Module Name: src Committed By: riastradh Date: Wed Apr 29 05:54:37 UTC 2020
Modified Files: src/external/cddl/osnet/sys/sys: cred.h src/sys/sys: kauth.h Log Message: Fix crgetgroups shim. - Don't use a static buffer for the result. - kauth_cred_getgroups refuses to return more than the actual number of groups, so passing NGROUPS_MAX generally doesn't work. To avoid patching zfs, just expose struct kauth_cred::cr_groups directly, with __KAUTH_PRIVATE. Unclear why the official API only exposes it via memcpy or copyout anyway. This makes unprivileged zfs operations work, by anyone with access to /dev/zfs (which is conventionally mode 777, and which we should maybe set it to by default; zfs has its own ACL system, zfs allow). To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/external/cddl/osnet/sys/sys/cred.h cvs rdiff -u -r1.83 -r1.84 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/cddl/osnet/sys/sys/cred.h diff -u src/external/cddl/osnet/sys/sys/cred.h:1.6 src/external/cddl/osnet/sys/sys/cred.h:1.7 --- src/external/cddl/osnet/sys/sys/cred.h:1.6 Wed Feb 6 17:56:57 2019 +++ src/external/cddl/osnet/sys/sys/cred.h Wed Apr 29 05:54:37 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: cred.h,v 1.6 2019/02/06 17:56:57 christos Exp $ */ +/* $NetBSD: cred.h,v 1.7 2020/04/29 05:54:37 riastradh Exp $ */ /*- * Copyright (c) 2007 Pawel Jakub Dawidek <p...@freebsd.org> @@ -31,6 +31,11 @@ #ifndef _OPENSOLARIS_SYS_CRED_H_ #define _OPENSOLARIS_SYS_CRED_H_ +#ifdef _KERNEL +/* Needed for access to cr_groups. */ +#define __KAUTH_PRIVATE +#endif + #include <sys/param.h> #include <sys/types.h> @@ -57,22 +62,11 @@ extern kauth_cred_t cred0; kauth_cred_setegid(cr, g), \ kauth_cred_setsvuid(cr, u), \ kauth_cred_setsvgid(cr, g), 0) +#define crgetgroups(cr) ((cr)->cr_groups) #define crsetgroups(cr, gc, ga) \ kauth_cred_setgroups(cr, ga, gc, 0, UIO_SYSSPACE) #define crgetsid(cr, i) (NULL) -static __inline gid_t * -crgetgroups(cred_t *cr) -{ - static gid_t gids[NGROUPS_MAX]; - - memset(gids, 0, sizeof(gids)); - if (kauth_cred_getgroups(cr, gids, NGROUPS_MAX, UIO_SYSSPACE) != 0) - return NULL; - - return gids; -} - static __inline int groupmember(gid_t gid, cred_t *cr) { Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.83 src/sys/sys/kauth.h:1.84 --- src/sys/sys/kauth.h:1.83 Fri Feb 14 04:36:33 2020 +++ src/sys/sys/kauth.h Wed Apr 29 05:54:37 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.83 2020/02/14 04:36:33 riastradh Exp $ */ +/* $NetBSD: kauth.h,v 1.84 2020/04/29 05:54:37 riastradh Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org> @@ -57,7 +57,11 @@ typedef int (*kauth_scope_callback_t)(ka typedef struct kauth_key *kauth_key_t; #ifdef __KAUTH_PRIVATE /* For the debugger */ -/* + +#include <sys/types.h> +#include <sys/specificdata.h> + +/* * Credentials. * * A subset of this structure is used in kvm(3) (src/lib/libkvm/kvm_proc.c) @@ -86,6 +90,7 @@ struct kauth_cred { gid_t cr_groups[NGROUPS]; /* group memberships */ specificdata_reference cr_sd; /* specific data */ }; + #endif /*