getpwent.c revision 1.68 1 /* $NetBSD: getpwent.c,v 1.68 2005/04/19 02:49:00 lukem Exp $ */
2
3 /*-
4 * Copyright (c) 1997-2000, 2004-2005 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Luke Mewburn.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the NetBSD
21 * Foundation, Inc. and its contributors.
22 * 4. Neither the name of The NetBSD Foundation nor the names of its
23 * contributors may be used to endorse or promote products derived
24 * from this software without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
37 */
38
39 /*
40 * Copyright (c) 1988, 1993
41 * The Regents of the University of California. All rights reserved.
42 *
43 * Redistribution and use in source and binary forms, with or without
44 * modification, are permitted provided that the following conditions
45 * are met:
46 * 1. Redistributions of source code must retain the above copyright
47 * notice, this list of conditions and the following disclaimer.
48 * 2. Redistributions in binary form must reproduce the above copyright
49 * notice, this list of conditions and the following disclaimer in the
50 * documentation and/or other materials provided with the distribution.
51 * 3. Neither the name of the University nor the names of its contributors
52 * may be used to endorse or promote products derived from this software
53 * without specific prior written permission.
54 *
55 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
56 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
59 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65 * SUCH DAMAGE.
66 */
67
68 /*
69 * Portions Copyright (c) 1994, 1995, Jason Downs. All rights reserved.
70 *
71 * Redistribution and use in source and binary forms, with or without
72 * modification, are permitted provided that the following conditions
73 * are met:
74 * 1. Redistributions of source code must retain the above copyright
75 * notice, this list of conditions and the following disclaimer.
76 * 2. Redistributions in binary form must reproduce the above copyright
77 * notice, this list of conditions and the following disclaimer in the
78 * documentation and/or other materials provided with the distribution.
79 *
80 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
81 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
82 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
83 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
84 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
85 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
86 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
87 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
88 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
89 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
90 * SUCH DAMAGE.
91 */
92
93 #include <sys/cdefs.h>
94 #if defined(LIBC_SCCS) && !defined(lint)
95 #if 0
96 static char sccsid[] = "@(#)getpwent.c 8.2 (Berkeley) 4/27/95";
97 #else
98 __RCSID("$NetBSD: getpwent.c,v 1.68 2005/04/19 02:49:00 lukem Exp $");
99 #endif
100 #endif /* LIBC_SCCS and not lint */
101
102 #include "namespace.h"
103 #include "reentrant.h"
104
105 #include <sys/param.h>
106
107 #include <assert.h>
108 #include <db.h>
109 #include <errno.h>
110 #include <fcntl.h>
111 #include <limits.h>
112 #include <netgroup.h>
113 #include <nsswitch.h>
114 #include <pwd.h>
115 #include <stdarg.h>
116 #include <stdio.h>
117 #include <stdlib.h>
118 #include <string.h>
119 #include <syslog.h>
120 #include <unistd.h>
121
122 #ifdef HESIOD
123 #include <hesiod.h>
124 #endif
125
126 #ifdef YP
127 #include <machine/param.h>
128 #include <rpc/rpc.h>
129 #include <rpcsvc/yp_prot.h>
130 #include <rpcsvc/ypclnt.h>
131 #endif
132
133 #include "pw_private.h"
134
135 #define _PASSWD_COMPAT /* "passwd" defaults to compat, so always provide it */
136
137 #ifdef __weak_alias
138 __weak_alias(endpwent,_endpwent)
139 __weak_alias(getpwent,_getpwent)
140 __weak_alias(getpwent_r,_getpwent_r)
141 __weak_alias(getpwnam,_getpwnam)
142 __weak_alias(getpwnam_r,_getpwnam_r)
143 __weak_alias(getpwuid,_getpwuid)
144 __weak_alias(getpwuid_r,_getpwuid_r)
145 __weak_alias(setpassent,_setpassent)
146 __weak_alias(setpwent,_setpwent)
147 #endif
148
149 #ifdef _REENTRANT
150 static mutex_t _pwmutex = MUTEX_INITIALIZER;
151 #endif
152
153 const char __yp_token[] = "__YP!"; /* Let pwd_mkdb pull this in. */
154
155
156 /*
157 * The pwd.db lookup techniques and data extraction code here must be kept
158 * in sync with that in `pwd_mkdb'.
159 */
160
161 #if defined(YP) || defined(HESIOD)
162 /*
163 * _pw_parse
164 * Parses entry using pw_scan(3) (without the trailing \n)
165 * after copying to buf, and fills in pw with corresponding values.
166 * If old is non-zero, entry is in _PASSWORD_OLDFMT.
167 * Returns 1 if parsed successfully, 0 on parse failure.
168 */
169 static int
170 _pw_parse(const char *entry, struct passwd *pw, char *buf, size_t buflen,
171 int old)
172 {
173 int flags;
174
175 _DIAGASSERT(entry != NULL);
176 _DIAGASSERT(pw != NULL);
177 _DIAGASSERT(buf != NULL);
178
179 if (strlcpy(buf, entry, buflen) >= buflen)
180 return 0;
181 flags = _PASSWORD_NOWARN;
182 if (old)
183 flags |= _PASSWORD_OLDFMT;
184 return __pw_scan(buf, pw, &flags);
185 }
186 #endif /* YP || HESIOD */
187
188 /*
189 * _pw_opendb
190 * if *db is NULL, dbopen(3) /etc/spwd.db or /etc/pwd.db (depending
191 * upon permissions, etc)
192 */
193 static int
194 _pw_opendb(DB **db)
195 {
196 static int warned;
197
198 const char *dbfile;
199
200 _DIAGASSERT(db != NULL);
201 if (*db != NULL) /* open *db */
202 return NS_SUCCESS;
203
204 if (geteuid() == 0) {
205 dbfile = _PATH_SMP_DB;
206 *db = dbopen(dbfile, O_RDONLY, 0, DB_HASH, NULL);
207 }
208 if (*db == NULL) {
209 dbfile = _PATH_MP_DB;
210 *db = dbopen(dbfile, O_RDONLY, 0, DB_HASH, NULL);
211 }
212 if (*db == NULL) {
213 if (!warned) {
214 int serrno = errno;
215 syslog(LOG_ERR, "%s: %m", dbfile);
216 errno = serrno;
217 }
218 warned = 1;
219 return NS_UNAVAIL;
220 }
221 return NS_SUCCESS;
222 }
223
224 /*
225 * _pw_getkey
226 * Lookup key in *db, filling in pw
227 * with the result, allocating memory from buffer (size buflen).
228 * (The caller may point key.data to buffer on entry; the contents
229 * of key.data will be invalid on exit.)
230 */
231 static int
232 _pw_getkey(DB *db, DBT *key,
233 struct passwd *pw, char *buffer, size_t buflen, int *pwflags)
234 {
235 char *p, *t;
236 DBT data;
237
238 _DIAGASSERT(db != NULL);
239 _DIAGASSERT(key != NULL);
240 _DIAGASSERT(pw != NULL);
241 _DIAGASSERT(buffer != NULL);
242 /* pwflags may be NULL (if we don't care about them */
243
244 if (db == NULL) /* this shouldn't happen */
245 return NS_UNAVAIL;
246
247 switch ((db->get)(db, key, &data, 0)) {
248 case 0:
249 break; /* found */
250 case 1:
251 return NS_NOTFOUND; /* not found */
252 case -1:
253 return NS_UNAVAIL; /* error in db routines */
254 default:
255 abort();
256 }
257
258 p = (char *)data.data;
259 if (data.size > buflen) {
260 errno = ERANGE;
261 return NS_UNAVAIL;
262 }
263
264 /*
265 * THE DECODING BELOW MUST MATCH THAT IN pwd_mkdb.
266 */
267 t = buffer;
268 #define EXPAND(e) e = t; while ((*t++ = *p++));
269 #define SCALAR(v) memmove(&(v), p, sizeof v); p += sizeof v
270 EXPAND(pw->pw_name);
271 EXPAND(pw->pw_passwd);
272 SCALAR(pw->pw_uid);
273 SCALAR(pw->pw_gid);
274 SCALAR(pw->pw_change);
275 EXPAND(pw->pw_class);
276 EXPAND(pw->pw_gecos);
277 EXPAND(pw->pw_dir);
278 EXPAND(pw->pw_shell);
279 SCALAR(pw->pw_expire);
280 if (pwflags) {
281 /* See if there's any data left. If so, read in flags. */
282 if (data.size > (size_t) (p - (char *)data.data)) {
283 SCALAR(*pwflags);
284 } else { /* default */
285 *pwflags = _PASSWORD_NOUID|_PASSWORD_NOGID;
286 }
287 }
288
289 return NS_SUCCESS;
290 }
291
292 /*
293 * _pw_memfrombuf
294 * Obtain want bytes from buffer (of size buflen) and return a pointer
295 * to the available memory after adjusting buffer/buflen.
296 * Returns NULL if there is insufficient space.
297 */
298 static char *
299 _pw_memfrombuf(size_t want, char **buffer, size_t *buflen)
300 {
301 char *rv;
302
303 if (want > *buflen) {
304 errno = ERANGE;
305 return NULL;
306 }
307 rv = *buffer;
308 *buffer += want;
309 *buflen -= want;
310 return rv;
311 }
312
313 /*
314 * _pw_copy
315 * Copy the contents of frompw to pw; memory for strings
316 * and arrays will be allocated from buf (of size buflen).
317 * If proto != NULL, use various fields in proto in preference to frompw.
318 * Returns 1 if copied successfully, 0 on copy failure.
319 * NOTE: frompw must not use buf for its own pointers.
320 */
321 static int
322 _pw_copy(const struct passwd *frompw, struct passwd *pw,
323 char *buf, size_t buflen, const struct passwd *protopw, int protoflags)
324 {
325 size_t count;
326 int useproto;
327
328 _DIAGASSERT(frompw != NULL);
329 _DIAGASSERT(pw != NULL);
330 _DIAGASSERT(buf != NULL);
331 /* protopw may be NULL */
332
333 useproto = protopw && protopw->pw_name;
334
335 #define COPYSTR(to, from) \
336 do { \
337 count = strlen((from)); \
338 (to) = _pw_memfrombuf(count+1, &buf, &buflen); \
339 if ((to) == NULL) \
340 return 0; \
341 memmove((to), (from), count); \
342 to[count] = '\0'; \
343 } while (0) /* LINTED */
344
345 #define COPYFIELD(field) COPYSTR(pw->field, frompw->field)
346
347 #define COPYPROTOFIELD(field) COPYSTR(pw->field, \
348 (useproto && *protopw->field ? protopw->field : frompw->field))
349
350 COPYFIELD(pw_name);
351
352 #ifdef PW_OVERRIDE_PASSWD
353 COPYPROTOFIELD(pw_passwd);
354 #else
355 COPYFIELD(pw_passwd);
356 #endif
357
358 if (useproto && !(protoflags & _PASSWORD_NOUID))
359 pw->pw_uid = protopw->pw_uid;
360 else
361 pw->pw_uid = frompw->pw_uid;
362
363 if (useproto && !(protoflags & _PASSWORD_NOGID))
364 pw->pw_gid = protopw->pw_gid;
365 else
366 pw->pw_gid = frompw->pw_gid;
367
368 pw->pw_change = frompw->pw_change;
369 COPYFIELD(pw_class);
370 COPYPROTOFIELD(pw_gecos);
371 COPYPROTOFIELD(pw_dir);
372 COPYPROTOFIELD(pw_shell);
373
374 #undef COPYSTR
375 #undef COPYFIELD
376 #undef COPYPROTOFIELD
377
378 return 1;
379 }
380
381
382 /*
383 * files methods
384 */
385
386 /* state shared between files methods */
387 struct files_state {
388 int stayopen; /* see getpassent(3) */
389 DB *db; /* passwd file handle */
390 int keynum; /* key counter, -1 if no more */
391 };
392
393 static struct files_state _files_state;
394 /* storage for non _r functions */
395 static struct passwd _files_passwd;
396 static char _files_passwdbuf[_GETPW_R_SIZE_MAX];
397
398 static int
399 _files_start(struct files_state *state)
400 {
401 int rv;
402
403 _DIAGASSERT(state != NULL);
404
405 state->keynum = 0;
406 rv = _pw_opendb(&state->db);
407 if (rv != NS_SUCCESS)
408 return rv;
409 return NS_SUCCESS;
410 }
411
412 static int
413 _files_end(struct files_state *state)
414 {
415
416 _DIAGASSERT(state != NULL);
417
418 state->keynum = 0;
419 if (state->db) {
420 (void)(state->db->close)(state->db);
421 state->db = NULL;
422 }
423 return NS_SUCCESS;
424 }
425
426 /*
427 * _files_pwscan
428 * Search state->db for the next desired entry.
429 * If search is _PW_KEYBYNUM, look for state->keynum.
430 * If search is _PW_KEYBYNAME, look for name.
431 * If search is _PW_KEYBYUID, look for uid.
432 * Sets *retval to the errno if the result is not NS_SUCCESS
433 * or NS_NOTFOUND.
434 */
435 static int
436 _files_pwscan(int *retval, struct passwd *pw, char *buffer, size_t buflen,
437 struct files_state *state, int search, const char *name, uid_t uid)
438 {
439 const void *from;
440 size_t fromlen;
441 DBT key;
442 int rv;
443
444 _DIAGASSERT(retval != NULL);
445 _DIAGASSERT(pw != NULL);
446 _DIAGASSERT(buffer != NULL);
447 _DIAGASSERT(state != NULL);
448 /* name is NULL to indicate searching for uid */
449
450 *retval = 0;
451
452 if (state->db == NULL) { /* only start if file not open yet */
453 rv = _files_start(state);
454 if (rv != NS_SUCCESS)
455 goto filespwscan_out;
456 }
457
458 for (;;) { /* search for a match */
459 switch (search) {
460 case _PW_KEYBYNUM:
461 if (state->keynum == -1)
462 return NS_NOTFOUND; /* no more records */
463 state->keynum++;
464 from = &state->keynum;
465 fromlen = sizeof(state->keynum);
466 break;
467 case _PW_KEYBYNAME:
468 from = name;
469 fromlen = strlen(name);
470 break;
471 case _PW_KEYBYUID:
472 from = &uid;
473 fromlen = sizeof(uid);
474 break;
475 default:
476 abort();
477 }
478
479 if (buflen <= fromlen) { /* buffer too small */
480 *retval = ERANGE;
481 return NS_UNAVAIL;
482 }
483 buffer[0] = search; /* setup key */
484 memmove(buffer + 1, from, fromlen);
485 key.size = fromlen + 1;
486 key.data = (u_char *)buffer;
487
488 /* search for key */
489 rv = _pw_getkey(state->db, &key, pw, buffer, buflen, NULL);
490 if (rv != NS_SUCCESS) /* no match */
491 break;
492 if (pw->pw_name[0] == '+' || pw->pw_name[0] == '-') {
493 /* if a compat line */
494 if (search == _PW_KEYBYNUM)
495 continue; /* read next if pwent */
496 rv = NS_NOTFOUND; /* don't match if pw{nam,uid} */
497 break;
498 }
499 break;
500 }
501
502 if (rv == NS_NOTFOUND && search == _PW_KEYBYNUM)
503 state->keynum = -1; /* flag `no more records' */
504
505 if (rv == NS_SUCCESS) {
506 if ((search == _PW_KEYBYUID && pw->pw_uid != uid) ||
507 (search == _PW_KEYBYNAME && strcmp(pw->pw_name, name) != 0))
508 rv = NS_NOTFOUND;
509 }
510
511 filespwscan_out:
512 if (rv != NS_SUCCESS && rv != NS_NOTFOUND)
513 *retval = errno;
514 return rv;
515 }
516
517 /*ARGSUSED*/
518 static int
519 _files_setpwent(void *nsrv, void *nscb, va_list ap)
520 {
521
522 _files_state.stayopen = 0;
523 return _files_start(&_files_state);
524 }
525
526 /*ARGSUSED*/
527 static int
528 _files_setpassent(void *nsrv, void *nscb, va_list ap)
529 {
530 int *retval = va_arg(ap, int *);
531 int stayopen = va_arg(ap, int);
532
533 int rv;
534
535 _files_state.stayopen = stayopen;
536 rv = _files_start(&_files_state);
537 *retval = (rv == NS_SUCCESS);
538 return rv;
539 }
540
541 /*ARGSUSED*/
542 static int
543 _files_endpwent(void *nsrv, void *nscb, va_list ap)
544 {
545
546 _files_state.stayopen = 0;
547 return _files_end(&_files_state);
548 }
549
550 /*ARGSUSED*/
551 static int
552 _files_getpwent(void *nsrv, void *nscb, va_list ap)
553 {
554 struct passwd **retval = va_arg(ap, struct passwd **);
555
556 int rv, rerror;
557
558 _DIAGASSERT(retval != NULL);
559
560 *retval = NULL;
561 rv = _files_pwscan(&rerror, &_files_passwd,
562 _files_passwdbuf, sizeof(_files_passwdbuf),
563 &_files_state, _PW_KEYBYNUM, NULL, 0);
564 if (rv == NS_SUCCESS)
565 *retval = &_files_passwd;
566 return rv;
567 }
568
569 /*ARGSUSED*/
570 static int
571 _files_getpwent_r(void *nsrv, void *nscb, va_list ap)
572 {
573 int *retval = va_arg(ap, int *);
574 struct passwd *pw = va_arg(ap, struct passwd *);
575 char *buffer = va_arg(ap, char *);
576 size_t buflen = va_arg(ap, size_t);
577 struct passwd **result = va_arg(ap, struct passwd **);
578
579 int rv;
580
581 _DIAGASSERT(retval != NULL);
582 _DIAGASSERT(pw != NULL);
583 _DIAGASSERT(buffer != NULL);
584 _DIAGASSERT(result != NULL);
585
586 rv = _files_pwscan(retval, pw, buffer, buflen, &_files_state,
587 _PW_KEYBYNUM, NULL, 0);
588 if (rv == NS_SUCCESS)
589 *result = pw;
590 else
591 *result = NULL;
592 return rv;
593 }
594
595 /*ARGSUSED*/
596 static int
597 _files_getpwnam(void *nsrv, void *nscb, va_list ap)
598 {
599 struct passwd **retval = va_arg(ap, struct passwd **);
600 const char *name = va_arg(ap, const char *);
601
602 int rv, rerror;
603
604 _DIAGASSERT(retval != NULL);
605
606 *retval = NULL;
607 rv = _files_start(&_files_state);
608 if (rv != NS_SUCCESS)
609 return rv;
610 rv = _files_pwscan(&rerror, &_files_passwd,
611 _files_passwdbuf, sizeof(_files_passwdbuf),
612 &_files_state, _PW_KEYBYNAME, name, 0);
613 if (!_files_state.stayopen)
614 _files_end(&_files_state);
615 if (rv == NS_SUCCESS)
616 *retval = &_files_passwd;
617 return rv;
618 }
619
620 /*ARGSUSED*/
621 static int
622 _files_getpwnam_r(void *nsrv, void *nscb, va_list ap)
623 {
624 int *retval = va_arg(ap, int *);
625 const char *name = va_arg(ap, const char *);
626 struct passwd *pw = va_arg(ap, struct passwd *);
627 char *buffer = va_arg(ap, char *);
628 size_t buflen = va_arg(ap, size_t);
629 struct passwd **result = va_arg(ap, struct passwd **);
630
631 struct files_state state;
632 int rv;
633
634 _DIAGASSERT(retval != NULL);
635 _DIAGASSERT(pw != NULL);
636 _DIAGASSERT(buffer != NULL);
637 _DIAGASSERT(result != NULL);
638
639 *result = NULL;
640 memset(&state, 0, sizeof(state));
641 rv = _files_pwscan(retval, pw, buffer, buflen, &state,
642 _PW_KEYBYNAME, name, 0);
643 _files_end(&state);
644 if (rv == NS_SUCCESS)
645 *result = pw;
646 return rv;
647 }
648
649 /*ARGSUSED*/
650 static int
651 _files_getpwuid(void *nsrv, void *nscb, va_list ap)
652 {
653 struct passwd **retval = va_arg(ap, struct passwd **);
654 uid_t uid = va_arg(ap, uid_t);
655
656 int rv, rerror;
657
658 _DIAGASSERT(retval != NULL);
659
660 *retval = NULL;
661 rv = _files_start(&_files_state);
662 if (rv != NS_SUCCESS)
663 return rv;
664 rv = _files_pwscan(&rerror, &_files_passwd,
665 _files_passwdbuf, sizeof(_files_passwdbuf),
666 &_files_state, _PW_KEYBYUID, NULL, uid);
667 if (!_files_state.stayopen)
668 _files_end(&_files_state);
669 if (rv == NS_SUCCESS)
670 *retval = &_files_passwd;
671 return rv;
672 }
673
674 /*ARGSUSED*/
675 static int
676 _files_getpwuid_r(void *nsrv, void *nscb, va_list ap)
677 {
678 int *retval = va_arg(ap, int *);
679 uid_t uid = va_arg(ap, uid_t);
680 struct passwd *pw = va_arg(ap, struct passwd *);
681 char *buffer = va_arg(ap, char *);
682 size_t buflen = va_arg(ap, size_t);
683 struct passwd **result = va_arg(ap, struct passwd **);
684
685 struct files_state state;
686 int rv;
687
688 _DIAGASSERT(retval != NULL);
689 _DIAGASSERT(pw != NULL);
690 _DIAGASSERT(buffer != NULL);
691 _DIAGASSERT(result != NULL);
692
693 *result = NULL;
694 memset(&state, 0, sizeof(state));
695 rv = _files_pwscan(retval, pw, buffer, buflen, &state,
696 _PW_KEYBYUID, NULL, uid);
697 _files_end(&state);
698 if (rv == NS_SUCCESS)
699 *result = pw;
700 return rv;
701 }
702
703
704 #ifdef HESIOD
705 /*
706 * dns methods
707 */
708
709 /* state shared between dns methods */
710 struct dns_state {
711 int stayopen; /* see getpassent(3) */
712 void *context; /* Hesiod context */
713 int num; /* passwd index, -1 if no more */
714 };
715
716 static struct dns_state _dns_state;
717 /* storage for non _r functions */
718 static struct passwd _dns_passwd;
719 static char _dns_passwdbuf[_GETPW_R_SIZE_MAX];
720
721 static int
722 _dns_start(struct dns_state *state)
723 {
724
725 _DIAGASSERT(state != NULL);
726
727 state->num = 0;
728 if (state->context == NULL) { /* setup Hesiod */
729 if (hesiod_init(&state->context) == -1)
730 return NS_UNAVAIL;
731 }
732
733 return NS_SUCCESS;
734 }
735
736 static int
737 _dns_end(struct dns_state *state)
738 {
739
740 _DIAGASSERT(state != NULL);
741
742 state->num = 0;
743 if (state->context) {
744 hesiod_end(state->context);
745 state->context = NULL;
746 }
747 return NS_SUCCESS;
748 }
749
750 /*
751 * _dns_pwscan
752 * Look for the Hesiod name provided in buffer in the NULL-terminated
753 * list of zones,
754 * and decode into pw/buffer/buflen.
755 */
756 static int
757 _dns_pwscan(int *retval, struct passwd *pw, char *buffer, size_t buflen,
758 struct dns_state *state, const char **zones)
759 {
760 const char **curzone;
761 char **hp, *ep;
762 int rv;
763
764 _DIAGASSERT(retval != NULL);
765 _DIAGASSERT(pw != NULL);
766 _DIAGASSERT(buffer != NULL);
767 _DIAGASSERT(state != NULL);
768 _DIAGASSERT(zones != NULL);
769
770 *retval = 0;
771
772 if (state->context == NULL) { /* only start if Hesiod not setup */
773 rv = _dns_start(state);
774 if (rv != NS_SUCCESS)
775 return rv;
776 }
777
778 hp = NULL;
779 rv = NS_NOTFOUND;
780
781 for (curzone = zones; *curzone; curzone++) { /* search zones */
782 hp = hesiod_resolve(state->context, buffer, *curzone);
783 if (hp != NULL)
784 break;
785 if (errno != ENOENT) {
786 rv = NS_UNAVAIL;
787 goto dnspwscan_out;
788 }
789 }
790 if (*curzone == NULL)
791 goto dnspwscan_out;
792
793 if ((ep = strchr(hp[0], '\n')) != NULL)
794 *ep = '\0'; /* clear trailing \n */
795 if (_pw_parse(hp[0], pw, buffer, buflen, 1)) /* validate line */
796 rv = NS_SUCCESS;
797 else
798 rv = NS_UNAVAIL;
799
800 dnspwscan_out:
801 if (rv != NS_SUCCESS && rv != NS_NOTFOUND)
802 *retval = errno;
803 if (hp)
804 hesiod_free_list(state->context, hp);
805 return rv;
806 }
807
808 /*ARGSUSED*/
809 static int
810 _dns_setpwent(void *nsrv, void *nscb, va_list ap)
811 {
812
813 _dns_state.stayopen = 0;
814 return _dns_start(&_dns_state);
815 }
816
817 /*ARGSUSED*/
818 static int
819 _dns_setpassent(void *nsrv, void *nscb, va_list ap)
820 {
821 int *retval = va_arg(ap, int *);
822 int stayopen = va_arg(ap, int);
823
824 int rv;
825
826 _dns_state.stayopen = stayopen;
827 rv = _dns_start(&_dns_state);
828 *retval = (rv == NS_SUCCESS);
829 return rv;
830 }
831
832 /*ARGSUSED*/
833 static int
834 _dns_endpwent(void *nsrv, void *nscb, va_list ap)
835 {
836
837 _dns_state.stayopen = 0;
838 return _dns_end(&_dns_state);
839 }
840
841 /*ARGSUSED*/
842 static int
843 _dns_getpwent(void *nsrv, void *nscb, va_list ap)
844 {
845 struct passwd **retval = va_arg(ap, struct passwd **);
846
847 char **hp, *ep;
848 int rv;
849
850 _DIAGASSERT(retval != NULL);
851
852 *retval = NULL;
853
854 if (_dns_state.num == -1) /* exhausted search */
855 return NS_NOTFOUND;
856
857 if (_dns_state.context == NULL) {
858 /* only start if Hesiod not setup */
859 rv = _dns_start(&_dns_state);
860 if (rv != NS_SUCCESS)
861 return rv;
862 }
863
864 next_dns_entry:
865 hp = NULL;
866 rv = NS_NOTFOUND;
867
868 /* find passwd-NNN */
869 snprintf(_dns_passwdbuf, sizeof(_dns_passwdbuf),
870 "passwd-%u", _dns_state.num);
871 _dns_state.num++;
872
873 hp = hesiod_resolve(_dns_state.context, _dns_passwdbuf, "passwd");
874 if (hp == NULL) {
875 if (errno == ENOENT)
876 _dns_state.num = -1;
877 else
878 rv = NS_UNAVAIL;
879 } else {
880 if ((ep = strchr(hp[0], '\n')) != NULL)
881 *ep = '\0'; /* clear trailing \n */
882 /* validate line */
883 if (_pw_parse(hp[0], &_dns_passwd,
884 _dns_passwdbuf, sizeof(_dns_passwdbuf), 1))
885 rv = NS_SUCCESS;
886 else { /* dodgy entry, try again */
887 hesiod_free_list(_dns_state.context, hp);
888 goto next_dns_entry;
889 }
890 }
891
892 if (hp)
893 hesiod_free_list(_dns_state.context, hp);
894 if (rv == NS_SUCCESS)
895 *retval = &_dns_passwd;
896 return rv;
897 }
898
899 /*ARGSUSED*/
900 static int
901 _dns_getpwent_r(void *nsrv, void *nscb, va_list ap)
902 {
903 int *retval = va_arg(ap, int *);
904 struct passwd *pw = va_arg(ap, struct passwd *);
905 char *buffer = va_arg(ap, char *);
906 size_t buflen = va_arg(ap, size_t);
907 struct passwd **result = va_arg(ap, struct passwd **);
908
909 char **hp, *ep;
910 int rv;
911
912 _DIAGASSERT(retval != NULL);
913 _DIAGASSERT(pw != NULL);
914 _DIAGASSERT(buffer != NULL);
915 _DIAGASSERT(result != NULL);
916
917 *retval = 0;
918
919 if (_dns_state.num == -1) /* exhausted search */
920 return NS_NOTFOUND;
921
922 if (_dns_state.context == NULL) {
923 /* only start if Hesiod not setup */
924 rv = _dns_start(&_dns_state);
925 if (rv != NS_SUCCESS)
926 return rv;
927 }
928
929 next_dns_entry:
930 hp = NULL;
931 rv = NS_NOTFOUND;
932
933 /* find passwd-NNN */
934 snprintf(buffer, buflen, "passwd-%u", _dns_state.num);
935 _dns_state.num++;
936
937 hp = hesiod_resolve(_dns_state.context, buffer, "passwd");
938 if (hp == NULL) {
939 if (errno == ENOENT)
940 _dns_state.num = -1;
941 else
942 rv = NS_UNAVAIL;
943 } else {
944 if ((ep = strchr(hp[0], '\n')) != NULL)
945 *ep = '\0'; /* clear trailing \n */
946 /* validate line */
947 if (_pw_parse(hp[0], pw, buffer, buflen, 1))
948 rv = NS_SUCCESS;
949 else { /* dodgy entry, try again */
950 hesiod_free_list(_dns_state.context, hp);
951 goto next_dns_entry;
952 }
953 }
954
955 if (hp)
956 hesiod_free_list(_dns_state.context, hp);
957 if (rv == NS_SUCCESS)
958 *result = pw;
959 else
960 *result = NULL;
961 return rv;
962 }
963
964 static const char *_dns_uid_zones[] = {
965 "uid",
966 "passwd",
967 NULL
968 };
969
970 /*ARGSUSED*/
971 static int
972 _dns_getpwuid(void *nsrv, void *nscb, va_list ap)
973 {
974 struct passwd **retval = va_arg(ap, struct passwd **);
975 uid_t uid = va_arg(ap, uid_t);
976
977 int rv, rerror;
978
979 _DIAGASSERT(retval != NULL);
980
981 *retval = NULL;
982 rv = _dns_start(&_dns_state);
983 if (rv != NS_SUCCESS)
984 return rv;
985 snprintf(_dns_passwdbuf, sizeof(_dns_passwdbuf),
986 "%u", (unsigned int)uid);
987 rv = _dns_pwscan(&rerror, &_dns_passwd,
988 _dns_passwdbuf, sizeof(_dns_passwdbuf),
989 &_dns_state, _dns_uid_zones);
990 if (!_dns_state.stayopen)
991 _dns_end(&_dns_state);
992 if (rv == NS_SUCCESS && uid == _dns_passwd.pw_uid)
993 *retval = &_dns_passwd;
994 return rv;
995 }
996
997 /*ARGSUSED*/
998 static int
999 _dns_getpwuid_r(void *nsrv, void *nscb, va_list ap)
1000 {
1001 int *retval = va_arg(ap, int *);
1002 uid_t uid = va_arg(ap, uid_t);
1003 struct passwd *pw = va_arg(ap, struct passwd *);
1004 char *buffer = va_arg(ap, char *);
1005 size_t buflen = va_arg(ap, size_t);
1006 struct passwd **result = va_arg(ap, struct passwd **);
1007
1008 struct dns_state state;
1009 int rv;
1010
1011 _DIAGASSERT(retval != NULL);
1012 _DIAGASSERT(pw != NULL);
1013 _DIAGASSERT(buffer != NULL);
1014 _DIAGASSERT(result != NULL);
1015
1016 *result = NULL;
1017 memset(&state, 0, sizeof(state));
1018 snprintf(buffer, buflen, "%u", (unsigned int)uid);
1019 rv = _dns_pwscan(retval, pw, buffer, buflen, &state, _dns_uid_zones);
1020 _dns_end(&state);
1021 if (rv != NS_SUCCESS)
1022 return rv;
1023 if (uid == pw->pw_uid) {
1024 *result = pw;
1025 return NS_SUCCESS;
1026 } else
1027 return NS_NOTFOUND;
1028 }
1029
1030 static const char *_dns_nam_zones[] = {
1031 "passwd",
1032 NULL
1033 };
1034
1035 /*ARGSUSED*/
1036 static int
1037 _dns_getpwnam(void *nsrv, void *nscb, va_list ap)
1038 {
1039 struct passwd **retval = va_arg(ap, struct passwd **);
1040 const char *name = va_arg(ap, const char *);
1041
1042 int rv, rerror;
1043
1044 _DIAGASSERT(retval != NULL);
1045
1046 *retval = NULL;
1047 rv = _dns_start(&_dns_state);
1048 if (rv != NS_SUCCESS)
1049 return rv;
1050 snprintf(_dns_passwdbuf, sizeof(_dns_passwdbuf), "%s", name);
1051 rv = _dns_pwscan(&rerror, &_dns_passwd,
1052 _dns_passwdbuf, sizeof(_dns_passwdbuf),
1053 &_dns_state, _dns_nam_zones);
1054 if (!_dns_state.stayopen)
1055 _dns_end(&_dns_state);
1056 if (rv == NS_SUCCESS && strcmp(name, _dns_passwd.pw_name) == 0)
1057 *retval = &_dns_passwd;
1058 return rv;
1059 }
1060
1061 /*ARGSUSED*/
1062 static int
1063 _dns_getpwnam_r(void *nsrv, void *nscb, va_list ap)
1064 {
1065 int *retval = va_arg(ap, int *);
1066 const char *name = va_arg(ap, const char *);
1067 struct passwd *pw = va_arg(ap, struct passwd *);
1068 char *buffer = va_arg(ap, char *);
1069 size_t buflen = va_arg(ap, size_t);
1070 struct passwd **result = va_arg(ap, struct passwd **);
1071
1072 struct dns_state state;
1073 int rv;
1074
1075 _DIAGASSERT(retval != NULL);
1076 _DIAGASSERT(pw != NULL);
1077 _DIAGASSERT(buffer != NULL);
1078 _DIAGASSERT(result != NULL);
1079
1080 *result = NULL;
1081 memset(&state, 0, sizeof(state));
1082 snprintf(buffer, buflen, "%s", name);
1083 rv = _dns_pwscan(retval, pw, buffer, buflen, &state, _dns_nam_zones);
1084 _dns_end(&state);
1085 if (rv != NS_SUCCESS)
1086 return rv;
1087 if (strcmp(name, pw->pw_name) == 0) {
1088 *result = pw;
1089 return NS_SUCCESS;
1090 } else
1091 return NS_NOTFOUND;
1092 }
1093
1094 #endif /* HESIOD */
1095
1096
1097 #ifdef YP
1098 /*
1099 * nis methods
1100 */
1101 /* state shared between nis methods */
1102 struct nis_state {
1103 int stayopen; /* see getpassent(3) */
1104 char *domain; /* NIS domain */
1105 int done; /* non-zero if search exhausted */
1106 char *current; /* current first/next match */
1107 int currentlen; /* length of _nis_current */
1108 enum { /* shadow map type */
1109 NISMAP_UNKNOWN, /* unknown ... */
1110 NISMAP_NONE, /* none: use "passwd.by*" */
1111 NISMAP_ADJUNCT, /* pw_passwd from "passwd.adjunct.*" */
1112 NISMAP_MASTER /* all from "master.passwd.by*" */
1113 } maptype;
1114 };
1115
1116 static struct nis_state _nis_state;
1117 /* storage for non _r functions */
1118 static struct passwd _nis_passwd;
1119 static char _nis_passwdbuf[_GETPW_R_SIZE_MAX];
1120
1121 /* macros for deciding which NIS maps to use. */
1122 #define PASSWD_BYNAME(x) ((x)->maptype == NISMAP_MASTER \
1123 ? "master.passwd.byname" : "passwd.byname")
1124 #define PASSWD_BYUID(x) ((x)->maptype == NISMAP_MASTER \
1125 ? "master.passwd.byuid" : "passwd.byuid")
1126
1127 static int
1128 _nis_start(struct nis_state *state)
1129 {
1130
1131 _DIAGASSERT(state != NULL);
1132
1133 state->done = 0;
1134 if (state->current) {
1135 free(state->current);
1136 state->current = NULL;
1137 }
1138 if (state->domain == NULL) { /* setup NIS */
1139 switch (yp_get_default_domain(&state->domain)) {
1140 case 0:
1141 break;
1142 case YPERR_RESRC:
1143 return NS_TRYAGAIN;
1144 default:
1145 return NS_UNAVAIL;
1146 }
1147 }
1148
1149 /* determine where to get pw_passwd from */
1150 if (state->maptype == NISMAP_UNKNOWN) {
1151 int r, order;
1152
1153 state->maptype = NISMAP_NONE; /* default to no adjunct */
1154 if (geteuid() != 0) /* non-root can't use adjunct */
1155 return NS_SUCCESS;
1156
1157 /* look for "master.passwd.*" */
1158 r = yp_order(state->domain, "master.passwd.byname", &order);
1159 if (r == 0) {
1160 state->maptype = NISMAP_MASTER;
1161 return NS_SUCCESS;
1162 }
1163
1164 /* master.passwd doesn't exist, try passwd.adjunct */
1165 if (r == YPERR_MAP) {
1166 r = yp_order(state->domain, "passwd.adjunct.byname",
1167 &order);
1168 if (r == 0)
1169 state->maptype = NISMAP_ADJUNCT;
1170 }
1171 }
1172 return NS_SUCCESS;
1173 }
1174
1175 static int
1176 _nis_end(struct nis_state *state)
1177 {
1178
1179 _DIAGASSERT(state != NULL);
1180
1181 if (state->domain)
1182 state->domain = NULL;
1183 state->done = 0;
1184 if (state->current)
1185 free(state->current);
1186 state->current = NULL;
1187 state->maptype = NISMAP_UNKNOWN;
1188 return NS_SUCCESS;
1189 }
1190
1191 /*
1192 * nis_parse
1193 * wrapper to _pw_parse that obtains the real password from the
1194 * "passwd.adjunct.byname" NIS map if the maptype is NISMAP_ADJUNCT.
1195 */
1196 static int
1197 _nis_parse(const char *entry, struct passwd *pw, char *buf, size_t buflen,
1198 struct nis_state *state)
1199 {
1200 size_t elen;
1201
1202 _DIAGASSERT(entry != NULL);
1203 _DIAGASSERT(pw != NULL);
1204 _DIAGASSERT(buf != NULL);
1205 _DIAGASSERT(state != NULL);
1206
1207 elen = strlen(entry);
1208 if (elen >= buflen)
1209 return 0;
1210 if (! _pw_parse(entry, pw, buf, buflen,
1211 !(state->maptype == NISMAP_MASTER)))
1212 return 0;
1213
1214 if ((state->maptype == NISMAP_ADJUNCT) &&
1215 (strstr(pw->pw_passwd, "##") != NULL)) {
1216 char *data;
1217 int datalen;
1218
1219 if (yp_match(state->domain, "passwd.adjunct.byname",
1220 pw->pw_name, (int)strlen(pw->pw_name),
1221 &data, &datalen) == 0) {
1222 char *bp, *ep;
1223 /* skip name to get password */
1224 ep = data;
1225 if ((bp = strsep(&ep, ":")) != NULL &&
1226 (bp = strsep(&ep, ":")) != NULL) {
1227 /* store new pw_passwd after entry */
1228 strlcpy(buf + elen, bp, buflen - elen);
1229 pw->pw_passwd = &buf[elen];
1230 }
1231 free(data);
1232 }
1233 }
1234
1235 return 1;
1236 }
1237
1238
1239 /*
1240 * _nis_pwscan
1241 * Look for the yp key provided in buffer from map,
1242 * and decode into pw/buffer/buflen.
1243 */
1244 static int
1245 _nis_pwscan(int *retval, struct passwd *pw, char *buffer, size_t buflen,
1246 struct nis_state *state, const char *map)
1247 {
1248 char *data;
1249 int nisr, rv, datalen;
1250
1251 _DIAGASSERT(retval != NULL);
1252 _DIAGASSERT(pw != NULL);
1253 _DIAGASSERT(buffer != NULL);
1254 _DIAGASSERT(state != NULL);
1255 _DIAGASSERT(map != NULL);
1256
1257 *retval = 0;
1258
1259 if (state->domain == NULL) { /* only start if NIS not setup */
1260 rv = _nis_start(state);
1261 if (rv != NS_SUCCESS)
1262 return rv;
1263 }
1264
1265 data = NULL;
1266 rv = NS_NOTFOUND;
1267
1268 /* search map */
1269 nisr = yp_match(state->domain, map, buffer, (int)strlen(buffer),
1270 &data, &datalen);
1271 switch (nisr) {
1272 case 0:
1273 data[datalen] = '\0'; /* clear trailing \n */
1274 if (_nis_parse(data, pw, buffer, buflen, state))
1275 rv = NS_SUCCESS; /* validate line */
1276 else
1277 rv = NS_UNAVAIL;
1278 break;
1279 case YPERR_KEY:
1280 break;
1281 default:
1282 rv = NS_UNAVAIL;
1283 break;
1284 }
1285
1286 if (rv != NS_SUCCESS && rv != NS_NOTFOUND)
1287 *retval = errno;
1288 if (data)
1289 free(data);
1290 return rv;
1291 }
1292
1293 /*ARGSUSED*/
1294 static int
1295 _nis_setpwent(void *nsrv, void *nscb, va_list ap)
1296 {
1297
1298 _nis_state.stayopen = 0;
1299 return _nis_start(&_nis_state);
1300 }
1301
1302 /*ARGSUSED*/
1303 static int
1304 _nis_setpassent(void *nsrv, void *nscb, va_list ap)
1305 {
1306 int *retval = va_arg(ap, int *);
1307 int stayopen = va_arg(ap, int);
1308
1309 int rv;
1310
1311 _nis_state.stayopen = stayopen;
1312 rv = _nis_start(&_nis_state);
1313 *retval = (rv == NS_SUCCESS);
1314 return rv;
1315 }
1316
1317 /*ARGSUSED*/
1318 static int
1319 _nis_endpwent(void *nsrv, void *nscb, va_list ap)
1320 {
1321
1322 return _nis_end(&_nis_state);
1323 }
1324
1325
1326 /*ARGSUSED*/
1327 static int
1328 _nis_getpwent(void *nsrv, void *nscb, va_list ap)
1329 {
1330 struct passwd **retval = va_arg(ap, struct passwd **);
1331
1332 char *key, *data;
1333 int keylen, datalen, rv, nisr;
1334
1335 _DIAGASSERT(retval != NULL);
1336
1337 *retval = NULL;
1338
1339 if (_nis_state.done) /* exhausted search */
1340 return NS_NOTFOUND;
1341 if (_nis_state.domain == NULL) {
1342 /* only start if NIS not setup */
1343 rv = _nis_start(&_nis_state);
1344 if (rv != NS_SUCCESS)
1345 return rv;
1346 }
1347
1348 next_nis_entry:
1349 key = NULL;
1350 data = NULL;
1351 rv = NS_NOTFOUND;
1352
1353 if (_nis_state.current) { /* already searching */
1354 nisr = yp_next(_nis_state.domain, PASSWD_BYNAME(&_nis_state),
1355 _nis_state.current, _nis_state.currentlen,
1356 &key, &keylen, &data, &datalen);
1357 free(_nis_state.current);
1358 _nis_state.current = NULL;
1359 switch (nisr) {
1360 case 0:
1361 _nis_state.current = key;
1362 _nis_state.currentlen = keylen;
1363 key = NULL;
1364 break;
1365 case YPERR_NOMORE:
1366 _nis_state.done = 1;
1367 goto nisent_out;
1368 default:
1369 rv = NS_UNAVAIL;
1370 goto nisent_out;
1371 }
1372 } else { /* new search */
1373 if (yp_first(_nis_state.domain, PASSWD_BYNAME(&_nis_state),
1374 &_nis_state.current, &_nis_state.currentlen,
1375 &data, &datalen)) {
1376 rv = NS_UNAVAIL;
1377 goto nisent_out;
1378 }
1379 }
1380
1381 data[datalen] = '\0'; /* clear trailing \n */
1382 /* validate line */
1383 if (_nis_parse(data, &_nis_passwd,
1384 _nis_passwdbuf, sizeof(_nis_passwdbuf), &_nis_state))
1385 rv = NS_SUCCESS;
1386 else { /* dodgy entry, try again */
1387 if (key)
1388 free(key);
1389 free(data);
1390 goto next_nis_entry;
1391 }
1392
1393 nisent_out:
1394 if (key)
1395 free(key);
1396 if (data)
1397 free(data);
1398 if (rv == NS_SUCCESS)
1399 *retval = &_nis_passwd;
1400 return rv;
1401 }
1402
1403 /*ARGSUSED*/
1404 static int
1405 _nis_getpwent_r(void *nsrv, void *nscb, va_list ap)
1406 {
1407 int *retval = va_arg(ap, int *);
1408 struct passwd *pw = va_arg(ap, struct passwd *);
1409 char *buffer = va_arg(ap, char *);
1410 size_t buflen = va_arg(ap, size_t);
1411 struct passwd **result = va_arg(ap, struct passwd **);
1412
1413 char *key, *data;
1414 int keylen, datalen, rv, nisr;
1415
1416 _DIAGASSERT(retval != NULL);
1417 _DIAGASSERT(pw != NULL);
1418 _DIAGASSERT(buffer != NULL);
1419 _DIAGASSERT(result != NULL);
1420
1421 *retval = 0;
1422
1423 if (_nis_state.done) /* exhausted search */
1424 return NS_NOTFOUND;
1425 if (_nis_state.domain == NULL) {
1426 /* only start if NIS not setup */
1427 rv = _nis_start(&_nis_state);
1428 if (rv != NS_SUCCESS)
1429 return rv;
1430 }
1431
1432 next_nis_entry:
1433 key = NULL;
1434 data = NULL;
1435 rv = NS_NOTFOUND;
1436
1437 if (_nis_state.current) { /* already searching */
1438 nisr = yp_next(_nis_state.domain, PASSWD_BYNAME(&_nis_state),
1439 _nis_state.current, _nis_state.currentlen,
1440 &key, &keylen, &data, &datalen);
1441 free(_nis_state.current);
1442 _nis_state.current = NULL;
1443 switch (nisr) {
1444 case 0:
1445 _nis_state.current = key;
1446 _nis_state.currentlen = keylen;
1447 key = NULL;
1448 break;
1449 case YPERR_NOMORE:
1450 _nis_state.done = 1;
1451 goto nisent_out;
1452 default:
1453 rv = NS_UNAVAIL;
1454 goto nisent_out;
1455 }
1456 } else { /* new search */
1457 if (yp_first(_nis_state.domain, PASSWD_BYNAME(&_nis_state),
1458 &_nis_state.current, &_nis_state.currentlen,
1459 &data, &datalen)) {
1460 rv = NS_UNAVAIL;
1461 goto nisent_out;
1462 }
1463 }
1464
1465 data[datalen] = '\0'; /* clear trailing \n */
1466 /* validate line */
1467 if (_nis_parse(data, pw, buffer, buflen, &_nis_state))
1468 rv = NS_SUCCESS;
1469 else { /* dodgy entry, try again */
1470 if (key)
1471 free(key);
1472 free(data);
1473 goto next_nis_entry;
1474 }
1475
1476 nisent_out:
1477 if (key)
1478 free(key);
1479 if (data)
1480 free(data);
1481 if (rv == NS_SUCCESS)
1482 *result = pw;
1483 else
1484 *result = NULL;
1485 return rv;
1486 }
1487
1488 /*ARGSUSED*/
1489 static int
1490 _nis_getpwuid(void *nsrv, void *nscb, va_list ap)
1491 {
1492 struct passwd **retval = va_arg(ap, struct passwd **);
1493 uid_t uid = va_arg(ap, uid_t);
1494
1495 int rv, rerror;
1496
1497 _DIAGASSERT(retval != NULL);
1498
1499 *retval = NULL;
1500 rv = _nis_start(&_nis_state);
1501 if (rv != NS_SUCCESS)
1502 return rv;
1503 snprintf(_nis_passwdbuf, sizeof(_nis_passwdbuf), "%u", (unsigned int)uid);
1504 rv = _nis_pwscan(&rerror, &_nis_passwd,
1505 _nis_passwdbuf, sizeof(_nis_passwdbuf),
1506 &_nis_state, PASSWD_BYUID(&_nis_state));
1507 if (!_nis_state.stayopen)
1508 _nis_end(&_nis_state);
1509 if (rv == NS_SUCCESS && uid == _nis_passwd.pw_uid)
1510 *retval = &_nis_passwd;
1511 return rv;
1512 }
1513
1514 /*ARGSUSED*/
1515 static int
1516 _nis_getpwuid_r(void *nsrv, void *nscb, va_list ap)
1517 {
1518 int *retval = va_arg(ap, int *);
1519 uid_t uid = va_arg(ap, uid_t);
1520 struct passwd *pw = va_arg(ap, struct passwd *);
1521 char *buffer = va_arg(ap, char *);
1522 size_t buflen = va_arg(ap, size_t);
1523 struct passwd **result = va_arg(ap, struct passwd **);
1524
1525 struct nis_state state;
1526 int rv;
1527
1528 _DIAGASSERT(retval != NULL);
1529 _DIAGASSERT(pw != NULL);
1530 _DIAGASSERT(buffer != NULL);
1531 _DIAGASSERT(result != NULL);
1532
1533 *result = NULL;
1534 memset(&state, 0, sizeof(state));
1535 rv = _nis_start(&state);
1536 if (rv != NS_SUCCESS)
1537 return rv;
1538 snprintf(buffer, buflen, "%u", (unsigned int)uid);
1539 rv = _nis_pwscan(retval, pw, buffer, buflen,
1540 &state, PASSWD_BYUID(&state));
1541 _nis_end(&state);
1542 if (rv != NS_SUCCESS)
1543 return rv;
1544 if (uid == pw->pw_uid) {
1545 *result = pw;
1546 return NS_SUCCESS;
1547 } else
1548 return NS_NOTFOUND;
1549 }
1550
1551 /*ARGSUSED*/
1552 static int
1553 _nis_getpwnam(void *nsrv, void *nscb, va_list ap)
1554 {
1555 struct passwd **retval = va_arg(ap, struct passwd **);
1556 const char *name = va_arg(ap, const char *);
1557
1558 int rv, rerror;
1559
1560 _DIAGASSERT(retval != NULL);
1561
1562 *retval = NULL;
1563 rv = _nis_start(&_nis_state);
1564 if (rv != NS_SUCCESS)
1565 return rv;
1566 snprintf(_nis_passwdbuf, sizeof(_nis_passwdbuf), "%s", name);
1567 rv = _nis_pwscan(&rerror, &_nis_passwd,
1568 _nis_passwdbuf, sizeof(_nis_passwdbuf),
1569 &_nis_state, PASSWD_BYNAME(&_nis_state));
1570 if (!_nis_state.stayopen)
1571 _nis_end(&_nis_state);
1572 if (rv == NS_SUCCESS && strcmp(name, _nis_passwd.pw_name) == 0)
1573 *retval = &_nis_passwd;
1574 return rv;
1575 }
1576
1577 /*ARGSUSED*/
1578 static int
1579 _nis_getpwnam_r(void *nsrv, void *nscb, va_list ap)
1580 {
1581 int *retval = va_arg(ap, int *);
1582 const char *name = va_arg(ap, const char *);
1583 struct passwd *pw = va_arg(ap, struct passwd *);
1584 char *buffer = va_arg(ap, char *);
1585 size_t buflen = va_arg(ap, size_t);
1586 struct passwd **result = va_arg(ap, struct passwd **);
1587
1588 struct nis_state state;
1589 int rv;
1590
1591 _DIAGASSERT(retval != NULL);
1592 _DIAGASSERT(pw != NULL);
1593 _DIAGASSERT(buffer != NULL);
1594 _DIAGASSERT(result != NULL);
1595
1596 *result = NULL;
1597 snprintf(buffer, buflen, "%s", name);
1598 memset(&state, 0, sizeof(state));
1599 rv = _nis_start(&state);
1600 if (rv != NS_SUCCESS)
1601 return rv;
1602 rv = _nis_pwscan(retval, pw, buffer, buflen,
1603 &state, PASSWD_BYNAME(&state));
1604 _nis_end(&state);
1605 if (rv != NS_SUCCESS)
1606 return rv;
1607 if (strcmp(name, pw->pw_name) == 0) {
1608 *result = pw;
1609 return NS_SUCCESS;
1610 } else
1611 return NS_NOTFOUND;
1612 }
1613
1614 #endif /* YP */
1615
1616
1617 #ifdef _PASSWD_COMPAT
1618 /*
1619 * compat methods
1620 */
1621
1622 /* state shared between compat methods */
1623
1624 struct compat_state {
1625 int stayopen; /* see getpassent(3) */
1626 DB *db; /* passwd DB */
1627 int keynum; /* key counter, -1 if no more */
1628 enum { /* current compat mode */
1629 COMPAT_NOTOKEN = 0, /* no compat token present */
1630 COMPAT_NONE, /* parsing normal pwd.db line */
1631 COMPAT_FULL, /* parsing `+' entries */
1632 COMPAT_USER, /* parsing `+name' entries */
1633 COMPAT_NETGROUP /* parsing `+@netgroup' entries */
1634 } mode;
1635 char *user; /* COMPAT_USER "+name" */
1636 DB *exclude; /* compat exclude DB */
1637 struct passwd proto; /* proto passwd entry */
1638 char protobuf[_GETPW_R_SIZE_MAX];
1639 /* buffer for proto ptrs */
1640 int protoflags; /* proto passwd flags */
1641 };
1642
1643 static struct compat_state _compat_state;
1644 /* storage for non _r functions */
1645 static struct passwd _compat_passwd;
1646 static char _compat_passwdbuf[_GETPW_R_SIZE_MAX];
1647
1648 static int
1649 _compat_start(struct compat_state *state)
1650 {
1651 int rv;
1652
1653 _DIAGASSERT(state != NULL);
1654
1655 state->keynum = 0;
1656 if (state->db == NULL) { /* not open yet */
1657 DBT key, data;
1658 DBT pkey, pdata;
1659 char bf[MAXLOGNAME];
1660
1661 rv = _pw_opendb(&state->db);
1662 if (rv != NS_SUCCESS)
1663 return rv;
1664
1665 state->mode = COMPAT_NOTOKEN;
1666
1667 /*
1668 * Determine if the "compat" token is present in pwd.db;
1669 * either "__YP!" or PW_KEYBYNAME+"+".
1670 * Only works if pwd_mkdb installs the token.
1671 */
1672 key.data = (u_char *)__UNCONST(__yp_token);
1673 key.size = strlen(__yp_token);
1674
1675 bf[0] = _PW_KEYBYNAME; /* Pre-token database support. */
1676 bf[1] = '+';
1677 pkey.data = (u_char *)bf;
1678 pkey.size = 2;
1679
1680 if ((state->db->get)(state->db, &key, &data, 0) == 0
1681 || (state->db->get)(state->db, &pkey, &pdata, 0) == 0)
1682 state->mode = COMPAT_NONE;
1683 }
1684 return NS_SUCCESS;
1685 }
1686
1687 static int
1688 _compat_end(struct compat_state *state)
1689 {
1690
1691 _DIAGASSERT(state != NULL);
1692
1693 state->keynum = 0;
1694 if (state->db) {
1695 (void)(state->db->close)(state->db);
1696 state->db = NULL;
1697 }
1698 state->mode = COMPAT_NOTOKEN;
1699 if (state->user)
1700 free(state->user);
1701 state->user = NULL;
1702 if (state->exclude != NULL)
1703 (void)(state->exclude->close)(state->exclude);
1704 state->exclude = NULL;
1705 state->proto.pw_name = NULL;
1706 state->protoflags = 0;
1707 return NS_SUCCESS;
1708 }
1709
1710 /*
1711 * _compat_add_exclude
1712 * add the name to the exclude list in state->exclude.
1713 */
1714 static int
1715 _compat_add_exclude(struct compat_state *state, const char *name)
1716 {
1717 DBT key, data;
1718
1719 _DIAGASSERT(state != NULL);
1720 _DIAGASSERT(name != NULL);
1721
1722 /* initialize the exclusion table if needed */
1723 if (state->exclude == NULL) {
1724 state->exclude = dbopen(NULL, O_RDWR, 600, DB_HASH, NULL);
1725 if (state->exclude == NULL)
1726 return 0;
1727 }
1728
1729 key.size = strlen(name); /* set up the key */
1730 key.data = (u_char *)__UNCONST(name);
1731
1732 data.data = NULL; /* data is nothing */
1733 data.size = 0;
1734
1735 /* store it */
1736 if ((state->exclude->put)(state->exclude, &key, &data, 0) == -1)
1737 return 0;
1738
1739 return 1;
1740 }
1741
1742 /*
1743 * _compat_is_excluded
1744 * test if a name is on the compat mode exclude list
1745 */
1746 static int
1747 _compat_is_excluded(struct compat_state *state, const char *name)
1748 {
1749 DBT key, data;
1750
1751 _DIAGASSERT(state != NULL);
1752 _DIAGASSERT(name != NULL);
1753
1754 if (state->exclude == NULL)
1755 return 0; /* nothing excluded */
1756
1757 key.size = strlen(name); /* set up the key */
1758 key.data = (u_char *)__UNCONST(name);
1759
1760 if ((state->exclude->get)(state->exclude, &key, &data, 0) == 0)
1761 return 1; /* is excluded */
1762
1763 return 0;
1764 }
1765
1766
1767 /*
1768 * _passwdcompat_bad
1769 * log an error if "files" or "compat" is specified in
1770 * passwd_compat database
1771 */
1772 /*ARGSUSED*/
1773 static int
1774 _passwdcompat_bad(void *nsrv, void *nscb, va_list ap)
1775 {
1776 static int warned;
1777
1778 _DIAGASSERT(cb_data != NULL);
1779
1780 if (!warned) {
1781 syslog(LOG_ERR,
1782 "nsswitch.conf passwd_compat database can't use '%s'",
1783 (char *)nscb);
1784 }
1785 warned = 1;
1786 return NS_UNAVAIL;
1787 }
1788
1789 /*
1790 * _passwdcompat_setpassent
1791 * Call setpassent for all passwd_compat sources.
1792 */
1793 static int
1794 _passwdcompat_setpassent(int stayopen)
1795 {
1796 static const ns_dtab dtab[] = {
1797 NS_FILES_CB(_passwdcompat_bad, "files")
1798 NS_DNS_CB(_dns_setpassent, NULL)
1799 NS_NIS_CB(_nis_setpassent, NULL)
1800 NS_COMPAT_CB(_passwdcompat_bad, "compat")
1801 { 0 }
1802 };
1803
1804 int rv, result;
1805
1806 rv = nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "setpassent",
1807 __nsdefaultnis_forceall, &result, stayopen);
1808 return rv;
1809 }
1810
1811 /*
1812 * _passwdcompat_endpwent
1813 * Call endpwent for all passwd_compat sources.
1814 */
1815 static int
1816 _passwdcompat_endpwent(void)
1817 {
1818 static const ns_dtab dtab[] = {
1819 NS_FILES_CB(_passwdcompat_bad, "files")
1820 NS_DNS_CB(_dns_endpwent, NULL)
1821 NS_NIS_CB(_nis_endpwent, NULL)
1822 NS_COMPAT_CB(_passwdcompat_bad, "compat")
1823 { 0 }
1824 };
1825
1826 return nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "endpwent",
1827 __nsdefaultnis_forceall);
1828 }
1829
1830 /*
1831 * _passwdcompat_pwscan
1832 * When a name lookup in compat mode is required (e.g., `+name', or a
1833 * name in `+@netgroup'), look it up in the 'passwd_compat' nsswitch
1834 * database.
1835 * Fail if passwd_compat contains files or compat.
1836 */
1837 static int
1838 _passwdcompat_pwscan(struct passwd *pw, char *buffer, size_t buflen,
1839 int search, const char *name, uid_t uid)
1840 {
1841 static const ns_dtab compatentdtab[] = {
1842 NS_FILES_CB(_passwdcompat_bad, "files")
1843 NS_DNS_CB(_dns_getpwent_r, NULL)
1844 NS_NIS_CB(_nis_getpwent_r, NULL)
1845 NS_COMPAT_CB(_passwdcompat_bad, "compat")
1846 { 0 }
1847 };
1848 static const ns_dtab compatuiddtab[] = {
1849 NS_FILES_CB(_passwdcompat_bad, "files")
1850 NS_DNS_CB(_dns_getpwuid_r, NULL)
1851 NS_NIS_CB(_nis_getpwuid_r, NULL)
1852 NS_COMPAT_CB(_passwdcompat_bad, "compat")
1853 { 0 }
1854 };
1855 static const ns_dtab compatnamdtab[] = {
1856 NS_FILES_CB(_passwdcompat_bad, "files")
1857 NS_DNS_CB(_dns_getpwnam_r, NULL)
1858 NS_NIS_CB(_nis_getpwnam_r, NULL)
1859 NS_COMPAT_CB(_passwdcompat_bad, "compat")
1860 { 0 }
1861 };
1862
1863 int rv, crv;
1864 struct passwd *cpw;
1865
1866 switch (search) {
1867 case _PW_KEYBYNUM:
1868 rv = nsdispatch(NULL, compatentdtab,
1869 NSDB_PASSWD_COMPAT, "getpwent_r", __nsdefaultnis,
1870 &crv, pw, buffer, buflen, &cpw);
1871 break;
1872 case _PW_KEYBYNAME:
1873 _DIAGASSERT(name != NULL);
1874 rv = nsdispatch(NULL, compatnamdtab,
1875 NSDB_PASSWD_COMPAT, "getpwnam_r", __nsdefaultnis,
1876 &crv, name, pw, buffer, buflen, &cpw);
1877 break;
1878 case _PW_KEYBYUID:
1879 rv = nsdispatch(NULL, compatuiddtab,
1880 NSDB_PASSWD_COMPAT, "getpwuid_r", __nsdefaultnis,
1881 &crv, uid, pw, buffer, buflen, &cpw);
1882 break;
1883 default:
1884 abort();
1885 /*NOTREACHED*/
1886 }
1887 return rv;
1888 }
1889
1890 /*
1891 * _compat_pwscan
1892 * Search state->db for the next desired entry.
1893 * If search is _PW_KEYBYNUM, look for state->keynum.
1894 * If search is _PW_KEYBYNAME, look for name.
1895 * If search is _PW_KEYBYUID, look for uid.
1896 * Sets *retval to the errno if the result is not NS_SUCCESS
1897 * or NS_NOTFOUND.
1898 */
1899 static int
1900 _compat_pwscan(int *retval, struct passwd *pw, char *buffer, size_t buflen,
1901 struct compat_state *state, int search, const char *name, uid_t uid)
1902 {
1903 DBT key;
1904 int rv, r, pwflags;
1905 const char *user, *host, *dom;
1906 const void *from;
1907 size_t fromlen;
1908
1909 _DIAGASSERT(retval != NULL);
1910 _DIAGASSERT(pw != NULL);
1911 _DIAGASSERT(buffer != NULL);
1912 _DIAGASSERT(state != NULL);
1913 /* name may be NULL */
1914
1915 *retval = 0;
1916
1917 if (state->db == NULL) {
1918 rv = _compat_start(state);
1919 if (rv != NS_SUCCESS)
1920 return rv;
1921 }
1922 if (buflen <= 1) { /* buffer too small */
1923 *retval = ERANGE;
1924 return NS_UNAVAIL;
1925 }
1926
1927 for (;;) { /* loop over pwd.db */
1928 rv = NS_NOTFOUND;
1929 if (state->mode != COMPAT_NOTOKEN &&
1930 state->mode != COMPAT_NONE) {
1931 /* doing a compat lookup */
1932 struct passwd cpw;
1933 char cbuf[_GETPW_R_SIZE_MAX];
1934
1935 switch (state->mode) {
1936
1937 case COMPAT_FULL:
1938 /* get next user */
1939 rv = _passwdcompat_pwscan(&cpw,
1940 cbuf, sizeof(cbuf),
1941 _PW_KEYBYNUM, NULL, 0);
1942 if (rv != NS_SUCCESS)
1943 state->mode = COMPAT_NONE;
1944 break;
1945
1946 case COMPAT_NETGROUP:
1947 /* XXXREENTRANT: getnetgrent is not thread safe */
1948 /* get next user from netgroup */
1949 r = getnetgrent(&host, &user, &dom);
1950 if (r == 0) { /* end of group */
1951 endnetgrent();
1952 state->mode = COMPAT_NONE;
1953 break;
1954 }
1955 if (!user || !*user)
1956 break;
1957 rv = _passwdcompat_pwscan(&cpw,
1958 cbuf, sizeof(cbuf),
1959 _PW_KEYBYNAME, user, 0);
1960 break;
1961
1962 case COMPAT_USER:
1963 /* get specific user */
1964 if (state->user == NULL) {
1965 state->mode = COMPAT_NONE;
1966 break;
1967 }
1968 rv = _passwdcompat_pwscan(&cpw,
1969 cbuf, sizeof(cbuf),
1970 _PW_KEYBYNAME, state->user, 0);
1971 free(state->user);
1972 state->user = NULL;
1973 state->mode = COMPAT_NONE;
1974 break;
1975
1976 case COMPAT_NOTOKEN:
1977 case COMPAT_NONE:
1978 abort();
1979
1980 }
1981 if (rv != NS_SUCCESS) /* if not matched, next loop */
1982 continue;
1983
1984 /* copy cpw to pw, applying prototype */
1985 if (! _pw_copy(&cpw, pw, buffer, buflen,
1986 &state->proto, state->protoflags)) {
1987 rv = NS_UNAVAIL;
1988 break;
1989 }
1990
1991 if (_compat_is_excluded(state, pw->pw_name))
1992 continue; /* excluded; next loop */
1993
1994 if ((search == _PW_KEYBYNAME
1995 && strcmp(pw->pw_name, name) != 0)
1996 || (search == _PW_KEYBYUID && pw->pw_uid != uid)) {
1997 continue; /* not specific; next loop */
1998 }
1999
2000 break; /* exit loop if found */
2001 } else { /* not a compat line */
2002 state->proto.pw_name = NULL;
2003 /* clear prototype */
2004 }
2005
2006 if (state->mode == COMPAT_NOTOKEN) {
2007 /* no compat token; do direct lookup */
2008 switch (search) {
2009 case _PW_KEYBYNUM:
2010 if (state->keynum == -1) /* no more records */
2011 return NS_NOTFOUND;
2012 state->keynum++;
2013 from = &state->keynum;
2014 fromlen = sizeof(state->keynum);
2015 break;
2016 case _PW_KEYBYNAME:
2017 from = name;
2018 fromlen = strlen(name);
2019 break;
2020 case _PW_KEYBYUID:
2021 from = &uid;
2022 fromlen = sizeof(uid);
2023 break;
2024 default:
2025 abort();
2026 }
2027 buffer[0] = search;
2028 } else {
2029 /* compat token; do line by line */
2030 if (state->keynum == -1) /* no more records */
2031 return NS_NOTFOUND;
2032 state->keynum++;
2033 from = &state->keynum;
2034 fromlen = sizeof(state->keynum);
2035 buffer[0] = _PW_KEYBYNUM;
2036 }
2037
2038 if (buflen <= fromlen) { /* buffer too small */
2039 *retval = ERANGE;
2040 return NS_UNAVAIL;
2041 }
2042 memmove(buffer + 1, from, fromlen); /* setup key */
2043 key.size = fromlen + 1;
2044 key.data = (u_char *)buffer;
2045
2046 rv = _pw_getkey(state->db, &key, pw, buffer, buflen, &pwflags);
2047 if (rv != NS_SUCCESS) /* stop on error */
2048 break;
2049
2050 if (state->mode == COMPAT_NOTOKEN)
2051 break; /* stop if no compat token */
2052
2053 if (pw->pw_name[0] == '+') {
2054 /* compat inclusion */
2055 switch(pw->pw_name[1]) {
2056 case '\0': /* `+' */
2057 state->mode = COMPAT_FULL;
2058 /* reset passwd_compat search */
2059 /* XXXREENTRANT: setpassent is not thread safe ? */
2060 (void) _passwdcompat_setpassent(0);
2061 break;
2062 case '@': /* `+@netgroup' */
2063 state->mode = COMPAT_NETGROUP;
2064 /* reset netgroup search */
2065 /* XXXREENTRANT: setnetgrent is not thread safe */
2066 setnetgrent(pw->pw_name + 2);
2067 break;
2068 default: /* `+name' */
2069 state->mode = COMPAT_USER;
2070 if (state->user)
2071 free(state->user);
2072 state->user = strdup(pw->pw_name + 1);
2073 break;
2074 }
2075 /* save the prototype */
2076 state->protoflags = pwflags;
2077 if (! _pw_copy(pw, &state->proto, state->protobuf,
2078 sizeof(state->protobuf), NULL, 0)) {
2079 rv = NS_UNAVAIL;
2080 break;
2081 }
2082 continue; /* loop again after inclusion */
2083 } else if (pw->pw_name[0] == '-') {
2084 /* compat exclusion */
2085 rv = NS_SUCCESS;
2086 switch(pw->pw_name[1]) {
2087 case '\0': /* `-' */
2088 break;
2089 case '@': /* `-@netgroup' */
2090 /* XXXREENTRANT: {set,get,end}netgrent is not thread safe */
2091 setnetgrent(pw->pw_name + 2);
2092 while (getnetgrent(&host, &user, &dom)) {
2093 if (!user || !*user)
2094 continue;
2095 if (! _compat_add_exclude(state,user)) {
2096 rv = NS_UNAVAIL;
2097 break;
2098 }
2099 }
2100 endnetgrent();
2101 break;
2102 default: /* `-name' */
2103 if (! _compat_add_exclude(state,
2104 pw->pw_name + 1)) {
2105 rv = NS_UNAVAIL;
2106 }
2107 break;
2108 }
2109 if (rv != NS_SUCCESS) /* exclusion failure */
2110 break;
2111 continue; /* loop again after exclusion */
2112 }
2113 if (search == _PW_KEYBYNUM ||
2114 (search == _PW_KEYBYUID && pw->pw_uid == uid) ||
2115 (search == _PW_KEYBYNAME && strcmp(pw->pw_name, name) == 0))
2116 break; /* token mode match found */
2117 }
2118
2119 if (rv == NS_NOTFOUND &&
2120 (search == _PW_KEYBYNUM || state->mode != COMPAT_NOTOKEN))
2121 state->keynum = -1; /* flag `no more records' */
2122
2123 if (rv == NS_SUCCESS) {
2124 if ((search == _PW_KEYBYNAME && strcmp(pw->pw_name, name) != 0)
2125 || (search == _PW_KEYBYUID && pw->pw_uid != uid))
2126 rv = NS_NOTFOUND;
2127 }
2128
2129 if (rv != NS_SUCCESS && rv != NS_NOTFOUND)
2130 *retval = errno;
2131 return rv;
2132 }
2133
2134 /*ARGSUSED*/
2135 static int
2136 _compat_setpwent(void *nsrv, void *nscb, va_list ap)
2137 {
2138
2139 /* force passwd_compat setpwent() */
2140 (void) _passwdcompat_setpassent(0);
2141
2142 /* reset state, keep db open */
2143 _compat_state.stayopen = 0;
2144 return _compat_start(&_compat_state);
2145 }
2146
2147 /*ARGSUSED*/
2148 static int
2149 _compat_setpassent(void *nsrv, void *nscb, va_list ap)
2150 {
2151 int *retval = va_arg(ap, int *);
2152 int stayopen = va_arg(ap, int);
2153
2154 int rv;
2155
2156 /* force passwd_compat setpassent() */
2157 (void) _passwdcompat_setpassent(stayopen);
2158
2159 _compat_state.stayopen = stayopen;
2160 rv = _compat_start(&_compat_state);
2161 *retval = (rv == NS_SUCCESS);
2162 return rv;
2163 }
2164
2165 /*ARGSUSED*/
2166 static int
2167 _compat_endpwent(void *nsrv, void *nscb, va_list ap)
2168 {
2169
2170 /* force passwd_compat endpwent() */
2171 (void) _passwdcompat_endpwent();
2172
2173 /* reset state, close db */
2174 _compat_state.stayopen = 0;
2175 return _compat_end(&_compat_state);
2176 }
2177
2178
2179 /*ARGSUSED*/
2180 static int
2181 _compat_getpwent(void *nsrv, void *nscb, va_list ap)
2182 {
2183 struct passwd **retval = va_arg(ap, struct passwd **);
2184
2185 int rv, rerror;
2186
2187 _DIAGASSERT(retval != NULL);
2188
2189 *retval = NULL;
2190 rv = _compat_pwscan(&rerror, &_compat_passwd,
2191 _compat_passwdbuf, sizeof(_compat_passwdbuf),
2192 &_compat_state, _PW_KEYBYNUM, NULL, 0);
2193 if (rv == NS_SUCCESS)
2194 *retval = &_compat_passwd;
2195 return rv;
2196 }
2197
2198 /*ARGSUSED*/
2199 static int
2200 _compat_getpwent_r(void *nsrv, void *nscb, va_list ap)
2201 {
2202 int *retval = va_arg(ap, int *);
2203 struct passwd *pw = va_arg(ap, struct passwd *);
2204 char *buffer = va_arg(ap, char *);
2205 size_t buflen = va_arg(ap, size_t);
2206 struct passwd **result = va_arg(ap, struct passwd **);
2207
2208 int rv;
2209
2210 _DIAGASSERT(retval != NULL);
2211 _DIAGASSERT(pw != NULL);
2212 _DIAGASSERT(buffer != NULL);
2213 _DIAGASSERT(result != NULL);
2214
2215 rv = _compat_pwscan(retval, pw, buffer, buflen, &_compat_state,
2216 _PW_KEYBYNUM, NULL, 0);
2217 if (rv == NS_SUCCESS)
2218 *result = pw;
2219 else
2220 *result = NULL;
2221 return rv;
2222 }
2223
2224
2225 /*ARGSUSED*/
2226 static int
2227 _compat_getpwnam(void *nsrv, void *nscb, va_list ap)
2228 {
2229 struct passwd **retval = va_arg(ap, struct passwd **);
2230 const char *name = va_arg(ap, const char *);
2231
2232 int rv, rerror;
2233
2234 _DIAGASSERT(retval != NULL);
2235
2236 *retval = NULL;
2237 rv = _compat_start(&_compat_state);
2238 if (rv != NS_SUCCESS)
2239 return rv;
2240 rv = _compat_pwscan(&rerror, &_compat_passwd,
2241 _compat_passwdbuf, sizeof(_compat_passwdbuf),
2242 &_compat_state, _PW_KEYBYNAME, name, 0);
2243 if (!_compat_state.stayopen)
2244 _compat_end(&_compat_state);
2245 if (rv == NS_SUCCESS)
2246 *retval = &_compat_passwd;
2247 return rv;
2248 }
2249
2250 /*ARGSUSED*/
2251 static int
2252 _compat_getpwnam_r(void *nsrv, void *nscb, va_list ap)
2253 {
2254 int *retval = va_arg(ap, int *);
2255 const char *name = va_arg(ap, const char *);
2256 struct passwd *pw = va_arg(ap, struct passwd *);
2257 char *buffer = va_arg(ap, char *);
2258 size_t buflen = va_arg(ap, size_t);
2259 struct passwd **result = va_arg(ap, struct passwd **);
2260
2261 struct compat_state state;
2262 int rv;
2263
2264 _DIAGASSERT(retval != NULL);
2265 _DIAGASSERT(pw != NULL);
2266 _DIAGASSERT(buffer != NULL);
2267 _DIAGASSERT(result != NULL);
2268
2269 *result = NULL;
2270 memset(&state, 0, sizeof(state));
2271 rv = _compat_pwscan(retval, pw, buffer, buflen, &state,
2272 _PW_KEYBYNAME, name, 0);
2273 _compat_end(&state);
2274 if (rv == NS_SUCCESS)
2275 *result = pw;
2276 return rv;
2277 }
2278
2279 /*ARGSUSED*/
2280 static int
2281 _compat_getpwuid(void *nsrv, void *nscb, va_list ap)
2282 {
2283 struct passwd **retval = va_arg(ap, struct passwd **);
2284 uid_t uid = va_arg(ap, uid_t);
2285
2286 int rv, rerror;
2287
2288 _DIAGASSERT(retval != NULL);
2289
2290 *retval = NULL;
2291 rv = _compat_start(&_compat_state);
2292 if (rv != NS_SUCCESS)
2293 return rv;
2294 rv = _compat_pwscan(&rerror, &_compat_passwd,
2295 _compat_passwdbuf, sizeof(_compat_passwdbuf),
2296 &_compat_state, _PW_KEYBYUID, NULL, uid);
2297 if (!_compat_state.stayopen)
2298 _compat_end(&_compat_state);
2299 if (rv == NS_SUCCESS)
2300 *retval = &_compat_passwd;
2301 return rv;
2302 }
2303
2304 /*ARGSUSED*/
2305 static int
2306 _compat_getpwuid_r(void *nsrv, void *nscb, va_list ap)
2307 {
2308 int *retval = va_arg(ap, int *);
2309 uid_t uid = va_arg(ap, uid_t);
2310 struct passwd *pw = va_arg(ap, struct passwd *);
2311 char *buffer = va_arg(ap, char *);
2312 size_t buflen = va_arg(ap, size_t);
2313 struct passwd **result = va_arg(ap, struct passwd **);
2314
2315 struct compat_state state;
2316 int rv;
2317
2318 _DIAGASSERT(retval != NULL);
2319 _DIAGASSERT(pw != NULL);
2320 _DIAGASSERT(buffer != NULL);
2321 _DIAGASSERT(result != NULL);
2322
2323 *result = NULL;
2324 memset(&state, 0, sizeof(state));
2325 rv = _compat_pwscan(retval, pw, buffer, buflen, &state,
2326 _PW_KEYBYUID, NULL, uid);
2327 _compat_end(&state);
2328 if (rv == NS_SUCCESS)
2329 *result = pw;
2330 return rv;
2331 }
2332
2333 #endif /* _PASSWD_COMPAT */
2334
2335
2336 /*
2337 * public functions
2338 */
2339
2340 struct passwd *
2341 getpwent(void)
2342 {
2343 int r;
2344 struct passwd *retval;
2345
2346 static const ns_dtab dtab[] = {
2347 NS_FILES_CB(_files_getpwent, NULL)
2348 NS_DNS_CB(_dns_getpwent, NULL)
2349 NS_NIS_CB(_nis_getpwent, NULL)
2350 NS_COMPAT_CB(_compat_getpwent, NULL)
2351 { 0 }
2352 };
2353
2354 mutex_lock(&_pwmutex);
2355 r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwent", __nsdefaultcompat,
2356 &retval);
2357 mutex_unlock(&_pwmutex);
2358 return (r == NS_SUCCESS) ? retval : NULL;
2359 }
2360
2361 int
2362 getpwent_r(struct passwd *pwd, char *buffer, size_t buflen,
2363 struct passwd **result)
2364 {
2365 int r, retval;
2366
2367 static const ns_dtab dtab[] = {
2368 NS_FILES_CB(_files_getpwent_r, NULL)
2369 NS_DNS_CB(_dns_getpwent_r, NULL)
2370 NS_NIS_CB(_nis_getpwent_r, NULL)
2371 NS_COMPAT_CB(_compat_getpwent_r, NULL)
2372 { 0 }
2373 };
2374
2375 _DIAGASSERT(pwd != NULL);
2376 _DIAGASSERT(buffer != NULL);
2377 _DIAGASSERT(result != NULL);
2378
2379 *result = NULL;
2380 retval = 0;
2381 mutex_lock(&_pwmutex);
2382 r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwent_r", __nsdefaultcompat,
2383 &retval, pwd, buffer, buflen, result);
2384 mutex_unlock(&_pwmutex);
2385 switch (r) {
2386 case NS_SUCCESS:
2387 case NS_NOTFOUND:
2388 return 0;
2389 default:
2390 return retval;
2391 }
2392 }
2393
2394
2395 struct passwd *
2396 getpwnam(const char *name)
2397 {
2398 int rv;
2399 struct passwd *retval;
2400
2401 static const ns_dtab dtab[] = {
2402 NS_FILES_CB(_files_getpwnam, NULL)
2403 NS_DNS_CB(_dns_getpwnam, NULL)
2404 NS_NIS_CB(_nis_getpwnam, NULL)
2405 NS_COMPAT_CB(_compat_getpwnam, NULL)
2406 { 0 }
2407 };
2408
2409 mutex_lock(&_pwmutex);
2410 rv = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwnam", __nsdefaultcompat,
2411 &retval, name);
2412 mutex_unlock(&_pwmutex);
2413 return (rv == NS_SUCCESS) ? retval : NULL;
2414 }
2415
2416 int
2417 getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t buflen,
2418 struct passwd **result)
2419 {
2420 int r, retval;
2421
2422 static const ns_dtab dtab[] = {
2423 NS_FILES_CB(_files_getpwnam_r, NULL)
2424 NS_DNS_CB(_dns_getpwnam_r, NULL)
2425 NS_NIS_CB(_nis_getpwnam_r, NULL)
2426 NS_COMPAT_CB(_compat_getpwnam_r, NULL)
2427 { 0 }
2428 };
2429
2430 _DIAGASSERT(name != NULL);
2431 _DIAGASSERT(pwd != NULL);
2432 _DIAGASSERT(buffer != NULL);
2433 _DIAGASSERT(result != NULL);
2434
2435 *result = NULL;
2436 retval = 0;
2437 mutex_lock(&_pwmutex);
2438 r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwnam_r", __nsdefaultcompat,
2439 &retval, name, pwd, buffer, buflen, result);
2440 mutex_unlock(&_pwmutex);
2441 switch (r) {
2442 case NS_SUCCESS:
2443 case NS_NOTFOUND:
2444 return 0;
2445 default:
2446 return retval;
2447 }
2448 }
2449
2450 struct passwd *
2451 getpwuid(uid_t uid)
2452 {
2453 int rv;
2454 struct passwd *retval;
2455
2456 static const ns_dtab dtab[] = {
2457 NS_FILES_CB(_files_getpwuid, NULL)
2458 NS_DNS_CB(_dns_getpwuid, NULL)
2459 NS_NIS_CB(_nis_getpwuid, NULL)
2460 NS_COMPAT_CB(_compat_getpwuid, NULL)
2461 { 0 }
2462 };
2463
2464 mutex_lock(&_pwmutex);
2465 rv = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwuid", __nsdefaultcompat,
2466 &retval, uid);
2467 mutex_unlock(&_pwmutex);
2468 return (rv == NS_SUCCESS) ? retval : NULL;
2469 }
2470
2471 int
2472 getpwuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t buflen,
2473 struct passwd **result)
2474 {
2475 int r, retval;
2476
2477 static const ns_dtab dtab[] = {
2478 NS_FILES_CB(_files_getpwuid_r, NULL)
2479 NS_DNS_CB(_dns_getpwuid_r, NULL)
2480 NS_NIS_CB(_nis_getpwuid_r, NULL)
2481 NS_COMPAT_CB(_compat_getpwuid_r, NULL)
2482 { 0 }
2483 };
2484
2485 _DIAGASSERT(pwd != NULL);
2486 _DIAGASSERT(buffer != NULL);
2487 _DIAGASSERT(result != NULL);
2488
2489 *result = NULL;
2490 retval = 0;
2491 mutex_lock(&_pwmutex);
2492 r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwuid_r", __nsdefaultcompat,
2493 &retval, uid, pwd, buffer, buflen, result);
2494 mutex_unlock(&_pwmutex);
2495 switch (r) {
2496 case NS_SUCCESS:
2497 case NS_NOTFOUND:
2498 return 0;
2499 default:
2500 return retval;
2501 }
2502 }
2503
2504 void
2505 endpwent(void)
2506 {
2507 static const ns_dtab dtab[] = {
2508 NS_FILES_CB(_files_endpwent, NULL)
2509 NS_DNS_CB(_dns_endpwent, NULL)
2510 NS_NIS_CB(_nis_endpwent, NULL)
2511 NS_COMPAT_CB(_compat_endpwent, NULL)
2512 { 0 }
2513 };
2514
2515 mutex_lock(&_pwmutex);
2516 /* force all endpwent() methods */
2517 (void) nsdispatch(NULL, dtab, NSDB_PASSWD, "endpwent",
2518 __nsdefaultcompat_forceall);
2519 mutex_unlock(&_pwmutex);
2520 }
2521
2522 /*ARGSUSED*/
2523 int
2524 setpassent(int stayopen)
2525 {
2526 static const ns_dtab dtab[] = {
2527 NS_FILES_CB(_files_setpassent, NULL)
2528 NS_DNS_CB(_dns_setpassent, NULL)
2529 NS_NIS_CB(_nis_setpassent, NULL)
2530 NS_COMPAT_CB(_compat_setpassent, NULL)
2531 { 0 }
2532 };
2533 int rv, retval;
2534
2535 mutex_lock(&_pwmutex);
2536 /* force all setpassent() methods */
2537 rv = nsdispatch(NULL, dtab, NSDB_PASSWD, "setpassent",
2538 __nsdefaultcompat_forceall, &retval, stayopen);
2539 mutex_unlock(&_pwmutex);
2540 return (rv == NS_SUCCESS) ? retval : 0;
2541 }
2542
2543 void
2544 setpwent(void)
2545 {
2546 static const ns_dtab dtab[] = {
2547 NS_FILES_CB(_files_setpwent, NULL)
2548 NS_DNS_CB(_dns_setpwent, NULL)
2549 NS_NIS_CB(_nis_setpwent, NULL)
2550 NS_COMPAT_CB(_compat_setpwent, NULL)
2551 { 0 }
2552 };
2553
2554 mutex_lock(&_pwmutex);
2555 /* force all setpwent() methods */
2556 (void) nsdispatch(NULL, dtab, NSDB_PASSWD, "setpwent",
2557 __nsdefaultcompat_forceall);
2558 mutex_unlock(&_pwmutex);
2559 }
2560