From 665e898d581cd518ee47a0bc385a6df75961f2fc Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Thu, 24 Jul 2025 09:59:07 -0500 Subject: [PATCH] rpc.lockd: avoid embedding assumptions about cr_groups[0] sys/ucred.h provides a cr_gid macro that should be used to reference the egid element of an xucred, so let's use that. While we're here, avoid assuming that the first element is the egid and include it in the group list unless it is actually the egid. This is not a functional change today: the egid is always the first group in the list, but we may want to consider changing that some day. Reviewed by: olce Differential Revision: https://reviews.freebsd.org/D51151 --- usr.sbin/rpc.lockd/kern.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/usr.sbin/rpc.lockd/kern.c b/usr.sbin/rpc.lockd/kern.c index c24b81159ea5..1945bd68328a 100644 --- a/usr.sbin/rpc.lockd/kern.c +++ b/usr.sbin/rpc.lockd/kern.c @@ -39,6 +39,7 @@ #include #include +#include #include #include #include @@ -232,17 +233,29 @@ void set_auth(CLIENT *cl, struct xucred *xucred) { int ngroups; + gid_t *groups; - ngroups = xucred->cr_ngroups - 1; + /* + * Exclude the first element if it is actually the egid, but account for + * the possibility that we could eventually exclude the egid from the + * exported group list some day. + */ + ngroups = xucred->cr_ngroups; + groups = &xucred->cr_groups[0]; + if (groups == &xucred->cr_gid) { + assert(ngroups > 0); + ngroups--; + groups++; + } if (ngroups > NGRPS) ngroups = NGRPS; if (cl->cl_auth != NULL) cl->cl_auth->ah_ops->ah_destroy(cl->cl_auth); cl->cl_auth = authunix_create(hostname, xucred->cr_uid, - xucred->cr_groups[0], + xucred->cr_gid, ngroups, - &xucred->cr_groups[1]); + groups); }