rpc.lockd: avoid embedding assumptions about cr_groups[0]
sys/ucred.h provides a cr_gid macro that should be used to reference the egid element of an xucred, so let's use that. While we're here, avoid assuming that the first element is the egid and include it in the group list unless it is actually the egid. This is not a functional change today: the egid is always the first group in the list, but we may want to consider changing that some day. Reviewed by: olce Differential Revision: https://reviews.freebsd.org/D51151
This commit is contained in:
@@ -39,6 +39,7 @@
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <assert.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
@@ -232,17 +233,29 @@ void
|
||||
set_auth(CLIENT *cl, struct xucred *xucred)
|
||||
{
|
||||
int ngroups;
|
||||
gid_t *groups;
|
||||
|
||||
ngroups = xucred->cr_ngroups - 1;
|
||||
/*
|
||||
* Exclude the first element if it is actually the egid, but account for
|
||||
* the possibility that we could eventually exclude the egid from the
|
||||
* exported group list some day.
|
||||
*/
|
||||
ngroups = xucred->cr_ngroups;
|
||||
groups = &xucred->cr_groups[0];
|
||||
if (groups == &xucred->cr_gid) {
|
||||
assert(ngroups > 0);
|
||||
ngroups--;
|
||||
groups++;
|
||||
}
|
||||
if (ngroups > NGRPS)
|
||||
ngroups = NGRPS;
|
||||
if (cl->cl_auth != NULL)
|
||||
cl->cl_auth->ah_ops->ah_destroy(cl->cl_auth);
|
||||
cl->cl_auth = authunix_create(hostname,
|
||||
xucred->cr_uid,
|
||||
xucred->cr_groups[0],
|
||||
xucred->cr_gid,
|
||||
ngroups,
|
||||
&xucred->cr_groups[1]);
|
||||
groups);
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user