1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 28 #pragma ident "%Z%%M% %I% %E% SMI" /* from SVr4.0 1.78 */ 29 30 #include <sys/param.h> 31 #include <sys/types.h> 32 #include <sys/sysmacros.h> 33 #include <sys/systm.h> 34 #include <sys/cred_impl.h> 35 #include <sys/errno.h> 36 #include <sys/proc.h> 37 #include <sys/debug.h> 38 #include <sys/kmem.h> 39 #include <sys/policy.h> 40 41 int 42 setgroups(int gidsetsize, gid_t *gidset) 43 { 44 proc_t *p; 45 cred_t *cr, *newcr; 46 int i; 47 int n = gidsetsize; 48 gid_t *groups = NULL; 49 int error; 50 int scnt = 0; 51 ksidlist_t *ksl = NULL; 52 zone_t *zone; 53 54 /* Perform the cheapest tests before grabbing p_crlock */ 55 if (n > ngroups_max || n < 0) 56 return (set_errno(EINVAL)); 57 58 zone = crgetzone(CRED()); 59 if (n != 0) { 60 groups = kmem_alloc(n * sizeof (gid_t), KM_SLEEP); 61 62 if (copyin(gidset, groups, n * sizeof (gid_t)) != 0) { 63 kmem_free(groups, n * sizeof (gid_t)); 64 return (set_errno(EFAULT)); 65 } 66 67 for (i = 0; i < n; i++) { 68 if (!VALID_GID(groups[i], zone)) { 69 kmem_free(groups, n * sizeof (gid_t)); 70 return (set_errno(EINVAL)); 71 } 72 if (groups[i] > MAXUID) 73 scnt++; 74 } 75 if (scnt > 0) { 76 ksl = kcrsid_gidstosids(zone, n, groups); 77 if (ksl == NULL) { 78 kmem_free(groups, n * sizeof (gid_t)); 79 return (set_errno(EINVAL)); 80 } 81 } 82 } 83 84 85 /* 86 * Need to pre-allocate the new cred structure before acquiring 87 * the p_crlock mutex. 88 */ 89 newcr = cralloc_ksid(); 90 p = ttoproc(curthread); 91 mutex_enter(&p->p_crlock); 92 retry: 93 cr = p->p_cred; 94 crhold(cr); 95 mutex_exit(&p->p_crlock); 96 97 if ((error = secpolicy_allow_setid(cr, -1, B_FALSE)) != 0) { 98 if (groups != NULL) 99 kmem_free(groups, n * sizeof (gid_t)); 100 if (ksl != NULL) 101 ksidlist_rele(ksl); 102 crfree(newcr); 103 crfree(cr); 104 return (set_errno(error)); 105 } 106 mutex_enter(&p->p_crlock); 107 crfree(cr); 108 if (cr != p->p_cred) 109 goto retry; 110 111 crdup_to(cr, newcr); 112 crsetsidlist(newcr, ksl); 113 114 if (n != 0) { 115 bcopy(groups, newcr->cr_groups, n * sizeof (gid_t)); 116 kmem_free(groups, n * sizeof (gid_t)); 117 } 118 119 newcr->cr_ngroups = n; 120 121 p->p_cred = newcr; 122 crhold(newcr); /* hold for the current thread */ 123 crfree(cr); /* free the old one */ 124 mutex_exit(&p->p_crlock); 125 126 /* 127 * Broadcast new cred to process threads (including the current one). 128 */ 129 crset(p, newcr); 130 131 return (0); 132 } 133 134 int 135 getgroups(int gidsetsize, gid_t *gidset) 136 { 137 struct cred *cr; 138 int n; 139 140 cr = curthread->t_cred; 141 n = (int)cr->cr_ngroups; 142 143 if (gidsetsize != 0) { 144 if (gidsetsize < n) 145 return (set_errno(EINVAL)); 146 if (copyout(cr->cr_groups, gidset, n * sizeof (gid_t))) 147 return (set_errno(EFAULT)); 148 } 149 150 return (n); 151 } 152