From owner-svn-src-head@FreeBSD.ORG  Mon Jun 29 20:19:19 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E673E10656F7;
	Mon, 29 Jun 2009 20:19:19 +0000 (UTC)
	(envelope-from sson@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id CBB1D8FC27;
	Mon, 29 Jun 2009 20:19:19 +0000 (UTC)
	(envelope-from sson@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n5TKJJC8058332;
	Mon, 29 Jun 2009 20:19:19 GMT (envelope-from sson@svn.freebsd.org)
Received: (from sson@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n5TKJJ3n058328;
	Mon, 29 Jun 2009 20:19:19 GMT (envelope-from sson@svn.freebsd.org)
Message-Id: <200906292019.n5TKJJ3n058328@svn.freebsd.org>
From: Stacey Son <sson@FreeBSD.org>
Date: Mon, 29 Jun 2009 20:19:19 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r195177 - head/sys/security/audit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2009 20:19:20 -0000

Author: sson
Date: Mon Jun 29 20:19:19 2009
New Revision: 195177
URL: http://svn.freebsd.org/changeset/base/195177

Log:
  Dynamically allocate the gidset field in audit record.
  
  This fixes a problem created by the recent change that allows a large
  number of groups per user.  The gidset field in struct kaudit_record
  is now dynamically allocated to the size needed rather than statically
  (using NGROUPS).
  
  Approved by:	re@ (kensmith, rwatson), gnn (mentor)

Modified:
  head/sys/security/audit/audit.c
  head/sys/security/audit/audit_arg.c
  head/sys/security/audit/audit_private.h

Modified: head/sys/security/audit/audit.c
==============================================================================
--- head/sys/security/audit/audit.c	Mon Jun 29 20:12:54 2009	(r195176)
+++ head/sys/security/audit/audit.c	Mon Jun 29 20:19:19 2009	(r195177)
@@ -77,6 +77,7 @@ static MALLOC_DEFINE(M_AUDITCRED, "audit
 MALLOC_DEFINE(M_AUDITDATA, "audit_data", "Audit data storage");
 MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage");
 MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage");
+MALLOC_DEFINE(M_AUDITGIDSET, "audit_gidset", "Audit GID set storage");
 
 SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0,
     "TrustedBSD audit controls");
@@ -253,6 +254,8 @@ audit_record_dtor(void *mem, int size, v
 		free(ar->k_ar.ar_arg_argv, M_AUDITTEXT);
 	if (ar->k_ar.ar_arg_envv != NULL)
 		free(ar->k_ar.ar_arg_envv, M_AUDITTEXT);
+	if (ar->k_ar.ar_arg_groups.gidset != NULL)
+		free(ar->k_ar.ar_arg_groups.gidset, M_AUDITGIDSET);
 }
 
 /*

Modified: head/sys/security/audit/audit_arg.c
==============================================================================
--- head/sys/security/audit/audit_arg.c	Mon Jun 29 20:12:54 2009	(r195176)
+++ head/sys/security/audit/audit_arg.c	Mon Jun 29 20:19:19 2009	(r195177)
@@ -236,10 +236,17 @@ audit_arg_groupset(gid_t *gidset, u_int 
 	u_int i;
 	struct kaudit_record *ar;
 
+	KASSERT(gidset_size <= NGROUPS,
+	    ("audit_arg_groupset: gidset_size > NGROUPS"));
+
 	ar = currecord();
 	if (ar == NULL)
 		return;
 
+	if (ar->k_ar.ar_arg_groups.gidset == NULL)
+		ar->k_ar.ar_arg_groups.gidset = malloc(
+		    sizeof(gid_t) * gidset_size, M_AUDITGIDSET, M_WAITOK);
+
 	for (i = 0; i < gidset_size; i++)
 		ar->k_ar.ar_arg_groups.gidset[i] = gidset[i];
 	ar->k_ar.ar_arg_groups.gidset_size = gidset_size;

Modified: head/sys/security/audit/audit_private.h
==============================================================================
--- head/sys/security/audit/audit_private.h	Mon Jun 29 20:12:54 2009	(r195176)
+++ head/sys/security/audit/audit_private.h	Mon Jun 29 20:19:19 2009	(r195177)
@@ -50,6 +50,7 @@ MALLOC_DECLARE(M_AUDITBSM);
 MALLOC_DECLARE(M_AUDITDATA);
 MALLOC_DECLARE(M_AUDITPATH);
 MALLOC_DECLARE(M_AUDITTEXT);
+MALLOC_DECLARE(M_AUDITGIDSET);
 #endif
 
 /*
@@ -104,8 +105,8 @@ struct vnode_au_info {
 };
 
 struct groupset {
-	gid_t	gidset[NGROUPS];
-	u_int	gidset_size;
+	gid_t	*gidset;
+	u_int	 gidset_size;
 };
 
 struct socket_au_info {