2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2003 Networks Associates Technology, Inc.
7 * This software was developed for the FreeBSD Project by
8 * Jacques A. Vidrine, Safeport Network Services, and Network
9 * Associates Laboratories, the Security Research Division of Network
10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
11 * ("CBOSS"), as part of the DARPA CHATS research program.
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
38 #include "namespace.h"
39 #include <sys/param.h>
42 #include <rpcsvc/yp_prot.h>
43 #include <rpcsvc/ypclnt.h>
45 #include <arpa/inet.h>
54 #include <pthread_np.h>
61 #include "un-namespace.h"
63 #include "libc_private.h"
71 #define CTASSERT(x) _CTASSERT(x, __LINE__)
72 #define _CTASSERT(x, y) __CTASSERT(x, y)
73 #define __CTASSERT(x, y) typedef char __assert_ ## y [(x) ? 1 : -1]
76 /* Counter as stored in /etc/pwd.db */
79 CTASSERT(MAXLOGNAME > sizeof(uid_t));
80 CTASSERT(MAXLOGNAME > sizeof(pwkeynum));
83 PWD_STORAGE_INITIAL = 1 << 10, /* 1 KByte */
84 PWD_STORAGE_MAX = 1 << 20, /* 1 MByte */
90 static const ns_src defaultsrc[] = {
91 { NSSRC_COMPAT, NS_SUCCESS },
95 int __pw_match_entry(const char *, size_t, enum nss_lookup_type,
97 int __pw_parse_entry(char *, size_t, struct passwd *, int, int *errnop);
99 static void pwd_init(struct passwd *);
106 static struct passwd *getpw(int (*fn)(union key, struct passwd *, char *,
107 size_t, struct passwd **), union key);
108 static int wrap_getpwnam_r(union key, struct passwd *, char *,
109 size_t, struct passwd **);
110 static int wrap_getpwuid_r(union key, struct passwd *, char *, size_t,
112 static int wrap_getpwent_r(union key, struct passwd *, char *, size_t,
115 static int pwdb_match_entry_v3(char *, size_t, enum nss_lookup_type,
116 const char *, uid_t);
117 static int pwdb_parse_entry_v3(char *, size_t, struct passwd *, int *);
118 static int pwdb_match_entry_v4(char *, size_t, enum nss_lookup_type,
119 const char *, uid_t);
120 static int pwdb_parse_entry_v4(char *, size_t, struct passwd *, int *);
124 int (*match)(char *, size_t, enum nss_lookup_type, const char *,
126 int (*parse)(char *, size_t, struct passwd *, int *);
127 } pwdb_versions[] = {
128 { NULL, NULL }, /* version 0 */
129 { NULL, NULL }, /* version 1 */
130 { NULL, NULL }, /* version 2 */
131 { pwdb_match_entry_v3, pwdb_parse_entry_v3 }, /* version 3 */
132 { pwdb_match_entry_v4, pwdb_parse_entry_v4 }, /* version 4 */
142 static void files_endstate(void *);
143 NSS_TLS_HANDLING(files);
144 static DB *pwdbopen(int *);
145 static void files_endstate(void *);
146 static int files_setpwent(void *, void *, va_list);
147 static int files_passwd(void *, void *, va_list);
154 static void dns_endstate(void *);
155 NSS_TLS_HANDLING(dns);
156 static int dns_setpwent(void *, void *, va_list);
157 static int dns_passwd(void *, void *, va_list);
163 char domain[MAXHOSTNAMELEN];
168 static void nis_endstate(void *);
169 NSS_TLS_HANDLING(nis);
170 static int nis_setpwent(void *, void *, va_list);
171 static int nis_passwd(void *, void *, va_list);
172 static int nis_map(char *, enum nss_lookup_type, char *, size_t, int *);
173 static int nis_adjunct(char *, const char *, char *, size_t);
177 struct compat_state {
183 struct passwd template;
192 static void compat_endstate(void *);
193 NSS_TLS_HANDLING(compat);
194 static int compat_setpwent(void *, void *, va_list);
195 static int compat_passwd(void *, void *, va_list);
196 static void compat_clear_template(struct passwd *);
197 static int compat_set_template(struct passwd *, struct passwd *);
198 static int compat_use_template(struct passwd *, struct passwd *, char *,
200 static int compat_redispatch(struct compat_state *, enum nss_lookup_type,
201 enum nss_lookup_type, const char *, const char *, uid_t,
202 struct passwd *, char *, size_t, int *);
205 static int pwd_id_func(char *, size_t *, va_list ap, void *);
206 static int pwd_marshal_func(char *, size_t *, void *, va_list, void *);
207 static int pwd_unmarshal_func(char *, size_t, void *, va_list, void *);
210 pwd_id_func(char *buffer, size_t *buffer_size, va_list ap, void *cache_mdata)
214 size_t size, desired_size;
215 int res = NS_UNAVAIL;
216 enum nss_lookup_type lookup_type;
218 lookup_type = (enum nss_lookup_type)cache_mdata;
219 switch (lookup_type) {
221 name = va_arg(ap, char *);
223 desired_size = sizeof(enum nss_lookup_type) + size + 1;
224 if (desired_size > *buffer_size) {
229 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
230 memcpy(buffer + sizeof(enum nss_lookup_type), name, size + 1);
235 uid = va_arg(ap, uid_t);
236 desired_size = sizeof(enum nss_lookup_type) + sizeof(uid_t);
237 if (desired_size > *buffer_size) {
242 memcpy(buffer, &lookup_type, sizeof(enum nss_lookup_type));
243 memcpy(buffer + sizeof(enum nss_lookup_type), &uid,
249 /* should be unreachable */
254 *buffer_size = desired_size;
259 pwd_marshal_func(char *buffer, size_t *buffer_size, void *retval, va_list ap,
266 size_t orig_buf_size;
268 struct passwd new_pwd;
269 size_t desired_size, size;
272 switch ((enum nss_lookup_type)cache_mdata) {
274 name = va_arg(ap, char *);
277 uid = va_arg(ap, uid_t);
282 /* should be unreachable */
286 pwd = va_arg(ap, struct passwd *);
287 orig_buf = va_arg(ap, char *);
288 orig_buf_size = va_arg(ap, size_t);
290 desired_size = sizeof(struct passwd) + sizeof(char *) +
291 strlen(pwd->pw_name) + 1;
292 if (pwd->pw_passwd != NULL)
293 desired_size += strlen(pwd->pw_passwd) + 1;
294 if (pwd->pw_class != NULL)
295 desired_size += strlen(pwd->pw_class) + 1;
296 if (pwd->pw_gecos != NULL)
297 desired_size += strlen(pwd->pw_gecos) + 1;
298 if (pwd->pw_dir != NULL)
299 desired_size += strlen(pwd->pw_dir) + 1;
300 if (pwd->pw_shell != NULL)
301 desired_size += strlen(pwd->pw_shell) + 1;
303 if (*buffer_size < desired_size) {
304 /* this assignment is here for future use */
305 *buffer_size = desired_size;
309 memcpy(&new_pwd, pwd, sizeof(struct passwd));
310 memset(buffer, 0, desired_size);
312 *buffer_size = desired_size;
313 p = buffer + sizeof(struct passwd) + sizeof(char *);
314 memcpy(buffer + sizeof(struct passwd), &p, sizeof(char *));
316 if (new_pwd.pw_name != NULL) {
317 size = strlen(new_pwd.pw_name);
318 memcpy(p, new_pwd.pw_name, size);
323 if (new_pwd.pw_passwd != NULL) {
324 size = strlen(new_pwd.pw_passwd);
325 memcpy(p, new_pwd.pw_passwd, size);
326 new_pwd.pw_passwd = p;
330 if (new_pwd.pw_class != NULL) {
331 size = strlen(new_pwd.pw_class);
332 memcpy(p, new_pwd.pw_class, size);
333 new_pwd.pw_class = p;
337 if (new_pwd.pw_gecos != NULL) {
338 size = strlen(new_pwd.pw_gecos);
339 memcpy(p, new_pwd.pw_gecos, size);
340 new_pwd.pw_gecos = p;
344 if (new_pwd.pw_dir != NULL) {
345 size = strlen(new_pwd.pw_dir);
346 memcpy(p, new_pwd.pw_dir, size);
351 if (new_pwd.pw_shell != NULL) {
352 size = strlen(new_pwd.pw_shell);
353 memcpy(p, new_pwd.pw_shell, size);
354 new_pwd.pw_shell = p;
358 memcpy(buffer, &new_pwd, sizeof(struct passwd));
363 pwd_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
370 size_t orig_buf_size;
375 switch ((enum nss_lookup_type)cache_mdata) {
377 name = va_arg(ap, char *);
380 uid = va_arg(ap, uid_t);
385 /* should be unreachable */
389 pwd = va_arg(ap, struct passwd *);
390 orig_buf = va_arg(ap, char *);
391 orig_buf_size = va_arg(ap, size_t);
392 ret_errno = va_arg(ap, int *);
395 buffer_size - sizeof(struct passwd) - sizeof(char *)) {
400 memcpy(pwd, buffer, sizeof(struct passwd));
401 memcpy(&p, buffer + sizeof(struct passwd), sizeof(char *));
402 memcpy(orig_buf, buffer + sizeof(struct passwd) + sizeof(char *),
403 buffer_size - sizeof(struct passwd) - sizeof(char *));
405 NS_APPLY_OFFSET(pwd->pw_name, orig_buf, p, char *);
406 NS_APPLY_OFFSET(pwd->pw_passwd, orig_buf, p, char *);
407 NS_APPLY_OFFSET(pwd->pw_class, orig_buf, p, char *);
408 NS_APPLY_OFFSET(pwd->pw_gecos, orig_buf, p, char *);
409 NS_APPLY_OFFSET(pwd->pw_dir, orig_buf, p, char *);
410 NS_APPLY_OFFSET(pwd->pw_shell, orig_buf, p, char *);
413 *((struct passwd **)retval) = pwd;
418 NSS_MP_CACHE_HANDLING(passwd);
419 #endif /* NS_CACHING */
425 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
426 passwd, (void *)nss_lt_all,
430 static const ns_dtab dtab[] = {
431 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
433 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
436 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
438 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
440 NS_CACHE_CB(&cache_info)
444 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc, 0);
449 setpassent(int stayopen)
452 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
453 passwd, (void *)nss_lt_all,
457 static const ns_dtab dtab[] = {
458 { NSSRC_FILES, files_setpwent, (void *)SETPWENT },
460 { NSSRC_DNS, dns_setpwent, (void *)SETPWENT },
463 { NSSRC_NIS, nis_setpwent, (void *)SETPWENT },
465 { NSSRC_COMPAT, compat_setpwent, (void *)SETPWENT },
467 NS_CACHE_CB(&cache_info)
471 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent", defaultsrc,
481 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
482 passwd, (void *)nss_lt_all,
486 static const ns_dtab dtab[] = {
487 { NSSRC_FILES, files_setpwent, (void *)ENDPWENT },
489 { NSSRC_DNS, dns_setpwent, (void *)ENDPWENT },
492 { NSSRC_NIS, nis_setpwent, (void *)ENDPWENT },
494 { NSSRC_COMPAT, compat_setpwent, (void *)ENDPWENT },
496 NS_CACHE_CB(&cache_info)
500 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD, "endpwent", defaultsrc);
505 getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
506 struct passwd **result)
509 static const nss_cache_info cache_info = NS_MP_CACHE_INFO_INITIALIZER(
510 passwd, (void *)nss_lt_all,
511 pwd_marshal_func, pwd_unmarshal_func);
514 static const ns_dtab dtab[] = {
515 { NSSRC_FILES, files_passwd, (void *)nss_lt_all },
517 { NSSRC_DNS, dns_passwd, (void *)nss_lt_all },
520 { NSSRC_NIS, nis_passwd, (void *)nss_lt_all },
522 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_all },
524 NS_CACHE_CB(&cache_info)
533 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwent_r", defaultsrc,
534 pwd, buffer, bufsize, &ret_errno);
535 if (rv == NS_SUCCESS)
543 getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t bufsize,
544 struct passwd **result)
547 static const nss_cache_info cache_info =
548 NS_COMMON_CACHE_INFO_INITIALIZER(
549 passwd, (void *)nss_lt_name,
550 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
553 static const ns_dtab dtab[] = {
554 { NSSRC_FILES, files_passwd, (void *)nss_lt_name },
556 { NSSRC_DNS, dns_passwd, (void *)nss_lt_name },
559 { NSSRC_NIS, nis_passwd, (void *)nss_lt_name },
561 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_name },
563 NS_CACHE_CB(&cache_info)
572 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwnam_r", defaultsrc,
573 name, pwd, buffer, bufsize, &ret_errno);
574 if (rv == NS_SUCCESS)
582 getpwuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize,
583 struct passwd **result)
586 static const nss_cache_info cache_info =
587 NS_COMMON_CACHE_INFO_INITIALIZER(
588 passwd, (void *)nss_lt_id,
589 pwd_id_func, pwd_marshal_func, pwd_unmarshal_func);
592 static const ns_dtab dtab[] = {
593 { NSSRC_FILES, files_passwd, (void *)nss_lt_id },
595 { NSSRC_DNS, dns_passwd, (void *)nss_lt_id },
598 { NSSRC_NIS, nis_passwd, (void *)nss_lt_id },
600 { NSSRC_COMPAT, compat_passwd, (void *)nss_lt_id },
602 NS_CACHE_CB(&cache_info)
611 rv = _nsdispatch(result, dtab, NSDB_PASSWD, "getpwuid_r", defaultsrc,
612 uid, pwd, buffer, bufsize, &ret_errno);
613 if (rv == NS_SUCCESS)
621 pwd_init(struct passwd *pwd)
623 static char nul[] = "";
625 memset(pwd, 0, sizeof(*pwd));
626 pwd->pw_uid = (uid_t)-1; /* Considered least likely to lead to */
627 pwd->pw_gid = (gid_t)-1; /* a security issue. */
629 pwd->pw_passwd = nul;
637 static struct passwd pwd;
638 static char *pwd_storage;
639 static size_t pwd_storage_size;
642 static struct passwd *
643 getpw(int (*fn)(union key, struct passwd *, char *, size_t, struct passwd **),
649 if (pwd_storage == NULL) {
650 pwd_storage = malloc(PWD_STORAGE_INITIAL);
651 if (pwd_storage == NULL)
653 pwd_storage_size = PWD_STORAGE_INITIAL;
656 rv = fn(key, &pwd, pwd_storage, pwd_storage_size, &res);
657 if (res == NULL && rv == ERANGE) {
659 if ((pwd_storage_size << 1) > PWD_STORAGE_MAX) {
664 pwd_storage_size <<= 1;
665 pwd_storage = malloc(pwd_storage_size);
666 if (pwd_storage == NULL)
669 } while (res == NULL && rv == ERANGE);
677 wrap_getpwnam_r(union key key, struct passwd *pwd, char *buffer,
678 size_t bufsize, struct passwd **res)
680 return (getpwnam_r(key.name, pwd, buffer, bufsize, res));
685 wrap_getpwuid_r(union key key, struct passwd *pwd, char *buffer,
686 size_t bufsize, struct passwd **res)
688 return (getpwuid_r(key.uid, pwd, buffer, bufsize, res));
693 wrap_getpwent_r(union key key __unused, struct passwd *pwd, char *buffer,
694 size_t bufsize, struct passwd **res)
696 return (getpwent_r(pwd, buffer, bufsize, res));
701 getpwnam(const char *name)
706 return (getpw(wrap_getpwnam_r, key));
716 return (getpw(wrap_getpwuid_r, key));
725 key.uid = 0; /* not used */
726 return (getpw(wrap_getpwent_r, key));
734 pwdbopen(int *version)
740 if (geteuid() != 0 ||
741 (res = dbopen(_PATH_SMP_DB, O_RDONLY, 0, DB_HASH, NULL)) == NULL)
742 res = dbopen(_PATH_MP_DB, O_RDONLY, 0, DB_HASH, NULL);
745 key.data = _PWD_VERSION_KEY;
746 key.size = strlen(_PWD_VERSION_KEY);
747 rv = res->get(res, &key, &entry, 0);
749 *version = *(unsigned char *)entry.data;
753 *version >= nitems(pwdb_versions)) {
754 syslog(LOG_CRIT, "Unsupported password database version %d",
764 files_endstate(void *p)
770 db = ((struct files_state *)p)->db;
778 files_setpwent(void *retval, void *mdata, va_list ap)
780 struct files_state *st;
783 rv = files_getstate(&st);
786 switch ((enum constants)mdata) {
788 stayopen = va_arg(ap, int);
791 st->db = pwdbopen(&st->version);
792 st->stayopen = stayopen;
795 if (st->db != NULL) {
796 (void)st->db->close(st->db);
808 files_passwd(void *retval, void *mdata, va_list ap)
810 char keybuf[MAXLOGNAME + 1];
812 struct files_state *st;
813 enum nss_lookup_type how;
817 size_t bufsize, namesize;
820 int rv, stayopen = 0, *errnop;
824 how = (enum nss_lookup_type)mdata;
827 name = va_arg(ap, const char *);
828 keybuf[0] = _PW_KEYBYNAME;
831 uid = va_arg(ap, uid_t);
832 keybuf[0] = _PW_KEYBYUID;
835 keybuf[0] = _PW_KEYBYNUM;
841 pwd = va_arg(ap, struct passwd *);
842 buffer = va_arg(ap, char *);
843 bufsize = va_arg(ap, size_t);
844 errnop = va_arg(ap, int *);
845 *errnop = files_getstate(&st);
848 if (how == nss_lt_all && st->keynum < 0) {
852 if (st->db == NULL &&
853 (st->db = pwdbopen(&st->version)) == NULL) {
858 if (how == nss_lt_all)
861 stayopen = st->stayopen;
866 /* MAXLOGNAME includes NUL byte, but we do not
867 * include the NUL byte in the key.
869 namesize = strlcpy(&keybuf[1], name, sizeof(keybuf)-1);
870 if (namesize >= sizeof(keybuf)-1) {
875 key.size = namesize + 1;
878 if (st->version < _PWD_CURRENT_VERSION) {
879 memcpy(&keybuf[1], &uid, sizeof(uid));
880 key.size = sizeof(uid) + 1;
883 memcpy(&keybuf[1], &store, sizeof(store));
884 key.size = sizeof(store) + 1;
889 if (st->version < _PWD_CURRENT_VERSION) {
890 memcpy(&keybuf[1], &st->keynum,
892 key.size = sizeof(st->keynum) + 1;
894 store = htonl(st->keynum);
895 memcpy(&keybuf[1], &store, sizeof(store));
896 key.size = sizeof(store) + 1;
900 keybuf[0] = _PW_VERSIONED(keybuf[0], st->version);
901 rv = st->db->get(st->db, &key, &entry, 0);
902 if (rv < 0 || rv > 1) { /* should never return > 1 */
906 } else if (rv == 1) {
907 if (how == nss_lt_all)
912 rv = pwdb_versions[st->version].match(entry.data, entry.size,
914 if (rv != NS_SUCCESS)
916 if (entry.size > bufsize) {
921 memcpy(buffer, entry.data, entry.size);
922 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
924 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
926 if (st->db != NULL && !stayopen) {
927 (void)st->db->close(st->db);
930 if (rv == NS_SUCCESS) {
931 pwd->pw_fields &= ~_PWF_SOURCE;
932 pwd->pw_fields |= _PWF_FILES;
934 *(struct passwd **)retval = pwd;
941 pwdb_match_entry_v3(char *entry, size_t entrysize, enum nss_lookup_type how,
942 const char *name, uid_t uid)
947 eom = &entry[entrysize];
948 for (p = entry; p < eom; p++)
952 return (NS_NOTFOUND);
953 if (how == nss_lt_all)
955 if (how == nss_lt_name)
956 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
957 for (p++; p < eom; p++)
960 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
961 return (NS_NOTFOUND);
962 memcpy(&uid2, p, sizeof(uid2));
963 return (uid == uid2 ? NS_SUCCESS : NS_NOTFOUND);
968 pwdb_parse_entry_v3(char *buffer, size_t bufsize, struct passwd *pwd,
972 int32_t pw_change, pw_expire;
974 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
976 eom = &buffer[bufsize];
977 #define STRING(field) do { \
979 while (p < eom && *p != '\0') \
982 return (NS_NOTFOUND); \
985 #define SCALAR(field) do { \
986 if (p + sizeof(field) > eom) \
987 return (NS_NOTFOUND); \
988 memcpy(&(field), p, sizeof(field)); \
989 p += sizeof(field); \
991 STRING(pwd->pw_name);
992 STRING(pwd->pw_passwd);
996 STRING(pwd->pw_class);
997 STRING(pwd->pw_gecos);
999 STRING(pwd->pw_shell);
1001 SCALAR(pwd->pw_fields);
1004 pwd->pw_change = pw_change;
1005 pwd->pw_expire = pw_expire;
1006 return (NS_SUCCESS);
1011 pwdb_match_entry_v4(char *entry, size_t entrysize, enum nss_lookup_type how,
1012 const char *name, uid_t uid)
1014 const char *p, *eom;
1017 eom = &entry[entrysize];
1018 for (p = entry; p < eom; p++)
1022 return (NS_NOTFOUND);
1023 if (how == nss_lt_all)
1024 return (NS_SUCCESS);
1025 if (how == nss_lt_name)
1026 return (strcmp(name, entry) == 0 ? NS_SUCCESS : NS_NOTFOUND);
1027 for (p++; p < eom; p++)
1030 if (*p != '\0' || (++p) + sizeof(uid) >= eom)
1031 return (NS_NOTFOUND);
1032 memcpy(&uid2, p, sizeof(uid2));
1034 return (uid == (uid_t)uid2 ? NS_SUCCESS : NS_NOTFOUND);
1039 pwdb_parse_entry_v4(char *buffer, size_t bufsize, struct passwd *pwd,
1045 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
1047 eom = &buffer[bufsize];
1048 #define STRING(field) do { \
1050 while (p < eom && *p != '\0') \
1053 return (NS_NOTFOUND); \
1056 #define SCALAR(field) do { \
1057 if (p + sizeof(n) > eom) \
1058 return (NS_NOTFOUND); \
1059 memcpy(&n, p, sizeof(n)); \
1060 (field) = ntohl(n); \
1063 STRING(pwd->pw_name);
1064 STRING(pwd->pw_passwd);
1065 SCALAR(pwd->pw_uid);
1066 SCALAR(pwd->pw_gid);
1067 SCALAR(pwd->pw_change);
1068 STRING(pwd->pw_class);
1069 STRING(pwd->pw_gecos);
1070 STRING(pwd->pw_dir);
1071 STRING(pwd->pw_shell);
1072 SCALAR(pwd->pw_expire);
1073 SCALAR(pwd->pw_fields);
1076 return (NS_SUCCESS);
1085 dns_endstate(void *p)
1092 dns_setpwent(void *retval, void *mdata, va_list ap)
1094 struct dns_state *st;
1097 rv = dns_getstate(&st);
1099 return (NS_UNAVAIL);
1101 return (NS_UNAVAIL);
1106 dns_passwd(void *retval, void *mdata, va_list ap)
1108 char buf[HESIOD_NAME_MAX];
1109 struct dns_state *st;
1111 const char *name, *label;
1113 char *buffer, **hes;
1114 size_t bufsize, linesize;
1116 enum nss_lookup_type how;
1123 how = (enum nss_lookup_type)mdata;
1126 name = va_arg(ap, const char *);
1129 uid = va_arg(ap, uid_t);
1134 pwd = va_arg(ap, struct passwd *);
1135 buffer = va_arg(ap, char *);
1136 bufsize = va_arg(ap, size_t);
1137 errnop = va_arg(ap, int *);
1138 *errnop = dns_getstate(&st);
1140 return (NS_UNAVAIL);
1141 if (hesiod_init(&ctx) != 0) {
1153 if (snprintf(buf, sizeof(buf), "%lu",
1154 (unsigned long)uid) >= sizeof(buf))
1159 if (st->counter < 0)
1161 if (snprintf(buf, sizeof(buf), "passwd-%ld",
1162 st->counter++) >= sizeof(buf))
1167 hes = hesiod_resolve(ctx, label,
1168 how == nss_lt_id ? "uid" : "passwd");
1170 if (how == nss_lt_all)
1172 if (errno != ENOENT)
1176 rv = __pw_match_entry(hes[0], strlen(hes[0]), how, name, uid);
1177 if (rv != NS_SUCCESS) {
1178 hesiod_free_list(ctx, hes);
1182 linesize = strlcpy(buffer, hes[0], bufsize);
1183 if (linesize >= bufsize) {
1188 hesiod_free_list(ctx, hes);
1190 rv = __pw_parse_entry(buffer, bufsize, pwd, 0, errnop);
1191 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1194 hesiod_free_list(ctx, hes);
1197 if (rv == NS_SUCCESS) {
1198 pwd->pw_fields &= ~_PWF_SOURCE;
1199 pwd->pw_fields |= _PWF_HESIOD;
1201 *(struct passwd **)retval = pwd;
1213 nis_endstate(void *p)
1215 free(((struct nis_state *)p)->key);
1220 * Test for the presence of special FreeBSD-specific master.passwd.by*
1221 * maps. We do this using yp_order(). If it fails, then either the server
1222 * doesn't have the map, or the YPPROC_ORDER procedure isn't supported by
1223 * the server (Sun NIS+ servers in YP compat mode behave this way). If
1224 * the master.passwd.by* maps don't exist, then let the lookup routine try
1225 * the regular passwd.by* maps instead. If the lookup routine fails, it
1226 * can return an error as needed.
1229 nis_map(char *domain, enum nss_lookup_type how, char *buffer, size_t bufsize,
1235 if (geteuid() == 0) {
1236 if (snprintf(buffer, bufsize, "master.passwd.by%s",
1237 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1238 return (NS_UNAVAIL);
1239 rv = yp_order(domain, buffer, &order);
1242 return (NS_SUCCESS);
1246 if (snprintf(buffer, bufsize, "passwd.by%s",
1247 (how == nss_lt_id) ? "uid" : "name") >= bufsize)
1248 return (NS_UNAVAIL);
1250 return (NS_SUCCESS);
1255 nis_adjunct(char *domain, const char *name, char *buffer, size_t bufsize)
1258 char *result, *p, *q, *eor;
1262 rv = yp_match(domain, "passwd.adjunct.byname", name, strlen(name),
1263 &result, &resultlen);
1267 eor = &result[resultlen];
1268 p = memchr(result, ':', eor - result);
1269 if (p != NULL && ++p < eor &&
1270 (q = memchr(p, ':', eor - p)) != NULL) {
1271 if (q - p >= bufsize)
1274 memcpy(buffer, p, q - p);
1275 buffer[q - p] ='\0';
1286 nis_setpwent(void *retval, void *mdata, va_list ap)
1288 struct nis_state *st;
1291 rv = nis_getstate(&st);
1293 return (NS_UNAVAIL);
1297 return (NS_UNAVAIL);
1302 nis_passwd(void *retval, void *mdata, va_list ap)
1305 struct nis_state *st;
1308 char *buffer, *key, *result;
1311 enum nss_lookup_type how;
1312 int *errnop, keylen, resultlen, rv, master;
1316 how = (enum nss_lookup_type)mdata;
1319 name = va_arg(ap, const char *);
1322 uid = va_arg(ap, uid_t);
1327 pwd = va_arg(ap, struct passwd *);
1328 buffer = va_arg(ap, char *);
1329 bufsize = va_arg(ap, size_t);
1330 errnop = va_arg(ap, int *);
1331 *errnop = nis_getstate(&st);
1333 return (NS_UNAVAIL);
1334 if (st->domain[0] == '\0') {
1335 if (getdomainname(st->domain, sizeof(st->domain)) != 0) {
1337 return (NS_UNAVAIL);
1340 rv = nis_map(st->domain, how, map, sizeof(map), &master);
1341 if (rv != NS_SUCCESS)
1348 if (strlcpy(buffer, name, bufsize) >= bufsize)
1352 if (snprintf(buffer, bufsize, "%lu",
1353 (unsigned long)uid) >= bufsize)
1362 if (how == nss_lt_all) {
1363 if (st->key == NULL)
1364 rv = yp_first(st->domain, map, &st->key,
1365 &st->keylen, &result, &resultlen);
1368 keylen = st->keylen;
1370 rv = yp_next(st->domain, map, key, keylen,
1371 &st->key, &st->keylen, &result,
1379 if (rv == YPERR_NOMORE)
1386 rv = yp_match(st->domain, map, buffer, strlen(buffer),
1387 &result, &resultlen);
1388 if (rv == YPERR_KEY) {
1391 } else if (rv != 0) {
1397 if (resultlen >= bufsize) {
1401 memcpy(buffer, result, resultlen);
1402 buffer[resultlen] = '\0';
1404 rv = __pw_match_entry(buffer, resultlen, how, name, uid);
1405 if (rv == NS_SUCCESS)
1406 rv = __pw_parse_entry(buffer, resultlen, pwd, master,
1408 } while (how == nss_lt_all && !(rv & NS_TERMINATE));
1410 if (rv == NS_SUCCESS) {
1411 if (strstr(pwd->pw_passwd, "##") != NULL) {
1412 rv = nis_adjunct(st->domain, pwd->pw_name,
1413 &buffer[resultlen+1], bufsize-resultlen-1);
1417 pwd->pw_passwd = &buffer[resultlen+1];
1419 pwd->pw_fields &= ~_PWF_SOURCE;
1420 pwd->pw_fields |= _PWF_NIS;
1422 *(struct passwd **)retval = pwd;
1437 compat_clear_template(struct passwd *template)
1440 free(template->pw_passwd);
1441 free(template->pw_gecos);
1442 free(template->pw_dir);
1443 free(template->pw_shell);
1444 memset(template, 0, sizeof(*template));
1449 compat_set_template(struct passwd *src, struct passwd *template)
1452 compat_clear_template(template);
1453 #ifdef PW_OVERRIDE_PASSWD
1454 if ((src->pw_fields & _PWF_PASSWD) &&
1455 (template->pw_passwd = strdup(src->pw_passwd)) == NULL)
1458 if (src->pw_fields & _PWF_UID)
1459 template->pw_uid = src->pw_uid;
1460 if (src->pw_fields & _PWF_GID)
1461 template->pw_gid = src->pw_gid;
1462 if ((src->pw_fields & _PWF_GECOS) &&
1463 (template->pw_gecos = strdup(src->pw_gecos)) == NULL)
1465 if ((src->pw_fields & _PWF_DIR) &&
1466 (template->pw_dir = strdup(src->pw_dir)) == NULL)
1468 if ((src->pw_fields & _PWF_SHELL) &&
1469 (template->pw_shell = strdup(src->pw_shell)) == NULL)
1471 template->pw_fields = src->pw_fields;
1474 syslog(LOG_ERR, "getpwent memory allocation failure");
1480 compat_use_template(struct passwd *pwd, struct passwd *template, char *buffer,
1484 char *copy, *p, *q, *eob;
1487 /* We cannot know the layout of the password fields in `buffer',
1488 * so we have to copy everything.
1490 if (template->pw_fields == 0) /* nothing to fill-in */
1493 n += pwd->pw_name != NULL ? strlen(pwd->pw_name) + 1 : 0;
1494 n += pwd->pw_passwd != NULL ? strlen(pwd->pw_passwd) + 1 : 0;
1495 n += pwd->pw_class != NULL ? strlen(pwd->pw_class) + 1 : 0;
1496 n += pwd->pw_gecos != NULL ? strlen(pwd->pw_gecos) + 1 : 0;
1497 n += pwd->pw_dir != NULL ? strlen(pwd->pw_dir) + 1 : 0;
1498 n += pwd->pw_shell != NULL ? strlen(pwd->pw_shell) + 1 : 0;
1501 syslog(LOG_ERR, "getpwent memory allocation failure");
1506 #define COPY(field) do { \
1507 if (pwd->field == NULL) \
1508 hold.field = NULL; \
1511 p += strlcpy(p, pwd->field, eob-p) + 1; \
1522 eob = &buffer[bufsize];
1523 #define COPY(field, flag) do { \
1524 q = (template->pw_fields & flag) ? template->field : hold.field; \
1526 pwd->field = NULL; \
1529 if ((n = strlcpy(p, q, eob-p)) >= eob-p) { \
1537 #ifdef PW_OVERRIDE_PASSWD
1538 COPY(pw_passwd, _PWF_PASSWD);
1543 COPY(pw_gecos, _PWF_GECOS);
1544 COPY(pw_dir, _PWF_DIR);
1545 COPY(pw_shell, _PWF_SHELL);
1547 #define COPY(field, flag) do { \
1548 if (template->pw_fields & flag) \
1549 pwd->field = template->field; \
1551 COPY(pw_uid, _PWF_UID);
1552 COPY(pw_gid, _PWF_GID);
1560 compat_exclude(const char *name, DB **db)
1565 (*db = dbopen(NULL, O_RDWR, 600, DB_HASH, 0)) == NULL)
1567 key.size = strlen(name);
1568 key.data = (char *)name;
1572 if ((*db)->put(*db, &key, &data, 0) == -1)
1579 compat_is_excluded(const char *name, DB *db)
1585 key.size = strlen(name);
1586 key.data = (char *)name;
1587 return (db->get(db, &key, &data, 0) == 0);
1592 compat_redispatch(struct compat_state *st, enum nss_lookup_type how,
1593 enum nss_lookup_type lookup_how, const char *name, const char *lookup_name,
1594 uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, int *errnop)
1596 static const ns_src compatsrc[] = {
1598 { NSSRC_NIS, NS_SUCCESS },
1604 { NSSRC_NIS, nis_passwd, NULL },
1607 { NSSRC_DNS, dns_passwd, NULL },
1609 { NULL, NULL, NULL }
1614 for (i = 0; i < (int)(nitems(dtab) - 1); i++)
1615 dtab[i].mdata = (void *)lookup_how;
1618 switch (lookup_how) {
1620 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1621 "getpwent_r", compatsrc, pwd, buffer, bufsize,
1625 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1626 "getpwuid_r", compatsrc, uid, pwd, buffer,
1630 rv = _nsdispatch(&discard, dtab, NSDB_PASSWD_COMPAT,
1631 "getpwnam_r", compatsrc, lookup_name, pwd, buffer,
1635 return (NS_UNAVAIL);
1637 if (rv != NS_SUCCESS)
1639 if (compat_is_excluded(pwd->pw_name, st->exclude)) {
1640 if (how == nss_lt_all)
1642 return (NS_NOTFOUND);
1644 e = compat_use_template(pwd, &st->template, buffer, bufsize);
1650 return (NS_UNAVAIL);
1654 if (strcmp(name, pwd->pw_name) != 0)
1655 return (NS_NOTFOUND);
1658 if (uid != pwd->pw_uid)
1659 return (NS_NOTFOUND);
1664 return (NS_SUCCESS);
1669 compat_endstate(void *p)
1671 struct compat_state *st;
1675 st = (struct compat_state *)p;
1677 st->db->close(st->db);
1678 if (st->exclude != NULL)
1679 st->exclude->close(st->exclude);
1680 compat_clear_template(&st->template);
1686 compat_setpwent(void *retval, void *mdata, va_list ap)
1688 static const ns_src compatsrc[] = {
1690 { NSSRC_NIS, NS_SUCCESS },
1696 { NSSRC_NIS, nis_setpwent, NULL },
1699 { NSSRC_DNS, dns_setpwent, NULL },
1701 { NULL, NULL, NULL }
1703 struct compat_state *st;
1706 #define set_setent(x, y) do { \
1708 for (i = 0; i < (int)(nitems(x) - 1); i++) \
1709 x[i].mdata = (void *)y; \
1712 rv = compat_getstate(&st);
1714 return (NS_UNAVAIL);
1715 switch ((enum constants)mdata) {
1717 stayopen = va_arg(ap, int);
1720 st->db = pwdbopen(&st->version);
1721 st->stayopen = stayopen;
1722 set_setent(dtab, mdata);
1723 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "setpwent",
1727 if (st->db != NULL) {
1728 (void)st->db->close(st->db);
1731 set_setent(dtab, mdata);
1732 (void)_nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "endpwent",
1738 return (NS_UNAVAIL);
1744 compat_passwd(void *retval, void *mdata, va_list ap)
1746 char keybuf[MAXLOGNAME + 1];
1748 struct compat_state *st;
1749 enum nss_lookup_type how;
1752 char *buffer, *pw_name;
1753 char *host, *user, *domain;
1757 int rv, from_compat, stayopen, *errnop;
1762 how = (enum nss_lookup_type)mdata;
1765 name = va_arg(ap, const char *);
1768 uid = va_arg(ap, uid_t);
1776 pwd = va_arg(ap, struct passwd *);
1777 buffer = va_arg(ap, char *);
1778 bufsize = va_arg(ap, size_t);
1779 errnop = va_arg(ap, int *);
1780 *errnop = compat_getstate(&st);
1782 return (NS_UNAVAIL);
1783 if (how == nss_lt_all && st->keynum < 0) {
1787 if (st->db == NULL &&
1788 (st->db = pwdbopen(&st->version)) == NULL) {
1793 if (how == nss_lt_all) {
1794 if (st->keynum < 0) {
1801 stayopen = st->stayopen;
1805 switch (st->compat) {
1806 case COMPAT_MODE_ALL:
1807 rv = compat_redispatch(st, how, how, name, name, uid, pwd,
1808 buffer, bufsize, errnop);
1809 if (rv != NS_SUCCESS)
1810 st->compat = COMPAT_MODE_OFF;
1812 case COMPAT_MODE_NETGROUP:
1813 /* XXX getnetgrent is not thread-safe. */
1815 rv = getnetgrent(&host, &user, &domain);
1818 st->compat = COMPAT_MODE_OFF;
1821 } else if (user == NULL || user[0] == '\0')
1823 rv = compat_redispatch(st, how, nss_lt_name, name,
1824 user, uid, pwd, buffer, bufsize, errnop);
1825 } while (st->compat == COMPAT_MODE_NETGROUP &&
1826 !(rv & NS_TERMINATE));
1828 case COMPAT_MODE_NAME:
1829 rv = compat_redispatch(st, how, nss_lt_name, name, st->name,
1830 uid, pwd, buffer, bufsize, errnop);
1833 st->compat = COMPAT_MODE_OFF;
1838 if (rv & NS_TERMINATE) {
1844 while (st->keynum >= 0) {
1846 if (st->version < _PWD_CURRENT_VERSION) {
1847 memcpy(&keybuf[1], &st->keynum, sizeof(st->keynum));
1848 key.size = sizeof(st->keynum) + 1;
1850 store = htonl(st->keynum);
1851 memcpy(&keybuf[1], &store, sizeof(store));
1852 key.size = sizeof(store) + 1;
1854 keybuf[0] = _PW_VERSIONED(_PW_KEYBYNUM, st->version);
1855 rv = st->db->get(st->db, &key, &entry, 0);
1856 if (rv < 0 || rv > 1) { /* should never return > 1 */
1860 } else if (rv == 1) {
1865 pw_name = (char *)entry.data;
1866 switch (pw_name[0]) {
1868 switch (pw_name[1]) {
1870 st->compat = COMPAT_MODE_ALL;
1873 setnetgrent(&pw_name[2]);
1874 st->compat = COMPAT_MODE_NETGROUP;
1877 st->name = strdup(&pw_name[1]);
1878 if (st->name == NULL) {
1880 "getpwent memory allocation failure");
1885 st->compat = COMPAT_MODE_NAME;
1887 if (entry.size > bufsize) {
1892 memcpy(buffer, entry.data, entry.size);
1893 rv = pwdb_versions[st->version].parse(buffer,
1894 entry.size, pwd, errnop);
1895 if (rv != NS_SUCCESS)
1897 else if (compat_set_template(pwd, &st->template) < 0) {
1904 switch (pw_name[1]) {
1906 /* XXX Maybe syslog warning */
1909 setnetgrent(&pw_name[2]);
1910 while (getnetgrent(&host, &user, &domain) !=
1912 if (user != NULL && user[0] != '\0')
1913 compat_exclude(user,
1919 compat_exclude(&pw_name[1], &st->exclude);
1926 if (compat_is_excluded((char *)entry.data, st->exclude))
1928 rv = pwdb_versions[st->version].match(entry.data, entry.size,
1930 if (rv == NS_RETURN)
1932 else if (rv != NS_SUCCESS)
1934 if (entry.size > bufsize) {
1939 memcpy(buffer, entry.data, entry.size);
1940 rv = pwdb_versions[st->version].parse(buffer, entry.size, pwd,
1942 if (rv & NS_TERMINATE)
1946 if (st->db != NULL && !stayopen) {
1947 (void)st->db->close(st->db);
1950 if (rv == NS_SUCCESS) {
1952 pwd->pw_fields &= ~_PWF_SOURCE;
1953 pwd->pw_fields |= _PWF_FILES;
1956 *(struct passwd **)retval = pwd;
1963 * common passwd line matching and parsing
1966 __pw_match_entry(const char *entry, size_t entrysize, enum nss_lookup_type how,
1967 const char *name, uid_t uid)
1969 const char *p, *eom;
1974 eom = entry + entrysize;
1975 for (p = entry; p < eom; p++)
1979 return (NS_NOTFOUND);
1980 if (how == nss_lt_all)
1981 return (NS_SUCCESS);
1982 if (how == nss_lt_name) {
1984 if (len == (p - entry) && memcmp(name, entry, len) == 0)
1985 return (NS_SUCCESS);
1987 return (NS_NOTFOUND);
1989 for (p++; p < eom; p++)
1993 return (NS_NOTFOUND);
1994 m = strtoul(++p, &q, 10);
1995 if (q[0] != ':' || (uid_t)m != uid)
1996 return (NS_NOTFOUND);
1998 return (NS_SUCCESS);
2002 /* XXX buffer must be NUL-terminated. errnop is not set correctly. */
2004 __pw_parse_entry(char *buffer, size_t bufsize __unused, struct passwd *pwd,
2005 int master, int *errnop __unused)
2008 if (__pw_scan(buffer, pwd, master ? _PWSCAN_MASTER : 0) == 0)
2009 return (NS_NOTFOUND);
2011 return (NS_SUCCESS);