common/regress/sudo_conf/test3.out.ok
common/regress/sudo_conf/test4.in
common/regress/sudo_conf/test4.out.ok
+common/regress/sudo_conf/test5.in
+common/regress/sudo_conf/test5.out.ok
+common/regress/sudo_conf/test6.in
+common/regress/sudo_conf/test6.out.ok
common/regress/sudo_parseln/parseln_test.c
common/regress/sudo_parseln/test1.in
common/regress/sudo_parseln/test1.out.ok
--- /dev/null
+Set max_groups 0
--- /dev/null
+Set disable_coredump true
+Set group_source adaptive
+Set max_groups -1
--- /dev/null
+Set max_groups 16
--- /dev/null
+Set disable_coredump true
+Set group_source adaptive
+Set max_groups 16
char *ep;
lval = strtol(entry, &ep, 10);
- if (*entry == '\0' || *ep != '\0' || lval < 0 || lval > INT_MAX ||
+ if (*entry == '\0' || *ep != '\0' || lval <= 0 || lval > INT_MAX ||
(errno == ERANGE && lval == LONG_MAX)) {
warningx(_("invalid max groups `%s' in %s, line %d"), entry,
conf_file, conf_lineno);
max_groups
The maximum number of user groups to retrieve from the group
- database. This setting is only used when querying the group
- database directly. It is intended to be used on systems where
- it is not possible to detect when the array to be populated
- with group entries is not sufficiently large. By default, s\bsu\bud\bdo\bo
- will allocate four times the system's maximum number of groups
- (see above) and retry with double that number if the group
- database query fails. However, some systems just return as
- many entries as will fit and do not indicate an error when
- there is a lack of space.
+ database. Values less than one will be ignored. This setting
+ is only used when querying the group database directly. It is
+ intended to be used on systems where it is not possible to
+ detect when the array to be populated with group entries is not
+ sufficiently large. By default, s\bsu\bud\bdo\bo will allocate four times
+ the system's maximum number of groups (see above) and retry
+ with double that number if the group database query fails.
+ However, some systems just return as many entries as will fit
+ and do not indicate an error when there is a lack of space.
This setting is only available in s\bsu\bud\bdo\bo version 1.8.7 and
higher.
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.7 March 14, 2013 Sudo 1.8.7
+Sudo 1.8.8 August 12, 2013 Sudo 1.8.8
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDO" "5" "March 14, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
+.TH "SUDO" "5" "August 12, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
.TP 10n
max_groups
The maximum number of user groups to retrieve from the group database.
+Values less than one will be ignored.
This setting is only used when querying the group database directly.
It is intended to be used on systems where it is not possible to detect
when the array to be populated with group entries is not sufficiently large.
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd March 14, 2013
+.Dd August 12, 2013
.Dt SUDO @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
version 1.8.7 and higher.
.It max_groups
The maximum number of user groups to retrieve from the group database.
+Values less than one will be ignored.
This setting is only used when querying the group database directly.
It is intended to be used on systems where it is not possible to detect
when the array to be populated with group entries is not sufficiently large.
/* Parse command line settings. */
user_closefrom = -1;
- sudo_user.max_groups = -1;
for (cur = info->settings; *cur != NULL; cur++) {
if (MATCHES(*cur, "closefrom=")) {
user_closefrom = atoi(*cur + sizeof("closefrom=") - 1);
user_gids = NULL;
user_ngids = 0;
} else {
- if (sudo_user.max_groups != -1) {
+ if (sudo_user.max_groups > 0) {
ngids = sudo_user.max_groups;
gids = emalloc2(ngids, sizeof(GETGROUPS_T));
(void)getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids);
* trying getgrouplist() until we have enough room in the array.
*/
ud->ngroups = sudo_conf_max_groups();
- if (ud->ngroups != -1) {
+ if (ud->ngroups > 0) {
ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
/* No error on insufficient space if user specified max_groups. */
(void)getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups);
projects / sudo / commitdiff