4 * Copyright (c) 2007, Stefan Metzmacher <metze@samba.org>
5 * Copyright (c) 2009, Guenther Deschner <gd@samba.org>
6 * Copyright (c) 2014-2015, Michael Adam <obnox@samba.org>
7 * Copyright (c) 2015, Robin Hack <hack.robin@gmail.com>
8 * Copyright (c) 2013-2018, Andreas Schneider <asn@samba.org>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the author nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 #include <sys/types.h>
45 #include <sys/socket.h>
58 #include <netinet/in.h>
64 * Defining _POSIX_PTHREAD_SEMANTICS before including pwd.h and grp.h gives us
65 * the posix getpwnam_r(), getpwuid_r(), getgrnam_r and getgrgid_r calls on
68 #ifndef _POSIX_PTHREAD_SEMANTICS
69 #define _POSIX_PTHREAD_SEMANTICS
76 #endif /* HAVE_SHADOW_H */
79 #include <arpa/inet.h>
80 #include <netinet/in.h>
84 #if defined(HAVE_NSS_H)
88 typedef enum nss_status NSS_STATUS;
89 #elif defined(HAVE_NSS_COMMON_H)
91 #include <nss_common.h>
92 #include <nss_dbdefs.h>
95 typedef nss_status_t NSS_STATUS;
97 # define NSS_STATUS_SUCCESS NSS_SUCCESS
98 # define NSS_STATUS_NOTFOUND NSS_NOTFOUND
99 # define NSS_STATUS_UNAVAIL NSS_UNAVAIL
100 # define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
102 # error "No nsswitch support detected"
106 #define PTR_DIFF(p1, p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2)))
114 #define EAI_NODATA EAI_NONAME
117 #ifndef EAI_ADDRFAMILY
118 #define EAI_ADDRFAMILY EAI_FAMILY
122 #define __STRING(x) #x
125 #ifndef __STRINGSTRING
126 #define __STRINGSTRING(x) __STRING(x)
130 #define __LINESTR__ __STRINGSTRING(__LINE__)
134 #define __location__ __FILE__ ":" __LINESTR__
138 #define DNS_NAME_MAX 255
141 /* GCC have printf type attribute check. */
142 #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT
143 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
145 #define PRINTF_ATTRIBUTE(a,b)
146 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
148 #ifdef HAVE_CONSTRUCTOR_ATTRIBUTE
149 #define CONSTRUCTOR_ATTRIBUTE __attribute__ ((constructor))
151 #define CONSTRUCTOR_ATTRIBUTE
152 #endif /* HAVE_CONSTRUCTOR_ATTRIBUTE */
154 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
155 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
157 #define DESTRUCTOR_ATTRIBUTE
158 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
160 #define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
163 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
166 #ifndef discard_const
167 #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
170 #ifndef discard_const_p
171 #define discard_const_p(type, ptr) ((type *)discard_const(ptr))
175 #define NWRAP_INET_ADDRSTRLEN INET6_ADDRSTRLEN
177 #define NWRAP_INET_ADDRSTRLEN INET_ADDRSTRLEN
180 #define NWRAP_LOCK(m) do { \
181 pthread_mutex_lock(&( m ## _mutex)); \
184 #define NWRAP_UNLOCK(m) do { \
185 pthread_mutex_unlock(&( m ## _mutex)); \
189 static bool nwrap_initialized = false;
190 static pthread_mutex_t nwrap_initialized_mutex = PTHREAD_MUTEX_INITIALIZER;
192 /* The mutex or accessing the id */
193 static pthread_mutex_t nwrap_global_mutex = PTHREAD_MUTEX_INITIALIZER;
194 static pthread_mutex_t nwrap_gr_global_mutex = PTHREAD_MUTEX_INITIALIZER;
195 static pthread_mutex_t nwrap_he_global_mutex = PTHREAD_MUTEX_INITIALIZER;
196 static pthread_mutex_t nwrap_pw_global_mutex = PTHREAD_MUTEX_INITIALIZER;
197 static pthread_mutex_t nwrap_sp_global_mutex = PTHREAD_MUTEX_INITIALIZER;
199 /* Add new global locks here please */
200 /* Also don't forget to add locks to
201 * nwrap_init() function.
203 # define NWRAP_LOCK_ALL do { \
204 NWRAP_LOCK(nwrap_initialized); \
205 NWRAP_LOCK(nwrap_global); \
206 NWRAP_LOCK(nwrap_gr_global); \
207 NWRAP_LOCK(nwrap_he_global); \
208 NWRAP_LOCK(nwrap_pw_global); \
209 NWRAP_LOCK(nwrap_sp_global); \
212 # define NWRAP_UNLOCK_ALL do {\
213 NWRAP_UNLOCK(nwrap_sp_global); \
214 NWRAP_UNLOCK(nwrap_pw_global); \
215 NWRAP_UNLOCK(nwrap_he_global); \
216 NWRAP_UNLOCK(nwrap_gr_global); \
217 NWRAP_UNLOCK(nwrap_global); \
218 NWRAP_UNLOCK(nwrap_initialized); \
221 static void nwrap_init(void);
223 static void nwrap_thread_prepare(void)
229 static void nwrap_thread_parent(void)
234 static void nwrap_thread_child(void)
239 enum nwrap_dbglvl_e {
247 # define NWRAP_LOG(...)
250 static void nwrap_log(enum nwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
251 # define NWRAP_LOG(dbglvl, ...) nwrap_log((dbglvl), __func__, __VA_ARGS__)
253 static void nwrap_log(enum nwrap_dbglvl_e dbglvl,
255 const char *format, ...)
260 unsigned int lvl = 0;
263 d = getenv("NSS_WRAPPER_DEBUGLEVEL");
268 va_start(va, format);
269 vsnprintf(buffer, sizeof(buffer), format, va);
274 case NWRAP_LOG_ERROR:
276 "NWRAP_ERROR(%d) - %s: %s\n",
281 "NWRAP_WARN(%d) - %s: %s\n",
284 case NWRAP_LOG_DEBUG:
286 "NWRAP_DEBUG(%d) - %s: %s\n",
289 case NWRAP_LOG_TRACE:
291 "NWRAP_TRACE(%d) - %s: %s\n",
297 #endif /* NDEBUG NWRAP_LOG */
299 struct nwrap_libc_fns {
300 struct passwd *(*_libc_getpwnam)(const char *name);
301 int (*_libc_getpwnam_r)(const char *name, struct passwd *pwd,
302 char *buf, size_t buflen, struct passwd **result);
303 struct passwd *(*_libc_getpwuid)(uid_t uid);
304 int (*_libc_getpwuid_r)(uid_t uid, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result);
305 void (*_libc_setpwent)(void);
306 struct passwd *(*_libc_getpwent)(void);
307 #ifdef HAVE_GETPWENT_R
308 # ifdef HAVE_SOLARIS_GETPWENT_R
309 struct passwd *(*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen);
310 # else /* HAVE_SOLARIS_GETPWENT_R */
311 int (*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen, struct passwd **pwbufp);
312 # endif /* HAVE_SOLARIS_GETPWENT_R */
313 #endif /* HAVE_GETPWENT_R */
314 void (*_libc_endpwent)(void);
315 int (*_libc_initgroups)(const char *user, gid_t gid);
316 struct group *(*_libc_getgrnam)(const char *name);
317 int (*_libc_getgrnam_r)(const char *name, struct group *grp, char *buf, size_t buflen, struct group **result);
318 struct group *(*_libc_getgrgid)(gid_t gid);
319 int (*_libc_getgrgid_r)(gid_t gid, struct group *grp, char *buf, size_t buflen, struct group **result);
320 void (*_libc_setgrent)(void);
321 struct group *(*_libc_getgrent)(void);
322 #ifdef HAVE_GETGRENT_R
323 # ifdef HAVE_SOLARIS_GETGRENT_R
324 struct group *(*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen);
325 # else /* HAVE_SOLARIS_GETGRENT_R */
326 int (*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen, struct group **result);
327 # endif /* HAVE_SOLARIS_GETGRENT_R */
328 #endif /* HAVE_GETGRENT_R */
329 void (*_libc_endgrent)(void);
330 int (*_libc_getgrouplist)(const char *user, gid_t group, gid_t *groups, int *ngroups);
332 void (*_libc_sethostent)(int stayopen);
333 struct hostent *(*_libc_gethostent)(void);
334 void (*_libc_endhostent)(void);
336 struct hostent *(*_libc_gethostbyname)(const char *name);
337 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
338 struct hostent *(*_libc_gethostbyname2)(const char *name, int af);
340 struct hostent *(*_libc_gethostbyaddr)(const void *addr, socklen_t len, int type);
342 int (*_libc_getaddrinfo)(const char *node, const char *service,
343 const struct addrinfo *hints,
344 struct addrinfo **res);
345 int (*_libc_getnameinfo)(const struct sockaddr *sa, socklen_t salen,
346 char *host, size_t hostlen,
347 char *serv, size_t servlen,
349 int (*_libc_gethostname)(char *name, size_t len);
350 #ifdef HAVE_GETHOSTBYNAME_R
351 int (*_libc_gethostbyname_r)(const char *name,
353 char *buf, size_t buflen,
354 struct hostent **result, int *h_errnop);
356 #ifdef HAVE_GETHOSTBYADDR_R
357 int (*_libc_gethostbyaddr_r)(const void *addr, socklen_t len, int type,
359 char *buf, size_t buflen,
360 struct hostent **result, int *h_errnop);
364 struct nwrap_module_nss_fns {
365 NSS_STATUS (*_nss_getpwnam_r)(const char *name, struct passwd *result, char *buffer,
366 size_t buflen, int *errnop);
367 NSS_STATUS (*_nss_getpwuid_r)(uid_t uid, struct passwd *result, char *buffer,
368 size_t buflen, int *errnop);
369 NSS_STATUS (*_nss_setpwent)(void);
370 NSS_STATUS (*_nss_getpwent_r)(struct passwd *result, char *buffer,
371 size_t buflen, int *errnop);
372 NSS_STATUS (*_nss_endpwent)(void);
373 NSS_STATUS (*_nss_initgroups)(const char *user, gid_t group, long int *start,
374 long int *size, gid_t **groups, long int limit, int *errnop);
375 NSS_STATUS (*_nss_getgrnam_r)(const char *name, struct group *result, char *buffer,
376 size_t buflen, int *errnop);
377 NSS_STATUS (*_nss_getgrgid_r)(gid_t gid, struct group *result, char *buffer,
378 size_t buflen, int *errnop);
379 NSS_STATUS (*_nss_setgrent)(void);
380 NSS_STATUS (*_nss_getgrent_r)(struct group *result, char *buffer,
381 size_t buflen, int *errnop);
382 NSS_STATUS (*_nss_endgrent)(void);
385 struct nwrap_backend {
389 struct nwrap_ops *ops;
390 struct nwrap_module_nss_fns *fns;
394 struct passwd * (*nw_getpwnam)(struct nwrap_backend *b,
396 int (*nw_getpwnam_r)(struct nwrap_backend *b,
397 const char *name, struct passwd *pwdst,
398 char *buf, size_t buflen, struct passwd **pwdstp);
399 struct passwd * (*nw_getpwuid)(struct nwrap_backend *b,
401 int (*nw_getpwuid_r)(struct nwrap_backend *b,
402 uid_t uid, struct passwd *pwdst,
403 char *buf, size_t buflen, struct passwd **pwdstp);
404 void (*nw_setpwent)(struct nwrap_backend *b);
405 struct passwd * (*nw_getpwent)(struct nwrap_backend *b);
406 int (*nw_getpwent_r)(struct nwrap_backend *b,
407 struct passwd *pwdst, char *buf,
408 size_t buflen, struct passwd **pwdstp);
409 void (*nw_endpwent)(struct nwrap_backend *b);
410 int (*nw_initgroups)(struct nwrap_backend *b,
411 const char *user, gid_t group);
412 struct group * (*nw_getgrnam)(struct nwrap_backend *b,
414 int (*nw_getgrnam_r)(struct nwrap_backend *b,
415 const char *name, struct group *grdst,
416 char *buf, size_t buflen, struct group **grdstp);
417 struct group * (*nw_getgrgid)(struct nwrap_backend *b,
419 int (*nw_getgrgid_r)(struct nwrap_backend *b,
420 gid_t gid, struct group *grdst,
421 char *buf, size_t buflen, struct group **grdstp);
422 void (*nw_setgrent)(struct nwrap_backend *b);
423 struct group * (*nw_getgrent)(struct nwrap_backend *b);
424 int (*nw_getgrent_r)(struct nwrap_backend *b,
425 struct group *grdst, char *buf,
426 size_t buflen, struct group **grdstp);
427 void (*nw_endgrent)(struct nwrap_backend *b);
430 /* Public prototypes */
432 bool nss_wrapper_enabled(void);
433 bool nss_wrapper_shadow_enabled(void);
434 bool nss_wrapper_hosts_enabled(void);
436 /* prototypes for files backend */
439 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
441 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
442 const char *name, struct passwd *pwdst,
443 char *buf, size_t buflen, struct passwd **pwdstp);
444 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
446 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
447 uid_t uid, struct passwd *pwdst,
448 char *buf, size_t buflen, struct passwd **pwdstp);
449 static void nwrap_files_setpwent(struct nwrap_backend *b);
450 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b);
451 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
452 struct passwd *pwdst, char *buf,
453 size_t buflen, struct passwd **pwdstp);
454 static void nwrap_files_endpwent(struct nwrap_backend *b);
455 static int nwrap_files_initgroups(struct nwrap_backend *b,
456 const char *user, gid_t group);
457 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
459 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
460 const char *name, struct group *grdst,
461 char *buf, size_t buflen, struct group **grdstp);
462 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
464 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
465 gid_t gid, struct group *grdst,
466 char *buf, size_t buflen, struct group **grdstp);
467 static void nwrap_files_setgrent(struct nwrap_backend *b);
468 static struct group *nwrap_files_getgrent(struct nwrap_backend *b);
469 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
470 struct group *grdst, char *buf,
471 size_t buflen, struct group **grdstp);
472 static void nwrap_files_endgrent(struct nwrap_backend *b);
474 /* prototypes for module backend */
476 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b);
477 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
478 struct passwd *pwdst, char *buf,
479 size_t buflen, struct passwd **pwdstp);
480 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
482 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
483 const char *name, struct passwd *pwdst,
484 char *buf, size_t buflen, struct passwd **pwdstp);
485 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
487 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
488 uid_t uid, struct passwd *pwdst,
489 char *buf, size_t buflen, struct passwd **pwdstp);
490 static void nwrap_module_setpwent(struct nwrap_backend *b);
491 static void nwrap_module_endpwent(struct nwrap_backend *b);
492 static struct group *nwrap_module_getgrent(struct nwrap_backend *b);
493 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
494 struct group *grdst, char *buf,
495 size_t buflen, struct group **grdstp);
496 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
498 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
499 const char *name, struct group *grdst,
500 char *buf, size_t buflen, struct group **grdstp);
501 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
503 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
504 gid_t gid, struct group *grdst,
505 char *buf, size_t buflen, struct group **grdstp);
506 static void nwrap_module_setgrent(struct nwrap_backend *b);
507 static void nwrap_module_endgrent(struct nwrap_backend *b);
508 static int nwrap_module_initgroups(struct nwrap_backend *b,
509 const char *user, gid_t group);
511 struct nwrap_ops nwrap_files_ops = {
512 .nw_getpwnam = nwrap_files_getpwnam,
513 .nw_getpwnam_r = nwrap_files_getpwnam_r,
514 .nw_getpwuid = nwrap_files_getpwuid,
515 .nw_getpwuid_r = nwrap_files_getpwuid_r,
516 .nw_setpwent = nwrap_files_setpwent,
517 .nw_getpwent = nwrap_files_getpwent,
518 .nw_getpwent_r = nwrap_files_getpwent_r,
519 .nw_endpwent = nwrap_files_endpwent,
520 .nw_initgroups = nwrap_files_initgroups,
521 .nw_getgrnam = nwrap_files_getgrnam,
522 .nw_getgrnam_r = nwrap_files_getgrnam_r,
523 .nw_getgrgid = nwrap_files_getgrgid,
524 .nw_getgrgid_r = nwrap_files_getgrgid_r,
525 .nw_setgrent = nwrap_files_setgrent,
526 .nw_getgrent = nwrap_files_getgrent,
527 .nw_getgrent_r = nwrap_files_getgrent_r,
528 .nw_endgrent = nwrap_files_endgrent,
531 struct nwrap_ops nwrap_module_ops = {
532 .nw_getpwnam = nwrap_module_getpwnam,
533 .nw_getpwnam_r = nwrap_module_getpwnam_r,
534 .nw_getpwuid = nwrap_module_getpwuid,
535 .nw_getpwuid_r = nwrap_module_getpwuid_r,
536 .nw_setpwent = nwrap_module_setpwent,
537 .nw_getpwent = nwrap_module_getpwent,
538 .nw_getpwent_r = nwrap_module_getpwent_r,
539 .nw_endpwent = nwrap_module_endpwent,
540 .nw_initgroups = nwrap_module_initgroups,
541 .nw_getgrnam = nwrap_module_getgrnam,
542 .nw_getgrnam_r = nwrap_module_getgrnam_r,
543 .nw_getgrgid = nwrap_module_getgrgid,
544 .nw_getgrgid_r = nwrap_module_getgrgid_r,
545 .nw_setgrent = nwrap_module_setgrent,
546 .nw_getgrent = nwrap_module_getgrent,
547 .nw_getgrent_r = nwrap_module_getgrent_r,
548 .nw_endgrent = nwrap_module_endgrent,
555 struct nwrap_libc_fns *fns;
560 struct nwrap_backend *backends;
561 struct nwrap_libc *libc;
564 static struct nwrap_main *nwrap_main_global;
565 static struct nwrap_main __nwrap_main_global;
570 static int nwrap_convert_he_ai(const struct hostent *he,
572 const struct addrinfo *hints,
573 struct addrinfo **pai,
574 bool skip_canonname);
580 #define DEFAULT_VECTOR_CAPACITY 16
582 struct nwrap_vector {
588 /* Macro returns pointer to first element of vector->items array.
590 * nwrap_vector is used as a memory backend which take care of
591 * memory allocations and other stuff like memory growing.
592 * nwrap_vectors should not be considered as some abstract structures.
593 * On this level, vectors are more handy than direct realloc/malloc
596 * nwrap_vector->items is array inside nwrap_vector which can be
597 * directly pointed by libc structure assembled by cwrap itself.
601 * 1) struct hostent contains char **h_addr_list element.
602 * 2) nwrap_vector holds array of pointers to addresses.
603 * It's easier to use vector to store results of
606 * Now, pretend that cwrap assembled struct hostent and
607 * we need to set h_addr_list to point to nwrap_vector.
608 * Idea behind is to shield users from internal nwrap_vector
610 * (Yes, not fully - array terminated by NULL is needed because
611 * it's result expected by libc function caller.)
617 * struct nwrap_vector *vector = malloc(sizeof(struct nwrap_vector));
618 * ... don't care about failed allocation now ...
620 * ... fill nwrap vector ...
623 * he.h_addr_list = nwrap_vector_head(vector);
626 #define nwrap_vector_head(vect) ((void *)((vect)->items))
628 #define nwrap_vector_foreach(item, vect, iter) \
629 for (iter = 0, (item) = (vect).items == NULL ? NULL : (vect).items[0]; \
631 (item) = (vect).items[++iter])
633 #define nwrap_vector_is_initialized(vector) ((vector)->items != NULL)
635 static inline bool nwrap_vector_init(struct nwrap_vector *const vector)
637 if (vector == NULL) {
641 /* count is initialized by ZERO_STRUCTP */
642 ZERO_STRUCTP(vector);
643 vector->items = malloc(sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
644 if (vector->items == NULL) {
647 vector->capacity = DEFAULT_VECTOR_CAPACITY;
648 memset(vector->items, '\0', sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
653 static bool nwrap_vector_add_item(struct nwrap_vector *vector, void *const item)
655 assert (vector != NULL);
657 if (vector->items == NULL) {
658 nwrap_vector_init(vector);
661 if (vector->count == vector->capacity) {
662 /* Items array _MUST_ be NULL terminated because it's passed
663 * as result to caller which expect NULL terminated array from libc.
665 void **items = realloc(vector->items, sizeof(void *) * ((vector->capacity * 2) + 1));
669 vector->items = items;
671 /* Don't count ending NULL to capacity */
672 vector->capacity *= 2;
675 vector->items[vector->count] = item;
678 vector->items[vector->count] = NULL;
683 static bool nwrap_vector_merge(struct nwrap_vector *dst,
684 struct nwrap_vector *src)
686 void **dst_items = NULL;
689 if (src->count == 0) {
693 count = dst->count + src->count;
695 /* We don't need reallocation if we have enough capacity. */
696 if (src->count > (dst->capacity - dst->count)) {
697 dst_items = (void **)realloc(dst->items, (count + 1) * sizeof(void *));
698 if (dst_items == NULL) {
701 dst->items = dst_items;
702 dst->capacity = count;
705 memcpy((void *)(((long *)dst->items) + dst->count),
707 src->count * sizeof(void *));
720 struct nwrap_vector lines;
722 bool (*parse_line)(struct nwrap_cache *, char *line);
723 void (*unload)(struct nwrap_cache *);
728 struct nwrap_cache *cache;
735 struct nwrap_cache __nwrap_cache_pw;
736 struct nwrap_pw nwrap_pw_global;
738 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line);
739 static void nwrap_pw_unload(struct nwrap_cache *nwrap);
742 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
744 struct nwrap_cache *cache;
751 struct nwrap_cache __nwrap_cache_sp;
752 struct nwrap_sp nwrap_sp_global;
754 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line);
755 static void nwrap_sp_unload(struct nwrap_cache *nwrap);
756 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
760 struct nwrap_cache *cache;
767 struct nwrap_cache __nwrap_cache_gr;
768 struct nwrap_gr nwrap_gr_global;
771 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line);
772 static void nwrap_he_unload(struct nwrap_cache *nwrap);
774 struct nwrap_addrdata {
775 unsigned char host_addr[16]; /* IPv4 or IPv6 address */
778 static size_t max_hostents = 100;
780 struct nwrap_entdata {
781 struct nwrap_addrdata addr;
784 struct nwrap_vector nwrap_addrdata;
786 ssize_t aliases_count;
789 struct nwrap_entlist {
790 struct nwrap_entlist *next;
791 struct nwrap_entdata *ed;
795 struct nwrap_cache *cache;
797 struct nwrap_vector entries;
798 struct nwrap_vector lists;
804 static struct nwrap_cache __nwrap_cache_he;
805 static struct nwrap_he nwrap_he_global;
808 /*********************************************************
810 *********************************************************/
812 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line);
813 static void nwrap_gr_unload(struct nwrap_cache *nwrap);
814 void nwrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
815 void nwrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
817 /*********************************************************
818 * NWRAP LIBC LOADER FUNCTIONS
819 *********************************************************/
828 static const char *nwrap_str_lib(enum nwrap_lib lib)
835 case NWRAP_LIBSOCKET:
839 /* Compiler would warn us about unhandled enum value if we get here */
844 static void *nwrap_load_lib_handle(enum nwrap_lib lib)
846 int flags = RTLD_LAZY;
851 const char *env = getenv("LD_PRELOAD");
853 /* Don't do a deepbind if we run with libasan */
854 if (env != NULL && strlen(env) < 1024) {
855 const char *p = strstr(env, "libasan.so");
857 flags |= RTLD_DEEPBIND;
865 handle = nwrap_main_global->libc->nsl_handle;
866 if (handle == NULL) {
867 for (i = 10; i >= 0; i--) {
868 char soname[256] = {0};
870 snprintf(soname, sizeof(soname), "libnsl.so.%d", i);
871 handle = dlopen(soname, flags);
872 if (handle != NULL) {
877 nwrap_main_global->libc->nsl_handle = handle;
882 case NWRAP_LIBSOCKET:
883 #ifdef HAVE_LIBSOCKET
884 handle = nwrap_main_global->libc->sock_handle;
885 if (handle == NULL) {
886 for (i = 10; i >= 0; i--) {
887 char soname[256] = {0};
889 snprintf(soname, sizeof(soname), "libsocket.so.%d", i);
890 handle = dlopen(soname, flags);
891 if (handle != NULL) {
896 nwrap_main_global->libc->sock_handle = handle;
902 handle = nwrap_main_global->libc->handle;
903 if (handle == NULL) {
904 for (i = 10; i >= 0; i--) {
905 char soname[256] = {0};
907 snprintf(soname, sizeof(soname), "libc.so.%d", i);
908 handle = dlopen(soname, flags);
909 if (handle != NULL) {
914 nwrap_main_global->libc->handle = handle;
919 if (handle == NULL) {
921 handle = nwrap_main_global->libc->handle
922 = nwrap_main_global->libc->sock_handle
923 = nwrap_main_global->libc->nsl_handle
926 NWRAP_LOG(NWRAP_LOG_ERROR,
927 "Failed to dlopen library: %s\n",
936 static void *_nwrap_load_lib_function(enum nwrap_lib lib, const char *fn_name)
943 handle = nwrap_load_lib_handle(lib);
945 func = dlsym(handle, fn_name);
947 NWRAP_LOG(NWRAP_LOG_ERROR,
948 "Failed to find %s: %s\n",
953 NWRAP_LOG(NWRAP_LOG_TRACE,
955 fn_name, nwrap_str_lib(lib));
959 #define nwrap_load_lib_function(lib, fn_name) \
960 if (nwrap_main_global->libc->fns->_libc_##fn_name == NULL) { \
961 *(void **) (&nwrap_main_global->libc->fns->_libc_##fn_name) = \
962 _nwrap_load_lib_function(lib, #fn_name); \
965 /* INTERNAL HELPER FUNCTIONS */
966 static void nwrap_lines_unload(struct nwrap_cache *const nwrap)
970 nwrap_vector_foreach(item, nwrap->lines, p) {
971 /* Maybe some vectors were merged ... */
974 SAFE_FREE(nwrap->lines.items);
975 ZERO_STRUCTP(&nwrap->lines);
981 * Functions expeciall from libc need to be loaded individually, you can't load
982 * all at once or gdb will segfault at startup. The same applies to valgrind and
983 * has probably something todo with with the linker.
984 * So we need load each function at the point it is called the first time.
986 static struct passwd *libc_getpwnam(const char *name)
988 nwrap_load_lib_function(NWRAP_LIBC, getpwnam);
990 return nwrap_main_global->libc->fns->_libc_getpwnam(name);
993 #ifdef HAVE_GETPWNAM_R
994 static int libc_getpwnam_r(const char *name,
998 struct passwd **result)
1000 #ifdef HAVE___POSIX_GETPWNAM_R
1001 if (nwrap_main_global->libc->fns->_libc_getpwnam_r == NULL) {
1002 *(void **) (&nwrap_main_global->libc->fns->_libc_getpwnam_r) =
1003 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getpwnam_r");
1006 nwrap_load_lib_function(NWRAP_LIBC, getpwnam_r);
1009 return nwrap_main_global->libc->fns->_libc_getpwnam_r(name,
1017 static struct passwd *libc_getpwuid(uid_t uid)
1019 nwrap_load_lib_function(NWRAP_LIBC, getpwuid);
1021 return nwrap_main_global->libc->fns->_libc_getpwuid(uid);
1024 #ifdef HAVE_GETPWUID_R
1025 static int libc_getpwuid_r(uid_t uid,
1029 struct passwd **result)
1031 #ifdef HAVE___POSIX_GETPWUID_R
1032 if (nwrap_main_global->libc->fns->_libc_getpwuid_r == NULL) {
1033 *(void **) (&nwrap_main_global->libc->fns->_libc_getpwuid_r) =
1034 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getpwuid_r");
1037 nwrap_load_lib_function(NWRAP_LIBC, getpwuid_r);
1040 return nwrap_main_global->libc->fns->_libc_getpwuid_r(uid,
1048 static inline void str_tolower(char *dst, char *src)
1050 register char *src_tmp = src;
1051 register char *dst_tmp = dst;
1053 while (*src_tmp != '\0') {
1054 *dst_tmp = tolower(*src_tmp);
1060 static bool str_tolower_copy(char **dst_name, const char *const src_name)
1064 if ((dst_name == NULL) || (src_name == NULL)) {
1068 h_name_lower = strdup(src_name);
1069 if (h_name_lower == NULL) {
1070 NWRAP_LOG(NWRAP_LOG_DEBUG, "Out of memory while strdup");
1074 str_tolower(h_name_lower, h_name_lower);
1075 *dst_name = h_name_lower;
1079 static void libc_setpwent(void)
1081 nwrap_load_lib_function(NWRAP_LIBC, setpwent);
1083 nwrap_main_global->libc->fns->_libc_setpwent();
1086 static struct passwd *libc_getpwent(void)
1088 nwrap_load_lib_function(NWRAP_LIBC, getpwent);
1090 return nwrap_main_global->libc->fns->_libc_getpwent();
1093 #ifdef HAVE_GETPWENT_R
1094 # ifdef HAVE_SOLARIS_GETPWENT_R
1095 static struct passwd *libc_getpwent_r(struct passwd *pwdst,
1099 nwrap_load_lib_function(NWRAP_LIBC, getpwent_r);
1101 return nwrap_main_global->libc->fns->_libc_getpwent_r(pwdst,
1105 # else /* HAVE_SOLARIS_GETPWENT_R */
1106 static int libc_getpwent_r(struct passwd *pwdst,
1109 struct passwd **pwdstp)
1111 nwrap_load_lib_function(NWRAP_LIBC, getpwent_r);
1113 return nwrap_main_global->libc->fns->_libc_getpwent_r(pwdst,
1118 # endif /* HAVE_SOLARIS_GETPWENT_R */
1119 #endif /* HAVE_GETPWENT_R */
1121 static void libc_endpwent(void)
1123 nwrap_load_lib_function(NWRAP_LIBC, endpwent);
1125 nwrap_main_global->libc->fns->_libc_endpwent();
1128 static int libc_initgroups(const char *user, gid_t gid)
1130 nwrap_load_lib_function(NWRAP_LIBC, initgroups);
1132 return nwrap_main_global->libc->fns->_libc_initgroups(user, gid);
1135 static struct group *libc_getgrnam(const char *name)
1137 nwrap_load_lib_function(NWRAP_LIBC, getgrnam);
1139 return nwrap_main_global->libc->fns->_libc_getgrnam(name);
1142 #ifdef HAVE_GETGRNAM_R
1143 static int libc_getgrnam_r(const char *name,
1147 struct group **result)
1149 #ifdef HAVE___POSIX_GETGRNAM_R
1150 if (nwrap_main_global->libc->fns->_libc_getgrnam_r == NULL) {
1151 *(void **) (&nwrap_main_global->libc->fns->_libc_getgrnam_r) =
1152 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getgrnam_r");
1155 nwrap_load_lib_function(NWRAP_LIBC, getgrnam_r);
1158 return nwrap_main_global->libc->fns->_libc_getgrnam_r(name,
1166 static struct group *libc_getgrgid(gid_t gid)
1168 nwrap_load_lib_function(NWRAP_LIBC, getgrgid);
1170 return nwrap_main_global->libc->fns->_libc_getgrgid(gid);
1173 #ifdef HAVE_GETGRGID_R
1174 static int libc_getgrgid_r(gid_t gid,
1178 struct group **result)
1180 #ifdef HAVE___POSIX_GETGRGID_R
1181 if (nwrap_main_global->libc->fns->_libc_getgrgid_r == NULL) {
1182 *(void **) (&nwrap_main_global->libc->fns->_libc_getgrgid_r) =
1183 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getgrgid_r");
1186 nwrap_load_lib_function(NWRAP_LIBC, getgrgid_r);
1189 return nwrap_main_global->libc->fns->_libc_getgrgid_r(gid,
1197 static void libc_setgrent(void)
1199 nwrap_load_lib_function(NWRAP_LIBC, setgrent);
1201 nwrap_main_global->libc->fns->_libc_setgrent();
1204 static struct group *libc_getgrent(void)
1206 nwrap_load_lib_function(NWRAP_LIBC, getgrent);
1208 return nwrap_main_global->libc->fns->_libc_getgrent();
1211 #ifdef HAVE_GETGRENT_R
1212 # ifdef HAVE_SOLARIS_GETGRENT_R
1213 static struct group *libc_getgrent_r(struct group *group,
1217 nwrap_load_lib_function(NWRAP_LIBC, getgrent_r);
1219 return nwrap_main_global->libc->fns->_libc_getgrent_r(group,
1223 # else /* HAVE_SOLARIS_GETGRENT_R */
1224 static int libc_getgrent_r(struct group *group,
1227 struct group **result)
1229 nwrap_load_lib_function(NWRAP_LIBC, getgrent_r);
1231 return nwrap_main_global->libc->fns->_libc_getgrent_r(group,
1236 # endif /* HAVE_SOLARIS_GETGRENT_R */
1237 #endif /* HAVE_GETGRENT_R */
1239 static void libc_endgrent(void)
1241 nwrap_load_lib_function(NWRAP_LIBC, endgrent);
1243 nwrap_main_global->libc->fns->_libc_endgrent();
1246 #ifdef HAVE_GETGROUPLIST
1247 static int libc_getgrouplist(const char *user,
1252 nwrap_load_lib_function(NWRAP_LIBC, getgrouplist);
1254 return nwrap_main_global->libc->fns->_libc_getgrouplist(user,
1261 static void libc_sethostent(int stayopen)
1263 nwrap_load_lib_function(NWRAP_LIBNSL, sethostent);
1265 nwrap_main_global->libc->fns->_libc_sethostent(stayopen);
1268 static struct hostent *libc_gethostent(void)
1270 nwrap_load_lib_function(NWRAP_LIBNSL, gethostent);
1272 return nwrap_main_global->libc->fns->_libc_gethostent();
1275 static void libc_endhostent(void)
1277 nwrap_load_lib_function(NWRAP_LIBNSL, endhostent);
1279 nwrap_main_global->libc->fns->_libc_endhostent();
1282 static struct hostent *libc_gethostbyname(const char *name)
1284 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname);
1286 return nwrap_main_global->libc->fns->_libc_gethostbyname(name);
1289 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
1290 static struct hostent *libc_gethostbyname2(const char *name, int af)
1292 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname2);
1294 return nwrap_main_global->libc->fns->_libc_gethostbyname2(name, af);
1298 static struct hostent *libc_gethostbyaddr(const void *addr,
1302 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyaddr);
1304 return nwrap_main_global->libc->fns->_libc_gethostbyaddr(addr,
1309 static int libc_gethostname(char *name, size_t len)
1311 nwrap_load_lib_function(NWRAP_LIBNSL, gethostname);
1313 return nwrap_main_global->libc->fns->_libc_gethostname(name, len);
1316 #ifdef HAVE_GETHOSTBYNAME_R
1317 static int libc_gethostbyname_r(const char *name,
1318 struct hostent *ret,
1321 struct hostent **result,
1324 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname_r);
1326 return nwrap_main_global->libc->fns->_libc_gethostbyname_r(name,
1335 #ifdef HAVE_GETHOSTBYADDR_R
1336 static int libc_gethostbyaddr_r(const void *addr,
1339 struct hostent *ret,
1342 struct hostent **result,
1345 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyaddr_r);
1347 return nwrap_main_global->libc->fns->_libc_gethostbyaddr_r(addr,
1358 static int libc_getaddrinfo(const char *node,
1359 const char *service,
1360 const struct addrinfo *hints,
1361 struct addrinfo **res)
1363 nwrap_load_lib_function(NWRAP_LIBSOCKET, getaddrinfo);
1365 return nwrap_main_global->libc->fns->_libc_getaddrinfo(node,
1371 static int libc_getnameinfo(const struct sockaddr *sa,
1379 nwrap_load_lib_function(NWRAP_LIBSOCKET, getnameinfo);
1381 return nwrap_main_global->libc->fns->_libc_getnameinfo(sa,
1390 /*********************************************************
1391 * NWRAP NSS MODULE LOADER FUNCTIONS
1392 *********************************************************/
1394 static void *nwrap_load_module_fn(struct nwrap_backend *b,
1395 const char *fn_name)
1400 if (!b->so_handle) {
1401 NWRAP_LOG(NWRAP_LOG_ERROR, "No handle");
1405 if (asprintf(&s, "_nss_%s_%s", b->name, fn_name) == -1) {
1406 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1410 res = dlsym(b->so_handle, s);
1412 NWRAP_LOG(NWRAP_LOG_ERROR,
1413 "Cannot find function %s in %s",
1420 static struct nwrap_module_nss_fns *nwrap_load_module_fns(struct nwrap_backend *b)
1422 struct nwrap_module_nss_fns *fns;
1424 if (!b->so_handle) {
1428 fns = (struct nwrap_module_nss_fns *)malloc(sizeof(struct nwrap_module_nss_fns));
1433 *(void **)(&fns->_nss_getpwnam_r) =
1434 nwrap_load_module_fn(b, "getpwnam_r");
1435 *(void **)(&fns->_nss_getpwuid_r) =
1436 nwrap_load_module_fn(b, "getpwuid_r");
1437 *(void **)(&fns->_nss_setpwent) =
1438 nwrap_load_module_fn(b, "setpwent");
1439 *(void **)(&fns->_nss_getpwent_r) =
1440 nwrap_load_module_fn(b, "getpwent_r");
1441 *(void **)(&fns->_nss_endpwent) =
1442 nwrap_load_module_fn(b, "endpwent");
1443 *(void **)(&fns->_nss_initgroups) =
1444 nwrap_load_module_fn(b, "initgroups_dyn");
1445 *(void **)(&fns->_nss_getgrnam_r) =
1446 nwrap_load_module_fn(b, "getgrnam_r");
1447 *(void **)(&fns->_nss_getgrgid_r)=
1448 nwrap_load_module_fn(b, "getgrgid_r");
1449 *(void **)(&fns->_nss_setgrent) =
1450 nwrap_load_module_fn(b, "setgrent");
1451 *(void **)(&fns->_nss_getgrent_r) =
1452 nwrap_load_module_fn(b, "getgrent_r");
1453 *(void **)(&fns->_nss_endgrent) =
1454 nwrap_load_module_fn(b, "endgrent");
1459 static void *nwrap_load_module(const char *so_path)
1463 if (!so_path || !strlen(so_path)) {
1467 h = dlopen(so_path, RTLD_LAZY);
1469 NWRAP_LOG(NWRAP_LOG_ERROR,
1470 "Cannot open shared library %s",
1478 static bool nwrap_module_init(const char *name,
1479 struct nwrap_ops *ops,
1480 const char *so_path,
1482 struct nwrap_backend **backends)
1484 struct nwrap_backend *b;
1486 *backends = (struct nwrap_backend *)realloc(*backends,
1487 sizeof(struct nwrap_backend) * ((*num_backends) + 1));
1489 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1493 b = &((*backends)[*num_backends]);
1497 b->so_path = so_path;
1499 if (so_path != NULL) {
1500 b->so_handle = nwrap_load_module(so_path);
1501 b->fns = nwrap_load_module_fns(b);
1502 if (b->fns == NULL) {
1506 b->so_handle = NULL;
1515 static void nwrap_libc_init(struct nwrap_main *r)
1517 r->libc = calloc(1, sizeof(struct nwrap_libc));
1518 if (r->libc == NULL) {
1519 printf("Failed to allocate memory for libc");
1523 r->libc->fns = calloc(1, sizeof(struct nwrap_libc_fns));
1524 if (r->libc->fns == NULL) {
1525 printf("Failed to allocate memory for libc functions");
1530 static void nwrap_backend_init(struct nwrap_main *r)
1532 const char *module_so_path = getenv("NSS_WRAPPER_MODULE_SO_PATH");
1533 const char *module_fn_name = getenv("NSS_WRAPPER_MODULE_FN_PREFIX");
1535 r->num_backends = 0;
1538 if (!nwrap_module_init("files", &nwrap_files_ops, NULL,
1541 NWRAP_LOG(NWRAP_LOG_ERROR,
1542 "Failed to initialize 'files' backend");
1546 if (module_so_path != NULL &&
1547 module_so_path[0] != '\0' &&
1548 module_fn_name != NULL &&
1549 module_fn_name[0] != '\0') {
1550 if (!nwrap_module_init(module_fn_name,
1555 NWRAP_LOG(NWRAP_LOG_ERROR,
1556 "Failed to initialize '%s' backend",
1563 static void nwrap_init(void)
1567 size_t max_hostents_tmp;
1570 NWRAP_LOCK(nwrap_initialized);
1571 if (nwrap_initialized) {
1572 NWRAP_UNLOCK(nwrap_initialized);
1577 * Still holding nwrap_initialized lock here.
1578 * We don't use NWRAP_(UN)LOCK_ALL macros here because we
1579 * want to avoid overhead when other threads do their job.
1581 NWRAP_LOCK(nwrap_global);
1582 NWRAP_LOCK(nwrap_gr_global);
1583 NWRAP_LOCK(nwrap_he_global);
1584 NWRAP_LOCK(nwrap_pw_global);
1585 NWRAP_LOCK(nwrap_sp_global);
1587 nwrap_initialized = true;
1589 env = getenv("NSS_WRAPPER_MAX_HOSTENTS");
1591 max_hostents_tmp = (size_t)strtoul(env, &endptr, 10);
1592 if ((*env == '\0') ||
1593 (*endptr != '\0') ||
1594 (max_hostents_tmp == 0)) {
1595 NWRAP_LOG(NWRAP_LOG_DEBUG,
1596 "Error parsing NSS_WRAPPER_MAX_HOSTENTS "
1597 "value or value is too small. "
1598 "Using default value: %lu.",
1599 (unsigned long)max_hostents);
1601 max_hostents = max_hostents_tmp;
1604 /* Initialize hash table */
1605 NWRAP_LOG(NWRAP_LOG_DEBUG,
1606 "Initializing hash table of size %lu items.",
1607 (unsigned long)max_hostents);
1608 ok = hcreate(max_hostents);
1610 NWRAP_LOG(NWRAP_LOG_ERROR,
1611 "Failed to initialize hash table");
1615 nwrap_main_global = &__nwrap_main_global;
1617 nwrap_libc_init(nwrap_main_global);
1619 nwrap_backend_init(nwrap_main_global);
1622 nwrap_pw_global.cache = &__nwrap_cache_pw;
1624 nwrap_pw_global.cache->path = getenv("NSS_WRAPPER_PASSWD");
1625 nwrap_pw_global.cache->fp = NULL;
1626 nwrap_pw_global.cache->fd = -1;
1627 nwrap_pw_global.cache->private_data = &nwrap_pw_global;
1628 nwrap_pw_global.cache->parse_line = nwrap_pw_parse_line;
1629 nwrap_pw_global.cache->unload = nwrap_pw_unload;
1632 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1633 nwrap_sp_global.cache = &__nwrap_cache_sp;
1635 nwrap_sp_global.cache->path = getenv("NSS_WRAPPER_SHADOW");
1636 nwrap_sp_global.cache->fp = NULL;
1637 nwrap_sp_global.cache->fd = -1;
1638 nwrap_sp_global.cache->private_data = &nwrap_sp_global;
1639 nwrap_sp_global.cache->parse_line = nwrap_sp_parse_line;
1640 nwrap_sp_global.cache->unload = nwrap_sp_unload;
1641 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1644 nwrap_gr_global.cache = &__nwrap_cache_gr;
1646 nwrap_gr_global.cache->path = getenv("NSS_WRAPPER_GROUP");
1647 nwrap_gr_global.cache->fp = NULL;
1648 nwrap_gr_global.cache->fd = -1;
1649 nwrap_gr_global.cache->private_data = &nwrap_gr_global;
1650 nwrap_gr_global.cache->parse_line = nwrap_gr_parse_line;
1651 nwrap_gr_global.cache->unload = nwrap_gr_unload;
1654 nwrap_he_global.cache = &__nwrap_cache_he;
1656 nwrap_he_global.cache->path = getenv("NSS_WRAPPER_HOSTS");
1657 nwrap_he_global.cache->fp = NULL;
1658 nwrap_he_global.cache->fd = -1;
1659 nwrap_he_global.cache->private_data = &nwrap_he_global;
1660 nwrap_he_global.cache->parse_line = nwrap_he_parse_line;
1661 nwrap_he_global.cache->unload = nwrap_he_unload;
1663 /* We hold all locks here so we can use NWRAP_UNLOCK_ALL. */
1667 bool nss_wrapper_enabled(void)
1671 if (nwrap_pw_global.cache->path == NULL ||
1672 nwrap_pw_global.cache->path[0] == '\0') {
1675 if (nwrap_gr_global.cache->path == NULL ||
1676 nwrap_gr_global.cache->path[0] == '\0') {
1683 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1684 bool nss_wrapper_shadow_enabled(void)
1688 if (nwrap_sp_global.cache->path == NULL ||
1689 nwrap_sp_global.cache->path[0] == '\0') {
1695 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1697 bool nss_wrapper_hosts_enabled(void)
1701 if (nwrap_he_global.cache->path == NULL ||
1702 nwrap_he_global.cache->path[0] == '\0') {
1709 static bool nwrap_hostname_enabled(void)
1713 if (getenv("NSS_WRAPPER_HOSTNAME") == NULL) {
1720 static bool nwrap_parse_file(struct nwrap_cache *nwrap)
1724 /* Unused but getline needs it */
1728 if (nwrap->st.st_size == 0) {
1729 NWRAP_LOG(NWRAP_LOG_DEBUG, "size == 0");
1733 /* Support for 32-bit system I guess */
1734 if (nwrap->st.st_size > INT32_MAX) {
1735 NWRAP_LOG(NWRAP_LOG_ERROR,
1736 "Size[%u] larger than INT32_MAX",
1737 (unsigned)nwrap->st.st_size);
1744 n = getline(&line, &len, nwrap->fp);
1747 if (feof(nwrap->fp)) {
1751 NWRAP_LOG(NWRAP_LOG_ERROR,
1752 "Unable to read line from file: %s",
1757 if (line[n - 1] == '\n') {
1761 if (line[0] == '\0') {
1766 ok = nwrap->parse_line(nwrap, line);
1768 NWRAP_LOG(NWRAP_LOG_ERROR,
1769 "Unable to parse line file: %s",
1775 /* Line is parsed without issues so add it to list */
1776 ok = nwrap_vector_add_item(&(nwrap->lines), (void *const) line);
1778 NWRAP_LOG(NWRAP_LOG_ERROR,
1779 "Unable to add line to vector");
1783 /* This forces getline to allocate new memory for line. */
1785 } while (!feof(nwrap->fp));
1790 static void nwrap_files_cache_unload(struct nwrap_cache *nwrap)
1792 nwrap->unload(nwrap);
1794 nwrap_lines_unload(nwrap);
1797 static bool nwrap_files_cache_reload(struct nwrap_cache *nwrap)
1802 bool retried = false;
1804 assert(nwrap != NULL);
1807 if (nwrap->fd < 0) {
1808 nwrap->fp = fopen(nwrap->path, "re");
1809 if (nwrap->fp == NULL) {
1811 NWRAP_LOG(NWRAP_LOG_ERROR,
1812 "Unable to open '%s' readonly %d:%s",
1813 nwrap->path, nwrap->fd,
1818 nwrap->fd = fileno(nwrap->fp);
1819 NWRAP_LOG(NWRAP_LOG_DEBUG, "Open '%s'", nwrap->path);
1822 ret = fstat(nwrap->fd, &st);
1824 NWRAP_LOG(NWRAP_LOG_ERROR,
1825 "fstat(%s) - %d:%s",
1835 if (retried == false && st.st_nlink == 0) {
1836 /* maybe someone has replaced the file... */
1837 NWRAP_LOG(NWRAP_LOG_TRACE,
1838 "st_nlink == 0, reopen %s",
1841 memset(&nwrap->st, 0, sizeof(nwrap->st));
1848 if (st.st_mtime == nwrap->st.st_mtime) {
1849 NWRAP_LOG(NWRAP_LOG_TRACE,
1850 "st_mtime[%u] hasn't changed, skip reload",
1851 (unsigned)st.st_mtime);
1855 NWRAP_LOG(NWRAP_LOG_TRACE,
1856 "st_mtime has changed [%u] => [%u], start reload",
1857 (unsigned)st.st_mtime,
1858 (unsigned)nwrap->st.st_mtime);
1862 nwrap_files_cache_unload(nwrap);
1864 ok = nwrap_parse_file(nwrap);
1866 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to reload %s", nwrap->path);
1867 nwrap_files_cache_unload(nwrap);
1871 NWRAP_LOG(NWRAP_LOG_TRACE, "Reloaded %s", nwrap->path);
1876 * the caller has to call nwrap_unload() on failure
1878 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line)
1880 struct nwrap_pw *nwrap_pw;
1887 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
1889 list_size = sizeof(*nwrap_pw->list) * (nwrap_pw->num+1);
1890 pw = (struct passwd *)realloc(nwrap_pw->list, list_size);
1892 NWRAP_LOG(NWRAP_LOG_ERROR,
1893 "realloc(%u) failed",
1894 (unsigned)list_size);
1897 nwrap_pw->list = pw;
1899 pw = &nwrap_pw->list[nwrap_pw->num];
1906 NWRAP_LOG(NWRAP_LOG_ERROR,
1907 "Invalid line[%s]: '%s'",
1917 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", pw->pw_name);
1922 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1930 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]\n", pw->pw_passwd);
1935 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1941 pw->pw_uid = (uid_t)strtoul(c, &e, 10);
1943 NWRAP_LOG(NWRAP_LOG_ERROR,
1944 "Invalid line[%s]: '%s' - %s",
1945 line, c, strerror(errno));
1949 NWRAP_LOG(NWRAP_LOG_ERROR,
1950 "Invalid line[%s]: '%s' - %s",
1951 line, c, strerror(errno));
1955 NWRAP_LOG(NWRAP_LOG_ERROR,
1956 "Invalid line[%s]: '%s' - %s",
1957 line, c, strerror(errno));
1962 NWRAP_LOG(NWRAP_LOG_TRACE, "uid[%u]", pw->pw_uid);
1967 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1973 pw->pw_gid = (gid_t)strtoul(c, &e, 10);
1975 NWRAP_LOG(NWRAP_LOG_ERROR,
1976 "Invalid line[%s]: '%s' - %s",
1977 line, c, strerror(errno));
1981 NWRAP_LOG(NWRAP_LOG_ERROR,
1982 "Invalid line[%s]: '%s' - %s",
1983 line, c, strerror(errno));
1987 NWRAP_LOG(NWRAP_LOG_ERROR,
1988 "Invalid line[%s]: '%s' - %s",
1989 line, c, strerror(errno));
1994 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]\n", pw->pw_gid);
1996 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
1997 pw->pw_class = discard_const_p(char, "");
1999 NWRAP_LOG(NWRAP_LOG_TRACE, "class[%s]", pw->pw_class);
2000 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
2002 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
2005 NWRAP_LOG(NWRAP_LOG_TRACE,
2007 (unsigned long)pw->pw_change);
2008 #endif /* HAVE_STRUCT_PASSWD_PW_CHANGE */
2010 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
2013 NWRAP_LOG(NWRAP_LOG_TRACE,
2015 (unsigned long)pw->pw_expire);
2016 #endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE */
2021 NWRAP_LOG(NWRAP_LOG_ERROR, "invalid line[%s]: '%s'", line, c);
2029 NWRAP_LOG(NWRAP_LOG_TRACE, "gecos[%s]", pw->pw_gecos);
2034 NWRAP_LOG(NWRAP_LOG_ERROR, "'%s'", c);
2042 NWRAP_LOG(NWRAP_LOG_TRACE, "dir[%s]", pw->pw_dir);
2046 NWRAP_LOG(NWRAP_LOG_TRACE, "shell[%s]", pw->pw_shell);
2048 NWRAP_LOG(NWRAP_LOG_DEBUG,
2049 "Added user[%s:%s:%u:%u:%s:%s:%s]",
2050 pw->pw_name, pw->pw_passwd,
2051 pw->pw_uid, pw->pw_gid,
2052 pw->pw_gecos, pw->pw_dir, pw->pw_shell);
2058 static void nwrap_pw_unload(struct nwrap_cache *nwrap)
2060 struct nwrap_pw *nwrap_pw;
2061 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
2063 SAFE_FREE(nwrap_pw->list);
2068 static int nwrap_pw_copy_r(const struct passwd *src, struct passwd *dst,
2069 char *buf, size_t buflen, struct passwd **dstp)
2075 first = src->pw_name;
2077 last = src->pw_shell;
2078 while (*last) last++;
2080 ofs = PTR_DIFF(last + 1, first);
2082 if (ofs > (off_t) buflen) {
2086 memcpy(buf, first, ofs);
2088 ofs = PTR_DIFF(src->pw_name, first);
2089 dst->pw_name = buf + ofs;
2090 ofs = PTR_DIFF(src->pw_passwd, first);
2091 dst->pw_passwd = buf + ofs;
2092 dst->pw_uid = src->pw_uid;
2093 dst->pw_gid = src->pw_gid;
2094 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
2095 ofs = PTR_DIFF(src->pw_class, first);
2096 dst->pw_class = buf + ofs;
2097 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
2099 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
2101 #endif /* HAVE_STRUCT_PASSWD_PW_CHANGE */
2103 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
2105 #endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE */
2107 ofs = PTR_DIFF(src->pw_gecos, first);
2108 dst->pw_gecos = buf + ofs;
2109 ofs = PTR_DIFF(src->pw_dir, first);
2110 dst->pw_dir = buf + ofs;
2111 ofs = PTR_DIFF(src->pw_shell, first);
2112 dst->pw_shell = buf + ofs;
2121 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
2122 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line)
2124 struct nwrap_sp *nwrap_sp;
2131 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2133 list_size = sizeof(*nwrap_sp->list) * (nwrap_sp->num+1);
2134 sp = (struct spwd *)realloc(nwrap_sp->list, list_size);
2136 NWRAP_LOG(NWRAP_LOG_ERROR,
2137 "realloc(%u) failed",
2138 (unsigned)list_size);
2141 nwrap_sp->list = sp;
2143 sp = &nwrap_sp->list[nwrap_sp->num];
2150 NWRAP_LOG(NWRAP_LOG_ERROR,
2151 "name -- Invalid line[%s]: '%s'",
2161 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", sp->sp_namp);
2166 NWRAP_LOG(NWRAP_LOG_ERROR,
2167 "pwd -- Invalid line[%s]: '%s'",
2184 NWRAP_LOG(NWRAP_LOG_ERROR,
2185 "lstchg -- Invalid line[%s]: '%s'",
2192 sp->sp_lstchg = strtol(c, &e, 10);
2194 NWRAP_LOG(NWRAP_LOG_ERROR,
2195 "lstchg -- Invalid line[%s]: '%s' - %s",
2196 line, c, strerror(errno));
2200 NWRAP_LOG(NWRAP_LOG_ERROR,
2201 "lstchg -- Invalid line[%s]: '%s' - %s",
2202 line, c, strerror(errno));
2206 NWRAP_LOG(NWRAP_LOG_ERROR,
2207 "lstchg -- Invalid line[%s]: '%s' - %s",
2208 line, c, strerror(errno));
2221 NWRAP_LOG(NWRAP_LOG_ERROR,
2222 "min -- Invalid line[%s]: '%s'",
2229 sp->sp_min = strtol(c, &e, 10);
2231 NWRAP_LOG(NWRAP_LOG_ERROR,
2232 "min -- Invalid line[%s]: '%s' - %s",
2233 line, c, strerror(errno));
2237 NWRAP_LOG(NWRAP_LOG_ERROR,
2238 "min -- Invalid line[%s]: '%s' - %s",
2239 line, c, strerror(errno));
2243 NWRAP_LOG(NWRAP_LOG_ERROR,
2244 "min -- Invalid line[%s]: '%s' - %s",
2245 line, c, strerror(errno));
2258 NWRAP_LOG(NWRAP_LOG_ERROR,
2259 "max -- Invalid line[%s]: '%s'",
2266 sp->sp_max = strtol(c, &e, 10);
2268 NWRAP_LOG(NWRAP_LOG_ERROR,
2269 "max -- Invalid line[%s]: '%s' - %s",
2270 line, c, strerror(errno));
2274 NWRAP_LOG(NWRAP_LOG_ERROR,
2275 "max -- Invalid line[%s]: '%s' - %s",
2276 line, c, strerror(errno));
2280 NWRAP_LOG(NWRAP_LOG_ERROR,
2281 "max -- Invalid line[%s]: '%s' - %s",
2282 line, c, strerror(errno));
2295 NWRAP_LOG(NWRAP_LOG_ERROR,
2296 "warn -- Invalid line[%s]: '%s'",
2303 sp->sp_warn = strtol(c, &e, 10);
2305 NWRAP_LOG(NWRAP_LOG_ERROR,
2306 "warn -- Invalid line[%s]: '%s' - %s",
2307 line, c, strerror(errno));
2311 NWRAP_LOG(NWRAP_LOG_ERROR,
2312 "warn -- Invalid line[%s]: '%s' - %s",
2313 line, c, strerror(errno));
2317 NWRAP_LOG(NWRAP_LOG_ERROR,
2318 "warn -- Invalid line[%s]: '%s' - %s",
2319 line, c, strerror(errno));
2332 NWRAP_LOG(NWRAP_LOG_ERROR,
2333 "inact -- Invalid line[%s]: '%s'",
2340 sp->sp_inact = strtol(c, &e, 10);
2342 NWRAP_LOG(NWRAP_LOG_ERROR,
2343 "inact -- Invalid line[%s]: '%s' - %s",
2344 line, c, strerror(errno));
2348 NWRAP_LOG(NWRAP_LOG_ERROR,
2349 "inact -- Invalid line[%s]: '%s' - %s",
2350 line, c, strerror(errno));
2354 NWRAP_LOG(NWRAP_LOG_ERROR,
2355 "inact -- Invalid line[%s]: '%s' - %s",
2356 line, c, strerror(errno));
2369 NWRAP_LOG(NWRAP_LOG_ERROR,
2370 "expire -- Invalid line[%s]: '%s'",
2377 sp->sp_expire = strtol(c, &e, 10);
2379 NWRAP_LOG(NWRAP_LOG_ERROR,
2380 "expire -- Invalid line[%s]: '%s' - %s",
2381 line, c, strerror(errno));
2385 NWRAP_LOG(NWRAP_LOG_ERROR,
2386 "expire -- Invalid line[%s]: '%s' - %s",
2387 line, c, strerror(errno));
2391 NWRAP_LOG(NWRAP_LOG_ERROR,
2392 "expire -- Invalid line[%s]: '%s' - %s",
2393 line, c, strerror(errno));
2403 static void nwrap_sp_unload(struct nwrap_cache *nwrap)
2405 struct nwrap_sp *nwrap_sp;
2406 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2408 SAFE_FREE(nwrap_sp->list);
2412 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
2415 * the caller has to call nwrap_unload() on failure
2417 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line)
2419 struct nwrap_gr *nwrap_gr;
2427 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2429 list_size = sizeof(*nwrap_gr->list) * (nwrap_gr->num+1);
2430 gr = (struct group *)realloc(nwrap_gr->list, list_size);
2432 NWRAP_LOG(NWRAP_LOG_ERROR, "realloc failed");
2435 nwrap_gr->list = gr;
2437 gr = &nwrap_gr->list[nwrap_gr->num];
2444 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2452 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]", gr->gr_name);
2457 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2465 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]", gr->gr_passwd);
2470 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2476 gr->gr_gid = (gid_t)strtoul(c, &e, 10);
2478 NWRAP_LOG(NWRAP_LOG_ERROR,
2479 "Invalid line[%s]: '%s' - %s",
2480 line, c, strerror(errno));
2484 NWRAP_LOG(NWRAP_LOG_ERROR,
2485 "Invalid line[%s]: '%s' - %s",
2486 line, c, strerror(errno));
2490 NWRAP_LOG(NWRAP_LOG_ERROR,
2491 "Invalid line[%s]: '%s' - %s",
2492 line, c, strerror(errno));
2497 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]", gr->gr_gid);
2500 gr->gr_mem = (char **)malloc(sizeof(char *));
2502 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
2505 gr->gr_mem[0] = NULL;
2507 for(nummem = 0; p != NULL && p[0] != '\0'; nummem++) {
2517 if (strlen(c) == 0) {
2521 m_size = sizeof(char *) * (nummem+2);
2522 m = (char **)realloc(gr->gr_mem, m_size);
2524 NWRAP_LOG(NWRAP_LOG_ERROR,
2525 "realloc(%zd) failed",
2530 gr->gr_mem[nummem] = c;
2531 gr->gr_mem[nummem+1] = NULL;
2533 NWRAP_LOG(NWRAP_LOG_TRACE,
2535 nummem, gr->gr_mem[nummem]);
2538 NWRAP_LOG(NWRAP_LOG_DEBUG,
2539 "Added group[%s:%s:%u:] with %u members",
2540 gr->gr_name, gr->gr_passwd, gr->gr_gid, nummem);
2546 static void nwrap_gr_unload(struct nwrap_cache *nwrap)
2549 struct nwrap_gr *nwrap_gr;
2550 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2552 if (nwrap_gr->list) {
2553 for (i=0; i < nwrap_gr->num; i++) {
2554 SAFE_FREE(nwrap_gr->list[i].gr_mem);
2556 SAFE_FREE(nwrap_gr->list);
2563 static int nwrap_gr_copy_r(const struct group *src, struct group *dst,
2564 char *buf, size_t buflen, struct group **dstp)
2567 uintptr_t align = 0;
2568 unsigned int gr_mem_cnt = 0;
2571 size_t gr_name_len = strlen(src->gr_name) + 1;
2572 size_t gr_passwd_len = strlen(src->gr_passwd) + 1;
2578 for (i = 0; src->gr_mem[i] != NULL; i++) {
2582 /* Align the memory for storing pointers */
2583 align = __alignof__(char *) - ((p - (char *)0) % __alignof__(char *));
2585 (1 + gr_mem_cnt) * sizeof(char *) +
2586 gr_name_len + gr_passwd_len;
2588 if (total_len > buflen) {
2592 buflen -= total_len;
2597 dst->gr_mem = g_mem.data;
2600 p += (1 + gr_mem_cnt) * sizeof(char *);
2611 dst->gr_gid = src->gr_gid;
2613 memcpy(dst->gr_name, src->gr_name, gr_name_len);
2615 memcpy(dst->gr_passwd, src->gr_passwd, gr_passwd_len);
2617 /* Set the terminating entry */
2618 dst->gr_mem[gr_mem_cnt] = NULL;
2620 /* Now add the group members content */
2622 for (i = 0; i < gr_mem_cnt; i++) {
2623 size_t len = strlen(src->gr_mem[i]) + 1;
2630 if (total_len > buflen) {
2635 for (i = 0; i < gr_mem_cnt; i++) {
2636 size_t len = strlen(src->gr_mem[i]) + 1;
2638 memcpy(dst->gr_mem[i],
2650 static struct nwrap_entlist *nwrap_entlist_init(struct nwrap_entdata *ed)
2652 struct nwrap_entlist *el;
2655 NWRAP_LOG(NWRAP_LOG_ERROR,
2656 "entry is NULL, can't create list item");
2660 el = (struct nwrap_entlist *)malloc(sizeof(struct nwrap_entlist));
2662 NWRAP_LOG(NWRAP_LOG_ERROR, "malloc failed");
2672 static bool nwrap_ed_inventarize_add_new(char *const h_name,
2673 struct nwrap_entdata *const ed)
2677 struct nwrap_entlist *el;
2680 if (h_name == NULL) {
2681 NWRAP_LOG(NWRAP_LOG_ERROR, "h_name NULL - can't add");
2685 el = nwrap_entlist_init(ed);
2691 e.data = (void *)el;
2693 p = hsearch(e, ENTER);
2695 NWRAP_LOG(NWRAP_LOG_ERROR,
2696 "Hash table is full (%s)!",
2701 ok = nwrap_vector_add_item(&(nwrap_he_global.lists), (void *)el);
2703 NWRAP_LOG(NWRAP_LOG_ERROR,
2704 "Failed to add list entry to vector.");
2711 static bool nwrap_ed_inventarize_add_to_existing(struct nwrap_entdata *const ed,
2712 struct nwrap_entlist *const el)
2714 struct nwrap_entlist *cursor;
2715 struct nwrap_entlist *el_new;
2718 NWRAP_LOG(NWRAP_LOG_ERROR, "list is NULL, can not add");
2723 for (cursor = el; cursor->next != NULL; cursor = cursor->next)
2725 if (cursor->ed == ed) {
2726 /* The entry already exists in this list. */
2731 if (cursor->ed == ed) {
2732 /* The entry already exists in this list. */
2736 el_new = nwrap_entlist_init(ed);
2737 if (el_new == NULL) {
2741 cursor->next = el_new;
2745 static bool nwrap_ed_inventarize(char *const name,
2746 struct nwrap_entdata *const ed)
2755 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching name: %s", e.key);
2757 p = hsearch(e, FIND);
2759 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found. Adding...", name);
2760 ok = nwrap_ed_inventarize_add_new(name, ed);
2762 struct nwrap_entlist *el = (struct nwrap_entlist *)p->data;
2764 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s found. Add record to list.", name);
2765 ok = nwrap_ed_inventarize_add_to_existing(ed, el);
2771 static bool nwrap_add_hname(struct nwrap_entdata *const ed)
2773 char *const h_name = (char *const)(ed->ht.h_name);
2777 ok = nwrap_ed_inventarize(h_name, ed);
2782 if (ed->ht.h_aliases == NULL) {
2786 /* Itemize aliases */
2787 for (i = 0; ed->ht.h_aliases[i] != NULL; ++i) {
2790 h_name_alias = ed->ht.h_aliases[i];
2792 NWRAP_LOG(NWRAP_LOG_DEBUG, "Add alias: %s", h_name_alias);
2794 if (!nwrap_ed_inventarize(h_name_alias, ed)) {
2795 NWRAP_LOG(NWRAP_LOG_ERROR,
2796 "Unable to add alias: %s", h_name_alias);
2804 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line)
2806 struct nwrap_he *nwrap_he = (struct nwrap_he *)nwrap->private_data;
2807 bool do_aliases = true;
2808 ssize_t aliases_count = 0;
2816 struct nwrap_entdata *ed = (struct nwrap_entdata *)
2817 malloc(sizeof(struct nwrap_entdata));
2819 NWRAP_LOG(NWRAP_LOG_ERROR,
2820 "Unable to allocate memory for nwrap_entdata");
2831 /* Walk to first char */
2832 for (p = i; *p != '.' && *p != ':' && !isxdigit((int) *p); p++) {
2834 NWRAP_LOG(NWRAP_LOG_ERROR,
2835 "Invalid line[%s]: '%s'",
2842 for (i = p; !isspace((int)*p); p++) {
2844 NWRAP_LOG(NWRAP_LOG_ERROR,
2845 "Invalid line[%s]: '%s'",
2854 if (inet_pton(AF_INET, i, ed->addr.host_addr)) {
2855 ed->ht.h_addrtype = AF_INET;
2856 ed->ht.h_length = 4;
2858 } else if (inet_pton(AF_INET6, i, ed->addr.host_addr)) {
2859 ed->ht.h_addrtype = AF_INET6;
2860 ed->ht.h_length = 16;
2863 NWRAP_LOG(NWRAP_LOG_ERROR,
2864 "Invalid line[%s]: '%s'",
2872 ok = nwrap_vector_add_item(&(ed->nwrap_addrdata),
2873 (void *const)ed->addr.host_addr);
2875 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add addrdata to vector");
2879 ed->ht.h_addr_list = nwrap_vector_head(&ed->nwrap_addrdata);
2887 /* Walk to first char */
2888 for (n = p; *p != '_' && !isalnum((int) *p); p++) {
2890 NWRAP_LOG(NWRAP_LOG_ERROR,
2891 "Invalid line[%s]: '%s'",
2899 for (n = p; !isspace((int)*p); p++) {
2908 /* Convert to lowercase. This operate on same memory region */
2912 /* glib's getent always dereferences he->h_aliases */
2913 ed->ht.h_aliases = malloc(sizeof(char *));
2914 if (ed->ht.h_aliases == NULL) {
2918 ed->ht.h_aliases[0] = NULL;
2923 while (do_aliases) {
2929 /* Walk to first char */
2930 for (a = p; *p != '_' && !isalnum((int) *p); p++) {
2936 /* Only trailing spaces are left */
2941 for (a = p; !isspace((int)*p); p++) {
2950 aliases = realloc(ed->ht.h_aliases, sizeof(char *) * (aliases_count + 2));
2951 if (aliases == NULL) {
2955 ed->ht.h_aliases = aliases;
2958 aliases[aliases_count] = a;
2959 aliases[aliases_count + 1] = NULL;
2964 ok = nwrap_vector_add_item(&(nwrap_he->entries), (void *const)ed);
2966 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add entry to vector");
2971 ed->aliases_count = aliases_count;
2972 /* Inventarize item */
2973 ok = nwrap_add_hname(ed);
2978 ok = nwrap_ed_inventarize(ip, ed);
2987 static void nwrap_he_unload(struct nwrap_cache *nwrap)
2989 struct nwrap_he *nwrap_he =
2990 (struct nwrap_he *)nwrap->private_data;
2991 struct nwrap_entdata *ed;
2992 struct nwrap_entlist *el;
2996 nwrap_vector_foreach (ed, nwrap_he->entries, i)
2998 SAFE_FREE(ed->nwrap_addrdata.items);
2999 SAFE_FREE(ed->ht.h_aliases);
3002 SAFE_FREE(nwrap_he->entries.items);
3003 nwrap_he->entries.count = nwrap_he->entries.capacity = 0;
3005 nwrap_vector_foreach(el, nwrap_he->lists, i)
3007 while (el != NULL) {
3008 struct nwrap_entlist *el_next;
3015 SAFE_FREE(nwrap_he->lists.items);
3016 nwrap_he->lists.count = nwrap_he->lists.capacity = 0;
3022 * If we unload the file, the pointers in the hash table point to
3023 * invalid memory. So we need to destroy the hash table and recreate
3027 rc = hcreate(max_hostents);
3029 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to initialize hash table");
3035 /* user functions */
3036 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
3042 (void) b; /* unused */
3044 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3046 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3048 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3052 for (i=0; i<nwrap_pw_global.num; i++) {
3053 if (strcmp(nwrap_pw_global.list[i].pw_name, name) == 0) {
3054 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3055 return &nwrap_pw_global.list[i];
3057 NWRAP_LOG(NWRAP_LOG_DEBUG,
3058 "user[%s] does not match [%s]",
3060 nwrap_pw_global.list[i].pw_name);
3063 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3069 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
3070 const char *name, struct passwd *pwdst,
3071 char *buf, size_t buflen, struct passwd **pwdstp)
3075 pw = nwrap_files_getpwnam(b, name);
3083 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3086 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
3092 (void) b; /* unused */
3094 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3096 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3100 for (i=0; i<nwrap_pw_global.num; i++) {
3101 if (nwrap_pw_global.list[i].pw_uid == uid) {
3102 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] found", uid);
3103 return &nwrap_pw_global.list[i];
3105 NWRAP_LOG(NWRAP_LOG_DEBUG,
3106 "uid[%u] does not match [%u]",
3108 nwrap_pw_global.list[i].pw_uid);
3111 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] not found\n", uid);
3117 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
3118 uid_t uid, struct passwd *pwdst,
3119 char *buf, size_t buflen, struct passwd **pwdstp)
3123 pw = nwrap_files_getpwuid(b, uid);
3131 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3134 /* user enum functions */
3135 static void nwrap_files_setpwent(struct nwrap_backend *b)
3137 (void) b; /* unused */
3139 nwrap_pw_global.idx = 0;
3142 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b)
3146 (void) b; /* unused */
3148 if (nwrap_pw_global.idx == 0) {
3150 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3152 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3157 if (nwrap_pw_global.idx >= nwrap_pw_global.num) {
3162 pw = &nwrap_pw_global.list[nwrap_pw_global.idx++];
3164 NWRAP_LOG(NWRAP_LOG_DEBUG,
3165 "return user[%s] uid[%u]",
3166 pw->pw_name, pw->pw_uid);
3171 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
3172 struct passwd *pwdst, char *buf,
3173 size_t buflen, struct passwd **pwdstp)
3177 pw = nwrap_files_getpwent(b);
3185 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3188 static void nwrap_files_endpwent(struct nwrap_backend *b)
3190 (void) b; /* unused */
3192 nwrap_pw_global.idx = 0;
3197 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
3199 #ifdef HAVE_SETSPENT
3200 static void nwrap_files_setspent(void)
3202 nwrap_sp_global.idx = 0;
3205 static struct spwd *nwrap_files_getspent(void)
3209 if (nwrap_sp_global.idx == 0) {
3212 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3214 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3219 if (nwrap_sp_global.idx >= nwrap_sp_global.num) {
3224 sp = &nwrap_sp_global.list[nwrap_sp_global.idx++];
3226 NWRAP_LOG(NWRAP_LOG_DEBUG,
3233 static void nwrap_files_endspent(void)
3235 nwrap_sp_global.idx = 0;
3237 #endif /* HAVE_SETSPENT */
3239 static struct spwd *nwrap_files_getspnam(const char *name)
3244 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3246 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3248 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3252 for (i=0; i<nwrap_sp_global.num; i++) {
3253 if (strcmp(nwrap_sp_global.list[i].sp_namp, name) == 0) {
3254 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3255 return &nwrap_sp_global.list[i];
3257 NWRAP_LOG(NWRAP_LOG_DEBUG,
3258 "user[%s] does not match [%s]",
3260 nwrap_sp_global.list[i].sp_namp);
3263 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3268 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
3270 /* misc functions */
3271 static int nwrap_files_initgroups(struct nwrap_backend *b,
3280 groups = (gid_t *)malloc(size * sizeof(gid_t));
3281 if (groups == NULL) {
3282 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
3288 nwrap_files_setgrent(b);
3289 while ((grp = nwrap_files_getgrent(b)) != NULL) {
3292 NWRAP_LOG(NWRAP_LOG_DEBUG,
3293 "Inspecting %s for group membership",
3296 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
3297 if (group != grp->gr_gid &&
3298 (strcmp(user, grp->gr_mem[i]) == 0)) {
3299 NWRAP_LOG(NWRAP_LOG_DEBUG,
3300 "%s is member of %s",
3304 groups = (gid_t *)realloc(groups,
3305 (size + 1) * sizeof(gid_t));
3306 if (groups == NULL) {
3307 NWRAP_LOG(NWRAP_LOG_ERROR,
3313 groups[size] = grp->gr_gid;
3319 nwrap_files_endgrent(b);
3321 NWRAP_LOG(NWRAP_LOG_DEBUG,
3322 "%s is member of %d groups",
3325 /* This really only works if uid_wrapper is loaded */
3326 rc = setgroups(size, groups);
3333 /* group functions */
3334 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
3340 (void) b; /* unused */
3342 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3344 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3348 for (i=0; i<nwrap_gr_global.num; i++) {
3349 if (strcmp(nwrap_gr_global.list[i].gr_name, name) == 0) {
3350 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] found", name);
3351 return &nwrap_gr_global.list[i];
3353 NWRAP_LOG(NWRAP_LOG_DEBUG,
3354 "group[%s] does not match [%s]",
3356 nwrap_gr_global.list[i].gr_name);
3359 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] not found", name);
3365 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
3366 const char *name, struct group *grdst,
3367 char *buf, size_t buflen, struct group **grdstp)
3371 gr = nwrap_files_getgrnam(b, name);
3379 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3382 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
3388 (void) b; /* unused */
3390 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3392 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3396 for (i=0; i<nwrap_gr_global.num; i++) {
3397 if (nwrap_gr_global.list[i].gr_gid == gid) {
3398 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] found", gid);
3399 return &nwrap_gr_global.list[i];
3401 NWRAP_LOG(NWRAP_LOG_DEBUG,
3402 "gid[%u] does not match [%u]",
3404 nwrap_gr_global.list[i].gr_gid);
3407 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] not found", gid);
3413 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
3414 gid_t gid, struct group *grdst,
3415 char *buf, size_t buflen, struct group **grdstp)
3419 gr = nwrap_files_getgrgid(b, gid);
3427 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3430 /* group enum functions */
3431 static void nwrap_files_setgrent(struct nwrap_backend *b)
3433 (void) b; /* unused */
3435 nwrap_gr_global.idx = 0;
3438 static struct group *nwrap_files_getgrent(struct nwrap_backend *b)
3442 (void) b; /* unused */
3444 if (nwrap_gr_global.idx == 0) {
3447 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3449 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3454 if (nwrap_gr_global.idx >= nwrap_gr_global.num) {
3459 gr = &nwrap_gr_global.list[nwrap_gr_global.idx++];
3461 NWRAP_LOG(NWRAP_LOG_DEBUG,
3462 "return group[%s] gid[%u]",
3463 gr->gr_name, gr->gr_gid);
3468 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
3469 struct group *grdst, char *buf,
3470 size_t buflen, struct group **grdstp)
3474 gr = nwrap_files_getgrent(b);
3482 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3485 static void nwrap_files_endgrent(struct nwrap_backend *b)
3487 (void) b; /* unused */
3489 nwrap_gr_global.idx = 0;
3492 /* hosts functions */
3493 static int nwrap_files_gethostbyname(const char *name, int af,
3494 struct hostent *result,
3495 struct nwrap_vector *addr_list)
3497 struct nwrap_entlist *el;
3502 char canon_name[DNS_NAME_MAX] = { 0 };
3504 bool he_found = false;
3507 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3509 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3513 name_len = strlen(name);
3514 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
3515 memcpy(canon_name, name, name_len - 1);
3516 canon_name[name_len] = '\0';
3520 if (!str_tolower_copy(&h_name_lower, name)) {
3521 NWRAP_LOG(NWRAP_LOG_DEBUG,
3522 "Out of memory while converting to lower case");
3526 /* Look at hash table for element */
3527 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3528 e.key = h_name_lower;
3530 e_p = hsearch(e, FIND);
3532 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3533 SAFE_FREE(h_name_lower);
3536 SAFE_FREE(h_name_lower);
3538 /* Always cleanup vector and results */
3539 if (!nwrap_vector_is_initialized(addr_list)) {
3540 if (!nwrap_vector_init(addr_list)) {
3541 NWRAP_LOG(NWRAP_LOG_DEBUG,
3542 "Unable to initialize memory for addr_list vector");
3546 /* When vector is initialized data are valid no more.
3547 * Quick way how to free vector is: */
3548 addr_list->count = 0;
3551 /* Iterate through results */
3552 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3556 /* Filter by address familiy if provided */
3557 if (af != AF_UNSPEC && he->h_addrtype != af) {
3563 * glibc doesn't return ipv6 addresses when AF_UNSPEC is used
3565 if (af == AF_UNSPEC && he->h_addrtype != AF_INET) {
3570 memcpy(result, he, sizeof(struct hostent));
3571 NWRAP_LOG(NWRAP_LOG_DEBUG,
3572 "Name found. Returning record for %s",
3576 nwrap_vector_merge(addr_list, &el->ed->nwrap_addrdata);
3577 result->h_addr_list = nwrap_vector_head(addr_list);
3583 NWRAP_LOG(NWRAP_LOG_DEBUG,
3584 "Name found in database. No records matches type.");
3591 #ifdef HAVE_GETHOSTBYNAME_R
3592 static int nwrap_gethostbyname_r(const char *name,
3593 struct hostent *ret,
3594 char *buf, size_t buflen,
3595 struct hostent **result, int *h_errnop)
3597 struct nwrap_vector *addr_list = malloc(sizeof(struct nwrap_vector));
3604 if (addr_list == NULL) {
3605 NWRAP_LOG(NWRAP_LOG_ERROR,
3606 "Unable to allocate memory for address list");
3611 ZERO_STRUCTP(addr_list);
3613 rc = nwrap_files_gethostbyname(name, AF_UNSPEC, ret, addr_list);
3615 *h_errnop = h_errno;
3616 if (addr_list->items != NULL) {
3617 free(addr_list->items);
3619 SAFE_FREE(addr_list);
3624 if (buflen < (addr_list->count * sizeof(void *))) {
3625 SAFE_FREE(addr_list->items);
3626 SAFE_FREE(addr_list);
3630 /* Copy all to user provided buffer and change
3631 * pointers in returned structure.
3632 * +1 is for ending NULL pointer. */
3633 memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *));
3635 free(addr_list->items);
3639 ret->h_addr_list = g.list;
3644 int gethostbyname_r(const char *name,
3645 struct hostent *ret,
3646 char *buf, size_t buflen,
3647 struct hostent **result, int *h_errnop)
3649 if (!nss_wrapper_hosts_enabled()) {
3650 return libc_gethostbyname_r(name,
3658 return nwrap_gethostbyname_r(name, ret, buf, buflen, result, h_errnop);
3662 static int nwrap_files_getaddrinfo(const char *name,
3663 unsigned short port,
3664 const struct addrinfo *hints,
3665 struct addrinfo **ai)
3667 struct nwrap_entlist *el;
3669 struct addrinfo *ai_head = NULL;
3670 struct addrinfo *ai_cur = NULL;
3673 char canon_name[DNS_NAME_MAX] = { 0 };
3674 bool skip_canonname = false;
3682 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3684 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3688 name_len = strlen(name);
3689 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
3690 memcpy(canon_name, name, name_len - 1);
3691 canon_name[name_len] = '\0';
3695 if (!str_tolower_copy(&h_name_lower, name)) {
3696 NWRAP_LOG(NWRAP_LOG_DEBUG,
3697 "Out of memory while converting to lower case");
3701 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3702 e.key = h_name_lower;
3704 e_p = hsearch(e, FIND);
3706 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3707 SAFE_FREE(h_name_lower);
3711 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name: %s found.", h_name_lower);
3712 SAFE_FREE(h_name_lower);
3715 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3718 struct addrinfo *ai_new = NULL;
3722 if (hints->ai_family != AF_UNSPEC &&
3723 he->h_addrtype != hints->ai_family)
3725 NWRAP_LOG(NWRAP_LOG_DEBUG,
3726 "Entry found but with wrong AF - "
3727 "remembering EAI_ADDRINFO.");
3728 rc = EAI_ADDRFAMILY;
3732 /* Function allocates memory and returns it in ai. */
3733 rc2 = nwrap_convert_he_ai(he,
3739 NWRAP_LOG(NWRAP_LOG_ERROR, "Error converting he to ai");
3740 if (ai_head != NULL) {
3741 freeaddrinfo(ai_head);
3745 skip_canonname = true;
3747 if (ai_head == NULL) {
3750 if (ai_cur != NULL) {
3751 ai_cur->ai_next = ai_new;
3756 if (ai_head != NULL) {
3765 static struct hostent *nwrap_files_gethostbyaddr(const void *addr,
3766 socklen_t len, int type)
3769 char ip[NWRAP_INET_ADDRSTRLEN] = {0};
3770 struct nwrap_entdata *ed;
3775 (void) len; /* unused */
3777 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3779 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3783 a = inet_ntop(type, addr, ip, sizeof(ip));
3789 nwrap_vector_foreach(ed, nwrap_he_global.entries, i)
3792 if (he->h_addrtype != type) {
3796 if (memcmp(addr, he->h_addr_list[0], he->h_length) == 0) {
3805 #ifdef HAVE_GETHOSTBYADDR_R
3806 static int nwrap_gethostbyaddr_r(const void *addr, socklen_t len, int type,
3807 struct hostent *ret,
3808 char *buf, size_t buflen,
3809 struct hostent **result, int *h_errnop)
3811 *result = nwrap_files_gethostbyaddr(addr, len, type);
3812 if (*result != NULL) {
3813 memset(buf, '\0', buflen);
3817 *h_errnop = h_errno;
3822 int gethostbyaddr_r(const void *addr, socklen_t len, int type,
3823 struct hostent *ret,
3824 char *buf, size_t buflen,
3825 struct hostent **result, int *h_errnop)
3827 if (!nss_wrapper_hosts_enabled()) {
3828 return libc_gethostbyaddr_r(addr,
3838 return nwrap_gethostbyaddr_r(addr, len, type, ret, buf, buflen, result, h_errnop);
3842 /* hosts enum functions */
3843 static void nwrap_files_sethostent(void)
3845 nwrap_he_global.idx = 0;
3848 static struct hostent *nwrap_files_gethostent(void)
3852 if (nwrap_he_global.idx == 0) {
3855 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3857 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading hosts file");
3862 if (nwrap_he_global.idx >= nwrap_he_global.num) {
3867 he = &((struct nwrap_entdata *)nwrap_he_global.entries.items[nwrap_he_global.idx++])->ht;
3869 NWRAP_LOG(NWRAP_LOG_DEBUG, "return hosts[%s]", he->h_name);
3874 static void nwrap_files_endhostent(void)
3876 nwrap_he_global.idx = 0;
3884 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
3887 static struct passwd pwd;
3888 static char buf[1000];
3891 if (!b->fns->_nss_getpwnam_r) {
3895 status = b->fns->_nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &errno);
3896 if (status == NSS_STATUS_NOTFOUND) {
3899 if (status != NSS_STATUS_SUCCESS) {
3906 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
3907 const char *name, struct passwd *pwdst,
3908 char *buf, size_t buflen, struct passwd **pwdstp)
3914 if (!b->fns->_nss_getpwnam_r) {
3915 return NSS_STATUS_NOTFOUND;
3918 ret = b->fns->_nss_getpwnam_r(name, pwdst, buf, buflen, &errno);
3920 case NSS_STATUS_SUCCESS:
3923 case NSS_STATUS_NOTFOUND:
3928 case NSS_STATUS_TRYAGAIN:
3941 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
3944 static struct passwd pwd;
3945 static char buf[1000];
3948 if (!b->fns->_nss_getpwuid_r) {
3952 status = b->fns->_nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &errno);
3953 if (status == NSS_STATUS_NOTFOUND) {
3956 if (status != NSS_STATUS_SUCCESS) {
3962 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
3963 uid_t uid, struct passwd *pwdst,
3964 char *buf, size_t buflen, struct passwd **pwdstp)
3970 if (!b->fns->_nss_getpwuid_r) {
3974 ret = b->fns->_nss_getpwuid_r(uid, pwdst, buf, buflen, &errno);
3976 case NSS_STATUS_SUCCESS:
3979 case NSS_STATUS_NOTFOUND:
3984 case NSS_STATUS_TRYAGAIN:
3997 static void nwrap_module_setpwent(struct nwrap_backend *b)
3999 if (!b->fns->_nss_setpwent) {
4003 b->fns->_nss_setpwent();
4006 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b)
4008 static struct passwd pwd;
4009 static char buf[1000];
4012 if (!b->fns->_nss_getpwent_r) {
4016 status = b->fns->_nss_getpwent_r(&pwd, buf, sizeof(buf), &errno);
4017 if (status == NSS_STATUS_NOTFOUND) {
4020 if (status != NSS_STATUS_SUCCESS) {
4026 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
4027 struct passwd *pwdst, char *buf,
4028 size_t buflen, struct passwd **pwdstp)
4034 if (!b->fns->_nss_getpwent_r) {
4038 ret = b->fns->_nss_getpwent_r(pwdst, buf, buflen, &errno);
4040 case NSS_STATUS_SUCCESS:
4043 case NSS_STATUS_NOTFOUND:
4048 case NSS_STATUS_TRYAGAIN:
4061 static void nwrap_module_endpwent(struct nwrap_backend *b)
4063 if (!b->fns->_nss_endpwent) {
4067 b->fns->_nss_endpwent();
4070 static int nwrap_module_initgroups(struct nwrap_backend *b,
4071 const char *user, gid_t group)
4077 if (!b->fns->_nss_initgroups) {
4078 return NSS_STATUS_UNAVAIL;
4081 return b->fns->_nss_initgroups(user, group, &start, &size, &groups, 0, &errno);
4084 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
4087 static struct group grp;
4089 static int buflen = 1000;
4092 if (!b->fns->_nss_getgrnam_r) {
4097 buf = (char *)malloc(buflen);
4100 status = b->fns->_nss_getgrnam_r(name, &grp, buf, buflen, &errno);
4101 if (status == NSS_STATUS_TRYAGAIN) {
4103 buf = (char *)realloc(buf, buflen);
4109 if (status == NSS_STATUS_NOTFOUND) {
4113 if (status != NSS_STATUS_SUCCESS) {
4120 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
4121 const char *name, struct group *grdst,
4122 char *buf, size_t buflen, struct group **grdstp)
4128 if (!b->fns->_nss_getgrnam_r) {
4132 ret = b->fns->_nss_getgrnam_r(name, grdst, buf, buflen, &errno);
4134 case NSS_STATUS_SUCCESS:
4137 case NSS_STATUS_NOTFOUND:
4142 case NSS_STATUS_TRYAGAIN:
4155 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
4158 static struct group grp;
4160 static int buflen = 1000;
4163 if (!b->fns->_nss_getgrgid_r) {
4168 buf = (char *)malloc(buflen);
4172 status = b->fns->_nss_getgrgid_r(gid, &grp, buf, buflen, &errno);
4173 if (status == NSS_STATUS_TRYAGAIN) {
4175 buf = (char *)realloc(buf, buflen);
4181 if (status == NSS_STATUS_NOTFOUND) {
4185 if (status != NSS_STATUS_SUCCESS) {
4192 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
4193 gid_t gid, struct group *grdst,
4194 char *buf, size_t buflen, struct group **grdstp)
4200 if (!b->fns->_nss_getgrgid_r) {
4204 ret = b->fns->_nss_getgrgid_r(gid, grdst, buf, buflen, &errno);
4206 case NSS_STATUS_SUCCESS:
4209 case NSS_STATUS_NOTFOUND:
4214 case NSS_STATUS_TRYAGAIN:
4227 static void nwrap_module_setgrent(struct nwrap_backend *b)
4229 if (!b->fns->_nss_setgrent) {
4233 b->fns->_nss_setgrent();
4236 static struct group *nwrap_module_getgrent(struct nwrap_backend *b)
4238 static struct group grp;
4240 static int buflen = 1024;
4243 if (!b->fns->_nss_getgrent_r) {
4248 buf = (char *)malloc(buflen);
4252 status = b->fns->_nss_getgrent_r(&grp, buf, buflen, &errno);
4253 if (status == NSS_STATUS_TRYAGAIN) {
4255 buf = (char *)realloc(buf, buflen);
4261 if (status == NSS_STATUS_NOTFOUND) {
4265 if (status != NSS_STATUS_SUCCESS) {
4272 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
4273 struct group *grdst, char *buf,
4274 size_t buflen, struct group **grdstp)
4280 if (!b->fns->_nss_getgrent_r) {
4284 ret = b->fns->_nss_getgrent_r(grdst, buf, buflen, &errno);
4286 case NSS_STATUS_SUCCESS:
4289 case NSS_STATUS_NOTFOUND:
4294 case NSS_STATUS_TRYAGAIN:
4307 static void nwrap_module_endgrent(struct nwrap_backend *b)
4309 if (!b->fns->_nss_endgrent) {
4313 b->fns->_nss_endgrent();
4316 /****************************************************************************
4318 ***************************************************************************/
4320 static struct passwd *nwrap_getpwnam(const char *name)
4325 for (i=0; i < nwrap_main_global->num_backends; i++) {
4326 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4327 pwd = b->ops->nw_getpwnam(b, name);
4336 struct passwd *getpwnam(const char *name)
4338 if (!nss_wrapper_enabled()) {
4339 return libc_getpwnam(name);
4342 return nwrap_getpwnam(name);
4345 /****************************************************************************
4347 ***************************************************************************/
4349 static int nwrap_getpwnam_r(const char *name, struct passwd *pwdst,
4350 char *buf, size_t buflen, struct passwd **pwdstp)
4354 for (i=0; i < nwrap_main_global->num_backends; i++) {
4355 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4356 ret = b->ops->nw_getpwnam_r(b, name, pwdst, buf, buflen, pwdstp);
4357 if (ret == ENOENT) {
4366 #ifdef HAVE_GETPWNAM_R
4367 # ifdef HAVE_SOLARIS_GETPWNAM_R
4368 int getpwnam_r(const char *name, struct passwd *pwdst,
4369 char *buf, int buflen, struct passwd **pwdstp)
4370 # else /* HAVE_SOLARIS_GETPWNAM_R */
4371 int getpwnam_r(const char *name, struct passwd *pwdst,
4372 char *buf, size_t buflen, struct passwd **pwdstp)
4373 # endif /* HAVE_SOLARIS_GETPWNAM_R */
4375 if (!nss_wrapper_enabled()) {
4376 return libc_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
4379 return nwrap_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
4383 /****************************************************************************
4385 ***************************************************************************/
4387 static struct passwd *nwrap_getpwuid(uid_t uid)
4392 for (i=0; i < nwrap_main_global->num_backends; i++) {
4393 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4394 pwd = b->ops->nw_getpwuid(b, uid);
4403 struct passwd *getpwuid(uid_t uid)
4405 if (!nss_wrapper_enabled()) {
4406 return libc_getpwuid(uid);
4409 return nwrap_getpwuid(uid);
4412 /****************************************************************************
4414 ***************************************************************************/
4416 static int nwrap_getpwuid_r(uid_t uid, struct passwd *pwdst,
4417 char *buf, size_t buflen, struct passwd **pwdstp)
4421 for (i=0; i < nwrap_main_global->num_backends; i++) {
4422 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4423 ret = b->ops->nw_getpwuid_r(b, uid, pwdst, buf, buflen, pwdstp);
4424 if (ret == ENOENT) {
4433 #ifdef HAVE_SOLARIS_GETPWUID_R
4434 int getpwuid_r(uid_t uid, struct passwd *pwdst,
4435 char *buf, int buflen, struct passwd **pwdstp)
4437 int getpwuid_r(uid_t uid, struct passwd *pwdst,
4438 char *buf, size_t buflen, struct passwd **pwdstp)
4441 if (!nss_wrapper_enabled()) {
4442 return libc_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
4445 return nwrap_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
4448 /****************************************************************************
4450 ***************************************************************************/
4452 static void nwrap_setpwent(void)
4456 for (i=0; i < nwrap_main_global->num_backends; i++) {
4457 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4458 b->ops->nw_setpwent(b);
4464 if (!nss_wrapper_enabled()) {
4472 /****************************************************************************
4474 ***************************************************************************/
4476 static struct passwd *nwrap_getpwent(void)
4481 for (i=0; i < nwrap_main_global->num_backends; i++) {
4482 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4483 pwd = b->ops->nw_getpwent(b);
4492 struct passwd *getpwent(void)
4494 if (!nss_wrapper_enabled()) {
4495 return libc_getpwent();
4498 return nwrap_getpwent();
4501 /****************************************************************************
4503 ***************************************************************************/
4505 #ifdef HAVE_GETPWENT_R
4506 static int nwrap_getpwent_r(struct passwd *pwdst, char *buf,
4507 size_t buflen, struct passwd **pwdstp)
4511 for (i=0; i < nwrap_main_global->num_backends; i++) {
4512 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4513 ret = b->ops->nw_getpwent_r(b, pwdst, buf, buflen, pwdstp);
4514 if (ret == ENOENT) {
4523 # ifdef HAVE_SOLARIS_GETPWENT_R
4524 struct passwd *getpwent_r(struct passwd *pwdst, char *buf, int buflen)
4526 struct passwd *pwdstp = NULL;
4529 if (!nss_wrapper_enabled()) {
4530 return libc_getpwent_r(pwdst, buf, buflen);
4532 rc = nwrap_getpwent_r(pwdst, buf, buflen, &pwdstp);
4539 # else /* HAVE_SOLARIS_GETPWENT_R */
4540 int getpwent_r(struct passwd *pwdst, char *buf,
4541 size_t buflen, struct passwd **pwdstp)
4543 if (!nss_wrapper_enabled()) {
4544 return libc_getpwent_r(pwdst, buf, buflen, pwdstp);
4547 return nwrap_getpwent_r(pwdst, buf, buflen, pwdstp);
4549 # endif /* HAVE_SOLARIS_GETPWENT_R */
4550 #endif /* HAVE_GETPWENT_R */
4552 /****************************************************************************
4554 ***************************************************************************/
4556 static void nwrap_endpwent(void)
4560 for (i=0; i < nwrap_main_global->num_backends; i++) {
4561 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4562 b->ops->nw_endpwent(b);
4568 if (!nss_wrapper_enabled()) {
4576 /****************************************************************************
4578 ***************************************************************************/
4580 static int nwrap_initgroups(const char *user, gid_t group)
4584 for (i=0; i < nwrap_main_global->num_backends; i++) {
4585 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4588 rc = b->ops->nw_initgroups(b, user, group);
4598 int initgroups(const char *user, gid_t group)
4600 if (!nss_wrapper_enabled()) {
4601 return libc_initgroups(user, group);
4604 return nwrap_initgroups(user, group);
4607 /****************************************************************************
4609 ***************************************************************************/
4611 static struct group *nwrap_getgrnam(const char *name)
4616 for (i=0; i < nwrap_main_global->num_backends; i++) {
4617 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4618 grp = b->ops->nw_getgrnam(b, name);
4627 struct group *getgrnam(const char *name)
4629 if (!nss_wrapper_enabled()) {
4630 return libc_getgrnam(name);
4633 return nwrap_getgrnam(name);
4636 /****************************************************************************
4638 ***************************************************************************/
4640 static int nwrap_getgrnam_r(const char *name, struct group *grdst,
4641 char *buf, size_t buflen, struct group **grdstp)
4645 for (i=0; i < nwrap_main_global->num_backends; i++) {
4646 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4647 ret = b->ops->nw_getgrnam_r(b, name, grdst, buf, buflen, grdstp);
4648 if (ret == ENOENT) {
4657 #ifdef HAVE_GETGRNAM_R
4658 # ifdef HAVE_SOLARIS_GETGRNAM_R
4659 int getgrnam_r(const char *name, struct group *grp,
4660 char *buf, int buflen, struct group **pgrp)
4661 # else /* HAVE_SOLARIS_GETGRNAM_R */
4662 int getgrnam_r(const char *name, struct group *grp,
4663 char *buf, size_t buflen, struct group **pgrp)
4664 # endif /* HAVE_SOLARIS_GETGRNAM_R */
4666 if (!nss_wrapper_enabled()) {
4667 return libc_getgrnam_r(name,
4674 return nwrap_getgrnam_r(name, grp, buf, buflen, pgrp);
4676 #endif /* HAVE_GETGRNAM_R */
4678 /****************************************************************************
4680 ***************************************************************************/
4682 static struct group *nwrap_getgrgid(gid_t gid)
4687 for (i=0; i < nwrap_main_global->num_backends; i++) {
4688 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4689 grp = b->ops->nw_getgrgid(b, gid);
4698 struct group *getgrgid(gid_t gid)
4700 if (!nss_wrapper_enabled()) {
4701 return libc_getgrgid(gid);
4704 return nwrap_getgrgid(gid);
4707 /****************************************************************************
4709 ***************************************************************************/
4711 static int nwrap_getgrgid_r(gid_t gid, struct group *grdst,
4712 char *buf, size_t buflen, struct group **grdstp)
4716 for (i=0; i < nwrap_main_global->num_backends; i++) {
4717 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4718 ret = b->ops->nw_getgrgid_r(b, gid, grdst, buf, buflen, grdstp);
4719 if (ret == ENOENT) {
4728 #ifdef HAVE_GETGRGID_R
4729 # ifdef HAVE_SOLARIS_GETGRGID_R
4730 int getgrgid_r(gid_t gid, struct group *grdst,
4731 char *buf, int buflen, struct group **grdstp)
4732 # else /* HAVE_SOLARIS_GETGRGID_R */
4733 int getgrgid_r(gid_t gid, struct group *grdst,
4734 char *buf, size_t buflen, struct group **grdstp)
4735 # endif /* HAVE_SOLARIS_GETGRGID_R */
4737 if (!nss_wrapper_enabled()) {
4738 return libc_getgrgid_r(gid, grdst, buf, buflen, grdstp);
4741 return nwrap_getgrgid_r(gid, grdst, buf, buflen, grdstp);
4745 /****************************************************************************
4747 ***************************************************************************/
4749 static void nwrap_setgrent(void)
4753 for (i=0; i < nwrap_main_global->num_backends; i++) {
4754 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4755 b->ops->nw_setgrent(b);
4759 #ifdef HAVE_BSD_SETGRENT
4765 if (!nss_wrapper_enabled()) {
4773 #ifdef HAVE_BSD_SETGRENT
4780 /****************************************************************************
4782 ***************************************************************************/
4784 static struct group *nwrap_getgrent(void)
4789 for (i=0; i < nwrap_main_global->num_backends; i++) {
4790 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4791 grp = b->ops->nw_getgrent(b);
4800 struct group *getgrent(void)
4802 if (!nss_wrapper_enabled()) {
4803 return libc_getgrent();
4806 return nwrap_getgrent();
4809 /****************************************************************************
4811 ***************************************************************************/
4813 #ifdef HAVE_GETGRENT_R
4814 static int nwrap_getgrent_r(struct group *grdst, char *buf,
4815 size_t buflen, struct group **grdstp)
4819 for (i=0; i < nwrap_main_global->num_backends; i++) {
4820 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4821 ret = b->ops->nw_getgrent_r(b, grdst, buf, buflen, grdstp);
4822 if (ret == ENOENT) {
4831 # ifdef HAVE_SOLARIS_GETGRENT_R
4832 struct group *getgrent_r(struct group *src, char *buf, int buflen)
4834 struct group *grdstp = NULL;
4837 if (!nss_wrapper_enabled()) {
4838 return libc_getgrent_r(src, buf, buflen);
4841 rc = nwrap_getgrent_r(src, buf, buflen, &grdstp);
4848 # else /* HAVE_SOLARIS_GETGRENT_R */
4849 int getgrent_r(struct group *src, char *buf,
4850 size_t buflen, struct group **grdstp)
4852 if (!nss_wrapper_enabled()) {
4853 return libc_getgrent_r(src, buf, buflen, grdstp);
4856 return nwrap_getgrent_r(src, buf, buflen, grdstp);
4858 # endif /* HAVE_SOLARIS_GETGRENT_R */
4859 #endif /* HAVE_GETGRENT_R */
4861 /****************************************************************************
4863 ***************************************************************************/
4865 static void nwrap_endgrent(void)
4869 for (i=0; i < nwrap_main_global->num_backends; i++) {
4870 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4871 b->ops->nw_endgrent(b);
4877 if (!nss_wrapper_enabled()) {
4885 /****************************************************************************
4887 ***************************************************************************/
4889 #ifdef HAVE_GETGROUPLIST
4890 static int nwrap_getgrouplist(const char *user, gid_t group,
4891 gid_t *groups, int *ngroups)
4897 NWRAP_LOG(NWRAP_LOG_DEBUG, "getgrouplist called for %s", user);
4899 groups_tmp = (gid_t *)malloc(count * sizeof(gid_t));
4901 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
4905 groups_tmp[0] = group;
4908 while ((grp = nwrap_getgrent()) != NULL) {
4911 NWRAP_LOG(NWRAP_LOG_DEBUG,
4912 "Inspecting %s for group membership",
4915 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
4917 if (group != grp->gr_gid &&
4918 (strcmp(user, grp->gr_mem[i]) == 0)) {
4920 NWRAP_LOG(NWRAP_LOG_DEBUG,
4921 "%s is member of %s",
4925 groups_tmp = (gid_t *)realloc(groups_tmp, (count + 1) * sizeof(gid_t));
4927 NWRAP_LOG(NWRAP_LOG_ERROR,
4932 groups_tmp[count] = grp->gr_gid;
4941 NWRAP_LOG(NWRAP_LOG_DEBUG,
4942 "%s is member of %d groups",
4945 if (*ngroups < count) {
4952 memcpy(groups, groups_tmp, count * sizeof(gid_t));
4958 int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups)
4960 if (!nss_wrapper_enabled()) {
4961 return libc_getgrouplist(user, group, groups, ngroups);
4964 return nwrap_getgrouplist(user, group, groups, ngroups);
4968 /**********************************************************
4970 **********************************************************/
4972 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
4974 #ifdef HAVE_SETSPENT
4975 static void nwrap_setspent(void)
4977 nwrap_files_setspent();
4982 if (!nss_wrapper_shadow_enabled()) {
4989 static struct spwd *nwrap_getspent(void)
4991 return nwrap_files_getspent();
4994 struct spwd *getspent(void)
4996 if (!nss_wrapper_shadow_enabled()) {
5000 return nwrap_getspent();
5003 static void nwrap_endspent(void)
5005 nwrap_files_endspent();
5010 if (!nss_wrapper_shadow_enabled()) {
5016 #endif /* HAVE_SETSPENT */
5018 static struct spwd *nwrap_getspnam(const char *name)
5020 return nwrap_files_getspnam(name);
5023 struct spwd *getspnam(const char *name)
5025 if (!nss_wrapper_shadow_enabled()) {
5029 return nwrap_getspnam(name);
5032 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
5034 /**********************************************************
5036 **********************************************************/
5038 static void nwrap_sethostent(int stayopen) {
5039 (void) stayopen; /* ignored */
5041 nwrap_files_sethostent();
5044 #ifdef HAVE_SOLARIS_SETHOSTENT
5045 int sethostent(int stayopen)
5047 if (!nss_wrapper_hosts_enabled()) {
5048 libc_sethostent(stayopen);
5052 nwrap_sethostent(stayopen);
5056 #else /* HAVE_SOLARIS_SETHOSTENT */
5057 void sethostent(int stayopen)
5059 if (!nss_wrapper_hosts_enabled()) {
5060 libc_sethostent(stayopen);
5064 nwrap_sethostent(stayopen);
5066 #endif /* HAVE_SOLARIS_SETHOSTENT */
5068 static struct hostent *nwrap_gethostent(void)
5070 return nwrap_files_gethostent();
5073 struct hostent *gethostent(void) {
5074 if (!nss_wrapper_hosts_enabled()) {
5075 return libc_gethostent();
5078 return nwrap_gethostent();
5081 static void nwrap_endhostent(void) {
5082 nwrap_files_endhostent();
5085 #ifdef HAVE_SOLARIS_ENDHOSTENT
5086 int endhostent(void)
5088 if (!nss_wrapper_hosts_enabled()) {
5097 #else /* HAVE_SOLARIS_ENDHOSTENT */
5098 void endhostent(void)
5100 if (!nss_wrapper_hosts_enabled()) {
5107 #endif /* HAVE_SOLARIS_ENDHOSTENT */
5110 /* BSD implementation stores data in thread local storage but GLIBC does not */
5111 static __thread struct hostent user_he;
5112 static __thread struct nwrap_vector user_addrlist;
5114 static struct hostent user_he;
5115 static struct nwrap_vector user_addrlist;
5117 static struct hostent *nwrap_gethostbyname(const char *name)
5119 if (nwrap_files_gethostbyname(name, AF_UNSPEC, &user_he, &user_addrlist) == -1) {
5125 struct hostent *gethostbyname(const char *name)
5127 if (!nss_wrapper_hosts_enabled()) {
5128 return libc_gethostbyname(name);
5131 return nwrap_gethostbyname(name);
5134 /* This is a GNU extension - Also can be found on BSD systems */
5135 #ifdef HAVE_GETHOSTBYNAME2
5137 /* BSD implementation stores data in thread local storage but GLIBC not */
5138 static __thread struct hostent user_he2;
5139 static __thread struct nwrap_vector user_addrlist2;
5141 static struct hostent user_he2;
5142 static struct nwrap_vector user_addrlist2;
5144 static struct hostent *nwrap_gethostbyname2(const char *name, int af)
5146 if (nwrap_files_gethostbyname(name, af, &user_he2, &user_addrlist2) == -1) {
5152 struct hostent *gethostbyname2(const char *name, int af)
5154 if (!nss_wrapper_hosts_enabled()) {
5155 return libc_gethostbyname2(name, af);
5158 return nwrap_gethostbyname2(name, af);
5162 static struct hostent *nwrap_gethostbyaddr(const void *addr,
5163 socklen_t len, int type)
5165 return nwrap_files_gethostbyaddr(addr, len, type);
5168 struct hostent *gethostbyaddr(const void *addr,
5169 socklen_t len, int type)
5171 if (!nss_wrapper_hosts_enabled()) {
5172 return libc_gethostbyaddr(addr, len, type);
5175 return nwrap_gethostbyaddr(addr, len, type);
5178 static const struct addrinfo default_hints =
5180 .ai_flags = AI_ADDRCONFIG|AI_V4MAPPED,
5181 .ai_family = AF_UNSPEC,
5186 .ai_canonname = NULL,
5190 static int nwrap_convert_he_ai(const struct hostent *he,
5191 unsigned short port,
5192 const struct addrinfo *hints,
5193 struct addrinfo **pai,
5194 bool skip_canonname)
5196 struct addrinfo *ai;
5203 switch (he->h_addrtype) {
5205 socklen = sizeof(struct sockaddr_in);
5209 socklen = sizeof(struct sockaddr_in6);
5216 ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + socklen);
5221 ai->ai_flags = hints->ai_flags;
5222 ai->ai_family = he->h_addrtype;
5223 ai->ai_socktype = hints->ai_socktype;
5224 ai->ai_protocol = hints->ai_protocol;
5225 ai->ai_canonname = NULL;
5227 if (ai->ai_socktype == 0) {
5228 ai->ai_socktype = SOCK_DGRAM;
5230 if (ai->ai_protocol == 0) {
5231 if (ai->ai_socktype == SOCK_DGRAM) {
5232 ai->ai_protocol = IPPROTO_UDP;
5233 } else if (ai->ai_socktype == SOCK_STREAM) {
5234 ai->ai_protocol = IPPROTO_TCP;
5238 ai->ai_addrlen = socklen;
5239 ai->ai_addr = (void *)(ai + 1);
5241 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
5242 ai->ai_addr->sa_len = socklen;
5244 ai->ai_addr->sa_family = he->h_addrtype;
5246 switch (he->h_addrtype) {
5250 struct sockaddr *sa;
5251 struct sockaddr_in *in;
5254 addr.sa = ai->ai_addr;
5256 memset(addr.in, 0, sizeof(struct sockaddr_in));
5258 addr.in->sin_port = htons(port);
5259 addr.in->sin_family = AF_INET;
5261 memset(addr.in->sin_zero,
5263 sizeof (addr.in->sin_zero));
5264 memcpy(&(addr.in->sin_addr),
5274 struct sockaddr *sa;
5275 struct sockaddr_in6 *in6;
5278 addr.sa = ai->ai_addr;
5280 memset(addr.in6, 0, sizeof(struct sockaddr_in6));
5282 addr.in6->sin6_port = htons(port);
5283 addr.in6->sin6_family = AF_INET6;
5285 memcpy(&addr.in6->sin6_addr,
5295 if (he->h_name && !skip_canonname) {
5296 ai->ai_canonname = strdup(he->h_name);
5297 if (ai->ai_canonname == NULL) {
5307 static int nwrap_getaddrinfo(const char *node,
5308 const char *service,
5309 const struct addrinfo *hints,
5310 struct addrinfo **res)
5312 struct addrinfo *ai = NULL;
5313 unsigned short port = 0;
5323 .family = AF_UNSPEC,
5327 if (node == NULL && service == NULL) {
5331 if (hints == NULL) {
5332 hints = &default_hints;
5336 hints.ai_flags contains invalid flags; or, hints.ai_flags
5337 included AI_CANONNAME and name was NULL.
5339 if ((hints->ai_flags & AI_CANONNAME) && (node == NULL)) {
5340 return EAI_BADFLAGS;
5343 /* If no node has been specified, let glibc deal with it */
5346 struct addrinfo *p = NULL;
5348 ret = libc_getaddrinfo(node, service, hints, &p);
5356 if (service != NULL && service[0] != '\0') {
5357 const char *proto = NULL;
5363 sl = strtol(service, &end_ptr, 10);
5365 if (*end_ptr == '\0') {
5368 } else if (hints->ai_flags & AI_NUMERICSERV) {
5372 if (hints->ai_protocol != 0) {
5373 struct protoent *pent;
5375 pent = getprotobynumber(hints->ai_protocol);
5377 proto = pent->p_name;
5381 s = getservbyname(service, proto);
5385 port = ntohs(s->s_port);
5390 rc = inet_pton(AF_INET, node, &addr.in.v4);
5392 addr.family = AF_INET;
5395 if (addr.family == AF_UNSPEC) {
5396 rc = inet_pton(AF_INET6, node, &addr.in.v6);
5398 addr.family = AF_INET6;
5403 if (addr.family == AF_UNSPEC) {
5404 if (hints->ai_flags & AI_NUMERICHOST) {
5407 } else if ((hints->ai_family != AF_UNSPEC) &&
5408 (hints->ai_family != addr.family))
5410 return EAI_ADDRFAMILY;
5413 rc = nwrap_files_getaddrinfo(node, port, hints, &ai);
5416 struct addrinfo *p = NULL;
5418 ret = libc_getaddrinfo(node, service, hints, &p);
5422 * nwrap_files_getaddrinfo failed, but libc was
5423 * successful -- use the result from libc.
5433 * If the socktype was not specified, duplicate
5434 * each ai returned, so that we have variants for
5437 if (hints->ai_socktype == 0) {
5438 struct addrinfo *ai_cur;
5440 /* freeaddrinfo() frees ai_canonname and ai so allocate them */
5441 for (ai_cur = ai; ai_cur != NULL; ai_cur = ai_cur->ai_next) {
5442 struct addrinfo *ai_new;
5444 /* duplicate the current entry */
5446 ai_new = malloc(sizeof(struct addrinfo));
5447 if (ai_new == NULL) {
5452 memcpy(ai_new, ai_cur, sizeof(struct addrinfo));
5453 ai_new->ai_next = NULL;
5455 /* We need a deep copy or freeaddrinfo() will blow up */
5456 if (ai_cur->ai_canonname != NULL) {
5457 ai_new->ai_canonname =
5458 strdup(ai_cur->ai_canonname);
5461 if (ai_cur->ai_socktype == SOCK_DGRAM) {
5462 ai_new->ai_socktype = SOCK_STREAM;
5463 } else if (ai_cur->ai_socktype == SOCK_STREAM) {
5464 ai_new->ai_socktype = SOCK_DGRAM;
5466 if (ai_cur->ai_protocol == IPPROTO_TCP) {
5467 ai_new->ai_protocol = IPPROTO_UDP;
5468 } else if (ai_cur->ai_protocol == IPPROTO_UDP) {
5469 ai_new->ai_protocol = IPPROTO_TCP;
5472 /* now insert the new entry */
5474 ai_new->ai_next = ai_cur->ai_next;
5475 ai_cur->ai_next = ai_new;
5477 /* and move on (don't duplicate the new entry) */
5488 int getaddrinfo(const char *node, const char *service,
5489 const struct addrinfo *hints,
5490 struct addrinfo **res)
5492 if (!nss_wrapper_hosts_enabled()) {
5493 return libc_getaddrinfo(node, service, hints, res);
5496 return nwrap_getaddrinfo(node, service, hints, res);
5499 static int nwrap_getnameinfo(const struct sockaddr *sa, socklen_t salen,
5500 char *host, size_t hostlen,
5501 char *serv, size_t servlen,
5505 struct servent *service;
5512 if (sa == NULL || salen < sizeof(sa_family_t)) {
5516 if ((flags & NI_NAMEREQD) && host == NULL && serv == NULL) {
5520 type = sa->sa_family;
5524 const struct sockaddr *sa;
5525 const struct sockaddr_in *in;
5528 if (salen < sizeof(struct sockaddr_in)) {
5534 addr = &(a.in->sin_addr);
5535 addrlen = sizeof(a.in->sin_addr);
5536 port = ntohs(a.in->sin_port);
5542 const struct sockaddr *sa;
5543 const struct sockaddr_in6 *in6;
5546 if (salen < sizeof(struct sockaddr_in6)) {
5552 addr = &(a.in6->sin6_addr);
5553 addrlen = sizeof(a.in6->sin6_addr);
5554 port = ntohs(a.in6->sin6_port);
5564 if ((flags & NI_NUMERICHOST) == 0) {
5565 he = nwrap_files_gethostbyaddr(addr, addrlen, type);
5566 if ((flags & NI_NAMEREQD) && (he == NULL || he->h_name == NULL))
5569 if (he != NULL && he->h_name != NULL) {
5570 if (strlen(he->h_name) >= hostlen)
5571 return EAI_OVERFLOW;
5572 snprintf(host, hostlen, "%s", he->h_name);
5573 if (flags & NI_NOFQDN)
5574 host[strcspn(host, ".")] = '\0';
5576 if (inet_ntop(type, addr, host, hostlen) == NULL)
5577 return (errno == ENOSPC) ? EAI_OVERFLOW : EAI_FAIL;
5583 if ((flags & NI_NUMERICSERV) == 0) {
5584 proto = (flags & NI_DGRAM) ? "udp" : "tcp";
5585 service = getservbyport(htons(port), proto);
5587 if (service != NULL) {
5588 if (strlen(service->s_name) >= servlen)
5589 return EAI_OVERFLOW;
5590 snprintf(serv, servlen, "%s", service->s_name);
5592 if (snprintf(serv, servlen, "%u", port) >= (int) servlen)
5593 return EAI_OVERFLOW;
5600 #ifdef HAVE_LINUX_GETNAMEINFO
5601 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5602 char *host, socklen_t hostlen,
5603 char *serv, socklen_t servlen,
5605 #elif defined(HAVE_LINUX_GETNAMEINFO_UNSIGNED)
5606 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5607 char *host, socklen_t hostlen,
5608 char *serv, socklen_t servlen,
5611 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5612 char *host, size_t hostlen,
5613 char *serv, size_t servlen,
5617 if (!nss_wrapper_hosts_enabled()) {
5618 return libc_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
5621 return nwrap_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
5624 static int nwrap_gethostname(char *name, size_t len)
5626 const char *hostname = getenv("NSS_WRAPPER_HOSTNAME");
5628 if (strlen(hostname) >= len) {
5629 errno = ENAMETOOLONG;
5632 snprintf(name, len, "%s", hostname);
5637 #ifdef HAVE_SOLARIS_GETHOSTNAME
5638 int gethostname(char *name, int len)
5639 #else /* HAVE_SOLARIS_GETHOSTNAME */
5640 int gethostname(char *name, size_t len)
5641 #endif /* HAVE_SOLARIS_GETHOSTNAME */
5643 if (!nwrap_hostname_enabled()) {
5644 return libc_gethostname(name, len);
5647 return nwrap_gethostname(name, len);
5650 /****************************
5652 ***************************/
5653 void nwrap_constructor(void)
5656 * If we hold a lock and the application forks, then the child
5657 * is not able to unlock the mutex and we are in a deadlock.
5659 * Setting these handlers should prevent such deadlocks.
5661 pthread_atfork(&nwrap_thread_prepare,
5662 &nwrap_thread_parent,
5663 &nwrap_thread_child);
5665 /* Do not call nwrap_init() here. */
5668 /****************************
5670 ***************************/
5673 * This function is called when the library is unloaded and makes sure that
5674 * sockets get closed and the unix file for the socket are unlinked.
5676 void nwrap_destructor(void)
5681 if (nwrap_main_global != NULL) {
5682 struct nwrap_main *m = nwrap_main_global;
5685 if (m->libc != NULL) {
5686 SAFE_FREE(m->libc->fns);
5687 if (m->libc->handle != NULL) {
5688 dlclose(m->libc->handle);
5690 if (m->libc->nsl_handle != NULL) {
5691 dlclose(m->libc->nsl_handle);
5693 if (m->libc->sock_handle != NULL) {
5694 dlclose(m->libc->sock_handle);
5700 if (m->backends != NULL) {
5701 for (i = 0; i < m->num_backends; i++) {
5702 struct nwrap_backend *b = &(m->backends[i]);
5704 if (b->so_handle != NULL) {
5705 dlclose(b->so_handle);
5709 SAFE_FREE(m->backends);
5713 if (nwrap_pw_global.cache != NULL) {
5714 struct nwrap_cache *c = nwrap_pw_global.cache;
5716 nwrap_files_cache_unload(c);
5722 SAFE_FREE(nwrap_pw_global.list);
5723 nwrap_pw_global.num = 0;
5726 if (nwrap_gr_global.cache != NULL) {
5727 struct nwrap_cache *c = nwrap_gr_global.cache;
5729 nwrap_files_cache_unload(c);
5735 SAFE_FREE(nwrap_gr_global.list);
5736 nwrap_pw_global.num = 0;
5739 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
5740 if (nwrap_sp_global.cache != NULL) {
5741 struct nwrap_cache *c = nwrap_sp_global.cache;
5743 nwrap_files_cache_unload(c);
5749 nwrap_sp_global.num = 0;
5751 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
5753 if (nwrap_he_global.cache != NULL) {
5754 struct nwrap_cache *c = nwrap_he_global.cache;
5756 nwrap_files_cache_unload(c);
5762 nwrap_he_global.num = 0;
5765 free(user_addrlist.items);
5766 #ifdef HAVE_GETHOSTBYNAME2
5767 free(user_addrlist2.items);