[patch] provide non-standard getgrouplist() in libnfsidmap when need be

[patch] provide non-standard getgrouplist() in libnfsidmap when need be

[Mike Frysinger]

[-- Attachment #1.1: Type: text/plain, Size: 207 bytes --]

libnfsidmap uses the non-standard function getgrouplist() ... the attached 
patch takes code from FreeBSD to implement the function based on POSIX 
functions when the system libc is not sufficient
-mike

[-- Attachment #1.2: Type: application/pgp-signature, Size: 827 bytes --]

[-- Attachment #2: libnfsidmap-0.19-getgrouplist.patch --]
[-- Type: text/x-diff, Size: 3408 bytes --]

http://bugs.gentoo.org/169909

--- libnfsidmap-0.19/configure.in
+++ libnfsidmap-0.19/configure.in
@@ -38,7 +38,7 @@
 
 # Checks for library functions.
 AC_FUNC_MALLOC
-AC_CHECK_FUNCS([strchr strdup])
+AC_CHECK_FUNCS([strchr strdup getgrouplist])
 
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT(libnfsidmap.pc)
--- libnfsidmap-0.19/nss.c
+++ libnfsidmap-0.19/nss.c
@@ -49,6 +49,8 @@
 #include "cfg.h"
 #include <syslog.h>
 
+#include "getgrouplist.c"
+
 /*
  * NSS Translation Methods
  *
--- libnfsidmap-0.19/getgrouplist.c
+++ libnfsidmap-0.19/getgrouplist.c
@@ -0,0 +1,85 @@
+/*
+ *  getgrouplist.c
+ *
+ *  if system does not provide the non-standard getgrouplist, we will emulate
+ *  it via POSIX standard functions
+ *
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <grp.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifndef HAVE_GETGROUPLIST
+static
+int
+getgrouplist(const char *uname, gid_t agroup, gid_t *groups, int *grpcnt)
+{
+	const struct group *grp;
+	int i, maxgroups, ngroups, ret;
+
+	ret = 0;
+	ngroups = 0;
+	maxgroups = *grpcnt;
+	/*
+	 * When installing primary group, duplicate it;
+	 * the first element of groups is the effective gid
+	 * and will be overwritten when a setgid file is executed.
+	 */
+	groups[ngroups++] = agroup;
+	if (maxgroups > 1)
+		groups[ngroups++] = agroup;
+	/*
+	 * Scan the group file to find additional groups.
+	 */
+	setgrent();
+	while ((grp = getgrent()) != NULL) {
+		for (i = 0; i < ngroups; i++) {
+			if (grp->gr_gid == groups[i])
+				goto skip;
+		}
+		for (i = 0; grp->gr_mem[i]; i++) {
+			if (!strcmp(grp->gr_mem[i], uname)) {
+				if (ngroups >= maxgroups) {
+					ret = -1;
+					break;
+				}
+				groups[ngroups++] = grp->gr_gid;
+				break;
+			}
+		}
+skip:
+		;
+	}
+	endgrent();
+	*grpcnt = ngroups;
+	return (ret);
+}
+#endif

[-- Attachment #3: Type: text/plain, Size: 345 bytes --]

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

[-- Attachment #4: Type: text/plain, Size: 140 bytes --]

_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [patch] provide non-standard getgrouplist() in libnfsidmap when need be

[Trond Myklebust]

On Sun, 2007-03-25 at 03:29 -0400, Mike Frysinger wrote:
> libnfsidmap uses the non-standard function getgrouplist() ... the attached 
> patch takes code from FreeBSD to implement the function based on POSIX 
> functions when the system libc is not sufficient
> -mike

Why not just modify libnfsidmap to directly use the posix functions?

Cheers
  Trond


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [patch] provide non-standard getgrouplist() in libnfsidmap when need be

[Peter Åstrand]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 1209 bytes --]

On Mon, 26 Mar 2007, Trond Myklebust wrote:

> On Sun, 2007-03-25 at 03:29 -0400, Mike Frysinger wrote:
> > libnfsidmap uses the non-standard function getgrouplist() ... the attached 
> > patch takes code from FreeBSD to implement the function based on POSIX 
> > functions when the system libc is not sufficient
> > -mike
> 
> Why not just modify libnfsidmap to directly use the posix functions?

The traditional way of fetching the list of user groups is to enumerate 
the entire group database, and then add the groups that the user is a 
member of. This is *very* slow on systems with a large number of users and 
groups. Many NSS backends, such as nss_ldap, provides a faster API, which 
uses smart LDAP queries instead. initgroups() uses this, and perhaps also
getgroups(). (If not, it needs a fix.)

(As a side note, there's a lot of software out there which enumerates 
groups the slow way. This includes the OpenSSH server, so if you activate 
the AllowGroups configuration directive, SSH logins takes forever on 
large systems.)

Regards, 
---
Peter Åstrand		ThinLinc Chief Developer
Cendio AB		http://www.cendio.se
Teknikringen 3
583 30 Linköping	Phone: +46-13-21 46 00

[-- Attachment #2: Type: text/plain, Size: 345 bytes --]

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

[-- Attachment #3: Type: text/plain, Size: 140 bytes --]

_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [patch] provide non-standard getgrouplist() in libnfsidmap when need be

[Trond Myklebust]

T24gTW9uLCAyMDA3LTAzLTI2IGF0IDE2OjMyICswMjAwLCBQZXRlciDDhXN0cmFuZCB3cm90ZToK
PiBPbiBNb24sIDI2IE1hciAyMDA3LCBUcm9uZCBNeWtsZWJ1c3Qgd3JvdGU6Cj4gCj4gPiBPbiBT
dW4sIDIwMDctMDMtMjUgYXQgMDM6MjkgLTA0MDAsIE1pa2UgRnJ5c2luZ2VyIHdyb3RlOgo+ID4g
PiBsaWJuZnNpZG1hcCB1c2VzIHRoZSBub24tc3RhbmRhcmQgZnVuY3Rpb24gZ2V0Z3JvdXBsaXN0
KCkgLi4uIHRoZSBhdHRhY2hlZCAKPiA+ID4gcGF0Y2ggdGFrZXMgY29kZSBmcm9tIEZyZWVCU0Qg
dG8gaW1wbGVtZW50IHRoZSBmdW5jdGlvbiBiYXNlZCBvbiBQT1NJWCAKPiA+ID4gZnVuY3Rpb25z
IHdoZW4gdGhlIHN5c3RlbSBsaWJjIGlzIG5vdCBzdWZmaWNpZW50Cj4gPiA+IC1taWtlCj4gPiAK
PiA+IFdoeSBub3QganVzdCBtb2RpZnkgbGlibmZzaWRtYXAgdG8gZGlyZWN0bHkgdXNlIHRoZSBw
b3NpeCBmdW5jdGlvbnM/Cj4gCj4gVGhlIHRyYWRpdGlvbmFsIHdheSBvZiBmZXRjaGluZyB0aGUg
bGlzdCBvZiB1c2VyIGdyb3VwcyBpcyB0byBlbnVtZXJhdGUgCj4gdGhlIGVudGlyZSBncm91cCBk
YXRhYmFzZSwgYW5kIHRoZW4gYWRkIHRoZSBncm91cHMgdGhhdCB0aGUgdXNlciBpcyBhIAo+IG1l
bWJlciBvZi4gVGhpcyBpcyAqdmVyeSogc2xvdyBvbiBzeXN0ZW1zIHdpdGggYSBsYXJnZSBudW1i
ZXIgb2YgdXNlcnMgYW5kIAo+IGdyb3Vwcy4gTWFueSBOU1MgYmFja2VuZHMsIHN1Y2ggYXMgbnNz
X2xkYXAsIHByb3ZpZGVzIGEgZmFzdGVyIEFQSSwgd2hpY2ggCj4gdXNlcyBzbWFydCBMREFQIHF1
ZXJpZXMgaW5zdGVhZC4gaW5pdGdyb3VwcygpIHVzZXMgdGhpcywgYW5kIHBlcmhhcHMgYWxzbwo+
IGdldGdyb3VwcygpLiAoSWYgbm90LCBpdCBuZWVkcyBhIGZpeC4pCj4gCj4gKEFzIGEgc2lkZSBu
b3RlLCB0aGVyZSdzIGEgbG90IG9mIHNvZnR3YXJlIG91dCB0aGVyZSB3aGljaCBlbnVtZXJhdGVz
IAo+IGdyb3VwcyB0aGUgc2xvdyB3YXkuIFRoaXMgaW5jbHVkZXMgdGhlIE9wZW5TU0ggc2VydmVy
LCBzbyBpZiB5b3UgYWN0aXZhdGUgCj4gdGhlIEFsbG93R3JvdXBzIGNvbmZpZ3VyYXRpb24gZGly
ZWN0aXZlLCBTU0ggbG9naW5zIHRha2VzIGZvcmV2ZXIgb24gCj4gbGFyZ2Ugc3lzdGVtcy4pCgpX
ZSdyZSBub3QgYWZ0ZXIgdGhlIGZ1bGwgbGlzdCBvZiB1c2VyIGdyb3VwcyBvciB0aGUgZ3JvdXAg
ZW50cmllcy4KbGlibmZzaWRtYXAgZXhpc3RzIHB1cmVseSBpbiBvcmRlciB0byBtYXAgYSBzaW5n
bGUgZ2lkIGludG8gYSBncm91cCBuYW1lCm9yIHZpY2UgdmVyc2EgYW5kIHRoZW4gc3R1ZmYgdGhl
IHJlc3VsdCBpbnRvIGEga2VybmVsIGNhY2hlLgoKSU9XOiBpdCBzaG91bGQgYmUganVzdCBmaW5l
IHRvIGNhbGwgZ2V0Z3JnaWQoKSBvciBnZXRncm5hbSgpIGluIHRoZQphcHByb3ByaWF0ZSBwbGFj
ZXMuCgpDaGVlcnMKICBUcm9uZAoKCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KVGFrZSBTdXJ2ZXlzLiBFYXJu
IENhc2guIEluZmx1ZW5jZSB0aGUgRnV0dXJlIG9mIElUCkpvaW4gU291cmNlRm9yZ2UubmV0J3Mg
VGVjaHNheSBwYW5lbCBhbmQgeW91J2xsIGdldCB0aGUgY2hhbmNlIHRvIHNoYXJlIHlvdXIKb3Bp
bmlvbnMgb24gSVQgJiBidXNpbmVzcyB0b3BpY3MgdGhyb3VnaCBicmllZiBzdXJ2ZXlzLWFuZCBl
YXJuIGNhc2gKaHR0cDovL3d3dy50ZWNoc2F5LmNvbS9kZWZhdWx0LnBocD9wYWdlPWpvaW4ucGhw
JnA9c291cmNlZm9yZ2UmQ0lEPURFVkRFVgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fXwpORlMgbWFpbGxpc3QgIC0gIE5GU0BsaXN0cy5zb3VyY2Vmb3JnZS5u
ZXQKaHR0cHM6Ly9saXN0cy5zb3VyY2Vmb3JnZS5uZXQvbGlzdHMvbGlzdGluZm8vbmZzCg==

Re: [patch] provide non-standard getgrouplist() in libnfsidmap when need be

[J. Bruce Fields]

On Mon, Mar 26, 2007 at 11:46:43AM -0400, Trond Myklebust wrote:
> We're not after the full list of user groups or the group entries.
> libnfsidmap exists purely in order to map a single gid into a group name
> or vice versa and then stuff the result into a kernel cache.

Not currently true, because we're also using libnfsidmap to do the krb
principal -> (uid, gid's) mapping--my mistake.

We should split that code out from libnfsidmap and stick it back into
rpc.svcgssd where it came from.

--b.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [patch] provide non-standard getgrouplist() in libnfsidmap when need be

[Mike Frysinger]

[-- Attachment #1.1: Type: text/plain, Size: 683 bytes --]

On Monday 26 March 2007, Trond Myklebust wrote:
> On Sun, 2007-03-25 at 03:29 -0400, Mike Frysinger wrote:
> > libnfsidmap uses the non-standard function getgrouplist() ... the
> > attached patch takes code from FreeBSD to implement the function based on
> > POSIX functions when the system libc is not sufficient
>
> Why not just modify libnfsidmap to directly use the posix functions?

tbh, it doesnt matter to me how it gets fixed ... whether the direction is to 
not use getgrouplist() at all and just use the POSIX funcs, or to use the 
patch i posted, or ... my motivation here is purely from a distro package 
maintainer, i dont actually use libnfsidmap ;)
-mike

[-- Attachment #1.2: Type: application/pgp-signature, Size: 827 bytes --]

[-- Attachment #2: Type: text/plain, Size: 345 bytes --]

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

[-- Attachment #3: Type: text/plain, Size: 140 bytes --]

_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs