Select Git revision
-
David Sehnal authoredDavid Sehnal authored
30-DU-mnsswitch.patch 12.77 KiB
--- a/Makefile.am
+++ b/Makefile.am
@@ -11,7 +11,7 @@
GUMS_MAPPING_LIB =
endif
lib_LTLIBRARIES = libnfsidmap.la
-pkglib_LTLIBRARIES = nsswitch.la static.la $(UMICH_LDAP_LIB) $(GUMS_MAPPING_LIB)
+pkglib_LTLIBRARIES = nsswitch.la mnsswitch.la static.la $(UMICH_LDAP_LIB) $(GUMS_MAPPING_LIB)
# Library versioning notes from:
# http://sources.redhat.com/autobook/autobook/autobook_91.html
@@ -32,6 +32,9 @@
nsswitch_la_SOURCES = nss.c
nsswitch_la_LDFLAGS = -module -avoid-version
+mnsswitch_la_SOURCES = mnss.c
+mnsswitch_la_LDFLAGS = -module -avoid-version
+
static_la_SOURCES = static.c
static_la_LDFLAGS = -module -avoid-version
--- a/Makefile.in
+++ b/Makefile.in
@@ -99,6 +99,12 @@
nsswitch_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(nsswitch_la_LDFLAGS) $(LDFLAGS) -o $@
+mnsswitch_la_LIBADD =
+am_mnsswitch_la_OBJECTS = mnss.lo
+mnsswitch_la_OBJECTS = $(am_mnsswitch_la_OBJECTS)
+mnsswitch_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(mnsswitch_la_LDFLAGS) $(LDFLAGS) -o $@
static_la_LIBADD =
am_static_la_OBJECTS = static.lo
static_la_OBJECTS = $(am_static_la_OBJECTS)
@@ -126,10 +132,10 @@
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(gums_la_SOURCES) $(libnfsidmap_la_SOURCES) \
- $(nsswitch_la_SOURCES) $(static_la_SOURCES) \
+ $(nsswitch_la_SOURCES) $(mnsswitch_la_SOURCES) $(static_la_SOURCES) \
$(umich_ldap_la_SOURCES)
DIST_SOURCES = $(gums_la_SOURCES) $(libnfsidmap_la_SOURCES) \
- $(nsswitch_la_SOURCES) $(static_la_SOURCES) \
+ $(nsswitch_la_SOURCES) $(mnsswitch_la_SOURCES) $(static_la_SOURCES) \
$(umich_ldap_la_SOURCES)
man3dir = $(mandir)/man3
man5dir = $(mandir)/man5
@@ -202,7 +208,6 @@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
@@ -248,6 +253,7 @@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -269,7 +275,7 @@
@ENABLE_GUMS_FALSE@GUMS_MAPPING_LIB =
@ENABLE_GUMS_TRUE@GUMS_MAPPING_LIB = gums.la
lib_LTLIBRARIES = libnfsidmap.la
-pkglib_LTLIBRARIES = nsswitch.la static.la $(UMICH_LDAP_LIB) $(GUMS_MAPPING_LIB)+pkglib_LTLIBRARIES = nsswitch.la mnsswitch.la static.la $(UMICH_LDAP_LIB) $(GUMS_MAPPING_LIB)
# Library versioning notes from:
# http://sources.redhat.com/autobook/autobook/autobook_91.html
@@ -287,6 +293,8 @@
libnfsidmap_la_LIBADD = -ldl
nsswitch_la_SOURCES = nss.c
nsswitch_la_LDFLAGS = -module -avoid-version
+mnsswitch_la_SOURCES = mnss.c
+mnsswitch_la_LDFLAGS = -module -avoid-version
static_la_SOURCES = static.c
static_la_LDFLAGS = -module -avoid-version
umich_ldap_la_SOURCES = umich_ldap.c
@@ -430,6 +438,8 @@
$(libnfsidmap_la_LINK) -rpath $(libdir) $(libnfsidmap_la_OBJECTS) $(libnfsidmap_la_LIBADD) $(LIBS)
nsswitch.la: $(nsswitch_la_OBJECTS) $(nsswitch_la_DEPENDENCIES)
$(nsswitch_la_LINK) -rpath $(pkglibdir) $(nsswitch_la_OBJECTS) $(nsswitch_la_LIBADD) $(LIBS)
+mnsswitch.la: $(mnsswitch_la_OBJECTS) $(mnsswitch_la_DEPENDENCIES)
+ $(mnsswitch_la_LINK) -rpath $(pkglibdir) $(mnsswitch_la_OBJECTS) $(mnsswitch_la_LIBADD) $(LIBS)
static.la: $(static_la_OBJECTS) $(static_la_DEPENDENCIES)
$(static_la_LINK) -rpath $(pkglibdir) $(static_la_OBJECTS) $(static_la_LIBADD) $(LIBS)
umich_ldap.la: $(umich_ldap_la_OBJECTS) $(umich_ldap_la_DEPENDENCIES)
@@ -445,6 +455,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gums.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnfsidmap.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nss.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mnss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/static.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlcpy.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/umich_ldap.Plo@am__quote@
--- /dev/null
+++ b/mnss.c
@@ -0,0 +1,414 @@
+/*
+ * nss.c
+ *
+ * nsswitch idmapping functions.
+ *
+ * Copyright (c) 2004 The Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * J. Bruce Fields <bfields@umich.edu>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define _GNU_SOURCE 1+#include <sys/types.h>
+#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <pwd.h>
+#include <grp.h>
+#include <netdb.h>
+#include <err.h>
+#include <grp.h>
+#include "nfsidmap.h"
+#include "nfsidmap_internal.h"
+#include "cfg.h"
+#include <syslog.h>
+
+#define MNSS_FILE_UID "/etc/passwd-nfs4"
+#define MNSS_FILE_GID "/etc/group-nfs4"
+
+/*
+ * Multidomain NSS Translation Methods (require nss plugin)
+ *
+ * These are all just wrappers around getpwnam and friends;
+ */
+
+static int
+adddomain(char *name, size_t len)
+{
+ char *p;
+ if(strchr(name, '@') != NULL)
+ return 0;
+
+ if((p = get_default_domain()) == NULL)
+ return 0;
+
+ if(strlen(name)+strlen(p)+2 > len) {
+ return -ERANGE;
+ }
+
+ strcat(name, "@");
+ strcat(name, p);
+ return 0;
+}
+
+static void
+stripdomain(char *name)
+{
+ char *p, *p1;
+ if((p = get_default_domain())!=NULL) {
+ p1 = strchr(name, '@');
+ if(p1 == NULL)
+ return;
+ if(strcasecmp(p1+1, p) == 0) {
+ *p1 = 0;
+ return;
+ }
+ }
+}
+
+
+static int mnss_uid_to_name(uid_t uid, char *domain, char *name, size_t len)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len_l=0;
+ int err = -ENOENT;
+
+ file = fopen(MNSS_FILE_UID, "r");+
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len_l, file) < 1)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(u == uid) {
+ strncpy(name, buff, len);
+ err = adddomain(name,len);
+ goto out;
+ }
+ } while(!feof(file));
+
+out:
+ fclose(file);
+ free(buff);
+ return err;
+}
+
+static int mnss_gid_to_name(gid_t gid, char *domain, char *name, size_t len)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len_l=0;
+ int err=-ENOENT;
+
+ file = fopen(MNSS_FILE_GID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len_l, file) < 0)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(u == gid) {
+ strncpy(name, buff, len);
+ err = adddomain(name, len);
+ goto out;
+ }
+ } while(!feof(file));
+
+out:
+ fclose(file);
+ free(buff);
+ return err;
+
+}
+
+static int mnss_name_to_uid(char *name, uid_t *uid)
+{
+ FILE *file;
+ char *buff=NULL;+ char *p;
+ int u;
+ size_t len=0;
+ int err = -ENOENT;
+
+ file = fopen(MNSS_FILE_UID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len, file) < 1)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(strchr(name, '@') == NULL) {
+ stripdomain(buff);
+ } else {
+ if(adddomain(buff, len) == -ERANGE) {
+ len = len + 2 + strlen(get_default_domain());
+ buff = realloc(buff, len);
+ if(!buff) {
+ err = -ENOMEM;
+ goto out;
+ }
+ adddomain(buff, len);
+ }
+ }
+ if(strcmp(name, buff) == 0) {
+ *uid = u;
+ err = 0;
+ goto out;
+ }
+ } while(!feof(file));
+
+out:
+ fclose(file);
+ free(buff);
+ return err;
+}
+
+static int find_gid(char *name, gid_t *gid)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len=0;
+ int err = -ENOENT;
+
+ file = fopen(MNSS_FILE_UID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len, file) < 1)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ p = strchr(p+1, ':');+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(strchr(name, '@') == NULL)
+ stripdomain(buff);
+ else {
+ if(adddomain(buff, len) == -ERANGE) {
+ len = len + 2 + strlen(get_default_domain());
+ buff = realloc(buff, len);
+ if(!buff) {
+ err = -ENOMEM;
+ goto out;
+ }
+ adddomain(buff, len);
+ }
+ }
+ if(strcmp(name, buff) == 0) {
+ *gid = u;
+ err = 0;
+ goto out;
+ }
+ } while(!feof(file));
+ IDMAP_LOG(1, ("No group found for user %s in " MNSS_FILE_UID "\n", name));
+out:
+ fclose(file);
+ free(buff);
+ return err;
+
+}
+
+static int mnss_name_to_gid(char *name, gid_t *gid)
+{
+ FILE *file;
+ char *buff=NULL;
+ char *p;
+ int u;
+ size_t len=0;
+ int err = -ENOENT;
+
+ file = fopen(MNSS_FILE_GID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buff, &len, file) < 1)
+ break;
+ p = strchr(buff, ':');
+ if(p == NULL)
+ continue;
+ *p = 0;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ u = atoi(p+1);
+ if(strchr(name, '@') == NULL)
+ stripdomain(buff);
+ else {
+ if(adddomain(buff, len) == -ERANGE) {
+ len = len + 2 + strlen(get_default_domain());
+ buff = realloc(buff, len);
+ if(!buff) {
+ err = -ENOMEM;
+ goto out;
+ }
+ adddomain(buff, len);
+ }
+ }
+ if(strcmp(name, buff) == 0) {
+ *gid = u;
+ err = 0;+ goto out;
+ } else {
+ IDMAP_LOG(3, ("No match between %s and %s in " MNSS_FILE_GID "\n", name, buff));
+ }
+ } while(!feof(file));
+ IDMAP_LOG(1, ("No GID found for group %s in " MNSS_FILE_GID "\n", name));
+out:
+ fclose(file);
+ free(buff);
+ return err;
+}
+
+static int mnss_gss_princ_to_ids(char *secname, char *princ,
+ uid_t *uid, uid_t *gid)
+{
+ struct passwd *pw;
+ int err = 0;
+
+ if (strcmp(secname, "krb5") != 0 && strcmp(secname, "spkm3") != 0)
+ return -EINVAL;
+ if(mnss_name_to_uid(princ, uid)==-ENOENT)
+ return -ENOENT;
+ return find_gid(princ, gid);
+}
+
+static int mnss_gss_princ_to_grouplist(char *secname, char *princ,
+ gid_t *groups, int *ngroups)
+{
+ int gid;
+ FILE *file;
+ char *buffer, *p, *tok, *p1;
+ int idx=0;
+ size_t len=0;
+
+ if (strcmp(secname, "krb5") != 0 && strcmp(secname, "spkm3") != 0)
+ return -EINVAL;
+
+ if(find_gid(princ, &gid)==-ENOENT)
+ return -ENOENT;
+
+ if(*ngroups < 1)
+ return -ERANGE;
+
+ file = fopen(MNSS_FILE_GID, "r");
+ if(!file)
+ return -ENOENT;
+
+ do {
+ if(getline(&buffer, &len, file) < 1)
+ break;
+ p = strchr(buffer, ':');
+ if(p == NULL)
+ continue;
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ gid = atoi(p+1);
+ p = strchr(p+1, ':');
+ if(p == NULL)
+ continue;
+ p++;
+ while((p1 = strtok_r(p, ", \t:\n", &tok))) {
+ p = NULL;
+ if(strcmp(p1, princ)) {
+ if(idx >= *ngroups) {
+ fclose(file);
+ free(buffer);
+ return -ERANGE;
+ } else {
+ groups[idx++] = gid;+ break;
+ }
+ }
+ }
+ } while(!feof(file));
+ fclose(file);
+ free(buffer);
+ *ngroups = idx;
+ return idx;
+}
+
+
+struct trans_func mnss_trans = {
+ .name = "mnsswitch",
+ .init = NULL,
+ .princ_to_ids = mnss_gss_princ_to_ids,
+ .name_to_uid = mnss_name_to_uid,
+ .name_to_gid = mnss_name_to_gid,
+ .uid_to_name = mnss_uid_to_name,
+ .gid_to_name = mnss_gid_to_name,
+ .gss_princ_to_grouplist = mnss_gss_princ_to_grouplist,
+};
+
+struct trans_func *libnfsidmap_plugin_init()
+{
+ return (&mnss_trans);
+}