initial import

Makefile

+# Makefile for nss-extrausers
+
+CC = gcc
+prefix = /usr
+exec_prefix = ${prefix}
+libprefix = ${exec_prefix}/lib
+DESTDIR=
+OBJECTS=shadow.o passwd.o group.o
+SHARED_OBJECT = libnss_extrausers.so.2
+CFLAGS = -g -O2 -Wall -Wstrict-prototypes -Wpointer-arith -Wmissing-prototypes
+LDFLAGS= -shared -Wl,-soname,$(SHARED_OBJECT) -Wl,-z,defs --no-allow-shlib-undefined
+
+all: $(SHARED_OBJECT)
+
+$(SHARED_OBJECT): $(OBJECTS)
+	gcc $(CFLAGS) $(LDFLAGS) -o $(SHARED_OBJECT) $(OBJECTS) -lc
+
+shadow.o: shadow.c s_config.h
+	$(CC) $(CFLAGS) -fPIC -c -o shadow.o shadow.c
+group.o: group.c s_config.h
+	$(CC) $(CFLAGS) -fPIC -c -o group.o group.c
+passwd.o: passwd.c s_config.h
+	$(CC) $(CFLAGS) -fPIC -c -o passwd.o passwd.c
+
+install:
+	install -m644 $(SHARED_OBJECT) $(DESTDIR)$(libprefix)/
+
+clean:
+	rm -f $(OBJECTS)
+	rm -f $(SHARED_OBJECT)
+
+distclean: clean

README

+libnss_extrausers:
+
+With the following lines in /etc/nsswitch.conf
+
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+and /lib/libnss_extrausers.so.1 from this package, glibc will
+not only look in /etc/{passwd,shadow,group} but also in
+/var/lib/extrausers/{passwd,shadow,group}. It will limit itself
+to uids and gids of at least 500 - where detectable - to avoid
+root or system account access.
+
+Security considerations:
+	Allways use after compat in nsswitch.conf,
+	otherwise it could overwrite the shadow-password for root.
+	(shadow has not uids, so this cannot be rules out)
+
+	If someone is able to place terminals instead of the
+	files, that could cause all programs to get a new
+	controling terminal, making DoS attacks possible.
+

debian/README

+The Debian Package libnss-extrausers
+------------------------------------
+
+Little tool to have /var/lib/extrausers/{passwd,shadow,group}
+in addtion to /etc/{passwd,shadow,group}. Uses nss for doing that.
+Ignores all uids and gids below 500.
+
+Bernhard R. Link <brlink@debian.org>, Wed, 23 May 2001 08:34:45 +0200

debian/changelog

+libnss-extrausers-am (0.1-2ai1) unstable; urgency=low
+
+  * First A/I release
+
+ -- Autistici/Inventati <debian@autistici.org>  Mon, 14 Dec 2009 20:23:13 +0100
+
+libnss-extrausers-am (0.1-2) unstable; urgency=low
+
+  * install README file (closes: #488746)
+  * update to Standards-Version 3.8.0
+  - support DEB_BUILD_OPTIONS
+
+ -- Bernhard R. Link <brlink@debian.org>  Tue,  1 Jul 2008 17:31:02 +0200
+
+libnss-extrausers-am (0.1-1) unstable; urgency=low
+
+  * Initial upload
+
+ -- Bernhard R. Link <brlink@debian.org>  Tue, 17 Apr 2007 16:53:43 +0200
+
+libnss-extrausers-am (0.1-0) local-etch; urgency=low
+
+  * general clean up and rename to prepare publishing
+
+ -- Bernhard R. Link <brlink@debian.org>  Tue, 13 Feb 2007 21:41:26 +0100

debian/compat

+4

debian/control

+Source: libnss-extrausers-am
+Section: admin
+Priority: extra
+Maintainer: Autistici/Inventati <debian@autistici.org>
+Build-Depends: debhelper (>= 4)
+Standards-Version: 3.8.0
+
+Package: libnss-extrausers-am
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: nss module to have an additional passwd, shadow and group file
+ This Name Service Switch (NSS) module reads /var/lib/extrausers/passwd,
+ /var/lib/extrausers/shadow and /var/lib/extrausers/groups, allowing to
+ store system accounts and accounts copied from other systems in different
+ files.
+ Package modified with different default paths.

debian/copyright

+This is libnss-extrausers, written and maintained by Bernhard R. Link <brlink@debian.org>
+on Wed, 23 May 2001 08:34:45 +0200.
+
+
+Copyright (C) 2001  Bernhard R. Link
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License version 2 as
+  published by the Free Software Foundation.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License with
+  the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL-2;
+  if not, write to the Free Software Foundation, Inc., 51 Franklin Street,
+  Fifth Floor, Boston, MA 02110-1301 USA
+
+Most of the code is taken from the GNU C Library and remains under the
+following license:
+
+   Common code for file-based database parsers in nss_files module.
+   Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License with
+the Debian GNU/Linux distribution in file /usr/share/common-licenses/LGPL-2.1;
+if not, write to the Free Software Foundation, Inc., 51 Franklin Street,
+Fifth Floor, Boston, MA 02110-1301 USA

debian/dirs

+usr/lib
+usr/share/lintian/overrides

debian/libnss-extrausers-am.docs

+README

debian/libnss-extrausers-am.lintian

+libnss-extrausers: no-shlibs-control-file usr/lib/libnss_extrausers.so.2
+libnss-extrausers: package-name-doesnt-match-sonames libnss-extrausers2

debian/postinst

+#!/bin/sh
+
+set -e
+
+if [ "$1" = "configure" ]; then 
+	ldconfig
+fi
+
+#DEBHELPER#
+
+exit 0
+
+

debian/rules

+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# dpkg-buildpackage generates , policy suggests spaces, oh well...
+export DEB_BUILD_OPTIONS
+BUILDOPTS:=$(shell echo "$$DEB_BUILD_OPTIONS" | sed 's/,/ /g')
+
+CFLAGS = -Wall -g -Wextra -Wmissing-prototypes -Wstrict-prototypes -Wpointer-arith
+ifneq (,$(filter noopt,$(BUILDOPTS)))
+        CFLAGS += -O0
+else
+        CFLAGS += -O2
+endif
+ifneq (,$(filter parallel=%,$(BUILDOPTS)))
+        PARFLAGS = -j$(patsubst parallel=%,%,$(filter parallel=%,$(BUILDOPTS)))
+endif
+
+build-arch: build-arch-stamp
+build-indep:
+build: build-arch-stamp
+
+build-arch-stamp:
+	dh_testdir
+	$(MAKE) $(PARFLAGS) CFLAGS="$(CFLAGS)"
+	touch build-arch-stamp
+
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f build-arch-stamp
+	$(MAKE) $(PARFLAGS) clean
+	dh_clean
+
+# Build architecture-independent files here.
+binary-indep: build-indep
+# We have nothing to do
+
+# Build architecture-dependent files here.
+binary-arch: build-arch
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+	$(MAKE) $(PARFLAGS) install DESTDIR=`pwd`/debian/libnss-extrausers-am
+	install -m 644 debian/libnss-extrausers-am.lintian debian/libnss-extrausers-am/usr/share/lintian/overrides/libnss-extrausers-am
+	dh_installchangelogs
+	dh_installdocs
+	dh_link
+	dh_strip
+	dh_shlibdeps
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build build-arch build-indep clean binary-indep binary-arch binary

group.c

+/*
+    Copyright (C) 2001,2002 Bernhard R. Link <brlink@debian.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License version 2 as
+    published by the Free Software Foundation.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    Please tell me, if you find errors or mistakes.
+
+Based on parts of the GNU C Library:
+
+   Common code for file-based database parsers in nss_files module.
+   Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+*/
+#define _GNU_SOURCE 1
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <nss.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+#include <ctype.h>
+#include <grp.h>
+
+#include "s_config.h"
+
+enum nss_status _nss_extrausers_setgrent (void);
+enum nss_status _nss_extrausers_endgrent (void);
+enum nss_status _nss_extrausers_getgrent_r (struct group *gr,
+		char * buffer, size_t buflen,int * errnop);
+enum nss_status _nss_extrausers_getgrnam_r (const char * name, struct group *gr,
+		char * buffer, size_t buflen,int *errnop);
+enum nss_status _nss_extrausers_getgrgid_r (const gid_t gid, struct group *gr,
+		char * buffer, size_t buflen,int *errnop);
+
+static FILE *groupsfile = NULL;
+
+/* from clib/nss */
+static inline char **parse_list(char *line,char *data,size_t datalen,int *errnop) {
+	char *eol, **list, **p;
+
+	if (line >= data && line < (char *) data + datalen)
+		/* Find the end of the line buffer, we will use the space in DATA after
+		 *        it for storing the vector of pointers.  */
+		eol = strchr (line, '\0') + 1;
+	else
+		/* LINE does not point within DATA->linebuffer, so that space is
+		 *        not being used for scratch space right now.  We can use all of
+		 *               it for the pointer vector storage.  */
+		eol = data;
+	/* Adjust the pointer so it is aligned for storing pointers.  */
+	eol += __alignof__ (char *) - 1;
+	eol -= (eol - (char *) 0) % __alignof__ (char *);
+	/* We will start the storage here for the vector of pointers.  */
+	list = (char **) eol;
+
+	p = list;
+	while (1)
+	{
+		char *elt;
+
+		if ((size_t) ((char *) &p[1] - (char *) data) > datalen)
+		{
+			/* We cannot fit another pointer in the buffer.  */
+			*errnop = ERANGE;
+			return NULL;
+		}
+		if (*line == '\0')
+			break;
+
+		/* Skip leading white space.  This might not be portable but useful.  */
+		while (isspace (*line))
+			++line;
+
+		elt = line;
+		while (1) {
+			if (*line == '\0' || *line == ',' ) {
+				/* End of the next entry.  */
+				if (line > elt)
+					/* We really found some data.  */
+					*p++ = elt;
+
+				/* Terminate string if necessary.  */
+				if (*line != '\0')
+					*line++ = '\0';
+				break;
+			}
+			++line;
+		}
+	}
+	*p = NULL;
+
+	return list;
+}
+
+#define TOCOLON(p,h) {while( *p && *p != ':' ) p++; h=p;if(*p) p++;*h='\0';h--;while(isspace(*h)){*h='\0';h--;}}
+
+static inline enum nss_status g_search(FILE *stream,const char *name,const gid_t gid,struct group * gr, int * errnop,char * buffer, size_t buflen)
+{
+	char *p,*h;
+	gid_t t_gid;
+	char *t_name,*t_passwd;
+	char **t_mem;
+
+	flockfile(stream);
+	while( 1 )  {
+		buffer[buflen - 1] = '\xff';
+		p = fgets_unlocked(buffer,buflen,stream);
+		if( p == NULL ) {
+			if( feof_unlocked(stream) ) {
+				funlockfile(stream);
+				*errnop = ENOENT;
+				return NSS_STATUS_NOTFOUND;
+			} else {
+				funlockfile(stream);
+				*errnop = errno;
+				return NSS_STATUS_UNAVAIL;
+			}
+		}
+		h = index(p,'\n');
+		if( buffer[buflen - 1] != '\xff' || h == NULL ) {
+			funlockfile(stream);
+			*errnop = ERANGE;
+			return NSS_STATUS_TRYAGAIN;
+		}
+		while( isspace(*h) && h != p ) {
+			*h = '\0';
+			h--;
+		}
+
+		/* extract name */
+		while (isspace (*p))
+			++p;
+		t_name = p;
+		TOCOLON(p,h);
+		if( name && strcmp(name,t_name) != 0)
+			continue;
+		/* passwd (should be "x" or "" or something...) */
+		while (isspace (*p))
+			++p;
+		t_passwd = p;
+		TOCOLON(p,h);
+		/* extract gid */
+		t_gid = strtol(p,&h,10);
+		if( *h != ':' ) {
+			funlockfile(stream);
+			*errnop = 0;
+			return NSS_STATUS_UNAVAIL;
+		}
+		if( gid != 0 && gid != t_gid ) {
+			continue;
+		}
+		p = h;
+		/* extract members */
+		h++; // Over ':'
+		t_mem = parse_list(h,buffer,buflen,errnop);
+		if( t_mem == NULL ){
+			funlockfile(stream);
+			return NSS_STATUS_TRYAGAIN;
+		}
+		if( t_gid < MINGID ) {
+			funlockfile(stream);
+			*errnop = 0;
+			return NSS_STATUS_UNAVAIL;
+		}
+		funlockfile(stream);
+		*errnop = 0;
+		gr->gr_name = t_name;
+		gr->gr_passwd = t_passwd;
+		gr->gr_gid = t_gid;
+		gr->gr_mem = t_mem;
+		return NSS_STATUS_SUCCESS;
+	}
+}
+
+
+enum nss_status _nss_extrausers_setgrent (void) {
+	groupsfile = fopen(GROUPSFILE,"r");
+	if( groupsfile == NULL )
+		return NSS_STATUS_UNAVAIL;
+	return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_extrausers_endgrent (void) {
+	if ( groupsfile != NULL ) {
+		fclose(groupsfile);
+		groupsfile = NULL;
+	}
+	return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_extrausers_getgrent_r (struct group *gr,
+		char * buffer, size_t buflen,int * errnop)
+{
+	*errnop = 0;
+	if ( groupsfile == NULL )
+		return NSS_STATUS_UNAVAIL;
+
+	return g_search(groupsfile,NULL,0,gr,errnop,buffer,buflen);
+}
+
+
+enum nss_status _nss_extrausers_getgrnam_r (const char * name, struct group *gr,
+		char * buffer, size_t buflen,int *errnop)
+{
+	enum nss_status e;
+	FILE *f;
+
+	*errnop = 0;
+
+	if ( gr == NULL || name == NULL )
+		return NSS_STATUS_UNAVAIL;
+
+	f = fopen(GROUPSFILE,"r");
+	if( f == NULL ) {
+		*errnop = errno;
+		return NSS_STATUS_UNAVAIL;
+	}
+
+	e = g_search(f,name,0,gr,errnop,buffer,buflen);
+	fclose(f);
+	return e;
+}
+
+enum nss_status _nss_extrausers_getgrgid_r (const gid_t gid, struct group *gr,
+		char * buffer, size_t buflen,int *errnop)
+{
+	enum nss_status e;
+	FILE *f;
+	*errnop = 0;
+	if ( gr == NULL )
+		return NSS_STATUS_UNAVAIL;
+	if( gid == 0 || gid < MINGID )
+		return NSS_STATUS_NOTFOUND;
+
+	f = fopen(GROUPSFILE,"r");
+	if( f == NULL ) {
+		*errnop = errno;
+		return NSS_STATUS_UNAVAIL;
+	}
+
+	e = g_search(f,NULL,gid,gr,errnop,buffer,buflen);
+	fclose(f);
+	return e;
+}

passwd.c

+/*
+    Copyright (C) 2001,2002 Bernhard R. Link <brlink@debian.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License version 2 as
+    published by the Free Software Foundation.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    Please tell me, if you find errors or mistakes.
+
+Based on parts of the GNU C Library:
+
+   Common code for file-based database parsers in nss_files module.
+   Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+*/
+
+#define _GNU_SOURCE 1
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <nss.h>
+#include <pwd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+#include <ctype.h>
+
+#include "s_config.h"
+
+enum nss_status _nss_extrausers_getpwuid_r(uid_t,struct passwd *,char *, size_t,int *);
+enum nss_status _nss_extrausers_setpwent (void);
+enum nss_status _nss_extrausers_endpwent (void);
+enum nss_status _nss_extrausers_getpwnam_r(const char *,struct passwd *,char *,size_t,int *);
+enum nss_status _nss_extrausers_getpwent_r(struct passwd *, char *, size_t,int *);
+
+static enum nss_status p_search(FILE *f,const char *name,const uid_t uid,struct passwd *pw, int *errnop,char *buffer, size_t buflen);
+
+static inline enum nss_status p_search(FILE *f,const char *name,const uid_t uid,struct passwd *pw, int *errnop,char *buffer, size_t buflen)
+{
+#define SANEQUIT {funlockfile(stream);if( f==NULL)  fclose(stream);}
+#define TOCOLON(p,h) { while( *p && *p != ':' ) \
+				p++; \
+			h=p; \
+			if(!*p) { \
+				SANEQUIT \
+				*errnop = 0; \
+				return NSS_STATUS_UNAVAIL; \
+			} \
+			p++; \
+			*h='\0'; \
+			h--; \
+			}
+	FILE *stream = f;
+	char *p,*h;
+	uid_t t_uid;
+	gid_t t_gid;
+	char *t_name,*t_passwd,*t_gecos,*t_shell,*t_dir;
+
+	if( stream == NULL ) {
+		stream = fopen(USERSFILE,"r");
+		if( stream == NULL ) {
+			*errnop = errno;
+			return NSS_STATUS_UNAVAIL;
+		}
+	}
+	flockfile(stream);
+	while( 1 ) {
+		buffer[buflen - 1] = '\xff';
+		p = fgets_unlocked(buffer,buflen,stream);
+		if( p == NULL ) {
+			if( feof_unlocked(stream) ) {
+				SANEQUIT
+				*errnop = ENOENT;
+				return NSS_STATUS_NOTFOUND;
+			} else {
+				*errnop = errno;
+				SANEQUIT
+				return NSS_STATUS_UNAVAIL;
+			}
+		}
+		h = index(p,'\n');
+		if( buffer[buflen - 1] != '\xff' || h == NULL ) {
+			SANEQUIT
+			*errnop = ERANGE;
+			return NSS_STATUS_TRYAGAIN;
+		}
+		while( isspace(*h) && h != p ) {
+			*h = '\0';
+			h--;
+		}
+
+		/* extract name */
+		while (isspace (*p))
+			++p;
+		t_name = p;
+		TOCOLON(p,h);
+		if( name && strcmp(name,t_name)!=0 )
+			continue;
+		/* passwd (should be "x" or "!!" or something...) */
+		while (isspace (*p))
+			++p;
+		t_passwd = p;
+		TOCOLON(p,h);
+		/* extract uid */
+		t_uid = strtol(p,&h,10);
+		if( *h != ':' ) {
+			SANEQUIT
+			*errnop = 0;
+			return NSS_STATUS_UNAVAIL;
+		}
+		if( t_uid < MINUID ) {
+			continue;
+		}
+		if( uid != 0 && uid != t_uid) {
+			continue;
+		}
+		p = ++h;
+		/* extract gid */
+		t_gid = strtol(p,&h,10);
+		if( *h != ':' ) {
+			SANEQUIT
+			*errnop = 0;
+			return NSS_STATUS_UNAVAIL;
+		}
+		if( t_gid < MINGID ) {
+			continue;
+		}
+		p = ++h;
+		/* extract gecos */
+		while (isspace (*p))
+			++p;
+		t_gecos = p;
+		TOCOLON(p,h);
+		/* extract dir */
+		while (isspace (*p))
+			++p;
+		t_dir = p;
+		TOCOLON(p,h);
+		/* extract shell */
+		while (isspace (*p))
+			++p;
+		t_shell = p;
+		if( index(p,':') ) {
+			SANEQUIT
+			*errnop = 0;
+			return NSS_STATUS_UNAVAIL;
+		}
+
+		SANEQUIT
+		*errnop = 0;
+		pw->pw_name = t_name;
+		pw->pw_uid = t_uid;
+		pw->pw_passwd = t_passwd;
+		pw->pw_gid = t_gid;
+		pw->pw_gecos = t_gecos;
+		pw->pw_dir = t_dir;
+		pw->pw_shell = t_shell;
+		return NSS_STATUS_SUCCESS;
+	}
+}
+
+enum nss_status _nss_extrausers_getpwuid_r( uid_t uid, struct passwd *result,
+	char *buf, size_t buflen, int *errnop)
+{
+	*errnop = 0;
+	if ( result )
+		return p_search(NULL,NULL,uid,result,errnop,buf,buflen);
+	else
+		return NSS_STATUS_UNAVAIL;
+}
+
+enum nss_status _nss_extrausers_getpwnam_r(const char *name, struct passwd *result,
+		char *buf, size_t buflen, int *errnop)
+{
+	*errnop = 0;
+	if ( result )
+		return p_search(NULL,name,0,result,errnop,buf,buflen);
+	else
+		return NSS_STATUS_UNAVAIL;
+}
+
+static FILE *usersfile = NULL;
+
+enum nss_status _nss_extrausers_setpwent (void)
+{
+
+	if ( usersfile != NULL )
+	{
+		fclose(usersfile);
+		usersfile = NULL;
+	}
+	usersfile = fopen(USERSFILE,"r");
+	if ( usersfile == NULL )
+	{
+		return NSS_STATUS_UNAVAIL;
+	}
+
+	return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_extrausers_endpwent (void)
+{
+
+	if ( usersfile != NULL )
+	{
+		fclose(usersfile);
+		usersfile = NULL;
+	}
+	return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status _nss_extrausers_getpwent_r (struct passwd *pw,
+                char * buffer, size_t buflen,int * errnop)
+{
+	*errnop = -1;
+
+	if ( pw == NULL )
+		return NSS_STATUS_UNAVAIL;
+	if ( usersfile == NULL )
+		return NSS_STATUS_UNAVAIL;
+
+  	return p_search(usersfile,NULL,0,pw,errnop,buffer,buflen);
+}
+

s_config.h

+#define USERSFILE "/etc/passwd.am"
+#define SHADOWFILE "/etc/shadow.am"
+#define GROUPSFILE "/etc/group.am"
+#define MINUID 1
+#define MINGID 1
+

shadow.c

+/*
+    Copyright (C) 2001,2002 Bernhard R. Link <brlink@debian.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License version 2 as
+    published by the Free Software Foundation.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    Please tell me, if you find errors or mistakes.
+
+Based on parts of the GNU C Library:
+
+   Common code for file-based database parsers in nss_files module.
+   Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+*/
+
+#define _GNU_SOURCE 1
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <nss.h>
+#include <string.h>
+#include <shadow.h>
+#include <time.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <errno.h>
+#include <ctype.h>
+
+#include "s_config.h"
+
+enum nss_status _nss_extrausers_getspnam_r (const char *, struct spwd *,char *, size_t,int *);
+
+enum nss_status _nss_extrausers_getspnam_r (const char *name, struct spwd *spw,
+                char *buffer, size_t buflen,int * errnop)
+{
+#define SANEQUIT {funlockfile(stream);fclose(stream);}
+#define CHECKCOLON if(*p != ':' ) { \
+				SANEQUIT \
+				*errnop = 0; \
+				return NSS_STATUS_UNAVAIL; \
+			} else { \
+			*(p++) = '\0'; \
+			}
+#define TOCOLON(p,h) { while( *p && *p != ':' ) p++; CHECKCOLON }
+	FILE *stream;
+	char *p,*h;
+	char *t_namp,*t_pwdp;
+	long int t_lstchg,t_min,t_max,t_warn,t_inact,t_expire;
+	unsigned long int t_flag;
+
+	if ( spw == NULL || name == NULL )
+	{
+		*errnop = EPERM;
+		return NSS_STATUS_UNAVAIL;
+	}
+
+	stream = fopen(SHADOWFILE,"r");
+	if( stream == NULL ) {
+		*errnop = errno;
+		return NSS_STATUS_UNAVAIL;
+	}
+	flockfile(stream);
+	while( 1 ) {
+		buffer[buflen - 1] = '\xff';
+		p = fgets_unlocked(buffer,buflen,stream);
+		if( p == NULL ) {
+			if( feof_unlocked(stream) ) {
+				SANEQUIT
+				*errnop = ENOENT;
+				return NSS_STATUS_NOTFOUND;
+			} else {
+				*errnop = errno;
+				SANEQUIT
+				return NSS_STATUS_UNAVAIL;
+			}
+		}
+		h = index(p,'\n');
+		if( buffer[buflen - 1] != '\xff' || h == NULL ) {
+			SANEQUIT
+			*errnop = ERANGE;
+			return NSS_STATUS_TRYAGAIN;
+		}
+		while( isspace(*h) && h >= p) {
+			*h = '\0';
+			h--;
+		}
+
+		/* extract name */
+		while (isspace (*p))
+			++p;
+		t_namp = p;
+		TOCOLON(p,h);
+		if( name && strcmp(name,t_namp)!=0 )
+			continue;
+		/* passwd */
+		while (isspace (*p))
+			++p;
+		t_pwdp = p;
+		TOCOLON(p,h);
+		/* extract day of last changes */
+		t_lstchg = strtol(p,&h,10);
+		p=h;
+		CHECKCOLON;
+		p = ++h;
+		/* extract min */
+		t_min = strtol(p,&h,10);
+		p=h;
+		CHECKCOLON;
+		/* extract max */
+		t_max = strtol(p,&h,10);
+		p=h;
+		CHECKCOLON;
+		/* extract days of warning */
+		t_warn = strtol(p,&h,10);
+		p=h;
+		CHECKCOLON;
+		/* extract days of inactivity */
+		t_inact = strtol(p,&h,10);
+		p=h;
+		CHECKCOLON;
+		/* extract day of expire */
+		t_expire = strtol(p,&h,10);
+		p=h;
+		CHECKCOLON;
+		/* extract reserved flags */
+		t_flag = strtoul(p,&h,10);
+		if( *h != '\0' ) {
+			SANEQUIT
+			*errnop = 0;
+			return NSS_STATUS_UNAVAIL;
+		}
+		SANEQUIT
+		*errnop = 0;
+		spw->sp_namp = t_namp;
+		spw->sp_pwdp = t_pwdp;
+		spw->sp_lstchg = t_lstchg;
+		spw->sp_min = t_min;
+		spw->sp_max = t_max;
+		spw->sp_warn = t_warn;
+		spw->sp_inact = t_inact;
+		spw->sp_expire = t_expire;
+		spw->sp_flag = t_flag;
+		return NSS_STATUS_SUCCESS;
+	}
+}