LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-27-2015, 08:41 AM   #1
kkarun
LQ Newbie
 
Registered: Nov 2015
Posts: 4

Rep: Reputation: Disabled
custom nss module - getent loops infintely


Hello Everyone,

I am trying to add a new service to nsswitch module named “templateuser” under password database. I am currently using this SO(shared object) to provide identity for users configured under radius and tacacs servers for authentication purpose. The getpwnam_r method has been overridden to retrieve the result “passwd structure” for each unknown user. This is working fine for us.

Reference i followed is : http://www.linuxquestions.org/questi...module-904131/

The main problem arises only on running the linux command “getent <database-name>”, which runs infinitely(never ends). Methods such as endpwent, setpwent and getpwent_r are overridden to retrieve the entries from this service(in this case it is just the remote “templateuser”).

One thing to note is that “getent passwd<database> <username>” works fine. Pls share your thoughts on the implementation of these overridden methods

Code:
enum nss_status _nss_templateuser_endpwent(void)
{
        syslog(LOG_DEBUG, "_nss_templateuser_endpwent() called. from void template_user");
        if (template_user) {
                free(template_user);
                template_user = NULL;
        }
        return NSS_STATUS_SUCCESS;
}

enum nss_status _nss_templateuser_setpwent (void)
{
        syslog(LOG_DEBUG, "_nss_templateuser_setpwent() called. setpwent ");
        return NSS_STATUS_SUCCESS;
}

enum nss_status _nss_templateuser_getpwent_r(struct passwd *pwbuf, char *buf,
                      size_t buflen, struct passwd **pwbufp)
{
       // my implementation of password structure population
        return NSS_STATUS_SUCCESS;
}
Am i missing some additional implementation, please suggest.

Thanks,
Arun
 
Old 11-27-2015, 10:56 PM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,842

Rep: Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472
Not familiar with nss, but wouldn't this always leave template_user NULL.... even though authenticated? It is possible the application is waiting for a valid user.
 
Old 11-30-2015, 04:18 AM   #3
kkarun
LQ Newbie
 
Registered: Nov 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hi,

The _nss_templateuser_endpwent takes void arguments and doesn't return or populate password structures. So assigning a NULL to a local variable[template_user] may not be an issue really (Correct me if i'm wrong!, ref this http://man7.org/linux/man-pages/man3/getpwent.3.html).

The actual password structure population is in _nss_templateuser_getpwent_r, which i copied below.

Code:
enum nss_status _nss_templateuser_getpwent_r(struct passwd *pwbuf, char *buf,
                      size_t buflen, struct passwd **pwbufp)
{
        pwbuf->pw_uid = nss_templateuser_getuid(template_user);
        pwbuf->pw_name = template_user;
        pwbuf->pw_dir = "/var/home/myuser";
        pwbuf->pw_shell = "/myownshell"; /* added for testing purpose */
        pwbufp=&pwbuf;
        return NSS_STATUS_SUCCESS;
}
The _nss_templateuser_getpwent_r is implemented based on http://man7.org/linux/man-pages/man3/getpwent_r.3.html is not invoked when we do a "getent" from shell. For testing we added sample syslogs to verify whether the method is being invoked, but it didn't help.

We are not sure, what are all the methods being invoked by the command getent which loops infinitely for us. Any help/info is much appreciated.

Thanks,
Arun
 
Old 11-30-2015, 11:49 AM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,842

Rep: Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472
And what happens to "nss_templateuser_getuid(template_user)" when template_user is NULL, and the pwbuf->pw_name is NULL?

If you are setting the home and shell parameters for testing, shouldn't you also set the uid and name for testing?
 
Old 12-08-2015, 11:15 PM   #5
kkarun
LQ Newbie
 
Registered: Nov 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hi pollard,

The template_user is statically assigned with remote value in the beginning of the program. Only in _nss_templateuser_endpwent it is assigned back to NULL just to free the unused space. I guess the endpwent will be called at the end of getent execution. Sample code for the static allocation of template_user.

/** Holds a temporary user name. */
static char *template_user = "xyz";
size_t size = 150;

For getuid method we have separate implementation which retrieves the uid of the "xyz" user(which works fine for us). The main problem is the infinite looping of getent linux command.

Thanks,
Arun
 
Old 12-09-2015, 04:28 AM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,842

Rep: Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472
Quote:
Originally Posted by kkarun View Post
Hi pollard,

The template_user is statically assigned with remote value in the beginning of the program. Only in _nss_templateuser_endpwent it is assigned back to NULL just to free the unused space. I guess the endpwent will be called at the end of getent execution. Sample code for the static allocation of template_user.

/** Holds a temporary user name. */
static char *template_user = "xyz";
size_t size = 150;

For getuid method we have separate implementation which retrieves the uid of the "xyz" user(which works fine for us). The main problem is the infinite looping of getent linux command.

Thanks,
Arun
Based on the code supplied... template_user is set to NULL, and the string deallocated (which is an error in the static case you report. And that seems to contradict what you say here.

BTW, a static declaration is not exported to other modules.

If _nss_templateuser_getpwent_r is supposed to get a new entry, then SOMETIME it must not return success...

Yet your code again shows it always returning NSS_STATUS_SUCCESS. Thus anything testing for the end of the list will never terminate.

The command line getent returns a single list of the entries identified. Invoke it again and you get another list. The command works just fine, it terminates normally and cannot do anything else.

Last edited by jpollard; 12-09-2015 at 04:32 AM.
 
Old 01-07-2016, 04:39 AM   #7
kkarun
LQ Newbie
 
Registered: Nov 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hi jpollard,

Thanks a lot for your valuable suggestions. One of our mistakes was the deallocation of template_user which was previously statically assigned with "remote".

We did enough testing and found out the root cause for the issue too, the mapping for this was also missing under lib folder. Now getent is working fine and thanks for your continuous help provided.

Thanks,
Arun
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Writing nss module adampar Programming 6 08-16-2016 07:38 PM
LXer: Red Hat: 2014:1073-01: nss, nss-util, nss-softokn: Low Advisory LXer Syndicated Linux News 0 08-18-2014 09:10 PM
getent shadow works but getent passwd does not??? shiv_softengg Linux - Networking 1 04-04-2011 08:06 AM
getent passwd only pulls local info - getent group works? epoh Linux - Server 2 03-14-2008 07:56 AM
custom geforce video card--custom module? bandofmercy Linux - Hardware 3 10-14-2004 06:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration