conf.CHECK_HEADERS('strings.h inttypes.h stdint.h unistd.h minix/config.h', add_headers=True)
conf.CHECK_HEADERS('ctype.h', add_headers=True)
- if sys.platform != 'darwin':
+ if sys.platform == 'darwin':
+ conf.DEFINE('_DARWIN_C_SOURCE', 1, add_to_cflags=True)
+ conf.DEFINE('_DARWIN_UNLIMITED_GETGROUPS', 1, add_to_cflags=True)
+ else:
conf.CHECK_HEADERS('standards.h', add_headers=True)
conf.CHECK_HEADERS('stdbool.h stdint.h stdarg.h vararg.h', add_headers=True)
void drop_effective_capability(enum smbd_capability capability);
long sys_random(void);
void sys_srandom(unsigned int seed);
-int groups_max(void);
+int getgroups_max(void);
+int setgroups_max(void);
int sys_getgroups(int setlen, gid_t *gidset);
int sys_setgroups(gid_t UNUSED(primary_gid), int setlen, gid_t *gidset);
uint32_t unix_dev_major(SMB_DEV_T dev);
Returns equivalent to NGROUPS_MAX - using sysconf if needed.
****************************************************************************/
-int groups_max(void)
+int setgroups_max(void)
{
#if defined(SYSCONF_SC_NGROUPS_MAX)
int ret = sysconf(_SC_NGROUPS_MAX);
#endif
}
+int getgroups_max(void)
+{
+#if defined(DARWINOS)
+ /*
+ * On MacOS sysconf(_SC_NGROUPS_MAX) returns 16 due to MacOS's group
+ * nesting. However, The initgroups() manpage states the following:
+ * "Note that OS X supports group membership in an unlimited number
+ * of groups. The OS X kernel uses the group list stored in the process
+ * credentials only as an initial cache. Additional group memberships
+ * are determined by communication between the operating system and the
+ * opendirectoryd daemon."
+ */
+ return INT_MAX;
+#else
+ return setgroups_max();
+#endif
+}
+
/**************************************************************************
Wrap setgroups and getgroups for systems that declare getgroups() as
returning an array of gid_t, but actuall return an array of int.
if (setlen == 0)
return 0 ;
- if (setlen < 0 || setlen > groups_max()) {
+ if (setlen < 0 || setlen > setgroups_max()) {
errno = EINVAL;
return -1;
}
int ret;
/* setgroups(2) will fail with EINVAL if we pass too many groups. */
- max = groups_max();
+ max = setgroups_max();
/* No group list, just make sure we are setting the efective GID. */
if (setlen == 0) {
gid_t primary_gid,
gid_t **ret_groups, uint32_t *p_ngroups)
{
- int max_grp = MIN(128, groups_max());
+ int max_grp = MIN(128, getgroups_max());
gid_t stack_groups[max_grp];
uint32_t ngrp;
gid_t *temp_groups = stack_groups;
static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
{
- int max = groups_max();
+ int max = NGROUPS_MAX;
/* Start context switch */
gain_root();
{
int i;
- *ngroups = random() % groups_max();
+ *ngroups = random() % setgroups_max();
*groups = malloc(*ngroups * sizeof(gid_t));
if (!groups) {