2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
17 #include <afsconfig.h>
18 #include "afs/param.h"
26 #include "afs/sysincludes.h"
27 #include "afsincludes.h"
28 #include "afs/afs_stats.h" /* statistics */
32 afs_getgroups(struct cred
*cred
, gid_t
* gidset
);
35 afs_setgroups(struct cred
**cred
, int ngroups
, gid_t
* gidset
,
40 afs_xsetgroups(uap
, rvp
)
41 u_int uap
; /* this is gidsetsize */
42 gid_t
*rvp
; /* this is gidset */
46 struct proc
*proc
= ttoproc(curthread
);
48 AFS_STATCNT(afs_xsetgroups
);
50 code
= afs_InitReq(&treq
, proc
->p_cred
);
54 code
= setgroups(uap
, rvp
);
56 /* Note that if there is a pag already in the new groups we don't
57 * overwrite it with the old pag.
59 if (PagInCred(proc
->p_cred
) == NOPAG
) {
60 if (((treq
.uid
>> 24) & 0xff) == 'A') {
62 /* we've already done a setpag, so now we redo it */
63 AddPag(treq
.uid
, &proc
->p_cred
);
70 #ifdef AFS_PAG_ONEGROUP_ENV
72 * Take a PAG, and put it into the given array of gids.
74 * @param[in] pagvalue The numeric id for the PAG to assign (must not be -1)
75 * @param[in] gidset An array of gids
76 * @param[inout] a_ngroups How many entries in 'gidset' have valid gids
77 * @param[in] gidset_sz The number of bytes allocated for 'gidset'
82 pag_to_gidset(afs_uint32 pagvalue
, gid_t
*gidset
, int *a_ngroups
,
86 gid_t
*gidslot
= NULL
;
87 int ngroups
= *a_ngroups
;
89 osi_Assert(pagvalue
!= -1);
91 /* See if we already have a PAG gid */
92 for (i
= 0; i
< ngroups
; i
++) {
93 if (((gidset
[i
] >> 24) & 0xff) == 'A') {
99 if (gidslot
== NULL
) {
100 /* If we don't already have a PAG, grow the groups list by one, and put
101 * our PAG in the new empty slot. */
102 if ((sizeof(gidset
[0])) * (ngroups
+ 1) > gidset_sz
) {
106 gidslot
= &gidset
[ngroups
-1];
110 * For newer Solaris releases (Solaris 11), we cannot control the order of
111 * the supplemental groups list of a process, so we can't store PAG gids as
112 * the first two gids anymore. To make finding a PAG gid easier to find,
113 * just use a single gid to represent a PAG, and just store the PAG id
114 * itself in there, like is currently done on Linux. Note that our PAG ids
115 * all start with the byte 0x41 ('A'), so we should not collide with
116 * anything. GIDs with the highest bit set are special (used for Windows
117 * SID mapping), but anything under that range should be fine.
121 *a_ngroups
= ngroups
;
126 /* For earlier Solaris releases, convert a PAG number into two gids, and store
127 * those gids as the first groups in the supplemental group list. */
129 pag_to_gidset(afs_uint32 pagvalue
, gid_t
*gidset
, int *a_ngroups
,
133 int ngroups
= *a_ngroups
;
135 osi_Assert(pagvalue
!= -1);
137 if (afs_get_pag_from_groups(gidset
[0], gidset
[1]) == NOPAG
) {
138 /* We will have to shift grouplist to make room for pag */
139 if ((sizeof(gidset
[0])) * (ngroups
+ 2) > gidset_sz
) {
142 for (j
= ngroups
- 1; j
>= 0; j
--) {
143 gidset
[j
+ 2] = gidset
[j
];
147 afs_get_groups_from_pag(pagvalue
, &gidset
[0], &gidset
[1]);
149 *a_ngroups
= ngroups
;
156 setpag(cred
, pagvalue
, newpag
, change_parent
)
160 afs_uint32 change_parent
;
168 /* Derive gidset size from running kernel's ngroups_max;
169 * default 16, but configurable up to 32 (Sol10) or
172 gidset_sz
= sizeof(gidset
[0]) * ngroups_max
;
174 /* must use osi_Alloc, osi_AllocSmallSpace may not be enough. */
175 gidset
= osi_Alloc(gidset_sz
);
177 pagvalue
= (pagvalue
== -1 ? genpag() : pagvalue
);
179 mutex_enter(&curproc
->p_crlock
);
180 ngroups
= afs_getgroups(*cred
, gidset
);
182 code
= pag_to_gidset(pagvalue
, gidset
, &ngroups
, gidset_sz
);
184 mutex_exit(&curproc
->p_crlock
);
190 /* afs_setgroups will release curproc->p_crlock */
191 /* exit action is same regardless of code */
192 code
= afs_setgroups(cred
, ngroups
, gidset
, change_parent
);
195 osi_Free((char *)gidset
, gidset_sz
);
201 afs_getgroups(struct cred
*cred
, gid_t
* gidset
)
203 int ngrps
, savengrps
;
206 AFS_STATCNT(afs_getgroups
);
208 gidset
[0] = gidset
[1] = 0;
209 #if defined(AFS_SUN510_ENV)
210 savengrps
= ngrps
= crgetngroups(cred
);
211 gp
= crgetgroups(cred
);
213 savengrps
= ngrps
= cred
->cr_ngroups
;
214 gp
= cred
->cr_groups
;
224 afs_setgroups(struct cred
**cred
, int ngroups
, gid_t
* gidset
,
227 #ifndef AFS_PAG_ONEGROUP_ENV
231 AFS_STATCNT(afs_setgroups
);
233 if (ngroups
> ngroups_max
) {
234 mutex_exit(&curproc
->p_crlock
);
238 *cred
= (struct cred
*)crcopy(*cred
);
240 #ifdef AFS_PAG_ONEGROUP_ENV
241 crsetgroups(*cred
, ngroups
, gidset
);
243 # if defined(AFS_SUN510_ENV)
244 crsetgroups(*cred
, ngroups
, gidset
);
245 gp
= crgetgroups(*cred
);
247 (*cred
)->cr_ngroups
= ngroups
;
248 gp
= (*cred
)->cr_groups
;
252 #endif /* !AFS_PAG_ONEGROUP_ENV */
254 mutex_exit(&curproc
->p_crlock
);
256 crset(curproc
, *cred
); /* broadcast to all threads */
260 #ifdef AFS_PAG_ONEGROUP_ENV
262 osi_get_group_pag(struct cred
*cred
) {
267 gidset
= crgetgroups(cred
);
268 ngroups
= crgetngroups(cred
);
270 for (i
= 0; i
< ngroups
; i
++) {
271 if (((gidset
[i
] >> 24) & 0xff) == 'A') {