Attachment #548 for bug #787




#include "log.h"

static int ngroups;
static char **groups_byname;

/*
 * Initialize group access list for user with primary (base) and

int
ga_init(const char *user, gid_t base)
{
	gid_t *groups_bygid;
	int i;
	struct group *gr;
	gid_t fake;

	if (ngroups > 0)
		ga_free();

	/* passing a NULL array or zero size blows up on some platforms */
	ngroups = 1;
	getgrouplist(user, base, &fake, &ngroups);
	groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
	groups_byname = xmalloc(ngroups * sizeof(*groups_byname));

	if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
		logit("getgrouplist: groups list too small");
	for (i = 0; i < ngroups; i++) {
		if ((gr = getgrgid(groups_bygid[i])) != NULL) {
			groups_byname[i] = xstrdup(gr->gr_name);
		} else {
			char gidstr[32];

			logit("getgrgid: unknown group id: %d",
			    (int)groups_bygid[i]);
			snprintf(gidstr, sizeof(gidstr), "%d",
			    (int)groups_bygid[i]);
			groups_byname[i] = xstrdup(gidstr);
		}
	}
	xfree(groups_bygid);
	return ngroups;
}

/*

		for (i = 0; i < ngroups; i++)
			xfree(groups_byname[i]);
		ngroups = 0;
		xfree(groups_byname);
	}
}





#include "log.h"
#include "uidswap.h"
#include "xmalloc.h"

/*
 * Note: all these functions must work in all of the following cases:

/* Saved effective uid. */
static int	privileged = 0;
static int	temporarily_use_uid_effective = 0;
static gid_t	*saved_egroups, *user_groups;
static int	saved_egroupslen = -1, user_groupslen = -1;

/*


	privileged = 1;
	temporarily_use_uid_effective = 1;

	saved_egroupslen = getgroups(0, NULL);
	if (saved_egroupslen < 0)
		fatal("getgroups: %.100s", strerror(errno));
	saved_egroups = xrealloc(saved_egroups,
	    saved_egroupslen * sizeof(*saved_egroups));
	if (getgroups(saved_egroupslen, saved_egroups) < 0)
		fatal("getgroups: %.100s", strerror(errno));

	/* set and save the user's groups */
	if (user_groupslen == -1) {
		if (initgroups(pw->pw_name, pw->pw_gid) < 0)
			fatal("initgroups: %s: %.100s", pw->pw_name,
			    strerror(errno));

		user_groupslen = getgroups(0, NULL);
		if (user_groupslen < 0)
			fatal("getgroups: %.100s", strerror(errno));
		user_groups = xrealloc(user_groups,
		    user_groupslen * sizeof(*user_groups));
		if (getgroups(user_groupslen, user_groups) < 0)
			fatal("getgroups: %.100s", strerror(errno));
	}
	/* Set the effective uid to the given (unprivileged) uid. */

Return to bug 787

Lines 31-37 Link Here

(-)groupaccess.c (-8 / +26 lines)
31	#include "log.h"	31	#include "log.h"
32		32
33	static int ngroups;	33	static int ngroups;
34	static char groups_byname[NGROUPS_MAX + 1]; / +1 for base/primary group */	34	static char **groups_byname;
35		35
36	/*	36	/*
37	* Initialize group access list for user with primary (base) and	37	* Initialize group access list for user with primary (base) and
Lines 40-59 Link Here
40	int	40	int
41	ga_init(const char *user, gid_t base)	41	ga_init(const char *user, gid_t base)
42	{	42	{
43	gid_t groups_bygid[NGROUPS_MAX + 1];	43	gid_t *groups_bygid;
44	int i, j;	44	int i;
45	struct group *gr;	45	struct group *gr;
		46	gid_t fake;
46		47
47	if (ngroups > 0)	48	if (ngroups > 0)
48	ga_free();	49	ga_free();
49		50
50	ngroups = sizeof(groups_bygid) / sizeof(gid_t);	51	/* passing a NULL array or zero size blows up on some platforms */
		52	ngroups = 1;
		53	getgrouplist(user, base, &fake, &ngroups);
		54	groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
		55	groups_byname = xmalloc(ngroups * sizeof(*groups_byname));
		56
51	if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)	57	if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
52	logit("getgrouplist: groups list too small");	58	logit("getgrouplist: groups list too small");
53	for (i = 0, j = 0; i < ngroups; i++)	59	for (i = 0; i < ngroups; i++) {
54	if ((gr = getgrgid(groups_bygid[i])) != NULL)	60	if ((gr = getgrgid(groups_bygid[i])) != NULL) {
55	groups_byname[j++] = xstrdup(gr->gr_name);	61	groups_byname[i] = xstrdup(gr->gr_name);
56	return (ngroups = j);	62	} else {
		63	char gidstr[32];
		64
		65	logit("getgrgid: unknown group id: %d",
		66	(int)groups_bygid[i]);
		67	snprintf(gidstr, sizeof(gidstr), "%d",
		68	(int)groups_bygid[i]);
		69	groups_byname[i] = xstrdup(gidstr);
		70	}
		71	}
		72	xfree(groups_bygid);
		73	return ngroups;
57	}	74	}
58		75
59	/*	76	/*
Lines 84-88 Link Here
84	for (i = 0; i < ngroups; i++)	101	for (i = 0; i < ngroups; i++)
85	xfree(groups_byname[i]);	102	xfree(groups_byname[i]);
86	ngroups = 0;	103	ngroups = 0;
		104	xfree(groups_byname);
87	}	105	}
88	}	106	}

Lines 16-21 Link Here

(-)uidswap.c (-3 / +14 lines)
16		16
17	#include "log.h"	17	#include "log.h"
18	#include "uidswap.h"	18	#include "uidswap.h"
		19	#include "xmalloc.h"
19		20
20	/*	21	/*
21	* Note: all these functions must work in all of the following cases:	22	* Note: all these functions must work in all of the following cases:
Lines 38-44 Link Here
38	/* Saved effective uid. */	39	/* Saved effective uid. */
39	static int privileged = 0;	40	static int privileged = 0;
40	static int temporarily_use_uid_effective = 0;	41	static int temporarily_use_uid_effective = 0;
41	static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];	42	static gid_t saved_egroups, user_groups;
42	static int saved_egroupslen = -1, user_groupslen = -1;	43	static int saved_egroupslen = -1, user_groupslen = -1;
43		44
44	/*	45	/*
Lines 68-84 Link Here
68		69
69	privileged = 1;	70	privileged = 1;
70	temporarily_use_uid_effective = 1;	71	temporarily_use_uid_effective = 1;
71	saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);	72
		73	saved_egroupslen = getgroups(0, NULL);
72	if (saved_egroupslen < 0)	74	if (saved_egroupslen < 0)
73	fatal("getgroups: %.100s", strerror(errno));	75	fatal("getgroups: %.100s", strerror(errno));
		76	saved_egroups = xrealloc(saved_egroups,
		77	saved_egroupslen * sizeof(*saved_egroups));
		78	if (getgroups(saved_egroupslen, saved_egroups) < 0)
		79	fatal("getgroups: %.100s", strerror(errno));
74		80
75	/* set and save the user's groups */	81	/* set and save the user's groups */
76	if (user_groupslen == -1) {	82	if (user_groupslen == -1) {
77	if (initgroups(pw->pw_name, pw->pw_gid) < 0)	83	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
78	fatal("initgroups: %s: %.100s", pw->pw_name,	84	fatal("initgroups: %s: %.100s", pw->pw_name,
79	strerror(errno));	85	strerror(errno));
80	user_groupslen = getgroups(NGROUPS_MAX, user_groups);	86
		87	user_groupslen = getgroups(0, NULL);
81	if (user_groupslen < 0)	88	if (user_groupslen < 0)
		89	fatal("getgroups: %.100s", strerror(errno));
		90	user_groups = xrealloc(user_groups,
		91	user_groupslen * sizeof(*user_groups));
		92	if (getgroups(user_groupslen, user_groups) < 0)
82	fatal("getgroups: %.100s", strerror(errno));	93	fatal("getgroups: %.100s", strerror(errno));
83	}	94	}
84	/* Set the effective uid to the given (unprivileged) uid. */	95	/* Set the effective uid to the given (unprivileged) uid. */