aboutsummaryrefslogtreecommitdiff
path: root/nis/nss_compat/compat-pwd.c
diff options
context:
space:
mode:
Diffstat (limited to 'nis/nss_compat/compat-pwd.c')
-rw-r--r--nis/nss_compat/compat-pwd.c379
1 files changed, 195 insertions, 184 deletions
diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c
index f4e0720..8859413 100644
--- a/nis/nss_compat/compat-pwd.c
+++ b/nis/nss_compat/compat-pwd.c
@@ -494,7 +494,8 @@ getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
return NSS_STATUS_TRYAGAIN;
}
- if (parse_res)
+ if (parse_res && !in_blacklist (result->pw_name,
+ strlen (result->pw_name), ent))
{
/* Store the User in the blacklist for the "+" at the end of
/etc/passwd */
@@ -590,7 +591,8 @@ getpwent_next_nisplus_netgr (const char *name, struct passwd *result,
}
nis_freeresult (nisres);
- if (parse_res)
+ if (parse_res && !in_blacklist (result->pw_name,
+ strlen (result->pw_name), ent))
{
/* Store the User in the blacklist for the "+" at the end of
/etc/passwd */
@@ -812,8 +814,8 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
/* This function handle the +user entrys in /etc/passwd */
static enum nss_status
-getpwnam_plususer (const char *name, struct passwd *result, char *buffer,
- size_t buflen, int *errnop)
+getpwnam_plususer (const char *name, struct passwd *result, ent_t *ent,
+ char *buffer, size_t buflen, int *errnop)
{
struct parser_data *data = (void *) buffer;
struct passwd pwd;
@@ -850,13 +852,20 @@ getpwnam_plususer (const char *name, struct passwd *result, char *buffer,
}
parse_res = _nss_nisplus_parse_pwent (res, result, buffer,
buflen, errnop);
+
+ nis_freeresult (res);
+
if (parse_res == -1)
{
- nis_freeresult (res);
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
- nis_freeresult (res);
+
+ if (in_blacklist (result->pw_name, strlen (result->pw_name), ent))
+ {
+ *errnop = ENOENT;
+ return NSS_STATUS_NOTFOUND;
+ }
}
else /* Use NIS */
{
@@ -886,13 +895,22 @@ getpwnam_plususer (const char *name, struct passwd *result, char *buffer,
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
+
ptr = strncpy (buffer, outval, buflen);
free (outval);
+
while (isspace (*ptr))
ptr++;
+
parse_res = _nss_files_parse_pwent (ptr, result, data, buflen, errnop);
if (parse_res == -1)
return NSS_STATUS_TRYAGAIN;
+
+ if (in_blacklist (result->pw_name, strlen (result->pw_name), ent))
+ {
+ *errnop = ENOENT;
+ return NSS_STATUS_NOTFOUND;
+ }
}
if (parse_res > 0)
@@ -989,7 +1007,7 @@ getpwent_next_file (struct passwd *result, ent_t *ent,
if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
&& result->pw_name[2] != '\0')
{
- int status;
+ enum nss_status status;
ent->netgroup = TRUE;
ent->first = TRUE;
@@ -1025,13 +1043,16 @@ getpwent_next_file (struct passwd *result, ent_t *ent,
if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
&& result->pw_name[1] != '@')
{
+ char buf[strlen (result->pw_name)];
enum nss_status status;
/* Store the User in the blacklist for the "+" at the end of
/etc/passwd */
- blacklist_store_name (&result->pw_name[1], ent);
- status = getpwnam_plususer (&result->pw_name[1], result, buffer,
- buflen, errnop);
+ strcpy (buf, &result->pw_name[1]);
+ status = getpwnam_plususer (&result->pw_name[1], result, ent,
+ buffer, buflen, errnop);
+ blacklist_store_name (buf, ent);
+
if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
break;
else
@@ -1074,7 +1095,7 @@ internal_getpwent_r (struct passwd *pw, ent_t *ent, char *buffer,
{
if (ent->netgroup)
{
- int status;
+ enum nss_status status;
/* We are searching members in a netgroup */
/* Since this is not the first call, we don't need the group name */
@@ -1191,21 +1212,8 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
&& result->pw_name[2] != '\0')
{
- /* XXX Do not use fixed length buffers. */
- char buf2[1024];
- char *user, *host, *domain;
- struct __netgrent netgrdata;
-
- bzero (&netgrdata, sizeof (struct __netgrent));
- __internal_setnetgrent (&result->pw_name[2], &netgrdata);
- while (__internal_getnetgrent_r (&host, &user, &domain, &netgrdata,
- buf2, sizeof (buf2), errnop))
- {
- if (user != NULL && user[0] != '-')
- if (strcmp (user, name) == 0)
- return NSS_STATUS_NOTFOUND;
- }
- __internal_endnetgrent (&netgrdata);
+ if (innetgr (&result->pw_name[2], NULL, name, NULL))
+ return NSS_STATUS_NOTFOUND;
continue;
}
@@ -1213,29 +1221,18 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
&& result->pw_name[2] != '\0')
{
- char buf[strlen (result->pw_name)];
- int status;
-
- strcpy (buf, &result->pw_name[2]);
- ent->netgroup = TRUE;
- ent->first = TRUE;
- copy_pwd_changes (&ent->pwd, result, NULL, 0);
+ enum nss_status status;
- do
+ if (innetgr (&result->pw_name[2], NULL, name, NULL))
{
- if (use_nisplus)
- status = getpwent_next_nisplus_netgr (name, result, ent, buf,
- buffer, buflen, errnop);
- else
- status = getpwent_next_nis_netgr (name, result, ent, buf,
- buffer, buflen, errnop);
- if (status == NSS_STATUS_RETURN)
- continue;
+ status = getpwnam_plususer (name, result, ent, buffer,
+ buflen, errnop);
- if (status == NSS_STATUS_SUCCESS &&
- strcmp (result->pw_name, name) == 0)
- return NSS_STATUS_SUCCESS;
- } while (status == NSS_STATUS_SUCCESS);
+ if (status == NSS_STATUS_RETURN)
+ continue;
+
+ return status;
+ }
continue;
}
@@ -1260,7 +1257,7 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
{
enum nss_status status;
- status = getpwnam_plususer (name, result, buffer, buflen,
+ status = getpwnam_plususer (name, result, ent, buffer, buflen,
errnop);
if (status == NSS_STATUS_RETURN)
/* We couldn't parse the entry */
@@ -1275,7 +1272,8 @@ internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
{
enum nss_status status;
- status = getpwnam_plususer (name, result, buffer, buflen, errnop);
+ status = getpwnam_plususer (name, result, ent,
+ buffer, buflen, errnop);
if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
break;
else
@@ -1326,7 +1324,7 @@ _nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
/* This function handle the + entry in /etc/passwd for getpwuid */
static enum nss_status
getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
- size_t buflen, int *errnop)
+ size_t buflen, int *errnop)
{
struct parser_data *data = (void *) buffer;
struct passwd pwd;
@@ -1355,19 +1353,19 @@ getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
snprintf(buf, sizeof (buf), "[uid=%d],%s", uid, pwdtable);
res = nis_list(buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
- {
- enum nss_status status = niserr2nss (res->status);
+ {
+ enum nss_status status = niserr2nss (res->status);
- nis_freeresult (res);
- return status;
- }
+ nis_freeresult (res);
+ return status;
+ }
if ((parse_res = _nss_nisplus_parse_pwent (res, result, buffer,
- buflen, errnop)) == -1)
- {
- nis_freeresult (res);
- *errnop = ERANGE;
- return NSS_STATUS_TRYAGAIN;
- }
+ buflen, errnop)) == -1)
+ {
+ nis_freeresult (res);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
nis_freeresult (res);
}
else /* Use NIS */
@@ -1377,42 +1375,42 @@ getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
int outvallen;
if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
- {
- *errnop = errno;
- return NSS_STATUS_TRYAGAIN;
- }
+ {
+ *errnop = errno;
+ return NSS_STATUS_TRYAGAIN;
+ }
sprintf (buf, "%d", uid);
if (yp_match (domain, "passwd.byuid", buf, strlen (buf),
- &outval, &outvallen)
- != YPERR_SUCCESS)
- {
- *errnop = errno;
- return NSS_STATUS_TRYAGAIN;
- }
+ &outval, &outvallen)
+ != YPERR_SUCCESS)
+ {
+ *errnop = errno;
+ return NSS_STATUS_TRYAGAIN;
+ }
if (insert_passwd_adjunct (&outval, &outvallen, domain, errnop)
- != NSS_STATUS_SUCCESS)
- {
- free (outval);
- return NSS_STATUS_TRYAGAIN;
- }
+ != NSS_STATUS_SUCCESS)
+ {
+ free (outval);
+ return NSS_STATUS_TRYAGAIN;
+ }
if (buflen < ((size_t) outvallen + 1))
- {
- free (outval);
- *errnop = ERANGE;
- return NSS_STATUS_TRYAGAIN;
- }
+ {
+ free (outval);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
ptr = strncpy (buffer, outval, buflen);
free (outval);
while (isspace (*ptr))
- ptr++;
+ ptr++;
parse_res = _nss_files_parse_pwent (ptr, result, data, buflen, errnop);
if (parse_res == -1)
- return NSS_STATUS_TRYAGAIN;
+ return NSS_STATUS_TRYAGAIN;
}
if (parse_res > 0)
@@ -1434,7 +1432,7 @@ getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
/* Searches in /etc/passwd and the NIS/NIS+ map for a special user id */
static enum nss_status
internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
- char *buffer, size_t buflen, int *errnop)
+ char *buffer, size_t buflen, int *errnop)
{
struct parser_data *data = (void *) buffer;
@@ -1445,148 +1443,161 @@ internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
int parse_res;
do
- {
- fgetpos (ent->stream, &pos);
- buffer[buflen - 1] = '\xff';
- p = fgets (buffer, buflen, ent->stream);
- if (p == NULL && feof (ent->stream))
- return NSS_STATUS_NOTFOUND;
- if (p == NULL || buffer[buflen - 1] != '\xff')
- {
- fsetpos (ent->stream, &pos);
- *errnop = ERANGE;
- return NSS_STATUS_TRYAGAIN;
- }
-
- /* Terminate the line for any case. */
- buffer[buflen - 1] = '\0';
-
- /* Skip leading blanks. */
- while (isspace (*p))
- ++p;
- }
+ {
+ fgetpos (ent->stream, &pos);
+ buffer[buflen - 1] = '\xff';
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL && feof (ent->stream))
+ return NSS_STATUS_NOTFOUND;
+ if (p == NULL || buffer[buflen - 1] != '\xff')
+ {
+ fsetpos (ent->stream, &pos);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
- /* Parse the line. If it is invalid, loop to
- get the next line of the file to parse. */
- !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
- errnop)));
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen,
+ errnop)));
if (parse_res == -1)
- {
- /* The parser ran out of space. */
- fsetpos (ent->stream, &pos);
- *errnop = ERANGE;
- return NSS_STATUS_TRYAGAIN;
- }
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
/* This is a real entry. */
if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
- {
- if (result->pw_uid == uid)
- return NSS_STATUS_SUCCESS;
- else
- continue;
- }
+ {
+ if (result->pw_uid == uid)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
/* -@netgroup */
if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
- && result->pw_name[2] != '\0')
- {
- /* XXX Do not use fixed length buffers. */
- char buf2[1024];
- char *user, *host, *domain;
- struct __netgrent netgrdata;
+ && result->pw_name[2] != '\0')
+ {
+ char buf[strlen (result->pw_name)];
+ enum nss_status status;
- bzero (&netgrdata, sizeof (struct __netgrent));
- __internal_setnetgrent (&result->pw_name[2], &netgrdata);
- while (__internal_getnetgrent_r (&host, &user, &domain, &netgrdata,
- buf2, sizeof (buf2), errnop))
- {
- if (user != NULL && user[0] != '-')
- blacklist_store_name (user, ent);
- }
- __internal_endnetgrent (&netgrdata);
- continue;
- }
+ strcpy (buf, &result->pw_name[2]);
+
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
+ if (status == NSS_STATUS_SUCCESS &&
+ innetgr (buf, NULL, result->pw_name, NULL))
+ return NSS_STATUS_NOTFOUND;
+ continue;
+ }
/* +@netgroup */
if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
- && result->pw_name[2] != '\0')
- {
+ && result->pw_name[2] != '\0')
+ {
char buf[strlen (result->pw_name)];
- int status;
+ enum nss_status status;
strcpy (buf, &result->pw_name[2]);
- ent->netgroup = TRUE;
- ent->first = TRUE;
- copy_pwd_changes (&ent->pwd, result, NULL, 0);
- do
- {
- if (use_nisplus)
- status = getpwent_next_nisplus_netgr (NULL, result, ent, buf,
- buffer, buflen, errnop);
- else
- status = getpwent_next_nis_netgr (NULL, result, ent, buf,
- buffer, buflen, errnop);
- if (status == NSS_STATUS_RETURN)
- continue;
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
+
+ if (status == NSS_STATUS_RETURN)
+ continue;
- if (status == NSS_STATUS_SUCCESS && uid == result->pw_uid)
+ if (status == NSS_STATUS_SUCCESS)
+ {
+ if (innetgr (buf, NULL, result->pw_name, NULL))
return NSS_STATUS_SUCCESS;
- } while (status == NSS_STATUS_SUCCESS);
- continue;
+ }
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+
+ continue;
}
/* -user */
if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
- && result->pw_name[1] != '@')
- {
- blacklist_store_name (&result->pw_name[1], ent);
+ && result->pw_name[1] != '@')
+ {
+ char buf[strlen (result->pw_name)];
+ enum nss_status status;
+
+ strcpy (buf, &result->pw_name[1]);
+
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
+ if (status == NSS_STATUS_SUCCESS &&
+ innetgr (buf, NULL, result->pw_name, NULL))
+ return NSS_STATUS_NOTFOUND;
continue;
- }
+ }
/* +user */
if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
- && result->pw_name[1] != '@')
- {
+ && result->pw_name[1] != '@')
+ {
+ char buf[strlen (result->pw_name)];
enum nss_status status;
- /* Store the User in the blacklist for the "+" at the end of
- /etc/passwd */
- blacklist_store_name (&result->pw_name[1], ent);
- status = getpwnam_plususer (&result->pw_name[1], result, buffer,
- buflen, errnop);
- if (status == NSS_STATUS_SUCCESS && result->pw_uid == uid)
- break;
- else
+ strcpy (buf, &result->pw_name[1]);
+
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
+
+ if (status == NSS_STATUS_RETURN)
continue;
- }
+
+ if (status == NSS_STATUS_SUCCESS)
+ {
+ if (strcmp (buf, result->pw_name) == 0)
+ return NSS_STATUS_SUCCESS;
+ }
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+
+ continue;
+ }
/* +:... */
if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
- {
- enum nss_status status;
-
- status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
- if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
- break;
- else
- if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
- return NSS_STATUS_NOTFOUND;
- else
- return status;
- }
+ {
+ enum nss_status status;
+
+ status = getpwuid_plususer (uid, result, buffer, buflen, errnop);
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
+ break;
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
}
return NSS_STATUS_SUCCESS;
}
enum nss_status
_nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
- char *buffer, size_t buflen, int *errnop)
+ char *buffer, size_t buflen, int *errnop)
{
ent_t ent = {0, 0, 0, NULL, 0, NULL, NULL, {NULL, 0, 0},
- {NULL, NULL, 0, 0, NULL, NULL, NULL}};
+ {NULL, NULL, 0, 0, NULL, NULL, NULL}};
enum nss_status status;
__libc_lock_lock (lock);