git: 13784bf22df3 - stable/14 - cred: New crsetgroups_fallback()

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Olivier Certner <olce_at_FreeBSD.org>
Date: Fri, 15 Nov 2024 10:49:02 UTC
The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=13784bf22df357d2b944e719993f2d25d4324dd2

commit 13784bf22df357d2b944e719993f2d25d4324dd2
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-10-02 14:16:20 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-11-15 10:47:42 +0000

    cred: New crsetgroups_fallback()
    
    Similar to crsetgroups(), but allows an empty group array in input,
    treating it like a one-element array containing the passed fallback
    group.
    
    Approved by:    markj (mentor)
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D46917
    
    (cherry picked from commit d4e0d4d92e010b74404bddc87c1a1e8dbcaa25dd)
    
    Approved by:    markj (mentor)
---
 sys/kern/kern_prot.c | 18 ++++++++++++++++++
 sys/sys/ucred.h      |  2 ++
 2 files changed, 20 insertions(+)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 1cc5ce46c3bf..db07c265dc13 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -2498,6 +2498,24 @@ crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups)
 	groups_normalize(&cr->cr_ngroups, cr->cr_groups);
 }
 
+/*
+ * Same as crsetgroups() but accepts an empty groups array.
+ *
+ * This function ensures that an effective GID is always present in credentials.
+ * An empty array is treated as a one-size one holding the passed effective GID
+ * fallback.
+ */
+void
+crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups,
+    const gid_t fallback)
+{
+	if (ngrp == 0)
+		/* Shortcut. */
+		crsetgroups_internal(cr, 1, &fallback);
+	else
+		crsetgroups(cr, ngrp, groups);
+}
+
 /*
  * Get login name, if available.
  */
diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h
index cd07ec3be445..e7f8d7328dda 100644
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@@ -170,6 +170,8 @@ void	crcowfree(struct thread *td);
 void	cru2x(struct ucred *cr, struct xucred *xcr);
 void	cru2xt(struct thread *td, struct xucred *xcr);
 void	crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups);
+void	crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups,
+	    const gid_t fallback);
 
 /*
  * Returns whether gid designates a primary group in cred.