mirror of
https://github.com/samba-team/samba.git
synced 2025-01-18 06:04:06 +03:00
2c18a98253
On MacOS sysconf(_SC_NGROUPS_MAX) always returns 16. However, this is not the value used by getgroups(2). MacOS uses nested groups but getgroups(2) will return the flattened list which can easily exceed 16 groups. In my testing getgroups() already returns 16 groups on a freshly installed system. And on a 10.14 system the root user is in more than 16 groups by default which makes it impossible to run smbd without this change. Setting _DARWIN_UNLIMITED_GETGROUPS allows getgroups() to return more than 16 groups. This also changes set_unix_security_ctx() to only set up to 16 groups since that is the limit for initgroups() according to the manpage. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8773 Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 9 17:43:19 UTC 2021 on sn-devel-184
65 lines
1.6 KiB
C
65 lines
1.6 KiB
C
/*
|
|
Unix SMB/Netbios implementation.
|
|
Version 1.9.
|
|
Security context tests
|
|
Copyright (C) Tim Potter 2000
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
/* Keep linker happy */
|
|
|
|
void exit_server(char *reason) {}
|
|
|
|
/* Generate random list of groups */
|
|
|
|
void get_random_grouplist(int *ngroups, gid_t **groups)
|
|
{
|
|
int i;
|
|
|
|
*ngroups = random() % setgroups_max();
|
|
*groups = malloc(*ngroups * sizeof(gid_t));
|
|
|
|
if (!groups) {
|
|
printf("FAIL: malloc random grouplist\n");
|
|
return;
|
|
}
|
|
|
|
for (i = 0; i < *ngroups; i++) {
|
|
(*groups)[i] = random() % 32767;
|
|
}
|
|
}
|
|
|
|
/* Check a list of groups with current groups */
|
|
|
|
BOOL verify_current_groups(int ngroups, gid_t *groups)
|
|
{
|
|
int actual_ngroups;
|
|
gid_t *actual_groups;
|
|
|
|
actual_ngroups = getgroups(0, NULL);
|
|
actual_groups = (gid_t *)malloc(actual_ngroups * sizeof(gid_t));
|
|
|
|
getgroups(actual_ngroups, actual_groups);
|
|
|
|
if (actual_ngroups != ngroups) {
|
|
return False;
|
|
}
|
|
|
|
return memcmp(actual_groups, groups, actual_ngroups *
|
|
sizeof(gid_t)) == 0;
|
|
}
|