diff options
author | Alex Richardson <Alexander.Richardson@cl.cam.ac.uk> | 2018-10-05 09:35:40 +0100 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-09-13 07:48:08 +0000 |
commit | bd7302091099d6b5052f59ea0f5dca4539954327 (patch) | |
tree | d3dc445dff988dec115c43538836143ccb58ad8b /buildtools/wafsamba | |
parent | 92251109fa2211706380ba5729e6dbbcb94d1bd9 (diff) | |
download | samba-bd7302091099d6b5052f59ea0f5dca4539954327.tar.gz |
Don't use sysconf(_SC_NGROUPS_MAX) on macOS for getgroups()
On MacOS sysconf(_SC_NGROUPS_MAX) always returns 16. However, this is not
the value used by getgroups(2). MacOS uses nested groups but getgroups(2)
will return the flattened list which can easily exceed 16 groups. In my
testing getgroups() already returns 16 groups on a freshly installed
system. And on a 10.14 system the root user is in more than 16 groups by
default which makes it impossible to run smbd without this change.
Setting _DARWIN_UNLIMITED_GETGROUPS allows getgroups() to return more than
16 groups. This also changes set_unix_security_ctx() to only set up to
16 groups since that is the limit for initgroups() according to the manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8773
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 9 17:43:19 UTC 2021 on sn-devel-184
(cherry picked from commit 2c18a982537ea1a62e4d802c9ae0ef06b36158dc)
Diffstat (limited to 'buildtools/wafsamba')
-rw-r--r-- | buildtools/wafsamba/wscript | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript index 1aadb9570e1..def13f71c93 100644 --- a/buildtools/wafsamba/wscript +++ b/buildtools/wafsamba/wscript @@ -542,7 +542,10 @@ struct foo bar = { .y = 'X', .x = 1 }; conf.CHECK_HEADERS('strings.h inttypes.h stdint.h unistd.h minix/config.h', add_headers=True) conf.CHECK_HEADERS('ctype.h', add_headers=True) - if sys.platform != 'darwin': + if sys.platform == 'darwin': + conf.DEFINE('_DARWIN_C_SOURCE', 1, add_to_cflags=True) + conf.DEFINE('_DARWIN_UNLIMITED_GETGROUPS', 1, add_to_cflags=True) + else: conf.CHECK_HEADERS('standards.h', add_headers=True) conf.CHECK_HEADERS('stdbool.h stdint.h stdarg.h vararg.h', add_headers=True) |