1 /*- 2 * Copyright (c) 2003 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by 6 * Jacques A. Vidrine, Safeport Network Services, and Network 7 * Associates Laboratories, the Security Research Division of Network 8 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 */ 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include "namespace.h" 37 #include <sys/param.h> 38 #ifdef YP 39 #include <rpc/rpc.h> 40 #include <rpcsvc/yp_prot.h> 41 #include <rpcsvc/ypclnt.h> 42 #endif 43 #include <arpa/inet.h> 44 #include <errno.h> 45 #include <fcntl.h> 46 #ifdef HESIOD 47 #include <hesiod.h> 48 #endif 49 #include <netdb.h> 50 #include <nsswitch.h> 51 #include <pthread.h> 52 #include <pthread_np.h> 53 #include <pwd.h> 54 #include <stdlib.h> 55 #include <stdio.h> 56 #include <string.h> 57 #include <syslog.h> 58 #include <unistd.h> 59 #include "un-namespace.h" 60 #include <db.h> 61 #include "libc_private.h" 62 #include "pw_scan.h" 63 #include "nss_tls.h" 64 #ifdef NS_CACHING 65 #include "nscache.h" 66 #endif 67 68 #ifndef CTASSERT 69 #define CTASSERT(x) _CTASSERT(x, __LINE__) 70 #define _CTASSERT(x, y) __CTASSERT(x, y) 71 #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1] 72 #endif 73 74 /* Counter as stored in /etc/pwd.db */ 75 typedef int pwkeynum; 76 77 CTASSERT(MAXLOGNAME > sizeof(uid_t)); 78 CTASSERT(MAXLOGNAME > sizeof(pwkeynum)); 79 80 enum constants { 81 PWD_STORAGE_INITIAL = 1 << 10, /* 1 KByte */ 82 PWD_STORAGE_MAX = 1 << 20, /* 1 MByte */ 83 SETPWENT = 1, 84 ENDPWENT = 2, 85 HESIOD_NAME_MAX = 256 86 }; 87 88 static const ns_src defaultsrc[] = { 89 { NSSRC_COMPAT, NS_SUCCESS }, 90 { NULL, 0 } 91 }; 92 93 int __pw_match_entry(const char *, size_t, enum nss_lookup_type, 94 const char *, uid_t); 95 int __pw_parse_entry(char *, size_t, struct passwd *, int, int *errnop); 96 97 static void pwd_init(struct passwd *); 98 99 union key { 100 const char *name; 101 uid_t uid; 102 }; 103 104 static struct passwd *getpw(int (*fn)(union key, struct passwd *, char *, 105 size_t, struct passwd **), union key); 106 static int wrap_getpwnam_r(union key, struct passwd *, char *, 107 size_t, struct passwd **); 108 static int wrap_getpwuid_r(union key, struct passwd *, char *, size_t, 109 struct passwd **); 110 static int wrap_getpwent_r(union key, struct passwd *, char *, size_t, 111 struct passwd **); 112 113 static int pwdb_match_entry_v3(char *, size_t, enum nss_lookup_type, 114 const char *, uid_t); 115 static int pwdb_parse_entry_v3(char *, size_t, struct passwd *, int *); 116 static int pwdb_match_entry_v4(char *, size_t, enum nss_lookup_type, 117 const char *, uid_t); 118 static int pwdb_parse_entry_v4(char *, size_t, struct passwd *, int *); 119 120 121 struct { 122 int (*match)(char *, size_t, enum nss_lookup_type, const char *, 123 uid_t); 124 int (*parse)(char *, size_t, struct passwd *, int *); 125 } pwdb_versions[] = { 126 { NULL, NULL }, /* version 0 */ 127 { NULL, NULL }, /* version 1 */ 128 { NULL, NULL }, /* version 2 */ 129 { pwdb_match_entry_v3, pwdb_parse_entry_v3 }, /* version 3 */ 130 { pwdb_match_entry_v4, pwdb_parse_entry_v4 }, /* version 4 */ 131 }; 132 133 134 struct files_state { 135 DB *db; 136 pwkeynum keynum; 137 int stayopen; 138 int version; 139 }; 140 static void files_endstate(void *); 141 NSS_TLS_HANDLING(files); 142 static DB *pwdbopen(int *); 143 static void files_endstate(void *); 144 static int files_setpwent(void *, void *, va_list); 145 static int files_passwd(void *, void *, va_list); 146 147 148 #ifdef HESIOD 149 struct dns_state { 150 long counter; 151 }; 152 static void dns_endstate(void *); 153 NSS_TLS_HANDLING(dns); 154 static int dns_setpwent(void *, void *, va_list); 155 static int dns_passwd(void *, void *, va_list); 156 #endif 157 158 159 #ifdef YP 160 struct nis_state { 161 char domain[MAXHOSTNAMELEN]; 162 int done; 163 char *key; 164 int keylen; 165 }; 166 static void nis_endstate(void *); 167 NSS_TLS_HANDLING(nis); 168 static int nis_setpwent(void *, void *, va_list); 169 static int nis_passwd(void *, void *, va_list); 170 static int nis_map(char *, enum nss_lookup_type, char *, size_t, int *); 171 static int nis_adjunct(char *, const char *, char *, size_t); 172 #endif 173 174 175 struct compat_state { 176 DB *db; 177 pwkeynum keynum; 178 int stayopen; 179 int version; 180 DB *exclude; 181 struct passwd template; 182 char *name; 183 enum _compat { 184 COMPAT_MODE_OFF = 0, 185 COMPAT_MODE_ALL, 186 COMPAT_MODE_NAME, 187 COMPAT_MODE_NETGROUP 188 } compat; 189 }; 190 static void compat_endstate(void *); 191 NSS_TLS_HANDLING(compat); 192 static int compat_setpwent(void *, void *, va_list); 193 static int compat_passwd(void *, void *, va_list); 194 static void compat_clear_template(struct passwd *); 195 static int compat_set_template(struct passwd *, struct passwd *); 196 static int compat_use_template(struct passwd *, struct passwd *, char *, 197 size_t); 198 static int compat_redispatch(struct compat_state *, enum nss_lookup_type, 199 enum nss_lookup_type, const char *, const char *, uid_t, 200 struct passwd *, char *, size_t, int *); 201 202 #ifdef NS_CACHING 203 static int pwd_id_func(char *, size_t *, va_list ap, void *); 204 static int pwd_marshal_func(char *, size_t *, void *, va_list, void *); 205 static int pwd_unmarshal_func(char *, size_t, void *, va_list, void *); 206 207 static int 208 pwd_id_func(char *buffer, size_t *buffer_size, va_list ap, void *cache_mdata) 209 { 210 char *name; 211 uid_t uid; 212 size_t size, desired_size; 213 int res = NS_UNAVAIL; 214 enum nss_lookup_type lookup_type; 215 216 lookup_type = (enum nss_lookup_type)cache_mdata; 217 switch (lookup_type) { 218 case nss_lt_name: 219 name = va_arg(ap, char *); 220 size = strlen(name); 221 desired_size = sizeof(enum nss_lookup_type) + size + 1; 222 if (desired_size > *buffer_size) { 223 res = NS_RETURN; 224 goto fin; 225 } 226 227 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type)); 228 memcpy(buffer + sizeof(enum nss_lookup_type), name, size + 1); 229 230 res = NS_SUCCESS; 231 break; 232 case nss_lt_id: 233 uid = va_arg(ap, uid_t); 234 desired_size = sizeof(enum nss_lookup_type) + sizeof(uid_t); 235 if (desired_size > *buffer_size) { 236 res = NS_RETURN; 237 goto fin; 238 } 239 240 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type)); 241 memcpy(buffer + sizeof(enum nss_lookup_type), &uid, 242 sizeof(uid_t)); 243 244 res = NS_SUCCESS; 245 break; 246 default: 247 /* should be unreachable */ 248 return (NS_UNAVAIL); 249 } 250 251 fin: 252 *buffer_size = desired_size; 253 return (res); 254 } 255 256 static int 257 pwd_marshal_func(char *buffer, size_t *buffer_size, void *retval, va_list ap, 258 void *cache_mdata) 259 { 260 char *name; 261 uid_t uid; 262 struct passwd *pwd; 263 char *orig_buf; 264 size_t orig_buf_size; 265 266 struct passwd new_pwd; 267 size_t desired_size, size; 268 char *p; 269 270 switch ((enum nss_lookup_type)cache_mdata) { 271 case nss_lt_name: 272 name = va_arg(ap, char *); 273 break; 274 case nss_lt_id: 275 uid = va_arg(ap, uid_t); 276 break; 277 case nss_lt_all: 278 break; 279 default: 280 /* should be unreachable */ 281 return (NS_UNAVAIL); 282 } 283 284 pwd = va_arg(ap, struct passwd *); 285 orig_buf = va_arg(ap, char *); 286 orig_buf_size = va_arg(ap, size_t); 287 288 desired_size = sizeof(struct passwd) + sizeof(char *) + 289 strlen(pwd->pw_name) + 1; 290 if (pwd->pw_passwd != NULL) 291 desired_size += strlen(pwd->pw_passwd) + 1; 292 if (pwd->pw_class != NULL) 293 desired_size += strlen(pwd->pw_class) + 1; 294 if (pwd->pw_gecos != NULL) 295 desired_size += strlen(pwd->pw_gecos) + 1; 296 if (pwd->pw_dir != NULL) 297 desired_size += strlen(pwd->pw_dir) + 1; 298 if (pwd->pw_shell != NULL) 299 desired_size += strlen(pwd->pw_shell) + 1; 300 301 if (*buffer_size < desired_size) { 302 /* this assignment is here for future use */ 303 *buffer_size = desired_size; 304 return (NS_RETURN); 305 } 306 307 memcpy(&new_pwd, pwd, sizeof(struct passwd)); 308 memset(buffer, 0, desired_size); 309 310 *buffer_size = desired_size; 311 p = buffer + sizeof(struct passwd) + sizeof(char *); 312 memcpy(buffer + sizeof(struct passwd), &p, sizeof(char *)); 313 314 if (new_pwd.pw_name != NULL) { 315 size = strlen(new_pwd.pw_name); 316 memcpy(p, new_pwd.pw_name, size); 317 new_pwd.pw_name = p; 318 p += size + 1; 319 } 320 321 if (new_pwd.pw_passwd != NULL) { 322 size = strlen(new_pwd.pw_passwd); 323 memcpy(p, new_pwd.pw_passwd, size); 324 new_pwd.pw_passwd = p; 325 p += size + 1; 326 } 327 328 if (new_pwd.pw_class != NULL) { 329 size = strlen(new_pwd.pw_class); 330 memcpy(p, new_pwd.pw_class, size); 331 new_pwd.pw_class = p; 332 p += size + 1; 333 } 334 335 if (new_pwd.pw_gecos != NULL) { 336 size = strlen(new_pwd.pw_gecos); 337 memcpy(p, new_pwd.pw_gecos, size); 338 new_pwd.pw_gecos = p; 339 p += size + 1; 340 } 341 342 if (new_pwd.pw_dir != NULL) { 343 size = strlen(new_pwd.pw_dir); 344 memcpy(p, new_pwd.pw_dir, size); 345 new_pwd.pw_dir = p; 346 p += size + 1; 347 } 348 349 if (new_pwd.pw_shell != NULL) { 350 size = strlen(new_pwd.pw_shell); 351 memcpy(p, new_pwd.pw_shell, size); 352 new_pwd.pw_shell = p; 353 p += size + 1; 354 } 355 356 memcpy(buffer, &new_pwd, sizeof(struct passwd)); 357 return (NS_SUCCESS); 358 } 359 360 static int 361 pwd_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap, 362 void *cache_mdata) 363 { 364 char *name; 365 uid_t uid; 366 struct passwd *pwd; 367 char *orig_buf; 368 size_t orig_buf_size; 369 int *ret_errno; 370 371 char *p; 372 373 switch ((enum nss_lookup_type)cache_mdata) { 374 case nss_lt_name: 375 name = va_arg(ap, char *); 376 break; 377 case nss_lt_id: 378 uid = va_arg(ap, uid_t); 379 break; 380 case nss_lt_all: 381 break; 382 default: 383 /* should be unreachable */ 384 return (NS_UNAVAIL); 385 } 386 387 pwd = va_arg(ap, struct passwd *); 388 orig_buf = va_arg(ap, char *); 389 orig_buf_size = va_arg(ap, size_t); 390 ret_errno = va_arg(ap, int *); 391 392 if (orig_buf_size < 393 buffer_size - sizeof(struct passwd) - sizeof(char *)) { 394 *ret_errno = ERANGE; 395 return (NS_RETURN); 396 } 397 398 memcpy(pwd, buffer, sizeof(struct passwd)); 399 memcpy(&p, buffer + sizeof(struct passwd), sizeof(char *)); 400 memcpy(orig_buf, buffer + sizeof(struct passwd) + sizeof(char *), 401 buffer_size - sizeof(struct passwd) - sizeof(char *)); 402 403 NS_APPLY_OFFSET(pwd->pw_name, orig_buf, p, char *); 404 NS_APPLY_OFFSET(pwd->pw_passwd, orig_buf, p, char *); 405 NS_APPLY_OFFSET(pwd->pw_class, orig_buf, p, char *); 406 NS_APPLY_OFFSET(pwd->pw_gecos, orig_buf, p, char *); 407 NS_APPLY_OFFSET(pwd->pw_dir, orig_buf, p, char *); 408 NS_APPLY_OFFSET(pwd->pw_shell, orig_buf, p, char *); 409 410 if (retval != NULL) 411 *((struct passwd **)retval) = pwd; 412 413 return (NS_SUCCESS); 414 } 415 416 NSS_MP_CACHE_HANDLING(passwd); 417 #endif /* NS_CACHING */ 418 419 void 420 setpwent(void) 421 { 422 #ifdef NS_CACHING 423 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER( 424 passwd, (void *)nss_lt_all, 425 NULL, NULL); 426 #endif 427 428 static const ns_dtab dtab[] = { 429 { NSSRC_FILES, files_setpwent, (void *)SETPWENT }, 430 #ifdef HESIOD 431 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT }, 432 #endif 433 #ifdef YP 434 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT }, 435 #endif 436 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT }, 437 #ifdef NS_CACHING 438 NS_CACHE_CB(&cache_info) 439 #endif 440 { NULL, NULL, NULL } 441 }; 442 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, 0); 443 } 444 445 446 int 447 setpassent(int stayopen) 448 { 449 #ifdef NS_CACHING 450 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER( 451 passwd, (void *)nss_lt_all, 452 NULL, NULL); 453 #endif 454 455 static const ns_dtab dtab[] = { 456 { NSSRC_FILES, files_setpwent, (void *)SETPWENT }, 457 #ifdef HESIOD 458 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT }, 459 #endif 460 #ifdef YP 461 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT }, 462 #endif 463 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT }, 464 #ifdef NS_CACHING 465 NS_CACHE_CB(&cache_info) 466 #endif 467 { NULL, NULL, NULL } 468 }; 469 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, 470 stayopen); 471 return (1); 472 } 473 474 475 void 476 endpwent(void) 477 { 478 #ifdef NS_CACHING 479 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER( 480 passwd, (void *)nss_lt_all, 481 NULL, NULL); 482 #endif 483 484 static const ns_dtab dtab[] = { 485 { NSSRC_FILES, files_setpwent, (void *)ENDPWENT }, 486 #ifdef HESIOD 487 { NSSRC_DNS, dns_setpwent, (void *)ENDPWENT }, 488 #endif 489 #ifdef YP 490 { NSSRC_NIS, nis_setpwent, (void *)ENDPWENT }, 491 #endif 492 { NSSRC_COMPAT, compat_setpwent, (void *)ENDPWENT }, 493 #ifdef NS_CACHING 494 NS_CACHE_CB(&cache_info) 495 #endif 496 { NULL, NULL, NULL } 497 }; 498 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "endpwent", defaultsrc); 499 } 500 501 502 int 503 getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize, 504 struct passwd **result) 505 { 506 #ifdef NS_CACHING 507 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER( 508 passwd, (void *)nss_lt_all, 509 pwd_marshal_func, pwd_unmarshal_func); 510 #endif 511 512 static const ns_dtab dtab[] = { 513 { NSSRC_FILES, files_passwd, (void *)nss_lt_all }, 514 #ifdef HESIOD 515 { NSSRC_DNS, dns_passwd, (void *)nss_lt_all }, 516 #endif 517 #ifdef YP 518 { NSSRC_NIS, nis_passwd, (void *)nss_lt_all }, 519 #endif 520 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_all }, 521 #ifdef NS_CACHING 522 NS_CACHE_CB(&cache_info) 523 #endif 524 { NULL, NULL, NULL } 525 }; 526 int rv, ret_errno; 527 528 pwd_init(pwd); 529 ret_errno = 0; 530 *result = NULL; 531 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwent_r", defaultsrc, 532 pwd, buffer, bufsize, &ret_errno); 533 if (rv == NS_SUCCESS) 534 return (0); 535 else 536 return (ret_errno); 537 } 538 539 540 int 541 getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t bufsize, 542 struct passwd **result) 543 { 544 #ifdef NS_CACHING 545 static const nss_cache_info cache_info = 546 NS_COMMON_CACHE_INFO_INITIALIZER( 547 passwd, (void *)nss_lt_name, 548 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func); 549 #endif 550 551 static const ns_dtab dtab[] = { 552 { NSSRC_FILES, files_passwd, (void *)nss_lt_name }, 553 #ifdef HESIOD 554 { NSSRC_DNS, dns_passwd, (void *)nss_lt_name }, 555 #endif 556 #ifdef YP 557 { NSSRC_NIS, nis_passwd, (void *)nss_lt_name }, 558 #endif 559 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_name }, 560 #ifdef NS_CACHING 561 NS_CACHE_CB(&cache_info) 562 #endif 563 { NULL, NULL, NULL } 564 }; 565 int rv, ret_errno; 566 567 pwd_init(pwd); 568 ret_errno = 0; 569 *result = NULL; 570 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwnam_r", defaultsrc, 571 name, pwd, buffer, bufsize, &ret_errno); 572 if (rv == NS_SUCCESS) 573 return (0); 574 else 575 return (ret_errno); 576 } 577 578 579 int 580 getpwuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, 581 struct passwd **result) 582 { 583 #ifdef NS_CACHING 584 static const nss_cache_info cache_info = 585 NS_COMMON_CACHE_INFO_INITIALIZER( 586 passwd, (void *)nss_lt_id, 587 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func); 588 #endif 589 590 static const ns_dtab dtab[] = { 591 { NSSRC_FILES, files_passwd, (void *)nss_lt_id }, 592 #ifdef HESIOD 593 { NSSRC_DNS, dns_passwd, (void *)nss_lt_id }, 594 #endif 595 #ifdef YP 596 { NSSRC_NIS, nis_passwd, (void *)nss_lt_id }, 597 #endif 598 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_id }, 599 #ifdef NS_CACHING 600 NS_CACHE_CB(&cache_info) 601 #endif 602 { NULL, NULL, NULL } 603 }; 604 int rv, ret_errno; 605 606 pwd_init(pwd); 607 ret_errno = 0; 608 *result = NULL; 609 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwuid_r", defaultsrc, 610 uid, pwd, buffer, bufsize, &ret_errno); 611 if (rv == NS_SUCCESS) 612 return (0); 613 else 614 return (ret_errno); 615 } 616 617 618 static void 619 pwd_init(struct passwd *pwd) 620 { 621 static char nul[] = ""; 622 623 memset(pwd, 0, sizeof(*pwd)); 624 pwd->pw_uid = (uid_t)-1; /* Considered least likely to lead to */ 625 pwd->pw_gid = (gid_t)-1; /* a security issue. */ 626 pwd->pw_name = nul; 627 pwd->pw_passwd = nul; 628 pwd->pw_class = nul; 629 pwd->pw_gecos = nul; 630 pwd->pw_dir = nul; 631 pwd->pw_shell = nul; 632 } 633 634 635 static struct passwd pwd; 636 static char *pwd_storage; 637 static size_t pwd_storage_size; 638 639 640 static struct passwd * 641 getpw(int (*fn)(union key, struct passwd *, char *, size_t, struct passwd **), 642 union key key) 643 { 644 int rv; 645 struct passwd *res; 646 647 if (pwd_storage == NULL) { 648 pwd_storage = malloc(PWD_STORAGE_INITIAL); 649 if (pwd_storage == NULL) 650 return (NULL); 651 pwd_storage_size = PWD_STORAGE_INITIAL; 652 } 653 do { 654 rv = fn(key, &pwd, pwd_storage, pwd_storage_size, &res); 655 if (res == NULL && rv == ERANGE) { 656 free(pwd_storage); 657 if ((pwd_storage_size << 1) > PWD_STORAGE_MAX) { 658 pwd_storage = NULL; 659 errno = ERANGE; 660 return (NULL); 661 } 662 pwd_storage_size <<= 1; 663 pwd_storage = malloc(pwd_storage_size); 664 if (pwd_storage == NULL) 665 return (NULL); 666 } 667 } while (res == NULL && rv == ERANGE); 668 if (rv != 0) 669 errno = rv; 670 return (res); 671 } 672 673 674 static int 675 wrap_getpwnam_r(union key key, struct passwd *pwd, char *buffer, 676 size_t bufsize, struct passwd **res) 677 { 678 return (getpwnam_r(key.name, pwd, buffer, bufsize, res)); 679 } 680 681 682 static int 683 wrap_getpwuid_r(union key key, struct passwd *pwd, char *buffer, 684 size_t bufsize, struct passwd **res) 685 { 686 return (getpwuid_r(key.uid, pwd, buffer, bufsize, res)); 687 } 688 689 690 static int 691 wrap_getpwent_r(union key key __unused, struct passwd *pwd, char *buffer, 692 size_t bufsize, struct passwd **res) 693 { 694 return (getpwent_r(pwd, buffer, bufsize, res)); 695 } 696 697 698 struct passwd * 699 getpwnam(const char *name) 700 { 701 union key key; 702 703 key.name = name; 704 return (getpw(wrap_getpwnam_r, key)); 705 } 706 707 708 struct passwd * 709 getpwuid(uid_t uid) 710 { 711 union key key; 712 713 key.uid = uid; 714 return (getpw(wrap_getpwuid_r, key)); 715 } 716 717 718 struct passwd * 719 getpwent(void) 720 { 721 union key key; 722 723 key.uid = 0; /* not used */ 724 return (getpw(wrap_getpwent_r, key)); 725 } 726 727 728 /* 729 * files backend 730 */ 731 static DB * 732 pwdbopen(int *version) 733 { 734 DB *res; 735 DBT key, entry; 736 int rv; 737 738 if (geteuid() != 0 || 739 (res = dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) == NULL) 740 res = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL); 741 if (res == NULL) 742 return (NULL); 743 key.data = _PWD_VERSION_KEY; 744 key.size = strlen(_PWD_VERSION_KEY); 745 rv = res->get(res, &key, &entry, 0); 746 if (rv == 0) 747 *version = *(unsigned char *)entry.data; 748 else 749 *version = 3; 750 if (*version < 3 || 751 *version >= nitems(pwdb_versions)) { 752 syslog(LOG_CRIT, "Unsupported password database version %d", 753 *version); 754 res->close(res); 755 res = NULL; 756 } 757 return (res); 758 } 759 760 761 static void 762 files_endstate(void *p) 763 { 764 DB *db; 765 766 if (p == NULL) 767 return; 768 db = ((struct files_state *)p)->db; 769 if (db != NULL) 770 db->close(db); 771 free(p); 772 } 773 774 775 static int 776 files_setpwent(void *retval, void *mdata, va_list ap) 777 { 778 struct files_state *st; 779 int rv, stayopen; 780 781 rv = files_getstate(&st); 782 if (rv != 0) 783 return (NS_UNAVAIL); 784 switch ((enum constants)mdata) { 785 case SETPWENT: 786 stayopen = va_arg(ap, int); 787 st->keynum = 0; 788 if (stayopen) 789 st->db = pwdbopen(&st->version); 790 st->stayopen = stayopen; 791 break; 792 case ENDPWENT: 793 if (st->db != NULL) { 794 (void)st->db->close(st->db); 795 st->db = NULL; 796 } 797 break; 798 default: 799 break; 800 } 801 return (NS_UNAVAIL); 802 } 803 804 805 static int 806 files_passwd(void *retval, void *mdata, va_list ap) 807 { 808 char keybuf[MAXLOGNAME + 1]; 809 DBT key, entry; 810 struct files_state *st; 811 enum nss_lookup_type how; 812 const char *name; 813 struct passwd *pwd; 814 char *buffer; 815 size_t bufsize, namesize; 816 uid_t uid; 817 uint32_t store; 818 int rv, stayopen = 0, *errnop; 819 820 name = NULL; 821 uid = (uid_t)-1; 822 how = (enum nss_lookup_type)mdata; 823 switch (how) { 824 case nss_lt_name: 825 name = va_arg(ap, const char *); 826 keybuf[0] = _PW_KEYBYNAME; 827 break; 828 case nss_lt_id: 829 uid = va_arg(ap, uid_t); 830 keybuf[0] = _PW_KEYBYUID; 831 break; 832 case nss_lt_all: 833 keybuf[0] = _PW_KEYBYNUM; 834 break; 835 default: 836 rv = NS_NOTFOUND; 837 goto fin; 838 } 839 pwd = va_arg(ap, struct passwd *); 840 buffer = va_arg(ap, char *); 841 bufsize = va_arg(ap, size_t); 842 errnop = va_arg(ap, int *); 843 *errnop = files_getstate(&st); 844 if (*errnop != 0) 845 return (NS_UNAVAIL); 846 if (how == nss_lt_all && st->keynum < 0) { 847 rv = NS_NOTFOUND; 848 goto fin; 849 } 850 if (st->db == NULL && 851 (st->db = pwdbopen(&st->version)) == NULL) { 852 *errnop = errno; 853 rv = NS_UNAVAIL; 854 goto fin; 855 } 856 if (how == nss_lt_all) 857 stayopen = 1; 858 else 859 stayopen = st->stayopen; 860 key.data = keybuf; 861 do { 862 switch (how) { 863 case nss_lt_name: 864 /* MAXLOGNAME includes NUL byte, but we do not 865 * include the NUL byte in the key. 866 */ 867 namesize = strlcpy(&keybuf[1], name, sizeof(keybuf)-1); 868 if (namesize >= sizeof(keybuf)-1) { 869 *errnop = EINVAL; 870 rv = NS_NOTFOUND; 871 goto fin; 872 } 873 key.size = namesize + 1; 874 break; 875 case nss_lt_id: 876 if (st->version < _PWD_CURRENT_VERSION) { 877 memcpy(&keybuf[1], &uid, sizeof(uid)); 878 key.size = sizeof(uid) + 1; 879 } else { 880 store = htonl(uid); 881 memcpy(&keybuf[1], &store, sizeof(store)); 882 key.size = sizeof(store) + 1; 883 } 884 break; 885 case nss_lt_all: 886 st->keynum++; 887 if (st->version < _PWD_CURRENT_VERSION) { 888 memcpy(&keybuf[1], &st->keynum, 889 sizeof(st->keynum)); 890 key.size = sizeof(st->keynum) + 1; 891 } else { 892 store = htonl(st->keynum); 893 memcpy(&keybuf[1], &store, sizeof(store)); 894 key.size = sizeof(store) + 1; 895 } 896 break; 897 } 898 keybuf[0] = _PW_VERSIONED(keybuf[0], st->version); 899 rv = st->db->get(st->db, &key, &entry, 0); 900 if (rv < 0 || rv > 1) { /* should never return > 1 */ 901 *errnop = errno; 902 rv = NS_UNAVAIL; 903 goto fin; 904 } else if (rv == 1) { 905 if (how == nss_lt_all) 906 st->keynum = -1; 907 rv = NS_NOTFOUND; 908 goto fin; 909 } 910 rv = pwdb_versions[st->version].match(entry.data, entry.size, 911 how, name, uid); 912 if (rv != NS_SUCCESS) 913 continue; 914 if (entry.size > bufsize) { 915 *errnop = ERANGE; 916 rv = NS_RETURN; 917 break; 918 } 919 memcpy(buffer, entry.data, entry.size); 920 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd, 921 errnop); 922 } while (how == nss_lt_all && !(rv & NS_TERMINATE)); 923 fin: 924 if (st->db != NULL && !stayopen) { 925 (void)st->db->close(st->db); 926 st->db = NULL; 927 } 928 if (rv == NS_SUCCESS) { 929 pwd->pw_fields &= ~_PWF_SOURCE; 930 pwd->pw_fields |= _PWF_FILES; 931 if (retval != NULL) 932 *(struct passwd **)retval = pwd; 933 } 934 return (rv); 935 } 936 937 938 static int 939 pwdb_match_entry_v3(char *entry, size_t entrysize, enum nss_lookup_type how, 940 const char *name, uid_t uid) 941 { 942 const char *p, *eom; 943 uid_t uid2; 944 945 eom = &entry[entrysize]; 946 for (p = entry; p < eom; p++) 947 if (*p == '\0') 948 break; 949 if (*p != '\0') 950 return (NS_NOTFOUND); 951 if (how == nss_lt_all) 952 return (NS_SUCCESS); 953 if (how == nss_lt_name) 954 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND); 955 for (p++; p < eom; p++) 956 if (*p == '\0') 957 break; 958 if (*p != '\0' || (++p) + sizeof(uid) >= eom) 959 return (NS_NOTFOUND); 960 memcpy(&uid2, p, sizeof(uid2)); 961 return (uid == uid2 ? NS_SUCCESS : NS_NOTFOUND); 962 } 963 964 965 static int 966 pwdb_parse_entry_v3(char *buffer, size_t bufsize, struct passwd *pwd, 967 int *errnop) 968 { 969 char *p, *eom; 970 int32_t pw_change, pw_expire; 971 972 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */ 973 p = buffer; 974 eom = &buffer[bufsize]; 975 #define STRING(field) do { \ 976 (field) = p; \ 977 while (p < eom && *p != '\0') \ 978 p++; \ 979 if (p >= eom) \ 980 return (NS_NOTFOUND); \ 981 p++; \ 982 } while (0) 983 #define SCALAR(field) do { \ 984 if (p + sizeof(field) > eom) \ 985 return (NS_NOTFOUND); \ 986 memcpy(&(field), p, sizeof(field)); \ 987 p += sizeof(field); \ 988 } while (0) 989 STRING(pwd->pw_name); 990 STRING(pwd->pw_passwd); 991 SCALAR(pwd->pw_uid); 992 SCALAR(pwd->pw_gid); 993 SCALAR(pw_change); 994 STRING(pwd->pw_class); 995 STRING(pwd->pw_gecos); 996 STRING(pwd->pw_dir); 997 STRING(pwd->pw_shell); 998 SCALAR(pw_expire); 999 SCALAR(pwd->pw_fields); 1000 #undef STRING 1001 #undef SCALAR 1002 pwd->pw_change = pw_change; 1003 pwd->pw_expire = pw_expire; 1004 return (NS_SUCCESS); 1005 } 1006 1007 1008 static int 1009 pwdb_match_entry_v4(char *entry, size_t entrysize, enum nss_lookup_type how, 1010 const char *name, uid_t uid) 1011 { 1012 const char *p, *eom; 1013 uint32_t uid2; 1014 1015 eom = &entry[entrysize]; 1016 for (p = entry; p < eom; p++) 1017 if (*p == '\0') 1018 break; 1019 if (*p != '\0') 1020 return (NS_NOTFOUND); 1021 if (how == nss_lt_all) 1022 return (NS_SUCCESS); 1023 if (how == nss_lt_name) 1024 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND); 1025 for (p++; p < eom; p++) 1026 if (*p == '\0') 1027 break; 1028 if (*p != '\0' || (++p) + sizeof(uid) >= eom) 1029 return (NS_NOTFOUND); 1030 memcpy(&uid2, p, sizeof(uid2)); 1031 uid2 = ntohl(uid2); 1032 return (uid == (uid_t)uid2 ? NS_SUCCESS : NS_NOTFOUND); 1033 } 1034 1035 1036 static int 1037 pwdb_parse_entry_v4(char *buffer, size_t bufsize, struct passwd *pwd, 1038 int *errnop) 1039 { 1040 char *p, *eom; 1041 uint32_t n; 1042 1043 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */ 1044 p = buffer; 1045 eom = &buffer[bufsize]; 1046 #define STRING(field) do { \ 1047 (field) = p; \ 1048 while (p < eom && *p != '\0') \ 1049 p++; \ 1050 if (p >= eom) \ 1051 return (NS_NOTFOUND); \ 1052 p++; \ 1053 } while (0) 1054 #define SCALAR(field) do { \ 1055 if (p + sizeof(n) > eom) \ 1056 return (NS_NOTFOUND); \ 1057 memcpy(&n, p, sizeof(n)); \ 1058 (field) = ntohl(n); \ 1059 p += sizeof(n); \ 1060 } while (0) 1061 STRING(pwd->pw_name); 1062 STRING(pwd->pw_passwd); 1063 SCALAR(pwd->pw_uid); 1064 SCALAR(pwd->pw_gid); 1065 SCALAR(pwd->pw_change); 1066 STRING(pwd->pw_class); 1067 STRING(pwd->pw_gecos); 1068 STRING(pwd->pw_dir); 1069 STRING(pwd->pw_shell); 1070 SCALAR(pwd->pw_expire); 1071 SCALAR(pwd->pw_fields); 1072 #undef STRING 1073 #undef SCALAR 1074 return (NS_SUCCESS); 1075 } 1076 1077 1078 #ifdef HESIOD 1079 /* 1080 * dns backend 1081 */ 1082 static void 1083 dns_endstate(void *p) 1084 { 1085 free(p); 1086 } 1087 1088 1089 static int 1090 dns_setpwent(void *retval, void *mdata, va_list ap) 1091 { 1092 struct dns_state *st; 1093 int rv; 1094 1095 rv = dns_getstate(&st); 1096 if (rv != 0) 1097 return (NS_UNAVAIL); 1098 st->counter = 0; 1099 return (NS_UNAVAIL); 1100 } 1101 1102 1103 static int 1104 dns_passwd(void *retval, void *mdata, va_list ap) 1105 { 1106 char buf[HESIOD_NAME_MAX]; 1107 struct dns_state *st; 1108 struct passwd *pwd; 1109 const char *name, *label; 1110 void *ctx; 1111 char *buffer, **hes; 1112 size_t bufsize, linesize; 1113 uid_t uid; 1114 enum nss_lookup_type how; 1115 int rv, *errnop; 1116 1117 ctx = NULL; 1118 hes = NULL; 1119 name = NULL; 1120 uid = (uid_t)-1; 1121 how = (enum nss_lookup_type)mdata; 1122 switch (how) { 1123 case nss_lt_name: 1124 name = va_arg(ap, const char *); 1125 break; 1126 case nss_lt_id: 1127 uid = va_arg(ap, uid_t); 1128 break; 1129 case nss_lt_all: 1130 break; 1131 } 1132 pwd = va_arg(ap, struct passwd *); 1133 buffer = va_arg(ap, char *); 1134 bufsize = va_arg(ap, size_t); 1135 errnop = va_arg(ap, int *); 1136 *errnop = dns_getstate(&st); 1137 if (*errnop != 0) 1138 return (NS_UNAVAIL); 1139 if (hesiod_init(&ctx) != 0) { 1140 *errnop = errno; 1141 rv = NS_UNAVAIL; 1142 goto fin; 1143 } 1144 do { 1145 rv = NS_NOTFOUND; 1146 switch (how) { 1147 case nss_lt_name: 1148 label = name; 1149 break; 1150 case nss_lt_id: 1151 if (snprintf(buf, sizeof(buf), "%lu", 1152 (unsigned long)uid) >= sizeof(buf)) 1153 goto fin; 1154 label = buf; 1155 break; 1156 case nss_lt_all: 1157 if (st->counter < 0) 1158 goto fin; 1159 if (snprintf(buf, sizeof(buf), "passwd-%ld", 1160 st->counter++) >= sizeof(buf)) 1161 goto fin; 1162 label = buf; 1163 break; 1164 } 1165 hes = hesiod_resolve(ctx, label, 1166 how == nss_lt_id ? "uid" : "passwd"); 1167 if (hes == NULL) { 1168 if (how == nss_lt_all) 1169 st->counter = -1; 1170 if (errno != ENOENT) 1171 *errnop = errno; 1172 goto fin; 1173 } 1174 rv = __pw_match_entry(hes[0], strlen(hes[0]), how, name, uid); 1175 if (rv != NS_SUCCESS) { 1176 hesiod_free_list(ctx, hes); 1177 hes = NULL; 1178 continue; 1179 } 1180 linesize = strlcpy(buffer, hes[0], bufsize); 1181 if (linesize >= bufsize) { 1182 *errnop = ERANGE; 1183 rv = NS_RETURN; 1184 continue; 1185 } 1186 hesiod_free_list(ctx, hes); 1187 hes = NULL; 1188 rv = __pw_parse_entry(buffer, bufsize, pwd, 0, errnop); 1189 } while (how == nss_lt_all && !(rv & NS_TERMINATE)); 1190 fin: 1191 if (hes != NULL) 1192 hesiod_free_list(ctx, hes); 1193 if (ctx != NULL) 1194 hesiod_end(ctx); 1195 if (rv == NS_SUCCESS) { 1196 pwd->pw_fields &= ~_PWF_SOURCE; 1197 pwd->pw_fields |= _PWF_HESIOD; 1198 if (retval != NULL) 1199 *(struct passwd **)retval = pwd; 1200 } 1201 return (rv); 1202 } 1203 #endif /* HESIOD */ 1204 1205 1206 #ifdef YP 1207 /* 1208 * nis backend 1209 */ 1210 static void 1211 nis_endstate(void *p) 1212 { 1213 free(((struct nis_state *)p)->key); 1214 free(p); 1215 } 1216 1217 /* 1218 * Test for the presence of special FreeBSD-specific master.passwd.by* 1219 * maps. We do this using yp_order(). If it fails, then either the server 1220 * doesn't have the map, or the YPPROC_ORDER procedure isn't supported by 1221 * the server (Sun NIS+ servers in YP compat mode behave this way). If 1222 * the master.passwd.by* maps don't exist, then let the lookup routine try 1223 * the regular passwd.by* maps instead. If the lookup routine fails, it 1224 * can return an error as needed. 1225 */ 1226 static int 1227 nis_map(char *domain, enum nss_lookup_type how, char *buffer, size_t bufsize, 1228 int *master) 1229 { 1230 int rv, order; 1231 1232 *master = 0; 1233 if (geteuid() == 0) { 1234 if (snprintf(buffer, bufsize, "master.passwd.by%s", 1235 (how == nss_lt_id) ? "uid" : "name") >= bufsize) 1236 return (NS_UNAVAIL); 1237 rv = yp_order(domain, buffer, &order); 1238 if (rv == 0) { 1239 *master = 1; 1240 return (NS_SUCCESS); 1241 } 1242 } 1243 1244 if (snprintf(buffer, bufsize, "passwd.by%s", 1245 (how == nss_lt_id) ? "uid" : "name") >= bufsize) 1246 return (NS_UNAVAIL); 1247 1248 return (NS_SUCCESS); 1249 } 1250 1251 1252 static int 1253 nis_adjunct(char *domain, const char *name, char *buffer, size_t bufsize) 1254 { 1255 int rv; 1256 char *result, *p, *q, *eor; 1257 int resultlen; 1258 1259 result = NULL; 1260 rv = yp_match(domain, "passwd.adjunct.byname", name, strlen(name), 1261 &result, &resultlen); 1262 if (rv != 0) 1263 rv = 1; 1264 else { 1265 eor = &result[resultlen]; 1266 p = memchr(result, ':', eor - result); 1267 if (p != NULL && ++p < eor && 1268 (q = memchr(p, ':', eor - p)) != NULL) { 1269 if (q - p >= bufsize) 1270 rv = -1; 1271 else { 1272 memcpy(buffer, p, q - p); 1273 buffer[q - p] ='\0'; 1274 } 1275 } else 1276 rv = 1; 1277 } 1278 free(result); 1279 return (rv); 1280 } 1281 1282 1283 static int 1284 nis_setpwent(void *retval, void *mdata, va_list ap) 1285 { 1286 struct nis_state *st; 1287 int rv; 1288 1289 rv = nis_getstate(&st); 1290 if (rv != 0) 1291 return (NS_UNAVAIL); 1292 st->done = 0; 1293 free(st->key); 1294 st->key = NULL; 1295 return (NS_UNAVAIL); 1296 } 1297 1298 1299 static int 1300 nis_passwd(void *retval, void *mdata, va_list ap) 1301 { 1302 char map[YPMAXMAP]; 1303 struct nis_state *st; 1304 struct passwd *pwd; 1305 const char *name; 1306 char *buffer, *key, *result; 1307 size_t bufsize; 1308 uid_t uid; 1309 enum nss_lookup_type how; 1310 int *errnop, keylen, resultlen, rv, master; 1311 1312 name = NULL; 1313 uid = (uid_t)-1; 1314 how = (enum nss_lookup_type)mdata; 1315 switch (how) { 1316 case nss_lt_name: 1317 name = va_arg(ap, const char *); 1318 break; 1319 case nss_lt_id: 1320 uid = va_arg(ap, uid_t); 1321 break; 1322 case nss_lt_all: 1323 break; 1324 } 1325 pwd = va_arg(ap, struct passwd *); 1326 buffer = va_arg(ap, char *); 1327 bufsize = va_arg(ap, size_t); 1328 errnop = va_arg(ap, int *); 1329 *errnop = nis_getstate(&st); 1330 if (*errnop != 0) 1331 return (NS_UNAVAIL); 1332 if (st->domain[0] == '\0') { 1333 if (getdomainname(st->domain, sizeof(st->domain)) != 0) { 1334 *errnop = errno; 1335 return (NS_UNAVAIL); 1336 } 1337 } 1338 rv = nis_map(st->domain, how, map, sizeof(map), &master); 1339 if (rv != NS_SUCCESS) 1340 return (rv); 1341 result = NULL; 1342 do { 1343 rv = NS_NOTFOUND; 1344 switch (how) { 1345 case nss_lt_name: 1346 if (strlcpy(buffer, name, bufsize) >= bufsize) 1347 goto erange; 1348 break; 1349 case nss_lt_id: 1350 if (snprintf(buffer, bufsize, "%lu", 1351 (unsigned long)uid) >= bufsize) 1352 goto erange; 1353 break; 1354 case nss_lt_all: 1355 if (st->done) 1356 goto fin; 1357 break; 1358 } 1359 result = NULL; 1360 if (how == nss_lt_all) { 1361 if (st->key == NULL) 1362 rv = yp_first(st->domain, map, &st->key, 1363 &st->keylen, &result, &resultlen); 1364 else { 1365 key = st->key; 1366 keylen = st->keylen; 1367 st->key = NULL; 1368 rv = yp_next(st->domain, map, key, keylen, 1369 &st->key, &st->keylen, &result, 1370 &resultlen); 1371 free(key); 1372 } 1373 if (rv != 0) { 1374 free(result); 1375 free(st->key); 1376 st->key = NULL; 1377 if (rv == YPERR_NOMORE) 1378 st->done = 1; 1379 else 1380 rv = NS_UNAVAIL; 1381 goto fin; 1382 } 1383 } else { 1384 rv = yp_match(st->domain, map, buffer, strlen(buffer), 1385 &result, &resultlen); 1386 if (rv == YPERR_KEY) { 1387 rv = NS_NOTFOUND; 1388 continue; 1389 } else if (rv != 0) { 1390 free(result); 1391 rv = NS_UNAVAIL; 1392 continue; 1393 } 1394 } 1395 if (resultlen >= bufsize) { 1396 free(result); 1397 goto erange; 1398 } 1399 memcpy(buffer, result, resultlen); 1400 buffer[resultlen] = '\0'; 1401 free(result); 1402 rv = __pw_match_entry(buffer, resultlen, how, name, uid); 1403 if (rv == NS_SUCCESS) 1404 rv = __pw_parse_entry(buffer, resultlen, pwd, master, 1405 errnop); 1406 } while (how == nss_lt_all && !(rv & NS_TERMINATE)); 1407 fin: 1408 if (rv == NS_SUCCESS) { 1409 if (strstr(pwd->pw_passwd, "##") != NULL) { 1410 rv = nis_adjunct(st->domain, pwd->pw_name, 1411 &buffer[resultlen+1], bufsize-resultlen-1); 1412 if (rv < 0) 1413 goto erange; 1414 else if (rv == 0) 1415 pwd->pw_passwd = &buffer[resultlen+1]; 1416 } 1417 pwd->pw_fields &= ~_PWF_SOURCE; 1418 pwd->pw_fields |= _PWF_NIS; 1419 if (retval != NULL) 1420 *(struct passwd **)retval = pwd; 1421 rv = NS_SUCCESS; 1422 } 1423 return (rv); 1424 erange: 1425 *errnop = ERANGE; 1426 return (NS_RETURN); 1427 } 1428 #endif /* YP */ 1429 1430 1431 /* 1432 * compat backend 1433 */ 1434 static void 1435 compat_clear_template(struct passwd *template) 1436 { 1437 1438 free(template->pw_passwd); 1439 free(template->pw_gecos); 1440 free(template->pw_dir); 1441 free(template->pw_shell); 1442 memset(template, 0, sizeof(*template)); 1443 } 1444 1445 1446 static int 1447 compat_set_template(struct passwd *src, struct passwd *template) 1448 { 1449 1450 compat_clear_template(template); 1451 #ifdef PW_OVERRIDE_PASSWD 1452 if ((src->pw_fields & _PWF_PASSWD) && 1453 (template->pw_passwd = strdup(src->pw_passwd)) == NULL) 1454 goto enomem; 1455 #endif 1456 if (src->pw_fields & _PWF_UID) 1457 template->pw_uid = src->pw_uid; 1458 if (src->pw_fields & _PWF_GID) 1459 template->pw_gid = src->pw_gid; 1460 if ((src->pw_fields & _PWF_GECOS) && 1461 (template->pw_gecos = strdup(src->pw_gecos)) == NULL) 1462 goto enomem; 1463 if ((src->pw_fields & _PWF_DIR) && 1464 (template->pw_dir = strdup(src->pw_dir)) == NULL) 1465 goto enomem; 1466 if ((src->pw_fields & _PWF_SHELL) && 1467 (template->pw_shell = strdup(src->pw_shell)) == NULL) 1468 goto enomem; 1469 template->pw_fields = src->pw_fields; 1470 return (0); 1471 enomem: 1472 syslog(LOG_ERR, "getpwent memory allocation failure"); 1473 return (-1); 1474 } 1475 1476 1477 static int 1478 compat_use_template(struct passwd *pwd, struct passwd *template, char *buffer, 1479 size_t bufsize) 1480 { 1481 struct passwd hold; 1482 char *copy, *p, *q, *eob; 1483 size_t n; 1484 1485 /* We cannot know the layout of the password fields in `buffer', 1486 * so we have to copy everything. 1487 */ 1488 if (template->pw_fields == 0) /* nothing to fill-in */ 1489 return (0); 1490 n = 0; 1491 n += pwd->pw_name != NULL ? strlen(pwd->pw_name) + 1 : 0; 1492 n += pwd->pw_passwd != NULL ? strlen(pwd->pw_passwd) + 1 : 0; 1493 n += pwd->pw_class != NULL ? strlen(pwd->pw_class) + 1 : 0; 1494 n += pwd->pw_gecos != NULL ? strlen(pwd->pw_gecos) + 1 : 0; 1495 n += pwd->pw_dir != NULL ? strlen(pwd->pw_dir) + 1 : 0; 1496 n += pwd->pw_shell != NULL ? strlen(pwd->pw_shell) + 1 : 0; 1497 copy = malloc(n); 1498 if (copy == NULL) { 1499 syslog(LOG_ERR, "getpwent memory allocation failure"); 1500 return (ENOMEM); 1501 } 1502 p = copy; 1503 eob = ©[n]; 1504 #define COPY(field) do { \ 1505 if (pwd->field == NULL) \ 1506 hold.field = NULL; \ 1507 else { \ 1508 hold.field = p; \ 1509 p += strlcpy(p, pwd->field, eob-p) + 1; \ 1510 } \ 1511 } while (0) 1512 COPY(pw_name); 1513 COPY(pw_passwd); 1514 COPY(pw_class); 1515 COPY(pw_gecos); 1516 COPY(pw_dir); 1517 COPY(pw_shell); 1518 #undef COPY 1519 p = buffer; 1520 eob = &buffer[bufsize]; 1521 #define COPY(field, flag) do { \ 1522 q = (template->pw_fields & flag) ? template->field : hold.field; \ 1523 if (q == NULL) \ 1524 pwd->field = NULL; \ 1525 else { \ 1526 pwd->field = p; \ 1527 if ((n = strlcpy(p, q, eob-p)) >= eob-p) { \ 1528 free(copy); \ 1529 return (ERANGE); \ 1530 } \ 1531 p += n + 1; \ 1532 } \ 1533 } while (0) 1534 COPY(pw_name, 0); 1535 #ifdef PW_OVERRIDE_PASSWD 1536 COPY(pw_passwd, _PWF_PASSWD); 1537 #else 1538 COPY(pw_passwd, 0); 1539 #endif 1540 COPY(pw_class, 0); 1541 COPY(pw_gecos, _PWF_GECOS); 1542 COPY(pw_dir, _PWF_DIR); 1543 COPY(pw_shell, _PWF_SHELL); 1544 #undef COPY 1545 #define COPY(field, flag) do { \ 1546 if (template->pw_fields & flag) \ 1547 pwd->field = template->field; \ 1548 } while (0) 1549 COPY(pw_uid, _PWF_UID); 1550 COPY(pw_gid, _PWF_GID); 1551 #undef COPY 1552 free(copy); 1553 return (0); 1554 } 1555 1556 1557 static int 1558 compat_exclude(const char *name, DB **db) 1559 { 1560 DBT key, data; 1561 1562 if (*db == NULL && 1563 (*db = dbopen(NULL, O_RDWR, 600, DB_HASH, 0)) == NULL) 1564 return (errno); 1565 key.size = strlen(name); 1566 key.data = (char *)name; 1567 data.size = 0; 1568 data.data = NULL; 1569 1570 if ((*db)->put(*db, &key, &data, 0) == -1) 1571 return (errno); 1572 return (0); 1573 } 1574 1575 1576 static int 1577 compat_is_excluded(const char *name, DB *db) 1578 { 1579 DBT key, data; 1580 1581 if (db == NULL) 1582 return (0); 1583 key.size = strlen(name); 1584 key.data = (char *)name; 1585 return (db->get(db, &key, &data, 0) == 0); 1586 } 1587 1588 1589 static int 1590 compat_redispatch(struct compat_state *st, enum nss_lookup_type how, 1591 enum nss_lookup_type lookup_how, const char *name, const char *lookup_name, 1592 uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, int *errnop) 1593 { 1594 static const ns_src compatsrc[] = { 1595 #ifdef YP 1596 { NSSRC_NIS, NS_SUCCESS }, 1597 #endif 1598 { NULL, 0 } 1599 }; 1600 ns_dtab dtab[] = { 1601 #ifdef YP 1602 { NSSRC_NIS, nis_passwd, NULL }, 1603 #endif 1604 #ifdef HESIOD 1605 { NSSRC_DNS, dns_passwd, NULL }, 1606 #endif 1607 { NULL, NULL, NULL } 1608 }; 1609 void *discard; 1610 int e, i, rv; 1611 1612 for (i = 0; i < (int)(nitems(dtab) - 1); i++) 1613 dtab[i].mdata = (void *)lookup_how; 1614 more: 1615 pwd_init(pwd); 1616 switch (lookup_how) { 1617 case nss_lt_all: 1618 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT, 1619 "getpwent_r", compatsrc, pwd, buffer, bufsize, 1620 errnop); 1621 break; 1622 case nss_lt_id: 1623 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT, 1624 "getpwuid_r", compatsrc, uid, pwd, buffer, 1625 bufsize, errnop); 1626 break; 1627 case nss_lt_name: 1628 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT, 1629 "getpwnam_r", compatsrc, lookup_name, pwd, buffer, 1630 bufsize, errnop); 1631 break; 1632 default: 1633 return (NS_UNAVAIL); 1634 } 1635 if (rv != NS_SUCCESS) 1636 return (rv); 1637 if (compat_is_excluded(pwd->pw_name, st->exclude)) { 1638 if (how == nss_lt_all) 1639 goto more; 1640 return (NS_NOTFOUND); 1641 } 1642 e = compat_use_template(pwd, &st->template, buffer, bufsize); 1643 if (e != 0) { 1644 *errnop = e; 1645 if (e == ERANGE) 1646 return (NS_RETURN); 1647 else 1648 return (NS_UNAVAIL); 1649 } 1650 switch (how) { 1651 case nss_lt_name: 1652 if (strcmp(name, pwd->pw_name) != 0) 1653 return (NS_NOTFOUND); 1654 break; 1655 case nss_lt_id: 1656 if (uid != pwd->pw_uid) 1657 return (NS_NOTFOUND); 1658 break; 1659 default: 1660 break; 1661 } 1662 return (NS_SUCCESS); 1663 } 1664 1665 1666 static void 1667 compat_endstate(void *p) 1668 { 1669 struct compat_state *st; 1670 1671 if (p == NULL) 1672 return; 1673 st = (struct compat_state *)p; 1674 if (st->db != NULL) 1675 st->db->close(st->db); 1676 if (st->exclude != NULL) 1677 st->exclude->close(st->exclude); 1678 compat_clear_template(&st->template); 1679 free(p); 1680 } 1681 1682 1683 static int 1684 compat_setpwent(void *retval, void *mdata, va_list ap) 1685 { 1686 static const ns_src compatsrc[] = { 1687 #ifdef YP 1688 { NSSRC_NIS, NS_SUCCESS }, 1689 #endif 1690 { NULL, 0 } 1691 }; 1692 ns_dtab dtab[] = { 1693 #ifdef YP 1694 { NSSRC_NIS, nis_setpwent, NULL }, 1695 #endif 1696 #ifdef HESIOD 1697 { NSSRC_DNS, dns_setpwent, NULL }, 1698 #endif 1699 { NULL, NULL, NULL } 1700 }; 1701 struct compat_state *st; 1702 int rv, stayopen; 1703 1704 #define set_setent(x, y) do { \ 1705 int i; \ 1706 for (i = 0; i < (int)(nitems(x) - 1); i++) \ 1707 x[i].mdata = (void *)y; \ 1708 } while (0) 1709 1710 rv = compat_getstate(&st); 1711 if (rv != 0) 1712 return (NS_UNAVAIL); 1713 switch ((enum constants)mdata) { 1714 case SETPWENT: 1715 stayopen = va_arg(ap, int); 1716 st->keynum = 0; 1717 if (stayopen) 1718 st->db = pwdbopen(&st->version); 1719 st->stayopen = stayopen; 1720 set_setent(dtab, mdata); 1721 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "setpwent", 1722 compatsrc, 0); 1723 break; 1724 case ENDPWENT: 1725 if (st->db != NULL) { 1726 (void)st->db->close(st->db); 1727 st->db = NULL; 1728 } 1729 set_setent(dtab, mdata); 1730 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "endpwent", 1731 compatsrc, 0); 1732 break; 1733 default: 1734 break; 1735 } 1736 return (NS_UNAVAIL); 1737 #undef set_setent 1738 } 1739 1740 1741 static int 1742 compat_passwd(void *retval, void *mdata, va_list ap) 1743 { 1744 char keybuf[MAXLOGNAME + 1]; 1745 DBT key, entry; 1746 struct compat_state *st; 1747 enum nss_lookup_type how; 1748 const char *name; 1749 struct passwd *pwd; 1750 char *buffer, *pw_name; 1751 char *host, *user, *domain; 1752 size_t bufsize; 1753 uid_t uid; 1754 uint32_t store; 1755 int rv, from_compat, stayopen, *errnop; 1756 1757 from_compat = 0; 1758 name = NULL; 1759 uid = (uid_t)-1; 1760 how = (enum nss_lookup_type)mdata; 1761 switch (how) { 1762 case nss_lt_name: 1763 name = va_arg(ap, const char *); 1764 break; 1765 case nss_lt_id: 1766 uid = va_arg(ap, uid_t); 1767 break; 1768 case nss_lt_all: 1769 break; 1770 default: 1771 rv = NS_NOTFOUND; 1772 goto fin; 1773 } 1774 pwd = va_arg(ap, struct passwd *); 1775 buffer = va_arg(ap, char *); 1776 bufsize = va_arg(ap, size_t); 1777 errnop = va_arg(ap, int *); 1778 *errnop = compat_getstate(&st); 1779 if (*errnop != 0) 1780 return (NS_UNAVAIL); 1781 if (how == nss_lt_all && st->keynum < 0) { 1782 rv = NS_NOTFOUND; 1783 goto fin; 1784 } 1785 if (st->db == NULL && 1786 (st->db = pwdbopen(&st->version)) == NULL) { 1787 *errnop = errno; 1788 rv = NS_UNAVAIL; 1789 goto fin; 1790 } 1791 if (how == nss_lt_all) { 1792 if (st->keynum < 0) { 1793 rv = NS_NOTFOUND; 1794 goto fin; 1795 } 1796 stayopen = 1; 1797 } else { 1798 st->keynum = 0; 1799 stayopen = st->stayopen; 1800 } 1801 docompat: 1802 rv = NS_NOTFOUND; 1803 switch (st->compat) { 1804 case COMPAT_MODE_ALL: 1805 rv = compat_redispatch(st, how, how, name, name, uid, pwd, 1806 buffer, bufsize, errnop); 1807 if (rv != NS_SUCCESS) 1808 st->compat = COMPAT_MODE_OFF; 1809 break; 1810 case COMPAT_MODE_NETGROUP: 1811 /* XXX getnetgrent is not thread-safe. */ 1812 do { 1813 rv = getnetgrent(&host, &user, &domain); 1814 if (rv == 0) { 1815 endnetgrent(); 1816 st->compat = COMPAT_MODE_OFF; 1817 rv = NS_NOTFOUND; 1818 continue; 1819 } else if (user == NULL || user[0] == '\0') 1820 continue; 1821 rv = compat_redispatch(st, how, nss_lt_name, name, 1822 user, uid, pwd, buffer, bufsize, errnop); 1823 } while (st->compat == COMPAT_MODE_NETGROUP && 1824 !(rv & NS_TERMINATE)); 1825 break; 1826 case COMPAT_MODE_NAME: 1827 rv = compat_redispatch(st, how, nss_lt_name, name, st->name, 1828 uid, pwd, buffer, bufsize, errnop); 1829 free(st->name); 1830 st->name = NULL; 1831 st->compat = COMPAT_MODE_OFF; 1832 break; 1833 default: 1834 break; 1835 } 1836 if (rv & NS_TERMINATE) { 1837 from_compat = 1; 1838 goto fin; 1839 } 1840 key.data = keybuf; 1841 rv = NS_NOTFOUND; 1842 while (st->keynum >= 0) { 1843 st->keynum++; 1844 if (st->version < _PWD_CURRENT_VERSION) { 1845 memcpy(&keybuf[1], &st->keynum, sizeof(st->keynum)); 1846 key.size = sizeof(st->keynum) + 1; 1847 } else { 1848 store = htonl(st->keynum); 1849 memcpy(&keybuf[1], &store, sizeof(store)); 1850 key.size = sizeof(store) + 1; 1851 } 1852 keybuf[0] = _PW_VERSIONED(_PW_KEYBYNUM, st->version); 1853 rv = st->db->get(st->db, &key, &entry, 0); 1854 if (rv < 0 || rv > 1) { /* should never return > 1 */ 1855 *errnop = errno; 1856 rv = NS_UNAVAIL; 1857 goto fin; 1858 } else if (rv == 1) { 1859 st->keynum = -1; 1860 rv = NS_NOTFOUND; 1861 goto fin; 1862 } 1863 pw_name = (char *)entry.data; 1864 switch (pw_name[0]) { 1865 case '+': 1866 switch (pw_name[1]) { 1867 case '\0': 1868 st->compat = COMPAT_MODE_ALL; 1869 break; 1870 case '@': 1871 setnetgrent(&pw_name[2]); 1872 st->compat = COMPAT_MODE_NETGROUP; 1873 break; 1874 default: 1875 st->name = strdup(&pw_name[1]); 1876 if (st->name == NULL) { 1877 syslog(LOG_ERR, 1878 "getpwent memory allocation failure"); 1879 *errnop = ENOMEM; 1880 rv = NS_UNAVAIL; 1881 break; 1882 } 1883 st->compat = COMPAT_MODE_NAME; 1884 } 1885 if (entry.size > bufsize) { 1886 *errnop = ERANGE; 1887 rv = NS_RETURN; 1888 goto fin; 1889 } 1890 memcpy(buffer, entry.data, entry.size); 1891 rv = pwdb_versions[st->version].parse(buffer, 1892 entry.size, pwd, errnop); 1893 if (rv != NS_SUCCESS) 1894 ; 1895 else if (compat_set_template(pwd, &st->template) < 0) { 1896 *errnop = ENOMEM; 1897 rv = NS_UNAVAIL; 1898 goto fin; 1899 } 1900 goto docompat; 1901 case '-': 1902 switch (pw_name[1]) { 1903 case '\0': 1904 /* XXX Maybe syslog warning */ 1905 continue; 1906 case '@': 1907 setnetgrent(&pw_name[2]); 1908 while (getnetgrent(&host, &user, &domain) != 1909 0) { 1910 if (user != NULL && user[0] != '\0') 1911 compat_exclude(user, 1912 &st->exclude); 1913 } 1914 endnetgrent(); 1915 continue; 1916 default: 1917 compat_exclude(&pw_name[1], &st->exclude); 1918 continue; 1919 } 1920 break; 1921 default: 1922 break; 1923 } 1924 if (compat_is_excluded((char *)entry.data, st->exclude)) 1925 continue; 1926 rv = pwdb_versions[st->version].match(entry.data, entry.size, 1927 how, name, uid); 1928 if (rv == NS_RETURN) 1929 break; 1930 else if (rv != NS_SUCCESS) 1931 continue; 1932 if (entry.size > bufsize) { 1933 *errnop = ERANGE; 1934 rv = NS_RETURN; 1935 break; 1936 } 1937 memcpy(buffer, entry.data, entry.size); 1938 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd, 1939 errnop); 1940 if (rv & NS_TERMINATE) 1941 break; 1942 } 1943 fin: 1944 if (st->db != NULL && !stayopen) { 1945 (void)st->db->close(st->db); 1946 st->db = NULL; 1947 } 1948 if (rv == NS_SUCCESS) { 1949 if (!from_compat) { 1950 pwd->pw_fields &= ~_PWF_SOURCE; 1951 pwd->pw_fields |= _PWF_FILES; 1952 } 1953 if (retval != NULL) 1954 *(struct passwd **)retval = pwd; 1955 } 1956 return (rv); 1957 } 1958 1959 1960 /* 1961 * common passwd line matching and parsing 1962 */ 1963 int 1964 __pw_match_entry(const char *entry, size_t entrysize, enum nss_lookup_type how, 1965 const char *name, uid_t uid) 1966 { 1967 const char *p, *eom; 1968 char *q; 1969 size_t len; 1970 unsigned long m; 1971 1972 eom = entry + entrysize; 1973 for (p = entry; p < eom; p++) 1974 if (*p == ':') 1975 break; 1976 if (*p != ':') 1977 return (NS_NOTFOUND); 1978 if (how == nss_lt_all) 1979 return (NS_SUCCESS); 1980 if (how == nss_lt_name) { 1981 len = strlen(name); 1982 if (len == (p - entry) && memcmp(name, entry, len) == 0) 1983 return (NS_SUCCESS); 1984 else 1985 return (NS_NOTFOUND); 1986 } 1987 for (p++; p < eom; p++) 1988 if (*p == ':') 1989 break; 1990 if (*p != ':') 1991 return (NS_NOTFOUND); 1992 m = strtoul(++p, &q, 10); 1993 if (q[0] != ':' || (uid_t)m != uid) 1994 return (NS_NOTFOUND); 1995 else 1996 return (NS_SUCCESS); 1997 } 1998 1999 2000 /* XXX buffer must be NUL-terminated. errnop is not set correctly. */ 2001 int 2002 __pw_parse_entry(char *buffer, size_t bufsize __unused, struct passwd *pwd, 2003 int master, int *errnop __unused) 2004 { 2005 2006 if (__pw_scan(buffer, pwd, master ? _PWSCAN_MASTER : 0) == 0) 2007 return (NS_NOTFOUND); 2008 else 2009 return (NS_SUCCESS); 2010 } 2011