The branch, master has been updated
via 0f179c8 tests: Add test for getspnam() function
via bb8fa5d nwrap: Add support for getspnam()
via 857bc98 tests: Add test for (set|get|end)spent functions
via b96ecdc nwrap: Add (set|get|end)spent functions
via f848d19 nwrap: Add nss_wrapper_shadow_enabled() function
via 3358c87 nwrap: Add shadow file parser
via bf99c1a nwrap: Remove unused struct member in nwrap_main
from 59cec08 nwrap: Implement nwrap_files_initgroups()
https://git.samba.org/?p=nss_wrapper.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0f179c86eea00fbbf6b45eb3505297d48110ba73
Author: Andreas Schneider <[email protected]>
Date: Mon Sep 14 18:26:41 2015 +0200
tests: Add test for getspnam() function
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit bb8fa5de6c5e781b3e5cda1f324f615b3e41cfce
Author: Andreas Schneider <[email protected]>
Date: Thu Sep 17 10:39:15 2015 +0200
nwrap: Add support for getspnam()
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit 857bc98b3c048a4ff5d2eab6f0cb143fe29c1299
Author: Andreas Schneider <[email protected]>
Date: Thu Sep 17 10:44:30 2015 +0200
tests: Add test for (set|get|end)spent functions
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit b96ecdc8f1aaab4269f6bc514a7760ef7f767fcb
Author: Andreas Schneider <[email protected]>
Date: Thu Sep 17 10:38:49 2015 +0200
nwrap: Add (set|get|end)spent functions
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit f848d190a5ac2c798d11f8a035a8edbdd5d7adf3
Author: Andreas Schneider <[email protected]>
Date: Thu Sep 17 10:37:50 2015 +0200
nwrap: Add nss_wrapper_shadow_enabled() function
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit 3358c87309b5058b6e84c46bdd211e6b1265b361
Author: Andreas Schneider <[email protected]>
Date: Thu Sep 17 10:33:58 2015 +0200
nwrap: Add shadow file parser
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit bf99c1a987d807b9b306af36a8822c181bfe6267
Author: Andreas Schneider <[email protected]>
Date: Thu Sep 17 10:32:46 2015 +0200
nwrap: Remove unused struct member in nwrap_main
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
src/nss_wrapper.c | 454 ++++++++++++++++++++++++++++++++++++++++++++++++++-
tests/CMakeLists.txt | 13 +-
tests/passwd.in | 1 +
tests/shadow.in | 2 +
tests/test_shadow.c | 71 ++++++++
5 files changed, 539 insertions(+), 2 deletions(-)
create mode 100644 tests/shadow.in
create mode 100644 tests/test_shadow.c
Changeset truncated at 500 lines:
diff --git a/src/nss_wrapper.c b/src/nss_wrapper.c
index b2b715e..ca57dfb 100644
--- a/src/nss_wrapper.c
+++ b/src/nss_wrapper.c
@@ -61,6 +61,7 @@
#include <pwd.h>
#include <grp.h>
+#include <shadow.h>
#include <netdb.h>
#include <arpa/inet.h>
@@ -340,6 +341,7 @@ struct nwrap_ops {
/* Public prototypes */
bool nss_wrapper_enabled(void);
+bool nss_wrapper_shadow_enabled(void);
bool nss_wrapper_hosts_enabled(void);
/* prototypes for files backend */
@@ -465,7 +467,6 @@ struct nwrap_libc {
};
struct nwrap_main {
- const char *nwrap_switch;
int num_backends;
struct nwrap_backend *backends;
struct nwrap_libc *libc;
@@ -484,6 +485,7 @@ struct nwrap_cache {
void (*unload)(struct nwrap_cache *);
};
+/* passwd */
struct nwrap_pw {
struct nwrap_cache *cache;
@@ -498,6 +500,22 @@ struct nwrap_pw nwrap_pw_global;
static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line);
static void nwrap_pw_unload(struct nwrap_cache *nwrap);
+/* shadow */
+struct nwrap_sp {
+ struct nwrap_cache *cache;
+
+ struct spwd *list;
+ int num;
+ int idx;
+};
+
+struct nwrap_cache __nwrap_cache_sp;
+struct nwrap_sp nwrap_sp_global;
+
+static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line);
+static void nwrap_sp_unload(struct nwrap_cache *nwrap);
+
+/* group */
struct nwrap_gr {
struct nwrap_cache *cache;
@@ -509,6 +527,7 @@ struct nwrap_gr {
struct nwrap_cache __nwrap_cache_gr;
struct nwrap_gr nwrap_gr_global;
+/* hosts */
static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line);
static void nwrap_he_unload(struct nwrap_cache *nwrap);
@@ -1250,6 +1269,7 @@ static void nwrap_init(void)
nwrap_backend_init(nwrap_main_global);
+ /* passwd */
nwrap_pw_global.cache = &__nwrap_cache_pw;
nwrap_pw_global.cache->path = getenv("NSS_WRAPPER_PASSWD");
@@ -1258,6 +1278,16 @@ static void nwrap_init(void)
nwrap_pw_global.cache->parse_line = nwrap_pw_parse_line;
nwrap_pw_global.cache->unload = nwrap_pw_unload;
+ /* shadow */
+ nwrap_sp_global.cache = &__nwrap_cache_sp;
+
+ nwrap_sp_global.cache->path = getenv("NSS_WRAPPER_SHADOW");
+ nwrap_sp_global.cache->fd = -1;
+ nwrap_sp_global.cache->private_data = &nwrap_sp_global;
+ nwrap_sp_global.cache->parse_line = nwrap_sp_parse_line;
+ nwrap_sp_global.cache->unload = nwrap_sp_unload;
+
+ /* group */
nwrap_gr_global.cache = &__nwrap_cache_gr;
nwrap_gr_global.cache->path = getenv("NSS_WRAPPER_GROUP");
@@ -1266,6 +1296,7 @@ static void nwrap_init(void)
nwrap_gr_global.cache->parse_line = nwrap_gr_parse_line;
nwrap_gr_global.cache->unload = nwrap_gr_unload;
+ /* hosts */
nwrap_he_global.cache = &__nwrap_cache_he;
nwrap_he_global.cache->path = getenv("NSS_WRAPPER_HOSTS");
@@ -1291,6 +1322,18 @@ bool nss_wrapper_enabled(void)
return true;
}
+bool nss_wrapper_shadow_enabled(void)
+{
+ nwrap_init();
+
+ if (nwrap_sp_global.cache->path == NULL ||
+ nwrap_sp_global.cache->path[0] == '\0') {
+ return false;
+ }
+
+ return true;
+}
+
bool nss_wrapper_hosts_enabled(void)
{
nwrap_init();
@@ -1678,6 +1721,297 @@ static int nwrap_pw_copy_r(const struct passwd *src,
struct passwd *dst,
return 0;
}
+static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line)
+{
+ struct nwrap_sp *nwrap_sp;
+ struct spwd *sp;
+ size_t list_size;
+ char *c;
+ char *e;
+ char *p;
+
+ nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
+
+ list_size = sizeof(*nwrap_sp->list) * (nwrap_sp->num+1);
+ sp = (struct spwd *)realloc(nwrap_sp->list, list_size);
+ if (sp == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "realloc(%u) failed",
+ (unsigned)list_size);
+ return false;
+ }
+ nwrap_sp->list = sp;
+
+ sp = &nwrap_sp->list[nwrap_sp->num];
+
+ c = line;
+
+ /* name */
+ p = strchr(c, ':');
+ if (p == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "name -- Invalid line[%s]: '%s'",
+ line,
+ c);
+ return false;
+ }
+ *p = '\0';
+ p++;
+ sp->sp_namp = c;
+ c = p;
+
+ NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", sp->sp_namp);
+
+ /* pwd */
+ p = strchr(c, ':');
+ if (p == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "pwd -- Invalid line[%s]: '%s'",
+ line,
+ c);
+ return false;
+ }
+ *p = '\0';
+ p++;
+ sp->sp_pwdp = c;
+ c = p;
+
+ /* lstchg (long) */
+ if (c[0] == ':') {
+ sp->sp_lstchg = -1;
+ p++;
+ } else {
+ p = strchr(c, ':');
+ if (p == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "lstchg -- Invalid line[%s]: '%s'",
+ line,
+ c);
+ return false;
+ }
+ *p = '\0';
+ p++;
+ sp->sp_lstchg = strtol(c, &e, 10);
+ if (c == e) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "lstchg -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "lstchg -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e[0] != '\0') {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "lstchg -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ }
+ c = p;
+
+ /* min (long) */
+ if (c[0] == ':') {
+ sp->sp_min = -1;
+ p++;
+ } else {
+ p = strchr(c, ':');
+ if (p == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "min -- Invalid line[%s]: '%s'",
+ line,
+ c);
+ return false;
+ }
+ *p = '\0';
+ p++;
+ sp->sp_min = strtol(c, &e, 10);
+ if (c == e) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "min -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "min -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e[0] != '\0') {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "min -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ }
+ c = p;
+
+ /* max (long) */
+ if (c[0] == ':') {
+ sp->sp_max = -1;
+ p++;
+ } else {
+ p = strchr(c, ':');
+ if (p == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "max -- Invalid line[%s]: '%s'",
+ line,
+ c);
+ return false;
+ }
+ *p = '\0';
+ p++;
+ sp->sp_max = strtol(c, &e, 10);
+ if (c == e) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "max -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "max -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e[0] != '\0') {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "max -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ }
+ c = p;
+
+ /* warn (long) */
+ if (c[0] == ':') {
+ sp->sp_warn = -1;
+ p++;
+ } else {
+ p = strchr(c, ':');
+ if (p == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "warn -- Invalid line[%s]: '%s'",
+ line,
+ c);
+ return false;
+ }
+ *p = '\0';
+ p++;
+ sp->sp_warn = strtol(c, &e, 10);
+ if (c == e) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "warn -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "warn -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e[0] != '\0') {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "warn -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ }
+ c = p;
+
+ /* inact (long) */
+ if (c[0] == ':') {
+ sp->sp_inact = -1;
+ p++;
+ } else {
+ p = strchr(c, ':');
+ if (p == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "inact -- Invalid line[%s]: '%s'",
+ line,
+ c);
+ return false;
+ }
+ *p = '\0';
+ p++;
+ sp->sp_inact = strtol(c, &e, 10);
+ if (c == e) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "inact -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "inact -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e[0] != '\0') {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "inact -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ }
+ c = p;
+
+ /* expire (long) */
+ if (c[0] == ':') {
+ sp->sp_expire = -1;
+ p++;
+ } else {
+ p = strchr(c, ':');
+ if (p == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "expire -- Invalid line[%s]: '%s'",
+ line,
+ c);
+ return false;
+ }
+ *p = '\0';
+ p++;
+ sp->sp_expire = strtol(c, &e, 10);
+ if (c == e) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "expire -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "expire -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ if (e[0] != '\0') {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "expire -- Invalid line[%s]: '%s' - %s",
+ line, c, strerror(errno));
+ return false;
+ }
+ }
+ c = p;
+
+ nwrap_sp->num++;
+ return true;
+}
+
+static void nwrap_sp_unload(struct nwrap_cache *nwrap)
+{
+ struct nwrap_sp *nwrap_sp;
+ nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
+
+ SAFE_FREE(nwrap_sp->list);
+ nwrap_sp->num = 0;
+ nwrap_sp->idx = 0;
+}
+
/*
* the caller has to call nwrap_unload() on failure
*/
@@ -2202,6 +2536,64 @@ static void nwrap_files_endpwent(struct nwrap_backend *b)
nwrap_pw_global.idx = 0;
}
+/* shadow */
+static void nwrap_files_setspent(void)
+{
+ nwrap_sp_global.idx = 0;
+}
+
+static struct spwd *nwrap_files_getspent(void)
+{
+ struct spwd *sp;
+
+ if (nwrap_sp_global.idx == 0) {
+ nwrap_files_cache_reload(nwrap_sp_global.cache);
+ }
+
+ if (nwrap_sp_global.idx >= nwrap_sp_global.num) {
+ errno = ENOENT;
+ return NULL;
+ }
+
+ sp = &nwrap_sp_global.list[nwrap_sp_global.idx++];
+
+ NWRAP_LOG(NWRAP_LOG_DEBUG,
+ "return user[%s]",
+ sp->sp_namp);
+
+ return sp;
+}
+
+static void nwrap_files_endspent(void)
+{
+ nwrap_sp_global.idx = 0;
+}
+
+static struct spwd *nwrap_files_getspnam(const char *name)
+{
+ int i;
+
+ NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
+
+ nwrap_files_cache_reload(nwrap_sp_global.cache);
+
+ for (i=0; i<nwrap_sp_global.num; i++) {
+ if (strcmp(nwrap_sp_global.list[i].sp_namp, name) == 0) {
+ NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
+ return &nwrap_sp_global.list[i];
+ }
+ NWRAP_LOG(NWRAP_LOG_DEBUG,
+ "user[%s] does not match [%s]",
+ name,
+ nwrap_sp_global.list[i].sp_namp);
+ }
+
+ NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
+
+ errno = ENOENT;
+ return NULL;
+}
+
/* misc functions */
static int nwrap_files_initgroups(struct nwrap_backend *b,
const char *user,
@@ -3676,6 +4068,66 @@ int getgrouplist(const char *user, gid_t group, gid_t
*groups, int *ngroups)
#endif
/**********************************************************
+ * SHADOW
+ **********************************************************/
+
+static void nwrap_setspent(void)
+{
+ nwrap_files_setspent();
+}
+
+void setspent(void)
+{
+ if (!nss_wrapper_shadow_enabled()) {
+ return;
+ }
+
--
NSS Wrapper Repository
