From 2894a44b40e460fc4112988407818439f2e9672d Mon Sep 17 00:00:00 2001 From: Josiah Worcester Date: Sun, 15 Mar 2015 19:20:53 -0500 Subject: add alternate backend support for getgrouplist This completes the alternate backend support that was previously added to the getpw* and getgr* functions. Unlike those, though, it unconditionally queries nscd. Any groups from nscd that aren't in the /etc/groups file are added to the returned list, and any that are present in the file are ignored. The purpose of this behavior is to provide a view of the group database consistent with what is observed by the getgr* functions. If group memberships reported by nscd were honored when the corresponding group already has a definition in the /etc/groups file, the user's getgrouplist-based membership in the group would conflict with their non-membership in the reported gr_mem[] for the group. The changes made also make getgrouplist thread-safe and eliminate its clobbering of the global getgrent state. --- src/passwd/getgrouplist.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++ src/passwd/nscd.h | 6 ++++ 2 files changed, 86 insertions(+) create mode 100644 src/passwd/getgrouplist.c (limited to 'src/passwd') diff --git a/src/passwd/getgrouplist.c b/src/passwd/getgrouplist.c new file mode 100644 index 00000000..0fddc9a1 --- /dev/null +++ b/src/passwd/getgrouplist.c @@ -0,0 +1,80 @@ +#define _GNU_SOURCE +#include "pwf.h" +#include +#include +#include +#include +#include +#include +#include +#include "nscd.h" + +int getgrouplist(const char *user, gid_t gid, gid_t *groups, int *ngroups) +{ + int rv, nlim, ret = -1; + ssize_t i, n = 1; + struct group gr; + struct group *res; + FILE *f; + int swap = 0; + int32_t resp[INITGR_LEN]; + uint32_t *nscdbuf = 0; + char *buf = 0; + char **mem = 0; + size_t nmem = 0; + size_t size; + nlim = *ngroups; + if (nlim >= 1) *groups++ = gid; + + f = __nscd_query(GETINITGR, user, resp, sizeof resp, &swap); + if (!f) goto cleanup; + if (f != (FILE*)-1 && resp[INITGRFOUND]) { + nscdbuf = calloc(resp[INITGRNGRPS], sizeof(uint32_t)); + if (!nscdbuf) goto cleanup; + if (!fread(nscdbuf, sizeof(*nscdbuf)*resp[INITGRNGRPS], 1, f)) { + if (!ferror(f)) errno = EIO; + goto cleanup; + } + if (swap) { + for (i = 0; i < resp[INITGRNGRPS]; i++) + nscdbuf[i] = bswap_32(nscdbuf[i]); + } + } + if (f != (FILE*)-1) fclose(f); + + f = fopen("/etc/group", "rbe"); + if (!f && errno != ENOENT && errno != ENOTDIR) + goto cleanup; + + if (f) { + while (!(rv = __getgrent_a(f, &gr, &buf, &size, &mem, &nmem, &res)) && res) { + if (nscdbuf) + for (i=0; i < resp[INITGRNGRPS]; i++) { + if (nscdbuf[i] == gr.gr_gid) nscdbuf[i] = gid; + } + for (i=0; gr.gr_mem[i] && strcmp(user, gr.gr_mem[i]); i++); + if (!gr.gr_mem[i]) continue; + if (++n <= nlim) *groups++ = gr.gr_gid; + } + if (rv) { + errno = rv; + goto cleanup; + } + } + if (nscdbuf) { + for(i=0; i < resp[INITGRNGRPS]; i++) { + if (nscdbuf[i] != gid) + if(++n <= nlim) *groups++ = nscdbuf[i]; + } + } + + ret = n > nlim ? -1 : n; + *ngroups = n; + +cleanup: + if (f) fclose(f); + free(nscdbuf); + free(buf); + free(mem); + return ret; +} diff --git a/src/passwd/nscd.h b/src/passwd/nscd.h index 102f0b4b..9a53c328 100644 --- a/src/passwd/nscd.h +++ b/src/passwd/nscd.h @@ -8,6 +8,7 @@ #define GETPWBYUID 1 #define GETGRBYNAME 2 #define GETGRBYGID 3 +#define GETINITGR 15 #define REQVERSION 0 #define REQTYPE 1 @@ -33,6 +34,11 @@ #define GRMEMCNT 5 #define GR_LEN 6 +#define INITGRVERSION 0 +#define INITGRFOUND 1 +#define INITGRNGRPS 2 +#define INITGR_LEN 3 + FILE *__nscd_query(int32_t req, const char *key, int32_t *buf, size_t len, int *swap); #endif -- cgit v1.2.1