diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2021-09-09 19:58:12 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska@appnovation.com> | 2021-09-09 19:58:12 +0000 |
| commit | 6fdb4834cdb5557d9bd7562f61984da8bd0d9c80 (patch) | |
| tree | c9ac0c6bc512beed2e550b9aba09eb2af090e6a7 /doc | |
| parent | 1f213b642deb1d8e6139d2b7daac8f639c8717e7 (diff) | |
| download | nsss-6fdb4834cdb5557d9bd7562f61984da8bd0d9c80.tar.xz | |
Prepare for 0.2.0.0, lots of changes.
- Make _r functions completely thread-safe.
- Save a lot of forking by having a persistent nsss_switch_query
- Introduce a timeout to make the server expire
- Start writing nsss-switch, not working yet.
Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/index.html | 3 | ||||
| -rw-r--r-- | doc/libnsssd/index.html | 8 | ||||
| -rw-r--r-- | doc/nsssd-switch.html | 105 | ||||
| -rw-r--r-- | doc/upgrade.html | 3 |
4 files changed, 113 insertions, 6 deletions
diff --git a/doc/index.html b/doc/index.html index 6af20c4..c774b03 100644 --- a/doc/index.html +++ b/doc/index.html @@ -100,7 +100,7 @@ for <a href="//skarnet.org/software/s6/s6-ipcserver">s6-ipcserver</a>). </li> <h3> Download </h3> <ul> - <li> The current released version of nsss is <a href="nsss-0.1.0.2.tar.gz">0.1.0.2</a>. </li> + <li> The current released version of nsss is <a href="nsss-0.2.0.0.tar.gz">0.2.0.0</a>. </li> <li> Alternatively, you can checkout a copy of the <a href="//git.skarnet.org/cgi-bin/cgit.cgi/nsss/">nsss git repository</a>: @@ -143,6 +143,7 @@ backend to the name service. <ul> <li> The <a href="nsssd-unix.html"><tt>nsssd-unix</tt></a> program </li> <li> The <a href="nsssd-nslcd.html"><tt>nsssd-nslcd</tt></a> program </li> + <li> The <a href="nsssd-switch.html"><tt>nsssd-switch</tt></a> program </li> </ul> <p> diff --git a/doc/libnsssd/index.html b/doc/libnsssd/index.html index 4cbff45..7e0cd82 100644 --- a/doc/libnsssd/index.html +++ b/doc/libnsssd/index.html @@ -57,8 +57,8 @@ the name of your program to the PROG variable. Example: <li> Your <tt>main()</tt> function can parse options and take command line arguments as it sees fit. But once it's done parsing options, give control to the <tt>nsssd_main()</tt> -function, using your <em>argv</em> and <em>envp</em> as -arguments: <tt>return nsssd_main(argv, envp);</tt> </li> +function, using your <em>argv</em> as an argument: +<tt>return nsssd_main(argv);</tt> </li> </ul> <p> @@ -74,10 +74,10 @@ backend; the pointer to your handle will be passed to every subsequent function. The function must not return NULL. </p> -<h4><code>int nsssd_handle_start (void *handle, char const *const *argv, char const *const *envp)</code></h4> +<h4><code>int nsssd_handle_start (void *handle, char const *const *argv)</code></h4> <p> This function must <em>initialize the handle</em>. The arguments -it receives are the <em>argv</em> and <em>envp</em> that have been +it takes are a pointer to the handle and the <em>argv</em> that has been passed to <tt>nsssd_main()</tt>. This allows you to write daemons that can be somewhat configured via the command line: it is how <a href="../nsssd-nslcd.html">nsssd-nslcd</a> takes an argument diff --git a/doc/nsssd-switch.html b/doc/nsssd-switch.html new file mode 100644 index 0000000..9f5672c --- /dev/null +++ b/doc/nsssd-switch.html @@ -0,0 +1,105 @@ +<html> + <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <meta http-equiv="Content-Language" content="en" /> + <title>nsss: the nsssd-switch program</title> + <meta name="Description" content="nsss: the nsssd-switch program" /> + <meta name="Keywords" content="nsss name service switch nsssd unix daemon service nsssd-switch" /> + <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> --> + </head> +<body> + +<p> +<a href="index.html">nsss</a><br /> +<a href="//skarnet.org/software/">Software</a><br /> +<a href="//skarnet.org/">skarnet.org</a> +</p> + +<h1> The nsssd-switch program </h1> + +<p> +<tt>nsssd-switch</tt> is a daemon providing a backend for clients using the +<a href="libnsss/">nsss library</a> - more precisely, clients using +the <a href="libnsss/nsss-all.html">nsss-all</a> or +the <a href="libnsss/nsss-switch.html">nsss-switch</a> functions. +</p> + +<p> + The <tt>nsssd-switch</tt> backend is the real point of the <a href="index.html">nsss</a> +package: it allows a complex configuration using different other backends, +similarly to the <a href="nsswitch.html">/etc/nsswitch.conf</a> mechanism +but without its drawbacks. It accomplishes this by reading its backend +configuration on the command line. +</p> + +<h2> Interface </h2> + +<pre> + s6-ipcserver -l0 /run/service/nsssd/s nsssd-switch <em>bitfield1</em> <em>backend1...</em> "" <em>bitfield2</em> <em>backend2...</em> "" ... +</pre> + +<p> + or, in an <a href="//skarnet.org/software/execline/">execline</a> script: +</p> + +<pre> + s6-ipcserver -l0 /run/service/nsssd/s + nsssd-switch + <em>bitfield1</em> { <em>backend1...</em> } + <em>bitfield2</em> { <em>backend2...</em> } + ... +</pre> + +<ul> + <li> <tt>nsssd-switch</tt> +</ul> + + +<h2> Notes </h2> + +<p> + nsssd-switch is not meant to be called directly; instead, it is expected to be run from +a script as a part of a "nsssd" +<a href="//skarnet.org/software/s6/localservice.html">local service</a>. +</p> + +<p> + The <tt>examples/</tt> subdirectory of the nsss package provides examples +on how to run such a service. + The simplest way to do so, for testing purposes, is a command line such as: +</p> +<pre>s6-ipcserver -l0 /run/service/nsssd/s nsssd-switch 0 nsssd-unix "" </pre> + +<p> +<tt>/run/service/nsssd/s</tt> is the default place where nsss's +implementation of the <tt>pwd.h</tt>, <tt>grp.h</tt> and <tt>shadow.h</tt> +functions expects the nsssd +service to be. It can be changed at nsss build time by giving the +<tt>--with-nsssd-socket=PATH</tt> option to configure. +</p> + +<p> + nsssd-switch does not listen to the socket itself: it reads from its +standard input and writes to its standard output. It relies +on a superserver such as +<a href="//skarnet.org/software/s6/s6-ipcserver.html">s6-ipcserver</a> +to manage connections to the socket. An instance of nsssd-switch is run +for every client connection. +</p> + +<p> + If fine-grained authorizations are required (only allowing +certain users and groups to connect to the service), the superserver +can be configured to enforce them. +</p> + +<p> + nsssd-switch does not need to run as root, provided it has all the +permissions needed by the backends it spawns. +It is recommended to create a <em>nsss</em> user and group, dedicated to +the nsssd service, and run the superserver as this user and group. +</p> + +</body> +</html> diff --git a/doc/upgrade.html b/doc/upgrade.html index fa22bcb..d580203 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -18,13 +18,14 @@ <h1> What has changed in nsss </h1> -<h2> In 0.1.0.2 </h2> +<h2> In 0.2.0.0 </h2> <ul> <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> dependency bumped to 2.11.0.0. </li> <li> <a href="//skarnet.org/software/s6/">s6</a> optional dependency bumped to 2.11.0.0. </li> + <li> New binary: <a href="nsssd-switch.html">nsssd-switch</a>. </li> </ul> <h2> In 0.1.0.1 </h2> |