File: group.c

package info (click to toggle)
nss-pam-ldapd 0.9.10-2
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 4,768 kB
  • sloc: ansic: 16,287; sh: 6,589; python: 3,368; xml: 1,925; makefile: 294; exp: 146
file content (277 lines) | stat: -rw-r--r-- 8,885 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
/*
   group.c - NSS lookup functions for group database

   Copyright (C) 2006 West Consulting
   Copyright (C) 2006-2015 Arthur de Jong
   Copyright (C) 2010 Symas Corporation

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with this library; if not, write to the Free Software
   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
   02110-1301 USA
*/

#include "config.h"

#include <string.h>
#include <errno.h>
#include <stdlib.h>

#include "prototypes.h"
#include "common.h"
#include "compat/attrs.h"

/* read a single group entry from the stream */
static nss_status_t read_group(TFILE *fp, struct group *result,
                               char *buffer, size_t buflen, int *errnop)
{
  int32_t tmpint32, tmp2int32, tmp3int32;
  size_t bufptr = 0;
  memset(result, 0, sizeof(struct group));
  READ_BUF_STRING(fp, result->gr_name);
  READ_BUF_STRING(fp, result->gr_passwd);
  READ_INT32(fp, result->gr_gid);
  READ_BUF_STRINGLIST(fp, result->gr_mem);
  return NSS_STATUS_SUCCESS;
}

/* read all group entries from the stream and add
   gids of these groups to the list */
static nss_status_t read_gids(TFILE *fp, gid_t skipgroup, long int *start,
                              long int *size, gid_t **groupsp,
                              long int limit, int *errnop)
{
  int32_t res = (int32_t)NSLCD_RESULT_BEGIN;
  int32_t tmpint32, tmp2int32, tmp3int32;
  gid_t gid;
#ifdef NSS_FLAVOUR_GLIBC
  gid_t *newgroups;
  long int newsize;
#endif /* NSS_FLAVOUR_GLIBC */
  /* loop over results */
  while (res == (int32_t)NSLCD_RESULT_BEGIN)
  {
    /* skip group name */
    SKIP_STRING(fp);
    /* skip passwd entry */
    SKIP_STRING(fp);
    /* read gid */
    READ_INT32(fp, gid);
    /* skip members */
    SKIP_STRINGLIST(fp);
    /* only add the group to the list if it is not the specified group */
    if (gid != skipgroup)
    {
#ifdef NSS_FLAVOUR_GLIBC
      /* check if we reached the limit */
      if ((limit > 0) && (*start >= limit))
        return NSS_STATUS_TRYAGAIN;
      /* check if our buffer is large enough */
      if ((*start) >= (*size))
      {
        /* for some reason Glibc expects us to grow the array (completely
           different from all other NSS functions) */
        /* calculate new size */
        newsize = 2 * (*size);
        if ((limit > 0) && (*start >= limit))
          newsize = limit;
        /* allocate new memory */
        newgroups = realloc(*groupsp, newsize * sizeof(gid_t));
        if (newgroups == NULL)
          return NSS_STATUS_TRYAGAIN;
        *groupsp = newgroups;
        *size = newsize;
      }
#endif /* NSS_FLAVOUR_GLIBC */
#ifdef NSS_FLAVOUR_SOLARIS
      /* check if we reached the limit */
      if ((limit > 0) && (*start >= limit))
      {
        *errnop = 1; /* this is args->erange */
        return NSS_STATUS_NOTFOUND;
      }
#endif /* NSS_FLAVOUR_SOLARIS */
      /* add gid to list */
      (*groupsp)[(*start)++] = gid;
    }
    /* read next response code (don't bail out on not success since we
       just want to build up a list) */
    READ_INT32(fp, res);
  }
  /* return the proper status code */
  return NSS_STATUS_SUCCESS;
}

#ifdef NSS_FLAVOUR_GLIBC

/* get a group entry by name */
nss_status_t NSS_NAME(getgrnam_r)(const char *name, struct group *result,
                                  char *buffer, size_t buflen, int *errnop)
{
  NSS_GETONE(NSLCD_ACTION_GROUP_BYNAME,
             WRITE_STRING(fp, name),
             read_group(fp, result, buffer, buflen, errnop));
}

/* get a group entry by numeric gid */
nss_status_t NSS_NAME(getgrgid_r)(gid_t gid, struct group *result,
                                  char *buffer, size_t buflen, int *errnop)
{
  NSS_GETONE(NSLCD_ACTION_GROUP_BYGID,
             WRITE_INT32(fp, gid),
             read_group(fp, result, buffer, buflen, errnop));
}

/* thread-local file pointer to an ongoing request */
static TLS TFILE *grentfp;

/* start a request to read all groups */
nss_status_t NSS_NAME(setgrent)(int UNUSED(stayopen))
{
  NSS_SETENT(grentfp);
}

/* read a single group from the stream */
nss_status_t NSS_NAME(getgrent_r)(struct group *result,
                                  char *buffer, size_t buflen, int *errnop)
{
  NSS_GETENT(grentfp, NSLCD_ACTION_GROUP_ALL,
             read_group(grentfp, result, buffer, buflen, errnop));
}

/* close the stream opened with setgrent() above */
nss_status_t NSS_NAME(endgrent)(void)
{
  NSS_ENDENT(grentfp);
}

/* this function returns a list of groups, documentation for the
   interface is scarce (any pointers are welcome) but this is
   what is assumed the parameters mean:

   user      IN     - the user name to find groups for
   skipgroup IN     - a group to not include in the list
   *start    IN/OUT - where to write in the array, is incremented
   *size     IN/OUT - the size of the supplied array (gid_t entries, not bytes)
   **groupsp IN/OUT - pointer to the array of returned groupids
   limit     IN     - the maxium size of the array
   *errnop   OUT    - for returning errno
*/
nss_status_t NSS_NAME(initgroups_dyn)(const char *user, gid_t skipgroup,
                                      long int *start, long int *size,
                                      gid_t **groupsp, long int limit,
                                      int *errnop)
{
/* temporarily map the buffer and buflen names so the check in NSS_GETONE
   for validity of the buffer works (renaming the parameters may cause
   confusion) */
#define buffer groupsp
#define buflen *size
  NSS_GETONE(NSLCD_ACTION_GROUP_BYMEMBER,
             WRITE_STRING(fp, user),
             read_gids(fp, skipgroup, start, size, groupsp, limit, errnop));
#undef buffer
#undef buflen
}

#endif /* NSS_FLAVOUR_GLIBC */

#ifdef NSS_FLAVOUR_SOLARIS

#ifdef HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN
static char *group2str(struct group *result, char *buffer, size_t buflen)
{
  int res, i;
  res = snprintf(buffer, buflen, "%s:%s:%d:", result->gr_name,
                 result->gr_passwd, (int)result->gr_gid);
  if ((res < 0) || (res >= (int)buflen))
    return NULL;
  if (result->gr_mem)
    for (i = 0; result->gr_mem[i]; i++)
    {
      if (i)
        strlcat(buffer, ",", buflen);
      strlcat(buffer, result->gr_mem[i], buflen);
    }
  /* check if buffer overflowed */
  if (strlen(buffer) >= buflen - 1)
    return NULL;
  return buffer;
}
#endif /* HAVE_STRUCT_NSS_XBYY_ARGS_RETURNLEN */

static nss_status_t read_result(TFILE *fp, nss_XbyY_args_t *args)
{
  READ_RESULT(group, &args->erange);
}

static nss_status_t group_getgrnam(nss_backend_t UNUSED(*be), void *args)
{
  NSS_GETONE(NSLCD_ACTION_GROUP_BYNAME,
             WRITE_STRING(fp, NSS_ARGS(args)->key.name),
             read_result(fp, args));
}

static nss_status_t group_getgrgid(nss_backend_t UNUSED(*be), void *args)
{
  NSS_GETONE(NSLCD_ACTION_GROUP_BYGID,
             WRITE_INT32(fp, NSS_ARGS(args)->key.gid),
             read_result(fp, args));
}

static nss_status_t group_setgrent(nss_backend_t *be, void UNUSED(*args))
{
  NSS_SETENT(LDAP_BE(be)->fp);
}

static nss_status_t group_getgrent(nss_backend_t *be, void *args)
{
  NSS_GETENT(LDAP_BE(be)->fp, NSLCD_ACTION_GROUP_ALL,
             read_result(LDAP_BE(be)->fp, args));
}

static nss_status_t group_endgrent(nss_backend_t *be, void UNUSED(*args))
{
  NSS_ENDENT(LDAP_BE(be)->fp);
}

static nss_status_t group_getgroupsbymember(nss_backend_t UNUSED(*be), void *args)
{
  struct nss_groupsbymem *argp = (struct nss_groupsbymem *)args;
  long int start = (long int)argp->numgids;
  gid_t skipgroup = (start > 0) ? argp->gid_array[0] : (gid_t)-1;
  NSS_GETONE(NSLCD_ACTION_GROUP_BYMEMBER,
             WRITE_STRING(fp, argp->username),
             read_gids(fp, skipgroup, &start, NULL, (gid_t **)&argp->gid_array,
                       argp->maxgids, &NSS_ARGS(args)->erange);
             argp->numgids = (int)start);
}

static nss_backend_op_t group_ops[] = {
  nss_ldap_destructor,
  group_endgrent,
  group_setgrent,
  group_getgrent,
  group_getgrnam,
  group_getgrgid,
  group_getgroupsbymember
};

nss_backend_t *NSS_NAME(group_constr)(const char UNUSED(*db_name),
                                      const char UNUSED(*src_name),
                                      const char UNUSED(*cfg_args))
{
  return nss_ldap_constructor(group_ops, sizeof(group_ops));
}

#endif /* NSS_FLAVOUR_SOLARIS */