svn commit: r201353 - in projects/ngroups/sys: compat/linux compat/svr4 fs/nfs i386/ibcs2 kern rpc rpc/rpcsec_gss sys

Brooks Davis brooks at FreeBSD.org
Thu Dec 31 21:08:14 UTC 2009 

Author: brooks
Date: Thu Dec 31 21:08:13 2009
New Revision: 201353
URL: http://svn.freebsd.org/changeset/base/201353

Log:
  Checkpoint the replacement of the static NGROUPS value with a tunable
  ngroups_max+1.

Modified:
  projects/ngroups/sys/compat/linux/linux_misc.c
  projects/ngroups/sys/compat/linux/linux_uid16.c
  projects/ngroups/sys/compat/svr4/svr4_misc.c
  projects/ngroups/sys/fs/nfs/nfs.h
  projects/ngroups/sys/i386/ibcs2/ibcs2_misc.c
  projects/ngroups/sys/kern/kern_mib.c
  projects/ngroups/sys/kern/kern_prot.c
  projects/ngroups/sys/kern/subr_param.c
  projects/ngroups/sys/rpc/authunix_prot.c
  projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
  projects/ngroups/sys/sys/systm.h

Modified: projects/ngroups/sys/compat/linux/linux_misc.c
==============================================================================
--- projects/ngroups/sys/compat/linux/linux_misc.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/compat/linux/linux_misc.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -1138,7 +1138,7 @@ linux_setgroups(struct thread *td, struc
 	struct proc *p;
 
 	ngrp = args->gidsetsize;
-	if (ngrp < 0 || ngrp >= NGROUPS)
+	if (ngrp < 0 || ngrp > ngroups_max)
 		return (EINVAL);
 	linux_gidset = malloc(ngrp * sizeof(*linux_gidset), M_TEMP, M_WAITOK);
 	error = copyin(args->grouplist, linux_gidset, ngrp * sizeof(l_gid_t));

Modified: projects/ngroups/sys/compat/linux/linux_uid16.c
==============================================================================
--- projects/ngroups/sys/compat/linux/linux_uid16.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/compat/linux/linux_uid16.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -109,7 +109,7 @@ linux_setgroups16(struct thread *td, str
 #endif
 
 	ngrp = args->gidsetsize;
-	if (ngrp < 0 || ngrp >= NGROUPS)
+	if (ngrp < 0 || ngrp > ngroups_max)
 		return (EINVAL);
 	linux_gidset = malloc(ngrp * sizeof(*linux_gidset), M_TEMP, M_WAITOK);
 	error = copyin(args->gidset, linux_gidset, ngrp * sizeof(l_gid16_t));

Modified: projects/ngroups/sys/compat/svr4/svr4_misc.c
==============================================================================
--- projects/ngroups/sys/compat/svr4/svr4_misc.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/compat/svr4/svr4_misc.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -708,7 +708,7 @@ svr4_sys_sysconfig(td, uap)
 
 	switch (uap->name) {
 	case SVR4_CONFIG_NGROUPS:
-		*retval = NGROUPS_MAX;
+		*retval = ngroups_max;
 		break;
 	case SVR4_CONFIG_CHILD_MAX:
 		*retval = maxproc;

Modified: projects/ngroups/sys/fs/nfs/nfs.h
==============================================================================
--- projects/ngroups/sys/fs/nfs/nfs.h	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/fs/nfs/nfs.h	Thu Dec 31 21:08:13 2009	(r201353)
@@ -406,11 +406,11 @@ typedef struct {
 /*
  * Store uid, gid creds that handle maps to.
  * Since some BSDen define cr_gid as cr_groups[0], I'll just keep them
- * all in nfsc_groups[NGROUPS + 1].
+ * all in nfsc_groups[NFS_MAXGRPS + 1].
  */
 struct nfscred {
 	uid_t 		nfsc_uid;
-	gid_t		nfsc_groups[NGROUPS + 1];
+	gid_t		nfsc_groups[NFS_MAXGRPS + 1];
 	int		nfsc_ngroups;
 };
 

Modified: projects/ngroups/sys/i386/ibcs2/ibcs2_misc.c
==============================================================================
--- projects/ngroups/sys/i386/ibcs2/ibcs2_misc.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/i386/ibcs2/ibcs2_misc.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -664,7 +664,7 @@ ibcs2_getgroups(td, uap)
 
 	if (uap->gidsetsize < 0)
 		return (EINVAL);
-	ngrp = MIN(uap->gidsetsize, NGROUPS_MAX);
+	ngrp = MIN(uap->gidsetsize, ngroups_max + 1);
 	gp = malloc(ngrp * sizeof(*gp), M_TEMP, M_WAITOK);
 	error = kern_getgroups(td, &ngrp, gp);
 	if (error)
@@ -692,7 +692,7 @@ ibcs2_setgroups(td, uap)
 	gid_t *gp;
 	int error, i;
 
-	if (uap->gidsetsize < 0 || uap->gidsetsize > NGROUPS_MAX)
+	if (uap->gidsetsize < 0 || uap->gidsetsize > ngroups_max + 1)
 		return (EINVAL);
 	if (uap->gidsetsize && uap->gidset == NULL)
 		return (EINVAL);

Modified: projects/ngroups/sys/kern/kern_mib.c
==============================================================================
--- projects/ngroups/sys/kern/kern_mib.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/kern/kern_mib.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -124,8 +124,8 @@ SYSCTL_INT(_kern, KERN_ARGMAX, argmax, C
 SYSCTL_INT(_kern, KERN_POSIX1, posix1version, CTLFLAG_RD,
     0, _POSIX_VERSION, "Version of POSIX attempting to comply to");
 
-SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RD,
-    0, NGROUPS_MAX, "Maximum number of groups a user can belong to");
+SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RD, &ngroups_max, 0,
+    "Maximum number of supplemental groups a user can belong to");
 
 SYSCTL_INT(_kern, KERN_JOB_CONTROL, job_control, CTLFLAG_RD,
     0, 1, "Whether job control is available");

Modified: projects/ngroups/sys/kern/kern_prot.c
==============================================================================
--- projects/ngroups/sys/kern/kern_prot.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/kern/kern_prot.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -285,7 +285,7 @@ getgroups(struct thread *td, register st
 	u_int ngrp;
 	int error;
 
-	ngrp = MIN(uap->gidsetsize, NGROUPS);
+	ngrp = MIN(uap->gidsetsize, ngroups_max + 1);
 	groups = malloc(ngrp * sizeof(*groups), M_TEMP, M_WAITOK);
 	error = kern_getgroups(td, &ngrp, groups);
 	if (error)
@@ -799,7 +799,7 @@ setgroups(struct thread *td, struct setg
 	gid_t *groups = NULL;
 	int error;
 
-	if (uap->gidsetsize > NGROUPS)
+	if (uap->gidsetsize > ngroups_max + 1)
 		return (EINVAL);
 	groups = malloc(uap->gidsetsize * sizeof(gid_t), M_TEMP, M_WAITOK);
 	error = copyin(uap->gidset, groups, uap->gidsetsize * sizeof(gid_t));
@@ -818,7 +818,7 @@ kern_setgroups(struct thread *td, u_int 
 	struct ucred *newcred, *oldcred;
 	int error;
 
-	if (ngrp > NGROUPS)
+	if (ngrp > ngroups_max + 1)
 		return (EINVAL);
 	AUDIT_ARG(groupset, groups, ngrp);
 	newcred = crget();
@@ -2038,14 +2038,14 @@ crsetgroups_locked(struct ucred *cr, int
 
 /*
  * Copy groups in to a credential after expanding it if required.
- * Truncate the list to NGROUPS if it is too large.
+ * Truncate the list to (ngroups_max + 1) if it is too large.
  */
 void
 crsetgroups(struct ucred *cr, int ngrp, gid_t *groups)
 {
 
-	if (ngrp > NGROUPS)
-		ngrp = NGROUPS;
+	if (ngrp > ngroups_max + 1)
+		ngrp = ngroups_max + 1;
 
 	crextend(cr, ngrp);
 	crsetgroups_locked(cr, ngrp, groups);

Modified: projects/ngroups/sys/kern/subr_param.c
==============================================================================
--- projects/ngroups/sys/kern/subr_param.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/kern/subr_param.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -88,6 +88,7 @@ int	maxfiles;			/* sys. wide open files 
 int	maxfilesperproc;		/* per-proc open files limit */
 int	ncallout;			/* maximum # of timer events */
 int	nbuf;
+int	ngroups_max;			/* max # groups per process */
 int	nswbuf;
 long	maxswzone;			/* max swmeta KVA storage */
 long	maxbcache;			/* max buffer cache KVA storage */
@@ -228,6 +229,15 @@ init_param1(void)
 	TUNABLE_ULONG_FETCH("kern.maxssiz", &maxssiz);
 	sgrowsiz = SGROWSIZ;
 	TUNABLE_ULONG_FETCH("kern.sgrowsiz", &sgrowsiz);
+
+	/*
+	 * Let the user set ngroups_max, but don't let it go below
+	 * NGROUPS_MAX which would violate POSIX.1-2008.
+	 */
+	ngroups_max = NGROUPS_MAX;
+	TUNABLE_INT_FETCH("kern.ngroups", &ngroups_max);
+	if (ngroups_max < NGROUPS_MAX)
+		ngroups_max = NGROUPS_MAX;
 }
 
 /*

Modified: projects/ngroups/sys/rpc/authunix_prot.c
==============================================================================
--- projects/ngroups/sys/rpc/authunix_prot.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/rpc/authunix_prot.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -110,7 +110,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *
 	if (!xdr_uint32_t(xdrs, &ngroups))
 		return (FALSE);
 	for (i = 0; i < ngroups; i++) {
-		if (i + 1 < NGROUPS) {
+		if (i + 1 < ngroups_max + 1) {
 			if (!xdr_uint32_t(xdrs, &cred->cr_groups[i + 1]))
 				return (FALSE);
 		} else {
@@ -120,8 +120,8 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *
 	}
 
 	if (xdrs->x_op == XDR_DECODE) {
-		if (ngroups + 1 > NGROUPS)
-			cred->cr_ngroups = NGROUPS;
+		if (ngroups + 1 > ngroups_max + 1)
+			cred->cr_ngroups = ngroups_max + 1;
 		else
 			cred->cr_ngroups = ngroups + 1;
 	}

Modified: projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Thu Dec 31 21:08:13 2009	(r201353)
@@ -147,7 +147,7 @@ struct svc_rpc_gss_client {
 	int			cl_rpcflavor;	/* RPC pseudo sec flavor */
 	bool_t			cl_done_callback; /* TRUE after call */
 	void			*cl_cookie;	/* user cookie from callback */
-	gid_t			cl_gid_storage[NGROUPS];
+	gid_t			*cl_gid_storage;
 	gss_OID			cl_mech;	/* mechanism */
 	gss_qop_t		cl_qop;		/* quality of protection */
 	uint32_t		cl_seqlast;	/* sequence window origin */
@@ -542,6 +542,7 @@ svc_rpc_gss_create_client(void)
 
 	client = mem_alloc(sizeof(struct svc_rpc_gss_client));
 	memset(client, 0, sizeof(struct svc_rpc_gss_client));
+	client->cl_gid_storage = mem_alloc((ngroups_max + 1) * sizeof(gid_t));
 	refcount_init(&client->cl_refs, 1);
 	sx_init(&client->cl_lock, "GSS-client");
 	getcredhostid(curthread->td_ucred, &hostid);
@@ -589,6 +590,8 @@ svc_rpc_gss_destroy_client(struct svc_rp
 		crfree(client->cl_cred);
 
 	sx_destroy(&client->cl_lock);
+	mem_free(client->cl_gid_storage,
+	    (ngroups_max + 1) * sizeof(gid_t));
 	mem_free(client, sizeof(*client));
 }
 
@@ -734,7 +737,7 @@ svc_rpc_gss_build_ucred(struct svc_rpc_g
 	uc->gid = 65534;
 	uc->gidlist = client->cl_gid_storage;
 
-	numgroups = NGROUPS;
+	numgroups = ngroups_max + 1;
 	maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech,
 	    &uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]);
 	if (GSS_ERROR(maj_stat))

Modified: projects/ngroups/sys/sys/systm.h
==============================================================================
--- projects/ngroups/sys/sys/systm.h	Thu Dec 31 20:56:28 2009	(r201352)
+++ projects/ngroups/sys/sys/systm.h	Thu Dec 31 21:08:13 2009	(r201353)
@@ -63,6 +63,7 @@ extern int boothowto;		/* reboot flags, 
 extern int bootverbose;		/* nonzero to print verbose messages */
 
 extern int maxusers;		/* system tune hint */
+extern int ngroups_max;		/* max # of supplemental groups */
 
 #ifdef	INVARIANTS		/* The option is always available */
 #define	KASSERT(exp,msg) do {						\

More information about the svn-src-projects mailing list