aboutsummaryrefslogtreecommitdiff
path: root/nscd/pwdcache.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1999-06-11 20:58:21 +0000
committerUlrich Drepper <drepper@redhat.com>1999-06-11 20:58:21 +0000
commita1c542bfc5684d914cf2af2c3ec9d5432d0b01dc (patch)
treed9b4c2f7304ab104283cee33d80f280c8950b7d6 /nscd/pwdcache.c
parent9be8ed9e947e91d83663739406bd04e351c0897e (diff)
downloadglibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.zip
glibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.tar.gz
glibc-a1c542bfc5684d914cf2af2c3ec9d5432d0b01dc.tar.bz2
Update.
1999-06-11 Thorsten Kukuk <kukuk@suse.de> * nscd/nscd.c: Add -S options for separate caching of data for every user. So one user couldn't see the data another user has gotten with his credentials. * nscd/nscd.h: Add new prototypes. * nscd/cache.c: Compare owner of cache entry if in secure mode. * nscd/connections.c: Check on shutdown if caller really was root. In secure mode get uid of caller. * nscd/grpcache.c: Add support for new secure group mode. * nscd/hstcache.c: Add support for new secure hosts mode. * nscd/pwdcache.c: Add support for new secure passwd mode.
Diffstat (limited to 'nscd/pwdcache.c')
-rw-r--r--nscd/pwdcache.c40
1 files changed, 31 insertions, 9 deletions
diff --git a/nscd/pwdcache.c b/nscd/pwdcache.c
index 5bf89a7..a66cf4f 100644
--- a/nscd/pwdcache.c
+++ b/nscd/pwdcache.c
@@ -1,5 +1,5 @@
/* Cache handling for passwd lookup.
- Copyright (C) 1998 Free Software Foundation, Inc.
+ Copyright (C) 1998, 1999 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998.
@@ -84,7 +84,7 @@ struct passwddata
static void
cache_addpw (struct database *db, int fd, request_header *req, void *key,
- struct passwd *pwd)
+ struct passwd *pwd, uid_t owner)
{
ssize_t total;
ssize_t written;
@@ -112,7 +112,7 @@ cache_addpw (struct database *db, int fd, request_header *req, void *key,
pthread_rwlock_rdlock (&db->lock);
cache_add (req->type, copy, req->key_len, &iov_notfound,
- sizeof (notfound), (void *) -1, 0, t, db);
+ sizeof (notfound), (void *) -1, 0, t, db, owner);
pthread_rwlock_unlock (&db->lock);
}
@@ -175,9 +175,9 @@ cache_addpw (struct database *db, int fd, request_header *req, void *key,
/* We have to add the value for both, byname and byuid. */
cache_add (GETPWBYNAME, data->strdata, pw_name_len, data,
- total, data, 0, t, db);
+ total, data, 0, t, db, owner);
- cache_add (GETPWBYUID, cp, n, data, total, data, 1, t, db);
+ cache_add (GETPWBYUID, cp, n, data, total, data, 1, t, db, owner);
pthread_rwlock_unlock (&db->lock);
}
@@ -192,7 +192,8 @@ cache_addpw (struct database *db, int fd, request_header *req, void *key,
void
-addpwbyname (struct database *db, int fd, request_header *req, void *key)
+addpwbyname (struct database *db, int fd, request_header *req,
+ void *key, uid_t c_uid)
{
/* Search for the entry matching the key. Please note that we don't
look again in the table whether the dataset is now available. We
@@ -202,10 +203,17 @@ addpwbyname (struct database *db, int fd, request_header *req, void *key)
char *buffer = alloca (buflen);
struct passwd resultbuf;
struct passwd *pwd;
+ uid_t oldeuid;
if (debug_level > 0)
dbg_log (_("Haven't found \"%s\" in password cache!"), key);
+ if (secure[pwddb])
+ {
+ oldeuid = geteuid ();
+ seteuid (c_uid);
+ }
+
while (getpwnam_r (key, &resultbuf, buffer, buflen, &pwd) != 0
&& errno == ERANGE)
{
@@ -214,12 +222,16 @@ addpwbyname (struct database *db, int fd, request_header *req, void *key)
buffer = alloca (buflen);
}
- cache_addpw (db, fd, req, key, pwd);
+ if (secure[pwddb])
+ seteuid (c_uid);
+
+ cache_addpw (db, fd, req, key, pwd, c_uid);
}
void
-addpwbyuid (struct database *db, int fd, request_header *req, void *key)
+addpwbyuid (struct database *db, int fd, request_header *req,
+ void *key, uid_t c_uid)
{
/* Search for the entry matching the key. Please note that we don't
look again in the table whether the dataset is now available. We
@@ -230,10 +242,17 @@ addpwbyuid (struct database *db, int fd, request_header *req, void *key)
struct passwd resultbuf;
struct passwd *pwd;
uid_t uid = atol (key);
+ uid_t oldeuid = 0;
if (debug_level > 0)
dbg_log (_("Haven't found \"%d\" in password cache!"), uid);
+ if (secure[pwddb])
+ {
+ oldeuid = geteuid ();
+ seteuid (c_uid);
+ }
+
while (getpwuid_r (uid, &resultbuf, buffer, buflen, &pwd) != 0
&& errno == ERANGE)
{
@@ -242,5 +261,8 @@ addpwbyuid (struct database *db, int fd, request_header *req, void *key)
buffer = alloca (buflen);
}
- cache_addpw (db, fd, req, key, pwd);
+ if (secure[pwddb])
+ seteuid (oldeuid);
+
+ cache_addpw (db, fd, req, key, pwd, c_uid);
}