summaryrefslogtreecommitdiff
path: root/src/passwd
diff options
context:
space:
mode:
authorJosiah Worcester <josiahw@gmail.com>2015-03-15 19:20:53 -0500
committerRich Felker <dalias@aerifal.cx>2015-03-15 22:32:22 -0400
commit2894a44b40e460fc4112988407818439f2e9672d (patch)
treeed88ad3753488b9b1ff43fdbc2a1c67876735f73 /src/passwd
parent962cbfbf864a50aaf88bc59e5c7cf0b664ff599a (diff)
downloadmusl-2894a44b40e460fc4112988407818439f2e9672d.tar.gz
musl-2894a44b40e460fc4112988407818439f2e9672d.tar.bz2
musl-2894a44b40e460fc4112988407818439f2e9672d.tar.xz
musl-2894a44b40e460fc4112988407818439f2e9672d.zip
add alternate backend support for getgrouplist
This completes the alternate backend support that was previously added to the getpw* and getgr* functions. Unlike those, though, it unconditionally queries nscd. Any groups from nscd that aren't in the /etc/groups file are added to the returned list, and any that are present in the file are ignored. The purpose of this behavior is to provide a view of the group database consistent with what is observed by the getgr* functions. If group memberships reported by nscd were honored when the corresponding group already has a definition in the /etc/groups file, the user's getgrouplist-based membership in the group would conflict with their non-membership in the reported gr_mem[] for the group. The changes made also make getgrouplist thread-safe and eliminate its clobbering of the global getgrent state.
Diffstat (limited to 'src/passwd')
-rw-r--r--src/passwd/getgrouplist.c80
-rw-r--r--src/passwd/nscd.h6
2 files changed, 86 insertions, 0 deletions
diff --git a/src/passwd/getgrouplist.c b/src/passwd/getgrouplist.c
new file mode 100644
index 00000000..0fddc9a1
--- /dev/null
+++ b/src/passwd/getgrouplist.c
@@ -0,0 +1,80 @@
+#define _GNU_SOURCE
+#include "pwf.h"
+#include <grp.h>
+#include <string.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <byteswap.h>
+#include <errno.h>
+#include "nscd.h"
+
+int getgrouplist(const char *user, gid_t gid, gid_t *groups, int *ngroups)
+{
+ int rv, nlim, ret = -1;
+ ssize_t i, n = 1;
+ struct group gr;
+ struct group *res;
+ FILE *f;
+ int swap = 0;
+ int32_t resp[INITGR_LEN];
+ uint32_t *nscdbuf = 0;
+ char *buf = 0;
+ char **mem = 0;
+ size_t nmem = 0;
+ size_t size;
+ nlim = *ngroups;
+ if (nlim >= 1) *groups++ = gid;
+
+ f = __nscd_query(GETINITGR, user, resp, sizeof resp, &swap);
+ if (!f) goto cleanup;
+ if (f != (FILE*)-1 && resp[INITGRFOUND]) {
+ nscdbuf = calloc(resp[INITGRNGRPS], sizeof(uint32_t));
+ if (!nscdbuf) goto cleanup;
+ if (!fread(nscdbuf, sizeof(*nscdbuf)*resp[INITGRNGRPS], 1, f)) {
+ if (!ferror(f)) errno = EIO;
+ goto cleanup;
+ }
+ if (swap) {
+ for (i = 0; i < resp[INITGRNGRPS]; i++)
+ nscdbuf[i] = bswap_32(nscdbuf[i]);
+ }
+ }
+ if (f != (FILE*)-1) fclose(f);
+
+ f = fopen("/etc/group", "rbe");
+ if (!f && errno != ENOENT && errno != ENOTDIR)
+ goto cleanup;
+
+ if (f) {
+ while (!(rv = __getgrent_a(f, &gr, &buf, &size, &mem, &nmem, &res)) && res) {
+ if (nscdbuf)
+ for (i=0; i < resp[INITGRNGRPS]; i++) {
+ if (nscdbuf[i] == gr.gr_gid) nscdbuf[i] = gid;
+ }
+ for (i=0; gr.gr_mem[i] && strcmp(user, gr.gr_mem[i]); i++);
+ if (!gr.gr_mem[i]) continue;
+ if (++n <= nlim) *groups++ = gr.gr_gid;
+ }
+ if (rv) {
+ errno = rv;
+ goto cleanup;
+ }
+ }
+ if (nscdbuf) {
+ for(i=0; i < resp[INITGRNGRPS]; i++) {
+ if (nscdbuf[i] != gid)
+ if(++n <= nlim) *groups++ = nscdbuf[i];
+ }
+ }
+
+ ret = n > nlim ? -1 : n;
+ *ngroups = n;
+
+cleanup:
+ if (f) fclose(f);
+ free(nscdbuf);
+ free(buf);
+ free(mem);
+ return ret;
+}
diff --git a/src/passwd/nscd.h b/src/passwd/nscd.h
index 102f0b4b..9a53c328 100644
--- a/src/passwd/nscd.h
+++ b/src/passwd/nscd.h
@@ -8,6 +8,7 @@
#define GETPWBYUID 1
#define GETGRBYNAME 2
#define GETGRBYGID 3
+#define GETINITGR 15
#define REQVERSION 0
#define REQTYPE 1
@@ -33,6 +34,11 @@
#define GRMEMCNT 5
#define GR_LEN 6
+#define INITGRVERSION 0
+#define INITGRFOUND 1
+#define INITGRNGRPS 2
+#define INITGR_LEN 3
+
FILE *__nscd_query(int32_t req, const char *key, int32_t *buf, size_t len, int *swap);
#endif