|
Packit |
ac4610 |
'\" t
|
|
Packit |
ac4610 |
.\" Title: nss_wrapper
|
|
Packit |
ac4610 |
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
|
|
Packit |
ac4610 |
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
|
|
Packit |
ac4610 |
.\" Date: 2015-09-12
|
|
Packit |
ac4610 |
.\" Manual: \ \&
|
|
Packit |
ac4610 |
.\" Source: \ \&
|
|
Packit |
ac4610 |
.\" Language: English
|
|
Packit |
ac4610 |
.\"
|
|
Packit |
ac4610 |
.TH "NSS_WRAPPER" "1" "2015\-09\-12" "\ \&" "\ \&"
|
|
Packit |
ac4610 |
.\" -----------------------------------------------------------------
|
|
Packit |
ac4610 |
.\" * Define some portability stuff
|
|
Packit |
ac4610 |
.\" -----------------------------------------------------------------
|
|
Packit |
ac4610 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
ac4610 |
.\" http://bugs.debian.org/507673
|
|
Packit |
ac4610 |
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
Packit |
ac4610 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
ac4610 |
.ie \n(.g .ds Aq \(aq
|
|
Packit |
ac4610 |
.el .ds Aq '
|
|
Packit |
ac4610 |
.\" -----------------------------------------------------------------
|
|
Packit |
ac4610 |
.\" * set default formatting
|
|
Packit |
ac4610 |
.\" -----------------------------------------------------------------
|
|
Packit |
ac4610 |
.\" disable hyphenation
|
|
Packit |
ac4610 |
.nh
|
|
Packit |
ac4610 |
.\" disable justification (adjust text to left margin only)
|
|
Packit |
ac4610 |
.ad l
|
|
Packit |
ac4610 |
.\" -----------------------------------------------------------------
|
|
Packit |
ac4610 |
.\" * MAIN CONTENT STARTS HERE *
|
|
Packit |
ac4610 |
.\" -----------------------------------------------------------------
|
|
Packit |
ac4610 |
.SH "NAME"
|
|
Packit |
ac4610 |
nss_wrapper \- A wrapper for the user, group and hosts NSS API
|
|
Packit |
ac4610 |
.SH "SYNOPSIS"
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
LD_PRELOAD=libnss_wrapper\&.so NSS_WRAPPER_PASSWD=/path/to/passwd NSS_WRAPPER_GROUP=/path/to/group NSS_WRAPPER_HOSTS=/path/to/host \fB\&./myapplication\fR
|
|
Packit |
ac4610 |
.SH "DESCRIPTION"
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
There are projects which provide daemons needing to be able to create, modify and delete Unix users\&. Or just switch user ids to interact with the system e\&.g\&. a user space file server\&. To be able to test that you need the privilege to modify the passwd and groups file\&. With nss_wrapper it is possible to define your own passwd and groups file which will be used by software to act correctly while under test\&.
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
If you have a client and server under test they normally use functions to resolve network names to addresses (dns) or vice versa\&. The nss_wrappers allow you to create a hosts file to setup name resolution for the addresses you use with socket_wrapper\&.
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.ie n \{\
|
|
Packit |
ac4610 |
\h'-04'\(bu\h'+03'\c
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.el \{\
|
|
Packit |
ac4610 |
.sp -1
|
|
Packit |
ac4610 |
.IP \(bu 2.3
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
Provides information for user and group accounts\&.
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.ie n \{\
|
|
Packit |
ac4610 |
\h'-04'\(bu\h'+03'\c
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.el \{\
|
|
Packit |
ac4610 |
.sp -1
|
|
Packit |
ac4610 |
.IP \(bu 2.3
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
Network name resolution using a hosts file\&.
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.ie n \{\
|
|
Packit |
ac4610 |
\h'-04'\(bu\h'+03'\c
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.el \{\
|
|
Packit |
ac4610 |
.sp -1
|
|
Packit |
ac4610 |
.IP \(bu 2.3
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
Loading and testing of NSS modules\&.
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.SH "LIMITATIONS"
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
Some calls in nss_wrapper will only work if uid_wrapper is loaded and active\&. One of this functions is initgroups() which needs to run setgroups() to set the groups for the user\&. setgroups() is wrapped by uid_wrapper\&.
|
|
Packit |
ac4610 |
.SH "ENVIRONMENT VARIABLES"
|
|
Packit |
ac4610 |
.PP
|
|
Packit |
ac4610 |
\fBNSS_WRAPPER_PASSWD\fR, \fBNSS_WRAPPER_GROUP\fR
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
For user and group accounts you need to create two files:
|
|
Packit |
ac4610 |
\fIpasswd\fR
|
|
Packit |
ac4610 |
and
|
|
Packit |
ac4610 |
\fIgroup\fR\&. The format of the passwd file is described in
|
|
Packit |
ac4610 |
\fIman 5 passwd\fR
|
|
Packit |
ac4610 |
and the group file in
|
|
Packit |
ac4610 |
\fIman 5 group\fR\&. So you can fill these files with made up accounts\&. You point nss_wrapper to them using the two variables NSS_WRAPPER_PASSWD=/path/to/your/passwd and NSS_WRAPPER_GROUP=/path/to/your/group\&.
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.PP
|
|
Packit |
ac4610 |
\fBNSS_WRAPPER_HOSTS\fR
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
If you also need to emulate network name resolution in your enviornment, especially with socket_wrapper, you can write a hosts file\&. The format is described in
|
|
Packit |
ac4610 |
\fIman 5 hosts\fR\&. Then you can point nss_wrapper to your hosts file using: NSS_WRAPPER_HOSTS=/path/to/your/hosts
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.PP
|
|
Packit |
ac4610 |
\fBNSS_WRAPPER_HOSTNAME\fR
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
If you need to return a hostname which is different from the one of your machine is using you can use: NSS_WRAPPER_HOSTNAME=test\&.example\&.org
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.PP
|
|
Packit |
ac4610 |
\fBNSS_WRAPPER_MODULE_SO_PATH\fR, \fBNSS_WRAPPER_MODULE_FN_PREFIX\fR
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
If you have a project which also provides user and group information out of a database, you normally write your own nss modules\&. nss_wrapper is able to load nss modules and ask them first before looking into the faked passwd and group file\&. To point nss_wrapper to the module you can do that using NSS_WRAPPER_MODULE_SO_PATH=/path/to/libnss_yourmodule\&.so\&. As each nss module has a special prefix like _nss_winbind_getpwnam() you need to set the prefix too so nss_wrapper can load the functions with NSS_WRAPPER_MODULE_FN_PREFIX=<prefix>\&.
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
For _nss_winbind_getpwnam() this would be:
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.if n \{\
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.nf
|
|
Packit |
ac4610 |
NSS_WRAPPER_MODULE_FN_PREFIX=winbind
|
|
Packit |
ac4610 |
.fi
|
|
Packit |
ac4610 |
.if n \{\
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.PP
|
|
Packit |
ac4610 |
\fBNSS_WRAPPER_DEBUGLEVEL\fR
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
If you need to see what is going on in nss_wrapper itself or try to find a bug, you can enable logging support in nss_wrapper if you built it with debug symbols\&.
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.ie n \{\
|
|
Packit |
ac4610 |
\h'-04'\(bu\h'+03'\c
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.el \{\
|
|
Packit |
ac4610 |
.sp -1
|
|
Packit |
ac4610 |
.IP \(bu 2.3
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
0 = ERROR
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.ie n \{\
|
|
Packit |
ac4610 |
\h'-04'\(bu\h'+03'\c
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.el \{\
|
|
Packit |
ac4610 |
.sp -1
|
|
Packit |
ac4610 |
.IP \(bu 2.3
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
1 = WARNING
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.ie n \{\
|
|
Packit |
ac4610 |
\h'-04'\(bu\h'+03'\c
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.el \{\
|
|
Packit |
ac4610 |
.sp -1
|
|
Packit |
ac4610 |
.IP \(bu 2.3
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
2 = DEBUG
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.ie n \{\
|
|
Packit |
ac4610 |
\h'-04'\(bu\h'+03'\c
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.el \{\
|
|
Packit |
ac4610 |
.sp -1
|
|
Packit |
ac4610 |
.IP \(bu 2.3
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
3 = TRACE
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.SH "EXAMPLE"
|
|
Packit |
ac4610 |
.sp
|
|
Packit |
ac4610 |
.if n \{\
|
|
Packit |
ac4610 |
.RS 4
|
|
Packit |
ac4610 |
.\}
|
|
Packit |
ac4610 |
.nf
|
|
Packit |
ac4610 |
$ echo "bob:x:1000:1000:bob gecos:/home/test/bob:/bin/false" > passwd
|
|
Packit |
ac4610 |
$ echo "root:x:65534:65532:root gecos:/home/test/root:/bin/false" >> passwd
|
|
Packit |
ac4610 |
$ echo "users:x:1000:" > group
|
|
Packit |
ac4610 |
$ echo "root:x:65532:" >> group
|
|
Packit |
ac4610 |
$ LD_PRELOAD=libnss_wrapper\&.so NSS_WRAPPER_PASSWD=passwd \e
|
|
Packit |
ac4610 |
NSS_WRAPPER_GROUP=group getent passwd bob
|
|
Packit |
ac4610 |
bob:x:1000:1000:bob gecos:/home/test/bob:/bin/false
|
|
Packit |
ac4610 |
$ LD_PRELOAD=libnss_wrapper\&.so NSS_WRAPPER_HOSTNAME=test\&.example\&.org hostname
|
|
Packit |
ac4610 |
test\&.example\&.org
|
|
Packit |
ac4610 |
.fi
|
|
Packit |
ac4610 |
.if n \{\
|
|
Packit |
ac4610 |
.RE
|
|
Packit |
ac4610 |
.\}
|