Introduce supplementary group tracking

This works very much like our UID/GID tracking.
2024-10-07 01:43:25 +00:00 · 2023-09-20 21:25:39 -04:00 · 2023-09-20 21:25:39 -04:00 · 5a3e170bf6
commit 5a3e170bf6
parent 7dba61bfb8
4 changed files with 61 additions and 0 deletions
--- a/internal-include/darlingserver/process.hpp
+++ b/internal-include/darlingserver/process.hpp
@ -104,6 +104,7 @@ namespace DarlingServer {
 		std::string _executablePath;
 		bool _dead = false;
 		std::shared_ptr<Process> _selfReference = nullptr;
+		std::vector<uint32_t> _groups;

 #if DSERVER_EXTENDED_DEBUG
 		std::unordered_map<uint32_t, uintptr_t> _registeredNames;
@ -211,6 +212,9 @@ namespace DarlingServer {
 		static std::shared_ptr<Process> kernelProcess();

 		void logToStream(Log::Stream& stream) const;
+
+		std::vector<uint32_t> groups() const;
+		void setGroups(const std::vector<uint32_t>& groups);
 	};
 };

--- a/scripts/generate-rpc-wrappers.py
+++ b/scripts/generate-rpc-wrappers.py
@ -239,6 +239,15 @@ calls = [
 		('length', 'uint64_t'),
 	]),

+	('groups', [
+		('new_groups', 'const uint32_t*', 'uint64_t'),
+		('new_group_count', 'uint64_t'),
+		('old_groups', 'uint32_t*', 'uint64_t'),
+		('old_group_space', 'uint64_t'),
+	], [
+		('old_group_count', 'uint64_t'),
+	]),
+
 	#
 	# kqueue channels
 	#
--- a/src/call.cpp
+++ b/src/call.cpp
@ -1036,4 +1036,39 @@ void DarlingServer::Call::GetExecutablePath::processCall() {
 	_sendReply(code, fullLength);
 }

+void DarlingServer::Call::Groups::processCall() {
+	int code = 0;
+	std::vector<uint32_t> oldGroups;
+
+	if (auto thread = _thread.lock()) {
+		if (auto process = thread->process()) {
+			oldGroups = process->groups();
+
+			if (_body.new_groups != 0 && _body.new_group_count > 0) {
+				std::vector<uint32_t> newGroups;
+				newGroups.resize(_body.new_group_count);
+
+				if (!process->readMemory((uintptr_t)_body.new_groups, newGroups.data(), newGroups.size() * sizeof(uint32_t), &code)) {
+					code = -code;
+				} else {
+					process->setGroups(newGroups);
+				}
+			}
+
+			if (code == 0 && _body.old_groups != 0 && _body.old_group_space > 0) {
+				auto len = std::min(oldGroups.size(), _body.old_group_space) * sizeof(uint32_t);
+				if (!process->writeMemory((uintptr_t)_body.old_groups, oldGroups.data(), len, &code)) {
+					code = -code;
+				}
+			}
+		} else {
+			code = -ESRCH;
+		}
+	} else {
+		code = -ESRCH;
+	}
+
+	_sendReply(code, oldGroups.size());
+};
+
 DSERVER_CLASS_SOURCE_DEFS;
--- a/src/process.cpp
+++ b/src/process.cpp
@ -77,6 +77,9 @@ DarlingServer::Process::Process(ID id, NSID nsid, Architecture architecture, int
 		// inherit vchroot from parent process
 		_vchrootDescriptor = parentProcess->_vchrootDescriptor;
 		_cachedVchrootPath = parentProcess->_cachedVchrootPath;
+
+		// inherit groups from parent process
+		_groups = parentProcess->_groups;
 	}

 	// NOTE: see thread.cpp for why it's okay to use `this` here
@ -743,3 +746,13 @@ bool DarlingServer::Process::isDead() const {
 	std::shared_lock lock(_rwlock);
 	return _dead;
 };
+
+std::vector<uint32_t> DarlingServer::Process::groups() const {
+	std::shared_lock lock(_rwlock);
+	return _groups;
+};
+
+void DarlingServer::Process::setGroups(const std::vector<uint32_t>& groups) {
+	std::unique_lock lock(_rwlock);
+	_groups = groups;
+};