From cd84c82c6ad73c804b828bad9caec176e41ab79d Mon Sep 17 00:00:00 2001
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
Date: Sun, 7 Feb 2021 21:29:32 +0000
Subject: [PATCH] linux: add support for SO_PEERGROUPS

The su(8) and sudo(8) from Ubuntu Bionic use it.

Sponsored By:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28165
---
 sys/compat/linux/linux_socket.c | 46 ++++++++++++++++++++++++++++++++-
 sys/compat/linux/linux_socket.h |  1 +
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c
index a4c5bf0b581e..e9f95098a407 100644
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@@ -1863,6 +1863,43 @@ linux_setsockopt(struct thread *td, struct linux_setsockopt_args *args)
 	return (error);
 }
 
+static int
+linux_getsockopt_so_peergroups(struct thread *td,
+    struct linux_getsockopt_args *args)
+{
+	struct xucred xu;
+	socklen_t xulen, len;
+	int error, i;
+
+	xulen = sizeof(xu);
+	error = kern_getsockopt(td, args->s, 0,
+	    LOCAL_PEERCRED, &xu, UIO_SYSSPACE, &xulen);
+	if (error != 0)
+		return (error);
+
+	len = xu.cr_ngroups * sizeof(l_gid_t);
+	if (args->optlen < len) {
+		error = copyout(&len, PTRIN(args->optlen), sizeof(len));
+		if (error == 0)
+			error = ERANGE;
+		return (error);
+	}
+
+	/*
+	 * "- 1" to skip the primary group.
+	 */
+	for (i = 0; i < xu.cr_ngroups - 1; i++) {
+		error = copyout(xu.cr_groups + i + 1,
+		    (void *)(args->optval + i * sizeof(l_gid_t)),
+		    sizeof(l_gid_t));
+		if (error != 0)
+			return (error);
+	}
+
+	error = copyout(&len, PTRIN(args->optlen), sizeof(len));
+	return (error);
+}
+
 static int
 linux_getsockopt_so_peersec(struct thread *td,
     struct linux_getsockopt_args *args)
@@ -1899,8 +1936,15 @@ linux_getsockopt(struct thread *td, struct linux_getsockopt_args *args)
 	level = linux_to_bsd_sockopt_level(args->level);
 	switch (level) {
 	case SOL_SOCKET:
-		if (args->optname == LINUX_SO_PEERSEC)
+		switch (args->optname) {
+		case LINUX_SO_PEERGROUPS:
+			return (linux_getsockopt_so_peergroups(td, args));
+		case LINUX_SO_PEERSEC:
 			return (linux_getsockopt_so_peersec(td, args));
+		default:
+			break;
+		}
+
 		name = linux_to_bsd_so_sockopt(args->optname);
 		switch (name) {
 		case LOCAL_CREDS_PERSISTENT:
diff --git a/sys/compat/linux/linux_socket.h b/sys/compat/linux/linux_socket.h
index 32a19a348312..398f184c5e81 100644
--- a/sys/compat/linux/linux_socket.h
+++ b/sys/compat/linux/linux_socket.h
@@ -199,6 +199,7 @@ int linux_accept(struct thread *td, struct linux_accept_args *args);
 #define	LINUX_SO_SNDBUFFORCE	32
 #define	LINUX_SO_RCVBUFFORCE	33
 #define	LINUX_SO_PROTOCOL	38
+#define	LINUX_SO_PEERGROUPS	59
 
 /* Socket options */
 #define	LINUX_IP_TOS		1