From 5e24220c3d500c971e876e6805e3e46b91bad2e6 Mon Sep 17 00:00:00 2001 From: Antoine Verheijen Date: Mon, 3 May 2010 15:04:20 -0600 Subject: [PATCH] OpenBSD: Fix bug in setpag() when group list is empty In OpenBSD, the PAG uses the 2nd and 3rd group slots in the task's group list. If an application sets en empty group list (such as Samba does), any existing PAG is lost and any new one is NOT set because the existing code will set the new group count to 2 instead of 3, and it leaves the first group entry as garbage (whatever random value the memory contained), thereby totally messing up the task's group list. This patch fixes it so that it behaves as expected. Change-Id: Ia718d55cbaad8ed372fba926dbfcb5db52ea684a Reviewed-on: http://gerrit.openafs.org/1898 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/afs/OBSD/osi_groups.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/afs/OBSD/osi_groups.c b/src/afs/OBSD/osi_groups.c index cb8e1d93a7..e26088f19d 100644 --- a/src/afs/OBSD/osi_groups.c +++ b/src/afs/OBSD/osi_groups.c @@ -81,6 +81,16 @@ setpag(struct proc *proc, struct ucred **cred, afs_uint32 pagvalue, AFS_STATCNT(setpag); ngroups = afs_getgroups(*cred, NGROUPS, gidset); + /* + * If the group list is empty, use the task's primary group as the group + * list. Otherwise, when setting the PAG, group 0 will be set to arbitrary + * gibberish and the PAG, which starts at group offset 1, will not be + * properly set because the group count will be wrong (2 instead of 3). + */ + if (ngroups == 0) { + gidset[0] = (*cred)->cr_gid; + ngroups = 1; + } if (afs_get_pag_from_groups(gidset[1], gidset[2]) == NOPAG) { /* We will have to shift grouplist to make room for pag */ if (ngroups + 2 > NGROUPS) {