1 files changed, 290 insertions, 24 deletions
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c
index c0ddbdffdf..a460d8a8ef 100644
--- a/nis/nss_compat/compat-grp.c
+++ b/nis/nss_compat/compat-grp.c
@@ -29,6 +29,10 @@
 #include <rpcsvc/nis.h>
 #include <nsswitch.h>
 
+/* Comment out the following line for the production version.  */
+/* #define NDEBUG 1 */
+#include <assert.h>
+
 #include "nss-nisplus.h"
 #include "nisplus-parser.h"
 
@@ -41,7 +45,7 @@ static size_t grptablelen = 0;
 #define ENTNAME grent
 #define STRUCTURE group
 #define EXTERN_PARSER
-#include "../../nss/nss_files/files-parse.c"
+#include <nss/nss_files/files-parse.c>
 
 /* Structure for remembering -group members ... */
 #define BLACKLIST_INITIAL_SIZE 512
@@ -85,15 +89,22 @@ _nss_first_init (void)
 
   if (grptable == NULL)
     {
-      char buf [20 + strlen (nis_local_directory ())];
-      char *p;
+      static const char key[] = "group.org_dir.";
+      const char *local_dir = nis_local_directory ();
+      size_t len_local_dir = strlen (local_dir);
 
-      p = stpcpy (buf, "group.org_dir.");
-      p = stpcpy (p, nis_local_directory ());
-      grptable = strdup (buf);
+      grptable = malloc (sizeof (key) + len_local_dir);
       if (grptable == NULL)
         return NSS_STATUS_TRYAGAIN;
-      grptablelen = strlen (grptable);
+
+      grptablelen = ((char *) mempcpy (mempcpy (grptable,
+						key, sizeof (key) - 1),
+				       local_dir, len_local_dir + 1)
+		     - grptable) - 1;
+
+      /* *Maybe* (I'm no NIS expert) we have to duplicate the `local_dir'
+	 value since it might change during our work.  So add a test here.  */
+      assert (grptablelen == sizeof (key) + len_local_dir);
     }
 
   return NSS_STATUS_SUCCESS;
@@ -370,8 +381,8 @@ getgrent_next_nisplus (struct group *result, ent_t *ent, char *buffer,
 
 /* This function handle the +group entrys in /etc/group */
 static enum nss_status
-getgrent_next_file_plusgroup (struct group *result, char *buffer,
-			      size_t buflen)
+getgrnam_plusgroup (const char *name, struct group *result, char *buffer,
+		    size_t buflen)
 {
   struct parser_data *data = (void *) buffer;
   int parse_res;
@@ -379,9 +390,9 @@ getgrent_next_file_plusgroup (struct group *result, char *buffer,
   if (use_nisplus) /* Do the NIS+ query here */
     {
       nis_result *res;
-      char buf[strlen (result->gr_name) + 24 + grptablelen];
+      char buf[strlen (name) + 24 + grptablelen];
 
-      sprintf(buf, "[name=%s],%s", &result->gr_name[1], grptable);
+      sprintf(buf, "[name=%s],%s", name, grptable);
       res = nis_list(buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
       if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
         {
@@ -407,9 +418,8 @@ getgrent_next_file_plusgroup (struct group *result, char *buffer,
       if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
         return NSS_STATUS_TRYAGAIN;
 
-      if (yp_match (domain, "group.byname", &result->gr_name[1],
-                    strlen (result->gr_name) - 1, &outval, &outvallen)
-          != YPERR_SUCCESS)
+      if (yp_match (domain, "group.byname", name, strlen (name),
+		    &outval, &outvallen) != YPERR_SUCCESS)
         return NSS_STATUS_TRYAGAIN;
       p = strncpy (buffer, outval,
                    buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
@@ -430,7 +440,6 @@ getgrent_next_file_plusgroup (struct group *result, char *buffer,
     return NSS_STATUS_RETURN;
 }
 
-
 static enum nss_status
 getgrent_next_file (struct group *result, ent_t *ent,
 		    char *buffer, size_t buflen)
@@ -495,7 +504,11 @@ getgrent_next_file (struct group *result, ent_t *ent,
 	{
           enum nss_status status;
 
-          status = getgrent_next_file_plusgroup (result, buffer, buflen);
+ 	  /* Store the group in the blacklist for the "+" at the end of
+	     /etc/group */
+	  blacklist_store_name (&result->gr_name[1], ent);
+	  status = getgrnam_plusgroup (&result->gr_name[1], result, buffer,
+				       buflen);
           if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
             break;
           else
@@ -556,6 +569,104 @@ _nss_compat_getgrent_r (struct group *grp, char *buffer, size_t buflen)
   return status;
 }
 
+/* Searches in /etc/group and the NIS/NIS+ map for a special group */
+static enum nss_status
+internal_getgrnam_r (const char *name, struct group *result, ent_t *ent,
+		     char *buffer, size_t buflen)
+{
+  struct parser_data *data = (void *) buffer;
+  while (1)
+    {
+      fpos_t pos;
+      int parse_res = 0;
+      char *p;
+
+      do
+	{
+	  fgetpos (ent->stream, &pos);
+	  p = fgets (buffer, buflen, ent->stream);
+	  if (p == NULL)
+	    {
+	      if (feof (ent->stream))
+		return NSS_STATUS_NOTFOUND;
+	      else
+		{
+		  __set_errno (ERANGE);
+		  return NSS_STATUS_TRYAGAIN;
+		}
+	    }
+
+	  /* Terminate the line for any case.  */
+	  buffer[buflen - 1] = '\0';
+
+	  /* Skip leading blanks.  */
+	  while (isspace (*p))
+	    ++p;
+	}
+      while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+      /* Parse the line.  If it is invalid, loop to
+         get the next line of the file to parse.  */
+	     !(parse_res = _nss_files_parse_grent (p, result, data, buflen)));
+
+      if (parse_res == -1)
+	{
+	  /* The parser ran out of space.  */
+	  fsetpos (ent->stream, &pos);
+	  __set_errno (ERANGE);
+	  return NSS_STATUS_TRYAGAIN;
+	}
+
+      /* This is a real entry.  */
+      if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
+	{
+	  if (strcmp (result->gr_name, name) == 0)
+	    return NSS_STATUS_SUCCESS;
+	  else
+	    continue;
+	}
+
+      /* -group */
+      if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
+	  && result->gr_name[1] != '@')
+	{
+	  if (strcmp (&result->gr_name[1], name) == 0)
+	    return NSS_STATUS_NOTFOUND;
+	  else
+	    continue;
+	}
+
+      /* +group */
+      if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
+	  && result->gr_name[1] != '@')
+	{
+	  if (strcmp (name, &result->gr_name[1]) == 0)
+	    {
+	      enum nss_status status;
+
+	      status = getgrnam_plusgroup (name, result, buffer, buflen);
+	      if (status == NSS_STATUS_RETURN)
+		/* We couldn't parse the entry */
+		continue;
+	      else
+		return status;
+	    }
+	}
+      /* +:... */
+      if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
+	{
+	  enum nss_status status;
+
+	  status = getgrnam_plusgroup (name, result, buffer, buflen);
+	  if (status == NSS_STATUS_RETURN)
+	    /* We couldn't parse the entry */
+	    continue;
+	  else
+	    return status;
+	}
+    }
+
+  return NSS_STATUS_SUCCESS;
+}
 
 enum nss_status
 _nss_compat_getgrnam_r (const char *name, struct group *grp,
@@ -576,15 +687,172 @@ _nss_compat_getgrnam_r (const char *name, struct group *grp,
   if (status != NSS_STATUS_SUCCESS)
     return status;
 
-  while ((status = internal_getgrent_r (grp, &ent, buffer, buflen))
-	 == NSS_STATUS_SUCCESS)
-    if (strcmp (grp->gr_name, name) == 0)
-      break;
+  status = internal_getgrnam_r (name, grp, &ent, buffer, buflen);
 
   internal_endgrent (&ent);
+
   return status;
 }
 
+/* This function handle the + entry in /etc/group */
+static enum nss_status
+getgrgid_plusgroup (gid_t gid, struct group *result, char *buffer,
+		    size_t buflen)
+{
+  struct parser_data *data = (void *) buffer;
+  int parse_res;
+
+  if (use_nisplus) /* Do the NIS+ query here */
+    {
+      nis_result *res;
+      char buf[1024 + grptablelen];
+
+      sprintf(buf, "[gid=%d],%s", gid, grptable);
+      res = nis_list(buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+      if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
+        {
+          enum nss_status status =  niserr2nss (res->status);
+
+          nis_freeresult (res);
+          return status;
+        }
+      if ((parse_res = _nss_nisplus_parse_grent (res, 0, result, buffer,
+						 buflen)) == -1)
+	{
+	  __set_errno (ERANGE);
+	  nis_freeresult (res);
+	  return NSS_STATUS_TRYAGAIN;
+	}
+      nis_freeresult (res);
+    }
+  else /* Use NIS */
+    {
+      char buf[1024];
+      char *domain, *outval, *p;
+      int outvallen;
+
+      if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+        return NSS_STATUS_TRYAGAIN;
+
+      snprintf (buf, sizeof (buf), "%d", gid);
+
+      if (yp_match (domain, "group.bygid", buf, strlen (buf),
+		    &outval, &outvallen) != YPERR_SUCCESS)
+        return NSS_STATUS_TRYAGAIN;
+      p = strncpy (buffer, outval,
+                   buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+      free (outval);
+      while (isspace (*p))
+        p++;
+      if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1)
+	{
+	  __set_errno (ERANGE);
+	  return NSS_STATUS_TRYAGAIN;
+	}
+    }
+
+  if (parse_res)
+    /* We found the entry.  */
+    return NSS_STATUS_SUCCESS;
+  else
+    return NSS_STATUS_RETURN;
+}
+
+/* Searches in /etc/group and the NIS/NIS+ map for a special group id */
+static enum nss_status
+internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent,
+		     char *buffer, size_t buflen)
+{
+  struct parser_data *data = (void *) buffer;
+  while (1)
+    {
+      fpos_t pos;
+      int parse_res = 0;
+      char *p;
+
+      do
+	{
+	  fgetpos (ent->stream, &pos);
+	  p = fgets (buffer, buflen, ent->stream);
+	  if (p == NULL)
+	    {
+	      if (feof (ent->stream))
+		return NSS_STATUS_NOTFOUND;
+	      else
+		{
+		  __set_errno (ERANGE);
+		  return NSS_STATUS_TRYAGAIN;
+		}
+	    }
+
+	  /* Terminate the line for any case.  */
+	  buffer[buflen - 1] = '\0';
+
+	  /* Skip leading blanks.  */
+	  while (isspace (*p))
+	    ++p;
+	}
+      while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+      /* Parse the line.  If it is invalid, loop to
+         get the next line of the file to parse.  */
+	     !(parse_res = _nss_files_parse_grent (p, result, data, buflen)));
+
+      if (parse_res == -1)
+	{
+	  /* The parser ran out of space.  */
+	  fsetpos (ent->stream, &pos);
+	  __set_errno (ERANGE);
+	  return NSS_STATUS_TRYAGAIN;
+	}
+
+      /* This is a real entry.  */
+      if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
+	{
+	  if (result->gr_gid == gid)
+	    return NSS_STATUS_SUCCESS;
+	  else
+	    continue;
+	}
+
+      /* -group */
+      if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
+	  && result->gr_name[1] != '@')
+	{
+          blacklist_store_name (&result->gr_name[1], ent);
+          continue;
+	}
+
+      /* +group */
+      if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
+	  && result->gr_name[1] != '@')
+	{
+	  enum nss_status status;
+
+	  /* Store the group in the blacklist for the "+" at the end of
+             /etc/group */
+          blacklist_store_name (&result->gr_name[1], ent);
+	  status = getgrnam_plusgroup (&result->gr_name[1], result, buffer,
+				      buflen);
+	  if (status == NSS_STATUS_SUCCESS && result->gr_gid == gid)
+	    break;
+	  else
+	    continue;
+	}
+      /* +:... */
+      if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
+	{
+	  enum nss_status status;
+
+	  status = getgrgid_plusgroup (gid, result, buffer, buflen);
+	  if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+	    return NSS_STATUS_NOTFOUND;
+	  else
+	    return status;
+	}
+    }
+
+  return NSS_STATUS_SUCCESS;
+}
 
 enum nss_status
 _nss_compat_getgrgid_r (gid_t gid, struct group *grp,
@@ -602,12 +870,10 @@ _nss_compat_getgrgid_r (gid_t gid, struct group *grp,
   if (status != NSS_STATUS_SUCCESS)
     return status;
 
-  while ((status = internal_getgrent_r (grp, &ent, buffer, buflen))
-	 == NSS_STATUS_SUCCESS)
-    if (grp->gr_gid == gid && grp->gr_name[0] != '+' && grp->gr_name[0] != '-')
-      break;
+  status = internal_getgrgid_r (gid, grp, &ent, buffer, buflen);
 
   internal_endgrent (&ent);
+
   return status;
 }