From c88ffc239e8d8820f6d1d4e185984e6093a1e4d7 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 14 Aug 2017 17:12:05 +0200 Subject: [PATCH] NSS: Replace exported NSS lookup functions with stubs [BZ #21962] Commit 384ca551743318bd9c9e24a496d6397f2e3f2a49 from 2007 added this to nss/XXX-lookup.c: +#ifndef NO_COMPAT +int +internal_function attribute_compat_text_section +DB_COMPAT_FCT (service_user **ni, const char *fct_name, void **fctp) +{ + return DB_LOOKUP_FCT (ni, fct_name, NULL, fctp); +} +#endif That is, it adds a pseudo-compat function with an internal_function attribute. The function it was supposed to replace did not have the attribute: extern int DB_LOOKUP_FCT (service_user **ni, const char *fct_name, - void **fctp) internal_function; + const char *fct2_name, void **fctp) + internal_function; This changed the calling convention on i386 for the following functions in the public ABI: __nss_passwd_lookup __nss_group_lookup __nss_hosts_lookup This commit replaces the functions with always-failing stubs, with true compat symbols. Due to a happy accident, the calling convention of the stub is identical for the internal_function and non-internal_function case on i386. In addition, this commit auto-generates the __nss_*_lookup2 function declarations as part of . --- ChangeLog | 26 ++++++++++++++++++++++++++ grp/initgroups.c | 5 ----- inet/ether_hton.c | 7 +------ inet/ether_ntoh.c | 7 +------ inet/getnetgrent_r.c | 6 +----- nss/Makefile | 3 ++- nss/Versions | 2 ++ nss/XXX-lookup.c | 15 --------------- nss/compat-lookup.c | 42 ++++++++++++++++++++++++++++++++++++++++++ nss/nsswitch.h | 8 ++++++++ nss/service-lookup.c | 1 - sunrpc/netname.c | 5 +---- sunrpc/publickey.c | 9 ++------- 13 files changed, 86 insertions(+), 50 deletions(-) create mode 100644 nss/compat-lookup.c diff --git a/ChangeLog b/ChangeLog index 3de5a9f..518f54d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,29 @@ +2017-08-14 Florian Weimer + + [BZ #21962] + NSS: Create stubs for accidentally exported lookup functions. + * grp/initgroups.c (__nss_group_lookup, __nss_lookup_function): + Remove declaration. + * inet/ether_hton.c (__nss_ethers_lookup): Likewise. + (ether_hostton): Call __nss_ethers_lookup2 instead. + * inet/ether_ntoh.c (__nss_ethers_lookup): Remove declaration. + (ether_ntohost): Call __nss_ethers_lookup2 instead. + * inet/getnetgrent_r.c (__nss_netgroup_lookup): Remove declaration. + (setup): Call __nss_netgroup_lookup2 instead. + * nss/Makefile (routines): Add compat-lookup. + * nss/Versions (GLIBC_2.27): Add symbol version. + * nss/XXX-lookup (DB_LOOKUP_FCT): Remove declaration. Now provided by . + (DB_COMPAT_FCT): Remove. + * nss/compat-lookup.c: New file. + * nss/nsswitch.h: Generate __nss_*_lookup2 function prototypes + from databases.def. + * nss/service-lookup.c (NO_COMPAT): Remove definition. + * sunrpc/netname.c (__nss_publickey_lookup): Remove declaration. + (netname2user): Call __nss_publickey_lookup2 instead. + * sunrpc/publickey.c (__nss_publickey_lookup): Remove declaration. + (getpublickey, getsecretkey): Call __nss_publickey_lookup2 + instead. + 2017-08-14 Adhemerval Zanella Sergei Trofimovich diff --git a/grp/initgroups.c b/grp/initgroups.c index 7a40813..0d5b841 100644 --- a/grp/initgroups.c +++ b/grp/initgroups.c @@ -36,11 +36,6 @@ typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t, long int *, long int *, gid_t **, long int, int *); -/* The lookup function for the first entry of this service. */ -extern int __nss_group_lookup (service_user **nip, const char *name, - void **fctp); -extern void *__nss_lookup_function (service_user *ni, const char *fct_name); - extern service_user *__nss_group_database attribute_hidden; service_user *__nss_initgroups_database; static bool use_initgroups_entry; diff --git a/inet/ether_hton.c b/inet/ether_hton.c index a552398..164838e 100644 --- a/inet/ether_hton.c +++ b/inet/ether_hton.c @@ -27,11 +27,6 @@ typedef int (*lookup_function) (const char *, struct etherent *, char *, int, int *); -/* The lookup function for the first entry of this service. */ -extern int __nss_ethers_lookup (service_user **nip, const char *name, - void **fctp) internal_function; - - int ether_hostton (const char *hostname, struct ether_addr *addr) { @@ -49,7 +44,7 @@ ether_hostton (const char *hostname, struct ether_addr *addr) if (startp == NULL) { - no_more = __nss_ethers_lookup (&nip, "gethostton_r", &fct.ptr); + no_more = __nss_ethers_lookup2 (&nip, "gethostton_r", NULL, &fct.ptr); if (no_more) startp = (service_user *) -1; else diff --git a/inet/ether_ntoh.c b/inet/ether_ntoh.c index b2f7422..393601e 100644 --- a/inet/ether_ntoh.c +++ b/inet/ether_ntoh.c @@ -28,11 +28,6 @@ typedef int (*lookup_function) (const struct ether_addr *, struct etherent *, char *, size_t, int *); -/* The lookup function for the first entry of this service. */ -extern int __nss_ethers_lookup (service_user **nip, const char *name, - void **fctp) internal_function; - - int ether_ntohost (char *hostname, const struct ether_addr *addr) { @@ -50,7 +45,7 @@ ether_ntohost (char *hostname, const struct ether_addr *addr) if (startp == NULL) { - no_more = __nss_ethers_lookup (&nip, "getntohost_r", &fct.ptr); + no_more = __nss_ethers_lookup2 (&nip, "getntohost_r", NULL, &fct.ptr); if (no_more) startp = (service_user *) -1; else diff --git a/inet/getnetgrent_r.c b/inet/getnetgrent_r.c index a8fc51c..89fefeb 100644 --- a/inet/getnetgrent_r.c +++ b/inet/getnetgrent_r.c @@ -36,10 +36,6 @@ __libc_lock_define_initialized (static, lock) kept in this structure. */ static struct __netgrent dataset; -/* The lookup function for the first entry of this service. */ -extern int __nss_netgroup_lookup (service_user **nipp, const char *name, - void **fctp) internal_function; - /* Set up NIP to run through the services. Return nonzero if there are no services (left). */ static int @@ -54,7 +50,7 @@ setup (void **fctp, service_user **nipp) { /* Executing this more than once at the same time must yield the same result every time. So we need no locking. */ - no_more = __nss_netgroup_lookup (nipp, "setnetgrent", fctp); + no_more = __nss_netgroup_lookup2 (nipp, "setnetgrent", NULL, fctp); startp = no_more ? (service_user *) -1 : *nipp; #ifdef PTR_MANGLE PTR_MANGLE (startp); diff --git a/nss/Makefile b/nss/Makefile index d9f6d41..1e298c2 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -27,7 +27,8 @@ headers := nss.h # This is the trivial part which goes into libc itself. routines = nsswitch getnssent getnssent_r digits_dots \ valid_field valid_list_field rewrite_field \ - $(addsuffix -lookup,$(databases)) + $(addsuffix -lookup,$(databases)) \ + compat-lookup # These are the databases that go through nss dispatch. # Caution: if you add a database here, you must add its real name diff --git a/nss/Versions b/nss/Versions index f8ababc..50268ed 100644 --- a/nss/Versions +++ b/nss/Versions @@ -7,6 +7,8 @@ libc { GLIBC_2.2.2 { __nss_hostname_digits_dots; } + GLIBC_2.27 { + } GLIBC_PRIVATE { _nss_files_parse_grent; _nss_files_parse_pwent; _nss_files_parse_spent; __nss_disable_nscd; __nss_lookup_function; _nss_files_parse_sgent; diff --git a/nss/XXX-lookup.c b/nss/XXX-lookup.c index 972a210..4941769 100644 --- a/nss/XXX-lookup.c +++ b/nss/XXX-lookup.c @@ -34,7 +34,6 @@ \*******************************************************************/ #define DB_LOOKUP_FCT CONCAT3_1 (__nss_, DATABASE_NAME, _lookup2) -#define DB_COMPAT_FCT CONCAT3_1 (__nss_, DATABASE_NAME, _lookup) #define CONCAT3_1(Pre, Name, Post) CONCAT3_2 (Pre, Name, Post) #define CONCAT3_2(Pre, Name, Post) Pre##Name##Post @@ -55,10 +54,6 @@ service_user *DATABASE_NAME_SYMBOL attribute_hidden; -extern int DB_LOOKUP_FCT (service_user **ni, const char *fct_name, - const char *fct2_name, void **fctp); -libc_hidden_proto (DB_LOOKUP_FCT) - int DB_LOOKUP_FCT (service_user **ni, const char *fct_name, const char *fct2_name, void **fctp) @@ -73,13 +68,3 @@ DB_LOOKUP_FCT (service_user **ni, const char *fct_name, const char *fct2_name, return __nss_lookup (ni, fct_name, fct2_name, fctp); } libc_hidden_def (DB_LOOKUP_FCT) - - -#ifndef NO_COMPAT -int -attribute_compat_text_section -DB_COMPAT_FCT (service_user **ni, const char *fct_name, void **fctp) -{ - return DB_LOOKUP_FCT (ni, fct_name, NULL, fctp); -} -#endif diff --git a/nss/compat-lookup.c b/nss/compat-lookup.c new file mode 100644 index 0000000..b5c9673 --- /dev/null +++ b/nss/compat-lookup.c @@ -0,0 +1,42 @@ +/* Compatibility stubs of accidentally exported __nss_*_lookup functions. + Copyright (C) 2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_27) + +# include +# include + +/* On i386, the function calling convention changed from the standard + ABI calling convention to three register parameters in glibc 2.8. + The following error-returning stub happens to be compatible with + glibc 2.7 and earlier and glibc 2.8 and later, even on i386. */ +int +attribute_compat_text_section +__nss_passwd_lookup (service_user **ni, const char *fct_name, void **fctp) +{ + __set_errno (ENOSYS); + return -1; +} +compat_symbol (libc, __nss_passwd_lookup, __nss_passwd_lookup, GLIBC_2_0); +strong_alias (__nss_passwd_lookup, __nss_group_lookup) +compat_symbol (libc, __nss_group_lookup, __nss_group_lookup, GLIBC_2_0); +strong_alias (__nss_passwd_lookup, __nss_hosts_lookup) +compat_symbol (libc, __nss_hosts_lookup, __nss_hosts_lookup, GLIBC_2_0); + +#endif /* SHLIB_COMPAT */ diff --git a/nss/nsswitch.h b/nss/nsswitch.h index 7da9013..2b86d63 100644 --- a/nss/nsswitch.h +++ b/nss/nsswitch.h @@ -219,4 +219,12 @@ libc_hidden_proto (__nss_hostname_digits_dots) #define MAX_NR_ALIASES 48 #define MAX_NR_ADDRS 48 +/* Prototypes for __nss_*_lookup2 functions. */ +#define DEFINE_DATABASE(arg) \ + int __nss_##arg##_lookup2 (service_user **, const char *, \ + const char *, void **); \ + libc_hidden_proto (__nss_##arg##_lookup2) +#include "databases.def" +#undef DEFINE_DATABASE + #endif /* nsswitch.h */ diff --git a/nss/service-lookup.c b/nss/service-lookup.c index 3f230d6..3b97b41 100644 --- a/nss/service-lookup.c +++ b/nss/service-lookup.c @@ -17,6 +17,5 @@ . */ #define DATABASE_NAME services -#define NO_COMPAT #include "XXX-lookup.c" diff --git a/sunrpc/netname.c b/sunrpc/netname.c index 9aee3e4..0dacd1c 100644 --- a/sunrpc/netname.c +++ b/sunrpc/netname.c @@ -140,9 +140,6 @@ libc_hidden_nolink_sunrpc (getnetname, GLIBC_2_1) /* Type of the lookup function for netname2user. */ typedef int (*netname2user_function) (const char netname[MAXNETNAMELEN + 1], uid_t *, gid_t *, int *, gid_t *); -/* The lookup function for the first entry of this service. */ -extern int __nss_publickey_lookup (service_user ** nip, const char *name, - void **fctp) internal_function; int netname2user (const char netname[MAXNETNAMELEN + 1], uid_t * uidp, gid_t * gidp, @@ -161,7 +158,7 @@ netname2user (const char netname[MAXNETNAMELEN + 1], uid_t * uidp, gid_t * gidp, if (startp == NULL) { - no_more = __nss_publickey_lookup (&nip, "netname2user", &fct.ptr); + no_more = __nss_publickey_lookup2 (&nip, "netname2user", NULL, &fct.ptr); if (no_more) startp = (service_user *) - 1; else diff --git a/sunrpc/publickey.c b/sunrpc/publickey.c index ca6e430..e7ac854 100644 --- a/sunrpc/publickey.c +++ b/sunrpc/publickey.c @@ -31,11 +31,6 @@ typedef int (*public_function) (const char *, char *, int *); /* Type of the lookup function for the secret key. */ typedef int (*secret_function) (const char *, char *, const char *, int *); -/* The lookup function for the first entry of this service. */ -extern int __nss_publickey_lookup (service_user **nip, const char *name, - void **fctp) internal_function; - - int getpublickey (const char *name, char *key) { @@ -52,7 +47,7 @@ getpublickey (const char *name, char *key) if (startp == NULL) { - no_more = __nss_publickey_lookup (&nip, "getpublickey", &fct.ptr); + no_more = __nss_publickey_lookup2 (&nip, "getpublickey", NULL, &fct.ptr); if (no_more) startp = (service_user *) -1; else @@ -95,7 +90,7 @@ getsecretkey (const char *name, char *key, const char *passwd) if (startp == NULL) { - no_more = __nss_publickey_lookup (&nip, "getsecretkey", &fct.ptr); + no_more = __nss_publickey_lookup2 (&nip, "getsecretkey", NULL, &fct.ptr); if (no_more) startp = (service_user *) -1; else -- 2.7.4