├── examples ├── s6-rc │ ├── nsssd │ │ ├── type │ │ ├── notification-fd │ │ ├── producer-for │ │ └── run │ └── nsssd-log │ │ ├── dependencies │ │ ├── type │ │ ├── consumer-for │ │ ├── pipeline-name │ │ └── run ├── s6 │ └── nsssd │ │ ├── notification-fd │ │ ├── log │ │ └── run │ │ └── run └── openrc │ └── nsssd ├── src ├── tests │ ├── deps-exe │ │ ├── test-nsssd-switch │ │ ├── test-unix │ │ ├── test-switch │ │ └── test-all-fallback │ ├── test-unix.baseline │ ├── test-switch.baseline │ ├── test-all-fallback.baseline │ ├── test-nsssd-switch.baseline │ ├── test-switch.wrapper │ ├── test-nsssd-switch.wrapper │ ├── test-unix.c │ ├── test-all-fallback.c │ ├── test-switch.c │ └── test-nsssd-switch.c ├── nsssd │ ├── deps-lib │ │ └── nsssd │ ├── deps-exe │ │ ├── nsssd-unix │ │ ├── nsssd-nslcd │ │ └── nsssd-switch │ ├── nsssd-nslcd.h │ ├── nsssd_convert.c │ └── nsssd-unix.c ├── libnsss │ ├── nsss_all_errno.c │ ├── nsss_unix_grp_here.c │ ├── nsss_unix_pwd_here.c │ ├── nsss_unix_shadow_here.c │ ├── nsss-all-internal.h │ ├── nsss_switch_query_mutex.c │ ├── nsss_switch_query.c │ ├── nsss_pwd_here.c │ ├── nsss_unix_endgrent.c │ ├── nsss_unix_endpwent.c │ ├── nsss_shadow_here.c │ ├── nsss_unix_endspent.c │ ├── nsss_unix_end.c │ ├── nsss_unix_maybe_start.c │ ├── nsss_switch_grp_end.c │ ├── nsss_switch_pwd_end.c │ ├── nsss_switch_enumerator.c │ ├── nsss_switch_grp_rewind.c │ ├── nsss_switch_pwd_rewind.c │ ├── nsss_switch_shadow_end.c │ ├── nsss_unix_field.c │ ├── nsss_grp_here.c │ ├── nsss_switch_shadow_rewind.c │ ├── nsss_unix_setgrent.c │ ├── nsss_unix_setpwent.c │ ├── nsss_unix_setspent.c │ ├── nsss-unix-internal.h │ ├── nsss_unix_rewind.c │ ├── nsss_unix_start.c │ ├── nsss_all_endgrent.c │ ├── nsss_all_endpwent.c │ ├── nsss_all_endspent.c │ ├── nsss_switch_setgrent.c │ ├── nsss_switch_setpwent.c │ ├── nsss_switch_setspent.c │ ├── nsss_switch_endgrent.c │ ├── nsss_switch_endpwent.c │ ├── nsss_switch_endspent.c │ ├── nsss_switch_end.c │ ├── nsss_unix_getpwent.c │ ├── nsss_unix_getspent.c │ ├── nsss_unix_pwd_getbyuid.c │ ├── nsss_switch_op.c │ ├── nsss_unix_pwd_getbyname.c │ ├── nsss_unix_shadow_getbyname.c │ ├── nsss_switch_query_start.c │ ├── nsss_switch_getpwuid.c │ ├── nsss_unix_getpwuid.c │ ├── nsss_switch_getpwnam.c │ ├── nsss_unix_getpwnam.c │ ├── nsss_switch_getpwent.c │ ├── nsss_switch_getspnam.c │ ├── nsss_unix_getspnam.c │ ├── nsss_switch_getspent.c │ ├── nsss_unix_getgrent.c │ ├── nsss_unix_getgrouplist.c │ ├── nsss_all_setgrent.c │ ├── nsss_all_setpwent.c │ ├── nsss_all_setspent.c │ ├── nsss_unix_getgrgid.c │ ├── nsss_switch_getgrgid.c │ ├── nsss_unix_getgrnam.c │ ├── nsss_unix_grp_getbygid.c │ ├── nsss_switch_getgrnam.c │ ├── nsss_switch_getgrent.c │ ├── nsss_switch_pwd_get.c │ ├── nsss_pwd_copy.c │ ├── nsss_unix_getgrouplist_preadjust.c │ ├── nsss_unix_grp_getbyname.c │ ├── nsss_switch_shadow_get.c │ ├── nsss_switch_grp_get.c │ ├── nsss_shadow_copy.c │ ├── nsss_switch_set_timeout.c │ ├── nsss_grouplist_adjust.c │ ├── nsss_switch_pwd_getbyuid.c │ ├── nsss_switch_send.c │ ├── nsss_all_getpwuid.c │ ├── nsss_switch_grp_getbygid.c │ ├── nsss_all_getpwnam.c │ ├── nsss_switch_sendv.c │ ├── nsss_all_getpwent.c │ ├── nsss_all_getspnam.c │ ├── nsss_all_getspent.c │ ├── nsss_switch_startf.c │ ├── nsss_switch_start.c │ ├── nsss_all_getgrgid.c │ ├── nsss_all_getgrnam.c │ ├── nsss_unix_getpwent_r.c │ ├── nsss_all_getgrent.c │ ├── nsss_unix_getspent_r.c │ ├── nsss_unix_getpwuid_r.c │ ├── nsss_grp_copy.c │ ├── nsss_unix_getpwnam_r.c │ ├── nsss_unix_getspnam_r.c │ ├── nsss_all_getgrouplist.c │ ├── nsss_switch_pwd_getbyname.c │ ├── nsss_switch_shadow_getbyname.c │ ├── nsss_switch_grp_getbyname.c │ ├── nsss_switch_getgrouplist.c │ ├── nsss-internal.h │ ├── nsss_unix_getgrent_r.c │ ├── nsss_unix_getgrgid_r.c │ ├── nsss_unix_getgrnam_r.c │ ├── nsss_all_getpwuid_r.c │ ├── nsss_all_getpwnam_r.c │ ├── nsss_all_getspnam_r.c │ ├── nsss_all_getpwent_r.c │ ├── nsss_all_getspent_r.c │ ├── nsss_switch_getpwent_r.c │ ├── nsss_switch_getspent_r.c │ ├── nsss_switch_getpwuid_r.c │ ├── nsss_switch_getpwnam_r.c │ ├── nsss_switch_getspnam_r.c │ ├── nsss_all_getgrgid_r.c │ ├── nsss_unix_pwd_get.c │ ├── nsss_all_getgrnam_r.c │ ├── nsss-switch-internal.h │ ├── nsss_all_getgrent_r.c │ ├── nsss_unix_grp_getlist.c │ ├── nsss_switch_getgrent_r.c │ ├── nsss_switch_getgrgid_r.c │ ├── nsss_switch_getgrnam_r.c │ ├── nsss_unix_shadow_get.c │ ├── nsss_unix_grp_get.c │ ├── nsss_switch_pwd_read.c │ ├── nsss_switch_shadow_read.c │ ├── nsss_switch_grp_read.c │ ├── nsss_switch_grp_getlist.c │ └── deps-lib │ │ └── nsss └── include │ ├── nsss │ ├── nsss.h │ ├── nsss-all.h │ ├── grp-def.h │ ├── pwd-def.h │ ├── shadow-def.h │ ├── shadow-all.h │ ├── shadow-unix.h │ ├── shadow-switch.h │ ├── pwd-all.h │ ├── pwd-unix.h │ ├── pwd-switch.h │ ├── grp-all.h │ ├── grp-switch.h │ ├── grp-unix.h │ ├── pwd.h │ ├── shadow.h │ ├── nsss-unix.h │ ├── nsssd.h │ ├── grp.h │ └── nsss-switch.h │ ├── grp.h │ ├── pwd.h │ └── shadow.h ├── package ├── configure-snippets │ ├── configure_expand_dirs │ ├── configure_extra_checks │ ├── configure_help_install │ ├── configure_help_dependencies │ ├── configure_slashpackage_other │ ├── configure_init_vars │ ├── configure_generate_configh │ ├── configure_generate_make │ ├── configure_help_options │ └── configure_case_lines ├── deps-build ├── modes ├── info ├── targets.mak └── snippets ├── .gitignore ├── CONTRIBUTING ├── AUTHORS ├── README.solaris ├── patch-for-solaris ├── tools ├── run-test.sh ├── gen-configure.el ├── install.sh ├── gen-dotpc.sh └── gen-deps.sh ├── COPYING ├── README ├── DCO ├── NEWS └── doc ├── nsssd-unix.html ├── nsssd-nslcd.html ├── upgrade.html ├── libnsssd └── index.html ├── overview.html └── nsswitch.html /examples/s6-rc/nsssd/type: -------------------------------------------------------------------------------- 1 | longrun 2 | -------------------------------------------------------------------------------- /examples/s6-rc/nsssd-log/dependencies: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /examples/s6-rc/nsssd-log/type: -------------------------------------------------------------------------------- 1 | longrun 2 | -------------------------------------------------------------------------------- /examples/s6-rc/nsssd/notification-fd: -------------------------------------------------------------------------------- 1 | 3 2 | -------------------------------------------------------------------------------- /examples/s6/nsssd/notification-fd: -------------------------------------------------------------------------------- 1 | 3 2 | -------------------------------------------------------------------------------- /examples/s6-rc/nsssd-log/consumer-for: -------------------------------------------------------------------------------- 1 | nsssd 2 | -------------------------------------------------------------------------------- /examples/s6-rc/nsssd/producer-for: -------------------------------------------------------------------------------- 1 | nsssd-log 2 | -------------------------------------------------------------------------------- /src/tests/deps-exe/test-nsssd-switch: -------------------------------------------------------------------------------- 1 | test-switch -------------------------------------------------------------------------------- /package/configure-snippets/configure_expand_dirs: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /examples/s6-rc/nsssd-log/pipeline-name: -------------------------------------------------------------------------------- 1 | nsssd-pipeline 2 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_extra_checks: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_help_install: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /src/tests/deps-exe/test-unix: -------------------------------------------------------------------------------- 1 | ${LIBNSSS} 2 | -lskarnet 3 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_help_dependencies: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_slashpackage_other: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /package/deps-build: -------------------------------------------------------------------------------- 1 | true true /package/prog/skalibs 2.14.4.0 libskarnet 2 | -------------------------------------------------------------------------------- /package/modes: -------------------------------------------------------------------------------- 1 | nsssd-unix 0755 2 | nsssd-nslcd 0755 3 | nsssd-switch 0755 4 | -------------------------------------------------------------------------------- /src/nsssd/deps-lib/nsssd: -------------------------------------------------------------------------------- 1 | nsssd_main.o 2 | nsssd_convert.o 3 | -lskarnet 4 | -------------------------------------------------------------------------------- /src/nsssd/deps-exe/nsssd-unix: -------------------------------------------------------------------------------- 1 | ${LIBNSSSD} 2 | ${LIBNSSS} 3 | -lskarnet 4 | ${PTHREAD_LIB} 5 | -------------------------------------------------------------------------------- /package/info: -------------------------------------------------------------------------------- 1 | package=nsss 2 | version=0.2.1.1 3 | category=admin 4 | package_macro_name=NSSS 5 | -------------------------------------------------------------------------------- /src/nsssd/deps-exe/nsssd-nslcd: -------------------------------------------------------------------------------- 1 | ${LIBNSSSD} 2 | -lskarnet 3 | ${SOCKET_LIB} 4 | ${SYSCLOCK_LIB} 5 | -------------------------------------------------------------------------------- /src/tests/deps-exe/test-switch: -------------------------------------------------------------------------------- 1 | ${LIBNSSS} 2 | -lskarnet 3 | ${SOCKET_LIB} 4 | ${SYSCLOCK_LIB} 5 | -------------------------------------------------------------------------------- /src/tests/deps-exe/test-all-fallback: -------------------------------------------------------------------------------- 1 | ${LIBNSSS} 2 | -lskarnet 3 | ${SOCKET_LIB} 4 | ${SYSCLOCK_LIB} 5 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_init_vars: -------------------------------------------------------------------------------- 1 | nsssdpath=/run/service/nsssd/s 2 | libcincludes=false 3 | -------------------------------------------------------------------------------- /examples/s6-rc/nsssd-log/run: -------------------------------------------------------------------------------- 1 | #!/bin/execlineb -S1 2 | 3 | s6-setuidgid nssslog 4 | exec -c 5 | s6-log t /var/log/nsssd 6 | -------------------------------------------------------------------------------- /examples/s6/nsssd/log/run: -------------------------------------------------------------------------------- 1 | #!/bin/execlineb -P 2 | 3 | s6-setuidgid nssslog 4 | exec -c 5 | s6-log t /var/log/nsssd 6 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_generate_configh: -------------------------------------------------------------------------------- 1 | echo "#define ${package_macro_name}_NSSSD_PATH \"$nsssdpath\"" 2 | -------------------------------------------------------------------------------- /src/tests/test-unix.baseline: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | cat /etc/passwd 4 | echo 5 | id -u root 6 | echo 7 | cat /etc/group 8 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_errno.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include "nsss-all-internal.h" 4 | 5 | int nsss_all_errno = 0 ; 6 | -------------------------------------------------------------------------------- /src/tests/test-switch.baseline: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | cat /etc/passwd 4 | echo 5 | id -u root 6 | echo 7 | cat /etc/group 8 | -------------------------------------------------------------------------------- /src/nsssd/deps-exe/nsssd-switch: -------------------------------------------------------------------------------- 1 | ${LIBNSSSD} 2 | ${LIBNSSS} 3 | -lskarnet 4 | ${PTHREAD_LIB} 5 | ${SOCKET_LIB} 6 | ${SYSCLOCK_LIB} 7 | -------------------------------------------------------------------------------- /src/tests/test-all-fallback.baseline: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | cat /etc/passwd 4 | echo 5 | id -u root 6 | echo 7 | cat /etc/group 8 | -------------------------------------------------------------------------------- /src/tests/test-nsssd-switch.baseline: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | cat /etc/passwd 4 | echo 5 | id -u root 6 | echo 7 | cat /etc/group 8 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_grp_here.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include "nsss-unix-internal.h" 4 | 5 | nsss_unix_t nsss_unix_grp_here = NSSS_UNIX_ZERO ; 6 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_pwd_here.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include "nsss-unix-internal.h" 4 | 5 | nsss_unix_t nsss_unix_pwd_here = NSSS_UNIX_ZERO ; 6 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_generate_make: -------------------------------------------------------------------------------- 1 | if $libcincludes ; then 2 | echo "DO_LIBC_INCLUDES := 1" 3 | else 4 | echo "DO_LIBC_INCLUDES :=" 5 | fi 6 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_shadow_here.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include "nsss-unix-internal.h" 4 | 5 | nsss_unix_t nsss_unix_shadow_here = NSSS_UNIX_ZERO ; 6 | -------------------------------------------------------------------------------- /src/libnsss/nsss-all-internal.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_ALL_INTERNAL_H 4 | #define NSSS_ALL_INTERNAL_H 5 | 6 | extern int nsss_all_errno ; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /examples/s6/nsssd/run: -------------------------------------------------------------------------------- 1 | #!/bin/execlineb -S1 2 | 3 | fdmove -c 2 1 4 | s6-envuidgid nsss 5 | fdmove 1 3 6 | s6-ipcserver -1 -U -- s 7 | nsssd-switch 8 | 0 { nsssd-nslcd } 9 | 0 { nsssd-unix } 10 | -------------------------------------------------------------------------------- /examples/s6-rc/nsssd/run: -------------------------------------------------------------------------------- 1 | #!/bin/execlineb -S1 2 | 3 | fdmove -c 2 1 4 | s6-envuidgid nsss 5 | fdmove 1 3 6 | s6-ipcserver -1 -U -- s 7 | nsssd-switch 8 | 0 { nsssd-nslcd } 9 | 0 { nsssd-unix } 10 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_query_mutex.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include "nsss-switch-internal.h" 6 | 7 | pthread_mutex_t nsss_switch_query_mutex = PTHREAD_MUTEX_INITIALIZER ; 8 | -------------------------------------------------------------------------------- /src/include/nsss/nsss.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_H 4 | #define NSSS_H 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_query.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include "nsss-switch-internal.h" 7 | 8 | nsss_switch_t nsss_switch_query = NSSS_SWITCH_ZERO ; 9 | -------------------------------------------------------------------------------- /src/include/nsss/nsss-all.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_ALL_H 4 | #define NSSS_ALL_H 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_help_options: -------------------------------------------------------------------------------- 1 | --with-nsssd-socket=PATH assume the nsssd socket is at PATH [/run/service/nsssd/s] 2 | --enable-libc-includes overwrite {pwd,grp,shadow}.h in includedir [disabled] 3 | 4 | -------------------------------------------------------------------------------- /src/libnsss/nsss_pwd_here.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | 7 | struct passwd nsss_pwd_here ; 8 | stralloc nsss_pwd_sa_here = STRALLOC_ZERO ; 9 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_endgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-unix-internal.h" 5 | 6 | void nsss_unix_endgrent (void) 7 | { 8 | nsss_unix_grp_end(&nsss_unix_grp_here) ; 9 | } 10 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_endpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-unix-internal.h" 5 | 6 | void nsss_unix_endpwent (void) 7 | { 8 | nsss_unix_pwd_end(&nsss_unix_pwd_here) ; 9 | } 10 | -------------------------------------------------------------------------------- /src/libnsss/nsss_shadow_here.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | 7 | struct spwd nsss_shadow_here ; 8 | stralloc nsss_shadow_sa_here = STRALLOC_ZERO ; 9 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_endspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-unix-internal.h" 5 | 6 | void nsss_unix_endspent (void) 7 | { 8 | nsss_unix_shadow_end(&nsss_unix_shadow_here) ; 9 | } 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *.lo 3 | /*.pc 4 | /config.mak 5 | /src/include/nsss/config.h 6 | /libnsss.a.xyzzy 7 | /libnsss.so.xyzzy 8 | /libnsssd.a.xyzzy 9 | /libnsssd.so.xyzzy 10 | /nsssd-unix 11 | /nsssd-nslcd 12 | /nsssd-switch 13 | /test-* 14 | -------------------------------------------------------------------------------- /src/include/grp.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | /* 4 | This file is part of the nsss package. 5 | See https://skarnet.org/software/nsss/ 6 | */ 7 | 8 | #ifndef GRP_H 9 | #define GRP_H 10 | 11 | #include 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /src/include/pwd.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | /* 4 | This file is part of the nsss package. 5 | See https://skarnet.org/software/nsss/ 6 | */ 7 | 8 | #ifndef PWD_H 9 | #define PWD_H 10 | 11 | #include 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /package/configure-snippets/configure_case_lines: -------------------------------------------------------------------------------- 1 | --enable-libc-includes|--enable-libc-includes=yes) libcincludes=true ;; 2 | --disable-libc-includes|--enable-libc-includes=no) libcincludes=false ;; 3 | --with-nsssd-socket=*) nsssdpath=${arg#*=} ;; 4 | -------------------------------------------------------------------------------- /src/include/shadow.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | /* 4 | This file is part of the nsss package. 5 | See https://skarnet.org/software/nsss/ 6 | */ 7 | 8 | #ifndef SHADOW_H 9 | #define SHADOW_H 10 | 11 | #include 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_end.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | void nsss_unix_end (nsss_unix_t *a) 8 | { 9 | fd_close(buffer_fd(&a->b)) ; 10 | a->b.fd = -1 ; 11 | } 12 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_maybe_start.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | int nsss_unix_maybe_start (nsss_unix_t *a, char const *path) 7 | { 8 | return buffer_fd(&a->b) >= 0 || nsss_unix_start(a, path) ; 9 | } 10 | -------------------------------------------------------------------------------- /src/include/nsss/grp-def.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_GRP_DEF_H 4 | #define NSSS_GRP_DEF_H 5 | 6 | #include 7 | 8 | struct group 9 | { 10 | char *gr_name ; 11 | char *gr_passwd ; 12 | gid_t gr_gid ; 13 | char **gr_mem ; 14 | } ; 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_grp_end.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-switch-internal.h" 5 | 6 | int nsss_switch_grp_end (nsss_switch_t *a, tain const *deadline, tain *stamp) 7 | { 8 | return nsss_switch_op(a, NSSS_SWITCH_GRP_END, deadline, stamp) ; 9 | } 10 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_pwd_end.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-switch-internal.h" 5 | 6 | int nsss_switch_pwd_end (nsss_switch_t *a, tain const *deadline, tain *stamp) 7 | { 8 | return nsss_switch_op(a, NSSS_SWITCH_PWD_END, deadline, stamp) ; 9 | } 10 | -------------------------------------------------------------------------------- /CONTRIBUTING: -------------------------------------------------------------------------------- 1 | Please add a Signed-Off-By: line at the end of your commit, 2 | which certifies that you have the right and authority to pass 3 | it on as an open-source patch, as explicited in the Developer's 4 | Certificate of Origin available in this project's DCO file, 5 | or at https://developercertificate.org/ 6 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_enumerator.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include "nsss-switch-internal.h" 7 | 8 | nsss_switch_t nsss_switch_enumerator = NSSS_SWITCH_ZERO ; 9 | pthread_mutex_t nsss_switch_enumerator_mutex = PTHREAD_MUTEX_INITIALIZER ; 10 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_grp_rewind.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-switch-internal.h" 5 | 6 | int nsss_switch_grp_rewind (nsss_switch_t *a, tain const *deadline, tain *stamp) 7 | { 8 | return nsss_switch_op(a, NSSS_SWITCH_GRP_REWIND, deadline, stamp) ; 9 | } 10 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_pwd_rewind.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-switch-internal.h" 5 | 6 | int nsss_switch_pwd_rewind (nsss_switch_t *a, tain const *deadline, tain *stamp) 7 | { 8 | return nsss_switch_op(a, NSSS_SWITCH_PWD_REWIND, deadline, stamp) ; 9 | } 10 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_shadow_end.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-switch-internal.h" 5 | 6 | int nsss_switch_shadow_end (nsss_switch_t *a, tain const *deadline, tain *stamp) 7 | { 8 | return nsss_switch_op(a, NSSS_SWITCH_SHADOW_END, deadline, stamp) ; 9 | } 10 | -------------------------------------------------------------------------------- /examples/openrc/nsssd: -------------------------------------------------------------------------------- 1 | #!/sbin/openrc-run 2 | 3 | name="nsssd" 4 | command="s6-envuidgid" 5 | command_args="nsss s6-ipcserver -U -- /run/service/nsssd/s nsssd-switch 0 nsssd-nslcd '' 0 nsssd-unix ''" 6 | command_background=yes 7 | pidfile="/run/service/nsssd/nsssd.pid" 8 | start_stop_daemon_args="-d /run/service/nsssd" 9 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_field.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-unix-internal.h" 5 | 6 | int nsss_unix_field (char **field, char **s) 7 | { 8 | char *p = strchr(*s, ':') ; 9 | if (!p) return 0 ; 10 | *p++ = 0 ; 11 | *field = *s ; 12 | *s = p ; 13 | return 1 ; 14 | } 15 | -------------------------------------------------------------------------------- /src/libnsss/nsss_grp_here.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | 8 | struct group nsss_grp_here ; 9 | stralloc nsss_grp_sa_here = STRALLOC_ZERO ; 10 | genalloc nsss_grp_ga_here = GENALLOC_ZERO ; 11 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_shadow_rewind.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-switch-internal.h" 5 | 6 | int nsss_switch_shadow_rewind (nsss_switch_t *a, tain const *deadline, tain *stamp) 7 | { 8 | return nsss_switch_op(a, NSSS_SWITCH_SHADOW_REWIND, deadline, stamp) ; 9 | } 10 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Main author: 2 | Laurent Bercot 3 | 4 | Contributors: 5 | John Regan 6 | Colin Booth 7 | Firas Khalil Khana 8 | 9 | Thanks to: 10 | A. Wilcox 11 | Elizabeth Meyers 12 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_setgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-unix-internal.h" 6 | 7 | void nsss_unix_setgrent (void) 8 | { 9 | if (!nsss_unix_grp_maybe_start(&nsss_unix_grp_here)) return ; 10 | nsss_unix_grp_rewind(&nsss_unix_grp_here) ; 11 | } 12 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_setpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-unix-internal.h" 6 | 7 | void nsss_unix_setpwent (void) 8 | { 9 | if (!nsss_unix_pwd_maybe_start(&nsss_unix_pwd_here)) return ; 10 | nsss_unix_pwd_rewind(&nsss_unix_pwd_here) ; 11 | } 12 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_setspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-unix-internal.h" 6 | 7 | void nsss_unix_setspent (void) 8 | { 9 | if (!nsss_unix_shadow_maybe_start(&nsss_unix_shadow_here)) return ; 10 | nsss_unix_shadow_rewind(&nsss_unix_shadow_here) ; 11 | } 12 | -------------------------------------------------------------------------------- /src/include/nsss/pwd-def.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_PWD_DEF_H 4 | #define NSSS_PWD_DEF_H 5 | 6 | #include 7 | 8 | struct passwd 9 | { 10 | char *pw_name ; 11 | char *pw_passwd ; 12 | uid_t pw_uid ; 13 | gid_t pw_gid ; 14 | char *pw_gecos ; 15 | char *pw_dir ; 16 | char *pw_shell ; 17 | } ; 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /src/libnsss/nsss-unix-internal.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_UNIX_INTERNAL_H 4 | #define NSSS_UNIX_INTERNAL_H 5 | 6 | #include 7 | 8 | extern int nsss_unix_field (char **, char **) ; 9 | extern nsss_unix_t nsss_unix_pwd_here ; 10 | extern nsss_unix_t nsss_unix_grp_here ; 11 | extern nsss_unix_t nsss_unix_shadow_here ; 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_rewind.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | int nsss_unix_rewind (nsss_unix_t *a) 8 | { 9 | int fd = buffer_fd(&a->b) ; 10 | if (lseek(fd, 0, SEEK_SET) < 0) return 0 ; 11 | buffer_init(&a->b, &buffer_read, fd, a->buf, NSSS_UNIX_BUFSIZE) ; 12 | return 1 ; 13 | } 14 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_start.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | int nsss_unix_start (nsss_unix_t *a, char const *path) 8 | { 9 | int fd = open_readb(path) ; 10 | if (fd < 0) return 0 ; 11 | buffer_init(&a->b, &buffer_read, fd, a->buf, NSSS_UNIX_BUFSIZE) ; 12 | return 1 ; 13 | } 14 | -------------------------------------------------------------------------------- /src/tests/test-switch.wrapper: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | S=./.test-switch-socket 4 | F=./.test-switch-fifo 5 | 6 | pid=0 7 | 8 | cleanup () { 9 | kill $pid 10 | rm -f ${S} ${S}.lock 11 | } 12 | 13 | mkfifo $F 14 | head -n 1 < $F >/dev/null & 15 | pid=$! 16 | s6-ipcserver -1 -- ${S} ./nsssd-unix > $F & 17 | wait $pid 18 | pid=$! 19 | rm -f $F 20 | trap cleanup TERM INT EXIT 21 | ./test-switch 22 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_endgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-all-internal.h" 7 | 8 | void nsss_all_endgrent (void) 9 | { 10 | if (nsss_all_errno) goto fallback ; 11 | nsss_switch_endgrent() ; 12 | return ; 13 | 14 | fallback: 15 | nsss_unix_endgrent() ; 16 | nsss_all_errno = 0 ; 17 | } 18 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_endpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-all-internal.h" 7 | 8 | void nsss_all_endpwent (void) 9 | { 10 | if (nsss_all_errno) goto fallback ; 11 | nsss_switch_endpwent() ; 12 | return ; 13 | 14 | fallback: 15 | nsss_unix_endpwent() ; 16 | nsss_all_errno = 0 ; 17 | } 18 | -------------------------------------------------------------------------------- /src/include/nsss/shadow-def.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_SHADOW_DEF_H 4 | #define NSSS_SHADOW_DEF_H 5 | 6 | #include 7 | 8 | struct spwd 9 | { 10 | char *sp_namp ; 11 | char *sp_pwdp ; 12 | long sp_lstchg ; 13 | long sp_min ; 14 | long sp_max ; 15 | long sp_warn ; 16 | long sp_inact ; 17 | long sp_expire ; 18 | unsigned long sp_flag ; 19 | } ; 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_endspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-all-internal.h" 7 | 8 | void nsss_all_endspent (void) 9 | { 10 | if (nsss_all_errno) goto fallback ; 11 | nsss_switch_endspent() ; 12 | return ; 13 | 14 | fallback: 15 | nsss_unix_endspent() ; 16 | nsss_all_errno = 0 ; 17 | } 18 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_setgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-switch-internal.h" 7 | 8 | void nsss_switch_setgrent (void) 9 | { 10 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) return ; 11 | nsss_switch_grp_rewind(&nsss_switch_enumerator, 0, 0) ; 12 | } 13 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_setpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-switch-internal.h" 7 | 8 | void nsss_switch_setpwent (void) 9 | { 10 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) return ; 11 | nsss_switch_pwd_rewind(&nsss_switch_enumerator, 0, 0) ; 12 | } 13 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_setspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-switch-internal.h" 7 | 8 | void nsss_switch_setspent (void) 9 | { 10 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_SHADOW, NSSS_NSSSD_PATH, 0, 0)) return ; 11 | nsss_switch_shadow_rewind(&nsss_switch_enumerator, 0, 0) ; 12 | } 13 | -------------------------------------------------------------------------------- /src/tests/test-nsssd-switch.wrapper: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | S=./.test-nsssd-switch-socket 4 | F=./.test-nsssd-switch-fifo 5 | 6 | pid=0 7 | 8 | cleanup () { 9 | kill $pid 10 | rm -f ${S} ${S}.lock 11 | } 12 | 13 | mkfifo $F 14 | head -n 1 < $F >/dev/null & 15 | pid=$! 16 | s6-ipcserver -1 -- $S ./nsssd-switch 0 ' ./nsssd-unix' '' > $F & 17 | wait $pid 18 | pid=$! 19 | rm -f $F 20 | trap cleanup TERM INT EXIT 21 | ./test-nsssd-switch 22 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_endgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include "nsss-switch-internal.h" 7 | 8 | void nsss_switch_endgrent (void) 9 | { 10 | pthread_mutex_lock(&nsss_switch_enumerator_mutex) ; 11 | nsss_switch_grp_end(&nsss_switch_enumerator, 0, 0) ; 12 | nsss_switch_end(&nsss_switch_enumerator, NSSS_SWITCH_GRP) ; 13 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 14 | } 15 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_endpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include "nsss-switch-internal.h" 7 | 8 | void nsss_switch_endpwent (void) 9 | { 10 | pthread_mutex_lock(&nsss_switch_enumerator_mutex) ; 11 | nsss_switch_pwd_end(&nsss_switch_enumerator, 0, 0) ; 12 | nsss_switch_end(&nsss_switch_enumerator, NSSS_SWITCH_PWD) ; 13 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 14 | } 15 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_endspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include "nsss-switch-internal.h" 7 | 8 | void nsss_switch_endspent (void) 9 | { 10 | pthread_mutex_lock(&nsss_switch_enumerator_mutex) ; 11 | nsss_switch_shadow_end(&nsss_switch_enumerator, 0, 0) ; 12 | nsss_switch_end(&nsss_switch_enumerator, NSSS_SWITCH_SHADOW) ; 13 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 14 | } 15 | -------------------------------------------------------------------------------- /README.solaris: -------------------------------------------------------------------------------- 1 | This package assumes the existence of a POSIX shell in /bin/sh. 2 | On Solaris, /bin/sh is not POSIX. Most versions of Solaris provide 3 | a POSIX shell in /usr/xpg4/bin/sh. 4 | 5 | To compile this package on Solaris, you will need to run 6 | 7 | ./patch-for-solaris 8 | 9 | before you run ./configure. This script will change the #! invocation 10 | of the configure script and various tools so that a POSIX shell is used 11 | for the compilation process. 12 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_end.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | static inline void nsss_switch_disconnect (nsss_switch_t *a) 8 | { 9 | fd_close(buffer_fd(&a->b)) ; 10 | a->b.fd = -1 ; 11 | a->path = 0 ; 12 | } 13 | 14 | void nsss_switch_end (nsss_switch_t *a, unsigned int what) 15 | { 16 | a->held &= ~(what & 0x7u) ; 17 | if (!a->held) nsss_switch_disconnect(a) ; 18 | } 19 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | #include "nsss-unix-internal.h" 7 | 8 | struct passwd *nsss_unix_getpwent (void) 9 | { 10 | if (!nsss_unix_pwd_maybe_start(&nsss_unix_pwd_here)) return 0 ; 11 | nsss_pwd_sa_here.len = 0 ; 12 | if (!nsss_unix_pwd_get(&nsss_unix_pwd_here, &nsss_pwd_here, &nsss_pwd_sa_here)) return 0 ; 13 | return &nsss_pwd_here ; 14 | } 15 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | #include "nsss-unix-internal.h" 7 | 8 | struct spwd *nsss_unix_getspent (void) 9 | { 10 | if (!nsss_unix_shadow_maybe_start(&nsss_unix_shadow_here)) return 0 ; 11 | nsss_shadow_sa_here.len = 0 ; 12 | if (!nsss_unix_shadow_get(&nsss_unix_shadow_here, &nsss_shadow_here, &nsss_shadow_sa_here)) return 0 ; 13 | return &nsss_shadow_here ; 14 | } 15 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_pwd_getbyuid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | int nsss_unix_pwd_getbyuid (nsss_unix_t *a, struct passwd *pw, stralloc *sa, uid_t uid) 8 | { 9 | struct passwd pw2 ; 10 | for (;;) 11 | { 12 | size_t base = sa->len ; 13 | if (!nsss_unix_pwd_get(a, &pw2, sa)) return 0 ; 14 | if (uid == pw2.pw_uid) break ; 15 | sa->len = base ; 16 | } 17 | *pw = pw2 ; 18 | return 1 ; 19 | } 20 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_op.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | 7 | #include 8 | #include "nsss-switch-internal.h" 9 | 10 | int nsss_switch_op (nsss_switch_t *a, char op, tain const *deadline, tain *stamp) 11 | { 12 | unsigned char c ; 13 | if (!nsss_switch_send(a, &op, 1, deadline, stamp)) return 0 ; 14 | if (!buffer_timed_get(&a->b, (char *)&c, 1, deadline, stamp)) return 0 ; 15 | if (c) return (errno = c, 0) ; 16 | return 1 ; 17 | } 18 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_pwd_getbyname.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | int nsss_unix_pwd_getbyname (nsss_unix_t *a, struct passwd *pw, stralloc *sa, char const *name) 8 | { 9 | struct passwd pw2 ; 10 | for (;;) 11 | { 12 | size_t base = sa->len ; 13 | if (!nsss_unix_pwd_get(a, &pw2, sa)) return 0 ; 14 | if (!strcmp(name, pw2.pw_name)) break ; 15 | sa->len = base ; 16 | } 17 | *pw = pw2 ; 18 | return 1 ; 19 | } 20 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_shadow_getbyname.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | int nsss_unix_shadow_getbyname (nsss_unix_t *a, struct spwd *sp, stralloc *sa, char const *name) 8 | { 9 | struct spwd sp2 ; 10 | for (;;) 11 | { 12 | size_t base = sa->len ; 13 | if (!nsss_unix_shadow_get(a, &sp2, sa)) return 0 ; 14 | if (!strcmp(name, sp2.sp_namp)) break ; 15 | sa->len = base ; 16 | } 17 | *sp = sp2 ; 18 | return 1 ; 19 | } 20 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_query_start.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include "nsss-switch-internal.h" 5 | 6 | int nsss_switch_query_start (char const *path, unsigned int what, unsigned int timeout, tain const *deadline, tain *stamp) 7 | { 8 | unsigned int held = nsss_switch_query.held ; 9 | if (!nsss_switch_start(&nsss_switch_query, what, path, deadline, stamp)) return 0 ; 10 | if (!held && !nsss_switch_set_timeout(&nsss_switch_query, timeout, deadline, stamp)) return 0 ; 11 | return 1 ; 12 | } 13 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getpwuid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | #include "nsss-switch-internal.h" 8 | 9 | struct passwd *nsss_switch_getpwuid (uid_t uid) 10 | { 11 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_PWD, 30000, 0, 0)) return 0 ; 12 | nsss_pwd_sa_here.len = 0 ; 13 | return nsss_switch_pwd_getbyuid(&nsss_switch_query, &nsss_pwd_here, &nsss_pwd_sa_here, uid, 0, 0) ? &nsss_pwd_here : 0 ; 14 | } 15 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getpwuid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | 7 | struct passwd *nsss_unix_getpwuid (uid_t uid) 8 | { 9 | nsss_unix_t a = NSSS_UNIX_ZERO ; 10 | if (!nsss_unix_pwd_start(&a)) return 0 ; 11 | nsss_pwd_sa_here.len = 0 ; 12 | if (!nsss_unix_pwd_getbyuid(&a, &nsss_pwd_here, &nsss_pwd_sa_here, uid)) 13 | { 14 | nsss_unix_pwd_end(&a) ; 15 | return 0 ; 16 | } 17 | nsss_unix_pwd_end(&a) ; 18 | return &nsss_pwd_here ; 19 | } 20 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getpwnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | #include "nsss-switch-internal.h" 8 | 9 | struct passwd *nsss_switch_getpwnam (char const *name) 10 | { 11 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_PWD, 30000, 0, 0)) return 0 ; 12 | nsss_pwd_sa_here.len = 0 ; 13 | return nsss_switch_pwd_getbyname(&nsss_switch_query, &nsss_pwd_here, &nsss_pwd_sa_here, name, 0, 0) ? &nsss_pwd_here : 0 ; 14 | } 15 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getpwnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | 7 | struct passwd *nsss_unix_getpwnam (char const *name) 8 | { 9 | nsss_unix_t a = NSSS_UNIX_ZERO ; 10 | if (!nsss_unix_pwd_start(&a)) return 0 ; 11 | nsss_pwd_sa_here.len = 0 ; 12 | if (!nsss_unix_pwd_getbyname(&a, &nsss_pwd_here, &nsss_pwd_sa_here, name)) 13 | { 14 | nsss_unix_pwd_end(&a) ; 15 | return 0 ; 16 | } 17 | nsss_unix_pwd_end(&a) ; 18 | return &nsss_pwd_here ; 19 | } 20 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | #include "nsss-switch-internal.h" 8 | 9 | struct passwd *nsss_switch_getpwent (void) 10 | { 11 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) return 0 ; 12 | nsss_pwd_sa_here.len = 0 ; 13 | if (!nsss_switch_pwd_get(&nsss_switch_enumerator, &nsss_pwd_here, &nsss_pwd_sa_here, 0, 0)) return 0 ; 14 | return &nsss_pwd_here ; 15 | } 16 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getspnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | #include "nsss-switch-internal.h" 8 | 9 | struct spwd *nsss_switch_getspnam (char const *name) 10 | { 11 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_SHADOW, 30000, 0, 0)) return 0 ; 12 | nsss_shadow_sa_here.len = 0 ; 13 | return nsss_switch_shadow_getbyname(&nsss_switch_query, &nsss_shadow_here, &nsss_shadow_sa_here, name, 0, 0) ? &nsss_shadow_here : 0 ; 14 | } 15 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getspnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | 7 | struct spwd *nsss_unix_getspnam (char const *name) 8 | { 9 | nsss_unix_t a = NSSS_UNIX_ZERO ; 10 | if (!nsss_unix_shadow_start(&a)) return 0 ; 11 | nsss_shadow_sa_here.len = 0 ; 12 | if (!nsss_unix_shadow_getbyname(&a, &nsss_shadow_here, &nsss_shadow_sa_here, name)) 13 | { 14 | nsss_unix_shadow_end(&a) ; 15 | return 0 ; 16 | } 17 | nsss_unix_shadow_end(&a) ; 18 | return &nsss_shadow_here ; 19 | } 20 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | #include "nsss-switch-internal.h" 8 | 9 | struct spwd *nsss_switch_getspent (void) 10 | { 11 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_SHADOW, NSSS_NSSSD_PATH, 0, 0)) return 0 ; 12 | nsss_shadow_sa_here.len = 0 ; 13 | if (!nsss_switch_shadow_get(&nsss_switch_enumerator, &nsss_shadow_here, &nsss_shadow_sa_here, 0, 0)) return 0 ; 14 | return &nsss_shadow_here ; 15 | } 16 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | #include "nsss-unix-internal.h" 8 | 9 | struct group *nsss_unix_getgrent (void) 10 | { 11 | if (!nsss_unix_grp_maybe_start(&nsss_unix_grp_here)) return 0 ; 12 | nsss_grp_sa_here.len = 0 ; 13 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 14 | if (!nsss_unix_grp_get(&nsss_unix_grp_here, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here)) return 0 ; 15 | return &nsss_grp_here ; 16 | } 17 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getgrouplist.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | 10 | int nsss_unix_getgrouplist (char const *user, gid_t gid, gid_t *gids, int *ngids) 11 | { 12 | int e = errno ; 13 | size_t r = 0 ; 14 | size_t n ; 15 | if (*ngids < 0) return (errno = EINVAL, -1) ; 16 | n = *ngids ; 17 | if (!nsss_unix_getgrouplist_preadjust(user, gids, n, &r)) return -1 ; 18 | return nsss_grouplist_adjust(n, r, gid, gids, ngids, e) ; 19 | } 20 | -------------------------------------------------------------------------------- /patch-for-solaris: -------------------------------------------------------------------------------- 1 | #!/usr/xpg4/bin/sh -e 2 | 3 | patchit () { 4 | echo '#!/usr/xpg4/bin/sh' > $1.tmp 5 | tail -n +2 $1 >> $1.tmp 6 | mv -f $1.tmp $1 7 | chmod 755 $1 8 | } 9 | 10 | # Solaris doesn't understand POSIX.1-2008 either. 11 | sed -e 's/XOPEN_SOURCE=700/XOPEN_SOURCE=600/' < configure > configure.tmp 12 | mv -f configure.tmp configure 13 | 14 | patchit ./configure 15 | patchit ./tools/install.sh 16 | patchit ./tools/gen-deps.sh 17 | 18 | echo 'SHELL := /usr/xpg4/bin/sh' > Makefile.tmp 19 | echo >> Makefile.tmp 20 | cat Makefile >> Makefile.tmp 21 | mv -f Makefile.tmp Makefile 22 | -------------------------------------------------------------------------------- /package/targets.mak: -------------------------------------------------------------------------------- 1 | BIN_TARGETS := \ 2 | nsssd-unix \ 3 | nsssd-nslcd \ 4 | nsssd-switch 5 | 6 | LIBEXEC_TARGETS := 7 | 8 | TEST_BINS := \ 9 | test-switch \ 10 | test-unix \ 11 | test-nsssd-switch \ 12 | test-all-fallback 13 | 14 | LIB_DEFS := NSSS=nsss NSSSD=nsssd 15 | NSSS_DESCRIPTION := The nsss library (user-facing part of nsss, applications link against it) 16 | NSSSD_DESCRIPTION := The nsssd library (non-user-facing part of nsss, only nsss modules link against it) 17 | 18 | ifneq ($(DO_LIBC_INCLUDES),) 19 | EXTRA_INCLUDES := src/include/pwd.h src/include/grp.h src/include/shadow.h 20 | endif 21 | -------------------------------------------------------------------------------- /src/include/nsss/shadow-all.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_SHADOW_ALL_H 4 | #define NSSS_SHADOW_ALL_H 5 | 6 | #include 7 | 8 | /* switch then fallback on unix */ 9 | 10 | extern void nsss_all_setspent (void) ; 11 | extern struct spwd *nsss_all_getspent (void) ; 12 | extern int nsss_all_getspent_r (struct spwd *, char *, size_t, struct spwd **) ; 13 | extern void nsss_all_endspent (void) ; 14 | 15 | extern struct spwd *nsss_all_getspnam (char const *) ; 16 | extern int nsss_all_getspnam_r (char const *, struct spwd *, char *, size_t, struct spwd **) ; 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /src/include/nsss/shadow-unix.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_SHADOW_UNIX_H 4 | #define NSSS_SHADOW_UNIX_H 5 | 6 | #include 7 | 8 | /* /etc/shadow functions */ 9 | 10 | extern void nsss_unix_setspent (void) ; 11 | extern struct spwd *nsss_unix_getspent (void) ; 12 | extern int nsss_unix_getspent_r (struct spwd *, char *, size_t, struct spwd **) ; 13 | extern void nsss_unix_endspent (void) ; 14 | 15 | extern struct spwd *nsss_unix_getspnam (char const *) ; 16 | extern int nsss_unix_getspnam_r (char const *, struct spwd *, char *, size_t, struct spwd **) ; 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_setgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-switch-internal.h" 9 | #include "nsss-all-internal.h" 10 | 11 | void nsss_all_setgrent (void) 12 | { 13 | int e = errno ; 14 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 15 | nsss_switch_grp_rewind(&nsss_switch_enumerator, 0, 0) ; 16 | return ; 17 | 18 | fallback: 19 | nsss_all_errno = errno ; 20 | errno = e ; 21 | nsss_unix_setgrent() ; 22 | } 23 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_setpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-switch-internal.h" 9 | #include "nsss-all-internal.h" 10 | 11 | void nsss_all_setpwent (void) 12 | { 13 | int e = errno ; 14 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 15 | nsss_switch_pwd_rewind(&nsss_switch_enumerator, 0, 0) ; 16 | return ; 17 | 18 | fallback: 19 | nsss_all_errno = errno ; 20 | errno = e ; 21 | nsss_unix_setpwent() ; 22 | } 23 | -------------------------------------------------------------------------------- /src/include/nsss/shadow-switch.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_SHADOW_SWITCH_H 4 | #define NSSS_SHADOW_SWITCH_H 5 | 6 | #include 7 | 8 | /* Shadow functions contacting the nsssd daemon */ 9 | 10 | extern void nsss_switch_setspent (void) ; 11 | extern struct spwd *nsss_switch_getspent (void) ; 12 | extern int nsss_switch_getspent_r (struct spwd *, char *, size_t, struct spwd **) ; 13 | extern void nsss_switch_endspent (void) ; 14 | 15 | extern struct spwd *nsss_switch_getspnam (char const *) ; 16 | extern int nsss_switch_getspnam_r (char const *, struct spwd *, char *, size_t, struct spwd **) ; 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_setspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-switch-internal.h" 9 | #include "nsss-all-internal.h" 10 | 11 | void nsss_all_setspent (void) 12 | { 13 | int e = errno ; 14 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_SHADOW, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 15 | nsss_switch_shadow_rewind(&nsss_switch_enumerator, 0, 0) ; 16 | return ; 17 | 18 | fallback: 19 | nsss_all_errno = errno ; 20 | errno = e ; 21 | nsss_unix_setspent() ; 22 | } 23 | -------------------------------------------------------------------------------- /tools/run-test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | prog="$1" 4 | 5 | if test -x "./src/tests/${prog}.wrapper" ; then 6 | cmd="./src/tests/${prog}.wrapper $prog" 7 | else 8 | cmd="./$prog" 9 | fi 10 | 11 | if test -r "./src/tests/${prog}.expected" ; then 12 | cp -f "./src/tests/${prog}.expected" "./${prog}.expected" 13 | elif test -x "./src/tests/${prog}.baseline" ; then 14 | "./src/tests/${prog}.baseline" > "./${prog}.expected" 15 | else 16 | echo "run-test.sh: fatal: missing baseline for $prog" 1>&2 ; exit 100 17 | fi 18 | 19 | $cmd | diff "./${prog}.expected" - 20 | 21 | rm -f "./${prog}.expected" 22 | echo "run-test.sh: info: $prog: pass" 1>&2 23 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getgrgid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | 8 | struct group *nsss_unix_getgrgid (gid_t gid) 9 | { 10 | nsss_unix_t a = NSSS_UNIX_ZERO ; 11 | if (!nsss_unix_grp_start(&a)) return 0 ; 12 | nsss_grp_sa_here.len = 0 ; 13 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 14 | if (!nsss_unix_grp_getbygid(&a, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here, gid)) 15 | { 16 | nsss_unix_grp_end(&a) ; 17 | return 0 ; 18 | } 19 | nsss_unix_grp_end(&a) ; 20 | return &nsss_grp_here ; 21 | } 22 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getgrgid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | #include "nsss-switch-internal.h" 10 | 11 | struct group *nsss_switch_getgrgid (gid_t gid) 12 | { 13 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_GRP, 30000, 0, 0)) return 0 ; 14 | nsss_grp_sa_here.len = 0 ; 15 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 16 | return nsss_switch_grp_getbygid(&nsss_switch_query, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here, gid, 0, 0) ? &nsss_grp_here : 0 ; 17 | } 18 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getgrnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | 8 | struct group *nsss_unix_getgrnam (char const *name) 9 | { 10 | nsss_unix_t a = NSSS_UNIX_ZERO ; 11 | if (!nsss_unix_grp_start(&a)) return 0 ; 12 | nsss_grp_sa_here.len = 0 ; 13 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 14 | if (!nsss_unix_grp_getbyname(&a, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here, name)) 15 | { 16 | nsss_unix_grp_end(&a) ; 17 | return 0 ; 18 | } 19 | nsss_unix_grp_end(&a) ; 20 | return &nsss_grp_here ; 21 | } 22 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_grp_getbygid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | int nsss_unix_grp_getbygid (nsss_unix_t *a, struct group *gr, stralloc *sa, genalloc *ga, gid_t gid) 9 | { 10 | struct group gr2 ; 11 | for (;;) 12 | { 13 | size_t sabase = sa->len ; 14 | size_t gabase = genalloc_len(char *, ga) ; 15 | if (!nsss_unix_grp_get(a, &gr2, sa, ga)) return 0 ; 16 | if (gid == gr2.gr_gid) break ; 17 | sa->len = sabase ; 18 | genalloc_setlen(char *, ga, gabase) ; 19 | } 20 | *gr = gr2 ; 21 | return 1 ; 22 | } 23 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getgrnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | #include "nsss-switch-internal.h" 10 | 11 | struct group *nsss_switch_getgrnam (char const *name) 12 | { 13 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_GRP, 30000, 0, 0)) return 0 ; 14 | nsss_grp_sa_here.len = 0 ; 15 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 16 | return nsss_switch_grp_getbyname(&nsss_switch_query, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here, name, 0, 0) ? &nsss_grp_here : 0 ; 17 | } 18 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "nsss-internal.h" 8 | #include "nsss-switch-internal.h" 9 | 10 | struct group *nsss_switch_getgrent (void) 11 | { 12 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) return 0 ; 13 | nsss_grp_sa_here.len = 0 ; 14 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 15 | if (!nsss_switch_grp_get(&nsss_switch_enumerator, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here, 0, 0)) return 0 ; 16 | return &nsss_grp_here ; 17 | } 18 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_pwd_get.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | 7 | #include 8 | #include "nsss-switch-internal.h" 9 | 10 | int nsss_switch_pwd_get (nsss_switch_t *a, struct passwd *pw, stralloc *sa, tain const *deadline, tain *stamp) 11 | { 12 | unsigned char c = NSSS_SWITCH_PWD_GET ; 13 | if (!nsss_switch_send(a, (char *)&c, 1, deadline, stamp)) return 0 ; 14 | if (!buffer_timed_get(&a->b, (char *)&c, 1, deadline, stamp)) return 0 ; 15 | if (c == 255) return 0 ; 16 | if (c) return (errno = c, 0) ; 17 | return nsss_switch_pwd_read(&a->b, pw, sa, deadline, stamp) ; 18 | } 19 | -------------------------------------------------------------------------------- /src/libnsss/nsss_pwd_copy.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | 7 | int nsss_pwd_copy (struct passwd *pw, char *buf, size_t buflen, struct passwd const *pw2, char const *s, size_t len) 8 | { 9 | if (len > buflen) return (errno = ERANGE, 0) ; 10 | memcpy(buf, s, len) ; 11 | pw->pw_name = buf + (pw2->pw_name - s) ; 12 | pw->pw_passwd = buf + (pw2->pw_passwd - s) ; 13 | pw->pw_uid = pw2->pw_uid ; 14 | pw->pw_gid = pw2->pw_gid ; 15 | pw->pw_gecos = buf + (pw2->pw_gecos - s) ; 16 | pw->pw_dir = buf + (pw2->pw_dir - s) ; 17 | pw->pw_shell = buf + (pw2->pw_shell - s) ; 18 | return 1 ; 19 | } 20 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getgrouplist_preadjust.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | int nsss_unix_getgrouplist_preadjust (char const *user, gid_t *gids, size_t n, size_t *r) 10 | { 11 | stralloc sa = STRALLOC_ZERO ; 12 | genalloc ga = GENALLOC_ZERO ; /* char * */ 13 | nsss_unix_t a = NSSS_UNIX_ZERO ; 14 | if (!nsss_unix_grp_start(&a)) return 0 ; 15 | if (!nsss_unix_grp_getlist(&a, user, gids, n, r, &sa, &ga)) 16 | { 17 | nsss_unix_grp_end(&a) ; 18 | return 0 ; 19 | } 20 | nsss_unix_grp_end(&a) ; 21 | return 1 ; 22 | } 23 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_grp_getbyname.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | int nsss_unix_grp_getbyname (nsss_unix_t *a, struct group *gr, stralloc *sa, genalloc *ga, char const *name) 9 | { 10 | struct group gr2 ; 11 | for (;;) 12 | { 13 | size_t sabase = sa->len ; 14 | size_t gabase = genalloc_len(char *, ga) ; 15 | if (!nsss_unix_grp_get(a, &gr2, sa, ga)) return 0 ; 16 | if (!strcmp(name, gr2.gr_name)) break ; 17 | sa->len = sabase ; 18 | genalloc_setlen(char *, ga, gabase) ; 19 | } 20 | *gr = gr2 ; 21 | return 1 ; 22 | } 23 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_shadow_get.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | 7 | #include 8 | #include "nsss-switch-internal.h" 9 | 10 | int nsss_switch_shadow_get (nsss_switch_t *a, struct spwd *sp, stralloc *sa, tain const *deadline, tain *stamp) 11 | { 12 | unsigned char c = NSSS_SWITCH_SHADOW_GET ; 13 | if (!nsss_switch_send(a, (char *)&c, 1, deadline, stamp)) return 0 ; 14 | if (!buffer_timed_get(&a->b, (char *)&c, 1, deadline, stamp)) return 0 ; 15 | if (c == 255) return 0 ; 16 | if (c) return (errno = c, 0) ; 17 | return nsss_switch_shadow_read(&a->b, sp, sa, deadline, stamp) ; 18 | } 19 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_grp_get.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | 7 | #include 8 | #include "nsss-switch-internal.h" 9 | 10 | int nsss_switch_grp_get (nsss_switch_t *a, struct group *gr, stralloc *sa, genalloc *ga, tain const *deadline, tain *stamp) 11 | { 12 | unsigned char c = NSSS_SWITCH_GRP_GET ; 13 | if (!nsss_switch_send(a, (char *)&c, 1, deadline, stamp)) return 0 ; 14 | if (!buffer_timed_get(&a->b, (char *)&c, 1, deadline, stamp)) return 0 ; 15 | if (c == 255) return 0 ; 16 | if (c) return (errno = c, 0) ; 17 | return nsss_switch_grp_read(&a->b, gr, sa, ga, deadline, stamp) ; 18 | } 19 | -------------------------------------------------------------------------------- /src/libnsss/nsss_shadow_copy.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include "nsss-internal.h" 6 | 7 | int nsss_shadow_copy (struct spwd *sp, char *buf, size_t buflen, struct spwd const *sp2, char const *s, size_t len) 8 | { 9 | if (len > buflen) return (errno = ERANGE, 0) ; 10 | memcpy(buf, s, len) ; 11 | sp->sp_namp = buf + (sp2->sp_namp - s) ; 12 | sp->sp_pwdp = buf + (sp2->sp_pwdp - s) ; 13 | sp->sp_lstchg = sp2->sp_lstchg ; 14 | sp->sp_min = sp2->sp_min ; 15 | sp->sp_max = sp2->sp_max ; 16 | sp->sp_warn = sp2->sp_warn ; 17 | sp->sp_inact = sp2->sp_inact ; 18 | sp->sp_expire = sp2->sp_expire ; 19 | sp->sp_flag = sp2->sp_flag ; 20 | return 1 ; 21 | } 22 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_set_timeout.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | #include "nsss-switch-internal.h" 11 | 12 | int nsss_switch_set_timeout (nsss_switch_t *a, unsigned int t, tain const *deadline, tain *stamp) 13 | { 14 | char buf[5] = { NSSS_SWITCH_SET_TIMEOUT } ; 15 | uint32_pack_big(buf + 1, (uint32_t)t) ; 16 | if (!nsss_switch_send(a, buf, 5, deadline, stamp)) return 0 ; 17 | if (!buffer_timed_get(&a->b, &buf[0], 1, deadline, stamp)) return 0 ; 18 | if ((unsigned char)buf[0] == 255) return 0 ; 19 | if (buf[0]) return (errno = (unsigned char)buf[0], 0) ; 20 | return 1 ; 21 | } 22 | -------------------------------------------------------------------------------- /src/include/nsss/pwd-all.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_PWD_ALL_H 4 | #define NSSS_PWD_ALL_H 5 | 6 | #include 7 | 8 | /* switch then fallback on unix */ 9 | 10 | extern void nsss_all_setpwent (void) ; 11 | extern struct passwd *nsss_all_getpwent (void) ; 12 | extern int nsss_all_getpwent_r (struct passwd *, char *, size_t, struct passwd **) ; 13 | extern void nsss_all_endpwent (void) ; 14 | 15 | extern struct passwd *nsss_all_getpwuid (uid_t) ; 16 | extern int nsss_all_getpwuid_r (uid_t, struct passwd *, char *, size_t, struct passwd **) ; 17 | extern struct passwd *nsss_all_getpwnam (char const *) ; 18 | extern int nsss_all_getpwnam_r (char const *, struct passwd *, char *, size_t, struct passwd **) ; 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /src/include/nsss/pwd-unix.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_PWD_UNIX_H 4 | #define NSSS_PWD_UNIX_H 5 | 6 | #include 7 | 8 | /* /etc/passwd backend */ 9 | 10 | extern void nsss_unix_setpwent (void) ; 11 | extern struct passwd *nsss_unix_getpwent (void) ; 12 | extern int nsss_unix_getpwent_r (struct passwd *, char *, size_t, struct passwd **) ; 13 | extern void nsss_unix_endpwent (void) ; 14 | 15 | extern struct passwd *nsss_unix_getpwuid (uid_t) ; 16 | extern int nsss_unix_getpwuid_r (uid_t, struct passwd *, char *, size_t, struct passwd **) ; 17 | extern struct passwd *nsss_unix_getpwnam (char const *) ; 18 | extern int nsss_unix_getpwnam_r (char const *, struct passwd *, char *, size_t, struct passwd **) ; 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /src/nsssd/nsssd-nslcd.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSSD_NSLCD_H 4 | #define NSSSD_NSLCD_H 5 | 6 | 7 | /* Taken from nslcd.h */ 8 | 9 | #define NSLCD_VERSION 0x00000002 10 | 11 | #define NSLCD_ACTION_PASSWD_BYNAME 0x00080001 12 | #define NSLCD_ACTION_PASSWD_BYUID 0x00080002 13 | #define NSLCD_ACTION_PASSWD_ALL 0x00080008 14 | 15 | #define NSLCD_ACTION_GROUP_BYNAME 0x00040001 16 | #define NSLCD_ACTION_GROUP_BYGID 0x00040002 17 | #define NSLCD_ACTION_GROUP_BYMEMBER 0x00040006 18 | #define NSLCD_ACTION_GROUP_ALL 0x00040008 19 | 20 | #define NSLCD_ACTION_SHADOW_BYNAME 0x000c0001 21 | #define NSLCD_ACTION_SHADOW_ALL 0x000c0008 22 | 23 | #define NSLCD_RESULT_BEGIN 1 24 | #define NSLCD_RESULT_END 2 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /src/libnsss/nsss_grouplist_adjust.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | #include "nsss-internal.h" 9 | 10 | int nsss_grouplist_adjust (size_t n, size_t r, gid_t gid, gid_t *gids, int *ngids, int e) 11 | { 12 | if (r > INT_MAX) return (errno = EMSGSIZE, -1) ; 13 | if (r > n) return (*ngids = (int)r, errno = ENOBUFS, -1) ; 14 | for (size_t i = 0 ; i < r ; i++) if (gid == gids[i]) goto ok ; 15 | r++ ; 16 | if (r > INT_MAX) return (errno = EMSGSIZE, -1) ; 17 | if (r > n) return (*ngids = (int)r, errno = ENOBUFS, -1) ; 18 | memmove(gids + 1, gids, (r-1) * sizeof(gid_t)) ; 19 | gids[0] = gid ; 20 | ok: 21 | *ngids = (int)r ; 22 | errno = e ; 23 | return (int)n ; 24 | } 25 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_pwd_getbyuid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | 8 | #include 9 | #include "nsss-switch-internal.h" 10 | 11 | int nsss_switch_pwd_getbyuid (nsss_switch_t *a, struct passwd *pw, stralloc *sa, uid_t uid, tain const *deadline, tain *stamp) 12 | { 13 | char buf[5] = { NSSS_SWITCH_PWD_GETBYUID } ; 14 | uint32_pack_big(buf + 1, uid) ; 15 | if (!nsss_switch_send(a, buf, 5, deadline, stamp)) return 0 ; 16 | if (!buffer_timed_get(&a->b, &buf[0], 1, deadline, stamp)) return 0 ; 17 | if ((unsigned char)buf[0] == 255) return 0 ; 18 | if (buf[0]) return (errno = (unsigned char)buf[0], 0) ; 19 | return nsss_switch_pwd_read(&a->b, pw, sa, deadline, stamp) ; 20 | } 21 | -------------------------------------------------------------------------------- /src/include/nsss/pwd-switch.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_PWD_SWITCH_H 4 | #define NSSS_PWD_SWITCH_H 5 | 6 | #include 7 | 8 | /* Password functions contacting the nsssd daemon */ 9 | 10 | extern void nsss_switch_setpwent (void) ; 11 | extern struct passwd *nsss_switch_getpwent (void) ; 12 | extern int nsss_switch_getpwent_r (struct passwd *, char *, size_t, struct passwd **) ; 13 | extern void nsss_switch_endpwent (void) ; 14 | 15 | extern struct passwd *nsss_switch_getpwuid (uid_t) ; 16 | extern int nsss_switch_getpwuid_r (uid_t, struct passwd *, char *, size_t, struct passwd **) ; 17 | extern struct passwd *nsss_switch_getpwnam (char const *) ; 18 | extern int nsss_switch_getpwnam_r (char const *, struct passwd *, char *, size_t, struct passwd **) ; 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | Copyright (c) 2018-2025 Laurent Bercot 2 | 3 | Permission to use, copy, modify, and distribute this software for any 4 | purpose with or without fee is hereby granted, provided that the above 5 | copyright notice and this permission notice appear in all copies. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_send.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | 8 | #include 9 | #include "nsss-switch-internal.h" 10 | 11 | int nsss_switch_send (nsss_switch_t *a, char const *s, size_t len, tain const *deadline, tain *stamp) 12 | { 13 | if (!ipc_timed_send(buffer_fd(&a->b), s, len, deadline, stamp)) 14 | { 15 | unsigned int what ; 16 | char const *path ; 17 | if (errno != ECONNRESET || !a->path) return 0 ; 18 | what = a->held ; 19 | path = a->path ; 20 | nsss_switch_end(a, what) ; 21 | if (!nsss_switch_start(a, what, path, deadline, stamp)) return 0 ; 22 | if (!ipc_timed_send(buffer_fd(&a->b), s, len, deadline, stamp)) return 0 ; 23 | } 24 | return 1 ; 25 | } 26 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getpwuid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | 10 | struct passwd *nsss_all_getpwuid (uid_t uid) 11 | { 12 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 13 | int e = errno ; 14 | if (!nsss_switch_start(&a, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 15 | nsss_pwd_sa_here.len = 0 ; 16 | if (!nsss_switch_pwd_getbyuid(&a, &nsss_pwd_here, &nsss_pwd_sa_here, uid, 0, 0)) 17 | { 18 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 19 | return 0 ; 20 | } 21 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 22 | return &nsss_pwd_here ; 23 | 24 | fallback: 25 | errno = e ; 26 | return nsss_unix_getpwuid(uid) ; 27 | } 28 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_grp_getbygid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | 8 | #include 9 | #include "nsss-switch-internal.h" 10 | 11 | int nsss_switch_grp_getbygid (nsss_switch_t *a, struct group *gr, stralloc *sa, genalloc *ga, gid_t gid, tain const *deadline, tain *stamp) 12 | { 13 | char buf[5] = { NSSS_SWITCH_GRP_GETBYGID } ; 14 | uint32_pack_big(buf + 1, gid) ; 15 | if (!nsss_switch_send(a, buf, 5, deadline, stamp)) return 0 ; 16 | if (!buffer_timed_get(&a->b, &buf[0], 1, deadline, stamp)) return 0 ; 17 | if ((unsigned char)buf[0] == 255) return 0 ; 18 | if (buf[0]) return (errno = (unsigned char)buf[0], 0) ; 19 | return nsss_switch_grp_read(&a->b, gr, sa, ga, deadline, stamp) ; 20 | } 21 | -------------------------------------------------------------------------------- /src/include/nsss/grp-all.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_GRP_ALL_H 4 | #define NSSS_GRP_ALL_H 5 | 6 | #include 7 | 8 | /* switch then fallback on unix */ 9 | 10 | extern void nsss_all_setgrent (void) ; 11 | extern struct group *nsss_all_getgrent (void) ; 12 | extern int nsss_all_getgrent_r (struct group *, char *, size_t, struct group **) ; 13 | extern void nsss_all_endgrent (void) ; 14 | 15 | extern struct group *nsss_all_getgrgid (gid_t) ; 16 | extern struct group *nsss_all_getgrnam (char const *) ; 17 | extern int nsss_all_getgrgid_r (gid_t, struct group *, char *, size_t, struct group **) ; 18 | extern int nsss_all_getgrnam_r (char const *, struct group *, char *, size_t, struct group **) ; 19 | extern int nsss_all_getgrouplist (char const *, gid_t, gid_t *, int *) ; 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getpwnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | 10 | struct passwd *nsss_all_getpwnam (char const *name) 11 | { 12 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 13 | int e = errno ; 14 | if (!nsss_switch_start(&a, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 15 | nsss_pwd_sa_here.len = 0 ; 16 | if (!nsss_switch_pwd_getbyname(&a, &nsss_pwd_here, &nsss_pwd_sa_here, name, 0, 0)) 17 | { 18 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 19 | return 0 ; 20 | } 21 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 22 | return &nsss_pwd_here ; 23 | 24 | fallback: 25 | errno = e ; 26 | return nsss_unix_getpwnam(name) ; 27 | } 28 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_sendv.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | 8 | #include 9 | #include "nsss-switch-internal.h" 10 | 11 | int nsss_switch_sendv (nsss_switch_t *a, struct iovec const *v, unsigned int n, tain const *deadline, tain *stamp) 12 | { 13 | if (!ipc_timed_sendv(buffer_fd(&a->b), v, n, deadline, stamp)) 14 | { 15 | unsigned int what ; 16 | char const *path ; 17 | if (errno != ECONNRESET || !a->path) return 0 ; 18 | what = a->held ; 19 | path = a->path ; 20 | nsss_switch_end(a, what) ; 21 | if (!nsss_switch_start(a, what, path, deadline, stamp)) return 0 ; 22 | if (!ipc_timed_sendv(buffer_fd(&a->b), v, n, deadline, stamp)) return 0 ; 23 | } 24 | return 1 ; 25 | } 26 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getpwent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | #include "nsss-switch-internal.h" 10 | #include "nsss-all-internal.h" 11 | 12 | struct passwd *nsss_all_getpwent (void) 13 | { 14 | int e = errno ; 15 | if (nsss_all_errno) goto fallback ; 16 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) goto efallback ; 17 | nsss_pwd_sa_here.len = 0 ; 18 | if (!nsss_switch_pwd_get(&nsss_switch_enumerator, &nsss_pwd_here, &nsss_pwd_sa_here, 0, 0)) return 0 ; 19 | return &nsss_pwd_here ; 20 | 21 | efallback: 22 | nsss_all_errno = errno ; 23 | errno = e ; 24 | fallback: 25 | return nsss_unix_getpwent() ; 26 | } 27 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getspnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | 10 | struct spwd *nsss_all_getspnam (char const *name) 11 | { 12 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 13 | int e = errno ; 14 | if (!nsss_switch_start(&a, NSSS_SWITCH_SHADOW, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 15 | nsss_shadow_sa_here.len = 0 ; 16 | if (!nsss_switch_shadow_getbyname(&a, &nsss_shadow_here, &nsss_shadow_sa_here, name, 0, 0)) 17 | { 18 | nsss_switch_end(&a, NSSS_SWITCH_SHADOW) ; 19 | return 0 ; 20 | } 21 | nsss_switch_end(&a, NSSS_SWITCH_SHADOW) ; 22 | return &nsss_shadow_here ; 23 | 24 | fallback: 25 | errno = e ; 26 | return nsss_unix_getspnam(name) ; 27 | } 28 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getspent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | #include "nsss-switch-internal.h" 10 | #include "nsss-all-internal.h" 11 | 12 | struct spwd *nsss_all_getspent (void) 13 | { 14 | int e = errno ; 15 | if (nsss_all_errno) goto fallback ; 16 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_SHADOW, NSSS_NSSSD_PATH, 0, 0)) goto efallback ; 17 | nsss_shadow_sa_here.len = 0 ; 18 | if (!nsss_switch_shadow_get(&nsss_switch_enumerator, &nsss_shadow_here, &nsss_shadow_sa_here, 0, 0)) return 0 ; 19 | return &nsss_shadow_here ; 20 | 21 | efallback: 22 | nsss_all_errno = errno ; 23 | errno = e ; 24 | fallback: 25 | return nsss_unix_getspent() ; 26 | } 27 | -------------------------------------------------------------------------------- /src/include/nsss/grp-switch.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_GRP_SWITCH_H 4 | #define NSSS_GRP_SWITCH_H 5 | 6 | #include 7 | 8 | /* Group functions contacting the nsssd daemon */ 9 | 10 | extern void nsss_switch_setgrent (void) ; 11 | extern struct group *nsss_switch_getgrent (void) ; 12 | extern int nsss_switch_getgrent_r (struct group *, char *, size_t, struct group **) ; 13 | extern void nsss_switch_endgrent (void) ; 14 | 15 | extern struct group *nsss_switch_getgrgid (gid_t) ; 16 | extern struct group *nsss_switch_getgrnam (char const *) ; 17 | extern int nsss_switch_getgrgid_r (gid_t, struct group *, char *, size_t, struct group **) ; 18 | extern int nsss_switch_getgrnam_r (char const *, struct group *, char *, size_t, struct group **) ; 19 | extern int nsss_switch_getgrouplist (char const *, gid_t, gid_t *, int *) ; 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_startf.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | #include 10 | 11 | static inline pid_t nsss_switch_spawn (nsss_switch_t *a, char const *const *argv, tain const *deadline, tain *stamp) 12 | { 13 | int fd ; 14 | pid_t pid = child_spawn1_socket(argv[0], argv, (char const *const *)environ, &fd) ; 15 | if (!pid) return 0 ; 16 | buffer_init(&a->b, &buffer_read, fd, a->buf, NSSS_SWITCH_BUFSIZE) ; 17 | return pid ; 18 | } 19 | 20 | int nsss_switch_startf (nsss_switch_t *a, unsigned int what, char const *const *argv, tain const *deadline, tain *stamp) 21 | { 22 | if (!a->held && !nsss_switch_spawn(a, argv, deadline, stamp)) return 0 ; 23 | a->held |= what & 0x7u ; 24 | a->path = 0 ; 25 | return 1 ; 26 | } 27 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_start.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | 9 | static inline int nsss_switch_connect (nsss_switch_t *a, char const *path, tain const *deadline, tain *stamp) 10 | { 11 | int fd = ipc_stream_nbcoe() ; 12 | if (fd < 0) return 0 ; 13 | if (!ipc_timed_connect(fd, path, deadline, stamp)) 14 | { 15 | fd_close(fd) ; 16 | return 0 ; 17 | } 18 | buffer_init(&a->b, &buffer_read, fd, a->buf, NSSS_SWITCH_BUFSIZE) ; 19 | return 1 ; 20 | } 21 | 22 | int nsss_switch_start (nsss_switch_t *a, unsigned int what, char const *path, tain const *deadline, tain *stamp) 23 | { 24 | if (!a->held && !nsss_switch_connect(a, path, deadline, stamp)) return 0 ; 25 | a->held |= what & 0x7u ; 26 | a->path = path ; 27 | return 1 ; 28 | } 29 | -------------------------------------------------------------------------------- /src/include/nsss/grp-unix.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_GRP_UNIX_H 4 | #define NSSS_GRP_UNIX_H 5 | 6 | #include 7 | 8 | /* /etc/group backend */ 9 | 10 | extern void nsss_unix_setgrent (void) ; 11 | extern struct group *nsss_unix_getgrent (void) ; 12 | extern int nsss_unix_getgrent_r (struct group *, char *, size_t, struct group **) ; 13 | extern void nsss_unix_endgrent (void) ; 14 | 15 | extern struct group *nsss_unix_getgrgid (gid_t) ; 16 | extern struct group *nsss_unix_getgrnam (char const *) ; 17 | extern int nsss_unix_getgrgid_r (gid_t, struct group *, char *, size_t, struct group **) ; 18 | extern int nsss_unix_getgrnam_r (char const *, struct group *, char *, size_t, struct group **) ; 19 | extern int nsss_unix_getgrouplist (char const *, gid_t, gid_t *, int *) ; 20 | extern int nsss_unix_getgrouplist_preadjust (char const *, gid_t *, size_t, size_t *) ; 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getgrgid.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "nsss-internal.h" 10 | 11 | struct group *nsss_all_getgrgid (gid_t gid) 12 | { 13 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 14 | int e = errno ; 15 | if (!nsss_switch_start(&a, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 16 | nsss_grp_sa_here.len = 0 ; 17 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 18 | if (!nsss_switch_grp_getbygid(&a, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here, gid, 0, 0)) 19 | { 20 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 21 | return 0 ; 22 | } 23 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 24 | return &nsss_grp_here ; 25 | 26 | fallback: 27 | errno = e ; 28 | return nsss_unix_getgrgid(gid) ; 29 | } 30 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getgrnam.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "nsss-internal.h" 10 | 11 | struct group *nsss_all_getgrnam (char const *name) 12 | { 13 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 14 | int e = errno ; 15 | if (!nsss_switch_start(&a, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 16 | nsss_grp_sa_here.len = 0 ; 17 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 18 | if (!nsss_switch_grp_getbyname(&a, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here, name, 0, 0)) 19 | { 20 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 21 | return 0 ; 22 | } 23 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 24 | return &nsss_grp_here ; 25 | 26 | fallback: 27 | errno = e ; 28 | return nsss_unix_getgrnam(name) ; 29 | } 30 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getpwent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "nsss-internal.h" 8 | #include "nsss-unix-internal.h" 9 | 10 | int nsss_unix_getpwent_r (struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 11 | { 12 | struct passwd pw2 ; 13 | stralloc sa = STRALLOC_ZERO ; 14 | int e ; 15 | if (!nsss_unix_pwd_maybe_start(&nsss_unix_pwd_here)) return errno ; 16 | e = errno ; 17 | errno = 0 ; 18 | if (!nsss_unix_pwd_get(&nsss_unix_pwd_here, &pw2, &sa)) 19 | { 20 | *pwp = 0 ; 21 | if (!errno) errno = ENOENT ; 22 | return errno ; 23 | } 24 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 25 | { 26 | stralloc_free(&sa) ; 27 | *pwp = 0 ; 28 | return errno ; 29 | } 30 | stralloc_free(&sa) ; 31 | *pwp = pw ; 32 | return (errno = e, 0) ; 33 | } 34 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getgrent.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "nsss-internal.h" 10 | #include "nsss-switch-internal.h" 11 | #include "nsss-all-internal.h" 12 | 13 | struct group *nsss_all_getgrent (void) 14 | { 15 | int e = errno ; 16 | if (nsss_all_errno) goto fallback ; 17 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) goto efallback ; 18 | nsss_grp_sa_here.len = 0 ; 19 | genalloc_setlen(char *, &nsss_grp_ga_here, 0) ; 20 | if (!nsss_switch_grp_get(&nsss_switch_enumerator, &nsss_grp_here, &nsss_grp_sa_here, &nsss_grp_ga_here, 0, 0)) return 0 ; 21 | return &nsss_grp_here ; 22 | 23 | efallback: 24 | nsss_all_errno = errno ; 25 | errno = e ; 26 | fallback: 27 | return nsss_unix_getgrent() ; 28 | } 29 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getspent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "nsss-internal.h" 8 | #include "nsss-unix-internal.h" 9 | 10 | int nsss_unix_getspent_r (struct spwd *sp, char *buf, size_t buflen, struct spwd **spp) 11 | { 12 | struct spwd sp2 ; 13 | stralloc sa = STRALLOC_ZERO ; 14 | int e ; 15 | if (!nsss_unix_shadow_maybe_start(&nsss_unix_shadow_here)) return errno ; 16 | e = errno ; 17 | errno = 0 ; 18 | if (!nsss_unix_shadow_get(&nsss_unix_shadow_here, &sp2, &sa)) 19 | { 20 | *spp = 0 ; 21 | if (!errno) errno = ENOENT ; 22 | return errno ; 23 | } 24 | if (!nsss_shadow_copy(sp, buf, buflen, &sp2, sa.s, sa.len)) 25 | { 26 | stralloc_free(&sa) ; 27 | *spp = 0 ; 28 | return errno ; 29 | } 30 | stralloc_free(&sa) ; 31 | *spp = sp ; 32 | return (errno = e, 0) ; 33 | } 34 | -------------------------------------------------------------------------------- /package/snippets: -------------------------------------------------------------------------------- 1 | configure_help_install='' 2 | configure_help_dependencies='' 3 | 4 | configure_help_options=' 5 | --with-nsssd-socket=PATH assume the nsssd socket is at PATH [/run/service/nsssd/s] 6 | --enable-libc-includes overwrite {pwd,grp,shadow}.h in includedir [disabled]' 7 | 8 | configure_init_vars='\ 9 | nsssdpath=/run/service/nsssd/s 10 | libcincludes=false' 11 | 12 | configure_case_lines='\ 13 | --enable-libc-includes|--enable-libc-includes=yes) libcincludes=true ;; 14 | --disable-libc-includes|--enable-libc-includes=no) libcincludes=false ;; 15 | --with-nsssd-socket=*) nsssdpath=${arg#*=} ;;' 16 | 17 | configure_expand_dirs='' 18 | configure_slashpackage_other='' 19 | 20 | configure_generate_make='\ 21 | if $libcincludes ; then 22 | echo "DO_LIBC_INCLUDES := 1" 23 | else 24 | echo "DO_LIBC_INCLUDES :=" 25 | fi' 26 | 27 | configure_generate_configh='echo "#define ${package_macro_name}_NSSSD_PATH \"$nsssdpath\""' 28 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getpwuid_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "nsss-internal.h" 8 | 9 | int nsss_unix_getpwuid_r (uid_t uid, struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 10 | { 11 | struct passwd pw2 ; 12 | stralloc sa = STRALLOC_ZERO ; 13 | nsss_unix_t a = NSSS_UNIX_ZERO ; 14 | int e = errno ; 15 | if (!nsss_unix_pwd_start(&a)) return errno ; 16 | errno = 0 ; 17 | if (!nsss_unix_pwd_getbyuid(&a, &pw2, &sa, uid)) 18 | { 19 | nsss_unix_pwd_end(&a) ; 20 | *pwp = 0 ; 21 | return errno ? errno : (errno = e, 0) ; 22 | } 23 | nsss_unix_pwd_end(&a) ; 24 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 25 | { 26 | stralloc_free(&sa) ; 27 | *pwp = 0 ; 28 | return errno ; 29 | } 30 | stralloc_free(&sa) ; 31 | *pwp = pw ; 32 | return (errno = e, 0) ; 33 | } 34 | -------------------------------------------------------------------------------- /src/libnsss/nsss_grp_copy.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "nsss-internal.h" 7 | 8 | int nsss_grp_copy (struct group *gr, char *buf, size_t buflen, struct group const *gr2, char const *s, size_t len, char *const *p, size_t n) 9 | { 10 | char **q ; 11 | size_t offset = (uintptr_t)buf % 16 ; 12 | offset = offset ? 16 - offset : 0 ; 13 | if (buflen < offset) return (errno = ERANGE, 0) ; 14 | buf += offset ; buflen -= offset ; 15 | offset = (n+1) * sizeof(char *) ; 16 | if (buflen < offset || buflen - offset < len) return (errno = ERANGE, 0) ; 17 | q = (char **)buf ; 18 | gr->gr_mem = q ; 19 | buf += offset ; 20 | memcpy(buf, s, len) ; 21 | for (size_t i = 0 ; i < n ; i++) q[i] = buf + (p[i] - s) ; 22 | q[n] = 0 ; 23 | gr->gr_name = buf + (gr2->gr_name - s) ; 24 | gr->gr_passwd = buf + (gr2->gr_passwd - s) ; 25 | gr->gr_gid = gr2->gr_gid ; 26 | return 1 ; 27 | } 28 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getpwnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "nsss-internal.h" 8 | 9 | int nsss_unix_getpwnam_r (char const *name, struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 10 | { 11 | struct passwd pw2 ; 12 | stralloc sa = STRALLOC_ZERO ; 13 | nsss_unix_t a = NSSS_UNIX_ZERO ; 14 | int e = errno ; 15 | if (!nsss_unix_pwd_start(&a)) return errno ; 16 | errno = 0 ; 17 | if (!nsss_unix_pwd_getbyname(&a, &pw2, &sa, name)) 18 | { 19 | nsss_unix_pwd_end(&a) ; 20 | *pwp = 0 ; 21 | return errno ? errno : (errno = e, 0) ; 22 | } 23 | nsss_unix_pwd_end(&a) ; 24 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 25 | { 26 | stralloc_free(&sa) ; 27 | *pwp = 0 ; 28 | return errno ; 29 | } 30 | stralloc_free(&sa) ; 31 | *pwp = pw ; 32 | return (errno = e, 0) ; 33 | } 34 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getspnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "nsss-internal.h" 8 | 9 | int nsss_unix_getspnam_r (char const *name, struct spwd *sp, char *buf, size_t buflen, struct spwd **spp) 10 | { 11 | struct spwd sp2 ; 12 | stralloc sa = STRALLOC_ZERO ; 13 | nsss_unix_t a = NSSS_UNIX_ZERO ; 14 | int e = errno ; 15 | if (!nsss_unix_shadow_start(&a)) return errno ; 16 | errno = 0 ; 17 | if (!nsss_unix_shadow_getbyname(&a, &sp2, &sa, name)) 18 | { 19 | nsss_unix_shadow_end(&a) ; 20 | *spp = 0 ; 21 | return errno ? errno : (errno = e, 0) ; 22 | } 23 | nsss_unix_shadow_end(&a) ; 24 | if (!nsss_shadow_copy(sp, buf, buflen, &sp2, sa.s, sa.len)) 25 | { 26 | stralloc_free(&sa) ; 27 | *spp = 0 ; 28 | return errno ; 29 | } 30 | stralloc_free(&sa) ; 31 | *spp = sp ; 32 | return (errno = e, 0) ; 33 | } 34 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | nsss - a secure NSS-like implementation for small libcs 2 | ------------------------------------------------------- 3 | 4 | nsss is a library implementing a subset of pwd.h, grp.h 5 | and shadow.h family of functions - the subset that can use a 6 | different backend than the standard /etc/passwd (et al.) files. 7 | It is intended to be used with certain libcs, such as musl, that 8 | do not implement the NSS protocol and so do not allow user/group 9 | credentials to be stored in other databases. 10 | 11 | Unlike NSS, nsss does not load dynamic modules and is fully 12 | compatible with static linking. The backend is chosen at boot time 13 | by running the appropriate daemon that will communicate with 14 | clients. 15 | 16 | See https://skarnet.org/software/nsss/ for details. 17 | 18 | 19 | * Installation 20 | ------------ 21 | 22 | See the INSTALL file. 23 | 24 | 25 | * Contact information 26 | ------------------- 27 | 28 | Laurent Bercot 29 | -------------------------------------------------------------------------------- /tools/gen-configure.el: -------------------------------------------------------------------------------- 1 | #!/command/execlineb -S0 2 | 3 | # For dev use only. Don't run this, it overwrites your configure. 4 | 5 | # The quoting interactions in sed and sh make it impossible to get 6 | # such a simple thing done. It's amazing how bad traditional Unix is. 7 | 8 | backtick -E TEMPLATE { redirfd -r 0 tools/configure.template s6-cat } 9 | s6-envdir -Lf package/configure-snippets 10 | multisubstitute 11 | { 12 | importas -uS configure_help_install 13 | importas -uS configure_help_dependencies 14 | importas -uS configure_help_options 15 | importas -uS configure_init_vars 16 | importas -uS configure_case_lines 17 | importas -uS configure_expand_dirs 18 | importas -uS configure_slashpackage_other 19 | importas -uS configure_extra_checks 20 | importas -uS configure_generate_make 21 | importas -uS configure_generate_configh 22 | } 23 | 24 | if 25 | { 26 | redirfd -w 1 configure.new 27 | if { heredoc 0 ${TEMPLATE} s6-cat } 28 | s6-echo 29 | } 30 | 31 | if { s6-chmod 0755 configure.new } 32 | s6-rename configure.new configure 33 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getgrouplist.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include "nsss-internal.h" 13 | 14 | int nsss_all_getgrouplist (char const *user, gid_t gid, gid_t *gids, int *ngids) 15 | { 16 | stralloc sa = STRALLOC_ZERO ; 17 | int e = errno ; 18 | size_t r = 0 ; 19 | size_t n ; 20 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 21 | if (*ngids < 0) return (errno = EINVAL, -1) ; 22 | n = *ngids ; 23 | if (!nsss_switch_start(&a, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 24 | if (!nsss_switch_grp_getlist(&a, user, gids, n, &r, &sa, 0, 0)) 25 | { 26 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 27 | return -1 ; 28 | } 29 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 30 | return nsss_grouplist_adjust(n, r, gid, gids, ngids, e) ; 31 | 32 | fallback: 33 | errno = e ; 34 | return nsss_unix_getgrouplist(user, gid, gids, ngids) ; 35 | } 36 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_pwd_getbyname.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | #include 9 | 10 | #include 11 | #include "nsss-switch-internal.h" 12 | 13 | int nsss_switch_pwd_getbyname (nsss_switch_t *a, struct passwd *pw, stralloc *sa, char const *name, tain const *deadline, tain *stamp) 14 | { 15 | char buf[5] = { NSSS_SWITCH_PWD_GETBYNAME } ; 16 | size_t len = strlen(name) ; 17 | struct iovec v[2] = { { .iov_base = buf, .iov_len = 5 }, { .iov_base = (char *)name, .iov_len = len + 1 } } ; 18 | if (len > NSSS_SWITCH_NAME_MAXLEN - 1) return (errno = EINVAL, 0) ; 19 | uint32_pack_big(buf + 1, len + 1) ; 20 | if (!nsss_switch_sendv(a, v, 2, deadline, stamp)) return 0 ; 21 | if (!buffer_timed_get(&a->b, &buf[0], 1, deadline, stamp)) return 0 ; 22 | if ((unsigned char)buf[0] == 255) return 0 ; 23 | if (buf[0]) return (errno = (unsigned char)buf[0], 0) ; 24 | return nsss_switch_pwd_read(&a->b, pw, sa, deadline, stamp) ; 25 | } 26 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_shadow_getbyname.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | #include 9 | 10 | #include 11 | #include "nsss-switch-internal.h" 12 | 13 | int nsss_switch_shadow_getbyname (nsss_switch_t *a, struct spwd *sp, stralloc *sa, char const *name, tain const *deadline, tain *stamp) 14 | { 15 | char buf[5] = { NSSS_SWITCH_SHADOW_GETBYNAME } ; 16 | size_t len = strlen(name) ; 17 | struct iovec v[2] = { { .iov_base = buf, .iov_len = 5 }, { .iov_base = (char *)name, .iov_len = len + 1 } } ; 18 | if (len > NSSS_SWITCH_NAME_MAXLEN - 1) return (errno = EINVAL, 0) ; 19 | uint32_pack_big(buf + 1, len + 1) ; 20 | if (!nsss_switch_sendv(a, v, 2, deadline, stamp)) return 0 ; 21 | if (!buffer_timed_get(&a->b, &buf[0], 1, deadline, stamp)) return 0 ; 22 | if ((unsigned char)buf[0] == 255) return 0 ; 23 | if (buf[0]) return (errno = (unsigned char)buf[0], 0) ; 24 | return nsss_switch_shadow_read(&a->b, sp, sa, deadline, stamp) ; 25 | } 26 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_grp_getbyname.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | #include 9 | 10 | #include 11 | #include "nsss-switch-internal.h" 12 | 13 | int nsss_switch_grp_getbyname (nsss_switch_t *a, struct group *gr, stralloc *sa, genalloc *ga, char const *name, tain const *deadline, tain *stamp) 14 | { 15 | char buf[5] = { NSSS_SWITCH_GRP_GETBYNAME } ; 16 | size_t len = strlen(name) ; 17 | struct iovec v[2] = { { .iov_base = buf, .iov_len = 5 }, { .iov_base = (char *)name, .iov_len = len + 1 } } ; 18 | if (len > NSSS_SWITCH_NAME_MAXLEN - 1) return (errno = EINVAL, 0) ; 19 | uint32_pack_big(buf + 1, len + 1) ; 20 | if (!nsss_switch_sendv(a, v, 2, deadline, stamp)) return 0 ; 21 | if (!buffer_timed_get(&a->b, &buf[0], 1, deadline, stamp)) return 0 ; 22 | if ((unsigned char)buf[0] == 255) return 0 ; 23 | if (buf[0]) return (errno = (unsigned char)buf[0], 0) ; 24 | return nsss_switch_grp_read(&a->b, gr, sa, ga, deadline, stamp) ; 25 | } 26 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getgrouplist.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | 9 | #include 10 | #include 11 | #include 12 | #include "nsss-internal.h" 13 | #include "nsss-switch-internal.h" 14 | 15 | int nsss_switch_getgrouplist (char const *user, gid_t gid, gid_t *gids, int *ngids) 16 | { 17 | stralloc sa = STRALLOC_ZERO ; 18 | size_t r = 0 ; 19 | size_t n ; 20 | int e ; 21 | if (*ngids < 0) return (errno = EINVAL, -1) ; 22 | n = *ngids ; 23 | e = pthread_mutex_lock(&nsss_switch_query_mutex) ; 24 | if (e) return (errno = e, -1) ; 25 | e = errno ; 26 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_GRP, 30000, 0, 0) 27 | || !nsss_switch_grp_getlist(&nsss_switch_query, user, gids, n, &r, &sa, 0, 0)) 28 | { 29 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 30 | return -1 ; 31 | } 32 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 33 | return nsss_grouplist_adjust(n, r, gid, gids, ngids, e) ; 34 | } 35 | -------------------------------------------------------------------------------- /src/libnsss/nsss-internal.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_INTERNAL_H 4 | #define NSSS_INTERNAL_H 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | 14 | /* Password */ 15 | 16 | extern struct passwd nsss_pwd_here ; 17 | extern stralloc nsss_pwd_sa_here ; 18 | extern int nsss_pwd_copy (struct passwd *, char *, size_t, struct passwd const *, char const *, size_t) ; 19 | 20 | 21 | /* Group */ 22 | 23 | extern struct group nsss_grp_here ; 24 | extern stralloc nsss_grp_sa_here ; 25 | extern genalloc nsss_grp_ga_here ; 26 | extern int nsss_grp_copy (struct group *, char *, size_t, struct group const *, char const *, size_t, char *const *, size_t) ; 27 | extern int nsss_grouplist_adjust (size_t, size_t, gid_t, gid_t *, int *, int) ; 28 | 29 | /* Shadow */ 30 | 31 | extern struct spwd nsss_shadow_here ; 32 | extern stralloc nsss_shadow_sa_here ; 33 | extern int nsss_shadow_copy (struct spwd *, char *, size_t, struct spwd const *, char const *, size_t) ; 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getgrent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | #include "nsss-unix-internal.h" 10 | 11 | int nsss_unix_getgrent_r (struct group *gr, char *buf, size_t buflen, struct group **grp) 12 | { 13 | struct group gr2 ; 14 | stralloc sa = STRALLOC_ZERO ; 15 | genalloc ga = GENALLOC_ZERO ; 16 | int e ; 17 | if (!nsss_unix_grp_maybe_start(&nsss_unix_grp_here)) return errno ; 18 | e = errno ; 19 | errno = 0 ; 20 | if (!nsss_unix_grp_get(&nsss_unix_grp_here, &gr2, &sa, &ga)) 21 | { 22 | *grp = 0 ; 23 | if (!errno) errno = ENOENT ; 24 | return errno ; 25 | } 26 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 27 | { 28 | genalloc_free(char *, &ga) ; 29 | stralloc_free(&sa) ; 30 | *grp = 0 ; 31 | return errno ; 32 | } 33 | genalloc_free(char *, &ga) ; 34 | stralloc_free(&sa) ; 35 | *grp = gr ; 36 | return (errno = e, 0) ; 37 | } 38 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getgrgid_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | 10 | int nsss_unix_getgrgid_r (gid_t gid, struct group *gr, char *buf, size_t buflen, struct group **grp) 11 | { 12 | struct group gr2 ; 13 | stralloc sa = STRALLOC_ZERO ; 14 | genalloc ga = GENALLOC_ZERO ; 15 | nsss_unix_t a = NSSS_UNIX_ZERO ; 16 | int e = errno ; 17 | if (!nsss_unix_grp_start(&a)) return errno ; 18 | errno = 0 ; 19 | if (!nsss_unix_grp_getbygid(&a, &gr2, &sa, &ga, gid)) 20 | { 21 | nsss_unix_grp_end(&a) ; 22 | *grp = 0 ; 23 | return errno ? errno : (errno = e, 0) ; 24 | } 25 | nsss_unix_grp_end(&a) ; 26 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 27 | { 28 | genalloc_free(char *, &ga) ; 29 | stralloc_free(&sa) ; 30 | *grp = 0 ; 31 | return errno ; 32 | } 33 | genalloc_free(char *, &ga) ; 34 | stralloc_free(&sa) ; 35 | *grp = gr ; 36 | return (errno = e, 0) ; 37 | } 38 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_getgrnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-internal.h" 9 | 10 | int nsss_unix_getgrnam_r (char const *name, struct group *gr, char *buf, size_t buflen, struct group **grp) 11 | { 12 | struct group gr2 ; 13 | stralloc sa = STRALLOC_ZERO ; 14 | genalloc ga = GENALLOC_ZERO ; 15 | nsss_unix_t a = NSSS_UNIX_ZERO ; 16 | int e = errno ; 17 | if (!nsss_unix_grp_start(&a)) return errno ; 18 | errno = 0 ; 19 | if (!nsss_unix_grp_getbyname(&a, &gr2, &sa, &ga, name)) 20 | { 21 | nsss_unix_grp_end(&a) ; 22 | *grp = 0 ; 23 | return errno ? errno : (errno = e, 0) ; 24 | } 25 | nsss_unix_grp_end(&a) ; 26 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 27 | { 28 | genalloc_free(char *, &ga) ; 29 | stralloc_free(&sa) ; 30 | *grp = 0 ; 31 | return errno ; 32 | } 33 | genalloc_free(char *, &ga) ; 34 | stralloc_free(&sa) ; 35 | *grp = gr ; 36 | return (errno = e, 0) ; 37 | } 38 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getpwuid_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "nsss-internal.h" 10 | 11 | int nsss_all_getpwuid_r (uid_t uid, struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 12 | { 13 | struct passwd pw2 ; 14 | stralloc sa = STRALLOC_ZERO ; 15 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 16 | int e = errno ; 17 | if (!nsss_switch_start(&a, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 18 | errno = 0 ; 19 | if (!nsss_switch_pwd_getbyuid(&a, &pw2, &sa, uid, 0, 0)) 20 | { 21 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 22 | *pwp = 0 ; 23 | return errno ? errno : (errno = e, 0) ; 24 | } 25 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 26 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 27 | { 28 | stralloc_free(&sa) ; 29 | *pwp = 0 ; 30 | return errno ; 31 | } 32 | stralloc_free(&sa) ; 33 | *pwp = pw ; 34 | return (errno = e, 0) ; 35 | 36 | fallback: 37 | errno = e ; 38 | return nsss_unix_getpwuid_r(uid, pw, buf, buflen, pwp) ; 39 | } 40 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getpwnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "nsss-internal.h" 10 | 11 | int nsss_all_getpwnam_r (char const *name, struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 12 | { 13 | struct passwd pw2 ; 14 | stralloc sa = STRALLOC_ZERO ; 15 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 16 | int e = errno ; 17 | if (!nsss_switch_start(&a, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 18 | errno = 0 ; 19 | if (!nsss_switch_pwd_getbyname(&a, &pw2, &sa, name, 0, 0)) 20 | { 21 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 22 | *pwp = 0 ; 23 | return errno ? errno : (errno = e, 0) ; 24 | } 25 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 26 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 27 | { 28 | stralloc_free(&sa) ; 29 | *pwp = 0 ; 30 | return errno ; 31 | } 32 | stralloc_free(&sa) ; 33 | *pwp = pw ; 34 | return (errno = e, 0) ; 35 | 36 | fallback: 37 | errno = e ; 38 | return nsss_unix_getpwnam_r(name, pw, buf, buflen, pwp) ; 39 | } 40 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getspnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "nsss-internal.h" 10 | 11 | int nsss_all_getspnam_r (char const *name, struct spwd *sp, char *buf, size_t buflen, struct spwd **spp) 12 | { 13 | struct spwd sp2 ; 14 | stralloc sa = STRALLOC_ZERO ; 15 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 16 | int e = errno ; 17 | if (!nsss_switch_start(&a, NSSS_SWITCH_SHADOW, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 18 | errno = 0 ; 19 | if (!nsss_switch_shadow_getbyname(&a, &sp2, &sa, name, 0, 0)) 20 | { 21 | nsss_switch_end(&a, NSSS_SWITCH_SHADOW) ; 22 | *spp = 0 ; 23 | return errno ? errno : (errno = e, 0) ; 24 | } 25 | nsss_switch_end(&a, NSSS_SWITCH_SHADOW) ; 26 | if (!nsss_shadow_copy(sp, buf, buflen, &sp2, sa.s, sa.len)) 27 | { 28 | stralloc_free(&sa) ; 29 | *spp = 0 ; 30 | return errno ; 31 | } 32 | stralloc_free(&sa) ; 33 | *spp = sp ; 34 | return (errno = e, 0) ; 35 | 36 | fallback: 37 | errno = e ; 38 | return nsss_unix_getspnam_r(name, sp, buf, buflen, spp) ; 39 | } 40 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getpwent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "nsss-internal.h" 10 | #include "nsss-switch-internal.h" 11 | #include "nsss-all-internal.h" 12 | 13 | int nsss_all_getpwent_r (struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 14 | { 15 | struct passwd pw2 ; 16 | stralloc sa = STRALLOC_ZERO ; 17 | int e = errno ; 18 | if (nsss_all_errno) goto fallback ; 19 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) goto efallback ; 20 | errno = 0 ; 21 | if (!nsss_switch_pwd_get(&nsss_switch_enumerator, &pw2, &sa, 0, 0)) 22 | { 23 | *pwp = 0 ; 24 | if (!errno) errno = ENOENT ; 25 | return errno ; 26 | } 27 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 28 | { 29 | stralloc_free(&sa) ; 30 | *pwp = 0 ; 31 | return errno ; 32 | } 33 | stralloc_free(&sa) ; 34 | *pwp = pw ; 35 | return (errno = e, 0) ; 36 | 37 | efallback: 38 | nsss_all_errno = errno ; 39 | errno = e ; 40 | fallback: 41 | return nsss_unix_getpwent_r(pw, buf, buflen, pwp) ; 42 | } 43 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getspent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "nsss-internal.h" 10 | #include "nsss-switch-internal.h" 11 | #include "nsss-all-internal.h" 12 | 13 | int nsss_all_getspent_r (struct spwd *sp, char *buf, size_t buflen, struct spwd **spp) 14 | { 15 | struct spwd sp2 ; 16 | stralloc sa = STRALLOC_ZERO ; 17 | int e = errno ; 18 | if (nsss_all_errno) goto fallback ; 19 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_SHADOW, NSSS_NSSSD_PATH, 0, 0)) goto efallback ; 20 | errno = 0 ; 21 | if (!nsss_switch_shadow_get(&nsss_switch_enumerator, &sp2, &sa, 0, 0)) 22 | { 23 | *spp = 0 ; 24 | if (!errno) errno = ENOENT ; 25 | return errno ; 26 | } 27 | if (!nsss_shadow_copy(sp, buf, buflen, &sp2, sa.s, sa.len)) 28 | { 29 | stralloc_free(&sa) ; 30 | *spp = 0 ; 31 | return errno ; 32 | } 33 | stralloc_free(&sa) ; 34 | *spp = sp ; 35 | return (errno = e, 0) ; 36 | 37 | efallback: 38 | nsss_all_errno = errno ; 39 | errno = e ; 40 | fallback: 41 | return nsss_unix_getspent_r(sp, buf, buflen, spp) ; 42 | } 43 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getpwent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include "nsss-internal.h" 12 | #include "nsss-switch-internal.h" 13 | 14 | int nsss_switch_getpwent_r (struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 15 | { 16 | struct passwd pw2 ; 17 | stralloc sa = STRALLOC_ZERO ; 18 | int e = pthread_mutex_lock(&nsss_switch_enumerator_mutex) ; 19 | if (e) return e ; 20 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_PWD, NSSS_NSSSD_PATH, 0, 0)) goto err ; 21 | e = errno ; 22 | errno = 0 ; 23 | if (!nsss_switch_pwd_get(&nsss_switch_enumerator, &pw2, &sa, 0, 0)) 24 | { 25 | *pwp = 0 ; 26 | if (!errno) errno = ENOENT ; 27 | goto err ; 28 | } 29 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 30 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 31 | { 32 | stralloc_free(&sa) ; 33 | *pwp = 0 ; 34 | return errno ; 35 | } 36 | stralloc_free(&sa) ; 37 | *pwp = pw ; 38 | return (errno = e, 0) ; 39 | 40 | err: 41 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 42 | return errno ; 43 | } 44 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getspent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include "nsss-internal.h" 12 | #include "nsss-switch-internal.h" 13 | 14 | int nsss_switch_getspent_r (struct spwd *sp, char *buf, size_t buflen, struct spwd **spp) 15 | { 16 | struct spwd sp2 ; 17 | stralloc sa = STRALLOC_ZERO ; 18 | int e = pthread_mutex_lock(&nsss_switch_enumerator_mutex) ; 19 | if (e) return e ; 20 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_SHADOW, NSSS_NSSSD_PATH, 0, 0)) goto err ; 21 | e = errno ; 22 | errno = 0 ; 23 | if (!nsss_switch_shadow_get(&nsss_switch_enumerator, &sp2, &sa, 0, 0)) 24 | { 25 | *spp = 0 ; 26 | if (!errno) errno = ENOENT ; 27 | goto err ; 28 | } 29 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 30 | if (!nsss_shadow_copy(sp, buf, buflen, &sp2, sa.s, sa.len)) 31 | { 32 | stralloc_free(&sa) ; 33 | *spp = 0 ; 34 | return errno ; 35 | } 36 | stralloc_free(&sa) ; 37 | *spp = sp ; 38 | return (errno = e, 0) ; 39 | 40 | err: 41 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 42 | return errno ; 43 | } 44 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getpwuid_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include "nsss-internal.h" 12 | #include "nsss-switch-internal.h" 13 | 14 | int nsss_switch_getpwuid_r (uid_t uid, struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 15 | { 16 | struct passwd pw2 ; 17 | stralloc sa = STRALLOC_ZERO ; 18 | int e = pthread_mutex_lock(&nsss_switch_query_mutex) ; 19 | if (e) return e ; 20 | e = errno ; 21 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_PWD, 30000, 0, 0)) 22 | { 23 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 24 | return errno ; 25 | } 26 | errno = 0 ; 27 | if (!nsss_switch_pwd_getbyuid(&nsss_switch_query, &pw2, &sa, uid, 0, 0)) 28 | { 29 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 30 | *pwp = 0 ; 31 | return errno ? errno : (errno = e, 0) ; 32 | } 33 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 34 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 35 | { 36 | stralloc_free(&sa) ; 37 | *pwp = 0 ; 38 | return errno ; 39 | } 40 | stralloc_free(&sa) ; 41 | *pwp = pw ; 42 | return (errno = e, 0) ; 43 | } 44 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getpwnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include "nsss-internal.h" 12 | #include "nsss-switch-internal.h" 13 | 14 | int nsss_switch_getpwnam_r (char const *name, struct passwd *pw, char *buf, size_t buflen, struct passwd **pwp) 15 | { 16 | struct passwd pw2 ; 17 | stralloc sa = STRALLOC_ZERO ; 18 | int e = pthread_mutex_lock(&nsss_switch_query_mutex) ; 19 | if (e) return e ; 20 | e = errno ; 21 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_PWD, 30000, 0, 0)) 22 | { 23 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 24 | return errno ; 25 | } 26 | errno = 0 ; 27 | if (!nsss_switch_pwd_getbyname(&nsss_switch_query, &pw2, &sa, name, 0, 0)) 28 | { 29 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 30 | *pwp = 0 ; 31 | return errno ? errno : (errno = e, 0) ; 32 | } 33 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 34 | if (!nsss_pwd_copy(pw, buf, buflen, &pw2, sa.s, sa.len)) 35 | { 36 | stralloc_free(&sa) ; 37 | *pwp = 0 ; 38 | return errno ; 39 | } 40 | stralloc_free(&sa) ; 41 | *pwp = pw ; 42 | return (errno = e, 0) ; 43 | } 44 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getspnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include "nsss-internal.h" 12 | #include "nsss-switch-internal.h" 13 | 14 | int nsss_switch_getspnam_r (char const *name, struct spwd *sp, char *buf, size_t buflen, struct spwd **spp) 15 | { 16 | struct spwd sp2 ; 17 | stralloc sa = STRALLOC_ZERO ; 18 | int e = pthread_mutex_lock(&nsss_switch_query_mutex) ; 19 | if (e) return e ; 20 | e = errno ; 21 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_SHADOW, 30000, 0, 0)) 22 | { 23 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 24 | return errno ; 25 | } 26 | errno = 0 ; 27 | if (!nsss_switch_shadow_getbyname(&nsss_switch_query, &sp2, &sa, name, 0, 0)) 28 | { 29 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 30 | *spp = 0 ; 31 | return errno ? errno : (errno = e, 0) ; 32 | } 33 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 34 | if (!nsss_shadow_copy(sp, buf, buflen, &sp2, sa.s, sa.len)) 35 | { 36 | stralloc_free(&sa) ; 37 | *spp = 0 ; 38 | return errno ; 39 | } 40 | stralloc_free(&sa) ; 41 | *spp = sp ; 42 | return (errno = e, 0) ; 43 | } 44 | -------------------------------------------------------------------------------- /tools/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | usage() { 4 | echo "usage: $0 [ -D ] [ -l ] [ -m mode ] [ -O owner:group ] src dst" 1>&2 5 | exit 1 6 | } 7 | 8 | mkdirp=false 9 | symlink=false 10 | mode=0755 11 | og= 12 | 13 | while getopts Dlm:O: name ; do 14 | case "$name" in 15 | D) mkdirp=true ;; 16 | l) symlink=true ;; 17 | m) mode=$OPTARG ;; 18 | O) og=$OPTARG ;; 19 | ?) usage ;; 20 | esac 21 | done 22 | shift $(($OPTIND - 1)) 23 | 24 | test "$#" -eq 2 || usage 25 | src=$1 26 | dst=$2 27 | tmp="$dst.tmp.$$" 28 | 29 | case "$dst" in 30 | */) echo "$0: $dst ends in /" 1>&2 ; exit 1 ;; 31 | esac 32 | 33 | set -C 34 | set -e 35 | 36 | if $mkdirp ; then 37 | umask 022 38 | case "$2" in 39 | */*) mkdir -p "${dst%/*}" ;; 40 | esac 41 | fi 42 | 43 | trap 'rm -f "$tmp"' EXIT INT QUIT TERM HUP 44 | 45 | umask 077 46 | 47 | if $symlink ; then 48 | ln -s "$src" "$tmp" 49 | else 50 | cat < "$1" > "$tmp" 51 | if test -n "$og" ; then 52 | chown -- "$og" "$tmp" 53 | fi 54 | chmod -- "$mode" "$tmp" 55 | fi 56 | 57 | mv -f "$tmp" "$dst" 58 | if test -d "$dst" ; then 59 | rm -f "$dst/$(basename $tmp)" 60 | if $symlink ; then 61 | mkdir "$tmp" 62 | ln -s "$src" "$tmp/$(basename $dst)" 63 | mv -f "$tmp/$(basename $dst)" "${dst%/*}" 64 | rmdir "$tmp" 65 | else 66 | echo "$0: $dst is a directory" 1>&2 67 | exit 1 68 | fi 69 | fi 70 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getgrgid_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "nsss-internal.h" 11 | 12 | int nsss_all_getgrgid_r (gid_t gid, struct group *gr, char *buf, size_t buflen, struct group **grp) 13 | { 14 | struct group gr2 ; 15 | stralloc sa = STRALLOC_ZERO ; 16 | genalloc ga = GENALLOC_ZERO ; 17 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 18 | int e = errno ; 19 | if (!nsss_switch_start(&a, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 20 | errno = 0 ; 21 | if (!nsss_switch_grp_getbygid(&a, &gr2, &sa, &ga, gid, 0, 0)) 22 | { 23 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 24 | *grp = 0 ; 25 | return errno ? errno : (errno = e, 0) ; 26 | } 27 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 28 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 29 | { 30 | genalloc_free(char *, &ga) ; 31 | stralloc_free(&sa) ; 32 | *grp = 0 ; 33 | return errno ; 34 | } 35 | genalloc_free(char *, &ga) ; 36 | stralloc_free(&sa) ; 37 | *grp = gr ; 38 | return (errno = e, 0) ; 39 | 40 | fallback: 41 | errno = e ; 42 | return nsss_unix_getgrgid_r(gid, gr, buf, buflen, grp) ; 43 | } 44 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_pwd_get.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-unix-internal.h" 9 | 10 | static inline int pwd_parseline (struct passwd *pw, char *s, size_t max) 11 | { 12 | struct passwd pw2 ; 13 | char *p ; 14 | s[max-1] = 0 ; 15 | if (!nsss_unix_field(&pw2.pw_name, &s)) return 0 ; 16 | if (!nsss_unix_field(&pw2.pw_passwd, &s)) return 0 ; 17 | if (!nsss_unix_field(&p, &s)) return 0 ; 18 | if (!uid0_scan(p, &pw2.pw_uid)) return 0 ; 19 | if (!nsss_unix_field(&p, &s)) return 0 ; 20 | if (!gid0_scan(p, &pw2.pw_gid)) return 0 ; 21 | if (!nsss_unix_field(&pw2.pw_gecos, &s)) return 0 ; 22 | if (!nsss_unix_field(&pw2.pw_dir, &s)) return 0 ; 23 | pw2.pw_shell = s ; 24 | *pw = pw2 ; 25 | return 1 ; 26 | } 27 | 28 | int nsss_unix_pwd_get (nsss_unix_t *a, struct passwd *pw, stralloc *sa) 29 | { 30 | int cs ; 31 | pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs) ; 32 | for (;;) 33 | { 34 | size_t base = sa->len ; 35 | if (skagetln_loose(&a->b, sa, '\n') <= 0) goto err ; 36 | if (pwd_parseline(pw, sa->s + base, sa->len - base)) break ; 37 | sa->len = base ; 38 | } 39 | pthread_setcancelstate(cs, 0) ; 40 | return 1 ; 41 | 42 | err: 43 | pthread_setcancelstate(cs, 0) ; 44 | return 0 ; 45 | } 46 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getgrnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "nsss-internal.h" 11 | 12 | int nsss_all_getgrnam_r (char const *name, struct group *gr, char *buf, size_t buflen, struct group **grp) 13 | { 14 | struct group gr2 ; 15 | stralloc sa = STRALLOC_ZERO ; 16 | genalloc ga = GENALLOC_ZERO ; 17 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 18 | int e = errno ; 19 | if (!nsss_switch_start(&a, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) goto fallback ; 20 | errno = 0 ; 21 | if (!nsss_switch_grp_getbyname(&a, &gr2, &sa, &ga, name, 0, 0)) 22 | { 23 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 24 | *grp = 0 ; 25 | return errno ? errno : (errno = e, 0) ; 26 | } 27 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 28 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 29 | { 30 | genalloc_free(char *, &ga) ; 31 | stralloc_free(&sa) ; 32 | *grp = 0 ; 33 | return errno ; 34 | } 35 | genalloc_free(char *, &ga) ; 36 | stralloc_free(&sa) ; 37 | *grp = gr ; 38 | return (errno = e, 0) ; 39 | 40 | fallback: 41 | errno = e ; 42 | return nsss_unix_getgrnam_r(name, gr, buf, buflen, grp) ; 43 | } 44 | -------------------------------------------------------------------------------- /src/libnsss/nsss-switch-internal.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_SWITCH_INTERNAL_H 4 | #define NSSS_SWITCH_INTERNAL_H 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | 20 | extern nsss_switch_t nsss_switch_enumerator ; 21 | extern pthread_mutex_t nsss_switch_enumerator_mutex ; 22 | 23 | extern nsss_switch_t nsss_switch_query ; 24 | extern pthread_mutex_t nsss_switch_query_mutex ; 25 | 26 | extern int nsss_switch_query_start (char const *, unsigned int, unsigned int, tain const *, tain *) ; 27 | 28 | extern int nsss_switch_op (nsss_switch_t *, char, tain const *, tain *) ; 29 | extern int nsss_switch_pwd_read (buffer *, struct passwd *, stralloc *, tain const *, tain *) ; 30 | extern int nsss_switch_grp_read (buffer *, struct group *, stralloc *, genalloc *, tain const *, tain *) ; 31 | extern int nsss_switch_shadow_read (buffer *, struct spwd *, stralloc *, tain const *, tain *) ; 32 | 33 | extern int nsss_switch_send (nsss_switch_t *, char const *, size_t, tain const *, tain *) ; 34 | extern int nsss_switch_sendv (nsss_switch_t *, struct iovec const *, unsigned int, tain const *, tain *) ; 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /src/nsssd/nsssd_convert.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | void nsssd_passwd_convert (struct passwd *pw, nsssd_passwd_t const *p, char const *s) 10 | { 11 | pw->pw_name = (char *)s + p->pw_name ; 12 | pw->pw_passwd = (char *)s + p->pw_passwd ; 13 | pw->pw_uid = p->pw_uid ; 14 | pw->pw_gid = p->pw_gid ; 15 | pw->pw_gecos = (char *)s + p->pw_gecos ; 16 | pw->pw_dir = (char *)s + p->pw_dir ; 17 | pw->pw_shell = (char *)s + p->pw_shell ; 18 | } 19 | 20 | void nsssd_group_convert (struct group *gr, char **q, nsssd_group_t const *p, char const *s, size_t const *membase) 21 | { 22 | gr->gr_name = (char *)s + p->gr_name ; 23 | gr->gr_passwd = (char *)s + p->gr_passwd ; 24 | gr->gr_gid = p->gr_gid ; 25 | gr->gr_mem = q ; 26 | for (size_t i = 0 ; i < p->gr_mem_n ; i++) *q++ = (char *)s + membase[p->gr_mem + i] ; 27 | *q++ = 0 ; 28 | } 29 | 30 | void nsssd_spwd_convert (struct spwd *sp, nsssd_spwd_t const *p, char const *s) 31 | { 32 | sp->sp_namp = (char *)s + p->sp_namp ; 33 | sp->sp_pwdp = (char *)s + p->sp_pwdp ; 34 | sp->sp_lstchg = p->sp_lstchg ; 35 | sp->sp_min = p->sp_min ; 36 | sp->sp_max = p->sp_max ; 37 | sp->sp_warn = p->sp_warn ; 38 | sp->sp_inact = p->sp_inact ; 39 | sp->sp_expire = p->sp_expire ; 40 | sp->sp_flag = p->sp_flag ; 41 | } 42 | -------------------------------------------------------------------------------- /src/libnsss/nsss_all_getgrent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "nsss-internal.h" 11 | #include "nsss-switch-internal.h" 12 | #include "nsss-all-internal.h" 13 | 14 | int nsss_all_getgrent_r (struct group *gr, char *buf, size_t buflen, struct group **grp) 15 | { 16 | struct group gr2 ; 17 | stralloc sa = STRALLOC_ZERO ; 18 | genalloc ga = GENALLOC_ZERO ; 19 | int e = errno ; 20 | if (nsss_all_errno) goto fallback ; 21 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) goto efallback ; 22 | errno = 0 ; 23 | if (!nsss_switch_grp_get(&nsss_switch_enumerator, &gr2, &sa, &ga, 0, 0)) 24 | { 25 | *grp = 0 ; 26 | if (!errno) errno = ENOENT ; 27 | return errno ; 28 | } 29 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 30 | { 31 | genalloc_free(char *, &ga) ; 32 | stralloc_free(&sa) ; 33 | *grp = 0 ; 34 | return errno ; 35 | } 36 | genalloc_free(char *, &ga) ; 37 | stralloc_free(&sa) ; 38 | *grp = gr ; 39 | return (errno = e, 0) ; 40 | 41 | efallback: 42 | nsss_all_errno = errno ; 43 | errno = e ; 44 | fallback: 45 | return nsss_unix_getgrent_r(gr, buf, buflen, grp) ; 46 | } 47 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_grp_getlist.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | #include 11 | 12 | int nsss_unix_grp_getlist (nsss_unix_t *a, char const *user, gid_t *gids, size_t n, size_t *r, stralloc *sa, genalloc *ga) 13 | { 14 | int sawasnull = !sa->s ; 15 | int gawasnull = !genalloc_s(char *, ga) ; 16 | size_t sabase = sa->len ; 17 | size_t gabase = genalloc_len(char *, ga) ; 18 | size_t m = 0 ; 19 | 20 | for (;;) 21 | { 22 | struct group gr ; 23 | sa->len = sabase ; 24 | genalloc_setlen(char *, ga, gabase) ; 25 | errno = 0 ; 26 | if (!nsss_unix_grp_get(a, &gr, sa, ga)) 27 | { 28 | if (errno) goto err ; 29 | else break ; 30 | } 31 | for (char **p = gr.gr_mem ; *p ; p++) 32 | if (!strcmp(user, *p)) 33 | { 34 | if (m < n) gids[m] = gr.gr_gid ; 35 | m++ ; 36 | break ; 37 | } 38 | } 39 | 40 | if (gawasnull) genalloc_free(char *, ga) ; 41 | else genalloc_setlen(char *, ga, gabase) ; 42 | if (sawasnull) stralloc_free(sa) ; 43 | else sa->len = sabase ; 44 | *r = m ; 45 | return 1 ; 46 | 47 | err: 48 | if (gawasnull) genalloc_free(char *, ga) ; 49 | else genalloc_setlen(char *, ga, gabase) ; 50 | if (sawasnull) stralloc_free(sa) ; 51 | else sa->len = sabase ; 52 | return 0 ; 53 | } 54 | -------------------------------------------------------------------------------- /src/tests/test-unix.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | int main (void) 12 | { 13 | PROG = "test-unix" ; 14 | for (;;) 15 | { 16 | struct passwd *pw ; 17 | errno = 0 ; 18 | pw = nsss_unix_getpwent() ; 19 | if (!pw) break ; 20 | lolprintf("%s:%s:%d:%d:%s:%s:%s\n", pw->pw_name, pw->pw_passwd, (int)pw->pw_uid, (int)pw->pw_gid, pw->pw_gecos, pw->pw_dir, pw->pw_shell) ; 21 | } 22 | if (errno) 23 | strerr_diefu1sys(111, "nsss_unix_getpwent") ; 24 | nsss_unix_endpwent() ; 25 | lolprintf("\n") ; 26 | 27 | { 28 | struct passwd *pw = nsss_unix_getpwnam("root") ; 29 | lolprintf("%u\n\n", (unsigned int)pw->pw_uid) ; 30 | } 31 | 32 | for (;;) 33 | { 34 | struct group *gr ; 35 | char **p ; 36 | errno = 0 ; 37 | gr = nsss_unix_getgrent() ; 38 | if (!gr) break ; 39 | p = gr->gr_mem ; 40 | lolprintf("%s:%s:%d:", gr->gr_name, gr->gr_passwd, (int)gr->gr_gid) ; 41 | if (*p) 42 | { 43 | while (*p) lolprintf("%s,", *p++) ; 44 | buffer_unput(buffer_1, 1) ; 45 | } 46 | buffer_put(buffer_1, "\n", 1) ; 47 | } 48 | if (errno) 49 | strerr_diefu1sys(111, "nsss_unix_getgrent") ; 50 | nsss_unix_endgrent() ; 51 | buffer_flush(buffer_1) ; 52 | return 0 ; 53 | } 54 | -------------------------------------------------------------------------------- /src/tests/test-all-fallback.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | int main (void) 12 | { 13 | PROG = "test-all-fallback" ; 14 | for (;;) 15 | { 16 | struct passwd *pw ; 17 | errno = 0 ; 18 | pw = nsss_all_getpwent() ; 19 | if (!pw) break ; 20 | lolprintf("%s:%s:%d:%d:%s:%s:%s\n", pw->pw_name, pw->pw_passwd, (int)pw->pw_uid, (int)pw->pw_gid, pw->pw_gecos, pw->pw_dir, pw->pw_shell) ; 21 | } 22 | if (errno) 23 | strerr_diefu1sys(111, "nsss_all_getpwent") ; 24 | nsss_all_endpwent() ; 25 | lolprintf("\n") ; 26 | 27 | { 28 | struct passwd *pw = nsss_all_getpwnam("root") ; 29 | lolprintf("%u\n\n", (unsigned int)pw->pw_uid) ; 30 | } 31 | 32 | for (;;) 33 | { 34 | struct group *gr ; 35 | char **p ; 36 | errno = 0 ; 37 | gr = nsss_all_getgrent() ; 38 | if (!gr) break ; 39 | p = gr->gr_mem ; 40 | lolprintf("%s:%s:%d:", gr->gr_name, gr->gr_passwd, (int)gr->gr_gid) ; 41 | if (*p) 42 | { 43 | while (*p) lolprintf("%s,", *p++) ; 44 | buffer_unput(buffer_1, 1) ; 45 | } 46 | buffer_put(buffer_1, "\n", 1) ; 47 | } 48 | if (errno) 49 | strerr_diefu1sys(111, "nsss_all_getgrent") ; 50 | nsss_all_endgrent() ; 51 | buffer_flush(buffer_1) ; 52 | return 0 ; 53 | } 54 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getgrent_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | #include 11 | #include 12 | #include "nsss-internal.h" 13 | #include "nsss-switch-internal.h" 14 | 15 | int nsss_switch_getgrent_r (struct group *gr, char *buf, size_t buflen, struct group **grp) 16 | { 17 | struct group gr2 ; 18 | stralloc sa = STRALLOC_ZERO ; 19 | genalloc ga = GENALLOC_ZERO ; 20 | int e = pthread_mutex_lock(&nsss_switch_enumerator_mutex) ; 21 | if (e) return e ; 22 | if (!nsss_switch_start(&nsss_switch_enumerator, NSSS_SWITCH_GRP, NSSS_NSSSD_PATH, 0, 0)) return errno ; 23 | e = errno ; 24 | errno = 0 ; 25 | if (!nsss_switch_grp_get(&nsss_switch_enumerator, &gr2, &sa, &ga, 0, 0)) 26 | { 27 | *grp = 0 ; 28 | if (!errno) errno = ENOENT ; 29 | goto err ; 30 | } 31 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 32 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 33 | { 34 | genalloc_free(char *, &ga) ; 35 | stralloc_free(&sa) ; 36 | *grp = 0 ; 37 | return errno ; 38 | } 39 | genalloc_free(char *, &ga) ; 40 | stralloc_free(&sa) ; 41 | *grp = gr ; 42 | return (errno = e, 0) ; 43 | 44 | err: 45 | pthread_mutex_unlock(&nsss_switch_enumerator_mutex) ; 46 | return errno ; 47 | } 48 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getgrgid_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | #include 11 | #include 12 | #include "nsss-internal.h" 13 | #include "nsss-switch-internal.h" 14 | 15 | int nsss_switch_getgrgid_r (gid_t gid, struct group *gr, char *buf, size_t buflen, struct group **grp) 16 | { 17 | struct group gr2 ; 18 | stralloc sa = STRALLOC_ZERO ; 19 | genalloc ga = GENALLOC_ZERO ; 20 | int e = pthread_mutex_lock(&nsss_switch_query_mutex) ; 21 | if (e) return e ; 22 | e = errno ; 23 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_GRP, 30000, 0, 0)) 24 | { 25 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 26 | return errno ; 27 | } 28 | errno = 0 ; 29 | if (!nsss_switch_grp_getbygid(&nsss_switch_query, &gr2, &sa, &ga, gid, 0, 0)) 30 | { 31 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 32 | *grp = 0 ; 33 | return errno ? errno : (errno = e, 0) ; 34 | } 35 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 36 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 37 | { 38 | genalloc_free(char *, &ga) ; 39 | stralloc_free(&sa) ; 40 | *grp = 0 ; 41 | return errno ; 42 | } 43 | genalloc_free(char *, &ga) ; 44 | stralloc_free(&sa) ; 45 | *grp = gr ; 46 | return (errno = e, 0) ; 47 | } 48 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_getgrnam_r.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | #include 11 | #include 12 | #include "nsss-internal.h" 13 | #include "nsss-switch-internal.h" 14 | 15 | int nsss_switch_getgrnam_r (char const *name, struct group *gr, char *buf, size_t buflen, struct group **grp) 16 | { 17 | struct group gr2 ; 18 | stralloc sa = STRALLOC_ZERO ; 19 | genalloc ga = GENALLOC_ZERO ; 20 | int e = pthread_mutex_lock(&nsss_switch_query_mutex) ; 21 | if (e) return (errno = e, 0) ; 22 | e = errno ; 23 | if (!nsss_switch_query_start(NSSS_NSSSD_PATH, NSSS_SWITCH_GRP, 30000, 0, 0)) 24 | { 25 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 26 | return errno ; 27 | } 28 | errno = 0 ; 29 | if (!nsss_switch_grp_getbyname(&nsss_switch_query, &gr2, &sa, &ga, name, 0, 0)) 30 | { 31 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 32 | *grp = 0 ; 33 | return errno ? errno : (errno = e, 0) ; 34 | } 35 | pthread_mutex_unlock(&nsss_switch_query_mutex) ; 36 | if (!nsss_grp_copy(gr, buf, buflen, &gr2, sa.s, sa.len, genalloc_s(char *, &ga), genalloc_len(char *, &ga))) 37 | { 38 | genalloc_free(char *, &ga) ; 39 | stralloc_free(&sa) ; 40 | *grp = 0 ; 41 | return errno ; 42 | } 43 | genalloc_free(char *, &ga) ; 44 | stralloc_free(&sa) ; 45 | *grp = gr ; 46 | return (errno = e, 0) ; 47 | } 48 | -------------------------------------------------------------------------------- /DCO: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 1 Letterman Drive 6 | Suite D4700 7 | San Francisco, CA, 94129 8 | 9 | Everyone is permitted to copy and distribute verbatim copies of this 10 | license document, but changing it is not allowed. 11 | 12 | 13 | Developer's Certificate of Origin 1.1 14 | 15 | By making a contribution to this project, I certify that: 16 | 17 | (a) The contribution was created in whole or in part by me and I 18 | have the right to submit it under the open source license 19 | indicated in the file; or 20 | 21 | (b) The contribution is based upon previous work that, to the best 22 | of my knowledge, is covered under an appropriate open source 23 | license and I have the right under that license to submit that 24 | work with modifications, whether created in whole or in part 25 | by me, under the same open source license (unless I am 26 | permitted to submit under a different license), as indicated 27 | in the file; or 28 | 29 | (c) The contribution was provided directly to me by some other 30 | person who certified (a), (b) or (c) and I have not modified 31 | it. 32 | 33 | (d) I understand and agree that this project and the contribution 34 | are public and that a record of the contribution (including all 35 | personal information I submit with it, including my sign-off) is 36 | maintained indefinitely and may be redistributed consistent with 37 | this project or the open source license(s) involved. 38 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | Changelog for nsss. 2 | 3 | In 0.2.1.1 4 | ---------- 5 | 6 | - Bugfixes. 7 | - MacOS .dylib support. 8 | 9 | 10 | In 0.2.1.0 11 | ---------- 12 | 13 | - Bugfixes. 14 | - pkg-config support. 15 | 16 | 17 | In 0.2.0.5 18 | ---------- 19 | 20 | - Bugfixes. 21 | - Install static libs in /usr/lib by default. 22 | 23 | 24 | In 0.2.0.4 25 | ---------- 26 | 27 | - Adaptation to skalibs-2.14.0.0. 28 | 29 | 30 | In 0.2.0.3 31 | ---------- 32 | 33 | - Bugfixes. 34 | 35 | 36 | In 0.2.0.2 37 | ---------- 38 | 39 | - Adaptation to skalibs-2.13.0.0. 40 | 41 | 42 | In 0.2.0.1 43 | ---------- 44 | 45 | - Bugfixes. 46 | 47 | 48 | In 0.2.0.0 49 | ---------- 50 | 51 | - Adaptation to skalibs-2.11.0.0. 52 | - nsss wire protocol slightly modified. 53 | - New binary: nsssd-switch. 54 | 55 | 56 | In 0.1.0.1 57 | ---------- 58 | 59 | - Bugfixes. 60 | 61 | 62 | In 0.1.0.0 63 | ---------- 64 | 65 | - Bugfixes. 66 | - pwd.h, grp.h and shadow.h are not installed by default anymore. 67 | You now need to explicitly give the --enable-libc-includes 68 | configure option. 69 | 70 | 71 | In 0.0.2.2 72 | ---------- 73 | 74 | - Bugfixes. 75 | 76 | 77 | In 0.0.2 1 78 | ---------- 79 | 80 | - Bugfixes. 81 | 82 | 83 | In 0.0.2.0 84 | ---------- 85 | 86 | - Adaptation to skalibs-2.9.0.0. 87 | - getgrouplist() support. 88 | 89 | 90 | In 0.0.1.2 91 | ---------- 92 | 93 | - Bugfixes. 94 | 95 | 96 | In 0.0.1.1 97 | ---------- 98 | 99 | - Bugfixes. 100 | - Everything builds as PIC by default. 101 | 102 | 103 | In 0.0.1.0 104 | ---------- 105 | 106 | - Initial release. 107 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_shadow_get.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "nsss-unix-internal.h" 9 | 10 | static int lscan (char const *s, long *l) 11 | { 12 | if (*s) return !!ulong0_scan(s, (unsigned long *)l) ; 13 | *l = -1 ; 14 | return 1 ; 15 | } 16 | 17 | static inline int shadow_parseline (struct spwd *sp, char *s, size_t max) 18 | { 19 | struct spwd sp2 ; 20 | char *p ; 21 | s[max-1] = 0 ; 22 | if (!nsss_unix_field(&sp2.sp_namp, &s)) return 0 ; 23 | if (!nsss_unix_field(&sp2.sp_pwdp, &s)) return 0 ; 24 | if (!nsss_unix_field(&p, &s)) return 0 ; 25 | if (!lscan(p, &sp2.sp_lstchg)) return 0 ; 26 | if (!nsss_unix_field(&p, &s)) return 0 ; 27 | if (!lscan(p, &sp2.sp_min)) return 0 ; 28 | if (!nsss_unix_field(&p, &s)) return 0 ; 29 | if (!lscan(p, &sp2.sp_max)) return 0 ; 30 | if (!nsss_unix_field(&p, &s)) return 0 ; 31 | if (!lscan(p, &sp2.sp_warn)) return 0 ; 32 | if (!nsss_unix_field(&p, &s)) return 0 ; 33 | if (!lscan(p, &sp2.sp_inact)) return 0 ; 34 | if (!nsss_unix_field(&p, &s)) return 0 ; 35 | if (!lscan(p, &sp2.sp_expire)) return 0 ; 36 | if (!nsss_unix_field(&p, &s)) return 0 ; 37 | if (!lscan(p, (long *)&sp2.sp_flag)) return 0 ; 38 | *sp = sp2 ; 39 | return 1 ; 40 | } 41 | 42 | int nsss_unix_shadow_get (nsss_unix_t *a, struct spwd *sp, stralloc *sa) 43 | { 44 | int cs ; 45 | pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs) ; 46 | for (;;) 47 | { 48 | size_t base = sa->len ; 49 | if (skagetln_loose(&a->b, sa, '\n') <= 0) goto err ; 50 | if (shadow_parseline(sp, sa->s + base, sa->len - base)) break ; 51 | sa->len = base ; 52 | } 53 | pthread_setcancelstate(cs, 0) ; 54 | return 1 ; 55 | 56 | err: 57 | pthread_setcancelstate(cs, 0) ; 58 | return 0 ; 59 | } 60 | -------------------------------------------------------------------------------- /src/libnsss/nsss_unix_grp_get.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "nsss-unix-internal.h" 11 | 12 | static inline char **grp_parsemem (char *s, genalloc *ga) 13 | { 14 | char **grmem ; 15 | char **p ; 16 | size_t n = 0 ; 17 | for (char *t = s ; *t ; t++) if (*t == ',') { n++ ; *t = 0 ; } ; 18 | if (*s) n++ ; 19 | if (!genalloc_readyplus(char *, ga, n+1)) return 0 ; 20 | p = genalloc_s(char *, ga) + genalloc_len(char *, ga) ; 21 | grmem = p ; 22 | for (size_t i = 0 ; i < n ; i++) { *p++ = s ; s += strlen(s) + 1 ; } 23 | *p++ = 0 ; 24 | genalloc_setlen(char *, ga, genalloc_len(char *, ga) + n+1) ; 25 | return grmem ; 26 | } 27 | 28 | static inline int grp_parseline (struct group *gr, char *s, size_t max, genalloc *ga) 29 | { 30 | struct group gr2 ; 31 | char *p ; 32 | s[max-1] = 0 ; 33 | if (!nsss_unix_field(&gr2.gr_name, &s)) return 0 ; 34 | if (!nsss_unix_field(&gr2.gr_passwd, &s)) return 0 ; 35 | if (!nsss_unix_field(&p, &s)) return 0 ; 36 | if (!gid0_scan(p, &gr2.gr_gid)) return 0 ; 37 | gr2.gr_mem = grp_parsemem(s, ga) ; 38 | if (!gr2.gr_mem) return 0 ; 39 | *gr = gr2 ; 40 | return 1 ; 41 | } 42 | 43 | int nsss_unix_grp_get (nsss_unix_t *a, struct group *gr, stralloc *sa, genalloc *ga) 44 | { 45 | int cs ; 46 | pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs) ; 47 | for (;;) 48 | { 49 | size_t sabase = sa->len ; 50 | size_t gabase = genalloc_len(char *, ga) ; 51 | if (skagetln_loose(&a->b, sa, '\n') <= 0) goto err ; 52 | if (grp_parseline(gr, sa->s + sabase, sa->len - sabase, ga)) break ; 53 | sa->len = sabase ; 54 | genalloc_setlen(char *, ga, gabase) ; 55 | } 56 | pthread_setcancelstate(cs, 0) ; 57 | return 1 ; 58 | 59 | err: 60 | pthread_setcancelstate(cs, 0) ; 61 | return 0 ; 62 | } 63 | -------------------------------------------------------------------------------- /src/include/nsss/pwd.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_PWD_H 4 | #define NSSS_PWD_H 5 | 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #endif 9 | 10 | #ifdef NSSS_DISABLE_SWITCH 11 | 12 | #include 13 | 14 | #define setpwent nsss_unix_setpwent 15 | #define getpwent nsss_unix_getpwent 16 | #define getpwent_r nsss_unix_getpwent_r 17 | #define endpwent nsss_unix_endpwent 18 | #define getpwuid nsss_unix_getpwuid 19 | #define getpwuid_r nsss_unix_getpwuid_r 20 | #define getpwnam nsss_unix_getpwnam 21 | #define getpwnam_r nsss_unix_getpwnam_r 22 | 23 | #else 24 | #ifdef NSSS_DISABLE_UNIX 25 | 26 | #include 27 | 28 | #define setpwent nsss_switch_setpwent 29 | #define getpwent nsss_switch_getpwent 30 | #define getpwent_r nsss_switch_getpwent_r 31 | #define endpwent nsss_switch_endpwent 32 | #define getpwuid nsss_switch_getpwuid 33 | #define getpwuid_r nsss_switch_getpwuid_r 34 | #define getpwnam nsss_switch_getpwnam 35 | #define getpwnam_r nsss_switch_getpwnam_r 36 | 37 | #else 38 | 39 | #include 40 | 41 | #define setpwent nsss_all_setpwent 42 | #define getpwent nsss_all_getpwent 43 | #define getpwent_r nsss_all_getpwent_r 44 | #define endpwent nsss_all_endpwent 45 | #define getpwuid nsss_all_getpwuid 46 | #define getpwuid_r nsss_all_getpwuid_r 47 | #define getpwnam nsss_all_getpwnam 48 | #define getpwnam_r nsss_all_getpwnam_r 49 | 50 | #endif 51 | #endif 52 | 53 | /* 54 | The following functions are not implemented by nsss. 55 | However, the libc may implement them, so we still need to 56 | declare them. Of course, we only declare functions that 57 | do not conflict with nsss operation. 58 | */ 59 | 60 | #ifdef _GNU_SOURCE 61 | #include 62 | extern struct passwd *fgetpwent (FILE *) ; 63 | extern int fgetpwent_r (FILE *, struct passwd *, char *, size_t, struct passwd **) ; 64 | extern int putpwent (struct passwd const *, FILE *) ; 65 | #endif 66 | 67 | #ifdef __cplusplus 68 | } 69 | #endif 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_pwd_read.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | #include 13 | #include "nsss-switch-internal.h" 14 | 15 | /* 16 | Expects: 17 | 4 bytes pw_uid 18 | 4 bytes pw_gid 19 | 4 bytes total length of strings (including \0's) 20 | \0-terminated pw_name 21 | \0-terminated pw_passwd 22 | \0-terminated pw_gecos 23 | \0-terminated pw_dir 24 | \0-terminated pw_shell 25 | */ 26 | 27 | int nsss_switch_pwd_read (buffer *b, struct passwd *pw, stralloc *sa, tain const *deadline, tain *stamp) 28 | { 29 | struct passwd pwtmp ; 30 | uint32_t total, len, x ; 31 | char *p ; 32 | char buf[12] ; 33 | if (!buffer_timed_get(b, buf, 12, deadline, stamp)) return 0 ; 34 | uint32_unpack_big(buf, &x) ; pwtmp.pw_uid = x ; 35 | uint32_unpack_big(buf + 4, &x) ; pwtmp.pw_gid = x ; 36 | uint32_unpack_big(buf + 8, &total) ; 37 | if (!stralloc_readyplus(sa, total)) return 0 ; 38 | if (!buffer_timed_get(b, sa->s + sa->len, total, deadline, stamp)) return 0 ; 39 | if (sa->s[sa->len + total - 1]) return (errno = EPROTO, 0) ; 40 | p = sa->s + sa->len ; len = total ; 41 | pwtmp.pw_name = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 42 | if (!len) return (errno = EPROTO, 0) ; 43 | pwtmp.pw_passwd = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 44 | if (!len) return (errno = EPROTO, 0) ; 45 | pwtmp.pw_gecos = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 46 | if (!len) return (errno = EPROTO, 0) ; 47 | pwtmp.pw_dir = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 48 | if (!len) return (errno = EPROTO, 0) ; 49 | pwtmp.pw_shell = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 50 | if (len) return (errno = EPROTO, 0) ; 51 | sa->len += total ; 52 | *pw = pwtmp ; 53 | return 1 ; 54 | } 55 | -------------------------------------------------------------------------------- /src/include/nsss/shadow.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_SHADOW_H 4 | #define NSSS_SHADOW_H 5 | 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #endif 9 | 10 | #ifdef NSSS_DISABLE_SWITCH 11 | 12 | #include 13 | 14 | #define setspent nsss_unix_setspent 15 | #define getspent nsss_unix_getspent 16 | #define getspent_r nsss_unix_getspent_r 17 | #define endspent nsss_unix_endspent 18 | #define getspnam nsss_unix_getspnam 19 | #define getspnam_r nsss_unix_getspnam_r 20 | 21 | #else 22 | #ifdef NSSS_DISABLE_UNIX 23 | 24 | #include 25 | 26 | #define setspent nsss_switch_setspent 27 | #define getspent nsss_switch_getspent 28 | #define getspent_r nsss_switch_getspent_r 29 | #define endspent nsss_switch_endspent 30 | #define getspnam nsss_switch_getspnam 31 | #define getspnam_r nsss_switch_getspnam_r 32 | 33 | #else 34 | 35 | #include 36 | 37 | #define setspent nsss_all_setspent 38 | #define getspent nsss_all_getspent 39 | #define getspent_r nsss_all_getspent_r 40 | #define endspent nsss_all_endspent 41 | #define getspnam nsss_all_getspnam 42 | #define getspnam_r nsss_all_getspnam_r 43 | 44 | #endif 45 | #endif 46 | 47 | /* 48 | The following functions are not implemented by nsss. 49 | However, the libc may implement them, so we still need to 50 | declare them. Of course, we only declare functions that 51 | do not conflict with nsss operation. 52 | */ 53 | 54 | #define SHADOW "/etc/shadow" 55 | 56 | #include 57 | 58 | extern struct spwd *fgetspent (FILE *) ; 59 | extern struct spwd *sgetspent (char const *) ; 60 | extern int putspent (struct spwd const *, FILE *) ; 61 | extern int lckpwdf (void) ; 62 | extern int ulckpwdf (void) ; 63 | 64 | #ifdef _DEFAULT_SOURCE 65 | extern int fgetspent_r(FILE *, struct spwd *, char *, size_t, struct spwd **) ; 66 | extern int sgetspent_r (char const *, struct spwd *, char *, size_t, struct spwd **) ; 67 | #endif 68 | 69 | #ifdef __cplusplus 70 | } 71 | #endif 72 | 73 | #endif 74 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_shadow_read.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | #include 14 | #include "nsss-switch-internal.h" 15 | 16 | /* 17 | Expects: 18 | 8 bytes sp_lstchg 19 | 8 bytes sp_min 20 | 8 bytes sp_max 21 | 8 bytes sp_warn 22 | 8 bytes sp_inact 23 | 8 bytes sp_expire 24 | 8 bytes sp_flag 25 | 4 bytes total length of strings (including \0's) 26 | \0-terminated sp_namp 27 | \0-terminated sp_pwdp 28 | */ 29 | 30 | int nsss_switch_shadow_read (buffer *b, struct spwd *sp, stralloc *sa, tain const *deadline, tain *stamp) 31 | { 32 | struct spwd sptmp ; 33 | uint64_t x ; 34 | uint32_t total, len ; 35 | char *p ; 36 | char buf[60] ; 37 | if (!buffer_timed_get(b, buf, 60, deadline, stamp)) return 0 ; 38 | uint64_unpack_big(buf, &x) ; sptmp.sp_lstchg = x ; 39 | uint64_unpack_big(buf + 8, &x) ; sptmp.sp_min = x ; 40 | uint64_unpack_big(buf + 16, &x) ; sptmp.sp_max = x ; 41 | uint64_unpack_big(buf + 24, &x) ; sptmp.sp_warn = x ; 42 | uint64_unpack_big(buf + 32, &x) ; sptmp.sp_inact = x ; 43 | uint64_unpack_big(buf + 40, &x) ; sptmp.sp_expire = x ; 44 | uint64_unpack_big(buf + 48, &x) ; sptmp.sp_flag = x ; 45 | uint32_unpack_big(buf + 56, &total) ; 46 | if (!stralloc_readyplus(sa, total)) return 0 ; 47 | if (!buffer_timed_get(b, sa->s + sa->len, total, deadline, stamp)) return 0 ; 48 | if (sa->s[sa->len + total - 1]) return (errno = EPROTO, 0) ; 49 | p = sa->s + sa->len ; len = total ; 50 | sptmp.sp_namp = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 51 | if (!len) return (errno = EPROTO, 0) ; 52 | sptmp.sp_pwdp = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 53 | if (len) return (errno = EPROTO, 0) ; 54 | sa->len += total ; 55 | *sp = sptmp ; 56 | return 1 ; 57 | } 58 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_grp_read.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | #include 15 | #include "nsss-switch-internal.h" 16 | 17 | /* 18 | Expects: 19 | 4 bytes gr_gid 20 | 4 bytes total length of strings (including \0's) 21 | 4 bytes number of strings in gr_mem (n) 22 | \0-terminated gr_name 23 | \0-terminated gr_passwd 24 | sequence of n \0-terminated elements in gr_mem 25 | */ 26 | 27 | int nsss_switch_grp_read (buffer *b, struct group *gr, stralloc *sa, genalloc *ga, tain const *deadline, tain *stamp) 28 | { 29 | struct group grtmp ; 30 | uint32_t total, len, n, x ; 31 | char **q ; 32 | char *p ; 33 | char buf[12] ; 34 | if (!buffer_timed_get(b, buf, 12, deadline, stamp)) return 0 ; 35 | uint32_unpack_big(buf, &x) ; grtmp.gr_gid = x ; 36 | uint32_unpack_big(buf + 4, &total) ; 37 | uint32_unpack_big(buf + 8, &n) ; 38 | if (total < 2 || n >= 0x30000000u) return (errno = EPROTO, 0) ; 39 | if (!stralloc_readyplus(sa, total)) return 0 ; 40 | if (!genalloc_readyplus(char *, ga, n+1)) return 0 ; 41 | if (!buffer_timed_get(b, sa->s + sa->len, total, deadline, stamp)) return 0 ; 42 | if (sa->s[sa->len + total - 1]) return (errno = EPROTO, 0) ; 43 | p = sa->s + sa->len ; len = total ; 44 | q = genalloc_s(char *, ga) + genalloc_len(char *, ga) ; 45 | grtmp.gr_mem = q ; 46 | grtmp.gr_name = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 47 | if (!len) return (errno = EPROTO, 0) ; 48 | grtmp.gr_passwd = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 49 | for (uint32_t i = 0 ; i < n ; i++) 50 | { 51 | if (!len) return (errno = EPROTO, 0) ; 52 | q[i] = p ; x = strnlen(p, len) + 1 ; p += x ; len -= x ; 53 | } 54 | if (len) return (errno = EPROTO, 0) ; 55 | q[n] = 0 ; 56 | sa->len += total ; 57 | genalloc_setlen(char *, ga, genalloc_len(char *, ga) + n + 1) ; 58 | *gr = grtmp ; 59 | return 1 ; 60 | } 61 | -------------------------------------------------------------------------------- /src/libnsss/nsss_switch_grp_getlist.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include 16 | #include "nsss-switch-internal.h" 17 | 18 | /* 19 | Expects: 20 | 8 bytes: n 21 | 8 bytes: r 22 | min(n, r) * sizeof(gid_t) bytes: the list of gids 23 | */ 24 | 25 | static int nsss_switch_grouplist_read (buffer *b, size_t n, size_t *r, gid_t *gids, stralloc *sa, tain const *deadline, tain *stamp) 26 | { 27 | size_t rr ; 28 | uint64_t res ; 29 | char buf[8] ; 30 | if (!buffer_timed_get(b, buf, 8, deadline, stamp)) return 0 ; 31 | uint64_unpack_big(buf, &res) ; 32 | if (res != n) return (errno = EPROTO, 0) ; 33 | if (!buffer_timed_get(b, buf, 8, deadline, stamp)) return 0 ; 34 | uint64_unpack_big(buf, &res) ; 35 | rr = res ; 36 | if (res > n) res = n ; 37 | if (res) 38 | { 39 | int sawasnull = !sa->s ; 40 | size_t sabase = sa->len ; 41 | if (!stralloc_readyplus(sa, res * sizeof(gid_t))) return 0 ; 42 | if (!buffer_timed_get(b, sa->s + sabase, res * sizeof(gid_t), deadline, stamp)) 43 | { 44 | if (sawasnull) stralloc_free(sa) ; else sa->len = sabase ; 45 | return 0 ; 46 | } 47 | for (size_t i = 0 ; i < res ; i++) 48 | gid_unpack_big(sa->s + sabase + i * sizeof(gid_t), gids + i) ; 49 | if (sawasnull) stralloc_free(sa) ; else sa->len = sabase ; 50 | } 51 | *r = rr ; 52 | return 1 ; 53 | } 54 | 55 | int nsss_switch_grp_getlist (nsss_switch_t *a, char const *user, gid_t *gids, size_t n, size_t *r, stralloc *sa, tain const *deadline, tain *stamp) 56 | { 57 | char buf[13] = { NSSS_SWITCH_GRP_GETLIST } ; 58 | size_t len = strlen(user) ; 59 | struct iovec v[2] = { { .iov_base = buf, .iov_len = 13 }, { .iov_base = (char *)user, .iov_len = len + 1 } } ; 60 | if (len > NSSS_SWITCH_NAME_MAXLEN - 1) return (errno = EINVAL, 0) ; 61 | uint64_pack_big(buf + 1, n) ; 62 | uint32_pack_big(buf + 9, len + 1) ; 63 | if (!nsss_switch_sendv(a, v, 2, deadline, stamp)) return 0 ; 64 | if (!buffer_timed_get(&a->b, &buf[0], 1, deadline, stamp)) return 0 ; 65 | if (buf[0]) return (errno = (unsigned char)buf[0], 0) ; 66 | return nsss_switch_grouplist_read(&a->b, n, r, gids, sa, deadline, stamp) ; 67 | } 68 | -------------------------------------------------------------------------------- /tools/gen-dotpc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | isunique () { 4 | x=$1 5 | set -- $2 6 | while test "$#" -gt 0 ; do 7 | if test "$x" = "$1" ; then 8 | return 1 9 | fi 10 | shift 11 | done 12 | return 0 13 | } 14 | 15 | uniqit () { 16 | res= 17 | while test "$#" -gt 0 ; do 18 | if isunique "$1" "$res" ; then 19 | res="${res}${res:+ }${1}" 20 | fi 21 | shift 22 | done 23 | printf %s\\n "$res" 24 | } 25 | 26 | filterout () { 27 | res= 28 | filter="$1" 29 | shift 30 | while test "$#" -gt 0 ; do 31 | if isunique "$1" "$filter" ; then 32 | res="${res}${res:+ }${1}" 33 | fi 34 | shift 35 | done 36 | printf %s\\n "$res" 37 | } 38 | 39 | print_requires () { 40 | line= 41 | oldifs="$IFS" 42 | while IFS=" " read condvar usedinlibs pkg ver libs ; do 43 | IFS="$oldifs" 44 | for h ; do 45 | i=lib${h##-l} 46 | for j in $libs ; do 47 | if test "$i" = "$j" ; then 48 | line="${line}${line:+, }${i} >= ${ver}" 49 | fi 50 | done 51 | done 52 | done < package/deps-build 53 | IFS="$oldifs" 54 | echo "Requires: $line" 55 | } 56 | 57 | . package/info 58 | 59 | ilist= 60 | dlist= 61 | slist= 62 | 63 | if test "${includedir}" != /usr/include ; then 64 | ilist="-I${includedir}" 65 | fi 66 | if test -n "${extra_includedirs}" ; then 67 | ilist="${ilist}${ilist:+ }${extra_includedirs}" 68 | fi 69 | ilist=`uniqit ${ilist}` 70 | 71 | if test "${dynlibdir}" != /usr/lib && test "${dynlibdir}" != /lib ; then 72 | dlist="-L${dynlibdir}" 73 | fi 74 | 75 | if test "${libdir}" != /usr/lib && test "${libdir}" != /lib ; then 76 | slist="-L${libdir}" 77 | fi 78 | if test -n "${extra_libdirs}" ; then 79 | slist="${slist}${slist:+ }${extra_libdirs}" 80 | fi 81 | slist="$(filterout "${dlist}" $(uniqit ${slist}))" 82 | 83 | echo "prefix=${prefix}" 84 | echo "includedir=${includedir}" 85 | echo "libdir=${libdir}" 86 | echo "dynlibdir=${dynlibdir}" 87 | echo 88 | echo "Name: lib${library}" 89 | echo "Version: ${version}" 90 | echo "Description: ${description:-The ${library} library.}" 91 | echo "URL: ${url:-https://skarnet.org/software/${package}/}" 92 | if test -n "${extra_libs}" ; then 93 | print_requires ${extra_libs} 94 | fi 95 | if test -n "$ilist" ; then 96 | echo "Cflags: ${ilist}" 97 | fi 98 | echo "Libs: ${dlist}${dlist:+ }-l${library}${ldlibs:+ }${ldlibs}" 99 | if test -n "${extra_libs}" ; then 100 | echo "Libs.private: ${slist}${slist:+ }${extra_libs}" 101 | fi 102 | -------------------------------------------------------------------------------- /src/include/nsss/nsss-unix.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_UNIX_H 4 | #define NSSS_UNIX_H 5 | 6 | #include 7 | 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #define NSSS_UNIX_BUFSIZE 4096 16 | 17 | typedef struct nsss_unix_s nsss_unix_t, *nsss_unix_t_ref ; 18 | struct nsss_unix_s 19 | { 20 | buffer b ; 21 | char buf[NSSS_UNIX_BUFSIZE] ; 22 | } ; 23 | #define NSSS_UNIX_ZERO { .b = BUFFER_ZERO } 24 | 25 | extern int nsss_unix_start (nsss_unix_t *, char const *) ; 26 | extern int nsss_unix_maybe_start (nsss_unix_t *, char const *) ; 27 | extern void nsss_unix_end (nsss_unix_t *) ; 28 | extern int nsss_unix_rewind (nsss_unix_t *) ; 29 | 30 | 31 | /* Password */ 32 | 33 | #define nsss_unix_pwd_start(a) nsss_unix_start(a, "/etc/passwd") 34 | #define nsss_unix_pwd_maybe_start(a) nsss_unix_maybe_start(a, "/etc/passwd") 35 | #define nsss_unix_pwd_end(a) nsss_unix_end(a) 36 | #define nsss_unix_pwd_rewind(a) nsss_unix_rewind(a) 37 | extern int nsss_unix_pwd_get (nsss_unix_t *, struct passwd *, stralloc *) ; 38 | extern int nsss_unix_pwd_getbyname (nsss_unix_t *, struct passwd *, stralloc *, char const *) ; 39 | extern int nsss_unix_pwd_getbyuid (nsss_unix_t *, struct passwd *, stralloc *, uid_t) ; 40 | 41 | 42 | /* Group */ 43 | 44 | #define nsss_unix_grp_start(a) nsss_unix_start(a, "/etc/group") 45 | #define nsss_unix_grp_maybe_start(a) nsss_unix_maybe_start(a, "/etc/group") 46 | #define nsss_unix_grp_end(a) nsss_unix_end(a) 47 | #define nsss_unix_grp_rewind(a) nsss_unix_rewind(a) 48 | extern int nsss_unix_grp_get (nsss_unix_t *, struct group *, stralloc *, genalloc *) ; 49 | extern int nsss_unix_grp_getbyname (nsss_unix_t *, struct group *, stralloc *, genalloc *, char const *) ; 50 | extern int nsss_unix_grp_getbygid (nsss_unix_t *, struct group *, stralloc *, genalloc *, gid_t) ; 51 | extern int nsss_unix_grp_getlist (nsss_unix_t *, char const *, gid_t *, size_t, size_t *, stralloc *, genalloc *) ; 52 | 53 | 54 | /* Shadow */ 55 | 56 | #define nsss_unix_shadow_start(a) nsss_unix_start(a, "/etc/shadow") 57 | #define nsss_unix_shadow_maybe_start(a) nsss_unix_maybe_start(a, "/etc/shadow") 58 | #define nsss_unix_shadow_end(a) nsss_unix_end(a) 59 | #define nsss_unix_shadow_rewind(a) nsss_unix_rewind(a) 60 | extern int nsss_unix_shadow_get (nsss_unix_t *, struct spwd *, stralloc *) ; 61 | extern int nsss_unix_shadow_getbyname (nsss_unix_t *, struct spwd *, stralloc *, char const *) ; 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /src/tests/test-switch.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | #define S "./.test-switch-socket" 15 | 16 | int main (void) 17 | { 18 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 19 | stralloc sa = STRALLOC_ZERO ; 20 | genalloc ga = GENALLOC_ZERO ; 21 | tain deadline ; 22 | PROG = "test-switch" ; 23 | tain_now_set_stopwatch_g() ; 24 | tain_from_millisecs(&deadline, 10000) ; 25 | tain_add_g(&deadline, &deadline) ; 26 | 27 | if (!nsss_switch_start_g(&a, NSSS_SWITCH_PWD, S, &deadline)) 28 | strerr_diefu1sys(111, "nsss_switch_start") ; 29 | 30 | for (;;) 31 | { 32 | struct passwd pw ; 33 | errno = 0 ; 34 | if (!nsss_switch_pwd_get_g(&a, &pw, &sa, &deadline)) break ; 35 | lolprintf("%s:%s:%d:%d:%s:%s:%s\n", pw.pw_name, pw.pw_passwd, (int)pw.pw_uid, (int)pw.pw_gid, pw.pw_gecos, pw.pw_dir, pw.pw_shell) ; 36 | sa.len = 0 ; 37 | } 38 | if (errno) 39 | strerr_diefu1sys(111, "nsss_switch_pwd_get") ; 40 | if (!nsss_switch_pwd_end_g(&a, &deadline)) 41 | strerr_diefu1sys(111, "nsss_switch_pwd_end") ; 42 | lolprintf("\n") ; 43 | 44 | { 45 | struct passwd pw ; 46 | if (!nsss_switch_pwd_getbyname_g(&a, &pw, &sa, "root", &deadline)) 47 | strerr_diefu1sys(111, "nsss_switch_pwd_getbyname") ; 48 | lolprintf("%u\n\n", (unsigned int)pw.pw_uid) ; 49 | sa.len = 0 ; 50 | } 51 | 52 | if (!nsss_switch_start_g(&a, NSSS_SWITCH_GRP, S, &deadline)) 53 | strerr_diefu1sys(111, "nsss_switch_start") ; 54 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 55 | buffer_flush(buffer_1) ; 56 | 57 | for (;;) 58 | { 59 | struct group gr ; 60 | char **p ; 61 | errno = 0 ; 62 | if (!nsss_switch_grp_get_g(&a, &gr, &sa, &ga, &deadline)) break ; 63 | p = gr.gr_mem ; 64 | lolprintf("%s:%s:%d:", gr.gr_name, gr.gr_passwd, (int)gr.gr_gid) ; 65 | buffer_flush(buffer_1) ; 66 | if (*p) 67 | { 68 | while (*p) lolprintf("%s,", *p++) ; 69 | buffer_unput(buffer_1, 1) ; 70 | } 71 | buffer_put(buffer_1, "\n", 1) ; 72 | sa.len = 0 ; 73 | genalloc_setlen(char *, &ga, 0) ; 74 | } 75 | if (errno) 76 | strerr_diefu1sys(111, "nsss_switch_grp_get") ; 77 | if (!nsss_switch_grp_end_g(&a, &deadline)) 78 | strerr_diefu1sys(111, "nsss_switch_grp_end") ; 79 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 80 | 81 | buffer_flush(buffer_1) ; 82 | return 0 ; 83 | } 84 | -------------------------------------------------------------------------------- /src/tests/test-nsssd-switch.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | #define S "./.test-nsssd-switch-socket" 15 | 16 | int main (void) 17 | { 18 | nsss_switch_t a = NSSS_SWITCH_ZERO ; 19 | stralloc sa = STRALLOC_ZERO ; 20 | genalloc ga = GENALLOC_ZERO ; 21 | tain deadline ; 22 | PROG = "test-nsssd-switch" ; 23 | tain_now_set_stopwatch_g() ; 24 | tain_from_millisecs(&deadline, 10000) ; 25 | tain_add_g(&deadline, &deadline) ; 26 | 27 | if (!nsss_switch_start_g(&a, NSSS_SWITCH_PWD, S, &deadline)) 28 | strerr_diefu1sys(111, "nsss_switch_start") ; 29 | 30 | for (;;) 31 | { 32 | struct passwd pw ; 33 | errno = 0 ; 34 | if (!nsss_switch_pwd_get_g(&a, &pw, &sa, &deadline)) break ; 35 | lolprintf("%s:%s:%d:%d:%s:%s:%s\n", pw.pw_name, pw.pw_passwd, (int)pw.pw_uid, (int)pw.pw_gid, pw.pw_gecos, pw.pw_dir, pw.pw_shell) ; 36 | sa.len = 0 ; 37 | } 38 | if (errno) 39 | strerr_diefu1sys(111, "nsss_switch_pwd_get") ; 40 | if (!nsss_switch_pwd_end_g(&a, &deadline)) 41 | strerr_diefu1sys(111, "nsss_switch_pwd_end") ; 42 | lolprintf("\n") ; 43 | 44 | { 45 | struct passwd pw ; 46 | if (!nsss_switch_pwd_getbyname_g(&a, &pw, &sa, "root", &deadline)) 47 | strerr_diefu1sys(111, "nsss_switch_pwd_getbyname") ; 48 | lolprintf("%u\n\n", (unsigned int)pw.pw_uid) ; 49 | sa.len = 0 ; 50 | } 51 | 52 | if (!nsss_switch_start_g(&a, NSSS_SWITCH_GRP, S, &deadline)) 53 | strerr_diefu1sys(111, "nsss_switch_start") ; 54 | nsss_switch_end(&a, NSSS_SWITCH_PWD) ; 55 | buffer_flush(buffer_1) ; 56 | 57 | for (;;) 58 | { 59 | struct group gr ; 60 | char **p ; 61 | errno = 0 ; 62 | if (!nsss_switch_grp_get_g(&a, &gr, &sa, &ga, &deadline)) break ; 63 | p = gr.gr_mem ; 64 | lolprintf("%s:%s:%d:", gr.gr_name, gr.gr_passwd, (int)gr.gr_gid) ; 65 | buffer_flush(buffer_1) ; 66 | if (*p) 67 | { 68 | while (*p) lolprintf("%s,", *p++) ; 69 | buffer_unput(buffer_1, 1) ; 70 | } 71 | buffer_put(buffer_1, "\n", 1) ; 72 | sa.len = 0 ; 73 | genalloc_setlen(char *, &ga, 0) ; 74 | } 75 | if (errno) 76 | strerr_diefu1sys(111, "nsss_switch_grp_get") ; 77 | if (!nsss_switch_grp_end_g(&a, &deadline)) 78 | strerr_diefu1sys(111, "nsss_switch_grp_end") ; 79 | nsss_switch_end(&a, NSSS_SWITCH_GRP) ; 80 | 81 | buffer_flush(buffer_1) ; 82 | return 0 ; 83 | } 84 | -------------------------------------------------------------------------------- /src/include/nsss/nsssd.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSSD_H 4 | #define NSSSD_H 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #define NSSSD_EOF 255 12 | 13 | typedef struct nsssd_passwd_s nsssd_passwd_t, *nsssd_passwd_t_ref ; 14 | struct nsssd_passwd_s 15 | { 16 | size_t pw_name ; 17 | size_t pw_passwd ; 18 | uid_t pw_uid ; 19 | uid_t pw_gid ; 20 | size_t pw_gecos ; 21 | size_t pw_dir ; 22 | size_t pw_shell ; 23 | } ; 24 | 25 | typedef struct nsssd_group_s nsssd_group_t, *nsssd_group_t_ref ; 26 | struct nsssd_group_s 27 | { 28 | size_t gr_name ; 29 | size_t gr_passwd ; 30 | gid_t gr_gid ; 31 | size_t gr_mem ; 32 | size_t gr_mem_n ; 33 | } ; 34 | 35 | typedef struct nsssd_spwd_s nsssd_spwd_t, *nsssd_spwd_t_ref ; 36 | struct nsssd_spwd_s 37 | { 38 | size_t sp_namp ; 39 | size_t sp_pwdp ; 40 | long sp_lstchg ; 41 | long sp_min ; 42 | long sp_max ; 43 | long sp_warn ; 44 | long sp_inact ; 45 | long sp_expire ; 46 | unsigned long sp_flag ; 47 | } ; 48 | 49 | 50 | /* Functions provided by libnsssd */ 51 | 52 | extern int nsssd_main (char const *const *) ; 53 | extern void nsssd_passwd_convert (struct passwd *, nsssd_passwd_t const *, char const *) ; 54 | extern void nsssd_group_convert (struct group *, char **, nsssd_group_t const *, char const *, size_t const *) ; 55 | extern void nsssd_spwd_convert (struct spwd *, nsssd_spwd_t const *, char const *) ; 56 | 57 | 58 | /* Functions that must be provided by the backend */ 59 | 60 | extern void *nsssd_handle_init (void) ; 61 | extern int nsssd_handle_start (void *, char const *const *) ; 62 | extern void nsssd_handle_end (void *) ; 63 | 64 | extern int nsssd_pwd_start (void *) ; 65 | extern int nsssd_pwd_rewind (void *) ; 66 | extern int nsssd_pwd_get (void *, struct passwd *) ; 67 | extern int nsssd_pwd_getbyuid (void *, struct passwd *, uid_t) ; 68 | extern int nsssd_pwd_getbyname (void *, struct passwd *, char const *) ; 69 | extern void nsssd_pwd_end (void *) ; 70 | 71 | extern int nsssd_grp_start (void *) ; 72 | extern int nsssd_grp_rewind (void *) ; 73 | extern int nsssd_grp_get (void *, struct group *) ; 74 | extern int nsssd_grp_getbygid (void *, struct group *, gid_t) ; 75 | extern int nsssd_grp_getbyname (void *, struct group *, char const *) ; 76 | extern int nsssd_grp_getlist (void *, char const *, gid_t *, size_t, size_t *) ; 77 | extern void nsssd_grp_end (void *) ; 78 | 79 | extern int nsssd_shadow_start (void *) ; 80 | extern int nsssd_shadow_rewind (void *) ; 81 | extern int nsssd_shadow_get (void *, struct spwd *) ; 82 | extern int nsssd_shadow_getbyname (void *, struct spwd *, char const *) ; 83 | extern void nsssd_shadow_end (void *) ; 84 | 85 | #endif 86 | -------------------------------------------------------------------------------- /src/include/nsss/grp.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_GRP_H 4 | #define NSSS_GRP_H 5 | 6 | #ifdef __cplusplus 7 | extern "C" { 8 | #endif 9 | 10 | #ifdef NSSS_DISABLE_SWITCH 11 | 12 | #include 13 | 14 | #define setgrent nsss_unix_setgrent 15 | #define getgrent nsss_unix_getgrent 16 | #define getgrent_r nsss_unix_getgrent_r 17 | #define endgrent nsss_unix_endgrent 18 | #define getgrgid nsss_unix_getgrgid 19 | #define getgrgid_r nsss_unix_getgrgid_r 20 | #define getgrnam nsss_unix_getgrnam 21 | #define getgrnam_r nsss_unix_getgrnam_r 22 | 23 | #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) || defined(_DEFAULT_SOURCE) 24 | # define getgrouplist nsss_unix_getgrouplist 25 | #endif 26 | 27 | #else 28 | #ifdef NSSS_DISABLE_UNIX 29 | 30 | #include 31 | 32 | #define setgrent nsss_switch_setgrent 33 | #define getgrent nsss_switch_getgrent 34 | #define getgrent_r nsss_switch_getgrent_r 35 | #define endgrent nsss_switch_endgrent 36 | #define getgrgid nsss_switch_getgrgid 37 | #define getgrgid_r nsss_switch_getgrgid_r 38 | #define getgrnam nsss_switch_getgrnam 39 | #define getgrnam_r nsss_switch_getgrnam_r 40 | 41 | #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) || defined(_DEFAULT_SOURCE) 42 | # define getgrouplist nsss_switch_getgrouplist 43 | #endif 44 | 45 | #else 46 | 47 | #include 48 | 49 | #define setgrent nsss_all_setgrent 50 | #define getgrent nsss_all_getgrent 51 | #define getgrent_r nsss_all_getgrent_r 52 | #define endgrent nsss_all_endgrent 53 | #define getgrgid nsss_all_getgrgid 54 | #define getgrgid_r nsss_all_getgrgid_r 55 | #define getgrnam nsss_all_getgrnam 56 | #define getgrnam_r nsss_all_getgrnam_r 57 | 58 | #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) || defined(_DEFAULT_SOURCE) 59 | # define getgrouplist nsss_all_getgrouplist 60 | #endif 61 | 62 | #endif 63 | #endif 64 | 65 | /* 66 | The following functions are not implemented by nsss. 67 | However, the libc may implement them, so we still need to 68 | declare them. Of course, we only declare functions that 69 | do not conflict with nsss operation. 70 | */ 71 | 72 | #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) || defined(_DEFAULT_SOURCE) 73 | 74 | #include 75 | 76 | extern int initgroups (char const *, gid_t) ; 77 | 78 | /* guess who has a different definition of setgroups() from everyone else */ 79 | 80 | #if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__bsdi__) || defined(__DragonFly__) 81 | extern int setgroups (int, gid_t const *) ; 82 | #else 83 | extern int setgroups (size_t, gid_t const *) ; 84 | #endif 85 | 86 | #endif 87 | 88 | #ifdef _GNU_SOURCE 89 | #include 90 | extern struct group *fgetgrent (FILE *) ; 91 | extern int fgetgrent_r (FILE *, struct group *, char *, size_t, struct group **) ; 92 | extern int putgrent (struct group const *, FILE *) ; 93 | #endif 94 | 95 | #ifdef __cplusplus 96 | } 97 | #endif 98 | 99 | #endif 100 | -------------------------------------------------------------------------------- /doc/nsssd-unix.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | nsss: the nsssd-unix program 7 | 8 | 9 | 10 | 11 | 12 | 13 |

14 | nsss
15 | Software
16 | skarnet.org 17 |

18 | 19 |

The nsssd-unix program

20 | 21 |

22 | nsssd-unix is a daemon providing a backend for clients using the 23 | nsss library - more precisely, clients using 24 | the nsss-all or 25 | the nsss-switch functions. 26 |

27 | 28 |

29 | The nsssd-unix backend is a simple one. It simply fetches user/group/shadow 30 | information from the /etc/passwd, /etc/group and 31 | /etc/shadow files. The same information can be directly obtained 32 | by a client if it uses the nsss-unix 33 | functions, without the overhead of going through an independent process. 34 | However, setting up a nsssd-unix service can still be useful: 35 |

36 | 37 |
    38 |
  • For testing purposes
    • 39 |
  • As a placeholder service that will be replaced later with a more 40 | complex backend
    • 41 |
  • ...
    • 42 |
43 | 44 |

45 | nsssd-unix is not meant to be called directly; instead, it is expected to be run from 46 | a script as a part of a "nsssd" 47 | local service. 48 |

49 | 50 |

51 | The examples/ subdirectory of the nsss package provides examples 52 | on how to run such a service. 53 | The simplest way to do so, for testing purposes, is a command line such as: 54 |

55 | 
s6-ipcserver -l0 /run/service/nsssd/s nsssd-unix
56 | 57 |

58 | /run/service/nsssd/s is the default place where nsss's 59 | implementation of the pwd.h, grp.h and shadow.h 60 | functions expects the nsssd 61 | service to be. It can be changed at nsss build time by giving the 62 | --with-nsssd-socket=PATH option to configure. 63 |

64 | 65 |

66 | nsssd-unix does not listen to the socket itself: it reads from its 67 | standard input and writes to its standard output. It relies 68 | on a superserver such as 69 | s6-ipcserver 70 | to manage connections to the socket. An instance of nsssd-unix is run 71 | for every client connection. 72 |

73 | 74 |

75 | If fine-grained authorizations are required (only allowing 76 | certain users and groups to connect to the service), the superserver 77 | can be configured to enforce them. 78 |

79 | 80 |

81 | nsssd-unix does not need to run as root, provided it can read the files 82 | database. 83 | It is recommended to create a nsss user and group, dedicated to 84 | the nsssd service, and run the superserver as this user and group. 85 |

86 | 87 | 88 | 89 | -------------------------------------------------------------------------------- /tools/gen-deps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | . package/info 4 | 5 | echo '#' 6 | echo '# This file has been generated by tools/gen-deps.sh' 7 | echo '#' 8 | echo 9 | 10 | internal_libs= 11 | 12 | for dir in src/include/${package} src/* ; do 13 | for file in $(ls -1 $dir | grep -- \\.h$) ; do 14 | { 15 | grep -F -- "#include <${package}/" < ${dir}/$file | cut -d'<' -f2 | cut -d'>' -f1 ; 16 | grep -- '#include ".*\.h"' < ${dir}/$file | cut -d'"' -f2 17 | } | sort -u | { 18 | deps= 19 | while read dep ; do 20 | if echo $dep | grep -q "^${package}/" ; then 21 | deps="$deps src/include/$dep" 22 | elif test -f "${dir}/$dep" ; then 23 | deps="$deps ${dir}/$dep" 24 | else 25 | deps="$deps src/include-local/$dep" 26 | fi 27 | done 28 | if test -n "$deps" ; then 29 | echo "${dir}/${file}:${deps}" 30 | fi 31 | } 32 | done 33 | done 34 | 35 | for dir in src/* ; do 36 | for file in $(ls -1 $dir | grep -- \\.c$) ; do 37 | { 38 | grep -F -- "#include <${package}/" < ${dir}/$file | cut -d'<' -f2 | cut -d'>' -f1 ; 39 | grep -- '#include ".*\.h"' < ${dir}/$file | cut -d'"' -f2 40 | } | sort -u | { 41 | deps=" ${dir}/$file" 42 | while read dep ; do 43 | if echo $dep | grep -q "^${package}/" ; then 44 | deps="$deps src/include/$dep" 45 | elif test -f "${dir}/$dep" ; then 46 | deps="$deps ${dir}/$dep" 47 | else 48 | deps="$deps src/include-local/$dep" 49 | fi 50 | done 51 | o=$(echo $file | sed s/\\.c$/.o/) 52 | lo=$(echo $file | sed s/\\.c$/.lo/) 53 | echo "${dir}/${o} ${dir}/${lo}:${deps}" 54 | } 55 | done 56 | done 57 | echo 58 | 59 | for dir in $(ls -1 src | grep -v ^include) ; do 60 | for file in $(ls -1 src/$dir/deps-lib) ; do 61 | deps= 62 | libs= 63 | while read dep ; do 64 | if echo $dep | grep -q -e '^\${LIB' -e '^-l' -e '^\${.*_LIB}' ; then 65 | libs="$libs $dep" 66 | else 67 | deps="$deps src/$dir/$dep" 68 | fi 69 | done < src/$dir/deps-lib/$file 70 | echo 'ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),)' 71 | echo "lib${file}.a.xyzzy:${deps}" 72 | echo else 73 | echo "lib${file}.a.xyzzy:$(echo ${deps} | sed 's/\.o/.lo/g')" 74 | echo endif 75 | if grep -qE "^LIB_DEFS [+:]= .*=$file" package/targets.mak ; then 76 | echo "lib${file}.pc: EXTRA_LIBS :=${libs}" 77 | echo "lib${file}.so.xyzzy: EXTRA_LIBS :=$libs" 78 | echo "lib${file}.so.xyzzy:$(echo ${deps} | sed 's/\.o/.lo/g')" 79 | echo "lib${file}.dylib.xyzzy: EXTRA_LIBS :=$libs" 80 | echo "lib${file}.dylib.xyzzy:$(echo ${deps} | sed 's/\.o/.lo/g')" 81 | else 82 | internal_libs="$internal_libs lib${file}.a.xyzzy" 83 | fi 84 | done 85 | 86 | for file in $(ls -1 src/$dir/deps-exe) ; do 87 | deps= 88 | libs= 89 | while read dep ; do 90 | if echo $dep | grep -q \\.o$ ; then 91 | dep="src/$dir/$dep" 92 | fi 93 | if echo $dep | grep -qx '\${.*_LIB}' ; then 94 | libs="$libs $dep" 95 | else 96 | deps="$deps $dep" 97 | fi 98 | done < src/$dir/deps-exe/$file 99 | echo "$file: EXTRA_LIBS :=$libs" 100 | echo "$file: src/$dir/$file.o$deps" 101 | done 102 | done 103 | echo "INTERNAL_LIBS :=$internal_libs" 104 | -------------------------------------------------------------------------------- /src/libnsss/deps-lib/nsss: -------------------------------------------------------------------------------- 1 | nsss_all_endgrent.o 2 | nsss_all_endpwent.o 3 | nsss_all_endspent.o 4 | nsss_all_errno.o 5 | nsss_all_getgrent.o 6 | nsss_all_getgrent_r.o 7 | nsss_all_getgrgid.o 8 | nsss_all_getgrgid_r.o 9 | nsss_all_getgrnam.o 10 | nsss_all_getgrnam_r.o 11 | nsss_all_getgrouplist.o 12 | nsss_all_getpwent.o 13 | nsss_all_getpwent_r.o 14 | nsss_all_getpwnam.o 15 | nsss_all_getpwnam_r.o 16 | nsss_all_getpwuid.o 17 | nsss_all_getpwuid_r.o 18 | nsss_all_getspent.o 19 | nsss_all_getspent_r.o 20 | nsss_all_getspnam.o 21 | nsss_all_getspnam_r.o 22 | nsss_all_setgrent.o 23 | nsss_all_setpwent.o 24 | nsss_all_setspent.o 25 | nsss_grp_copy.o 26 | nsss_grp_here.o 27 | nsss_grouplist_adjust.o 28 | nsss_pwd_copy.o 29 | nsss_pwd_here.o 30 | nsss_shadow_copy.o 31 | nsss_shadow_here.o 32 | nsss_switch_end.o 33 | nsss_switch_endgrent.o 34 | nsss_switch_endpwent.o 35 | nsss_switch_endspent.o 36 | nsss_switch_enumerator.o 37 | nsss_switch_getgrent.o 38 | nsss_switch_getgrent_r.o 39 | nsss_switch_getgrgid.o 40 | nsss_switch_getgrgid_r.o 41 | nsss_switch_getgrnam.o 42 | nsss_switch_getgrnam_r.o 43 | nsss_switch_getgrouplist.o 44 | nsss_switch_getpwent.o 45 | nsss_switch_getpwent_r.o 46 | nsss_switch_getpwnam.o 47 | nsss_switch_getpwnam_r.o 48 | nsss_switch_getpwuid.o 49 | nsss_switch_getpwuid_r.o 50 | nsss_switch_getspent.o 51 | nsss_switch_getspent_r.o 52 | nsss_switch_getspnam.o 53 | nsss_switch_getspnam_r.o 54 | nsss_switch_grp_end.o 55 | nsss_switch_grp_get.o 56 | nsss_switch_grp_getbygid.o 57 | nsss_switch_grp_getbyname.o 58 | nsss_switch_grp_getlist.o 59 | nsss_switch_grp_read.o 60 | nsss_switch_grp_rewind.o 61 | nsss_switch_op.o 62 | nsss_switch_pwd_end.o 63 | nsss_switch_pwd_get.o 64 | nsss_switch_pwd_getbyname.o 65 | nsss_switch_pwd_getbyuid.o 66 | nsss_switch_pwd_read.o 67 | nsss_switch_pwd_rewind.o 68 | nsss_switch_query.o 69 | nsss_switch_query_mutex.o 70 | nsss_switch_query_start.o 71 | nsss_switch_send.o 72 | nsss_switch_sendv.o 73 | nsss_switch_setgrent.o 74 | nsss_switch_setpwent.o 75 | nsss_switch_setspent.o 76 | nsss_switch_shadow_end.o 77 | nsss_switch_shadow_get.o 78 | nsss_switch_shadow_getbyname.o 79 | nsss_switch_shadow_read.o 80 | nsss_switch_shadow_rewind.o 81 | nsss_switch_set_timeout.o 82 | nsss_switch_start.o 83 | nsss_switch_startf.o 84 | nsss_unix_end.o 85 | nsss_unix_endgrent.o 86 | nsss_unix_endpwent.o 87 | nsss_unix_endspent.o 88 | nsss_unix_field.o 89 | nsss_unix_getgrent.o 90 | nsss_unix_getgrent_r.o 91 | nsss_unix_getgrgid.o 92 | nsss_unix_getgrgid_r.o 93 | nsss_unix_getgrnam.o 94 | nsss_unix_getgrnam_r.o 95 | nsss_unix_getgrouplist.o 96 | nsss_unix_getgrouplist_preadjust.o 97 | nsss_unix_getpwent.o 98 | nsss_unix_getpwent_r.o 99 | nsss_unix_getpwnam.o 100 | nsss_unix_getpwnam_r.o 101 | nsss_unix_getpwuid.o 102 | nsss_unix_getpwuid_r.o 103 | nsss_unix_getspent.o 104 | nsss_unix_getspent_r.o 105 | nsss_unix_getspnam.o 106 | nsss_unix_getspnam_r.o 107 | nsss_unix_grp_get.o 108 | nsss_unix_grp_getbygid.o 109 | nsss_unix_grp_getbyname.o 110 | nsss_unix_grp_getlist.o 111 | nsss_unix_grp_here.o 112 | nsss_unix_maybe_start.o 113 | nsss_unix_pwd_get.o 114 | nsss_unix_pwd_getbyname.o 115 | nsss_unix_pwd_getbyuid.o 116 | nsss_unix_pwd_here.o 117 | nsss_unix_rewind.o 118 | nsss_unix_setgrent.o 119 | nsss_unix_setpwent.o 120 | nsss_unix_setspent.o 121 | nsss_unix_shadow_get.o 122 | nsss_unix_shadow_getbyname.o 123 | nsss_unix_shadow_here.o 124 | nsss_unix_start.o 125 | -lskarnet 126 | ${PTHREAD_LIB} 127 | -------------------------------------------------------------------------------- /doc/nsssd-nslcd.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | nsss: the nsssd-nslcd program 7 | 8 | 9 | 10 | 11 | 12 | 13 |

14 | nsss
15 | Software
16 | skarnet.org 17 |

18 | 19 |

The nsssd-nslcd program

20 | 21 |

22 | nsssd-nslcd is a daemon providing a backend for clients using the 23 | nsss library - more precisely, clients using 24 | the nsss-all or 25 | the nsss-switch functions. 26 |

27 | 28 |

29 | The nsssd-nslcd backend is meant to be used when the user/group/shadow 30 | information is held in a LDAP server, and the 31 | nslcd 32 | daemon is running on the system as an interface to the LDAP architecture. 33 | nsssd-nslcd acts a server for its libnsss-using client, and as a 34 | client to nslcd. It forwards the application's requests to nslcd, and 35 | forwards the answers back. 36 |

37 | 38 |

39 | nsssd-nslcd is not meant to be called directly; instead, it is expected to be run from 40 | a script as a part of a "nsssd" 41 | local service. 42 |

43 | 44 |

45 | The examples/ subdirectory of the nsss package provides examples 46 | on how to run such a service. 47 | The simplest way to do so, for testing purposes, is a command line such as: 48 |

49 | 
s6-ipcserver -l0 /run/service/nsssd/s nsssd-nslcd /var/run/nslcd/socket
50 | 51 |

52 | /run/service/nsssd/s is the default place where nsss's 53 | implementation of the pwd.h, grp.h and shadow.h 54 | functions expects the nsssd 55 | service to be. It can be changed at nsss build time by giving the 56 | --with-nsssd-socket=PATH option to configure. 57 | nsssd-nslcd takes one argument: the path to connect to the nslcd daemon. 58 | By default, this is /var/run/nslcd/socket. The default can be 59 | changed at nslcd build time. 60 |

61 | 62 |

63 | nsssd-nslcd does not listen to the socket itself: it reads from its 64 | standard input and writes to its standard output. It relies 65 | on a superserver such as 66 | s6-ipcserver 67 | to manage connections to the socket. An instance of nsssd-nslcd is run 68 | for every client connection. 69 |

70 | 71 |

72 | If fine-grained authorizations are required (only allowing 73 | certain users and groups to connect to the service), the superserver 74 | can be configured to enforce them. 75 |

76 | 77 |

78 | nsssd-nslcd does not need to run as root, provided it can connect 79 | to the nslcd daemon. 80 | It is recommended to create a nsss user and group, dedicated to 81 | the nsssd service, and run the superserver as this user and group. 82 |

83 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /src/nsssd/nsssd-unix.c: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | void *nsssd_handle_init (void) 11 | { 12 | return 0 ; 13 | } 14 | 15 | int nsssd_handle_start (void *handle, char const *const *argv) 16 | { 17 | (void)handle ; 18 | (void)argv ; 19 | return 1 ; 20 | } 21 | 22 | void nsssd_handle_end (void *handle) 23 | { 24 | (void)handle ; 25 | } 26 | 27 | int nsssd_pwd_start (void *handle) 28 | { 29 | (void)handle ; 30 | return 1 ; 31 | } 32 | 33 | int nsssd_pwd_rewind (void *handle) 34 | { 35 | nsss_unix_setpwent() ; 36 | (void)handle ; 37 | return 1 ; 38 | } 39 | 40 | int nsssd_pwd_get (void *handle, struct passwd *pw) 41 | { 42 | struct passwd *pw2 = nsss_unix_getpwent() ; 43 | if (!pw2) return 0 ; 44 | *pw = *pw2 ; 45 | (void)handle ; 46 | return 1 ; 47 | } 48 | 49 | int nsssd_pwd_getbyuid (void *handle, struct passwd *pw, uid_t uid) 50 | { 51 | struct passwd *pw2 = nsss_unix_getpwuid(uid) ; 52 | if (!pw2) return 0 ; 53 | *pw = *pw2 ; 54 | (void)handle ; 55 | return 1 ; 56 | } 57 | 58 | int nsssd_pwd_getbyname (void *handle, struct passwd *pw, char const *name) 59 | { 60 | struct passwd *pw2 = nsss_unix_getpwnam(name) ; 61 | if (!pw2) return 0 ; 62 | *pw = *pw2 ; 63 | (void)handle ; 64 | return 1 ; 65 | } 66 | 67 | void nsssd_pwd_end (void *handle) 68 | { 69 | nsss_unix_endpwent() ; 70 | (void)handle ; 71 | } 72 | 73 | void nsssd_grp_handle_init (void *handle) 74 | { 75 | (void)handle ; 76 | } 77 | 78 | int nsssd_grp_start (void *handle) 79 | { 80 | (void)handle ; 81 | return 1 ; 82 | } 83 | 84 | int nsssd_grp_rewind (void *handle) 85 | { 86 | nsss_unix_setgrent() ; 87 | (void)handle ; 88 | return 1 ; 89 | } 90 | 91 | int nsssd_grp_get (void *handle, struct group *gr) 92 | { 93 | struct group *gr2 = nsss_unix_getgrent() ; 94 | if (!gr2) return 0 ; 95 | *gr = *gr2 ; 96 | (void)handle ; 97 | return 1 ; 98 | } 99 | 100 | int nsssd_grp_getbygid (void *handle, struct group *gr, gid_t gid) 101 | { 102 | struct group *gr2 = nsss_unix_getgrgid(gid) ; 103 | if (!gr2) return 0 ; 104 | *gr = *gr2 ; 105 | (void)handle ; 106 | return 1 ; 107 | } 108 | 109 | int nsssd_grp_getbyname (void *handle, struct group *gr, char const *name) 110 | { 111 | struct group *gr2 = nsss_unix_getgrnam(name) ; 112 | if (!gr2) return 0 ; 113 | *gr = *gr2 ; 114 | (void)handle ; 115 | return 1 ; 116 | } 117 | 118 | int nsssd_grp_getlist (void *handle, char const *user, gid_t *gids, size_t n, size_t *r) 119 | { 120 | (void)handle ; 121 | return nsss_unix_getgrouplist_preadjust(user, gids, n, r) ; 122 | } 123 | 124 | void nsssd_grp_end (void *handle) 125 | { 126 | nsss_unix_endgrent() ; 127 | (void)handle ; 128 | } 129 | 130 | void nsssd_shadow_handle_init (void *handle) 131 | { 132 | (void)handle ; 133 | } 134 | 135 | int nsssd_shadow_start (void *handle) 136 | { 137 | (void)handle ; 138 | return 1 ; 139 | } 140 | 141 | int nsssd_shadow_rewind (void *handle) 142 | { 143 | nsss_unix_setspent() ; 144 | (void)handle ; 145 | return 1 ; 146 | } 147 | 148 | int nsssd_shadow_get (void *handle, struct spwd *sp) 149 | { 150 | struct spwd *sp2 = nsss_unix_getspent() ; 151 | if (!sp2) return 0 ; 152 | *sp = *sp2 ; 153 | (void)handle ; 154 | return 1 ; 155 | } 156 | 157 | int nsssd_shadow_getbyname (void *handle, struct spwd *sp, char const *name) 158 | { 159 | struct spwd *sp2 = nsss_unix_getspnam(name) ; 160 | if (!sp2) return 0 ; 161 | *sp = *sp2 ; 162 | (void)handle ; 163 | return 1 ; 164 | } 165 | 166 | void nsssd_shadow_end (void *handle) 167 | { 168 | nsss_unix_endspent() ; 169 | (void)handle ; 170 | } 171 | 172 | int main (int argc, char const *const *argv) 173 | { 174 | PROG = "nsssd-unix" ; 175 | (void)argc ; 176 | return nsssd_main(argv+1) ; 177 | } 178 | -------------------------------------------------------------------------------- /doc/upgrade.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | How to upgrade nsss 7 | 8 | 9 | 10 | 11 | 12 | 13 |

14 | nsss
15 | Software
16 | skarnet.org 17 |

18 | 19 |

What has changed in nsss

20 | 21 |

In 0.2.1.1

22 | 23 |
    24 |
  • skalibs 25 | dependency bumped to 2.14.5.0.
    • 26 |
  • s6 run-time 27 | dependency bumped to 2.13.3.0.
    • 28 |
  • Shared libraries are now supported on MacOS.
    • 29 |
30 | 31 |

In 0.2.1.0

32 | 33 |
    34 |
  • skalibs 35 | dependency bumped to 2.14.4.0.
    • 36 |
  • s6 run-time 37 | dependency bumped to 2.13.2.0.
    • 38 |
  • pkg-config is now supported, see ./configure --help.
    • 39 |
40 | 41 |

In 0.2.0.5

42 | 43 |
    44 |
  • skalibs 45 | dependency bumped to 2.14.3.0.
    • 46 |
  • s6 run-time 47 | dependency bumped to 2.13.1.0.
    • 48 |
  • Static libraries now install in /usr/lib by default.
    • 49 |
50 | 51 |

In 0.2.0.4

52 | 53 |
    54 |
  • skalibs 55 | dependency bumped to 2.14.0.0.
    • 56 |
  • s6 run-time 57 | dependency bumped to 2.12.0.0.
    • 58 |
59 | 60 |

In 0.2.0.3

61 | 62 |
    63 |
  • skalibs 64 | dependency bumped to 2.13.1.0.
    • 65 |
  • s6 run-time 66 | dependency bumped to 2.11.3.0.
    • 67 |
68 | 69 |

In 0.2.0.2

70 | 71 |
    72 |
  • skalibs 73 | dependency bumped to 2.13.0.0.
    • 74 |
  • s6 run-time 75 | dependency bumped to 2.11.2.0.
    • 76 |
77 | 78 |

In 0.2.0.1

79 | 80 |
    81 |
  • skalibs 82 | dependency bumped to 2.11.1.0.
    • 83 |
  • s6 run-time 84 | dependency bumped to 2.11.0.1.
    • 85 |
86 | 87 |

In 0.2.0.0

88 | 89 |
    90 |
  • skalibs dependency bumped to 91 | 2.11.0.0.
    • 92 |
  • s6 optional dependency bumped to 93 | 2.11.0.0.
    • 94 |
  • The nsss wire protocol has changed slightly.
    • 95 |
  • New binary: nsssd-switch.
    • 96 |
97 | 98 |

In 0.1.0.1

99 | 100 |
    101 |
  • skalibs dependency bumped to 102 | 2.10.0.3.
    • 103 |
104 | 105 |

in 0.1.0.0

106 | 107 |
    108 |
  • skalibs dependency bumped to 109 | 2.10.0.0.
    • 110 |
  • s6 optional dependency bumped to 111 | 2.10.0.0.
    • 112 |
  • The pwd.h, grp.h and shadow.h header files are 113 | not installed by default anymore. You now need to explicitly give the 114 | --enable-libc-includes configure option in order to install them. The 115 | point of this change is to avoid overwriting libc headers accidentally.
    • 116 |
117 | 118 |

in 0.0.2.2

119 | 120 |
    121 |
  • skalibs dependency bumped to 122 | 2.9.2.0.
    • 123 |
  • s6 optional dependency bumped to 124 | 2.9.1.0.
    • 125 |
126 | 127 |

in 0.0.2.1

128 | 129 |
    130 |
  • skalibs dependency bumped to 131 | 2.9.1.0.
    • 132 |
  • s6 optional dependency bumped to 133 | 2.9.0.1.
    • 134 |
135 | 136 |

in 0.0.2.0

137 | 138 |
    139 |
  • skalibs dependency bumped to 140 | 2.9.0.0.
    • 141 |
  • s6 optional dependency bumped to 142 | 2.9.0.0.
    • 143 |
  • Support for getgrouplist() 144 | has been added.
    • 145 |
146 | 147 |

in 0.0.1.2

148 | 149 |
    150 |
  • No functional changes.
    • 151 |
152 | 153 |

in 0.0.1.1

154 | 155 |
    156 |
  • skalibs dependency bumped to 157 | 2.8.0.0.
    • 158 |
  • s6 optional dependency bumped to 159 | 2.8.0.0.
    • 160 |
  • Everything now builds as PIC by default no matter 161 | the toolchain's settings. Use the --disable-all-pic configure 162 | option to build executables and static libraries as non-PIC.
    • 163 |
164 | 165 |

in 0.0.1.0

166 | 167 |

168 | Initial release. 169 |

170 | 171 | 172 | 173 | -------------------------------------------------------------------------------- /doc/libnsssd/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | nsss: the nsssd library interface 7 | 8 | 9 | 10 | 11 | 12 | 13 |

14 | nsss
15 | Software
16 | skarnet.org 17 |

18 | 19 |

The nsssd library interface

20 | 21 |

General information

22 | 23 |

24 | libnsssd is a library that can be used by external applications 25 | to implement extra nsss backends, in the style of 26 | nsssd-unix and 27 | nsssd-nslcd, without learning the 28 | details of the nsss protocol or having to perform IO themselves. 29 |

30 | 31 |

Compiling

32 | 33 |
    34 |
  • Make sure the nsss headers, as well as the skalibs headers, 35 | are visible in your header search path.
    • 36 |
  • Use #include <skalibs/strerr.h> and 37 | #include <nsss/nsssd.h>
    • 38 |
39 | 40 |

Linking

41 | 42 |
    43 |
  • Make sure the nsssd library, as well as the skalibs library, 44 | are visible in your library search path.
    • 45 |
  • Link against -lnsssd, -lskarnet, 46 | `cat $SYSDEPS/socket.lib` and 47 | `cat $SYSDEPS/sysclock.lib`, $SYSDEPS being your skalibs 48 | sysdeps directory.
    • 49 |
50 | 51 |

Programming

52 | 53 |
    54 |
  • In your main() function, start with assigning 55 | the name of your program to the PROG variable. Example: 56 | PROG = "nsssd-foobar";
    • 57 |
  • Your main() function can parse options and 58 | take command line arguments as it sees fit. But once it's done 59 | parsing options, give control to the nsssd_main() 60 | function, using your argv as an argument: 61 | return nsssd_main(argv);
    • 62 |
63 | 64 |

65 | The rest of your program should implement the functions needed by 66 | nsssd_main(). Here is what those functions are: 67 |

68 | 69 |

void *nsssd_handle_init (void)

70 |

71 | This function must return a pointer to an uninitialized 72 | handle. The handle can be whatever you need to implement your 73 | backend; the pointer to your handle will be passed to every 74 | subsequent function. The function must not return NULL. 75 |

76 | 77 |

int nsssd_handle_start (void *handle, char const *const *argv)

78 |

79 | This function must initialize the handle. The arguments 80 | it takes are a pointer to the handle and the argv that has been 81 | passed to nsssd_main(). This allows you to write daemons 82 | that can be somewhat configured via the command line: it is how 83 | nsssd-nslcd takes an argument 84 | telling it where the nslcd socket is, and uses that argument in 85 | its own nsssd_handle_start to actually connect to the 86 | nslcd daemon.
87 | The function must return nonzero if it succeeds, and 0 if it 88 | fails, setting errno appropriately. 89 |

90 | 91 |

void nsssd_handle_end (void *handle)

92 |

93 | This function must deinitialize the handle and free all 94 | related resources: close connections to external processes, etc. 95 |

96 | 97 |

int nsssd_pwd_start (void *handle)

98 |

99 | This function will be called at the start of a passwd enumeration. 100 | It must return nonzero on success and 0 on error. 101 |

102 | 103 |

int nsssd_pwd_rewind (void *handle)

104 |

105 | This function will be called on a setpwent() call. 106 | It must rewind the current enumeration to the start of the 107 | database. 108 | It must return nonzero on success and 0 on error. 109 |

110 | 111 |

int nsssd_pwd_get (void *handle, struct passwd *pw)

112 |

113 | This function will be called on every getpwent() call, i.e. 114 | on every iteration of an enumeration. On error, it must return 0; on 115 | success, it must return nonzero and store the obtained passwd structure 116 | into *pw. 117 |

118 | 119 |

void nsssd_pwd_end (void *handle)

120 |

121 | This function will be called at the end of a passwd enumeration. 122 |

123 | 124 |

int nsssd_pwd_getbyuid (void *handle, struct passwd *pw, uid_t uid)

125 |

126 | This function must implement a getpwuid(uid) call. On error, it must 127 | return 0; on success, it must return nonzero and store the result into 128 | *pw. 129 |

130 | 131 |

int nsssd_pwd_getbyname (void *handle, struct passwd *pw, char const *name)

132 |

133 | This function must implement a getpwnam(name) call. On error, it must 134 | return 0; on success, it must return nonzero and store the result into 135 | *pw. 136 |

137 | 138 |

139 | Similar functions for the group and shadow databases must also be implemented. 140 | The full list can be found in the 141 | nsss/nsssd.h header. 142 |

143 | 144 | 145 | 146 | -------------------------------------------------------------------------------- /doc/overview.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | nsss: an overview 7 | 8 | 9 | 10 | 11 | 12 | 13 |

14 | nsss
15 | Software
16 | skarnet.org 17 |

18 | 19 |

An overview of nsss

20 | 21 |

22 | nsss is a secure implementation of a subset of the 23 | pwd.h, grp.h and shadow.h functionality, i.e. 24 | user authentication on Unix systems. It includes full POSIX 25 | functionality, a few GNU extensions, and an underlying 26 | C client library with better error reporting 27 | than the POSIX interface specifies. 28 |

29 | 30 |

31 | nsss has two parts: the client library and the nsssd service. 32 |

33 | 34 |

The nsss client library

35 | 36 |

37 | The client library provides: 38 |

39 | 40 |
    41 |
  • nsss-unix: a set of 42 | functions providing access to the standard /etc/passwd, 43 | /etc/group and /etc/shadow files.
    • 44 |
  • nsss-switch: a set of 45 | functions implementing the same functionality as nsss-unix, 46 | but instead of looking for information in the standard files, they 47 | connect to a nsssd service (see below) that performs the 48 | requests for them.
    • 49 |
  • three implementations of the the standard getpwnam() 50 | et al. functions: one using the nsss-unix functions, one 51 | using the nsss-switch functions, and the default one, called 52 | nsss-all, which attempts to connect to the nsssd service 53 | and retrieve information from it, but falls back to the nsss-unix 54 | implementation if it fails (for instance, if no nsssd service is 55 | listening).
    • 56 |
57 | 58 |

59 | Applications wishing to use nsss should be built against this client 60 | library. The getpwnam() et al. definitions will override those 61 | of the libc, and use the nsss-all, nsss-switch or 62 | nsss-unix depending on compilation options. 63 |

64 | 65 |

66 | Unlike glibc's nsswitch, the nsss client library does not 67 | use dynamically loadable modules. nsss can be statically linked, and 68 | used in static programs. It's also quite light. 69 |

70 | 71 |

The nsssd service

72 | 73 |

74 | For applications that need to use the nsss-all or 75 | nsss-switch implementations of getpwnam() et al. 76 | (and that is the point, otherwise the libc's implementation could 77 | generally be used over nsss-unix instead!) there needs to 78 | be a daemon running on the system, and serving requests from 79 | nsss-switch clients. 80 |

81 | 82 |

83 | That daemon should be set up by the system administrator. It should 84 | listen to the /run/service/nsssd/s Unix domain socket; that 85 | default location can be changed at nsss build time via the 86 | --with-nsssd-socket option to the configure script. 87 |

88 | 89 |

90 | As of 0.0.2.0, three suitable implementations of a nsssd daemon are 91 | provided by the nsss package: 92 |

93 | 94 |
    95 |
  • The nsssd-unix program, which is 96 | sort of a dummy implementation since it simply accesses the standard 97 | files (it simply uses the nsss-unix library). It is still 98 | useful for testing purposes, and to have a placeholder service that 99 | can easily be replaced later.
    • 100 |
  • The nsssd-nslcd program, which 101 | performs requests to a 102 | nslcd 103 | daemon running on the same system and returns the answers fetched 104 | by nslcd. This allows nsss to get its users/groups information from 105 | a LDAP database.
    • 106 |
  • The nsssd-switch program, which 107 | tries several other backends in sequence and uses the first one that 108 | succeeds.
    • 109 |
110 | 111 |

112 | More implementations, with a wider variety of backends, will come 113 | in future versions of nsss. 114 |

115 | 116 |

117 | The provided programs are not meant to be run directly; instead, they 118 | use the UCSPI protocol and must be spawned by a Unix domain super-server 119 | (the equivalent of inetd, for Unix domain sockets). The 120 | s6-ipcserver 121 | program, from the s6 package, 122 | is such a super-server. What this means is that for instance, running the 123 | following command-line as root will set up a correct nsss service: 124 |

125 | 126 | 
 s6-ipcserver -- /run/service/nsssd/s nsssd-unix
127 | 128 |

129 | Refinements can be added to this command-line, such as options to 130 | drop root privileges after binding to the socket, etc. Examples of how 131 | to add a nsssd service to your init scripts are provided in the 132 | examples/ subdirectory of the nsss package, for OpenRC, 133 | s6 or s6-rc based systems. 134 |

135 | 136 | 137 | 138 | -------------------------------------------------------------------------------- /src/include/nsss/nsss-switch.h: -------------------------------------------------------------------------------- 1 | /* ISC license. */ 2 | 3 | #ifndef NSSS_SWITCH_H 4 | #define NSSS_SWITCH_H 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include 16 | #include 17 | #include 18 | 19 | #define NSSS_SWITCH_BUFSIZE 4096 20 | 21 | #ifdef LOGIN_NAME_MAX 22 | #define NSSS_SWITCH_NAME_MAXLEN LOGIN_NAME_MAX 23 | #else 24 | #define NSSS_SWITCH_NAME_MAXLEN _SC_LOGIN_NAME_MAX 25 | #endif 26 | 27 | typedef struct nsss_switch_s nsss_switch_t, *nsss_switch_t_ref ; 28 | struct nsss_switch_s 29 | { 30 | unsigned int held ; 31 | char const *path ; 32 | buffer b ; 33 | char buf[NSSS_SWITCH_BUFSIZE] ; 34 | } ; 35 | #define NSSS_SWITCH_ZERO { .held = 0, .path = 0, .b = BUFFER_ZERO } 36 | 37 | #define NSSS_SWITCH_PWD 1 38 | #define NSSS_SWITCH_GRP 2 39 | #define NSSS_SWITCH_SHADOW 4 40 | 41 | extern int nsss_switch_start (nsss_switch_t *, unsigned int, char const *, tain const *, tain *) ; 42 | #define nsss_switch_start_g(a, what, s, deadline) nsss_switch_start(a, what, s, (deadline), &STAMP) 43 | extern int nsss_switch_startf (nsss_switch_t *, unsigned int, char const *const *, tain const *, tain *) ; 44 | #define nsss_switch_startf_g(a, what, argv, deadline) nsss_switch_startf(a, what, argv, (deadline), &STAMP) 45 | extern void nsss_switch_end (nsss_switch_t *, unsigned int) ; 46 | 47 | 48 | /* Internal management */ 49 | 50 | #define NSSS_SWITCH_SET_TIMEOUT '\001' 51 | 52 | extern int nsss_switch_set_timeout (nsss_switch_t *, unsigned int, tain const *, tain *) ; 53 | #define nsss_switch_set_timeout_g(a, timeout, deadline) nsss_switch_set_timeout(a, timeout, (deadline), &STAMP) 54 | 55 | 56 | /* Password */ 57 | 58 | #define NSSS_SWITCH_PWD_END '\010' 59 | #define NSSS_SWITCH_PWD_REWIND '\011' 60 | #define NSSS_SWITCH_PWD_GET '\012' 61 | #define NSSS_SWITCH_PWD_GETBYNAME '\013' 62 | #define NSSS_SWITCH_PWD_GETBYUID '\014' 63 | 64 | extern int nsss_switch_pwd_end (nsss_switch_t *, tain const *, tain *) ; 65 | #define nsss_switch_pwd_end_g(a, deadline) nsss_switch_pwd_end(a, (deadline), &STAMP) 66 | extern int nsss_switch_pwd_rewind (nsss_switch_t *, tain const *, tain *) ; 67 | #define nsss_switch_pwd_rewind_g(a, deadline) nsss_switch_pwd_rewind(a, (deadline), &STAMP) 68 | extern int nsss_switch_pwd_get (nsss_switch_t *, struct passwd *, stralloc *, tain const *, tain *) ; 69 | #define nsss_switch_pwd_get_g(a, b, sa, deadline) nsss_switch_pwd_get(a, b, sa, (deadline), &STAMP) 70 | extern int nsss_switch_pwd_getbyname (nsss_switch_t *, struct passwd *, stralloc *, char const *, tain const *, tain *) ; 71 | #define nsss_switch_pwd_getbyname_g(a, b, sa, name, deadline) nsss_switch_pwd_getbyname(a, b, sa, name, (deadline), &STAMP) 72 | extern int nsss_switch_pwd_getbyuid (nsss_switch_t *, struct passwd *, stralloc *, uid_t, tain const *, tain *) ; 73 | #define nsss_switch_pwd_getbyuid_g(a, b, sa, u, deadline) nsss_switch_pwd_getbyuid(a, b, sa, u, (deadline), &STAMP) 74 | 75 | 76 | /* Group */ 77 | 78 | #define NSSS_SWITCH_GRP_END '\020' 79 | #define NSSS_SWITCH_GRP_REWIND '\021' 80 | #define NSSS_SWITCH_GRP_GET '\022' 81 | #define NSSS_SWITCH_GRP_GETBYNAME '\023' 82 | #define NSSS_SWITCH_GRP_GETBYGID '\024' 83 | #define NSSS_SWITCH_GRP_GETLIST '\025' 84 | 85 | extern int nsss_switch_grp_end (nsss_switch_t *, tain const *, tain *) ; 86 | #define nsss_switch_grp_end_g(a, deadline) nsss_switch_grp_end(a, (deadline), &STAMP) 87 | extern int nsss_switch_grp_rewind (nsss_switch_t *, tain const *, tain *) ; 88 | #define nsss_switch_grp_rewind_g(a, deadline) nsss_switch_grp_rewind(a, (deadline), &STAMP) 89 | extern int nsss_switch_grp_get (nsss_switch_t *, struct group *, stralloc *, genalloc *, tain const *, tain *) ; 90 | #define nsss_switch_grp_get_g(a, b, sa, ga, deadline) nsss_switch_grp_get(a, b, sa, ga, (deadline), &STAMP) 91 | extern int nsss_switch_grp_getbyname (nsss_switch_t *, struct group *, stralloc *, genalloc *, char const *, tain const *, tain *) ; 92 | #define nsss_switch_grp_getbyname_g(a, b, sa, ga, name, deadline) nsss_switch_grp_getbyname(a, b, sa, ga, name, (deadline), &STAMP) 93 | extern int nsss_switch_grp_getbygid (nsss_switch_t *, struct group *, stralloc *, genalloc *, gid_t, tain const *, tain *) ; 94 | #define nsss_switch_grp_getbygid_g(a, b, sa, ga, g, deadline) nsss_switch_grp_getbygid(a, b, sa, ga, g, (deadline), &STAMP) 95 | extern int nsss_switch_grp_getlist (nsss_switch_t *, char const *, gid_t *, size_t, size_t *, stralloc *, tain const *, tain *) ; 96 | #define nsss_switch_grp_getlist_g(a, user, gids, n, r, sa, deadline) nsss_switch_grp_getlist(a, user, gids, n, r, sa, (deadline), &STAMP) 97 | 98 | 99 | /* Shadow */ 100 | 101 | #define NSSS_SWITCH_SHADOW_END '\040' 102 | #define NSSS_SWITCH_SHADOW_REWIND '\041' 103 | #define NSSS_SWITCH_SHADOW_GET '\042' 104 | #define NSSS_SWITCH_SHADOW_GETBYNAME '\043' 105 | 106 | extern int nsss_switch_shadow_end (nsss_switch_t *, tain const *, tain *) ; 107 | #define nsss_switch_shadow_end_g(a, deadline) nsss_switch_shadow_end(a, (deadline), &STAMP) 108 | extern int nsss_switch_shadow_rewind (nsss_switch_t *, tain const *, tain *) ; 109 | #define nsss_switch_shadow_rewind_g(a, deadline) nsss_switch_shadow_rewind(a, (deadline), &STAMP) 110 | extern int nsss_switch_shadow_get (nsss_switch_t *, struct spwd *, stralloc *, tain const *, tain *) ; 111 | #define nsss_switch_shadow_get_g(a, b, sa, deadline) nsss_switch_shadow_get(a, b, sa, (deadline), &STAMP) 112 | extern int nsss_switch_shadow_getbyname (nsss_switch_t *, struct spwd *, stralloc *, char const *, tain const *, tain *) ; 113 | #define nsss_switch_shadow_getbyname_g(a, b, sa, name, deadline) nsss_switch_shadow_getbyname(a, b, sa, name, (deadline), &STAMP) 114 | 115 | #endif 116 | -------------------------------------------------------------------------------- /doc/nsswitch.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | nsss: the problem with nsswitch 7 | 8 | 9 | 10 | 11 | 12 | 13 |

14 | nsss
15 | Software
16 | skarnet.org 17 |

18 | 19 |

The problem with nsswitch

20 | 21 |

22 | nsswitch, or 23 | Name 24 | Service Switch, is a common Unix mechanism to describe how 25 | user/group/shadow databases should be accessed. Nowadays it's 26 | prevalent on Linux because it's the mechanism used by the glibc. 27 |

28 | 29 |

30 | Unfortunately, nsswitch has a certain number of flaws 31 | that make it difficult to use in a small and secure environment. 32 | In other words, it's crap. Here's why. 33 |

34 | 35 |

nsswitch uses dynamically linked modules.

36 | 37 |

38 | nsswitch works by reading a configuration file, 39 | /etc/nsswitch.conf, and depending on what it reads in this 40 | file, loading one or more shared libraries, via 41 | dlopen(), 42 | into the application. These shared libraries, for instance 43 | /lib/libnss_files-2.19.so, are provided by the NSS implementation 44 | (glibc on Linux). This mechanism has drawbacks. 45 |

46 | 47 |

It makes it difficult to link programs statically.

48 | 49 |

50 | Programs using dlopen() are notoriously difficult to use 51 | in a static linking environment: by nature, dlopen() is 52 | dynamic, and it's practically impossible to make it work reliably 53 | and correctly in statically linked programs. 54 |

55 | 56 |

57 | So, small programs that just need a getpwnam() call 58 | cannot, for all intents and purposes, be linked statically when 59 | the implementation of getpwnam() goes through nsswitch. 60 |

61 | 62 |

63 | By contrast, the nsss implementation of getpwnam() 64 | works with static linking without trouble, and without pulling the 65 | whole libc - only the nsss client library is pulled, and 66 | it is quite small. 67 |

68 | 69 |

It dynamically adds third-party code to the process' address space.

70 | 71 |

72 | This is a common security issue with dynamically loaded modules. 73 |

74 | 75 |

76 | Normally, when you link your executable against a third-party library - 77 | in this case, the libc - the library has a public API that you're using, 78 | and that API has documented behaviour. Some sanity checks are performed 79 | at link time, and if something is terribly wrong, linking fails. 80 |

81 | 82 |

83 | This is not the case with dynamically loaded modules used internally 84 | by a library. These modules do not have a contract with you, the application 85 | developer, but only with the library that uses them. Some checks are 86 | performed at library build time, but not at application 87 | build time. When dlopen() is run, it performs some 88 | minimal checks at run-time (which is the worst time for checks, 89 | because failure causes application downtime!), then loads code and data 90 | into your application's address space without ever having verified that 91 | the interaction is okay. 92 |

93 | 94 |

95 | It would be extremely easy for a malicious third-party to inject 96 | subtly bad code making your application behave in unintended ways 97 | using dynamically loaded modules. And even from benevolent library 98 | authors, it makes bugs more subtle and harder to catch. 99 |

100 | 101 |

102 | By contrast, nsss doesn't load its backends into the client's 103 | address space - only the fallback nsss-unix implementation 104 | using /etc/passwd is linked client-side, and there's even an 105 | option to disable that. All the complex backend code lives server-side 106 | in the appropriate nsssd daemon, sharing no address space with 107 | the application. 108 |

109 | 110 |

nsswitch adds a configuration parser and a decision 111 | automaton to the application.

112 | 113 |

114 | nsswitch's configuration is done via the 115 | /etc/nsswitch.conf file, a text, human-friendly file. 116 | The first time a user database function is called, the file is read and 117 | parsed, and then for all subsequent user database function calls, a 118 | decision automaton (that results from this parsing) is run so the 119 | engine knows which sequence of backends to call in which situation. 120 |

121 | 122 |

123 | All this, obviously, happens at run-time, in the application's 124 | address space. Maybe it's time for a quick reminder that 125 |

126 | 127 |
    128 |
  • parsing is bad - most people can't write parsers, and bugs love them 129 | (both the parsers and these people)
    • 130 |
  • run-time is the worst time for syntax errors, and any other 131 | errors that could and should be caught earlier
    • 132 |
  • library code should be kept as simple as possible and a dynamic 133 | decision automaton doesn't qualify as "simple"
    • 134 |
  • every line of code linked into a critical application (such 135 | as login) is attack surface
    • 136 |
137 | 138 |

139 | The nsswitch configuration model goes against all these basic 140 | programming principles. 141 |

142 | 143 |

144 | By contrast, nsss: 145 |

146 | 147 |
    148 |
  • performs no parsing at all - and if a generic backend ever needs 149 | parsing, it will be done in its own process address space, not in the 150 | application's.
    • 151 |
  • has the simplest possible decision engine: "if contacting the 152 | backend fails, fall back on the Unix mechanism". And even that can be 153 | overridden at application build time. If a more complex decision engine 154 | is needed, it can be implemented, say it with me, in a backend that has 155 | its own address space.
    • 156 |
  • frontloads as many decisions as possible before application run 157 | time. The backend used by applications is determined when the 158 | nsssd service starts, and can be changed by modifying and 159 | restarting this service; the burden of determining which backend to 160 | run is not carried by applications.
    • 161 |
162 | 163 | 164 | 165 | --------------------------------------------------------------------------------