1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  *	getgrent.c
23  *
24  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  *
27  * lib/nsswitch/compat/getgrent.c -- name-service-switch backend for getgrnam()
28  *   et al that does 4.x compatibility.  It looks in /etc/group; if it finds
29  *   group entries there that begin with "+" or "-", it consults other
30  *   services.  By default it uses NIS (YP), but the user can override this
31  *   with a "group_compat" entry in /etc/nsswitch.conf, e.g.
32  *			group_compat: ldap
33  *
34  * This code tries to produce the same results as the 4.x code, even when
35  *   the latter seems ill thought-out.  Bug-compatible, in other words.
36  *   Though we do try to be more reasonable about the format of "+" and "-"
37  *   entries here, i.e. you don't have to pad them with spurious colons and
38  *   bogus uid/gid values.
39  *
40  * Caveats:
41  *    -	More than one source may be specified, with the usual switch semantics,
42  *	but having multiple sources here is definitely odd.
43  *    -	People who recursively specify "compat" deserve what they get.
44  */
45 
46 #include <grp.h>
47 #include <stdlib.h>
48 #include <unistd.h>		/* for GF_PATH */
49 #include <strings.h>
50 #include "compat_common.h"
51 
52 static DEFINE_NSS_DB_ROOT(db_root);
53 
54 static void
_nss_initf_group_compat(p)55 _nss_initf_group_compat(p)
56 	nss_db_params_t	*p;
57 {
58 	p->name		  = NSS_DBNAM_GROUP;
59 	p->config_name	  = NSS_DBNAM_GROUP_COMPAT;
60 	p->default_config = NSS_DEFCONF_GROUP_COMPAT;
61 }
62 
63 /*
64  * Validates group entry replacing gid > MAXUID by GID_NOBODY.
65  */
66 int
validate_group_ids(char * line,int * linelenp,int buflen,int extra_chars)67 validate_group_ids(char *line, int *linelenp, int buflen, int extra_chars)
68 {
69 	char	*linep, *limit, *gidp;
70 	ulong_t	gid;
71 	int	oldgidlen, idlen;
72 	int	linelen = *linelenp, newlinelen;
73 
74 	if (linelen == 0 || *line == '+' || *line == '-')
75 		return (NSS_STR_PARSE_SUCCESS);
76 
77 	linep = line;
78 	limit = line + linelen;
79 
80 	while (linep < limit && *linep++ != ':') /* skip groupname */
81 		continue;
82 	while (linep < limit && *linep++ != ':') /* skip password */
83 		continue;
84 	if (linep == limit)
85 		return (NSS_STR_PARSE_PARSE);
86 
87 	gidp = linep;
88 	gid = strtoul(gidp, (char **)&linep, 10); /* grab gid */
89 	oldgidlen = linep - gidp;
90 	if (linep >= limit || oldgidlen == 0)
91 		return (NSS_STR_PARSE_PARSE);
92 
93 	if (gid <= MAXUID)
94 		return (NSS_STR_PARSE_SUCCESS);
95 
96 	idlen = snprintf(NULL, 0, "%u", GID_NOBODY);
97 	newlinelen = linelen + idlen - oldgidlen;
98 	if (newlinelen + extra_chars > buflen)
99 		return (NSS_STR_PARSE_ERANGE);
100 
101 	(void) bcopy(linep, gidp + idlen, limit - linep + extra_chars);
102 	(void) snprintf(gidp, idlen + 1, "%u", GID_NOBODY);
103 	*(gidp + idlen) = ':';
104 	*linelenp = newlinelen;
105 	return (NSS_STR_PARSE_SUCCESS);
106 }
107 
108 static const char *
get_grname(argp)109 get_grname(argp)
110 	nss_XbyY_args_t		*argp;
111 {
112 	struct group		*g = (struct group *)argp->returnval;
113 
114 	return (g->gr_name);
115 }
116 
117 static int
check_grname(argp)118 check_grname(argp)
119 	nss_XbyY_args_t		*argp;
120 {
121 	struct group		*g = (struct group *)argp->returnval;
122 
123 	return (strcmp(g->gr_name, argp->key.name) == 0);
124 }
125 
126 static nss_status_t
getbyname(be,a)127 getbyname(be, a)
128 	compat_backend_ptr_t	be;
129 	void			*a;
130 {
131 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
132 
133 	return (_nss_compat_XY_all(be, argp, check_grname,
134 				NSS_DBOP_GROUP_BYNAME));
135 }
136 
137 static int
check_grgid(argp)138 check_grgid(argp)
139 	nss_XbyY_args_t		*argp;
140 {
141 	struct group		*g = (struct group *)argp->returnval;
142 
143 	return (g->gr_gid == argp->key.gid);
144 }
145 
146 static nss_status_t
getbygid(be,a)147 getbygid(be, a)
148 	compat_backend_ptr_t	be;
149 	void			*a;
150 {
151 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
152 
153 	if (argp->key.gid > MAXUID)
154 		return (NSS_NOTFOUND);
155 	return (_nss_compat_XY_all(be, argp, check_grgid,
156 				NSS_DBOP_GROUP_BYGID));
157 }
158 
159 static nss_status_t
getbymember(be,a)160 getbymember(be, a)
161 	compat_backend_ptr_t	be;
162 	void			*a;
163 {
164 	struct nss_groupsbymem	*argp = (struct nss_groupsbymem *)a;
165 	int			numgids = argp->numgids;
166 	int			maxgids = argp->maxgids;
167 	gid_t			*gid_array = argp->gid_array;
168 	struct nss_XbyY_args	grargs;
169 	struct group		*g;
170 	nss_XbyY_buf_t	*gb = NULL, *b = NULL;
171 
172 	/*
173 	 * Generic implementation:  enumerate using getent(), then check each
174 	 *   group returned by getent() to see whether it contains the user.
175 	 *   There are much faster ways, but at least this one gets the right
176 	 *   answer.
177 	 */
178 	if (numgids >= maxgids) {
179 		/* full gid_array;  nobody should have bothered to call us */
180 		return (NSS_SUCCESS);
181 	}
182 
183 	b = NSS_XbyY_ALLOC(&gb, sizeof (struct group), NSS_BUFLEN_GROUP);
184 	if (b == 0)
185 		return (NSS_UNAVAIL);
186 
187 	NSS_XbyY_INIT(&grargs, gb->result, gb->buffer, gb->buflen,
188 		argp->str2ent);
189 	g = (struct group *)gb->result;
190 
191 	(void) _nss_compat_setent(be, 0);
192 	while (_nss_compat_getent(be, &grargs) == NSS_SUCCESS) {
193 		char		**mem;
194 
195 		if (grargs.returnval == 0) {
196 			continue;
197 		}
198 		for (mem = g->gr_mem;  *mem != 0;  mem++) {
199 			if (strcmp(*mem, argp->username) == 0) {
200 				int	gid = g->gr_gid;
201 				int	i;
202 				for (i = 0;  i < numgids;  i++) {
203 					if (gid == gid_array[i]) {
204 						break;
205 					}
206 				}
207 				if (i == numgids) {
208 					gid_array[numgids++] = gid;
209 					argp->numgids = numgids;
210 					if (numgids >= maxgids) {
211 						/* filled the gid_array */
212 						(void) _nss_compat_endent(be,
213 								0);
214 						NSS_XbyY_FREE(&gb);
215 						return (NSS_SUCCESS);
216 					}
217 					/* Done with this group, try next */
218 					break;
219 				}
220 			}
221 		}
222 	}
223 	(void) _nss_compat_endent(be, 0);
224 	NSS_XbyY_FREE(&gb);
225 	return (NSS_NOTFOUND);	/* Really means "gid_array not full yet" */
226 }
227 
228 /*ARGSUSED*/
229 static int
merge_grents(be,argp,fields)230 merge_grents(be, argp, fields)
231 	compat_backend_ptr_t	be;
232 	nss_XbyY_args_t		*argp;
233 	const char		**fields;
234 {
235 	struct group		*g	= (struct group *)argp->buf.result;
236 	char			*buf;
237 	char			*s;
238 	int			parsestat;
239 	int			dlen;
240 
241 	/*
242 	 * We're allowed to override the passwd (has anyone ever actually used
243 	 *   the passwd in a group entry?) and the membership list, but not
244 	 *   the groupname or the gid.
245 	 * That's what the SunOS 4.x code did;  who are we to question it...
246 	 *
247 	 * Efficiency is heartlessly abandoned in the quest for simplicity.
248 	 */
249 	if (fields[1] == 0 && fields[3] == 0 &&
250 			be->return_string_data != 1) {
251 		/* No legal overrides, leave *argp unscathed */
252 		return (NSS_STR_PARSE_SUCCESS);
253 	}
254 	if ((buf = malloc(NSS_LINELEN_GROUP)) == 0) {
255 		return (NSS_STR_PARSE_PARSE);
256 		/* Really "out of memory", but PARSE_PARSE will have to do */
257 	}
258 	s = buf;
259 	(void) snprintf(s, NSS_LINELEN_GROUP, "%s:%s:%u:",
260 		g->gr_name,
261 		fields[1] != 0 ? fields[1] : g->gr_passwd,
262 		g->gr_gid);
263 	s += strlen(s);
264 	if (fields[3] != 0) {
265 		(void) strcpy(s, fields[3]);
266 		s += strlen(s);
267 	} else {
268 		char	**memp;
269 
270 		for (memp = g->gr_mem;  *memp != 0;  memp++) {
271 			size_t	len = strlen(*memp);
272 			if (s + len + 1 <= buf + NSS_LINELEN_GROUP) {
273 				if (memp != g->gr_mem) {
274 					*s++ = ',';
275 				}
276 				(void) memcpy(s, *memp, len);
277 				s += len;
278 			} else {
279 				free(buf);
280 				return (NSS_STR_PARSE_ERANGE);
281 			}
282 		}
283 	}
284 
285 	dlen = s - buf;
286 
287 	/*
288 	 * if asked, return the data in /etc file format
289 	 */
290 	if (be->return_string_data == 1) {
291 		/* reset the result ptr to the original value */
292 		argp->buf.result = NULL;
293 
294 		if (dlen > argp->buf.buflen) {
295 			parsestat = NSS_STR_PARSE_ERANGE;
296 		} else {
297 			(void) strncpy(argp->buf.buffer, buf, dlen);
298 			argp->returnval = argp->buf.buffer;
299 			argp->returnlen = dlen;
300 			parsestat = NSS_SUCCESS;
301 		}
302 	} else {
303 		parsestat = (*argp->str2ent)(buf, dlen,
304 				    argp->buf.result,
305 				    argp->buf.buffer,
306 				    argp->buf.buflen);
307 	}
308 
309 	free(buf);
310 	return (parsestat);
311 }
312 
313 static compat_backend_op_t group_ops[] = {
314 	_nss_compat_destr,
315 	_nss_compat_endent,
316 	_nss_compat_setent,
317 	_nss_compat_getent,
318 	getbyname,
319 	getbygid,
320 	getbymember
321 };
322 
323 /*ARGSUSED*/
324 nss_backend_t *
_nss_compat_group_constr(dummy1,dummy2,dummy3)325 _nss_compat_group_constr(dummy1, dummy2, dummy3)
326 	const char	*dummy1, *dummy2, *dummy3;
327 {
328 	return (_nss_compat_constr(group_ops,
329 				sizeof (group_ops) / sizeof (group_ops[0]),
330 				GF_PATH,
331 				NSS_LINELEN_GROUP,
332 				&db_root,
333 				_nss_initf_group_compat,
334 				0,
335 				get_grname,
336 				merge_grents));
337 }
338