Robert Watson wrote:
On Mon, 28 Sep 2009, John Baldwin wrote:
==============================================================================
--- head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Sep 28 18:54:26 2009
(r197583)
+++ head/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Sep 28 18:55:29 2009
(r197584)
@@ -449,6 +449,8 @@ rpc_gss_svc_getcred(struct svc_req *req,
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
cr->cr_rgid = cr->cr_svgid = uc->gid;
crsetgroups(cr, uc->gidlen, uc->gidlist);
+ cr->cr_prison = &prison0;
+ prison_hold(cr->cr_prison);
*crp = crhold(cr);
return (TRUE);
FYI, it would be nice if prison_hold() returned a pointer to the
prison as you can then do what crhold() does above:
cr->cr_prison = prison_hold(&prison0);
I prefer combining the refcount and assignment into one step with the
goal of avoiding outright assignments that don't go via foo_hold() or
fooref() for refcounted objects.
In the long-term, explicit references to proc0, prison0, thread0,
filedesc0, ... all make me rather nervous. I'd rather that all these
things were linked to either the credentials of the file system mount,
the user thread, or perhaps gssd in some cases. From the perspective if
virtualization, the file system mount credential seems the most likely
candidate.
Do we want some better standard for creating these daemon creds than
hand-rolling them from crget? Both NFS export and GSS seems to have a
user and group list passed in, so it's more than a matter of using the
current cred - perhaps some superset of change_ruid.
- Jamie
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
