maria-developers team mailing list archive

[Alexey Botchkov <holyfoot@xxxxxxxxxxxx>]

>Eh? Why don't you compare group_id with groups[i] directly ?

D'oh. It's actually i forgot to do the 'git add' with the fixed code.
Never happened to me before.

Anyway, here's the new patch.
http://lists.askmonty.org/pipermail/commits/2015-October/008512.html

Best regards.
HF



06.10.2015 21:43, Sergei Golubchik wrote:
> Hi, Holyfoot!
>
> On Oct 06, holyfoot@xxxxxxxxxxxx wrote:
> > revision-id: c934b5e661b19b7934d1a9af40afc70b727c2273 (mariadb-10.1.7-64-gc934b5e)
> > parent(s): 90f2c822469a4f88f882ba8974e790f0fb0b2702
> > committer: Alexey Botchkov
> > timestamp: 2015-10-06 14:02:29 +0500
> > message:
> >
> > MDEV-8842 add group support to pam_user_map module.
> > Added to the pam_user_map module.
> Right, thanks.
> A couple of comments, see below.
>
> > diff --git a/plugin/auth_pam/mapper/pam_user_map.c b/plugin/auth_pam/mapper/pam_user_map.c
> > index e73ab6d..0787b1c 100644
> > --- a/plugin/auth_pam/mapper/pam_user_map.c
> > +++ b/plugin/auth_pam/mapper/pam_user_map.c
> ...
> > +  /*
> > +    So below we get the buffer of the NGROUPS_MAX size
> > +    which can take 256K on some systems.
> > +    It supposed to be working differently - we'd get
> > +    the 'ng' from the getgrouplist() and alloc the respective
> > +    size, but the problem is a bug in getgrouplist().
> > +    The glibc 2.3.2 implementation of this function  is  broken:
> > +    it overwrites memory when the actual number of groups is larger
> > +    than *ngroups.
> > +  */
> Forget 2.3.2, use it as it was supposed to be used.
> Our oldest builder uses glibc-2.5
>
> > +  (void) getgrouplist(user, user_group_id, groups, &ng);
> > +  for (i= 0; i < ng; i++)
> > +  {
> > +    struct group *g;
> > +    if ((g= getgrgid(groups[i])) == NULL)
> > +      return 0;
> > +    if (g->gr_gid == group_id)
> > +      return 1;
> Eh? Why don't you compare group_id with groups[i] directly ?
>
> Regards,
> Sergei