enum nss_status _nss_nis_setpwent (int stayopen) { enum nss_status result = NSS_STATUS_SUCCESS; __libc_lock_lock (lock); internal_nis_endpwent (); if (_nsl_default_nss () & NSS_FLAG_SETENT_BATCH_READ) result = internal_nis_setpwent (); __libc_lock_unlock (lock); return result; }
enum nss_status _nss_nis_initgroups_dyn (const char *user, gid_t group, long int *start, long int *size, gid_t **groupsp, long int limit, int *errnop) { /* We always need the domain name. */ char *domainname; if (yp_get_default_domain (&domainname)) return NSS_STATUS_UNAVAIL; /* Check whether we are supposed to use the netid.byname map. */ if (_nsl_default_nss () & NSS_FLAG_NETID_AUTHORITATIVE) { /* We need the user ID. */ uid_t uid; if (get_uid (user, &uid) == 0 && initgroups_netid (uid, group, start, size, groupsp, limit, errnop, domainname) == NSS_STATUS_SUCCESS) return NSS_STATUS_SUCCESS; } struct group grpbuf, *g; size_t buflen = sysconf (_SC_GETPW_R_SIZE_MAX); char *tmpbuf; enum nss_status status; intern_t intern = { NULL, NULL, 0 }; gid_t *groups = *groupsp; status = internal_setgrent (domainname, &intern); if (status != NSS_STATUS_SUCCESS) return status; tmpbuf = __alloca (buflen); while (1) { while ((status = internal_getgrent_r (&grpbuf, tmpbuf, buflen, errnop, &intern)) == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) tmpbuf = extend_alloca (tmpbuf, buflen, 2 * buflen); if (status != NSS_STATUS_SUCCESS) { if (status == NSS_STATUS_NOTFOUND) status = NSS_STATUS_SUCCESS; goto done; } g = &grpbuf; if (g->gr_gid != group) { char **m; for (m = g->gr_mem; *m != NULL; ++m) if (strcmp (*m, user) == 0) { /* Matches user. Insert this group. */ if (*start == *size) { /* Need a bigger buffer. */ gid_t *newgroups; long int newsize; if (limit > 0 && *size == limit) /* We reached the maximum. */ goto done; if (limit <= 0) newsize = 2 * *size; else newsize = MIN (limit, 2 * *size); newgroups = realloc (groups, newsize * sizeof (*groups)); if (newgroups == NULL) { status = NSS_STATUS_TRYAGAIN; *errnop = errno; goto done; } *groupsp = groups = newgroups; *size = newsize; } groups[*start] = g->gr_gid; *start += 1; break; } } } done: while (intern.start != NULL) { intern.next = intern.start; intern.start = intern.start->next; free (intern.next); } return status; }
enum nss_status _nss_nis_getpwuid_r (uid_t uid, struct passwd *pwd, char *buffer, size_t buflen, int *errnop) { char *domain; if (__glibc_unlikely (yp_get_default_domain (&domain))) return NSS_STATUS_UNAVAIL; char buf[32]; int nlen = snprintf (buf, sizeof (buf), "%lu", (unsigned long int) uid); char *result; int len; int yperr = yp_match (domain, "passwd.byuid", buf, nlen, &result, &len); if (__glibc_unlikely (yperr != YPERR_SUCCESS)) { enum nss_status retval = yperr2nss (yperr); if (retval == NSS_STATUS_TRYAGAIN) *errnop = errno; return retval; } /* Check for adjunct style secret passwords. They can be recognized by a password starting with "##". We do not use it if the passwd.adjunct.byname table is supposed to be used as a shadow.byname replacement. */ char *result2; int len2; size_t namelen; char *p = strchr (result, ':'); if ((_nsl_default_nss () & NSS_FLAG_ADJUNCT_AS_SHADOW) == 0 && p != NULL /* This better should be true in all cases. */ && p[1] == '#' && p[2] == '#' && (namelen = p - result, yp_match (domain, "passwd.adjunct.byname", result, namelen, &result2, &len2)) == YPERR_SUCCESS) { /* We found a passwd.adjunct.byname entry. Merge encrypted password therein into original result. */ char *encrypted = strchr (result2, ':'); char *endp; size_t restlen; if (encrypted == NULL || (endp = strchr (++encrypted, ':')) == NULL || (p = strchr (p + 1, ':')) == NULL) { /* Invalid format of the entry. This never should happen unless the data from which the NIS table is generated is wrong. We simply ignore it. */ free (result2); goto non_adjunct; } restlen = len - (p - result); if (__builtin_expect ((size_t) (namelen + (endp - encrypted) + restlen + 2) > buflen, 0)) { free (result2); free (result); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, result, namelen), ":", 1), encrypted, endp - encrypted), p, restlen + 1); p = buffer; free (result2); } else { non_adjunct: if (__glibc_unlikely ((size_t) (len + 1) > buflen)) { free (result); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } p = strncpy (buffer, result, len); buffer[len] = '\0'; } while (isspace (*p)) ++p; free (result); int parse_res = _nss_files_parse_pwent (p, pwd, (void *) buffer, buflen, errnop); if (__glibc_unlikely (parse_res < 1)) { if (parse_res == -1) return NSS_STATUS_TRYAGAIN; else return NSS_STATUS_NOTFOUND; } else return NSS_STATUS_SUCCESS; }
static enum nss_status internal_nis_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen, int *errnop) { /* If we read the entire database at setpwent time we just iterate over the data we have in memory. */ bool batch_read = intern.start != NULL; char *domain = NULL; if (!batch_read && __builtin_expect (yp_get_default_domain (&domain), 0)) return NSS_STATUS_UNAVAIL; /* Get the next entry until we found a correct one. */ int parse_res; do { char *result; char *outkey; int len; int keylen; if (batch_read) { struct response_t *bucket; handle_batch_read: bucket = intern.next; if (__glibc_unlikely (intern.offset >= bucket->size)) { if (bucket->next == NULL) return NSS_STATUS_NOTFOUND; /* We look at all the content in the current bucket. Go on to the next. */ bucket = intern.next = bucket->next; intern.offset = 0; } for (result = &bucket->mem[intern.offset]; isspace (*result); ++result) ++intern.offset; len = strlen (result); } else { int yperr; if (new_start) { /* Maybe we should read the database in one piece. */ if ((_nsl_default_nss () & NSS_FLAG_SETENT_BATCH_READ) && internal_nis_setpwent () == NSS_STATUS_SUCCESS && intern.start != NULL) { batch_read = true; goto handle_batch_read; } yperr = yp_first (domain, "passwd.byname", &outkey, &keylen, &result, &len); } else yperr = yp_next (domain, "passwd.byname", oldkey, oldkeylen, &outkey, &keylen, &result, &len); if (__glibc_unlikely (yperr != YPERR_SUCCESS)) { enum nss_status retval = yperr2nss (yperr); if (retval == NSS_STATUS_TRYAGAIN) *errnop = errno; return retval; } } /* Check for adjunct style secret passwords. They can be recognized by a password starting with "##". We do not use it if the passwd.adjunct.byname table is supposed to be used as a shadow.byname replacement. */ char *p = strchr (result, ':'); size_t namelen; char *result2; int len2; if ((_nsl_default_nss () & NSS_FLAG_ADJUNCT_AS_SHADOW) == 0 && p != NULL /* This better should be true in all cases. */ && p[1] == '#' && p[2] == '#' && (namelen = p - result, yp_match (domain, "passwd.adjunct.byname", result, namelen, &result2, &len2)) == YPERR_SUCCESS) { /* We found a passwd.adjunct.byname entry. Merge encrypted password therein into original result. */ char *encrypted = strchr (result2, ':'); char *endp; size_t restlen; if (encrypted == NULL || (endp = strchr (++encrypted, ':')) == NULL || (p = strchr (p + 1, ':')) == NULL) { /* Invalid format of the entry. This never should happen unless the data from which the NIS table is generated is wrong. We simply ignore it. */ free (result2); goto non_adjunct; } restlen = len - (p - result); if (__builtin_expect ((size_t) (namelen + (endp - encrypted) + restlen + 2) > buflen, 0)) { free (result2); free (result); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } mempcpy (mempcpy (mempcpy (mempcpy (buffer, result, namelen), ":", 1), encrypted, endp - encrypted), p, restlen + 1); p = buffer; free (result2); } else { non_adjunct: if (__glibc_unlikely ((size_t) (len + 1) > buflen)) { free (result); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } p = buffer; *((char *) mempcpy (buffer, result, len)) = '\0'; } while (isspace (*p)) ++p; if (!batch_read) free (result); parse_res = _nss_files_parse_pwent (p, pwd, (void *) buffer, buflen, errnop); if (__glibc_unlikely (parse_res == -1)) { if (!batch_read) free (outkey); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } if (batch_read) intern.offset += len + 1; else { free (oldkey); oldkey = outkey; oldkeylen = keylen; new_start = false; } } while (parse_res < 1); return NSS_STATUS_SUCCESS; }
static enum nss_status internal_nis_getgrent_r (struct group *grp, char *buffer, size_t buflen, int *errnop) { /* If we read the entire database at setpwent time we just iterate over the data we have in memory. */ bool batch_read = intern.start != NULL; char *domain = NULL; if (!batch_read && __builtin_expect (yp_get_default_domain (&domain), 0)) return NSS_STATUS_UNAVAIL; /* Get the next entry until we found a correct one. */ int parse_res; do { char *result; char *outkey; int len; int keylen; if (batch_read) { struct response_t *bucket; handle_batch_read: bucket = intern.next; if (__builtin_expect (intern.offset >= bucket->size, 0)) { if (bucket->next == NULL) return NSS_STATUS_NOTFOUND; /* We look at all the content in the current bucket. Go on to the next. */ bucket = intern.next = bucket->next; intern.offset = 0; } for (result = &bucket->mem[intern.offset]; isspace (*result); ++result) ++intern.offset; len = strlen (result); } else { int yperr; if (new_start) { /* Maybe we should read the database in one piece. */ if ((_nsl_default_nss () & NSS_FLAG_SETENT_BATCH_READ) && internal_nis_setgrent () == NSS_STATUS_SUCCESS && intern.start != NULL) { batch_read = true; goto handle_batch_read; } yperr = yp_first (domain, "group.byname", &outkey, &keylen, &result, &len); } else yperr = yp_next (domain, "group.byname", oldkey, oldkeylen, &outkey, &keylen, &result, &len); if (__builtin_expect (yperr != YPERR_SUCCESS, 0)) { enum nss_status retval = yperr2nss (yperr); if (retval == NSS_STATUS_TRYAGAIN) *errnop = errno; return retval; } } if (__builtin_expect ((size_t) (len + 1) > buflen, 0)) { if (!batch_read) free (result); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } char *p = strncpy (buffer, result, len); buffer[len] = '\0'; while (isspace (*p)) ++p; if (!batch_read) free (result); parse_res = _nss_files_parse_grent (p, grp, (void *) buffer, buflen, errnop); if (__builtin_expect (parse_res == -1, 0)) { if (!batch_read) free (outkey); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } if (batch_read) intern.offset += len + 1; else { free (oldkey); oldkey = outkey; oldkeylen = keylen; new_start = 0; } } while (parse_res < 1); return NSS_STATUS_SUCCESS; }
enum nss_status _nss_nis_getservbyname_r (const char *name, const char *protocol, struct servent *serv, char *buffer, size_t buflen, int *errnop) { if (name == NULL) { *errnop = EINVAL; return NSS_STATUS_UNAVAIL; } char *domain; if (__glibc_unlikely (yp_get_default_domain (&domain))) return NSS_STATUS_UNAVAIL; /* If the protocol is given, we could try if our NIS server knows about services.byservicename map. If yes, we only need one query. */ size_t keylen = strlen (name) + (protocol ? 1 + strlen (protocol) : 0); /* Limit key length to the maximum size of an RPC packet. */ if (keylen > UDPMSGSIZE) { *errnop = ERANGE; return NSS_STATUS_UNAVAIL; } char key[keylen + 1]; /* key is: "name/proto" */ char *cp = stpcpy (key, name); if (protocol != NULL) { *cp++ = '/'; strcpy (cp, protocol); } char *result; int int_len; int status = yp_match (domain, "services.byservicename", key, keylen, &result, &int_len); size_t len = int_len; /* If we found the key, it's ok and parse the result. If not, fall through and parse the complete table. */ if (__glibc_likely (status == YPERR_SUCCESS)) { if (__glibc_unlikely ((size_t) (len + 1) > buflen)) { free (result); *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } char *p = strncpy (buffer, result, len); buffer[len] = '\0'; while (isspace (*p)) ++p; free (result); int parse_res = _nss_files_parse_servent (p, serv, (void *) buffer, buflen, errnop); if (__glibc_unlikely (parse_res < 0)) { if (parse_res == -1) return NSS_STATUS_TRYAGAIN; else return NSS_STATUS_NOTFOUND; } else return NSS_STATUS_SUCCESS; } /* Check if it is safe to rely on services.byservicename. */ if (_nsl_default_nss () & NSS_FLAG_SERVICES_AUTHORITATIVE) return yperr2nss (status); struct ypall_callback ypcb; struct search_t req; ypcb.foreach = dosearch; ypcb.data = (char *) &req; req.name = name; req.proto = protocol; req.port = -1; req.serv = serv; req.buffer = buffer; req.buflen = buflen; req.errnop = errnop; req.status = NSS_STATUS_NOTFOUND; status = yp_all (domain, "services.byname", &ypcb); if (__glibc_unlikely (status != YPERR_SUCCESS)) return yperr2nss (status); return req.status; }