Print this page
4078 groupadd execs getent unnecessarily
Reviewed by: Rich Lowe <richlowe@richlowe.net>
Reviewed by: Gary Mills <gary_mills@fastmail.fm>
Reviewed by: Milan Jurik <milan.jurik@xylab.cz>
Reviewed by: Gordon Ross <Gordon.W.Ross@gmail.com>

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/smbsrv/libsmb/common/smb_lgrp.c
          +++ new/usr/src/lib/smbsrv/libsmb/common/smb_lgrp.c
↓ open down ↓ 14 lines elided ↑ open up ↑
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  
  22   22  /*
  23   23   * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
  24   24   * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
       25 + * Copyright (c) 2013 RackTop Systems.
  25   26   */
  26   27  
  27   28  #include <stdlib.h>
  28   29  #include <strings.h>
  29   30  #include <unistd.h>
  30   31  #include <syslog.h>
  31   32  #include <thread.h>
  32   33  #include <synch.h>
  33   34  #include <grp.h>
  34   35  #include <assert.h>
  35   36  #include <libintl.h>
  36   37  #include <smbsrv/libsmb.h>
  37   38  #include <smb_sqlite.h>
  38   39  #include <sys/types.h>
  39   40  #include <sys/stat.h>
  40   41  #include <sys/param.h>
       42 +#include <libcmdutils.h>
  41   43  
  42   44  /*
  43   45   * Local domain SID (aka machine SID) is not stored in the domain table
  44   46   * therefore the index is 0
  45   47   */
  46   48  #define SMB_LGRP_LOCAL_IDX      0
  47   49  #define SMB_LGRP_BUILTIN_IDX    1
  48   50  
  49   51  #define SMB_LGRP_DB_NAME        "/var/smb/smbgroup.db"
  50   52  #define SMB_LGRP_DB_TIMEOUT     3000            /* in millisecond */
↓ open down ↓ 65 lines elided ↑ open up ↑
 116  118  #define SMB_LGRP_INFO_CMNT      0x02
 117  119  #define SMB_LGRP_INFO_SID       0x04
 118  120  #define SMB_LGRP_INFO_PRIV      0x08
 119  121  #define SMB_LGRP_INFO_MEMB      0x10
 120  122  #define SMB_LGRP_INFO_ALL       0x1F
 121  123  
 122  124  #define SMB_LGRP_PGRP_GRPTMP    "/etc/gtmp"
 123  125  #define SMB_LGRP_PGRP_GRPBUFSIZ 5120
 124  126  #define SMB_LGRP_PGRP_GROUP     "/etc/group"
 125  127  #define SMB_LGRP_PGRP_MAXGLEN   9       /* max length of group name */
 126      -#define SMB_LGRP_PGRP_DEFRID    99      /* max reserved id */
      128 +#define SMB_LGRP_PGRP_DEFRID    1000    /* lowest cifs created gid */
 127  129  
 128  130  #define SMB_LGRP_PGRP_NOTUNIQUE 0
 129  131  #define SMB_LGRP_PGRP_RESERVED  1
 130  132  #define SMB_LGRP_PGRP_UNIQUE    2
 131  133  #define SMB_LGRP_PGRP_TOOBIG    3
 132  134  #define SMB_LGRP_PGRP_INVALID   4
 133  135  
 134  136  #define NULL_MSGCHK(msg)        ((msg) ? (msg) : "NULL")
 135  137  
 136  138  /* Member ID */
↓ open down ↓ 2401 lines elided ↑ open up ↑
2538 2540          if ((len > SMB_LGRP_PGRP_MAXGLEN - 1) || (badchar != 0))
2539 2541                  return (SMB_LGRP_PGRP_INVALID);
2540 2542  
2541 2543          if (getgrnam(group) != NULL)
2542 2544                  return (SMB_LGRP_PGRP_NOTUNIQUE);
2543 2545  
2544 2546          return (SMB_LGRP_PGRP_UNIQUE);
2545 2547  }
2546 2548  
2547 2549  /*
2548      - * smb_lgrp_pgrp_valid_gid
2549      - *
2550      - * Check to see that the gid is not a reserved gid
2551      - * -- nobody (60001), noaccess (60002) or nogroup (65534)
2552      - */
2553      -static int
2554      -smb_lgrp_pgrp_valid_gid(gid_t gid)
2555      -{
2556      -        return (gid != 60001 && gid != 60002 && gid != 65534);
2557      -}
2558      -
2559      -/*
2560      - * smb_lgrp_pgrp_findnextgid(void)
2561      - *
2562      - * This method finds the next valid GID.
2563      - * It sorts the used GIDs in decreasing order to return MAXUSED + 1.
2564      - * It then adds one to obtain the next valid GID.
2565      - * On failure, -1 is returned. On success, a valid GID is returned.
2566      - */
2567      -static int
2568      -smb_lgrp_pgrp_findnextgid(void)
2569      -{
2570      -        FILE *fptr;
2571      -        gid_t last, next;
2572      -        int gid;
2573      -
2574      -        if ((fptr = popen("exec sh -c "
2575      -            "\"getent group|cut -f3 -d:|sort -nr|uniq \" 2>/dev/null",
2576      -            "r")) == NULL)
2577      -                return (-1);
2578      -
2579      -        if (fscanf(fptr, "%u\n", &next) == EOF) {
2580      -                (void) pclose(fptr);
2581      -                return (SMB_LGRP_PGRP_DEFRID + 1);
2582      -        }
2583      -
2584      -        last = MAXUID;
2585      -        gid = -1;
2586      -        do {
2587      -                if (!smb_lgrp_pgrp_valid_gid(next))
2588      -                        continue;
2589      -
2590      -                if (next <= SMB_LGRP_PGRP_DEFRID) {
2591      -                        if (last != SMB_LGRP_PGRP_DEFRID + 1)
2592      -                                gid = SMB_LGRP_PGRP_DEFRID + 1;
2593      -                        break;
2594      -                }
2595      -
2596      -                if ((gid = next + 1) != last) {
2597      -                        while (!smb_lgrp_pgrp_valid_gid((gid_t)gid))
2598      -                                gid++;
2599      -                        if (gid > 0 && gid < last)
2600      -                                break;
2601      -                }
2602      -
2603      -                gid = -1;
2604      -                last = next;
2605      -        } while (fscanf(fptr, "%u\n", &next) != EOF);
2606      -
2607      -        (void) pclose(fptr);
2608      -        return (gid);
2609      -}
2610      -
2611      -/*
2612 2550   * smb_lgrp_pgrp_add
2613 2551   *
2614 2552   * Create a posix group with the given name.
2615 2553   * This group will be added to the /etc/group file.
2616 2554   */
2617 2555  static int
2618 2556  smb_lgrp_pgrp_add(char *group)
2619 2557  {
2620 2558          FILE *etcgrp;
2621 2559          FILE *etctmp;
2622      -        int o_mask, gret;
     2560 +        int o_mask;
2623 2561          int newdone = 0;
2624 2562          struct stat sb;
2625 2563          char buf[SMB_LGRP_PGRP_GRPBUFSIZ];
2626 2564          gid_t gid;
2627 2565          int rc = 0;
2628 2566  
2629 2567          rc = smb_lgrp_pgrp_valid_gname(group);
2630 2568          if ((rc == SMB_LGRP_PGRP_INVALID) || (rc == SMB_LGRP_PGRP_NOTUNIQUE))
2631 2569                  return (-1);
2632 2570  
2633      -        if ((gret = smb_lgrp_pgrp_findnextgid()) < 0)
     2571 +        if ((findnextgid(SMB_LGRP_PGRP_DEFRID, MAXUID, &gid)) != 0)
2634 2572                  return (-1);
2635      -        gid = gret;
2636 2573  
2637 2574          if ((etcgrp = fopen(SMB_LGRP_PGRP_GROUP, "r")) == NULL)
2638 2575                  return (-1);
2639 2576  
2640 2577          if (fstat(fileno(etcgrp), &sb) < 0)
2641 2578                  sb.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH;
2642 2579  
2643 2580          o_mask = umask(077);
2644 2581          etctmp = fopen(SMB_LGRP_PGRP_GRPTMP, "w+");
2645 2582          (void) umask(o_mask);
↓ open down ↓ 47 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX