Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/sys Fix crgetgroups shim.
details: https://anonhg.NetBSD.org/src/rev/c24f5142d0a9
branches: trunk
changeset: 971596:c24f5142d0a9
user: riastradh <riastradh%NetBSD.org@localhost>
date: Wed Apr 29 05:54:37 2020 +0000
description:
Fix crgetgroups shim.
- Don't use a static buffer for the result.
- kauth_cred_getgroups refuses to return more than the actual number
of groups, so passing NGROUPS_MAX generally doesn't work.
To avoid patching zfs, just expose struct kauth_cred::cr_groups
directly, with __KAUTH_PRIVATE. Unclear why the official API only
exposes it via memcpy or copyout anyway.
This makes unprivileged zfs operations work, by anyone with access to
/dev/zfs (which is conventionally mode 777, and which we should maybe
set it to by default; zfs has its own ACL system, zfs allow).
diffstat:
external/cddl/osnet/sys/sys/cred.h | 20 +++++++-------------
sys/sys/kauth.h | 9 +++++++--
2 files changed, 14 insertions(+), 15 deletions(-)
diffs (75 lines):
diff -r 5245057dbbad -r c24f5142d0a9 external/cddl/osnet/sys/sys/cred.h
--- a/external/cddl/osnet/sys/sys/cred.h Wed Apr 29 04:30:40 2020 +0000
+++ b/external/cddl/osnet/sys/sys/cred.h Wed Apr 29 05:54:37 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cred.h,v 1.6 2019/02/06 17:56:57 christos Exp $ */
+/* $NetBSD: cred.h,v 1.7 2020/04/29 05:54:37 riastradh Exp $ */
/*-
* Copyright (c) 2007 Pawel Jakub Dawidek <pjd%FreeBSD.org@localhost>
@@ -31,6 +31,11 @@
#ifndef _OPENSOLARIS_SYS_CRED_H_
#define _OPENSOLARIS_SYS_CRED_H_
+#ifdef _KERNEL
+/* Needed for access to cr_groups. */
+#define __KAUTH_PRIVATE
+#endif
+
#include <sys/param.h>
#include <sys/types.h>
@@ -57,22 +62,11 @@
kauth_cred_setegid(cr, g), \
kauth_cred_setsvuid(cr, u), \
kauth_cred_setsvgid(cr, g), 0)
+#define crgetgroups(cr) ((cr)->cr_groups)
#define crsetgroups(cr, gc, ga) \
kauth_cred_setgroups(cr, ga, gc, 0, UIO_SYSSPACE)
#define crgetsid(cr, i) (NULL)
-static __inline gid_t *
-crgetgroups(cred_t *cr)
-{
- static gid_t gids[NGROUPS_MAX];
-
- memset(gids, 0, sizeof(gids));
- if (kauth_cred_getgroups(cr, gids, NGROUPS_MAX, UIO_SYSSPACE) != 0)
- return NULL;
-
- return gids;
-}
-
static __inline int
groupmember(gid_t gid, cred_t *cr)
{
diff -r 5245057dbbad -r c24f5142d0a9 sys/sys/kauth.h
--- a/sys/sys/kauth.h Wed Apr 29 04:30:40 2020 +0000
+++ b/sys/sys/kauth.h Wed Apr 29 05:54:37 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.83 2020/02/14 04:36:33 riastradh Exp $ */
+/* $NetBSD: kauth.h,v 1.84 2020/04/29 05:54:37 riastradh Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -57,7 +57,11 @@
typedef struct kauth_key *kauth_key_t;
#ifdef __KAUTH_PRIVATE /* For the debugger */
-/*
+
+#include <sys/types.h>
+#include <sys/specificdata.h>
+
+/*
* Credentials.
*
* A subset of this structure is used in kvm(3) (src/lib/libkvm/kvm_proc.c)
@@ -86,6 +90,7 @@
gid_t cr_groups[NGROUPS]; /* group memberships */
specificdata_reference cr_sd; /* specific data */
};
+
#endif
/*
Home |
Main Index |
Thread Index |
Old Index