2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
16 #include <afsconfig.h>
17 #include "afs/param.h"
20 #include "afs/sysincludes.h"
21 #include "afsincludes.h"
22 #include "afs/afs_stats.h" /* statistics */
26 afs_getgroups(struct ucred *cred, int ngroups, gid_t * gidset);
29 afs_setgroups(struct ucred **cred, int ngroups, gid_t * gidset,
34 setgroups(ngroups, gidset)
43 AFS_STATCNT(afs_xsetgroups);
47 code = afs_InitReq(&treq, credp);
53 code = osetgroups(ngroups, gidset);
55 /* Note that if there is a pag already in the new groups we don't
56 * overwrite it with the old pag.
61 if (PagInCred(credp) == NOPAG) {
62 if (((treq.uid >> 24) & 0xff) == 'A') {
64 AddPag(treq.uid, &credp);
69 /* If AddPag() didn't make a new cred, then free our cred ref */
70 if (credp == credp0) {
78 setpag(cred, pagvalue, newpag, change_parent)
82 afs_uint32 change_parent;
84 gid_t gidset[NGROUPS];
90 ngroups = afs_getgroups(*cred, NGROUPS, gidset);
91 if (afs_get_pag_from_groups(gidset[0], gidset[1]) == NOPAG) {
92 /* We will have to shift grouplist to make room for pag */
93 if (ngroups + 2 > NGROUPS) {
94 return (setuerror(E2BIG), E2BIG);
96 for (j = ngroups - 1; j >= 0; j--) {
97 gidset[j + 2] = gidset[j];
102 *newpag = (pagvalue == -1 ? genpag() : pagvalue);
105 code = kcred_setpag(*cred, PAG_AFS, *newpag);
107 struct ucred *newcr = crdup(*cred);
110 code = kcred_setpag(newcr, PAG_AFS, *newpag);
114 afs_get_groups_from_pag(*newpag, &gidset[0], &gidset[1]);
115 if (code = afs_setgroups(cred, ngroups, gidset, change_parent)) {
116 return (setuerror(code), code);
123 #ifndef AFS_AIX51_ENV
125 afs_getgroups(struct ucred *cred, int ngroups, gid_t * gidset)
127 int ngrps, savengrps;
130 gidset[0] = gidset[1] = 0;
131 AFS_STATCNT(afs_getgroups);
133 savengrps = ngrps = MIN(ngroups, cred->cr_ngrps);
134 gp = cred->cr_groups;
140 /* the caller is responsible for checking that ngroups <= NGROUPS */
143 copy_to_cred(newcr, ngroups, gidset)
151 newngroups = ngroups;
152 gp = newcr->cr_groups;
155 newcr->cr_ngrps = newngroups;
159 * If change_parent is true, then we want to affect the parent process as well
160 * as the current process. We do this by writing into the given cred, on
161 * the assumption that it is shared with the parent process.
163 * Note that it is important that we do NOT actually do anything to the
164 * parent process, because the NFS/AFS translator uses this routine to
165 * write into a given cred, and it has no intention of affecting the parent
168 * If change_parent is false, then we want to affect only the current process.
172 afs_setgroups(struct ucred **cred, int ngroups, gid_t * gidset,
175 AFS_STATCNT(afs_setgroups);
177 if (ngroups > NGROUPS)
183 * klog -setpag goes through this code to change the cred
184 * shared with the parent process. Historically this did
185 * not work on AIX, but the problem in AIX has now been
188 * The NFS/AFS translator also uses this code in order to
189 * write into a given cred; it certainly doesn't use it
190 * in order to affect any other process.
192 copy_to_cred(*cred, ngroups, gidset);
196 struct ucred *newcr = crdup(*cred);
198 copy_to_cred(newcr, ngroups, gidset);