Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Expose groupmember as kauth_cred_groupmember and use it.
details: https://anonhg.NetBSD.org/src/rev/d8ff432c5ac9
branches: trunk
changeset: 364477:d8ff432c5ac9
user: christos <christos%NetBSD.org@localhost>
date: Sun Mar 27 16:23:08 2022 +0000
description:
Expose groupmember as kauth_cred_groupmember and use it.
diffstat:
sys/fs/unionfs/unionfs_vnops.c | 6 +-----
sys/kern/kern_auth.c | 23 +++++++++++++++++++++--
sys/kern/sysv_ipc.c | 11 ++++-------
sys/miscfs/genfs/genfs_vnops.c | 30 +++++++++---------------------
4 files changed, 35 insertions(+), 35 deletions(-)
diffs (205 lines):
diff -r a9fae3c5d882 -r d8ff432c5ac9 sys/fs/unionfs/unionfs_vnops.c
--- a/sys/fs/unionfs/unionfs_vnops.c Sun Mar 27 16:16:39 2022 +0000
+++ b/sys/fs/unionfs/unionfs_vnops.c Sun Mar 27 16:23:08 2022 +0000
@@ -566,7 +566,6 @@
static int
unionfs_check_corrected_access(u_short mode, struct vattr *va, kauth_cred_t cred)
{
- int result;
int error;
uid_t uid; /* upper side vnode's uid */
gid_t gid; /* upper side vnode's gid */
@@ -590,10 +589,7 @@
}
/* check group */
- error = kauth_cred_ismember_gid(cred, gid, &result);
- if (error != 0)
- return error;
- if (result) {
+ if (kauth_cred_groupmember(cred, gid) == 0) {
if (mode & VEXEC)
mask |= S_IXGRP;
if (mode & VREAD)
diff -r a9fae3c5d882 -r d8ff432c5ac9 sys/kern/kern_auth.c
--- a/sys/kern/kern_auth.c Sun Mar 27 16:16:39 2022 +0000
+++ b/sys/kern/kern_auth.c Sun Mar 27 16:23:08 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.79 2022/03/12 15:32:32 riastradh Exp $ */
+/* $NetBSD: kern_auth.c,v 1.80 2022/03/27 16:23:08 christos Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.79 2022/03/12 15:32:32 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.80 2022/03/27 16:23:08 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -404,6 +404,25 @@
return (0);
}
+int
+kauth_cred_groupmember(kauth_cred_t cred, gid_t gid)
+{
+ int ismember, error;
+
+ KASSERT(cred != NULL);
+ KASSERT(cred != NOCRED);
+ KASSERT(cred != FSCRED);
+
+ error = kauth_cred_ismember_gid(cred, gid, &ismember);
+ if (error)
+ return error;
+
+ if (kauth_cred_getegid(cred) == gid || ismember)
+ return 0;
+
+ return -1;
+}
+
u_int
kauth_cred_ngroups(kauth_cred_t cred)
{
diff -r a9fae3c5d882 -r d8ff432c5ac9 sys/kern/sysv_ipc.c
--- a/sys/kern/sysv_ipc.c Sun Mar 27 16:16:39 2022 +0000
+++ b/sys/kern/sysv_ipc.c Sun Mar 27 16:23:08 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sysv_ipc.c,v 1.41 2020/02/21 00:26:22 joerg Exp $ */
+/* $NetBSD: sysv_ipc.c,v 1.42 2022/03/27 16:23:08 christos Exp $ */
/*-
* Copyright (c) 1998, 2007 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.41 2020/02/21 00:26:22 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.42 2022/03/27 16:23:08 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_sysv.h"
@@ -258,7 +258,6 @@
void *arg0, void *arg1, void *arg2, void *arg3)
{
mode_t mask;
- int ismember = 0;
struct ipc_perm *perm;
int mode;
enum kauth_system_req req;
@@ -290,10 +289,8 @@
return ((perm->mode & mask) == mask ? KAUTH_RESULT_ALLOW : KAUTH_RESULT_DEFER /* EACCES */);
}
- if (kauth_cred_getegid(cred) == perm->gid ||
- (kauth_cred_ismember_gid(cred, perm->gid, &ismember) == 0 && ismember) ||
- kauth_cred_getegid(cred) == perm->cgid ||
- (kauth_cred_ismember_gid(cred, perm->cgid, &ismember) == 0 && ismember)) {
+ if (kauth_cred_groupmember(cred, perm->gid) == 0 ||
+ kauth_cred_groupmember(cred, perm->cgid) == 0) {
if (mode & IPC_R)
mask |= S_IRGRP;
if (mode & IPC_W)
diff -r a9fae3c5d882 -r d8ff432c5ac9 sys/miscfs/genfs/genfs_vnops.c
--- a/sys/miscfs/genfs/genfs_vnops.c Sun Mar 27 16:16:39 2022 +0000
+++ b/sys/miscfs/genfs/genfs_vnops.c Sun Mar 27 16:23:08 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: genfs_vnops.c,v 1.217 2022/03/19 13:52:45 hannken Exp $ */
+/* $NetBSD: genfs_vnops.c,v 1.218 2022/03/27 16:23:08 christos Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.217 2022/03/19 13:52:45 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.218 2022/03/27 16:23:08 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -663,18 +663,6 @@
return rw_write_held(&gp->g_glock);
}
-static int
-groupmember(gid_t gid, kauth_cred_t cred)
-{
- int ismember;
- int error = kauth_cred_ismember_gid(cred, gid, &ismember);
- if (error)
- return error;
- if (kauth_cred_getegid(cred) == gid || ismember)
- return 0;
- return -1;
-}
-
/*
* Common filesystem object access control check routine. Accepts a
* vnode, cred, uid, gid, mode, acl, requested access mode.
@@ -712,7 +700,7 @@
/* Otherwise, check the groups (first match) */
/* Otherwise, check the groups. */
- error = groupmember(file_gid, cred);
+ error = kauth_cred_groupmember(cred, file_gid);
if (error > 0)
return error;
if (error == 0) {
@@ -864,7 +852,7 @@
struct acl_entry *ae = &acl->acl_entry[i];
switch (ae->ae_tag) {
case ACL_GROUP_OBJ:
- error = groupmember(file_gid, cred);
+ error = kauth_cred_groupmember(cred, file_gid);
if (error > 0)
return error;
if (error)
@@ -885,7 +873,7 @@
break;
case ACL_GROUP:
- error = groupmember(ae->ae_id, cred);
+ error = kauth_cred_groupmember(cred, ae->ae_id);
if (error > 0)
return error;
if (error)
@@ -919,7 +907,7 @@
struct acl_entry *ae = &acl->acl_entry[i];
switch (ae->ae_tag) {
case ACL_GROUP_OBJ:
- error = groupmember(file_gid, cred);
+ error = kauth_cred_groupmember(cred, file_gid);
if (error > 0)
return error;
if (error)
@@ -935,7 +923,7 @@
goto out;
case ACL_GROUP:
- error = groupmember(ae->ae_id, cred);
+ error = kauth_cred_groupmember(cred, ae->ae_id);
if (error > 0)
return error;
if (error)
@@ -1053,14 +1041,14 @@
continue;
break;
case ACL_GROUP_OBJ:
- error = groupmember(file_gid, cred);
+ error = kauth_cred_groupmember(cred, file_gid);
if (error > 0)
return error;
if (error != 0)
continue;
break;
case ACL_GROUP:
- error = groupmember(ae->ae_id, cred);
+ error = kauth_cred_groupmember(cred, ae->ae_id);
if (error > 0)
return error;
if (error != 0)
Home |
Main Index |
Thread Index |
Old Index