git: 6cd8d025282f - stable/14 - cred: groupmember(): Remove tolerance for empty 'cr_groups'
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 15 Nov 2024 10:49:04 UTC
The branch stable/14 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=6cd8d025282f8c30e5db74806f7e94630ce57d8b
commit 6cd8d025282f8c30e5db74806f7e94630ce57d8b
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-11-01 16:12:15 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-11-15 10:47:43 +0000
cred: groupmember(): Remove tolerance for empty 'cr_groups'
This tolerance had been introduced in commit caa309c8811d ("nfsd: Fix
handling of credentials with cr_ngroups == 0", on 2024/10/21).
Now that NFS has been modified in the previous commit (cfbe7a62dc62,
"nfs, rpc: Ensure kernel credentials have at least one group") to rule
out credentials with empty 'cr_groups' (and thus, no 'cr_gid'), remove
it back.
This basically reverts the above-mentioned commit except for the not
directly related modifications it contains, which are still valid.
Discussed with: rmacklem (by mail)
Approved by: markj (mentor)
MFC after: 3 days
(cherry picked from commit 3f313682e030f1c99d9b223093e84d0a53a109af)
Approved by: markj (mentor)
---
sys/kern/kern_prot.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index db07c265dc13..60452ddb6a48 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1377,13 +1377,6 @@ bool
groupmember(gid_t gid, const struct ucred *cred)
{
- /*
- * The nfsd server can use a credential with zero groups in it
- * when certain mapped export credentials are specified via exports(5).
- */
- if (cred->cr_ngroups == 0)
- return (false);
-
groups_check_positive_len(cred->cr_ngroups);
if (gid == cred->cr_groups[0])