[PATCH] nss_winbind: add getgroupmembership for FreeBSD

Björn Jacke bj at sernet.de
Sun Oct 19 07:48:45 MDT 2014 

The getgroupmembership call on FreeBSD is needed for "winbind expand groups=0"
(the new default in 4.2) to work.

Thanks to Timur I. Bakeyev for the enhancement patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10835

Signed-off-by: Bjoern Jacke <bj at sernet.de>
---
 nsswitch/winbind_nss_freebsd.c | 74 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 73 insertions(+), 1 deletion(-)

diff --git a/nsswitch/winbind_nss_freebsd.c b/nsswitch/winbind_nss_freebsd.c
index 5fcd557..476349f 100644
--- a/nsswitch/winbind_nss_freebsd.c
+++ b/nsswitch/winbind_nss_freebsd.c
@@ -5,6 +5,7 @@
    routines against Samba winbind/Windows NT Domain
 
    Copyright (C) Aaron Collins 2003
+   Copyright (C) Timur I. Bakeyev 2013
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -23,7 +24,6 @@
 #include "winbind_client.h"
 
 /* Make sure that the module gets registered needed by freebsd 5.1 */
-
 extern enum nss_status _nss_winbind_getgrent_r(struct group *, char *, size_t,
     int *);
 extern enum nss_status _nss_winbind_getgrnam_r(const char *, struct group *,
@@ -32,6 +32,8 @@ extern enum nss_status _nss_winbind_getgrgid_r(gid_t gid, struct group *, char *
     size_t, int *);
 extern enum nss_status _nss_winbind_setgrent(void);
 extern enum nss_status _nss_winbind_endgrent(void);
+extern enum nss_status _nss_winbind_initgroups_dyn(char *, gid_t, long int *,
+    long int *, gid_t **, long int , int *);
 
 extern enum nss_status _nss_winbind_getpwent_r(struct passwd *, char *, size_t,
     int *);
@@ -41,6 +43,7 @@ extern enum nss_status _nss_winbind_getpwuid_r(gid_t gid, struct passwd *, char
     size_t, int *);
 extern enum nss_status _nss_winbind_setpwent(void);
 extern enum nss_status _nss_winbind_endpwent(void);
+ns_mtab *nss_module_register(const char *, unsigned int *, nss_module_unregister_fn *);
 
 NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
 NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
@@ -53,6 +56,9 @@ NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
 NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
 NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
 NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
+NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
+
+NSS_METHOD_PROTOTYPE(__freebsd_getgroupmembership);
 
 static ns_mtab methods[] = {
 { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_winbind_getgrnam_r },
@@ -60,6 +66,7 @@ static ns_mtab methods[] = {
 { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_winbind_getgrent_r },
 { NSDB_GROUP, "setgrent",   __nss_compat_setgrent,   _nss_winbind_setgrent },
 { NSDB_GROUP, "endgrent",   __nss_compat_endgrent,   _nss_winbind_endgrent },
+{ NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL },
 
 { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_winbind_getpwnam_r },
 { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_winbind_getpwuid_r },
@@ -69,6 +76,71 @@ static ns_mtab methods[] = {
 
 };
 
+/* Taken from libc */
+static int
+gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt)
+{
+	int	ret, dupc;
+
+	/* skip duplicates */
+	for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) {
+		if (groups[dupc] == gid)
+			return 1;
+	}
+
+	ret = 1;
+	if (*grpcnt < maxgrp)			/* add this gid */
+		groups[*grpcnt] = gid;
+	else
+		ret = 0;
+
+	(*grpcnt)++;
+
+	return ret;
+}
+
+/*
+    rv = _nsdispatch(NULL, dtab, NSDB_GROUP, "getgroupmembership",
+	            defaultsrc, uname, agroup, groups, maxgrp, grpcnt);
+*/
+
+int
+__freebsd_getgroupmembership(void *retval, void *mdata, va_list ap)
+{
+	const char 	*uname  = va_arg(ap, const char *);
+	gid_t		 group  = va_arg(ap, gid_t);
+	gid_t		*groups = va_arg(ap, gid_t *);
+	int		 maxgrp = va_arg(ap, int);
+	int		*groupc = va_arg(ap, int *);
+
+	NSS_STATUS ret;
+	long int lcount, lsize;
+	int i, errnop;
+	gid_t *tmpgroups;
+
+	/* Can be realloc() inside _nss_winbind_initgroups_dyn() */
+	if ((tmpgroups=calloc(maxgrp, sizeof(gid_t))) == NULL) {
+		errno = ENOMEM;
+		return NS_TRYAGAIN;
+	}
+
+	lcount = 0;
+	lsize = maxgrp;
+	/* insert primary membership(possibly already there) */
+	gr_addgid(group, groups, maxgrp, groupc);
+	/* Don't limit number of groups, we want to know total size */
+	ret = _nss_winbind_initgroups_dyn(uname, group, &lcount, &lsize,
+		&tmpgroups, 0, &errnop);
+	if (ret == NSS_STATUS_SUCCESS) {
+		/* lcount potentially can be bigger than maxgrp, so would groupc */
+		for (i = 0; i < lcount; i++)
+			 gr_addgid(tmpgroups[i], groups, maxgrp, groupc);
+	}
+	free(tmpgroups);
+	/* Let following nsswitch backend(s) add more groups(?) */
+	return NSS_STATUS_NOTFOUND;
+}
+
 ns_mtab *
 nss_module_register(const char *source, unsigned int *mtabsize,
     nss_module_unregister_fn *unreg)
-- 
2.1.0

More information about the samba-technical mailing list