fix some more severe bugs.
#include <string.h>
#include <rpcsvc/yp.h>
#include <rpcsvc/ypclnt.h>
+#include <nsswitch.h>
/* Get the declaration of the parser function. */
#define ENTNAME grent
#define EXTERN_PARSER
#include "../../nss/nss_files/files-parse.c"
-/* Structure for remembering -@netgroup and -user members ... */
+/* Structure for remembering -group members ... */
#define BLACKLIST_INITIAL_SIZE 512
#define BLACKLIST_INCREMENT 256
struct blacklist_t
int oldkeylen;
FILE *stream;
struct blacklist_t blacklist;
- };
+};
typedef struct ent_t ent_t;
static ent_t ext_ent = {0, 0, NULL, 0, NULL, {NULL, 0, 0}};
struct parser_data *data = (void *) buffer;
char *domain;
char *outkey, *outval;
- int outkeylen, outvallen;
+ int outkeylen, outvallen, parse_res;
char *p;
if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
do
{
+ char *save_oldkey;
+ int save_oldlen;
+ bool_t save_nis_first;
+
if (ent->nis_first)
{
if (yp_first (domain, "group.byname", &outkey, &outkeylen,
ent->nis = 0;
return NSS_STATUS_UNAVAIL;
}
-
+ save_oldkey = ent->oldkey;
+ save_oldlen = ent->oldkeylen;
+ save_nis_first = TRUE;
ent->oldkey = outkey;
ent->oldkeylen = outkeylen;
ent->nis_first = FALSE;
return NSS_STATUS_NOTFOUND;
}
- free (ent->oldkey);
+ save_oldkey = ent->oldkey;
+ save_oldlen = ent->oldkeylen;
+ save_nis_first = FALSE;
ent->oldkey = outkey;
ent->oldkeylen = outkeylen;
}
while (isspace (*p))
++p;
+
+ if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1)
+ {
+ free (ent->oldkey);
+ ent->oldkey = save_oldkey;
+ ent->oldkeylen = save_oldlen;
+ ent->nis_first = save_nis_first;
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ else
+ {
+ if (!save_nis_first)
+ free (save_oldkey);
+ }
+
+ if (parse_res &&
+ in_blacklist (result->gr_name, strlen (result->gr_name), ent))
+ parse_res = 0; /* if result->gr_name in blacklist,search next entry */
+ }
+ while (!parse_res);
+
+ return NSS_STATUS_SUCCESS;
+}
+
+/* This function handle the +group entrys in /etc/group */
+static enum nss_status
+getgrnam_plusgroup (const char *name, struct group *result, char *buffer,
+ size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ int parse_res;
+ char *domain, *outval, *p;
+ int outvallen;
+
+ if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+
+ if (yp_match (domain, "group.byname", name, strlen (name),
+ &outval, &outvallen) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+ p = strncpy (buffer, outval,
+ buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+ free (outval);
+ while (isspace (*p))
+ p++;
+ if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
}
- while (!_nss_files_parse_grent (p, result, data, buflen));
- if (!in_blacklist (result->gr_name, strlen (result->gr_name), ent))
+ if (parse_res)
+ /* We found the entry. */
return NSS_STATUS_SUCCESS;
else
- return NSS_STATUS_NOTFOUND;
+ return NSS_STATUS_RETURN;
}
-
static enum nss_status
getgrent_next_file (struct group *result, ent_t *ent,
char *buffer, size_t buflen)
struct parser_data *data = (void *) buffer;
while (1)
{
+ fpos_t pos;
+ int parse_res = 0;
char *p;
do
{
+ fgetpos (ent->stream, &pos);
p = fgets (buffer, buflen, ent->stream);
if (p == NULL)
- return NSS_STATUS_NOTFOUND;
+ {
+ if (feof (ent->stream))
+ return NSS_STATUS_NOTFOUND;
+ else
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
/* Terminate the line for any case. */
buffer[buflen - 1] = '\0';
while (isspace (*p))
++p;
}
- /* Ignore empty and comment lines. */
- while (*p == '\0' || *p == '#' ||
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
/* Parse the line. If it is invalid, loop to
get the next line of the file to parse. */
- !_nss_files_parse_grent (p, result, data, buflen));
+ !(parse_res = _nss_files_parse_grent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
/* This is a real entry. */
if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
&& result->gr_name[1] != '@')
{
- char *domain;
- char *outval;
- int outvallen;
-
- if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
- /* XXX Should we regard this as an fatal error? I don't
- think so. Just continue working. --drepper@gnu */
- continue;
+ enum nss_status status;
- if (yp_match (domain, "group.byname", &result->gr_name[1],
- strlen (result->gr_name) - 1, &outval, &outvallen)
- != YPERR_SUCCESS)
- continue;
-
- p = strncpy (buffer, outval, buflen);
- while (isspace (*p))
- p++;
- free (outval);
- if (_nss_files_parse_grent (p, result, data, buflen))
- /* We found the entry. */
- break;
+ /* Store the group in the blacklist for the "+" at the end of
+ /etc/group */
+ blacklist_store_name (&result->gr_name[1], ent);
+ status = getgrnam_plusgroup (&result->gr_name[1], result, buffer,
+ buflen);
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
+ break;
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ continue;
+ else
+ return status;
}
/* +:... */
size_t buflen)
{
if (ent->nis)
- return getgrent_next_nis (gr, ent, buffer, buflen);
+ {
+ return getgrent_next_nis (gr, ent, buffer, buflen);
+ }
else
return getgrent_next_file (gr, ent, buffer, buflen);
}
return status;
}
+/* Searches in /etc/group and the NIS/NIS+ map for a special group */
+static enum nss_status
+internal_getgrnam_r (const char *name, struct group *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ while (1)
+ {
+ fpos_t pos;
+ int parse_res = 0;
+ char *p;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ {
+ if (feof (ent->stream))
+ return NSS_STATUS_NOTFOUND;
+ else
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_grent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
+ {
+ if (strcmp (result->gr_name, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -group */
+ if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
+ && result->gr_name[1] != '@')
+ {
+ if (strcmp (&result->gr_name[1], name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ else
+ continue;
+ }
+
+ /* +group */
+ if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
+ && result->gr_name[1] != '@')
+ {
+ if (strcmp (name, &result->gr_name[1]) == 0)
+ {
+ enum nss_status status;
+
+ status = getgrnam_plusgroup (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ /* We couldn't parse the entry */
+ continue;
+ else
+ return status;
+ }
+ }
+ /* +:... */
+ if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getgrnam_plusgroup (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ /* We couldn't parse the entry */
+ continue;
+ else
+ return status;
+ }
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getgrnam_r (const char *name, struct group *grp,
if (name[0] == '-' || name[0] == '+')
return NSS_STATUS_NOTFOUND;
+ __libc_lock_lock (lock);
status = internal_setgrent (&ent);
+
+ __libc_lock_unlock (lock);
+
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getgrent_r (grp, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (strcmp (grp->gr_name, name) == 0)
- break;
+ status = internal_getgrnam_r (name, grp, &ent, buffer, buflen);
internal_endgrent (&ent);
+
return status;
}
+/* This function handle the + entry in /etc/group */
+static enum nss_status
+getgrgid_plusgroup (gid_t gid, struct group *result, char *buffer,
+ size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ int parse_res;
+ char buf[1024];
+ char *domain, *outval, *p;
+ int outvallen;
+
+ if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+
+ snprintf (buf, sizeof (buf), "%d", gid);
+
+ if (yp_match (domain, "group.bygid", buf, strlen (buf),
+ &outval, &outvallen) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+ p = strncpy (buffer, outval,
+ buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+ free (outval);
+ while (isspace (*p))
+ p++;
+ if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ if (parse_res)
+ /* We found the entry. */
+ return NSS_STATUS_SUCCESS;
+ else
+ return NSS_STATUS_RETURN;
+}
+
+/* Searches in /etc/group and the NIS/NIS+ map for a special group id */
+static enum nss_status
+internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ while (1)
+ {
+ fpos_t pos;
+ int parse_res = 0;
+ char *p;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ {
+ if (feof (ent->stream))
+ return NSS_STATUS_NOTFOUND;
+ else
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_grent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
+ {
+ if (result->gr_gid == gid)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -group */
+ if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
+ && result->gr_name[1] != '@')
+ {
+ blacklist_store_name (&result->gr_name[1], ent);
+ continue;
+ }
+
+ /* +group */
+ if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
+ && result->gr_name[1] != '@')
+ {
+ enum nss_status status;
+
+ /* Store the group in the blacklist for the "+" at the end of
+ /etc/group */
+ blacklist_store_name (&result->gr_name[1], ent);
+ status = getgrnam_plusgroup (&result->gr_name[1], result, buffer,
+ buflen);
+ if (status == NSS_STATUS_SUCCESS && result->gr_gid == gid)
+ break;
+ else
+ continue;
+ }
+ /* +:... */
+ if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getgrgid_plusgroup (gid, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getgrgid_r (gid_t gid, struct group *grp,
ent_t ent = {0, 0, NULL, 0, NULL, {NULL, 0, 0}};
enum nss_status status;
+ __libc_lock_lock (lock);
+
status = internal_setgrent (&ent);
+
+ __libc_lock_unlock (lock);
+
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getgrent_r (grp, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (grp->gr_gid == gid && grp->gr_name[0] != '+' && grp->gr_name[0] != '-')
- break;
+ status = internal_getgrgid_r (gid, grp, &ent, buffer, buflen);
internal_endgrent (&ent);
+
return status;
}
in_blacklist (const char *name, int namelen, ent_t *ent)
{
char buf[namelen + 3];
+ char *cp;
if (ent->blacklist.data == NULL)
return FALSE;
- stpcpy (stpcpy (stpcpy (buf, "|"), name), "|");
+ buf[0] = '|';
+ cp = stpcpy (&buf[1], name);
+ *cp++= '|';
+ *cp = '\0';
return strstr (ent->blacklist.data, buf) != NULL;
}
#include <nss.h>
#include <pwd.h>
#include <errno.h>
-#include <fcntl.h>
#include <ctype.h>
+#include <fcntl.h>
#include <netdb.h>
#include <string.h>
#include <libc-lock.h>
#include <rpcsvc/yp.h>
#include <rpcsvc/ypclnt.h>
+#include <nsswitch.h>
#include "netgroup.h"
ent->stream = NULL;
}
+ if (ent->netgroup)
+ __internal_endnetgrent (&ent->netgrdata);
+
ent->nis = ent->first = ent->netgroup = 0;
if (ent->oldkey != NULL)
__libc_lock_lock (lock);
- if (ext_ent.netgroup)
- __internal_endnetgrent (&ext_ent.netgrdata);
-
result = internal_endpwent (&ext_ent);
__libc_lock_unlock (lock);
}
static enum nss_status
-getpwent_next_netgr (struct passwd *result, ent_t *ent, char *group,
- char *buffer, size_t buflen)
+getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
+ char *group, char *buffer, size_t buflen)
{
struct parser_data *data = (void *) buffer;
char *ypdomain, *host, *user, *domain, *outval, *p, *p2;
if (ent->first == TRUE)
{
- bzero (&ent->netgrdata, sizeof (struct __netgrent));
+ memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
__internal_setnetgrent (group, &ent->netgrdata);
ent->first = FALSE;
}
while (1)
{
+ char *saved_cursor;
+ int parse_res;
+
+ saved_cursor = ent->netgrdata.cursor;
status = __internal_getnetgrent_r (&host, &user, &domain,
&ent->netgrdata, buffer, buflen);
if (status != 1)
if (domain != NULL && strcmp (ypdomain, domain) != 0)
continue;
+ /* If name != NULL, we are called from getpwnam */
+ if (name != NULL)
+ if (strcmp (user, name) != 0)
+ continue;
+
if (yp_match (ypdomain, "passwd.byname", user,
strlen (user), &outval, &outvallen)
!= YPERR_SUCCESS)
while (isspace (*p))
p++;
free (outval);
- if (_nss_files_parse_pwent (p, result, data, buflen))
+ if ((parse_res = _nss_files_parse_pwent (p, result, data, buflen)) == -1)
+ {
+ ent->netgrdata.cursor = saved_cursor;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ if (parse_res)
{
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (result->pw_name, ent);
copy_pwd_changes (result, &ent->pwd, p2, p2len);
break;
}
{
struct parser_data *data = (void *) buffer;
char *domain, *outkey, *outval, *p, *p2;
- int outkeylen, outvallen;
+ int outkeylen, outvallen, parse_res;
size_t p2len;
if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
buflen -= p2len;
do
{
+ bool_t saved_first;
+ char *saved_oldkey;
+ int saved_oldlen;
+
if (ent->first)
{
if (yp_first (domain, "passwd.byname", &outkey, &outkeylen,
return NSS_STATUS_UNAVAIL;
}
+ saved_first = TRUE;
+ saved_oldkey = ent->oldkey;
+ saved_oldlen = ent->oldkeylen;
ent->oldkey = outkey;
ent->oldkeylen = outkeylen;
ent->first = FALSE;
return NSS_STATUS_NOTFOUND;
}
- free (ent->oldkey);
+ saved_first = FALSE;
+ saved_oldkey = ent->oldkey;
+ saved_oldlen = ent->oldkeylen;
ent->oldkey = outkey;
ent->oldkeylen = outkeylen;
}
while (isspace (*p))
++p;
+ if ((parse_res = _nss_files_parse_pwent (p, result, data, buflen)) == -1)
+ {
+ free (ent->oldkey);
+ ent->oldkey = saved_oldkey;
+ ent->oldkeylen = saved_oldlen;
+ ent->first = saved_first;
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ else
+ {
+ if (!saved_first)
+ free (saved_oldkey);
+ }
+ if (parse_res &&
+ in_blacklist (result->pw_name, strlen (result->pw_name), ent))
+ parse_res = 0;
}
- while (!_nss_files_parse_pwent (p, result, data, buflen));
+ while (!parse_res);
copy_pwd_changes (result, &ent->pwd, p2, p2len);
- if (!in_blacklist (result->pw_name, strlen (result->pw_name), ent))
- return NSS_STATUS_SUCCESS;
- else
- return NSS_STATUS_NOTFOUND;
+ return NSS_STATUS_SUCCESS;
}
+/* This function handle the +user entrys in /etc/passwd */
+static enum nss_status
+getpwnam_plususer (const char *name, struct passwd *result, char *buffer,
+ size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ struct passwd pwd;
+ int parse_res;
+ char *p;
+ size_t plen;
+ char *domain, *outval, *ptr;
+ int outvallen;
+
+ memset (&pwd, '\0', sizeof (struct passwd));
+
+ copy_pwd_changes (&pwd, result, NULL, 0);
+
+ plen = pwd_need_buflen (&pwd);
+ if (plen > buflen)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ p = buffer + (buflen - plen);
+ buflen -= plen;
+
+
+ if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+
+ if (yp_match (domain, "passwd.byname", name, strlen (name),
+ &outval, &outvallen)
+ != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+ ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
+ buflen : (size_t) outvallen);
+ buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+ free (outval);
+ while (isspace (*ptr))
+ ptr++;
+ if ((parse_res = _nss_files_parse_pwent (ptr, result, data, buflen))
+ == -1)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ if (parse_res > 0)
+ {
+ copy_pwd_changes (result, &pwd, p, plen);
+ give_pwd_free (&pwd);
+ /* We found the entry. */
+ return NSS_STATUS_SUCCESS;
+ }
+ else
+ {
+ /* Give buffer the old len back */
+ buflen += plen;
+ give_pwd_free (&pwd);
+ }
+ return NSS_STATUS_RETURN;
+}
static enum nss_status
getpwent_next_file (struct passwd *result, ent_t *ent,
struct parser_data *data = (void *) buffer;
while (1)
{
- char *p, *p2;
- size_t p2len;
+ fpos_t pos;
+ char *p;
+ int parse_res;
do
{
+ fgetpos (ent->stream, &pos);
p = fgets (buffer, buflen, ent->stream);
if (p == NULL)
return NSS_STATUS_NOTFOUND;
while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
/* Parse the line. If it is invalid, loop to
get the next line of the file to parse. */
- !_nss_files_parse_pwent (p, result, data, buflen));
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
/* This is a real entry. */
if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
&& result->pw_name[2] != '\0')
{
+ char buf2[1024];
char *user, *host, *domain;
+ struct __netgrent netgrdata;
- setnetgrent (&result->pw_name[2]);
- while (getnetgrent (&host, &user, &domain))
+ bzero (&netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (&result->pw_name[2], &netgrdata);
+ while (__internal_getnetgrent_r (&host, &user, &domain,
+ &netgrdata, buf2, sizeof (buf2)))
{
if (user != NULL && user[0] != '-')
blacklist_store_name (user, ent);
}
- endnetgrent ();
+ __internal_endnetgrent (&netgrdata);
continue;
}
ent->first = TRUE;
copy_pwd_changes (&ent->pwd, result, NULL, 0);
- status = getpwent_next_netgr (result, ent, &result->pw_name[2],
- buffer, buflen);
+ status = getpwent_next_nis_netgr (NULL, result, ent,
+ &result->pw_name[2],
+ buffer, buflen);
if (status == NSS_STATUS_RETURN)
continue;
else
if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
&& result->pw_name[1] != '@')
{
- char *domain;
- char *outval;
- int outvallen;
- struct passwd pwd;
-
- memset (&pwd, '\0', sizeof (struct passwd));
-
- if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
- /* XXX Should we regard this as an fatal error? I don't
- think so. Just continue working. --drepper@gnu */
- continue;
+ enum nss_status status;
- if (yp_match (domain, "passwd.byname", &result->pw_name[1],
- strlen (result->pw_name) - 1, &outval, &outvallen)
- != YPERR_SUCCESS)
- continue;
-
- copy_pwd_changes (&pwd, result, NULL, 0);
-
- p2len = pwd_need_buflen (&pwd);
- if (p2len > buflen)
- {
- __set_errno (ERANGE);
- return NSS_STATUS_TRYAGAIN;
- }
- p2 = buffer + (buflen - p2len);
- buflen -= p2len;
- p = strncpy (buffer, outval, buflen);
- while (isspace (*p))
- p++;
- free (outval);
- if (_nss_files_parse_pwent (p, result, data, buflen))
- {
- copy_pwd_changes (result, &pwd, p2, p2len);
- give_pwd_free (&pwd);
- /* We found the entry. */
- break;
- }
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (&result->pw_name[1], ent);
+ status = getpwnam_plususer (&result->pw_name[1], result, buffer,
+ buflen);
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
+ break;
else
- {
- /* Give buffer the old len back */
- buflen += p2len;
- give_pwd_free (&pwd);
- }
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ continue;
+ else
+ return status;
}
/* +:... */
/* We are searching members in a netgroup */
/* Since this is not the first call, we don't need the group name */
- status = getpwent_next_netgr (pw, ent, NULL, buffer, buflen);
+ status = getpwent_next_nis_netgr (NULL, pw, ent, NULL, buffer, buflen);
if (status == NSS_STATUS_RETURN)
return getpwent_next_file (pw, ent, buffer, buflen);
else
return status;
}
- else if (ent->nis)
- return getpwent_next_nis (pw, ent, buffer, buflen);
else
- return getpwent_next_file (pw, ent, buffer, buflen);
+ if (ent->nis)
+ {
+ return getpwent_next_nis (pw, ent, buffer, buflen);
+ }
+ else
+ return getpwent_next_file (pw, ent, buffer, buflen);
}
enum nss_status
-_nss_compat_getpwent_r (struct passwd *pwd, char *buffer,
- size_t buflen)
+_nss_compat_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen)
{
enum nss_status status = NSS_STATUS_SUCCESS;
return status;
}
+/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
+static enum nss_status
+internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+
+ while (1)
+ {
+ fpos_t pos;
+ char *p;
+ int parse_res;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ {
+ if (feof (ent->stream))
+ return NSS_STATUS_NOTFOUND;
+ else
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
+ {
+ if (strcmp (result->pw_name, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -@netgroup */
+ if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
+ && result->pw_name[2] != '\0')
+ {
+ char buf2[1024];
+ char *user, *host, *domain;
+ struct __netgrent netgrdata;
+
+ bzero (&netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (&result->pw_name[2], &netgrdata);
+ while (__internal_getnetgrent_r (&host, &user, &domain,
+ &netgrdata, buf2, sizeof (buf2)))
+ {
+ if (user != NULL && user[0] != '-')
+ if (strcmp (user, name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ }
+ __internal_endnetgrent (&netgrdata);
+ continue;
+ }
+
+ /* +@netgroup */
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
+ && result->pw_name[2] != '\0')
+ {
+ char buf[strlen (result->pw_name)];
+ int status;
+
+ strcpy (buf, &result->pw_name[2]);
+ ent->netgroup = TRUE;
+ ent->first = TRUE;
+ copy_pwd_changes (&ent->pwd, result, NULL, 0);
+
+ do
+ {
+ status = getpwent_next_nis_netgr (name, result, ent, buf,
+ buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ continue;
+
+ if (status == NSS_STATUS_SUCCESS &&
+ strcmp (result->pw_name, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ } while (status == NSS_STATUS_SUCCESS);
+ continue;
+ }
+
+ /* -user */
+ if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
+ && result->pw_name[1] != '@')
+ {
+ if (strcmp (&result->pw_name[1], name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ else
+ continue;
+ }
+
+ /* +user */
+ if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
+ && result->pw_name[1] != '@')
+ {
+ if (strcmp (name, &result->pw_name[1]) == 0)
+ {
+ enum nss_status status;
+
+ status = getpwnam_plususer (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+
+ /* +:... */
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getpwnam_plususer (name, result, buffer, buflen);
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
+ break;
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
if (name[0] == '-' || name[0] == '+')
return NSS_STATUS_NOTFOUND;
-
status = internal_setpwent (&ent);
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getpwent_r (pwd, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (strcmp (pwd->pw_name, name) == 0)
- break;
+ status = internal_getpwnam_r (name, pwd, &ent, buffer, buflen);
internal_endpwent (&ent);
+
return status;
}
+/* This function handle the + entry in /etc/passwd for getpwuid */
+static enum nss_status
+getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
+ size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ struct passwd pwd;
+ int parse_res;
+ char *p;
+ size_t plen;
+ char buf[1024];
+ char *domain, *outval, *ptr;
+ int outvallen;
+
+ memset (&pwd, '\0', sizeof (struct passwd));
+
+ copy_pwd_changes (&pwd, result, NULL, 0);
+
+ plen = pwd_need_buflen (&pwd);
+ if (plen > buflen)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ p = buffer + (buflen - plen);
+ buflen -= plen;
+
+
+ if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+
+ sprintf (buf, "%d", uid);
+ if (yp_match (domain, "passwd.byuid", buf, strlen (buf),
+ &outval, &outvallen)
+ != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+ ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
+ buflen : (size_t) outvallen);
+ buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+ free (outval);
+ while (isspace (*ptr))
+ ptr++;
+ if ((parse_res = _nss_files_parse_pwent (ptr, result, data, buflen))
+ == -1)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ if (parse_res > 0)
+ {
+ copy_pwd_changes (result, &pwd, p, plen);
+ give_pwd_free (&pwd);
+ /* We found the entry. */
+ return NSS_STATUS_SUCCESS;
+ }
+ else
+ {
+ /* Give buffer the old len back */
+ buflen += plen;
+ give_pwd_free (&pwd);
+ }
+ return NSS_STATUS_RETURN;
+}
+
+/* Searches in /etc/passwd and the NIS/NIS+ map for a special user id */
+static enum nss_status
+internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+
+ while (1)
+ {
+ fpos_t pos;
+ char *p;
+ int parse_res;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ return NSS_STATUS_NOTFOUND;
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
+ {
+ if (result->pw_uid == uid)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -@netgroup */
+ if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
+ && result->pw_name[2] != '\0')
+ {
+ char buf2[1024];
+ char *user, *host, *domain;
+ struct __netgrent netgrdata;
+
+ bzero (&netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (&result->pw_name[2], &netgrdata);
+ while (__internal_getnetgrent_r (&host, &user, &domain,
+ &netgrdata, buf2, sizeof (buf2)))
+ {
+ if (user != NULL && user[0] != '-')
+ blacklist_store_name (user, ent);
+ }
+ __internal_endnetgrent (&netgrdata);
+ continue;
+ }
+
+ /* +@netgroup */
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
+ && result->pw_name[2] != '\0')
+ {
+ char buf[strlen (result->pw_name)];
+ int status;
+
+ strcpy (buf, &result->pw_name[2]);
+ ent->netgroup = TRUE;
+ ent->first = TRUE;
+ copy_pwd_changes (&ent->pwd, result, NULL, 0);
+
+ do
+ {
+ status = getpwent_next_nis_netgr (NULL, result, ent, buf,
+ buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ continue;
+
+ if (status == NSS_STATUS_SUCCESS && uid == result->pw_uid)
+ return NSS_STATUS_SUCCESS;
+ } while (status == NSS_STATUS_SUCCESS);
+ continue;
+ }
+
+ /* -user */
+ if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
+ && result->pw_name[1] != '@')
+ {
+ blacklist_store_name (&result->pw_name[1], ent);
+ continue;
+ }
+
+ /* +user */
+ if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
+ && result->pw_name[1] != '@')
+ {
+ enum nss_status status;
+
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (&result->pw_name[1], ent);
+ status = getpwnam_plususer (&result->pw_name[1], result, buffer,
+ buflen);
+ if (status == NSS_STATUS_SUCCESS && result->pw_uid == uid)
+ break;
+ else
+ continue;
+ }
+
+ /* +:... */
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getpwuid_plususer (uid, result, buffer, buflen);
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
+ break;
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getpwent_r (pwd, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (pwd->pw_uid == uid && pwd->pw_name[0] != '+' && pwd->pw_name[0] != '-')
- break;
+ status = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen);
internal_endpwent (&ent);
+
return status;
}
in_blacklist (const char *name, int namelen, ent_t *ent)
{
char buf[namelen + 3];
+ char *cp;
if (ent->blacklist.data == NULL)
return FALSE;
- stpcpy (stpcpy (stpcpy (buf, "|"), name), "|");
+ buf[0] = '|';
+ cp = stpcpy (&buf[1], name);
+ *cp++= '|';
+ *cp = '\0';
return strstr (ent->blacklist.data, buf) != NULL;
}
#include <nss.h>
#include <errno.h>
-#include <fcntl.h>
#include <ctype.h>
+#include <fcntl.h>
#include <netdb.h>
#include <shadow.h>
#include <string.h>
#include <libc-lock.h>
#include <rpcsvc/yp.h>
#include <rpcsvc/ypclnt.h>
+#include <nsswitch.h>
+
+#include "netgroup.h"
/* Get the declaration of the parser function. */
#define ENTNAME spent
FILE *stream;
struct blacklist_t blacklist;
struct spwd pwd;
+ struct __netgrent netgrdata;
};
typedef struct ent_t ent_t;
-static ent_t ext_ent = {0, 0, 0, NULL, 0, NULL, {NULL, 0, 0},
+static ent_t ext_ent = {0, 0, 0, NULL, 0, NULL, {NULL, 0, 0},
{NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
/* Protect global state against multiple changers. */
ent->nis = ent->first = ent->netgroup = 0;
+ /* If something was left over free it. */
+ if (ent->netgroup)
+ __internal_endnetgrent (&ent->netgrdata);
+
if (ent->oldkey != NULL)
{
free (ent->oldkey);
ent->stream = NULL;
}
+ if (ent->netgroup)
+ __internal_endnetgrent (&ent->netgrdata);
+
ent->nis = ent->first = ent->netgroup = 0;
if (ent->oldkey != NULL)
static enum nss_status
-getspent_next_netgr (struct spwd *result, ent_t *ent, char *group,
- char *buffer, size_t buflen)
+getspent_next_nis_netgr (const char *name, struct spwd *result, ent_t *ent,
+ char *group, char *buffer, size_t buflen)
{
struct parser_data *data = (void *) buffer;
char *ypdomain, *host, *user, *domain, *outval, *p, *p2;
if (ent->first == TRUE)
{
- setnetgrent (group);
+ bzero (&ent->netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (group, &ent->netgrdata);
ent->first = FALSE;
}
while (1)
{
- if ((status = getnetgrent (&host, &user, &domain)) != 1)
+ char *saved_cursor;
+ int parse_res;
+
+ saved_cursor = ent->netgrdata.cursor;
+ status = __internal_getnetgrent_r (&host, &user, &domain,
+ &ent->netgrdata, buffer, buflen);
+ if (status != 1)
{
- endnetgrent ();
+ __internal_endnetgrent (&ent->netgrdata);
ent->netgroup = 0;
give_spwd_free (&ent->pwd);
return NSS_STATUS_RETURN;
if (domain != NULL && strcmp (ypdomain, domain) != 0)
continue;
+ /* If name != NULL, we are called from getpwnam */
+ if (name != NULL)
+ if (strcmp (user, name) != 0)
+ continue;
+
if (yp_match (ypdomain, "shadow.byname", user,
strlen (user), &outval, &outvallen)
!= YPERR_SUCCESS)
while (isspace (*p))
p++;
free (outval);
- if (_nss_files_parse_spent (p, result, data, buflen))
+ if ((parse_res = _nss_files_parse_spent (p, result, data, buflen)) == -1)
+ {
+ ent->netgrdata.cursor = saved_cursor;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ if (parse_res)
{
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (result->sp_namp, ent);
copy_spwd_changes (result, &ent->pwd, p2, p2len);
break;
}
{
struct parser_data *data = (void *) buffer;
char *domain, *outkey, *outval, *p, *p2;
- int outkeylen, outvallen;
+ int outkeylen, outvallen, parse_res;
size_t p2len;
if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
buflen -= p2len;
do
{
+ bool_t saved_first;
+ char *saved_oldkey;
+ int saved_oldlen;
+
if (ent->first)
{
if (yp_first (domain, "shadow.byname", &outkey, &outkeylen,
give_spwd_free (&ent->pwd);
return NSS_STATUS_UNAVAIL;
}
-
+ saved_first = TRUE;
+ saved_oldkey = ent->oldkey;
+ saved_oldlen = ent->oldkeylen;
ent->oldkey = outkey;
ent->oldkeylen = outkeylen;
ent->first = FALSE;
return NSS_STATUS_NOTFOUND;
}
- free (ent->oldkey);
+ saved_first = FALSE;
+ saved_oldkey = ent->oldkey;
+ saved_oldlen = ent->oldkeylen;
ent->oldkey = outkey;
ent->oldkeylen = outkeylen;
}
while (isspace (*p))
++p;
+ if ((parse_res = _nss_files_parse_spent (p, result, data, buflen)) == -1)
+ {
+ free (ent->oldkey);
+ ent->oldkey = saved_oldkey;
+ ent->oldkeylen = saved_oldlen;
+ ent->first = saved_first;
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ else
+ {
+ if (!saved_first)
+ free (saved_oldkey);
+ }
+ if (parse_res &&
+ in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
+ parse_res = 0;
}
- while (!_nss_files_parse_spent (p, result, data, buflen));
+ while (!parse_res);
copy_spwd_changes (result, &ent->pwd, p2, p2len);
- if (!in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
- return NSS_STATUS_SUCCESS;
- else
- return NSS_STATUS_NOTFOUND;
+ return NSS_STATUS_SUCCESS;
}
+/* This function handle the +user entrys in /etc/shadow */
+static enum nss_status
+getspnam_plususer (const char *name, struct spwd *result, char *buffer,
+ size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ struct spwd pwd;
+ int parse_res;
+ char *p;
+ size_t plen;
+ char *domain, *outval, *ptr;
+ int outvallen;
+
+
+ memset (&pwd, '\0', sizeof (struct spwd));
+
+ copy_spwd_changes (&pwd, result, NULL, 0);
+
+ plen = spwd_need_buflen (&pwd);
+ if (plen > buflen)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ p = buffer + (buflen - plen);
+ buflen -= plen;
+
+ if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+
+ if (yp_match (domain, "shadow.byname", name, strlen (name),
+ &outval, &outvallen)
+ != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+ ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
+ buflen : (size_t) outvallen);
+ buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+ free (outval);
+ while (isspace (*ptr))
+ ptr++;
+ if ((parse_res = _nss_files_parse_spent (ptr, result, data, buflen)) == -1)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ if (parse_res)
+ {
+ copy_spwd_changes (result, &pwd, p, plen);
+ give_spwd_free (&pwd);
+ /* We found the entry. */
+ return NSS_STATUS_SUCCESS;
+ }
+ else
+ {
+ /* Give buffer the old len back */
+ buflen += plen;
+ give_spwd_free (&pwd);
+ }
+ return NSS_STATUS_RETURN;
+}
static enum nss_status
getspent_next_file (struct spwd *result, ent_t *ent,
struct parser_data *data = (void *) buffer;
while (1)
{
- char *p, *p2;
- size_t p2len;
+ fpos_t pos;
+ int parse_res = 0;
+ char *p;
do
{
+ fgetpos (ent->stream, &pos);
p = fgets (buffer, buflen, ent->stream);
if (p == NULL)
return NSS_STATUS_NOTFOUND;
while (isspace (*p))
++p;
}
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
/* Parse the line. If it is invalid, loop to
get the next line of the file to parse. */
- !_nss_files_parse_spent (p, result, data, buflen));
+ || !(parse_res = _nss_files_parse_spent (p, result, data,
+ buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
/* This is a real entry. */
if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
&& result->sp_namp[2] != '\0')
{
- char *user, *host, *domain;
-
- setnetgrent (&result->sp_namp[2]);
- while (getnetgrent (&host, &user, &domain))
+ char buf2[1024];
+ char *user, *host, *domain;
+ struct __netgrent netgrdata;
+
+ bzero (&netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
+ while (__internal_getnetgrent_r (&host, &user, &domain,
+ &netgrdata, buf2, sizeof (buf2)))
{
if (user != NULL && user[0] != '-')
blacklist_store_name (user, ent);
}
- endnetgrent ();
+ __internal_endnetgrent (&netgrdata);
continue;
}
ent->first = TRUE;
copy_spwd_changes (&ent->pwd, result, NULL, 0);
- status = getspent_next_netgr (result, ent, &result->sp_namp[2],
- buffer, buflen);
+ status = getspent_next_nis_netgr (NULL, result, ent,
+ &result->sp_namp[2],
+ buffer, buflen);
if (status == NSS_STATUS_RETURN)
continue;
else
if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
&& result->sp_namp[1] != '@')
{
- char *domain;
- char *outval;
- int outvallen;
- struct spwd pwd;
-
- memset (&pwd, '\0', sizeof (struct spwd));
-
- if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
- /* XXX Should we regard this as an fatal error? I don't
- think so. Just continue working. --drepper@gnu */
- continue;
-
- if (yp_match (domain, "shadow.byname", &result->sp_namp[1],
- strlen (result->sp_namp) - 1, &outval, &outvallen)
- != YPERR_SUCCESS)
- continue;
-
- copy_spwd_changes (&pwd, result, NULL, 0);
+ enum nss_status status;
- p2len = spwd_need_buflen (&pwd);
- if (p2len > buflen)
- {
- __set_errno (ERANGE);
- return NSS_STATUS_TRYAGAIN;
- }
- p2 = buffer + (buflen - p2len);
- buflen -= p2len;
- p = strncpy (buffer, outval, buflen);
- while (isspace (*p))
- p++;
- free (outval);
- if (_nss_files_parse_spent (p, result, data, buflen))
- {
- copy_spwd_changes (result, &pwd, p2, p2len);
- give_spwd_free (&pwd);
- /* We found the entry. */
- break;
- }
- else
- {
- /* Give buffer the old len back */
- buflen += p2len;
- give_spwd_free (&pwd);
- }
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (&result->sp_namp[1], ent);
+ status = getspnam_plususer (&result->sp_namp[1], result, buffer,
+ buflen);
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
+ break;
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ continue;
+ else
+ return status;
}
/* +:... */
/* We are searching members in a netgroup */
/* Since this is not the first call, we don't need the group name */
- status = getspent_next_netgr (pw, ent, NULL, buffer, buflen);
+ status = getspent_next_nis_netgr (NULL, pw, ent, NULL, buffer, buflen);
if (status == NSS_STATUS_RETURN)
return getspent_next_file (pw, ent, buffer, buflen);
else
return status;
}
- else if (ent->nis)
- return getspent_next_nis (pw, ent, buffer, buflen);
else
- return getspent_next_file (pw, ent, buffer, buflen);
+ if (ent->nis)
+ {
+ return getspent_next_nis (pw, ent, buffer, buflen);
+ }
+ else
+ return getspent_next_file (pw, ent, buffer, buflen);
}
enum nss_status
__libc_lock_lock (lock);
- /* Be prepared that the setspent function was not called before. */
if (ext_ent.stream == NULL)
status = internal_setspent (&ext_ent);
return status;
}
+/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
+static enum nss_status
+internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+
+ while (1)
+ {
+ fpos_t pos;
+ char *p;
+ int parse_res;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ return NSS_STATUS_NOTFOUND;
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_spent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
+ {
+ if (strcmp (result->sp_namp, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -@netgroup */
+ if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
+ && result->sp_namp[2] != '\0')
+ {
+ char buf2[1024];
+ char *user, *host, *domain;
+ struct __netgrent netgrdata;
+
+ bzero (&netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
+ while (__internal_getnetgrent_r (&host, &user, &domain,
+ &netgrdata, buf2, sizeof (buf2)))
+ {
+ if (user != NULL && user[0] != '-')
+ if (strcmp (user, name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ }
+ __internal_endnetgrent (&netgrdata);
+ continue;
+ }
+
+ /* +@netgroup */
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
+ && result->sp_namp[2] != '\0')
+ {
+ char buf[strlen (result->sp_namp)];
+ int status;
+
+ strcpy (buf, &result->sp_namp[2]);
+ ent->netgroup = TRUE;
+ ent->first = TRUE;
+ copy_spwd_changes (&ent->pwd, result, NULL, 0);
+
+ do
+ {
+ status = getspent_next_nis_netgr (name, result, ent, buf,
+ buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ continue;
+
+ if (status == NSS_STATUS_SUCCESS &&
+ strcmp (result->sp_namp, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ } while (status == NSS_STATUS_SUCCESS);
+ continue;
+ }
+
+ /* -user */
+ if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
+ && result->sp_namp[1] != '@')
+ {
+ if (strcmp (&result->sp_namp[1], name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ else
+ continue;
+ }
+
+ /* +user */
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
+ && result->sp_namp[1] != '@')
+ {
+ if (strcmp (name, &result->sp_namp[1]) == 0)
+ {
+ enum nss_status status;
+
+ status = getspnam_plususer (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+
+ /* +:... */
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getspnam_plususer (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getspnam_r (const char *name, struct spwd *pwd,
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getspent_r (pwd, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (strcmp (pwd->sp_namp, name) == 0)
- break;
+ status = internal_getspnam_r (name, pwd, &ent, buffer, buflen);
internal_endspent (&ent);
+
return status;
}
return;
}
-/* returns TRUE if ent->blacklist contains name, else FALSE */
+/* Returns TRUE if ent->blacklist contains name, else FALSE. */
static bool_t
in_blacklist (const char *name, int namelen, ent_t *ent)
{
char buf[namelen + 3];
+ char *cp;
if (ent->blacklist.data == NULL)
return FALSE;
- stpcpy (stpcpy (stpcpy (buf, "|"), name), "|");
+ buf[0] = '|';
+ cp = stpcpy (&buf[1], name);
+ *cp++= '|';
+ *cp = '\0';
return strstr (ent->blacklist.data, buf) != NULL;
}
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
+#include <fcntl.h>
#include <string.h>
#include <unistd.h>
-#include <fcntl.h>
-#include <libc-lock.h>
+#include <rpc/rpc.h>
#include <rpcsvc/yp.h>
#include <rpcsvc/ypclnt.h>
#include <rpcsvc/ypupd.h>
+#include <libc-lock.h>
+
+#ifndef NIS_MAXNAMELEN
+#define NIS_MAXNAMELEN 1024
+#endif
struct dom_binding
{
};
typedef struct dom_binding dom_binding;
-static struct timeval TIMEOUT = {25, 0};
+static struct timeval RPCTIMEOUT = {25, 0};
+static struct timeval UDPTIMEOUT = {5, 0};
static int const MAXTRIES = 5;
-static char __ypdomainname[MAXHOSTNAMELEN + 1] = "\0";
+static char __ypdomainname[NIS_MAXNAMELEN + 1] = "\0";
__libc_lock_define_initialized (static, ypbindlist_lock)
static dom_binding *__ypbindlist = NULL;
static int
-__yp_bind (const char *domain, dom_binding ** ypdb)
+__yp_bind (const char *domain, dom_binding **ypdb)
{
struct sockaddr_in clnt_saddr;
struct ypbind_resp ypbr;
- dom_binding *ysd;
+ dom_binding *ysd = NULL;
int clnt_sock;
CLIENT *client;
int is_new = 0;
int try;
- if (ypdb != NULL)
- *ypdb = NULL;
-
if ((domain == NULL) || (strlen (domain) == 0))
return YPERR_BADARGS;
- ysd = __ypbindlist;
- while (ysd != NULL)
+ if (ypdb != NULL)
{
- if (strcmp (domain, ysd->dom_domain) == 0)
- break;
- ysd = ysd->dom_pnext;
+ ysd = *ypdb;
+ while (ysd != NULL)
+ {
+ if (strcmp (domain, ysd->dom_domain) == 0)
+ break;
+ ysd = ysd->dom_pnext;
+ }
}
if (ysd == NULL)
}
if (clnt_call (client, YPBINDPROC_DOMAIN,
- (xdrproc_t) xdr_domainname, &domain,
+ (xdrproc_t) xdr_domainname, (caddr_t) &domain,
(xdrproc_t) xdr_ypbind_resp,
- &ypbr, TIMEOUT) != RPC_SUCCESS)
+ (caddr_t) &ypbr, RPCTIMEOUT) != RPC_SUCCESS)
{
clnt_destroy (client);
+ close (clnt_sock);
if (is_new)
free (ysd);
return YPERR_YPBIND;
}
clnt_destroy (client);
+ close (clnt_sock);
+
if (ypbr.ypbind_status != YPBIND_SUCC_VAL)
{
- switch (ypbr.ypbind_resp_u.ypbind_error)
- {
- case YPBIND_ERR_ERR:
- fputs (_("YPBINDPROC_DOMAIN: Internal error\n"), stderr);
- break;
- case YPBIND_ERR_NOSERV:
- fprintf (stderr,
- _("YPBINDPROC_DOMAIN: No server for domain %s\n"),
- domain);
- break;
- case YPBIND_ERR_RESC:
- fputs (_("YPBINDPROC_DOMAIN: Resource allocation failure\n"),
- stderr);
- break;
- default:
- fputs (_("YPBINDPROC_DOMAIN: Unknown error\n"), stderr);
- break;
- }
- if (is_new)
- free (ysd);
- return YPERR_DOMAIN;
- }
+ fprintf (stderr, _("YPBINDPROC_DOMAIN: %s\n"),
+ ypbinderr_string (ypbr.ypbind_resp_u.ypbind_error));
+ if (is_new)
+ free (ysd);
+ return YPERR_DOMAIN;
+ }
memset (&ysd->dom_server_addr, '\0', sizeof ysd->dom_server_addr);
ysd->dom_server_addr.sin_family = AF_INET;
memcpy (&ysd->dom_server_addr.sin_port,
}
if (ysd->dom_client)
- clnt_destroy (ysd->dom_client);
+ {
+ clnt_destroy (ysd->dom_client);
+ close (ysd->dom_socket);
+ }
ysd->dom_socket = RPC_ANYSOCK;
ysd->dom_client = clntudp_create (&ysd->dom_server_addr, YPPROG, YPVERS,
- TIMEOUT, &ysd->dom_socket);
+ UDPTIMEOUT, &ysd->dom_socket);
if (ysd->dom_client == NULL)
ysd->dom_vers = -1;
if (fcntl (ysd->dom_socket, F_SETFD, 1) == -1)
perror (_("fcntl: F_SETFD"));
- if (is_new)
+ if (is_new && ypdb != NULL)
{
- ysd->dom_pnext = __ypbindlist;
- __ypbindlist = ysd;
+ ysd->dom_pnext = *ypdb;
+ *ypdb = ysd;
}
- if (NULL != ypdb)
- *ypdb = ysd;
-
return YPERR_SUCCESS;
}
caddr_t req, xdrproc_t xres, caddr_t resp)
{
dom_binding *ydb = NULL;
+ bool_t use_ypbindlist = FALSE;
int try, result;
try = 0;
result = YPERR_YPERR;
- while (try < MAXTRIES && result != RPC_SUCCESS)
+ __libc_lock_lock (ypbindlist_lock);
+ if (__ypbindlist != NULL)
{
- __libc_lock_lock (ypbindlist_lock);
+ ydb = __ypbindlist;
+ while (ydb != NULL)
+ {
+ if (strcmp (domain, ydb->dom_domain) == 0)
+ break;
+ ydb = ydb->dom_pnext;
+ }
+ if (ydb != NULL)
+ use_ypbindlist = TRUE;
+ else
+ __libc_lock_unlock (ypbindlist_lock);
+ }
+ else
+ __libc_lock_unlock (ypbindlist_lock);
+ while (try < MAXTRIES && result != RPC_SUCCESS)
+ {
if (__yp_bind (domain, &ydb) != 0)
{
- __libc_lock_unlock (ypbindlist_lock);
+ if (use_ypbindlist)
+ __libc_lock_unlock (ypbindlist_lock);
return YPERR_DOMAIN;
}
result = clnt_call (ydb->dom_client, prog,
- xargs, req, xres, resp, TIMEOUT);
+ xargs, req, xres, resp, RPCTIMEOUT);
if (result != RPC_SUCCESS)
{
clnt_perror (ydb->dom_client, "do_ypcall: clnt_call");
ydb->dom_vers = -1;
- __yp_unbind (ydb);
+ if (!use_ypbindlist)
+ {
+ __yp_unbind (ydb);
+ free (ydb);
+ ydb = NULL;
+ }
result = YPERR_RPC;
}
-
- __libc_lock_unlock (ypbindlist_lock);
-
try++;
}
+ if (use_ypbindlist)
+ {
+ __libc_lock_unlock (ypbindlist_lock);
+ use_ypbindlist = FALSE;
+ }
+ else
+ {
+ __yp_unbind (ydb);
+ free (ydb);
+ ydb = NULL;
+ }
return result;
}
__libc_lock_lock (ypbindlist_lock);
- status = __yp_bind (indomain, NULL);
+ status = __yp_bind (indomain, &__ypbindlist);
__libc_lock_unlock (ypbindlist_lock);
if (__ypdomainname[0] == '\0')
{
- if (getdomainname (__ypdomainname, MAXHOSTNAMELEN))
+ if (getdomainname (__ypdomainname, NIS_MAXNAMELEN))
result = YPERR_NODOM;
else
*outdomain = __ypdomainname;
}
static void *ypall_data;
-static int (*ypall_foreach) ();
+static int (*ypall_foreach) __P ((int status, char *key, int keylen,
+ char *val, int vallen, char *data));
static bool_t
__xdr_ypresp_all (XDR * xdrs, u_long * objp)
const struct ypall_callback *incallback)
{
struct ypreq_nokey req;
- dom_binding *ydb;
+ dom_binding *ydb = NULL;
int try, result;
struct sockaddr_in clnt_sin;
CLIENT *clnt;
while (try < MAXTRIES && result != RPC_SUCCESS)
{
- __libc_lock_lock (ypbindlist_lock);
-
if (__yp_bind (indomain, &ydb) != 0)
{
- __libc_lock_unlock (ypbindlist_lock);
return YPERR_DOMAIN;
}
clnt = clnttcp_create (&clnt_sin, YPPROG, YPVERS, &clnt_sock, 0, 0);
if (clnt == NULL)
{
- puts ("yp_all: clnttcp_create failed");
- __libc_lock_unlock (ypbindlist_lock);
+ puts (_("yp_all: clnttcp_create failed"));
return YPERR_PMAP;
}
req.domain = (char *) indomain;
ypall_foreach = incallback->foreach;
ypall_data = (void *) incallback->data;
- result = clnt_call (clnt, YPPROC_ALL, (xdrproc_t) xdr_ypreq_nokey, &req,
- (xdrproc_t) __xdr_ypresp_all, &status, TIMEOUT);
+ result = clnt_call (clnt, YPPROC_ALL, (xdrproc_t) xdr_ypreq_nokey,
+ (caddr_t) &req, (xdrproc_t) __xdr_ypresp_all,
+ (caddr_t) &status, RPCTIMEOUT);
+ clnt_destroy (clnt);
+ close (clnt_sock);
if (result != RPC_SUCCESS)
{
clnt_perror (ydb->dom_client, "yp_all: clnt_call");
- clnt_destroy (clnt);
__yp_unbind (ydb);
+ free (ydb);
result = YPERR_RPC;
}
else
- {
- clnt_destroy (clnt);
- result = YPERR_SUCCESS;
- }
-
- __libc_lock_unlock (ypbindlist_lock);
+ result = YPERR_SUCCESS;
if (status != YP_NOMORE)
return ypprot_err (status);
clnt->cl_auth = authunix_create_default ();
again:
- r = clnt_call (clnt, ypop, xdr_argument, &args,
- (xdrproc_t) xdr_u_int, &res, TIMEOUT);
+ r = clnt_call (clnt, ypop, xdr_argument, (caddr_t) &args,
+ (xdrproc_t) xdr_u_int, (caddr_t) &res, RPCTIMEOUT);
if (r == RPC_AUTHERROR)
{
projects / thirdparty / glibc.git / commitdiff
