]> git.ipfire.org Git - thirdparty/glibc.git/blame - nis/nss_compat/compat-spwd.c
projects / thirdparty / glibc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update copyright dates with scripts/update-copyrights.
[thirdparty/glibc.git] / nis / nss_compat / compat-spwd.c
CommitLineData
f7a9f785 1/* Copyright (C) 1996-2016 Free Software Foundation, Inc.
6259ec0d
UD		 2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
4
5 The GNU C Library is free software; you can redistribute it and/or
41bdb6e2
AJ		 6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
6259ec0d
UD		 9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41bdb6e2 13 Lesser General Public License for more details.
6259ec0d 14
41bdb6e2 15 You should have received a copy of the GNU Lesser General Public
59ba27a6
PE		 16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
6259ec0d 18
6259ec0d 19#include <ctype.h>
1aa43890 20#include <errno.h>
3996f34b 21#include <fcntl.h>
6259ec0d 22#include <netdb.h>
1aa43890
UD		 23#include <nss.h>
24#include <nsswitch.h>
6259ec0d 25#include <shadow.h>
1aa43890 26#include <stdio_ext.h>
6259ec0d 27#include <string.h>
1e2e27fd 28#include <rpc/types.h>
6259ec0d 29#include <rpcsvc/ypclnt.h>
ec999b8e 30#include <libc-lock.h>
cc783763 31#include <kernel-features.h>
26dee9c4
UD		 32
33#include "netgroup.h"
26dee9c4 34
fc9f33e3 35static service_user *ni;
1e2e27fd
UD		 36static enum nss_status (*nss_setspent) (int stayopen);
37static enum nss_status (*nss_getspnam_r) (const char *name, struct spwd * sp,
38 char *buffer, size_t buflen,
39 int *errnop);
40static enum nss_status (*nss_getspent_r) (struct spwd * sp, char *buffer,
41 size_t buflen, int *errnop);
42static enum nss_status (*nss_endspent) (void);
6259ec0d 43
7e3be507
UD		 44/* Get the declaration of the parser function. */
45#define ENTNAME spent
46#define STRUCTURE spwd
47#define EXTERN_PARSER
cc3fa755 48#include <nss/nss_files/files-parse.c>
7e3be507 49
6259ec0d
UD		 50/* Structure for remembering -@netgroup and -user members ... */
51#define BLACKLIST_INITIAL_SIZE 512
52#define BLACKLIST_INCREMENT 256
53struct blacklist_t
1e2e27fd
UD		 54{
55 char *data;
56 int current;
57 int size;
58};
6259ec0d
UD		 59
60struct ent_t
1e2e27fd 61{
cb62745a
UD		 62 bool netgroup;
63 bool files;
64 bool first;
65 enum nss_status setent_status;
1e2e27fd
UD		 66 FILE *stream;
67 struct blacklist_t blacklist;
68 struct spwd pwd;
69 struct __netgrent netgrdata;
70};
6259ec0d
UD		 71typedef struct ent_t ent_t;
72
cb62745a
UD		 73static ent_t ext_ent = { false, true, false, NSS_STATUS_SUCCESS, NULL,
74 { NULL, 0, 0},
75 { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
6259ec0d
UD		 76
77/* Protect global state against multiple changers. */
78__libc_lock_define_initialized (static, lock)
79
cc783763
UD		 80/* Positive if O_CLOEXEC is supported, negative if it is not supported,
81 zero if it is still undecided. This variable is shared with the
82 other compat functions. */
83#ifdef __ASSUME_O_CLOEXEC
84# define __compat_have_cloexec 1
85#else
86# ifdef O_CLOEXEC
87extern int __compat_have_cloexec;
88# else
89# define __compat_have_cloexec -1
90# endif
91#endif
92
6259ec0d
UD		 93/* Prototypes for local functions. */
94static void blacklist_store_name (const char *, ent_t *);
95static int in_blacklist (const char *, int, ent_t *);
2d7da676 96
1e2e27fd
UD		 97/* Initialize the NSS interface/functions. The calling function must
98 hold the lock. */
99static void
100init_nss_interface (void)
101{
102 if (__nss_database_lookup ("shadow_compat", "passwd_compat",
103 "nis", &ni) >= 0)
104 {
105 nss_setspent = __nss_lookup_function (ni, "setspent");
106 nss_getspnam_r = __nss_lookup_function (ni, "getspnam_r");
107 nss_getspent_r = __nss_lookup_function (ni, "getspent_r");
108 nss_endspent = __nss_lookup_function (ni, "endspent");
109 }
110}
111
6259ec0d
UD		 112static void
113give_spwd_free (struct spwd *pwd)
114{
72e6cdfa
UD		 115 free (pwd->sp_namp);
116 free (pwd->sp_pwdp);
6259ec0d
UD		 117
118 memset (pwd, '\0', sizeof (struct spwd));
b378b9f9
UD		 119 pwd->sp_warn = -1;
120 pwd->sp_inact = -1;
121 pwd->sp_expire = -1;
122 pwd->sp_flag = ~0ul;
6259ec0d
UD		 123}
124
125static int
126spwd_need_buflen (struct spwd *pwd)
127{
128 int len = 0;
129
130 if (pwd->sp_pwdp != NULL)
131 len += strlen (pwd->sp_pwdp) + 1;
132
133 return len;
134}
135
136static void
137copy_spwd_changes (struct spwd *dest, struct spwd *src,
138 char *buffer, size_t buflen)
139{
140 if (src->sp_pwdp != NULL && strlen (src->sp_pwdp))
141 {
142 if (buffer == NULL)
143 dest->sp_pwdp = strdup (src->sp_pwdp);
144 else if (dest->sp_pwdp &&
145 strlen (dest->sp_pwdp) >= strlen (src->sp_pwdp))
146 strcpy (dest->sp_pwdp, src->sp_pwdp);
147 else
148 {
149 dest->sp_pwdp = buffer;
150 strcpy (dest->sp_pwdp, src->sp_pwdp);
151 buffer += strlen (dest->sp_pwdp) + 1;
152 buflen = buflen - (strlen (dest->sp_pwdp) + 1);
153 }
154 }
155 if (src->sp_lstchg != 0)
156 dest->sp_lstchg = src->sp_lstchg;
157 if (src->sp_min != 0)
158 dest->sp_min = src->sp_min;
159 if (src->sp_max != 0)
160 dest->sp_max = src->sp_max;
b378b9f9 161 if (src->sp_warn != -1)
6259ec0d 162 dest->sp_warn = src->sp_warn;
b378b9f9 163 if (src->sp_inact != -1)
6259ec0d 164 dest->sp_inact = src->sp_inact;
b378b9f9 165 if (src->sp_expire != -1)
6259ec0d 166 dest->sp_expire = src->sp_expire;
b378b9f9 167 if (src->sp_flag != ~0ul)
6259ec0d
UD		 168 dest->sp_flag = src->sp_flag;
169}
170
171static enum nss_status
b13b96ca 172internal_setspent (ent_t *ent, int stayopen, int needent)
6259ec0d
UD		 173{
174 enum nss_status status = NSS_STATUS_SUCCESS;
175
1e2e27fd 176 ent->first = ent->netgroup = 0;
cb62745a 177 ent->files = true;
6259ec0d 178
26dee9c4
UD		 179 /* If something was left over free it. */
180 if (ent->netgroup)
181 __internal_endnetgrent (&ent->netgrdata);
c131718c 182
6259ec0d 183 if (ent->blacklist.data != NULL)
bd355af0
UD		 184 {
185 ent->blacklist.current = 1;
186 ent->blacklist.data[0] = '|';
187 ent->blacklist.data[1] = '\0';
188 }
189 else
190 ent->blacklist.current = 0;
6259ec0d
UD		 191
192 if (ent->stream == NULL)
193 {
cc783763 194 ent->stream = fopen ("/etc/shadow", "rme");
6259ec0d
UD		 195
196 if (ent->stream == NULL)
197 status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
3996f34b
UD		 198 else
199 {
200 /* We have to make sure the file is `closed on exec'. */
cc783763 201 int result = 0;
3996f34b 202
cc783763 203 if (__compat_have_cloexec <= 0)
3996f34b 204 {
cc783763
UD		 205 int flags;
206 result = flags = fcntl (fileno_unlocked (ent->stream), F_GETFD,
207 0);
208 if (result >= 0)
209 {
210#if defined O_CLOEXEC && !defined __ASSUME_O_CLOEXEC
211 if (__compat_have_cloexec == 0)
212 __compat_have_cloexec = (flags & FD_CLOEXEC) ? 1 : -1;
213
214 if (__compat_have_cloexec < 0)
215#endif
216 {
217 flags |= FD_CLOEXEC;
218 result = fcntl (fileno_unlocked (ent->stream), F_SETFD,
219 flags);
220 }
221 }
3996f34b 222 }
cc783763 223
3996f34b
UD		 224 if (result < 0)
225 {
226 /* Something went wrong. Close the stream and return a
1e2e27fd 227 failure. */
3996f34b
UD		 228 fclose (ent->stream);
229 ent->stream = NULL;
230 status = NSS_STATUS_UNAVAIL;
231 }
1aa43890
UD		 232 else
233 /* We take care of locking ourself. */
234 __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
3996f34b 235 }
6259ec0d
UD		 236 }
237 else
238 rewind (ent->stream);
239
240 give_spwd_free (&ent->pwd);
241
b13b96ca 242 if (needent && status == NSS_STATUS_SUCCESS && nss_setspent)
cb62745a 243 ent->setent_status = nss_setspent (stayopen);
1e2e27fd 244
6259ec0d
UD		 245 return status;
246}
247
248
249enum nss_status
51eecc4a 250_nss_compat_setspent (int stayopen)
6259ec0d
UD		 251{
252 enum nss_status result;
253
254 __libc_lock_lock (lock);
255
26dee9c4 256 if (ni == NULL)
1e2e27fd 257 init_nss_interface ();
c131718c 258
b13b96ca 259 result = internal_setspent (&ext_ent, stayopen, 1);
6259ec0d
UD		 260
261 __libc_lock_unlock (lock);
262
263 return result;
264}
265
266
267static enum nss_status
268internal_endspent (ent_t *ent)
269{
270 if (ent->stream != NULL)
271 {
272 fclose (ent->stream);
273 ent->stream = NULL;
274 }
275
26dee9c4
UD		 276 if (ent->netgroup)
277 __internal_endnetgrent (&ent->netgrdata);
278
cb62745a
UD		 279 ent->first = ent->netgroup = false;
280 ent->files = true;
c131718c 281
6259ec0d 282 if (ent->blacklist.data != NULL)
bd355af0
UD		 283 {
284 ent->blacklist.current = 1;
285 ent->blacklist.data[0] = '|';
286 ent->blacklist.data[1] = '\0';
287 }
288 else
289 ent->blacklist.current = 0;
c131718c 290
6259ec0d
UD		 291 give_spwd_free (&ent->pwd);
292
293 return NSS_STATUS_SUCCESS;
294}
295
296enum nss_status
297_nss_compat_endspent (void)
298{
299 enum nss_status result;
300
301 __libc_lock_lock (lock);
302
b13b96ca
AS		 303 if (nss_endspent)
304 nss_endspent ();
305
6259ec0d
UD		 306 result = internal_endspent (&ext_ent);
307
308 __libc_lock_unlock (lock);
309
310 return result;
311}
312
313
314static enum nss_status
1e2e27fd
UD		 315getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent,
316 char *group, char *buffer, size_t buflen,
317 int *errnop)
6259ec0d 318{
6d4d8e8e 319 char *curdomain = NULL, *host, *user, *domain, *p2;
6259ec0d
UD		 320 size_t p2len;
321
1e2e27fd
UD		 322 if (!nss_getspnam_r)
323 return NSS_STATUS_UNAVAIL;
324
cb62745a
UD		 325 /* If the setpwent call failed, say so. */
326 if (ent->setent_status != NSS_STATUS_SUCCESS)
327 return ent->setent_status;
328
6d4d8e8e 329 if (ent->first)
6259ec0d 330 {
1e2e27fd 331 memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
26dee9c4 332 __internal_setnetgrent (group, &ent->netgrdata);
cb62745a 333 ent->first = false;
6259ec0d
UD		 334 }
335
336 while (1)
337 {
1e2e27fd 338 enum nss_status status;
60c96635 339
26dee9c4 340 status = __internal_getnetgrent_r (&host, &user, &domain,
d71b808a
UD		 341 &ent->netgrdata, buffer, buflen,
342 errnop);
26dee9c4 343 if (status != 1)
6259ec0d 344 {
26dee9c4 345 __internal_endnetgrent (&ent->netgrdata);
cb62745a 346 ent->netgroup = false;
6259ec0d
UD		 347 give_spwd_free (&ent->pwd);
348 return NSS_STATUS_RETURN;
349 }
3996f34b 350
6259ec0d
UD		 351 if (user == NULL || user[0] == '-')
352 continue;
3996f34b 353
6d4d8e8e
AS		 354 if (domain != NULL)
355 {
356 if (curdomain == NULL
357 && yp_get_default_domain (&curdomain) != YPERR_SUCCESS)
358 {
359 __internal_endnetgrent (&ent->netgrdata);
360 ent->netgroup = false;
361 give_spwd_free (&ent->pwd);
362 return NSS_STATUS_UNAVAIL;
363 }
364 if (strcmp (curdomain, domain) != 0)
365 continue;
366 }
6259ec0d 367
cc3fa755
UD		 368 /* If name != NULL, we are called from getpwnam */
369 if (name != NULL)
370 if (strcmp (user, name) != 0)
371 continue;
372
6259ec0d
UD		 373 p2len = spwd_need_buflen (&ent->pwd);
374 if (p2len > buflen)
375 {
d71b808a 376 *errnop = ERANGE;
6259ec0d
UD		 377 return NSS_STATUS_TRYAGAIN;
378 }
379 p2 = buffer + (buflen - p2len);
380 buflen -= p2len;
26dee9c4 381
1e2e27fd
UD		 382 if (nss_getspnam_r (user, result, buffer, buflen, errnop) !=
383 NSS_STATUS_SUCCESS)
384 continue;
cc3fa755 385
1e2e27fd 386 if (!in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
60c96635 387 {
1e2e27fd
UD		 388 /* Store the User in the blacklist for possible the "+" at the
389 end of /etc/passwd */
cc3fa755
UD		 390 blacklist_store_name (result->sp_namp, ent);
391 copy_spwd_changes (result, &ent->pwd, p2, p2len);
1e2e27fd 392 break;
60c96635 393 }
26dee9c4 394 }
c131718c 395
26dee9c4
UD		 396 return NSS_STATUS_SUCCESS;
397}
398
399
6259ec0d 400static enum nss_status
1e2e27fd 401getspent_next_nss (struct spwd *result, ent_t *ent,
d71b808a 402 char *buffer, size_t buflen, int *errnop)
6259ec0d 403{
1e2e27fd
UD		 404 enum nss_status status;
405 char *p2;
6259ec0d
UD		 406 size_t p2len;
407
1e2e27fd
UD		 408 if (!nss_getspent_r)
409 return NSS_STATUS_UNAVAIL;
6259ec0d
UD		 410
411 p2len = spwd_need_buflen (&ent->pwd);
412 if (p2len > buflen)
413 {
d71b808a 414 *errnop = ERANGE;
6259ec0d
UD		 415 return NSS_STATUS_TRYAGAIN;
416 }
417 p2 = buffer + (buflen - p2len);
418 buflen -= p2len;
419 do
420 {
1e2e27fd
UD		 421 if ((status = nss_getspent_r (result, buffer, buflen, errnop)) !=
422 NSS_STATUS_SUCCESS)
423 return status;
6259ec0d 424 }
1e2e27fd 425 while (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent));
6259ec0d
UD		 426
427 copy_spwd_changes (result, &ent->pwd, p2, p2len);
428
26dee9c4 429 return NSS_STATUS_SUCCESS;
6259ec0d
UD		 430}
431
cb62745a 432
26dee9c4
UD		 433/* This function handle the +user entrys in /etc/shadow */
434static enum nss_status
1e2e27fd
UD		 435getspnam_plususer (const char *name, struct spwd *result, ent_t *ent,
436 char *buffer, size_t buflen, int *errnop)
26dee9c4 437{
1e2e27fd
UD		 438 if (!nss_getspnam_r)
439 return NSS_STATUS_UNAVAIL;
440
016c70ea 441 struct spwd pwd;
26dee9c4 442 memset (&pwd, '\0', sizeof (struct spwd));
b378b9f9
UD		 443 pwd.sp_warn = -1;
444 pwd.sp_inact = -1;
445 pwd.sp_expire = -1;
446 pwd.sp_flag = ~0ul;
c131718c 447
26dee9c4 448 copy_spwd_changes (&pwd, result, NULL, 0);
c131718c 449
016c70ea 450 size_t plen = spwd_need_buflen (&pwd);
26dee9c4
UD		 451 if (plen > buflen)
452 {
d71b808a 453 *errnop = ERANGE;
26dee9c4
UD		 454 return NSS_STATUS_TRYAGAIN;
455 }
016c70ea 456 char *p = buffer + (buflen - plen);
26dee9c4 457 buflen -= plen;
c131718c 458
016c70ea
UD		 459 enum nss_status status = nss_getspnam_r (name, result, buffer, buflen,
460 errnop);
461 if (status != NSS_STATUS_SUCCESS)
462 return status;
6591c335 463
1e2e27fd
UD		 464 if (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
465 return NSS_STATUS_NOTFOUND;
c131718c 466
1e2e27fd
UD		 467 copy_spwd_changes (result, &pwd, p, plen);
468 give_spwd_free (&pwd);
469 /* We found the entry. */
c503d3dc 470 return NSS_STATUS_SUCCESS;
26dee9c4 471}
6259ec0d 472
cb62745a 473
6259ec0d
UD		 474static enum nss_status
475getspent_next_file (struct spwd *result, ent_t *ent,
d71b808a 476 char *buffer, size_t buflen, int *errnop)
6259ec0d 477{
7e3be507 478 struct parser_data *data = (void *) buffer;
6259ec0d
UD		 479 while (1)
480 {
60c96635
UD		 481 fpos_t pos;
482 int parse_res = 0;
c131718c 483 char *p;
6259ec0d
UD		 484
485 do
486 {
20f8e666 487 /* We need at least 3 characters for one line. */
a1ffb40e 488 if (__glibc_unlikely (buflen < 3))
20f8e666
UD		 489 {
490 erange:
491 *errnop = ERANGE;
492 return NSS_STATUS_TRYAGAIN;
493 }
494
60c96635 495 fgetpos (ent->stream, &pos);
af69217f 496 buffer[buflen - 1] = '\xff';
1aa43890
UD		 497 p = fgets_unlocked (buffer, buflen, ent->stream);
498 if (p == NULL && feof_unlocked (ent->stream))
34816665
UD		 499 return NSS_STATUS_NOTFOUND;
500
20f8e666 501 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
af69217f 502 {
20f8e666 503 erange_reset:
af69217f 504 fsetpos (ent->stream, &pos);
20f8e666 505 goto erange;
af69217f 506 }
6259ec0d
UD		 507
508 /* Skip leading blanks. */
509 while (isspace (*p))
510 ++p;
511 }
c131718c 512 while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
1e2e27fd
UD		 513 /* Parse the line. If it is invalid, loop to
514 get the next line of the file to parse. */
60c96635 515 || !(parse_res = _nss_files_parse_spent (p, result, data,
d71b808a 516 buflen, errnop)));
6259ec0d 517
a1ffb40e 518 if (__glibc_unlikely (parse_res == -1))
20f8e666
UD		 519 /* The parser ran out of space. */
520 goto erange_reset;
3996f34b 521
6259ec0d
UD		 522 if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
523 /* This is a real entry. */
524 break;
525
526 /* -@netgroup */
527 if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
528 && result->sp_namp[2] != '\0')
529 {
d71b808a 530 /* XXX Do not use fixed length buffers. */
1e2e27fd 531 char buf2[1024];
51eecc4a 532 char *user, *host, *domain;
1e2e27fd 533 struct __netgrent netgrdata;
c131718c 534
1c6e6f23 535 memset (&netgrdata, 0, sizeof (struct __netgrent));
1e2e27fd 536 __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
c131718c 537 while (__internal_getnetgrent_r (&host, &user, &domain,
d71b808a
UD		 538 &netgrdata, buf2, sizeof (buf2),
539 errnop))
6259ec0d
UD		 540 {
541 if (user != NULL && user[0] != '-')
542 blacklist_store_name (user, ent);
543 }
c131718c 544 __internal_endnetgrent (&netgrdata);
6259ec0d
UD		 545 continue;
546 }
547
548 /* +@netgroup */
549 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
550 && result->sp_namp[2] != '\0')
551 {
552 int status;
553
cb62745a
UD		 554 ent->netgroup = true;
555 ent->first = true;
6259ec0d
UD		 556 copy_spwd_changes (&ent->pwd, result, NULL, 0);
557
1e2e27fd
UD		 558 status = getspent_next_nss_netgr (NULL, result, ent,
559 &result->sp_namp[2],
560 buffer, buflen, errnop);
6259ec0d
UD		 561 if (status == NSS_STATUS_RETURN)
562 continue;
563 else
564 return status;
565 }
566
567 /* -user */
568 if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
569 && result->sp_namp[1] != '@')
570 {
571 blacklist_store_name (&result->sp_namp[1], ent);
572 continue;
573 }
574
575 /* +user */
576 if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
577 && result->sp_namp[1] != '@')
578 {
c503d3dc
UD		 579 size_t len = strlen (result->sp_namp);
580 char buf[len];
1e2e27fd 581 enum nss_status status;
c131718c 582
cc3fa755
UD		 583 /* Store the User in the blacklist for the "+" at the end of
584 /etc/passwd */
c503d3dc 585 memcpy (buf, &result->sp_namp[1], len);
1e2e27fd
UD		 586 status = getspnam_plususer (&result->sp_namp[1], result, ent,
587 buffer, buflen, errnop);
c503d3dc 588 blacklist_store_name (buf, ent);
1e2e27fd
UD		 589
590 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
591 break;
c503d3dc
UD		 592 /* We couldn't parse the entry */
593 else if (status == NSS_STATUS_RETURN
594 /* entry doesn't exist */
595 || status == NSS_STATUS_NOTFOUND)
1e2e27fd
UD		 596 continue;
597 else
598 {
599 if (status == NSS_STATUS_TRYAGAIN)
600 {
601 fsetpos (ent->stream, &pos);
602 *errnop = ERANGE;
603 }
604 return status;
605 }
6259ec0d
UD		 606 }
607
608 /* +:... */
609 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
610 {
cb62745a
UD		 611 ent->files = false;
612 ent->first = true;
6259ec0d
UD		 613 copy_spwd_changes (&ent->pwd, result, NULL, 0);
614
1e2e27fd 615 return getspent_next_nss (result, ent, buffer, buflen, errnop);
6259ec0d
UD		 616 }
617 }
618
619 return NSS_STATUS_SUCCESS;
620}
621
622
623static enum nss_status
624internal_getspent_r (struct spwd *pw, ent_t *ent,
d71b808a 625 char *buffer, size_t buflen, int *errnop)
6259ec0d
UD		 626{
627 if (ent->netgroup)
628 {
1e2e27fd 629 enum nss_status status;
6259ec0d
UD		 630
631 /* We are searching members in a netgroup */
632 /* Since this is not the first call, we don't need the group name */
1e2e27fd
UD		 633 status = getspent_next_nss_netgr (NULL, pw, ent, NULL, buffer,
634 buflen, errnop);
635
6259ec0d 636 if (status == NSS_STATUS_RETURN)
d71b808a 637 return getspent_next_file (pw, ent, buffer, buflen, errnop);
6259ec0d
UD		 638 else
639 return status;
640 }
1e2e27fd
UD		 641 else if (ent->files)
642 return getspent_next_file (pw, ent, buffer, buflen, errnop);
6259ec0d 643 else
1e2e27fd 644 return getspent_next_nss (pw, ent, buffer, buflen, errnop);
6259ec0d
UD		 645}
646
cb62745a 647
6259ec0d 648enum nss_status
d71b808a
UD		 649_nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen,
650 int *errnop)
6259ec0d 651{
1e2e27fd 652 enum nss_status result = NSS_STATUS_SUCCESS;
6259ec0d
UD		 653
654 __libc_lock_lock (lock);
655
1e2e27fd 656 /* Be prepared that the setpwent function was not called before. */
26dee9c4 657 if (ni == NULL)
1e2e27fd 658 init_nss_interface ();
c131718c 659
6259ec0d 660 if (ext_ent.stream == NULL)
b13b96ca 661 result = internal_setspent (&ext_ent, 1, 1);
6259ec0d 662
1e2e27fd
UD		 663 if (result == NSS_STATUS_SUCCESS)
664 result = internal_getspent_r (pwd, &ext_ent, buffer, buflen, errnop);
6259ec0d
UD		 665
666 __libc_lock_unlock (lock);
667
1e2e27fd 668 return result;
6259ec0d
UD		 669}
670
cb62745a 671
cc3fa755
UD		 672/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
673static enum nss_status
674internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
d71b808a 675 char *buffer, size_t buflen, int *errnop)
cc3fa755
UD		 676{
677 struct parser_data *data = (void *) buffer;
678
679 while (1)
680 {
681 fpos_t pos;
682 char *p;
683 int parse_res;
684
685 do
686 {
20f8e666 687 /* We need at least 3 characters for one line. */
a1ffb40e 688 if (__glibc_unlikely (buflen < 3))
20f8e666
UD		 689 {
690 erange:
691 *errnop = ERANGE;
692 return NSS_STATUS_TRYAGAIN;
693 }
694
cc3fa755 695 fgetpos (ent->stream, &pos);
af69217f 696 buffer[buflen - 1] = '\xff';
1aa43890
UD		 697 p = fgets_unlocked (buffer, buflen, ent->stream);
698 if (p == NULL && feof_unlocked (ent->stream))
34816665
UD		 699 return NSS_STATUS_NOTFOUND;
700
af69217f
UD		 701 if (p == NULL || buffer[buflen - 1] != '\xff')
702 {
20f8e666 703 erange_reset:
af69217f 704 fsetpos (ent->stream, &pos);
20f8e666 705 goto erange;
af69217f 706 }
cc3fa755 707
c503d3dc
UD		 708 /* Terminate the line for any case. */
709 buffer[buflen - 1] = '\0';
710
cc3fa755
UD		 711 /* Skip leading blanks. */
712 while (isspace (*p))
713 ++p;
714 }
1e2e27fd 715 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
cc3fa755 716 /* Parse the line. If it is invalid, loop to
1e2e27fd 717 get the next line of the file to parse. */
d71b808a
UD		 718 !(parse_res = _nss_files_parse_spent (p, result, data, buflen,
719 errnop)));
cc3fa755 720
a1ffb40e 721 if (__glibc_unlikely (parse_res == -1))
20f8e666
UD		 722 /* The parser ran out of space. */
723 goto erange_reset;
cc3fa755
UD		 724
725 /* This is a real entry. */
726 if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
727 {
728 if (strcmp (result->sp_namp, name) == 0)
729 return NSS_STATUS_SUCCESS;
730 else
731 continue;
732 }
733
734 /* -@netgroup */
1e2e27fd
UD		 735 /* If the loaded NSS module does not support this service, add
736 all users from a +@netgroup entry to the blacklist, too. */
cc3fa755
UD		 737 if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
738 && result->sp_namp[2] != '\0')
739 {
c503d3dc
UD		 740 if (innetgr (&result->sp_namp[2], NULL, name, NULL))
741 return NSS_STATUS_NOTFOUND;
cc3fa755
UD		 742 continue;
743 }
744
745 /* +@netgroup */
746 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
747 && result->sp_namp[2] != '\0')
748 {
c503d3dc 749 enum nss_status status;
cc3fa755 750
c503d3dc 751 if (innetgr (&result->sp_namp[2], NULL, name, NULL))
cc3fa755 752 {
c503d3dc
UD		 753 status = getspnam_plususer (name, result, ent, buffer,
754 buflen, errnop);
755
cc3fa755
UD		 756 if (status == NSS_STATUS_RETURN)
757 continue;
758
c503d3dc 759 return status;
1e2e27fd 760 }
cc3fa755
UD		 761 continue;
762 }
763
764 /* -user */
765 if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
766 && result->sp_namp[1] != '@')
767 {
768 if (strcmp (&result->sp_namp[1], name) == 0)
34816665 769 return NSS_STATUS_NOTFOUND;
cc3fa755
UD		 770 else
771 continue;
772 }
773
774 /* +user */
775 if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
776 && result->sp_namp[1] != '@')
777 {
778 if (strcmp (name, &result->sp_namp[1]) == 0)
779 {
780 enum nss_status status;
781
1e2e27fd
UD		 782 status = getspnam_plususer (name, result, ent,
783 buffer, buflen, errnop);
784
cc3fa755 785 if (status == NSS_STATUS_RETURN)
34816665
UD		 786 /* We couldn't parse the entry */
787 return NSS_STATUS_NOTFOUND;
cc3fa755
UD		 788 else
789 return status;
790 }
791 }
792
793 /* +:... */
794 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
795 {
796 enum nss_status status;
797
1e2e27fd
UD		 798 status = getspnam_plususer (name, result, ent,
799 buffer, buflen, errnop);
800
c503d3dc
UD		 801 if (status == NSS_STATUS_SUCCESS)
802 /* We found the entry. */
803 break;
804 else if (status == NSS_STATUS_RETURN)
805 /* We couldn't parse the entry */
806 return NSS_STATUS_NOTFOUND;
cc3fa755
UD		 807 else
808 return status;
809 }
810 }
811 return NSS_STATUS_SUCCESS;
812}
6259ec0d 813
cb62745a 814
6259ec0d
UD		 815enum nss_status
816_nss_compat_getspnam_r (const char *name, struct spwd *pwd,
d71b808a 817 char *buffer, size_t buflen, int *errnop)
6259ec0d 818{
1e2e27fd 819 enum nss_status result;
cb62745a
UD		 820 ent_t ent = { false, true, false, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0},
821 { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
6259ec0d
UD		 822
823 if (name[0] == '-' || name[0] == '+')
34816665 824 return NSS_STATUS_NOTFOUND;
6259ec0d 825
1e2e27fd
UD		 826 __libc_lock_lock (lock);
827
26dee9c4 828 if (ni == NULL)
1e2e27fd
UD		 829 init_nss_interface ();
830
831 __libc_lock_unlock (lock);
c131718c 832
b13b96ca 833 result = internal_setspent (&ent, 0, 0);
6259ec0d 834
c503d3dc
UD		 835 if (result == NSS_STATUS_SUCCESS)
836 result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop);
6259ec0d
UD		 837
838 internal_endspent (&ent);
cc3fa755 839
1e2e27fd 840 return result;
6259ec0d
UD		 841}
842
cb62745a 843
6259ec0d
UD		 844/* Support routines for remembering -@netgroup and -user entries.
845 The names are stored in a single string with `|' as separator. */
846static void
847blacklist_store_name (const char *name, ent_t *ent)
848{
849 int namelen = strlen (name);
850 char *tmp;
851
852 /* first call, setup cache */
853 if (ent->blacklist.size == 0)
854 {
855 ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
856 ent->blacklist.data = malloc (ent->blacklist.size);
857 if (ent->blacklist.data == NULL)
858 return;
859 ent->blacklist.data[0] = '|';
860 ent->blacklist.data[1] = '\0';
861 ent->blacklist.current = 1;
862 }
863 else
864 {
865 if (in_blacklist (name, namelen, ent))
866 return; /* no duplicates */
867
868 if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
869 {
870 ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
871 tmp = realloc (ent->blacklist.data, ent->blacklist.size);
872 if (tmp == NULL)
873 {
874 free (ent->blacklist.data);
875 ent->blacklist.size = 0;
876 return;
877 }
878 ent->blacklist.data = tmp;
879 }
880 }
881
882 tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
883 *tmp++ = '|';
884 *tmp = '\0';
885 ent->blacklist.current += namelen + 1;
886
887 return;
888}
889
cb62745a 890
c131718c 891/* Returns TRUE if ent->blacklist contains name, else FALSE. */
6259ec0d
UD		 892static bool_t
893in_blacklist (const char *name, int namelen, ent_t *ent)
894{
895 char buf[namelen + 3];
c131718c 896 char *cp;
6259ec0d
UD		 897
898 if (ent->blacklist.data == NULL)
cb62745a 899 return false;
6259ec0d 900
c131718c
UD		 901 buf[0] = '|';
902 cp = stpcpy (&buf[1], name);
1e2e27fd 903 *cp++ = '|';
c131718c 904 *cp = '\0';
6259ec0d
UD		 905 return strstr (ent->blacklist.data, buf) != NULL;
906}
A mirror of the official glibc repository