2 * Copyright (c) 2003 Networks Associates Technology, Inc.
5 * This software was developed for the FreeBSD Project by
6 * Jacques A. Vidrine, Safeport Network Services, and Network
7 * Associates Laboratories, the Security Research Division of Network
8 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * $FreeBSD: src/lib/libc/gen/getpwent.c,v 1.90 2006/04/28 12:03:35 ume Exp $
35 #include "namespace.h"
36 #include <sys/param.h>
39 #include <rpcsvc/yp_prot.h>
40 #include <rpcsvc/ypclnt.h>
42 #include <arpa/inet.h>
51 #include <pthread_np.h>
58 #include "un-namespace.h"
60 #include "libc_private.h"
68 #define CTASSERT(x) _CTASSERT(x, __LINE__)
69 #define _CTASSERT(x, y) __CTASSERT(x, y)
70 #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1]
73 /* Counter as stored in /etc/pwd.db */
76 CTASSERT(MAXLOGNAME > sizeof(uid_t));
77 CTASSERT(MAXLOGNAME > sizeof(pwkeynum));
80 PWD_STORAGE_INITIAL = 1 << 10, /* 1 KByte */
81 PWD_STORAGE_MAX = 1 << 20, /* 1 MByte */
87 static const ns_src defaultsrc[] = {
88 { NSSRC_COMPAT, NS_SUCCESS },
92 int __pw_match_entry(const char *, size_t, enum nss_lookup_type,
94 int __pw_parse_entry(char *, size_t, struct passwd *, int, int *errnop);
96 static void pwd_init(struct passwd *);
103 static struct passwd *getpw(int (*fn)(union key, struct passwd *, char *,
104 size_t, struct passwd **), union key);
105 static int wrap_getpwnam_r(union key, struct passwd *, char *,
106 size_t, struct passwd **);
107 static int wrap_getpwuid_r(union key, struct passwd *, char *, size_t,
109 static int wrap_getpwent_r(union key, struct passwd *, char *, size_t,
112 static int pwdb_match_entry_v3(char *, size_t, enum nss_lookup_type,
113 const char *, uid_t);
114 static int pwdb_parse_entry_v3(char *, size_t, struct passwd *, int *);
115 static int pwdb_match_entry_v4(char *, size_t, enum nss_lookup_type,
116 const char *, uid_t);
117 static int pwdb_parse_entry_v4(char *, size_t, struct passwd *, int *);
121 int (*match)(char *, size_t, enum nss_lookup_type, const char *,
123 int (*parse)(char *, size_t, struct passwd *, int *);
124 } pwdb_versions[] = {
125 { NULL, NULL }, /* version 0 */
126 { NULL, NULL }, /* version 1 */
127 { NULL, NULL }, /* version 2 */
128 { pwdb_match_entry_v3, pwdb_parse_entry_v3 }, /* version 3 */
129 { pwdb_match_entry_v4, pwdb_parse_entry_v4 }, /* version 4 */
139 static void files_endstate(void *);
140 NSS_TLS_HANDLING(files);
141 static DB *pwdbopen(int *);
142 static void files_endstate(void *);
143 static int files_setpwent(void *, void *, va_list);
144 static int files_passwd(void *, void *, va_list);
151 static void dns_endstate(void *);
152 NSS_TLS_HANDLING(dns);
153 static int dns_setpwent(void *, void *, va_list);
154 static int dns_passwd(void *, void *, va_list);
160 char domain[MAXHOSTNAMELEN];
165 static void nis_endstate(void *);
166 NSS_TLS_HANDLING(nis);
167 static int nis_setpwent(void *, void *, va_list);
168 static int nis_passwd(void *, void *, va_list);
169 static int nis_map(char *, enum nss_lookup_type, char *, size_t, int *);
170 static int nis_adjunct(char *, const char *, char *, size_t);
174 struct compat_state {
180 struct passwd template;
189 static void compat_endstate(void *);
190 NSS_TLS_HANDLING(compat);
191 static int compat_setpwent(void *, void *, va_list);
192 static int compat_passwd(void *, void *, va_list);
193 static void compat_clear_template(struct passwd *);
194 static int compat_set_template(struct passwd *, struct passwd *);
195 static int compat_use_template(struct passwd *, struct passwd *, char *,
197 static int compat_redispatch(struct compat_state *, enum nss_lookup_type,
198 enum nss_lookup_type, const char *, const char *, uid_t,
199 struct passwd *, char *, size_t, int *);
202 static int pwd_id_func(char *, size_t *, va_list ap, void *);
203 static int pwd_marshal_func(char *, size_t *, void *, va_list, void *);
204 static int pwd_unmarshal_func(char *, size_t, void *, va_list, void *);
207 pwd_id_func(char *buffer, size_t *buffer_size, va_list ap, void *cache_mdata)
211 size_t size, desired_size;
212 int res = NS_UNAVAIL;
213 enum nss_lookup_type lookup_type;
215 lookup_type = (enum nss_lookup_type)cache_mdata;
216 switch (lookup_type) {
218 name = va_arg(ap, char *);
220 desired_size = sizeof(enum nss_lookup_type) + size + 1;
221 if (desired_size > *buffer_size) {
226 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
227 memcpy(buffer + sizeof(enum nss_lookup_type), name, size + 1);
232 uid = va_arg(ap, uid_t);
233 desired_size = sizeof(enum nss_lookup_type) + sizeof(uid_t);
234 if (desired_size > *buffer_size) {
239 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
240 memcpy(buffer + sizeof(enum nss_lookup_type), &uid,
246 /* should be unreachable */
251 *buffer_size = desired_size;
256 pwd_marshal_func(char *buffer, size_t *buffer_size, void *retval __unused,
257 va_list ap, void *cache_mdata)
262 char *orig_buf __unused;
263 size_t orig_buf_size __unused;
265 struct passwd new_pwd;
266 size_t desired_size, size;
269 switch ((enum nss_lookup_type)cache_mdata) {
271 name = va_arg(ap, char *);
274 uid = va_arg(ap, uid_t);
279 /* should be unreachable */
283 pwd = va_arg(ap, struct passwd *);
284 orig_buf = va_arg(ap, char *);
285 orig_buf_size = va_arg(ap, size_t);
287 desired_size = sizeof(struct passwd) + sizeof(char *) +
288 strlen(pwd->pw_name) + 1;
289 if (pwd->pw_passwd != NULL)
290 desired_size += strlen(pwd->pw_passwd) + 1;
291 if (pwd->pw_class != NULL)
292 desired_size += strlen(pwd->pw_class) + 1;
293 if (pwd->pw_gecos != NULL)
294 desired_size += strlen(pwd->pw_gecos) + 1;
295 if (pwd->pw_dir != NULL)
296 desired_size += strlen(pwd->pw_dir) + 1;
297 if (pwd->pw_shell != NULL)
298 desired_size += strlen(pwd->pw_shell) + 1;
300 if (*buffer_size < desired_size) {
301 /* this assignment is here for future use */
302 *buffer_size = desired_size;
306 memcpy(&new_pwd, pwd, sizeof(struct passwd));
307 memset(buffer, 0, desired_size);
309 *buffer_size = desired_size;
310 p = buffer + sizeof(struct passwd) + sizeof(char *);
311 memcpy(buffer + sizeof(struct passwd), &p, sizeof(char *));
313 if (new_pwd.pw_name != NULL) {
314 size = strlen(new_pwd.pw_name);
315 memcpy(p, new_pwd.pw_name, size);
320 if (new_pwd.pw_passwd != NULL) {
321 size = strlen(new_pwd.pw_passwd);
322 memcpy(p, new_pwd.pw_passwd, size);
323 new_pwd.pw_passwd = p;
327 if (new_pwd.pw_class != NULL) {
328 size = strlen(new_pwd.pw_class);
329 memcpy(p, new_pwd.pw_class, size);
330 new_pwd.pw_class = p;
334 if (new_pwd.pw_gecos != NULL) {
335 size = strlen(new_pwd.pw_gecos);
336 memcpy(p, new_pwd.pw_gecos, size);
337 new_pwd.pw_gecos = p;
341 if (new_pwd.pw_dir != NULL) {
342 size = strlen(new_pwd.pw_dir);
343 memcpy(p, new_pwd.pw_dir, size);
348 if (new_pwd.pw_shell != NULL) {
349 size = strlen(new_pwd.pw_shell);
350 memcpy(p, new_pwd.pw_shell, size);
351 new_pwd.pw_shell = p;
355 memcpy(buffer, &new_pwd, sizeof(struct passwd));
360 pwd_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
367 size_t orig_buf_size;
372 switch ((enum nss_lookup_type)cache_mdata) {
374 name = va_arg(ap, char *);
377 uid = va_arg(ap, uid_t);
382 /* should be unreachable */
386 pwd = va_arg(ap, struct passwd *);
387 orig_buf = va_arg(ap, char *);
388 orig_buf_size = va_arg(ap, size_t);
389 ret_errno = va_arg(ap, int *);
392 buffer_size - sizeof(struct passwd) - sizeof(char *)) {
397 memcpy(pwd, buffer, sizeof(struct passwd));
398 memcpy(&p, buffer + sizeof(struct passwd), sizeof(char *));
399 memcpy(orig_buf, buffer + sizeof(struct passwd) + sizeof(char *),
400 buffer_size - sizeof(struct passwd) - sizeof(char *));
402 NS_APPLY_OFFSET(pwd->pw_name, orig_buf, p, char *);
403 NS_APPLY_OFFSET(pwd->pw_passwd, orig_buf, p, char *);
404 NS_APPLY_OFFSET(pwd->pw_class, orig_buf, p, char *);
405 NS_APPLY_OFFSET(pwd->pw_gecos, orig_buf, p, char *);
406 NS_APPLY_OFFSET(pwd->pw_dir, orig_buf, p, char *);
407 NS_APPLY_OFFSET(pwd->pw_shell, orig_buf, p, char *);
410 *((struct passwd **)retval) = pwd;
415 NSS_MP_CACHE_HANDLING(passwd);
416 #endif /* NS_CACHING */
422 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
423 passwd, (void *)nss_lt_all,
427 static const ns_dtab dtab[] = {
428 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
430 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
433 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
435 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
437 NS_CACHE_CB(&cache_info)
441 _nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, 0);
446 setpassent(int stayopen)
449 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
450 passwd, (void *)nss_lt_all,
454 static const ns_dtab dtab[] = {
455 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
457 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
460 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
462 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
464 NS_CACHE_CB(&cache_info)
468 _nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, stayopen);
477 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
478 passwd, (void *)nss_lt_all,
482 static const ns_dtab dtab[] = {
483 { NSSRC_FILES, files_setpwent, (void *)ENDPWENT },
485 { NSSRC_DNS, dns_setpwent, (void *)ENDPWENT },
488 { NSSRC_NIS, nis_setpwent, (void *)ENDPWENT },
490 { NSSRC_COMPAT, compat_setpwent, (void *)ENDPWENT },
492 NS_CACHE_CB(&cache_info)
496 _nsdispatch(NULL, dtab, NSDB_PASSWD, "endpwent", defaultsrc);
501 getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
502 struct passwd **result)
505 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
506 passwd, (void *)nss_lt_all,
507 pwd_marshal_func, pwd_unmarshal_func);
510 static const ns_dtab dtab[] = {
511 { NSSRC_FILES, files_passwd, (void *)nss_lt_all },
513 { NSSRC_DNS, dns_passwd, (void *)nss_lt_all },
516 { NSSRC_NIS, nis_passwd, (void *)nss_lt_all },
518 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_all },
520 NS_CACHE_CB(&cache_info)
529 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwent_r", defaultsrc,
530 pwd, buffer, bufsize, &ret_errno);
531 if (rv == NS_SUCCESS)
539 getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t bufsize,
540 struct passwd **result)
543 static const nss_cache_info cache_info =
544 NS_COMMON_CACHE_INFO_INITIALIZER(
545 passwd, (void *)nss_lt_name,
546 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
549 static const ns_dtab dtab[] = {
550 { NSSRC_FILES, files_passwd, (void *)nss_lt_name },
552 { NSSRC_DNS, dns_passwd, (void *)nss_lt_name },
555 { NSSRC_NIS, nis_passwd, (void *)nss_lt_name },
557 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_name },
559 NS_CACHE_CB(&cache_info)
568 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwnam_r", defaultsrc,
569 name, pwd, buffer, bufsize, &ret_errno);
570 if (rv == NS_SUCCESS)
578 getpwuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize,
579 struct passwd **result)
582 static const nss_cache_info cache_info =
583 NS_COMMON_CACHE_INFO_INITIALIZER(
584 passwd, (void *)nss_lt_id,
585 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
588 static const ns_dtab dtab[] = {
589 { NSSRC_FILES, files_passwd, (void *)nss_lt_id },
591 { NSSRC_DNS, dns_passwd, (void *)nss_lt_id },
594 { NSSRC_NIS, nis_passwd, (void *)nss_lt_id },
596 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_id },
598 NS_CACHE_CB(&cache_info)
607 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwuid_r", defaultsrc,
608 uid, pwd, buffer, bufsize, &ret_errno);
609 if (rv == NS_SUCCESS)
617 pwd_init(struct passwd *pwd)
619 static char nul[] = "";
621 memset(pwd, 0, sizeof(*pwd));
622 pwd->pw_uid = (uid_t)-1; /* Considered least likely to lead to */
623 pwd->pw_gid = (gid_t)-1; /* a security issue. */
625 pwd->pw_passwd = nul;
633 static struct passwd pwd;
634 static char *pwd_storage;
635 static size_t pwd_storage_size;
638 static struct passwd *
639 getpw(int (*fn)(union key, struct passwd *, char *, size_t, struct passwd **),
645 if (pwd_storage == NULL) {
646 pwd_storage = malloc(PWD_STORAGE_INITIAL);
647 if (pwd_storage == NULL)
649 pwd_storage_size = PWD_STORAGE_INITIAL;
652 rv = fn(key, &pwd, pwd_storage, pwd_storage_size, &res);
653 if (res == NULL && rv == ERANGE) {
655 if ((pwd_storage_size << 1) > PWD_STORAGE_MAX) {
660 pwd_storage_size <<= 1;
661 pwd_storage = malloc(pwd_storage_size);
662 if (pwd_storage == NULL)
665 } while (res == NULL && rv == ERANGE);
673 wrap_getpwnam_r(union key key, struct passwd *pwd, char *buffer,
674 size_t bufsize, struct passwd **res)
676 return (getpwnam_r(key.name, pwd, buffer, bufsize, res));
681 wrap_getpwuid_r(union key key, struct passwd *pwd, char *buffer,
682 size_t bufsize, struct passwd **res)
684 return (getpwuid_r(key.uid, pwd, buffer, bufsize, res));
689 wrap_getpwent_r(union key key __unused, struct passwd *pwd, char *buffer,
690 size_t bufsize, struct passwd **res)
692 return (getpwent_r(pwd, buffer, bufsize, res));
697 getpwnam(const char *name)
702 return (getpw(wrap_getpwnam_r, key));
712 return (getpw(wrap_getpwuid_r, key));
721 key.uid = 0; /* not used */
722 return (getpw(wrap_getpwent_r, key));
730 pwdbopen(int *version)
736 if (geteuid() != 0 ||
737 (res = dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) == NULL)
738 res = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
741 key.data = _PWD_VERSION_KEY;
742 key.size = strlen(_PWD_VERSION_KEY);
743 rv = res->get(res, &key, &entry, 0);
745 *version = *(unsigned char *)entry.data;
749 *version >= sizeof(pwdb_versions)/sizeof(pwdb_versions[0])) {
750 syslog(LOG_CRIT, "Unsupported password database version %d",
760 files_endstate(void *p)
766 db = ((struct files_state *)p)->db;
774 files_setpwent(void *retval __unused, void *mdata, va_list ap)
776 struct files_state *st;
779 rv = files_getstate(&st);
782 switch ((enum constants)mdata) {
784 stayopen = va_arg(ap, int);
787 st->db = pwdbopen(&st->version);
788 st->stayopen = stayopen;
791 if (st->db != NULL) {
792 st->db->close(st->db);
804 files_passwd(void *retval, void *mdata, va_list ap)
806 char keybuf[MAXLOGNAME + 1];
808 struct files_state *st;
809 enum nss_lookup_type how;
813 size_t bufsize, namesize;
816 int rv, stayopen, *errnop;
820 how = (enum nss_lookup_type)mdata;
823 name = va_arg(ap, const char *);
824 keybuf[0] = _PW_KEYBYNAME;
827 uid = va_arg(ap, uid_t);
828 keybuf[0] = _PW_KEYBYUID;
831 keybuf[0] = _PW_KEYBYNUM;
837 pwd = va_arg(ap, struct passwd *);
838 buffer = va_arg(ap, char *);
839 bufsize = va_arg(ap, size_t);
840 errnop = va_arg(ap, int *);
841 *errnop = files_getstate(&st);
844 if (how == nss_lt_all && st->keynum < 0) {
848 if (st->db == NULL &&
849 (st->db = pwdbopen(&st->version)) == NULL) {
854 if (how == nss_lt_all)
857 stayopen = st->stayopen;
862 /* MAXLOGNAME includes NUL byte, but we do not
863 * include the NUL byte in the key.
865 namesize = strlcpy(&keybuf[1], name, sizeof(keybuf)-1);
866 if (namesize >= sizeof(keybuf)-1) {
871 key.size = namesize + 1;
874 if (st->version < _PWD_CURRENT_VERSION) {
875 memcpy(&keybuf[1], &uid, sizeof(uid));
876 key.size = sizeof(uid) + 1;
879 memcpy(&keybuf[1], &store, sizeof(store));
880 key.size = sizeof(store) + 1;
885 if (st->version < _PWD_CURRENT_VERSION) {
886 memcpy(&keybuf[1], &st->keynum,
888 key.size = sizeof(st->keynum) + 1;
890 store = htonl(st->keynum);
891 memcpy(&keybuf[1], &store, sizeof(store));
892 key.size = sizeof(store) + 1;
896 keybuf[0] = _PW_VERSIONED(keybuf[0], st->version);
897 rv = st->db->get(st->db, &key, &entry, 0);
898 if (rv < 0 || rv > 1) { /* should never return > 1 */
902 } else if (rv == 1) {
903 if (how == nss_lt_all)
908 rv = pwdb_versions[st->version].match(entry.data, entry.size,
910 if (rv != NS_SUCCESS)
912 if (entry.size > bufsize) {
917 memcpy(buffer, entry.data, entry.size);
918 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
920 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
922 if (!stayopen && st->db != NULL) {
923 st->db->close(st->db);
926 if (rv == NS_SUCCESS) {
927 pwd->pw_fields &= ~_PWF_SOURCE;
928 pwd->pw_fields |= _PWF_FILES;
930 *(struct passwd **)retval = pwd;
937 pwdb_match_entry_v3(char *entry, size_t entrysize, enum nss_lookup_type how,
938 const char *name, uid_t uid)
943 eom = &entry[entrysize];
944 for (p = entry; p < eom; p++)
948 return (NS_NOTFOUND);
949 if (how == nss_lt_all)
951 if (how == nss_lt_name)
952 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
953 for (p++; p < eom; p++)
956 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
957 return (NS_NOTFOUND);
958 memcpy(&uid2, p, sizeof(uid2));
959 return (uid == uid2 ? NS_SUCCESS : NS_NOTFOUND);
964 pwdb_parse_entry_v3(char *buffer, size_t bufsize, struct passwd *pwd,
965 int *errnop __unused)
968 int32_t pw_change, pw_expire;
970 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
972 eom = &buffer[bufsize];
973 #define STRING(field) do { \
975 while (p < eom && *p != '\0') \
978 return (NS_NOTFOUND); \
981 #define SCALAR(field) do { \
982 if (p + sizeof(field) > eom) \
983 return (NS_NOTFOUND); \
984 memcpy(&(field), p, sizeof(field)); \
985 p += sizeof(field); \
987 STRING(pwd->pw_name);
988 STRING(pwd->pw_passwd);
992 STRING(pwd->pw_class);
993 STRING(pwd->pw_gecos);
995 STRING(pwd->pw_shell);
997 SCALAR(pwd->pw_fields);
1000 pwd->pw_change = pw_change;
1001 pwd->pw_expire = pw_expire;
1002 return (NS_SUCCESS);
1007 pwdb_match_entry_v4(char *entry, size_t entrysize, enum nss_lookup_type how,
1008 const char *name, uid_t uid)
1010 const char *p, *eom;
1013 eom = &entry[entrysize];
1014 for (p = entry; p < eom; p++)
1018 return (NS_NOTFOUND);
1019 if (how == nss_lt_all)
1020 return (NS_SUCCESS);
1021 if (how == nss_lt_name)
1022 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
1023 for (p++; p < eom; p++)
1026 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
1027 return (NS_NOTFOUND);
1028 memcpy(&uid2, p, sizeof(uid2));
1030 return (uid == (uid_t)uid2 ? NS_SUCCESS : NS_NOTFOUND);
1035 pwdb_parse_entry_v4(char *buffer, size_t bufsize, struct passwd *pwd,
1036 int *errnop __unused)
1041 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
1043 eom = &buffer[bufsize];
1044 #define STRING(field) do { \
1046 while (p < eom && *p != '\0') \
1049 return (NS_NOTFOUND); \
1052 #define SCALAR(field) do { \
1053 if (p + sizeof(n) > eom) \
1054 return (NS_NOTFOUND); \
1055 memcpy(&n, p, sizeof(n)); \
1056 (field) = ntohl(n); \
1059 STRING(pwd->pw_name);
1060 STRING(pwd->pw_passwd);
1061 SCALAR(pwd->pw_uid);
1062 SCALAR(pwd->pw_gid);
1063 SCALAR(pwd->pw_change);
1064 STRING(pwd->pw_class);
1065 STRING(pwd->pw_gecos);
1066 STRING(pwd->pw_dir);
1067 STRING(pwd->pw_shell);
1068 SCALAR(pwd->pw_expire);
1069 SCALAR(pwd->pw_fields);
1072 return (NS_SUCCESS);
1081 dns_endstate(void *p)
1088 dns_setpwent(void *retval, void *mdata, va_list ap)
1090 struct dns_state *st;
1093 rv = dns_getstate(&st);
1095 return (NS_UNAVAIL);
1097 return (NS_UNAVAIL);
1102 dns_passwd(void *retval, void *mdata, va_list ap)
1104 char buf[HESIOD_NAME_MAX];
1105 struct dns_state *st;
1107 const char *name, *label;
1109 char *buffer, **hes;
1110 size_t bufsize, linesize;
1112 enum nss_lookup_type how;
1119 how = (enum nss_lookup_type)mdata;
1122 name = va_arg(ap, const char *);
1125 uid = va_arg(ap, uid_t);
1130 pwd = va_arg(ap, struct passwd *);
1131 buffer = va_arg(ap, char *);
1132 bufsize = va_arg(ap, size_t);
1133 errnop = va_arg(ap, int *);
1134 *errnop = dns_getstate(&st);
1136 return (NS_UNAVAIL);
1137 if (hesiod_init(&ctx) != 0) {
1149 if (snprintf(buf, sizeof(buf), "%lu",
1150 (unsigned long)uid) >= sizeof(buf))
1155 if (st->counter < 0)
1157 if (snprintf(buf, sizeof(buf), "passwd-%ld",
1158 st->counter++) >= sizeof(buf))
1163 hes = hesiod_resolve(ctx, label,
1164 how == nss_lt_id ? "uid" : "passwd");
1166 if (how == nss_lt_all)
1168 if (errno != ENOENT)
1172 rv = __pw_match_entry(hes[0], strlen(hes[0]), how, name, uid);
1173 if (rv != NS_SUCCESS) {
1174 hesiod_free_list(ctx, hes);
1178 linesize = strlcpy(buffer, hes[0], bufsize);
1179 if (linesize >= bufsize) {
1184 hesiod_free_list(ctx, hes);
1186 rv = __pw_parse_entry(buffer, bufsize, pwd, 0, errnop);
1187 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1190 hesiod_free_list(ctx, hes);
1193 if (rv == NS_SUCCESS) {
1194 pwd->pw_fields &= ~_PWF_SOURCE;
1195 pwd->pw_fields |= _PWF_HESIOD;
1197 *(struct passwd **)retval = pwd;
1209 nis_endstate(void *p)
1211 free(((struct nis_state *)p)->key);
1216 * Test for the presence of special FreeBSD-specific master.passwd.by*
1217 * maps. We do this using yp_order(). If it fails, then either the server
1218 * doesn't have the map, or the YPPROC_ORDER procedure isn't supported by
1219 * the server (Sun NIS+ servers in YP compat mode behave this way). If
1220 * the master.passwd.by* maps don't exist, then let the lookup routine try
1221 * the regular passwd.by* maps instead. If the lookup routine fails, it
1222 * can return an error as needed.
1225 nis_map(char *domain, enum nss_lookup_type how, char *buffer, size_t bufsize,
1231 if (geteuid() == 0) {
1232 if (snprintf(buffer, bufsize, "master.passwd.by%s",
1233 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1234 return (NS_UNAVAIL);
1235 rv = yp_order(domain, buffer, &order);
1238 return (NS_SUCCESS);
1242 if (snprintf(buffer, bufsize, "passwd.by%s",
1243 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1244 return (NS_UNAVAIL);
1246 return (NS_SUCCESS);
1251 nis_adjunct(char *domain, const char *name, char *buffer, size_t bufsize)
1254 char *result, *p, *q, *eor;
1258 rv = yp_match(domain, "passwd.adjunct.byname", name, strlen(name),
1259 &result, &resultlen);
1263 eor = &result[resultlen];
1264 p = memchr(result, ':', eor - result);
1265 if (p != NULL && ++p < eor &&
1266 (q = memchr(p, ':', eor - p)) != NULL) {
1267 if (q - p >= bufsize)
1270 memcpy(buffer, p, q - p);
1271 buffer[q - p] ='\0';
1282 nis_setpwent(void *retval __unused, void *mdata __unused, va_list ap __unused)
1284 struct nis_state *st;
1287 rv = nis_getstate(&st);
1289 return (NS_UNAVAIL);
1293 return (NS_UNAVAIL);
1298 nis_passwd(void *retval, void *mdata, va_list ap)
1301 struct nis_state *st;
1304 char *buffer, *key, *result;
1307 enum nss_lookup_type how;
1308 int *errnop, keylen, resultlen, rv, master;
1312 how = (enum nss_lookup_type)mdata;
1315 name = va_arg(ap, const char *);
1318 uid = va_arg(ap, uid_t);
1323 pwd = va_arg(ap, struct passwd *);
1324 buffer = va_arg(ap, char *);
1325 bufsize = va_arg(ap, size_t);
1326 errnop = va_arg(ap, int *);
1327 *errnop = nis_getstate(&st);
1329 return (NS_UNAVAIL);
1330 if (st->domain[0] == '\0') {
1331 if (getdomainname(st->domain, sizeof(st->domain)) != 0) {
1333 return (NS_UNAVAIL);
1336 rv = nis_map(st->domain, how, map, sizeof(map), &master);
1337 if (rv != NS_SUCCESS)
1344 if (strlcpy(buffer, name, bufsize) >= bufsize)
1348 if (snprintf(buffer, bufsize, "%lu",
1349 (unsigned long)uid) >= bufsize)
1358 if (how == nss_lt_all) {
1359 if (st->key == NULL)
1360 rv = yp_first(st->domain, map, &st->key,
1361 &st->keylen, &result, &resultlen);
1364 keylen = st->keylen;
1366 rv = yp_next(st->domain, map, key, keylen,
1367 &st->key, &st->keylen, &result,
1375 if (rv == YPERR_NOMORE)
1382 rv = yp_match(st->domain, map, buffer, strlen(buffer),
1383 &result, &resultlen);
1384 if (rv == YPERR_KEY) {
1387 } else if (rv != 0) {
1393 if (resultlen >= bufsize)
1395 memcpy(buffer, result, resultlen);
1396 buffer[resultlen] = '\0';
1398 rv = __pw_match_entry(buffer, resultlen, how, name, uid);
1399 if (rv == NS_SUCCESS)
1400 rv = __pw_parse_entry(buffer, resultlen, pwd, master,
1402 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1404 if (rv == NS_SUCCESS) {
1405 if (strstr(pwd->pw_passwd, "##") != NULL) {
1406 rv = nis_adjunct(st->domain, pwd->pw_name,
1407 &buffer[resultlen+1], bufsize-resultlen-1);
1411 pwd->pw_passwd = &buffer[resultlen+1];
1413 pwd->pw_fields &= ~_PWF_SOURCE;
1414 pwd->pw_fields |= _PWF_NIS;
1416 *(struct passwd **)retval = pwd;
1431 compat_clear_template(struct passwd *template)
1434 free(template->pw_passwd);
1435 free(template->pw_gecos);
1436 free(template->pw_dir);
1437 free(template->pw_shell);
1438 memset(template, 0, sizeof(*template));
1443 compat_set_template(struct passwd *src, struct passwd *template)
1446 compat_clear_template(template);
1447 #ifdef PW_OVERRIDE_PASSWD
1448 if ((src->pw_fields & _PWF_PASSWD) &&
1449 (template->pw_passwd = strdup(src->pw_passwd)) == NULL)
1452 if (src->pw_fields & _PWF_UID)
1453 template->pw_uid = src->pw_uid;
1454 if (src->pw_fields & _PWF_GID)
1455 template->pw_gid = src->pw_gid;
1456 if ((src->pw_fields & _PWF_GECOS) &&
1457 (template->pw_gecos = strdup(src->pw_gecos)) == NULL)
1459 if ((src->pw_fields & _PWF_DIR) &&
1460 (template->pw_dir = strdup(src->pw_dir)) == NULL)
1462 if ((src->pw_fields & _PWF_SHELL) &&
1463 (template->pw_shell = strdup(src->pw_shell)) == NULL)
1465 template->pw_fields = src->pw_fields;
1468 syslog(LOG_ERR, "getpwent memory allocation failure");
1474 compat_use_template(struct passwd *pwd, struct passwd *template, char *buffer,
1478 char *copy, *p, *q, *eob;
1481 /* We cannot know the layout of the password fields in `buffer',
1482 * so we have to copy everything.
1484 if (template->pw_fields == 0) /* nothing to fill-in */
1487 n += pwd->pw_name != NULL ? strlen(pwd->pw_name) + 1 : 0;
1488 n += pwd->pw_passwd != NULL ? strlen(pwd->pw_passwd) + 1 : 0;
1489 n += pwd->pw_class != NULL ? strlen(pwd->pw_class) + 1 : 0;
1490 n += pwd->pw_gecos != NULL ? strlen(pwd->pw_gecos) + 1 : 0;
1491 n += pwd->pw_dir != NULL ? strlen(pwd->pw_dir) + 1 : 0;
1492 n += pwd->pw_shell != NULL ? strlen(pwd->pw_shell) + 1 : 0;
1495 syslog(LOG_ERR, "getpwent memory allocation failure");
1500 #define COPY(field) do { \
1501 if (pwd->field == NULL) \
1502 hold.field = NULL; \
1505 p += strlcpy(p, pwd->field, eob-p) + 1; \
1516 eob = &buffer[bufsize];
1517 #define COPY(field, flag) do { \
1518 q = (template->pw_fields & flag) ? template->field : hold.field; \
1520 pwd->field = NULL; \
1523 if ((n = strlcpy(p, q, eob-p)) >= eob-p) { \
1531 #ifdef PW_OVERRIDE_PASSWD
1532 COPY(pw_passwd, _PWF_PASSWD);
1537 COPY(pw_gecos, _PWF_GECOS);
1538 COPY(pw_dir, _PWF_DIR);
1539 COPY(pw_shell, _PWF_SHELL);
1541 #define COPY(field, flag) do { \
1542 if (template->pw_fields & flag) \
1543 pwd->field = template->field; \
1545 COPY(pw_uid, _PWF_UID);
1546 COPY(pw_gid, _PWF_GID);
1554 compat_exclude(const char *name, DB **db)
1559 (*db = dbopen(NULL, O_RDWR, 600, DB_HASH, 0)) == NULL)
1561 key.size = strlen(name);
1562 key.data = (char *)name;
1566 if ((*db)->put(*db, &key, &data, 0) == -1)
1573 compat_is_excluded(const char *name, DB *db)
1579 key.size = strlen(name);
1580 key.data = (char *)name;
1581 return (db->get(db, &key, &data, 0) == 0);
1586 compat_redispatch(struct compat_state *st, enum nss_lookup_type how,
1587 enum nss_lookup_type lookup_how, const char *name, const char *lookup_name,
1588 uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, int *errnop)
1590 static const ns_src compatsrc[] = {
1592 { NSSRC_NIS, NS_SUCCESS },
1598 { NSSRC_NIS, nis_passwd, NULL },
1601 { NSSRC_DNS, dns_passwd, NULL },
1603 { NULL, NULL, NULL }
1608 for (i = 0; i < sizeof(dtab)/sizeof(dtab[0]) - 1; i++)
1609 dtab[i].mdata = (void *)lookup_how;
1612 switch (lookup_how) {
1614 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1615 "getpwent_r", compatsrc, pwd, buffer, bufsize,
1619 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1620 "getpwuid_r", compatsrc, uid, pwd, buffer,
1624 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1625 "getpwnam_r", compatsrc, lookup_name, pwd, buffer,
1629 return (NS_UNAVAIL);
1631 if (rv != NS_SUCCESS)
1633 if (compat_is_excluded(pwd->pw_name, st->exclude)) {
1634 if (how == nss_lt_all)
1636 return (NS_NOTFOUND);
1638 e = compat_use_template(pwd, &st->template, buffer, bufsize);
1644 return (NS_UNAVAIL);
1648 if (strcmp(name, pwd->pw_name) != 0)
1649 return (NS_NOTFOUND);
1652 if (uid != pwd->pw_uid)
1653 return (NS_NOTFOUND);
1658 return (NS_SUCCESS);
1663 compat_endstate(void *p)
1665 struct compat_state *st;
1669 st = (struct compat_state *)p;
1671 st->db->close(st->db);
1672 if (st->exclude != NULL)
1673 st->exclude->close(st->exclude);
1674 compat_clear_template(&st->template);
1680 compat_setpwent(void *retval __unused, void *mdata, va_list ap)
1682 static const ns_src compatsrc[] = {
1684 { NSSRC_NIS, NS_SUCCESS },
1690 { NSSRC_NIS, nis_setpwent, NULL },
1693 { NSSRC_DNS, dns_setpwent, NULL },
1695 { NULL, NULL, NULL }
1697 struct compat_state *st;
1700 #define set_setent(x, y) do { \
1703 for (i = 0; i < (sizeof(x)/sizeof(x[0])) - 1; i++) \
1704 x[i].mdata = (void *)y; \
1707 rv = compat_getstate(&st);
1709 return (NS_UNAVAIL);
1710 switch ((enum constants)mdata) {
1712 stayopen = va_arg(ap, int);
1715 st->db = pwdbopen(&st->version);
1716 st->stayopen = stayopen;
1717 set_setent(dtab, mdata);
1718 _nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "setpwent",
1722 if (st->db != NULL) {
1723 st->db->close(st->db);
1726 set_setent(dtab, mdata);
1727 _nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "endpwent",
1733 return (NS_UNAVAIL);
1739 compat_passwd(void *retval, void *mdata, va_list ap)
1741 char keybuf[MAXLOGNAME + 1];
1743 struct compat_state *st;
1744 enum nss_lookup_type how;
1747 char *buffer, *pw_name;
1748 char *host, *user, *domain;
1752 int rv, from_compat, stayopen, *errnop;
1757 how = (enum nss_lookup_type)mdata;
1760 name = va_arg(ap, const char *);
1763 uid = va_arg(ap, uid_t);
1771 pwd = va_arg(ap, struct passwd *);
1772 buffer = va_arg(ap, char *);
1773 bufsize = va_arg(ap, size_t);
1774 errnop = va_arg(ap, int *);
1775 *errnop = compat_getstate(&st);
1777 return (NS_UNAVAIL);
1778 if (how == nss_lt_all && st->keynum < 0) {
1782 if (st->db == NULL &&
1783 (st->db = pwdbopen(&st->version)) == NULL) {
1788 if (how == nss_lt_all) {
1789 if (st->keynum < 0) {
1796 stayopen = st->stayopen;
1800 switch (st->compat) {
1801 case COMPAT_MODE_ALL:
1802 rv = compat_redispatch(st, how, how, name, name, uid, pwd,
1803 buffer, bufsize, errnop);
1804 if (rv != NS_SUCCESS)
1805 st->compat = COMPAT_MODE_OFF;
1807 case COMPAT_MODE_NETGROUP:
1808 /* XXX getnetgrent is not thread-safe. */
1810 rv = getnetgrent(&host, &user, &domain);
1813 st->compat = COMPAT_MODE_OFF;
1816 } else if (user == NULL || user[0] == '\0')
1818 rv = compat_redispatch(st, how, nss_lt_name, name,
1819 user, uid, pwd, buffer, bufsize, errnop);
1820 } while (st->compat == COMPAT_MODE_NETGROUP &&
1821 !(rv & NS_TERMINATE));
1823 case COMPAT_MODE_NAME:
1824 rv = compat_redispatch(st, how, nss_lt_name, name, st->name,
1825 uid, pwd, buffer, bufsize, errnop);
1828 st->compat = COMPAT_MODE_OFF;
1833 if (rv & NS_TERMINATE) {
1839 while (st->keynum >= 0) {
1841 if (st->version < _PWD_CURRENT_VERSION) {
1842 memcpy(&keybuf[1], &st->keynum, sizeof(st->keynum));
1843 key.size = sizeof(st->keynum) + 1;
1845 store = htonl(st->keynum);
1846 memcpy(&keybuf[1], &store, sizeof(store));
1847 key.size = sizeof(store) + 1;
1849 keybuf[0] = _PW_VERSIONED(_PW_KEYBYNUM, st->version);
1850 rv = st->db->get(st->db, &key, &entry, 0);
1851 if (rv < 0 || rv > 1) { /* should never return > 1 */
1855 } else if (rv == 1) {
1860 pw_name = (char *)entry.data;
1861 switch (pw_name[0]) {
1863 switch (pw_name[1]) {
1865 st->compat = COMPAT_MODE_ALL;
1868 setnetgrent(&pw_name[2]);
1869 st->compat = COMPAT_MODE_NETGROUP;
1872 st->name = strdup(&pw_name[1]);
1873 if (st->name == NULL) {
1875 "getpwent memory allocation failure");
1880 st->compat = COMPAT_MODE_NAME;
1882 if (entry.size > bufsize) {
1887 memcpy(buffer, entry.data, entry.size);
1888 rv = pwdb_versions[st->version].parse(buffer,
1889 entry.size, pwd, errnop);
1890 if (rv != NS_SUCCESS)
1892 else if (compat_set_template(pwd, &st->template) < 0) {
1899 switch (pw_name[1]) {
1901 /* XXX Maybe syslog warning */
1904 setnetgrent(&pw_name[2]);
1905 while (getnetgrent(&host, &user, &domain) !=
1907 if (user != NULL && user[0] != '\0')
1908 compat_exclude(user,
1914 compat_exclude(&pw_name[1], &st->exclude);
1921 if (compat_is_excluded((char *)entry.data, st->exclude))
1923 rv = pwdb_versions[st->version].match(entry.data, entry.size,
1925 if (rv == NS_RETURN)
1927 else if (rv != NS_SUCCESS)
1929 if (entry.size > bufsize) {
1934 memcpy(buffer, entry.data, entry.size);
1935 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
1937 if (rv & NS_TERMINATE)
1941 if (!stayopen && st->db != NULL) {
1942 st->db->close(st->db);
1945 if (rv == NS_SUCCESS) {
1947 pwd->pw_fields &= ~_PWF_SOURCE;
1948 pwd->pw_fields |= _PWF_FILES;
1951 *(struct passwd **)retval = pwd;
1958 * common passwd line matching and parsing
1961 __pw_match_entry(const char *entry, size_t entrysize, enum nss_lookup_type how,
1962 const char *name, uid_t uid)
1964 const char *p, *eom;
1969 eom = entry + entrysize;
1970 for (p = entry; p < eom; p++)
1974 return (NS_NOTFOUND);
1975 if (how == nss_lt_all)
1976 return (NS_SUCCESS);
1977 if (how == nss_lt_name) {
1979 if (len == (p - entry) && memcmp(name, entry, len) == 0)
1980 return (NS_SUCCESS);
1982 return (NS_NOTFOUND);
1984 for (p++; p < eom; p++)
1988 return (NS_NOTFOUND);
1989 m = strtoul(++p, &q, 10);
1990 if (q[0] != ':' || (uid_t)m != uid)
1991 return (NS_NOTFOUND);
1993 return (NS_SUCCESS);
1997 /* XXX buffer must be NUL-terminated. errnop is not set correctly. */
1999 __pw_parse_entry(char *buffer, size_t bufsize __unused, struct passwd *pwd,
2000 int master, int *errnop __unused)
2003 if (__pw_scan(buffer, pwd, master ? _PWSCAN_MASTER : 0) == 0)
2004 return (NS_NOTFOUND);
2006 return (NS_SUCCESS);