Home | History | Annotate | Line # | Download | only in kern
kern_prot.c revision 1.91
      1 /*	$NetBSD: kern_prot.c,v 1.91 2006/07/17 15:29:06 ad Exp $	*/
      2 
      3 /*
      4  * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993
      5  *	The Regents of the University of California.  All rights reserved.
      6  * (c) UNIX System Laboratories, Inc.
      7  * All or some portions of this file are derived from material licensed
      8  * to the University of California by American Telephone and Telegraph
      9  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
     10  * the permission of UNIX System Laboratories, Inc.
     11  *
     12  * Redistribution and use in source and binary forms, with or without
     13  * modification, are permitted provided that the following conditions
     14  * are met:
     15  * 1. Redistributions of source code must retain the above copyright
     16  *    notice, this list of conditions and the following disclaimer.
     17  * 2. Redistributions in binary form must reproduce the above copyright
     18  *    notice, this list of conditions and the following disclaimer in the
     19  *    documentation and/or other materials provided with the distribution.
     20  * 3. Neither the name of the University nor the names of its contributors
     21  *    may be used to endorse or promote products derived from this software
     22  *    without specific prior written permission.
     23  *
     24  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
     25  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     26  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     27  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
     28  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     29  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     30  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     31  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     32  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     33  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     34  * SUCH DAMAGE.
     35  *
     36  *	@(#)kern_prot.c	8.9 (Berkeley) 2/14/95
     37  */
     38 
     39 /*
     40  * System calls related to processes and protection
     41  */
     42 
     43 #include <sys/cdefs.h>
     44 __KERNEL_RCSID(0, "$NetBSD: kern_prot.c,v 1.91 2006/07/17 15:29:06 ad Exp $");
     45 
     46 #include "opt_compat_43.h"
     47 
     48 #include <sys/param.h>
     49 #include <sys/acct.h>
     50 #include <sys/systm.h>
     51 #include <sys/ucred.h>
     52 #include <sys/proc.h>
     53 #include <sys/timeb.h>
     54 #include <sys/times.h>
     55 #include <sys/pool.h>
     56 #include <sys/syslog.h>
     57 #include <sys/resourcevar.h>
     58 #include <sys/kauth.h>
     59 
     60 #include <sys/mount.h>
     61 #include <sys/sa.h>
     62 #include <sys/syscallargs.h>
     63 
     64 #include <sys/malloc.h>
     65 
     66 int	sys_getpid(struct lwp *, void *, register_t *);
     67 int	sys_getpid_with_ppid(struct lwp *, void *, register_t *);
     68 int	sys_getuid(struct lwp *, void *, register_t *);
     69 int	sys_getuid_with_euid(struct lwp *, void *, register_t *);
     70 int	sys_getgid(struct lwp *, void *, register_t *);
     71 int	sys_getgid_with_egid(struct lwp *, void *, register_t *);
     72 
     73 static int grsortu(gid_t *, int);
     74 
     75 /* ARGSUSED */
     76 int
     77 sys_getpid(struct lwp *l, void *v, register_t *retval)
     78 {
     79 	struct proc *p = l->l_proc;
     80 
     81 	*retval = p->p_pid;
     82 	return (0);
     83 }
     84 
     85 /* ARGSUSED */
     86 int
     87 sys_getpid_with_ppid(struct lwp *l, void *v, register_t *retval)
     88 {
     89 	struct proc *p = l->l_proc;
     90 
     91 	retval[0] = p->p_pid;
     92 	retval[1] = p->p_pptr->p_pid;
     93 	return (0);
     94 }
     95 
     96 /* ARGSUSED */
     97 int
     98 sys_getppid(struct lwp *l, void *v, register_t *retval)
     99 {
    100 	struct proc *p = l->l_proc;
    101 
    102 	*retval = p->p_pptr->p_pid;
    103 	return (0);
    104 }
    105 
    106 /* Get process group ID; note that POSIX getpgrp takes no parameter */
    107 int
    108 sys_getpgrp(struct lwp *l, void *v, register_t *retval)
    109 {
    110 	struct proc *p = l->l_proc;
    111 
    112 	*retval = p->p_pgrp->pg_id;
    113 	return (0);
    114 }
    115 
    116 /*
    117  * Return the process group ID of the session leader (session ID)
    118  * for the specified process.
    119  */
    120 int
    121 sys_getsid(struct lwp *l, void *v, register_t *retval)
    122 {
    123 	struct sys_getsid_args /* {
    124 		syscalldarg(pid_t) pid;
    125 	} */ *uap = v;
    126 	struct proc *p = l->l_proc;
    127 
    128 	if (SCARG(uap, pid) == 0)
    129 		goto found;
    130 	if ((p = pfind(SCARG(uap, pid))) == 0)
    131 		return (ESRCH);
    132 found:
    133 	*retval = p->p_session->s_sid;
    134 	return (0);
    135 }
    136 
    137 int
    138 sys_getpgid(struct lwp *l, void *v, register_t *retval)
    139 {
    140 	struct sys_getpgid_args /* {
    141 		syscallarg(pid_t) pid;
    142 	} */ *uap = v;
    143 	struct proc *p = l->l_proc;
    144 
    145 	if (SCARG(uap, pid) == 0)
    146 		goto found;
    147 	if ((p = pfind(SCARG(uap, pid))) == 0)
    148 		return (ESRCH);
    149 found:
    150 	*retval = p->p_pgid;
    151 	return (0);
    152 }
    153 
    154 /* ARGSUSED */
    155 int
    156 sys_getuid(struct lwp *l, void *v, register_t *retval)
    157 {
    158 	struct proc *p = l->l_proc;
    159 
    160 	*retval = kauth_cred_getuid(p->p_cred);
    161 	return (0);
    162 }
    163 
    164 /* ARGSUSED */
    165 int
    166 sys_getuid_with_euid(struct lwp *l, void *v, register_t *retval)
    167 {
    168 	struct proc *p = l->l_proc;
    169 
    170 	retval[0] = kauth_cred_getuid(p->p_cred);
    171 	retval[1] = kauth_cred_geteuid(p->p_cred);
    172 	return (0);
    173 }
    174 
    175 /* ARGSUSED */
    176 int
    177 sys_geteuid(struct lwp *l, void *v, register_t *retval)
    178 {
    179 	struct proc *p = l->l_proc;
    180 
    181 	*retval = kauth_cred_geteuid(p->p_cred);
    182 	return (0);
    183 }
    184 
    185 /* ARGSUSED */
    186 int
    187 sys_getgid(struct lwp *l, void *v, register_t *retval)
    188 {
    189 	struct proc *p = l->l_proc;
    190 
    191 	*retval = kauth_cred_getgid(p->p_cred);
    192 	return (0);
    193 }
    194 
    195 /* ARGSUSED */
    196 int
    197 sys_getgid_with_egid(struct lwp *l, void *v, register_t *retval)
    198 {
    199 	struct proc *p = l->l_proc;
    200 
    201 	retval[0] = kauth_cred_getgid(p->p_cred);
    202 	retval[1] = kauth_cred_getegid(p->p_cred);
    203 	return (0);
    204 }
    205 
    206 /*
    207  * Get effective group ID.  The "egid" is groups[0], and could be obtained
    208  * via getgroups.  This syscall exists because it is somewhat painful to do
    209  * correctly in a library function.
    210  */
    211 /* ARGSUSED */
    212 int
    213 sys_getegid(struct lwp *l, void *v, register_t *retval)
    214 {
    215 	struct proc *p = l->l_proc;
    216 
    217 	*retval = kauth_cred_getegid(p->p_cred);
    218 	return (0);
    219 }
    220 
    221 int
    222 sys_getgroups(struct lwp *l, void *v, register_t *retval)
    223 {
    224 	struct sys_getgroups_args /* {
    225 		syscallarg(int) gidsetsize;
    226 		syscallarg(gid_t *) gidset;
    227 	} */ *uap = v;
    228 	struct proc *p = l->l_proc;
    229 	kauth_cred_t pc = p->p_cred;
    230 	u_int ngrp;
    231 	int error;
    232 	gid_t *grbuf;
    233 
    234 	if (SCARG(uap, gidsetsize) == 0) {
    235 		*retval = kauth_cred_ngroups(pc);
    236 		return (0);
    237 	} else if (SCARG(uap, gidsetsize) < 0)
    238 		return (EINVAL);
    239 	ngrp = SCARG(uap, gidsetsize);
    240 	if (ngrp < kauth_cred_ngroups(pc))
    241 		return (EINVAL);
    242 	ngrp = kauth_cred_ngroups(pc);
    243 
    244 	grbuf = malloc(ngrp * sizeof(*grbuf), M_TEMP, M_WAITOK);
    245 	kauth_cred_getgroups(pc, grbuf, ngrp);
    246 	error = copyout(grbuf, (caddr_t)SCARG(uap, gidset),
    247 			ngrp * sizeof(gid_t));
    248 	free(grbuf, M_TEMP);
    249 	if (error)
    250 		return (error);
    251 	*retval = ngrp;
    252 	return (0);
    253 }
    254 
    255 /* ARGSUSED */
    256 int
    257 sys_setsid(struct lwp *l, void *v, register_t *retval)
    258 {
    259 	struct proc *p = l->l_proc;
    260 
    261 	if (p->p_pgid == p->p_pid || pgfind(p->p_pid)) {
    262 		return (EPERM);
    263 	} else {
    264 		(void)enterpgrp(p, p->p_pid, 1);
    265 		*retval = p->p_pid;
    266 		return (0);
    267 	}
    268 }
    269 
    270 /*
    271  * set process group (setpgid/old setpgrp)
    272  *
    273  * caller does setpgid(targpid, targpgid)
    274  *
    275  * pgid must be in valid range (EINVAL)
    276  * pid must be caller or child of caller (ESRCH)
    277  * if a child
    278  *	pid must be in same session (EPERM)
    279  *	pid can't have done an exec (EACCES)
    280  * if pgid != pid
    281  * 	there must exist some pid in same session having pgid (EPERM)
    282  * pid must not be session leader (EPERM)
    283  *
    284  * Permission checks now in enterpgrp()
    285  */
    286 /* ARGSUSED */
    287 int
    288 sys_setpgid(struct lwp *l, void *v, register_t *retval)
    289 {
    290 	struct sys_setpgid_args /* {
    291 		syscallarg(int) pid;
    292 		syscallarg(int) pgid;
    293 	} */ *uap = v;
    294 	struct proc *curp = l->l_proc;
    295 	struct proc *targp;			/* target process */
    296 
    297 	if (SCARG(uap, pgid) < 0)
    298 		return EINVAL;
    299 
    300 	/* XXX MP - there is a horrid race here with targp exiting! */
    301 	if (SCARG(uap, pid) != 0 && SCARG(uap, pid) != curp->p_pid) {
    302 		targp = pfind(SCARG(uap, pid));
    303 		if (targp == NULL)
    304 			return ESRCH;
    305 	} else
    306 		targp = curp;
    307 
    308 	if (SCARG(uap, pgid) == 0)
    309 		SCARG(uap, pgid) = targp->p_pid;
    310 	return enterpgrp(targp, SCARG(uap, pgid), 0);
    311 }
    312 
    313 /*
    314  * Set real, effective and saved uids to the requested values.
    315  * non-root callers can only ever change uids to values that match
    316  * one of the processes current uid values.
    317  * This is further restricted by the flags argument.
    318  */
    319 
    320 int
    321 do_setresuid(struct lwp *l, uid_t r, uid_t e, uid_t sv, u_int flags)
    322 {
    323 	struct proc *p = l->l_proc;
    324 	kauth_cred_t cred = p->p_cred;
    325 
    326 	/*
    327 	 * check new value is one of the allowed existing values.
    328 	 * otherwise, check if we have root privilege.
    329 	 */
    330 	if ((r != -1
    331 	    && !((flags & ID_R_EQ_R) && r == kauth_cred_getuid(cred))
    332 	    && !((flags & ID_R_EQ_E) && r == kauth_cred_geteuid(cred))
    333 	    && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvuid(cred))) ||
    334 	    (e != -1
    335 	    && !((flags & ID_E_EQ_R) && e == kauth_cred_getuid(cred))
    336 	    && !((flags & ID_E_EQ_E) && e == kauth_cred_geteuid(cred))
    337 	    && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvuid(cred))) ||
    338 	    (sv != -1
    339 	    && !((flags & ID_S_EQ_R) && sv == kauth_cred_getuid(cred))
    340 	    && !((flags & ID_S_EQ_E) && sv == kauth_cred_geteuid(cred))
    341 	    && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvuid(cred)))) {
    342 		int error;
    343 
    344 		error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
    345 		    &p->p_acflag);
    346 		if (error != 0) {
    347 			return error;
    348 		}
    349 	}
    350 
    351 	/* If nothing has changed, short circuit the request */
    352 	if ((r == -1 || r == kauth_cred_getuid(cred))
    353 	    && (e == -1 || e == kauth_cred_geteuid(cred))
    354 	    && (sv == -1 || sv == kauth_cred_getsvuid(cred))) {
    355 		/* nothing to do */
    356 		return 0;
    357 	}
    358 
    359 	cred = kauth_cred_copy(cred);
    360 	p->p_cred = cred;
    361 
    362 	if (r != -1 && r != kauth_cred_getuid(cred)) {
    363 		/* Update count of processes for this user */
    364 		(void)chgproccnt(kauth_cred_getuid(cred), -1);
    365 		(void)chgproccnt(r, 1);
    366 		kauth_cred_setuid(cred, r);
    367 	}
    368 	if (sv != -1)
    369 		kauth_cred_setsvuid(cred, sv);
    370 	if (e != -1)
    371 		kauth_cred_seteuid(cred, e);
    372 
    373 	/* Mark process as having changed credentials, stops tracing etc */
    374 	p_sugid(p);
    375 	return 0;
    376 }
    377 
    378 /*
    379  * Set real, effective and saved gids to the requested values.
    380  * non-root callers can only ever change gids to values that match
    381  * one of the processes current gid values.
    382  * This is further restricted by the flags argument.
    383  */
    384 
    385 int
    386 do_setresgid(struct lwp *l, gid_t r, gid_t e, gid_t sv, u_int flags)
    387 {
    388 	struct proc *p = l->l_proc;
    389 	kauth_cred_t cred = p->p_cred;
    390 
    391 	/*
    392 	 * check new value is one of the allowed existing values.
    393 	 * otherwise, check if we have root privilege.
    394 	 */
    395 	if ((r != -1
    396 	    && !((flags & ID_R_EQ_R) && r == kauth_cred_getgid(cred))
    397 	    && !((flags & ID_R_EQ_E) && r == kauth_cred_getegid(cred))
    398 	    && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvgid(cred))) ||
    399 	    (e != -1
    400 	    && !((flags & ID_E_EQ_R) && e == kauth_cred_getgid(cred))
    401 	    && !((flags & ID_E_EQ_E) && e == kauth_cred_getegid(cred))
    402 	    && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvgid(cred))) ||
    403 	    (sv != -1
    404 	    && !((flags & ID_S_EQ_R) && sv == kauth_cred_getgid(cred))
    405 	    && !((flags & ID_S_EQ_E) && sv == kauth_cred_getegid(cred))
    406 	    && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvgid(cred)))) {
    407 		int error;
    408 
    409 		error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
    410 		    &p->p_acflag);
    411 		if (error != 0) {
    412 			return error;
    413 		}
    414 	}
    415 
    416 	/* If nothing has changed, short circuit the request */
    417 	if ((r == -1 || r == kauth_cred_getgid(cred))
    418 	    && (e == -1 || e == kauth_cred_getegid(cred))
    419 	    && (sv == -1 || sv == kauth_cred_getsvgid(cred))) {
    420 		/* nothing to do */
    421 		return 0;
    422 	}
    423 
    424 	cred = kauth_cred_copy(cred);
    425 	p->p_cred = cred;
    426 
    427 	if (r != -1)
    428 		kauth_cred_setgid(cred, r);
    429 	if (sv != -1)
    430 		kauth_cred_setsvgid(cred, sv);
    431 	if (e != -1)
    432 		kauth_cred_setegid(cred, e);
    433 
    434 	/* Mark process as having changed credentials, stops tracing etc */
    435 	p_sugid(p);
    436 	return 0;
    437 }
    438 
    439 /* ARGSUSED */
    440 int
    441 sys_setuid(struct lwp *l, void *v, register_t *retval)
    442 {
    443 	struct sys_setuid_args /* {
    444 		syscallarg(uid_t) uid;
    445 	} */ *uap = v;
    446 	uid_t uid = SCARG(uap, uid);
    447 
    448 	return do_setresuid(l, uid, uid, uid,
    449 			    ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R);
    450 }
    451 
    452 /* ARGSUSED */
    453 int
    454 sys_seteuid(struct lwp *l, void *v, register_t *retval)
    455 {
    456 	struct sys_seteuid_args /* {
    457 		syscallarg(uid_t) euid;
    458 	} */ *uap = v;
    459 
    460 	return do_setresuid(l, -1, SCARG(uap, euid), -1, ID_E_EQ_R | ID_E_EQ_S);
    461 }
    462 
    463 int
    464 sys_setreuid(struct lwp *l, void *v, register_t *retval)
    465 {
    466 	struct sys_setreuid_args /* {
    467 		syscallarg(uid_t) ruid;
    468 		syscallarg(uid_t) euid;
    469 	} */ *uap = v;
    470 	struct proc *p = l->l_proc;
    471 	uid_t ruid, euid, svuid;
    472 
    473 	ruid = SCARG(uap, ruid);
    474 	euid = SCARG(uap, euid);
    475 	if (ruid == -1)
    476 		ruid = kauth_cred_getuid(p->p_cred);
    477 	if (euid == -1)
    478 		euid = kauth_cred_geteuid(p->p_cred);
    479 	/* Saved uid is set to the new euid if the ruid changed */
    480 	svuid = (ruid == kauth_cred_getuid(p->p_cred)) ? -1 : euid;
    481 
    482 	return do_setresuid(l, ruid, euid, svuid,
    483 			    ID_R_EQ_R | ID_R_EQ_E |
    484 			    ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S |
    485 			    ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S);
    486 }
    487 
    488 /* ARGSUSED */
    489 int
    490 sys_setgid(struct lwp *l, void *v, register_t *retval)
    491 {
    492 	struct sys_setgid_args /* {
    493 		syscallarg(gid_t) gid;
    494 	} */ *uap = v;
    495 	gid_t gid = SCARG(uap, gid);
    496 
    497 	return do_setresgid(l, gid, gid, gid,
    498 			    ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R);
    499 }
    500 
    501 /* ARGSUSED */
    502 int
    503 sys_setegid(struct lwp *l, void *v, register_t *retval)
    504 {
    505 	struct sys_setegid_args /* {
    506 		syscallarg(gid_t) egid;
    507 	} */ *uap = v;
    508 
    509 	return do_setresgid(l, -1, SCARG(uap, egid), -1, ID_E_EQ_R | ID_E_EQ_S);
    510 }
    511 
    512 int
    513 sys_setregid(struct lwp *l, void *v, register_t *retval)
    514 {
    515 	struct sys_setregid_args /* {
    516 		syscallarg(gid_t) rgid;
    517 		syscallarg(gid_t) egid;
    518 	} */ *uap = v;
    519 	struct proc *p = l->l_proc;
    520 	gid_t rgid, egid, svgid;
    521 
    522 	rgid = SCARG(uap, rgid);
    523 	egid = SCARG(uap, egid);
    524 	if (rgid == -1)
    525 		rgid = kauth_cred_getgid(p->p_cred);
    526 	if (egid == -1)
    527 		egid = kauth_cred_getegid(p->p_cred);
    528 	/* Saved gid is set to the new egid if the rgid changed */
    529 	svgid = rgid == kauth_cred_getgid(p->p_cred) ? -1 : egid;
    530 
    531 	return do_setresgid(l, rgid, egid, svgid,
    532 			ID_R_EQ_R | ID_R_EQ_E |
    533 			ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S |
    534 			ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S);
    535 }
    536 
    537 int
    538 sys_issetugid(struct lwp *l, void *v, register_t *retval)
    539 {
    540 	struct proc *p = l->l_proc;
    541 
    542 	/*
    543 	 * Note: OpenBSD sets a P_SUGIDEXEC flag set at execve() time,
    544 	 * we use P_SUGID because we consider changing the owners as
    545 	 * "tainting" as well.
    546 	 * This is significant for procs that start as root and "become"
    547 	 * a user without an exec - programs cannot know *everything*
    548 	 * that libc *might* have put in their data segment.
    549 	 */
    550 	*retval = (p->p_flag & P_SUGID) != 0;
    551 	return (0);
    552 }
    553 
    554 /*
    555  * sort -u for groups.
    556  */
    557 static int
    558 grsortu(gid_t *grp, int ngrp)
    559 {
    560 	const gid_t *src, *end;
    561 	gid_t *dst;
    562 	gid_t group;
    563 	int i, j;
    564 
    565 	/* bubble sort */
    566 	for (i = 0; i < ngrp; i++)
    567 		for (j = i + 1; j < ngrp; j++)
    568 			if (grp[i] > grp[j]) {
    569 				gid_t tmp = grp[i];
    570 				grp[i] = grp[j];
    571 				grp[j] = tmp;
    572 			}
    573 
    574 	/* uniq */
    575 	end = grp + ngrp;
    576 	src = grp;
    577 	dst = grp;
    578 	while (src < end) {
    579 		group = *src++;
    580 		while (src < end && *src == group)
    581 			src++;
    582 		*dst++ = group;
    583 	}
    584 
    585 #ifdef DIAGNOSTIC
    586 	/* zero out the rest of the array */
    587 	(void)memset(dst, 0, sizeof(*grp) * (end - dst));
    588 #endif
    589 
    590 	return dst - grp;
    591 }
    592 
    593 /* ARGSUSED */
    594 int
    595 sys_setgroups(struct lwp *l, void *v, register_t *retval)
    596 {
    597 	struct sys_setgroups_args /* {
    598 		syscallarg(int) gidsetsize;
    599 		syscallarg(const gid_t *) gidset;
    600 	} */ *uap = v;
    601 	struct proc *p = l->l_proc;
    602 	kauth_cred_t pc = p->p_cred;
    603 	int ngrp;
    604 	int error;
    605 	gid_t grp[NGROUPS];
    606 	size_t grsize;
    607 
    608 	if ((error = kauth_authorize_generic(pc, KAUTH_GENERIC_ISSUSER,
    609 				       &p->p_acflag)) != 0)
    610 		return (error);
    611 
    612 	ngrp = SCARG(uap, gidsetsize);
    613 	if ((u_int)ngrp > NGROUPS)
    614 		return (EINVAL);
    615 
    616 	grsize = ngrp * sizeof(gid_t);
    617 	error = copyin(SCARG(uap, gidset), grp, grsize);
    618 	if (error)
    619 		return (error);
    620 
    621 	ngrp = grsortu(grp, ngrp);
    622 
    623 	pc = kauth_cred_copy(pc);
    624 	p->p_cred = pc;
    625 	kauth_cred_setgroups(pc, grp, ngrp, -1);
    626 
    627 	p_sugid(p);
    628 	return (0);
    629 }
    630 
    631 /*
    632  * Get login name, if available.
    633  */
    634 /* ARGSUSED */
    635 int
    636 sys___getlogin(struct lwp *l, void *v, register_t *retval)
    637 {
    638 	struct sys___getlogin_args /* {
    639 		syscallarg(char *) namebuf;
    640 		syscallarg(size_t) namelen;
    641 	} */ *uap = v;
    642 	struct proc *p = l->l_proc;
    643 
    644 	if (SCARG(uap, namelen) > sizeof(p->p_pgrp->pg_session->s_login))
    645 		SCARG(uap, namelen) = sizeof(p->p_pgrp->pg_session->s_login);
    646 	return (copyout((caddr_t) p->p_pgrp->pg_session->s_login,
    647 	    (caddr_t) SCARG(uap, namebuf), SCARG(uap, namelen)));
    648 }
    649 
    650 /*
    651  * Set login name.
    652  */
    653 /* ARGSUSED */
    654 int
    655 sys___setlogin(struct lwp *l, void *v, register_t *retval)
    656 {
    657 	struct sys___setlogin_args /* {
    658 		syscallarg(const char *) namebuf;
    659 	} */ *uap = v;
    660 	struct proc *p = l->l_proc;
    661 	struct session *s = p->p_pgrp->pg_session;
    662 	char newname[sizeof s->s_login + 1];
    663 	int error;
    664 
    665 	if ((error = kauth_authorize_generic(p->p_cred, KAUTH_GENERIC_ISSUSER,
    666 				       &p->p_acflag)) != 0)
    667 		return (error);
    668 	error = copyinstr(SCARG(uap, namebuf), &newname, sizeof newname, NULL);
    669 	if (error != 0)
    670 		return (error == ENAMETOOLONG ? EINVAL : error);
    671 
    672 	if (s->s_flags & S_LOGIN_SET && p->p_pid != s->s_sid &&
    673 	    strncmp(newname, s->s_login, sizeof s->s_login) != 0)
    674 		log(LOG_WARNING, "%s (pid %d) changing logname from "
    675 		    "%.*s to %s\n", p->p_comm, p->p_pid,
    676 		    (int)sizeof s->s_login, s->s_login, newname);
    677 	s->s_flags |= S_LOGIN_SET;
    678 	strncpy(s->s_login, newname, sizeof s->s_login);
    679 	return (0);
    680 }
    681