1 | /* Copyright (C) 1996-2018 Free Software Foundation, Inc. |
2 | This file is part of the GNU C Library. |
3 | |
4 | The GNU C Library is free software; you can redistribute it and/or |
5 | modify it under the terms of the GNU Lesser General Public |
6 | License as published by the Free Software Foundation; either |
7 | version 2.1 of the License, or (at your option) any later version. |
8 | |
9 | The GNU C Library is distributed in the hope that it will be useful, |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
12 | Lesser General Public License for more details. |
13 | |
14 | You should have received a copy of the GNU Lesser General Public |
15 | License along with the GNU C Library; if not, see |
16 | <http://www.gnu.org/licenses/>. */ |
17 | |
18 | #include <assert.h> |
19 | #include <atomic.h> |
20 | #include <libc-lock.h> |
21 | #include <errno.h> |
22 | #include <netdb.h> |
23 | #include <stdbool.h> |
24 | #include <stdlib.h> |
25 | #include <string.h> |
26 | #include "netgroup.h" |
27 | #include "nsswitch.h" |
28 | #include <sysdep.h> |
29 | #include <nscd/nscd_proto.h> |
30 | |
31 | |
32 | /* Protect above variable against multiple uses at the same time. */ |
33 | __libc_lock_define_initialized (static, lock) |
34 | |
35 | /* The whole information for the set/get/endnetgrent functions are |
36 | kept in this structure. */ |
37 | static struct __netgrent dataset; |
38 | |
39 | /* Set up NIP to run through the services. Return nonzero if there are no |
40 | services (left). */ |
41 | static int |
42 | setup (void **fctp, service_user **nipp) |
43 | { |
44 | /* Remember the first service_entry, it's always the same. */ |
45 | static bool startp_initialized; |
46 | static service_user *startp; |
47 | int no_more; |
48 | |
49 | if (!startp_initialized) |
50 | { |
51 | /* Executing this more than once at the same time must yield the |
52 | same result every time. So we need no locking. */ |
53 | no_more = __nss_netgroup_lookup2 (nipp, "setnetgrent" , NULL, fctp); |
54 | startp = no_more ? (service_user *) -1 : *nipp; |
55 | #ifdef PTR_MANGLE |
56 | PTR_MANGLE (startp); |
57 | #endif |
58 | atomic_write_barrier (); |
59 | startp_initialized = true; |
60 | } |
61 | else |
62 | { |
63 | service_user *nip = startp; |
64 | #ifdef PTR_DEMANGLE |
65 | PTR_DEMANGLE (nip); |
66 | #endif |
67 | if (nip == (service_user *) -1) |
68 | /* No services at all. */ |
69 | return 1; |
70 | |
71 | /* Reset to the beginning of the service list. */ |
72 | *nipp = nip; |
73 | /* Look up the first function. */ |
74 | no_more = __nss_lookup (nipp, "setnetgrent" , NULL, fctp); |
75 | } |
76 | return no_more; |
77 | } |
78 | |
79 | /* Free used memory. */ |
80 | static void |
81 | free_memory (struct __netgrent *data) |
82 | { |
83 | while (data->known_groups != NULL) |
84 | { |
85 | struct name_list *tmp = data->known_groups; |
86 | data->known_groups = data->known_groups->next; |
87 | free (tmp); |
88 | } |
89 | |
90 | while (data->needed_groups != NULL) |
91 | { |
92 | struct name_list *tmp = data->needed_groups; |
93 | data->needed_groups = data->needed_groups->next; |
94 | free (tmp); |
95 | } |
96 | } |
97 | |
98 | static void |
99 | endnetgrent_hook (struct __netgrent *datap) |
100 | { |
101 | enum nss_status (*endfct) (struct __netgrent *); |
102 | |
103 | if (datap->nip == NULL || datap->nip == (service_user *) -1l) |
104 | return; |
105 | |
106 | endfct = __nss_lookup_function (datap->nip, "endnetgrent" ); |
107 | if (endfct != NULL) |
108 | (void) (*endfct) (datap); |
109 | datap->nip = NULL; |
110 | } |
111 | |
112 | static int |
113 | __internal_setnetgrent_reuse (const char *group, struct __netgrent *datap, |
114 | int *errnop) |
115 | { |
116 | union |
117 | { |
118 | enum nss_status (*f) (const char *, struct __netgrent *); |
119 | void *ptr; |
120 | } fct; |
121 | enum nss_status status = NSS_STATUS_UNAVAIL; |
122 | struct name_list *new_elem; |
123 | |
124 | /* Free data from previous service. */ |
125 | endnetgrent_hook (datap); |
126 | |
127 | /* Cycle through all the services and run their setnetgrent functions. */ |
128 | int no_more = setup (&fct.ptr, &datap->nip); |
129 | while (! no_more) |
130 | { |
131 | assert (datap->data == NULL); |
132 | |
133 | /* Ignore status, we force check in `__nss_next2'. */ |
134 | status = DL_CALL_FCT (*fct.f, (group, datap)); |
135 | |
136 | service_user *old_nip = datap->nip; |
137 | no_more = __nss_next2 (&datap->nip, "setnetgrent" , NULL, &fct.ptr, |
138 | status, 0); |
139 | |
140 | if (status == NSS_STATUS_SUCCESS && ! no_more) |
141 | { |
142 | enum nss_status (*endfct) (struct __netgrent *); |
143 | |
144 | endfct = __nss_lookup_function (old_nip, "endnetgrent" ); |
145 | if (endfct != NULL) |
146 | (void) DL_CALL_FCT (*endfct, (datap)); |
147 | } |
148 | } |
149 | |
150 | /* Add the current group to the list of known groups. */ |
151 | size_t group_len = strlen (group) + 1; |
152 | new_elem = (struct name_list *) malloc (sizeof (struct name_list) |
153 | + group_len); |
154 | if (new_elem == NULL) |
155 | { |
156 | *errnop = errno; |
157 | status = NSS_STATUS_TRYAGAIN; |
158 | } |
159 | else |
160 | { |
161 | new_elem->next = datap->known_groups; |
162 | memcpy (new_elem->name, group, group_len); |
163 | datap->known_groups = new_elem; |
164 | } |
165 | |
166 | return status == NSS_STATUS_SUCCESS; |
167 | } |
168 | |
169 | int |
170 | __internal_setnetgrent (const char *group, struct __netgrent *datap) |
171 | { |
172 | /* Free list of all netgroup names from last run. */ |
173 | free_memory (datap); |
174 | |
175 | return __internal_setnetgrent_reuse (group, datap, &errno); |
176 | } |
177 | libc_hidden_def (__internal_setnetgrent) |
178 | |
179 | static int |
180 | nscd_setnetgrent (const char *group) |
181 | { |
182 | #ifdef USE_NSCD |
183 | if (__nss_not_use_nscd_netgroup > 0 |
184 | && ++__nss_not_use_nscd_netgroup > NSS_NSCD_RETRY) |
185 | __nss_not_use_nscd_netgroup = 0; |
186 | |
187 | if (!__nss_not_use_nscd_netgroup |
188 | && !__nss_database_custom[NSS_DBSIDX_netgroup]) |
189 | return __nscd_setnetgrent (group, &dataset); |
190 | #endif |
191 | return -1; |
192 | } |
193 | |
194 | int |
195 | setnetgrent (const char *group) |
196 | { |
197 | int result; |
198 | |
199 | __libc_lock_lock (lock); |
200 | |
201 | result = nscd_setnetgrent (group); |
202 | if (result < 0) |
203 | result = __internal_setnetgrent (group, &dataset); |
204 | |
205 | __libc_lock_unlock (lock); |
206 | |
207 | return result; |
208 | } |
209 | |
210 | void |
211 | __internal_endnetgrent (struct __netgrent *datap) |
212 | { |
213 | endnetgrent_hook (datap); |
214 | /* Now free list of all netgroup names from last run. */ |
215 | free_memory (datap); |
216 | } |
217 | libc_hidden_def (__internal_endnetgrent) |
218 | |
219 | |
220 | void |
221 | endnetgrent (void) |
222 | { |
223 | __libc_lock_lock (lock); |
224 | |
225 | __internal_endnetgrent (&dataset); |
226 | |
227 | __libc_lock_unlock (lock); |
228 | } |
229 | |
230 | #ifdef USE_NSCD |
231 | static const char * |
232 | get_nonempty_val (const char *in) |
233 | { |
234 | if (*in == '\0') |
235 | return NULL; |
236 | return in; |
237 | } |
238 | |
239 | static enum nss_status |
240 | nscd_getnetgrent (struct __netgrent *datap, char *buffer, size_t buflen, |
241 | int *errnop) |
242 | { |
243 | if (datap->cursor >= datap->data + datap->data_size) |
244 | return NSS_STATUS_UNAVAIL; |
245 | |
246 | datap->type = triple_val; |
247 | datap->val.triple.host = get_nonempty_val (datap->cursor); |
248 | datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1; |
249 | datap->val.triple.user = get_nonempty_val (datap->cursor); |
250 | datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1; |
251 | datap->val.triple.domain = get_nonempty_val (datap->cursor); |
252 | datap->cursor = (char *) __rawmemchr (datap->cursor, '\0') + 1; |
253 | |
254 | return NSS_STATUS_SUCCESS; |
255 | } |
256 | #endif |
257 | |
258 | int |
259 | __internal_getnetgrent_r (char **hostp, char **userp, char **domainp, |
260 | struct __netgrent *datap, |
261 | char *buffer, size_t buflen, int *errnop) |
262 | { |
263 | enum nss_status (*fct) (struct __netgrent *, char *, size_t, int *); |
264 | |
265 | /* Initialize status to return if no more functions are found. */ |
266 | enum nss_status status = NSS_STATUS_NOTFOUND; |
267 | |
268 | /* Run through available functions, starting with the same function last |
269 | run. We will repeat each function as long as it succeeds, and then go |
270 | on to the next service action. */ |
271 | int no_more = datap->nip == NULL; |
272 | if (! no_more) |
273 | { |
274 | #ifdef USE_NSCD |
275 | /* This bogus function pointer is a special marker left by |
276 | __nscd_setnetgrent to tell us to use the data it left |
277 | before considering any modules. */ |
278 | if (datap->nip == (service_user *) -1l) |
279 | fct = nscd_getnetgrent; |
280 | else |
281 | #endif |
282 | { |
283 | fct = __nss_lookup_function (datap->nip, "getnetgrent_r" ); |
284 | no_more = fct == NULL; |
285 | } |
286 | |
287 | while (! no_more) |
288 | { |
289 | status = DL_CALL_FCT (*fct, (datap, buffer, buflen, &errno)); |
290 | |
291 | if (status == NSS_STATUS_RETURN |
292 | /* The service returned a NOTFOUND, but there are more groups that |
293 | we need to resolve before we give up. */ |
294 | || (status == NSS_STATUS_NOTFOUND && datap->needed_groups != NULL)) |
295 | { |
296 | /* This was the last one for this group. Look at next group |
297 | if available. */ |
298 | int found = 0; |
299 | while (datap->needed_groups != NULL && ! found) |
300 | { |
301 | struct name_list *tmp = datap->needed_groups; |
302 | datap->needed_groups = datap->needed_groups->next; |
303 | tmp->next = datap->known_groups; |
304 | datap->known_groups = tmp; |
305 | |
306 | found = __internal_setnetgrent_reuse (datap->known_groups->name, |
307 | datap, errnop); |
308 | } |
309 | |
310 | if (found && datap->nip != NULL) |
311 | { |
312 | fct = __nss_lookup_function (datap->nip, "getnetgrent_r" ); |
313 | if (fct != NULL) |
314 | continue; |
315 | } |
316 | } |
317 | else if (status == NSS_STATUS_SUCCESS && datap->type == group_val) |
318 | { |
319 | /* The last entry was a name of another netgroup. */ |
320 | struct name_list *namep; |
321 | |
322 | /* Ignore if we've seen the name before. */ |
323 | for (namep = datap->known_groups; namep != NULL; |
324 | namep = namep->next) |
325 | if (strcmp (datap->val.group, namep->name) == 0) |
326 | break; |
327 | if (namep == NULL) |
328 | for (namep = datap->needed_groups; namep != NULL; |
329 | namep = namep->next) |
330 | if (strcmp (datap->val.group, namep->name) == 0) |
331 | break; |
332 | if (namep != NULL) |
333 | /* Really ignore. */ |
334 | continue; |
335 | |
336 | size_t group_len = strlen (datap->val.group) + 1; |
337 | namep = (struct name_list *) malloc (sizeof (struct name_list) |
338 | + group_len); |
339 | if (namep == NULL) |
340 | /* We are out of memory. */ |
341 | status = NSS_STATUS_RETURN; |
342 | else |
343 | { |
344 | namep->next = datap->needed_groups; |
345 | memcpy (namep->name, datap->val.group, group_len); |
346 | datap->needed_groups = namep; |
347 | /* And get the next entry. */ |
348 | continue; |
349 | } |
350 | } |
351 | break; |
352 | } |
353 | } |
354 | |
355 | if (status == NSS_STATUS_SUCCESS) |
356 | { |
357 | *hostp = (char *) datap->val.triple.host; |
358 | *userp = (char *) datap->val.triple.user; |
359 | *domainp = (char *) datap->val.triple.domain; |
360 | } |
361 | |
362 | return status == NSS_STATUS_SUCCESS ? 1 : 0; |
363 | } |
364 | libc_hidden_def (__internal_getnetgrent_r) |
365 | |
366 | /* The real entry point. */ |
367 | int |
368 | __getnetgrent_r (char **hostp, char **userp, char **domainp, |
369 | char *buffer, size_t buflen) |
370 | { |
371 | enum nss_status status; |
372 | |
373 | __libc_lock_lock (lock); |
374 | |
375 | status = __internal_getnetgrent_r (hostp, userp, domainp, &dataset, |
376 | buffer, buflen, &errno); |
377 | |
378 | __libc_lock_unlock (lock); |
379 | |
380 | return status; |
381 | } |
382 | weak_alias (__getnetgrent_r, getnetgrent_r) |
383 | |
384 | /* Test whether given (host,user,domain) triple is in NETGROUP. */ |
385 | int |
386 | innetgr (const char *netgroup, const char *host, const char *user, |
387 | const char *domain) |
388 | { |
389 | #ifdef USE_NSCD |
390 | if (__nss_not_use_nscd_netgroup > 0 |
391 | && ++__nss_not_use_nscd_netgroup > NSS_NSCD_RETRY) |
392 | __nss_not_use_nscd_netgroup = 0; |
393 | |
394 | if (!__nss_not_use_nscd_netgroup |
395 | && !__nss_database_custom[NSS_DBSIDX_netgroup]) |
396 | { |
397 | int result = __nscd_innetgr (netgroup, host, user, domain); |
398 | if (result >= 0) |
399 | return result; |
400 | } |
401 | #endif |
402 | |
403 | union |
404 | { |
405 | enum nss_status (*f) (const char *, struct __netgrent *); |
406 | void *ptr; |
407 | } setfct; |
408 | void (*endfct) (struct __netgrent *); |
409 | int (*getfct) (struct __netgrent *, char *, size_t, int *); |
410 | struct __netgrent entry; |
411 | int result = 0; |
412 | const char *current_group = netgroup; |
413 | |
414 | memset (&entry, '\0', sizeof (entry)); |
415 | |
416 | /* Walk through the services until we found an answer or we shall |
417 | not work further. We can do some optimization here. Since all |
418 | services must provide the `setnetgrent' function we can do all |
419 | the work during one walk through the service list. */ |
420 | while (1) |
421 | { |
422 | int no_more = setup (&setfct.ptr, &entry.nip); |
423 | while (! no_more) |
424 | { |
425 | assert (entry.data == NULL); |
426 | |
427 | /* Open netgroup. */ |
428 | enum nss_status status = DL_CALL_FCT (*setfct.f, |
429 | (current_group, &entry)); |
430 | |
431 | if (status == NSS_STATUS_SUCCESS |
432 | && (getfct = __nss_lookup_function (entry.nip, "getnetgrent_r" )) |
433 | != NULL) |
434 | { |
435 | char buffer[1024]; |
436 | |
437 | while (DL_CALL_FCT (*getfct, |
438 | (&entry, buffer, sizeof buffer, &errno)) |
439 | == NSS_STATUS_SUCCESS) |
440 | { |
441 | if (entry.type == group_val) |
442 | { |
443 | /* Make sure we haven't seen the name before. */ |
444 | struct name_list *namep; |
445 | |
446 | for (namep = entry.known_groups; namep != NULL; |
447 | namep = namep->next) |
448 | if (strcmp (entry.val.group, namep->name) == 0) |
449 | break; |
450 | if (namep == NULL) |
451 | for (namep = entry.needed_groups; namep != NULL; |
452 | namep = namep->next) |
453 | if (strcmp (entry.val.group, namep->name) == 0) |
454 | break; |
455 | if (namep == NULL |
456 | && strcmp (netgroup, entry.val.group) != 0) |
457 | { |
458 | size_t group_len = strlen (entry.val.group) + 1; |
459 | namep = |
460 | (struct name_list *) malloc (sizeof (*namep) |
461 | + group_len); |
462 | if (namep == NULL) |
463 | { |
464 | /* Out of memory, simply return. */ |
465 | result = -1; |
466 | break; |
467 | } |
468 | |
469 | namep->next = entry.needed_groups; |
470 | memcpy (namep->name, entry.val.group, group_len); |
471 | entry.needed_groups = namep; |
472 | } |
473 | } |
474 | else |
475 | { |
476 | if ((entry.val.triple.host == NULL || host == NULL |
477 | || __strcasecmp (entry.val.triple.host, host) == 0) |
478 | && (entry.val.triple.user == NULL || user == NULL |
479 | || strcmp (entry.val.triple.user, user) == 0) |
480 | && (entry.val.triple.domain == NULL || domain == NULL |
481 | || __strcasecmp (entry.val.triple.domain, |
482 | domain) == 0)) |
483 | { |
484 | result = 1; |
485 | break; |
486 | } |
487 | } |
488 | } |
489 | |
490 | /* If we found one service which does know the given |
491 | netgroup we don't try further. */ |
492 | status = NSS_STATUS_RETURN; |
493 | } |
494 | |
495 | /* Free all resources of the service. */ |
496 | endfct = __nss_lookup_function (entry.nip, "endnetgrent" ); |
497 | if (endfct != NULL) |
498 | DL_CALL_FCT (*endfct, (&entry)); |
499 | |
500 | if (result != 0) |
501 | break; |
502 | |
503 | /* Look for the next service. */ |
504 | no_more = __nss_next2 (&entry.nip, "setnetgrent" , NULL, |
505 | &setfct.ptr, status, 0); |
506 | } |
507 | |
508 | if (result == 0 && entry.needed_groups != NULL) |
509 | { |
510 | struct name_list *tmp = entry.needed_groups; |
511 | entry.needed_groups = tmp->next; |
512 | tmp->next = entry.known_groups; |
513 | entry.known_groups = tmp; |
514 | current_group = tmp->name; |
515 | continue; |
516 | } |
517 | |
518 | /* No way out. */ |
519 | break; |
520 | } |
521 | |
522 | /* Free the memory. */ |
523 | free_memory (&entry); |
524 | |
525 | return result == 1; |
526 | } |
527 | libc_hidden_def (innetgr) |
528 | |