[SCM] NSS Wrapper Repository - branch master updated
Andreas Schneider
asn at samba.org
Mon Sep 14 13:12:59 UTC 2015
The branch, master has been updated
via 59cec08 nwrap: Implement nwrap_files_initgroups()
via 0a3339b nwrap: Remove unneeded memcpy in getgrouplist()
via 0d4dd43 nwrap: Avoid a string comparsion in getgrouplist()
from 5c5416b TESTS: Add assertions to tests.
https://git.samba.org/?p=nss_wrapper.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 59cec08847e1b656bf230afaf4e68cdd258cd3e5
Author: Andreas Schneider <asn at samba.org>
Date: Fri Sep 11 13:37:57 2015 +0200
nwrap: Implement nwrap_files_initgroups()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 0a3339b4a962a20d461fdb5ea3e2dd8b5ffd18a7
Author: Andreas Schneider <asn at samba.org>
Date: Mon Sep 14 14:57:40 2015 +0200
nwrap: Remove unneeded memcpy in getgrouplist()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 0d4dd4307f3e54a241c6f634f96df42aa2a0136b
Author: Andreas Schneider <asn at samba.org>
Date: Mon Sep 14 14:52:51 2015 +0200
nwrap: Avoid a string comparsion in getgrouplist()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
doc/nss_wrapper.1 | 7 +++--
doc/nss_wrapper.1.txt | 8 ++++++
src/nss_wrapper.c | 78 ++++++++++++++++++++++++++++++++++++++++-----------
3 files changed, 74 insertions(+), 19 deletions(-)
Changeset truncated at 500 lines:
diff --git a/doc/nss_wrapper.1 b/doc/nss_wrapper.1
index 0224f83..940438d 100644
--- a/doc/nss_wrapper.1
+++ b/doc/nss_wrapper.1
@@ -2,12 +2,12 @@
.\" Title: nss_wrapper
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 07/09/2014
+.\" Date: 2015-09-12
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "NSS_WRAPPER" "1" "07/09/2014" "\ \&" "\ \&"
+.TH "NSS_WRAPPER" "1" "2015\-09\-12" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -70,6 +70,9 @@ Network name resolution using a hosts file\&.
.\}
Loading and testing of NSS modules\&.
.RE
+.SH "LIMITATIONS"
+.sp
+Some calls in nss_wrapper will only work if uid_wrapper is loaded and active\&. One of this functions is initgroups() which needs to run setgroups() to set the groups for the user\&. setgroups() is wrapped by uid_wrapper\&.
.SH "ENVIRONMENT VARIABLES"
.PP
\fBNSS_WRAPPER_PASSWD\fR, \fBNSS_WRAPPER_GROUP\fR
diff --git a/doc/nss_wrapper.1.txt b/doc/nss_wrapper.1.txt
index 1e5e929..d541e31 100644
--- a/doc/nss_wrapper.1.txt
+++ b/doc/nss_wrapper.1.txt
@@ -1,5 +1,6 @@
nss_wrapper(1)
==============
+:revdate: 2015-09-12
NAME
----
@@ -30,6 +31,13 @@ with socket_wrapper.
- Network name resolution using a hosts file.
- Loading and testing of NSS modules.
+LIMITATIONS
+-----------
+
+Some calls in nss_wrapper will only work if uid_wrapper is loaded and active.
+One of this functions is initgroups() which needs to run setgroups() to set
+the groups for the user. setgroups() is wrapped by uid_wrapper.
+
ENVIRONMENT VARIABLES
---------------------
diff --git a/src/nss_wrapper.c b/src/nss_wrapper.c
index 2abbc24..b2b715e 100644
--- a/src/nss_wrapper.c
+++ b/src/nss_wrapper.c
@@ -2204,14 +2204,65 @@ static void nwrap_files_endpwent(struct nwrap_backend *b)
/* misc functions */
static int nwrap_files_initgroups(struct nwrap_backend *b,
- const char *user, gid_t group)
+ const char *user,
+ gid_t group)
{
- (void) b; /* unused */
- (void) user; /* unused */
- (void) group; /* used */
+ struct group *grp;
+ gid_t *groups;
+ int size = 1;
+ int rc;
+
+ groups = (gid_t *)malloc(size * sizeof(gid_t));
+ if (groups == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
+ errno = ENOMEM;
+ return -1;
+ }
+ groups[0] = group;
+
+ nwrap_files_setgrent(b);
+ while ((grp = nwrap_files_getgrent(b)) != NULL) {
+ int i = 0;
+
+ NWRAP_LOG(NWRAP_LOG_DEBUG,
+ "Inspecting %s for group membership",
+ grp->gr_name);
+
+ for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
+ if (group != grp->gr_gid &&
+ (strcmp(user, grp->gr_mem[i]) == 0)) {
+ NWRAP_LOG(NWRAP_LOG_DEBUG,
+ "%s is member of %s",
+ user,
+ grp->gr_name);
+
+ groups = (gid_t *)realloc(groups,
+ (size + 1) * sizeof(gid_t));
+ if (groups == NULL) {
+ NWRAP_LOG(NWRAP_LOG_ERROR,
+ "Out of memory");
+ errno = ENOMEM;
+ return -1;
+ }
+
+ groups[size] = grp->gr_gid;
+ size++;
+ }
+ }
+ }
+
+ nwrap_files_endgrent(b);
+
+ NWRAP_LOG(NWRAP_LOG_DEBUG,
+ "%s is member of %d groups",
+ user, size);
- /* TODO: maybe we should also fake this... */
- return EPERM;
+ /* This really only works if uid_wrapper is loaded */
+ rc = setgroups(size, groups);
+
+ free(groups);
+
+ return rc;
}
/* group functions */
@@ -3552,7 +3603,6 @@ static int nwrap_getgrouplist(const char *user, gid_t group,
struct group *grp;
gid_t *groups_tmp;
int count = 1;
- const char *name_of_group = "";
NWRAP_LOG(NWRAP_LOG_DEBUG, "getgrouplist called for %s", user);
@@ -3562,13 +3612,7 @@ static int nwrap_getgrouplist(const char *user, gid_t group,
errno = ENOMEM;
return -1;
}
-
- memcpy(groups_tmp, &group, sizeof(gid_t));
-
- grp = nwrap_getgrgid(group);
- if (grp) {
- name_of_group = grp->gr_name;
- }
+ groups_tmp[0] = group;
nwrap_setgrent();
while ((grp = nwrap_getgrent()) != NULL) {
@@ -3580,8 +3624,8 @@ static int nwrap_getgrouplist(const char *user, gid_t group,
for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
- if ((strcmp(user, grp->gr_mem[i]) == 0) &&
- (strcmp(name_of_group, grp->gr_name) != 0)) {
+ if (group != grp->gr_gid &&
+ (strcmp(user, grp->gr_mem[i]) == 0)) {
NWRAP_LOG(NWRAP_LOG_DEBUG,
"%s is member of %s",
@@ -3595,8 +3639,8 @@ static int nwrap_getgrouplist(const char *user, gid_t group,
errno = ENOMEM;
return -1;
}
+ groups_tmp[count] = grp->gr_gid;
- memcpy(&groups_tmp[count], &grp->gr_gid, sizeof(gid_t));
count++;
}
}
--
NSS Wrapper Repository
More information about the samba-cvs
mailing list