On Mon, Jun 04, 2018 at 10:23:14AM +0200, Martin Pieuchot wrote:
> On 04/06/18(Mon) 14:26, Helg wrote:
> > Hi Ports,
> >
> > I have an upcoming patch to FUSE that passes the current process tid,
> > uid, gid and umask to the file system. This has highlighted a bug in the
> > port where the groupmember() function in libntfs-3g/security.c assumes
> > it's runing on Linux where thread information is available in /proc.
> >
> > This diff adds an OpenBSD specific implementation of this function.
>
> We should refrain linking to libkvm. In this particular case you should
> be able to call the KERN_PROC sysctl(2) directly.
I've completely rewritten the patch to use sysctl(2) instead.
ok?
Index: patches/patch-libntfs-3g_security_c
===================================================================
RCS file: patches/patch-libntfs-3g_security_c
diff -N patches/patch-libntfs-3g_security_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-libntfs-3g_security_c 4 Jun 2018 14:03:42 -0000
@@ -0,0 +1,85 @@
+$OpenBSD$
+
+Index: libntfs-3g/security.c
+--- libntfs-3g/security.c.orig
++++ libntfs-3g/security.c
+@@ -47,6 +47,10 @@
+ #ifdef HAVE_SYS_STAT_H
+ #include <sys/stat.h>
+ #endif
++#ifdef __OpenBSD__
++#include <sys/sysctl.h>
++#include <sys/types.h>
++#endif
+
+ #include <unistd.h>
+ #include <pwd.h>
+@@ -1228,6 +1232,68 @@ static BOOL groupmember(struct SECURITY_CONTEXT *scx,
+ close(fd);
+ }
+ }
++ return (ismember);
++}
++
++#elif defined(__OpenBSD__)
++
++static BOOL groupmember(struct SECURITY_CONTEXT *scx, uid_t uid, gid_t gid)
++{
++ struct kinfo_proc *kp;
++ size_t size;
++ int mib[6];
++ int ip, ig;
++ int pcnt;
++ gid_t *g;
++ pid_t tid;
++ BOOL ismember;
++
++ if (scx->vol->secure_flags & (1 << SECURITY_STATICGRPS))
++ ismember = staticgroupmember(scx, uid, gid);
++ else {
++ ismember = FALSE; /* default return */
++ tid = scx->tid;
++ mib[0] = CTL_KERN;
++ mib[1] = KERN_PROC;
++ mib[2] = KERN_PROC_ALL | KERN_PROC_SHOW_THREADS;
++ mib[3] = 0;
++ mib[4] = sizeof(struct kinfo_proc);
++ mib[5] = 0;
++ if (sysctl(mib, 6, NULL, &size, NULL, 0) == -1)
++ ntfs_log_error("Could not get size of process table: "
++ "%s\n", strerror(errno));
++ else {
++ mib[5] = size / sizeof(struct kinfo_proc);
++ kp = malloc(size);
++ if ((kp == NULL) ||
++ (sysctl(mib, 6, kp, &size, NULL, 0) == -1))
++ ntfs_log_error("Could not get process table: "
++ "%s\n", strerror(errno));
++ else {
++ pcnt = size / sizeof(struct kinfo_proc);
++ ip = 0;
++ while ((kp[ip].p_tid != tid) && (ip < pcnt))
++ ip++;
++
++ if (ip < pcnt) {
++ if (kp[ip].p_gid == gid)
++ ismember = TRUE;
++ g = kp[ip].p_groups;
++ ig = 0;
++ while (!ismember
++ && (ig < kp[ip].p_ngroups)
++ && (*g != gid)) {
++ ig++;
++ g++;
++ }
++ if (ig < kp[ip].p_ngroups)
++ ismember = TRUE;
++ }
++ free(kp);
++ }
++ }
++ }
++
+ return (ismember);
+ }
+
