[SCM] NSS Wrapper Repository - branch master updated
Andreas Schneider
asn at samba.org
Fri Jul 5 08:34:22 UTC 2024
The branch, master has been updated
via 2270a7c Bump version to 1.1.16
via f60b5ac doc: Regenerate nss_wrapper manpage
via 20c5165 doc: Rename to nss_wrapper.1.adoc
via 53dc194 doc: Correctly describe the supported format of passwd and group files
via e585cca nswrap: Fix filling pw_class in nwrap_pw_parse_line()
via fab4302 gitlab-ci: Disable ASLR for TSAN
via 312e75a gitlab-ci: Adopt to gitlab changes
from 199b6bc src: Fix copy‐paste error referring to wrong variable (Samba CID 1609453)
https://git.samba.org/?p=nss_wrapper.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2270a7cda76de28c554a7ed1167e49ce19a0fc2f
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 5 08:03:30 2024 +0200
Bump version to 1.1.16
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f60b5ac0fda0a789c87297a7e6fb603ad88d687b
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 5 10:16:16 2024 +0200
doc: Regenerate nss_wrapper manpage
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 20c51654f2856bd5fc4412700a379cf7a0256842
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 5 10:15:14 2024 +0200
doc: Rename to nss_wrapper.1.adoc
This will give correct highlighting when opening the file.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 53dc194fcce75a4c45c62ce0e42a3c8a18cf951f
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 5 10:14:22 2024 +0200
doc: Correctly describe the supported format of passwd and group files
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e585ccae82ad797655ffbe34f919705ffadef597
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 5 10:21:44 2024 +0200
nswrap: Fix filling pw_class in nwrap_pw_parse_line()
This fixes a segfault on FreeBSD.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
commit fab4302d00bcd670102f823864fa5a5c877494d5
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 5 07:59:47 2024 +0200
gitlab-ci: Disable ASLR for TSAN
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 312e75a5b714e6c6ae0b4a2a886e0399a796a283
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 5 07:55:45 2024 +0200
gitlab-ci: Adopt to gitlab changes
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml | 27 +---
CHANGELOG | 6 +
CMakeLists.txt | 4 +-
doc/README | 6 +-
doc/nss_wrapper.1 | 191 +++++++++++++++-----------
doc/{nss_wrapper.1.txt => nss_wrapper.1.adoc} | 12 +-
src/nss_wrapper.c | 9 +-
7 files changed, 141 insertions(+), 114 deletions(-)
rename doc/{nss_wrapper.1.txt => nss_wrapper.1.adoc} (92%)
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f35b1f3..65b68c2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,8 +21,6 @@ centos7/x86_64:
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -40,8 +38,6 @@ fedora/x86_64:
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -59,8 +55,6 @@ fedora/address-sanitizer:
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -77,8 +71,6 @@ fedora/undefined-sanitizer:
-DCMAKE_BUILD_TYPE=UndefinedSanitizer
-DUNIT_TESTING=ON ..
&& make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -91,14 +83,15 @@ fedora/thread-sanitizer:
stage: analysis
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
+ # Workaround for TSAN with ASLR on newer kernel
+ # https://github.com/google/sanitizers/issues/1716
- export TSAN_OPTIONS=second_deadlock_stack=1
- mkdir -p obj && cd obj && cmake
-DCMAKE_BUILD_TYPE=ThreadSanitizer
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
+ make -j$(nproc) &&
+ setarch --addr-no-randomize -- ctest --output-on-failure
except:
- tags
artifacts:
@@ -129,8 +122,6 @@ fedora/csbuild:
--git-commit-range $CI_COMMIT_RANGE
--color
--print-current --print-fixed
- tags:
- - shared
except:
- tags
artifacts:
@@ -170,8 +161,6 @@ tumbleweed/x86_64/gcc:
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -190,8 +179,6 @@ tumbleweed/x86_64/gcc7:
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -210,8 +197,6 @@ tumbleweed/x86_64/clang:
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -232,8 +217,6 @@ tumbleweed/static-analysis:
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
scan-build --status-bugs -o scan make -j$(nproc)
- tags:
- - shared
except:
- tags
artifacts:
@@ -250,8 +233,6 @@ ubuntu/x86_64:
-DCMAKE_BUILD_TYPE=RelWithDebInfo
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
diff --git a/CHANGELOG b/CHANGELOG
index 2cd0423..250e519 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,12 @@
ChangeLog
==========
+version 1.1.16 (released 2024-07-05)
+ * Fixed segfault on FreeBSD
+ * Fixed copy&paste error in the destructor
+ * Fixed thread sanitizer on modern Linux Kernels
+ * Fixed building with newer cmocka versions
+
version 1.1.15 (released 2023-01-25)
* Fixed linking issue in tests
* Fixed a memory leak in tests
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2f7c91a..348c491 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,7 +11,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
include(DefineCMakeDefaults)
include(DefineCompilerFlags)
-project(nss_wrapper VERSION 1.1.15 LANGUAGES C)
+project(nss_wrapper VERSION 1.1.16 LANGUAGES C)
# global needed variables
set(APPLICATION_NAME ${PROJECT_NAME})
@@ -25,7 +25,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
# Increment PATCH.
set(LIBRARY_VERSION_MAJOR 0)
set(LIBRARY_VERSION_MINOR 3)
-set(LIBRARY_VERSION_PATCH 4)
+set(LIBRARY_VERSION_PATCH 5)
set(LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}")
set(LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR})
diff --git a/doc/README b/doc/README
index 7217244..6202ebe 100644
--- a/doc/README
+++ b/doc/README
@@ -1,3 +1,7 @@
The manpage is written with asciidoc. To generate the manpage use:
-a2x --doctype manpage --format manpage doc/nss_wrapper.1.txt
+ asciidoctor -b manpage doc/nss_wrapper.1.adoc
+
+or
+
+ a2x --doctype manpage --format manpage doc/nss_wrapper.1.adoc
diff --git a/doc/nss_wrapper.1 b/doc/nss_wrapper.1
index 78727b3..bf6a035 100644
--- a/doc/nss_wrapper.1
+++ b/doc/nss_wrapper.1
@@ -1,52 +1,60 @@
'\" t
.\" Title: nss_wrapper
.\" Author: Samba Team
-.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 2019-05-21
+.\" Generator: Asciidoctor 2.0.23
+.\" Date: 2024-07-05
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "NSS_WRAPPER" "1" "2019\-05\-21" "\ \&" "\ \&"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.TH "NSS_WRAPPER" "1" "2024-07-05" "\ \&" "\ \&"
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
+.ss \n[.ss] 0
.nh
-.\" disable justification (adjust text to left margin only)
.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
+.de URL
+\fI\\$2\fP <\\$1>\\$3
+..
+.als MTO URL
+.if \n[.g] \{\
+. mso www.tmac
+. am URL
+. ad l
+. .
+. am MTO
+. ad l
+. .
+. LINKSTYLE blue R < >
+.\}
.SH "NAME"
nss_wrapper \- A wrapper for the user, group and hosts NSS API
.SH "SYNOPSIS"
.sp
-LD_PRELOAD=libnss_wrapper\&.so NSS_WRAPPER_PASSWD=/path/to/passwd NSS_WRAPPER_GROUP=/path/to/group NSS_WRAPPER_HOSTS=/path/to/host \fB\&./myapplication\fR
+LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_PASSWD=/path/to/passwd NSS_WRAPPER_GROUP=/path/to/group NSS_WRAPPER_HOSTS=/path/to/host \fB./myapplication\fP
.SH "DESCRIPTION"
.sp
-There are projects which provide daemons needing to be able to create, modify and delete Unix users\&. Or just switch user ids to interact with the system e\&.g\&. a user space file server\&. To be able to test that you need the privilege to modify the passwd and groups file\&. With nss_wrapper it is possible to define your own passwd and groups file which will be used by software to act correctly while under test\&.
+There are projects which provide daemons needing to be able to create, modify
+and delete Unix users. Or just switch user ids to interact with the system e.g.
+a user space file server. To be able to test that you need the privilege to
+modify the passwd and groups file. With nss_wrapper it is possible to define
+your own passwd and groups file which will be used by software to act correctly
+while under test.
.sp
-If you have a client and server under test they normally use functions to resolve network names to addresses (dns) or vice versa\&. The nss_wrappers allow you to create a hosts file to setup name resolution for the addresses you use with socket_wrapper\&.
+If you have a client and server under test they normally use functions to
+resolve network names to addresses (dns) or vice versa. The nss_wrappers allow
+you to create a hosts file to setup name resolution for the addresses you use
+with socket_wrapper.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
-.sp -1
-.IP \(bu 2.3
+. sp -1
+. IP \(bu 2.3
.\}
-Provides information for user and group accounts\&.
+Provides information for user and group accounts.
.RE
.sp
.RS 4
@@ -54,10 +62,10 @@ Provides information for user and group accounts\&.
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
-.sp -1
-.IP \(bu 2.3
+. sp -1
+. IP \(bu 2.3
.\}
-Network name resolution using a hosts file\&.
+Network name resolution using a hosts file.
.RE
.sp
.RS 4
@@ -65,66 +73,85 @@ Network name resolution using a hosts file\&.
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
-.sp -1
-.IP \(bu 2.3
+. sp -1
+. IP \(bu 2.3
.\}
-Loading and testing of NSS modules\&.
+Loading and testing of NSS modules.
.RE
.SH "LIMITATIONS"
.sp
-Some calls in nss_wrapper will only work if uid_wrapper is loaded and active\&. One of this functions is initgroups() which needs to run setgroups() to set the groups for the user\&. setgroups() is wrapped by uid_wrapper\&.
+Some calls in nss_wrapper will only work if uid_wrapper is loaded and active.
+One of this functions is initgroups() which needs to run setgroups() to set
+the groups for the user. setgroups() is wrapped by uid_wrapper.
.SH "ENVIRONMENT VARIABLES"
-.PP
-\fBNSS_WRAPPER_PASSWD\fR, \fBNSS_WRAPPER_GROUP\fR
+.sp
+\fBNSS_WRAPPER_PASSWD\fP, \fBNSS_WRAPPER_GROUP\fP
.RS 4
-For user and group accounts you need to create two files:
-\fIpasswd\fR
-and
-\fIgroup\fR\&. The format of the passwd file is described in
-\fIman 5 passwd\fR
-and the group file in
-\fIman 5 group\fR\&. So you can fill these files with made up accounts\&. You point nss_wrapper to them using the two variables NSS_WRAPPER_PASSWD=/path/to/your/passwd and NSS_WRAPPER_GROUP=/path/to/your/group\&.
+For user and group accounts you need to create two files: \fIpasswd\fP and \fIgroup\fP.
+The format of the passwd file we support is:
.RE
-.PP
-\fBNSS_WRAPPER_HOSTS\fR
+.sp
+name:password:UID:GID:GECOS:directory:shell
+.sp
+The format of the group file we support is:
+.sp
+group_name:password:GID:user_list
+.sp
+They are also described in \fIman passwd.5\fP and \fIman group.5\fP on Linux. You can
+fill these files with made up accounts. You point
+nss_wrapper to them using the two variables
+NSS_WRAPPER_PASSWD=/path/to/your/passwd and
+NSS_WRAPPER_GROUP=/path/to/your/group.
+.sp
+\fBNSS_WRAPPER_HOSTS\fP
.RS 4
-If you also need to emulate network name resolution in your environment, especially with socket_wrapper, you can write a hosts file\&. The format is described in
-\fIman 5 hosts\fR\&. Then you can point nss_wrapper to your hosts file using: NSS_WRAPPER_HOSTS=/path/to/your/hosts
+If you also need to emulate network name resolution in your environment,
+especially with socket_wrapper, you can write a hosts file. The format is
+described in \fIman 5 hosts\fP. Then you can point nss_wrapper to your hosts
+file using: NSS_WRAPPER_HOSTS=/path/to/your/hosts
.RE
-.PP
-\fBNSS_WRAPPER_HOSTNAME\fR
+.sp
+\fBNSS_WRAPPER_HOSTNAME\fP
.RS 4
-If you need to return a hostname which is different from the one of your machine is using you can use: NSS_WRAPPER_HOSTNAME=test\&.example\&.org
+If you need to return a hostname which is different from the one of your
+machine is using you can use: NSS_WRAPPER_HOSTNAME=test.example.org
.RE
-.PP
-\fBNSS_WRAPPER_MODULE_SO_PATH\fR, \fBNSS_WRAPPER_MODULE_FN_PREFIX\fR
+.sp
+\fBNSS_WRAPPER_MODULE_SO_PATH\fP, \fBNSS_WRAPPER_MODULE_FN_PREFIX\fP
.RS 4
-If you have a project which also provides user and group information out of a database, you normally write your own nss modules\&. nss_wrapper is able to load nss modules and ask them first before looking into the faked passwd and group file\&. To point nss_wrapper to the module you can do that using NSS_WRAPPER_MODULE_SO_PATH=/path/to/libnss_yourmodule\&.so\&. As each nss module has a special prefix like _nss_winbind_getpwnam() you need to set the prefix too so nss_wrapper can load the functions with NSS_WRAPPER_MODULE_FN_PREFIX=<prefix>\&.
+If you have a project which also provides user and group information out of a
+database, you normally write your own nss modules. nss_wrapper is able to load
+nss modules and ask them first before looking into the faked passwd and group
+file. To point nss_wrapper to the module you can do that using
+NSS_WRAPPER_MODULE_SO_PATH=/path/to/libnss_yourmodule.so. As each nss module
+has a special prefix like _nss_winbind_getpwnam() you need to set the prefix
+too so nss_wrapper can load the functions with
+NSS_WRAPPER_MODULE_FN_PREFIX=<prefix>.
.RE
.sp
For _nss_winbind_getpwnam() this would be:
.sp
-.if n \{\
-.RS 4
-.\}
+.if n .RS 4
.nf
+.fam C
NSS_WRAPPER_MODULE_FN_PREFIX=winbind
+.fam
.fi
-.if n \{\
-.RE
-.\}
-.PP
-\fBNSS_WRAPPER_DEBUGLEVEL\fR
+.if n .RE
+.sp
+\fBNSS_WRAPPER_DEBUGLEVEL\fP
.RS 4
-If you need to see what is going on in nss_wrapper itself or try to find a bug, you can enable logging support in nss_wrapper if you built it with debug symbols\&.
+If you need to see what is going on in nss_wrapper itself or try to find a
+bug, you can enable logging support in nss_wrapper if you built it with
+debug symbols.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
-.sp -1
-.IP \(bu 2.3
+. sp -1
+. IP \(bu 2.3
.\}
0 = ERROR
.RE
@@ -134,8 +161,8 @@ If you need to see what is going on in nss_wrapper itself or try to find a bug,
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
-.sp -1
-.IP \(bu 2.3
+. sp -1
+. IP \(bu 2.3
.\}
1 = WARNING
.RE
@@ -145,8 +172,8 @@ If you need to see what is going on in nss_wrapper itself or try to find a bug,
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
-.sp -1
-.IP \(bu 2.3
+. sp -1
+. IP \(bu 2.3
.\}
2 = DEBUG
.RE
@@ -156,39 +183,35 @@ If you need to see what is going on in nss_wrapper itself or try to find a bug,
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
-.sp -1
-.IP \(bu 2.3
+. sp -1
+. IP \(bu 2.3
.\}
3 = TRACE
.RE
.RE
-.PP
-\fBNSS_WRAPPER_DISABLE_DEEPBIND\fR
+.sp
+\fBNSS_WRAPPER_DISABLE_DEEPBIND\fP
.RS 4
-This allows you to disable deep binding in nss_wrapper\&. This is useful for running valgrind tools or sanitizers like (address, undefined, thread)\&.
+This allows you to disable deep binding in nss_wrapper. This is useful for
+running valgrind tools or sanitizers like (address, undefined, thread).
.RE
.SH "EXAMPLE"
.sp
-.if n \{\
-.RS 4
-.\}
+.if n .RS 4
.nf
+.fam C
$ echo "bob:x:1000:1000:bob gecos:/home/test/bob:/bin/false" > passwd
$ echo "root:x:65534:65532:root gecos:/home/test/root:/bin/false" >> passwd
$ echo "users:x:1000:" > group
$ echo "root:x:65532:" >> group
-$ LD_PRELOAD=libnss_wrapper\&.so NSS_WRAPPER_PASSWD=passwd \e
+$ LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_PASSWD=passwd \(rs
NSS_WRAPPER_GROUP=group getent passwd bob
bob:x:1000:1000:bob gecos:/home/test/bob:/bin/false
-$ LD_PRELOAD=libnss_wrapper\&.so NSS_WRAPPER_HOSTNAME=test\&.example\&.org hostname
-test\&.example\&.org
+$ LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_HOSTNAME=test.example.org hostname
+test.example.org
+.fam
.fi
-.if n \{\
-.RE
-.\}
+.if n .RE
.SH "AUTHOR"
-.PP
-\fBSamba Team\fR
-.RS 4
-Author.
-.RE
+.sp
+Samba Team
\ No newline at end of file
diff --git a/doc/nss_wrapper.1.txt b/doc/nss_wrapper.1.adoc
similarity index 92%
rename from doc/nss_wrapper.1.txt
rename to doc/nss_wrapper.1.adoc
index 85a567a..6edcb96 100644
--- a/doc/nss_wrapper.1.txt
+++ b/doc/nss_wrapper.1.adoc
@@ -46,8 +46,16 @@ ENVIRONMENT VARIABLES
*NSS_WRAPPER_GROUP*::
For user and group accounts you need to create two files: 'passwd' and 'group'.
-The format of the passwd file is described in 'man 5 passwd' and the group file
-in 'man 5 group'. So you can fill these files with made up accounts. You point
+The format of the passwd file we support is:
+
+name:password:UID:GID:GECOS:directory:shell
+
+The format of the group file we support is:
+
+group_name:password:GID:user_list
+
+They are also described in 'man passwd.5' and 'man group.5' on Linux. You can
+fill these files with made up accounts. You point
nss_wrapper to them using the two variables
NSS_WRAPPER_PASSWD=/path/to/your/passwd and
NSS_WRAPPER_GROUP=/path/to/your/group.
diff --git a/src/nss_wrapper.c b/src/nss_wrapper.c
index 4470d1c..770d0cf 100644
--- a/src/nss_wrapper.c
+++ b/src/nss_wrapper.c
@@ -2440,6 +2440,13 @@ static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line)
return false;
}
*p = '\0';
--
NSS Wrapper Repository
More information about the samba-cvs
mailing list