1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 28 #pragma ident "%Z%%M% %I% %E% SMI" /* from SVr4.0 1.78 */ 29 30 #include <sys/param.h> 31 #include <sys/types.h> 32 #include <sys/sysmacros.h> 33 #include <sys/systm.h> 34 #include <sys/cred_impl.h> 35 #include <sys/errno.h> 36 #include <sys/proc.h> 37 #include <sys/debug.h> 38 #include <sys/kmem.h> 39 #include <sys/policy.h> 40 41 int 42 setgroups(int gidsetsize, gid_t *gidset) 43 { 44 proc_t *p; 45 cred_t *cr, *newcr; 46 int i; 47 int n = gidsetsize; 48 gid_t *groups = NULL; 49 int error; 50 int scnt = 0; 51 ksidlist_t *ksl = NULL; 52 53 /* Perform the cheapest tests before grabbing p_crlock */ 54 if (n > ngroups_max || n < 0) 55 return (set_errno(EINVAL)); 56 57 if (n != 0) { 58 groups = kmem_alloc(n * sizeof (gid_t), KM_SLEEP); 59 60 if (copyin(gidset, groups, n * sizeof (gid_t)) != 0) { 61 kmem_free(groups, n * sizeof (gid_t)); 62 return (set_errno(EFAULT)); 63 } 64 65 for (i = 0; i < n; i++) { 66 if (!VALID_GID(groups[i])) { 67 kmem_free(groups, n * sizeof (gid_t)); 68 return (set_errno(EINVAL)); 69 } 70 if (groups[i] > MAXUID) 71 scnt++; 72 } 73 if (scnt > 0) { 74 ksl = kcrsid_gidstosids(n, groups); 75 if (ksl == NULL) { 76 kmem_free(groups, n * sizeof (gid_t)); 77 return (set_errno(EINVAL)); 78 } 79 } 80 } 81 82 83 /* 84 * Need to pre-allocate the new cred structure before acquiring 85 * the p_crlock mutex. 86 */ 87 newcr = cralloc_ksid(); 88 p = ttoproc(curthread); 89 mutex_enter(&p->p_crlock); 90 cr = p->p_cred; 91 92 if ((error = secpolicy_allow_setid(cr, -1, B_FALSE)) != 0) { 93 mutex_exit(&p->p_crlock); 94 if (groups != NULL) 95 kmem_free(groups, n * sizeof (gid_t)); 96 if (ksl != NULL) 97 ksidlist_rele(ksl); 98 crfree(newcr); 99 return (set_errno(error)); 100 } 101 102 crdup_to(cr, newcr); 103 crsetsidlist(newcr, ksl); 104 105 if (n != 0) { 106 bcopy(groups, newcr->cr_groups, n * sizeof (gid_t)); 107 kmem_free(groups, n * sizeof (gid_t)); 108 } 109 110 newcr->cr_ngroups = n; 111 112 p->p_cred = newcr; 113 crhold(newcr); /* hold for the current thread */ 114 crfree(cr); /* free the old one */ 115 mutex_exit(&p->p_crlock); 116 117 /* 118 * Broadcast new cred to process threads (including the current one). 119 */ 120 crset(p, newcr); 121 122 return (0); 123 } 124 125 int 126 getgroups(int gidsetsize, gid_t *gidset) 127 { 128 struct cred *cr; 129 int n; 130 131 cr = curthread->t_cred; 132 n = (int)cr->cr_ngroups; 133 134 if (gidsetsize != 0) { 135 if (gidsetsize < n) 136 return (set_errno(EINVAL)); 137 if (copyout(cr->cr_groups, gidset, n * sizeof (gid_t))) 138 return (set_errno(EFAULT)); 139 } 140 141 return (n); 142 } 143