]> git.ipfire.org Git - thirdparty/glibc.git/blame - grp/initgroups.c
nsswitch: handle missing actions properly
[thirdparty/glibc.git] / grp / initgroups.c
CommitLineData
d614a753 1/* Copyright (C) 1989, 1991-2020 Free Software Foundation, Inc.
e4cf5070 2 This file is part of the GNU C Library.
28f540f4 3
e4cf5070 4 The GNU C Library is free software; you can redistribute it and/or
41bdb6e2
AJ
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
28f540f4 8
e4cf5070
UD
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41bdb6e2 12 Lesser General Public License for more details.
28f540f4 13
41bdb6e2 14 You should have received a copy of the GNU Lesser General Public
59ba27a6 15 License along with the GNU C Library; if not, see
5a82c748 16 <https://www.gnu.org/licenses/>. */
28f540f4 17
a5852807 18#include <assert.h>
cbdee279 19#include <errno.h>
28f540f4
RM
20#include <grp.h>
21#include <limits.h>
0a1590ba 22#include <stdlib.h>
cbdee279
UD
23#include <string.h>
24#include <unistd.h>
b9b9a51e 25#include <sys/param.h>
28f540f4 26#include <sys/types.h>
899d423e 27#include <nsswitch.h>
866ba63b 28#include <scratch_buffer.h>
a1a78204 29#include <config.h>
28f540f4 30
f7e7a396
UD
31#include "../nscd/nscd-client.h"
32#include "../nscd/nscd_proto.h"
33
899d423e 34/* Type of the lookup function. */
72eb7808
AJ
35typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t,
36 long int *, long int *,
37 gid_t **, long int, int *);
899d423e 38
7b3b0b2a 39static bool use_initgroups_entry;
899d423e 40
899d423e 41
f7e7a396 42#include "compat-initgroups.c"
899d423e 43
899d423e 44
8fee1bb0
UD
45static int
46internal_getgrouplist (const char *user, gid_t group, long int *size,
47 gid_t **groupsp, long int limit)
28f540f4 48{
f7e7a396
UD
49#ifdef USE_NSCD
50 if (__nss_not_use_nscd_group > 0
51 && ++__nss_not_use_nscd_group > NSS_NSCD_RETRY)
52 __nss_not_use_nscd_group = 0;
c3e2f19b
UD
53 if (!__nss_not_use_nscd_group
54 && !__nss_database_custom[NSS_DBSIDX_group])
f7e7a396
UD
55 {
56 int n = __nscd_getgrouplist (user, group, size, groupsp, limit);
57 if (n >= 0)
58 return n;
59
60 /* nscd is not usable. */
61 __nss_not_use_nscd_group = 1;
62 }
63#endif
64
899d423e 65 enum nss_status status = NSS_STATUS_UNAVAIL;
3de33da9 66
edac4240 67 /* Never store more than the starting *SIZE number of elements. */
6c215a8d
UD
68 assert (*size > 0);
69 (*groupsp)[0] = group;
7b3b0b2a
UD
70 /* Start is one, because we have the first group as parameter. */
71 long int start = 1;
28f540f4 72
f4f3b091 73 nss_action_list nip;
7b3b0b2a 74
d2e929a9
DD
75 if (__nss_database_get (nss_database_initgroups, &nip)
76 && nip != NULL)
f4f3b091
DD
77 {
78 use_initgroups_entry = true;
79 }
d2e929a9
DD
80 else if (__nss_database_get (nss_database_group, &nip)
81 && nip != NULL)
f4f3b091
DD
82 {
83 use_initgroups_entry = false;
cbdee279 84 }
c41af17e 85 else
f4f3b091
DD
86 {
87 nip = __nss_action_parse ("files");
88 use_initgroups_entry = false;
89 }
cbdee279 90
f4f3b091 91 while (nip && nip->module)
899d423e 92 {
695c4370
UD
93 long int prev_start = start;
94
7b3b0b2a
UD
95 initgroups_dyn_function fct = __nss_lookup_function (nip,
96 "initgroups_dyn");
899d423e 97 if (fct == NULL)
332c4465
UD
98 status = compat_call (nip, user, group, &start, size, groupsp,
99 limit, &errno);
899d423e 100 else
8fee1bb0 101 status = DL_CALL_FCT (fct, (user, group, &start, size, groupsp,
7603ea28 102 limit, &errno));
899d423e 103
695c4370
UD
104 /* Remove duplicates. */
105 long int cnt = prev_start;
106 while (cnt < start)
107 {
108 long int inner;
109 for (inner = 0; inner < prev_start; ++inner)
110 if ((*groupsp)[inner] == (*groupsp)[cnt])
111 break;
112
113 if (inner < prev_start)
114 (*groupsp)[cnt] = (*groupsp)[--start];
115 else
116 ++cnt;
117 }
118
6333c255
UD
119 /* This is really only for debugging. */
120 if (NSS_STATUS_TRYAGAIN > status || status > NSS_STATUS_RETURN)
a6e8926f 121 __libc_fatal ("Illegal status in internal_getgrouplist.\n");
6333c255 122
7b3b0b2a
UD
123 /* For compatibility reason we will continue to look for more
124 entries using the next service even though data has already
125 been found if the nsswitch.conf file contained only a 'groups'
126 line and no 'initgroups' line. If the latter is available
127 we always respect the status. This means that the default
128 for successful lookups is to return. */
129 if ((use_initgroups_entry || status != NSS_STATUS_SUCCESS)
f420344c 130 && nss_next_action (nip, status) == NSS_ACTION_RETURN)
6333c255
UD
131 break;
132
f4f3b091 133 nip++;
899d423e 134 }
bba7bb78 135
8fee1bb0
UD
136 return start;
137}
138
139/* Store at most *NGROUPS members of the group set for USER into
140 *GROUPS. Also include GROUP. The actual number of groups found is
141 returned in *NGROUPS. Return -1 if the if *NGROUPS is too small. */
142int
143getgrouplist (const char *user, gid_t group, gid_t *groups, int *ngroups)
144{
695c4370 145 long int size = MAX (1, *ngroups);
8fee1bb0 146
39571a13 147 gid_t *newgroups = (gid_t *) malloc (size * sizeof (gid_t));
a1ffb40e 148 if (__glibc_unlikely (newgroups == NULL))
8fee1bb0 149 /* No more memory. */
f7e7a396
UD
150 // XXX This is wrong. The user provided memory, we have to use
151 // XXX it. The internal functions must be called with the user
152 // XXX provided buffer and not try to increase the size if it is
153 // XXX too small. For initgroups a flag could say: increase size.
8fee1bb0
UD
154 return -1;
155
6c215a8d 156 int total = internal_getgrouplist (user, group, &size, &newgroups, -1);
b9b9a51e 157
6c215a8d 158 memcpy (groups, newgroups, MIN (*ngroups, total) * sizeof (gid_t));
0ecb606c 159
a334319f 160 free (newgroups);
6c215a8d
UD
161
162 int retval = total > *ngroups ? -1 : total;
163 *ngroups = total;
164
165 return retval;
8fee1bb0
UD
166}
167
01767843 168nss_interface_function (getgrouplist)
2f7f7bc6 169
8fee1bb0
UD
170/* Initialize the group set for the current user
171 by reading the group database and using all groups
172 of which USER is a member. Also include GROUP. */
173int
174initgroups (const char *user, gid_t group)
175{
176#if defined NGROUPS_MAX && NGROUPS_MAX == 0
177
178 /* No extra groups allowed. */
179 return 0;
180
181#else
182
183 long int size;
184 gid_t *groups;
185 int ngroups;
186 int result;
187
188 /* We always use sysconf even if NGROUPS_MAX is defined. That way, the
189 limit can be raised in the kernel configuration without having to
190 recompile libc. */
191 long int limit = __sysconf (_SC_NGROUPS_MAX);
192
193 if (limit > 0)
ff0913d3
UD
194 /* We limit the size of the intially allocated array. */
195 size = MIN (limit, 64);
8fee1bb0 196 else
ff0913d3
UD
197 /* No fixed limit on groups. Pick a starting buffer size. */
198 size = 16;
8fee1bb0
UD
199
200 groups = (gid_t *) malloc (size * sizeof (gid_t));
a1ffb40e 201 if (__glibc_unlikely (groups == NULL))
8fee1bb0
UD
202 /* No more memory. */
203 return -1;
204
205 ngroups = internal_getgrouplist (user, group, &size, &groups, limit);
206
cf9e9ad9
UD
207 /* Try to set the maximum number of groups the kernel can handle. */
208 do
8fee1bb0
UD
209 result = setgroups (ngroups, groups);
210 while (result == -1 && errno == EINVAL && --ngroups > 0);
cf9e9ad9 211
84364bf8
UD
212 free (groups);
213
cf9e9ad9 214 return result;
28f540f4
RM
215#endif
216}
2f7f7bc6 217
01767843 218nss_interface_function (initgroups)