- (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found
with krb5-config, hunt down gssapi.h and friends. Based partially on patch
from deengert at anl.gov. ok djm@
+ - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime
+ using sysconf() if available Based on patches from
+ holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
20040223
- (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the
#include "log.h"
static int ngroups;
-static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
+static char **groups_byname;
/*
* Initialize group access list for user with primary (base) and
int
ga_init(const char *user, gid_t base)
{
- gid_t groups_bygid[NGROUPS_MAX + 1];
+ gid_t *groups_bygid;
int i, j;
struct group *gr;
if (ngroups > 0)
ga_free();
- ngroups = sizeof(groups_bygid) / sizeof(gid_t);
+ ngroups = NGROUPS_MAX;
+#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
+ ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
+#endif
+
+ groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
+ groups_byname = xmalloc(ngroups * sizeof(*groups_byname));
+
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
logit("getgrouplist: groups list too small");
for (i = 0, j = 0; i < ngroups; i++)
if ((gr = getgrgid(groups_bygid[i])) != NULL)
groups_byname[j++] = xstrdup(gr->gr_name);
+ xfree(groups_bygid);
return (ngroups = j);
}
for (i = 0; i < ngroups; i++)
xfree(groups_byname[i]);
ngroups = 0;
+ xfree(groups_byname);
}
}
#include "log.h"
#include "uidswap.h"
+#include "xmalloc.h"
/*
* Note: all these functions must work in all of the following cases:
/* Saved effective uid. */
static int privileged = 0;
static int temporarily_use_uid_effective = 0;
-static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
+static gid_t *saved_egroups = NULL, *user_groups = NULL;
static int saved_egroupslen = -1, user_groupslen = -1;
/*
privileged = 1;
temporarily_use_uid_effective = 1;
- saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
+
+ saved_egroupslen = getgroups(0, NULL);
if (saved_egroupslen < 0)
fatal("getgroups: %.100s", strerror(errno));
+ if (saved_egroupslen > 0) {
+ saved_egroups = xrealloc(saved_egroups,
+ saved_egroupslen * sizeof(gid_t));
+ if (getgroups(saved_egroupslen, saved_egroups) < 0)
+ fatal("getgroups: %.100s", strerror(errno));
+ } else { /* saved_egroupslen == 0 */
+ if (saved_egroups)
+ xfree(saved_egroups);
+ }
/* set and save the user's groups */
if (user_groupslen == -1) {
if (initgroups(pw->pw_name, pw->pw_gid) < 0)
fatal("initgroups: %s: %.100s", pw->pw_name,
strerror(errno));
- user_groupslen = getgroups(NGROUPS_MAX, user_groups);
+
+ user_groupslen = getgroups(0, NULL);
if (user_groupslen < 0)
fatal("getgroups: %.100s", strerror(errno));
+ if (user_groupslen > 0) {
+ user_groups = xrealloc(user_groups,
+ user_groupslen * sizeof(gid_t));
+ if (getgroups(user_groupslen, user_groups) < 0)
+ fatal("getgroups: %.100s", strerror(errno));
+ } else { /* user_groupslen == 0 */
+ if (user_groups)
+ xfree(user_groups);
+ }
}
/* Set the effective uid to the given (unprivileged) uid. */
if (setgroups(user_groupslen, user_groups) < 0)
andersk / openssh.git / commitdiff
