kern/113398: [libc] initgroups fails rather than truncates if
number of groups > NGROUPS_MAX meaning the user can no longer login
Denis Barov
dindin at yandex-team.ru
Wed Feb 27 17:30:07 UTC 2008
The following reply was made to PR kern/113398; it has been noted by GNATS.
From: Denis Barov <dindin at yandex-team.ru>
To: bug-followup at FreeBSD.org, dean.povey at quest.com
Cc:
Subject: Re: kern/113398: [libc] initgroups fails rather than truncates if number of groups > NGROUPS_MAX meaning the user can no longer login
Date: Wed, 27 Feb 2008 20:03:43 +0300
This problem becomes hard trouble when using paw_winbind in large windows
domain.
Here patch to increase maximum groups to 64.
in sys/user.h:
#ifdef i386
#define KINFO_PROC_SIZE 768
#endif
One groupe takes 32 bits of memory, 16 groups taking 4*16 bytes, 64 groups
taking 4*64 then new KINFO_PROC_SIZE size is:
768-(16*4)+(64*4) = 960
and same for other arcs
--
Cheers
Denis Barov
--- src/sys/sys/user.h Fri Mar 16 09:35:27 2007
+++ src/sys/sys/user.h Fri Mar 16 09:29:08 2007
@@ -86,16 +86,18 @@
#define KINFO_PROC_SIZE 1088
#endif
#ifdef __amd64__
-#define KINFO_PROC_SIZE 1088
+#define KINFO_PROC_SIZE 1280
+//#define KINFO_PROC_SIZE 1088
#endif
#ifdef __arm__
#define KINFO_PROC_SIZE 792
#endif
#ifdef __ia64__
-#define KINFO_PROC_SIZE 1088
+#define KINFO_PROC_SIZE 1280
+//#define KINFO_PROC_SIZE 1088
#endif
#ifdef __i386__
-#define KINFO_PROC_SIZE 768
+#define KINFO_PROC_SIZE 960
#endif
#ifdef __powerpc__
#define KINFO_PROC_SIZE 768
@@ -112,7 +114,7 @@
#define OCOMMLEN 16 /* size of returned ki_ocomm name */
#define COMMLEN 19 /* size of returned ki_comm name */
#define KI_EMULNAMELEN 16 /* size of returned ki_emul */
-#define KI_NGROUPS 16 /* number of groups in ki_groups */
+#define KI_NGROUPS 64 /* number of groups in ki_groups */
#define LOGNAMELEN 17 /* size of returned ki_login */
struct kinfo_proc {
--- src/sys/sys/syslimits.h Fri Mar 16 00:41:57 2007
+++ src/sys/sys/syslimits.h Mon Feb 26 21:23:12 2007
@@ -58,7 +58,7 @@
#define MAX_CANON 255 /* max bytes in term canon input line */
#define MAX_INPUT 255 /* max bytes in terminal input */
#define NAME_MAX 255 /* max bytes in a file name */
-#define NGROUPS_MAX 16 /* max supplemental group id's */
+#define NGROUPS_MAX 64 /* max supplemental group id's */
#ifndef OPEN_MAX
#define OPEN_MAX 64 /* max open files per process */
#endif
More information about the freebsd-bugs
mailing list