1 /* Copyright (C) 1996-2015 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
26 #include <stdio_ext.h>
28 #include <rpc/types.h>
29 #include <rpcsvc/ypclnt.h>
30 #include <bits/libc-lock.h>
31 #include <kernel-features.h>
35 static service_user *ni;
36 static enum nss_status (*nss_setspent) (int stayopen);
37 static enum nss_status (*nss_getspnam_r) (const char *name, struct spwd * sp,
38 char *buffer, size_t buflen,
40 static enum nss_status (*nss_getspent_r) (struct spwd * sp, char *buffer,
41 size_t buflen, int *errnop);
42 static enum nss_status (*nss_endspent) (void);
44 /* Get the declaration of the parser function. */
46 #define STRUCTURE spwd
48 #include <nss/nss_files/files-parse.c>
50 /* Structure for remembering -@netgroup and -user members ... */
51 #define BLACKLIST_INITIAL_SIZE 512
52 #define BLACKLIST_INCREMENT 256
65 enum nss_status setent_status;
67 struct blacklist_t blacklist;
69 struct __netgrent netgrdata;
71 typedef struct ent_t ent_t;
73 static ent_t ext_ent = { false, true, false, NSS_STATUS_SUCCESS, NULL,
75 { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
77 /* Protect global state against multiple changers. */
78 __libc_lock_define_initialized (static, lock)
80 /* Positive if O_CLOEXEC is supported, negative if it is not supported,
81 zero if it is still undecided. This variable is shared with the
82 other compat functions. */
83 #ifdef __ASSUME_O_CLOEXEC
84 # define __compat_have_cloexec 1
87 extern int __compat_have_cloexec;
89 # define __compat_have_cloexec -1
93 /* Prototypes for local functions. */
94 static void blacklist_store_name (const char *, ent_t *);
95 static int in_blacklist (const char *, int, ent_t *);
97 /* Initialize the NSS interface/functions. The calling function must
100 init_nss_interface (void)
102 if (__nss_database_lookup ("shadow_compat", "passwd_compat",
105 nss_setspent = __nss_lookup_function (ni, "setspent");
106 nss_getspnam_r = __nss_lookup_function (ni, "getspnam_r");
107 nss_getspent_r = __nss_lookup_function (ni, "getspent_r");
108 nss_endspent = __nss_lookup_function (ni, "endspent");
113 give_spwd_free (struct spwd *pwd)
118 memset (pwd, '\0', sizeof (struct spwd));
126 spwd_need_buflen (struct spwd *pwd)
130 if (pwd->sp_pwdp != NULL)
131 len += strlen (pwd->sp_pwdp) + 1;
137 copy_spwd_changes (struct spwd *dest, struct spwd *src,
138 char *buffer, size_t buflen)
140 if (src->sp_pwdp != NULL && strlen (src->sp_pwdp))
143 dest->sp_pwdp = strdup (src->sp_pwdp);
144 else if (dest->sp_pwdp &&
145 strlen (dest->sp_pwdp) >= strlen (src->sp_pwdp))
146 strcpy (dest->sp_pwdp, src->sp_pwdp);
149 dest->sp_pwdp = buffer;
150 strcpy (dest->sp_pwdp, src->sp_pwdp);
151 buffer += strlen (dest->sp_pwdp) + 1;
152 buflen = buflen - (strlen (dest->sp_pwdp) + 1);
155 if (src->sp_lstchg != 0)
156 dest->sp_lstchg = src->sp_lstchg;
157 if (src->sp_min != 0)
158 dest->sp_min = src->sp_min;
159 if (src->sp_max != 0)
160 dest->sp_max = src->sp_max;
161 if (src->sp_warn != -1)
162 dest->sp_warn = src->sp_warn;
163 if (src->sp_inact != -1)
164 dest->sp_inact = src->sp_inact;
165 if (src->sp_expire != -1)
166 dest->sp_expire = src->sp_expire;
167 if (src->sp_flag != ~0ul)
168 dest->sp_flag = src->sp_flag;
171 static enum nss_status
172 internal_setspent (ent_t *ent, int stayopen)
174 enum nss_status status = NSS_STATUS_SUCCESS;
176 ent->first = ent->netgroup = 0;
179 /* If something was left over free it. */
181 __internal_endnetgrent (&ent->netgrdata);
183 if (ent->blacklist.data != NULL)
185 ent->blacklist.current = 1;
186 ent->blacklist.data[0] = '|';
187 ent->blacklist.data[1] = '\0';
190 ent->blacklist.current = 0;
192 if (ent->stream == NULL)
194 ent->stream = fopen ("/etc/shadow", "rme");
196 if (ent->stream == NULL)
197 status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
200 /* We have to make sure the file is `closed on exec'. */
203 if (__compat_have_cloexec <= 0)
206 result = flags = fcntl (fileno_unlocked (ent->stream), F_GETFD,
210 #if defined O_CLOEXEC && !defined __ASSUME_O_CLOEXEC
211 if (__compat_have_cloexec == 0)
212 __compat_have_cloexec = (flags & FD_CLOEXEC) ? 1 : -1;
214 if (__compat_have_cloexec < 0)
218 result = fcntl (fileno_unlocked (ent->stream), F_SETFD,
226 /* Something went wrong. Close the stream and return a
228 fclose (ent->stream);
230 status = NSS_STATUS_UNAVAIL;
233 /* We take care of locking ourself. */
234 __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
238 rewind (ent->stream);
240 give_spwd_free (&ent->pwd);
242 if (status == NSS_STATUS_SUCCESS && nss_setspent)
243 ent->setent_status = nss_setspent (stayopen);
250 _nss_compat_setspent (int stayopen)
252 enum nss_status result;
254 __libc_lock_lock (lock);
257 init_nss_interface ();
259 result = internal_setspent (&ext_ent, stayopen);
261 __libc_lock_unlock (lock);
267 static enum nss_status
268 internal_endspent (ent_t *ent)
273 if (ent->stream != NULL)
275 fclose (ent->stream);
280 __internal_endnetgrent (&ent->netgrdata);
282 ent->first = ent->netgroup = false;
285 if (ent->blacklist.data != NULL)
287 ent->blacklist.current = 1;
288 ent->blacklist.data[0] = '|';
289 ent->blacklist.data[1] = '\0';
292 ent->blacklist.current = 0;
294 give_spwd_free (&ent->pwd);
296 return NSS_STATUS_SUCCESS;
300 _nss_compat_endspent (void)
302 enum nss_status result;
304 __libc_lock_lock (lock);
306 result = internal_endspent (&ext_ent);
308 __libc_lock_unlock (lock);
314 static enum nss_status
315 getspent_next_nss_netgr (const char *name, struct spwd *result, ent_t *ent,
316 char *group, char *buffer, size_t buflen,
319 char *curdomain = NULL, *host, *user, *domain, *p2;
323 return NSS_STATUS_UNAVAIL;
325 /* If the setpwent call failed, say so. */
326 if (ent->setent_status != NSS_STATUS_SUCCESS)
327 return ent->setent_status;
331 memset (&ent->netgrdata, 0, sizeof (struct __netgrent));
332 __internal_setnetgrent (group, &ent->netgrdata);
338 enum nss_status status;
340 status = __internal_getnetgrent_r (&host, &user, &domain,
341 &ent->netgrdata, buffer, buflen,
345 __internal_endnetgrent (&ent->netgrdata);
346 ent->netgroup = false;
347 give_spwd_free (&ent->pwd);
348 return NSS_STATUS_RETURN;
351 if (user == NULL || user[0] == '-')
356 if (curdomain == NULL
357 && yp_get_default_domain (&curdomain) != YPERR_SUCCESS)
359 __internal_endnetgrent (&ent->netgrdata);
360 ent->netgroup = false;
361 give_spwd_free (&ent->pwd);
362 return NSS_STATUS_UNAVAIL;
364 if (strcmp (curdomain, domain) != 0)
368 /* If name != NULL, we are called from getpwnam */
370 if (strcmp (user, name) != 0)
373 p2len = spwd_need_buflen (&ent->pwd);
377 return NSS_STATUS_TRYAGAIN;
379 p2 = buffer + (buflen - p2len);
382 if (nss_getspnam_r (user, result, buffer, buflen, errnop) !=
386 if (!in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
388 /* Store the User in the blacklist for possible the "+" at the
389 end of /etc/passwd */
390 blacklist_store_name (result->sp_namp, ent);
391 copy_spwd_changes (result, &ent->pwd, p2, p2len);
396 return NSS_STATUS_SUCCESS;
400 static enum nss_status
401 getspent_next_nss (struct spwd *result, ent_t *ent,
402 char *buffer, size_t buflen, int *errnop)
404 enum nss_status status;
409 return NSS_STATUS_UNAVAIL;
411 p2len = spwd_need_buflen (&ent->pwd);
415 return NSS_STATUS_TRYAGAIN;
417 p2 = buffer + (buflen - p2len);
421 if ((status = nss_getspent_r (result, buffer, buflen, errnop)) !=
425 while (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent));
427 copy_spwd_changes (result, &ent->pwd, p2, p2len);
429 return NSS_STATUS_SUCCESS;
433 /* This function handle the +user entrys in /etc/shadow */
434 static enum nss_status
435 getspnam_plususer (const char *name, struct spwd *result, ent_t *ent,
436 char *buffer, size_t buflen, int *errnop)
439 return NSS_STATUS_UNAVAIL;
442 memset (&pwd, '\0', sizeof (struct spwd));
448 copy_spwd_changes (&pwd, result, NULL, 0);
450 size_t plen = spwd_need_buflen (&pwd);
454 return NSS_STATUS_TRYAGAIN;
456 char *p = buffer + (buflen - plen);
459 enum nss_status status = nss_getspnam_r (name, result, buffer, buflen,
461 if (status != NSS_STATUS_SUCCESS)
464 if (in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
465 return NSS_STATUS_NOTFOUND;
467 copy_spwd_changes (result, &pwd, p, plen);
468 give_spwd_free (&pwd);
469 /* We found the entry. */
470 return NSS_STATUS_SUCCESS;
474 static enum nss_status
475 getspent_next_file (struct spwd *result, ent_t *ent,
476 char *buffer, size_t buflen, int *errnop)
478 struct parser_data *data = (void *) buffer;
487 /* We need at least 3 characters for one line. */
488 if (__glibc_unlikely (buflen < 3))
492 return NSS_STATUS_TRYAGAIN;
495 fgetpos (ent->stream, &pos);
496 buffer[buflen - 1] = '\xff';
497 p = fgets_unlocked (buffer, buflen, ent->stream);
498 if (p == NULL && feof_unlocked (ent->stream))
499 return NSS_STATUS_NOTFOUND;
501 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
504 fsetpos (ent->stream, &pos);
508 /* Skip leading blanks. */
512 while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */
513 /* Parse the line. If it is invalid, loop to
514 get the next line of the file to parse. */
515 || !(parse_res = _nss_files_parse_spent (p, result, data,
518 if (__glibc_unlikely (parse_res == -1))
519 /* The parser ran out of space. */
522 if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
523 /* This is a real entry. */
527 if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
528 && result->sp_namp[2] != '\0')
530 /* XXX Do not use fixed length buffers. */
532 char *user, *host, *domain;
533 struct __netgrent netgrdata;
535 memset (&netgrdata, 0, sizeof (struct __netgrent));
536 __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
537 while (__internal_getnetgrent_r (&host, &user, &domain,
538 &netgrdata, buf2, sizeof (buf2),
541 if (user != NULL && user[0] != '-')
542 blacklist_store_name (user, ent);
544 __internal_endnetgrent (&netgrdata);
549 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
550 && result->sp_namp[2] != '\0')
554 ent->netgroup = true;
556 copy_spwd_changes (&ent->pwd, result, NULL, 0);
558 status = getspent_next_nss_netgr (NULL, result, ent,
560 buffer, buflen, errnop);
561 if (status == NSS_STATUS_RETURN)
568 if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
569 && result->sp_namp[1] != '@')
571 blacklist_store_name (&result->sp_namp[1], ent);
576 if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
577 && result->sp_namp[1] != '@')
579 size_t len = strlen (result->sp_namp);
581 enum nss_status status;
583 /* Store the User in the blacklist for the "+" at the end of
585 memcpy (buf, &result->sp_namp[1], len);
586 status = getspnam_plususer (&result->sp_namp[1], result, ent,
587 buffer, buflen, errnop);
588 blacklist_store_name (buf, ent);
590 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
592 /* We couldn't parse the entry */
593 else if (status == NSS_STATUS_RETURN
594 /* entry doesn't exist */
595 || status == NSS_STATUS_NOTFOUND)
599 if (status == NSS_STATUS_TRYAGAIN)
601 fsetpos (ent->stream, &pos);
609 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
613 copy_spwd_changes (&ent->pwd, result, NULL, 0);
615 return getspent_next_nss (result, ent, buffer, buflen, errnop);
619 return NSS_STATUS_SUCCESS;
623 static enum nss_status
624 internal_getspent_r (struct spwd *pw, ent_t *ent,
625 char *buffer, size_t buflen, int *errnop)
629 enum nss_status status;
631 /* We are searching members in a netgroup */
632 /* Since this is not the first call, we don't need the group name */
633 status = getspent_next_nss_netgr (NULL, pw, ent, NULL, buffer,
636 if (status == NSS_STATUS_RETURN)
637 return getspent_next_file (pw, ent, buffer, buflen, errnop);
642 return getspent_next_file (pw, ent, buffer, buflen, errnop);
644 return getspent_next_nss (pw, ent, buffer, buflen, errnop);
649 _nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen,
652 enum nss_status result = NSS_STATUS_SUCCESS;
654 __libc_lock_lock (lock);
656 /* Be prepared that the setpwent function was not called before. */
658 init_nss_interface ();
660 if (ext_ent.stream == NULL)
661 result = internal_setspent (&ext_ent, 1);
663 if (result == NSS_STATUS_SUCCESS)
664 result = internal_getspent_r (pwd, &ext_ent, buffer, buflen, errnop);
666 __libc_lock_unlock (lock);
672 /* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
673 static enum nss_status
674 internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
675 char *buffer, size_t buflen, int *errnop)
677 struct parser_data *data = (void *) buffer;
687 /* We need at least 3 characters for one line. */
688 if (__glibc_unlikely (buflen < 3))
692 return NSS_STATUS_TRYAGAIN;
695 fgetpos (ent->stream, &pos);
696 buffer[buflen - 1] = '\xff';
697 p = fgets_unlocked (buffer, buflen, ent->stream);
698 if (p == NULL && feof_unlocked (ent->stream))
699 return NSS_STATUS_NOTFOUND;
701 if (p == NULL || buffer[buflen - 1] != '\xff')
704 fsetpos (ent->stream, &pos);
708 /* Terminate the line for any case. */
709 buffer[buflen - 1] = '\0';
711 /* Skip leading blanks. */
715 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
716 /* Parse the line. If it is invalid, loop to
717 get the next line of the file to parse. */
718 !(parse_res = _nss_files_parse_spent (p, result, data, buflen,
721 if (__glibc_unlikely (parse_res == -1))
722 /* The parser ran out of space. */
725 /* This is a real entry. */
726 if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
728 if (strcmp (result->sp_namp, name) == 0)
729 return NSS_STATUS_SUCCESS;
735 /* If the loaded NSS module does not support this service, add
736 all users from a +@netgroup entry to the blacklist, too. */
737 if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
738 && result->sp_namp[2] != '\0')
740 if (innetgr (&result->sp_namp[2], NULL, name, NULL))
741 return NSS_STATUS_NOTFOUND;
746 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
747 && result->sp_namp[2] != '\0')
749 enum nss_status status;
751 if (innetgr (&result->sp_namp[2], NULL, name, NULL))
753 status = getspnam_plususer (name, result, ent, buffer,
756 if (status == NSS_STATUS_RETURN)
765 if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
766 && result->sp_namp[1] != '@')
768 if (strcmp (&result->sp_namp[1], name) == 0)
769 return NSS_STATUS_NOTFOUND;
775 if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
776 && result->sp_namp[1] != '@')
778 if (strcmp (name, &result->sp_namp[1]) == 0)
780 enum nss_status status;
782 status = getspnam_plususer (name, result, ent,
783 buffer, buflen, errnop);
785 if (status == NSS_STATUS_RETURN)
786 /* We couldn't parse the entry */
787 return NSS_STATUS_NOTFOUND;
794 if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
796 enum nss_status status;
798 status = getspnam_plususer (name, result, ent,
799 buffer, buflen, errnop);
801 if (status == NSS_STATUS_SUCCESS)
802 /* We found the entry. */
804 else if (status == NSS_STATUS_RETURN)
805 /* We couldn't parse the entry */
806 return NSS_STATUS_NOTFOUND;
811 return NSS_STATUS_SUCCESS;
816 _nss_compat_getspnam_r (const char *name, struct spwd *pwd,
817 char *buffer, size_t buflen, int *errnop)
819 enum nss_status result;
820 ent_t ent = { false, true, false, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0},
821 { NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
823 if (name[0] == '-' || name[0] == '+')
824 return NSS_STATUS_NOTFOUND;
826 __libc_lock_lock (lock);
829 init_nss_interface ();
831 __libc_lock_unlock (lock);
833 result = internal_setspent (&ent, 0);
835 if (result == NSS_STATUS_SUCCESS)
836 result = internal_getspnam_r (name, pwd, &ent, buffer, buflen, errnop);
838 internal_endspent (&ent);
844 /* Support routines for remembering -@netgroup and -user entries.
845 The names are stored in a single string with `|' as separator. */
847 blacklist_store_name (const char *name, ent_t *ent)
849 int namelen = strlen (name);
852 /* first call, setup cache */
853 if (ent->blacklist.size == 0)
855 ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
856 ent->blacklist.data = malloc (ent->blacklist.size);
857 if (ent->blacklist.data == NULL)
859 ent->blacklist.data[0] = '|';
860 ent->blacklist.data[1] = '\0';
861 ent->blacklist.current = 1;
865 if (in_blacklist (name, namelen, ent))
866 return; /* no duplicates */
868 if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
870 ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
871 tmp = realloc (ent->blacklist.data, ent->blacklist.size);
874 free (ent->blacklist.data);
875 ent->blacklist.size = 0;
878 ent->blacklist.data = tmp;
882 tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
885 ent->blacklist.current += namelen + 1;
891 /* Returns TRUE if ent->blacklist contains name, else FALSE. */
893 in_blacklist (const char *name, int namelen, ent_t *ent)
895 char buf[namelen + 3];
898 if (ent->blacklist.data == NULL)
902 cp = stpcpy (&buf[1], name);
905 return strstr (ent->blacklist.data, buf) != NULL;