← Back to team overview

maria-developers team mailing list archive

Re: [Commits] c934b5e: MDEV-8842 add group support to pam_user_map module.


>Eh? Why don't you compare group_id with groups[i] directly ?

D'oh. It's actually i forgot to do the 'git add' with the fixed code.
Never happened to me before.

Anyway, here's the new patch.

Best regards.

06.10.2015 21:43, Sergei Golubchik wrote:
Hi, Holyfoot!

On Oct 06, holyfoot@xxxxxxxxxxxx wrote:
revision-id: c934b5e661b19b7934d1a9af40afc70b727c2273 (mariadb-10.1.7-64-gc934b5e)
parent(s): 90f2c822469a4f88f882ba8974e790f0fb0b2702
committer: Alexey Botchkov
timestamp: 2015-10-06 14:02:29 +0500

MDEV-8842 add group support to pam_user_map module.
Added to the pam_user_map module.
Right, thanks.
A couple of comments, see below.

diff --git a/plugin/auth_pam/mapper/pam_user_map.c b/plugin/auth_pam/mapper/pam_user_map.c
index e73ab6d..0787b1c 100644
--- a/plugin/auth_pam/mapper/pam_user_map.c
+++ b/plugin/auth_pam/mapper/pam_user_map.c
+  /*
+    So below we get the buffer of the NGROUPS_MAX size
+    which can take 256K on some systems.
+    It supposed to be working differently - we'd get
+    the 'ng' from the getgrouplist() and alloc the respective
+    size, but the problem is a bug in getgrouplist().
+    The glibc 2.3.2 implementation of this function  is  broken:
+    it overwrites memory when the actual number of groups is larger
+    than *ngroups.
+  */
Forget 2.3.2, use it as it was supposed to be used.
Our oldest builder uses glibc-2.5

+  (void) getgrouplist(user, user_group_id, groups, &ng);
+  for (i= 0; i < ng; i++)
+  {
+    struct group *g;
+    if ((g= getgrgid(groups[i])) == NULL)
+      return 0;
+    if (g->gr_gid == group_id)
+      return 1;
Eh? Why don't you compare group_id with groups[i] directly ?