- (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime
using sysconf() if available Based on patches from holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
This commit is contained in:
Damien Miller
parent
8a4e4f8779
commit
a811d9a9a1
|
|
@ -16,6 +16,9 @@
|
|||
- (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found
|
||||
with krb5-config, hunt down gssapi.h and friends. Based partially on patch
|
||||
from deengert at anl.gov. ok djm@
|
||||
- (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime
|
||||
using sysconf() if available Based on patches from
|
||||
holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
|
||||
|
||||
20040223
|
||||
- (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the
|
||||
|
|
@ -1919,4 +1922,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3249 2004/02/23 23:58:10 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3250 2004/02/24 02:05:11 djm Exp $
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $");
|
|||
#include "log.h"
|
||||
|
||||
static int ngroups;
|
||||
static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
|
||||
static char **groups_byname;
|
||||
|
||||
/*
|
||||
* Initialize group access list for user with primary (base) and
|
||||
|
|
@ -40,19 +40,27 @@ static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
|
|||
int
|
||||
ga_init(const char *user, gid_t base)
|
||||
{
|
||||
gid_t groups_bygid[NGROUPS_MAX + 1];
|
||||
gid_t *groups_bygid;
|
||||
int i, j;
|
||||
struct group *gr;
|
||||
|
||||
if (ngroups > 0)
|
||||
ga_free();
|
||||
|
||||
ngroups = sizeof(groups_bygid) / sizeof(gid_t);
|
||||
ngroups = NGROUPS_MAX;
|
||||
#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
|
||||
ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
|
||||
#endif
|
||||
|
||||
groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
|
||||
groups_byname = xmalloc(ngroups * sizeof(*groups_byname));
|
||||
|
||||
if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
|
||||
logit("getgrouplist: groups list too small");
|
||||
for (i = 0, j = 0; i < ngroups; i++)
|
||||
if ((gr = getgrgid(groups_bygid[i])) != NULL)
|
||||
groups_byname[j++] = xstrdup(gr->gr_name);
|
||||
xfree(groups_bygid);
|
||||
return (ngroups = j);
|
||||
}
|
||||
|
||||
|
|
@ -84,5 +92,6 @@ ga_free(void)
|
|||
for (i = 0; i < ngroups; i++)
|
||||
xfree(groups_byname[i]);
|
||||
ngroups = 0;
|
||||
xfree(groups_byname);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
27
uidswap.c
27
uidswap.c
|
|
@ -16,6 +16,7 @@ RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $");
|
|||
|
||||
#include "log.h"
|
||||
#include "uidswap.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
/*
|
||||
* Note: all these functions must work in all of the following cases:
|
||||
|
|
@ -38,7 +39,7 @@ static gid_t saved_egid = 0;
|
|||
/* Saved effective uid. */
|
||||
static int privileged = 0;
|
||||
static int temporarily_use_uid_effective = 0;
|
||||
static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
|
||||
static gid_t *saved_egroups = NULL, *user_groups = NULL;
|
||||
static int saved_egroupslen = -1, user_groupslen = -1;
|
||||
|
||||
/*
|
||||
|
|
@ -68,18 +69,38 @@ temporarily_use_uid(struct passwd *pw)
|
|||
|
||||
privileged = 1;
|
||||
temporarily_use_uid_effective = 1;
|
||||
saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
|
||||
|
||||
saved_egroupslen = getgroups(0, NULL);
|
||||
if (saved_egroupslen < 0)
|
||||
fatal("getgroups: %.100s", strerror(errno));
|
||||
if (saved_egroupslen > 0) {
|
||||
saved_egroups = xrealloc(saved_egroups,
|
||||
saved_egroupslen * sizeof(gid_t));
|
||||
if (getgroups(saved_egroupslen, saved_egroups) < 0)
|
||||
fatal("getgroups: %.100s", strerror(errno));
|
||||
} else { /* saved_egroupslen == 0 */
|
||||
if (saved_egroups)
|
||||
xfree(saved_egroups);
|
||||
}
|
||||
|
||||
/* set and save the user's groups */
|
||||
if (user_groupslen == -1) {
|
||||
if (initgroups(pw->pw_name, pw->pw_gid) < 0)
|
||||
fatal("initgroups: %s: %.100s", pw->pw_name,
|
||||
strerror(errno));
|
||||
user_groupslen = getgroups(NGROUPS_MAX, user_groups);
|
||||
|
||||
user_groupslen = getgroups(0, NULL);
|
||||
if (user_groupslen < 0)
|
||||
fatal("getgroups: %.100s", strerror(errno));
|
||||
if (user_groupslen > 0) {
|
||||
user_groups = xrealloc(user_groups,
|
||||
user_groupslen * sizeof(gid_t));
|
||||
if (getgroups(user_groupslen, user_groups) < 0)
|
||||
fatal("getgroups: %.100s", strerror(errno));
|
||||
} else { /* user_groupslen == 0 */
|
||||
if (user_groups)
|
||||
xfree(user_groups);
|
||||
}
|
||||
}
|
||||
/* Set the effective uid to the given (unprivileged) uid. */
|
||||
if (setgroups(user_groupslen, user_groups) < 0)
|
||||
|
|
|
|||
Loading…
Reference in New Issue