4 * Copyright (c) 2007, Stefan Metzmacher <metze@samba.org>
5 * Copyright (c) 2009, Guenther Deschner <gd@samba.org>
6 * Copyright (c) 2014-2015, Michael Adam <obnox@samba.org>
7 * Copyright (c) 2015, Robin Hack <hack.robin@gmail.com>
8 * Copyright (c) 2013-2018, Andreas Schneider <asn@samba.org>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the author nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 #include <sys/types.h>
45 #include <sys/socket.h>
58 #include <netinet/in.h>
64 * Defining _POSIX_PTHREAD_SEMANTICS before including pwd.h and grp.h gives us
65 * the posix getpwnam_r(), getpwuid_r(), getgrnam_r and getgrgid_r calls on
68 #ifndef _POSIX_PTHREAD_SEMANTICS
69 #define _POSIX_PTHREAD_SEMANTICS
76 #endif /* HAVE_SHADOW_H */
79 #include <arpa/inet.h>
80 #include <netinet/in.h>
84 #if defined(HAVE_NSS_H)
88 typedef enum nss_status NSS_STATUS;
89 #elif defined(HAVE_NSS_COMMON_H)
91 #include <nss_common.h>
92 #include <nss_dbdefs.h>
95 typedef nss_status_t NSS_STATUS;
97 # define NSS_STATUS_SUCCESS NSS_SUCCESS
98 # define NSS_STATUS_NOTFOUND NSS_NOTFOUND
99 # define NSS_STATUS_UNAVAIL NSS_UNAVAIL
100 # define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
102 # error "No nsswitch support detected"
106 #define PTR_DIFF(p1, p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2)))
114 #define EAI_NODATA EAI_NONAME
117 #ifndef EAI_ADDRFAMILY
118 #define EAI_ADDRFAMILY EAI_FAMILY
122 #define __STRING(x) #x
125 #ifndef __STRINGSTRING
126 #define __STRINGSTRING(x) __STRING(x)
130 #define __LINESTR__ __STRINGSTRING(__LINE__)
134 #define __location__ __FILE__ ":" __LINESTR__
138 #define DNS_NAME_MAX 255
141 /* GCC have printf type attribute check. */
142 #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT
143 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
145 #define PRINTF_ATTRIBUTE(a,b)
146 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
148 #ifdef HAVE_CONSTRUCTOR_ATTRIBUTE
149 #define CONSTRUCTOR_ATTRIBUTE __attribute__ ((constructor))
151 #define CONSTRUCTOR_ATTRIBUTE
152 #endif /* HAVE_CONSTRUCTOR_ATTRIBUTE */
154 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
155 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
157 #define DESTRUCTOR_ATTRIBUTE
158 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
160 #define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
163 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
166 #ifndef discard_const
167 #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
170 #ifndef discard_const_p
171 #define discard_const_p(type, ptr) ((type *)discard_const(ptr))
175 #define NWRAP_INET_ADDRSTRLEN INET6_ADDRSTRLEN
177 #define NWRAP_INET_ADDRSTRLEN INET_ADDRSTRLEN
180 #define MAX(a,b) ((a) < (b) ? (b) : (a))
181 #define MIN(a,b) ((a) > (b) ? (b) : (a))
183 static bool nwrap_initialized = false;
184 static pthread_mutex_t nwrap_initialized_mutex = PTHREAD_MUTEX_INITIALIZER;
186 /* The mutex or accessing the id */
187 static pthread_mutex_t nwrap_global_mutex = PTHREAD_MUTEX_INITIALIZER;
188 static pthread_mutex_t nwrap_gr_global_mutex = PTHREAD_MUTEX_INITIALIZER;
189 static pthread_mutex_t nwrap_he_global_mutex = PTHREAD_MUTEX_INITIALIZER;
190 static pthread_mutex_t nwrap_pw_global_mutex = PTHREAD_MUTEX_INITIALIZER;
191 static pthread_mutex_t nwrap_sp_global_mutex = PTHREAD_MUTEX_INITIALIZER;
193 #define nss_wrapper_init_mutex(m) \
194 _nss_wrapper_init_mutex(m, #m)
196 /* Add new global locks here please */
197 /* Also don't forget to add locks to
198 * nwrap_init() function.
200 # define NWRAP_REINIT_ALL do { \
202 ret = nss_wrapper_init_mutex(&nwrap_initialized_mutex); \
203 if (ret != 0) exit(-1); \
204 ret = nss_wrapper_init_mutex(&nwrap_global_mutex); \
205 if (ret != 0) exit(-1); \
206 ret = nss_wrapper_init_mutex(&nwrap_gr_global_mutex); \
207 if (ret != 0) exit(-1); \
208 ret = nss_wrapper_init_mutex(&nwrap_he_global_mutex); \
209 if (ret != 0) exit(-1); \
210 ret = nss_wrapper_init_mutex(&nwrap_pw_global_mutex); \
211 if (ret != 0) exit(-1); \
212 ret = nss_wrapper_init_mutex(&nwrap_sp_global_mutex); \
213 if (ret != 0) exit(-1); \
216 # define NWRAP_LOCK_ALL do { \
217 nwrap_mutex_lock(&nwrap_initialized_mutex); \
218 nwrap_mutex_lock(&nwrap_global_mutex); \
219 nwrap_mutex_lock(&nwrap_gr_global_mutex); \
220 nwrap_mutex_lock(&nwrap_he_global_mutex); \
221 nwrap_mutex_lock(&nwrap_pw_global_mutex); \
222 nwrap_mutex_lock(&nwrap_sp_global_mutex); \
225 # define NWRAP_UNLOCK_ALL do {\
226 nwrap_mutex_unlock(&nwrap_sp_global_mutex); \
227 nwrap_mutex_unlock(&nwrap_pw_global_mutex); \
228 nwrap_mutex_unlock(&nwrap_he_global_mutex); \
229 nwrap_mutex_unlock(&nwrap_gr_global_mutex); \
230 nwrap_mutex_unlock(&nwrap_global_mutex); \
231 nwrap_mutex_unlock(&nwrap_initialized_mutex); \
234 static void nwrap_init(void);
236 enum nwrap_dbglvl_e {
243 #ifndef HAVE_GETPROGNAME
244 static const char *getprogname(void)
246 #if defined(HAVE_PROGRAM_INVOCATION_SHORT_NAME)
247 return program_invocation_short_name;
248 #elif defined(HAVE_GETEXECNAME)
249 return getexecname();
252 #endif /* HAVE_PROGRAM_INVOCATION_SHORT_NAME */
254 #endif /* HAVE_GETPROGNAME */
256 static void nwrap_log(enum nwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
257 # define NWRAP_LOG(dbglvl, ...) nwrap_log((dbglvl), __func__, __VA_ARGS__)
259 static void nwrap_log(enum nwrap_dbglvl_e dbglvl,
261 const char *format, ...)
266 unsigned int lvl = 0;
267 const char *prefix = "NWRAP";
268 const char *progname = getprogname();
270 d = getenv("NSS_WRAPPER_DEBUGLEVEL");
279 va_start(va, format);
280 vsnprintf(buffer, sizeof(buffer), format, va);
284 case NWRAP_LOG_ERROR:
285 prefix = "NWRAP_ERROR";
288 prefix = "NWRAP_WARN";
290 case NWRAP_LOG_DEBUG:
291 prefix = "NWRAP_DEBUG";
293 case NWRAP_LOG_TRACE:
294 prefix = "NWRAP_TRACE";
298 if (progname == NULL) {
299 progname = "<unknown>";
303 "%s[%s (%u)] - %s: %s\n",
306 (unsigned int)getpid(),
315 #define LIBC_NAME "libc.so"
317 typedef struct passwd *(*__libc_getpwnam)(const char *name);
319 typedef int (*__libc_getpwnam_r)(const char *name,
323 struct passwd **result);
325 typedef struct passwd *(*__libc_getpwuid)(uid_t uid);
327 typedef int (*__libc_getpwuid_r)(uid_t uid,
331 struct passwd **result);
333 typedef void (*__libc_setpwent)(void);
335 typedef struct passwd *(*__libc_getpwent)(void);
337 #ifdef HAVE_GETPWENT_R
338 # ifdef HAVE_SOLARIS_GETPWENT_R
339 typedef struct passwd *(*__libc_getpwent_r)(struct passwd *pwbuf,
342 # else /* HAVE_SOLARIS_GETPWENT_R */
343 typedef int (*__libc_getpwent_r)(struct passwd *pwbuf,
346 struct passwd **pwbufp);
347 # endif /* HAVE_SOLARIS_GETPWENT_R */
348 #endif /* HAVE_GETPWENT_R */
350 typedef void (*__libc_endpwent)(void);
352 typedef int (*__libc_initgroups)(const char *user, gid_t gid);
354 typedef struct group *(*__libc_getgrnam)(const char *name);
356 typedef int (*__libc_getgrnam_r)(const char *name,
360 struct group **result);
362 typedef struct group *(*__libc_getgrgid)(gid_t gid);
364 typedef int (*__libc_getgrgid_r)(gid_t gid,
368 struct group **result);
370 typedef void (*__libc_setgrent)(void);
372 typedef struct group *(*__libc_getgrent)(void);
374 #ifdef HAVE_GETGRENT_R
375 # ifdef HAVE_SOLARIS_GETGRENT_R
376 typedef struct group *(*__libc_getgrent_r)(struct group *group,
379 # else /* HAVE_SOLARIS_GETGRENT_R */
380 typedef int (*__libc_getgrent_r)(struct group *group,
383 struct group **result);
384 # endif /* HAVE_SOLARIS_GETGRENT_R */
385 #endif /* HAVE_GETGRENT_R */
387 typedef void (*__libc_endgrent)(void);
389 typedef int (*__libc_getgrouplist)(const char *user,
394 typedef void (*__libc_sethostent)(int stayopen);
396 typedef struct hostent *(*__libc_gethostent)(void);
398 typedef void (*__libc_endhostent)(void);
400 typedef struct hostent *(*__libc_gethostbyname)(const char *name);
402 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
403 typedef struct hostent *(*__libc_gethostbyname2)(const char *name, int af);
406 #ifdef HAVE_GETHOSTBYNAME2_R /* GNU extension */
407 typedef int (*__libc_gethostbyname2_r)(const char *name,
412 struct hostent **result,
416 typedef struct hostent *(*__libc_gethostbyaddr)(const void *addr,
420 typedef int (*__libc_getaddrinfo)(const char *node,
422 const struct addrinfo *hints,
423 struct addrinfo **res);
424 typedef int (*__libc_getnameinfo)(const struct sockaddr *sa,
432 typedef int (*__libc_gethostname)(char *name, size_t len);
434 #ifdef HAVE_GETHOSTBYNAME_R
435 typedef int (*__libc_gethostbyname_r)(const char *name,
437 char *buf, size_t buflen,
438 struct hostent **result, int *h_errnop);
441 #ifdef HAVE_GETHOSTBYADDR_R
442 typedef int (*__libc_gethostbyaddr_r)(const void *addr,
448 struct hostent **result,
452 #define NWRAP_SYMBOL_ENTRY(i) \
458 struct nwrap_libc_symbols {
459 NWRAP_SYMBOL_ENTRY(getpwnam);
460 NWRAP_SYMBOL_ENTRY(getpwnam_r);
461 NWRAP_SYMBOL_ENTRY(getpwuid);
462 NWRAP_SYMBOL_ENTRY(getpwuid_r);
463 NWRAP_SYMBOL_ENTRY(setpwent);
464 NWRAP_SYMBOL_ENTRY(getpwent);
465 #ifdef HAVE_GETPWENT_R
466 NWRAP_SYMBOL_ENTRY(getpwent_r);
468 NWRAP_SYMBOL_ENTRY(endpwent);
470 NWRAP_SYMBOL_ENTRY(initgroups);
471 NWRAP_SYMBOL_ENTRY(getgrnam);
472 NWRAP_SYMBOL_ENTRY(getgrnam_r);
473 NWRAP_SYMBOL_ENTRY(getgrgid);
474 NWRAP_SYMBOL_ENTRY(getgrgid_r);
475 NWRAP_SYMBOL_ENTRY(setgrent);
476 NWRAP_SYMBOL_ENTRY(getgrent);
477 #ifdef HAVE_GETGRENT_R
478 NWRAP_SYMBOL_ENTRY(getgrent_r);
480 NWRAP_SYMBOL_ENTRY(endgrent);
481 NWRAP_SYMBOL_ENTRY(getgrouplist);
483 NWRAP_SYMBOL_ENTRY(sethostent);
484 NWRAP_SYMBOL_ENTRY(gethostent);
485 NWRAP_SYMBOL_ENTRY(endhostent);
486 NWRAP_SYMBOL_ENTRY(gethostbyname);
487 #ifdef HAVE_GETHOSTBYNAME_R
488 NWRAP_SYMBOL_ENTRY(gethostbyname_r);
490 #ifdef HAVE_GETHOSTBYNAME2
491 NWRAP_SYMBOL_ENTRY(gethostbyname2);
493 #ifdef HAVE_GETHOSTBYNAME2_R
494 NWRAP_SYMBOL_ENTRY(gethostbyname2_r);
496 NWRAP_SYMBOL_ENTRY(gethostbyaddr);
497 #ifdef HAVE_GETHOSTBYADDR_R
498 NWRAP_SYMBOL_ENTRY(gethostbyaddr_r);
500 NWRAP_SYMBOL_ENTRY(getaddrinfo);
501 NWRAP_SYMBOL_ENTRY(getnameinfo);
502 NWRAP_SYMBOL_ENTRY(gethostname);
504 #undef NWRAP_SYMBOL_ENTRY
506 typedef NSS_STATUS (*__nss_getpwnam_r)(const char *name,
507 struct passwd *result,
511 typedef NSS_STATUS (*__nss_getpwuid_r)(uid_t uid,
512 struct passwd *result,
516 typedef NSS_STATUS (*__nss_setpwent)(void);
517 typedef NSS_STATUS (*__nss_getpwent_r)(struct passwd *result,
521 typedef NSS_STATUS (*__nss_endpwent)(void);
522 typedef NSS_STATUS (*__nss_initgroups_dyn)(const char *user,
529 typedef NSS_STATUS (*__nss_getgrnam_r)(const char *name,
530 struct group *result,
534 typedef NSS_STATUS (*__nss_getgrgid_r)(gid_t gid,
535 struct group *result,
539 typedef NSS_STATUS (*__nss_setgrent)(void);
540 typedef NSS_STATUS (*__nss_getgrent_r)(struct group *result,
544 typedef NSS_STATUS (*__nss_endgrent)(void);
545 typedef NSS_STATUS (*__nss_gethostbyaddr_r)(const void *addr,
548 struct hostent *result,
553 typedef NSS_STATUS (*__nss_gethostbyname2_r)(const char *name,
555 struct hostent *result,
561 #define NWRAP_NSS_MODULE_SYMBOL_ENTRY(i) \
567 struct nwrap_nss_module_symbols {
568 NWRAP_NSS_MODULE_SYMBOL_ENTRY(getpwnam_r);
569 NWRAP_NSS_MODULE_SYMBOL_ENTRY(getpwuid_r);
570 NWRAP_NSS_MODULE_SYMBOL_ENTRY(setpwent);
571 NWRAP_NSS_MODULE_SYMBOL_ENTRY(getpwent_r);
572 NWRAP_NSS_MODULE_SYMBOL_ENTRY(endpwent);
574 NWRAP_NSS_MODULE_SYMBOL_ENTRY(initgroups_dyn);
575 NWRAP_NSS_MODULE_SYMBOL_ENTRY(getgrnam_r);
576 NWRAP_NSS_MODULE_SYMBOL_ENTRY(getgrgid_r);
577 NWRAP_NSS_MODULE_SYMBOL_ENTRY(setgrent);
578 NWRAP_NSS_MODULE_SYMBOL_ENTRY(getgrent_r);
579 NWRAP_NSS_MODULE_SYMBOL_ENTRY(endgrent);
581 NWRAP_NSS_MODULE_SYMBOL_ENTRY(gethostbyaddr_r);
582 NWRAP_NSS_MODULE_SYMBOL_ENTRY(gethostbyname2_r);
585 struct nwrap_backend {
589 struct nwrap_ops *ops;
590 struct nwrap_nss_module_symbols *symbols;
596 struct passwd * (*nw_getpwnam)(struct nwrap_backend *b,
598 int (*nw_getpwnam_r)(struct nwrap_backend *b,
599 const char *name, struct passwd *pwdst,
600 char *buf, size_t buflen, struct passwd **pwdstp);
601 struct passwd * (*nw_getpwuid)(struct nwrap_backend *b,
603 int (*nw_getpwuid_r)(struct nwrap_backend *b,
604 uid_t uid, struct passwd *pwdst,
605 char *buf, size_t buflen, struct passwd **pwdstp);
606 void (*nw_setpwent)(struct nwrap_backend *b);
607 struct passwd * (*nw_getpwent)(struct nwrap_backend *b);
608 int (*nw_getpwent_r)(struct nwrap_backend *b,
609 struct passwd *pwdst, char *buf,
610 size_t buflen, struct passwd **pwdstp);
611 void (*nw_endpwent)(struct nwrap_backend *b);
612 int (*nw_initgroups_dyn)(struct nwrap_backend *b,
620 struct group * (*nw_getgrnam)(struct nwrap_backend *b,
622 int (*nw_getgrnam_r)(struct nwrap_backend *b,
623 const char *name, struct group *grdst,
624 char *buf, size_t buflen, struct group **grdstp);
625 struct group * (*nw_getgrgid)(struct nwrap_backend *b,
627 int (*nw_getgrgid_r)(struct nwrap_backend *b,
628 gid_t gid, struct group *grdst,
629 char *buf, size_t buflen, struct group **grdstp);
630 void (*nw_setgrent)(struct nwrap_backend *b);
631 struct group * (*nw_getgrent)(struct nwrap_backend *b);
632 int (*nw_getgrent_r)(struct nwrap_backend *b,
633 struct group *grdst, char *buf,
634 size_t buflen, struct group **grdstp);
635 void (*nw_endgrent)(struct nwrap_backend *b);
636 struct hostent *(*nw_gethostbyaddr)(struct nwrap_backend *b,
638 socklen_t len, int type);
639 struct hostent *(*nw_gethostbyname)(struct nwrap_backend *b,
641 struct hostent *(*nw_gethostbyname2)(struct nwrap_backend *b,
642 const char *name, int af);
643 int (*nw_gethostbyname2_r)(struct nwrap_backend *b,
644 const char *name, int af,
645 struct hostent *hedst,
646 char *buf, size_t buflen,
647 struct hostent **hedstp);
650 /* Public prototypes */
652 bool nss_wrapper_enabled(void);
653 bool nss_wrapper_shadow_enabled(void);
654 bool nss_wrapper_hosts_enabled(void);
656 /* prototypes for files backend */
659 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
661 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
662 const char *name, struct passwd *pwdst,
663 char *buf, size_t buflen, struct passwd **pwdstp);
664 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
666 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
667 uid_t uid, struct passwd *pwdst,
668 char *buf, size_t buflen, struct passwd **pwdstp);
669 static void nwrap_files_setpwent(struct nwrap_backend *b);
670 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b);
671 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
672 struct passwd *pwdst, char *buf,
673 size_t buflen, struct passwd **pwdstp);
674 static void nwrap_files_endpwent(struct nwrap_backend *b);
675 static int nwrap_files_initgroups_dyn(struct nwrap_backend *b,
683 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
685 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
686 const char *name, struct group *grdst,
687 char *buf, size_t buflen, struct group **grdstp);
688 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
690 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
691 gid_t gid, struct group *grdst,
692 char *buf, size_t buflen, struct group **grdstp);
693 static void nwrap_files_setgrent(struct nwrap_backend *b);
694 static struct group *nwrap_files_getgrent(struct nwrap_backend *b);
695 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
696 struct group *grdst, char *buf,
697 size_t buflen, struct group **grdstp);
698 static void nwrap_files_endgrent(struct nwrap_backend *b);
699 static struct hostent *nwrap_files_gethostbyaddr(struct nwrap_backend *b,
701 socklen_t len, int type);
702 static struct hostent *nwrap_files_gethostbyname(struct nwrap_backend *b,
704 #ifdef HAVE_GETHOSTBYNAME2
705 static struct hostent *nwrap_files_gethostbyname2(struct nwrap_backend *b,
706 const char *name, int af);
707 #endif /* HAVE_GETHOSTBYNAME2 */
708 static int nwrap_files_gethostbyname2_r(struct nwrap_backend *b,
709 const char *name, int af,
710 struct hostent *hedst,
711 char *buf, size_t buflen,
712 struct hostent **hedstp);
714 /* prototypes for module backend */
716 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b);
717 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
718 struct passwd *pwdst, char *buf,
719 size_t buflen, struct passwd **pwdstp);
720 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
722 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
723 const char *name, struct passwd *pwdst,
724 char *buf, size_t buflen, struct passwd **pwdstp);
725 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
727 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
728 uid_t uid, struct passwd *pwdst,
729 char *buf, size_t buflen, struct passwd **pwdstp);
730 static void nwrap_module_setpwent(struct nwrap_backend *b);
731 static void nwrap_module_endpwent(struct nwrap_backend *b);
732 static struct group *nwrap_module_getgrent(struct nwrap_backend *b);
733 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
734 struct group *grdst, char *buf,
735 size_t buflen, struct group **grdstp);
736 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
738 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
739 const char *name, struct group *grdst,
740 char *buf, size_t buflen, struct group **grdstp);
741 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
743 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
744 gid_t gid, struct group *grdst,
745 char *buf, size_t buflen, struct group **grdstp);
746 static void nwrap_module_setgrent(struct nwrap_backend *b);
747 static void nwrap_module_endgrent(struct nwrap_backend *b);
748 static int nwrap_module_initgroups_dyn(struct nwrap_backend *b,
756 static struct hostent *nwrap_module_gethostbyaddr(struct nwrap_backend *b,
758 socklen_t len, int type);
759 static struct hostent *nwrap_module_gethostbyname(struct nwrap_backend *b,
761 static struct hostent *nwrap_module_gethostbyname2(struct nwrap_backend *b,
762 const char *name, int af);
763 static int nwrap_module_gethostbyname2_r(struct nwrap_backend *b,
764 const char *name, int af,
765 struct hostent *hedst,
766 char *buf, size_t buflen,
767 struct hostent **hedstp);
769 struct nwrap_ops nwrap_files_ops = {
770 .nw_getpwnam = nwrap_files_getpwnam,
771 .nw_getpwnam_r = nwrap_files_getpwnam_r,
772 .nw_getpwuid = nwrap_files_getpwuid,
773 .nw_getpwuid_r = nwrap_files_getpwuid_r,
774 .nw_setpwent = nwrap_files_setpwent,
775 .nw_getpwent = nwrap_files_getpwent,
776 .nw_getpwent_r = nwrap_files_getpwent_r,
777 .nw_endpwent = nwrap_files_endpwent,
778 .nw_initgroups_dyn = nwrap_files_initgroups_dyn,
779 .nw_getgrnam = nwrap_files_getgrnam,
780 .nw_getgrnam_r = nwrap_files_getgrnam_r,
781 .nw_getgrgid = nwrap_files_getgrgid,
782 .nw_getgrgid_r = nwrap_files_getgrgid_r,
783 .nw_setgrent = nwrap_files_setgrent,
784 .nw_getgrent = nwrap_files_getgrent,
785 .nw_getgrent_r = nwrap_files_getgrent_r,
786 .nw_endgrent = nwrap_files_endgrent,
787 .nw_gethostbyaddr = nwrap_files_gethostbyaddr,
788 .nw_gethostbyname = nwrap_files_gethostbyname,
789 #ifdef HAVE_GETHOSTBYNAME2
790 .nw_gethostbyname2 = nwrap_files_gethostbyname2,
791 #endif /* HAVE_GETHOSTBYNAME2 */
792 .nw_gethostbyname2_r = nwrap_files_gethostbyname2_r,
795 struct nwrap_ops nwrap_module_ops = {
796 .nw_getpwnam = nwrap_module_getpwnam,
797 .nw_getpwnam_r = nwrap_module_getpwnam_r,
798 .nw_getpwuid = nwrap_module_getpwuid,
799 .nw_getpwuid_r = nwrap_module_getpwuid_r,
800 .nw_setpwent = nwrap_module_setpwent,
801 .nw_getpwent = nwrap_module_getpwent,
802 .nw_getpwent_r = nwrap_module_getpwent_r,
803 .nw_endpwent = nwrap_module_endpwent,
804 .nw_initgroups_dyn = nwrap_module_initgroups_dyn,
805 .nw_getgrnam = nwrap_module_getgrnam,
806 .nw_getgrnam_r = nwrap_module_getgrnam_r,
807 .nw_getgrgid = nwrap_module_getgrgid,
808 .nw_getgrgid_r = nwrap_module_getgrgid_r,
809 .nw_setgrent = nwrap_module_setgrent,
810 .nw_getgrent = nwrap_module_getgrent,
811 .nw_getgrent_r = nwrap_module_getgrent_r,
812 .nw_endgrent = nwrap_module_endgrent,
813 .nw_gethostbyaddr = nwrap_module_gethostbyaddr,
814 .nw_gethostbyname = nwrap_module_gethostbyname,
815 .nw_gethostbyname2 = nwrap_module_gethostbyname2,
816 .nw_gethostbyname2_r = nwrap_module_gethostbyname2_r,
823 struct nwrap_libc_symbols symbols;
828 struct nwrap_backend *backends;
829 struct nwrap_libc *libc;
832 static struct nwrap_main *nwrap_main_global;
833 static struct nwrap_main __nwrap_main_global;
838 static int nwrap_convert_he_ai(const struct hostent *he,
840 const struct addrinfo *hints,
841 struct addrinfo **pai,
842 bool skip_canonname);
848 #define DEFAULT_VECTOR_CAPACITY 16
850 struct nwrap_vector {
856 /* Macro returns pointer to first element of vector->items array.
858 * nwrap_vector is used as a memory backend which take care of
859 * memory allocations and other stuff like memory growing.
860 * nwrap_vectors should not be considered as some abstract structures.
861 * On this level, vectors are more handy than direct realloc/malloc
864 * nwrap_vector->items is array inside nwrap_vector which can be
865 * directly pointed by libc structure assembled by cwrap itself.
869 * 1) struct hostent contains char **h_addr_list element.
870 * 2) nwrap_vector holds array of pointers to addresses.
871 * It's easier to use vector to store results of
874 * Now, pretend that cwrap assembled struct hostent and
875 * we need to set h_addr_list to point to nwrap_vector.
876 * Idea behind is to shield users from internal nwrap_vector
878 * (Yes, not fully - array terminated by NULL is needed because
879 * it's result expected by libc function caller.)
885 * struct nwrap_vector *vector = malloc(sizeof(struct nwrap_vector));
886 * ... don't care about failed allocation now ...
888 * ... fill nwrap vector ...
891 * he.h_addr_list = nwrap_vector_head(vector);
894 #define nwrap_vector_head(vect) ((void *)((vect)->items))
896 #define nwrap_vector_foreach(item, vect, iter) \
897 for (iter = 0, (item) = (vect).items == NULL ? NULL : (vect).items[0]; \
899 (item) = (vect).items[++iter])
901 #define nwrap_vector_is_initialized(vector) ((vector)->items != NULL)
903 static inline bool nwrap_vector_init(struct nwrap_vector *const vector)
905 if (vector == NULL) {
909 /* count is initialized by ZERO_STRUCTP */
910 ZERO_STRUCTP(vector);
911 vector->items = malloc(sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
912 if (vector->items == NULL) {
915 vector->capacity = DEFAULT_VECTOR_CAPACITY;
916 memset(vector->items, '\0', sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
921 static bool nwrap_vector_add_item(struct nwrap_vector *vector, void *const item)
923 assert (vector != NULL);
925 if (vector->items == NULL) {
926 nwrap_vector_init(vector);
929 if (vector->count == vector->capacity) {
930 /* Items array _MUST_ be NULL terminated because it's passed
931 * as result to caller which expect NULL terminated array from libc.
933 void **items = realloc(vector->items, sizeof(void *) * ((vector->capacity * 2) + 1));
937 vector->items = items;
939 /* Don't count ending NULL to capacity */
940 vector->capacity *= 2;
943 vector->items[vector->count] = item;
946 vector->items[vector->count] = NULL;
951 static bool nwrap_vector_merge(struct nwrap_vector *dst,
952 struct nwrap_vector *src)
954 void **dst_items = NULL;
957 if (src->count == 0) {
961 count = dst->count + src->count;
963 /* We don't need reallocation if we have enough capacity. */
964 if (src->count > (dst->capacity - dst->count)) {
965 dst_items = (void **)realloc(dst->items, (count + 1) * sizeof(void *));
966 if (dst_items == NULL) {
969 dst->items = dst_items;
970 dst->capacity = count;
973 memcpy((void *)(((long *)dst->items) + dst->count),
975 src->count * sizeof(void *));
988 struct nwrap_vector lines;
990 bool (*parse_line)(struct nwrap_cache *, char *line);
991 void (*unload)(struct nwrap_cache *);
996 struct nwrap_cache *cache;
1003 struct nwrap_cache __nwrap_cache_pw;
1004 struct nwrap_pw nwrap_pw_global;
1006 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line);
1007 static void nwrap_pw_unload(struct nwrap_cache *nwrap);
1010 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1012 struct nwrap_cache *cache;
1019 struct nwrap_cache __nwrap_cache_sp;
1020 struct nwrap_sp nwrap_sp_global;
1022 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line);
1023 static void nwrap_sp_unload(struct nwrap_cache *nwrap);
1024 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1028 struct nwrap_cache *cache;
1035 struct nwrap_cache __nwrap_cache_gr;
1036 struct nwrap_gr nwrap_gr_global;
1039 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line);
1040 static void nwrap_he_unload(struct nwrap_cache *nwrap);
1042 struct nwrap_addrdata {
1043 unsigned char host_addr[16]; /* IPv4 or IPv6 address */
1046 static size_t max_hostents = 100;
1048 struct nwrap_entdata {
1049 struct nwrap_addrdata addr;
1052 struct nwrap_vector nwrap_addrdata;
1054 ssize_t aliases_count;
1057 struct nwrap_entlist {
1058 struct nwrap_entlist *next;
1059 struct nwrap_entdata *ed;
1063 struct nwrap_cache *cache;
1065 struct nwrap_vector entries;
1066 struct nwrap_vector lists;
1072 static struct nwrap_cache __nwrap_cache_he;
1073 static struct nwrap_he nwrap_he_global;
1076 /*********************************************************
1078 *********************************************************/
1080 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line);
1081 static void nwrap_gr_unload(struct nwrap_cache *nwrap);
1082 #if ! defined(HAVE_CONSTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_INIT)
1083 /* xlC and other oldschool compilers support (only) this */
1084 #pragma init (nwrap_constructor)
1086 void nwrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
1087 #if ! defined(HAVE_DESTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_FINI)
1088 #pragma fini (nwrap_destructor)
1090 void nwrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
1092 /*********************************************************
1093 * NWRAP LIBC LOADER FUNCTIONS
1094 *********************************************************/
1102 static const char *nwrap_str_lib(enum nwrap_lib lib)
1109 case NWRAP_LIBSOCKET:
1113 /* Compiler would warn us about unhandled enum value if we get here */
1117 static void *nwrap_load_lib_handle(enum nwrap_lib lib)
1119 int flags = RTLD_LAZY;
1120 void *handle = NULL;
1123 #ifdef RTLD_DEEPBIND
1124 const char *env_preload = getenv("LD_PRELOAD");
1125 const char *env_deepbind = getenv("NSS_WRAPPER_DISABLE_DEEPBIND");
1126 bool enable_deepbind = true;
1128 /* Don't do a deepbind if we run with libasan */
1129 if (env_preload != NULL && strlen(env_preload) < 1024) {
1130 const char *p = strstr(env_preload, "libasan.so");
1132 enable_deepbind = false;
1136 if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
1137 enable_deepbind = false;
1140 if (enable_deepbind) {
1141 flags |= RTLD_DEEPBIND;
1148 handle = nwrap_main_global->libc->nsl_handle;
1149 if (handle == NULL) {
1150 for (i = 10; i >= 0; i--) {
1151 char soname[256] = {0};
1153 snprintf(soname, sizeof(soname), "libnsl.so.%d", i);
1154 handle = dlopen(soname, flags);
1155 if (handle != NULL) {
1160 nwrap_main_global->libc->nsl_handle = handle;
1165 case NWRAP_LIBSOCKET:
1166 #ifdef HAVE_LIBSOCKET
1167 handle = nwrap_main_global->libc->sock_handle;
1168 if (handle == NULL) {
1169 for (i = 10; i >= 0; i--) {
1170 char soname[256] = {0};
1172 snprintf(soname, sizeof(soname), "libsocket.so.%d", i);
1173 handle = dlopen(soname, flags);
1174 if (handle != NULL) {
1179 nwrap_main_global->libc->sock_handle = handle;
1185 handle = nwrap_main_global->libc->handle;
1186 if (handle == NULL) {
1187 for (i = 10; i >= 0; i--) {
1188 char soname[256] = {0};
1190 snprintf(soname, sizeof(soname), "libc.so.%d", i);
1191 handle = dlopen(soname, flags);
1192 if (handle != NULL) {
1197 nwrap_main_global->libc->handle = handle;
1202 if (handle == NULL) {
1204 handle = nwrap_main_global->libc->handle
1205 = nwrap_main_global->libc->sock_handle
1206 = nwrap_main_global->libc->nsl_handle
1209 NWRAP_LOG(NWRAP_LOG_ERROR,
1210 "Failed to dlopen library: %s\n",
1219 static void *_nwrap_bind_symbol(enum nwrap_lib lib, const char *fn_name)
1226 handle = nwrap_load_lib_handle(lib);
1228 func = dlsym(handle, fn_name);
1230 NWRAP_LOG(NWRAP_LOG_ERROR,
1231 "Failed to find %s: %s\n",
1232 fn_name, dlerror());
1236 NWRAP_LOG(NWRAP_LOG_TRACE,
1237 "Loaded %s from %s",
1238 fn_name, nwrap_str_lib(lib));
1242 #define nwrap_mutex_lock(m) _nwrap_mutex_lock(m, #m, __func__, __LINE__)
1243 static void _nwrap_mutex_lock(pthread_mutex_t *mutex, const char *name, const char *caller, unsigned line)
1247 ret = pthread_mutex_lock(mutex);
1249 NWRAP_LOG(NWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't lock pthread mutex(%s) - %s",
1250 getpid(), getppid(), caller, line, name, strerror(ret));
1255 #define nwrap_mutex_unlock(m) _nwrap_mutex_unlock(m, #m, __func__, __LINE__)
1256 static void _nwrap_mutex_unlock(pthread_mutex_t *mutex, const char *name, const char *caller, unsigned line)
1260 ret = pthread_mutex_unlock(mutex);
1262 NWRAP_LOG(NWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't unlock pthread mutex(%s) - %s",
1263 getpid(), getppid(), caller, line, name, strerror(ret));
1268 #define nwrap_bind_symbol_libc(sym_name) \
1269 if (nwrap_main_global->libc->symbols._libc_##sym_name.obj == NULL) { \
1270 nwrap_main_global->libc->symbols._libc_##sym_name.obj = \
1271 _nwrap_bind_symbol(NWRAP_LIBC, #sym_name); \
1274 #define nwrap_bind_symbol_libc_posix(sym_name) \
1275 if (nwrap_main_global->libc->symbols._libc_##sym_name.obj == NULL) { \
1276 nwrap_main_global->libc->symbols._libc_##sym_name.obj = \
1277 _nwrap_bind_symbol(NWRAP_LIBC, "__posix_" #sym_name); \
1280 #define nwrap_bind_symbol_libnsl(sym_name) \
1281 if (nwrap_main_global->libc->symbols._libc_##sym_name.obj == NULL) { \
1282 nwrap_main_global->libc->symbols._libc_##sym_name.obj = \
1283 _nwrap_bind_symbol(NWRAP_LIBNSL, #sym_name); \
1286 #define nwrap_bind_symbol_libsocket(sym_name) \
1287 if (nwrap_main_global->libc->symbols._libc_##sym_name.obj == NULL) { \
1288 nwrap_main_global->libc->symbols._libc_##sym_name.obj = \
1289 _nwrap_bind_symbol(NWRAP_LIBSOCKET, #sym_name); \
1292 static void nwrap_bind_symbol_all(void);
1294 /* INTERNAL HELPER FUNCTIONS */
1295 static void nwrap_lines_unload(struct nwrap_cache *const nwrap)
1299 nwrap_vector_foreach(item, nwrap->lines, p) {
1300 /* Maybe some vectors were merged ... */
1303 SAFE_FREE(nwrap->lines.items);
1304 ZERO_STRUCTP(&nwrap->lines);
1310 * Functions expeciall from libc need to be loaded individually, you can't load
1311 * all at once or gdb will segfault at startup. The same applies to valgrind and
1312 * has probably something todo with with the linker.
1313 * So we need load each function at the point it is called the first time.
1315 static struct passwd *libc_getpwnam(const char *name)
1317 nwrap_bind_symbol_all();
1319 return nwrap_main_global->libc->symbols._libc_getpwnam.f(name);
1322 #ifdef HAVE_GETPWNAM_R
1323 static int libc_getpwnam_r(const char *name,
1327 struct passwd **result)
1329 nwrap_bind_symbol_all();
1331 return nwrap_main_global->libc->symbols._libc_getpwnam_r.f(name,
1339 static struct passwd *libc_getpwuid(uid_t uid)
1341 nwrap_bind_symbol_all();
1343 return nwrap_main_global->libc->symbols._libc_getpwuid.f(uid);
1346 #ifdef HAVE_GETPWUID_R
1347 static int libc_getpwuid_r(uid_t uid,
1351 struct passwd **result)
1353 nwrap_bind_symbol_all();
1355 return nwrap_main_global->libc->symbols._libc_getpwuid_r.f(uid,
1363 static inline void str_tolower(char *dst, char *src)
1365 register char *src_tmp = src;
1366 register char *dst_tmp = dst;
1368 while (*src_tmp != '\0') {
1369 *dst_tmp = tolower(*src_tmp);
1375 static bool str_tolower_copy(char **dst_name, const char *const src_name)
1379 if ((dst_name == NULL) || (src_name == NULL)) {
1383 h_name_lower = strdup(src_name);
1384 if (h_name_lower == NULL) {
1385 NWRAP_LOG(NWRAP_LOG_DEBUG, "Out of memory while strdup");
1389 str_tolower(h_name_lower, h_name_lower);
1390 *dst_name = h_name_lower;
1394 static void libc_setpwent(void)
1396 nwrap_bind_symbol_all();
1398 nwrap_main_global->libc->symbols._libc_setpwent.f();
1401 static struct passwd *libc_getpwent(void)
1403 nwrap_bind_symbol_all();
1405 return nwrap_main_global->libc->symbols._libc_getpwent.f();
1408 #ifdef HAVE_GETPWENT_R
1409 # ifdef HAVE_SOLARIS_GETPWENT_R
1410 static struct passwd *libc_getpwent_r(struct passwd *pwdst,
1414 nwrap_bind_symbol_all();
1416 return nwrap_main_global->libc->symbols._libc_getpwent_r.f(pwdst,
1420 # else /* HAVE_SOLARIS_GETPWENT_R */
1421 static int libc_getpwent_r(struct passwd *pwdst,
1424 struct passwd **pwdstp)
1426 nwrap_bind_symbol_all();
1428 return nwrap_main_global->libc->symbols._libc_getpwent_r.f(pwdst,
1433 # endif /* HAVE_SOLARIS_GETPWENT_R */
1434 #endif /* HAVE_GETPWENT_R */
1436 static void libc_endpwent(void)
1438 nwrap_bind_symbol_all();
1440 nwrap_main_global->libc->symbols._libc_endpwent.f();
1443 static int libc_initgroups(const char *user, gid_t gid)
1445 nwrap_bind_symbol_all();
1447 return nwrap_main_global->libc->symbols._libc_initgroups.f(user, gid);
1450 static struct group *libc_getgrnam(const char *name)
1452 nwrap_bind_symbol_all();
1454 return nwrap_main_global->libc->symbols._libc_getgrnam.f(name);
1457 #ifdef HAVE_GETGRNAM_R
1458 static int libc_getgrnam_r(const char *name,
1462 struct group **result)
1464 nwrap_bind_symbol_all();
1466 return nwrap_main_global->libc->symbols._libc_getgrnam_r.f(name,
1474 static struct group *libc_getgrgid(gid_t gid)
1476 nwrap_bind_symbol_all();
1478 return nwrap_main_global->libc->symbols._libc_getgrgid.f(gid);
1481 #ifdef HAVE_GETGRGID_R
1482 static int libc_getgrgid_r(gid_t gid,
1486 struct group **result)
1488 nwrap_bind_symbol_all();
1490 return nwrap_main_global->libc->symbols._libc_getgrgid_r.f(gid,
1498 static void libc_setgrent(void)
1500 nwrap_bind_symbol_all();
1502 nwrap_main_global->libc->symbols._libc_setgrent.f();
1505 static struct group *libc_getgrent(void)
1507 nwrap_bind_symbol_all();
1509 return nwrap_main_global->libc->symbols._libc_getgrent.f();
1512 #ifdef HAVE_GETGRENT_R
1513 # ifdef HAVE_SOLARIS_GETGRENT_R
1514 static struct group *libc_getgrent_r(struct group *group,
1518 nwrap_bind_symbol_all();
1520 return nwrap_main_global->libc->symbols._libc_getgrent_r.f(group,
1524 # else /* HAVE_SOLARIS_GETGRENT_R */
1525 static int libc_getgrent_r(struct group *group,
1528 struct group **result)
1530 nwrap_bind_symbol_all();
1532 return nwrap_main_global->libc->symbols._libc_getgrent_r.f(group,
1537 # endif /* HAVE_SOLARIS_GETGRENT_R */
1538 #endif /* HAVE_GETGRENT_R */
1540 static void libc_endgrent(void)
1542 nwrap_bind_symbol_all();
1544 nwrap_main_global->libc->symbols._libc_endgrent.f();
1547 #ifdef HAVE_GETGROUPLIST
1548 static int libc_getgrouplist(const char *user,
1553 nwrap_bind_symbol_all();
1555 return nwrap_main_global->libc->symbols._libc_getgrouplist.f(user,
1562 static void libc_sethostent(int stayopen)
1564 nwrap_bind_symbol_all();
1566 nwrap_main_global->libc->symbols._libc_sethostent.f(stayopen);
1569 static struct hostent *libc_gethostent(void)
1571 nwrap_bind_symbol_all();
1573 return nwrap_main_global->libc->symbols._libc_gethostent.f();
1576 static void libc_endhostent(void)
1578 nwrap_bind_symbol_all();
1580 nwrap_main_global->libc->symbols._libc_endhostent.f();
1583 static struct hostent *libc_gethostbyname(const char *name)
1585 nwrap_bind_symbol_all();
1587 return nwrap_main_global->libc->symbols._libc_gethostbyname.f(name);
1590 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
1591 static struct hostent *libc_gethostbyname2(const char *name, int af)
1593 nwrap_bind_symbol_all();
1595 return nwrap_main_global->libc->symbols._libc_gethostbyname2.f(name, af);
1599 #ifdef HAVE_GETHOSTBYNAME2_R /* GNU extension */
1600 static int libc_gethostbyname2_r(const char *name,
1602 struct hostent *ret,
1605 struct hostent **result,
1608 nwrap_bind_symbol_all();
1610 return nwrap_main_global->libc->symbols._libc_gethostbyname2_r.f(name,
1620 static struct hostent *libc_gethostbyaddr(const void *addr,
1624 nwrap_bind_symbol_all();
1626 return nwrap_main_global->libc->symbols._libc_gethostbyaddr.f(addr,
1631 static int libc_gethostname(char *name, size_t len)
1633 nwrap_bind_symbol_all();
1635 return nwrap_main_global->libc->symbols._libc_gethostname.f(name, len);
1638 #ifdef HAVE_GETHOSTBYNAME_R
1639 static int libc_gethostbyname_r(const char *name,
1640 struct hostent *ret,
1643 struct hostent **result,
1646 nwrap_bind_symbol_all();
1648 return nwrap_main_global->libc->symbols._libc_gethostbyname_r.f(name,
1657 #ifdef HAVE_GETHOSTBYADDR_R
1658 static int libc_gethostbyaddr_r(const void *addr,
1661 struct hostent *ret,
1664 struct hostent **result,
1667 nwrap_bind_symbol_all();
1669 return nwrap_main_global->libc->symbols._libc_gethostbyaddr_r.f(addr,
1680 static int libc_getaddrinfo(const char *node,
1681 const char *service,
1682 const struct addrinfo *hints,
1683 struct addrinfo **res)
1685 nwrap_bind_symbol_all();
1687 return nwrap_main_global->libc->symbols._libc_getaddrinfo.f(node,
1693 static int libc_getnameinfo(const struct sockaddr *sa,
1701 nwrap_bind_symbol_all();
1703 return nwrap_main_global->libc->symbols._libc_getnameinfo.f(sa,
1712 static void __nwrap_bind_symbol_all_once(void)
1714 nwrap_bind_symbol_libc(getpwnam);
1715 #ifdef HAVE_GETPWNAM_R
1716 # ifdef HAVE___POSIX_GETPWNAM_R
1717 nwrap_bind_symbol_libc_posix(getpwnam_r);
1719 nwrap_bind_symbol_libc(getpwnam_r);
1722 nwrap_bind_symbol_libc(getpwuid);
1723 #ifdef HAVE_GETPWUID_R
1724 # ifdef HAVE___POSIX_GETPWUID_R
1725 nwrap_bind_symbol_libc_posix(getpwuid_r);
1727 nwrap_bind_symbol_libc(getpwuid_r);
1730 nwrap_bind_symbol_libc(setpwent);
1731 nwrap_bind_symbol_libc(getpwent);
1732 #ifdef HAVE_GETPWENT_R
1733 nwrap_bind_symbol_libc(getpwent_r);
1735 nwrap_bind_symbol_libc(endpwent);
1736 nwrap_bind_symbol_libc(initgroups);
1737 nwrap_bind_symbol_libc(getgrnam);
1738 #ifdef HAVE_GETGRNAM_R
1739 # ifdef HAVE___POSIX_GETGRNAM_R
1740 nwrap_bind_symbol_libc_posix(getgrnam_r);
1742 nwrap_bind_symbol_libc(getgrnam_r);
1745 nwrap_bind_symbol_libc(getgrgid);
1746 #ifdef HAVE_GETGRGID_R
1747 # ifdef HAVE___POSIX_GETGRGID_R
1748 nwrap_bind_symbol_libc_posix(getgrgid_r);
1750 nwrap_bind_symbol_libc(getgrgid_r);
1753 nwrap_bind_symbol_libc(setgrent);
1754 nwrap_bind_symbol_libc(getgrent);
1755 nwrap_bind_symbol_libc(getgrent_r);
1756 nwrap_bind_symbol_libc(endgrent);
1757 nwrap_bind_symbol_libc(getgrouplist);
1758 nwrap_bind_symbol_libnsl(sethostent);
1759 nwrap_bind_symbol_libnsl(gethostent);
1760 nwrap_bind_symbol_libnsl(endhostent);
1761 nwrap_bind_symbol_libnsl(gethostbyname);
1762 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
1763 nwrap_bind_symbol_libnsl(gethostbyname2);
1765 #ifdef HAVE_GETHOSTBYNAME2_R /* GNU extension */
1766 nwrap_bind_symbol_libnsl(gethostbyname2_r);
1768 nwrap_bind_symbol_libnsl(gethostbyaddr);
1769 nwrap_bind_symbol_libnsl(gethostname);
1770 #ifdef HAVE_GETHOSTBYNAME_R
1771 nwrap_bind_symbol_libnsl(gethostbyname_r);
1773 #ifdef HAVE_GETHOSTBYADDR_R
1774 nwrap_bind_symbol_libnsl(gethostbyaddr_r);
1776 nwrap_bind_symbol_libsocket(getaddrinfo);
1777 nwrap_bind_symbol_libsocket(getnameinfo);
1780 static void nwrap_bind_symbol_all(void)
1782 static pthread_once_t all_symbol_binding_once = PTHREAD_ONCE_INIT;
1784 pthread_once(&all_symbol_binding_once, __nwrap_bind_symbol_all_once);
1787 /*********************************************************
1788 * NWRAP NSS MODULE LOADER FUNCTIONS
1789 *********************************************************/
1791 static void *_nwrap_bind_nss_module_symbol(struct nwrap_backend *b,
1792 const char *fn_name)
1798 if (b->so_handle == NULL) {
1799 NWRAP_LOG(NWRAP_LOG_ERROR, "No handle");
1803 rc = asprintf(&s, "_nss_%s_%s", b->name, fn_name);
1805 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1809 res = dlsym(b->so_handle, s);
1811 NWRAP_LOG(NWRAP_LOG_WARN,
1812 "Cannot find function %s in %s",
1819 #define nwrap_nss_module_bind_symbol(sym_name) \
1820 if (symbols->_nss_##sym_name.obj == NULL) { \
1821 symbols->_nss_##sym_name.obj = \
1822 _nwrap_bind_nss_module_symbol(b, #sym_name); \
1825 #define nwrap_nss_module_bind_symbol2(sym_name, alt_name) \
1826 if (symbols->_nss_##sym_name.obj == NULL) { \
1827 symbols->_nss_##sym_name.obj = \
1828 _nwrap_bind_nss_module_symbol(b, #alt_name); \
1831 static struct nwrap_nss_module_symbols *
1832 nwrap_bind_nss_module_symbols(struct nwrap_backend *b)
1834 struct nwrap_nss_module_symbols *symbols;
1836 if (!b->so_handle) {
1840 symbols = calloc(1, sizeof(struct nwrap_nss_module_symbols));
1841 if (symbols == NULL) {
1845 nwrap_nss_module_bind_symbol(getpwnam_r);
1846 nwrap_nss_module_bind_symbol(getpwuid_r);
1847 nwrap_nss_module_bind_symbol(setpwent);
1848 nwrap_nss_module_bind_symbol(getpwent_r);
1849 nwrap_nss_module_bind_symbol(endpwent);
1850 nwrap_nss_module_bind_symbol(initgroups_dyn);
1851 nwrap_nss_module_bind_symbol(getgrnam_r);
1852 nwrap_nss_module_bind_symbol(getgrgid_r);
1853 nwrap_nss_module_bind_symbol(setgrent);
1854 nwrap_nss_module_bind_symbol(getgrent_r);
1855 nwrap_nss_module_bind_symbol(endgrent);
1856 nwrap_nss_module_bind_symbol(gethostbyaddr_r);
1857 nwrap_nss_module_bind_symbol(gethostbyname2_r);
1862 static void *nwrap_load_module(const char *so_path)
1866 if (!so_path || !strlen(so_path)) {
1870 h = dlopen(so_path, RTLD_LAZY);
1872 NWRAP_LOG(NWRAP_LOG_ERROR,
1873 "Cannot open shared library %s",
1881 static bool nwrap_module_init(const char *name,
1882 struct nwrap_ops *ops,
1883 const char *so_path,
1884 size_t *num_backends,
1885 struct nwrap_backend **backends)
1887 struct nwrap_backend *b = NULL;
1888 size_t n = *num_backends + 1;
1890 b = realloc(*backends, sizeof(struct nwrap_backend) * n);
1892 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1897 b = &((*backends)[*num_backends]);
1899 *b = (struct nwrap_backend) {
1905 if (so_path != NULL) {
1906 b->so_handle = nwrap_load_module(so_path);
1907 b->symbols = nwrap_bind_nss_module_symbols(b);
1908 if (b->symbols == NULL) {
1918 static void nwrap_libc_init(struct nwrap_main *r)
1920 r->libc = calloc(1, sizeof(struct nwrap_libc));
1921 if (r->libc == NULL) {
1922 printf("Failed to allocate memory for libc");
1927 static void nwrap_backend_init(struct nwrap_main *r)
1929 const char *module_so_path = getenv("NSS_WRAPPER_MODULE_SO_PATH");
1930 const char *module_fn_name = getenv("NSS_WRAPPER_MODULE_FN_PREFIX");
1932 r->num_backends = 0;
1935 if (!nwrap_module_init("files", &nwrap_files_ops, NULL,
1938 NWRAP_LOG(NWRAP_LOG_ERROR,
1939 "Failed to initialize 'files' backend");
1943 if (module_so_path != NULL &&
1944 module_so_path[0] != '\0' &&
1945 module_fn_name != NULL &&
1946 module_fn_name[0] != '\0') {
1947 if (!nwrap_module_init(module_fn_name,
1952 NWRAP_LOG(NWRAP_LOG_ERROR,
1953 "Failed to initialize '%s' backend",
1960 static int _nss_wrapper_init_mutex(pthread_mutex_t *m, const char *name)
1962 pthread_mutexattr_t ma;
1963 bool need_destroy = false;
1966 #define __CHECK(cmd) do { \
1969 NWRAP_LOG(NWRAP_LOG_ERROR, \
1970 "%s: %s - failed %d", \
1976 *m = (pthread_mutex_t)PTHREAD_MUTEX_INITIALIZER;
1977 __CHECK(pthread_mutexattr_init(&ma));
1978 need_destroy = true;
1979 __CHECK(pthread_mutexattr_settype(&ma, PTHREAD_MUTEX_ERRORCHECK));
1980 __CHECK(pthread_mutex_init(m, &ma));
1983 pthread_mutexattr_destroy(&ma);
1988 static void nwrap_init(void)
1992 size_t max_hostents_tmp;
1995 nwrap_mutex_lock(&nwrap_initialized_mutex);
1996 if (nwrap_initialized) {
1997 nwrap_mutex_unlock(&nwrap_initialized_mutex);
2002 * Still holding nwrap_initialized lock here.
2003 * We don't use NWRAP_(UN)LOCK_ALL macros here because we
2004 * want to avoid overhead when other threads do their job.
2006 nwrap_mutex_lock(&nwrap_global_mutex);
2007 nwrap_mutex_lock(&nwrap_gr_global_mutex);
2008 nwrap_mutex_lock(&nwrap_he_global_mutex);
2009 nwrap_mutex_lock(&nwrap_pw_global_mutex);
2010 nwrap_mutex_lock(&nwrap_sp_global_mutex);
2012 nwrap_initialized = true;
2014 env = getenv("NSS_WRAPPER_MAX_HOSTENTS");
2016 max_hostents_tmp = (size_t)strtoul(env, &endptr, 10);
2017 if ((*env == '\0') ||
2018 (*endptr != '\0') ||
2019 (max_hostents_tmp == 0)) {
2020 NWRAP_LOG(NWRAP_LOG_DEBUG,
2021 "Error parsing NSS_WRAPPER_MAX_HOSTENTS "
2022 "value or value is too small. "
2023 "Using default value: %lu.",
2024 (unsigned long)max_hostents);
2026 max_hostents = max_hostents_tmp;
2029 /* Initialize hash table */
2030 NWRAP_LOG(NWRAP_LOG_DEBUG,
2031 "Initializing hash table of size %lu items.",
2032 (unsigned long)max_hostents);
2033 ok = hcreate(max_hostents);
2035 NWRAP_LOG(NWRAP_LOG_ERROR,
2036 "Failed to initialize hash table");
2040 nwrap_main_global = &__nwrap_main_global;
2042 nwrap_libc_init(nwrap_main_global);
2044 nwrap_backend_init(nwrap_main_global);
2047 nwrap_pw_global.cache = &__nwrap_cache_pw;
2049 nwrap_pw_global.cache->path = getenv("NSS_WRAPPER_PASSWD");
2050 nwrap_pw_global.cache->fp = NULL;
2051 nwrap_pw_global.cache->fd = -1;
2052 nwrap_pw_global.cache->private_data = &nwrap_pw_global;
2053 nwrap_pw_global.cache->parse_line = nwrap_pw_parse_line;
2054 nwrap_pw_global.cache->unload = nwrap_pw_unload;
2057 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
2058 nwrap_sp_global.cache = &__nwrap_cache_sp;
2060 nwrap_sp_global.cache->path = getenv("NSS_WRAPPER_SHADOW");
2061 nwrap_sp_global.cache->fp = NULL;
2062 nwrap_sp_global.cache->fd = -1;
2063 nwrap_sp_global.cache->private_data = &nwrap_sp_global;
2064 nwrap_sp_global.cache->parse_line = nwrap_sp_parse_line;
2065 nwrap_sp_global.cache->unload = nwrap_sp_unload;
2066 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
2069 nwrap_gr_global.cache = &__nwrap_cache_gr;
2071 nwrap_gr_global.cache->path = getenv("NSS_WRAPPER_GROUP");
2072 nwrap_gr_global.cache->fp = NULL;
2073 nwrap_gr_global.cache->fd = -1;
2074 nwrap_gr_global.cache->private_data = &nwrap_gr_global;
2075 nwrap_gr_global.cache->parse_line = nwrap_gr_parse_line;
2076 nwrap_gr_global.cache->unload = nwrap_gr_unload;
2079 nwrap_he_global.cache = &__nwrap_cache_he;
2081 nwrap_he_global.cache->path = getenv("NSS_WRAPPER_HOSTS");
2082 nwrap_he_global.cache->fp = NULL;
2083 nwrap_he_global.cache->fd = -1;
2084 nwrap_he_global.cache->private_data = &nwrap_he_global;
2085 nwrap_he_global.cache->parse_line = nwrap_he_parse_line;
2086 nwrap_he_global.cache->unload = nwrap_he_unload;
2088 /* We hold all locks here so we can use NWRAP_UNLOCK_ALL. */
2089 nwrap_mutex_unlock(&nwrap_sp_global_mutex);
2090 nwrap_mutex_unlock(&nwrap_pw_global_mutex);
2091 nwrap_mutex_unlock(&nwrap_he_global_mutex);
2092 nwrap_mutex_unlock(&nwrap_gr_global_mutex);
2093 nwrap_mutex_unlock(&nwrap_global_mutex);
2094 nwrap_mutex_unlock(&nwrap_initialized_mutex);
2097 bool nss_wrapper_enabled(void)
2101 if (nwrap_pw_global.cache->path == NULL ||
2102 nwrap_pw_global.cache->path[0] == '\0') {
2105 if (nwrap_gr_global.cache->path == NULL ||
2106 nwrap_gr_global.cache->path[0] == '\0') {
2113 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
2114 bool nss_wrapper_shadow_enabled(void)
2118 if (nwrap_sp_global.cache->path == NULL ||
2119 nwrap_sp_global.cache->path[0] == '\0') {
2125 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
2127 bool nss_wrapper_hosts_enabled(void)
2131 if (nwrap_he_global.cache->path == NULL ||
2132 nwrap_he_global.cache->path[0] == '\0') {
2139 static bool nwrap_hostname_enabled(void)
2143 if (getenv("NSS_WRAPPER_HOSTNAME") == NULL) {
2150 static bool nwrap_parse_file(struct nwrap_cache *nwrap)
2154 /* Unused but getline needs it */
2158 if (nwrap->st.st_size == 0) {
2159 NWRAP_LOG(NWRAP_LOG_DEBUG, "size == 0");
2163 /* Support for 32-bit system I guess */
2164 if (nwrap->st.st_size > INT32_MAX) {
2165 NWRAP_LOG(NWRAP_LOG_ERROR,
2166 "Size[%u] larger than INT32_MAX",
2167 (unsigned)nwrap->st.st_size);
2174 n = getline(&line, &len, nwrap->fp);
2177 if (feof(nwrap->fp)) {
2181 NWRAP_LOG(NWRAP_LOG_ERROR,
2182 "Unable to read line from file: %s",
2187 if (line[n - 1] == '\n') {
2191 if (line[0] == '\0') {
2196 ok = nwrap->parse_line(nwrap, line);
2198 NWRAP_LOG(NWRAP_LOG_ERROR,
2199 "Unable to parse line file: %s",
2205 /* Line is parsed without issues so add it to list */
2206 ok = nwrap_vector_add_item(&(nwrap->lines), (void *const) line);
2208 NWRAP_LOG(NWRAP_LOG_ERROR,
2209 "Unable to add line to vector");
2213 /* This forces getline to allocate new memory for line. */
2215 } while (!feof(nwrap->fp));
2220 static void nwrap_files_cache_unload(struct nwrap_cache *nwrap)
2222 nwrap->unload(nwrap);
2224 nwrap_lines_unload(nwrap);
2227 static bool nwrap_files_cache_reload(struct nwrap_cache *nwrap)
2232 bool retried = false;
2234 assert(nwrap != NULL);
2237 if (nwrap->fd < 0) {
2238 nwrap->fp = fopen(nwrap->path, "re");
2239 if (nwrap->fp == NULL) {
2241 NWRAP_LOG(NWRAP_LOG_ERROR,
2242 "Unable to open '%s' readonly %d:%s",
2243 nwrap->path, nwrap->fd,
2248 nwrap->fd = fileno(nwrap->fp);
2249 NWRAP_LOG(NWRAP_LOG_DEBUG, "Open '%s'", nwrap->path);
2252 ret = fstat(nwrap->fd, &st);
2253 if (ret != 0 && errno == EBADF && retried == false) {
2254 /* maybe something closed the fd on our behalf */
2255 NWRAP_LOG(NWRAP_LOG_TRACE,
2256 "fstat(%s) - %d:%s - reopen",
2261 memset(&nwrap->st, 0, sizeof(nwrap->st));
2267 else if (ret != 0) {
2268 NWRAP_LOG(NWRAP_LOG_ERROR,
2269 "fstat(%s) - %d:%s",
2279 if (retried == false && st.st_nlink == 0) {
2280 /* maybe someone has replaced the file... */
2281 NWRAP_LOG(NWRAP_LOG_TRACE,
2282 "st_nlink == 0, reopen %s",
2285 memset(&nwrap->st, 0, sizeof(nwrap->st));
2292 if (st.st_mtime == nwrap->st.st_mtime) {
2293 NWRAP_LOG(NWRAP_LOG_TRACE,
2294 "st_mtime[%u] hasn't changed, skip reload",
2295 (unsigned)st.st_mtime);
2299 NWRAP_LOG(NWRAP_LOG_TRACE,
2300 "st_mtime has changed [%u] => [%u], start reload",
2301 (unsigned)st.st_mtime,
2302 (unsigned)nwrap->st.st_mtime);
2306 nwrap_files_cache_unload(nwrap);
2308 ok = nwrap_parse_file(nwrap);
2310 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to reload %s", nwrap->path);
2311 nwrap_files_cache_unload(nwrap);
2315 NWRAP_LOG(NWRAP_LOG_TRACE, "Reloaded %s", nwrap->path);
2320 * the caller has to call nwrap_unload() on failure
2322 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line)
2324 struct nwrap_pw *nwrap_pw;
2331 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
2333 list_size = sizeof(*nwrap_pw->list) * (nwrap_pw->num+1);
2334 pw = (struct passwd *)realloc(nwrap_pw->list, list_size);
2336 NWRAP_LOG(NWRAP_LOG_ERROR,
2337 "realloc(%u) failed",
2338 (unsigned)list_size);
2341 nwrap_pw->list = pw;
2343 pw = &nwrap_pw->list[nwrap_pw->num];
2350 NWRAP_LOG(NWRAP_LOG_ERROR,
2351 "Invalid line[%s]: '%s'",
2361 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", pw->pw_name);
2366 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2374 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]\n", pw->pw_passwd);
2379 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2385 pw->pw_uid = (uid_t)strtoul(c, &e, 10);
2387 NWRAP_LOG(NWRAP_LOG_ERROR,
2388 "Invalid line[%s]: '%s' - %s",
2389 line, c, strerror(errno));
2393 NWRAP_LOG(NWRAP_LOG_ERROR,
2394 "Invalid line[%s]: '%s' - %s",
2395 line, c, strerror(errno));
2399 NWRAP_LOG(NWRAP_LOG_ERROR,
2400 "Invalid line[%s]: '%s' - %s",
2401 line, c, strerror(errno));
2406 NWRAP_LOG(NWRAP_LOG_TRACE, "uid[%u]", pw->pw_uid);
2411 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2417 pw->pw_gid = (gid_t)strtoul(c, &e, 10);
2419 NWRAP_LOG(NWRAP_LOG_ERROR,
2420 "Invalid line[%s]: '%s' - %s",
2421 line, c, strerror(errno));
2425 NWRAP_LOG(NWRAP_LOG_ERROR,
2426 "Invalid line[%s]: '%s' - %s",
2427 line, c, strerror(errno));
2431 NWRAP_LOG(NWRAP_LOG_ERROR,
2432 "Invalid line[%s]: '%s' - %s",
2433 line, c, strerror(errno));
2438 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]\n", pw->pw_gid);
2440 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
2441 pw->pw_class = discard_const_p(char, "");
2443 NWRAP_LOG(NWRAP_LOG_TRACE, "class[%s]", pw->pw_class);
2444 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
2446 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
2449 NWRAP_LOG(NWRAP_LOG_TRACE,
2451 (unsigned long)pw->pw_change);
2452 #endif /* HAVE_STRUCT_PASSWD_PW_CHANGE */
2454 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
2457 NWRAP_LOG(NWRAP_LOG_TRACE,
2459 (unsigned long)pw->pw_expire);
2460 #endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE */
2465 NWRAP_LOG(NWRAP_LOG_ERROR, "invalid line[%s]: '%s'", line, c);
2473 NWRAP_LOG(NWRAP_LOG_TRACE, "gecos[%s]", pw->pw_gecos);
2478 NWRAP_LOG(NWRAP_LOG_ERROR, "'%s'", c);
2486 NWRAP_LOG(NWRAP_LOG_TRACE, "dir[%s]", pw->pw_dir);
2490 NWRAP_LOG(NWRAP_LOG_TRACE, "shell[%s]", pw->pw_shell);
2492 NWRAP_LOG(NWRAP_LOG_DEBUG,
2493 "Added user[%s:%s:%u:%u:%s:%s:%s]",
2494 pw->pw_name, pw->pw_passwd,
2495 pw->pw_uid, pw->pw_gid,
2496 pw->pw_gecos, pw->pw_dir, pw->pw_shell);
2502 static void nwrap_pw_unload(struct nwrap_cache *nwrap)
2504 struct nwrap_pw *nwrap_pw;
2505 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
2507 SAFE_FREE(nwrap_pw->list);
2512 static int nwrap_pw_copy_r(const struct passwd *src, struct passwd *dst,
2513 char *buf, size_t buflen, struct passwd **dstp)
2519 first = src->pw_name;
2521 last = src->pw_shell;
2522 while (*last) last++;
2524 ofs = PTR_DIFF(last + 1, first);
2526 if (ofs > (off_t) buflen) {
2530 memcpy(buf, first, ofs);
2532 ofs = PTR_DIFF(src->pw_name, first);
2533 dst->pw_name = buf + ofs;
2534 ofs = PTR_DIFF(src->pw_passwd, first);
2535 dst->pw_passwd = buf + ofs;
2536 dst->pw_uid = src->pw_uid;
2537 dst->pw_gid = src->pw_gid;
2538 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
2539 ofs = PTR_DIFF(src->pw_class, first);
2540 dst->pw_class = buf + ofs;
2541 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
2543 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
2545 #endif /* HAVE_STRUCT_PASSWD_PW_CHANGE */
2547 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
2549 #endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE */
2551 ofs = PTR_DIFF(src->pw_gecos, first);
2552 dst->pw_gecos = buf + ofs;
2553 ofs = PTR_DIFF(src->pw_dir, first);
2554 dst->pw_dir = buf + ofs;
2555 ofs = PTR_DIFF(src->pw_shell, first);
2556 dst->pw_shell = buf + ofs;
2565 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
2566 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line)
2568 struct nwrap_sp *nwrap_sp;
2575 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2577 list_size = sizeof(*nwrap_sp->list) * (nwrap_sp->num+1);
2578 sp = (struct spwd *)realloc(nwrap_sp->list, list_size);
2580 NWRAP_LOG(NWRAP_LOG_ERROR,
2581 "realloc(%u) failed",
2582 (unsigned)list_size);
2585 nwrap_sp->list = sp;
2587 sp = &nwrap_sp->list[nwrap_sp->num];
2594 NWRAP_LOG(NWRAP_LOG_ERROR,
2595 "name -- Invalid line[%s]: '%s'",
2605 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", sp->sp_namp);
2610 NWRAP_LOG(NWRAP_LOG_ERROR,
2611 "pwd -- Invalid line[%s]: '%s'",
2628 NWRAP_LOG(NWRAP_LOG_ERROR,
2629 "lstchg -- Invalid line[%s]: '%s'",
2636 sp->sp_lstchg = strtol(c, &e, 10);
2638 NWRAP_LOG(NWRAP_LOG_ERROR,
2639 "lstchg -- Invalid line[%s]: '%s' - %s",
2640 line, c, strerror(errno));
2644 NWRAP_LOG(NWRAP_LOG_ERROR,
2645 "lstchg -- Invalid line[%s]: '%s' - %s",
2646 line, c, strerror(errno));
2650 NWRAP_LOG(NWRAP_LOG_ERROR,
2651 "lstchg -- Invalid line[%s]: '%s' - %s",
2652 line, c, strerror(errno));
2665 NWRAP_LOG(NWRAP_LOG_ERROR,
2666 "min -- Invalid line[%s]: '%s'",
2673 sp->sp_min = strtol(c, &e, 10);
2675 NWRAP_LOG(NWRAP_LOG_ERROR,
2676 "min -- Invalid line[%s]: '%s' - %s",
2677 line, c, strerror(errno));
2681 NWRAP_LOG(NWRAP_LOG_ERROR,
2682 "min -- Invalid line[%s]: '%s' - %s",
2683 line, c, strerror(errno));
2687 NWRAP_LOG(NWRAP_LOG_ERROR,
2688 "min -- Invalid line[%s]: '%s' - %s",
2689 line, c, strerror(errno));
2702 NWRAP_LOG(NWRAP_LOG_ERROR,
2703 "max -- Invalid line[%s]: '%s'",
2710 sp->sp_max = strtol(c, &e, 10);
2712 NWRAP_LOG(NWRAP_LOG_ERROR,
2713 "max -- Invalid line[%s]: '%s' - %s",
2714 line, c, strerror(errno));
2718 NWRAP_LOG(NWRAP_LOG_ERROR,
2719 "max -- Invalid line[%s]: '%s' - %s",
2720 line, c, strerror(errno));
2724 NWRAP_LOG(NWRAP_LOG_ERROR,
2725 "max -- Invalid line[%s]: '%s' - %s",
2726 line, c, strerror(errno));
2739 NWRAP_LOG(NWRAP_LOG_ERROR,
2740 "warn -- Invalid line[%s]: '%s'",
2747 sp->sp_warn = strtol(c, &e, 10);
2749 NWRAP_LOG(NWRAP_LOG_ERROR,
2750 "warn -- Invalid line[%s]: '%s' - %s",
2751 line, c, strerror(errno));
2755 NWRAP_LOG(NWRAP_LOG_ERROR,
2756 "warn -- Invalid line[%s]: '%s' - %s",
2757 line, c, strerror(errno));
2761 NWRAP_LOG(NWRAP_LOG_ERROR,
2762 "warn -- Invalid line[%s]: '%s' - %s",
2763 line, c, strerror(errno));
2776 NWRAP_LOG(NWRAP_LOG_ERROR,
2777 "inact -- Invalid line[%s]: '%s'",
2784 sp->sp_inact = strtol(c, &e, 10);
2786 NWRAP_LOG(NWRAP_LOG_ERROR,
2787 "inact -- Invalid line[%s]: '%s' - %s",
2788 line, c, strerror(errno));
2792 NWRAP_LOG(NWRAP_LOG_ERROR,
2793 "inact -- Invalid line[%s]: '%s' - %s",
2794 line, c, strerror(errno));
2798 NWRAP_LOG(NWRAP_LOG_ERROR,
2799 "inact -- Invalid line[%s]: '%s' - %s",
2800 line, c, strerror(errno));
2813 NWRAP_LOG(NWRAP_LOG_ERROR,
2814 "expire -- Invalid line[%s]: '%s'",
2821 sp->sp_expire = strtol(c, &e, 10);
2823 NWRAP_LOG(NWRAP_LOG_ERROR,
2824 "expire -- Invalid line[%s]: '%s' - %s",
2825 line, c, strerror(errno));
2829 NWRAP_LOG(NWRAP_LOG_ERROR,
2830 "expire -- Invalid line[%s]: '%s' - %s",
2831 line, c, strerror(errno));
2835 NWRAP_LOG(NWRAP_LOG_ERROR,
2836 "expire -- Invalid line[%s]: '%s' - %s",
2837 line, c, strerror(errno));
2847 static void nwrap_sp_unload(struct nwrap_cache *nwrap)
2849 struct nwrap_sp *nwrap_sp;
2850 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2852 SAFE_FREE(nwrap_sp->list);
2856 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
2859 * the caller has to call nwrap_unload() on failure
2861 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line)
2863 struct nwrap_gr *nwrap_gr;
2871 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2873 list_size = sizeof(*nwrap_gr->list) * (nwrap_gr->num+1);
2874 gr = (struct group *)realloc(nwrap_gr->list, list_size);
2876 NWRAP_LOG(NWRAP_LOG_ERROR, "realloc failed");
2879 nwrap_gr->list = gr;
2881 gr = &nwrap_gr->list[nwrap_gr->num];
2888 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2896 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]", gr->gr_name);
2901 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2909 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]", gr->gr_passwd);
2914 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2920 gr->gr_gid = (gid_t)strtoul(c, &e, 10);
2922 NWRAP_LOG(NWRAP_LOG_ERROR,
2923 "Invalid line[%s]: '%s' - %s",
2924 line, c, strerror(errno));
2928 NWRAP_LOG(NWRAP_LOG_ERROR,
2929 "Invalid line[%s]: '%s' - %s",
2930 line, c, strerror(errno));
2934 NWRAP_LOG(NWRAP_LOG_ERROR,
2935 "Invalid line[%s]: '%s' - %s",
2936 line, c, strerror(errno));
2941 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]", gr->gr_gid);
2944 gr->gr_mem = (char **)malloc(sizeof(char *));
2946 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
2949 gr->gr_mem[0] = NULL;
2951 for(nummem = 0; p != NULL && p[0] != '\0'; nummem++) {
2961 if (strlen(c) == 0) {
2965 m_size = sizeof(char *) * (nummem+2);
2966 m = (char **)realloc(gr->gr_mem, m_size);
2968 NWRAP_LOG(NWRAP_LOG_ERROR,
2969 "realloc(%zd) failed",
2974 gr->gr_mem[nummem] = c;
2975 gr->gr_mem[nummem+1] = NULL;
2977 NWRAP_LOG(NWRAP_LOG_TRACE,
2979 nummem, gr->gr_mem[nummem]);
2982 NWRAP_LOG(NWRAP_LOG_DEBUG,
2983 "Added group[%s:%s:%u:] with %u members",
2984 gr->gr_name, gr->gr_passwd, gr->gr_gid, nummem);
2990 static void nwrap_gr_unload(struct nwrap_cache *nwrap)
2993 struct nwrap_gr *nwrap_gr;
2994 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2996 if (nwrap_gr->list) {
2997 for (i=0; i < nwrap_gr->num; i++) {
2998 SAFE_FREE(nwrap_gr->list[i].gr_mem);
3000 SAFE_FREE(nwrap_gr->list);
3007 static int nwrap_gr_copy_r(const struct group *src, struct group *dst,
3008 char *buf, size_t buflen, struct group **dstp)
3011 uintptr_t align = 0;
3012 unsigned int gr_mem_cnt = 0;
3015 size_t gr_name_len = strlen(src->gr_name) + 1;
3016 size_t gr_passwd_len = strlen(src->gr_passwd) + 1;
3022 for (i = 0; src->gr_mem[i] != NULL; i++) {
3026 /* Align the memory for storing pointers */
3027 align = __alignof__(char *) - ((p - (char *)0) % __alignof__(char *));
3029 (1 + gr_mem_cnt) * sizeof(char *) +
3030 gr_name_len + gr_passwd_len;
3032 if (total_len > buflen) {
3036 buflen -= total_len;
3041 dst->gr_mem = g_mem.data;
3044 p += (1 + gr_mem_cnt) * sizeof(char *);
3055 dst->gr_gid = src->gr_gid;
3057 memcpy(dst->gr_name, src->gr_name, gr_name_len);
3059 memcpy(dst->gr_passwd, src->gr_passwd, gr_passwd_len);
3061 /* Set the terminating entry */
3062 dst->gr_mem[gr_mem_cnt] = NULL;
3064 /* Now add the group members content */
3066 for (i = 0; i < gr_mem_cnt; i++) {
3067 size_t len = strlen(src->gr_mem[i]) + 1;
3074 if (total_len > buflen) {
3079 for (i = 0; i < gr_mem_cnt; i++) {
3080 size_t len = strlen(src->gr_mem[i]) + 1;
3082 memcpy(dst->gr_mem[i],
3094 static struct nwrap_entlist *nwrap_entlist_init(struct nwrap_entdata *ed)
3096 struct nwrap_entlist *el;
3099 NWRAP_LOG(NWRAP_LOG_ERROR,
3100 "entry is NULL, can't create list item");
3104 el = (struct nwrap_entlist *)malloc(sizeof(struct nwrap_entlist));
3106 NWRAP_LOG(NWRAP_LOG_ERROR, "malloc failed");
3116 static bool nwrap_ed_inventarize_add_new(char *const h_name,
3117 struct nwrap_entdata *const ed)
3121 struct nwrap_entlist *el;
3124 if (h_name == NULL) {
3125 NWRAP_LOG(NWRAP_LOG_ERROR, "h_name NULL - can't add");
3129 el = nwrap_entlist_init(ed);
3135 e.data = (void *)el;
3137 p = hsearch(e, ENTER);
3139 NWRAP_LOG(NWRAP_LOG_ERROR,
3140 "Hash table is full (%s)!",
3145 ok = nwrap_vector_add_item(&(nwrap_he_global.lists), (void *)el);
3147 NWRAP_LOG(NWRAP_LOG_ERROR,
3148 "Failed to add list entry to vector.");
3155 static bool nwrap_ed_inventarize_add_to_existing(struct nwrap_entdata *const ed,
3156 struct nwrap_entlist *const el)
3158 struct nwrap_entlist *cursor;
3159 struct nwrap_entlist *el_new;
3162 NWRAP_LOG(NWRAP_LOG_ERROR, "list is NULL, can not add");
3167 for (cursor = el; cursor->next != NULL; cursor = cursor->next)
3169 if (cursor->ed == ed) {
3170 /* The entry already exists in this list. */
3175 if (cursor->ed == ed) {
3176 /* The entry already exists in this list. */
3180 el_new = nwrap_entlist_init(ed);
3181 if (el_new == NULL) {
3185 cursor->next = el_new;
3189 static bool nwrap_ed_inventarize(char *const name,
3190 struct nwrap_entdata *const ed)
3199 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching name: %s", e.key);
3201 p = hsearch(e, FIND);
3203 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found. Adding...", name);
3204 ok = nwrap_ed_inventarize_add_new(name, ed);
3206 struct nwrap_entlist *el = (struct nwrap_entlist *)p->data;
3208 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s found. Add record to list.", name);
3209 ok = nwrap_ed_inventarize_add_to_existing(ed, el);
3215 static bool nwrap_add_hname(struct nwrap_entdata *const ed)
3217 char *const h_name = (char *const)(ed->ht.h_name);
3221 ok = nwrap_ed_inventarize(h_name, ed);
3226 if (ed->ht.h_aliases == NULL) {
3230 /* Itemize aliases */
3231 for (i = 0; ed->ht.h_aliases[i] != NULL; ++i) {
3234 h_name_alias = ed->ht.h_aliases[i];
3236 NWRAP_LOG(NWRAP_LOG_DEBUG, "Add alias: %s", h_name_alias);
3238 if (!nwrap_ed_inventarize(h_name_alias, ed)) {
3239 NWRAP_LOG(NWRAP_LOG_ERROR,
3240 "Unable to add alias: %s", h_name_alias);
3248 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line)
3250 struct nwrap_he *nwrap_he = (struct nwrap_he *)nwrap->private_data;
3251 bool do_aliases = true;
3252 ssize_t aliases_count = 0;
3260 struct nwrap_entdata *ed = (struct nwrap_entdata *)
3261 malloc(sizeof(struct nwrap_entdata));
3263 NWRAP_LOG(NWRAP_LOG_ERROR,
3264 "Unable to allocate memory for nwrap_entdata");
3275 /* Walk to first char */
3276 for (p = i; *p != '.' && *p != ':' && !isxdigit((int) *p); p++) {
3278 NWRAP_LOG(NWRAP_LOG_ERROR,
3279 "Invalid line[%s]: '%s'",
3286 for (i = p; !isspace((int)*p); p++) {
3288 NWRAP_LOG(NWRAP_LOG_ERROR,
3289 "Invalid line[%s]: '%s'",
3298 if (inet_pton(AF_INET, i, ed->addr.host_addr)) {
3299 ed->ht.h_addrtype = AF_INET;
3300 ed->ht.h_length = 4;
3302 } else if (inet_pton(AF_INET6, i, ed->addr.host_addr)) {
3303 ed->ht.h_addrtype = AF_INET6;
3304 ed->ht.h_length = 16;
3307 NWRAP_LOG(NWRAP_LOG_ERROR,
3308 "Invalid line[%s]: '%s'",
3316 ok = nwrap_vector_add_item(&(ed->nwrap_addrdata),
3317 (void *const)ed->addr.host_addr);
3319 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add addrdata to vector");
3323 ed->ht.h_addr_list = nwrap_vector_head(&ed->nwrap_addrdata);
3331 /* Walk to first char */
3332 for (n = p; *p != '_' && !isalnum((int) *p); p++) {
3334 NWRAP_LOG(NWRAP_LOG_ERROR,
3335 "Invalid line[%s]: '%s'",
3343 for (n = p; !isspace((int)*p); p++) {
3352 /* Convert to lowercase. This operate on same memory region */
3356 /* glib's getent always dereferences he->h_aliases */
3357 ed->ht.h_aliases = malloc(sizeof(char *));
3358 if (ed->ht.h_aliases == NULL) {
3362 ed->ht.h_aliases[0] = NULL;
3367 while (do_aliases) {
3373 /* Walk to first char */
3374 for (a = p; *p != '_' && !isalnum((int) *p); p++) {
3380 /* Only trailing spaces are left */
3385 for (a = p; !isspace((int)*p); p++) {
3394 aliases = realloc(ed->ht.h_aliases, sizeof(char *) * (aliases_count + 2));
3395 if (aliases == NULL) {
3399 ed->ht.h_aliases = aliases;
3402 aliases[aliases_count] = a;
3403 aliases[aliases_count + 1] = NULL;
3408 ok = nwrap_vector_add_item(&(nwrap_he->entries), (void *const)ed);
3410 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add entry to vector");
3415 ed->aliases_count = aliases_count;
3416 /* Inventarize item */
3417 ok = nwrap_add_hname(ed);
3422 ok = nwrap_ed_inventarize(ip, ed);
3431 static void nwrap_he_unload(struct nwrap_cache *nwrap)
3433 struct nwrap_he *nwrap_he =
3434 (struct nwrap_he *)nwrap->private_data;
3435 struct nwrap_entdata *ed;
3436 struct nwrap_entlist *el;
3440 nwrap_vector_foreach (ed, nwrap_he->entries, i)
3442 SAFE_FREE(ed->nwrap_addrdata.items);
3443 SAFE_FREE(ed->ht.h_aliases);
3446 SAFE_FREE(nwrap_he->entries.items);
3447 nwrap_he->entries.count = nwrap_he->entries.capacity = 0;
3449 nwrap_vector_foreach(el, nwrap_he->lists, i)
3451 while (el != NULL) {
3452 struct nwrap_entlist *el_next;
3459 SAFE_FREE(nwrap_he->lists.items);
3460 nwrap_he->lists.count = nwrap_he->lists.capacity = 0;
3466 * If we unload the file, the pointers in the hash table point to
3467 * invalid memory. So we need to destroy the hash table and recreate
3471 rc = hcreate(max_hostents);
3473 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to initialize hash table");
3479 /* user functions */
3480 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
3486 (void) b; /* unused */
3488 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3490 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3492 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3496 for (i=0; i<nwrap_pw_global.num; i++) {
3497 if (strcmp(nwrap_pw_global.list[i].pw_name, name) == 0) {
3498 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3499 return &nwrap_pw_global.list[i];
3501 NWRAP_LOG(NWRAP_LOG_DEBUG,
3502 "user[%s] does not match [%s]",
3504 nwrap_pw_global.list[i].pw_name);
3507 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3513 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
3514 const char *name, struct passwd *pwdst,
3515 char *buf, size_t buflen, struct passwd **pwdstp)
3519 pw = nwrap_files_getpwnam(b, name);
3527 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3530 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
3536 (void) b; /* unused */
3538 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3540 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3544 for (i=0; i<nwrap_pw_global.num; i++) {
3545 if (nwrap_pw_global.list[i].pw_uid == uid) {
3546 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] found", uid);
3547 return &nwrap_pw_global.list[i];
3549 NWRAP_LOG(NWRAP_LOG_DEBUG,
3550 "uid[%u] does not match [%u]",
3552 nwrap_pw_global.list[i].pw_uid);
3555 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] not found\n", uid);
3561 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
3562 uid_t uid, struct passwd *pwdst,
3563 char *buf, size_t buflen, struct passwd **pwdstp)
3567 pw = nwrap_files_getpwuid(b, uid);
3575 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3578 /* user enum functions */
3579 static void nwrap_files_setpwent(struct nwrap_backend *b)
3581 (void) b; /* unused */
3583 nwrap_pw_global.idx = 0;
3586 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b)
3590 (void) b; /* unused */
3592 if (nwrap_pw_global.idx == 0) {
3594 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3596 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3601 if (nwrap_pw_global.idx >= nwrap_pw_global.num) {
3606 pw = &nwrap_pw_global.list[nwrap_pw_global.idx++];
3608 NWRAP_LOG(NWRAP_LOG_DEBUG,
3609 "return user[%s] uid[%u]",
3610 pw->pw_name, pw->pw_uid);
3615 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
3616 struct passwd *pwdst, char *buf,
3617 size_t buflen, struct passwd **pwdstp)
3621 pw = nwrap_files_getpwent(b);
3629 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3632 static void nwrap_files_endpwent(struct nwrap_backend *b)
3634 (void) b; /* unused */
3636 nwrap_pw_global.idx = 0;
3641 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
3643 #ifdef HAVE_SETSPENT
3644 static void nwrap_files_setspent(void)
3646 nwrap_sp_global.idx = 0;
3649 static struct spwd *nwrap_files_getspent(void)
3653 if (nwrap_sp_global.idx == 0) {
3656 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3658 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3663 if (nwrap_sp_global.idx >= nwrap_sp_global.num) {
3668 sp = &nwrap_sp_global.list[nwrap_sp_global.idx++];
3670 NWRAP_LOG(NWRAP_LOG_DEBUG,
3677 static void nwrap_files_endspent(void)
3679 nwrap_sp_global.idx = 0;
3681 #endif /* HAVE_SETSPENT */
3683 static struct spwd *nwrap_files_getspnam(const char *name)
3688 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3690 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3692 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3696 for (i=0; i<nwrap_sp_global.num; i++) {
3697 if (strcmp(nwrap_sp_global.list[i].sp_namp, name) == 0) {
3698 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3699 return &nwrap_sp_global.list[i];
3701 NWRAP_LOG(NWRAP_LOG_DEBUG,
3702 "user[%s] does not match [%s]",
3704 nwrap_sp_global.list[i].sp_namp);
3707 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3712 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
3714 /* misc functions */
3715 static int nwrap_files_initgroups_dyn(struct nwrap_backend *b,
3727 (void)errnop; /* unused */
3728 nwrap_files_setgrent(b);
3729 while ((grp = nwrap_files_getgrent(b)) != NULL) {
3730 NWRAP_LOG(NWRAP_LOG_DEBUG,
3731 "Inspecting %s for group membership",
3734 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
3735 if (group != grp->gr_gid &&
3736 (strcmp(user, grp->gr_mem[i]) == 0)) {
3737 NWRAP_LOG(NWRAP_LOG_DEBUG,
3738 "%s is member of %s",
3742 if (*start == *size) {
3746 newsize = 2 * (*size);
3747 if (limit > 0 && newsize > limit) {
3748 newsize = MAX(limit, *size);
3750 newgroups = (gid_t *) realloc((*groups),
3751 newsize * sizeof(**groups));
3756 *groups = newgroups;
3759 (*groups)[*start] = grp->gr_gid;
3765 nwrap_files_endgrent(b);
3769 /* group functions */
3770 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
3776 (void) b; /* unused */
3778 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3780 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3784 for (i=0; i<nwrap_gr_global.num; i++) {
3785 if (strcmp(nwrap_gr_global.list[i].gr_name, name) == 0) {
3786 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] found", name);
3787 return &nwrap_gr_global.list[i];
3789 NWRAP_LOG(NWRAP_LOG_DEBUG,
3790 "group[%s] does not match [%s]",
3792 nwrap_gr_global.list[i].gr_name);
3795 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] not found", name);
3801 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
3802 const char *name, struct group *grdst,
3803 char *buf, size_t buflen, struct group **grdstp)
3807 gr = nwrap_files_getgrnam(b, name);
3815 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3818 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
3824 (void) b; /* unused */
3826 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3828 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3832 for (i=0; i<nwrap_gr_global.num; i++) {
3833 if (nwrap_gr_global.list[i].gr_gid == gid) {
3834 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] found", gid);
3835 return &nwrap_gr_global.list[i];
3837 NWRAP_LOG(NWRAP_LOG_DEBUG,
3838 "gid[%u] does not match [%u]",
3840 nwrap_gr_global.list[i].gr_gid);
3843 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] not found", gid);
3849 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
3850 gid_t gid, struct group *grdst,
3851 char *buf, size_t buflen, struct group **grdstp)
3855 gr = nwrap_files_getgrgid(b, gid);
3863 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3866 /* group enum functions */
3867 static void nwrap_files_setgrent(struct nwrap_backend *b)
3869 (void) b; /* unused */
3871 nwrap_gr_global.idx = 0;
3874 static struct group *nwrap_files_getgrent(struct nwrap_backend *b)
3878 (void) b; /* unused */
3880 if (nwrap_gr_global.idx == 0) {
3883 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3885 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3890 if (nwrap_gr_global.idx >= nwrap_gr_global.num) {
3895 gr = &nwrap_gr_global.list[nwrap_gr_global.idx++];
3897 NWRAP_LOG(NWRAP_LOG_DEBUG,
3898 "return group[%s] gid[%u]",
3899 gr->gr_name, gr->gr_gid);
3904 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
3905 struct group *grdst, char *buf,
3906 size_t buflen, struct group **grdstp)
3910 gr = nwrap_files_getgrent(b);
3918 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3921 static void nwrap_files_endgrent(struct nwrap_backend *b)
3923 (void) b; /* unused */
3925 nwrap_gr_global.idx = 0;
3928 /* hosts functions */
3929 static int nwrap_files_internal_gethostbyname(const char *name, int af,
3930 struct hostent *result,
3931 struct nwrap_vector *addr_list)
3933 struct nwrap_entlist *el;
3938 char canon_name[DNS_NAME_MAX] = { 0 };
3940 bool he_found = false;
3944 * We need to make sure we have zeroed return pointer for consumers
3945 * which don't check return values, e.g. OpenLDAP.
3947 ZERO_STRUCTP(result);
3949 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3951 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3955 name_len = strlen(name);
3956 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
3957 memcpy(canon_name, name, name_len - 1);
3958 canon_name[name_len] = '\0';
3962 if (!str_tolower_copy(&h_name_lower, name)) {
3963 NWRAP_LOG(NWRAP_LOG_DEBUG,
3964 "Out of memory while converting to lower case");
3968 /* Look at hash table for element */
3969 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3970 e.key = h_name_lower;
3972 e_p = hsearch(e, FIND);
3974 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3975 SAFE_FREE(h_name_lower);
3978 SAFE_FREE(h_name_lower);
3980 /* Always cleanup vector and results */
3981 if (!nwrap_vector_is_initialized(addr_list)) {
3982 if (!nwrap_vector_init(addr_list)) {
3983 NWRAP_LOG(NWRAP_LOG_DEBUG,
3984 "Unable to initialize memory for addr_list vector");
3988 /* When vector is initialized data are valid no more.
3989 * Quick way how to free vector is: */
3990 addr_list->count = 0;
3993 /* Iterate through results */
3994 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3998 /* Filter by address familiy if provided */
3999 if (af != AF_UNSPEC && he->h_addrtype != af) {
4005 * glibc doesn't return ipv6 addresses when AF_UNSPEC is used
4007 if (af == AF_UNSPEC && he->h_addrtype != AF_INET) {
4012 memcpy(result, he, sizeof(struct hostent));
4013 NWRAP_LOG(NWRAP_LOG_DEBUG,
4014 "Name found. Returning record for %s",
4018 nwrap_vector_merge(addr_list, &el->ed->nwrap_addrdata);
4019 result->h_addr_list = nwrap_vector_head(addr_list);
4025 NWRAP_LOG(NWRAP_LOG_DEBUG,
4026 "Name found in database. No records matches type.");
4033 static int nwrap_files_gethostbyname2_r(struct nwrap_backend *b,
4034 const char *name, int af,
4035 struct hostent *hedst,
4036 char *buf, size_t buflen,
4037 struct hostent **hedstp)
4039 struct nwrap_vector *addr_list = NULL;
4046 (void) b; /* unused */
4047 (void) af; /* unused */
4049 if (name == NULL || hedst == NULL || buf == NULL || buflen == 0) {
4056 addr_list = calloc(1, sizeof(struct nwrap_vector));
4057 if (addr_list == NULL) {
4058 NWRAP_LOG(NWRAP_LOG_ERROR,
4059 "Unable to allocate memory for address list");
4064 rc = nwrap_files_internal_gethostbyname(name, af, hedst,
4067 SAFE_FREE(addr_list->items);
4068 SAFE_FREE(addr_list);
4073 /* +1 i for ending NULL pointer */
4074 if (buflen < ((addr_list->count + 1) * sizeof(void *))) {
4075 SAFE_FREE(addr_list->items);
4076 SAFE_FREE(addr_list);
4080 /* Copy all to user provided buffer and change
4081 * pointers in returned structure.
4082 * +1 is for ending NULL pointer. */
4083 memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *));
4085 SAFE_FREE(addr_list->items);
4086 SAFE_FREE(addr_list);
4089 hedst->h_addr_list = g.list;
4094 #ifdef HAVE_GETHOSTBYNAME_R
4095 static int nwrap_gethostbyname_r(const char *name,
4096 struct hostent *ret,
4097 char *buf, size_t buflen,
4098 struct hostent **result, int *h_errnop)
4103 for (i=0; i < nwrap_main_global->num_backends; i++) {
4104 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4105 rc = b->ops->nw_gethostbyname2_r(b, name, AF_UNSPEC, ret,
4106 buf, buflen, result);
4109 } else if (rc == ERANGE) {
4113 *h_errnop = h_errno;
4117 int gethostbyname_r(const char *name,
4118 struct hostent *ret,
4119 char *buf, size_t buflen,
4120 struct hostent **result, int *h_errnop)
4122 if (!nss_wrapper_hosts_enabled()) {
4123 return libc_gethostbyname_r(name,
4131 return nwrap_gethostbyname_r(name, ret, buf, buflen, result, h_errnop);
4135 #ifdef HAVE_GETHOSTBYNAME2_R
4136 static int nwrap_gethostbyname2_r(const char *name, int af,
4137 struct hostent *ret,
4138 char *buf, size_t buflen,
4139 struct hostent **result, int *h_errnop)
4144 for (i=0; i < nwrap_main_global->num_backends; i++) {
4145 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4146 rc = b->ops->nw_gethostbyname2_r(b, name, af, ret,
4147 buf, buflen, result);
4150 } else if (rc == ERANGE) {
4154 *h_errnop = h_errno;
4158 int gethostbyname2_r(const char *name, int af,
4159 struct hostent *ret,
4160 char *buf, size_t buflen,
4161 struct hostent **result, int *h_errnop)
4163 if (!nss_wrapper_hosts_enabled()) {
4164 return libc_gethostbyname2_r(name, af, ret, buf, buflen,
4168 return nwrap_gethostbyname2_r(name, af, ret, buf, buflen, result,
4173 static int nwrap_files_getaddrinfo(const char *name,
4174 unsigned short port,
4175 const struct addrinfo *hints,
4176 struct addrinfo **ai)
4178 struct nwrap_entlist *el;
4180 struct addrinfo *ai_head = NULL;
4181 struct addrinfo *ai_cur = NULL;
4184 char canon_name[DNS_NAME_MAX] = { 0 };
4185 bool skip_canonname = false;
4193 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
4195 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
4199 name_len = strlen(name);
4200 if (name_len == 0) {
4204 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
4205 memcpy(canon_name, name, name_len - 1);
4206 canon_name[name_len] = '\0';
4210 if (!str_tolower_copy(&h_name_lower, name)) {
4211 NWRAP_LOG(NWRAP_LOG_DEBUG,
4212 "Out of memory while converting to lower case");
4216 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
4217 e.key = h_name_lower;
4219 e_p = hsearch(e, FIND);
4221 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
4222 SAFE_FREE(h_name_lower);
4226 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name: %s found.", h_name_lower);
4227 SAFE_FREE(h_name_lower);
4230 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
4233 struct addrinfo *ai_new = NULL;
4237 if (hints->ai_family != AF_UNSPEC &&
4238 he->h_addrtype != hints->ai_family)
4240 NWRAP_LOG(NWRAP_LOG_DEBUG,
4241 "Entry found but with wrong AF - "
4242 "remembering EAI_ADDRINFO.");
4243 rc = EAI_ADDRFAMILY;
4247 /* Function allocates memory and returns it in ai. */
4248 rc2 = nwrap_convert_he_ai(he,
4254 NWRAP_LOG(NWRAP_LOG_ERROR, "Error converting he to ai");
4255 if (ai_head != NULL) {
4256 freeaddrinfo(ai_head);
4260 skip_canonname = true;
4262 if (ai_head == NULL) {
4265 if (ai_cur != NULL) {
4266 ai_cur->ai_next = ai_new;
4271 if (ai_head != NULL) {
4280 static struct hostent *nwrap_files_gethostbyaddr(struct nwrap_backend *b,
4282 socklen_t len, int type)
4285 char ip[NWRAP_INET_ADDRSTRLEN] = {0};
4286 struct nwrap_entdata *ed;
4291 (void) b; /* unused */
4292 (void) len; /* unused */
4294 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
4296 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
4300 a = inet_ntop(type, addr, ip, sizeof(ip));
4306 nwrap_vector_foreach(ed, nwrap_he_global.entries, i)
4309 if (he->h_addrtype != type) {
4313 if (memcmp(addr, he->h_addr_list[0], he->h_length) == 0) {
4322 #ifdef HAVE_GETHOSTBYADDR_R
4323 static int nwrap_gethostbyaddr_r(const void *addr, socklen_t len, int type,
4324 struct hostent *ret,
4325 char *buf, size_t buflen,
4326 struct hostent **result, int *h_errnop)
4329 for (i=0; i < nwrap_main_global->num_backends; i++) {
4330 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4331 *result = b->ops->nw_gethostbyaddr(b, addr, len, type);
4332 if (*result != NULL) {
4337 if (*result != NULL) {
4338 memset(buf, '\0', buflen);
4343 *h_errnop = h_errno;
4347 int gethostbyaddr_r(const void *addr, socklen_t len, int type,
4348 struct hostent *ret,
4349 char *buf, size_t buflen,
4350 struct hostent **result, int *h_errnop)
4352 if (!nss_wrapper_hosts_enabled()) {
4353 return libc_gethostbyaddr_r(addr,
4363 return nwrap_gethostbyaddr_r(addr, len, type, ret, buf, buflen, result, h_errnop);
4367 /* hosts enum functions */
4368 static void nwrap_files_sethostent(void)
4370 nwrap_he_global.idx = 0;
4373 static struct hostent *nwrap_files_gethostent(void)
4377 if (nwrap_he_global.idx == 0) {
4380 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
4382 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading hosts file");
4387 if (nwrap_he_global.idx >= nwrap_he_global.num) {
4392 he = &((struct nwrap_entdata *)nwrap_he_global.entries.items[nwrap_he_global.idx++])->ht;
4394 NWRAP_LOG(NWRAP_LOG_DEBUG, "return hosts[%s]", he->h_name);
4399 static void nwrap_files_endhostent(void)
4401 nwrap_he_global.idx = 0;
4409 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
4412 static struct passwd pwd;
4413 static char buf[1000];
4416 if (b->symbols->_nss_getpwnam_r.f == NULL) {
4420 status = b->symbols->_nss_getpwnam_r.f(name,
4425 if (status == NSS_STATUS_NOTFOUND) {
4428 if (status != NSS_STATUS_SUCCESS) {
4435 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
4436 const char *name, struct passwd *pwdst,
4437 char *buf, size_t buflen, struct passwd **pwdstp)
4443 if (b->symbols->_nss_getpwnam_r.f == NULL) {
4444 return NSS_STATUS_NOTFOUND;
4447 ret = b->symbols->_nss_getpwnam_r.f(name, pwdst, buf, buflen, &errno);
4449 case NSS_STATUS_SUCCESS:
4452 case NSS_STATUS_NOTFOUND:
4457 case NSS_STATUS_TRYAGAIN:
4470 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
4473 static struct passwd pwd;
4474 static char buf[1000];
4477 if (b->symbols->_nss_getpwuid_r.f == NULL) {
4481 status = b->symbols->_nss_getpwuid_r.f(uid,
4486 if (status == NSS_STATUS_NOTFOUND) {
4489 if (status != NSS_STATUS_SUCCESS) {
4495 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
4496 uid_t uid, struct passwd *pwdst,
4497 char *buf, size_t buflen, struct passwd **pwdstp)
4503 if (b->symbols->_nss_getpwuid_r.f == NULL) {
4507 ret = b->symbols->_nss_getpwuid_r.f(uid, pwdst, buf, buflen, &errno);
4509 case NSS_STATUS_SUCCESS:
4512 case NSS_STATUS_NOTFOUND:
4517 case NSS_STATUS_TRYAGAIN:
4530 static void nwrap_module_setpwent(struct nwrap_backend *b)
4532 if (b->symbols->_nss_setpwent.f == NULL) {
4536 b->symbols->_nss_setpwent.f();
4539 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b)
4541 static struct passwd pwd;
4542 static char buf[1000];
4545 if (b->symbols->_nss_getpwent_r.f == NULL) {
4549 status = b->symbols->_nss_getpwent_r.f(&pwd, buf, sizeof(buf), &errno);
4550 if (status == NSS_STATUS_NOTFOUND) {
4553 if (status != NSS_STATUS_SUCCESS) {
4559 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
4560 struct passwd *pwdst, char *buf,
4561 size_t buflen, struct passwd **pwdstp)
4567 if (b->symbols->_nss_getpwent_r.f == NULL) {
4571 ret = b->symbols->_nss_getpwent_r.f(pwdst, buf, buflen, &errno);
4573 case NSS_STATUS_SUCCESS:
4576 case NSS_STATUS_NOTFOUND:
4581 case NSS_STATUS_TRYAGAIN:
4594 static void nwrap_module_endpwent(struct nwrap_backend *b)
4596 if (b->symbols->_nss_endpwent.f == NULL) {
4600 b->symbols->_nss_endpwent.f();
4603 static int nwrap_module_initgroups_dyn(struct nwrap_backend *b,
4612 if (b->symbols->_nss_initgroups_dyn.f == NULL) {
4613 return NSS_STATUS_UNAVAIL;
4616 return b->symbols->_nss_initgroups_dyn.f(user,
4625 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
4628 static struct group grp;
4630 static int buflen = 1000;
4633 if (b->symbols->_nss_getgrnam_r.f == NULL) {
4638 buf = (char *)malloc(buflen);
4641 status = b->symbols->_nss_getgrnam_r.f(name, &grp, buf, buflen, &errno);
4642 if (status == NSS_STATUS_TRYAGAIN) {
4644 buf = (char *)realloc(buf, buflen);
4650 if (status == NSS_STATUS_NOTFOUND) {
4654 if (status != NSS_STATUS_SUCCESS) {
4661 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
4662 const char *name, struct group *grdst,
4663 char *buf, size_t buflen, struct group **grdstp)
4669 if (b->symbols->_nss_getgrnam_r.f == NULL) {
4673 ret = b->symbols->_nss_getgrnam_r.f(name, grdst, buf, buflen, &errno);
4675 case NSS_STATUS_SUCCESS:
4678 case NSS_STATUS_NOTFOUND:
4683 case NSS_STATUS_TRYAGAIN:
4696 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
4699 static struct group grp;
4701 static int buflen = 1000;
4704 if (b->symbols->_nss_getgrgid_r.f == NULL) {
4709 buf = (char *)malloc(buflen);
4713 status = b->symbols->_nss_getgrgid_r.f(gid, &grp, buf, buflen, &errno);
4714 if (status == NSS_STATUS_TRYAGAIN) {
4716 buf = (char *)realloc(buf, buflen);
4722 if (status == NSS_STATUS_NOTFOUND) {
4726 if (status != NSS_STATUS_SUCCESS) {
4733 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
4734 gid_t gid, struct group *grdst,
4735 char *buf, size_t buflen, struct group **grdstp)
4741 if (b->symbols->_nss_getgrgid_r.f == NULL) {
4745 ret = b->symbols->_nss_getgrgid_r.f(gid, grdst, buf, buflen, &errno);
4747 case NSS_STATUS_SUCCESS:
4750 case NSS_STATUS_NOTFOUND:
4755 case NSS_STATUS_TRYAGAIN:
4768 static void nwrap_module_setgrent(struct nwrap_backend *b)
4770 if (b->symbols->_nss_setgrent.f == NULL) {
4774 b->symbols->_nss_setgrent.f();
4777 static struct group *nwrap_module_getgrent(struct nwrap_backend *b)
4779 static struct group grp;
4781 static int buflen = 1024;
4784 if (b->symbols->_nss_getgrent_r.f == NULL) {
4789 buf = (char *)malloc(buflen);
4793 status = b->symbols->_nss_getgrent_r.f(&grp, buf, buflen, &errno);
4794 if (status == NSS_STATUS_TRYAGAIN) {
4796 buf = (char *)realloc(buf, buflen);
4802 if (status == NSS_STATUS_NOTFOUND) {
4806 if (status != NSS_STATUS_SUCCESS) {
4813 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
4814 struct group *grdst, char *buf,
4815 size_t buflen, struct group **grdstp)
4821 if (b->symbols->_nss_getgrent_r.f == NULL) {
4825 ret = b->symbols->_nss_getgrent_r.f(grdst, buf, buflen, &errno);
4827 case NSS_STATUS_SUCCESS:
4830 case NSS_STATUS_NOTFOUND:
4835 case NSS_STATUS_TRYAGAIN:
4848 static void nwrap_module_endgrent(struct nwrap_backend *b)
4850 if (b->symbols->_nss_endgrent.f == NULL) {
4854 b->symbols->_nss_endgrent.f();
4857 static struct hostent *nwrap_module_gethostbyaddr(struct nwrap_backend *b,
4859 socklen_t len, int type)
4861 static struct hostent he;
4862 static char *buf = NULL;
4863 static size_t buflen = 1000;
4866 if (b->symbols->_nss_gethostbyaddr_r.f == NULL) {
4871 buf = (char *)malloc(buflen);
4877 status = b->symbols->_nss_gethostbyaddr_r.f(addr,
4885 if (status == NSS_STATUS_TRYAGAIN) {
4889 p = (char *)realloc(buf, buflen);
4897 if (status == NSS_STATUS_NOTFOUND) {
4901 if (status != NSS_STATUS_SUCCESS) {
4909 static int nwrap_module_gethostbyname2_r(struct nwrap_backend *b,
4910 const char *name, int af,
4911 struct hostent *hedst,
4912 char *buf, size_t buflen,
4913 struct hostent **hedstp)
4919 if (b->symbols->_nss_gethostbyname2_r.f == NULL) {
4923 status = b->symbols->_nss_gethostbyname2_r.f(name,
4931 case NSS_STATUS_SUCCESS:
4934 case NSS_STATUS_NOTFOUND:
4939 case NSS_STATUS_TRYAGAIN:
4952 static struct hostent *nwrap_module_gethostbyname(struct nwrap_backend *b,
4955 static struct hostent he;
4956 static char *buf = NULL;
4957 static size_t buflen = 1000;
4960 if (b->symbols->_nss_gethostbyname2_r.f == NULL) {
4965 buf = (char *)malloc(buflen);
4972 status = b->symbols->_nss_gethostbyname2_r.f(name,
4979 if (status == NSS_STATUS_TRYAGAIN) {
4983 p = (char *)realloc(buf, buflen);
4991 if (status == NSS_STATUS_NOTFOUND) {
4995 if (status != NSS_STATUS_SUCCESS) {
5003 static struct hostent *nwrap_module_gethostbyname2(struct nwrap_backend *b,
5004 const char *name, int af)
5006 static struct hostent he;
5007 static char *buf = NULL;
5008 static size_t buflen = 1000;
5011 if (b->symbols->_nss_gethostbyname2_r.f == NULL) {
5016 buf = (char *)malloc(buflen);
5023 status = b->symbols->_nss_gethostbyname2_r.f(name,
5030 if (status == NSS_STATUS_TRYAGAIN) {
5034 p = (char *)realloc(buf, buflen);
5042 if (status == NSS_STATUS_NOTFOUND) {
5046 if (status != NSS_STATUS_SUCCESS) {
5054 /****************************************************************************
5056 ***************************************************************************/
5058 static struct passwd *nwrap_getpwnam(const char *name)
5063 for (i=0; i < nwrap_main_global->num_backends; i++) {
5064 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5065 pwd = b->ops->nw_getpwnam(b, name);
5074 struct passwd *getpwnam(const char *name)
5076 if (!nss_wrapper_enabled()) {
5077 return libc_getpwnam(name);
5080 return nwrap_getpwnam(name);
5083 /****************************************************************************
5085 ***************************************************************************/
5087 static int nwrap_getpwnam_r(const char *name, struct passwd *pwdst,
5088 char *buf, size_t buflen, struct passwd **pwdstp)
5093 for (i=0; i < nwrap_main_global->num_backends; i++) {
5094 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5095 ret = b->ops->nw_getpwnam_r(b, name, pwdst, buf, buflen, pwdstp);
5096 if (ret == ENOENT) {
5105 #ifdef HAVE_GETPWNAM_R
5106 # ifdef HAVE_SOLARIS_GETPWNAM_R
5107 int getpwnam_r(const char *name, struct passwd *pwdst,
5108 char *buf, int buflen, struct passwd **pwdstp)
5109 # else /* HAVE_SOLARIS_GETPWNAM_R */
5110 int getpwnam_r(const char *name, struct passwd *pwdst,
5111 char *buf, size_t buflen, struct passwd **pwdstp)
5112 # endif /* HAVE_SOLARIS_GETPWNAM_R */
5114 if (!nss_wrapper_enabled()) {
5115 return libc_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
5118 return nwrap_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
5122 /****************************************************************************
5124 ***************************************************************************/
5126 static struct passwd *nwrap_getpwuid(uid_t uid)
5131 for (i=0; i < nwrap_main_global->num_backends; i++) {
5132 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5133 pwd = b->ops->nw_getpwuid(b, uid);
5142 struct passwd *getpwuid(uid_t uid)
5144 if (!nss_wrapper_enabled()) {
5145 return libc_getpwuid(uid);
5148 return nwrap_getpwuid(uid);
5151 /****************************************************************************
5153 ***************************************************************************/
5155 static int nwrap_getpwuid_r(uid_t uid, struct passwd *pwdst,
5156 char *buf, size_t buflen, struct passwd **pwdstp)
5161 for (i=0; i < nwrap_main_global->num_backends; i++) {
5162 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5163 ret = b->ops->nw_getpwuid_r(b, uid, pwdst, buf, buflen, pwdstp);
5164 if (ret == ENOENT) {
5173 #ifdef HAVE_SOLARIS_GETPWUID_R
5174 int getpwuid_r(uid_t uid, struct passwd *pwdst,
5175 char *buf, int buflen, struct passwd **pwdstp)
5177 int getpwuid_r(uid_t uid, struct passwd *pwdst,
5178 char *buf, size_t buflen, struct passwd **pwdstp)
5181 if (!nss_wrapper_enabled()) {
5182 return libc_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
5185 return nwrap_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
5188 /****************************************************************************
5190 ***************************************************************************/
5192 static void nwrap_setpwent(void)
5196 for (i=0; i < nwrap_main_global->num_backends; i++) {
5197 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5198 b->ops->nw_setpwent(b);
5204 if (!nss_wrapper_enabled()) {
5212 /****************************************************************************
5214 ***************************************************************************/
5216 static struct passwd *nwrap_getpwent(void)
5221 for (i=0; i < nwrap_main_global->num_backends; i++) {
5222 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5223 pwd = b->ops->nw_getpwent(b);
5232 struct passwd *getpwent(void)
5234 if (!nss_wrapper_enabled()) {
5235 return libc_getpwent();
5238 return nwrap_getpwent();
5241 /****************************************************************************
5243 ***************************************************************************/
5245 #ifdef HAVE_GETPWENT_R
5246 static int nwrap_getpwent_r(struct passwd *pwdst, char *buf,
5247 size_t buflen, struct passwd **pwdstp)
5252 for (i=0; i < nwrap_main_global->num_backends; i++) {
5253 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5254 ret = b->ops->nw_getpwent_r(b, pwdst, buf, buflen, pwdstp);
5255 if (ret == ENOENT) {
5264 # ifdef HAVE_SOLARIS_GETPWENT_R
5265 struct passwd *getpwent_r(struct passwd *pwdst, char *buf, int buflen)
5267 struct passwd *pwdstp = NULL;
5270 if (!nss_wrapper_enabled()) {
5271 return libc_getpwent_r(pwdst, buf, buflen);
5273 rc = nwrap_getpwent_r(pwdst, buf, buflen, &pwdstp);
5280 # else /* HAVE_SOLARIS_GETPWENT_R */
5281 int getpwent_r(struct passwd *pwdst, char *buf,
5282 size_t buflen, struct passwd **pwdstp)
5284 if (!nss_wrapper_enabled()) {
5285 return libc_getpwent_r(pwdst, buf, buflen, pwdstp);
5288 return nwrap_getpwent_r(pwdst, buf, buflen, pwdstp);
5290 # endif /* HAVE_SOLARIS_GETPWENT_R */
5291 #endif /* HAVE_GETPWENT_R */
5293 /****************************************************************************
5295 ***************************************************************************/
5297 static void nwrap_endpwent(void)
5301 for (i=0; i < nwrap_main_global->num_backends; i++) {
5302 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5303 b->ops->nw_endpwent(b);
5309 if (!nss_wrapper_enabled()) {
5317 /****************************************************************************
5319 ***************************************************************************/
5321 static int nwrap_initgroups(const char *user, gid_t group)
5326 int initgroups(const char *user, gid_t group)
5328 if (!nss_wrapper_enabled()) {
5329 return libc_initgroups(user, group);
5332 return nwrap_initgroups(user, group);
5335 /****************************************************************************
5337 ***************************************************************************/
5339 static struct group *nwrap_getgrnam(const char *name)
5344 for (i=0; i < nwrap_main_global->num_backends; i++) {
5345 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5346 grp = b->ops->nw_getgrnam(b, name);
5355 struct group *getgrnam(const char *name)
5357 if (!nss_wrapper_enabled()) {
5358 return libc_getgrnam(name);
5361 return nwrap_getgrnam(name);
5364 /****************************************************************************
5366 ***************************************************************************/
5368 static int nwrap_getgrnam_r(const char *name, struct group *grdst,
5369 char *buf, size_t buflen, struct group **grdstp)
5374 for (i=0; i < nwrap_main_global->num_backends; i++) {
5375 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5376 ret = b->ops->nw_getgrnam_r(b, name, grdst, buf, buflen, grdstp);
5377 if (ret == ENOENT) {
5386 #ifdef HAVE_GETGRNAM_R
5387 # ifdef HAVE_SOLARIS_GETGRNAM_R
5388 int getgrnam_r(const char *name, struct group *grp,
5389 char *buf, int buflen, struct group **pgrp)
5390 # else /* HAVE_SOLARIS_GETGRNAM_R */
5391 int getgrnam_r(const char *name, struct group *grp,
5392 char *buf, size_t buflen, struct group **pgrp)
5393 # endif /* HAVE_SOLARIS_GETGRNAM_R */
5395 if (!nss_wrapper_enabled()) {
5396 return libc_getgrnam_r(name,
5403 return nwrap_getgrnam_r(name, grp, buf, buflen, pgrp);
5405 #endif /* HAVE_GETGRNAM_R */
5407 /****************************************************************************
5409 ***************************************************************************/
5411 static struct group *nwrap_getgrgid(gid_t gid)
5416 for (i=0; i < nwrap_main_global->num_backends; i++) {
5417 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5418 grp = b->ops->nw_getgrgid(b, gid);
5427 struct group *getgrgid(gid_t gid)
5429 if (!nss_wrapper_enabled()) {
5430 return libc_getgrgid(gid);
5433 return nwrap_getgrgid(gid);
5436 /****************************************************************************
5438 ***************************************************************************/
5440 static int nwrap_getgrgid_r(gid_t gid, struct group *grdst,
5441 char *buf, size_t buflen, struct group **grdstp)
5446 for (i=0; i < nwrap_main_global->num_backends; i++) {
5447 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5448 ret = b->ops->nw_getgrgid_r(b, gid, grdst, buf, buflen, grdstp);
5449 if (ret == ENOENT) {
5458 #ifdef HAVE_GETGRGID_R
5459 # ifdef HAVE_SOLARIS_GETGRGID_R
5460 int getgrgid_r(gid_t gid, struct group *grdst,
5461 char *buf, int buflen, struct group **grdstp)
5462 # else /* HAVE_SOLARIS_GETGRGID_R */
5463 int getgrgid_r(gid_t gid, struct group *grdst,
5464 char *buf, size_t buflen, struct group **grdstp)
5465 # endif /* HAVE_SOLARIS_GETGRGID_R */
5467 if (!nss_wrapper_enabled()) {
5468 return libc_getgrgid_r(gid, grdst, buf, buflen, grdstp);
5471 return nwrap_getgrgid_r(gid, grdst, buf, buflen, grdstp);
5475 /****************************************************************************
5477 ***************************************************************************/
5479 static void nwrap_setgrent(void)
5483 for (i=0; i < nwrap_main_global->num_backends; i++) {
5484 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5485 b->ops->nw_setgrent(b);
5489 #ifdef HAVE_BSD_SETGRENT
5495 if (!nss_wrapper_enabled()) {
5503 #ifdef HAVE_BSD_SETGRENT
5510 /****************************************************************************
5512 ***************************************************************************/
5514 static struct group *nwrap_getgrent(void)
5519 for (i=0; i < nwrap_main_global->num_backends; i++) {
5520 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5521 grp = b->ops->nw_getgrent(b);
5530 struct group *getgrent(void)
5532 if (!nss_wrapper_enabled()) {
5533 return libc_getgrent();
5536 return nwrap_getgrent();
5539 /****************************************************************************
5541 ***************************************************************************/
5543 #ifdef HAVE_GETGRENT_R
5544 static int nwrap_getgrent_r(struct group *grdst, char *buf,
5545 size_t buflen, struct group **grdstp)
5550 for (i=0; i < nwrap_main_global->num_backends; i++) {
5551 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5552 ret = b->ops->nw_getgrent_r(b, grdst, buf, buflen, grdstp);
5553 if (ret == ENOENT) {
5562 # ifdef HAVE_SOLARIS_GETGRENT_R
5563 struct group *getgrent_r(struct group *src, char *buf, int buflen)
5565 struct group *grdstp = NULL;
5568 if (!nss_wrapper_enabled()) {
5569 return libc_getgrent_r(src, buf, buflen);
5572 rc = nwrap_getgrent_r(src, buf, buflen, &grdstp);
5579 # else /* HAVE_SOLARIS_GETGRENT_R */
5580 int getgrent_r(struct group *src, char *buf,
5581 size_t buflen, struct group **grdstp)
5583 if (!nss_wrapper_enabled()) {
5584 return libc_getgrent_r(src, buf, buflen, grdstp);
5587 return nwrap_getgrent_r(src, buf, buflen, grdstp);
5589 # endif /* HAVE_SOLARIS_GETGRENT_R */
5590 #endif /* HAVE_GETGRENT_R */
5592 /****************************************************************************
5594 ***************************************************************************/
5596 static void nwrap_endgrent(void)
5600 for (i=0; i < nwrap_main_global->num_backends; i++) {
5601 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5602 b->ops->nw_endgrent(b);
5608 if (!nss_wrapper_enabled()) {
5616 /****************************************************************************
5618 ***************************************************************************/
5620 #ifdef HAVE_GETGROUPLIST
5621 static int nwrap_getgrouplist(const char *user,
5627 enum nss_status status = NSS_STATUS_UNAVAIL;
5628 /* Start is one, because we have the first group as parameter. */
5632 /* Never store more than the starting *SIZE number of elements. */
5634 (*groupsp)[0] = group;
5636 for (i = 0; i < nwrap_main_global->num_backends; i++) {
5637 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5638 long int prev_start = start;
5639 long int cnt = prev_start;
5641 status = b->ops->nw_initgroups_dyn(b,
5650 /* Remove duplicates. */
5651 while (cnt < start) {
5653 for (inner = 0; inner < prev_start; ++inner)
5654 if ((*groupsp)[inner] == (*groupsp)[cnt])
5657 if (inner < prev_start)
5658 (*groupsp)[cnt] = (*groupsp)[--start];
5662 NWRAP_LOG(NWRAP_LOG_DEBUG,
5663 "Resource '%s' returned status=%d and increased "
5664 "count of groups to %ld",
5672 int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups)
5678 if (!nss_wrapper_enabled()) {
5679 return libc_getgrouplist(user, group, groups, ngroups);
5682 size = MAX(1, *ngroups);
5683 newgroups = (gid_t *)malloc(size * sizeof(gid_t));
5684 if (newgroups == NULL) {
5688 total = nwrap_getgrouplist(user, group, &size, &newgroups, -1);
5690 if (groups != NULL) {
5691 memcpy(groups, newgroups, MIN(*ngroups, total) * sizeof(gid_t));
5696 retval = total > *ngroups ? -1 : total;
5703 /**********************************************************
5705 **********************************************************/
5707 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
5709 #ifdef HAVE_SETSPENT
5710 static void nwrap_setspent(void)
5712 nwrap_files_setspent();
5717 if (!nss_wrapper_shadow_enabled()) {
5724 static struct spwd *nwrap_getspent(void)
5726 return nwrap_files_getspent();
5729 struct spwd *getspent(void)
5731 if (!nss_wrapper_shadow_enabled()) {
5735 return nwrap_getspent();
5738 static void nwrap_endspent(void)
5740 nwrap_files_endspent();
5745 if (!nss_wrapper_shadow_enabled()) {
5751 #endif /* HAVE_SETSPENT */
5753 static struct spwd *nwrap_getspnam(const char *name)
5755 return nwrap_files_getspnam(name);
5758 struct spwd *getspnam(const char *name)
5760 if (!nss_wrapper_shadow_enabled()) {
5764 return nwrap_getspnam(name);
5767 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
5769 /**********************************************************
5771 **********************************************************/
5773 static void nwrap_sethostent(int stayopen) {
5774 (void) stayopen; /* ignored */
5776 nwrap_files_sethostent();
5779 #ifdef HAVE_SOLARIS_SETHOSTENT
5780 int sethostent(int stayopen)
5782 if (!nss_wrapper_hosts_enabled()) {
5783 libc_sethostent(stayopen);
5787 nwrap_sethostent(stayopen);
5791 #else /* HAVE_SOLARIS_SETHOSTENT */
5792 void sethostent(int stayopen)
5794 if (!nss_wrapper_hosts_enabled()) {
5795 libc_sethostent(stayopen);
5799 nwrap_sethostent(stayopen);
5801 #endif /* HAVE_SOLARIS_SETHOSTENT */
5803 static struct hostent *nwrap_gethostent(void)
5805 return nwrap_files_gethostent();
5808 struct hostent *gethostent(void) {
5809 if (!nss_wrapper_hosts_enabled()) {
5810 return libc_gethostent();
5813 return nwrap_gethostent();
5816 static void nwrap_endhostent(void) {
5817 nwrap_files_endhostent();
5820 #ifdef HAVE_SOLARIS_ENDHOSTENT
5821 int endhostent(void)
5823 if (!nss_wrapper_hosts_enabled()) {
5832 #else /* HAVE_SOLARIS_ENDHOSTENT */
5833 void endhostent(void)
5835 if (!nss_wrapper_hosts_enabled()) {
5842 #endif /* HAVE_SOLARIS_ENDHOSTENT */
5846 /* BSD implementation stores data in thread local storage but GLIBC does not */
5847 static __thread struct hostent user_he;
5848 static __thread struct nwrap_vector user_addrlist;
5850 static struct hostent user_he;
5851 static struct nwrap_vector user_addrlist;
5854 static struct hostent *nwrap_files_gethostbyname(struct nwrap_backend *b,
5859 (void) b; /* unused */
5861 ret = nwrap_files_internal_gethostbyname(name, AF_UNSPEC, &user_he,
5870 static struct hostent *nwrap_gethostbyname(const char *name)
5873 struct hostent *he = NULL;
5875 for (i=0; i < nwrap_main_global->num_backends; i++) {
5876 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5877 he = b->ops->nw_gethostbyname(b, name);
5886 struct hostent *gethostbyname(const char *name)
5888 if (!nss_wrapper_hosts_enabled()) {
5889 return libc_gethostbyname(name);
5892 return nwrap_gethostbyname(name);
5895 /* This is a GNU extension - Also can be found on BSD systems */
5896 #ifdef HAVE_GETHOSTBYNAME2
5898 /* BSD implementation stores data in thread local storage but GLIBC not */
5899 static __thread struct hostent user_he2;
5900 static __thread struct nwrap_vector user_addrlist2;
5902 static struct hostent user_he2;
5903 static struct nwrap_vector user_addrlist2;
5906 static struct hostent *nwrap_files_gethostbyname2(struct nwrap_backend *b,
5907 const char *name, int af)
5911 (void) b; /* unused */
5913 ret = nwrap_files_internal_gethostbyname(name, af, &user_he2,
5922 static struct hostent *nwrap_gethostbyname2(const char *name, int af)
5925 struct hostent *he = NULL;
5927 for (i=0; i < nwrap_main_global->num_backends; i++) {
5928 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5929 he = b->ops->nw_gethostbyname2(b, name, af);
5938 struct hostent *gethostbyname2(const char *name, int af)
5940 if (!nss_wrapper_hosts_enabled()) {
5941 return libc_gethostbyname2(name, af);
5944 return nwrap_gethostbyname2(name, af);
5948 static struct hostent *nwrap_gethostbyaddr(const void *addr,
5949 socklen_t len, int type)
5952 struct hostent *he = NULL;
5954 for (i=0; i < nwrap_main_global->num_backends; i++) {
5955 struct nwrap_backend *b = &nwrap_main_global->backends[i];
5956 he = b->ops->nw_gethostbyaddr(b, addr, len, type);
5965 struct hostent *gethostbyaddr(const void *addr,
5966 socklen_t len, int type)
5968 if (!nss_wrapper_hosts_enabled()) {
5969 return libc_gethostbyaddr(addr, len, type);
5972 return nwrap_gethostbyaddr(addr, len, type);
5975 static const struct addrinfo default_hints =
5977 .ai_flags = AI_ADDRCONFIG|AI_V4MAPPED,
5978 .ai_family = AF_UNSPEC,
5983 .ai_canonname = NULL,
5987 static int nwrap_convert_he_ai(const struct hostent *he,
5988 unsigned short port,
5989 const struct addrinfo *hints,
5990 struct addrinfo **pai,
5991 bool skip_canonname)
5993 struct addrinfo *ai;
6000 switch (he->h_addrtype) {
6002 socklen = sizeof(struct sockaddr_in);
6006 socklen = sizeof(struct sockaddr_in6);
6013 ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + socklen);
6018 ai->ai_flags = hints->ai_flags;
6019 ai->ai_family = he->h_addrtype;
6020 ai->ai_socktype = hints->ai_socktype;
6021 ai->ai_protocol = hints->ai_protocol;
6022 ai->ai_canonname = NULL;
6024 if (ai->ai_socktype == 0) {
6025 ai->ai_socktype = SOCK_DGRAM;
6027 if (ai->ai_protocol == 0) {
6028 if (ai->ai_socktype == SOCK_DGRAM) {
6029 ai->ai_protocol = IPPROTO_UDP;
6030 } else if (ai->ai_socktype == SOCK_STREAM) {
6031 ai->ai_protocol = IPPROTO_TCP;
6035 ai->ai_addrlen = socklen;
6036 ai->ai_addr = (void *)(ai + 1);
6038 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
6039 ai->ai_addr->sa_len = socklen;
6041 ai->ai_addr->sa_family = he->h_addrtype;
6043 switch (he->h_addrtype) {
6047 struct sockaddr *sa;
6048 struct sockaddr_in *in;
6051 addr.sa = ai->ai_addr;
6053 memset(addr.in, 0, sizeof(struct sockaddr_in));
6055 addr.in->sin_port = htons(port);
6056 addr.in->sin_family = AF_INET;
6058 memset(addr.in->sin_zero,
6060 sizeof (addr.in->sin_zero));
6061 memcpy(&(addr.in->sin_addr),
6071 struct sockaddr *sa;
6072 struct sockaddr_in6 *in6;
6075 addr.sa = ai->ai_addr;
6077 memset(addr.in6, 0, sizeof(struct sockaddr_in6));
6079 addr.in6->sin6_port = htons(port);
6080 addr.in6->sin6_family = AF_INET6;
6082 memcpy(&addr.in6->sin6_addr,
6092 if (he->h_name && !skip_canonname) {
6093 ai->ai_canonname = strdup(he->h_name);
6094 if (ai->ai_canonname == NULL) {
6104 static int nwrap_getaddrinfo(const char *node,
6105 const char *service,
6106 const struct addrinfo *hints,
6107 struct addrinfo **res)
6109 struct addrinfo *ai = NULL;
6110 unsigned short port = 0;
6120 .family = AF_UNSPEC,
6124 if (node == NULL && service == NULL) {
6128 if (hints == NULL) {
6129 hints = &default_hints;
6133 hints.ai_flags contains invalid flags; or, hints.ai_flags
6134 included AI_CANONNAME and name was NULL.
6136 if ((hints->ai_flags & AI_CANONNAME) && (node == NULL)) {
6137 return EAI_BADFLAGS;
6140 /* If no node has been specified, let glibc deal with it */
6143 struct addrinfo *p = NULL;
6145 ret = libc_getaddrinfo(node, service, hints, &p);
6153 if (service != NULL && service[0] != '\0') {
6154 const char *proto = NULL;
6160 sl = strtol(service, &end_ptr, 10);
6162 if (*end_ptr == '\0') {
6165 } else if (hints->ai_flags & AI_NUMERICSERV) {
6169 if (hints->ai_protocol != 0) {
6170 struct protoent *pent;
6172 pent = getprotobynumber(hints->ai_protocol);
6174 proto = pent->p_name;
6178 s = getservbyname(service, proto);
6182 port = ntohs(s->s_port);
6187 rc = inet_pton(AF_INET, node, &addr.in.v4);
6189 addr.family = AF_INET;
6192 if (addr.family == AF_UNSPEC) {
6193 rc = inet_pton(AF_INET6, node, &addr.in.v6);
6195 addr.family = AF_INET6;
6200 if (addr.family == AF_UNSPEC) {
6201 if (hints->ai_flags & AI_NUMERICHOST) {
6204 } else if ((hints->ai_family != AF_UNSPEC) &&
6205 (hints->ai_family != addr.family))
6207 return EAI_ADDRFAMILY;
6210 rc = nwrap_files_getaddrinfo(node, port, hints, &ai);
6213 struct addrinfo *p = NULL;
6215 ret = libc_getaddrinfo(node, service, hints, &p);
6219 * nwrap_files_getaddrinfo failed, but libc was
6220 * successful -- use the result from libc.
6230 * If the socktype was not specified, duplicate
6231 * each ai returned, so that we have variants for
6234 if (hints->ai_socktype == 0) {
6235 struct addrinfo *ai_cur;
6237 /* freeaddrinfo() frees ai_canonname and ai so allocate them */
6238 for (ai_cur = ai; ai_cur != NULL; ai_cur = ai_cur->ai_next) {
6239 struct addrinfo *ai_new;
6241 /* duplicate the current entry */
6243 ai_new = malloc(sizeof(struct addrinfo));
6244 if (ai_new == NULL) {
6249 memcpy(ai_new, ai_cur, sizeof(struct addrinfo));
6250 ai_new->ai_next = NULL;
6252 /* We need a deep copy or freeaddrinfo() will blow up */
6253 if (ai_cur->ai_canonname != NULL) {
6254 ai_new->ai_canonname =
6255 strdup(ai_cur->ai_canonname);
6258 if (ai_cur->ai_socktype == SOCK_DGRAM) {
6259 ai_new->ai_socktype = SOCK_STREAM;
6260 } else if (ai_cur->ai_socktype == SOCK_STREAM) {
6261 ai_new->ai_socktype = SOCK_DGRAM;
6263 if (ai_cur->ai_protocol == IPPROTO_TCP) {
6264 ai_new->ai_protocol = IPPROTO_UDP;
6265 } else if (ai_cur->ai_protocol == IPPROTO_UDP) {
6266 ai_new->ai_protocol = IPPROTO_TCP;
6269 /* now insert the new entry */
6271 ai_new->ai_next = ai_cur->ai_next;
6272 ai_cur->ai_next = ai_new;
6274 /* and move on (don't duplicate the new entry) */
6285 int getaddrinfo(const char *node, const char *service,
6286 const struct addrinfo *hints,
6287 struct addrinfo **res)
6289 if (!nss_wrapper_hosts_enabled()) {
6290 return libc_getaddrinfo(node, service, hints, res);
6293 return nwrap_getaddrinfo(node, service, hints, res);
6296 static int nwrap_getnameinfo(const struct sockaddr *sa, socklen_t salen,
6297 char *host, size_t hostlen,
6298 char *serv, size_t servlen,
6302 struct servent *service;
6310 if (sa == NULL || salen < sizeof(sa_family_t)) {
6314 if ((flags & NI_NAMEREQD) && host == NULL && serv == NULL) {
6318 type = sa->sa_family;
6322 const struct sockaddr *sa;
6323 const struct sockaddr_in *in;
6326 if (salen < sizeof(struct sockaddr_in)) {
6332 addr = &(a.in->sin_addr);
6333 addrlen = sizeof(a.in->sin_addr);
6334 port = ntohs(a.in->sin_port);
6340 const struct sockaddr *sa;
6341 const struct sockaddr_in6 *in6;
6344 if (salen < sizeof(struct sockaddr_in6)) {
6350 addr = &(a.in6->sin6_addr);
6351 addrlen = sizeof(a.in6->sin6_addr);
6352 port = ntohs(a.in6->sin6_port);
6362 if ((flags & NI_NUMERICHOST) == 0) {
6363 for (i=0; i < nwrap_main_global->num_backends; i++) {
6364 struct nwrap_backend *b = &nwrap_main_global->backends[i];
6365 he = b->ops->nw_gethostbyaddr(b, addr, addrlen, type);
6370 if ((flags & NI_NAMEREQD) && (he == NULL || he->h_name == NULL))
6373 if (he != NULL && he->h_name != NULL) {
6374 if (strlen(he->h_name) >= hostlen)
6375 return EAI_OVERFLOW;
6376 snprintf(host, hostlen, "%s", he->h_name);
6377 if (flags & NI_NOFQDN)
6378 host[strcspn(host, ".")] = '\0';
6380 if (inet_ntop(type, addr, host, hostlen) == NULL)
6381 return (errno == ENOSPC) ? EAI_OVERFLOW : EAI_FAIL;
6387 if ((flags & NI_NUMERICSERV) == 0) {
6388 proto = (flags & NI_DGRAM) ? "udp" : "tcp";
6389 service = getservbyport(htons(port), proto);
6391 if (service != NULL) {
6392 if (strlen(service->s_name) >= servlen)
6393 return EAI_OVERFLOW;
6394 snprintf(serv, servlen, "%s", service->s_name);
6396 if (snprintf(serv, servlen, "%u", port) >= (int) servlen)
6397 return EAI_OVERFLOW;
6404 #ifdef HAVE_LINUX_GETNAMEINFO
6405 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
6406 char *host, socklen_t hostlen,
6407 char *serv, socklen_t servlen,
6409 #elif defined(HAVE_LINUX_GETNAMEINFO_UNSIGNED)
6410 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
6411 char *host, socklen_t hostlen,
6412 char *serv, socklen_t servlen,
6415 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
6416 char *host, size_t hostlen,
6417 char *serv, size_t servlen,
6421 if (!nss_wrapper_hosts_enabled()) {
6422 return libc_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
6425 return nwrap_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
6428 static int nwrap_gethostname(char *name, size_t len)
6430 const char *hostname = getenv("NSS_WRAPPER_HOSTNAME");
6432 if (strlen(hostname) >= len) {
6433 errno = ENAMETOOLONG;
6436 snprintf(name, len, "%s", hostname);
6441 #ifdef HAVE_SOLARIS_GETHOSTNAME
6442 int gethostname(char *name, int len)
6443 #else /* HAVE_SOLARIS_GETHOSTNAME */
6444 int gethostname(char *name, size_t len)
6445 #endif /* HAVE_SOLARIS_GETHOSTNAME */
6447 if (!nwrap_hostname_enabled()) {
6448 return libc_gethostname(name, len);
6451 return nwrap_gethostname(name, len);
6454 static void nwrap_thread_prepare(void)
6460 static void nwrap_thread_parent(void)
6465 static void nwrap_thread_child(void)
6470 /****************************
6472 ***************************/
6473 void nwrap_constructor(void)
6478 * If we hold a lock and the application forks, then the child
6479 * is not able to unlock the mutex and we are in a deadlock.
6481 * Setting these handlers should prevent such deadlocks.
6483 pthread_atfork(&nwrap_thread_prepare,
6484 &nwrap_thread_parent,
6485 &nwrap_thread_child);
6487 /* Do not call nwrap_init() here. */
6490 /****************************
6492 ***************************/
6495 * This function is called when the library is unloaded and makes sure that
6496 * sockets get closed and the unix file for the socket are unlinked.
6498 void nwrap_destructor(void)
6503 if (nwrap_main_global != NULL) {
6504 struct nwrap_main *m = nwrap_main_global;
6507 if (m->libc != NULL) {
6508 if (m->libc->handle != NULL
6510 && m->libc->handle != RTLD_NEXT
6513 dlclose(m->libc->handle);
6515 if (m->libc->nsl_handle != NULL
6517 && m->libc->nsl_handle != RTLD_NEXT
6520 dlclose(m->libc->nsl_handle);
6522 if (m->libc->sock_handle != NULL
6524 && m->libc->sock_handle != RTLD_NEXT
6527 dlclose(m->libc->sock_handle);
6533 if (m->backends != NULL) {
6534 for (i = 0; i < m->num_backends; i++) {
6535 struct nwrap_backend *b = &(m->backends[i]);
6537 if (b->so_handle != NULL) {
6538 dlclose(b->so_handle);
6540 SAFE_FREE(b->symbols);
6542 SAFE_FREE(m->backends);
6546 if (nwrap_pw_global.cache != NULL) {
6547 struct nwrap_cache *c = nwrap_pw_global.cache;
6549 nwrap_files_cache_unload(c);
6555 SAFE_FREE(nwrap_pw_global.list);
6556 nwrap_pw_global.num = 0;
6559 if (nwrap_gr_global.cache != NULL) {
6560 struct nwrap_cache *c = nwrap_gr_global.cache;
6562 nwrap_files_cache_unload(c);
6568 SAFE_FREE(nwrap_gr_global.list);
6569 nwrap_pw_global.num = 0;
6572 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
6573 if (nwrap_sp_global.cache != NULL) {
6574 struct nwrap_cache *c = nwrap_sp_global.cache;
6576 nwrap_files_cache_unload(c);
6582 nwrap_sp_global.num = 0;
6584 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
6586 if (nwrap_he_global.cache != NULL) {
6587 struct nwrap_cache *c = nwrap_he_global.cache;
6589 nwrap_files_cache_unload(c);
6595 nwrap_he_global.num = 0;
6598 free(user_addrlist.items);
6599 #ifdef HAVE_GETHOSTBYNAME2
6600 free(user_addrlist2.items);