From 8eaaffdeedf5a34a68a785e62b181e4e5fc6cf43 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Mon, 6 Jul 1998 17:09:00 +0000
Subject: Update.

1998-07-06 14:36  Andreas Schwab  <schwab@issan.informatik.uni-dortmund.de>

	* posix/Makefile (generated): Remove $(objpfx) from the names.

1998-07-05  Andreas Jaeger  <aj@arthur.rhein-neckar.de>

	* stdio-common/test_rdwr.c: Use %Zu for size_t in printf
	format string.

	* libio/iofread_u.c: Include <stdio.h> for prototype.
	* libio/iofwrite_u.c: Likewise.

1998-07-06  Andreas Jaeger  <aj@arthur.rhein-neckar.de>

	* db2/Versions: New file.

1998-07-04  Andreas Schwab  <schwab@issan.informatik.uni-dortmund.de>

	* Makefile (lib-noranlib): Don't depend on sysd-versions.
	($(common-objpfx)sysd-versions): Remove rule.
	* Makerules ($(common-objpfx)sysd-versions): Define here instead.
	Pass name of Versions.def file to script and redirect output to
	target.  Include it and make all generated version maps depend on
	it.
	* versions.awk: Print out variable definition containing all
	generated version maps.  Print error messages to stderr.  Remove
	temp file.

1998-07-04  Andreas Schwab  <schwab@issan.informatik.uni-dortmund.de>

	* posix/annexc.c (check_header): Terminate macro name before
	comparing.
	(get_null_defines): Allow builtin macros with parameters.
	(fmt, testfmt): Add -D_LIBC.
	* posix/Makefile: Remove bogus duplicate include directories from
	annexc test command.

1998-07-06 12:04  Ulrich Drepper  <drepper@cygnus.com>

	* nis/nss_nis/nis-pwd.c (internal_nis_getpwent_r): Handle adjunct
	password scheme.
	(_nss_nis_getpwnam_r): Likewise.
	(_nss_nis_getpwuid_r): Likewise.

1998-07-05  Mark Kettenis  <kettenis@phys.uva.nl>

	* libio/Versions: Move symbols whose source lives in
	stdio-common to ...
	* stdio-common/Versions: ... here.
	* stdio/Versions: Add missing symbols.
---
 nis/nss_nis/nis-pwd.c | 207 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 178 insertions(+), 29 deletions(-)

(limited to 'nis')

diff --git a/nis/nss_nis/nis-pwd.c b/nis/nss_nis/nis-pwd.c
index 296526d7e6..b70091508c 100644
--- a/nis/nss_nis/nis-pwd.c
+++ b/nis/nss_nis/nis-pwd.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996, 1997 Free Software Foundation, Inc.
+/* Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
 
@@ -82,8 +82,8 @@ internal_nis_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
 			 int *errnop)
 {
   struct parser_data *data = (void *) buffer;
-  char *domain, *result, *outkey;
-  int len, keylen, parse_res;
+  char *domain;
+  int parse_res;
 
   if (yp_get_default_domain (&domain))
     return NSS_STATUS_UNAVAIL;
@@ -92,7 +92,9 @@ internal_nis_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
   do
     {
       enum nss_status retval;
-      char *p;
+      char *result, *outkey, *result2, *p;
+      int len, keylen, len2;
+      size_t namelen;
 
       if (new_start)
         retval = yperr2nss (yp_first (domain, "passwd.byname",
@@ -109,15 +111,63 @@ internal_nis_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
           return retval;
         }
 
-      if ((size_t) (len + 1) > buflen)
-        {
-          free (result);
-	  *errnop = ERANGE;
-          return NSS_STATUS_TRYAGAIN;
-        }
+      /* Check for adjunct style secret passwords.  They can be
+	 recognized by a password starting with "##".  */
+      p = strchr (result, ':');
+      if (p != NULL	/* This better should be true in all cases.  */
+	  && p[1] == '#' && p[2] == '#'
+	  && (namelen = p - result,
+	      yp_match (domain, "passwd.adjunct.byname", result, namelen,
+			&result2, &len2)) == YPERR_SUCCESS)
+	{
+	  /* We found a passwd.adjunct entry.  Merge encrypted
+	     password therein into original result.  */
+	  char *encrypted = strchr (result2, ':');
+	  char *endp;
+	  size_t restlen;
+
+	  if (encrypted != NULL
+	      || (endp = strchr (++encrypted, ':')) == NULL
+	      || (p = strchr (p + 1, ':')) == NULL)
+	    {
+	      /* Invalid format of the entry.  This never should happen
+		 unless the data from which the NIS table is generated is
+		 wrong.  We simply ignore it.  */
+	      free (result2);
+	      goto non_adjunct;
+	    }
+
+	  restlen = len - (p - result);
+	  if ((size_t) (namelen + (endp - encrypted) + restlen + 2) > buflen)
+	    {
+	      free (result2);
+	      free (result);
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
+	  __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, result, namelen),
+					   ":", 1),
+				encrypted, endp - encrypted),
+		     p, restlen + 1);
+	  p = buffer;
+
+	  free (result2);
+	}
+      else
+	{
+	non_adjunct:
+	  if ((size_t) (len + 1) > buflen)
+	    {
+	      free (result);
+	      *errnop = ERANGE;
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+
+	  p = strncpy (buffer, result, len);
+	  buffer[len] = '\0';
+	}
 
-      p = strncpy (buffer, result, len);
-      buffer[len] = '\0';
       while (isspace (*p))
         ++p;
       free (result);
@@ -161,8 +211,9 @@ _nss_nis_getpwnam_r (const char *name, struct passwd *pwd,
 {
   struct parser_data *data = (void *) buffer;
   enum nss_status retval;
-  char *domain, *result, *p;
-  int len, parse_res;
+  char *domain, *result, *result2, *p;
+  int len, len2, parse_res;
+  size_t namelen;
 
   if (name == NULL)
     {
@@ -173,8 +224,10 @@ _nss_nis_getpwnam_r (const char *name, struct passwd *pwd,
   if (yp_get_default_domain (&domain))
     return NSS_STATUS_UNAVAIL;
 
+  namelen = strlen (name);
+
   retval = yperr2nss (yp_match (domain, "passwd.byname", name,
-				strlen (name), &result, &len));
+				namelen, &result, &len));
 
   if (retval != NSS_STATUS_SUCCESS)
     {
@@ -183,15 +236,62 @@ _nss_nis_getpwnam_r (const char *name, struct passwd *pwd,
       return retval;
     }
 
-  if ((size_t) (len + 1) > buflen)
+  /* Check for adjunct style secret passwords.  They can be recognized
+     by a password starting with "##".  */
+  p = strchr (result, ':');
+  if (p != NULL	/* This better should be true in all cases.  */
+      && p[1] == '#' && p[2] == '#'
+      && yp_match (domain, "passwd.adjunct.byname", name, namelen,
+		   &result2, &len2) == YPERR_SUCCESS)
     {
-      free (result);
-      *errnop = ERANGE;
-      return NSS_STATUS_TRYAGAIN;
+      /* We found a passwd.adjunct entry.  Merge encrypted password
+	 therein into original result.  */
+      char *encrypted = strchr (result2, ':');
+      char *endp;
+      size_t restlen;
+
+      if (encrypted != NULL
+	  || (endp = strchr (++encrypted, ':')) == NULL
+	  || (p = strchr (p + 1, ':')) == NULL)
+	{
+	  /* Invalid format of the entry.  This never should happen
+	     unless the data from which the NIS table is generated is
+	     wrong.  We simply ignore it.  */
+	  free (result2);
+	  goto non_adjunct;
+	}
+
+      restlen = len - (p - result);
+      if ((size_t) (namelen + (endp - encrypted) + restlen + 2) > buflen)
+	{
+	  free (result2);
+	  free (result);
+	  *errnop = ERANGE;
+	  return NSS_STATUS_TRYAGAIN;
+	}
+
+      __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, name, namelen),
+				       ":", 1),
+			    encrypted, endp - encrypted),
+		 p, restlen + 1);
+      p = buffer;
+
+      free (result2);
+    }
+  else
+    {
+    non_adjunct:
+      if ((size_t) (len + 1) > buflen)
+	{
+	  free (result);
+	  *errnop = ERANGE;
+	  return NSS_STATUS_TRYAGAIN;
+	}
+
+      p = strncpy (buffer, result, len);
+      buffer[len] = '\0';
     }
 
-  p = strncpy (buffer, result, len);
-  buffer[len] = '\0';
   while (isspace (*p))
     ++p;
   free (result);
@@ -214,9 +314,10 @@ _nss_nis_getpwuid_r (uid_t uid, struct passwd *pwd,
 {
   struct parser_data *data = (void *) buffer;
   enum nss_status retval;
-  char *domain, *result, *p;
-  int len, nlen, parse_res;
+  char *domain, *result, *p, *result2;
+  int len, nlen, parse_res, len2;
   char buf[32];
+  size_t namelen;
 
   if (yp_get_default_domain (&domain))
     return NSS_STATUS_UNAVAIL;
@@ -233,15 +334,63 @@ _nss_nis_getpwuid_r (uid_t uid, struct passwd *pwd,
       return retval;
     }
 
-  if ((size_t) (len + 1) > buflen)
+  /* Check for adjunct style secret passwords.  They can be recognized
+     by a password starting with "##".  */
+  p = strchr (result, ':');
+  if (p != NULL	/* This better should be true in all cases.  */
+      && p[1] == '#' && p[2] == '#'
+      && (namelen = p - result,
+	  yp_match (domain, "passwd.adjunct.byname", result, namelen,
+		    &result2, &len2)) == YPERR_SUCCESS)
     {
-      free (result);
-      *errnop = ERANGE;
-      return NSS_STATUS_TRYAGAIN;
+      /* We found a passwd.adjunct entry.  Merge encrypted password
+	 therein into original result.  */
+      char *encrypted = strchr (result2, ':');
+      char *endp;
+      size_t restlen;
+
+      if (encrypted != NULL
+	  || (endp = strchr (++encrypted, ':')) == NULL
+	  || (p = strchr (p + 1, ':')) == NULL)
+	{
+	  /* Invalid format of the entry.  This never should happen
+	     unless the data from which the NIS table is generated is
+	     wrong.  We simply ignore it.  */
+	  free (result2);
+	  goto non_adjunct;
+	}
+
+      restlen = len - (p - result);
+      if ((size_t) (namelen + (endp - encrypted) + restlen + 2) > buflen)
+	{
+	  free (result2);
+	  free (result);
+	  *errnop = ERANGE;
+	  return NSS_STATUS_TRYAGAIN;
+	}
+
+      __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, result, namelen),
+				       ":", 1),
+			    encrypted, endp - encrypted),
+		 p, restlen + 1);
+      p = buffer;
+
+      free (result2);
+    }
+  else
+    {
+    non_adjunct:
+      if ((size_t) (len + 1) > buflen)
+	{
+	  free (result);
+	  *errnop = ERANGE;
+	  return NSS_STATUS_TRYAGAIN;
+	}
+
+      p = strncpy (buffer, result, len);
+      buffer[len] = '\0';
     }
 
-  p = strncpy (buffer, result, len);
-  buffer[len] = '\0';
   while (isspace (*p))
     ++p;
   free (result);
-- 
cgit v1.2.3