-/* Copyright (C) 1989,91,93,1996-1999,2000,01 Free Software Foundation, Inc.
+/* Copyright (C) 1989,1991,1993,1996-2006,2008,2010,2011
+ Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Library General Public License as
- published by the Free Software Foundation; either version 2 of the
- License, or (at your option) any later version.
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU Library General Public
- License along with the GNU C Library; see the file COPYING.LIB. If not,
- write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA. */
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
#include <alloca.h>
+#include <assert.h>
#include <errno.h>
#include <grp.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <sys/param.h>
#include <sys/types.h>
#include <nsswitch.h>
+#include "../nscd/nscd-client.h"
+#include "../nscd/nscd_proto.h"
+
+
/* Type of the lookup function. */
typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t,
long int *, long int *,
gid_t **, long int, int *);
-/* Prototype for the setgrent functions we use here. */
-typedef enum nss_status (*set_function) (void);
-
-/* Prototype for the endgrent functions we use here. */
-typedef enum nss_status (*end_function) (void);
-
-/* Prototype for the setgrent functions we use here. */
-typedef enum nss_status (*get_function) (struct group *, char *,
- size_t, int *);
/* The lookup function for the first entry of this service. */
extern int __nss_group_lookup (service_user **nip, const char *name,
void **fctp);
extern void *__nss_lookup_function (service_user *ni, const char *fct_name);
-extern service_user *__nss_group_database;
+extern service_user *__nss_group_database attribute_hidden;
+service_user *__nss_initgroups_database;
+static bool use_initgroups_entry;
-static enum nss_status
-compat_call (service_user *nip, const char *user, gid_t group, long int *start,
- long int *size, gid_t **groupsp, long int limit, int *errnop)
-{
- struct group grpbuf;
- size_t buflen = __sysconf (_SC_GETGR_R_SIZE_MAX);
- char *tmpbuf;
- enum nss_status status;
- set_function setgrent_fct;
- get_function getgrent_fct;
- end_function endgrent_fct;
- gid_t *groups = *groupsp;
-
- getgrent_fct = __nss_lookup_function (nip, "getgrent_r");
- if (getgrent_fct == NULL)
- return NSS_STATUS_UNAVAIL;
-
- setgrent_fct = __nss_lookup_function (nip, "setgrent");
- if (setgrent_fct)
- {
- status = DL_CALL_FCT (setgrent_fct, ());
- if (status != NSS_STATUS_SUCCESS)
- return status;
- }
-
- endgrent_fct = __nss_lookup_function (nip, "endgrent");
-
- tmpbuf = __alloca (buflen);
-
- do
- {
- while ((status = DL_CALL_FCT (getgrent_fct,
- (&grpbuf, tmpbuf, buflen, errnop)),
- status == NSS_STATUS_TRYAGAIN)
- && *errnop == ERANGE)
- {
- buflen *= 2;
- tmpbuf = __alloca (buflen);
- }
-
- if (status != NSS_STATUS_SUCCESS)
- goto done;
-
- if (grpbuf.gr_gid != group)
- {
- char **m;
-
- for (m = grpbuf.gr_mem; *m != NULL; ++m)
- if (strcmp (*m, user) == 0)
- {
- /* Matches user. Insert this group. */
- if (__builtin_expect (*start == *size, 0))
- {
- /* Need a bigger buffer. */
- gid_t *newgroups;
- long int newsize;
-
- if (limit > 0 && *size == limit)
- /* We reached the maximum. */
- goto done;
-
- if (limit <= 0)
- newsize = 2 * *size;
- else
- newsize = MIN (limit, 2 * *size);
-
- newgroups = realloc (groups, newsize * sizeof (*groups));
- if (newgroups == NULL)
- goto done;
- *groupsp = groups = newgroups;
- *size = newsize;
- }
-
- groups[*start] = grpbuf.gr_gid;
- *start += 1;
-
- break;
- }
- }
- }
- while (status == NSS_STATUS_SUCCESS);
- done:
- if (endgrent_fct)
- DL_CALL_FCT (endgrent_fct, ());
+#include "compat-initgroups.c"
- return NSS_STATUS_SUCCESS;
-}
static int
internal_getgrouplist (const char *user, gid_t group, long int *size,
gid_t **groupsp, long int limit)
{
- service_user *nip = NULL;
- initgroups_dyn_function fct;
+#ifdef USE_NSCD
+ if (__nss_not_use_nscd_group > 0
+ && ++__nss_not_use_nscd_group > NSS_NSCD_RETRY)
+ __nss_not_use_nscd_group = 0;
+ if (!__nss_not_use_nscd_group
+ && !__nss_database_custom[NSS_DBSIDX_group])
+ {
+ int n = __nscd_getgrouplist (user, group, size, groupsp, limit);
+ if (n >= 0)
+ return n;
+
+ /* nscd is not usable. */
+ __nss_not_use_nscd_group = 1;
+ }
+#endif
+
enum nss_status status = NSS_STATUS_UNAVAIL;
- int no_more;
+ int no_more = 0;
+
+ /* Never store more than the starting *SIZE number of elements. */
+ assert (*size > 0);
+ (*groupsp)[0] = group;
/* Start is one, because we have the first group as parameter. */
long int start = 1;
- *groupsp[0] = group;
-
- if (__nss_group_database != NULL)
+ if (__nss_initgroups_database == NULL)
{
- no_more = 0;
- nip = __nss_group_database;
+ if (__nss_database_lookup ("initgroups", NULL, "",
+ &__nss_initgroups_database) < 0)
+ {
+ if (__nss_group_database == NULL)
+ no_more = __nss_database_lookup ("group", NULL, "compat files",
+ &__nss_group_database);
+
+ __nss_initgroups_database = __nss_group_database;
+ }
+ else
+ use_initgroups_entry = true;
}
else
- no_more = __nss_database_lookup ("group", NULL,
- "compat [NOTFOUND=return] files", &nip);
+ /* __nss_initgroups_database might have been set through
+ __nss_configure_lookup in which case use_initgroups_entry was
+ not set here. */
+ use_initgroups_entry = __nss_initgroups_database != __nss_group_database;
+ service_user *nip = __nss_initgroups_database;
while (! no_more)
{
- fct = __nss_lookup_function (nip, "initgroups_dyn");
+ long int prev_start = start;
+ initgroups_dyn_function fct = __nss_lookup_function (nip,
+ "initgroups_dyn");
if (fct == NULL)
- {
- status = compat_call (nip, user, group, &start, size, groupsp,
- limit, &errno);
-
- if (nss_next_action (nip, NSS_STATUS_UNAVAIL) != NSS_ACTION_CONTINUE)
- break;
- }
+ status = compat_call (nip, user, group, &start, size, groupsp,
+ limit, &errno);
else
status = DL_CALL_FCT (fct, (user, group, &start, size, groupsp,
limit, &errno));
+ /* Remove duplicates. */
+ long int cnt = prev_start;
+ while (cnt < start)
+ {
+ long int inner;
+ for (inner = 0; inner < prev_start; ++inner)
+ if ((*groupsp)[inner] == (*groupsp)[cnt])
+ break;
+
+ if (inner < prev_start)
+ (*groupsp)[cnt] = (*groupsp)[--start];
+ else
+ ++cnt;
+ }
+
/* This is really only for debugging. */
if (NSS_STATUS_TRYAGAIN > status || status > NSS_STATUS_RETURN)
- __libc_fatal ("illegal status in " __FUNCTION__);
-
- if (status != NSS_STATUS_SUCCESS
+ __libc_fatal ("illegal status in internal_getgrouplist");
+
+ /* For compatibility reason we will continue to look for more
+ entries using the next service even though data has already
+ been found if the nsswitch.conf file contained only a 'groups'
+ line and no 'initgroups' line. If the latter is available
+ we always respect the status. This means that the default
+ for successful lookups is to return. */
+ if ((use_initgroups_entry || status != NSS_STATUS_SUCCESS)
&& nss_next_action (nip, status) == NSS_ACTION_RETURN)
break;
int
getgrouplist (const char *user, gid_t group, gid_t *groups, int *ngroups)
{
- gid_t *newgroups;
- long int size = *ngroups;
- int result;
+ long int size = MAX (1, *ngroups);
- newgroups = (gid_t *) malloc (size * sizeof (gid_t));
+ gid_t *newgroups = (gid_t *) malloc (size * sizeof (gid_t));
if (__builtin_expect (newgroups == NULL, 0))
/* No more memory. */
+ // XXX This is wrong. The user provided memory, we have to use
+ // XXX it. The internal functions must be called with the user
+ // XXX provided buffer and not try to increase the size if it is
+ // XXX too small. For initgroups a flag could say: increase size.
return -1;
- result = internal_getgrouplist (user, group, &size, &newgroups, -1);
- if (result > *ngroups)
- {
- *ngroups = result;
- result = -1;
- }
- else
- *ngroups = result;
-
- memcpy (groups, newgroups, *ngroups * sizeof (gid_t));
+ int total = internal_getgrouplist (user, group, &size, &newgroups, -1);
+
+ memcpy (groups, newgroups, MIN (*ngroups, total) * sizeof (gid_t));
free (newgroups);
- return result;
+
+ int retval = total > *ngroups ? -1 : total;
+ *ngroups = total;
+
+ return retval;
}
+static_link_warning (getgrouplist)
+
/* Initialize the group set for the current user
by reading the group database and using all groups
of which USER is a member. Also include GROUP. */
long int limit = __sysconf (_SC_NGROUPS_MAX);
if (limit > 0)
- size = limit;
+ /* We limit the size of the intially allocated array. */
+ size = MIN (limit, 64);
else
- {
- /* No fixed limit on groups. Pick a starting buffer size. */
- size = 16;
- }
+ /* No fixed limit on groups. Pick a starting buffer size. */
+ size = 16;
groups = (gid_t *) malloc (size * sizeof (gid_t));
if (__builtin_expect (groups == NULL, 0))
return result;
#endif
}
+
+static_link_warning (initgroups)