glibc/glibc-nis-splitgroups.diff

101 lines
3.7 KiB
Diff
Raw Normal View History

2009-04-19 Petr Baudis <pasky@suse.cz>
* nis/Makefile (libnss_compat-routines): Add build dependency
on nss-nis.
* nis/nss: New variable SPLIT_GROUPS.
* nis/libnsl.h: New flag NSS_FLAG_SPLIT_GROUPS.
* nis/nss-default.c: Likewise.
* nss_compat/compat-initgroups.c: Do not use initgroups_dyn
in case NSS_FLAG_SPLIT_GROUPS is set.
diff --git a/nis/Makefile b/nis/Makefile
index 8083ee8..9814fce 100644
--- nis/Makefile
+++ nis/Makefile
@@ -56,7 +56,8 @@ libnsl-routines = yp_xdr ypclnt ypupdate_xdr \
nis_findserv nis_callback nis_clone_dir nis_clone_obj\
nis_clone_res nss-default
-libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups)
+libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) \
+ nss-nis
libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes))
libnss_nis-routines := $(addprefix nis-,$(databases)) nis-initgroups \
diff --git a/nis/libnsl.h b/nis/libnsl.h
index c6ceb32..77c34ef 100644
--- nis/libnsl.h
+++ nis/libnsl.h
@@ -21,6 +21,7 @@
#define NSS_FLAG_NETID_AUTHORITATIVE 1
#define NSS_FLAG_SERVICES_AUTHORITATIVE 2
#define NSS_FLAG_SETENT_BATCH_READ 4
+#define NSS_FLAG_SPLIT_GROUPS 8
/* Get current set of default flags. */
diff --git a/nis/nss b/nis/nss
index aab40ab..4715ab5 100644
--- nis/nss
+++ nis/nss
@@ -1,7 +1,7 @@
# /etc/default/nss
# This file can theoretically contain a bunch of customization variables
# for Name Service Switch in the GNU C library. For now there are only
-# three variables:
+# four variables:
#
# NETID_AUTHORITATIVE
# If set to TRUE, the initgroups() function will accept the information
@@ -26,3 +26,11 @@
# might result into a network communication with the server to get
# the next entry.
#SETENT_BATCH_READ=TRUE
+#
+# SPLIT_GROUPS
+# If set to TRUE, the nss_compat module's initgroups() function will
+# not use the NIS initgroups interface for retrieving group information.
+# This allows one NIS group to be split into multiple database entries
+# with same gid, a practice used to overcome entry length limitations.
+# The downside is a certain performance degradation.
+#SPLIT_GROUPS=TRUE
diff --git a/nis/nss-default.c b/nis/nss-default.c
index 046ddfe..d6141b9 100644
--- nis/nss-default.c
+++ nis/nss-default.c
@@ -48,6 +48,7 @@ static const struct
{ STRNLEN ("NETID_AUTHORITATIVE"), NSS_FLAG_NETID_AUTHORITATIVE },
{ STRNLEN ("SERVICES_AUTHORITATIVE"), NSS_FLAG_SERVICES_AUTHORITATIVE },
- { STRNLEN ("SETENT_BATCH_READ"), NSS_FLAG_SETENT_BATCH_READ }
+ { STRNLEN ("SETENT_BATCH_READ"), NSS_FLAG_SETENT_BATCH_READ },
+ { STRNLEN ("SPLIT_GROUPS"), NSS_FLAG_SPLIT_GROUPS },
};
#define nvars (sizeof (vars) / sizeof (vars[0]))
diff --git a/nis/nss_compat/compat-initgroups.c b/nis/nss_compat/compat-initgroups.c
index 76ca95d..14b0aac 100644
--- nis/nss_compat/compat-initgroups.c
+++ nis/nss_compat/compat-initgroups.c
@@ -32,6 +32,9 @@
#include <bits/libc-lock.h>
#include <kernel-features.h>
+/* Get the declaration of the NSS flags. */
+#include <libnsl.h>
+
static service_user *ni;
/* Type of the lookup function. */
static enum nss_status (*nss_initgroups_dyn) (const char *, gid_t,
@@ -103,7 +106,10 @@ init_nss_interface (void)
if (ni == NULL
&& __nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0)
{
- nss_initgroups_dyn = __nss_lookup_function (ni, "initgroups_dyn");
+ if (_nsl_default_nss () & NSS_FLAG_SPLIT_GROUPS)
+ nss_initgroups_dyn = NULL;
+ else
+ nss_initgroups_dyn = __nss_lookup_function (ni, "initgroups_dyn");
nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r");
nss_getgrgid_r = __nss_lookup_function (ni, "getgrgid_r");
nss_getgrent_r = __nss_lookup_function (ni, "getgrent_r");