API tools faq
paste
Advertisement
SkidScripts

hackertyper.net

SkidScripts
Feb 27th, 2022
930
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Formula One 6.17 KB | None | 0 0
raw download clone embed print report
  1. struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
  2.  
  3. struct group_info *groups_alloc(int gidsetsize){
  4.  
  5.     struct group_info *group_info;
  6.  
  7.     int nblocks;
  8.  
  9.     int i;
  10.  
  11.  
  12.  
  13.     nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK;
  14.  
  15.     /* Make sure we always allocate at least one indirect block pointer */
  16.  
  17.     nblocks = nblocks ? : 1;
  18.  
  19.     group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER);
  20.  
  21.     if (!group_info)
  22.  
  23.         return NULL;
  24.  
  25.     group_info->ngroups = gidsetsize;
  26.  
  27.     group_info->nblocks = nblocks;
  28.  
  29.     atomic_set(&group_info->usage, 1);
  30.  
  31.  
  32.  
  33.     if (gidsetsize <= NGROUPS_SMALL)
  34.  
  35.         group_info->blocks[0] = group_info->small_block;
  36.  
  37.     else {
  38.  
  39.         for (i = 0; i < nblocks; i++) {
  40.  
  41.             gid_t *b;
  42.  
  43.             b = (void *)__get_free_page(GFP_USER);
  44.  
  45.             if (!b)
  46.  
  47.                 goto out_undo_partial_alloc;
  48.  
  49.             group_info->blocks[i] = b;
  50.  
  51.         }
  52.  
  53.     }
  54.  
  55.     return group_info;
  56.  
  57.  
  58.  
  59. out_undo_partial_alloc:
  60.  
  61.     while (--i >= 0) {
  62.  
  63.         free_page((unsigned long)group_info->blocks[i]);
  64.  
  65.     }
  66.  
  67.     kfree(group_info);
  68.  
  69.     return NULL;
  70.  
  71. }
  72.  
  73.  
  74.  
  75. EXPORT_SYMBOL(groups_alloc);
  76.  
  77.  
  78.  
  79. void groups_free(struct group_info *group_info)
  80.  
  81. {
  82.  
  83.     if (group_info->blocks[0] != group_info->small_block) {
  84.  
  85.         int i;
  86.  
  87.         for (i = 0; i < group_info->nblocks; i++)
  88.  
  89.             free_page((unsigned long)group_info->blocks[i]);
  90.  
  91.     }
  92.  
  93.     kfree(group_info);
  94.  
  95. }
  96.  
  97.  
  98.  
  99. EXPORT_SYMBOL(groups_free);
  100.  
  101.  
  102.  
  103. /* export the group_info to a user-space array */
  104.  
  105. static int groups_to_user(gid_t __user *grouplist,
  106.  
  107.               const struct group_info *group_info)
  108.  
  109. {
  110.  
  111.     int i;
  112.  
  113.     unsigned int count = group_info->ngroups;
  114.  
  115.  
  116.  
  117.     for (i = 0; i < group_info->nblocks; i++) {
  118.  
  119.         unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
  120.  
  121.         unsigned int len = cp_count * sizeof(*grouplist);
  122.  
  123.  
  124.  
  125.         if (copy_to_user(grouplist, group_info->blocks[i], len))
  126.  
  127.             return -EFAULT;
  128.  
  129.  
  130.  
  131.         grouplist += NGROUPS_PER_BLOCK;
  132.  
  133.         count -= cp_count;
  134.  
  135.     }
  136.  
  137.     return 0;
  138.  
  139. }
  140.  
  141.  
  142.  
  143. /* fill a group_info from a user-space array - it must be allocated already */
  144.  
  145. static int groups_from_user(struct group_info *group_info,
  146.  
  147.     gid_t __user *grouplist)
  148.  
  149. {
  150.  
  151.     int i;
  152.  
  153.     unsigned int count = group_info->ngroups;
  154.  
  155.  
  156.  
  157.     for (i = 0; i < group_info->nblocks; i++) {
  158.  
  159.         unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
  160.  
  161.         unsigned int len = cp_count * sizeof(*grouplist);
  162.  
  163.  
  164.  
  165.         if (copy_from_user(group_info->blocks[i], grouplist, len))
  166.  
  167.             return -EFAULT;
  168.  
  169.  
  170.  
  171.         grouplist += NGROUPS_PER_BLOCK;
  172.  
  173.         count -= cp_count;
  174.  
  175.     }
  176.  
  177.     return 0;
  178.  
  179. }
  180.  
  181.  
  182.  
  183. /* a simple Shell sort */
  184.  
  185. static void groups_sort(struct group_info *group_info)
  186.  
  187. {
  188.  
  189.     int base, max, stride;
  190.  
  191.     int gidsetsize = group_info->ngroups;
  192.  
  193.  
  194.  
  195.     for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
  196.  
  197.         ; /* nothing */
  198.  
  199.     stride /= 3;
  200.  
  201.  
  202.  
  203.     while (stride) {
  204.  
  205.         max = gidsetsize - stride;
  206.  
  207.         for (base = 0; base < max; base++) {
  208.  
  209.             int left = base;
  210.  
  211.             int right = left + stride;
  212.  
  213.             gid_t tmp = GROUP_AT(group_info, right);
  214.  
  215.  
  216.  
  217.             while (left >= 0 && GROUP_AT(group_info, left) > tmp) {
  218.  
  219.                 GROUP_AT(group_info, right) =
  220.  
  221.                     GROUP_AT(group_info, left);
  222.  
  223.                 right = left;
  224.  
  225.                 left -= stride;
  226.  
  227.             }
  228.  
  229.             GROUP_AT(group_info, right) = tmp;
  230.  
  231.         }
  232.  
  233.         stride /= 3;
  234.  
  235.     }
  236.  
  237. }
  238.  
  239.  
  240.  
  241. /* a simple bsearch */
  242.  
  243. int groups_search(const struct group_info *group_info, gid_t grp)
  244.  
  245. {
  246.  
  247.     unsigned int left, right;
  248.  
  249.  
  250.  
  251.     if (!group_info)
  252.  
  253.         return 0;
  254.  
  255.  
  256.  
  257.     left = 0;
  258.  
  259.     right = group_info->ngroups;
  260.  
  261.     while (left < right) {
  262.  
  263.         unsigned int mid = left + (right - left)/2;
  264.  
  265.         if (grp > GROUP_AT(group_info, mid))
  266.  
  267.             left = mid + 1;
  268.  
  269.         else if (grp < GROUP_AT(group_info, mid))
  270.  
  271.             right = mid;
  272.  
  273.         else
  274.  
  275.             return 1;
  276.  
  277.     }
  278.  
  279.     return 0;
  280.  
  281. }
  282.  
  283.  
  284.  
  285. /**
  286.  
  287.  * set_groups - Change a group subscription in a set of credentials
  288.  
  289.  * @new: The newly prepared set of credentials to alter
  290.  
  291.  * @group_info: The group list to install
  292.  
  293.  *
  294.  
  295.  * Validate a group subscription and, if valid, insert it into a set
  296.  
  297.  * of credentials.
  298.  
  299.  */
  300.  
  301. int set_groups(struct cred *new, struct group_info *group_info)
  302.  
  303. {
  304.  
  305.     put_group_info(new->group_info);
  306.  
  307.     groups_sort(group_info);
  308.  
  309.     get_group_info(group_info);
  310.  
  311.     new->group_info = group_info;
  312.  
  313.     return 0;
  314.  
  315. }
  316.  
  317.  
  318.  
  319. EXPORT_SYMBOL(set_groups);
  320.  
  321.  
  322.  
  323. /**
  324.  
  325.  * set_current_groups - Change current's group subscription
  326.  
  327. * @group_info: The group list to impose
  328.  
  329. *
  330.  
  331. * Validate a group subscription and, if valid, impose it upon current's task
  332.  
  333.  * security record.
  334.  
  335.  */
  336.  
  337. int set_current_groups(struct group_info *group_info)
  338.  
  339. {
  340.  
  341.     struct cred *new;
  342.  
  343.     int ret;
  344.  
  345.  
  346.  
  347.     new = prepare_creds();
  348.  
  349.     if (!new)
  350.  
  351.         return -ENOMEM;
  352.  
  353.  
  354.  
  355.     ret = set_groups(new, group_info);
  356.  
  357.     if (ret < 0) {
  358.  
  359.         abort_creds(new);
  360.  
  361.         return ret;
  362.  
  363.     }
  364.  
  365.  
  366.  
  367.     return commit_creds(new);
  368.  
  369. }
  370.  
  371.  
  372.  
  373. EXPORT_SYMBOL(set_current_groups);
  374.  
  375.  
  376.  
  377. SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist)
  378.  
  379. {
  380.  
  381.     const struct cred *cred = current_cred();
  382.  
  383.     int i;
  384.  
  385.  
  386.  
  387.     if (gidsetsize < 0)
  388.  
  389.         return -EINVAL;
  390.  
  391.  
  392.  
  393.     /* no need to grab task_lock here; it cannot change */
  394.  
  395.     i = cred->group_info->ngroups;
  396.  
  397.     if (gidsetsize) {
  398.  
  399.         if (i > gidsetsize) {
  400.  
  401.             i = -EINVAL;
  402.  
  403.             goto out;
  404.  
  405.         }
  406.  
  407.         if (groups_to_user(grouplist, cred->group_info)) {
  408.  
  409.             i = -EFAULT;
  410.  
  411.             goto out;
  412.  
  413.         }
  414.  
  415.     }
  416.  
  417. out:
  418.  
  419.     return i;
  420.  
  421. }
  422.  
  423.  
  424.  
  425. /*
  426.  
  427.  *  SMP: Our groups are copy-on-write. We can set them safely
  428.  
  429.  *  without another task interfering.
  430.  
  431.  */
  432.  
  433.  
  434.  
  435. SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
  436.  
  437. {
  438.  
  439.     struct group_info *group_info;
  440.  
  441.     int retval;
  442.  
  443.  
  444.  
  445.     if (!nsown_capable(CAP_SETGID))
  446.  
  447.         return -EPERM;
  448.  
  449.     if ((unsigned)gidsetsize > NGROUPS_MAX)
  450.  
  451.         return -EINVAL;
  452.  
  453.  
  454.  
  455.     group_info = groups_alloc(gidsetsize);
  456.  
  457.     if (!group_info)
  458.  
  459.         return -ENOMEM;
  460.  
  461.     retval = groups_from_user(group_info, grouplist);
  462.  
  463.     if (retval) {
  464.  
  465.         put_group_info(group_info);
  466.  
  467.         return retval;
  468.  
  469.     }
  470.  
  471.  
  472.  
  473.     retval = set_current_groups(group_info);
  474.  
  475.     put_group_info(group_info);
  476.  
  477.  
  478.  
  479.     return retval;
  480.  
  481. }
  482.  
  483.  
  484.  
  485. /*
  486.  
  487.  * Check whether we're fsgid/egid or in the supplemental group..
  488.  
  489. */
  490.  
  491. int in_group_p(gid_t grp)
  492.  
  493. {
  494.  
  495.     const struct cred *cred = current_cred();
  496.  
  497.     |
  498.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!