diff options
author | Ulrich Drepper <drepper@redhat.com> | 1999-06-11 20:58:21 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 1999-06-11 20:58:21 +0000 |
commit | a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc (patch) | |
tree | d9b4c2f7304ab104283cee33d80f280c8950b7d6 /nscd/hstcache.c | |
parent | 9be8ed9e947e91d83663739406bd04e351c0897e (diff) | |
download | glibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.tar.gz glibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.tar.xz glibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.zip |
Update.
1999-06-11 Thorsten Kukuk <kukuk@suse.de> * nscd/nscd.c: Add -S options for separate caching of data for every user. So one user couldn't see the data another user has gotten with his credentials. * nscd/nscd.h: Add new prototypes. * nscd/cache.c: Compare owner of cache entry if in secure mode. * nscd/connections.c: Check on shutdown if caller really was root. In secure mode get uid of caller. * nscd/grpcache.c: Add support for new secure group mode. * nscd/hstcache.c: Add support for new secure hosts mode. * nscd/pwdcache.c: Add support for new secure passwd mode.
Diffstat (limited to 'nscd/hstcache.c')
-rw-r--r-- | nscd/hstcache.c | 80 |
1 files changed, 62 insertions, 18 deletions
diff --git a/nscd/hstcache.c b/nscd/hstcache.c index 15459752bb..6fceecfc56 100644 --- a/nscd/hstcache.c +++ b/nscd/hstcache.c @@ -88,7 +88,7 @@ struct hostdata static void cache_addhst (struct database *db, int fd, request_header *req, void *key, - struct hostent *hst) + struct hostent *hst, uid_t owner) { ssize_t total; ssize_t written; @@ -116,7 +116,7 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key, pthread_rwlock_rdlock (&db->lock); cache_add (req->type, copy, req->key_len, &iov_notfound, - sizeof (notfound), (void *) -1, 0, t, db); + sizeof (notfound), (void *) -1, 0, t, db, owner); pthread_rwlock_unlock (&db->lock); } @@ -227,10 +227,10 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key, { if (addr_list_type == GETHOSTBYADDR) cache_add (GETHOSTBYNAME, aliases, h_aliases_len[cnt], data, total, - data, 0, t, db); + data, 0, t, db, owner); cache_add (GETHOSTBYNAMEv6, aliases, h_aliases_len[cnt], data, total, - data, 0, t, db); + data, 0, t, db, owner); aliases += h_aliases_len[cnt]; } @@ -239,7 +239,7 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key, for (cnt = 0; cnt < h_addr_list_cnt; ++cnt) { cache_add (addr_list_type, addresses, hst->h_length, data, total, - data, 0, t, db); + data, 0, t, db, owner); addresses += hst->h_length; } @@ -248,7 +248,7 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key, for (cnt = 0; cnt < h_addr_list_cnt; ++cnt) { cache_add (GETHOSTBYADDRv6, addresses, IN6ADDRSZ, data, total, - data, 0, t, db); + data, 0, t, db, owner); addresses += IN6ADDRSZ; } @@ -257,17 +257,17 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key, { if (addr_list_type == GETHOSTBYADDR) cache_add (GETHOSTBYNAME, key_copy, req->key_len, data, total, - data, 0, t, db); + data, 0, t, db, owner); cache_add (GETHOSTBYNAMEv6, key_copy, req->key_len, data, - total, data, 0, t, db); + total, data, 0, t, db, owner); } /* And finally the name. We mark this as the last entry. */ if (addr_list_type == GETHOSTBYADDR) cache_add (GETHOSTBYNAME, data->strdata, h_name_len, data, total, data, - 0, t, db); + 0, t, db, owner); cache_add (GETHOSTBYNAMEv6, data->strdata, h_name_len, data, - total, data, 1, t, db); + total, data, 1, t, db, owner); pthread_rwlock_unlock (&db->lock); } @@ -282,7 +282,8 @@ cache_addhst (struct database *db, int fd, request_header *req, void *key, void -addhstbyname (struct database *db, int fd, request_header *req, void *key) +addhstbyname (struct database *db, int fd, request_header *req, + void *key, uid_t uid) { /* Search for the entry matching the key. Please note that we don't look again in the table whether the dataset is now available. We @@ -292,10 +293,17 @@ addhstbyname (struct database *db, int fd, request_header *req, void *key) char *buffer = alloca (buflen); struct hostent resultbuf; struct hostent *hst; + uid_t oldeuid = 0; if (debug_level > 0) dbg_log (_("Haven't found \"%s\" in hosts cache!"), key); + if (secure[hstdb]) + { + oldeuid = geteuid (); + seteuid (uid); + } + while (gethostbyname2_r (key, AF_INET, &resultbuf, buffer, buflen, &hst, &h_errno) != 0 && h_errno == NETDB_INTERNAL @@ -306,12 +314,16 @@ addhstbyname (struct database *db, int fd, request_header *req, void *key) buffer = alloca (buflen); } - cache_addhst (db, fd, req, key, hst); + if (secure[hstdb]) + seteuid (uid); + + cache_addhst (db, fd, req, key, hst, uid); } void -addhstbyaddr (struct database *db, int fd, request_header *req, void *key) +addhstbyaddr (struct database *db, int fd, request_header *req, + void *key, uid_t uid) { /* Search for the entry matching the key. Please note that we don't look again in the table whether the dataset is now available. We @@ -321,6 +333,7 @@ addhstbyaddr (struct database *db, int fd, request_header *req, void *key) char *buffer = alloca (buflen); struct hostent resultbuf; struct hostent *hst; + uid_t oldeuid = 0; if (debug_level > 0) { @@ -329,6 +342,12 @@ addhstbyaddr (struct database *db, int fd, request_header *req, void *key) inet_ntop (AF_INET, key, buf, sizeof (buf))); } + if (secure[hstdb]) + { + oldeuid = geteuid (); + seteuid (uid); + } + while (gethostbyaddr_r (key, INADDRSZ, AF_INET, &resultbuf, buffer, buflen, &hst, &h_errno) != 0 && h_errno == NETDB_INTERNAL @@ -339,12 +358,16 @@ addhstbyaddr (struct database *db, int fd, request_header *req, void *key) buffer = alloca (buflen); } - cache_addhst (db, fd, req, key, hst); + if (secure[hstdb]) + seteuid (oldeuid); + + cache_addhst (db, fd, req, key, hst, uid); } void -addhstbynamev6 (struct database *db, int fd, request_header *req, void *key) +addhstbynamev6 (struct database *db, int fd, request_header *req, + void *key, uid_t uid) { /* Search for the entry matching the key. Please note that we don't look again in the table whether the dataset is now available. We @@ -354,6 +377,7 @@ addhstbynamev6 (struct database *db, int fd, request_header *req, void *key) char *buffer = alloca (buflen); struct hostent resultbuf; struct hostent *hst; + uid_t oldeuid = 0; if (debug_level > 0) { @@ -363,6 +387,12 @@ addhstbynamev6 (struct database *db, int fd, request_header *req, void *key) inet_ntop (AF_INET6, key, buf, sizeof (buf))); } + if (secure[hstdb]) + { + oldeuid = geteuid (); + seteuid (uid); + } + while (gethostbyname2_r (key, AF_INET6, &resultbuf, buffer, buflen, &hst, &h_errno) != 0 && h_errno == NETDB_INTERNAL @@ -373,12 +403,16 @@ addhstbynamev6 (struct database *db, int fd, request_header *req, void *key) buffer = alloca (buflen); } - cache_addhst (db, fd, req, key, hst); + if (secure[hstdb]) + seteuid (oldeuid); + + cache_addhst (db, fd, req, key, hst, uid); } void -addhstbyaddrv6 (struct database *db, int fd, request_header *req, void *key) +addhstbyaddrv6 (struct database *db, int fd, request_header *req, + void *key, uid_t uid) { /* Search for the entry matching the key. Please note that we don't look again in the table whether the dataset is now available. We @@ -388,6 +422,7 @@ addhstbyaddrv6 (struct database *db, int fd, request_header *req, void *key) char *buffer = alloca (buflen); struct hostent resultbuf; struct hostent *hst; + uid_t oldeuid = 0; if (debug_level > 0) { @@ -396,6 +431,12 @@ addhstbyaddrv6 (struct database *db, int fd, request_header *req, void *key) inet_ntop (AF_INET6, key, buf, sizeof (buf))); } + if (secure[hstdb]) + { + oldeuid = geteuid (); + seteuid (uid); + } + while (gethostbyaddr_r (key, IN6ADDRSZ, AF_INET6, &resultbuf, buffer, buflen, &hst, &h_errno) != 0 && h_errno == NETDB_INTERNAL @@ -406,5 +447,8 @@ addhstbyaddrv6 (struct database *db, int fd, request_header *req, void *key) buffer = alloca (buflen); } - cache_addhst (db, fd, req, key, hst); + if (secure[hstdb]) + seteuid (oldeuid); + + cache_addhst (db, fd, req, key, hst, uid); } |