3 files changed, 422 insertions, 0 deletions
diff --git a/lib/nss_wrapper/nss_wrapper.c b/lib/nss_wrapper/nss_wrapper.c
index 1875dc3e4f..d7f7b0ba56 100644
--- a/lib/nss_wrapper/nss_wrapper.c
+++ b/lib/nss_wrapper/nss_wrapper.c
@@ -68,6 +68,11 @@
 #define getgrent_r(grdst, buf, buflen, grdstp)		ENOSYS
 #endif
 
+/* not all systems have getgrouplist */
+#ifndef HAVE_GETGROUPLIST
+#define getgrouplist(user, group, groups, ngroups)	0
+#endif
+
 /* LD_PRELOAD doesn't work yet, so REWRITE_CALLS is all we support
  * for now */
 #define REWRITE_CALLS
@@ -90,6 +95,7 @@
 #define real_initgroups_dyn	initgroups_dyn
 */
 #define real_initgroups		initgroups
+#define real_getgrouplist	getgrouplist
 
 #define real_getgrnam		getgrnam
 #define real_getgrnam_r		getgrnam_r
@@ -1222,3 +1228,81 @@ _PUBLIC_ void nwrap_endgrent(void)
 
 	nwrap_files_endgrent();
 }
+
+static int nwrap_files_getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups)
+{
+	struct group *grp;
+	gid_t *groups_tmp;
+	int count = 1;
+	const char *name_of_group = NULL;
+
+	NWRAP_DEBUG(("%s: getgrouplist called for %s\n", __location__, user));
+
+	groups_tmp = (gid_t *)malloc(count * sizeof(gid_t));
+	if (!groups_tmp) {
+		NWRAP_ERROR(("%s:calloc failed\n",__location__));
+		errno = ENOMEM;
+		return -1;
+	}
+
+	memcpy(groups_tmp, &group, sizeof(gid_t));
+
+	grp = nwrap_getgrgid(group);
+	if (grp) {
+		name_of_group = grp->gr_name;
+	}
+
+	nwrap_files_setgrent();
+	while ((grp = nwrap_files_getgrent()) != NULL) {
+		int i = 0;
+
+		NWRAP_VERBOSE(("%s: inspecting %s for group membership\n",
+			       __location__, grp->gr_name));
+
+		for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
+
+			if ((strcmp(user, grp->gr_mem[i]) == 0) &&
+			    (strcmp(name_of_group, grp->gr_name) != 0)) {
+
+				NWRAP_DEBUG(("%s: %s is member of %s\n",
+					__location__, user, grp->gr_name));
+
+				groups_tmp = (gid_t *)realloc(groups_tmp, (count + 1) * sizeof(gid_t));
+				if (!groups_tmp) {
+					NWRAP_ERROR(("%s:calloc failed\n",__location__));
+					errno = ENOMEM;
+					return -1;
+				}
+
+				memcpy(&groups_tmp[count], &grp->gr_gid, sizeof(gid_t));
+				count++;
+			}
+		}
+	}
+	nwrap_files_endgrent();
+
+	NWRAP_VERBOSE(("%s: %s is member of %d groups: %d\n",
+		       __location__, user, *ngroups));
+
+	if (*ngroups < count) {
+		*ngroups = count;
+		free(groups_tmp);
+		return -1;
+	}
+
+	*ngroups = count;
+	memcpy(groups, groups_tmp, count * sizeof(gid_t));
+	free(groups_tmp);
+
+	return count;
+}
+
+_PUBLIC_ int nwrap_getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups)
+{
+	if (!nwrap_enabled()) {
+		return real_getgrouplist(user, group, groups, ngroups);
+	}
+
+	return nwrap_files_getgrouplist(user, group, groups, ngroups);
+}
+
diff --git a/lib/nss_wrapper/nss_wrapper.h b/lib/nss_wrapper/nss_wrapper.h
index 35a47348a8..5bcd42ead4 100644
--- a/lib/nss_wrapper/nss_wrapper.h
+++ b/lib/nss_wrapper/nss_wrapper.h
@@ -46,6 +46,7 @@ int nwrap_getpwent_r(struct passwd *pwbuf, char *buf,
 		     size_t buflen, struct passwd **pwbufp);
 void nwrap_endpwent(void);
 int nwrap_initgroups(const char *user, gid_t group);
+int nwrap_getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups);
 struct group *nwrap_getgrnam(const char *name);
 int nwrap_getgrnam_r(const char *name, struct group *gbuf,
 		     char *buf, size_t buflen, struct group **gbufp);
@@ -120,6 +121,11 @@ void nwrap_endgrent(void);
 #endif
 #define initgroups	nwrap_initgroups
 
+#ifdef getgrouplist
+#undef getgrouplist
+#endif
+#define getgrouplist	nwrap_getgrouplist
+
 #ifdef getgrnam
 #undef getgrnam
 #endif
diff --git a/lib/nss_wrapper/testsuite.c b/lib/nss_wrapper/testsuite.c
new file mode 100644
index 0000000000..4f37354e12
--- /dev/null
+++ b/lib/nss_wrapper/testsuite.c
@@ -0,0 +1,332 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   local testing of the nss wrapper
+
+   Copyright (C) Guenther Deschner 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "lib/replace/system/passwd.h"
+#include "lib/nss_wrapper/nss_wrapper.h"
+
+static void print_passwd(struct passwd *pwd)
+{
+	printf("%s:%s:%lu:%lu:%s:%s:%s\n",
+	       pwd->pw_name,
+	       pwd->pw_passwd,
+	       (unsigned long)pwd->pw_uid,
+	       (unsigned long)pwd->pw_gid,
+	       pwd->pw_gecos,
+	       pwd->pw_dir,
+	       pwd->pw_shell);
+}
+
+
+static bool test_nwrap_getpwnam(struct torture_context *tctx,
+				const char *name)
+{
+	struct passwd *pwd;
+
+	torture_comment(tctx, "Testing getpwnam: %s\n", name);
+
+	pwd = getpwnam(name);
+	if (pwd) {
+		print_passwd(pwd);
+	}
+
+	return pwd ? true : false;
+}
+
+static bool test_nwrap_getpwuid(struct torture_context *tctx,
+				uid_t uid)
+{
+	struct passwd *pwd;
+
+	torture_comment(tctx, "Testing getpwuid: %lu\n", (unsigned long)uid);
+
+	pwd = getpwuid(uid);
+	if (pwd) {
+		print_passwd(pwd);
+	}
+
+	return pwd ? true : false;
+}
+
+static void print_group(struct group *grp)
+{
+	int i;
+	printf("%s:%s:%lu:",
+	       grp->gr_name,
+	       grp->gr_passwd,
+	       (unsigned long)grp->gr_gid);
+
+	if (!grp->gr_mem[0]) {
+		printf("\n");
+		return;
+	}
+
+	for (i=0; grp->gr_mem[i+1]; i++) {
+		printf("%s,", grp->gr_mem[i]);
+	}
+	printf("%s\n", grp->gr_mem[i]);
+}
+
+static bool test_nwrap_getgrnam(struct torture_context *tctx,
+				const char *name)
+{
+	struct group *grp;
+
+	torture_comment(tctx, "Testing getgrnam: %s\n", name);
+
+	grp = getgrnam(name);
+	if (grp) {
+		print_group(grp);
+	}
+
+	return grp ? true : false;
+}
+
+static bool test_nwrap_getgrgid(struct torture_context *tctx,
+				gid_t gid)
+{
+	struct group *grp;
+
+	torture_comment(tctx, "Testing getgrgid: %lu\n", (unsigned long)gid);
+
+	grp = getgrgid(gid);
+	if (grp) {
+		print_group(grp);
+	}
+
+	return grp ? true : false;
+}
+
+static bool test_nwrap_enum_passwd(struct torture_context *tctx,
+				   struct passwd **pwd_array_p,
+				   size_t *num_pwd_p)
+{
+	struct passwd *pwd;
+	struct passwd *pwd_array = NULL;
+	size_t num_pwd = 0;
+
+	torture_comment(tctx, "Testing setpwent\n");
+	setpwent();
+
+	while ((pwd = getpwent()) != NULL) {
+		torture_comment(tctx, "Testing getpwent\n");
+
+		print_passwd(pwd);
+		if (pwd_array_p && num_pwd_p) {
+			pwd_array = talloc_realloc(tctx, pwd_array, struct passwd, num_pwd+1);
+			torture_assert(tctx, pwd_array, "out of memory");
+			pwd_array[num_pwd].pw_name = talloc_strdup(tctx, pwd->pw_name);
+			pwd_array[num_pwd].pw_uid = pwd->pw_uid;
+			pwd_array[num_pwd].pw_gid = pwd->pw_gid;
+			num_pwd++;
+		}
+	}
+
+	torture_comment(tctx, "Testing endpwent\n");
+	endpwent();
+
+	if (pwd_array_p) {
+		*pwd_array_p = pwd_array;
+	}
+	if (num_pwd_p) {
+		*num_pwd_p = num_pwd;
+	}
+
+	return true;
+}
+
+static bool test_nwrap_passwd(struct torture_context *tctx)
+{
+	int i;
+	struct passwd *pwd;
+	size_t num_pwd;
+
+	torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
+						    "failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+		torture_assert(tctx, test_nwrap_getpwnam(tctx, pwd[i].pw_name),
+			"failed to call getpwnam for enumerated user");
+		torture_assert(tctx, test_nwrap_getpwuid(tctx, pwd[i].pw_uid),
+			"failed to call getpwuid for enumerated user");
+	}
+
+	return true;
+}
+
+static bool test_nwrap_enum_group(struct torture_context *tctx,
+				  struct group **grp_array_p,
+				  size_t *num_grp_p)
+{
+	struct group *grp;
+	struct group *grp_array = NULL;
+	size_t num_grp = 0;
+
+	torture_comment(tctx, "Testing setgrent\n");
+	setgrent();
+
+	while ((grp = getgrent()) != NULL) {
+		torture_comment(tctx, "Testing getgrent\n");
+
+		print_group(grp);
+		if (grp_array_p && num_grp_p) {
+			grp_array = talloc_realloc(tctx, grp_array, struct group, num_grp+1);
+			torture_assert(tctx, grp_array, "out of memory");
+			grp_array[num_grp].gr_name = talloc_strdup(tctx, grp->gr_name);
+			grp_array[num_grp].gr_gid = grp->gr_gid;
+			num_grp++;
+		}
+	}
+
+	torture_comment(tctx, "Testing endgrent\n");
+	endgrent();
+
+	if (grp_array_p) {
+		*grp_array_p = grp_array;
+	}
+	if (num_grp_p) {
+		*num_grp_p = num_grp;
+	}
+
+
+	return true;
+}
+
+static bool test_nwrap_group(struct torture_context *tctx)
+{
+	int i;
+	struct group *grp;
+	size_t num_grp;
+
+	torture_assert(tctx, test_nwrap_enum_group(tctx, &grp, &num_grp),
+						   "failed to enumerate group");
+
+	for (i=0; i < num_grp; i++) {
+		torture_assert(tctx, test_nwrap_getgrnam(tctx, grp[i].gr_name),
+			"failed to call getgrnam for enumerated user");
+		torture_assert(tctx, test_nwrap_getgrgid(tctx, grp[i].gr_gid),
+			"failed to call getgrgid for enumerated user");
+	}
+
+	return true;
+}
+
+static bool test_nwrap_getgrouplist(struct torture_context *tctx,
+				    const char *user,
+				    gid_t gid,
+				    gid_t **gids_p,
+				    int *num_gids_p)
+{
+	int ret;
+	int num_groups = 0;
+	gid_t *groups = NULL;
+
+	torture_comment(tctx, "Testing getgrouplist: %s\n", user);
+
+	ret = getgrouplist(user, gid, NULL, &num_groups);
+	if (ret == -1 || num_groups != 0) {
+
+		groups = talloc_array(tctx, gid_t, num_groups);
+		torture_assert(tctx, groups, "out of memory\n");
+
+		ret = getgrouplist(user, gid, groups, &num_groups);
+	}
+
+	torture_assert(tctx, (ret != -1), "failed to call getgrouplist");
+
+	torture_comment(tctx, "%s is member in %d groups\n", user, num_groups);
+
+	if (gids_p) {
+		*gids_p = groups;
+	}
+	if (num_gids_p) {
+		*num_gids_p = num_groups;
+	}
+
+	return true;
+}
+
+static bool test_nwrap_membership(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+	struct passwd *pwd;
+	size_t num_pwd;
+	int i;
+
+	if (!old_pwd || !old_group) {
+		torture_skip(tctx, "nothing to test\n");
+		return true;
+	}
+
+	torture_assert(tctx, test_nwrap_enum_passwd(tctx, &pwd, &num_pwd),
+						    "failed to enumerate passwd");
+
+	for (i=0; i < num_pwd; i++) {
+
+		int num_user_groups = 0;
+		gid_t *user_groups = NULL;
+		int g;
+
+		torture_assert(tctx, test_nwrap_getgrouplist(tctx,
+							     pwd[i].pw_name,
+							     pwd[i].pw_gid,
+							     &user_groups,
+							     &num_user_groups),
+							     "failed to test getgrouplist");
+
+		for (g=0; g < num_user_groups; g++) {
+			torture_assert(tctx, test_nwrap_getgrgid(tctx, user_groups[g]),
+				"failed to find the group the user is a member of");
+		}
+	}
+
+	return true;
+}
+
+static bool test_nwrap_env(struct torture_context *tctx)
+{
+	const char *old_pwd = getenv("NSS_WRAPPER_PASSWD");
+	const char *old_group = getenv("NSS_WRAPPER_GROUP");
+
+	if (!old_pwd || !old_group) {
+		torture_skip(tctx, "nothing to test\n");
+		return true;
+	}
+
+	torture_assert(tctx, test_nwrap_passwd(tctx),
+			"failed to test users");
+	torture_assert(tctx, test_nwrap_group(tctx),
+			"failed to test groups");
+
+	return true;
+}
+
+struct torture_suite *torture_local_nss_wrapper(TALLOC_CTX *mem_ctx)
+{
+	struct torture_suite *suite = torture_suite_create(mem_ctx, "NSS-WRAPPER");
+
+	torture_suite_add_simple_test(suite, "env", test_nwrap_env);
+	torture_suite_add_simple_test(suite, "membership", test_nwrap_membership);
+
+	return suite;
+}