git: c985effa7d91 - stable/13 - cred: New crsetgroups_fallback()

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Olivier Certner <olce_at_FreeBSD.org>
Date: Fri, 15 Nov 2024 13:00:53 UTC
The branch stable/13 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=c985effa7d918a0e3c129613191c7f2307acb4ba

commit c985effa7d918a0e3c129613191c7f2307acb4ba
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-10-02 14:16:20 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-11-15 12:59:09 +0000

    cred: New crsetgroups_fallback()
    
    Similar to crsetgroups(), but allows an empty group array in input,
    treating it like a one-element array containing the passed fallback
    group.
    
    Approved by:    markj (mentor)
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D46917
    
    (cherry picked from commit d4e0d4d92e010b74404bddc87c1a1e8dbcaa25dd)
    
    Approved by:    markj (mentor)
---
 sys/kern/kern_prot.c | 18 ++++++++++++++++++
 sys/sys/ucred.h      |  2 ++
 2 files changed, 20 insertions(+)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index ae3667146519..ddd45ef1357b 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -2495,6 +2495,24 @@ crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups)
 	groups_normalize(&cr->cr_ngroups, cr->cr_groups);
 }
 
+/*
+ * Same as crsetgroups() but accepts an empty groups array.
+ *
+ * This function ensures that an effective GID is always present in credentials.
+ * An empty array is treated as a one-size one holding the passed effective GID
+ * fallback.
+ */
+void
+crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups,
+    const gid_t fallback)
+{
+	if (ngrp == 0)
+		/* Shortcut. */
+		crsetgroups_internal(cr, 1, &fallback);
+	else
+		crsetgroups(cr, ngrp, groups);
+}
+
 /*
  * Get login name, if available.
  */
diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h
index eb5f0ad839e5..876919f56fb1 100644
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@@ -170,6 +170,8 @@ void	crcowfree(struct thread *td);
 void	cru2x(struct ucred *cr, struct xucred *xcr);
 void	cru2xt(struct thread *td, struct xucred *xcr);
 void	crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups);
+void	crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups,
+	    const gid_t fallback);
 
 /*
  * Returns whether gid designates a primary group in cred.