Skip to content
Snippets Groups Projects
Commit 500a33ff authored by root's avatar root
Browse files

initial commit

parents
Branches
No related tags found
No related merge requests found
image: debian:buster
# Is performed before the scripts in the stages step
before_script:
- source /etc/profile
variables:
DEBEMAIL: "Pavel Vondruska <dexter.cz@gmail.com>"
# Defines stages which are to be executed
stages:
- build
# Stage "build"
run-build:
stage: build
script:
- ./make.sh
# This stage is only executed if commited to master
only:
- master
# The files which are to be made available in GitLab
artifacts:
paths:
- build/*
Description: nss_name_to_uid/gud() search also Local-Realms
--- a/nss.c
+++ b/nss.c
@@ -203,32 +203,44 @@
return NULL;
}
-static int nss_name_to_uid(char *name, uid_t *uid)
+static int nss_name_domain_to_uid(char *name, char *domain, uid_t *uid)
{
struct passwd *pw = NULL;
- char *domain;
int err = -ENOENT;
-
- domain = get_default_domain();
pw = nss_getpwnam(name, domain, &err);
- if (pw == NULL)
- goto out;
+ if (pw == NULL) return err;
*uid = pw->pw_uid;
free(pw);
- err = 0;
-out:
+ return 0;
+}
+
+static int nss_name_to_uid(char *name, uid_t *uid)
+{
+ struct conf_list *realms;
+ struct conf_list_node *r;
+ char *domain;
+ int err;
+
+ domain = get_default_domain();
+ err = nss_name_domain_to_uid(name, domain, uid);
+ if (!err) return err;
+
+ realms = get_local_realms();
+ TAILQ_FOREACH(r, &realms->fields, link) {
+ if (!nss_name_domain_to_uid(name, r->field, uid)) return 0;
+ }
+
return err;
}
-static int nss_name_to_gid(char *name, gid_t *gid)
+static int nss_name_domain_to_gid(char *name, char *domain, gid_t *gid)
{
struct group *gr = NULL;
struct group grbuf;
- char *buf, *localname, *domain;
+ char *buf, *localname;
size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
int err = -EINVAL;
- domain = get_default_domain();
localname = strip_domain(name, domain);
if (!localname)
goto out;
@@ -258,6 +270,25 @@
return err;
}
+static int nss_name_to_gid(char *name, gid_t *gid)
+{
+ char *domain;
+ int err;
+ struct conf_list *realms;
+ struct conf_list_node *r;
+
+ domain = get_default_domain();
+ err = nss_name_domain_to_gid(name, domain, gid);
+ if (!err) return 0;
+
+ realms = get_local_realms();
+ TAILQ_FOREACH(r, &realms->fields, link) {
+ if (!nss_name_domain_to_gid(name, r->field, gid)) return 0;
+ }
+
+ return err;
+}
+
static int nss_gss_princ_to_ids(char *secname, char *princ,
uid_t *uid, uid_t *gid,
extra_mapping_params **ex)
Author: Jiri Horky <jiri.horky@cesnet.cz>
Date: Mon, 23 Jul 2012 09:20:20 +0200
Description: implementation of client side Static translation method
Since the [Static] section in idmapd.conf does not distinguish between user
and group mappings we try both cases for each defined mapping. The code caches
id->name mappings in the init function
diff --git a/static.c b/static.c
index fffd458..8be87e8 100644
--- a/static.c
+++ b/static.c
@@ -40,6 +40,7 @@
#include <grp.h>
#include <errno.h>
+#include "queue.h"
#include "cfg.h"
#include "nfsidmap.h"
#include "nfsidmap_internal.h"
@@ -57,6 +58,40 @@ struct pwbuf {
char buf[1];
};
+struct grbuf {
+ struct group grbuf;
+ char buf[1];
+};
+
+struct uid_mapping {
+ LIST_ENTRY (uid_mapping) link;
+ uid_t uid;
+ char * principal;
+ char * localname;
+};
+
+struct gid_mapping {
+ LIST_ENTRY (gid_mapping) link;
+ gid_t gid;
+ char * principal;
+ char * localgroup;
+};
+
+static __inline__ u_int8_t uid_hash (uid_t uid)
+{
+ return uid % 256;
+}
+
+static __inline__ u_int8_t gid_hash (gid_t gid)
+{
+ return gid % 256;
+}
+
+//Hash tables of uid and guids to principals mappings.
+//We reuse some queue/hash functions from cfg.c.
+LIST_HEAD (uid_mappings, uid_mapping) uid_mappings[256];
+LIST_HEAD (gid_mappings, gid_mapping) gid_mappings[256];
+
static struct passwd *static_getpwnam(const char *name, const char *domain,
int *err_p)
{
@@ -75,12 +110,9 @@ static struct passwd *static_getpwnam(const char *name, const char *domain,
localname = conf_get_str("Static", (char *)name);
if (!localname) {
err = ENOENT;
- goto err;
+ goto err_free_buf;
}
- IDMAP_LOG(4, ("static_getpwnam: name '%s' mapped to '%s'\n",
- name, localname));
-
again:
err = getpwnam_r(localname, &buf->pwbuf, buf->buf, buflen, &pw);
@@ -91,12 +123,15 @@ again:
if (err == 0)
err = ENOENT;
- IDMAP_LOG(0, ("static_getpwnam: name '%s' not found\n",
- localname));
+ IDMAP_LOG(0, ("static_getpwnam: localname '%s' for '%s' not found\n",
+ localname, name));
goto err_free_buf;
}
+ IDMAP_LOG(4, ("static_getpwnam: name '%s' mapped to '%s'\n",
+ name, localname));
+
*err_p = 0;
return pw;
@@ -107,6 +142,56 @@ err:
return NULL;
}
+static struct group *static_getgrnam(const char *name, const char *domain,
+ int *err_p)
+{
+ struct group *gr;
+ struct grbuf *buf;
+ size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ char *localgroup;
+ int err;
+
+ buf = malloc(sizeof(*buf) + buflen);
+ if (!buf) {
+ err = ENOMEM;
+ goto err;
+ }
+
+ localgroup = conf_get_str("Static", (char *)name);
+ if (!localgroup) {
+ err = ENOENT;
+ goto err_free_buf;
+ }
+
+again:
+ err = getgrnam_r(localgroup, &buf->grbuf, buf->buf, buflen, &gr);
+
+ if (err == EINTR)
+ goto again;
+
+ if (!gr) {
+ if (err == 0)
+ err = ENOENT;
+
+ IDMAP_LOG(0, ("static_getgrnam: local group '%s' for '%s' not found\n",
+ localgroup, name));
+
+ goto err_free_buf;
+ }
+
+ IDMAP_LOG(4, ("static_getgrnam: group '%s' mapped to '%s'\n",
+ name, localgroup));
+
+ *err_p = 0;
+ return gr;
+
+err_free_buf:
+ free(buf);
+err:
+ *err_p = err;
+ return NULL;
+}
+
static int static_gss_princ_to_ids(char *secname, char *princ,
uid_t *uid, uid_t *gid,
extra_mapping_params **ex)
@@ -151,14 +236,173 @@ static int static_gss_princ_to_grouplist(char *secname, char *princ,
return -err;
}
+static int static_name_to_uid(char *name, uid_t *uid)
+{
+ struct passwd *pw;
+ int err;
+
+ pw = static_getpwnam(name, NULL, &err);
+
+ if (pw) {
+ *uid = pw->pw_uid;
+ free(pw);
+ }
+
+ return -err;
+}
+
+static int static_name_to_gid(char *name, gid_t *gid)
+{
+ struct group *gr;
+ int err;
+
+ gr = static_getgrnam(name, NULL, &err);
+
+ if (gr) {
+ *gid = gr->gr_gid;
+ free(gr);
+ }
+
+ return -err;
+}
+
+static int static_uid_to_name(uid_t uid, char *domain, char *name, size_t len)
+{
+ struct passwd *pw;
+ struct uid_mapping * um;
+
+ for (um = LIST_FIRST (&uid_mappings[uid_hash (uid)]); um;
+ um = LIST_NEXT (um, link)) {
+ if (um->uid == uid) {
+ strcpy(name, um->principal);
+ return 0;
+ }
+ }
+
+ return -ENOENT;
+}
+
+static int static_gid_to_name(gid_t gid, char *domain, char *name, size_t len)
+{
+ struct group *gr;
+ struct gid_mapping * gm;
+
+ for (gm = LIST_FIRST (&gid_mappings[gid_hash (gid)]); gm;
+ gm = LIST_NEXT (gm, link)) {
+ if (gm->gid == gid) {
+ strcpy(name, gm->principal);
+ return 0;
+ }
+ }
+
+ return -ENOENT;
+}
+
+/*
+ * We buffer all UID's for which static mappings is defined in advance, so the
+ * uid_to_name functions will be fast enough.
+ */
+
+static int static_init() {
+ int err;
+ uid_t uid;
+ struct conf_list * princ_list = NULL;
+ struct conf_list_node * cln, *next;
+ struct uid_mapping * unode;
+ struct gid_mapping * gnode;
+ struct passwd * pw = NULL;
+ struct group * gr = NULL;
+ unsigned int i;
+
+ //init hash_table first
+ for (i = 0; i < sizeof uid_mappings / sizeof uid_mappings[0]; i++)
+ LIST_INIT (&uid_mappings[i]);
+
+ //get all principals for which we have mappings
+ princ_list = conf_get_tag_list("Static");
+
+ if (!princ_list) {
+ return -ENOENT;
+ }
+
+ /* As we can not distinguish between mappings for users and groups, we try to
+ * resolve all mappings for both cases.
+ */
+
+ //resolve uid of localname account for all such principals and cache it
+ for (cln = TAILQ_FIRST (&princ_list->fields); cln; cln = next)
+ {
+ next = TAILQ_NEXT (cln, link);
+
+ pw = static_getpwnam(cln->field, NULL, &err);
+ if (!pw) {
+ continue;
+ }
+
+ unode = calloc (1, sizeof *unode);
+ if (!unode)
+ {
+ warnx("static_init: calloc (1, %lu) failed",
+ (unsigned long)sizeof *unode);
+ free(pw);
+ return -ENOMEM;
+ }
+ unode->uid = pw->pw_uid;
+ unode->principal = strdup(cln->field);
+
+ unode->localname = conf_get_str("Static", cln->field);
+ if (!unode->localname) {
+ free(pw);
+ return -ENOENT;
+ }
+
+ free(pw);
+
+ LIST_INSERT_HEAD (&uid_mappings[uid_hash(unode->uid)], unode, link);
+ }
+
+ //resolve gid of localgroup accounts and cache it
+ for (cln = TAILQ_FIRST (&princ_list->fields); cln; cln = next)
+ {
+ next = TAILQ_NEXT (cln, link);
+
+ gr = static_getgrnam(cln->field, NULL, &err);
+ if (!pw) {
+ continue;
+ }
+
+ gnode = calloc (1, sizeof *gnode);
+ if (!gnode)
+ {
+ warnx("static_init: calloc (1, %lu) failed",
+ (unsigned long)sizeof *gnode);
+ free(pw);
+ return -ENOMEM;
+ }
+ gnode->gid = pw->pw_uid;
+ gnode->principal = strdup(cln->field);
+
+ gnode->localgroup = conf_get_str("Static", cln->field);
+ if (!gnode->localgroup) {
+ free(pw);
+ return -ENOENT;
+ }
+
+ free(pw);
+
+ LIST_INSERT_HEAD (&gid_mappings[gid_hash(gnode->gid)], gnode, link);
+ }
+ return 0;
+}
+
struct trans_func static_trans = {
.name = "static",
- .init = NULL,
- .name_to_uid = NULL,
- .name_to_gid = NULL,
- .uid_to_name = NULL,
- .gid_to_name = NULL,
+ .init = static_init,
+ .name_to_uid = static_name_to_uid,
+ .name_to_gid = static_name_to_gid,
+ .uid_to_name = static_uid_to_name,
+ .gid_to_name = static_gid_to_name,
.princ_to_ids = static_gss_princ_to_ids,
.gss_princ_to_grouplist = static_gss_princ_to_grouplist,
};
--- a/Makefile.am
+++ b/Makefile.am
@@ -11,7 +11,7 @@
GUMS_MAPPING_LIB =
endif
lib_LTLIBRARIES = libnfsidmap.la
-pkglib_LTLIBRARIES = nsswitch.la static.la $(UMICH_LDAP_LIB) $(GUMS_MAPPING_LIB)
+pkglib_LTLIBRARIES = nsswitch.la mnsswitch.la static.la $(UMICH_LDAP_LIB) $(GUMS_MAPPING_LIB)
# Library versioning notes from:
# http://sources.redhat.com/autobook/autobook/autobook_91.html
@@ -32,6 +32,9 @@
nsswitch_la_SOURCES = nss.c
nsswitch_la_LDFLAGS = -module -avoid-version
+mnsswitch_la_SOURCES = mnss.c
+mnsswitch_la_LDFLAGS = -module -avoid-version
+
static_la_SOURCES = static.c
static_la_LDFLAGS = -module -avoid-version
--- a/Makefile.in
+++ b/Makefile.in
@@ -99,6 +99,12 @@
nsswitch_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(nsswitch_la_LDFLAGS) $(LDFLAGS) -o $@
+mnsswitch_la_LIBADD =
+am_mnsswitch_la_OBJECTS = mnss.lo
+mnsswitch_la_OBJECTS = $(am_mnsswitch_la_OBJECTS)
+mnsswitch_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(mnsswitch_la_LDFLAGS) $(LDFLAGS) -o $@
static_la_LIBADD =
am_static_la_OBJECTS = static.lo
static_la_OBJECTS = $(am_static_la_OBJECTS)
@@ -126,10 +132,10 @@
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(gums_la_SOURCES) $(libnfsidmap_la_SOURCES) \
- $(nsswitch_la_SOURCES) $(static_la_SOURCES) \
+ $(nsswitch_la_SOURCES) $(mnsswitch_la_SOURCES) $(static_la_SOURCES) \
$(umich_ldap_la_SOURCES)
DIST_SOURCES = $(gums_la_SOURCES) $(libnfsidmap_la_SOURCES) \
- $(nsswitch_la_SOURCES) $(static_la_SOURCES) \
+ $(nsswitch_la_SOURCES) $(mnsswitch_la_SOURCES) $(static_la_SOURCES) \
$(umich_ldap_la_SOURCES)
man3dir = $(mandir)/man3
man5dir = $(mandir)/man5
@@ -202,7 +208,6 @@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
@@ -248,6 +253,7 @@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -269,7 +275,7 @@
@ENABLE_GUMS_FALSE@GUMS_MAPPING_LIB =
@ENABLE_GUMS_TRUE@GUMS_MAPPING_LIB = gums.la
lib_LTLIBRARIES = libnfsidmap.la
-pkglib_LTLIBRARIES = nsswitch.la static.la $(UMICH_LDAP_LIB) $(GUMS_MAPPING_LIB)
+pkglib_LTLIBRARIES = nsswitch.la mnsswitch.la static.la $(UMICH_LDAP_LIB) $(GUMS_MAPPING_LIB)
# Library versioning notes from:
# http://sources.redhat.com/autobook/autobook/autobook_91.html
@@ -287,6 +293,8 @@
libnfsidmap_la_LIBADD = -ldl
nsswitch_la_SOURCES = nss.c
nsswitch_la_LDFLAGS = -module -avoid-version
+mnsswitch_la_SOURCES = mnss.c
+mnsswitch_la_LDFLAGS = -module -avoid-version
static_la_SOURCES = static.c
static_la_LDFLAGS = -module -avoid-version
umich_ldap_la_SOURCES = umich_ldap.c
@@ -430,6 +438,8 @@
$(libnfsidmap_la_LINK) -rpath $(libdir) $(libnfsidmap_la_OBJECTS) $(libnfsidmap_la_LIBADD) $(LIBS)
nsswitch.la: $(nsswitch_la_OBJECTS) $(nsswitch_la_DEPENDENCIES)
$(nsswitch_la_LINK) -rpath $(pkglibdir) $(nsswitch_la_OBJECTS) $(nsswitch_la_LIBADD) $(LIBS)
+mnsswitch.la: $(mnsswitch_la_OBJECTS) $(mnsswitch_la_DEPENDENCIES)
+ $(mnsswitch_la_LINK) -rpath $(pkglibdir) $(mnsswitch_la_OBJECTS) $(mnsswitch_la_LIBADD) $(LIBS)
static.la: $(static_la_OBJECTS) $(static_la_DEPENDENCIES)
$(static_la_LINK) -rpath $(pkglibdir) $(static_la_OBJECTS) $(static_la_LIBADD) $(LIBS)
umich_ldap.la: $(umich_ldap_la_OBJECTS) $(umich_ldap_la_DEPENDENCIES)
@@ -445,6 +455,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gums.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnfsidmap.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nss.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mnss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/static.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlcpy.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/umich_ldap.Plo@am__quote@
--- /dev/null
+++ b/mnss.c
@@ -0,0 +1,414 @@
+/*
+ * nss.c
+ *
+ * nsswitch idmapping functions.
+ *
+ * Copyright (c) 2004 The Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * J. Bruce Fields <bfields@umich.edu>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define _GNU_SOURCE 1
+#include <sys/types.h>
+#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <pwd.h>
+#include <grp.h>
+#include <netdb.h>
+#include <err.h>
+#include <grp.h>
+#include "nfsidmap.h"
+#include "nfsidmap_internal.h"
+#include "cfg.h"
+#include <syslog.h>
+
+#define MNSS_FILE_UID "/etc/passwd-nfs4"
+#define MNSS_FILE_GID "/etc/group-nfs4"
+
+/*
+ * Multidomain NSS Translation Methods (require nss plugin)
+ *
+ * These are all just wrappers around getpwnam and friends;
+ */
+
+static int
+adddomain(char *name, size_t len)
+{
+ char *p;
+ if(strchr(name, '@') != NULL)
+ return 0;
+
+ if((p = get_default_domain()) == NULL)
+ return 0;
+
+ if(strlen(name)+strlen(p)+2 > len) {
+ return -ERANGE;
+ }
+
+ strcat(name, "@");
+ strcat(name, p);
+ return 0;
+}
+
+static void
+stripdomain(char *name)
+{
+ char *p, *p1;
+ if((p = get_default_domain())!=NULL) {
+ p1 = strchr(name, '@');
+ if(p1 == NULL)
+ return;
+ if(strcasecmp(p1+1, p) == 0) {
+ *p1 = 0;
+ return;
+ }
+ }
+}
+
+
+static int mnss_uid_to_name(uid_t uid, char *domain, char *name, size_t len)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len_l=0;
+ int err = -ENOENT;
+
+ file = fopen(MNSS_FILE_UID, "r");
+
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len_l, file) < 1)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(u == uid) {
+ strncpy(name, buff, len);
+ err = adddomain(name,len);
+ goto out;
+ }
+ } while(!feof(file));
+
+out:
+ fclose(file);
+ free(buff);
+ return err;
+}
+
+static int mnss_gid_to_name(gid_t gid, char *domain, char *name, size_t len)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len_l=0;
+ int err=-ENOENT;
+
+ file = fopen(MNSS_FILE_GID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len_l, file) < 0)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(u == gid) {
+ strncpy(name, buff, len);
+ err = adddomain(name, len);
+ goto out;
+ }
+ } while(!feof(file));
+
+out:
+ fclose(file);
+ free(buff);
+ return err;
+
+}
+
+static int mnss_name_to_uid(char *name, uid_t *uid)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len=0;
+ int err = -ENOENT;
+
+ file = fopen(MNSS_FILE_UID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len, file) < 1)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(strchr(name, '@') == NULL) {
+ stripdomain(buff);
+ } else {
+ if(adddomain(buff, len) == -ERANGE) {
+ len = len + 2 + strlen(get_default_domain());
+ buff = realloc(buff, len);
+ if(!buff) {
+ err = -ENOMEM;
+ goto out;
+ }
+ adddomain(buff, len);
+ }
+ }
+ if(strcmp(name, buff) == 0) {
+ *uid = u;
+ err = 0;
+ goto out;
+ }
+ } while(!feof(file));
+
+out:
+ fclose(file);
+ free(buff);
+ return err;
+}
+
+static int find_gid(char *name, gid_t *gid)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len=0;
+ int err = -ENOENT;
+
+ file = fopen(MNSS_FILE_UID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len, file) < 1)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(strchr(name, '@') == NULL)
+ stripdomain(buff);
+ else {
+ if(adddomain(buff, len) == -ERANGE) {
+ len = len + 2 + strlen(get_default_domain());
+ buff = realloc(buff, len);
+ if(!buff) {
+ err = -ENOMEM;
+ goto out;
+ }
+ adddomain(buff, len);
+ }
+ }
+ if(strcmp(name, buff) == 0) {
+ *gid = u;
+ err = 0;
+ goto out;
+ }
+ } while(!feof(file));
+ IDMAP_LOG(1, ("No group found for user %s in " MNSS_FILE_UID "\n", name));
+out:
+ fclose(file);
+ free(buff);
+ return err;
+
+}
+
+static int mnss_name_to_gid(char *name, gid_t *gid)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len=0;
+ int err = -ENOENT;
+
+ file = fopen(MNSS_FILE_GID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len, file) < 1)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(strchr(name, '@') == NULL)
+ stripdomain(buff);
+ else {
+ if(adddomain(buff, len) == -ERANGE) {
+ len = len + 2 + strlen(get_default_domain());
+ buff = realloc(buff, len);
+ if(!buff) {
+ err = -ENOMEM;
+ goto out;
+ }
+ adddomain(buff, len);
+ }
+ }
+ if(strcmp(name, buff) == 0) {
+ *gid = u;
+ err = 0;
+ goto out;
+ } else {
+ IDMAP_LOG(3, ("No match between %s and %s in " MNSS_FILE_GID "\n", name, buff));
+ }
+ } while(!feof(file));
+ IDMAP_LOG(1, ("No GID found for group %s in " MNSS_FILE_GID "\n", name));
+out:
+ fclose(file);
+ free(buff);
+ return err;
+}
+
+static int mnss_gss_princ_to_ids(char *secname, char *princ,
+ uid_t *uid, uid_t *gid)
+{
+ struct passwd *pw;
+ int err = 0;
+
+ if (strcmp(secname, "krb5") != 0 && strcmp(secname, "spkm3") != 0)
+ return -EINVAL;
+ if(mnss_name_to_uid(princ, uid)==-ENOENT)
+ return -ENOENT;
+ return find_gid(princ, gid);
+}
+
+static int mnss_gss_princ_to_grouplist(char *secname, char *princ,
+ gid_t *groups, int *ngroups)
+{
+ int gid;
+ FILE *file;
+ char *buffer, *p, *tok, *p1;
+ int idx=0;
+ size_t len=0;
+
+ if (strcmp(secname, "krb5") != 0 && strcmp(secname, "spkm3") != 0)
+ return -EINVAL;
+
+ if(find_gid(princ, &gid)==-ENOENT)
+ return -ENOENT;
+
+ if(*ngroups < 1)
+ return -ERANGE;
+
+ file = fopen(MNSS_FILE_GID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buffer, &len, file) < 1)
+ break;
+ p = strchr(buffer, ':');
+ if(p == NULL)
+ continue;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ gid = atoi(p+1);
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ p++;
+ while((p1 = strtok_r(p, ", \t:\n", &tok))) {
+ p = NULL;
+ if(strcmp(p1, princ)) {
+ if(idx >= *ngroups) {
+ fclose(file);
+ free(buffer);
+ return -ERANGE;
+ } else {
+ groups[idx++] = gid;
+ break;
+ }
+ }
+ }
+ } while(!feof(file));
+ fclose(file);
+ free(buffer);
+ *ngroups = idx;
+ return idx;
+}
+
+
+struct trans_func mnss_trans = {
+ .name = "mnsswitch",
+ .init = NULL,
+ .princ_to_ids = mnss_gss_princ_to_ids,
+ .name_to_uid = mnss_name_to_uid,
+ .name_to_gid = mnss_name_to_gid,
+ .uid_to_name = mnss_uid_to_name,
+ .gid_to_name = mnss_gid_to_name,
+ .gss_princ_to_grouplist = mnss_gss_princ_to_grouplist,
+};
+
+struct trans_func *libnfsidmap_plugin_init()
+{
+ return (&mnss_trans);
+}
--- a/mnss.c
+++ b/mnss.c
@@ -348,6 +348,7 @@
char *buffer, *p, *tok, *p1;
int idx=0;
size_t len=0;
+ char *tmp_princ=princ;
if (strcmp(secname, "krb5") != 0 && strcmp(secname, "spkm3") != 0)
return -EINVAL;
@@ -362,6 +363,9 @@
if(!file)
return -ENOENT;
+ if(strncmp(princ, "nfs/", 4)==0)
+ tmp_princ = &princ[4];
+
do {
if(getline(&buffer, &len, file) < 1)
break;
@@ -378,7 +382,7 @@
p++;
while((p1 = strtok_r(p, ", \t:\n", &tok))) {
p = NULL;
- if(strcmp(p1, princ)) {
+ if(strcmp(p1, tmp_princ)==0) {
if(idx >= *ngroups) {
fclose(file);
free(buffer);
--- a/mnss.c
+++ b/mnss.c
@@ -126,7 +126,7 @@
goto out;
}
} while(!feof(file));
-
+ IDMAP_LOG(1, ("Name for uid %d not found in " MNSS_FILE_UID "\n", uid));
out:
fclose(file);
free(buff);
@@ -163,7 +163,7 @@
goto out;
}
} while(!feof(file));
-
+ IDMAP_LOG(1, ("Name for gid %d not found in " MNSS_FILE_GID "\n", gid));
out:
fclose(file);
free(buff);
@@ -211,10 +211,11 @@
if(strcmp(name, buff) == 0) {
*uid = u;
err = 0;
+ IDMAP_LOG(3, ("Match %s vs %s in " MNSS_FILE_UID "\n", name, buff));
goto out;
}
} while(!feof(file));
-
+ IDMAP_LOG(1, ("Uid for name %s not found in " MNSS_FILE_UID "\n", name));
out:
fclose(file);
free(buff);
01-661215-wrong-double-ldap-check.patch
02-idmapd.conf.5.patch
10-DU-nss_name-local_realms.patch
20-DU-static-translation.patch
30-DU-mnsswitch.patch
40-DU-mnssfix.patch
50-DU-mnsslog.patch
make.sh 0 → 100755
#!/bin/bash -x
cat > /etc/apt/sources.list << EOSOURCES
deb http://ftp.zcu.cz/pub/linux/debian buster main contrib non-free
deb http://ftp.zcu.cz/pub/linux/debian buster-updates main contrib non-free
deb http://ftp.zcu.cz/pub/linux/debian-security buster/updates main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian buster main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian buster-updates main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian-security buster/updates main contrib non-free
EOSOURCES
apt update -qqq
apt install devscripts dpkg-dev --no-install-recommends -qqq -y
apt build-dep libnfsidmap2 --no-install-recommends -qqq -y
apt source libnfsidmap2
cd libnfsidmap-0.25
cp -rv ../debian/* debian/patches
dch -l "+du" "fixed mnss.c"
dch -a "Added mnsswitch patch"
dch -a "Implementation of client side Static translation method"
dch -a "nss_name_to_uid/gid() search also Local-Realms"
dpkg-buildpackage -uc -us -b
cd ..
mkdir build
mv *.deb build/
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment