diff options
author | Damien Miller <djm@mindrot.org> | 2004-02-24 13:05:11 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2004-02-24 13:05:11 +1100 |
commit | a811d9a9a167ffb018f18be84dc810826e73c8f2 (patch) | |
tree | 3595346bd26b9252a270f8982b140b973502b499 | |
parent | 8a4e4f8779ca39e97a8580263c94dc91cfb745ca (diff) |
- (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime
using sysconf() if available Based on patches from
holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | groupaccess.c | 15 | ||||
-rw-r--r-- | uidswap.c | 27 |
3 files changed, 40 insertions, 7 deletions
@@ -16,6 +16,9 @@ | |||
16 | - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found | 16 | - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found |
17 | with krb5-config, hunt down gssapi.h and friends. Based partially on patch | 17 | with krb5-config, hunt down gssapi.h and friends. Based partially on patch |
18 | from deengert at anl.gov. ok djm@ | 18 | from deengert at anl.gov. ok djm@ |
19 | - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime | ||
20 | using sysconf() if available Based on patches from | ||
21 | holger AT van-lengerich.de and openssh_bugzilla AT hockin.org | ||
19 | 22 | ||
20 | 20040223 | 23 | 20040223 |
21 | - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the | 24 | - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the |
@@ -1919,4 +1922,4 @@ | |||
1919 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1922 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1920 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1923 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1921 | 1924 | ||
1922 | $Id: ChangeLog,v 1.3249 2004/02/23 23:58:10 dtucker Exp $ | 1925 | $Id: ChangeLog,v 1.3250 2004/02/24 02:05:11 djm Exp $ |
diff --git a/groupaccess.c b/groupaccess.c index fbf794fc8..f50879f83 100644 --- a/groupaccess.c +++ b/groupaccess.c | |||
@@ -31,7 +31,7 @@ RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $"); | |||
31 | #include "log.h" | 31 | #include "log.h" |
32 | 32 | ||
33 | static int ngroups; | 33 | static int ngroups; |
34 | static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ | 34 | static char **groups_byname; |
35 | 35 | ||
36 | /* | 36 | /* |
37 | * Initialize group access list for user with primary (base) and | 37 | * Initialize group access list for user with primary (base) and |
@@ -40,19 +40,27 @@ static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ | |||
40 | int | 40 | int |
41 | ga_init(const char *user, gid_t base) | 41 | ga_init(const char *user, gid_t base) |
42 | { | 42 | { |
43 | gid_t groups_bygid[NGROUPS_MAX + 1]; | 43 | gid_t *groups_bygid; |
44 | int i, j; | 44 | int i, j; |
45 | struct group *gr; | 45 | struct group *gr; |
46 | 46 | ||
47 | if (ngroups > 0) | 47 | if (ngroups > 0) |
48 | ga_free(); | 48 | ga_free(); |
49 | 49 | ||
50 | ngroups = sizeof(groups_bygid) / sizeof(gid_t); | 50 | ngroups = NGROUPS_MAX; |
51 | #if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) | ||
52 | ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX)); | ||
53 | #endif | ||
54 | |||
55 | groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid)); | ||
56 | groups_byname = xmalloc(ngroups * sizeof(*groups_byname)); | ||
57 | |||
51 | if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) | 58 | if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) |
52 | logit("getgrouplist: groups list too small"); | 59 | logit("getgrouplist: groups list too small"); |
53 | for (i = 0, j = 0; i < ngroups; i++) | 60 | for (i = 0, j = 0; i < ngroups; i++) |
54 | if ((gr = getgrgid(groups_bygid[i])) != NULL) | 61 | if ((gr = getgrgid(groups_bygid[i])) != NULL) |
55 | groups_byname[j++] = xstrdup(gr->gr_name); | 62 | groups_byname[j++] = xstrdup(gr->gr_name); |
63 | xfree(groups_bygid); | ||
56 | return (ngroups = j); | 64 | return (ngroups = j); |
57 | } | 65 | } |
58 | 66 | ||
@@ -84,5 +92,6 @@ ga_free(void) | |||
84 | for (i = 0; i < ngroups; i++) | 92 | for (i = 0; i < ngroups; i++) |
85 | xfree(groups_byname[i]); | 93 | xfree(groups_byname[i]); |
86 | ngroups = 0; | 94 | ngroups = 0; |
95 | xfree(groups_byname); | ||
87 | } | 96 | } |
88 | } | 97 | } |
@@ -16,6 +16,7 @@ RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $"); | |||
16 | 16 | ||
17 | #include "log.h" | 17 | #include "log.h" |
18 | #include "uidswap.h" | 18 | #include "uidswap.h" |
19 | #include "xmalloc.h" | ||
19 | 20 | ||
20 | /* | 21 | /* |
21 | * Note: all these functions must work in all of the following cases: | 22 | * Note: all these functions must work in all of the following cases: |
@@ -38,7 +39,7 @@ static gid_t saved_egid = 0; | |||
38 | /* Saved effective uid. */ | 39 | /* Saved effective uid. */ |
39 | static int privileged = 0; | 40 | static int privileged = 0; |
40 | static int temporarily_use_uid_effective = 0; | 41 | static int temporarily_use_uid_effective = 0; |
41 | static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX]; | 42 | static gid_t *saved_egroups = NULL, *user_groups = NULL; |
42 | static int saved_egroupslen = -1, user_groupslen = -1; | 43 | static int saved_egroupslen = -1, user_groupslen = -1; |
43 | 44 | ||
44 | /* | 45 | /* |
@@ -68,18 +69,38 @@ temporarily_use_uid(struct passwd *pw) | |||
68 | 69 | ||
69 | privileged = 1; | 70 | privileged = 1; |
70 | temporarily_use_uid_effective = 1; | 71 | temporarily_use_uid_effective = 1; |
71 | saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); | 72 | |
73 | saved_egroupslen = getgroups(0, NULL); | ||
72 | if (saved_egroupslen < 0) | 74 | if (saved_egroupslen < 0) |
73 | fatal("getgroups: %.100s", strerror(errno)); | 75 | fatal("getgroups: %.100s", strerror(errno)); |
76 | if (saved_egroupslen > 0) { | ||
77 | saved_egroups = xrealloc(saved_egroups, | ||
78 | saved_egroupslen * sizeof(gid_t)); | ||
79 | if (getgroups(saved_egroupslen, saved_egroups) < 0) | ||
80 | fatal("getgroups: %.100s", strerror(errno)); | ||
81 | } else { /* saved_egroupslen == 0 */ | ||
82 | if (saved_egroups) | ||
83 | xfree(saved_egroups); | ||
84 | } | ||
74 | 85 | ||
75 | /* set and save the user's groups */ | 86 | /* set and save the user's groups */ |
76 | if (user_groupslen == -1) { | 87 | if (user_groupslen == -1) { |
77 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) | 88 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) |
78 | fatal("initgroups: %s: %.100s", pw->pw_name, | 89 | fatal("initgroups: %s: %.100s", pw->pw_name, |
79 | strerror(errno)); | 90 | strerror(errno)); |
80 | user_groupslen = getgroups(NGROUPS_MAX, user_groups); | 91 | |
92 | user_groupslen = getgroups(0, NULL); | ||
81 | if (user_groupslen < 0) | 93 | if (user_groupslen < 0) |
82 | fatal("getgroups: %.100s", strerror(errno)); | 94 | fatal("getgroups: %.100s", strerror(errno)); |
95 | if (user_groupslen > 0) { | ||
96 | user_groups = xrealloc(user_groups, | ||
97 | user_groupslen * sizeof(gid_t)); | ||
98 | if (getgroups(user_groupslen, user_groups) < 0) | ||
99 | fatal("getgroups: %.100s", strerror(errno)); | ||
100 | } else { /* user_groupslen == 0 */ | ||
101 | if (user_groups) | ||
102 | xfree(user_groups); | ||
103 | } | ||
83 | } | 104 | } |
84 | /* Set the effective uid to the given (unprivileged) uid. */ | 105 | /* Set the effective uid to the given (unprivileged) uid. */ |
85 | if (setgroups(user_groupslen, user_groups) < 0) | 106 | if (setgroups(user_groupslen, user_groups) < 0) |