diff options
| author | Casper H.S. Dik <Casper.Dik@Sun.COM> | 2009-11-20 20:58:43 +0100 |
|---|---|---|
| committer | Casper H.S. Dik <Casper.Dik@Sun.COM> | 2009-11-20 20:58:43 +0100 |
| commit | 67dbe2be0c0f1e2eb428b89088bb5667e8f0b9f6 (patch) | |
| tree | ae276da3565da2f00f984253f7b5da205d4384c5 /usr/src/uts/common/syscall/groups.c | |
| parent | f73ae3db72a91f9f8759931a1c643c7dad785881 (diff) | |
| download | illumos-joyent-67dbe2be0c0f1e2eb428b89088bb5667e8f0b9f6.tar.gz | |
PSARC 2009/542 Increase the maximum value of NGROUPS_MAX to 1024
4088757 Customer would like to increase ngroups_max more than 32
6853435 Many files incorrectly include the private <sys/cred_impl.h>
Diffstat (limited to 'usr/src/uts/common/syscall/groups.c')
| -rw-r--r-- | usr/src/uts/common/syscall/groups.c | 41 |
1 files changed, 18 insertions, 23 deletions
diff --git a/usr/src/uts/common/syscall/groups.c b/usr/src/uts/common/syscall/groups.c index 3a46812f8a..17434ff36d 100644 --- a/usr/src/uts/common/syscall/groups.c +++ b/usr/src/uts/common/syscall/groups.c @@ -20,18 +20,17 @@ */ /* * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" /* from SVr4.0 1.78 */ - #include <sys/param.h> #include <sys/types.h> #include <sys/sysmacros.h> #include <sys/systm.h> -#include <sys/cred_impl.h> +#include <sys/cred.h> +#include <sys/sid.h> #include <sys/errno.h> #include <sys/proc.h> #include <sys/debug.h> @@ -45,11 +44,11 @@ setgroups(int gidsetsize, gid_t *gidset) cred_t *cr, *newcr; int i; int n = gidsetsize; - gid_t *groups = NULL; int error; int scnt = 0; ksidlist_t *ksl = NULL; zone_t *zone; + struct credgrp *grps = NULL; /* Perform the cheapest tests before grabbing p_crlock */ if (n > ngroups_max || n < 0) @@ -57,25 +56,27 @@ setgroups(int gidsetsize, gid_t *gidset) zone = crgetzone(CRED()); if (n != 0) { - groups = kmem_alloc(n * sizeof (gid_t), KM_SLEEP); + const gid_t *groups; + + grps = crgrpcopyin(n, gidset); - if (copyin(gidset, groups, n * sizeof (gid_t)) != 0) { - kmem_free(groups, n * sizeof (gid_t)); + if (grps == NULL) return (set_errno(EFAULT)); - } + + groups = crgetggroups(grps); for (i = 0; i < n; i++) { if (!VALID_GID(groups[i], zone)) { - kmem_free(groups, n * sizeof (gid_t)); + crgrprele(grps); return (set_errno(EINVAL)); } if (groups[i] > MAXUID) scnt++; } if (scnt > 0) { - ksl = kcrsid_gidstosids(zone, n, groups); + ksl = kcrsid_gidstosids(zone, n, (gid_t *)groups); if (ksl == NULL) { - kmem_free(groups, n * sizeof (gid_t)); + crgrprele(grps); return (set_errno(EINVAL)); } } @@ -95,8 +96,8 @@ retry: mutex_exit(&p->p_crlock); if ((error = secpolicy_allow_setid(cr, -1, B_FALSE)) != 0) { - if (groups != NULL) - kmem_free(groups, n * sizeof (gid_t)); + if (grps != NULL) + crgrprele(grps); if (ksl != NULL) ksidlist_rele(ksl); crfree(newcr); @@ -110,13 +111,7 @@ retry: crdup_to(cr, newcr); crsetsidlist(newcr, ksl); - - if (n != 0) { - bcopy(groups, newcr->cr_groups, n * sizeof (gid_t)); - kmem_free(groups, n * sizeof (gid_t)); - } - - newcr->cr_ngroups = n; + crsetcredgrp(newcr, grps); p->p_cred = newcr; crhold(newcr); /* hold for the current thread */ @@ -138,12 +133,12 @@ getgroups(int gidsetsize, gid_t *gidset) int n; cr = curthread->t_cred; - n = (int)cr->cr_ngroups; + n = crgetngroups(cr); if (gidsetsize != 0) { if (gidsetsize < n) return (set_errno(EINVAL)); - if (copyout(cr->cr_groups, gidset, n * sizeof (gid_t))) + if (copyout(crgetgroups(cr), gidset, n * sizeof (gid_t))) return (set_errno(EFAULT)); } |