PSARC 2009/542 Increase the maximum value of NGROUPS_MAX to 1024

4088757 Customer would like to increase ngroups_max more than 32 6853435 Many files incorrectly include the private <sys/cred_impl.h>
author: Casper H.S. Dik <Casper.Dik@Sun.COM> 2009-11-20 20:58:43 +0100
committer: Casper H.S. Dik <Casper.Dik@Sun.COM> 2009-11-20 20:58:43 +0100
commit: 67dbe2be0c0f1e2eb428b89088bb5667e8f0b9f6 (patch)
tree: ae276da3565da2f00f984253f7b5da205d4384c5 /usr/src/cmd
parent: f73ae3db72a91f9f8759931a1c643c7dad785881 (diff)
download: illumos-gate-67dbe2be0c0f1e2eb428b89088bb5667e8f0b9f6.tar.gz
11 files changed, 121 insertions, 103 deletions
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/ftpcmd.y b/usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/ftpcmd.y
index 90cc538e81..cde2ccab4b 100644
--- a/usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/ftpcmd.y
+++ b/usr/src/cmd/cmd-inet/usr.sbin/in.ftpd/ftpcmd.y
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -34,8 +34,6 @@
  */
 
 %{
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include "config.h"
 #include <sys/param.h>
 #include <sys/types.h>
@@ -60,6 +58,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <limits.h>
+#include <alloca.h>
 #include "extensions.h"
 #include "pathnames.h"
 #include "proto.h"
@@ -2495,10 +2494,15 @@ void cdpath(void)
 
 void print_groups(void)
 {
-    gid_t groups[NGROUPS_MAX];
-    int ngroups = 0;
+    gid_t *groups;
+    int ngroups;
+    int maxgrp;
+
+    maxgrp = getgroups(0, NULL);
+
+    groups = alloca(maxgrp * sizeof (gid_t));
 
-    if ((ngroups = getgroups(NGROUPS_MAX, groups)) < 0) {
+    if ((ngroups = getgroups(maxgrp, groups)) < 0) {
 	return;
     }
 
diff --git a/usr/src/cmd/oamuser/lib/Makefile b/usr/src/cmd/oamuser/lib/Makefile
index 3f6475621b..b431c2f5c8 100644
--- a/usr/src/cmd/oamuser/lib/Makefile
+++ b/usr/src/cmd/oamuser/lib/Makefile
@@ -19,11 +19,9 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
-#
 
 LIBRARY= 	lib.a
 
@@ -38,7 +36,6 @@ OBJECTS= 	putgrent.o \
 		vgname.o \
 		vgroup.o \
 		vuid.o \
-		get_ngm.o \
 		vlogin.o \
 		vproj.o \
 		dates.o \
diff --git a/usr/src/cmd/oamuser/lib/get_ngm.c b/usr/src/cmd/oamuser/lib/get_ngm.c
deleted file mode 100644
index 409d7bd74f..0000000000
--- a/usr/src/cmd/oamuser/lib/get_ngm.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*	Copyright 1996 Sun Microsystems, Inc. All rights reserved. */
-/*	Use is subject to license terms. */
-
-/*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
-/*	  All Rights Reserved  	*/
-
-#pragma	ident	"%Z%%M%	%I%	%E% SMI"
-
-#include <sys/param.h>
-#include <unistd.h>
-
-/*
- * read the value of NGROUPS_MAX from the kernel
- */
-int
-get_ngm(void)
-{
-	static int ngm = -1;
-
-	if (ngm == -1 &&
-	    (ngm = (int)sysconf(_SC_NGROUPS_MAX)) == -1)
-		ngm = NGROUPS_UMAX;
-
-	return (ngm);
-}
diff --git a/usr/src/cmd/oamuser/user/val_lgrp.c b/usr/src/cmd/oamuser/user/val_lgrp.c
index db7c0c0903..2ad9d38efb 100644
--- a/usr/src/cmd/oamuser/user/val_lgrp.c
+++ b/usr/src/cmd/oamuser/user/val_lgrp.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -28,20 +27,19 @@
 /*	  All Rights Reserved  	*/
 
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include	<sys/types.h>
 #include	<stdio.h>
+#include	<stdlib.h>
 #include	<sys/param.h>
+#include	<unistd.h>
 #include	<users.h>
 #include	<userdefs.h>
 #include	"messages.h"
 
-extern int get_ngm();
 extern void exit();
 extern char *strtok();
 
-static gid_t grplist[ NGROUPS_UMAX + 1 ];
+static gid_t *grplist;
 static int ngroups_max = 0;
 
 /* Validate a list of groups */
@@ -57,6 +55,11 @@ valid_lgroup(char *list, gid_t gid)
 	if( !list || !*list )
 		return( (int **) NULL );
 
+	if (ngroups_max == 0) {
+		ngroups_max = sysconf(_SC_NGROUPS_MAX);
+		grplist = malloc((ngroups_max + 1) * sizeof (gid_t));
+	}
+
 	while (ptr = strtok(((i || n_invalid || dup_prim)? NULL: list), ",")) {
 
 		switch (valid_group(ptr, &g_ptr, &warning)) {
@@ -98,10 +101,6 @@ valid_lgroup(char *list, gid_t gid)
 		if (warning)
 			warningmsg(warning, ptr);
 
-		if( !ngroups_max )
-			ngroups_max = get_ngm();
-
-
 		if( i >= ngroups_max ) {
 			errmsg( M_MAXGROUPS, ngroups_max );
 			break;
diff --git a/usr/src/cmd/perl/5.8.4/distrib/doio.c b/usr/src/cmd/perl/5.8.4/distrib/doio.c
index e452bc3a4e..e4fdd87266 100644
--- a/usr/src/cmd/perl/5.8.4/distrib/doio.c
+++ b/usr/src/cmd/perl/5.8.4/distrib/doio.c
@@ -1,3 +1,7 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
 /*    doio.c
  *
  *    Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
@@ -34,6 +38,10 @@
 #endif
 #endif
 
+#if defined(HAS_GETGROUPS) && defined(__sun)
+#include <alloca.h>
+#endif
+
 #ifdef I_UTIME
 #  if defined(_MSC_VER) || defined(__MINGW32__)
 #    include <sys/utime.h>
@@ -1877,13 +1885,21 @@ Perl_ingroup(pTHX_ Gid_t testgid, Uid_t effective)
 	return TRUE;
 #ifdef HAS_GETGROUPS
 #ifndef NGROUPS
-#define NGROUPS 32
+#define	NGROUPS 32
 #endif
     {
-	Groups_t gary[NGROUPS];
 	I32 anum;
+#ifdef __sun
+	int maxgrp = getgroups(0, NULL);
+	Groups_t *gary = alloca(maxgrp * sizeof (Groups_t));
+
+	anum = getgroups(maxgrp,gary);
+#else
+	Groups_t gary[NGROUPS];
 
 	anum = getgroups(NGROUPS,gary);
+#endif
+
 	while (--anum >= 0)
 	    if (gary[anum] == testgid)
 		return TRUE;
diff --git a/usr/src/cmd/perl/5.8.4/distrib/mg.c b/usr/src/cmd/perl/5.8.4/distrib/mg.c
index 76ef523323..8dd7ef239c 100644
--- a/usr/src/cmd/perl/5.8.4/distrib/mg.c
+++ b/usr/src/cmd/perl/5.8.4/distrib/mg.c
@@ -1,3 +1,7 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
 /*    mg.c
  *
  *    Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
@@ -28,6 +32,10 @@
 #  ifdef I_GRP
 #    include <grp.h>
 #  endif
+#ifdef __sun
+#include <alloca.h>
+#include <unistd.h>
+#endif
 #endif
 
 #ifdef __hpux
@@ -891,8 +899,14 @@ Perl_magic_get(pTHX_ SV *sv, MAGIC *mg)
       add_groups:
 #ifdef HAS_GETGROUPS
 	{
+#ifdef __sun
+	    int maxgrp = getgroups(0, NULL);
+	    Groups_t *gary = alloca(maxgrp * sizeof (Groups_t));
+	    i = getgroups(maxgrp,gary);
+#else
 	    Groups_t gary[NGROUPS];
 	    i = getgroups(NGROUPS,gary);
+#endif
 	    while (--i >= 0)
 		Perl_sv_catpvf(aTHX_ sv, " %"Gid_t_f, gary[i]);
 	}
@@ -2368,12 +2382,18 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
 #ifdef HAS_SETGROUPS
 	{
 	    char *p = SvPV(sv, len);
+#ifdef _SC_NGROUPS_MAX
+	    int maxgrp = sysconf(_SC_NGROUPS_MAX);
+	    Groups_t *gary = alloca(maxgrp * sizeof (Groups_t));
+#else
+	    int maxgrp = NGROUPS;
 	    Groups_t gary[NGROUPS];
+#endif
 
 	    while (isSPACE(*p))
 		++p;
 	    PL_egid = Atol(p);
-	    for (i = 0; i < NGROUPS; ++i) {
+	    for (i = 0; i < maxgrp; ++i) {
 		while (*p && !isSPACE(*p))
 		    ++p;
 		while (isSPACE(*p))
diff --git a/usr/src/cmd/praudit/token.c b/usr/src/cmd/praudit/token.c
index 4c1c0ba02b..f52291d8d6 100644
--- a/usr/src/cmd/praudit/token.c
+++ b/usr/src/cmd/praudit/token.c
@@ -1808,6 +1808,8 @@ attribute64_token(pr_context_t *context)
  * return codes 	: -1 - error
  *			:  0 - successful
  * NOTE: At the time of call, the group token id has been retrieved
+ * NOTE: This token is obsolete; it supports exactly NGROUPS_MAX
+ * groups.
  *
  * Format of group token:
  *	group token id		adr_char
diff --git a/usr/src/cmd/print/lpset/lpset.c b/usr/src/cmd/print/lpset/lpset.c
index d0a765caea..04b0cc7677 100644
--- a/usr/src/cmd/print/lpset/lpset.c
+++ b/usr/src/cmd/print/lpset/lpset.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/types.h>
@@ -39,6 +37,7 @@
 #include <libintl.h>
 #endif
 #include <pwd.h>
+#include <alloca.h>
 
 #include <ns.h>
 #include <list.h>
@@ -54,8 +53,9 @@ authorized()
 {
 	struct passwd *pw;
 	uid_t uid;
-	gid_t list[NGROUPS_MAX];
+	gid_t *list;
 	int len;
+	int maxgrp;
 
 	if ((uid = getuid()) == 0)
 		return (1);	/* "root" is authorized */
@@ -69,8 +69,12 @@ authorized()
 	if (chkauthattr("solaris.print.admin", pw->pw_name) == 1)
 		return (1);	/* "solaris.print.admin" is authorized */
 
-	if ((len = getgroups(sizeof (list), list)) != -1)
-		for (; len >= 0; len--)
+	/* How many supplemental groups do we have? */
+	maxgrp = getgroups(0, NULL);
+	list = alloca(maxgrp * sizeof (gid_t));
+
+	if ((len = getgroups(maxgrp, list)) != -1)
+		while (len-- > 0)
 			if (list[len] == 14)
 				return (1);	/* group 14 is authorized */
 
diff --git a/usr/src/cmd/smserverd/myaudit.c b/usr/src/cmd/smserverd/myaudit.c
index ecc0227c6d..845f53fe8b 100644
--- a/usr/src/cmd/smserverd/myaudit.c
+++ b/usr/src/cmd/smserverd/myaudit.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -36,6 +36,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <alloca.h>
 #include <sys/smedia.h>
 #include <tsol/label.h>
 #include "smserver.h"
@@ -129,7 +130,7 @@ audit_save_me(door_data_t	*door_dp)
 		return (ret_val);
 	door_dp->audit_ap.ap_pid = client_cred.dc_pid;
 	ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap,
-		sizeof (door_dp->audit_ap));
+	    sizeof (door_dp->audit_ap));
 	if (ret_val == -1)
 		return (ret_val);
 
@@ -144,7 +145,7 @@ audit_save_me(door_data_t	*door_dp)
 	door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type;
 	for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++)
 		door_dp->audit_tid.at_addr[i] =
-			door_dp->audit_ap.ap_termid.at_addr[i];
+		    door_dp->audit_ap.ap_termid.at_addr[i];
 	(void) audit_save_policy(door_dp);
 	return (0);
 }
@@ -205,19 +206,19 @@ audit_audit(door_data_t *door_dp)
 	}
 
 	(void) au_write(ad, au_to_subject_ex(door_dp->audit_auid,
-		door_dp->audit_euid,
-		door_dp->audit_egid,
-		door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid,
-		door_dp->audit_asid, &door_dp->audit_tid));
+	    door_dp->audit_euid,
+	    door_dp->audit_egid,
+	    door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid,
+	    door_dp->audit_asid, &door_dp->audit_tid));
 	if (is_system_labeled())
 		(void) au_write(ad, au_to_mylabel());
 	if (door_dp->audit_policy & AUDIT_GROUP) {
 
 		int ng;
-		gid_t grplst[NGROUPS_MAX];
+		int maxgrp = getgroups(0, NULL);
+		gid_t *grplst = alloca(maxgrp * sizeof (gid_t));
 
-		(void) memset(grplst, 0, sizeof (grplst));
-		if ((ng = getgroups(NGROUPS_UMAX, grplst))) {
+		if ((ng = getgroups(maxgrp, grplst))) {
 			(void) au_write(ad, au_to_newgroups(ng, grplst));
 		}
 	}
@@ -232,10 +233,10 @@ audit_audit(door_data_t *door_dp)
 	}
 #ifdef _LP64
 	(void) au_write(ad, au_to_return64((door_dp->audit_sorf == 0) ? 0 : -1,
-		(int64_t)door_dp->audit_sorf));
+	    (int64_t)door_dp->audit_sorf));
 #else
 	(void) au_write(ad, au_to_return32((door_dp->audit_sorf == 0) ? 0 : -1,
-		(int32_t)door_dp->audit_sorf));
+	    (int32_t)door_dp->audit_sorf));
 #endif
 	if (au_close(ad, 1, door_dp->audit_event) < 0) {
 		(void) au_close(ad, 0, 0);
@@ -253,7 +254,7 @@ audit_na_selected(door_data_t *door_dp)
 	}
 
 	return (selected(door_dp->audit_event,
-		&door_dp->audit_namask, door_dp->audit_sorf));
+	    &door_dp->audit_namask, door_dp->audit_sorf));
 }
 
 static int
@@ -266,7 +267,7 @@ audit_selected(door_data_t *door_dp)
 	}
 
 	return (selected(door_dp->audit_event,
-		&door_dp->audit_ap.ap_mask, door_dp->audit_sorf));
+	    &door_dp->audit_ap.ap_mask, door_dp->audit_sorf));
 }
 
 static int
diff --git a/usr/src/cmd/ssh/libssh/common/uidswap.c b/usr/src/cmd/ssh/libssh/common/uidswap.c
index 32256b4718..942b22a749 100644
--- a/usr/src/cmd/ssh/libssh/common/uidswap.c
+++ b/usr/src/cmd/ssh/libssh/common/uidswap.c
@@ -46,7 +46,8 @@ static gid_t	saved_egid = 0;
 /* Saved effective uid. */
 static int	privileged = 0;
 static int	temporarily_use_uid_effective = 0;
-static gid_t	saved_egroups[NGROUPS_UMAX], user_groups[NGROUPS_UMAX];
+static int	ngroups_max = -1;
+static gid_t	*saved_egroups, *user_groups;
 static int	saved_egroupslen = -1, user_groupslen = -1;
 
 /*
@@ -76,7 +77,16 @@ temporarily_use_uid(struct passwd *pw)
 
 	privileged = 1;
 	temporarily_use_uid_effective = 1;
-	saved_egroupslen = getgroups(NGROUPS_UMAX, saved_egroups);
+
+	if (ngroups_max < 0) {
+		ngroups_max = sysconf(_SC_NGROUPS_MAX);
+		saved_egroups = malloc(ngroups_max * sizeof (gid_t));
+		user_groups = malloc(ngroups_max * sizeof (gid_t));
+		if (saved_egroups == NULL || user_groups == NULL)
+			fatal("malloc(gid array): %.100s", strerror(errno));
+	}
+
+	saved_egroupslen = getgroups(ngroups_max, saved_egroups);
 	if (saved_egroupslen < 0)
 		fatal("getgroups: %.100s", strerror(errno));
 
@@ -85,7 +95,7 @@ temporarily_use_uid(struct passwd *pw)
 		if (initgroups(pw->pw_name, pw->pw_gid) < 0)
 			fatal("initgroups: %s: %.100s", pw->pw_name,
 			    strerror(errno));
-		user_groupslen = getgroups(NGROUPS_UMAX, user_groups);
+		user_groupslen = getgroups(ngroups_max, user_groups);
 		if (user_groupslen < 0)
 			fatal("getgroups: %.100s", strerror(errno));
 	}
diff --git a/usr/src/cmd/ssh/sshd/groupaccess.c b/usr/src/cmd/ssh/sshd/groupaccess.c
index 2d8aa3ca80..2239832e1b 100644
--- a/usr/src/cmd/ssh/sshd/groupaccess.c
+++ b/usr/src/cmd/ssh/sshd/groupaccess.c
@@ -1,4 +1,8 @@
 /*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+/*
  * Copyright (c) 2001 Kevin Steves.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -29,9 +33,10 @@ RCSID("$OpenBSD: groupaccess.c,v 1.5 2002/03/04 17:27:39 stevesk Exp $");
 #include "xmalloc.h"
 #include "match.h"
 #include "log.h"
+#include <alloca.h>
 
-static int ngroups;
-static char *groups_byname[NGROUPS_UMAX + 1];	/* +1 for base/primary group */
+static int ngroups, ngroups_lim;
+static char **groups_byname;
 
 /*
  * Initialize group access list for user with primary (base) and
@@ -40,14 +45,20 @@ static char *groups_byname[NGROUPS_UMAX + 1];	/* +1 for base/primary group */
 int
 ga_init(const char *user, gid_t base)
 {
-	gid_t groups_bygid[NGROUPS_UMAX + 1];
+	gid_t *groups_bygid;
 	int i, j;
 	struct group *gr;
 
-	if (ngroups > 0)
+	if (ngroups_lim == 0) {
+		/* Add one for the base gid */
+		ngroups_lim = sysconf(_SC_NGROUPS_MAX) + 1;
+		groups_byname = malloc(sizeof (char *) * ngroups_lim);
+	} else if (ngroups > 0)
 		ga_free();
 
-	ngroups = sizeof(groups_bygid) / sizeof(gid_t);
+	groups_bygid = alloca(ngroups_lim * sizeof (gid_t));
+
+	ngroups = ngroups_lim;
 	if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
 		log("getgrouplist: groups list too small");
 	for (i = 0, j = 0; i < ngroups; i++)
@@ -68,8 +79,8 @@ ga_match(char * const *groups, int n)
 	for (i = 0; i < ngroups; i++)
 		for (j = 0; j < n; j++)
 			if (match_pattern(groups_byname[i], groups[j]))
-				return 1;
-	return 0;
+				return (1);
+	return (0);
 }
 
 /*
@@ -86,14 +97,14 @@ ga_match_pattern_list(const char *group_pattern)
 		switch (match_pattern_list(groups_byname[i],
 		    group_pattern, len, 0)) {
 		case -1:
-			return 0;	/* Negated match wins */
+			return (0);	/* Negated match wins */
 		case 0:
 			continue;
 		case 1:
 			found = 1;
 		}
 	}
-	return found;
+	return (found);
 }
 
 /*
author	Casper H.S. Dik <Casper.Dik@Sun.COM>	2009-11-20 20:58:43 +0100
committer	Casper H.S. Dik <Casper.Dik@Sun.COM>	2009-11-20 20:58:43 +0100
commit	67dbe2be0c0f1e2eb428b89088bb5667e8f0b9f6 (patch)
tree	ae276da3565da2f00f984253f7b5da205d4384c5 /usr/src/cmd
parent	f73ae3db72a91f9f8759931a1c643c7dad785881 (diff)
download	illumos-gate-67dbe2be0c0f1e2eb428b89088bb5667e8f0b9f6.tar.gz