diff options
| author | Ulrich Drepper <drepper@redhat.com> | 1997-11-19 23:05:28 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 1997-11-19 23:05:28 +0000 |
| commit | 3e20ab6af4fa5fe7b83889731409b08595753ebf (patch) | |
| tree | f90d56faaf9ebac1034d8b1555e333f1a711cc3b | |
| parent | 77e821b1b5acdf6adcf98c90486978de00a146ec (diff) | |
| download | glibc-3e20ab6af4fa5fe7b83889731409b08595753ebf.tar.gz glibc-3e20ab6af4fa5fe7b83889731409b08595753ebf.tar.xz glibc-3e20ab6af4fa5fe7b83889731409b08595753ebf.zip | |
Carry over several patches from glibc 2.1 development version to
fix some more severe bugs.
| -rw-r--r-- | nis/nss_compat/compat-grp.c | 396 | ||||
| -rw-r--r-- | nis/nss_compat/compat-pwd.c | 601 | ||||
| -rw-r--r-- | nis/nss_compat/compat-spwd.c | 404 | ||||
| -rw-r--r-- | nis/ypclnt.c | 167 |
4 files changed, 1289 insertions, 279 deletions
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c index 91d3b56bb5..58a5a7f525 100644 --- a/nis/nss_compat/compat-grp.c +++ b/nis/nss_compat/compat-grp.c @@ -26,6 +26,7 @@ #include <string.h> #include <rpcsvc/yp.h> #include <rpcsvc/ypclnt.h> +#include <nsswitch.h> /* Get the declaration of the parser function. */ #define ENTNAME grent @@ -33,7 +34,7 @@ #define EXTERN_PARSER #include "../../nss/nss_files/files-parse.c" -/* Structure for remembering -@netgroup and -user members ... */ +/* Structure for remembering -group members ... */ #define BLACKLIST_INITIAL_SIZE 512 #define BLACKLIST_INCREMENT 256 struct blacklist_t @@ -51,7 +52,7 @@ struct ent_t int oldkeylen; FILE *stream; struct blacklist_t blacklist; - }; +}; typedef struct ent_t ent_t; static ent_t ext_ent = {0, 0, NULL, 0, NULL, {NULL, 0, 0}}; @@ -176,7 +177,7 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, struct parser_data *data = (void *) buffer; char *domain; char *outkey, *outval; - int outkeylen, outvallen; + int outkeylen, outvallen, parse_res; char *p; if (yp_get_default_domain (&domain) != YPERR_SUCCESS) @@ -187,6 +188,10 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, do { + char *save_oldkey; + int save_oldlen; + bool_t save_nis_first; + if (ent->nis_first) { if (yp_first (domain, "group.byname", &outkey, &outkeylen, @@ -195,7 +200,9 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, ent->nis = 0; return NSS_STATUS_UNAVAIL; } - + save_oldkey = ent->oldkey; + save_oldlen = ent->oldkeylen; + save_nis_first = TRUE; ent->oldkey = outkey; ent->oldkeylen = outkeylen; ent->nis_first = FALSE; @@ -210,7 +217,9 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, return NSS_STATUS_NOTFOUND; } - free (ent->oldkey); + save_oldkey = ent->oldkey; + save_oldlen = ent->oldkeylen; + save_nis_first = FALSE; ent->oldkey = outkey; ent->oldkeylen = outkeylen; } @@ -223,16 +232,65 @@ getgrent_next_nis (struct group *result, ent_t *ent, char *buffer, while (isspace (*p)) ++p; + + if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1) + { + free (ent->oldkey); + ent->oldkey = save_oldkey; + ent->oldkeylen = save_oldlen; + ent->nis_first = save_nis_first; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!save_nis_first) + free (save_oldkey); + } + + if (parse_res && + in_blacklist (result->gr_name, strlen (result->gr_name), ent)) + parse_res = 0; /* if result->gr_name in blacklist,search next entry */ + } + while (!parse_res); + + return NSS_STATUS_SUCCESS; +} + +/* This function handle the +group entrys in /etc/group */ +static enum nss_status +getgrnam_plusgroup (const char *name, struct group *result, char *buffer, + size_t buflen) +{ + struct parser_data *data = (void *) buffer; + int parse_res; + char *domain, *outval, *p; + int outvallen; + + if (yp_get_default_domain (&domain) != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + + if (yp_match (domain, "group.byname", name, strlen (name), + &outval, &outvallen) != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + p = strncpy (buffer, outval, + buflen < (size_t) outvallen ? buflen : (size_t) outvallen); + free (outval); + while (isspace (*p)) + p++; + if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; } - while (!_nss_files_parse_grent (p, result, data, buflen)); - if (!in_blacklist (result->gr_name, strlen (result->gr_name), ent)) + if (parse_res) + /* We found the entry. */ return NSS_STATUS_SUCCESS; else - return NSS_STATUS_NOTFOUND; + return NSS_STATUS_RETURN; } - static enum nss_status getgrent_next_file (struct group *result, ent_t *ent, char *buffer, size_t buflen) @@ -240,13 +298,24 @@ getgrent_next_file (struct group *result, ent_t *ent, struct parser_data *data = (void *) buffer; while (1) { + fpos_t pos; + int parse_res = 0; char *p; do { + fgetpos (ent->stream, &pos); p = fgets (buffer, buflen, ent->stream); if (p == NULL) - return NSS_STATUS_NOTFOUND; + { + if (feof (ent->stream)) + return NSS_STATUS_NOTFOUND; + else + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + } /* Terminate the line for any case. */ buffer[buflen - 1] = '\0'; @@ -255,11 +324,18 @@ getgrent_next_file (struct group *result, ent_t *ent, while (isspace (*p)) ++p; } - /* Ignore empty and comment lines. */ - while (*p == '\0' || *p == '#' || + while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ /* Parse the line. If it is invalid, loop to get the next line of the file to parse. */ - !_nss_files_parse_grent (p, result, data, buflen)); + !(parse_res = _nss_files_parse_grent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } if (result->gr_name[0] != '+' && result->gr_name[0] != '-') /* This is a real entry. */ @@ -277,27 +353,20 @@ getgrent_next_file (struct group *result, ent_t *ent, if (result->gr_name[0] == '+' && result->gr_name[1] != '\0' && result->gr_name[1] != '@') { - char *domain; - char *outval; - int outvallen; - - if (yp_get_default_domain (&domain) != YPERR_SUCCESS) - /* XXX Should we regard this as an fatal error? I don't - think so. Just continue working. --drepper@gnu */ - continue; + enum nss_status status; - if (yp_match (domain, "group.byname", &result->gr_name[1], - strlen (result->gr_name) - 1, &outval, &outvallen) - != YPERR_SUCCESS) - continue; - - p = strncpy (buffer, outval, buflen); - while (isspace (*p)) - p++; - free (outval); - if (_nss_files_parse_grent (p, result, data, buflen)) - /* We found the entry. */ - break; + /* Store the group in the blacklist for the "+" at the end of + /etc/group */ + blacklist_store_name (&result->gr_name[1], ent); + status = getgrnam_plusgroup (&result->gr_name[1], result, buffer, + buflen); + if (status == NSS_STATUS_SUCCESS) /* We found the entry. */ + break; + else + if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */ + continue; + else + return status; } /* +:... */ @@ -319,7 +388,9 @@ internal_getgrent_r (struct group *gr, ent_t *ent, char *buffer, size_t buflen) { if (ent->nis) - return getgrent_next_nis (gr, ent, buffer, buflen); + { + return getgrent_next_nis (gr, ent, buffer, buflen); + } else return getgrent_next_file (gr, ent, buffer, buflen); } @@ -343,6 +414,104 @@ _nss_compat_getgrent_r (struct group *grp, char *buffer, size_t buflen) return status; } +/* Searches in /etc/group and the NIS/NIS+ map for a special group */ +static enum nss_status +internal_getgrnam_r (const char *name, struct group *result, ent_t *ent, + char *buffer, size_t buflen) +{ + struct parser_data *data = (void *) buffer; + while (1) + { + fpos_t pos; + int parse_res = 0; + char *p; + + do + { + fgetpos (ent->stream, &pos); + p = fgets (buffer, buflen, ent->stream); + if (p == NULL) + { + if (feof (ent->stream)) + return NSS_STATUS_NOTFOUND; + else + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + } + + /* Terminate the line for any case. */ + buffer[buflen - 1] = '\0'; + + /* Skip leading blanks. */ + while (isspace (*p)) + ++p; + } + while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ + /* Parse the line. If it is invalid, loop to + get the next line of the file to parse. */ + !(parse_res = _nss_files_parse_grent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + /* This is a real entry. */ + if (result->gr_name[0] != '+' && result->gr_name[0] != '-') + { + if (strcmp (result->gr_name, name) == 0) + return NSS_STATUS_SUCCESS; + else + continue; + } + + /* -group */ + if (result->gr_name[0] == '-' && result->gr_name[1] != '\0' + && result->gr_name[1] != '@') + { + if (strcmp (&result->gr_name[1], name) == 0) + return NSS_STATUS_NOTFOUND; + else + continue; + } + + /* +group */ + if (result->gr_name[0] == '+' && result->gr_name[1] != '\0' + && result->gr_name[1] != '@') + { + if (strcmp (name, &result->gr_name[1]) == 0) + { + enum nss_status status; + + status = getgrnam_plusgroup (name, result, buffer, buflen); + if (status == NSS_STATUS_RETURN) + /* We couldn't parse the entry */ + continue; + else + return status; + } + } + /* +:... */ + if (result->gr_name[0] == '+' && result->gr_name[1] == '\0') + { + enum nss_status status; + + status = getgrnam_plusgroup (name, result, buffer, buflen); + if (status == NSS_STATUS_RETURN) + /* We couldn't parse the entry */ + continue; + else + return status; + } + } + + return NSS_STATUS_SUCCESS; +} enum nss_status _nss_compat_getgrnam_r (const char *name, struct group *grp, @@ -354,20 +523,154 @@ _nss_compat_getgrnam_r (const char *name, struct group *grp, if (name[0] == '-' || name[0] == '+') return NSS_STATUS_NOTFOUND; + __libc_lock_lock (lock); status = internal_setgrent (&ent); + + __libc_lock_unlock (lock); + if (status != NSS_STATUS_SUCCESS) return status; - while ((status = internal_getgrent_r (grp, &ent, buffer, buflen)) - == NSS_STATUS_SUCCESS) - if (strcmp (grp->gr_name, name) == 0) - break; + status = internal_getgrnam_r (name, grp, &ent, buffer, buflen); internal_endgrent (&ent); + return status; } +/* This function handle the + entry in /etc/group */ +static enum nss_status +getgrgid_plusgroup (gid_t gid, struct group *result, char *buffer, + size_t buflen) +{ + struct parser_data *data = (void *) buffer; + int parse_res; + char buf[1024]; + char *domain, *outval, *p; + int outvallen; + + if (yp_get_default_domain (&domain) != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + + snprintf (buf, sizeof (buf), "%d", gid); + + if (yp_match (domain, "group.bygid", buf, strlen (buf), + &outval, &outvallen) != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + p = strncpy (buffer, outval, + buflen < (size_t) outvallen ? buflen : (size_t) outvallen); + free (outval); + while (isspace (*p)) + p++; + if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + if (parse_res) + /* We found the entry. */ + return NSS_STATUS_SUCCESS; + else + return NSS_STATUS_RETURN; +} + +/* Searches in /etc/group and the NIS/NIS+ map for a special group id */ +static enum nss_status +internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent, + char *buffer, size_t buflen) +{ + struct parser_data *data = (void *) buffer; + while (1) + { + fpos_t pos; + int parse_res = 0; + char *p; + + do + { + fgetpos (ent->stream, &pos); + p = fgets (buffer, buflen, ent->stream); + if (p == NULL) + { + if (feof (ent->stream)) + return NSS_STATUS_NOTFOUND; + else + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + } + + /* Terminate the line for any case. */ + buffer[buflen - 1] = '\0'; + + /* Skip leading blanks. */ + while (isspace (*p)) + ++p; + } + while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ + /* Parse the line. If it is invalid, loop to + get the next line of the file to parse. */ + !(parse_res = _nss_files_parse_grent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + /* This is a real entry. */ + if (result->gr_name[0] != '+' && result->gr_name[0] != '-') + { + if (result->gr_gid == gid) + return NSS_STATUS_SUCCESS; + else + continue; + } + + /* -group */ + if (result->gr_name[0] == '-' && result->gr_name[1] != '\0' + && result->gr_name[1] != '@') + { + blacklist_store_name (&result->gr_name[1], ent); + continue; + } + + /* +group */ + if (result->gr_name[0] == '+' && result->gr_name[1] != '\0' + && result->gr_name[1] != '@') + { + enum nss_status status; + + /* Store the group in the blacklist for the "+" at the end of + /etc/group */ + blacklist_store_name (&result->gr_name[1], ent); + status = getgrnam_plusgroup (&result->gr_name[1], result, buffer, + buflen); + if (status == NSS_STATUS_SUCCESS && result->gr_gid == gid) + break; + else + continue; + } + /* +:... */ + if (result->gr_name[0] == '+' && result->gr_name[1] == '\0') + { + enum nss_status status; + + status = getgrgid_plusgroup (gid, result, buffer, buflen); + if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */ + return NSS_STATUS_NOTFOUND; + else + return status; + } + } + + return NSS_STATUS_SUCCESS; +} enum nss_status _nss_compat_getgrgid_r (gid_t gid, struct group *grp, @@ -376,16 +679,19 @@ _nss_compat_getgrgid_r (gid_t gid, struct group *grp, ent_t ent = {0, 0, NULL, 0, NULL, {NULL, 0, 0}}; enum nss_status status; + __libc_lock_lock (lock); + status = internal_setgrent (&ent); + + __libc_lock_unlock (lock); + if (status != NSS_STATUS_SUCCESS) return status; - while ((status = internal_getgrent_r (grp, &ent, buffer, buflen)) - == NSS_STATUS_SUCCESS) - if (grp->gr_gid == gid && grp->gr_name[0] != '+' && grp->gr_name[0] != '-') - break; + status = internal_getgrgid_r (gid, grp, &ent, buffer, buflen); internal_endgrent (&ent); + return status; } @@ -441,10 +747,14 @@ static bool_t in_blacklist (const char *name, int namelen, ent_t *ent) { char buf[namelen + 3]; + char *cp; if (ent->blacklist.data == NULL) return FALSE; - stpcpy (stpcpy (stpcpy (buf, "|"), name), "|"); + buf[0] = '|'; + cp = stpcpy (&buf[1], name); + *cp++= '|'; + *cp = '\0'; return strstr (ent->blacklist.data, buf) != NULL; } diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c index a1475c9134..048d1e9e49 100644 --- a/nis/nss_compat/compat-pwd.c +++ b/nis/nss_compat/compat-pwd.c @@ -20,13 +20,14 @@ #include <nss.h> #include <pwd.h> #include <errno.h> -#include <fcntl.h> #include <ctype.h> +#include <fcntl.h> #include <netdb.h> #include <string.h> #include <libc-lock.h> #include <rpcsvc/yp.h> #include <rpcsvc/ypclnt.h> +#include <nsswitch.h> #include "netgroup.h" @@ -257,6 +258,9 @@ internal_endpwent (ent_t *ent) ent->stream = NULL; } + if (ent->netgroup) + __internal_endnetgrent (&ent->netgrdata); + ent->nis = ent->first = ent->netgroup = 0; if (ent->oldkey != NULL) @@ -282,9 +286,6 @@ _nss_compat_endpwent (void) __libc_lock_lock (lock); - if (ext_ent.netgroup) - __internal_endnetgrent (&ext_ent.netgrdata); - result = internal_endpwent (&ext_ent); __libc_lock_unlock (lock); @@ -293,8 +294,8 @@ _nss_compat_endpwent (void) } static enum nss_status -getpwent_next_netgr (struct passwd *result, ent_t *ent, char *group, - char *buffer, size_t buflen) +getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent, + char *group, char *buffer, size_t buflen) { struct parser_data *data = (void *) buffer; char *ypdomain, *host, *user, *domain, *outval, *p, *p2; @@ -311,13 +312,17 @@ getpwent_next_netgr (struct passwd *result, ent_t *ent, char *group, if (ent->first == TRUE) { - bzero (&ent->netgrdata, sizeof (struct __netgrent)); + memset (&ent->netgrdata, 0, sizeof (struct __netgrent)); __internal_setnetgrent (group, &ent->netgrdata); ent->first = FALSE; } while (1) { + char *saved_cursor; + int parse_res; + + saved_cursor = ent->netgrdata.cursor; status = __internal_getnetgrent_r (&host, &user, &domain, &ent->netgrdata, buffer, buflen); if (status != 1) @@ -334,6 +339,11 @@ getpwent_next_netgr (struct passwd *result, ent_t *ent, char *group, if (domain != NULL && strcmp (ypdomain, domain) != 0) continue; + /* If name != NULL, we are called from getpwnam */ + if (name != NULL) + if (strcmp (user, name) != 0) + continue; + if (yp_match (ypdomain, "passwd.byname", user, strlen (user), &outval, &outvallen) != YPERR_SUCCESS) @@ -351,8 +361,17 @@ getpwent_next_netgr (struct passwd *result, ent_t *ent, char *group, while (isspace (*p)) p++; free (outval); - if (_nss_files_parse_pwent (p, result, data, buflen)) + if ((parse_res = _nss_files_parse_pwent (p, result, data, buflen)) == -1) + { + ent->netgrdata.cursor = saved_cursor; + return NSS_STATUS_TRYAGAIN; + } + + if (parse_res) { + /* Store the User in the blacklist for the "+" at the end of + /etc/passwd */ + blacklist_store_name (result->pw_name, ent); copy_pwd_changes (result, &ent->pwd, p2, p2len); break; } @@ -367,7 +386,7 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, { struct parser_data *data = (void *) buffer; char *domain, *outkey, *outval, *p, *p2; - int outkeylen, outvallen; + int outkeylen, outvallen, parse_res; size_t p2len; if (yp_get_default_domain (&domain) != YPERR_SUCCESS) @@ -387,6 +406,10 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, buflen -= p2len; do { + bool_t saved_first; + char *saved_oldkey; + int saved_oldlen; + if (ent->first) { if (yp_first (domain, "passwd.byname", &outkey, &outkeylen, @@ -397,6 +420,9 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, return NSS_STATUS_UNAVAIL; } + saved_first = TRUE; + saved_oldkey = ent->oldkey; + saved_oldlen = ent->oldkeylen; ent->oldkey = outkey; ent->oldkeylen = outkeylen; ent->first = FALSE; @@ -412,7 +438,9 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, return NSS_STATUS_NOTFOUND; } - free (ent->oldkey); + saved_first = FALSE; + saved_oldkey = ent->oldkey; + saved_oldlen = ent->oldkeylen; ent->oldkey = outkey; ent->oldkeylen = outkeylen; } @@ -425,17 +453,93 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer, while (isspace (*p)) ++p; + if ((parse_res = _nss_files_parse_pwent (p, result, data, buflen)) == -1) + { + free (ent->oldkey); + ent->oldkey = saved_oldkey; + ent->oldkeylen = saved_oldlen; + ent->first = saved_first; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!saved_first) + free (saved_oldkey); + } + if (parse_res && + in_blacklist (result->pw_name, strlen (result->pw_name), ent)) + parse_res = 0; } - while (!_nss_files_parse_pwent (p, result, data, buflen)); + while (!parse_res); copy_pwd_changes (result, &ent->pwd, p2, p2len); - if (!in_blacklist (result->pw_name, strlen (result->pw_name), ent)) - return NSS_STATUS_SUCCESS; - else - return NSS_STATUS_NOTFOUND; + return NSS_STATUS_SUCCESS; } +/* This function handle the +user entrys in /etc/passwd */ +static enum nss_status +getpwnam_plususer (const char *name, struct passwd *result, char *buffer, + size_t buflen) +{ + struct parser_data *data = (void *) buffer; + struct passwd pwd; + int parse_res; + char *p; + size_t plen; + char *domain, *outval, *ptr; + int outvallen; + + memset (&pwd, '\0', sizeof (struct passwd)); + + copy_pwd_changes (&pwd, result, NULL, 0); + + plen = pwd_need_buflen (&pwd); + if (plen > buflen) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + p = buffer + (buflen - plen); + buflen -= plen; + + + if (yp_get_default_domain (&domain) != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + + if (yp_match (domain, "passwd.byname", name, strlen (name), + &outval, &outvallen) + != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? + buflen : (size_t) outvallen); + buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + free (outval); + while (isspace (*ptr)) + ptr++; + if ((parse_res = _nss_files_parse_pwent (ptr, result, data, buflen)) + == -1) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + if (parse_res > 0) + { + copy_pwd_changes (result, &pwd, p, plen); + give_pwd_free (&pwd); + /* We found the entry. */ + return NSS_STATUS_SUCCESS; + } + else + { + /* Give buffer the old len back */ + buflen += plen; + give_pwd_free (&pwd); + } + return NSS_STATUS_RETURN; +} static enum nss_status getpwent_next_file (struct passwd *result, ent_t *ent, @@ -444,11 +548,13 @@ getpwent_next_file (struct passwd *result, ent_t *ent, struct parser_data *data = (void *) buffer; while (1) { - char *p, *p2; - size_t p2len; + fpos_t pos; + char *p; + int parse_res; do { + fgetpos (ent->stream, &pos); p = fgets (buffer, buflen, ent->stream); if (p == NULL) return NSS_STATUS_NOTFOUND; @@ -463,7 +569,15 @@ getpwent_next_file (struct passwd *result, ent_t *ent, while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ /* Parse the line. If it is invalid, loop to get the next line of the file to parse. */ - !_nss_files_parse_pwent (p, result, data, buflen)); + !(parse_res = _nss_files_parse_pwent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } if (result->pw_name[0] != '+' && result->pw_name[0] != '-') /* This is a real entry. */ @@ -473,15 +587,19 @@ getpwent_next_file (struct passwd *result, ent_t *ent, if (result->pw_name[0] == '-' && result->pw_name[1] == '@' && result->pw_name[2] != '\0') { + char buf2[1024]; char *user, *host, *domain; + struct __netgrent netgrdata; - setnetgrent (&result->pw_name[2]); - while (getnetgrent (&host, &user, &domain)) + bzero (&netgrdata, sizeof (struct __netgrent)); + __internal_setnetgrent (&result->pw_name[2], &netgrdata); + while (__internal_getnetgrent_r (&host, &user, &domain, + &netgrdata, buf2, sizeof (buf2))) { if (user != NULL && user[0] != '-') blacklist_store_name (user, ent); } - endnetgrent (); + __internal_endnetgrent (&netgrdata); continue; } @@ -495,8 +613,9 @@ getpwent_next_file (struct passwd *result, ent_t *ent, ent->first = TRUE; copy_pwd_changes (&ent->pwd, result, NULL, 0); - status = getpwent_next_netgr (result, ent, &result->pw_name[2], - buffer, buflen); + status = getpwent_next_nis_netgr (NULL, result, ent, + &result->pw_name[2], + buffer, buflen); if (status == NSS_STATUS_RETURN) continue; else @@ -515,50 +634,20 @@ getpwent_next_file (struct passwd *result, ent_t *ent, if (result->pw_name[0] == '+' && result->pw_name[1] != '\0' && result->pw_name[1] != '@') { - char *domain; - char *outval; - int outvallen; - struct passwd pwd; - - memset (&pwd, '\0', sizeof (struct passwd)); - - if (yp_get_default_domain (&domain) != YPERR_SUCCESS) - /* XXX Should we regard this as an fatal error? I don't - think so. Just continue working. --drepper@gnu */ - continue; + enum nss_status status; - if (yp_match (domain, "passwd.byname", &result->pw_name[1], - strlen (result->pw_name) - 1, &outval, &outvallen) - != YPERR_SUCCESS) - continue; - - copy_pwd_changes (&pwd, result, NULL, 0); - - p2len = pwd_need_buflen (&pwd); - if (p2len > buflen) - { - __set_errno (ERANGE); - return NSS_STATUS_TRYAGAIN; - } - p2 = buffer + (buflen - p2len); - buflen -= p2len; - p = strncpy (buffer, outval, buflen); - while (isspace (*p)) - p++; - free (outval); - if (_nss_files_parse_pwent (p, result, data, buflen)) - { - copy_pwd_changes (result, &pwd, p2, p2len); - give_pwd_free (&pwd); - /* We found the entry. */ - break; - } + /* Store the User in the blacklist for the "+" at the end of + /etc/passwd */ + blacklist_store_name (&result->pw_name[1], ent); + status = getpwnam_plususer (&result->pw_name[1], result, buffer, + buflen); + if (status == NSS_STATUS_SUCCESS) /* We found the entry. */ + break; else - { - /* Give buffer the old len back */ - buflen += p2len; - give_pwd_free (&pwd); - } + if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */ + continue; + else + return status; } /* +:... */ @@ -586,21 +675,23 @@ internal_getpwent_r (struct passwd *pw, ent_t *ent, char *buffer, /* We are searching members in a netgroup */ /* Since this is not the first call, we don't need the group name */ - status = getpwent_next_netgr (pw, ent, NULL, buffer, buflen); + status = getpwent_next_nis_netgr (NULL, pw, ent, NULL, buffer, buflen); if (status == NSS_STATUS_RETURN) return getpwent_next_file (pw, ent, buffer, buflen); else return status; } - else if (ent->nis) - return getpwent_next_nis (pw, ent, buffer, buflen); else - return getpwent_next_file (pw, ent, buffer, buflen); + if (ent->nis) + { + return getpwent_next_nis (pw, ent, buffer, buflen); + } + else + return getpwent_next_file (pw, ent, buffer, buflen); } enum nss_status -_nss_compat_getpwent_r (struct passwd *pwd, char *buffer, - size_t buflen) +_nss_compat_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen) { enum nss_status status = NSS_STATUS_SUCCESS; @@ -618,6 +709,154 @@ _nss_compat_getpwent_r (struct passwd *pwd, char *buffer, return status; } +/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */ +static enum nss_status +internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent, + char *buffer, size_t buflen) +{ + struct parser_data *data = (void *) buffer; + + while (1) + { + fpos_t pos; + char *p; + int parse_res; + + do + { + fgetpos (ent->stream, &pos); + p = fgets (buffer, buflen, ent->stream); + if (p == NULL) + { + if (feof (ent->stream)) + return NSS_STATUS_NOTFOUND; + else + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + } + + /* Terminate the line for any case. */ + buffer[buflen - 1] = '\0'; + + /* Skip leading blanks. */ + while (isspace (*p)) + ++p; + } + while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ + /* Parse the line. If it is invalid, loop to + get the next line of the file to parse. */ + !(parse_res = _nss_files_parse_pwent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + /* This is a real entry. */ + if (result->pw_name[0] != '+' && result->pw_name[0] != '-') + { + if (strcmp (result->pw_name, name) == 0) + return NSS_STATUS_SUCCESS; + else + continue; + } + + /* -@netgroup */ + if (result->pw_name[0] == '-' && result->pw_name[1] == '@' + && result->pw_name[2] != '\0') + { + char buf2[1024]; + char *user, *host, *domain; + struct __netgrent netgrdata; + + bzero (&netgrdata, sizeof (struct __netgrent)); + __internal_setnetgrent (&result->pw_name[2], &netgrdata); + while (__internal_getnetgrent_r (&host, &user, &domain, + &netgrdata, buf2, sizeof (buf2))) + { + if (user != NULL && user[0] != '-') + if (strcmp (user, name) == 0) + return NSS_STATUS_NOTFOUND; + } + __internal_endnetgrent (&netgrdata); + continue; + } + + /* +@netgroup */ + if (result->pw_name[0] == '+' && result->pw_name[1] == '@' + && result->pw_name[2] != '\0') + { + char buf[strlen (result->pw_name)]; + int status; + + strcpy (buf, &result->pw_name[2]); + ent->netgroup = TRUE; + ent->first = TRUE; + copy_pwd_changes (&ent->pwd, result, NULL, 0); + + do + { + status = getpwent_next_nis_netgr (name, result, ent, buf, + buffer, buflen); + if (status == NSS_STATUS_RETURN) + continue; + + if (status == NSS_STATUS_SUCCESS && + strcmp (result->pw_name, name) == 0) + return NSS_STATUS_SUCCESS; + } while (status == NSS_STATUS_SUCCESS); + continue; + } + + /* -user */ + if (result->pw_name[0] == '-' && result->pw_name[1] != '\0' + && result->pw_name[1] != '@') + { + if (strcmp (&result->pw_name[1], name) == 0) + return NSS_STATUS_NOTFOUND; + else + continue; + } + + /* +user */ + if (result->pw_name[0] == '+' && result->pw_name[1] != '\0' + && result->pw_name[1] != '@') + { + if (strcmp (name, &result->pw_name[1]) == 0) + { + enum nss_status status; + + status = getpwnam_plususer (name, result, buffer, buflen); + if (status == NSS_STATUS_RETURN) + /* We couldn't parse the entry */ + return NSS_STATUS_NOTFOUND; + else + return status; + } + } + + /* +:... */ + if (result->pw_name[0] == '+' && result->pw_name[1] == '\0') + { + enum nss_status status; + + status = getpwnam_plususer (name, result, buffer, buflen); + if (status == NSS_STATUS_SUCCESS) /* We found the entry. */ + break; + else + if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */ + return NSS_STATUS_NOTFOUND; + else + return status; + } + } + return NSS_STATUS_SUCCESS; +} enum nss_status _nss_compat_getpwnam_r (const char *name, struct passwd *pwd, @@ -630,20 +869,218 @@ _nss_compat_getpwnam_r (const char *name, struct passwd *pwd, if (name[0] == '-' || name[0] == '+') return NSS_STATUS_NOTFOUND; - status = internal_setpwent (&ent); if (status != NSS_STATUS_SUCCESS) return status; - while ((status = internal_getpwent_r (pwd, &ent, buffer, buflen)) - == NSS_STATUS_SUCCESS) - if (strcmp (pwd->pw_name, name) == 0) - break; + status = internal_getpwnam_r (name, pwd, &ent, buffer, buflen); internal_endpwent (&ent); + return status; } +/* This function handle the + entry in /etc/passwd for getpwuid */ +static enum nss_status +getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer, + size_t buflen) +{ + struct parser_data *data = (void *) buffer; + struct passwd pwd; + int parse_res; + char *p; + size_t plen; + char buf[1024]; + char *domain, *outval, *ptr; + int outvallen; + + memset (&pwd, '\0', sizeof (struct passwd)); + + copy_pwd_changes (&pwd, result, NULL, 0); + + plen = pwd_need_buflen (&pwd); + if (plen > buflen) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + p = buffer + (buflen - plen); + buflen -= plen; + + + if (yp_get_default_domain (&domain) != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + + sprintf (buf, "%d", uid); + if (yp_match (domain, "passwd.byuid", buf, strlen (buf), + &outval, &outvallen) + != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? + buflen : (size_t) outvallen); + buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + free (outval); + while (isspace (*ptr)) + ptr++; + if ((parse_res = _nss_files_parse_pwent (ptr, result, data, buflen)) + == -1) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + if (parse_res > 0) + { + copy_pwd_changes (result, &pwd, p, plen); + give_pwd_free (&pwd); + /* We found the entry. */ + return NSS_STATUS_SUCCESS; + } + else + { + /* Give buffer the old len back */ + buflen += plen; + give_pwd_free (&pwd); + } + return NSS_STATUS_RETURN; +} + +/* Searches in /etc/passwd and the NIS/NIS+ map for a special user id */ +static enum nss_status +internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent, + char *buffer, size_t buflen) +{ + struct parser_data *data = (void *) buffer; + + while (1) + { + fpos_t pos; + char *p; + int parse_res; + + do + { + fgetpos (ent->stream, &pos); + p = fgets (buffer, buflen, ent->stream); + if (p == NULL) + return NSS_STATUS_NOTFOUND; + + /* Terminate the line for any case. */ + buffer[buflen - 1] = '\0'; + + /* Skip leading blanks. */ + while (isspace (*p)) + ++p; + } + while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ + /* Parse the line. If it is invalid, loop to + get the next line of the file to parse. */ + !(parse_res = _nss_files_parse_pwent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + /* This is a real entry. */ + if (result->pw_name[0] != '+' && result->pw_name[0] != '-') + { + if (result->pw_uid == uid) + return NSS_STATUS_SUCCESS; + else + continue; + } + + /* -@netgroup */ + if (result->pw_name[0] == '-' && result->pw_name[1] == '@' + && result->pw_name[2] != '\0') + { + char buf2[1024]; + char *user, *host, *domain; + struct __netgrent netgrdata; + + bzero (&netgrdata, sizeof (struct __netgrent)); + __internal_setnetgrent (&result->pw_name[2], &netgrdata); + while (__internal_getnetgrent_r (&host, &user, &domain, + &netgrdata, buf2, sizeof (buf2))) + { + if (user != NULL && user[0] != '-') + blacklist_store_name (user, ent); + } + __internal_endnetgrent (&netgrdata); + continue; + } + + /* +@netgroup */ + if (result->pw_name[0] == '+' && result->pw_name[1] == '@' + && result->pw_name[2] != '\0') + { + char buf[strlen (result->pw_name)]; + int status; + + strcpy (buf, &result->pw_name[2]); + ent->netgroup = TRUE; + ent->first = TRUE; + copy_pwd_changes (&ent->pwd, result, NULL, 0); + + do + { + status = getpwent_next_nis_netgr (NULL, result, ent, buf, + buffer, buflen); + if (status == NSS_STATUS_RETURN) + continue; + + if (status == NSS_STATUS_SUCCESS && uid == result->pw_uid) + return NSS_STATUS_SUCCESS; + } while (status == NSS_STATUS_SUCCESS); + continue; + } + + /* -user */ + if (result->pw_name[0] == '-' && result->pw_name[1] != '\0' + && result->pw_name[1] != '@') + { + blacklist_store_name (&result->pw_name[1], ent); + continue; + } + + /* +user */ + if (result->pw_name[0] == '+' && result->pw_name[1] != '\0' + && result->pw_name[1] != '@') + { + enum nss_status status; + + /* Store the User in the blacklist for the "+" at the end of + /etc/passwd */ + blacklist_store_name (&result->pw_name[1], ent); + status = getpwnam_plususer (&result->pw_name[1], result, buffer, + buflen); + if (status == NSS_STATUS_SUCCESS && result->pw_uid == uid) + break; + else + continue; + } + + /* +:... */ + if (result->pw_name[0] == '+' && result->pw_name[1] == '\0') + { + enum nss_status status; + + status = getpwuid_plususer (uid, result, buffer, buflen); + if (status == NSS_STATUS_SUCCESS) /* We found the entry. */ + break; + else + if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */ + return NSS_STATUS_NOTFOUND; + else + return status; + } + } + return NSS_STATUS_SUCCESS; +} enum nss_status _nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd, @@ -657,12 +1094,10 @@ _nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd, if (status != NSS_STATUS_SUCCESS) return status; - while ((status = internal_getpwent_r (pwd, &ent, buffer, buflen)) - == NSS_STATUS_SUCCESS) - if (pwd->pw_uid == uid && pwd->pw_name[0] != '+' && pwd->pw_name[0] != '-') - break; + status = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen); internal_endpwent (&ent); + return status; } @@ -718,10 +1153,14 @@ static bool_t in_blacklist (const char *name, int namelen, ent_t *ent) { char buf[namelen + 3]; + char *cp; if (ent->blacklist.data == NULL) return FALSE; - stpcpy (stpcpy (stpcpy (buf, "|"), name), "|"); + buf[0] = '|'; + cp = stpcpy (&buf[1], name); + *cp++= '|'; + *cp = '\0'; return strstr (ent->blacklist.data, buf) != NULL; } diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c index 6fc71101fe..86aa347abe 100644 --- a/nis/nss_compat/compat-spwd.c +++ b/nis/nss_compat/compat-spwd.c @@ -19,14 +19,17 @@ #include <nss.h> #include <errno.h> -#include <fcntl.h> #include <ctype.h> +#include <fcntl.h> #include <netdb.h> #include <shadow.h> #include <string.h> #include <libc-lock.h> #include <rpcsvc/yp.h> #include <rpcsvc/ypclnt.h> +#include <nsswitch.h> + +#include "netgroup.h" /* Get the declaration of the parser function. */ #define ENTNAME spent @@ -54,10 +57,11 @@ struct ent_t FILE *stream; struct blacklist_t blacklist; struct spwd pwd; + struct __netgrent netgrdata; }; typedef struct ent_t ent_t; -static ent_t ext_ent = {0, 0, 0, NULL, 0, NULL, {NULL, 0, 0}, +static ent_t ext_ent = {0, 0, 0, NULL, 0, NULL, {NULL, 0, 0}, {NULL, NULL, 0, 0, 0, 0, 0, 0, 0}}; /* Protect global state against multiple changers. */ @@ -131,6 +135,10 @@ internal_setspent (ent_t *ent) ent->nis = ent->first = ent->netgroup = 0; + /* If something was left over free it. */ + if (ent->netgroup) + __internal_endnetgrent (&ent->netgrdata); + if (ent->oldkey != NULL) { free (ent->oldkey); @@ -202,6 +210,9 @@ internal_endspent (ent_t *ent) ent->stream = NULL; } + if (ent->netgroup) + __internal_endnetgrent (&ent->netgrdata); + ent->nis = ent->first = ent->netgroup = 0; if (ent->oldkey != NULL) @@ -236,8 +247,8 @@ _nss_compat_endspent (void) static enum nss_status -getspent_next_netgr (struct spwd *result, ent_t *ent, char *group, - char *buffer, size_t buflen) +getspent_next_nis_netgr (const char *name, struct spwd *result, ent_t *ent, + char *group, char *buffer, size_t buflen) { struct parser_data *data = (void *) buffer; char *ypdomain, *host, *user, *domain, *outval, *p, *p2; @@ -254,15 +265,22 @@ getspent_next_netgr (struct spwd *result, ent_t *ent, char *group, if (ent->first == TRUE) { - setnetgrent (group); + bzero (&ent->netgrdata, sizeof (struct __netgrent)); + __internal_setnetgrent (group, &ent->netgrdata); ent->first = FALSE; } while (1) { - if ((status = getnetgrent (&host, &user, &domain)) != 1) + char *saved_cursor; + int parse_res; + + saved_cursor = ent->netgrdata.cursor; + status = __internal_getnetgrent_r (&host, &user, &domain, + &ent->netgrdata, buffer, buflen); + if (status != 1) { - endnetgrent (); + __internal_endnetgrent (&ent->netgrdata); ent->netgroup = 0; give_spwd_free (&ent->pwd); return NSS_STATUS_RETURN; @@ -274,6 +292,11 @@ getspent_next_netgr (struct spwd *result, ent_t *ent, char *group, if (domain != NULL && strcmp (ypdomain, domain) != 0) continue; + /* If name != NULL, we are called from getpwnam */ + if (name != NULL) + if (strcmp (user, name) != 0) + continue; + if (yp_match (ypdomain, "shadow.byname", user, strlen (user), &outval, &outvallen) != YPERR_SUCCESS) @@ -291,8 +314,17 @@ getspent_next_netgr (struct spwd *result, ent_t *ent, char *group, while (isspace (*p)) p++; free (outval); - if (_nss_files_parse_spent (p, result, data, buflen)) + if ((parse_res = _nss_files_parse_spent (p, result, data, buflen)) == -1) + { + ent->netgrdata.cursor = saved_cursor; + return NSS_STATUS_TRYAGAIN; + } + + if (parse_res) { + /* Store the User in the blacklist for the "+" at the end of + /etc/passwd */ + blacklist_store_name (result->sp_namp, ent); copy_spwd_changes (result, &ent->pwd, p2, p2len); break; } @@ -307,7 +339,7 @@ getspent_next_nis (struct spwd *result, ent_t *ent, { struct parser_data *data = (void *) buffer; char *domain, *outkey, *outval, *p, *p2; - int outkeylen, outvallen; + int outkeylen, outvallen, parse_res; size_t p2len; if (yp_get_default_domain (&domain) != YPERR_SUCCESS) @@ -327,6 +359,10 @@ getspent_next_nis (struct spwd *result, ent_t *ent, buflen -= p2len; do { + bool_t saved_first; + char *saved_oldkey; + int saved_oldlen; + if (ent->first) { if (yp_first (domain, "shadow.byname", &outkey, &outkeylen, @@ -336,7 +372,9 @@ getspent_next_nis (struct spwd *result, ent_t *ent, give_spwd_free (&ent->pwd); return NSS_STATUS_UNAVAIL; } - + saved_first = TRUE; + saved_oldkey = ent->oldkey; + saved_oldlen = ent->oldkeylen; ent->oldkey = outkey; ent->oldkeylen = outkeylen; ent->first = FALSE; @@ -352,7 +390,9 @@ getspent_next_nis (struct spwd *result, ent_t *ent, return NSS_STATUS_NOTFOUND; } - free (ent->oldkey); + saved_first = FALSE; + saved_oldkey = ent->oldkey; + saved_oldlen = ent->oldkeylen; ent->oldkey = outkey; ent->oldkeylen = outkeylen; } @@ -365,17 +405,92 @@ getspent_next_nis (struct spwd *result, ent_t *ent, while (isspace (*p)) ++p; + if ((parse_res = _nss_files_parse_spent (p, result, data, buflen)) == -1) + { + free (ent->oldkey); + ent->oldkey = saved_oldkey; + ent->oldkeylen = saved_oldlen; + ent->first = saved_first; + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + else + { + if (!saved_first) + free (saved_oldkey); + } + if (parse_res && + in_blacklist (result->sp_namp, strlen (result->sp_namp), ent)) + parse_res = 0; } - while (!_nss_files_parse_spent (p, result, data, buflen)); + while (!parse_res); copy_spwd_changes (result, &ent->pwd, p2, p2len); - if (!in_blacklist (result->sp_namp, strlen (result->sp_namp), ent)) - return NSS_STATUS_SUCCESS; - else - return NSS_STATUS_NOTFOUND; + return NSS_STATUS_SUCCESS; } +/* This function handle the +user entrys in /etc/shadow */ +static enum nss_status +getspnam_plususer (const char *name, struct spwd *result, char *buffer, + size_t buflen) +{ + struct parser_data *data = (void *) buffer; + struct spwd pwd; + int parse_res; + char *p; + size_t plen; + char *domain, *outval, *ptr; + int outvallen; + + + memset (&pwd, '\0', sizeof (struct spwd)); + + copy_spwd_changes (&pwd, result, NULL, 0); + + plen = spwd_need_buflen (&pwd); + if (plen > buflen) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + p = buffer + (buflen - plen); + buflen -= plen; + + if (yp_get_default_domain (&domain) != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + + if (yp_match (domain, "shadow.byname", name, strlen (name), + &outval, &outvallen) + != YPERR_SUCCESS) + return NSS_STATUS_TRYAGAIN; + ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ? + buflen : (size_t) outvallen); + buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0'; + free (outval); + while (isspace (*ptr)) + ptr++; + if ((parse_res = _nss_files_parse_spent (ptr, result, data, buflen)) == -1) + { + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + if (parse_res) + { + copy_spwd_changes (result, &pwd, p, plen); + give_spwd_free (&pwd); + /* We found the entry. */ + return NSS_STATUS_SUCCESS; + } + else + { + /* Give buffer the old len back */ + buflen += plen; + give_spwd_free (&pwd); + } + return NSS_STATUS_RETURN; +} static enum nss_status getspent_next_file (struct spwd *result, ent_t *ent, @@ -384,11 +499,13 @@ getspent_next_file (struct spwd *result, ent_t *ent, struct parser_data *data = (void *) buffer; while (1) { - char *p, *p2; - size_t p2len; + fpos_t pos; + int parse_res = 0; + char *p; do { + fgetpos (ent->stream, &pos); p = fgets (buffer, buflen, ent->stream); if (p == NULL) return NSS_STATUS_NOTFOUND; @@ -400,10 +517,19 @@ getspent_next_file (struct spwd *result, ent_t *ent, while (isspace (*p)) ++p; } - while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ + while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */ /* Parse the line. If it is invalid, loop to get the next line of the file to parse. */ - !_nss_files_parse_spent (p, result, data, buflen)); + || !(parse_res = _nss_files_parse_spent (p, result, data, + buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-') /* This is a real entry. */ @@ -413,15 +539,19 @@ getspent_next_file (struct spwd *result, ent_t *ent, if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@' && result->sp_namp[2] != '\0') { - char *user, *host, *domain; - - setnetgrent (&result->sp_namp[2]); - while (getnetgrent (&host, &user, &domain)) + char buf2[1024]; + char *user, *host, *domain; + struct __netgrent netgrdata; + + bzero (&netgrdata, sizeof (struct __netgrent)); + __internal_setnetgrent (&result->sp_namp[2], &netgrdata); + while (__internal_getnetgrent_r (&host, &user, &domain, + &netgrdata, buf2, sizeof (buf2))) { if (user != NULL && user[0] != '-') blacklist_store_name (user, ent); } - endnetgrent (); + __internal_endnetgrent (&netgrdata); continue; } @@ -435,8 +565,9 @@ getspent_next_file (struct spwd *result, ent_t *ent, ent->first = TRUE; copy_spwd_changes (&ent->pwd, result, NULL, 0); - status = getspent_next_netgr (result, ent, &result->sp_namp[2], - buffer, buflen); + status = getspent_next_nis_netgr (NULL, result, ent, + &result->sp_namp[2], + buffer, buflen); if (status == NSS_STATUS_RETURN) continue; else @@ -455,50 +586,20 @@ getspent_next_file (struct spwd *result, ent_t *ent, if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0' && result->sp_namp[1] != '@') { - char *domain; - char *outval; - int outvallen; - struct spwd pwd; - - memset (&pwd, '\0', sizeof (struct spwd)); - - if (yp_get_default_domain (&domain) != YPERR_SUCCESS) - /* XXX Should we regard this as an fatal error? I don't - think so. Just continue working. --drepper@gnu */ - continue; - - if (yp_match (domain, "shadow.byname", &result->sp_namp[1], - strlen (result->sp_namp) - 1, &outval, &outvallen) - != YPERR_SUCCESS) - continue; - - copy_spwd_changes (&pwd, result, NULL, 0); + enum nss_status status; - p2len = spwd_need_buflen (&pwd); - if (p2len > buflen) - { - __set_errno (ERANGE); - return NSS_STATUS_TRYAGAIN; - } - p2 = buffer + (buflen - p2len); - buflen -= p2len; - p = strncpy (buffer, outval, buflen); - while (isspace (*p)) - p++; - free (outval); - if (_nss_files_parse_spent (p, result, data, buflen)) - { - copy_spwd_changes (result, &pwd, p2, p2len); - give_spwd_free (&pwd); - /* We found the entry. */ - break; - } - else - { - /* Give buffer the old len back */ - buflen += p2len; - give_spwd_free (&pwd); - } + /* Store the User in the blacklist for the "+" at the end of + /etc/passwd */ + blacklist_store_name (&result->sp_namp[1], ent); + status = getspnam_plususer (&result->sp_namp[1], result, buffer, + buflen); + if (status == NSS_STATUS_SUCCESS) /* We found the entry. */ + break; + else + if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */ + continue; + else + return status; } /* +:... */ @@ -526,16 +627,19 @@ internal_getspent_r (struct spwd *pw, ent_t *ent, /* We are searching members in a netgroup */ /* Since this is not the first call, we don't need the group name */ - status = getspent_next_netgr (pw, ent, NULL, buffer, buflen); + status = getspent_next_nis_netgr (NULL, pw, ent, NULL, buffer, buflen); if (status == NSS_STATUS_RETURN) return getspent_next_file (pw, ent, buffer, buflen); else return status; } - else if (ent->nis) - return getspent_next_nis (pw, ent, buffer, buflen); else - return getspent_next_file (pw, ent, buffer, buflen); + if (ent->nis) + { + return getspent_next_nis (pw, ent, buffer, buflen); + } + else + return getspent_next_file (pw, ent, buffer, buflen); } enum nss_status @@ -545,7 +649,6 @@ _nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen) __libc_lock_lock (lock); - /* Be prepared that the setspent function was not called before. */ if (ext_ent.stream == NULL) status = internal_setspent (&ext_ent); @@ -557,6 +660,143 @@ _nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen) return status; } +/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */ +static enum nss_status +internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent, + char *buffer, size_t buflen) +{ + struct parser_data *data = (void *) buffer; + + while (1) + { + fpos_t pos; + char *p; + int parse_res; + + do + { + fgetpos (ent->stream, &pos); + p = fgets (buffer, buflen, ent->stream); + if (p == NULL) + return NSS_STATUS_NOTFOUND; + + /* Terminate the line for any case. */ + buffer[buflen - 1] = '\0'; + + /* Skip leading blanks. */ + while (isspace (*p)) + ++p; + } + while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ + /* Parse the line. If it is invalid, loop to + get the next line of the file to parse. */ + !(parse_res = _nss_files_parse_spent (p, result, data, buflen))); + + if (parse_res == -1) + { + /* The parser ran out of space. */ + fsetpos (ent->stream, &pos); + __set_errno (ERANGE); + return NSS_STATUS_TRYAGAIN; + } + + /* This is a real entry. */ + if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-') + { + if (strcmp (result->sp_namp, name) == 0) + return NSS_STATUS_SUCCESS; + else + continue; + } + + /* -@netgroup */ + if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@' + && result->sp_namp[2] != '\0') + { + char buf2[1024]; + char *user, *host, *domain; + struct __netgrent netgrdata; + + bzero (&netgrdata, sizeof (struct __netgrent)); + __internal_setnetgrent (&result->sp_namp[2], &netgrdata); + while (__internal_getnetgrent_r (&host, &user, &domain, + &netgrdata, buf2, sizeof (buf2))) + { + if (user != NULL && user[0] != '-') + if (strcmp (user, name) == 0) + return NSS_STATUS_NOTFOUND; + } + __internal_endnetgrent (&netgrdata); + continue; + } + + /* +@netgroup */ + if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@' + && result->sp_namp[2] != '\0') + { + char buf[strlen (result->sp_namp)]; + int status; + + strcpy (buf, &result->sp_namp[2]); + ent->netgroup = TRUE; + ent->first = TRUE; + copy_spwd_changes (&ent->pwd, result, NULL, 0); + + do + { + status = getspent_next_nis_netgr (name, result, ent, buf, + buffer, buflen); + if (status == NSS_STATUS_RETURN) + continue; + + if (status == NSS_STATUS_SUCCESS && + strcmp (result->sp_namp, name) == 0) + return NSS_STATUS_SUCCESS; + } while (status == NSS_STATUS_SUCCESS); + continue; + } + + /* -user */ + if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0' + && result->sp_namp[1] != '@') + { + if (strcmp (&result->sp_namp[1], name) == 0) + return NSS_STATUS_NOTFOUND; + else + continue; + } + + /* +user */ + if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0' + && result->sp_namp[1] != '@') + { + if (strcmp (name, &result->sp_namp[1]) == 0) + { + enum nss_status status; + + status = getspnam_plususer (name, result, buffer, buflen); + if (status == NSS_STATUS_RETURN) + /* We couldn't parse the entry */ + return NSS_STATUS_NOTFOUND; + else + return status; + } + } + + /* +:... */ + if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0') + { + enum nss_status status; + + status = getspnam_plususer (name, result, buffer, buflen); + if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */ + return NSS_STATUS_NOTFOUND; + else + return status; + } + } + return NSS_STATUS_SUCCESS; +} enum nss_status _nss_compat_getspnam_r (const char *name, struct spwd *pwd, @@ -573,12 +813,10 @@ _nss_compat_getspnam_r (const char *name, struct spwd *pwd, if (status != NSS_STATUS_SUCCESS) return status; - while ((status = internal_getspent_r (pwd, &ent, buffer, buflen)) - == NSS_STATUS_SUCCESS) - if (strcmp (pwd->sp_namp, name) == 0) - break; + status = internal_getspnam_r (name, pwd, &ent, buffer, buflen); internal_endspent (&ent); + return status; } @@ -628,15 +866,19 @@ blacklist_store_name (const char *name, ent_t *ent) return; } -/* returns TRUE if ent->blacklist contains name, else FALSE */ +/* Returns TRUE if ent->blacklist contains name, else FALSE. */ static bool_t in_blacklist (const char *name, int namelen, ent_t *ent) { char buf[namelen + 3]; + char *cp; if (ent->blacklist.data == NULL) return FALSE; - stpcpy (stpcpy (stpcpy (buf, "|"), name), "|"); + buf[0] = '|'; + cp = stpcpy (&buf[1], name); + *cp++= '|'; + *cp = '\0'; return strstr (ent->blacklist.data, buf) != NULL; } diff --git a/nis/ypclnt.c b/nis/ypclnt.c index b128ad6366..6429c0bb15 100644 --- a/nis/ypclnt.c +++ b/nis/ypclnt.c @@ -17,13 +17,18 @@ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#include <fcntl.h> #include <string.h> #include <unistd.h> -#include <fcntl.h> -#include <libc-lock.h> +#include <rpc/rpc.h> #include <rpcsvc/yp.h> #include <rpcsvc/ypclnt.h> #include <rpcsvc/ypupd.h> +#include <libc-lock.h> + +#ifndef NIS_MAXNAMELEN +#define NIS_MAXNAMELEN 1024 +#endif struct dom_binding { @@ -36,36 +41,37 @@ struct dom_binding }; typedef struct dom_binding dom_binding; -static struct timeval TIMEOUT = {25, 0}; +static struct timeval RPCTIMEOUT = {25, 0}; +static struct timeval UDPTIMEOUT = {5, 0}; static int const MAXTRIES = 5; -static char __ypdomainname[MAXHOSTNAMELEN + 1] = "\0"; +static char __ypdomainname[NIS_MAXNAMELEN + 1] = "\0"; __libc_lock_define_initialized (static, ypbindlist_lock) static dom_binding *__ypbindlist = NULL; static int -__yp_bind (const char *domain, dom_binding ** ypdb) +__yp_bind (const char *domain, dom_binding **ypdb) { struct sockaddr_in clnt_saddr; struct ypbind_resp ypbr; - dom_binding *ysd; + dom_binding *ysd = NULL; int clnt_sock; CLIENT *client; int is_new = 0; int try; - if (ypdb != NULL) - *ypdb = NULL; - if ((domain == NULL) || (strlen (domain) == 0)) return YPERR_BADARGS; - ysd = __ypbindlist; - while (ysd != NULL) + if (ypdb != NULL) { - if (strcmp (domain, ysd->dom_domain) == 0) - break; - ysd = ysd->dom_pnext; + ysd = *ypdb; + while (ysd != NULL) + { + if (strcmp (domain, ysd->dom_domain) == 0) + break; + ysd = ysd->dom_pnext; + } } if (ysd == NULL) @@ -123,41 +129,28 @@ __yp_bind (const char *domain, dom_binding ** ypdb) } if (clnt_call (client, YPBINDPROC_DOMAIN, - (xdrproc_t) xdr_domainname, &domain, + (xdrproc_t) xdr_domainname, (caddr_t) &domain, (xdrproc_t) xdr_ypbind_resp, - &ypbr, TIMEOUT) != RPC_SUCCESS) + (caddr_t) &ypbr, RPCTIMEOUT) != RPC_SUCCESS) { clnt_destroy (client); + close (clnt_sock); if (is_new) free (ysd); return YPERR_YPBIND; } clnt_destroy (client); + close (clnt_sock); + if (ypbr.ypbind_status != YPBIND_SUCC_VAL) { - switch (ypbr.ypbind_resp_u.ypbind_error) - { - case YPBIND_ERR_ERR: - fputs (_("YPBINDPROC_DOMAIN: Internal error\n"), stderr); - break; - case YPBIND_ERR_NOSERV: - fprintf (stderr, - _("YPBINDPROC_DOMAIN: No server for domain %s\n"), - domain); - break; - case YPBIND_ERR_RESC: - fputs (_("YPBINDPROC_DOMAIN: Resource allocation failure\n"), - stderr); - break; - default: - fputs (_("YPBINDPROC_DOMAIN: Unknown error\n"), stderr); - break; - } - if (is_new) - free (ysd); - return YPERR_DOMAIN; - } + fprintf (stderr, _("YPBINDPROC_DOMAIN: %s\n"), + ypbinderr_string (ypbr.ypbind_resp_u.ypbind_error)); + if (is_new) + free (ysd); + return YPERR_DOMAIN; + } memset (&ysd->dom_server_addr, '\0', sizeof ysd->dom_server_addr); ysd->dom_server_addr.sin_family = AF_INET; memcpy (&ysd->dom_server_addr.sin_port, @@ -172,10 +165,13 @@ __yp_bind (const char *domain, dom_binding ** ypdb) } if (ysd->dom_client) - clnt_destroy (ysd->dom_client); + { + clnt_destroy (ysd->dom_client); + close (ysd->dom_socket); + } ysd->dom_socket = RPC_ANYSOCK; ysd->dom_client = clntudp_create (&ysd->dom_server_addr, YPPROG, YPVERS, - TIMEOUT, &ysd->dom_socket); + UDPTIMEOUT, &ysd->dom_socket); if (ysd->dom_client == NULL) ysd->dom_vers = -1; @@ -186,15 +182,12 @@ __yp_bind (const char *domain, dom_binding ** ypdb) if (fcntl (ysd->dom_socket, F_SETFD, 1) == -1) perror (_("fcntl: F_SETFD")); - if (is_new) + if (is_new && ypdb != NULL) { - ysd->dom_pnext = __ypbindlist; - __ypbindlist = ysd; + ysd->dom_pnext = *ypdb; + *ypdb = ysd; } - if (NULL != ypdb) - *ypdb = ysd; - return YPERR_SUCCESS; } @@ -211,36 +204,67 @@ do_ypcall (const char *domain, u_long prog, xdrproc_t xargs, caddr_t req, xdrproc_t xres, caddr_t resp) { dom_binding *ydb = NULL; + bool_t use_ypbindlist = FALSE; int try, result; try = 0; result = YPERR_YPERR; - while (try < MAXTRIES && result != RPC_SUCCESS) + __libc_lock_lock (ypbindlist_lock); + if (__ypbindlist != NULL) { - __libc_lock_lock (ypbindlist_lock); + ydb = __ypbindlist; + while (ydb != NULL) + { + if (strcmp (domain, ydb->dom_domain) == 0) + break; + ydb = ydb->dom_pnext; + } + if (ydb != NULL) + use_ypbindlist = TRUE; + else + __libc_lock_unlock (ypbindlist_lock); + } + else + __libc_lock_unlock (ypbindlist_lock); + while (try < MAXTRIES && result != RPC_SUCCESS) + { if (__yp_bind (domain, &ydb) != 0) { - __libc_lock_unlock (ypbindlist_lock); + if (use_ypbindlist) + __libc_lock_unlock (ypbindlist_lock); return YPERR_DOMAIN; } result = clnt_call (ydb->dom_client, prog, - xargs, req, xres, resp, TIMEOUT); + xargs, req, xres, resp, RPCTIMEOUT); if (result != RPC_SUCCESS) { clnt_perror (ydb->dom_client, "do_ypcall: clnt_call"); ydb->dom_vers = -1; - __yp_unbind (ydb); + if (!use_ypbindlist) + { + __yp_unbind (ydb); + free (ydb); + ydb = NULL; + } result = YPERR_RPC; } - - __libc_lock_unlock (ypbindlist_lock); - try++; } + if (use_ypbindlist) + { + __libc_lock_unlock (ypbindlist_lock); + use_ypbindlist = FALSE; + } + else + { + __yp_unbind (ydb); + free (ydb); + ydb = NULL; + } return result; } @@ -252,7 +276,7 @@ yp_bind (const char *indomain) __libc_lock_lock (ypbindlist_lock); - status = __yp_bind (indomain, NULL); + status = __yp_bind (indomain, &__ypbindlist); __libc_lock_unlock (ypbindlist_lock); @@ -304,7 +328,7 @@ yp_get_default_domain (char **outdomain) if (__ypdomainname[0] == '\0') { - if (getdomainname (__ypdomainname, MAXHOSTNAMELEN)) + if (getdomainname (__ypdomainname, NIS_MAXNAMELEN)) result = YPERR_NODOM; else *outdomain = __ypdomainname; @@ -526,7 +550,8 @@ yp_order (const char *indomain, const char *inmap, unsigned int *outorder) } static void *ypall_data; -static int (*ypall_foreach) (); +static int (*ypall_foreach) __P ((int status, char *key, int keylen, + char *val, int vallen, char *data)); static bool_t __xdr_ypresp_all (XDR * xdrs, u_long * objp) @@ -587,7 +612,7 @@ yp_all (const char *indomain, const char *inmap, const struct ypall_callback *incallback) { struct ypreq_nokey req; - dom_binding *ydb; + dom_binding *ydb = NULL; int try, result; struct sockaddr_in clnt_sin; CLIENT *clnt; @@ -603,11 +628,8 @@ yp_all (const char *indomain, const char *inmap, while (try < MAXTRIES && result != RPC_SUCCESS) { - __libc_lock_lock (ypbindlist_lock); - if (__yp_bind (indomain, &ydb) != 0) { - __libc_lock_unlock (ypbindlist_lock); return YPERR_DOMAIN; } @@ -618,8 +640,7 @@ yp_all (const char *indomain, const char *inmap, clnt = clnttcp_create (&clnt_sin, YPPROG, YPVERS, &clnt_sock, 0, 0); if (clnt == NULL) { - puts ("yp_all: clnttcp_create failed"); - __libc_lock_unlock (ypbindlist_lock); + puts (_("yp_all: clnttcp_create failed")); return YPERR_PMAP; } req.domain = (char *) indomain; @@ -628,23 +649,21 @@ yp_all (const char *indomain, const char *inmap, ypall_foreach = incallback->foreach; ypall_data = (void *) incallback->data; - result = clnt_call (clnt, YPPROC_ALL, (xdrproc_t) xdr_ypreq_nokey, &req, - (xdrproc_t) __xdr_ypresp_all, &status, TIMEOUT); + result = clnt_call (clnt, YPPROC_ALL, (xdrproc_t) xdr_ypreq_nokey, + (caddr_t) &req, (xdrproc_t) __xdr_ypresp_all, + (caddr_t) &status, RPCTIMEOUT); + clnt_destroy (clnt); + close (clnt_sock); if (result != RPC_SUCCESS) { clnt_perror (ydb->dom_client, "yp_all: clnt_call"); - clnt_destroy (clnt); __yp_unbind (ydb); + free (ydb); result = YPERR_RPC; } else - { - clnt_destroy (clnt); - result = YPERR_SUCCESS; - } - - __libc_lock_unlock (ypbindlist_lock); + result = YPERR_SUCCESS; if (status != YP_NOMORE) return ypprot_err (status); @@ -845,8 +864,8 @@ yp_update (char *domain, char *map, unsigned ypop, clnt->cl_auth = authunix_create_default (); again: - r = clnt_call (clnt, ypop, xdr_argument, &args, - (xdrproc_t) xdr_u_int, &res, TIMEOUT); + r = clnt_call (clnt, ypop, xdr_argument, (caddr_t) &args, + (xdrproc_t) xdr_u_int, (caddr_t) &res, RPCTIMEOUT); if (r == RPC_AUTHERROR) { |