From 34b423d2077a4c799d2089068d3bec91fb800256 Mon Sep 17 00:00:00 2001 From: Josiah Worcester Date: Sun, 22 Feb 2015 20:58:10 -0600 Subject: support alternate backends for the passwd and group dbs when we fail to find the entry in the commonly accepted files, we query a server over a Unix domain socket on /var/run/nscd/socket. the protocol used here is compatible with glibc's nscd protocol on most systems (all that use 32-bit numbers for all the protocol fields, which appears to be everything but Alpha). --- src/passwd/getpw_a.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 113 insertions(+), 1 deletion(-) (limited to 'src/passwd/getpw_a.c') diff --git a/src/passwd/getpw_a.c b/src/passwd/getpw_a.c index 21efc5ca..b04663dd 100644 --- a/src/passwd/getpw_a.c +++ b/src/passwd/getpw_a.c @@ -1,5 +1,21 @@ -#include "pwf.h" #include +#include +#include +#include +#include "pwf.h" +#include "nscd.h" + +static char *itoa(char *p, uint32_t x) +{ + // number of digits in a uint32_t + NUL + p += 11; + *--p = 0; + do { + *--p = '0' + x % 10; + x /= 10; + } while (x); + return p; +} int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t *size, struct passwd **res) { @@ -24,6 +40,102 @@ int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t } fclose(f); + if (!*res && (rv == 0 || rv == ENOENT || rv == ENOTDIR)) { + int32_t req = name ? GETPWBYNAME : GETPWBYUID; + const char *key; + int32_t passwdbuf[PW_LEN] = {0}; + size_t len = 0; + char uidbuf[11] = {0}; + + if (name) { + key = name; + } else { + /* uid outside of this range can't be queried with the + * nscd interface, but might happen if uid_t ever + * happens to be a larger type (this is not true as of + * now) + */ + if(uid < 0 || uid > UINT32_MAX) { + rv = 0; + goto done; + } + key = itoa(uidbuf, uid); + } + + f = __nscd_query(req, key, passwdbuf, sizeof passwdbuf, (int[]){0}); + if (!f) { rv = errno; goto done; } + if (f == (FILE*)-1) { rv = 0; goto done; } + + if(!passwdbuf[PWFOUND]) { rv = 0; goto cleanup_f; } + + /* A zero length response from nscd is invalid. We ignore + * invalid responses and just report an error, rather than + * trying to do something with them. + */ + if (!passwdbuf[PWNAMELEN] || !passwdbuf[PWPASSWDLEN] + || !passwdbuf[PWGECOSLEN] || !passwdbuf[PWDIRLEN] + || !passwdbuf[PWSHELLLEN]) { + rv = EIO; + goto cleanup_f; + } + + if ((passwdbuf[PWNAMELEN]|passwdbuf[PWPASSWDLEN] + |passwdbuf[PWGECOSLEN]|passwdbuf[PWDIRLEN] + |passwdbuf[PWSHELLLEN]) >= SIZE_MAX/8) { + rv = ENOMEM; + goto cleanup_f; + } + + len = passwdbuf[PWNAMELEN] + passwdbuf[PWPASSWDLEN] + + passwdbuf[PWGECOSLEN] + passwdbuf[PWDIRLEN] + + passwdbuf[PWSHELLLEN]; + + if (len > *size || !*buf) { + char *tmp = realloc(*buf, len); + if (!tmp) { + rv = errno; + goto cleanup_f; + } + *buf = tmp; + *size = len; + } + + if (!fread(*buf, len, 1, f)) { + rv = ferror(f) ? errno : EIO; + goto cleanup_f; + } + + pw->pw_name = *buf; + pw->pw_passwd = pw->pw_name + passwdbuf[PWNAMELEN]; + pw->pw_gecos = pw->pw_passwd + passwdbuf[PWPASSWDLEN]; + pw->pw_dir = pw->pw_gecos + passwdbuf[PWGECOSLEN]; + pw->pw_shell = pw->pw_dir + passwdbuf[PWDIRLEN]; + pw->pw_uid = passwdbuf[PWUID]; + pw->pw_gid = passwdbuf[PWGID]; + + /* Don't assume that nscd made sure to null terminate strings. + * It's supposed to, but malicious nscd should be ignored + * rather than causing a crash. + */ + if (pw->pw_passwd[-1] || pw->pw_gecos[-1] || pw->pw_dir[-1] + || pw->pw_shell[passwdbuf[PWSHELLLEN]-1]) { + rv = EIO; + goto cleanup_f; + } + + if (name && strcmp(name, pw->pw_name) + || !name && uid != pw->pw_uid) { + rv = EIO; + goto cleanup_f; + } + + + *res = pw; +cleanup_f: + fclose(f); + goto done; + } + done: pthread_setcancelstate(cs, 0); if (rv) errno = rv; -- cgit v1.2.1