[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#98 'user' patch for BSD systems

Pat Lashley writes:
> Attached are three small patch files that implement a 'user'
> configuration command to address ITS#98.  They have received minimal
> testing under FreeBSD 3.1R.


A few questions/comments:

> NOTE that if <new-user> is numeric, then at least one <new-group> must
> be specified.

Can't we get the user name from getpwuid(run_uid)->pw_name?

> SysV-derived systems (e.g., Solaris 2.5.1, Linux) appear to lack the
> getgrouplist(3) system call which is used to determine the group access
> list associated with a given username.

I'm not sure what getgrouplist() does, but would that be this call?

     #include <unistd.h>

     int getgroups(int gidsetsize, gid_t *grouplist);

     The getgroups() function gets the current supplemental group
     access  list of the calling process and stores the result in
     the array of group IDs specified by  grouplist.  This  array
     has  gidsetsize  entries and must be large enough to contain
     the  entire  list.  This  list   cannot   be   larger   than
     NGROUPS_MAX. If gidsetsize equals 0, getgroups() will return
     the number of groups to which the  calling  process  belongs
     without modifying the array pointed to by grouplist.

> --- doc/man/man5/slapd.conf.5	Sat Jan 23 13:24:59 1999
> +++ doc/man/man5/slapd.conf.5	Wed Mar 10 18:30:38 1999
> +If a user is specified, but no group, then initgroups(3) will be used to
> +determine the appropriate groups for that user.

There is no initgroups() call in your patch.

...and by standard complaint against almost all code (or if you prefer,
against the C library):

> +			} else if ( isdigit( *(cargv[1]) )) {

'char' arguments to isXXX() should be cast to 'unsigned char', otherwise
it produces garbage for 8-bit characters on systems with signed char.
See `man isdigit'.