]> andersk Git - nss_nonlocal.git/blame - nonlocal-shadow.c
andersk / nss_nonlocal.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Version 2.2
[nss_nonlocal.git] / nonlocal-shadow.c
CommitLineData
f6903667
AK		 1/*
2 * nonlocal-shadow.c
3 * shadow database for nss_nonlocal proxy.
4 *
96a1ee0f 5 * Copyright © 2007–2010 Anders Kaseorg <andersk@mit.edu>
f6903667 6 *
96a1ee0f 7 * This file is part of nss_nonlocal.
f6903667 8 *
96a1ee0f
AK		 9 * nss_nonlocal is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
f6903667 13 *
96a1ee0f
AK		 14 * nss_nonlocal is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with nss_nonlocal; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
22 * 02110-1301 USA
f6903667
AK		 23 */
24
25#define _GNU_SOURCE
dc397f8f 26
f6903667 27#include <sys/types.h>
f6903667 28#include <dlfcn.h>
f6903667 29#include <errno.h>
f6903667 30#include <nss.h>
dc397f8f
AK		 31#include <shadow.h>
32#include <stdbool.h>
33#include <stddef.h>
34#include <stdlib.h>
35#include <string.h>
36#include <syslog.h>
f6903667
AK		 37
38#include "nsswitch-internal.h"
39#include "nonlocal.h"
40
41
cbb0e3ea
AK		 42static service_user *__nss_shadow_nonlocal_database;
43
44static int
45internal_function
d52c3f35
AK		 46__nss_shadow_nonlocal_lookup2(service_user **ni, const char *fct_name,
47 const char *fct2_name, void **fctp)
f6903667 48{
cbb0e3ea
AK		 49 if (__nss_shadow_nonlocal_database == NULL
50 && __nss_database_lookup("shadow_nonlocal", NULL, NULL,
51 &__nss_shadow_nonlocal_database) < 0)
52 return -1;
53
54 *ni = __nss_shadow_nonlocal_database;
f6903667 55
cbb0e3ea 56 *fctp = __nss_lookup_function(*ni, fct_name);
d52c3f35
AK		 57 if (*fctp == NULL && fct2_name != NULL)
58 *fctp = __nss_lookup_function(*ni, fct2_name);
cbb0e3ea 59 return 0;
f6903667
AK		 60}
61
62
48939704 63static bool spent_initialized = false;
cbb0e3ea 64static service_user *spent_startp, *spent_nip;
f6903667
AK		 65static void *spent_fct_start;
66static union {
67 enum nss_status (*l)(struct spwd *pwd, char *buffer, size_t buflen,
68 int *errnop);
69 void *ptr;
70} spent_fct;
71static const char *spent_fct_name = "getspent_r";
72
73enum nss_status
74_nss_nonlocal_setspent(int stayopen)
75{
f6903667 76 enum nss_status status;
cbb0e3ea 77 const struct walk_nss w = {
d52c3f35 78 .lookup2 = &__nss_shadow_nonlocal_lookup2, .fct_name = "setspent",
cbb0e3ea
AK		 79 .status = &status
80 };
81 const __typeof__(&_nss_nonlocal_setspent) self = NULL;
82#define args (stayopen)
83#include "walk_nss.h"
84#undef args
f6903667
AK		 85 if (status != NSS_STATUS_SUCCESS)
86 return status;
87
48939704 88 if (!spent_initialized) {
d52c3f35
AK		 89 __nss_shadow_nonlocal_lookup2(&spent_startp, spent_fct_name, NULL,
90 &spent_fct_start);
48939704
AK		 91 __sync_synchronize();
92 spent_initialized = true;
93 }
cbb0e3ea 94 spent_nip = spent_startp;
f6903667
AK		 95 spent_fct.ptr = spent_fct_start;
96 return NSS_STATUS_SUCCESS;
97}
98
99enum nss_status
100_nss_nonlocal_endspent(void)
101{
f6903667 102 enum nss_status status;
cbb0e3ea 103 const struct walk_nss w = {
d52c3f35 104 .lookup2 = &__nss_shadow_nonlocal_lookup2, .fct_name = "endspent",
cbb0e3ea
AK		 105 .status = &status
106 };
107 const __typeof__(&_nss_nonlocal_endspent) self = NULL;
f6903667
AK		 108
109 spent_nip = NULL;
110
cbb0e3ea
AK		 111#define args ()
112#include "walk_nss.h"
113#undef args
f6903667
AK		 114 return status;
115}
116
117enum nss_status
118_nss_nonlocal_getspent_r(struct spwd *pwd, char *buffer, size_t buflen,
119 int *errnop)
120{
121 enum nss_status status;
9cd080be
AK		 122
123 char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV);
124 if (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0')
125 return NSS_STATUS_UNAVAIL;
126
f6903667
AK		 127 if (spent_nip == NULL) {
128 status = _nss_nonlocal_setspent(0);
129 if (status != NSS_STATUS_SUCCESS)
130 return status;
131 }
132 do {
133 if (spent_fct.ptr == NULL)
134 status = NSS_STATUS_UNAVAIL;
135 else
136 status = DL_CALL_FCT(spent_fct.l, (pwd, buffer, buflen, errnop));
137 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
138 return status;
139
140 if (status == NSS_STATUS_SUCCESS)
141 return NSS_STATUS_SUCCESS;
d52c3f35
AK		 142 } while (__nss_next2(&spent_nip, spent_fct_name, NULL, &spent_fct.ptr,
143 status, 0) == 0);
f6903667
AK		 144
145 spent_nip = NULL;
146 return NSS_STATUS_NOTFOUND;
147}
148
149
150enum nss_status
151_nss_nonlocal_getspnam_r(const char *name, struct spwd *pwd,
152 char *buffer, size_t buflen, int *errnop)
153{
f6903667 154 enum nss_status status;
cbb0e3ea 155 const struct walk_nss w = {
d52c3f35 156 .lookup2 = __nss_shadow_nonlocal_lookup2, .fct_name = "getspnam_r",
cbb0e3ea
AK		 157 .status = &status, .errnop = errnop
158 };
159 const __typeof__(&_nss_nonlocal_getspnam_r) self = NULL;
160#define args (name, pwd, buffer, buflen, errnop)
161#include "walk_nss.h"
162#undef args
22562df0
AK		 163 if (status != NSS_STATUS_SUCCESS)
164 return status;
165
166 if (strcmp(name, pwd->sp_namp) != 0) {
167 syslog(LOG_ERR, "nss_nonlocal: discarding shadow %s from lookup for shadow %s\n", pwd->sp_namp, name);
168 return NSS_STATUS_NOTFOUND;
169 }
170
171 return NSS_STATUS_SUCCESS;
f6903667 172}
nss_nonlocal, an nsswitch proxy module to prevent local account spoofing
This page took 0.749587 seconds and 6 git commands to generate.