From df065a2ef3e40f7c002e286b2a45811a7227776a Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Fri, 10 Sep 2021 21:47:32 +0000 Subject: Implement a real nsssd-switch, with a test Signed-off-by: Laurent Bercot --- .gitignore | 1 + package/deps.mak | 3 + package/targets.mak | 1 + src/nsssd/nsssd-switch.c | 315 ++++++++++++++++++++++++++--------- src/tests/deps-exe/test-nsssd-switch | 1 + src/tests/test-nsssd-switch.baseline | 1 + src/tests/test-nsssd-switch.c | 1 + src/tests/test-nsssd-switch.wrapper | 21 +++ 8 files changed, 268 insertions(+), 76 deletions(-) create mode 120000 src/tests/deps-exe/test-nsssd-switch create mode 120000 src/tests/test-nsssd-switch.baseline create mode 120000 src/tests/test-nsssd-switch.c create mode 100755 src/tests/test-nsssd-switch.wrapper diff --git a/.gitignore b/.gitignore index 4fb2d9b..94f63b1 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /nsssd-nslcd /nsssd-switch /test-* +/.test-* diff --git a/package/deps.mak b/package/deps.mak index bde2f68..9d01146 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -155,6 +155,7 @@ src/nsssd/nsssd-unix.o src/nsssd/nsssd-unix.lo: src/nsssd/nsssd-unix.c src/inclu src/nsssd/nsssd_convert.o src/nsssd/nsssd_convert.lo: src/nsssd/nsssd_convert.c src/include/nsss/grp-def.h src/include/nsss/nsssd.h src/include/nsss/pwd-def.h src/include/nsss/shadow-def.h src/nsssd/nsssd_main.o src/nsssd/nsssd_main.lo: src/nsssd/nsssd_main.c src/include/nsss/grp-def.h src/include/nsss/nsss-switch.h src/include/nsss/nsssd.h src/include/nsss/pwd-def.h src/include/nsss/shadow-def.h src/tests/test-all-fallback.o src/tests/test-all-fallback.lo: src/tests/test-all-fallback.c src/include/nsss/grp-def.h src/include/nsss/nsss-all.h src/include/nsss/pwd-def.h +src/tests/test-nsssd-switch.o src/tests/test-nsssd-switch.lo: src/tests/test-nsssd-switch.c src/include/nsss/grp-def.h src/include/nsss/nsss-switch.h src/include/nsss/pwd-def.h src/tests/test-switch.o src/tests/test-switch.lo: src/tests/test-switch.c src/include/nsss/grp-def.h src/include/nsss/nsss-switch.h src/include/nsss/pwd-def.h src/tests/test-unix.o src/tests/test-unix.lo: src/tests/test-unix.c src/include/nsss/grp-def.h src/include/nsss/nsss-unix.h src/include/nsss/pwd-def.h @@ -180,6 +181,8 @@ nsssd-unix: EXTRA_LIBS := -lskarnet nsssd-unix: src/nsssd/nsssd-unix.o ${LIBNSSSD} ${LIBNSSS} test-all-fallback: EXTRA_LIBS := -lskarnet ${SOCKET_LIB} ${SYSCLOCK_LIB} test-all-fallback: src/tests/test-all-fallback.o ${LIBNSSS} +test-nsssd-switch: EXTRA_LIBS := -lskarnet ${SOCKET_LIB} ${SYSCLOCK_LIB} +test-nsssd-switch: src/tests/test-nsssd-switch.o ${LIBNSSS} test-switch: EXTRA_LIBS := -lskarnet ${SOCKET_LIB} ${SYSCLOCK_LIB} test-switch: src/tests/test-switch.o ${LIBNSSS} test-unix: EXTRA_LIBS := -lskarnet diff --git a/package/targets.mak b/package/targets.mak index 653db32..06d3672 100644 --- a/package/targets.mak +++ b/package/targets.mak @@ -8,6 +8,7 @@ LIBEXEC_TARGETS := TEST_BINS := \ test-switch \ test-unix \ +test-nsssd-switch \ test-all-fallback LIB_DEFS := NSSS=nsss NSSSD=nsssd diff --git a/src/nsssd/nsssd-switch.c b/src/nsssd/nsssd-switch.c index 91eb1ce..4906728 100644 --- a/src/nsssd/nsssd-switch.c +++ b/src/nsssd/nsssd-switch.c @@ -2,23 +2,27 @@ #include #include +#include #include #include #include #include #include +#include +#include #include #include -#include -#define USAGE "nsssd-switch flag1 backend1... \"\" flag2 backend2... \"\"" +#define USAGE "nsssd-switch bitfield1 backend1... \"\" bitfield2 backend2... \"\"" #define dieusage() strerr_dieusage(100, USAGE) #define MAX_BACKENDS 16 static tain tto = TAIN_INFINITE_RELATIVE ; +static stralloc storagesa = STRALLOC_ZERO ; +static genalloc storagega = GENALLOC_ZERO ; /* We cannot depend on execline so we duplicate functions here */ @@ -71,9 +75,9 @@ static int el_semicolon (char const **argv) typedef struct backend_s backend_t, *backend_t_ref ; struct backend_s { - char const *const *argv ; nsss_switch_t handle ; - uint8_t flags ; + uint8_t flags : 3 ; + uint8_t failed : 1 ; } ; typedef struct handle_s handle_t, *handle_t_ref ; @@ -98,18 +102,19 @@ int nsssd_handle_start (void *handle, char const *const *argv) while (args[argc]) { backend_t *be = &a->tab[a->n] ; + unsigned int bitfield ; int argc1 ; - unsigned int flags ; - if (!uint0_scan(args[argc++], &flags)) dieusage() ; + if (!uint0_scan(args[argc++], &bitfield)) dieusage() ; if (!args[argc]) strerr_dief1x(100, "missing block") ; argc1 = el_semicolon(args + argc) ; if (!argc1) strerr_dief1x(100, "empty block") ; if (!args[argc + argc1]) strerr_dief1x(100, "unterminated block") ; args[argc + argc1] = 0 ; - if (a->n++ >= MAX_BACKENDS) strerr_dief1x(100, "too many defined backends") ; - be->flags = flags & 0x7 ; - be->argv = args + argc ; be->handle = nsss_switch_zero ; + be->flags = 0 ; + be->failed = !nsss_switch_startf(&be->handle, NSSS_SWITCH_PWD | NSSS_SWITCH_GRP | NSSS_SWITCH_SHADOW, args + argc, 0, 0) ; + if (a->n++ >= MAX_BACKENDS) strerr_dief1x(100, "too many defined backends") ; + be->flags |= bitfield & 0x7 ; argc += argc1 ; } if (!a->n) strerr_dief1x(100, "no defined backends") ; @@ -132,47 +137,96 @@ int nsssd_pwd_start (void *handle) int nsssd_pwd_rewind (void *handle) { - nsss_unix_setpwent() ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + if (nsss_switch_pwd_rewind_g(&a->tab[i].handle, &deadline)) return 1 ; + if (a->tab[i].flags & 2) return 0 ; + } + return 0 ; } int nsssd_pwd_get (void *handle, struct passwd *pw) { - struct passwd *pw2 = nsss_unix_getpwent() ; - if (!pw2) return 0 ; - *pw = *pw2 ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + errno = 0 ; + if (nsss_switch_pwd_get_g(&a->tab[i].handle, pw, &storagesa, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } int nsssd_pwd_getbyuid (void *handle, struct passwd *pw, uid_t uid) { - struct passwd *pw2 = nsss_unix_getpwuid(uid) ; - if (!pw2) return 0 ; - *pw = *pw2 ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + errno = 0 ; + if (nsss_switch_pwd_getbyuid_g(&a->tab[i].handle, pw, &storagesa, uid, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } int nsssd_pwd_getbyname (void *handle, struct passwd *pw, char const *name) { - struct passwd *pw2 = nsss_unix_getpwnam(name) ; - if (!pw2) return 0 ; - *pw = *pw2 ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + errno = 0 ; + if (nsss_switch_pwd_getbyname_g(&a->tab[i].handle, pw, &storagesa, name, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } void nsssd_pwd_end (void *handle) { - nsss_unix_endpwent() ; - (void)handle ; -} - -void nsssd_grp_handle_init (void *handle) -{ - (void)handle ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + nsss_switch_pwd_end_g(&a->tab[i].handle, &deadline) ; + } } int nsssd_grp_start (void *handle) @@ -183,53 +237,119 @@ int nsssd_grp_start (void *handle) int nsssd_grp_rewind (void *handle) { - nsss_unix_setgrent() ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + if (nsss_switch_grp_rewind_g(&a->tab[i].handle, &deadline)) return 1 ; + if (a->tab[i].flags & 2) return 0 ; + } + return 0 ; } int nsssd_grp_get (void *handle, struct group *gr) { - struct group *gr2 = nsss_unix_getgrent() ; - if (!gr2) return 0 ; - *gr = *gr2 ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + genalloc_setlen(char *, &storagega, 0) ; + errno = 0 ; + if (nsss_switch_grp_get_g(&a->tab[i].handle, gr, &storagesa, &storagega, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } int nsssd_grp_getbygid (void *handle, struct group *gr, gid_t gid) { - struct group *gr2 = nsss_unix_getgrgid(gid) ; - if (!gr2) return 0 ; - *gr = *gr2 ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + genalloc_setlen(char *, &storagega, 0) ; + errno = 0 ; + if (nsss_switch_grp_getbygid_g(&a->tab[i].handle, gr, &storagesa, &storagega, gid, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } int nsssd_grp_getbyname (void *handle, struct group *gr, char const *name) { - struct group *gr2 = nsss_unix_getgrnam(name) ; - if (!gr2) return 0 ; - *gr = *gr2 ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + genalloc_setlen(char *, &storagega, 0) ; + errno = 0 ; + if (nsss_switch_grp_getbyname_g(&a->tab[i].handle, gr, &storagesa, &storagega, name, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } int nsssd_grp_getlist (void *handle, char const *user, gid_t *gids, size_t n, size_t *r) { - (void)handle ; - return nsss_unix_getgrouplist_preadjust(user, gids, n, r) ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + errno = 0 ; + if (nsss_switch_grp_getlist_g(&a->tab[i].handle, user, gids, n, r, &storagesa, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } void nsssd_grp_end (void *handle) { - nsss_unix_endgrent() ; - (void)handle ; -} - -void nsssd_shadow_handle_init (void *handle) -{ - (void)handle ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + nsss_switch_grp_end_g(&a->tab[i].handle, &deadline) ; + } } int nsssd_shadow_start (void *handle) @@ -240,33 +360,76 @@ int nsssd_shadow_start (void *handle) int nsssd_shadow_rewind (void *handle) { - nsss_unix_setspent() ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + if (nsss_switch_shadow_rewind_g(&a->tab[i].handle, &deadline)) return 1 ; + if (a->tab[i].flags & 2) return 0 ; + } + return 0 ; } int nsssd_shadow_get (void *handle, struct spwd *sp) { - struct spwd *sp2 = nsss_unix_getspent() ; - if (!sp2) return 0 ; - *sp = *sp2 ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + errno = 0 ; + if (nsss_switch_shadow_get_g(&a->tab[i].handle, sp, &storagesa, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } int nsssd_shadow_getbyname (void *handle, struct spwd *sp, char const *name) { - struct spwd *sp2 = nsss_unix_getspnam(name) ; - if (!sp2) return 0 ; - *sp = *sp2 ; - (void)handle ; - return 1 ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return 0 ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + storagesa.len = 0 ; + errno = 0 ; + if (nsss_switch_shadow_getbyname_g(&a->tab[i].handle, sp, &storagesa, name, &deadline)) return 1 ; + if (a->tab[i].flags & (errno ? 2 : 4)) return 0 ; + } + return 0 ; } void nsssd_shadow_end (void *handle) { - nsss_unix_endspent() ; - (void)handle ; + handle_t *a = handle ; + for (unsigned int i = 0 ; i < a->n ; i++) + { + tain deadline ; + if (a->tab[i].failed) + { + if (a->tab[i].flags & 1) return ; + else continue ; + } + tain_add_g(&deadline, &tto) ; + nsss_switch_pwd_end_g(&a->tab[i].handle, &deadline) ; + } } int main (int argc, char const *const *argv) diff --git a/src/tests/deps-exe/test-nsssd-switch b/src/tests/deps-exe/test-nsssd-switch new file mode 120000 index 0000000..9cb6054 --- /dev/null +++ b/src/tests/deps-exe/test-nsssd-switch @@ -0,0 +1 @@ +test-switch \ No newline at end of file diff --git a/src/tests/test-nsssd-switch.baseline b/src/tests/test-nsssd-switch.baseline new file mode 120000 index 0000000..28f1c7a --- /dev/null +++ b/src/tests/test-nsssd-switch.baseline @@ -0,0 +1 @@ +test-switch.baseline \ No newline at end of file diff --git a/src/tests/test-nsssd-switch.c b/src/tests/test-nsssd-switch.c new file mode 120000 index 0000000..08323c4 --- /dev/null +++ b/src/tests/test-nsssd-switch.c @@ -0,0 +1 @@ +test-switch.c \ No newline at end of file diff --git a/src/tests/test-nsssd-switch.wrapper b/src/tests/test-nsssd-switch.wrapper new file mode 100755 index 0000000..8e05937 --- /dev/null +++ b/src/tests/test-nsssd-switch.wrapper @@ -0,0 +1,21 @@ +#!/bin/sh -e + +S=./.test-switch-socket +F=./.test-switch-fifo + +pid=0 + +cleanup () { + kill $pid + rm -f $S +} + +mkfifo $F +head -n 1 < $F >/dev/null & +pid=$! +s6-ipcserver -1 -- $S ./nsssd-switch 0 ' ./nsssd-unix' '' > $F & +wait $pid +pid=$! +rm -f $F +trap cleanup TERM INT EXIT +./test-nsssd-switch -- cgit v1.2.3