Skip to content

Commit f43a19e

Browse files
poetteringpoettering
committed
nss-systemd: synthesize NSS shadow/gshadow records from userdb, as well
This ensures we not only synthesize regular paswd/group records of userdb records, but shadow records as well. This should make sure that userdb can be used as comprehensive superset of the classic passwd/group/shadow/gshadow functionality.
1 parent 09001db commit f43a19e

File tree

10 files changed

+511
-11
lines changed

10 files changed

+511
-11
lines changed

factory/etc/nsswitch.conf

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,8 @@
22

33
passwd: compat systemd
44
group: compat [SUCCESS=merge] systemd
5-
shadow: compat
5+
shadow: compat systemd
6+
gshadow: files systemd
67

78
hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
89
networks: files

man/nss-myhostname.xml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,9 @@
9191
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
9292
<programlisting>passwd: compat systemd
9393
group: compat [SUCCESS=merge] systemd
94-
shadow: compat
94+
shadow: compat systemd
95+
gshadow: files systemd
96+
9597

9698
# Either (untrusted network, see above):
9799
hosts: mymachines resolve [!UNAVAIL=return] files <command>myhostname</command> dns

man/nss-mymachines.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,8 @@
5757
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
5858
<programlisting>passwd: compat systemd
5959
group: compat [SUCCESS=merge] systemd
60-
shadow: compat
60+
shadow: compat systemd
61+
gshadow: files systemd
6162

6263
hosts: <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
6364
networks: files

man/nss-resolve.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,8 @@
6363
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
6464
<programlisting>passwd: compat systemd
6565
group: compat [SUCCESS=merge] systemd
66-
shadow: compat
66+
shadow: compat systemd
67+
gshadow: files systemd
6768

6869
hosts: mymachines <command>resolve [!UNAVAIL=return]</command> files myhostname dns
6970
networks: files

man/nss-systemd.xml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -47,11 +47,13 @@
4747
for resolving users and groups, but also works without the service running.</para>
4848

4949
<para>To activate the NSS module, add <literal>systemd</literal> to the lines starting with
50-
<literal>passwd:</literal> and <literal>group:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
50+
<literal>passwd:</literal>, <literal>group:</literal>, <literal>shadow:</literal> and
51+
<literal>gshadow:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
5152

5253
<para>It is recommended to place <literal>systemd</literal> after the <literal>files</literal> or
5354
<literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> lines so that
54-
<filename>/etc/passwd</filename> and <filename>/etc/group</filename> based mappings take precedence.</para>
55+
<filename>/etc/passwd</filename>, <filename>/etc/group</filename>, <filename>/etc/shadow</filename> and
56+
<filename>/etc/gshadow</filename> based mappings take precedence.</para>
5557
</refsect1>
5658

5759
<refsect1>
@@ -63,7 +65,8 @@
6365
<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
6466
<programlisting>passwd: compat <command>systemd</command>
6567
group: compat [SUCCESS=merge] <command>systemd</command>
66-
shadow: compat
68+
shadow: compat <command>systemd</command>
69+
gshadow: files <command>systemd</command>
6770

6871
hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
6972
networks: files

src/basic/nss-util.h

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,20 @@ enum nss_status _nss_##module##_getpwuid_r( \
127127
char *buffer, size_t buflen, \
128128
int *errnop) _public_
129129

130+
#define NSS_GETSP_PROTOTYPES(module) \
131+
enum nss_status _nss_##module##_getspnam_r( \
132+
const char *name, \
133+
struct spwd *spwd, \
134+
char *buffer, size_t buflen, \
135+
int *errnop) _public_
136+
137+
#define NSS_GETSG_PROTOTYPES(module) \
138+
enum nss_status _nss_##module##_getsgnam_r( \
139+
const char *name, \
140+
struct sgrp *sgrp, \
141+
char *buffer, size_t buflen, \
142+
int *errnop) _public_
143+
130144
#define NSS_GETGR_PROTOTYPES(module) \
131145
enum nss_status _nss_##module##_getgrnam_r( \
132146
const char *name, \
@@ -150,6 +164,17 @@ enum nss_status _nss_##module##_getpwent_r( \
150164
size_t buflen, \
151165
int *errnop) _public_;
152166

167+
#define NSS_SPENT_PROTOTYPES(module) \
168+
enum nss_status _nss_##module##_endspent( \
169+
void) _public_; \
170+
enum nss_status _nss_##module##_setspent( \
171+
int stayopen) _public_; \
172+
enum nss_status _nss_##module##_getspent_r( \
173+
struct spwd *spwd, \
174+
char *buffer, \
175+
size_t buflen, \
176+
int *errnop) _public_;
177+
153178
#define NSS_GRENT_PROTOTYPES(module) \
154179
enum nss_status _nss_##module##_endgrent( \
155180
void) _public_; \
@@ -161,6 +186,17 @@ enum nss_status _nss_##module##_getgrent_r( \
161186
size_t buflen, \
162187
int *errnop) _public_;
163188

189+
#define NSS_SGENT_PROTOTYPES(module) \
190+
enum nss_status _nss_##module##_endsgent( \
191+
void) _public_; \
192+
enum nss_status _nss_##module##_setsgent( \
193+
int stayopen) _public_; \
194+
enum nss_status _nss_##module##_getsgent_r( \
195+
struct sgrp *sgrp, \
196+
char *buffer, \
197+
size_t buflen, \
198+
int *errnop) _public_;
199+
164200
#define NSS_INITGROUPS_PROTOTYPE(module) \
165201
enum nss_status _nss_##module##_initgroups_dyn( \
166202
const char *user, \

0 commit comments

Comments
 (0)