1NSS_WRAPPER(1) NSS_WRAPPER(1)
2
3
4
6 nss_wrapper - A wrapper for the user, group and hosts NSS API
7
9 LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_PASSWD=/path/to/passwd
10 NSS_WRAPPER_GROUP=/path/to/group NSS_WRAPPER_HOSTS=/path/to/host
11 ./myapplication
12
14 There are projects which provide daemons needing to be able to create,
15 modify and delete Unix users. Or just switch user ids to interact with
16 the system e.g. a user space file server. To be able to test that you
17 need the privilege to modify the passwd and groups file. With
18 nss_wrapper it is possible to define your own passwd and groups file
19 which will be used by software to act correctly while under test.
20
21 If you have a client and server under test they normally use functions
22 to resolve network names to addresses (dns) or vice versa. The
23 nss_wrappers allow you to create a hosts file to setup name resolution
24 for the addresses you use with socket_wrapper.
25
26 · Provides information for user and group accounts.
27
28 · Network name resolution using a hosts file.
29
30 · Loading and testing of NSS modules.
31
33 Some calls in nss_wrapper will only work if uid_wrapper is loaded and
34 active. One of this functions is initgroups() which needs to run
35 setgroups() to set the groups for the user. setgroups() is wrapped by
36 uid_wrapper.
37
39 NSS_WRAPPER_PASSWD, NSS_WRAPPER_GROUP
40 For user and group accounts you need to create two files: passwd
41 and group. The format of the passwd file is described in man 5
42 passwd and the group file in man 5 group. So you can fill these
43 files with made up accounts. You point nss_wrapper to them using
44 the two variables NSS_WRAPPER_PASSWD=/path/to/your/passwd and
45 NSS_WRAPPER_GROUP=/path/to/your/group.
46
47 NSS_WRAPPER_HOSTS
48 If you also need to emulate network name resolution in your
49 enviornment, especially with socket_wrapper, you can write a hosts
50 file. The format is described in man 5 hosts. Then you can point
51 nss_wrapper to your hosts file using:
52 NSS_WRAPPER_HOSTS=/path/to/your/hosts
53
54 NSS_WRAPPER_HOSTNAME
55 If you need to return a hostname which is different from the one of
56 your machine is using you can use:
57 NSS_WRAPPER_HOSTNAME=test.example.org
58
59 NSS_WRAPPER_MODULE_SO_PATH, NSS_WRAPPER_MODULE_FN_PREFIX
60 If you have a project which also provides user and group
61 information out of a database, you normally write your own nss
62 modules. nss_wrapper is able to load nss modules and ask them first
63 before looking into the faked passwd and group file. To point
64 nss_wrapper to the module you can do that using
65 NSS_WRAPPER_MODULE_SO_PATH=/path/to/libnss_yourmodule.so. As each
66 nss module has a special prefix like _nss_winbind_getpwnam() you
67 need to set the prefix too so nss_wrapper can load the functions
68 with NSS_WRAPPER_MODULE_FN_PREFIX=<prefix>.
69
70 For _nss_winbind_getpwnam() this would be:
71
72 NSS_WRAPPER_MODULE_FN_PREFIX=winbind
73
74 NSS_WRAPPER_DEBUGLEVEL
75 If you need to see what is going on in nss_wrapper itself or try to
76 find a bug, you can enable logging support in nss_wrapper if you
77 built it with debug symbols.
78
79 · 0 = ERROR
80
81 · 1 = WARNING
82
83 · 2 = DEBUG
84
85 · 3 = TRACE
86
87 NSS_WRAPPER_DISABLE_DEEPBIND
88 This allows you to disable deep binding in nss_wrapper. This is
89 useful for running valgrind tools or sanitizers like (address,
90 undefined, thread).
91
93 $ echo "bob:x:1000:1000:bob gecos:/home/test/bob:/bin/false" > passwd
94 $ echo "root:x:65534:65532:root gecos:/home/test/root:/bin/false" >> passwd
95 $ echo "users:x:1000:" > group
96 $ echo "root:x:65532:" >> group
97 $ LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_PASSWD=passwd \
98 NSS_WRAPPER_GROUP=group getent passwd bob
99 bob:x:1000:1000:bob gecos:/home/test/bob:/bin/false
100 $ LD_PRELOAD=libnss_wrapper.so NSS_WRAPPER_HOSTNAME=test.example.org hostname
101 test.example.org
102
104 Samba Team
105 Author.
106
107
108
109 2019-05-21 NSS_WRAPPER(1)