2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
16 #include <afsconfig.h>
17 #include "afs/param.h"
20 #include "afs/sysincludes.h"
21 #include "afsincludes.h"
22 #include "afs/afs_stats.h" /* statistics */
26 afs_getgroups(struct ucred
*cred
, int ngroups
, gid_t
* gidset
);
29 afs_setgroups(struct ucred
**cred
, int ngroups
, gid_t
* gidset
,
34 setgroups(ngroups
, gidset
)
43 AFS_STATCNT(afs_xsetgroups
);
47 code
= afs_InitReq(&treq
, credp
);
53 code
= osetgroups(ngroups
, gidset
);
55 /* Note that if there is a pag already in the new groups we don't
56 * overwrite it with the old pag.
61 if (PagInCred(credp
) == NOPAG
) {
62 if (((treq
.uid
>> 24) & 0xff) == 'A') {
64 AddPag(treq
.uid
, &credp
);
69 /* If AddPag() didn't make a new cred, then free our cred ref */
70 if (credp
== credp0
) {
78 setpag(cred
, pagvalue
, newpag
, change_parent
)
82 afs_uint32 change_parent
;
84 gid_t gidset
[NGROUPS
];
90 ngroups
= afs_getgroups(*cred
, NGROUPS
, gidset
);
91 if (afs_get_pag_from_groups(gidset
[0], gidset
[1]) == NOPAG
) {
92 /* We will have to shift grouplist to make room for pag */
93 if (ngroups
+ 2 > NGROUPS
) {
94 return (setuerror(E2BIG
), E2BIG
);
96 for (j
= ngroups
- 1; j
>= 0; j
--) {
97 gidset
[j
+ 2] = gidset
[j
];
102 *newpag
= (pagvalue
== -1 ? genpag() : pagvalue
);
105 code
= kcred_setpag(*cred
, PAG_AFS
, *newpag
);
107 struct ucred
*newcr
= crdup(*cred
);
110 code
= kcred_setpag(newcr
, PAG_AFS
, *newpag
);
114 afs_get_groups_from_pag(*newpag
, &gidset
[0], &gidset
[1]);
115 if (code
= afs_setgroups(cred
, ngroups
, gidset
, change_parent
)) {
116 return (setuerror(code
), code
);
123 #ifndef AFS_AIX51_ENV
125 afs_getgroups(struct ucred
*cred
, int ngroups
, gid_t
* gidset
)
127 int ngrps
, savengrps
;
130 gidset
[0] = gidset
[1] = 0;
131 AFS_STATCNT(afs_getgroups
);
133 savengrps
= ngrps
= MIN(ngroups
, cred
->cr_ngrps
);
134 gp
= cred
->cr_groups
;
140 /* the caller is responsible for checking that ngroups <= NGROUPS */
143 copy_to_cred(newcr
, ngroups
, gidset
)
151 newngroups
= ngroups
;
152 gp
= newcr
->cr_groups
;
155 newcr
->cr_ngrps
= newngroups
;
159 * If change_parent is true, then we want to affect the parent process as well
160 * as the current process. We do this by writing into the given cred, on
161 * the assumption that it is shared with the parent process.
163 * Note that it is important that we do NOT actually do anything to the
164 * parent process, because the NFS/AFS translator uses this routine to
165 * write into a given cred, and it has no intention of affecting the parent
168 * If change_parent is false, then we want to affect only the current process.
172 afs_setgroups(struct ucred
**cred
, int ngroups
, gid_t
* gidset
,
175 AFS_STATCNT(afs_setgroups
);
177 if (ngroups
> NGROUPS
)
183 * klog -setpag goes through this code to change the cred
184 * shared with the parent process. Historically this did
185 * not work on AIX, but the problem in AIX has now been
188 * The NFS/AFS translator also uses this code in order to
189 * write into a given cred; it certainly doesn't use it
190 * in order to affect any other process.
192 copy_to_cred(*cred
, ngroups
, gidset
);
196 struct ucred
*newcr
= crdup(*cred
);
198 copy_to_cred(newcr
, ngroups
, gidset
);