OS-7708 nss_ldap needs to cache netgroups Reviewed by: Robert Mustacchi <[email protected]> Reviewed by: Jason King <[email protected]>

usr/src/cmd/initpkg/nscd.conf

@@ -21,14 +21,13 @@
 #
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-#
-#ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2019 Joyent, Inc.
 #
 
 #
 #	Currently supported cache names:
 #		audit_user, auth_attr, bootparams, ethers
-#		exec_attr, group, hosts, ipnodes, netmasks
+#		exec_attr, group, hosts, ipnodes, netgroup, netmasks
 #		networks, passwd, printers, prof_attr, project
 #		protocols, rpc, services, tnrhdb, tnrhtp, user_attr
 #
@@ -77,6 +76,10 @@
 	keep-hot-count		ipnodes		20
 	check-files		ipnodes		yes
 
+	positive-time-to-live	netgroup	3600
+	negative-time-to-live	netgroup	5
+	enable-cache		netgroup	yes
+
 	positive-time-to-live	netmasks	3600
 	negative-time-to-live	netmasks	5
 	keep-hot-count		netmasks	20

usr/src/lib/nsswitch/Makefile.com

@@ -22,7 +22,7 @@
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# Copyright (c) 2018, Joyent, Inc.
+# Copyright 2019 Joyent, Inc.
 
 include		$(SRC)/lib/Makefile.lib
 
@@ -36,12 +36,6 @@ LINTOUT =	lint.out
 
 CPPFLAGS +=	-D_REENTRANT
 
-CERRWARN +=	-_gcc=-Wno-switch
-CERRWARN +=	-_gcc=-Wno-uninitialized
-CERRWARN +=	-_gcc=-Wno-parentheses
-CERRWARN +=	-_gcc=-Wno-unused-variable
-CERRWARN +=	-_gcc=-Wno-address
-
 # not linted
 SMATCH=off
 

usr/src/lib/nsswitch/Makefile.targ

@@ -21,15 +21,14 @@
 #
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-#
-# ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2019 Joyent, Inc.
 #
 
 all:		$(LIBS)
 
 # include global library targets.
 include		$(SRC)/lib/Makefile.targ
-
+include		$(SRC)/lib/Makefile.usdt
 
 $(ROOT32DYNLIB) := FILEMODE= 755
 $(ROOT64DYNLIB) := FILEMODE= 755
@@ -39,7 +38,7 @@ $(DYNLIB1) :=	CTFMERGE_POST = $(CTFMERGE_LIB)
 # DYNLIB1 is used rather than DYNLIB to prevent the automagic expansion and
 # creation of a libXXXX.so$(VERS) target.
 
-$(DYNLIB1):	pics .WAIT $$(PICS)
+$(DYNLIB1):	pics .WAIT $$(PICS) .WAIT $(USDT_PICS)
 		$(BUILD.SO)
 		$(POST_PROCESS_SO)
 

usr/src/lib/nsswitch/compat/Makefile.com

@@ -22,8 +22,7 @@
 #
 # Copyright 1993,2001-2003 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-#
-# ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2019 Joyent, Inc.
 #
 # lib/nsswitch/compat/Makefile.com
 
@@ -37,6 +36,8 @@ OBJECTS =	getpwent.o	\
 		getuserattr.o	\
 		getauuser.o
 
+pics/compat_common.o	:= CERRWARN += -_gcc=-Wno-uninitialized
+
 # include common nsswitch library definitions.
 include		../../Makefile.com
 

usr/src/lib/nsswitch/dns/Makefile.com

@@ -21,6 +21,7 @@
 #
 # Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
+# Copyright 2019 Joyent, Inc.
 #
 # lib/nsswitch/dns/Makefile.com
 
@@ -44,5 +45,8 @@ CPPFLAGS +=	-DNSS_DNS_LIBRESOLV=\"libresolv.so.2\"
 
 LINTFLAGS +=	-erroff=E_GLOBAL_COULD_BE_STATIC2
 
+pics/dns_common.o	:= CERRWARN += -_gcc=-Wno-uninitialized
+pics/gethostent6.o	:= CERRWARN += -_gcc=-Wno-uninitialized
+
 LDLIBS +=	-lnsl -lresolv_joy -lsocket
 DYNLIB1 =	nss_dns.so$(VERS)

usr/src/lib/nsswitch/files/Makefile.com

@@ -21,6 +21,7 @@
 #
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
+# Copyright 2019 Joyent, Inc.
 #
 
 LIBRARY =	libnss_files.a
@@ -59,6 +60,9 @@ CPPFLAGS +=	-I../../../common/inc
 LINTFLAGS +=	-erroff=E_GLOBAL_COULD_BE_STATIC2
 LINTFLAGS64 +=	-erroff=E_GLOBAL_COULD_BE_STATIC2
 
+pics/gethostent.o := CERRWARN += -_gcc=-Wno-switch
+pics/gethostent.o := CERRWARN += -_gcc=-Wno-uninitialized
+
 LDLIBS +=	-lnsl
 DYNLIB1 =	nss_files.so$(VERS)
 

usr/src/lib/nsswitch/ldap/Makefile

@@ -19,11 +19,9 @@
 #
 # CDDL HEADER END
 #
-#
-#ident	"%Z%%M%	%I%	%E% SMI"
-#
 # Copyright (c) 1999 by Sun Microsystems, Inc.
 # All rights reserved.
+# Copyright 2019 Joyent, Inc.
 #
 # lib/nsswitch/ldap/Makefile
 #

usr/src/lib/nsswitch/ldap/Makefile.com

@@ -21,6 +21,7 @@
 #
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
+# Copyright 2019 Joyent, Inc.
 #
 
 LIBRARY =	libnss_ldap.a
@@ -50,13 +51,16 @@ OBJECTS =	getauthattr.o	\
 		tsol_getrhent.o	\
 		tsol_gettpent.o	\
 		ldap_common.o	\
-		ldap_utils.o
+		ldap_utils.o	\
+		list.o
+
+USDT_PROVIDERS	= provider.d
 
 # include common nsswitch library definitions.
 include		../../Makefile.com
 
 CPPFLAGS +=	-I../../../libsldap/common
-LDLIBS +=	-lsldap -lnsl -lldap
+LDLIBS +=	-lsldap -lnsl -lldap -lavl -lscf
 LINTFLAGS +=	-erroff=E_GLOBAL_COULD_BE_STATIC2
 LINTFLAGS64 +=	-erroff=E_GLOBAL_COULD_BE_STATIC2
 DYNLIB1 =	nss_ldap.so$(VERS)

usr/src/lib/nsswitch/ldap/Makefile.targ

@@ -0,0 +1,20 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2019 Joyent, Inc.
+#
+
+include $(SRC)/lib/nsswitch/Makefile.targ
+
+pics/%.o: $(SRC)/common/list/%.c
+	$(COMPILE.c) -o $@ $<
+	$(POST_PROCESS_O)

usr/src/lib/nsswitch/ldap/amd64/Makefile

@@ -22,15 +22,14 @@
 #
 # Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-#
-# ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2019 Joyent, Inc.
 #
 
 include		../Makefile.com
 include		$(SRC)/lib/Makefile.lib.64
 
 LIBS =		$(DYNLIB1)
 
-include		../../Makefile.targ
+include		../Makefile.targ
 
 install:	all $(ROOT64DYNLIB)

usr/src/lib/nsswitch/ldap/common/getexecattr.c

@@ -21,6 +21,7 @@
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2019 Joyent, Inc.
  */
 
 #include <secdb.h>
@@ -421,7 +422,7 @@ get_wild(ldap_backend_ptr be, nss_XbyY_args_t *argp, int getby_flag)
 	const char	*type = _priv_exec->type;
 
 	if (strpbrk(policy, "*()\\") != NULL ||
-	    type != NULL && strpbrk(type, "*()\\") != NULL)
+	    (type != NULL && strpbrk(type, "*()\\") != NULL))
 		return ((nss_status_t)NSS_NOTFOUND);
 
 	if (_priv_exec->id != NULL)
@@ -545,7 +546,7 @@ getbynam(ldap_backend_ptr be, void *a)
 	const char	*type = _priv_exec->type;
 
 	if (strpbrk(policy, "*()\\") != NULL ||
-	    type != NULL && strpbrk(type, "*()\\") != NULL ||
+	    (type != NULL && strpbrk(type, "*()\\") != NULL) ||
 	    _ldap_filter_name(name, _priv_exec->name, sizeof (name)) != 0)
 		return ((nss_status_t)NSS_NOTFOUND);
 	ret = snprintf(searchfilter, sizeof (searchfilter),

usr/src/lib/nsswitch/ldap/common/getgrent.c

@@ -23,6 +23,7 @@
  * Use is subject to license terms.
  *
  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2019 Joyent, Inc.
  */
 
 #include <grp.h>
@@ -161,7 +162,7 @@ _nss_ldap_group2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
 		 * If we find an '=' in the member attribute value, treat it as
 		 * a DN, otherwise as a username.
 		 */
-		if (member_str = strchr(members->attrvalue[i], '=')) {
+		if ((member_str = strchr(members->attrvalue[i], '=')) != NULL) {
 			member_str++; /* skip over the '=' */
 			/* Fail if we can't pull a username out of the RDN */
 			if (! (member_str = strtok_r(member_str,
@@ -367,7 +368,8 @@ getbymember(ldap_backend_ptr be, void *a)
 			 * value, treat it as a DN, otherwise as a
 			 * username.
 			 */
-			if (member_str = strchr(membervalue[j], '=')) {
+			if ((member_str = strchr(membervalue[j], '=')) !=
+			    NULL) {
 				member_str++; /* skip over the '=' */
 				member_str = strtok_r(member_str, ",",
 				    &strtok_state);