1/* Copyright (C) 1998-2017 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
18
19#include <alloca.h>
20#include <ctype.h>
21#include <errno.h>
22#include <grp.h>
23#include <nss.h>
24#include <pwd.h>
25#include <string.h>
26#include <unistd.h>
27#include <rpcsvc/yp.h>
28#include <rpcsvc/ypclnt.h>
29#include <sys/param.h>
30
31#include "nss-nis.h"
32#include <libnsl.h>
33
34/* Get the declaration of the parser function. */
35#define ENTNAME grent
36#define STRUCTURE group
37#define EXTERN_PARSER
38#include <nss/nss_files/files-parse.c>
39
40
41static enum nss_status
42internal_setgrent (char *domainname, intern_t *intern)
43{
44 struct ypall_callback ypcb;
45 enum nss_status status;
46
47 ypcb.foreach = _nis_saveit;
48 ypcb.data = (char *) intern;
49 status = yperr2nss (yp_all (domainname, "group.byname", &ypcb));
50
51 /* Mark the last buffer as full. */
52 if (intern->next != NULL)
53 intern->next->size = intern->offset;
54
55 intern->next = intern->start;
56 intern->offset = 0;
57
58 return status;
59}
60
61
62static enum nss_status
63internal_getgrent_r (struct group *grp, char *buffer, size_t buflen,
64 int *errnop, intern_t *intern)
65{
66 if (intern->start == NULL)
67 return NSS_STATUS_NOTFOUND;
68
69 /* Get the next entry until we found a correct one. */
70 int parse_res;
71 do
72 {
73 struct response_t *bucket = intern->next;
74
75 if (__glibc_unlikely (intern->offset >= bucket->size))
76 {
77 if (bucket->next == NULL)
78 return NSS_STATUS_NOTFOUND;
79
80 /* We look at all the content in the current bucket. Go on
81 to the next. */
82 bucket = intern->next = bucket->next;
83 intern->offset = 0;
84 }
85
86 char *p;
87 for (p = &bucket->mem[intern->offset]; isspace (*p); ++p)
88 ++intern->offset;
89
90 size_t len = strlen (p) + 1;
91 if (__glibc_unlikely (len > buflen))
92 {
93 *errnop = ERANGE;
94 return NSS_STATUS_TRYAGAIN;
95 }
96
97 /* We unfortunately have to copy the data in the user-provided
98 buffer because that buffer might be around for a very long
99 time and the servent structure must remain valid. If we would
100 rely on the BUCKET memory the next 'setservent' or 'endservent'
101 call would destroy it.
102
103 The important thing is that it is a single NUL-terminated
104 string. This is what the parsing routine expects. */
105 p = memcpy (buffer, &bucket->mem[intern->offset], len);
106
107 parse_res = _nss_files_parse_grent (p, grp, (void *) buffer, buflen,
108 errnop);
109 if (__glibc_unlikely (parse_res == -1))
110 return NSS_STATUS_TRYAGAIN;
111
112 intern->offset += len;
113 }
114 while (!parse_res);
115
116 return NSS_STATUS_SUCCESS;
117}
118
119
120static int
121get_uid (const char *user, uid_t *uidp)
122{
123 size_t buflen = sysconf (_SC_GETPW_R_SIZE_MAX);
124 char *buf = (char *) alloca (buflen);
125
126 while (1)
127 {
128 struct passwd result;
129 struct passwd *resp;
130
131 int r = getpwnam_r (user, &result, buf, buflen, &resp);
132 if (r == 0 && resp != NULL)
133 {
134 *uidp = resp->pw_uid;
135 return 0;
136 }
137
138 if (r != ERANGE)
139 break;
140
141 buf = extend_alloca (buf, buflen, 2 * buflen);
142 }
143
144 return 1;
145}
146
147
148static enum nss_status
149initgroups_netid (uid_t uid, gid_t group, long int *start, long int *size,
150 gid_t **groupsp, long int limit, int *errnop,
151 const char *domainname)
152{
153 /* Limit domainname length to the maximum size of an RPC packet. */
154 if (strlen (domainname) > UDPMSGSIZE)
155 {
156 *errnop = ERANGE;
157 return NSS_STATUS_UNAVAIL;
158 }
159
160 /* Prepare the key. The form is "unix.UID@DOMAIN" with the UID and
161 DOMAIN field filled in appropriately. */
162 char key[sizeof ("unix.@") + sizeof (uid_t) * 3 + strlen (domainname)];
163 ssize_t keylen = snprintf (key, sizeof (key), "unix.%lu@%s",
164 (unsigned long int) uid, domainname);
165
166 char *result;
167 int reslen;
168 int yperr = yp_match (domainname, "netid.byname", key, keylen, &result,
169 &reslen);
170 if (__glibc_unlikely (yperr != YPERR_SUCCESS))
171 return yperr2nss (yperr);
172
173 /* Parse the result: following the colon is a comma separated list of
174 group IDs. */
175 char *cp = strchr (result, ':');
176 if (cp == NULL)
177 {
178 errout:
179 free (result);
180 return NSS_STATUS_NOTFOUND;
181 }
182 /* Skip the colon. */
183 ++cp;
184
185 gid_t *groups = *groupsp;
186 while (*cp != '\0')
187 {
188 char *endp;
189 unsigned long int gid = strtoul (cp, &endp, 0);
190 if (cp == endp)
191 goto errout;
192 if (*endp == ',')
193 ++endp;
194 else if (*endp != '\0')
195 goto errout;
196 cp = endp;
197
198 if (gid == group)
199 /* We do not need this group again. */
200 continue;
201
202 /* Insert this group. */
203 if (*start == *size)
204 {
205 /* Need a bigger buffer. */
206 long int newsize;
207
208 if (limit > 0 && *size == limit)
209 /* We reached the maximum. */
210 break;
211
212 if (limit <= 0)
213 newsize = 2 * *size;
214 else
215 newsize = MIN (limit, 2 * *size);
216
217 gid_t *newgroups = realloc (groups, newsize * sizeof (*groups));
218 if (newgroups == NULL)
219 goto errout;
220 *groupsp = groups = newgroups;
221 *size = newsize;
222 }
223
224 groups[*start] = gid;
225 *start += 1;
226 }
227
228 free (result);
229
230 return NSS_STATUS_SUCCESS;
231}
232
233
234enum nss_status
235_nss_nis_initgroups_dyn (const char *user, gid_t group, long int *start,
236 long int *size, gid_t **groupsp, long int limit,
237 int *errnop)
238{
239 /* We always need the domain name. */
240 char *domainname;
241 if (yp_get_default_domain (&domainname))
242 return NSS_STATUS_UNAVAIL;
243
244 /* Check whether we are supposed to use the netid.byname map. */
245 if (_nsl_default_nss () & NSS_FLAG_NETID_AUTHORITATIVE)
246 {
247 /* We need the user ID. */
248 uid_t uid;
249
250 if (get_uid (user, &uid) == 0
251 && initgroups_netid (uid, group, start, size, groupsp, limit,
252 errnop, domainname) == NSS_STATUS_SUCCESS)
253 return NSS_STATUS_SUCCESS;
254 }
255
256 struct group grpbuf, *g;
257 size_t buflen = sysconf (_SC_GETPW_R_SIZE_MAX);
258 char *tmpbuf;
259 enum nss_status status;
260 intern_t intern = { NULL, NULL, 0 };
261 gid_t *groups = *groupsp;
262
263 status = internal_setgrent (domainname, &intern);
264 if (status != NSS_STATUS_SUCCESS)
265 return status;
266
267 tmpbuf = __alloca (buflen);
268
269 while (1)
270 {
271 while ((status =
272 internal_getgrent_r (&grpbuf, tmpbuf, buflen, errnop,
273 &intern)) == NSS_STATUS_TRYAGAIN
274 && *errnop == ERANGE)
275 tmpbuf = extend_alloca (tmpbuf, buflen, 2 * buflen);
276
277 if (status != NSS_STATUS_SUCCESS)
278 {
279 if (status == NSS_STATUS_NOTFOUND)
280 status = NSS_STATUS_SUCCESS;
281 goto done;
282 }
283
284 g = &grpbuf;
285 if (g->gr_gid != group)
286 {
287 char **m;
288
289 for (m = g->gr_mem; *m != NULL; ++m)
290 if (strcmp (*m, user) == 0)
291 {
292 /* Matches user. Insert this group. */
293 if (*start == *size)
294 {
295 /* Need a bigger buffer. */
296 gid_t *newgroups;
297 long int newsize;
298
299 if (limit > 0 && *size == limit)
300 /* We reached the maximum. */
301 goto done;
302
303 if (limit <= 0)
304 newsize = 2 * *size;
305 else
306 newsize = MIN (limit, 2 * *size);
307
308 newgroups = realloc (groups, newsize * sizeof (*groups));
309 if (newgroups == NULL)
310 {
311 status = NSS_STATUS_TRYAGAIN;
312 *errnop = errno;
313 goto done;
314 }
315 *groupsp = groups = newgroups;
316 *size = newsize;
317 }
318
319 groups[*start] = g->gr_gid;
320 *start += 1;
321
322 break;
323 }
324 }
325 }
326
327done:
328 while (intern.start != NULL)
329 {
330 intern.next = intern.start;
331 intern.start = intern.start->next;
332 free (intern.next);
333 }
334
335 return status;
336}
337