]>
Commit | Line | Data |
---|---|---|
d614a753 | 1 | /* Copyright (C) 1989, 1991-2020 Free Software Foundation, Inc. |
e4cf5070 | 2 | This file is part of the GNU C Library. |
28f540f4 | 3 | |
e4cf5070 | 4 | The GNU C Library is free software; you can redistribute it and/or |
41bdb6e2 AJ |
5 | modify it under the terms of the GNU Lesser General Public |
6 | License as published by the Free Software Foundation; either | |
7 | version 2.1 of the License, or (at your option) any later version. | |
28f540f4 | 8 | |
e4cf5070 UD |
9 | The GNU C Library is distributed in the hope that it will be useful, |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
41bdb6e2 | 12 | Lesser General Public License for more details. |
28f540f4 | 13 | |
41bdb6e2 | 14 | You should have received a copy of the GNU Lesser General Public |
59ba27a6 | 15 | License along with the GNU C Library; if not, see |
5a82c748 | 16 | <https://www.gnu.org/licenses/>. */ |
28f540f4 | 17 | |
a5852807 | 18 | #include <assert.h> |
cbdee279 | 19 | #include <errno.h> |
28f540f4 RM |
20 | #include <grp.h> |
21 | #include <limits.h> | |
0a1590ba | 22 | #include <stdlib.h> |
cbdee279 UD |
23 | #include <string.h> |
24 | #include <unistd.h> | |
b9b9a51e | 25 | #include <sys/param.h> |
28f540f4 | 26 | #include <sys/types.h> |
899d423e | 27 | #include <nsswitch.h> |
866ba63b | 28 | #include <scratch_buffer.h> |
a1a78204 | 29 | #include <config.h> |
28f540f4 | 30 | |
f7e7a396 UD |
31 | #include "../nscd/nscd-client.h" |
32 | #include "../nscd/nscd_proto.h" | |
33 | ||
899d423e | 34 | /* Type of the lookup function. */ |
72eb7808 AJ |
35 | typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t, |
36 | long int *, long int *, | |
37 | gid_t **, long int, int *); | |
899d423e | 38 | |
7b3b0b2a | 39 | static bool use_initgroups_entry; |
899d423e | 40 | |
899d423e | 41 | |
f7e7a396 | 42 | #include "compat-initgroups.c" |
899d423e | 43 | |
899d423e | 44 | |
8fee1bb0 UD |
45 | static int |
46 | internal_getgrouplist (const char *user, gid_t group, long int *size, | |
47 | gid_t **groupsp, long int limit) | |
28f540f4 | 48 | { |
f7e7a396 UD |
49 | #ifdef USE_NSCD |
50 | if (__nss_not_use_nscd_group > 0 | |
51 | && ++__nss_not_use_nscd_group > NSS_NSCD_RETRY) | |
52 | __nss_not_use_nscd_group = 0; | |
c3e2f19b UD |
53 | if (!__nss_not_use_nscd_group |
54 | && !__nss_database_custom[NSS_DBSIDX_group]) | |
f7e7a396 UD |
55 | { |
56 | int n = __nscd_getgrouplist (user, group, size, groupsp, limit); | |
57 | if (n >= 0) | |
58 | return n; | |
59 | ||
60 | /* nscd is not usable. */ | |
61 | __nss_not_use_nscd_group = 1; | |
62 | } | |
63 | #endif | |
64 | ||
899d423e | 65 | enum nss_status status = NSS_STATUS_UNAVAIL; |
3de33da9 | 66 | |
edac4240 | 67 | /* Never store more than the starting *SIZE number of elements. */ |
6c215a8d UD |
68 | assert (*size > 0); |
69 | (*groupsp)[0] = group; | |
7b3b0b2a UD |
70 | /* Start is one, because we have the first group as parameter. */ |
71 | long int start = 1; | |
28f540f4 | 72 | |
f4f3b091 | 73 | nss_action_list nip; |
7b3b0b2a | 74 | |
d2e929a9 DD |
75 | if (__nss_database_get (nss_database_initgroups, &nip) |
76 | && nip != NULL) | |
f4f3b091 DD |
77 | { |
78 | use_initgroups_entry = true; | |
79 | } | |
d2e929a9 DD |
80 | else if (__nss_database_get (nss_database_group, &nip) |
81 | && nip != NULL) | |
f4f3b091 DD |
82 | { |
83 | use_initgroups_entry = false; | |
cbdee279 | 84 | } |
c41af17e | 85 | else |
f4f3b091 DD |
86 | { |
87 | nip = __nss_action_parse ("files"); | |
88 | use_initgroups_entry = false; | |
89 | } | |
cbdee279 | 90 | |
f4f3b091 | 91 | while (nip && nip->module) |
899d423e | 92 | { |
695c4370 UD |
93 | long int prev_start = start; |
94 | ||
7b3b0b2a UD |
95 | initgroups_dyn_function fct = __nss_lookup_function (nip, |
96 | "initgroups_dyn"); | |
899d423e | 97 | if (fct == NULL) |
332c4465 UD |
98 | status = compat_call (nip, user, group, &start, size, groupsp, |
99 | limit, &errno); | |
899d423e | 100 | else |
8fee1bb0 | 101 | status = DL_CALL_FCT (fct, (user, group, &start, size, groupsp, |
7603ea28 | 102 | limit, &errno)); |
899d423e | 103 | |
695c4370 UD |
104 | /* Remove duplicates. */ |
105 | long int cnt = prev_start; | |
106 | while (cnt < start) | |
107 | { | |
108 | long int inner; | |
109 | for (inner = 0; inner < prev_start; ++inner) | |
110 | if ((*groupsp)[inner] == (*groupsp)[cnt]) | |
111 | break; | |
112 | ||
113 | if (inner < prev_start) | |
114 | (*groupsp)[cnt] = (*groupsp)[--start]; | |
115 | else | |
116 | ++cnt; | |
117 | } | |
118 | ||
6333c255 UD |
119 | /* This is really only for debugging. */ |
120 | if (NSS_STATUS_TRYAGAIN > status || status > NSS_STATUS_RETURN) | |
a6e8926f | 121 | __libc_fatal ("Illegal status in internal_getgrouplist.\n"); |
6333c255 | 122 | |
7b3b0b2a UD |
123 | /* For compatibility reason we will continue to look for more |
124 | entries using the next service even though data has already | |
125 | been found if the nsswitch.conf file contained only a 'groups' | |
126 | line and no 'initgroups' line. If the latter is available | |
127 | we always respect the status. This means that the default | |
128 | for successful lookups is to return. */ | |
129 | if ((use_initgroups_entry || status != NSS_STATUS_SUCCESS) | |
f420344c | 130 | && nss_next_action (nip, status) == NSS_ACTION_RETURN) |
6333c255 UD |
131 | break; |
132 | ||
f4f3b091 | 133 | nip++; |
899d423e | 134 | } |
bba7bb78 | 135 | |
8fee1bb0 UD |
136 | return start; |
137 | } | |
138 | ||
139 | /* Store at most *NGROUPS members of the group set for USER into | |
140 | *GROUPS. Also include GROUP. The actual number of groups found is | |
141 | returned in *NGROUPS. Return -1 if the if *NGROUPS is too small. */ | |
142 | int | |
143 | getgrouplist (const char *user, gid_t group, gid_t *groups, int *ngroups) | |
144 | { | |
695c4370 | 145 | long int size = MAX (1, *ngroups); |
8fee1bb0 | 146 | |
39571a13 | 147 | gid_t *newgroups = (gid_t *) malloc (size * sizeof (gid_t)); |
a1ffb40e | 148 | if (__glibc_unlikely (newgroups == NULL)) |
8fee1bb0 | 149 | /* No more memory. */ |
f7e7a396 UD |
150 | // XXX This is wrong. The user provided memory, we have to use |
151 | // XXX it. The internal functions must be called with the user | |
152 | // XXX provided buffer and not try to increase the size if it is | |
153 | // XXX too small. For initgroups a flag could say: increase size. | |
8fee1bb0 UD |
154 | return -1; |
155 | ||
6c215a8d | 156 | int total = internal_getgrouplist (user, group, &size, &newgroups, -1); |
b9b9a51e | 157 | |
6c215a8d | 158 | memcpy (groups, newgroups, MIN (*ngroups, total) * sizeof (gid_t)); |
0ecb606c | 159 | |
a334319f | 160 | free (newgroups); |
6c215a8d UD |
161 | |
162 | int retval = total > *ngroups ? -1 : total; | |
163 | *ngroups = total; | |
164 | ||
165 | return retval; | |
8fee1bb0 UD |
166 | } |
167 | ||
01767843 | 168 | nss_interface_function (getgrouplist) |
2f7f7bc6 | 169 | |
8fee1bb0 UD |
170 | /* Initialize the group set for the current user |
171 | by reading the group database and using all groups | |
172 | of which USER is a member. Also include GROUP. */ | |
173 | int | |
174 | initgroups (const char *user, gid_t group) | |
175 | { | |
176 | #if defined NGROUPS_MAX && NGROUPS_MAX == 0 | |
177 | ||
178 | /* No extra groups allowed. */ | |
179 | return 0; | |
180 | ||
181 | #else | |
182 | ||
183 | long int size; | |
184 | gid_t *groups; | |
185 | int ngroups; | |
186 | int result; | |
187 | ||
188 | /* We always use sysconf even if NGROUPS_MAX is defined. That way, the | |
189 | limit can be raised in the kernel configuration without having to | |
190 | recompile libc. */ | |
191 | long int limit = __sysconf (_SC_NGROUPS_MAX); | |
192 | ||
193 | if (limit > 0) | |
ff0913d3 UD |
194 | /* We limit the size of the intially allocated array. */ |
195 | size = MIN (limit, 64); | |
8fee1bb0 | 196 | else |
ff0913d3 UD |
197 | /* No fixed limit on groups. Pick a starting buffer size. */ |
198 | size = 16; | |
8fee1bb0 UD |
199 | |
200 | groups = (gid_t *) malloc (size * sizeof (gid_t)); | |
a1ffb40e | 201 | if (__glibc_unlikely (groups == NULL)) |
8fee1bb0 UD |
202 | /* No more memory. */ |
203 | return -1; | |
204 | ||
205 | ngroups = internal_getgrouplist (user, group, &size, &groups, limit); | |
206 | ||
cf9e9ad9 UD |
207 | /* Try to set the maximum number of groups the kernel can handle. */ |
208 | do | |
8fee1bb0 UD |
209 | result = setgroups (ngroups, groups); |
210 | while (result == -1 && errno == EINVAL && --ngroups > 0); | |
cf9e9ad9 | 211 | |
84364bf8 UD |
212 | free (groups); |
213 | ||
cf9e9ad9 | 214 | return result; |
28f540f4 RM |
215 | #endif |
216 | } | |
2f7f7bc6 | 217 | |
01767843 | 218 | nss_interface_function (initgroups) |