search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge commit '4ec4134be29a3b00791f6d70074168a6a3ff4fb3'
[unleashed.git] / kernel / syscall / groups.c
blob17434ff36df659038fea0b29cf1d2d7195098024
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27
28 #include <sys/param.h>
29 #include <sys/types.h>
30 #include <sys/sysmacros.h>
31 #include <sys/systm.h>
32 #include <sys/cred.h>
33 #include <sys/sid.h>
34 #include <sys/errno.h>
35 #include <sys/proc.h>
36 #include <sys/debug.h>
37 #include <sys/kmem.h>
38 #include <sys/policy.h>
39
40 int
41 setgroups(int gidsetsize, gid_t *gidset)
42 {
43 proc_t *p;
44 cred_t *cr, *newcr;
45 int i;
46 int n = gidsetsize;
47 int error;
48 int scnt = 0;
49 ksidlist_t *ksl = NULL;
50 zone_t *zone;
51 struct credgrp *grps = NULL;
52
53 /* Perform the cheapest tests before grabbing p_crlock */
54 if (n > ngroups_max || n < 0)
55 return (set_errno(EINVAL));
56
57 zone = crgetzone(CRED());
58 if (n != 0) {
59 const gid_t *groups;
60
61 grps = crgrpcopyin(n, gidset);
62
63 if (grps == NULL)
64 return (set_errno(EFAULT));
65
66 groups = crgetggroups(grps);
67
68 for (i = 0; i < n; i++) {
69 if (!VALID_GID(groups[i], zone)) {
70 crgrprele(grps);
71 return (set_errno(EINVAL));
72 }
73 if (groups[i] > MAXUID)
74 scnt++;
75 }
76 if (scnt > 0) {
77 ksl = kcrsid_gidstosids(zone, n, (gid_t *)groups);
78 if (ksl == NULL) {
79 crgrprele(grps);
80 return (set_errno(EINVAL));
81 }
82 }
83 }
84
85
86 /*
87 * Need to pre-allocate the new cred structure before acquiring
88 * the p_crlock mutex.
89 */
90 newcr = cralloc_ksid();
91 p = ttoproc(curthread);
92 mutex_enter(&p->p_crlock);
93 retry:
94 cr = p->p_cred;
95 crhold(cr);
96 mutex_exit(&p->p_crlock);
97
98 if ((error = secpolicy_allow_setid(cr, -1, B_FALSE)) != 0) {
99 if (grps != NULL)
100 crgrprele(grps);
101 if (ksl != NULL)
102 ksidlist_rele(ksl);
103 crfree(newcr);
104 crfree(cr);
105 return (set_errno(error));
106 }
107 mutex_enter(&p->p_crlock);
108 crfree(cr);
109 if (cr != p->p_cred)
110 goto retry;
111
112 crdup_to(cr, newcr);
113 crsetsidlist(newcr, ksl);
114 crsetcredgrp(newcr, grps);
115
116 p->p_cred = newcr;
117 crhold(newcr); /* hold for the current thread */
118 crfree(cr); /* free the old one */
119 mutex_exit(&p->p_crlock);
120
121 /*
122 * Broadcast new cred to process threads (including the current one).
123 */
124 crset(p, newcr);
125
126 return (0);
127 }
128
129 int
130 getgroups(int gidsetsize, gid_t *gidset)
131 {
132 struct cred *cr;
133 int n;
134
135 cr = curthread->t_cred;
136 n = crgetngroups(cr);
137
138 if (gidsetsize != 0) {
139 if (gidsetsize < n)
140 return (set_errno(EINVAL));
141 if (copyout(crgetgroups(cr), gidset, n * sizeof (gid_t)))
142 return (set_errno(EFAULT));
143 }
144
145 return (n);
146 }
Unleashed OS