Advertisement
SkidScripts

hackertyper.net

Feb 27th, 2022
930
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. struct group_info init_groups = { .usage = ATOMIC_INIT(2) };
  2.  
  3. struct group_info *groups_alloc(int gidsetsize){
  4.  
  5.     struct group_info *group_info;
  6.  
  7.     int nblocks;
  8.  
  9.     int i;
  10.  
  11.  
  12.  
  13.     nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK;
  14.  
  15.     /* Make sure we always allocate at least one indirect block pointer */
  16.  
  17.     nblocks = nblocks ? : 1;
  18.  
  19.     group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER);
  20.  
  21.     if (!group_info)
  22.  
  23.         return NULL;
  24.  
  25.     group_info->ngroups = gidsetsize;
  26.  
  27.     group_info->nblocks = nblocks;
  28.  
  29.     atomic_set(&group_info->usage, 1);
  30.  
  31.  
  32.  
  33.     if (gidsetsize <= NGROUPS_SMALL)
  34.  
  35.         group_info->blocks[0] = group_info->small_block;
  36.  
  37.     else {
  38.  
  39.         for (i = 0; i < nblocks; i++) {
  40.  
  41.             gid_t *b;
  42.  
  43.             b = (void *)__get_free_page(GFP_USER);
  44.  
  45.             if (!b)
  46.  
  47.                 goto out_undo_partial_alloc;
  48.  
  49.             group_info->blocks[i] = b;
  50.  
  51.         }
  52.  
  53.     }
  54.  
  55.     return group_info;
  56.  
  57.  
  58.  
  59. out_undo_partial_alloc:
  60.  
  61.     while (--i >= 0) {
  62.  
  63.         free_page((unsigned long)group_info->blocks[i]);
  64.  
  65.     }
  66.  
  67.     kfree(group_info);
  68.  
  69.     return NULL;
  70.  
  71. }
  72.  
  73.  
  74.  
  75. EXPORT_SYMBOL(groups_alloc);
  76.  
  77.  
  78.  
  79. void groups_free(struct group_info *group_info)
  80.  
  81. {
  82.  
  83.     if (group_info->blocks[0] != group_info->small_block) {
  84.  
  85.         int i;
  86.  
  87.         for (i = 0; i < group_info->nblocks; i++)
  88.  
  89.             free_page((unsigned long)group_info->blocks[i]);
  90.  
  91.     }
  92.  
  93.     kfree(group_info);
  94.  
  95. }
  96.  
  97.  
  98.  
  99. EXPORT_SYMBOL(groups_free);
  100.  
  101.  
  102.  
  103. /* export the group_info to a user-space array */
  104.  
  105. static int groups_to_user(gid_t __user *grouplist,
  106.  
  107.               const struct group_info *group_info)
  108.  
  109. {
  110.  
  111.     int i;
  112.  
  113.     unsigned int count = group_info->ngroups;
  114.  
  115.  
  116.  
  117.     for (i = 0; i < group_info->nblocks; i++) {
  118.  
  119.         unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
  120.  
  121.         unsigned int len = cp_count * sizeof(*grouplist);
  122.  
  123.  
  124.  
  125.         if (copy_to_user(grouplist, group_info->blocks[i], len))
  126.  
  127.             return -EFAULT;
  128.  
  129.  
  130.  
  131.         grouplist += NGROUPS_PER_BLOCK;
  132.  
  133.         count -= cp_count;
  134.  
  135.     }
  136.  
  137.     return 0;
  138.  
  139. }
  140.  
  141.  
  142.  
  143. /* fill a group_info from a user-space array - it must be allocated already */
  144.  
  145. static int groups_from_user(struct group_info *group_info,
  146.  
  147.     gid_t __user *grouplist)
  148.  
  149. {
  150.  
  151.     int i;
  152.  
  153.     unsigned int count = group_info->ngroups;
  154.  
  155.  
  156.  
  157.     for (i = 0; i < group_info->nblocks; i++) {
  158.  
  159.         unsigned int cp_count = min(NGROUPS_PER_BLOCK, count);
  160.  
  161.         unsigned int len = cp_count * sizeof(*grouplist);
  162.  
  163.  
  164.  
  165.         if (copy_from_user(group_info->blocks[i], grouplist, len))
  166.  
  167.             return -EFAULT;
  168.  
  169.  
  170.  
  171.         grouplist += NGROUPS_PER_BLOCK;
  172.  
  173.         count -= cp_count;
  174.  
  175.     }
  176.  
  177.     return 0;
  178.  
  179. }
  180.  
  181.  
  182.  
  183. /* a simple Shell sort */
  184.  
  185. static void groups_sort(struct group_info *group_info)
  186.  
  187. {
  188.  
  189.     int base, max, stride;
  190.  
  191.     int gidsetsize = group_info->ngroups;
  192.  
  193.  
  194.  
  195.     for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1)
  196.  
  197.         ; /* nothing */
  198.  
  199.     stride /= 3;
  200.  
  201.  
  202.  
  203.     while (stride) {
  204.  
  205.         max = gidsetsize - stride;
  206.  
  207.         for (base = 0; base < max; base++) {
  208.  
  209.             int left = base;
  210.  
  211.             int right = left + stride;
  212.  
  213.             gid_t tmp = GROUP_AT(group_info, right);
  214.  
  215.  
  216.  
  217.             while (left >= 0 && GROUP_AT(group_info, left) > tmp) {
  218.  
  219.                 GROUP_AT(group_info, right) =
  220.  
  221.                     GROUP_AT(group_info, left);
  222.  
  223.                 right = left;
  224.  
  225.                 left -= stride;
  226.  
  227.             }
  228.  
  229.             GROUP_AT(group_info, right) = tmp;
  230.  
  231.         }
  232.  
  233.         stride /= 3;
  234.  
  235.     }
  236.  
  237. }
  238.  
  239.  
  240.  
  241. /* a simple bsearch */
  242.  
  243. int groups_search(const struct group_info *group_info, gid_t grp)
  244.  
  245. {
  246.  
  247.     unsigned int left, right;
  248.  
  249.  
  250.  
  251.     if (!group_info)
  252.  
  253.         return 0;
  254.  
  255.  
  256.  
  257.     left = 0;
  258.  
  259.     right = group_info->ngroups;
  260.  
  261.     while (left < right) {
  262.  
  263.         unsigned int mid = left + (right - left)/2;
  264.  
  265.         if (grp > GROUP_AT(group_info, mid))
  266.  
  267.             left = mid + 1;
  268.  
  269.         else if (grp < GROUP_AT(group_info, mid))
  270.  
  271.             right = mid;
  272.  
  273.         else
  274.  
  275.             return 1;
  276.  
  277.     }
  278.  
  279.     return 0;
  280.  
  281. }
  282.  
  283.  
  284.  
  285. /**
  286.  
  287.  * set_groups - Change a group subscription in a set of credentials
  288.  
  289.  * @new: The newly prepared set of credentials to alter
  290.  
  291.  * @group_info: The group list to install
  292.  
  293.  *
  294.  
  295.  * Validate a group subscription and, if valid, insert it into a set
  296.  
  297.  * of credentials.
  298.  
  299.  */
  300.  
  301. int set_groups(struct cred *new, struct group_info *group_info)
  302.  
  303. {
  304.  
  305.     put_group_info(new->group_info);
  306.  
  307.     groups_sort(group_info);
  308.  
  309.     get_group_info(group_info);
  310.  
  311.     new->group_info = group_info;
  312.  
  313.     return 0;
  314.  
  315. }
  316.  
  317.  
  318.  
  319. EXPORT_SYMBOL(set_groups);
  320.  
  321.  
  322.  
  323. /**
  324.  
  325.  * set_current_groups - Change current's group subscription
  326.  
  327. * @group_info: The group list to impose
  328.  
  329. *
  330.  
  331. * Validate a group subscription and, if valid, impose it upon current's task
  332.  
  333.  * security record.
  334.  
  335.  */
  336.  
  337. int set_current_groups(struct group_info *group_info)
  338.  
  339. {
  340.  
  341.     struct cred *new;
  342.  
  343.     int ret;
  344.  
  345.  
  346.  
  347.     new = prepare_creds();
  348.  
  349.     if (!new)
  350.  
  351.         return -ENOMEM;
  352.  
  353.  
  354.  
  355.     ret = set_groups(new, group_info);
  356.  
  357.     if (ret < 0) {
  358.  
  359.         abort_creds(new);
  360.  
  361.         return ret;
  362.  
  363.     }
  364.  
  365.  
  366.  
  367.     return commit_creds(new);
  368.  
  369. }
  370.  
  371.  
  372.  
  373. EXPORT_SYMBOL(set_current_groups);
  374.  
  375.  
  376.  
  377. SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist)
  378.  
  379. {
  380.  
  381.     const struct cred *cred = current_cred();
  382.  
  383.     int i;
  384.  
  385.  
  386.  
  387.     if (gidsetsize < 0)
  388.  
  389.         return -EINVAL;
  390.  
  391.  
  392.  
  393.     /* no need to grab task_lock here; it cannot change */
  394.  
  395.     i = cred->group_info->ngroups;
  396.  
  397.     if (gidsetsize) {
  398.  
  399.         if (i > gidsetsize) {
  400.  
  401.             i = -EINVAL;
  402.  
  403.             goto out;
  404.  
  405.         }
  406.  
  407.         if (groups_to_user(grouplist, cred->group_info)) {
  408.  
  409.             i = -EFAULT;
  410.  
  411.             goto out;
  412.  
  413.         }
  414.  
  415.     }
  416.  
  417. out:
  418.  
  419.     return i;
  420.  
  421. }
  422.  
  423.  
  424.  
  425. /*
  426.  
  427.  *  SMP: Our groups are copy-on-write. We can set them safely
  428.  
  429.  *  without another task interfering.
  430.  
  431.  */
  432.  
  433.  
  434.  
  435. SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
  436.  
  437. {
  438.  
  439.     struct group_info *group_info;
  440.  
  441.     int retval;
  442.  
  443.  
  444.  
  445.     if (!nsown_capable(CAP_SETGID))
  446.  
  447.         return -EPERM;
  448.  
  449.     if ((unsigned)gidsetsize > NGROUPS_MAX)
  450.  
  451.         return -EINVAL;
  452.  
  453.  
  454.  
  455.     group_info = groups_alloc(gidsetsize);
  456.  
  457.     if (!group_info)
  458.  
  459.         return -ENOMEM;
  460.  
  461.     retval = groups_from_user(group_info, grouplist);
  462.  
  463.     if (retval) {
  464.  
  465.         put_group_info(group_info);
  466.  
  467.         return retval;
  468.  
  469.     }
  470.  
  471.  
  472.  
  473.     retval = set_current_groups(group_info);
  474.  
  475.     put_group_info(group_info);
  476.  
  477.  
  478.  
  479.     return retval;
  480.  
  481. }
  482.  
  483.  
  484.  
  485. /*
  486.  
  487.  * Check whether we're fsgid/egid or in the supplemental group..
  488.  
  489. */
  490.  
  491. int in_group_p(gid_t grp)
  492.  
  493. {
  494.  
  495.     const struct cred *cred = current_cred();
  496.  
  497.     |
  498.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement