Date: Wed, 20 Feb 2013 18:29:07 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua> Cc: freebsd-current@freebsd.org, Elias Martenson <lokedhs@gmail.com>, Benjamin Kaduk <kaduk@mit.edu> Subject: Re: Possible bug in NFSv4 with krb5p security? Message-ID: <423251068.3167476.1361402947119.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <20130220122826.GA13613@pm513-1.comsys.ntu-kpi.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey Simonnenko wrote: > On Tue, Feb 19, 2013 at 08:52:49PM -0500, Rick Macklem wrote: > > > > > > I cannot find how to get information about maximum buffer size for > > > the getpwnam_r() function. This information should be returned by > > > sysconf(_SC_GETPW_R_SIZE_MAX), but since it does not work on > > > FreeBSD > > > it is necessary to guess its size. Original value is 128 and it > > > works > > > for somebody, 1024 works for your environment, but it can fail for > > > another environment. > > > > > > SUSv4 specifies "Storage referenced by the structure is allocated > > > from > > > the memory provided with the buffer parameter", but then tells > > > about > > > groups > > > in EXAMPLE for getpwnam_r() "Note that > > > sysconf(_SC_GETPW_R_SIZE_MAX) > > > may > > > return -1 if there is no hard limit on the size of the buffer > > > needed > > > to > > > store all the groups returned". > > > > > > malloc() can give overhead, but that function can try to call > > > getpwnam_r() > > > with buffer allocated from stack and if getpwnam_r() failed with > > > ERANGE > > > use dynamically allocated buffer. > > > > > > #define PWBUF_SIZE_INI (2 * MAXLOGNAME + 2 * MAXPATHLEN + > > > _PASSWORD_LEN + 1) > > > #define PWBUF_SIZE_INC 128 > > > > > > char bufs[2 * MAXLOGNAME + MAXPATHLEN + PASSWORD_LEN + 1 + 32]; > > > > > > error = getpwnam_r(lname, &pwd, bufs, sizeof(bufs), &pw); > > > if (pw != NULL) { > > > *uidp = pw->pw_uid; > > > return (GSS_S_COMPLETE); > > > } else if (error != ERANGE) > > > return (GSS_S_FAILURE); > > > > > > size = PWBUF_SIZE_INI; > > > for (;;) { > > > size += PWBUF_SIZE_INC; > > > buf = malloc(size); > > > if (buf == NULL) > > > return (GSS_S_FAILURE); > > > error = getpwnam_r(lname, &pwd, buf, size, &pw); > > > free(buf); > > > if (pw != NULL) { > > > *uidp = pw->pw_uid; > > > return (GSS_S_COMPLETE); > > > } else { > > > if (error == ERANGE && > > > size <= SIZE_MAX - PWBUF_SIZE_INC) > > > continue; > > > return (GSS_S_FAILURE); > > > } > > > } > > > > Just my opinion, but I think the above is a good approach. > > (ie. First trying a fairly large buffer on the stack that > > will succeed 99.99% of the time, but check for ERANGE and > > loop trying progressively larger malloc'd buffers until > > it stops reporting ERANGE.) > > > > I suspect the overheads behind getpwnam_r() are larger than > > the difference between using a buffer on the stack vs malloc, > > so I think it should use a fairly large buffer the first time. > > > > Personally, I might have coded it as a single do { } while(), > > with the first attempt in it, but that's just personal stylistic > > taste. (You can check for buf != bufs before doing a free() of it.) > > And, if you wanted to be clever, the code could use a static > > "bufsiz_hint", > > which is set to the largest size needed sofar and that is used as > > the initial malloc size. That way it wouldn't loop as much for a > > site with huge passwd entries. (An entire bio in the GECOS field or > > ???) > > > > Thanks for the review. > > Another variant. This is a program that can be used for verifying > correctness of the function, just change PWBUF_SIZE_* values and put > some printfs to see when buffer is reallocated. sizehint is updated > only when malloc() succeeded. > > --------------------------------- > #include <sys/param.h> > #include <sys/limits.h> > > #include <gssapi/gssapi.h> > > #include <errno.h> > #include <limits.h> > #include <pwd.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include <unistd.h> > > static int > getpwnam_r_func(const char *name, uid_t *uidp) > { > #define PWBUF_SIZE_INI (2 * MAXLOGNAME + MAXPATHLEN + _PASSWORD_LEN) > #define PWBUF_SIZE_INC 128 > > static size_t sizehint = PWBUF_SIZE_INI; > > struct passwd pwd; > struct passwd *pw; > char *buf; > size_t size; > int error; > char lname[MAXLOGNAME]; > char bufs[PWBUF_SIZE_INI]; > > strncpy(lname, name, sizeof(lname)); > > buf = bufs; > size = sizeof(bufs); > for (;;) { > error = getpwnam_r(lname, &pwd, buf, size, &pw); > if (buf != bufs) > free(buf); > if (pw != NULL) { > *uidp = pw->pw_uid; > return (GSS_S_COMPLETE); > } else if (error != ERANGE || size > SIZE_MAX - PWBUF_SIZE_INC) > return (GSS_S_FAILURE); > if (size != sizehint) > size = sizehint; > else > size += PWBUF_SIZE_INC; > buf = malloc(size); > if (buf == NULL) > return (GSS_S_FAILURE); > sizehint = size; > } > } > All looks fine to me. (Before my mailer messed with the whitespace;-) Thanks, rick ps: I will commit it in April, unless someone else does so sooner. > int > main(void) > { > const char *str[] = { "man", "root", "q", "bin", NULL }; > uid_t uid; > u_int i; > > for (i = 0; str[i] != NULL; ++i) { > printf("%-20s\t", str[i]); > if (getpwnam_r_func(str[i], &uid) == GSS_S_COMPLETE) > printf("%u\n", uid); > else > printf("not found\n"); > } > return (0); > } > --------------------------------- > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?423251068.3167476.1361402947119.JavaMail.root>