Re: innetgr support?

[Mark R Bannister <dbis [at] proseconsulting.co.uk>]

On 06/03/2015 17:00, Arthur de Jong wrote:

On Fri, 2015-03-06 at 13:48 +0000, Mark R Bannister wrote:

I've hit a problem on Solaris 11 with sudo.  I see the innetgr
constructor has not been implemented yet.  This means that innetgr()
doesn't work on Solaris, which is a major roadblock.

Attached is a completely untested patch that should implement the
function with the proper interface. It does basically what the emulation
described above does. This also seems to be what nss_ldap does on
Solaris.

Hi Arthur,

I've fixed your patch, it had some typos in it.  Please see attached a new patch which is compiling and working correctly.  The patch is in DBIS 1.4.5.

Note, however, that when I compile it, I get the following warnings:

netgroup.c:250:55: warning: assignment discards 'const' qualifier from pointer target type [enabled by default]
       GETNETGRENT_ARGS(args)->retp[NSS_NETGR_MACHINE] = result.val.triple.host;
netgroup.c:251:52: warning: assignment discards 'const' qualifier from pointer target type [enabled by default]
       GETNETGRENT_ARGS(args)->retp[NSS_NETGR_USER] = result.val.triple.user;
netgroup.c:252:54: warning: assignment discards 'const' qualifier from pointer target type [enabled by default]
       GETNETGRENT_ARGS(args)->retp[NSS_NETGR_DOMAIN] = result.val.triple.domain;

I couldn't figure out where this const qualifier was.  Can you fix it?

It would also be possible to implement a real innetgr call all the way
to nslcd that would then perform an LDAP search with more filters
applied but I'm a bit lazy today.

Actually I was thinking about this and I don't see that it would be any more efficient, as a single LDAP search operation is not going to process member netgroups.

Best regards,
Mark.

Attachment: nss-innetgr-solaris.patch
Description: Text Data

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/