]> git.ipfire.org Git - thirdparty/glibc.git/blob - nis/nss_compat/compat-pwd.c
projects / thirdparty / glibc.git / blob
? search:


0583a10b84a2f53ea610bc4c4f2e2a1a1c78707a
[thirdparty/glibc.git] / nis / nss_compat / compat-pwd.c
1 /* Copyright (C) 1996-2017 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
18
19 #include <ctype.h>
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <netdb.h>
23 #include <nss.h>
24 #include <nsswitch.h>
25 #include <pwd.h>
26 #include <stdio_ext.h>
27 #include <string.h>
28 #include <rpc/types.h>
29 #include <rpcsvc/ypclnt.h>
30 #include <libc-lock.h>
31 #include <kernel-features.h>
32
33 #include "netgroup.h"
34
35 static service_user *ni;
36 static enum nss_status (*nss_setpwent) (int stayopen);
37 static enum nss_status (*nss_getpwnam_r) (const char *name,
38 struct passwd * pwd, char *buffer,
39 size_t buflen, int *errnop);
40 static enum nss_status (*nss_getpwuid_r) (uid_t uid, struct passwd * pwd,
41 char *buffer, size_t buflen,
42 int *errnop);
43 static enum nss_status (*nss_getpwent_r) (struct passwd * pwd, char *buffer,
44 size_t buflen, int *errnop);
45 static enum nss_status (*nss_endpwent) (void);
46
47 /* Get the declaration of the parser function. */
48 #define ENTNAME pwent
49 #define STRUCTURE passwd
50 #define EXTERN_PARSER
51 #include <nss/nss_files/files-parse.c>
52
53 /* Structure for remembering -@netgroup and -user members ... */
54 #define BLACKLIST_INITIAL_SIZE 512
55 #define BLACKLIST_INCREMENT 256
56 struct blacklist_t
57 {
58 char *data;
59 int current;
60 int size;
61 };
62
63 struct ent_t
64 {
65 bool netgroup;
66 bool first;
67 bool files;
68 enum nss_status setent_status;
69 FILE *stream;
70 struct blacklist_t blacklist;
71 struct passwd pwd;
72 struct __netgrent netgrdata;
73 };
74 typedef struct ent_t ent_t;
75
76 static ent_t ext_ent = { false, false, true, NSS_STATUS_SUCCESS, NULL,
77 { NULL, 0, 0 },
78 { NULL, NULL, 0, 0, NULL, NULL, NULL }};
79
80 /* Protect global state against multiple changers. */
81 __libc_lock_define_initialized (static, lock)
82
83 /* Prototypes for local functions. */
84 static void blacklist_store_name (const char *, ent_t *);
85 static int in_blacklist (const char *, int, ent_t *);
86
87 /* Initialize the NSS interface/functions. The calling function must
88 hold the lock. */
89 static void
90 init_nss_interface (void)
91 {
92 if (__nss_database_lookup ("passwd_compat", NULL, "nis", &ni) >= 0)
93 {
94 nss_setpwent = __nss_lookup_function (ni, "setpwent");
95 nss_getpwnam_r = __nss_lookup_function (ni, "getpwnam_r");
96 nss_getpwuid_r = __nss_lookup_function (ni, "getpwuid_r");
97 nss_getpwent_r = __nss_lookup_function (ni, "getpwent_r");
98 nss_endpwent = __nss_lookup_function (ni, "endpwent");
99 }
100 }
101
102 static void
103 give_pwd_free (struct passwd *pwd)
104 {
105 free (pwd->pw_name);
106 free (pwd->pw_passwd);
107 free (pwd->pw_gecos);
108 free (pwd->pw_dir);
109 free (pwd->pw_shell);
110
111 memset (pwd, '\0', sizeof (struct passwd));
112 }
113
114 static size_t
115 pwd_need_buflen (struct passwd *pwd)
116 {
117 size_t len = 0;
118
119 if (pwd->pw_passwd != NULL)
120 len += strlen (pwd->pw_passwd) + 1;
121
122 if (pwd->pw_gecos != NULL)
123 len += strlen (pwd->pw_gecos) + 1;
124
125 if (pwd->pw_dir != NULL)
126 len += strlen (pwd->pw_dir) + 1;
127
128 if (pwd->pw_shell != NULL)
129 len += strlen (pwd->pw_shell) + 1;
130
131 return len;
132 }
133
134 static void
135 copy_pwd_changes (struct passwd *dest, struct passwd *src,
136 char *buffer, size_t buflen)
137 {
138 if (src->pw_passwd != NULL && strlen (src->pw_passwd))
139 {
140 if (buffer == NULL)
141 dest->pw_passwd = strdup (src->pw_passwd);
142 else if (dest->pw_passwd &&
143 strlen (dest->pw_passwd) >= strlen (src->pw_passwd))
144 strcpy (dest->pw_passwd, src->pw_passwd);
145 else
146 {
147 dest->pw_passwd = buffer;
148 strcpy (dest->pw_passwd, src->pw_passwd);
149 buffer += strlen (dest->pw_passwd) + 1;
150 buflen = buflen - (strlen (dest->pw_passwd) + 1);
151 }
152 }
153
154 if (src->pw_gecos != NULL && strlen (src->pw_gecos))
155 {
156 if (buffer == NULL)
157 dest->pw_gecos = strdup (src->pw_gecos);
158 else if (dest->pw_gecos &&
159 strlen (dest->pw_gecos) >= strlen (src->pw_gecos))
160 strcpy (dest->pw_gecos, src->pw_gecos);
161 else
162 {
163 dest->pw_gecos = buffer;
164 strcpy (dest->pw_gecos, src->pw_gecos);
165 buffer += strlen (dest->pw_gecos) + 1;
166 buflen = buflen - (strlen (dest->pw_gecos) + 1);
167 }
168 }
169 if (src->pw_dir != NULL && strlen (src->pw_dir))
170 {
171 if (buffer == NULL)
172 dest->pw_dir = strdup (src->pw_dir);
173 else if (dest->pw_dir && strlen (dest->pw_dir) >= strlen (src->pw_dir))
174 strcpy (dest->pw_dir, src->pw_dir);
175 else
176 {
177 dest->pw_dir = buffer;
178 strcpy (dest->pw_dir, src->pw_dir);
179 buffer += strlen (dest->pw_dir) + 1;
180 buflen = buflen - (strlen (dest->pw_dir) + 1);
181 }
182 }
183
184 if (src->pw_shell != NULL && strlen (src->pw_shell))
185 {
186 if (buffer == NULL)
187 dest->pw_shell = strdup (src->pw_shell);
188 else if (dest->pw_shell &&
189 strlen (dest->pw_shell) >= strlen (src->pw_shell))
190 strcpy (dest->pw_shell, src->pw_shell);
191 else
192 {
193 dest->pw_shell = buffer;
194 strcpy (dest->pw_shell, src->pw_shell);
195 buffer += strlen (dest->pw_shell) + 1;
196 buflen = buflen - (strlen (dest->pw_shell) + 1);
197 }
198 }
199 }
200
201 static enum nss_status
202 internal_setpwent (ent_t *ent, int stayopen, int needent)
203 {
204 enum nss_status status = NSS_STATUS_SUCCESS;
205
206 ent->first = ent->netgroup = false;
207 ent->files = true;
208 ent->setent_status = NSS_STATUS_SUCCESS;
209
210 /* If something was left over free it. */
211 if (ent->netgroup)
212 __internal_endnetgrent (&ent->netgrdata);
213
214 if (ent->blacklist.data != NULL)
215 {
216 ent->blacklist.current = 1;
217 ent->blacklist.data[0] = '|';
218 ent->blacklist.data[1] = '\0';
219 }
220 else
221 ent->blacklist.current = 0;
222
223 if (ent->stream == NULL)
224 {
225 ent->stream = fopen ("/etc/passwd", "rme");
226
227 if (ent->stream == NULL)
228 status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
229 else
230 /* We take care of locking ourself. */
231 __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
232 }
233 else
234 rewind (ent->stream);
235
236 give_pwd_free (&ent->pwd);
237
238 if (needent && status == NSS_STATUS_SUCCESS && nss_setpwent)
239 ent->setent_status = nss_setpwent (stayopen);
240
241 return status;
242 }
243
244
245 enum nss_status
246 _nss_compat_setpwent (int stayopen)
247 {
248 enum nss_status result;
249
250 __libc_lock_lock (lock);
251
252 if (ni == NULL)
253 init_nss_interface ();
254
255 result = internal_setpwent (&ext_ent, stayopen, 1);
256
257 __libc_lock_unlock (lock);
258
259 return result;
260 }
261
262
263 static enum nss_status
264 internal_endpwent (ent_t *ent)
265 {
266 if (ent->stream != NULL)
267 {
268 fclose (ent->stream);
269 ent->stream = NULL;
270 }
271
272 if (ent->netgroup)
273 __internal_endnetgrent (&ent->netgrdata);
274
275 ent->first = ent->netgroup = false;
276
277 if (ent->blacklist.data != NULL)
278 {
279 ent->blacklist.current = 1;
280 ent->blacklist.data[0] = '|';
281 ent->blacklist.data[1] = '\0';
282 }
283 else
284 ent->blacklist.current = 0;
285
286 give_pwd_free (&ent->pwd);
287
288 return NSS_STATUS_SUCCESS;
289 }
290
291 enum nss_status
292 _nss_compat_endpwent (void)
293 {
294 enum nss_status result;
295
296 __libc_lock_lock (lock);
297
298 if (nss_endpwent)
299 nss_endpwent ();
300
301 result = internal_endpwent (&ext_ent);
302
303 __libc_lock_unlock (lock);
304
305 return result;
306 }
307
308
309 static enum nss_status
310 getpwent_next_nss_netgr (const char *name, struct passwd *result, ent_t *ent,
311 char *group, char *buffer, size_t buflen,
312 int *errnop)
313 {
314 char *curdomain = NULL, *host, *user, *domain, *p2;
315 int status;
316 size_t p2len;
317
318 /* Leave function if NSS module does not support getpwnam_r,
319 we need this function here. */
320 if (!nss_getpwnam_r)
321 return NSS_STATUS_UNAVAIL;
322
323 if (ent->first)
324 {
325 memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
326 __internal_setnetgrent (group, &ent->netgrdata);
327 ent->first = false;
328 }
329
330 while (1)
331 {
332 status = __internal_getnetgrent_r (&host, &user, &domain,
333 &ent->netgrdata, buffer, buflen,
334 errnop);
335 if (status != 1)
336 {
337 __internal_endnetgrent (&ent->netgrdata);
338 ent->netgroup = 0;
339 give_pwd_free (&ent->pwd);
340 return NSS_STATUS_RETURN;
341 }
342
343 if (user == NULL || user[0] == '-')
344 continue;
345
346 if (domain != NULL)
347 {
348 if (curdomain == NULL
349 && yp_get_default_domain (&curdomain) != YPERR_SUCCESS)
350 {
351 __internal_endnetgrent (&ent->netgrdata);
352 ent->netgroup = false;
353 give_pwd_free (&ent->pwd);
354 return NSS_STATUS_UNAVAIL;
355 }
356 if (strcmp (curdomain, domain) != 0)
357 continue;
358 }
359
360 /* If name != NULL, we are called from getpwnam. */
361 if (name != NULL)
362 if (strcmp (user, name) != 0)
363 continue;
364
365 p2len = pwd_need_buflen (&ent->pwd);
366 if (p2len > buflen)
367 {
368 *errnop = ERANGE;
369 return NSS_STATUS_TRYAGAIN;
370 }
371 p2 = buffer + (buflen - p2len);
372 buflen -= p2len;
373
374 if (nss_getpwnam_r (user, result, buffer, buflen, errnop) !=
375 NSS_STATUS_SUCCESS)
376 continue;
377
378 if (!in_blacklist (result->pw_name, strlen (result->pw_name), ent))
379 {
380 /* Store the User in the blacklist for possible the "+" at the
381 end of /etc/passwd */
382 blacklist_store_name (result->pw_name, ent);
383 copy_pwd_changes (result, &ent->pwd, p2, p2len);
384 break;
385 }
386 }
387
388 return NSS_STATUS_SUCCESS;
389 }
390
391 /* get the next user from NSS (+ entry) */
392 static enum nss_status
393 getpwent_next_nss (struct passwd *result, ent_t *ent, char *buffer,
394 size_t buflen, int *errnop)
395 {
396 enum nss_status status;
397 char *p2;
398 size_t p2len;
399
400 /* Return if NSS module does not support getpwent_r. */
401 if (!nss_getpwent_r)
402 return NSS_STATUS_UNAVAIL;
403
404 /* If the setpwent call failed, say so. */
405 if (ent->setent_status != NSS_STATUS_SUCCESS)
406 return ent->setent_status;
407
408 p2len = pwd_need_buflen (&ent->pwd);
409 if (p2len > buflen)
410 {
411 *errnop = ERANGE;
412 return NSS_STATUS_TRYAGAIN;
413 }
414 p2 = buffer + (buflen - p2len);
415 buflen -= p2len;
416
417 if (ent->first)
418 ent->first = false;
419
420 do
421 {
422 if ((status = nss_getpwent_r (result, buffer, buflen, errnop)) !=
423 NSS_STATUS_SUCCESS)
424 return status;
425 }
426 while (in_blacklist (result->pw_name, strlen (result->pw_name), ent));
427
428 copy_pwd_changes (result, &ent->pwd, p2, p2len);
429
430 return NSS_STATUS_SUCCESS;
431 }
432
433 /* This function handle the +user entrys in /etc/passwd */
434 static enum nss_status
435 getpwnam_plususer (const char *name, struct passwd *result, ent_t *ent,
436 char *buffer, size_t buflen, int *errnop)
437 {
438 if (!nss_getpwnam_r)
439 return NSS_STATUS_UNAVAIL;
440
441 struct passwd pwd;
442 memset (&pwd, '\0', sizeof (struct passwd));
443
444 copy_pwd_changes (&pwd, result, NULL, 0);
445
446 size_t plen = pwd_need_buflen (&pwd);
447 if (plen > buflen)
448 {
449 *errnop = ERANGE;
450 return NSS_STATUS_TRYAGAIN;
451 }
452 char *p = buffer + (buflen - plen);
453 buflen -= plen;
454
455 enum nss_status status = nss_getpwnam_r (name, result, buffer, buflen,
456 errnop);
457 if (status != NSS_STATUS_SUCCESS)
458 return status;
459
460 if (in_blacklist (result->pw_name, strlen (result->pw_name), ent))
461 return NSS_STATUS_NOTFOUND;
462
463 copy_pwd_changes (result, &pwd, p, plen);
464 give_pwd_free (&pwd);
465 /* We found the entry. */
466 return NSS_STATUS_SUCCESS;
467 }
468
469 static enum nss_status
470 getpwent_next_file (struct passwd *result, ent_t *ent,
471 char *buffer, size_t buflen, int *errnop)
472 {
473 struct parser_data *data = (void *) buffer;
474 while (1)
475 {
476 fpos_t pos;
477 char *p;
478 int parse_res;
479
480 do
481 {
482 /* We need at least 3 characters for one line. */
483 if (__glibc_unlikely (buflen < 3))
484 {
485 erange:
486 *errnop = ERANGE;
487 return NSS_STATUS_TRYAGAIN;
488 }
489
490 fgetpos (ent->stream, &pos);
491 buffer[buflen - 1] = '\xff';
492 p = fgets_unlocked (buffer, buflen, ent->stream);
493 if (p == NULL && feof_unlocked (ent->stream))
494 return NSS_STATUS_NOTFOUND;
495
496 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
497 {
498 erange_reset:
499 fsetpos (ent->stream, &pos);
500 goto erange;
501 }
502
503 /* Terminate the line for any case. */
504 buffer[buflen - 1] = '\0';
505
506 /* Skip leading blanks. */
507 while (isspace (*p))
508 ++p;
509 }
510 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
511 /* Parse the line. If it is invalid, loop to
512 get the next line of the file to parse. */
513 !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
514 errnop)));
515
516 if (__glibc_unlikely (parse_res == -1))
517 /* The parser ran out of space. */
518 goto erange_reset;
519
520 if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
521 /* This is a real entry. */
522 break;
523
524 /* -@netgroup */
525 if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
526 && result->pw_name[2] != '\0')
527 {
528 /* XXX Do not use fixed length buffer. */
529 char buf2[1024];
530 char *user, *host, *domain;
531 struct __netgrent netgrdata;
532
533 memset (&netgrdata, 0, sizeof (struct __netgrent));
534 __internal_setnetgrent (&result->pw_name[2], &netgrdata);
535 while (__internal_getnetgrent_r (&host, &user, &domain, &netgrdata,
536 buf2, sizeof (buf2), errnop))
537 {
538 if (user != NULL && user[0] != '-')
539 blacklist_store_name (user, ent);
540 }
541 __internal_endnetgrent (&netgrdata);
542 continue;
543 }
544
545 /* +@netgroup */
546 if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
547 && result->pw_name[2] != '\0')
548 {
549 enum nss_status status;
550
551 ent->netgroup = true;
552 ent->first = true;
553 copy_pwd_changes (&ent->pwd, result, NULL, 0);
554
555 status = getpwent_next_nss_netgr (NULL, result, ent,
556 &result->pw_name[2],
557 buffer, buflen, errnop);
558 if (status == NSS_STATUS_RETURN)
559 continue;
560 else
561 return status;
562 }
563
564 /* -user */
565 if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
566 && result->pw_name[1] != '@')
567 {
568 blacklist_store_name (&result->pw_name[1], ent);
569 continue;
570 }
571
572 /* +user */
573 if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
574 && result->pw_name[1] != '@')
575 {
576 size_t len = strlen (result->pw_name);
577 char buf[len];
578 enum nss_status status;
579
580 /* Store the User in the blacklist for the "+" at the end of
581 /etc/passwd */
582 memcpy (buf, &result->pw_name[1], len);
583 status = getpwnam_plususer (&result->pw_name[1], result, ent,
584 buffer, buflen, errnop);
585 blacklist_store_name (buf, ent);
586
587 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
588 break;
589 else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry */
590 || status == NSS_STATUS_NOTFOUND) /* entry doesn't exist */
591 continue;
592 else
593 {
594 if (status == NSS_STATUS_TRYAGAIN)
595 {
596 /* The parser ran out of space */
597 fsetpos (ent->stream, &pos);
598 *errnop = ERANGE;
599 }
600 return status;
601 }
602 }
603
604 /* +:... */
605 if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
606 {
607 ent->files = false;
608 ent->first = true;
609 copy_pwd_changes (&ent->pwd, result, NULL, 0);
610
611 return getpwent_next_nss (result, ent, buffer, buflen, errnop);
612 }
613 }
614
615 return NSS_STATUS_SUCCESS;
616 }
617
618
619 static enum nss_status
620 internal_getpwent_r (struct passwd *pw, ent_t *ent, char *buffer,
621 size_t buflen, int *errnop)
622 {
623 if (ent->netgroup)
624 {
625 enum nss_status status;
626
627 /* We are searching members in a netgroup */
628 /* Since this is not the first call, we don't need the group name */
629 status = getpwent_next_nss_netgr (NULL, pw, ent, NULL, buffer, buflen,
630 errnop);
631 if (status == NSS_STATUS_RETURN)
632 return getpwent_next_file (pw, ent, buffer, buflen, errnop);
633 else
634 return status;
635 }
636 else if (ent->files)
637 return getpwent_next_file (pw, ent, buffer, buflen, errnop);
638 else
639 return getpwent_next_nss (pw, ent, buffer, buflen, errnop);
640
641 }
642
643 enum nss_status
644 _nss_compat_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
645 int *errnop)
646 {
647 enum nss_status result = NSS_STATUS_SUCCESS;
648
649 __libc_lock_lock (lock);
650
651 /* Be prepared that the setpwent function was not called before. */
652 if (ni == NULL)
653 init_nss_interface ();
654
655 if (ext_ent.stream == NULL)
656 result = internal_setpwent (&ext_ent, 1, 1);
657
658 if (result == NSS_STATUS_SUCCESS)
659 result = internal_getpwent_r (pwd, &ext_ent, buffer, buflen, errnop);
660
661 __libc_lock_unlock (lock);
662
663 return result;
664 }
665
666 /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
667 static enum nss_status
668 internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
669 char *buffer, size_t buflen, int *errnop)
670 {
671 struct parser_data *data = (void *) buffer;
672
673 while (1)
674 {
675 fpos_t pos;
676 char *p;
677 int parse_res;
678
679 do
680 {
681 /* We need at least 3 characters for one line. */
682 if (__glibc_unlikely (buflen < 3))
683 {
684 erange:
685 *errnop = ERANGE;
686 return NSS_STATUS_TRYAGAIN;
687 }
688
689 fgetpos (ent->stream, &pos);
690 buffer[buflen - 1] = '\xff';
691 p = fgets_unlocked (buffer, buflen, ent->stream);
692 if (p == NULL && feof_unlocked (ent->stream))
693 {
694 return NSS_STATUS_NOTFOUND;
695 }
696 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
697 {
698 erange_reset:
699 fsetpos (ent->stream, &pos);
700 goto erange;
701 }
702
703 /* Terminate the line for any case. */
704 buffer[buflen - 1] = '\0';
705
706 /* Skip leading blanks. */
707 while (isspace (*p))
708 ++p;
709 }
710 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
711 /* Parse the line. If it is invalid, loop to
712 get the next line of the file to parse. */
713 !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
714 errnop)));
715
716 if (__glibc_unlikely (parse_res == -1))
717 /* The parser ran out of space. */
718 goto erange_reset;
719
720 /* This is a real entry. */
721 if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
722 {
723 if (strcmp (result->pw_name, name) == 0)
724 return NSS_STATUS_SUCCESS;
725 else
726 continue;
727 }
728
729 /* -@netgroup */
730 if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
731 && result->pw_name[2] != '\0')
732 {
733 if (innetgr (&result->pw_name[2], NULL, name, NULL))
734 return NSS_STATUS_NOTFOUND;
735 continue;
736 }
737
738 /* +@netgroup */
739 if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
740 && result->pw_name[2] != '\0')
741 {
742 enum nss_status status;
743
744 if (innetgr (&result->pw_name[2], NULL, name, NULL))
745 {
746 status = getpwnam_plususer (name, result, ent, buffer,
747 buflen, errnop);
748
749 if (status == NSS_STATUS_RETURN)
750 continue;
751
752 return status;
753 }
754 continue;
755 }
756
757 /* -user */
758 if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
759 && result->pw_name[1] != '@')
760 {
761 if (strcmp (&result->pw_name[1], name) == 0)
762 return NSS_STATUS_NOTFOUND;
763 else
764 continue;
765 }
766
767 /* +user */
768 if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
769 && result->pw_name[1] != '@')
770 {
771 if (strcmp (name, &result->pw_name[1]) == 0)
772 {
773 enum nss_status status;
774
775 status = getpwnam_plususer (name, result, ent, buffer, buflen,
776 errnop);
777 if (status == NSS_STATUS_RETURN)
778 /* We couldn't parse the entry */
779 return NSS_STATUS_NOTFOUND;
780 else
781 return status;
782 }
783 }
784
785 /* +:... */
786 if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
787 {
788 enum nss_status status;
789
790 status = getpwnam_plususer (name, result, ent,
791 buffer, buflen, errnop);
792 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
793 break;
794 else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
795 return NSS_STATUS_NOTFOUND;
796 else
797 return status;
798 }
799 }
800 return NSS_STATUS_SUCCESS;
801 }
802
803 enum nss_status
804 _nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
805 char *buffer, size_t buflen, int *errnop)
806 {
807 enum nss_status result;
808 ent_t ent = { false, false, true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 },
809 { NULL, NULL, 0, 0, NULL, NULL, NULL }};
810
811 if (name[0] == '-' || name[0] == '+')
812 return NSS_STATUS_NOTFOUND;
813
814 __libc_lock_lock (lock);
815
816 if (ni == NULL)
817 init_nss_interface ();
818
819 __libc_lock_unlock (lock);
820
821 result = internal_setpwent (&ent, 0, 0);
822
823 if (result == NSS_STATUS_SUCCESS)
824 result = internal_getpwnam_r (name, pwd, &ent, buffer, buflen, errnop);
825
826 internal_endpwent (&ent);
827
828 return result;
829 }
830
831 /* This function handle the + entry in /etc/passwd for getpwuid */
832 static enum nss_status
833 getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
834 size_t buflen, int *errnop)
835 {
836 struct passwd pwd;
837 char *p;
838 size_t plen;
839
840 if (!nss_getpwuid_r)
841 return NSS_STATUS_UNAVAIL;
842
843 memset (&pwd, '\0', sizeof (struct passwd));
844
845 copy_pwd_changes (&pwd, result, NULL, 0);
846
847 plen = pwd_need_buflen (&pwd);
848 if (plen > buflen)
849 {
850 *errnop = ERANGE;
851 return NSS_STATUS_TRYAGAIN;
852 }
853 p = buffer + (buflen - plen);
854 buflen -= plen;
855
856 if (nss_getpwuid_r (uid, result, buffer, buflen, errnop) ==
857 NSS_STATUS_SUCCESS)
858 {
859 copy_pwd_changes (result, &pwd, p, plen);
860 give_pwd_free (&pwd);
861 /* We found the entry. */
862 return NSS_STATUS_SUCCESS;
863 }
864 else
865 {
866 /* Give buffer the old len back */
867 buflen += plen;
868 give_pwd_free (&pwd);
869 }
870 return NSS_STATUS_RETURN;
871 }
872
873 /* Searches in /etc/passwd and the NSS subsystem for a special user id */
874 static enum nss_status
875 internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
876 char *buffer, size_t buflen, int *errnop)
877 {
878 struct parser_data *data = (void *) buffer;
879
880 while (1)
881 {
882 fpos_t pos;
883 char *p;
884 int parse_res;
885
886 do
887 {
888 /* We need at least 3 characters for one line. */
889 if (__glibc_unlikely (buflen < 3))
890 {
891 erange:
892 *errnop = ERANGE;
893 return NSS_STATUS_TRYAGAIN;
894 }
895
896 fgetpos (ent->stream, &pos);
897 buffer[buflen - 1] = '\xff';
898 p = fgets_unlocked (buffer, buflen, ent->stream);
899 if (p == NULL && feof_unlocked (ent->stream))
900 return NSS_STATUS_NOTFOUND;
901
902 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
903 {
904 erange_reset:
905 fsetpos (ent->stream, &pos);
906 goto erange;
907 }
908
909 /* Terminate the line for any case. */
910 buffer[buflen - 1] = '\0';
911
912 /* Skip leading blanks. */
913 while (isspace (*p))
914 ++p;
915 }
916 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
917 /* Parse the line. If it is invalid, loop to
918 get the next line of the file to parse. */
919 !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
920 errnop)));
921
922 if (__glibc_unlikely (parse_res == -1))
923 /* The parser ran out of space. */
924 goto erange_reset;
925
926 /* This is a real entry. */
927 if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
928 {
929 if (result->pw_uid == uid)
930 return NSS_STATUS_SUCCESS;
931 else
932 continue;
933 }
934
935 /* -@netgroup */
936 if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
937 && result->pw_name[2] != '\0')
938 {
939 /* -1, because we remove first two character of pw_name. */
940 size_t len = strlen (result->pw_name) - 1;
941 char buf[len];
942 enum nss_status status;
943
944 memcpy (buf, &result->pw_name[2], len);
945
946 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
947 if (status == NSS_STATUS_SUCCESS &&
948 innetgr (buf, NULL, result->pw_name, NULL))
949 return NSS_STATUS_NOTFOUND;
950
951 continue;
952 }
953
954 /* +@netgroup */
955 if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
956 && result->pw_name[2] != '\0')
957 {
958 /* -1, because we remove first two characters of pw_name. */
959 size_t len = strlen (result->pw_name) - 1;
960 char buf[len];
961 enum nss_status status;
962
963 memcpy (buf, &result->pw_name[2], len);
964
965 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
966
967 if (status == NSS_STATUS_RETURN)
968 continue;
969
970 if (status == NSS_STATUS_SUCCESS)
971 {
972 if (innetgr (buf, NULL, result->pw_name, NULL))
973 return NSS_STATUS_SUCCESS;
974 }
975 else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
976 return NSS_STATUS_NOTFOUND;
977 else
978 return status;
979
980 continue;
981 }
982
983 /* -user */
984 if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
985 && result->pw_name[1] != '@')
986 {
987 size_t len = strlen (result->pw_name);
988 char buf[len];
989 enum nss_status status;
990
991 memcpy (buf, &result->pw_name[1], len);
992
993 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
994 if (status == NSS_STATUS_SUCCESS &&
995 innetgr (buf, NULL, result->pw_name, NULL))
996 return NSS_STATUS_NOTFOUND;
997 continue;
998 }
999
1000 /* +user */
1001 if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
1002 && result->pw_name[1] != '@')
1003 {
1004 size_t len = strlen (result->pw_name);
1005 char buf[len];
1006 enum nss_status status;
1007
1008 memcpy (buf, &result->pw_name[1], len);
1009
1010 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
1011
1012 if (status == NSS_STATUS_RETURN)
1013 continue;
1014
1015 if (status == NSS_STATUS_SUCCESS)
1016 {
1017 if (strcmp (buf, result->pw_name) == 0)
1018 return NSS_STATUS_SUCCESS;
1019 }
1020 else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
1021 return NSS_STATUS_NOTFOUND;
1022 else
1023 return status;
1024
1025 continue;
1026 }
1027
1028 /* +:... */
1029 if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
1030 {
1031 enum nss_status status;
1032
1033 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
1034 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
1035 break;
1036 else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
1037 return NSS_STATUS_NOTFOUND;
1038 else
1039 return status;
1040 }
1041 }
1042 return NSS_STATUS_SUCCESS;
1043 }
1044
1045 enum nss_status
1046 _nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
1047 char *buffer, size_t buflen, int *errnop)
1048 {
1049 enum nss_status result;
1050 ent_t ent = { false, false, true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 },
1051 { NULL, NULL, 0, 0, NULL, NULL, NULL }};
1052
1053 __libc_lock_lock (lock);
1054
1055 if (ni == NULL)
1056 init_nss_interface ();
1057
1058 __libc_lock_unlock (lock);
1059
1060 result = internal_setpwent (&ent, 0, 0);
1061
1062 if (result == NSS_STATUS_SUCCESS)
1063 result = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen, errnop);
1064
1065 internal_endpwent (&ent);
1066
1067 return result;
1068 }
1069
1070
1071 /* Support routines for remembering -@netgroup and -user entries.
1072 The names are stored in a single string with `|' as separator. */
1073 static void
1074 blacklist_store_name (const char *name, ent_t *ent)
1075 {
1076 int namelen = strlen (name);
1077 char *tmp;
1078
1079 /* first call, setup cache */
1080 if (ent->blacklist.size == 0)
1081 {
1082 ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
1083 ent->blacklist.data = malloc (ent->blacklist.size);
1084 if (ent->blacklist.data == NULL)
1085 return;
1086 ent->blacklist.data[0] = '|';
1087 ent->blacklist.data[1] = '\0';
1088 ent->blacklist.current = 1;
1089 }
1090 else
1091 {
1092 if (in_blacklist (name, namelen, ent))
1093 return; /* no duplicates */
1094
1095 if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
1096 {
1097 ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
1098 tmp = realloc (ent->blacklist.data, ent->blacklist.size);
1099 if (tmp == NULL)
1100 {
1101 free (ent->blacklist.data);
1102 ent->blacklist.size = 0;
1103 return;
1104 }
1105 ent->blacklist.data = tmp;
1106 }
1107 }
1108
1109 tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
1110 *tmp++ = '|';
1111 *tmp = '\0';
1112 ent->blacklist.current += namelen + 1;
1113
1114 return;
1115 }
1116
1117 /* Returns TRUE if ent->blacklist contains name, else FALSE. */
1118 static bool_t
1119 in_blacklist (const char *name, int namelen, ent_t *ent)
1120 {
1121 char buf[namelen + 3];
1122 char *cp;
1123
1124 if (ent->blacklist.data == NULL)
1125 return FALSE;
1126
1127 buf[0] = '|';
1128 cp = stpcpy (&buf[1], name);
1129 *cp++ = '|';
1130 *cp = '\0';
1131 return strstr (ent->blacklist.data, buf) != NULL;
1132 }
A mirror of the official glibc repository