linux: add support for SO_PEERGROUPS

The su(8) and sudo(8) from Ubuntu Bionic use it. Sponsored By: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D28165
2021-02-07 21:29:32 +00:00 · 2021-02-07 21:29:32 +00:00 · cd84c82c6a
commit cd84c82c6a
parent eb8bf6bb42
2 changed files with 46 additions and 1 deletions
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@ -1863,6 +1863,43 @@ linux_setsockopt(struct thread *td, struct linux_setsockopt_args *args)
 	return (error);
 }

+static int
+linux_getsockopt_so_peergroups(struct thread *td,
+    struct linux_getsockopt_args *args)
+{
+	struct xucred xu;
+	socklen_t xulen, len;
+	int error, i;
+
+	xulen = sizeof(xu);
+	error = kern_getsockopt(td, args->s, 0,
+	    LOCAL_PEERCRED, &xu, UIO_SYSSPACE, &xulen);
+	if (error != 0)
+		return (error);
+
+	len = xu.cr_ngroups * sizeof(l_gid_t);
+	if (args->optlen < len) {
+		error = copyout(&len, PTRIN(args->optlen), sizeof(len));
+		if (error == 0)
+			error = ERANGE;
+		return (error);
+	}
+
+	/*
+	 * "- 1" to skip the primary group.
+	 */
+	for (i = 0; i < xu.cr_ngroups - 1; i++) {
+		error = copyout(xu.cr_groups + i + 1,
+		    (void *)(args->optval + i * sizeof(l_gid_t)),
+		    sizeof(l_gid_t));
+		if (error != 0)
+			return (error);
+	}
+
+	error = copyout(&len, PTRIN(args->optlen), sizeof(len));
+	return (error);
+}
+
 static int
 linux_getsockopt_so_peersec(struct thread *td,
    struct linux_getsockopt_args *args)
@ -1899,8 +1936,15 @@ linux_getsockopt(struct thread *td, struct linux_getsockopt_args *args)
 	level = linux_to_bsd_sockopt_level(args->level);
 	switch (level) {
 	case SOL_SOCKET:
-		if (args->optname == LINUX_SO_PEERSEC)
+		switch (args->optname) {
+		case LINUX_SO_PEERGROUPS:
+			return (linux_getsockopt_so_peergroups(td, args));
+		case LINUX_SO_PEERSEC:
 			return (linux_getsockopt_so_peersec(td, args));
+		default:
+			break;
+		}
+
 		name = linux_to_bsd_so_sockopt(args->optname);
 		switch (name) {
 		case LOCAL_CREDS_PERSISTENT:
--- a/sys/compat/linux/linux_socket.h
+++ b/sys/compat/linux/linux_socket.h
@ -199,6 +199,7 @@ int linux_accept(struct thread *td, struct linux_accept_args *args);
 #define	LINUX_SO_SNDBUFFORCE	32
 #define	LINUX_SO_RCVBUFFORCE	33
 #define	LINUX_SO_PROTOCOL	38
+#define	LINUX_SO_PEERGROUPS	59

 /* Socket options */
 #define	LINUX_IP_TOS		1