diff options
| author | Olivier Certner <olce.freebsd@certner.fr> | 2023-08-17 23:54:44 +0000 |
|---|---|---|
| committer | Mitchell Horne <mhorne@FreeBSD.org> | 2023-10-18 18:01:38 +0000 |
| commit | f373119badd89f81401c8599869749d4a0fd4a8e (patch) | |
| tree | d8d708806b3c2a0640014df861d907406c52693d | |
| parent | 67d1f6f40a555b7099034283da481a92c53f4f3f (diff) | |
| download | src-f373119badd89f81401c8599869749d4a0fd4a8e.tar.gz src-f373119badd89f81401c8599869749d4a0fd4a8e.zip | |
groupmember(): Extract the supplementary group search in a separate function
This is in preparation for the introduction of the new realgroupmember()
function, which does the same search into supplementary groups as
groupmember().
Approved by: re (gjb)
Reviewed by: mhorne
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40640
(cherry picked from commit b725f232f3b09b4bcbc426854fe1545234c66965)
(cherry picked from commit 9fc5dbab5163b1e18776ac216691cc7eb8566a6f)
| -rw-r--r-- | sys/kern/kern_prot.c | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 648c067dc528..21f5e5d3bc16 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1273,36 +1273,43 @@ sys___setugid(struct thread *td, struct __setugid_args *uap) } /* - * Check if gid is a member of the group set. + * Returns whether gid designates a supplementary group in cred. */ -int -groupmember(gid_t gid, struct ucred *cred) +static int +supplementary_group_member(gid_t gid, struct ucred *cred) { - int l; - int h; - int m; - - if (cred->cr_groups[0] == gid) - return(1); + int l, h, m; /* - * If gid was not our primary group, perform a binary search - * of the supplemental groups. This is possible because we - * sort the groups in crsetgroups(). + * Perform a binary search of the supplemental groups. This is possible + * because we sort the groups in crsetgroups(). */ l = 1; h = cred->cr_ngroups; + while (l < h) { - m = l + ((h - l) / 2); + m = l + (h - l) / 2; if (cred->cr_groups[m] < gid) - l = m + 1; + l = m + 1; else - h = m; + h = m; } - if ((l < cred->cr_ngroups) && (cred->cr_groups[l] == gid)) + + return (l < cred->cr_ngroups && cred->cr_groups[l] == gid); +} + +/* + * Check if gid is a member of the (effective) group set (i.e., effective and + * supplementary groups). + */ +int +groupmember(gid_t gid, struct ucred *cred) +{ + + if (cred->cr_groups[0] == gid) return (1); - return (0); + return (supplementary_group_member(gid, cred)); } /* |