2009-04-19 Petr Baudis * nis/Makefile (libnss_compat-routines): Add build dependency on nss-nis. * nis/nss: New variable SPLIT_GROUPS. * nis/libnsl.h: New flag NSS_FLAG_SPLIT_GROUPS. * nis/nss-default.c: Likewise. * nss_compat/compat-initgroups.c: Do not use initgroups_dyn in case NSS_FLAG_SPLIT_GROUPS is set. Index: nis/Makefile =================================================================== --- nis/Makefile.orig +++ nis/Makefile @@ -56,7 +56,8 @@ libnsl-routines = yp_xdr ypclnt ypupdate nis_findserv nis_callback nis_clone_dir nis_clone_obj\ nis_clone_res nss-default -libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) +libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) \ + nss-nis libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) libnss_nis-routines := $(addprefix nis-,$(databases)) nis-initgroups \ Index: nis/libnsl.h =================================================================== --- nis/libnsl.h.orig +++ nis/libnsl.h @@ -21,6 +21,7 @@ #define NSS_FLAG_NETID_AUTHORITATIVE 1 #define NSS_FLAG_SERVICES_AUTHORITATIVE 2 #define NSS_FLAG_SETENT_BATCH_READ 4 +#define NSS_FLAG_SPLIT_GROUPS 8 /* Get current set of default flags. */ Index: nis/nss =================================================================== --- nis/nss.orig +++ nis/nss @@ -1,7 +1,7 @@ # /etc/default/nss # This file can theoretically contain a bunch of customization variables # for Name Service Switch in the GNU C library. For now there are only -# three variables: +# four variables: # # NETID_AUTHORITATIVE # If set to TRUE, the initgroups() function will accept the information @@ -26,3 +26,11 @@ # might result into a network communication with the server to get # the next entry. #SETENT_BATCH_READ=TRUE +# +# SPLIT_GROUPS +# If set to TRUE, the nss_compat module's initgroups() function will +# not use the NIS initgroups interface for retrieving group information. +# This allows one NIS group to be split into multiple database entries +# with same gid, a practice used to overcome entry length limitations. +# The downside is a certain performance degradation. +#SPLIT_GROUPS=TRUE Index: nis/nss-default.c =================================================================== --- nis/nss-default.c.orig +++ nis/nss-default.c @@ -47,7 +47,8 @@ static const struct #define STRNLEN(s) s, sizeof (s) - 1 { STRNLEN ("NETID_AUTHORITATIVE"), NSS_FLAG_NETID_AUTHORITATIVE }, { STRNLEN ("SERVICES_AUTHORITATIVE"), NSS_FLAG_SERVICES_AUTHORITATIVE }, - { STRNLEN ("SETENT_BATCH_READ"), NSS_FLAG_SETENT_BATCH_READ } + { STRNLEN ("SETENT_BATCH_READ"), NSS_FLAG_SETENT_BATCH_READ }, + { STRNLEN ("SPLIT_GROUPS"), NSS_FLAG_SPLIT_GROUPS }, }; #define nvars (sizeof (vars) / sizeof (vars[0])) Index: nis/nss_compat/compat-initgroups.c =================================================================== --- nis/nss_compat/compat-initgroups.c.orig +++ nis/nss_compat/compat-initgroups.c @@ -32,6 +32,9 @@ #include #include +/* Get the declaration of the NSS flags. */ +#include + static service_user *ni; /* Type of the lookup function. */ static enum nss_status (*nss_initgroups_dyn) (const char *, gid_t, @@ -103,7 +106,10 @@ init_nss_interface (void) if (ni == NULL && __nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0) { - nss_initgroups_dyn = __nss_lookup_function (ni, "initgroups_dyn"); + if (_nsl_default_nss () & NSS_FLAG_SPLIT_GROUPS) + nss_initgroups_dyn = NULL; + else + nss_initgroups_dyn = __nss_lookup_function (ni, "initgroups_dyn"); nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r"); nss_getgrgid_r = __nss_lookup_function (ni, "getgrgid_r"); nss_getgrent_r = __nss_lookup_function (ni, "getgrent_r");