Module Name: src
Committed By: martin
Date: Wed Apr 29 13:47:52 UTC 2020
Modified Files:
src/external/cddl/osnet/sys/sys [netbsd-9]: cred.h
src/sys/sys [netbsd-9]: kauth.h
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #871):
external/cddl/osnet/sys/sys/cred.h: revision 1.7
sys/sys/kauth.h: revision 1.84
Fix crgetgroups shim.
- Don't use a static buffer for the result.
- kauth_cred_getgroups refuses to return more than the actual number
of groups, so passing NGROUPS_MAX generally doesn't work.
To avoid patching zfs, just expose struct kauth_cred::cr_groups
directly, with __KAUTH_PRIVATE. Unclear why the official API only
exposes it via memcpy or copyout anyway.
This makes unprivileged zfs operations work, by anyone with access to
/dev/zfs (which is conventionally mode 777, and which we should maybe
set it to by default; zfs has its own ACL system, zfs allow).
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.6.2.1 src/external/cddl/osnet/sys/sys/cred.h
cvs rdiff -u -r1.82 -r1.82.4.1 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/cddl/osnet/sys/sys/cred.h
diff -u src/external/cddl/osnet/sys/sys/cred.h:1.6 src/external/cddl/osnet/sys/sys/cred.h:1.6.2.1
--- src/external/cddl/osnet/sys/sys/cred.h:1.6 Wed Feb 6 17:56:57 2019
+++ src/external/cddl/osnet/sys/sys/cred.h Wed Apr 29 13:47:51 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: cred.h,v 1.6 2019/02/06 17:56:57 christos Exp $ */
+/* $NetBSD: cred.h,v 1.6.2.1 2020/04/29 13:47:51 martin Exp $ */
/*-
* Copyright (c) 2007 Pawel Jakub Dawidek <p...@freebsd.org>
@@ -31,6 +31,11 @@
#ifndef _OPENSOLARIS_SYS_CRED_H_
#define _OPENSOLARIS_SYS_CRED_H_
+#ifdef _KERNEL
+/* Needed for access to cr_groups. */
+#define __KAUTH_PRIVATE
+#endif
+
#include <sys/param.h>
#include <sys/types.h>
@@ -57,22 +62,11 @@ extern kauth_cred_t cred0;
kauth_cred_setegid(cr, g), \
kauth_cred_setsvuid(cr, u), \
kauth_cred_setsvgid(cr, g), 0)
+#define crgetgroups(cr) ((cr)->cr_groups)
#define crsetgroups(cr, gc, ga) \
kauth_cred_setgroups(cr, ga, gc, 0, UIO_SYSSPACE)
#define crgetsid(cr, i) (NULL)
-static __inline gid_t *
-crgetgroups(cred_t *cr)
-{
- static gid_t gids[NGROUPS_MAX];
-
- memset(gids, 0, sizeof(gids));
- if (kauth_cred_getgroups(cr, gids, NGROUPS_MAX, UIO_SYSSPACE) != 0)
- return NULL;
-
- return gids;
-}
-
static __inline int
groupmember(gid_t gid, cred_t *cr)
{
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.82 src/sys/sys/kauth.h:1.82.4.1
--- src/sys/sys/kauth.h:1.82 Wed Apr 10 18:49:04 2019
+++ src/sys/sys/kauth.h Wed Apr 29 13:47:51 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.82 2019/04/10 18:49:04 maxv Exp $ */
+/* $NetBSD: kauth.h,v 1.82.4.1 2020/04/29 13:47:51 martin Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -55,7 +55,11 @@ typedef int (*kauth_scope_callback_t)(ka
typedef struct kauth_key *kauth_key_t;
#ifdef __KAUTH_PRIVATE /* For the debugger */
-/*
+
+#include <sys/types.h>
+#include <sys/specificdata.h>
+
+/*
* Credentials.
*
* A subset of this structure is used in kvm(3) (src/lib/libkvm/kvm_proc.c)
@@ -84,6 +88,7 @@ struct kauth_cred {
gid_t cr_groups[NGROUPS]; /* group memberships */
specificdata_reference cr_sd; /* specific data */
};
+
#endif
/*
