Re: [Maria-developers] [Commits] c934b5e: MDEV-8842 add group support to pam_user_map module.
Hi, Holyfoot! On Oct 06, holyfoot@askmonty.org wrote:
revision-id: c934b5e661b19b7934d1a9af40afc70b727c2273 (mariadb-10.1.7-64-gc934b5e) parent(s): 90f2c822469a4f88f882ba8974e790f0fb0b2702 committer: Alexey Botchkov timestamp: 2015-10-06 14:02:29 +0500 message:
MDEV-8842 add group support to pam_user_map module. Added to the pam_user_map module.
Right, thanks. A couple of comments, see below.
diff --git a/plugin/auth_pam/mapper/pam_user_map.c b/plugin/auth_pam/mapper/pam_user_map.c index e73ab6d..0787b1c 100644 --- a/plugin/auth_pam/mapper/pam_user_map.c +++ b/plugin/auth_pam/mapper/pam_user_map.c ... + /* + So below we get the buffer of the NGROUPS_MAX size + which can take 256K on some systems. + It supposed to be working differently - we'd get + the 'ng' from the getgrouplist() and alloc the respective + size, but the problem is a bug in getgrouplist(). + The glibc 2.3.2 implementation of this function is broken: + it overwrites memory when the actual number of groups is larger + than *ngroups. + */
Forget 2.3.2, use it as it was supposed to be used. Our oldest builder uses glibc-2.5
+ (void) getgrouplist(user, user_group_id, groups, &ng); + for (i= 0; i < ng; i++) + { + struct group *g; + if ((g= getgrgid(groups[i])) == NULL) + return 0; + if (g->gr_gid == group_id) + return 1;
Eh? Why don't you compare group_id with groups[i] directly ? Regards, Sergei
Eh? Why don't you compare group_id with groups[i] directly ?
D'oh. It's actually i forgot to do the 'git add' with the fixed code. Never happened to me before. Anyway, here's the new patch. http://lists.askmonty.org/pipermail/commits/2015-October/008512.html Best regards. HF 06.10.2015 21:43, Sergei Golubchik wrote:
Hi, Holyfoot!
On Oct 06, holyfoot@askmonty.org wrote:
revision-id: c934b5e661b19b7934d1a9af40afc70b727c2273 (mariadb-10.1.7-64-gc934b5e) parent(s): 90f2c822469a4f88f882ba8974e790f0fb0b2702 committer: Alexey Botchkov timestamp: 2015-10-06 14:02:29 +0500 message:
MDEV-8842 add group support to pam_user_map module. Added to the pam_user_map module. Right, thanks. A couple of comments, see below.
diff --git a/plugin/auth_pam/mapper/pam_user_map.c b/plugin/auth_pam/mapper/pam_user_map.c index e73ab6d..0787b1c 100644 --- a/plugin/auth_pam/mapper/pam_user_map.c +++ b/plugin/auth_pam/mapper/pam_user_map.c ... + /* + So below we get the buffer of the NGROUPS_MAX size + which can take 256K on some systems. + It supposed to be working differently - we'd get + the 'ng' from the getgrouplist() and alloc the respective + size, but the problem is a bug in getgrouplist(). + The glibc 2.3.2 implementation of this function is broken: + it overwrites memory when the actual number of groups is larger + than *ngroups. + */ Forget 2.3.2, use it as it was supposed to be used. Our oldest builder uses glibc-2.5
+ (void) getgrouplist(user, user_group_id, groups, &ng); + for (i= 0; i < ng; i++) + { + struct group *g; + if ((g= getgrgid(groups[i])) == NULL) + return 0; + if (g->gr_gid == group_id) + return 1; Eh? Why don't you compare group_id with groups[i] directly ?
Regards, Sergei
participants (2)
-
Alexey Botchkov -
Sergei Golubchik