1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-24 07:40:52 +00:00
freebsd/sys/rpc
Olivier Certner cfbe7a62dc
nfs, rpc: Ensure kernel credentials have at least one group
This fixes several bugs where some 'struct ucred' in the kernel,
constructed from user input (via nmount(2)) or obtained from other
servers (e.g., gssd(8)), could have an unfilled 'cr_groups' field and
whose 'cr_groups[0]' (or 'cr_gid', which is an alias) was later
accessed, causing an uninitialized access giving random access rights.

Use crsetgroups_fallback() to enforce a fallback group when possible.
For NFS, the chosen fallback group is that of the NFS server in the
current VNET (NFSD_VNET(nfsrv_defaultgid)).

There does not seem to be any sensible fallback available in rpc code
(sys/rpc/svc_auth.c, svc_getcred()) on AUTH_UNIX (TLS or not), so just
fail credential retrieval there.  Stock NSS sources, rpc.tlsservd(8) or
rpc.tlsclntd(8) provide non-empty group lists, so will not be impacted.

Discussed with: rmacklem (by mail)
Approved by:    markj (mentor)
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D46918
2024-11-02 21:37:42 +01:00
..
rpcsec_gss nfs, rpc: Ensure kernel credentials have at least one group 2024-11-02 21:37:42 +01:00
rpcsec_tls krpc: Display stats of TLS usage 2023-11-02 14:07:01 -07:00
auth_none.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
auth_unix.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
auth.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
authunix_prot.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
clnt_bck.c rpc: use new macros to lock socket buffers 2024-04-09 09:17:19 -07:00
clnt_dg.c rpc: use new macros to lock socket buffers 2024-04-09 09:17:19 -07:00
clnt_rc.c NFS: Request use of TCP_USE_DDP for in-kernel TCP sockets 2024-03-20 15:29:51 -07:00
clnt_stat.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
clnt_vc.c krpc: Ref cnt the client structures for TLS upcalls 2024-04-26 17:55:24 -07:00
clnt.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
getnetconfig.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
krpc.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
netconfig.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
nettype.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
pmap_prot.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
replay.c sys: Automated cleanup of cdefs and other formatting 2023-11-26 22:24:00 -07:00
replay.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
rpc_callmsg.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpc_com.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpc_generic.c sockets: don't malloc/free sockaddr memory on getpeername/getsockname 2023-11-30 08:31:10 -08:00
rpc_msg.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpc_prot.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpc.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpcb_clnt.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpcb_clnt.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpcb_prot.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpcb_prot.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpcm_subs.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
rpcsec_gss.h nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers 2023-10-23 13:21:14 -07:00
rpcsec_tls.h krpc: Display stats of TLS usage 2023-11-02 14:07:01 -07:00
svc_auth_unix.c sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
svc_auth.c nfs, rpc: Ensure kernel credentials have at least one group 2024-11-02 21:37:42 +01:00
svc_auth.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
svc_dg.c rpc: use new macros to lock socket buffers 2024-04-09 09:17:19 -07:00
svc_generic.c sccs: Manual changes 2023-11-26 22:23:58 -07:00
svc_vc.c rpc: use new macros to lock socket buffers 2024-04-09 09:17:19 -07:00
svc.c svc.c: Check for a non-NULL xp_socket 2024-05-27 19:22:04 -07:00
svc.h NFS: Request use of TCP_USE_DDP for in-kernel TCP sockets 2024-03-20 15:29:51 -07:00
types.h sys: Remove ancient SCCS tags. 2023-11-26 22:23:30 -07:00
xdr.h rpc: Fix the definition of xdr_void() 2024-10-30 19:27:18 +00:00