Add sc_pid to sockcred so that SOCK_DGRAM and LOCAL_CREDS socket option

can learn the process id of the AF_LOCAL sender.
Add compat glue for old structure.

share/man/man4/unix.4

@@ -1,4 +1,4 @@
-.\"	$NetBSD: unix.4,v 1.24 2011/05/29 08:46:42 wiz Exp $
+.\"	$NetBSD: unix.4,v 1.25 2016/04/06 19:45:46 roy Exp $
 .\"
 .\" Copyright (c) 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"     @(#)unix.4	8.1 (Berkeley) 6/9/93
 .\"
-.Dd May 29, 2011
+.Dd March 31, 2016
 .Dt UNIX 4
 .Os
 .Sh NAME
@@ -198,6 +198,7 @@ length sockcred structure, defined in
 as follows:
 .Bd -literal
 struct sockcred {
+	pid_t	sc_pid;			/* process id */
 	uid_t	sc_uid;			/* real user id */
 	uid_t	sc_euid;		/* effective user id */
 	gid_t	sc_gid;			/* real group id */
@@ -289,3 +290,8 @@ macro, the following definition is recommended:
 .%A Chris Torek
 .Re
 .Pq see Pa /usr/share/doc/psd/21.ipc
+.Sh HISTORY
+The
+.Ar sc_pid
+field was introduced in
+.Nx 8.0 .

sys/compat/common/Makefile

@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.55 2016/03/22 08:25:23 mrg Exp $
+#	$NetBSD: Makefile,v 1.56 2016/04/06 19:45:45 roy Exp $
 
 LIB=		compat
 NOPIC=		# defined
@@ -47,6 +47,9 @@ SRCS+=	kern_50.c kern_time_50.c kern_select_50.c rndpseudo_50.c rtsock_50.c \
 # Compatibility code for NetBSD 6.0
 SRCS+=	kern_sa_60.c tty_60.c kern_time_60.c
 
+# Compatibility code for NetBSD 7.0
+SRCS+=	uipc_usrreq_70.c
+
 # really, all machines where sizeof(int) != sizeof(long) (LP64)
 .if (${MACHINE_ARCH} != "alpha" && ${MACHINE_ARCH} != "sparc64" \
   && ${MACHINE_ARCH} != "x86_64")

sys/compat/common/uipc_usrreq_70.c

@@ -0,0 +1,70 @@
+/*	$NetBSD: uipc_usrreq_70.c,v 1.1 2016/04/06 19:45:45 roy Exp $	*/
+
+/*-
+ * Copyright (c) 2016 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Roy Marples.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq_70.c,v 1.1 2016/04/06 19:45:45 roy Exp $");
+
+#include <sys/param.h>
+#include <sys/lwp.h>
+#include <sys/socket.h>
+#include <sys/socketvar.h>
+#include <sys/unpcb.h>
+#include <sys/mbuf.h>
+#include <sys/kauth.h>
+
+#include <compat/sys/socket.h>
+
+#ifdef COMPAT_SOCKCRED70
+struct mbuf *
+compat_70_unp_addsockcred(struct lwp *l, struct mbuf *control)
+{
+	struct sockcred70 *sc;
+	struct mbuf *m;
+	void *p;
+
+	m = sbcreatecontrol1(&p, SOCKCRED70SIZE(kauth_cred_ngroups(l->l_cred)),
+		SCM_OCREDS, SOL_SOCKET, M_WAITOK);
+	if (m == NULL)
+		return control;
+
+	sc = p;
+	sc->sc_uid = kauth_cred_getuid(l->l_cred);
+	sc->sc_euid = kauth_cred_geteuid(l->l_cred);
+	sc->sc_gid = kauth_cred_getgid(l->l_cred);
+	sc->sc_egid = kauth_cred_getegid(l->l_cred);
+	sc->sc_ngroups = kauth_cred_ngroups(l->l_cred);
+
+	for (int i = 0; i < sc->sc_ngroups; i++)
+		sc->sc_groups[i] = kauth_cred_group(l->l_cred, i);
+
+	return m_add(control, m);
+}
+#endif

sys/compat/sys/socket.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: socket.h,v 1.12 2009/02/13 22:41:04 apb Exp $	*/
+/*	$NetBSD: socket.h,v 1.13 2016/04/06 19:45:45 roy Exp $	*/
 
 /*
  * Copyright (c) 1982, 1985, 1986, 1988, 1993, 1994
@@ -47,6 +47,10 @@
 #define COMPAT_OSOCK
 #endif
 
+#ifdef COMPAT_70
+#define COMPAT_SOCKCRED70
+#endif
+
 #else
 #define COMPAT_OSOCK
 #endif
@@ -71,12 +75,28 @@ struct omsghdr {
 	int		msg_accrightslen;
 };
 
+/*
+ * 7.0 compat sockcred
+ */
+struct sockcred70 {
+	uid_t	sc_uid;			/* real user id */
+	uid_t	sc_euid;		/* effective user id */
+	gid_t	sc_gid;			/* real group id */
+	gid_t	sc_egid;		/* effective group id */
+	int	sc_ngroups;		/* number of supplemental groups */
+	gid_t	sc_groups[1];		/* variable length */
+};
+#define	SOCKCRED70SIZE(ngrps) \
+	(/*CONSTCOND*/sizeof(struct sockcred70) + (sizeof(gid_t) * \
+	    ((ngrps) ? ((ngrps) - 1) : 0)))
+
 #ifdef _KERNEL
 
 #define	SO_OSNDTIMEO	0x1005
 #define	SO_ORCVTIMEO	0x1006
 #define	SO_OTIMESTAMP	0x0400
 #define	SCM_OTIMESTAMP	0x2
+#define	SCM_OCREDS	0x4
 
 __BEGIN_DECLS
 struct socket;
@@ -84,6 +104,8 @@ struct proc;
 u_long compat_cvtcmd(u_long cmd);
 int compat_ifioctl(struct socket *, u_long, u_long, void *, struct lwp *);
 int compat43_set_accrights(struct msghdr *, void *, int);
+
+struct mbuf * compat_70_unp_addsockcred(struct lwp *, struct mbuf *);
 __END_DECLS
 #else
 int	__socket30(int, int, int);

sys/kern/uipc_usrreq.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_usrreq.c,v 1.179 2015/05/02 17:18:03 rtr Exp $	*/
+/*	$NetBSD: uipc_usrreq.c,v 1.180 2016/04/06 19:45:45 roy Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2000, 2004, 2008, 2009 The NetBSD Foundation, Inc.
@@ -96,7 +96,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.179 2015/05/02 17:18:03 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.180 2016/04/06 19:45:45 roy Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -120,6 +120,10 @@ __KERNEL_RCSID(0, "$NetBSD: uipc_usrreq.c,v 1.179 2015/05/02 17:18:03 rtr Exp $"
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 
+#ifdef COMPAT_70
+#include <compat/sys/socket.h>
+#endif
+
 /*
  * Unix communications domain.
  *
@@ -319,6 +323,10 @@ unp_output(struct mbuf *m, struct mbuf *control, struct unpcb *unp)
 		sun = &sun_noname;
 	if (unp->unp_conn->unp_flags & UNP_WANTCRED)
 		control = unp_addsockcred(curlwp, control);
+#ifdef COMPAT_SOCKCRED70
+	if (unp->unp_conn->unp_flags & UNP_OWANTCRED)
+		control = compat_70_unp_addsockcred(curlwp, control);
+#endif
 	if (sbappendaddr(&so2->so_rcv, (const struct sockaddr *)sun, m,
 	    control) == 0) {
 		so2->so_rcv.sb_overflowed++;
@@ -491,6 +499,16 @@ unp_send(struct socket *so, struct mbuf *m, struct sockaddr *nam,
 			unp->unp_conn->unp_flags &= ~UNP_WANTCRED;
 			control = unp_addsockcred(l, control);
 		}
+#ifdef COMPAT_SOCKCRED70
+		if (unp->unp_conn->unp_flags & UNP_OWANTCRED) {
+			/*
+			 * Credentials are passed only once on
+			 * SOCK_STREAM and SOCK_SEQPACKET.
+			 */
+			unp->unp_conn->unp_flags &= ~UNP_OWANTCRED;
+			control = compat_70_unp_addsockcred(l, control);
+		}
+#endif
 		/*
 		 * Send to paired receive port, and then reduce
 		 * send buffer hiwater marks to maintain backpressure.
@@ -566,6 +584,9 @@ uipc_ctloutput(int op, struct socket *so, struct sockopt *sopt)
 		switch (sopt->sopt_name) {
 		case LOCAL_CREDS:
 		case LOCAL_CONNWAIT:
+#ifdef COMPAT_SOCKCRED70
+		case LOCAL_OCREDS:
+#endif
 			error = sockopt_getint(sopt, &optval);
 			if (error)
 				break;
@@ -582,6 +603,11 @@ uipc_ctloutput(int op, struct socket *so, struct sockopt *sopt)
 			case LOCAL_CONNWAIT:
 				OPTSET(UNP_CONNWAIT);
 				break;
+#ifdef COMPAT_SOCKCRED70
+			case LOCAL_OCREDS:
+				OPTSET(UNP_OWANTCRED);
+				break;
+#endif
 			}
 			break;
 #undef OPTSET
@@ -609,6 +635,12 @@ uipc_ctloutput(int op, struct socket *so, struct sockopt *sopt)
 			optval = OPTBIT(UNP_WANTCRED);
 			error = sockopt_setint(sopt, optval);
 			break;
+#ifdef COMPAT_SOCKCRED70
+		case LOCAL_OCREDS:
+			optval = OPTBIT(UNP_OWANTCRED);
+			error = sockopt_setint(sopt, optval);
+			break;
+#endif
 #undef OPTBIT
 
 		default:
@@ -1574,6 +1606,7 @@ unp_addsockcred(struct lwp *l, struct mbuf *control)
 		return control;
 
 	sc = p;
+	sc->sc_pid = l->l_proc->p_pid;
 	sc->sc_uid = kauth_cred_getuid(l->l_cred);
 	sc->sc_euid = kauth_cred_geteuid(l->l_cred);
 	sc->sc_gid = kauth_cred_getgid(l->l_cred);

sys/modules/compat/Makefile

@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.12 2015/05/10 07:41:16 pgoyette Exp $
+#	$NetBSD: Makefile,v 1.13 2016/04/06 19:45:45 roy Exp $
 
 .include "../Makefile.inc"
 
@@ -34,6 +34,7 @@ SRCS+=	vfs_syscalls_20.c vfs_syscalls_30.c vfs_syscalls_40.c
 SRCS+=	vfs_syscalls_43.c vm_12.c vm_43.c compat_mod.c
 SRCS+=	kern_time_50.c kern_50.c vfs_syscalls_50.c
 SRCS+=	tty_60.c kern_time_60.c
+SRCS+=	uipc_usrreq_70.c
 
 .PATH:	${S}/arch/${MACHINE}/${MACHINE}
 .PATH:	${S}/arch/${MACHINE_ARCH}/${MACHINE_ARCH}

sys/sys/socket.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: socket.h,v 1.118 2015/10/13 21:28:34 rjs Exp $	*/
+/*	$NetBSD: socket.h,v 1.119 2016/04/06 19:45:46 roy Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -335,6 +335,11 @@ struct sockaddr_storage {
 
 #if defined(_NETBSD_SOURCE)
 
+#ifndef pid_t
+typedef __pid_t		pid_t;		/* process id */
+#define pid_t		__pid_t
+#endif
+
 #ifndef	gid_t
 typedef	__gid_t		gid_t;		/* group id */
 #define	gid_t		__gid_t
@@ -349,6 +354,7 @@ typedef	__uid_t		uid_t;		/* user id */
  * Socket credentials.
  */
 struct sockcred {
+	pid_t	sc_pid;			/* process id */
 	uid_t	sc_uid;			/* real user id */
 	uid_t	sc_euid;		/* effective user id */
 	gid_t	sc_gid;			/* real group id */
@@ -596,8 +602,9 @@ struct cmsghdr {
 #define	SCM_RIGHTS	0x01		/* access rights (array of int) */
 #if defined(_NETBSD_SOURCE)
 /*			0x02		   timestamp (struct timeval50) */
-#define	SCM_CREDS	0x04		/* credentials (struct sockcred) */
+/*			0x04		   credentials (struct sockcred70) */
 #define	SCM_TIMESTAMP	0x08		/* timestamp (struct timeval) */
+#define	SCM_CREDS	0x10		/* credentials (struct sockcred) */
 #endif
 
 /*

sys/sys/un.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: un.h,v 1.56 2015/05/02 17:18:04 rtr Exp $	*/
+/*	$NetBSD: un.h,v 1.57 2016/04/06 19:45:46 roy Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1993
@@ -56,9 +56,10 @@ struct	sockaddr_un {
  * Socket options for UNIX IPC domain.
  */
 #if defined(_NETBSD_SOURCE)
-#define	LOCAL_CREDS	0x0001		/* pass credentials to receiver */
+#define	LOCAL_OCREDS	0x0001		/* pass credentials to receiver */
 #define	LOCAL_CONNWAIT	0x0002		/* connects block until accepted */
 #define	LOCAL_PEEREID	0x0003		/* get peer identification */
+#define	LOCAL_CREDS	0x0004		/* pass credentials to receiver */
 #endif
 
 /*

sys/sys/unpcb.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: unpcb.h,v 1.17 2008/04/24 11:38:39 ad Exp $	*/
+/*	$NetBSD: unpcb.h,v 1.18 2016/04/06 19:45:46 roy Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
@@ -97,11 +97,12 @@ struct	unpcb {
  * in with data for the listening process.  This is set up in unp_bind() when
  * it fills in unp_connid for later consumption by unp_connect().
  */
-#define	UNP_WANTCRED	0x0001		/* credentials wanted */
+#define	UNP_OWANTCRED	0x0001		/* credentials wanted */
 #define	UNP_CONNWAIT	0x0002		/* connect blocks until accepted */
 #define	UNP_EIDSVALID	0x0004		/* unp_connid contains valid data */
 #define	UNP_EIDSBIND	0x0008		/* unp_connid was set by bind() */
 #define	UNP_BUSY	0x0010		/* busy connecting or binding */
+#define	UNP_WANTCRED	0x0020		/* credentials wanted */
 
 #define	sotounpcb(so)	((struct unpcb *)((so)->so_pcb))