The branch main has been updated by olce:
URL:
https://cgit.FreeBSD.org/src/commit/?id=3f313682e030f1c99d9b223093e84d0a53a109af
commit 3f313682e030f1c99d9b223093e84d0a53a109af
Author: Olivier Certner <o...@freebsd.org>
AuthorDate: 2024-11-01 16:12:15 +0000
Commit: Olivier Certner <o...@freebsd.org>
CommitDate: 2024-11-02 20:38:21 +0000
cred: groupmember(): Remove tolerance for empty 'cr_groups'
This tolerance had been introduced in commit caa309c8811d ("nfsd: Fix
handling of credentials with cr_ngroups == 0", on 2024/10/21).
Now that NFS has been modified in the previous commit (cfbe7a62dc62,
"nfs, rpc: Ensure kernel credentials have at least one group") to rule
out credentials with empty 'cr_groups' (and thus, no 'cr_gid'), remove
it back.
This basically reverts the above-mentioned commit except for the not
directly related modifications it contains, which are still valid.
Discussed with: rmacklem (by mail)
Approved by: markj (mentor)
MFC after: 3 days
---
sys/kern/kern_prot.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 504c79313408..b522edbf4e69 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1377,13 +1377,6 @@ bool
groupmember(gid_t gid, const struct ucred *cred)
{
- /*
- * The nfsd server can use a credential with zero groups in it
- * when certain mapped export credentials are specified via exports(5).
- */
- if (cred->cr_ngroups == 0)
- return (false);
-
groups_check_positive_len(cred->cr_ngroups);
if (gid == cred->cr_groups[0])
