aboutsummaryrefslogtreecommitdiff
path: root/grp/initgroups.c
diff options
context:
space:
mode:
Diffstat (limited to 'grp/initgroups.c')
-rw-r--r--grp/initgroups.c119
1 files changed, 79 insertions, 40 deletions
diff --git a/grp/initgroups.c b/grp/initgroups.c
index 89dc4d6..ee809d7 100644
--- a/grp/initgroups.c
+++ b/grp/initgroups.c
@@ -136,50 +136,18 @@ compat_call (service_user *nip, const char *user, gid_t group, long int *start,
return NSS_STATUS_SUCCESS;
}
-/* Initialize the group set for the current user
- by reading the group database and using all groups
- of which USER is a member. Also include GROUP. */
-int
-initgroups (user, group)
- const char *user;
- gid_t group;
+static int
+internal_getgrouplist (const char *user, gid_t group, long int *size,
+ gid_t **groupsp, long int limit)
{
-#if defined NGROUPS_MAX && NGROUPS_MAX == 0
-
- /* No extra groups allowed. */
- return 0;
-
-#else
-
service_user *nip = NULL;
initgroups_dyn_function fct;
enum nss_status status = NSS_STATUS_UNAVAIL;
int no_more;
/* Start is one, because we have the first group as parameter. */
long int start = 1;
- long int size;
- gid_t *groups;
- int result;
- /* We always use sysconf even if NGROUPS_MAX is defined. That way, the
- limit can be raised in the kernel configuration without having to
- recompile libc. */
- long int limit = __sysconf (_SC_NGROUPS_MAX);
-
- if (limit > 0)
- size = limit;
- else
- {
- /* No fixed limit on groups. Pick a starting buffer size. */
- size = 16;
- }
-
- groups = (gid_t *) malloc (size * sizeof (gid_t));
- if (__builtin_expect (groups == NULL, 0))
- /* No more memory. */
- return -1;
-
- groups[0] = group;
+ *groupsp[0] = group;
if (__nss_group_database != NULL)
{
@@ -196,14 +164,14 @@ initgroups (user, group)
if (fct == NULL)
{
- status = compat_call (nip, user, group, &start, &size, &groups,
+ status = compat_call (nip, user, group, &start, size, groupsp,
limit, &errno);
if (nss_next_action (nip, NSS_STATUS_UNAVAIL) != NSS_ACTION_CONTINUE)
break;
}
else
- status = DL_CALL_FCT (fct, (user, group, &start, &size, &groups,
+ status = DL_CALL_FCT (fct, (user, group, &start, size, groupsp,
limit, &errno));
/* This is really only for debugging. */
@@ -220,10 +188,81 @@ initgroups (user, group)
nip = nip->next;
}
+ return start;
+}
+
+/* Store at most *NGROUPS members of the group set for USER into
+ *GROUPS. Also include GROUP. The actual number of groups found is
+ returned in *NGROUPS. Return -1 if the if *NGROUPS is too small. */
+int
+getgrouplist (const char *user, gid_t group, gid_t *groups, int *ngroups)
+{
+ gid_t *newgroups;
+ long int size = *ngroups;
+ int result;
+
+ newgroups = (gid_t *) malloc (size * sizeof (gid_t));
+ if (__builtin_expect (newgroups == NULL, 0))
+ /* No more memory. */
+ return -1;
+
+ result = internal_getgrouplist (user, group, &size, &newgroups, -1);
+ if (result > *ngroups)
+ {
+ *ngroups = result;
+ result = -1;
+ }
+ else
+ *ngroups = result;
+
+ memcpy (groups, newgroups, *ngroups * sizeof (gid_t));
+
+ free (newgroups);
+ return result;
+}
+
+/* Initialize the group set for the current user
+ by reading the group database and using all groups
+ of which USER is a member. Also include GROUP. */
+int
+initgroups (const char *user, gid_t group)
+{
+#if defined NGROUPS_MAX && NGROUPS_MAX == 0
+
+ /* No extra groups allowed. */
+ return 0;
+
+#else
+
+ long int size;
+ gid_t *groups;
+ int ngroups;
+ int result;
+
+ /* We always use sysconf even if NGROUPS_MAX is defined. That way, the
+ limit can be raised in the kernel configuration without having to
+ recompile libc. */
+ long int limit = __sysconf (_SC_NGROUPS_MAX);
+
+ if (limit > 0)
+ size = limit;
+ else
+ {
+ /* No fixed limit on groups. Pick a starting buffer size. */
+ size = 16;
+ }
+
+ groups = (gid_t *) malloc (size * sizeof (gid_t));
+ if (__builtin_expect (groups == NULL, 0))
+ /* No more memory. */
+ return -1;
+
+ ngroups = internal_getgrouplist (user, group, &size, &groups, limit);
+
/* Try to set the maximum number of groups the kernel can handle. */
do
- result = setgroups (start, groups);
- while (result == -1 && errno == EINVAL && --start > 0);
+ result = setgroups (ngroups, groups);
+ while (result == -1 && errno == EINVAL && --ngroups > 0);
free (groups);