]>
git.ipfire.org Git - thirdparty/glibc.git/blob - nss/nss_compat/compat-spwd.c
c5e04cb96785fff632dec2ef7722f5c0cd4bac17
1 /* Copyright (C) 1996-2019 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
26 #include <stdio_ext.h>
28 #include <libc-lock.h>
29 #include <kernel-features.h>
32 #include "nisdomain.h"
34 static service_user
*ni
;
35 static enum nss_status (*nss_setspent
) (int stayopen
);
36 static enum nss_status (*nss_getspnam_r
) (const char *name
, struct spwd
* sp
,
37 char *buffer
, size_t buflen
,
39 static enum nss_status (*nss_getspent_r
) (struct spwd
* sp
, char *buffer
,
40 size_t buflen
, int *errnop
);
41 static enum nss_status (*nss_endspent
) (void);
43 /* Get the declaration of the parser function. */
45 #define STRUCTURE spwd
47 #include <nss/nss_files/files-parse.c>
49 /* Structure for remembering -@netgroup and -user members ... */
50 #define BLACKLIST_INITIAL_SIZE 512
51 #define BLACKLIST_INCREMENT 256
64 enum nss_status setent_status
;
66 struct blacklist_t blacklist
;
68 struct __netgrent netgrdata
;
70 typedef struct ent_t ent_t
;
72 static ent_t ext_ent
= { false, true, false, NSS_STATUS_SUCCESS
, NULL
,
74 { NULL
, NULL
, 0, 0, 0, 0, 0, 0, 0}};
76 /* Protect global state against multiple changers. */
77 __libc_lock_define_initialized (static, lock
)
79 /* Prototypes for local functions. */
80 static void blacklist_store_name (const char *, ent_t
*);
81 static bool in_blacklist (const char *, int, ent_t
*);
83 /* Initialize the NSS interface/functions. The calling function must
86 init_nss_interface (void)
88 if (__nss_database_lookup ("shadow_compat", "passwd_compat",
91 nss_setspent
= __nss_lookup_function (ni
, "setspent");
92 nss_getspnam_r
= __nss_lookup_function (ni
, "getspnam_r");
93 nss_getspent_r
= __nss_lookup_function (ni
, "getspent_r");
94 nss_endspent
= __nss_lookup_function (ni
, "endspent");
99 give_spwd_free (struct spwd
*pwd
)
104 memset (pwd
, '\0', sizeof (struct spwd
));
112 spwd_need_buflen (struct spwd
*pwd
)
116 if (pwd
->sp_pwdp
!= NULL
)
117 len
+= strlen (pwd
->sp_pwdp
) + 1;
123 copy_spwd_changes (struct spwd
*dest
, struct spwd
*src
,
124 char *buffer
, size_t buflen
)
126 if (src
->sp_pwdp
!= NULL
&& strlen (src
->sp_pwdp
))
129 dest
->sp_pwdp
= strdup (src
->sp_pwdp
);
130 else if (dest
->sp_pwdp
131 && strlen (dest
->sp_pwdp
) >= strlen (src
->sp_pwdp
))
132 strcpy (dest
->sp_pwdp
, src
->sp_pwdp
);
135 dest
->sp_pwdp
= buffer
;
136 strcpy (dest
->sp_pwdp
, src
->sp_pwdp
);
137 buffer
+= strlen (dest
->sp_pwdp
) + 1;
138 buflen
= buflen
- (strlen (dest
->sp_pwdp
) + 1);
141 if (src
->sp_lstchg
!= 0)
142 dest
->sp_lstchg
= src
->sp_lstchg
;
143 if (src
->sp_min
!= 0)
144 dest
->sp_min
= src
->sp_min
;
145 if (src
->sp_max
!= 0)
146 dest
->sp_max
= src
->sp_max
;
147 if (src
->sp_warn
!= -1)
148 dest
->sp_warn
= src
->sp_warn
;
149 if (src
->sp_inact
!= -1)
150 dest
->sp_inact
= src
->sp_inact
;
151 if (src
->sp_expire
!= -1)
152 dest
->sp_expire
= src
->sp_expire
;
153 if (src
->sp_flag
!= ~0ul)
154 dest
->sp_flag
= src
->sp_flag
;
157 static enum nss_status
158 internal_setspent (ent_t
*ent
, int stayopen
, int needent
)
160 enum nss_status status
= NSS_STATUS_SUCCESS
;
162 ent
->first
= ent
->netgroup
= 0;
165 /* If something was left over free it. */
167 __internal_endnetgrent (&ent
->netgrdata
);
169 if (ent
->blacklist
.data
!= NULL
)
171 ent
->blacklist
.current
= 1;
172 ent
->blacklist
.data
[0] = '|';
173 ent
->blacklist
.data
[1] = '\0';
176 ent
->blacklist
.current
= 0;
178 if (ent
->stream
== NULL
)
180 ent
->stream
= fopen ("/etc/shadow", "rme");
182 if (ent
->stream
== NULL
)
183 status
= errno
== EAGAIN
? NSS_STATUS_TRYAGAIN
: NSS_STATUS_UNAVAIL
;
185 /* We take care of locking ourself. */
186 __fsetlocking (ent
->stream
, FSETLOCKING_BYCALLER
);
189 rewind (ent
->stream
);
191 give_spwd_free (&ent
->pwd
);
193 if (needent
&& status
== NSS_STATUS_SUCCESS
&& nss_setspent
)
194 ent
->setent_status
= nss_setspent (stayopen
);
201 _nss_compat_setspent (int stayopen
)
203 enum nss_status result
;
205 __libc_lock_lock (lock
);
208 init_nss_interface ();
210 result
= internal_setspent (&ext_ent
, stayopen
, 1);
212 __libc_lock_unlock (lock
);
218 static enum nss_status
219 internal_endspent (ent_t
*ent
)
221 if (ent
->stream
!= NULL
)
223 fclose (ent
->stream
);
228 __internal_endnetgrent (&ent
->netgrdata
);
230 ent
->first
= ent
->netgroup
= false;
233 if (ent
->blacklist
.data
!= NULL
)
235 ent
->blacklist
.current
= 1;
236 ent
->blacklist
.data
[0] = '|';
237 ent
->blacklist
.data
[1] = '\0';
240 ent
->blacklist
.current
= 0;
242 give_spwd_free (&ent
->pwd
);
244 return NSS_STATUS_SUCCESS
;
248 _nss_compat_endspent (void)
250 enum nss_status result
;
252 __libc_lock_lock (lock
);
257 result
= internal_endspent (&ext_ent
);
259 __libc_lock_unlock (lock
);
265 static enum nss_status
266 getspent_next_nss_netgr (const char *name
, struct spwd
*result
, ent_t
*ent
,
267 char *group
, char *buffer
, size_t buflen
,
270 char *curdomain
= NULL
, *host
, *user
, *domain
, *p2
;
274 return NSS_STATUS_UNAVAIL
;
276 /* If the setpwent call failed, say so. */
277 if (ent
->setent_status
!= NSS_STATUS_SUCCESS
)
278 return ent
->setent_status
;
282 memset (&ent
->netgrdata
, 0, sizeof (struct __netgrent
));
283 __internal_setnetgrent (group
, &ent
->netgrdata
);
289 enum nss_status status
;
291 status
= __internal_getnetgrent_r (&host
, &user
, &domain
,
292 &ent
->netgrdata
, buffer
, buflen
,
296 __internal_endnetgrent (&ent
->netgrdata
);
297 ent
->netgroup
= false;
298 give_spwd_free (&ent
->pwd
);
299 return NSS_STATUS_RETURN
;
302 if (user
== NULL
|| user
[0] == '-')
307 if (curdomain
== NULL
308 && __nss_get_default_domain (&curdomain
) != 0)
310 __internal_endnetgrent (&ent
->netgrdata
);
311 ent
->netgroup
= false;
312 give_spwd_free (&ent
->pwd
);
313 return NSS_STATUS_UNAVAIL
;
315 if (strcmp (curdomain
, domain
) != 0)
319 /* If name != NULL, we are called from getpwnam */
321 if (strcmp (user
, name
) != 0)
324 p2len
= spwd_need_buflen (&ent
->pwd
);
328 return NSS_STATUS_TRYAGAIN
;
330 p2
= buffer
+ (buflen
- p2len
);
333 if (nss_getspnam_r (user
, result
, buffer
, buflen
, errnop
)
334 != NSS_STATUS_SUCCESS
)
337 if (!in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
))
339 /* Store the User in the blacklist for possible the "+" at the
340 end of /etc/passwd */
341 blacklist_store_name (result
->sp_namp
, ent
);
342 copy_spwd_changes (result
, &ent
->pwd
, p2
, p2len
);
347 return NSS_STATUS_SUCCESS
;
351 static enum nss_status
352 getspent_next_nss (struct spwd
*result
, ent_t
*ent
,
353 char *buffer
, size_t buflen
, int *errnop
)
355 enum nss_status status
;
360 return NSS_STATUS_UNAVAIL
;
362 p2len
= spwd_need_buflen (&ent
->pwd
);
366 return NSS_STATUS_TRYAGAIN
;
368 p2
= buffer
+ (buflen
- p2len
);
372 if ((status
= nss_getspent_r (result
, buffer
, buflen
, errnop
))
373 != NSS_STATUS_SUCCESS
)
376 while (in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
));
378 copy_spwd_changes (result
, &ent
->pwd
, p2
, p2len
);
380 return NSS_STATUS_SUCCESS
;
384 /* This function handle the +user entrys in /etc/shadow */
385 static enum nss_status
386 getspnam_plususer (const char *name
, struct spwd
*result
, ent_t
*ent
,
387 char *buffer
, size_t buflen
, int *errnop
)
390 return NSS_STATUS_UNAVAIL
;
393 memset (&pwd
, '\0', sizeof (struct spwd
));
399 copy_spwd_changes (&pwd
, result
, NULL
, 0);
401 size_t plen
= spwd_need_buflen (&pwd
);
405 return NSS_STATUS_TRYAGAIN
;
407 char *p
= buffer
+ (buflen
- plen
);
410 enum nss_status status
= nss_getspnam_r (name
, result
, buffer
, buflen
,
412 if (status
!= NSS_STATUS_SUCCESS
)
415 if (in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
))
416 return NSS_STATUS_NOTFOUND
;
418 copy_spwd_changes (result
, &pwd
, p
, plen
);
419 give_spwd_free (&pwd
);
420 /* We found the entry. */
421 return NSS_STATUS_SUCCESS
;
425 static enum nss_status
426 getspent_next_file (struct spwd
*result
, ent_t
*ent
,
427 char *buffer
, size_t buflen
, int *errnop
)
429 struct parser_data
*data
= (void *) buffer
;
438 /* We need at least 3 characters for one line. */
439 if (__glibc_unlikely (buflen
< 3))
443 return NSS_STATUS_TRYAGAIN
;
446 fgetpos (ent
->stream
, &pos
);
447 buffer
[buflen
- 1] = '\xff';
448 p
= fgets_unlocked (buffer
, buflen
, ent
->stream
);
449 if (p
== NULL
&& feof_unlocked (ent
->stream
))
450 return NSS_STATUS_NOTFOUND
;
452 if (p
== NULL
|| __builtin_expect (buffer
[buflen
- 1] != '\xff', 0))
455 fsetpos (ent
->stream
, &pos
);
459 /* Skip leading blanks. */
463 while (*p
== '\0' || *p
== '#' /* Ignore empty and comment lines. */
464 /* Parse the line. If it is invalid, loop to
465 get the next line of the file to parse. */
466 || !(parse_res
= _nss_files_parse_spent (p
, result
, data
,
469 if (__glibc_unlikely (parse_res
== -1))
470 /* The parser ran out of space. */
473 if (result
->sp_namp
[0] != '+' && result
->sp_namp
[0] != '-')
474 /* This is a real entry. */
478 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] == '@'
479 && result
->sp_namp
[2] != '\0')
481 /* XXX Do not use fixed length buffers. */
483 char *user
, *host
, *domain
;
484 struct __netgrent netgrdata
;
486 memset (&netgrdata
, 0, sizeof (struct __netgrent
));
487 __internal_setnetgrent (&result
->sp_namp
[2], &netgrdata
);
488 while (__internal_getnetgrent_r (&host
, &user
, &domain
,
489 &netgrdata
, buf2
, sizeof (buf2
),
492 if (user
!= NULL
&& user
[0] != '-')
493 blacklist_store_name (user
, ent
);
495 __internal_endnetgrent (&netgrdata
);
500 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '@'
501 && result
->sp_namp
[2] != '\0')
505 ent
->netgroup
= true;
507 copy_spwd_changes (&ent
->pwd
, result
, NULL
, 0);
509 status
= getspent_next_nss_netgr (NULL
, result
, ent
,
511 buffer
, buflen
, errnop
);
512 if (status
== NSS_STATUS_RETURN
)
519 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] != '\0'
520 && result
->sp_namp
[1] != '@')
522 blacklist_store_name (&result
->sp_namp
[1], ent
);
527 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] != '\0'
528 && result
->sp_namp
[1] != '@')
530 size_t len
= strlen (result
->sp_namp
);
532 enum nss_status status
;
534 /* Store the User in the blacklist for the "+" at the end of
536 memcpy (buf
, &result
->sp_namp
[1], len
);
537 status
= getspnam_plususer (&result
->sp_namp
[1], result
, ent
,
538 buffer
, buflen
, errnop
);
539 blacklist_store_name (buf
, ent
);
541 if (status
== NSS_STATUS_SUCCESS
) /* We found the entry. */
543 /* We couldn't parse the entry */
544 else if (status
== NSS_STATUS_RETURN
545 /* entry doesn't exist */
546 || status
== NSS_STATUS_NOTFOUND
)
550 if (status
== NSS_STATUS_TRYAGAIN
)
552 fsetpos (ent
->stream
, &pos
);
560 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '\0')
564 copy_spwd_changes (&ent
->pwd
, result
, NULL
, 0);
566 return getspent_next_nss (result
, ent
, buffer
, buflen
, errnop
);
570 return NSS_STATUS_SUCCESS
;
574 static enum nss_status
575 internal_getspent_r (struct spwd
*pw
, ent_t
*ent
,
576 char *buffer
, size_t buflen
, int *errnop
)
580 enum nss_status status
;
582 /* We are searching members in a netgroup */
583 /* Since this is not the first call, we don't need the group name */
584 status
= getspent_next_nss_netgr (NULL
, pw
, ent
, NULL
, buffer
,
587 if (status
== NSS_STATUS_RETURN
)
588 return getspent_next_file (pw
, ent
, buffer
, buflen
, errnop
);
593 return getspent_next_file (pw
, ent
, buffer
, buflen
, errnop
);
595 return getspent_next_nss (pw
, ent
, buffer
, buflen
, errnop
);
600 _nss_compat_getspent_r (struct spwd
*pwd
, char *buffer
, size_t buflen
,
603 enum nss_status result
= NSS_STATUS_SUCCESS
;
605 __libc_lock_lock (lock
);
607 /* Be prepared that the setpwent function was not called before. */
609 init_nss_interface ();
611 if (ext_ent
.stream
== NULL
)
612 result
= internal_setspent (&ext_ent
, 1, 1);
614 if (result
== NSS_STATUS_SUCCESS
)
615 result
= internal_getspent_r (pwd
, &ext_ent
, buffer
, buflen
, errnop
);
617 __libc_lock_unlock (lock
);
623 /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
624 static enum nss_status
625 internal_getspnam_r (const char *name
, struct spwd
*result
, ent_t
*ent
,
626 char *buffer
, size_t buflen
, int *errnop
)
628 struct parser_data
*data
= (void *) buffer
;
638 /* We need at least 3 characters for one line. */
639 if (__glibc_unlikely (buflen
< 3))
643 return NSS_STATUS_TRYAGAIN
;
646 fgetpos (ent
->stream
, &pos
);
647 buffer
[buflen
- 1] = '\xff';
648 p
= fgets_unlocked (buffer
, buflen
, ent
->stream
);
649 if (p
== NULL
&& feof_unlocked (ent
->stream
))
650 return NSS_STATUS_NOTFOUND
;
652 if (p
== NULL
|| buffer
[buflen
- 1] != '\xff')
655 fsetpos (ent
->stream
, &pos
);
659 /* Terminate the line for any case. */
660 buffer
[buflen
- 1] = '\0';
662 /* Skip leading blanks. */
666 while (*p
== '\0' || *p
== '#' /* Ignore empty and comment lines. */
667 /* Parse the line. If it is invalid, loop to
668 get the next line of the file to parse. */
669 || !(parse_res
= _nss_files_parse_spent (p
, result
, data
, buflen
,
672 if (__glibc_unlikely (parse_res
== -1))
673 /* The parser ran out of space. */
676 /* This is a real entry. */
677 if (result
->sp_namp
[0] != '+' && result
->sp_namp
[0] != '-')
679 if (strcmp (result
->sp_namp
, name
) == 0)
680 return NSS_STATUS_SUCCESS
;
686 /* If the loaded NSS module does not support this service, add
687 all users from a +@netgroup entry to the blacklist, too. */
688 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] == '@'
689 && result
->sp_namp
[2] != '\0')
691 if (innetgr (&result
->sp_namp
[2], NULL
, name
, NULL
))
692 return NSS_STATUS_NOTFOUND
;
697 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '@'
698 && result
->sp_namp
[2] != '\0')
700 enum nss_status status
;
702 if (innetgr (&result
->sp_namp
[2], NULL
, name
, NULL
))
704 status
= getspnam_plususer (name
, result
, ent
, buffer
,
707 if (status
== NSS_STATUS_RETURN
)
716 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] != '\0'
717 && result
->sp_namp
[1] != '@')
719 if (strcmp (&result
->sp_namp
[1], name
) == 0)
720 return NSS_STATUS_NOTFOUND
;
726 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] != '\0'
727 && result
->sp_namp
[1] != '@')
729 if (strcmp (name
, &result
->sp_namp
[1]) == 0)
731 enum nss_status status
;
733 status
= getspnam_plususer (name
, result
, ent
,
734 buffer
, buflen
, errnop
);
736 if (status
== NSS_STATUS_RETURN
)
737 /* We couldn't parse the entry */
738 return NSS_STATUS_NOTFOUND
;
745 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '\0')
747 enum nss_status status
;
749 status
= getspnam_plususer (name
, result
, ent
,
750 buffer
, buflen
, errnop
);
752 if (status
== NSS_STATUS_SUCCESS
)
753 /* We found the entry. */
755 else if (status
== NSS_STATUS_RETURN
)
756 /* We couldn't parse the entry */
757 return NSS_STATUS_NOTFOUND
;
762 return NSS_STATUS_SUCCESS
;
767 _nss_compat_getspnam_r (const char *name
, struct spwd
*pwd
,
768 char *buffer
, size_t buflen
, int *errnop
)
770 enum nss_status result
;
771 ent_t ent
= { false, true, false, NSS_STATUS_SUCCESS
, NULL
, { NULL
, 0, 0},
772 { NULL
, NULL
, 0, 0, 0, 0, 0, 0, 0}};
774 if (name
[0] == '-' || name
[0] == '+')
775 return NSS_STATUS_NOTFOUND
;
777 __libc_lock_lock (lock
);
780 init_nss_interface ();
782 __libc_lock_unlock (lock
);
784 result
= internal_setspent (&ent
, 0, 0);
786 if (result
== NSS_STATUS_SUCCESS
)
787 result
= internal_getspnam_r (name
, pwd
, &ent
, buffer
, buflen
, errnop
);
789 internal_endspent (&ent
);
795 /* Support routines for remembering -@netgroup and -user entries.
796 The names are stored in a single string with `|' as separator. */
798 blacklist_store_name (const char *name
, ent_t
*ent
)
800 int namelen
= strlen (name
);
803 /* first call, setup cache */
804 if (ent
->blacklist
.size
== 0)
806 ent
->blacklist
.size
= MAX (BLACKLIST_INITIAL_SIZE
, 2 * namelen
);
807 ent
->blacklist
.data
= malloc (ent
->blacklist
.size
);
808 if (ent
->blacklist
.data
== NULL
)
810 ent
->blacklist
.data
[0] = '|';
811 ent
->blacklist
.data
[1] = '\0';
812 ent
->blacklist
.current
= 1;
816 if (in_blacklist (name
, namelen
, ent
))
817 return; /* no duplicates */
819 if (ent
->blacklist
.current
+ namelen
+ 1 >= ent
->blacklist
.size
)
821 ent
->blacklist
.size
+= MAX (BLACKLIST_INCREMENT
, 2 * namelen
);
822 tmp
= realloc (ent
->blacklist
.data
, ent
->blacklist
.size
);
825 free (ent
->blacklist
.data
);
826 ent
->blacklist
.size
= 0;
829 ent
->blacklist
.data
= tmp
;
833 tmp
= stpcpy (ent
->blacklist
.data
+ ent
->blacklist
.current
, name
);
836 ent
->blacklist
.current
+= namelen
+ 1;
842 /* Returns whether ent->blacklist contains name. */
844 in_blacklist (const char *name
, int namelen
, ent_t
*ent
)
846 char buf
[namelen
+ 3];
849 if (ent
->blacklist
.data
== NULL
)
853 cp
= stpcpy (&buf
[1], name
);
856 return strstr (ent
->blacklist
.data
, buf
) != NULL
;