1/* Copyright (C) 1989, 1991-2020 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <https://www.gnu.org/licenses/>. */
17
18#include <assert.h>
19#include <errno.h>
20#include <grp.h>
21#include <limits.h>
22#include <stdlib.h>
23#include <string.h>
24#include <unistd.h>
25#include <sys/param.h>
26#include <sys/types.h>
27#include <nsswitch.h>
28#include <scratch_buffer.h>
29#include <config.h>
30
31#include "../nscd/nscd-client.h"
32#include "../nscd/nscd_proto.h"
33
34/* Type of the lookup function. */
35typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t,
36 long int *, long int *,
37 gid_t **, long int, int *);
38
39static bool use_initgroups_entry;
40
41
42#include "compat-initgroups.c"
43
44
45static int
46internal_getgrouplist (const char *user, gid_t group, long int *size,
47 gid_t **groupsp, long int limit)
48{
49#ifdef USE_NSCD
50 if (__nss_not_use_nscd_group > 0
51 && ++__nss_not_use_nscd_group > NSS_NSCD_RETRY)
52 __nss_not_use_nscd_group = 0;
53 if (!__nss_not_use_nscd_group
54 && !__nss_database_custom[NSS_DBSIDX_group])
55 {
56 int n = __nscd_getgrouplist (user, group, size, groupsp, limit);
57 if (n >= 0)
58 return n;
59
60 /* nscd is not usable. */
61 __nss_not_use_nscd_group = 1;
62 }
63#endif
64
65 enum nss_status status = NSS_STATUS_UNAVAIL;
66 int no_more = 0;
67
68 /* Never store more than the starting *SIZE number of elements. */
69 assert (*size > 0);
70 (*groupsp)[0] = group;
71 /* Start is one, because we have the first group as parameter. */
72 long int start = 1;
73
74 if (__nss_initgroups_database == NULL)
75 {
76 if (__nss_database_lookup2 ("initgroups", NULL, "",
77 &__nss_initgroups_database) < 0)
78 {
79 if (__nss_group_database == NULL)
80 no_more = __nss_database_lookup2 ("group", NULL, "files",
81 &__nss_group_database);
82
83 __nss_initgroups_database = __nss_group_database;
84 }
85 else
86 use_initgroups_entry = true;
87 }
88 else
89 /* __nss_initgroups_database might have been set through
90 __nss_configure_lookup in which case use_initgroups_entry was
91 not set here. */
92 use_initgroups_entry = __nss_initgroups_database != __nss_group_database;
93
94 service_user *nip = __nss_initgroups_database;
95 while (! no_more)
96 {
97 long int prev_start = start;
98
99 initgroups_dyn_function fct = __nss_lookup_function (nip,
100 "initgroups_dyn");
101 if (fct == NULL)
102 status = compat_call (nip, user, group, &start, size, groupsp,
103 limit, &errno);
104 else
105 status = DL_CALL_FCT (fct, (user, group, &start, size, groupsp,
106 limit, &errno));
107
108 /* Remove duplicates. */
109 long int cnt = prev_start;
110 while (cnt < start)
111 {
112 long int inner;
113 for (inner = 0; inner < prev_start; ++inner)
114 if ((*groupsp)[inner] == (*groupsp)[cnt])
115 break;
116
117 if (inner < prev_start)
118 (*groupsp)[cnt] = (*groupsp)[--start];
119 else
120 ++cnt;
121 }
122
123 /* This is really only for debugging. */
124 if (NSS_STATUS_TRYAGAIN > status || status > NSS_STATUS_RETURN)
125 __libc_fatal ("Illegal status in internal_getgrouplist.\n");
126
127 /* For compatibility reason we will continue to look for more
128 entries using the next service even though data has already
129 been found if the nsswitch.conf file contained only a 'groups'
130 line and no 'initgroups' line. If the latter is available
131 we always respect the status. This means that the default
132 for successful lookups is to return. */
133 if ((use_initgroups_entry || status != NSS_STATUS_SUCCESS)
134 && nss_next_action (nip, status) == NSS_ACTION_RETURN)
135 break;
136
137 if (nip->next == NULL)
138 no_more = -1;
139 else
140 nip = nip->next;
141 }
142
143 return start;
144}
145
146/* Store at most *NGROUPS members of the group set for USER into
147 *GROUPS. Also include GROUP. The actual number of groups found is
148 returned in *NGROUPS. Return -1 if the if *NGROUPS is too small. */
149int
150getgrouplist (const char *user, gid_t group, gid_t *groups, int *ngroups)
151{
152 long int size = MAX (1, *ngroups);
153
154 gid_t *newgroups = (gid_t *) malloc (size * sizeof (gid_t));
155 if (__glibc_unlikely (newgroups == NULL))
156 /* No more memory. */
157 // XXX This is wrong. The user provided memory, we have to use
158 // XXX it. The internal functions must be called with the user
159 // XXX provided buffer and not try to increase the size if it is
160 // XXX too small. For initgroups a flag could say: increase size.
161 return -1;
162
163 int total = internal_getgrouplist (user, group, &size, &newgroups, -1);
164
165 memcpy (groups, newgroups, MIN (*ngroups, total) * sizeof (gid_t));
166
167 free (newgroups);
168
169 int retval = total > *ngroups ? -1 : total;
170 *ngroups = total;
171
172 return retval;
173}
174
175nss_interface_function (getgrouplist)
176
177/* Initialize the group set for the current user
178 by reading the group database and using all groups
179 of which USER is a member. Also include GROUP. */
180int
181initgroups (const char *user, gid_t group)
182{
183#if defined NGROUPS_MAX && NGROUPS_MAX == 0
184
185 /* No extra groups allowed. */
186 return 0;
187
188#else
189
190 long int size;
191 gid_t *groups;
192 int ngroups;
193 int result;
194
195 /* We always use sysconf even if NGROUPS_MAX is defined. That way, the
196 limit can be raised in the kernel configuration without having to
197 recompile libc. */
198 long int limit = __sysconf (_SC_NGROUPS_MAX);
199
200 if (limit > 0)
201 /* We limit the size of the intially allocated array. */
202 size = MIN (limit, 64);
203 else
204 /* No fixed limit on groups. Pick a starting buffer size. */
205 size = 16;
206
207 groups = (gid_t *) malloc (size * sizeof (gid_t));
208 if (__glibc_unlikely (groups == NULL))
209 /* No more memory. */
210 return -1;
211
212 ngroups = internal_getgrouplist (user, group, &size, &groups, limit);
213
214 /* Try to set the maximum number of groups the kernel can handle. */
215 do
216 result = setgroups (ngroups, groups);
217 while (result == -1 && errno == EINVAL && --ngroups > 0);
218
219 free (groups);
220
221 return result;
222#endif
223}
224
225nss_interface_function (initgroups)
226