summaryrefslogtreecommitdiff
path: root/src/passwd
AgeCommit message (Collapse)AuthorFilesLines
2021-04-16nscd: fall back gracefully on kernels without AF_UNIX supportJoakim Sindholt1-1/+9
2020-10-14fix getgrouplist when nscd reports an empty listRich Felker1-1/+2
commit 500c6886c654fd45e4926990fee2c61d816be197 broke this by fixing the behavior of fread to conform to the C standard; getgroupslist was assuming the old behavior, that a request to read 1 member of length 0 would return 1, not 0.
2019-05-16fix format strings for uid/gid values in putpwent/putgrentRich Felker2-2/+2
commit 648c3b4e18b2ce2b6af7d44783e42ca267ea49f5 omitted this change, which is needed to be able to use uid/gid values greater than INT_MAX with these interfaces. it fixes alpine linux bug #10460.
2018-12-28halt getspnam[_r] search on error accessing TCB shadowRich Felker1-0/+2
fallback to /etc/shadow should happen only when the entry is not found in the TCB shadow. otherwise transient errors or permission errors can cause inconsistent results.
2018-12-28don't set errno or return an error when getspnam[_r] finds no entryRich Felker2-3/+9
this case is specified as success with a null result, rather than an error, and errno is not to be set on success.
2018-09-12reduce spurious inclusion of libc.hRich Felker1-1/+1
libc.h was intended to be a header for access to global libc state and related interfaces, but ended up included all over the place because it was the way to get the weak_alias macro. most of the inclusions removed here are places where weak_alias was needed. a few were recently introduced for hidden. some go all the way back to when libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented) cancellation points had to include it. remaining spurious users are mostly callers of the LOCK/UNLOCK macros and files that use the LFS64 macro to define the awful *64 aliases. in a few places, new inclusion of libc.h is added because several internal headers no longer implicitly include libc.h. declarations for __lockfile and __unlockfile are moved from libc.h to stdio_impl.h so that the latter does not need libc.h. putting them in libc.h made no sense at all, since the macros in stdio_impl.h are needed to use them correctly anyway.
2018-09-12apply hidden visibility to various remaining internal interfacesRich Felker2-6/+6
2017-06-21fix regression in getspnam[_r] error code for insufficient buffer sizeRich Felker1-1/+1
commit 2d7d05f031e014068a61d3076c6178513395d2ae wrongly changed ERANGE to EINVAL, likely as the result of copy-and-paste error.
2017-06-15set errno when getpw*_r, getgr*_r, and getspnam_r failRich Felker3-3/+7
these functions return an error code, and are not explicitly documented to set errno, but they are nonstandard and the historical implementations do set errno as well, and some applications expect this behavior. do likewise for compatibility. patch by Rudolph Pereira.
2016-07-13revert unrelated change that slipped into last commitRich Felker1-1/+1
2016-07-13fix regression in tcsetattr on all mips archsRich Felker1-1/+1
revert commit 8c316e9e49d37ad92c2e7493e16166a2afca419f. it was wrong and does not match how the kernel API works.
2015-06-09fix spurious errors from pwd/grp functions when nscd backend is absentRich Felker1-4/+8
for several pwd/grp functions, the only way the caller can distinguish between a successful negative result ("no such user/group") and an internal error is by clearing errno before the call and checking errno afterwards. the nscd backend support code correctly simulated a not-found response on systems where such a backend is not running, but failed to restore errno. this commit also fixed an outdated/incorrect comment.
2015-05-01fix mishandling of ENOMEM return case in internal getgrent_a functionRich Felker1-1/+2
due to an incorrect return statement in this error case, the previously blocked cancellation state was not restored and no result was stored. this could lead to invalid (read) accesses in the caller resulting in crashes or nonsensical result data in the event of memory exhaustion.
2015-03-15avoid sending huge names as nscd passwd/group queriesRich Felker1-2/+3
overly long user/group names are potentially a DoS vector and source of other problems like partial writes by sendmsg, and not useful.
2015-03-15simplify nscd lookup code for alt passwd/group backendsRich Felker4-15/+15
previously, a sentinel value of (FILE *)-1 was used to inform the caller of __nscd_query that nscd is not in use. aside from being an ugly hack, this resulted in duplicate code paths for two logically equivalent cases: no nscd, and "not found" result from nscd. now, __nscd_query simply skips closing the socket and returns a valid FILE pointer when nscd is not in use, and produces a fake "not found" response header. the caller is then responsible for closing the socket just like it would do if it had gotten a real "not found" response.
2015-03-15add alternate backend support for getgrouplistJosiah Worcester2-0/+86
This completes the alternate backend support that was previously added to the getpw* and getgr* functions. Unlike those, though, it unconditionally queries nscd. Any groups from nscd that aren't in the /etc/groups file are added to the returned list, and any that are present in the file are ignored. The purpose of this behavior is to provide a view of the group database consistent with what is observed by the getgr* functions. If group memberships reported by nscd were honored when the corresponding group already has a definition in the /etc/groups file, the user's getgrouplist-based membership in the group would conflict with their non-membership in the reported gr_mem[] for the group. The changes made also make getgrouplist thread-safe and eliminate its clobbering of the global getgrent state.
2015-02-23support alternate backends for the passwd and group dbsJosiah Worcester4-2/+390
when we fail to find the entry in the commonly accepted files, we query a server over a Unix domain socket on /var/run/nscd/socket. the protocol used here is compatible with glibc's nscd protocol on most systems (all that use 32-bit numbers for all the protocol fields, which appears to be everything but Alpha).
2015-02-23fix spurious errors in refactored passwd/group codeRich Felker2-2/+2
errno was treated as the error status when the return value of getline was negative, but this condition can simply indicate EOF and is not necessarily an error. the spurious errors caused by this bug masked the bug which was fixed in commit fc5a96c9c8aa186effad7520d5df6b616bbfd29d.
2015-02-23fix crashes in refactored passwd/group codeRich Felker2-4/+4
the wrong condition was used in determining the presence of a result that needs space/copying for the _r functions. a zero return value does not necessarily mean success; it can also be a non-error negative result: no such user/group.
2015-02-13refactor group file access codeJosiah Worcester6-51/+71
this allows getgrnam and getgrgid to share code with the _r versions in preparation for alternate backend support.
2015-02-10refactor passwd file access codeJosiah Worcester6-49/+65
this allows getpwnam and getpwuid to share code with the _r versions in preparation for alternate backend support.
2015-01-21fix erroneous return of partial username matches by getspnam[_r]Rich Felker1-1/+1
when using /etc/shadow (rather than tcb) as its backend, getspnam_r matched any username starting with the caller-provided string rather than requiring an exact match. in practice this seems to have affected only systems where one valid username is a prefix for another valid username, and where the longer username appears first in the shadow file.
2013-12-12include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy4-0/+4
2013-11-24shadow: Implement fgetspentMichael Forney1-1/+10
2013-11-24shadow: Move spent parsing to internal functionMichael Forney2-31/+40
2013-11-24shadow: Implement putspentMichael Forney2-5/+13
2013-11-23putgrent: Add missing newlineMichael Forney1-0/+1
2013-11-23putgrent: Stop writing output on first failureMichael Forney1-2/+3
This way, if an fprintf fails, we get an incomplete group entry rather than a corrupted one.
2013-09-29fix off-by-one error in getgrnam_r and getgrgid_r, clobbering gr_nameRich Felker1-2/+2
bug report and patch by Michael Forney. the terminating null pointer at the end of the gr_mem array was overwriting the beginning of the string data, causing the gr_name member to always be a zero-length string.
2013-07-19change uid_t, gid_t, and id_t to unsigned typesRich Felker2-6/+20
this change is both to fix one of the remaining type (and thus C++ ABI) mismatches with glibc/LSB and to allow use of the full range of uid and gid values, if so desired. passwd/group access functions were not prepared to deal with unsigned values, so they too have been fixed with this commit.
2013-04-04add put*ent functions for passwd/group files and similar for shadowRich Felker3-0/+34
since shadow does not yet support enumeration (getspent), the corresponding FILE-based get and put versions are also subbed out for now. this is partly out of laziness and partly because it's not clear how they should work in the presence of TCB shadow files. the stubs should make it possible to compile some software that expects them to exist, but such software still may not work properly.
2013-02-17add fgetgrent functionRich Felker1-0/+9
based on patch by Isaac Dunham, moved to its own file to avoid increasing bss on static linked programs not using this nonstandard function but using the standard getgrent function, and vice versa.
2012-09-29more close-on-exec fixes, mostly using new "e" flag to fopenRich Felker5-6/+6
2012-02-01make passwd/group functions safe against cancellation in stdioRich Felker4-6/+35
these changes are a prerequisite to making stdio cancellable.
2012-01-29add fgetpwent (nonstandard function)Rich Felker1-0/+9
based on patch by Jeremy Huntwork
2011-09-27fix clobbering of errno in get(pw|gr)([ug]id|nam) by fcloseRich Felker2-0/+12
2011-09-21protect against/handle cancellation reading shadow passwordsRich Felker1-1/+11
2011-06-30fix buffer overrun in getgrent code when there are no group membersRich Felker1-4/+8
2011-06-08it's called getgrgid_r, not getgruid_r...Rich Felker1-1/+1
2011-04-20shadow password fixes: empty fields should read as -1 not 0Rich Felker1-7/+13
2011-02-14guard against hard links to non-ordinary-files when reading tcb shadowRich Felker1-2/+4
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker11-0/+404