From 37f90057792a0b4543f34684ed9a240fe8e869c1 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 11 Apr 2022 22:48:19 +0200 Subject: [PATCH 5/6] Revert "usertools: force local user for sssd process user" This reverts commit 9c447dc85853116c035bbc2f9e3b8553a65be621. Resolves: https://github.com/SSSD/sssd/issues/6107 Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose --- Makefile.am | 3 - src/tests/cwrap/Makefile.am | 8 +-- src/tests/cwrap/common_mock_nss_dl_load.c | 77 ----------------------- src/tests/cwrap/common_mock_nss_dl_load.h | 30 --------- src/tests/cwrap/test_responder_common.c | 7 --- src/tests/cwrap/test_usertools.c | 6 -- src/util/nss_dl_load.c | 13 +--- src/util/nss_dl_load.h | 3 - src/util/nss_dl_load_extra.c | 40 ------------ src/util/usertools.c | 32 +++------- 10 files changed, 12 insertions(+), 207 deletions(-) delete mode 100644 src/tests/cwrap/common_mock_nss_dl_load.c delete mode 100644 src/tests/cwrap/common_mock_nss_dl_load.h delete mode 100644 src/util/nss_dl_load_extra.c diff --git a/Makefile.am b/Makefile.am index 1121a3fb2..e0dd5220c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -888,7 +888,6 @@ dist_noinst_HEADERS = \ src/tests/cmocka/test_expire_common.h \ src/tests/cmocka/test_sdap_access.h \ src/tests/cmocka/data_provider/mock_dp.h \ - src/tests/cwrap/common_mock_nss_dl_load.h \ src/sss_client/pam_message.h \ src/sss_client/ssh/sss_ssh_client.h \ src/sss_client/sudo/sss_sudo.h \ @@ -1271,8 +1270,6 @@ libsss_util_la_SOURCES = \ src/util/sss_regexp.c \ src/util/sss_chain_id_tevent.c \ src/util/sss_chain_id.c \ - src/util/nss_dl_load.c \ - src/util/nss_dl_load_extra.c \ $(NULL) libsss_util_la_CFLAGS = \ $(AM_CFLAGS) \ diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am index 4ac24a492..f25d2e3c6 100644 --- a/src/tests/cwrap/Makefile.am +++ b/src/tests/cwrap/Makefile.am @@ -142,17 +142,15 @@ endif usertools_tests_SOURCES = \ test_usertools.c \ - common_mock_nss_dl_load.c \ - ../../../src/util/usertools.c \ $(NULL) usertools_tests_CFLAGS = \ $(AM_CFLAGS) \ $(NULL) usertools_tests_LDADD = \ - $(LIBADD_DL) \ $(CMOCKA_LIBS) \ $(POPT_LIBS) \ $(TALLOC_LIBS) \ + $(abs_top_builddir)/libsss_util.la \ $(abs_top_builddir)/libsss_debug.la \ $(abs_top_builddir)/libsss_test_common.la \ $(NULL) @@ -162,10 +160,9 @@ endif responder_common_tests_SOURCES =\ test_responder_common.c \ - common_mock_nss_dl_load.c \ $(SSSD_RESPONDER_IFACE_OBJ) \ ../../../src/responder/common/negcache_files.c \ - ../../../src/util/usertools.c \ + ../../../src/util/nss_dl_load.c \ ../../../src/responder/common/negcache.c \ ../../../src/responder/common/responder_common.c \ ../../../src/responder/common/responder_packet.c \ @@ -183,6 +180,7 @@ responder_common_tests_LDADD = \ $(SSSD_LIBS) \ $(SELINUX_LIBS) \ $(SYSTEMD_DAEMON_LIBS) \ + $(abs_top_builddir)/libsss_util.la \ $(abs_top_builddir)/libsss_debug.la \ $(abs_top_builddir)/libsss_test_common.la \ $(abs_top_builddir)/libsss_iface.la \ diff --git a/src/tests/cwrap/common_mock_nss_dl_load.c b/src/tests/cwrap/common_mock_nss_dl_load.c deleted file mode 100644 index 72f6c39ac..000000000 --- a/src/tests/cwrap/common_mock_nss_dl_load.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - Authors: - Iker Pedrosa - - Copyright (C) 2021 Red Hat - - SSSD tests: Fake nss dl load - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include -#include -#include -#include - -#include "common_mock_nss_dl_load.h" - - -static enum nss_status -mock_getpwnam_r(const char *name, struct passwd *result, - char *buffer, size_t buflen, int *errnop) -{ - void *pwd_pointer = NULL; - int rc; - - rc = getpwnam_r(name, result, buffer, buflen, (struct passwd **)&pwd_pointer); - if (rc == 0 && pwd_pointer == result) { - *errnop = 0; - return NSS_STATUS_SUCCESS; - } else if (rc == 0 && (pwd_pointer == NULL)) { - *errnop = ENOENT; - return NSS_STATUS_NOTFOUND; - } else { - *errnop = rc; - return NSS_STATUS_UNAVAIL; - } -} - -static enum nss_status -mock_getpwuid_r(uid_t uid, struct passwd *result, - char *buffer, size_t buflen, int *errnop) -{ - void *pwd_pointer = NULL; - int rc; - - rc = getpwuid_r(uid, result, buffer, buflen, (struct passwd **)&pwd_pointer); - if (rc == 0 && pwd_pointer == result) { - *errnop = 0; - return NSS_STATUS_SUCCESS; - } else if (rc == 0 && (pwd_pointer == NULL)) { - *errnop = ENOENT; - return NSS_STATUS_NOTFOUND; - } else { - *errnop = rc; - return NSS_STATUS_UNAVAIL; - } -} - -errno_t mock_sss_load_nss_pw_symbols(struct sss_nss_ops *ops) -{ - ops->getpwnam_r = mock_getpwnam_r; - ops->getpwuid_r = mock_getpwuid_r; - - return EOK; -} diff --git a/src/tests/cwrap/common_mock_nss_dl_load.h b/src/tests/cwrap/common_mock_nss_dl_load.h deleted file mode 100644 index 6db411450..000000000 --- a/src/tests/cwrap/common_mock_nss_dl_load.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - Authors: - Iker Pedrosa - - Copyright (C) 2021 Red Hat - - SSSD tests: Fake nss dl load - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef __COMMON_MOCK_NSS_DL_LOAD_H_ -#define __COMMON_MOCK_NSS_DL_LOAD_H_ - -#include "util/nss_dl_load.h" - -errno_t mock_sss_load_nss_pw_symbols(struct sss_nss_ops *ops); - -#endif /* __COMMON_MOCK_NSS_DL_LOAD_H_ */ diff --git a/src/tests/cwrap/test_responder_common.c b/src/tests/cwrap/test_responder_common.c index 571e95d36..11cc3abd8 100644 --- a/src/tests/cwrap/test_responder_common.c +++ b/src/tests/cwrap/test_responder_common.c @@ -29,13 +29,6 @@ #include "util/util.h" #include "responder/common/responder.h" #include "tests/cmocka/common_mock.h" -#include "tests/cwrap/common_mock_nss_dl_load.h" - - -errno_t sss_load_nss_pw_symbols(struct sss_nss_ops *ops) -{ - return mock_sss_load_nss_pw_symbols(ops); -} /* Just to satisfy dependencies */ struct cli_protocol_version *register_cli_protocol_version(void) diff --git a/src/tests/cwrap/test_usertools.c b/src/tests/cwrap/test_usertools.c index eb30a540c..f61ae83e2 100644 --- a/src/tests/cwrap/test_usertools.c +++ b/src/tests/cwrap/test_usertools.c @@ -27,12 +27,6 @@ #include #include "util/util.h" #include "tests/cmocka/common_mock.h" -#include "tests/cwrap/common_mock_nss_dl_load.h" - -errno_t sss_load_nss_pw_symbols(struct sss_nss_ops *ops) -{ - return mock_sss_load_nss_pw_symbols(ops); -} void test_get_user_num(void **state) { diff --git a/src/util/nss_dl_load.c b/src/util/nss_dl_load.c index 379ccfa65..442108307 100644 --- a/src/util/nss_dl_load.c +++ b/src/util/nss_dl_load.c @@ -48,16 +48,6 @@ static void *proxy_dlsym(void *handle, return funcptr; } -static void sss_close_handle(struct sss_nss_ops *ops, const char *libname) -{ - if (dlclose(ops->dl_handle) != 0) { - DEBUG(SSSDBG_OP_FAILURE, - "Error closing the handle for the '%s' library, error: %s.\n", - libname, dlerror()); - } - - ops->dl_handle = NULL; -} errno_t sss_load_nss_symbols(struct sss_nss_ops *ops, const char *libname, struct sss_nss_symbols *syms, size_t nsyms) @@ -82,7 +72,7 @@ errno_t sss_load_nss_symbols(struct sss_nss_ops *ops, const char *libname, for (i = 0; i < nsyms; i++) { *(syms[i].fptr) = proxy_dlsym(ops->dl_handle, syms[i].fname, - libname); + libname); if (*(syms[i].fptr) == NULL) { if (syms[i].mandatory) { @@ -90,7 +80,6 @@ errno_t sss_load_nss_symbols(struct sss_nss_ops *ops, const char *libname, "mandatory symbol '%s', error: %s.\n", libpath, syms[i].fname, dlerror()); ret = ELIBBAD; - sss_close_handle(ops, libname); goto out; } else { DEBUG(SSSDBG_OP_FAILURE, "Library '%s' did not provide " diff --git a/src/util/nss_dl_load.h b/src/util/nss_dl_load.h index 07c04e091..f1e882b96 100644 --- a/src/util/nss_dl_load.h +++ b/src/util/nss_dl_load.h @@ -23,8 +23,6 @@ #include #include #include -#include - #include "util/util_errors.h" #include "sss_client/nss_compat.h" @@ -120,6 +118,5 @@ struct sss_nss_symbols { errno_t sss_load_nss_symbols(struct sss_nss_ops *ops, const char *libname, struct sss_nss_symbols *syms, size_t nsyms); -errno_t sss_load_nss_pw_symbols(struct sss_nss_ops *ops); #endif /* __SSSD_NSS_DL_LOAD_H__ */ diff --git a/src/util/nss_dl_load_extra.c b/src/util/nss_dl_load_extra.c deleted file mode 100644 index 162957025..000000000 --- a/src/util/nss_dl_load_extra.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - SSSD - - nss_dl_load_extra.c - - Authors: - Sumit Bose - Iker Pedrosa - - Copyright (C) 2021 Red Hat - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "util/nss_dl_load.h" - -errno_t sss_load_nss_pw_symbols(struct sss_nss_ops *ops) -{ - errno_t ret; - struct sss_nss_symbols syms[] = { - {(void*)&ops->getpwnam_r, true, "getpwnam_r" }, - {(void*)&ops->getpwuid_r, true, "getpwuid_r" } - }; - size_t nsyms = sizeof(syms) / sizeof(struct sss_nss_symbols); - - ret = sss_load_nss_symbols(ops, "files", syms, nsyms); - - return ret; -} diff --git a/src/util/usertools.c b/src/util/usertools.c index 33315a798..511fb2d5d 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -27,14 +27,12 @@ #include "db/sysdb.h" #include "confdb/confdb.h" -#include "util/nss_dl_load.h" #include "util/strtonum.h" #include "util/util.h" #include "util/safe-format-string.h" #include "responder/common/responder.h" #define NAME_DOMAIN_PATTERN_OPTIONS (SSS_REGEXP_DUPNAMES | SSS_REGEXP_EXTENDED) -#define NSS_BUFFER_SIZE 16384 /* Function returns given realm name as new uppercase string */ char *get_uppercase_realm(TALLOC_CTX *memctx, const char *name) @@ -568,23 +566,10 @@ sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx, errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid) { - static struct sss_nss_ops nss_ops; uid_t uid; errno_t ret; char *endptr; - struct passwd pwd = { 0 }; - int errnop = 0; - enum nss_status status; - static char s_nss_buffer[NSS_BUFFER_SIZE]; - - if (!nss_ops.dl_handle) { - ret = sss_load_nss_pw_symbols(&nss_ops); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Unable to load NSS symbols [%d]: %s\n", - ret, sss_strerror(ret)); - return ret; - } - } + struct passwd *pwd; /* Try if it's an ID first */ uid = strtouint32(input, &endptr, 10); @@ -596,27 +581,26 @@ errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid) return ret; } - status = nss_ops.getpwnam_r(input, &pwd, s_nss_buffer, NSS_BUFFER_SIZE, &errnop); + /* Nope, maybe a username? */ + pwd = getpwnam(input); } else { - status = nss_ops.getpwuid_r(uid, &pwd, s_nss_buffer, NSS_BUFFER_SIZE, &errnop); + pwd = getpwuid(uid); } - if (status != NSS_STATUS_SUCCESS) { + if (pwd == NULL) { DEBUG(SSSDBG_OP_FAILURE, "[%s] is neither a valid UID nor a user name which could be " - "resolved by getpwnam() [%d][%s]. status returned [%d]\n", - input, errnop, strerror(errnop), status); + "resolved by getpwnam().\n", input); return EINVAL; } if (_uid) { - *_uid = pwd.pw_uid; + *_uid = pwd->pw_uid; } if (_gid) { - *_gid = pwd.pw_gid; + *_gid = pwd->pw_gid; } - return EOK; } -- 2.26.3