upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

cred: Separate constant for the number of inlined groups

Browse source 
CRED_SMALLGROUPS_NB now holds the number of inlined groups in field
'cr_smallgroups'.  XU_NGROUPS stays the number of groups allowed in
'struct xucred'.  The first is an implementation detail, while the
second is part of a public interface.  All mentions of XU_NGROUPS in the
tree have been reviewed and only those concerning the implementation
detail have been changed to use CRED_SMALLGROUPS_NB (they were all in
'kern_prot.c').

No functional change, as CRED_SMALLGROUPS_NB is set to 16, the same
value as XU_NGROUPS.

Reviewed by:    mhorne (slightly different version)
Approved by:    markj (mentor)
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D46911

(cherry picked from commit 664b9fcb1c051c17ba11d1e5e8a1db9938d76bd5)

Approved by:    markj (mentor)
This commit is contained in:
Olivier Certner 2024-07-16 22:37:44 +02:00
parent 923a50140b
commit 350e2b1940
No known key found for this signature in database
GPG key ID: 8CA13040971E2627
2 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sys/kern/kern_prot.c
View file

@ -811,7 +811,7 @@ struct setgroups_args {
int
sys_setgroups(struct thread *td, struct setgroups_args *uap)
{
gid_t smallgroups[XU_NGROUPS];
gid_t smallgroups[CRED_SMALLGROUPS_NB];
gid_t *groups;
int gidsetsize, error;
@ -819,7 +819,7 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap)
if (gidsetsize > ngroups_max + 1 || gidsetsize < 0)
return (EINVAL);
if (gidsetsize > XU_NGROUPS)
if (gidsetsize > CRED_SMALLGROUPS_NB)
groups = malloc(gidsetsize * sizeof(gid_t), M_TEMP, M_WAITOK);
else
groups = smallgroups;
@ -828,7 +828,7 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap)
if (error == 0)
error = kern_setgroups(td, gidsetsize, groups);
if (gidsetsize > XU_NGROUPS)
if (gidsetsize > CRED_SMALLGROUPS_NB)
free(groups, M_TEMP);
return (error);
}

12
sys/sys/ucred.h
View file

@ -44,6 +44,14 @@ struct loginclass;
#define XU_NGROUPS 16
#if defined(_KERNEL) || defined(_WANT_UCRED)
/*
* Number of groups inlined in 'struct ucred'. It must stay reasonably low as
* it is also used by some functions to allocate an array of this size on the
* stack.
*/
#define CRED_SMALLGROUPS_NB 16
/*
* Credentials.
*
@ -57,7 +65,6 @@ struct loginclass;
*
* See "Credential management" comment in kern_prot.c for more information.
*/
#if defined(_KERNEL) || defined(_WANT_UCRED)
struct ucred {
struct mtx cr_mtx;
long cr_ref; /* (c) reference count */
@ -80,7 +87,8 @@ struct ucred {
struct label *cr_label; /* MAC label */
gid_t *cr_groups; /* groups */
int cr_agroups; /* Available groups */
gid_t cr_smallgroups[XU_NGROUPS]; /* storage for small groups */
/* storage for small groups */
gid_t cr_smallgroups[CRED_SMALLGROUPS_NB];
};
#define NOCRED ((struct ucred *)0) /* no credential available */
#define FSCRED ((struct ucred *)-1) /* filesystem credential */