summary refs log tree commit diff
path: root/nscd/hstcache.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1999-06-11 20:58:21 +0000
committerUlrich Drepper <drepper@redhat.com>1999-06-11 20:58:21 +0000
commita1c542bfc5684d914cf2af2c3ec9d5432d0b01dc (patch)
treed9b4c2f7304ab104283cee33d80f280c8950b7d6 /nscd/hstcache.c
parent9be8ed9e947e91d83663739406bd04e351c0897e (diff)
downloadglibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.tar.gz
glibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.tar.xz
glibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.zip
Update.
1999-06-11  Thorsten Kukuk  <kukuk@suse.de>

	* nscd/nscd.c: Add -S options for separate caching of data for
	every user. So one user couldn't see the data another user
	has gotten with his credentials.
	* nscd/nscd.h: Add new prototypes.
	* nscd/cache.c: Compare owner of cache entry if in secure mode.
	* nscd/connections.c: Check on shutdown if caller really was root.
	In secure mode get uid of caller.
	* nscd/grpcache.c: Add support for new secure group mode.
	* nscd/hstcache.c: Add support for new secure hosts mode.
	* nscd/pwdcache.c: Add support for new secure passwd mode.
Diffstat (limited to 'nscd/hstcache.c')
-rw-r--r--nscd/hstcache.c80
1 files changed, 62 insertions, 18 deletions
diff --git a/nscd/hstcache.c b/nscd/hstcache.c
index 15459752bb..6fceecfc56 100644
--- a/nscd/hstcache.c
+++ b/nscd/hstcache.c
@@ -88,7 +88,7 @@ struct hostdata
 
 static void
 cache_addhst (struct database *db, int fd, request_header *req, void *key,
-	      struct hostent *hst)
+	      struct hostent *hst, uid_t owner)
 {
   ssize_t total;
   ssize_t written;
@@ -116,7 +116,7 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key,
       pthread_rwlock_rdlock (&db->lock);
 
       cache_add (req->type, copy, req->key_len, &iov_notfound,
-		 sizeof (notfound), (void *) -1, 0, t, db);
+		 sizeof (notfound), (void *) -1, 0, t, db, owner);
 
       pthread_rwlock_unlock (&db->lock);
     }
@@ -227,10 +227,10 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key,
 	{
 	  if (addr_list_type == GETHOSTBYADDR)
 	    cache_add (GETHOSTBYNAME, aliases, h_aliases_len[cnt], data, total,
-		       data, 0, t, db);
+		       data, 0, t, db, owner);
 
 	  cache_add (GETHOSTBYNAMEv6, aliases, h_aliases_len[cnt], data, total,
-		     data, 0, t, db);
+		     data, 0, t, db, owner);
 
 	  aliases += h_aliases_len[cnt];
 	}
@@ -239,7 +239,7 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key,
       for (cnt = 0; cnt < h_addr_list_cnt; ++cnt)
 	{
 	  cache_add (addr_list_type, addresses, hst->h_length, data, total,
-		     data, 0, t, db);
+		     data, 0, t, db, owner);
 	  addresses += hst->h_length;
 	}
 
@@ -248,7 +248,7 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key,
 	for (cnt = 0; cnt < h_addr_list_cnt; ++cnt)
 	  {
 	    cache_add (GETHOSTBYADDRv6, addresses, IN6ADDRSZ, data, total,
-		       data, 0, t, db);
+		       data, 0, t, db, owner);
 	    addresses += IN6ADDRSZ;
 	  }
 
@@ -257,17 +257,17 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key,
 	{
 	  if (addr_list_type == GETHOSTBYADDR)
 	    cache_add (GETHOSTBYNAME, key_copy, req->key_len, data, total,
-		       data, 0, t, db);
+		       data, 0, t, db, owner);
 	  cache_add (GETHOSTBYNAMEv6, key_copy, req->key_len, data,
-		     total, data, 0, t, db);
+		     total, data, 0, t, db, owner);
 	}
 
       /* And finally the name.  We mark this as the last entry.  */
       if (addr_list_type == GETHOSTBYADDR)
 	cache_add (GETHOSTBYNAME, data->strdata, h_name_len, data, total, data,
-		   0, t, db);
+		   0, t, db, owner);
       cache_add (GETHOSTBYNAMEv6, data->strdata, h_name_len, data,
-		 total, data, 1, t, db);
+		 total, data, 1, t, db, owner);
 
       pthread_rwlock_unlock (&db->lock);
     }
@@ -282,7 +282,8 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key,
 
 
 void
-addhstbyname (struct database *db, int fd, request_header *req, void *key)
+addhstbyname (struct database *db, int fd, request_header *req,
+	      void *key, uid_t uid)
 {
   /* Search for the entry matching the key.  Please note that we don't
      look again in the table whether the dataset is now available.  We
@@ -292,10 +293,17 @@ addhstbyname (struct database *db, int fd, request_header *req, void *key)
   char *buffer = alloca (buflen);
   struct hostent resultbuf;
   struct hostent *hst;
+  uid_t oldeuid = 0;
 
   if (debug_level > 0)
     dbg_log (_("Haven't found \"%s\" in hosts cache!"), key);
 
+  if (secure[hstdb])
+    {
+      oldeuid = geteuid ();
+      seteuid (uid);
+    }
+
   while (gethostbyname2_r (key, AF_INET, &resultbuf, buffer, buflen, &hst,
 			   &h_errno) != 0
 	 && h_errno == NETDB_INTERNAL
@@ -306,12 +314,16 @@ addhstbyname (struct database *db, int fd, request_header *req, void *key)
       buffer = alloca (buflen);
     }
 
-  cache_addhst (db, fd, req, key, hst);
+  if (secure[hstdb])
+    seteuid (uid);
+
+  cache_addhst (db, fd, req, key, hst, uid);
 }
 
 
 void
-addhstbyaddr (struct database *db, int fd, request_header *req, void *key)
+addhstbyaddr (struct database *db, int fd, request_header *req,
+	      void *key, uid_t uid)
 {
   /* Search for the entry matching the key.  Please note that we don't
      look again in the table whether the dataset is now available.  We
@@ -321,6 +333,7 @@ addhstbyaddr (struct database *db, int fd, request_header *req, void *key)
   char *buffer = alloca (buflen);
   struct hostent resultbuf;
   struct hostent *hst;
+  uid_t oldeuid = 0;
 
   if (debug_level > 0)
     {
@@ -329,6 +342,12 @@ addhstbyaddr (struct database *db, int fd, request_header *req, void *key)
 	       inet_ntop (AF_INET, key, buf, sizeof (buf)));
     }
 
+  if (secure[hstdb])
+    {
+      oldeuid = geteuid ();
+      seteuid (uid);
+    }
+
   while (gethostbyaddr_r (key, INADDRSZ, AF_INET, &resultbuf, buffer, buflen,
 			  &hst, &h_errno) != 0
 	 && h_errno == NETDB_INTERNAL
@@ -339,12 +358,16 @@ addhstbyaddr (struct database *db, int fd, request_header *req, void *key)
       buffer = alloca (buflen);
     }
 
-  cache_addhst (db, fd, req, key, hst);
+  if (secure[hstdb])
+    seteuid (oldeuid);
+
+  cache_addhst (db, fd, req, key, hst, uid);
 }
 
 
 void
-addhstbynamev6 (struct database *db, int fd, request_header *req, void *key)
+addhstbynamev6 (struct database *db, int fd, request_header *req,
+		void *key, uid_t uid)
 {
   /* Search for the entry matching the key.  Please note that we don't
      look again in the table whether the dataset is now available.  We
@@ -354,6 +377,7 @@ addhstbynamev6 (struct database *db, int fd, request_header *req, void *key)
   char *buffer = alloca (buflen);
   struct hostent resultbuf;
   struct hostent *hst;
+  uid_t oldeuid = 0;
 
   if (debug_level > 0)
     {
@@ -363,6 +387,12 @@ addhstbynamev6 (struct database *db, int fd, request_header *req, void *key)
 	       inet_ntop (AF_INET6, key, buf, sizeof (buf)));
     }
 
+  if (secure[hstdb])
+    {
+      oldeuid = geteuid ();
+      seteuid (uid);
+    }
+
   while (gethostbyname2_r (key, AF_INET6, &resultbuf, buffer, buflen, &hst,
 			   &h_errno) != 0
 	 && h_errno == NETDB_INTERNAL
@@ -373,12 +403,16 @@ addhstbynamev6 (struct database *db, int fd, request_header *req, void *key)
       buffer = alloca (buflen);
     }
 
-  cache_addhst (db, fd, req, key, hst);
+  if (secure[hstdb])
+    seteuid (oldeuid);
+
+  cache_addhst (db, fd, req, key, hst, uid);
 }
 
 
 void
-addhstbyaddrv6 (struct database *db, int fd, request_header *req, void *key)
+addhstbyaddrv6 (struct database *db, int fd, request_header *req,
+		void *key, uid_t uid)
 {
   /* Search for the entry matching the key.  Please note that we don't
      look again in the table whether the dataset is now available.  We
@@ -388,6 +422,7 @@ addhstbyaddrv6 (struct database *db, int fd, request_header *req, void *key)
   char *buffer = alloca (buflen);
   struct hostent resultbuf;
   struct hostent *hst;
+  uid_t oldeuid = 0;
 
   if (debug_level > 0)
     {
@@ -396,6 +431,12 @@ addhstbyaddrv6 (struct database *db, int fd, request_header *req, void *key)
 	       inet_ntop (AF_INET6, key, buf, sizeof (buf)));
     }
 
+  if (secure[hstdb])
+    {
+      oldeuid = geteuid ();
+      seteuid (uid);
+    }
+
   while (gethostbyaddr_r (key, IN6ADDRSZ, AF_INET6, &resultbuf, buffer, buflen,
 			  &hst, &h_errno) != 0
 	 && h_errno == NETDB_INTERNAL
@@ -406,5 +447,8 @@ addhstbyaddrv6 (struct database *db, int fd, request_header *req, void *key)
       buffer = alloca (buflen);
     }
 
-  cache_addhst (db, fd, req, key, hst);
+  if (secure[hstdb])
+    seteuid (oldeuid);
+
+  cache_addhst (db, fd, req, key, hst, uid);
 }