lib/libc/rpc/svc_vc.c

Finally fix the credential stuff. I had to look at the code a long long
time before I've seen what exactly was the breakage.

In NetBSD, Solaris, xprt->xp_p2 pointed directly to the credentials,
in FreeBSD xprt->xp_verf.oa_base was a pointer to a struct cmessage,
which is defined as follow:

struct cmessage {
        struct cmsghdr cmsg;
        struct cmsgcred cmcred;
};

The credentials were submitted the right way and xprt->xp_p2 pointed to them.
But cb_verf.oa_flavor was still empty. There was an assignment missing
in svc_recv() in svc_vc.c:

msg->rm_call.cb_verf.oa_flavor = AUTH_UNIX;

Also 

+       if (addr.ss_family == AF_LOCAL) {
+               xprt->xp_raddr = *(struct sockaddr_in *)xprt->xp_rtaddr.buf;
+               xprt->xp_addrlen = sizeof (struct sockaddr_in);
+       }

was missing. But the first seems not to be needed:

I guess in rpc.yppasswdd there was a typo:

- transp>xp_verf.oa_flavor != AUTH_UNIX) {
+ rqstp->rq_cred.oa_flavor != AUTH_UNIX) {

This little fix does fix the breakage in rpc.yppasswdd :-)

+       if (msg.msg_controllen == 0 ||
+           (msg.msg_flags & MSG_CTRUNC) != 0)
+               return (-1);

We cannot set the cb_verf.oa_length in svc_recv() of svc_vc.c, the credentials
get overwritten then, and that's bad.

diff -ruN lib/libc/rpc/svc_vc.c lib/libc/rpc/svc_vc.c
--- lib/libc/rpc/svc_vc.c.orig	Thu Oct  4 15:11:41 2001
+++ lib/libc/rpc/svc_vc.c	Thu Oct  4 20:55:17 2001
@@ -313,6 +313,10 @@
 		return (FALSE);
 	memcpy(xprt->xp_rtaddr.buf, &addr, len);
 	xprt->xp_rtaddr.len = len;
+	if (addr.ss_family == AF_LOCAL) {
+		xprt->xp_raddr = *(struct sockaddr_in *)xprt->xp_rtaddr.buf;
+		xprt->xp_addrlen = sizeof (struct sockaddr_in);
+	}
 #ifdef PORTMAP
 	if (addr.ss_family == AF_INET) {
 		xprt->xp_raddr = *(struct sockaddr_in *)xprt->xp_rtaddr.buf;
@@ -423,13 +427,15 @@
 		}
 	} while ((pollfd.revents & POLLIN) == 0);
 
+	cm = NULL;
 	sa = (struct sockaddr *)xprt->xp_rtaddr.buf;
 	if (sa->sa_family == AF_LOCAL) {
 		cm = (struct cmessage *)xprt->xp_verf.oa_base;
 		if ((len = __msgread_withcred(sock, buf, len, cm)) > 0) {
 			xprt->xp_p2 = &cm->cmcred;
 			return (len);
-		}
+		} else
+			goto fatal_err;
 	} else {
 		if ((len = _read(sock, buf, (size_t)len)) > 0)
 			return (len);
@@ -656,7 +663,12 @@
 	ret = _recvmsg(sock, &msg, 0);
 	bcopy(&cm.cmsg, &cmp->cmsg, sizeof(cmp->cmsg));
 	bcopy(CMSG_DATA(&cm), &cmp->cmcred, sizeof(cmp->cmcred));
-	return ret;
+
+	if (msg.msg_controllen == 0 ||
+	   (msg.msg_flags & MSG_CTRUNC) != 0)
+		return (-1);
+
+	return (ret);
 }
 
 static int
@@ -696,10 +708,21 @@
 __rpc_get_local_uid(SVCXPRT *transp, uid_t *uid)
 {
 	struct cmsgcred *cmcred;
+	struct cmessage *cm;
+	struct cmsghdr *cmp;
+  
+	cm = (struct cmessage *)transp->xp_verf.oa_base;
+	
+	if (cm == NULL)
+		return (-1);
+	cmp = &cm->cmsg;
+	if (cmp == NULL || cmp->cmsg_level != SOL_SOCKET ||
+	   cmp->cmsg_type != SCM_CREDS)
+		return (-1);
  
 	cmcred = __svc_getcallercreds(transp);
 	if (cmcred == NULL)
-		return(-1); 
+		return (-1); 
 	*uid = cmcred->cmcred_euid;
-	return(0);
+	return (0);
 }