upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 16:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

cred: New crsetgroups_fallback()

Browse source 
Similar to crsetgroups(), but allows an empty group array in input,
treating it like a one-element array containing the passed fallback
group.

Approved by:    markj (mentor)
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D46917
This commit is contained in:
Olivier Certner 2024-10-02 16:16:20 +02:00
parent ea26c0e797
commit d4e0d4d92e
No known key found for this signature in database
GPG key ID: 8CA13040971E2627
2 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
sys/kern/kern_prot.c
View file

@ -2487,6 +2487,24 @@ crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups)
groups_normalize(&cr->cr_ngroups, cr->cr_groups);
}
/*
* Same as crsetgroups() but accepts an empty groups array.
*
* This function ensures that an effective GID is always present in credentials.
* An empty array is treated as a one-size one holding the passed effective GID
* fallback.
*/
void
crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups,
const gid_t fallback)
{
if (ngrp == 0)
/* Shortcut. */
crsetgroups_internal(cr, 1, &fallback);
else
crsetgroups(cr, ngrp, groups);
}
/*
* Get login name, if available.
*/

2
sys/sys/ucred.h
View file

@ -167,6 +167,8 @@ void crcowfree(struct thread *td);
void cru2x(struct ucred *cr, struct xucred *xcr);
void cru2xt(struct thread *td, struct xucred *xcr);
void crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups);
void crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups,
const gid_t fallback);
/*
* Returns whether gid designates a primary group in cred.