forked from pool/glibc
Andreas Schwab
8307972d09
- nss-compat.patch: Move nss_compat from nis to nss subdir and install it unconditionally - nsswitch.conf: switch back to compat for passwd, group, shadow OBS-URL: https://build.opensuse.org/request/show/531230 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=481
6746 lines
175 KiB
Diff
6746 lines
175 KiB
Diff
2017-10-04 Andreas Schwab <schwab@suse.de>
|
|
|
|
* nis/Makefile (services): Remove compat.
|
|
(libnss_compat-routines, libnss_compat-inhibit-o): Don't define.
|
|
($(objpfx)libnss_compat.so): Remove rule.
|
|
* nis/Versions (libnss_compat): Remove.
|
|
* nss/Makefile (services): Add compat.
|
|
(libnss_compat-routines, libnss_compat-inhibit-o): Define.
|
|
* nss/Versions (libnss_compat): Define.
|
|
* nss/nss_compat/compat-grp.c: Moved here from nis/nss_compat.
|
|
Don't include <rpc/types.h>. Replace bool_t by bool.
|
|
* nss/nss_compat/compat-initgroups.c: Likewise.
|
|
* nss/nss_compat/compat-pwd.c: Likewise. Include "nisdomain.h"
|
|
instead of <rpcsrv/ypclnt.h>.
|
|
(getpwent_next_nss_netgr): Use __nss_get_default_domain instead of
|
|
yp_get_default_domain.
|
|
* nss/nss_compat/compat-pwd.c: Likewise.
|
|
(getspent_next_nss_netgr): Use __nss_get_default_domain instead of
|
|
yp_get_default_domain.
|
|
* nss/nss_compat/nisdomain.c: New file.
|
|
* nss/nss_compat/nisdomain.h: Likewise.
|
|
|
|
Index: glibc-2.26/nis/Makefile
|
|
===================================================================
|
|
--- glibc-2.26.orig/nis/Makefile
|
|
+++ glibc-2.26/nis/Makefile
|
|
@@ -33,7 +33,7 @@ databases = proto service hosts network
|
|
spwd netgrp alias publickey
|
|
|
|
# Specify rules for the nss_* modules.
|
|
-services := nis nisplus compat
|
|
+services := nis nisplus
|
|
endif
|
|
|
|
extra-libs = libnsl
|
|
@@ -63,9 +63,6 @@ libnsl-routines = yp_xdr ypclnt ypupdate
|
|
nis_clone_res nss-default
|
|
|
|
ifeq ($(build-obsolete-nsl),yes)
|
|
-libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups)
|
|
-libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes))
|
|
-
|
|
libnss_nis-routines := $(addprefix nis-,$(databases)) nis-initgroups \
|
|
nss-nis
|
|
libnss_nis-inhibit-o = $(filter-out .os,$(object-suffixes))
|
|
@@ -79,7 +76,6 @@ include ../Rules
|
|
|
|
|
|
ifeq ($(build-obsolete-nsl),yes)
|
|
-$(objpfx)libnss_compat.so: $(objpfx)libnsl.so$(libnsl.so-version)
|
|
$(objpfx)libnss_nis.so: $(objpfx)libnsl.so$(libnsl.so-version) \
|
|
$(common-objpfx)nss/libnss_files.so
|
|
$(objpfx)libnss_nisplus.so: $(objpfx)libnsl.so$(libnsl.so-version)
|
|
Index: glibc-2.26/nis/Versions
|
|
===================================================================
|
|
--- glibc-2.26.orig/nis/Versions
|
|
+++ glibc-2.26/nis/Versions
|
|
@@ -63,17 +63,6 @@ libnsl {
|
|
}
|
|
}
|
|
|
|
-libnss_compat {
|
|
- GLIBC_PRIVATE {
|
|
- _nss_compat_endgrent; _nss_compat_endpwent; _nss_compat_endspent;
|
|
- _nss_compat_getgrent_r; _nss_compat_getgrgid_r; _nss_compat_getgrnam_r;
|
|
- _nss_compat_getpwent_r; _nss_compat_getpwnam_r; _nss_compat_getpwuid_r;
|
|
- _nss_compat_getspent_r; _nss_compat_getspnam_r;
|
|
- _nss_compat_setgrent; _nss_compat_setpwent; _nss_compat_setspent;
|
|
- _nss_compat_initgroups_dyn;
|
|
- }
|
|
-}
|
|
-
|
|
libnss_nis {
|
|
GLIBC_PRIVATE {
|
|
_nss_nis_endaliasent; _nss_nis_endetherent; _nss_nis_endgrent;
|
|
Index: glibc-2.26/nis/nss_compat/compat-grp.c
|
|
===================================================================
|
|
--- glibc-2.26.orig/nis/nss_compat/compat-grp.c
|
|
+++ /dev/null
|
|
@@ -1,683 +0,0 @@
|
|
-/* Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
|
- This file is part of the GNU C Library.
|
|
- Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
|
|
-
|
|
- The GNU C Library is free software; you can redistribute it and/or
|
|
- modify it under the terms of the GNU Lesser General Public
|
|
- License as published by the Free Software Foundation; either
|
|
- version 2.1 of the License, or (at your option) any later version.
|
|
-
|
|
- The GNU C Library is distributed in the hope that it will be useful,
|
|
- but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
- Lesser General Public License for more details.
|
|
-
|
|
- You should have received a copy of the GNU Lesser General Public
|
|
- License along with the GNU C Library; if not, see
|
|
- <http://www.gnu.org/licenses/>. */
|
|
-
|
|
-#include <ctype.h>
|
|
-#include <errno.h>
|
|
-#include <fcntl.h>
|
|
-#include <grp.h>
|
|
-#include <nss.h>
|
|
-#include <nsswitch.h>
|
|
-#include <stdio_ext.h>
|
|
-#include <string.h>
|
|
-#include <rpc/types.h>
|
|
-#include <libc-lock.h>
|
|
-#include <kernel-features.h>
|
|
-
|
|
-static service_user *ni;
|
|
-static enum nss_status (*nss_setgrent) (int stayopen);
|
|
-static enum nss_status (*nss_getgrnam_r) (const char *name,
|
|
- struct group * grp, char *buffer,
|
|
- size_t buflen, int *errnop);
|
|
-static enum nss_status (*nss_getgrgid_r) (gid_t gid, struct group * grp,
|
|
- char *buffer, size_t buflen,
|
|
- int *errnop);
|
|
-static enum nss_status (*nss_getgrent_r) (struct group * grp, char *buffer,
|
|
- size_t buflen, int *errnop);
|
|
-static enum nss_status (*nss_endgrent) (void);
|
|
-
|
|
-/* Get the declaration of the parser function. */
|
|
-#define ENTNAME grent
|
|
-#define STRUCTURE group
|
|
-#define EXTERN_PARSER
|
|
-#include <nss/nss_files/files-parse.c>
|
|
-
|
|
-/* Structure for remembering -group members ... */
|
|
-#define BLACKLIST_INITIAL_SIZE 512
|
|
-#define BLACKLIST_INCREMENT 256
|
|
-struct blacklist_t
|
|
-{
|
|
- char *data;
|
|
- int current;
|
|
- int size;
|
|
-};
|
|
-
|
|
-struct ent_t
|
|
-{
|
|
- bool_t files;
|
|
- enum nss_status setent_status;
|
|
- FILE *stream;
|
|
- struct blacklist_t blacklist;
|
|
-};
|
|
-typedef struct ent_t ent_t;
|
|
-
|
|
-static ent_t ext_ent = { TRUE, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
|
|
-
|
|
-/* Protect global state against multiple changers. */
|
|
-__libc_lock_define_initialized (static, lock)
|
|
-
|
|
-/* Prototypes for local functions. */
|
|
-static void blacklist_store_name (const char *, ent_t *);
|
|
-static int in_blacklist (const char *, int, ent_t *);
|
|
-
|
|
-/* Initialize the NSS interface/functions. The calling function must
|
|
- hold the lock. */
|
|
-static void
|
|
-init_nss_interface (void)
|
|
-{
|
|
- if (__nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0)
|
|
- {
|
|
- nss_setgrent = __nss_lookup_function (ni, "setgrent");
|
|
- nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r");
|
|
- nss_getgrgid_r = __nss_lookup_function (ni, "getgrgid_r");
|
|
- nss_getgrent_r = __nss_lookup_function (ni, "getgrent_r");
|
|
- nss_endgrent = __nss_lookup_function (ni, "endgrent");
|
|
- }
|
|
-}
|
|
-
|
|
-static enum nss_status
|
|
-internal_setgrent (ent_t *ent, int stayopen, int needent)
|
|
-{
|
|
- enum nss_status status = NSS_STATUS_SUCCESS;
|
|
-
|
|
- ent->files = TRUE;
|
|
-
|
|
- if (ent->blacklist.data != NULL)
|
|
- {
|
|
- ent->blacklist.current = 1;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- }
|
|
- else
|
|
- ent->blacklist.current = 0;
|
|
-
|
|
- if (ent->stream == NULL)
|
|
- {
|
|
- ent->stream = fopen ("/etc/group", "rme");
|
|
-
|
|
- if (ent->stream == NULL)
|
|
- status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
|
|
- else
|
|
- /* We take care of locking ourself. */
|
|
- __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
|
|
- }
|
|
- else
|
|
- rewind (ent->stream);
|
|
-
|
|
- if (needent && status == NSS_STATUS_SUCCESS && nss_setgrent)
|
|
- ent->setent_status = nss_setgrent (stayopen);
|
|
-
|
|
- return status;
|
|
-}
|
|
-
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_setgrent (int stayopen)
|
|
-{
|
|
- enum nss_status result;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- result = internal_setgrent (&ext_ent, stayopen, 1);
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-internal_endgrent (ent_t *ent)
|
|
-{
|
|
- if (ent->stream != NULL)
|
|
- {
|
|
- fclose (ent->stream);
|
|
- ent->stream = NULL;
|
|
- }
|
|
-
|
|
- if (ent->blacklist.data != NULL)
|
|
- {
|
|
- ent->blacklist.current = 1;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- }
|
|
- else
|
|
- ent->blacklist.current = 0;
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_endgrent (void)
|
|
-{
|
|
- enum nss_status result;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (nss_endgrent)
|
|
- nss_endgrent ();
|
|
-
|
|
- result = internal_endgrent (&ext_ent);
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-/* get the next group from NSS (+ entry) */
|
|
-static enum nss_status
|
|
-getgrent_next_nss (struct group *result, ent_t *ent, char *buffer,
|
|
- size_t buflen, int *errnop)
|
|
-{
|
|
- if (!nss_getgrent_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- /* If the setgrent call failed, say so. */
|
|
- if (ent->setent_status != NSS_STATUS_SUCCESS)
|
|
- return ent->setent_status;
|
|
-
|
|
- do
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- if ((status = nss_getgrent_r (result, buffer, buflen, errnop)) !=
|
|
- NSS_STATUS_SUCCESS)
|
|
- return status;
|
|
- }
|
|
- while (in_blacklist (result->gr_name, strlen (result->gr_name), ent));
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-/* This function handle the +group entrys in /etc/group */
|
|
-static enum nss_status
|
|
-getgrnam_plusgroup (const char *name, struct group *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- if (!nss_getgrnam_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- enum nss_status status = nss_getgrnam_r (name, result, buffer, buflen,
|
|
- errnop);
|
|
- if (status != NSS_STATUS_SUCCESS)
|
|
- return status;
|
|
-
|
|
- if (in_blacklist (result->gr_name, strlen (result->gr_name), ent))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- /* We found the entry. */
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-static enum nss_status
|
|
-getgrent_next_file (struct group *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- int parse_res = 0;
|
|
- char *p;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Terminate the line for any case. */
|
|
- buffer[buflen - 1] = '\0';
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
|
|
- errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
|
|
- /* This is a real entry. */
|
|
- break;
|
|
-
|
|
- /* -group */
|
|
- if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
|
|
- && result->gr_name[1] != '@')
|
|
- {
|
|
- blacklist_store_name (&result->gr_name[1], ent);
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +group */
|
|
- if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
|
|
- && result->gr_name[1] != '@')
|
|
- {
|
|
- size_t len = strlen (result->gr_name);
|
|
- char buf[len];
|
|
- enum nss_status status;
|
|
-
|
|
- /* Store the group in the blacklist for the "+" at the end of
|
|
- /etc/group */
|
|
- memcpy (buf, &result->gr_name[1], len);
|
|
- status = getgrnam_plusgroup (&result->gr_name[1], result, ent,
|
|
- buffer, buflen, errnop);
|
|
- blacklist_store_name (buf, ent);
|
|
- if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
- break;
|
|
- else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry*/
|
|
- || status == NSS_STATUS_NOTFOUND) /* No group in NIS */
|
|
- continue;
|
|
- else
|
|
- {
|
|
- if (status == NSS_STATUS_TRYAGAIN)
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- return status;
|
|
- }
|
|
- }
|
|
-
|
|
- /* +:... */
|
|
- if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
|
|
- {
|
|
- ent->files = FALSE;
|
|
-
|
|
- return getgrent_next_nss (result, ent, buffer, buflen, errnop);
|
|
- }
|
|
- }
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_getgrent_r (struct group *grp, char *buffer, size_t buflen,
|
|
- int *errnop)
|
|
-{
|
|
- enum nss_status result = NSS_STATUS_SUCCESS;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- /* Be prepared that the setgrent function was not called before. */
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- if (ext_ent.stream == NULL)
|
|
- result = internal_setgrent (&ext_ent, 1, 1);
|
|
-
|
|
- if (result == NSS_STATUS_SUCCESS)
|
|
- {
|
|
- if (ext_ent.files)
|
|
- result = getgrent_next_file (grp, &ext_ent, buffer, buflen, errnop);
|
|
- else
|
|
- result = getgrent_next_nss (grp, &ext_ent, buffer, buflen, errnop);
|
|
- }
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-/* Searches in /etc/group and the NIS/NIS+ map for a special group */
|
|
-static enum nss_status
|
|
-internal_getgrnam_r (const char *name, struct group *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- int parse_res = 0;
|
|
- char *p;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Terminate the line for any case. */
|
|
- buffer[buflen - 1] = '\0';
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
|
|
- errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- /* This is a real entry. */
|
|
- if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
|
|
- {
|
|
- if (strcmp (result->gr_name, name) == 0)
|
|
- return NSS_STATUS_SUCCESS;
|
|
- else
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* -group */
|
|
- if (result->gr_name[0] == '-' && result->gr_name[1] != '\0')
|
|
- {
|
|
- if (strcmp (&result->gr_name[1], name) == 0)
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +group */
|
|
- if (result->gr_name[0] == '+' && result->gr_name[1] != '\0')
|
|
- {
|
|
- if (strcmp (name, &result->gr_name[1]) == 0)
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- status = getgrnam_plusgroup (name, result, ent,
|
|
- buffer, buflen, errnop);
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- /* We couldn't parse the entry */
|
|
- continue;
|
|
- else
|
|
- return status;
|
|
- }
|
|
- }
|
|
- /* +:... */
|
|
- if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- status = getgrnam_plusgroup (name, result, ent,
|
|
- buffer, buflen, errnop);
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- /* We couldn't parse the entry */
|
|
- continue;
|
|
- else
|
|
- return status;
|
|
- }
|
|
- }
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_getgrnam_r (const char *name, struct group *grp,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- ent_t ent = { TRUE, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
|
|
- enum nss_status result;
|
|
-
|
|
- if (name[0] == '-' || name[0] == '+')
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- result = internal_setgrent (&ent, 0, 0);
|
|
-
|
|
- if (result == NSS_STATUS_SUCCESS)
|
|
- result = internal_getgrnam_r (name, grp, &ent, buffer, buflen, errnop);
|
|
-
|
|
- internal_endgrent (&ent);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-/* Searches in /etc/group and the NIS/NIS+ map for a special group id */
|
|
-static enum nss_status
|
|
-internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- int parse_res = 0;
|
|
- char *p;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Terminate the line for any case. */
|
|
- buffer[buflen - 1] = '\0';
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
|
|
- errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- /* This is a real entry. */
|
|
- if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
|
|
- {
|
|
- if (result->gr_gid == gid)
|
|
- return NSS_STATUS_SUCCESS;
|
|
- else
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* -group */
|
|
- if (result->gr_name[0] == '-' && result->gr_name[1] != '\0')
|
|
- {
|
|
- blacklist_store_name (&result->gr_name[1], ent);
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +group */
|
|
- if (result->gr_name[0] == '+' && result->gr_name[1] != '\0')
|
|
- {
|
|
- /* Yes, no +1, see the memcpy call below. */
|
|
- size_t len = strlen (result->gr_name);
|
|
- char buf[len];
|
|
- enum nss_status status;
|
|
-
|
|
- /* Store the group in the blacklist for the "+" at the end of
|
|
- /etc/group */
|
|
- memcpy (buf, &result->gr_name[1], len);
|
|
- status = getgrnam_plusgroup (&result->gr_name[1], result, ent,
|
|
- buffer, buflen, errnop);
|
|
- blacklist_store_name (buf, ent);
|
|
- if (status == NSS_STATUS_SUCCESS && result->gr_gid == gid)
|
|
- break;
|
|
- else
|
|
- continue;
|
|
- }
|
|
- /* +:... */
|
|
- if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
|
|
- {
|
|
- if (!nss_getgrgid_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- enum nss_status status = nss_getgrgid_r (gid, result, buffer, buflen,
|
|
- errnop);
|
|
- if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- return status;
|
|
- }
|
|
- }
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_getgrgid_r (gid_t gid, struct group *grp,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- ent_t ent = { TRUE, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
|
|
- enum nss_status result;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- result = internal_setgrent (&ent, 0, 0);
|
|
-
|
|
- if (result == NSS_STATUS_SUCCESS)
|
|
- result = internal_getgrgid_r (gid, grp, &ent, buffer, buflen, errnop);
|
|
-
|
|
- internal_endgrent (&ent);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-/* Support routines for remembering -@netgroup and -user entries.
|
|
- The names are stored in a single string with `|' as separator. */
|
|
-static void
|
|
-blacklist_store_name (const char *name, ent_t *ent)
|
|
-{
|
|
- int namelen = strlen (name);
|
|
- char *tmp;
|
|
-
|
|
- /* first call, setup cache */
|
|
- if (ent->blacklist.size == 0)
|
|
- {
|
|
- ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
|
|
- ent->blacklist.data = malloc (ent->blacklist.size);
|
|
- if (ent->blacklist.data == NULL)
|
|
- return;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- ent->blacklist.current = 1;
|
|
- }
|
|
- else
|
|
- {
|
|
- if (in_blacklist (name, namelen, ent))
|
|
- return; /* no duplicates */
|
|
-
|
|
- if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
|
|
- {
|
|
- ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
|
|
- tmp = realloc (ent->blacklist.data, ent->blacklist.size);
|
|
- if (tmp == NULL)
|
|
- {
|
|
- free (ent->blacklist.data);
|
|
- ent->blacklist.size = 0;
|
|
- return;
|
|
- }
|
|
- ent->blacklist.data = tmp;
|
|
- }
|
|
- }
|
|
-
|
|
- tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
|
|
- *tmp++ = '|';
|
|
- *tmp = '\0';
|
|
- ent->blacklist.current += namelen + 1;
|
|
-
|
|
- return;
|
|
-}
|
|
-
|
|
-/* returns TRUE if ent->blacklist contains name, else FALSE */
|
|
-static bool_t
|
|
-in_blacklist (const char *name, int namelen, ent_t *ent)
|
|
-{
|
|
- char buf[namelen + 3];
|
|
- char *cp;
|
|
-
|
|
- if (ent->blacklist.data == NULL)
|
|
- return FALSE;
|
|
-
|
|
- buf[0] = '|';
|
|
- cp = stpcpy (&buf[1], name);
|
|
- *cp++ = '|';
|
|
- *cp = '\0';
|
|
- return strstr (ent->blacklist.data, buf) != NULL;
|
|
-}
|
|
Index: glibc-2.26/nis/nss_compat/compat-initgroups.c
|
|
===================================================================
|
|
--- glibc-2.26.orig/nis/nss_compat/compat-initgroups.c
|
|
+++ /dev/null
|
|
@@ -1,576 +0,0 @@
|
|
-/* Copyright (C) 1998-2017 Free Software Foundation, Inc.
|
|
- This file is part of the GNU C Library.
|
|
- Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
|
|
-
|
|
- The GNU C Library is free software; you can redistribute it and/or
|
|
- modify it under the terms of the GNU Lesser General Public
|
|
- License as published by the Free Software Foundation; either
|
|
- version 2.1 of the License, or (at your option) any later version.
|
|
-
|
|
- The GNU C Library is distributed in the hope that it will be useful,
|
|
- but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
- Lesser General Public License for more details.
|
|
-
|
|
- You should have received a copy of the GNU Lesser General Public
|
|
- License along with the GNU C Library; if not, see
|
|
- <http://www.gnu.org/licenses/>. */
|
|
-
|
|
-#include <ctype.h>
|
|
-#include <errno.h>
|
|
-#include <fcntl.h>
|
|
-#include <grp.h>
|
|
-#include <nss.h>
|
|
-#include <stdio_ext.h>
|
|
-#include <string.h>
|
|
-#include <unistd.h>
|
|
-#include <rpc/types.h>
|
|
-#include <sys/param.h>
|
|
-#include <nsswitch.h>
|
|
-#include <libc-lock.h>
|
|
-#include <kernel-features.h>
|
|
-#include <scratch_buffer.h>
|
|
-
|
|
-static service_user *ni;
|
|
-/* Type of the lookup function. */
|
|
-static enum nss_status (*nss_initgroups_dyn) (const char *, gid_t,
|
|
- long int *, long int *,
|
|
- gid_t **, long int, int *);
|
|
-static enum nss_status (*nss_getgrnam_r) (const char *name,
|
|
- struct group * grp, char *buffer,
|
|
- size_t buflen, int *errnop);
|
|
-static enum nss_status (*nss_getgrgid_r) (gid_t gid, struct group * grp,
|
|
- char *buffer, size_t buflen,
|
|
- int *errnop);
|
|
-static enum nss_status (*nss_setgrent) (int stayopen);
|
|
-static enum nss_status (*nss_getgrent_r) (struct group * grp, char *buffer,
|
|
- size_t buflen, int *errnop);
|
|
-static enum nss_status (*nss_endgrent) (void);
|
|
-
|
|
-/* Protect global state against multiple changers. */
|
|
-__libc_lock_define_initialized (static, lock)
|
|
-
|
|
-
|
|
-/* Get the declaration of the parser function. */
|
|
-#define ENTNAME grent
|
|
-#define STRUCTURE group
|
|
-#define EXTERN_PARSER
|
|
-#include <nss/nss_files/files-parse.c>
|
|
-
|
|
-/* Structure for remembering -group members ... */
|
|
-#define BLACKLIST_INITIAL_SIZE 512
|
|
-#define BLACKLIST_INCREMENT 256
|
|
-struct blacklist_t
|
|
-{
|
|
- char *data;
|
|
- int current;
|
|
- int size;
|
|
-};
|
|
-
|
|
-struct ent_t
|
|
-{
|
|
- bool files;
|
|
- bool need_endgrent;
|
|
- bool skip_initgroups_dyn;
|
|
- FILE *stream;
|
|
- struct blacklist_t blacklist;
|
|
-};
|
|
-typedef struct ent_t ent_t;
|
|
-
|
|
-/* Prototypes for local functions. */
|
|
-static void blacklist_store_name (const char *, ent_t *);
|
|
-static int in_blacklist (const char *, int, ent_t *);
|
|
-
|
|
-/* Initialize the NSS interface/functions. The calling function must
|
|
- hold the lock. */
|
|
-static void
|
|
-init_nss_interface (void)
|
|
-{
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- /* Retest. */
|
|
- if (ni == NULL
|
|
- && __nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0)
|
|
- {
|
|
- nss_initgroups_dyn = __nss_lookup_function (ni, "initgroups_dyn");
|
|
- nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r");
|
|
- nss_getgrgid_r = __nss_lookup_function (ni, "getgrgid_r");
|
|
- nss_setgrent = __nss_lookup_function (ni, "setgrent");
|
|
- nss_getgrent_r = __nss_lookup_function (ni, "getgrent_r");
|
|
- nss_endgrent = __nss_lookup_function (ni, "endgrent");
|
|
- }
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-}
|
|
-
|
|
-static enum nss_status
|
|
-internal_setgrent (ent_t *ent)
|
|
-{
|
|
- enum nss_status status = NSS_STATUS_SUCCESS;
|
|
-
|
|
- ent->files = true;
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- if (ent->blacklist.data != NULL)
|
|
- {
|
|
- ent->blacklist.current = 1;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- }
|
|
- else
|
|
- ent->blacklist.current = 0;
|
|
-
|
|
- ent->stream = fopen ("/etc/group", "rme");
|
|
-
|
|
- if (ent->stream == NULL)
|
|
- status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
|
|
- else
|
|
- /* We take care of locking ourself. */
|
|
- __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
|
|
-
|
|
- return status;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-internal_endgrent (ent_t *ent)
|
|
-{
|
|
- if (ent->stream != NULL)
|
|
- {
|
|
- fclose (ent->stream);
|
|
- ent->stream = NULL;
|
|
- }
|
|
-
|
|
- if (ent->blacklist.data != NULL)
|
|
- {
|
|
- ent->blacklist.current = 1;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- }
|
|
- else
|
|
- ent->blacklist.current = 0;
|
|
-
|
|
- if (ent->need_endgrent && nss_endgrent != NULL)
|
|
- nss_endgrent ();
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-/* Add new group record. */
|
|
-static void
|
|
-add_group (long int *start, long int *size, gid_t **groupsp, long int limit,
|
|
- gid_t gid)
|
|
-{
|
|
- gid_t *groups = *groupsp;
|
|
-
|
|
- /* Matches user. Insert this group. */
|
|
- if (__glibc_unlikely (*start == *size))
|
|
- {
|
|
- /* Need a bigger buffer. */
|
|
- gid_t *newgroups;
|
|
- long int newsize;
|
|
-
|
|
- if (limit > 0 && *size == limit)
|
|
- /* We reached the maximum. */
|
|
- return;
|
|
-
|
|
- if (limit <= 0)
|
|
- newsize = 2 * *size;
|
|
- else
|
|
- newsize = MIN (limit, 2 * *size);
|
|
-
|
|
- newgroups = realloc (groups, newsize * sizeof (*groups));
|
|
- if (newgroups == NULL)
|
|
- return;
|
|
- *groupsp = groups = newgroups;
|
|
- *size = newsize;
|
|
- }
|
|
-
|
|
- groups[*start] = gid;
|
|
- *start += 1;
|
|
-}
|
|
-
|
|
-/* This function checks, if the user is a member of this group and if
|
|
- yes, add the group id to the list. Return nonzero is we couldn't
|
|
- handle the group because the user is not in the member list. */
|
|
-static int
|
|
-check_and_add_group (const char *user, gid_t group, long int *start,
|
|
- long int *size, gid_t **groupsp, long int limit,
|
|
- struct group *grp)
|
|
-{
|
|
- char **member;
|
|
-
|
|
- /* Don't add main group to list of groups. */
|
|
- if (grp->gr_gid == group)
|
|
- return 0;
|
|
-
|
|
- for (member = grp->gr_mem; *member != NULL; ++member)
|
|
- if (strcmp (*member, user) == 0)
|
|
- {
|
|
- add_group (start, size, groupsp, limit, grp->gr_gid);
|
|
- return 0;
|
|
- }
|
|
-
|
|
- return 1;
|
|
-}
|
|
-
|
|
-/* Get the next group from NSS (+ entry). If the NSS module supports
|
|
- initgroups_dyn, get all entries at once. */
|
|
-static enum nss_status
|
|
-getgrent_next_nss (ent_t *ent, char *buffer, size_t buflen, const char *user,
|
|
- gid_t group, long int *start, long int *size,
|
|
- gid_t **groupsp, long int limit, int *errnop)
|
|
-{
|
|
- enum nss_status status;
|
|
- struct group grpbuf;
|
|
-
|
|
- /* Try nss_initgroups_dyn if supported. We also need getgrgid_r.
|
|
- If this function is not supported, step through the whole group
|
|
- database with getgrent_r. */
|
|
- if (! ent->skip_initgroups_dyn)
|
|
- {
|
|
- long int mystart = 0;
|
|
- long int mysize = limit <= 0 ? *size : limit;
|
|
- gid_t *mygroups = malloc (mysize * sizeof (gid_t));
|
|
-
|
|
- if (mygroups == NULL)
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
-
|
|
- /* For every gid in the list we get from the NSS module,
|
|
- get the whole group entry. We need to do this, since we
|
|
- need the group name to check if it is in the blacklist.
|
|
- In worst case, this is as twice as slow as stepping with
|
|
- getgrent_r through the whole group database. But for large
|
|
- group databases this is faster, since the user can only be
|
|
- in a limited number of groups. */
|
|
- if (nss_initgroups_dyn (user, group, &mystart, &mysize, &mygroups,
|
|
- limit, errnop) == NSS_STATUS_SUCCESS)
|
|
- {
|
|
- status = NSS_STATUS_NOTFOUND;
|
|
-
|
|
- /* If there is no blacklist we can trust the underlying
|
|
- initgroups implementation. */
|
|
- if (ent->blacklist.current <= 1)
|
|
- for (int i = 0; i < mystart; i++)
|
|
- add_group (start, size, groupsp, limit, mygroups[i]);
|
|
- else
|
|
- {
|
|
- /* A temporary buffer. We use the normal buffer, until we find
|
|
- an entry, for which this buffer is to small. In this case, we
|
|
- overwrite the pointer with one to a bigger buffer. */
|
|
- char *tmpbuf = buffer;
|
|
- size_t tmplen = buflen;
|
|
- bool use_malloc = false;
|
|
-
|
|
- for (int i = 0; i < mystart; i++)
|
|
- {
|
|
- while ((status = nss_getgrgid_r (mygroups[i], &grpbuf,
|
|
- tmpbuf, tmplen, errnop))
|
|
- == NSS_STATUS_TRYAGAIN
|
|
- && *errnop == ERANGE)
|
|
- {
|
|
- if (__libc_use_alloca (tmplen * 2))
|
|
- {
|
|
- if (tmpbuf == buffer)
|
|
- {
|
|
- tmplen *= 2;
|
|
- tmpbuf = __alloca (tmplen);
|
|
- }
|
|
- else
|
|
- tmpbuf = extend_alloca (tmpbuf, tmplen, tmplen * 2);
|
|
- }
|
|
- else
|
|
- {
|
|
- tmplen *= 2;
|
|
- char *newbuf = realloc (use_malloc ? tmpbuf : NULL, tmplen);
|
|
-
|
|
- if (newbuf == NULL)
|
|
- {
|
|
- status = NSS_STATUS_TRYAGAIN;
|
|
- goto done;
|
|
- }
|
|
- use_malloc = true;
|
|
- tmpbuf = newbuf;
|
|
- }
|
|
- }
|
|
-
|
|
- if (__builtin_expect (status != NSS_STATUS_NOTFOUND, 1))
|
|
- {
|
|
- if (__builtin_expect (status != NSS_STATUS_SUCCESS, 0))
|
|
- goto done;
|
|
-
|
|
- if (!in_blacklist (grpbuf.gr_name,
|
|
- strlen (grpbuf.gr_name), ent)
|
|
- && check_and_add_group (user, group, start, size,
|
|
- groupsp, limit, &grpbuf))
|
|
- {
|
|
- if (nss_setgrent != NULL)
|
|
- {
|
|
- nss_setgrent (1);
|
|
- ent->need_endgrent = true;
|
|
- }
|
|
- ent->skip_initgroups_dyn = true;
|
|
-
|
|
- goto iter;
|
|
- }
|
|
- }
|
|
- }
|
|
-
|
|
- status = NSS_STATUS_NOTFOUND;
|
|
-
|
|
- done:
|
|
- if (use_malloc)
|
|
- free (tmpbuf);
|
|
- }
|
|
-
|
|
- free (mygroups);
|
|
-
|
|
- return status;
|
|
- }
|
|
-
|
|
- free (mygroups);
|
|
- }
|
|
-
|
|
- /* If we come here, the NSS module does not support initgroups_dyn
|
|
- or we were confronted with a split group. In these cases we have
|
|
- to step through the whole list ourself. */
|
|
- iter:
|
|
- do
|
|
- {
|
|
- if ((status = nss_getgrent_r (&grpbuf, buffer, buflen, errnop)) !=
|
|
- NSS_STATUS_SUCCESS)
|
|
- break;
|
|
- }
|
|
- while (in_blacklist (grpbuf.gr_name, strlen (grpbuf.gr_name), ent));
|
|
-
|
|
- if (status == NSS_STATUS_SUCCESS)
|
|
- check_and_add_group (user, group, start, size, groupsp, limit, &grpbuf);
|
|
-
|
|
- return status;
|
|
-}
|
|
-
|
|
-static enum nss_status
|
|
-internal_getgrent_r (ent_t *ent, char *buffer, size_t buflen, const char *user,
|
|
- gid_t group, long int *start, long int *size,
|
|
- gid_t **groupsp, long int limit, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
- struct group grpbuf;
|
|
-
|
|
- if (!ent->files)
|
|
- return getgrent_next_nss (ent, buffer, buflen, user, group,
|
|
- start, size, groupsp, limit, errnop);
|
|
-
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- int parse_res = 0;
|
|
- char *p;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Terminate the line for any case. */
|
|
- buffer[buflen - 1] = '\0';
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- !(parse_res = _nss_files_parse_grent (p, &grpbuf, data, buflen,
|
|
- errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- if (grpbuf.gr_name[0] != '+' && grpbuf.gr_name[0] != '-')
|
|
- /* This is a real entry. */
|
|
- break;
|
|
-
|
|
- /* -group */
|
|
- if (grpbuf.gr_name[0] == '-' && grpbuf.gr_name[1] != '\0'
|
|
- && grpbuf.gr_name[1] != '@')
|
|
- {
|
|
- blacklist_store_name (&grpbuf.gr_name[1], ent);
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +group */
|
|
- if (grpbuf.gr_name[0] == '+' && grpbuf.gr_name[1] != '\0'
|
|
- && grpbuf.gr_name[1] != '@')
|
|
- {
|
|
- if (in_blacklist (&grpbuf.gr_name[1],
|
|
- strlen (&grpbuf.gr_name[1]), ent))
|
|
- continue;
|
|
- /* Store the group in the blacklist for the "+" at the end of
|
|
- /etc/group */
|
|
- blacklist_store_name (&grpbuf.gr_name[1], ent);
|
|
- if (nss_getgrnam_r == NULL)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
- else if (nss_getgrnam_r (&grpbuf.gr_name[1], &grpbuf, buffer,
|
|
- buflen, errnop) != NSS_STATUS_SUCCESS)
|
|
- continue;
|
|
-
|
|
- check_and_add_group (user, group, start, size, groupsp,
|
|
- limit, &grpbuf);
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
- }
|
|
-
|
|
- /* +:... */
|
|
- if (grpbuf.gr_name[0] == '+' && grpbuf.gr_name[1] == '\0')
|
|
- {
|
|
- /* If the selected module does not support getgrent_r or
|
|
- initgroups_dyn, abort. We cannot find the needed group
|
|
- entries. */
|
|
- if (nss_initgroups_dyn == NULL || nss_getgrgid_r == NULL)
|
|
- {
|
|
- if (nss_setgrent != NULL)
|
|
- {
|
|
- nss_setgrent (1);
|
|
- ent->need_endgrent = true;
|
|
- }
|
|
- ent->skip_initgroups_dyn = true;
|
|
-
|
|
- if (nss_getgrent_r == NULL)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
- }
|
|
-
|
|
- ent->files = false;
|
|
-
|
|
- return getgrent_next_nss (ent, buffer, buflen, user, group,
|
|
- start, size, groupsp, limit, errnop);
|
|
- }
|
|
- }
|
|
-
|
|
- check_and_add_group (user, group, start, size, groupsp, limit, &grpbuf);
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_initgroups_dyn (const char *user, gid_t group, long int *start,
|
|
- long int *size, gid_t **groupsp, long int limit,
|
|
- int *errnop)
|
|
-{
|
|
- enum nss_status status;
|
|
- ent_t intern = { true, false, false, NULL, {NULL, 0, 0} };
|
|
-
|
|
- status = internal_setgrent (&intern);
|
|
- if (status != NSS_STATUS_SUCCESS)
|
|
- return status;
|
|
-
|
|
- struct scratch_buffer tmpbuf;
|
|
- scratch_buffer_init (&tmpbuf);
|
|
-
|
|
- do
|
|
- {
|
|
- while ((status = internal_getgrent_r (&intern, tmpbuf.data, tmpbuf.length,
|
|
- user, group, start, size,
|
|
- groupsp, limit, errnop))
|
|
- == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
|
|
- if (!scratch_buffer_grow (&tmpbuf))
|
|
- goto done;
|
|
- }
|
|
- while (status == NSS_STATUS_SUCCESS);
|
|
-
|
|
- status = NSS_STATUS_SUCCESS;
|
|
-
|
|
- done:
|
|
- scratch_buffer_free (&tmpbuf);
|
|
-
|
|
- internal_endgrent (&intern);
|
|
-
|
|
- return status;
|
|
-}
|
|
-
|
|
-
|
|
-/* Support routines for remembering -@netgroup and -user entries.
|
|
- The names are stored in a single string with `|' as separator. */
|
|
-static void
|
|
-blacklist_store_name (const char *name, ent_t *ent)
|
|
-{
|
|
- int namelen = strlen (name);
|
|
- char *tmp;
|
|
-
|
|
- /* First call, setup cache. */
|
|
- if (ent->blacklist.size == 0)
|
|
- {
|
|
- ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
|
|
- ent->blacklist.data = malloc (ent->blacklist.size);
|
|
- if (ent->blacklist.data == NULL)
|
|
- return;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- ent->blacklist.current = 1;
|
|
- }
|
|
- else
|
|
- {
|
|
- if (in_blacklist (name, namelen, ent))
|
|
- return; /* no duplicates */
|
|
-
|
|
- if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
|
|
- {
|
|
- ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
|
|
- tmp = realloc (ent->blacklist.data, ent->blacklist.size);
|
|
- if (tmp == NULL)
|
|
- {
|
|
- free (ent->blacklist.data);
|
|
- ent->blacklist.size = 0;
|
|
- return;
|
|
- }
|
|
- ent->blacklist.data = tmp;
|
|
- }
|
|
- }
|
|
-
|
|
- tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
|
|
- *tmp++ = '|';
|
|
- *tmp = '\0';
|
|
- ent->blacklist.current += namelen + 1;
|
|
-
|
|
- return;
|
|
-}
|
|
-
|
|
-/* returns TRUE if ent->blacklist contains name, else FALSE */
|
|
-static bool_t
|
|
-in_blacklist (const char *name, int namelen, ent_t *ent)
|
|
-{
|
|
- char buf[namelen + 3];
|
|
- char *cp;
|
|
-
|
|
- if (ent->blacklist.data == NULL)
|
|
- return FALSE;
|
|
-
|
|
- buf[0] = '|';
|
|
- cp = stpcpy (&buf[1], name);
|
|
- *cp++ = '|';
|
|
- *cp = '\0';
|
|
- return strstr (ent->blacklist.data, buf) != NULL;
|
|
-}
|
|
Index: glibc-2.26/nis/nss_compat/compat-pwd.c
|
|
===================================================================
|
|
--- glibc-2.26.orig/nis/nss_compat/compat-pwd.c
|
|
+++ /dev/null
|
|
@@ -1,1132 +0,0 @@
|
|
-/* Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
|
- This file is part of the GNU C Library.
|
|
- Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
|
|
-
|
|
- The GNU C Library is free software; you can redistribute it and/or
|
|
- modify it under the terms of the GNU Lesser General Public
|
|
- License as published by the Free Software Foundation; either
|
|
- version 2.1 of the License, or (at your option) any later version.
|
|
-
|
|
- The GNU C Library is distributed in the hope that it will be useful,
|
|
- but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
- Lesser General Public License for more details.
|
|
-
|
|
- You should have received a copy of the GNU Lesser General Public
|
|
- License along with the GNU C Library; if not, see
|
|
- <http://www.gnu.org/licenses/>. */
|
|
-
|
|
-#include <ctype.h>
|
|
-#include <errno.h>
|
|
-#include <fcntl.h>
|
|
-#include <netdb.h>
|
|
-#include <nss.h>
|
|
-#include <nsswitch.h>
|
|
-#include <pwd.h>
|
|
-#include <stdio_ext.h>
|
|
-#include <string.h>
|
|
-#include <rpc/types.h>
|
|
-#include <rpcsvc/ypclnt.h>
|
|
-#include <libc-lock.h>
|
|
-#include <kernel-features.h>
|
|
-
|
|
-#include "netgroup.h"
|
|
-
|
|
-static service_user *ni;
|
|
-static enum nss_status (*nss_setpwent) (int stayopen);
|
|
-static enum nss_status (*nss_getpwnam_r) (const char *name,
|
|
- struct passwd * pwd, char *buffer,
|
|
- size_t buflen, int *errnop);
|
|
-static enum nss_status (*nss_getpwuid_r) (uid_t uid, struct passwd * pwd,
|
|
- char *buffer, size_t buflen,
|
|
- int *errnop);
|
|
-static enum nss_status (*nss_getpwent_r) (struct passwd * pwd, char *buffer,
|
|
- size_t buflen, int *errnop);
|
|
-static enum nss_status (*nss_endpwent) (void);
|
|
-
|
|
-/* Get the declaration of the parser function. */
|
|
-#define ENTNAME pwent
|
|
-#define STRUCTURE passwd
|
|
-#define EXTERN_PARSER
|
|
-#include <nss/nss_files/files-parse.c>
|
|
-
|
|
-/* Structure for remembering -@netgroup and -user members ... */
|
|
-#define BLACKLIST_INITIAL_SIZE 512
|
|
-#define BLACKLIST_INCREMENT 256
|
|
-struct blacklist_t
|
|
-{
|
|
- char *data;
|
|
- int current;
|
|
- int size;
|
|
-};
|
|
-
|
|
-struct ent_t
|
|
-{
|
|
- bool netgroup;
|
|
- bool first;
|
|
- bool files;
|
|
- enum nss_status setent_status;
|
|
- FILE *stream;
|
|
- struct blacklist_t blacklist;
|
|
- struct passwd pwd;
|
|
- struct __netgrent netgrdata;
|
|
-};
|
|
-typedef struct ent_t ent_t;
|
|
-
|
|
-static ent_t ext_ent = { false, false, true, NSS_STATUS_SUCCESS, NULL,
|
|
- { NULL, 0, 0 },
|
|
- { NULL, NULL, 0, 0, NULL, NULL, NULL }};
|
|
-
|
|
-/* Protect global state against multiple changers. */
|
|
-__libc_lock_define_initialized (static, lock)
|
|
-
|
|
-/* Prototypes for local functions. */
|
|
-static void blacklist_store_name (const char *, ent_t *);
|
|
-static int in_blacklist (const char *, int, ent_t *);
|
|
-
|
|
-/* Initialize the NSS interface/functions. The calling function must
|
|
- hold the lock. */
|
|
-static void
|
|
-init_nss_interface (void)
|
|
-{
|
|
- if (__nss_database_lookup ("passwd_compat", NULL, "nis", &ni) >= 0)
|
|
- {
|
|
- nss_setpwent = __nss_lookup_function (ni, "setpwent");
|
|
- nss_getpwnam_r = __nss_lookup_function (ni, "getpwnam_r");
|
|
- nss_getpwuid_r = __nss_lookup_function (ni, "getpwuid_r");
|
|
- nss_getpwent_r = __nss_lookup_function (ni, "getpwent_r");
|
|
- nss_endpwent = __nss_lookup_function (ni, "endpwent");
|
|
- }
|
|
-}
|
|
-
|
|
-static void
|
|
-give_pwd_free (struct passwd *pwd)
|
|
-{
|
|
- free (pwd->pw_name);
|
|
- free (pwd->pw_passwd);
|
|
- free (pwd->pw_gecos);
|
|
- free (pwd->pw_dir);
|
|
- free (pwd->pw_shell);
|
|
-
|
|
- memset (pwd, '\0', sizeof (struct passwd));
|
|
-}
|
|
-
|
|
-static size_t
|
|
-pwd_need_buflen (struct passwd *pwd)
|
|
-{
|
|
- size_t len = 0;
|
|
-
|
|
- if (pwd->pw_passwd != NULL)
|
|
- len += strlen (pwd->pw_passwd) + 1;
|
|
-
|
|
- if (pwd->pw_gecos != NULL)
|
|
- len += strlen (pwd->pw_gecos) + 1;
|
|
-
|
|
- if (pwd->pw_dir != NULL)
|
|
- len += strlen (pwd->pw_dir) + 1;
|
|
-
|
|
- if (pwd->pw_shell != NULL)
|
|
- len += strlen (pwd->pw_shell) + 1;
|
|
-
|
|
- return len;
|
|
-}
|
|
-
|
|
-static void
|
|
-copy_pwd_changes (struct passwd *dest, struct passwd *src,
|
|
- char *buffer, size_t buflen)
|
|
-{
|
|
- if (src->pw_passwd != NULL && strlen (src->pw_passwd))
|
|
- {
|
|
- if (buffer == NULL)
|
|
- dest->pw_passwd = strdup (src->pw_passwd);
|
|
- else if (dest->pw_passwd &&
|
|
- strlen (dest->pw_passwd) >= strlen (src->pw_passwd))
|
|
- strcpy (dest->pw_passwd, src->pw_passwd);
|
|
- else
|
|
- {
|
|
- dest->pw_passwd = buffer;
|
|
- strcpy (dest->pw_passwd, src->pw_passwd);
|
|
- buffer += strlen (dest->pw_passwd) + 1;
|
|
- buflen = buflen - (strlen (dest->pw_passwd) + 1);
|
|
- }
|
|
- }
|
|
-
|
|
- if (src->pw_gecos != NULL && strlen (src->pw_gecos))
|
|
- {
|
|
- if (buffer == NULL)
|
|
- dest->pw_gecos = strdup (src->pw_gecos);
|
|
- else if (dest->pw_gecos &&
|
|
- strlen (dest->pw_gecos) >= strlen (src->pw_gecos))
|
|
- strcpy (dest->pw_gecos, src->pw_gecos);
|
|
- else
|
|
- {
|
|
- dest->pw_gecos = buffer;
|
|
- strcpy (dest->pw_gecos, src->pw_gecos);
|
|
- buffer += strlen (dest->pw_gecos) + 1;
|
|
- buflen = buflen - (strlen (dest->pw_gecos) + 1);
|
|
- }
|
|
- }
|
|
- if (src->pw_dir != NULL && strlen (src->pw_dir))
|
|
- {
|
|
- if (buffer == NULL)
|
|
- dest->pw_dir = strdup (src->pw_dir);
|
|
- else if (dest->pw_dir && strlen (dest->pw_dir) >= strlen (src->pw_dir))
|
|
- strcpy (dest->pw_dir, src->pw_dir);
|
|
- else
|
|
- {
|
|
- dest->pw_dir = buffer;
|
|
- strcpy (dest->pw_dir, src->pw_dir);
|
|
- buffer += strlen (dest->pw_dir) + 1;
|
|
- buflen = buflen - (strlen (dest->pw_dir) + 1);
|
|
- }
|
|
- }
|
|
-
|
|
- if (src->pw_shell != NULL && strlen (src->pw_shell))
|
|
- {
|
|
- if (buffer == NULL)
|
|
- dest->pw_shell = strdup (src->pw_shell);
|
|
- else if (dest->pw_shell &&
|
|
- strlen (dest->pw_shell) >= strlen (src->pw_shell))
|
|
- strcpy (dest->pw_shell, src->pw_shell);
|
|
- else
|
|
- {
|
|
- dest->pw_shell = buffer;
|
|
- strcpy (dest->pw_shell, src->pw_shell);
|
|
- buffer += strlen (dest->pw_shell) + 1;
|
|
- buflen = buflen - (strlen (dest->pw_shell) + 1);
|
|
- }
|
|
- }
|
|
-}
|
|
-
|
|
-static enum nss_status
|
|
-internal_setpwent (ent_t *ent, int stayopen, int needent)
|
|
-{
|
|
- enum nss_status status = NSS_STATUS_SUCCESS;
|
|
-
|
|
- ent->first = ent->netgroup = false;
|
|
- ent->files = true;
|
|
- ent->setent_status = NSS_STATUS_SUCCESS;
|
|
-
|
|
- /* If something was left over free it. */
|
|
- if (ent->netgroup)
|
|
- __internal_endnetgrent (&ent->netgrdata);
|
|
-
|
|
- if (ent->blacklist.data != NULL)
|
|
- {
|
|
- ent->blacklist.current = 1;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- }
|
|
- else
|
|
- ent->blacklist.current = 0;
|
|
-
|
|
- if (ent->stream == NULL)
|
|
- {
|
|
- ent->stream = fopen ("/etc/passwd", "rme");
|
|
-
|
|
- if (ent->stream == NULL)
|
|
- status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
|
|
- else
|
|
- /* We take care of locking ourself. */
|
|
- __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
|
|
- }
|
|
- else
|
|
- rewind (ent->stream);
|
|
-
|
|
- give_pwd_free (&ent->pwd);
|
|
-
|
|
- if (needent && status == NSS_STATUS_SUCCESS && nss_setpwent)
|
|
- ent->setent_status = nss_setpwent (stayopen);
|
|
-
|
|
- return status;
|
|
-}
|
|
-
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_setpwent (int stayopen)
|
|
-{
|
|
- enum nss_status result;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- result = internal_setpwent (&ext_ent, stayopen, 1);
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-internal_endpwent (ent_t *ent)
|
|
-{
|
|
- if (ent->stream != NULL)
|
|
- {
|
|
- fclose (ent->stream);
|
|
- ent->stream = NULL;
|
|
- }
|
|
-
|
|
- if (ent->netgroup)
|
|
- __internal_endnetgrent (&ent->netgrdata);
|
|
-
|
|
- ent->first = ent->netgroup = false;
|
|
-
|
|
- if (ent->blacklist.data != NULL)
|
|
- {
|
|
- ent->blacklist.current = 1;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- }
|
|
- else
|
|
- ent->blacklist.current = 0;
|
|
-
|
|
- give_pwd_free (&ent->pwd);
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_endpwent (void)
|
|
-{
|
|
- enum nss_status result;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (nss_endpwent)
|
|
- nss_endpwent ();
|
|
-
|
|
- result = internal_endpwent (&ext_ent);
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-getpwent_next_nss_netgr (const char *name, struct passwd *result, ent_t *ent,
|
|
- char *group, char *buffer, size_t buflen,
|
|
- int *errnop)
|
|
-{
|
|
- char *curdomain = NULL, *host, *user, *domain, *p2;
|
|
- int status;
|
|
- size_t p2len;
|
|
-
|
|
- /* Leave function if NSS module does not support getpwnam_r,
|
|
- we need this function here. */
|
|
- if (!nss_getpwnam_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- if (ent->first)
|
|
- {
|
|
- memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
|
|
- __internal_setnetgrent (group, &ent->netgrdata);
|
|
- ent->first = false;
|
|
- }
|
|
-
|
|
- while (1)
|
|
- {
|
|
- status = __internal_getnetgrent_r (&host, &user, &domain,
|
|
- &ent->netgrdata, buffer, buflen,
|
|
- errnop);
|
|
- if (status != 1)
|
|
- {
|
|
- __internal_endnetgrent (&ent->netgrdata);
|
|
- ent->netgroup = 0;
|
|
- give_pwd_free (&ent->pwd);
|
|
- return NSS_STATUS_RETURN;
|
|
- }
|
|
-
|
|
- if (user == NULL || user[0] == '-')
|
|
- continue;
|
|
-
|
|
- if (domain != NULL)
|
|
- {
|
|
- if (curdomain == NULL
|
|
- && yp_get_default_domain (&curdomain) != YPERR_SUCCESS)
|
|
- {
|
|
- __internal_endnetgrent (&ent->netgrdata);
|
|
- ent->netgroup = false;
|
|
- give_pwd_free (&ent->pwd);
|
|
- return NSS_STATUS_UNAVAIL;
|
|
- }
|
|
- if (strcmp (curdomain, domain) != 0)
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* If name != NULL, we are called from getpwnam. */
|
|
- if (name != NULL)
|
|
- if (strcmp (user, name) != 0)
|
|
- continue;
|
|
-
|
|
- p2len = pwd_need_buflen (&ent->pwd);
|
|
- if (p2len > buflen)
|
|
- {
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
- p2 = buffer + (buflen - p2len);
|
|
- buflen -= p2len;
|
|
-
|
|
- if (nss_getpwnam_r (user, result, buffer, buflen, errnop) !=
|
|
- NSS_STATUS_SUCCESS)
|
|
- continue;
|
|
-
|
|
- if (!in_blacklist (result->pw_name, strlen (result->pw_name), ent))
|
|
- {
|
|
- /* Store the User in the blacklist for possible the "+" at the
|
|
- end of /etc/passwd */
|
|
- blacklist_store_name (result->pw_name, ent);
|
|
- copy_pwd_changes (result, &ent->pwd, p2, p2len);
|
|
- break;
|
|
- }
|
|
- }
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-/* get the next user from NSS (+ entry) */
|
|
-static enum nss_status
|
|
-getpwent_next_nss (struct passwd *result, ent_t *ent, char *buffer,
|
|
- size_t buflen, int *errnop)
|
|
-{
|
|
- enum nss_status status;
|
|
- char *p2;
|
|
- size_t p2len;
|
|
-
|
|
- /* Return if NSS module does not support getpwent_r. */
|
|
- if (!nss_getpwent_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- /* If the setpwent call failed, say so. */
|
|
- if (ent->setent_status != NSS_STATUS_SUCCESS)
|
|
- return ent->setent_status;
|
|
-
|
|
- p2len = pwd_need_buflen (&ent->pwd);
|
|
- if (p2len > buflen)
|
|
- {
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
- p2 = buffer + (buflen - p2len);
|
|
- buflen -= p2len;
|
|
-
|
|
- if (ent->first)
|
|
- ent->first = false;
|
|
-
|
|
- do
|
|
- {
|
|
- if ((status = nss_getpwent_r (result, buffer, buflen, errnop)) !=
|
|
- NSS_STATUS_SUCCESS)
|
|
- return status;
|
|
- }
|
|
- while (in_blacklist (result->pw_name, strlen (result->pw_name), ent));
|
|
-
|
|
- copy_pwd_changes (result, &ent->pwd, p2, p2len);
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-/* This function handle the +user entrys in /etc/passwd */
|
|
-static enum nss_status
|
|
-getpwnam_plususer (const char *name, struct passwd *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- if (!nss_getpwnam_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- struct passwd pwd;
|
|
- memset (&pwd, '\0', sizeof (struct passwd));
|
|
-
|
|
- copy_pwd_changes (&pwd, result, NULL, 0);
|
|
-
|
|
- size_t plen = pwd_need_buflen (&pwd);
|
|
- if (plen > buflen)
|
|
- {
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
- char *p = buffer + (buflen - plen);
|
|
- buflen -= plen;
|
|
-
|
|
- enum nss_status status = nss_getpwnam_r (name, result, buffer, buflen,
|
|
- errnop);
|
|
- if (status != NSS_STATUS_SUCCESS)
|
|
- return status;
|
|
-
|
|
- if (in_blacklist (result->pw_name, strlen (result->pw_name), ent))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- copy_pwd_changes (result, &pwd, p, plen);
|
|
- give_pwd_free (&pwd);
|
|
- /* We found the entry. */
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-static enum nss_status
|
|
-getpwent_next_file (struct passwd *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- char *p;
|
|
- int parse_res;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Terminate the line for any case. */
|
|
- buffer[buflen - 1] = '\0';
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
|
|
- errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
|
|
- /* This is a real entry. */
|
|
- break;
|
|
-
|
|
- /* -@netgroup */
|
|
- if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
|
|
- && result->pw_name[2] != '\0')
|
|
- {
|
|
- /* XXX Do not use fixed length buffer. */
|
|
- char buf2[1024];
|
|
- char *user, *host, *domain;
|
|
- struct __netgrent netgrdata;
|
|
-
|
|
- memset (&netgrdata, 0, sizeof (struct __netgrent));
|
|
- __internal_setnetgrent (&result->pw_name[2], &netgrdata);
|
|
- while (__internal_getnetgrent_r (&host, &user, &domain, &netgrdata,
|
|
- buf2, sizeof (buf2), errnop))
|
|
- {
|
|
- if (user != NULL && user[0] != '-')
|
|
- blacklist_store_name (user, ent);
|
|
- }
|
|
- __internal_endnetgrent (&netgrdata);
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +@netgroup */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
|
|
- && result->pw_name[2] != '\0')
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- ent->netgroup = true;
|
|
- ent->first = true;
|
|
- copy_pwd_changes (&ent->pwd, result, NULL, 0);
|
|
-
|
|
- status = getpwent_next_nss_netgr (NULL, result, ent,
|
|
- &result->pw_name[2],
|
|
- buffer, buflen, errnop);
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- continue;
|
|
- else
|
|
- return status;
|
|
- }
|
|
-
|
|
- /* -user */
|
|
- if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
|
|
- && result->pw_name[1] != '@')
|
|
- {
|
|
- blacklist_store_name (&result->pw_name[1], ent);
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +user */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
|
|
- && result->pw_name[1] != '@')
|
|
- {
|
|
- size_t len = strlen (result->pw_name);
|
|
- char buf[len];
|
|
- enum nss_status status;
|
|
-
|
|
- /* Store the User in the blacklist for the "+" at the end of
|
|
- /etc/passwd */
|
|
- memcpy (buf, &result->pw_name[1], len);
|
|
- status = getpwnam_plususer (&result->pw_name[1], result, ent,
|
|
- buffer, buflen, errnop);
|
|
- blacklist_store_name (buf, ent);
|
|
-
|
|
- if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
- break;
|
|
- else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry */
|
|
- || status == NSS_STATUS_NOTFOUND) /* entry doesn't exist */
|
|
- continue;
|
|
- else
|
|
- {
|
|
- if (status == NSS_STATUS_TRYAGAIN)
|
|
- {
|
|
- /* The parser ran out of space */
|
|
- fsetpos (ent->stream, &pos);
|
|
- *errnop = ERANGE;
|
|
- }
|
|
- return status;
|
|
- }
|
|
- }
|
|
-
|
|
- /* +:... */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
|
|
- {
|
|
- ent->files = false;
|
|
- ent->first = true;
|
|
- copy_pwd_changes (&ent->pwd, result, NULL, 0);
|
|
-
|
|
- return getpwent_next_nss (result, ent, buffer, buflen, errnop);
|
|
- }
|
|
- }
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-internal_getpwent_r (struct passwd *pw, ent_t *ent, char *buffer,
|
|
- size_t buflen, int *errnop)
|
|
-{
|
|
- if (ent->netgroup)
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- /* We are searching members in a netgroup */
|
|
- /* Since this is not the first call, we don't need the group name */
|
|
- status = getpwent_next_nss_netgr (NULL, pw, ent, NULL, buffer, buflen,
|
|
- errnop);
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- return getpwent_next_file (pw, ent, buffer, buflen, errnop);
|
|
- else
|
|
- return status;
|
|
- }
|
|
- else if (ent->files)
|
|
- return getpwent_next_file (pw, ent, buffer, buflen, errnop);
|
|
- else
|
|
- return getpwent_next_nss (pw, ent, buffer, buflen, errnop);
|
|
-
|
|
-}
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
|
|
- int *errnop)
|
|
-{
|
|
- enum nss_status result = NSS_STATUS_SUCCESS;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- /* Be prepared that the setpwent function was not called before. */
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- if (ext_ent.stream == NULL)
|
|
- result = internal_setpwent (&ext_ent, 1, 1);
|
|
-
|
|
- if (result == NSS_STATUS_SUCCESS)
|
|
- result = internal_getpwent_r (pwd, &ext_ent, buffer, buflen, errnop);
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
|
|
-static enum nss_status
|
|
-internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
-
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- char *p;
|
|
- int parse_res;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- {
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- }
|
|
- if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Terminate the line for any case. */
|
|
- buffer[buflen - 1] = '\0';
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
|
|
- errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- /* This is a real entry. */
|
|
- if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
|
|
- {
|
|
- if (strcmp (result->pw_name, name) == 0)
|
|
- return NSS_STATUS_SUCCESS;
|
|
- else
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* -@netgroup */
|
|
- if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
|
|
- && result->pw_name[2] != '\0')
|
|
- {
|
|
- if (innetgr (&result->pw_name[2], NULL, name, NULL))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +@netgroup */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
|
|
- && result->pw_name[2] != '\0')
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- if (innetgr (&result->pw_name[2], NULL, name, NULL))
|
|
- {
|
|
- status = getpwnam_plususer (name, result, ent, buffer,
|
|
- buflen, errnop);
|
|
-
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- continue;
|
|
-
|
|
- return status;
|
|
- }
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* -user */
|
|
- if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
|
|
- && result->pw_name[1] != '@')
|
|
- {
|
|
- if (strcmp (&result->pw_name[1], name) == 0)
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +user */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
|
|
- && result->pw_name[1] != '@')
|
|
- {
|
|
- if (strcmp (name, &result->pw_name[1]) == 0)
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- status = getpwnam_plususer (name, result, ent, buffer, buflen,
|
|
- errnop);
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- /* We couldn't parse the entry */
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- return status;
|
|
- }
|
|
- }
|
|
-
|
|
- /* +:... */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- status = getpwnam_plususer (name, result, ent,
|
|
- buffer, buflen, errnop);
|
|
- if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
- break;
|
|
- else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- return status;
|
|
- }
|
|
- }
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- enum nss_status result;
|
|
- ent_t ent = { false, false, true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 },
|
|
- { NULL, NULL, 0, 0, NULL, NULL, NULL }};
|
|
-
|
|
- if (name[0] == '-' || name[0] == '+')
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- result = internal_setpwent (&ent, 0, 0);
|
|
-
|
|
- if (result == NSS_STATUS_SUCCESS)
|
|
- result = internal_getpwnam_r (name, pwd, &ent, buffer, buflen, errnop);
|
|
-
|
|
- internal_endpwent (&ent);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-/* This function handle the + entry in /etc/passwd for getpwuid */
|
|
-static enum nss_status
|
|
-getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
|
|
- size_t buflen, int *errnop)
|
|
-{
|
|
- struct passwd pwd;
|
|
- char *p;
|
|
- size_t plen;
|
|
-
|
|
- if (!nss_getpwuid_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- memset (&pwd, '\0', sizeof (struct passwd));
|
|
-
|
|
- copy_pwd_changes (&pwd, result, NULL, 0);
|
|
-
|
|
- plen = pwd_need_buflen (&pwd);
|
|
- if (plen > buflen)
|
|
- {
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
- p = buffer + (buflen - plen);
|
|
- buflen -= plen;
|
|
-
|
|
- if (nss_getpwuid_r (uid, result, buffer, buflen, errnop) ==
|
|
- NSS_STATUS_SUCCESS)
|
|
- {
|
|
- copy_pwd_changes (result, &pwd, p, plen);
|
|
- give_pwd_free (&pwd);
|
|
- /* We found the entry. */
|
|
- return NSS_STATUS_SUCCESS;
|
|
- }
|
|
- else
|
|
- {
|
|
- /* Give buffer the old len back */
|
|
- buflen += plen;
|
|
- give_pwd_free (&pwd);
|
|
- }
|
|
- return NSS_STATUS_RETURN;
|
|
-}
|
|
-
|
|
-/* Searches in /etc/passwd and the NSS subsystem for a special user id */
|
|
-static enum nss_status
|
|
-internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
-
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- char *p;
|
|
- int parse_res;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Terminate the line for any case. */
|
|
- buffer[buflen - 1] = '\0';
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
|
|
- errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- /* This is a real entry. */
|
|
- if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
|
|
- {
|
|
- if (result->pw_uid == uid)
|
|
- return NSS_STATUS_SUCCESS;
|
|
- else
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* -@netgroup */
|
|
- if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
|
|
- && result->pw_name[2] != '\0')
|
|
- {
|
|
- /* -1, because we remove first two character of pw_name. */
|
|
- size_t len = strlen (result->pw_name) - 1;
|
|
- char buf[len];
|
|
- enum nss_status status;
|
|
-
|
|
- memcpy (buf, &result->pw_name[2], len);
|
|
-
|
|
- status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
- if (status == NSS_STATUS_SUCCESS &&
|
|
- innetgr (buf, NULL, result->pw_name, NULL))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +@netgroup */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
|
|
- && result->pw_name[2] != '\0')
|
|
- {
|
|
- /* -1, because we remove first two characters of pw_name. */
|
|
- size_t len = strlen (result->pw_name) - 1;
|
|
- char buf[len];
|
|
- enum nss_status status;
|
|
-
|
|
- memcpy (buf, &result->pw_name[2], len);
|
|
-
|
|
- status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
-
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- continue;
|
|
-
|
|
- if (status == NSS_STATUS_SUCCESS)
|
|
- {
|
|
- if (innetgr (buf, NULL, result->pw_name, NULL))
|
|
- return NSS_STATUS_SUCCESS;
|
|
- }
|
|
- else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- return status;
|
|
-
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* -user */
|
|
- if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
|
|
- && result->pw_name[1] != '@')
|
|
- {
|
|
- size_t len = strlen (result->pw_name);
|
|
- char buf[len];
|
|
- enum nss_status status;
|
|
-
|
|
- memcpy (buf, &result->pw_name[1], len);
|
|
-
|
|
- status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
- if (status == NSS_STATUS_SUCCESS &&
|
|
- innetgr (buf, NULL, result->pw_name, NULL))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +user */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
|
|
- && result->pw_name[1] != '@')
|
|
- {
|
|
- size_t len = strlen (result->pw_name);
|
|
- char buf[len];
|
|
- enum nss_status status;
|
|
-
|
|
- memcpy (buf, &result->pw_name[1], len);
|
|
-
|
|
- status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
-
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- continue;
|
|
-
|
|
- if (status == NSS_STATUS_SUCCESS)
|
|
- {
|
|
- if (strcmp (buf, result->pw_name) == 0)
|
|
- return NSS_STATUS_SUCCESS;
|
|
- }
|
|
- else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- return status;
|
|
-
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +:... */
|
|
- if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
- if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
- break;
|
|
- else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- return status;
|
|
- }
|
|
- }
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- enum nss_status result;
|
|
- ent_t ent = { false, false, true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 },
|
|
- { NULL, NULL, 0, 0, NULL, NULL, NULL }};
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- result = internal_setpwent (&ent, 0, 0);
|
|
-
|
|
- if (result == NSS_STATUS_SUCCESS)
|
|
- result = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen, errnop);
|
|
-
|
|
- internal_endpwent (&ent);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-/* Support routines for remembering -@netgroup and -user entries.
|
|
- The names are stored in a single string with `|' as separator. */
|
|
-static void
|
|
-blacklist_store_name (const char *name, ent_t *ent)
|
|
-{
|
|
- int namelen = strlen (name);
|
|
- char *tmp;
|
|
-
|
|
- /* first call, setup cache */
|
|
- if (ent->blacklist.size == 0)
|
|
- {
|
|
- ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
|
|
- ent->blacklist.data = malloc (ent->blacklist.size);
|
|
- if (ent->blacklist.data == NULL)
|
|
- return;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- ent->blacklist.current = 1;
|
|
- }
|
|
- else
|
|
- {
|
|
- if (in_blacklist (name, namelen, ent))
|
|
- return; /* no duplicates */
|
|
-
|
|
- if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
|
|
- {
|
|
- ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
|
|
- tmp = realloc (ent->blacklist.data, ent->blacklist.size);
|
|
- if (tmp == NULL)
|
|
- {
|
|
- free (ent->blacklist.data);
|
|
- ent->blacklist.size = 0;
|
|
- return;
|
|
- }
|
|
- ent->blacklist.data = tmp;
|
|
- }
|
|
- }
|
|
-
|
|
- tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
|
|
- *tmp++ = '|';
|
|
- *tmp = '\0';
|
|
- ent->blacklist.current += namelen + 1;
|
|
-
|
|
- return;
|
|
-}
|
|
-
|
|
-/* Returns TRUE if ent->blacklist contains name, else FALSE. */
|
|
-static bool_t
|
|
-in_blacklist (const char *name, int namelen, ent_t *ent)
|
|
-{
|
|
- char buf[namelen + 3];
|
|
- char *cp;
|
|
-
|
|
- if (ent->blacklist.data == NULL)
|
|
- return FALSE;
|
|
-
|
|
- buf[0] = '|';
|
|
- cp = stpcpy (&buf[1], name);
|
|
- *cp++ = '|';
|
|
- *cp = '\0';
|
|
- return strstr (ent->blacklist.data, buf) != NULL;
|
|
-}
|
|
Index: glibc-2.26/nis/nss_compat/compat-spwd.c
|
|
===================================================================
|
|
--- glibc-2.26.orig/nis/nss_compat/compat-spwd.c
|
|
+++ /dev/null
|
|
@@ -1,858 +0,0 @@
|
|
-/* Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
|
- This file is part of the GNU C Library.
|
|
- Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
|
|
-
|
|
- The GNU C Library is free software; you can redistribute it and/or
|
|
- modify it under the terms of the GNU Lesser General Public
|
|
- License as published by the Free Software Foundation; either
|
|
- version 2.1 of the License, or (at your option) any later version.
|
|
-
|
|
- The GNU C Library is distributed in the hope that it will be useful,
|
|
- but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
- Lesser General Public License for more details.
|
|
-
|
|
- You should have received a copy of the GNU Lesser General Public
|
|
- License along with the GNU C Library; if not, see
|
|
- <http://www.gnu.org/licenses/>. */
|
|
-
|
|
-#include <ctype.h>
|
|
-#include <errno.h>
|
|
-#include <fcntl.h>
|
|
-#include <netdb.h>
|
|
-#include <nss.h>
|
|
-#include <nsswitch.h>
|
|
-#include <shadow.h>
|
|
-#include <stdio_ext.h>
|
|
-#include <string.h>
|
|
-#include <rpc/types.h>
|
|
-#include <rpcsvc/ypclnt.h>
|
|
-#include <libc-lock.h>
|
|
-#include <kernel-features.h>
|
|
-
|
|
-#include "netgroup.h"
|
|
-
|
|
-static service_user *ni;
|
|
-static enum nss_status (*nss_setspent) (int stayopen);
|
|
-static enum nss_status (*nss_getspnam_r) (const char *name, struct spwd * sp,
|
|
- char *buffer, size_t buflen,
|
|
- int *errnop);
|
|
-static enum nss_status (*nss_getspent_r) (struct spwd * sp, char *buffer,
|
|
- size_t buflen, int *errnop);
|
|
-static enum nss_status (*nss_endspent) (void);
|
|
-
|
|
-/* Get the declaration of the parser function. */
|
|
-#define ENTNAME spent
|
|
-#define STRUCTURE spwd
|
|
-#define EXTERN_PARSER
|
|
-#include <nss/nss_files/files-parse.c>
|
|
-
|
|
-/* Structure for remembering -@netgroup and -user members ... */
|
|
-#define BLACKLIST_INITIAL_SIZE 512
|
|
-#define BLACKLIST_INCREMENT 256
|
|
-struct blacklist_t
|
|
-{
|
|
- char *data;
|
|
- int current;
|
|
- int size;
|
|
-};
|
|
-
|
|
-struct ent_t
|
|
-{
|
|
- bool netgroup;
|
|
- bool files;
|
|
- bool first;
|
|
- enum nss_status setent_status;
|
|
- FILE *stream;
|
|
- struct blacklist_t blacklist;
|
|
- struct spwd pwd;
|
|
- struct __netgrent netgrdata;
|
|
-};
|
|
-typedef struct ent_t ent_t;
|
|
-
|
|
-static ent_t ext_ent = { false, true, false, NSS_STATUS_SUCCESS, NULL,
|
|
- { NULL, 0, 0},
|
|
- { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
|
|
-
|
|
-/* Protect global state against multiple changers. */
|
|
-__libc_lock_define_initialized (static, lock)
|
|
-
|
|
-/* Prototypes for local functions. */
|
|
-static void blacklist_store_name (const char *, ent_t *);
|
|
-static int in_blacklist (const char *, int, ent_t *);
|
|
-
|
|
-/* Initialize the NSS interface/functions. The calling function must
|
|
- hold the lock. */
|
|
-static void
|
|
-init_nss_interface (void)
|
|
-{
|
|
- if (__nss_database_lookup ("shadow_compat", "passwd_compat",
|
|
- "nis", &ni) >= 0)
|
|
- {
|
|
- nss_setspent = __nss_lookup_function (ni, "setspent");
|
|
- nss_getspnam_r = __nss_lookup_function (ni, "getspnam_r");
|
|
- nss_getspent_r = __nss_lookup_function (ni, "getspent_r");
|
|
- nss_endspent = __nss_lookup_function (ni, "endspent");
|
|
- }
|
|
-}
|
|
-
|
|
-static void
|
|
-give_spwd_free (struct spwd *pwd)
|
|
-{
|
|
- free (pwd->sp_namp);
|
|
- free (pwd->sp_pwdp);
|
|
-
|
|
- memset (pwd, '\0', sizeof (struct spwd));
|
|
- pwd->sp_warn = -1;
|
|
- pwd->sp_inact = -1;
|
|
- pwd->sp_expire = -1;
|
|
- pwd->sp_flag = ~0ul;
|
|
-}
|
|
-
|
|
-static int
|
|
-spwd_need_buflen (struct spwd *pwd)
|
|
-{
|
|
- int len = 0;
|
|
-
|
|
- if (pwd->sp_pwdp != NULL)
|
|
- len += strlen (pwd->sp_pwdp) + 1;
|
|
-
|
|
- return len;
|
|
-}
|
|
-
|
|
-static void
|
|
-copy_spwd_changes (struct spwd *dest, struct spwd *src,
|
|
- char *buffer, size_t buflen)
|
|
-{
|
|
- if (src->sp_pwdp != NULL && strlen (src->sp_pwdp))
|
|
- {
|
|
- if (buffer == NULL)
|
|
- dest->sp_pwdp = strdup (src->sp_pwdp);
|
|
- else if (dest->sp_pwdp &&
|
|
- strlen (dest->sp_pwdp) >= strlen (src->sp_pwdp))
|
|
- strcpy (dest->sp_pwdp, src->sp_pwdp);
|
|
- else
|
|
- {
|
|
- dest->sp_pwdp = buffer;
|
|
- strcpy (dest->sp_pwdp, src->sp_pwdp);
|
|
- buffer += strlen (dest->sp_pwdp) + 1;
|
|
- buflen = buflen - (strlen (dest->sp_pwdp) + 1);
|
|
- }
|
|
- }
|
|
- if (src->sp_lstchg != 0)
|
|
- dest->sp_lstchg = src->sp_lstchg;
|
|
- if (src->sp_min != 0)
|
|
- dest->sp_min = src->sp_min;
|
|
- if (src->sp_max != 0)
|
|
- dest->sp_max = src->sp_max;
|
|
- if (src->sp_warn != -1)
|
|
- dest->sp_warn = src->sp_warn;
|
|
- if (src->sp_inact != -1)
|
|
- dest->sp_inact = src->sp_inact;
|
|
- if (src->sp_expire != -1)
|
|
- dest->sp_expire = src->sp_expire;
|
|
- if (src->sp_flag != ~0ul)
|
|
- dest->sp_flag = src->sp_flag;
|
|
-}
|
|
-
|
|
-static enum nss_status
|
|
-internal_setspent (ent_t *ent, int stayopen, int needent)
|
|
-{
|
|
- enum nss_status status = NSS_STATUS_SUCCESS;
|
|
-
|
|
- ent->first = ent->netgroup = 0;
|
|
- ent->files = true;
|
|
-
|
|
- /* If something was left over free it. */
|
|
- if (ent->netgroup)
|
|
- __internal_endnetgrent (&ent->netgrdata);
|
|
-
|
|
- if (ent->blacklist.data != NULL)
|
|
- {
|
|
- ent->blacklist.current = 1;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- }
|
|
- else
|
|
- ent->blacklist.current = 0;
|
|
-
|
|
- if (ent->stream == NULL)
|
|
- {
|
|
- ent->stream = fopen ("/etc/shadow", "rme");
|
|
-
|
|
- if (ent->stream == NULL)
|
|
- status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
|
|
- else
|
|
- /* We take care of locking ourself. */
|
|
- __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
|
|
- }
|
|
- else
|
|
- rewind (ent->stream);
|
|
-
|
|
- give_spwd_free (&ent->pwd);
|
|
-
|
|
- if (needent && status == NSS_STATUS_SUCCESS && nss_setspent)
|
|
- ent->setent_status = nss_setspent (stayopen);
|
|
-
|
|
- return status;
|
|
-}
|
|
-
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_setspent (int stayopen)
|
|
-{
|
|
- enum nss_status result;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- result = internal_setspent (&ext_ent, stayopen, 1);
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-internal_endspent (ent_t *ent)
|
|
-{
|
|
- if (ent->stream != NULL)
|
|
- {
|
|
- fclose (ent->stream);
|
|
- ent->stream = NULL;
|
|
- }
|
|
-
|
|
- if (ent->netgroup)
|
|
- __internal_endnetgrent (&ent->netgrdata);
|
|
-
|
|
- ent->first = ent->netgroup = false;
|
|
- ent->files = true;
|
|
-
|
|
- if (ent->blacklist.data != NULL)
|
|
- {
|
|
- ent->blacklist.current = 1;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- }
|
|
- else
|
|
- ent->blacklist.current = 0;
|
|
-
|
|
- give_spwd_free (&ent->pwd);
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_endspent (void)
|
|
-{
|
|
- enum nss_status result;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (nss_endspent)
|
|
- nss_endspent ();
|
|
-
|
|
- result = internal_endspent (&ext_ent);
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent,
|
|
- char *group, char *buffer, size_t buflen,
|
|
- int *errnop)
|
|
-{
|
|
- char *curdomain = NULL, *host, *user, *domain, *p2;
|
|
- size_t p2len;
|
|
-
|
|
- if (!nss_getspnam_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- /* If the setpwent call failed, say so. */
|
|
- if (ent->setent_status != NSS_STATUS_SUCCESS)
|
|
- return ent->setent_status;
|
|
-
|
|
- if (ent->first)
|
|
- {
|
|
- memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
|
|
- __internal_setnetgrent (group, &ent->netgrdata);
|
|
- ent->first = false;
|
|
- }
|
|
-
|
|
- while (1)
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- status = __internal_getnetgrent_r (&host, &user, &domain,
|
|
- &ent->netgrdata, buffer, buflen,
|
|
- errnop);
|
|
- if (status != 1)
|
|
- {
|
|
- __internal_endnetgrent (&ent->netgrdata);
|
|
- ent->netgroup = false;
|
|
- give_spwd_free (&ent->pwd);
|
|
- return NSS_STATUS_RETURN;
|
|
- }
|
|
-
|
|
- if (user == NULL || user[0] == '-')
|
|
- continue;
|
|
-
|
|
- if (domain != NULL)
|
|
- {
|
|
- if (curdomain == NULL
|
|
- && yp_get_default_domain (&curdomain) != YPERR_SUCCESS)
|
|
- {
|
|
- __internal_endnetgrent (&ent->netgrdata);
|
|
- ent->netgroup = false;
|
|
- give_spwd_free (&ent->pwd);
|
|
- return NSS_STATUS_UNAVAIL;
|
|
- }
|
|
- if (strcmp (curdomain, domain) != 0)
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* If name != NULL, we are called from getpwnam */
|
|
- if (name != NULL)
|
|
- if (strcmp (user, name) != 0)
|
|
- continue;
|
|
-
|
|
- p2len = spwd_need_buflen (&ent->pwd);
|
|
- if (p2len > buflen)
|
|
- {
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
- p2 = buffer + (buflen - p2len);
|
|
- buflen -= p2len;
|
|
-
|
|
- if (nss_getspnam_r (user, result, buffer, buflen, errnop) !=
|
|
- NSS_STATUS_SUCCESS)
|
|
- continue;
|
|
-
|
|
- if (!in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
|
|
- {
|
|
- /* Store the User in the blacklist for possible the "+" at the
|
|
- end of /etc/passwd */
|
|
- blacklist_store_name (result->sp_namp, ent);
|
|
- copy_spwd_changes (result, &ent->pwd, p2, p2len);
|
|
- break;
|
|
- }
|
|
- }
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-getspent_next_nss (struct spwd *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- enum nss_status status;
|
|
- char *p2;
|
|
- size_t p2len;
|
|
-
|
|
- if (!nss_getspent_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- p2len = spwd_need_buflen (&ent->pwd);
|
|
- if (p2len > buflen)
|
|
- {
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
- p2 = buffer + (buflen - p2len);
|
|
- buflen -= p2len;
|
|
- do
|
|
- {
|
|
- if ((status = nss_getspent_r (result, buffer, buflen, errnop)) !=
|
|
- NSS_STATUS_SUCCESS)
|
|
- return status;
|
|
- }
|
|
- while (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent));
|
|
-
|
|
- copy_spwd_changes (result, &ent->pwd, p2, p2len);
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-
|
|
-/* This function handle the +user entrys in /etc/shadow */
|
|
-static enum nss_status
|
|
-getspnam_plususer (const char *name, struct spwd *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- if (!nss_getspnam_r)
|
|
- return NSS_STATUS_UNAVAIL;
|
|
-
|
|
- struct spwd pwd;
|
|
- memset (&pwd, '\0', sizeof (struct spwd));
|
|
- pwd.sp_warn = -1;
|
|
- pwd.sp_inact = -1;
|
|
- pwd.sp_expire = -1;
|
|
- pwd.sp_flag = ~0ul;
|
|
-
|
|
- copy_spwd_changes (&pwd, result, NULL, 0);
|
|
-
|
|
- size_t plen = spwd_need_buflen (&pwd);
|
|
- if (plen > buflen)
|
|
- {
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
- char *p = buffer + (buflen - plen);
|
|
- buflen -= plen;
|
|
-
|
|
- enum nss_status status = nss_getspnam_r (name, result, buffer, buflen,
|
|
- errnop);
|
|
- if (status != NSS_STATUS_SUCCESS)
|
|
- return status;
|
|
-
|
|
- if (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- copy_spwd_changes (result, &pwd, p, plen);
|
|
- give_spwd_free (&pwd);
|
|
- /* We found the entry. */
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-getspent_next_file (struct spwd *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- int parse_res = 0;
|
|
- char *p;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- || !(parse_res = _nss_files_parse_spent (p, result, data,
|
|
- buflen, errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
|
|
- /* This is a real entry. */
|
|
- break;
|
|
-
|
|
- /* -@netgroup */
|
|
- if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
|
|
- && result->sp_namp[2] != '\0')
|
|
- {
|
|
- /* XXX Do not use fixed length buffers. */
|
|
- char buf2[1024];
|
|
- char *user, *host, *domain;
|
|
- struct __netgrent netgrdata;
|
|
-
|
|
- memset (&netgrdata, 0, sizeof (struct __netgrent));
|
|
- __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
|
|
- while (__internal_getnetgrent_r (&host, &user, &domain,
|
|
- &netgrdata, buf2, sizeof (buf2),
|
|
- errnop))
|
|
- {
|
|
- if (user != NULL && user[0] != '-')
|
|
- blacklist_store_name (user, ent);
|
|
- }
|
|
- __internal_endnetgrent (&netgrdata);
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +@netgroup */
|
|
- if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
|
|
- && result->sp_namp[2] != '\0')
|
|
- {
|
|
- int status;
|
|
-
|
|
- ent->netgroup = true;
|
|
- ent->first = true;
|
|
- copy_spwd_changes (&ent->pwd, result, NULL, 0);
|
|
-
|
|
- status = getspent_next_nss_netgr (NULL, result, ent,
|
|
- &result->sp_namp[2],
|
|
- buffer, buflen, errnop);
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- continue;
|
|
- else
|
|
- return status;
|
|
- }
|
|
-
|
|
- /* -user */
|
|
- if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
|
|
- && result->sp_namp[1] != '@')
|
|
- {
|
|
- blacklist_store_name (&result->sp_namp[1], ent);
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +user */
|
|
- if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
|
|
- && result->sp_namp[1] != '@')
|
|
- {
|
|
- size_t len = strlen (result->sp_namp);
|
|
- char buf[len];
|
|
- enum nss_status status;
|
|
-
|
|
- /* Store the User in the blacklist for the "+" at the end of
|
|
- /etc/passwd */
|
|
- memcpy (buf, &result->sp_namp[1], len);
|
|
- status = getspnam_plususer (&result->sp_namp[1], result, ent,
|
|
- buffer, buflen, errnop);
|
|
- blacklist_store_name (buf, ent);
|
|
-
|
|
- if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
- break;
|
|
- /* We couldn't parse the entry */
|
|
- else if (status == NSS_STATUS_RETURN
|
|
- /* entry doesn't exist */
|
|
- || status == NSS_STATUS_NOTFOUND)
|
|
- continue;
|
|
- else
|
|
- {
|
|
- if (status == NSS_STATUS_TRYAGAIN)
|
|
- {
|
|
- fsetpos (ent->stream, &pos);
|
|
- *errnop = ERANGE;
|
|
- }
|
|
- return status;
|
|
- }
|
|
- }
|
|
-
|
|
- /* +:... */
|
|
- if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
|
|
- {
|
|
- ent->files = false;
|
|
- ent->first = true;
|
|
- copy_spwd_changes (&ent->pwd, result, NULL, 0);
|
|
-
|
|
- return getspent_next_nss (result, ent, buffer, buflen, errnop);
|
|
- }
|
|
- }
|
|
-
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-
|
|
-static enum nss_status
|
|
-internal_getspent_r (struct spwd *pw, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- if (ent->netgroup)
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- /* We are searching members in a netgroup */
|
|
- /* Since this is not the first call, we don't need the group name */
|
|
- status = getspent_next_nss_netgr (NULL, pw, ent, NULL, buffer,
|
|
- buflen, errnop);
|
|
-
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- return getspent_next_file (pw, ent, buffer, buflen, errnop);
|
|
- else
|
|
- return status;
|
|
- }
|
|
- else if (ent->files)
|
|
- return getspent_next_file (pw, ent, buffer, buflen, errnop);
|
|
- else
|
|
- return getspent_next_nss (pw, ent, buffer, buflen, errnop);
|
|
-}
|
|
-
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen,
|
|
- int *errnop)
|
|
-{
|
|
- enum nss_status result = NSS_STATUS_SUCCESS;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- /* Be prepared that the setpwent function was not called before. */
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- if (ext_ent.stream == NULL)
|
|
- result = internal_setspent (&ext_ent, 1, 1);
|
|
-
|
|
- if (result == NSS_STATUS_SUCCESS)
|
|
- result = internal_getspent_r (pwd, &ext_ent, buffer, buflen, errnop);
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
|
|
-static enum nss_status
|
|
-internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- struct parser_data *data = (void *) buffer;
|
|
-
|
|
- while (1)
|
|
- {
|
|
- fpos_t pos;
|
|
- char *p;
|
|
- int parse_res;
|
|
-
|
|
- do
|
|
- {
|
|
- /* We need at least 3 characters for one line. */
|
|
- if (__glibc_unlikely (buflen < 3))
|
|
- {
|
|
- erange:
|
|
- *errnop = ERANGE;
|
|
- return NSS_STATUS_TRYAGAIN;
|
|
- }
|
|
-
|
|
- fgetpos (ent->stream, &pos);
|
|
- buffer[buflen - 1] = '\xff';
|
|
- p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
- if (p == NULL && feof_unlocked (ent->stream))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- if (p == NULL || buffer[buflen - 1] != '\xff')
|
|
- {
|
|
- erange_reset:
|
|
- fsetpos (ent->stream, &pos);
|
|
- goto erange;
|
|
- }
|
|
-
|
|
- /* Terminate the line for any case. */
|
|
- buffer[buflen - 1] = '\0';
|
|
-
|
|
- /* Skip leading blanks. */
|
|
- while (isspace (*p))
|
|
- ++p;
|
|
- }
|
|
- while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
- /* Parse the line. If it is invalid, loop to
|
|
- get the next line of the file to parse. */
|
|
- !(parse_res = _nss_files_parse_spent (p, result, data, buflen,
|
|
- errnop)));
|
|
-
|
|
- if (__glibc_unlikely (parse_res == -1))
|
|
- /* The parser ran out of space. */
|
|
- goto erange_reset;
|
|
-
|
|
- /* This is a real entry. */
|
|
- if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
|
|
- {
|
|
- if (strcmp (result->sp_namp, name) == 0)
|
|
- return NSS_STATUS_SUCCESS;
|
|
- else
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* -@netgroup */
|
|
- /* If the loaded NSS module does not support this service, add
|
|
- all users from a +@netgroup entry to the blacklist, too. */
|
|
- if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
|
|
- && result->sp_namp[2] != '\0')
|
|
- {
|
|
- if (innetgr (&result->sp_namp[2], NULL, name, NULL))
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +@netgroup */
|
|
- if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
|
|
- && result->sp_namp[2] != '\0')
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- if (innetgr (&result->sp_namp[2], NULL, name, NULL))
|
|
- {
|
|
- status = getspnam_plususer (name, result, ent, buffer,
|
|
- buflen, errnop);
|
|
-
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- continue;
|
|
-
|
|
- return status;
|
|
- }
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* -user */
|
|
- if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
|
|
- && result->sp_namp[1] != '@')
|
|
- {
|
|
- if (strcmp (&result->sp_namp[1], name) == 0)
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- continue;
|
|
- }
|
|
-
|
|
- /* +user */
|
|
- if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
|
|
- && result->sp_namp[1] != '@')
|
|
- {
|
|
- if (strcmp (name, &result->sp_namp[1]) == 0)
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- status = getspnam_plususer (name, result, ent,
|
|
- buffer, buflen, errnop);
|
|
-
|
|
- if (status == NSS_STATUS_RETURN)
|
|
- /* We couldn't parse the entry */
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- return status;
|
|
- }
|
|
- }
|
|
-
|
|
- /* +:... */
|
|
- if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
|
|
- {
|
|
- enum nss_status status;
|
|
-
|
|
- status = getspnam_plususer (name, result, ent,
|
|
- buffer, buflen, errnop);
|
|
-
|
|
- if (status == NSS_STATUS_SUCCESS)
|
|
- /* We found the entry. */
|
|
- break;
|
|
- else if (status == NSS_STATUS_RETURN)
|
|
- /* We couldn't parse the entry */
|
|
- return NSS_STATUS_NOTFOUND;
|
|
- else
|
|
- return status;
|
|
- }
|
|
- }
|
|
- return NSS_STATUS_SUCCESS;
|
|
-}
|
|
-
|
|
-
|
|
-enum nss_status
|
|
-_nss_compat_getspnam_r (const char *name, struct spwd *pwd,
|
|
- char *buffer, size_t buflen, int *errnop)
|
|
-{
|
|
- enum nss_status result;
|
|
- ent_t ent = { false, true, false, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0},
|
|
- { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
|
|
-
|
|
- if (name[0] == '-' || name[0] == '+')
|
|
- return NSS_STATUS_NOTFOUND;
|
|
-
|
|
- __libc_lock_lock (lock);
|
|
-
|
|
- if (ni == NULL)
|
|
- init_nss_interface ();
|
|
-
|
|
- __libc_lock_unlock (lock);
|
|
-
|
|
- result = internal_setspent (&ent, 0, 0);
|
|
-
|
|
- if (result == NSS_STATUS_SUCCESS)
|
|
- result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop);
|
|
-
|
|
- internal_endspent (&ent);
|
|
-
|
|
- return result;
|
|
-}
|
|
-
|
|
-
|
|
-/* Support routines for remembering -@netgroup and -user entries.
|
|
- The names are stored in a single string with `|' as separator. */
|
|
-static void
|
|
-blacklist_store_name (const char *name, ent_t *ent)
|
|
-{
|
|
- int namelen = strlen (name);
|
|
- char *tmp;
|
|
-
|
|
- /* first call, setup cache */
|
|
- if (ent->blacklist.size == 0)
|
|
- {
|
|
- ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
|
|
- ent->blacklist.data = malloc (ent->blacklist.size);
|
|
- if (ent->blacklist.data == NULL)
|
|
- return;
|
|
- ent->blacklist.data[0] = '|';
|
|
- ent->blacklist.data[1] = '\0';
|
|
- ent->blacklist.current = 1;
|
|
- }
|
|
- else
|
|
- {
|
|
- if (in_blacklist (name, namelen, ent))
|
|
- return; /* no duplicates */
|
|
-
|
|
- if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
|
|
- {
|
|
- ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
|
|
- tmp = realloc (ent->blacklist.data, ent->blacklist.size);
|
|
- if (tmp == NULL)
|
|
- {
|
|
- free (ent->blacklist.data);
|
|
- ent->blacklist.size = 0;
|
|
- return;
|
|
- }
|
|
- ent->blacklist.data = tmp;
|
|
- }
|
|
- }
|
|
-
|
|
- tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
|
|
- *tmp++ = '|';
|
|
- *tmp = '\0';
|
|
- ent->blacklist.current += namelen + 1;
|
|
-
|
|
- return;
|
|
-}
|
|
-
|
|
-
|
|
-/* Returns TRUE if ent->blacklist contains name, else FALSE. */
|
|
-static bool_t
|
|
-in_blacklist (const char *name, int namelen, ent_t *ent)
|
|
-{
|
|
- char buf[namelen + 3];
|
|
- char *cp;
|
|
-
|
|
- if (ent->blacklist.data == NULL)
|
|
- return false;
|
|
-
|
|
- buf[0] = '|';
|
|
- cp = stpcpy (&buf[1], name);
|
|
- *cp++ = '|';
|
|
- *cp = '\0';
|
|
- return strstr (ent->blacklist.data, buf) != NULL;
|
|
-}
|
|
Index: glibc-2.26/nss/Makefile
|
|
===================================================================
|
|
--- glibc-2.26.orig/nss/Makefile
|
|
+++ glibc-2.26/nss/Makefile
|
|
@@ -70,7 +70,7 @@ tests += tst-cancel-getpwuid_r
|
|
endif
|
|
|
|
# Specify rules for the nss_* modules. We have some services.
|
|
-services := files db
|
|
+services := files db compat
|
|
|
|
extra-libs = $(services:%=libnss_%)
|
|
# These libraries will be built in the `others' pass rather than
|
|
@@ -93,11 +93,15 @@ libnss_db-routines := $(libnss_db-dbs) d
|
|
generated += $(filter-out db-alias.c db-netgrp.c, \
|
|
$(addsuffix .c,$(libnss_db-dbs)))
|
|
|
|
+libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups) \
|
|
+ nisdomain
|
|
+
|
|
install-others += $(inst_vardbdir)/Makefile
|
|
|
|
# Build static module into libc if requested
|
|
libnss_files-inhibit-o = $(filter-out .os,$(object-suffixes))
|
|
libnss_db-inhibit-o = $(filter-out .os,$(object-suffixes))
|
|
+libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes))
|
|
ifeq ($(build-static-nss),yes)
|
|
routines += $(libnss_files-routines)
|
|
static-only-routines += $(libnss_files-routines)
|
|
Index: glibc-2.26/nss/Versions
|
|
===================================================================
|
|
--- glibc-2.26.orig/nss/Versions
|
|
+++ glibc-2.26/nss/Versions
|
|
@@ -160,3 +160,14 @@ libnss_db {
|
|
_nss_db_init;
|
|
}
|
|
}
|
|
+
|
|
+libnss_compat {
|
|
+ GLIBC_PRIVATE {
|
|
+ _nss_compat_endgrent; _nss_compat_endpwent; _nss_compat_endspent;
|
|
+ _nss_compat_getgrent_r; _nss_compat_getgrgid_r; _nss_compat_getgrnam_r;
|
|
+ _nss_compat_getpwent_r; _nss_compat_getpwnam_r; _nss_compat_getpwuid_r;
|
|
+ _nss_compat_getspent_r; _nss_compat_getspnam_r;
|
|
+ _nss_compat_setgrent; _nss_compat_setpwent; _nss_compat_setspent;
|
|
+ _nss_compat_initgroups_dyn;
|
|
+ }
|
|
+}
|
|
Index: glibc-2.26/nss/nss_compat/compat-grp.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ glibc-2.26/nss/nss_compat/compat-grp.c
|
|
@@ -0,0 +1,682 @@
|
|
+/* Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+ Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <http://www.gnu.org/licenses/>. */
|
|
+
|
|
+#include <ctype.h>
|
|
+#include <errno.h>
|
|
+#include <fcntl.h>
|
|
+#include <grp.h>
|
|
+#include <nss.h>
|
|
+#include <nsswitch.h>
|
|
+#include <stdio_ext.h>
|
|
+#include <string.h>
|
|
+#include <libc-lock.h>
|
|
+#include <kernel-features.h>
|
|
+
|
|
+static service_user *ni;
|
|
+static enum nss_status (*nss_setgrent) (int stayopen);
|
|
+static enum nss_status (*nss_getgrnam_r) (const char *name,
|
|
+ struct group * grp, char *buffer,
|
|
+ size_t buflen, int *errnop);
|
|
+static enum nss_status (*nss_getgrgid_r) (gid_t gid, struct group * grp,
|
|
+ char *buffer, size_t buflen,
|
|
+ int *errnop);
|
|
+static enum nss_status (*nss_getgrent_r) (struct group * grp, char *buffer,
|
|
+ size_t buflen, int *errnop);
|
|
+static enum nss_status (*nss_endgrent) (void);
|
|
+
|
|
+/* Get the declaration of the parser function. */
|
|
+#define ENTNAME grent
|
|
+#define STRUCTURE group
|
|
+#define EXTERN_PARSER
|
|
+#include <nss/nss_files/files-parse.c>
|
|
+
|
|
+/* Structure for remembering -group members ... */
|
|
+#define BLACKLIST_INITIAL_SIZE 512
|
|
+#define BLACKLIST_INCREMENT 256
|
|
+struct blacklist_t
|
|
+{
|
|
+ char *data;
|
|
+ int current;
|
|
+ int size;
|
|
+};
|
|
+
|
|
+struct ent_t
|
|
+{
|
|
+ bool files;
|
|
+ enum nss_status setent_status;
|
|
+ FILE *stream;
|
|
+ struct blacklist_t blacklist;
|
|
+};
|
|
+typedef struct ent_t ent_t;
|
|
+
|
|
+static ent_t ext_ent = { true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
|
|
+
|
|
+/* Protect global state against multiple changers. */
|
|
+__libc_lock_define_initialized (static, lock)
|
|
+
|
|
+/* Prototypes for local functions. */
|
|
+static void blacklist_store_name (const char *, ent_t *);
|
|
+static bool in_blacklist (const char *, int, ent_t *);
|
|
+
|
|
+/* Initialize the NSS interface/functions. The calling function must
|
|
+ hold the lock. */
|
|
+static void
|
|
+init_nss_interface (void)
|
|
+{
|
|
+ if (__nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0)
|
|
+ {
|
|
+ nss_setgrent = __nss_lookup_function (ni, "setgrent");
|
|
+ nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r");
|
|
+ nss_getgrgid_r = __nss_lookup_function (ni, "getgrgid_r");
|
|
+ nss_getgrent_r = __nss_lookup_function (ni, "getgrent_r");
|
|
+ nss_endgrent = __nss_lookup_function (ni, "endgrent");
|
|
+ }
|
|
+}
|
|
+
|
|
+static enum nss_status
|
|
+internal_setgrent (ent_t *ent, int stayopen, int needent)
|
|
+{
|
|
+ enum nss_status status = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ ent->files = true;
|
|
+
|
|
+ if (ent->blacklist.data != NULL)
|
|
+ {
|
|
+ ent->blacklist.current = 1;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ }
|
|
+ else
|
|
+ ent->blacklist.current = 0;
|
|
+
|
|
+ if (ent->stream == NULL)
|
|
+ {
|
|
+ ent->stream = fopen ("/etc/group", "rme");
|
|
+
|
|
+ if (ent->stream == NULL)
|
|
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
|
|
+ else
|
|
+ /* We take care of locking ourself. */
|
|
+ __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
|
|
+ }
|
|
+ else
|
|
+ rewind (ent->stream);
|
|
+
|
|
+ if (needent && status == NSS_STATUS_SUCCESS && nss_setgrent)
|
|
+ ent->setent_status = nss_setgrent (stayopen);
|
|
+
|
|
+ return status;
|
|
+}
|
|
+
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_setgrent (int stayopen)
|
|
+{
|
|
+ enum nss_status result;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ result = internal_setgrent (&ext_ent, stayopen, 1);
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+internal_endgrent (ent_t *ent)
|
|
+{
|
|
+ if (ent->stream != NULL)
|
|
+ {
|
|
+ fclose (ent->stream);
|
|
+ ent->stream = NULL;
|
|
+ }
|
|
+
|
|
+ if (ent->blacklist.data != NULL)
|
|
+ {
|
|
+ ent->blacklist.current = 1;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ }
|
|
+ else
|
|
+ ent->blacklist.current = 0;
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_endgrent (void)
|
|
+{
|
|
+ enum nss_status result;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (nss_endgrent)
|
|
+ nss_endgrent ();
|
|
+
|
|
+ result = internal_endgrent (&ext_ent);
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+/* get the next group from NSS (+ entry) */
|
|
+static enum nss_status
|
|
+getgrent_next_nss (struct group *result, ent_t *ent, char *buffer,
|
|
+ size_t buflen, int *errnop)
|
|
+{
|
|
+ if (!nss_getgrent_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ /* If the setgrent call failed, say so. */
|
|
+ if (ent->setent_status != NSS_STATUS_SUCCESS)
|
|
+ return ent->setent_status;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ if ((status = nss_getgrent_r (result, buffer, buflen, errnop)) !=
|
|
+ NSS_STATUS_SUCCESS)
|
|
+ return status;
|
|
+ }
|
|
+ while (in_blacklist (result->gr_name, strlen (result->gr_name), ent));
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+/* This function handle the +group entrys in /etc/group */
|
|
+static enum nss_status
|
|
+getgrnam_plusgroup (const char *name, struct group *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ if (!nss_getgrnam_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ enum nss_status status = nss_getgrnam_r (name, result, buffer, buflen,
|
|
+ errnop);
|
|
+ if (status != NSS_STATUS_SUCCESS)
|
|
+ return status;
|
|
+
|
|
+ if (in_blacklist (result->gr_name, strlen (result->gr_name), ent))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ /* We found the entry. */
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+static enum nss_status
|
|
+getgrent_next_file (struct group *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ int parse_res = 0;
|
|
+ char *p;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Terminate the line for any case. */
|
|
+ buffer[buflen - 1] = '\0';
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
|
|
+ errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
|
|
+ /* This is a real entry. */
|
|
+ break;
|
|
+
|
|
+ /* -group */
|
|
+ if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
|
|
+ && result->gr_name[1] != '@')
|
|
+ {
|
|
+ blacklist_store_name (&result->gr_name[1], ent);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +group */
|
|
+ if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
|
|
+ && result->gr_name[1] != '@')
|
|
+ {
|
|
+ size_t len = strlen (result->gr_name);
|
|
+ char buf[len];
|
|
+ enum nss_status status;
|
|
+
|
|
+ /* Store the group in the blacklist for the "+" at the end of
|
|
+ /etc/group */
|
|
+ memcpy (buf, &result->gr_name[1], len);
|
|
+ status = getgrnam_plusgroup (&result->gr_name[1], result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+ blacklist_store_name (buf, ent);
|
|
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
+ break;
|
|
+ else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry*/
|
|
+ || status == NSS_STATUS_NOTFOUND) /* No group in NIS */
|
|
+ continue;
|
|
+ else
|
|
+ {
|
|
+ if (status == NSS_STATUS_TRYAGAIN)
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* +:... */
|
|
+ if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
|
|
+ {
|
|
+ ent->files = false;
|
|
+
|
|
+ return getgrent_next_nss (result, ent, buffer, buflen, errnop);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_getgrent_r (struct group *grp, char *buffer, size_t buflen,
|
|
+ int *errnop)
|
|
+{
|
|
+ enum nss_status result = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ /* Be prepared that the setgrent function was not called before. */
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ if (ext_ent.stream == NULL)
|
|
+ result = internal_setgrent (&ext_ent, 1, 1);
|
|
+
|
|
+ if (result == NSS_STATUS_SUCCESS)
|
|
+ {
|
|
+ if (ext_ent.files)
|
|
+ result = getgrent_next_file (grp, &ext_ent, buffer, buflen, errnop);
|
|
+ else
|
|
+ result = getgrent_next_nss (grp, &ext_ent, buffer, buflen, errnop);
|
|
+ }
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+/* Searches in /etc/group and the NIS/NIS+ map for a special group */
|
|
+static enum nss_status
|
|
+internal_getgrnam_r (const char *name, struct group *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ int parse_res = 0;
|
|
+ char *p;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Terminate the line for any case. */
|
|
+ buffer[buflen - 1] = '\0';
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
|
|
+ errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ /* This is a real entry. */
|
|
+ if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
|
|
+ {
|
|
+ if (strcmp (result->gr_name, name) == 0)
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* -group */
|
|
+ if (result->gr_name[0] == '-' && result->gr_name[1] != '\0')
|
|
+ {
|
|
+ if (strcmp (&result->gr_name[1], name) == 0)
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +group */
|
|
+ if (result->gr_name[0] == '+' && result->gr_name[1] != '\0')
|
|
+ {
|
|
+ if (strcmp (name, &result->gr_name[1]) == 0)
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ status = getgrnam_plusgroup (name, result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ /* We couldn't parse the entry */
|
|
+ continue;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+ /* +:... */
|
|
+ if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ status = getgrnam_plusgroup (name, result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ /* We couldn't parse the entry */
|
|
+ continue;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_getgrnam_r (const char *name, struct group *grp,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ ent_t ent = { true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
|
|
+ enum nss_status result;
|
|
+
|
|
+ if (name[0] == '-' || name[0] == '+')
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ result = internal_setgrent (&ent, 0, 0);
|
|
+
|
|
+ if (result == NSS_STATUS_SUCCESS)
|
|
+ result = internal_getgrnam_r (name, grp, &ent, buffer, buflen, errnop);
|
|
+
|
|
+ internal_endgrent (&ent);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+/* Searches in /etc/group and the NIS/NIS+ map for a special group id */
|
|
+static enum nss_status
|
|
+internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ int parse_res = 0;
|
|
+ char *p;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Terminate the line for any case. */
|
|
+ buffer[buflen - 1] = '\0';
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
|
|
+ errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ /* This is a real entry. */
|
|
+ if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
|
|
+ {
|
|
+ if (result->gr_gid == gid)
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* -group */
|
|
+ if (result->gr_name[0] == '-' && result->gr_name[1] != '\0')
|
|
+ {
|
|
+ blacklist_store_name (&result->gr_name[1], ent);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +group */
|
|
+ if (result->gr_name[0] == '+' && result->gr_name[1] != '\0')
|
|
+ {
|
|
+ /* Yes, no +1, see the memcpy call below. */
|
|
+ size_t len = strlen (result->gr_name);
|
|
+ char buf[len];
|
|
+ enum nss_status status;
|
|
+
|
|
+ /* Store the group in the blacklist for the "+" at the end of
|
|
+ /etc/group */
|
|
+ memcpy (buf, &result->gr_name[1], len);
|
|
+ status = getgrnam_plusgroup (&result->gr_name[1], result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+ blacklist_store_name (buf, ent);
|
|
+ if (status == NSS_STATUS_SUCCESS && result->gr_gid == gid)
|
|
+ break;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+ /* +:... */
|
|
+ if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
|
|
+ {
|
|
+ if (!nss_getgrgid_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ enum nss_status status = nss_getgrgid_r (gid, result, buffer, buflen,
|
|
+ errnop);
|
|
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_getgrgid_r (gid_t gid, struct group *grp,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ ent_t ent = { true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
|
|
+ enum nss_status result;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ result = internal_setgrent (&ent, 0, 0);
|
|
+
|
|
+ if (result == NSS_STATUS_SUCCESS)
|
|
+ result = internal_getgrgid_r (gid, grp, &ent, buffer, buflen, errnop);
|
|
+
|
|
+ internal_endgrent (&ent);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+/* Support routines for remembering -@netgroup and -user entries.
|
|
+ The names are stored in a single string with `|' as separator. */
|
|
+static void
|
|
+blacklist_store_name (const char *name, ent_t *ent)
|
|
+{
|
|
+ int namelen = strlen (name);
|
|
+ char *tmp;
|
|
+
|
|
+ /* first call, setup cache */
|
|
+ if (ent->blacklist.size == 0)
|
|
+ {
|
|
+ ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
|
|
+ ent->blacklist.data = malloc (ent->blacklist.size);
|
|
+ if (ent->blacklist.data == NULL)
|
|
+ return;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ ent->blacklist.current = 1;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (in_blacklist (name, namelen, ent))
|
|
+ return; /* no duplicates */
|
|
+
|
|
+ if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
|
|
+ {
|
|
+ ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
|
|
+ tmp = realloc (ent->blacklist.data, ent->blacklist.size);
|
|
+ if (tmp == NULL)
|
|
+ {
|
|
+ free (ent->blacklist.data);
|
|
+ ent->blacklist.size = 0;
|
|
+ return;
|
|
+ }
|
|
+ ent->blacklist.data = tmp;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
|
|
+ *tmp++ = '|';
|
|
+ *tmp = '\0';
|
|
+ ent->blacklist.current += namelen + 1;
|
|
+
|
|
+ return;
|
|
+}
|
|
+
|
|
+/* Return whether ent->blacklist contains name. */
|
|
+static bool
|
|
+in_blacklist (const char *name, int namelen, ent_t *ent)
|
|
+{
|
|
+ char buf[namelen + 3];
|
|
+ char *cp;
|
|
+
|
|
+ if (ent->blacklist.data == NULL)
|
|
+ return false;
|
|
+
|
|
+ buf[0] = '|';
|
|
+ cp = stpcpy (&buf[1], name);
|
|
+ *cp++ = '|';
|
|
+ *cp = '\0';
|
|
+ return strstr (ent->blacklist.data, buf) != NULL;
|
|
+}
|
|
Index: glibc-2.26/nss/nss_compat/compat-initgroups.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ glibc-2.26/nss/nss_compat/compat-initgroups.c
|
|
@@ -0,0 +1,575 @@
|
|
+/* Copyright (C) 1998-2017 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+ Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <http://www.gnu.org/licenses/>. */
|
|
+
|
|
+#include <ctype.h>
|
|
+#include <errno.h>
|
|
+#include <fcntl.h>
|
|
+#include <grp.h>
|
|
+#include <nss.h>
|
|
+#include <stdio_ext.h>
|
|
+#include <string.h>
|
|
+#include <unistd.h>
|
|
+#include <sys/param.h>
|
|
+#include <nsswitch.h>
|
|
+#include <libc-lock.h>
|
|
+#include <kernel-features.h>
|
|
+#include <scratch_buffer.h>
|
|
+
|
|
+static service_user *ni;
|
|
+/* Type of the lookup function. */
|
|
+static enum nss_status (*nss_initgroups_dyn) (const char *, gid_t,
|
|
+ long int *, long int *,
|
|
+ gid_t **, long int, int *);
|
|
+static enum nss_status (*nss_getgrnam_r) (const char *name,
|
|
+ struct group * grp, char *buffer,
|
|
+ size_t buflen, int *errnop);
|
|
+static enum nss_status (*nss_getgrgid_r) (gid_t gid, struct group * grp,
|
|
+ char *buffer, size_t buflen,
|
|
+ int *errnop);
|
|
+static enum nss_status (*nss_setgrent) (int stayopen);
|
|
+static enum nss_status (*nss_getgrent_r) (struct group * grp, char *buffer,
|
|
+ size_t buflen, int *errnop);
|
|
+static enum nss_status (*nss_endgrent) (void);
|
|
+
|
|
+/* Protect global state against multiple changers. */
|
|
+__libc_lock_define_initialized (static, lock)
|
|
+
|
|
+
|
|
+/* Get the declaration of the parser function. */
|
|
+#define ENTNAME grent
|
|
+#define STRUCTURE group
|
|
+#define EXTERN_PARSER
|
|
+#include <nss/nss_files/files-parse.c>
|
|
+
|
|
+/* Structure for remembering -group members ... */
|
|
+#define BLACKLIST_INITIAL_SIZE 512
|
|
+#define BLACKLIST_INCREMENT 256
|
|
+struct blacklist_t
|
|
+{
|
|
+ char *data;
|
|
+ int current;
|
|
+ int size;
|
|
+};
|
|
+
|
|
+struct ent_t
|
|
+{
|
|
+ bool files;
|
|
+ bool need_endgrent;
|
|
+ bool skip_initgroups_dyn;
|
|
+ FILE *stream;
|
|
+ struct blacklist_t blacklist;
|
|
+};
|
|
+typedef struct ent_t ent_t;
|
|
+
|
|
+/* Prototypes for local functions. */
|
|
+static void blacklist_store_name (const char *, ent_t *);
|
|
+static bool in_blacklist (const char *, int, ent_t *);
|
|
+
|
|
+/* Initialize the NSS interface/functions. The calling function must
|
|
+ hold the lock. */
|
|
+static void
|
|
+init_nss_interface (void)
|
|
+{
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ /* Retest. */
|
|
+ if (ni == NULL
|
|
+ && __nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0)
|
|
+ {
|
|
+ nss_initgroups_dyn = __nss_lookup_function (ni, "initgroups_dyn");
|
|
+ nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r");
|
|
+ nss_getgrgid_r = __nss_lookup_function (ni, "getgrgid_r");
|
|
+ nss_setgrent = __nss_lookup_function (ni, "setgrent");
|
|
+ nss_getgrent_r = __nss_lookup_function (ni, "getgrent_r");
|
|
+ nss_endgrent = __nss_lookup_function (ni, "endgrent");
|
|
+ }
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+}
|
|
+
|
|
+static enum nss_status
|
|
+internal_setgrent (ent_t *ent)
|
|
+{
|
|
+ enum nss_status status = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ ent->files = true;
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ if (ent->blacklist.data != NULL)
|
|
+ {
|
|
+ ent->blacklist.current = 1;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ }
|
|
+ else
|
|
+ ent->blacklist.current = 0;
|
|
+
|
|
+ ent->stream = fopen ("/etc/group", "rme");
|
|
+
|
|
+ if (ent->stream == NULL)
|
|
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
|
|
+ else
|
|
+ /* We take care of locking ourself. */
|
|
+ __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
|
|
+
|
|
+ return status;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+internal_endgrent (ent_t *ent)
|
|
+{
|
|
+ if (ent->stream != NULL)
|
|
+ {
|
|
+ fclose (ent->stream);
|
|
+ ent->stream = NULL;
|
|
+ }
|
|
+
|
|
+ if (ent->blacklist.data != NULL)
|
|
+ {
|
|
+ ent->blacklist.current = 1;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ }
|
|
+ else
|
|
+ ent->blacklist.current = 0;
|
|
+
|
|
+ if (ent->need_endgrent && nss_endgrent != NULL)
|
|
+ nss_endgrent ();
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+/* Add new group record. */
|
|
+static void
|
|
+add_group (long int *start, long int *size, gid_t **groupsp, long int limit,
|
|
+ gid_t gid)
|
|
+{
|
|
+ gid_t *groups = *groupsp;
|
|
+
|
|
+ /* Matches user. Insert this group. */
|
|
+ if (__glibc_unlikely (*start == *size))
|
|
+ {
|
|
+ /* Need a bigger buffer. */
|
|
+ gid_t *newgroups;
|
|
+ long int newsize;
|
|
+
|
|
+ if (limit > 0 && *size == limit)
|
|
+ /* We reached the maximum. */
|
|
+ return;
|
|
+
|
|
+ if (limit <= 0)
|
|
+ newsize = 2 * *size;
|
|
+ else
|
|
+ newsize = MIN (limit, 2 * *size);
|
|
+
|
|
+ newgroups = realloc (groups, newsize * sizeof (*groups));
|
|
+ if (newgroups == NULL)
|
|
+ return;
|
|
+ *groupsp = groups = newgroups;
|
|
+ *size = newsize;
|
|
+ }
|
|
+
|
|
+ groups[*start] = gid;
|
|
+ *start += 1;
|
|
+}
|
|
+
|
|
+/* This function checks, if the user is a member of this group and if
|
|
+ yes, add the group id to the list. Return nonzero is we couldn't
|
|
+ handle the group because the user is not in the member list. */
|
|
+static int
|
|
+check_and_add_group (const char *user, gid_t group, long int *start,
|
|
+ long int *size, gid_t **groupsp, long int limit,
|
|
+ struct group *grp)
|
|
+{
|
|
+ char **member;
|
|
+
|
|
+ /* Don't add main group to list of groups. */
|
|
+ if (grp->gr_gid == group)
|
|
+ return 0;
|
|
+
|
|
+ for (member = grp->gr_mem; *member != NULL; ++member)
|
|
+ if (strcmp (*member, user) == 0)
|
|
+ {
|
|
+ add_group (start, size, groupsp, limit, grp->gr_gid);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ return 1;
|
|
+}
|
|
+
|
|
+/* Get the next group from NSS (+ entry). If the NSS module supports
|
|
+ initgroups_dyn, get all entries at once. */
|
|
+static enum nss_status
|
|
+getgrent_next_nss (ent_t *ent, char *buffer, size_t buflen, const char *user,
|
|
+ gid_t group, long int *start, long int *size,
|
|
+ gid_t **groupsp, long int limit, int *errnop)
|
|
+{
|
|
+ enum nss_status status;
|
|
+ struct group grpbuf;
|
|
+
|
|
+ /* Try nss_initgroups_dyn if supported. We also need getgrgid_r.
|
|
+ If this function is not supported, step through the whole group
|
|
+ database with getgrent_r. */
|
|
+ if (! ent->skip_initgroups_dyn)
|
|
+ {
|
|
+ long int mystart = 0;
|
|
+ long int mysize = limit <= 0 ? *size : limit;
|
|
+ gid_t *mygroups = malloc (mysize * sizeof (gid_t));
|
|
+
|
|
+ if (mygroups == NULL)
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+
|
|
+ /* For every gid in the list we get from the NSS module,
|
|
+ get the whole group entry. We need to do this, since we
|
|
+ need the group name to check if it is in the blacklist.
|
|
+ In worst case, this is as twice as slow as stepping with
|
|
+ getgrent_r through the whole group database. But for large
|
|
+ group databases this is faster, since the user can only be
|
|
+ in a limited number of groups. */
|
|
+ if (nss_initgroups_dyn (user, group, &mystart, &mysize, &mygroups,
|
|
+ limit, errnop) == NSS_STATUS_SUCCESS)
|
|
+ {
|
|
+ status = NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ /* If there is no blacklist we can trust the underlying
|
|
+ initgroups implementation. */
|
|
+ if (ent->blacklist.current <= 1)
|
|
+ for (int i = 0; i < mystart; i++)
|
|
+ add_group (start, size, groupsp, limit, mygroups[i]);
|
|
+ else
|
|
+ {
|
|
+ /* A temporary buffer. We use the normal buffer, until we find
|
|
+ an entry, for which this buffer is to small. In this case, we
|
|
+ overwrite the pointer with one to a bigger buffer. */
|
|
+ char *tmpbuf = buffer;
|
|
+ size_t tmplen = buflen;
|
|
+ bool use_malloc = false;
|
|
+
|
|
+ for (int i = 0; i < mystart; i++)
|
|
+ {
|
|
+ while ((status = nss_getgrgid_r (mygroups[i], &grpbuf,
|
|
+ tmpbuf, tmplen, errnop))
|
|
+ == NSS_STATUS_TRYAGAIN
|
|
+ && *errnop == ERANGE)
|
|
+ {
|
|
+ if (__libc_use_alloca (tmplen * 2))
|
|
+ {
|
|
+ if (tmpbuf == buffer)
|
|
+ {
|
|
+ tmplen *= 2;
|
|
+ tmpbuf = __alloca (tmplen);
|
|
+ }
|
|
+ else
|
|
+ tmpbuf = extend_alloca (tmpbuf, tmplen, tmplen * 2);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ tmplen *= 2;
|
|
+ char *newbuf = realloc (use_malloc ? tmpbuf : NULL, tmplen);
|
|
+
|
|
+ if (newbuf == NULL)
|
|
+ {
|
|
+ status = NSS_STATUS_TRYAGAIN;
|
|
+ goto done;
|
|
+ }
|
|
+ use_malloc = true;
|
|
+ tmpbuf = newbuf;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (__builtin_expect (status != NSS_STATUS_NOTFOUND, 1))
|
|
+ {
|
|
+ if (__builtin_expect (status != NSS_STATUS_SUCCESS, 0))
|
|
+ goto done;
|
|
+
|
|
+ if (!in_blacklist (grpbuf.gr_name,
|
|
+ strlen (grpbuf.gr_name), ent)
|
|
+ && check_and_add_group (user, group, start, size,
|
|
+ groupsp, limit, &grpbuf))
|
|
+ {
|
|
+ if (nss_setgrent != NULL)
|
|
+ {
|
|
+ nss_setgrent (1);
|
|
+ ent->need_endgrent = true;
|
|
+ }
|
|
+ ent->skip_initgroups_dyn = true;
|
|
+
|
|
+ goto iter;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ status = NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ done:
|
|
+ if (use_malloc)
|
|
+ free (tmpbuf);
|
|
+ }
|
|
+
|
|
+ free (mygroups);
|
|
+
|
|
+ return status;
|
|
+ }
|
|
+
|
|
+ free (mygroups);
|
|
+ }
|
|
+
|
|
+ /* If we come here, the NSS module does not support initgroups_dyn
|
|
+ or we were confronted with a split group. In these cases we have
|
|
+ to step through the whole list ourself. */
|
|
+ iter:
|
|
+ do
|
|
+ {
|
|
+ if ((status = nss_getgrent_r (&grpbuf, buffer, buflen, errnop)) !=
|
|
+ NSS_STATUS_SUCCESS)
|
|
+ break;
|
|
+ }
|
|
+ while (in_blacklist (grpbuf.gr_name, strlen (grpbuf.gr_name), ent));
|
|
+
|
|
+ if (status == NSS_STATUS_SUCCESS)
|
|
+ check_and_add_group (user, group, start, size, groupsp, limit, &grpbuf);
|
|
+
|
|
+ return status;
|
|
+}
|
|
+
|
|
+static enum nss_status
|
|
+internal_getgrent_r (ent_t *ent, char *buffer, size_t buflen, const char *user,
|
|
+ gid_t group, long int *start, long int *size,
|
|
+ gid_t **groupsp, long int limit, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+ struct group grpbuf;
|
|
+
|
|
+ if (!ent->files)
|
|
+ return getgrent_next_nss (ent, buffer, buflen, user, group,
|
|
+ start, size, groupsp, limit, errnop);
|
|
+
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ int parse_res = 0;
|
|
+ char *p;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Terminate the line for any case. */
|
|
+ buffer[buflen - 1] = '\0';
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ !(parse_res = _nss_files_parse_grent (p, &grpbuf, data, buflen,
|
|
+ errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ if (grpbuf.gr_name[0] != '+' && grpbuf.gr_name[0] != '-')
|
|
+ /* This is a real entry. */
|
|
+ break;
|
|
+
|
|
+ /* -group */
|
|
+ if (grpbuf.gr_name[0] == '-' && grpbuf.gr_name[1] != '\0'
|
|
+ && grpbuf.gr_name[1] != '@')
|
|
+ {
|
|
+ blacklist_store_name (&grpbuf.gr_name[1], ent);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +group */
|
|
+ if (grpbuf.gr_name[0] == '+' && grpbuf.gr_name[1] != '\0'
|
|
+ && grpbuf.gr_name[1] != '@')
|
|
+ {
|
|
+ if (in_blacklist (&grpbuf.gr_name[1],
|
|
+ strlen (&grpbuf.gr_name[1]), ent))
|
|
+ continue;
|
|
+ /* Store the group in the blacklist for the "+" at the end of
|
|
+ /etc/group */
|
|
+ blacklist_store_name (&grpbuf.gr_name[1], ent);
|
|
+ if (nss_getgrnam_r == NULL)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+ else if (nss_getgrnam_r (&grpbuf.gr_name[1], &grpbuf, buffer,
|
|
+ buflen, errnop) != NSS_STATUS_SUCCESS)
|
|
+ continue;
|
|
+
|
|
+ check_and_add_group (user, group, start, size, groupsp,
|
|
+ limit, &grpbuf);
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ }
|
|
+
|
|
+ /* +:... */
|
|
+ if (grpbuf.gr_name[0] == '+' && grpbuf.gr_name[1] == '\0')
|
|
+ {
|
|
+ /* If the selected module does not support getgrent_r or
|
|
+ initgroups_dyn, abort. We cannot find the needed group
|
|
+ entries. */
|
|
+ if (nss_initgroups_dyn == NULL || nss_getgrgid_r == NULL)
|
|
+ {
|
|
+ if (nss_setgrent != NULL)
|
|
+ {
|
|
+ nss_setgrent (1);
|
|
+ ent->need_endgrent = true;
|
|
+ }
|
|
+ ent->skip_initgroups_dyn = true;
|
|
+
|
|
+ if (nss_getgrent_r == NULL)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+ }
|
|
+
|
|
+ ent->files = false;
|
|
+
|
|
+ return getgrent_next_nss (ent, buffer, buflen, user, group,
|
|
+ start, size, groupsp, limit, errnop);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ check_and_add_group (user, group, start, size, groupsp, limit, &grpbuf);
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_initgroups_dyn (const char *user, gid_t group, long int *start,
|
|
+ long int *size, gid_t **groupsp, long int limit,
|
|
+ int *errnop)
|
|
+{
|
|
+ enum nss_status status;
|
|
+ ent_t intern = { true, false, false, NULL, {NULL, 0, 0} };
|
|
+
|
|
+ status = internal_setgrent (&intern);
|
|
+ if (status != NSS_STATUS_SUCCESS)
|
|
+ return status;
|
|
+
|
|
+ struct scratch_buffer tmpbuf;
|
|
+ scratch_buffer_init (&tmpbuf);
|
|
+
|
|
+ do
|
|
+ {
|
|
+ while ((status = internal_getgrent_r (&intern, tmpbuf.data, tmpbuf.length,
|
|
+ user, group, start, size,
|
|
+ groupsp, limit, errnop))
|
|
+ == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
|
|
+ if (!scratch_buffer_grow (&tmpbuf))
|
|
+ goto done;
|
|
+ }
|
|
+ while (status == NSS_STATUS_SUCCESS);
|
|
+
|
|
+ status = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ done:
|
|
+ scratch_buffer_free (&tmpbuf);
|
|
+
|
|
+ internal_endgrent (&intern);
|
|
+
|
|
+ return status;
|
|
+}
|
|
+
|
|
+
|
|
+/* Support routines for remembering -@netgroup and -user entries.
|
|
+ The names are stored in a single string with `|' as separator. */
|
|
+static void
|
|
+blacklist_store_name (const char *name, ent_t *ent)
|
|
+{
|
|
+ int namelen = strlen (name);
|
|
+ char *tmp;
|
|
+
|
|
+ /* First call, setup cache. */
|
|
+ if (ent->blacklist.size == 0)
|
|
+ {
|
|
+ ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
|
|
+ ent->blacklist.data = malloc (ent->blacklist.size);
|
|
+ if (ent->blacklist.data == NULL)
|
|
+ return;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ ent->blacklist.current = 1;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (in_blacklist (name, namelen, ent))
|
|
+ return; /* no duplicates */
|
|
+
|
|
+ if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
|
|
+ {
|
|
+ ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
|
|
+ tmp = realloc (ent->blacklist.data, ent->blacklist.size);
|
|
+ if (tmp == NULL)
|
|
+ {
|
|
+ free (ent->blacklist.data);
|
|
+ ent->blacklist.size = 0;
|
|
+ return;
|
|
+ }
|
|
+ ent->blacklist.data = tmp;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
|
|
+ *tmp++ = '|';
|
|
+ *tmp = '\0';
|
|
+ ent->blacklist.current += namelen + 1;
|
|
+
|
|
+ return;
|
|
+}
|
|
+
|
|
+/* Return whether ent->blacklist contains name. */
|
|
+static bool
|
|
+in_blacklist (const char *name, int namelen, ent_t *ent)
|
|
+{
|
|
+ char buf[namelen + 3];
|
|
+ char *cp;
|
|
+
|
|
+ if (ent->blacklist.data == NULL)
|
|
+ return false;
|
|
+
|
|
+ buf[0] = '|';
|
|
+ cp = stpcpy (&buf[1], name);
|
|
+ *cp++ = '|';
|
|
+ *cp = '\0';
|
|
+ return strstr (ent->blacklist.data, buf) != NULL;
|
|
+}
|
|
Index: glibc-2.26/nss/nss_compat/compat-pwd.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ glibc-2.26/nss/nss_compat/compat-pwd.c
|
|
@@ -0,0 +1,1131 @@
|
|
+/* Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+ Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <http://www.gnu.org/licenses/>. */
|
|
+
|
|
+#include <ctype.h>
|
|
+#include <errno.h>
|
|
+#include <fcntl.h>
|
|
+#include <netdb.h>
|
|
+#include <nss.h>
|
|
+#include <nsswitch.h>
|
|
+#include <pwd.h>
|
|
+#include <stdio_ext.h>
|
|
+#include <string.h>
|
|
+#include <libc-lock.h>
|
|
+#include <kernel-features.h>
|
|
+
|
|
+#include "netgroup.h"
|
|
+#include "nisdomain.h"
|
|
+
|
|
+static service_user *ni;
|
|
+static enum nss_status (*nss_setpwent) (int stayopen);
|
|
+static enum nss_status (*nss_getpwnam_r) (const char *name,
|
|
+ struct passwd * pwd, char *buffer,
|
|
+ size_t buflen, int *errnop);
|
|
+static enum nss_status (*nss_getpwuid_r) (uid_t uid, struct passwd * pwd,
|
|
+ char *buffer, size_t buflen,
|
|
+ int *errnop);
|
|
+static enum nss_status (*nss_getpwent_r) (struct passwd * pwd, char *buffer,
|
|
+ size_t buflen, int *errnop);
|
|
+static enum nss_status (*nss_endpwent) (void);
|
|
+
|
|
+/* Get the declaration of the parser function. */
|
|
+#define ENTNAME pwent
|
|
+#define STRUCTURE passwd
|
|
+#define EXTERN_PARSER
|
|
+#include <nss/nss_files/files-parse.c>
|
|
+
|
|
+/* Structure for remembering -@netgroup and -user members ... */
|
|
+#define BLACKLIST_INITIAL_SIZE 512
|
|
+#define BLACKLIST_INCREMENT 256
|
|
+struct blacklist_t
|
|
+{
|
|
+ char *data;
|
|
+ int current;
|
|
+ int size;
|
|
+};
|
|
+
|
|
+struct ent_t
|
|
+{
|
|
+ bool netgroup;
|
|
+ bool first;
|
|
+ bool files;
|
|
+ enum nss_status setent_status;
|
|
+ FILE *stream;
|
|
+ struct blacklist_t blacklist;
|
|
+ struct passwd pwd;
|
|
+ struct __netgrent netgrdata;
|
|
+};
|
|
+typedef struct ent_t ent_t;
|
|
+
|
|
+static ent_t ext_ent = { false, false, true, NSS_STATUS_SUCCESS, NULL,
|
|
+ { NULL, 0, 0 },
|
|
+ { NULL, NULL, 0, 0, NULL, NULL, NULL }};
|
|
+
|
|
+/* Protect global state against multiple changers. */
|
|
+__libc_lock_define_initialized (static, lock)
|
|
+
|
|
+/* Prototypes for local functions. */
|
|
+static void blacklist_store_name (const char *, ent_t *);
|
|
+static bool in_blacklist (const char *, int, ent_t *);
|
|
+
|
|
+/* Initialize the NSS interface/functions. The calling function must
|
|
+ hold the lock. */
|
|
+static void
|
|
+init_nss_interface (void)
|
|
+{
|
|
+ if (__nss_database_lookup ("passwd_compat", NULL, "nis", &ni) >= 0)
|
|
+ {
|
|
+ nss_setpwent = __nss_lookup_function (ni, "setpwent");
|
|
+ nss_getpwnam_r = __nss_lookup_function (ni, "getpwnam_r");
|
|
+ nss_getpwuid_r = __nss_lookup_function (ni, "getpwuid_r");
|
|
+ nss_getpwent_r = __nss_lookup_function (ni, "getpwent_r");
|
|
+ nss_endpwent = __nss_lookup_function (ni, "endpwent");
|
|
+ }
|
|
+}
|
|
+
|
|
+static void
|
|
+give_pwd_free (struct passwd *pwd)
|
|
+{
|
|
+ free (pwd->pw_name);
|
|
+ free (pwd->pw_passwd);
|
|
+ free (pwd->pw_gecos);
|
|
+ free (pwd->pw_dir);
|
|
+ free (pwd->pw_shell);
|
|
+
|
|
+ memset (pwd, '\0', sizeof (struct passwd));
|
|
+}
|
|
+
|
|
+static size_t
|
|
+pwd_need_buflen (struct passwd *pwd)
|
|
+{
|
|
+ size_t len = 0;
|
|
+
|
|
+ if (pwd->pw_passwd != NULL)
|
|
+ len += strlen (pwd->pw_passwd) + 1;
|
|
+
|
|
+ if (pwd->pw_gecos != NULL)
|
|
+ len += strlen (pwd->pw_gecos) + 1;
|
|
+
|
|
+ if (pwd->pw_dir != NULL)
|
|
+ len += strlen (pwd->pw_dir) + 1;
|
|
+
|
|
+ if (pwd->pw_shell != NULL)
|
|
+ len += strlen (pwd->pw_shell) + 1;
|
|
+
|
|
+ return len;
|
|
+}
|
|
+
|
|
+static void
|
|
+copy_pwd_changes (struct passwd *dest, struct passwd *src,
|
|
+ char *buffer, size_t buflen)
|
|
+{
|
|
+ if (src->pw_passwd != NULL && strlen (src->pw_passwd))
|
|
+ {
|
|
+ if (buffer == NULL)
|
|
+ dest->pw_passwd = strdup (src->pw_passwd);
|
|
+ else if (dest->pw_passwd &&
|
|
+ strlen (dest->pw_passwd) >= strlen (src->pw_passwd))
|
|
+ strcpy (dest->pw_passwd, src->pw_passwd);
|
|
+ else
|
|
+ {
|
|
+ dest->pw_passwd = buffer;
|
|
+ strcpy (dest->pw_passwd, src->pw_passwd);
|
|
+ buffer += strlen (dest->pw_passwd) + 1;
|
|
+ buflen = buflen - (strlen (dest->pw_passwd) + 1);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (src->pw_gecos != NULL && strlen (src->pw_gecos))
|
|
+ {
|
|
+ if (buffer == NULL)
|
|
+ dest->pw_gecos = strdup (src->pw_gecos);
|
|
+ else if (dest->pw_gecos &&
|
|
+ strlen (dest->pw_gecos) >= strlen (src->pw_gecos))
|
|
+ strcpy (dest->pw_gecos, src->pw_gecos);
|
|
+ else
|
|
+ {
|
|
+ dest->pw_gecos = buffer;
|
|
+ strcpy (dest->pw_gecos, src->pw_gecos);
|
|
+ buffer += strlen (dest->pw_gecos) + 1;
|
|
+ buflen = buflen - (strlen (dest->pw_gecos) + 1);
|
|
+ }
|
|
+ }
|
|
+ if (src->pw_dir != NULL && strlen (src->pw_dir))
|
|
+ {
|
|
+ if (buffer == NULL)
|
|
+ dest->pw_dir = strdup (src->pw_dir);
|
|
+ else if (dest->pw_dir && strlen (dest->pw_dir) >= strlen (src->pw_dir))
|
|
+ strcpy (dest->pw_dir, src->pw_dir);
|
|
+ else
|
|
+ {
|
|
+ dest->pw_dir = buffer;
|
|
+ strcpy (dest->pw_dir, src->pw_dir);
|
|
+ buffer += strlen (dest->pw_dir) + 1;
|
|
+ buflen = buflen - (strlen (dest->pw_dir) + 1);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (src->pw_shell != NULL && strlen (src->pw_shell))
|
|
+ {
|
|
+ if (buffer == NULL)
|
|
+ dest->pw_shell = strdup (src->pw_shell);
|
|
+ else if (dest->pw_shell &&
|
|
+ strlen (dest->pw_shell) >= strlen (src->pw_shell))
|
|
+ strcpy (dest->pw_shell, src->pw_shell);
|
|
+ else
|
|
+ {
|
|
+ dest->pw_shell = buffer;
|
|
+ strcpy (dest->pw_shell, src->pw_shell);
|
|
+ buffer += strlen (dest->pw_shell) + 1;
|
|
+ buflen = buflen - (strlen (dest->pw_shell) + 1);
|
|
+ }
|
|
+ }
|
|
+}
|
|
+
|
|
+static enum nss_status
|
|
+internal_setpwent (ent_t *ent, int stayopen, int needent)
|
|
+{
|
|
+ enum nss_status status = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ ent->first = ent->netgroup = false;
|
|
+ ent->files = true;
|
|
+ ent->setent_status = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ /* If something was left over free it. */
|
|
+ if (ent->netgroup)
|
|
+ __internal_endnetgrent (&ent->netgrdata);
|
|
+
|
|
+ if (ent->blacklist.data != NULL)
|
|
+ {
|
|
+ ent->blacklist.current = 1;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ }
|
|
+ else
|
|
+ ent->blacklist.current = 0;
|
|
+
|
|
+ if (ent->stream == NULL)
|
|
+ {
|
|
+ ent->stream = fopen ("/etc/passwd", "rme");
|
|
+
|
|
+ if (ent->stream == NULL)
|
|
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
|
|
+ else
|
|
+ /* We take care of locking ourself. */
|
|
+ __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
|
|
+ }
|
|
+ else
|
|
+ rewind (ent->stream);
|
|
+
|
|
+ give_pwd_free (&ent->pwd);
|
|
+
|
|
+ if (needent && status == NSS_STATUS_SUCCESS && nss_setpwent)
|
|
+ ent->setent_status = nss_setpwent (stayopen);
|
|
+
|
|
+ return status;
|
|
+}
|
|
+
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_setpwent (int stayopen)
|
|
+{
|
|
+ enum nss_status result;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ result = internal_setpwent (&ext_ent, stayopen, 1);
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+internal_endpwent (ent_t *ent)
|
|
+{
|
|
+ if (ent->stream != NULL)
|
|
+ {
|
|
+ fclose (ent->stream);
|
|
+ ent->stream = NULL;
|
|
+ }
|
|
+
|
|
+ if (ent->netgroup)
|
|
+ __internal_endnetgrent (&ent->netgrdata);
|
|
+
|
|
+ ent->first = ent->netgroup = false;
|
|
+
|
|
+ if (ent->blacklist.data != NULL)
|
|
+ {
|
|
+ ent->blacklist.current = 1;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ }
|
|
+ else
|
|
+ ent->blacklist.current = 0;
|
|
+
|
|
+ give_pwd_free (&ent->pwd);
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_endpwent (void)
|
|
+{
|
|
+ enum nss_status result;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (nss_endpwent)
|
|
+ nss_endpwent ();
|
|
+
|
|
+ result = internal_endpwent (&ext_ent);
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+getpwent_next_nss_netgr (const char *name, struct passwd *result, ent_t *ent,
|
|
+ char *group, char *buffer, size_t buflen,
|
|
+ int *errnop)
|
|
+{
|
|
+ char *curdomain = NULL, *host, *user, *domain, *p2;
|
|
+ int status;
|
|
+ size_t p2len;
|
|
+
|
|
+ /* Leave function if NSS module does not support getpwnam_r,
|
|
+ we need this function here. */
|
|
+ if (!nss_getpwnam_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ if (ent->first)
|
|
+ {
|
|
+ memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
|
|
+ __internal_setnetgrent (group, &ent->netgrdata);
|
|
+ ent->first = false;
|
|
+ }
|
|
+
|
|
+ while (1)
|
|
+ {
|
|
+ status = __internal_getnetgrent_r (&host, &user, &domain,
|
|
+ &ent->netgrdata, buffer, buflen,
|
|
+ errnop);
|
|
+ if (status != 1)
|
|
+ {
|
|
+ __internal_endnetgrent (&ent->netgrdata);
|
|
+ ent->netgroup = 0;
|
|
+ give_pwd_free (&ent->pwd);
|
|
+ return NSS_STATUS_RETURN;
|
|
+ }
|
|
+
|
|
+ if (user == NULL || user[0] == '-')
|
|
+ continue;
|
|
+
|
|
+ if (domain != NULL)
|
|
+ {
|
|
+ if (curdomain == NULL
|
|
+ && __nss_get_default_domain (&curdomain) != 0)
|
|
+ {
|
|
+ __internal_endnetgrent (&ent->netgrdata);
|
|
+ ent->netgroup = false;
|
|
+ give_pwd_free (&ent->pwd);
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+ }
|
|
+ if (strcmp (curdomain, domain) != 0)
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* If name != NULL, we are called from getpwnam. */
|
|
+ if (name != NULL)
|
|
+ if (strcmp (user, name) != 0)
|
|
+ continue;
|
|
+
|
|
+ p2len = pwd_need_buflen (&ent->pwd);
|
|
+ if (p2len > buflen)
|
|
+ {
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+ p2 = buffer + (buflen - p2len);
|
|
+ buflen -= p2len;
|
|
+
|
|
+ if (nss_getpwnam_r (user, result, buffer, buflen, errnop) !=
|
|
+ NSS_STATUS_SUCCESS)
|
|
+ continue;
|
|
+
|
|
+ if (!in_blacklist (result->pw_name, strlen (result->pw_name), ent))
|
|
+ {
|
|
+ /* Store the User in the blacklist for possible the "+" at the
|
|
+ end of /etc/passwd */
|
|
+ blacklist_store_name (result->pw_name, ent);
|
|
+ copy_pwd_changes (result, &ent->pwd, p2, p2len);
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+/* get the next user from NSS (+ entry) */
|
|
+static enum nss_status
|
|
+getpwent_next_nss (struct passwd *result, ent_t *ent, char *buffer,
|
|
+ size_t buflen, int *errnop)
|
|
+{
|
|
+ enum nss_status status;
|
|
+ char *p2;
|
|
+ size_t p2len;
|
|
+
|
|
+ /* Return if NSS module does not support getpwent_r. */
|
|
+ if (!nss_getpwent_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ /* If the setpwent call failed, say so. */
|
|
+ if (ent->setent_status != NSS_STATUS_SUCCESS)
|
|
+ return ent->setent_status;
|
|
+
|
|
+ p2len = pwd_need_buflen (&ent->pwd);
|
|
+ if (p2len > buflen)
|
|
+ {
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+ p2 = buffer + (buflen - p2len);
|
|
+ buflen -= p2len;
|
|
+
|
|
+ if (ent->first)
|
|
+ ent->first = false;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ if ((status = nss_getpwent_r (result, buffer, buflen, errnop)) !=
|
|
+ NSS_STATUS_SUCCESS)
|
|
+ return status;
|
|
+ }
|
|
+ while (in_blacklist (result->pw_name, strlen (result->pw_name), ent));
|
|
+
|
|
+ copy_pwd_changes (result, &ent->pwd, p2, p2len);
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+/* This function handle the +user entrys in /etc/passwd */
|
|
+static enum nss_status
|
|
+getpwnam_plususer (const char *name, struct passwd *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ if (!nss_getpwnam_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ struct passwd pwd;
|
|
+ memset (&pwd, '\0', sizeof (struct passwd));
|
|
+
|
|
+ copy_pwd_changes (&pwd, result, NULL, 0);
|
|
+
|
|
+ size_t plen = pwd_need_buflen (&pwd);
|
|
+ if (plen > buflen)
|
|
+ {
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+ char *p = buffer + (buflen - plen);
|
|
+ buflen -= plen;
|
|
+
|
|
+ enum nss_status status = nss_getpwnam_r (name, result, buffer, buflen,
|
|
+ errnop);
|
|
+ if (status != NSS_STATUS_SUCCESS)
|
|
+ return status;
|
|
+
|
|
+ if (in_blacklist (result->pw_name, strlen (result->pw_name), ent))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ copy_pwd_changes (result, &pwd, p, plen);
|
|
+ give_pwd_free (&pwd);
|
|
+ /* We found the entry. */
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+static enum nss_status
|
|
+getpwent_next_file (struct passwd *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ char *p;
|
|
+ int parse_res;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Terminate the line for any case. */
|
|
+ buffer[buflen - 1] = '\0';
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
|
|
+ errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
|
|
+ /* This is a real entry. */
|
|
+ break;
|
|
+
|
|
+ /* -@netgroup */
|
|
+ if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
|
|
+ && result->pw_name[2] != '\0')
|
|
+ {
|
|
+ /* XXX Do not use fixed length buffer. */
|
|
+ char buf2[1024];
|
|
+ char *user, *host, *domain;
|
|
+ struct __netgrent netgrdata;
|
|
+
|
|
+ memset (&netgrdata, 0, sizeof (struct __netgrent));
|
|
+ __internal_setnetgrent (&result->pw_name[2], &netgrdata);
|
|
+ while (__internal_getnetgrent_r (&host, &user, &domain, &netgrdata,
|
|
+ buf2, sizeof (buf2), errnop))
|
|
+ {
|
|
+ if (user != NULL && user[0] != '-')
|
|
+ blacklist_store_name (user, ent);
|
|
+ }
|
|
+ __internal_endnetgrent (&netgrdata);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +@netgroup */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
|
|
+ && result->pw_name[2] != '\0')
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ ent->netgroup = true;
|
|
+ ent->first = true;
|
|
+ copy_pwd_changes (&ent->pwd, result, NULL, 0);
|
|
+
|
|
+ status = getpwent_next_nss_netgr (NULL, result, ent,
|
|
+ &result->pw_name[2],
|
|
+ buffer, buflen, errnop);
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ continue;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+
|
|
+ /* -user */
|
|
+ if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
|
|
+ && result->pw_name[1] != '@')
|
|
+ {
|
|
+ blacklist_store_name (&result->pw_name[1], ent);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +user */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
|
|
+ && result->pw_name[1] != '@')
|
|
+ {
|
|
+ size_t len = strlen (result->pw_name);
|
|
+ char buf[len];
|
|
+ enum nss_status status;
|
|
+
|
|
+ /* Store the User in the blacklist for the "+" at the end of
|
|
+ /etc/passwd */
|
|
+ memcpy (buf, &result->pw_name[1], len);
|
|
+ status = getpwnam_plususer (&result->pw_name[1], result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+ blacklist_store_name (buf, ent);
|
|
+
|
|
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
+ break;
|
|
+ else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry */
|
|
+ || status == NSS_STATUS_NOTFOUND) /* entry doesn't exist */
|
|
+ continue;
|
|
+ else
|
|
+ {
|
|
+ if (status == NSS_STATUS_TRYAGAIN)
|
|
+ {
|
|
+ /* The parser ran out of space */
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ *errnop = ERANGE;
|
|
+ }
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* +:... */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
|
|
+ {
|
|
+ ent->files = false;
|
|
+ ent->first = true;
|
|
+ copy_pwd_changes (&ent->pwd, result, NULL, 0);
|
|
+
|
|
+ return getpwent_next_nss (result, ent, buffer, buflen, errnop);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+internal_getpwent_r (struct passwd *pw, ent_t *ent, char *buffer,
|
|
+ size_t buflen, int *errnop)
|
|
+{
|
|
+ if (ent->netgroup)
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ /* We are searching members in a netgroup */
|
|
+ /* Since this is not the first call, we don't need the group name */
|
|
+ status = getpwent_next_nss_netgr (NULL, pw, ent, NULL, buffer, buflen,
|
|
+ errnop);
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ return getpwent_next_file (pw, ent, buffer, buflen, errnop);
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ else if (ent->files)
|
|
+ return getpwent_next_file (pw, ent, buffer, buflen, errnop);
|
|
+ else
|
|
+ return getpwent_next_nss (pw, ent, buffer, buflen, errnop);
|
|
+
|
|
+}
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
|
|
+ int *errnop)
|
|
+{
|
|
+ enum nss_status result = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ /* Be prepared that the setpwent function was not called before. */
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ if (ext_ent.stream == NULL)
|
|
+ result = internal_setpwent (&ext_ent, 1, 1);
|
|
+
|
|
+ if (result == NSS_STATUS_SUCCESS)
|
|
+ result = internal_getpwent_r (pwd, &ext_ent, buffer, buflen, errnop);
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
|
|
+static enum nss_status
|
|
+internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ char *p;
|
|
+ int parse_res;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ {
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ }
|
|
+ if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Terminate the line for any case. */
|
|
+ buffer[buflen - 1] = '\0';
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
|
|
+ errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ /* This is a real entry. */
|
|
+ if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
|
|
+ {
|
|
+ if (strcmp (result->pw_name, name) == 0)
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* -@netgroup */
|
|
+ if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
|
|
+ && result->pw_name[2] != '\0')
|
|
+ {
|
|
+ if (innetgr (&result->pw_name[2], NULL, name, NULL))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +@netgroup */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
|
|
+ && result->pw_name[2] != '\0')
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ if (innetgr (&result->pw_name[2], NULL, name, NULL))
|
|
+ {
|
|
+ status = getpwnam_plususer (name, result, ent, buffer,
|
|
+ buflen, errnop);
|
|
+
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ continue;
|
|
+
|
|
+ return status;
|
|
+ }
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* -user */
|
|
+ if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
|
|
+ && result->pw_name[1] != '@')
|
|
+ {
|
|
+ if (strcmp (&result->pw_name[1], name) == 0)
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +user */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
|
|
+ && result->pw_name[1] != '@')
|
|
+ {
|
|
+ if (strcmp (name, &result->pw_name[1]) == 0)
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ status = getpwnam_plususer (name, result, ent, buffer, buflen,
|
|
+ errnop);
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ /* We couldn't parse the entry */
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* +:... */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ status = getpwnam_plususer (name, result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
+ break;
|
|
+ else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ enum nss_status result;
|
|
+ ent_t ent = { false, false, true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 },
|
|
+ { NULL, NULL, 0, 0, NULL, NULL, NULL }};
|
|
+
|
|
+ if (name[0] == '-' || name[0] == '+')
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ result = internal_setpwent (&ent, 0, 0);
|
|
+
|
|
+ if (result == NSS_STATUS_SUCCESS)
|
|
+ result = internal_getpwnam_r (name, pwd, &ent, buffer, buflen, errnop);
|
|
+
|
|
+ internal_endpwent (&ent);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+/* This function handle the + entry in /etc/passwd for getpwuid */
|
|
+static enum nss_status
|
|
+getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
|
|
+ size_t buflen, int *errnop)
|
|
+{
|
|
+ struct passwd pwd;
|
|
+ char *p;
|
|
+ size_t plen;
|
|
+
|
|
+ if (!nss_getpwuid_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ memset (&pwd, '\0', sizeof (struct passwd));
|
|
+
|
|
+ copy_pwd_changes (&pwd, result, NULL, 0);
|
|
+
|
|
+ plen = pwd_need_buflen (&pwd);
|
|
+ if (plen > buflen)
|
|
+ {
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+ p = buffer + (buflen - plen);
|
|
+ buflen -= plen;
|
|
+
|
|
+ if (nss_getpwuid_r (uid, result, buffer, buflen, errnop) ==
|
|
+ NSS_STATUS_SUCCESS)
|
|
+ {
|
|
+ copy_pwd_changes (result, &pwd, p, plen);
|
|
+ give_pwd_free (&pwd);
|
|
+ /* We found the entry. */
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ /* Give buffer the old len back */
|
|
+ buflen += plen;
|
|
+ give_pwd_free (&pwd);
|
|
+ }
|
|
+ return NSS_STATUS_RETURN;
|
|
+}
|
|
+
|
|
+/* Searches in /etc/passwd and the NSS subsystem for a special user id */
|
|
+static enum nss_status
|
|
+internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ char *p;
|
|
+ int parse_res;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Terminate the line for any case. */
|
|
+ buffer[buflen - 1] = '\0';
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
|
|
+ errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ /* This is a real entry. */
|
|
+ if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
|
|
+ {
|
|
+ if (result->pw_uid == uid)
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* -@netgroup */
|
|
+ if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
|
|
+ && result->pw_name[2] != '\0')
|
|
+ {
|
|
+ /* -1, because we remove first two character of pw_name. */
|
|
+ size_t len = strlen (result->pw_name) - 1;
|
|
+ char buf[len];
|
|
+ enum nss_status status;
|
|
+
|
|
+ memcpy (buf, &result->pw_name[2], len);
|
|
+
|
|
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
+ if (status == NSS_STATUS_SUCCESS &&
|
|
+ innetgr (buf, NULL, result->pw_name, NULL))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +@netgroup */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
|
|
+ && result->pw_name[2] != '\0')
|
|
+ {
|
|
+ /* -1, because we remove first two characters of pw_name. */
|
|
+ size_t len = strlen (result->pw_name) - 1;
|
|
+ char buf[len];
|
|
+ enum nss_status status;
|
|
+
|
|
+ memcpy (buf, &result->pw_name[2], len);
|
|
+
|
|
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
+
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ continue;
|
|
+
|
|
+ if (status == NSS_STATUS_SUCCESS)
|
|
+ {
|
|
+ if (innetgr (buf, NULL, result->pw_name, NULL))
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ }
|
|
+ else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ return status;
|
|
+
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* -user */
|
|
+ if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
|
|
+ && result->pw_name[1] != '@')
|
|
+ {
|
|
+ size_t len = strlen (result->pw_name);
|
|
+ char buf[len];
|
|
+ enum nss_status status;
|
|
+
|
|
+ memcpy (buf, &result->pw_name[1], len);
|
|
+
|
|
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
+ if (status == NSS_STATUS_SUCCESS &&
|
|
+ innetgr (buf, NULL, result->pw_name, NULL))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +user */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
|
|
+ && result->pw_name[1] != '@')
|
|
+ {
|
|
+ size_t len = strlen (result->pw_name);
|
|
+ char buf[len];
|
|
+ enum nss_status status;
|
|
+
|
|
+ memcpy (buf, &result->pw_name[1], len);
|
|
+
|
|
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
+
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ continue;
|
|
+
|
|
+ if (status == NSS_STATUS_SUCCESS)
|
|
+ {
|
|
+ if (strcmp (buf, result->pw_name) == 0)
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ }
|
|
+ else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ return status;
|
|
+
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +:... */
|
|
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
|
|
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
+ break;
|
|
+ else if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ enum nss_status result;
|
|
+ ent_t ent = { false, false, true, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 },
|
|
+ { NULL, NULL, 0, 0, NULL, NULL, NULL }};
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ result = internal_setpwent (&ent, 0, 0);
|
|
+
|
|
+ if (result == NSS_STATUS_SUCCESS)
|
|
+ result = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen, errnop);
|
|
+
|
|
+ internal_endpwent (&ent);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+/* Support routines for remembering -@netgroup and -user entries.
|
|
+ The names are stored in a single string with `|' as separator. */
|
|
+static void
|
|
+blacklist_store_name (const char *name, ent_t *ent)
|
|
+{
|
|
+ int namelen = strlen (name);
|
|
+ char *tmp;
|
|
+
|
|
+ /* first call, setup cache */
|
|
+ if (ent->blacklist.size == 0)
|
|
+ {
|
|
+ ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
|
|
+ ent->blacklist.data = malloc (ent->blacklist.size);
|
|
+ if (ent->blacklist.data == NULL)
|
|
+ return;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ ent->blacklist.current = 1;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (in_blacklist (name, namelen, ent))
|
|
+ return; /* no duplicates */
|
|
+
|
|
+ if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
|
|
+ {
|
|
+ ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
|
|
+ tmp = realloc (ent->blacklist.data, ent->blacklist.size);
|
|
+ if (tmp == NULL)
|
|
+ {
|
|
+ free (ent->blacklist.data);
|
|
+ ent->blacklist.size = 0;
|
|
+ return;
|
|
+ }
|
|
+ ent->blacklist.data = tmp;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
|
|
+ *tmp++ = '|';
|
|
+ *tmp = '\0';
|
|
+ ent->blacklist.current += namelen + 1;
|
|
+
|
|
+ return;
|
|
+}
|
|
+
|
|
+/* Returns whether ent->blacklist contains name. */
|
|
+static bool
|
|
+in_blacklist (const char *name, int namelen, ent_t *ent)
|
|
+{
|
|
+ char buf[namelen + 3];
|
|
+ char *cp;
|
|
+
|
|
+ if (ent->blacklist.data == NULL)
|
|
+ return false;
|
|
+
|
|
+ buf[0] = '|';
|
|
+ cp = stpcpy (&buf[1], name);
|
|
+ *cp++ = '|';
|
|
+ *cp = '\0';
|
|
+ return strstr (ent->blacklist.data, buf) != NULL;
|
|
+}
|
|
Index: glibc-2.26/nss/nss_compat/compat-spwd.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ glibc-2.26/nss/nss_compat/compat-spwd.c
|
|
@@ -0,0 +1,857 @@
|
|
+/* Copyright (C) 1996-2017 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+ Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <http://www.gnu.org/licenses/>. */
|
|
+
|
|
+#include <ctype.h>
|
|
+#include <errno.h>
|
|
+#include <fcntl.h>
|
|
+#include <netdb.h>
|
|
+#include <nss.h>
|
|
+#include <nsswitch.h>
|
|
+#include <shadow.h>
|
|
+#include <stdio_ext.h>
|
|
+#include <string.h>
|
|
+#include <libc-lock.h>
|
|
+#include <kernel-features.h>
|
|
+
|
|
+#include "netgroup.h"
|
|
+#include "nisdomain.h"
|
|
+
|
|
+static service_user *ni;
|
|
+static enum nss_status (*nss_setspent) (int stayopen);
|
|
+static enum nss_status (*nss_getspnam_r) (const char *name, struct spwd * sp,
|
|
+ char *buffer, size_t buflen,
|
|
+ int *errnop);
|
|
+static enum nss_status (*nss_getspent_r) (struct spwd * sp, char *buffer,
|
|
+ size_t buflen, int *errnop);
|
|
+static enum nss_status (*nss_endspent) (void);
|
|
+
|
|
+/* Get the declaration of the parser function. */
|
|
+#define ENTNAME spent
|
|
+#define STRUCTURE spwd
|
|
+#define EXTERN_PARSER
|
|
+#include <nss/nss_files/files-parse.c>
|
|
+
|
|
+/* Structure for remembering -@netgroup and -user members ... */
|
|
+#define BLACKLIST_INITIAL_SIZE 512
|
|
+#define BLACKLIST_INCREMENT 256
|
|
+struct blacklist_t
|
|
+{
|
|
+ char *data;
|
|
+ int current;
|
|
+ int size;
|
|
+};
|
|
+
|
|
+struct ent_t
|
|
+{
|
|
+ bool netgroup;
|
|
+ bool files;
|
|
+ bool first;
|
|
+ enum nss_status setent_status;
|
|
+ FILE *stream;
|
|
+ struct blacklist_t blacklist;
|
|
+ struct spwd pwd;
|
|
+ struct __netgrent netgrdata;
|
|
+};
|
|
+typedef struct ent_t ent_t;
|
|
+
|
|
+static ent_t ext_ent = { false, true, false, NSS_STATUS_SUCCESS, NULL,
|
|
+ { NULL, 0, 0},
|
|
+ { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
|
|
+
|
|
+/* Protect global state against multiple changers. */
|
|
+__libc_lock_define_initialized (static, lock)
|
|
+
|
|
+/* Prototypes for local functions. */
|
|
+static void blacklist_store_name (const char *, ent_t *);
|
|
+static bool in_blacklist (const char *, int, ent_t *);
|
|
+
|
|
+/* Initialize the NSS interface/functions. The calling function must
|
|
+ hold the lock. */
|
|
+static void
|
|
+init_nss_interface (void)
|
|
+{
|
|
+ if (__nss_database_lookup ("shadow_compat", "passwd_compat",
|
|
+ "nis", &ni) >= 0)
|
|
+ {
|
|
+ nss_setspent = __nss_lookup_function (ni, "setspent");
|
|
+ nss_getspnam_r = __nss_lookup_function (ni, "getspnam_r");
|
|
+ nss_getspent_r = __nss_lookup_function (ni, "getspent_r");
|
|
+ nss_endspent = __nss_lookup_function (ni, "endspent");
|
|
+ }
|
|
+}
|
|
+
|
|
+static void
|
|
+give_spwd_free (struct spwd *pwd)
|
|
+{
|
|
+ free (pwd->sp_namp);
|
|
+ free (pwd->sp_pwdp);
|
|
+
|
|
+ memset (pwd, '\0', sizeof (struct spwd));
|
|
+ pwd->sp_warn = -1;
|
|
+ pwd->sp_inact = -1;
|
|
+ pwd->sp_expire = -1;
|
|
+ pwd->sp_flag = ~0ul;
|
|
+}
|
|
+
|
|
+static int
|
|
+spwd_need_buflen (struct spwd *pwd)
|
|
+{
|
|
+ int len = 0;
|
|
+
|
|
+ if (pwd->sp_pwdp != NULL)
|
|
+ len += strlen (pwd->sp_pwdp) + 1;
|
|
+
|
|
+ return len;
|
|
+}
|
|
+
|
|
+static void
|
|
+copy_spwd_changes (struct spwd *dest, struct spwd *src,
|
|
+ char *buffer, size_t buflen)
|
|
+{
|
|
+ if (src->sp_pwdp != NULL && strlen (src->sp_pwdp))
|
|
+ {
|
|
+ if (buffer == NULL)
|
|
+ dest->sp_pwdp = strdup (src->sp_pwdp);
|
|
+ else if (dest->sp_pwdp &&
|
|
+ strlen (dest->sp_pwdp) >= strlen (src->sp_pwdp))
|
|
+ strcpy (dest->sp_pwdp, src->sp_pwdp);
|
|
+ else
|
|
+ {
|
|
+ dest->sp_pwdp = buffer;
|
|
+ strcpy (dest->sp_pwdp, src->sp_pwdp);
|
|
+ buffer += strlen (dest->sp_pwdp) + 1;
|
|
+ buflen = buflen - (strlen (dest->sp_pwdp) + 1);
|
|
+ }
|
|
+ }
|
|
+ if (src->sp_lstchg != 0)
|
|
+ dest->sp_lstchg = src->sp_lstchg;
|
|
+ if (src->sp_min != 0)
|
|
+ dest->sp_min = src->sp_min;
|
|
+ if (src->sp_max != 0)
|
|
+ dest->sp_max = src->sp_max;
|
|
+ if (src->sp_warn != -1)
|
|
+ dest->sp_warn = src->sp_warn;
|
|
+ if (src->sp_inact != -1)
|
|
+ dest->sp_inact = src->sp_inact;
|
|
+ if (src->sp_expire != -1)
|
|
+ dest->sp_expire = src->sp_expire;
|
|
+ if (src->sp_flag != ~0ul)
|
|
+ dest->sp_flag = src->sp_flag;
|
|
+}
|
|
+
|
|
+static enum nss_status
|
|
+internal_setspent (ent_t *ent, int stayopen, int needent)
|
|
+{
|
|
+ enum nss_status status = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ ent->first = ent->netgroup = 0;
|
|
+ ent->files = true;
|
|
+
|
|
+ /* If something was left over free it. */
|
|
+ if (ent->netgroup)
|
|
+ __internal_endnetgrent (&ent->netgrdata);
|
|
+
|
|
+ if (ent->blacklist.data != NULL)
|
|
+ {
|
|
+ ent->blacklist.current = 1;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ }
|
|
+ else
|
|
+ ent->blacklist.current = 0;
|
|
+
|
|
+ if (ent->stream == NULL)
|
|
+ {
|
|
+ ent->stream = fopen ("/etc/shadow", "rme");
|
|
+
|
|
+ if (ent->stream == NULL)
|
|
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
|
|
+ else
|
|
+ /* We take care of locking ourself. */
|
|
+ __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
|
|
+ }
|
|
+ else
|
|
+ rewind (ent->stream);
|
|
+
|
|
+ give_spwd_free (&ent->pwd);
|
|
+
|
|
+ if (needent && status == NSS_STATUS_SUCCESS && nss_setspent)
|
|
+ ent->setent_status = nss_setspent (stayopen);
|
|
+
|
|
+ return status;
|
|
+}
|
|
+
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_setspent (int stayopen)
|
|
+{
|
|
+ enum nss_status result;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ result = internal_setspent (&ext_ent, stayopen, 1);
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+internal_endspent (ent_t *ent)
|
|
+{
|
|
+ if (ent->stream != NULL)
|
|
+ {
|
|
+ fclose (ent->stream);
|
|
+ ent->stream = NULL;
|
|
+ }
|
|
+
|
|
+ if (ent->netgroup)
|
|
+ __internal_endnetgrent (&ent->netgrdata);
|
|
+
|
|
+ ent->first = ent->netgroup = false;
|
|
+ ent->files = true;
|
|
+
|
|
+ if (ent->blacklist.data != NULL)
|
|
+ {
|
|
+ ent->blacklist.current = 1;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ }
|
|
+ else
|
|
+ ent->blacklist.current = 0;
|
|
+
|
|
+ give_spwd_free (&ent->pwd);
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_endspent (void)
|
|
+{
|
|
+ enum nss_status result;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (nss_endspent)
|
|
+ nss_endspent ();
|
|
+
|
|
+ result = internal_endspent (&ext_ent);
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent,
|
|
+ char *group, char *buffer, size_t buflen,
|
|
+ int *errnop)
|
|
+{
|
|
+ char *curdomain = NULL, *host, *user, *domain, *p2;
|
|
+ size_t p2len;
|
|
+
|
|
+ if (!nss_getspnam_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ /* If the setpwent call failed, say so. */
|
|
+ if (ent->setent_status != NSS_STATUS_SUCCESS)
|
|
+ return ent->setent_status;
|
|
+
|
|
+ if (ent->first)
|
|
+ {
|
|
+ memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
|
|
+ __internal_setnetgrent (group, &ent->netgrdata);
|
|
+ ent->first = false;
|
|
+ }
|
|
+
|
|
+ while (1)
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ status = __internal_getnetgrent_r (&host, &user, &domain,
|
|
+ &ent->netgrdata, buffer, buflen,
|
|
+ errnop);
|
|
+ if (status != 1)
|
|
+ {
|
|
+ __internal_endnetgrent (&ent->netgrdata);
|
|
+ ent->netgroup = false;
|
|
+ give_spwd_free (&ent->pwd);
|
|
+ return NSS_STATUS_RETURN;
|
|
+ }
|
|
+
|
|
+ if (user == NULL || user[0] == '-')
|
|
+ continue;
|
|
+
|
|
+ if (domain != NULL)
|
|
+ {
|
|
+ if (curdomain == NULL
|
|
+ && __nss_get_default_domain (&curdomain) != 0)
|
|
+ {
|
|
+ __internal_endnetgrent (&ent->netgrdata);
|
|
+ ent->netgroup = false;
|
|
+ give_spwd_free (&ent->pwd);
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+ }
|
|
+ if (strcmp (curdomain, domain) != 0)
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* If name != NULL, we are called from getpwnam */
|
|
+ if (name != NULL)
|
|
+ if (strcmp (user, name) != 0)
|
|
+ continue;
|
|
+
|
|
+ p2len = spwd_need_buflen (&ent->pwd);
|
|
+ if (p2len > buflen)
|
|
+ {
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+ p2 = buffer + (buflen - p2len);
|
|
+ buflen -= p2len;
|
|
+
|
|
+ if (nss_getspnam_r (user, result, buffer, buflen, errnop) !=
|
|
+ NSS_STATUS_SUCCESS)
|
|
+ continue;
|
|
+
|
|
+ if (!in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
|
|
+ {
|
|
+ /* Store the User in the blacklist for possible the "+" at the
|
|
+ end of /etc/passwd */
|
|
+ blacklist_store_name (result->sp_namp, ent);
|
|
+ copy_spwd_changes (result, &ent->pwd, p2, p2len);
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+getspent_next_nss (struct spwd *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ enum nss_status status;
|
|
+ char *p2;
|
|
+ size_t p2len;
|
|
+
|
|
+ if (!nss_getspent_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ p2len = spwd_need_buflen (&ent->pwd);
|
|
+ if (p2len > buflen)
|
|
+ {
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+ p2 = buffer + (buflen - p2len);
|
|
+ buflen -= p2len;
|
|
+ do
|
|
+ {
|
|
+ if ((status = nss_getspent_r (result, buffer, buflen, errnop)) !=
|
|
+ NSS_STATUS_SUCCESS)
|
|
+ return status;
|
|
+ }
|
|
+ while (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent));
|
|
+
|
|
+ copy_spwd_changes (result, &ent->pwd, p2, p2len);
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+
|
|
+/* This function handle the +user entrys in /etc/shadow */
|
|
+static enum nss_status
|
|
+getspnam_plususer (const char *name, struct spwd *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ if (!nss_getspnam_r)
|
|
+ return NSS_STATUS_UNAVAIL;
|
|
+
|
|
+ struct spwd pwd;
|
|
+ memset (&pwd, '\0', sizeof (struct spwd));
|
|
+ pwd.sp_warn = -1;
|
|
+ pwd.sp_inact = -1;
|
|
+ pwd.sp_expire = -1;
|
|
+ pwd.sp_flag = ~0ul;
|
|
+
|
|
+ copy_spwd_changes (&pwd, result, NULL, 0);
|
|
+
|
|
+ size_t plen = spwd_need_buflen (&pwd);
|
|
+ if (plen > buflen)
|
|
+ {
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+ char *p = buffer + (buflen - plen);
|
|
+ buflen -= plen;
|
|
+
|
|
+ enum nss_status status = nss_getspnam_r (name, result, buffer, buflen,
|
|
+ errnop);
|
|
+ if (status != NSS_STATUS_SUCCESS)
|
|
+ return status;
|
|
+
|
|
+ if (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ copy_spwd_changes (result, &pwd, p, plen);
|
|
+ give_spwd_free (&pwd);
|
|
+ /* We found the entry. */
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+getspent_next_file (struct spwd *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ int parse_res = 0;
|
|
+ char *p;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ || !(parse_res = _nss_files_parse_spent (p, result, data,
|
|
+ buflen, errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
|
|
+ /* This is a real entry. */
|
|
+ break;
|
|
+
|
|
+ /* -@netgroup */
|
|
+ if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
|
|
+ && result->sp_namp[2] != '\0')
|
|
+ {
|
|
+ /* XXX Do not use fixed length buffers. */
|
|
+ char buf2[1024];
|
|
+ char *user, *host, *domain;
|
|
+ struct __netgrent netgrdata;
|
|
+
|
|
+ memset (&netgrdata, 0, sizeof (struct __netgrent));
|
|
+ __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
|
|
+ while (__internal_getnetgrent_r (&host, &user, &domain,
|
|
+ &netgrdata, buf2, sizeof (buf2),
|
|
+ errnop))
|
|
+ {
|
|
+ if (user != NULL && user[0] != '-')
|
|
+ blacklist_store_name (user, ent);
|
|
+ }
|
|
+ __internal_endnetgrent (&netgrdata);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +@netgroup */
|
|
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
|
|
+ && result->sp_namp[2] != '\0')
|
|
+ {
|
|
+ int status;
|
|
+
|
|
+ ent->netgroup = true;
|
|
+ ent->first = true;
|
|
+ copy_spwd_changes (&ent->pwd, result, NULL, 0);
|
|
+
|
|
+ status = getspent_next_nss_netgr (NULL, result, ent,
|
|
+ &result->sp_namp[2],
|
|
+ buffer, buflen, errnop);
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ continue;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+
|
|
+ /* -user */
|
|
+ if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
|
|
+ && result->sp_namp[1] != '@')
|
|
+ {
|
|
+ blacklist_store_name (&result->sp_namp[1], ent);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +user */
|
|
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
|
|
+ && result->sp_namp[1] != '@')
|
|
+ {
|
|
+ size_t len = strlen (result->sp_namp);
|
|
+ char buf[len];
|
|
+ enum nss_status status;
|
|
+
|
|
+ /* Store the User in the blacklist for the "+" at the end of
|
|
+ /etc/passwd */
|
|
+ memcpy (buf, &result->sp_namp[1], len);
|
|
+ status = getspnam_plususer (&result->sp_namp[1], result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+ blacklist_store_name (buf, ent);
|
|
+
|
|
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
|
|
+ break;
|
|
+ /* We couldn't parse the entry */
|
|
+ else if (status == NSS_STATUS_RETURN
|
|
+ /* entry doesn't exist */
|
|
+ || status == NSS_STATUS_NOTFOUND)
|
|
+ continue;
|
|
+ else
|
|
+ {
|
|
+ if (status == NSS_STATUS_TRYAGAIN)
|
|
+ {
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ *errnop = ERANGE;
|
|
+ }
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* +:... */
|
|
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
|
|
+ {
|
|
+ ent->files = false;
|
|
+ ent->first = true;
|
|
+ copy_spwd_changes (&ent->pwd, result, NULL, 0);
|
|
+
|
|
+ return getspent_next_nss (result, ent, buffer, buflen, errnop);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+
|
|
+static enum nss_status
|
|
+internal_getspent_r (struct spwd *pw, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ if (ent->netgroup)
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ /* We are searching members in a netgroup */
|
|
+ /* Since this is not the first call, we don't need the group name */
|
|
+ status = getspent_next_nss_netgr (NULL, pw, ent, NULL, buffer,
|
|
+ buflen, errnop);
|
|
+
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ return getspent_next_file (pw, ent, buffer, buflen, errnop);
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ else if (ent->files)
|
|
+ return getspent_next_file (pw, ent, buffer, buflen, errnop);
|
|
+ else
|
|
+ return getspent_next_nss (pw, ent, buffer, buflen, errnop);
|
|
+}
|
|
+
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen,
|
|
+ int *errnop)
|
|
+{
|
|
+ enum nss_status result = NSS_STATUS_SUCCESS;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ /* Be prepared that the setpwent function was not called before. */
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ if (ext_ent.stream == NULL)
|
|
+ result = internal_setspent (&ext_ent, 1, 1);
|
|
+
|
|
+ if (result == NSS_STATUS_SUCCESS)
|
|
+ result = internal_getspent_r (pwd, &ext_ent, buffer, buflen, errnop);
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
|
|
+static enum nss_status
|
|
+internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ struct parser_data *data = (void *) buffer;
|
|
+
|
|
+ while (1)
|
|
+ {
|
|
+ fpos_t pos;
|
|
+ char *p;
|
|
+ int parse_res;
|
|
+
|
|
+ do
|
|
+ {
|
|
+ /* We need at least 3 characters for one line. */
|
|
+ if (__glibc_unlikely (buflen < 3))
|
|
+ {
|
|
+ erange:
|
|
+ *errnop = ERANGE;
|
|
+ return NSS_STATUS_TRYAGAIN;
|
|
+ }
|
|
+
|
|
+ fgetpos (ent->stream, &pos);
|
|
+ buffer[buflen - 1] = '\xff';
|
|
+ p = fgets_unlocked (buffer, buflen, ent->stream);
|
|
+ if (p == NULL && feof_unlocked (ent->stream))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ if (p == NULL || buffer[buflen - 1] != '\xff')
|
|
+ {
|
|
+ erange_reset:
|
|
+ fsetpos (ent->stream, &pos);
|
|
+ goto erange;
|
|
+ }
|
|
+
|
|
+ /* Terminate the line for any case. */
|
|
+ buffer[buflen - 1] = '\0';
|
|
+
|
|
+ /* Skip leading blanks. */
|
|
+ while (isspace (*p))
|
|
+ ++p;
|
|
+ }
|
|
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
|
|
+ /* Parse the line. If it is invalid, loop to
|
|
+ get the next line of the file to parse. */
|
|
+ !(parse_res = _nss_files_parse_spent (p, result, data, buflen,
|
|
+ errnop)));
|
|
+
|
|
+ if (__glibc_unlikely (parse_res == -1))
|
|
+ /* The parser ran out of space. */
|
|
+ goto erange_reset;
|
|
+
|
|
+ /* This is a real entry. */
|
|
+ if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
|
|
+ {
|
|
+ if (strcmp (result->sp_namp, name) == 0)
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* -@netgroup */
|
|
+ /* If the loaded NSS module does not support this service, add
|
|
+ all users from a +@netgroup entry to the blacklist, too. */
|
|
+ if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
|
|
+ && result->sp_namp[2] != '\0')
|
|
+ {
|
|
+ if (innetgr (&result->sp_namp[2], NULL, name, NULL))
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +@netgroup */
|
|
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
|
|
+ && result->sp_namp[2] != '\0')
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ if (innetgr (&result->sp_namp[2], NULL, name, NULL))
|
|
+ {
|
|
+ status = getspnam_plususer (name, result, ent, buffer,
|
|
+ buflen, errnop);
|
|
+
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ continue;
|
|
+
|
|
+ return status;
|
|
+ }
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* -user */
|
|
+ if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
|
|
+ && result->sp_namp[1] != '@')
|
|
+ {
|
|
+ if (strcmp (&result->sp_namp[1], name) == 0)
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* +user */
|
|
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
|
|
+ && result->sp_namp[1] != '@')
|
|
+ {
|
|
+ if (strcmp (name, &result->sp_namp[1]) == 0)
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ status = getspnam_plususer (name, result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+
|
|
+ if (status == NSS_STATUS_RETURN)
|
|
+ /* We couldn't parse the entry */
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* +:... */
|
|
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
|
|
+ {
|
|
+ enum nss_status status;
|
|
+
|
|
+ status = getspnam_plususer (name, result, ent,
|
|
+ buffer, buflen, errnop);
|
|
+
|
|
+ if (status == NSS_STATUS_SUCCESS)
|
|
+ /* We found the entry. */
|
|
+ break;
|
|
+ else if (status == NSS_STATUS_RETURN)
|
|
+ /* We couldn't parse the entry */
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+ else
|
|
+ return status;
|
|
+ }
|
|
+ }
|
|
+ return NSS_STATUS_SUCCESS;
|
|
+}
|
|
+
|
|
+
|
|
+enum nss_status
|
|
+_nss_compat_getspnam_r (const char *name, struct spwd *pwd,
|
|
+ char *buffer, size_t buflen, int *errnop)
|
|
+{
|
|
+ enum nss_status result;
|
|
+ ent_t ent = { false, true, false, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0},
|
|
+ { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
|
|
+
|
|
+ if (name[0] == '-' || name[0] == '+')
|
|
+ return NSS_STATUS_NOTFOUND;
|
|
+
|
|
+ __libc_lock_lock (lock);
|
|
+
|
|
+ if (ni == NULL)
|
|
+ init_nss_interface ();
|
|
+
|
|
+ __libc_lock_unlock (lock);
|
|
+
|
|
+ result = internal_setspent (&ent, 0, 0);
|
|
+
|
|
+ if (result == NSS_STATUS_SUCCESS)
|
|
+ result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop);
|
|
+
|
|
+ internal_endspent (&ent);
|
|
+
|
|
+ return result;
|
|
+}
|
|
+
|
|
+
|
|
+/* Support routines for remembering -@netgroup and -user entries.
|
|
+ The names are stored in a single string with `|' as separator. */
|
|
+static void
|
|
+blacklist_store_name (const char *name, ent_t *ent)
|
|
+{
|
|
+ int namelen = strlen (name);
|
|
+ char *tmp;
|
|
+
|
|
+ /* first call, setup cache */
|
|
+ if (ent->blacklist.size == 0)
|
|
+ {
|
|
+ ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
|
|
+ ent->blacklist.data = malloc (ent->blacklist.size);
|
|
+ if (ent->blacklist.data == NULL)
|
|
+ return;
|
|
+ ent->blacklist.data[0] = '|';
|
|
+ ent->blacklist.data[1] = '\0';
|
|
+ ent->blacklist.current = 1;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (in_blacklist (name, namelen, ent))
|
|
+ return; /* no duplicates */
|
|
+
|
|
+ if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
|
|
+ {
|
|
+ ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
|
|
+ tmp = realloc (ent->blacklist.data, ent->blacklist.size);
|
|
+ if (tmp == NULL)
|
|
+ {
|
|
+ free (ent->blacklist.data);
|
|
+ ent->blacklist.size = 0;
|
|
+ return;
|
|
+ }
|
|
+ ent->blacklist.data = tmp;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
|
|
+ *tmp++ = '|';
|
|
+ *tmp = '\0';
|
|
+ ent->blacklist.current += namelen + 1;
|
|
+
|
|
+ return;
|
|
+}
|
|
+
|
|
+
|
|
+/* Returns whether ent->blacklist contains name. */
|
|
+static bool
|
|
+in_blacklist (const char *name, int namelen, ent_t *ent)
|
|
+{
|
|
+ char buf[namelen + 3];
|
|
+ char *cp;
|
|
+
|
|
+ if (ent->blacklist.data == NULL)
|
|
+ return false;
|
|
+
|
|
+ buf[0] = '|';
|
|
+ cp = stpcpy (&buf[1], name);
|
|
+ *cp++ = '|';
|
|
+ *cp = '\0';
|
|
+ return strstr (ent->blacklist.data, buf) != NULL;
|
|
+}
|
|
Index: glibc-2.26/nss/nss_compat/nisdomain.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ glibc-2.26/nss/nss_compat/nisdomain.c
|
|
@@ -0,0 +1,58 @@
|
|
+/* Copyright (C) 2017 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <http://www.gnu.org/licenses/>. */
|
|
+
|
|
+#include <stdlib.h>
|
|
+#include <string.h>
|
|
+#include <errno.h>
|
|
+#include <unistd.h>
|
|
+#include <libc-lock.h>
|
|
+#include "nisdomain.h"
|
|
+
|
|
+#define MAXDOMAINNAMELEN 1024
|
|
+
|
|
+static char domainname[MAXDOMAINNAMELEN];
|
|
+
|
|
+__libc_lock_define_initialized (static, domainname_lock)
|
|
+
|
|
+int
|
|
+__nss_get_default_domain (char **outdomain)
|
|
+{
|
|
+ int result = 0;
|
|
+ *outdomain = NULL;
|
|
+
|
|
+ __libc_lock_lock (domainname_lock);
|
|
+
|
|
+ if (domainname[0] != '\0')
|
|
+ {
|
|
+ if (getdomainname (domainname, MAXDOMAINNAMELEN) < 0)
|
|
+ result = errno;
|
|
+ else if (strcmp (domainname, "(none)") == 0)
|
|
+ {
|
|
+ /* If domainname is not set, some systems will return "(none)" */
|
|
+ domainname[0] = '\0';
|
|
+ result = ENOENT;
|
|
+ }
|
|
+ else
|
|
+ *outdomain = domainname;
|
|
+ }
|
|
+ else
|
|
+ *outdomain = domainname;
|
|
+
|
|
+ __libc_lock_unlock (domainname_lock);
|
|
+
|
|
+ return result;
|
|
+}
|
|
Index: glibc-2.26/nss/nss_compat/nisdomain.h
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ glibc-2.26/nss/nss_compat/nisdomain.h
|
|
@@ -0,0 +1,20 @@
|
|
+/* Copyright (C) 2017 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <http://www.gnu.org/licenses/>. */
|
|
+
|
|
+/* Set OUTDOMAIN to a pointer to the current NIS domain name, or NULL if
|
|
+ not set. Return zero on success, an error number on failure. */
|
|
+extern int __nss_get_default_domain (char **outdomain);
|