Currently samba (2.0.6) relies on the NGROUPS_MAX define. This makes
the number of allowed simultaneous (per-user) secondary groups a
compile-time decision.
$ find . -name \*.c | xargs grep NGROUPS
./source/lib/system.c: if (setlen > NGROUPS_MAX) {
./source/lib/replace.c: gid_t grouplst[NGROUPS_MAX];
./source/lib/replace.c: while (i < NGROUPS_MAX &&
./source/smbd/password.c:#ifdef NGROUPS_MAX
./source/smbd/password.c: if((groups = (gid_t
*)malloc(sizeof(gid_t)*NGROUPS_MAX)) == NULL)
POSIX defined sysconf in order to avoid this.
By using sysconf(_SC_NGROUPS_MAX) this value is determined at
run-time.
OTOH NGROUPS_MAX seems to be used incorrectly anyway:
source/smbd/password.c
#ifdef NGROUPS_MAX
if((groups = (gid_t *)malloc(sizeof(gid_t)*NGROUPS_MAX)) == NULL)
#else /* NGROUPS_MAX */
if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL)
#endif /* NGROUPS_MAX */
As Donald Lewine's POSIX book says: "The values returned by these
functions should be thought of as minimum guarantees. ... The values
returned by sysconf() and pathconf() are not suitable for allocating
memory."
Running samba on Linux only above-showed source/smbd/password.c seems
to be a problem since the other NGROUPS_MAX occurences only matter
when things like a sane initgroups are missing.
Suggestions etc. ?
Sven
Dear Samba-team, Since last year we've got SAMBA running here at the University of Vechta on an Origin 200 running Irix6.5. We want SAMBA to act as a trusted domain server for an NT-PDC with 20 NT Workstations. Unfortunately no trust-relationships are currently implemented- nontheless it's on your to-do-list. We have been experimenting with samba 2. and a windows NT 4.0 server (SP4) but came to no satisfying results. We almost did it but every logon we got the message that no server-profile could be found though the system had access to the server profile and did use it. Except from this ... message everything worked fine. So actually we're interested in any news or progress and would offer you to participate as test environment. If you are interested please contact me per e-mail for further details. Jan C. Selke -- Jan Christian Selke Grosse Str. 1 D-49377 Vechta Phone: +49 4441 851237 mail : Jan.Selke@Uni-Vechta.DE
Sven Rudolph wrote:> > Currently samba (2.0.6) relies on the NGROUPS_MAX define. This makes > the number of allowed simultaneous (per-user) secondary groups a > compile-time decision. > > $ find . -name \*.c | xargs grep NGROUPS > /source/lib/system.c: if (setlen > NGROUPS_MAX) { > /source/lib/replace.c: gid_t grouplst[NGROUPS_MAX]; > /source/lib/replace.c: while (i < NGROUPS_MAX && > /source/smbd/password.c:#ifdef NGROUPS_MAX > /source/smbd/password.c: if((groups = (gid_t *)malloc(sizeof(gid_t)*NGROUPS_MAX)) == NULL) > > POSIX defined sysconf in order to avoid this. > > By using sysconf(_SC_NGROUPS_MAX) this value is determined at > run-time. > > OTOH NGROUPS_MAX seems to be used incorrectly anyway: > > source/smbd/password.c > #ifdef NGROUPS_MAX > if((groups = (gid_t *)malloc(sizeof(gid_t)*NGROUPS_MAX)) == NULL) > #else /* NGROUPS_MAX */ > if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) > #endif /* NGROUPS_MAX */ > > As Donald Lewine's POSIX book says: "The values returned by these > functions should be thought of as minimum guarantees. ... The values > returned by sysconf() and pathconf() are not suitable for allocating > memory." > > Running samba on Linux only above-showed source/smbd/password.c seems > to be a problem since the other NGROUPS_MAX occurences only matter > when things like a sane initgroups are missing.I have fixed this in the HEAD and 2.0.x source trees so that Samba now uses sysconf(_SC_NGROUPS_MAX) as appropriate. Thanks for pointing this out. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. --------------------------------------------------------
Reasonably Related Threads
- NGROUPS_MAX
- [Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
- NGROUPS_MAX on Linux
- [Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
- [Bug 3735] New: The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX)