similar to: use sysconf instead of NGROUPS_MAX

Currently openssh (3.4p1) relies on the NGROUPS_MAX define. This makes the number of allowed simultaneous (per-user) secondary groups a compile-time decision. $ find . -name \*.c | xargs grep NGROUPS_MAX ./groupaccess.c:static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ ./groupaccess.c: gid_t groups_bygid[NGROUPS_MAX + 1]; ./uidswap.c:static gid_t

http://bugzilla.mindrot.org/show_bug.cgi?id=787 Summary: Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd) Product: Portable OpenSSH Version: 3.7.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Linux has just raised the NGROUPS_MAX limit from 32 to 64k. In doing an audit of various tools, openssh turned up as having incorrect groups handling. Almost no user-space apps really care about NGROUPS_MAX. A proposed patch (untested, since the CVS build won't compile on my RH box.. :-/) : What think? Index: uidswap.c ===================================================================

http://bugzilla.mindrot.org/show_bug.cgi?id=787 ------- Additional Comments From openssh_bugzilla at hockin.org 2004-02-20 13:01 ------- Created an attachment (id=548) --> (http://bugzilla.mindrot.org/attachment.cgi?id=548&action=view) NGROUPS patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

https://bugzilla.mindrot.org/show_bug.cgi?id=3735 Bug ID: 3735 Summary: The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX) Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5

Hi on FreeBSD it happens that without this patch the number of groups is limited to 32. Since we need a greater number of groups, we send this patch. Hope it is approved early. Bye diff -ruN /root/work/samba-3.2.8/source/lib/replace/system/passwd.h /usr/ports/net/samba32/work/samba-3.2.8/source/lib/replace/system/passwd.h --- /root/work/samba-3.2.8/source/lib/replace/system/passwd.h 2009-02-03

> *** openbsd-compat/bsd-nextstep.h.orig Sun Feb 4 00:16:16 2001 > --- openbsd-compat/bsd-nextstep.h Sun Feb 4 00:19:09 2001 > *************** > *** 48,52 **** > --- 48,56 ---- > speed_t cfgetispeed(const struct termios *t); > int cfsetospeed(struct termios *t, int speed); > int cfsetispeed(struct termios *t, int speed); > + > + /* LIMITS */ > + #define

# cat /proc/sys/kernel/ngroups_max 65536 # sysctl kernel.ngroups_max kernel.ngroups_max = 65536 Is there a way to change/look at AUTH_SYS? Seems I have 28 groups now as my user I tried created a test user with much less groups but it turns out it is on all those other groups. As such I tried winbind nested groups=no but this doesn't seem to change anything. On Tue, Dec 8, 2015 at 5:05

ok after fighting to get my groups sorted out for my test user I created an "sudoer" group and added "jefftest" to "sudoer" > id jefftest uid=11507(jefftest) gid=8513(domain users) groups=8513(domain users),31020(sudoer) and added "sudoer" to /etc/sudoers like so %sudoer ALL=(ALL) ALL now when I login as jefftest I can run commands using sudo back to

On Thu, 7 Jun 2018 17:28:43 +0200 Jean-Christophe Delaye via samba <samba at lists.samba.org> wrote: > On 06/07/2018 04:04 PM, Teddy Brown via samba wrote: > > Hi, > > I'm trying to create a new Samba server to share files. We > > currently have an instance of Samba 3.6 on another server which we > > are using but need to retire that server. > > >

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

Hi , i have the problem if somebody is member of more than 32 (Unix) groups every group bigger than number 32 will be cut off Debug Example : [2002/08/21 09:57:51, 3] smbd/sec_ctx.c:set_sec_ctx(319) 32 user groups: 500 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 [2002/08/21 09:57:51, 3]

Upgraded our Solaris 8 and 9 servers from 3.0.2a to 3.0.3. After upgrading any user that was in more than 16 Unix groups wasn't able to map any drives. I get this error in the log file: [2004/05/04 12:23:30, 0] auth/auth_util.c:get_user_groups(695) get_user_groups: failed to get the unix group list [2004/05/04 12:23:30, 0] auth/auth_sam.c:check_sam_security(260) check_sam_security:

I have an odd problem and I was wondering if anyone has ever run into this before. I have a machine running solaris 8, OpenSSH 3.1p1 and OpenSSL 0.9.6c and it has been working fine for quite some time (ssh that is). Today, /etc/system was updated to increase the maximum number of groups from 16 to 32. After the system was rebooted, things seemed to be working as expected, however one of our

Hi! Running OpenSolaris snv_134 with Samba 3.0.37. Samba is successfully joined to AD domain. AD user "user1" is member in 17 AD groups including "group1", but he cannot access Samba share which have read permissions for "group1". If user account is modified and "group1" becomes users primary group, then he can access shares. If user is member of only

My company, which is a mac-heavy shop in the printing industry, needed to migrate to a faster file server. As our directory trees are very large, both Samba, and Netatalk were bogging down badly on our Linux server (Samba, due to heavy CPU usage during directory listings - the case-sensitive file system issue, and netatalk because the cnid db was getting too big). Our solution was to switch to a

Greetings, Have built and have Samba 4.4.5 running on my test Solaris 10 server. Works just fine on there. It is set in /etc/system with ngroups_max=32 and is running as a member server in my university's AD domain. This morning trying to install 4.4.5 on a production server that had been running samba 3.6 - not "upgrade" but left the domain, installed the newer version of

I found and tried this work around on the man page: https://www.unix.com/man-page/all/5/ngroups_max/ but I still get the same "Too many extra groups" error even when I start dovecot with the above program to limit the # of groups. I suspect that dovecot is adding a number of groups when it starts up. I've hacked a work around to get it working for me on my laptop: diff --git

On Mon, 20 Feb 2023 15:58:33 +0000, Stadler Thomas <thomas.stadler at vpbank.com> wrote: > as the download method 'wininet' is deprecated, I'm looking into alternative ways to install packages from within R. > Unfortunately, curl, libcurl and wget refuse to cooperate with Kerberos on our corporate setup. > When exactly will the 'wininet' method stop working? R

On Tue, 21 Feb 2023, Selke, Gisbert W. writes: > On Mon, 20 Feb 2023 15:58:33 +0000, Stadler Thomas <thomas.stadler at vpbank.com> wrote: > >> as the download method 'wininet' is deprecated, I'm looking into alternative ways to install packages from within R. >> Unfortunately, curl, libcurl and wget refuse to cooperate with Kerberos on our corporate setup.