sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

lib: Change nss_wrapper to preloadable version.

Browse Source 
This imports nss_wrapper version 1.0.2.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andreas Schneider 2014-01-31 15:57:43 +01:00 committed by Stefan Metzmacher
parent b2163f23c0
commit 5bb410f853
7 changed files with 2470 additions and 1546 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configure.developer
View File

@ -2,5 +2,4 @@
`dirname $0`/configure -C \
--enable-developer \
--enable-socket-wrapper \
--enable-nss-wrapper \
"$@"

2764
lib/nss_wrapper/nss_wrapper.c
View File

File diff suppressed because it is too large Load Diff

171
lib/nss_wrapper/nss_wrapper.h
View File

@ -1,171 +0,0 @@
/*
* Copyright (C) Stefan Metzmacher 2007 <metze@samba.org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the author nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef __NSS_WRAPPER_H__
#define __NSS_WRAPPER_H__
struct passwd *nwrap_getpwnam(const char *name);
int nwrap_getpwnam_r(const char *name, struct passwd *pwbuf,
char *buf, size_t buflen, struct passwd **pwbufp);
struct passwd *nwrap_getpwuid(uid_t uid);
int nwrap_getpwuid_r(uid_t uid, struct passwd *pwbuf,
char *buf, size_t buflen, struct passwd **pwbufp);
void nwrap_setpwent(void);
struct passwd *nwrap_getpwent(void);
int nwrap_getpwent_r(struct passwd *pwbuf, char *buf,
size_t buflen, struct passwd **pwbufp);
void nwrap_endpwent(void);
int nwrap_initgroups(const char *user, gid_t group);
int nwrap_getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups);
struct group *nwrap_getgrnam(const char *name);
int nwrap_getgrnam_r(const char *name, struct group *gbuf,
char *buf, size_t buflen, struct group **gbufp);
struct group *nwrap_getgrgid(gid_t gid);
int nwrap_getgrgid_r(gid_t gid, struct group *gbuf,
char *buf, size_t buflen, struct group **gbufp);
void nwrap_setgrent(void);
struct group *nwrap_getgrent(void);
int nwrap_getgrent_r(struct group *gbuf, char *buf,
size_t buflen, struct group **gbufp);
void nwrap_endgrent(void);
#ifdef NSS_WRAPPER_REPLACE
#ifdef getpwnam
#undef getpwnam
#endif
#define getpwnam nwrap_getpwnam
#ifdef getpwnam_r
#undef getpwnam_r
#endif
#define getpwnam_r nwrap_getpwnam_r
#ifdef getpwuid
#undef getpwuid
#endif
#define getpwuid nwrap_getpwuid
#ifdef getpwuid_r
#undef getpwuid_r
#endif
#define getpwuid_r nwrap_getpwuid_r
#ifdef setpwent
#undef setpwent
#endif
#define setpwent nwrap_setpwent
#ifdef getpwent
#undef getpwent
#endif
#define getpwent nwrap_getpwent
#ifdef getpwent_r
#undef getpwent_r
#endif
#define getpwent_r nwrap_getpwent_r
#ifdef endpwent
#undef endpwent
#endif
#define endpwent nwrap_endpwent
#ifdef getgrlst
#undef getgrlst
#endif
#define getgrlst __none_nwrap_getgrlst
#ifdef getgrlst_r
#undef getgrlst_r
#endif
#define getgrlst_r __none_nwrap_getgrlst_r
#ifdef initgroups_dyn
#undef initgroups_dyn
#endif
#define initgroups_dyn __none_nwrap_initgroups_dyn
#ifdef initgroups
#undef initgroups
#endif
#define initgroups nwrap_initgroups
#ifdef getgrouplist
#undef getgrouplist
#endif
#define getgrouplist nwrap_getgrouplist
#ifdef getgrnam
#undef getgrnam
#endif
#define getgrnam nwrap_getgrnam
#ifdef getgrnam_r
#undef getgrnam_r
#endif
#define getgrnam_r nwrap_getgrnam_r
#ifdef getgrgid
#undef getgrgid
#endif
#define getgrgid nwrap_getgrgid
#ifdef getgrgid_r
#undef getgrgid_r
#endif
#define getgrgid_r nwrap_getgrgid_r
#ifdef setgrent
#undef setgrent
#endif
#define setgrent nwrap_setgrent
#ifdef getgrent
#undef getgrent
#endif
#define getgrent nwrap_getgrent
#ifdef getgrent_r
#undef getgrent_r
#endif
#define getgrent_r nwrap_getgrent_r
#ifdef endgrent
#undef endgrent
#endif
#define endgrent nwrap_endgrent
#endif /* NSS_WRAPPER_REPLACE */
#endif /* __NSS_WRAPPER_H__ */

958
lib/nss_wrapper/testsuite.c
View File

@ -1,958 +0,0 @@
/*
Unix SMB/CIFS implementation.
local testing of the nss wrapper
Copyright (C) Guenther Deschner 2009-2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#ifndef NSS_WRAPPER
#define NSS_WRAPPER
#endif
#include "torture/torture.h"
#include "torture/local/proto.h"
#include "lib/replace/system/passwd.h"
static bool copy_passwd(struct torture_context *tctx,
const struct passwd *pwd,
struct passwd *p)
{
p->pw_name = talloc_strdup(tctx, pwd->pw_name);
p->pw_passwd = talloc_strdup(tctx, pwd->pw_passwd);
p->pw_uid = pwd->pw_uid;
p->pw_gid = pwd->pw_gid;
p->pw_gecos = talloc_strdup(tctx, pwd->pw_gecos);
p->pw_dir = talloc_strdup(tctx, pwd->pw_dir);
p->pw_shell = talloc_strdup(tctx, pwd->pw_shell);
return true;
}
static void print_passwd(struct passwd *pwd)
{
printf("%s:%s:%lu:%lu:%s:%s:%s\n",
pwd->pw_name,
pwd->pw_passwd,
(unsigned long)pwd->pw_uid,
(unsigned long)pwd->pw_gid,
pwd->pw_gecos,
pwd->pw_dir,
pwd->pw_shell);
}
static bool test_nwrap_getpwnam(struct torture_context *tctx,
const char *name,
struct passwd *pwd_p)
{
struct passwd *pwd;
torture_comment(tctx, "Testing getpwnam: %s\n", name);
pwd = getpwnam(name);
if (pwd) {
print_passwd(pwd);
}
if (pwd_p) {
copy_passwd(tctx, pwd, pwd_p);
}
return pwd ? true : false;
}
static bool test_nwrap_getpwnam_r(struct torture_context *tctx,
const char *name,
struct passwd *pwd_p)
{
struct passwd pwd, *pwdp;
char buffer[4096];
int ret;
torture_comment(tctx, "Testing getpwnam_r: %s\n", name);
ret = getpwnam_r(name, &pwd, buffer, sizeof(buffer), &pwdp);
if (ret != 0) {
if (ret != ENOENT) {
torture_comment(tctx, "got %d return code\n", ret);
}
return false;
}
print_passwd(&pwd);
if (pwd_p) {
copy_passwd(tctx, &pwd, pwd_p);
}
return true;
}
static bool test_nwrap_getpwuid(struct torture_context *tctx,
uid_t uid,
struct passwd *pwd_p)
{
struct passwd *pwd;
torture_comment(tctx, "Testing getpwuid: %lu\n", (unsigned long)uid);
pwd = getpwuid(uid);
if (pwd) {
print_passwd(pwd);
}
if (pwd_p) {
copy_passwd(tctx, pwd, pwd_p);
}
return pwd ? true : false;
}
static bool test_nwrap_getpwuid_r(struct torture_context *tctx,
uid_t uid,
struct passwd *pwd_p)
{
struct passwd pwd, *pwdp;
char buffer[4096];
int ret;
torture_comment(tctx, "Testing getpwuid_r: %lu\n", (unsigned long)uid);
ret = getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &pwdp);
if (ret != 0) {
if (ret != ENOENT) {
torture_comment(tctx, "got %d return code\n", ret);
}
return false;
}
print_passwd(&pwd);
if (pwd_p) {
copy_passwd(tctx, &pwd, pwd_p);
}
return true;
}
static bool copy_group(struct torture_context *tctx,
const struct group *grp,
struct group *g)
{
int i;
g->gr_name = talloc_strdup(tctx, grp->gr_name);
g->gr_passwd = talloc_strdup(tctx, grp->gr_passwd);
g->gr_gid = grp->gr_gid;
g->gr_mem = NULL;
for (i=0; grp->gr_mem && grp->gr_mem[i]; i++) {
g->gr_mem = talloc_realloc(tctx, g->gr_mem, char *, i + 2);
g->gr_mem[i] = talloc_strdup(g->gr_mem, grp->gr_mem[i]);
g->gr_mem[i+1] = NULL;
}
return true;
}
static void print_group(struct group *grp)
{
int i;
printf("%s:%s:%lu:",
grp->gr_name,
grp->gr_passwd,
(unsigned long)grp->gr_gid);
if ((grp->gr_mem == NULL) || !grp->gr_mem[0]) {
printf("\n");
return;
}
for (i=0; grp->gr_mem[i+1]; i++) {
printf("%s,", grp->gr_mem[i]);
}
printf("%s\n", grp->gr_mem[i]);
}
static bool test_nwrap_getgrnam(struct torture_context *tctx,
const char *name,
struct group *grp_p)
{
struct group *grp;
torture_comment(tctx, "Testing getgrnam: %s\n", name);
grp = getgrnam(name);
if (grp) {
print_group(grp);
}
if (grp_p) {
copy_group(tctx, grp, grp_p);
}
return grp ? true : false;
}
static bool test_nwrap_getgrnam_r(struct torture_context *tctx,
const char *name,
struct group *grp_p)
{
struct group grp, *grpp;
char buffer[4096];
int ret;
torture_comment(tctx, "Testing getgrnam_r: %s\n", name);
ret = getgrnam_r(name, &grp, buffer, sizeof(buffer), &grpp);
if (ret != 0) {
if (ret != ENOENT) {
torture_comment(tctx, "got %d return code\n", ret);
}
return false;
}
print_group(&grp);
if (grp_p) {
copy_group(tctx, &grp, grp_p);
}
return true;
}
static bool test_nwrap_getgrgid(struct torture_context *tctx,
gid_t gid,
struct group *grp_p)
{
struct group *grp;
torture_comment(tctx, "Testing getgrgid: %lu\n", (unsigned long)gid);
grp = getgrgid(gid);
if (grp) {
print_group(grp);
}
if (grp_p) {
copy_group(tctx, grp, grp_p);
}
return grp ? true : false;
}
static bool test_nwrap_getgrgid_r(struct torture_context *tctx,
gid_t gid,
struct group *grp_p)
{
struct group grp, *grpp;
char buffer[4096];
int ret;
torture_comment(tctx, "Testing getgrgid_r: %lu\n", (unsigned long)gid);
ret = getgrgid_r(gid, &grp, buffer, sizeof(buffer), &grpp);
if (ret != 0) {
if (ret != ENOENT) {
torture_comment(tctx, "got %d return code\n", ret);
}
return false;
}
print_group(&grp);
if (grp_p) {
copy_group(tctx, &grp, grp_p);
}
return true;
}
static bool test_nwrap_enum_passwd(struct torture_context *tctx,
struct passwd **pwd_array_p,
size_t *num_pwd_p)
{
struct passwd *pwd;
struct passwd *pwd_array = NULL;
size_t num_pwd = 0;
torture_comment(tctx, "Testing setpwent\n");
setpwent();
while ((pwd = getpwent()) != NULL) {
torture_comment(tctx, "Testing getpwent\n");
print_passwd(pwd);
if (pwd_array_p && num_pwd_p) {
pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
torture_assert(tctx, pwd_array, "out of memory");
copy_passwd(tctx, pwd, &pwd_array[num_pwd]);
num_pwd++;
}
}
torture_comment(tctx, "Testing endpwent\n");
endpwent();
if (pwd_array_p) {
*pwd_array_p = pwd_array;
}
if (num_pwd_p) {
*num_pwd_p = num_pwd;
}
return true;
}
static bool test_nwrap_enum_r_passwd(struct torture_context *tctx,
struct passwd **pwd_array_p,
size_t *num_pwd_p)
{
struct passwd pwd, *pwdp;
struct passwd *pwd_array = NULL;
size_t num_pwd = 0;
char buffer[4096];
int ret;
torture_comment(tctx, "Testing setpwent\n");
setpwent();
while (1) {
torture_comment(tctx, "Testing getpwent_r\n");
ret = getpwent_r(&pwd, buffer, sizeof(buffer), &pwdp);
if (ret != 0) {
if (ret != ENOENT) {
torture_comment(tctx, "got %d return code\n", ret);
}
break;
}
print_passwd(&pwd);
if (pwd_array_p && num_pwd_p) {
pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
torture_assert(tctx, pwd_array, "out of memory");
copy_passwd(tctx, &pwd, &pwd_array[num_pwd]);
num_pwd++;
}
}
torture_comment(tctx, "Testing endpwent\n");
endpwent();
if (pwd_array_p) {
*pwd_array_p = pwd_array;
}
if (num_pwd_p) {
*num_pwd_p = num_pwd;
}
return true;
}
static bool torture_assert_passwd_equal(struct torture_context *tctx,
const struct passwd *p1,
const struct passwd *p2,
const char *comment)
{
torture_assert_str_equal(tctx, p1->pw_name, p2->pw_name, comment);
torture_assert_str_equal(tctx, p1->pw_passwd, p2->pw_passwd, comment);
torture_assert_int_equal(tctx, p1->pw_uid, p2->pw_uid, comment);
torture_assert_int_equal(tctx, p1->pw_gid, p2->pw_gid, comment);
torture_assert_str_equal(tctx, p1->pw_gecos, p2->pw_gecos, comment);
torture_assert_str_equal(tctx, p1->pw_dir, p2->pw_dir, comment);
torture_assert_str_equal(tctx, p1->pw_shell, p2->pw_shell, comment);
return true;
}
static bool test_nwrap_passwd(struct torture_context *tctx)
{
int i;
struct passwd *pwd, pwd1, pwd2;
size_t num_pwd;
torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
"failed to enumerate passwd");
for (i=0; i < num_pwd; i++) {
torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd1),
"failed to call getpwnam for enumerated user");
torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
"getpwent and getpwnam gave different results");
torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd2),
"failed to call getpwuid for enumerated user");
torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
"getpwent and getpwuid gave different results");
torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
"getpwnam and getpwuid gave different results");
}
return true;
}
static bool test_nwrap_passwd_r(struct torture_context *tctx)
{
int i;
struct passwd *pwd, pwd1, pwd2;
size_t num_pwd;
torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
"failed to enumerate passwd");
for (i=0; i < num_pwd; i++) {
torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
"failed to call getpwnam_r for enumerated user");
torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
"getpwent_r and getpwnam_r gave different results");
torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
"failed to call getpwuid_r for enumerated user");
torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
"getpwent_r and getpwuid_r gave different results");
torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
"getpwnam_r and getpwuid_r gave different results");
}
return true;
}
static bool test_nwrap_passwd_r_cross(struct torture_context *tctx)
{
int i;
struct passwd *pwd, pwd1, pwd2, pwd3, pwd4;
size_t num_pwd;
torture_assert(tctx, test_nwrap_enum_r_passwd(tctx, &pwd, &num_pwd),
"failed to enumerate passwd");
for (i=0; i < num_pwd; i++) {
torture_assert(tctx, test_nwrap_getpwnam_r(tctx, pwd[i].pw_name, &pwd1),
"failed to call getpwnam_r for enumerated user");
torture_assert_passwd_equal(tctx, &pwd[i], &pwd1,
"getpwent_r and getpwnam_r gave different results");
torture_assert(tctx, test_nwrap_getpwuid_r(tctx, pwd[i].pw_uid, &pwd2),
"failed to call getpwuid_r for enumerated user");
torture_assert_passwd_equal(tctx, &pwd[i], &pwd2,
"getpwent_r and getpwuid_r gave different results");
torture_assert_passwd_equal(tctx, &pwd1, &pwd2,
"getpwnam_r and getpwuid_r gave different results");
torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name, &pwd3),
"failed to call getpwnam for enumerated user");
torture_assert_passwd_equal(tctx, &pwd[i], &pwd3,
"getpwent_r and getpwnam gave different results");
torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid, &pwd4),
"failed to call getpwuid for enumerated user");
torture_assert_passwd_equal(tctx, &pwd[i], &pwd4,
"getpwent_r and getpwuid gave different results");
torture_assert_passwd_equal(tctx, &pwd3, &pwd4,
"getpwnam and getpwuid gave different results");
}
return true;
}
static bool test_nwrap_enum_group(struct torture_context *tctx,
struct group **grp_array_p,
size_t *num_grp_p)
{
struct group *grp;
struct group *grp_array = NULL;
size_t num_grp = 0;
torture_comment(tctx, "Testing setgrent\n");
setgrent();
while ((grp = getgrent()) != NULL) {
torture_comment(tctx, "Testing getgrent\n");
print_group(grp);
if (grp_array_p && num_grp_p) {
grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
torture_assert(tctx, grp_array, "out of memory");
copy_group(tctx, grp, &grp_array[num_grp]);
num_grp++;
}
}
torture_comment(tctx, "Testing endgrent\n");
endgrent();
if (grp_array_p) {
*grp_array_p = grp_array;
}
if (num_grp_p) {
*num_grp_p = num_grp;
}
return true;
}
static bool test_nwrap_enum_r_group(struct torture_context *tctx,
struct group **grp_array_p,
size_t *num_grp_p)
{
struct group grp, *grpp;
struct group *grp_array = NULL;
size_t num_grp = 0;
char buffer[4096];
int ret;
torture_comment(tctx, "Testing setgrent\n");
setgrent();
while (1) {
torture_comment(tctx, "Testing getgrent_r\n");
ret = getgrent_r(&grp, buffer, sizeof(buffer), &grpp);
if (ret != 0) {
if (ret != ENOENT) {
torture_comment(tctx, "got %d return code\n", ret);
}
break;
}
print_group(&grp);
if (grp_array_p && num_grp_p) {
grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
torture_assert(tctx, grp_array, "out of memory");
copy_group(tctx, &grp, &grp_array[num_grp]);
num_grp++;
}
}
torture_comment(tctx, "Testing endgrent\n");
endgrent();
if (grp_array_p) {
*grp_array_p = grp_array;
}
if (num_grp_p) {
*num_grp_p = num_grp;
}
return true;
}
static bool torture_assert_group_equal(struct torture_context *tctx,
const struct group *g1,
const struct group *g2,
const char *comment)
{
int i;
torture_assert_str_equal(tctx, g1->gr_name, g2->gr_name, comment);
torture_assert_str_equal(tctx, g1->gr_passwd, g2->gr_passwd, comment);
torture_assert_int_equal(tctx, g1->gr_gid, g2->gr_gid, comment);
if (g1->gr_mem && !g2->gr_mem) {
return false;
}
if (!g1->gr_mem && g2->gr_mem) {
return false;
}
if (!g1->gr_mem && !g2->gr_mem) {
return true;
}
for (i=0; g1->gr_mem[i] && g2->gr_mem[i]; i++) {
torture_assert_str_equal(tctx, g1->gr_mem[i], g2->gr_mem[i], comment);
}
return true;
}
static bool test_nwrap_group(struct torture_context *tctx)
{
int i;
struct group *grp, grp1, grp2;
size_t num_grp;
torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
"failed to enumerate group");
for (i=0; i < num_grp; i++) {
torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp1),
"failed to call getgrnam for enumerated user");
torture_assert_group_equal(tctx, &grp[i], &grp1,
"getgrent and getgrnam gave different results");
torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp2),
"failed to call getgrgid for enumerated user");
torture_assert_group_equal(tctx, &grp[i], &grp2,
"getgrent and getgrgid gave different results");
torture_assert_group_equal(tctx, &grp1, &grp2,
"getgrnam and getgrgid gave different results");
}
return true;
}
static bool test_nwrap_group_r(struct torture_context *tctx)
{
int i;
struct group *grp, grp1, grp2;
size_t num_grp;
torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
"failed to enumerate group");
for (i=0; i < num_grp; i++) {
torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
"failed to call getgrnam_r for enumerated user");
torture_assert_group_equal(tctx, &grp[i], &grp1,
"getgrent_r and getgrnam_r gave different results");
torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
"failed to call getgrgid_r for enumerated user");
torture_assert_group_equal(tctx, &grp[i], &grp2,
"getgrent_r and getgrgid_r gave different results");
torture_assert_group_equal(tctx, &grp1, &grp2,
"getgrnam_r and getgrgid_r gave different results");
}
return true;
}
static bool test_nwrap_group_r_cross(struct torture_context *tctx)
{
int i;
struct group *grp, grp1, grp2, grp3, grp4;
size_t num_grp;
torture_assert(tctx, test_nwrap_enum_r_group(tctx, &grp, &num_grp),
"failed to enumerate group");
for (i=0; i < num_grp; i++) {
torture_assert(tctx, test_nwrap_getgrnam_r(tctx, grp[i].gr_name, &grp1),
"failed to call getgrnam_r for enumerated user");
torture_assert_group_equal(tctx, &grp[i], &grp1,
"getgrent_r and getgrnam_r gave different results");
torture_assert(tctx, test_nwrap_getgrgid_r(tctx, grp[i].gr_gid, &grp2),
"failed to call getgrgid_r for enumerated user");
torture_assert_group_equal(tctx, &grp[i], &grp2,
"getgrent_r and getgrgid_r gave different results");
torture_assert_group_equal(tctx, &grp1, &grp2,
"getgrnam_r and getgrgid_r gave different results");
torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name, &grp3),
"failed to call getgrnam for enumerated user");
torture_assert_group_equal(tctx, &grp[i], &grp3,
"getgrent_r and getgrnam gave different results");
torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid, &grp4),
"failed to call getgrgid for enumerated user");
torture_assert_group_equal(tctx, &grp[i], &grp4,
"getgrent_r and getgrgid gave different results");
torture_assert_group_equal(tctx, &grp3, &grp4,
"getgrnam and getgrgid gave different results");
}
return true;
}
static bool test_nwrap_getgrouplist(struct torture_context *tctx,
const char *user,
gid_t gid,
gid_t **gids_p,
int *num_gids_p)
{
int ret;
int num_groups = 0;
gid_t *groups = NULL;
torture_comment(tctx, "Testing getgrouplist: %s\n", user);
ret = getgrouplist(user, gid, NULL, &num_groups);
if (ret == -1 || num_groups != 0) {
groups = talloc_array(tctx, gid_t, num_groups);
torture_assert(tctx, groups, "out of memory\n");
ret = getgrouplist(user, gid, groups, &num_groups);
}
torture_assert(tctx, (ret != -1), "failed to call getgrouplist");
torture_comment(tctx, "%s is member in %d groups\n", user, num_groups);
if (gids_p) {
*gids_p = groups;
}
if (num_gids_p) {
*num_gids_p = num_groups;
}
return true;
}
static bool test_nwrap_user_in_group(struct torture_context *tctx,
const struct passwd *pwd,
const struct group *grp)
{
int i;
for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
if (strequal(grp->gr_mem[i], pwd->pw_name)) {
return true;
}
}
return false;
}
static bool test_nwrap_membership_user(struct torture_context *tctx,
const struct passwd *pwd,
struct group *grp_array,
size_t num_grp)
{
int num_user_groups = 0;
int num_user_groups_from_enum = 0;
gid_t *user_groups = NULL;
int g, i;
bool primary_group_had_user_member = false;
torture_assert(tctx, test_nwrap_getgrouplist(tctx,
pwd->pw_name,
pwd->pw_gid,
&user_groups,
&num_user_groups),
"failed to test getgrouplist");
for (g=0; g < num_user_groups; g++) {
torture_assert(tctx, test_nwrap_getgrgid(tctx, user_groups[g], NULL),
"failed to find the group the user is a member of");
}
for (i=0; i < num_grp; i++) {
struct group grp = grp_array[i];
if (test_nwrap_user_in_group(tctx, pwd, &grp)) {
struct group current_grp;
num_user_groups_from_enum++;
torture_assert(tctx, test_nwrap_getgrnam(tctx, grp.gr_name, &current_grp),
"failed to find the group the user is a member of");
if (current_grp.gr_gid == pwd->pw_gid) {
torture_comment(tctx, "primary group %s of user %s lists user as member\n",
current_grp.gr_name,
pwd->pw_name);
primary_group_had_user_member = true;
}
continue;
}
}
if (!primary_group_had_user_member) {
num_user_groups_from_enum++;
}
torture_assert_int_equal(tctx, num_user_groups, num_user_groups_from_enum,
"getgrouplist and real inspection of grouplist gave different results\n");
return true;
}
static bool test_nwrap_membership(struct torture_context *tctx)
{
const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
const char *old_group = getenv("NSS_WRAPPER_GROUP");
struct passwd *pwd;
size_t num_pwd;
struct group *grp;
size_t num_grp;
int i;
if (!old_pwd || !old_group) {
torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
torture_skip(tctx, "nothing to test\n");
}
torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
"failed to enumerate passwd");
torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
"failed to enumerate group");
for (i=0; i < num_pwd; i++) {
torture_assert(tctx, test_nwrap_membership_user(tctx, &pwd[i], grp, num_grp),
"failed to test membership for user");
}
return true;
}
static bool test_nwrap_enumeration(struct torture_context *tctx)
{
const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
const char *old_group = getenv("NSS_WRAPPER_GROUP");
if (!old_pwd || !old_group) {
torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
torture_skip(tctx, "nothing to test\n");
}
torture_assert(tctx, test_nwrap_passwd(tctx),
"failed to test users");
torture_assert(tctx, test_nwrap_group(tctx),
"failed to test groups");
return true;
}
static bool test_nwrap_reentrant_enumeration(struct torture_context *tctx)
{
const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
const char *old_group = getenv("NSS_WRAPPER_GROUP");
if (!old_pwd || !old_group) {
torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
torture_skip(tctx, "nothing to test\n");
}
torture_comment(tctx, "Testing re-entrant calls\n");
torture_assert(tctx, test_nwrap_passwd_r(tctx),
"failed to test users");
torture_assert(tctx, test_nwrap_group_r(tctx),
"failed to test groups");
return true;
}
static bool test_nwrap_reentrant_enumeration_crosschecks(struct torture_context *tctx)
{
const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
const char *old_group = getenv("NSS_WRAPPER_GROUP");
if (!old_pwd || !old_group) {
torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
torture_skip(tctx, "nothing to test\n");
}
torture_comment(tctx, "Testing re-entrant calls with cross checks\n");
torture_assert(tctx, test_nwrap_passwd_r_cross(tctx),
"failed to test users");
torture_assert(tctx, test_nwrap_group_r_cross(tctx),
"failed to test groups");
return true;
}
static bool test_nwrap_passwd_duplicates(struct torture_context *tctx)
{
int i, d;
struct passwd *pwd;
size_t num_pwd;
int duplicates = 0;
torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
"failed to enumerate passwd");
for (i=0; i < num_pwd; i++) {
const char *current_name = pwd[i].pw_name;
for (d=0; d < num_pwd; d++) {
const char *dup_name = pwd[d].pw_name;
if (d == i) {
continue;
}
if (!strequal(current_name, dup_name)) {
continue;
}
torture_warning(tctx, "found duplicate names:");
print_passwd(&pwd[d]);
print_passwd(&pwd[i]);
duplicates++;
}
}
if (duplicates) {
torture_fail(tctx, talloc_asprintf(tctx, "found %d duplicate names", duplicates));
}
return true;
}
static bool test_nwrap_group_duplicates(struct torture_context *tctx)
{
int i, d;
struct group *grp;
size_t num_grp;
int duplicates = 0;
torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
"failed to enumerate group");
for (i=0; i < num_grp; i++) {
const char *current_name = grp[i].gr_name;
for (d=0; d < num_grp; d++) {
const char *dup_name = grp[d].gr_name;
if (d == i) {
continue;
}
if (!strequal(current_name, dup_name)) {
continue;
}
torture_warning(tctx, "found duplicate names:");
print_group(&grp[d]);
print_group(&grp[i]);
duplicates++;
}
}
if (duplicates) {
torture_fail(tctx, talloc_asprintf(tctx, "found %d duplicate names", duplicates));
}
return true;
}
static bool test_nwrap_duplicates(struct torture_context *tctx)
{
const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
const char *old_group = getenv("NSS_WRAPPER_GROUP");
if (!old_pwd || !old_group) {
torture_comment(tctx, "ENV NSS_WRAPPER_PASSWD or NSS_WRAPPER_GROUP not set\n");
torture_skip(tctx, "nothing to test\n");
}
torture_assert(tctx, test_nwrap_passwd_duplicates(tctx),
"failed to test users");
torture_assert(tctx, test_nwrap_group_duplicates(tctx),
"failed to test groups");
return true;
}
struct torture_suite *torture_local_nss_wrapper(TALLOC_CTX *mem_ctx)
{
struct torture_suite *suite = torture_suite_create(mem_ctx, "nss-wrapper");
torture_suite_add_simple_test(suite, "enumeration", test_nwrap_enumeration);
torture_suite_add_simple_test(suite, "reentrant enumeration", test_nwrap_reentrant_enumeration);
torture_suite_add_simple_test(suite, "reentrant enumeration crosschecks", test_nwrap_reentrant_enumeration_crosschecks);
torture_suite_add_simple_test(suite, "membership", test_nwrap_membership);
torture_suite_add_simple_test(suite, "duplicates", test_nwrap_duplicates);
return suite;
}

111
lib/nss_wrapper/wscript
View File

@ -1,17 +1,106 @@
#!/usr/bin/env python
import Options
import os
def set_options(opt):
gr = opt.option_group('developer options')
gr.add_option('--enable-nss-wrapper',
help=("Turn on nss wrapper library (default=no)"),
action="store_true", dest='enable_nss_wrapper', default=False)
VERSION="1.0.2"
def configure(conf):
if (Options.options.enable_nss_wrapper or
Options.options.developer or
Options.options.enable_selftest):
conf.DEFINE('NSS_WRAPPER', 1)
conf.ADD_GLOBAL_DEPENDENCY('nss_wrapper')
if conf.CHECK_BUNDLED_SYSTEM('nss_wrapper', minversion=VERSION, set_target=False):
conf.DEFINE('USING_SYSTEM_NSS_WRAPPER', 1)
libnss_wrapper_so_path = 'libnss_wrapper.so'
else:
# check HAVE_GCC_THREAD_LOCAL_STORAGE
conf.CHECK_CODE('''
__thread int tls;
int main(void) {
return 0;
}
''',
'HAVE_GCC_THREAD_LOCAL_STORAGE',
addmain=False,
msg='Checking for thread local storage')
# check HAVE_DESTRUCTOR_ATTRIBUTE
conf.CHECK_CODE('''
void test_destructor_attribute(void) __attribute__ ((destructor));
void test_destructor_attribute(void)
{
return;
}
int main(void) {
return 0;
}
''',
'HAVE_DESTRUCTOR_ATTRIBUTE',
addmain=False,
msg='Checking for library destructor support')
conf.CHECK_FUNCS('gethostbyaddr_r gethostbyname_r')
# Solaris
conf.CHECK_FUNCS('__posix_getpwnam_r __posix_getpwuid_r')
conf.CHECK_FUNCS('__posix_getgrgid_r __posix_getgrnam_r')
conf.CHECK_FUNCS_IN('nsl',
'gethostname',
checklibc=True,
headers='unistd.h')
# Prototype checks
conf.CHECK_C_PROTOTYPE('getpwent_r',
'struct passwd *getpwent_r(struct passwd *src, char *buf, int buflen)',
define='HAVE_SOLARIS_GETPWENT_R', headers='unistd.h pwd.h')
conf.CHECK_C_PROTOTYPE('getpwnam_r',
'int getpwnam_r(const char *name, struct passwd *pwd, char *buf, int buflen, struct passwd **ppwd)',
define='HAVE_SOLARIS_GETPWNAM_R', headers='unistd.h pwd.h')
conf.CHECK_C_PROTOTYPE('getpwuid_r',
'int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, int buflen, struct passwd **ppwd)',
define='HAVE_SOLARIS_GETPWUID_R', headers='unistd.h pwd.h')
conf.CHECK_C_PROTOTYPE('getgrent_r',
'struct group *getgrent_r(struct group *src, char *buf, int buflen)',
define='SOLARIS_GETGRENT_R', headers='unistd.h grp.h')
conf.CHECK_C_PROTOTYPE('getgrnam_r',
'int getgrnam_r(const char *name, struct group *grp, char *buf, int buflen, struct group **pgrp)',
define='HAVE_SOLARIS_GETGRNAM_R', headers='unistd.h grp.h')
conf.CHECK_C_PROTOTYPE('getgrgid_r',
'int getgrgid_r(gid_t gid, struct group *grp, char *buf, int buflen, struct group **pgrp)',
define='HAVE_SOLARIS_GETGRGID_R', headers='unistd.h grp.h')
conf.CHECK_C_PROTOTYPE('sethostent',
'int sethostent(int stayopen)',
define='HAVE_SOLARIS_SETHOSTENT', headers='unistd.h netdb.h')
conf.CHECK_C_PROTOTYPE('endhostent',
'int endhostent(void)',
define='HAVE_SOLARIS_ENDHOSTENT', headers='unistd.h netdb.h')
conf.CHECK_C_PROTOTYPE('gethostname',
'int gethostname(char *name, int len)',
define='HAVE_SOLARIS_GETHOSTNAME', headers='unistd.h netdb.h')
conf.CHECK_C_PROTOTYPE('setgrent',
'int setgrent(void)',
define='HAVE_BSD_SETGRENT', headers='unistd.h grp.h')
conf.CHECK_C_PROTOTYPE('getnameinfo',
'int getnameinfo (const struct sockaddr *sa, socklen_t salen, char *host, socklen_t __hostlen, char *serv, socklen_t servlen, int flags)',
define='HAVE_LINUX_GETNAMEINFO', headers='unistd.h netdb.h')
conf.CHECK_C_PROTOTYPE('getnameinfo',
'int getnameinfo (const struct sockaddr *sa, socklen_t salen, char *host, socklen_t __hostlen, char *serv, socklen_t servlen, unsigned int flags)',
define='HAVE_LINUX_GETNAMEINFO_UNSIGNED', headers='unistd.h netdb.h')
# Create full path to nss_wrapper
srcdir = os.path.realpath(conf.srcdir)
libnss_wrapper_so_path = srcdir + '/bin/default/lib/nss_wrapper/libnss-wrapper.so'
conf.DEFINE('LIBNSS_WRAPPER_SO_PATH', libnss_wrapper_so_path)
conf.DEFINE('NSS_WRAPPER', 1)
def build(bld):
if not bld.CONFIG_SET("USING_SYSTEM_NSS_WRAPPER"):
# We need to do it this way or the library wont work.
# Using private_library=True will add symbol version which
# breaks preloading!
bld.SAMBA_LIBRARY('nss_wrapper',
source='nss_wrapper.c',
cflags='-DNDEBUG',
deps='dl',
install=False,
realname='libnss-wrapper.so')

10
lib/nss_wrapper/wscript_build
View File

@ -1,10 +0,0 @@
#!/usr/bin/env python
bld.SAMBA_LIBRARY('nss_wrapper',
source='nss_wrapper.c',
deps='replace',
private_library=True,
enabled=bld.CONFIG_SET("NSS_WRAPPER"),
)

1
wscript
View File

@ -40,7 +40,6 @@ def set_options(opt):
opt.RECURSE('lib/ntdb')
opt.RECURSE('selftest')
opt.RECURSE('source4/lib/tls')
opt.RECURSE('lib/nss_wrapper')
opt.RECURSE('lib/socket_wrapper')
opt.RECURSE('pidl')
opt.RECURSE('source3')