/* netgroup.c - NSS lookup functions for netgroup entries Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008, 2010 Arthur de Jong Copyright (C) 2010 Symas Corporation This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include "prototypes.h" #include "common.h" #include "compat/attrs.h" /* we redefine this here because we need to return NSS_STATUS_RETURN instead of NSS_STATUS_NOTFOUND */ #undef ERROR_OUT_NOSUCCESS #define ERROR_OUT_NOSUCCESS(fp) \ (void)tio_close(fp); \ fp=NULL; \ return NSS_STATUS_RETURN; /* function for reading a single result entry */ static nss_status_t read_netgrent( TFILE *fp,struct __netgrent *result, char *buffer,size_t buflen,int *errnop) { int32_t tmpint32; int type; size_t bufptr=0; /* read netgroup type */ READ_INT32(fp,type); if (type==NSLCD_NETGROUP_TYPE_NETGROUP) { /* the response is a reference to another netgroup */ result->type=group_val; READ_BUF_STRING(fp,result->val.group); } else if (type==NSLCD_NETGROUP_TYPE_TRIPLE) { /* the response is a host/user/domain triple */ result->type=triple_val; /* read host and revert to NULL on empty string */ READ_BUF_STRING(fp,result->val.triple.host); if (result->val.triple.host[0]=='\0') { result->val.triple.host=NULL; bufptr--; /* free unused space */ } /* read user and revert to NULL on empty string */ READ_BUF_STRING(fp,result->val.triple.user); if (result->val.triple.user[0]=='\0') { result->val.triple.user=NULL; bufptr--; /* free unused space */ } /* read domain and revert to NULL on empty string */ READ_BUF_STRING(fp,result->val.triple.domain); if (result->val.triple.domain[0]=='\0') { result->val.triple.domain=NULL; bufptr--; /* free unused space */ } } else return NSS_STATUS_UNAVAIL; /* we're done */ return NSS_STATUS_SUCCESS; } #ifdef NSS_FLAVOUR_GLIBC /* thread-local file pointer to an ongoing request */ static __thread TFILE *netgrentfp; /* start a request to get a netgroup by name */ nss_status_t _nss_ldap_setnetgrent( const char *group,struct __netgrent UNUSED(*result)) { /* we cannot use NSS_SETENT() here because we have a parameter that is only available in this function */ int32_t tmpint32; int errnocp; int *errnop; if (!_nss_ldap_enablelookups) return NSS_STATUS_UNAVAIL; errnop=&errnocp; /* check parameter */ if ((group==NULL)||(group[0]=='\0')) return NSS_STATUS_UNAVAIL; /* open a new stream and write the request */ NSLCD_REQUEST(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME,WRITE_STRING(netgrentfp,group)); return NSS_STATUS_SUCCESS; } /* get a single netgroup tuple from the stream */ nss_status_t _nss_ldap_getnetgrent_r( struct __netgrent *result, char *buffer,size_t buflen,int *errnop) { NSS_GETENT(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME, read_netgrent(netgrentfp,result,buffer,buflen,errnop)); } /* close the stream opened with setnetgrent() above */ nss_status_t _nss_ldap_endnetgrent(struct __netgrent UNUSED(*result)) { NSS_ENDENT(netgrentfp); } #endif /* NSS_FLAVOUR_GLIBC */ #ifdef NSS_FLAVOUR_SOLARIS /* *thread specific context: result chain,and state data */ struct ent_context { void *first_entry; void *curr_entry; }; typedef struct ent_context ent_context_t; struct nss_ldap_netgr_backend { nss_backend_op_t *ops; int n_ops; ent_context_t *state; struct name_list *known_groups; /* netgroups seen, for loop detection */ struct name_list *needed_groups; /* nested netgroups to chase */ }; typedef struct nss_ldap_netgr_backend nss_ldap_netgr_backend_t; static nss_status_t _xnss_ldap_setnetgrent(nss_backend_t UNUSED(*be),void UNUSED(*args)) { return NSS_STATUS_SUCCESS; } /* find a netgroup that has not been traversed */ static char *_nss_ldap_chase_netgroup(nss_ldap_netgr_backend_t *ngbe) { nss_status_t status; char *group=NULL; int found=0; if (!ngbe->needed_groups) { /* exhausted all netgroups */ return NULL; } while (ngbe->needed_groups&&!found) { if (_nss_ldap_namelist_find(ngbe->known_groups, ngbe->needed_groups->name)) { /* netgroup seen before,ignore it */ _nss_ldap_namelist_pop(&ngbe->needed_groups); } else found=1; } if (found) { group=strdup(ngbe->needed_groups->name); status=_nss_ldap_namelist_push(&ngbe->known_groups, ngbe->needed_groups->name); _nss_ldap_namelist_pop(&ngbe->needed_groups); } return group; } /* thread-local file pointer to an ongoing request */ static __thread TFILE *netgrentfp; static nss_status_t _nss_nslcd_setnetgrent(const char *group,struct __netgrent UNUSED(*result)) { /* we cannot use NSS_SETENT() here because we have a parameter that is only available in this function */ int32_t tmpint32; int errnocp; int *errnop; NSS_AVAILCHECK; errnop=&errnocp; /* check parameter */ if ((group==NULL)||(group[0]=='\0')) return NSS_STATUS_UNAVAIL; /* open a new stream and write the request */ NSLCD_REQUEST(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME,WRITE_STRING(netgrentfp,group)); return NSS_STATUS_SUCCESS; } static nss_status_t _nss_nslcd_getnetgrent_r(struct __netgrent *result,char *buffer,size_t buflen,void *args) { NSS_GETENT(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME, read_netgrent(netgrentfp,result,buffer,buflen,errnop)); } static nss_status_t _xnss_ldap_getnetgrent_r(nss_backend_t *_be,void *_args) { nss_ldap_netgr_backend_t *ngbe=(nss_ldap_netgr_backend_t *)_be; struct nss_getnetgrent_args *args=(struct nss_getnetgrent_args *)_args; struct __netgrent result; char *group=NULL; int done=0; nss_status_t status,rc; args->status=NSS_NETGR_NO; while (!done) { status=_nss_nslcd_getnetgrent_r(&result,args->buffer,args->buflen,args); if (status!=NSS_STATUS_SUCCESS) { if (errno==ENOENT) { /* done with the current netgroup */ /* explore nested netgroup,if any */ int found=0; while (!found) { /* find a nested netgroup to pursue further */ group=_nss_ldap_chase_netgroup(ngbe); if (!group) { /* no more netgroup */ found=1; done = 1; errno=ENOENT; } else { rc=_nss_nslcd_setnetgrent(group,&result); if (rc==NSS_STATUS_SUCCESS) found=1; free(group); group=NULL; } } /* while !found */ } else { /* err!=ENOENT */ done=1; } } else { /* status==NSS_STATUS_SUCCESS */ if (result.type==group_val) { /* a netgroup nested within the current netgroup */ rc=_nss_ldap_namelist_push(&ngbe->needed_groups,result.val.group); if (rc!=NSS_STATUS_SUCCESS) { /* unable to push the group name for later netgroup */ } } else if (result.type==triple_val) { args->retp[NSS_NETGR_MACHINE]=result.val.triple.host; args->retp[NSS_NETGR_USER]=result.val.triple.user; args->retp[NSS_NETGR_DOMAIN]=result.val.triple.domain; args->status=NSS_NETGR_FOUND; done=1; } else { /* NSS_STATUS_SUCCESS,but type is not group_val or triple_val */ /* should not be here,log a message */ status=NSS_STATUS_NOTFOUND; done=1; } } } /* while !done */ return status; } static nss_status_t _xnss_ldap_endnetgrent(nss_backend_t UNUSED(*be),void UNUSED(*args)) { NSS_ENDENT(netgrentfp); } static nss_status_t destructor(nss_backend_t *be,void UNUSED(*args)) { nss_ldap_netgr_backend_t *ngbe=(nss_ldap_netgr_backend_t *)be; /* free list of nested netgroups */ _nss_ldap_namelist_destroy(&ngbe->known_groups); _nss_ldap_namelist_destroy(&ngbe->needed_groups); free(ngbe); return NSS_STATUS_SUCCESS; } static nss_status_t _xnss_ldap_netgr_set(nss_backend_t *be,void *_args); static nss_backend_op_t netgroup_ops[]={ destructor, /* NSS_DBOP_DESTRUCTOR */ _xnss_ldap_endnetgrent, /* NSS_DBOP_ENDENT */ _xnss_ldap_setnetgrent, /* NSS_DBOP_SETNET */ _xnss_ldap_getnetgrent_r, /* NSS_DBOP_GETENT */ NULL,/* TODO:_nss_ldap_netgr_in,*/ /* NSS_DBOP_NETGROUP_IN */ _xnss_ldap_netgr_set /* NSS_DBOP_NETGROUP_SET */ }; static nss_status_t _xnss_ldap_netgr_set(nss_backend_t *be,void *_args) { nss_status_t stat; struct nss_setnetgrent_args *args; nss_ldap_netgr_backend_t *ngbe; struct __netgrent result; args=(struct nss_setnetgrent_args *)_args; args->iterator=NULL; /* initialize */ ngbe=(nss_ldap_netgr_backend_t *)malloc(sizeof(*ngbe)); if (ngbe==NULL) return NSS_STATUS_UNAVAIL; ngbe->ops=netgroup_ops; ngbe->n_ops=6; ngbe->state=NULL; ngbe->known_groups=NULL; ngbe->needed_groups=NULL; stat=_nss_nslcd_setnetgrent(args->netgroup,&result); if (stat!=NSS_STATUS_SUCCESS) { free(be); return stat; } /* place the group name in known list */ stat=_nss_ldap_namelist_push(&ngbe->known_groups,args->netgroup); if (stat!=NSS_STATUS_SUCCESS) { destructor((nss_backend_t *)ngbe,NULL); return stat; } args->iterator=(nss_backend_t *)ngbe; return stat; } nss_backend_t *_nss_ldap_netgroup_constr(const char UNUSED(*db_name), const char UNUSED(*src_name),const char UNUSED(*cfg_args)) { nss_ldap_netgr_backend_t *be; if (!(be=(nss_ldap_netgr_backend_t *)malloc(sizeof(*be)))) return NULL; be->ops=netgroup_ops; be->n_ops=sizeof(netgroup_ops)/sizeof(nss_backend_op_t); be->known_groups=NULL; be->needed_groups=NULL; return (nss_backend_t *)be; } #endif /* NSS_FLAVOUR_SOLARIS */