1 /* Copyright (C) 1996-1999,2001-2005,2006 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27 #include <stdio_ext.h>
29 #include <rpc/types.h>
30 #include <rpcsvc/ypclnt.h>
31 #include <bits/libc-lock.h>
35 static service_user
*ni
;
36 static enum nss_status (*nss_setspent
) (int stayopen
);
37 static enum nss_status (*nss_getspnam_r
) (const char *name
, struct spwd
* sp
,
38 char *buffer
, size_t buflen
,
40 static enum nss_status (*nss_getspent_r
) (struct spwd
* sp
, char *buffer
,
41 size_t buflen
, int *errnop
);
42 static enum nss_status (*nss_endspent
) (void);
44 /* Get the declaration of the parser function. */
46 #define STRUCTURE spwd
48 #include <nss/nss_files/files-parse.c>
50 /* Structure for remembering -@netgroup and -user members ... */
51 #define BLACKLIST_INITIAL_SIZE 512
52 #define BLACKLIST_INCREMENT 256
65 enum nss_status setent_status
;
67 struct blacklist_t blacklist
;
69 struct __netgrent netgrdata
;
71 typedef struct ent_t ent_t
;
73 static ent_t ext_ent
= { false, true, false, NSS_STATUS_SUCCESS
, NULL
,
75 { NULL
, NULL
, 0, 0, 0, 0, 0, 0, 0}};
77 /* Protect global state against multiple changers. */
78 __libc_lock_define_initialized (static, lock
)
80 /* Prototypes for local functions. */
81 static void blacklist_store_name (const char *, ent_t
*);
82 static int in_blacklist (const char *, int, ent_t
*);
84 /* Initialize the NSS interface/functions. The calling function must
87 init_nss_interface (void)
89 if (__nss_database_lookup ("shadow_compat", "passwd_compat",
92 nss_setspent
= __nss_lookup_function (ni
, "setspent");
93 nss_getspnam_r
= __nss_lookup_function (ni
, "getspnam_r");
94 nss_getspent_r
= __nss_lookup_function (ni
, "getspent_r");
95 nss_endspent
= __nss_lookup_function (ni
, "endspent");
100 give_spwd_free (struct spwd
*pwd
)
102 if (pwd
->sp_namp
!= NULL
)
104 if (pwd
->sp_pwdp
!= NULL
)
107 memset (pwd
, '\0', sizeof (struct spwd
));
115 spwd_need_buflen (struct spwd
*pwd
)
119 if (pwd
->sp_pwdp
!= NULL
)
120 len
+= strlen (pwd
->sp_pwdp
) + 1;
126 copy_spwd_changes (struct spwd
*dest
, struct spwd
*src
,
127 char *buffer
, size_t buflen
)
129 if (src
->sp_pwdp
!= NULL
&& strlen (src
->sp_pwdp
))
132 dest
->sp_pwdp
= strdup (src
->sp_pwdp
);
133 else if (dest
->sp_pwdp
&&
134 strlen (dest
->sp_pwdp
) >= strlen (src
->sp_pwdp
))
135 strcpy (dest
->sp_pwdp
, src
->sp_pwdp
);
138 dest
->sp_pwdp
= buffer
;
139 strcpy (dest
->sp_pwdp
, src
->sp_pwdp
);
140 buffer
+= strlen (dest
->sp_pwdp
) + 1;
141 buflen
= buflen
- (strlen (dest
->sp_pwdp
) + 1);
144 if (src
->sp_lstchg
!= 0)
145 dest
->sp_lstchg
= src
->sp_lstchg
;
146 if (src
->sp_min
!= 0)
147 dest
->sp_min
= src
->sp_min
;
148 if (src
->sp_max
!= 0)
149 dest
->sp_max
= src
->sp_max
;
150 if (src
->sp_warn
!= -1)
151 dest
->sp_warn
= src
->sp_warn
;
152 if (src
->sp_inact
!= -1)
153 dest
->sp_inact
= src
->sp_inact
;
154 if (src
->sp_expire
!= -1)
155 dest
->sp_expire
= src
->sp_expire
;
156 if (src
->sp_flag
!= ~0ul)
157 dest
->sp_flag
= src
->sp_flag
;
160 static enum nss_status
161 internal_setspent (ent_t
*ent
, int stayopen
)
163 enum nss_status status
= NSS_STATUS_SUCCESS
;
165 ent
->first
= ent
->netgroup
= 0;
168 /* If something was left over free it. */
170 __internal_endnetgrent (&ent
->netgrdata
);
172 if (ent
->blacklist
.data
!= NULL
)
174 ent
->blacklist
.current
= 1;
175 ent
->blacklist
.data
[0] = '|';
176 ent
->blacklist
.data
[1] = '\0';
179 ent
->blacklist
.current
= 0;
181 if (ent
->stream
== NULL
)
183 ent
->stream
= fopen ("/etc/shadow", "rm");
185 if (ent
->stream
== NULL
)
186 status
= errno
== EAGAIN
? NSS_STATUS_TRYAGAIN
: NSS_STATUS_UNAVAIL
;
189 /* We have to make sure the file is `closed on exec'. */
192 result
= flags
= fcntl (fileno_unlocked (ent
->stream
), F_GETFD
, 0);
196 result
= fcntl (fileno_unlocked (ent
->stream
), F_SETFD
, flags
);
200 /* Something went wrong. Close the stream and return a
202 fclose (ent
->stream
);
204 status
= NSS_STATUS_UNAVAIL
;
207 /* We take care of locking ourself. */
208 __fsetlocking (ent
->stream
, FSETLOCKING_BYCALLER
);
212 rewind (ent
->stream
);
214 give_spwd_free (&ent
->pwd
);
216 if (status
== NSS_STATUS_SUCCESS
&& nss_setspent
)
217 ent
->setent_status
= nss_setspent (stayopen
);
224 _nss_compat_setspent (int stayopen
)
226 enum nss_status result
;
228 __libc_lock_lock (lock
);
231 init_nss_interface ();
233 result
= internal_setspent (&ext_ent
, stayopen
);
235 __libc_lock_unlock (lock
);
241 static enum nss_status
242 internal_endspent (ent_t
*ent
)
247 if (ent
->stream
!= NULL
)
249 fclose (ent
->stream
);
254 __internal_endnetgrent (&ent
->netgrdata
);
256 ent
->first
= ent
->netgroup
= false;
259 if (ent
->blacklist
.data
!= NULL
)
261 ent
->blacklist
.current
= 1;
262 ent
->blacklist
.data
[0] = '|';
263 ent
->blacklist
.data
[1] = '\0';
266 ent
->blacklist
.current
= 0;
268 give_spwd_free (&ent
->pwd
);
270 return NSS_STATUS_SUCCESS
;
274 _nss_compat_endspent (void)
276 enum nss_status result
;
278 __libc_lock_lock (lock
);
280 result
= internal_endspent (&ext_ent
);
282 __libc_lock_unlock (lock
);
288 static enum nss_status
289 getspent_next_nss_netgr (const char *name
, struct spwd
*result
, ent_t
*ent
,
290 char *group
, char *buffer
, size_t buflen
,
293 char *curdomain
, *host
, *user
, *domain
, *p2
;
297 return NSS_STATUS_UNAVAIL
;
299 /* If the setpwent call failed, say so. */
300 if (ent
->setent_status
!= NSS_STATUS_SUCCESS
)
301 return ent
->setent_status
;
303 if (yp_get_default_domain (&curdomain
) != YPERR_SUCCESS
)
305 ent
->netgroup
= false;
307 give_spwd_free (&ent
->pwd
);
308 return NSS_STATUS_UNAVAIL
;
311 if (ent
->first
== true)
313 memset (&ent
->netgrdata
, 0, sizeof (struct __netgrent
));
314 __internal_setnetgrent (group
, &ent
->netgrdata
);
321 enum nss_status status
;
323 saved_cursor
= ent
->netgrdata
.cursor
;
324 status
= __internal_getnetgrent_r (&host
, &user
, &domain
,
325 &ent
->netgrdata
, buffer
, buflen
,
329 __internal_endnetgrent (&ent
->netgrdata
);
330 ent
->netgroup
= false;
331 give_spwd_free (&ent
->pwd
);
332 return NSS_STATUS_RETURN
;
335 if (user
== NULL
|| user
[0] == '-')
338 if (domain
!= NULL
&& strcmp (curdomain
, domain
) != 0)
341 /* If name != NULL, we are called from getpwnam */
343 if (strcmp (user
, name
) != 0)
346 p2len
= spwd_need_buflen (&ent
->pwd
);
350 return NSS_STATUS_TRYAGAIN
;
352 p2
= buffer
+ (buflen
- p2len
);
355 if (nss_getspnam_r (user
, result
, buffer
, buflen
, errnop
) !=
359 if (!in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
))
361 /* Store the User in the blacklist for possible the "+" at the
362 end of /etc/passwd */
363 blacklist_store_name (result
->sp_namp
, ent
);
364 copy_spwd_changes (result
, &ent
->pwd
, p2
, p2len
);
369 return NSS_STATUS_SUCCESS
;
373 static enum nss_status
374 getspent_next_nss (struct spwd
*result
, ent_t
*ent
,
375 char *buffer
, size_t buflen
, int *errnop
)
377 enum nss_status status
;
382 return NSS_STATUS_UNAVAIL
;
384 p2len
= spwd_need_buflen (&ent
->pwd
);
388 return NSS_STATUS_TRYAGAIN
;
390 p2
= buffer
+ (buflen
- p2len
);
394 if ((status
= nss_getspent_r (result
, buffer
, buflen
, errnop
)) !=
398 while (in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
));
400 copy_spwd_changes (result
, &ent
->pwd
, p2
, p2len
);
402 return NSS_STATUS_SUCCESS
;
406 /* This function handle the +user entrys in /etc/shadow */
407 static enum nss_status
408 getspnam_plususer (const char *name
, struct spwd
*result
, ent_t
*ent
,
409 char *buffer
, size_t buflen
, int *errnop
)
412 return NSS_STATUS_UNAVAIL
;
415 memset (&pwd
, '\0', sizeof (struct spwd
));
421 copy_spwd_changes (&pwd
, result
, NULL
, 0);
423 size_t plen
= spwd_need_buflen (&pwd
);
427 return NSS_STATUS_TRYAGAIN
;
429 char *p
= buffer
+ (buflen
- plen
);
432 enum nss_status status
= nss_getspnam_r (name
, result
, buffer
, buflen
,
434 if (status
!= NSS_STATUS_SUCCESS
)
437 if (in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
))
438 return NSS_STATUS_NOTFOUND
;
440 copy_spwd_changes (result
, &pwd
, p
, plen
);
441 give_spwd_free (&pwd
);
442 /* We found the entry. */
443 return NSS_STATUS_SUCCESS
;
447 static enum nss_status
448 getspent_next_file (struct spwd
*result
, ent_t
*ent
,
449 char *buffer
, size_t buflen
, int *errnop
)
451 struct parser_data
*data
= (void *) buffer
;
460 /* We need at least 3 characters for one line. */
461 if (__builtin_expect (buflen
< 3, 0))
465 return NSS_STATUS_TRYAGAIN
;
468 fgetpos (ent
->stream
, &pos
);
469 buffer
[buflen
- 1] = '\xff';
470 p
= fgets_unlocked (buffer
, buflen
, ent
->stream
);
471 if (p
== NULL
&& feof_unlocked (ent
->stream
))
472 return NSS_STATUS_NOTFOUND
;
474 if (p
== NULL
|| __builtin_expect (buffer
[buflen
- 1] != '\xff', 0))
477 fsetpos (ent
->stream
, &pos
);
481 /* Skip leading blanks. */
485 while (*p
== '\0' || *p
== '#' /* Ignore empty and comment lines. */
486 /* Parse the line. If it is invalid, loop to
487 get the next line of the file to parse. */
488 || !(parse_res
= _nss_files_parse_spent (p
, result
, data
,
491 if (__builtin_expect (parse_res
== -1, 0))
492 /* The parser ran out of space. */
495 if (result
->sp_namp
[0] != '+' && result
->sp_namp
[0] != '-')
496 /* This is a real entry. */
500 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] == '@'
501 && result
->sp_namp
[2] != '\0')
503 /* XXX Do not use fixed length buffers. */
505 char *user
, *host
, *domain
;
506 struct __netgrent netgrdata
;
508 bzero (&netgrdata
, sizeof (struct __netgrent
));
509 __internal_setnetgrent (&result
->sp_namp
[2], &netgrdata
);
510 while (__internal_getnetgrent_r (&host
, &user
, &domain
,
511 &netgrdata
, buf2
, sizeof (buf2
),
514 if (user
!= NULL
&& user
[0] != '-')
515 blacklist_store_name (user
, ent
);
517 __internal_endnetgrent (&netgrdata
);
522 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '@'
523 && result
->sp_namp
[2] != '\0')
527 ent
->netgroup
= true;
529 copy_spwd_changes (&ent
->pwd
, result
, NULL
, 0);
531 status
= getspent_next_nss_netgr (NULL
, result
, ent
,
533 buffer
, buflen
, errnop
);
534 if (status
== NSS_STATUS_RETURN
)
541 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] != '\0'
542 && result
->sp_namp
[1] != '@')
544 blacklist_store_name (&result
->sp_namp
[1], ent
);
549 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] != '\0'
550 && result
->sp_namp
[1] != '@')
552 size_t len
= strlen (result
->sp_namp
);
554 enum nss_status status
;
556 /* Store the User in the blacklist for the "+" at the end of
558 memcpy (buf
, &result
->sp_namp
[1], len
);
559 status
= getspnam_plususer (&result
->sp_namp
[1], result
, ent
,
560 buffer
, buflen
, errnop
);
561 blacklist_store_name (buf
, ent
);
563 if (status
== NSS_STATUS_SUCCESS
) /* We found the entry. */
565 /* We couldn't parse the entry */
566 else if (status
== NSS_STATUS_RETURN
567 /* entry doesn't exist */
568 || status
== NSS_STATUS_NOTFOUND
)
572 if (status
== NSS_STATUS_TRYAGAIN
)
574 fsetpos (ent
->stream
, &pos
);
582 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '\0')
586 copy_spwd_changes (&ent
->pwd
, result
, NULL
, 0);
588 return getspent_next_nss (result
, ent
, buffer
, buflen
, errnop
);
592 return NSS_STATUS_SUCCESS
;
596 static enum nss_status
597 internal_getspent_r (struct spwd
*pw
, ent_t
*ent
,
598 char *buffer
, size_t buflen
, int *errnop
)
602 enum nss_status status
;
604 /* We are searching members in a netgroup */
605 /* Since this is not the first call, we don't need the group name */
606 status
= getspent_next_nss_netgr (NULL
, pw
, ent
, NULL
, buffer
,
609 if (status
== NSS_STATUS_RETURN
)
610 return getspent_next_file (pw
, ent
, buffer
, buflen
, errnop
);
615 return getspent_next_file (pw
, ent
, buffer
, buflen
, errnop
);
617 return getspent_next_nss (pw
, ent
, buffer
, buflen
, errnop
);
622 _nss_compat_getspent_r (struct spwd
*pwd
, char *buffer
, size_t buflen
,
625 enum nss_status result
= NSS_STATUS_SUCCESS
;
627 __libc_lock_lock (lock
);
629 /* Be prepared that the setpwent function was not called before. */
631 init_nss_interface ();
633 if (ext_ent
.stream
== NULL
)
634 result
= internal_setspent (&ext_ent
, 1);
636 if (result
== NSS_STATUS_SUCCESS
)
637 result
= internal_getspent_r (pwd
, &ext_ent
, buffer
, buflen
, errnop
);
639 __libc_lock_unlock (lock
);
645 /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
646 static enum nss_status
647 internal_getspnam_r (const char *name
, struct spwd
*result
, ent_t
*ent
,
648 char *buffer
, size_t buflen
, int *errnop
)
650 struct parser_data
*data
= (void *) buffer
;
660 /* We need at least 3 characters for one line. */
661 if (__builtin_expect (buflen
< 3, 0))
665 return NSS_STATUS_TRYAGAIN
;
668 fgetpos (ent
->stream
, &pos
);
669 buffer
[buflen
- 1] = '\xff';
670 p
= fgets_unlocked (buffer
, buflen
, ent
->stream
);
671 if (p
== NULL
&& feof_unlocked (ent
->stream
))
672 return NSS_STATUS_NOTFOUND
;
674 if (p
== NULL
|| buffer
[buflen
- 1] != '\xff')
677 fsetpos (ent
->stream
, &pos
);
681 /* Terminate the line for any case. */
682 buffer
[buflen
- 1] = '\0';
684 /* Skip leading blanks. */
688 while (*p
== '\0' || *p
== '#' || /* Ignore empty and comment lines. */
689 /* Parse the line. If it is invalid, loop to
690 get the next line of the file to parse. */
691 !(parse_res
= _nss_files_parse_spent (p
, result
, data
, buflen
,
694 if (__builtin_expect (parse_res
== -1, 0))
695 /* The parser ran out of space. */
698 /* This is a real entry. */
699 if (result
->sp_namp
[0] != '+' && result
->sp_namp
[0] != '-')
701 if (strcmp (result
->sp_namp
, name
) == 0)
702 return NSS_STATUS_SUCCESS
;
708 /* If the loaded NSS module does not support this service, add
709 all users from a +@netgroup entry to the blacklist, too. */
710 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] == '@'
711 && result
->sp_namp
[2] != '\0')
713 if (innetgr (&result
->sp_namp
[2], NULL
, name
, NULL
))
714 return NSS_STATUS_NOTFOUND
;
719 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '@'
720 && result
->sp_namp
[2] != '\0')
722 enum nss_status status
;
724 if (innetgr (&result
->sp_namp
[2], NULL
, name
, NULL
))
726 status
= getspnam_plususer (name
, result
, ent
, buffer
,
729 if (status
== NSS_STATUS_RETURN
)
738 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] != '\0'
739 && result
->sp_namp
[1] != '@')
741 if (strcmp (&result
->sp_namp
[1], name
) == 0)
742 return NSS_STATUS_NOTFOUND
;
748 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] != '\0'
749 && result
->sp_namp
[1] != '@')
751 if (strcmp (name
, &result
->sp_namp
[1]) == 0)
753 enum nss_status status
;
755 status
= getspnam_plususer (name
, result
, ent
,
756 buffer
, buflen
, errnop
);
758 if (status
== NSS_STATUS_RETURN
)
759 /* We couldn't parse the entry */
760 return NSS_STATUS_NOTFOUND
;
767 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '\0')
769 enum nss_status status
;
771 status
= getspnam_plususer (name
, result
, ent
,
772 buffer
, buflen
, errnop
);
774 if (status
== NSS_STATUS_SUCCESS
)
775 /* We found the entry. */
777 else if (status
== NSS_STATUS_RETURN
)
778 /* We couldn't parse the entry */
779 return NSS_STATUS_NOTFOUND
;
784 return NSS_STATUS_SUCCESS
;
789 _nss_compat_getspnam_r (const char *name
, struct spwd
*pwd
,
790 char *buffer
, size_t buflen
, int *errnop
)
792 enum nss_status result
;
793 ent_t ent
= { false, true, false, NSS_STATUS_SUCCESS
, NULL
, { NULL
, 0, 0},
794 { NULL
, NULL
, 0, 0, 0, 0, 0, 0, 0}};
796 if (name
[0] == '-' || name
[0] == '+')
797 return NSS_STATUS_NOTFOUND
;
799 __libc_lock_lock (lock
);
802 init_nss_interface ();
804 __libc_lock_unlock (lock
);
806 result
= internal_setspent (&ent
, 0);
808 if (result
== NSS_STATUS_SUCCESS
)
809 result
= internal_getspnam_r (name
, pwd
, &ent
, buffer
, buflen
, errnop
);
811 internal_endspent (&ent
);
817 /* Support routines for remembering -@netgroup and -user entries.
818 The names are stored in a single string with `|' as separator. */
820 blacklist_store_name (const char *name
, ent_t
*ent
)
822 int namelen
= strlen (name
);
825 /* first call, setup cache */
826 if (ent
->blacklist
.size
== 0)
828 ent
->blacklist
.size
= MAX (BLACKLIST_INITIAL_SIZE
, 2 * namelen
);
829 ent
->blacklist
.data
= malloc (ent
->blacklist
.size
);
830 if (ent
->blacklist
.data
== NULL
)
832 ent
->blacklist
.data
[0] = '|';
833 ent
->blacklist
.data
[1] = '\0';
834 ent
->blacklist
.current
= 1;
838 if (in_blacklist (name
, namelen
, ent
))
839 return; /* no duplicates */
841 if (ent
->blacklist
.current
+ namelen
+ 1 >= ent
->blacklist
.size
)
843 ent
->blacklist
.size
+= MAX (BLACKLIST_INCREMENT
, 2 * namelen
);
844 tmp
= realloc (ent
->blacklist
.data
, ent
->blacklist
.size
);
847 free (ent
->blacklist
.data
);
848 ent
->blacklist
.size
= 0;
851 ent
->blacklist
.data
= tmp
;
855 tmp
= stpcpy (ent
->blacklist
.data
+ ent
->blacklist
.current
, name
);
858 ent
->blacklist
.current
+= namelen
+ 1;
864 /* Returns TRUE if ent->blacklist contains name, else FALSE. */
866 in_blacklist (const char *name
, int namelen
, ent_t
*ent
)
868 char buf
[namelen
+ 3];
871 if (ent
->blacklist
.data
== NULL
)
875 cp
= stpcpy (&buf
[1], name
);
878 return strstr (ent
->blacklist
.data
, buf
) != NULL
;