search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Prepare for glibc 2.34 release.
[glibc.git] / nss / nss_compat / compat-pwd.c
blob64d708ff63a8b02af6db66471cbd2e848230cbf7
1 /* Copyright (C) 1996-2021 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <https://www.gnu.org/licenses/>. */
18
19 #include <ctype.h>
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <netdb.h>
23 #include <nss.h>
24 #include <nsswitch.h>
25 #include <pwd.h>
26 #include <stdio_ext.h>
27 #include <string.h>
28 #include <libc-lock.h>
29 #include <kernel-features.h>
30 #include <nss_files.h>
31
32 #include "netgroup.h"
33 #include "nisdomain.h"
34
35 NSS_DECLARE_MODULE_FUNCTIONS (compat)
36
37 static nss_action_list ni;
38 static enum nss_status (*setpwent_impl) (int stayopen);
39 static enum nss_status (*getpwnam_r_impl) (const char *name,
40 struct passwd * pwd, char *buffer,
41 size_t buflen, int *errnop);
42 static enum nss_status (*getpwuid_r_impl) (uid_t uid, struct passwd * pwd,
43 char *buffer, size_t buflen,
44 int *errnop);
45 static enum nss_status (*getpwent_r_impl) (struct passwd * pwd, char *buffer,
46 size_t buflen, int *errnop);
47 static enum nss_status (*endpwent_impl) (void);
48
49 /* Get the declaration of the parser function. */
50 #define ENTNAME pwent
51 #define STRUCTURE passwd
52 #define EXTERN_PARSER
53 #include <nss/nss_files/files-parse.c>
54
55 /* Structure for remembering -@netgroup and -user members ... */
56 #define BLACKLIST_INITIAL_SIZE 512
57 #define BLACKLIST_INCREMENT 256
58 struct blacklist_t
59 {
60 char *data;
61 int current;
62 int size;
63 };
64
65 struct ent_t
66 {
67 bool netgroup;
68 bool first;
69 bool files;
70 enum nss_status setent_status;
71 FILE *stream;
72 struct blacklist_t blacklist;
73 struct passwd pwd;
74 struct __netgrent netgrdata;
75 };
76 typedef struct ent_t ent_t;
77
78 static ent_t ext_ent = { false, false, true, NSS_STATUS_SUCCESS, NULL,
79 { NULL, 0, 0 },
80 { NULL, NULL, 0, 0, NULL, NULL, NULL }};
81
82 /* Protect global state against multiple changers. */
83 __libc_lock_define_initialized (static, lock)
84
85 /* Prototypes for local functions. */
86 static void blacklist_store_name (const char *, ent_t *);
87 static bool in_blacklist (const char *, int, ent_t *);
88
89 /* Initialize the NSS interface/functions. The calling function must
90 hold the lock. */
91 static void
92 init_nss_interface (void)
93 {
94 if (__nss_database_get (nss_database_passwd_compat, &ni))
95 {
96 setpwent_impl = __nss_lookup_function (ni, "setpwent");
97 getpwnam_r_impl = __nss_lookup_function (ni, "getpwnam_r");
98 getpwuid_r_impl = __nss_lookup_function (ni, "getpwuid_r");
99 getpwent_r_impl = __nss_lookup_function (ni, "getpwent_r");
100 endpwent_impl = __nss_lookup_function (ni, "endpwent");
101 }
102 }
103
104 static void
105 give_pwd_free (struct passwd *pwd)
106 {
107 free (pwd->pw_name);
108 free (pwd->pw_passwd);
109 free (pwd->pw_gecos);
110 free (pwd->pw_dir);
111 free (pwd->pw_shell);
112
113 memset (pwd, '\0', sizeof (struct passwd));
114 }
115
116 static size_t
117 pwd_need_buflen (struct passwd *pwd)
118 {
119 size_t len = 0;
120
121 if (pwd->pw_passwd != NULL)
122 len += strlen (pwd->pw_passwd) + 1;
123
124 if (pwd->pw_gecos != NULL)
125 len += strlen (pwd->pw_gecos) + 1;
126
127 if (pwd->pw_dir != NULL)
128 len += strlen (pwd->pw_dir) + 1;
129
130 if (pwd->pw_shell != NULL)
131 len += strlen (pwd->pw_shell) + 1;
132
133 return len;
134 }
135
136 static void
137 copy_pwd_changes (struct passwd *dest, struct passwd *src,
138 char *buffer, size_t buflen)
139 {
140 if (src->pw_passwd != NULL && strlen (src->pw_passwd))
141 {
142 if (buffer == NULL)
143 dest->pw_passwd = strdup (src->pw_passwd);
144 else if (dest->pw_passwd
145 && strlen (dest->pw_passwd) >= strlen (src->pw_passwd))
146 strcpy (dest->pw_passwd, src->pw_passwd);
147 else
148 {
149 dest->pw_passwd = buffer;
150 strcpy (dest->pw_passwd, src->pw_passwd);
151 buffer += strlen (dest->pw_passwd) + 1;
152 buflen = buflen - (strlen (dest->pw_passwd) + 1);
153 }
154 }
155
156 if (src->pw_gecos != NULL && strlen (src->pw_gecos))
157 {
158 if (buffer == NULL)
159 dest->pw_gecos = strdup (src->pw_gecos);
160 else if (dest->pw_gecos
161 && strlen (dest->pw_gecos) >= strlen (src->pw_gecos))
162 strcpy (dest->pw_gecos, src->pw_gecos);
163 else
164 {
165 dest->pw_gecos = buffer;
166 strcpy (dest->pw_gecos, src->pw_gecos);
167 buffer += strlen (dest->pw_gecos) + 1;
168 buflen = buflen - (strlen (dest->pw_gecos) + 1);
169 }
170 }
171 if (src->pw_dir != NULL && strlen (src->pw_dir))
172 {
173 if (buffer == NULL)
174 dest->pw_dir = strdup (src->pw_dir);
175 else if (dest->pw_dir && strlen (dest->pw_dir) >= strlen (src->pw_dir))
176 strcpy (dest->pw_dir, src->pw_dir);
177 else
178 {
179 dest->pw_dir = buffer;
180 strcpy (dest->pw_dir, src->pw_dir);
181 buffer += strlen (dest->pw_dir) + 1;
182 buflen = buflen - (strlen (dest->pw_dir) + 1);
183 }
184 }
185
186 if (src->pw_shell != NULL && strlen (src->pw_shell))
187 {
188 if (buffer == NULL)
189 dest->pw_shell = strdup (src->pw_shell);
190 else if (dest->pw_shell
191 && strlen (dest->pw_shell) >= strlen (src->pw_shell))
192 strcpy (dest->pw_shell, src->pw_shell);
193 else
194 {
195 dest->pw_shell = buffer;
196 strcpy (dest->pw_shell, src->pw_shell);
197 buffer += strlen (dest->pw_shell) + 1;
198 buflen = buflen - (strlen (dest->pw_shell) + 1);
199 }
200 }
201 }
202
203 static enum nss_status
204 internal_setpwent (ent_t *ent, int stayopen, int needent)
205 {
206 enum nss_status status = NSS_STATUS_SUCCESS;
207
208 ent->first = ent->netgroup = false;
209 ent->files = true;
210 ent->setent_status = NSS_STATUS_SUCCESS;
211
212 /* If something was left over free it. */
213 if (ent->netgroup)
214 __internal_endnetgrent (&ent->netgrdata);
215
216 if (ent->blacklist.data != NULL)
217 {
218 ent->blacklist.current = 1;
219 ent->blacklist.data[0] = '|';
220 ent->blacklist.data[1] = '\0';
221 }
222 else
223 ent->blacklist.current = 0;
224
225 if (ent->stream == NULL)
226 {
227 ent->stream = __nss_files_fopen ("/etc/passwd");
228
229 if (ent->stream == NULL)
230 status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
231 }
232 else
233 rewind (ent->stream);
234
235 give_pwd_free (&ent->pwd);
236
237 if (needent && status == NSS_STATUS_SUCCESS && setpwent_impl)
238 ent->setent_status = setpwent_impl (stayopen);
239
240 return status;
241 }
242
243
244 enum nss_status
245 _nss_compat_setpwent (int stayopen)
246 {
247 enum nss_status result;
248
249 __libc_lock_lock (lock);
250
251 if (ni == NULL)
252 init_nss_interface ();
253
254 result = internal_setpwent (&ext_ent, stayopen, 1);
255
256 __libc_lock_unlock (lock);
257
258 return result;
259 }
260
261
262 static enum nss_status __attribute_warn_unused_result__
263 internal_endpwent (ent_t *ent)
264 {
265 if (ent->stream != NULL)
266 {
267 fclose (ent->stream);
268 ent->stream = NULL;
269 }
270
271 if (ent->netgroup)
272 __internal_endnetgrent (&ent->netgrdata);
273
274 ent->first = ent->netgroup = false;
275
276 if (ent->blacklist.data != NULL)
277 {
278 ent->blacklist.current = 1;
279 ent->blacklist.data[0] = '|';
280 ent->blacklist.data[1] = '\0';
281 }
282 else
283 ent->blacklist.current = 0;
284
285 give_pwd_free (&ent->pwd);
286
287 return NSS_STATUS_SUCCESS;
288 }
289
290 /* Like internal_endpwent, but preserve errno in all cases. */
291 static void
292 internal_endpwent_noerror (ent_t *ent)
293 {
294 int saved_errno = errno;
295 enum nss_status unused __attribute__ ((unused)) = internal_endpwent (ent);
296 __set_errno (saved_errno);
297 }
298
299 enum nss_status
300 _nss_compat_endpwent (void)
301 {
302 enum nss_status result;
303
304 __libc_lock_lock (lock);
305
306 if (endpwent_impl)
307 endpwent_impl ();
308
309 result = internal_endpwent (&ext_ent);
310
311 __libc_lock_unlock (lock);
312
313 return result;
314 }
315
316
317 static enum nss_status
318 getpwent_next_nss_netgr (const char *name, struct passwd *result, ent_t *ent,
319 char *group, char *buffer, size_t buflen,
320 int *errnop)
321 {
322 char *curdomain = NULL, *host, *user, *domain, *p2;
323 int status;
324 size_t p2len;
325
326 /* Leave function if NSS module does not support getpwnam_r,
327 we need this function here. */
328 if (!getpwnam_r_impl)
329 return NSS_STATUS_UNAVAIL;
330
331 if (ent->first)
332 {
333 memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
334 __internal_setnetgrent (group, &ent->netgrdata);
335 ent->first = false;
336 }
337
338 while (1)
339 {
340 status = __internal_getnetgrent_r (&host, &user, &domain,
341 &ent->netgrdata, buffer, buflen,
342 errnop);
343 if (status != 1)
344 {
345 __internal_endnetgrent (&ent->netgrdata);
346 ent->netgroup = 0;
347 give_pwd_free (&ent->pwd);
348 return NSS_STATUS_RETURN;
349 }
350
351 if (user == NULL || user[0] == '-')
352 continue;
353
354 if (domain != NULL)
355 {
356 if (curdomain == NULL
357 && __nss_get_default_domain (&curdomain) != 0)
358 {
359 __internal_endnetgrent (&ent->netgrdata);
360 ent->netgroup = false;
361 give_pwd_free (&ent->pwd);
362 return NSS_STATUS_UNAVAIL;
363 }
364 if (strcmp (curdomain, domain) != 0)
365 continue;
366 }
367
368 /* If name != NULL, we are called from getpwnam. */
369 if (name != NULL)
370 if (strcmp (user, name) != 0)
371 continue;
372
373 p2len = pwd_need_buflen (&ent->pwd);
374 if (p2len > buflen)
375 {
376 *errnop = ERANGE;
377 return NSS_STATUS_TRYAGAIN;
378 }
379 p2 = buffer + (buflen - p2len);
380 buflen -= p2len;
381
382 if (getpwnam_r_impl (user, result, buffer, buflen, errnop)
383 != NSS_STATUS_SUCCESS)
384 continue;
385
386 if (!in_blacklist (result->pw_name, strlen (result->pw_name), ent))
387 {
388 /* Store the User in the blacklist for possible the "+" at the
389 end of /etc/passwd */
390 blacklist_store_name (result->pw_name, ent);
391 copy_pwd_changes (result, &ent->pwd, p2, p2len);
392 break;
393 }
394 }
395
396 return NSS_STATUS_SUCCESS;
397 }
398
399 /* get the next user from NSS (+ entry) */
400 static enum nss_status
401 getpwent_next_nss (struct passwd *result, ent_t *ent, char *buffer,
402 size_t buflen, int *errnop)
403 {
404 enum nss_status status;
405 char *p2;
406 size_t p2len;
407
408 /* Return if NSS module does not support getpwent_r. */
409 if (!getpwent_r_impl)
410 return NSS_STATUS_UNAVAIL;
411
412 /* If the setpwent call failed, say so. */
413 if (ent->setent_status != NSS_STATUS_SUCCESS)
414 return ent->setent_status;
415
416 p2len = pwd_need_buflen (&ent->pwd);
417 if (p2len > buflen)
418 {
419 *errnop = ERANGE;
420 return NSS_STATUS_TRYAGAIN;
421 }
422 p2 = buffer + (buflen - p2len);
423 buflen -= p2len;
424
425 if (ent->first)
426 ent->first = false;
427
428 do
429 {
430 if ((status = getpwent_r_impl (result, buffer, buflen, errnop))
431 != NSS_STATUS_SUCCESS)
432 return status;
433 }
434 while (in_blacklist (result->pw_name, strlen (result->pw_name), ent));
435
436 copy_pwd_changes (result, &ent->pwd, p2, p2len);
437
438 return NSS_STATUS_SUCCESS;
439 }
440
441 /* This function handle the +user entrys in /etc/passwd */
442 static enum nss_status
443 getpwnam_plususer (const char *name, struct passwd *result, ent_t *ent,
444 char *buffer, size_t buflen, int *errnop)
445 {
446 if (!getpwnam_r_impl)
447 return NSS_STATUS_UNAVAIL;
448
449 struct passwd pwd;
450 memset (&pwd, '\0', sizeof (struct passwd));
451
452 copy_pwd_changes (&pwd, result, NULL, 0);
453
454 size_t plen = pwd_need_buflen (&pwd);
455 if (plen > buflen)
456 {
457 *errnop = ERANGE;
458 return NSS_STATUS_TRYAGAIN;
459 }
460 char *p = buffer + (buflen - plen);
461 buflen -= plen;
462
463 enum nss_status status = getpwnam_r_impl (name, result, buffer, buflen,
464 errnop);
465 if (status != NSS_STATUS_SUCCESS)
466 return status;
467
468 if (in_blacklist (result->pw_name, strlen (result->pw_name), ent))
469 return NSS_STATUS_NOTFOUND;
470
471 copy_pwd_changes (result, &pwd, p, plen);
472 give_pwd_free (&pwd);
473 /* We found the entry. */
474 return NSS_STATUS_SUCCESS;
475 }
476
477 static enum nss_status
478 getpwent_next_file (struct passwd *result, ent_t *ent,
479 char *buffer, size_t buflen, int *errnop)
480 {
481 struct parser_data *data = (void *) buffer;
482 while (1)
483 {
484 fpos_t pos;
485 char *p;
486 int parse_res;
487
488 do
489 {
490 /* We need at least 3 characters for one line. */
491 if (__glibc_unlikely (buflen < 3))
492 {
493 erange:
494 *errnop = ERANGE;
495 return NSS_STATUS_TRYAGAIN;
496 }
497
498 fgetpos (ent->stream, &pos);
499 buffer[buflen - 1] = '\xff';
500 p = fgets_unlocked (buffer, buflen, ent->stream);
501 if (p == NULL && feof_unlocked (ent->stream))
502 return NSS_STATUS_NOTFOUND;
503
504 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
505 {
506 erange_reset:
507 fsetpos (ent->stream, &pos);
508 goto erange;
509 }
510
511 /* Terminate the line for any case. */
512 buffer[buflen - 1] = '\0';
513
514 /* Skip leading blanks. */
515 while (isspace (*p))
516 ++p;
517 }
518 while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
519 /* Parse the line. If it is invalid, loop to
520 get the next line of the file to parse. */
521 || !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
522 errnop)));
523
524 if (__glibc_unlikely (parse_res == -1))
525 /* The parser ran out of space. */
526 goto erange_reset;
527
528 if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
529 /* This is a real entry. */
530 break;
531
532 /* -@netgroup */
533 if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
534 && result->pw_name[2] != '\0')
535 {
536 /* XXX Do not use fixed length buffer. */
537 char buf2[1024];
538 char *user, *host, *domain;
539 struct __netgrent netgrdata;
540
541 memset (&netgrdata, 0, sizeof (struct __netgrent));
542 __internal_setnetgrent (&result->pw_name[2], &netgrdata);
543 while (__internal_getnetgrent_r (&host, &user, &domain, &netgrdata,
544 buf2, sizeof (buf2), errnop))
545 {
546 if (user != NULL && user[0] != '-')
547 blacklist_store_name (user, ent);
548 }
549 __internal_endnetgrent (&netgrdata);
550 continue;
551 }
552
553 /* +@netgroup */
554 if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
555 && result->pw_name[2] != '\0')
556 {
557 enum nss_status status;
558
559 ent->netgroup = true;
560 ent->first = true;
561 copy_pwd_changes (&ent->pwd, result, NULL, 0);
562
563 status = getpwent_next_nss_netgr (NULL, result, ent,
564 &result->pw_name[2],
565 buffer, buflen, errnop);
566 if (status == NSS_STATUS_RETURN)
567 continue;
568 else
569 return status;
570 }
571
572 /* -user */
573 if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
574 && result->pw_name[1] != '@')
575 {
576 blacklist_store_name (&result->pw_name[1], ent);
577 continue;
578 }
579
580 /* +user */
581 if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
582 && result->pw_name[1] != '@')
583 {
584 size_t len = strlen (result->pw_name);
585 char buf[len];
586 enum nss_status status;
587
588 /* Store the User in the blacklist for the "+" at the end of
589 /etc/passwd */
590 memcpy (buf, &result->pw_name[1], len);
591 status = getpwnam_plususer (&result->pw_name[1], result, ent,
592 buffer, buflen, errnop);
593 blacklist_store_name (buf, ent);
594
595 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
596 break;
597 else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry */
598 || status == NSS_STATUS_NOTFOUND) /* entry doesn't exist */
599 continue;
600 else
601 {
602 if (status == NSS_STATUS_TRYAGAIN)
603 {
604 /* The parser ran out of space */
605 fsetpos (ent->stream, &pos);
606 *errnop = ERANGE;
607 }
608 return status;
609 }
610 }
611
612 /* +:... */
613 if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
614 {
615 ent->files = false;
616 ent->first = true;
617 copy_pwd_changes (&ent->pwd, result, NULL, 0);
618
619 return getpwent_next_nss (result, ent, buffer, buflen, errnop);
620 }
621 }
622
623 return NSS_STATUS_SUCCESS;
624 }
625
626
627 static enum nss_status
628 internal_getpwent_r (struct passwd *pw, ent_t *ent, char *buffer,
629 size_t buflen, int *errnop)
630 {
631 if (ent->netgroup)
632 {
633 enum nss_status status;
634
635 /* We are searching members in a netgroup */
636 /* Since this is not the first call, we don't need the group name */
637 status = getpwent_next_nss_netgr (NULL, pw, ent, NULL, buffer, buflen,
638 errnop);
639 if (status == NSS_STATUS_RETURN)
640 return getpwent_next_file (pw, ent, buffer, buflen, errnop);
641 else
642 return status;
643 }
644 else if (ent->files)
645 return getpwent_next_file (pw, ent, buffer, buflen, errnop);
646 else
647 return getpwent_next_nss (pw, ent, buffer, buflen, errnop);
648
649 }
650
651 enum nss_status
652 _nss_compat_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
653 int *errnop)
654 {
655 enum nss_status result = NSS_STATUS_SUCCESS;
656
657 __libc_lock_lock (lock);
658
659 /* Be prepared that the setpwent function was not called before. */
660 if (ni == NULL)
661 init_nss_interface ();
662
663 if (ext_ent.stream == NULL)
664 result = internal_setpwent (&ext_ent, 1, 1);
665
666 if (result == NSS_STATUS_SUCCESS)
667 result = internal_getpwent_r (pwd, &ext_ent, buffer, buflen, errnop);
668
669 __libc_lock_unlock (lock);
670
671 return result;
672 }
673
674 /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
675 static enum nss_status
676 internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
677 char *buffer, size_t buflen, int *errnop)
678 {
679 struct parser_data *data = (void *) buffer;
680
681 while (1)
682 {
683 fpos_t pos;
684 char *p;
685 int parse_res;
686
687 do
688 {
689 /* We need at least 3 characters for one line. */
690 if (__glibc_unlikely (buflen < 3))
691 {
692 erange:
693 *errnop = ERANGE;
694 return NSS_STATUS_TRYAGAIN;
695 }
696
697 fgetpos (ent->stream, &pos);
698 buffer[buflen - 1] = '\xff';
699 p = fgets_unlocked (buffer, buflen, ent->stream);
700 if (p == NULL && feof_unlocked (ent->stream))
701 {
702 return NSS_STATUS_NOTFOUND;
703 }
704 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
705 {
706 erange_reset:
707 fsetpos (ent->stream, &pos);
708 goto erange;
709 }
710
711 /* Terminate the line for any case. */
712 buffer[buflen - 1] = '\0';
713
714 /* Skip leading blanks. */
715 while (isspace (*p))
716 ++p;
717 }
718 while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
719 /* Parse the line. If it is invalid, loop to
720 get the next line of the file to parse. */
721 || !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
722 errnop)));
723
724 if (__glibc_unlikely (parse_res == -1))
725 /* The parser ran out of space. */
726 goto erange_reset;
727
728 /* This is a real entry. */
729 if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
730 {
731 if (strcmp (result->pw_name, name) == 0)
732 return NSS_STATUS_SUCCESS;
733 else
734 continue;
735 }
736
737 /* -@netgroup */
738 if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
739 && result->pw_name[2] != '\0')
740 {
741 if (innetgr (&result->pw_name[2], NULL, name, NULL))
742 return NSS_STATUS_NOTFOUND;
743 continue;
744 }
745
746 /* +@netgroup */
747 if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
748 && result->pw_name[2] != '\0')
749 {
750 enum nss_status status;
751
752 if (innetgr (&result->pw_name[2], NULL, name, NULL))
753 {
754 status = getpwnam_plususer (name, result, ent, buffer,
755 buflen, errnop);
756
757 if (status == NSS_STATUS_RETURN)
758 continue;
759
760 return status;
761 }
762 continue;
763 }
764
765 /* -user */
766 if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
767 && result->pw_name[1] != '@')
768 {
769 if (strcmp (&result->pw_name[1], name) == 0)
770 return NSS_STATUS_NOTFOUND;
771 else
772 continue;
773 }
774
775 /* +user */
776 if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
777 && result->pw_name[1] != '@')
778 {
779 if (strcmp (name, &result->pw_name[1]) == 0)
780 {
781 enum nss_status status;
782
783 status = getpwnam_plususer (name, result, ent, buffer, buflen,
784 errnop);
785 if (status == NSS_STATUS_RETURN)
786 /* We couldn't parse the entry */
787 return NSS_STATUS_NOTFOUND;
788 else
789 return status;
790 }
791 }
792
793 /* +:... */
794 if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
795 {
796 enum nss_status status;
797
798 status = getpwnam_plususer (name, result, ent,
799 buffer, buflen, errnop);
800 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
801 break;
802 else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
803 return NSS_STATUS_NOTFOUND;
804 else
805 return status;
806 }
807 }
808 return NSS_STATUS_SUCCESS;
809 }
810
811 enum nss_status
812 _nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
813 char *buffer, size_t buflen, int *errnop)
814 {
815 enum nss_status result;
816 ent_t ent = { false, false, true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 },
817 { NULL, NULL, 0, 0, NULL, NULL, NULL }};
818
819 if (name[0] == '-' || name[0] == '+')
820 return NSS_STATUS_NOTFOUND;
821
822 __libc_lock_lock (lock);
823
824 if (ni == NULL)
825 init_nss_interface ();
826
827 __libc_lock_unlock (lock);
828
829 result = internal_setpwent (&ent, 0, 0);
830
831 if (result == NSS_STATUS_SUCCESS)
832 result = internal_getpwnam_r (name, pwd, &ent, buffer, buflen, errnop);
833
834 internal_endpwent_noerror (&ent);
835
836 return result;
837 }
838
839 /* This function handle the + entry in /etc/passwd for getpwuid */
840 static enum nss_status
841 getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
842 size_t buflen, int *errnop)
843 {
844 struct passwd pwd;
845 char *p;
846 size_t plen;
847
848 if (!getpwuid_r_impl)
849 return NSS_STATUS_UNAVAIL;
850
851 memset (&pwd, '\0', sizeof (struct passwd));
852
853 copy_pwd_changes (&pwd, result, NULL, 0);
854
855 plen = pwd_need_buflen (&pwd);
856 if (plen > buflen)
857 {
858 *errnop = ERANGE;
859 return NSS_STATUS_TRYAGAIN;
860 }
861 p = buffer + (buflen - plen);
862 buflen -= plen;
863
864 if (getpwuid_r_impl (uid, result, buffer, buflen, errnop) ==
865 NSS_STATUS_SUCCESS)
866 {
867 copy_pwd_changes (result, &pwd, p, plen);
868 give_pwd_free (&pwd);
869 /* We found the entry. */
870 return NSS_STATUS_SUCCESS;
871 }
872 else
873 {
874 /* Give buffer the old len back */
875 buflen += plen;
876 give_pwd_free (&pwd);
877 }
878 return NSS_STATUS_RETURN;
879 }
880
881 /* Searches in /etc/passwd and the NSS subsystem for a special user id */
882 static enum nss_status
883 internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
884 char *buffer, size_t buflen, int *errnop)
885 {
886 struct parser_data *data = (void *) buffer;
887
888 while (1)
889 {
890 fpos_t pos;
891 char *p;
892 int parse_res;
893
894 do
895 {
896 /* We need at least 3 characters for one line. */
897 if (__glibc_unlikely (buflen < 3))
898 {
899 erange:
900 *errnop = ERANGE;
901 return NSS_STATUS_TRYAGAIN;
902 }
903
904 fgetpos (ent->stream, &pos);
905 buffer[buflen - 1] = '\xff';
906 p = fgets_unlocked (buffer, buflen, ent->stream);
907 if (p == NULL && feof_unlocked (ent->stream))
908 return NSS_STATUS_NOTFOUND;
909
910 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
911 {
912 erange_reset:
913 fsetpos (ent->stream, &pos);
914 goto erange;
915 }
916
917 /* Terminate the line for any case. */
918 buffer[buflen - 1] = '\0';
919
920 /* Skip leading blanks. */
921 while (isspace (*p))
922 ++p;
923 }
924 while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
925 /* Parse the line. If it is invalid, loop to
926 get the next line of the file to parse. */
927 || !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
928 errnop)));
929
930 if (__glibc_unlikely (parse_res == -1))
931 /* The parser ran out of space. */
932 goto erange_reset;
933
934 /* This is a real entry. */
935 if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
936 {
937 if (result->pw_uid == uid)
938 return NSS_STATUS_SUCCESS;
939 else
940 continue;
941 }
942
943 /* -@netgroup */
944 if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
945 && result->pw_name[2] != '\0')
946 {
947 /* -1, because we remove first two character of pw_name. */
948 size_t len = strlen (result->pw_name) - 1;
949 char buf[len];
950 enum nss_status status;
951
952 memcpy (buf, &result->pw_name[2], len);
953
954 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
955 if (status == NSS_STATUS_SUCCESS
956 && innetgr (buf, NULL, result->pw_name, NULL))
957 return NSS_STATUS_NOTFOUND;
958
959 continue;
960 }
961
962 /* +@netgroup */
963 if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
964 && result->pw_name[2] != '\0')
965 {
966 /* -1, because we remove first two characters of pw_name. */
967 size_t len = strlen (result->pw_name) - 1;
968 char buf[len];
969 enum nss_status status;
970
971 memcpy (buf, &result->pw_name[2], len);
972
973 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
974
975 if (status == NSS_STATUS_RETURN)
976 continue;
977
978 if (status == NSS_STATUS_SUCCESS)
979 {
980 if (innetgr (buf, NULL, result->pw_name, NULL))
981 return NSS_STATUS_SUCCESS;
982 }
983 else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
984 return NSS_STATUS_NOTFOUND;
985 else
986 return status;
987
988 continue;
989 }
990
991 /* -user */
992 if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
993 && result->pw_name[1] != '@')
994 {
995 size_t len = strlen (result->pw_name);
996 char buf[len];
997 enum nss_status status;
998
999 memcpy (buf, &result->pw_name[1], len);
1000
1001 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
1002 if (status == NSS_STATUS_SUCCESS
1003 && innetgr (buf, NULL, result->pw_name, NULL))
1004 return NSS_STATUS_NOTFOUND;
1005 continue;
1006 }
1007
1008 /* +user */
1009 if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
1010 && result->pw_name[1] != '@')
1011 {
1012 size_t len = strlen (result->pw_name);
1013 char buf[len];
1014 enum nss_status status;
1015
1016 memcpy (buf, &result->pw_name[1], len);
1017
1018 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
1019
1020 if (status == NSS_STATUS_RETURN)
1021 continue;
1022
1023 if (status == NSS_STATUS_SUCCESS)
1024 {
1025 if (strcmp (buf, result->pw_name) == 0)
1026 return NSS_STATUS_SUCCESS;
1027 }
1028 else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
1029 return NSS_STATUS_NOTFOUND;
1030 else
1031 return status;
1032
1033 continue;
1034 }
1035
1036 /* +:... */
1037 if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
1038 {
1039 enum nss_status status;
1040
1041 status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
1042 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
1043 break;
1044 else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
1045 return NSS_STATUS_NOTFOUND;
1046 else
1047 return status;
1048 }
1049 }
1050 return NSS_STATUS_SUCCESS;
1051 }
1052
1053 enum nss_status
1054 _nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
1055 char *buffer, size_t buflen, int *errnop)
1056 {
1057 enum nss_status result;
1058 ent_t ent = { false, false, true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 },
1059 { NULL, NULL, 0, 0, NULL, NULL, NULL }};
1060
1061 __libc_lock_lock (lock);
1062
1063 if (ni == NULL)
1064 init_nss_interface ();
1065
1066 __libc_lock_unlock (lock);
1067
1068 result = internal_setpwent (&ent, 0, 0);
1069
1070 if (result == NSS_STATUS_SUCCESS)
1071 result = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen, errnop);
1072
1073 internal_endpwent_noerror (&ent);
1074
1075 return result;
1076 }
1077
1078
1079 /* Support routines for remembering -@netgroup and -user entries.
1080 The names are stored in a single string with `|' as separator. */
1081 static void
1082 blacklist_store_name (const char *name, ent_t *ent)
1083 {
1084 int namelen = strlen (name);
1085 char *tmp;
1086
1087 /* first call, setup cache */
1088 if (ent->blacklist.size == 0)
1089 {
1090 ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
1091 ent->blacklist.data = malloc (ent->blacklist.size);
1092 if (ent->blacklist.data == NULL)
1093 return;
1094 ent->blacklist.data[0] = '|';
1095 ent->blacklist.data[1] = '\0';
1096 ent->blacklist.current = 1;
1097 }
1098 else
1099 {
1100 if (in_blacklist (name, namelen, ent))
1101 return; /* no duplicates */
1102
1103 if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
1104 {
1105 ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
1106 tmp = realloc (ent->blacklist.data, ent->blacklist.size);
1107 if (tmp == NULL)
1108 {
1109 free (ent->blacklist.data);
1110 ent->blacklist.size = 0;
1111 return;
1112 }
1113 ent->blacklist.data = tmp;
1114 }
1115 }
1116
1117 tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
1118 *tmp++ = '|';
1119 *tmp = '\0';
1120 ent->blacklist.current += namelen + 1;
1121
1122 return;
1123 }
1124
1125 /* Returns whether ent->blacklist contains name. */
1126 static bool
1127 in_blacklist (const char *name, int namelen, ent_t *ent)
1128 {
1129 char buf[namelen + 3];
1130 char *cp;
1131
1132 if (ent->blacklist.data == NULL)
1133 return false;
1134
1135 buf[0] = '|';
1136 cp = stpcpy (&buf[1], name);
1137 *cp++ = '|';
1138 *cp = '\0';
1139 return strstr (ent->blacklist.data, buf) != NULL;
1140 }
sources.redhat.com git mirror of glibc CVS