-/* Copyright (C) 1989, 1991, 1993, 1996, 1997 Free Software Foundation, Inc.
+/* Copyright (C) 1989, 1991-2014 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Library General Public License as
- published by the Free Software Foundation; either version 2 of the
- License, or (at your option) any later version.
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU Library General Public
- License along with the GNU C Library; see the file COPYING.LIB. If not,
- write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA. */
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
#include <alloca.h>
+#include <assert.h>
#include <errno.h>
#include <grp.h>
#include <limits.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <sys/param.h>
#include <sys/types.h>
+#include <nsswitch.h>
+#include "../nscd/nscd-client.h"
+#include "../nscd/nscd_proto.h"
+
+
+/* Type of the lookup function. */
+typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t,
+ long int *, long int *,
+ gid_t **, long int, int *);
+
+/* The lookup function for the first entry of this service. */
+extern int __nss_group_lookup (service_user **nip, const char *name,
+ void **fctp);
+extern void *__nss_lookup_function (service_user *ni, const char *fct_name);
+
+extern service_user *__nss_group_database attribute_hidden;
+service_user *__nss_initgroups_database;
+static bool use_initgroups_entry;
+
+
+#include "compat-initgroups.c"
+
+
+static int
+internal_getgrouplist (const char *user, gid_t group, long int *size,
+ gid_t **groupsp, long int limit)
+{
+#ifdef USE_NSCD
+ if (__nss_not_use_nscd_group > 0
+ && ++__nss_not_use_nscd_group > NSS_NSCD_RETRY)
+ __nss_not_use_nscd_group = 0;
+ if (!__nss_not_use_nscd_group
+ && !__nss_database_custom[NSS_DBSIDX_group])
+ {
+ int n = __nscd_getgrouplist (user, group, size, groupsp, limit);
+ if (n >= 0)
+ return n;
+
+ /* nscd is not usable. */
+ __nss_not_use_nscd_group = 1;
+ }
+#endif
+
+ enum nss_status status = NSS_STATUS_UNAVAIL;
+ int no_more = 0;
+
+ /* Never store more than the starting *SIZE number of elements. */
+ assert (*size > 0);
+ (*groupsp)[0] = group;
+ /* Start is one, because we have the first group as parameter. */
+ long int start = 1;
+
+ if (__nss_initgroups_database == NULL)
+ {
+ if (__nss_database_lookup ("initgroups", NULL, "",
+ &__nss_initgroups_database) < 0)
+ {
+ if (__nss_group_database == NULL)
+ no_more = __nss_database_lookup ("group", NULL, "compat files",
+ &__nss_group_database);
+
+ __nss_initgroups_database = __nss_group_database;
+ }
+ else
+ use_initgroups_entry = true;
+ }
+ else
+ /* __nss_initgroups_database might have been set through
+ __nss_configure_lookup in which case use_initgroups_entry was
+ not set here. */
+ use_initgroups_entry = __nss_initgroups_database != __nss_group_database;
+
+ service_user *nip = __nss_initgroups_database;
+ while (! no_more)
+ {
+ long int prev_start = start;
+
+ initgroups_dyn_function fct = __nss_lookup_function (nip,
+ "initgroups_dyn");
+ if (fct == NULL)
+ status = compat_call (nip, user, group, &start, size, groupsp,
+ limit, &errno);
+ else
+ status = DL_CALL_FCT (fct, (user, group, &start, size, groupsp,
+ limit, &errno));
+
+ /* Remove duplicates. */
+ long int cnt = prev_start;
+ while (cnt < start)
+ {
+ long int inner;
+ for (inner = 0; inner < prev_start; ++inner)
+ if ((*groupsp)[inner] == (*groupsp)[cnt])
+ break;
+
+ if (inner < prev_start)
+ (*groupsp)[cnt] = (*groupsp)[--start];
+ else
+ ++cnt;
+ }
+
+ /* This is really only for debugging. */
+ if (NSS_STATUS_TRYAGAIN > status || status > NSS_STATUS_RETURN)
+ __libc_fatal ("illegal status in internal_getgrouplist");
+
+ /* For compatibility reason we will continue to look for more
+ entries using the next service even though data has already
+ been found if the nsswitch.conf file contained only a 'groups'
+ line and no 'initgroups' line. If the latter is available
+ we always respect the status. This means that the default
+ for successful lookups is to return. */
+ if ((use_initgroups_entry || status != NSS_STATUS_SUCCESS)
+ && nss_next_action (nip, status) == NSS_ACTION_RETURN)
+ break;
+
+ if (nip->next == NULL)
+ no_more = -1;
+ else
+ nip = nip->next;
+ }
+
+ return start;
+}
+
+/* Store at most *NGROUPS members of the group set for USER into
+ *GROUPS. Also include GROUP. The actual number of groups found is
+ returned in *NGROUPS. Return -1 if the if *NGROUPS is too small. */
+int
+getgrouplist (const char *user, gid_t group, gid_t *groups, int *ngroups)
+{
+ long int size = MAX (1, *ngroups);
+
+ gid_t *newgroups = (gid_t *) malloc (size * sizeof (gid_t));
+ if (__glibc_unlikely (newgroups == NULL))
+ /* No more memory. */
+ // XXX This is wrong. The user provided memory, we have to use
+ // XXX it. The internal functions must be called with the user
+ // XXX provided buffer and not try to increase the size if it is
+ // XXX too small. For initgroups a flag could say: increase size.
+ return -1;
+
+ int total = internal_getgrouplist (user, group, &size, &newgroups, -1);
+
+ memcpy (groups, newgroups, MIN (*ngroups, total) * sizeof (gid_t));
+
+ free (newgroups);
+
+ int retval = total > *ngroups ? -1 : total;
+ *ngroups = total;
+
+ return retval;
+}
+
+nss_interface_function (getgrouplist)
/* Initialize the group set for the current user
by reading the group database and using all groups
of which USER is a member. Also include GROUP. */
int
-initgroups (user, group)
- const char *user;
- gid_t group;
+initgroups (const char *user, gid_t group)
{
#if defined NGROUPS_MAX && NGROUPS_MAX == 0
#else
- struct group grpbuf, *g;
- size_t buflen = sysconf (_SC_GETPW_R_SIZE_MAX);
- char *tmpbuf;
- size_t n;
- size_t ngroups;
+ long int size;
gid_t *groups;
- int status;
-#ifdef NGROUPS_MAX
-# define limit NGROUPS_MAX
+ int ngroups;
+ int result;
- ngroups = limit;
-#else
- long int limit = sysconf (_SC_NGROUPS_MAX);
+ /* We always use sysconf even if NGROUPS_MAX is defined. That way, the
+ limit can be raised in the kernel configuration without having to
+ recompile libc. */
+ long int limit = __sysconf (_SC_NGROUPS_MAX);
if (limit > 0)
- ngroups = limit;
+ /* We limit the size of the intially allocated array. */
+ size = MIN (limit, 64);
else
/* No fixed limit on groups. Pick a starting buffer size. */
- ngroups = 16;
-#endif
+ size = 16;
- groups = __alloca (ngroups * sizeof *groups);
- tmpbuf = __alloca (buflen);
+ groups = (gid_t *) malloc (size * sizeof (gid_t));
+ if (__glibc_unlikely (groups == NULL))
+ /* No more memory. */
+ return -1;
- setgrent ();
-
- n = 0;
- groups[n++] = group;
+ ngroups = internal_getgrouplist (user, group, &size, &groups, limit);
+ /* Try to set the maximum number of groups the kernel can handle. */
do
- {
- while ((status = __getgrent_r (&grpbuf, tmpbuf, buflen, &g)) != 0
- && errno == ERANGE)
- {
- buflen *= 2;
- tmpbuf = __alloca (buflen);
- }
-
- if (status == 0 && g->gr_gid != group)
- {
- char **m;
-
- for (m = g->gr_mem; *m != NULL; ++m)
- if (strcmp (*m, user) == 0)
- {
- /* Matches user. Insert this group. */
- if (n == ngroups && limit <= 0)
- {
- /* Need a bigger buffer. */
- gid_t *newgrp;
- newgrp = __alloca (ngroups * 2 * sizeof *groups);
- groups = memcpy (newgrp, groups, ngroups * sizeof *groups);
- ngroups *= 2;
- }
-
- groups[n++] = g->gr_gid;
-
- if (n == limit)
- /* Can't take any more groups; stop searching. */
- goto done;
-
- break;
- }
- }
- }
- while (status == 0);
+ result = setgroups (ngroups, groups);
+ while (result == -1 && errno == EINVAL && --ngroups > 0);
-done:
- endgrent ();
+ free (groups);
- return setgroups (n, groups);
+ return result;
#endif
}
+
+nss_interface_function (initgroups)