2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
16 #include <afsconfig.h>
17 #include "afs/param.h"
18 #ifdef LINUX_KEYRING_SUPPORT
19 #include <linux/seq_file.h>
25 #include "afs/sysincludes.h"
26 #include "afsincludes.h"
27 #include "afs/afs_stats.h" /* statistics */
28 #ifdef AFS_LINUX22_ENV
29 #include "h/smp_lock.h"
32 #if defined(AFS_LINUX26_ENV)
34 afs_setgroups(cred_t **cr, struct group_info *group_info, int change_parent)
36 struct group_info *old_info;
38 AFS_STATCNT(afs_setgroups);
40 old_info = (*cr)->cr_group_info;
41 get_group_info(group_info);
42 (*cr)->cr_group_info = group_info;
43 put_group_info(old_info);
48 old_info = current->parent->group_info;
49 get_group_info(group_info);
50 current->parent->group_info = group_info;
51 put_group_info(old_info);
58 afs_setgroups(cred_t **cr, int ngroups, gid_t * gidset, int change_parent)
64 AFS_STATCNT(afs_setgroups);
66 if (ngroups > NGROUPS)
69 gp = (*cr)->cr_groups;
70 if (ngroups < NGROUPS)
71 gp[ngroups] = (gid_t) NOGROUP;
73 for (i = ngroups; i > 0; i--) {
77 (*cr)->cr_ngroups = ngroups;
83 #if defined(AFS_LINUX26_ENV)
84 static struct group_info *
85 afs_getgroups(cred_t * cr)
87 AFS_STATCNT(afs_getgroups);
89 get_group_info(cr->cr_group_info);
90 return cr->cr_group_info;
93 /* Returns number of groups. And we trust groups to be large enough to
94 * hold all the groups.
97 afs_getgroups(cred_t *cr, gid_t *groups)
103 AFS_STATCNT(afs_getgroups);
108 for (i = 0; (i < n) && (*gp != (gid_t) NOGROUP); i++)
114 #if !defined(AFS_LINUX26_ENV)
115 /* Only propogate the PAG to the parent process. Unix's propogate to
116 * all processes sharing the cred.
119 set_pag_in_parent(int pag, int g0, int g1)
122 #ifdef STRUCT_TASK_STRUCT_HAS_PARENT
123 gid_t *gp = current->parent->groups;
124 int ngroups = current->parent->ngroups;
126 gid_t *gp = current->p_pptr->groups;
127 int ngroups = current->p_pptr->ngroups;
130 if ((ngroups < 2) || (afs_get_pag_from_groups(gp[0], gp[1]) == NOPAG)) {
131 /* We will have to shift grouplist to make room for pag */
132 if (ngroups + 2 > NGROUPS) {
135 for (i = ngroups - 1; i >= 0; i--) {
142 if (ngroups < NGROUPS)
143 gp[ngroups] = NOGROUP;
145 #ifdef STRUCT_TASK_STRUCT_HAS_PARENT
146 current->parent->ngroups = ngroups;
148 current->p_pptr->ngroups = ngroups;
154 #if defined(AFS_LINUX26_ENV)
156 __setpag(cred_t **cr, afs_uint32 pagvalue, afs_uint32 *newpag,
159 struct group_info *group_info;
161 struct group_info *tmp;
165 group_info = afs_getgroups(*cr);
166 if (group_info->ngroups < 2
167 || afs_get_pag_from_groups(GROUP_AT(group_info, 0),
168 GROUP_AT(group_info, 1)) == NOPAG)
169 /* We will have to make sure group_info is big enough for pag */
172 tmp = groups_alloc(group_info->ngroups + need_space);
174 for (i = 0; i < group_info->ngroups; ++i)
175 GROUP_AT(tmp, i + need_space) = GROUP_AT(group_info, i);
176 put_group_info(group_info);
179 *newpag = (pagvalue == -1 ? genpag() : pagvalue);
180 afs_get_groups_from_pag(*newpag, &g0, &g1);
181 GROUP_AT(group_info, 0) = g0;
182 GROUP_AT(group_info, 1) = g1;
184 afs_setgroups(cr, group_info, change_parent);
186 put_group_info(group_info);
191 #ifdef LINUX_KEYRING_SUPPORT
192 #include <asm/unistd.h>
193 #include <linux/keyctl.h>
196 static inline _syscall2(long, keyctl, int, option, void*, arg2);
199 __join_session_keyring(char *name)
201 return keyctl(KEYCTL_JOIN_SESSION_KEYRING, name);
203 #endif /* LINUX_KEYRING_SUPPORT */
207 __setpag(cred_t **cr, afs_uint32 pagvalue, afs_uint32 *newpag,
211 afs_int32 ngroups, code = 0;
214 gidset = (gid_t *) osi_Alloc(NGROUPS * sizeof(gidset[0]));
215 ngroups = afs_getgroups(*cr, gidset);
217 if (afs_get_pag_from_groups(gidset[0], gidset[1]) == NOPAG) {
218 /* We will have to shift grouplist to make room for pag */
219 if (ngroups + 2 > NGROUPS) {
220 osi_Free((char *)gidset, NGROUPS * sizeof(int));
223 for (j = ngroups - 1; j >= 0; j--) {
224 gidset[j + 2] = gidset[j];
228 *newpag = (pagvalue == -1 ? genpag() : pagvalue);
229 afs_get_groups_from_pag(*newpag, &gidset[0], &gidset[1]);
230 code = afs_setgroups(cr, ngroups, gidset, change_parent);
232 /* If change_parent is set, then we should set the pag in the parent as
235 if (change_parent && !code) {
236 code = set_pag_in_parent(*newpag, gidset[0], gidset[1]);
239 osi_Free((char *)gidset, NGROUPS * sizeof(int));
246 setpag(cred_t **cr, afs_uint32 pagvalue, afs_uint32 *newpag,
253 code = __setpag(cr, pagvalue, newpag, change_parent);
255 #ifdef LINUX_KEYRING_SUPPORT
258 (void) __join_session_keyring(NULL);
260 if (current->signal->session_keyring) {
264 perm = KEY_POS_VIEW | KEY_POS_SEARCH;
265 perm |= KEY_USR_VIEW | KEY_USR_SEARCH;
267 #ifdef KEY_ALLOC_NEEDS_STRUCT_TASK
268 key = key_alloc(&key_type_afs_pag, "_pag", 0, 0, current, perm, 1);
270 key = key_alloc(&key_type_afs_pag, "_pag", 0, 0, perm, 1);
274 key_instantiate_and_link(key, (void *) newpag, sizeof(afs_uint32),
275 current->signal->session_keyring, NULL);
280 #endif /* LINUX_KEYRING_SUPPORT */
286 /* Intercept the standard system call. */
287 extern asmlinkage long (*sys_setgroupsp) (int gidsetsize, gid_t * grouplist);
289 afs_xsetgroups(int gidsetsize, gid_t * grouplist)
292 cred_t *cr = crref();
297 old_pag = PagInCred(cr);
301 code = (*sys_setgroupsp) (gidsetsize, grouplist);
308 if (old_pag != NOPAG && PagInCred(cr) == NOPAG) {
309 /* re-install old pag if there's room. */
310 code = __setpag(&cr, old_pag, &junk, 0);
315 /* Linux syscall ABI returns errno as negative */
319 #if defined(AFS_LINUX24_ENV)
320 /* Intercept the standard uid32 system call. */
321 extern asmlinkage long (*sys_setgroups32p) (int gidsetsize, gid_t * grouplist);
323 afs_xsetgroups32(int gidsetsize, gid_t * grouplist)
326 cred_t *cr = crref();
331 old_pag = PagInCred(cr);
335 code = (*sys_setgroups32p) (gidsetsize, grouplist);
343 if (old_pag != NOPAG && PagInCred(cr) == NOPAG) {
344 /* re-install old pag if there's room. */
345 code = __setpag(&cr, old_pag, &junk, 0);
350 /* Linux syscall ABI returns errno as negative */
355 #if defined(AFS_PPC64_LINUX20_ENV)
356 /* Intercept the uid16 system call as used by 32bit programs. */
357 extern long (*sys32_setgroupsp)(int gidsetsize, gid_t *grouplist);
358 asmlinkage long afs32_xsetgroups(int gidsetsize, gid_t *grouplist)
361 cred_t *cr = crref();
366 old_pag = PagInCred(cr);
370 code = (*sys32_setgroupsp)(gidsetsize, grouplist);
377 if (old_pag != NOPAG && PagInCred(cr) == NOPAG) {
378 /* re-install old pag if there's room. */
379 code = __setpag(&cr, old_pag, &junk, 0);
384 /* Linux syscall ABI returns errno as negative */
389 #if defined(AFS_SPARC64_LINUX20_ENV) || defined(AFS_AMD64_LINUX20_ENV)
390 /* Intercept the uid16 system call as used by 32bit programs. */
391 extern long (*sys32_setgroupsp) (int gidsetsize, u16 * grouplist);
393 afs32_xsetgroups(int gidsetsize, u16 * grouplist)
396 cred_t *cr = crref();
401 old_pag = PagInCred(cr);
405 code = (*sys32_setgroupsp) (gidsetsize, grouplist);
412 if (old_pag != NOPAG && PagInCred(cr) == NOPAG) {
413 /* re-install old pag if there's room. */
414 code = __setpag(&cr, old_pag, &junk, 0);
419 /* Linux syscall ABI returns errno as negative */
423 #ifdef AFS_LINUX24_ENV
424 /* Intercept the uid32 system call as used by 32bit programs. */
425 extern long (*sys32_setgroups32p) (int gidsetsize, gid_t * grouplist);
427 afs32_xsetgroups32(int gidsetsize, gid_t * grouplist)
430 cred_t *cr = crref();
435 old_pag = PagInCred(cr);
439 code = (*sys32_setgroups32p) (gidsetsize, grouplist);
446 if (old_pag != NOPAG && PagInCred(cr) == NOPAG) {
447 /* re-install old pag if there's room. */
448 code = __setpag(&cr, old_pag, &junk, 0);
453 /* Linux syscall ABI returns errno as negative */
460 #ifdef LINUX_KEYRING_SUPPORT
461 static void afs_pag_describe(const struct key *key, struct seq_file *m)
463 seq_puts(m, key->description);
465 seq_printf(m, ": %u", key->datalen);
468 static int afs_pag_instantiate(struct key *key, const void *data, size_t datalen)
471 afs_uint32 *userpag, pag = NOPAG;
474 if (key->uid != 0 || key->gid != 0)
478 get_group_info(current->group_info);
480 if (datalen != sizeof(afs_uint32) || !data)
483 if (current->group_info->ngroups < 2)
486 /* ensure key being set matches current pag */
488 g0 = GROUP_AT(current->group_info, 0);
489 g1 = GROUP_AT(current->group_info, 1);
491 pag = afs_get_pag_from_groups(g0, g1);
495 userpag = (afs_uint32 *) data;
499 key->payload.value = (unsigned long) *userpag;
500 key->datalen = sizeof(afs_uint32);
504 put_group_info(current->group_info);
508 static int afs_pag_match(const struct key *key, const void *description)
510 return strcmp(key->description, description) == 0;
513 struct key_type key_type_afs_pag =
516 .describe = afs_pag_describe,
517 .instantiate = afs_pag_instantiate,
518 .match = afs_pag_match,
521 void osi_keyring_init(void)
523 register_key_type(&key_type_afs_pag);
526 void osi_keyring_shutdown(void)
528 unregister_key_type(&key_type_afs_pag);
532 void osi_keyring_init(void)
537 void osi_keyring_shutdown(void)