John Baldwin [Mon, 16 Oct 2023 22:13:31 +0000 (15:13 -0700)]
bsdinstall partedit: Apply changes from scripted installs
I got a check inverted in a previous cleanup commit and as a result
partedit was only applying GEOM changes (and generating an /etc/fstab)
if it got an error reading the current GEOM mesh. Instead, it needed
to do those actions if it succeeded in reading the mesh.
The lack of /etc/fstab meant that bsdinstall mount didn't mount
anything in a scripted install.
PR: 273723
Reported by: Andrey Fesenko <andrey@bsdnir.info>
Reported by: Michal Nowak <mnowak@startmail.com>
Reviewed by: cognet, brooks
Fixes: 230990991965 bsdinstall: Handle errors from geom_gettree.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42236
John Baldwin [Wed, 28 Jun 2023 18:11:00 +0000 (11:11 -0700)]
bsdinstall: Handle errors from geom_gettree.
geom_gettree probably never fails, and if it does there isn't much of
a fallback other than aborting partitioning. However, a few places
were checking the return value and not doing anything with it
triggering a unused-but-set-variable warning. Checking the errors
resolves the warning.
While here, check for errors in other places that weren't checking for
them at all, remove a spurious double call (the second call overwrote
the mesh structure leaking all the pointers from the first), and close
a few resource leaks on error paths.
John Baldwin [Tue, 27 Jun 2023 17:19:32 +0000 (10:19 -0700)]
bsdinstall: Replace correct, but fragile, string builder with open_memstream.
The old one triggered a false positive -Warray-bounds from GCC (the
compiler assumed len was always 0), but it was also fragile with
manually computed lengths paired with strcat vs using a string
builder.
Kenneth D. Merry [Thu, 28 Dec 2023 21:23:16 +0000 (16:23 -0500)]
camcontrol: Add a sense subcommand
As the name suggests, this sends a SCSI REQUEST SENSE to a device,
and prints out decoded sense information. It can also print out a
hexdump of the sense data.
sbin/camcontrol/camcontrol.c:
Add the new sense subcommand.
Kyle Evans [Wed, 13 Dec 2023 16:52:14 +0000 (10:52 -0600)]
loader: lua: remove the default kernel if it doesn't exist
The `kernel` env var provides the default kernel, usually "kernel". It
may be the case that the user doesn't have a "kernel" kernel, just
"kernel.*" kernels, but have left `kernel` to the default because we
autodetect entries by default anyways.
If we're doing autodetection, take note of whether the default kernel
exists or not and remove it from the list if it doesn't and we had found
any other kernels. We avoid it in the #kernels == 1 case because
something fishy has likely happened and we should just trust the
configuration.
Reviewed by: imp, manu
Differential Revision: https://reviews.freebsd.org/D42967
Kyle Evans [Wed, 13 Dec 2023 16:49:03 +0000 (10:49 -0600)]
kdump: use print_mask_arg0 appropriately
Some callers are using print_mask_arg() when they should be using
print_mask_arg0(); the latter should be used when all flags are optional
and there's not a flag to be decoded with a 0-mask. This turns:
Kyle Evans [Fri, 8 Dec 2023 21:36:06 +0000 (15:36 -0600)]
loader: provide a features table for binary compatibility advertisement
liblua now provides a loader.has_feature() function to probe the loader
binary for features advertised. name => desc mappings are provided in
loader.features to get a list of all of the features loader *can*
support. core.hasFeature is provided as a shim to loader.has_feature
so that individual consumers don't need to think about the logic of the
loader module not providing has_feature; we know that means the feature
isn't enabled.
The first consumer of this will be EARLY_ACPI to advertise that the
loader binary probes for ACPI presence before the interpreter has
started, so that we know whether we can trust the presence of acpi.rsdp
as relatively authoritative. In general, it's intended to be used to
avoid breaking new scripts on older loaders within reason.
This will be used in lua as `core.hasFeature("EARLY_ACPI")`, while the
C bits of loader will `feature_enable(FEATURE_EARLY_ACPI)`.
Rick Macklem [Sun, 31 Dec 2023 23:55:24 +0000 (15:55 -0800)]
vfs_vnops.c: Fix vn_generic_copy_file_range() for truncation
When copy_file_range(2) was first being developed,
*inoffp + len had to be <= infile_size or an error was
returned. This semantic (as defined by Linux) changed
to allow *inoffp + len to be greater than infile_size and
the copy would end at *inoffp + infile_size.
Unfortunately, the code that decided if the outfd should
be truncated in length did not get updated for this
semantics change.
As such, if a copy_file_range(2) is done, where infile_size - *inoffp
is less that outfile_size but len is large, the outfd file is truncated
when it should not be. (The semantics for this for Linux is to not
truncate outfd in this case.)
This patch fixes the problem. I believe the calculation is safe
for all non-negative values of outsize, *outoffp, *inoffp and insize,
which should be ok, since they are all guaranteed to be non-negative.
Note that this bug is not observed over NFSv4.2, since it truncates
len to infile_size - *inoffp.
Gleb Smirnoff [Tue, 19 Dec 2023 19:24:17 +0000 (11:24 -0800)]
tcp: always set tcp_tun_port to a correct value
The tcp_tun_port field that is used to pass port value between UDP
and TCP in case of tunneling is a generic field that used to pass
data between network layers. It can be contaminated on entry, e.g.
by a VLAN tag set by a NIC driver. Explicily set it, so that it
is zeroed out in a normal not-tunneled TCP. If it contains garbage,
tcp_twcheck() later can enter wrong block of code and treat the packet
as incorrectly tunneled one. On main and stable/14 that will end up
with sending incorrect responses, but on stable/13 with ipfw(8) and
pcb-matching rules it may end up in a panic.
This is a minimal conservative patch to be merged to stable branches.
Later we may redesign this.
Rick Macklem [Tue, 26 Dec 2023 22:33:39 +0000 (14:33 -0800)]
nfscl: Fix handling of expired Kerberos credentials (NFSv4.1/4.2)
If the NFS server detects that the Kerberos credentials provided
by a NFSv4.1/4.2 mount using sec=krb5[ip] have expired, the NFS
server replies with a krpc layer error of RPC_AUTHERROR.
When this happened, the client erroneously left the NFSv4.1/4.2
session slot busy, so that it could not be used by other RPCs.
If this happened for all session slots, the mount point would
hang.
This patch fixes the problem by releasing the session slot
and resetting its sequence# upon receiving a RPC_AUTHERROR
reply.
This bug only affects NFSv4.1/4.2 mounts using sec=krb5[ip],
but has existed since NFSv4.1 client support was added to
FreeBSD.
So, why has the bug remained undetected for so long?
I cannot be sure, but I suspect that, often, the client detected
the Kerberos credential expiration before attempting the RPC.
For this case, the client would not do the RPC and, as such,
there would be no busy session slot. Also, no hang would
occur until all session slots are busied (64 for a FreeBSD
client/server), so many cases of the bug probably went undetected?
Also, use of sec=krb5[ip] mounts are not that common.
Mark Johnston [Tue, 26 Dec 2023 01:43:21 +0000 (20:43 -0500)]
nmount: Ignore errors when copying out an error string
In general we copy error strings as part of reporting an error from
lower layers, so if the copyout() fails there's nothing to do since we'd
prefer to preserve the original error.
This is in preparation for annotating copyin() and related functions
with __result_use_check.
Mark Johnston [Tue, 26 Dec 2023 01:43:06 +0000 (20:43 -0500)]
geom: Report copyout() errors in g_ctl_ioctl_ctl()
Despite the name, req->serror is used in some cases to copy non-error
messages to userspace. So, report errors when copying out so long as
they don't clobber an earlier error.
Mark Johnston [Tue, 26 Dec 2023 01:42:58 +0000 (20:42 -0500)]
gntdev: Handle errors from suword32() in gntdev_alloc_gref()
Try to copy out output values before handling errors, and check that we
did so successfully. In particular, it doesn't seem sensible to ignore
errors here, otherwise userspace won't have any way to refer to the
allocations.
This is in preparation for annotating copyin() and related functions
with __result_use_check.
Mark Johnston [Tue, 26 Dec 2023 01:42:49 +0000 (20:42 -0500)]
mpr: Handle errors from copyout() in ioctl handlers
In preparation for adding a __result_use_check annotation to copyin()
and related functions, start checking for errors from copyout() in
the mpr(4) user command handler. This should make it easier to catch
bugs.
Mark Johnston [Tue, 26 Dec 2023 01:42:33 +0000 (20:42 -0500)]
mps: Handle errors from copyout() in ioctl handlers
In preparation for adding a __result_use_check annotation to copyin()
and related functions, start checking for errors from copyout() in
the mps(4) user command handler. This should make it easier to catch
bugs.
Mark Johnston [Tue, 26 Dec 2023 01:41:32 +0000 (20:41 -0500)]
sendfile: Explicitly ignore errors from copyout()
There is a documented bug in sendfile.2 which notes that sendfile(2)
does not raise an error if it fails to copy out the number of bytes
written. Explicitly ignore the error from copyout() calls in
preparation for annotating copyout() with __result_use_check.
Mark Johnston [Tue, 26 Dec 2023 01:39:39 +0000 (20:39 -0500)]
thread: Add a return value to cpu_set_upcall()
Some implementations copy data to userspace, an operation which can in
principle fail. In preparation for adding a __result_use_check
annotation to copyin() and related functions, let implementations of
cpu_set_upcall() return an error, and check for errors when copying data
to user memory.
Mark Johnston [Tue, 26 Dec 2023 01:38:57 +0000 (20:38 -0500)]
ocs: Check for copyin errors in the ioctl handler
If copyin() fails, the driver will blindly proceed with whatever had
been in the uninitialized DMA buffer. This is not what we want. Check
for copyin failures.
This is in preparation for annotating copyin() and related functions
with __result_use_check.
Mark Johnston [Tue, 26 Dec 2023 01:37:49 +0000 (20:37 -0500)]
hid: Handle errors from copyin() in ioctl handlers
If copyin() fails, the driver will proceed blindly with a zeroed buffer,
which is not what we want. In preparation for annotating copyin() with
__result_use_check, start checking for errors.
Dimitry Andric [Mon, 25 Dec 2023 17:18:31 +0000 (18:18 +0100)]
Minimize libc++ errno-related header diffs with upstream
In commit 88640c0e8b6f5 the new EINTEGRITY errno value was added, and
this caused us to carry a patch for upstream libc++ since that time.
Because it can cause merge conflicts when importing libc++ code from
upstream, I have submitted an upstream pull request to get most of that
patch integrated.
It turns out that we do not need the errno.h part of it at all, since
all supported FreeBSD versions define EOWNERDEAD and ENOTRECOVERABLE,
and therefore the block that juggles with ELAST values is never used in
FreeBSD. At the moment it only applies to older versions of Linux, or
possibly other platforms.
Therefore the only part that needs to stay is the definition of a enum
errc value for EINTEGRITY, and this is made optional upon EINTEGRITY
being defined, to make it suitable for upstreaming.
Dimitry Andric [Thu, 28 Dec 2023 12:57:41 +0000 (13:57 +0100)]
Reorganize libclang_rt Makefile and make more lib/arch combos available
Upstream has made more clang runtime libraries available for more
architectures, so add them. To make this easier, split up subdir lists
into functional parts (asan, tsan, etc), and put each architecture into
its own .if block.
Effectively, this adds the following libraries for aarch64: asan, cfi,
fuzzer, msan, safestack, stats, tsan, ubsan, xray.
Ronald Klop [Sat, 4 Nov 2023 14:14:00 +0000 (15:14 +0100)]
Teach if_smsc to get MAC from bootargs.
Some Raspberry Pi pass smsc95xx.macaddr=XX:XX:XX:XX:XX:XX as bootargs.
Use this if no ethernet address is found in an EEPROM.
As last resort fall back to ether_gen_addr() instead of random MAC.
compile error was:
/usr/src/sys/dev/usb/net/if_smsc.c:1597:40: error: format specifies type 'unsigned long' but the argument has type 'ssize_t' (aka 'int') [-Werror,-Wformat]
"failed alloc for bootargs (%lu)", len);
~~~ ^~~
%zd
Mark Johnston [Thu, 21 Dec 2023 18:26:13 +0000 (13:26 -0500)]
ufs: Update *eofflag upon a read of an unlinked directory
If the directory is unlinked, no further entries will be returned, but
we return no error. At least one caller (vn_dir_next_dirent()) asserts
that a VOP_READDIR call which returns no error and no entries will set
*eofflag != 0, so the current behaviour of UFS can trigger an assertion
failure.
Mark Johnston [Sat, 9 Dec 2023 15:22:06 +0000 (10:22 -0500)]
kthread: Set *newtdp earlier in kthread_add1()
syzbot reported a single boot-time crash in g_event_procbody(), a page
fault when dereferencing g_event_td. g_event_td is initialized by the
kproc_kthread_add() call which creates the GEOM event thread:
I believe that the caller of kproc_kthread_add() was preempted after
adding the new thread to the scheduler, and before setting *newtdp,
which is equal to g_event_td. Thus, since the first action of the GEOM
event thread is to lock itself, it ended up dereferencing a NULL
pointer.
Fix the problem simply by initializing *newtdp earlier. I see no harm
in that, and it matches kproc_create1(). The scheduler provides
sufficient synchronization to ensure that the store is visible to the
new thread, wherever it happens to run.
Igor Ostapenko [Tue, 12 Dec 2023 18:26:21 +0000 (19:26 +0100)]
netlink: fix snl_writer and linear_buffer re-allocation logic
- Use the correct base pointer after re-allocation to avoid buffer
overflows.
- Maintain correct snl_writer.size, which avoids redundant memory
allocation, e.g. a need for ~1k bytes may end up with ~32k
linear_buffer actually allocated.
This fixes a pfctl regression at least for armv7 after the addrule logic
migration to netlink: ffbf25951e7b ("pf: convert rule addition to netlink")
The add rule command creates a bigger than default size netlink requests
which triggers the re-allocation logic.
ocs_fc: IO timeout handling and error reporting fix.
Hardware timeout uses a 8-bit timeout value and expects the timeout to
be less than 255 seconds. Added software timer implemetation to timeout
and abort the IOs with timeout more than 255 seconds.
Fix the timeout problem by dividing CAM timeouts by 1000 as hardware
expects timeout value in seconds. Before this change, CAM timeouts in
milliseconds were getting truncated to 8 bits and converted to seconds.
So the actual timeout used when going down to the card would depend on
the bottom 8 bits of the timeout used.
Add the mapping of ocs_fc error status to CAM status.
Reported by: ken
Reviewed by: ken
Tested by: ken, ram
Approved by: ken
MFC after: 1 week
Dimitry Andric [Thu, 21 Dec 2023 22:35:17 +0000 (23:35 +0100)]
Fix snprintf truncation in telnet
Building telnet with clang 18 results in the following warning:
contrib/telnet/telnet/telnet.c:231:5: error: 'snprintf' will always be truncated; specified size is 10, but format string expands to at least 11 [-Werror,-Wformat-truncation]
231 | snprintf(temp2, sizeof(temp2), "%c%c%c%c....%c%c", IAC, SB, TELOPT_COMPORT,
| ^
The temp2 buffer is 10 chars, while the format string also consists of
10 chars. Therefore, snprintf(3) will truncate the last character, 'SE'
(end sub negotation) in this case.
Dimitry Andric [Thu, 21 Dec 2023 22:41:57 +0000 (23:41 +0100)]
Silence VLA extension warnings in fusefs tests
Building tests/sys/fs/fusefs with clang 18 results the following
warning:
tests/sys/fs/fusefs/cache.cc:145:14: error: variable length arrays in C++ are a Clang extension [-Werror,-Wvla-cxx-extension]
145 | uint8_t buf[bufsize];
| ^~~~~~~
Because we do not particularly care that this is a clang extension,
suppress the warning.
Dimitry Andric [Thu, 21 Dec 2023 22:39:15 +0000 (23:39 +0100)]
Silence snprintf truncation warnings in printf_test examples
Building share/examples/tests with clang 18 results in a few warnings
like:
share/examples/tests/tests/plain/printf_test.c:67:6: error: 'snprintf' will always be truncated; specified size is 10, but format string expands to at least 17 [-Werror,-Wformat-truncation]
67 | if (snprintf(buffer, sizeof(buffer), "0123456789abcdef") != 16)
| ^
Since these tests are meant as an example of testing snprintf overflow,
suppress the warnings.
Intentionally or not, but the libwrap was written in such manner that
if your /etc/hosts.allow doesn't have any domain names, neither smart
keywords like LOCAL or KNOWN, then it will not try to resolve the
client address during the hosts check. This was achieved with the
NOT_INADDR() check that matched IPv4 addresses/prefixes. Extend this
to also skip resolve if client list token looks like IPv6.
Olivier Certner [Fri, 13 Oct 2023 08:52:31 +0000 (10:52 +0200)]
Ensure 'struct thread' is aligned to a cache line
Using the new UMA_ALIGN_CACHE_AND_MASK() facility, which allows to
simultaneously guarantee a minimum of 32 bytes of alignment (the 5 lower
bits are always 0).
For the record, to this day, here's a (possibly non-exhaustive) list of
synchronization primitives using lower bits to store flags in pointers
to thread structures:
- lockmgr, rwlock and sx all use the 5 bits directly.
- rmlock indirectly relies on sx, so can use the 5 bits.
- mtx (non-spin) relies on the 3 lower bits.
Reviewed by: markj, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42266
Olivier Certner [Fri, 13 Oct 2023 15:05:34 +0000 (17:05 +0200)]
uma: Permit specifying max of cache line and some custom alignment
To be used for structures for which we want to enforce that pointers to
them have some number of lower bits always set to 0, while still
ensuring we benefit from cache line alignment to avoid false sharing
between structures and fields within the structures (provided they are
properly ordered).
First candidate consumer that comes to mind is 'struct thread', see next
commit.
Reviewed by: markj, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42265
Olivier Certner [Fri, 13 Oct 2023 15:13:28 +0000 (17:13 +0200)]
linuxkpi: dma_get_cache_alignment(): Fix off-by-one result
Substituting 'uma_align_cache' by the appropriately named accessor
uma_get_cache_align_mask() made apparent that dma_get_cache_alignment()
was off by one, since it was defined to be the mask derived from the
alignment value.
Reviewed by: markj, bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42264
Olivier Certner [Fri, 13 Oct 2023 14:09:51 +0000 (16:09 +0200)]
uma: New check_align_mask(): Validate alignments (INVARIANTS)
New function check_align_mask() asserts (under INVARIANTS) that the mask
fits in a (signed) integer (see the comment) and that the corresponding
alignment is a power of two.
Use check_align_mask() in uma_set_align_mask() and also in uma_zcreate()
to replace the KASSERT() there (that was checking only for a power of
2).
Reviewed by: kib, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42263
Olivier Certner [Fri, 13 Oct 2023 12:49:11 +0000 (14:49 +0200)]
uma: Make the cache alignment mask unsigned
In uma_set_align_mask(), ensure that the passed value doesn't have its
highest bit set, which would lead to problems since keg/zone alignment
is internally stored as signed integers. Such big values do not make
sense anyway and indicate some programming error. A future commit will
introduce checks for this case and other ones.
Reviewed by: kib, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42262
Olivier Certner [Fri, 13 Oct 2023 12:13:30 +0000 (14:13 +0200)]
uma: UMA_ALIGN_CACHE: Resolve the proper value at use point
Having a special value of -1 that is resolved internally to
'uma_align_cache' provides no significant advantages and prevents
changing that variable to an unsigned type, which is natural for an
alignment mask. So suppress it and replace its use with a call to
uma_get_align_mask(). The small overhead of the added function call is
irrelevant since UMA_ALIGN_CACHE is only used when creating new zones,
which is not performance critical.
Reviewed by: markj, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42259
Create the uma_get_cache_align_mask() accessor and put it in a separate
private header so as to minimize namespace pollution in header/source
files that need only this function and not the whole 'uma.h' header.
Make sure the accessors have '_mask' as a suffix, so that callers are
aware that the real alignment is the power of two that is the mask plus
one. Rename the stem to something more explicit. Rename
uma_set_cache_align_mask()'s single parameter to 'mask'.
Hide 'uma_align_cache' to ensure that it cannot be set in any other way
then by a call to uma_set_cache_align_mask(), which will perform sanity
checks in a further commit. While here, rename it to
'uma_cache_align_mask'.
This is also in preparation for some further changes, such as improving
the sanity checks, eliminating internal resolving of UMA_ALIGN_CACHE and
changing the type of the 'uma_cache_align_mask' variable.
Reviewed by: markj, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42258
Olivier Certner [Tue, 10 Oct 2023 17:36:20 +0000 (19:36 +0200)]
Ensure "init" (PID 1) also executes userret() initially
Calling userret() from fork_return() misses the first return to
userspace of the "init" (PID 1) process. The latter is indeed created
by fork1() followed by a call to cpu_fork_kthread_handler() call that
replaces fork_return() by start_init() as the function to execute after
fork.
A new process' initial return to userspace in the end always happens
through returning from fork_exit(), so move userret() there instead to
fix the omission.
This problem was discovered as part of a revamp of scheduling priorities
that lead to experimenting with asserting and sometimes resetting
priorities in sched_userret(), in the course of which the author
stumbled on panics being triggered only in init() or only in other
processes, depending on the modifications to sched_userret(). This
change currently has no practical effect but will have some in the near
future.
Reviewed by: markj, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42257
Olivier Certner [Tue, 30 May 2023 16:35:08 +0000 (18:35 +0200)]
setusercontext(): Apply personal settings only on matching effective UID
Commit 35305a8dc114 (r211393) added a check on whether 'uid' was equal
to getuid() before calling setlogincontext(). Doing so still allows
a setuid program to apply resource limits and priorities specified in
a user-controlled configuration file ('~/.login_conf') where
a non-setuid program could not. Plug the hole by checking instead that
the process' effective UID is the target one (which is likely what was
meant in the initial commit).
PR: 271750
Reviewed by: kib, des
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40351
They all call cgetstr(), which returns -2 on such conditions and already
sets errno to ENOMEM, arguably the appropriate value for these functions
as well.
No in-tree consumer currently checks for errno on error reported by
these functions, so this change has no other code impact.
Reviewed by: kib
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40342
Olivier Certner [Thu, 25 May 2023 07:10:27 +0000 (09:10 +0200)]
setusercontext(): Fix gap when setting a realtime-class priority
The login.conf's "priority" capability allows to set priorities in the
idle or realtime classes in addition to the classical nice values (-20
to 20), through a natural extension where values greater than 20 put the
processes in the idle class (with priority adjusted within RTP_PRIO_MIN
and RTP_PRIO_MAX, 21 being converted to 0, 22 to 1, etc.) and values
lower than -20 put the process in the realtime class (with priority
adjusted within RTP_PRIO_MIN and RTP_PRIO_MAX, -21 being converted to
RTP_PRIO_MAX (31), -22 to 30, etc.).
Before this fix, in the latter case (realtime class), -21 was converted
to 30, and RTP_PRIO_MAX (31) could never be specified.
While here, change the priority computation for the idle-class case to
be symmetrical and use RTP_PRIO_MIN (in practice, this changes nothing
at all, since RTP_PRIO_MIN is 0; but this is the correct theoretical
formula, which would work as well with other values of RTP_PRIO_MIN).
See previous commit that made cr_canseeothergids() use the new
realgroupmember() function, taking into account real group IDs instead
of effective ones.
Olivier Certner [Thu, 17 Aug 2023 23:54:45 +0000 (01:54 +0200)]
cr_canseeothergids(): Use real instead of effective group membership
Using the effective group and not the real one when testing membership
has the consequence that unprivileged processes cannot see setuid
commands they launch until these have relinquished their privileges.
This is also in contradiction with how the similar cr_canseeotheruids()
works, i.e., by taking into account real user IDs.
Fix this by substituting groupmember() with realgroupmember(). While
here, simplify the code.
Olivier Certner [Thu, 17 Aug 2023 23:54:44 +0000 (01:54 +0200)]
groupmember(): Extract the supplementary group search in a separate function
This is in preparation for the introduction of the new realgroupmember()
function, which does the same search into supplementary groups as
groupmember().
Reviewed by: mhorne
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40640
Mention cr_bsd_visible(9). Remove references to cr_canseeothergids(9)
and cr_canseeotheruids(9), as well as indirect references not
immediately useful.
Fix description of credentials checks to match reality.