { - (void) snprintf(name, length, "%d", uid); + (void) snprintf(name, length, "%u", uid); } else { (void) snprintf(name, length, "%s", pwd->pw_name); }
--- a/usr/src/cmd/prstat/prtable.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/prstat/prtable.h Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -76,7 +75,7 @@ struct plwp *l_next; } plwp_t; -extern void pwd_getname(int, char *, int); +extern void pwd_getname(uid_t, char *, int); extern void add_uid(nametbl_t *, char *); extern int has_uid(nametbl_t *, uid_t); extern void add_element(table_t *, long);
--- a/usr/src/cmd/ps/ps.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ps/ps.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -232,7 +232,7 @@ static int Zflg; static int hflg; static int Hflg; -static uid_t tuid = -1; +static uid_t tuid = (uid_t)-1; static int errflg; static int ndev; /* number of devices */ @@ -310,7 +310,7 @@ static void add_ugentry(struct ughead *, char *); static int uconv(struct ughead *); static int gconv(struct ughead *); -static int ugfind(uid_t, struct ughead *); +static int ugfind(id_t, struct ughead *); static void prtime(timestruc_t, int, int); static void przom(psinfo_t *); static int namencnt(char *, int, int); @@ -318,6 +318,7 @@ static int print_proc(char *pname); static time_t delta_secs(const timestruc_t *); static int str2id(const char *, pid_t *, long, long); +static int str2uid(const char *, uid_t *, unsigned long, unsigned long); static void *Realloc(void *, size_t); static int pidcmp(const void *p1, const void *p2); @@ -919,15 +920,15 @@ found++; else if (pflg && search(pid, npid, info.pr_pid)) found++; /* ppid in p option arg list */ - else if (uflg && ugfind(info.pr_euid, &euid_tbl)) + else if (uflg && ugfind((id_t)info.pr_euid, &euid_tbl)) found++; /* puid in u option arg list */ - else if (Uflg && ugfind(info.pr_uid, &ruid_tbl)) + else if (Uflg && ugfind((id_t)info.pr_uid, &ruid_tbl)) found++; /* puid in U option arg list */ #ifdef NOT_YET - else if (gflg && ugfind(info.pr_egid, &egid_tbl)) + else if (gflg && ugfind((id_t)info.pr_egid, &egid_tbl)) found++; /* pgid in g option arg list */ #endif /* NOT_YET */ - else if (Gflg && ugfind(info.pr_gid, &rgid_tbl)) + else if (Gflg && ugfind((id_t)info.pr_gid, &rgid_tbl)) found++; /* pgid in G option arg list */ else if (gflg && search(grpid, ngrpid, info.pr_pgid)) found++; /* grpid in g option arg list */ @@ -1253,7 +1254,7 @@ match = 1; tp = other; } - if (!match || (tuid != -1 && tuid != psinfo->pr_euid)) { + if (!match || (tuid != (uid_t)-1 && tuid != psinfo->pr_euid)) { /* * not found OR not matching euid */ @@ -1325,9 +1326,9 @@ if ((pwd = getpwuid(psinfo->pr_euid)) != NULL) (void) printf("%8.8s ", pwd->pw_name); else - (void) printf("%7.7d ", (int)psinfo->pr_euid); + (void) printf("%7.7u ", psinfo->pr_euid); } else if (lflg) { - (void) printf("%6d ", (int)psinfo->pr_euid); + (void) printf("%6u ", psinfo->pr_euid); } (void) printf("%*d", pidwidth, (int)psinfo->pr_pid); /* PID */ if (lflg || fflg) @@ -1551,37 +1552,37 @@ if ((pwd = getpwuid(psinfo->pr_uid)) != NULL) (void) printf("%*s", width, pwd->pw_name); else - (void) printf("%*d", width, (int)psinfo->pr_uid); + (void) printf("%*u", width, psinfo->pr_uid); break; case F_USER: if ((pwd = getpwuid(psinfo->pr_euid)) != NULL) (void) printf("%*s", width, pwd->pw_name); else - (void) printf("%*d", width, (int)psinfo->pr_euid); + (void) printf("%*u", width, psinfo->pr_euid); break; case F_RGROUP: if ((grp = getgrgid(psinfo->pr_gid)) != NULL) (void) printf("%*s", width, grp->gr_name); else - (void) printf("%*d", width, (int)psinfo->pr_gid); + (void) printf("%*u", width, psinfo->pr_gid); break; case F_GROUP: if ((grp = getgrgid(psinfo->pr_egid)) != NULL) (void) printf("%*s", width, grp->gr_name); else - (void) printf("%*d", width, (int)psinfo->pr_egid); + (void) printf("%*u", width, psinfo->pr_egid); break; case F_RUID: - (void) printf("%*d", width, (int)psinfo->pr_uid); + (void) printf("%*u", width, psinfo->pr_uid); break; case F_UID: - (void) printf("%*d", width, (int)psinfo->pr_euid); + (void) printf("%*u", width, psinfo->pr_euid); break; case F_RGID: - (void) printf("%*d", width, (int)psinfo->pr_gid); + (void) printf("%*u", width, psinfo->pr_gid); break; case F_GID: - (void) printf("%*d", width, (int)psinfo->pr_egid); + (void) printf("%*u", width, psinfo->pr_egid); break; case F_PID: (void) printf("%*d", width, (int)psinfo->pr_pid); @@ -1953,7 +1954,7 @@ /* * If name is numeric, ask for numeric id */ - if (str2id(utbl[i].name, &uid, 0, UID_MAX) == 0) + if (str2uid(utbl[i].name, &uid, 0, MAXEPHUID) == 0) pwd = getpwuid(uid); else pwd = getpwnam(utbl[i].name); @@ -1993,7 +1994,7 @@ /* * If name is numeric, ask for numeric id */ - if (str2id(gtbl[i].name, &gid, 0, UID_MAX) == 0) + if (str2uid(gtbl[i].name, (uid_t *)&gid, 0, MAXEPHUID) == 0) grp = getgrgid(gid); else grp = getgrnam(gtbl[i].name); @@ -2109,9 +2110,9 @@ if ((pwd = getpwuid(psinfo->pr_euid)) != NULL) (void) printf("%8.8s ", pwd->pw_name); else - (void) printf("%7.7d ", (int)psinfo->pr_euid); + (void) printf("%7.7u ", psinfo->pr_euid); } else if (lflg) - (void) printf("%6d ", (int)psinfo->pr_euid); + (void) printf("%6u ", psinfo->pr_euid); (void) printf("%*d", pidwidth, (int)psinfo->pr_pid); /* PID */ if (lflg || fflg) @@ -2263,6 +2264,43 @@ return (error); } +/* + * Returns the following: + * + * 0 No error + * EINVAL Invalid number + * ERANGE Value exceeds (min, max) range + */ +static int +str2uid(const char *p, uid_t *val, unsigned long min, unsigned long max) +{ + char *q; + unsigned long number; + int error; + + errno = 0; + number = strtoul(p, &q, 10); + + if (errno != 0 || q == p || *q != '\0') { + if ((error = errno) == 0) { + /* + * strtoul() can fail without setting errno, or it can + * set it to EINVAL or ERANGE. In the case errno is + * still zero, return EINVAL. + */ + error = EINVAL; + } + } else if (number < min || number > max) { + error = ERANGE; + } else { + error = 0; + } + + *val = number; + + return (error); +} + static int pidcmp(const void *p1, const void *p2) {
--- a/usr/src/cmd/ptools/pcred/pcred.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ptools/pcred/pcred.c Fri May 25 05:43:42 2007 -0700 @@ -19,12 +19,13 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" +#include <errno.h> #include <stdio.h> #include <stdio_ext.h> #include <stdlib.h> @@ -59,8 +60,8 @@ static gid_t *groups; static long ngroups_max; -static uid_t uid = -1; -static uid_t gid = -1; +static uid_t uid = (uid_t)-1; +static gid_t gid = (gid_t)-1; int main(int argc, char **argv) @@ -139,9 +140,9 @@ static void credupdate(prcred_t *pcr) { - if (uid != -1) + if (uid != (uid_t)-1) pcr->pr_euid = pcr->pr_ruid = pcr->pr_suid = uid; - if (gid != -1) + if (gid != (gid_t)-1) pcr->pr_egid = pcr->pr_rgid = pcr->pr_sgid = gid; if (ngrp >= 0) { @@ -202,24 +203,18 @@ if (!all && prcred->pr_euid == prcred->pr_ruid && prcred->pr_ruid == prcred->pr_suid) - (void) printf("e/r/suid=%d ", - (int)prcred->pr_euid); + (void) printf("e/r/suid=%u ", prcred->pr_euid); else - (void) printf("euid=%d ruid=%d suid=%d ", - (int)prcred->pr_euid, - (int)prcred->pr_ruid, - (int)prcred->pr_suid); + (void) printf("euid=%u ruid=%u suid=%u ", + prcred->pr_euid, prcred->pr_ruid, prcred->pr_suid); if (!all && prcred->pr_egid == prcred->pr_rgid && prcred->pr_rgid == prcred->pr_sgid) - (void) printf("e/r/sgid=%d\n", - (int)prcred->pr_egid); + (void) printf("e/r/sgid=%u\n", prcred->pr_egid); else - (void) printf("egid=%d rgid=%d sgid=%d\n", - (int)prcred->pr_egid, - (int)prcred->pr_rgid, - (int)prcred->pr_sgid); + (void) printf("egid=%u rgid=%u sgid=%u\n", + prcred->pr_egid, prcred->pr_rgid, prcred->pr_sgid); if (prcred->pr_ngroups != 0 && (all || prcred->pr_ngroups != 1 || @@ -228,7 +223,7 @@ (void) printf("\tgroups:"); for (i = 0; i < prcred->pr_ngroups; i++) - (void) printf(" %d", (int)prcred->pr_groups[i]); + (void) printf(" %u", prcred->pr_groups[i]); (void) printf("\n"); } @@ -259,17 +254,18 @@ } -static id_t +static uint32_t str2id(const char *str) { - long res; + unsigned long res; char *p; - res = strtol(str, &p, 0); - if (p == str || *p != '\0' || res < 0) - return (-1); + errno = 0; + res = strtoul(str, &p, 0); + if (p == str || *p != '\0' || errno != 0) + return ((uint32_t)-1); else - return ((id_t)res); + return ((uint32_t)res); } static gid_t @@ -279,8 +275,8 @@ gid_t res; if (grp == NULL) { - res = str2id(grnam); - if (res < 0) { + res = (gid_t)str2id(grnam); + if (res == (gid_t)-1) { (void) fprintf(stderr, "%s: %s: unknown group" " or bad gid\n", command, grnam); @@ -321,8 +317,8 @@ if (user != NULL) { pwd = getpwnam(user); if (pwd == NULL) { - uid = str2id(user); - if (uid < 0) { + uid = (uid_t)str2id(user); + if (uid == (uid_t)-1) { (void) fprintf(stderr, "%s: %s: unknown user" " or bad uid\n", command, user);
--- a/usr/src/cmd/ptools/ptree/ptree.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ptools/ptree/ptree.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -302,7 +301,7 @@ if (arg++ == NULL) arg = *argv; argv++; - uid = -1; + uid = (uid_t)-1; errno = 0; pid = strtoul(arg, &next, 10); if (errno != 0 || *next != '\0') { @@ -339,7 +338,7 @@ (!zflag || p->zoneid == zoneid)) p->done = 1; - if (uid == -1) + if (uid == (uid_t)-1) break; } }
--- a/usr/src/cmd/pwck/pwck.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/pwck/pwck.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -173,7 +172,7 @@ str = &buf[delim[1] + 1]; uid = strtol(str, &lastc, 10); if (lastc != str + (delim[2] - delim[1]) - 1 || - uid < 0 || uid > MAXUID || errno == ERANGE) + uid > MAXUID || errno == ERANGE) error(ERROR4); /* Check that GID is numeric and <= MAXUID */ @@ -182,7 +181,7 @@ str = &buf[delim[2] + 1]; gid = strtol(str, &lastc, 10); if (lastc != str + (delim[3] - delim[2]) - 1 || - gid < 0 || gid > MAXUID || errno == ERANGE) + gid > MAXUID || errno == ERANGE) error(ERROR5); /* Check initial working directory */
--- a/usr/src/cmd/rmvolmgr/vold.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/rmvolmgr/vold.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -108,8 +108,8 @@ static char *prog_name = NULL; static pid_t prog_pid = 0; static int system_labeled = 0; -static uid_t mnt_uid = -1; -static gid_t mnt_gid = -1; +static uid_t mnt_uid = (uid_t)-1; +static gid_t mnt_gid = (gid_t)-1; static zoneid_t mnt_zoneid = -1; static char mnt_zoneroot[MAXPATHLEN]; static char mnt_userdir[MAXPATHLEN];
--- a/usr/src/cmd/rpcbind/rpcb_svc_com.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/rpcbind/rpcb_svc_com.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -49,6 +49,7 @@ #include <strings.h> #include <rpc/rpc.h> #include <rpc/rpcb_prot.h> +#include <rpcsvc/svc_dg_priv.h> #include <netconfig.h> #include <sys/param.h> #include <errno.h> @@ -677,25 +678,7 @@ * to the original requestor. */ -/* begin kludge XXX */ -/* - * This is from .../libnsl/rpc/svc_dg.c, and is the structure that xprt->xp_p2 - * points to (and shouldn't be here - we should know nothing of its structure). - */ -#define MAX_OPT_WORDS 128 #define RPC_BUF_MAX 65536 /* can be raised if required */ -struct svc_dg_data { - /* XXX: optbuf should be the first field, used by ti_opts.c code */ - struct netbuf optbuf; /* netbuf for options */ - long opts[MAX_OPT_WORDS]; /* options */ - uint_t su_iosz; /* size of send.recv buffer */ - ulong_t su_xid; /* transaction id */ - XDR su_xdrs; /* XDR handle */ - char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */ - char *su_cache; /* cached data, NULL if none */ - struct t_unitdata su_tudata; /* tu_data for recv */ -}; -#define getbogus_data(xprt) ((struct svc_dg_data *)(xprt->xp_p2)) /* * This is from ../ypcmd/yp_b.h @@ -704,8 +687,6 @@ #define YPBINDPROG ((ulong_t)100007) #define YPBINDPROC_SETDOM ((ulong_t)2) -/* end kludge XXX */ - void rpcbproc_callit_com(rqstp, transp, reply_type, versnum) struct svc_req *rqstp; @@ -990,7 +971,7 @@ ma.m_uaddr = NULL; goto error; } - bd = getbogus_data(transp); + bd = get_svc_dg_data(transp); call_msg.rm_xid = forward_register(bd->su_xid, caller, fd, ma.m_uaddr, reply_type, versnum); if (call_msg.rm_xid == 0) { @@ -1493,7 +1474,7 @@ struct svc_dg_data *bd; *(svc_getrpccaller(xprt)) = *(fi->caller_addr); - bd = (struct svc_dg_data *)getbogus_data(xprt); + bd = get_svc_dg_data(xprt); bd->su_xid = fi->caller_xid; /* set xid on reply */ } @@ -1650,7 +1631,7 @@ xprt_set_caller(xprt, fi); /* XXX hack */ - tu_data = &(getbogus_data(xprt)->su_tudata); + tu_data = &(get_svc_dg_data(xprt)->su_tudata); tu_data->addr = xprt->xp_rtaddr; #ifdef SVC_RUN_DEBUG
--- a/usr/src/cmd/rpcsvc/nis/rpc.nisd/resolv_common.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/rpcsvc/nis/rpc.nisd/resolv_common.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,8 +19,8 @@ * CDDL HEADER END */ /* - * Copyright (c) 1993-1999 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -64,10 +63,9 @@ u_long -svc_getxid(xprt) -register SVCXPRT *xprt; +svc_getxid(SVCXPRT *xprt) { - register struct bogus_data *su = getbogus_data(xprt); + struct svc_dg_data *su = get_svc_dg_data(xprt); if (su == NULL) return (0); return (su->su_xid);
--- a/usr/src/cmd/rpcsvc/nis/rpc.nisd/resolv_common.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/rpcsvc/nis/rpc.nisd/resolv_common.h Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -34,6 +33,7 @@ #endif #include <sys/types.h> +#include <rpcsvc/svc_dg_priv.h> /* * Definitions common to rpc.nisd resolv and rpc.resolv code. @@ -47,21 +47,7 @@ #define GETCALLER(xprt) svc_getrpccaller(xprt) #define SETCALLER(xprt, nbufp) xprt->xp_rtaddr.len = nbufp->len; \ memcpy(xprt->xp_rtaddr.buf, nbufp->buf, nbufp->len); -#define MAX_OPT_WORDS 128 #define RPC_BUF_MAX 32768 -struct bogus_data { - /* XXX: optbuf should be the first field, used by ti_opts.c code */ - struct netbuf optbuf; /* netbuf for options */ - long opts[MAX_OPT_WORDS]; /* options */ - u_int su_iosz; /* size of send.recv buffer */ - u_long su_xid; /* transaction id */ - XDR su_xdrs; /* XDR handle */ - char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */ - char *su_cache; /* cached data, NULL if none */ - struct t_unitdata su_tudata; /* tu_data for recv */ -}; -#define getbogus_data(xprt) ((struct bogus_data *)(xprt->xp_p2)) - struct ypfwdreq_key4 { char *map;
--- a/usr/src/cmd/rpcsvc/nis/rpc.nisd/resolv_server/ypresolv_proc.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/rpcsvc/nis/rpc.nisd/resolv_server/ypresolv_proc.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -95,7 +94,7 @@ char tmp[12]; /* max size of 9 rounded up to multiple of 4 bytes */ char buf[MAX_UADDR]; struct netbuf *nbuf; - struct bogus_data *bd = NULL; + struct svc_dg_data *bd = NULL; struct ypfwdreq_key4 *req4 = (struct ypfwdreq_key4 *)req; struct ypfwdreq_key6 *req6 = (struct ypfwdreq_key6 *)req; in_port_t port; @@ -138,7 +137,7 @@ * since we never did a recv on this unreg'ed xprt. */ if (!bd) { /* just set maxlen and buf once */ - bd = getbogus_data(transp); + bd = get_svc_dg_data(transp); bd->su_tudata.addr.maxlen = GETCALLER(transp)->maxlen; bd->su_tudata.addr.buf = GETCALLER(transp)->buf; } @@ -376,7 +375,7 @@ register SVCXPRT *xprt; ulong_t xid; { - register struct bogus_data *su = getbogus_data(xprt); + struct svc_dg_data *su = get_svc_dg_data(xprt); ulong_t old_xid; if (su == NULL) return (0);
--- a/usr/src/cmd/sgs/rtld/amd64/_setup.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/sgs/rtld/amd64/_setup.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -67,8 +67,8 @@ Phdr * phdr = 0; Rt_map * lmp; auxv_t *auxv, *_auxv; - uid_t uid = -1, euid = -1; - gid_t gid = -1, egid = -1; + uid_t uid = (uid_t)-1, euid = (uid_t)-1; + gid_t gid = (gid_t)-1, egid = (gid_t)-1; char *_platform = 0, *_execname = 0, *_emulator = 0; int auxflags = -1; /*
--- a/usr/src/cmd/sgs/rtld/i386/_setup.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/sgs/rtld/i386/_setup.c Fri May 25 05:43:42 2007 -0700 @@ -23,7 +23,7 @@ * Copyright (c) 1988 AT&T * All Rights Reserved * - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -80,8 +80,8 @@ Phdr * phdr = 0; Rt_map * lmp; auxv_t *auxv, *_auxv; - uid_t uid = -1, euid = -1; - gid_t gid = -1, egid = -1; + uid_t uid = (uid_t)-1, euid = (uid_t)-1; + gid_t gid = (gid_t)-1, egid = (gid_t)-1; char *_platform = 0, *_execname = 0, *_emulator = 0; int auxflags = -1; /*
--- a/usr/src/cmd/sgs/rtld/sparc/_setup.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/sgs/rtld/sparc/_setup.c Fri May 25 05:43:42 2007 -0700 @@ -23,7 +23,7 @@ * Copyright (c) 1988 AT&T * All Rights Reserved * - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -75,8 +75,8 @@ Phdr * phdr = 0; Rt_map * lmp; auxv_t *auxv, *_auxv; - uid_t uid = -1, euid = -1; - gid_t gid = -1, egid = -1; + uid_t uid = (uid_t)-1, euid = (uid_t)-1; + gid_t gid = (gid_t)-1, egid = (gid_t)-1; char *_platform = 0, *_execname = 0; int auxflags = -1; #ifdef A_OUT
--- a/usr/src/cmd/sgs/rtld/sparcv9/_setup.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/sgs/rtld/sparcv9/_setup.c Fri May 25 05:43:42 2007 -0700 @@ -23,7 +23,7 @@ * Copyright (c) 1988 AT&T * All Rights Reserved * - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -70,8 +70,8 @@ Phdr *phdr = 0; Rt_map *lmp; auxv_t *auxv, *_auxv; - uid_t uid = -1, euid = -1; - gid_t gid = -1, egid = -1; + uid_t uid = (uid_t)-1, euid = (uid_t)-1; + gid_t gid = (gid_t)-1, egid = (gid_t)-1; char *_platform = 0, *_execname = 0; int auxflags = -1;
--- a/usr/src/cmd/smserverd/myaudit.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/smserverd/myaudit.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -94,11 +94,11 @@ void audit_init(door_data_t *door_dp) { - door_dp->audit_auid = -1; - door_dp->audit_uid = -1; - door_dp->audit_euid = -1; - door_dp->audit_gid = -1; - door_dp->audit_egid = -1; + door_dp->audit_auid = (uid_t)-1; + door_dp->audit_uid = (uid_t)-1; + door_dp->audit_euid = (uid_t)-1; + door_dp->audit_gid = (gid_t)-1; + door_dp->audit_egid = (gid_t)-1; door_dp->audit_pid = -1; door_dp->audit_tid.at_port = 0; door_dp->audit_tid.at_type = 0; @@ -261,7 +261,7 @@ audit_selected(door_data_t *door_dp) { - if (door_dp->audit_uid < 0) { + if (door_dp->audit_uid > MAXUID) { (void) audit_save_namask(door_dp); return (audit_na_selected(door_dp)); }
--- a/usr/src/cmd/ssh/libopenbsd-compat/common/bsd-getpeereid.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ssh/libopenbsd-compat/common/bsd-getpeereid.c Fri May 25 05:43:42 2007 -0700 @@ -23,7 +23,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -57,9 +57,9 @@ if (getpeerucred(s, &ucred) == -1) return (-1); - if ((*euid = ucred_geteuid(ucred)) == -1) + if ((*euid = ucred_geteuid(ucred)) == (uid_t)-1) return (-1); - if ((*gid = ucred_getrgid(ucred)) == -1) + if ((*gid = ucred_getrgid(ucred)) == (gid_t)-1) return (-1); ucred_free(ucred);
--- a/usr/src/cmd/ssh/libssh/Makefile.com Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ssh/libssh/Makefile.com Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. @@ -19,7 +18,7 @@ # # CDDL HEADER END # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2007 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -96,7 +95,9 @@ LIBS = $(LIBRARY) $(LINTLIB) # definitions for lint -LINTFLAGS += $(OPENSSL_LDFLAGS) -lcrypto -lz -lsocket -lnsl -lc +# Until libz is compiled against unsigned uid/gid ON bits. +#LINTFLAGS += $(OPENSSL_LDFLAGS) -lcrypto -lz -lsocket -lnsl -lc +LINTFLAGS += $(OPENSSL_LDFLAGS) -lcrypto -lsocket -lnsl -lc $(LINTLIB) := SRCS = $(SRCDIR)/$(LINTSRC) POFILE_DIR= ../..
--- a/usr/src/cmd/ssh/sshd/sshd.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ssh/sshd/sshd.c Fri May 25 05:43:42 2007 -0700 @@ -41,7 +41,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -737,7 +737,7 @@ #else gidset[0] = pw->pw_gid; if (setgid(pw->pw_gid) < 0) - fatal("setgid failed for %ld", pw->pw_gid); + fatal("setgid failed for %u", pw->pw_gid); if (setgroups(1, gidset) < 0) fatal("setgroups: %.100s", strerror(errno)); permanently_set_uid(pw);
--- a/usr/src/cmd/svc/common/manifest_hash.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/svc/common/manifest_hash.h Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -43,8 +43,8 @@ #define MHASH_PG_FLAGS 0 #define MHASH_PROP "md5sum" -#define MHASH_FORMAT_V1 "%llx%lx%llx%lx" -#define MHASH_FORMAT_V2 "%lx%lx%llx%lx" +#define MHASH_FORMAT_V1 "%llx%x%llx%lx" +#define MHASH_FORMAT_V2 "%x%x%llx%lx" #define MHASH_NEWFILE (0) #define MHASH_RECONCILED (1)
--- a/usr/src/cmd/svc/configd/rc_node.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/svc/configd/rc_node.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1012,7 +1012,7 @@ } uid = ucred_geteuid(uc); - assert(uid != -1); + assert(uid != (uid_t)-1); uap = getuseruid(uid); if (uap != NULL) {
--- a/usr/src/cmd/truss/actions.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/truss/actions.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -773,6 +773,13 @@ #endif fmt = "= %#lo"; break; + case UNS: +#ifdef _LP64 + if (data_model == PR_MODEL_ILP32) + rv1 &= 0xffffffff; +#endif + fmt = "= %lu"; + break; default: fmt = "= %ld"; break; @@ -806,6 +813,13 @@ #endif fmt = " [%#lo]"; break; + case UNS: +#ifdef _LP64 + if (data_model == PR_MODEL_ILP32) + rv2 &= 0xffffffff; +#endif + fmt = " [%lu]"; + break; default: fmt = " [%ld]"; break;
--- a/usr/src/cmd/truss/expound.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/truss/expound.c Fri May 25 05:43:42 2007 -0700 @@ -435,10 +435,10 @@ while (nproc > 0 && Pread(Proc, &fubuf, sizeof (fubuf), offset) == sizeof (fubuf)) { - (void) printf("%s\tpid=%-5d uid=%-5d flags=%s\n", + (void) printf("%s\tpid=%-5d uid=%-5u flags=%s\n", pri->pname, (int)fubuf.fu_pid, - (int)fubuf.fu_uid, + fubuf.fu_uid, fuflags(pri, fubuf.fu_flags)); nproc--; offset += sizeof (fubuf); @@ -1015,11 +1015,11 @@ if (Pread(Proc, &strrecvfd, sizeof (strrecvfd), offset) == sizeof (strrecvfd)) { (void) printf( - "%s\tfd=%-5d uid=%-5d gid=%d\n", + "%s\tfd=%-5d uid=%-5u gid=%u\n", pri->pname, strrecvfd.fd, - (int)strrecvfd.uid, - (int)strrecvfd.gid); + strrecvfd.uid, + strrecvfd.gid); } } @@ -2131,13 +2131,13 @@ static void show_perm64(private_t *pri, struct ipc_perm64 *ip) { - (void) printf("%s\tu=%-5d g=%-5d cu=%-5d cg=%-5d z=%-5d " + (void) printf("%s\tu=%-5u g=%-5u cu=%-5u cg=%-5u z=%-5d " "m=0%.6o key=%d projid=%-5d\n", pri->pname, - (int)ip->ipcx_uid, - (int)ip->ipcx_gid, - (int)ip->ipcx_cuid, - (int)ip->ipcx_cgid, + ip->ipcx_uid, + ip->ipcx_gid, + ip->ipcx_cuid, + ip->ipcx_cgid, (int)ip->ipcx_zoneid, (unsigned int)ip->ipcx_mode, ip->ipcx_key, @@ -2150,10 +2150,10 @@ (void) printf( "%s\tu=%-5u g=%-5u cu=%-5u cg=%-5u m=0%.6o seq=%u key=%d\n", pri->pname, - (int)ip->uid, - (int)ip->gid, - (int)ip->cuid, - (int)ip->cgid, + ip->uid, + ip->gid, + ip->cuid, + ip->cgid, (int)ip->mode, ip->seq, ip->key); @@ -2970,9 +2970,9 @@ signame(pri, sip->si_signo)); if (sip->si_signo != 0 && SI_FROMUSER(sip) && sip->si_pid != 0) { - (void) printf(" pid=%d uid=%d", + (void) printf(" pid=%d uid=%u", (int)sip->si_pid, - (int)sip->si_uid); + sip->si_uid); if (sip->si_code != 0) (void) printf(" code=%d", sip->si_code); (void) fputc('\n', stdout); @@ -3675,14 +3675,14 @@ * value. We accept short reads that fill the whole header. */ if (sz >= sizeof (ucred_t) && sz >= uc->uc_size) { - (void) printf("%s\teuid=%d egid=%d\n", + (void) printf("%s\teuid=%u egid=%u\n", pri->pname, - (int)ucred_geteuid(uc), - (int)ucred_getegid(uc)); - (void) printf("%s\truid=%d rgid=%d\n", + ucred_geteuid(uc), + ucred_getegid(uc)); + (void) printf("%s\truid=%u rgid=%u\n", pri->pname, - (int)ucred_getruid(uc), - (int)ucred_getrgid(uc)); + ucred_getruid(uc), + ucred_getrgid(uc)); (void) printf("%s\tpid=%d zoneid=%d\n", pri->pname, (int)ucred_getpid(uc),
--- a/usr/src/cmd/truss/print.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/truss/print.c Fri May 25 05:43:42 2007 -0700 @@ -123,6 +123,16 @@ "%lu", val); } +/* print as unsigned decimal, except for -1 */ +void +prt_un1(private_t *pri, int raw, long val) +{ + if ((int)val == -1) + prt_dec(pri, raw, val); + else + prt_uns(pri, raw, val); +} + /*ARGSUSED*/ void prt_oct(private_t *pri, int raw, long val) /* print as octal */ @@ -2680,5 +2690,6 @@ prt_rcf, /* RCF -- print rctlsys_ctl() flags */ prt_fxf, /* FXF -- print forkx() flags */ prt_spf, /* SPF -- print rctlsys_projset() flags */ + prt_un1, /* UN1 -- as prt_uns except for -1 */ prt_dec, /* HID -- hidden argument, make this the last one */ };
--- a/usr/src/cmd/truss/print.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/truss/print.h Fri May 25 05:43:42 2007 -0700 @@ -134,7 +134,8 @@ #define RCF 92 /* print rctlsys_ctl flags */ #define FXF 93 /* print forkx flags */ #define SPF 94 /* print rctlsys_projset flags */ -#define HID 95 /* hidden argument, don't print */ +#define UN1 95 /* unsigned except for -1 */ +#define HID 96 /* hidden argument, don't print */ /* make sure HID is always the last member */ /*
--- a/usr/src/cmd/truss/systable.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/truss/systable.c Fri May 25 05:43:42 2007 -0700 @@ -243,8 +243,8 @@ {"getpid", 0, DEC, DEC}, /* 20 */ {"mount", 8, DEC, NOV, STG, STG, MTF, MFT, HEX, DEC, HEX, DEC}, /* 21 */ {"umount", 1, DEC, NOV, STG}, /* 22 */ -{"setuid", 1, DEC, NOV, DEC}, /* 23 */ -{"getuid", 0, DEC, DEC}, /* 24 */ +{"setuid", 1, DEC, NOV, UNS}, /* 23 */ +{"getuid", 0, UNS, UNS}, /* 24 */ {"stime", 1, DEC, NOV, DEC}, /* 25 */ {"pcsample", 2, DEC, NOV, HEX, DEC}, /* 26 */ {"alarm", 1, DEC, NOV, UNS}, /* 27 */ @@ -266,8 +266,8 @@ {"times", 1, DEC, NOV, HEX}, /* 43 */ {"profil", 4, DEC, NOV, HEX, UNS, HEX, OCT}, /* 44 */ {"plock", 1, DEC, NOV, PLK}, /* 45 */ -{"setgid", 1, DEC, NOV, DEC}, /* 46 */ -{"getgid", 0, DEC, DEC}, /* 47 */ +{"setgid", 1, DEC, NOV, UNS}, /* 46 */ +{"getgid", 0, UNS, UNS}, /* 47 */ {"signal", 2, HEX, NOV, SIG, ACT}, /* 48 */ {"msgsys", 6, DEC, NOV, DEC, DEC, DEC, DEC, DEC, DEC}, /* 49 */ {"sysi86", 4, HEX, NOV, S86, HEX, HEX, HEX, DEC, DEC}, /* 50 */ @@ -298,7 +298,7 @@ {"exacctsys", 6, DEC, NOV, DEC, IDT, DEC, HEX, DEC, HEX}, /* 72 */ {"getpagesizes", 2, DEC, NOV, HEX, DEC}, /* 73 */ {"rctlsys", 6, DEC, NOV, RSC, STG, HEX, HEX, DEC, DEC}, /* 74 */ -{"issetugid", 0, DEC, NOV}, /* 75 */ +{"sidsys", 4, UNS, UNS, DEC, DEC, DEC, DEC}, /* 75 */ {"fsat", 6, DEC, NOV, HEX, HEX, HEX, HEX, HEX, HEX}, /* 76 */ {"lwp_park", 3, DEC, NOV, DEC, HEX, DEC}, /* 77 */ {"sendfilev", 5, DEC, NOV, DEC, DEC, HEX, DEC, HEX}, /* 78 */ @@ -359,12 +359,12 @@ {"putpmsg", 5, DEC, NOV, DEC, HEX, HEX, DEC, HHX}, /* 133 */ {"rename", 2, DEC, NOV, STG, STG}, /* 134 */ {"uname", 1, DEC, NOV, HEX}, /* 135 */ -{"setegid", 1, DEC, NOV, DEC}, /* 136 */ +{"setegid", 1, DEC, NOV, UNS}, /* 136 */ {"sysconfig", 1, DEC, NOV, CNF}, /* 137 */ {"adjtime", 2, DEC, NOV, HEX, HEX}, /* 138 */ {"sysinfo", 3, DEC, NOV, INF, RST, DEC}, /* 139 */ {"sharefs", 3, DEC, NOV, DEC, HEX, DEC}, /* 140 */ -{"seteuid", 1, DEC, NOV, DEC}, /* 141 */ +{"seteuid", 1, DEC, NOV, UNS}, /* 141 */ {"forksys", 2, DEC, NOV, DEC, HHX}, /* 142 */ {"fork1", 0, DEC, NOV}, /* 143 */ {"sigtimedwait", 3, DEC, NOV, HEX, HEX, HEX}, /* 144 */ @@ -425,8 +425,8 @@ {"nanosleep", 2, DEC, NOV, HEX, HEX}, /* 199 */ {"facl", 4, DEC, NOV, DEC, ACL, DEC, HEX}, /* 200 */ {"door", 6, DEC, NOV, DEC, HEX, HEX, HEX, HEX, DEC}, /* 201 */ -{"setreuid", 2, DEC, NOV, DEC, DEC}, /* 202 */ -{"setregid", 2, DEC, NOV, DEC, DEC}, /* 203 */ +{"setreuid", 2, DEC, NOV, UN1, UN1}, /* 202 */ +{"setregid", 2, DEC, NOV, UN1, UN1}, /* 203 */ {"install_utrap", 3, DEC, NOV, DEC, HEX, HEX}, /* 204 */ {"signotify", 3, DEC, NOV, DEC, HEX, HEX}, /* 205 */ {"schedctl", 0, HEX, NOV}, /* 206 */ @@ -700,6 +700,7 @@ {"getprivimplinfo", 5, DEC, NOV, HID, HID, HID, HEX, DEC}, /* 2 */ {"setpflags", 3, DEC, NOV, HID, PFL, DEC}, /* 3 */ {"getpflags", 2, DEC, NOV, HID, PFL}, /* 4 */ +{"issetugid", 0, DEC, NOV, HID}, /* 5 */ }; #define NPRIVSYSCODE (sizeof (privsystable) / sizeof (struct systable)) @@ -829,6 +830,13 @@ }; #define NFORKCODE (sizeof (forktable) / sizeof (struct systable)) +const struct systable sidsystable[] = { +{"allocids", 4, UNS, UNS, HID, DEC, DEC, DEC}, /* 0 */ +{"idmap_reg", 2, DEC, NOV, HID, DEC}, /* 1 */ +{"idmap_unreg", 2, DEC, NOV, HID, DEC}, /* 2 */ +}; +#define NSIDSYSCODE (sizeof (sidsystable) / sizeof (struct systable)) + const struct sysalias sysalias[] = { { "exit", SYS_exit }, { "fork", SYS_forksys }, @@ -984,6 +992,7 @@ { "setrctl", SYS_rctlsys }, { "rctlsys_lst", SYS_rctlsys }, { "rctlsys_ctl", SYS_rctlsys }, + { "allocids", SYS_sidsys }, { NULL, 0 } /* end-of-list */ }; @@ -1129,6 +1138,10 @@ if ((unsigned)subcode < NFORKCODE) stp = &forktable[subcode]; break; + case SYS_sidsys: /* SID family */ + if ((unsigned)subcode < NSIDSYSCODE) + stp = &sidsystable[subcode]; + break; } } @@ -1287,6 +1300,7 @@ case SYS_zone: /* zone */ case SYS_labelsys: /* labelsys */ case SYS_rctlsys: /* rctlsys */ + case SYS_sidsys: /* sidsys */ subcode = arg0; break; case SYS_fcntl: /* fcntl() */ @@ -1349,7 +1363,8 @@ + NZONECODE - 1 + NLABELCODE - 1 + NRCTLCODE - 1 - + NFORKCODE - 1); + + NFORKCODE - 1 + + NSIDSYSCODE - 1); } /* @@ -1425,6 +1440,8 @@ return (NRCTLCODE); case SYS_forksys: return (NFORKCODE); + case SYS_sidsys: + return (NSIDSYSCODE); default: return (1); }
--- a/usr/src/cmd/ttymon/ttymon.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ttymon/ttymon.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -237,7 +237,7 @@ endgrent(); endpwent(); #ifdef DEBUG - debug("Uucp_uid = %ld, Tty_gid = %ld", Uucp_uid, Tty_gid); + debug("Uucp_uid = %u, Tty_gid = %u", Uucp_uid, Tty_gid); #endif log("Initialization Completed");
--- a/usr/src/cmd/ypcmd/ypserv_resolv_common.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ypcmd/ypserv_resolv_common.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,8 +19,8 @@ * CDDL HEADER END */ /* - * Copyright (c) 1995-1999 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -82,7 +81,7 @@ u_long svc_getxid(SVCXPRT *xprt) { - register struct bogus_data *su = getbogus_data(xprt); + struct svc_dg_data *su = get_svc_dg_data(xprt); if (su == NULL) return (0);
--- a/usr/src/cmd/ypcmd/ypserv_resolv_common.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/cmd/ypcmd/ypserv_resolv_common.h Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -46,35 +45,24 @@ #define xdrproc_t bool #define GETCALLER(xprt) svc_getcaller(xprt) #define SETCALLER(xprt, addrp) *(svc_getcaller(xprt)) = *addrp; -struct bogus_data { +struct svc_dg_data { u_int su_iosz; u_long su_xid; XDR su_xdrs; /* XDR handle */ char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */ char *su_cache; /* cached data, NULL if no cache */ }; -#define getbogus_data(xprt) ((struct bogus_data *) (xprt->xp_p2)) +#define get_svc_dg_data(xprt) ((struct svc_dg_data *) (xprt->xp_p2)) #else /* ****** 5.x ******** */ +#include <rpcsvc/svc_dg_priv.h> + #define MAX_UADDR 25 #define GETCALLER(xprt) svc_getrpccaller(xprt) #define SETCALLER(xprt, nbufp) xprt->xp_rtaddr.len = nbufp->len; \ memcpy(xprt->xp_rtaddr.buf, nbufp->buf, nbufp->len); -#define MAX_OPT_WORDS 128 #define RPC_BUF_MAX 32768 -struct bogus_data { - /* XXX: optbuf should be the first field, used by ti_opts.c code */ - struct netbuf optbuf; /* netbuf for options */ - long opts[MAX_OPT_WORDS]; /* options */ - u_int su_iosz; /* size of send.recv buffer */ - u_long su_xid; /* transaction id */ - XDR su_xdrs; /* XDR handle */ - char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */ - char *su_cache; /* cached data, NULL if none */ - struct t_unitdata su_tudata; /* tu_data for recv */ -}; -#define getbogus_data(xprt) ((struct bogus_data *) (xprt->xp_p2)) #endif /* ****** end ******** */
--- a/usr/src/common/acl/acl_common.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/common/acl/acl_common.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -41,14 +40,16 @@ ace_t trivial_acl[] = { - {-1, 0, ACE_OWNER, ACE_ACCESS_DENIED_ACE_TYPE}, - {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| + {(uid_t)-1, 0, ACE_OWNER, ACE_ACCESS_DENIED_ACE_TYPE}, + {(uid_t)-1, ACE_WRITE_ACL|ACE_WRITE_OWNER|ACE_WRITE_ATTRIBUTES| ACE_WRITE_NAMED_ATTRS, ACE_OWNER, ACE_ACCESS_ALLOWED_ACE_TYPE}, - {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_DENIED_ACE_TYPE}, - {-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, ACE_ACCESS_ALLOWED_ACE_TYPE}, - {-1, ACE_WRITE_ACL|ACE_WRITE_OWNER| ACE_WRITE_ATTRIBUTES| + {(uid_t)-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, + ACE_ACCESS_DENIED_ACE_TYPE}, + {(uid_t)-1, 0, ACE_GROUP|ACE_IDENTIFIER_GROUP, + ACE_ACCESS_ALLOWED_ACE_TYPE}, + {(uid_t)-1, ACE_WRITE_ACL|ACE_WRITE_OWNER| ACE_WRITE_ATTRIBUTES| ACE_WRITE_NAMED_ATTRS, ACE_EVERYONE, ACE_ACCESS_DENIED_ACE_TYPE}, - {-1, ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_NAMED_ATTRS| + {(uid_t)-1, ACE_READ_ACL|ACE_READ_ATTRIBUTES|ACE_READ_NAMED_ATTRS| ACE_SYNCHRONIZE, ACE_EVERYONE, ACE_ACCESS_ALLOWED_ACE_TYPE} };
--- a/usr/src/grub/grub-0.95/stage2/zfs-include/zfs_acl.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/grub/grub-0.95/stage2/zfs-include/zfs_acl.h Fri May 25 05:43:42 2007 -0700 @@ -26,11 +26,10 @@ #pragma ident "%Z%%M% %I% %E% SMI" -#if defined(_LP64) || defined(_I32LPx) -typedef int uid_t; /* UID type */ -#else -typedef long uid_t; /* (historical version) */ -#endif +#ifndef _UID_T +#define _UID_T +typedef unsigned int uid_t; /* UID type */ +#endif /* _UID_T */ typedef struct ace { uid_t a_who; /* uid or gid */
--- a/usr/src/head/Makefile Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/head/Makefile Fri May 25 05:43:42 2007 -0700 @@ -246,6 +246,7 @@ nis_db.h \ nis_tags.h \ nislib.h \ + svc_dg_priv.h \ yp_prot.h \ ypclnt.h \ yppasswd.h \
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/head/rpcsvc/svc_dg_priv.h Fri May 25 05:43:42 2007 -0700 @@ -0,0 +1,64 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#ifndef _SVC_DG_PRIV_H +#define _SVC_DG_PRIV_H + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * The svc_dg_data private datastructure shared by some services + * for nefarious reasons. THIS IS NOT AN INTERFACE. DO NOT USE. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#define MAX_OPT_WORDS 128 /* needs to fit a ucred */ + +/* + * kept in xprt->xp_p2 + */ +struct svc_dg_data { + /* Note: optbuf must be the first field, used by ti_opts.c code */ + struct netbuf optbuf; /* netbuf for options */ + int opts[MAX_OPT_WORDS]; /* options */ + uint_t su_iosz; /* size of send.recv buffer */ + uint32_t su_xid; /* transaction id */ + XDR su_xdrs; /* XDR handle */ + char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */ + char *su_cache; /* cached data, NULL if none */ + struct t_unitdata su_tudata; /* tu_data for recv */ +}; + +#define get_svc_dg_data(xprt) ((struct svc_dg_data *)((xprt)->xp_p2)) + +#ifdef __cplusplus +} +#endif + +#endif /* _SVC_DG_PRIV_H */
--- a/usr/src/head/stdlib.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/head/stdlib.h Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -83,11 +83,7 @@ #ifndef _UID_T #define _UID_T -#if defined(_LP64) || defined(_I32LPx) -typedef int uid_t; /* UID type */ -#else -typedef long uid_t; /* (historical version) */ -#endif +typedef unsigned int uid_t; /* UID type */ #endif /* !_UID_T */ #if defined(__STDC__)
--- a/usr/src/lib/auditd_plugins/syslog/sysplugin.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/auditd_plugins/syslog/sysplugin.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * convert binary audit records to syslog messages and @@ -452,7 +452,7 @@ (void) memcpy(p, uidhash[ix].ht_value, l); len += l - 1; - if (gid != -2) { + if (gid != (gid_t)-2) { p += l - 1; max -= l - 1; if (max < 2) @@ -528,12 +528,12 @@ initial_ctx.out.sf_reclen = 0; initial_ctx.out.sf_pass = 0; initial_ctx.out.sf_asid = 0; - initial_ctx.out.sf_auid = -2; - initial_ctx.out.sf_euid = -2; - initial_ctx.out.sf_egid = -2; + initial_ctx.out.sf_auid = (uid_t)-2; + initial_ctx.out.sf_euid = (uid_t)-2; + initial_ctx.out.sf_egid = (gid_t)-2; initial_ctx.out.sf_tid.at_type = 0; - initial_ctx.out.sf_pauid = -2; - initial_ctx.out.sf_peuid = -2; + initial_ctx.out.sf_pauid = (uid_t)-2; + initial_ctx.out.sf_peuid = (uid_t)2; initial_ctx.out.sf_uauthlen = 0; initial_ctx.out.sf_uauth = NULL; initial_ctx.out.sf_pathlen = 0; @@ -673,13 +673,13 @@ remaining -= used; bp += used; } - if (ctx.out.sf_auid != -2) { + if (ctx.out.sf_auid != (uid_t)-2) { used = getuname(ctx.out.sf_auid, -2, bp, remaining, STRCONSTARGS(" by ")); bp += used; remaining -= used; } - if (ctx.out.sf_euid != -2) { + if (ctx.out.sf_euid != (uid_t)-2) { /* 4 = strlen(" as ") */ used = getuname(ctx.out.sf_euid, ctx.out.sf_egid, bp, remaining, STRCONSTARGS(" as ")); @@ -701,14 +701,14 @@ bp += used; remaining -= used; } - if (ctx.out.sf_pauid != -2) { + if (ctx.out.sf_pauid != (uid_t)-2) { /* 11 = strlen(" proc_auid ") */ used = getuname(ctx.out.sf_pauid, -2, bp, remaining, STRCONSTARGS(" proc_auid ")); bp += used; remaining -= used; } - if (ctx.out.sf_peuid != -2) { + if (ctx.out.sf_peuid != (uid_t)-2) { used = getuname(ctx.out.sf_peuid, -2, bp, remaining, STRCONSTARGS(" proc_uid ")); bp += used;
--- a/usr/src/lib/brand/lx/lx_brand/common/misc.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/brand/lx/lx_brand/common/misc.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -480,7 +480,7 @@ * value (yuck). */ for (i = 0; i < ng; i++) { - if (glist[i] < 0 || glist[i] > MAXUID) + if (glist[i] > MAXUID) glist[i] = MAXUID; } }
--- a/usr/src/lib/libbsm/common/adt.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libbsm/common/adt.c Fri May 25 05:43:42 2007 -0700 @@ -155,7 +155,7 @@ if (auditstate == AUC_DISABLED) { mask->am_success = 0; mask->am_failure = 0; - } else if (uid >= 0) { + } else if (uid <= MAXUID) { if (getpwuid_r(uid, &pwd, pwd_buff, NSS_BUFSIZ) == NULL) { /* * getpwuid_r returns NULL without setting @@ -1507,7 +1507,7 @@ if (!(state->as_have_user_data & ADT_HAVE_ASID)) state->as_info.ai_asid = adt_get_unique_id(ruid); - if (ruid >= 0) { + if (ruid <= MAXEPHUID) { if (adt_get_mask_from_user(ruid, &mask)) return (-1);
--- a/usr/src/lib/libbsm/common/audit_ftpd.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libbsm/common/audit_ftpd.c Fri May 25 05:43:42 2007 -0700 @@ -19,13 +19,14 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" #include <sys/types.h> +#include <sys/param.h> #include <stdio.h> #include <sys/fcntl.h> #include <stdlib.h> @@ -155,8 +156,8 @@ pwd = getpwnam(locuser); if (pwd == NULL) { - uid = -1; - gid = -1; + uid = (uid_t)-1; + gid = (gid_t)-1; } else { uid = pwd->pw_uid; gid = pwd->pw_gid; @@ -233,7 +234,7 @@ struct au_mask mask; mask.am_success = mask.am_failure = 0; - if (uid < 0) { + if (uid > MAXEPHUID) { rc = getacna(naflags, 256); /* get non-attrib flags */ if (rc == 0) (void) getauditflagsbin(naflags, &mask);
--- a/usr/src/lib/libbsm/common/audit_rexd.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libbsm/common/audit_rexd.c Fri May 25 05:43:42 2007 -0700 @@ -19,12 +19,13 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" #include <sys/types.h> +#include <sys/param.h> #include <stdio.h> #include <unistd.h> #include <sys/fcntl.h> @@ -90,7 +91,7 @@ struct au_mask mask; mask.am_success = mask.am_failure = 0; - if (uid < 0) { + if (uid > MAXEPHUID) { rc = getacna(naflags, 256); /* get non-attrib flags */ if (rc == 0) (void) getauditflagsbin(naflags, &mask);
--- a/usr/src/lib/libbsm/common/audit_rexecd.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libbsm/common/audit_rexecd.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -63,7 +63,7 @@ struct au_mask mask; mask.am_success = mask.am_failure = 0; - if (uid < 0) { + if (uid > MAXEPHUID) { rc = getacna(naflags, 256); /* get non-attrib flags */ if (rc == 0) (void) getauditflagsbin(naflags, &mask); @@ -168,8 +168,8 @@ pwd = getpwnam(user); if (pwd == NULL) { - uid = -1; - gid = -1; + uid = (uid_t)-1; + gid = (gid_t)-1; } else { uid = pwd->pw_uid; gid = pwd->pw_gid; @@ -279,8 +279,8 @@ pwd = getpwnam(user); if (pwd == NULL) { - uid = -1; - gid = -1; + uid = (uid_t)-1; + gid = (gid_t)-1; } else { uid = pwd->pw_uid; gid = pwd->pw_gid;
--- a/usr/src/lib/libbsm/common/audit_rshd.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libbsm/common/audit_rshd.c Fri May 25 05:43:42 2007 -0700 @@ -19,12 +19,13 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" #include <sys/types.h> +#include <sys/param.h> #include <stdio.h> #include <sys/fcntl.h> #include <bsm/audit.h> @@ -114,8 +115,8 @@ pwd = getpwnam(locuser); if (pwd == NULL) { - uid = -1; - gid = -1; + uid = (uid_t)-1; + gid = (gid_t)-1; } else { uid = pwd->pw_uid; gid = pwd->pw_gid; @@ -179,7 +180,7 @@ struct au_mask mask; mask.am_success = mask.am_failure = 0; - if (uid < 0) { + if (uid > MAXEPHUID) { rc = getacna(naflags, 256); /* get non-attrib flags */ if (rc == 0) (void) getauditflagsbin(naflags, &mask); @@ -208,7 +209,7 @@ pwd = getpwnam(locuser); if (pwd == NULL) - uid = -1; + uid = (uid_t)-1; else uid = pwd->pw_uid;
--- a/usr/src/lib/libbsm/common/generic.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libbsm/common/generic.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -102,11 +102,11 @@ void aug_init() { - aug_auid = -1; - aug_uid = -1; - aug_euid = -1; - aug_gid = -1; - aug_egid = -1; + aug_auid = (uid_t)-1; + aug_uid = (uid_t)-1; + aug_euid = (uid_t)-1; + aug_gid = (gid_t)-1; + aug_egid = (gid_t)-1; aug_pid = -1; aug_tid.at_port = 0; aug_tid.at_type = AU_IPv4; @@ -420,7 +420,7 @@ (void) au_write(ad, au_to_mylabel()); if (aug_policy & AUDIT_GROUP) { int ng; - gid_t grplst[NGROUPS_MAX]; + gid_t grplst[NGROUPS_UMAX]; (void) memset(grplst, 0, sizeof (grplst)); if ((ng = getgroups(NGROUPS_UMAX, grplst))) { @@ -472,7 +472,7 @@ { auditinfo_addr_t mask; - if (aug_uid < 0) { + if (aug_uid > MAXEPHUID) { (void) aug_save_namask(); return (aug_na_selected()); }
--- a/usr/src/lib/libc/amd64/Makefile Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/amd64/Makefile Fri May 25 05:43:42 2007 -0700 @@ -815,6 +815,7 @@ set_errno.o \ sharefs.o \ shmsys.o \ + sidsys.o \ siginterrupt.o \ signal.o \ sigpending.o \
--- a/usr/src/lib/libc/i386/Makefile.com Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/i386/Makefile.com Fri May 25 05:43:42 2007 -0700 @@ -854,6 +854,7 @@ set_errno.o \ sharefs.o \ shmsys.o \ + sidsys.o \ siginterrupt.o \ signal.o \ sigpending.o \
--- a/usr/src/lib/libc/port/gen/getgrnam_r.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/port/gen/getgrnam_r.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -396,10 +396,9 @@ return (NSS_STR_PARSE_PARSE); } /* - * gids should be non-negative; anything else - * is administrative policy. + * gids should be in the range 0 .. MAXUID */ - if (group->gr_gid < 0) + if (group->gr_gid > MAXUID) group->gr_gid = GID_NOBODY; } if (*next++ != ':') {
--- a/usr/src/lib/libc/port/gen/getpwnam_r.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/port/gen/getpwnam_r.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -330,7 +330,7 @@ * Now we just check for negative uids; anything else * is administrative policy */ - if (passwd->pw_uid < 0) + if (passwd->pw_uid > MAXUID) passwd->pw_uid = UID_NOBODY; } if (*next++ != ':') { @@ -356,7 +356,7 @@ * gid should be non-negative; anything else * is administrative policy. */ - if (passwd->pw_gid < 0) + if (passwd->pw_gid > MAXUID) passwd->pw_gid = GID_NOBODY; } if (*next++ != ':') {
--- a/usr/src/lib/libc/port/gen/initgroups.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/port/gen/initgroups.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -37,6 +36,7 @@ #include <errno.h> #include <grp.h> #include <sys/types.h> +#include <sys/param.h> #include <unistd.h> /* Private interface to the groups code in getgrnam.c */ @@ -68,7 +68,7 @@ groups[0] = agroup; ngroups = _getgroupsbymember(uname, groups, (int)ngroups_max, - (agroup >= 0) ? 1 : 0); + (agroup <= MAXUID) ? 1 : 0); if (ngroups < 0) { /* XXX -- man page does not define a value for errno in */ /* this case. Should be looked into sometime. */
--- a/usr/src/lib/libc/port/gen/privlib.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/port/gen/privlib.c Fri May 25 05:43:42 2007 -0700 @@ -508,7 +508,7 @@ if (flags & PU_RESETGROUPS) (void) setgroups(0, NULL); - if (gid != -1 && setgid(gid) != 0) + if (gid != (gid_t)-1 && setgid(gid) != 0) goto end; perm = priv_allocset(); @@ -520,7 +520,7 @@ (void) setppriv(PRIV_SET, effective, perm); /* Now reset suid and euid */ - if (uid != -1 && setreuid(uid, uid) != 0) + if (uid != (uid_t)-1 && setreuid(uid, uid) != 0) goto end; /* Check for the limit privs */ @@ -549,7 +549,7 @@ if (core_get_process_path(buf, sizeof (buf), getpid()) == 0 && strcmp(buf, "core") == 0) { - if ((uid == -1 ? geteuid() : uid) == 0) { + if ((uid == (uid_t)-1 ? geteuid() : uid) == 0) { (void) core_set_process_path(root_cp, sizeof (root_cp), getpid()); } else {
--- a/usr/src/lib/libc/port/gen/sysconf.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/port/gen/sysconf.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -439,6 +438,9 @@ case _SC_CPUID_MAX: return (_sysconfig(_CONFIG_CPUID_MAX)); + case _SC_EPHID_MAX: + return (_sysconfig(_CONFIG_EPHID_MAX)); + /* UNIX 03 names - XPG6/SUSv3/POSIX.1-2001 */ case _SC_REGEXP:
--- a/usr/src/lib/libc/port/gen/ucred.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/port/gen/ucred.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -115,7 +115,7 @@ if (cr == NULL) { errno = EINVAL; - return (-1); + return ((uid_t)-1); } return (cr->pr_euid); @@ -129,7 +129,7 @@ if (cr == NULL) { errno = EINVAL; - return (-1); + return ((uid_t)-1); } return (cr->pr_ruid); @@ -143,7 +143,7 @@ if (cr == NULL) { errno = EINVAL; - return (-1); + return ((uid_t)-1); } return (cr->pr_suid); @@ -157,7 +157,7 @@ if (cr == NULL) { errno = EINVAL; - return (-1); + return ((gid_t)-1); } return (cr->pr_egid); @@ -171,7 +171,7 @@ if (cr == NULL) { errno = EINVAL; - return (-1); + return ((gid_t)-1); } return (cr->pr_rgid); @@ -185,7 +185,7 @@ if (cr == NULL) { errno = EINVAL; - return (-1); + return ((gid_t)-1); } return (cr->pr_sgid);
--- a/usr/src/lib/libc/port/mapfile-vers Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/port/mapfile-vers Fri May 25 05:43:42 2007 -0700 @@ -1279,6 +1279,7 @@ _acctctl; _acl; _adjtime; + allocids; ___Argv = NODIRECT; _ascftime; _asctime_r; @@ -1596,6 +1597,8 @@ _iconv; _iconv_close; _iconv_open; + idmap_reg; + idmap_unreg; __inf_read; __inf_written; __init_daemon_priv;
--- a/usr/src/lib/libc/port/sys/issetugid.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/port/sys/issetugid.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,8 +19,8 @@ * CDDL HEADER END */ /* - * Copyright (c) 2001 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" @@ -30,10 +29,11 @@ #include "synonyms.h" #include <sys/syscall.h> +#include <sys/priv.h> #include <unistd.h> int issetugid(void) { - return (syscall(SYS_issetugid)); + return (syscall(SYS_privsys, PRIVSYS_ISSETUGID)); }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/lib/libc/port/sys/sidsys.c Fri May 25 05:43:42 2007 -0700 @@ -0,0 +1,69 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * UID/SID mapping system call entries. + */ + +#include "synonyms.h" +#include <sys/sid.h> +#include <sys/syscall.h> + + +int +allocids(int flag, int nuids, uid_t *suid, int ngids, gid_t *sgid) +{ + sysret_t rv; + int e; + + e = __systemcall(&rv, SYS_sidsys, SIDSYS_ALLOC_IDS, flag, nuids, ngids); + + if (e != 0) { + (void) __set_errno(e); + return (-1); + } + + if (suid != NULL) + *suid = (uid_t)rv.sys_rval1; + if (sgid != NULL) + *sgid = (gid_t)rv.sys_rval2; + + return (0); +} + +int +idmap_reg(int fd) +{ + return (syscall(SYS_sidsys, SIDSYS_IDMAP_REG, fd)); +} + +int +idmap_unreg(int fd) +{ + return (syscall(SYS_sidsys, SIDSYS_IDMAP_UNREG, fd)); +}
--- a/usr/src/lib/libc/sparc/Makefile Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/sparc/Makefile Fri May 25 05:43:42 2007 -0700 @@ -880,6 +880,7 @@ set_errno.o \ sharefs.o \ shmsys.o \ + sidsys.o \ siginterrupt.o \ signal.o \ sigpending.o \
--- a/usr/src/lib/libc/sparcv9/Makefile Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libc/sparcv9/Makefile Fri May 25 05:43:42 2007 -0700 @@ -825,6 +825,7 @@ set_errno.o \ sharefs.o \ shmsys.o \ + sidsys.o \ siginterrupt.o \ signal.o \ sigpending.o \
--- a/usr/src/lib/libexacct/demo/exdump.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libexacct/demo/exdump.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -300,7 +299,7 @@ { uid_t uid = o->eo_item.ei_uint32; - (void) printf("%-15lu", uid); + (void) printf("%-15u", uid); if (vflag) { struct passwd *pwd; if ((pwd = getpwuid(uid)) != NULL) @@ -313,7 +312,7 @@ { gid_t gid = o->eo_item.ei_uint32; - (void) printf("%-15lu", gid); + (void) printf("%-15u", gid); if (vflag) { struct group *grp; if ((grp = getgrgid(gid)) != NULL)
--- a/usr/src/lib/libnsl/rpc/netnamer.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libnsl/rpc/netnamer.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -540,7 +540,7 @@ groups[0] = pw.pw_gid; ngroups = _getgroupsbymember(pw.pw_name, groups, NGROUPS_MAX, - (pw.pw_gid >= 0) ? 1 : 0); + (pw.pw_gid <= MAXUID) ? 1 : 0); if (ngroups < 0) { *err = __NSW_UNAVAIL;
--- a/usr/src/lib/libnsl/rpc/svc_dg.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libnsl/rpc/svc_dg.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -45,6 +45,7 @@ #include <sys/types.h> #include <sys/sysmacros.h> #include <rpc/rpc.h> +#include <rpcsvc/svc_dg_priv.h> #include <errno.h> #include <syslog.h> #include <stdlib.h> @@ -63,23 +64,6 @@ static void cache_set(); static int cache_get(); -#define MAX_OPT_WORDS 128 /* needs to fit a ucred */ - -/* - * kept in xprt->xp_p2 - */ -struct svc_dg_data { - /* XXX: optbuf should be the first field, used by ti_opts.c code */ - struct netbuf optbuf; /* netbuf for options */ - int opts[MAX_OPT_WORDS]; /* options */ - uint_t su_iosz; /* size of send.recv buffer */ - uint32_t su_xid; /* transaction id */ - XDR su_xdrs; /* XDR handle */ - char su_verfbody[MAX_AUTH_BYTES]; /* verifier body */ - char *su_cache; /* cached data, NULL if none */ - struct t_unitdata su_tudata; /* tu_data for recv */ -}; -#define su_data(xprt) ((struct svc_dg_data *)(xprt->xp_p2)) #define rpc_buffer(xprt) ((xprt)->xp_p1) /* @@ -108,7 +92,7 @@ /* LINTED pointer alignment */ SVCXPRT_EXT *xt = xprt ? SVCEXT(xprt) : NULL; /* LINTED pointer alignment */ - struct svc_dg_data *su = xprt ? su_data(xprt) : NULL; + struct svc_dg_data *su = xprt ? get_svc_dg_data(xprt) : NULL; if (xprt == NULL) return; @@ -257,7 +241,7 @@ return (NULL); } /* LINTED pointer alignment */ - su->su_iosz = su_data(parent)->su_iosz; + su->su_iosz = get_svc_dg_data(parent)->su_iosz; if ((rpc_buffer(xprt) = malloc(su->su_iosz)) == NULL) { svc_dg_xprtfree(xprt); free(su); @@ -271,7 +255,7 @@ su->su_tudata.opt.buf = (char *)su->opts; su->su_tudata.udata.maxlen = su->su_iosz; su->su_tudata.opt.maxlen = MAX_OPT_WORDS << 2; /* no of bytes */ - xprt->xp_p2 = (caddr_t)su; /* su_data(xprt) = su */ + xprt->xp_p2 = (caddr_t)su; /* get_svc_dg_data(xprt) = su */ xprt->xp_verf.oa_base = su->su_verfbody; return (xprt); @@ -319,7 +303,7 @@ svc_dg_recv(SVCXPRT *xprt, struct rpc_msg *msg) { /* LINTED pointer alignment */ - struct svc_dg_data *su = su_data(xprt); + struct svc_dg_data *su = get_svc_dg_data(xprt); XDR *xdrs = &(su->su_xdrs); struct t_unitdata *tu_data = &(su->su_tudata); int moreflag; @@ -428,7 +412,7 @@ svc_dg_reply(SVCXPRT *xprt, struct rpc_msg *msg) { /* LINTED pointer alignment */ - struct svc_dg_data *su = su_data(xprt); + struct svc_dg_data *su = get_svc_dg_data(xprt); XDR *xdrs = &(su->su_xdrs); bool_t stat = FALSE; xdrproc_t xdr_results; @@ -484,14 +468,15 @@ svc_args_done(xprt); /* LINTED pointer alignment */ return (SVCAUTH_UNWRAP(&SVC_XP_AUTH(xprt), - &(su_data(xprt)->su_xdrs), xdr_args, args_ptr)); + &(get_svc_dg_data(xprt)->su_xdrs), + xdr_args, args_ptr)); } static bool_t svc_dg_freeargs(SVCXPRT *xprt, xdrproc_t xdr_args, caddr_t args_ptr) { /* LINTED pointer alignment */ - XDR *xdrs = &(su_data(xprt)->su_xdrs); + XDR *xdrs = &(get_svc_dg_data(xprt)->su_xdrs); xdrs->x_op = XDR_FREE; return ((*xdr_args)(xdrs, args_ptr)); @@ -623,7 +608,7 @@ */ #define CACHE_LOC(transp, xid) \ (xid % (SPARSENESS * ((struct cl_cache *) \ - su_data(transp)->su_cache)->uc_size)) + get_svc_dg_data(transp)->su_cache)->uc_size)) extern mutex_t dupreq_lock; @@ -649,7 +634,7 @@ else transp = xprt; /* LINTED pointer alignment */ - su = su_data(transp); + su = get_svc_dg_data(transp); (void) mutex_lock(&dupreq_lock); if (su->su_cache != NULL) { @@ -723,9 +708,9 @@ else parent = xprt; /* LINTED pointer alignment */ - su = su_data(xprt); + su = get_svc_dg_data(xprt); /* LINTED pointer alignment */ - uc = (struct cl_cache *)su_data(parent)->su_cache; + uc = (struct cl_cache *)get_svc_dg_data(parent)->su_cache; (void) mutex_lock(&dupreq_lock); /* @@ -836,9 +821,9 @@ else parent = xprt; /* LINTED pointer alignment */ - su = su_data(xprt); + su = get_svc_dg_data(xprt); /* LINTED pointer alignment */ - uc = (struct cl_cache *)su_data(parent)->su_cache; + uc = (struct cl_cache *)get_svc_dg_data(parent)->su_cache; (void) mutex_lock(&dupreq_lock); /* LINTED pointer alignment */
--- a/usr/src/lib/librestart/common/librestart.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/librestart/common/librestart.c Fri May 25 05:43:42 2007 -0700 @@ -1702,11 +1702,11 @@ gid = strtol(str, &cp, 10); if (gid == 0 && errno != 0) - return (-1); + return ((gid_t)-1); for (; *cp != '\0'; ++cp) if (*cp != ' ' || *cp != '\t') - return (-1); + return ((gid_t)-1); return (gid); } else { @@ -1723,7 +1723,7 @@ ret = getgrnam_r(str, &grp, buffer, buflen); free(buffer); - return (ret == NULL ? -1 : grp.gr_gid); + return (ret == NULL ? (gid_t)-1 : grp.gr_gid); } } @@ -1875,7 +1875,7 @@ *end = '\0'; - if ((ci->groups[i] = get_gid(cp)) == -1) { + if ((ci->groups[i] = get_gid(cp)) == (gid_t)-1) { ci->ngroups = 0; return (EINVAL); } @@ -1937,7 +1937,7 @@ /* Get the euid first so we don't override ci->pwd for the uid. */ if ((value = kva_match(eap->attr, EXECATTR_EUID_KW)) != NULL) { if (get_uid(value, ci, &ci->euid) != 0) { - ci->euid = -1; + ci->euid = (uid_t)-1; errstr = "Could not interpret profile euid."; goto out; } @@ -1945,7 +1945,7 @@ if ((value = kva_match(eap->attr, EXECATTR_UID_KW)) != NULL) { if (get_uid(value, ci, &ci->uid) != 0) { - ci->euid = ci->uid = -1; + ci->euid = ci->uid = (uid_t)-1; errstr = "Could not interpret profile uid."; goto out; } @@ -1954,7 +1954,7 @@ if ((value = kva_match(eap->attr, EXECATTR_GID_KW)) != NULL) { ci->egid = ci->gid = get_gid(value); - if (ci->gid == -1) { + if (ci->gid == (gid_t)-1) { errstr = "Could not interpret profile gid."; goto out; } @@ -1962,7 +1962,7 @@ if ((value = kva_match(eap->attr, EXECATTR_EGID_KW)) != NULL) { ci->egid = get_gid(value); - if (ci->egid == -1) { + if (ci->egid == (gid_t)-1) { errstr = "Could not interpret profile egid."; goto out; } @@ -2019,7 +2019,7 @@ } if (get_uid(vbuf, ci, &ci->uid) != 0) { - ci->uid = -1; + ci->uid = (uid_t)-1; errstr = "Could not interpret user property."; goto out; } @@ -2032,7 +2032,7 @@ if (strcmp(vbuf, ":default") != 0) { ci->gid = get_gid(vbuf); - if (ci->gid == -1) { + if (ci->gid == (gid_t)-1) { errstr = "Could not interpret group property."; goto out; } @@ -2043,7 +2043,7 @@ break; case ENOENT: - ci->gid = -1; + ci->gid = (gid_t)-1; errstr = "No passwd entry."; goto out; @@ -2251,10 +2251,10 @@ return (ALLOCFAIL); (void) memset(cip, 0, sizeof (*cip)); - cip->uid = -1; - cip->euid = -1; - cip->gid = -1; - cip->egid = -1; + cip->uid = (uid_t)-1; + cip->euid = (uid_t)-1; + cip->gid = (gid_t)-1; + cip->egid = (gid_t)-1; cip->vbuf_sz = scf_limit(SCF_LIMIT_MAX_VALUE_LENGTH); assert(cip->vbuf_sz >= 0); @@ -2613,9 +2613,9 @@ cip->pwbuf = NULL; *fp = NULL; - if (cip->gid != -1) { + if (cip->gid != (gid_t)-1) { if (setregid(cip->gid, - cip->egid != -1 ? cip->egid : cip->gid) != 0) { + cip->egid != (gid_t)-1 ? cip->egid : cip->gid) != 0) { *fp = "setregid"; ret = errno; @@ -2645,7 +2645,8 @@ } if (setregid(cip->pwd.pw_gid, - cip->egid != -1 ? cip->egid : cip->pwd.pw_gid) != 0) { + cip->egid != (gid_t)-1 ? + cip->egid : cip->pwd.pw_gid) != 0) { *fp = "setregid"; ret = errno; @@ -2816,7 +2817,8 @@ */ *fp = "setreuid"; - if (setreuid(cip->uid, cip->euid != -1 ? cip->euid : cip->uid) != 0) { + if (setreuid(cip->uid, + cip->euid != (uid_t)-1 ? cip->euid : cip->uid) != 0) { ret = errno; assert(ret == EINVAL || ret == EPERM); goto out;
--- a/usr/src/lib/libsec/common/acltext.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libsec/common/acltext.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -89,7 +89,7 @@ passwdp = getpwuid(uid); if (passwdp == (struct passwd *)NULL) { /* could not get passwd information: display uid instead */ - (void) snprintf(uidp, buflen, "%ld", (long)uid); + (void) snprintf(uidp, buflen, "%u", uid); } else { (void) strlcpy(uidp, passwdp->pw_name, buflen); } @@ -105,7 +105,7 @@ groupp = getgrgid(gid); if (groupp == (struct group *)NULL) { /* could not get group information: display gid instead */ - (void) snprintf(gidp, buflen, "%ld", (long)gid); + (void) snprintf(gidp, buflen, "%u", gid); } else { (void) strlcpy(gidp, groupp->gr_name, buflen); }
--- a/usr/src/lib/libsec/common/aclutils.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libsec/common/aclutils.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -488,7 +488,7 @@ acep->a_type = ACE_ACCESS_DENIED_ACE_TYPE; acep->a_flags = 0; if (aclent[i].a_type & GROUP_OBJ) { - acep->a_who = -1; + acep->a_who = (uid_t)-1; acep->a_flags |= (ACE_IDENTIFIER_GROUP|ACE_GROUP); } else if (aclent[i].a_type & USER) { @@ -532,7 +532,7 @@ * differently for each different a_type. */ if (aclent[i].a_type & USER_OBJ) { - acep->a_who = -1; + acep->a_who = (uid_t)-1; acep->a_flags |= ACE_OWNER; ace_make_deny(acep, acep + 1, isdir, B_TRUE); acep += 2; @@ -542,7 +542,7 @@ acep += 2; } else if (aclent[i].a_type & (GROUP_OBJ | GROUP)) { if (aclent[i].a_type & GROUP_OBJ) { - acep->a_who = -1; + acep->a_who = (uid_t)-1; acep->a_flags |= ACE_GROUP; } else { acep->a_who = aclent[i].a_id; @@ -579,7 +579,7 @@ else acep += 1; } else if (aclent[i].a_type & OTHER_OBJ) { - acep->a_who = -1; + acep->a_who = (uid_t)-1; acep->a_flags |= ACE_EVERYONE; ace_make_deny(acep, acep + 1, isdir, B_FALSE); acep += 2; @@ -1841,9 +1841,9 @@ * accurate comparison, since field is undefined. */ if (ace1.a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE)) - ace1.a_who = -1; + ace1.a_who = (uid_t)-1; if (ace2.a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE)) - ace2.a_who = -1; + ace2.a_who = (uid_t)-1; return (memcmp(&ace1, &ace2, sizeof (ace_t))); }
--- a/usr/src/lib/libsldap/common/ns_writes.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/libsldap/common/ns_writes.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1362,8 +1362,8 @@ /* Convert the structure */ ptr = (struct passwd *)data; - if (ptr->pw_name == NULL || ptr->pw_uid < 0 || - ptr->pw_gid < 0 || ptr->pw_dir == NULL) { + if (ptr->pw_name == NULL || ptr->pw_uid > MAXUID || + ptr->pw_gid > MAXUID || ptr->pw_dir == NULL) { __ns_ldap_freeEntry(e); *entry = NULL; return (NS_LDAP_INVALID_PARAM); @@ -1399,22 +1399,14 @@ } } -#ifdef _LP64 - (void) sprintf(ibuf, "%d", ptr->pw_uid); -#else - (void) sprintf(ibuf, "%ld", ptr->pw_uid); -#endif + (void) sprintf(ibuf, "%u", ptr->pw_uid); rc = __s_add_attr(e, "uidNumber", ibuf); if (rc != NS_LDAP_SUCCESS) { __s_cvt_freeEntryRdn(entry, rdn); return (rc); } -#ifdef _LP64 - (void) sprintf(ibuf, "%d", ptr->pw_gid); -#else - (void) sprintf(ibuf, "%ld", ptr->pw_gid); -#endif + (void) sprintf(ibuf, "%u", ptr->pw_gid); rc = __s_add_attr(e, "gidNumber", ibuf); if (rc != NS_LDAP_SUCCESS) { __s_cvt_freeEntryRdn(entry, rdn); @@ -1603,7 +1595,7 @@ /* Convert the structure */ ptr = (struct group *)data; - if (ptr->gr_name == NULL || ptr->gr_gid < 0) { + if (ptr->gr_name == NULL || ptr->gr_gid > MAXUID) { __ns_ldap_freeEntry(e); *entry = NULL; return (NS_LDAP_INVALID_PARAM); @@ -1625,11 +1617,7 @@ return (rc); } -#ifdef _LP64 - (void) sprintf(ibuf, "%d", ptr->gr_gid); -#else - (void) sprintf(ibuf, "%ld", ptr->gr_gid); -#endif + (void) sprintf(ibuf, "%u", ptr->gr_gid); rc = __s_add_attr(e, "gidNumber", ibuf); if (rc != NS_LDAP_SUCCESS) { __s_cvt_freeEntryRdn(entry, rdn);
--- a/usr/src/lib/nsswitch/ldap/common/getgrent.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/nsswitch/ldap/common/getgrent.c Fri May 25 05:43:42 2007 -0700 @@ -40,8 +40,8 @@ #define _F_GETGRNAM "(&(objectClass=posixGroup)(cn=%s))" #define _F_GETGRNAM_SSD "(&(%%s)(cn=%s))" -#define _F_GETGRGID "(&(objectClass=posixGroup)(gidNumber=%ld))" -#define _F_GETGRGID_SSD "(&(%%s)(gidNumber=%ld))" +#define _F_GETGRGID "(&(objectClass=posixGroup)(gidNumber=%u))" +#define _F_GETGRGID_SSD "(&(%%s)(gidNumber=%u))" #define _F_GETGRMEM "(&(objectClass=posixGroup)(memberUid=%s))" #define _F_GETGRMEM_SSD "(&(%%s)(memberUid=%s))" @@ -209,12 +209,12 @@ int ret; ret = snprintf(searchfilter, sizeof (searchfilter), - _F_GETGRGID, (long)argp->key.uid); + _F_GETGRGID, argp->key.uid); if (ret >= sizeof (searchfilter) || ret < 0) return ((nss_status_t)NSS_NOTFOUND); ret = snprintf(userdata, sizeof (userdata), - _F_GETGRGID_SSD, (long)argp->key.uid); + _F_GETGRGID_SSD, argp->key.uid); if (ret >= sizeof (userdata) || ret < 0) return ((nss_status_t)NSS_NOTFOUND);
--- a/usr/src/lib/nsswitch/nisplus/common/getgrent.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/nsswitch/nisplus/common/getgrent.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -71,7 +71,7 @@ nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; char gidstr[12]; /* More than enough */ - (void) snprintf(gidstr, 12, "%ld", argp->key.gid); + (void) snprintf(gidstr, 12, "%u", argp->key.gid); return (_nss_nisplus_lookup(be, argp, GR_TAG_GID, gidstr)); }
--- a/usr/src/lib/passwdutil/switch_utils.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/lib/passwdutil/switch_utils.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -367,10 +366,10 @@ * than 60001 (the rfs limit). If it met either of * these conditions, the uid was translated to 60001. * - * Now we just check for negative uids; anything else + * Now we just check for ephemeral uids; anything else * is administrative policy */ - if (passwd->pw_uid < 0) + if (passwd->pw_uid > MAXUID) passwd->pw_uid = UID_NOBODY; } if (*next++ != ':') { @@ -396,7 +395,7 @@ * gid should be non-negative; anything else * is administrative policy. */ - if (passwd->pw_gid < 0) + if (passwd->pw_gid > MAXUID) passwd->pw_gid = GID_NOBODY; } if (*next++ != ':') {
--- a/usr/src/pkgdefs/SUNWhea/prototype_com Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/pkgdefs/SUNWhea/prototype_com Fri May 25 05:43:42 2007 -0700 @@ -1069,6 +1069,7 @@ f none usr/include/sys/share.h 644 root bin f none usr/include/sys/shm.h 644 root bin f none usr/include/sys/shm_impl.h 644 root bin +f none usr/include/sys/sid.h 644 root bin f none usr/include/sys/siginfo.h 644 root bin f none usr/include/sys/signal.h 644 root bin f none usr/include/sys/sleepq.h 644 root bin
--- a/usr/src/pkgdefs/etc/exception_list_i386 Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/pkgdefs/etc/exception_list_i386 Fri May 25 05:43:42 2007 -0700 @@ -47,6 +47,7 @@ usr/include/auth_list.h i386 usr/include/getxby_door.h i386 usr/include/rpcsvc/daemon_utils.h i386 +usr/include/rpcsvc/svc_dg_priv.h i386 usr/include/priv_utils.h i386 usr/include/bsm/audit_door_infc.h i386 usr/include/bsm/audit_private.h i386
--- a/usr/src/pkgdefs/etc/exception_list_sparc Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/pkgdefs/etc/exception_list_sparc Fri May 25 05:43:42 2007 -0700 @@ -38,6 +38,7 @@ usr/include/auth_list.h sparc usr/include/getxby_door.h sparc usr/include/rpcsvc/daemon_utils.h sparc +usr/include/rpcsvc/svc_dg_priv.h sparc usr/include/priv_utils.h sparc usr/include/bsm/audit_door_infc.h sparc usr/include/bsm/audit_private.h sparc
--- a/usr/src/ucbcmd/groups/groups.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/ucbcmd/groups/groups.c Fri May 25 05:43:42 2007 -0700 @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -53,7 +53,7 @@ for (i = 0; i < ngroups; i++) { gr = getgrgid(groups[i]); if (gr == NULL) { - (void) printf("%s%ld", sep, groups[i]); + (void) printf("%s%u", sep, groups[i]); sep = " "; continue; }
--- a/usr/src/uts/common/Makefile.files Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/Makefile.files Fri May 25 05:43:42 2007 -0700 @@ -251,6 +251,8 @@ rw.o \ rwstlock.o \ sad_conf.o \ + sid.o \ + sidsys.o \ sched.o \ schedctl.o \ seg_dev.o \
--- a/usr/src/uts/common/brand/lx/procfs/lx_prvnops.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/brand/lx/procfs/lx_prvnops.c Fri May 25 05:43:42 2007 -0700 @@ -865,8 +865,8 @@ "Pid:\t%d\n" "PPid:\t%d\n" "TracerPid:\t%d\n" - "Uid:\t%d\t%d\t%d\t%d\n" - "Gid:\t%d\t%d\t%d\t%d\n" + "Uid:\t%u\t%u\t%u\t%u\n" + "Gid:\t%u\t%u\t%u\t%u\n" "FDSize:\t%d\n" "Groups:\t", up->u_comm, @@ -883,7 +883,7 @@ groups = crgetgroups(cr); for (i = 0; i < ngroups; i++) { lxpr_uiobuf_printf(uiobuf, - "%d ", + "%u ", groups[i]); } crfree(cr); @@ -987,12 +987,12 @@ * Set Linux defaults if we're the zone's init process */ if (pid == curproc->p_zone->zone_proc_initpid) { - pid = 1; /* PID for init */ - ppid = 0; /* parent PID for init is 0 */ - pgpid = 0; /* process group for init is 0 */ - psgid = -1; /* credential GID for init is -1 */ - spid = 0; /* session id for init is 0 */ - psdev = 0; /* session device for init is 0 */ + pid = 1; /* PID for init */ + ppid = 0; /* parent PID for init is 0 */ + pgpid = 0; /* process group for init is 0 */ + psgid = (gid_t)-1; /* credential GID for init is -1 */ + spid = 0; /* session id for init is 0 */ + psdev = 0; /* session device for init is 0 */ } else { /* * Make sure not to reference parent PIDs that reside outside
--- a/usr/src/uts/common/c2/audit.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/c2/audit.h Fri May 25 05:43:42 2007 -0700 @@ -62,7 +62,7 @@ * The user id -2 is never audited - in fact, a setauid(AU_NOAUDITID) * will turn off auditing. */ -#define AU_NOAUDITID -2 +#define AU_NOAUDITID ((au_id_t)-2) /* * success/failure bits for asynchronous events
--- a/usr/src/uts/common/c2/audit_event.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/c2/audit_event.c Fri May 25 05:43:42 2007 -0700 @@ -351,7 +351,7 @@ auf_null, 0, aui_null, AUE_NULL, aus_null, /* 74 (loadable) was notused */ auf_null, 0, -aui_null, AUE_NULL, aus_null, /* 75 issetugid */ +aui_null, AUE_NULL, aus_null, /* 75 sidsys */ /* was sigret (SunOS) */ auf_null, 0, aui_fsat, AUE_FSAT, aus_fsat, /* 76 fsat */
--- a/usr/src/uts/common/fs/cachefs/cachefs_log.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/cachefs/cachefs_log.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -866,7 +865,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid)) || + (! xdr_u_int(xdrs, &rec->uid)) || (! xdr_u_longlong_t(xdrs, &rec->offset)) || (! xdr_u_int(xdrs, &rec->len))) return (FALSE); @@ -914,7 +913,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid)) || + (! xdr_u_int(xdrs, &rec->uid)) || (! xdr_u_longlong_t(xdrs, (u_longlong_t *)&rec->offset)) || (! xdr_int(xdrs, &rec->eof))) return (FALSE); @@ -961,7 +960,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid)) || + (! xdr_u_int(xdrs, &rec->uid)) || (! xdr_u_int(xdrs, &rec->length))) return (FALSE); @@ -1006,7 +1005,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid))) + (! xdr_u_int(xdrs, &rec->uid))) return (FALSE); return (TRUE); @@ -1050,7 +1049,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid))) + (! xdr_u_int(xdrs, &rec->uid))) return (FALSE); return (TRUE); @@ -1095,7 +1094,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid)) || + (! xdr_u_int(xdrs, &rec->uid)) || (! xdr_u_longlong_t(xdrs, &rec->size))) return (FALSE); @@ -1142,7 +1141,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid)) || + (! xdr_u_int(xdrs, &rec->uid)) || (! xdr_u_longlong_t(xdrs, (u_longlong_t *)&rec->offset)) || (! xdr_u_int(xdrs, &rec->len))) return (FALSE); @@ -1188,7 +1187,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid))) + (! xdr_u_int(xdrs, &rec->uid))) return (FALSE); return (TRUE); @@ -1234,7 +1233,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid))) + (! xdr_u_int(xdrs, &rec->uid))) return (FALSE); return (TRUE); @@ -1279,7 +1278,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->gone, sizeof (rec->gone))) || (! xdr_int(xdrs, &rec->removed)) || - (! xdr_int(xdrs, &rec->uid))) + (! xdr_u_int(xdrs, &rec->uid))) return (FALSE); return (TRUE); @@ -1325,7 +1324,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid)) || + (! xdr_u_int(xdrs, &rec->uid)) || (! xdr_u_int(xdrs, &rec->size))) return (FALSE); @@ -1550,7 +1549,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid)) || + (! xdr_u_int(xdrs, &rec->uid)) || (! xdr_u_longlong_t(xdrs, (u_longlong_t *)&rec->off)) || (! xdr_u_int(xdrs, &rec->len))) return (FALSE); @@ -1596,7 +1595,7 @@ (! xdr_opaque(xdrs, (caddr_t)&rec->vfsp, sizeof (rec->vfsp))) || (! xdr_opaque(xdrs, (caddr_t)&rec->fid, sizeof (rec->fid))) || (! xdr_ino64(xdrs, &rec->fileno)) || - (! xdr_int(xdrs, &rec->uid))) + (! xdr_u_int(xdrs, &rec->uid))) return (FALSE); return (TRUE);
--- a/usr/src/uts/common/fs/dev/sdev_ptsops.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/dev/sdev_ptsops.c Fri May 25 05:43:42 2007 -0700 @@ -146,8 +146,6 @@ ASSERT(dv->sdev_attr); if (dv->sdev_attr->va_uid != uid || dv->sdev_attr->va_gid != gid) { - ASSERT(uid >= 0); - ASSERT(gid >= 0); dv->sdev_attr->va_uid = uid; dv->sdev_attr->va_gid = gid; gethrestime(&now); @@ -208,8 +206,6 @@ */ *vap = devpts_vattr; vap->va_rdev = makedevice(maj, min); - ASSERT(uid >= 0); - ASSERT(gid >= 0); vap->va_uid = uid; vap->va_gid = gid; gethrestime(&now);
--- a/usr/src/uts/common/fs/fs_subr.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/fs_subr.c Fri May 25 05:43:42 2007 -0700 @@ -23,7 +23,7 @@ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -543,12 +543,12 @@ aclentp->a_type = OTHER_OBJ; /* Other */ aclentp->a_perm = vattr.va_mode & 0007; - aclentp->a_id = -1; /* Really undefined */ + aclentp->a_id = (gid_t)-1; /* Really undefined */ aclentp++; aclentp->a_type = CLASS_OBJ; /* Class */ aclentp->a_perm = (ushort_t)(0007); - aclentp->a_id = -1; /* Really undefined */ + aclentp->a_id = (gid_t)-1; /* Really undefined */ } else if (vsecattr->vsa_mask & (VSA_ACECNT | VSA_ACE)) { vsecattr->vsa_aclcnt = 6; vsecattr->vsa_aclentp = kmem_zalloc(6 * sizeof (ace_t),
--- a/usr/src/uts/common/fs/nfs/nfs_acl_xdr.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/nfs/nfs_acl_xdr.c Fri May 25 05:43:42 2007 -0700 @@ -56,7 +56,7 @@ bool_t xdr_uid(XDR *xdrs, uid32_t *objp) { - if (!xdr_int(xdrs, objp)) + if (!xdr_u_int(xdrs, objp)) return (FALSE); return (TRUE); }
--- a/usr/src/uts/common/fs/proc/prcontrol.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/proc/prcontrol.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -2137,12 +2137,12 @@ uid_t oldruid; int error; - if ((uint_t)prcred->pr_euid > MAXUID || - (uint_t)prcred->pr_ruid > MAXUID || - (uint_t)prcred->pr_suid > MAXUID || - (uint_t)prcred->pr_egid > MAXUID || - (uint_t)prcred->pr_rgid > MAXUID || - (uint_t)prcred->pr_sgid > MAXUID) + if (!VALID_UID(prcred->pr_euid) || + !VALID_UID(prcred->pr_ruid) || + !VALID_UID(prcred->pr_suid) || + !VALID_GID(prcred->pr_egid) || + !VALID_GID(prcred->pr_rgid) || + !VALID_GID(prcred->pr_sgid)) return (EINVAL); if (dogrps) { @@ -2153,7 +2153,7 @@ return (EINVAL); for (i = 0; i < ngrp; i++) { - if ((uint_t)prcred->pr_groups[i] > MAXUID) + if (!VALID_GID(prcred->pr_groups[i])) return (EINVAL); } }
--- a/usr/src/uts/common/fs/proc/prvfsops.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/proc/prvfsops.c Fri May 25 05:43:42 2007 -0700 @@ -72,7 +72,7 @@ VFSDEF_VERSION, "proc", prinit, - VSW_HASPROTO|VSW_STATS, + VSW_HASPROTO|VSW_STATS|VSW_XID, &proc_mntopts };
--- a/usr/src/uts/common/fs/ufs/quota.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/ufs/quota.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -259,15 +258,7 @@ * Large Files: i_size need to be accessed atomically now. */ rw_enter(&qip->i_contents, RW_READER); - if (uid >= 0 && dqoff(uid) >= 0 && dqoff(uid) < qip->i_size) { - /* - * This could almost be a static comparison with UID_MAX, - * but we keep the ASSERT here to document the restriction - * inherent in this simplistic database. - */ - ASSERT((u_offset_t)uid < - UFS_MAXOFFSET_T / sizeof (struct dqblk)); - + if (uid <= MAXUID && dqoff(uid) >= 0 && dqoff(uid) < qip->i_size) { /* * Read quota info off disk. */
--- a/usr/src/uts/common/fs/vfs.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/vfs.c Fri May 25 05:43:42 2007 -0700 @@ -1570,6 +1570,9 @@ vfsp->vfs_fstypevsp = get_fstype_vopstats(vfsp, vswp); } + if (vswp->vsw_flag & VSW_XID) + vfsp->vfs_flag |= VFS_XID; + vfs_unlock(vfsp); } mount_completed();
--- a/usr/src/uts/common/fs/vnode.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/vnode.c Fri May 25 05:43:42 2007 -0700 @@ -150,6 +150,16 @@ } /* + * If the filesystem does not support XIDs map credential + * If the vfsp is NULL, perhaps we should also map? + */ +#define VOPXID_MAP_CR(vp, cr) { \ + vfs_t *vfsp = (vp)->v_vfsp; \ + if (vfsp != NULL && (vfsp->vfs_flag & VFS_XID) == 0) \ + cr = crgetmapped(cr); \ + } + +/* * Convert stat(2) formats to vnode types and vice versa. (Knows about * numerical order of S_IFMT and vnode types.) */ @@ -670,6 +680,8 @@ if (len < 0) return (EIO); + VOPXID_MAP_CR(vp, cr); + iov.iov_base = base; iov.iov_len = len; uio.uio_iov = &iov; @@ -2718,6 +2730,8 @@ atomic_add_32(&((*vpp)->v_wrcnt), 1); } + VOPXID_MAP_CR(vp, cr); + ret = (*(*(vpp))->v_op->vop_open)(vpp, mode, cr); if (ret) { @@ -2766,6 +2780,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_close)(vp, flag, count, offset, cr); VOPSTATS_UPDATE(vp, close); /* @@ -2796,6 +2812,8 @@ int err; ssize_t resid_start = uiop->uio_resid; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_read)(vp, uiop, ioflag, cr, ct); VOPSTATS_UPDATE_IO(vp, read, read_bytes, (resid_start - uiop->uio_resid)); @@ -2813,6 +2831,8 @@ int err; ssize_t resid_start = uiop->uio_resid; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_write)(vp, uiop, ioflag, cr, ct); VOPSTATS_UPDATE_IO(vp, write, write_bytes, (resid_start - uiop->uio_resid)); @@ -2830,6 +2850,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_ioctl)(vp, cmd, arg, flag, cr, rvalp); VOPSTATS_UPDATE(vp, ioctl); return (err); @@ -2844,6 +2866,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_setfl)(vp, oflags, nflags, cr); VOPSTATS_UPDATE(vp, setfl); return (err); @@ -2858,6 +2882,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_getattr)(vp, vap, flags, cr); VOPSTATS_UPDATE(vp, getattr); return (err); @@ -2873,6 +2899,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_setattr)(vp, vap, flags, cr, ct); VOPSTATS_UPDATE(vp, setattr); return (err); @@ -2887,6 +2915,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_access)(vp, mode, flags, cr); VOPSTATS_UPDATE(vp, access); return (err); @@ -2904,6 +2934,8 @@ { int ret; + VOPXID_MAP_CR(dvp, cr); + ret = (*(dvp)->v_op->vop_lookup)(dvp, nm, vpp, pnp, flags, rdir, cr); if (ret == 0 && *vpp) { VOPSTATS_UPDATE(*vpp, lookup); @@ -2928,6 +2960,8 @@ { int ret; + VOPXID_MAP_CR(dvp, cr); + ret = (*(dvp)->v_op->vop_create) (dvp, name, vap, excl, mode, vpp, cr, flag); if (ret == 0 && *vpp) { @@ -2948,6 +2982,8 @@ { int err; + VOPXID_MAP_CR(dvp, cr); + err = (*(dvp)->v_op->vop_remove)(dvp, nm, cr); VOPSTATS_UPDATE(dvp, remove); return (err); @@ -2962,6 +2998,8 @@ { int err; + VOPXID_MAP_CR(tdvp, cr); + err = (*(tdvp)->v_op->vop_link)(tdvp, svp, tnm, cr); VOPSTATS_UPDATE(tdvp, link); return (err); @@ -2977,6 +3015,8 @@ { int err; + VOPXID_MAP_CR(tdvp, cr); + err = (*(sdvp)->v_op->vop_rename)(sdvp, snm, tdvp, tnm, cr); VOPSTATS_UPDATE(sdvp, rename); return (err); @@ -2992,6 +3032,8 @@ { int ret; + VOPXID_MAP_CR(dvp, cr); + ret = (*(dvp)->v_op->vop_mkdir)(dvp, dirname, vap, vpp, cr); if (ret == 0 && *vpp) { VOPSTATS_UPDATE(*vpp, mkdir); @@ -3013,6 +3055,8 @@ { int err; + VOPXID_MAP_CR(dvp, cr); + err = (*(dvp)->v_op->vop_rmdir)(dvp, nm, cdir, cr); VOPSTATS_UPDATE(dvp, rmdir); return (err); @@ -3028,6 +3072,8 @@ int err; ssize_t resid_start = uiop->uio_resid; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_readdir)(vp, uiop, cr, eofp); VOPSTATS_UPDATE_IO(vp, readdir, readdir_bytes, (resid_start - uiop->uio_resid)); @@ -3044,6 +3090,8 @@ { int err; + VOPXID_MAP_CR(dvp, cr); + err = (*(dvp)->v_op->vop_symlink) (dvp, linkname, vap, target, cr); VOPSTATS_UPDATE(dvp, symlink); return (err); @@ -3057,6 +3105,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_readlink)(vp, uiop, cr); VOPSTATS_UPDATE(vp, readlink); return (err); @@ -3070,6 +3120,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_fsync)(vp, syncflag, cr); VOPSTATS_UPDATE(vp, fsync); return (err); @@ -3082,6 +3134,9 @@ { /* Need to update stats before vop call since we may lose the vnode */ VOPSTATS_UPDATE(vp, inactive); + + VOPXID_MAP_CR(vp, cr); + (*(vp)->v_op->vop_inactive)(vp, cr); } @@ -3157,6 +3212,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_frlock) (vp, cmd, bfp, flag, offset, flk_cbp, cr); VOPSTATS_UPDATE(vp, frlock); @@ -3175,6 +3232,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_space)(vp, cmd, bfp, flag, offset, cr, ct); VOPSTATS_UPDATE(vp, space); return (err); @@ -3207,6 +3266,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_getpage) (vp, off, len, protp, plarr, plsz, seg, addr, rw, cr); VOPSTATS_UPDATE(vp, getpage); @@ -3223,6 +3284,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_putpage)(vp, off, len, flags, cr); VOPSTATS_UPDATE(vp, putpage); return (err); @@ -3242,6 +3305,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_map) (vp, off, as, addrp, len, prot, maxprot, flags, cr); VOPSTATS_UPDATE(vp, map); @@ -3263,6 +3328,8 @@ int error; u_longlong_t delta; + VOPXID_MAP_CR(vp, cr); + error = (*(vp)->v_op->vop_addmap) (vp, off, as, addr, len, prot, maxprot, flags, cr); @@ -3309,6 +3376,9 @@ { int error; u_longlong_t delta; + + VOPXID_MAP_CR(vp, cr); + error = (*(vp)->v_op->vop_delmap) (vp, off, as, addr, len, prot, maxprot, flags, cr); @@ -3385,6 +3455,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_pathconf)(vp, cmd, valp, cr); VOPSTATS_UPDATE(vp, pathconf); return (err); @@ -3401,6 +3473,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_pageio)(vp, pp, io_off, io_len, flags, cr); VOPSTATS_UPDATE(vp, pageio); return (err); @@ -3428,6 +3502,9 @@ { /* Must do stats first since it's possible to lose the vnode */ VOPSTATS_UPDATE(vp, dispose); + + VOPXID_MAP_CR(vp, cr); + (*(vp)->v_op->vop_dispose)(vp, pp, flag, dn, cr); } @@ -3440,6 +3517,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_setsecattr) (vp, vsap, flag, cr); VOPSTATS_UPDATE(vp, setsecattr); return (err); @@ -3454,6 +3533,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_getsecattr) (vp, vsap, flag, cr); VOPSTATS_UPDATE(vp, getsecattr); return (err); @@ -3469,6 +3550,8 @@ { int err; + VOPXID_MAP_CR(vp, cr); + err = (*(vp)->v_op->vop_shrlock)(vp, cmd, shr, flag, cr); VOPSTATS_UPDATE(vp, shrlock); return (err);
--- a/usr/src/uts/common/fs/zfs/zfs_acl.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/fs/zfs/zfs_acl.c Fri May 25 05:43:42 2007 -0700 @@ -343,16 +343,16 @@ switch (acep->a_flags & ACE_TYPE_FLAGS) { case ACE_OWNER: - acep->a_who = -1; + acep->a_who = (uid_t)-1; break; case (ACE_IDENTIFIER_GROUP | ACE_GROUP): case ACE_IDENTIFIER_GROUP: if (acep->a_flags & ACE_GROUP) { - acep->a_who = -1; + acep->a_who = (uid_t)-1; } break; case ACE_EVERYONE: - acep->a_who = -1; + acep->a_who = (uid_t)-1; break; }
--- a/usr/src/uts/common/io/ptm.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/io/ptm.c Fri May 25 05:43:42 2007 -0700 @@ -572,7 +572,8 @@ ptop = (pt_own_t *)mp->b_cont->b_rptr; - if (ptop->pto_ruid < 0 || ptop->pto_rgid < 0) { + if (!VALID_UID(ptop->pto_ruid) || + !VALID_GID(ptop->pto_rgid)) { miocnak(qp, mp, 0, EINVAL); break; }
--- a/usr/src/uts/common/io/ptms_conf.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/io/ptms_conf.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -463,8 +463,8 @@ ASSERT(ruid); ASSERT(rgid); - *ruid = -1; - *rgid = -1; + *ruid = (uid_t)-1; + *rgid = (gid_t)-1; /* * /dev/pts/0 is not used, but some applications may check it, so create
--- a/usr/src/uts/common/ipp/flowacct/flowacct.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/ipp/flowacct/flowacct.c Fri May 25 05:43:42 2007 -0700 @@ -219,7 +219,7 @@ header->uid = crgetuid(cr); header->projid = crgetprojid(cr); } else { - header->uid = -1; + header->uid = (uid_t)-1; header->projid = -1; } }
--- a/usr/src/uts/common/ipp/ipgpc/classifier.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/ipp/ipgpc/classifier.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -614,7 +614,7 @@ packet->uid = crgetuid(cr); packet->projid = crgetprojid(cr); } else { - packet->uid = -1; + packet->uid = (uid_t)-1; packet->projid = -1; } }
--- a/usr/src/uts/common/ipp/ipgpc/filters.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/ipp/ipgpc/filters.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -632,8 +631,8 @@ } /* parse uid */ - if (nvlist_lookup_int32(nvlp, IPGPC_UID, &filter->uid) != 0) { - filter->uid = IPGPC_WILDCARD; + if (nvlist_lookup_uint32(nvlp, IPGPC_UID, &filter->uid) != 0) { + filter->uid = (uid_t)IPGPC_WILDCARD; } /* parse projid */ @@ -2337,7 +2336,7 @@ /* add uid */ if (in_filter->uid != IPGPC_WILDCARD) { - if ((rc = nvlist_add_int32(nvlp, IPGPC_UID, in_filter->uid)) + if ((rc = nvlist_add_uint32(nvlp, IPGPC_UID, in_filter->uid)) != 0) { return (rc); }
--- a/usr/src/uts/common/os/core.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/os/core.c Fri May 25 05:43:42 2007 -0700 @@ -490,10 +490,10 @@ (void) sprintf((s = buf), "%d", p->p_pid); break; case 'u': /* effective uid */ - (void) sprintf((s = buf), "%d", crgetuid(p->p_cred)); + (void) sprintf((s = buf), "%u", crgetuid(p->p_cred)); break; case 'g': /* effective gid */ - (void) sprintf((s = buf), "%d", crgetgid(p->p_cred)); + (void) sprintf((s = buf), "%u", crgetgid(p->p_cred)); break; case 'f': /* exec'd filename */ s = PTOU(p)->u_comm;
--- a/usr/src/uts/common/os/cred.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/os/cred.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -55,9 +55,18 @@ #include <sys/ucred.h> #include <sys/prsystm.h> #include <sys/modctl.h> +#include <sys/avl.h> #include <c2/audit.h> #include <sys/zone.h> #include <sys/tsol/label.h> +#include <sys/sid.h> + +typedef struct ephidmap_data { + uid_t min_uid, last_uid; + gid_t min_gid, last_gid; + cred_t *nobody; + kmutex_t eph_lock; +} ephidmap_data_t; static struct kmem_cache *cred_cache; static size_t crsize = 0; @@ -76,6 +85,16 @@ #define REMOTE_PEER_CRED(c) ((c)->cr_gid == -1) /* + * XXX: should be per-zone. + * Start with an invalid value for atomic increments. + */ +static ephidmap_data_t ephemeral_data = { + MAXUID, MAXUID, MAXUID, MAXUID +}; + +static boolean_t hasephids = B_FALSE; + +/* * Initialize credentials data structures. */ @@ -111,12 +130,13 @@ dummycr = cralloc(); bzero(dummycr, crsize); dummycr->cr_ref = 1; - dummycr->cr_uid = -1; - dummycr->cr_gid = -1; - dummycr->cr_ruid = -1; - dummycr->cr_rgid = -1; - dummycr->cr_suid = -1; - dummycr->cr_sgid = -1; + dummycr->cr_uid = (uid_t)-1; + dummycr->cr_gid = (gid_t)-1; + dummycr->cr_ruid = (uid_t)-1; + dummycr->cr_rgid = (gid_t)-1; + dummycr->cr_suid = (uid_t)-1; + dummycr->cr_sgid = (gid_t)-1; + /* * kcred is used by anything that needs all privileges; it's @@ -152,6 +172,13 @@ ttoproc(curthread)->p_cred = kcred; curthread->t_cred = kcred; + /* + * nobody is used to map SID containing CRs. + */ + ephemeral_data.nobody = crdup(kcred); + (void) crsetugid(ephemeral_data.nobody, UID_NOBODY, GID_NOBODY); + CR_FLAGS(kcred) = 0; + ucredsize = UCRED_SIZE; } @@ -165,6 +192,19 @@ cr->cr_ref = 1; /* So we can crfree() */ cr->cr_zone = NULL; cr->cr_label = NULL; + cr->cr_ksid = NULL; + return (cr); +} + +/* + * As cralloc but prepared for ksid change (if appropriate). + */ +cred_t * +cralloc_ksid(void) +{ + cred_t *cr = cralloc(); + if (hasephids) + cr->cr_ksid = kcrsid_alloc(); return (cr); } @@ -248,6 +288,8 @@ label_rele(cr->cr_label); if (cr->cr_zone) zone_cred_rele(cr->cr_zone); + if (cr->cr_ksid) + kcrsid_rele(cr->cr_ksid); kmem_cache_free(cred_cache, cr); } } @@ -268,6 +310,8 @@ zone_cred_hold(newcr->cr_zone); if (newcr->cr_label) label_hold(cr->cr_label); + if (newcr->cr_ksid) + kcrsid_hold(cr->cr_ksid); crfree(cr); newcr->cr_ref = 2; /* caller gets two references */ return (newcr); @@ -283,11 +327,18 @@ void crcopy_to(cred_t *oldcr, cred_t *newcr) { + credsid_t *nkcr = newcr->cr_ksid; + bcopy(oldcr, newcr, crsize); if (newcr->cr_zone) zone_cred_hold(newcr->cr_zone); if (newcr->cr_label) label_hold(newcr->cr_label); + if (nkcr) { + newcr->cr_ksid = nkcr; + kcrsidcopy_to(oldcr->cr_ksid, newcr->cr_ksid); + } else if (newcr->cr_ksid) + kcrsid_hold(newcr->cr_ksid); crfree(oldcr); newcr->cr_ref = 2; /* caller gets two references */ } @@ -307,6 +358,8 @@ zone_cred_hold(newcr->cr_zone); if (newcr->cr_label) label_hold(newcr->cr_label); + if (newcr->cr_ksid) + kcrsid_hold(newcr->cr_ksid); newcr->cr_ref = 1; return (newcr); } @@ -320,11 +373,18 @@ void crdup_to(cred_t *oldcr, cred_t *newcr) { + credsid_t *nkcr = newcr->cr_ksid; + bcopy(oldcr, newcr, crsize); if (newcr->cr_zone) zone_cred_hold(newcr->cr_zone); if (newcr->cr_label) label_hold(newcr->cr_label); + if (nkcr) { + newcr->cr_ksid = nkcr; + kcrsidcopy_to(oldcr->cr_ksid, newcr->cr_ksid); + } else if (newcr->cr_ksid) + kcrsid_hold(newcr->cr_ksid); newcr->cr_ref = 1; } @@ -559,14 +619,15 @@ return (REMOTE_PEER_CRED(cr)); } -#define BADID(x) ((x) != -1 && (unsigned int)(x) > MAXUID) +#define BADUID(x) ((x) != -1 && !VALID_UID(x)) +#define BADGID(x) ((x) != -1 && !VALID_GID(x)) int crsetresuid(cred_t *cr, uid_t r, uid_t e, uid_t s) { ASSERT(cr->cr_ref <= 2); - if (BADID(r) || BADID(e) || BADID(s)) + if (BADUID(r) || BADUID(e) || BADUID(s)) return (-1); if (r != -1) @@ -584,7 +645,7 @@ { ASSERT(cr->cr_ref <= 2); - if (BADID(r) || BADID(e) || BADID(s)) + if (BADGID(r) || BADGID(e) || BADGID(s)) return (-1); if (r != -1) @@ -602,7 +663,7 @@ { ASSERT(cr->cr_ref <= 2); - if (uid < 0 || uid > MAXUID || gid < 0 || gid > MAXUID) + if (!VALID_UID(uid) || !VALID_GID(gid)) return (-1); cr->cr_uid = cr->cr_ruid = cr->cr_suid = uid; @@ -904,3 +965,120 @@ else return (kcred); } + +boolean_t +valid_ephemeral_uid(uid_t id) +{ + membar_consumer(); + return (id > ephemeral_data.min_uid && id <= ephemeral_data.last_uid); +} + +boolean_t +valid_ephemeral_gid(gid_t id) +{ + membar_consumer(); + return (id > ephemeral_data.min_gid && id <= ephemeral_data.last_gid); +} + +int +eph_uid_alloc(int flags, uid_t *start, int count) +{ + mutex_enter(&ephemeral_data.eph_lock); + + /* Test for unsigned integer wrap around */ + if (ephemeral_data.last_uid + count < ephemeral_data.last_uid) { + mutex_exit(&ephemeral_data.eph_lock); + return (-1); + } + + /* first call or idmap crashed and state corrupted */ + if (flags != 0) + ephemeral_data.min_uid = ephemeral_data.last_uid; + + hasephids = B_TRUE; + *start = ephemeral_data.last_uid + 1; + atomic_add_32(&ephemeral_data.last_uid, count); + mutex_exit(&ephemeral_data.eph_lock); + return (0); +} + +int +eph_gid_alloc(int flags, gid_t *start, int count) +{ + mutex_enter(&ephemeral_data.eph_lock); + + /* Test for unsigned integer wrap around */ + if (ephemeral_data.last_gid + count < ephemeral_data.last_gid) { + mutex_exit(&ephemeral_data.eph_lock); + return (-1); + } + + /* first call or idmap crashed and state corrupted */ + if (flags != 0) + ephemeral_data.min_gid = ephemeral_data.last_gid; + + hasephids = B_TRUE; + *start = ephemeral_data.last_gid + 1; + atomic_add_32(&ephemeral_data.last_gid, count); + mutex_exit(&ephemeral_data.eph_lock); + return (0); +} + +/* + * If the credential contains any ephemeral IDs, map the credential + * to nobody. + */ +cred_t * +crgetmapped(const cred_t *cr) +{ + if (cr->cr_ksid != NULL) { + int i; + + for (i = 0; i < KSID_COUNT; i++) + if (cr->cr_ksid->kr_sidx[i].ks_id > MAXUID) + return (ephemeral_data.nobody); + if (cr->cr_ksid->kr_sidlist != NULL && + cr->cr_ksid->kr_sidlist->ksl_neid > 0) { + return (ephemeral_data.nobody); + } + } + + return ((cred_t *)cr); +} + +/* index should be in range for a ksidindex_t */ +void +crsetsid(cred_t *cr, ksid_t *ksp, int index) +{ + ASSERT(cr->cr_ref <= 2); + ASSERT(index >= 0 && index < KSID_COUNT); + if (cr->cr_ksid == NULL && ksp == NULL) + return; + cr->cr_ksid = kcrsid_setsid(cr->cr_ksid, ksp, index); +} + +void +crsetsidlist(cred_t *cr, ksidlist_t *ksl) +{ + ASSERT(cr->cr_ref <= 2); + if (cr->cr_ksid == NULL && ksl == NULL) + return; + cr->cr_ksid = kcrsid_setsidlist(cr->cr_ksid, ksl); +} + +ksid_t * +crgetsid(const cred_t *cr, int i) +{ + ASSERT(i >= 0 && i < KSID_COUNT); + if (cr->cr_ksid != NULL && cr->cr_ksid->kr_sidx[i].ks_domain) + return ((ksid_t *)&cr->cr_ksid->kr_sidx[i]); + return (NULL); +} + +ksidlist_t * +crgetsidlist(const cred_t *cr) +{ + if (cr->cr_ksid != NULL && cr->cr_ksid->kr_sidlist != NULL) + return ((ksidlist_t *)&cr->cr_ksid->kr_sidlist); + return (NULL); +}
--- a/usr/src/uts/common/os/ipc.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/os/ipc.c Fri May 25 05:43:42 2007 -0700 @@ -529,7 +529,7 @@ if (secpolicy_ipc_owner(cr, kperm) != 0) return (EPERM); - if ((uid < 0) || (uid > MAXUID) || (gid < 0) || (gid > MAXUID)) + if (!VALID_UID(uid) || !VALID_GID(gid)) return (EINVAL); kperm->ipc_uid = uid; @@ -568,8 +568,7 @@ if (secpolicy_ipc_owner(cr, kperm) != 0) return (EPERM); - if ((perm64->ipcx_uid < 0) || (perm64->ipcx_uid > MAXUID) || - (perm64->ipcx_gid < 0) || (perm64->ipcx_gid > MAXUID)) + if (!VALID_UID(perm64->ipcx_uid) || !VALID_GID(perm64->ipcx_gid)) return (EINVAL); kperm->ipc_uid = perm64->ipcx_uid;
--- a/usr/src/uts/common/os/modctl.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/os/modctl.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1537,12 +1537,12 @@ nvp = nvlist_next_nvpair(nvl, nvp); ASSERT(strcmp(nvpair_name(nvp), "uid") == 0); if (mp) - (void) nvpair_value_int32(nvp, &mp->mp_uid); + (void) nvpair_value_uint32(nvp, &mp->mp_uid); /* gid */ nvp = nvlist_next_nvpair(nvl, nvp); ASSERT(strcmp(nvpair_name(nvp), "gid") == 0); if (mp) { - (void) nvpair_value_int32(nvp, &mp->mp_gid); + (void) nvpair_value_uint32(nvp, &mp->mp_gid); if (cmd == MODREMMINORPERM) { rem_minorperm(major, name, mp, is_clone);
--- a/usr/src/uts/common/os/policy.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/os/policy.c Fri May 25 05:43:42 2007 -0700 @@ -1885,3 +1885,15 @@ { return (PRIV_POLICY(cr, PRIV_SYS_MOUNT, B_FALSE, EPERM, NULL)); } + +/* + * secpolicy_idmap + * + * Determine if the calling process has permissions to register an SID + * mapping daemon and allocate ephemeral IDs. + */ +int +secpolicy_idmap(const cred_t *cr) +{ + return (PRIV_POLICY(cr, PRIV_ALL, B_FALSE, EPERM, NULL)); +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/uts/common/os/sid.c Fri May 25 05:43:42 2007 -0700 @@ -0,0 +1,395 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * Sid manipulation (stubs). + */ + +#include <sys/atomic.h> +#include <sys/avl.h> +#include <sys/cmn_err.h> +#include <sys/kmem.h> +#include <sys/mutex.h> +#include <sys/sid.h> +#include <sys/sysmacros.h> +#include <sys/systm.h> + +static kmutex_t sid_lock; +static avl_tree_t sid_tree; +static boolean_t sid_inited = B_FALSE; + +static ksiddomain_t +*ksid_enterdomain(const char *dom) +{ + size_t len = strlen(dom) + 1; + ksiddomain_t *res; + + ASSERT(MUTEX_HELD(&sid_lock)); + res = kmem_alloc(sizeof (ksiddomain_t), KM_SLEEP); + res->kd_len = (uint_t)len; + res->kd_name = kmem_alloc(len, KM_SLEEP); + bcopy(dom, res->kd_name, len); + + res->kd_ref = 1; + + avl_add(&sid_tree, res); + + return (res); +} + +void +ksid_hold(ksid_t *ks) +{ + if (ks->ks_domain != NULL) + ksiddomain_hold(ks->ks_domain); +} + +void +ksid_rele(ksid_t *ks) +{ + if (ks->ks_domain != NULL) + ksiddomain_rele(ks->ks_domain); +} + +void +ksiddomain_hold(ksiddomain_t *kd) +{ + atomic_add_32(&kd->kd_ref, 1); +} + +void +ksiddomain_rele(ksiddomain_t *kd) +{ + if (atomic_add_32_nv(&kd->kd_ref, -1) == 0) { + /* + * The kd reference can only be incremented from 0 when + * the sid_lock is held; so we lock and then check need to + * check for 0 again. + */ + mutex_enter(&sid_lock); + if (kd->kd_ref == 0) { + avl_remove(&sid_tree, kd); + kmem_free(kd->kd_name, kd->kd_len); + kmem_free(kd, sizeof (*kd)); + } + mutex_exit(&sid_lock); + } +} + +void +ksidlist_hold(ksidlist_t *ksl) +{ + atomic_add_32(&ksl->ksl_ref, 1); +} + +void +ksidlist_rele(ksidlist_t *ksl) +{ + if (atomic_add_32_nv(&ksl->ksl_ref, -1) == 0) { + int i; + + for (i = 0; i < ksl->ksl_nsid; i++) + ksid_rele(&ksl->ksl_sids[i]); + + kmem_free(ksl, KSIDLIST_MEM(ksl->ksl_nsid)); + } +} + +static int +ksid_cmp(const void *a, const void *b) +{ + const ksiddomain_t *ap = a; + const ksiddomain_t *bp = b; + int res; + + res = strcmp(ap->kd_name, bp->kd_name); + if (res > 0) + return (1); + if (res != 0) + return (-1); + return (0); +} + +/* + * Lookup the named domain in the AVL tree. + * If no entry is found, add the domain to the AVL tree. + * The domain is returned held and needs to be released + * when done. + */ +ksiddomain_t +*ksid_lookupdomain(const char *dom) +{ + ksiddomain_t *res; + ksiddomain_t tmpl; + + mutex_enter(&sid_lock); + + if (!sid_inited) { + avl_create(&sid_tree, ksid_cmp, sizeof (ksiddomain_t), + offsetof(ksiddomain_t, kd_link)); + + res = ksid_enterdomain(dom); + sid_inited = B_TRUE; + mutex_exit(&sid_lock); + return (res); + } + + tmpl.kd_name = (char *)dom; + + res = avl_find(&sid_tree, &tmpl, NULL); + if (res == NULL) { + res = ksid_enterdomain(dom); + } else { + ksiddomain_hold(res); + } + + mutex_exit(&sid_lock); + return (res); +} + +const char * +ksid_getdomain(ksid_t *ks) +{ + return (ks->ks_domain->kd_name); +} + +uint_t +ksid_getrid(ksid_t *ks) +{ + return (ks->ks_rid); +} + +int +ksid_lookup(uid_t id, ksid_t *res) +{ + uid_t tmp; + + if (idmap_call_byid(id, res) == -1) + return (-1); + + tmp = idmap_call_bysid(res); + if (tmp != id) + cmn_err(CE_WARN, "The idmapper has gone bonkers"); + res->ks_id = id; + + return (0); +} + +credsid_t * +kcrsid_alloc(void) +{ + credsid_t *kcr = kmem_zalloc(sizeof (*kcr), KM_SLEEP); + kcr->kr_ref = 1; + return (kcr); +} + +/* + * Returns a credsid_t with a refcount of 1. + */ +static credsid_t * +kcrsid_dup(credsid_t *org) +{ + credsid_t *new; + ksid_index_t ki; + + if (org == NULL) + return (kcrsid_alloc()); + if (org->kr_ref == 1) + return (org); + new = kcrsid_alloc(); + + /* Copy, then update reference counts */ + *new = *org; + new->kr_ref = 1; + for (ki = 0; ki < KSID_COUNT; ki++) + ksid_hold(&new->kr_sidx[ki]); + + if (new->kr_sidlist != NULL) + ksidlist_hold(new->kr_sidlist); + + kcrsid_rele(org); + return (new); +} + +void +kcrsid_hold(credsid_t *kcr) +{ + atomic_add_32(&kcr->kr_ref, 1); +} + +void +kcrsid_rele(credsid_t *kcr) +{ + if (atomic_add_32_nv(&kcr->kr_ref, -1) == 0) { + ksid_index_t i; + + for (i = 0; i < KSID_COUNT; i++) + ksid_rele(&kcr->kr_sidx[i]); + + if (kcr->kr_sidlist != NULL) + ksidlist_rele(kcr->kr_sidlist); + + kmem_free(kcr, sizeof (*kcr)); + } +} + +/* + * Copy the SID credential into a previously allocated piece of memory. + */ +void +kcrsidcopy_to(const credsid_t *okcr, credsid_t *nkcr) +{ + int i; + + ASSERT(nkcr->kr_ref == 1); + + if (okcr == NULL) + return; + *nkcr = *okcr; + for (i = 0; i < KSID_COUNT; i++) + ksid_hold(&nkcr->kr_sidx[i]); + if (nkcr->kr_sidlist != NULL) + ksidlist_hold(nkcr->kr_sidlist); + nkcr->kr_ref = 1; +} + +static int +kcrsid_sidcount(const credsid_t *kcr) +{ + int cnt = 0; + int i; + + if (kcr == NULL) + return (0); + + for (i = 0; i < KSID_COUNT; i++) + if (kcr->kr_sidx[i].ks_domain != NULL) + cnt++; + + if (kcr->kr_sidlist != NULL) + cnt += kcr->kr_sidlist->ksl_nsid; + return (cnt); +} + +/* + * Argument needs to be a ksid_t with a properly held ks_domain reference. + */ +credsid_t * +kcrsid_setsid(credsid_t *okcr, ksid_t *ksp, ksid_index_t i) +{ + int ocnt = kcrsid_sidcount(okcr); + credsid_t *nkcr; + + /* + * Unset the particular ksid; if there are no other SIDs or if this + * is the last SID, remove the auxilary data structure. + */ + if (ksp == NULL) { + if (ocnt == 0 || + (ocnt == 1 && okcr->kr_sidx[i].ks_domain != NULL)) { + if (okcr != NULL) + kcrsid_rele(okcr); + return (NULL); + } + } + nkcr = kcrsid_dup(okcr); + ksid_rele(&nkcr->kr_sidx[i]); + if (ksp == NULL) + bzero(&nkcr->kr_sidx[i], sizeof (ksid_t)); + else + nkcr->kr_sidx[i] = *ksp; + + return (nkcr); +} + +/* + * Argument needs to be a ksidlist_t with properly held ks_domain references + * and a reference count taking the new reference into account. + */ +credsid_t * +kcrsid_setsidlist(credsid_t *okcr, ksidlist_t *ksl) +{ + int ocnt = kcrsid_sidcount(okcr); + credsid_t *nkcr; + + /* + * Unset the sidlist; if there are no further SIDs, remove the + * auxilary data structure. + */ + if (ksl == NULL) { + if (ocnt == 0 || (okcr->kr_sidlist != NULL && + ocnt == okcr->kr_sidlist->ksl_nsid)) { + if (okcr != NULL) + kcrsid_rele(okcr); + return (NULL); + } + } + nkcr = kcrsid_dup(okcr); + if (nkcr->kr_sidlist != NULL) + ksidlist_rele(nkcr->kr_sidlist); + + nkcr->kr_sidlist = ksl; + return (nkcr); +} + +ksidlist_t * +kcrsid_gidstosids(int ngrp, gid_t *grp) +{ + int i; + ksidlist_t *list; + int cnt; + + if (ngrp == 0) + return (NULL); + + cnt = 0; + list = kmem_zalloc(KSIDLIST_MEM(ngrp), KM_SLEEP); + + list->ksl_nsid = ngrp; + list->ksl_ref = 1; + + for (i = 0; i < ngrp; i++) { + if (grp[i] > MAXUID) { + list->ksl_neid++; + if (ksid_lookup(grp[i], &list->ksl_sids[i]) != 0) { + while (--i >= 0) + ksid_rele(&list->ksl_sids[i]); + cnt = 0; + break; + } + cnt++; + } else { + list->ksl_sids[i].ks_id = grp[i]; + } + } + if (cnt == 0) { + kmem_free(list, KSIDLIST_MEM(ngrp)); + return (NULL); + } + return (list); +}
--- a/usr/src/uts/common/os/sysent.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/os/sysent.c Fri May 25 05:43:42 2007 -0700 @@ -84,7 +84,6 @@ int hrtsys(); #endif /* __i386 || __amd64 */ int ioctl(); -int issetugid(); int kill(); int labelsys(); int link(); @@ -110,6 +109,7 @@ int setpgrp(); int setuid(); uintptr_t shmsys(); +uint64_t sidsys(); int ssig(); int sigprocmask(); int sigsuspend(); @@ -521,7 +521,7 @@ /* 72 */ SYSENT_LOADABLE(), /* exacct */ /* 73 */ SYSENT_CI("getpagesizes", getpagesizes, 2), /* 74 */ SYSENT_CI("rctlsys", rctlsys, 6), - /* 75 */ SYSENT_CI("issetugid", issetugid, 0), + /* 75 */ SYSENT_2CI("sidsys", sidsys, 4), /* 76 */ IF_LP64( SYSENT_CI("fsat", fsat64, 6), SYSENT_CI("fsat", fsat32, 6)), @@ -922,7 +922,7 @@ /* 72 */ SYSENT_LOADABLE32(), /* exacct */ /* 73 */ SYSENT_CI("getpagesizes", getpagesizes32, 2), /* 74 */ SYSENT_CI("rctlsys", rctlsys, 6), - /* 75 */ SYSENT_CI("issetugid", issetugid, 0), + /* 75 */ SYSENT_2CI("sidsys", sidsys, 4), /* 76 */ SYSENT_CI("fsat", fsat32, 6), /* 77 */ SYSENT_CI("lwp_park", syslwp_park, 3), /* 78 */ SYSENT_CI("sendfilev", sendfilev, 5),
--- a/usr/src/uts/common/rpc/auth.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/rpc/auth.h Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ @@ -365,7 +364,7 @@ */ #ifdef _KERNEL -extern enum clnt_stat netname2user(char *, uid_t *, gid_t *, int *, int *); +extern enum clnt_stat netname2user(char *, uid_t *, gid_t *, int *, gid_t *); #endif #ifdef __STDC__ extern int getnetname(char *);
--- a/usr/src/uts/common/rpc/sec/key_call.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/rpc/sec/key_call.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -199,7 +198,7 @@ } enum clnt_stat -netname2user(char *name, uid_t *uid, gid_t *gid, int *len, int *groups) +netname2user(char *name, uid_t *uid, gid_t *gid, int *len, gid_t *groups) { struct getcredres res; enum clnt_stat stat;
--- a/usr/src/uts/common/rpc/sec/svcauthdes.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/rpc/sec/svcauthdes.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -417,7 +416,7 @@ gid_t gid; /* cached gid */ short valid; /* valid creds */ short grouplen; /* length of cached groups */ - int groups[NGROUPS_UMAX]; /* cached groups */ + gid_t groups[NGROUPS_UMAX]; /* cached groups */ }; /*
--- a/usr/src/uts/common/rpc/sec_gss/rpcsec_gss.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/rpc/sec_gss/rpcsec_gss.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -109,7 +108,7 @@ /* The table size must be a power of two. */ #define GSSAUTH_TABLESIZE 16 #define HASH(keynum, uid_num) \ - ((((intptr_t)(keynum)) ^ (uid_num)) & (GSSAUTH_TABLESIZE - 1)) + ((((intptr_t)(keynum)) ^ ((int)uid_num)) & (GSSAUTH_TABLESIZE - 1)) /* * gss auth cache entry.
--- a/usr/src/uts/common/sys/Makefile Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/Makefile Fri May 25 05:43:42 2007 -0700 @@ -438,6 +438,7 @@ share.h \ shm.h \ shm_impl.h \ + sid.h \ siginfo.h \ signal.h \ sleepq.h \
--- a/usr/src/uts/common/sys/cred.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/cred.h Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -55,6 +55,8 @@ struct proc; /* cred.h is included in proc.h */ struct prcred; +struct ksid; +struct ksidlist; struct auditinfo_addr; /* cred.h is included in audit.h */ @@ -68,6 +70,7 @@ extern void crhold(cred_t *); extern void crfree(cred_t *); extern cred_t *cralloc(void); /* all but ref uninitialized */ +extern cred_t *cralloc_ksid(void); /* cralloc() + ksid alloc'ed */ extern cred_t *crget(void); /* initialized */ extern cred_t *crcopy(cred_t *); extern void crcopy_to(cred_t *, cred_t *); @@ -91,6 +94,8 @@ extern zoneid_t crgetzoneid(const cred_t *); extern projid_t crgetprojid(const cred_t *); +extern cred_t *crgetmapped(const cred_t *); + extern const struct auditinfo_addr *crgetauinfo(const cred_t *); extern struct auditinfo_addr *crgetauinfo_modifiable(cred_t *); @@ -145,6 +150,26 @@ extern struct ts_label_s *crgetlabel(const cred_t *); extern boolean_t crisremote(const cred_t *); +/* + * Private interfaces for ephemeral uids. + */ +#define VALID_UID(id) \ + ((id) <= MAXUID || valid_ephemeral_uid((id))) +#define VALID_GID(id) \ + ((id) <= MAXUID || valid_ephemeral_gid((id))) + +extern boolean_t valid_ephemeral_uid(uid_t); +extern boolean_t valid_ephemeral_gid(gid_t); + +extern int eph_uid_alloc(int, uid_t *, int); +extern int eph_gid_alloc(int, gid_t *, int); + +extern void crsetsid(cred_t *, struct ksid *, int); +extern void crsetsidlist(cred_t *, struct ksidlist *); + +extern struct ksid *crgetsid(const cred_t *, int); +extern struct ksidlist *crgetsidlist(const cred_t *); + #endif /* _KERNEL */ #ifdef __cplusplus
--- a/usr/src/uts/common/sys/cred_impl.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/cred_impl.h Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -31,6 +31,7 @@ #include <sys/types.h> #include <sys/cred.h> #include <sys/priv_impl.h> +#include <sys/sid.h> #ifdef __cplusplus extern "C" { @@ -78,6 +79,7 @@ projid_t cr_projid; /* project */ struct zone *cr_zone; /* pointer to per-zone structure */ struct ts_label_s *cr_label; /* pointer to the effective label */ + credsid_t *cr_ksid; /* pointer to SIDs */ gid_t cr_groups[1]; /* cr_groups size not fixed */ /* audit info is defined dynamically */ /* and valid only when audit enabled */
--- a/usr/src/uts/common/sys/param.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/param.h Fri May 25 05:43:42 2007 -0700 @@ -87,6 +87,7 @@ #ifdef _KERNEL #define MAX_TASKID 999999 #define MAX_MAXPID 999999 +#define MAXEPHUID 0xfffffffcu /* max ephemeral user id */ #endif #ifdef DEBUG @@ -99,9 +100,12 @@ #endif #define MAXUID 2147483647 /* max user id */ + #define MAXPROJID MAXUID /* max project id */ #define MAXLINK 32767 /* max links */ +#define MINEPHUID 0x80000000u /* min ephemeral user id */ + #define NMOUNT 40 /* est. of # mountable fs for quota calc */ #define CANBSIZ 256 /* max size of typewriter line */ @@ -464,6 +468,7 @@ #define PAGEOFFSET (PAGESIZE - 1) #define PAGEMASK (~PAGEOFFSET) #define MAXPID ((pid_t)_sysconf(_SC_MAXPID)) +#define MAXEPHUID ((uid_t)_sysconf(_SC_EPHID_MAX)) #ifdef __cplusplus }
--- a/usr/src/uts/common/sys/policy.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/policy.h Fri May 25 05:43:42 2007 -0700 @@ -95,6 +95,7 @@ int secpolicy_fs_linkdir(const cred_t *, const struct vfs *); int secpolicy_fs_minfree(const cred_t *, const struct vfs *); int secpolicy_fs_quota(const cred_t *, const struct vfs *); +int secpolicy_idmap(const cred_t *); int secpolicy_ip(const cred_t *, int, boolean_t); int secpolicy_ip_config(const cred_t *, boolean_t); int secpolicy_ipc_access(const cred_t *, const struct kipc_perm *, mode_t);
--- a/usr/src/uts/common/sys/priv.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/priv.h Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -81,6 +81,7 @@ #define PRIVSYS_GETIMPLINFO 2 #define PRIVSYS_SETPFLAGS 3 #define PRIVSYS_GETPFLAGS 4 +#define PRIVSYS_ISSETUGID 5 /* * Maximum length of a user defined privilege name.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/uts/common/sys/sid.h Fri May 25 05:43:42 2007 -0700 @@ -0,0 +1,150 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#ifndef _SYS_SID_H +#define _SYS_SID_H + +#pragma ident "%Z%%M% %I% %E% SMI" + +#include <sys/types.h> +#include <sys/avl.h> + +/* + * Kernel SID data structure and functions. + */ +#ifdef __cplusplus +extern "C" { +#endif + +/* sidsys subcodes */ +#define SIDSYS_ALLOC_IDS 0 +/* Flags for ALLOC_IDS */ +#define SID_EXTEND_RANGE 0 +#define SID_NEW_RANGE 1 + +#define SIDSYS_IDMAP_REG 1 +#define SIDSYS_IDMAP_UNREG 2 + +#define SIDSYS_SID2ID 0 +#define SIDSYS_ID2SID 1 + +typedef struct domsid { + uint_t ds_rid; + char ds_dom[1]; +} domsid_t; + +typedef struct sidmap_call { + int sc_type; + union sc_val_u { + uid_t sc_id; + domsid_t sc_sid; + } sc_val; +} sidmap_call_t; + + +#ifdef _KERNEL +/* Domains are stored in AVL trees so we can share them among SIDs */ +typedef struct ksiddomain { + uint_t kd_ref; + uint_t kd_len; + char *kd_name; /* Domain part of SID */ + avl_node_t kd_link; +} ksiddomain_t; + +typedef struct ksid { + uid_t ks_id; /* Cache of (ephemeral) uid */ + uint32_t ks_rid; /* Rid part of the name */ + uint32_t ks_attr; /* Attribute */ + ksiddomain_t *ks_domain; /* Domain descsriptor */ +} ksid_t; + +typedef enum ksid_index { + KSID_USER, + KSID_GROUP, + KSID_OWNER, + KSID_COUNT /* Must be last */ +} ksid_index_t; + +/* + * As no memory may be allocated for credentials while holding p_crlock, + * all sub data structures need to be ref counted. + */ + +typedef struct ksidlist { + uint_t ksl_ref; + uint_t ksl_nsid; + uint_t ksl_neid; /* Number of ids which are ephemeral */ + ksid_t ksl_sids[1]; /* Allocate ksl_nsid times */ +} ksidlist_t; + +#define KSIDLIST_MEM(n) (sizeof (ksidlist_t) + ((n) - 1) * sizeof (ksid_t)) + +typedef struct credsid { + uint_t kr_ref; /* Reference count */ + ksid_t kr_sidx[KSID_COUNT]; /* User, group, default owner */ + ksidlist_t *kr_sidlist; /* List of SIDS */ +} credsid_t; + +const char *ksid_getdomain(ksid_t *); +uint_t ksid_getrid(ksid_t *); + +int ksid_lookup(uid_t, ksid_t *); +void ksid_rele(ksid_t *); + +credsid_t *kcrsid_alloc(void); + +credsid_t *kcrsid_setsid(credsid_t *, ksid_t *, ksid_index_t); +credsid_t *kcrsid_setsidlist(credsid_t *, ksidlist_t *); + +void kcrsid_rele(credsid_t *); +void kcrsid_hold(credsid_t *); +void kcrsidcopy_to(const credsid_t *okcr, credsid_t *nkcr); + +void ksiddomain_rele(ksiddomain_t *); +void ksiddomain_hold(ksiddomain_t *); +void ksidlist_rele(ksidlist_t *); +void ksidlist_hold(ksidlist_t *); + +ksiddomain_t *ksid_lookupdomain(const char *); + +ksidlist_t *kcrsid_gidstosids(int, gid_t *); + +int idmap_call_byid(uid_t, ksid_t *); +uid_t idmap_call_bysid(ksid_t *); + +#else + +int allocids(int, int, uid_t *, int, gid_t *); +int idmap_reg(int); +int idmap_unreg(int); + +#endif /* _KERNEL */ + +#ifdef __cplusplus +} +#endif + +#endif /* _SYS_SID_H */
--- a/usr/src/uts/common/sys/syscall.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/syscall.h Fri May 25 05:43:42 2007 -0700 @@ -203,7 +203,13 @@ * rctllist(...) :: rctlsys(2, ...) * rctlctl(...) :: rctlsys(3, ...) */ -#define SYS_issetugid 75 +#define SYS_sidsys 75 + /* + * subcodes: + * allocids(...) :: sidsys(0, ...) + * idmap_reg(...) :: sidsys(1, ...) + * idmap_unreg(...) :: sidsys(2, ...) + */ #define SYS_fsat 76 /* * subcodes: @@ -240,6 +246,7 @@ * getimplinfo(...) :: privsys(2, ...) * setpflags(...) :: privsys(3, ...) * getpflags(...) :: privsys(4, ...) + * issetugid(); :: privsys(5) */ #define SYS_ucredsys 83 /*
--- a/usr/src/uts/common/sys/sysconfig.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/sysconfig.h Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -24,7 +23,7 @@ /* - * Copyright 2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -102,6 +101,8 @@ /* UNIX 03 names */ #define _CONFIG_SYMLOOP_MAX 46 /* maximum # of symlinks in pathname */ +#define _CONFIG_EPHID_MAX 47 /* maximum ephemeral uid */ + #ifdef __cplusplus } #endif
--- a/usr/src/uts/common/sys/types.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/types.h Fri May 25 05:43:42 2007 -0700 @@ -365,11 +365,7 @@ #ifndef _UID_T #define _UID_T -#if defined(_LP64) || defined(_I32LPx) -typedef int uid_t; /* UID type */ -#else -typedef long uid_t; /* (historical version) */ -#endif +typedef unsigned int uid_t; /* UID type */ #endif /* _UID_T */ typedef uid_t gid_t; /* GID type */
--- a/usr/src/uts/common/sys/types32.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/types32.h Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,8 +19,8 @@ * CDDL HEADER END */ /* - * Copyright (c) 1997-1998 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #ifndef _SYS_TYPES32_H @@ -58,8 +57,8 @@ typedef uint32_t minor32_t; typedef int32_t key32_t; typedef uint32_t mode32_t; -typedef int32_t uid32_t; -typedef int32_t gid32_t; +typedef uint32_t uid32_t; +typedef uint32_t gid32_t; typedef uint32_t nlink32_t; typedef uint32_t dev32_t; typedef int32_t pid32_t;
--- a/usr/src/uts/common/sys/unistd.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/unistd.h Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -26,7 +25,7 @@ */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -211,6 +210,7 @@ #define _SC_STACK_PROT 515 /* default stack protection */ #define _SC_NPROCESSORS_MAX 516 /* maximum # of processors */ #define _SC_CPUID_MAX 517 /* maximum CPU id */ +#define _SC_EPHID_MAX 518 /* maximum ephemeral id */ /* * POSIX.1c (pthreads) names. These values are defined above
--- a/usr/src/uts/common/sys/vfs.h Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/sys/vfs.h Fri May 25 05:43:42 2007 -0700 @@ -269,6 +269,7 @@ #define VFS_NODEVICES 0x800 /* device-special files disallowed */ #define VFS_NOEXEC 0x1000 /* executables disallowed */ #define VFS_STATS 0x2000 /* file system can collect stats */ +#define VFS_XID 0x4000 /* file system supports extended ids */ #define VFS_NORESOURCE "unspecified_resource" #define VFS_NOMNTPT "unspecified_mountpoint" @@ -405,6 +406,7 @@ #define VSW_NOTZONESAFE 0x08 /* zone_enter(2) should fail for these files */ #define VSW_VOLATILEDEV 0x10 /* vfs_dev can change each time fs is mounted */ #define VSW_STATS 0x20 /* file system can collect stats */ +#define VSW_XID 0x40 /* file system supports extended ids */ #define VSW_INSTALLED 0x8000 /* this vsw is associated with a file system */
--- a/usr/src/uts/common/syscall/chown.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/syscall/chown.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -71,8 +70,10 @@ int error = 0; char startchar; - if (uid < -1 || uid > MAXUID || gid < -1 || gid > MAXUID) + if (uid != (uid_t)-1 && !VALID_UID(uid) || + gid != (gid_t)-1 && !VALID_GID(gid)) { return (set_errno(EINVAL)); + } vattr.va_uid = uid; vattr.va_gid = gid; vattr.va_mask = 0;
--- a/usr/src/uts/common/syscall/gid.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/syscall/gid.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 1994,2001-2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -44,19 +43,28 @@ int setgid(gid_t gid) { - register proc_t *p; + proc_t *p; int error; int do_nocd = 0; cred_t *cr, *newcr; + ksid_t ksid, *ksp; - if (gid < 0 || gid > MAXUID) + if (!VALID_GID(gid)) return (set_errno(EINVAL)); + if (gid > MAXUID) { + if (ksid_lookup(gid, &ksid) != 0) + return (set_errno(EINVAL)); + ksp = &ksid; + } else { + ksp = NULL; + } + /* * Need to pre-allocate the new cred structure before grabbing * the p_crlock mutex. */ - newcr = cralloc(); + newcr = cralloc_ksid(); p = ttoproc(curthread); mutex_enter(&p->p_crlock); cr = p->p_cred; @@ -67,6 +75,7 @@ crcopy_to(cr, newcr); p->p_cred = newcr; newcr->cr_gid = gid; + crsetsid(newcr, ksp, KSID_GROUP); } else if ((error = secpolicy_allow_setid(cr, -1, B_FALSE)) == 0) { /* * A privileged process that makes itself look like a @@ -81,8 +90,13 @@ newcr->cr_gid = gid; newcr->cr_rgid = gid; newcr->cr_sgid = gid; - } else + crsetsid(newcr, ksp, KSID_GROUP); + } else { crfree(newcr); + if (ksp != NULL) + ksid_rele(ksp); + + } mutex_exit(&p->p_crlock); @@ -113,19 +127,27 @@ int setegid(gid_t gid) { - register proc_t *p; - register cred_t *cr, *newcr; + proc_t *p; + cred_t *cr, *newcr; int error = EPERM; int do_nocd = 0; + ksid_t ksid, *ksp; - if (gid < 0 || gid > MAXUID) + if (!VALID_GID(gid)) return (set_errno(EINVAL)); + if (gid > MAXUID) { + if (ksid_lookup(gid, &ksid) != 0) + return (set_errno(EINVAL)); + ksp = &ksid; + } else { + ksp = NULL; + } /* * Need to pre-allocate the new cred structure before grabbing * the p_crlock mutex. */ - newcr = cralloc(); + newcr = cralloc_ksid(); p = ttoproc(curthread); mutex_enter(&p->p_crlock); cr = p->p_cred; @@ -141,8 +163,12 @@ crcopy_to(cr, newcr); p->p_cred = newcr; newcr->cr_gid = gid; - } else + crsetsid(newcr, ksp, KSID_GROUP); + } else { crfree(newcr); + if (ksp != NULL) + ksid_rele(ksp); + } mutex_exit(&p->p_crlock); @@ -172,16 +198,24 @@ int error = EPERM; int do_nocd = 0; cred_t *cr, *newcr; + ksid_t ksid, *ksp; - if ((rgid != -1 && (rgid < 0 || rgid > MAXUID)) || - (egid != -1 && (egid < 0 || egid > MAXUID))) + if ((rgid != -1 && !VALID_GID(rgid)) || + (egid != -1 && !VALID_GID(egid))) return (set_errno(EINVAL)); + if (egid != -1 && egid > MAXUID) { + if (ksid_lookup(egid, &ksid) != 0) + return (set_errno(EINVAL)); + ksp = &ksid; + } else { + ksp = NULL; + } /* * Need to pre-allocate the new cred structure before grabbing * the p_crlock mutex. */ - newcr = cralloc(); + newcr = cralloc_ksid(); p = ttoproc(curthread); mutex_enter(&p->p_crlock); @@ -196,8 +230,10 @@ crcopy_to(cr, newcr); p->p_cred = newcr; - if (egid != -1) + if (egid != -1) { newcr->cr_gid = egid; + crsetsid(newcr, ksp, KSID_GROUP); + } if (rgid != -1) newcr->cr_rgid = rgid; /* @@ -231,5 +267,7 @@ return (0); } crfree(newcr); + if (ksp != NULL) + ksid_rele(ksp); return (set_errno(error)); }
--- a/usr/src/uts/common/syscall/groups.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/syscall/groups.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -21,7 +20,7 @@ */ /* * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T - * Copyright 2001-2003 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -48,6 +47,8 @@ int n = gidsetsize; gid_t *groups = NULL; int error; + int scnt = 0; + ksidlist_t *ksl = NULL; /* Perform the cheapest tests before grabbing p_crlock */ if (n > ngroups_max || n < 0) @@ -62,18 +63,28 @@ } for (i = 0; i < n; i++) { - if (groups[i] < 0 || groups[i] > MAXUID) { + if (!VALID_GID(groups[i])) { + kmem_free(groups, n * sizeof (gid_t)); + return (set_errno(EINVAL)); + } + if (groups[i] > MAXUID) + scnt++; + } + if (scnt > 0) { + ksl = kcrsid_gidstosids(n, groups); + if (ksl == NULL) { kmem_free(groups, n * sizeof (gid_t)); return (set_errno(EINVAL)); } } } + /* * Need to pre-allocate the new cred structure before acquiring * the p_crlock mutex. */ - newcr = cralloc(); + newcr = cralloc_ksid(); p = ttoproc(curthread); mutex_enter(&p->p_crlock); cr = p->p_cred; @@ -82,11 +93,14 @@ mutex_exit(&p->p_crlock); if (groups != NULL) kmem_free(groups, n * sizeof (gid_t)); + if (ksl != NULL) + ksidlist_rele(ksl); crfree(newcr); return (set_errno(error)); } crdup_to(cr, newcr); + crsetsidlist(newcr, ksl); if (n != 0) { bcopy(groups, newcr->cr_groups, n * sizeof (gid_t));
--- a/usr/src/uts/common/syscall/ppriv.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/syscall/ppriv.c Fri May 25 05:43:42 2007 -0700 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -336,6 +336,7 @@ privsys(int code, priv_op_t op, priv_ptype_t type, void *buf, size_t bufsize) { int retv; + extern int issetugid(void); switch (code) { case PRIVSYS_SETPPRIV: @@ -354,6 +355,8 @@ case PRIVSYS_GETPFLAGS: retv = (int)getpflags((uint_t)op, CRED()); return (retv == -1 ? set_errno(EINVAL) : retv); + case PRIVSYS_ISSETUGID: + return (issetugid()); } return (set_errno(EINVAL)); }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/uts/common/syscall/sidsys.c Fri May 25 05:43:42 2007 -0700 @@ -0,0 +1,299 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * SID system call. + */ + +#include <sys/sid.h> +#include <sys/cred.h> +#include <sys/errno.h> +#include <sys/systm.h> +#include <sys/policy.h> +#include <sys/door.h> + +static kmutex_t idmap_mutex; + +typedef struct idmap_reg { + door_handle_t idmap_door; + int idmap_flags; + int idmap_ref; +} idmap_reg_t; + +static idmap_reg_t *idmap_ptr; + +static int idmap_unreg_dh(door_handle_t); + +static void +idmap_freeone(idmap_reg_t *p) +{ + ASSERT(p->idmap_ref == 0); + ASSERT(MUTEX_HELD(&idmap_mutex)); + + door_ki_rele(p->idmap_door); + if (idmap_ptr == p) + idmap_ptr = NULL; + + kmem_free(p, sizeof (*p)); +} + +static int +idmap_do_call(sidmap_call_t *callp, size_t callsz, void **resp, size_t *respsz) +{ + door_arg_t da; + idmap_reg_t *p; + int ret; + int dres; + + mutex_enter(&idmap_mutex); + p = idmap_ptr; + if (p != NULL) { + p->idmap_ref++; + } else { + mutex_exit(&idmap_mutex); + return (-1); + } + mutex_exit(&idmap_mutex); + + da.data_ptr = (char *)callp; + da.data_size = callsz; + da.desc_ptr = NULL; + da.desc_num = 0; + da.rbuf = *resp; + da.rsize = *respsz; + + while ((dres = door_ki_upcall(p->idmap_door, &da)) != 0) { + switch (dres) { + case EINTR: + case EAGAIN: + delay(1); + continue; + case EINVAL: + case EBADF: + (void) idmap_unreg_dh(p->idmap_door); + /* FALLTHROUGH */ + default: + ret = -1; + goto out; + } + } + *resp = da.rbuf; + *respsz = da.rsize; + ret = 0; +out: + mutex_enter(&idmap_mutex); + if (--p->idmap_ref == 0) + idmap_freeone(p); + mutex_exit(&idmap_mutex); + return (ret); +} + +/* + * Current code only attempts to map ids to sids. + */ +int +idmap_call_byid(uid_t id, ksid_t *ksid) +{ + sidmap_call_t call; + domsid_t res, *resp = &res; + size_t respsz = sizeof (res); + + call.sc_type = SIDSYS_ID2SID; + call.sc_val.sc_id = id; + + if (idmap_do_call(&call, sizeof (call), (void **)&resp, &respsz) != 0) + return (-1); + + ksid->ks_domain = ksid_lookupdomain(resp->ds_dom); + ksid->ks_rid = resp->ds_rid; + + /* Larger SID return value; this usually happens */ + if (resp != &res) + kmem_free(resp, respsz); + + return (0); +} + +uid_t +idmap_call_bysid(ksid_t *ksid) +{ + ksiddomain_t *domp = ksid->ks_domain; + sidmap_call_t *callp; + uid_t res = (uid_t)-1; + uid_t *resp = &res; + size_t callsz; + size_t respsz = sizeof (res); + + callsz = sizeof (sidmap_call_t) + domp->kd_len; + + callp = kmem_alloc(callsz, KM_SLEEP); + callp->sc_type = SIDSYS_SID2ID; + bcopy(domp->kd_name, callp->sc_val.sc_sid.ds_dom, domp->kd_len); + callp->sc_val.sc_sid.ds_rid = ksid->ks_rid; + + if (idmap_do_call(callp, callsz, (void **)&resp, &respsz) != 0) + goto out; + + /* Should never happen; the original buffer should be large enough */ + if (resp != &res) { + kmem_free(resp, respsz); + goto out; + } + + if (respsz != sizeof (uid_t)) + res = (uid_t)-1; + +out: + kmem_free(callp, callsz); + return (res); +} + +static int +idmap_reg(int did) +{ + door_handle_t dh; + idmap_reg_t *idmp; + int err; + + if ((err = secpolicy_idmap(CRED())) != 0) + return (set_errno(err)); + + dh = door_ki_lookup(did); + + if (dh == NULL) + return (set_errno(EBADF)); + + idmp = kmem_alloc(sizeof (*idmp), KM_SLEEP); + + idmp->idmap_door = dh; + mutex_enter(&idmap_mutex); + if (idmap_ptr != NULL) { + if (--idmap_ptr->idmap_ref == 0) + idmap_freeone(idmap_ptr); + } + idmp->idmap_flags = 0; + idmp->idmap_ref = 1; + idmap_ptr = idmp; + mutex_exit(&idmap_mutex); + return (0); +} + +static int +idmap_unreg_dh(door_handle_t dh) +{ + mutex_enter(&idmap_mutex); + if (idmap_ptr == NULL || idmap_ptr->idmap_door != dh) { + mutex_exit(&idmap_mutex); + return (EINVAL); + } + + if (idmap_ptr->idmap_flags != 0) { + mutex_exit(&idmap_mutex); + return (EAGAIN); + } + idmap_ptr->idmap_flags = 1; + if (--idmap_ptr->idmap_ref == 0) + idmap_freeone(idmap_ptr); + mutex_exit(&idmap_mutex); + return (0); +} + +static int +idmap_unreg(int did) +{ + door_handle_t dh = door_ki_lookup(did); + int res; + + if (dh == NULL) + return (set_errno(EINVAL)); + + res = idmap_unreg_dh(dh); + door_ki_rele(dh); + + if (res != 0) + return (set_errno(res)); + return (0); +} + +static boolean_t +its_my_door(void) +{ + mutex_enter(&idmap_mutex); + if (idmap_ptr != NULL) { + struct door_info info; + int err = door_ki_info(idmap_ptr->idmap_door, &info); + if (err == 0 && info.di_target == curproc->p_pid) { + mutex_exit(&idmap_mutex); + return (B_TRUE); + } + } + mutex_exit(&idmap_mutex); + return (B_FALSE); +} + +static uint64_t +allocids(int flag, int nuids, int ngids) +{ + rval_t r; + uid_t su = 0; + gid_t sg = 0; + int err; + + if (!its_my_door()) + return (set_errno(EPERM)); + + if (nuids < 0 || ngids < 0) + return (set_errno(EINVAL)); + + if (flag != 0 || nuids > 0) + err = eph_uid_alloc(flag, &su, nuids); + if (err == 0 && (flag != 0 || ngids > 0)) + err = eph_gid_alloc(flag, &sg, ngids); + + if (err != 0) + return (set_errno(EOVERFLOW)); + + r.r_val1 = su; + r.r_val2 = sg; + return (r.r_vals); +} + +uint64_t +sidsys(int op, int flag, int nuids, int ngids) +{ + switch (op) { + case SIDSYS_ALLOC_IDS: + return (allocids(flag, nuids, ngids)); + case SIDSYS_IDMAP_REG: + return (idmap_reg(flag)); + case SIDSYS_IDMAP_UNREG: + return (idmap_unreg(flag)); + default: + return (set_errno(EINVAL)); + } +}
--- a/usr/src/uts/common/syscall/sysconfig.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/syscall/sysconfig.c Fri May 25 05:43:42 2007 -0700 @@ -20,7 +20,7 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -164,6 +164,9 @@ case _CONFIG_CPUID_MAX: return (max_cpuid); + case _CONFIG_EPHID_MAX: + return (MAXEPHUID); + case _CONFIG_SYMLOOP_MAX: return (MAXSYMLINKS); }
--- a/usr/src/uts/common/syscall/uid.c Fri May 25 01:22:13 2007 -0700 +++ b/usr/src/uts/common/syscall/uid.c Fri May 25 05:43:42 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -42,26 +41,35 @@ #include <sys/debug.h> #include <sys/policy.h> #include <sys/zone.h> +#include <sys/sid.h> int setuid(uid_t uid) { - register proc_t *p; + proc_t *p; int error; int do_nocd = 0; int uidchge = 0; cred_t *cr, *newcr; uid_t oldruid = uid; zoneid_t zoneid = getzoneid(); + ksid_t ksid, *ksp; - if (uid < 0 || uid > MAXUID) + if (!VALID_UID(uid)) return (set_errno(EINVAL)); + if (uid > MAXUID) { + if (ksid_lookup(uid, &ksid) != 0) + return (set_errno(EINVAL)); + ksp = &ksid; + } else { + ksp = NULL; + } /* * Need to pre-allocate the new cred structure before grabbing * the p_crlock mutex. */ - newcr = cralloc(); + newcr = cralloc_ksid(); p = ttoproc(curthread); @@ -75,6 +83,7 @@ crcopy_to(cr, newcr); p->p_cred = newcr; newcr->cr_uid = uid; + crsetsid(newcr, ksp, KSID_USER); } else if ((error = secpolicy_allow_setid(cr, uid, B_FALSE)) == 0) { if (!uidchge && uid != cr->cr_ruid) { /* @@ -111,9 +120,13 @@ newcr->cr_ruid = uid; newcr->cr_suid = uid; newcr->cr_uid = uid; + crsetsid(newcr, ksp, KSID_USER); ASSERT(uid != oldruid ? uidchge : 1); - } else + } else { crfree(newcr); + if (ksp != NULL) + ksid_rele(ksp); + } mutex_exit(&p->p_crlock); @@ -155,19 +168,28 @@ int seteuid(uid_t uid) { - register proc_t *p; + proc_t *p; int error = EPERM; int do_nocd = 0; cred_t *cr, *newcr; + ksid_t ksid, *ksp; - if (uid < 0 || uid > MAXUID) + if (!VALID_UID(uid)) return (set_errno(EINVAL)); + if (uid > MAXUID) { + if (ksid_lookup(uid, &ksid) != 0) + return (set_errno(EINVAL)); + ksp = &ksid; + } else { + ksp = NULL; + } + /* * Need to pre-allocate the new cred structure before grabbing * the p_crlock mutex. */ - newcr = cralloc(); + newcr = cralloc_ksid(); p = ttoproc(curthread); mutex_enter(&p->p_crlock); cr = p->p_cred; @@ -185,8 +207,12 @@ crcopy_to(cr, newcr); p->p_cred = newcr; newcr->cr_uid = uid; - } else + crsetsid(newcr, ksp, KSID_USER); + } else { crfree(newcr); + if (ksp != NULL) + ksid_rele(ksp); + } mutex_exit(&p->p_crlock); @@ -219,16 +245,25 @@ uid_t oldruid = ruid; cred_t *cr, *newcr; zoneid_t zoneid = getzoneid(); + ksid_t ksid, *ksp; - if ((ruid != -1 && (ruid < 0 || ruid > MAXUID)) || - (euid != -1 && (euid < 0 || euid > MAXUID))) + if ((ruid != -1 && !VALID_UID(ruid)) || + (euid != -1 && !VALID_UID(euid))) return (set_errno(EINVAL)); + if (euid != -1 && euid > MAXUID) { + if (ksid_lookup(euid, &ksid) != 0) + return (set_errno(EINVAL)); + ksp = &ksid; + } else { + ksp = NULL; + } + /* * Need to pre-allocate the new cred structure before grabbing * the p_crlock mutex. */ - newcr = cralloc(); + newcr = cralloc_ksid(); p = ttoproc(curthread); @@ -269,8 +304,10 @@ crcopy_to(cr, newcr); p->p_cred = newcr; - if (euid != -1) + if (euid != -1) { newcr->cr_uid = euid; + crsetsid(newcr, ksp, KSID_USER); + } if (ruid != -1) { oldruid = newcr->cr_ruid; newcr->cr_ruid = ruid; @@ -319,5 +356,7 @@ return (0); } crfree(newcr); + if (ksp != NULL) + ksid_rele(ksp); return (set_errno(error)); }