1 /* Copyright (C) 1996-1999,2001-2006,2007,2011
2 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, write to the Free
18 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
28 #include <stdio_ext.h>
30 #include <rpc/types.h>
31 #include <rpcsvc/ypclnt.h>
32 #include <bits/libc-lock.h>
33 #include <kernel-features.h>
37 static service_user
*ni
;
38 static enum nss_status (*nss_setspent
) (int stayopen
);
39 static enum nss_status (*nss_getspnam_r
) (const char *name
, struct spwd
* sp
,
40 char *buffer
, size_t buflen
,
42 static enum nss_status (*nss_getspent_r
) (struct spwd
* sp
, char *buffer
,
43 size_t buflen
, int *errnop
);
44 static enum nss_status (*nss_endspent
) (void);
46 /* Get the declaration of the parser function. */
48 #define STRUCTURE spwd
50 #include <nss/nss_files/files-parse.c>
52 /* Structure for remembering -@netgroup and -user members ... */
53 #define BLACKLIST_INITIAL_SIZE 512
54 #define BLACKLIST_INCREMENT 256
67 enum nss_status setent_status
;
69 struct blacklist_t blacklist
;
71 struct __netgrent netgrdata
;
73 typedef struct ent_t ent_t
;
75 static ent_t ext_ent
= { false, true, false, NSS_STATUS_SUCCESS
, NULL
,
77 { NULL
, NULL
, 0, 0, 0, 0, 0, 0, 0}};
79 /* Protect global state against multiple changers. */
80 __libc_lock_define_initialized (static, lock
)
82 /* Positive if O_CLOEXEC is supported, negative if it is not supported,
83 zero if it is still undecided. This variable is shared with the
84 other compat functions. */
85 #ifdef __ASSUME_O_CLOEXEC
86 # define __compat_have_cloexec 1
89 extern int __compat_have_cloexec
;
91 # define __compat_have_cloexec -1
95 /* Prototypes for local functions. */
96 static void blacklist_store_name (const char *, ent_t
*);
97 static int in_blacklist (const char *, int, ent_t
*);
99 /* Initialize the NSS interface/functions. The calling function must
102 init_nss_interface (void)
104 if (__nss_database_lookup ("shadow_compat", "passwd_compat",
107 nss_setspent
= __nss_lookup_function (ni
, "setspent");
108 nss_getspnam_r
= __nss_lookup_function (ni
, "getspnam_r");
109 nss_getspent_r
= __nss_lookup_function (ni
, "getspent_r");
110 nss_endspent
= __nss_lookup_function (ni
, "endspent");
115 give_spwd_free (struct spwd
*pwd
)
120 memset (pwd
, '\0', sizeof (struct spwd
));
128 spwd_need_buflen (struct spwd
*pwd
)
132 if (pwd
->sp_pwdp
!= NULL
)
133 len
+= strlen (pwd
->sp_pwdp
) + 1;
139 copy_spwd_changes (struct spwd
*dest
, struct spwd
*src
,
140 char *buffer
, size_t buflen
)
142 if (src
->sp_pwdp
!= NULL
&& strlen (src
->sp_pwdp
))
145 dest
->sp_pwdp
= strdup (src
->sp_pwdp
);
146 else if (dest
->sp_pwdp
&&
147 strlen (dest
->sp_pwdp
) >= strlen (src
->sp_pwdp
))
148 strcpy (dest
->sp_pwdp
, src
->sp_pwdp
);
151 dest
->sp_pwdp
= buffer
;
152 strcpy (dest
->sp_pwdp
, src
->sp_pwdp
);
153 buffer
+= strlen (dest
->sp_pwdp
) + 1;
154 buflen
= buflen
- (strlen (dest
->sp_pwdp
) + 1);
157 if (src
->sp_lstchg
!= 0)
158 dest
->sp_lstchg
= src
->sp_lstchg
;
159 if (src
->sp_min
!= 0)
160 dest
->sp_min
= src
->sp_min
;
161 if (src
->sp_max
!= 0)
162 dest
->sp_max
= src
->sp_max
;
163 if (src
->sp_warn
!= -1)
164 dest
->sp_warn
= src
->sp_warn
;
165 if (src
->sp_inact
!= -1)
166 dest
->sp_inact
= src
->sp_inact
;
167 if (src
->sp_expire
!= -1)
168 dest
->sp_expire
= src
->sp_expire
;
169 if (src
->sp_flag
!= ~0ul)
170 dest
->sp_flag
= src
->sp_flag
;
173 static enum nss_status
174 internal_setspent (ent_t
*ent
, int stayopen
)
176 enum nss_status status
= NSS_STATUS_SUCCESS
;
178 ent
->first
= ent
->netgroup
= 0;
181 /* If something was left over free it. */
183 __internal_endnetgrent (&ent
->netgrdata
);
185 if (ent
->blacklist
.data
!= NULL
)
187 ent
->blacklist
.current
= 1;
188 ent
->blacklist
.data
[0] = '|';
189 ent
->blacklist
.data
[1] = '\0';
192 ent
->blacklist
.current
= 0;
194 if (ent
->stream
== NULL
)
196 ent
->stream
= fopen ("/etc/shadow", "rme");
198 if (ent
->stream
== NULL
)
199 status
= errno
== EAGAIN
? NSS_STATUS_TRYAGAIN
: NSS_STATUS_UNAVAIL
;
202 /* We have to make sure the file is `closed on exec'. */
205 if (__compat_have_cloexec
<= 0)
208 result
= flags
= fcntl (fileno_unlocked (ent
->stream
), F_GETFD
,
212 #if defined O_CLOEXEC && !defined __ASSUME_O_CLOEXEC
213 if (__compat_have_cloexec
== 0)
214 __compat_have_cloexec
= (flags
& FD_CLOEXEC
) ? 1 : -1;
216 if (__compat_have_cloexec
< 0)
220 result
= fcntl (fileno_unlocked (ent
->stream
), F_SETFD
,
228 /* Something went wrong. Close the stream and return a
230 fclose (ent
->stream
);
232 status
= NSS_STATUS_UNAVAIL
;
235 /* We take care of locking ourself. */
236 __fsetlocking (ent
->stream
, FSETLOCKING_BYCALLER
);
240 rewind (ent
->stream
);
242 give_spwd_free (&ent
->pwd
);
244 if (status
== NSS_STATUS_SUCCESS
&& nss_setspent
)
245 ent
->setent_status
= nss_setspent (stayopen
);
252 _nss_compat_setspent (int stayopen
)
254 enum nss_status result
;
256 __libc_lock_lock (lock
);
259 init_nss_interface ();
261 result
= internal_setspent (&ext_ent
, stayopen
);
263 __libc_lock_unlock (lock
);
269 static enum nss_status
270 internal_endspent (ent_t
*ent
)
275 if (ent
->stream
!= NULL
)
277 fclose (ent
->stream
);
282 __internal_endnetgrent (&ent
->netgrdata
);
284 ent
->first
= ent
->netgroup
= false;
287 if (ent
->blacklist
.data
!= NULL
)
289 ent
->blacklist
.current
= 1;
290 ent
->blacklist
.data
[0] = '|';
291 ent
->blacklist
.data
[1] = '\0';
294 ent
->blacklist
.current
= 0;
296 give_spwd_free (&ent
->pwd
);
298 return NSS_STATUS_SUCCESS
;
302 _nss_compat_endspent (void)
304 enum nss_status result
;
306 __libc_lock_lock (lock
);
308 result
= internal_endspent (&ext_ent
);
310 __libc_lock_unlock (lock
);
316 static enum nss_status
317 getspent_next_nss_netgr (const char *name
, struct spwd
*result
, ent_t
*ent
,
318 char *group
, char *buffer
, size_t buflen
,
321 char *curdomain
= NULL
, *host
, *user
, *domain
, *p2
;
325 return NSS_STATUS_UNAVAIL
;
327 /* If the setpwent call failed, say so. */
328 if (ent
->setent_status
!= NSS_STATUS_SUCCESS
)
329 return ent
->setent_status
;
333 memset (&ent
->netgrdata
, 0, sizeof (struct __netgrent
));
334 __internal_setnetgrent (group
, &ent
->netgrdata
);
340 enum nss_status status
;
342 status
= __internal_getnetgrent_r (&host
, &user
, &domain
,
343 &ent
->netgrdata
, buffer
, buflen
,
347 __internal_endnetgrent (&ent
->netgrdata
);
348 ent
->netgroup
= false;
349 give_spwd_free (&ent
->pwd
);
350 return NSS_STATUS_RETURN
;
353 if (user
== NULL
|| user
[0] == '-')
358 if (curdomain
== NULL
359 && yp_get_default_domain (&curdomain
) != YPERR_SUCCESS
)
361 __internal_endnetgrent (&ent
->netgrdata
);
362 ent
->netgroup
= false;
363 give_spwd_free (&ent
->pwd
);
364 return NSS_STATUS_UNAVAIL
;
366 if (strcmp (curdomain
, domain
) != 0)
370 /* If name != NULL, we are called from getpwnam */
372 if (strcmp (user
, name
) != 0)
375 p2len
= spwd_need_buflen (&ent
->pwd
);
379 return NSS_STATUS_TRYAGAIN
;
381 p2
= buffer
+ (buflen
- p2len
);
384 if (nss_getspnam_r (user
, result
, buffer
, buflen
, errnop
) !=
388 if (!in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
))
390 /* Store the User in the blacklist for possible the "+" at the
391 end of /etc/passwd */
392 blacklist_store_name (result
->sp_namp
, ent
);
393 copy_spwd_changes (result
, &ent
->pwd
, p2
, p2len
);
398 return NSS_STATUS_SUCCESS
;
402 static enum nss_status
403 getspent_next_nss (struct spwd
*result
, ent_t
*ent
,
404 char *buffer
, size_t buflen
, int *errnop
)
406 enum nss_status status
;
411 return NSS_STATUS_UNAVAIL
;
413 p2len
= spwd_need_buflen (&ent
->pwd
);
417 return NSS_STATUS_TRYAGAIN
;
419 p2
= buffer
+ (buflen
- p2len
);
423 if ((status
= nss_getspent_r (result
, buffer
, buflen
, errnop
)) !=
427 while (in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
));
429 copy_spwd_changes (result
, &ent
->pwd
, p2
, p2len
);
431 return NSS_STATUS_SUCCESS
;
435 /* This function handle the +user entrys in /etc/shadow */
436 static enum nss_status
437 getspnam_plususer (const char *name
, struct spwd
*result
, ent_t
*ent
,
438 char *buffer
, size_t buflen
, int *errnop
)
441 return NSS_STATUS_UNAVAIL
;
444 memset (&pwd
, '\0', sizeof (struct spwd
));
450 copy_spwd_changes (&pwd
, result
, NULL
, 0);
452 size_t plen
= spwd_need_buflen (&pwd
);
456 return NSS_STATUS_TRYAGAIN
;
458 char *p
= buffer
+ (buflen
- plen
);
461 enum nss_status status
= nss_getspnam_r (name
, result
, buffer
, buflen
,
463 if (status
!= NSS_STATUS_SUCCESS
)
466 if (in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
))
467 return NSS_STATUS_NOTFOUND
;
469 copy_spwd_changes (result
, &pwd
, p
, plen
);
470 give_spwd_free (&pwd
);
471 /* We found the entry. */
472 return NSS_STATUS_SUCCESS
;
476 static enum nss_status
477 getspent_next_file (struct spwd
*result
, ent_t
*ent
,
478 char *buffer
, size_t buflen
, int *errnop
)
480 struct parser_data
*data
= (void *) buffer
;
489 /* We need at least 3 characters for one line. */
490 if (__builtin_expect (buflen
< 3, 0))
494 return NSS_STATUS_TRYAGAIN
;
497 fgetpos (ent
->stream
, &pos
);
498 buffer
[buflen
- 1] = '\xff';
499 p
= fgets_unlocked (buffer
, buflen
, ent
->stream
);
500 if (p
== NULL
&& feof_unlocked (ent
->stream
))
501 return NSS_STATUS_NOTFOUND
;
503 if (p
== NULL
|| __builtin_expect (buffer
[buflen
- 1] != '\xff', 0))
506 fsetpos (ent
->stream
, &pos
);
510 /* Skip leading blanks. */
514 while (*p
== '\0' || *p
== '#' /* Ignore empty and comment lines. */
515 /* Parse the line. If it is invalid, loop to
516 get the next line of the file to parse. */
517 || !(parse_res
= _nss_files_parse_spent (p
, result
, data
,
520 if (__builtin_expect (parse_res
== -1, 0))
521 /* The parser ran out of space. */
524 if (result
->sp_namp
[0] != '+' && result
->sp_namp
[0] != '-')
525 /* This is a real entry. */
529 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] == '@'
530 && result
->sp_namp
[2] != '\0')
532 /* XXX Do not use fixed length buffers. */
534 char *user
, *host
, *domain
;
535 struct __netgrent netgrdata
;
537 bzero (&netgrdata
, sizeof (struct __netgrent
));
538 __internal_setnetgrent (&result
->sp_namp
[2], &netgrdata
);
539 while (__internal_getnetgrent_r (&host
, &user
, &domain
,
540 &netgrdata
, buf2
, sizeof (buf2
),
543 if (user
!= NULL
&& user
[0] != '-')
544 blacklist_store_name (user
, ent
);
546 __internal_endnetgrent (&netgrdata
);
551 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '@'
552 && result
->sp_namp
[2] != '\0')
556 ent
->netgroup
= true;
558 copy_spwd_changes (&ent
->pwd
, result
, NULL
, 0);
560 status
= getspent_next_nss_netgr (NULL
, result
, ent
,
562 buffer
, buflen
, errnop
);
563 if (status
== NSS_STATUS_RETURN
)
570 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] != '\0'
571 && result
->sp_namp
[1] != '@')
573 blacklist_store_name (&result
->sp_namp
[1], ent
);
578 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] != '\0'
579 && result
->sp_namp
[1] != '@')
581 size_t len
= strlen (result
->sp_namp
);
583 enum nss_status status
;
585 /* Store the User in the blacklist for the "+" at the end of
587 memcpy (buf
, &result
->sp_namp
[1], len
);
588 status
= getspnam_plususer (&result
->sp_namp
[1], result
, ent
,
589 buffer
, buflen
, errnop
);
590 blacklist_store_name (buf
, ent
);
592 if (status
== NSS_STATUS_SUCCESS
) /* We found the entry. */
594 /* We couldn't parse the entry */
595 else if (status
== NSS_STATUS_RETURN
596 /* entry doesn't exist */
597 || status
== NSS_STATUS_NOTFOUND
)
601 if (status
== NSS_STATUS_TRYAGAIN
)
603 fsetpos (ent
->stream
, &pos
);
611 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '\0')
615 copy_spwd_changes (&ent
->pwd
, result
, NULL
, 0);
617 return getspent_next_nss (result
, ent
, buffer
, buflen
, errnop
);
621 return NSS_STATUS_SUCCESS
;
625 static enum nss_status
626 internal_getspent_r (struct spwd
*pw
, ent_t
*ent
,
627 char *buffer
, size_t buflen
, int *errnop
)
631 enum nss_status status
;
633 /* We are searching members in a netgroup */
634 /* Since this is not the first call, we don't need the group name */
635 status
= getspent_next_nss_netgr (NULL
, pw
, ent
, NULL
, buffer
,
638 if (status
== NSS_STATUS_RETURN
)
639 return getspent_next_file (pw
, ent
, buffer
, buflen
, errnop
);
644 return getspent_next_file (pw
, ent
, buffer
, buflen
, errnop
);
646 return getspent_next_nss (pw
, ent
, buffer
, buflen
, errnop
);
651 _nss_compat_getspent_r (struct spwd
*pwd
, char *buffer
, size_t buflen
,
654 enum nss_status result
= NSS_STATUS_SUCCESS
;
656 __libc_lock_lock (lock
);
658 /* Be prepared that the setpwent function was not called before. */
660 init_nss_interface ();
662 if (ext_ent
.stream
== NULL
)
663 result
= internal_setspent (&ext_ent
, 1);
665 if (result
== NSS_STATUS_SUCCESS
)
666 result
= internal_getspent_r (pwd
, &ext_ent
, buffer
, buflen
, errnop
);
668 __libc_lock_unlock (lock
);
674 /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
675 static enum nss_status
676 internal_getspnam_r (const char *name
, struct spwd
*result
, ent_t
*ent
,
677 char *buffer
, size_t buflen
, int *errnop
)
679 struct parser_data
*data
= (void *) buffer
;
689 /* We need at least 3 characters for one line. */
690 if (__builtin_expect (buflen
< 3, 0))
694 return NSS_STATUS_TRYAGAIN
;
697 fgetpos (ent
->stream
, &pos
);
698 buffer
[buflen
- 1] = '\xff';
699 p
= fgets_unlocked (buffer
, buflen
, ent
->stream
);
700 if (p
== NULL
&& feof_unlocked (ent
->stream
))
701 return NSS_STATUS_NOTFOUND
;
703 if (p
== NULL
|| buffer
[buflen
- 1] != '\xff')
706 fsetpos (ent
->stream
, &pos
);
710 /* Terminate the line for any case. */
711 buffer
[buflen
- 1] = '\0';
713 /* Skip leading blanks. */
717 while (*p
== '\0' || *p
== '#' || /* Ignore empty and comment lines. */
718 /* Parse the line. If it is invalid, loop to
719 get the next line of the file to parse. */
720 !(parse_res
= _nss_files_parse_spent (p
, result
, data
, buflen
,
723 if (__builtin_expect (parse_res
== -1, 0))
724 /* The parser ran out of space. */
727 /* This is a real entry. */
728 if (result
->sp_namp
[0] != '+' && result
->sp_namp
[0] != '-')
730 if (strcmp (result
->sp_namp
, name
) == 0)
731 return NSS_STATUS_SUCCESS
;
737 /* If the loaded NSS module does not support this service, add
738 all users from a +@netgroup entry to the blacklist, too. */
739 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] == '@'
740 && result
->sp_namp
[2] != '\0')
742 if (innetgr (&result
->sp_namp
[2], NULL
, name
, NULL
))
743 return NSS_STATUS_NOTFOUND
;
748 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '@'
749 && result
->sp_namp
[2] != '\0')
751 enum nss_status status
;
753 if (innetgr (&result
->sp_namp
[2], NULL
, name
, NULL
))
755 status
= getspnam_plususer (name
, result
, ent
, buffer
,
758 if (status
== NSS_STATUS_RETURN
)
767 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] != '\0'
768 && result
->sp_namp
[1] != '@')
770 if (strcmp (&result
->sp_namp
[1], name
) == 0)
771 return NSS_STATUS_NOTFOUND
;
777 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] != '\0'
778 && result
->sp_namp
[1] != '@')
780 if (strcmp (name
, &result
->sp_namp
[1]) == 0)
782 enum nss_status status
;
784 status
= getspnam_plususer (name
, result
, ent
,
785 buffer
, buflen
, errnop
);
787 if (status
== NSS_STATUS_RETURN
)
788 /* We couldn't parse the entry */
789 return NSS_STATUS_NOTFOUND
;
796 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '\0')
798 enum nss_status status
;
800 status
= getspnam_plususer (name
, result
, ent
,
801 buffer
, buflen
, errnop
);
803 if (status
== NSS_STATUS_SUCCESS
)
804 /* We found the entry. */
806 else if (status
== NSS_STATUS_RETURN
)
807 /* We couldn't parse the entry */
808 return NSS_STATUS_NOTFOUND
;
813 return NSS_STATUS_SUCCESS
;
818 _nss_compat_getspnam_r (const char *name
, struct spwd
*pwd
,
819 char *buffer
, size_t buflen
, int *errnop
)
821 enum nss_status result
;
822 ent_t ent
= { false, true, false, NSS_STATUS_SUCCESS
, NULL
, { NULL
, 0, 0},
823 { NULL
, NULL
, 0, 0, 0, 0, 0, 0, 0}};
825 if (name
[0] == '-' || name
[0] == '+')
826 return NSS_STATUS_NOTFOUND
;
828 __libc_lock_lock (lock
);
831 init_nss_interface ();
833 __libc_lock_unlock (lock
);
835 result
= internal_setspent (&ent
, 0);
837 if (result
== NSS_STATUS_SUCCESS
)
838 result
= internal_getspnam_r (name
, pwd
, &ent
, buffer
, buflen
, errnop
);
840 internal_endspent (&ent
);
846 /* Support routines for remembering -@netgroup and -user entries.
847 The names are stored in a single string with `|' as separator. */
849 blacklist_store_name (const char *name
, ent_t
*ent
)
851 int namelen
= strlen (name
);
854 /* first call, setup cache */
855 if (ent
->blacklist
.size
== 0)
857 ent
->blacklist
.size
= MAX (BLACKLIST_INITIAL_SIZE
, 2 * namelen
);
858 ent
->blacklist
.data
= malloc (ent
->blacklist
.size
);
859 if (ent
->blacklist
.data
== NULL
)
861 ent
->blacklist
.data
[0] = '|';
862 ent
->blacklist
.data
[1] = '\0';
863 ent
->blacklist
.current
= 1;
867 if (in_blacklist (name
, namelen
, ent
))
868 return; /* no duplicates */
870 if (ent
->blacklist
.current
+ namelen
+ 1 >= ent
->blacklist
.size
)
872 ent
->blacklist
.size
+= MAX (BLACKLIST_INCREMENT
, 2 * namelen
);
873 tmp
= realloc (ent
->blacklist
.data
, ent
->blacklist
.size
);
876 free (ent
->blacklist
.data
);
877 ent
->blacklist
.size
= 0;
880 ent
->blacklist
.data
= tmp
;
884 tmp
= stpcpy (ent
->blacklist
.data
+ ent
->blacklist
.current
, name
);
887 ent
->blacklist
.current
+= namelen
+ 1;
893 /* Returns TRUE if ent->blacklist contains name, else FALSE. */
895 in_blacklist (const char *name
, int namelen
, ent_t
*ent
)
897 char buf
[namelen
+ 3];
900 if (ent
->blacklist
.data
== NULL
)
904 cp
= stpcpy (&buf
[1], name
);
907 return strstr (ent
->blacklist
.data
, buf
) != NULL
;