pax_global_header00006660000000000000000000000064147244115250014517gustar00rootroot0000000000000052 comment=35d28bf60b7fa65c333793b0f474a2cd96a0ddaa libnss-cache-0.22/000077500000000000000000000000001472441152500137755ustar00rootroot00000000000000libnss-cache-0.22/.github/000077500000000000000000000000001472441152500153355ustar00rootroot00000000000000libnss-cache-0.22/.github/dependabot.yml000066400000000000000000000001651472441152500201670ustar00rootroot00000000000000version: 2 updates: - package-ecosystem: "github-actions" directory: "/" schedule: interval: "daily" libnss-cache-0.22/.github/workflows/000077500000000000000000000000001472441152500173725ustar00rootroot00000000000000libnss-cache-0.22/.github/workflows/auto-review.yml000066400000000000000000000025771472441152500223770ustar00rootroot00000000000000# This is a single-maintainer project but I want to require reviews before # merge, which means that I need a bot to review my own work. name: Automatic pull request approvals on: pull_request_target: types: - opened - reopened - synchronize - ready_for_review check_suite: types: - completed jobs: auto-approve: runs-on: ubuntu-latest if: > github.event.pull_request.head.repo.full_name == github.repository && github.event.pull_request.draft == false && ( github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' ) && ( github.actor == 'jaqx0r' ) permissions: # wait on check checks: read # create review pull-requests: write steps: - uses: lewagon/wait-on-check-action@v1.3.4 with: ref: ${{ github.event.pull_request.head.sha }} check-name: test repo-token: ${{ github.token }} wait-interval: 60 - uses: "actions/github-script@v7" with: github-token: ${{ github.token }} script: | await github.rest.pulls.createReview({ event: "APPROVE", owner: context.repo.owner, pull_number: context.payload.pull_request.number, repo: context.repo.repo, }) libnss-cache-0.22/.github/workflows/automerge.yml000066400000000000000000000042401472441152500221050ustar00rootroot00000000000000# We "trust" dependabot updates once they pass tests. # (this still requires all other checks to pass!) # This doesn't work on forked repos per the discussion in # https://github.com/pascalgn/automerge-action/issues/46 so don't attempt to # add people other than dependabot to the if field below. name: dependabot-auto-merge on: pull_request_target: types: # Dependabot will label the PR - labeled # Dependabot has rebased the PR - synchronize jobs: enable-automerge: if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies') runs-on: ubuntu-latest permissions: # enable-automerge is a graphql query, not REST, so isn't documented, # except in a mention in # https://github.blog/changelog/2021-02-04-pull-request-auto-merge-is-now-generally-available/ # which says "can only be enabled by users with permissino to merge"; the # REST documentation says you need contents: write to perform a merge. # https://github.community/t/what-permission-does-a-github-action-need-to-call-graphql-enablepullrequestautomerge/197708 # says this is it contents: write steps: # Enable auto-merge *before* issuing an approval. - uses: alexwilson/enable-github-automerge-action@main with: github-token: "${{ secrets.GITHUB_TOKEN }}" wait-on-checks: needs: enable-automerge runs-on: ubuntu-latest permissions: # wait-on-check requires only checks read checks: read steps: - uses: lewagon/wait-on-check-action@v1.3.4 with: ref: ${{ github.event.pull_request.head.sha }} check-name: test repo-token: ${{ secrets.GITHUB_TOKEN }} wait-interval: 60 approve: needs: wait-on-checks runs-on: ubuntu-latest permissions: # https://github.com/hmarr/auto-approve-action/issues/183 says # auto-approve-action requires write on pull-requests pull-requests: write steps: - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 with: github-token: "${{ secrets.GITHUB_TOKEN }}" libnss-cache-0.22/.github/workflows/ci.yml000066400000000000000000000020031472441152500205030ustar00rootroot00000000000000name: CI on: push: # Filter on branch so we don't double-run this workflow on a PR's push. tags: - v* - version* branches: - main pull_request: permissions: # none-all, which doesn't exist, but # https://docs.github.com/en/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow # implies that the token still gets created. Elsewhere we learn that any # permission not mentioned here gets turned to `none`. actions: none jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: install dependencies run: sudo apt-get install -y time - name: build run: make all - name: test run: make check - uses: codecov/codecov-action@v5 if: always() with: directory: . fmt-lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: jidicula/clang-format-action@v4.14.0 with: fallback-style: "Google" libnss-cache-0.22/.github/workflows/codeql-analysis.yml000066400000000000000000000044661472441152500232170ustar00rootroot00000000000000# For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # # ******** NOTE ******** # We have attempted to detect the languages in your repository. Please check # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # name: "CodeQL" on: push: branches: [ master ] pull_request: # The branches below must be a subset of the branches above branches: [ master ] schedule: - cron: '40 13 * * 1' jobs: analyze: name: Analyze runs-on: ubuntu-latest strategy: fail-fast: false matrix: language: [ 'cpp' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] # Learn more: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - name: Checkout repository uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # queries: ./path/to/local/query, your-org/your-repo/queries@main # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v3 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines # and modify them (or add more) to build your code if your project # uses a compiled language #- run: | # make bootstrap # make release - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 libnss-cache-0.22/.github/workflows/release.yml000066400000000000000000000007071472441152500215410ustar00rootroot00000000000000name: release on: # Test that this workflow parses on PR pull_request: push: tags: - v* - version/* permissions: # writes to the Releases API contents: write jobs: release: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: softprops/action-gh-release@v2 # Only execute on a tag if: startsWith(github.ref, 'refs/tags/') with: generate_release_notes: true libnss-cache-0.22/.gitignore000066400000000000000000000007251472441152500157710ustar00rootroot00000000000000last_pw_errno_test .libs/ .libs32/ .pc/ *.o *.so.* lookup gen_getent debian/.debhelper debian/files debian/libnss-cache.debhelper.log debian/libnss-cache.postinst.debhelper debian/libnss-cache.postrm.debhelper debian/libnss-cache.substvars debian/libnss-cache debian/patches *.dsc *.tar.gz *.deb *.changes *.upload *.diff.gz *.build a.out *.debian.tar.xz debian/debhelper-build-stamp .testdata/ /tmpconfig.yml /.ghi.yml /libnss_cache.so /*.c.gcov /build/ *.gcda *.gcno libnss-cache-0.22/CONTRIBUTING.md000066400000000000000000000032531472441152500162310ustar00rootroot00000000000000Want to contribute? Great! First, read this page (including the small print at the end). ### Before you contribute Before we can use your code, you must sign the [Google Individual Contributor License Agreement](https://developers.google.com/open-source/cla/individual?csw=1) (CLA), which you can do online. The CLA is necessary mainly because you own the copyright to your changes, even after your contribution becomes part of our codebase, so we need your permission to use and distribute your code. We also need to be sure of various other things—for instance that you'll tell us if you know that your code infringes on other people's patents. You don't have to sign the CLA until after you've submitted your code for review and a member has approved it, but you must do it before we can put your code into our codebase. Before you start working on a larger contribution, you should get in touch with us first through the issue tracker with your idea so that we can help out and possibly guide you. Coordinating up front makes it much easier to avoid frustration later on. ### Code reviews All submissions, including submissions by project members, require review. We use Github pull requests for this purpose. ### Response Time This repository is maintained as a best effort service. Response times to issues and PRs may vary with the availability of the maintainers. We appreciate your patience. PRs with unit tests will be merged promptly. All other requests (issues and PRs) may take longer to be responded to. ### The small print Contributions made by corporations are covered by a different agreement than the one above, the Software Grant and Corporate Contributor License Agreement. libnss-cache-0.22/COPYING000066400000000000000000000167271472441152500150450ustar00rootroot00000000000000 GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 2. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the object code with a copy of the GNU GPL and this license document. 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the Combined Work with a copy of the GNU GPL and this license document. c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 5. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 6. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. libnss-cache-0.22/Makefile000066400000000000000000000124161472441152500154410ustar00rootroot00000000000000CC ?= gcc CFLAGS ?= -Wall -Wstrict-prototypes CFLAGS += -fPIC LIBRARY=libnss_cache.so.2 PREFIX=$(DESTDIR)/usr LIBDIR=$(PREFIX)/lib TESTDATA=.testdata LIBNSSCACHE = nss_cache.o compat/getpwent_r.o compat/getgrent_r.o SOURCES = Makefile gen_getent.c lookup.c nss_cache.c nss_cache.h nss_test.h COPYING version libnss-cache.spec VERSION = $(shell git describe --tags --always | sed -E 's@.*/([^-]*).*@\1@') GETENT_DATA_TOUCH = $(TESTDATA)/.touch.getent_data LOOKUP_DATA_TOUCH = $(TESTDATA)/.touch.lookup_data INDEX_DATA_TOUCH = $(TESTDATA)/.touch.index_data .PHONY: all all: $(LIBRARY) .PHONY: test check test check: CFLAGS += -O0 -g --coverage test check: LDFLAGS += --coverage test check: test_getent time_lookups lookup: lookup.o $(LIBNSSCACHE) .PHONY: time_lookups time_lookups: lookup_data index_data lookup @echo Linear username lookups rm -f $(TESTDATA)/passwd.cache.ixname time -f %E ./lookup -c getpwnam -f $(TESTDATA)/rand_pwnames @echo Binary username lookups ln -sf passwd_cache_ixname_disabled $(TESTDATA)/passwd.cache.ixname time -f %E ./lookup -c getpwnam -f $(TESTDATA)/rand_pwnames @echo Linear UID lookups rm -f $(TESTDATA)/passwd.cache.ixuid time -f %E ./lookup -c getpwuid -f $(TESTDATA)/rand_pwuids @echo Binary UID lookups ln -sf passwd_cache_ixuid_disabled $(TESTDATA)/passwd.cache.ixuid time -f %E ./lookup -c getpwuid -f $(TESTDATA)/rand_pwuids @echo Linear groupname lookups rm -f $(TESTDATA)/group.cache.ixname time -f %E ./lookup -c getgrnam -f $(TESTDATA)/rand_grnames @echo Binary groupname lookups ln -sf group_cache_ixname_disabled $(TESTDATA)/group.cache.ixname time -f %E ./lookup -c getgrnam -f $(TESTDATA)/rand_grnames @echo Linear GID lookups rm -f $(TESTDATA)/group.cache.ixgid time -f %E ./lookup -c getgrgid -f $(TESTDATA)/rand_grgids @echo Binary GID lookups ln -sf group_cache_ixuid_disabled $(TESTDATA)/group.cache.ixuid time -f %E ./lookup -c getgrgid -f $(TESTDATA)/rand_grgids @echo Linear shadow lookups rm -f $(TESTDATA)/shadow.cache.ixname time -f %E ./lookup -c getspnam -f $(TESTDATA)/rand_spnames @echo Binary shadow lookups ln -sf shadow_cache_ixname_disabled $(TESTDATA)/shadow.cache.ixname time -f %E ./lookup -c getspnam -f $(TESTDATA)/rand_spnames @echo Linear gshadow lookups rm -f $(TESTDATA)/gshadow.cache.ixname time -f %E ./lookup -c getsgnam -f $(TESTDATA)/rand_sgnames @echo Binary gshadow lookups ln -sf gshadow_cache_ixname_disabled $(TESTDATA)/gshadow.cache.ixname time -f %E ./lookup -c getsgnam -f $(TESTDATA)/rand_sgnames gcov --all-blocks --branch-probabilities --branch-counts --function-summaries --unconditional-branches ./lookup gen_getent: gen_getent.o $(LIBNSSCACHE) .PHONY: test_getent test_getent: getent_data gen_getent nss_cache.c ./gen_getent diff $(TESTDATA)/passwd.cache $(TESTDATA)/passwd.cache.out diff $(TESTDATA)/group.cache $(TESTDATA)/group.cache.out diff $(TESTDATA)/shadow.cache $(TESTDATA)/shadow.cache.out diff $(TESTDATA)/gshadow.cache $(TESTDATA)/gshadow.cache.out gcov --all-blocks --branch-probabilities --branch-counts --function-summaries --unconditional-branches ./gen_getent .PHONY: index_data index_data: $(INDEX_DATA_TOUCH) $(INDEX_DATA_TOUCH): $(LOOKUP_DATA_TOUCH) ./scripts/index.sh $(TESTDATA)/passwd.cache 1 $(TESTDATA)/passwd_cache_ixname_disabled ./scripts/index.sh $(TESTDATA)/passwd.cache 3 $(TESTDATA)/passwd_cache_ixuid_disabled ./scripts/index.sh $(TESTDATA)/group.cache 1 $(TESTDATA)/group_cache_ixname_disabled ./scripts/index.sh $(TESTDATA)/group.cache 3 $(TESTDATA)/group_cache_ixgid_disabled ./scripts/index.sh $(TESTDATA)/shadow.cache 1 $(TESTDATA)/shadow_cache_ixname_disabled ./scripts/index.sh $(TESTDATA)/gshadow.cache 1 $(TESTDATA)/gshadow_cache_ixname_disabled .PHONY: lookup_data lookup_data: $(LOOKUP_DATA_TOUCH) $(LOOKUP_DATA_TOUCH): $(GETENT_DATA_TOUCH) cut -d : -f 1 $(TESTDATA)/passwd.cache |\ sort -R | head -500 > $(TESTDATA)/rand_pwnames cut -d : -f 3 $(TESTDATA)/passwd.cache |\ sort -R | head -500 > $(TESTDATA)/rand_pwuids cut -d : -f 1 $(TESTDATA)/group.cache |\ sort -R | head -500 > $(TESTDATA)/rand_grnames cut -d : -f 3 $(TESTDATA)/group.cache |\ sort -R | head -500 > $(TESTDATA)/rand_grgids cut -d : -f 1 $(TESTDATA)/shadow.cache |\ sort -R | head -500 > $(TESTDATA)/rand_spnames cut -d : -f 1 $(TESTDATA)/gshadow.cache |\ sort -R | head -500 > $(TESTDATA)/rand_sgnames touch $@ .PHONY: getent_data getent_data: $(GETENT_DATA_TOUCH) $(GETENT_DATA_TOUCH): scripts/gentestdata.sh mkdir -p $(TESTDATA) ./scripts/gentestdata.sh $(TESTDATA) touch $@ last_pw_errno_test: test/last_pw_errno_test.c $(LIBRARY): LDFLAGS += -shared $(LIBRARY): $(LIBNSSCACHE) $(CC) $(CFLAGS) $(LDFLAGS) -o $(LIBRARY) $+ .PHONY: install install: $(LIBRARY) install -d $(LIBDIR) install $(LIBRARY) $(LIBDIR) .PHONY: clean clean: rm -f $(LIBRARY) *.o compat/*.o *.gcov *.gcda *.gcno compat/*.gcda compat/*.gcno lookup gen_getent last_pw_errno_test .PHONY: veryclean veryclean: clean rm -rf $(TESTDATA) .PHONY: distclean distclean: veryclean rm -f *~ \#* .PHONY: dist dist: rm -rf libnss-cache-$(VERSION) libnss-cache-$(VERSION).tar libnss-cache-$(VERSION).tar.gz mkdir libnss-cache-$(VERSION) cp $(SOURCES) libnss-cache-$(VERSION) tar cf libnss-cache-$(VERSION).tar libnss-cache-$(VERSION) gzip -9 libnss-cache-$(VERSION).tar rm -rf libnss-cache-$(VERSION) libnss-cache-0.22/README.md000066400000000000000000000014031472441152500152520ustar00rootroot00000000000000libnss-cache - File-based NSS module for caching remote directory service information. ====================================================================================== [![ci](https://github.com/google/libnss-cache/workflows/CI/badge.svg)](https://github.com/google/libnss-cache/actions?query=workflow%3ACI+branch%3Amaster) `libnss-cache` is a NSS module for reading directory service information for Linux hosts from an indexed, local disk cache of that directory service. It is paired with https://github.com/google/nsscache, a tool that asynchronously synchronises the local NSS database with remote directory services. Mailing list: https://groups.google.com/forum/#!forum/nsscache-discuss Issue history is at https://code.google.com/p/nsscache/issues/list libnss-cache-0.22/THANKS000066400000000000000000000001461472441152500147110ustar00rootroot00000000000000Sergei Trofimovich Kevin Bowling Michael Aldridge libnss-cache-0.22/bsdnss.c000066400000000000000000000044701472441152500154420ustar00rootroot00000000000000#include NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); enum nss_status _nss_cache_getpwnam_r(const char *, struct passwd *, char *, size_t, int *); enum nss_status _nss_cache_getpwuid_r(uid_t, struct passwd *, char *, size_t, int *); enum nss_status _nss_cache_getpwent_r(struct passwd *, char *, size_t, int *); enum nss_status _nss_cache_setpwent(int); enum nss_status _nss_cache_endpwent(void); enum nss_status _nss_cache_getgrnam_r(const char *, struct group *, char *, size_t, int *); enum nss_status _nss_cache_getgrgid_r(gid_t, struct group *, char *, size_t, int *); enum nss_status _nss_cache_getgrent_r(struct group *, char *, size_t, int *); enum nss_status _nss_cache_setgrent(int); enum nss_status _nss_cache_endgrent(void); static ns_mtab methods[] = { {NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_cache_getpwnam_r}, {NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_cache_getpwuid_r}, {NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_cache_getpwent_r}, {NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_cache_endpwent}, {NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_cache_setpwent}, {NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_cache_getgrnam_r}, {NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_cache_getgrgid_r}, {NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_cache_getgrent_r}, {NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_cache_endgrent}, {NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_cache_setgrent}, }; ns_mtab *nss_module_register(const char *name, unsigned int *size, nss_module_unregister_fn *unregister) { *size = sizeof(methods) / sizeof(methods[0]); *unregister = NULL; return (methods); } libnss-cache-0.22/compat/000077500000000000000000000000001472441152500152605ustar00rootroot00000000000000libnss-cache-0.22/compat/getgrent_r.c000066400000000000000000000064041472441152500175700ustar00rootroot00000000000000/* * ---------------------------------------------------------------------- * Copyright © 2005-2014 Rich Felker, et al. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * ---------------------------------------------------------------------- * * Adapted from http://www.musl-libc.org/ for libnss-cache * Copyright © 2015 Kevin Bowling */ // This compat layer is only built for BSD, or Linux without the GNU C // Library. #if defined(BSD) || (defined(__linux__) && !defined(__GLIBC__)) #include #include #include #include #include #include #include #define ALIGNBYTES (sizeof(uintptr_t) - 1) #define ALIGN(p) ((((uintptr_t)(p) + ALIGNBYTES) & ~ALIGNBYTES)) static unsigned atou(char **s) { unsigned x; for (x = 0; **s - '0' < 10U; ++*s) x = 10 * x + (**s - '0'); return x; } int fgetgrent_r(FILE *f, struct group *gr, char *line, size_t size, struct group **res) { char *s, *mems; size_t i, nmem, need; int rv = 0; int ep; ptrdiff_t remain; for (;;) { line[size - 1] = '\xff'; if ((fgets(line, size, f) == NULL) || ferror(f) || (line[size - 1] != '\xff')) { rv = (line[size - 1] != '\xff') ? ERANGE : ENOENT; line = 0; gr = 0; goto end; } ep = strcspn(line, "\n"); line[ep] = 0; s = line; gr->gr_name = s++; if (!(s = strchr(s, ':'))) continue; *s++ = 0; gr->gr_passwd = s; if (!(s = strchr(s, ':'))) continue; *s++ = 0; gr->gr_gid = atou(&s); if (*s != ':') continue; *s++ = 0; mems = s; break; } for (nmem = !!*s; *s; s++) if (*s == ',') ++nmem; ++ep; remain = (void *)&line[size] - (void *)&line[ep]; need = (sizeof(char *) * (nmem + 1)) + ALIGNBYTES; if (need > remain) { rv = ERANGE; line = 0; gr = 0; goto end; } memset(&line[ep], 0, need); gr->gr_mem = (char **)ALIGN(&line[ep]); if (*mems) { gr->gr_mem[0] = mems; for (s = mems, i = 0; *s; s++) if (*s == ',') *s++ = 0, gr->gr_mem[++i] = s; gr->gr_mem[++i] = 0; } else { gr->gr_mem[0] = 0; } end: *res = gr; if (rv) errno = rv; return rv; } #endif //#if defined(BSD) || defined(__linux__) && !defined(__GLIBC__) libnss-cache-0.22/compat/getpwent_r.c000066400000000000000000000054001472441152500176010ustar00rootroot00000000000000/* * ---------------------------------------------------------------------- * Copyright © 2005-2014 Rich Felker, et al. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * ---------------------------------------------------------------------- * * Adapted from http://www.musl-libc.org/ for libnss-cache * Copyright © 2015 Kevin Bowling */ // This compat layer is only built for BSD, or Linux without the GNU C // Library. #if defined(BSD) || (defined(__linux__) && !defined(__GLIBC__)) #include #include #include #include #include static unsigned atou(char **s) { unsigned x; for (x = 0; **s - '0' < 10U; ++*s) x = 10 * x + (**s - '0'); return x; } int fgetpwent_r(FILE *f, struct passwd *pw, char *line, size_t size, struct passwd **res) { char *s; int rv = 0; for (;;) { line[size - 1] = '\xff'; if ((fgets(line, size, f) == NULL) || ferror(f) || line[size - 1] != '\xff') { rv = (line[size - 1] != '\xff') ? ERANGE : ENOENT; line = 0; pw = 0; break; } line[strcspn(line, "\n")] = 0; s = line; pw->pw_name = s++; if (!(s = strchr(s, ':'))) continue; *s++ = 0; pw->pw_passwd = s; if (!(s = strchr(s, ':'))) continue; *s++ = 0; pw->pw_uid = atou(&s); if (*s != ':') continue; *s++ = 0; pw->pw_gid = atou(&s); if (*s != ':') continue; *s++ = 0; pw->pw_gecos = s; if (!(s = strchr(s, ':'))) continue; *s++ = 0; pw->pw_dir = s; if (!(s = strchr(s, ':'))) continue; *s++ = 0; pw->pw_shell = s; break; } *res = pw; if (rv) errno = rv; return rv; } #endif //#if defined(BSD) || defined(__linux__) && !defined(__GLIBC__) libnss-cache-0.22/gen_getent.c000066400000000000000000000223661472441152500162710ustar00rootroot00000000000000/* Copyright 2009 Google Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA */ /* * A helper program to let us do simplistic unit testing of * libnss-cache functions. It does this by generating copies of the * maps in a data directory, using nss_cache.c get*ent() functions. */ #include "nss_cache.h" #include "nss_test.h" // getpwent_to_file() // Call the nss_cache getpwent function to dump the passwd store to a // file. static int getpwent_to_file(FILE *output) { struct passwd result; char *buffer; size_t buflen = 1024; int errnop; enum nss_status ret; _nss_cache_setpwent_path(PASSWD_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getpwent_r(&result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { fprintf(output, "%s:%s:%d:%d:%s:%s:%s\n", result.pw_name, result.pw_passwd, result.pw_uid, result.pw_gid, result.pw_gecos, result.pw_dir, result.pw_shell); } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { fprintf(stderr, "ERROR: failed to access passwd test data\n"); free(buffer); return 1; } } while (ret == NSS_STATUS_SUCCESS || ret == NSS_STATUS_TRYAGAIN); free(buffer); return 0; } // getgrent_to_file() // Call the nss_cache getgrent function to dump the group store to a // file. static int getgrent_to_file(FILE *output) { struct group result; char *buffer; size_t buflen = 1024; int errnop; enum nss_status ret; int idx; _nss_cache_setgrent_path(GROUP_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getgrent_r(&result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { fprintf(output, "%s:%s:%d:", result.gr_name, result.gr_passwd, result.gr_gid); // unroll **gr_mem for (idx = 0; result.gr_mem[idx] != NULL; idx++) { if (idx != 0) { fputs(",", output); } fputs(result.gr_mem[idx], output); } fputs("\n", output); } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { fprintf(stderr, "ERROR: failed to access group test data\n"); free(buffer); return 1; } } while (ret == NSS_STATUS_SUCCESS || ret == NSS_STATUS_TRYAGAIN); free(buffer); return 0; } #ifndef BSD // getspent_to_file() // Call the nss_cache getspent function to dump the shadow store to a // file. static int getspent_to_file(FILE *output) { struct spwd result; char *buffer; size_t buflen = 1024; int errnop; enum nss_status ret; _nss_cache_setspent_path(SHADOW_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getspent_r(&result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { fprintf(output, "%s:%s:", result.sp_namp, result.sp_pwdp); // sigh, empty numberical fields are -1 in the struct, // so if necessary convert back to empty fields if (result.sp_lstchg != -1) { fprintf(output, "%ld:", result.sp_lstchg); } else { fputs(":", output); } if (result.sp_min != -1) { fprintf(output, "%ld:", result.sp_min); } else { fputs(":", output); } if (result.sp_max != -1) { fprintf(output, "%ld:", result.sp_max); } else { fputs(":", output); } if (result.sp_warn != -1) { fprintf(output, "%ld:", result.sp_warn); } else { fputs(":", output); } if (result.sp_inact != -1) { fprintf(output, "%ld:", result.sp_inact); } else { fputs(":", output); } if (result.sp_expire != -1) { fprintf(output, "%ld:", result.sp_expire); } else { fputs(":", output); } if (result.sp_flag != -1) { fprintf(output, "%ld", result.sp_flag); } fputs("\n", output); } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { perror("ERROR: failed to access shadow test data"); free(buffer); return 1; } } while (ret == NSS_STATUS_SUCCESS || ret == NSS_STATUS_TRYAGAIN); free(buffer); return 0; } // getsgent_to_file() // Call the nss_cache getsgent function to dump the shadow store to a // file. static int getsgent_to_file(FILE *output) { struct sgrp result; char *buffer; size_t buflen = 1024; int errnop; enum nss_status ret; int idx; _nss_cache_setsgent_path(GSHADOW_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getsgent_r(&result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { fprintf(output, "%s:%s:", result.sg_namp, result.sg_passwd); // unroll **sg_adm for (idx = 0; result.sg_adm[idx] != NULL; idx++) { if (idx != 0) { fputs(",", output); } fputs(result.sg_adm[idx], output); } fputs(":", output); // unroll **sg_mem for (idx = 0; result.sg_mem[idx] != NULL; idx++) { if (idx != 0) { fputs(",", output); } fputs(result.sg_mem[idx], output); } fputs("\n", output); } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { perror("ERROR: failed to access gshadow test data"); free(buffer); return 1; } } while (ret == NSS_STATUS_SUCCESS || ret == NSS_STATUS_TRYAGAIN); free(buffer); return 0; } #endif // ifndef BSD // gen_getpwent_data() // // creates a copy of the passwd map as read by nss_cache.c static int gen_getpwent_data(void) { char filename[NSS_CACHE_PATH_LENGTH]; FILE *output; int ret; strncpy(filename, PASSWD_FILE, NSS_CACHE_PATH_LENGTH - 4); int n = strlen(filename); strncat(filename, ".out", NSS_CACHE_PATH_LENGTH - n - 1); output = fopen(filename, "w"); if (output == NULL) { fprintf(stderr, "failed to open %s!\n", filename); return 255; } ret = getpwent_to_file(output); fclose(output); return ret; } // gen_getgrent_data() // // creates a copy of the group map as read by nss_cache.c static int gen_getgrent_data(void) { char filename[NSS_CACHE_PATH_LENGTH]; FILE *output; int ret; strncpy(filename, GROUP_FILE, NSS_CACHE_PATH_LENGTH - 4); int n = strlen(filename); strncat(filename, ".out", NSS_CACHE_PATH_LENGTH - n - 1); output = fopen(filename, "w"); if (output == NULL) { fprintf(stderr, "failed to open %s!\n", filename); return 255; } ret = getgrent_to_file(output); fclose(output); return ret; } #ifndef BSD // gen_getspent_data() // // creates a copy of the shadow map as read by nss_cache.c static int gen_getspent_data(void) { char filename[NSS_CACHE_PATH_LENGTH]; FILE *output; int ret; strncpy(filename, SHADOW_FILE, NSS_CACHE_PATH_LENGTH - 4); int n = strlen(filename); strncat(filename, ".out", NSS_CACHE_PATH_LENGTH - n - 1); output = fopen(filename, "w"); if (output == NULL) { fprintf(stderr, "failed to open %s!\n", filename); return 255; } ret = getspent_to_file(output); fclose(output); return ret; } // gen_getsgent_data() // // creates a copy of the shadow map as read by nss_cache.c static int gen_getsgent_data(void) { char filename[NSS_CACHE_PATH_LENGTH]; FILE *output; int ret; strncpy(filename, GSHADOW_FILE, NSS_CACHE_PATH_LENGTH - 4); int n = strlen(filename); strncat(filename, ".out", NSS_CACHE_PATH_LENGTH - n - 1); output = fopen(filename, "w"); if (output == NULL) { fprintf(stderr, "failed to open %s!\n", filename); return 255; } ret = getsgent_to_file(output); fclose(output); return ret; } #endif // ifndef BSD // main() // // generate the passwd, group and shadow files using nss_cache.c functions // which are further checked for correctness by 'make test'. int main(void) { int ret; int failed_tests = 0; ret = gen_getpwent_data(); if (ret != 0) { fprintf(stderr, "Failed to generate password file.\n"); failed_tests = failed_tests + 1; } ret = gen_getgrent_data(); if (ret != 0) { fprintf(stderr, "Failed to generate group file.\n"); failed_tests = failed_tests + 1; } #ifndef BSD ret = gen_getspent_data(); if (ret != 0) { fprintf(stderr, "Failed to generate shadow file.\n"); failed_tests = failed_tests + 1; } ret = gen_getsgent_data(); if (ret != 0) { fprintf(stderr, "Failed to generate gshadow file.\n"); failed_tests = failed_tests + 1; } #endif printf("generated all files.\n"); return failed_tests; } libnss-cache-0.22/libnss-cache.spec000066400000000000000000000023341472441152500172060ustar00rootroot00000000000000Summary: NSS module for directory services using an indexed, local disk cache Name: libnss-cache Version: 0.15 Release: 1 License: LGPLv3 Group: System Environment/Base Packager: Oliver Hookins URL: https://github.com/google/libnss-cache/ Source: https://github.com/google/libnss-cache/archive/version/%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: i386, x86_64 %description libnss-cache is a NSS module for reading directory service information for hosts from an indexed, local disk cache of that directory service. It is paired with the nsscache python program that generates the cache from LDAP or other directory services. %prep %setup -q -n %{name}-version-%{version} %build make %install %{__rm} -rf %{buildroot} make LIBDIR="%{buildroot}%{_libdir}" install %clean %{__rm} -rf %{buildroot} %files %defattr(-, root, root, 0755) %{_libdir}/* %changelog * Mon Mar 07 2016 Kevin Bowling - 0.15-1 - Update to current release - Correct license to LGPLv3 - Change URL and Source to GitHub, more accurate description for this package * Tue Jan 06 2009 Oliver Hookins - 0.1-1 - Initial packaging libnss-cache-0.22/lookup.c000066400000000000000000000276021472441152500154610ustar00rootroot00000000000000/* Copyright 2009 Google Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA */ /* * Perform get*id() and get*nam() lookups given simple lists of * ids or names. Used to test correctness and timings of functions in * nss_cache.c * * There's a fair amount of repeated functions, and I thought briefly about * trying to consolidate them with callbacks or put an if clause inside the * while look (making one longer one for lookup_foo() functions). * * But, each function is slightly different: string or uid? struct group * or struct passwd or struct spwd? And I decided stupid repetition was just * easier and very direct to read. ymmv. * */ #include "nss_cache.h" #include "nss_test.h" // usage() // // print out flags and arguments static void usage(char *program) { fprintf(stderr, "Usage: %s -c nss_function -f filename\n", program); } // getpwnam_wrapper() // // perform a getpwnam() lookup via nss_cache.c directly static int getpwnam_wrapper(char *name) { struct passwd result; char *buffer = NULL; size_t buflen = 1024; int found = 255; int errnop; int ret; _nss_cache_setpwent_path(PASSWD_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getpwnam_r(name, &result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { // printf("found %s, %d\n", result.pw_name, result.pw_uid); found = 0; } if (ret == NSS_STATUS_NOTFOUND) { found = 1; } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { fprintf(stderr, "ERROR: failed to access passwd test data\n"); free(buffer); return 2; } } while (ret == NSS_STATUS_TRYAGAIN); free(buffer); return found; } // getpwuid_wrapper() // // perform a getpwui() lookup via nss_cache.c directly static int getpwuid_wrapper(uid_t uid) { struct passwd result; char *buffer = NULL; size_t buflen = 1024; int found = 255; int errnop; int ret; _nss_cache_setpwent_path(PASSWD_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getpwuid_r(uid, &result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { // printf("found %s, %d\n", result.pw_name, result.pw_uid); found = 0; } if (ret == NSS_STATUS_NOTFOUND) { found = 1; } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { fprintf(stderr, "ERROR: failed to access passwd test data\n"); return 2; } } while (ret == NSS_STATUS_TRYAGAIN); free(buffer); return found; } // getgrnam_wrapper() // // perform a getgrnam() lookup via nss_cache.c directly static int getgrnam_wrapper(char *name) { struct group result; char *buffer = NULL; size_t buflen = 1024; int found = 255; int errnop; int ret; _nss_cache_setgrent_path(GROUP_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getgrnam_r(name, &result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { // printf("found %s, %d\n", result.gr_name, result.gr_gid); found = 0; } if (ret == NSS_STATUS_NOTFOUND) { found = 1; } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { fprintf(stderr, "ERROR: failed to access passwd test data\n"); return 2; } } while (ret == NSS_STATUS_TRYAGAIN); free(buffer); return found; } // getgrgid_wrapper() // // perform a getgrgid() lookup via nss_cache.c directly static int getgrgid_wrapper(gid_t gid) { struct group result; char *buffer = NULL; size_t buflen = 1024; int found = 255; int errnop; int ret; _nss_cache_setgrent_path(GROUP_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getgrgid_r(gid, &result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { // printf("found %s, %d\n", result.gr_name, result.gr_gid); found = 0; } if (ret == NSS_STATUS_NOTFOUND) { found = 1; } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { fprintf(stderr, "ERROR: failed to access passwd test data\n"); return 2; } } while (ret == NSS_STATUS_TRYAGAIN); free(buffer); return found; } #ifndef BSD // getspnam_wrapper() // // perform a getspnam() lookup via nss_cache.c directly static int getspnam_wrapper(char *name) { struct spwd result; char *buffer = NULL; size_t buflen = 1024; int found = 255; int errnop; int ret; _nss_cache_setspent_path(SHADOW_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getspnam_r(name, &result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { // printf("found %s, %s\n", result.sp_namp, result.sp_pwdp); found = 0; } if (ret == NSS_STATUS_NOTFOUND) { found = 1; } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { fprintf(stderr, "ERROR: failed to access passwd test data\n"); return 2; } } while (ret == NSS_STATUS_TRYAGAIN); free(buffer); return found; } // getsgnam_wrapper() // // perform a getsgnam() lookup via nss_cache.c directly static int getsgnam_wrapper(char *name) { struct sgrp result; char *buffer = NULL; size_t buflen = 1024; int found = 255; int errnop; int ret; _nss_cache_setsgent_path(GSHADOW_FILE); buffer = malloc(buflen); do { ret = _nss_cache_getsgnam_r(name, &result, buffer, buflen, &errnop); if (ret == NSS_STATUS_SUCCESS) { // printf("found %s, %s\n", result.sg_namp, result.sg_pwdp); found = 0; } if (ret == NSS_STATUS_NOTFOUND) { found = 1; } if (ret == NSS_STATUS_TRYAGAIN) { buflen = buflen * 2; buffer = realloc(buffer, buflen); } if (ret == NSS_STATUS_UNAVAIL) { fprintf(stderr, "ERROR: failed to access passwd test data\n"); return 2; } } while (ret == NSS_STATUS_TRYAGAIN); free(buffer); return found; } #endif // ifndef BSD // lookup_getpwnam() // // call getpwnam() from nss_cache.c on each line of a file static int lookup_getpwnam(FILE *input) { int lines = 0; char line[255]; int ret; while (fgets(line, sizeof(line), input)) { lines += 1; // strip trailing newline if (line[strlen(line) - 1] == '\n') { line[strlen(line) - 1] = '\0'; } ret = getpwnam_wrapper(line); if (ret != 0) { break; } } if (ret == 0) { printf("successfully completed %d lookups\n", lines); } else { fprintf(stderr, "failed at line %d: %s\n", lines, line); } return ret; } // lookup_getpwuid() // // call getpwuid() from nss_cache.c on each line of a file static int lookup_getpwuid(FILE *input) { int lines = 0; char line[255]; int ret; while (fgets(line, sizeof(line), input)) { lines += 1; // strip trailing newline if (line[strlen(line) - 1] == '\n') { line[strlen(line) - 1] = '\0'; } ret = getpwuid_wrapper(atoi(line)); if (ret != 0) { break; } } if (ret == 0) { printf("successfully completed %d lookups\n", lines); } else { fprintf(stderr, "failed at line %d: %s\n", lines, line); } return ret; } // lookup_getgrnam() // // call getgrnam() from nss_cache.c on each line of a file static int lookup_getgrnam(FILE *input) { int lines = 0; char line[255]; int ret; while (fgets(line, sizeof(line), input)) { lines += 1; // strip trailing newline if (line[strlen(line) - 1] == '\n') { line[strlen(line) - 1] = '\0'; } ret = getgrnam_wrapper(line); if (ret != 0) { break; } } if (ret == 0) { printf("successfully completed %d lookups\n", lines); } else { fprintf(stderr, "failed at line %d: %s\n", lines, line); } return ret; } // lookup_getgrgid() // // call getgrgid() from nss_cache.c on each line of a file static int lookup_getgrgid(FILE *input) { int lines = 0; char line[255]; int ret; while (fgets(line, sizeof(line), input)) { lines += 1; // strip trailing newline if (line[strlen(line) - 1] == '\n') { line[strlen(line) - 1] = '\0'; } ret = getgrgid_wrapper(atoi(line)); if (ret != 0) { break; } } if (ret == 0) { printf("successfully completed %d lookups\n", lines); } else { fprintf(stderr, "failed at line %d: %s\n", lines, line); } return ret; } #ifndef BSD // lookup_getspnam() // // call getspnam() from nss_cache.c on each line of a file static int lookup_getspnam(FILE *input) { int lines = 0; char line[255]; int ret; while (fgets(line, sizeof(line), input)) { lines += 1; // strip trailing newline if (line[strlen(line) - 1] == '\n') { line[strlen(line) - 1] = '\0'; } ret = getspnam_wrapper(line); if (ret != 0) { break; } } if (ret == 0) { printf("successfully completed %d lookups\n", lines); } else { fprintf(stderr, "failed at line %d: %s\n", lines, line); } return ret; } // lookup_getsgnam() // // call getsgnam() from nss_cache.c on each line of a file static int lookup_getsgnam(FILE *input) { int lines = 0; char line[255]; int ret; while (fgets(line, sizeof(line), input)) { lines += 1; // strip trailing newline if (line[strlen(line) - 1] == '\n') { line[strlen(line) - 1] = '\0'; } ret = getsgnam_wrapper(line); if (ret != 0) { break; } } if (ret == 0) { printf("successfully completed %d lookups\n", lines); } else { fprintf(stderr, "failed at line %d: %s\n", lines, line); } return ret; } #endif // ifndef BSD // nss_lookup() // // call the nss lookup wrapper that was set by getopt() static int nss_lookup(char *call, FILE *input) { int ret; if (strncmp(call, "getpwnam", 8) == 0) { ret = lookup_getpwnam(input); } else if (strncmp(call, "getpwuid", 8) == 0) { ret = lookup_getpwuid(input); } else if (strncmp(call, "getgrnam", 8) == 0) { ret = lookup_getgrnam(input); } else if (strncmp(call, "getgrgid", 8) == 0) { ret = lookup_getgrgid(input); #ifndef BSD } else if (strncmp(call, "getspnam", 8) == 0) { ret = lookup_getspnam(input); } else if (strncmp(call, "getsgnam", 8) == 0) { ret = lookup_getsgnam(input); #endif // ifndef BSD } else { fprintf(stderr, "unknown nss function: %s\n", call); ret = 1; } return ret; } // main() // // parse commandline options to get the function name and input file. // send it through nss_lookup() which will ultimately call the // function on each line in the file and track success. int main(int argc, char **argv) { char *call = NULL; char *filename = NULL; FILE *input = NULL; int ret; int c; while ((c = getopt(argc, argv, "c:f:")) != -1) { switch (c) { case 'c': call = optarg; break; case 'f': filename = optarg; break; } } if (call == NULL || filename == NULL) { usage(argv[0]); return 1; } input = fopen(filename, "r"); if (input == NULL) { fprintf(stderr, "failed to open %s\n", filename); return 255; } ret = nss_lookup(call, input); fclose(input); return ret; } libnss-cache-0.22/nss_cache.c000066400000000000000000000756351472441152500161070ustar00rootroot00000000000000/* Copyright 2009 Google Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA */ /* An NSS module which adds supports for file maps with a trailing .cache * suffix (/etc/passwd.cache, /etc/group.cache, and /etc/shadow.cache) */ #include "nss_cache.h" #include #include /* Locking implementation: use pthreads. */ #include static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; #define NSS_CACHE_LOCK() \ do { \ pthread_mutex_lock(&mutex); \ } while (0) #define NSS_CACHE_UNLOCK() \ do { \ pthread_mutex_unlock(&mutex); \ } while (0) static FILE *pw_file = NULL; static FILE *gr_file = NULL; static char pw_filename[NSS_CACHE_PATH_LENGTH] = "/etc/passwd.cache"; static char gr_filename[NSS_CACHE_PATH_LENGTH] = "/etc/group.cache"; #ifndef BSD static FILE *sp_file = NULL; static FILE *sg_file = NULL; static char sp_filename[NSS_CACHE_PATH_LENGTH] = "/etc/shadow.cache"; static char sg_filename[NSS_CACHE_PATH_LENGTH] = "/etc/gshadow.cache"; #else extern int fgetpwent_r(FILE *, struct passwd *, char *, size_t, struct passwd **); extern int fgetgrent_r(FILE *, struct group *, char *, size_t, struct group **); #endif /* ifndef BSD */ /* Common return code routine for all *ent_r_locked functions. * We need to return TRYAGAIN if the underlying files guy raises ERANGE, * so that our caller knows to try again with a bigger buffer. */ static inline enum nss_status _nss_cache_ent_bad_return_code(int errnoval) { enum nss_status ret; switch (errnoval) { case ERANGE: DEBUG("ERANGE: Try again with a bigger buffer\n"); ret = NSS_STATUS_TRYAGAIN; break; case ENOENT: default: DEBUG("ENOENT or default case: Not found\n"); ret = NSS_STATUS_NOTFOUND; }; return ret; } // // Binary search routines below here // static int _nss_cache_bsearch2_compare(const void *key, const void *value) { struct nss_cache_args *args = (struct nss_cache_args *)key; const char *value_text = (const char *)value; // Using strcmp as the generation of the index sorts without // locale awareness. return strcmp(args->lookup_key, value_text); } enum nss_status _nss_cache_bsearch2(struct nss_cache_args *args, int *errnop) { enum nss_cache_match (*lookup)(FILE *, struct nss_cache_args *) = args->lookup_function; FILE *file = NULL; FILE *system_file_stream = NULL; struct stat system_file; struct stat sorted_file; enum nss_status ret = 100; long offset = 0; void *mapped_data = NULL; file = fopen(args->sorted_filename, "r"); if (file == NULL) { DEBUG("error opening %s\n", args->sorted_filename); return NSS_STATUS_UNAVAIL; } // if the sorted file is older than the system file, do not risk stale // data and abort // TODO(vasilios): should be a compile or runtime option if (stat(args->system_filename, &system_file) != 0) { DEBUG("failed to stat %s\n", args->system_filename); fclose(file); return NSS_STATUS_UNAVAIL; } if (fstat(fileno(file), &sorted_file) != 0) { DEBUG("failed to stat %s\n", args->sorted_filename); fclose(file); return NSS_STATUS_UNAVAIL; } if (difftime(system_file.st_mtime, sorted_file.st_mtime) > 0) { DEBUG("%s may be stale, aborting lookup\n", args->sorted_filename); fclose(file); return NSS_STATUS_UNAVAIL; } mapped_data = mmap(NULL, sorted_file.st_size, PROT_READ, MAP_PRIVATE, fileno(file), 0); if (mapped_data == MAP_FAILED) { DEBUG("mmap failed\n"); fclose(file); return NSS_STATUS_UNAVAIL; } const char *data = (const char *)mapped_data; while (*data != '\n') { ++data; } long entry_size = data - (const char *)mapped_data + 1; long entry_count = sorted_file.st_size / entry_size; void *entry = bsearch(args, mapped_data, entry_count, entry_size, &_nss_cache_bsearch2_compare); if (entry != NULL) { const char *entry_text = entry; int r = sscanf(entry_text + strlen(entry_text) + 1, "%ld", &offset); if (r != 1) { DEBUG("sscanf expected 1 conversion, got %d\n", r); } } if (munmap(mapped_data, sorted_file.st_size) == -1) { DEBUG("munmap failed\n"); } fclose(file); if (entry == NULL) { return NSS_STATUS_NOTFOUND; } system_file_stream = fopen(args->system_filename, "r"); if (system_file_stream == NULL) { DEBUG("error opening %s\n", args->system_filename); return NSS_STATUS_UNAVAIL; } if (fseek(system_file_stream, offset, SEEK_SET) != 0) { DEBUG("fseek fail\n"); return NSS_STATUS_UNAVAIL; } switch (lookup(system_file_stream, args)) { case NSS_CACHE_EXACT: ret = NSS_STATUS_SUCCESS; break; case NSS_CACHE_ERROR: if (errno == ERANGE) { // let the caller retry *errnop = errno; ret = _nss_cache_ent_bad_return_code(*errnop); } break; default: ret = NSS_STATUS_UNAVAIL; break; } fclose(system_file_stream); return ret; } // // Routines for passwd map defined below here // // _nss_cache_setpwent_path() // Helper function for testing extern char *_nss_cache_setpwent_path(const char *path) { DEBUG("%s %s\n", "Setting pw_filename to", path); return strncpy(pw_filename, path, NSS_CACHE_PATH_LENGTH - 1); } // _nss_cache_pwuid_wrap() // Internal wrapper for binary searches, using uid-specific calls. static enum nss_cache_match _nss_cache_pwuid_wrap(FILE *file, struct nss_cache_args *args) { struct passwd *result = args->lookup_result; uid_t *uid = args->lookup_value; if (fgetpwent_r(file, result, args->buffer, args->buflen, &result) == 0) { if (result->pw_uid == *uid) { DEBUG("SUCCESS: found user %d:%s\n", result->pw_uid, result->pw_name); return NSS_CACHE_EXACT; } DEBUG("Failed match at uid %d\n", result->pw_uid); if (result->pw_uid > *uid) { return NSS_CACHE_HIGH; } else { return NSS_CACHE_LOW; } } return NSS_CACHE_ERROR; } // _nss_cache_pwnam_wrap() // Internal wrapper for binary searches, using username-specific calls. static enum nss_cache_match _nss_cache_pwnam_wrap(FILE *file, struct nss_cache_args *args) { struct passwd *result = args->lookup_result; char *name = args->lookup_value; int ret; if (fgetpwent_r(file, result, args->buffer, args->buflen, &result) == 0) { ret = strcoll(result->pw_name, name); if (ret == 0) { DEBUG("SUCCESS: found user %s\n", result->pw_name); return NSS_CACHE_EXACT; } DEBUG("Failed match at name %s\n", result->pw_name); if (ret > 0) { return NSS_CACHE_HIGH; } else { return NSS_CACHE_LOW; } } return NSS_CACHE_ERROR; } // _nss_cache_setpwent_locked() // Internal setup routine static enum nss_status _nss_cache_setpwent_locked(void) { DEBUG("%s %s\n", "Opening", pw_filename); pw_file = fopen(pw_filename, "r"); if (pw_file) { return NSS_STATUS_SUCCESS; } else { return NSS_STATUS_UNAVAIL; } } // _nss_cache_setpwent() // Called by NSS to open the passwd file // 'stayopen' parameter is ignored. enum nss_status _nss_cache_setpwent(int stayopen) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_setpwent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_endpwent_locked() // Internal close routine static enum nss_status _nss_cache_endpwent_locked(void) { DEBUG("Closing passwd.cache\n"); if (pw_file) { fclose(pw_file); pw_file = NULL; } return NSS_STATUS_SUCCESS; } // _nss_cache_endpwent() // Called by NSS to close the passwd file enum nss_status _nss_cache_endpwent(void) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_endpwent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getpwent_r_locked() // Called internally to return the next entry from the passwd file static enum nss_status _nss_cache_getpwent_r_locked(struct passwd *result, char *buffer, size_t buflen, int *errnop) { enum nss_status ret = NSS_STATUS_SUCCESS; if (pw_file == NULL) { DEBUG("pw_file == NULL, going to setpwent\n"); ret = _nss_cache_setpwent_locked(); } if (ret == NSS_STATUS_SUCCESS) { if (fgetpwent_r(pw_file, result, buffer, buflen, &result) == 0) { DEBUG("Returning user %d:%s\n", result->pw_uid, result->pw_name); } else { if (errno == ENOENT) { errno = 0; } *errnop = errno; ret = _nss_cache_ent_bad_return_code(*errnop); } } return ret; } // _nss_cache_getpwent_r() // Called by NSS to look up next entry in passwd file enum nss_status _nss_cache_getpwent_r(struct passwd *result, char *buffer, size_t buflen, int *errnop) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_getpwent_r_locked(result, buffer, buflen, errnop); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getpwuid_r() // Find a user account by uid enum nss_status _nss_cache_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen, int *errnop) { char filename[NSS_CACHE_PATH_LENGTH]; struct nss_cache_args args; enum nss_status ret; strncpy(filename, pw_filename, NSS_CACHE_PATH_LENGTH - 1); int n = strlen(filename); if (n > NSS_CACHE_PATH_LENGTH - 7) { DEBUG("filename too long\n"); return NSS_STATUS_UNAVAIL; } strncat(filename, ".ixuid", NSS_CACHE_PATH_LENGTH - n - 1); args.sorted_filename = filename; args.system_filename = pw_filename; args.lookup_function = _nss_cache_pwuid_wrap; args.lookup_value = &uid; args.lookup_result = result; args.buffer = buffer; args.buflen = buflen; char uid_text[11]; snprintf(uid_text, sizeof(uid_text), "%d", uid); args.lookup_key = uid_text; args.lookup_key_length = strlen(uid_text); DEBUG("Binary search for uid %d\n", uid); NSS_CACHE_LOCK(); ret = _nss_cache_bsearch2(&args, errnop); if (ret == NSS_STATUS_UNAVAIL) { DEBUG("Binary search failed, falling back to full linear search\n"); ret = _nss_cache_setpwent_locked(); if (ret == NSS_STATUS_SUCCESS) { while ((ret = _nss_cache_getpwent_r_locked( result, buffer, buflen, errnop)) == NSS_STATUS_SUCCESS) { if (result->pw_uid == uid) break; } } } _nss_cache_endpwent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getpwnam_r() // Find a user account by name enum nss_status _nss_cache_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen, int *errnop) { char *pw_name; char filename[NSS_CACHE_PATH_LENGTH]; struct nss_cache_args args; enum nss_status ret; NSS_CACHE_LOCK(); // name is a const char, we need a non-const copy pw_name = malloc(strlen(name) + 1); if (pw_name == NULL) { DEBUG("malloc error\n"); return NSS_STATUS_UNAVAIL; } strncpy(pw_name, name, strlen(name) + 1); strncpy(filename, pw_filename, NSS_CACHE_PATH_LENGTH - 1); int n = strlen(filename); if (n > NSS_CACHE_PATH_LENGTH - 8) { DEBUG("filename too long\n"); free(pw_name); return NSS_STATUS_UNAVAIL; } strncat(filename, ".ixname", NSS_CACHE_PATH_LENGTH - n - 1); args.sorted_filename = filename; args.system_filename = pw_filename; args.lookup_function = _nss_cache_pwnam_wrap; args.lookup_value = pw_name; args.lookup_result = result; args.buffer = buffer; args.buflen = buflen; args.lookup_key = pw_name; args.lookup_key_length = strlen(pw_name); DEBUG("Binary search for user %s\n", pw_name); ret = _nss_cache_bsearch2(&args, errnop); if (ret == NSS_STATUS_UNAVAIL) { DEBUG("Binary search failed, falling back to full linear search\n"); ret = _nss_cache_setpwent_locked(); if (ret == NSS_STATUS_SUCCESS) { while ((ret = _nss_cache_getpwent_r_locked( result, buffer, buflen, errnop)) == NSS_STATUS_SUCCESS) { if (!strcmp(result->pw_name, name)) break; } } } free(pw_name); _nss_cache_endpwent_locked(); NSS_CACHE_UNLOCK(); return ret; } // // Routines for group map defined here. // // _nss_cache_setgrent_path() // Helper function for testing extern char *_nss_cache_setgrent_path(const char *path) { DEBUG("%s %s\n", "Setting gr_filename to", path); return strncpy(gr_filename, path, NSS_CACHE_PATH_LENGTH - 1); } // _nss_cache_setgrent_locked() // Internal setup routine static enum nss_status _nss_cache_setgrent_locked(void) { DEBUG("%s %s\n", "Opening", gr_filename); gr_file = fopen(gr_filename, "r"); if (gr_file) { return NSS_STATUS_SUCCESS; } else { return NSS_STATUS_UNAVAIL; } } // _nss_cache_grgid_wrap() // Internal wrapper for binary searches, using gid-specific calls. static enum nss_cache_match _nss_cache_grgid_wrap(FILE *file, struct nss_cache_args *args) { struct group *result = args->lookup_result; gid_t *gid = args->lookup_value; if (fgetgrent_r(file, result, args->buffer, args->buflen, &result) == 0) { if (result->gr_gid == *gid) { DEBUG("SUCCESS: found group %d:%s\n", result->gr_gid, result->gr_name); return NSS_CACHE_EXACT; } DEBUG("Failed match at gid %d\n", result->gr_gid); if (result->gr_gid > *gid) { return NSS_CACHE_HIGH; } else { return NSS_CACHE_LOW; } } return NSS_CACHE_ERROR; } // _nss_cache_grnam_wrap() // Internal wrapper for binary searches, using groupname-specific calls. static enum nss_cache_match _nss_cache_grnam_wrap(FILE *file, struct nss_cache_args *args) { struct group *result = args->lookup_result; char *name = args->lookup_value; int ret; if (fgetgrent_r(file, result, args->buffer, args->buflen, &result) == 0) { ret = strcoll(result->gr_name, name); if (ret == 0) { DEBUG("SUCCESS: found group %s\n", result->gr_name); return NSS_CACHE_EXACT; } DEBUG("Failed match at name %s\n", result->gr_name); if (ret > 0) { return NSS_CACHE_HIGH; } else { return NSS_CACHE_LOW; } } return NSS_CACHE_ERROR; } // _nss_cache_setgrent() // Called by NSS to open the group file // 'stayopen' parameter is ignored. enum nss_status _nss_cache_setgrent(int stayopen) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_setgrent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_endgrent_locked() // Internal close routine static enum nss_status _nss_cache_endgrent_locked(void) { DEBUG("Closing group.cache\n"); if (gr_file) { fclose(gr_file); gr_file = NULL; } return NSS_STATUS_SUCCESS; } // _nss_cache_endgrent() // Called by NSS to close the group file enum nss_status _nss_cache_endgrent(void) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_endgrent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getgrent_r_locked() // Called internally to return the next entry from the group file static enum nss_status _nss_cache_getgrent_r_locked(struct group *result, char *buffer, size_t buflen, int *errnop) { enum nss_status ret = NSS_STATUS_SUCCESS; if (gr_file == NULL) { DEBUG("gr_file == NULL, going to setgrent\n"); ret = _nss_cache_setgrent_locked(); } if (ret == NSS_STATUS_SUCCESS) { fpos_t position; fgetpos(gr_file, &position); if (fgetgrent_r(gr_file, result, buffer, buflen, &result) == 0) { DEBUG("Returning group %s (%d)\n", result->gr_name, result->gr_gid); } else { /* Rewind back to where we were just before, otherwise the data read * into the buffer is probably going to be lost because there's no * guarantee that the caller is going to have preserved the line we * just read. Note that glibc's nss/nss_files/files-XXX.c does * something similar in CONCAT(_nss_files_get,ENTNAME_r) (around * line 242 in glibc 2.4 sources). */ if (errno == ENOENT) { errno = 0; } else { fsetpos(gr_file, &position); } *errnop = errno; ret = _nss_cache_ent_bad_return_code(*errnop); } } return ret; } // _nss_cache_getgrent_r() // Called by NSS to look up next entry in group file enum nss_status _nss_cache_getgrent_r(struct group *result, char *buffer, size_t buflen, int *errnop) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_getgrent_r_locked(result, buffer, buflen, errnop); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getgrgid_r() // Find a group by gid enum nss_status _nss_cache_getgrgid_r(gid_t gid, struct group *result, char *buffer, size_t buflen, int *errnop) { char filename[NSS_CACHE_PATH_LENGTH]; struct nss_cache_args args; enum nss_status ret; // Since we binary search over the groups using the user provided // buffer, we do not start searching before we have a buffer that // is big enough to have a high chance of succeeding. if (buflen < (1 << 20)) { *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } strncpy(filename, gr_filename, NSS_CACHE_PATH_LENGTH - 1); int n = strlen(filename); if (n > NSS_CACHE_PATH_LENGTH - 7) { DEBUG("filename too long\n"); return NSS_STATUS_UNAVAIL; } strncat(filename, ".ixgid", NSS_CACHE_PATH_LENGTH - n - 1); args.sorted_filename = filename; args.system_filename = gr_filename; args.lookup_function = _nss_cache_grgid_wrap; args.lookup_value = &gid; args.lookup_result = result; args.buffer = buffer; args.buflen = buflen; char gid_text[11]; snprintf(gid_text, sizeof(gid_text), "%d", gid); args.lookup_key = gid_text; args.lookup_key_length = strlen(gid_text); DEBUG("Binary search for gid %d\n", gid); NSS_CACHE_LOCK(); ret = _nss_cache_bsearch2(&args, errnop); if (ret == NSS_STATUS_UNAVAIL) { DEBUG("Binary search failed, falling back to full linear search\n"); ret = _nss_cache_setgrent_locked(); if (ret == NSS_STATUS_SUCCESS) { while ((ret = _nss_cache_getgrent_r_locked( result, buffer, buflen, errnop)) == NSS_STATUS_SUCCESS) { if (result->gr_gid == gid) break; } } } _nss_cache_endgrent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getgrnam_r() // Find a group by name enum nss_status _nss_cache_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) { char *gr_name; char filename[NSS_CACHE_PATH_LENGTH]; struct nss_cache_args args; enum nss_status ret; NSS_CACHE_LOCK(); // name is a const char, we need a non-const copy gr_name = malloc(strlen(name) + 1); if (gr_name == NULL) { DEBUG("malloc error\n"); return NSS_STATUS_UNAVAIL; } strncpy(gr_name, name, strlen(name) + 1); strncpy(filename, gr_filename, NSS_CACHE_PATH_LENGTH - 1); int n = strlen(filename); if (n > NSS_CACHE_PATH_LENGTH - 8) { DEBUG("filename too long\n"); free(gr_name); return NSS_STATUS_UNAVAIL; } strncat(filename, ".ixname", NSS_CACHE_PATH_LENGTH - n - 1); args.sorted_filename = filename; args.system_filename = gr_filename; args.lookup_function = _nss_cache_grnam_wrap; args.lookup_value = gr_name; args.lookup_result = result; args.buffer = buffer; args.buflen = buflen; args.lookup_key = gr_name; args.lookup_key_length = strlen(gr_name); DEBUG("Binary search for group %s\n", gr_name); ret = _nss_cache_bsearch2(&args, errnop); if (ret == NSS_STATUS_UNAVAIL) { DEBUG("Binary search failed, falling back to full linear search\n"); ret = _nss_cache_setgrent_locked(); if (ret == NSS_STATUS_SUCCESS) { while ((ret = _nss_cache_getgrent_r_locked( result, buffer, buflen, errnop)) == NSS_STATUS_SUCCESS) { if (!strcmp(result->gr_name, name)) break; } } } free(gr_name); _nss_cache_endgrent_locked(); NSS_CACHE_UNLOCK(); return ret; } // // Routines for shadow map defined here. // #if defined(__linux__) && defined(__GLIBC__) // This is only built on GLIBC as caching the shadow file is generally // not permissable from the perspective of other libc's, so the // symbols are simply unused in those environments. // _nss_cache_setspent_path() // Helper function for testing extern char *_nss_cache_setspent_path(const char *path) { DEBUG("%s %s\n", "Setting sp_filename to", path); return strncpy(sp_filename, path, NSS_CACHE_PATH_LENGTH - 1); } // _nss_cache_setspent_locked() // Internal setup routine static enum nss_status _nss_cache_setspent_locked(void) { DEBUG("%s %s\n", "Opening", sp_filename); sp_file = fopen(sp_filename, "r"); if (sp_file) { return NSS_STATUS_SUCCESS; } else { return NSS_STATUS_UNAVAIL; } } // _nss_cache_spnam_wrap() // Internal wrapper for binary searches, using shadow-specific calls. static enum nss_cache_match _nss_cache_spnam_wrap(FILE *file, struct nss_cache_args *args) { struct spwd *result = args->lookup_result; char *name = args->lookup_value; int ret; if (fgetspent_r(file, result, args->buffer, args->buflen, &result) == 0) { ret = strcoll(result->sp_namp, name); if (ret == 0) { DEBUG("SUCCESS: found user %s\n", result->sp_namp); return NSS_CACHE_EXACT; } DEBUG("Failed match at name %s\n", result->sp_namp); if (ret > 0) { return NSS_CACHE_HIGH; } else { return NSS_CACHE_LOW; } } return NSS_CACHE_ERROR; } // _nss_cache_setspent() // Called by NSS to open the shadow file // 'stayopen' parameter is ignored. enum nss_status _nss_cache_setspent(int stayopen) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_setspent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_endspent_locked() // Internal close routine static enum nss_status _nss_cache_endspent_locked(void) { DEBUG("Closing shadow.cache\n"); if (sp_file) { fclose(sp_file); sp_file = NULL; } return NSS_STATUS_SUCCESS; } // _nss_cache_endspent() // Called by NSS to close the shadow file enum nss_status _nss_cache_endspent(void) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_endspent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getspent_r_locked() // Called internally to return the next entry from the shadow file static enum nss_status _nss_cache_getspent_r_locked(struct spwd *result, char *buffer, size_t buflen, int *errnop) { enum nss_status ret = NSS_STATUS_SUCCESS; if (sp_file == NULL) { DEBUG("sp_file == NULL, going to setspent\n"); ret = _nss_cache_setspent_locked(); } if (ret == NSS_STATUS_SUCCESS) { if (fgetspent_r(sp_file, result, buffer, buflen, &result) == 0) { DEBUG("Returning shadow entry %s\n", result->sp_namp); } else { if (errno == ENOENT) { errno = 0; } *errnop = errno; ret = _nss_cache_ent_bad_return_code(*errnop); } } return ret; } // _nss_cache_getspent_r() // Called by NSS to look up next entry in the shadow file enum nss_status _nss_cache_getspent_r(struct spwd *result, char *buffer, size_t buflen, int *errnop) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_getspent_r_locked(result, buffer, buflen, errnop); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getspnam_r() // Find a user by name enum nss_status _nss_cache_getspnam_r(const char *name, struct spwd *result, char *buffer, size_t buflen, int *errnop) { char *sp_namp; char filename[NSS_CACHE_PATH_LENGTH]; struct nss_cache_args args; enum nss_status ret; NSS_CACHE_LOCK(); // name is a const char, we need a non-const copy sp_namp = malloc(strlen(name) + 1); if (sp_namp == NULL) { DEBUG("malloc error\n"); return NSS_STATUS_UNAVAIL; } strncpy(sp_namp, name, strlen(name) + 1); strncpy(filename, sp_filename, NSS_CACHE_PATH_LENGTH - 1); int n = strlen(filename); if (n > NSS_CACHE_PATH_LENGTH - 8) { DEBUG("filename too long\n"); free(sp_namp); return NSS_STATUS_UNAVAIL; } strncat(filename, ".ixname", NSS_CACHE_PATH_LENGTH - n - 1); args.sorted_filename = filename; args.system_filename = sp_filename; args.lookup_function = _nss_cache_spnam_wrap; args.lookup_value = sp_namp; args.lookup_result = result; args.buffer = buffer; args.buflen = buflen; args.lookup_key = sp_namp; args.lookup_key_length = strlen(sp_namp); DEBUG("Binary search for user %s\n", sp_namp); ret = _nss_cache_bsearch2(&args, errnop); if (ret == NSS_STATUS_UNAVAIL) { DEBUG("Binary search failed, falling back to full linear search\n"); ret = _nss_cache_setspent_locked(); if (ret == NSS_STATUS_SUCCESS) { while ((ret = _nss_cache_getspent_r_locked( result, buffer, buflen, errnop)) == NSS_STATUS_SUCCESS) { if (!strcmp(result->sp_namp, name)) break; } } } free(sp_namp); _nss_cache_endspent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_setsgent_path() // Helper function for testing extern char *_nss_cache_setsgent_path(const char *path) { DEBUG("%s %s\n", "Setting sg_filename to", path); return strncpy(sg_filename, path, NSS_CACHE_PATH_LENGTH - 1); } // _nss_cache_setsgent_locked() // Internal setup routine static enum nss_status _nss_cache_setsgent_locked(void) { DEBUG("%s %s\n", "Opening", sg_filename); sg_file = fopen(sg_filename, "r"); if (sg_file) { return NSS_STATUS_SUCCESS; } else { return NSS_STATUS_UNAVAIL; } } // _nss_cache_sgnam_wrap() // Internal wrapper for binary searches, using shadow-specific calls. static enum nss_cache_match _nss_cache_sgnam_wrap(FILE *file, struct nss_cache_args *args) { struct sgrp *result = args->lookup_result; char *name = args->lookup_value; int ret; if (fgetsgent_r(file, result, args->buffer, args->buflen, &result) == 0) { ret = strcoll(result->sg_namp, name); if (ret == 0) { DEBUG("SUCCESS: found user %s\n", result->sg_namp); return NSS_CACHE_EXACT; } DEBUG("Failed match at name %s\n", result->sg_namp); if (ret > 0) { return NSS_CACHE_HIGH; } else { return NSS_CACHE_LOW; } } return NSS_CACHE_ERROR; } // _nss_cache_setsgent() // Called by NSS to open the shadow file // 'stayopen' parameter is ignored. enum nss_status _nss_cache_setsgent(int stayopen) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_setsgent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_endsgent_locked() // Internal close routine static enum nss_status _nss_cache_endsgent_locked(void) { DEBUG("Closing gshadow.cache\n"); if (sg_file) { fclose(sg_file); sg_file = NULL; } return NSS_STATUS_SUCCESS; } // _nss_cache_endsgent() // Called by NSS to close the shadow file enum nss_status _nss_cache_endsgent(void) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_endsgent_locked(); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getsgent_r_locked() // Called internally to return the next entry from the shadow file static enum nss_status _nss_cache_getsgent_r_locked(struct sgrp *result, char *buffer, size_t buflen, int *errnop) { enum nss_status ret = NSS_STATUS_SUCCESS; if (sg_file == NULL) { DEBUG("sg_file == NULL, going to setsgent\n"); ret = _nss_cache_setsgent_locked(); } if (ret == NSS_STATUS_SUCCESS) { if (fgetsgent_r(sg_file, result, buffer, buflen, &result) == 0) { DEBUG("Returning gshadow entry %s\n", result->sg_namp); } else { if (errno == ENOENT) { errno = 0; } *errnop = errno; ret = _nss_cache_ent_bad_return_code(*errnop); } } return ret; } // _nss_cache_getsgent_r() // Called by NSS to look up next entry in the shadow file enum nss_status _nss_cache_getsgent_r(struct sgrp *result, char *buffer, size_t buflen, int *errnop) { enum nss_status ret; NSS_CACHE_LOCK(); ret = _nss_cache_getsgent_r_locked(result, buffer, buflen, errnop); NSS_CACHE_UNLOCK(); return ret; } // _nss_cache_getsgnam_r() // Find a user by name enum nss_status _nss_cache_getsgnam_r(const char *name, struct sgrp *result, char *buffer, size_t buflen, int *errnop) { char *sg_namp; char filename[NSS_CACHE_PATH_LENGTH]; struct nss_cache_args args; enum nss_status ret; NSS_CACHE_LOCK(); // name is a const char, we need a non-const copy sg_namp = malloc(strlen(name) + 1); if (sg_namp == NULL) { DEBUG("malloc error\n"); return NSS_STATUS_UNAVAIL; } strncpy(sg_namp, name, strlen(name) + 1); strncpy(filename, sg_filename, NSS_CACHE_PATH_LENGTH - 1); int n = strlen(filename); if (n > NSS_CACHE_PATH_LENGTH - 8) { DEBUG("filename too long\n"); free(sg_namp); return NSS_STATUS_UNAVAIL; } strncat(filename, ".ixname", NSS_CACHE_PATH_LENGTH - n - 1); args.sorted_filename = filename; args.system_filename = sg_filename; args.lookup_function = _nss_cache_sgnam_wrap; args.lookup_value = sg_namp; args.lookup_result = result; args.buffer = buffer; args.buflen = buflen; args.lookup_key = sg_namp; args.lookup_key_length = strlen(sg_namp); DEBUG("Binary search for user %s\n", sg_namp); ret = _nss_cache_bsearch2(&args, errnop); if (ret == NSS_STATUS_UNAVAIL) { DEBUG("Binary search failed, falling back to full linear search\n"); ret = _nss_cache_setsgent_locked(); if (ret == NSS_STATUS_SUCCESS) { while ((ret = _nss_cache_getsgent_r_locked( result, buffer, buflen, errnop)) == NSS_STATUS_SUCCESS) { if (!strcmp(result->sg_namp, name)) break; } } } free(sg_namp); _nss_cache_endsgent_locked(); NSS_CACHE_UNLOCK(); return ret; } #endif #ifdef BSD #include "bsdnss.c" #endif // #if defined(__linux__) && defined(__GLIBC__) libnss-cache-0.22/nss_cache.h000066400000000000000000000040221472441152500160720ustar00rootroot00000000000000/* Copyright 2009 Google Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA */ #include #include #include #include #include #include #include #include #include #include #include #include #ifndef BSD #include #include #endif /* ifndef BSD */ #ifndef NSS_CACHE_H #define NSS_CACHE_H #ifdef DEBUG #undef DEBUG #define DEBUG(fmt, ...) \ do { \ fprintf(stderr, fmt, ##__VA_ARGS__); \ } while (0) #else #define DEBUG(fmt, ...) \ do { \ } while (0) #endif /* DEBUG */ #define NSS_CACHE_PATH_LENGTH 255 extern char *_nss_cache_setpwent_path(const char *path); extern char *_nss_cache_setgrent_path(const char *path); #ifndef BSD extern char *_nss_cache_setspent_path(const char *path); extern char *_nss_cache_setsgent_path(const char *path); #endif /* ifndef BSD */ enum nss_cache_match { NSS_CACHE_EXACT = 0, NSS_CACHE_HIGH = 1, NSS_CACHE_LOW = 2, NSS_CACHE_ERROR = 3 }; struct nss_cache_args { char *system_filename; char *sorted_filename; void *lookup_function; void *lookup_value; void *lookup_result; char *buffer; size_t buflen; char *lookup_key; size_t lookup_key_length; }; #endif /* NSS_CACHE_H */ libnss-cache-0.22/nss_test.h000066400000000000000000000064351472441152500160200ustar00rootroot00000000000000/* Copyright 2009 Google Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA */ #include #include #include #include #include #ifndef BSD #include #include #endif // ifndef BSD #ifndef NSS_TEST_H #define NSS_TEST_H const char *PASSWD_FILE = ".testdata/passwd.cache"; const char *GROUP_FILE = ".testdata/group.cache"; #ifndef BSD const char *SHADOW_FILE = ".testdata/shadow.cache"; const char *GSHADOW_FILE = ".testdata/gshadow.cache"; #endif // ifndef BSD extern enum nss_status _nss_cache_getpwent_r(struct passwd *result, char *buffer, size_t buflen, int *errnop); extern enum nss_status _nss_cache_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen, int *errnop); extern enum nss_status _nss_cache_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen, int *errnop); extern enum nss_status _nss_cache_getgrent_r(struct group *result, char *buffer, size_t buflen, int *errnop); extern enum nss_status _nss_cache_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop); extern enum nss_status _nss_cache_getgrgid_r(gid_t gid, struct group *result, char *buffer, size_t buflen, int *errnop); #ifndef BSD extern enum nss_status _nss_cache_getspnam_r(const char *name, struct spwd *result, char *buffer, size_t buflen, int *errnop); extern enum nss_status _nss_cache_getspent_r(struct spwd *result, char *buffer, size_t buflen, int *errnop); extern enum nss_status _nss_cache_getsgnam_r(const char *name, struct sgrp *result, char *buffer, size_t buflen, int *errnop); extern enum nss_status _nss_cache_getsgent_r(struct sgrp *result, char *buffer, size_t buflen, int *errnop); extern char *_nss_cache_setpwent_path(const char *path); #endif // ifndef BSD #endif /* NSS_TEST_H */ libnss-cache-0.22/scripts/000077500000000000000000000000001472441152500154645ustar00rootroot00000000000000libnss-cache-0.22/scripts/gentestdata.sh000077500000000000000000000014441472441152500203310ustar00rootroot00000000000000#!/bin/bash set -e -u export LC_ALL=C.UTF-8 outdir="$1" for _i in `seq 1 2500` ; do uid=$(tr -cd [:alpha:] < /dev/urandom | head -c8) name=$(tr -cd [:alpha:] < /dev/urandom | head -c32) printf "%s:x:%d:1000:%s:/home/%s:/bin/nologin\n" "$uid" $_i "$name" "$uid" done > "${outdir}/passwd.cache" for _i in `seq 1 2500` ; do gid=$(tr -cd [:alpha:] < /dev/urandom | head -c8) name=$(tr -cd [:alpha:] < /dev/urandom | head -c32) printf "%s:x:%d:\n" "$gid" $_i done > "${outdir}/group.cache" while read line ; do uid=$(echo $line | cut -f1 -d:) printf "%s::::::::\n" $uid done < "${outdir}/passwd.cache" > "${outdir}/shadow.cache" while read line ; do gid=$(echo $line | cut -f1 -d:) printf "%s:::\n" $gid done < "${outdir}/group.cache" > "${outdir}/gshadow.cache" libnss-cache-0.22/scripts/index.sh000077500000000000000000000010211472441152500171240ustar00rootroot00000000000000#!/bin/bash in=$1 column=$2 out=$3 map=$(mktemp /tmp/libnss.XXXXXX) strings -at d "$in" > "$map" : > "$out" exec 2>/dev/null for value in $(tr -s [:blank:] ! < "$map" | cut -f3 -d! | cut -f"$column" -d: | LC_COLLATE=C sort) ; do offset=$(grep "$value" "$map" | tr -s [:blank:] ! | cut -f2 -d!) printf "%s\0%d\0" "$value" "$offset" >> "$out" len=$(printf "%s\0%d\0" "$value" "$offset" | wc -c) for _i in $(seq 1 $((16-len))) ; do printf "\0" >> "$out" done printf "\n" >> "$out" done rm "$map" libnss-cache-0.22/test/000077500000000000000000000000001472441152500147545ustar00rootroot00000000000000libnss-cache-0.22/test/last_pw_errno_test.c000066400000000000000000000004701472441152500210360ustar00rootroot00000000000000#include #include #include #include int main(int argc, char **argv) { setpwent(); for (;;) { errno = 0; struct passwd *pw = getpwent(); if (!pw) { if (errno != 0) printf("ERRNO: %u %m\n", errno); break; } } endpwent(); return 0; }