system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically. Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).
This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.
In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups(). In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.
Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages. We do not yet support a dynamic NGROUPS, but we
may in the future.
MFC after: 2 weeks
them (for example when they have logged in from an ip6 source).
- Stick with the initial call to getaudit(2), if it returns E2BIG, use
getaudit_addr(2) instead and set the "extended" flag to indicate that
we the calling credential has an extended subject state.
- Additionally, add the printing of the machine/at_addr (the ip/ip6
addresses)
MFC after: 1 week
Obtained from: TrustedBSD Project
discussed on src-committers. This is intentionally not included in the
usage() function as it would confuse the output too much.
Approved by: jhb
MFC after: 1 week
audit properties, including the audit user id. This can be quite
helpful in debugging audit problems.
Obtained from: TrustedBSD Project
MFC after: 3 days
to the id_print() function.
Use getgrouplist(3) for the case when an user was specified,
and getgroups(2) when no user was given.
That reverts to the expected behaviour and makes it easy to
implement an option later to force using getgrouplist(3).
NGROUPS groups. getgrouplist(3) may put a duplicate group
id into the passed array (it sets [0] and [1] to the value
of the gid argument), but id_print() sorts them out.
Showing the ids of both an user given by an argument to `id',
and the current user, is now handled in a single function.
Displaying the current user's ids was inaccurate because
getgroups(2) had been used. getgroups(2) returns the current
kernel state of a user's groups, which may not always be
correct if /etc/group was recently changed.
- Fix a few style bugs.
PR: bin/78085
to print the MAC label of the current process. "-M" selected as that's
what is used in Trusted IRIX.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
Add some constness to avoid some warnings.
Remove use register keyword.
Deal with missing/unneeded extern/prototypes.
Some minor type changes/casts to avoid warnings.
Reviewed by: md5