author: Bjoern A. Zeeb <bz@FreeBSD.org> 2008-10-30 16:29:04 +0000
committer: Bjoern A. Zeeb <bz@FreeBSD.org> 2008-10-30 16:29:04 +0000
commit: bcea896973943496867432f3365f8cd8045e824a (patch)
tree: 5cde4c7fabe876407982c240275f319bfc10460b
parent: 1fa1466fa0f70e8d5853f2b098123af995e2e303 (diff)
9 files changed, 44 insertions, 57 deletions
diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c
index a2760cf13f07..29447ffec26d 100644
--- a/sys/contrib/pf/net/pf.c
+++ b/sys/contrib/pf/net/pf.c
@@ -2938,13 +2938,9 @@ pf_socket_lookup(int direction, struct pf_pdesc *pd)
 #ifdef __FreeBSD__
 	if (inp_arg != NULL) {
 		INP_LOCK_ASSERT(inp_arg);
-		if (inp_arg->inp_socket) {
-			pd->lookup.uid = inp_arg->inp_socket->so_cred->cr_uid;
-			pd->lookup.gid =
-			    inp_arg->inp_socket->so_cred->cr_groups[0];
-			return (1);
-		} else
-			return (-1);
+		pd->lookup.uid = inp_arg->inp_cred->cr_uid;
+		pd->lookup.gid = inp_arg->inp_cred->cr_groups[0];
+		return (1);
 	}
 #endif
 	switch (pd->proto) {
@@ -3040,15 +3036,9 @@ pf_socket_lookup(int direction, struct pf_pdesc *pd)
 		return (-1);
 	}
 #ifdef __FreeBSD__
-	INP_RLOCK(inp);
+	pd->lookup.uid = inp->inp_cred->cr_uid;
+	pd->lookup.gid = inp->inp_cred->cr_groups[0];
 	INP_INFO_RUNLOCK(pi);
-	if ((inp->inp_socket == NULL) || (inp->inp_socket->so_cred == NULL)) {
-		INP_RUNLOCK(inp);
-		return (-1);
-	}
-	pd->lookup.uid = inp->inp_socket->so_cred->cr_uid;
-	pd->lookup.gid = inp->inp_socket->so_cred->cr_groups[0];
-	INP_RUNLOCK(inp);
 #else
 	pd->lookup.uid = inp->inp_socket->so_euid;
 	pd->lookup.gid = inp->inp_socket->so_egid;
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 2ee2bf9c6846..10cc661ed809 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -186,6 +186,7 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo)
 	bzero(inp, inp_zero_size);
 	inp->inp_pcbinfo = pcbinfo;
 	inp->inp_socket = so;
+	inp->inp_cred = crhold(so->so_cred);
 	inp->inp_inc.inc_fibnum = so->so_fibnum;
 #ifdef MAC
 	error = mac_init_inpcb(inp, M_NOWAIT);
@@ -224,8 +225,10 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo)
 
 #if defined(IPSEC) || defined(MAC)
 out:
-	if (error != 0)
+	if (error != 0) {
+		crfree(inp->inp_cred);
 		uma_zfree(pcbinfo->ipi_zone, inp);
+	}
 #endif
 	return (error);
 }
@@ -345,7 +348,7 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
 			if (jailed(cred))
 				prison = 1;
 			if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
-			    priv_check_cred(so->so_cred,
+			    priv_check_cred(inp->inp_cred,
 			    PRIV_NETINET_REUSEPORT, 0) != 0) {
 				t = in_pcblookup_local(pcbinfo, sin->sin_addr,
 				    lport, prison ? 0 : INPLOOKUP_WILDCARD,
@@ -362,8 +365,8 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
 				     ntohl(t->inp_laddr.s_addr) != INADDR_ANY ||
 				     (t->inp_socket->so_options &
 					 SO_REUSEPORT) == 0) &&
-				    (so->so_cred->cr_uid !=
-				     t->inp_socket->so_cred->cr_uid))
+				    (inp->inp_cred->cr_uid !=
+				     t->inp_cred->cr_uid))
 					return (EADDRINUSE);
 			}
 			if (prison && prison_ip(cred, 0, &sin->sin_addr.s_addr))
@@ -745,6 +748,7 @@ in_pcbfree(struct inpcb *inp)
 	if (inp->inp_moptions != NULL)
 		inp_freemoptions(inp->inp_moptions);
 	inp->inp_vflag = 0;
+	crfree(inp->inp_cred);
 
 #ifdef MAC
 	mac_destroy_inpcb(inp);
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index af4df66fc7f7..539b0151052f 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -169,7 +169,8 @@ struct inpcb {
 	u_char	inp_ip_p;		/* (c) protocol proto */
 	u_char	inp_ip_minttl;		/* (i) minimum TTL or drop */
 	uint32_t inp_ispare1;		/* (x) connection id / queue id */
-	void	*inp_pspare[2];		/* (x) rtentry / general use */
+	void	*inp_pspare;		/* (x) rtentry / general use */
+	struct	ucred	*inp_cred;	/* (c) cache of socket cred */
 
 	/* Local and foreign ports, local and foreign addr. */
 	struct	in_conninfo inp_inc;
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index 63a2d315fd03..a8a41ddcb311 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -1962,15 +1962,11 @@ fill_ugid_cache(struct inpcb *inp, struct ip_fw_ugid *ugp)
 {
 	struct ucred *cr;
 
-	if (inp->inp_socket != NULL) {
-		cr = inp->inp_socket->so_cred;
-		ugp->fw_prid = jailed(cr) ?
-		    cr->cr_prison->pr_id : -1;
-		ugp->fw_uid = cr->cr_uid;
-		ugp->fw_ngroups = cr->cr_ngroups;
-		bcopy(cr->cr_groups, ugp->fw_groups,
-		    sizeof(ugp->fw_groups));
-	}
+	cr = inp->inp_cred;
+	ugp->fw_prid = jailed(cr) ? cr->cr_prison->pr_id : -1;
+	ugp->fw_uid = cr->cr_uid;
+	ugp->fw_ngroups = cr->cr_ngroups;
+	bcopy(cr->cr_groups, ugp->fw_groups, sizeof(ugp->fw_groups));
 }
 
 static int
@@ -2026,12 +2022,8 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif,
 				dst_ip, htons(dst_port),
 				wildcard, NULL);
 		if (pcb != NULL) {
-			INP_RLOCK(pcb);
-			if (pcb->inp_socket != NULL) {
-				fill_ugid_cache(pcb, ugp);
-				*ugid_lookupp = 1;
-			}
-			INP_RUNLOCK(pcb);
+			fill_ugid_cache(pcb, ugp);
+			*ugid_lookupp = 1;
 		}
 		INP_INFO_RUNLOCK(pi);
 		if (*ugid_lookupp == 0) {
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 5992ce16f132..4d1ebadbb565 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -257,6 +257,7 @@ rip_input(struct mbuf *m, int off)
 		if (inp->inp_ip_p != proto)
 			continue;
 #ifdef INET6
+		/* XXX inp locking */
 		if ((inp->inp_vflag & INP_IPV4) == 0)
 			continue;
 #endif
@@ -264,11 +265,9 @@ rip_input(struct mbuf *m, int off)
 			continue;
 		if (inp->inp_faddr.s_addr != ip->ip_src.s_addr)
 			continue;
-		INP_RLOCK(inp);
-		if (jailed(inp->inp_socket->so_cred) &&
-		    (htonl(prison_getip(inp->inp_socket->so_cred)) !=
+		if (jailed(inp->inp_cred) &&
+		    (htonl(prison_getip(inp->inp_cred)) !=
 		    ip->ip_dst.s_addr)) {
-			INP_RUNLOCK(inp);
 			continue;
 		}
 		if (last) {
@@ -280,12 +279,14 @@ rip_input(struct mbuf *m, int off)
 			/* XXX count dropped packet */
 			INP_RUNLOCK(last);
 		}
+		INP_RLOCK(inp);
 		last = inp;
 	}
 	LIST_FOREACH(inp, &ripcbinfo.ipi_hashbase[0], inp_hash) {
 		if (inp->inp_ip_p && inp->inp_ip_p != proto)
 			continue;
 #ifdef INET6
+		/* XXX inp locking */
 		if ((inp->inp_vflag & INP_IPV4) == 0)
 			continue;
 #endif
@@ -295,11 +296,9 @@ rip_input(struct mbuf *m, int off)
 		if (inp->inp_faddr.s_addr &&
 		    inp->inp_faddr.s_addr != ip->ip_src.s_addr)
 			continue;
-		INP_RLOCK(inp);
-		if (jailed(inp->inp_socket->so_cred) &&
-		    (htonl(prison_getip(inp->inp_socket->so_cred)) !=
+		if (jailed(inp->inp_cred) &&
+		    (htonl(prison_getip(inp->inp_cred)) !=
 		    ip->ip_dst.s_addr)) {
-			INP_RUNLOCK(inp);
 			continue;
 		}
 		if (last) {
@@ -311,6 +310,7 @@ rip_input(struct mbuf *m, int off)
 			/* XXX count dropped packet */
 			INP_RUNLOCK(last);
 		}
+		INP_RLOCK(inp);
 		last = inp;
 	}
 	INP_INFO_RUNLOCK(&ripcbinfo);
@@ -360,9 +360,9 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst)
 			ip->ip_off = 0;
 		ip->ip_p = inp->inp_ip_p;
 		ip->ip_len = m->m_pkthdr.len;
-		if (jailed(inp->inp_socket->so_cred))
+		if (jailed(inp->inp_cred))
 			ip->ip_src.s_addr =
-			    htonl(prison_getip(inp->inp_socket->so_cred));
+			    htonl(prison_getip(inp->inp_cred));
 		else
 			ip->ip_src = inp->inp_laddr;
 		ip->ip_dst.s_addr = dst;
@@ -374,9 +374,9 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst)
 		}
 		INP_RLOCK(inp);
 		ip = mtod(m, struct ip *);
-		if (jailed(inp->inp_socket->so_cred)) {
+		if (jailed(inp->inp_cred)) {
 			if (ip->ip_src.s_addr !=
-			    htonl(prison_getip(inp->inp_socket->so_cred))) {
+			    htonl(prison_getip(inp->inp_cred))) {
 				INP_RUNLOCK(inp);
 				m_freem(m);
 				return (EPERM);
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 4a2bbdafcb3c..8f49564edcbf 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -1047,7 +1047,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
 			error = cr_canseesocket(req->td->td_ucred,
 			    inp->inp_socket);
 		if (error == 0)
-			cru2x(inp->inp_socket->so_cred, &xuc);
+			cru2x(inp->inp_cred, &xuc);
 		INP_RUNLOCK(inp);
 	} else {
 		INP_INFO_RUNLOCK(&tcbinfo);
@@ -1109,7 +1109,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
 			error = cr_canseesocket(req->td->td_ucred,
 			    inp->inp_socket);
 		if (error == 0)
-			cru2x(inp->inp_socket->so_cred, &xuc);
+			cru2x(inp->inp_cred, &xuc);
 		INP_RUNLOCK(inp);
 	} else {
 		INP_INFO_RUNLOCK(&tcbinfo);
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 3d791021bc51..8ccdfe4e3640 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -768,7 +768,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS)
 			error = cr_canseesocket(req->td->td_ucred,
 			    inp->inp_socket);
 		if (error == 0)
-			cru2x(inp->inp_socket->so_cred, &xuc);
+			cru2x(inp->inp_cred, &xuc);
 		INP_RUNLOCK(inp);
 	} else {
 		INP_INFO_RUNLOCK(&udbinfo);
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 34fe34670ef5..ed93a35310ce 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -185,7 +185,7 @@ in6_pcbbind(register struct inpcb *inp, struct sockaddr *nam,
 			    0))
 				return (EACCES);
 			if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) &&
-			    priv_check_cred(so->so_cred,
+			    priv_check_cred(inp->inp_cred,
 			    PRIV_NETINET_REUSEPORT, 0) != 0) {
 				t = in6_pcblookup_local(pcbinfo,
 				    &sin6->sin6_addr, lport,
@@ -197,8 +197,8 @@ in6_pcbbind(register struct inpcb *inp, struct sockaddr *nam,
 				    (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) ||
 				     !IN6_IS_ADDR_UNSPECIFIED(&t->in6p_laddr) ||
 				     (t->inp_socket->so_options & SO_REUSEPORT)
-				      == 0) && (so->so_cred->cr_uid !=
-				     t->inp_socket->so_cred->cr_uid))
+				      == 0) && (inp->inp_cred->cr_uid !=
+				     t->inp_cred->cr_uid))
 					return (EADDRINUSE);
 				if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0 &&
 				    IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
@@ -214,8 +214,8 @@ in6_pcbbind(register struct inpcb *inp, struct sockaddr *nam,
 					    (so->so_type != SOCK_STREAM ||
 					     ntohl(t->inp_faddr.s_addr) ==
 					      INADDR_ANY) &&
-					    (so->so_cred->cr_uid !=
-					     t->inp_socket->so_cred->cr_uid))
+					    (inp->inp_cred->cr_uid !=
+					     t->inp_cred->cr_uid))
 						return (EADDRINUSE);
 				}
 			}
@@ -317,7 +317,7 @@ in6_pcbladdr(register struct inpcb *inp, struct sockaddr *nam,
 	 */
 	*plocal_addr6 = in6_selectsrc(sin6, inp->in6p_outputopts,
 				      inp, NULL,
-				      inp->inp_socket->so_cred,
+				      inp->inp_cred,
 				      &ifp, &error);
 	if (ifp && scope_ambiguous &&
 	    (error = in6_setscope(&sin6->sin6_addr, ifp, NULL)) != 0) {
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index 18d12ed1ae2c..bb7075198de8 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -458,7 +458,7 @@ udp6_getcred(SYSCTL_HANDLER_ARGS)
 			error = cr_canseesocket(req->td->td_ucred,
 			    inp->inp_socket);
 		if (error == 0)
-			cru2x(inp->inp_socket->so_cred, &xuc);
+			cru2x(inp->inp_cred, &xuc);
 		INP_RUNLOCK(inp);
 	} else {
 		INP_INFO_RUNLOCK(&udbinfo);
author	Bjoern A. Zeeb <bz@FreeBSD.org>	2008-10-30 16:29:04 +0000
committer	Bjoern A. Zeeb <bz@FreeBSD.org>	2008-10-30 16:29:04 +0000
commit	bcea896973943496867432f3365f8cd8045e824a (patch)
tree	5cde4c7fabe876407982c240275f319bfc10460b
parent	1fa1466fa0f70e8d5853f2b098123af995e2e303 (diff)