1 /* Copyright (C) 1996-1999, 2001-2006, 2007 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27 #include <stdio_ext.h>
29 #include <rpc/types.h>
30 #include <rpcsvc/ypclnt.h>
31 #include <bits/libc-lock.h>
32 #include <kernel-features.h>
36 static service_user
*ni
;
37 static enum nss_status (*nss_setspent
) (int stayopen
);
38 static enum nss_status (*nss_getspnam_r
) (const char *name
, struct spwd
* sp
,
39 char *buffer
, size_t buflen
,
41 static enum nss_status (*nss_getspent_r
) (struct spwd
* sp
, char *buffer
,
42 size_t buflen
, int *errnop
);
43 static enum nss_status (*nss_endspent
) (void);
45 /* Get the declaration of the parser function. */
47 #define STRUCTURE spwd
49 #include <nss/nss_files/files-parse.c>
51 /* Structure for remembering -@netgroup and -user members ... */
52 #define BLACKLIST_INITIAL_SIZE 512
53 #define BLACKLIST_INCREMENT 256
66 enum nss_status setent_status
;
68 struct blacklist_t blacklist
;
70 struct __netgrent netgrdata
;
72 typedef struct ent_t ent_t
;
74 static ent_t ext_ent
= { false, true, false, NSS_STATUS_SUCCESS
, NULL
,
76 { NULL
, NULL
, 0, 0, 0, 0, 0, 0, 0}};
78 /* Protect global state against multiple changers. */
79 __libc_lock_define_initialized (static, lock
)
81 /* Positive if O_CLOEXEC is supported, negative if it is not supported,
82 zero if it is still undecided. This variable is shared with the
83 other compat functions. */
84 #ifdef __ASSUME_O_CLOEXEC
85 # define __compat_have_cloexec 1
88 extern int __compat_have_cloexec
;
90 # define __compat_have_cloexec -1
94 /* Prototypes for local functions. */
95 static void blacklist_store_name (const char *, ent_t
*);
96 static int in_blacklist (const char *, int, ent_t
*);
98 /* Initialize the NSS interface/functions. The calling function must
101 init_nss_interface (void)
103 if (__nss_database_lookup ("shadow_compat", "passwd_compat",
106 nss_setspent
= __nss_lookup_function (ni
, "setspent");
107 nss_getspnam_r
= __nss_lookup_function (ni
, "getspnam_r");
108 nss_getspent_r
= __nss_lookup_function (ni
, "getspent_r");
109 nss_endspent
= __nss_lookup_function (ni
, "endspent");
114 give_spwd_free (struct spwd
*pwd
)
119 memset (pwd
, '\0', sizeof (struct spwd
));
127 spwd_need_buflen (struct spwd
*pwd
)
131 if (pwd
->sp_pwdp
!= NULL
)
132 len
+= strlen (pwd
->sp_pwdp
) + 1;
138 copy_spwd_changes (struct spwd
*dest
, struct spwd
*src
,
139 char *buffer
, size_t buflen
)
141 if (src
->sp_pwdp
!= NULL
&& strlen (src
->sp_pwdp
))
144 dest
->sp_pwdp
= strdup (src
->sp_pwdp
);
145 else if (dest
->sp_pwdp
&&
146 strlen (dest
->sp_pwdp
) >= strlen (src
->sp_pwdp
))
147 strcpy (dest
->sp_pwdp
, src
->sp_pwdp
);
150 dest
->sp_pwdp
= buffer
;
151 strcpy (dest
->sp_pwdp
, src
->sp_pwdp
);
152 buffer
+= strlen (dest
->sp_pwdp
) + 1;
153 buflen
= buflen
- (strlen (dest
->sp_pwdp
) + 1);
156 if (src
->sp_lstchg
!= 0)
157 dest
->sp_lstchg
= src
->sp_lstchg
;
158 if (src
->sp_min
!= 0)
159 dest
->sp_min
= src
->sp_min
;
160 if (src
->sp_max
!= 0)
161 dest
->sp_max
= src
->sp_max
;
162 if (src
->sp_warn
!= -1)
163 dest
->sp_warn
= src
->sp_warn
;
164 if (src
->sp_inact
!= -1)
165 dest
->sp_inact
= src
->sp_inact
;
166 if (src
->sp_expire
!= -1)
167 dest
->sp_expire
= src
->sp_expire
;
168 if (src
->sp_flag
!= ~0ul)
169 dest
->sp_flag
= src
->sp_flag
;
172 static enum nss_status
173 internal_setspent (ent_t
*ent
, int stayopen
)
175 enum nss_status status
= NSS_STATUS_SUCCESS
;
177 ent
->first
= ent
->netgroup
= 0;
180 /* If something was left over free it. */
182 __internal_endnetgrent (&ent
->netgrdata
);
184 if (ent
->blacklist
.data
!= NULL
)
186 ent
->blacklist
.current
= 1;
187 ent
->blacklist
.data
[0] = '|';
188 ent
->blacklist
.data
[1] = '\0';
191 ent
->blacklist
.current
= 0;
193 if (ent
->stream
== NULL
)
195 ent
->stream
= fopen ("/etc/shadow", "rme");
197 if (ent
->stream
== NULL
)
198 status
= errno
== EAGAIN
? NSS_STATUS_TRYAGAIN
: NSS_STATUS_UNAVAIL
;
201 /* We have to make sure the file is `closed on exec'. */
204 if (__compat_have_cloexec
<= 0)
207 result
= flags
= fcntl (fileno_unlocked (ent
->stream
), F_GETFD
,
211 #if defined O_CLOEXEC && !defined __ASSUME_O_CLOEXEC
212 if (__compat_have_cloexec
== 0)
213 __compat_have_cloexec
= (flags
& FD_CLOEXEC
) ? 1 : -1;
215 if (__compat_have_cloexec
< 0)
219 result
= fcntl (fileno_unlocked (ent
->stream
), F_SETFD
,
227 /* Something went wrong. Close the stream and return a
229 fclose (ent
->stream
);
231 status
= NSS_STATUS_UNAVAIL
;
234 /* We take care of locking ourself. */
235 __fsetlocking (ent
->stream
, FSETLOCKING_BYCALLER
);
239 rewind (ent
->stream
);
241 give_spwd_free (&ent
->pwd
);
243 if (status
== NSS_STATUS_SUCCESS
&& nss_setspent
)
244 ent
->setent_status
= nss_setspent (stayopen
);
251 _nss_compat_setspent (int stayopen
)
253 enum nss_status result
;
255 __libc_lock_lock (lock
);
258 init_nss_interface ();
260 result
= internal_setspent (&ext_ent
, stayopen
);
262 __libc_lock_unlock (lock
);
268 static enum nss_status
269 internal_endspent (ent_t
*ent
)
274 if (ent
->stream
!= NULL
)
276 fclose (ent
->stream
);
281 __internal_endnetgrent (&ent
->netgrdata
);
283 ent
->first
= ent
->netgroup
= false;
286 if (ent
->blacklist
.data
!= NULL
)
288 ent
->blacklist
.current
= 1;
289 ent
->blacklist
.data
[0] = '|';
290 ent
->blacklist
.data
[1] = '\0';
293 ent
->blacklist
.current
= 0;
295 give_spwd_free (&ent
->pwd
);
297 return NSS_STATUS_SUCCESS
;
301 _nss_compat_endspent (void)
303 enum nss_status result
;
305 __libc_lock_lock (lock
);
307 result
= internal_endspent (&ext_ent
);
309 __libc_lock_unlock (lock
);
315 static enum nss_status
316 getspent_next_nss_netgr (const char *name
, struct spwd
*result
, ent_t
*ent
,
317 char *group
, char *buffer
, size_t buflen
,
320 char *curdomain
, *host
, *user
, *domain
, *p2
;
324 return NSS_STATUS_UNAVAIL
;
326 /* If the setpwent call failed, say so. */
327 if (ent
->setent_status
!= NSS_STATUS_SUCCESS
)
328 return ent
->setent_status
;
330 if (yp_get_default_domain (&curdomain
) != YPERR_SUCCESS
)
332 ent
->netgroup
= false;
334 give_spwd_free (&ent
->pwd
);
335 return NSS_STATUS_UNAVAIL
;
338 if (ent
->first
== true)
340 memset (&ent
->netgrdata
, 0, sizeof (struct __netgrent
));
341 __internal_setnetgrent (group
, &ent
->netgrdata
);
348 enum nss_status status
;
350 saved_cursor
= ent
->netgrdata
.cursor
;
351 status
= __internal_getnetgrent_r (&host
, &user
, &domain
,
352 &ent
->netgrdata
, buffer
, buflen
,
356 __internal_endnetgrent (&ent
->netgrdata
);
357 ent
->netgroup
= false;
358 give_spwd_free (&ent
->pwd
);
359 return NSS_STATUS_RETURN
;
362 if (user
== NULL
|| user
[0] == '-')
365 if (domain
!= NULL
&& strcmp (curdomain
, domain
) != 0)
368 /* If name != NULL, we are called from getpwnam */
370 if (strcmp (user
, name
) != 0)
373 p2len
= spwd_need_buflen (&ent
->pwd
);
377 return NSS_STATUS_TRYAGAIN
;
379 p2
= buffer
+ (buflen
- p2len
);
382 if (nss_getspnam_r (user
, result
, buffer
, buflen
, errnop
) !=
386 if (!in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
))
388 /* Store the User in the blacklist for possible the "+" at the
389 end of /etc/passwd */
390 blacklist_store_name (result
->sp_namp
, ent
);
391 copy_spwd_changes (result
, &ent
->pwd
, p2
, p2len
);
396 return NSS_STATUS_SUCCESS
;
400 static enum nss_status
401 getspent_next_nss (struct spwd
*result
, ent_t
*ent
,
402 char *buffer
, size_t buflen
, int *errnop
)
404 enum nss_status status
;
409 return NSS_STATUS_UNAVAIL
;
411 p2len
= spwd_need_buflen (&ent
->pwd
);
415 return NSS_STATUS_TRYAGAIN
;
417 p2
= buffer
+ (buflen
- p2len
);
421 if ((status
= nss_getspent_r (result
, buffer
, buflen
, errnop
)) !=
425 while (in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
));
427 copy_spwd_changes (result
, &ent
->pwd
, p2
, p2len
);
429 return NSS_STATUS_SUCCESS
;
433 /* This function handle the +user entrys in /etc/shadow */
434 static enum nss_status
435 getspnam_plususer (const char *name
, struct spwd
*result
, ent_t
*ent
,
436 char *buffer
, size_t buflen
, int *errnop
)
439 return NSS_STATUS_UNAVAIL
;
442 memset (&pwd
, '\0', sizeof (struct spwd
));
448 copy_spwd_changes (&pwd
, result
, NULL
, 0);
450 size_t plen
= spwd_need_buflen (&pwd
);
454 return NSS_STATUS_TRYAGAIN
;
456 char *p
= buffer
+ (buflen
- plen
);
459 enum nss_status status
= nss_getspnam_r (name
, result
, buffer
, buflen
,
461 if (status
!= NSS_STATUS_SUCCESS
)
464 if (in_blacklist (result
->sp_namp
, strlen (result
->sp_namp
), ent
))
465 return NSS_STATUS_NOTFOUND
;
467 copy_spwd_changes (result
, &pwd
, p
, plen
);
468 give_spwd_free (&pwd
);
469 /* We found the entry. */
470 return NSS_STATUS_SUCCESS
;
474 static enum nss_status
475 getspent_next_file (struct spwd
*result
, ent_t
*ent
,
476 char *buffer
, size_t buflen
, int *errnop
)
478 struct parser_data
*data
= (void *) buffer
;
487 /* We need at least 3 characters for one line. */
488 if (__builtin_expect (buflen
< 3, 0))
492 return NSS_STATUS_TRYAGAIN
;
495 fgetpos (ent
->stream
, &pos
);
496 buffer
[buflen
- 1] = '\xff';
497 p
= fgets_unlocked (buffer
, buflen
, ent
->stream
);
498 if (p
== NULL
&& feof_unlocked (ent
->stream
))
499 return NSS_STATUS_NOTFOUND
;
501 if (p
== NULL
|| __builtin_expect (buffer
[buflen
- 1] != '\xff', 0))
504 fsetpos (ent
->stream
, &pos
);
508 /* Skip leading blanks. */
512 while (*p
== '\0' || *p
== '#' /* Ignore empty and comment lines. */
513 /* Parse the line. If it is invalid, loop to
514 get the next line of the file to parse. */
515 || !(parse_res
= _nss_files_parse_spent (p
, result
, data
,
518 if (__builtin_expect (parse_res
== -1, 0))
519 /* The parser ran out of space. */
522 if (result
->sp_namp
[0] != '+' && result
->sp_namp
[0] != '-')
523 /* This is a real entry. */
527 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] == '@'
528 && result
->sp_namp
[2] != '\0')
530 /* XXX Do not use fixed length buffers. */
532 char *user
, *host
, *domain
;
533 struct __netgrent netgrdata
;
535 bzero (&netgrdata
, sizeof (struct __netgrent
));
536 __internal_setnetgrent (&result
->sp_namp
[2], &netgrdata
);
537 while (__internal_getnetgrent_r (&host
, &user
, &domain
,
538 &netgrdata
, buf2
, sizeof (buf2
),
541 if (user
!= NULL
&& user
[0] != '-')
542 blacklist_store_name (user
, ent
);
544 __internal_endnetgrent (&netgrdata
);
549 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '@'
550 && result
->sp_namp
[2] != '\0')
554 ent
->netgroup
= true;
556 copy_spwd_changes (&ent
->pwd
, result
, NULL
, 0);
558 status
= getspent_next_nss_netgr (NULL
, result
, ent
,
560 buffer
, buflen
, errnop
);
561 if (status
== NSS_STATUS_RETURN
)
568 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] != '\0'
569 && result
->sp_namp
[1] != '@')
571 blacklist_store_name (&result
->sp_namp
[1], ent
);
576 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] != '\0'
577 && result
->sp_namp
[1] != '@')
579 size_t len
= strlen (result
->sp_namp
);
581 enum nss_status status
;
583 /* Store the User in the blacklist for the "+" at the end of
585 memcpy (buf
, &result
->sp_namp
[1], len
);
586 status
= getspnam_plususer (&result
->sp_namp
[1], result
, ent
,
587 buffer
, buflen
, errnop
);
588 blacklist_store_name (buf
, ent
);
590 if (status
== NSS_STATUS_SUCCESS
) /* We found the entry. */
592 /* We couldn't parse the entry */
593 else if (status
== NSS_STATUS_RETURN
594 /* entry doesn't exist */
595 || status
== NSS_STATUS_NOTFOUND
)
599 if (status
== NSS_STATUS_TRYAGAIN
)
601 fsetpos (ent
->stream
, &pos
);
609 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '\0')
613 copy_spwd_changes (&ent
->pwd
, result
, NULL
, 0);
615 return getspent_next_nss (result
, ent
, buffer
, buflen
, errnop
);
619 return NSS_STATUS_SUCCESS
;
623 static enum nss_status
624 internal_getspent_r (struct spwd
*pw
, ent_t
*ent
,
625 char *buffer
, size_t buflen
, int *errnop
)
629 enum nss_status status
;
631 /* We are searching members in a netgroup */
632 /* Since this is not the first call, we don't need the group name */
633 status
= getspent_next_nss_netgr (NULL
, pw
, ent
, NULL
, buffer
,
636 if (status
== NSS_STATUS_RETURN
)
637 return getspent_next_file (pw
, ent
, buffer
, buflen
, errnop
);
642 return getspent_next_file (pw
, ent
, buffer
, buflen
, errnop
);
644 return getspent_next_nss (pw
, ent
, buffer
, buflen
, errnop
);
649 _nss_compat_getspent_r (struct spwd
*pwd
, char *buffer
, size_t buflen
,
652 enum nss_status result
= NSS_STATUS_SUCCESS
;
654 __libc_lock_lock (lock
);
656 /* Be prepared that the setpwent function was not called before. */
658 init_nss_interface ();
660 if (ext_ent
.stream
== NULL
)
661 result
= internal_setspent (&ext_ent
, 1);
663 if (result
== NSS_STATUS_SUCCESS
)
664 result
= internal_getspent_r (pwd
, &ext_ent
, buffer
, buflen
, errnop
);
666 __libc_lock_unlock (lock
);
672 /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
673 static enum nss_status
674 internal_getspnam_r (const char *name
, struct spwd
*result
, ent_t
*ent
,
675 char *buffer
, size_t buflen
, int *errnop
)
677 struct parser_data
*data
= (void *) buffer
;
687 /* We need at least 3 characters for one line. */
688 if (__builtin_expect (buflen
< 3, 0))
692 return NSS_STATUS_TRYAGAIN
;
695 fgetpos (ent
->stream
, &pos
);
696 buffer
[buflen
- 1] = '\xff';
697 p
= fgets_unlocked (buffer
, buflen
, ent
->stream
);
698 if (p
== NULL
&& feof_unlocked (ent
->stream
))
699 return NSS_STATUS_NOTFOUND
;
701 if (p
== NULL
|| buffer
[buflen
- 1] != '\xff')
704 fsetpos (ent
->stream
, &pos
);
708 /* Terminate the line for any case. */
709 buffer
[buflen
- 1] = '\0';
711 /* Skip leading blanks. */
715 while (*p
== '\0' || *p
== '#' || /* Ignore empty and comment lines. */
716 /* Parse the line. If it is invalid, loop to
717 get the next line of the file to parse. */
718 !(parse_res
= _nss_files_parse_spent (p
, result
, data
, buflen
,
721 if (__builtin_expect (parse_res
== -1, 0))
722 /* The parser ran out of space. */
725 /* This is a real entry. */
726 if (result
->sp_namp
[0] != '+' && result
->sp_namp
[0] != '-')
728 if (strcmp (result
->sp_namp
, name
) == 0)
729 return NSS_STATUS_SUCCESS
;
735 /* If the loaded NSS module does not support this service, add
736 all users from a +@netgroup entry to the blacklist, too. */
737 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] == '@'
738 && result
->sp_namp
[2] != '\0')
740 if (innetgr (&result
->sp_namp
[2], NULL
, name
, NULL
))
741 return NSS_STATUS_NOTFOUND
;
746 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '@'
747 && result
->sp_namp
[2] != '\0')
749 enum nss_status status
;
751 if (innetgr (&result
->sp_namp
[2], NULL
, name
, NULL
))
753 status
= getspnam_plususer (name
, result
, ent
, buffer
,
756 if (status
== NSS_STATUS_RETURN
)
765 if (result
->sp_namp
[0] == '-' && result
->sp_namp
[1] != '\0'
766 && result
->sp_namp
[1] != '@')
768 if (strcmp (&result
->sp_namp
[1], name
) == 0)
769 return NSS_STATUS_NOTFOUND
;
775 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] != '\0'
776 && result
->sp_namp
[1] != '@')
778 if (strcmp (name
, &result
->sp_namp
[1]) == 0)
780 enum nss_status status
;
782 status
= getspnam_plususer (name
, result
, ent
,
783 buffer
, buflen
, errnop
);
785 if (status
== NSS_STATUS_RETURN
)
786 /* We couldn't parse the entry */
787 return NSS_STATUS_NOTFOUND
;
794 if (result
->sp_namp
[0] == '+' && result
->sp_namp
[1] == '\0')
796 enum nss_status status
;
798 status
= getspnam_plususer (name
, result
, ent
,
799 buffer
, buflen
, errnop
);
801 if (status
== NSS_STATUS_SUCCESS
)
802 /* We found the entry. */
804 else if (status
== NSS_STATUS_RETURN
)
805 /* We couldn't parse the entry */
806 return NSS_STATUS_NOTFOUND
;
811 return NSS_STATUS_SUCCESS
;
816 _nss_compat_getspnam_r (const char *name
, struct spwd
*pwd
,
817 char *buffer
, size_t buflen
, int *errnop
)
819 enum nss_status result
;
820 ent_t ent
= { false, true, false, NSS_STATUS_SUCCESS
, NULL
, { NULL
, 0, 0},
821 { NULL
, NULL
, 0, 0, 0, 0, 0, 0, 0}};
823 if (name
[0] == '-' || name
[0] == '+')
824 return NSS_STATUS_NOTFOUND
;
826 __libc_lock_lock (lock
);
829 init_nss_interface ();
831 __libc_lock_unlock (lock
);
833 result
= internal_setspent (&ent
, 0);
835 if (result
== NSS_STATUS_SUCCESS
)
836 result
= internal_getspnam_r (name
, pwd
, &ent
, buffer
, buflen
, errnop
);
838 internal_endspent (&ent
);
844 /* Support routines for remembering -@netgroup and -user entries.
845 The names are stored in a single string with `|' as separator. */
847 blacklist_store_name (const char *name
, ent_t
*ent
)
849 int namelen
= strlen (name
);
852 /* first call, setup cache */
853 if (ent
->blacklist
.size
== 0)
855 ent
->blacklist
.size
= MAX (BLACKLIST_INITIAL_SIZE
, 2 * namelen
);
856 ent
->blacklist
.data
= malloc (ent
->blacklist
.size
);
857 if (ent
->blacklist
.data
== NULL
)
859 ent
->blacklist
.data
[0] = '|';
860 ent
->blacklist
.data
[1] = '\0';
861 ent
->blacklist
.current
= 1;
865 if (in_blacklist (name
, namelen
, ent
))
866 return; /* no duplicates */
868 if (ent
->blacklist
.current
+ namelen
+ 1 >= ent
->blacklist
.size
)
870 ent
->blacklist
.size
+= MAX (BLACKLIST_INCREMENT
, 2 * namelen
);
871 tmp
= realloc (ent
->blacklist
.data
, ent
->blacklist
.size
);
874 free (ent
->blacklist
.data
);
875 ent
->blacklist
.size
= 0;
878 ent
->blacklist
.data
= tmp
;
882 tmp
= stpcpy (ent
->blacklist
.data
+ ent
->blacklist
.current
, name
);
885 ent
->blacklist
.current
+= namelen
+ 1;
891 /* Returns TRUE if ent->blacklist contains name, else FALSE. */
893 in_blacklist (const char *name
, int namelen
, ent_t
*ent
)
895 char buf
[namelen
+ 3];
898 if (ent
->blacklist
.data
== NULL
)
902 cp
= stpcpy (&buf
[1], name
);
905 return strstr (ent
->blacklist
.data
, buf
) != NULL
;