search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge 1.8.0~pre4 packaging into master
[pkg-k5-afs_openafs.git] / src / afs / NBSD / osi_groups.c
blob78b80e70bdba23117f3644c5608f0fa452e5326d
1 /*
2 * Copyright 2000, International Business Machines Corporation and others.
3 * All Rights Reserved.
4 *
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
8 */
9
10 /*
11 * osi_groups.c
12 *
13 * Implements:
14 * Afs_xsetgroups (syscall)
15 * setpag
16 *
17 */
18 #include <afsconfig.h>
19 #include "afs/param.h"
20
21
22 #include "afs/sysincludes.h"
23 #include "afs/afsincludes.h"
24 #include "afs/afs_stats.h" /* statistics */
25 #include "sys/syscallargs.h"
26
27 #define NOUID ((uid_t) -1)
28 #define NOGID ((gid_t) -1)
29
30 /*
31 * NetBSD has a very flexible and elegant replacement for Unix
32 * groups KPIs, see kauth(9).
33 *
34 */
35
36 static int osi_getgroups(afs_ucred_t *, int, gid_t *);
37
38 /* why **? are we returning or reallocating creat? */
39 static int osi_setgroups(afs_proc_t *, afs_ucred_t **, int, gid_t *, int);
40
41 int Afs_xsetgroups(afs_proc_t *, const void *, register_t *);
42
43 int
44 Afs_xsetgroups(afs_proc_t *p, const void *args, register_t *retval)
45 {
46 int code = 0;
47 struct vrequest treq;
48 afs_ucred_t *cred = osi_proccred(p);
49
50 AFS_STATCNT(afs_xsetgroups);
51
52 AFS_GLOCK();
53 code = afs_InitReq(&treq, cred);
54 AFS_GUNLOCK();
55
56 if (code)
57 return code;
58
59 /* results visible via kauth_cred_getgroups. also does other work */
60 code = sys_setgroups(p, args, retval);
61
62 /*
63 * Note that if there is a pag already in the new groups we don't
64 * overwrite it with the old pag.
65 */
66 if (PagInCred(cred) == NOPAG) {
67 if (((treq.uid >> 24) & 0xff) == 'A') {
68 AFS_GLOCK();
69 /* we've already done a setpag, so now we redo it */
70 AddPag(p, treq.uid, &cred);
71 AFS_GUNLOCK();
72 }
73 }
74 return code;
75 }
76
77 int
78 setpag(afs_proc_t *proc, afs_ucred_t **cred, afs_uint32 pagvalue,
79 afs_uint32 * newpag, int change_parent)
80 {
81 gid_t gidset[NGROUPS];
82 int ngroups, code;
83 int j;
84
85 AFS_STATCNT(setpag);
86 ngroups = osi_getgroups(*cred, NGROUPS, gidset);
87 if (afs_get_pag_from_groups(gidset[1], gidset[2]) == NOPAG) {
88 /* We will have to shift grouplist to make room for pag */
89 if (ngroups + 2 > NGROUPS) {
90 return (E2BIG);
91 }
92 for (j = ngroups - 1; j >= 1; j--) {
93 gidset[j + 2] = gidset[j];
94 }
95 ngroups += 2;
96 }
97 *newpag = (pagvalue == -1 ? genpag() : pagvalue);
98 afs_get_groups_from_pag(*newpag, &gidset[1], &gidset[2]);
99 code = osi_setgroups(proc, cred, ngroups, gidset, change_parent);
100 return code;
101 }
102
103
104 static int
105 osi_getgroups(afs_ucred_t *cred, int ngroups, gid_t *gidset)
106 {
107 AFS_STATCNT(afs_getgroups);
108
109 ngroups = MIN(kauth_cred_ngroups(cred), ngroups);
110
111 kauth_cred_getgroups(cred, gidset, ngroups, UIO_SYSSPACE);
112 return ngroups;
113 }
114
115
116 static int
117 osi_setgroups(afs_proc_t *proc, afs_ucred_t **cred, int ngroups,
118 gid_t * gidset, int change_parent)
119 {
120 int code;
121 afs_ucred_t *ocred;
122
123 AFS_STATCNT(afs_setgroups); /* XXX rename statcnt */
124
125 if (ngroups > NGROUPS)
126 return EINVAL;
127
128 proc_crmod_enter();
129
130 if (!change_parent) {
131 ocred = *cred;
132 *cred = kauth_cred_dup(ocred);
133 }
134
135 code = kauth_cred_setgroups(*cred, gidset, ngroups, -1, UIO_SYSSPACE);
136
137 if (!change_parent) {
138 proc_crmod_leave(*cred, ocred, false);
139 }
140
141 return code;
142 }
Mirror of pkg-k5-afs/openafs.git (OpenAFS Debian packaging)