6 files changed, 73 insertions, 114 deletions
diff --git a/libtrivfs/ChangeLog b/libtrivfs/ChangeLog
index 8445b1a9..cd26fc31 100644
--- a/libtrivfs/ChangeLog
+++ b/libtrivfs/ChangeLog
@@ -3,6 +3,24 @@ Thu Nov  7 17:05:02 1996  Miles Bader  <miles@gnu.ai.mit.edu>
 	* io-restrict-auth.c (trivfs_S_io_restrict_auth): If CRED has
 	root, use the requested id sets verbatim.
 
+Thu Nov  7 01:01:05 1996  Thomas Bushnell, n/BSG  <thomas@gnu.ai.mit.edu>
+
+	* io-restrict-auth.c (trivfs_S_io_restrict_auth): Rewrite to use
+ 	idvecs.
+
+Wed Nov  6 23:40:50 1996  Thomas Bushnell, n/BSG  <thomas@gnu.ai.mit.edu>
+
+	* trivfs.h (struct trivfs_protid): Delete members `uids', `gids',
+ 	`nuids', and `ngids'.  Replace with `user'.
+	(trivfs_check_open_hook): Delete args `uids', `nuids', `gids', 
+	`ngids'.  Replace with new arg `user'.  All callers changed.
+	(trivfs_open): Likewise.
+	* open.c (trivfs_open): Change to match new declaration.
+
+	* trivfs.h (struct trivfs_protid): Delete members `uids', `gids',
+	* io-reauthenticate.c (trivfs_S_io_reauthenticate): Use new
+ 	iohelp_reauth call.
+
 Thu Sep 26 14:25:29 1996  Miles Bader  <miles@gnu.ai.mit.edu>
 
 	* file-access.c (trivfs_S_file_check_access): Return
diff --git a/libtrivfs/fsys-getroot.c b/libtrivfs/fsys-getroot.c
index 9eca01f5..81b8c25e 100644
--- a/libtrivfs/fsys-getroot.c
+++ b/libtrivfs/fsys-getroot.c
@@ -43,6 +43,8 @@ trivfs_S_fsys_getroot (struct trivfs_control *cntl,
   error_t err = 0;
   mach_port_t new_realnode;
   struct trivfs_protid *cred;
+  struct iouser *user;
+  struct idvec *uvec, *gvec;
 
   if (!cntl)
     return EOPNOTSUPP;
@@ -67,15 +69,23 @@ trivfs_S_fsys_getroot (struct trivfs_control *cntl,
       != (flags & (O_READ|O_WRITE|O_EXEC)))
     err = EACCES;
 
+  uvec = make_idvec ();
+  gvec = make_idvec ();
+  idvec_set_ids (uvec, uids, nuids);
+  idvec_set_ids (gvec, gids, ngids);
+  user = iohelp_create_iouser (uvec, gvec);
+  
   if (!err && trivfs_check_open_hook)
-    err = (*trivfs_check_open_hook) (cntl, uids, nuids, gids, ngids, flags);
+    err = (*trivfs_check_open_hook) (cntl, user, flags);
   if (!err)
-    err = trivfs_open (cntl, uids, nuids, gids, ngids, flags, new_realnode,
-		       &cred);
-  if (err)
-    mach_port_deallocate (mach_task_self (), new_realnode);
+    err = trivfs_open (cntl, user, flags, new_realnode, &cred);
 
-  if (!err)
+  if (err)
+    {
+      mach_port_deallocate (mach_task_self (), new_realnode);
+      iohelp_free_iouser (user);
+    }
+  else
     {
       *do_retry = FS_RETRY_NORMAL;
       *retry_name = '\0';
diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c
index e199642b..31a7c99b 100644
--- a/libtrivfs/io-reauthenticate.c
+++ b/libtrivfs/io-reauthenticate.c
@@ -31,23 +31,13 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred,
 			    mach_port_t rendport)
 {
   struct trivfs_protid *newcred;
-  uid_t gubuf[20], ggbuf[20], aubuf[20], agbuf[20];
-  uid_t *gen_uids, *gen_gids, *aux_uids, *aux_gids;
-  u_int genuidlen, gengidlen, auxuidlen, auxgidlen;
   error_t err;
-  int i;
   auth_t auth;
   mach_port_t newright;
 
   if (cred == 0)
     return EOPNOTSUPP;
 
-  genuidlen = gengidlen = auxuidlen = auxgidlen = 20;
-  gen_uids = gubuf;
-  gen_gids = ggbuf;
-  aux_uids = aubuf;
-  aux_gids = agbuf;
-
   do
     err = ports_create_port_noinstall (cred->po->cntl->protid_class,
 				       cred->po->cntl->protid_bucket,
@@ -62,44 +52,15 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred,
   err = mach_port_insert_right (mach_task_self (), newright, newright,
 				MACH_MSG_TYPE_MAKE_SEND);
   assert_perror (err);
-  do
-    err = auth_server_authenticate (auth, 
-				    rendport,
-				    MACH_MSG_TYPE_COPY_SEND,
-				    newright,
-				    MACH_MSG_TYPE_COPY_SEND,
-				    &gen_uids, &genuidlen, 
-				    &aux_uids, &auxuidlen,
-				    &gen_gids, &gengidlen,
-				    &aux_gids, &auxgidlen);
-  while (err == EINTR);
+
+  newcred->user = iohelp_reauth (auth, rendport, newright, 1);
+  if (idvec_contains (newcred->user->uids, 0))
+    newcred->isroot = 1;
+
   mach_port_deallocate (mach_task_self (), rendport);
   mach_port_deallocate (mach_task_self (), newright);
   mach_port_deallocate (mach_task_self (), auth);
 
-  if (err)
-    {
-      newcred->isroot = 0;
-      newcred->uids = malloc (1);
-      newcred->gids = malloc (1);
-      newcred->nuids = 0;
-      newcred->ngids = 0;
-    }
-  else
-    {
-      newcred->isroot = 0;
-      for (i = 0; i < genuidlen; i++)
-	if (gen_uids[i] == 0)
-	  newcred->isroot = 1;
-      
-      newcred->uids = malloc (genuidlen * sizeof (uid_t));
-      newcred->gids = malloc (gengidlen * sizeof (uid_t));
-      bcopy (gen_uids, newcred->uids, genuidlen * sizeof (uid_t));
-      bcopy (gen_gids, newcred->gids, gengidlen * sizeof (uid_t));
-      newcred->nuids = genuidlen;
-      newcred->ngids = gengidlen;
-    }
-  
   newcred->hook = cred->hook;
   
   mutex_lock (&cred->po->cntl->lock);
@@ -127,19 +88,6 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred,
   mach_port_move_member (mach_task_self (), newcred->pi.port_right,
 			 cred->po->cntl->protid_bucket->portset);
 
-  if (gubuf != gen_uids)
-    vm_deallocate (mach_task_self (), (u_int) gen_uids,
-		   genuidlen * sizeof (uid_t));
-  if (ggbuf != gen_gids)
-    vm_deallocate (mach_task_self (), (u_int) gen_gids,
-		   gengidlen * sizeof (uid_t));
-  if (aubuf != aux_uids)
-    vm_deallocate (mach_task_self (), (u_int) aux_uids,
-		   auxuidlen * sizeof (uid_t));
-  if (agbuf != aux_gids)
-    vm_deallocate (mach_task_self (), (u_int) aux_gids,
-		   auxgidlen * sizeof (uid_t));
-
   ports_port_deref (newcred);
 
   return err;
diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c
index f464cbb3..947f6953 100644
--- a/libtrivfs/io-restrict-auth.c
+++ b/libtrivfs/io-restrict-auth.c
@@ -46,31 +46,32 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
   int i;
   error_t err = 0;
   struct trivfs_protid *newcred;
-  uid_t *newuids, *newgids;
-  int newnuids, newngids;
+  struct idvec *uvec, *gvec;
+  struct iouser *user;
   
   if (!cred)
     return EOPNOTSUPP;
   
+  uvec = make_idvec ();
+  gvec = make_idvec ();
+
+  user = iohelp_create_iouser (uvec, gvec);
+
   if (cred->isroot)
-    /* CRED has root access, and so may use any ids.  */
     {
-      newuids = uids;
-      newnuids = nuids;
-      newgids = gids;
-      newngids = ngids;
+      /* CRED has root access, and so may use any ids.  */
+      idvec_set (uvec, uids, nuids);
+      idvec_set (gvec, gids, ngids);
     }
   else
-    /* Otherwise, use any of the requested ids that CRED already has.  */
     {
-      newuids = alloca (sizeof (uid_t) * cred->nuids);
-      newgids = alloca (sizeof (uid_t) * cred->ngids);
-      for (i = newnuids = 0; i < cred->nuids; i++)
-	if (listmember (uids, cred->uids[i], nuids))
-	  newuids[newnuids++] = cred->uids[i];
-      for (i = newngids = 0; i < cred->gids[i]; i++)
-	if (listmember (gids, cred->gids[i], ngids))
-	  newgids[newngids++] = cred->gids[i];
+      /* Otherwise, use any of the requested ids that CRED already has.  */
+      for (i = 0; i < cred->user->uids->num; i++)
+	if (listmember (uids, cred->user->uids->id[i], nuids))
+	  idvec_add (uvec, cred->user->uids->ids[i]);
+      for (i = 0; i < cred->user->gids->num; i++)
+	if (listmember (gids, cred->user->gids->ids[i], ngids))
+	  idvec_add (gvec, cred->user->gids->ids[i]);
     }
 
   err = ports_create_port (cred->po->cntl->protid_class,
@@ -78,29 +79,24 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
 			   sizeof (struct trivfs_protid), 
 			   &newcred);
   if (err)
-    return err;
+    {
+      iouser_free_iouser (user);
+      return err;
+    }
 
   newcred->isroot = 0;
   mutex_lock (&cred->po->cntl->lock);
   newcred->po = cred->po;
   newcred->po->refcnt++;
   mutex_unlock (&cred->po->cntl->lock);
-  if (cred->isroot)
-    {
-      for (i = 0; i < nuids; i++)
-	if (uids[i] == 0)
-	  newcred->isroot = 1;
-    }
-  newcred->gids = malloc (newngids * sizeof (uid_t));
-  newcred->uids = malloc (newnuids * sizeof (uid_t));
-  bcopy (newuids, newcred->uids, newnuids * sizeof (uid_t));
-  bcopy (newgids, newcred->gids, newngids * sizeof (uid_t));
-  newcred->ngids = newngids;
-  newcred->nuids = newnuids;
+  if (cred->isroot && idvec_contains (uvec, 0))
+    newcred->isroot = 1;
+  newcred->user = user;
   newcred->hook = cred->hook;
 
   err = io_restrict_auth (cred->realnode, &newcred->realnode, 
-			  newuids, newnuids, newgids, newngids);
+			  user->uids->ids, user->uids->num, 
+			  user->gids->ids, user->gids->num);
   if (!err && trivfs_protid_create_hook)
     {
       err = (*trivfs_protid_create_hook) (newcred);
diff --git a/libtrivfs/open.c b/libtrivfs/open.c
index 4303ca74..40665407 100644
--- a/libtrivfs/open.c
+++ b/libtrivfs/open.c
@@ -27,7 +27,7 @@
    FLAGS.  CNTL is the trivfs control object.  */
 error_t
 trivfs_open (struct trivfs_control *cntl,
-	     uid_t *uids, unsigned num_uids, gid_t *gids, unsigned num_gids,
+	     struct iouser *user,
 	     unsigned flags,
 	     mach_port_t realnode,
 	     struct trivfs_protid **cred)
@@ -57,18 +57,9 @@ trivfs_open (struct trivfs_control *cntl,
 	{
 	  int i;
 
-	  new->isroot = 0;
-	  for (i = 0; i < num_uids; i++)
-	    if (uids[i] == 0)
-	      new->isroot = 1;
-
-	  new->uids = malloc (num_uids * sizeof (uid_t));
-	  bcopy (uids, new->uids, num_uids * sizeof (uid_t));
-	  new->nuids = num_uids;
-
-	  new->gids = malloc (num_gids * sizeof (uid_t));
-	  bcopy (gids, new->gids, num_gids * sizeof (uid_t));
-	  new->ngids = num_gids;
+	  new->user = user;
+	  if (idvec_contains (user, 0))
+	    new->isroot = 1;
 
 	  new->po = po;
 	  new->hook = 0;
diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h
index 9f2fc5f5..64a3c1f9 100644
--- a/libtrivfs/trivfs.h
+++ b/libtrivfs/trivfs.h
@@ -27,8 +27,7 @@
 struct trivfs_protid
 {
   struct port_info pi;
-  uid_t *uids, *gids;
-  int nuids, ngids;
+  struct iouser *user;
   int isroot;
   /* REALNODE will be null if this protid wasn't fully created (currently
      only in the case where trivfs_protid_create_hook returns an error).  */
@@ -96,15 +95,13 @@ extern int trivfs_cntl_nportclasses;
 void trivfs_modify_stat (struct trivfs_protid *cred, struct stat *);
 
 /* If this variable is set, it is called every time an open happens.
-   UIDS, GIDS, and FLAGS are from the open; CNTL identifies the
+   USER and FLAGS are from the open; CNTL identifies the
    node being opened.  This call need not check permissions on the underlying
    node.  This call can block as necessary, unless O_NONBLOCK is set
    in FLAGS.  Any desired error can be returned, which will be reflected
    to the user and prevent the open from succeeding.  */
 error_t (*trivfs_check_open_hook) (struct trivfs_control *cntl,
-				   uid_t *uids, u_int nuids,
-				   gid_t *gids, u_int ngids,
-				   int flags);
+				   struct iouser *user, int flags);
 
 /* If this variable is set, it is called every time a new protid
    structure is created and initialized. */
@@ -161,8 +158,7 @@ int trivfs_demuxer (mach_msg_header_t *, mach_msg_header_t *);
    the underlying node reference, with the given identity, and open flags in
    FLAGS.  CNTL is the trivfs control object.  */
 error_t trivfs_open (struct trivfs_control *fsys,
-		     uid_t *uids, unsigned num_uids,
-		     gid_t *gids, unsigned num_gids,
+		     struct iouser *user,
 		     unsigned flags,
 		     mach_port_t realnode,
 		     struct trivfs_protid **cred);