From 7f74106cac6e84e8e4eae4dc5b9497bb6fe085d5 Mon Sep 17 00:00:00 2001 From: Karol Lewandowski Date: Fri, 31 Aug 2018 16:14:30 +0200 Subject: [PATCH] tizen: Add optfiles nss module Add optfiles module that can search passwd and group (incl. shadow) databases in tizen-specific /opt/etc/ directory. By default passwd & shadow databases are enabled. Group membership will be granted by security-manager. Change-Id: Id0cc4f86c9ddd06f2a4b1032b51451fab74a9d3a --- nss/Makefile | 8 ++++- nss/Versions | 30 ++++++++++++++++++ nss/nss_files/files-XXX.c | 27 ++++++++++++++--- nss/nss_files/files-initgroups.c | 17 +++++++++-- nss/nss_optfiles/files-XXX.c | 1 + nss/nss_optfiles/files-parse.c | 1 + nss/nss_optfiles/optfiles-config.h | 2 ++ nss/nss_optfiles/optfiles-grp.c | 2 ++ nss/nss_optfiles/optfiles-init.c | 54 +++++++++++++++++++++++++++++++++ nss/nss_optfiles/optfiles-initgroups.c | 2 ++ nss/nss_optfiles/optfiles-pwd.c | 2 ++ nss/nss_optfiles/optfiles-sgrp.c | 2 ++ nss/nss_optfiles/optfiles-spwd.c | 2 ++ packaging/glibc.spec | 2 ++ packaging/nsswitch.conf | 3 +- shlib-versions | 1 + sysdeps/generic/libnss_optfiles.abilist | 0 17 files changed, 147 insertions(+), 9 deletions(-) create mode 120000 nss/nss_optfiles/files-XXX.c create mode 120000 nss/nss_optfiles/files-parse.c create mode 100644 nss/nss_optfiles/optfiles-config.h create mode 100644 nss/nss_optfiles/optfiles-grp.c create mode 100644 nss/nss_optfiles/optfiles-init.c create mode 100644 nss/nss_optfiles/optfiles-initgroups.c create mode 100644 nss/nss_optfiles/optfiles-pwd.c create mode 100644 nss/nss_optfiles/optfiles-sgrp.c create mode 100644 nss/nss_optfiles/optfiles-spwd.c create mode 100644 sysdeps/generic/libnss_optfiles.abilist diff --git a/nss/Makefile b/nss/Makefile index 3a9ea06..b51c5ce 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -48,6 +48,8 @@ have-sunrpc := 0 endif CPPFLAGS-getent.c = -DHAVE_SUNRPC=$(have-sunrpc) +optdatabases = grp pwd spwd sgrp + others := getent makedb install-bin := getent makedb makedb-modules = xmalloc hash-string @@ -99,7 +101,7 @@ tests += tst-cancel-getpwuid_r endif # Specify rules for the nss_* modules. We have some services. -services := files db compat +services := files db compat optfiles extra-libs = $(services:%=libnss_%) # These libraries will be built in the `others' pass rather than @@ -125,6 +127,9 @@ libnss_files-inhibit-o = $(filter-out .os,$(object-suffixes)) install-lib-ldscripts = libnss_files.so $(inst_libdir)/libnss_files.so: +libnss_optfiles-routines := $(addprefix optfiles-,$(optdatabases)) \ + optfiles-initgroups optfiles-init + libnss_db-dbs := $(addprefix db-,\ $(filter-out hosts network key alias,\ $(databases))) \ @@ -139,6 +144,7 @@ libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) \ install-others += $(inst_vardbdir)/Makefile # Build static module into libc if requested +libnss_optfiles-inhibit-o= $(filter-out .os,$(object-suffixes)) libnss_db-inhibit-o = $(filter-out .os,$(object-suffixes)) libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) ifeq ($(build-static-nss),yes) diff --git a/nss/Versions b/nss/Versions index e551524..90e2d0a 100644 --- a/nss/Versions +++ b/nss/Versions @@ -118,6 +118,36 @@ libnss_files { } } +libnss_optfiles { + GLIBC_PRIVATE { + _nss_optfiles_setgrent; + _nss_optfiles_endgrent; + _nss_optfiles_getgrent_r; + _nss_optfiles_getgrgid_r; + _nss_optfiles_getgrnam_r; + + _nss_optfiles_setpwent; + _nss_optfiles_endpwent; + _nss_optfiles_getpwent_r; + _nss_optfiles_getpwnam_r; + _nss_optfiles_getpwuid_r; + + _nss_optfiles_setspent; + _nss_optfiles_endspent; + _nss_optfiles_getspent_r; + _nss_optfiles_getspnam_r; + + _nss_optfiles_setsgent; + _nss_optfiles_endsgent; + _nss_optfiles_getsgent_r; + _nss_optfiles_getsgnam_r; + + _nss_optfiles_initgroups_dyn; + + _nss_optfiles_init; + } +} + libnss_db { GLIBC_PRIVATE { _nss_db_setetherent; diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c index 2ed7184..64dce9b 100644 --- a/nss/nss_files/files-XXX.c +++ b/nss/nss_files/files-XXX.c @@ -39,7 +39,15 @@ #define ENTNAME_r CONCAT(ENTNAME,_r) -#define DATAFILE "/etc/" DATABASE +#ifndef DATAFILE_PREFIX_PATH +# define DATAFILE "/etc/" DATABASE +#else +# define DATAFILE DATAFILE_PREFIX_PATH DATABASE +#endif + +#ifndef NSSNAME +# define NSSNAME files +#endif #ifdef NEED_H_ERRNO # include @@ -60,6 +68,9 @@ # define EXTRA_ARGS_VALUE #endif +#define CONCAT4(a,b,c,d) _CONCAT4(a,b,c,d) +#define _CONCAT4(a,b,c,d) a##b##c##d + /* Maintenance of the stream open on the database file. For getXXent operations the stream needs to be held open across calls, the other @@ -87,14 +98,14 @@ internal_setent (FILE **stream) /* Thread-safe, exported version of that. */ enum nss_status -CONCAT(_nss_files_set,ENTNAME) (int stayopen) +CONCAT4(_nss_, NSSNAME, _set, ENTNAME) (int stayopen) { return __nss_files_data_setent (CONCAT (nss_file_, ENTNAME), DATAFILE); } libc_hidden_def (CONCAT (_nss_files_set,ENTNAME)) enum nss_status -CONCAT(_nss_files_end,ENTNAME) (void) +CONCAT4(_nss_, NSSNAME, _end, ENTNAME) (void) { return __nss_files_data_endent (CONCAT (nss_file_, ENTNAME)); } @@ -162,7 +173,7 @@ internal_getent (FILE *stream, struct STRUCTURE *result, /* Return the next entry from the database file, doing locking. */ enum nss_status -CONCAT(_nss_files_get,ENTNAME_r) (struct STRUCTURE *result, char *buffer, +CONCAT(_nss_, CONCAT(NSSNAME, CONCAT(_get, ENTNAME_r))) (struct STRUCTURE *result, char *buffer, size_t buflen, int *errnop H_ERRNO_PROTO) { /* Return next entry in host file. */ @@ -196,8 +207,14 @@ libc_hidden_def (CONCAT (_nss_files_get,ENTNAME_r)) to the lookup key arguments and does `break;' if they match. */ #define DB_LOOKUP(name, db_char, keysize, keypattern, break_if_match, proto...)\ +DB_LOOKUP_NSSNAME(NSSNAME, name, db_char, keysize, keypattern, break_if_match, proto) + +#define DB_LOOKUP_NSSNAME(nssname, name, db_char, keysize, keypattern, break_if_match, proto...)\ +DB_LOOKUP_NSSNAME0(nssname, name, db_char, keysize, keypattern, break_if_match, proto) + +#define DB_LOOKUP_NSSNAME0(nssname, name, db_char, keysize, keypattern, break_if_match, proto...)\ enum nss_status \ -_nss_files_get##name##_r (proto, \ +_nss_##nssname##_get##name##_r (proto, \ struct STRUCTURE *result, char *buffer, \ size_t buflen, int *errnop H_ERRNO_PROTO) \ { \ diff --git a/nss/nss_files/files-initgroups.c b/nss/nss_files/files-initgroups.c index 929039a..f1715e1 100644 --- a/nss/nss_files/files-initgroups.c +++ b/nss/nss_files/files-initgroups.c @@ -28,12 +28,25 @@ #include #include +#ifndef DATAFILE_PREFIX_PATH +# define DATAFILE "/etc/group" +#else +# define DATAFILE DATAFILE_PREFIX_PATH "group" +#endif + +#ifndef NSSNAME +# define NSSNAME files +#endif + +#define CONCAT3(a,b,c) _CONCAT3(a,b,c) +#define _CONCAT3(a,b,c) a##b##c + enum nss_status -_nss_files_initgroups_dyn (const char *user, gid_t group, long int *start, +CONCAT3(_nss_, NSSNAME, _initgroups_dyn) (const char *user, gid_t group, long int *start, long int *size, gid_t **groupsp, long int limit, int *errnop) { - FILE *stream = __nss_files_fopen ("/etc/group"); + FILE *stream = fopen (DATAFILE, "rce"); if (stream == NULL) { *errnop = errno; diff --git a/nss/nss_optfiles/files-XXX.c b/nss/nss_optfiles/files-XXX.c new file mode 120000 index 0000000..b5981ed --- /dev/null +++ b/nss/nss_optfiles/files-XXX.c @@ -0,0 +1 @@ +../nss_files/files-XXX.c \ No newline at end of file diff --git a/nss/nss_optfiles/files-parse.c b/nss/nss_optfiles/files-parse.c new file mode 120000 index 0000000..ea22fbb --- /dev/null +++ b/nss/nss_optfiles/files-parse.c @@ -0,0 +1 @@ +../nss_files/files-parse.c \ No newline at end of file diff --git a/nss/nss_optfiles/optfiles-config.h b/nss/nss_optfiles/optfiles-config.h new file mode 100644 index 0000000..ad5e46a --- /dev/null +++ b/nss/nss_optfiles/optfiles-config.h @@ -0,0 +1,2 @@ +#define DATAFILE_PREFIX_PATH "/opt/etc/" +#define NSSNAME optfiles diff --git a/nss/nss_optfiles/optfiles-grp.c b/nss/nss_optfiles/optfiles-grp.c new file mode 100644 index 0000000..c4a4782 --- /dev/null +++ b/nss/nss_optfiles/optfiles-grp.c @@ -0,0 +1,2 @@ +#include "optfiles-config.h" +#include diff --git a/nss/nss_optfiles/optfiles-init.c b/nss/nss_optfiles/optfiles-init.c new file mode 100644 index 0000000..19da6a9 --- /dev/null +++ b/nss/nss_optfiles/optfiles-init.c @@ -0,0 +1,54 @@ +/* Based on ../nss_files/files-init.c + + Initialization in nss_files module. + Copyright (C) 2011-2015 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifdef USE_NSCD + +#include +#include + + +#define TF(id, filename, ...) \ +static union \ +{ \ + struct traced_file file; \ + char buf[sizeof (struct traced_file) + sizeof (filename)]; \ +} id##_traced_file = \ + { \ + .file = \ + { \ + __VA_ARGS__ \ + } \ + } + +TF (pwd, "/opt/etc/passwd"); +TF (grp, "/opt/etc/group"); + +void +_nss_files_init (void (*cb) (size_t, struct traced_file *)) +{ + strcpy (pwd_traced_file.file.fname, "/opt/etc/passwd"); + cb (pwddb, &pwd_traced_file.file); + + strcpy (grp_traced_file.file.fname, "/opt/etc/group"); + cb (grpdb, &grp_traced_file.file); + +} + +#endif diff --git a/nss/nss_optfiles/optfiles-initgroups.c b/nss/nss_optfiles/optfiles-initgroups.c new file mode 100644 index 0000000..4fa6fef --- /dev/null +++ b/nss/nss_optfiles/optfiles-initgroups.c @@ -0,0 +1,2 @@ +#include "optfiles-config.h" +#include diff --git a/nss/nss_optfiles/optfiles-pwd.c b/nss/nss_optfiles/optfiles-pwd.c new file mode 100644 index 0000000..3106b83 --- /dev/null +++ b/nss/nss_optfiles/optfiles-pwd.c @@ -0,0 +1,2 @@ +#include "optfiles-config.h" +#include diff --git a/nss/nss_optfiles/optfiles-sgrp.c b/nss/nss_optfiles/optfiles-sgrp.c new file mode 100644 index 0000000..a7e2768 --- /dev/null +++ b/nss/nss_optfiles/optfiles-sgrp.c @@ -0,0 +1,2 @@ +#include "optfiles-config.h" +#include diff --git a/nss/nss_optfiles/optfiles-spwd.c b/nss/nss_optfiles/optfiles-spwd.c new file mode 100644 index 0000000..c84911b --- /dev/null +++ b/nss/nss_optfiles/optfiles-spwd.c @@ -0,0 +1,2 @@ +#include "optfiles-config.h" +#include diff --git a/packaging/glibc.spec b/packaging/glibc.spec index 0094a7f..e820f90 100644 --- a/packaging/glibc.spec +++ b/packaging/glibc.spec @@ -618,6 +618,8 @@ done /%{_lib}/libnss_dns.so.2 /%{_lib}/libnss_files-%{glibc_major_version}.so /%{_lib}/libnss_files.so.2 +/%{_lib}/libnss_optfiles-%{glibc_major_version}.so +/%{_lib}/libnss_optfiles.so.2 /%{_lib}/libnss_hesiod-%{glibc_major_version}.so /%{_lib}/libnss_hesiod.so.2 /%{_lib}/libnss_nis-%{glibc_major_version}.so diff --git a/packaging/nsswitch.conf b/packaging/nsswitch.conf index 06e5a60..6e78472 100644 --- a/packaging/nsswitch.conf +++ b/packaging/nsswitch.conf @@ -26,8 +26,9 @@ # shadow: files nis # group: files nis -passwd: compat +passwd: compat optfiles group: securitymanager [success=continue] compat +shadow: compat optfiles hosts: files dns networks: files dns diff --git a/shlib-versions b/shlib-versions index b87ab50..6f84277 100644 --- a/shlib-versions +++ b/shlib-versions @@ -41,6 +41,7 @@ libresolv=2 # in nss/nsswitch.h, which determines the library names used for service # names given in /etc/nsswitch.conf. libnss_files=2 +libnss_optfiles=2 libnss_dns=2 libnss_compat=2 libnss_ldap=2 diff --git a/sysdeps/generic/libnss_optfiles.abilist b/sysdeps/generic/libnss_optfiles.abilist new file mode 100644 index 0000000..e69de29 -- 2.7.4