1 /* Copyright (C) 1996-1999, 2001-2006, 2007 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
26 #include <stdio_ext.h>
28 #include <rpc/types.h>
29 #include <bits/libc-lock.h>
30 #include <kernel-features.h>
32 static service_user *ni;
33 static enum nss_status (*nss_setgrent) (int stayopen);
34 static enum nss_status (*nss_getgrnam_r) (const char *name,
35 struct group * grp, char *buffer,
36 size_t buflen, int *errnop);
37 static enum nss_status (*nss_getgrgid_r) (gid_t gid, struct group * grp,
38 char *buffer, size_t buflen,
40 static enum nss_status (*nss_getgrent_r) (struct group * grp, char *buffer,
41 size_t buflen, int *errnop);
42 static enum nss_status (*nss_endgrent) (void);
44 /* Get the declaration of the parser function. */
46 #define STRUCTURE group
48 #include <nss/nss_files/files-parse.c>
50 /* Structure for remembering -group members ... */
51 #define BLACKLIST_INITIAL_SIZE 512
52 #define BLACKLIST_INCREMENT 256
63 enum nss_status setent_status;
65 struct blacklist_t blacklist;
67 typedef struct ent_t ent_t;
69 static ent_t ext_ent = { TRUE, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
71 /* Protect global state against multiple changers. */
72 __libc_lock_define_initialized (static, lock)
74 /* Positive if O_CLOEXEC is supported, negative if it is not supported,
75 zero if it is still undecided. This variable is shared with the
76 other compat functions. */
77 #ifdef __ASSUME_O_CLOEXEC
78 # define __compat_have_cloexec 1
81 int __compat_have_cloexec;
83 # define __compat_have_cloexec -1
87 /* Prototypes for local functions. */
88 static void blacklist_store_name (const char *, ent_t *);
89 static int in_blacklist (const char *, int, ent_t *);
91 /* Initialize the NSS interface/functions. The calling function must
94 init_nss_interface (void)
96 if (__nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0)
98 nss_setgrent = __nss_lookup_function (ni, "setgrent");
99 nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r");
100 nss_getgrgid_r = __nss_lookup_function (ni, "getgrgid_r");
101 nss_getgrent_r = __nss_lookup_function (ni, "getgrent_r");
102 nss_endgrent = __nss_lookup_function (ni, "endgrent");
106 static enum nss_status
107 internal_setgrent (ent_t *ent, int stayopen, int needent)
109 enum nss_status status = NSS_STATUS_SUCCESS;
113 if (ent->blacklist.data != NULL)
115 ent->blacklist.current = 1;
116 ent->blacklist.data[0] = '|';
117 ent->blacklist.data[1] = '\0';
120 ent->blacklist.current = 0;
122 if (ent->stream == NULL)
124 ent->stream = fopen ("/etc/group", "rme");
126 if (ent->stream == NULL)
127 status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
130 /* We have to make sure the file is `closed on exec'. */
133 if (__compat_have_cloexec <= 0)
136 result = flags = fcntl (fileno_unlocked (ent->stream), F_GETFD,
140 #if defined O_CLOEXEC && !defined __ASSUME_O_CLOEXEC
141 if (__compat_have_cloexec == 0)
142 __compat_have_cloexec = (flags & FD_CLOEXEC) ? 1 : -1;
144 if (__compat_have_cloexec < 0)
148 result = fcntl (fileno_unlocked (ent->stream), F_SETFD,
156 /* Something went wrong. Close the stream and return a
158 fclose (ent->stream);
160 status = NSS_STATUS_UNAVAIL;
163 /* We take care of locking ourself. */
164 __fsetlocking (ent->stream, FSETLOCKING_BYCALLER);
168 rewind (ent->stream);
170 if (needent && status == NSS_STATUS_SUCCESS && nss_setgrent)
171 ent->setent_status = nss_setgrent (stayopen);
178 _nss_compat_setgrent (int stayopen)
180 enum nss_status result;
182 __libc_lock_lock (lock);
185 init_nss_interface ();
187 result = internal_setgrent (&ext_ent, stayopen, 1);
189 __libc_lock_unlock (lock);
195 static enum nss_status
196 internal_endgrent (ent_t *ent)
201 if (ent->stream != NULL)
203 fclose (ent->stream);
207 if (ent->blacklist.data != NULL)
209 ent->blacklist.current = 1;
210 ent->blacklist.data[0] = '|';
211 ent->blacklist.data[1] = '\0';
214 ent->blacklist.current = 0;
216 return NSS_STATUS_SUCCESS;
220 _nss_compat_endgrent (void)
222 enum nss_status result;
224 __libc_lock_lock (lock);
226 result = internal_endgrent (&ext_ent);
228 __libc_lock_unlock (lock);
233 /* get the next group from NSS (+ entry) */
234 static enum nss_status
235 getgrent_next_nss (struct group *result, ent_t *ent, char *buffer,
236 size_t buflen, int *errnop)
239 return NSS_STATUS_UNAVAIL;
241 /* If the setgrent call failed, say so. */
242 if (ent->setent_status != NSS_STATUS_SUCCESS)
243 return ent->setent_status;
247 enum nss_status status;
249 if ((status = nss_getgrent_r (result, buffer, buflen, errnop)) !=
253 while (in_blacklist (result->gr_name, strlen (result->gr_name), ent));
255 return NSS_STATUS_SUCCESS;
258 /* This function handle the +group entrys in /etc/group */
259 static enum nss_status
260 getgrnam_plusgroup (const char *name, struct group *result, ent_t *ent,
261 char *buffer, size_t buflen, int *errnop)
264 return NSS_STATUS_UNAVAIL;
266 enum nss_status status = nss_getgrnam_r (name, result, buffer, buflen,
268 if (status != NSS_STATUS_SUCCESS)
271 if (in_blacklist (result->gr_name, strlen (result->gr_name), ent))
272 return NSS_STATUS_NOTFOUND;
274 /* We found the entry. */
275 return NSS_STATUS_SUCCESS;
278 static enum nss_status
279 getgrent_next_file (struct group *result, ent_t *ent,
280 char *buffer, size_t buflen, int *errnop)
282 struct parser_data *data = (void *) buffer;
291 /* We need at least 3 characters for one line. */
292 if (__builtin_expect (buflen < 3, 0))
296 return NSS_STATUS_TRYAGAIN;
299 fgetpos (ent->stream, &pos);
300 buffer[buflen - 1] = '\xff';
301 p = fgets_unlocked (buffer, buflen, ent->stream);
302 if (p == NULL && feof_unlocked (ent->stream))
303 return NSS_STATUS_NOTFOUND;
305 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
308 fsetpos (ent->stream, &pos);
312 /* Terminate the line for any case. */
313 buffer[buflen - 1] = '\0';
315 /* Skip leading blanks. */
319 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
320 /* Parse the line. If it is invalid, loop to
321 get the next line of the file to parse. */
322 !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
325 if (__builtin_expect (parse_res == -1, 0))
326 /* The parser ran out of space. */
329 if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
330 /* This is a real entry. */
334 if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
335 && result->gr_name[1] != '@')
337 blacklist_store_name (&result->gr_name[1], ent);
342 if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
343 && result->gr_name[1] != '@')
345 size_t len = strlen (result->gr_name);
347 enum nss_status status;
349 /* Store the group in the blacklist for the "+" at the end of
351 memcpy (buf, &result->gr_name[1], len);
352 status = getgrnam_plusgroup (&result->gr_name[1], result, ent,
353 buffer, buflen, errnop);
354 blacklist_store_name (buf, ent);
355 if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
357 else if (status == NSS_STATUS_RETURN /* We couldn't parse the entry*/
358 || status == NSS_STATUS_NOTFOUND) /* No group in NIS */
362 if (status == NSS_STATUS_TRYAGAIN)
363 /* The parser ran out of space. */
371 if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
375 return getgrent_next_nss (result, ent, buffer, buflen, errnop);
379 return NSS_STATUS_SUCCESS;
384 _nss_compat_getgrent_r (struct group *grp, char *buffer, size_t buflen,
387 enum nss_status result = NSS_STATUS_SUCCESS;
389 __libc_lock_lock (lock);
391 /* Be prepared that the setgrent function was not called before. */
393 init_nss_interface ();
395 if (ext_ent.stream == NULL)
396 result = internal_setgrent (&ext_ent, 1, 1);
398 if (result == NSS_STATUS_SUCCESS)
401 result = getgrent_next_file (grp, &ext_ent, buffer, buflen, errnop);
403 result = getgrent_next_nss (grp, &ext_ent, buffer, buflen, errnop);
405 __libc_lock_unlock (lock);
410 /* Searches in /etc/group and the NIS/NIS+ map for a special group */
411 static enum nss_status
412 internal_getgrnam_r (const char *name, struct group *result, ent_t *ent,
413 char *buffer, size_t buflen, int *errnop)
415 struct parser_data *data = (void *) buffer;
424 /* We need at least 3 characters for one line. */
425 if (__builtin_expect (buflen < 3, 0))
429 return NSS_STATUS_TRYAGAIN;
432 fgetpos (ent->stream, &pos);
433 buffer[buflen - 1] = '\xff';
434 p = fgets_unlocked (buffer, buflen, ent->stream);
435 if (p == NULL && feof_unlocked (ent->stream))
436 return NSS_STATUS_NOTFOUND;
438 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
441 fsetpos (ent->stream, &pos);
445 /* Terminate the line for any case. */
446 buffer[buflen - 1] = '\0';
448 /* Skip leading blanks. */
452 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
453 /* Parse the line. If it is invalid, loop to
454 get the next line of the file to parse. */
455 !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
458 if (__builtin_expect (parse_res == -1, 0))
459 /* The parser ran out of space. */
462 /* This is a real entry. */
463 if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
465 if (strcmp (result->gr_name, name) == 0)
466 return NSS_STATUS_SUCCESS;
472 if (result->gr_name[0] == '-' && result->gr_name[1] != '\0')
474 if (strcmp (&result->gr_name[1], name) == 0)
475 return NSS_STATUS_NOTFOUND;
481 if (result->gr_name[0] == '+' && result->gr_name[1] != '\0')
483 if (strcmp (name, &result->gr_name[1]) == 0)
485 enum nss_status status;
487 status = getgrnam_plusgroup (name, result, ent,
488 buffer, buflen, errnop);
489 if (status == NSS_STATUS_RETURN)
490 /* We couldn't parse the entry */
497 if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
499 enum nss_status status;
501 status = getgrnam_plusgroup (name, result, ent,
502 buffer, buflen, errnop);
503 if (status == NSS_STATUS_RETURN)
504 /* We couldn't parse the entry */
511 return NSS_STATUS_SUCCESS;
515 _nss_compat_getgrnam_r (const char *name, struct group *grp,
516 char *buffer, size_t buflen, int *errnop)
518 ent_t ent = { TRUE, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
519 enum nss_status result;
521 if (name[0] == '-' || name[0] == '+')
522 return NSS_STATUS_NOTFOUND;
524 __libc_lock_lock (lock);
527 init_nss_interface ();
529 __libc_lock_unlock (lock);
531 result = internal_setgrent (&ent, 0, 0);
533 if (result == NSS_STATUS_SUCCESS)
534 result = internal_getgrnam_r (name, grp, &ent, buffer, buflen, errnop);
536 internal_endgrent (&ent);
541 /* Searches in /etc/group and the NIS/NIS+ map for a special group id */
542 static enum nss_status
543 internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent,
544 char *buffer, size_t buflen, int *errnop)
546 struct parser_data *data = (void *) buffer;
555 /* We need at least 3 characters for one line. */
556 if (__builtin_expect (buflen < 3, 0))
560 return NSS_STATUS_TRYAGAIN;
563 fgetpos (ent->stream, &pos);
564 buffer[buflen - 1] = '\xff';
565 p = fgets_unlocked (buffer, buflen, ent->stream);
566 if (p == NULL && feof_unlocked (ent->stream))
567 return NSS_STATUS_NOTFOUND;
569 if (p == NULL || __builtin_expect (buffer[buflen - 1] != '\xff', 0))
572 fsetpos (ent->stream, &pos);
576 /* Terminate the line for any case. */
577 buffer[buflen - 1] = '\0';
579 /* Skip leading blanks. */
583 while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
584 /* Parse the line. If it is invalid, loop to
585 get the next line of the file to parse. */
586 !(parse_res = _nss_files_parse_grent (p, result, data, buflen,
589 if (__builtin_expect (parse_res == -1, 0))
590 /* The parser ran out of space. */
593 /* This is a real entry. */
594 if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
596 if (result->gr_gid == gid)
597 return NSS_STATUS_SUCCESS;
603 if (result->gr_name[0] == '-' && result->gr_name[1] != '\0')
605 blacklist_store_name (&result->gr_name[1], ent);
610 if (result->gr_name[0] == '+' && result->gr_name[1] != '\0')
612 /* Yes, no +1, see the memcpy call below. */
613 size_t len = strlen (result->gr_name);
615 enum nss_status status;
617 /* Store the group in the blacklist for the "+" at the end of
619 memcpy (buf, &result->gr_name[1], len);
620 status = getgrnam_plusgroup (&result->gr_name[1], result, ent,
621 buffer, buflen, errnop);
622 blacklist_store_name (buf, ent);
623 if (status == NSS_STATUS_SUCCESS && result->gr_gid == gid)
629 if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
632 return NSS_STATUS_UNAVAIL;
634 enum nss_status status = nss_getgrgid_r (gid, result, buffer, buflen,
636 if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
637 return NSS_STATUS_NOTFOUND;
643 return NSS_STATUS_SUCCESS;
647 _nss_compat_getgrgid_r (gid_t gid, struct group *grp,
648 char *buffer, size_t buflen, int *errnop)
650 ent_t ent = { TRUE, NSS_STATUS_SUCCESS, NULL, { NULL, 0, 0 }};
651 enum nss_status result;
653 __libc_lock_lock (lock);
656 init_nss_interface ();
658 __libc_lock_unlock (lock);
660 result = internal_setgrent (&ent, 0, 0);
662 if (result == NSS_STATUS_SUCCESS)
663 result = internal_getgrgid_r (gid, grp, &ent, buffer, buflen, errnop);
665 internal_endgrent (&ent);
671 /* Support routines for remembering -@netgroup and -user entries.
672 The names are stored in a single string with `|' as separator. */
674 blacklist_store_name (const char *name, ent_t *ent)
676 int namelen = strlen (name);
679 /* first call, setup cache */
680 if (ent->blacklist.size == 0)
682 ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
683 ent->blacklist.data = malloc (ent->blacklist.size);
684 if (ent->blacklist.data == NULL)
686 ent->blacklist.data[0] = '|';
687 ent->blacklist.data[1] = '\0';
688 ent->blacklist.current = 1;
692 if (in_blacklist (name, namelen, ent))
693 return; /* no duplicates */
695 if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
697 ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
698 tmp = realloc (ent->blacklist.data, ent->blacklist.size);
701 free (ent->blacklist.data);
702 ent->blacklist.size = 0;
705 ent->blacklist.data = tmp;
709 tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
712 ent->blacklist.current += namelen + 1;
717 /* returns TRUE if ent->blacklist contains name, else FALSE */
719 in_blacklist (const char *name, int namelen, ent_t *ent)
721 char buf[namelen + 3];
724 if (ent->blacklist.data == NULL)
728 cp = stpcpy (&buf[1], name);
731 return strstr (ent->blacklist.data, buf) != NULL;