Replace the static NGROUPS=NGROUPS_MAX+1=1024 with a dynamic

kern.ngroups+1.  kern.ngroups can range from NGROUPS_MAX=1023 to
INT_MAX-1.  Given that the Windows group limit is 1024, this range
should be sufficient for most applications.

MFC after:	1 month

3 files changed, 21 insertions, 7 deletions

diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index 78382c7..e2d061a 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -125,7 +125,7 @@ SYSCTL_INT(_kern, KERN_POSIX1, posix1version, CTLFLAG_RD,
     0, _POSIX_VERSION, "Version of POSIX attempting to comply to");
 
 SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RD,
-    0, NGROUPS_MAX,
+    &ngroups_max, 0,
     "Maximum number of supplemental groups a user can belong to");
 
 SYSCTL_INT(_kern, KERN_JOB_CONTROL, job_control, CTLFLAG_RD,
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 709bcb0..5a5c24c 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -283,7 +283,7 @@ getgroups(struct thread *td, register struct getgroups_args *uap)
 	u_int ngrp;
 	int error;
 
-	ngrp = MIN(uap->gidsetsize, NGROUPS);
+	ngrp = MIN(uap->gidsetsize, ngroups_max + 1);
 	groups = malloc(ngrp * sizeof(*groups), M_TEMP, M_WAITOK);
 	error = kern_getgroups(td, &ngrp, groups);
 	if (error)
@@ -796,7 +796,7 @@ setgroups(struct thread *td, struct setgroups_args *uap)
 	gid_t *groups = NULL;
 	int error;
 
-	if (uap->gidsetsize > NGROUPS)
+	if (uap->gidsetsize > ngroups_max + 1)
 		return (EINVAL);
 	groups = malloc(uap->gidsetsize * sizeof(gid_t), M_TEMP, M_WAITOK);
 	error = copyin(uap->gidset, groups, uap->gidsetsize * sizeof(gid_t));
@@ -815,7 +815,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *groups)
 	struct ucred *newcred, *oldcred;
 	int error;
 
-	if (ngrp > NGROUPS)
+	if (ngrp > ngroups_max + 1)
 		return (EINVAL);
 	AUDIT_ARG_GROUPSET(groups, ngrp);
 	newcred = crget();
@@ -2022,14 +2022,14 @@ crsetgroups_locked(struct ucred *cr, int ngrp, gid_t *groups)
 
 /*
  * Copy groups in to a credential after expanding it if required.
- * Truncate the list to NGROUPS if it is too large.
+ * Truncate the list to (ngroups_max + 1) if it is too large.
  */
 void
 crsetgroups(struct ucred *cr, int ngrp, gid_t *groups)
 {
 
-	if (ngrp > NGROUPS)
-		ngrp = NGROUPS;
+	if (ngrp > ngroups_max + 1)
+		ngrp = ngroups_max + 1;
 
 	crextend(cr, ngrp);
 	crsetgroups_locked(cr, ngrp, groups);
diff --git a/sys/kern/subr_param.c b/sys/kern/subr_param.c
index 6113b63..fcd8131 100644
--- a/sys/kern/subr_param.c
+++ b/sys/kern/subr_param.c
@@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$");
 #include "opt_param.h"
 #include "opt_maxusers.h"
 
+#include <sys/limits.h>
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
@@ -88,6 +89,7 @@ int	maxfiles;			/* sys. wide open files limit */
 int	maxfilesperproc;		/* per-proc open files limit */
 int	ncallout;			/* maximum # of timer events */
 int	nbuf;
+int	ngroups_max;			/* max # groups per process */
 int	nswbuf;
 long	maxswzone;			/* max swmeta KVA storage */
 long	maxbcache;			/* max buffer cache KVA storage */
@@ -228,6 +230,18 @@ init_param1(void)
 	TUNABLE_ULONG_FETCH("kern.maxssiz", &maxssiz);
 	sgrowsiz = SGROWSIZ;
 	TUNABLE_ULONG_FETCH("kern.sgrowsiz", &sgrowsiz);
+
+	/*
+	 * Let the administrator set {NGROUPS_MAX}, but disallow values
+	 * less than NGROUPS_MAX which would violate POSIX.1-2008 or
+	 * greater than INT_MAX-1 which would result in overflow.
+	 */
+	ngroups_max = NGROUPS_MAX;
+	TUNABLE_INT_FETCH("kern.ngroups", &ngroups_max);
+	if (ngroups_max < NGROUPS_MAX)
+		ngroups_max = NGROUPS_MAX;
+	if (ngroups_max > INT_MAX - 1)
+		ngroups_max = INT_MAX - 1;
 }
 
 /*