2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2003 Networks Associates Technology, Inc.
7 * This software was developed for the FreeBSD Project by
8 * Jacques A. Vidrine, Safeport Network Services, and Network
9 * Associates Laboratories, the Security Research Division of Network
10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
11 * ("CBOSS"), as part of the DARPA CHATS research program.
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/cdefs.h>
36 #include "namespace.h"
37 #include <sys/param.h>
40 #include <rpcsvc/yp_prot.h>
41 #include <rpcsvc/ypclnt.h>
43 #include <arpa/inet.h>
52 #include <pthread_np.h>
59 #include "un-namespace.h"
61 #include "libc_private.h"
69 #define CTASSERT(x) _CTASSERT(x, __LINE__)
70 #define _CTASSERT(x, y) __CTASSERT(x, y)
71 #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1]
74 /* Counter as stored in /etc/pwd.db */
77 CTASSERT(MAXLOGNAME > sizeof(uid_t));
78 CTASSERT(MAXLOGNAME > sizeof(pwkeynum));
81 PWD_STORAGE_INITIAL = 1 << 10, /* 1 KByte */
82 PWD_STORAGE_MAX = 1 << 20, /* 1 MByte */
88 static const ns_src defaultsrc[] = {
89 { NSSRC_COMPAT, NS_SUCCESS },
93 int __pw_match_entry(const char *, size_t, enum nss_lookup_type,
95 int __pw_parse_entry(char *, size_t, struct passwd *, int, int *errnop);
102 static struct passwd *getpw(int (*fn)(union key, struct passwd *, char *,
103 size_t, struct passwd **), union key);
104 static int wrap_getpwnam_r(union key, struct passwd *, char *,
105 size_t, struct passwd **);
106 static int wrap_getpwuid_r(union key, struct passwd *, char *, size_t,
108 static int wrap_getpwent_r(union key, struct passwd *, char *, size_t,
111 static int pwdb_match_entry_v3(char *, size_t, enum nss_lookup_type,
112 const char *, uid_t);
113 static int pwdb_parse_entry_v3(char *, size_t, struct passwd *, int *);
114 static int pwdb_match_entry_v4(char *, size_t, enum nss_lookup_type,
115 const char *, uid_t);
116 static int pwdb_parse_entry_v4(char *, size_t, struct passwd *, int *);
120 int (*match)(char *, size_t, enum nss_lookup_type, const char *,
122 int (*parse)(char *, size_t, struct passwd *, int *);
123 } pwdb_versions[] = {
124 { NULL, NULL }, /* version 0 */
125 { NULL, NULL }, /* version 1 */
126 { NULL, NULL }, /* version 2 */
127 { pwdb_match_entry_v3, pwdb_parse_entry_v3 }, /* version 3 */
128 { pwdb_match_entry_v4, pwdb_parse_entry_v4 }, /* version 4 */
138 static void files_endstate(void *);
139 NSS_TLS_HANDLING(files);
140 static DB *pwdbopen(int *);
141 static void files_endstate(void *);
142 static int files_setpwent(void *, void *, va_list);
143 static int files_passwd(void *, void *, va_list);
150 static void dns_endstate(void *);
151 NSS_TLS_HANDLING(dns);
152 static int dns_setpwent(void *, void *, va_list);
153 static int dns_passwd(void *, void *, va_list);
159 char domain[MAXHOSTNAMELEN];
164 static void nis_endstate(void *);
165 NSS_TLS_HANDLING(nis);
166 static int nis_setpwent(void *, void *, va_list);
167 static int nis_passwd(void *, void *, va_list);
168 static int nis_map(char *, enum nss_lookup_type, char *, size_t, int *);
169 static int nis_adjunct(char *, const char *, char *, size_t);
173 struct compat_state {
179 struct passwd template;
188 static void compat_endstate(void *);
189 NSS_TLS_HANDLING(compat);
190 static int compat_setpwent(void *, void *, va_list);
191 static int compat_passwd(void *, void *, va_list);
192 static void compat_clear_template(struct passwd *);
193 static int compat_set_template(struct passwd *, struct passwd *);
194 static int compat_use_template(struct passwd *, struct passwd *, char *,
196 static int compat_redispatch(struct compat_state *, enum nss_lookup_type,
197 enum nss_lookup_type, const char *, const char *, uid_t,
198 struct passwd *, char *, size_t, int *);
201 static int pwd_id_func(char *, size_t *, va_list ap, void *);
202 static int pwd_marshal_func(char *, size_t *, void *, va_list, void *);
203 static int pwd_unmarshal_func(char *, size_t, void *, va_list, void *);
206 pwd_id_func(char *buffer, size_t *buffer_size, va_list ap, void *cache_mdata)
210 size_t size, desired_size;
211 int res = NS_UNAVAIL;
212 enum nss_lookup_type lookup_type;
214 lookup_type = (enum nss_lookup_type)(uintptr_t)cache_mdata;
215 switch (lookup_type) {
217 name = va_arg(ap, char *);
219 desired_size = sizeof(enum nss_lookup_type) + size + 1;
220 if (desired_size > *buffer_size) {
225 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
226 memcpy(buffer + sizeof(enum nss_lookup_type), name, size + 1);
231 uid = va_arg(ap, uid_t);
232 desired_size = sizeof(enum nss_lookup_type) + sizeof(uid_t);
233 if (desired_size > *buffer_size) {
238 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
239 memcpy(buffer + sizeof(enum nss_lookup_type), &uid,
245 /* should be unreachable */
250 *buffer_size = desired_size;
255 pwd_marshal_func(char *buffer, size_t *buffer_size, void *retval, va_list ap,
261 char *orig_buf __unused;
262 size_t orig_buf_size __unused;
264 struct passwd new_pwd;
265 size_t desired_size, size;
268 switch ((enum nss_lookup_type)(uintptr_t)cache_mdata) {
270 name = va_arg(ap, char *);
273 uid = va_arg(ap, uid_t);
278 /* should be unreachable */
282 pwd = va_arg(ap, struct passwd *);
283 orig_buf = va_arg(ap, char *);
284 orig_buf_size = va_arg(ap, size_t);
286 desired_size = sizeof(struct passwd) + sizeof(char *) +
287 strlen(pwd->pw_name) + 1;
288 if (pwd->pw_passwd != NULL)
289 desired_size += strlen(pwd->pw_passwd) + 1;
290 if (pwd->pw_class != NULL)
291 desired_size += strlen(pwd->pw_class) + 1;
292 if (pwd->pw_gecos != NULL)
293 desired_size += strlen(pwd->pw_gecos) + 1;
294 if (pwd->pw_dir != NULL)
295 desired_size += strlen(pwd->pw_dir) + 1;
296 if (pwd->pw_shell != NULL)
297 desired_size += strlen(pwd->pw_shell) + 1;
299 if (*buffer_size < desired_size) {
300 /* this assignment is here for future use */
301 *buffer_size = desired_size;
305 memcpy(&new_pwd, pwd, sizeof(struct passwd));
306 memset(buffer, 0, desired_size);
308 *buffer_size = desired_size;
309 p = buffer + sizeof(struct passwd) + sizeof(char *);
310 memcpy(buffer + sizeof(struct passwd), &p, sizeof(char *));
312 if (new_pwd.pw_name != NULL) {
313 size = strlen(new_pwd.pw_name);
314 memcpy(p, new_pwd.pw_name, size);
319 if (new_pwd.pw_passwd != NULL) {
320 size = strlen(new_pwd.pw_passwd);
321 memcpy(p, new_pwd.pw_passwd, size);
322 new_pwd.pw_passwd = p;
326 if (new_pwd.pw_class != NULL) {
327 size = strlen(new_pwd.pw_class);
328 memcpy(p, new_pwd.pw_class, size);
329 new_pwd.pw_class = p;
333 if (new_pwd.pw_gecos != NULL) {
334 size = strlen(new_pwd.pw_gecos);
335 memcpy(p, new_pwd.pw_gecos, size);
336 new_pwd.pw_gecos = p;
340 if (new_pwd.pw_dir != NULL) {
341 size = strlen(new_pwd.pw_dir);
342 memcpy(p, new_pwd.pw_dir, size);
347 if (new_pwd.pw_shell != NULL) {
348 size = strlen(new_pwd.pw_shell);
349 memcpy(p, new_pwd.pw_shell, size);
350 new_pwd.pw_shell = p;
354 memcpy(buffer, &new_pwd, sizeof(struct passwd));
359 pwd_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
366 size_t orig_buf_size;
371 switch ((enum nss_lookup_type)(uintptr_t)cache_mdata) {
373 name = va_arg(ap, char *);
376 uid = va_arg(ap, uid_t);
381 /* should be unreachable */
385 pwd = va_arg(ap, struct passwd *);
386 orig_buf = va_arg(ap, char *);
387 orig_buf_size = va_arg(ap, size_t);
388 ret_errno = va_arg(ap, int *);
390 if (orig_buf_size + sizeof(struct passwd) + sizeof(char *) <
394 } else if (buffer_size < sizeof(struct passwd) + sizeof(char *)) {
396 * nscd(8) sometimes returns buffer_size=1 for nonexistent
400 return (NS_NOTFOUND);
403 memcpy(pwd, buffer, sizeof(struct passwd));
404 memcpy(&p, buffer + sizeof(struct passwd), sizeof(char *));
405 memcpy(orig_buf, buffer + sizeof(struct passwd) + sizeof(char *),
406 buffer_size - sizeof(struct passwd) - sizeof(char *));
408 NS_APPLY_OFFSET(pwd->pw_name, orig_buf, p, char *);
409 NS_APPLY_OFFSET(pwd->pw_passwd, orig_buf, p, char *);
410 NS_APPLY_OFFSET(pwd->pw_class, orig_buf, p, char *);
411 NS_APPLY_OFFSET(pwd->pw_gecos, orig_buf, p, char *);
412 NS_APPLY_OFFSET(pwd->pw_dir, orig_buf, p, char *);
413 NS_APPLY_OFFSET(pwd->pw_shell, orig_buf, p, char *);
416 *((struct passwd **)retval) = pwd;
421 NSS_MP_CACHE_HANDLING(passwd);
422 #endif /* NS_CACHING */
428 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
429 passwd, (void *)nss_lt_all,
433 static const ns_dtab dtab[] = {
434 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
436 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
439 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
441 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
443 NS_CACHE_CB(&cache_info)
447 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, 0);
452 setpassent(int stayopen)
455 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
456 passwd, (void *)nss_lt_all,
460 static const ns_dtab dtab[] = {
461 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
463 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
466 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
468 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
470 NS_CACHE_CB(&cache_info)
474 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc,
484 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
485 passwd, (void *)nss_lt_all,
489 static const ns_dtab dtab[] = {
490 { NSSRC_FILES, files_setpwent, (void *)ENDPWENT },
492 { NSSRC_DNS, dns_setpwent, (void *)ENDPWENT },
495 { NSSRC_NIS, nis_setpwent, (void *)ENDPWENT },
497 { NSSRC_COMPAT, compat_setpwent, (void *)ENDPWENT },
499 NS_CACHE_CB(&cache_info)
503 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "endpwent", defaultsrc);
508 getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
509 struct passwd **result)
512 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
513 passwd, (void *)nss_lt_all,
514 pwd_marshal_func, pwd_unmarshal_func);
517 static const ns_dtab dtab[] = {
518 { NSSRC_FILES, files_passwd, (void *)nss_lt_all },
520 { NSSRC_DNS, dns_passwd, (void *)nss_lt_all },
523 { NSSRC_NIS, nis_passwd, (void *)nss_lt_all },
525 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_all },
527 NS_CACHE_CB(&cache_info)
536 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwent_r", defaultsrc,
537 pwd, buffer, bufsize, &ret_errno);
538 if (rv == NS_SUCCESS)
546 getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t bufsize,
547 struct passwd **result)
550 static const nss_cache_info cache_info =
551 NS_COMMON_CACHE_INFO_INITIALIZER(
552 passwd, (void *)nss_lt_name,
553 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
556 static const ns_dtab dtab[] = {
557 { NSSRC_FILES, files_passwd, (void *)nss_lt_name },
559 { NSSRC_DNS, dns_passwd, (void *)nss_lt_name },
562 { NSSRC_NIS, nis_passwd, (void *)nss_lt_name },
564 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_name },
566 NS_CACHE_CB(&cache_info)
575 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwnam_r", defaultsrc,
576 name, pwd, buffer, bufsize, &ret_errno);
577 if (rv == NS_SUCCESS)
585 getpwuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize,
586 struct passwd **result)
589 static const nss_cache_info cache_info =
590 NS_COMMON_CACHE_INFO_INITIALIZER(
591 passwd, (void *)nss_lt_id,
592 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
595 static const ns_dtab dtab[] = {
596 { NSSRC_FILES, files_passwd, (void *)nss_lt_id },
598 { NSSRC_DNS, dns_passwd, (void *)nss_lt_id },
601 { NSSRC_NIS, nis_passwd, (void *)nss_lt_id },
603 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_id },
605 NS_CACHE_CB(&cache_info)
614 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwuid_r", defaultsrc,
615 uid, pwd, buffer, bufsize, &ret_errno);
616 if (rv == NS_SUCCESS)
623 static struct passwd pwd;
624 static char *pwd_storage;
625 static size_t pwd_storage_size;
628 static struct passwd *
629 getpw(int (*fn)(union key, struct passwd *, char *, size_t, struct passwd **),
635 if (pwd_storage == NULL) {
636 pwd_storage = malloc(PWD_STORAGE_INITIAL);
637 if (pwd_storage == NULL)
639 pwd_storage_size = PWD_STORAGE_INITIAL;
642 rv = fn(key, &pwd, pwd_storage, pwd_storage_size, &res);
643 if (res == NULL && rv == ERANGE) {
645 if ((pwd_storage_size << 1) > PWD_STORAGE_MAX) {
650 pwd_storage_size <<= 1;
651 pwd_storage = malloc(pwd_storage_size);
652 if (pwd_storage == NULL)
655 } while (res == NULL && rv == ERANGE);
663 wrap_getpwnam_r(union key key, struct passwd *pwd, char *buffer,
664 size_t bufsize, struct passwd **res)
666 return (getpwnam_r(key.name, pwd, buffer, bufsize, res));
671 wrap_getpwuid_r(union key key, struct passwd *pwd, char *buffer,
672 size_t bufsize, struct passwd **res)
674 return (getpwuid_r(key.uid, pwd, buffer, bufsize, res));
679 wrap_getpwent_r(union key key __unused, struct passwd *pwd, char *buffer,
680 size_t bufsize, struct passwd **res)
682 return (getpwent_r(pwd, buffer, bufsize, res));
687 getpwnam(const char *name)
692 return (getpw(wrap_getpwnam_r, key));
702 return (getpw(wrap_getpwuid_r, key));
711 key.uid = 0; /* not used */
712 return (getpw(wrap_getpwent_r, key));
720 pwdbopen(int *version)
726 if (geteuid() != 0 ||
727 (res = dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) == NULL)
728 res = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
731 key.data = _PWD_VERSION_KEY;
732 key.size = strlen(_PWD_VERSION_KEY);
733 rv = res->get(res, &key, &entry, 0);
735 *version = *(unsigned char *)entry.data;
739 *version >= nitems(pwdb_versions)) {
740 syslog(LOG_CRIT, "Unsupported password database version %d",
750 files_endstate(void *p)
756 db = ((struct files_state *)p)->db;
764 files_setpwent(void *retval, void *mdata, va_list ap)
766 struct files_state *st;
769 rv = files_getstate(&st);
772 switch ((enum constants)(uintptr_t)mdata) {
774 stayopen = va_arg(ap, int);
777 st->db = pwdbopen(&st->version);
778 st->stayopen = stayopen;
781 if (st->db != NULL) {
782 (void)st->db->close(st->db);
794 files_passwd(void *retval, void *mdata, va_list ap)
796 char keybuf[MAXLOGNAME + 1];
798 struct files_state *st;
799 enum nss_lookup_type how;
803 size_t bufsize, namesize;
806 int rv, stayopen = 0, *errnop;
810 how = (enum nss_lookup_type)(uintptr_t)mdata;
813 name = va_arg(ap, const char *);
814 keybuf[0] = _PW_KEYBYNAME;
817 uid = va_arg(ap, uid_t);
818 keybuf[0] = _PW_KEYBYUID;
821 keybuf[0] = _PW_KEYBYNUM;
827 pwd = va_arg(ap, struct passwd *);
828 buffer = va_arg(ap, char *);
829 bufsize = va_arg(ap, size_t);
830 errnop = va_arg(ap, int *);
831 *errnop = files_getstate(&st);
834 if (how == nss_lt_all && st->keynum < 0) {
838 if (st->db == NULL &&
839 (st->db = pwdbopen(&st->version)) == NULL) {
844 if (how == nss_lt_all)
847 stayopen = st->stayopen;
852 /* MAXLOGNAME includes NUL byte, but we do not
853 * include the NUL byte in the key.
855 namesize = strlcpy(&keybuf[1], name, sizeof(keybuf)-1);
856 if (namesize >= sizeof(keybuf)-1) {
861 key.size = namesize + 1;
864 if (st->version < _PWD_CURRENT_VERSION) {
865 memcpy(&keybuf[1], &uid, sizeof(uid));
866 key.size = sizeof(uid) + 1;
869 memcpy(&keybuf[1], &store, sizeof(store));
870 key.size = sizeof(store) + 1;
875 if (st->version < _PWD_CURRENT_VERSION) {
876 memcpy(&keybuf[1], &st->keynum,
878 key.size = sizeof(st->keynum) + 1;
880 store = htonl(st->keynum);
881 memcpy(&keybuf[1], &store, sizeof(store));
882 key.size = sizeof(store) + 1;
886 keybuf[0] = _PW_VERSIONED(keybuf[0], st->version);
887 rv = st->db->get(st->db, &key, &entry, 0);
888 if (rv < 0 || rv > 1) { /* should never return > 1 */
892 } else if (rv == 1) {
893 if (how == nss_lt_all)
898 rv = pwdb_versions[st->version].match(entry.data, entry.size,
900 if (rv != NS_SUCCESS)
902 if (entry.size > bufsize) {
907 memcpy(buffer, entry.data, entry.size);
908 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
910 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
912 if (st->db != NULL && !stayopen) {
913 (void)st->db->close(st->db);
916 if (rv == NS_SUCCESS) {
917 pwd->pw_fields &= ~_PWF_SOURCE;
918 pwd->pw_fields |= _PWF_FILES;
920 *(struct passwd **)retval = pwd;
927 pwdb_match_entry_v3(char *entry, size_t entrysize, enum nss_lookup_type how,
928 const char *name, uid_t uid)
933 eom = &entry[entrysize];
934 for (p = entry; p < eom; p++)
938 return (NS_NOTFOUND);
939 if (how == nss_lt_all)
941 if (how == nss_lt_name)
942 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
943 for (p++; p < eom; p++)
946 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
947 return (NS_NOTFOUND);
948 memcpy(&uid2, p, sizeof(uid2));
949 return (uid == uid2 ? NS_SUCCESS : NS_NOTFOUND);
954 pwdb_parse_entry_v3(char *buffer, size_t bufsize, struct passwd *pwd,
958 int32_t pw_change, pw_expire;
960 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
962 eom = &buffer[bufsize];
963 #define STRING(field) do { \
965 while (p < eom && *p != '\0') \
968 return (NS_NOTFOUND); \
971 #define SCALAR(field) do { \
972 if (p + sizeof(field) > eom) \
973 return (NS_NOTFOUND); \
974 memcpy(&(field), p, sizeof(field)); \
975 p += sizeof(field); \
977 STRING(pwd->pw_name);
978 STRING(pwd->pw_passwd);
982 STRING(pwd->pw_class);
983 STRING(pwd->pw_gecos);
985 STRING(pwd->pw_shell);
987 SCALAR(pwd->pw_fields);
990 pwd->pw_change = pw_change;
991 pwd->pw_expire = pw_expire;
997 pwdb_match_entry_v4(char *entry, size_t entrysize, enum nss_lookup_type how,
998 const char *name, uid_t uid)
1000 const char *p, *eom;
1003 eom = &entry[entrysize];
1004 for (p = entry; p < eom; p++)
1008 return (NS_NOTFOUND);
1009 if (how == nss_lt_all)
1010 return (NS_SUCCESS);
1011 if (how == nss_lt_name)
1012 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
1013 for (p++; p < eom; p++)
1016 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
1017 return (NS_NOTFOUND);
1018 memcpy(&uid2, p, sizeof(uid2));
1020 return (uid == (uid_t)uid2 ? NS_SUCCESS : NS_NOTFOUND);
1025 pwdb_parse_entry_v4(char *buffer, size_t bufsize, struct passwd *pwd,
1031 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
1033 eom = &buffer[bufsize];
1034 #define STRING(field) do { \
1036 while (p < eom && *p != '\0') \
1039 return (NS_NOTFOUND); \
1042 #define SCALAR(field) do { \
1043 if (p + sizeof(n) > eom) \
1044 return (NS_NOTFOUND); \
1045 memcpy(&n, p, sizeof(n)); \
1046 (field) = ntohl(n); \
1049 STRING(pwd->pw_name);
1050 STRING(pwd->pw_passwd);
1051 SCALAR(pwd->pw_uid);
1052 SCALAR(pwd->pw_gid);
1053 SCALAR(pwd->pw_change);
1054 STRING(pwd->pw_class);
1055 STRING(pwd->pw_gecos);
1056 STRING(pwd->pw_dir);
1057 STRING(pwd->pw_shell);
1058 SCALAR(pwd->pw_expire);
1059 SCALAR(pwd->pw_fields);
1062 return (NS_SUCCESS);
1071 dns_endstate(void *p)
1078 dns_setpwent(void *retval, void *mdata, va_list ap)
1080 struct dns_state *st;
1083 rv = dns_getstate(&st);
1085 return (NS_UNAVAIL);
1087 return (NS_UNAVAIL);
1092 dns_passwd(void *retval, void *mdata, va_list ap)
1094 char buf[HESIOD_NAME_MAX];
1095 struct dns_state *st;
1097 const char *name, *label;
1099 char *buffer, **hes;
1100 size_t bufsize, linesize;
1102 enum nss_lookup_type how;
1109 how = (enum nss_lookup_type)(uintptr_t)mdata;
1112 name = va_arg(ap, const char *);
1115 uid = va_arg(ap, uid_t);
1120 pwd = va_arg(ap, struct passwd *);
1121 buffer = va_arg(ap, char *);
1122 bufsize = va_arg(ap, size_t);
1123 errnop = va_arg(ap, int *);
1124 *errnop = dns_getstate(&st);
1126 return (NS_UNAVAIL);
1127 if (hesiod_init(&ctx) != 0) {
1139 if (snprintf(buf, sizeof(buf), "%lu",
1140 (unsigned long)uid) >= sizeof(buf))
1145 if (st->counter < 0)
1147 if (snprintf(buf, sizeof(buf), "passwd-%ld",
1148 st->counter++) >= sizeof(buf))
1153 hes = hesiod_resolve(ctx, label,
1154 how == nss_lt_id ? "uid" : "passwd");
1156 if (how == nss_lt_all)
1158 if (errno != ENOENT)
1162 rv = __pw_match_entry(hes[0], strlen(hes[0]), how, name, uid);
1163 if (rv != NS_SUCCESS) {
1164 hesiod_free_list(ctx, hes);
1168 linesize = strlcpy(buffer, hes[0], bufsize);
1169 if (linesize >= bufsize) {
1174 hesiod_free_list(ctx, hes);
1176 rv = __pw_parse_entry(buffer, bufsize, pwd, 0, errnop);
1177 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1180 hesiod_free_list(ctx, hes);
1183 if (rv == NS_SUCCESS) {
1184 pwd->pw_fields &= ~_PWF_SOURCE;
1185 pwd->pw_fields |= _PWF_HESIOD;
1187 *(struct passwd **)retval = pwd;
1199 nis_endstate(void *p)
1201 free(((struct nis_state *)p)->key);
1206 * Test for the presence of special FreeBSD-specific master.passwd.by*
1207 * maps. We do this using yp_order(). If it fails, then either the server
1208 * doesn't have the map, or the YPPROC_ORDER procedure isn't supported by
1209 * the server (Sun NIS+ servers in YP compat mode behave this way). If
1210 * the master.passwd.by* maps don't exist, then let the lookup routine try
1211 * the regular passwd.by* maps instead. If the lookup routine fails, it
1212 * can return an error as needed.
1215 nis_map(char *domain, enum nss_lookup_type how, char *buffer, size_t bufsize,
1221 if (geteuid() == 0) {
1222 if (snprintf(buffer, bufsize, "master.passwd.by%s",
1223 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1224 return (NS_UNAVAIL);
1225 rv = yp_order(domain, buffer, &order);
1228 return (NS_SUCCESS);
1232 if (snprintf(buffer, bufsize, "passwd.by%s",
1233 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1234 return (NS_UNAVAIL);
1236 return (NS_SUCCESS);
1241 nis_adjunct(char *domain, const char *name, char *buffer, size_t bufsize)
1244 char *result, *p, *q, *eor;
1248 rv = yp_match(domain, "passwd.adjunct.byname", name, strlen(name),
1249 &result, &resultlen);
1253 eor = &result[resultlen];
1254 p = memchr(result, ':', eor - result);
1255 if (p != NULL && ++p < eor &&
1256 (q = memchr(p, ':', eor - p)) != NULL) {
1257 if (q - p >= bufsize)
1260 memcpy(buffer, p, q - p);
1261 buffer[q - p] ='\0';
1272 nis_setpwent(void *retval, void *mdata, va_list ap)
1274 struct nis_state *st;
1277 rv = nis_getstate(&st);
1279 return (NS_UNAVAIL);
1283 return (NS_UNAVAIL);
1288 nis_passwd(void *retval, void *mdata, va_list ap)
1291 struct nis_state *st;
1294 char *buffer, *key, *result;
1297 enum nss_lookup_type how;
1298 int *errnop, keylen, resultlen, rv, master;
1302 how = (enum nss_lookup_type)(uintptr_t)mdata;
1305 name = va_arg(ap, const char *);
1308 uid = va_arg(ap, uid_t);
1313 pwd = va_arg(ap, struct passwd *);
1314 buffer = va_arg(ap, char *);
1315 bufsize = va_arg(ap, size_t);
1316 errnop = va_arg(ap, int *);
1317 *errnop = nis_getstate(&st);
1319 return (NS_UNAVAIL);
1320 if (st->domain[0] == '\0') {
1321 if (getdomainname(st->domain, sizeof(st->domain)) != 0) {
1323 return (NS_UNAVAIL);
1326 rv = nis_map(st->domain, how, map, sizeof(map), &master);
1327 if (rv != NS_SUCCESS)
1334 if (strlcpy(buffer, name, bufsize) >= bufsize)
1338 if (snprintf(buffer, bufsize, "%lu",
1339 (unsigned long)uid) >= bufsize)
1348 if (how == nss_lt_all) {
1349 if (st->key == NULL)
1350 rv = yp_first(st->domain, map, &st->key,
1351 &st->keylen, &result, &resultlen);
1354 keylen = st->keylen;
1356 rv = yp_next(st->domain, map, key, keylen,
1357 &st->key, &st->keylen, &result,
1365 if (rv == YPERR_NOMORE)
1372 rv = yp_match(st->domain, map, buffer, strlen(buffer),
1373 &result, &resultlen);
1374 if (rv == YPERR_KEY) {
1377 } else if (rv != 0) {
1383 if (resultlen >= bufsize) {
1387 memcpy(buffer, result, resultlen);
1388 buffer[resultlen] = '\0';
1390 rv = __pw_match_entry(buffer, resultlen, how, name, uid);
1391 if (rv == NS_SUCCESS)
1392 rv = __pw_parse_entry(buffer, resultlen, pwd, master,
1394 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1396 if (rv == NS_SUCCESS) {
1397 if (strstr(pwd->pw_passwd, "##") != NULL) {
1398 rv = nis_adjunct(st->domain, pwd->pw_name,
1399 &buffer[resultlen+1], bufsize-resultlen-1);
1403 pwd->pw_passwd = &buffer[resultlen+1];
1405 pwd->pw_fields &= ~_PWF_SOURCE;
1406 pwd->pw_fields |= _PWF_NIS;
1408 *(struct passwd **)retval = pwd;
1423 compat_clear_template(struct passwd *template)
1426 free(template->pw_passwd);
1427 free(template->pw_gecos);
1428 free(template->pw_dir);
1429 free(template->pw_shell);
1430 memset(template, 0, sizeof(*template));
1435 compat_set_template(struct passwd *src, struct passwd *template)
1438 compat_clear_template(template);
1439 #ifdef PW_OVERRIDE_PASSWD
1440 if ((src->pw_fields & _PWF_PASSWD) &&
1441 (template->pw_passwd = strdup(src->pw_passwd)) == NULL)
1444 if (src->pw_fields & _PWF_UID)
1445 template->pw_uid = src->pw_uid;
1446 if (src->pw_fields & _PWF_GID)
1447 template->pw_gid = src->pw_gid;
1448 if ((src->pw_fields & _PWF_GECOS) &&
1449 (template->pw_gecos = strdup(src->pw_gecos)) == NULL)
1451 if ((src->pw_fields & _PWF_DIR) &&
1452 (template->pw_dir = strdup(src->pw_dir)) == NULL)
1454 if ((src->pw_fields & _PWF_SHELL) &&
1455 (template->pw_shell = strdup(src->pw_shell)) == NULL)
1457 template->pw_fields = src->pw_fields;
1460 syslog(LOG_ERR, "getpwent memory allocation failure");
1466 compat_use_template(struct passwd *pwd, struct passwd *template, char *buffer,
1470 char *copy, *p, *q, *eob;
1473 /* We cannot know the layout of the password fields in `buffer',
1474 * so we have to copy everything.
1476 if (template->pw_fields == 0) /* nothing to fill-in */
1479 n += pwd->pw_name != NULL ? strlen(pwd->pw_name) + 1 : 0;
1480 n += pwd->pw_passwd != NULL ? strlen(pwd->pw_passwd) + 1 : 0;
1481 n += pwd->pw_class != NULL ? strlen(pwd->pw_class) + 1 : 0;
1482 n += pwd->pw_gecos != NULL ? strlen(pwd->pw_gecos) + 1 : 0;
1483 n += pwd->pw_dir != NULL ? strlen(pwd->pw_dir) + 1 : 0;
1484 n += pwd->pw_shell != NULL ? strlen(pwd->pw_shell) + 1 : 0;
1487 syslog(LOG_ERR, "getpwent memory allocation failure");
1492 #define COPY(field) do { \
1493 if (pwd->field == NULL) \
1494 hold.field = NULL; \
1497 p += strlcpy(p, pwd->field, eob-p) + 1; \
1508 eob = &buffer[bufsize];
1509 #define COPY(field, flag) do { \
1510 q = (template->pw_fields & flag) ? template->field : hold.field; \
1512 pwd->field = NULL; \
1515 if ((n = strlcpy(p, q, eob-p)) >= eob-p) { \
1523 #ifdef PW_OVERRIDE_PASSWD
1524 COPY(pw_passwd, _PWF_PASSWD);
1529 COPY(pw_gecos, _PWF_GECOS);
1530 COPY(pw_dir, _PWF_DIR);
1531 COPY(pw_shell, _PWF_SHELL);
1533 #define COPY(field, flag) do { \
1534 if (template->pw_fields & flag) \
1535 pwd->field = template->field; \
1537 COPY(pw_uid, _PWF_UID);
1538 COPY(pw_gid, _PWF_GID);
1546 compat_exclude(const char *name, DB **db)
1551 (*db = dbopen(NULL, O_RDWR, 600, DB_HASH, 0)) == NULL)
1553 key.size = strlen(name);
1554 key.data = (char *)name;
1558 if ((*db)->put(*db, &key, &data, 0) == -1)
1565 compat_is_excluded(const char *name, DB *db)
1571 key.size = strlen(name);
1572 key.data = (char *)name;
1573 return (db->get(db, &key, &data, 0) == 0);
1578 compat_redispatch(struct compat_state *st, enum nss_lookup_type how,
1579 enum nss_lookup_type lookup_how, const char *name, const char *lookup_name,
1580 uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, int *errnop)
1582 static const ns_src compatsrc[] = {
1584 { NSSRC_NIS, NS_SUCCESS },
1590 { NSSRC_NIS, nis_passwd, NULL },
1593 { NSSRC_DNS, dns_passwd, NULL },
1595 { NULL, NULL, NULL }
1600 for (i = 0; i < (int)(nitems(dtab) - 1); i++)
1601 dtab[i].mdata = (void *)lookup_how;
1604 switch (lookup_how) {
1606 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1607 "getpwent_r", compatsrc, pwd, buffer, bufsize,
1611 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1612 "getpwuid_r", compatsrc, uid, pwd, buffer,
1616 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1617 "getpwnam_r", compatsrc, lookup_name, pwd, buffer,
1621 return (NS_UNAVAIL);
1623 if (rv != NS_SUCCESS)
1625 if (compat_is_excluded(pwd->pw_name, st->exclude)) {
1626 if (how == nss_lt_all)
1628 return (NS_NOTFOUND);
1630 e = compat_use_template(pwd, &st->template, buffer, bufsize);
1636 return (NS_UNAVAIL);
1640 if (strcmp(name, pwd->pw_name) != 0)
1641 return (NS_NOTFOUND);
1644 if (uid != pwd->pw_uid)
1645 return (NS_NOTFOUND);
1650 return (NS_SUCCESS);
1655 compat_endstate(void *p)
1657 struct compat_state *st;
1661 st = (struct compat_state *)p;
1663 st->db->close(st->db);
1664 if (st->exclude != NULL)
1665 st->exclude->close(st->exclude);
1666 compat_clear_template(&st->template);
1672 compat_setpwent(void *retval, void *mdata, va_list ap)
1674 static const ns_src compatsrc[] = {
1676 { NSSRC_NIS, NS_SUCCESS },
1682 { NSSRC_NIS, nis_setpwent, NULL },
1685 { NSSRC_DNS, dns_setpwent, NULL },
1687 { NULL, NULL, NULL }
1689 struct compat_state *st;
1692 #define set_setent(x, y) do { \
1694 for (i = 0; i < (int)(nitems(x) - 1); i++) \
1695 x[i].mdata = (void *)y; \
1698 rv = compat_getstate(&st);
1700 return (NS_UNAVAIL);
1701 switch ((enum constants)(uintptr_t)mdata) {
1703 stayopen = va_arg(ap, int);
1706 st->db = pwdbopen(&st->version);
1707 st->stayopen = stayopen;
1708 set_setent(dtab, mdata);
1709 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "setpwent",
1713 if (st->db != NULL) {
1714 (void)st->db->close(st->db);
1717 set_setent(dtab, mdata);
1718 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "endpwent",
1724 return (NS_UNAVAIL);
1730 compat_passwd(void *retval, void *mdata, va_list ap)
1732 char keybuf[MAXLOGNAME + 1];
1735 struct compat_state *st;
1736 enum nss_lookup_type how;
1739 char *buffer, *pw_name;
1740 char *host, *user, *domain;
1744 int rv, from_compat, stayopen, *errnop;
1749 how = (enum nss_lookup_type)(uintptr_t)mdata;
1752 name = va_arg(ap, const char *);
1755 uid = va_arg(ap, uid_t);
1763 pwd = va_arg(ap, struct passwd *);
1764 buffer = va_arg(ap, char *);
1765 bufsize = va_arg(ap, size_t);
1766 errnop = va_arg(ap, int *);
1767 *errnop = compat_getstate(&st);
1769 return (NS_UNAVAIL);
1770 if (how == nss_lt_all && st->keynum < 0) {
1774 if (st->db == NULL &&
1775 (st->db = pwdbopen(&st->version)) == NULL) {
1780 if (how == nss_lt_all) {
1781 if (st->keynum < 0) {
1785 keynum = st->keynum;
1789 stayopen = st->stayopen;
1793 switch (st->compat) {
1794 case COMPAT_MODE_ALL:
1795 rv = compat_redispatch(st, how, how, name, name, uid, pwd,
1796 buffer, bufsize, errnop);
1797 if (rv != NS_SUCCESS)
1798 st->compat = COMPAT_MODE_OFF;
1800 case COMPAT_MODE_NETGROUP:
1801 /* XXX getnetgrent is not thread-safe. */
1803 rv = getnetgrent(&host, &user, &domain);
1806 st->compat = COMPAT_MODE_OFF;
1809 } else if (user == NULL || user[0] == '\0')
1811 rv = compat_redispatch(st, how, nss_lt_name, name,
1812 user, uid, pwd, buffer, bufsize, errnop);
1813 } while (st->compat == COMPAT_MODE_NETGROUP &&
1814 !(rv & NS_TERMINATE));
1816 case COMPAT_MODE_NAME:
1817 rv = compat_redispatch(st, how, nss_lt_name, name, st->name,
1818 uid, pwd, buffer, bufsize, errnop);
1821 st->compat = COMPAT_MODE_OFF;
1826 if (rv & NS_TERMINATE) {
1832 while (keynum >= 0) {
1834 if (st->version < _PWD_CURRENT_VERSION) {
1835 memcpy(&keybuf[1], &keynum, sizeof(keynum));
1836 key.size = sizeof(keynum) + 1;
1838 store = htonl(keynum);
1839 memcpy(&keybuf[1], &store, sizeof(store));
1840 key.size = sizeof(store) + 1;
1842 keybuf[0] = _PW_VERSIONED(_PW_KEYBYNUM, st->version);
1843 rv = st->db->get(st->db, &key, &entry, 0);
1844 if (rv < 0 || rv > 1) { /* should never return > 1 */
1848 } else if (rv == 1) {
1853 pw_name = (char *)entry.data;
1854 switch (pw_name[0]) {
1856 switch (pw_name[1]) {
1858 st->compat = COMPAT_MODE_ALL;
1861 setnetgrent(&pw_name[2]);
1862 st->compat = COMPAT_MODE_NETGROUP;
1865 st->name = strdup(&pw_name[1]);
1866 if (st->name == NULL) {
1868 "getpwent memory allocation failure");
1873 st->compat = COMPAT_MODE_NAME;
1875 if (entry.size > bufsize) {
1880 memcpy(buffer, entry.data, entry.size);
1881 rv = pwdb_versions[st->version].parse(buffer,
1882 entry.size, pwd, errnop);
1883 if (rv != NS_SUCCESS)
1885 else if (compat_set_template(pwd, &st->template) < 0) {
1892 switch (pw_name[1]) {
1894 /* XXX Maybe syslog warning */
1897 setnetgrent(&pw_name[2]);
1898 while (getnetgrent(&host, &user, &domain) !=
1900 if (user != NULL && user[0] != '\0')
1901 compat_exclude(user,
1907 compat_exclude(&pw_name[1], &st->exclude);
1914 if (compat_is_excluded((char *)entry.data, st->exclude))
1916 rv = pwdb_versions[st->version].match(entry.data, entry.size,
1918 if (rv == NS_RETURN)
1920 else if (rv != NS_SUCCESS)
1922 if (entry.size > bufsize) {
1927 memcpy(buffer, entry.data, entry.size);
1928 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
1930 if (rv & NS_TERMINATE)
1934 if (how == nss_lt_all)
1935 st->keynum = keynum;
1936 if (st->db != NULL && !stayopen) {
1937 (void)st->db->close(st->db);
1940 if (rv == NS_SUCCESS) {
1942 pwd->pw_fields &= ~_PWF_SOURCE;
1943 pwd->pw_fields |= _PWF_FILES;
1946 *(struct passwd **)retval = pwd;
1953 * common passwd line matching and parsing
1956 __pw_match_entry(const char *entry, size_t entrysize, enum nss_lookup_type how,
1957 const char *name, uid_t uid)
1959 const char *p, *eom;
1964 eom = entry + entrysize;
1965 for (p = entry; p < eom; p++)
1969 return (NS_NOTFOUND);
1970 if (how == nss_lt_all)
1971 return (NS_SUCCESS);
1972 if (how == nss_lt_name) {
1974 if (len == (p - entry) && memcmp(name, entry, len) == 0)
1975 return (NS_SUCCESS);
1977 return (NS_NOTFOUND);
1979 for (p++; p < eom; p++)
1983 return (NS_NOTFOUND);
1984 m = strtoul(++p, &q, 10);
1985 if (q[0] != ':' || (uid_t)m != uid)
1986 return (NS_NOTFOUND);
1988 return (NS_SUCCESS);
1992 /* XXX buffer must be NUL-terminated. errnop is not set correctly. */
1994 __pw_parse_entry(char *buffer, size_t bufsize __unused, struct passwd *pwd,
1995 int master, int *errnop __unused)
1998 if (__pw_scan(buffer, pwd, master ? _PWSCAN_MASTER : 0) == 0)
1999 return (NS_NOTFOUND);
2001 return (NS_SUCCESS);