|
Packit |
6c4009 |
/* Copyright (C) 1996-2018 Free Software Foundation, Inc.
|
|
Packit |
6c4009 |
This file is part of the GNU C Library.
|
|
Packit |
6c4009 |
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
The GNU C Library is free software; you can redistribute it and/or
|
|
Packit |
6c4009 |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6c4009 |
License as published by the Free Software Foundation; either
|
|
Packit |
6c4009 |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
The GNU C Library is distributed in the hope that it will be useful,
|
|
Packit |
6c4009 |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6c4009 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6c4009 |
Lesser General Public License for more details.
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6c4009 |
License along with the GNU C Library; if not, see
|
|
Packit |
6c4009 |
<http://www.gnu.org/licenses/>. */
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#include <assert.h>
|
|
Packit |
6c4009 |
#include <ctype.h>
|
|
Packit |
6c4009 |
#include <errno.h>
|
|
Packit |
6c4009 |
#include <nss.h>
|
|
Packit |
6c4009 |
#include <pwd.h>
|
|
Packit |
6c4009 |
#include <string.h>
|
|
Packit |
6c4009 |
#include <libc-lock.h>
|
|
Packit |
6c4009 |
#include <rpcsvc/yp.h>
|
|
Packit |
6c4009 |
#include <rpcsvc/ypclnt.h>
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#include "nss-nis.h"
|
|
Packit |
6c4009 |
#include <libnsl.h>
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Get the declaration of the parser function. */
|
|
Packit |
6c4009 |
#define ENTNAME pwent
|
|
Packit |
6c4009 |
#define STRUCTURE passwd
|
|
Packit |
6c4009 |
#define EXTERN_PARSER
|
|
Packit |
6c4009 |
#include <nss/nss_files/files-parse.c>
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Protect global state against multiple changers */
|
|
Packit |
6c4009 |
__libc_lock_define_initialized (static, lock)
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
static bool new_start = true;
|
|
Packit |
6c4009 |
static char *oldkey;
|
|
Packit |
6c4009 |
static int oldkeylen;
|
|
Packit |
6c4009 |
static intern_t intern;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
int
|
|
Packit |
6c4009 |
_nis_saveit (int instatus, char *inkey, int inkeylen, char *inval,
|
|
Packit |
6c4009 |
int invallen, char *indata)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
intern_t *intern = (intern_t *) indata;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (instatus != YP_TRUE)
|
|
Packit |
6c4009 |
return 1;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (inkey && inkeylen > 0 && inval && invallen > 0)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
struct response_t *bucket = intern->next;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (__glibc_unlikely (bucket == NULL))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
#define MINSIZE 4096 - 4 * sizeof (void *)
|
|
Packit |
6c4009 |
const size_t minsize = MAX (MINSIZE, 2 * (invallen + 1));
|
|
Packit |
6c4009 |
bucket = malloc (sizeof (struct response_t) + minsize);
|
|
Packit |
6c4009 |
if (bucket == NULL)
|
|
Packit |
6c4009 |
/* We have no error code for out of memory. */
|
|
Packit |
6c4009 |
return 1;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
bucket->next = NULL;
|
|
Packit |
6c4009 |
bucket->size = minsize;
|
|
Packit |
6c4009 |
intern->start = intern->next = bucket;
|
|
Packit |
6c4009 |
intern->offset = 0;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
else if (__builtin_expect (invallen + 1 > bucket->size - intern->offset,
|
|
Packit |
6c4009 |
0))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* We need a new (larger) buffer. */
|
|
Packit |
6c4009 |
const size_t newsize = 2 * MAX (bucket->size, invallen + 1);
|
|
Packit |
6c4009 |
struct response_t *newp = malloc (sizeof (struct response_t)
|
|
Packit |
6c4009 |
+ newsize);
|
|
Packit |
6c4009 |
if (newp == NULL)
|
|
Packit |
6c4009 |
/* We have no error code for out of memory. */
|
|
Packit |
6c4009 |
return 1;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Mark the old bucket as full. */
|
|
Packit |
6c4009 |
bucket->size = intern->offset;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
newp->next = NULL;
|
|
Packit |
6c4009 |
newp->size = newsize;
|
|
Packit |
6c4009 |
bucket = intern->next = bucket->next = newp;
|
|
Packit |
6c4009 |
intern->offset = 0;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
char *p = mempcpy (&bucket->mem[intern->offset], inval, invallen);
|
|
Packit |
6c4009 |
if (__glibc_unlikely (p[-1] != '\0'))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
*p = '\0';
|
|
Packit |
6c4009 |
++invallen;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
intern->offset += invallen;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return 0;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
static void
|
|
Packit |
6c4009 |
internal_nis_endpwent (void)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
new_start = true;
|
|
Packit |
6c4009 |
free (oldkey);
|
|
Packit |
6c4009 |
oldkey = NULL;
|
|
Packit |
6c4009 |
oldkeylen = 0;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
struct response_t *curr = intern.start;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
while (curr != NULL)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
struct response_t *last = curr;
|
|
Packit |
6c4009 |
curr = curr->next;
|
|
Packit |
6c4009 |
free (last);
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
intern.next = intern.start = NULL;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
enum nss_status
|
|
Packit |
6c4009 |
_nss_nis_endpwent (void)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
__libc_lock_lock (lock);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
internal_nis_endpwent ();
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
__libc_lock_unlock (lock);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return NSS_STATUS_SUCCESS;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
enum nss_status
|
|
Packit |
6c4009 |
internal_nis_setpwent (void)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* We have to read all the data now. */
|
|
Packit |
6c4009 |
char *domain;
|
|
Packit |
6c4009 |
if (__glibc_unlikely (yp_get_default_domain (&domain)))
|
|
Packit |
6c4009 |
return NSS_STATUS_UNAVAIL;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
struct ypall_callback ypcb;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
ypcb.foreach = _nis_saveit;
|
|
Packit |
6c4009 |
ypcb.data = (char *) &intern;
|
|
Packit |
6c4009 |
enum nss_status status = yperr2nss (yp_all (domain, "passwd.byname", &ypcb));
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Mark the last buffer as full. */
|
|
Packit |
6c4009 |
if (intern.next != NULL)
|
|
Packit |
6c4009 |
intern.next->size = intern.offset;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
intern.next = intern.start;
|
|
Packit |
6c4009 |
intern.offset = 0;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return status;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
enum nss_status
|
|
Packit |
6c4009 |
_nss_nis_setpwent (int stayopen)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
enum nss_status result = NSS_STATUS_SUCCESS;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
__libc_lock_lock (lock);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
internal_nis_endpwent ();
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (_nsl_default_nss () & NSS_FLAG_SETENT_BATCH_READ)
|
|
Packit |
6c4009 |
result = internal_nis_setpwent ();
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
__libc_lock_unlock (lock);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return result;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
static enum nss_status
|
|
Packit |
6c4009 |
internal_nis_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
|
|
Packit |
6c4009 |
int *errnop)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* If we read the entire database at setpwent time we just iterate
|
|
Packit |
6c4009 |
over the data we have in memory. */
|
|
Packit |
6c4009 |
bool batch_read = intern.start != NULL;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
char *domain = NULL;
|
|
Packit |
6c4009 |
if (!batch_read && __builtin_expect (yp_get_default_domain (&domain), 0))
|
|
Packit |
6c4009 |
return NSS_STATUS_UNAVAIL;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Get the next entry until we found a correct one. */
|
|
Packit |
6c4009 |
int parse_res;
|
|
Packit |
6c4009 |
do
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
char *result;
|
|
Packit |
6c4009 |
char *outkey;
|
|
Packit |
6c4009 |
int len;
|
|
Packit |
6c4009 |
int keylen;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (batch_read)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
struct response_t *bucket;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
handle_batch_read:
|
|
Packit |
6c4009 |
bucket = intern.next;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (__glibc_unlikely (intern.offset >= bucket->size))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
if (bucket->next == NULL)
|
|
Packit |
6c4009 |
return NSS_STATUS_NOTFOUND;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* We look at all the content in the current bucket. Go on
|
|
Packit |
6c4009 |
to the next. */
|
|
Packit |
6c4009 |
bucket = intern.next = bucket->next;
|
|
Packit |
6c4009 |
intern.offset = 0;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
for (result = &bucket->mem[intern.offset]; isspace (*result);
|
|
Packit |
6c4009 |
++result)
|
|
Packit |
6c4009 |
++intern.offset;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
len = strlen (result);
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
int yperr;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (new_start)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* Maybe we should read the database in one piece. */
|
|
Packit |
6c4009 |
if ((_nsl_default_nss () & NSS_FLAG_SETENT_BATCH_READ)
|
|
Packit |
6c4009 |
&& internal_nis_setpwent () == NSS_STATUS_SUCCESS
|
|
Packit |
6c4009 |
&& intern.start != NULL)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
batch_read = true;
|
|
Packit |
6c4009 |
goto handle_batch_read;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
yperr = yp_first (domain, "passwd.byname", &outkey, &keylen,
|
|
Packit |
6c4009 |
&result, &len;;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
yperr = yp_next (domain, "passwd.byname", oldkey, oldkeylen,
|
|
Packit |
6c4009 |
&outkey, &keylen, &result, &len;;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (__glibc_unlikely (yperr != YPERR_SUCCESS))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
enum nss_status retval = yperr2nss (yperr);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (retval == NSS_STATUS_TRYAGAIN)
|
|
Packit |
6c4009 |
*errnop = errno;
|
|
Packit |
6c4009 |
return retval;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Check for adjunct style secret passwords. They can be
|
|
Packit |
6c4009 |
recognized by a password starting with "##". We do not use
|
|
Packit |
6c4009 |
it if the passwd.adjunct.byname table is supposed to be used
|
|
Packit |
6c4009 |
as a shadow.byname replacement. */
|
|
Packit |
6c4009 |
char *p = strchr (result, ':');
|
|
Packit |
6c4009 |
size_t namelen;
|
|
Packit |
6c4009 |
char *result2;
|
|
Packit |
6c4009 |
int len2;
|
|
Packit |
6c4009 |
if ((_nsl_default_nss () & NSS_FLAG_ADJUNCT_AS_SHADOW) == 0
|
|
Packit |
6c4009 |
&& p != NULL /* This better should be true in all cases. */
|
|
Packit |
6c4009 |
&& p[1] == '#' && p[2] == '#'
|
|
Packit |
6c4009 |
&& (namelen = p - result,
|
|
Packit |
6c4009 |
yp_match (domain, "passwd.adjunct.byname", result, namelen,
|
|
Packit |
6c4009 |
&result2, &len2)) == YPERR_SUCCESS)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* We found a passwd.adjunct.byname entry. Merge encrypted
|
|
Packit |
6c4009 |
password therein into original result. */
|
|
Packit |
6c4009 |
char *encrypted = strchr (result2, ':');
|
|
Packit |
6c4009 |
char *endp;
|
|
Packit |
6c4009 |
size_t restlen;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (encrypted == NULL
|
|
Packit |
6c4009 |
|| (endp = strchr (++encrypted, ':')) == NULL
|
|
Packit |
6c4009 |
|| (p = strchr (p + 1, ':')) == NULL)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* Invalid format of the entry. This never should happen
|
|
Packit |
6c4009 |
unless the data from which the NIS table is generated is
|
|
Packit |
6c4009 |
wrong. We simply ignore it. */
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
goto non_adjunct;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
restlen = len - (p - result);
|
|
Packit |
6c4009 |
if (__builtin_expect ((size_t) (namelen + (endp - encrypted)
|
|
Packit |
6c4009 |
+ restlen + 2) > buflen, 0))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
*errnop = ERANGE;
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
mempcpy (mempcpy (mempcpy (mempcpy (buffer, result, namelen),
|
|
Packit |
6c4009 |
":", 1),
|
|
Packit |
6c4009 |
encrypted, endp - encrypted),
|
|
Packit |
6c4009 |
p, restlen + 1);
|
|
Packit |
6c4009 |
p = buffer;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
non_adjunct:
|
|
Packit |
6c4009 |
if (__glibc_unlikely ((size_t) (len + 1) > buflen))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
*errnop = ERANGE;
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
p = buffer;
|
|
Packit |
6c4009 |
*((char *) mempcpy (buffer, result, len)) = '\0';
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
while (isspace (*p))
|
|
Packit |
6c4009 |
++p;
|
|
Packit |
6c4009 |
if (!batch_read)
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
parse_res = _nss_files_parse_pwent (p, pwd, (void *) buffer, buflen,
|
|
Packit |
6c4009 |
errnop);
|
|
Packit |
6c4009 |
if (__glibc_unlikely (parse_res == -1))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
if (!batch_read)
|
|
Packit |
6c4009 |
free (outkey);
|
|
Packit |
6c4009 |
*errnop = ERANGE;
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (batch_read)
|
|
Packit |
6c4009 |
intern.offset += len + 1;
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
free (oldkey);
|
|
Packit |
6c4009 |
oldkey = outkey;
|
|
Packit |
6c4009 |
oldkeylen = keylen;
|
|
Packit |
6c4009 |
new_start = false;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
while (parse_res < 1);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return NSS_STATUS_SUCCESS;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
enum nss_status
|
|
Packit |
6c4009 |
_nss_nis_getpwent_r (struct passwd *result, char *buffer, size_t buflen,
|
|
Packit |
6c4009 |
int *errnop)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
int status;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
__libc_lock_lock (lock);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
status = internal_nis_getpwent_r (result, buffer, buflen, errnop);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
__libc_lock_unlock (lock);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return status;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
enum nss_status
|
|
Packit |
6c4009 |
_nss_nis_getpwnam_r (const char *name, struct passwd *pwd,
|
|
Packit |
6c4009 |
char *buffer, size_t buflen, int *errnop)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
if (name == NULL)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
*errnop = EINVAL;
|
|
Packit |
6c4009 |
return NSS_STATUS_UNAVAIL;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
char *domain;
|
|
Packit |
6c4009 |
if (__glibc_unlikely (yp_get_default_domain (&domain)))
|
|
Packit |
6c4009 |
return NSS_STATUS_UNAVAIL;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
size_t namelen = strlen (name);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
char *result;
|
|
Packit |
6c4009 |
int len;
|
|
Packit |
6c4009 |
int yperr = yp_match (domain, "passwd.byname", name, namelen, &result, &len;;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (__glibc_unlikely (yperr != YPERR_SUCCESS))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
enum nss_status retval = yperr2nss (yperr);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (retval == NSS_STATUS_TRYAGAIN)
|
|
Packit |
6c4009 |
*errnop = errno;
|
|
Packit |
6c4009 |
return retval;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Check for adjunct style secret passwords. They can be recognized
|
|
Packit |
6c4009 |
by a password starting with "##". We do not use it if the
|
|
Packit |
6c4009 |
passwd.adjunct.byname table is supposed to be used as a shadow.byname
|
|
Packit |
6c4009 |
replacement. */
|
|
Packit |
6c4009 |
char *result2;
|
|
Packit |
6c4009 |
int len2;
|
|
Packit |
6c4009 |
char *p = strchr (result, ':');
|
|
Packit |
6c4009 |
if ((_nsl_default_nss () & NSS_FLAG_ADJUNCT_AS_SHADOW) == 0
|
|
Packit |
6c4009 |
&& p != NULL /* This better should be true in all cases. */
|
|
Packit |
6c4009 |
&& p[1] == '#' && p[2] == '#'
|
|
Packit |
6c4009 |
&& yp_match (domain, "passwd.adjunct.byname", name, namelen,
|
|
Packit |
6c4009 |
&result2, &len2) == YPERR_SUCCESS)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* We found a passwd.adjunct.byname entry. Merge encrypted password
|
|
Packit |
6c4009 |
therein into original result. */
|
|
Packit |
6c4009 |
char *encrypted = strchr (result2, ':');
|
|
Packit |
6c4009 |
char *endp;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (encrypted == NULL
|
|
Packit |
6c4009 |
|| (endp = strchr (++encrypted, ':')) == NULL
|
|
Packit |
6c4009 |
|| (p = strchr (p + 1, ':')) == NULL)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* Invalid format of the entry. This never should happen
|
|
Packit |
6c4009 |
unless the data from which the NIS table is generated is
|
|
Packit |
6c4009 |
wrong. We simply ignore it. */
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
goto non_adjunct;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
size_t restlen = len - (p - result);
|
|
Packit |
6c4009 |
if (__builtin_expect ((size_t) (namelen + (endp - encrypted)
|
|
Packit |
6c4009 |
+ restlen + 2) > buflen, 0))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
*errnop = ERANGE;
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
__mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, name, namelen),
|
|
Packit |
6c4009 |
":", 1),
|
|
Packit |
6c4009 |
encrypted, endp - encrypted),
|
|
Packit |
6c4009 |
p, restlen + 1);
|
|
Packit |
6c4009 |
p = buffer;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
non_adjunct:
|
|
Packit |
6c4009 |
if (__glibc_unlikely ((size_t) (len + 1) > buflen))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
*errnop = ERANGE;
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
p = strncpy (buffer, result, len);
|
|
Packit |
6c4009 |
buffer[len] = '\0';
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
while (isspace (*p))
|
|
Packit |
6c4009 |
++p;
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
int parse_res = _nss_files_parse_pwent (p, pwd, (void *) buffer, buflen,
|
|
Packit |
6c4009 |
errnop);
|
|
Packit |
6c4009 |
if (__glibc_unlikely (parse_res < 1))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
if (parse_res == -1)
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
return NSS_STATUS_NOTFOUND;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
return NSS_STATUS_SUCCESS;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
enum nss_status
|
|
Packit |
6c4009 |
_nss_nis_getpwuid_r (uid_t uid, struct passwd *pwd,
|
|
Packit |
6c4009 |
char *buffer, size_t buflen, int *errnop)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
char *domain;
|
|
Packit |
6c4009 |
if (__glibc_unlikely (yp_get_default_domain (&domain)))
|
|
Packit |
6c4009 |
return NSS_STATUS_UNAVAIL;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
char buf[32];
|
|
Packit |
6c4009 |
int nlen = snprintf (buf, sizeof (buf), "%lu", (unsigned long int) uid);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
char *result;
|
|
Packit |
6c4009 |
int len;
|
|
Packit |
6c4009 |
int yperr = yp_match (domain, "passwd.byuid", buf, nlen, &result, &len;;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (__glibc_unlikely (yperr != YPERR_SUCCESS))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
enum nss_status retval = yperr2nss (yperr);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (retval == NSS_STATUS_TRYAGAIN)
|
|
Packit |
6c4009 |
*errnop = errno;
|
|
Packit |
6c4009 |
return retval;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Check for adjunct style secret passwords. They can be recognized
|
|
Packit |
6c4009 |
by a password starting with "##". We do not use it if the
|
|
Packit |
6c4009 |
passwd.adjunct.byname table is supposed to be used as a shadow.byname
|
|
Packit |
6c4009 |
replacement. */
|
|
Packit |
6c4009 |
char *result2;
|
|
Packit |
6c4009 |
int len2;
|
|
Packit |
6c4009 |
size_t namelen;
|
|
Packit |
6c4009 |
char *p = strchr (result, ':');
|
|
Packit |
6c4009 |
if ((_nsl_default_nss () & NSS_FLAG_ADJUNCT_AS_SHADOW) == 0
|
|
Packit |
6c4009 |
&& p != NULL /* This better should be true in all cases. */
|
|
Packit |
6c4009 |
&& p[1] == '#' && p[2] == '#'
|
|
Packit |
6c4009 |
&& (namelen = p - result,
|
|
Packit |
6c4009 |
yp_match (domain, "passwd.adjunct.byname", result, namelen,
|
|
Packit |
6c4009 |
&result2, &len2)) == YPERR_SUCCESS)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* We found a passwd.adjunct.byname entry. Merge encrypted password
|
|
Packit |
6c4009 |
therein into original result. */
|
|
Packit |
6c4009 |
char *encrypted = strchr (result2, ':');
|
|
Packit |
6c4009 |
char *endp;
|
|
Packit |
6c4009 |
size_t restlen;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (encrypted == NULL
|
|
Packit |
6c4009 |
|| (endp = strchr (++encrypted, ':')) == NULL
|
|
Packit |
6c4009 |
|| (p = strchr (p + 1, ':')) == NULL)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
/* Invalid format of the entry. This never should happen
|
|
Packit |
6c4009 |
unless the data from which the NIS table is generated is
|
|
Packit |
6c4009 |
wrong. We simply ignore it. */
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
goto non_adjunct;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
restlen = len - (p - result);
|
|
Packit |
6c4009 |
if (__builtin_expect ((size_t) (namelen + (endp - encrypted)
|
|
Packit |
6c4009 |
+ restlen + 2) > buflen, 0))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
*errnop = ERANGE;
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
__mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, result, namelen),
|
|
Packit |
6c4009 |
":", 1),
|
|
Packit |
6c4009 |
encrypted, endp - encrypted),
|
|
Packit |
6c4009 |
p, restlen + 1);
|
|
Packit |
6c4009 |
p = buffer;
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
free (result2);
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
non_adjunct:
|
|
Packit |
6c4009 |
if (__glibc_unlikely ((size_t) (len + 1) > buflen))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
*errnop = ERANGE;
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
p = strncpy (buffer, result, len);
|
|
Packit |
6c4009 |
buffer[len] = '\0';
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
while (isspace (*p))
|
|
Packit |
6c4009 |
++p;
|
|
Packit |
6c4009 |
free (result);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
int parse_res = _nss_files_parse_pwent (p, pwd, (void *) buffer, buflen,
|
|
Packit |
6c4009 |
errnop);
|
|
Packit |
6c4009 |
if (__glibc_unlikely (parse_res < 1))
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
if (parse_res == -1)
|
|
Packit |
6c4009 |
return NSS_STATUS_TRYAGAIN;
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
return NSS_STATUS_NOTFOUND;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
else
|
|
Packit |
6c4009 |
return NSS_STATUS_SUCCESS;
|
|
Packit |
6c4009 |
}
|