X-Git-Url: http://andersk.mit.edu/gitweb/nss_nonlocal.git/blobdiff_plain/f690366765c39b7177ef677cce8f6f62744e604b..f4061d470dcb3543e35a447e4613ac890eb05f36:/nonlocal-passwd.c diff --git a/nonlocal-passwd.c b/nonlocal-passwd.c index cebc819..bd9d9ad 100644 --- a/nonlocal-passwd.c +++ b/nonlocal-passwd.c @@ -2,27 +2,25 @@ * nonlocal-passwd.c * passwd database for nss_nonlocal proxy. * - * Copyright © 2007 Anders Kaseorg + * Copyright © 2007–2010 Anders Kaseorg and Tim + * Abbott * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: + * This file is part of nss_nonlocal. * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. + * nss_nonlocal is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. + * nss_nonlocal is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with nss_nonlocal; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA */ @@ -43,6 +41,14 @@ #include "nonlocal.h" +enum nss_status +_nss_nonlocal_getpwuid_r(uid_t uid, struct passwd *pwd, + char *buffer, size_t buflen, int *errnop); +enum nss_status +_nss_nonlocal_getpwnam_r(const char *name, struct passwd *pwd, + char *buffer, size_t buflen, int *errnop); + + static service_user * nss_passwd_nonlocal_database(void) { @@ -54,57 +60,145 @@ nss_passwd_nonlocal_database(void) } -static __thread int local_only = 0; - enum nss_status -local_getpwuid_r(uid_t uid, struct passwd *pwd, - char *buffer, size_t buflen, int *errnop) +check_nonlocal_uid(const char *user, uid_t uid, int *errnop) { - int old_local_only = local_only; + static const char *fct_name = "getpwuid_r"; + static service_user *startp = NULL; + static void *fct_start = NULL; + enum nss_status status; + service_user *nip; + union { + enum nss_status (*l)(uid_t uid, struct passwd *pwd, + char *buffer, size_t buflen, int *errnop); + void *ptr; + } fct; + struct passwd pwbuf; int old_errno = errno; - int ret; - errno = *errnop; - local_only = 1; - ret = getpwuid_r(uid, pwd, buffer, buflen, &pwd); - - local_only = old_local_only; - *errnop = errno; + size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); + char *buf = malloc(buflen); errno = old_errno; - - if (pwd != NULL) - return NSS_STATUS_SUCCESS; - else if (ret == 0) - return NSS_STATUS_NOTFOUND; - else + if (buf == NULL) { + *errnop = ENOMEM; return NSS_STATUS_TRYAGAIN; + } + + if (fct_start == NULL && + __nss_passwd_lookup(&startp, fct_name, &fct_start) != 0) { + free(buf); + return NSS_STATUS_UNAVAIL; + } + nip = startp; + fct.ptr = fct_start; + do { + morebuf: + if (fct.l == _nss_nonlocal_getpwuid_r) + status = NSS_STATUS_NOTFOUND; + else + status = DL_CALL_FCT(fct.l, (uid, &pwbuf, buf, buflen, errnop)); + if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { + free(buf); + buflen *= 2; + buf = malloc(buflen); + errno = old_errno; + if (buf == NULL) { + *errnop = ENOMEM; + return NSS_STATUS_TRYAGAIN; + } + goto morebuf; + } + } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); + + if (status == NSS_STATUS_SUCCESS) { + syslog(LOG_ERR, "nss_nonlocal: possible spoofing attack: non-local user %s has same UID as local user %s!\n", user, pwbuf.pw_name); + status = NSS_STATUS_NOTFOUND; + } else if (status != NSS_STATUS_TRYAGAIN) { + status = NSS_STATUS_SUCCESS; + } + + free(buf); + return status; } enum nss_status -check_nonlocal_uid(const char *user, uid_t uid, int *errnop) +check_nonlocal_passwd(const char *user, struct passwd *pwd, int *errnop) +{ + enum nss_status status = NSS_STATUS_SUCCESS; + int old_errno = errno; + char *end; + unsigned long uid; + + errno = 0; + uid = strtoul(pwd->pw_name, &end, 10); + if (errno == 0 && *end == '\0' && (uid_t)uid == uid) { + errno = old_errno; + status = check_nonlocal_uid(user, uid, errnop); + } else { + errno = old_errno; + } + if (status != NSS_STATUS_SUCCESS) + return status; + + return check_nonlocal_uid(user, pwd->pw_uid, errnop); +} + +enum nss_status +check_nonlocal_user(const char *user, int *errnop) { - struct passwd local_pwd; - int local_errno = errno; - enum nss_status local_status, status = NSS_STATUS_SUCCESS; - int local_buflen = sysconf(_SC_GETPW_R_SIZE_MAX); - char *local_buffer = malloc(local_buflen); - if (local_buffer == NULL) { + static const char *fct_name = "getpwnam_r"; + static service_user *startp = NULL; + static void *fct_start = NULL; + enum nss_status status; + service_user *nip; + union { + enum nss_status (*l)(const char *name, struct passwd *pwd, + char *buffer, size_t buflen, int *errnop); + void *ptr; + } fct; + struct passwd pwbuf; + int old_errno = errno; + + size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); + char *buf = malloc(buflen); + errno = old_errno; + if (buf == NULL) { *errnop = ENOMEM; - errno = local_errno; return NSS_STATUS_TRYAGAIN; } - local_errno = 0; - local_status = local_getpwuid_r(uid, &local_pwd, local_buffer, - local_buflen, &local_errno); - if (local_status == NSS_STATUS_SUCCESS) { - syslog(LOG_ERR, "nss_nonlocal: possible spoofing attack: non-local user %s has same UID as local user %s!\n", user, local_pwd.pw_name); - status = NSS_STATUS_NOTFOUND; - } else if (local_status != NSS_STATUS_NOTFOUND && - local_status != NSS_STATUS_UNAVAIL) { - *errnop = local_errno; - status = local_status; + + if (fct_start == NULL && + __nss_passwd_lookup(&startp, fct_name, &fct_start) != 0) { + free(buf); + return NSS_STATUS_UNAVAIL; } - free(local_buffer); + nip = startp; + fct.ptr = fct_start; + do { + morebuf: + if (fct.l == _nss_nonlocal_getpwnam_r) + status = NSS_STATUS_NOTFOUND; + else + status = DL_CALL_FCT(fct.l, (user, &pwbuf, buf, buflen, errnop)); + if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { + free(buf); + buflen *= 2; + buf = malloc(buflen); + errno = old_errno; + if (buf == NULL) { + *errnop = ENOMEM; + return NSS_STATUS_TRYAGAIN; + } + goto morebuf; + } + } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); + + if (status == NSS_STATUS_SUCCESS) + status = NSS_STATUS_NOTFOUND; + else if (status != NSS_STATUS_TRYAGAIN) + status = NSS_STATUS_SUCCESS; + + free(buf); return status; } @@ -186,6 +280,11 @@ _nss_nonlocal_getpwent_r(struct passwd *pwd, char *buffer, size_t buflen, int *errnop) { enum nss_status status; + + char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV); + if (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0') + return NSS_STATUS_UNAVAIL; + if (pwent_nip == NULL) { status = _nss_nonlocal_setpwent(0); if (status != NSS_STATUS_SUCCESS) @@ -197,9 +296,9 @@ _nss_nonlocal_getpwent_r(struct passwd *pwd, char *buffer, size_t buflen, else { int nonlocal_errno; do - status = DL_CALL_FCT(pwent_fct.l, (pwd, buffer, buflen, errnop)); + status = DL_CALL_FCT(pwent_fct.l, (pwd, buffer, buflen, errnop)); while (status == NSS_STATUS_SUCCESS && - check_nonlocal_uid(pwd->pw_name, pwd->pw_uid, &nonlocal_errno) != NSS_STATUS_SUCCESS); + check_nonlocal_passwd(pwd->pw_name, pwd, &nonlocal_errno) != NSS_STATUS_SUCCESS); } if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) return status; @@ -228,6 +327,10 @@ _nss_nonlocal_getpwnam_r(const char *name, struct passwd *pwd, } fct; int group_errno; + char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV); + if (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0') + return NSS_STATUS_UNAVAIL; + nip = nss_passwd_nonlocal_database(); if (nip == NULL) return NSS_STATUS_UNAVAIL; @@ -245,7 +348,12 @@ _nss_nonlocal_getpwnam_r(const char *name, struct passwd *pwd, if (status != NSS_STATUS_SUCCESS) return status; - status = check_nonlocal_uid(name, pwd->pw_uid, errnop); + if (strcmp(name, pwd->pw_name) != 0) { + syslog(LOG_ERR, "nss_nonlocal: discarding user %s from lookup for user %s\n", pwd->pw_name, name); + return NSS_STATUS_NOTFOUND; + } + + status = check_nonlocal_passwd(name, pwd, errnop); if (status != NSS_STATUS_SUCCESS) return status; @@ -270,7 +378,8 @@ _nss_nonlocal_getpwuid_r(uid_t uid, struct passwd *pwd, } fct; int group_errno; - if (local_only == 1) + char *nonlocal_ignore = getenv(NONLOCAL_IGNORE_ENV); + if (nonlocal_ignore != NULL && nonlocal_ignore[0] != '\0') return NSS_STATUS_UNAVAIL; nip = nss_passwd_nonlocal_database(); @@ -290,7 +399,12 @@ _nss_nonlocal_getpwuid_r(uid_t uid, struct passwd *pwd, if (status != NSS_STATUS_SUCCESS) return status; - status = check_nonlocal_uid(pwd->pw_name, pwd->pw_uid, errnop); + if (uid != pwd->pw_uid) { + syslog(LOG_ERR, "nss_nonlocal: discarding uid %d from lookup for uid %d\n", pwd->pw_uid, uid); + return NSS_STATUS_NOTFOUND; + } + + status = check_nonlocal_passwd(pwd->pw_name, pwd, errnop); if (status != NSS_STATUS_SUCCESS) return status;