search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Optimize for kernels which are known to have the vfork syscall.
[glibc/pb-stable.git] / nis / nss_compat / compat-spwd.c
blob8ce02e3da3faaa3a8e13fb1e4ebb5187c9c638b0
1 /* Copyright (C) 1996,1997,1998,1999,2001,2002 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
18 02111-1307 USA. */
19
20 #include <nss.h>
21 #include <errno.h>
22 #include <ctype.h>
23 #include <fcntl.h>
24 #include <netdb.h>
25 #include <shadow.h>
26 #include <string.h>
27 #include <bits/libc-lock.h>
28 #include <rpcsvc/yp.h>
29 #include <rpcsvc/ypclnt.h>
30 #include <rpcsvc/nis.h>
31 #include <nsswitch.h>
32
33 #include "netgroup.h"
34 #include "nss-nisplus.h"
35 #include "nisplus-parser.h"
36
37 static service_user *ni;
38 static bool_t use_nisplus; /* default: passwd_compat: nis */
39 static nis_name pwdtable; /* Name of the password table */
40 static size_t pwdtablelen;
41
42 /* Get the declaration of the parser function. */
43 #define ENTNAME spent
44 #define STRUCTURE spwd
45 #define EXTERN_PARSER
46 #include <nss/nss_files/files-parse.c>
47
48 /* Structure for remembering -@netgroup and -user members ... */
49 #define BLACKLIST_INITIAL_SIZE 512
50 #define BLACKLIST_INCREMENT 256
51 struct blacklist_t
52 {
53 char *data;
54 int current;
55 int size;
56 };
57
58 struct ent_t
59 {
60 bool_t netgroup;
61 bool_t nis;
62 bool_t first;
63 char *oldkey;
64 int oldkeylen;
65 nis_result *result;
66 FILE *stream;
67 struct blacklist_t blacklist;
68 struct spwd pwd;
69 struct __netgrent netgrdata;
70 };
71 typedef struct ent_t ent_t;
72
73 static ent_t ext_ent = {0, 0, 0, NULL, 0, NULL, NULL, {NULL, 0, 0},
74 {NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
75
76 /* Protect global state against multiple changers. */
77 __libc_lock_define_initialized (static, lock)
78
79 /* Prototypes for local functions. */
80 static void blacklist_store_name (const char *, ent_t *);
81 static int in_blacklist (const char *, int, ent_t *);
82
83 static void
84 give_spwd_free (struct spwd *pwd)
85 {
86 if (pwd->sp_namp != NULL)
87 free (pwd->sp_namp);
88 if (pwd->sp_pwdp != NULL)
89 free (pwd->sp_pwdp);
90
91 memset (pwd, '\0', sizeof (struct spwd));
92 pwd->sp_warn = -1;
93 pwd->sp_inact = -1;
94 pwd->sp_expire = -1;
95 pwd->sp_flag = ~0ul;
96 }
97
98 static int
99 spwd_need_buflen (struct spwd *pwd)
100 {
101 int len = 0;
102
103 if (pwd->sp_pwdp != NULL)
104 len += strlen (pwd->sp_pwdp) + 1;
105
106 return len;
107 }
108
109 static void
110 copy_spwd_changes (struct spwd *dest, struct spwd *src,
111 char *buffer, size_t buflen)
112 {
113 if (src->sp_pwdp != NULL && strlen (src->sp_pwdp))
114 {
115 if (buffer == NULL)
116 dest->sp_pwdp = strdup (src->sp_pwdp);
117 else if (dest->sp_pwdp &&
118 strlen (dest->sp_pwdp) >= strlen (src->sp_pwdp))
119 strcpy (dest->sp_pwdp, src->sp_pwdp);
120 else
121 {
122 dest->sp_pwdp = buffer;
123 strcpy (dest->sp_pwdp, src->sp_pwdp);
124 buffer += strlen (dest->sp_pwdp) + 1;
125 buflen = buflen - (strlen (dest->sp_pwdp) + 1);
126 }
127 }
128 if (src->sp_lstchg != 0)
129 dest->sp_lstchg = src->sp_lstchg;
130 if (src->sp_min != 0)
131 dest->sp_min = src->sp_min;
132 if (src->sp_max != 0)
133 dest->sp_max = src->sp_max;
134 if (src->sp_warn != -1)
135 dest->sp_warn = src->sp_warn;
136 if (src->sp_inact != -1)
137 dest->sp_inact = src->sp_inact;
138 if (src->sp_expire != -1)
139 dest->sp_expire = src->sp_expire;
140 if (src->sp_flag != ~0ul)
141 dest->sp_flag = src->sp_flag;
142 }
143
144 static enum nss_status
145 internal_setspent (ent_t *ent)
146 {
147 enum nss_status status = NSS_STATUS_SUCCESS;
148
149 ent->nis = ent->first = ent->netgroup = 0;
150
151 /* If something was left over free it. */
152 if (ent->netgroup)
153 __internal_endnetgrent (&ent->netgrdata);
154
155 if (ent->oldkey != NULL)
156 {
157 free (ent->oldkey);
158 ent->oldkey = NULL;
159 ent->oldkeylen = 0;
160 }
161
162 if (ent->result != NULL)
163 {
164 nis_freeresult (ent->result);
165 ent->result = NULL;
166 }
167
168 if (pwdtable == NULL)
169 {
170 static const char key[] = "passwd.org_dir.";
171 const char *local_dir = nis_local_directory ();
172 size_t len_local_dir = strlen (local_dir);
173
174 pwdtable = malloc (sizeof (key) + len_local_dir);
175 if (pwdtable == NULL)
176 return NSS_STATUS_TRYAGAIN;
177
178 pwdtablelen = ((char *) mempcpy (mempcpy (pwdtable,
179 key, sizeof (key) - 1),
180 local_dir, len_local_dir + 1)
181 - pwdtable) - 1;
182 }
183
184 if (ent->blacklist.data != NULL)
185 {
186 ent->blacklist.current = 1;
187 ent->blacklist.data[0] = '|';
188 ent->blacklist.data[1] = '\0';
189 }
190 else
191 ent->blacklist.current = 0;
192
193 if (ent->stream == NULL)
194 {
195 ent->stream = fopen ("/etc/shadow", "r");
196
197 if (ent->stream == NULL)
198 status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
199 else
200 {
201 /* We have to make sure the file is `closed on exec'. */
202 int result, flags;
203
204 result = flags = fcntl (fileno (ent->stream), F_GETFD, 0);
205 if (result >= 0)
206 {
207 flags |= FD_CLOEXEC;
208 result = fcntl (fileno (ent->stream), F_SETFD, flags);
209 }
210 if (result < 0)
211 {
212 /* Something went wrong. Close the stream and return a
213 failure. */
214 fclose (ent->stream);
215 ent->stream = NULL;
216 status = NSS_STATUS_UNAVAIL;
217 }
218 }
219 }
220 else
221 rewind (ent->stream);
222
223 give_spwd_free (&ent->pwd);
224
225 return status;
226 }
227
228
229 enum nss_status
230 _nss_compat_setspent (int stayopen)
231 {
232 enum nss_status result;
233
234 __libc_lock_lock (lock);
235
236 if (ni == NULL)
237 {
238 __nss_database_lookup ("shadow_compat", "passwd_compat", "nis", &ni);
239 use_nisplus = (strcmp (ni->name, "nisplus") == 0);
240 }
241
242 result = internal_setspent (&ext_ent);
243
244 __libc_lock_unlock (lock);
245
246 return result;
247 }
248
249
250 static enum nss_status
251 internal_endspent (ent_t *ent)
252 {
253 if (ent->stream != NULL)
254 {
255 fclose (ent->stream);
256 ent->stream = NULL;
257 }
258
259 if (ent->netgroup)
260 __internal_endnetgrent (&ent->netgrdata);
261
262 ent->nis = ent->first = ent->netgroup = 0;
263
264 if (ent->oldkey != NULL)
265 {
266 free (ent->oldkey);
267 ent->oldkey = NULL;
268 ent->oldkeylen = 0;
269 }
270
271 if (ent->result != NULL)
272 {
273 nis_freeresult (ent->result);
274 ent->result = NULL;
275 }
276
277 if (ent->blacklist.data != NULL)
278 {
279 ent->blacklist.current = 1;
280 ent->blacklist.data[0] = '|';
281 ent->blacklist.data[1] = '\0';
282 }
283 else
284 ent->blacklist.current = 0;
285
286 give_spwd_free (&ent->pwd);
287
288 return NSS_STATUS_SUCCESS;
289 }
290
291 enum nss_status
292 _nss_compat_endspent (void)
293 {
294 enum nss_status result;
295
296 __libc_lock_lock (lock);
297
298 result = internal_endspent (&ext_ent);
299
300 __libc_lock_unlock (lock);
301
302 return result;
303 }
304
305
306 static enum nss_status
307 getspent_next_nis_netgr (const char *name, struct spwd *result, ent_t *ent,
308 char *group, char *buffer, size_t buflen, int *errnop)
309 {
310 struct parser_data *data = (void *) buffer;
311 char *ypdomain, *host, *user, *domain, *outval, *p, *p2;
312 int status, outvallen;
313 size_t p2len;
314
315 if (yp_get_default_domain (&ypdomain) != YPERR_SUCCESS)
316 {
317 ent->netgroup = 0;
318 ent->first = 0;
319 give_spwd_free (&ent->pwd);
320 return NSS_STATUS_UNAVAIL;
321 }
322
323 if (ent->first == TRUE)
324 {
325 bzero (&ent->netgrdata, sizeof (struct __netgrent));
326 __internal_setnetgrent (group, &ent->netgrdata);
327 ent->first = FALSE;
328 }
329
330 while (1)
331 {
332 char *saved_cursor;
333 int parse_res;
334
335 saved_cursor = ent->netgrdata.cursor;
336 status = __internal_getnetgrent_r (&host, &user, &domain,
337 &ent->netgrdata, buffer, buflen,
338 errnop);
339 if (status != 1)
340 {
341 __internal_endnetgrent (&ent->netgrdata);
342 ent->netgroup = 0;
343 give_spwd_free (&ent->pwd);
344 return NSS_STATUS_RETURN;
345 }
346
347 if (user == NULL || user[0] == '-')
348 continue;
349
350 if (domain != NULL && strcmp (ypdomain, domain) != 0)
351 continue;
352
353 /* If name != NULL, we are called from getpwnam */
354 if (name != NULL)
355 if (strcmp (user, name) != 0)
356 continue;
357
358 if (yp_match (ypdomain, "shadow.byname", user,
359 strlen (user), &outval, &outvallen)
360 != YPERR_SUCCESS)
361 continue;
362
363 p2len = spwd_need_buflen (&ent->pwd);
364 if (p2len > buflen)
365 {
366 free (outval);
367 *errnop = ERANGE;
368 return NSS_STATUS_TRYAGAIN;
369 }
370 p2 = buffer + (buflen - p2len);
371 buflen -= p2len;
372 if (buflen < ((size_t) outval + 1))
373 {
374 free (outval);
375 *errnop = ERANGE;
376 return NSS_STATUS_TRYAGAIN;
377 }
378 p = strncpy (buffer, outval, buflen);
379 while (isspace (*p))
380 p++;
381 free (outval);
382 parse_res = _nss_files_parse_spent (p, result, data, buflen, errnop);
383 if (parse_res == -1)
384 {
385 ent->netgrdata.cursor = saved_cursor;
386 *errnop = ERANGE;
387 return NSS_STATUS_TRYAGAIN;
388 }
389
390 if (parse_res)
391 {
392 /* Store the User in the blacklist for the "+" at the end of
393 /etc/passwd */
394 blacklist_store_name (result->sp_namp, ent);
395 copy_spwd_changes (result, &ent->pwd, p2, p2len);
396 break;
397 }
398 }
399
400 return NSS_STATUS_SUCCESS;
401 }
402
403 static enum nss_status
404 getspent_next_nisplus_netgr (const char *name, struct spwd *result,
405 ent_t *ent, char *group, char *buffer,
406 size_t buflen, int *errnop)
407 {
408 char *ypdomain, *host, *user, *domain, *p2;
409 int status, parse_res;
410 size_t p2len;
411 nis_result *nisres;
412
413 /* Maybe we should use domainname here ? We need the current
414 domainname for the domain field in netgroups */
415 if (yp_get_default_domain (&ypdomain) != YPERR_SUCCESS)
416 {
417 ent->netgroup = 0;
418 ent->first = 0;
419 give_spwd_free (&ent->pwd);
420 return NSS_STATUS_UNAVAIL;
421 }
422
423 if (ent->first == TRUE)
424 {
425 bzero (&ent->netgrdata, sizeof (struct __netgrent));
426 __internal_setnetgrent (group, &ent->netgrdata);
427 ent->first = FALSE;
428 }
429
430 while (1)
431 {
432 char *saved_cursor;
433
434 saved_cursor = ent->netgrdata.cursor;
435 status = __internal_getnetgrent_r (&host, &user, &domain,
436 &ent->netgrdata, buffer, buflen,
437 errnop);
438 if (status != 1)
439 {
440 __internal_endnetgrent (&ent->netgrdata);
441 ent->netgroup = 0;
442 give_spwd_free (&ent->pwd);
443 return NSS_STATUS_RETURN;
444 }
445
446 if (user == NULL || user[0] == '-')
447 continue;
448
449 if (domain != NULL && strcmp (ypdomain, domain) != 0)
450 continue;
451
452 /* If name != NULL, we are called from getpwnam */
453 if (name != NULL)
454 if (strcmp (user, name) != 0)
455 continue;
456
457 p2len = spwd_need_buflen (&ent->pwd);
458 if (p2len > buflen)
459 {
460 *errnop = ERANGE;
461 return NSS_STATUS_TRYAGAIN;
462 }
463 p2 = buffer + (buflen - p2len);
464 buflen -= p2len;
465 {
466 char buf[strlen (user) + 30 + pwdtablelen];
467 sprintf (buf, "[name=%s],%s", user, pwdtable);
468 nisres = nis_list (buf, FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
469 }
470 if (niserr2nss (nisres->status) != NSS_STATUS_SUCCESS)
471 {
472 nis_freeresult (nisres);
473 continue;
474 }
475 parse_res = _nss_nisplus_parse_spent (nisres, result, buffer,
476 buflen, errnop);
477 if (parse_res == -1)
478 {
479 nis_freeresult (nisres);
480 *errnop = ERANGE;
481 return NSS_STATUS_TRYAGAIN;
482 }
483 nis_freeresult (nisres);
484
485 if (parse_res)
486 {
487 /* Store the User in the blacklist for the "+" at the end of
488 /etc/passwd */
489 blacklist_store_name (result->sp_namp, ent);
490 copy_spwd_changes (result, &ent->pwd, p2, p2len);
491 break;
492 }
493 }
494
495 return NSS_STATUS_SUCCESS;
496 }
497
498 static enum nss_status
499 getspent_next_nisplus (struct spwd *result, ent_t *ent, char *buffer,
500 size_t buflen, int *errnop)
501 {
502 int parse_res;
503 size_t p2len;
504 char *p2;
505
506 p2len = spwd_need_buflen (&ent->pwd);
507 if (p2len > buflen)
508 {
509 *errnop = ERANGE;
510 return NSS_STATUS_TRYAGAIN;
511 }
512 p2 = buffer + (buflen - p2len);
513 buflen -= p2len;
514 do
515 {
516 bool_t saved_first;
517 nis_result *saved_res;
518
519 if (ent->first)
520 {
521 saved_first = TRUE;
522 saved_res = ent->result;
523
524 ent->result = nis_first_entry (pwdtable);
525 if (niserr2nss (ent->result->status) != NSS_STATUS_SUCCESS)
526 {
527 ent->nis = 0;
528 give_spwd_free (&ent->pwd);
529 return niserr2nss (ent->result->status);
530 }
531 ent->first = FALSE;
532 }
533 else
534 {
535 nis_result *res;
536
537 saved_first = FALSE;
538 saved_res = ent->result;
539
540 res = nis_next_entry (pwdtable, &ent->result->cookie);
541 ent->result = res;
542 if (niserr2nss (ent->result->status) != NSS_STATUS_SUCCESS)
543 {
544 nis_freeresult (saved_res);
545 ent->nis = 0;
546 give_spwd_free (&ent->pwd);
547 return niserr2nss (ent->result->status);
548 }
549 }
550 parse_res = _nss_nisplus_parse_spent (ent->result, result, buffer,
551 buflen, errnop);
552 if (parse_res == -1)
553 {
554 ent->first = saved_first;
555 nis_freeresult (ent->result);
556 ent->result = saved_res;
557 *errnop = ERANGE;
558 return NSS_STATUS_TRYAGAIN;
559 }
560 else
561 {
562 if (!saved_first)
563 nis_freeresult (saved_res);
564 }
565 if (parse_res &&
566 in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
567 parse_res = 0; /* if result->pw_name in blacklist,search next entry */
568 }
569 while (!parse_res);
570
571 copy_spwd_changes (result, &ent->pwd, p2, p2len);
572
573 return NSS_STATUS_SUCCESS;
574 }
575
576
577 static enum nss_status
578 getspent_next_nis (struct spwd *result, ent_t *ent,
579 char *buffer, size_t buflen, int *errnop)
580 {
581 struct parser_data *data = (void *) buffer;
582 char *domain, *outkey, *outval, *p, *p2;
583 int outkeylen, outvallen, parse_res;
584 size_t p2len;
585
586 if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
587 {
588 ent->nis = 0;
589 give_spwd_free (&ent->pwd);
590 return NSS_STATUS_UNAVAIL;
591 }
592
593 p2len = spwd_need_buflen (&ent->pwd);
594 if (p2len > buflen)
595 {
596 *errnop = ERANGE;
597 return NSS_STATUS_TRYAGAIN;
598 }
599 p2 = buffer + (buflen - p2len);
600 buflen -= p2len;
601 do
602 {
603 bool_t saved_first;
604 char *saved_oldkey;
605 int saved_oldlen;
606
607 if (ent->first)
608 {
609 if (yp_first (domain, "shadow.byname", &outkey, &outkeylen,
610 &outval, &outvallen) != YPERR_SUCCESS)
611 {
612 ent->nis = 0;
613 give_spwd_free (&ent->pwd);
614 return NSS_STATUS_UNAVAIL;
615 }
616
617 if (buflen < ((size_t) outvallen + 1))
618 {
619 free (outval);
620 *errnop = ERANGE;
621 return NSS_STATUS_TRYAGAIN;
622 }
623
624 saved_first = TRUE;
625 saved_oldkey = ent->oldkey;
626 saved_oldlen = ent->oldkeylen;
627 ent->oldkey = outkey;
628 ent->oldkeylen = outkeylen;
629 ent->first = FALSE;
630 }
631 else
632 {
633 if (yp_next (domain, "shadow.byname", ent->oldkey, ent->oldkeylen,
634 &outkey, &outkeylen, &outval, &outvallen)
635 != YPERR_SUCCESS)
636 {
637 ent->nis = 0;
638 give_spwd_free (&ent->pwd);
639 return NSS_STATUS_NOTFOUND;
640 }
641
642 if (buflen < ((size_t) outvallen + 1))
643 {
644 free (outval);
645 *errnop = ERANGE;
646 return NSS_STATUS_TRYAGAIN;
647 }
648
649 saved_first = FALSE;
650 saved_oldkey = ent->oldkey;
651 saved_oldlen = ent->oldkeylen;
652 ent->oldkey = outkey;
653 ent->oldkeylen = outkeylen;
654 }
655
656 /* Copy the found data to our buffer */
657 p = strncpy (buffer, outval, buflen);
658
659 /* ...and free the data. */
660 free (outval);
661
662 while (isspace (*p))
663 ++p;
664 parse_res = _nss_files_parse_spent (p, result, data, buflen, errnop);
665 if (parse_res == -1)
666 {
667 free (ent->oldkey);
668 ent->oldkey = saved_oldkey;
669 ent->oldkeylen = saved_oldlen;
670 ent->first = saved_first;
671 *errnop = ERANGE;
672 return NSS_STATUS_TRYAGAIN;
673 }
674 else
675 {
676 if (!saved_first)
677 free (saved_oldkey);
678 }
679 if (parse_res &&
680 in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
681 parse_res = 0;
682 }
683 while (!parse_res);
684
685 copy_spwd_changes (result, &ent->pwd, p2, p2len);
686
687 return NSS_STATUS_SUCCESS;
688 }
689
690 /* This function handle the +user entrys in /etc/shadow */
691 static enum nss_status
692 getspnam_plususer (const char *name, struct spwd *result, char *buffer,
693 size_t buflen, int *errnop)
694 {
695 struct parser_data *data = (void *) buffer;
696 struct spwd pwd;
697 int parse_res;
698 char *p;
699 size_t plen;
700
701 memset (&pwd, '\0', sizeof (struct spwd));
702 pwd.sp_warn = -1;
703 pwd.sp_inact = -1;
704 pwd.sp_expire = -1;
705 pwd.sp_flag = ~0ul;
706
707 copy_spwd_changes (&pwd, result, NULL, 0);
708
709 plen = spwd_need_buflen (&pwd);
710 if (plen > buflen)
711 {
712 *errnop = ERANGE;
713 return NSS_STATUS_TRYAGAIN;
714 }
715 p = buffer + (buflen - plen);
716 buflen -= plen;
717
718 if (use_nisplus) /* Do the NIS+ query here */
719 {
720 nis_result *res;
721 char buf[strlen (name) + 24 + pwdtablelen];
722
723 sprintf(buf, "[name=%s],%s", name, pwdtable);
724 res = nis_list(buf, 0, NULL, NULL);
725 if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
726 {
727 enum nss_status status = niserr2nss (res->status);
728
729 nis_freeresult (res);
730 return status;
731 }
732 parse_res = _nss_nisplus_parse_spent (res, result, buffer,
733 buflen, errnop);
734 if (parse_res == -1)
735 {
736 nis_freeresult (res);
737 *errnop = ERANGE;
738 return NSS_STATUS_TRYAGAIN;
739 }
740 nis_freeresult (res);
741 }
742 else /* Use NIS */
743 {
744 char *domain, *outval, *ptr;
745 int outvallen;
746
747 if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
748 return NSS_STATUS_NOTFOUND;
749
750 if (yp_match (domain, "shadow.byname", name, strlen (name),
751 &outval, &outvallen) != YPERR_SUCCESS)
752 return NSS_STATUS_NOTFOUND;
753
754 if (buflen < ((size_t) outvallen + 1))
755 {
756 free (outval);
757 *errnop = ERANGE;
758 return NSS_STATUS_TRYAGAIN;
759 }
760
761 ptr = strncpy (buffer, outval, buflen);
762 free (outval);
763 while (isspace (*ptr))
764 ptr++;
765 parse_res = _nss_files_parse_spent (ptr, result, data, buflen, errnop);
766 if (parse_res == -1)
767 return NSS_STATUS_TRYAGAIN;
768 }
769
770 if (parse_res)
771 {
772 copy_spwd_changes (result, &pwd, p, plen);
773 give_spwd_free (&pwd);
774 /* We found the entry. */
775 return NSS_STATUS_SUCCESS;
776 }
777 else
778 {
779 /* Give buffer the old len back */
780 buflen += plen;
781 give_spwd_free (&pwd);
782 }
783 return NSS_STATUS_RETURN;
784 }
785
786 static enum nss_status
787 getspent_next_file (struct spwd *result, ent_t *ent,
788 char *buffer, size_t buflen, int *errnop)
789 {
790 struct parser_data *data = (void *) buffer;
791 while (1)
792 {
793 fpos_t pos;
794 int parse_res = 0;
795 char *p;
796
797 do
798 {
799 fgetpos (ent->stream, &pos);
800 buffer[buflen - 1] = '\xff';
801 p = fgets (buffer, buflen, ent->stream);
802 if (p == NULL && feof (ent->stream))
803 return NSS_STATUS_NOTFOUND;
804
805 if (p == NULL || buffer[buflen - 1] != '\xff')
806 {
807 fsetpos (ent->stream, &pos);
808 *errnop = ERANGE;
809 return NSS_STATUS_TRYAGAIN;
810 }
811
812 /* Skip leading blanks. */
813 while (isspace (*p))
814 ++p;
815 }
816 while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
817 /* Parse the line. If it is invalid, loop to
818 get the next line of the file to parse. */
819 || !(parse_res = _nss_files_parse_spent (p, result, data,
820 buflen, errnop)));
821
822 if (parse_res == -1)
823 {
824 /* The parser ran out of space. */
825 fsetpos (ent->stream, &pos);
826 *errnop = ERANGE;
827 return NSS_STATUS_TRYAGAIN;
828 }
829
830 if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
831 /* This is a real entry. */
832 break;
833
834 /* -@netgroup */
835 if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
836 && result->sp_namp[2] != '\0')
837 {
838 /* XXX Do not use fixed length buffers. */
839 char buf2[1024];
840 char *user, *host, *domain;
841 struct __netgrent netgrdata;
842
843 bzero (&netgrdata, sizeof (struct __netgrent));
844 __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
845 while (__internal_getnetgrent_r (&host, &user, &domain,
846 &netgrdata, buf2, sizeof (buf2),
847 errnop))
848 {
849 if (user != NULL && user[0] != '-')
850 blacklist_store_name (user, ent);
851 }
852 __internal_endnetgrent (&netgrdata);
853 continue;
854 }
855
856 /* +@netgroup */
857 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
858 && result->sp_namp[2] != '\0')
859 {
860 int status;
861
862 ent->netgroup = TRUE;
863 ent->first = TRUE;
864 copy_spwd_changes (&ent->pwd, result, NULL, 0);
865
866 if (use_nisplus)
867 status = getspent_next_nisplus_netgr (NULL, result, ent,
868 &result->sp_namp[2],
869 buffer, buflen, errnop);
870 else
871 status = getspent_next_nis_netgr (NULL, result, ent,
872 &result->sp_namp[2],
873 buffer, buflen, errnop);
874 if (status == NSS_STATUS_RETURN)
875 continue;
876 else
877 return status;
878 }
879
880 /* -user */
881 if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
882 && result->sp_namp[1] != '@')
883 {
884 blacklist_store_name (&result->sp_namp[1], ent);
885 continue;
886 }
887
888 /* +user */
889 if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
890 && result->sp_namp[1] != '@')
891 {
892 enum nss_status status;
893
894 /* Store the User in the blacklist for the "+" at the end of
895 /etc/passwd */
896 blacklist_store_name (&result->sp_namp[1], ent);
897 status = getspnam_plususer (&result->sp_namp[1], result, buffer,
898 buflen, errnop);
899 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
900 break;
901 else
902 if (status == NSS_STATUS_RETURN /* We couldn't parse the entry */
903 || status == NSS_STATUS_NOTFOUND) /* entry doesn't exist */
904 continue;
905 else
906 {
907 if (status == NSS_STATUS_TRYAGAIN)
908 {
909 fsetpos (ent->stream, &pos);
910 *errnop = ERANGE;
911 }
912 return status;
913 }
914 }
915
916 /* +:... */
917 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
918 {
919 ent->nis = TRUE;
920 ent->first = TRUE;
921 copy_spwd_changes (&ent->pwd, result, NULL, 0);
922
923 if (use_nisplus)
924 return getspent_next_nisplus (result, ent, buffer, buflen, errnop);
925 else
926 return getspent_next_nis (result, ent, buffer, buflen, errnop);
927 }
928 }
929
930 return NSS_STATUS_SUCCESS;
931 }
932
933
934 static enum nss_status
935 internal_getspent_r (struct spwd *pw, ent_t *ent,
936 char *buffer, size_t buflen, int *errnop)
937 {
938 if (ent->netgroup)
939 {
940 int status;
941
942 /* We are searching members in a netgroup */
943 /* Since this is not the first call, we don't need the group name */
944 if (use_nisplus)
945 status = getspent_next_nisplus_netgr (NULL, pw, ent, NULL, buffer,
946 buflen, errnop);
947 else
948 status = getspent_next_nis_netgr (NULL, pw, ent, NULL, buffer, buflen,
949 errnop);
950 if (status == NSS_STATUS_RETURN)
951 return getspent_next_file (pw, ent, buffer, buflen, errnop);
952 else
953 return status;
954 }
955 else
956 if (ent->nis)
957 {
958 if (use_nisplus)
959 return getspent_next_nisplus (pw, ent, buffer, buflen, errnop);
960 else
961 return getspent_next_nis (pw, ent, buffer, buflen, errnop);
962 }
963 else
964 return getspent_next_file (pw, ent, buffer, buflen, errnop);
965 }
966
967 enum nss_status
968 _nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen,
969 int *errnop)
970 {
971 enum nss_status status = NSS_STATUS_SUCCESS;
972
973 __libc_lock_lock (lock);
974
975 if (ni == NULL)
976 {
977 __nss_database_lookup ("shadow_compat", "passwd_compat", "nis", &ni);
978 use_nisplus = (strcmp (ni->name, "nisplus") == 0);
979 }
980
981 /* Be prepared that the setspent function was not called before. */
982 if (ext_ent.stream == NULL)
983 status = internal_setspent (&ext_ent);
984
985 if (status == NSS_STATUS_SUCCESS)
986 status = internal_getspent_r (pwd, &ext_ent, buffer, buflen, errnop);
987
988 __libc_lock_unlock (lock);
989
990 return status;
991 }
992
993 /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
994 static enum nss_status
995 internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
996 char *buffer, size_t buflen, int *errnop)
997 {
998 struct parser_data *data = (void *) buffer;
999
1000 while (1)
1001 {
1002 fpos_t pos;
1003 char *p;
1004 int parse_res;
1005
1006 do
1007 {
1008 fgetpos (ent->stream, &pos);
1009 buffer[buflen - 1] = '\xff';
1010 p = fgets (buffer, buflen, ent->stream);
1011 if (p == NULL && feof (ent->stream))
1012 return NSS_STATUS_NOTFOUND;
1013
1014 if (p == NULL || buffer[buflen - 1] != '\xff')
1015 {
1016 fsetpos (ent->stream, &pos);
1017 *errnop = ERANGE;
1018 return NSS_STATUS_TRYAGAIN;
1019 }
1020
1021 /* Skip leading blanks. */
1022 while (isspace (*p))
1023 ++p;
1024 }
1025 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
1026 /* Parse the line. If it is invalid, loop to
1027 get the next line of the file to parse. */
1028 !(parse_res = _nss_files_parse_spent (p, result, data, buflen,
1029 errnop)));
1030
1031 if (parse_res == -1)
1032 {
1033 /* The parser ran out of space. */
1034 fsetpos (ent->stream, &pos);
1035 *errnop = ERANGE;
1036 return NSS_STATUS_TRYAGAIN;
1037 }
1038
1039 /* This is a real entry. */
1040 if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
1041 {
1042 if (strcmp (result->sp_namp, name) == 0)
1043 return NSS_STATUS_SUCCESS;
1044 else
1045 continue;
1046 }
1047
1048 /* -@netgroup */
1049 if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
1050 && result->sp_namp[2] != '\0')
1051 {
1052 /* XXX Do not use fixed length buffers. */
1053 char buf2[1024];
1054 char *user, *host, *domain;
1055 struct __netgrent netgrdata;
1056
1057 bzero (&netgrdata, sizeof (struct __netgrent));
1058 __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
1059 while (__internal_getnetgrent_r (&host, &user, &domain, &netgrdata,
1060 buf2, sizeof (buf2), errnop))
1061 {
1062 if (user != NULL && user[0] != '-')
1063 if (strcmp (user, name) == 0)
1064 return NSS_STATUS_NOTFOUND;
1065 }
1066 __internal_endnetgrent (&netgrdata);
1067 continue;
1068 }
1069
1070 /* +@netgroup */
1071 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
1072 && result->sp_namp[2] != '\0')
1073 {
1074 char *buf = strdupa (&result->sp_namp[2]);
1075 int status;
1076
1077 ent->netgroup = TRUE;
1078 ent->first = TRUE;
1079 copy_spwd_changes (&ent->pwd, result, NULL, 0);
1080
1081 do
1082 {
1083 if (use_nisplus)
1084 status = getspent_next_nisplus_netgr (name, result, ent, buf,
1085 buffer, buflen, errnop);
1086 else
1087 status = getspent_next_nis_netgr (name, result, ent, buf,
1088 buffer, buflen, errnop);
1089 if (status == NSS_STATUS_RETURN)
1090 continue;
1091
1092 if (status == NSS_STATUS_SUCCESS
1093 && strcmp (result->sp_namp, name) == 0)
1094 return NSS_STATUS_SUCCESS;
1095 } while (status == NSS_STATUS_SUCCESS);
1096 continue;
1097 }
1098
1099 /* -user */
1100 if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
1101 && result->sp_namp[1] != '@')
1102 {
1103 if (strcmp (&result->sp_namp[1], name) == 0)
1104 return NSS_STATUS_NOTFOUND;
1105 else
1106 continue;
1107 }
1108
1109 /* +user */
1110 if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
1111 && result->sp_namp[1] != '@')
1112 {
1113 if (strcmp (name, &result->sp_namp[1]) == 0)
1114 {
1115 enum nss_status status;
1116
1117 status = getspnam_plususer (name, result, buffer, buflen,
1118 errnop);
1119 if (status == NSS_STATUS_RETURN)
1120 /* We couldn't parse the entry */
1121 return NSS_STATUS_NOTFOUND;
1122 else
1123 return status;
1124 }
1125 }
1126
1127 /* +:... */
1128 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
1129 {
1130 enum nss_status status;
1131
1132 status = getspnam_plususer (name, result, buffer, buflen, errnop);
1133 if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
1134 return NSS_STATUS_NOTFOUND;
1135 else
1136 return status;
1137 }
1138 }
1139 return NSS_STATUS_SUCCESS;
1140 }
1141
1142 enum nss_status
1143 _nss_compat_getspnam_r (const char *name, struct spwd *pwd,
1144 char *buffer, size_t buflen, int *errnop)
1145 {
1146 ent_t ent = {0, 0, 0, NULL, 0, NULL, NULL, {NULL, 0, 0},
1147 {NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
1148 enum nss_status status;
1149
1150 if (name[0] == '-' || name[0] == '+')
1151 return NSS_STATUS_NOTFOUND;
1152
1153 if (ni == NULL)
1154 {
1155 __nss_database_lookup ("shadow_compat", "passwd_compat", "nis", &ni);
1156 use_nisplus = (strcmp (ni->name, "nisplus") == 0);
1157 }
1158
1159 status = internal_setspent (&ent);
1160 if (status != NSS_STATUS_SUCCESS)
1161 return status;
1162
1163 status = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop);
1164
1165 internal_endspent (&ent);
1166
1167 return status;
1168 }
1169
1170 /* Support routines for remembering -@netgroup and -user entries.
1171 The names are stored in a single string with `|' as separator. */
1172 static void
1173 blacklist_store_name (const char *name, ent_t *ent)
1174 {
1175 int namelen = strlen (name);
1176 char *tmp;
1177
1178 /* first call, setup cache */
1179 if (ent->blacklist.size == 0)
1180 {
1181 ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
1182 ent->blacklist.data = malloc (ent->blacklist.size);
1183 if (ent->blacklist.data == NULL)
1184 return;
1185 ent->blacklist.data[0] = '|';
1186 ent->blacklist.data[1] = '\0';
1187 ent->blacklist.current = 1;
1188 }
1189 else
1190 {
1191 if (in_blacklist (name, namelen, ent))
1192 return; /* no duplicates */
1193
1194 if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
1195 {
1196 ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
1197 tmp = realloc (ent->blacklist.data, ent->blacklist.size);
1198 if (tmp == NULL)
1199 {
1200 free (ent->blacklist.data);
1201 ent->blacklist.size = 0;
1202 return;
1203 }
1204 ent->blacklist.data = tmp;
1205 }
1206 }
1207
1208 tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
1209 *tmp++ = '|';
1210 *tmp = '\0';
1211 ent->blacklist.current += namelen + 1;
1212
1213 return;
1214 }
1215
1216 /* Returns TRUE if ent->blacklist contains name, else FALSE. */
1217 static bool_t
1218 in_blacklist (const char *name, int namelen, ent_t *ent)
1219 {
1220 char buf[namelen + 3];
1221 char *cp;
1222
1223 if (ent->blacklist.data == NULL)
1224 return FALSE;
1225
1226 buf[0] = '|';
1227 cp = stpcpy (&buf[1], name);
1228 *cp++= '|';
1229 *cp = '\0';
1230 return strstr (ent->blacklist.data, buf) != NULL;
1231 }
Petr Baudis' queue of bugfixes for stable glibc branches