aboutsummaryrefslogtreecommitdiff
path: root/nis
diff options
context:
space:
mode:
Diffstat (limited to 'nis')
-rw-r--r--nis/libnsl.map3
-rw-r--r--nis/nis_call.c9
-rw-r--r--nis/nis_callback.c1
-rw-r--r--nis/nss_compat/compat-grp.c314
-rw-r--r--nis/nss_compat/compat-pwd.c526
-rw-r--r--nis/nss_compat/compat-spwd.c280
-rw-r--r--nis/ypclnt.c131
7 files changed, 1064 insertions, 200 deletions
diff --git a/nis/libnsl.map b/nis/libnsl.map
index 98404d22c3..2a08bb454c 100644
--- a/nis/libnsl.map
+++ b/nis/libnsl.map
@@ -26,8 +26,9 @@ GLIBC_2.0 {
# This functions are needed by the NIS+ tools and rpc.nisd,
# they should never be used in a normal user program !
__nis_default_access; __nis_default_group; __nis_default_owner;
- __nis_default_ttl; __free_fdresult; __nis_finddirectory;
+ __nis_default_ttl; __free_fdresult; __nis_finddirectory;
__nis_hash; readColdStartFile; writeColdStartFile;
+ __do_niscall2;
# Many programs expect this, but every user program should
# have it's own version, since the interface is different on
diff --git a/nis/nis_call.c b/nis/nis_call.c
index 1495271c28..cea508e5b6 100644
--- a/nis/nis_call.c
+++ b/nis/nis_call.c
@@ -27,7 +27,8 @@
#include <arpa/inet.h>
#include "nis_intern.h"
-static struct timeval TIMEOUT = {10, 0};
+static struct timeval RPCTIMEOUT = {10, 0};
+static struct timeval UDPTIMEOUT = {5, 0};
unsigned long
inetstr2int (const char *str)
@@ -135,7 +136,7 @@ __bind_connect (dir_binding *dbp)
dbp->socket = RPC_ANYSOCK;
if (dbp->use_udp)
dbp->clnt = clntudp_create (&dbp->addr, NIS_PROG, NIS_VERSION,
- TIMEOUT, &dbp->socket);
+ UDPTIMEOUT, &dbp->socket);
else
dbp->clnt = clnttcp_create (&dbp->addr, NIS_PROG, NIS_VERSION,
&dbp->socket, 0, 0);
@@ -143,7 +144,7 @@ __bind_connect (dir_binding *dbp)
if (dbp->clnt == NULL)
return NIS_RPCERROR;
- clnt_control (dbp->clnt, CLSET_TIMEOUT, (caddr_t)&TIMEOUT);
+ clnt_control (dbp->clnt, CLSET_TIMEOUT, (caddr_t)&RPCTIMEOUT);
/* If the program exists, close the socket */
if (fcntl (dbp->socket, F_SETFD, 1) == -1)
perror (_("fcntl: F_SETFD"));
@@ -302,7 +303,7 @@ __do_niscall2 (const nis_server *server, u_int server_len, u_long prog,
do
{
again:
- result = clnt_call (dbp->clnt, prog, xargs, req, xres, resp, TIMEOUT);
+ result = clnt_call (dbp->clnt, prog, xargs, req, xres, resp, RPCTIMEOUT);
if (result != RPC_SUCCESS)
{
diff --git a/nis/nis_callback.c b/nis/nis_callback.c
index 48c1950dd7..054b462053 100644
--- a/nis/nis_callback.c
+++ b/nis/nis_callback.c
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
+#include <rpc/rpc.h>
#include <rpc/pmap_clnt.h>
#include <string.h>
#include <memory.h>
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c
index c0ddbdffdf..a460d8a8ef 100644
--- a/nis/nss_compat/compat-grp.c
+++ b/nis/nss_compat/compat-grp.c
@@ -29,6 +29,10 @@
#include <rpcsvc/nis.h>
#include <nsswitch.h>
+/* Comment out the following line for the production version. */
+/* #define NDEBUG 1 */
+#include <assert.h>
+
#include "nss-nisplus.h"
#include "nisplus-parser.h"
@@ -41,7 +45,7 @@ static size_t grptablelen = 0;
#define ENTNAME grent
#define STRUCTURE group
#define EXTERN_PARSER
-#include "../../nss/nss_files/files-parse.c"
+#include <nss/nss_files/files-parse.c>
/* Structure for remembering -group members ... */
#define BLACKLIST_INITIAL_SIZE 512
@@ -85,15 +89,22 @@ _nss_first_init (void)
if (grptable == NULL)
{
- char buf [20 + strlen (nis_local_directory ())];
- char *p;
+ static const char key[] = "group.org_dir.";
+ const char *local_dir = nis_local_directory ();
+ size_t len_local_dir = strlen (local_dir);
- p = stpcpy (buf, "group.org_dir.");
- p = stpcpy (p, nis_local_directory ());
- grptable = strdup (buf);
+ grptable = malloc (sizeof (key) + len_local_dir);
if (grptable == NULL)
return NSS_STATUS_TRYAGAIN;
- grptablelen = strlen (grptable);
+
+ grptablelen = ((char *) mempcpy (mempcpy (grptable,
+ key, sizeof (key) - 1),
+ local_dir, len_local_dir + 1)
+ - grptable) - 1;
+
+ /* *Maybe* (I'm no NIS expert) we have to duplicate the `local_dir'
+ value since it might change during our work. So add a test here. */
+ assert (grptablelen == sizeof (key) + len_local_dir);
}
return NSS_STATUS_SUCCESS;
@@ -370,8 +381,8 @@ getgrent_next_nisplus (struct group *result, ent_t *ent, char *buffer,
/* This function handle the +group entrys in /etc/group */
static enum nss_status
-getgrent_next_file_plusgroup (struct group *result, char *buffer,
- size_t buflen)
+getgrnam_plusgroup (const char *name, struct group *result, char *buffer,
+ size_t buflen)
{
struct parser_data *data = (void *) buffer;
int parse_res;
@@ -379,9 +390,9 @@ getgrent_next_file_plusgroup (struct group *result, char *buffer,
if (use_nisplus) /* Do the NIS+ query here */
{
nis_result *res;
- char buf[strlen (result->gr_name) + 24 + grptablelen];
+ char buf[strlen (name) + 24 + grptablelen];
- sprintf(buf, "[name=%s],%s", &result->gr_name[1], grptable);
+ sprintf(buf, "[name=%s],%s", name, grptable);
res = nis_list(buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
{
@@ -407,9 +418,8 @@ getgrent_next_file_plusgroup (struct group *result, char *buffer,
if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
return NSS_STATUS_TRYAGAIN;
- if (yp_match (domain, "group.byname", &result->gr_name[1],
- strlen (result->gr_name) - 1, &outval, &outvallen)
- != YPERR_SUCCESS)
+ if (yp_match (domain, "group.byname", name, strlen (name),
+ &outval, &outvallen) != YPERR_SUCCESS)
return NSS_STATUS_TRYAGAIN;
p = strncpy (buffer, outval,
buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
@@ -430,7 +440,6 @@ getgrent_next_file_plusgroup (struct group *result, char *buffer,
return NSS_STATUS_RETURN;
}
-
static enum nss_status
getgrent_next_file (struct group *result, ent_t *ent,
char *buffer, size_t buflen)
@@ -495,7 +504,11 @@ getgrent_next_file (struct group *result, ent_t *ent,
{
enum nss_status status;
- status = getgrent_next_file_plusgroup (result, buffer, buflen);
+ /* Store the group in the blacklist for the "+" at the end of
+ /etc/group */
+ blacklist_store_name (&result->gr_name[1], ent);
+ status = getgrnam_plusgroup (&result->gr_name[1], result, buffer,
+ buflen);
if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
break;
else
@@ -556,6 +569,104 @@ _nss_compat_getgrent_r (struct group *grp, char *buffer, size_t buflen)
return status;
}
+/* Searches in /etc/group and the NIS/NIS+ map for a special group */
+static enum nss_status
+internal_getgrnam_r (const char *name, struct group *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ while (1)
+ {
+ fpos_t pos;
+ int parse_res = 0;
+ char *p;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ {
+ if (feof (ent->stream))
+ return NSS_STATUS_NOTFOUND;
+ else
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_grent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
+ {
+ if (strcmp (result->gr_name, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -group */
+ if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
+ && result->gr_name[1] != '@')
+ {
+ if (strcmp (&result->gr_name[1], name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ else
+ continue;
+ }
+
+ /* +group */
+ if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
+ && result->gr_name[1] != '@')
+ {
+ if (strcmp (name, &result->gr_name[1]) == 0)
+ {
+ enum nss_status status;
+
+ status = getgrnam_plusgroup (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ /* We couldn't parse the entry */
+ continue;
+ else
+ return status;
+ }
+ }
+ /* +:... */
+ if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getgrnam_plusgroup (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ /* We couldn't parse the entry */
+ continue;
+ else
+ return status;
+ }
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getgrnam_r (const char *name, struct group *grp,
@@ -576,15 +687,172 @@ _nss_compat_getgrnam_r (const char *name, struct group *grp,
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getgrent_r (grp, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (strcmp (grp->gr_name, name) == 0)
- break;
+ status = internal_getgrnam_r (name, grp, &ent, buffer, buflen);
internal_endgrent (&ent);
+
return status;
}
+/* This function handle the + entry in /etc/group */
+static enum nss_status
+getgrgid_plusgroup (gid_t gid, struct group *result, char *buffer,
+ size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ int parse_res;
+
+ if (use_nisplus) /* Do the NIS+ query here */
+ {
+ nis_result *res;
+ char buf[1024 + grptablelen];
+
+ sprintf(buf, "[gid=%d],%s", gid, grptable);
+ res = nis_list(buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+ if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
+ {
+ enum nss_status status = niserr2nss (res->status);
+
+ nis_freeresult (res);
+ return status;
+ }
+ if ((parse_res = _nss_nisplus_parse_grent (res, 0, result, buffer,
+ buflen)) == -1)
+ {
+ __set_errno (ERANGE);
+ nis_freeresult (res);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ nis_freeresult (res);
+ }
+ else /* Use NIS */
+ {
+ char buf[1024];
+ char *domain, *outval, *p;
+ int outvallen;
+
+ if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+
+ snprintf (buf, sizeof (buf), "%d", gid);
+
+ if (yp_match (domain, "group.bygid", buf, strlen (buf),
+ &outval, &outvallen) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+ p = strncpy (buffer, outval,
+ buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+ free (outval);
+ while (isspace (*p))
+ p++;
+ if ((parse_res = _nss_files_parse_grent (p, result, data, buflen)) == -1)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
+ if (parse_res)
+ /* We found the entry. */
+ return NSS_STATUS_SUCCESS;
+ else
+ return NSS_STATUS_RETURN;
+}
+
+/* Searches in /etc/group and the NIS/NIS+ map for a special group id */
+static enum nss_status
+internal_getgrgid_r (gid_t gid, struct group *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ while (1)
+ {
+ fpos_t pos;
+ int parse_res = 0;
+ char *p;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ {
+ if (feof (ent->stream))
+ return NSS_STATUS_NOTFOUND;
+ else
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_grent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
+ {
+ if (result->gr_gid == gid)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -group */
+ if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
+ && result->gr_name[1] != '@')
+ {
+ blacklist_store_name (&result->gr_name[1], ent);
+ continue;
+ }
+
+ /* +group */
+ if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
+ && result->gr_name[1] != '@')
+ {
+ enum nss_status status;
+
+ /* Store the group in the blacklist for the "+" at the end of
+ /etc/group */
+ blacklist_store_name (&result->gr_name[1], ent);
+ status = getgrnam_plusgroup (&result->gr_name[1], result, buffer,
+ buflen);
+ if (status == NSS_STATUS_SUCCESS && result->gr_gid == gid)
+ break;
+ else
+ continue;
+ }
+ /* +:... */
+ if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getgrgid_plusgroup (gid, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getgrgid_r (gid_t gid, struct group *grp,
@@ -602,12 +870,10 @@ _nss_compat_getgrgid_r (gid_t gid, struct group *grp,
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getgrent_r (grp, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (grp->gr_gid == gid && grp->gr_name[0] != '+' && grp->gr_name[0] != '-')
- break;
+ status = internal_getgrgid_r (gid, grp, &ent, buffer, buflen);
internal_endgrent (&ent);
+
return status;
}
diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c
index 681258d2e6..0216522d36 100644
--- a/nis/nss_compat/compat-pwd.c
+++ b/nis/nss_compat/compat-pwd.c
@@ -30,6 +30,10 @@
#include <rpcsvc/nis.h>
#include <nsswitch.h>
+/* Comment out the following line for the production version. */
+/* #define NDEBUG 1 */
+#include <assert.h>
+
#include "netgroup.h"
#include "nss-nisplus.h"
#include "nisplus-parser.h"
@@ -43,7 +47,7 @@ static size_t pwdtablelen = 0;
#define ENTNAME pwent
#define STRUCTURE passwd
#define EXTERN_PARSER
-#include "../../nss/nss_files/files-parse.c"
+#include <nss/nss_files/files-parse.c>
/* Structure for remembering -@netgroup and -user members ... */
#define BLACKLIST_INITIAL_SIZE 512
@@ -211,15 +215,22 @@ internal_setpwent (ent_t *ent)
if (pwdtable == NULL)
{
- char buf [20 + strlen (nis_local_directory ())];
- char *p;
+ static const char key[] = "passwd.org_dir.";
+ const char *local_dir = nis_local_directory ();
+ size_t len_local_dir = strlen (local_dir);
- p = stpcpy (buf, "passwd.org_dir.");
- p = stpcpy (p, nis_local_directory ());
- pwdtable = strdup (buf);
+ pwdtable = malloc (sizeof (key) + len_local_dir);
if (pwdtable == NULL)
- return NSS_STATUS_TRYAGAIN;
- pwdtablelen = strlen (pwdtable);
+ return NSS_STATUS_TRYAGAIN;
+
+ pwdtablelen = ((char *) mempcpy (mempcpy (pwdtable,
+ key, sizeof (key) - 1),
+ local_dir, len_local_dir + 1)
+ - pwdtable) - 1;
+
+ /* *Maybe* (I'm no NIS expert) we have to duplicate the `local_dir'
+ value since it might change during our work. So add a test here. */
+ assert (pwdtablelen == sizeof (key) + len_local_dir);
}
ent->blacklist.current = 0;
@@ -334,8 +345,8 @@ _nss_compat_endpwent (void)
}
static enum nss_status
-getpwent_next_nis_netgr (struct passwd *result, ent_t *ent, char *group,
- char *buffer, size_t buflen)
+getpwent_next_nis_netgr (const char *name, struct passwd *result, ent_t *ent,
+ char *group, char *buffer, size_t buflen)
{
struct parser_data *data = (void *) buffer;
char *ypdomain, *host, *user, *domain, *outval, *p, *p2;
@@ -379,6 +390,11 @@ getpwent_next_nis_netgr (struct passwd *result, ent_t *ent, char *group,
if (domain != NULL && strcmp (ypdomain, domain) != 0)
continue;
+ /* If name != NULL, we are called from getpwnam */
+ if (name != NULL)
+ if (strcmp (user, name) != 0)
+ continue;
+
if (yp_match (ypdomain, "passwd.byname", user,
strlen (user), &outval, &outvallen)
!= YPERR_SUCCESS)
@@ -404,6 +420,9 @@ getpwent_next_nis_netgr (struct passwd *result, ent_t *ent, char *group,
if (parse_res)
{
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (result->pw_name, ent);
copy_pwd_changes (result, &ent->pwd, p2, p2len);
break;
}
@@ -413,8 +432,9 @@ getpwent_next_nis_netgr (struct passwd *result, ent_t *ent, char *group,
}
static enum nss_status
-getpwent_next_nisplus_netgr (struct passwd *result, ent_t *ent, char *group,
- char *buffer, size_t buflen)
+getpwent_next_nisplus_netgr (const char *name, struct passwd *result,
+ ent_t *ent, char *group, char *buffer,
+ size_t buflen)
{
char *ypdomain, *host, *user, *domain, *p2;
int status, parse_res;
@@ -459,6 +479,11 @@ getpwent_next_nisplus_netgr (struct passwd *result, ent_t *ent, char *group,
if (domain != NULL && strcmp (ypdomain, domain) != 0)
continue;
+ /* If name != NULL, we are called from getpwnam */
+ if (name != NULL)
+ if (strcmp (user, name) != 0)
+ continue;
+
p2len = pwd_need_buflen (&ent->pwd);
if (p2len > buflen)
{
@@ -488,6 +513,9 @@ getpwent_next_nisplus_netgr (struct passwd *result, ent_t *ent, char *group,
if (parse_res)
{
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (result->pw_name, ent);
copy_pwd_changes (result, &ent->pwd, p2, p2len);
break;
}
@@ -497,16 +525,6 @@ getpwent_next_nisplus_netgr (struct passwd *result, ent_t *ent, char *group,
}
static enum nss_status
-getpwent_next_netgr (struct passwd *result, ent_t *ent, char *group,
- char *buffer, size_t buflen)
-{
- if (use_nisplus)
- return getpwent_next_nisplus_netgr (result, ent, group, buffer, buflen);
- else
- return getpwent_next_nis_netgr (result, ent, group, buffer, buflen);
-}
-
-static enum nss_status
getpwent_next_nisplus (struct passwd *result, ent_t *ent, char *buffer,
size_t buflen)
{
@@ -683,8 +701,8 @@ getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
/* This function handle the +user entrys in /etc/passwd */
static enum nss_status
-getpwent_next_file_plususer (struct passwd *result, char *buffer,
- size_t buflen)
+getpwnam_plususer (const char *name, struct passwd *result, char *buffer,
+ size_t buflen)
{
struct parser_data *data = (void *) buffer;
struct passwd pwd;
@@ -708,9 +726,9 @@ getpwent_next_file_plususer (struct passwd *result, char *buffer,
if (use_nisplus) /* Do the NIS+ query here */
{
nis_result *res;
- char buf[strlen (result->pw_name) + 24 + pwdtablelen];
+ char buf[strlen (name) + 24 + pwdtablelen];
- sprintf(buf, "[name=%s],%s", &result->pw_name[1], pwdtable);
+ sprintf(buf, "[name=%s],%s", name, pwdtable);
res = nis_list(buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
{
@@ -730,23 +748,24 @@ getpwent_next_file_plususer (struct passwd *result, char *buffer,
}
else /* Use NIS */
{
- char *domain;
- char *outval;
+ char *domain, *outval, *ptr;
int outvallen;
if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
return NSS_STATUS_TRYAGAIN;
- if (yp_match (domain, "passwd.byname", &result->pw_name[1],
- strlen (result->pw_name) - 1, &outval, &outvallen)
+ if (yp_match (domain, "passwd.byname", name, strlen (name),
+ &outval, &outvallen)
!= YPERR_SUCCESS)
return NSS_STATUS_TRYAGAIN;
- p = strncpy (buffer, outval,
- buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+ ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
+ buflen : (size_t) outvallen);
+ buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
free (outval);
- while (isspace (*p))
- p++;
- if ((parse_res = _nss_files_parse_pwent (p, result, data, buflen)) == -1)
+ while (isspace (*ptr))
+ ptr++;
+ if ((parse_res = _nss_files_parse_pwent (ptr, result, data, buflen))
+ == -1)
{
__set_errno (ERANGE);
return NSS_STATUS_TRYAGAIN;
@@ -841,8 +860,14 @@ getpwent_next_file (struct passwd *result, ent_t *ent,
ent->first = TRUE;
copy_pwd_changes (&ent->pwd, result, NULL, 0);
- status = getpwent_next_netgr (result, ent, &result->pw_name[2],
- buffer, buflen);
+ if (use_nisplus)
+ status = getpwent_next_nisplus_netgr (NULL, result, ent,
+ &result->pw_name[2],
+ buffer, buflen);
+ else
+ status = getpwent_next_nis_netgr (NULL, result, ent,
+ &result->pw_name[2],
+ buffer, buflen);
if (status == NSS_STATUS_RETURN)
continue;
else
@@ -863,7 +888,11 @@ getpwent_next_file (struct passwd *result, ent_t *ent,
{
enum nss_status status;
- status = getpwent_next_file_plususer (result, buffer, buflen);
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (&result->pw_name[1], ent);
+ status = getpwnam_plususer (&result->pw_name[1], result, buffer,
+ buflen);
if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
break;
else
@@ -901,26 +930,30 @@ internal_getpwent_r (struct passwd *pw, ent_t *ent, char *buffer,
/* We are searching members in a netgroup */
/* Since this is not the first call, we don't need the group name */
- status = getpwent_next_netgr (pw, ent, NULL, buffer, buflen);
+ if (use_nisplus)
+ status = getpwent_next_nisplus_netgr (NULL, pw, ent, NULL, buffer,
+ buflen);
+ else
+ status = getpwent_next_nis_netgr (NULL, pw, ent, NULL, buffer, buflen);
if (status == NSS_STATUS_RETURN)
return getpwent_next_file (pw, ent, buffer, buflen);
else
return status;
}
- else if (ent->nis)
- {
- if (use_nisplus)
- return getpwent_next_nisplus (pw, ent, buffer, buflen);
- else
- return getpwent_next_nis (pw, ent, buffer, buflen);
- }
else
- return getpwent_next_file (pw, ent, buffer, buflen);
+ if (ent->nis)
+ {
+ if (use_nisplus)
+ return getpwent_next_nisplus (pw, ent, buffer, buflen);
+ else
+ return getpwent_next_nis (pw, ent, buffer, buflen);
+ }
+ else
+ return getpwent_next_file (pw, ent, buffer, buflen);
}
enum nss_status
-_nss_compat_getpwent_r (struct passwd *pwd, char *buffer,
- size_t buflen)
+_nss_compat_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen)
{
enum nss_status status = NSS_STATUS_SUCCESS;
@@ -944,6 +977,158 @@ _nss_compat_getpwent_r (struct passwd *pwd, char *buffer,
return status;
}
+/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
+static enum nss_status
+internal_getpwnam_r (const char *name, struct passwd *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+
+ while (1)
+ {
+ fpos_t pos;
+ char *p;
+ int parse_res;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ {
+ if (feof (ent->stream))
+ return NSS_STATUS_NOTFOUND;
+ else
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
+ {
+ if (strcmp (result->pw_name, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -@netgroup */
+ if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
+ && result->pw_name[2] != '\0')
+ {
+ char buf2[1024];
+ char *user, *host, *domain;
+ struct __netgrent netgrdata;
+
+ bzero (&netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (&result->pw_name[2], &netgrdata);
+ while (__internal_getnetgrent_r (&host, &user, &domain,
+ &netgrdata, buf2, sizeof (buf2)))
+ {
+ if (user != NULL && user[0] != '-')
+ if (strcmp (user, name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ }
+ __internal_endnetgrent (&netgrdata);
+ continue;
+ }
+
+ /* +@netgroup */
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
+ && result->pw_name[2] != '\0')
+ {
+ char buf[strlen (result->pw_name)];
+ int status;
+
+ strcpy (buf, &result->pw_name[2]);
+ ent->netgroup = TRUE;
+ ent->first = TRUE;
+ copy_pwd_changes (&ent->pwd, result, NULL, 0);
+
+ do
+ {
+ if (use_nisplus)
+ status = getpwent_next_nisplus_netgr (name, result, ent, buf,
+ buffer, buflen);
+ else
+ status = getpwent_next_nis_netgr (name, result, ent, buf,
+ buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ continue;
+
+ if (status == NSS_STATUS_SUCCESS &&
+ strcmp (result->pw_name, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ } while (status == NSS_STATUS_SUCCESS);
+ continue;
+ }
+
+ /* -user */
+ if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
+ && result->pw_name[1] != '@')
+ {
+ if (strcmp (&result->pw_name[1], name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ else
+ continue;
+ }
+
+ /* +user */
+ if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
+ && result->pw_name[1] != '@')
+ {
+ if (strcmp (name, &result->pw_name[1]) == 0)
+ {
+ enum nss_status status;
+
+ status = getpwnam_plususer (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+
+ /* +:... */
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getpwnam_plususer (name, result, buffer, buflen);
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
+ break;
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
@@ -970,15 +1155,244 @@ _nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getpwent_r (pwd, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (strcmp (pwd->pw_name, name) == 0)
- break;
+ status = internal_getpwnam_r (name, pwd, &ent, buffer, buflen);
internal_endpwent (&ent);
+
return status;
}
+/* This function handle the + entry in /etc/passwd for getpwuid */
+static enum nss_status
+getpwuid_plususer (uid_t uid, struct passwd *result, char *buffer,
+ size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+ struct passwd pwd;
+ int parse_res;
+ char *p;
+ size_t plen;
+
+ memset (&pwd, '\0', sizeof (struct passwd));
+
+ copy_pwd_changes (&pwd, result, NULL, 0);
+
+ plen = pwd_need_buflen (&pwd);
+ if (plen > buflen)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ p = buffer + (buflen - plen);
+ buflen -= plen;
+
+ if (use_nisplus) /* Do the NIS+ query here */
+ {
+ nis_result *res;
+ char buf[1024 + pwdtablelen];
+
+ sprintf(buf, "[uid=%d],%s", uid, pwdtable);
+ res = nis_list(buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
+ if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
+ {
+ enum nss_status status = niserr2nss (res->status);
+
+ nis_freeresult (res);
+ return status;
+ }
+ if ((parse_res = _nss_nisplus_parse_pwent (res, result, buffer,
+ buflen)) == -1)
+ {
+ nis_freeresult (res);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ nis_freeresult (res);
+ }
+ else /* Use NIS */
+ {
+ char buf[1024];
+ char *domain, *outval, *ptr;
+ int outvallen;
+
+ if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+
+ sprintf (buf, "%d", uid);
+ if (yp_match (domain, "passwd.byuid", buf, strlen (buf),
+ &outval, &outvallen)
+ != YPERR_SUCCESS)
+ return NSS_STATUS_TRYAGAIN;
+ ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
+ buflen : (size_t) outvallen);
+ buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
+ free (outval);
+ while (isspace (*ptr))
+ ptr++;
+ if ((parse_res = _nss_files_parse_pwent (ptr, result, data, buflen))
+ == -1)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+ }
+
+ if (parse_res > 0)
+ {
+ copy_pwd_changes (result, &pwd, p, plen);
+ give_pwd_free (&pwd);
+ /* We found the entry. */
+ return NSS_STATUS_SUCCESS;
+ }
+ else
+ {
+ /* Give buffer the old len back */
+ buflen += plen;
+ give_pwd_free (&pwd);
+ }
+ return NSS_STATUS_RETURN;
+}
+
+/* Searches in /etc/passwd and the NIS/NIS+ map for a special user id */
+static enum nss_status
+internal_getpwuid_r (uid_t uid, struct passwd *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+
+ while (1)
+ {
+ fpos_t pos;
+ char *p;
+ int parse_res;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ return NSS_STATUS_NOTFOUND;
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_pwent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
+ {
+ if (result->pw_uid == uid)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -@netgroup */
+ if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
+ && result->pw_name[2] != '\0')
+ {
+ char buf2[1024];
+ char *user, *host, *domain;
+ struct __netgrent netgrdata;
+
+ bzero (&netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (&result->pw_name[2], &netgrdata);
+ while (__internal_getnetgrent_r (&host, &user, &domain,
+ &netgrdata, buf2, sizeof (buf2)))
+ {
+ if (user != NULL && user[0] != '-')
+ blacklist_store_name (user, ent);
+ }
+ __internal_endnetgrent (&netgrdata);
+ continue;
+ }
+
+ /* +@netgroup */
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
+ && result->pw_name[2] != '\0')
+ {
+ char buf[strlen (result->pw_name)];
+ int status;
+
+ strcpy (buf, &result->pw_name[2]);
+ ent->netgroup = TRUE;
+ ent->first = TRUE;
+ copy_pwd_changes (&ent->pwd, result, NULL, 0);
+
+ do
+ {
+ if (use_nisplus)
+ status = getpwent_next_nisplus_netgr (NULL, result, ent, buf,
+ buffer, buflen);
+ else
+ status = getpwent_next_nis_netgr (NULL, result, ent, buf,
+ buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ continue;
+
+ if (status == NSS_STATUS_SUCCESS && uid == result->pw_uid)
+ return NSS_STATUS_SUCCESS;
+ } while (status == NSS_STATUS_SUCCESS);
+ continue;
+ }
+
+ /* -user */
+ if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
+ && result->pw_name[1] != '@')
+ {
+ blacklist_store_name (&result->pw_name[1], ent);
+ continue;
+ }
+
+ /* +user */
+ if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
+ && result->pw_name[1] != '@')
+ {
+ enum nss_status status;
+
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (&result->pw_name[1], ent);
+ status = getpwnam_plususer (&result->pw_name[1], result, buffer,
+ buflen);
+ if (status == NSS_STATUS_SUCCESS && result->pw_uid == uid)
+ break;
+ else
+ continue;
+ }
+
+ /* +:... */
+ if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getpwuid_plususer (uid, result, buffer, buflen);
+ if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
+ break;
+ else
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
@@ -1002,12 +1416,10 @@ _nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getpwent_r (pwd, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (pwd->pw_uid == uid && pwd->pw_name[0] != '+' && pwd->pw_name[0] != '-')
- break;
+ status = internal_getpwuid_r (uid, pwd, &ent, buffer, buflen);
internal_endpwent (&ent);
+
return status;
}
diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c
index 431380dac6..c33d5aa339 100644
--- a/nis/nss_compat/compat-spwd.c
+++ b/nis/nss_compat/compat-spwd.c
@@ -30,6 +30,10 @@
#include <rpcsvc/nis.h>
#include <nsswitch.h>
+/* Comment out the following line for the production version. */
+/* #define NDEBUG 1 */
+#include <assert.h>
+
#include "netgroup.h"
#include "nss-nisplus.h"
#include "nisplus-parser.h"
@@ -43,7 +47,7 @@ static size_t pwdtablelen = 0;
#define ENTNAME spent
#define STRUCTURE spwd
#define EXTERN_PARSER
-#include "../../nss/nss_files/files-parse.c"
+#include <nss/nss_files/files-parse.c>
/* Structure for remembering -@netgroup and -user members ... */
#define BLACKLIST_INITIAL_SIZE 512
@@ -163,15 +167,22 @@ internal_setspent (ent_t *ent)
if (pwdtable == NULL)
{
- char buf [20 + strlen (nis_local_directory ())];
- char *p;
+ static const char key[] = "passwd.org_dir.";
+ const char *local_dir = nis_local_directory ();
+ size_t len_local_dir = strlen (local_dir);
- p = stpcpy (buf, "passwd.org_dir.");
- p = stpcpy (p, nis_local_directory ());
- pwdtable = strdup (buf);
+ pwdtable = malloc (sizeof (key) + len_local_dir);
if (pwdtable == NULL)
return NSS_STATUS_TRYAGAIN;
- pwdtablelen = strlen (pwdtable);
+
+ pwdtablelen = ((char *) mempcpy (mempcpy (pwdtable,
+ key, sizeof (key) - 1),
+ local_dir, len_local_dir + 1)
+ - pwdtable) - 1;
+
+ /* *Maybe* (I'm no NIS expert) we have to duplicate the `local_dir'
+ value since it might change during our work. So add a test here. */
+ assert (pwdtablelen == sizeof (key) + len_local_dir);
}
ent->blacklist.current = 0;
@@ -287,8 +298,8 @@ _nss_compat_endspent (void)
static enum nss_status
-getspent_next_nis_netgr (struct spwd *result, ent_t *ent, char *group,
- char *buffer, size_t buflen)
+getspent_next_nis_netgr (const char *name, struct spwd *result, ent_t *ent,
+ char *group, char *buffer, size_t buflen)
{
struct parser_data *data = (void *) buffer;
char *ypdomain, *host, *user, *domain, *outval, *p, *p2;
@@ -332,6 +343,11 @@ getspent_next_nis_netgr (struct spwd *result, ent_t *ent, char *group,
if (domain != NULL && strcmp (ypdomain, domain) != 0)
continue;
+ /* If name != NULL, we are called from getpwnam */
+ if (name != NULL)
+ if (strcmp (user, name) != 0)
+ continue;
+
if (yp_match (ypdomain, "shadow.byname", user,
strlen (user), &outval, &outvallen)
!= YPERR_SUCCESS)
@@ -357,6 +373,9 @@ getspent_next_nis_netgr (struct spwd *result, ent_t *ent, char *group,
if (parse_res)
{
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (result->sp_namp, ent);
copy_spwd_changes (result, &ent->pwd, p2, p2len);
break;
}
@@ -366,8 +385,9 @@ getspent_next_nis_netgr (struct spwd *result, ent_t *ent, char *group,
}
static enum nss_status
-getspent_next_nisplus_netgr (struct spwd *result, ent_t *ent, char *group,
- char *buffer, size_t buflen)
+getspent_next_nisplus_netgr (const char *name, struct spwd *result,
+ ent_t *ent, char *group, char *buffer,
+ size_t buflen)
{
char *ypdomain, *host, *user, *domain, *p2;
int status, parse_res;
@@ -412,6 +432,11 @@ getspent_next_nisplus_netgr (struct spwd *result, ent_t *ent, char *group,
if (domain != NULL && strcmp (ypdomain, domain) != 0)
continue;
+ /* If name != NULL, we are called from getpwnam */
+ if (name != NULL)
+ if (strcmp (user, name) != 0)
+ continue;
+
p2len = spwd_need_buflen (&ent->pwd);
if (p2len > buflen)
{
@@ -440,7 +465,10 @@ getspent_next_nisplus_netgr (struct spwd *result, ent_t *ent, char *group,
if (parse_res)
{
- copy_spwd_changes (result, &ent->pwd, p2, p2len);
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (result->sp_namp, ent);
+ copy_spwd_changes (result, &ent->pwd, p2, p2len);
break;
}
}
@@ -449,16 +477,6 @@ getspent_next_nisplus_netgr (struct spwd *result, ent_t *ent, char *group,
}
static enum nss_status
-getspent_next_netgr (struct spwd *result, ent_t *ent, char *group,
- char *buffer, size_t buflen)
-{
- if (use_nisplus)
- return getspent_next_nisplus_netgr (result, ent, group, buffer, buflen);
- else
- return getspent_next_nis_netgr (result, ent, group, buffer, buflen);
-}
-
-static enum nss_status
getspent_next_nisplus (struct spwd *result, ent_t *ent, char *buffer,
size_t buflen)
{
@@ -635,8 +653,8 @@ getspent_next_nis (struct spwd *result, ent_t *ent,
/* This function handle the +user entrys in /etc/shadow */
static enum nss_status
-getspent_next_file_plususer (struct spwd *result, char *buffer,
- size_t buflen)
+getspnam_plususer (const char *name, struct spwd *result, char *buffer,
+ size_t buflen)
{
struct parser_data *data = (void *) buffer;
struct spwd pwd;
@@ -660,9 +678,9 @@ getspent_next_file_plususer (struct spwd *result, char *buffer,
if (use_nisplus) /* Do the NIS+ query here */
{
nis_result *res;
- char buf[strlen (result->sp_namp) + 24 + pwdtablelen];
+ char buf[strlen (name) + 24 + pwdtablelen];
- sprintf(buf, "[name=%s],%s", &result->sp_namp[1], pwdtable);
+ sprintf(buf, "[name=%s],%s", name, pwdtable);
res = nis_list(buf, 0, NULL, NULL);
if (niserr2nss (res->status) != NSS_STATUS_SUCCESS)
{
@@ -681,24 +699,28 @@ getspent_next_file_plususer (struct spwd *result, char *buffer,
}
else /* Use NIS */
{
- char *domain;
- char *outval;
+ char *domain, *outval, *ptr;
int outvallen;
if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
return NSS_STATUS_TRYAGAIN;
- if (yp_match (domain, "passwd.byname", &result->sp_namp[1],
- strlen (result->sp_namp) - 1, &outval, &outvallen)
+ if (yp_match (domain, "shadow.byname", name, strlen (name),
+ &outval, &outvallen)
!= YPERR_SUCCESS)
return NSS_STATUS_TRYAGAIN;
- p = strncpy (buffer, outval,
- buflen < (size_t) outvallen ? buflen : (size_t) outvallen);
+ ptr = strncpy (buffer, outval, buflen < (size_t) outvallen ?
+ buflen : (size_t) outvallen);
+ buffer[buflen < (size_t) outvallen ? buflen : (size_t) outvallen] = '\0';
free (outval);
- while (isspace (*p))
- p++;
- if ((parse_res = _nss_files_parse_spent (p, result, data, buflen)) == -1)
- return NSS_STATUS_TRYAGAIN;
+ while (isspace (*ptr))
+ ptr++;
+ if ((parse_res = _nss_files_parse_spent (ptr, result, data, buflen))
+ == -1)
+ {
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
}
if (parse_res)
@@ -790,8 +812,14 @@ getspent_next_file (struct spwd *result, ent_t *ent,
ent->first = TRUE;
copy_spwd_changes (&ent->pwd, result, NULL, 0);
- status = getspent_next_netgr (result, ent, &result->sp_namp[2],
- buffer, buflen);
+ if (use_nisplus)
+ status = getspent_next_nisplus_netgr (NULL, result, ent,
+ &result->sp_namp[2],
+ buffer, buflen);
+ else
+ status = getspent_next_nis_netgr (NULL, result, ent,
+ &result->sp_namp[2],
+ buffer, buflen);
if (status == NSS_STATUS_RETURN)
continue;
else
@@ -812,7 +840,11 @@ getspent_next_file (struct spwd *result, ent_t *ent,
{
enum nss_status status;
- status = getspent_next_file_plususer (result, buffer, buflen);
+ /* Store the User in the blacklist for the "+" at the end of
+ /etc/passwd */
+ blacklist_store_name (&result->sp_namp[1], ent);
+ status = getspnam_plususer (&result->sp_namp[1], result, buffer,
+ buflen);
if (status == NSS_STATUS_SUCCESS) /* We found the entry. */
break;
else
@@ -850,21 +882,26 @@ internal_getspent_r (struct spwd *pw, ent_t *ent,
/* We are searching members in a netgroup */
/* Since this is not the first call, we don't need the group name */
- status = getspent_next_netgr (pw, ent, NULL, buffer, buflen);
+ if (use_nisplus)
+ status = getspent_next_nisplus_netgr (NULL, pw, ent, NULL, buffer,
+ buflen);
+ else
+ status = getspent_next_nis_netgr (NULL, pw, ent, NULL, buffer, buflen);
if (status == NSS_STATUS_RETURN)
return getspent_next_file (pw, ent, buffer, buflen);
else
return status;
}
- else if (ent->nis)
- {
- if (use_nisplus)
- return getspent_next_nisplus (pw, ent, buffer, buflen);
- else
- return getspent_next_nis (pw, ent, buffer, buflen);
- }
else
- return getspent_next_file (pw, ent, buffer, buflen);
+ if (ent->nis)
+ {
+ if (use_nisplus)
+ return getspent_next_nisplus (pw, ent, buffer, buflen);
+ else
+ return getspent_next_nis (pw, ent, buffer, buflen);
+ }
+ else
+ return getspent_next_file (pw, ent, buffer, buflen);
}
enum nss_status
@@ -892,6 +929,147 @@ _nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen)
return status;
}
+/* Searches in /etc/passwd and the NIS/NIS+ map for a special user */
+static enum nss_status
+internal_getspnam_r (const char *name, struct spwd *result, ent_t *ent,
+ char *buffer, size_t buflen)
+{
+ struct parser_data *data = (void *) buffer;
+
+ while (1)
+ {
+ fpos_t pos;
+ char *p;
+ int parse_res;
+
+ do
+ {
+ fgetpos (ent->stream, &pos);
+ p = fgets (buffer, buflen, ent->stream);
+ if (p == NULL)
+ return NSS_STATUS_NOTFOUND;
+
+ /* Terminate the line for any case. */
+ buffer[buflen - 1] = '\0';
+
+ /* Skip leading blanks. */
+ while (isspace (*p))
+ ++p;
+ }
+ while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */
+ /* Parse the line. If it is invalid, loop to
+ get the next line of the file to parse. */
+ !(parse_res = _nss_files_parse_spent (p, result, data, buflen)));
+
+ if (parse_res == -1)
+ {
+ /* The parser ran out of space. */
+ fsetpos (ent->stream, &pos);
+ __set_errno (ERANGE);
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ /* This is a real entry. */
+ if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
+ {
+ if (strcmp (result->sp_namp, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ else
+ continue;
+ }
+
+ /* -@netgroup */
+ if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
+ && result->sp_namp[2] != '\0')
+ {
+ char buf2[1024];
+ char *user, *host, *domain;
+ struct __netgrent netgrdata;
+
+ bzero (&netgrdata, sizeof (struct __netgrent));
+ __internal_setnetgrent (&result->sp_namp[2], &netgrdata);
+ while (__internal_getnetgrent_r (&host, &user, &domain,
+ &netgrdata, buf2, sizeof (buf2)))
+ {
+ if (user != NULL && user[0] != '-')
+ if (strcmp (user, name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ }
+ __internal_endnetgrent (&netgrdata);
+ continue;
+ }
+
+ /* +@netgroup */
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
+ && result->sp_namp[2] != '\0')
+ {
+ char buf[strlen (result->sp_namp)];
+ int status;
+
+ strcpy (buf, &result->sp_namp[2]);
+ ent->netgroup = TRUE;
+ ent->first = TRUE;
+ copy_spwd_changes (&ent->pwd, result, NULL, 0);
+
+ do
+ {
+ if (use_nisplus)
+ status = getspent_next_nisplus_netgr (name, result, ent, buf,
+ buffer, buflen);
+ else
+ status = getspent_next_nis_netgr (name, result, ent, buf,
+ buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ continue;
+
+ if (status == NSS_STATUS_SUCCESS &&
+ strcmp (result->sp_namp, name) == 0)
+ return NSS_STATUS_SUCCESS;
+ } while (status == NSS_STATUS_SUCCESS);
+ continue;
+ }
+
+ /* -user */
+ if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
+ && result->sp_namp[1] != '@')
+ {
+ if (strcmp (&result->sp_namp[1], name) == 0)
+ return NSS_STATUS_NOTFOUND;
+ else
+ continue;
+ }
+
+ /* +user */
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
+ && result->sp_namp[1] != '@')
+ {
+ if (strcmp (name, &result->sp_namp[1]) == 0)
+ {
+ enum nss_status status;
+
+ status = getspnam_plususer (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN)
+ /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+
+ /* +:... */
+ if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
+ {
+ enum nss_status status;
+
+ status = getspnam_plususer (name, result, buffer, buflen);
+ if (status == NSS_STATUS_RETURN) /* We couldn't parse the entry */
+ return NSS_STATUS_NOTFOUND;
+ else
+ return status;
+ }
+ }
+ return NSS_STATUS_SUCCESS;
+}
enum nss_status
_nss_compat_getspnam_r (const char *name, struct spwd *pwd,
@@ -914,12 +1092,10 @@ _nss_compat_getspnam_r (const char *name, struct spwd *pwd,
if (status != NSS_STATUS_SUCCESS)
return status;
- while ((status = internal_getspent_r (pwd, &ent, buffer, buflen))
- == NSS_STATUS_SUCCESS)
- if (strcmp (pwd->sp_namp, name) == 0)
- break;
+ status = internal_getspnam_r (name, pwd, &ent, buffer, buflen);
internal_endspent (&ent);
+
return status;
}
diff --git a/nis/ypclnt.c b/nis/ypclnt.c
index c8db8a8813..5bef8d17d2 100644
--- a/nis/ypclnt.c
+++ b/nis/ypclnt.c
@@ -17,16 +17,15 @@
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
+#include <fcntl.h>
#include <string.h>
#include <unistd.h>
-#include <fcntl.h>
-#include <bits/libc-lock.h>
-#include <rpc/auth.h>
#include <rpc/rpc.h>
#include <rpcsvc/nis.h>
#include <rpcsvc/yp.h>
#include <rpcsvc/ypclnt.h>
#include <rpcsvc/ypupd.h>
+#include <bits/libc-lock.h>
struct dom_binding
{
@@ -39,7 +38,8 @@ struct dom_binding
};
typedef struct dom_binding dom_binding;
-static struct timeval TIMEOUT = {25, 0};
+static struct timeval RPCTIMEOUT = {25, 0};
+static struct timeval UDPTIMEOUT = {5, 0};
static int const MAXTRIES = 5;
static char __ypdomainname[NIS_MAXNAMELEN + 1] = "\0";
__libc_lock_define_initialized (static, ypbindlist_lock)
@@ -47,28 +47,28 @@ static dom_binding *__ypbindlist = NULL;
static int
-__yp_bind (const char *domain, dom_binding ** ypdb)
+__yp_bind (const char *domain, dom_binding **ypdb)
{
struct sockaddr_in clnt_saddr;
struct ypbind_resp ypbr;
- dom_binding *ysd;
+ dom_binding *ysd = NULL;
int clnt_sock;
CLIENT *client;
int is_new = 0;
int try;
- if (ypdb != NULL)
- *ypdb = NULL;
-
if ((domain == NULL) || (strlen (domain) == 0))
return YPERR_BADARGS;
- ysd = __ypbindlist;
- while (ysd != NULL)
+ if (ypdb != NULL)
{
- if (strcmp (domain, ysd->dom_domain) == 0)
- break;
- ysd = ysd->dom_pnext;
+ ysd = *ypdb;
+ while (ysd != NULL)
+ {
+ if (strcmp (domain, ysd->dom_domain) == 0)
+ break;
+ ysd = ysd->dom_pnext;
+ }
}
if (ysd == NULL)
@@ -128,7 +128,7 @@ __yp_bind (const char *domain, dom_binding ** ypdb)
if (clnt_call (client, YPBINDPROC_DOMAIN,
(xdrproc_t) xdr_domainname, (caddr_t) &domain,
(xdrproc_t) xdr_ypbind_resp,
- (caddr_t) &ypbr, TIMEOUT) != RPC_SUCCESS)
+ (caddr_t) &ypbr, RPCTIMEOUT) != RPC_SUCCESS)
{
clnt_destroy (client);
close (clnt_sock);
@@ -142,28 +142,12 @@ __yp_bind (const char *domain, dom_binding ** ypdb)
if (ypbr.ypbind_status != YPBIND_SUCC_VAL)
{
- switch (ypbr.ypbind_resp_u.ypbind_error)
- {
- case YPBIND_ERR_ERR:
- fputs (_("YPBINDPROC_DOMAIN: Internal error\n"), stderr);
- break;
- case YPBIND_ERR_NOSERV:
- fprintf (stderr,
- _("YPBINDPROC_DOMAIN: No server for domain %s\n"),
- domain);
- break;
- case YPBIND_ERR_RESC:
- fputs (_("YPBINDPROC_DOMAIN: Resource allocation failure\n"),
- stderr);
- break;
- default:
- fputs (_("YPBINDPROC_DOMAIN: Unknown error\n"), stderr);
- break;
- }
- if (is_new)
- free (ysd);
- return YPERR_DOMAIN;
- }
+ fprintf (stderr, _("YPBINDPROC_DOMAIN: %s\n"),
+ ypbinderr_string (ypbr.ypbind_resp_u.ypbind_error));
+ if (is_new)
+ free (ysd);
+ return YPERR_DOMAIN;
+ }
memset (&ysd->dom_server_addr, '\0', sizeof ysd->dom_server_addr);
ysd->dom_server_addr.sin_family = AF_INET;
memcpy (&ysd->dom_server_addr.sin_port,
@@ -184,7 +168,7 @@ __yp_bind (const char *domain, dom_binding ** ypdb)
}
ysd->dom_socket = RPC_ANYSOCK;
ysd->dom_client = clntudp_create (&ysd->dom_server_addr, YPPROG, YPVERS,
- TIMEOUT, &ysd->dom_socket);
+ UDPTIMEOUT, &ysd->dom_socket);
if (ysd->dom_client == NULL)
ysd->dom_vers = -1;
@@ -195,15 +179,12 @@ __yp_bind (const char *domain, dom_binding ** ypdb)
if (fcntl (ysd->dom_socket, F_SETFD, 1) == -1)
perror (_("fcntl: F_SETFD"));
- if (is_new)
+ if (is_new && ypdb != NULL)
{
- ysd->dom_pnext = __ypbindlist;
- __ypbindlist = ysd;
+ ysd->dom_pnext = *ypdb;
+ *ypdb = ysd;
}
- if (NULL != ypdb)
- *ypdb = ysd;
-
return YPERR_SUCCESS;
}
@@ -220,36 +201,67 @@ do_ypcall (const char *domain, u_long prog, xdrproc_t xargs,
caddr_t req, xdrproc_t xres, caddr_t resp)
{
dom_binding *ydb = NULL;
+ bool_t use_ypbindlist = FALSE;
int try, result;
try = 0;
result = YPERR_YPERR;
- while (try < MAXTRIES && result != RPC_SUCCESS)
+ __libc_lock_lock (ypbindlist_lock);
+ if (__ypbindlist != NULL)
{
- __libc_lock_lock (ypbindlist_lock);
+ ydb = __ypbindlist;
+ while (ydb != NULL)
+ {
+ if (strcmp (domain, ydb->dom_domain) == 0)
+ break;
+ ydb = ydb->dom_pnext;
+ }
+ if (ydb != NULL)
+ use_ypbindlist = TRUE;
+ else
+ __libc_lock_unlock (ypbindlist_lock);
+ }
+ else
+ __libc_lock_unlock (ypbindlist_lock);
+ while (try < MAXTRIES && result != RPC_SUCCESS)
+ {
if (__yp_bind (domain, &ydb) != 0)
{
- __libc_lock_unlock (ypbindlist_lock);
+ if (use_ypbindlist)
+ __libc_lock_unlock (ypbindlist_lock);
return YPERR_DOMAIN;
}
result = clnt_call (ydb->dom_client, prog,
- xargs, req, xres, resp, TIMEOUT);
+ xargs, req, xres, resp, RPCTIMEOUT);
if (result != RPC_SUCCESS)
{
clnt_perror (ydb->dom_client, "do_ypcall: clnt_call");
ydb->dom_vers = -1;
- __yp_unbind (ydb);
+ if (!use_ypbindlist)
+ {
+ __yp_unbind (ydb);
+ free (ydb);
+ ydb = NULL;
+ }
result = YPERR_RPC;
}
-
- __libc_lock_unlock (ypbindlist_lock);
-
try++;
}
+ if (use_ypbindlist)
+ {
+ __libc_lock_unlock (ypbindlist_lock);
+ use_ypbindlist = FALSE;
+ }
+ else
+ {
+ __yp_unbind (ydb);
+ free (ydb);
+ ydb = NULL;
+ }
return result;
}
@@ -261,7 +273,7 @@ yp_bind (const char *indomain)
__libc_lock_lock (ypbindlist_lock);
- status = __yp_bind (indomain, NULL);
+ status = __yp_bind (indomain, &__ypbindlist);
__libc_lock_unlock (ypbindlist_lock);
@@ -597,7 +609,7 @@ yp_all (const char *indomain, const char *inmap,
const struct ypall_callback *incallback)
{
struct ypreq_nokey req;
- dom_binding *ydb;
+ dom_binding *ydb = NULL;
int try, result;
struct sockaddr_in clnt_sin;
CLIENT *clnt;
@@ -613,11 +625,8 @@ yp_all (const char *indomain, const char *inmap,
while (try < MAXTRIES && result != RPC_SUCCESS)
{
- __libc_lock_lock (ypbindlist_lock);
-
if (__yp_bind (indomain, &ydb) != 0)
{
- __libc_lock_unlock (ypbindlist_lock);
return YPERR_DOMAIN;
}
@@ -629,7 +638,6 @@ yp_all (const char *indomain, const char *inmap,
if (clnt == NULL)
{
puts (_("yp_all: clnttcp_create failed"));
- __libc_lock_unlock (ypbindlist_lock);
return YPERR_PMAP;
}
req.domain = (char *) indomain;
@@ -640,7 +648,7 @@ yp_all (const char *indomain, const char *inmap,
result = clnt_call (clnt, YPPROC_ALL, (xdrproc_t) xdr_ypreq_nokey,
(caddr_t) &req, (xdrproc_t) __xdr_ypresp_all,
- (caddr_t) &status, TIMEOUT);
+ (caddr_t) &status, RPCTIMEOUT);
clnt_destroy (clnt);
close (clnt_sock);
@@ -648,13 +656,12 @@ yp_all (const char *indomain, const char *inmap,
{
clnt_perror (ydb->dom_client, "yp_all: clnt_call");
__yp_unbind (ydb);
+ free (ydb);
result = YPERR_RPC;
}
else
result = YPERR_SUCCESS;
- __libc_lock_unlock (ypbindlist_lock);
-
if (status != YP_NOMORE)
return ypprot_err (status);
try++;
@@ -854,7 +861,7 @@ yp_update (char *domain, char *map, unsigned ypop,
again:
r = clnt_call (clnt, ypop, xdr_argument, (caddr_t) &args,
- (xdrproc_t) xdr_u_int, (caddr_t) &res, TIMEOUT);
+ (xdrproc_t) xdr_u_int, (caddr_t) &res, RPCTIMEOUT);
if (r == RPC_AUTHERROR)
{