tizen: Add optfiles nss module

Add optfiles module that can search passwd and group (incl. shadow)
databases in tizen-specific /opt/etc/ directory.

By default passwd & shadow databases are enabled. Group membership
will be granted by security-manager.

Change-Id: Id0cc4f86c9ddd06f2a4b1032b51451fab74a9d3a

diff --git a/nss/Makefile b/nss/Makefile
index 3a9ea06..b51c5ce 100644 (file)
--- a/nss/Makefile
+++ b/nss/Makefile
@@ -48,6 +48,8 @@ have-sunrpc           := 0
 endif
 CPPFLAGS-getent.c      = -DHAVE_SUNRPC=$(have-sunrpc)
 
 endif
 CPPFLAGS-getent.c      = -DHAVE_SUNRPC=$(have-sunrpc)
 

+optdatabases           = grp pwd spwd sgrp
+

 others                  := getent makedb
 install-bin             := getent makedb
 makedb-modules = xmalloc hash-string
 others                  := getent makedb
 install-bin             := getent makedb
 makedb-modules = xmalloc hash-string


@@ -99,7 +101,7 @@ tests += tst-cancel-getpwuid_r
 endif
 
 # Specify rules for the nss_* modules.  We have some services.
 endif
 
 # Specify rules for the nss_* modules.  We have some services.

-services               := files db compat
+services               := files db compat optfiles

 
 extra-libs             = $(services:%=libnss_%)
 # These libraries will be built in the `others' pass rather than
 
 extra-libs             = $(services:%=libnss_%)
 # These libraries will be built in the `others' pass rather than


@@ -125,6 +127,9 @@ libnss_files-inhibit-o = $(filter-out .os,$(object-suffixes))
 install-lib-ldscripts = libnss_files.so
 $(inst_libdir)/libnss_files.so:
 
 install-lib-ldscripts = libnss_files.so
 $(inst_libdir)/libnss_files.so:
 

+libnss_optfiles-routines := $(addprefix optfiles-,$(optdatabases)) \
+                          optfiles-initgroups optfiles-init
+

 libnss_db-dbs          := $(addprefix db-,\
                                       $(filter-out hosts network key alias,\
                                                    $(databases))) \
 libnss_db-dbs          := $(addprefix db-,\
                                       $(filter-out hosts network key alias,\
                                                    $(databases))) \


@@ -139,6 +144,7 @@ libnss_compat-routines      := $(addprefix compat-,grp pwd spwd initgroups) \
 install-others         += $(inst_vardbdir)/Makefile
 
 # Build static module into libc if requested
 install-others         += $(inst_vardbdir)/Makefile
 
 # Build static module into libc if requested

+libnss_optfiles-inhibit-o= $(filter-out .os,$(object-suffixes))

 libnss_db-inhibit-o    = $(filter-out .os,$(object-suffixes))
 libnss_compat-inhibit-o        = $(filter-out .os,$(object-suffixes))
 ifeq ($(build-static-nss),yes)
 libnss_db-inhibit-o    = $(filter-out .os,$(object-suffixes))
 libnss_compat-inhibit-o        = $(filter-out .os,$(object-suffixes))
 ifeq ($(build-static-nss),yes)

diff --git a/nss/Versions b/nss/Versions
index e551524..90e2d0a 100644 (file)
--- a/nss/Versions
+++ b/nss/Versions
@@ -118,6 +118,36 @@ libnss_files {
   }
 }
 
   }
 }
 

+libnss_optfiles {
+  GLIBC_PRIVATE {
+    _nss_optfiles_setgrent;
+    _nss_optfiles_endgrent;
+    _nss_optfiles_getgrent_r;
+    _nss_optfiles_getgrgid_r;
+    _nss_optfiles_getgrnam_r;
+
+    _nss_optfiles_setpwent;
+    _nss_optfiles_endpwent;
+    _nss_optfiles_getpwent_r;
+    _nss_optfiles_getpwnam_r;
+    _nss_optfiles_getpwuid_r;
+
+    _nss_optfiles_setspent;
+    _nss_optfiles_endspent;
+    _nss_optfiles_getspent_r;
+    _nss_optfiles_getspnam_r;
+
+    _nss_optfiles_setsgent;
+    _nss_optfiles_endsgent;
+    _nss_optfiles_getsgent_r;
+    _nss_optfiles_getsgnam_r;
+
+    _nss_optfiles_initgroups_dyn;
+
+    _nss_optfiles_init;
+  }
+}
+

 libnss_db {
   GLIBC_PRIVATE {
     _nss_db_setetherent;
 libnss_db {
   GLIBC_PRIVATE {
     _nss_db_setetherent;

diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
index 2ed7184..64dce9b 100644 (file)
--- a/nss/nss_files/files-XXX.c
+++ b/nss/nss_files/files-XXX.c
@@ -39,7 +39,15 @@
 
 #define ENTNAME_r      CONCAT(ENTNAME,_r)
 
 
 #define ENTNAME_r      CONCAT(ENTNAME,_r)
 

-#define DATAFILE       "/etc/" DATABASE
+#ifndef DATAFILE_PREFIX_PATH
+# define DATAFILE      "/etc/" DATABASE
+#else
+# define DATAFILE      DATAFILE_PREFIX_PATH DATABASE
+#endif
+
+#ifndef NSSNAME
+# define NSSNAME files
+#endif

 
 #ifdef NEED_H_ERRNO
 # include <netdb.h>
 
 #ifdef NEED_H_ERRNO
 # include <netdb.h>


@@ -60,6 +68,9 @@
 # define EXTRA_ARGS_VALUE
 #endif
 
 # define EXTRA_ARGS_VALUE
 #endif
 

+#define CONCAT4(a,b,c,d) _CONCAT4(a,b,c,d)
+#define _CONCAT4(a,b,c,d) a##b##c##d
+

 \f
 /* Maintenance of the stream open on the database file.  For getXXent
    operations the stream needs to be held open across calls, the other
 \f
 /* Maintenance of the stream open on the database file.  For getXXent
    operations the stream needs to be held open across calls, the other


@@ -87,14 +98,14 @@ internal_setent (FILE **stream)
 
 /* Thread-safe, exported version of that.  */
 enum nss_status
 
 /* Thread-safe, exported version of that.  */
 enum nss_status

-CONCAT(_nss_files_set,ENTNAME) (int stayopen)
+CONCAT4(_nss_, NSSNAME, _set, ENTNAME) (int stayopen)

 {
   return __nss_files_data_setent (CONCAT (nss_file_, ENTNAME), DATAFILE);
 }
 libc_hidden_def (CONCAT (_nss_files_set,ENTNAME))
 
 enum nss_status
 {
   return __nss_files_data_setent (CONCAT (nss_file_, ENTNAME), DATAFILE);
 }
 libc_hidden_def (CONCAT (_nss_files_set,ENTNAME))
 
 enum nss_status

-CONCAT(_nss_files_end,ENTNAME) (void)
+CONCAT4(_nss_, NSSNAME, _end, ENTNAME) (void)

 {
   return __nss_files_data_endent (CONCAT (nss_file_, ENTNAME));
 }
 {
   return __nss_files_data_endent (CONCAT (nss_file_, ENTNAME));
 }


@@ -162,7 +173,7 @@ internal_getent (FILE *stream, struct STRUCTURE *result,
 
 /* Return the next entry from the database file, doing locking.  */
 enum nss_status
 
 /* Return the next entry from the database file, doing locking.  */
 enum nss_status

-CONCAT(_nss_files_get,ENTNAME_r) (struct STRUCTURE *result, char *buffer,
+CONCAT(_nss_, CONCAT(NSSNAME, CONCAT(_get, ENTNAME_r))) (struct STRUCTURE *result, char *buffer,

                                  size_t buflen, int *errnop H_ERRNO_PROTO)
 {
   /* Return next entry in host file.  */
                                  size_t buflen, int *errnop H_ERRNO_PROTO)
 {
   /* Return next entry in host file.  */


@@ -196,8 +207,14 @@ libc_hidden_def (CONCAT (_nss_files_get,ENTNAME_r))
    to the lookup key arguments and does `break;' if they match.  */
 
 #define DB_LOOKUP(name, db_char, keysize, keypattern, break_if_match, proto...)\
    to the lookup key arguments and does `break;' if they match.  */
 
 #define DB_LOOKUP(name, db_char, keysize, keypattern, break_if_match, proto...)\

+DB_LOOKUP_NSSNAME(NSSNAME, name, db_char, keysize, keypattern, break_if_match, proto)
+
+#define DB_LOOKUP_NSSNAME(nssname, name, db_char, keysize, keypattern, break_if_match, proto...)\
+DB_LOOKUP_NSSNAME0(nssname, name, db_char, keysize, keypattern, break_if_match, proto)
+
+#define DB_LOOKUP_NSSNAME0(nssname, name, db_char, keysize, keypattern, break_if_match, proto...)\

 enum nss_status                                                                      \
 enum nss_status                                                                      \

-_nss_files_get##name##_r (proto,                                             \
+_nss_##nssname##_get##name##_r (proto,                                       \

                          struct STRUCTURE *result, char *buffer,             \
                          size_t buflen, int *errnop H_ERRNO_PROTO)           \
 {                                                                            \
                          struct STRUCTURE *result, char *buffer,             \
                          size_t buflen, int *errnop H_ERRNO_PROTO)           \
 {                                                                            \

diff --git a/nss/nss_files/files-initgroups.c b/nss/nss_files/files-initgroups.c
index 929039a..f1715e1 100644 (file)
--- a/nss/nss_files/files-initgroups.c
+++ b/nss/nss_files/files-initgroups.c
@@ -28,12 +28,25 @@
 #include <nss.h>
 #include <nss_files.h>
 
 #include <nss.h>
 #include <nss_files.h>
 

+#ifndef DATAFILE_PREFIX_PATH
+# define DATAFILE "/etc/group"
+#else
+# define DATAFILE DATAFILE_PREFIX_PATH "group"
+#endif
+
+#ifndef NSSNAME
+# define NSSNAME files
+#endif
+
+#define CONCAT3(a,b,c) _CONCAT3(a,b,c)
+#define _CONCAT3(a,b,c) a##b##c
+

 enum nss_status
 enum nss_status

-_nss_files_initgroups_dyn (const char *user, gid_t group, long int *start,
+CONCAT3(_nss_, NSSNAME, _initgroups_dyn) (const char *user, gid_t group, long int *start,

                           long int *size, gid_t **groupsp, long int limit,
                           int *errnop)
 {
                           long int *size, gid_t **groupsp, long int limit,
                           int *errnop)
 {

-  FILE *stream = __nss_files_fopen ("/etc/group");
+  FILE *stream = fopen (DATAFILE, "rce");

   if (stream == NULL)
     {
       *errnop = errno;
   if (stream == NULL)
     {
       *errnop = errno;

diff --git a/nss/nss_optfiles/files-XXX.c b/nss/nss_optfiles/files-XXX.c
new file mode 120000 (symlink)
index 0000000..b5981ed
--- /dev/null
+++ b/nss/nss_optfiles/files-XXX.c
@@ -0,0 +1 @@
+../nss_files/files-XXX.c
\ No newline at end of file

diff --git a/nss/nss_optfiles/files-parse.c b/nss/nss_optfiles/files-parse.c
new file mode 120000 (symlink)
index 0000000..ea22fbb
--- /dev/null
+++ b/nss/nss_optfiles/files-parse.c
@@ -0,0 +1 @@
+../nss_files/files-parse.c
\ No newline at end of file

diff --git a/nss/nss_optfiles/optfiles-config.h b/nss/nss_optfiles/optfiles-config.h
new file mode 100644 (file)
index 0000000..ad5e46a
--- /dev/null
+++ b/nss/nss_optfiles/optfiles-config.h
@@ -0,0 +1,2 @@
+#define DATAFILE_PREFIX_PATH "/opt/etc/"
+#define NSSNAME optfiles

diff --git a/nss/nss_optfiles/optfiles-grp.c b/nss/nss_optfiles/optfiles-grp.c
new file mode 100644 (file)
index 0000000..c4a4782
--- /dev/null
+++ b/nss/nss_optfiles/optfiles-grp.c
@@ -0,0 +1,2 @@
+#include "optfiles-config.h"
+#include <nss/nss_files/files-grp.c>

diff --git a/nss/nss_optfiles/optfiles-init.c b/nss/nss_optfiles/optfiles-init.c
new file mode 100644 (file)
index 0000000..19da6a9
--- /dev/null
+++ b/nss/nss_optfiles/optfiles-init.c
@@ -0,0 +1,54 @@
+/* Based on ../nss_files/files-init.c
+
+   Initialization in nss_files module.
+   Copyright (C) 2011-2015 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#ifdef USE_NSCD
+
+#include <string.h>
+#include <nscd/nscd.h>
+
+
+#define TF(id, filename, ...)                                  \
+static union                                                   \
+{                                                              \
+  struct traced_file file;                                     \
+  char buf[sizeof (struct traced_file) + sizeof (filename)];   \
+} id##_traced_file =                                           \
+  {                                                            \
+    .file =                                                    \
+    {                                                          \
+      __VA_ARGS__                                              \
+    }                                                          \
+  }
+
+TF (pwd, "/opt/etc/passwd");
+TF (grp, "/opt/etc/group");
+
+void
+_nss_files_init (void (*cb) (size_t, struct traced_file *))
+{
+  strcpy (pwd_traced_file.file.fname, "/opt/etc/passwd");
+  cb (pwddb, &pwd_traced_file.file);
+
+  strcpy (grp_traced_file.file.fname, "/opt/etc/group");
+  cb (grpdb, &grp_traced_file.file);
+
+}
+
+#endif

diff --git a/nss/nss_optfiles/optfiles-initgroups.c b/nss/nss_optfiles/optfiles-initgroups.c
new file mode 100644 (file)
index 0000000..4fa6fef
--- /dev/null
+++ b/nss/nss_optfiles/optfiles-initgroups.c
@@ -0,0 +1,2 @@
+#include "optfiles-config.h"
+#include <nss/nss_files/files-initgroups.c>

diff --git a/nss/nss_optfiles/optfiles-pwd.c b/nss/nss_optfiles/optfiles-pwd.c
new file mode 100644 (file)
index 0000000..3106b83
--- /dev/null
+++ b/nss/nss_optfiles/optfiles-pwd.c
@@ -0,0 +1,2 @@
+#include "optfiles-config.h"
+#include <nss/nss_files/files-pwd.c>

diff --git a/nss/nss_optfiles/optfiles-sgrp.c b/nss/nss_optfiles/optfiles-sgrp.c
new file mode 100644 (file)
index 0000000..a7e2768
--- /dev/null
+++ b/nss/nss_optfiles/optfiles-sgrp.c
@@ -0,0 +1,2 @@
+#include "optfiles-config.h"
+#include <nss/nss_files/files-sgrp.c>

diff --git a/nss/nss_optfiles/optfiles-spwd.c b/nss/nss_optfiles/optfiles-spwd.c
new file mode 100644 (file)
index 0000000..c84911b
--- /dev/null
+++ b/nss/nss_optfiles/optfiles-spwd.c
@@ -0,0 +1,2 @@
+#include "optfiles-config.h"
+#include <nss/nss_files/files-spwd.c>

diff --git a/packaging/glibc.spec b/packaging/glibc.spec
index 0094a7f..e820f90 100644 (file)
--- a/packaging/glibc.spec
+++ b/packaging/glibc.spec
@@ -618,6 +618,8 @@ done
 /%{_lib}/libnss_dns.so.2
 /%{_lib}/libnss_files-%{glibc_major_version}.so
 /%{_lib}/libnss_files.so.2
 /%{_lib}/libnss_dns.so.2
 /%{_lib}/libnss_files-%{glibc_major_version}.so
 /%{_lib}/libnss_files.so.2

+/%{_lib}/libnss_optfiles-%{glibc_major_version}.so
+/%{_lib}/libnss_optfiles.so.2

 /%{_lib}/libnss_hesiod-%{glibc_major_version}.so
 /%{_lib}/libnss_hesiod.so.2
 /%{_lib}/libnss_nis-%{glibc_major_version}.so
 /%{_lib}/libnss_hesiod-%{glibc_major_version}.so
 /%{_lib}/libnss_hesiod.so.2
 /%{_lib}/libnss_nis-%{glibc_major_version}.so

diff --git a/packaging/nsswitch.conf b/packaging/nsswitch.conf
index 06e5a60..6e78472 100644 (file)
--- a/packaging/nsswitch.conf
+++ b/packaging/nsswitch.conf
@@ -26,8 +26,9 @@
 # shadow: files nis
 # group:  files nis
 
 # shadow: files nis
 # group:  files nis
 

-passwd: compat
+passwd: compat optfiles

 group:  securitymanager [success=continue] compat
 group:  securitymanager [success=continue] compat

+shadow: compat optfiles

 
 hosts:         files dns
 networks:      files dns
 
 hosts:         files dns
 networks:      files dns

diff --git a/shlib-versions b/shlib-versions
index b87ab50..6f84277 100644 (file)
--- a/shlib-versions
+++ b/shlib-versions
@@ -41,6 +41,7 @@ libresolv=2
 # in nss/nsswitch.h, which determines the library names used for service
 # names given in /etc/nsswitch.conf.
 libnss_files=2
 # in nss/nsswitch.h, which determines the library names used for service
 # names given in /etc/nsswitch.conf.
 libnss_files=2

+libnss_optfiles=2

 libnss_dns=2
 libnss_compat=2
 libnss_ldap=2
 libnss_dns=2
 libnss_compat=2
 libnss_ldap=2

diff --git a/sysdeps/generic/libnss_optfiles.abilist b/sysdeps/generic/libnss_optfiles.abilist
new file mode 100644 (file)
index 0000000..e69de29