1 /*-
2 * Copyright (c) 2003 Networks Associates Technology, Inc.
3 * All rights reserved.
4 *
5 * This software was developed for the FreeBSD Project by
6 * Jacques A. Vidrine, Safeport Network Services, and Network
7 * Associates Laboratories, the Security Research Division of Network
8 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * $FreeBSD: src/lib/libc/gen/getpwent.c,v 1.90 2006/04/28 12:03:35 ume Exp $
33 */
34
35 #include "namespace.h"
36 #include <sys/param.h>
37 #ifdef YP
38 #include <rpc/rpc.h>
39 #include <rpcsvc/yp_prot.h>
40 #include <rpcsvc/ypclnt.h>
41 #endif
42 #include <arpa/inet.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #ifdef HESIOD
46 #include <hesiod.h>
47 #endif
48 #include <netdb.h>
49 #include <nsswitch.h>
50 #include <pthread.h>
51 #include <pthread_np.h>
52 #include <pwd.h>
53 #include <stdlib.h>
54 #include <stdio.h>
55 #include <string.h>
56 #include <syslog.h>
57 #include <unistd.h>
58 #include "un-namespace.h"
59 #include <db.h>
60 #include "libc_private.h"
61 #include "pw_scan.h"
62 #include "nss_tls.h"
63 #ifdef NS_CACHING
64 #include "nscache.h"
65 #endif
66
67 #ifndef CTASSERT
68 #define CTASSERT(x) _CTASSERT(x, __LINE__)
69 #define _CTASSERT(x, y) __CTASSERT(x, y)
70 #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1]
71 #endif
72
73 /* Counter as stored in /etc/pwd.db */
74 typedef int pwkeynum;
75
76 CTASSERT(MAXLOGNAME > sizeof(uid_t));
77 CTASSERT(MAXLOGNAME > sizeof(pwkeynum));
78
79 enum constants {
80 PWD_STORAGE_INITIAL = 1 << 10, /* 1 KByte */
81 PWD_STORAGE_MAX = 1 << 20, /* 1 MByte */
82 SETPWENT = 1,
83 ENDPWENT = 2,
84 HESIOD_NAME_MAX = 256
85 };
86
87 static const ns_src defaultsrc[] = {
88 { NSSRC_COMPAT, NS_SUCCESS },
89 { NULL, 0 }
90 };
91
92 int __pw_match_entry(const char *, size_t, enum nss_lookup_type,
93 const char *, uid_t);
94 int __pw_parse_entry(char *, size_t, struct passwd *, int, int *errnop);
95
96 static void pwd_init(struct passwd *);
97
98 union key {
99 const char *name;
100 uid_t uid;
101 };
102
103 static struct passwd *getpw(int (*fn)(union key, struct passwd *, char *,
104 size_t, struct passwd **), union key);
105 static int wrap_getpwnam_r(union key, struct passwd *, char *,
106 size_t, struct passwd **);
107 static int wrap_getpwuid_r(union key, struct passwd *, char *, size_t,
108 struct passwd **);
109 static int wrap_getpwent_r(union key, struct passwd *, char *, size_t,
110 struct passwd **);
111
112 static int pwdb_match_entry_v3(char *, size_t, enum nss_lookup_type,
113 const char *, uid_t);
114 static int pwdb_parse_entry_v3(char *, size_t, struct passwd *, int *);
115 static int pwdb_match_entry_v4(char *, size_t, enum nss_lookup_type,
116 const char *, uid_t);
117 static int pwdb_parse_entry_v4(char *, size_t, struct passwd *, int *);
118
119
120 struct {
121 int (*match)(char *, size_t, enum nss_lookup_type, const char *,
122 uid_t);
123 int (*parse)(char *, size_t, struct passwd *, int *);
124 } pwdb_versions[] = {
125 { NULL, NULL }, /* version 0 */
126 { NULL, NULL }, /* version 1 */
127 { NULL, NULL }, /* version 2 */
128 { pwdb_match_entry_v3, pwdb_parse_entry_v3 }, /* version 3 */
129 { pwdb_match_entry_v4, pwdb_parse_entry_v4 }, /* version 4 */
130 };
131
132
133 struct files_state {
134 DB *db;
135 pwkeynum keynum;
136 int stayopen;
137 int version;
138 };
139 static void files_endstate(void *);
140 NSS_TLS_HANDLING(files);
141 static DB *pwdbopen(int *);
142 static void files_endstate(void *);
143 static int files_setpwent(void *, void *, va_list);
144 static int files_passwd(void *, void *, va_list);
145
146
147 #ifdef HESIOD
148 struct dns_state {
149 long counter;
150 };
151 static void dns_endstate(void *);
152 NSS_TLS_HANDLING(dns);
153 static int dns_setpwent(void *, void *, va_list);
154 static int dns_passwd(void *, void *, va_list);
155 #endif
156
157
158 #ifdef YP
159 struct nis_state {
160 char domain[MAXHOSTNAMELEN];
161 int done;
162 char *key;
163 int keylen;
164 };
165 static void nis_endstate(void *);
166 NSS_TLS_HANDLING(nis);
167 static int nis_setpwent(void *, void *, va_list);
168 static int nis_passwd(void *, void *, va_list);
169 static int nis_map(char *, enum nss_lookup_type, char *, size_t, int *);
170 static int nis_adjunct(char *, const char *, char *, size_t);
171 #endif
172
173
174 struct compat_state {
175 DB *db;
176 pwkeynum keynum;
177 int stayopen;
178 int version;
179 DB *exclude;
180 struct passwd template;
181 char *name;
182 enum _compat {
183 COMPAT_MODE_OFF = 0,
184 COMPAT_MODE_ALL,
185 COMPAT_MODE_NAME,
186 COMPAT_MODE_NETGROUP
187 } compat;
188 };
189 static void compat_endstate(void *);
190 NSS_TLS_HANDLING(compat);
191 static int compat_setpwent(void *, void *, va_list);
192 static int compat_passwd(void *, void *, va_list);
193 static void compat_clear_template(struct passwd *);
194 static int compat_set_template(struct passwd *, struct passwd *);
195 static int compat_use_template(struct passwd *, struct passwd *, char *,
196 size_t);
197 static int compat_redispatch(struct compat_state *, enum nss_lookup_type,
198 enum nss_lookup_type, const char *, const char *, uid_t,
199 struct passwd *, char *, size_t, int *);
200
201 #ifdef NS_CACHING
202 static int pwd_id_func(char *, size_t *, va_list ap, void *);
203 static int pwd_marshal_func(char *, size_t *, void *, va_list, void *);
204 static int pwd_unmarshal_func(char *, size_t, void *, va_list, void *);
205
206 static int
pwd_id_func(char * buffer,size_t * buffer_size,va_list ap,void * cache_mdata)207 pwd_id_func(char *buffer, size_t *buffer_size, va_list ap, void *cache_mdata)
208 {
209 char *name;
210 uid_t uid;
211 size_t size, desired_size;
212 int res = NS_UNAVAIL;
213 enum nss_lookup_type lookup_type;
214
215 lookup_type = (enum nss_lookup_type)cache_mdata;
216 switch (lookup_type) {
217 case nss_lt_name:
218 name = va_arg(ap, char *);
219 size = strlen(name);
220 desired_size = sizeof(enum nss_lookup_type) + size + 1;
221 if (desired_size > *buffer_size) {
222 res = NS_RETURN;
223 goto fin;
224 }
225
226 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
227 memcpy(buffer + sizeof(enum nss_lookup_type), name, size + 1);
228
229 res = NS_SUCCESS;
230 break;
231 case nss_lt_id:
232 uid = va_arg(ap, uid_t);
233 desired_size = sizeof(enum nss_lookup_type) + sizeof(uid_t);
234 if (desired_size > *buffer_size) {
235 res = NS_RETURN;
236 goto fin;
237 }
238
239 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
240 memcpy(buffer + sizeof(enum nss_lookup_type), &uid,
241 sizeof(uid_t));
242
243 res = NS_SUCCESS;
244 break;
245 default:
246 /* should be unreachable */
247 return (NS_UNAVAIL);
248 }
249
250 fin:
251 *buffer_size = desired_size;
252 return (res);
253 }
254
255 static int
pwd_marshal_func(char * buffer,size_t * buffer_size,void * retval __unused,va_list ap,void * cache_mdata)256 pwd_marshal_func(char *buffer, size_t *buffer_size, void *retval __unused,
257 va_list ap, void *cache_mdata)
258 {
259 char *name __unused;
260 uid_t uid __unused;
261 struct passwd *pwd;
262 char *orig_buf __unused;
263 size_t orig_buf_size __unused;
264
265 struct passwd new_pwd;
266 size_t desired_size, size;
267 char *p;
268
269 switch ((enum nss_lookup_type)cache_mdata) {
270 case nss_lt_name:
271 name = va_arg(ap, char *);
272 break;
273 case nss_lt_id:
274 uid = va_arg(ap, uid_t);
275 break;
276 case nss_lt_all:
277 break;
278 default:
279 /* should be unreachable */
280 return (NS_UNAVAIL);
281 }
282
283 pwd = va_arg(ap, struct passwd *);
284 orig_buf = va_arg(ap, char *);
285 orig_buf_size = va_arg(ap, size_t);
286
287 desired_size = sizeof(struct passwd) + sizeof(char *) +
288 strlen(pwd->pw_name) + 1;
289 if (pwd->pw_passwd != NULL)
290 desired_size += strlen(pwd->pw_passwd) + 1;
291 if (pwd->pw_class != NULL)
292 desired_size += strlen(pwd->pw_class) + 1;
293 if (pwd->pw_gecos != NULL)
294 desired_size += strlen(pwd->pw_gecos) + 1;
295 if (pwd->pw_dir != NULL)
296 desired_size += strlen(pwd->pw_dir) + 1;
297 if (pwd->pw_shell != NULL)
298 desired_size += strlen(pwd->pw_shell) + 1;
299
300 if (*buffer_size < desired_size) {
301 /* this assignment is here for future use */
302 *buffer_size = desired_size;
303 return (NS_RETURN);
304 }
305
306 memcpy(&new_pwd, pwd, sizeof(struct passwd));
307 memset(buffer, 0, desired_size);
308
309 *buffer_size = desired_size;
310 p = buffer + sizeof(struct passwd) + sizeof(char *);
311 memcpy(buffer + sizeof(struct passwd), &p, sizeof(char *));
312
313 if (new_pwd.pw_name != NULL) {
314 size = strlen(new_pwd.pw_name);
315 memcpy(p, new_pwd.pw_name, size);
316 new_pwd.pw_name = p;
317 p += size + 1;
318 }
319
320 if (new_pwd.pw_passwd != NULL) {
321 size = strlen(new_pwd.pw_passwd);
322 memcpy(p, new_pwd.pw_passwd, size);
323 new_pwd.pw_passwd = p;
324 p += size + 1;
325 }
326
327 if (new_pwd.pw_class != NULL) {
328 size = strlen(new_pwd.pw_class);
329 memcpy(p, new_pwd.pw_class, size);
330 new_pwd.pw_class = p;
331 p += size + 1;
332 }
333
334 if (new_pwd.pw_gecos != NULL) {
335 size = strlen(new_pwd.pw_gecos);
336 memcpy(p, new_pwd.pw_gecos, size);
337 new_pwd.pw_gecos = p;
338 p += size + 1;
339 }
340
341 if (new_pwd.pw_dir != NULL) {
342 size = strlen(new_pwd.pw_dir);
343 memcpy(p, new_pwd.pw_dir, size);
344 new_pwd.pw_dir = p;
345 p += size + 1;
346 }
347
348 if (new_pwd.pw_shell != NULL) {
349 size = strlen(new_pwd.pw_shell);
350 memcpy(p, new_pwd.pw_shell, size);
351 new_pwd.pw_shell = p;
352 p += size + 1;
353 }
354
355 memcpy(buffer, &new_pwd, sizeof(struct passwd));
356 return (NS_SUCCESS);
357 }
358
359 static int
pwd_unmarshal_func(char * buffer,size_t buffer_size,void * retval,va_list ap,void * cache_mdata)360 pwd_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
361 void *cache_mdata)
362 {
363 char *name __unused;
364 uid_t uid __unused;
365 struct passwd *pwd;
366 char *orig_buf;
367 size_t orig_buf_size;
368 int *ret_errno;
369
370 char *p;
371
372 switch ((enum nss_lookup_type)cache_mdata) {
373 case nss_lt_name:
374 name = va_arg(ap, char *);
375 break;
376 case nss_lt_id:
377 uid = va_arg(ap, uid_t);
378 break;
379 case nss_lt_all:
380 break;
381 default:
382 /* should be unreachable */
383 return (NS_UNAVAIL);
384 }
385
386 pwd = va_arg(ap, struct passwd *);
387 orig_buf = va_arg(ap, char *);
388 orig_buf_size = va_arg(ap, size_t);
389 ret_errno = va_arg(ap, int *);
390
391 if (orig_buf_size <
392 buffer_size - sizeof(struct passwd) - sizeof(char *)) {
393 *ret_errno = ERANGE;
394 return (NS_RETURN);
395 }
396
397 memcpy(pwd, buffer, sizeof(struct passwd));
398 memcpy(&p, buffer + sizeof(struct passwd), sizeof(char *));
399 memcpy(orig_buf, buffer + sizeof(struct passwd) + sizeof(char *),
400 buffer_size - sizeof(struct passwd) - sizeof(char *));
401
402 NS_APPLY_OFFSET(pwd->pw_name, orig_buf, p, char *);
403 NS_APPLY_OFFSET(pwd->pw_passwd, orig_buf, p, char *);
404 NS_APPLY_OFFSET(pwd->pw_class, orig_buf, p, char *);
405 NS_APPLY_OFFSET(pwd->pw_gecos, orig_buf, p, char *);
406 NS_APPLY_OFFSET(pwd->pw_dir, orig_buf, p, char *);
407 NS_APPLY_OFFSET(pwd->pw_shell, orig_buf, p, char *);
408
409 if (retval != NULL)
410 *((struct passwd **)retval) = pwd;
411
412 return (NS_SUCCESS);
413 }
414
415 NSS_MP_CACHE_HANDLING(passwd);
416 #endif /* NS_CACHING */
417
418 void
setpwent(void)419 setpwent(void)
420 {
421 #ifdef NS_CACHING
422 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
423 passwd, (void *)nss_lt_all,
424 NULL, NULL);
425 #endif
426
427 static const ns_dtab dtab[] = {
428 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
429 #ifdef HESIOD
430 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
431 #endif
432 #ifdef YP
433 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
434 #endif
435 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
436 #ifdef NS_CACHING
437 NS_CACHE_CB(&cache_info)
438 #endif
439 { NULL, NULL, NULL }
440 };
441 _nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, 0);
442 }
443
444
445 int
setpassent(int stayopen)446 setpassent(int stayopen)
447 {
448 #ifdef NS_CACHING
449 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
450 passwd, (void *)nss_lt_all,
451 NULL, NULL);
452 #endif
453
454 static const ns_dtab dtab[] = {
455 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
456 #ifdef HESIOD
457 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
458 #endif
459 #ifdef YP
460 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
461 #endif
462 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
463 #ifdef NS_CACHING
464 NS_CACHE_CB(&cache_info)
465 #endif
466 { NULL, NULL, NULL }
467 };
468 _nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, stayopen);
469 return (1);
470 }
471
472
473 void
endpwent(void)474 endpwent(void)
475 {
476 #ifdef NS_CACHING
477 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
478 passwd, (void *)nss_lt_all,
479 NULL, NULL);
480 #endif
481
482 static const ns_dtab dtab[] = {
483 { NSSRC_FILES, files_setpwent, (void *)ENDPWENT },
484 #ifdef HESIOD
485 { NSSRC_DNS, dns_setpwent, (void *)ENDPWENT },
486 #endif
487 #ifdef YP
488 { NSSRC_NIS, nis_setpwent, (void *)ENDPWENT },
489 #endif
490 { NSSRC_COMPAT, compat_setpwent, (void *)ENDPWENT },
491 #ifdef NS_CACHING
492 NS_CACHE_CB(&cache_info)
493 #endif
494 { NULL, NULL, NULL }
495 };
496 _nsdispatch(NULL, dtab, NSDB_PASSWD, "endpwent", defaultsrc);
497 }
498
499
500 int
getpwent_r(struct passwd * pwd,char * buffer,size_t bufsize,struct passwd ** result)501 getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
502 struct passwd **result)
503 {
504 #ifdef NS_CACHING
505 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
506 passwd, (void *)nss_lt_all,
507 pwd_marshal_func, pwd_unmarshal_func);
508 #endif
509
510 static const ns_dtab dtab[] = {
511 { NSSRC_FILES, files_passwd, (void *)nss_lt_all },
512 #ifdef HESIOD
513 { NSSRC_DNS, dns_passwd, (void *)nss_lt_all },
514 #endif
515 #ifdef YP
516 { NSSRC_NIS, nis_passwd, (void *)nss_lt_all },
517 #endif
518 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_all },
519 #ifdef NS_CACHING
520 NS_CACHE_CB(&cache_info)
521 #endif
522 { NULL, NULL, NULL }
523 };
524 int rv, ret_errno;
525
526 pwd_init(pwd);
527 ret_errno = 0;
528 *result = NULL;
529 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwent_r", defaultsrc,
530 pwd, buffer, bufsize, &ret_errno);
531 if (rv == NS_SUCCESS)
532 return (0);
533 else
534 return (ret_errno);
535 }
536
537
538 int
getpwnam_r(const char * name,struct passwd * pwd,char * buffer,size_t bufsize,struct passwd ** result)539 getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t bufsize,
540 struct passwd **result)
541 {
542 #ifdef NS_CACHING
543 static const nss_cache_info cache_info =
544 NS_COMMON_CACHE_INFO_INITIALIZER(
545 passwd, (void *)nss_lt_name,
546 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
547 #endif
548
549 static const ns_dtab dtab[] = {
550 { NSSRC_FILES, files_passwd, (void *)nss_lt_name },
551 #ifdef HESIOD
552 { NSSRC_DNS, dns_passwd, (void *)nss_lt_name },
553 #endif
554 #ifdef YP
555 { NSSRC_NIS, nis_passwd, (void *)nss_lt_name },
556 #endif
557 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_name },
558 #ifdef NS_CACHING
559 NS_CACHE_CB(&cache_info)
560 #endif
561 { NULL, NULL, NULL }
562 };
563 int rv, ret_errno;
564
565 pwd_init(pwd);
566 ret_errno = 0;
567 *result = NULL;
568 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwnam_r", defaultsrc,
569 name, pwd, buffer, bufsize, &ret_errno);
570 if (rv == NS_SUCCESS)
571 return (0);
572 else
573 return (ret_errno);
574 }
575
576
577 int
getpwuid_r(uid_t uid,struct passwd * pwd,char * buffer,size_t bufsize,struct passwd ** result)578 getpwuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize,
579 struct passwd **result)
580 {
581 #ifdef NS_CACHING
582 static const nss_cache_info cache_info =
583 NS_COMMON_CACHE_INFO_INITIALIZER(
584 passwd, (void *)nss_lt_id,
585 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
586 #endif
587
588 static const ns_dtab dtab[] = {
589 { NSSRC_FILES, files_passwd, (void *)nss_lt_id },
590 #ifdef HESIOD
591 { NSSRC_DNS, dns_passwd, (void *)nss_lt_id },
592 #endif
593 #ifdef YP
594 { NSSRC_NIS, nis_passwd, (void *)nss_lt_id },
595 #endif
596 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_id },
597 #ifdef NS_CACHING
598 NS_CACHE_CB(&cache_info)
599 #endif
600 { NULL, NULL, NULL }
601 };
602 int rv, ret_errno;
603
604 pwd_init(pwd);
605 ret_errno = 0;
606 *result = NULL;
607 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwuid_r", defaultsrc,
608 uid, pwd, buffer, bufsize, &ret_errno);
609 if (rv == NS_SUCCESS)
610 return (0);
611 else
612 return (ret_errno);
613 }
614
615
616 static void
pwd_init(struct passwd * pwd)617 pwd_init(struct passwd *pwd)
618 {
619 static char nul[] = "";
620
621 memset(pwd, 0, sizeof(*pwd));
622 pwd->pw_uid = (uid_t)-1; /* Considered least likely to lead to */
623 pwd->pw_gid = (gid_t)-1; /* a security issue. */
624 pwd->pw_name = nul;
625 pwd->pw_passwd = nul;
626 pwd->pw_class = nul;
627 pwd->pw_gecos = nul;
628 pwd->pw_dir = nul;
629 pwd->pw_shell = nul;
630 }
631
632
633 static struct passwd pwd;
634 static char *pwd_storage;
635 static size_t pwd_storage_size;
636
637
638 static struct passwd *
getpw(int (* fn)(union key,struct passwd *,char *,size_t,struct passwd **),union key key)639 getpw(int (*fn)(union key, struct passwd *, char *, size_t, struct passwd **),
640 union key key)
641 {
642 int rv;
643 struct passwd *res;
644
645 if (pwd_storage == NULL) {
646 pwd_storage = malloc(PWD_STORAGE_INITIAL);
647 if (pwd_storage == NULL)
648 return (NULL);
649 pwd_storage_size = PWD_STORAGE_INITIAL;
650 }
651 do {
652 rv = fn(key, &pwd, pwd_storage, pwd_storage_size, &res);
653 if (res == NULL && rv == ERANGE) {
654 free(pwd_storage);
655 if ((pwd_storage_size << 1) > PWD_STORAGE_MAX) {
656 pwd_storage = NULL;
657 errno = ERANGE;
658 return (NULL);
659 }
660 pwd_storage_size <<= 1;
661 pwd_storage = malloc(pwd_storage_size);
662 if (pwd_storage == NULL)
663 return (NULL);
664 }
665 } while (res == NULL && rv == ERANGE);
666 if (rv != 0)
667 errno = rv;
668 return (res);
669 }
670
671
672 static int
wrap_getpwnam_r(union key key,struct passwd * pwd,char * buffer,size_t bufsize,struct passwd ** res)673 wrap_getpwnam_r(union key key, struct passwd *pwd, char *buffer,
674 size_t bufsize, struct passwd **res)
675 {
676 return (getpwnam_r(key.name, pwd, buffer, bufsize, res));
677 }
678
679
680 static int
wrap_getpwuid_r(union key key,struct passwd * pwd,char * buffer,size_t bufsize,struct passwd ** res)681 wrap_getpwuid_r(union key key, struct passwd *pwd, char *buffer,
682 size_t bufsize, struct passwd **res)
683 {
684 return (getpwuid_r(key.uid, pwd, buffer, bufsize, res));
685 }
686
687
688 static int
wrap_getpwent_r(union key key __unused,struct passwd * pwd,char * buffer,size_t bufsize,struct passwd ** res)689 wrap_getpwent_r(union key key __unused, struct passwd *pwd, char *buffer,
690 size_t bufsize, struct passwd **res)
691 {
692 return (getpwent_r(pwd, buffer, bufsize, res));
693 }
694
695
696 struct passwd *
getpwnam(const char * name)697 getpwnam(const char *name)
698 {
699 union key key;
700
701 key.name = name;
702 return (getpw(wrap_getpwnam_r, key));
703 }
704
705
706 struct passwd *
getpwuid(uid_t uid)707 getpwuid(uid_t uid)
708 {
709 union key key;
710
711 key.uid = uid;
712 return (getpw(wrap_getpwuid_r, key));
713 }
714
715
716 struct passwd *
getpwent(void)717 getpwent(void)
718 {
719 union key key;
720
721 key.uid = 0; /* not used */
722 return (getpw(wrap_getpwent_r, key));
723 }
724
725
726 /*
727 * files backend
728 */
729 static DB *
pwdbopen(int * version)730 pwdbopen(int *version)
731 {
732 DB *res;
733 DBT key, entry;
734 int rv;
735
736 if (geteuid() != 0 ||
737 (res = dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) == NULL)
738 res = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
739 if (res == NULL)
740 return (NULL);
741 key.data = _PWD_VERSION_KEY;
742 key.size = strlen(_PWD_VERSION_KEY);
743 rv = res->get(res, &key, &entry, 0);
744 if (rv == 0)
745 *version = *(unsigned char *)entry.data;
746 else
747 *version = 3;
748 if (*version < 3 || *version >= NELEM(pwdb_versions)) {
749 syslog(LOG_CRIT, "Unsupported password database version %d",
750 *version);
751 res->close(res);
752 res = NULL;
753 }
754 return (res);
755 }
756
757
758 static void
files_endstate(void * p)759 files_endstate(void *p)
760 {
761 DB *db;
762
763 if (p == NULL)
764 return;
765 db = ((struct files_state *)p)->db;
766 if (db != NULL)
767 db->close(db);
768 free(p);
769 }
770
771
772 static int
files_setpwent(void * retval __unused,void * mdata,va_list ap)773 files_setpwent(void *retval __unused, void *mdata, va_list ap)
774 {
775 struct files_state *st;
776 int rv, stayopen;
777
778 rv = files_getstate(&st);
779 if (rv != 0)
780 return (NS_UNAVAIL);
781 switch ((enum constants)mdata) {
782 case SETPWENT:
783 stayopen = va_arg(ap, int);
784 st->keynum = 0;
785 if (stayopen)
786 st->db = pwdbopen(&st->version);
787 st->stayopen = stayopen;
788 break;
789 case ENDPWENT:
790 if (st->db != NULL) {
791 st->db->close(st->db);
792 st->db = NULL;
793 }
794 break;
795 default:
796 break;
797 }
798 return (NS_UNAVAIL);
799 }
800
801
802 static int
files_passwd(void * retval,void * mdata,va_list ap)803 files_passwd(void *retval, void *mdata, va_list ap)
804 {
805 char keybuf[MAXLOGNAME + 1];
806 DBT key, entry;
807 struct files_state *st;
808 enum nss_lookup_type how;
809 const char *name;
810 struct passwd *pwd;
811 char *buffer;
812 size_t bufsize, namesize;
813 uid_t uid;
814 uint32_t store;
815 int rv, stayopen, *errnop;
816
817 name = NULL;
818 uid = (uid_t)-1;
819 how = (enum nss_lookup_type)mdata;
820 switch (how) {
821 case nss_lt_name:
822 name = va_arg(ap, const char *);
823 keybuf[0] = _PW_KEYBYNAME;
824 break;
825 case nss_lt_id:
826 uid = va_arg(ap, uid_t);
827 keybuf[0] = _PW_KEYBYUID;
828 break;
829 case nss_lt_all:
830 keybuf[0] = _PW_KEYBYNUM;
831 break;
832 default:
833 rv = NS_NOTFOUND;
834 goto fin;
835 }
836 pwd = va_arg(ap, struct passwd *);
837 buffer = va_arg(ap, char *);
838 bufsize = va_arg(ap, size_t);
839 errnop = va_arg(ap, int *);
840 *errnop = files_getstate(&st);
841 if (*errnop != 0)
842 return (NS_UNAVAIL);
843 if (how == nss_lt_all && st->keynum < 0) {
844 rv = NS_NOTFOUND;
845 goto fin;
846 }
847 if (st->db == NULL &&
848 (st->db = pwdbopen(&st->version)) == NULL) {
849 *errnop = errno;
850 rv = NS_UNAVAIL;
851 goto fin;
852 }
853 if (how == nss_lt_all)
854 stayopen = 1;
855 else
856 stayopen = st->stayopen;
857 key.data = keybuf;
858 do {
859 switch (how) {
860 case nss_lt_name:
861 /* MAXLOGNAME includes NUL byte, but we do not
862 * include the NUL byte in the key.
863 */
864 namesize = strlcpy(&keybuf[1], name, sizeof(keybuf)-1);
865 if (namesize >= sizeof(keybuf)-1) {
866 *errnop = EINVAL;
867 rv = NS_NOTFOUND;
868 goto fin;
869 }
870 key.size = namesize + 1;
871 break;
872 case nss_lt_id:
873 if (st->version < _PWD_CURRENT_VERSION) {
874 memcpy(&keybuf[1], &uid, sizeof(uid));
875 key.size = sizeof(uid) + 1;
876 } else {
877 store = htonl(uid);
878 memcpy(&keybuf[1], &store, sizeof(store));
879 key.size = sizeof(store) + 1;
880 }
881 break;
882 case nss_lt_all:
883 st->keynum++;
884 if (st->version < _PWD_CURRENT_VERSION) {
885 memcpy(&keybuf[1], &st->keynum,
886 sizeof(st->keynum));
887 key.size = sizeof(st->keynum) + 1;
888 } else {
889 store = htonl(st->keynum);
890 memcpy(&keybuf[1], &store, sizeof(store));
891 key.size = sizeof(store) + 1;
892 }
893 break;
894 }
895 keybuf[0] = _PW_VERSIONED(keybuf[0], st->version);
896 rv = st->db->get(st->db, &key, &entry, 0);
897 if (rv < 0 || rv > 1) { /* should never return > 1 */
898 *errnop = errno;
899 rv = NS_UNAVAIL;
900 goto fin;
901 } else if (rv == 1) {
902 if (how == nss_lt_all)
903 st->keynum = -1;
904 rv = NS_NOTFOUND;
905 goto fin;
906 }
907 rv = pwdb_versions[st->version].match(entry.data, entry.size,
908 how, name, uid);
909 if (rv != NS_SUCCESS)
910 continue;
911 if (entry.size > bufsize) {
912 *errnop = ERANGE;
913 rv = NS_RETURN;
914 break;
915 }
916 memcpy(buffer, entry.data, entry.size);
917 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
918 errnop);
919 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
920 fin:
921 if (!stayopen && st->db != NULL) {
922 st->db->close(st->db);
923 st->db = NULL;
924 }
925 if (rv == NS_SUCCESS) {
926 pwd->pw_fields &= ~_PWF_SOURCE;
927 pwd->pw_fields |= _PWF_FILES;
928 if (retval != NULL)
929 *(struct passwd **)retval = pwd;
930 }
931 return (rv);
932 }
933
934
935 static int
pwdb_match_entry_v3(char * entry,size_t entrysize,enum nss_lookup_type how,const char * name,uid_t uid)936 pwdb_match_entry_v3(char *entry, size_t entrysize, enum nss_lookup_type how,
937 const char *name, uid_t uid)
938 {
939 const char *p, *eom;
940 uid_t uid2;
941
942 eom = &entry[entrysize];
943 for (p = entry; p < eom; p++)
944 if (*p == '\0')
945 break;
946 if (*p != '\0')
947 return (NS_NOTFOUND);
948 if (how == nss_lt_all)
949 return (NS_SUCCESS);
950 if (how == nss_lt_name)
951 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
952 for (p++; p < eom; p++)
953 if (*p == '\0')
954 break;
955 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
956 return (NS_NOTFOUND);
957 memcpy(&uid2, p, sizeof(uid2));
958 return (uid == uid2 ? NS_SUCCESS : NS_NOTFOUND);
959 }
960
961
962 static int
pwdb_parse_entry_v3(char * buffer,size_t bufsize,struct passwd * pwd,int * errnop __unused)963 pwdb_parse_entry_v3(char *buffer, size_t bufsize, struct passwd *pwd,
964 int *errnop __unused)
965 {
966 char *p, *eom;
967 int32_t pw_change, pw_expire;
968
969 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
970 p = buffer;
971 eom = &buffer[bufsize];
972 #define STRING(field) do { \
973 (field) = p; \
974 while (p < eom && *p != '\0') \
975 p++; \
976 if (p >= eom) \
977 return (NS_NOTFOUND); \
978 p++; \
979 } while (0)
980 #define SCALAR(field) do { \
981 if (p + sizeof(field) > eom) \
982 return (NS_NOTFOUND); \
983 memcpy(&(field), p, sizeof(field)); \
984 p += sizeof(field); \
985 } while (0)
986 STRING(pwd->pw_name);
987 STRING(pwd->pw_passwd);
988 SCALAR(pwd->pw_uid);
989 SCALAR(pwd->pw_gid);
990 SCALAR(pw_change);
991 STRING(pwd->pw_class);
992 STRING(pwd->pw_gecos);
993 STRING(pwd->pw_dir);
994 STRING(pwd->pw_shell);
995 SCALAR(pw_expire);
996 SCALAR(pwd->pw_fields);
997 #undef STRING
998 #undef SCALAR
999 pwd->pw_change = pw_change;
1000 pwd->pw_expire = pw_expire;
1001 return (NS_SUCCESS);
1002 }
1003
1004
1005 static int
pwdb_match_entry_v4(char * entry,size_t entrysize,enum nss_lookup_type how,const char * name,uid_t uid)1006 pwdb_match_entry_v4(char *entry, size_t entrysize, enum nss_lookup_type how,
1007 const char *name, uid_t uid)
1008 {
1009 const char *p, *eom;
1010 uint32_t uid2;
1011
1012 eom = &entry[entrysize];
1013 for (p = entry; p < eom; p++)
1014 if (*p == '\0')
1015 break;
1016 if (*p != '\0')
1017 return (NS_NOTFOUND);
1018 if (how == nss_lt_all)
1019 return (NS_SUCCESS);
1020 if (how == nss_lt_name)
1021 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
1022 for (p++; p < eom; p++)
1023 if (*p == '\0')
1024 break;
1025 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
1026 return (NS_NOTFOUND);
1027 memcpy(&uid2, p, sizeof(uid2));
1028 uid2 = ntohl(uid2);
1029 return (uid == (uid_t)uid2 ? NS_SUCCESS : NS_NOTFOUND);
1030 }
1031
1032
1033 static int
pwdb_parse_entry_v4(char * buffer,size_t bufsize,struct passwd * pwd,int * errnop __unused)1034 pwdb_parse_entry_v4(char *buffer, size_t bufsize, struct passwd *pwd,
1035 int *errnop __unused)
1036 {
1037 char *p, *eom;
1038 uint32_t n;
1039
1040 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
1041 p = buffer;
1042 eom = &buffer[bufsize];
1043 #define STRING(field) do { \
1044 (field) = p; \
1045 while (p < eom && *p != '\0') \
1046 p++; \
1047 if (p >= eom) \
1048 return (NS_NOTFOUND); \
1049 p++; \
1050 } while (0)
1051 #define SCALAR(field) do { \
1052 if (p + sizeof(n) > eom) \
1053 return (NS_NOTFOUND); \
1054 memcpy(&n, p, sizeof(n)); \
1055 (field) = ntohl(n); \
1056 p += sizeof(n); \
1057 } while (0)
1058 STRING(pwd->pw_name);
1059 STRING(pwd->pw_passwd);
1060 SCALAR(pwd->pw_uid);
1061 SCALAR(pwd->pw_gid);
1062 SCALAR(pwd->pw_change);
1063 STRING(pwd->pw_class);
1064 STRING(pwd->pw_gecos);
1065 STRING(pwd->pw_dir);
1066 STRING(pwd->pw_shell);
1067 SCALAR(pwd->pw_expire);
1068 SCALAR(pwd->pw_fields);
1069 #undef STRING
1070 #undef SCALAR
1071 return (NS_SUCCESS);
1072 }
1073
1074
1075 #ifdef HESIOD
1076 /*
1077 * dns backend
1078 */
1079 static void
dns_endstate(void * p)1080 dns_endstate(void *p)
1081 {
1082 free(p);
1083 }
1084
1085
1086 static int
dns_setpwent(void * retval __unused,void * mdata __unused,va_list ap __unused)1087 dns_setpwent(void *retval __unused, void *mdata __unused, va_list ap __unused)
1088 {
1089 struct dns_state *st;
1090 int rv;
1091
1092 rv = dns_getstate(&st);
1093 if (rv != 0)
1094 return (NS_UNAVAIL);
1095 st->counter = 0;
1096 return (NS_UNAVAIL);
1097 }
1098
1099
1100 static int
dns_passwd(void * retval,void * mdata,va_list ap)1101 dns_passwd(void *retval, void *mdata, va_list ap)
1102 {
1103 char buf[HESIOD_NAME_MAX];
1104 struct dns_state *st;
1105 struct passwd *pwd;
1106 const char *name, *label;
1107 void *ctx;
1108 char *buffer, **hes;
1109 size_t bufsize, linesize;
1110 uid_t uid;
1111 enum nss_lookup_type how;
1112 int rv, *errnop;
1113
1114 ctx = NULL;
1115 hes = NULL;
1116 name = NULL;
1117 uid = (uid_t)-1;
1118 how = (enum nss_lookup_type)mdata;
1119 switch (how) {
1120 case nss_lt_name:
1121 name = va_arg(ap, const char *);
1122 break;
1123 case nss_lt_id:
1124 uid = va_arg(ap, uid_t);
1125 break;
1126 case nss_lt_all:
1127 break;
1128 }
1129 pwd = va_arg(ap, struct passwd *);
1130 buffer = va_arg(ap, char *);
1131 bufsize = va_arg(ap, size_t);
1132 errnop = va_arg(ap, int *);
1133 *errnop = dns_getstate(&st);
1134 if (*errnop != 0)
1135 return (NS_UNAVAIL);
1136 if (hesiod_init(&ctx) != 0) {
1137 *errnop = errno;
1138 rv = NS_UNAVAIL;
1139 goto fin;
1140 }
1141 do {
1142 rv = NS_NOTFOUND;
1143 switch (how) {
1144 case nss_lt_name:
1145 label = name;
1146 break;
1147 case nss_lt_id:
1148 if (snprintf(buf, sizeof(buf), "%lu",
1149 (unsigned long)uid) >= sizeof(buf))
1150 goto fin;
1151 label = buf;
1152 break;
1153 case nss_lt_all:
1154 if (st->counter < 0)
1155 goto fin;
1156 if (snprintf(buf, sizeof(buf), "passwd-%ld",
1157 st->counter++) >= sizeof(buf))
1158 goto fin;
1159 label = buf;
1160 break;
1161 }
1162 hes = hesiod_resolve(ctx, label,
1163 how == nss_lt_id ? "uid" : "passwd");
1164 if (hes == NULL) {
1165 if (how == nss_lt_all)
1166 st->counter = -1;
1167 if (errno != ENOENT)
1168 *errnop = errno;
1169 goto fin;
1170 }
1171 rv = __pw_match_entry(hes[0], strlen(hes[0]), how, name, uid);
1172 if (rv != NS_SUCCESS) {
1173 hesiod_free_list(ctx, hes);
1174 hes = NULL;
1175 continue;
1176 }
1177 linesize = strlcpy(buffer, hes[0], bufsize);
1178 if (linesize >= bufsize) {
1179 *errnop = ERANGE;
1180 rv = NS_RETURN;
1181 continue;
1182 }
1183 hesiod_free_list(ctx, hes);
1184 hes = NULL;
1185 rv = __pw_parse_entry(buffer, bufsize, pwd, 0, errnop);
1186 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1187 fin:
1188 if (hes != NULL)
1189 hesiod_free_list(ctx, hes);
1190 if (ctx != NULL)
1191 hesiod_end(ctx);
1192 if (rv == NS_SUCCESS) {
1193 pwd->pw_fields &= ~_PWF_SOURCE;
1194 pwd->pw_fields |= _PWF_HESIOD;
1195 if (retval != NULL)
1196 *(struct passwd **)retval = pwd;
1197 }
1198 return (rv);
1199 }
1200 #endif /* HESIOD */
1201
1202
1203 #ifdef YP
1204 /*
1205 * nis backend
1206 */
1207 static void
nis_endstate(void * p)1208 nis_endstate(void *p)
1209 {
1210 free(((struct nis_state *)p)->key);
1211 free(p);
1212 }
1213
1214 /*
1215 * Test for the presence of special FreeBSD-specific master.passwd.by*
1216 * maps. We do this using yp_order(). If it fails, then either the server
1217 * doesn't have the map, or the YPPROC_ORDER procedure isn't supported by
1218 * the server (Sun NIS+ servers in YP compat mode behave this way). If
1219 * the master.passwd.by* maps don't exist, then let the lookup routine try
1220 * the regular passwd.by* maps instead. If the lookup routine fails, it
1221 * can return an error as needed.
1222 */
1223 static int
nis_map(char * domain,enum nss_lookup_type how,char * buffer,size_t bufsize,int * master)1224 nis_map(char *domain, enum nss_lookup_type how, char *buffer, size_t bufsize,
1225 int *master)
1226 {
1227 int rv, order;
1228
1229 *master = 0;
1230 if (geteuid() == 0) {
1231 if (snprintf(buffer, bufsize, "master.passwd.by%s",
1232 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1233 return (NS_UNAVAIL);
1234 rv = yp_order(domain, buffer, &order);
1235 if (rv == 0) {
1236 *master = 1;
1237 return (NS_SUCCESS);
1238 }
1239 }
1240
1241 if (snprintf(buffer, bufsize, "passwd.by%s",
1242 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1243 return (NS_UNAVAIL);
1244
1245 return (NS_SUCCESS);
1246 }
1247
1248
1249 static int
nis_adjunct(char * domain,const char * name,char * buffer,size_t bufsize)1250 nis_adjunct(char *domain, const char *name, char *buffer, size_t bufsize)
1251 {
1252 int rv;
1253 char *result, *p, *q, *eor;
1254 int resultlen;
1255
1256 result = NULL;
1257 rv = yp_match(domain, "passwd.adjunct.byname", name, strlen(name),
1258 &result, &resultlen);
1259 if (rv != 0)
1260 rv = 1;
1261 else {
1262 eor = &result[resultlen];
1263 p = memchr(result, ':', eor - result);
1264 if (p != NULL && ++p < eor &&
1265 (q = memchr(p, ':', eor - p)) != NULL) {
1266 if (q - p >= bufsize)
1267 rv = -1;
1268 else {
1269 memcpy(buffer, p, q - p);
1270 buffer[q - p] ='\0';
1271 }
1272 } else
1273 rv = 1;
1274 }
1275 free(result);
1276 return (rv);
1277 }
1278
1279
1280 static int
nis_setpwent(void * retval __unused,void * mdata __unused,va_list ap __unused)1281 nis_setpwent(void *retval __unused, void *mdata __unused, va_list ap __unused)
1282 {
1283 struct nis_state *st;
1284 int rv;
1285
1286 rv = nis_getstate(&st);
1287 if (rv != 0)
1288 return (NS_UNAVAIL);
1289 st->done = 0;
1290 free(st->key);
1291 st->key = NULL;
1292 return (NS_UNAVAIL);
1293 }
1294
1295
1296 static int
nis_passwd(void * retval,void * mdata,va_list ap)1297 nis_passwd(void *retval, void *mdata, va_list ap)
1298 {
1299 char map[YPMAXMAP];
1300 struct nis_state *st;
1301 struct passwd *pwd;
1302 const char *name;
1303 char *buffer, *key, *result;
1304 size_t bufsize;
1305 uid_t uid;
1306 enum nss_lookup_type how;
1307 int *errnop, keylen, resultlen, rv, master;
1308
1309 name = NULL;
1310 uid = (uid_t)-1;
1311 how = (enum nss_lookup_type)mdata;
1312 switch (how) {
1313 case nss_lt_name:
1314 name = va_arg(ap, const char *);
1315 break;
1316 case nss_lt_id:
1317 uid = va_arg(ap, uid_t);
1318 break;
1319 case nss_lt_all:
1320 break;
1321 }
1322 pwd = va_arg(ap, struct passwd *);
1323 buffer = va_arg(ap, char *);
1324 bufsize = va_arg(ap, size_t);
1325 errnop = va_arg(ap, int *);
1326 *errnop = nis_getstate(&st);
1327 if (*errnop != 0)
1328 return (NS_UNAVAIL);
1329 if (st->domain[0] == '\0') {
1330 if (getdomainname(st->domain, sizeof(st->domain)) != 0) {
1331 *errnop = errno;
1332 return (NS_UNAVAIL);
1333 }
1334 }
1335 rv = nis_map(st->domain, how, map, sizeof(map), &master);
1336 if (rv != NS_SUCCESS)
1337 return (rv);
1338 result = NULL;
1339 do {
1340 rv = NS_NOTFOUND;
1341 switch (how) {
1342 case nss_lt_name:
1343 if (strlcpy(buffer, name, bufsize) >= bufsize)
1344 goto erange;
1345 break;
1346 case nss_lt_id:
1347 if (snprintf(buffer, bufsize, "%lu",
1348 (unsigned long)uid) >= bufsize)
1349 goto erange;
1350 break;
1351 case nss_lt_all:
1352 if (st->done)
1353 goto fin;
1354 break;
1355 }
1356 result = NULL;
1357 if (how == nss_lt_all) {
1358 if (st->key == NULL)
1359 rv = yp_first(st->domain, map, &st->key,
1360 &st->keylen, &result, &resultlen);
1361 else {
1362 key = st->key;
1363 keylen = st->keylen;
1364 st->key = NULL;
1365 rv = yp_next(st->domain, map, key, keylen,
1366 &st->key, &st->keylen, &result,
1367 &resultlen);
1368 free(key);
1369 }
1370 if (rv != 0) {
1371 free(result);
1372 free(st->key);
1373 st->key = NULL;
1374 if (rv == YPERR_NOMORE)
1375 st->done = 1;
1376 else
1377 rv = NS_UNAVAIL;
1378 goto fin;
1379 }
1380 } else {
1381 rv = yp_match(st->domain, map, buffer, strlen(buffer),
1382 &result, &resultlen);
1383 if (rv == YPERR_KEY) {
1384 rv = NS_NOTFOUND;
1385 continue;
1386 } else if (rv != 0) {
1387 free(result);
1388 rv = NS_UNAVAIL;
1389 continue;
1390 }
1391 }
1392 if (resultlen >= bufsize)
1393 goto erange;
1394 memcpy(buffer, result, resultlen);
1395 buffer[resultlen] = '\0';
1396 free(result);
1397 rv = __pw_match_entry(buffer, resultlen, how, name, uid);
1398 if (rv == NS_SUCCESS)
1399 rv = __pw_parse_entry(buffer, resultlen, pwd, master,
1400 errnop);
1401 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1402 fin:
1403 if (rv == NS_SUCCESS) {
1404 if (strstr(pwd->pw_passwd, "##") != NULL) {
1405 rv = nis_adjunct(st->domain, pwd->pw_name,
1406 &buffer[resultlen+1], bufsize-resultlen-1);
1407 if (rv < 0)
1408 goto erange;
1409 else if (rv == 0)
1410 pwd->pw_passwd = &buffer[resultlen+1];
1411 }
1412 pwd->pw_fields &= ~_PWF_SOURCE;
1413 pwd->pw_fields |= _PWF_NIS;
1414 if (retval != NULL)
1415 *(struct passwd **)retval = pwd;
1416 rv = NS_SUCCESS;
1417 }
1418 return (rv);
1419 erange:
1420 *errnop = ERANGE;
1421 return (NS_RETURN);
1422 }
1423 #endif /* YP */
1424
1425
1426 /*
1427 * compat backend
1428 */
1429 static void
compat_clear_template(struct passwd * template)1430 compat_clear_template(struct passwd *template)
1431 {
1432
1433 free(template->pw_passwd);
1434 free(template->pw_gecos);
1435 free(template->pw_dir);
1436 free(template->pw_shell);
1437 memset(template, 0, sizeof(*template));
1438 }
1439
1440
1441 static int
compat_set_template(struct passwd * src,struct passwd * template)1442 compat_set_template(struct passwd *src, struct passwd *template)
1443 {
1444
1445 compat_clear_template(template);
1446 #ifdef PW_OVERRIDE_PASSWD
1447 if ((src->pw_fields & _PWF_PASSWD) &&
1448 (template->pw_passwd = strdup(src->pw_passwd)) == NULL)
1449 goto enomem;
1450 #endif
1451 if (src->pw_fields & _PWF_UID)
1452 template->pw_uid = src->pw_uid;
1453 if (src->pw_fields & _PWF_GID)
1454 template->pw_gid = src->pw_gid;
1455 if ((src->pw_fields & _PWF_GECOS) &&
1456 (template->pw_gecos = strdup(src->pw_gecos)) == NULL)
1457 goto enomem;
1458 if ((src->pw_fields & _PWF_DIR) &&
1459 (template->pw_dir = strdup(src->pw_dir)) == NULL)
1460 goto enomem;
1461 if ((src->pw_fields & _PWF_SHELL) &&
1462 (template->pw_shell = strdup(src->pw_shell)) == NULL)
1463 goto enomem;
1464 template->pw_fields = src->pw_fields;
1465 return (0);
1466 enomem:
1467 syslog(LOG_ERR, "getpwent memory allocation failure");
1468 return (-1);
1469 }
1470
1471
1472 static int
compat_use_template(struct passwd * pwd,struct passwd * template,char * buffer,size_t bufsize)1473 compat_use_template(struct passwd *pwd, struct passwd *template, char *buffer,
1474 size_t bufsize)
1475 {
1476 struct passwd hold;
1477 char *copy, *p, *q, *eob;
1478 size_t n;
1479
1480 /* We cannot know the layout of the password fields in `buffer',
1481 * so we have to copy everything.
1482 */
1483 if (template->pw_fields == 0) /* nothing to fill-in */
1484 return (0);
1485 n = 0;
1486 n += pwd->pw_name != NULL ? strlen(pwd->pw_name) + 1 : 0;
1487 n += pwd->pw_passwd != NULL ? strlen(pwd->pw_passwd) + 1 : 0;
1488 n += pwd->pw_class != NULL ? strlen(pwd->pw_class) + 1 : 0;
1489 n += pwd->pw_gecos != NULL ? strlen(pwd->pw_gecos) + 1 : 0;
1490 n += pwd->pw_dir != NULL ? strlen(pwd->pw_dir) + 1 : 0;
1491 n += pwd->pw_shell != NULL ? strlen(pwd->pw_shell) + 1 : 0;
1492 copy = malloc(n);
1493 if (copy == NULL) {
1494 syslog(LOG_ERR, "getpwent memory allocation failure");
1495 return (ENOMEM);
1496 }
1497 p = copy;
1498 eob = ©[n];
1499 #define COPY(field) do { \
1500 if (pwd->field == NULL) \
1501 hold.field = NULL; \
1502 else { \
1503 hold.field = p; \
1504 p += strlcpy(p, pwd->field, eob-p) + 1; \
1505 } \
1506 } while (0)
1507 COPY(pw_name);
1508 COPY(pw_passwd);
1509 COPY(pw_class);
1510 COPY(pw_gecos);
1511 COPY(pw_dir);
1512 COPY(pw_shell);
1513 #undef COPY
1514 p = buffer;
1515 eob = &buffer[bufsize];
1516 #define COPY(field, flag) do { \
1517 q = (template->pw_fields & flag) ? template->field : hold.field; \
1518 if (q == NULL) \
1519 pwd->field = NULL; \
1520 else { \
1521 pwd->field = p; \
1522 if ((n = strlcpy(p, q, eob-p)) >= eob-p) { \
1523 free(copy); \
1524 return (ERANGE); \
1525 } \
1526 p += n + 1; \
1527 } \
1528 } while (0)
1529 COPY(pw_name, 0);
1530 #ifdef PW_OVERRIDE_PASSWD
1531 COPY(pw_passwd, _PWF_PASSWD);
1532 #else
1533 COPY(pw_passwd, 0);
1534 #endif
1535 COPY(pw_class, 0);
1536 COPY(pw_gecos, _PWF_GECOS);
1537 COPY(pw_dir, _PWF_DIR);
1538 COPY(pw_shell, _PWF_SHELL);
1539 #undef COPY
1540 #define COPY(field, flag) do { \
1541 if (template->pw_fields & flag) \
1542 pwd->field = template->field; \
1543 } while (0)
1544 COPY(pw_uid, _PWF_UID);
1545 COPY(pw_gid, _PWF_GID);
1546 #undef COPY
1547 free(copy);
1548 return (0);
1549 }
1550
1551
1552 static int
compat_exclude(const char * name,DB ** db)1553 compat_exclude(const char *name, DB **db)
1554 {
1555 DBT key, data;
1556
1557 if (*db == NULL &&
1558 (*db = dbopen(NULL, O_RDWR, 600, DB_HASH, 0)) == NULL)
1559 return (errno);
1560 key.size = strlen(name);
1561 key.data = (char *)name;
1562 data.size = 0;
1563 data.data = NULL;
1564
1565 if ((*db)->put(*db, &key, &data, 0) == -1)
1566 return (errno);
1567 return (0);
1568 }
1569
1570
1571 static int
compat_is_excluded(const char * name,DB * db)1572 compat_is_excluded(const char *name, DB *db)
1573 {
1574 DBT key, data;
1575
1576 if (db == NULL)
1577 return (0);
1578 key.size = strlen(name);
1579 key.data = (char *)name;
1580 return (db->get(db, &key, &data, 0) == 0);
1581 }
1582
1583
1584 static int
compat_redispatch(struct compat_state * st,enum nss_lookup_type how,enum nss_lookup_type lookup_how,const char * name,const char * lookup_name,uid_t uid,struct passwd * pwd,char * buffer,size_t bufsize,int * errnop)1585 compat_redispatch(struct compat_state *st, enum nss_lookup_type how,
1586 enum nss_lookup_type lookup_how, const char *name, const char *lookup_name,
1587 uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, int *errnop)
1588 {
1589 static const ns_src compatsrc[] = {
1590 #ifdef YP
1591 { NSSRC_NIS, NS_SUCCESS },
1592 #endif
1593 { NULL, 0 }
1594 };
1595 ns_dtab dtab[] = {
1596 #ifdef YP
1597 { NSSRC_NIS, nis_passwd, NULL },
1598 #endif
1599 #ifdef HESIOD
1600 { NSSRC_DNS, dns_passwd, NULL },
1601 #endif
1602 { NULL, NULL, NULL }
1603 };
1604 void *discard;
1605 int rv, e, i;
1606
1607 for (i = 0; i < NELEM(dtab) - 1; i++)
1608 dtab[i].mdata = (void *)lookup_how;
1609 more:
1610 pwd_init(pwd);
1611 switch (lookup_how) {
1612 case nss_lt_all:
1613 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1614 "getpwent_r", compatsrc, pwd, buffer, bufsize,
1615 errnop);
1616 break;
1617 case nss_lt_id:
1618 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1619 "getpwuid_r", compatsrc, uid, pwd, buffer,
1620 bufsize, errnop);
1621 break;
1622 case nss_lt_name:
1623 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1624 "getpwnam_r", compatsrc, lookup_name, pwd, buffer,
1625 bufsize, errnop);
1626 break;
1627 default:
1628 return (NS_UNAVAIL);
1629 }
1630 if (rv != NS_SUCCESS)
1631 return (rv);
1632 if (compat_is_excluded(pwd->pw_name, st->exclude)) {
1633 if (how == nss_lt_all)
1634 goto more;
1635 return (NS_NOTFOUND);
1636 }
1637 e = compat_use_template(pwd, &st->template, buffer, bufsize);
1638 if (e != 0) {
1639 *errnop = e;
1640 if (e == ERANGE)
1641 return (NS_RETURN);
1642 else
1643 return (NS_UNAVAIL);
1644 }
1645 switch (how) {
1646 case nss_lt_name:
1647 if (strcmp(name, pwd->pw_name) != 0)
1648 return (NS_NOTFOUND);
1649 break;
1650 case nss_lt_id:
1651 if (uid != pwd->pw_uid)
1652 return (NS_NOTFOUND);
1653 break;
1654 default:
1655 break;
1656 }
1657 return (NS_SUCCESS);
1658 }
1659
1660
1661 static void
compat_endstate(void * p)1662 compat_endstate(void *p)
1663 {
1664 struct compat_state *st;
1665
1666 if (p == NULL)
1667 return;
1668 st = (struct compat_state *)p;
1669 if (st->db != NULL)
1670 st->db->close(st->db);
1671 if (st->exclude != NULL)
1672 st->exclude->close(st->exclude);
1673 compat_clear_template(&st->template);
1674 free(p);
1675 }
1676
1677
1678 static int
compat_setpwent(void * retval __unused,void * mdata,va_list ap)1679 compat_setpwent(void *retval __unused, void *mdata, va_list ap)
1680 {
1681 static const ns_src compatsrc[] = {
1682 #ifdef YP
1683 { NSSRC_NIS, NS_SUCCESS },
1684 #endif
1685 { NULL, 0 }
1686 };
1687 ns_dtab dtab[] = {
1688 #ifdef YP
1689 { NSSRC_NIS, nis_setpwent, NULL },
1690 #endif
1691 #ifdef HESIOD
1692 { NSSRC_DNS, dns_setpwent, NULL },
1693 #endif
1694 { NULL, NULL, NULL }
1695 };
1696 struct compat_state *st;
1697 int rv, stayopen;
1698
1699 #define set_setent(x, y) do { \
1700 int i; \
1701 \
1702 for (i = 0; i < (sizeof(x)/sizeof(x[0])) - 1; i++) \
1703 x[i].mdata = (void *)y; \
1704 } while (0)
1705
1706 rv = compat_getstate(&st);
1707 if (rv != 0)
1708 return (NS_UNAVAIL);
1709 switch ((enum constants)mdata) {
1710 case SETPWENT:
1711 stayopen = va_arg(ap, int);
1712 st->keynum = 0;
1713 if (stayopen)
1714 st->db = pwdbopen(&st->version);
1715 st->stayopen = stayopen;
1716 set_setent(dtab, mdata);
1717 _nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "setpwent",
1718 compatsrc, 0);
1719 break;
1720 case ENDPWENT:
1721 if (st->db != NULL) {
1722 st->db->close(st->db);
1723 st->db = NULL;
1724 }
1725 set_setent(dtab, mdata);
1726 _nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "endpwent",
1727 compatsrc, 0);
1728 break;
1729 default:
1730 break;
1731 }
1732 return (NS_UNAVAIL);
1733 #undef set_setent
1734 }
1735
1736
1737 static int
compat_passwd(void * retval,void * mdata,va_list ap)1738 compat_passwd(void *retval, void *mdata, va_list ap)
1739 {
1740 char keybuf[MAXLOGNAME + 1];
1741 DBT key, entry;
1742 struct compat_state *st;
1743 enum nss_lookup_type how;
1744 const char *name;
1745 struct passwd *pwd;
1746 char *buffer, *pw_name;
1747 char *host, *user, *domain;
1748 size_t bufsize;
1749 uid_t uid;
1750 uint32_t store;
1751 int rv, from_compat, stayopen, *errnop;
1752
1753 from_compat = 0;
1754 name = NULL;
1755 uid = (uid_t)-1;
1756 how = (enum nss_lookup_type)mdata;
1757 switch (how) {
1758 case nss_lt_name:
1759 name = va_arg(ap, const char *);
1760 break;
1761 case nss_lt_id:
1762 uid = va_arg(ap, uid_t);
1763 break;
1764 case nss_lt_all:
1765 break;
1766 default:
1767 rv = NS_NOTFOUND;
1768 goto fin;
1769 }
1770 pwd = va_arg(ap, struct passwd *);
1771 buffer = va_arg(ap, char *);
1772 bufsize = va_arg(ap, size_t);
1773 errnop = va_arg(ap, int *);
1774 *errnop = compat_getstate(&st);
1775 if (*errnop != 0)
1776 return (NS_UNAVAIL);
1777 if (how == nss_lt_all && st->keynum < 0) {
1778 rv = NS_NOTFOUND;
1779 goto fin;
1780 }
1781 if (st->db == NULL &&
1782 (st->db = pwdbopen(&st->version)) == NULL) {
1783 *errnop = errno;
1784 rv = NS_UNAVAIL;
1785 goto fin;
1786 }
1787 if (how == nss_lt_all) {
1788 if (st->keynum < 0) {
1789 rv = NS_NOTFOUND;
1790 goto fin;
1791 }
1792 stayopen = 1;
1793 } else {
1794 st->keynum = 0;
1795 stayopen = st->stayopen;
1796 }
1797 docompat:
1798 rv = NS_NOTFOUND;
1799 switch (st->compat) {
1800 case COMPAT_MODE_ALL:
1801 rv = compat_redispatch(st, how, how, name, name, uid, pwd,
1802 buffer, bufsize, errnop);
1803 if (rv != NS_SUCCESS)
1804 st->compat = COMPAT_MODE_OFF;
1805 break;
1806 case COMPAT_MODE_NETGROUP:
1807 /* XXX getnetgrent is not thread-safe. */
1808 do {
1809 rv = getnetgrent(&host, &user, &domain);
1810 if (rv == 0) {
1811 endnetgrent();
1812 st->compat = COMPAT_MODE_OFF;
1813 rv = NS_NOTFOUND;
1814 continue;
1815 } else if (user == NULL || user[0] == '\0')
1816 continue;
1817 rv = compat_redispatch(st, how, nss_lt_name, name,
1818 user, uid, pwd, buffer, bufsize, errnop);
1819 } while (st->compat == COMPAT_MODE_NETGROUP &&
1820 !(rv & NS_TERMINATE));
1821 break;
1822 case COMPAT_MODE_NAME:
1823 rv = compat_redispatch(st, how, nss_lt_name, name, st->name,
1824 uid, pwd, buffer, bufsize, errnop);
1825 free(st->name);
1826 st->name = NULL;
1827 st->compat = COMPAT_MODE_OFF;
1828 break;
1829 default:
1830 break;
1831 }
1832 if (rv & NS_TERMINATE) {
1833 from_compat = 1;
1834 goto fin;
1835 }
1836 key.data = keybuf;
1837 rv = NS_NOTFOUND;
1838 while (st->keynum >= 0) {
1839 st->keynum++;
1840 if (st->version < _PWD_CURRENT_VERSION) {
1841 memcpy(&keybuf[1], &st->keynum, sizeof(st->keynum));
1842 key.size = sizeof(st->keynum) + 1;
1843 } else {
1844 store = htonl(st->keynum);
1845 memcpy(&keybuf[1], &store, sizeof(store));
1846 key.size = sizeof(store) + 1;
1847 }
1848 keybuf[0] = _PW_VERSIONED(_PW_KEYBYNUM, st->version);
1849 rv = st->db->get(st->db, &key, &entry, 0);
1850 if (rv < 0 || rv > 1) { /* should never return > 1 */
1851 *errnop = errno;
1852 rv = NS_UNAVAIL;
1853 goto fin;
1854 } else if (rv == 1) {
1855 st->keynum = -1;
1856 rv = NS_NOTFOUND;
1857 goto fin;
1858 }
1859 pw_name = (char *)entry.data;
1860 switch (pw_name[0]) {
1861 case '+':
1862 switch (pw_name[1]) {
1863 case '\0':
1864 st->compat = COMPAT_MODE_ALL;
1865 break;
1866 case '@':
1867 setnetgrent(&pw_name[2]);
1868 st->compat = COMPAT_MODE_NETGROUP;
1869 break;
1870 default:
1871 st->name = strdup(&pw_name[1]);
1872 if (st->name == NULL) {
1873 syslog(LOG_ERR,
1874 "getpwent memory allocation failure");
1875 *errnop = ENOMEM;
1876 rv = NS_UNAVAIL;
1877 break;
1878 }
1879 st->compat = COMPAT_MODE_NAME;
1880 }
1881 if (entry.size > bufsize) {
1882 *errnop = ERANGE;
1883 rv = NS_RETURN;
1884 goto fin;
1885 }
1886 memcpy(buffer, entry.data, entry.size);
1887 rv = pwdb_versions[st->version].parse(buffer,
1888 entry.size, pwd, errnop);
1889 if (rv != NS_SUCCESS)
1890 ;
1891 else if (compat_set_template(pwd, &st->template) < 0) {
1892 *errnop = ENOMEM;
1893 rv = NS_UNAVAIL;
1894 goto fin;
1895 }
1896 goto docompat;
1897 case '-':
1898 switch (pw_name[1]) {
1899 case '\0':
1900 /* XXX Maybe syslog warning */
1901 continue;
1902 case '@':
1903 setnetgrent(&pw_name[2]);
1904 while (getnetgrent(&host, &user, &domain) !=
1905 0) {
1906 if (user != NULL && user[0] != '\0')
1907 compat_exclude(user,
1908 &st->exclude);
1909 }
1910 endnetgrent();
1911 continue;
1912 default:
1913 compat_exclude(&pw_name[1], &st->exclude);
1914 continue;
1915 }
1916 break;
1917 default:
1918 break;
1919 }
1920 if (compat_is_excluded((char *)entry.data, st->exclude))
1921 continue;
1922 rv = pwdb_versions[st->version].match(entry.data, entry.size,
1923 how, name, uid);
1924 if (rv == NS_RETURN)
1925 break;
1926 else if (rv != NS_SUCCESS)
1927 continue;
1928 if (entry.size > bufsize) {
1929 *errnop = ERANGE;
1930 rv = NS_RETURN;
1931 break;
1932 }
1933 memcpy(buffer, entry.data, entry.size);
1934 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
1935 errnop);
1936 if (rv & NS_TERMINATE)
1937 break;
1938 }
1939 fin:
1940 if (!stayopen && st->db != NULL) {
1941 st->db->close(st->db);
1942 st->db = NULL;
1943 }
1944 if (rv == NS_SUCCESS) {
1945 if (!from_compat) {
1946 pwd->pw_fields &= ~_PWF_SOURCE;
1947 pwd->pw_fields |= _PWF_FILES;
1948 }
1949 if (retval != NULL)
1950 *(struct passwd **)retval = pwd;
1951 }
1952 return (rv);
1953 }
1954
1955
1956 /*
1957 * common passwd line matching and parsing
1958 */
1959 int
__pw_match_entry(const char * entry,size_t entrysize,enum nss_lookup_type how,const char * name,uid_t uid)1960 __pw_match_entry(const char *entry, size_t entrysize, enum nss_lookup_type how,
1961 const char *name, uid_t uid)
1962 {
1963 const char *p, *eom;
1964 char *q;
1965 size_t len;
1966 unsigned long m;
1967
1968 eom = entry + entrysize;
1969 for (p = entry; p < eom; p++)
1970 if (*p == ':')
1971 break;
1972 if (*p != ':')
1973 return (NS_NOTFOUND);
1974 if (how == nss_lt_all)
1975 return (NS_SUCCESS);
1976 if (how == nss_lt_name) {
1977 len = strlen(name);
1978 if (len == (p - entry) && memcmp(name, entry, len) == 0)
1979 return (NS_SUCCESS);
1980 else
1981 return (NS_NOTFOUND);
1982 }
1983 for (p++; p < eom; p++)
1984 if (*p == ':')
1985 break;
1986 if (*p != ':')
1987 return (NS_NOTFOUND);
1988 m = strtoul(++p, &q, 10);
1989 if (q[0] != ':' || (uid_t)m != uid)
1990 return (NS_NOTFOUND);
1991 else
1992 return (NS_SUCCESS);
1993 }
1994
1995
1996 /* XXX buffer must be NUL-terminated. errnop is not set correctly. */
1997 int
__pw_parse_entry(char * buffer,size_t bufsize __unused,struct passwd * pwd,int master,int * errnop __unused)1998 __pw_parse_entry(char *buffer, size_t bufsize __unused, struct passwd *pwd,
1999 int master, int *errnop __unused)
2000 {
2001
2002 if (__pw_scan(buffer, pwd, master ? _PWSCAN_MASTER : 0) == 0)
2003 return (NS_NOTFOUND);
2004 else
2005 return (NS_SUCCESS);
2006 }
2007