New realgroupmember()

Like groupmember(), but taking into account the real group instead of the effective group. Leverages the new supplementary_group_member() function. Reviewed by: mhorne MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40641
2026-06-10 09:11:07 -04:00 · 2023-08-18 01:54:45 +02:00 · 2023-08-18 01:54:45 +02:00 · 2a2bfa6ad9
commit 2a2bfa6ad9
parent b725f232f3
2 changed files with 14 additions and 0 deletions
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@ -1316,6 +1316,19 @@ groupmember(gid_t gid, struct ucred *cred)
 	return (supplementary_group_member(gid, cred));
 }

+/*
+ * Check if gid is a member of the real group set (i.e., real and supplementary
+ * groups).
+ */
+int
+realgroupmember(gid_t gid, struct ucred *cred)
+{
+	if (gid == cred->cr_rgid)
+		return (1);
+
+	return (supplementary_group_member(gid, cred));
+}
+
 /*
 * Test the active securelevel against a given level.  securelevel_gt()
 * implements (securelevel > level).  securelevel_ge() implements
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@ -159,6 +159,7 @@ void	cru2x(struct ucred *cr, struct xucred *xcr);
 void	cru2xt(struct thread *td, struct xucred *xcr);
 void	crsetgroups(struct ucred *cr, int n, gid_t *groups);
 int	groupmember(gid_t gid, struct ucred *cred);
+int	realgroupmember(gid_t gid, struct ucred *cred);
 #endif /* _KERNEL */

 #endif /* !_SYS_UCRED_H_ */