Page MenuHomeFreeBSD
Files F154723557

D52282.id161248.diff
No OneTemporary
Actions

D52282.id161248.diff
View Options

diff --git a/lib/libc/gen/initgroups.3 b/lib/libc/gen/initgroups.3
--- a/lib/libc/gen/initgroups.3
+++ b/lib/libc/gen/initgroups.3
@@ -1,5 +1,13 @@
+.\"-
+.\" SPDX-License-Identifier: BSD-3-Clause
+.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
+.\" Copyright (c) 2025 The FreeBSD Foundation
+.\"
+.\" Portions of this documentation were written by Olivier Certner
+.\" <olce.freebsd@certner.fr> at Kumacom SARL under sponsorship from the FreeBSD
+.\" Foundation.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
@@ -25,12 +33,12 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd October 26, 2014
+.Dd August 29, 2025
.Dt INITGROUPS 3
.Os
.Sh NAME
.Nm initgroups
-.Nd initialize group access list
+.Nd initialize the current process' effective group list
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
@@ -40,19 +48,17 @@
.Sh DESCRIPTION
The
.Fn initgroups
-function
-uses the
+function first uses the
.Xr getgrouplist 3
-function to calculate the group access list for the user
-specified in
+function to retrieve the effective group list for the user specified in
.Fa name .
-This group list is then setup for the current process using
-.Xr setgroups 2 .
-The
+It then sets the effective GID
+.Po
+to
.Fa basegid
-is automatically included in the groups list.
-Typically this value is given as
-the group number from the password file.
+.Pc
+and the supplementary groups atomically via
+.Xr setcred 2 .
.Sh RETURN VALUES
.Rv -std initgroups
.Sh ERRORS
@@ -60,8 +66,14 @@
.Fn initgroups
function may fail and set
.Va errno
-for any of the errors specified for the library function
-.Xr setgroups 2 .
+for any of the errors specified for the
+.Xr setcred 2
+system call.
+One can look more specifically at the errors specified for the
+.Xr setegid 2
+and
+.Xr setgroups 2
+system calls.
It may also return:
.Bl -tag -width Er
.It Bq Er ENOMEM
@@ -70,6 +82,8 @@
function was unable to allocate temporary storage.
.El
.Sh SEE ALSO
+.Xr setcred 2 ,
+.Xr setegid 2 ,
.Xr setgroups 2 ,
.Xr getgrouplist 3
.Sh HISTORY
diff --git a/lib/libc/gen/initgroups.c b/lib/libc/gen/initgroups.c
--- a/lib/libc/gen/initgroups.c
+++ b/lib/libc/gen/initgroups.c
@@ -3,6 +3,11 @@
*
* Copyright (c) 1983, 1993
* The Regents of the University of California. All rights reserved.
+ * Copyright (c) 2025 The FreeBSD Foundation
+ *
+ * Portions of this software were developed by Olivier Certner
+ * <olce.freebsd@certner.fr> at Kumacom SARL under sponsorship from the FreeBSD
+ * Foundation.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,34 +34,43 @@
* SUCH DAMAGE.
*/
-#include <sys/param.h>
+#include <sys/errno.h>
+#include <sys/ucred.h>
#include "namespace.h"
#include <err.h>
#include "un-namespace.h"
-#include <errno.h>
-#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int
initgroups(const char *uname, gid_t agroup)
{
- int ngroups, ret;
- long ngroups_max;
+ struct setcred wcred = SETCRED_INITIALIZER;
gid_t *groups;
+ long ngroups_max;
+ int ngroups, ret;
/*
* Provide space for one group more than possible to allow
* setgroups to fail and set errno.
*/
ngroups_max = sysconf(_SC_NGROUPS_MAX) + 2;
- if ((groups = malloc(sizeof(*groups) * ngroups_max)) == NULL)
+ groups = malloc(sizeof(*groups) * ngroups_max);
+ if (groups == NULL)
return (ENOMEM);
ngroups = (int)ngroups_max;
getgrouplist(uname, agroup, groups, &ngroups);
- ret = setgroups(ngroups, groups);
+
+ wcred.sc_gid = agroup;
+ /* setcred() will catch 'ngroups < 1' (bug in name service). */
+ wcred.sc_supp_groups_nb = ngroups - 1;
+ wcred.sc_supp_groups = groups + 1;
+
+ ret = setcred(SETCREDF_GID | SETCREDF_SUPP_GROUPS,
+ &wcred, sizeof(wcred));
+
free(groups);
return (ret);
}

File Metadata

Mime Type
text/plain
Expires
Thu, Apr 30, 7:40 AM (1 h, 29 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
32472433
Default Alt Text
D52282.id161248.diff (3 KB)

Event Timeline