kern: adopt the cr_gid macro for cr_groups[0] more widely
A future change may split cr_gid out of cr_groups[0] so that there's a cleaner separation between the supplemental groups and the effective group. Do the mechanical conversion where we can, and drop some comments where we need further work because some assumptions about cr_gid == cr_groups[0] have been made. This should not be a functional change, but downstreams and other out-of-tree code are advised to investigate their usage of cr_groups sooner rather than later, as a future change will render assumptions about these two being equivalent harmful. Reviewed by: asomers, kib, olce Differential Revision: https://reviews.freebsd.org/D51153
This commit is contained in:
@@ -208,9 +208,9 @@ fuse_match_cred(struct ucred *basecred, struct ucred *usercred)
|
||||
if (basecred->cr_uid == usercred->cr_uid &&
|
||||
basecred->cr_uid == usercred->cr_ruid &&
|
||||
basecred->cr_uid == usercred->cr_svuid &&
|
||||
basecred->cr_groups[0] == usercred->cr_groups[0] &&
|
||||
basecred->cr_groups[0] == usercred->cr_rgid &&
|
||||
basecred->cr_groups[0] == usercred->cr_svgid)
|
||||
basecred->cr_gid == usercred->cr_gid &&
|
||||
basecred->cr_gid == usercred->cr_rgid &&
|
||||
basecred->cr_gid == usercred->cr_svgid)
|
||||
return (0);
|
||||
|
||||
return (EPERM);
|
||||
|
||||
@@ -868,7 +868,7 @@ fuse_setup_ihead(struct fuse_in_header *ihead, struct fuse_ticket *ftick,
|
||||
|
||||
ihead->pid = pid;
|
||||
ihead->uid = cred->cr_uid;
|
||||
ihead->gid = cred->cr_groups[0];
|
||||
ihead->gid = cred->cr_gid;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@@ -884,7 +884,7 @@ fuse_vnop_copy_file_range(struct vop_copy_file_range_args *ap)
|
||||
return (EXTERROR(ENOSYS, "FUSE_COPY_FILE_RANGE does not "
|
||||
"support different credentials for infd and outfd"));
|
||||
|
||||
if (incred->cr_groups[0] != outcred->cr_groups[0])
|
||||
if (incred->cr_gid != outcred->cr_gid)
|
||||
return (EXTERROR(ENOSYS, "FUSE_COPY_FILE_RANGE does not "
|
||||
"support different credentials for infd and outfd"));
|
||||
|
||||
|
||||
@@ -379,7 +379,8 @@ newnfs_setroot(struct ucred *cred)
|
||||
{
|
||||
|
||||
cred->cr_uid = 0;
|
||||
cred->cr_groups[0] = 0;
|
||||
cred->cr_gid = 0;
|
||||
/* XXXKE Fix this if cr_gid gets separated out. */
|
||||
cred->cr_ngroups = 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -6933,7 +6933,8 @@ nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
|
||||
if ((dp->nfsdi_flags & NFSDI_TIGHTCOUPLED) == 0) {
|
||||
tcred = NFSNEWCRED(cred);
|
||||
tcred->cr_uid = flp->nfsfl_ffm[mirror].user;
|
||||
tcred->cr_groups[0] = flp->nfsfl_ffm[mirror].group;
|
||||
tcred->cr_gid = flp->nfsfl_ffm[mirror].group;
|
||||
/* XXXKE Fix this if cr_gid gets separated out. */
|
||||
tcred->cr_ngroups = 1;
|
||||
} else
|
||||
tcred = cred;
|
||||
|
||||
+19
-19
@@ -287,7 +287,7 @@ sys_getgid(struct thread *td, struct getgid_args *uap)
|
||||
|
||||
td->td_retval[0] = td->td_ucred->cr_rgid;
|
||||
#if defined(COMPAT_43)
|
||||
td->td_retval[1] = td->td_ucred->cr_groups[0];
|
||||
td->td_retval[1] = td->td_ucred->cr_gid;
|
||||
#endif
|
||||
return (0);
|
||||
}
|
||||
@@ -307,7 +307,7 @@ int
|
||||
sys_getegid(struct thread *td, struct getegid_args *uap)
|
||||
{
|
||||
|
||||
td->td_retval[0] = td->td_ucred->cr_groups[0];
|
||||
td->td_retval[0] = td->td_ucred->cr_gid;
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -1080,7 +1080,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
|
||||
gid != oldcred->cr_svgid && /* allow setgid(saved gid) */
|
||||
#endif
|
||||
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
|
||||
gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
|
||||
gid != oldcred->cr_gid && /* allow setgid(getegid()) */
|
||||
#endif
|
||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETGID)) != 0)
|
||||
goto fail;
|
||||
@@ -1092,7 +1092,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
|
||||
*/
|
||||
if (
|
||||
#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
|
||||
gid == oldcred->cr_groups[0] ||
|
||||
gid == oldcred->cr_gid ||
|
||||
#endif
|
||||
/* We are using privs. */
|
||||
priv_check_cred(oldcred, PRIV_CRED_SETGID) == 0)
|
||||
@@ -1121,7 +1121,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
|
||||
* In all cases permitted cases, we are changing the egid.
|
||||
* Copy credentials so other references do not see our changes.
|
||||
*/
|
||||
if (oldcred->cr_groups[0] != gid) {
|
||||
if (oldcred->cr_gid != gid) {
|
||||
change_egid(newcred, gid);
|
||||
setsugid(p);
|
||||
}
|
||||
@@ -1167,7 +1167,7 @@ sys_setegid(struct thread *td, struct setegid_args *uap)
|
||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETEGID)) != 0)
|
||||
goto fail;
|
||||
|
||||
if (oldcred->cr_groups[0] != egid) {
|
||||
if (oldcred->cr_gid != egid) {
|
||||
change_egid(newcred, egid);
|
||||
setsugid(p);
|
||||
}
|
||||
@@ -1393,12 +1393,12 @@ sys_setregid(struct thread *td, struct setregid_args *uap)
|
||||
|
||||
if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid &&
|
||||
rgid != oldcred->cr_svgid) ||
|
||||
(egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
|
||||
(egid != (gid_t)-1 && egid != oldcred->cr_gid &&
|
||||
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
|
||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETREGID)) != 0)
|
||||
goto fail;
|
||||
|
||||
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
|
||||
if (egid != (gid_t)-1 && oldcred->cr_gid != egid) {
|
||||
change_egid(newcred, egid);
|
||||
setsugid(p);
|
||||
}
|
||||
@@ -1406,9 +1406,9 @@ sys_setregid(struct thread *td, struct setregid_args *uap)
|
||||
change_rgid(newcred, rgid);
|
||||
setsugid(p);
|
||||
}
|
||||
if ((rgid != (gid_t)-1 || newcred->cr_groups[0] != newcred->cr_rgid) &&
|
||||
newcred->cr_svgid != newcred->cr_groups[0]) {
|
||||
change_svgid(newcred, newcred->cr_groups[0]);
|
||||
if ((rgid != (gid_t)-1 || newcred->cr_gid != newcred->cr_rgid) &&
|
||||
newcred->cr_svgid != newcred->cr_gid) {
|
||||
change_svgid(newcred, newcred->cr_gid);
|
||||
setsugid(p);
|
||||
}
|
||||
proc_set_cred(p, newcred);
|
||||
@@ -1547,17 +1547,17 @@ sys_setresgid(struct thread *td, struct setresgid_args *uap)
|
||||
|
||||
if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid &&
|
||||
rgid != oldcred->cr_svgid &&
|
||||
rgid != oldcred->cr_groups[0]) ||
|
||||
rgid != oldcred->cr_gid) ||
|
||||
(egid != (gid_t)-1 && egid != oldcred->cr_rgid &&
|
||||
egid != oldcred->cr_svgid &&
|
||||
egid != oldcred->cr_groups[0]) ||
|
||||
egid != oldcred->cr_gid) ||
|
||||
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
|
||||
sgid != oldcred->cr_svgid &&
|
||||
sgid != oldcred->cr_groups[0])) &&
|
||||
sgid != oldcred->cr_gid)) &&
|
||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID)) != 0)
|
||||
goto fail;
|
||||
|
||||
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
|
||||
if (egid != (gid_t)-1 && oldcred->cr_gid != egid) {
|
||||
change_egid(newcred, egid);
|
||||
setsugid(p);
|
||||
}
|
||||
@@ -1626,8 +1626,8 @@ sys_getresgid(struct thread *td, struct getresgid_args *uap)
|
||||
error1 = copyout(&cred->cr_rgid,
|
||||
uap->rgid, sizeof(cred->cr_rgid));
|
||||
if (uap->egid)
|
||||
error2 = copyout(&cred->cr_groups[0],
|
||||
uap->egid, sizeof(cred->cr_groups[0]));
|
||||
error2 = copyout(&cred->cr_gid,
|
||||
uap->egid, sizeof(cred->cr_gid));
|
||||
if (uap->sgid)
|
||||
error3 = copyout(&cred->cr_svgid,
|
||||
uap->sgid, sizeof(cred->cr_svgid));
|
||||
@@ -1737,7 +1737,7 @@ groupmember(gid_t gid, const struct ucred *cred)
|
||||
|
||||
groups_check_positive_len(cred->cr_ngroups);
|
||||
|
||||
if (gid == cred->cr_groups[0])
|
||||
if (gid == cred->cr_gid)
|
||||
return (true);
|
||||
|
||||
return (group_is_supplementary(gid, cred));
|
||||
@@ -3015,7 +3015,7 @@ void
|
||||
change_egid(struct ucred *newcred, gid_t egid)
|
||||
{
|
||||
|
||||
newcred->cr_groups[0] = egid;
|
||||
newcred->cr_gid = egid;
|
||||
}
|
||||
|
||||
/*-
|
||||
|
||||
@@ -2253,10 +2253,10 @@ kern_accessat(struct thread *td, int fd, const char *path,
|
||||
cred = td->td_ucred;
|
||||
if ((flag & AT_EACCESS) == 0 &&
|
||||
((cred->cr_uid != cred->cr_ruid ||
|
||||
cred->cr_rgid != cred->cr_groups[0]))) {
|
||||
cred->cr_rgid != cred->cr_gid))) {
|
||||
usecred = crdup(cred);
|
||||
usecred->cr_uid = cred->cr_ruid;
|
||||
usecred->cr_groups[0] = cred->cr_rgid;
|
||||
usecred->cr_gid = cred->cr_rgid;
|
||||
td->td_ucred = usecred;
|
||||
} else
|
||||
usecred = cred;
|
||||
|
||||
+2
-2
@@ -4976,7 +4976,7 @@ pf_socket_lookup(struct pf_pdesc *pd)
|
||||
}
|
||||
INP_RLOCK_ASSERT(inp);
|
||||
pd->lookup.uid = inp->inp_cred->cr_uid;
|
||||
pd->lookup.gid = inp->inp_cred->cr_groups[0];
|
||||
pd->lookup.gid = inp->inp_cred->cr_gid;
|
||||
INP_RUNLOCK(inp);
|
||||
|
||||
return (1);
|
||||
@@ -5760,7 +5760,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm,
|
||||
if (inp != NULL) {
|
||||
INP_LOCK_ASSERT(inp);
|
||||
pd->lookup.uid = inp->inp_cred->cr_uid;
|
||||
pd->lookup.gid = inp->inp_cred->cr_groups[0];
|
||||
pd->lookup.gid = inp->inp_cred->cr_gid;
|
||||
pd->lookup.done = 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -422,7 +422,7 @@ smb_vc_create(struct smb_vcspec *vcspec,
|
||||
if (uid == SMBM_ANY_OWNER)
|
||||
uid = realuid;
|
||||
if (gid == SMBM_ANY_GROUP)
|
||||
gid = cred->cr_groups[0];
|
||||
gid = cred->cr_gid;
|
||||
vcp->vc_uid = uid;
|
||||
vcp->vc_grp = gid;
|
||||
|
||||
@@ -765,7 +765,7 @@ smb_share_create(struct smb_vc *vcp, struct smb_sharespec *shspec,
|
||||
if (uid == SMBM_ANY_OWNER)
|
||||
uid = realuid;
|
||||
if (gid == SMBM_ANY_GROUP)
|
||||
gid = cred->cr_groups[0];
|
||||
gid = cred->cr_gid;
|
||||
ssp = smb_zmalloc(sizeof(*ssp), M_SMBCONN, M_WAITOK);
|
||||
smb_co_init(SSTOCP(ssp), SMBL_SHARE, "smbss ilock", "smbss");
|
||||
ssp->obj.co_free = smb_share_free;
|
||||
|
||||
@@ -93,9 +93,10 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred)
|
||||
|
||||
if (!xdr_uint32_t(xdrs, &cred->cr_uid))
|
||||
return (FALSE);
|
||||
if (!xdr_uint32_t(xdrs, &cred->cr_groups[0]))
|
||||
if (!xdr_uint32_t(xdrs, &cred->cr_gid))
|
||||
return (FALSE);
|
||||
|
||||
/* XXXKE Fix this is cr_gid gets separated out. */
|
||||
if (xdrs->x_op == XDR_ENCODE) {
|
||||
ngroups = cred->cr_ngroups - 1;
|
||||
if (ngroups > NGRPS)
|
||||
@@ -105,7 +106,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred)
|
||||
if (!xdr_uint32_t(xdrs, &ngroups))
|
||||
return (FALSE);
|
||||
for (i = 0; i < ngroups; i++) {
|
||||
if (i + 1 < ngroups_max + 1) {
|
||||
if (i < ngroups_max) {
|
||||
if (!xdr_uint32_t(xdrs, &cred->cr_groups[i + 1]))
|
||||
return (FALSE);
|
||||
} else {
|
||||
@@ -115,7 +116,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred)
|
||||
}
|
||||
|
||||
if (xdrs->x_op == XDR_DECODE) {
|
||||
if (ngroups + 1 > ngroups_max + 1)
|
||||
if (ngroups > ngroups_max)
|
||||
cred->cr_ngroups = ngroups_max + 1;
|
||||
else
|
||||
cred->cr_ngroups = ngroups + 1;
|
||||
|
||||
@@ -83,12 +83,13 @@ _svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg)
|
||||
str_len = RNDUP(str_len);
|
||||
buf += str_len / sizeof (int32_t);
|
||||
xcr->cr_uid = IXDR_GET_UINT32(buf);
|
||||
xcr->cr_groups[0] = IXDR_GET_UINT32(buf);
|
||||
xcr->cr_gid = IXDR_GET_UINT32(buf);
|
||||
gid_len = (size_t)IXDR_GET_UINT32(buf);
|
||||
if (gid_len > NGRPS) {
|
||||
stat = AUTH_BADCRED;
|
||||
goto done;
|
||||
}
|
||||
/* XXXKE Fix this if cr_gid gets separated out. */
|
||||
for (i = 0; i < gid_len; i++) {
|
||||
if (i + 1 < XU_NGROUPS)
|
||||
xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf);
|
||||
|
||||
@@ -279,7 +279,7 @@ audit_record_ctor(void *mem, int size, void *arg, int flags)
|
||||
cru2x(cred, &ar->k_ar.ar_subj_cred);
|
||||
ar->k_ar.ar_subj_ruid = cred->cr_ruid;
|
||||
ar->k_ar.ar_subj_rgid = cred->cr_rgid;
|
||||
ar->k_ar.ar_subj_egid = cred->cr_groups[0];
|
||||
ar->k_ar.ar_subj_egid = cred->cr_gid;
|
||||
ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;
|
||||
ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;
|
||||
ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
|
||||
|
||||
@@ -408,7 +408,7 @@ audit_arg_process(struct proc *p)
|
||||
cred = p->p_ucred;
|
||||
ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid;
|
||||
ar->k_ar.ar_arg_euid = cred->cr_uid;
|
||||
ar->k_ar.ar_arg_egid = cred->cr_groups[0];
|
||||
ar->k_ar.ar_arg_egid = cred->cr_gid;
|
||||
ar->k_ar.ar_arg_ruid = cred->cr_ruid;
|
||||
ar->k_ar.ar_arg_rgid = cred->cr_rgid;
|
||||
ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid;
|
||||
|
||||
+10
-2
@@ -2064,9 +2064,13 @@ ufs_mkdir(
|
||||
*/
|
||||
ucred.cr_ref = 1;
|
||||
ucred.cr_uid = ip->i_uid;
|
||||
|
||||
/*
|
||||
* XXXKE Fix this is cr_gid gets separated out
|
||||
*/
|
||||
ucred.cr_ngroups = 1;
|
||||
ucred.cr_groups = &ucred_group;
|
||||
ucred.cr_groups[0] = dp->i_gid;
|
||||
ucred.cr_gid = ucred_group = dp->i_gid;
|
||||
ucp = &ucred;
|
||||
}
|
||||
#endif
|
||||
@@ -2823,9 +2827,13 @@ ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
|
||||
*/
|
||||
ucred.cr_ref = 1;
|
||||
ucred.cr_uid = ip->i_uid;
|
||||
|
||||
/*
|
||||
* XXXKE Fix this is cr_gid gets separated out
|
||||
*/
|
||||
ucred.cr_ngroups = 1;
|
||||
ucred.cr_groups = &ucred_group;
|
||||
ucred.cr_groups[0] = pdir->i_gid;
|
||||
ucred.cr_gid = ucred_group = pdir->i_gid;
|
||||
ucp = &ucred;
|
||||
#endif
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user