[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#98 'user' patch for BSD systems

> > NOTE that if <new-user> is numeric, then at least one <new-group> must
> > be specified.
> Can't we get the user name from getpwuid(run_uid)->pw_name?

What if there are aliases for that uid?  Admitedly, this is most
commonly only done to provide for different shells or root directories;
but there is nothing to prevent it from also affecting group access

Of course, we could just say "Don't do that".  Or "If you specify
a uid number with no groups, we'll use getpwuid() to get the user
name.  This may cause unexpected, and possibly even non-deterministic
results if there is more than one passwd entry with that uid."

> > SysV-derived systems (e.g., Solaris 2.5.1, Linux) appear to lack the
> > getgrouplist(3) system call which is used to determine the group access
> > list associated with a given username.
> I'm not sure what getgrouplist() does, but would that be this call?
>      #include <unistd.h>
>      int getgroups(int gidsetsize, gid_t *grouplist);

Nope.  Getgroups() gives you info about the process's current group
access rights.  getgrouplist() gives the access rights associated
with a username.

     getgrouplist - calculate group access list

     #include <unistd.h>

     getgrouplist(const char *name, int basegid, int *groups, int *ngroups)

     The getgrouplist() function reads through the group file and calculates
     the group access list for the user specified in name. The basegid is au-
     tomatically included in the groups list.  Typically this value is given
     as the group number from the password file.

     The resulting group list is returned in the integer array pointed to by
     groups. The caller specifies the size of the groups array in the integer
     pointed to by ngroups; the actual number of groups found is returned in

     The getgrouplist() function returns -1 if the size of the group list is
     too small to hold all the user's groups.  Here, the group array will be
     filled with as many groups as will fit.

     /etc/group  group membership list

     setgroups(2),  initgroups(3)

     The getgrouplist() function first appeared in 4.4BSD.

     The getgrouplist() function uses the routines based on getgrent(3).  If
     the invoking program uses any of these routines, the group structure will
     be overwritten in the call to getgrouplist(). 

> > --- doc/man/man5/slapd.conf.5     Sat Jan 23 13:24:59 1999
> > +++ doc/man/man5/slapd.conf.5     Wed Mar 10 18:30:38 1999
> >(...)
> > +If a user is specified, but no group, then initgroups(3) will be used to
> > +determine the appropriate groups for that user.
> There is no initgroups() call in your patch.

Err, um, mumble.  I changed the doc before I actually fixed the code
for multiple group setting.  It turns out that initgroups(3) didn't
seem to do quite what we want.  (Since it is based on the current
uid, we'd have to change the uid first.  And then we might not have
all of the right permissions...)

It should say:
	If a user is specified, but no group, then getgrouplist(3)
	will be used to determine the appropriate groups for that
	user.  If getgrouplist(3) is not available, then only the
	primary group as listed in the passwd database will be used.

Unless somebody comes up with a way to get the same effect on systems
that don't have getgrouplist(3)...

> ...and by standard complaint against almost all code (or if you prefer,
> against the C library):
> > +               } else if ( isdigit( *(cargv[1]) )) {
> 'char' arguments to isXXX() should be cast to 'unsigned char', otherwise
> it produces garbage for 8-bit characters on systems with signed char.
> See `man isdigit'.

Urrm.  Yes.  I tend to forget about some of the more crufty mis-features
of C when I've spent too much time programming in more reasonable languages.
(It is only by a herculean effort of will that I'm avoiding starting a
rant about isdigit(), et. al., not being able to handle whatever char
type is native to that compiler.  Or the extreme brain damage that defined
'char' without specifying whether it was to be treated as a signed value
or not.)