Skip to content

Commit

Permalink
nss-systemd: synthesize NSS shadow/gshadow records from userdb, as well
Browse files Browse the repository at this point in the history 
This ensures we not only synthesize regular paswd/group records of
userdb records, but shadow records as well. This should make sure that
userdb can be used as comprehensive superset of the classic
passwd/group/shadow/gshadow functionality.
  • Loading branch information
@poettering
poettering committed May 8, 2021
1 parent 09001db commit f43a19e
Show file tree
Hide file tree
Showing 10 changed files with 511 additions and 11 deletions.
3 changes: 2 additions & 1 deletion factory/etc/nsswitch.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@

passwd: compat systemd
group: compat [SUCCESS=merge] systemd
shadow: compat
shadow: compat systemd
gshadow: files systemd

hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
networks: files
Expand Down
4 changes: 3 additions & 1 deletion man/nss-myhostname.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,9 @@
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
<programlisting>passwd: compat systemd
group: compat [SUCCESS=merge] systemd
shadow: compat
shadow: compat systemd
gshadow: files systemd


# Either (untrusted network, see above):
hosts: mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns
Expand Down
3 changes: 2 additions & 1 deletion man/nss-mymachines.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
<programlisting>passwd: compat systemd
group: compat [SUCCESS=merge] systemd
shadow: compat
shadow: compat systemd
gshadow: files systemd

hosts: <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
networks: files
Expand Down
3 changes: 2 additions & 1 deletion man/nss-resolve.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
<programlisting>passwd: compat systemd
group: compat [SUCCESS=merge] systemd
shadow: compat
shadow: compat systemd
gshadow: files systemd

hosts: mymachines <command>resolve [!UNAVAIL=return]</command> files myhostname dns
networks: files
Expand Down
9 changes: 6 additions & 3 deletions man/nss-systemd.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,13 @@
for resolving users and groups, but also works without the service running.</para>

<para>To activate the NSS module, add <literal>systemd</literal> to the lines starting with
<literal>passwd:</literal> and <literal>group:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
<literal>passwd:</literal>, <literal>group:</literal>, <literal>shadow:</literal> and
<literal>gshadow:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>

<para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> or
<literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> lines so that
<filename>/etc/passwd</filename> and <filename>/etc/group</filename> based mappings take precedence.</para>
<filename>/etc/passwd</filename>, <filename>/etc/group</filename>, <filename>/etc/shadow</filename> and
<filename>/etc/gshadow</filename> based mappings take precedence.</para>
</refsect1>

<refsect1>
Expand All @@ -63,7 +65,8 @@
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
<programlisting>passwd: compat <command>systemd</command>
group: compat [SUCCESS=merge] <command>systemd</command>
shadow: compat
shadow: compat <command>systemd</command>
gshadow: files <command>systemd</command>

hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
networks: files
Expand Down
36 changes: 36 additions & 0 deletions src/basic/nss-util.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,20 @@ enum nss_status _nss_##module##_getpwuid_r( \
char *buffer, size_t buflen, \
int *errnop) _public_

#define NSS_GETSP_PROTOTYPES(module) \
enum nss_status _nss_##module##_getspnam_r( \
const char *name, \
struct spwd *spwd, \
char *buffer, size_t buflen, \
int *errnop) _public_

#define NSS_GETSG_PROTOTYPES(module) \
enum nss_status _nss_##module##_getsgnam_r( \
const char *name, \
struct sgrp *sgrp, \
char *buffer, size_t buflen, \
int *errnop) _public_

#define NSS_GETGR_PROTOTYPES(module) \
enum nss_status _nss_##module##_getgrnam_r( \
const char *name, \
Expand All @@ -150,6 +164,17 @@ enum nss_status _nss_##module##_getpwent_r( \
size_t buflen, \
int *errnop) _public_;

#define NSS_SPENT_PROTOTYPES(module) \
enum nss_status _nss_##module##_endspent( \
void) _public_; \
enum nss_status _nss_##module##_setspent( \
int stayopen) _public_; \
enum nss_status _nss_##module##_getspent_r( \
struct spwd *spwd, \
char *buffer, \
size_t buflen, \
int *errnop) _public_;

#define NSS_GRENT_PROTOTYPES(module) \
enum nss_status _nss_##module##_endgrent( \
void) _public_; \
Expand All @@ -161,6 +186,17 @@ enum nss_status _nss_##module##_getgrent_r( \
size_t buflen, \
int *errnop) _public_;

#define NSS_SGENT_PROTOTYPES(module) \
enum nss_status _nss_##module##_endsgent( \
void) _public_; \
enum nss_status _nss_##module##_setsgent( \
int stayopen) _public_; \
enum nss_status _nss_##module##_getsgent_r( \
struct sgrp *sgrp, \
char *buffer, \
size_t buflen, \
int *errnop) _public_;

#define NSS_INITGROUPS_PROTOTYPE(module) \
enum nss_status _nss_##module##_initgroups_dyn( \
const char *user, \
Expand Down

0 comments on commit f43a19e

Please sign in to comment.