]>
Commit | Line | Data |
---|---|---|
0ecb606c | 1 | /* Copyright (C) 1989,91,93,1996-2005,2006 Free Software Foundation, Inc. |
e4cf5070 | 2 | This file is part of the GNU C Library. |
28f540f4 | 3 | |
e4cf5070 | 4 | The GNU C Library is free software; you can redistribute it and/or |
41bdb6e2 AJ |
5 | modify it under the terms of the GNU Lesser General Public |
6 | License as published by the Free Software Foundation; either | |
7 | version 2.1 of the License, or (at your option) any later version. | |
28f540f4 | 8 | |
e4cf5070 UD |
9 | The GNU C Library is distributed in the hope that it will be useful, |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
41bdb6e2 | 12 | Lesser General Public License for more details. |
28f540f4 | 13 | |
41bdb6e2 AJ |
14 | You should have received a copy of the GNU Lesser General Public |
15 | License along with the GNU C Library; if not, write to the Free | |
16 | Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA | |
17 | 02111-1307 USA. */ | |
28f540f4 | 18 | |
6dbe2837 | 19 | #include <alloca.h> |
0ecb606c | 20 | #include <assert.h> |
cbdee279 | 21 | #include <errno.h> |
28f540f4 RM |
22 | #include <grp.h> |
23 | #include <limits.h> | |
0a1590ba | 24 | #include <stdlib.h> |
cbdee279 UD |
25 | #include <string.h> |
26 | #include <unistd.h> | |
b9b9a51e | 27 | #include <sys/param.h> |
28f540f4 | 28 | #include <sys/types.h> |
899d423e | 29 | #include <nsswitch.h> |
28f540f4 | 30 | |
f7e7a396 UD |
31 | #include "../nscd/nscd-client.h" |
32 | #include "../nscd/nscd_proto.h" | |
33 | ||
34 | ||
899d423e | 35 | /* Type of the lookup function. */ |
72eb7808 AJ |
36 | typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t, |
37 | long int *, long int *, | |
38 | gid_t **, long int, int *); | |
899d423e UD |
39 | |
40 | /* The lookup function for the first entry of this service. */ | |
41 | extern int __nss_group_lookup (service_user **nip, const char *name, | |
42 | void **fctp); | |
43 | extern void *__nss_lookup_function (service_user *ni, const char *fct_name); | |
44 | ||
bf494c7d | 45 | extern service_user *__nss_group_database attribute_hidden; |
899d423e | 46 | |
899d423e | 47 | |
f7e7a396 | 48 | #include "compat-initgroups.c" |
899d423e | 49 | |
899d423e | 50 | |
8fee1bb0 UD |
51 | static int |
52 | internal_getgrouplist (const char *user, gid_t group, long int *size, | |
53 | gid_t **groupsp, long int limit) | |
28f540f4 | 54 | { |
f7e7a396 UD |
55 | #ifdef USE_NSCD |
56 | if (__nss_not_use_nscd_group > 0 | |
57 | && ++__nss_not_use_nscd_group > NSS_NSCD_RETRY) | |
58 | __nss_not_use_nscd_group = 0; | |
59 | if (!__nss_not_use_nscd_group) | |
60 | { | |
61 | int n = __nscd_getgrouplist (user, group, size, groupsp, limit); | |
62 | if (n >= 0) | |
63 | return n; | |
64 | ||
65 | /* nscd is not usable. */ | |
66 | __nss_not_use_nscd_group = 1; | |
67 | } | |
68 | #endif | |
69 | ||
899d423e | 70 | service_user *nip = NULL; |
72eb7808 | 71 | initgroups_dyn_function fct; |
899d423e UD |
72 | enum nss_status status = NSS_STATUS_UNAVAIL; |
73 | int no_more; | |
74 | /* Start is one, because we have the first group as parameter. */ | |
75 | long int start = 1; | |
3de33da9 | 76 | |
0ecb606c JJ |
77 | /* Never store more than the starting *SIZE number of elements. */ |
78 | assert (*size > 0); | |
695c4370 | 79 | (*groupsp)[0] = group; |
28f540f4 | 80 | |
899d423e | 81 | if (__nss_group_database != NULL) |
cbdee279 | 82 | { |
899d423e UD |
83 | no_more = 0; |
84 | nip = __nss_group_database; | |
cbdee279 | 85 | } |
899d423e UD |
86 | else |
87 | no_more = __nss_database_lookup ("group", NULL, | |
88 | "compat [NOTFOUND=return] files", &nip); | |
cbdee279 | 89 | |
899d423e UD |
90 | while (! no_more) |
91 | { | |
695c4370 UD |
92 | long int prev_start = start; |
93 | ||
cf9e9ad9 | 94 | fct = __nss_lookup_function (nip, "initgroups_dyn"); |
899d423e UD |
95 | |
96 | if (fct == NULL) | |
6333c255 | 97 | { |
8fee1bb0 | 98 | status = compat_call (nip, user, group, &start, size, groupsp, |
7603ea28 | 99 | limit, &errno); |
6333c255 UD |
100 | |
101 | if (nss_next_action (nip, NSS_STATUS_UNAVAIL) != NSS_ACTION_CONTINUE) | |
102 | break; | |
103 | } | |
899d423e | 104 | else |
8fee1bb0 | 105 | status = DL_CALL_FCT (fct, (user, group, &start, size, groupsp, |
7603ea28 | 106 | limit, &errno)); |
899d423e | 107 | |
695c4370 UD |
108 | /* Remove duplicates. */ |
109 | long int cnt = prev_start; | |
110 | while (cnt < start) | |
111 | { | |
112 | long int inner; | |
113 | for (inner = 0; inner < prev_start; ++inner) | |
114 | if ((*groupsp)[inner] == (*groupsp)[cnt]) | |
115 | break; | |
116 | ||
117 | if (inner < prev_start) | |
118 | (*groupsp)[cnt] = (*groupsp)[--start]; | |
119 | else | |
120 | ++cnt; | |
121 | } | |
122 | ||
6333c255 UD |
123 | /* This is really only for debugging. */ |
124 | if (NSS_STATUS_TRYAGAIN > status || status > NSS_STATUS_RETURN) | |
79dbd981 | 125 | __libc_fatal ("illegal status in internal_getgrouplist"); |
6333c255 | 126 | |
f420344c UD |
127 | if (status != NSS_STATUS_SUCCESS |
128 | && nss_next_action (nip, status) == NSS_ACTION_RETURN) | |
6333c255 UD |
129 | break; |
130 | ||
899d423e UD |
131 | if (nip->next == NULL) |
132 | no_more = -1; | |
133 | else | |
134 | nip = nip->next; | |
135 | } | |
bba7bb78 | 136 | |
8fee1bb0 UD |
137 | return start; |
138 | } | |
139 | ||
140 | /* Store at most *NGROUPS members of the group set for USER into | |
141 | *GROUPS. Also include GROUP. The actual number of groups found is | |
142 | returned in *NGROUPS. Return -1 if the if *NGROUPS is too small. */ | |
143 | int | |
144 | getgrouplist (const char *user, gid_t group, gid_t *groups, int *ngroups) | |
145 | { | |
695c4370 | 146 | long int size = MAX (1, *ngroups); |
8fee1bb0 | 147 | |
0ecb606c | 148 | gid_t *newgroups = (gid_t *) malloc (size * sizeof (gid_t)); |
8fee1bb0 UD |
149 | if (__builtin_expect (newgroups == NULL, 0)) |
150 | /* No more memory. */ | |
f7e7a396 UD |
151 | // XXX This is wrong. The user provided memory, we have to use |
152 | // XXX it. The internal functions must be called with the user | |
153 | // XXX provided buffer and not try to increase the size if it is | |
154 | // XXX too small. For initgroups a flag could say: increase size. | |
8fee1bb0 UD |
155 | return -1; |
156 | ||
0ecb606c | 157 | int total = internal_getgrouplist (user, group, &size, &newgroups, -1); |
b9b9a51e | 158 | |
0ecb606c | 159 | memcpy (groups, newgroups, MIN (*ngroups, total) * sizeof (gid_t)); |
79dbd981 | 160 | |
8fee1bb0 | 161 | free (newgroups); |
0ecb606c JJ |
162 | |
163 | int retval = total > *ngroups ? -1 : total; | |
164 | *ngroups = total; | |
165 | ||
166 | return retval; | |
8fee1bb0 UD |
167 | } |
168 | ||
2f7f7bc6 UD |
169 | static_link_warning (getgrouplist) |
170 | ||
8fee1bb0 UD |
171 | /* Initialize the group set for the current user |
172 | by reading the group database and using all groups | |
173 | of which USER is a member. Also include GROUP. */ | |
174 | int | |
175 | initgroups (const char *user, gid_t group) | |
176 | { | |
177 | #if defined NGROUPS_MAX && NGROUPS_MAX == 0 | |
178 | ||
179 | /* No extra groups allowed. */ | |
180 | return 0; | |
181 | ||
182 | #else | |
183 | ||
184 | long int size; | |
185 | gid_t *groups; | |
186 | int ngroups; | |
187 | int result; | |
188 | ||
189 | /* We always use sysconf even if NGROUPS_MAX is defined. That way, the | |
190 | limit can be raised in the kernel configuration without having to | |
191 | recompile libc. */ | |
192 | long int limit = __sysconf (_SC_NGROUPS_MAX); | |
193 | ||
194 | if (limit > 0) | |
ff0913d3 UD |
195 | /* We limit the size of the intially allocated array. */ |
196 | size = MIN (limit, 64); | |
8fee1bb0 | 197 | else |
ff0913d3 UD |
198 | /* No fixed limit on groups. Pick a starting buffer size. */ |
199 | size = 16; | |
8fee1bb0 UD |
200 | |
201 | groups = (gid_t *) malloc (size * sizeof (gid_t)); | |
202 | if (__builtin_expect (groups == NULL, 0)) | |
203 | /* No more memory. */ | |
204 | return -1; | |
205 | ||
206 | ngroups = internal_getgrouplist (user, group, &size, &groups, limit); | |
207 | ||
cf9e9ad9 UD |
208 | /* Try to set the maximum number of groups the kernel can handle. */ |
209 | do | |
8fee1bb0 UD |
210 | result = setgroups (ngroups, groups); |
211 | while (result == -1 && errno == EINVAL && --ngroups > 0); | |
cf9e9ad9 | 212 | |
84364bf8 UD |
213 | free (groups); |
214 | ||
cf9e9ad9 | 215 | return result; |
28f540f4 RM |
216 | #endif |
217 | } | |
2f7f7bc6 UD |
218 | |
219 | static_link_warning (initgroups) |