From nobody Thu Jul 24 14:59:22 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bnvKk6XMCz62rJb; Thu, 24 Jul 2025 14:59:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bnvKk47jwz3V4T; Thu, 24 Jul 2025 14:59:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753369162; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z4HzgT5zfPTB9iS6hE+575v4cNccH/f89tQ7/h5Vn9I=; b=uvTlP8lrkBcAlb1yO4RpgOVq89uQ+JOnwVXlZxZxvlibW9fr7/SXlLcUYHjwAI5vibzF0W wFQ9zMvEDUCKwvtHOTiV/1UM5v4vRTEC3JL8bGwySH1L+7Jy+r9kwPW+nzBXJ6rX+LnABf Mmz/L/ls9XeLzM3Yf5P/ic3WlYvyjXAxtw7lTLob7lACzy8i+476OJGlpLfxkKxOLh8ati 1MQyTWsovJeMPCfN3C0eTpEur2UTzLVTGhrI+W09yZlXKGJAGQxN7OJO634vEDWvVsxP+L +JbxYQydTQxln3vJK1GeqonOp3jOTvO0ZdkjvlYc/6MiA0Zb6OpXX8M67Utv5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753369162; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z4HzgT5zfPTB9iS6hE+575v4cNccH/f89tQ7/h5Vn9I=; b=k+vjdjCbRsDQcSFAL1lQVJS5A8H7nlPYo7tNCGtWKJl2vZmsDEPPC0XaF9gExO4XpS2tG4 O38tHVS42qQqbQKqhdKcreZtOvY9fxeFu7xtCsvZrcUZNuPqGc6tIAXH+akvtIkQT+dLN/ XjB8RRyDBz/qnWDnUD2xaQRZa2O+8IS4Ull7Y5sLU1mNzM4M4dwXHqEQYjiCZScOuJL5Vt Nadlu2QLlXLijIPuHXVmnDeq2yIWSHJnbD+xDuqoIwtMec4c43WvdGD1GgO2OT4SMZYXmL xnq1zUimfjA+tH3OYDRLjRH33Flhp1MN4y7tQ9yXj90tIdfeFzVYGHpJpIeO9A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1753369162; a=rsa-sha256; cv=none; b=i79fdhmHrHeXQhsVK4Oj1ysD6amrDOdGX/LzV8nroKr9ULMT9NN+GkPo4QqcBNQqjOA91z YppTEQvkw8Q6rFXLleaUiU9scZLcbpmTsVWeetUmnU+IA28LF3MaAp3o669KJl/6E5sioA IlQTTnXjMkY3xEEyc9Nv5LEYin7+3QxMwibf2Ec0Ig2/WJ4nxWgKtd3MD5x/FV7I9MALk/ hdG8eFD56lwFYAXdI0DLKni+6DRqdVbfUUwMw07VjfzxSDR6e06d2fC9II609uVcWL1Y0M 3S3pKSWmlVgn+ZrvSSA1mHlbkjwz4y8M5uTPcZc3zgeJ1LkatsazHV/2hOJciA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bnvKk3Zxsz13T5; Thu, 24 Jul 2025 14:59:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 56OExM3Q011249; Thu, 24 Jul 2025 14:59:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 56OExM69011246; Thu, 24 Jul 2025 14:59:22 GMT (envelope-from git) Date: Thu, 24 Jul 2025 14:59:22 GMT Message-Id: <202507241459.56OExM69011246@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 665e898d581c - main - rpc.lockd: avoid embedding assumptions about cr_groups[0] List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 665e898d581cd518ee47a0bc385a6df75961f2fc Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=665e898d581cd518ee47a0bc385a6df75961f2fc commit 665e898d581cd518ee47a0bc385a6df75961f2fc Author: Kyle Evans AuthorDate: 2025-07-24 14:59:07 +0000 Commit: Kyle Evans CommitDate: 2025-07-24 14:59:07 +0000 rpc.lockd: avoid embedding assumptions about cr_groups[0] sys/ucred.h provides a cr_gid macro that should be used to reference the egid element of an xucred, so let's use that. While we're here, avoid assuming that the first element is the egid and include it in the group list unless it is actually the egid. This is not a functional change today: the egid is always the first group in the list, but we may want to consider changing that some day. Reviewed by: olce Differential Revision: https://reviews.freebsd.org/D51151 --- usr.sbin/rpc.lockd/kern.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/usr.sbin/rpc.lockd/kern.c b/usr.sbin/rpc.lockd/kern.c index c24b81159ea5..1945bd68328a 100644 --- a/usr.sbin/rpc.lockd/kern.c +++ b/usr.sbin/rpc.lockd/kern.c @@ -39,6 +39,7 @@ #include #include +#include #include #include #include @@ -232,17 +233,29 @@ void set_auth(CLIENT *cl, struct xucred *xucred) { int ngroups; + gid_t *groups; - ngroups = xucred->cr_ngroups - 1; + /* + * Exclude the first element if it is actually the egid, but account for + * the possibility that we could eventually exclude the egid from the + * exported group list some day. + */ + ngroups = xucred->cr_ngroups; + groups = &xucred->cr_groups[0]; + if (groups == &xucred->cr_gid) { + assert(ngroups > 0); + ngroups--; + groups++; + } if (ngroups > NGRPS) ngroups = NGRPS; if (cl->cl_auth != NULL) cl->cl_auth->ah_ops->ah_destroy(cl->cl_auth); cl->cl_auth = authunix_create(hostname, xucred->cr_uid, - xucred->cr_groups[0], + xucred->cr_gid, ngroups, - &xucred->cr_groups[1]); + groups); }