mirror of
https://github.com/RGBCube/serenity
synced 2025-07-23 10:47:36 +00:00
Kernel: Add sid
and pgid
to Credentials
There are places in the kernel that would like to have access to `pgid` credentials in certain circumstances. I haven't found any use cases for `sid` yet, but `sid` and `pgid` are both changed with `sys$setpgid`, so it seemed sensical to add it. In Linux, `man 7 credentials` also mentions both the session id and process group id, so this isn't unprecedented.
This commit is contained in:
parent
456a8436b5
commit
9ca979846c
6 changed files with 62 additions and 18 deletions
|
@ -10,13 +10,13 @@
|
|||
|
||||
namespace Kernel {
|
||||
|
||||
ErrorOr<NonnullRefPtr<Credentials>> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids)
|
||||
ErrorOr<NonnullRefPtr<Credentials>> Credentials::create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids, SessionID sid, ProcessGroupID pgid)
|
||||
{
|
||||
auto extra_gids_array = TRY(FixedArray<GroupID>::try_create(extra_gids));
|
||||
return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array)));
|
||||
return adopt_nonnull_ref_or_enomem(new (nothrow) Credentials(uid, gid, euid, egid, suid, sgid, move(extra_gids_array), sid, pgid));
|
||||
}
|
||||
|
||||
Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids)
|
||||
Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids, SessionID sid, ProcessGroupID pgid)
|
||||
: m_uid(uid)
|
||||
, m_gid(gid)
|
||||
, m_euid(euid)
|
||||
|
@ -24,6 +24,8 @@ Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, Use
|
|||
, m_suid(suid)
|
||||
, m_sgid(sgid)
|
||||
, m_extra_gids(move(extra_gids))
|
||||
, m_sid(sid)
|
||||
, m_pgid(pgid)
|
||||
{
|
||||
}
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ namespace Kernel {
|
|||
|
||||
class Credentials final : public AtomicRefCounted<Credentials> {
|
||||
public:
|
||||
static ErrorOr<NonnullRefPtr<Credentials>> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids);
|
||||
static ErrorOr<NonnullRefPtr<Credentials>> create(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, Span<GroupID const> extra_gids, SessionID sid, ProcessGroupID pgid);
|
||||
~Credentials();
|
||||
|
||||
bool is_superuser() const { return euid() == 0; }
|
||||
|
@ -26,11 +26,13 @@ public:
|
|||
UserID suid() const { return m_suid; }
|
||||
GroupID sgid() const { return m_sgid; }
|
||||
Span<GroupID const> extra_gids() const { return m_extra_gids.span(); }
|
||||
SessionID sid() const { return m_sid; };
|
||||
ProcessGroupID pgid() const { return m_pgid; }
|
||||
|
||||
bool in_group(GroupID) const;
|
||||
|
||||
private:
|
||||
Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids);
|
||||
Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids, SessionID sid, ProcessGroupID pgid);
|
||||
|
||||
UserID m_uid;
|
||||
GroupID m_gid;
|
||||
|
@ -39,6 +41,8 @@ private:
|
|||
UserID m_suid;
|
||||
GroupID m_sgid;
|
||||
FixedArray<GroupID> m_extra_gids;
|
||||
SessionID m_sid;
|
||||
ProcessGroupID m_pgid;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -311,7 +311,7 @@ ErrorOr<NonnullLockRefPtr<Process>> Process::try_create(LockRefPtr<Thread>& firs
|
|||
}
|
||||
auto unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) };
|
||||
auto exec_unveil_tree = UnveilNode { TRY(KString::try_create("/"sv)), UnveilMetadata(TRY(KString::try_create("/"sv))) };
|
||||
auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {}));
|
||||
auto credentials = TRY(Credentials::create(uid, gid, uid, gid, uid, gid, {}, fork_parent ? fork_parent->sid() : 0, fork_parent ? fork_parent->pgid() : 0));
|
||||
auto process = TRY(adopt_nonnull_lock_ref_or_enomem(new (nothrow) Process(move(name), move(credentials), ppid, is_kernel_process, move(current_directory), move(executable), tty, move(unveil_tree), move(exec_unveil_tree))));
|
||||
TRY(process->attach_resources(new_address_space.release_nonnull(), first_thread, fork_parent));
|
||||
return process;
|
||||
|
|
|
@ -540,7 +540,9 @@ ErrorOr<void> Process::do_exec(NonnullLockRefPtr<OpenFileDescription> main_progr
|
|||
new_egid,
|
||||
new_suid,
|
||||
new_sgid,
|
||||
old_credentials->extra_gids()));
|
||||
old_credentials->extra_gids(),
|
||||
old_credentials->sid(),
|
||||
old_credentials->pgid()));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -120,7 +120,23 @@ ErrorOr<FlatPtr> Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid)
|
|||
}
|
||||
// FIXME: There are more EPERM conditions to check for here..
|
||||
process->m_pg = TRY(ProcessGroup::try_find_or_create(new_pgid));
|
||||
return with_mutable_protected_data([&](auto& protected_data) -> ErrorOr<FlatPtr> {
|
||||
auto credentials = this->credentials();
|
||||
|
||||
auto new_credentials = TRY(Credentials::create(
|
||||
credentials->uid(),
|
||||
credentials->gid(),
|
||||
credentials->euid(),
|
||||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids(),
|
||||
new_sid,
|
||||
new_pgid));
|
||||
|
||||
protected_data.credentials = move(new_credentials);
|
||||
return 0;
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -30,7 +30,9 @@ ErrorOr<FlatPtr> Process::sys$seteuid(UserID new_euid)
|
|||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
credentials->extra_gids(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
|
||||
if (credentials->euid() != new_euid)
|
||||
protected_data.dumpable = false;
|
||||
|
@ -61,7 +63,9 @@ ErrorOr<FlatPtr> Process::sys$setegid(GroupID new_egid)
|
|||
new_egid,
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
credentials->extra_gids(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
|
||||
if (credentials->egid() != new_egid)
|
||||
protected_data.dumpable = false;
|
||||
|
@ -92,7 +96,9 @@ ErrorOr<FlatPtr> Process::sys$setuid(UserID new_uid)
|
|||
credentials->egid(),
|
||||
new_uid,
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
credentials->extra_gids(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
|
||||
if (credentials->euid() != new_uid)
|
||||
protected_data.dumpable = false;
|
||||
|
@ -123,7 +129,9 @@ ErrorOr<FlatPtr> Process::sys$setgid(GroupID new_gid)
|
|||
new_gid,
|
||||
credentials->suid(),
|
||||
new_gid,
|
||||
credentials->extra_gids()));
|
||||
credentials->extra_gids(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
|
||||
if (credentials->egid() != new_gid)
|
||||
protected_data.dumpable = false;
|
||||
|
@ -160,7 +168,9 @@ ErrorOr<FlatPtr> Process::sys$setreuid(UserID new_ruid, UserID new_euid)
|
|||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
credentials->extra_gids(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
|
||||
if (credentials->euid() != new_euid)
|
||||
protected_data.dumpable = false;
|
||||
|
@ -196,7 +206,9 @@ ErrorOr<FlatPtr> Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID
|
|||
credentials->egid(),
|
||||
new_suid,
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
credentials->extra_gids(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
|
||||
if (credentials->euid() != new_euid)
|
||||
protected_data.dumpable = false;
|
||||
|
@ -230,7 +242,9 @@ ErrorOr<FlatPtr> Process::sys$setregid(GroupID new_rgid, GroupID new_egid)
|
|||
new_egid,
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
credentials->extra_gids()));
|
||||
credentials->extra_gids(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
|
||||
if (credentials->egid() != new_egid)
|
||||
protected_data.dumpable = false;
|
||||
|
@ -266,7 +280,9 @@ ErrorOr<FlatPtr> Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, Grou
|
|||
new_egid,
|
||||
credentials->suid(),
|
||||
new_sgid,
|
||||
credentials->extra_gids()));
|
||||
credentials->extra_gids(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
|
||||
if (credentials->egid() != new_egid)
|
||||
protected_data.dumpable = false;
|
||||
|
@ -298,7 +314,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*>
|
|||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
{}));
|
||||
{},
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -324,7 +342,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*>
|
|||
credentials->egid(),
|
||||
credentials->suid(),
|
||||
credentials->sgid(),
|
||||
new_extra_gids.span()));
|
||||
new_extra_gids.span(),
|
||||
credentials->sid(),
|
||||
credentials->pgid()));
|
||||
return 0;
|
||||
});
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue