linux-sg2042/arch/mn10300
David Herrmann 28b5ba2aa0 net: introduce SO_PEERGROUPS getsockopt
This adds the new getsockopt(2) option SO_PEERGROUPS on SOL_SOCKET to
retrieve the auxiliary groups of the remote peer. It is designed to
naturally extend SO_PEERCRED. That is, the underlying data is from the
same credentials. Regarding its syntax, it is based on SO_PEERSEC. That
is, if the provided buffer is too small, ERANGE is returned and @optlen
is updated. Otherwise, the information is copied, @optlen is set to the
actual size, and 0 is returned.

While SO_PEERCRED (and thus `struct ucred') already returns the primary
group, it lacks the auxiliary group vector. However, nearly all access
controls (including kernel side VFS and SYSVIPC, but also user-space
polkit, DBus, ...) consider the entire set of groups, rather than just
the primary group. But this is currently not possible with pure
SO_PEERCRED. Instead, user-space has to work around this and query the
system database for the auxiliary groups of a UID retrieved via
SO_PEERCRED.

Unfortunately, there is no race-free way to query the auxiliary groups
of the PID/UID retrieved via SO_PEERCRED. Hence, the current user-space
solution is to use getgrouplist(3p), which itself falls back to NSS and
whatever is configured in nsswitch.conf(3). This effectively checks
which groups we *would* assign to the user if it logged in *now*. On
normal systems it is as easy as reading /etc/group, but with NSS it can
resort to quering network databases (eg., LDAP), using IPC or network
communication.

Long story short: Whenever we want to use auxiliary groups for access
checks on IPC, we need further IPC to talk to the user/group databases,
rather than just relying on SO_PEERCRED and the incoming socket. This
is unfortunate, and might even result in dead-locks if the database
query uses the same IPC as the original request.

So far, those recursions / dead-locks have been avoided by using
primitive IPC for all crucial NSS modules. However, we want to avoid
re-inventing the wheel for each NSS module that might be involved in
user/group queries. Hence, we would preferably make DBus (and other IPC
that supports access-management based on groups) work without resorting
to the user/group database. This new SO_PEERGROUPS ioctl would allow us
to make dbus-daemon work without ever calling into NSS.

Cc: Michal Sekletar <msekleta@redhat.com>
Cc: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-21 11:38:41 -04:00
..
boot kbuild: delete unnecessary "@:" 2016-04-20 10:36:57 +02:00
configs arch/defconfig: remove CONFIG_RESOURCE_COUNTERS 2016-05-23 17:04:14 -07:00
include net: introduce SO_PEERGROUPS getsockopt 2017-06-21 11:38:41 -04:00
kernel Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-01 16:15:18 -07:00
lib mn10300: switch to RAW_COPY_USER 2017-03-28 18:23:49 -04:00
mm sched/headers: Prepare to remove the <linux/mm_types.h> dependency from <linux/sched.h> 2017-03-02 08:42:37 +01:00
oprofile MN10300: Kill MN10300's own profiling Kconfig 2009-04-09 10:53:16 -07:00
proc-mn2ws0050 Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
proc-mn103e010 mn10300: use RTC_DRV_CMOS instead of CONFIG_RTC 2016-06-26 01:20:08 +02:00
unit-asb2303 net: smc91x: isolate u16 writes alignment workaround 2016-10-18 14:14:21 -04:00
unit-asb2305 mn10300/PCI: Use generic pci_mmap_resource_range() 2017-04-20 08:47:47 -05:00
unit-asb2364 mn10300: Remove deprecated IRQF_DISABLED 2014-03-04 21:47:51 +01:00
Kconfig CONFIG_ARCH_HAS_RAW_COPY_USER is unconditional now 2017-04-26 12:11:01 -04:00
Kconfig.debug consolidate per-arch stack overflow debugging options 2013-07-04 11:25:39 -07:00
Makefile mn10300: Remove redundant debugging info flag 2014-01-28 10:57:06 +01:00