nss: add a netgroup counter to struct nss_enum_index Netgroups are not looked up with the help of a single request but by calling setnetgrent(), getnetgrent() and endnetgrent() where getnetgrent() might be called multiple times depending on the number of netgroup elements. Since the caller does not provide a state the state has to be maintained by the SSSD nss responder. Besides the netgroup name this is mainly the number of elements already returned. This number is used to select the next element to return and currently it is assumed that there are not changes to the netgroup while the client is requesting the individual elements. But if e.g. the 3 nss calls are not used correctly or the netgroup is modified while the client is sending getnetgrent() calls the stored number might be out of range. To be on the safe side the stored number should be always compared with the current number of netgroup elements. Related to https://pagure.io/SSSD/sssd/issue/3679 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

NSS: Remove dead code This piece of code introduced as part of 4049b63f8c most likely by mistake and can be removed without causing any harm. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Fix warning declaration of 'index' shadows a global declaration src/responder/common/cache_req/cache_req.c: In function 'cache_req_add_result': src/responder/common/cache_req/cache_req.c:587: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c:387: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c: In function 'nss_getent_get_result': src/responder/nss/nss_cmd.c:433: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_cmd.c: In function 'nss_endent': src/responder/nss/nss_cmd.c:671: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here src/responder/nss/nss_protocol_netgr.c: In function 'nss_protocol_fill_netgrent': src/responder/nss/nss_protocol_netgr.c:113: error: declaration of 'index' shadows a global declaration /usr/include/string.h:489: error: shadowed declaration is here Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

nss: rewrite nss responder so it uses cache_req Given the size of the current nss responder it was quite impossible to simply switch into using the cache_req interface, especially because most of the code was duplication of cache lookups. This patch completely rewrites the responder from scratch. The amount of code was reduced to less than a half lines of code with no code duplication, better documentation and better maintainability and readability. All functionality should be intact. *Code organization* All protocol (parsing input message and send a reply) is placed in nss_protocol.c. Functions that deals with creating a reply packet are placed into their specific nss_protocol_$object.c files. All supported commands are placed into nss_cmd.c. Functions that deals with cache req are in nss_get_object.c and nss_enum.c. *Code flow for non-enumeration* An nss_getby_$input-type is called for each non-enumeration command. This function parses the input message, creates a cache_req_data structure and issues nss_get_object that calls cache_req. When this request is done nss_getby_done make sure a reply is sent to the client. *Comments on enumeration* I made some effort to make sure enumeration shares the same code for users, groups, services and netgroups. Netgroups now uses nss negative cache instead of implementing its own. Resolves: https://fedorahosted.org/sssd/ticket/3151 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>