linux/net/core
David Herrmann 28b5ba2aa0 net: introduce SO_PEERGROUPS getsockopt
This adds the new getsockopt(2) option SO_PEERGROUPS on SOL_SOCKET to
retrieve the auxiliary groups of the remote peer. It is designed to
naturally extend SO_PEERCRED. That is, the underlying data is from the
same credentials. Regarding its syntax, it is based on SO_PEERSEC. That
is, if the provided buffer is too small, ERANGE is returned and @optlen
is updated. Otherwise, the information is copied, @optlen is set to the
actual size, and 0 is returned.

While SO_PEERCRED (and thus `struct ucred') already returns the primary
group, it lacks the auxiliary group vector. However, nearly all access
controls (including kernel side VFS and SYSVIPC, but also user-space
polkit, DBus, ...) consider the entire set of groups, rather than just
the primary group. But this is currently not possible with pure
SO_PEERCRED. Instead, user-space has to work around this and query the
system database for the auxiliary groups of a UID retrieved via
SO_PEERCRED.

Unfortunately, there is no race-free way to query the auxiliary groups
of the PID/UID retrieved via SO_PEERCRED. Hence, the current user-space
solution is to use getgrouplist(3p), which itself falls back to NSS and
whatever is configured in nsswitch.conf(3). This effectively checks
which groups we *would* assign to the user if it logged in *now*. On
normal systems it is as easy as reading /etc/group, but with NSS it can
resort to quering network databases (eg., LDAP), using IPC or network
communication.

Long story short: Whenever we want to use auxiliary groups for access
checks on IPC, we need further IPC to talk to the user/group databases,
rather than just relying on SO_PEERCRED and the incoming socket. This
is unfortunate, and might even result in dead-locks if the database
query uses the same IPC as the original request.

So far, those recursions / dead-locks have been avoided by using
primitive IPC for all crucial NSS modules. However, we want to avoid
re-inventing the wheel for each NSS module that might be involved in
user/group queries. Hence, we would preferably make DBus (and other IPC
that supports access-management based on groups) work without resorting
to the user/group database. This new SO_PEERGROUPS ioctl would allow us
to make dbus-daemon work without ever calling into NSS.

Cc: Michal Sekletar <msekleta@redhat.com>
Cc: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-21 11:38:41 -04:00
..
datagram.c net: factor out a helper to decrement the skb refcount 2017-06-12 10:01:29 -04:00
dev_addr_lists.c
dev_ioctl.c net: ethernet: update drivers to handle HWTSTAMP_FILTER_NTP_ALL 2017-05-21 13:37:32 -04:00
dev.c net: remove dst gc related code 2017-06-17 22:54:01 -04:00
devlink.c devlink: fix potential memort leak 2017-06-05 11:24:28 -04:00
drop_monitor.c drop_monitor: use setup_timer 2017-03-12 23:47:16 -07:00
dst_cache.c net: dst_cache_per_cpu_dst_set() can be static 2016-03-18 17:45:08 -04:00
dst.c net: remove DST_NOCACHE flag 2017-06-17 22:54:01 -04:00
ethtool.c net: Add ESP offload features 2017-04-14 10:05:36 +02:00
fib_rules.c fib_rules: fix error return code 2017-04-27 16:35:57 -04:00
filter.c bpf: permits narrower load from bpf program context fields 2017-06-14 14:56:25 -04:00
flow_dissector.c net/flow_dissector: add support for dissection of misc ip header fields 2017-06-04 18:12:23 -04:00
flow.c flowcache: more "unsigned int" 2017-04-03 19:04:48 -07:00
gen_estimator.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
gen_stats.c net_sched: gen_estimator: complete rewrite of rate estimators 2016-12-05 15:21:59 -05:00
gro_cells.c net: Generic XDP 2017-04-25 13:33:49 -04:00
hwbm.c net: hwbm: Fix unbalanced spinlock in error case 2016-05-25 12:35:09 -07:00
link_watch.c
lwt_bpf.c net: add extack arg to lwtunnel build state 2017-05-30 11:55:32 -04:00
lwtunnel.c net: add extack arg to lwtunnel build state 2017-05-30 11:55:32 -04:00
Makefile gro_cells: move to net/core/gro_cells.c 2017-02-08 14:38:18 -05:00
neighbour.c neigh: Really delete an arp/neigh entry on "ip neigh delete" or "arp -d" 2017-06-04 21:37:18 -04:00
net_namespace.c netns: fix error code when the nsid is already used 2017-06-10 15:58:50 -04:00
net-procfs.c net-procfs: Use vsnprintf extension %phN 2017-06-04 19:52:58 -04:00
net-sysfs.c net: make struct net_device::tx_queue_len unsigned int 2017-05-18 10:19:30 -04:00
net-sysfs.h
net-traces.c
netclassid_cgroup.c cgroup, net_cls: iterate the fds of only the tasks which are being migrated 2017-03-22 10:32:46 -07:00
netevent.c
netpoll.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
netprio_cgroup.c net: break include loop netdevice.h, dsa.h, devlink.h 2017-03-28 22:46:04 -07:00
pktgen.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
ptp_classifier.c
request_sock.c ipv4: Namespaceify tcp_max_syn_backlog knob 2016-12-29 11:38:31 -05:00
rtnetlink.c rtnetlink: add restricted rtnl groups for ipv4 and ipv6 mroute 2017-06-21 11:22:52 -04:00
scm.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h> 2017-03-02 08:42:29 +01:00
secure_seq.c tcp: Namespaceify sysctl_tcp_timestamps 2017-06-08 10:53:29 -04:00
skbuff.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
sock_diag.c netlink: extended ACK reporting 2017-04-13 13:58:20 -04:00
sock_reuseport.c soreuseport: use "unsigned int" in __reuseport_alloc() 2017-04-03 19:06:38 -07:00
sock.c net: introduce SO_PEERGROUPS getsockopt 2017-06-21 11:38:41 -04:00
stream.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
sysctl_net_core.c net: move somaxconn init from sysctl code 2017-05-25 13:12:17 -04:00
timestamping.c
tso.c
utils.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00