Module Name: src Committed By: martin Date: Wed Apr 29 13:47:52 UTC 2020
Modified Files: src/external/cddl/osnet/sys/sys [netbsd-9]: cred.h src/sys/sys [netbsd-9]: kauth.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #871): external/cddl/osnet/sys/sys/cred.h: revision 1.7 sys/sys/kauth.h: revision 1.84 Fix crgetgroups shim. - Don't use a static buffer for the result. - kauth_cred_getgroups refuses to return more than the actual number of groups, so passing NGROUPS_MAX generally doesn't work. To avoid patching zfs, just expose struct kauth_cred::cr_groups directly, with __KAUTH_PRIVATE. Unclear why the official API only exposes it via memcpy or copyout anyway. This makes unprivileged zfs operations work, by anyone with access to /dev/zfs (which is conventionally mode 777, and which we should maybe set it to by default; zfs has its own ACL system, zfs allow). To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.6.2.1 src/external/cddl/osnet/sys/sys/cred.h cvs rdiff -u -r1.82 -r1.82.4.1 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/cddl/osnet/sys/sys/cred.h diff -u src/external/cddl/osnet/sys/sys/cred.h:1.6 src/external/cddl/osnet/sys/sys/cred.h:1.6.2.1 --- src/external/cddl/osnet/sys/sys/cred.h:1.6 Wed Feb 6 17:56:57 2019 +++ src/external/cddl/osnet/sys/sys/cred.h Wed Apr 29 13:47:51 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: cred.h,v 1.6 2019/02/06 17:56:57 christos Exp $ */ +/* $NetBSD: cred.h,v 1.6.2.1 2020/04/29 13:47:51 martin Exp $ */ /*- * Copyright (c) 2007 Pawel Jakub Dawidek <p...@freebsd.org> @@ -31,6 +31,11 @@ #ifndef _OPENSOLARIS_SYS_CRED_H_ #define _OPENSOLARIS_SYS_CRED_H_ +#ifdef _KERNEL +/* Needed for access to cr_groups. */ +#define __KAUTH_PRIVATE +#endif + #include <sys/param.h> #include <sys/types.h> @@ -57,22 +62,11 @@ extern kauth_cred_t cred0; kauth_cred_setegid(cr, g), \ kauth_cred_setsvuid(cr, u), \ kauth_cred_setsvgid(cr, g), 0) +#define crgetgroups(cr) ((cr)->cr_groups) #define crsetgroups(cr, gc, ga) \ kauth_cred_setgroups(cr, ga, gc, 0, UIO_SYSSPACE) #define crgetsid(cr, i) (NULL) -static __inline gid_t * -crgetgroups(cred_t *cr) -{ - static gid_t gids[NGROUPS_MAX]; - - memset(gids, 0, sizeof(gids)); - if (kauth_cred_getgroups(cr, gids, NGROUPS_MAX, UIO_SYSSPACE) != 0) - return NULL; - - return gids; -} - static __inline int groupmember(gid_t gid, cred_t *cr) { Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.82 src/sys/sys/kauth.h:1.82.4.1 --- src/sys/sys/kauth.h:1.82 Wed Apr 10 18:49:04 2019 +++ src/sys/sys/kauth.h Wed Apr 29 13:47:51 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.82 2019/04/10 18:49:04 maxv Exp $ */ +/* $NetBSD: kauth.h,v 1.82.4.1 2020/04/29 13:47:51 martin Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org> @@ -55,7 +55,11 @@ typedef int (*kauth_scope_callback_t)(ka typedef struct kauth_key *kauth_key_t; #ifdef __KAUTH_PRIVATE /* For the debugger */ -/* + +#include <sys/types.h> +#include <sys/specificdata.h> + +/* * Credentials. * * A subset of this structure is used in kvm(3) (src/lib/libkvm/kvm_proc.c) @@ -84,6 +88,7 @@ struct kauth_cred { gid_t cr_groups[NGROUPS]; /* group memberships */ specificdata_reference cr_sd; /* specific data */ }; + #endif /*