1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 28 #pragma ident "%Z%%M% %I% %E% SMI" /* from SVr4.0 1.78 */ 29 30 #include <sys/param.h> 31 #include <sys/types.h> 32 #include <sys/sysmacros.h> 33 #include <sys/systm.h> 34 #include <sys/cred_impl.h> 35 #include <sys/errno.h> 36 #include <sys/proc.h> 37 #include <sys/debug.h> 38 #include <sys/kmem.h> 39 #include <sys/policy.h> 40 41 int 42 setgroups(int gidsetsize, gid_t *gidset) 43 { 44 proc_t *p; 45 cred_t *cr, *newcr; 46 int i; 47 int n = gidsetsize; 48 gid_t *groups = NULL; 49 int error; 50 int scnt = 0; 51 ksidlist_t *ksl = NULL; 52 zone_t *zone; 53 54 /* Perform the cheapest tests before grabbing p_crlock */ 55 if (n > ngroups_max || n < 0) 56 return (set_errno(EINVAL)); 57 58 zone = crgetzone(CRED()); 59 if (n != 0) { 60 groups = kmem_alloc(n * sizeof (gid_t), KM_SLEEP); 61 62 if (copyin(gidset, groups, n * sizeof (gid_t)) != 0) { 63 kmem_free(groups, n * sizeof (gid_t)); 64 return (set_errno(EFAULT)); 65 } 66 67 for (i = 0; i < n; i++) { 68 if (!VALID_GID(groups[i], zone)) { 69 kmem_free(groups, n * sizeof (gid_t)); 70 return (set_errno(EINVAL)); 71 } 72 if (groups[i] > MAXUID) 73 scnt++; 74 } 75 if (scnt > 0) { 76 ksl = kcrsid_gidstosids(zone, n, groups); 77 if (ksl == NULL) { 78 kmem_free(groups, n * sizeof (gid_t)); 79 return (set_errno(EINVAL)); 80 } 81 } 82 } 83 84 85 /* 86 * Need to pre-allocate the new cred structure before acquiring 87 * the p_crlock mutex. 88 */ 89 newcr = cralloc_ksid(); 90 p = ttoproc(curthread); 91 mutex_enter(&p->p_crlock); 92 cr = p->p_cred; 93 94 if ((error = secpolicy_allow_setid(cr, -1, B_FALSE)) != 0) { 95 mutex_exit(&p->p_crlock); 96 if (groups != NULL) 97 kmem_free(groups, n * sizeof (gid_t)); 98 if (ksl != NULL) 99 ksidlist_rele(ksl); 100 crfree(newcr); 101 return (set_errno(error)); 102 } 103 104 crdup_to(cr, newcr); 105 crsetsidlist(newcr, ksl); 106 107 if (n != 0) { 108 bcopy(groups, newcr->cr_groups, n * sizeof (gid_t)); 109 kmem_free(groups, n * sizeof (gid_t)); 110 } 111 112 newcr->cr_ngroups = n; 113 114 p->p_cred = newcr; 115 crhold(newcr); /* hold for the current thread */ 116 crfree(cr); /* free the old one */ 117 mutex_exit(&p->p_crlock); 118 119 /* 120 * Broadcast new cred to process threads (including the current one). 121 */ 122 crset(p, newcr); 123 124 return (0); 125 } 126 127 int 128 getgroups(int gidsetsize, gid_t *gidset) 129 { 130 struct cred *cr; 131 int n; 132 133 cr = curthread->t_cred; 134 n = (int)cr->cr_ngroups; 135 136 if (gidsetsize != 0) { 137 if (gidsetsize < n) 138 return (set_errno(EINVAL)); 139 if (copyout(cr->cr_groups, gidset, n * sizeof (gid_t))) 140 return (set_errno(EFAULT)); 141 } 142 143 return (n); 144 } 145