Changeset 782 for server/common/oursrc/nss_nonlocal/nonlocal-passwd.c

Timestamp:

Jul 29, 2008, 7:18:13 AM (15 years ago)

Author:

andersk

Message:

Update to nss_nonlocal 1.7, which fixes the nscd bug.

File:

• server/common/oursrc/nss_nonlocal/nonlocal-passwd.c (modified) (8 diffs)

server/common/oursrc/nss_nonlocal/nonlocal-passwd.c

@@ -44 +44 @@
 #include "nonlocal.h"
 
-#define MAGIC_LOCAL_PW_BUFLEN (sysconf(_SC_GETPW_R_SIZE_MAX) + 7)
+
+enum nss_status
+_nss_nonlocal_getpwuid_r(uid_t uid, struct passwd *pwd,
+                         char *buffer, size_t buflen, int *errnop);
+enum nss_status
+_nss_nonlocal_getpwnam_r(const char *name, struct passwd *pwd,
+                         char *buffer, size_t buflen, int *errnop);
 
 
@@ -61 +67 @@
 check_nonlocal_uid(const char *user, uid_t uid, int *errnop)
 {
-    enum nss_status status = NSS_STATUS_SUCCESS;
+    static const char *fct_name = "getpwuid_r";
+    static service_user *startp = NULL;
+    static void *fct_start = NULL;
+    enum nss_status status;
+    service_user *nip;
+    union {
+        enum nss_status (*l)(uid_t uid, struct passwd *pwd,
+                             char *buffer, size_t buflen, int *errnop);
+        void *ptr;
+    } fct;
     struct passwd pwbuf;
-    struct passwd *pwbufp = &pwbuf;
-    int ret;
     int old_errno = errno;
-    int buflen = MAGIC_LOCAL_PW_BUFLEN;
+
+    int buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
     char *buf = malloc(buflen);
     if (buf == NULL) {
@@ -73 +87 @@
         return NSS_STATUS_TRYAGAIN;
     }
-    errno = 0;
-    ret = getpwuid_r(uid, pwbufp, buf, buflen, &pwbufp);
-    if (ret != 0) {
-        *errnop = errno;
-        status = NSS_STATUS_TRYAGAIN;
-    } else if (pwbufp != NULL) {
+
+    if (fct_start == NULL &&
+        __nss_passwd_lookup(&startp, fct_name, &fct_start) != 0) {
+        free(buf);
+        return NSS_STATUS_UNAVAIL;
+    }
+    nip = startp;
+    fct.ptr = fct_start;
+    do {
+        if (fct.l == _nss_nonlocal_getpwuid_r)
+            status = NSS_STATUS_NOTFOUND;
+        else
+            status = DL_CALL_FCT(fct.l, (uid, &pwbuf, buf, buflen, errnop));
+        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
+            break;
+    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
+
+    if (status == NSS_STATUS_SUCCESS) {
         syslog(LOG_ERR, "nss_nonlocal: possible spoofing attack: non-local user %s has same UID as local user %s!\n", user, pwbuf.pw_name);
         status = NSS_STATUS_NOTFOUND;
-    }
+    } else if (status != NSS_STATUS_TRYAGAIN) {
+        status = NSS_STATUS_SUCCESS;
+    }
+
     free(buf);
-    errno = old_errno;
     return status;
 }
@@ -90 +118 @@
 check_nonlocal_user(const char *user, int *errnop)
 {
-    enum nss_status status = NSS_STATUS_SUCCESS;
+    static const char *fct_name = "getpwnam_r";
+    static service_user *startp = NULL;
+    static void *fct_start = NULL;
+    enum nss_status status;
+    service_user *nip;
+    union {
+        enum nss_status (*l)(const char *name, struct passwd *pwd,
+                             char *buffer, size_t buflen, int *errnop);
+        void *ptr;
+    } fct;
     struct passwd pwbuf;
-    struct passwd *pwbufp = &pwbuf;
-    int ret;
     int old_errno = errno;
-    int buflen = MAGIC_LOCAL_PW_BUFLEN;
+
+    int buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
     char *buf = malloc(buflen);
     if (buf == NULL) {
@@ -102 +138 @@
         return NSS_STATUS_TRYAGAIN;
     }
-    errno = 0;
-    ret = getpwnam_r(user, pwbufp, buf, buflen, &pwbufp);
-    if (ret != 0) {
-        *errnop = errno;
-        status = NSS_STATUS_TRYAGAIN;
-    } else if (pwbufp != NULL) {
+
+    if (fct_start == NULL &&
+        __nss_passwd_lookup(&startp, fct_name, &fct_start) != 0) {
+        free(buf);
+        return NSS_STATUS_UNAVAIL;
+    }
+    nip = startp;
+    fct.ptr = fct_start;
+    do {
+        if (fct.l == _nss_nonlocal_getpwnam_r)
+            status = NSS_STATUS_NOTFOUND;
+        else
+            status = DL_CALL_FCT(fct.l, (user, &pwbuf, buf, buflen, errnop));
+        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
+            break;
+    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
+
+    if (status == NSS_STATUS_SUCCESS)
         status = NSS_STATUS_NOTFOUND;
-    }
+    else if (status != NSS_STATUS_TRYAGAIN)
+        status = NSS_STATUS_SUCCESS;
+
     free(buf);
-    errno = old_errno;
     return status;
 }
@@ -195 +244 @@
 
     char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV);
-    if (buflen == MAGIC_LOCAL_PW_BUFLEN ||
-        (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0'))
+    if (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0')
         return NSS_STATUS_UNAVAIL;
 
@@ -242 +290 @@
 
     char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV);
-    if (buflen == MAGIC_LOCAL_PW_BUFLEN ||
-        (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0'))
+    if (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0')
         return NSS_STATUS_UNAVAIL;
 
@@ -289 +336 @@
 
     char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV);
-    if (buflen == MAGIC_LOCAL_PW_BUFLEN ||
-        (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0'))
+    if (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0')
         return NSS_STATUS_UNAVAIL;