Date: Thu, 31 Dec 2009 21:08:13 +0000 (UTC) From: Brooks Davis <brooks@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r201353 - in projects/ngroups/sys: compat/linux compat/svr4 fs/nfs i386/ibcs2 kern rpc rpc/rpcsec_gss sys Message-ID: <200912312108.nBVL8DZf009050@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brooks Date: Thu Dec 31 21:08:13 2009 New Revision: 201353 URL: http://svn.freebsd.org/changeset/base/201353 Log: Checkpoint the replacement of the static NGROUPS value with a tunable ngroups_max+1. Modified: projects/ngroups/sys/compat/linux/linux_misc.c projects/ngroups/sys/compat/linux/linux_uid16.c projects/ngroups/sys/compat/svr4/svr4_misc.c projects/ngroups/sys/fs/nfs/nfs.h projects/ngroups/sys/i386/ibcs2/ibcs2_misc.c projects/ngroups/sys/kern/kern_mib.c projects/ngroups/sys/kern/kern_prot.c projects/ngroups/sys/kern/subr_param.c projects/ngroups/sys/rpc/authunix_prot.c projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c projects/ngroups/sys/sys/systm.h Modified: projects/ngroups/sys/compat/linux/linux_misc.c ============================================================================== --- projects/ngroups/sys/compat/linux/linux_misc.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/compat/linux/linux_misc.c Thu Dec 31 21:08:13 2009 (r201353) @@ -1138,7 +1138,7 @@ linux_setgroups(struct thread *td, struc struct proc *p; ngrp = args->gidsetsize; - if (ngrp < 0 || ngrp >= NGROUPS) + if (ngrp < 0 || ngrp > ngroups_max) return (EINVAL); linux_gidset = malloc(ngrp * sizeof(*linux_gidset), M_TEMP, M_WAITOK); error = copyin(args->grouplist, linux_gidset, ngrp * sizeof(l_gid_t)); Modified: projects/ngroups/sys/compat/linux/linux_uid16.c ============================================================================== --- projects/ngroups/sys/compat/linux/linux_uid16.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/compat/linux/linux_uid16.c Thu Dec 31 21:08:13 2009 (r201353) @@ -109,7 +109,7 @@ linux_setgroups16(struct thread *td, str #endif ngrp = args->gidsetsize; - if (ngrp < 0 || ngrp >= NGROUPS) + if (ngrp < 0 || ngrp > ngroups_max) return (EINVAL); linux_gidset = malloc(ngrp * sizeof(*linux_gidset), M_TEMP, M_WAITOK); error = copyin(args->gidset, linux_gidset, ngrp * sizeof(l_gid16_t)); Modified: projects/ngroups/sys/compat/svr4/svr4_misc.c ============================================================================== --- projects/ngroups/sys/compat/svr4/svr4_misc.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/compat/svr4/svr4_misc.c Thu Dec 31 21:08:13 2009 (r201353) @@ -708,7 +708,7 @@ svr4_sys_sysconfig(td, uap) switch (uap->name) { case SVR4_CONFIG_NGROUPS: - *retval = NGROUPS_MAX; + *retval = ngroups_max; break; case SVR4_CONFIG_CHILD_MAX: *retval = maxproc; Modified: projects/ngroups/sys/fs/nfs/nfs.h ============================================================================== --- projects/ngroups/sys/fs/nfs/nfs.h Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/fs/nfs/nfs.h Thu Dec 31 21:08:13 2009 (r201353) @@ -406,11 +406,11 @@ typedef struct { /* * Store uid, gid creds that handle maps to. * Since some BSDen define cr_gid as cr_groups[0], I'll just keep them - * all in nfsc_groups[NGROUPS + 1]. + * all in nfsc_groups[NFS_MAXGRPS + 1]. */ struct nfscred { uid_t nfsc_uid; - gid_t nfsc_groups[NGROUPS + 1]; + gid_t nfsc_groups[NFS_MAXGRPS + 1]; int nfsc_ngroups; }; Modified: projects/ngroups/sys/i386/ibcs2/ibcs2_misc.c ============================================================================== --- projects/ngroups/sys/i386/ibcs2/ibcs2_misc.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/i386/ibcs2/ibcs2_misc.c Thu Dec 31 21:08:13 2009 (r201353) @@ -664,7 +664,7 @@ ibcs2_getgroups(td, uap) if (uap->gidsetsize < 0) return (EINVAL); - ngrp = MIN(uap->gidsetsize, NGROUPS_MAX); + ngrp = MIN(uap->gidsetsize, ngroups_max + 1); gp = malloc(ngrp * sizeof(*gp), M_TEMP, M_WAITOK); error = kern_getgroups(td, &ngrp, gp); if (error) @@ -692,7 +692,7 @@ ibcs2_setgroups(td, uap) gid_t *gp; int error, i; - if (uap->gidsetsize < 0 || uap->gidsetsize > NGROUPS_MAX) + if (uap->gidsetsize < 0 || uap->gidsetsize > ngroups_max + 1) return (EINVAL); if (uap->gidsetsize && uap->gidset == NULL) return (EINVAL); Modified: projects/ngroups/sys/kern/kern_mib.c ============================================================================== --- projects/ngroups/sys/kern/kern_mib.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/kern/kern_mib.c Thu Dec 31 21:08:13 2009 (r201353) @@ -124,8 +124,8 @@ SYSCTL_INT(_kern, KERN_ARGMAX, argmax, C SYSCTL_INT(_kern, KERN_POSIX1, posix1version, CTLFLAG_RD, 0, _POSIX_VERSION, "Version of POSIX attempting to comply to"); -SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RD, - 0, NGROUPS_MAX, "Maximum number of groups a user can belong to"); +SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RD, &ngroups_max, 0, + "Maximum number of supplemental groups a user can belong to"); SYSCTL_INT(_kern, KERN_JOB_CONTROL, job_control, CTLFLAG_RD, 0, 1, "Whether job control is available"); Modified: projects/ngroups/sys/kern/kern_prot.c ============================================================================== --- projects/ngroups/sys/kern/kern_prot.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/kern/kern_prot.c Thu Dec 31 21:08:13 2009 (r201353) @@ -285,7 +285,7 @@ getgroups(struct thread *td, register st u_int ngrp; int error; - ngrp = MIN(uap->gidsetsize, NGROUPS); + ngrp = MIN(uap->gidsetsize, ngroups_max + 1); groups = malloc(ngrp * sizeof(*groups), M_TEMP, M_WAITOK); error = kern_getgroups(td, &ngrp, groups); if (error) @@ -799,7 +799,7 @@ setgroups(struct thread *td, struct setg gid_t *groups = NULL; int error; - if (uap->gidsetsize > NGROUPS) + if (uap->gidsetsize > ngroups_max + 1) return (EINVAL); groups = malloc(uap->gidsetsize * sizeof(gid_t), M_TEMP, M_WAITOK); error = copyin(uap->gidset, groups, uap->gidsetsize * sizeof(gid_t)); @@ -818,7 +818,7 @@ kern_setgroups(struct thread *td, u_int struct ucred *newcred, *oldcred; int error; - if (ngrp > NGROUPS) + if (ngrp > ngroups_max + 1) return (EINVAL); AUDIT_ARG(groupset, groups, ngrp); newcred = crget(); @@ -2038,14 +2038,14 @@ crsetgroups_locked(struct ucred *cr, int /* * Copy groups in to a credential after expanding it if required. - * Truncate the list to NGROUPS if it is too large. + * Truncate the list to (ngroups_max + 1) if it is too large. */ void crsetgroups(struct ucred *cr, int ngrp, gid_t *groups) { - if (ngrp > NGROUPS) - ngrp = NGROUPS; + if (ngrp > ngroups_max + 1) + ngrp = ngroups_max + 1; crextend(cr, ngrp); crsetgroups_locked(cr, ngrp, groups); Modified: projects/ngroups/sys/kern/subr_param.c ============================================================================== --- projects/ngroups/sys/kern/subr_param.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/kern/subr_param.c Thu Dec 31 21:08:13 2009 (r201353) @@ -88,6 +88,7 @@ int maxfiles; /* sys. wide open files int maxfilesperproc; /* per-proc open files limit */ int ncallout; /* maximum # of timer events */ int nbuf; +int ngroups_max; /* max # groups per process */ int nswbuf; long maxswzone; /* max swmeta KVA storage */ long maxbcache; /* max buffer cache KVA storage */ @@ -228,6 +229,15 @@ init_param1(void) TUNABLE_ULONG_FETCH("kern.maxssiz", &maxssiz); sgrowsiz = SGROWSIZ; TUNABLE_ULONG_FETCH("kern.sgrowsiz", &sgrowsiz); + + /* + * Let the user set ngroups_max, but don't let it go below + * NGROUPS_MAX which would violate POSIX.1-2008. + */ + ngroups_max = NGROUPS_MAX; + TUNABLE_INT_FETCH("kern.ngroups", &ngroups_max); + if (ngroups_max < NGROUPS_MAX) + ngroups_max = NGROUPS_MAX; } /* Modified: projects/ngroups/sys/rpc/authunix_prot.c ============================================================================== --- projects/ngroups/sys/rpc/authunix_prot.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/rpc/authunix_prot.c Thu Dec 31 21:08:13 2009 (r201353) @@ -110,7 +110,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t * if (!xdr_uint32_t(xdrs, &ngroups)) return (FALSE); for (i = 0; i < ngroups; i++) { - if (i + 1 < NGROUPS) { + if (i + 1 < ngroups_max + 1) { if (!xdr_uint32_t(xdrs, &cred->cr_groups[i + 1])) return (FALSE); } else { @@ -120,8 +120,8 @@ xdr_authunix_parms(XDR *xdrs, uint32_t * } if (xdrs->x_op == XDR_DECODE) { - if (ngroups + 1 > NGROUPS) - cred->cr_ngroups = NGROUPS; + if (ngroups + 1 > ngroups_max + 1) + cred->cr_ngroups = ngroups_max + 1; else cred->cr_ngroups = ngroups + 1; } Modified: projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c ============================================================================== --- projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Thu Dec 31 21:08:13 2009 (r201353) @@ -147,7 +147,7 @@ struct svc_rpc_gss_client { int cl_rpcflavor; /* RPC pseudo sec flavor */ bool_t cl_done_callback; /* TRUE after call */ void *cl_cookie; /* user cookie from callback */ - gid_t cl_gid_storage[NGROUPS]; + gid_t *cl_gid_storage; gss_OID cl_mech; /* mechanism */ gss_qop_t cl_qop; /* quality of protection */ uint32_t cl_seqlast; /* sequence window origin */ @@ -542,6 +542,7 @@ svc_rpc_gss_create_client(void) client = mem_alloc(sizeof(struct svc_rpc_gss_client)); memset(client, 0, sizeof(struct svc_rpc_gss_client)); + client->cl_gid_storage = mem_alloc((ngroups_max + 1) * sizeof(gid_t)); refcount_init(&client->cl_refs, 1); sx_init(&client->cl_lock, "GSS-client"); getcredhostid(curthread->td_ucred, &hostid); @@ -589,6 +590,8 @@ svc_rpc_gss_destroy_client(struct svc_rp crfree(client->cl_cred); sx_destroy(&client->cl_lock); + mem_free(client->cl_gid_storage, + (ngroups_max + 1) * sizeof(gid_t)); mem_free(client, sizeof(*client)); } @@ -734,7 +737,7 @@ svc_rpc_gss_build_ucred(struct svc_rpc_g uc->gid = 65534; uc->gidlist = client->cl_gid_storage; - numgroups = NGROUPS; + numgroups = ngroups_max + 1; maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech, &uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]); if (GSS_ERROR(maj_stat)) Modified: projects/ngroups/sys/sys/systm.h ============================================================================== --- projects/ngroups/sys/sys/systm.h Thu Dec 31 20:56:28 2009 (r201352) +++ projects/ngroups/sys/sys/systm.h Thu Dec 31 21:08:13 2009 (r201353) @@ -63,6 +63,7 @@ extern int boothowto; /* reboot flags, extern int bootverbose; /* nonzero to print verbose messages */ extern int maxusers; /* system tune hint */ +extern int ngroups_max; /* max # of supplemental groups */ #ifdef INVARIANTS /* The option is always available */ #define KASSERT(exp,msg) do { \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912312108.nBVL8DZf009050>