The branch, master has been updated via a0d314d lib: Remove socket wrapper python module. via d1ee35d dns.py: Use the python socket module. via 0ed826d selftest: Preload socket_wrapper. via 0028819 lib: Change socket_wrapper to preloadable version. via d407446 Remove special socket_wrapper code. via a9c1d5b replace: Add socket_wrapper_enabled(). via 5de011b s4-torture: Remove socket_wrapper testsuite. via 5d7609c selftest: Disable loading ldb modules with RTLD_DEEPBIND. via 11e87cd ldb: Add a env variable to disable RTLD_DEEPBIND. via 4dca841 s3-libads: Use ldap_initialize() if available. via 2522bb8 selftest: Rename WINBINDD_SOCKET_DIR environment variable. via c29fb2e wbclient: Check with nss_wrapper_enabled(). via 354744f selftest: Write the nss_wrapper hosts file. via 3381784 selftest: Set NSS_WRAPPER_MODULE variables for NSS module. via a573441 selftest: Add the user running the test to passwd. via d24a154 selftest: Preload nss_wrapper via 5bb410f lib: Change nss_wrapper to preloadable version. via b2163f2 Remove special nss_wrapper code via f95e868 s4-torture: Remove nss_wrapper testsuite. via 115a80d replace: Add nss_wrapper_hosts_enabled(). via 30860e0 replace: Add nss_wrapper_enabled(). via 1a46269 lib: Add missing include for unistd.h in unix_privs. via 68c450a lib: Add missing include for unistd.h in setid. via 6118c2e s3: Use root_mode() to get uid_wrapper working correctly. via 15feb84 s3-lib: Add root_mode() which can deal with uid_wrapper. via 486fa4a libwbclient: Handle uid_wrapper for pipe access. via 28b87dd s4-ntfs: Improve uid check in wrapper mode. via d2a7ce9 s3-utils: Do not disable the root check in smbpasswd. via 363f76c testprogs: Fix tests calling smbpasswd. via 77b7dfd selftest: Call smbpasswd as root. via d1c53eb selftest: Enable uid_wrapper globally. via 9feeeb3 selftest: Pass uid_wrapper library to selftest and preload it. via 751b2b2 Remove uid_wrapper related code. via 6d23354 lib: Change uid_wrapper to preloadable version. via f318a44 replace: Add uid_wrapper_enabled(). via ad3a431 wafsamba: Add set_target to CHECK_BUNDLED_SYSTEM. via c6a8edb selftest: Add a bash env file you can source. from 5adacb4 s3: use smb_xmemdup instead of smb_memdup and smb_panic
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a0d314dfcee650ac62adf9aae22b04c52663d81e Author: Andreas Schneider <a...@samba.org> Date: Thu Feb 13 15:55:30 2014 +0100 lib: Remove socket wrapper python module. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Thu Apr 17 17:12:50 CEST 2014 on sn-devel-104 commit d1ee35dc3623ef6e2a7a7c38e1653b85f50e6ba3 Author: Andreas Schneider <a...@samba.org> Date: Fri Jul 5 12:07:49 2013 +0200 dns.py: Use the python socket module. We preload socket_wrapper, no need to use the special module. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 0ed826d5087f05993f74cfa280bf1abed14ab161 Author: Andreas Schneider <a...@samba.org> Date: Thu Feb 13 15:49:27 2014 +0100 selftest: Preload socket_wrapper. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 00288191bf343a9382ac49ccf4c86b3bde86e2f8 Author: Andreas Schneider <a...@samba.org> Date: Mon Apr 7 16:12:21 2014 +0200 lib: Change socket_wrapper to preloadable version. This imports socket_wrapper 1.0.1. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit d407446ddc3dfa02c56e517d87238444f1c9b51b Author: Andreas Schneider <a...@samba.org> Date: Mon Apr 7 16:09:00 2014 +0200 Remove special socket_wrapper code. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit a9c1d5bd636c5d87a0e165361038671cead58550 Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 12 16:24:26 2014 +0100 replace: Add socket_wrapper_enabled(). Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 5de011be3f0ebb527678d681573f4def8335f6d4 Author: Andreas Schneider <a...@samba.org> Date: Wed Jul 3 14:17:00 2013 +0200 s4-torture: Remove socket_wrapper testsuite. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 5d7609cd789ceac98f1543d22c40201dde71f7a1 Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 4 13:52:52 2014 +0100 selftest: Disable loading ldb modules with RTLD_DEEPBIND. This is needed in order to allow the ldb_*ldap module to work with a preloaded socket wrapper. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 11e87cdbb694cf542f3b7633326005abd49e43f1 Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 4 13:50:41 2014 +0100 ldb: Add a env variable to disable RTLD_DEEPBIND. We need a way to disable this in order to allow the ldb_*ldap modules to work with a preloaded socket wrapper. The only known user is the bind_dlz module, but symbol versioniong might be enough... So in future we may remove this completely or at least invert the default behavior. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 4dca841d51dc1f11d62d86a31d8545dbfdcf7798 Author: Andreas Schneider <a...@samba.org> Date: Wed Jul 3 14:26:49 2013 +0200 s3-libads: Use ldap_initialize() if available. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 2522bb80902d2e7677a25a85fa597022f20f1147 Author: Andreas Schneider <a...@samba.org> Date: Thu Feb 20 10:34:49 2014 +0100 selftest: Rename WINBINDD_SOCKET_DIR environment variable. It is very confusing if the env var uses the same name as the define in the source code. So prefix it with SELFTEST. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit c29fb2e6157c90e7f0c6b37e9923152d999e76dc Author: Andreas Schneider <a...@samba.org> Date: Thu Feb 13 15:53:29 2014 +0100 wbclient: Check with nss_wrapper_enabled(). Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 354744f6e8e03b3552d19d8223c821d37b25e7fa Author: Andreas Schneider <a...@samba.org> Date: Thu Jun 27 16:12:47 2013 +0200 selftest: Write the nss_wrapper hosts file. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 338178469010139e4d97fab0fd96d123cfdc2510 Author: Andreas Schneider <a...@samba.org> Date: Wed Jun 12 15:42:01 2013 +0200 selftest: Set NSS_WRAPPER_MODULE variables for NSS module. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit a573441e735ec3663457f83215baa38986db7051 Author: Andreas Schneider <a...@samba.org> Date: Wed Jul 3 14:08:04 2013 +0200 selftest: Add the user running the test to passwd. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit d24a154429864054bd319891f1acd456ff4cbcb1 Author: Andreas Schneider <a...@samba.org> Date: Fri Jan 31 16:34:25 2014 +0100 selftest: Preload nss_wrapper Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 5bb410f85312196bb24e62a6a0b8350576433dc6 Author: Andreas Schneider <a...@samba.org> Date: Fri Jan 31 15:57:43 2014 +0100 lib: Change nss_wrapper to preloadable version. This imports nss_wrapper version 1.0.2. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit b2163f23c09128ad0d2765a1a4c9a993500b588f Author: Andreas Schneider <a...@samba.org> Date: Wed Jul 3 14:04:57 2013 +0200 Remove special nss_wrapper code Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit f95e86828a33690f7bb22d320d6781f2b749f8e1 Author: Andreas Schneider <a...@samba.org> Date: Wed Jul 3 14:07:30 2013 +0200 s4-torture: Remove nss_wrapper testsuite. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 115a80d3812c1bca35e6e126c067885e53302dcd Author: Andreas Schneider <a...@samba.org> Date: Tue Apr 8 10:07:14 2014 +0200 replace: Add nss_wrapper_hosts_enabled(). Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 30860e0d0e2ed996238a6413b71b5fd899342754 Author: Andreas Schneider <a...@samba.org> Date: Mon Apr 7 16:32:20 2014 +0200 replace: Add nss_wrapper_enabled(). Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 1a46269599c3eb80be68b30b70fbef1fa4e0c5cc Author: Andreas Schneider <a...@samba.org> Date: Mon Apr 7 16:29:21 2014 +0200 lib: Add missing include for unistd.h in unix_privs. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 68c450a42321c6c6ac69b6e9605a847d756b9427 Author: Andreas Schneider <a...@samba.org> Date: Mon Apr 7 16:27:22 2014 +0200 lib: Add missing include for unistd.h in setid. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 6118c2ec2c3770e10fd3683c3a0b07ad43a8a10b Author: Andreas Schneider <a...@samba.org> Date: Wed Nov 6 17:43:19 2013 +0100 s3: Use root_mode() to get uid_wrapper working correctly. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 15feb84273c65dbe2d3f502861c7f520c46dc9d3 Author: Andreas Schneider <a...@samba.org> Date: Wed Nov 6 18:00:31 2013 +0100 s3-lib: Add root_mode() which can deal with uid_wrapper. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 486fa4a134a79e0a25091efc749ccc131dc18f69 Author: Andreas Schneider <a...@samba.org> Date: Mon Sep 9 16:28:18 2013 +0200 libwbclient: Handle uid_wrapper for pipe access. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 28b87dd75e7292c4c451c753c44a640cbcf5d8cb Author: Andreas Schneider <a...@samba.org> Date: Fri Jan 17 16:06:42 2014 +0100 s4-ntfs: Improve uid check in wrapper mode. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit d2a7ce9d67fbd68b6a2ffb4a3501cc82870a7b1d Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 2 15:42:29 2014 +0200 s3-utils: Do not disable the root check in smbpasswd. We will run uid_wrapper as root so that this succeeds. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 363f76c30504ca18cbce56f5b2ed5bcb2ce41412 Author: Andreas Schneider <a...@samba.org> Date: Mon Jul 29 13:50:06 2013 +0200 testprogs: Fix tests calling smbpasswd. smbpasswd has a check that it is root so make sure we start with uid_wrapper being root! Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 77b7dfd37b4833cd7a5a953744decf406ac94db0 Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 2 15:41:34 2014 +0200 selftest: Call smbpasswd as root. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit d1c53ebf4c34cd982dce9d0eaa141920a062adba Author: Andreas Schneider <a...@samba.org> Date: Thu Apr 3 10:42:30 2014 +0200 selftest: Enable uid_wrapper globally. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 9feeeb369b913debc41a0c57ac1cd1f6fbdf9b72 Author: Andreas Schneider <a...@samba.org> Date: Wed Jul 3 12:55:29 2013 +0200 selftest: Pass uid_wrapper library to selftest and preload it. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 751b2b2d2a8b66cd447b5aed4531a8fc6cfab256 Author: Andreas Schneider <a...@samba.org> Date: Wed Jul 3 12:52:52 2013 +0200 Remove uid_wrapper related code. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 6d23354f72a487741177dd83c561a1bb72fa6412 Author: Andreas Schneider <a...@samba.org> Date: Fri Jan 17 14:43:01 2014 +0100 lib: Change uid_wrapper to preloadable version. This imports version 1.0.1 of uid_wrapper. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit f318a44ec79da33a8972da9822c9ac3e4b39acff Author: Andreas Schneider <a...@samba.org> Date: Fri Jan 17 15:23:54 2014 +0100 replace: Add uid_wrapper_enabled(). Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit ad3a4316705245891d9a66c50817a26a41ac016f Author: Andreas Schneider <a...@samba.org> Date: Mon Jan 20 12:37:44 2014 +0100 wafsamba: Add set_target to CHECK_BUNDLED_SYSTEM. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit c6a8edb4a71d2abbe2c7bc151237e37572876653 Author: Andreas Schneider <a...@samba.org> Date: Sat Feb 15 16:53:46 2014 +0100 selftest: Add a bash env file you can source. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/samba_bundled.py | 8 +- configure.developer | 2 - lib/ldb/common/ldb_modules.c | 25 +- lib/nss_wrapper/nss_wrapper.c | 2744 +++++++++++++++++++++++++----- lib/nss_wrapper/nss_wrapper.h | 171 -- lib/nss_wrapper/testsuite.c | 958 ----------- lib/nss_wrapper/wscript | 111 ++- lib/nss_wrapper/wscript_build | 10 - lib/replace/{socket.c => cwrap.c} | 27 +- lib/replace/getifaddrs.c | 2 - lib/replace/replace.h | 5 + lib/replace/system/filesys.h | 11 - lib/replace/system/network.h | 20 - lib/replace/system/passwd.h | 23 - lib/replace/wscript | 4 +- lib/socket_wrapper/py_socket_wrapper.c | 879 ---------- lib/socket_wrapper/socket.py | 50 - lib/socket_wrapper/socket_wrapper.c | 2028 +++++++++++++++++++---- lib/socket_wrapper/socket_wrapper.h | 177 -- lib/socket_wrapper/testsuite.c | 106 -- lib/socket_wrapper/wscript | 86 +- lib/socket_wrapper/wscript_build | 22 - lib/uid_wrapper/uid_wrapper.c | 1215 ++++++++++++-- lib/uid_wrapper/uid_wrapper.h | 101 -- lib/uid_wrapper/wscript | 64 +- lib/uid_wrapper/wscript_build | 10 - lib/util/setid.c | 47 +- lib/util/unix_privs.c | 5 + lib/util/util.c | 4 +- lib/util/wscript_build | 2 +- nsswitch/libwbclient/wbc_pam.c | 1 - nsswitch/pam_winbind.c | 2 - nsswitch/wb_common.c | 49 +- nsswitch/winbind_nss_config.h | 9 - nsswitch/winbind_struct_protocol.h | 7 - nsswitch/wscript_build | 2 +- python/samba/tests/dns.py | 2 +- selftest/devel_env.sh | 11 + selftest/selftest.pl | 60 +- selftest/target/Samba3.pm | 51 +- selftest/target/Samba4.pm | 24 +- selftest/wscript | 4 + source3/include/proto.h | 1 + source3/lib/util_sec.c | 20 + source3/libads/ldap.c | 57 +- source3/libsmb/smb_share_modes.c | 1 - source3/registry/reg_dispatcher.c | 2 +- source3/rpc_server/rpc_handles.c | 2 +- source3/rpc_server/samr/srv_samr_nt.c | 4 +- source3/rpc_server/srv_access_check.c | 2 +- source3/selftest/tests.py | 2 +- source3/torture/wbc_async.c | 12 +- source3/utils/smbpasswd.c | 2 - source4/heimdal_build/wscript_build | 6 +- source4/libcli/wbclient/wbclient.c | 2 +- source4/ntvfs/posix/pvfs_acl.c | 22 +- source4/scripting/devel/selftest-vars.sh | 2 +- source4/torture/local/local.c | 6 - source4/torture/local/wscript_build | 8 - testprogs/blackbox/test_passwords.sh | 3 + testprogs/blackbox/test_pdbtest.sh | 3 + wscript | 3 - 62 files changed, 5665 insertions(+), 3634 deletions(-) delete mode 100644 lib/nss_wrapper/nss_wrapper.h delete mode 100644 lib/nss_wrapper/testsuite.c delete mode 100644 lib/nss_wrapper/wscript_build copy lib/replace/{socket.c => cwrap.c} (69%) delete mode 100644 lib/socket_wrapper/py_socket_wrapper.c delete mode 100644 lib/socket_wrapper/socket.py delete mode 100644 lib/socket_wrapper/socket_wrapper.h delete mode 100644 lib/socket_wrapper/testsuite.c delete mode 100644 lib/socket_wrapper/wscript_build delete mode 100644 lib/uid_wrapper/uid_wrapper.h delete mode 100644 lib/uid_wrapper/wscript_build create mode 100644 selftest/devel_env.sh Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py index 23a0f09..45946d5 100644 --- a/buildtools/wafsamba/samba_bundled.py +++ b/buildtools/wafsamba/samba_bundled.py @@ -122,7 +122,7 @@ def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0', def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0', checkfunctions=None, headers=None, checkcode=None, onlyif=None, implied_deps=None, - require_headers=True, pkg=None): + require_headers=True, pkg=None, set_target=True): '''check if a library is available as a system library. this first tries via pkg-config, then if that fails tries by testing for a specified function in the specified lib @@ -180,7 +180,8 @@ def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0', args='"%s >= %s" --cflags --libs' % (pkg, minversion), msg=msg, uselib_store=uselib_store) and check_functions_headers_code()): - conf.SET_TARGET_TYPE(libname, 'SYSLIB') + if set_target: + conf.SET_TARGET_TYPE(libname, 'SYSLIB') conf.env[found] = True if implied_deps: conf.SET_SYSLIB_DEPS(libname, implied_deps) @@ -190,7 +191,8 @@ def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0', conf.env[found] = True if implied_deps: conf.SET_SYSLIB_DEPS(libname, implied_deps) - conf.SET_TARGET_TYPE(libname, 'SYSLIB') + if set_target: + conf.SET_TARGET_TYPE(libname, 'SYSLIB') return True conf.env[found] = False if not conf.LIB_MAY_BE_BUNDLED(libname): diff --git a/configure.developer b/configure.developer index 5033670..68616e5 100755 --- a/configure.developer +++ b/configure.developer @@ -1,6 +1,4 @@ #!/bin/sh `dirname $0`/configure -C \ --enable-developer \ - --enable-socket-wrapper \ - --enable-nss-wrapper \ "$@" diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c index a39b12d..05a8d8a 100644 --- a/lib/ldb/common/ldb_modules.c +++ b/lib/ldb/common/ldb_modules.c @@ -901,6 +901,7 @@ static int ldb_modules_load_path(const char *path, const char *version) } *loaded; struct loaded *le; int dlopen_flags; + bool deepbind_enabled = (getenv("LDB_MODULES_DISABLE_DEEPBIND") == NULL); ret = stat(path, &st); if (ret != 0) { @@ -934,13 +935,25 @@ static int ldb_modules_load_path(const char *path, const char *version) dlopen_flags = RTLD_NOW; #ifdef RTLD_DEEPBIND - /* use deepbind if possible, to avoid issues with different - system library varients, for example ldb modules may be linked - against Heimdal while the application may use MIT kerberos - - See the dlopen manpage for details + /* + * use deepbind if possible, to avoid issues with different + * system library varients, for example ldb modules may be linked + * against Heimdal while the application may use MIT kerberos. + * + * See the dlopen manpage for details. + * + * One typical user is the bind_dlz module of Samba, + * but symbol versioniong might be enough... + * + * We need a way to disable this in order to allow the + * ldb_*ldap modules to work with a preloaded socket wrapper. + * + * So in future we may remove this completely + * or at least invert the default behavior. */ - dlopen_flags |= RTLD_DEEPBIND; + if (deepbind_enabled) { + dlopen_flags |= RTLD_DEEPBIND; + } #endif handle = dlopen(path, dlopen_flags); diff --git a/lib/nss_wrapper/nss_wrapper.c b/lib/nss_wrapper/nss_wrapper.c index 8767fbf..7c5a413 100644 --- a/lib/nss_wrapper/nss_wrapper.c +++ b/lib/nss_wrapper/nss_wrapper.c @@ -1,6 +1,7 @@ /* * Copyright (C) Stefan Metzmacher 2007 <me...@samba.org> * Copyright (C) Guenther Deschner 2009 <g...@samba.org> + * Copyright (C) Andreas Schneider 2013 <a...@samba.org> * * All rights reserved. * @@ -32,120 +33,229 @@ * SUCH DAMAGE. */ -#ifdef _SAMBA_BUILD_ +#include "config.h" + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <errno.h> +#include <fcntl.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <ctype.h> -/* defining this gives us the posix getpwnam_r() calls on solaris - Thanks to heimdal for this */ +/* + * Defining _POSIX_PTHREAD_SEMANTICS before including pwd.h and grp.h gives us + * the posix getpwnam_r(), getpwuid_r(), getgrnam_r and getgrgid_r calls on + * Solaris + */ #ifndef _POSIX_PTHREAD_SEMANTICS #define _POSIX_PTHREAD_SEMANTICS #endif -#define NSS_WRAPPER_NOT_REPLACE -#include "../replace/replace.h" -#include "system/passwd.h" -#include "system/filesys.h" -#include "../nsswitch/nsstest.h" +#include <pwd.h> +#include <grp.h> + +#include <netdb.h> +#include <arpa/inet.h> +#include <netinet/in.h> + +#include <dlfcn.h> -#else /* _SAMBA_BUILD_ */ +#if defined(HAVE_NSS_H) +/* Linux and BSD */ +#include <nss.h> -#error nss_wrapper_only_supported_in_samba_yet +typedef enum nss_status NSS_STATUS; +#elif defined(HAVE_NSS_COMMON_H) +/* Solaris */ +#include <nss_common.h> +#include <nss_dbdefs.h> +#include <nsswitch.h> + +typedef nss_status_t NSS_STATUS; + +# define NSS_STATUS_SUCCESS NSS_SUCCESS +# define NSS_STATUS_NOTFOUND NSS_NOTFOUND +# define NSS_STATUS_UNAVAIL NSS_UNAVAIL +# define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN +#else +# error "No nsswitch support detected" +#endif +#ifndef PTR_DIFF +#define PTR_DIFF(p1, p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2))) #endif #ifndef _PUBLIC_ #define _PUBLIC_ #endif -/* not all systems have _r functions... */ -#ifndef HAVE_GETPWNAM_R -#define getpwnam_r(name, pwdst, buf, buflen, pwdstp) ENOSYS -#endif -#ifndef HAVE_GETPWUID_R -#define getpwuid_r(uid, pwdst, buf, buflen, pwdstp) ENOSYS +#ifndef EAI_NODATA +#define EAI_NODATA EAI_NONAME #endif -#ifndef HAVE_GETPWENT_R -#define getpwent_r(pwdst, buf, buflen, pwdstp) ENOSYS + +#ifndef EAI_ADDRFAMILY +#define EAI_ADDRFAMILY EAI_FAMILY #endif -#ifndef HAVE_GETGRNAM_R -#define getgrnam_r(name, grdst, buf, buflen, grdstp) ENOSYS + +#ifndef __STRING +#define __STRING(x) #x #endif -#ifndef HAVE_GETGRGID_R -#define getgrgid_r(gid, grdst, buf, buflen, grdstp) ENOSYS + +#ifndef __STRINGSTRING +#define __STRINGSTRING(x) __STRING(x) #endif -#ifndef HAVE_GETGRENT_R -#define getgrent_r(grdst, buf, buflen, grdstp) ENOSYS + +#ifndef __LINESTR__ +#define __LINESTR__ __STRINGSTRING(__LINE__) #endif -/* not all systems have getgrouplist */ -#ifndef HAVE_GETGROUPLIST -#define getgrouplist(user, group, groups, ngroups) 0 +#ifndef __location__ +#define __location__ __FILE__ ":" __LINESTR__ #endif -/* LD_PRELOAD doesn't work yet, so REWRITE_CALLS is all we support - * for now */ -#define REWRITE_CALLS +/* GCC have printf type attribute check. */ +#ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT +#define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b))) +#else +#define PRINTF_ATTRIBUTE(a,b) +#endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */ -#ifdef REWRITE_CALLS +#ifdef HAVE_DESTRUCTOR_ATTRIBUTE +#define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor)) +#else +#define DESTRUCTOR_ATTRIBUTE +#endif /* HAVE_DESTRUCTOR_ATTRIBUTE */ -#define real_getpwnam getpwnam -#define real_getpwnam_r getpwnam_r -#define real_getpwuid getpwuid -#define real_getpwuid_r getpwuid_r +#define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0) -#define real_setpwent setpwent -#define real_getpwent getpwent -#define real_getpwent_r getpwent_r -#define real_endpwent endpwent +enum nwrap_dbglvl_e { + NWRAP_LOG_ERROR = 0, + NWRAP_LOG_WARN, + NWRAP_LOG_DEBUG, + NWRAP_LOG_TRACE +}; -/* -#define real_getgrlst getgrlst -#define real_getgrlst_r getgrlst_r -#define real_initgroups_dyn initgroups_dyn -*/ -#define real_initgroups initgroups -#define real_getgrouplist getgrouplist - -#define real_getgrnam getgrnam -#define real_getgrnam_r getgrnam_r -#define real_getgrgid getgrgid -#define real_getgrgid_r getgrgid_r - -#define real_setgrent setgrent -#define real_getgrent getgrent -#define real_getgrent_r getgrent_r -#define real_endgrent endgrent +#ifdef NDEBUG +# define NWRAP_LOG(...) +#else -#endif +static void nwrap_log(enum nwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4); +# define NWRAP_LOG(dbglvl, ...) nwrap_log((dbglvl), __func__, __VA_ARGS__) -#if 0 -# ifdef DEBUG -# define NWRAP_ERROR(args) DEBUG(0, args) -# else -# define NWRAP_ERROR(args) printf args -# endif +static void nwrap_log(enum nwrap_dbglvl_e dbglvl, + const char *func, + const char *format, ...) +{ + char buffer[1024]; + va_list va; + const char *d; + unsigned int lvl = 0; + int pid = getpid(); + + d = getenv("NSS_WRAPPER_DEBUGLEVEL"); + if (d != NULL) { + lvl = atoi(d); + } + + va_start(va, format); + vsnprintf(buffer, sizeof(buffer), format, va); + va_end(va); + + if (lvl >= dbglvl) { + switch (dbglvl) { + case NWRAP_LOG_ERROR: + fprintf(stderr, + "NWRAP_ERROR(%d) - %s: %s\n", + pid, func, buffer); + break; + case NWRAP_LOG_WARN: + fprintf(stderr, + "NWRAP_WARN(%d) - %s: %s\n", + pid, func, buffer); + break; + case NWRAP_LOG_DEBUG: + fprintf(stderr, + "NWRAP_DEBUG(%d) - %s: %s\n", + pid, func, buffer); + break; + case NWRAP_LOG_TRACE: + fprintf(stderr, + "NWRAP_TRACE(%d) - %s: %s\n", + pid, func, buffer); + break; + } + } +} +#endif /* NDEBUG NWRAP_LOG */ + +struct nwrap_libc_fns { + struct passwd *(*_libc_getpwnam)(const char *name); + int (*_libc_getpwnam_r)(const char *name, struct passwd *pwd, + char *buf, size_t buflen, struct passwd **result); + struct passwd *(*_libc_getpwuid)(uid_t uid); + int (*_libc_getpwuid_r)(uid_t uid, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result); + void (*_libc_setpwent)(void); + struct passwd *(*_libc_getpwent)(void); +#ifdef HAVE_SOLARIS_GETPWENT_R + struct passwd *(*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen); #else -#define NWRAP_ERROR(args) + int (*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen, struct passwd **pwbufp); #endif - -#if 0 -# ifdef DEBUG -# define NWRAP_DEBUG(args) DEBUG(0, args) -# else -# define NWRAP_DEBUG(args) printf args -# endif + void (*_libc_endpwent)(void); + int (*_libc_initgroups)(const char *user, gid_t gid); + struct group *(*_libc_getgrnam)(const char *name); + int (*_libc_getgrnam_r)(const char *name, struct group *grp, char *buf, size_t buflen, struct group **result); + struct group *(*_libc_getgrgid)(gid_t gid); + int (*_libc_getgrgid_r)(gid_t gid, struct group *grp, char *buf, size_t buflen, struct group **result); + void (*_libc_setgrent)(void); + struct group *(*_libc_getgrent)(void); +#ifdef HAVE_SOLARIS_GETGRENT_R + struct group *(*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen); #else -#define NWRAP_DEBUG(args) + int (*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen, struct group **result); #endif + void (*_libc_endgrent)(void); + int (*_libc_getgrouplist)(const char *user, gid_t group, gid_t *groups, int *ngroups); -#if 0 -# ifdef DEBUG -# define NWRAP_VERBOSE(args) DEBUG(0, args) -# else -# define NWRAP_VERBOSE(args) printf args -# endif -#else -#define NWRAP_VERBOSE(args) + void (*_libc_sethostent)(int stayopen); + struct hostent *(*_libc_gethostent)(void); + void (*_libc_endhostent)(void); + + struct hostent *(*_libc_gethostbyname)(const char *name); +#ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */ + struct hostent *(*_libc_gethostbyname2)(const char *name, int af); +#endif + struct hostent *(*_libc_gethostbyaddr)(const void *addr, socklen_t len, int type); + + int (*_libc_getaddrinfo)(const char *node, const char *service, + const struct addrinfo *hints, + struct addrinfo **res); + int (*_libc_getnameinfo)(const struct sockaddr *sa, socklen_t salen, + char *host, size_t hostlen, + char *serv, size_t servlen, + int flags); + int (*_libc_gethostname)(char *name, size_t len); +#ifdef HAVE_GETHOSTBYNAME_R + int (*_libc_gethostbyname_r)(const char *name, + struct hostent *ret, + char *buf, size_t buflen, + struct hostent **result, int *h_errnop); +#endif +#ifdef HAVE_GETHOSTBYADDR_R + int (*_libc_gethostbyaddr_r)(const void *addr, socklen_t len, int type, + struct hostent *ret, + char *buf, size_t buflen, + struct hostent **result, int *h_errnop); #endif +}; struct nwrap_module_nss_fns { NSS_STATUS (*_nss_getpwnam_r)(const char *name, struct passwd *result, char *buffer, @@ -213,6 +323,11 @@ struct nwrap_ops { void (*nw_endgrent)(struct nwrap_backend *b); }; +/* Public prototypes */ + +bool nss_wrapper_enabled(void); +bool nss_wrapper_hosts_enabled(void); + /* prototypes for files backend */ @@ -328,10 +443,18 @@ struct nwrap_ops nwrap_module_ops = { .nw_endgrent = nwrap_module_endgrent, }; +struct nwrap_libc { + void *handle; + void *nsl_handle; + void *sock_handle; + struct nwrap_libc_fns *fns; +}; + struct nwrap_main { const char *nwrap_switch; int num_backends; struct nwrap_backend *backends; + struct nwrap_libc *libc; }; struct nwrap_main *nwrap_main_global; @@ -372,8 +495,550 @@ struct nwrap_gr { struct nwrap_cache __nwrap_cache_gr; struct nwrap_gr nwrap_gr_global; +static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line); +static void nwrap_he_unload(struct nwrap_cache *nwrap); + +struct nwrap_addrdata { + unsigned char host_addr[16]; /* IPv4 or IPv6 address */ + char *h_addr_ptrs[2]; /* host_addr pointer + NULL */ +}; + +struct nwrap_entdata { + struct nwrap_addrdata *addr; + struct hostent ht; +}; + +struct nwrap_he { + struct nwrap_cache *cache; + + struct nwrap_entdata *list; + int num; + int idx; +}; + +struct nwrap_cache __nwrap_cache_he; +struct nwrap_he nwrap_he_global; + + +/********************************************************* + * NWRAP PROTOTYPES + *********************************************************/ + +static void nwrap_init(void); static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line); static void nwrap_gr_unload(struct nwrap_cache *nwrap); +void nwrap_destructor(void) DESTRUCTOR_ATTRIBUTE; + +/********************************************************* + * NWRAP LIBC LOADER FUNCTIONS + *********************************************************/ + +enum nwrap_lib { + NWRAP_LIBC, + NWRAP_LIBNSL, + NWRAP_LIBSOCKET, +}; + +#ifndef NDEBUG +static const char *nwrap_str_lib(enum nwrap_lib lib) +{ + switch (lib) { + case NWRAP_LIBC: + return "libc"; + case NWRAP_LIBNSL: + return "libnsl"; + case NWRAP_LIBSOCKET: + return "libsocket"; + } -- Samba Shared Repository