Add initgroups lookups to nss_db

This commit is contained in:
Ulrich Drepper 2011-06-15 21:00:21 -04:00
parent 82e9a1f7df
commit 9f2da732e7
7 changed files with 220 additions and 15 deletions

View File

@ -1,5 +1,14 @@
2011-06-15 Ulrich Drepper <drepper@gmail.com>
* nss/Makefile (libnss_db-dbs): Add db-initgroups.
* nss/Versions [libnss_db]: Add _nss_db_initgroups_dyn for
GLIBC_PRIVATE.
* nss/db-Makefile (groups.db): Emit entries for initgroups lookups.
* nss/makedb.c: Implement -g option to specify that value strings
are generated and should not be added to table iterated over for
get*ent calls.
* nss/nss_db/db-initgroups.c: New file.
* nss/getent.c: Add support for initgroups lookups through getgrouplist
interface.

6
NEWS
View File

@ -1,4 +1,4 @@
GNU C Library NEWS -- history of user-visible changes. 2011-6-9
GNU C Library NEWS -- history of user-visible changes. 2011-6-15
Copyright (C) 1992-2009, 2010, 2011 Free Software Foundation, Inc.
See the end for copying conditions.
@ -9,6 +9,10 @@ Version 2.15
* New program pldd to list loaded object of a process
Implemented by Ulrich Drepper.
* Add nss_db support back to glibc. No more dependency on Berkeley db
and support for initgroups lookups.
Implemented by Ulrich Drepper.
Version 2.14

View File

@ -71,7 +71,8 @@ distribute += files-XXX.c files-parse.c
libnss_db-dbs := $(addprefix db-,\
$(filter-out hosts network key alias,\
$(databases)))
$(databases))) \
db-initgroups
libnss_db-routines := $(libnss_db-dbs) db-open hash-string
generated += $(filter-out db-alias.c db-netgrp.c, \
$(addsuffix .c,$(libnss_db-dbs)))

View File

@ -151,5 +151,7 @@ libnss_db {
_nss_db_endspent;
_nss_db_getspent_r;
_nss_db_getspnam_r;
_nss_db_initgroups_dyn;
}
}

View File

@ -47,7 +47,19 @@ $(VAR_DB)/group.db: /etc/group
/^[ \t]*$$/ { next } \
/^[ \t]*#/ { next } \
/^[^#]/ { printf ".%s ", $$1; print; \
printf "=%s ", $$3; print }' $^ | \
printf "=%s ", $$3; print; \
if ($$4 != "") { \
split($$4, grmems, ","); \
for (memidx in grmems) { \
mem=grmems[memidx]; \
if (members[mem] == "") \
members[mem]=$$3; \
else \
members[mem]=members[mem] "," $$3; \
} \
delete grmems; } } \
END { for (mem in members) \
printf ":%s $s %s\n", mem, mem, members[mem]; }' $^ | \
$(MAKEDB) -o $@ -
@echo "done."

View File

@ -53,6 +53,7 @@
struct database
{
char dbid;
bool extra_string;
struct database *next;
void *entries;
size_t nentries;
@ -67,6 +68,7 @@ static size_t nhashentries_total;
static size_t valstrlen;
static void *valstrtree;
static char *valstrtab;
static size_t extrastrlen;
/* Database entry. */
struct dbentry
@ -80,6 +82,7 @@ struct dbentry
struct valstrentry
{
stridx_t idx;
bool extra_string;
char str[0];
};
@ -112,7 +115,8 @@ static const struct argp_option options[] =
N_("Do not print messages while building database") },
{ "undo", 'u', NULL, 0,
N_("Print content of database file, one entry a line") },
{ NULL, 0, NULL, 0, N_("Select index type") },
{ "generated", 'g', N_("CHAR"), 0,
N_("Generated line not part of iteration") },
{ NULL, 0, NULL, 0, NULL }
};
@ -136,6 +140,14 @@ static struct argp argp =
};
/* List of databases which are not part of the iteration table. */
static struct db_option
{
char dbid;
struct db_option *next;
} *db_options;
/* Prototypes for local functions. */
static int process_input (FILE *input, const char *inname,
int to_lowercase, int be_quiet);
@ -311,6 +323,8 @@ main (int argc, char *argv[])
static error_t
parse_opt (int key, char *arg, struct argp_state *state)
{
struct db_option *newp;
switch (key)
{
case 'f':
@ -325,6 +339,12 @@ parse_opt (int key, char *arg, struct argp_state *state)
case 'u':
do_undo = 1;
break;
case 'g':
newp = xmalloc (sizeof (*newp));
newp->dbid = arg[0];
newp->next = db_options;
db_options = newp;
break;
default:
return ARGP_ERR_UNKNOWN;
}
@ -463,11 +483,22 @@ process_input (input, inname, to_lowercase, be_quiet)
{
last_database = xmalloc (sizeof (*last_database));
last_database->dbid = key[0];
last_database->extra_string = false;
last_database->next = databases;
last_database->entries = NULL;
last_database->nentries = 0;
last_database->keystrlen = 0;
databases = last_database;
struct db_option *runp = db_options;
while (runp != NULL)
if (runp->dbid == key[0])
{
last_database->extra_string = true;
break;
}
else
runp = runp->next;
}
}
@ -478,7 +509,11 @@ process_input (input, inname, to_lowercase, be_quiet)
/* Store the data. */
struct valstrentry *nentry = xmalloc (sizeof (struct valstrentry)
+ datalen);
if (last_database->extra_string)
nentry->idx = extrastrlen;
else
nentry->idx = valstrlen;
nentry->extra_string = last_database->extra_string;
memcpy (nentry->str, data, datalen);
struct valstrentry **fdata = tsearch (nentry, &valstrtree,
@ -492,6 +527,9 @@ process_input (input, inname, to_lowercase, be_quiet)
free (nentry);
nentry = *fdata;
}
else
if (last_database->extra_string)
extrastrlen += datalen;
else
valstrlen += datalen;
@ -538,7 +576,7 @@ copy_valstr (const void *nodep, const VISIT which, const int depth)
const struct valstrentry *p = *(const struct valstrentry **) nodep;
strcpy (valstrtab + p->idx, p->str);
strcpy (valstrtab + (p->extra_string ? valstrlen : 0) + p->idx, p->str);
}
@ -576,8 +614,8 @@ next_prime (size_t seed)
static void
compute_tables (void)
{
valstrtab = xmalloc (roundup (valstrlen, sizeof (stridx_t)));
while (valstrlen % sizeof (stridx_t) != 0)
valstrtab = xmalloc (roundup (valstrlen + extrastrlen, sizeof (stridx_t)));
while ((valstrlen + extrastrlen) % sizeof (stridx_t) != 0)
valstrtab[valstrlen++] = '\0';
twalk (valstrtree, copy_valstr);
@ -590,9 +628,9 @@ compute_tables (void)
elements to store in the hash table for the size. This gives
enough efficiency. */
#define TEST_RANGE 30
size_t nhashentries_min = next_prime (MAX (db->nentries,
db->nentries
* 2 - TEST_RANGE));
size_t nhashentries_min = next_prime (db->nentries < TEST_RANGE
? db->nentries
: db->nentries * 2 - TEST_RANGE);
size_t nhashentries_max = MAX (nhashentries_min, db->nentries * 4);
size_t nhashentries_best = nhashentries_min;
size_t chainlength_best = db->nentries;
@ -634,7 +672,8 @@ compute_tables (void)
hidx -= nhashentries;
}
db->hashtable[hidx] = dbe->validx;
db->hashtable[hidx] = ((db->extra_string ? valstrlen : 0)
+ dbe->validx);
db->keyidxtab[hidx] = stridx;
max_chainlength = MAX (max_chainlength, chainlength);
@ -702,8 +741,8 @@ write_output (int fd)
iov[0].iov_len = file_offset;
iov[1].iov_base = valstrtab;
iov[1].iov_len = valstrlen;
file_offset += valstrlen;
iov[1].iov_len = valstrlen + extrastrlen;
file_offset += iov[1].iov_len;
size_t keydataoffset = file_offset + nhashentries_total * sizeof (stridx_t);
for (struct database *db = databases; db != NULL; db = db->next)

138
nss/nss_db/db-initgroups.c Normal file
View File

@ -0,0 +1,138 @@
/* Initgroups handling in nss_db module.
Copyright (C) 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@gmail.com>.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public
License along with the GNU C Library; see the file COPYING.LIB. If not,
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
#include <ctype.h>
#include <errno.h>
#include <grp.h>
#include <paths.h>
#include "nss_db.h"
/* The hashing function we use. */
#include "../intl/hash-string.h"
enum nss_status
_nss_db_initgroups_dyn (const char *user, gid_t group, long int *start,
long int *size, gid_t **groupsp, long int limit,
int *errnop)
{
struct nss_db_map state = { NULL, 0 };
enum nss_status status = internal_setent (_PATH_VARDB "group.db", &state);
if (status != NSS_STATUS_SUCCESS)
{
*errnop = errno;
return status;
}
const struct nss_db_header *header = state.header;
int i;
for (i = 0; i < header->ndbs; ++i)
if (header->dbs[i].id == ':')
break;
if (i == header->ndbs)
{
status = NSS_STATUS_UNAVAIL;
goto out;
}
const stridx_t *hashtable
= (const stridx_t *) ((const char *) header
+ header->dbs[i].hashoffset);
const char *valstrtab = (const char *) header + header->valstroffset;
size_t userlen = strlen (user);
uint32_t hashval = __hash_string (user);
size_t hidx = hashval % header->dbs[i].hashsize;
size_t hval2 = 1 + hashval % (header->dbs[i].hashsize - 2);
gid_t *groups = *groupsp;
status = NSS_STATUS_NOTFOUND;
while (hashtable[hidx] != ~((stridx_t) 0))
{
const char *valstr = valstrtab + hashtable[hidx];
while (isblank (*valstr))
++valstr;
if (strncmp (valstr, user, userlen) == 0 && isblank (valstr[userlen]))
{
valstr += userlen + 1;
while (isblank (*valstr))
++valstr;
while (*valstr != '\0')
{
errno = 0;
char *endp;
unsigned long int n = strtoul (valstr, &endp, 10);
if (*endp != ',' && *endp != '\0')
break;
valstr = *endp == '\0' ? endp : endp + 1;
if (n != ULONG_MAX || errno != ERANGE)
{
/* Insert the group. */
if (*start == *size)
{
/* Need a bigger buffer. */
if (limit > 0 && *size == limit)
{
/* We reached the maximum. */
status = NSS_STATUS_SUCCESS;
goto out;
}
long int newsize;
if (limit <= 0)
newsize = 2 * *size;
else
newsize = MIN (limit, 2 * *size);
gid_t *newgroups = realloc (groups,
newsize * sizeof (*groups));
if (newgroups == NULL)
{
*errnop = ENOMEM;
status = NSS_STATUS_TRYAGAIN;
goto out;
}
*groupsp = groups = newgroups;
*size = newsize;
}
groups[*start] = n;
*start += 1;
}
}
status = NSS_STATUS_SUCCESS;
break;
}
if ((hidx += hval2) >= header->dbs[i].hashsize)
hidx -= header->dbs[i].hashsize;
}
out:
internal_endent (&state);
return status;
}