While working on my python test-sudoers script I realised I would need to query NSS netgroups. I went looking for a python module that would do that, and I found the nis module but this wasn’t really what I was after. The NIS module allows you to query NIS netgroups if you have a NIS domain set up – we have an LDAP server that serves out netgroups. This sounded like a good opportunity to attempt to write my first C python extension!
The python C extension framework is actually fantastically easy to use even for someone who is not a natural C programmer like myself. This gotcha’s are around reference counters since you have to keep the garbage collector aware of what you are doing. But that is not too bad. What did throw me off was a simple valgrind run of a very simple test case produced 4KB’s or so of memory leak. I spent a while trying to fiddle and fix the reference count stuff to see if I was doing something wrong and leaving something with two many references. By causing it to crash I was able to determine that yes I had the minimal number of reference counters so I had a different problem. I ran “valgrind getent netgroup LinuxAdmins” and there it was – the NSS libraries themselves were leaking memory. Interesting.
Here is my python NSS netgroups module. To compile it download and run “python setup.py build” then “python setup.py install”. You should already have NSS setup to query netgroup information (“getent netgroup somegroup” should work). For further help simply run pythons help() routinue on the module.
UPDATE: Fixed some INCREF bugs thanks to bioinformed