]>
Commit | Line | Data |
---|---|---|
f7a9f785 | 1 | /* Copyright (C) 1996-2016 Free Software Foundation, Inc. |
6259ec0d UD |
2 | This file is part of the GNU C Library. |
3 | Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996. | |
4 | ||
5 | The GNU C Library is free software; you can redistribute it and/or | |
41bdb6e2 AJ |
6 | modify it under the terms of the GNU Lesser General Public |
7 | License as published by the Free Software Foundation; either | |
8 | version 2.1 of the License, or (at your option) any later version. | |
6259ec0d UD |
9 | |
10 | The GNU C Library is distributed in the hope that it will be useful, | |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
41bdb6e2 | 13 | Lesser General Public License for more details. |
6259ec0d | 14 | |
41bdb6e2 | 15 | You should have received a copy of the GNU Lesser General Public |
59ba27a6 PE |
16 | License along with the GNU C Library; if not, see |
17 | <http://www.gnu.org/licenses/>. */ | |
6259ec0d | 18 | |
6259ec0d | 19 | #include <ctype.h> |
1aa43890 | 20 | #include <errno.h> |
3996f34b | 21 | #include <fcntl.h> |
6259ec0d | 22 | #include <netdb.h> |
1aa43890 UD |
23 | #include <nss.h> |
24 | #include <nsswitch.h> | |
6259ec0d | 25 | #include <shadow.h> |
1aa43890 | 26 | #include <stdio_ext.h> |
6259ec0d | 27 | #include <string.h> |
1e2e27fd | 28 | #include <rpc/types.h> |
6259ec0d | 29 | #include <rpcsvc/ypclnt.h> |
ec999b8e | 30 | #include <libc-lock.h> |
cc783763 | 31 | #include <kernel-features.h> |
26dee9c4 UD |
32 | |
33 | #include "netgroup.h" | |
26dee9c4 | 34 | |
fc9f33e3 | 35 | static service_user *ni; |
1e2e27fd UD |
36 | static enum nss_status (*nss_setspent) (int stayopen); |
37 | static enum nss_status (*nss_getspnam_r) (const char *name, struct spwd * sp, | |
38 | char *buffer, size_t buflen, | |
39 | int *errnop); | |
40 | static enum nss_status (*nss_getspent_r) (struct spwd * sp, char *buffer, | |
41 | size_t buflen, int *errnop); | |
42 | static enum nss_status (*nss_endspent) (void); | |
6259ec0d | 43 | |
7e3be507 UD |
44 | /* Get the declaration of the parser function. */ |
45 | #define ENTNAME spent | |
46 | #define STRUCTURE spwd | |
47 | #define EXTERN_PARSER | |
cc3fa755 | 48 | #include <nss/nss_files/files-parse.c> |
7e3be507 | 49 | |
6259ec0d UD |
50 | /* Structure for remembering -@netgroup and -user members ... */ |
51 | #define BLACKLIST_INITIAL_SIZE 512 | |
52 | #define BLACKLIST_INCREMENT 256 | |
53 | struct blacklist_t | |
1e2e27fd UD |
54 | { |
55 | char *data; | |
56 | int current; | |
57 | int size; | |
58 | }; | |
6259ec0d UD |
59 | |
60 | struct ent_t | |
1e2e27fd | 61 | { |
cb62745a UD |
62 | bool netgroup; |
63 | bool files; | |
64 | bool first; | |
65 | enum nss_status setent_status; | |
1e2e27fd UD |
66 | FILE *stream; |
67 | struct blacklist_t blacklist; | |
68 | struct spwd pwd; | |
69 | struct __netgrent netgrdata; | |
70 | }; | |
6259ec0d UD |
71 | typedef struct ent_t ent_t; |
72 | ||
cb62745a UD |
73 | static ent_t ext_ent = { false, true, false, NSS_STATUS_SUCCESS, NULL, |
74 | { NULL, 0, 0}, | |
75 | { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}}; | |
6259ec0d UD |
76 | |
77 | /* Protect global state against multiple changers. */ | |
78 | __libc_lock_define_initialized (static, lock) | |
79 | ||
cc783763 UD |
80 | /* Positive if O_CLOEXEC is supported, negative if it is not supported, |
81 | zero if it is still undecided. This variable is shared with the | |
82 | other compat functions. */ | |
83 | #ifdef __ASSUME_O_CLOEXEC | |
84 | # define __compat_have_cloexec 1 | |
85 | #else | |
86 | # ifdef O_CLOEXEC | |
87 | extern int __compat_have_cloexec; | |
88 | # else | |
89 | # define __compat_have_cloexec -1 | |
90 | # endif | |
91 | #endif | |
92 | ||
6259ec0d UD |
93 | /* Prototypes for local functions. */ |
94 | static void blacklist_store_name (const char *, ent_t *); | |
95 | static int in_blacklist (const char *, int, ent_t *); | |
2d7da676 | 96 | |
1e2e27fd UD |
97 | /* Initialize the NSS interface/functions. The calling function must |
98 | hold the lock. */ | |
99 | static void | |
100 | init_nss_interface (void) | |
101 | { | |
102 | if (__nss_database_lookup ("shadow_compat", "passwd_compat", | |
103 | "nis", &ni) >= 0) | |
104 | { | |
105 | nss_setspent = __nss_lookup_function (ni, "setspent"); | |
106 | nss_getspnam_r = __nss_lookup_function (ni, "getspnam_r"); | |
107 | nss_getspent_r = __nss_lookup_function (ni, "getspent_r"); | |
108 | nss_endspent = __nss_lookup_function (ni, "endspent"); | |
109 | } | |
110 | } | |
111 | ||
6259ec0d UD |
112 | static void |
113 | give_spwd_free (struct spwd *pwd) | |
114 | { | |
72e6cdfa UD |
115 | free (pwd->sp_namp); |
116 | free (pwd->sp_pwdp); | |
6259ec0d UD |
117 | |
118 | memset (pwd, '\0', sizeof (struct spwd)); | |
b378b9f9 UD |
119 | pwd->sp_warn = -1; |
120 | pwd->sp_inact = -1; | |
121 | pwd->sp_expire = -1; | |
122 | pwd->sp_flag = ~0ul; | |
6259ec0d UD |
123 | } |
124 | ||
125 | static int | |
126 | spwd_need_buflen (struct spwd *pwd) | |
127 | { | |
128 | int len = 0; | |
129 | ||
130 | if (pwd->sp_pwdp != NULL) | |
131 | len += strlen (pwd->sp_pwdp) + 1; | |
132 | ||
133 | return len; | |
134 | } | |
135 | ||
136 | static void | |
137 | copy_spwd_changes (struct spwd *dest, struct spwd *src, | |
138 | char *buffer, size_t buflen) | |
139 | { | |
140 | if (src->sp_pwdp != NULL && strlen (src->sp_pwdp)) | |
141 | { | |
142 | if (buffer == NULL) | |
143 | dest->sp_pwdp = strdup (src->sp_pwdp); | |
144 | else if (dest->sp_pwdp && | |
145 | strlen (dest->sp_pwdp) >= strlen (src->sp_pwdp)) | |
146 | strcpy (dest->sp_pwdp, src->sp_pwdp); | |
147 | else | |
148 | { | |
149 | dest->sp_pwdp = buffer; | |
150 | strcpy (dest->sp_pwdp, src->sp_pwdp); | |
151 | buffer += strlen (dest->sp_pwdp) + 1; | |
152 | buflen = buflen - (strlen (dest->sp_pwdp) + 1); | |
153 | } | |
154 | } | |
155 | if (src->sp_lstchg != 0) | |
156 | dest->sp_lstchg = src->sp_lstchg; | |
157 | if (src->sp_min != 0) | |
158 | dest->sp_min = src->sp_min; | |
159 | if (src->sp_max != 0) | |
160 | dest->sp_max = src->sp_max; | |
b378b9f9 | 161 | if (src->sp_warn != -1) |
6259ec0d | 162 | dest->sp_warn = src->sp_warn; |
b378b9f9 | 163 | if (src->sp_inact != -1) |
6259ec0d | 164 | dest->sp_inact = src->sp_inact; |
b378b9f9 | 165 | if (src->sp_expire != -1) |
6259ec0d | 166 | dest->sp_expire = src->sp_expire; |
b378b9f9 | 167 | if (src->sp_flag != ~0ul) |
6259ec0d UD |
168 | dest->sp_flag = src->sp_flag; |
169 | } | |
170 | ||
171 | static enum nss_status | |
b13b96ca | 172 | internal_setspent (ent_t *ent, int stayopen, int needent) |
6259ec0d UD |
173 | { |
174 | enum nss_status status = NSS_STATUS_SUCCESS; | |
175 | ||
1e2e27fd | 176 | ent->first = ent->netgroup = 0; |
cb62745a | 177 | ent->files = true; |
6259ec0d | 178 | |
26dee9c4 UD |
179 | /* If something was left over free it. */ |
180 | if (ent->netgroup) | |
181 | __internal_endnetgrent (&ent->netgrdata); | |
c131718c | 182 | |
6259ec0d | 183 | if (ent->blacklist.data != NULL) |
bd355af0 UD |
184 | { |
185 | ent->blacklist.current = 1; | |
186 | ent->blacklist.data[0] = '|'; | |
187 | ent->blacklist.data[1] = '\0'; | |
188 | } | |
189 | else | |
190 | ent->blacklist.current = 0; | |
6259ec0d UD |
191 | |
192 | if (ent->stream == NULL) | |
193 | { | |
cc783763 | 194 | ent->stream = fopen ("/etc/shadow", "rme"); |
6259ec0d UD |
195 | |
196 | if (ent->stream == NULL) | |
197 | status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL; | |
3996f34b UD |
198 | else |
199 | { | |
200 | /* We have to make sure the file is `closed on exec'. */ | |
cc783763 | 201 | int result = 0; |
3996f34b | 202 | |
cc783763 | 203 | if (__compat_have_cloexec <= 0) |
3996f34b | 204 | { |
cc783763 UD |
205 | int flags; |
206 | result = flags = fcntl (fileno_unlocked (ent->stream), F_GETFD, | |
207 | 0); | |
208 | if (result >= 0) | |
209 | { | |
210 | #if defined O_CLOEXEC && !defined __ASSUME_O_CLOEXEC | |
211 | if (__compat_have_cloexec == 0) | |
212 | __compat_have_cloexec = (flags & FD_CLOEXEC) ? 1 : -1; | |
213 | ||
214 | if (__compat_have_cloexec < 0) | |
215 | #endif | |
216 | { | |
217 | flags |= FD_CLOEXEC; | |
218 | result = fcntl (fileno_unlocked (ent->stream), F_SETFD, | |
219 | flags); | |
220 | } | |
221 | } | |
3996f34b | 222 | } |
cc783763 | 223 | |
3996f34b UD |
224 | if (result < 0) |
225 | { | |
226 | /* Something went wrong. Close the stream and return a | |
1e2e27fd | 227 | failure. */ |
3996f34b UD |
228 | fclose (ent->stream); |
229 | ent->stream = NULL; | |
230 | status = NSS_STATUS_UNAVAIL; | |
231 | } | |
1aa43890 UD |
232 | else |
233 | /* We take care of locking ourself. */ | |
234 | __fsetlocking (ent->stream, FSETLOCKING_BYCALLER); | |
3996f34b | 235 | } |
6259ec0d UD |
236 | } |
237 | else | |
238 | rewind (ent->stream); | |
239 | ||
240 | give_spwd_free (&ent->pwd); | |
241 | ||
b13b96ca | 242 | if (needent && status == NSS_STATUS_SUCCESS && nss_setspent) |
cb62745a | 243 | ent->setent_status = nss_setspent (stayopen); |
1e2e27fd | 244 | |
6259ec0d UD |
245 | return status; |
246 | } | |
247 | ||
248 | ||
249 | enum nss_status | |
51eecc4a | 250 | _nss_compat_setspent (int stayopen) |
6259ec0d UD |
251 | { |
252 | enum nss_status result; | |
253 | ||
254 | __libc_lock_lock (lock); | |
255 | ||
26dee9c4 | 256 | if (ni == NULL) |
1e2e27fd | 257 | init_nss_interface (); |
c131718c | 258 | |
b13b96ca | 259 | result = internal_setspent (&ext_ent, stayopen, 1); |
6259ec0d UD |
260 | |
261 | __libc_lock_unlock (lock); | |
262 | ||
263 | return result; | |
264 | } | |
265 | ||
266 | ||
267 | static enum nss_status | |
268 | internal_endspent (ent_t *ent) | |
269 | { | |
270 | if (ent->stream != NULL) | |
271 | { | |
272 | fclose (ent->stream); | |
273 | ent->stream = NULL; | |
274 | } | |
275 | ||
26dee9c4 UD |
276 | if (ent->netgroup) |
277 | __internal_endnetgrent (&ent->netgrdata); | |
278 | ||
cb62745a UD |
279 | ent->first = ent->netgroup = false; |
280 | ent->files = true; | |
c131718c | 281 | |
6259ec0d | 282 | if (ent->blacklist.data != NULL) |
bd355af0 UD |
283 | { |
284 | ent->blacklist.current = 1; | |
285 | ent->blacklist.data[0] = '|'; | |
286 | ent->blacklist.data[1] = '\0'; | |
287 | } | |
288 | else | |
289 | ent->blacklist.current = 0; | |
c131718c | 290 | |
6259ec0d UD |
291 | give_spwd_free (&ent->pwd); |
292 | ||
293 | return NSS_STATUS_SUCCESS; | |
294 | } | |
295 | ||
296 | enum nss_status | |
297 | _nss_compat_endspent (void) | |
298 | { | |
299 | enum nss_status result; | |
300 | ||
301 | __libc_lock_lock (lock); | |
302 | ||
b13b96ca AS |
303 | if (nss_endspent) |
304 | nss_endspent (); | |
305 | ||
6259ec0d UD |
306 | result = internal_endspent (&ext_ent); |
307 | ||
308 | __libc_lock_unlock (lock); | |
309 | ||
310 | return result; | |
311 | } | |
312 | ||
313 | ||
314 | static enum nss_status | |
1e2e27fd UD |
315 | getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent, |
316 | char *group, char *buffer, size_t buflen, | |
317 | int *errnop) | |
6259ec0d | 318 | { |
6d4d8e8e | 319 | char *curdomain = NULL, *host, *user, *domain, *p2; |
6259ec0d UD |
320 | size_t p2len; |
321 | ||
1e2e27fd UD |
322 | if (!nss_getspnam_r) |
323 | return NSS_STATUS_UNAVAIL; | |
324 | ||
cb62745a UD |
325 | /* If the setpwent call failed, say so. */ |
326 | if (ent->setent_status != NSS_STATUS_SUCCESS) | |
327 | return ent->setent_status; | |
328 | ||
6d4d8e8e | 329 | if (ent->first) |
6259ec0d | 330 | { |
1e2e27fd | 331 | memset (&ent->netgrdata, 0, sizeof (struct __netgrent)); |
26dee9c4 | 332 | __internal_setnetgrent (group, &ent->netgrdata); |
cb62745a | 333 | ent->first = false; |
6259ec0d UD |
334 | } |
335 | ||
336 | while (1) | |
337 | { | |
1e2e27fd | 338 | enum nss_status status; |
60c96635 | 339 | |
26dee9c4 | 340 | status = __internal_getnetgrent_r (&host, &user, &domain, |
d71b808a UD |
341 | &ent->netgrdata, buffer, buflen, |
342 | errnop); | |
26dee9c4 | 343 | if (status != 1) |
6259ec0d | 344 | { |
26dee9c4 | 345 | __internal_endnetgrent (&ent->netgrdata); |
cb62745a | 346 | ent->netgroup = false; |
6259ec0d UD |
347 | give_spwd_free (&ent->pwd); |
348 | return NSS_STATUS_RETURN; | |
349 | } | |
3996f34b | 350 | |
6259ec0d UD |
351 | if (user == NULL || user[0] == '-') |
352 | continue; | |
3996f34b | 353 | |
6d4d8e8e AS |
354 | if (domain != NULL) |
355 | { | |
356 | if (curdomain == NULL | |
357 | && yp_get_default_domain (&curdomain) != YPERR_SUCCESS) | |
358 | { | |
359 | __internal_endnetgrent (&ent->netgrdata); | |
360 | ent->netgroup = false; | |
361 | give_spwd_free (&ent->pwd); | |
362 | return NSS_STATUS_UNAVAIL; | |
363 | } | |
364 | if (strcmp (curdomain, domain) != 0) | |
365 | continue; | |
366 | } | |
6259ec0d | 367 | |
cc3fa755 UD |
368 | /* If name != NULL, we are called from getpwnam */ |
369 | if (name != NULL) | |
370 | if (strcmp (user, name) != 0) | |
371 | continue; | |
372 | ||
6259ec0d UD |
373 | p2len = spwd_need_buflen (&ent->pwd); |
374 | if (p2len > buflen) | |
375 | { | |
d71b808a | 376 | *errnop = ERANGE; |
6259ec0d UD |
377 | return NSS_STATUS_TRYAGAIN; |
378 | } | |
379 | p2 = buffer + (buflen - p2len); | |
380 | buflen -= p2len; | |
26dee9c4 | 381 | |
1e2e27fd UD |
382 | if (nss_getspnam_r (user, result, buffer, buflen, errnop) != |
383 | NSS_STATUS_SUCCESS) | |
384 | continue; | |
cc3fa755 | 385 | |
1e2e27fd | 386 | if (!in_blacklist (result->sp_namp, strlen (result->sp_namp), ent)) |
60c96635 | 387 | { |
1e2e27fd UD |
388 | /* Store the User in the blacklist for possible the "+" at the |
389 | end of /etc/passwd */ | |
cc3fa755 UD |
390 | blacklist_store_name (result->sp_namp, ent); |
391 | copy_spwd_changes (result, &ent->pwd, p2, p2len); | |
1e2e27fd | 392 | break; |
60c96635 | 393 | } |
26dee9c4 | 394 | } |
c131718c | 395 | |
26dee9c4 UD |
396 | return NSS_STATUS_SUCCESS; |
397 | } | |
398 | ||
399 | ||
6259ec0d | 400 | static enum nss_status |
1e2e27fd | 401 | getspent_next_nss (struct spwd *result, ent_t *ent, |
d71b808a | 402 | char *buffer, size_t buflen, int *errnop) |
6259ec0d | 403 | { |
1e2e27fd UD |
404 | enum nss_status status; |
405 | char *p2; | |
6259ec0d UD |
406 | size_t p2len; |
407 | ||
1e2e27fd UD |
408 | if (!nss_getspent_r) |
409 | return NSS_STATUS_UNAVAIL; | |
6259ec0d UD |
410 | |
411 | p2len = spwd_need_buflen (&ent->pwd); | |
412 | if (p2len > buflen) | |
413 | { | |
d71b808a | 414 | *errnop = ERANGE; |
6259ec0d UD |
415 | return NSS_STATUS_TRYAGAIN; |
416 | } | |
417 | p2 = buffer + (buflen - p2len); | |
418 | buflen -= p2len; | |
419 | do | |
420 | { | |
1e2e27fd UD |
421 | if ((status = nss_getspent_r (result, buffer, buflen, errnop)) != |
422 | NSS_STATUS_SUCCESS) | |
423 | return status; | |
6259ec0d | 424 | } |
1e2e27fd | 425 | while (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent)); |
6259ec0d UD |
426 | |
427 | copy_spwd_changes (result, &ent->pwd, p2, p2len); | |
428 | ||
26dee9c4 | 429 | return NSS_STATUS_SUCCESS; |
6259ec0d UD |
430 | } |
431 | ||
cb62745a | 432 | |
26dee9c4 UD |
433 | /* This function handle the +user entrys in /etc/shadow */ |
434 | static enum nss_status | |
1e2e27fd UD |
435 | getspnam_plususer (const char *name, struct spwd *result, ent_t *ent, |
436 | char *buffer, size_t buflen, int *errnop) | |
26dee9c4 | 437 | { |
1e2e27fd UD |
438 | if (!nss_getspnam_r) |
439 | return NSS_STATUS_UNAVAIL; | |
440 | ||
016c70ea | 441 | struct spwd pwd; |
26dee9c4 | 442 | memset (&pwd, '\0', sizeof (struct spwd)); |
b378b9f9 UD |
443 | pwd.sp_warn = -1; |
444 | pwd.sp_inact = -1; | |
445 | pwd.sp_expire = -1; | |
446 | pwd.sp_flag = ~0ul; | |
c131718c | 447 | |
26dee9c4 | 448 | copy_spwd_changes (&pwd, result, NULL, 0); |
c131718c | 449 | |
016c70ea | 450 | size_t plen = spwd_need_buflen (&pwd); |
26dee9c4 UD |
451 | if (plen > buflen) |
452 | { | |
d71b808a | 453 | *errnop = ERANGE; |
26dee9c4 UD |
454 | return NSS_STATUS_TRYAGAIN; |
455 | } | |
016c70ea | 456 | char *p = buffer + (buflen - plen); |
26dee9c4 | 457 | buflen -= plen; |
c131718c | 458 | |
016c70ea UD |
459 | enum nss_status status = nss_getspnam_r (name, result, buffer, buflen, |
460 | errnop); | |
461 | if (status != NSS_STATUS_SUCCESS) | |
462 | return status; | |
6591c335 | 463 | |
1e2e27fd UD |
464 | if (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent)) |
465 | return NSS_STATUS_NOTFOUND; | |
c131718c | 466 | |
1e2e27fd UD |
467 | copy_spwd_changes (result, &pwd, p, plen); |
468 | give_spwd_free (&pwd); | |
469 | /* We found the entry. */ | |
c503d3dc | 470 | return NSS_STATUS_SUCCESS; |
26dee9c4 | 471 | } |
6259ec0d | 472 | |
cb62745a | 473 | |
6259ec0d UD |
474 | static enum nss_status |
475 | getspent_next_file (struct spwd *result, ent_t *ent, | |
d71b808a | 476 | char *buffer, size_t buflen, int *errnop) |
6259ec0d | 477 | { |
7e3be507 | 478 | struct parser_data *data = (void *) buffer; |
6259ec0d UD |
479 | while (1) |
480 | { | |
60c96635 UD |
481 | fpos_t pos; |
482 | int parse_res = 0; | |
c131718c | 483 | char *p; |
6259ec0d UD |
484 | |
485 | do | |
486 | { | |
20f8e666 | 487 | /* We need at least 3 characters for one line. */ |
a1ffb40e | 488 | if (__glibc_unlikely (buflen < 3)) |
20f8e666 UD |
489 | { |
490 | erange: | |
491 | *errnop = ERANGE; | |
492 | return NSS_STATUS_TRYAGAIN; | |
493 | } | |
494 | ||
60c96635 | 495 | fgetpos (ent->stream, &pos); |
af69217f | 496 | buffer[buflen - 1] = '\xff'; |
1aa43890 UD |
497 | p = fgets_unlocked (buffer, buflen, ent->stream); |
498 | if (p == NULL && feof_unlocked (ent->stream)) | |
34816665 UD |
499 | return NSS_STATUS_NOTFOUND; |
500 | ||
20f8e666 | 501 | if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0)) |
af69217f | 502 | { |
20f8e666 | 503 | erange_reset: |
af69217f | 504 | fsetpos (ent->stream, &pos); |
20f8e666 | 505 | goto erange; |
af69217f | 506 | } |
6259ec0d UD |
507 | |
508 | /* Skip leading blanks. */ | |
509 | while (isspace (*p)) | |
510 | ++p; | |
511 | } | |
c131718c | 512 | while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */ |
1e2e27fd UD |
513 | /* Parse the line. If it is invalid, loop to |
514 | get the next line of the file to parse. */ | |
60c96635 | 515 | || !(parse_res = _nss_files_parse_spent (p, result, data, |
d71b808a | 516 | buflen, errnop))); |
6259ec0d | 517 | |
a1ffb40e | 518 | if (__glibc_unlikely (parse_res == -1)) |
20f8e666 UD |
519 | /* The parser ran out of space. */ |
520 | goto erange_reset; | |
3996f34b | 521 | |
6259ec0d UD |
522 | if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-') |
523 | /* This is a real entry. */ | |
524 | break; | |
525 | ||
526 | /* -@netgroup */ | |
527 | if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@' | |
528 | && result->sp_namp[2] != '\0') | |
529 | { | |
d71b808a | 530 | /* XXX Do not use fixed length buffers. */ |
1e2e27fd | 531 | char buf2[1024]; |
51eecc4a | 532 | char *user, *host, *domain; |
1e2e27fd | 533 | struct __netgrent netgrdata; |
c131718c | 534 | |
1c6e6f23 | 535 | memset (&netgrdata, 0, sizeof (struct __netgrent)); |
1e2e27fd | 536 | __internal_setnetgrent (&result->sp_namp[2], &netgrdata); |
c131718c | 537 | while (__internal_getnetgrent_r (&host, &user, &domain, |
d71b808a UD |
538 | &netgrdata, buf2, sizeof (buf2), |
539 | errnop)) | |
6259ec0d UD |
540 | { |
541 | if (user != NULL && user[0] != '-') | |
542 | blacklist_store_name (user, ent); | |
543 | } | |
c131718c | 544 | __internal_endnetgrent (&netgrdata); |
6259ec0d UD |
545 | continue; |
546 | } | |
547 | ||
548 | /* +@netgroup */ | |
549 | if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@' | |
550 | && result->sp_namp[2] != '\0') | |
551 | { | |
552 | int status; | |
553 | ||
cb62745a UD |
554 | ent->netgroup = true; |
555 | ent->first = true; | |
6259ec0d UD |
556 | copy_spwd_changes (&ent->pwd, result, NULL, 0); |
557 | ||
1e2e27fd UD |
558 | status = getspent_next_nss_netgr (NULL, result, ent, |
559 | &result->sp_namp[2], | |
560 | buffer, buflen, errnop); | |
6259ec0d UD |
561 | if (status == NSS_STATUS_RETURN) |
562 | continue; | |
563 | else | |
564 | return status; | |
565 | } | |
566 | ||
567 | /* -user */ | |
568 | if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0' | |
569 | && result->sp_namp[1] != '@') | |
570 | { | |
571 | blacklist_store_name (&result->sp_namp[1], ent); | |
572 | continue; | |
573 | } | |
574 | ||
575 | /* +user */ | |
576 | if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0' | |
577 | && result->sp_namp[1] != '@') | |
578 | { | |
c503d3dc UD |
579 | size_t len = strlen (result->sp_namp); |
580 | char buf[len]; | |
1e2e27fd | 581 | enum nss_status status; |
c131718c | 582 | |
cc3fa755 UD |
583 | /* Store the User in the blacklist for the "+" at the end of |
584 | /etc/passwd */ | |
c503d3dc | 585 | memcpy (buf, &result->sp_namp[1], len); |
1e2e27fd UD |
586 | status = getspnam_plususer (&result->sp_namp[1], result, ent, |
587 | buffer, buflen, errnop); | |
c503d3dc | 588 | blacklist_store_name (buf, ent); |
1e2e27fd UD |
589 | |
590 | if (status == NSS_STATUS_SUCCESS) /* We found the entry. */ | |
591 | break; | |
c503d3dc UD |
592 | /* We couldn't parse the entry */ |
593 | else if (status == NSS_STATUS_RETURN | |
594 | /* entry doesn't exist */ | |
595 | || status == NSS_STATUS_NOTFOUND) | |
1e2e27fd UD |
596 | continue; |
597 | else | |
598 | { | |
599 | if (status == NSS_STATUS_TRYAGAIN) | |
600 | { | |
601 | fsetpos (ent->stream, &pos); | |
602 | *errnop = ERANGE; | |
603 | } | |
604 | return status; | |
605 | } | |
6259ec0d UD |
606 | } |
607 | ||
608 | /* +:... */ | |
609 | if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0') | |
610 | { | |
cb62745a UD |
611 | ent->files = false; |
612 | ent->first = true; | |
6259ec0d UD |
613 | copy_spwd_changes (&ent->pwd, result, NULL, 0); |
614 | ||
1e2e27fd | 615 | return getspent_next_nss (result, ent, buffer, buflen, errnop); |
6259ec0d UD |
616 | } |
617 | } | |
618 | ||
619 | return NSS_STATUS_SUCCESS; | |
620 | } | |
621 | ||
622 | ||
623 | static enum nss_status | |
624 | internal_getspent_r (struct spwd *pw, ent_t *ent, | |
d71b808a | 625 | char *buffer, size_t buflen, int *errnop) |
6259ec0d UD |
626 | { |
627 | if (ent->netgroup) | |
628 | { | |
1e2e27fd | 629 | enum nss_status status; |
6259ec0d UD |
630 | |
631 | /* We are searching members in a netgroup */ | |
632 | /* Since this is not the first call, we don't need the group name */ | |
1e2e27fd UD |
633 | status = getspent_next_nss_netgr (NULL, pw, ent, NULL, buffer, |
634 | buflen, errnop); | |
635 | ||
6259ec0d | 636 | if (status == NSS_STATUS_RETURN) |
d71b808a | 637 | return getspent_next_file (pw, ent, buffer, buflen, errnop); |
6259ec0d UD |
638 | else |
639 | return status; | |
640 | } | |
1e2e27fd UD |
641 | else if (ent->files) |
642 | return getspent_next_file (pw, ent, buffer, buflen, errnop); | |
6259ec0d | 643 | else |
1e2e27fd | 644 | return getspent_next_nss (pw, ent, buffer, buflen, errnop); |
6259ec0d UD |
645 | } |
646 | ||
cb62745a | 647 | |
6259ec0d | 648 | enum nss_status |
d71b808a UD |
649 | _nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen, |
650 | int *errnop) | |
6259ec0d | 651 | { |
1e2e27fd | 652 | enum nss_status result = NSS_STATUS_SUCCESS; |
6259ec0d UD |
653 | |
654 | __libc_lock_lock (lock); | |
655 | ||
1e2e27fd | 656 | /* Be prepared that the setpwent function was not called before. */ |
26dee9c4 | 657 | if (ni == NULL) |
1e2e27fd | 658 | init_nss_interface (); |
c131718c | 659 | |
6259ec0d | 660 | if (ext_ent.stream == NULL) |
b13b96ca | 661 | result = internal_setspent (&ext_ent, 1, 1); |
6259ec0d | 662 | |
1e2e27fd UD |
663 | if (result == NSS_STATUS_SUCCESS) |
664 | result = internal_getspent_r (pwd, &ext_ent, buffer, buflen, errnop); | |
6259ec0d UD |
665 | |
666 | __libc_lock_unlock (lock); | |
667 | ||
1e2e27fd | 668 | return result; |
6259ec0d UD |
669 | } |
670 | ||
cb62745a | 671 | |
cc3fa755 UD |
672 | /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */ |
673 | static enum nss_status | |
674 | internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent, | |
d71b808a | 675 | char *buffer, size_t buflen, int *errnop) |
cc3fa755 UD |
676 | { |
677 | struct parser_data *data = (void *) buffer; | |
678 | ||
679 | while (1) | |
680 | { | |
681 | fpos_t pos; | |
682 | char *p; | |
683 | int parse_res; | |
684 | ||
685 | do | |
686 | { | |
20f8e666 | 687 | /* We need at least 3 characters for one line. */ |
a1ffb40e | 688 | if (__glibc_unlikely (buflen < 3)) |
20f8e666 UD |
689 | { |
690 | erange: | |
691 | *errnop = ERANGE; | |
692 | return NSS_STATUS_TRYAGAIN; | |
693 | } | |
694 | ||
cc3fa755 | 695 | fgetpos (ent->stream, &pos); |
af69217f | 696 | buffer[buflen - 1] = '\xff'; |
1aa43890 UD |
697 | p = fgets_unlocked (buffer, buflen, ent->stream); |
698 | if (p == NULL && feof_unlocked (ent->stream)) | |
34816665 UD |
699 | return NSS_STATUS_NOTFOUND; |
700 | ||
af69217f UD |
701 | if (p == NULL || buffer[buflen - 1] != '\xff') |
702 | { | |
20f8e666 | 703 | erange_reset: |
af69217f | 704 | fsetpos (ent->stream, &pos); |
20f8e666 | 705 | goto erange; |
af69217f | 706 | } |
cc3fa755 | 707 | |
c503d3dc UD |
708 | /* Terminate the line for any case. */ |
709 | buffer[buflen - 1] = '\0'; | |
710 | ||
cc3fa755 UD |
711 | /* Skip leading blanks. */ |
712 | while (isspace (*p)) | |
713 | ++p; | |
714 | } | |
1e2e27fd | 715 | while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ |
cc3fa755 | 716 | /* Parse the line. If it is invalid, loop to |
1e2e27fd | 717 | get the next line of the file to parse. */ |
d71b808a UD |
718 | !(parse_res = _nss_files_parse_spent (p, result, data, buflen, |
719 | errnop))); | |
cc3fa755 | 720 | |
a1ffb40e | 721 | if (__glibc_unlikely (parse_res == -1)) |
20f8e666 UD |
722 | /* The parser ran out of space. */ |
723 | goto erange_reset; | |
cc3fa755 UD |
724 | |
725 | /* This is a real entry. */ | |
726 | if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-') | |
727 | { | |
728 | if (strcmp (result->sp_namp, name) == 0) | |
729 | return NSS_STATUS_SUCCESS; | |
730 | else | |
731 | continue; | |
732 | } | |
733 | ||
734 | /* -@netgroup */ | |
1e2e27fd UD |
735 | /* If the loaded NSS module does not support this service, add |
736 | all users from a +@netgroup entry to the blacklist, too. */ | |
cc3fa755 UD |
737 | if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@' |
738 | && result->sp_namp[2] != '\0') | |
739 | { | |
c503d3dc UD |
740 | if (innetgr (&result->sp_namp[2], NULL, name, NULL)) |
741 | return NSS_STATUS_NOTFOUND; | |
cc3fa755 UD |
742 | continue; |
743 | } | |
744 | ||
745 | /* +@netgroup */ | |
746 | if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@' | |
747 | && result->sp_namp[2] != '\0') | |
748 | { | |
c503d3dc | 749 | enum nss_status status; |
cc3fa755 | 750 | |
c503d3dc | 751 | if (innetgr (&result->sp_namp[2], NULL, name, NULL)) |
cc3fa755 | 752 | { |
c503d3dc UD |
753 | status = getspnam_plususer (name, result, ent, buffer, |
754 | buflen, errnop); | |
755 | ||
cc3fa755 UD |
756 | if (status == NSS_STATUS_RETURN) |
757 | continue; | |
758 | ||
c503d3dc | 759 | return status; |
1e2e27fd | 760 | } |
cc3fa755 UD |
761 | continue; |
762 | } | |
763 | ||
764 | /* -user */ | |
765 | if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0' | |
766 | && result->sp_namp[1] != '@') | |
767 | { | |
768 | if (strcmp (&result->sp_namp[1], name) == 0) | |
34816665 | 769 | return NSS_STATUS_NOTFOUND; |
cc3fa755 UD |
770 | else |
771 | continue; | |
772 | } | |
773 | ||
774 | /* +user */ | |
775 | if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0' | |
776 | && result->sp_namp[1] != '@') | |
777 | { | |
778 | if (strcmp (name, &result->sp_namp[1]) == 0) | |
779 | { | |
780 | enum nss_status status; | |
781 | ||
1e2e27fd UD |
782 | status = getspnam_plususer (name, result, ent, |
783 | buffer, buflen, errnop); | |
784 | ||
cc3fa755 | 785 | if (status == NSS_STATUS_RETURN) |
34816665 UD |
786 | /* We couldn't parse the entry */ |
787 | return NSS_STATUS_NOTFOUND; | |
cc3fa755 UD |
788 | else |
789 | return status; | |
790 | } | |
791 | } | |
792 | ||
793 | /* +:... */ | |
794 | if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0') | |
795 | { | |
796 | enum nss_status status; | |
797 | ||
1e2e27fd UD |
798 | status = getspnam_plususer (name, result, ent, |
799 | buffer, buflen, errnop); | |
800 | ||
c503d3dc UD |
801 | if (status == NSS_STATUS_SUCCESS) |
802 | /* We found the entry. */ | |
803 | break; | |
804 | else if (status == NSS_STATUS_RETURN) | |
805 | /* We couldn't parse the entry */ | |
806 | return NSS_STATUS_NOTFOUND; | |
cc3fa755 UD |
807 | else |
808 | return status; | |
809 | } | |
810 | } | |
811 | return NSS_STATUS_SUCCESS; | |
812 | } | |
6259ec0d | 813 | |
cb62745a | 814 | |
6259ec0d UD |
815 | enum nss_status |
816 | _nss_compat_getspnam_r (const char *name, struct spwd *pwd, | |
d71b808a | 817 | char *buffer, size_t buflen, int *errnop) |
6259ec0d | 818 | { |
1e2e27fd | 819 | enum nss_status result; |
cb62745a UD |
820 | ent_t ent = { false, true, false, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0}, |
821 | { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}}; | |
6259ec0d UD |
822 | |
823 | if (name[0] == '-' || name[0] == '+') | |
34816665 | 824 | return NSS_STATUS_NOTFOUND; |
6259ec0d | 825 | |
1e2e27fd UD |
826 | __libc_lock_lock (lock); |
827 | ||
26dee9c4 | 828 | if (ni == NULL) |
1e2e27fd UD |
829 | init_nss_interface (); |
830 | ||
831 | __libc_lock_unlock (lock); | |
c131718c | 832 | |
b13b96ca | 833 | result = internal_setspent (&ent, 0, 0); |
6259ec0d | 834 | |
c503d3dc UD |
835 | if (result == NSS_STATUS_SUCCESS) |
836 | result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop); | |
6259ec0d UD |
837 | |
838 | internal_endspent (&ent); | |
cc3fa755 | 839 | |
1e2e27fd | 840 | return result; |
6259ec0d UD |
841 | } |
842 | ||
cb62745a | 843 | |
6259ec0d UD |
844 | /* Support routines for remembering -@netgroup and -user entries. |
845 | The names are stored in a single string with `|' as separator. */ | |
846 | static void | |
847 | blacklist_store_name (const char *name, ent_t *ent) | |
848 | { | |
849 | int namelen = strlen (name); | |
850 | char *tmp; | |
851 | ||
852 | /* first call, setup cache */ | |
853 | if (ent->blacklist.size == 0) | |
854 | { | |
855 | ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen); | |
856 | ent->blacklist.data = malloc (ent->blacklist.size); | |
857 | if (ent->blacklist.data == NULL) | |
858 | return; | |
859 | ent->blacklist.data[0] = '|'; | |
860 | ent->blacklist.data[1] = '\0'; | |
861 | ent->blacklist.current = 1; | |
862 | } | |
863 | else | |
864 | { | |
865 | if (in_blacklist (name, namelen, ent)) | |
866 | return; /* no duplicates */ | |
867 | ||
868 | if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size) | |
869 | { | |
870 | ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen); | |
871 | tmp = realloc (ent->blacklist.data, ent->blacklist.size); | |
872 | if (tmp == NULL) | |
873 | { | |
874 | free (ent->blacklist.data); | |
875 | ent->blacklist.size = 0; | |
876 | return; | |
877 | } | |
878 | ent->blacklist.data = tmp; | |
879 | } | |
880 | } | |
881 | ||
882 | tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name); | |
883 | *tmp++ = '|'; | |
884 | *tmp = '\0'; | |
885 | ent->blacklist.current += namelen + 1; | |
886 | ||
887 | return; | |
888 | } | |
889 | ||
cb62745a | 890 | |
c131718c | 891 | /* Returns TRUE if ent->blacklist contains name, else FALSE. */ |
6259ec0d UD |
892 | static bool_t |
893 | in_blacklist (const char *name, int namelen, ent_t *ent) | |
894 | { | |
895 | char buf[namelen + 3]; | |
c131718c | 896 | char *cp; |
6259ec0d UD |
897 | |
898 | if (ent->blacklist.data == NULL) | |
cb62745a | 899 | return false; |
6259ec0d | 900 | |
c131718c UD |
901 | buf[0] = '|'; |
902 | cp = stpcpy (&buf[1], name); | |
1e2e27fd | 903 | *cp++ = '|'; |
c131718c | 904 | *cp = '\0'; |
6259ec0d UD |
905 | return strstr (ent->blacklist.data, buf) != NULL; |
906 | } |