2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
16 #include <afsconfig.h>
17 #include "afs/param.h"
21 #include "afs/sysincludes.h"
22 #include "afsincludes.h"
23 #include "afs/afs_stats.h" /* statistics */
41 setgroups(ngroups, gidset)
50 AFS_STATCNT(afs_xsetgroups);
54 code = afs_InitReq(&treq, credp);
57 if (code) return code;
59 code = osetgroups(ngroups, gidset);
61 /* Note that if there is a pag already in the new groups we don't
62 * overwrite it with the old pag.
67 if (PagInCred(credp) == NOPAG) {
68 if (((treq.uid >> 24) & 0xff) == 'A') {
70 AddPag(treq.uid, &credp);
75 /* If AddPag() didn't make a new cred, then free our cred ref */
76 if (credp == credp0) {
84 setpag(cred, pagvalue, newpag, change_parent)
88 afs_uint32 change_parent;
90 gid_t gidset[NGROUPS];
96 ngroups = afs_getgroups(*cred, NGROUPS, gidset);
97 if (afs_get_pag_from_groups(gidset[0], gidset[1]) == NOPAG) {
98 /* We will have to shift grouplist to make room for pag */
99 if (ngroups + 2 > NGROUPS) {
100 return (setuerror(E2BIG), E2BIG);
102 for (j = ngroups -1; j >= 0; j--) {
103 gidset[j+2] = gidset[j];
108 *newpag = (pagvalue == -1 ? genpag(): pagvalue);
111 code = kcred_setpag(*cred, PAG_AFS, *newpag);
113 struct ucred *newcr = crdup(*cred);
116 code = kcred_setpag(newcr, PAG_AFS, *newpag);
120 afs_get_groups_from_pag(*newpag, &gidset[0], &gidset[1]);
121 if (code = afs_setgroups(cred, ngroups, gidset, change_parent)) {
122 return (setuerror(code), code);
129 #ifndef AFS_AIX51_ENV
136 int ngrps, savengrps;
139 gidset[0] = gidset[1] = 0;
140 AFS_STATCNT(afs_getgroups);
142 savengrps = ngrps = MIN(ngroups, cred->cr_ngrps);
143 gp = cred->cr_groups;
149 /* the caller is responsible for checking that ngroups <= NGROUPS */
152 copy_to_cred(newcr, ngroups, gidset)
160 newngroups = ngroups;
161 gp = newcr->cr_groups;
164 newcr->cr_ngrps = newngroups;
168 * If change_parent is true, then we want to affect the parent process as well
169 * as the current process. We do this by writing into the given cred, on
170 * the assumption that it is shared with the parent process.
172 * Note that it is important that we do NOT actually do anything to the
173 * parent process, because the NFS/AFS translator uses this routine to
174 * write into a given cred, and it has no intention of affecting the parent
177 * If change_parent is false, then we want to affect only the current process.
187 AFS_STATCNT(afs_setgroups);
189 if (ngroups > NGROUPS)
195 * klog -setpag goes through this code to change the cred
196 * shared with the parent process. Historically this did
197 * not work on AIX, but the problem in AIX has now been
200 * The NFS/AFS translator also uses this code in order to
201 * write into a given cred; it certainly doesn't use it
202 * in order to affect any other process.
204 copy_to_cred(*cred, ngroups, gidset);
208 struct ucred *newcr = crdup(*cred);
210 copy_to_cred(newcr, ngroups, gidset);