2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2003 Networks Associates Technology, Inc.
7 * This software was developed for the FreeBSD Project by
8 * Jacques A. Vidrine, Safeport Network Services, and Network
9 * Associates Laboratories, the Security Research Division of Network
10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
11 * ("CBOSS"), as part of the DARPA CHATS research program.
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
38 #include "namespace.h"
39 #include <sys/param.h>
42 #include <rpcsvc/yp_prot.h>
43 #include <rpcsvc/ypclnt.h>
45 #include <arpa/inet.h>
54 #include <pthread_np.h>
61 #include "un-namespace.h"
63 #include "libc_private.h"
71 #define CTASSERT(x) _CTASSERT(x, __LINE__)
72 #define _CTASSERT(x, y) __CTASSERT(x, y)
73 #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1]
76 /* Counter as stored in /etc/pwd.db */
79 CTASSERT(MAXLOGNAME > sizeof(uid_t));
80 CTASSERT(MAXLOGNAME > sizeof(pwkeynum));
83 PWD_STORAGE_INITIAL = 1 << 10, /* 1 KByte */
84 PWD_STORAGE_MAX = 1 << 20, /* 1 MByte */
90 static const ns_src defaultsrc[] = {
91 { NSSRC_COMPAT, NS_SUCCESS },
95 int __pw_match_entry(const char *, size_t, enum nss_lookup_type,
97 int __pw_parse_entry(char *, size_t, struct passwd *, int, int *errnop);
104 static struct passwd *getpw(int (*fn)(union key, struct passwd *, char *,
105 size_t, struct passwd **), union key);
106 static int wrap_getpwnam_r(union key, struct passwd *, char *,
107 size_t, struct passwd **);
108 static int wrap_getpwuid_r(union key, struct passwd *, char *, size_t,
110 static int wrap_getpwent_r(union key, struct passwd *, char *, size_t,
113 static int pwdb_match_entry_v3(char *, size_t, enum nss_lookup_type,
114 const char *, uid_t);
115 static int pwdb_parse_entry_v3(char *, size_t, struct passwd *, int *);
116 static int pwdb_match_entry_v4(char *, size_t, enum nss_lookup_type,
117 const char *, uid_t);
118 static int pwdb_parse_entry_v4(char *, size_t, struct passwd *, int *);
122 int (*match)(char *, size_t, enum nss_lookup_type, const char *,
124 int (*parse)(char *, size_t, struct passwd *, int *);
125 } pwdb_versions[] = {
126 { NULL, NULL }, /* version 0 */
127 { NULL, NULL }, /* version 1 */
128 { NULL, NULL }, /* version 2 */
129 { pwdb_match_entry_v3, pwdb_parse_entry_v3 }, /* version 3 */
130 { pwdb_match_entry_v4, pwdb_parse_entry_v4 }, /* version 4 */
140 static void files_endstate(void *);
141 NSS_TLS_HANDLING(files);
142 static DB *pwdbopen(int *);
143 static void files_endstate(void *);
144 static int files_setpwent(void *, void *, va_list);
145 static int files_passwd(void *, void *, va_list);
152 static void dns_endstate(void *);
153 NSS_TLS_HANDLING(dns);
154 static int dns_setpwent(void *, void *, va_list);
155 static int dns_passwd(void *, void *, va_list);
161 char domain[MAXHOSTNAMELEN];
166 static void nis_endstate(void *);
167 NSS_TLS_HANDLING(nis);
168 static int nis_setpwent(void *, void *, va_list);
169 static int nis_passwd(void *, void *, va_list);
170 static int nis_map(char *, enum nss_lookup_type, char *, size_t, int *);
171 static int nis_adjunct(char *, const char *, char *, size_t);
175 struct compat_state {
181 struct passwd template;
190 static void compat_endstate(void *);
191 NSS_TLS_HANDLING(compat);
192 static int compat_setpwent(void *, void *, va_list);
193 static int compat_passwd(void *, void *, va_list);
194 static void compat_clear_template(struct passwd *);
195 static int compat_set_template(struct passwd *, struct passwd *);
196 static int compat_use_template(struct passwd *, struct passwd *, char *,
198 static int compat_redispatch(struct compat_state *, enum nss_lookup_type,
199 enum nss_lookup_type, const char *, const char *, uid_t,
200 struct passwd *, char *, size_t, int *);
203 static int pwd_id_func(char *, size_t *, va_list ap, void *);
204 static int pwd_marshal_func(char *, size_t *, void *, va_list, void *);
205 static int pwd_unmarshal_func(char *, size_t, void *, va_list, void *);
208 pwd_id_func(char *buffer, size_t *buffer_size, va_list ap, void *cache_mdata)
212 size_t size, desired_size;
213 int res = NS_UNAVAIL;
214 enum nss_lookup_type lookup_type;
216 lookup_type = (enum nss_lookup_type)cache_mdata;
217 switch (lookup_type) {
219 name = va_arg(ap, char *);
221 desired_size = sizeof(enum nss_lookup_type) + size + 1;
222 if (desired_size > *buffer_size) {
227 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
228 memcpy(buffer + sizeof(enum nss_lookup_type), name, size + 1);
233 uid = va_arg(ap, uid_t);
234 desired_size = sizeof(enum nss_lookup_type) + sizeof(uid_t);
235 if (desired_size > *buffer_size) {
240 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
241 memcpy(buffer + sizeof(enum nss_lookup_type), &uid,
247 /* should be unreachable */
252 *buffer_size = desired_size;
257 pwd_marshal_func(char *buffer, size_t *buffer_size, void *retval, va_list ap,
264 size_t orig_buf_size;
266 struct passwd new_pwd;
267 size_t desired_size, size;
270 switch ((enum nss_lookup_type)cache_mdata) {
272 name = va_arg(ap, char *);
275 uid = va_arg(ap, uid_t);
280 /* should be unreachable */
284 pwd = va_arg(ap, struct passwd *);
285 orig_buf = va_arg(ap, char *);
286 orig_buf_size = va_arg(ap, size_t);
288 desired_size = sizeof(struct passwd) + sizeof(char *) +
289 strlen(pwd->pw_name) + 1;
290 if (pwd->pw_passwd != NULL)
291 desired_size += strlen(pwd->pw_passwd) + 1;
292 if (pwd->pw_class != NULL)
293 desired_size += strlen(pwd->pw_class) + 1;
294 if (pwd->pw_gecos != NULL)
295 desired_size += strlen(pwd->pw_gecos) + 1;
296 if (pwd->pw_dir != NULL)
297 desired_size += strlen(pwd->pw_dir) + 1;
298 if (pwd->pw_shell != NULL)
299 desired_size += strlen(pwd->pw_shell) + 1;
301 if (*buffer_size < desired_size) {
302 /* this assignment is here for future use */
303 *buffer_size = desired_size;
307 memcpy(&new_pwd, pwd, sizeof(struct passwd));
308 memset(buffer, 0, desired_size);
310 *buffer_size = desired_size;
311 p = buffer + sizeof(struct passwd) + sizeof(char *);
312 memcpy(buffer + sizeof(struct passwd), &p, sizeof(char *));
314 if (new_pwd.pw_name != NULL) {
315 size = strlen(new_pwd.pw_name);
316 memcpy(p, new_pwd.pw_name, size);
321 if (new_pwd.pw_passwd != NULL) {
322 size = strlen(new_pwd.pw_passwd);
323 memcpy(p, new_pwd.pw_passwd, size);
324 new_pwd.pw_passwd = p;
328 if (new_pwd.pw_class != NULL) {
329 size = strlen(new_pwd.pw_class);
330 memcpy(p, new_pwd.pw_class, size);
331 new_pwd.pw_class = p;
335 if (new_pwd.pw_gecos != NULL) {
336 size = strlen(new_pwd.pw_gecos);
337 memcpy(p, new_pwd.pw_gecos, size);
338 new_pwd.pw_gecos = p;
342 if (new_pwd.pw_dir != NULL) {
343 size = strlen(new_pwd.pw_dir);
344 memcpy(p, new_pwd.pw_dir, size);
349 if (new_pwd.pw_shell != NULL) {
350 size = strlen(new_pwd.pw_shell);
351 memcpy(p, new_pwd.pw_shell, size);
352 new_pwd.pw_shell = p;
356 memcpy(buffer, &new_pwd, sizeof(struct passwd));
361 pwd_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
368 size_t orig_buf_size;
373 switch ((enum nss_lookup_type)cache_mdata) {
375 name = va_arg(ap, char *);
378 uid = va_arg(ap, uid_t);
383 /* should be unreachable */
387 pwd = va_arg(ap, struct passwd *);
388 orig_buf = va_arg(ap, char *);
389 orig_buf_size = va_arg(ap, size_t);
390 ret_errno = va_arg(ap, int *);
393 buffer_size - sizeof(struct passwd) - sizeof(char *)) {
398 memcpy(pwd, buffer, sizeof(struct passwd));
399 memcpy(&p, buffer + sizeof(struct passwd), sizeof(char *));
400 memcpy(orig_buf, buffer + sizeof(struct passwd) + sizeof(char *),
401 buffer_size - sizeof(struct passwd) - sizeof(char *));
403 NS_APPLY_OFFSET(pwd->pw_name, orig_buf, p, char *);
404 NS_APPLY_OFFSET(pwd->pw_passwd, orig_buf, p, char *);
405 NS_APPLY_OFFSET(pwd->pw_class, orig_buf, p, char *);
406 NS_APPLY_OFFSET(pwd->pw_gecos, orig_buf, p, char *);
407 NS_APPLY_OFFSET(pwd->pw_dir, orig_buf, p, char *);
408 NS_APPLY_OFFSET(pwd->pw_shell, orig_buf, p, char *);
411 *((struct passwd **)retval) = pwd;
416 NSS_MP_CACHE_HANDLING(passwd);
417 #endif /* NS_CACHING */
423 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
424 passwd, (void *)nss_lt_all,
428 static const ns_dtab dtab[] = {
429 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
431 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
434 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
436 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
438 NS_CACHE_CB(&cache_info)
442 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, 0);
447 setpassent(int stayopen)
450 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
451 passwd, (void *)nss_lt_all,
455 static const ns_dtab dtab[] = {
456 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
458 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
461 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
463 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
465 NS_CACHE_CB(&cache_info)
469 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc,
479 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
480 passwd, (void *)nss_lt_all,
484 static const ns_dtab dtab[] = {
485 { NSSRC_FILES, files_setpwent, (void *)ENDPWENT },
487 { NSSRC_DNS, dns_setpwent, (void *)ENDPWENT },
490 { NSSRC_NIS, nis_setpwent, (void *)ENDPWENT },
492 { NSSRC_COMPAT, compat_setpwent, (void *)ENDPWENT },
494 NS_CACHE_CB(&cache_info)
498 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "endpwent", defaultsrc);
503 getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
504 struct passwd **result)
507 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
508 passwd, (void *)nss_lt_all,
509 pwd_marshal_func, pwd_unmarshal_func);
512 static const ns_dtab dtab[] = {
513 { NSSRC_FILES, files_passwd, (void *)nss_lt_all },
515 { NSSRC_DNS, dns_passwd, (void *)nss_lt_all },
518 { NSSRC_NIS, nis_passwd, (void *)nss_lt_all },
520 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_all },
522 NS_CACHE_CB(&cache_info)
531 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwent_r", defaultsrc,
532 pwd, buffer, bufsize, &ret_errno);
533 if (rv == NS_SUCCESS)
541 getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t bufsize,
542 struct passwd **result)
545 static const nss_cache_info cache_info =
546 NS_COMMON_CACHE_INFO_INITIALIZER(
547 passwd, (void *)nss_lt_name,
548 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
551 static const ns_dtab dtab[] = {
552 { NSSRC_FILES, files_passwd, (void *)nss_lt_name },
554 { NSSRC_DNS, dns_passwd, (void *)nss_lt_name },
557 { NSSRC_NIS, nis_passwd, (void *)nss_lt_name },
559 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_name },
561 NS_CACHE_CB(&cache_info)
570 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwnam_r", defaultsrc,
571 name, pwd, buffer, bufsize, &ret_errno);
572 if (rv == NS_SUCCESS)
580 getpwuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize,
581 struct passwd **result)
584 static const nss_cache_info cache_info =
585 NS_COMMON_CACHE_INFO_INITIALIZER(
586 passwd, (void *)nss_lt_id,
587 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
590 static const ns_dtab dtab[] = {
591 { NSSRC_FILES, files_passwd, (void *)nss_lt_id },
593 { NSSRC_DNS, dns_passwd, (void *)nss_lt_id },
596 { NSSRC_NIS, nis_passwd, (void *)nss_lt_id },
598 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_id },
600 NS_CACHE_CB(&cache_info)
609 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwuid_r", defaultsrc,
610 uid, pwd, buffer, bufsize, &ret_errno);
611 if (rv == NS_SUCCESS)
618 static struct passwd pwd;
619 static char *pwd_storage;
620 static size_t pwd_storage_size;
623 static struct passwd *
624 getpw(int (*fn)(union key, struct passwd *, char *, size_t, struct passwd **),
630 if (pwd_storage == NULL) {
631 pwd_storage = malloc(PWD_STORAGE_INITIAL);
632 if (pwd_storage == NULL)
634 pwd_storage_size = PWD_STORAGE_INITIAL;
637 rv = fn(key, &pwd, pwd_storage, pwd_storage_size, &res);
638 if (res == NULL && rv == ERANGE) {
640 if ((pwd_storage_size << 1) > PWD_STORAGE_MAX) {
645 pwd_storage_size <<= 1;
646 pwd_storage = malloc(pwd_storage_size);
647 if (pwd_storage == NULL)
650 } while (res == NULL && rv == ERANGE);
658 wrap_getpwnam_r(union key key, struct passwd *pwd, char *buffer,
659 size_t bufsize, struct passwd **res)
661 return (getpwnam_r(key.name, pwd, buffer, bufsize, res));
666 wrap_getpwuid_r(union key key, struct passwd *pwd, char *buffer,
667 size_t bufsize, struct passwd **res)
669 return (getpwuid_r(key.uid, pwd, buffer, bufsize, res));
674 wrap_getpwent_r(union key key __unused, struct passwd *pwd, char *buffer,
675 size_t bufsize, struct passwd **res)
677 return (getpwent_r(pwd, buffer, bufsize, res));
682 getpwnam(const char *name)
687 return (getpw(wrap_getpwnam_r, key));
697 return (getpw(wrap_getpwuid_r, key));
706 key.uid = 0; /* not used */
707 return (getpw(wrap_getpwent_r, key));
715 pwdbopen(int *version)
721 if (geteuid() != 0 ||
722 (res = dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) == NULL)
723 res = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
726 key.data = _PWD_VERSION_KEY;
727 key.size = strlen(_PWD_VERSION_KEY);
728 rv = res->get(res, &key, &entry, 0);
730 *version = *(unsigned char *)entry.data;
734 *version >= nitems(pwdb_versions)) {
735 syslog(LOG_CRIT, "Unsupported password database version %d",
745 files_endstate(void *p)
751 db = ((struct files_state *)p)->db;
759 files_setpwent(void *retval, void *mdata, va_list ap)
761 struct files_state *st;
764 rv = files_getstate(&st);
767 switch ((enum constants)mdata) {
769 stayopen = va_arg(ap, int);
772 st->db = pwdbopen(&st->version);
773 st->stayopen = stayopen;
776 if (st->db != NULL) {
777 (void)st->db->close(st->db);
789 files_passwd(void *retval, void *mdata, va_list ap)
791 char keybuf[MAXLOGNAME + 1];
793 struct files_state *st;
794 enum nss_lookup_type how;
798 size_t bufsize, namesize;
801 int rv, stayopen = 0, *errnop;
805 how = (enum nss_lookup_type)mdata;
808 name = va_arg(ap, const char *);
809 keybuf[0] = _PW_KEYBYNAME;
812 uid = va_arg(ap, uid_t);
813 keybuf[0] = _PW_KEYBYUID;
816 keybuf[0] = _PW_KEYBYNUM;
822 pwd = va_arg(ap, struct passwd *);
823 buffer = va_arg(ap, char *);
824 bufsize = va_arg(ap, size_t);
825 errnop = va_arg(ap, int *);
826 *errnop = files_getstate(&st);
829 if (how == nss_lt_all && st->keynum < 0) {
833 if (st->db == NULL &&
834 (st->db = pwdbopen(&st->version)) == NULL) {
839 if (how == nss_lt_all)
842 stayopen = st->stayopen;
847 /* MAXLOGNAME includes NUL byte, but we do not
848 * include the NUL byte in the key.
850 namesize = strlcpy(&keybuf[1], name, sizeof(keybuf)-1);
851 if (namesize >= sizeof(keybuf)-1) {
856 key.size = namesize + 1;
859 if (st->version < _PWD_CURRENT_VERSION) {
860 memcpy(&keybuf[1], &uid, sizeof(uid));
861 key.size = sizeof(uid) + 1;
864 memcpy(&keybuf[1], &store, sizeof(store));
865 key.size = sizeof(store) + 1;
870 if (st->version < _PWD_CURRENT_VERSION) {
871 memcpy(&keybuf[1], &st->keynum,
873 key.size = sizeof(st->keynum) + 1;
875 store = htonl(st->keynum);
876 memcpy(&keybuf[1], &store, sizeof(store));
877 key.size = sizeof(store) + 1;
881 keybuf[0] = _PW_VERSIONED(keybuf[0], st->version);
882 rv = st->db->get(st->db, &key, &entry, 0);
883 if (rv < 0 || rv > 1) { /* should never return > 1 */
887 } else if (rv == 1) {
888 if (how == nss_lt_all)
893 rv = pwdb_versions[st->version].match(entry.data, entry.size,
895 if (rv != NS_SUCCESS)
897 if (entry.size > bufsize) {
902 memcpy(buffer, entry.data, entry.size);
903 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
905 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
907 if (st->db != NULL && !stayopen) {
908 (void)st->db->close(st->db);
911 if (rv == NS_SUCCESS) {
912 pwd->pw_fields &= ~_PWF_SOURCE;
913 pwd->pw_fields |= _PWF_FILES;
915 *(struct passwd **)retval = pwd;
922 pwdb_match_entry_v3(char *entry, size_t entrysize, enum nss_lookup_type how,
923 const char *name, uid_t uid)
928 eom = &entry[entrysize];
929 for (p = entry; p < eom; p++)
933 return (NS_NOTFOUND);
934 if (how == nss_lt_all)
936 if (how == nss_lt_name)
937 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
938 for (p++; p < eom; p++)
941 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
942 return (NS_NOTFOUND);
943 memcpy(&uid2, p, sizeof(uid2));
944 return (uid == uid2 ? NS_SUCCESS : NS_NOTFOUND);
949 pwdb_parse_entry_v3(char *buffer, size_t bufsize, struct passwd *pwd,
953 int32_t pw_change, pw_expire;
955 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
957 eom = &buffer[bufsize];
958 #define STRING(field) do { \
960 while (p < eom && *p != '\0') \
963 return (NS_NOTFOUND); \
966 #define SCALAR(field) do { \
967 if (p + sizeof(field) > eom) \
968 return (NS_NOTFOUND); \
969 memcpy(&(field), p, sizeof(field)); \
970 p += sizeof(field); \
972 STRING(pwd->pw_name);
973 STRING(pwd->pw_passwd);
977 STRING(pwd->pw_class);
978 STRING(pwd->pw_gecos);
980 STRING(pwd->pw_shell);
982 SCALAR(pwd->pw_fields);
985 pwd->pw_change = pw_change;
986 pwd->pw_expire = pw_expire;
992 pwdb_match_entry_v4(char *entry, size_t entrysize, enum nss_lookup_type how,
993 const char *name, uid_t uid)
998 eom = &entry[entrysize];
999 for (p = entry; p < eom; p++)
1003 return (NS_NOTFOUND);
1004 if (how == nss_lt_all)
1005 return (NS_SUCCESS);
1006 if (how == nss_lt_name)
1007 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
1008 for (p++; p < eom; p++)
1011 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
1012 return (NS_NOTFOUND);
1013 memcpy(&uid2, p, sizeof(uid2));
1015 return (uid == (uid_t)uid2 ? NS_SUCCESS : NS_NOTFOUND);
1020 pwdb_parse_entry_v4(char *buffer, size_t bufsize, struct passwd *pwd,
1026 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
1028 eom = &buffer[bufsize];
1029 #define STRING(field) do { \
1031 while (p < eom && *p != '\0') \
1034 return (NS_NOTFOUND); \
1037 #define SCALAR(field) do { \
1038 if (p + sizeof(n) > eom) \
1039 return (NS_NOTFOUND); \
1040 memcpy(&n, p, sizeof(n)); \
1041 (field) = ntohl(n); \
1044 STRING(pwd->pw_name);
1045 STRING(pwd->pw_passwd);
1046 SCALAR(pwd->pw_uid);
1047 SCALAR(pwd->pw_gid);
1048 SCALAR(pwd->pw_change);
1049 STRING(pwd->pw_class);
1050 STRING(pwd->pw_gecos);
1051 STRING(pwd->pw_dir);
1052 STRING(pwd->pw_shell);
1053 SCALAR(pwd->pw_expire);
1054 SCALAR(pwd->pw_fields);
1057 return (NS_SUCCESS);
1066 dns_endstate(void *p)
1073 dns_setpwent(void *retval, void *mdata, va_list ap)
1075 struct dns_state *st;
1078 rv = dns_getstate(&st);
1080 return (NS_UNAVAIL);
1082 return (NS_UNAVAIL);
1087 dns_passwd(void *retval, void *mdata, va_list ap)
1089 char buf[HESIOD_NAME_MAX];
1090 struct dns_state *st;
1092 const char *name, *label;
1094 char *buffer, **hes;
1095 size_t bufsize, linesize;
1097 enum nss_lookup_type how;
1104 how = (enum nss_lookup_type)mdata;
1107 name = va_arg(ap, const char *);
1110 uid = va_arg(ap, uid_t);
1115 pwd = va_arg(ap, struct passwd *);
1116 buffer = va_arg(ap, char *);
1117 bufsize = va_arg(ap, size_t);
1118 errnop = va_arg(ap, int *);
1119 *errnop = dns_getstate(&st);
1121 return (NS_UNAVAIL);
1122 if (hesiod_init(&ctx) != 0) {
1134 if (snprintf(buf, sizeof(buf), "%lu",
1135 (unsigned long)uid) >= sizeof(buf))
1140 if (st->counter < 0)
1142 if (snprintf(buf, sizeof(buf), "passwd-%ld",
1143 st->counter++) >= sizeof(buf))
1148 hes = hesiod_resolve(ctx, label,
1149 how == nss_lt_id ? "uid" : "passwd");
1151 if (how == nss_lt_all)
1153 if (errno != ENOENT)
1157 rv = __pw_match_entry(hes[0], strlen(hes[0]), how, name, uid);
1158 if (rv != NS_SUCCESS) {
1159 hesiod_free_list(ctx, hes);
1163 linesize = strlcpy(buffer, hes[0], bufsize);
1164 if (linesize >= bufsize) {
1169 hesiod_free_list(ctx, hes);
1171 rv = __pw_parse_entry(buffer, bufsize, pwd, 0, errnop);
1172 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1175 hesiod_free_list(ctx, hes);
1178 if (rv == NS_SUCCESS) {
1179 pwd->pw_fields &= ~_PWF_SOURCE;
1180 pwd->pw_fields |= _PWF_HESIOD;
1182 *(struct passwd **)retval = pwd;
1194 nis_endstate(void *p)
1196 free(((struct nis_state *)p)->key);
1201 * Test for the presence of special FreeBSD-specific master.passwd.by*
1202 * maps. We do this using yp_order(). If it fails, then either the server
1203 * doesn't have the map, or the YPPROC_ORDER procedure isn't supported by
1204 * the server (Sun NIS+ servers in YP compat mode behave this way). If
1205 * the master.passwd.by* maps don't exist, then let the lookup routine try
1206 * the regular passwd.by* maps instead. If the lookup routine fails, it
1207 * can return an error as needed.
1210 nis_map(char *domain, enum nss_lookup_type how, char *buffer, size_t bufsize,
1216 if (geteuid() == 0) {
1217 if (snprintf(buffer, bufsize, "master.passwd.by%s",
1218 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1219 return (NS_UNAVAIL);
1220 rv = yp_order(domain, buffer, &order);
1223 return (NS_SUCCESS);
1227 if (snprintf(buffer, bufsize, "passwd.by%s",
1228 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1229 return (NS_UNAVAIL);
1231 return (NS_SUCCESS);
1236 nis_adjunct(char *domain, const char *name, char *buffer, size_t bufsize)
1239 char *result, *p, *q, *eor;
1243 rv = yp_match(domain, "passwd.adjunct.byname", name, strlen(name),
1244 &result, &resultlen);
1248 eor = &result[resultlen];
1249 p = memchr(result, ':', eor - result);
1250 if (p != NULL && ++p < eor &&
1251 (q = memchr(p, ':', eor - p)) != NULL) {
1252 if (q - p >= bufsize)
1255 memcpy(buffer, p, q - p);
1256 buffer[q - p] ='\0';
1267 nis_setpwent(void *retval, void *mdata, va_list ap)
1269 struct nis_state *st;
1272 rv = nis_getstate(&st);
1274 return (NS_UNAVAIL);
1278 return (NS_UNAVAIL);
1283 nis_passwd(void *retval, void *mdata, va_list ap)
1286 struct nis_state *st;
1289 char *buffer, *key, *result;
1292 enum nss_lookup_type how;
1293 int *errnop, keylen, resultlen, rv, master;
1297 how = (enum nss_lookup_type)mdata;
1300 name = va_arg(ap, const char *);
1303 uid = va_arg(ap, uid_t);
1308 pwd = va_arg(ap, struct passwd *);
1309 buffer = va_arg(ap, char *);
1310 bufsize = va_arg(ap, size_t);
1311 errnop = va_arg(ap, int *);
1312 *errnop = nis_getstate(&st);
1314 return (NS_UNAVAIL);
1315 if (st->domain[0] == '\0') {
1316 if (getdomainname(st->domain, sizeof(st->domain)) != 0) {
1318 return (NS_UNAVAIL);
1321 rv = nis_map(st->domain, how, map, sizeof(map), &master);
1322 if (rv != NS_SUCCESS)
1329 if (strlcpy(buffer, name, bufsize) >= bufsize)
1333 if (snprintf(buffer, bufsize, "%lu",
1334 (unsigned long)uid) >= bufsize)
1343 if (how == nss_lt_all) {
1344 if (st->key == NULL)
1345 rv = yp_first(st->domain, map, &st->key,
1346 &st->keylen, &result, &resultlen);
1349 keylen = st->keylen;
1351 rv = yp_next(st->domain, map, key, keylen,
1352 &st->key, &st->keylen, &result,
1360 if (rv == YPERR_NOMORE)
1367 rv = yp_match(st->domain, map, buffer, strlen(buffer),
1368 &result, &resultlen);
1369 if (rv == YPERR_KEY) {
1372 } else if (rv != 0) {
1378 if (resultlen >= bufsize) {
1382 memcpy(buffer, result, resultlen);
1383 buffer[resultlen] = '\0';
1385 rv = __pw_match_entry(buffer, resultlen, how, name, uid);
1386 if (rv == NS_SUCCESS)
1387 rv = __pw_parse_entry(buffer, resultlen, pwd, master,
1389 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1391 if (rv == NS_SUCCESS) {
1392 if (strstr(pwd->pw_passwd, "##") != NULL) {
1393 rv = nis_adjunct(st->domain, pwd->pw_name,
1394 &buffer[resultlen+1], bufsize-resultlen-1);
1398 pwd->pw_passwd = &buffer[resultlen+1];
1400 pwd->pw_fields &= ~_PWF_SOURCE;
1401 pwd->pw_fields |= _PWF_NIS;
1403 *(struct passwd **)retval = pwd;
1418 compat_clear_template(struct passwd *template)
1421 free(template->pw_passwd);
1422 free(template->pw_gecos);
1423 free(template->pw_dir);
1424 free(template->pw_shell);
1425 memset(template, 0, sizeof(*template));
1430 compat_set_template(struct passwd *src, struct passwd *template)
1433 compat_clear_template(template);
1434 #ifdef PW_OVERRIDE_PASSWD
1435 if ((src->pw_fields & _PWF_PASSWD) &&
1436 (template->pw_passwd = strdup(src->pw_passwd)) == NULL)
1439 if (src->pw_fields & _PWF_UID)
1440 template->pw_uid = src->pw_uid;
1441 if (src->pw_fields & _PWF_GID)
1442 template->pw_gid = src->pw_gid;
1443 if ((src->pw_fields & _PWF_GECOS) &&
1444 (template->pw_gecos = strdup(src->pw_gecos)) == NULL)
1446 if ((src->pw_fields & _PWF_DIR) &&
1447 (template->pw_dir = strdup(src->pw_dir)) == NULL)
1449 if ((src->pw_fields & _PWF_SHELL) &&
1450 (template->pw_shell = strdup(src->pw_shell)) == NULL)
1452 template->pw_fields = src->pw_fields;
1455 syslog(LOG_ERR, "getpwent memory allocation failure");
1461 compat_use_template(struct passwd *pwd, struct passwd *template, char *buffer,
1465 char *copy, *p, *q, *eob;
1468 /* We cannot know the layout of the password fields in `buffer',
1469 * so we have to copy everything.
1471 if (template->pw_fields == 0) /* nothing to fill-in */
1474 n += pwd->pw_name != NULL ? strlen(pwd->pw_name) + 1 : 0;
1475 n += pwd->pw_passwd != NULL ? strlen(pwd->pw_passwd) + 1 : 0;
1476 n += pwd->pw_class != NULL ? strlen(pwd->pw_class) + 1 : 0;
1477 n += pwd->pw_gecos != NULL ? strlen(pwd->pw_gecos) + 1 : 0;
1478 n += pwd->pw_dir != NULL ? strlen(pwd->pw_dir) + 1 : 0;
1479 n += pwd->pw_shell != NULL ? strlen(pwd->pw_shell) + 1 : 0;
1482 syslog(LOG_ERR, "getpwent memory allocation failure");
1487 #define COPY(field) do { \
1488 if (pwd->field == NULL) \
1489 hold.field = NULL; \
1492 p += strlcpy(p, pwd->field, eob-p) + 1; \
1503 eob = &buffer[bufsize];
1504 #define COPY(field, flag) do { \
1505 q = (template->pw_fields & flag) ? template->field : hold.field; \
1507 pwd->field = NULL; \
1510 if ((n = strlcpy(p, q, eob-p)) >= eob-p) { \
1518 #ifdef PW_OVERRIDE_PASSWD
1519 COPY(pw_passwd, _PWF_PASSWD);
1524 COPY(pw_gecos, _PWF_GECOS);
1525 COPY(pw_dir, _PWF_DIR);
1526 COPY(pw_shell, _PWF_SHELL);
1528 #define COPY(field, flag) do { \
1529 if (template->pw_fields & flag) \
1530 pwd->field = template->field; \
1532 COPY(pw_uid, _PWF_UID);
1533 COPY(pw_gid, _PWF_GID);
1541 compat_exclude(const char *name, DB **db)
1546 (*db = dbopen(NULL, O_RDWR, 600, DB_HASH, 0)) == NULL)
1548 key.size = strlen(name);
1549 key.data = (char *)name;
1553 if ((*db)->put(*db, &key, &data, 0) == -1)
1560 compat_is_excluded(const char *name, DB *db)
1566 key.size = strlen(name);
1567 key.data = (char *)name;
1568 return (db->get(db, &key, &data, 0) == 0);
1573 compat_redispatch(struct compat_state *st, enum nss_lookup_type how,
1574 enum nss_lookup_type lookup_how, const char *name, const char *lookup_name,
1575 uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, int *errnop)
1577 static const ns_src compatsrc[] = {
1579 { NSSRC_NIS, NS_SUCCESS },
1585 { NSSRC_NIS, nis_passwd, NULL },
1588 { NSSRC_DNS, dns_passwd, NULL },
1590 { NULL, NULL, NULL }
1595 for (i = 0; i < (int)(nitems(dtab) - 1); i++)
1596 dtab[i].mdata = (void *)lookup_how;
1599 switch (lookup_how) {
1601 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1602 "getpwent_r", compatsrc, pwd, buffer, bufsize,
1606 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1607 "getpwuid_r", compatsrc, uid, pwd, buffer,
1611 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1612 "getpwnam_r", compatsrc, lookup_name, pwd, buffer,
1616 return (NS_UNAVAIL);
1618 if (rv != NS_SUCCESS)
1620 if (compat_is_excluded(pwd->pw_name, st->exclude)) {
1621 if (how == nss_lt_all)
1623 return (NS_NOTFOUND);
1625 e = compat_use_template(pwd, &st->template, buffer, bufsize);
1631 return (NS_UNAVAIL);
1635 if (strcmp(name, pwd->pw_name) != 0)
1636 return (NS_NOTFOUND);
1639 if (uid != pwd->pw_uid)
1640 return (NS_NOTFOUND);
1645 return (NS_SUCCESS);
1650 compat_endstate(void *p)
1652 struct compat_state *st;
1656 st = (struct compat_state *)p;
1658 st->db->close(st->db);
1659 if (st->exclude != NULL)
1660 st->exclude->close(st->exclude);
1661 compat_clear_template(&st->template);
1667 compat_setpwent(void *retval, void *mdata, va_list ap)
1669 static const ns_src compatsrc[] = {
1671 { NSSRC_NIS, NS_SUCCESS },
1677 { NSSRC_NIS, nis_setpwent, NULL },
1680 { NSSRC_DNS, dns_setpwent, NULL },
1682 { NULL, NULL, NULL }
1684 struct compat_state *st;
1687 #define set_setent(x, y) do { \
1689 for (i = 0; i < (int)(nitems(x) - 1); i++) \
1690 x[i].mdata = (void *)y; \
1693 rv = compat_getstate(&st);
1695 return (NS_UNAVAIL);
1696 switch ((enum constants)mdata) {
1698 stayopen = va_arg(ap, int);
1701 st->db = pwdbopen(&st->version);
1702 st->stayopen = stayopen;
1703 set_setent(dtab, mdata);
1704 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "setpwent",
1708 if (st->db != NULL) {
1709 (void)st->db->close(st->db);
1712 set_setent(dtab, mdata);
1713 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "endpwent",
1719 return (NS_UNAVAIL);
1725 compat_passwd(void *retval, void *mdata, va_list ap)
1727 char keybuf[MAXLOGNAME + 1];
1729 struct compat_state *st;
1730 enum nss_lookup_type how;
1733 char *buffer, *pw_name;
1734 char *host, *user, *domain;
1738 int rv, from_compat, stayopen, *errnop;
1743 how = (enum nss_lookup_type)mdata;
1746 name = va_arg(ap, const char *);
1749 uid = va_arg(ap, uid_t);
1757 pwd = va_arg(ap, struct passwd *);
1758 buffer = va_arg(ap, char *);
1759 bufsize = va_arg(ap, size_t);
1760 errnop = va_arg(ap, int *);
1761 *errnop = compat_getstate(&st);
1763 return (NS_UNAVAIL);
1764 if (how == nss_lt_all && st->keynum < 0) {
1768 if (st->db == NULL &&
1769 (st->db = pwdbopen(&st->version)) == NULL) {
1774 if (how == nss_lt_all) {
1775 if (st->keynum < 0) {
1782 stayopen = st->stayopen;
1786 switch (st->compat) {
1787 case COMPAT_MODE_ALL:
1788 rv = compat_redispatch(st, how, how, name, name, uid, pwd,
1789 buffer, bufsize, errnop);
1790 if (rv != NS_SUCCESS)
1791 st->compat = COMPAT_MODE_OFF;
1793 case COMPAT_MODE_NETGROUP:
1794 /* XXX getnetgrent is not thread-safe. */
1796 rv = getnetgrent(&host, &user, &domain);
1799 st->compat = COMPAT_MODE_OFF;
1802 } else if (user == NULL || user[0] == '\0')
1804 rv = compat_redispatch(st, how, nss_lt_name, name,
1805 user, uid, pwd, buffer, bufsize, errnop);
1806 } while (st->compat == COMPAT_MODE_NETGROUP &&
1807 !(rv & NS_TERMINATE));
1809 case COMPAT_MODE_NAME:
1810 rv = compat_redispatch(st, how, nss_lt_name, name, st->name,
1811 uid, pwd, buffer, bufsize, errnop);
1814 st->compat = COMPAT_MODE_OFF;
1819 if (rv & NS_TERMINATE) {
1825 while (st->keynum >= 0) {
1827 if (st->version < _PWD_CURRENT_VERSION) {
1828 memcpy(&keybuf[1], &st->keynum, sizeof(st->keynum));
1829 key.size = sizeof(st->keynum) + 1;
1831 store = htonl(st->keynum);
1832 memcpy(&keybuf[1], &store, sizeof(store));
1833 key.size = sizeof(store) + 1;
1835 keybuf[0] = _PW_VERSIONED(_PW_KEYBYNUM, st->version);
1836 rv = st->db->get(st->db, &key, &entry, 0);
1837 if (rv < 0 || rv > 1) { /* should never return > 1 */
1841 } else if (rv == 1) {
1846 pw_name = (char *)entry.data;
1847 switch (pw_name[0]) {
1849 switch (pw_name[1]) {
1851 st->compat = COMPAT_MODE_ALL;
1854 setnetgrent(&pw_name[2]);
1855 st->compat = COMPAT_MODE_NETGROUP;
1858 st->name = strdup(&pw_name[1]);
1859 if (st->name == NULL) {
1861 "getpwent memory allocation failure");
1866 st->compat = COMPAT_MODE_NAME;
1868 if (entry.size > bufsize) {
1873 memcpy(buffer, entry.data, entry.size);
1874 rv = pwdb_versions[st->version].parse(buffer,
1875 entry.size, pwd, errnop);
1876 if (rv != NS_SUCCESS)
1878 else if (compat_set_template(pwd, &st->template) < 0) {
1885 switch (pw_name[1]) {
1887 /* XXX Maybe syslog warning */
1890 setnetgrent(&pw_name[2]);
1891 while (getnetgrent(&host, &user, &domain) !=
1893 if (user != NULL && user[0] != '\0')
1894 compat_exclude(user,
1900 compat_exclude(&pw_name[1], &st->exclude);
1907 if (compat_is_excluded((char *)entry.data, st->exclude))
1909 rv = pwdb_versions[st->version].match(entry.data, entry.size,
1911 if (rv == NS_RETURN)
1913 else if (rv != NS_SUCCESS)
1915 if (entry.size > bufsize) {
1920 memcpy(buffer, entry.data, entry.size);
1921 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
1923 if (rv & NS_TERMINATE)
1927 if (st->db != NULL && !stayopen) {
1928 (void)st->db->close(st->db);
1931 if (rv == NS_SUCCESS) {
1933 pwd->pw_fields &= ~_PWF_SOURCE;
1934 pwd->pw_fields |= _PWF_FILES;
1937 *(struct passwd **)retval = pwd;
1944 * common passwd line matching and parsing
1947 __pw_match_entry(const char *entry, size_t entrysize, enum nss_lookup_type how,
1948 const char *name, uid_t uid)
1950 const char *p, *eom;
1955 eom = entry + entrysize;
1956 for (p = entry; p < eom; p++)
1960 return (NS_NOTFOUND);
1961 if (how == nss_lt_all)
1962 return (NS_SUCCESS);
1963 if (how == nss_lt_name) {
1965 if (len == (p - entry) && memcmp(name, entry, len) == 0)
1966 return (NS_SUCCESS);
1968 return (NS_NOTFOUND);
1970 for (p++; p < eom; p++)
1974 return (NS_NOTFOUND);
1975 m = strtoul(++p, &q, 10);
1976 if (q[0] != ':' || (uid_t)m != uid)
1977 return (NS_NOTFOUND);
1979 return (NS_SUCCESS);
1983 /* XXX buffer must be NUL-terminated. errnop is not set correctly. */
1985 __pw_parse_entry(char *buffer, size_t bufsize __unused, struct passwd *pwd,
1986 int master, int *errnop __unused)
1989 if (__pw_scan(buffer, pwd, master ? _PWSCAN_MASTER : 0) == 0)
1990 return (NS_NOTFOUND);
1992 return (NS_SUCCESS);