1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
|
<!DOCTYPE html>
<html lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="favicon.png">
<title>cwrap - A toolset for client server testing</title>
<!-- Bootstrap core CSS -->
<link href="assets/css/bootstrap.min.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
<link href="assets/cwrap.css" type="text/css" rel="stylesheet"></head>
<body>
<div class="container jumbo">
<div class="row">
<div class="col-md-6 col-md-offset-6">
<h1>cwrap</h1>
<p class="info">Testing your full software stack on a single machine.</p>
<p><a class="btn btn-primary btn-lg" role="button" href="./download.html">Download <img src="img/download.png" alt="Download" /></a></p>
<p><a class="btn btn-warning btn-lg" role="button" href="./download.html#git"><span class="glyphicon glyphicon-random"></span> Clone with git</a></p>
<p><a class="btn btn-danger btn-lg" role="button" href="https://bugzilla.samba.org/enter_bug.cgi?product=cwrap"><span class="glyphicon glyphicon-send"></span> Report a bug</a></p>
<p class="scroll-down">scroll for more information</p>
</div>
</div>
</div>
<div class="container content">
<div class="bg-hack hidden-sm hidden-xs"> </div>
<div class="row">
<div class="col-md-12">
<h2 class="first">Features</h2>
</div>
</div>
<div class="row feature-row">
<div class="col-md-6">
<div class="feature f1">
<h3>Preloading</h3>
<div class="icon">
<img src="img/icon-one.png" alt="preloading" />
</div>
<p>Preloading is a feature of the dynamic linker (ld). On most UNIX
systems <em>ld</em> allows to load a number of shared libraries
before loading all the shared libraries which are required by
an executable. The cwrap project uses this feature to implement
special libraries which can be used to fake certain behavior of the
system. Think of it like "The Matrix" where reality is simulated and
everything is a lie!<br />
<a href="preloading.html">Learn more ...</a></p>
</div>
</div>
<div class="col-md-6">
<div class="feature f2">
<h3>An isolated network.</h3>
<div class="icon">
<img src="img/icon-tree.png" alt="socket_wrapper" />
</div>
<p><em>socket_wrapper</em> makes possible to run several instances of a
a full client/server software stack on the same machine and to perform
functional testing of many complex network configurations locally, with
without going out to the network. <br /><a href="socket_wrapper.html">Learn more about socket_wrapper...</a></p>
</div>
</div>
</div>
<div class="row feature-row">
<div class="col-md-6">
<div class="feature f3">
<h3>Users and groups, with artificial flavors</h3>
<div class="icon">
<img src="img/icon-two.png" alt="nss_wrapper" />
</div>
<p>System management software often requires to create, modify, or
delete unix users. Or just switch user identity its processes use to
interact with the system e.g., a privilege separation in a user space
file server. To be able to test that you need the privilege to modify
the passwd and groups file. With nss_wrapper it is possible to define
your own passwd and groups file which will be used by software to act
correctly while under test.<br /><a href="nss_wrapper.html">Learn more about nss_wrapper...</a></p>
</div>
</div>
<div class="col-md-6">
<div class="feature f4">
<h3>Network name resolution.</h3>
<div class="icon">
<span class="glyphicon glyphicon-3x glyphicon-globe"></span>
<!-- <img src="img/icon-tree.png" alt="nss_wrapper" /> -->
</div>
<p>Applications believe in DNS resolution. <em>nss_wrapper</em> allows
them to believe in your twist of their reality and seamlessly
blend addresses they get through <em>socket_wrapper</em> with DNS
resolution of their host names.<br />
<a href="nss_wrapper.html">Learn more about nss_wrapper...</a></p>
</div>
</div>
</div>
<div class="row feature-row">
<div class="col-md-6">
<div class="feature f5">
<h3>Privilege separation.</h3>
<div class="icon">
<span class="glyphicon glyphicon-3x glyphicon-record"></span>
<!-- <img src="img/icon-two.png" alt="uid_wrapper" /> -->
</div>
<p>File serving applications often need a privilege separation to be
able to switch to the connecting user identity and do required file
operations. <em>uid_wrapper</em> convincingly lies to the applications,
letting them to believe they are operating as root and even switching
betwen uids and gids as needed.<br /><a href="uid_wrapper.html">Learn more about uid_wrapper...</a></p>
</div>
</div>
<div class="col-md-6">
<div class="feature f6">
<h3>DNS queries.</h3>
<div class="icon">
<span class="glyphicon glyphicon-3x glyphicon-retweet"></span>
<!-- <img src="img/icon-tree.png" alt="resolv_wrapper" /> -->
</div>
<p>It is likely that if you have a server/client architecture, you
need to do DNS queries or a third party library, like Kerberos needs
to be able to do queries. In the case of Kerberos the client needs to lookup
the address of the KDC via a SRV record. resolv_wrapper is able to
either redirect all DNS queries to your DNS server implementation, or
fake DNS replies!<br />
<a href="resolv_wrapper.html">Learn more about resolv_wrapper...</a></p>
</div>
</div>
</div> <!-- end row -->
<div class="row">
<div class="col-md-12">
<h2>News</h2>
</div>
</div>
<div class="row">
<div class="col-sm-4">
<div class="news">
<h3>nss_wrapper 1.1.0</h3>
<div class="news-text">
<p>
<span style="font-size: small;">2015-10-20</span><br />
A new version of nss_wrapper with support for shadow files and improvements to getaddrinfo() has been released today!
</p>
<p><a href="nss_wrapper.html">read more</a></p>
</div>
</div>
</div>
<div class="col-sm-4">
<div class="news">
<h3>uid_wrapper 1.2.0</h3>
<div class="news-text">
<p>
<span style="font-size: small;">2015-10-29</span><br />
A new version of uid_wrapper, a tool to fake privilege separation has been released today! The new
version add privilege checks for changing IDs.
</p>
<p><a href="uid_wrapper.html">read more</a></p>
</div>
</div>
</div>
<div class="col-sm-4">
<div class="news">
<h3>socket_wrapper 1.1.5</h3>
<div class="news-text">
<p>
<span style="font-size: small;">2015-10-15</span><br />
A new version of socket_wrapper has been released to support TCP_NODELAY in getsockopt()/setockopt().
</p>
<p><a href="socket_wrapper.html">read more</a></p>
</div>
</div>
</div>
<!--
<div class="col-sm-4">
<div class="news">
<h3>resolv_wrapper 1.1.3</h3>
<div class="news-text">
<p>
<span style="font-size: small;">2015-08-24</span><br />
A new resolv_wrapper version fixing macro detection on some platforms has been released today!
</p>
<p><a href="resolv_wrapper.html">read more</a></p>
</div>
</div>
</div>
<div class="col-sm-4">
<div class="news">
<h3>nss_wrapper 1.0.3</h3>
<div class="news-text">
<p>A new version to support hostnames with a trailing dot are now supported and several bugs have been fixed.</p>
<p><a href="https://git.samba.org/?p=nss_wrapper.git;a=blob;f=ChangeLog;h=2d25383655f8c7188c255c6957b7231440b9dc93;hb=2192e08b7c9f153f71bda783612a706fe3ad4b02">read more</a></p>
</div>
</div>
</div>
<div class="col-sm-4">
<div class="news">
<h3>uid_wrapper 1.0.2</h3>
<div class="news-text">
<p>A new version with a manpage and some bugfixes releated to threading have been fixed.</p>
<p><a href="https://git.samba.org/?p=uid_wrapper.git;a=blob;f=ChangeLog;h=4fdb80569cdb2924ca415c11044236c65edb329e;hb=05893dfad64dc5da232ec7ea505655de5b6841c3">read more</a></p>
</div>
</div>
</div>
-->
</div>
<div class="row">
<div class="col-md-12 statement">
cwrap is an open source project, feel free to use it, share with love, if you want to collaborate just contact us.
</div>
</div>
<footer>
<div class="row footer">
<div class="col-md-6">
<h3>Contact</h3>
<p><a href="https://lists.samba.org/mailman/listinfo/samba-technical" target="_blank">samba-technical@lists.samba.org</a></p>
<p>#cwrap @ irc.freenode.net</p>
</div>
<div class="col-md-3 col-md-offset-3">
<h3>Credits</h3>
<p><a href="http://www.samba.org/" target="_blank">The Samba Team</a><br />
<a href="http://jhrozek.livejournal.com/" target="_blank">Jakub Hrozek</a><br />
<a href="http://manuelecarlini.com/" target="_blank">Manuele Carlini</a> (Design)<br />
<a href="https://www.openhub.net/accounts/pvoborni" target="_blank">Petr Vobornik</a> (HTML/CSS)</p>
</div>
<div class="col-md-12">
<h3>Mission Statement</h3>
<p>cwrap's mission is to enable developers to test complex
network-based and privileged software stacks on UNIX machines with
limited network access and without root privileges by providing
preloadable libraries to wrap standard libc functions.</p>
<h3>History</h3>
<p>The idea and the first incarnation of a wrapper has been written
by Jelmer Vernooij in 2005. It made it possible to run the Samba
torture suite against smbd in 'make test'. It was
socket_wrapper.</p>
<p>In 2007 Stefan Metzmacher wrote nss_wrapper and in 2008
uid_wrapper has been added by Andrew Tridgell. During that time
libraries were all linked into each binary the Samba build system
produced. So only Samba libraries and executables were able to use
it. They have been improved by various Samba Team members over the
years to fit the needs of Samba.<p>
<p>When Samba planned to support MIT Kerberos in the Samba Domain
Controller it became clear that we can't link the wrappers into the
MIT KDC. We needed to go a different way and this was preloading all
wrappers. In 2013 Andreas Schneider started to create unit tested
versions of the wrappers which could be preloaded. This was the
birth of the cwrap project.</p>
</div>
</div>
</footer>
</div>
<!-- /container -->
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="assets/js/jquery-1.js"></script>
<script src="assets/js/bootstrap.min.js"></script>
<!-- Piwik -->
<script type="text/javascript">
var _paq = _paq || [];
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//stats.cryptomilk.org/";
_paq.push(['setTrackerUrl', u+'piwik.php']);
_paq.push(['setSiteId', 3]);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<noscript><p><img src="//stats.cryptomilk.org/piwik.php?idsite=3" style="border:0;" alt="" /></p></noscript>
<!-- End Piwik Code -->
</body></html>
|