about summary refs log tree commit diff
path: root/src/passwd
Commit message (Collapse)AuthorAgeFilesLines
* halt getspnam[_r] search on error accessing TCB shadowRich Felker2018-12-281-0/+2
| | | | | | fallback to /etc/shadow should happen only when the entry is not found in the TCB shadow. otherwise transient errors or permission errors can cause inconsistent results.
* don't set errno or return an error when getspnam[_r] finds no entryRich Felker2018-12-282-3/+9
| | | | | this case is specified as success with a null result, rather than an error, and errno is not to be set on success.
* reduce spurious inclusion of libc.hRich Felker2018-09-121-1/+1
| | | | | | | | | | | | | | | | | | | | | libc.h was intended to be a header for access to global libc state and related interfaces, but ended up included all over the place because it was the way to get the weak_alias macro. most of the inclusions removed here are places where weak_alias was needed. a few were recently introduced for hidden. some go all the way back to when libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented) cancellation points had to include it. remaining spurious users are mostly callers of the LOCK/UNLOCK macros and files that use the LFS64 macro to define the awful *64 aliases. in a few places, new inclusion of libc.h is added because several internal headers no longer implicitly include libc.h. declarations for __lockfile and __unlockfile are moved from libc.h to stdio_impl.h so that the latter does not need libc.h. putting them in libc.h made no sense at all, since the macros in stdio_impl.h are needed to use them correctly anyway.
* apply hidden visibility to various remaining internal interfacesRich Felker2018-09-122-6/+6
|
* fix regression in getspnam[_r] error code for insufficient buffer sizeRich Felker2017-06-211-1/+1
| | | | | commit 2d7d05f031e014068a61d3076c6178513395d2ae wrongly changed ERANGE to EINVAL, likely as the result of copy-and-paste error.
* set errno when getpw*_r, getgr*_r, and getspnam_r failRich Felker2017-06-153-3/+7
| | | | | | | | | these functions return an error code, and are not explicitly documented to set errno, but they are nonstandard and the historical implementations do set errno as well, and some applications expect this behavior. do likewise for compatibility. patch by Rudolph Pereira.
* revert unrelated change that slipped into last commitRich Felker2016-07-131-1/+1
|
* fix regression in tcsetattr on all mips archsRich Felker2016-07-131-1/+1
| | | | | revert commit 8c316e9e49d37ad92c2e7493e16166a2afca419f. it was wrong and does not match how the kernel API works.
* fix spurious errors from pwd/grp functions when nscd backend is absentRich Felker2015-06-091-4/+8
| | | | | | | | | | | for several pwd/grp functions, the only way the caller can distinguish between a successful negative result ("no such user/group") and an internal error is by clearing errno before the call and checking errno afterwards. the nscd backend support code correctly simulated a not-found response on systems where such a backend is not running, but failed to restore errno. this commit also fixed an outdated/incorrect comment.
* fix mishandling of ENOMEM return case in internal getgrent_a functionRich Felker2015-05-011-1/+2
| | | | | | | | due to an incorrect return statement in this error case, the previously blocked cancellation state was not restored and no result was stored. this could lead to invalid (read) accesses in the caller resulting in crashes or nonsensical result data in the event of memory exhaustion.
* avoid sending huge names as nscd passwd/group queriesRich Felker2015-03-151-2/+3
| | | | | overly long user/group names are potentially a DoS vector and source of other problems like partial writes by sendmsg, and not useful.
* simplify nscd lookup code for alt passwd/group backendsRich Felker2015-03-154-15/+15
| | | | | | | | | | | | previously, a sentinel value of (FILE *)-1 was used to inform the caller of __nscd_query that nscd is not in use. aside from being an ugly hack, this resulted in duplicate code paths for two logically equivalent cases: no nscd, and "not found" result from nscd. now, __nscd_query simply skips closing the socket and returns a valid FILE pointer when nscd is not in use, and produces a fake "not found" response header. the caller is then responsible for closing the socket just like it would do if it had gotten a real "not found" response.
* add alternate backend support for getgrouplistJosiah Worcester2015-03-152-0/+86
| | | | | | | | | | | | | | | | | This completes the alternate backend support that was previously added to the getpw* and getgr* functions. Unlike those, though, it unconditionally queries nscd. Any groups from nscd that aren't in the /etc/groups file are added to the returned list, and any that are present in the file are ignored. The purpose of this behavior is to provide a view of the group database consistent with what is observed by the getgr* functions. If group memberships reported by nscd were honored when the corresponding group already has a definition in the /etc/groups file, the user's getgrouplist-based membership in the group would conflict with their non-membership in the reported gr_mem[] for the group. The changes made also make getgrouplist thread-safe and eliminate its clobbering of the global getgrent state.
* support alternate backends for the passwd and group dbsJosiah Worcester2015-02-234-2/+390
| | | | | | | | when we fail to find the entry in the commonly accepted files, we query a server over a Unix domain socket on /var/run/nscd/socket. the protocol used here is compatible with glibc's nscd protocol on most systems (all that use 32-bit numbers for all the protocol fields, which appears to be everything but Alpha).
* fix spurious errors in refactored passwd/group codeRich Felker2015-02-232-2/+2
| | | | | | | | | errno was treated as the error status when the return value of getline was negative, but this condition can simply indicate EOF and is not necessarily an error. the spurious errors caused by this bug masked the bug which was fixed in commit fc5a96c9c8aa186effad7520d5df6b616bbfd29d.
* fix crashes in refactored passwd/group codeRich Felker2015-02-232-4/+4
| | | | | | | the wrong condition was used in determining the presence of a result that needs space/copying for the _r functions. a zero return value does not necessarily mean success; it can also be a non-error negative result: no such user/group.
* refactor group file access codeJosiah Worcester2015-02-136-51/+71
| | | | | this allows getgrnam and getgrgid to share code with the _r versions in preparation for alternate backend support.
* refactor passwd file access codeJosiah Worcester2015-02-106-49/+65
| | | | | this allows getpwnam and getpwuid to share code with the _r versions in preparation for alternate backend support.
* fix erroneous return of partial username matches by getspnam[_r]Rich Felker2015-01-211-1/+1
| | | | | | | | | when using /etc/shadow (rather than tcb) as its backend, getspnam_r matched any username starting with the caller-provided string rather than requiring an exact match. in practice this seems to have affected only systems where one valid username is a prefix for another valid username, and where the longer username appears first in the shadow file.
* include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy2013-12-124-0/+4
|
* shadow: Implement fgetspentMichael Forney2013-11-241-1/+10
|
* shadow: Move spent parsing to internal functionMichael Forney2013-11-242-31/+40
|
* shadow: Implement putspentMichael Forney2013-11-242-5/+13
|
* putgrent: Add missing newlineMichael Forney2013-11-231-0/+1
|
* putgrent: Stop writing output on first failureMichael Forney2013-11-231-2/+3
| | | | | This way, if an fprintf fails, we get an incomplete group entry rather than a corrupted one.
* fix off-by-one error in getgrnam_r and getgrgid_r, clobbering gr_nameRich Felker2013-09-291-2/+2
| | | | | | | bug report and patch by Michael Forney. the terminating null pointer at the end of the gr_mem array was overwriting the beginning of the string data, causing the gr_name member to always be a zero-length string.
* change uid_t, gid_t, and id_t to unsigned typesRich Felker2013-07-192-6/+20
| | | | | | | | | this change is both to fix one of the remaining type (and thus C++ ABI) mismatches with glibc/LSB and to allow use of the full range of uid and gid values, if so desired. passwd/group access functions were not prepared to deal with unsigned values, so they too have been fixed with this commit.
* add put*ent functions for passwd/group files and similar for shadowRich Felker2013-04-043-0/+34
| | | | | | | | | since shadow does not yet support enumeration (getspent), the corresponding FILE-based get and put versions are also subbed out for now. this is partly out of laziness and partly because it's not clear how they should work in the presence of TCB shadow files. the stubs should make it possible to compile some software that expects them to exist, but such software still may not work properly.
* add fgetgrent functionRich Felker2013-02-171-0/+9
| | | | | | based on patch by Isaac Dunham, moved to its own file to avoid increasing bss on static linked programs not using this nonstandard function but using the standard getgrent function, and vice versa.
* more close-on-exec fixes, mostly using new "e" flag to fopenRich Felker2012-09-295-6/+6
|
* make passwd/group functions safe against cancellation in stdioRich Felker2012-02-014-6/+35
| | | | these changes are a prerequisite to making stdio cancellable.
* add fgetpwent (nonstandard function)Rich Felker2012-01-291-0/+9
| | | | based on patch by Jeremy Huntwork
* fix clobbering of errno in get(pw|gr)([ug]id|nam) by fcloseRich Felker2011-09-272-0/+12
|
* protect against/handle cancellation reading shadow passwordsRich Felker2011-09-211-1/+11
|
* fix buffer overrun in getgrent code when there are no group membersRich Felker2011-06-301-4/+8
|
* it's called getgrgid_r, not getgruid_r...Rich Felker2011-06-081-1/+1
|
* shadow password fixes: empty fields should read as -1 not 0Rich Felker2011-04-201-7/+13
|
* guard against hard links to non-ordinary-files when reading tcb shadowRich Felker2011-02-141-2/+4
|
* initial check-in, version 0.5.0 v0.5.0Rich Felker2011-02-1211-0/+404