4 * Copyright (c) 2007, Stefan Metzmacher <metze@samba.org>
5 * Copyright (c) 2009, Guenther Deschner <gd@samba.org>
6 * Copyright (c) 2014-2015, Michael Adam <obnox@samba.org>
7 * Copyright (c) 2015, Robin Hack <hack.robin@gmail.com>
8 * Copyright (c) 2013-2018, Andreas Schneider <asn@samba.org>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the author nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 #include <sys/types.h>
45 #include <sys/socket.h>
58 #include <netinet/in.h>
64 * Defining _POSIX_PTHREAD_SEMANTICS before including pwd.h and grp.h gives us
65 * the posix getpwnam_r(), getpwuid_r(), getgrnam_r and getgrgid_r calls on
68 #ifndef _POSIX_PTHREAD_SEMANTICS
69 #define _POSIX_PTHREAD_SEMANTICS
76 #endif /* HAVE_SHADOW_H */
79 #include <arpa/inet.h>
80 #include <netinet/in.h>
84 #if defined(HAVE_NSS_H)
88 typedef enum nss_status NSS_STATUS;
89 #elif defined(HAVE_NSS_COMMON_H)
91 #include <nss_common.h>
92 #include <nss_dbdefs.h>
95 typedef nss_status_t NSS_STATUS;
97 # define NSS_STATUS_SUCCESS NSS_SUCCESS
98 # define NSS_STATUS_NOTFOUND NSS_NOTFOUND
99 # define NSS_STATUS_UNAVAIL NSS_UNAVAIL
100 # define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
102 # error "No nsswitch support detected"
106 #define PTR_DIFF(p1, p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2)))
114 #define EAI_NODATA EAI_NONAME
117 #ifndef EAI_ADDRFAMILY
118 #define EAI_ADDRFAMILY EAI_FAMILY
122 #define __STRING(x) #x
125 #ifndef __STRINGSTRING
126 #define __STRINGSTRING(x) __STRING(x)
130 #define __LINESTR__ __STRINGSTRING(__LINE__)
134 #define __location__ __FILE__ ":" __LINESTR__
138 #define DNS_NAME_MAX 255
141 /* GCC have printf type attribute check. */
142 #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT
143 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
145 #define PRINTF_ATTRIBUTE(a,b)
146 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
148 #ifdef HAVE_CONSTRUCTOR_ATTRIBUTE
149 #define CONSTRUCTOR_ATTRIBUTE __attribute__ ((constructor))
151 #define CONSTRUCTOR_ATTRIBUTE
152 #endif /* HAVE_CONSTRUCTOR_ATTRIBUTE */
154 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
155 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
157 #define DESTRUCTOR_ATTRIBUTE
158 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
160 #define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
163 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
166 #ifndef discard_const
167 #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
170 #ifndef discard_const_p
171 #define discard_const_p(type, ptr) ((type *)discard_const(ptr))
175 #define NWRAP_INET_ADDRSTRLEN INET6_ADDRSTRLEN
177 #define NWRAP_INET_ADDRSTRLEN INET_ADDRSTRLEN
180 #define NWRAP_LOCK(m) do { \
181 pthread_mutex_lock(&( m ## _mutex)); \
184 #define NWRAP_UNLOCK(m) do { \
185 pthread_mutex_unlock(&( m ## _mutex)); \
189 static bool nwrap_initialized = false;
190 static pthread_mutex_t nwrap_initialized_mutex = PTHREAD_MUTEX_INITIALIZER;
192 /* The mutex or accessing the id */
193 static pthread_mutex_t nwrap_global_mutex = PTHREAD_MUTEX_INITIALIZER;
194 static pthread_mutex_t nwrap_gr_global_mutex = PTHREAD_MUTEX_INITIALIZER;
195 static pthread_mutex_t nwrap_he_global_mutex = PTHREAD_MUTEX_INITIALIZER;
196 static pthread_mutex_t nwrap_pw_global_mutex = PTHREAD_MUTEX_INITIALIZER;
197 static pthread_mutex_t nwrap_sp_global_mutex = PTHREAD_MUTEX_INITIALIZER;
199 /* Add new global locks here please */
200 /* Also don't forget to add locks to
201 * nwrap_init() function.
203 # define NWRAP_LOCK_ALL do { \
204 NWRAP_LOCK(nwrap_initialized); \
205 NWRAP_LOCK(nwrap_global); \
206 NWRAP_LOCK(nwrap_gr_global); \
207 NWRAP_LOCK(nwrap_he_global); \
208 NWRAP_LOCK(nwrap_pw_global); \
209 NWRAP_LOCK(nwrap_sp_global); \
212 # define NWRAP_UNLOCK_ALL do {\
213 NWRAP_UNLOCK(nwrap_sp_global); \
214 NWRAP_UNLOCK(nwrap_pw_global); \
215 NWRAP_UNLOCK(nwrap_he_global); \
216 NWRAP_UNLOCK(nwrap_gr_global); \
217 NWRAP_UNLOCK(nwrap_global); \
218 NWRAP_UNLOCK(nwrap_initialized); \
221 static void nwrap_init(void);
223 static void nwrap_thread_prepare(void)
229 static void nwrap_thread_parent(void)
234 static void nwrap_thread_child(void)
239 enum nwrap_dbglvl_e {
247 # define NWRAP_LOG(...)
250 static void nwrap_log(enum nwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
251 # define NWRAP_LOG(dbglvl, ...) nwrap_log((dbglvl), __func__, __VA_ARGS__)
253 static void nwrap_log(enum nwrap_dbglvl_e dbglvl,
255 const char *format, ...)
260 unsigned int lvl = 0;
263 d = getenv("NSS_WRAPPER_DEBUGLEVEL");
268 va_start(va, format);
269 vsnprintf(buffer, sizeof(buffer), format, va);
274 case NWRAP_LOG_ERROR:
276 "NWRAP_ERROR(%d) - %s: %s\n",
281 "NWRAP_WARN(%d) - %s: %s\n",
284 case NWRAP_LOG_DEBUG:
286 "NWRAP_DEBUG(%d) - %s: %s\n",
289 case NWRAP_LOG_TRACE:
291 "NWRAP_TRACE(%d) - %s: %s\n",
297 #endif /* NDEBUG NWRAP_LOG */
299 struct nwrap_libc_fns {
300 struct passwd *(*_libc_getpwnam)(const char *name);
301 int (*_libc_getpwnam_r)(const char *name, struct passwd *pwd,
302 char *buf, size_t buflen, struct passwd **result);
303 struct passwd *(*_libc_getpwuid)(uid_t uid);
304 int (*_libc_getpwuid_r)(uid_t uid, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result);
305 void (*_libc_setpwent)(void);
306 struct passwd *(*_libc_getpwent)(void);
307 #ifdef HAVE_GETPWENT_R
308 # ifdef HAVE_SOLARIS_GETPWENT_R
309 struct passwd *(*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen);
310 # else /* HAVE_SOLARIS_GETPWENT_R */
311 int (*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen, struct passwd **pwbufp);
312 # endif /* HAVE_SOLARIS_GETPWENT_R */
313 #endif /* HAVE_GETPWENT_R */
314 void (*_libc_endpwent)(void);
315 int (*_libc_initgroups)(const char *user, gid_t gid);
316 struct group *(*_libc_getgrnam)(const char *name);
317 int (*_libc_getgrnam_r)(const char *name, struct group *grp, char *buf, size_t buflen, struct group **result);
318 struct group *(*_libc_getgrgid)(gid_t gid);
319 int (*_libc_getgrgid_r)(gid_t gid, struct group *grp, char *buf, size_t buflen, struct group **result);
320 void (*_libc_setgrent)(void);
321 struct group *(*_libc_getgrent)(void);
322 #ifdef HAVE_GETGRENT_R
323 # ifdef HAVE_SOLARIS_GETGRENT_R
324 struct group *(*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen);
325 # else /* HAVE_SOLARIS_GETGRENT_R */
326 int (*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen, struct group **result);
327 # endif /* HAVE_SOLARIS_GETGRENT_R */
328 #endif /* HAVE_GETGRENT_R */
329 void (*_libc_endgrent)(void);
330 int (*_libc_getgrouplist)(const char *user, gid_t group, gid_t *groups, int *ngroups);
332 void (*_libc_sethostent)(int stayopen);
333 struct hostent *(*_libc_gethostent)(void);
334 void (*_libc_endhostent)(void);
336 struct hostent *(*_libc_gethostbyname)(const char *name);
337 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
338 struct hostent *(*_libc_gethostbyname2)(const char *name, int af);
340 struct hostent *(*_libc_gethostbyaddr)(const void *addr, socklen_t len, int type);
342 int (*_libc_getaddrinfo)(const char *node, const char *service,
343 const struct addrinfo *hints,
344 struct addrinfo **res);
345 int (*_libc_getnameinfo)(const struct sockaddr *sa, socklen_t salen,
346 char *host, size_t hostlen,
347 char *serv, size_t servlen,
349 int (*_libc_gethostname)(char *name, size_t len);
350 #ifdef HAVE_GETHOSTBYNAME_R
351 int (*_libc_gethostbyname_r)(const char *name,
353 char *buf, size_t buflen,
354 struct hostent **result, int *h_errnop);
356 #ifdef HAVE_GETHOSTBYADDR_R
357 int (*_libc_gethostbyaddr_r)(const void *addr, socklen_t len, int type,
359 char *buf, size_t buflen,
360 struct hostent **result, int *h_errnop);
364 struct nwrap_module_nss_fns {
365 NSS_STATUS (*_nss_getpwnam_r)(const char *name, struct passwd *result, char *buffer,
366 size_t buflen, int *errnop);
367 NSS_STATUS (*_nss_getpwuid_r)(uid_t uid, struct passwd *result, char *buffer,
368 size_t buflen, int *errnop);
369 NSS_STATUS (*_nss_setpwent)(void);
370 NSS_STATUS (*_nss_getpwent_r)(struct passwd *result, char *buffer,
371 size_t buflen, int *errnop);
372 NSS_STATUS (*_nss_endpwent)(void);
373 NSS_STATUS (*_nss_initgroups)(const char *user, gid_t group, long int *start,
374 long int *size, gid_t **groups, long int limit, int *errnop);
375 NSS_STATUS (*_nss_getgrnam_r)(const char *name, struct group *result, char *buffer,
376 size_t buflen, int *errnop);
377 NSS_STATUS (*_nss_getgrgid_r)(gid_t gid, struct group *result, char *buffer,
378 size_t buflen, int *errnop);
379 NSS_STATUS (*_nss_setgrent)(void);
380 NSS_STATUS (*_nss_getgrent_r)(struct group *result, char *buffer,
381 size_t buflen, int *errnop);
382 NSS_STATUS (*_nss_endgrent)(void);
385 struct nwrap_backend {
389 struct nwrap_ops *ops;
390 struct nwrap_module_nss_fns *fns;
394 struct passwd * (*nw_getpwnam)(struct nwrap_backend *b,
396 int (*nw_getpwnam_r)(struct nwrap_backend *b,
397 const char *name, struct passwd *pwdst,
398 char *buf, size_t buflen, struct passwd **pwdstp);
399 struct passwd * (*nw_getpwuid)(struct nwrap_backend *b,
401 int (*nw_getpwuid_r)(struct nwrap_backend *b,
402 uid_t uid, struct passwd *pwdst,
403 char *buf, size_t buflen, struct passwd **pwdstp);
404 void (*nw_setpwent)(struct nwrap_backend *b);
405 struct passwd * (*nw_getpwent)(struct nwrap_backend *b);
406 int (*nw_getpwent_r)(struct nwrap_backend *b,
407 struct passwd *pwdst, char *buf,
408 size_t buflen, struct passwd **pwdstp);
409 void (*nw_endpwent)(struct nwrap_backend *b);
410 int (*nw_initgroups)(struct nwrap_backend *b,
411 const char *user, gid_t group);
412 struct group * (*nw_getgrnam)(struct nwrap_backend *b,
414 int (*nw_getgrnam_r)(struct nwrap_backend *b,
415 const char *name, struct group *grdst,
416 char *buf, size_t buflen, struct group **grdstp);
417 struct group * (*nw_getgrgid)(struct nwrap_backend *b,
419 int (*nw_getgrgid_r)(struct nwrap_backend *b,
420 gid_t gid, struct group *grdst,
421 char *buf, size_t buflen, struct group **grdstp);
422 void (*nw_setgrent)(struct nwrap_backend *b);
423 struct group * (*nw_getgrent)(struct nwrap_backend *b);
424 int (*nw_getgrent_r)(struct nwrap_backend *b,
425 struct group *grdst, char *buf,
426 size_t buflen, struct group **grdstp);
427 void (*nw_endgrent)(struct nwrap_backend *b);
430 /* Public prototypes */
432 bool nss_wrapper_enabled(void);
433 bool nss_wrapper_shadow_enabled(void);
434 bool nss_wrapper_hosts_enabled(void);
436 /* prototypes for files backend */
439 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
441 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
442 const char *name, struct passwd *pwdst,
443 char *buf, size_t buflen, struct passwd **pwdstp);
444 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
446 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
447 uid_t uid, struct passwd *pwdst,
448 char *buf, size_t buflen, struct passwd **pwdstp);
449 static void nwrap_files_setpwent(struct nwrap_backend *b);
450 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b);
451 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
452 struct passwd *pwdst, char *buf,
453 size_t buflen, struct passwd **pwdstp);
454 static void nwrap_files_endpwent(struct nwrap_backend *b);
455 static int nwrap_files_initgroups(struct nwrap_backend *b,
456 const char *user, gid_t group);
457 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
459 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
460 const char *name, struct group *grdst,
461 char *buf, size_t buflen, struct group **grdstp);
462 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
464 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
465 gid_t gid, struct group *grdst,
466 char *buf, size_t buflen, struct group **grdstp);
467 static void nwrap_files_setgrent(struct nwrap_backend *b);
468 static struct group *nwrap_files_getgrent(struct nwrap_backend *b);
469 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
470 struct group *grdst, char *buf,
471 size_t buflen, struct group **grdstp);
472 static void nwrap_files_endgrent(struct nwrap_backend *b);
474 /* prototypes for module backend */
476 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b);
477 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
478 struct passwd *pwdst, char *buf,
479 size_t buflen, struct passwd **pwdstp);
480 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
482 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
483 const char *name, struct passwd *pwdst,
484 char *buf, size_t buflen, struct passwd **pwdstp);
485 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
487 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
488 uid_t uid, struct passwd *pwdst,
489 char *buf, size_t buflen, struct passwd **pwdstp);
490 static void nwrap_module_setpwent(struct nwrap_backend *b);
491 static void nwrap_module_endpwent(struct nwrap_backend *b);
492 static struct group *nwrap_module_getgrent(struct nwrap_backend *b);
493 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
494 struct group *grdst, char *buf,
495 size_t buflen, struct group **grdstp);
496 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
498 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
499 const char *name, struct group *grdst,
500 char *buf, size_t buflen, struct group **grdstp);
501 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
503 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
504 gid_t gid, struct group *grdst,
505 char *buf, size_t buflen, struct group **grdstp);
506 static void nwrap_module_setgrent(struct nwrap_backend *b);
507 static void nwrap_module_endgrent(struct nwrap_backend *b);
508 static int nwrap_module_initgroups(struct nwrap_backend *b,
509 const char *user, gid_t group);
511 struct nwrap_ops nwrap_files_ops = {
512 .nw_getpwnam = nwrap_files_getpwnam,
513 .nw_getpwnam_r = nwrap_files_getpwnam_r,
514 .nw_getpwuid = nwrap_files_getpwuid,
515 .nw_getpwuid_r = nwrap_files_getpwuid_r,
516 .nw_setpwent = nwrap_files_setpwent,
517 .nw_getpwent = nwrap_files_getpwent,
518 .nw_getpwent_r = nwrap_files_getpwent_r,
519 .nw_endpwent = nwrap_files_endpwent,
520 .nw_initgroups = nwrap_files_initgroups,
521 .nw_getgrnam = nwrap_files_getgrnam,
522 .nw_getgrnam_r = nwrap_files_getgrnam_r,
523 .nw_getgrgid = nwrap_files_getgrgid,
524 .nw_getgrgid_r = nwrap_files_getgrgid_r,
525 .nw_setgrent = nwrap_files_setgrent,
526 .nw_getgrent = nwrap_files_getgrent,
527 .nw_getgrent_r = nwrap_files_getgrent_r,
528 .nw_endgrent = nwrap_files_endgrent,
531 struct nwrap_ops nwrap_module_ops = {
532 .nw_getpwnam = nwrap_module_getpwnam,
533 .nw_getpwnam_r = nwrap_module_getpwnam_r,
534 .nw_getpwuid = nwrap_module_getpwuid,
535 .nw_getpwuid_r = nwrap_module_getpwuid_r,
536 .nw_setpwent = nwrap_module_setpwent,
537 .nw_getpwent = nwrap_module_getpwent,
538 .nw_getpwent_r = nwrap_module_getpwent_r,
539 .nw_endpwent = nwrap_module_endpwent,
540 .nw_initgroups = nwrap_module_initgroups,
541 .nw_getgrnam = nwrap_module_getgrnam,
542 .nw_getgrnam_r = nwrap_module_getgrnam_r,
543 .nw_getgrgid = nwrap_module_getgrgid,
544 .nw_getgrgid_r = nwrap_module_getgrgid_r,
545 .nw_setgrent = nwrap_module_setgrent,
546 .nw_getgrent = nwrap_module_getgrent,
547 .nw_getgrent_r = nwrap_module_getgrent_r,
548 .nw_endgrent = nwrap_module_endgrent,
555 struct nwrap_libc_fns *fns;
560 struct nwrap_backend *backends;
561 struct nwrap_libc *libc;
564 static struct nwrap_main *nwrap_main_global;
565 static struct nwrap_main __nwrap_main_global;
570 static int nwrap_convert_he_ai(const struct hostent *he,
572 const struct addrinfo *hints,
573 struct addrinfo **pai,
574 bool skip_canonname);
580 #define DEFAULT_VECTOR_CAPACITY 16
582 struct nwrap_vector {
588 /* Macro returns pointer to first element of vector->items array.
590 * nwrap_vector is used as a memory backend which take care of
591 * memory allocations and other stuff like memory growing.
592 * nwrap_vectors should not be considered as some abstract structures.
593 * On this level, vectors are more handy than direct realloc/malloc
596 * nwrap_vector->items is array inside nwrap_vector which can be
597 * directly pointed by libc structure assembled by cwrap itself.
601 * 1) struct hostent contains char **h_addr_list element.
602 * 2) nwrap_vector holds array of pointers to addresses.
603 * It's easier to use vector to store results of
606 * Now, pretend that cwrap assembled struct hostent and
607 * we need to set h_addr_list to point to nwrap_vector.
608 * Idea behind is to shield users from internal nwrap_vector
610 * (Yes, not fully - array terminated by NULL is needed because
611 * it's result expected by libc function caller.)
617 * struct nwrap_vector *vector = malloc(sizeof(struct nwrap_vector));
618 * ... don't care about failed allocation now ...
620 * ... fill nwrap vector ...
623 * he.h_addr_list = nwrap_vector_head(vector);
626 #define nwrap_vector_head(vect) ((void *)((vect)->items))
628 #define nwrap_vector_foreach(item, vect, iter) \
629 for (iter = 0, (item) = (vect).items == NULL ? NULL : (vect).items[0]; \
631 (item) = (vect).items[++iter])
633 #define nwrap_vector_is_initialized(vector) ((vector)->items != NULL)
635 static inline bool nwrap_vector_init(struct nwrap_vector *const vector)
637 if (vector == NULL) {
641 /* count is initialized by ZERO_STRUCTP */
642 ZERO_STRUCTP(vector);
643 vector->items = malloc(sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
644 if (vector->items == NULL) {
647 vector->capacity = DEFAULT_VECTOR_CAPACITY;
648 memset(vector->items, '\0', sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
653 static bool nwrap_vector_add_item(struct nwrap_vector *vector, void *const item)
655 assert (vector != NULL);
657 if (vector->items == NULL) {
658 nwrap_vector_init(vector);
661 if (vector->count == vector->capacity) {
662 /* Items array _MUST_ be NULL terminated because it's passed
663 * as result to caller which expect NULL terminated array from libc.
665 void **items = realloc(vector->items, sizeof(void *) * ((vector->capacity * 2) + 1));
669 vector->items = items;
671 /* Don't count ending NULL to capacity */
672 vector->capacity *= 2;
675 vector->items[vector->count] = item;
678 vector->items[vector->count] = NULL;
683 static bool nwrap_vector_merge(struct nwrap_vector *dst,
684 struct nwrap_vector *src)
686 void **dst_items = NULL;
689 if (src->count == 0) {
693 count = dst->count + src->count;
695 /* We don't need reallocation if we have enough capacity. */
696 if (src->count > (dst->capacity - dst->count)) {
697 dst_items = (void **)realloc(dst->items, (count + 1) * sizeof(void *));
698 if (dst_items == NULL) {
701 dst->items = dst_items;
702 dst->capacity = count;
705 memcpy((void *)(((long *)dst->items) + dst->count),
707 src->count * sizeof(void *));
720 struct nwrap_vector lines;
722 bool (*parse_line)(struct nwrap_cache *, char *line);
723 void (*unload)(struct nwrap_cache *);
728 struct nwrap_cache *cache;
735 struct nwrap_cache __nwrap_cache_pw;
736 struct nwrap_pw nwrap_pw_global;
738 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line);
739 static void nwrap_pw_unload(struct nwrap_cache *nwrap);
742 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
744 struct nwrap_cache *cache;
751 struct nwrap_cache __nwrap_cache_sp;
752 struct nwrap_sp nwrap_sp_global;
754 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line);
755 static void nwrap_sp_unload(struct nwrap_cache *nwrap);
756 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
760 struct nwrap_cache *cache;
767 struct nwrap_cache __nwrap_cache_gr;
768 struct nwrap_gr nwrap_gr_global;
771 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line);
772 static void nwrap_he_unload(struct nwrap_cache *nwrap);
774 struct nwrap_addrdata {
775 unsigned char host_addr[16]; /* IPv4 or IPv6 address */
778 static size_t max_hostents = 100;
780 struct nwrap_entdata {
781 struct nwrap_addrdata addr;
784 struct nwrap_vector nwrap_addrdata;
786 ssize_t aliases_count;
789 struct nwrap_entlist {
790 struct nwrap_entlist *next;
791 struct nwrap_entdata *ed;
795 struct nwrap_cache *cache;
797 struct nwrap_vector entries;
798 struct nwrap_vector lists;
804 static struct nwrap_cache __nwrap_cache_he;
805 static struct nwrap_he nwrap_he_global;
808 /*********************************************************
810 *********************************************************/
812 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line);
813 static void nwrap_gr_unload(struct nwrap_cache *nwrap);
814 void nwrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
815 void nwrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
817 /*********************************************************
818 * NWRAP LIBC LOADER FUNCTIONS
819 *********************************************************/
828 static const char *nwrap_str_lib(enum nwrap_lib lib)
835 case NWRAP_LIBSOCKET:
839 /* Compiler would warn us about unhandled enum value if we get here */
844 static void *nwrap_load_lib_handle(enum nwrap_lib lib)
846 int flags = RTLD_LAZY;
851 const char *env_preload = getenv("LD_PRELOAD");
852 const char *env_deepbind = getenv("NSS_WRAPPER_DISABLE_DEEPBIND");
853 bool enable_deepbind = true;
855 /* Don't do a deepbind if we run with libasan */
856 if (env_preload != NULL && strlen(env_preload) < 1024) {
857 const char *p = strstr(env_preload, "libasan.so");
859 enable_deepbind = false;
863 if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
864 enable_deepbind = false;
867 if (enable_deepbind) {
868 flags |= RTLD_DEEPBIND;
875 handle = nwrap_main_global->libc->nsl_handle;
876 if (handle == NULL) {
877 for (i = 10; i >= 0; i--) {
878 char soname[256] = {0};
880 snprintf(soname, sizeof(soname), "libnsl.so.%d", i);
881 handle = dlopen(soname, flags);
882 if (handle != NULL) {
887 nwrap_main_global->libc->nsl_handle = handle;
892 case NWRAP_LIBSOCKET:
893 #ifdef HAVE_LIBSOCKET
894 handle = nwrap_main_global->libc->sock_handle;
895 if (handle == NULL) {
896 for (i = 10; i >= 0; i--) {
897 char soname[256] = {0};
899 snprintf(soname, sizeof(soname), "libsocket.so.%d", i);
900 handle = dlopen(soname, flags);
901 if (handle != NULL) {
906 nwrap_main_global->libc->sock_handle = handle;
912 handle = nwrap_main_global->libc->handle;
913 if (handle == NULL) {
914 for (i = 10; i >= 0; i--) {
915 char soname[256] = {0};
917 snprintf(soname, sizeof(soname), "libc.so.%d", i);
918 handle = dlopen(soname, flags);
919 if (handle != NULL) {
924 nwrap_main_global->libc->handle = handle;
929 if (handle == NULL) {
931 handle = nwrap_main_global->libc->handle
932 = nwrap_main_global->libc->sock_handle
933 = nwrap_main_global->libc->nsl_handle
936 NWRAP_LOG(NWRAP_LOG_ERROR,
937 "Failed to dlopen library: %s\n",
946 static void *_nwrap_load_lib_function(enum nwrap_lib lib, const char *fn_name)
953 handle = nwrap_load_lib_handle(lib);
955 func = dlsym(handle, fn_name);
957 NWRAP_LOG(NWRAP_LOG_ERROR,
958 "Failed to find %s: %s\n",
963 NWRAP_LOG(NWRAP_LOG_TRACE,
965 fn_name, nwrap_str_lib(lib));
969 #define nwrap_load_lib_function(lib, fn_name) \
970 if (nwrap_main_global->libc->fns->_libc_##fn_name == NULL) { \
971 *(void **) (&nwrap_main_global->libc->fns->_libc_##fn_name) = \
972 _nwrap_load_lib_function(lib, #fn_name); \
975 /* INTERNAL HELPER FUNCTIONS */
976 static void nwrap_lines_unload(struct nwrap_cache *const nwrap)
980 nwrap_vector_foreach(item, nwrap->lines, p) {
981 /* Maybe some vectors were merged ... */
984 SAFE_FREE(nwrap->lines.items);
985 ZERO_STRUCTP(&nwrap->lines);
991 * Functions expeciall from libc need to be loaded individually, you can't load
992 * all at once or gdb will segfault at startup. The same applies to valgrind and
993 * has probably something todo with with the linker.
994 * So we need load each function at the point it is called the first time.
996 static struct passwd *libc_getpwnam(const char *name)
998 nwrap_load_lib_function(NWRAP_LIBC, getpwnam);
1000 return nwrap_main_global->libc->fns->_libc_getpwnam(name);
1003 #ifdef HAVE_GETPWNAM_R
1004 static int libc_getpwnam_r(const char *name,
1008 struct passwd **result)
1010 #ifdef HAVE___POSIX_GETPWNAM_R
1011 if (nwrap_main_global->libc->fns->_libc_getpwnam_r == NULL) {
1012 *(void **) (&nwrap_main_global->libc->fns->_libc_getpwnam_r) =
1013 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getpwnam_r");
1016 nwrap_load_lib_function(NWRAP_LIBC, getpwnam_r);
1019 return nwrap_main_global->libc->fns->_libc_getpwnam_r(name,
1027 static struct passwd *libc_getpwuid(uid_t uid)
1029 nwrap_load_lib_function(NWRAP_LIBC, getpwuid);
1031 return nwrap_main_global->libc->fns->_libc_getpwuid(uid);
1034 #ifdef HAVE_GETPWUID_R
1035 static int libc_getpwuid_r(uid_t uid,
1039 struct passwd **result)
1041 #ifdef HAVE___POSIX_GETPWUID_R
1042 if (nwrap_main_global->libc->fns->_libc_getpwuid_r == NULL) {
1043 *(void **) (&nwrap_main_global->libc->fns->_libc_getpwuid_r) =
1044 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getpwuid_r");
1047 nwrap_load_lib_function(NWRAP_LIBC, getpwuid_r);
1050 return nwrap_main_global->libc->fns->_libc_getpwuid_r(uid,
1058 static inline void str_tolower(char *dst, char *src)
1060 register char *src_tmp = src;
1061 register char *dst_tmp = dst;
1063 while (*src_tmp != '\0') {
1064 *dst_tmp = tolower(*src_tmp);
1070 static bool str_tolower_copy(char **dst_name, const char *const src_name)
1074 if ((dst_name == NULL) || (src_name == NULL)) {
1078 h_name_lower = strdup(src_name);
1079 if (h_name_lower == NULL) {
1080 NWRAP_LOG(NWRAP_LOG_DEBUG, "Out of memory while strdup");
1084 str_tolower(h_name_lower, h_name_lower);
1085 *dst_name = h_name_lower;
1089 static void libc_setpwent(void)
1091 nwrap_load_lib_function(NWRAP_LIBC, setpwent);
1093 nwrap_main_global->libc->fns->_libc_setpwent();
1096 static struct passwd *libc_getpwent(void)
1098 nwrap_load_lib_function(NWRAP_LIBC, getpwent);
1100 return nwrap_main_global->libc->fns->_libc_getpwent();
1103 #ifdef HAVE_GETPWENT_R
1104 # ifdef HAVE_SOLARIS_GETPWENT_R
1105 static struct passwd *libc_getpwent_r(struct passwd *pwdst,
1109 nwrap_load_lib_function(NWRAP_LIBC, getpwent_r);
1111 return nwrap_main_global->libc->fns->_libc_getpwent_r(pwdst,
1115 # else /* HAVE_SOLARIS_GETPWENT_R */
1116 static int libc_getpwent_r(struct passwd *pwdst,
1119 struct passwd **pwdstp)
1121 nwrap_load_lib_function(NWRAP_LIBC, getpwent_r);
1123 return nwrap_main_global->libc->fns->_libc_getpwent_r(pwdst,
1128 # endif /* HAVE_SOLARIS_GETPWENT_R */
1129 #endif /* HAVE_GETPWENT_R */
1131 static void libc_endpwent(void)
1133 nwrap_load_lib_function(NWRAP_LIBC, endpwent);
1135 nwrap_main_global->libc->fns->_libc_endpwent();
1138 static int libc_initgroups(const char *user, gid_t gid)
1140 nwrap_load_lib_function(NWRAP_LIBC, initgroups);
1142 return nwrap_main_global->libc->fns->_libc_initgroups(user, gid);
1145 static struct group *libc_getgrnam(const char *name)
1147 nwrap_load_lib_function(NWRAP_LIBC, getgrnam);
1149 return nwrap_main_global->libc->fns->_libc_getgrnam(name);
1152 #ifdef HAVE_GETGRNAM_R
1153 static int libc_getgrnam_r(const char *name,
1157 struct group **result)
1159 #ifdef HAVE___POSIX_GETGRNAM_R
1160 if (nwrap_main_global->libc->fns->_libc_getgrnam_r == NULL) {
1161 *(void **) (&nwrap_main_global->libc->fns->_libc_getgrnam_r) =
1162 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getgrnam_r");
1165 nwrap_load_lib_function(NWRAP_LIBC, getgrnam_r);
1168 return nwrap_main_global->libc->fns->_libc_getgrnam_r(name,
1176 static struct group *libc_getgrgid(gid_t gid)
1178 nwrap_load_lib_function(NWRAP_LIBC, getgrgid);
1180 return nwrap_main_global->libc->fns->_libc_getgrgid(gid);
1183 #ifdef HAVE_GETGRGID_R
1184 static int libc_getgrgid_r(gid_t gid,
1188 struct group **result)
1190 #ifdef HAVE___POSIX_GETGRGID_R
1191 if (nwrap_main_global->libc->fns->_libc_getgrgid_r == NULL) {
1192 *(void **) (&nwrap_main_global->libc->fns->_libc_getgrgid_r) =
1193 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getgrgid_r");
1196 nwrap_load_lib_function(NWRAP_LIBC, getgrgid_r);
1199 return nwrap_main_global->libc->fns->_libc_getgrgid_r(gid,
1207 static void libc_setgrent(void)
1209 nwrap_load_lib_function(NWRAP_LIBC, setgrent);
1211 nwrap_main_global->libc->fns->_libc_setgrent();
1214 static struct group *libc_getgrent(void)
1216 nwrap_load_lib_function(NWRAP_LIBC, getgrent);
1218 return nwrap_main_global->libc->fns->_libc_getgrent();
1221 #ifdef HAVE_GETGRENT_R
1222 # ifdef HAVE_SOLARIS_GETGRENT_R
1223 static struct group *libc_getgrent_r(struct group *group,
1227 nwrap_load_lib_function(NWRAP_LIBC, getgrent_r);
1229 return nwrap_main_global->libc->fns->_libc_getgrent_r(group,
1233 # else /* HAVE_SOLARIS_GETGRENT_R */
1234 static int libc_getgrent_r(struct group *group,
1237 struct group **result)
1239 nwrap_load_lib_function(NWRAP_LIBC, getgrent_r);
1241 return nwrap_main_global->libc->fns->_libc_getgrent_r(group,
1246 # endif /* HAVE_SOLARIS_GETGRENT_R */
1247 #endif /* HAVE_GETGRENT_R */
1249 static void libc_endgrent(void)
1251 nwrap_load_lib_function(NWRAP_LIBC, endgrent);
1253 nwrap_main_global->libc->fns->_libc_endgrent();
1256 #ifdef HAVE_GETGROUPLIST
1257 static int libc_getgrouplist(const char *user,
1262 nwrap_load_lib_function(NWRAP_LIBC, getgrouplist);
1264 return nwrap_main_global->libc->fns->_libc_getgrouplist(user,
1271 static void libc_sethostent(int stayopen)
1273 nwrap_load_lib_function(NWRAP_LIBNSL, sethostent);
1275 nwrap_main_global->libc->fns->_libc_sethostent(stayopen);
1278 static struct hostent *libc_gethostent(void)
1280 nwrap_load_lib_function(NWRAP_LIBNSL, gethostent);
1282 return nwrap_main_global->libc->fns->_libc_gethostent();
1285 static void libc_endhostent(void)
1287 nwrap_load_lib_function(NWRAP_LIBNSL, endhostent);
1289 nwrap_main_global->libc->fns->_libc_endhostent();
1292 static struct hostent *libc_gethostbyname(const char *name)
1294 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname);
1296 return nwrap_main_global->libc->fns->_libc_gethostbyname(name);
1299 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
1300 static struct hostent *libc_gethostbyname2(const char *name, int af)
1302 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname2);
1304 return nwrap_main_global->libc->fns->_libc_gethostbyname2(name, af);
1308 static struct hostent *libc_gethostbyaddr(const void *addr,
1312 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyaddr);
1314 return nwrap_main_global->libc->fns->_libc_gethostbyaddr(addr,
1319 static int libc_gethostname(char *name, size_t len)
1321 nwrap_load_lib_function(NWRAP_LIBNSL, gethostname);
1323 return nwrap_main_global->libc->fns->_libc_gethostname(name, len);
1326 #ifdef HAVE_GETHOSTBYNAME_R
1327 static int libc_gethostbyname_r(const char *name,
1328 struct hostent *ret,
1331 struct hostent **result,
1334 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname_r);
1336 return nwrap_main_global->libc->fns->_libc_gethostbyname_r(name,
1345 #ifdef HAVE_GETHOSTBYADDR_R
1346 static int libc_gethostbyaddr_r(const void *addr,
1349 struct hostent *ret,
1352 struct hostent **result,
1355 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyaddr_r);
1357 return nwrap_main_global->libc->fns->_libc_gethostbyaddr_r(addr,
1368 static int libc_getaddrinfo(const char *node,
1369 const char *service,
1370 const struct addrinfo *hints,
1371 struct addrinfo **res)
1373 nwrap_load_lib_function(NWRAP_LIBSOCKET, getaddrinfo);
1375 return nwrap_main_global->libc->fns->_libc_getaddrinfo(node,
1381 static int libc_getnameinfo(const struct sockaddr *sa,
1389 nwrap_load_lib_function(NWRAP_LIBSOCKET, getnameinfo);
1391 return nwrap_main_global->libc->fns->_libc_getnameinfo(sa,
1400 /*********************************************************
1401 * NWRAP NSS MODULE LOADER FUNCTIONS
1402 *********************************************************/
1404 static void *nwrap_load_module_fn(struct nwrap_backend *b,
1405 const char *fn_name)
1410 if (!b->so_handle) {
1411 NWRAP_LOG(NWRAP_LOG_ERROR, "No handle");
1415 if (asprintf(&s, "_nss_%s_%s", b->name, fn_name) == -1) {
1416 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1420 res = dlsym(b->so_handle, s);
1422 NWRAP_LOG(NWRAP_LOG_ERROR,
1423 "Cannot find function %s in %s",
1430 static struct nwrap_module_nss_fns *nwrap_load_module_fns(struct nwrap_backend *b)
1432 struct nwrap_module_nss_fns *fns;
1434 if (!b->so_handle) {
1438 fns = (struct nwrap_module_nss_fns *)malloc(sizeof(struct nwrap_module_nss_fns));
1443 *(void **)(&fns->_nss_getpwnam_r) =
1444 nwrap_load_module_fn(b, "getpwnam_r");
1445 *(void **)(&fns->_nss_getpwuid_r) =
1446 nwrap_load_module_fn(b, "getpwuid_r");
1447 *(void **)(&fns->_nss_setpwent) =
1448 nwrap_load_module_fn(b, "setpwent");
1449 *(void **)(&fns->_nss_getpwent_r) =
1450 nwrap_load_module_fn(b, "getpwent_r");
1451 *(void **)(&fns->_nss_endpwent) =
1452 nwrap_load_module_fn(b, "endpwent");
1453 *(void **)(&fns->_nss_initgroups) =
1454 nwrap_load_module_fn(b, "initgroups_dyn");
1455 *(void **)(&fns->_nss_getgrnam_r) =
1456 nwrap_load_module_fn(b, "getgrnam_r");
1457 *(void **)(&fns->_nss_getgrgid_r)=
1458 nwrap_load_module_fn(b, "getgrgid_r");
1459 *(void **)(&fns->_nss_setgrent) =
1460 nwrap_load_module_fn(b, "setgrent");
1461 *(void **)(&fns->_nss_getgrent_r) =
1462 nwrap_load_module_fn(b, "getgrent_r");
1463 *(void **)(&fns->_nss_endgrent) =
1464 nwrap_load_module_fn(b, "endgrent");
1469 static void *nwrap_load_module(const char *so_path)
1473 if (!so_path || !strlen(so_path)) {
1477 h = dlopen(so_path, RTLD_LAZY);
1479 NWRAP_LOG(NWRAP_LOG_ERROR,
1480 "Cannot open shared library %s",
1488 static bool nwrap_module_init(const char *name,
1489 struct nwrap_ops *ops,
1490 const char *so_path,
1492 struct nwrap_backend **backends)
1494 struct nwrap_backend *b;
1496 *backends = (struct nwrap_backend *)realloc(*backends,
1497 sizeof(struct nwrap_backend) * ((*num_backends) + 1));
1499 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1503 b = &((*backends)[*num_backends]);
1507 b->so_path = so_path;
1509 if (so_path != NULL) {
1510 b->so_handle = nwrap_load_module(so_path);
1511 b->fns = nwrap_load_module_fns(b);
1512 if (b->fns == NULL) {
1516 b->so_handle = NULL;
1525 static void nwrap_libc_init(struct nwrap_main *r)
1527 r->libc = calloc(1, sizeof(struct nwrap_libc));
1528 if (r->libc == NULL) {
1529 printf("Failed to allocate memory for libc");
1533 r->libc->fns = calloc(1, sizeof(struct nwrap_libc_fns));
1534 if (r->libc->fns == NULL) {
1535 printf("Failed to allocate memory for libc functions");
1540 static void nwrap_backend_init(struct nwrap_main *r)
1542 const char *module_so_path = getenv("NSS_WRAPPER_MODULE_SO_PATH");
1543 const char *module_fn_name = getenv("NSS_WRAPPER_MODULE_FN_PREFIX");
1545 r->num_backends = 0;
1548 if (!nwrap_module_init("files", &nwrap_files_ops, NULL,
1551 NWRAP_LOG(NWRAP_LOG_ERROR,
1552 "Failed to initialize 'files' backend");
1556 if (module_so_path != NULL &&
1557 module_so_path[0] != '\0' &&
1558 module_fn_name != NULL &&
1559 module_fn_name[0] != '\0') {
1560 if (!nwrap_module_init(module_fn_name,
1565 NWRAP_LOG(NWRAP_LOG_ERROR,
1566 "Failed to initialize '%s' backend",
1573 static void nwrap_init(void)
1577 size_t max_hostents_tmp;
1580 NWRAP_LOCK(nwrap_initialized);
1581 if (nwrap_initialized) {
1582 NWRAP_UNLOCK(nwrap_initialized);
1587 * Still holding nwrap_initialized lock here.
1588 * We don't use NWRAP_(UN)LOCK_ALL macros here because we
1589 * want to avoid overhead when other threads do their job.
1591 NWRAP_LOCK(nwrap_global);
1592 NWRAP_LOCK(nwrap_gr_global);
1593 NWRAP_LOCK(nwrap_he_global);
1594 NWRAP_LOCK(nwrap_pw_global);
1595 NWRAP_LOCK(nwrap_sp_global);
1597 nwrap_initialized = true;
1599 env = getenv("NSS_WRAPPER_MAX_HOSTENTS");
1601 max_hostents_tmp = (size_t)strtoul(env, &endptr, 10);
1602 if ((*env == '\0') ||
1603 (*endptr != '\0') ||
1604 (max_hostents_tmp == 0)) {
1605 NWRAP_LOG(NWRAP_LOG_DEBUG,
1606 "Error parsing NSS_WRAPPER_MAX_HOSTENTS "
1607 "value or value is too small. "
1608 "Using default value: %lu.",
1609 (unsigned long)max_hostents);
1611 max_hostents = max_hostents_tmp;
1614 /* Initialize hash table */
1615 NWRAP_LOG(NWRAP_LOG_DEBUG,
1616 "Initializing hash table of size %lu items.",
1617 (unsigned long)max_hostents);
1618 ok = hcreate(max_hostents);
1620 NWRAP_LOG(NWRAP_LOG_ERROR,
1621 "Failed to initialize hash table");
1625 nwrap_main_global = &__nwrap_main_global;
1627 nwrap_libc_init(nwrap_main_global);
1629 nwrap_backend_init(nwrap_main_global);
1632 nwrap_pw_global.cache = &__nwrap_cache_pw;
1634 nwrap_pw_global.cache->path = getenv("NSS_WRAPPER_PASSWD");
1635 nwrap_pw_global.cache->fp = NULL;
1636 nwrap_pw_global.cache->fd = -1;
1637 nwrap_pw_global.cache->private_data = &nwrap_pw_global;
1638 nwrap_pw_global.cache->parse_line = nwrap_pw_parse_line;
1639 nwrap_pw_global.cache->unload = nwrap_pw_unload;
1642 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1643 nwrap_sp_global.cache = &__nwrap_cache_sp;
1645 nwrap_sp_global.cache->path = getenv("NSS_WRAPPER_SHADOW");
1646 nwrap_sp_global.cache->fp = NULL;
1647 nwrap_sp_global.cache->fd = -1;
1648 nwrap_sp_global.cache->private_data = &nwrap_sp_global;
1649 nwrap_sp_global.cache->parse_line = nwrap_sp_parse_line;
1650 nwrap_sp_global.cache->unload = nwrap_sp_unload;
1651 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1654 nwrap_gr_global.cache = &__nwrap_cache_gr;
1656 nwrap_gr_global.cache->path = getenv("NSS_WRAPPER_GROUP");
1657 nwrap_gr_global.cache->fp = NULL;
1658 nwrap_gr_global.cache->fd = -1;
1659 nwrap_gr_global.cache->private_data = &nwrap_gr_global;
1660 nwrap_gr_global.cache->parse_line = nwrap_gr_parse_line;
1661 nwrap_gr_global.cache->unload = nwrap_gr_unload;
1664 nwrap_he_global.cache = &__nwrap_cache_he;
1666 nwrap_he_global.cache->path = getenv("NSS_WRAPPER_HOSTS");
1667 nwrap_he_global.cache->fp = NULL;
1668 nwrap_he_global.cache->fd = -1;
1669 nwrap_he_global.cache->private_data = &nwrap_he_global;
1670 nwrap_he_global.cache->parse_line = nwrap_he_parse_line;
1671 nwrap_he_global.cache->unload = nwrap_he_unload;
1673 /* We hold all locks here so we can use NWRAP_UNLOCK_ALL. */
1677 bool nss_wrapper_enabled(void)
1681 if (nwrap_pw_global.cache->path == NULL ||
1682 nwrap_pw_global.cache->path[0] == '\0') {
1685 if (nwrap_gr_global.cache->path == NULL ||
1686 nwrap_gr_global.cache->path[0] == '\0') {
1693 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1694 bool nss_wrapper_shadow_enabled(void)
1698 if (nwrap_sp_global.cache->path == NULL ||
1699 nwrap_sp_global.cache->path[0] == '\0') {
1705 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1707 bool nss_wrapper_hosts_enabled(void)
1711 if (nwrap_he_global.cache->path == NULL ||
1712 nwrap_he_global.cache->path[0] == '\0') {
1719 static bool nwrap_hostname_enabled(void)
1723 if (getenv("NSS_WRAPPER_HOSTNAME") == NULL) {
1730 static bool nwrap_parse_file(struct nwrap_cache *nwrap)
1734 /* Unused but getline needs it */
1738 if (nwrap->st.st_size == 0) {
1739 NWRAP_LOG(NWRAP_LOG_DEBUG, "size == 0");
1743 /* Support for 32-bit system I guess */
1744 if (nwrap->st.st_size > INT32_MAX) {
1745 NWRAP_LOG(NWRAP_LOG_ERROR,
1746 "Size[%u] larger than INT32_MAX",
1747 (unsigned)nwrap->st.st_size);
1754 n = getline(&line, &len, nwrap->fp);
1757 if (feof(nwrap->fp)) {
1761 NWRAP_LOG(NWRAP_LOG_ERROR,
1762 "Unable to read line from file: %s",
1767 if (line[n - 1] == '\n') {
1771 if (line[0] == '\0') {
1776 ok = nwrap->parse_line(nwrap, line);
1778 NWRAP_LOG(NWRAP_LOG_ERROR,
1779 "Unable to parse line file: %s",
1785 /* Line is parsed without issues so add it to list */
1786 ok = nwrap_vector_add_item(&(nwrap->lines), (void *const) line);
1788 NWRAP_LOG(NWRAP_LOG_ERROR,
1789 "Unable to add line to vector");
1793 /* This forces getline to allocate new memory for line. */
1795 } while (!feof(nwrap->fp));
1800 static void nwrap_files_cache_unload(struct nwrap_cache *nwrap)
1802 nwrap->unload(nwrap);
1804 nwrap_lines_unload(nwrap);
1807 static bool nwrap_files_cache_reload(struct nwrap_cache *nwrap)
1812 bool retried = false;
1814 assert(nwrap != NULL);
1817 if (nwrap->fd < 0) {
1818 nwrap->fp = fopen(nwrap->path, "re");
1819 if (nwrap->fp == NULL) {
1821 NWRAP_LOG(NWRAP_LOG_ERROR,
1822 "Unable to open '%s' readonly %d:%s",
1823 nwrap->path, nwrap->fd,
1828 nwrap->fd = fileno(nwrap->fp);
1829 NWRAP_LOG(NWRAP_LOG_DEBUG, "Open '%s'", nwrap->path);
1832 ret = fstat(nwrap->fd, &st);
1834 NWRAP_LOG(NWRAP_LOG_ERROR,
1835 "fstat(%s) - %d:%s",
1845 if (retried == false && st.st_nlink == 0) {
1846 /* maybe someone has replaced the file... */
1847 NWRAP_LOG(NWRAP_LOG_TRACE,
1848 "st_nlink == 0, reopen %s",
1851 memset(&nwrap->st, 0, sizeof(nwrap->st));
1858 if (st.st_mtime == nwrap->st.st_mtime) {
1859 NWRAP_LOG(NWRAP_LOG_TRACE,
1860 "st_mtime[%u] hasn't changed, skip reload",
1861 (unsigned)st.st_mtime);
1865 NWRAP_LOG(NWRAP_LOG_TRACE,
1866 "st_mtime has changed [%u] => [%u], start reload",
1867 (unsigned)st.st_mtime,
1868 (unsigned)nwrap->st.st_mtime);
1872 nwrap_files_cache_unload(nwrap);
1874 ok = nwrap_parse_file(nwrap);
1876 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to reload %s", nwrap->path);
1877 nwrap_files_cache_unload(nwrap);
1881 NWRAP_LOG(NWRAP_LOG_TRACE, "Reloaded %s", nwrap->path);
1886 * the caller has to call nwrap_unload() on failure
1888 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line)
1890 struct nwrap_pw *nwrap_pw;
1897 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
1899 list_size = sizeof(*nwrap_pw->list) * (nwrap_pw->num+1);
1900 pw = (struct passwd *)realloc(nwrap_pw->list, list_size);
1902 NWRAP_LOG(NWRAP_LOG_ERROR,
1903 "realloc(%u) failed",
1904 (unsigned)list_size);
1907 nwrap_pw->list = pw;
1909 pw = &nwrap_pw->list[nwrap_pw->num];
1916 NWRAP_LOG(NWRAP_LOG_ERROR,
1917 "Invalid line[%s]: '%s'",
1927 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", pw->pw_name);
1932 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1940 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]\n", pw->pw_passwd);
1945 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1951 pw->pw_uid = (uid_t)strtoul(c, &e, 10);
1953 NWRAP_LOG(NWRAP_LOG_ERROR,
1954 "Invalid line[%s]: '%s' - %s",
1955 line, c, strerror(errno));
1959 NWRAP_LOG(NWRAP_LOG_ERROR,
1960 "Invalid line[%s]: '%s' - %s",
1961 line, c, strerror(errno));
1965 NWRAP_LOG(NWRAP_LOG_ERROR,
1966 "Invalid line[%s]: '%s' - %s",
1967 line, c, strerror(errno));
1972 NWRAP_LOG(NWRAP_LOG_TRACE, "uid[%u]", pw->pw_uid);
1977 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1983 pw->pw_gid = (gid_t)strtoul(c, &e, 10);
1985 NWRAP_LOG(NWRAP_LOG_ERROR,
1986 "Invalid line[%s]: '%s' - %s",
1987 line, c, strerror(errno));
1991 NWRAP_LOG(NWRAP_LOG_ERROR,
1992 "Invalid line[%s]: '%s' - %s",
1993 line, c, strerror(errno));
1997 NWRAP_LOG(NWRAP_LOG_ERROR,
1998 "Invalid line[%s]: '%s' - %s",
1999 line, c, strerror(errno));
2004 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]\n", pw->pw_gid);
2006 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
2007 pw->pw_class = discard_const_p(char, "");
2009 NWRAP_LOG(NWRAP_LOG_TRACE, "class[%s]", pw->pw_class);
2010 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
2012 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
2015 NWRAP_LOG(NWRAP_LOG_TRACE,
2017 (unsigned long)pw->pw_change);
2018 #endif /* HAVE_STRUCT_PASSWD_PW_CHANGE */
2020 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
2023 NWRAP_LOG(NWRAP_LOG_TRACE,
2025 (unsigned long)pw->pw_expire);
2026 #endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE */
2031 NWRAP_LOG(NWRAP_LOG_ERROR, "invalid line[%s]: '%s'", line, c);
2039 NWRAP_LOG(NWRAP_LOG_TRACE, "gecos[%s]", pw->pw_gecos);
2044 NWRAP_LOG(NWRAP_LOG_ERROR, "'%s'", c);
2052 NWRAP_LOG(NWRAP_LOG_TRACE, "dir[%s]", pw->pw_dir);
2056 NWRAP_LOG(NWRAP_LOG_TRACE, "shell[%s]", pw->pw_shell);
2058 NWRAP_LOG(NWRAP_LOG_DEBUG,
2059 "Added user[%s:%s:%u:%u:%s:%s:%s]",
2060 pw->pw_name, pw->pw_passwd,
2061 pw->pw_uid, pw->pw_gid,
2062 pw->pw_gecos, pw->pw_dir, pw->pw_shell);
2068 static void nwrap_pw_unload(struct nwrap_cache *nwrap)
2070 struct nwrap_pw *nwrap_pw;
2071 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
2073 SAFE_FREE(nwrap_pw->list);
2078 static int nwrap_pw_copy_r(const struct passwd *src, struct passwd *dst,
2079 char *buf, size_t buflen, struct passwd **dstp)
2085 first = src->pw_name;
2087 last = src->pw_shell;
2088 while (*last) last++;
2090 ofs = PTR_DIFF(last + 1, first);
2092 if (ofs > (off_t) buflen) {
2096 memcpy(buf, first, ofs);
2098 ofs = PTR_DIFF(src->pw_name, first);
2099 dst->pw_name = buf + ofs;
2100 ofs = PTR_DIFF(src->pw_passwd, first);
2101 dst->pw_passwd = buf + ofs;
2102 dst->pw_uid = src->pw_uid;
2103 dst->pw_gid = src->pw_gid;
2104 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
2105 ofs = PTR_DIFF(src->pw_class, first);
2106 dst->pw_class = buf + ofs;
2107 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
2109 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
2111 #endif /* HAVE_STRUCT_PASSWD_PW_CHANGE */
2113 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
2115 #endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE */
2117 ofs = PTR_DIFF(src->pw_gecos, first);
2118 dst->pw_gecos = buf + ofs;
2119 ofs = PTR_DIFF(src->pw_dir, first);
2120 dst->pw_dir = buf + ofs;
2121 ofs = PTR_DIFF(src->pw_shell, first);
2122 dst->pw_shell = buf + ofs;
2131 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
2132 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line)
2134 struct nwrap_sp *nwrap_sp;
2141 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2143 list_size = sizeof(*nwrap_sp->list) * (nwrap_sp->num+1);
2144 sp = (struct spwd *)realloc(nwrap_sp->list, list_size);
2146 NWRAP_LOG(NWRAP_LOG_ERROR,
2147 "realloc(%u) failed",
2148 (unsigned)list_size);
2151 nwrap_sp->list = sp;
2153 sp = &nwrap_sp->list[nwrap_sp->num];
2160 NWRAP_LOG(NWRAP_LOG_ERROR,
2161 "name -- Invalid line[%s]: '%s'",
2171 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", sp->sp_namp);
2176 NWRAP_LOG(NWRAP_LOG_ERROR,
2177 "pwd -- Invalid line[%s]: '%s'",
2194 NWRAP_LOG(NWRAP_LOG_ERROR,
2195 "lstchg -- Invalid line[%s]: '%s'",
2202 sp->sp_lstchg = strtol(c, &e, 10);
2204 NWRAP_LOG(NWRAP_LOG_ERROR,
2205 "lstchg -- Invalid line[%s]: '%s' - %s",
2206 line, c, strerror(errno));
2210 NWRAP_LOG(NWRAP_LOG_ERROR,
2211 "lstchg -- Invalid line[%s]: '%s' - %s",
2212 line, c, strerror(errno));
2216 NWRAP_LOG(NWRAP_LOG_ERROR,
2217 "lstchg -- Invalid line[%s]: '%s' - %s",
2218 line, c, strerror(errno));
2231 NWRAP_LOG(NWRAP_LOG_ERROR,
2232 "min -- Invalid line[%s]: '%s'",
2239 sp->sp_min = strtol(c, &e, 10);
2241 NWRAP_LOG(NWRAP_LOG_ERROR,
2242 "min -- Invalid line[%s]: '%s' - %s",
2243 line, c, strerror(errno));
2247 NWRAP_LOG(NWRAP_LOG_ERROR,
2248 "min -- Invalid line[%s]: '%s' - %s",
2249 line, c, strerror(errno));
2253 NWRAP_LOG(NWRAP_LOG_ERROR,
2254 "min -- Invalid line[%s]: '%s' - %s",
2255 line, c, strerror(errno));
2268 NWRAP_LOG(NWRAP_LOG_ERROR,
2269 "max -- Invalid line[%s]: '%s'",
2276 sp->sp_max = strtol(c, &e, 10);
2278 NWRAP_LOG(NWRAP_LOG_ERROR,
2279 "max -- Invalid line[%s]: '%s' - %s",
2280 line, c, strerror(errno));
2284 NWRAP_LOG(NWRAP_LOG_ERROR,
2285 "max -- Invalid line[%s]: '%s' - %s",
2286 line, c, strerror(errno));
2290 NWRAP_LOG(NWRAP_LOG_ERROR,
2291 "max -- Invalid line[%s]: '%s' - %s",
2292 line, c, strerror(errno));
2305 NWRAP_LOG(NWRAP_LOG_ERROR,
2306 "warn -- Invalid line[%s]: '%s'",
2313 sp->sp_warn = strtol(c, &e, 10);
2315 NWRAP_LOG(NWRAP_LOG_ERROR,
2316 "warn -- Invalid line[%s]: '%s' - %s",
2317 line, c, strerror(errno));
2321 NWRAP_LOG(NWRAP_LOG_ERROR,
2322 "warn -- Invalid line[%s]: '%s' - %s",
2323 line, c, strerror(errno));
2327 NWRAP_LOG(NWRAP_LOG_ERROR,
2328 "warn -- Invalid line[%s]: '%s' - %s",
2329 line, c, strerror(errno));
2342 NWRAP_LOG(NWRAP_LOG_ERROR,
2343 "inact -- Invalid line[%s]: '%s'",
2350 sp->sp_inact = strtol(c, &e, 10);
2352 NWRAP_LOG(NWRAP_LOG_ERROR,
2353 "inact -- Invalid line[%s]: '%s' - %s",
2354 line, c, strerror(errno));
2358 NWRAP_LOG(NWRAP_LOG_ERROR,
2359 "inact -- Invalid line[%s]: '%s' - %s",
2360 line, c, strerror(errno));
2364 NWRAP_LOG(NWRAP_LOG_ERROR,
2365 "inact -- Invalid line[%s]: '%s' - %s",
2366 line, c, strerror(errno));
2379 NWRAP_LOG(NWRAP_LOG_ERROR,
2380 "expire -- Invalid line[%s]: '%s'",
2387 sp->sp_expire = strtol(c, &e, 10);
2389 NWRAP_LOG(NWRAP_LOG_ERROR,
2390 "expire -- Invalid line[%s]: '%s' - %s",
2391 line, c, strerror(errno));
2395 NWRAP_LOG(NWRAP_LOG_ERROR,
2396 "expire -- Invalid line[%s]: '%s' - %s",
2397 line, c, strerror(errno));
2401 NWRAP_LOG(NWRAP_LOG_ERROR,
2402 "expire -- Invalid line[%s]: '%s' - %s",
2403 line, c, strerror(errno));
2413 static void nwrap_sp_unload(struct nwrap_cache *nwrap)
2415 struct nwrap_sp *nwrap_sp;
2416 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2418 SAFE_FREE(nwrap_sp->list);
2422 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
2425 * the caller has to call nwrap_unload() on failure
2427 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line)
2429 struct nwrap_gr *nwrap_gr;
2437 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2439 list_size = sizeof(*nwrap_gr->list) * (nwrap_gr->num+1);
2440 gr = (struct group *)realloc(nwrap_gr->list, list_size);
2442 NWRAP_LOG(NWRAP_LOG_ERROR, "realloc failed");
2445 nwrap_gr->list = gr;
2447 gr = &nwrap_gr->list[nwrap_gr->num];
2454 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2462 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]", gr->gr_name);
2467 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2475 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]", gr->gr_passwd);
2480 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2486 gr->gr_gid = (gid_t)strtoul(c, &e, 10);
2488 NWRAP_LOG(NWRAP_LOG_ERROR,
2489 "Invalid line[%s]: '%s' - %s",
2490 line, c, strerror(errno));
2494 NWRAP_LOG(NWRAP_LOG_ERROR,
2495 "Invalid line[%s]: '%s' - %s",
2496 line, c, strerror(errno));
2500 NWRAP_LOG(NWRAP_LOG_ERROR,
2501 "Invalid line[%s]: '%s' - %s",
2502 line, c, strerror(errno));
2507 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]", gr->gr_gid);
2510 gr->gr_mem = (char **)malloc(sizeof(char *));
2512 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
2515 gr->gr_mem[0] = NULL;
2517 for(nummem = 0; p != NULL && p[0] != '\0'; nummem++) {
2527 if (strlen(c) == 0) {
2531 m_size = sizeof(char *) * (nummem+2);
2532 m = (char **)realloc(gr->gr_mem, m_size);
2534 NWRAP_LOG(NWRAP_LOG_ERROR,
2535 "realloc(%zd) failed",
2540 gr->gr_mem[nummem] = c;
2541 gr->gr_mem[nummem+1] = NULL;
2543 NWRAP_LOG(NWRAP_LOG_TRACE,
2545 nummem, gr->gr_mem[nummem]);
2548 NWRAP_LOG(NWRAP_LOG_DEBUG,
2549 "Added group[%s:%s:%u:] with %u members",
2550 gr->gr_name, gr->gr_passwd, gr->gr_gid, nummem);
2556 static void nwrap_gr_unload(struct nwrap_cache *nwrap)
2559 struct nwrap_gr *nwrap_gr;
2560 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2562 if (nwrap_gr->list) {
2563 for (i=0; i < nwrap_gr->num; i++) {
2564 SAFE_FREE(nwrap_gr->list[i].gr_mem);
2566 SAFE_FREE(nwrap_gr->list);
2573 static int nwrap_gr_copy_r(const struct group *src, struct group *dst,
2574 char *buf, size_t buflen, struct group **dstp)
2577 uintptr_t align = 0;
2578 unsigned int gr_mem_cnt = 0;
2581 size_t gr_name_len = strlen(src->gr_name) + 1;
2582 size_t gr_passwd_len = strlen(src->gr_passwd) + 1;
2588 for (i = 0; src->gr_mem[i] != NULL; i++) {
2592 /* Align the memory for storing pointers */
2593 align = __alignof__(char *) - ((p - (char *)0) % __alignof__(char *));
2595 (1 + gr_mem_cnt) * sizeof(char *) +
2596 gr_name_len + gr_passwd_len;
2598 if (total_len > buflen) {
2602 buflen -= total_len;
2607 dst->gr_mem = g_mem.data;
2610 p += (1 + gr_mem_cnt) * sizeof(char *);
2621 dst->gr_gid = src->gr_gid;
2623 memcpy(dst->gr_name, src->gr_name, gr_name_len);
2625 memcpy(dst->gr_passwd, src->gr_passwd, gr_passwd_len);
2627 /* Set the terminating entry */
2628 dst->gr_mem[gr_mem_cnt] = NULL;
2630 /* Now add the group members content */
2632 for (i = 0; i < gr_mem_cnt; i++) {
2633 size_t len = strlen(src->gr_mem[i]) + 1;
2640 if (total_len > buflen) {
2645 for (i = 0; i < gr_mem_cnt; i++) {
2646 size_t len = strlen(src->gr_mem[i]) + 1;
2648 memcpy(dst->gr_mem[i],
2660 static struct nwrap_entlist *nwrap_entlist_init(struct nwrap_entdata *ed)
2662 struct nwrap_entlist *el;
2665 NWRAP_LOG(NWRAP_LOG_ERROR,
2666 "entry is NULL, can't create list item");
2670 el = (struct nwrap_entlist *)malloc(sizeof(struct nwrap_entlist));
2672 NWRAP_LOG(NWRAP_LOG_ERROR, "malloc failed");
2682 static bool nwrap_ed_inventarize_add_new(char *const h_name,
2683 struct nwrap_entdata *const ed)
2687 struct nwrap_entlist *el;
2690 if (h_name == NULL) {
2691 NWRAP_LOG(NWRAP_LOG_ERROR, "h_name NULL - can't add");
2695 el = nwrap_entlist_init(ed);
2701 e.data = (void *)el;
2703 p = hsearch(e, ENTER);
2705 NWRAP_LOG(NWRAP_LOG_ERROR,
2706 "Hash table is full (%s)!",
2711 ok = nwrap_vector_add_item(&(nwrap_he_global.lists), (void *)el);
2713 NWRAP_LOG(NWRAP_LOG_ERROR,
2714 "Failed to add list entry to vector.");
2721 static bool nwrap_ed_inventarize_add_to_existing(struct nwrap_entdata *const ed,
2722 struct nwrap_entlist *const el)
2724 struct nwrap_entlist *cursor;
2725 struct nwrap_entlist *el_new;
2728 NWRAP_LOG(NWRAP_LOG_ERROR, "list is NULL, can not add");
2733 for (cursor = el; cursor->next != NULL; cursor = cursor->next)
2735 if (cursor->ed == ed) {
2736 /* The entry already exists in this list. */
2741 if (cursor->ed == ed) {
2742 /* The entry already exists in this list. */
2746 el_new = nwrap_entlist_init(ed);
2747 if (el_new == NULL) {
2751 cursor->next = el_new;
2755 static bool nwrap_ed_inventarize(char *const name,
2756 struct nwrap_entdata *const ed)
2765 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching name: %s", e.key);
2767 p = hsearch(e, FIND);
2769 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found. Adding...", name);
2770 ok = nwrap_ed_inventarize_add_new(name, ed);
2772 struct nwrap_entlist *el = (struct nwrap_entlist *)p->data;
2774 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s found. Add record to list.", name);
2775 ok = nwrap_ed_inventarize_add_to_existing(ed, el);
2781 static bool nwrap_add_hname(struct nwrap_entdata *const ed)
2783 char *const h_name = (char *const)(ed->ht.h_name);
2787 ok = nwrap_ed_inventarize(h_name, ed);
2792 if (ed->ht.h_aliases == NULL) {
2796 /* Itemize aliases */
2797 for (i = 0; ed->ht.h_aliases[i] != NULL; ++i) {
2800 h_name_alias = ed->ht.h_aliases[i];
2802 NWRAP_LOG(NWRAP_LOG_DEBUG, "Add alias: %s", h_name_alias);
2804 if (!nwrap_ed_inventarize(h_name_alias, ed)) {
2805 NWRAP_LOG(NWRAP_LOG_ERROR,
2806 "Unable to add alias: %s", h_name_alias);
2814 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line)
2816 struct nwrap_he *nwrap_he = (struct nwrap_he *)nwrap->private_data;
2817 bool do_aliases = true;
2818 ssize_t aliases_count = 0;
2826 struct nwrap_entdata *ed = (struct nwrap_entdata *)
2827 malloc(sizeof(struct nwrap_entdata));
2829 NWRAP_LOG(NWRAP_LOG_ERROR,
2830 "Unable to allocate memory for nwrap_entdata");
2841 /* Walk to first char */
2842 for (p = i; *p != '.' && *p != ':' && !isxdigit((int) *p); p++) {
2844 NWRAP_LOG(NWRAP_LOG_ERROR,
2845 "Invalid line[%s]: '%s'",
2852 for (i = p; !isspace((int)*p); p++) {
2854 NWRAP_LOG(NWRAP_LOG_ERROR,
2855 "Invalid line[%s]: '%s'",
2864 if (inet_pton(AF_INET, i, ed->addr.host_addr)) {
2865 ed->ht.h_addrtype = AF_INET;
2866 ed->ht.h_length = 4;
2868 } else if (inet_pton(AF_INET6, i, ed->addr.host_addr)) {
2869 ed->ht.h_addrtype = AF_INET6;
2870 ed->ht.h_length = 16;
2873 NWRAP_LOG(NWRAP_LOG_ERROR,
2874 "Invalid line[%s]: '%s'",
2882 ok = nwrap_vector_add_item(&(ed->nwrap_addrdata),
2883 (void *const)ed->addr.host_addr);
2885 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add addrdata to vector");
2889 ed->ht.h_addr_list = nwrap_vector_head(&ed->nwrap_addrdata);
2897 /* Walk to first char */
2898 for (n = p; *p != '_' && !isalnum((int) *p); p++) {
2900 NWRAP_LOG(NWRAP_LOG_ERROR,
2901 "Invalid line[%s]: '%s'",
2909 for (n = p; !isspace((int)*p); p++) {
2918 /* Convert to lowercase. This operate on same memory region */
2922 /* glib's getent always dereferences he->h_aliases */
2923 ed->ht.h_aliases = malloc(sizeof(char *));
2924 if (ed->ht.h_aliases == NULL) {
2928 ed->ht.h_aliases[0] = NULL;
2933 while (do_aliases) {
2939 /* Walk to first char */
2940 for (a = p; *p != '_' && !isalnum((int) *p); p++) {
2946 /* Only trailing spaces are left */
2951 for (a = p; !isspace((int)*p); p++) {
2960 aliases = realloc(ed->ht.h_aliases, sizeof(char *) * (aliases_count + 2));
2961 if (aliases == NULL) {
2965 ed->ht.h_aliases = aliases;
2968 aliases[aliases_count] = a;
2969 aliases[aliases_count + 1] = NULL;
2974 ok = nwrap_vector_add_item(&(nwrap_he->entries), (void *const)ed);
2976 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add entry to vector");
2981 ed->aliases_count = aliases_count;
2982 /* Inventarize item */
2983 ok = nwrap_add_hname(ed);
2988 ok = nwrap_ed_inventarize(ip, ed);
2997 static void nwrap_he_unload(struct nwrap_cache *nwrap)
2999 struct nwrap_he *nwrap_he =
3000 (struct nwrap_he *)nwrap->private_data;
3001 struct nwrap_entdata *ed;
3002 struct nwrap_entlist *el;
3006 nwrap_vector_foreach (ed, nwrap_he->entries, i)
3008 SAFE_FREE(ed->nwrap_addrdata.items);
3009 SAFE_FREE(ed->ht.h_aliases);
3012 SAFE_FREE(nwrap_he->entries.items);
3013 nwrap_he->entries.count = nwrap_he->entries.capacity = 0;
3015 nwrap_vector_foreach(el, nwrap_he->lists, i)
3017 while (el != NULL) {
3018 struct nwrap_entlist *el_next;
3025 SAFE_FREE(nwrap_he->lists.items);
3026 nwrap_he->lists.count = nwrap_he->lists.capacity = 0;
3032 * If we unload the file, the pointers in the hash table point to
3033 * invalid memory. So we need to destroy the hash table and recreate
3037 rc = hcreate(max_hostents);
3039 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to initialize hash table");
3045 /* user functions */
3046 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
3052 (void) b; /* unused */
3054 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3056 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3058 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3062 for (i=0; i<nwrap_pw_global.num; i++) {
3063 if (strcmp(nwrap_pw_global.list[i].pw_name, name) == 0) {
3064 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3065 return &nwrap_pw_global.list[i];
3067 NWRAP_LOG(NWRAP_LOG_DEBUG,
3068 "user[%s] does not match [%s]",
3070 nwrap_pw_global.list[i].pw_name);
3073 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3079 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
3080 const char *name, struct passwd *pwdst,
3081 char *buf, size_t buflen, struct passwd **pwdstp)
3085 pw = nwrap_files_getpwnam(b, name);
3093 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3096 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
3102 (void) b; /* unused */
3104 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3106 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3110 for (i=0; i<nwrap_pw_global.num; i++) {
3111 if (nwrap_pw_global.list[i].pw_uid == uid) {
3112 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] found", uid);
3113 return &nwrap_pw_global.list[i];
3115 NWRAP_LOG(NWRAP_LOG_DEBUG,
3116 "uid[%u] does not match [%u]",
3118 nwrap_pw_global.list[i].pw_uid);
3121 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] not found\n", uid);
3127 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
3128 uid_t uid, struct passwd *pwdst,
3129 char *buf, size_t buflen, struct passwd **pwdstp)
3133 pw = nwrap_files_getpwuid(b, uid);
3141 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3144 /* user enum functions */
3145 static void nwrap_files_setpwent(struct nwrap_backend *b)
3147 (void) b; /* unused */
3149 nwrap_pw_global.idx = 0;
3152 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b)
3156 (void) b; /* unused */
3158 if (nwrap_pw_global.idx == 0) {
3160 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3162 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3167 if (nwrap_pw_global.idx >= nwrap_pw_global.num) {
3172 pw = &nwrap_pw_global.list[nwrap_pw_global.idx++];
3174 NWRAP_LOG(NWRAP_LOG_DEBUG,
3175 "return user[%s] uid[%u]",
3176 pw->pw_name, pw->pw_uid);
3181 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
3182 struct passwd *pwdst, char *buf,
3183 size_t buflen, struct passwd **pwdstp)
3187 pw = nwrap_files_getpwent(b);
3195 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3198 static void nwrap_files_endpwent(struct nwrap_backend *b)
3200 (void) b; /* unused */
3202 nwrap_pw_global.idx = 0;
3207 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
3209 #ifdef HAVE_SETSPENT
3210 static void nwrap_files_setspent(void)
3212 nwrap_sp_global.idx = 0;
3215 static struct spwd *nwrap_files_getspent(void)
3219 if (nwrap_sp_global.idx == 0) {
3222 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3224 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3229 if (nwrap_sp_global.idx >= nwrap_sp_global.num) {
3234 sp = &nwrap_sp_global.list[nwrap_sp_global.idx++];
3236 NWRAP_LOG(NWRAP_LOG_DEBUG,
3243 static void nwrap_files_endspent(void)
3245 nwrap_sp_global.idx = 0;
3247 #endif /* HAVE_SETSPENT */
3249 static struct spwd *nwrap_files_getspnam(const char *name)
3254 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3256 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3258 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3262 for (i=0; i<nwrap_sp_global.num; i++) {
3263 if (strcmp(nwrap_sp_global.list[i].sp_namp, name) == 0) {
3264 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3265 return &nwrap_sp_global.list[i];
3267 NWRAP_LOG(NWRAP_LOG_DEBUG,
3268 "user[%s] does not match [%s]",
3270 nwrap_sp_global.list[i].sp_namp);
3273 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3278 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
3280 /* misc functions */
3281 static int nwrap_files_initgroups(struct nwrap_backend *b,
3290 groups = (gid_t *)malloc(size * sizeof(gid_t));
3291 if (groups == NULL) {
3292 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
3298 nwrap_files_setgrent(b);
3299 while ((grp = nwrap_files_getgrent(b)) != NULL) {
3302 NWRAP_LOG(NWRAP_LOG_DEBUG,
3303 "Inspecting %s for group membership",
3306 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
3307 if (group != grp->gr_gid &&
3308 (strcmp(user, grp->gr_mem[i]) == 0)) {
3309 NWRAP_LOG(NWRAP_LOG_DEBUG,
3310 "%s is member of %s",
3314 groups = (gid_t *)realloc(groups,
3315 (size + 1) * sizeof(gid_t));
3316 if (groups == NULL) {
3317 NWRAP_LOG(NWRAP_LOG_ERROR,
3323 groups[size] = grp->gr_gid;
3329 nwrap_files_endgrent(b);
3331 NWRAP_LOG(NWRAP_LOG_DEBUG,
3332 "%s is member of %d groups",
3335 /* This really only works if uid_wrapper is loaded */
3336 rc = setgroups(size, groups);
3343 /* group functions */
3344 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
3350 (void) b; /* unused */
3352 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3354 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3358 for (i=0; i<nwrap_gr_global.num; i++) {
3359 if (strcmp(nwrap_gr_global.list[i].gr_name, name) == 0) {
3360 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] found", name);
3361 return &nwrap_gr_global.list[i];
3363 NWRAP_LOG(NWRAP_LOG_DEBUG,
3364 "group[%s] does not match [%s]",
3366 nwrap_gr_global.list[i].gr_name);
3369 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] not found", name);
3375 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
3376 const char *name, struct group *grdst,
3377 char *buf, size_t buflen, struct group **grdstp)
3381 gr = nwrap_files_getgrnam(b, name);
3389 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3392 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
3398 (void) b; /* unused */
3400 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3402 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3406 for (i=0; i<nwrap_gr_global.num; i++) {
3407 if (nwrap_gr_global.list[i].gr_gid == gid) {
3408 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] found", gid);
3409 return &nwrap_gr_global.list[i];
3411 NWRAP_LOG(NWRAP_LOG_DEBUG,
3412 "gid[%u] does not match [%u]",
3414 nwrap_gr_global.list[i].gr_gid);
3417 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] not found", gid);
3423 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
3424 gid_t gid, struct group *grdst,
3425 char *buf, size_t buflen, struct group **grdstp)
3429 gr = nwrap_files_getgrgid(b, gid);
3437 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3440 /* group enum functions */
3441 static void nwrap_files_setgrent(struct nwrap_backend *b)
3443 (void) b; /* unused */
3445 nwrap_gr_global.idx = 0;
3448 static struct group *nwrap_files_getgrent(struct nwrap_backend *b)
3452 (void) b; /* unused */
3454 if (nwrap_gr_global.idx == 0) {
3457 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3459 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3464 if (nwrap_gr_global.idx >= nwrap_gr_global.num) {
3469 gr = &nwrap_gr_global.list[nwrap_gr_global.idx++];
3471 NWRAP_LOG(NWRAP_LOG_DEBUG,
3472 "return group[%s] gid[%u]",
3473 gr->gr_name, gr->gr_gid);
3478 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
3479 struct group *grdst, char *buf,
3480 size_t buflen, struct group **grdstp)
3484 gr = nwrap_files_getgrent(b);
3492 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3495 static void nwrap_files_endgrent(struct nwrap_backend *b)
3497 (void) b; /* unused */
3499 nwrap_gr_global.idx = 0;
3502 /* hosts functions */
3503 static int nwrap_files_gethostbyname(const char *name, int af,
3504 struct hostent *result,
3505 struct nwrap_vector *addr_list)
3507 struct nwrap_entlist *el;
3512 char canon_name[DNS_NAME_MAX] = { 0 };
3514 bool he_found = false;
3517 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3519 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3523 name_len = strlen(name);
3524 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
3525 memcpy(canon_name, name, name_len - 1);
3526 canon_name[name_len] = '\0';
3530 if (!str_tolower_copy(&h_name_lower, name)) {
3531 NWRAP_LOG(NWRAP_LOG_DEBUG,
3532 "Out of memory while converting to lower case");
3536 /* Look at hash table for element */
3537 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3538 e.key = h_name_lower;
3540 e_p = hsearch(e, FIND);
3542 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3543 SAFE_FREE(h_name_lower);
3546 SAFE_FREE(h_name_lower);
3548 /* Always cleanup vector and results */
3549 if (!nwrap_vector_is_initialized(addr_list)) {
3550 if (!nwrap_vector_init(addr_list)) {
3551 NWRAP_LOG(NWRAP_LOG_DEBUG,
3552 "Unable to initialize memory for addr_list vector");
3556 /* When vector is initialized data are valid no more.
3557 * Quick way how to free vector is: */
3558 addr_list->count = 0;
3561 /* Iterate through results */
3562 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3566 /* Filter by address familiy if provided */
3567 if (af != AF_UNSPEC && he->h_addrtype != af) {
3573 * glibc doesn't return ipv6 addresses when AF_UNSPEC is used
3575 if (af == AF_UNSPEC && he->h_addrtype != AF_INET) {
3580 memcpy(result, he, sizeof(struct hostent));
3581 NWRAP_LOG(NWRAP_LOG_DEBUG,
3582 "Name found. Returning record for %s",
3586 nwrap_vector_merge(addr_list, &el->ed->nwrap_addrdata);
3587 result->h_addr_list = nwrap_vector_head(addr_list);
3593 NWRAP_LOG(NWRAP_LOG_DEBUG,
3594 "Name found in database. No records matches type.");
3601 #ifdef HAVE_GETHOSTBYNAME_R
3602 static int nwrap_gethostbyname_r(const char *name,
3603 struct hostent *ret,
3604 char *buf, size_t buflen,
3605 struct hostent **result, int *h_errnop)
3607 struct nwrap_vector *addr_list = malloc(sizeof(struct nwrap_vector));
3614 if (addr_list == NULL) {
3615 NWRAP_LOG(NWRAP_LOG_ERROR,
3616 "Unable to allocate memory for address list");
3621 ZERO_STRUCTP(addr_list);
3623 rc = nwrap_files_gethostbyname(name, AF_UNSPEC, ret, addr_list);
3625 *h_errnop = h_errno;
3626 if (addr_list->items != NULL) {
3627 free(addr_list->items);
3629 SAFE_FREE(addr_list);
3634 if (buflen < (addr_list->count * sizeof(void *))) {
3635 SAFE_FREE(addr_list->items);
3636 SAFE_FREE(addr_list);
3640 /* Copy all to user provided buffer and change
3641 * pointers in returned structure.
3642 * +1 is for ending NULL pointer. */
3643 memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *));
3645 free(addr_list->items);
3649 ret->h_addr_list = g.list;
3654 int gethostbyname_r(const char *name,
3655 struct hostent *ret,
3656 char *buf, size_t buflen,
3657 struct hostent **result, int *h_errnop)
3659 if (!nss_wrapper_hosts_enabled()) {
3660 return libc_gethostbyname_r(name,
3668 return nwrap_gethostbyname_r(name, ret, buf, buflen, result, h_errnop);
3672 static int nwrap_files_getaddrinfo(const char *name,
3673 unsigned short port,
3674 const struct addrinfo *hints,
3675 struct addrinfo **ai)
3677 struct nwrap_entlist *el;
3679 struct addrinfo *ai_head = NULL;
3680 struct addrinfo *ai_cur = NULL;
3683 char canon_name[DNS_NAME_MAX] = { 0 };
3684 bool skip_canonname = false;
3692 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3694 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3698 name_len = strlen(name);
3699 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
3700 memcpy(canon_name, name, name_len - 1);
3701 canon_name[name_len] = '\0';
3705 if (!str_tolower_copy(&h_name_lower, name)) {
3706 NWRAP_LOG(NWRAP_LOG_DEBUG,
3707 "Out of memory while converting to lower case");
3711 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3712 e.key = h_name_lower;
3714 e_p = hsearch(e, FIND);
3716 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3717 SAFE_FREE(h_name_lower);
3721 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name: %s found.", h_name_lower);
3722 SAFE_FREE(h_name_lower);
3725 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3728 struct addrinfo *ai_new = NULL;
3732 if (hints->ai_family != AF_UNSPEC &&
3733 he->h_addrtype != hints->ai_family)
3735 NWRAP_LOG(NWRAP_LOG_DEBUG,
3736 "Entry found but with wrong AF - "
3737 "remembering EAI_ADDRINFO.");
3738 rc = EAI_ADDRFAMILY;
3742 /* Function allocates memory and returns it in ai. */
3743 rc2 = nwrap_convert_he_ai(he,
3749 NWRAP_LOG(NWRAP_LOG_ERROR, "Error converting he to ai");
3750 if (ai_head != NULL) {
3751 freeaddrinfo(ai_head);
3755 skip_canonname = true;
3757 if (ai_head == NULL) {
3760 if (ai_cur != NULL) {
3761 ai_cur->ai_next = ai_new;
3766 if (ai_head != NULL) {
3775 static struct hostent *nwrap_files_gethostbyaddr(const void *addr,
3776 socklen_t len, int type)
3779 char ip[NWRAP_INET_ADDRSTRLEN] = {0};
3780 struct nwrap_entdata *ed;
3785 (void) len; /* unused */
3787 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3789 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3793 a = inet_ntop(type, addr, ip, sizeof(ip));
3799 nwrap_vector_foreach(ed, nwrap_he_global.entries, i)
3802 if (he->h_addrtype != type) {
3806 if (memcmp(addr, he->h_addr_list[0], he->h_length) == 0) {
3815 #ifdef HAVE_GETHOSTBYADDR_R
3816 static int nwrap_gethostbyaddr_r(const void *addr, socklen_t len, int type,
3817 struct hostent *ret,
3818 char *buf, size_t buflen,
3819 struct hostent **result, int *h_errnop)
3821 *result = nwrap_files_gethostbyaddr(addr, len, type);
3822 if (*result != NULL) {
3823 memset(buf, '\0', buflen);
3827 *h_errnop = h_errno;
3832 int gethostbyaddr_r(const void *addr, socklen_t len, int type,
3833 struct hostent *ret,
3834 char *buf, size_t buflen,
3835 struct hostent **result, int *h_errnop)
3837 if (!nss_wrapper_hosts_enabled()) {
3838 return libc_gethostbyaddr_r(addr,
3848 return nwrap_gethostbyaddr_r(addr, len, type, ret, buf, buflen, result, h_errnop);
3852 /* hosts enum functions */
3853 static void nwrap_files_sethostent(void)
3855 nwrap_he_global.idx = 0;
3858 static struct hostent *nwrap_files_gethostent(void)
3862 if (nwrap_he_global.idx == 0) {
3865 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3867 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading hosts file");
3872 if (nwrap_he_global.idx >= nwrap_he_global.num) {
3877 he = &((struct nwrap_entdata *)nwrap_he_global.entries.items[nwrap_he_global.idx++])->ht;
3879 NWRAP_LOG(NWRAP_LOG_DEBUG, "return hosts[%s]", he->h_name);
3884 static void nwrap_files_endhostent(void)
3886 nwrap_he_global.idx = 0;
3894 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
3897 static struct passwd pwd;
3898 static char buf[1000];
3901 if (!b->fns->_nss_getpwnam_r) {
3905 status = b->fns->_nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &errno);
3906 if (status == NSS_STATUS_NOTFOUND) {
3909 if (status != NSS_STATUS_SUCCESS) {
3916 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
3917 const char *name, struct passwd *pwdst,
3918 char *buf, size_t buflen, struct passwd **pwdstp)
3924 if (!b->fns->_nss_getpwnam_r) {
3925 return NSS_STATUS_NOTFOUND;
3928 ret = b->fns->_nss_getpwnam_r(name, pwdst, buf, buflen, &errno);
3930 case NSS_STATUS_SUCCESS:
3933 case NSS_STATUS_NOTFOUND:
3938 case NSS_STATUS_TRYAGAIN:
3951 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
3954 static struct passwd pwd;
3955 static char buf[1000];
3958 if (!b->fns->_nss_getpwuid_r) {
3962 status = b->fns->_nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &errno);
3963 if (status == NSS_STATUS_NOTFOUND) {
3966 if (status != NSS_STATUS_SUCCESS) {
3972 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
3973 uid_t uid, struct passwd *pwdst,
3974 char *buf, size_t buflen, struct passwd **pwdstp)
3980 if (!b->fns->_nss_getpwuid_r) {
3984 ret = b->fns->_nss_getpwuid_r(uid, pwdst, buf, buflen, &errno);
3986 case NSS_STATUS_SUCCESS:
3989 case NSS_STATUS_NOTFOUND:
3994 case NSS_STATUS_TRYAGAIN:
4007 static void nwrap_module_setpwent(struct nwrap_backend *b)
4009 if (!b->fns->_nss_setpwent) {
4013 b->fns->_nss_setpwent();
4016 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b)
4018 static struct passwd pwd;
4019 static char buf[1000];
4022 if (!b->fns->_nss_getpwent_r) {
4026 status = b->fns->_nss_getpwent_r(&pwd, buf, sizeof(buf), &errno);
4027 if (status == NSS_STATUS_NOTFOUND) {
4030 if (status != NSS_STATUS_SUCCESS) {
4036 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
4037 struct passwd *pwdst, char *buf,
4038 size_t buflen, struct passwd **pwdstp)
4044 if (!b->fns->_nss_getpwent_r) {
4048 ret = b->fns->_nss_getpwent_r(pwdst, buf, buflen, &errno);
4050 case NSS_STATUS_SUCCESS:
4053 case NSS_STATUS_NOTFOUND:
4058 case NSS_STATUS_TRYAGAIN:
4071 static void nwrap_module_endpwent(struct nwrap_backend *b)
4073 if (!b->fns->_nss_endpwent) {
4077 b->fns->_nss_endpwent();
4080 static int nwrap_module_initgroups(struct nwrap_backend *b,
4081 const char *user, gid_t group)
4087 if (!b->fns->_nss_initgroups) {
4088 return NSS_STATUS_UNAVAIL;
4091 return b->fns->_nss_initgroups(user, group, &start, &size, &groups, 0, &errno);
4094 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
4097 static struct group grp;
4099 static int buflen = 1000;
4102 if (!b->fns->_nss_getgrnam_r) {
4107 buf = (char *)malloc(buflen);
4110 status = b->fns->_nss_getgrnam_r(name, &grp, buf, buflen, &errno);
4111 if (status == NSS_STATUS_TRYAGAIN) {
4113 buf = (char *)realloc(buf, buflen);
4119 if (status == NSS_STATUS_NOTFOUND) {
4123 if (status != NSS_STATUS_SUCCESS) {
4130 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
4131 const char *name, struct group *grdst,
4132 char *buf, size_t buflen, struct group **grdstp)
4138 if (!b->fns->_nss_getgrnam_r) {
4142 ret = b->fns->_nss_getgrnam_r(name, grdst, buf, buflen, &errno);
4144 case NSS_STATUS_SUCCESS:
4147 case NSS_STATUS_NOTFOUND:
4152 case NSS_STATUS_TRYAGAIN:
4165 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
4168 static struct group grp;
4170 static int buflen = 1000;
4173 if (!b->fns->_nss_getgrgid_r) {
4178 buf = (char *)malloc(buflen);
4182 status = b->fns->_nss_getgrgid_r(gid, &grp, buf, buflen, &errno);
4183 if (status == NSS_STATUS_TRYAGAIN) {
4185 buf = (char *)realloc(buf, buflen);
4191 if (status == NSS_STATUS_NOTFOUND) {
4195 if (status != NSS_STATUS_SUCCESS) {
4202 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
4203 gid_t gid, struct group *grdst,
4204 char *buf, size_t buflen, struct group **grdstp)
4210 if (!b->fns->_nss_getgrgid_r) {
4214 ret = b->fns->_nss_getgrgid_r(gid, grdst, buf, buflen, &errno);
4216 case NSS_STATUS_SUCCESS:
4219 case NSS_STATUS_NOTFOUND:
4224 case NSS_STATUS_TRYAGAIN:
4237 static void nwrap_module_setgrent(struct nwrap_backend *b)
4239 if (!b->fns->_nss_setgrent) {
4243 b->fns->_nss_setgrent();
4246 static struct group *nwrap_module_getgrent(struct nwrap_backend *b)
4248 static struct group grp;
4250 static int buflen = 1024;
4253 if (!b->fns->_nss_getgrent_r) {
4258 buf = (char *)malloc(buflen);
4262 status = b->fns->_nss_getgrent_r(&grp, buf, buflen, &errno);
4263 if (status == NSS_STATUS_TRYAGAIN) {
4265 buf = (char *)realloc(buf, buflen);
4271 if (status == NSS_STATUS_NOTFOUND) {
4275 if (status != NSS_STATUS_SUCCESS) {
4282 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
4283 struct group *grdst, char *buf,
4284 size_t buflen, struct group **grdstp)
4290 if (!b->fns->_nss_getgrent_r) {
4294 ret = b->fns->_nss_getgrent_r(grdst, buf, buflen, &errno);
4296 case NSS_STATUS_SUCCESS:
4299 case NSS_STATUS_NOTFOUND:
4304 case NSS_STATUS_TRYAGAIN:
4317 static void nwrap_module_endgrent(struct nwrap_backend *b)
4319 if (!b->fns->_nss_endgrent) {
4323 b->fns->_nss_endgrent();
4326 /****************************************************************************
4328 ***************************************************************************/
4330 static struct passwd *nwrap_getpwnam(const char *name)
4335 for (i=0; i < nwrap_main_global->num_backends; i++) {
4336 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4337 pwd = b->ops->nw_getpwnam(b, name);
4346 struct passwd *getpwnam(const char *name)
4348 if (!nss_wrapper_enabled()) {
4349 return libc_getpwnam(name);
4352 return nwrap_getpwnam(name);
4355 /****************************************************************************
4357 ***************************************************************************/
4359 static int nwrap_getpwnam_r(const char *name, struct passwd *pwdst,
4360 char *buf, size_t buflen, struct passwd **pwdstp)
4364 for (i=0; i < nwrap_main_global->num_backends; i++) {
4365 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4366 ret = b->ops->nw_getpwnam_r(b, name, pwdst, buf, buflen, pwdstp);
4367 if (ret == ENOENT) {
4376 #ifdef HAVE_GETPWNAM_R
4377 # ifdef HAVE_SOLARIS_GETPWNAM_R
4378 int getpwnam_r(const char *name, struct passwd *pwdst,
4379 char *buf, int buflen, struct passwd **pwdstp)
4380 # else /* HAVE_SOLARIS_GETPWNAM_R */
4381 int getpwnam_r(const char *name, struct passwd *pwdst,
4382 char *buf, size_t buflen, struct passwd **pwdstp)
4383 # endif /* HAVE_SOLARIS_GETPWNAM_R */
4385 if (!nss_wrapper_enabled()) {
4386 return libc_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
4389 return nwrap_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
4393 /****************************************************************************
4395 ***************************************************************************/
4397 static struct passwd *nwrap_getpwuid(uid_t uid)
4402 for (i=0; i < nwrap_main_global->num_backends; i++) {
4403 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4404 pwd = b->ops->nw_getpwuid(b, uid);
4413 struct passwd *getpwuid(uid_t uid)
4415 if (!nss_wrapper_enabled()) {
4416 return libc_getpwuid(uid);
4419 return nwrap_getpwuid(uid);
4422 /****************************************************************************
4424 ***************************************************************************/
4426 static int nwrap_getpwuid_r(uid_t uid, struct passwd *pwdst,
4427 char *buf, size_t buflen, struct passwd **pwdstp)
4431 for (i=0; i < nwrap_main_global->num_backends; i++) {
4432 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4433 ret = b->ops->nw_getpwuid_r(b, uid, pwdst, buf, buflen, pwdstp);
4434 if (ret == ENOENT) {
4443 #ifdef HAVE_SOLARIS_GETPWUID_R
4444 int getpwuid_r(uid_t uid, struct passwd *pwdst,
4445 char *buf, int buflen, struct passwd **pwdstp)
4447 int getpwuid_r(uid_t uid, struct passwd *pwdst,
4448 char *buf, size_t buflen, struct passwd **pwdstp)
4451 if (!nss_wrapper_enabled()) {
4452 return libc_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
4455 return nwrap_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
4458 /****************************************************************************
4460 ***************************************************************************/
4462 static void nwrap_setpwent(void)
4466 for (i=0; i < nwrap_main_global->num_backends; i++) {
4467 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4468 b->ops->nw_setpwent(b);
4474 if (!nss_wrapper_enabled()) {
4482 /****************************************************************************
4484 ***************************************************************************/
4486 static struct passwd *nwrap_getpwent(void)
4491 for (i=0; i < nwrap_main_global->num_backends; i++) {
4492 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4493 pwd = b->ops->nw_getpwent(b);
4502 struct passwd *getpwent(void)
4504 if (!nss_wrapper_enabled()) {
4505 return libc_getpwent();
4508 return nwrap_getpwent();
4511 /****************************************************************************
4513 ***************************************************************************/
4515 #ifdef HAVE_GETPWENT_R
4516 static int nwrap_getpwent_r(struct passwd *pwdst, char *buf,
4517 size_t buflen, struct passwd **pwdstp)
4521 for (i=0; i < nwrap_main_global->num_backends; i++) {
4522 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4523 ret = b->ops->nw_getpwent_r(b, pwdst, buf, buflen, pwdstp);
4524 if (ret == ENOENT) {
4533 # ifdef HAVE_SOLARIS_GETPWENT_R
4534 struct passwd *getpwent_r(struct passwd *pwdst, char *buf, int buflen)
4536 struct passwd *pwdstp = NULL;
4539 if (!nss_wrapper_enabled()) {
4540 return libc_getpwent_r(pwdst, buf, buflen);
4542 rc = nwrap_getpwent_r(pwdst, buf, buflen, &pwdstp);
4549 # else /* HAVE_SOLARIS_GETPWENT_R */
4550 int getpwent_r(struct passwd *pwdst, char *buf,
4551 size_t buflen, struct passwd **pwdstp)
4553 if (!nss_wrapper_enabled()) {
4554 return libc_getpwent_r(pwdst, buf, buflen, pwdstp);
4557 return nwrap_getpwent_r(pwdst, buf, buflen, pwdstp);
4559 # endif /* HAVE_SOLARIS_GETPWENT_R */
4560 #endif /* HAVE_GETPWENT_R */
4562 /****************************************************************************
4564 ***************************************************************************/
4566 static void nwrap_endpwent(void)
4570 for (i=0; i < nwrap_main_global->num_backends; i++) {
4571 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4572 b->ops->nw_endpwent(b);
4578 if (!nss_wrapper_enabled()) {
4586 /****************************************************************************
4588 ***************************************************************************/
4590 static int nwrap_initgroups(const char *user, gid_t group)
4594 for (i=0; i < nwrap_main_global->num_backends; i++) {
4595 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4598 rc = b->ops->nw_initgroups(b, user, group);
4608 int initgroups(const char *user, gid_t group)
4610 if (!nss_wrapper_enabled()) {
4611 return libc_initgroups(user, group);
4614 return nwrap_initgroups(user, group);
4617 /****************************************************************************
4619 ***************************************************************************/
4621 static struct group *nwrap_getgrnam(const char *name)
4626 for (i=0; i < nwrap_main_global->num_backends; i++) {
4627 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4628 grp = b->ops->nw_getgrnam(b, name);
4637 struct group *getgrnam(const char *name)
4639 if (!nss_wrapper_enabled()) {
4640 return libc_getgrnam(name);
4643 return nwrap_getgrnam(name);
4646 /****************************************************************************
4648 ***************************************************************************/
4650 static int nwrap_getgrnam_r(const char *name, struct group *grdst,
4651 char *buf, size_t buflen, struct group **grdstp)
4655 for (i=0; i < nwrap_main_global->num_backends; i++) {
4656 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4657 ret = b->ops->nw_getgrnam_r(b, name, grdst, buf, buflen, grdstp);
4658 if (ret == ENOENT) {
4667 #ifdef HAVE_GETGRNAM_R
4668 # ifdef HAVE_SOLARIS_GETGRNAM_R
4669 int getgrnam_r(const char *name, struct group *grp,
4670 char *buf, int buflen, struct group **pgrp)
4671 # else /* HAVE_SOLARIS_GETGRNAM_R */
4672 int getgrnam_r(const char *name, struct group *grp,
4673 char *buf, size_t buflen, struct group **pgrp)
4674 # endif /* HAVE_SOLARIS_GETGRNAM_R */
4676 if (!nss_wrapper_enabled()) {
4677 return libc_getgrnam_r(name,
4684 return nwrap_getgrnam_r(name, grp, buf, buflen, pgrp);
4686 #endif /* HAVE_GETGRNAM_R */
4688 /****************************************************************************
4690 ***************************************************************************/
4692 static struct group *nwrap_getgrgid(gid_t gid)
4697 for (i=0; i < nwrap_main_global->num_backends; i++) {
4698 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4699 grp = b->ops->nw_getgrgid(b, gid);
4708 struct group *getgrgid(gid_t gid)
4710 if (!nss_wrapper_enabled()) {
4711 return libc_getgrgid(gid);
4714 return nwrap_getgrgid(gid);
4717 /****************************************************************************
4719 ***************************************************************************/
4721 static int nwrap_getgrgid_r(gid_t gid, struct group *grdst,
4722 char *buf, size_t buflen, struct group **grdstp)
4726 for (i=0; i < nwrap_main_global->num_backends; i++) {
4727 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4728 ret = b->ops->nw_getgrgid_r(b, gid, grdst, buf, buflen, grdstp);
4729 if (ret == ENOENT) {
4738 #ifdef HAVE_GETGRGID_R
4739 # ifdef HAVE_SOLARIS_GETGRGID_R
4740 int getgrgid_r(gid_t gid, struct group *grdst,
4741 char *buf, int buflen, struct group **grdstp)
4742 # else /* HAVE_SOLARIS_GETGRGID_R */
4743 int getgrgid_r(gid_t gid, struct group *grdst,
4744 char *buf, size_t buflen, struct group **grdstp)
4745 # endif /* HAVE_SOLARIS_GETGRGID_R */
4747 if (!nss_wrapper_enabled()) {
4748 return libc_getgrgid_r(gid, grdst, buf, buflen, grdstp);
4751 return nwrap_getgrgid_r(gid, grdst, buf, buflen, grdstp);
4755 /****************************************************************************
4757 ***************************************************************************/
4759 static void nwrap_setgrent(void)
4763 for (i=0; i < nwrap_main_global->num_backends; i++) {
4764 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4765 b->ops->nw_setgrent(b);
4769 #ifdef HAVE_BSD_SETGRENT
4775 if (!nss_wrapper_enabled()) {
4783 #ifdef HAVE_BSD_SETGRENT
4790 /****************************************************************************
4792 ***************************************************************************/
4794 static struct group *nwrap_getgrent(void)
4799 for (i=0; i < nwrap_main_global->num_backends; i++) {
4800 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4801 grp = b->ops->nw_getgrent(b);
4810 struct group *getgrent(void)
4812 if (!nss_wrapper_enabled()) {
4813 return libc_getgrent();
4816 return nwrap_getgrent();
4819 /****************************************************************************
4821 ***************************************************************************/
4823 #ifdef HAVE_GETGRENT_R
4824 static int nwrap_getgrent_r(struct group *grdst, char *buf,
4825 size_t buflen, struct group **grdstp)
4829 for (i=0; i < nwrap_main_global->num_backends; i++) {
4830 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4831 ret = b->ops->nw_getgrent_r(b, grdst, buf, buflen, grdstp);
4832 if (ret == ENOENT) {
4841 # ifdef HAVE_SOLARIS_GETGRENT_R
4842 struct group *getgrent_r(struct group *src, char *buf, int buflen)
4844 struct group *grdstp = NULL;
4847 if (!nss_wrapper_enabled()) {
4848 return libc_getgrent_r(src, buf, buflen);
4851 rc = nwrap_getgrent_r(src, buf, buflen, &grdstp);
4858 # else /* HAVE_SOLARIS_GETGRENT_R */
4859 int getgrent_r(struct group *src, char *buf,
4860 size_t buflen, struct group **grdstp)
4862 if (!nss_wrapper_enabled()) {
4863 return libc_getgrent_r(src, buf, buflen, grdstp);
4866 return nwrap_getgrent_r(src, buf, buflen, grdstp);
4868 # endif /* HAVE_SOLARIS_GETGRENT_R */
4869 #endif /* HAVE_GETGRENT_R */
4871 /****************************************************************************
4873 ***************************************************************************/
4875 static void nwrap_endgrent(void)
4879 for (i=0; i < nwrap_main_global->num_backends; i++) {
4880 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4881 b->ops->nw_endgrent(b);
4887 if (!nss_wrapper_enabled()) {
4895 /****************************************************************************
4897 ***************************************************************************/
4899 #ifdef HAVE_GETGROUPLIST
4900 static int nwrap_getgrouplist(const char *user, gid_t group,
4901 gid_t *groups, int *ngroups)
4907 NWRAP_LOG(NWRAP_LOG_DEBUG, "getgrouplist called for %s", user);
4909 groups_tmp = (gid_t *)malloc(count * sizeof(gid_t));
4911 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
4915 groups_tmp[0] = group;
4918 while ((grp = nwrap_getgrent()) != NULL) {
4921 NWRAP_LOG(NWRAP_LOG_DEBUG,
4922 "Inspecting %s for group membership",
4925 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
4927 if (group != grp->gr_gid &&
4928 (strcmp(user, grp->gr_mem[i]) == 0)) {
4930 NWRAP_LOG(NWRAP_LOG_DEBUG,
4931 "%s is member of %s",
4935 groups_tmp = (gid_t *)realloc(groups_tmp, (count + 1) * sizeof(gid_t));
4937 NWRAP_LOG(NWRAP_LOG_ERROR,
4942 groups_tmp[count] = grp->gr_gid;
4951 NWRAP_LOG(NWRAP_LOG_DEBUG,
4952 "%s is member of %d groups",
4955 if (*ngroups < count) {
4962 memcpy(groups, groups_tmp, count * sizeof(gid_t));
4968 int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups)
4970 if (!nss_wrapper_enabled()) {
4971 return libc_getgrouplist(user, group, groups, ngroups);
4974 return nwrap_getgrouplist(user, group, groups, ngroups);
4978 /**********************************************************
4980 **********************************************************/
4982 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
4984 #ifdef HAVE_SETSPENT
4985 static void nwrap_setspent(void)
4987 nwrap_files_setspent();
4992 if (!nss_wrapper_shadow_enabled()) {
4999 static struct spwd *nwrap_getspent(void)
5001 return nwrap_files_getspent();
5004 struct spwd *getspent(void)
5006 if (!nss_wrapper_shadow_enabled()) {
5010 return nwrap_getspent();
5013 static void nwrap_endspent(void)
5015 nwrap_files_endspent();
5020 if (!nss_wrapper_shadow_enabled()) {
5026 #endif /* HAVE_SETSPENT */
5028 static struct spwd *nwrap_getspnam(const char *name)
5030 return nwrap_files_getspnam(name);
5033 struct spwd *getspnam(const char *name)
5035 if (!nss_wrapper_shadow_enabled()) {
5039 return nwrap_getspnam(name);
5042 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
5044 /**********************************************************
5046 **********************************************************/
5048 static void nwrap_sethostent(int stayopen) {
5049 (void) stayopen; /* ignored */
5051 nwrap_files_sethostent();
5054 #ifdef HAVE_SOLARIS_SETHOSTENT
5055 int sethostent(int stayopen)
5057 if (!nss_wrapper_hosts_enabled()) {
5058 libc_sethostent(stayopen);
5062 nwrap_sethostent(stayopen);
5066 #else /* HAVE_SOLARIS_SETHOSTENT */
5067 void sethostent(int stayopen)
5069 if (!nss_wrapper_hosts_enabled()) {
5070 libc_sethostent(stayopen);
5074 nwrap_sethostent(stayopen);
5076 #endif /* HAVE_SOLARIS_SETHOSTENT */
5078 static struct hostent *nwrap_gethostent(void)
5080 return nwrap_files_gethostent();
5083 struct hostent *gethostent(void) {
5084 if (!nss_wrapper_hosts_enabled()) {
5085 return libc_gethostent();
5088 return nwrap_gethostent();
5091 static void nwrap_endhostent(void) {
5092 nwrap_files_endhostent();
5095 #ifdef HAVE_SOLARIS_ENDHOSTENT
5096 int endhostent(void)
5098 if (!nss_wrapper_hosts_enabled()) {
5107 #else /* HAVE_SOLARIS_ENDHOSTENT */
5108 void endhostent(void)
5110 if (!nss_wrapper_hosts_enabled()) {
5117 #endif /* HAVE_SOLARIS_ENDHOSTENT */
5120 /* BSD implementation stores data in thread local storage but GLIBC does not */
5121 static __thread struct hostent user_he;
5122 static __thread struct nwrap_vector user_addrlist;
5124 static struct hostent user_he;
5125 static struct nwrap_vector user_addrlist;
5127 static struct hostent *nwrap_gethostbyname(const char *name)
5129 if (nwrap_files_gethostbyname(name, AF_UNSPEC, &user_he, &user_addrlist) == -1) {
5135 struct hostent *gethostbyname(const char *name)
5137 if (!nss_wrapper_hosts_enabled()) {
5138 return libc_gethostbyname(name);
5141 return nwrap_gethostbyname(name);
5144 /* This is a GNU extension - Also can be found on BSD systems */
5145 #ifdef HAVE_GETHOSTBYNAME2
5147 /* BSD implementation stores data in thread local storage but GLIBC not */
5148 static __thread struct hostent user_he2;
5149 static __thread struct nwrap_vector user_addrlist2;
5151 static struct hostent user_he2;
5152 static struct nwrap_vector user_addrlist2;
5154 static struct hostent *nwrap_gethostbyname2(const char *name, int af)
5156 if (nwrap_files_gethostbyname(name, af, &user_he2, &user_addrlist2) == -1) {
5162 struct hostent *gethostbyname2(const char *name, int af)
5164 if (!nss_wrapper_hosts_enabled()) {
5165 return libc_gethostbyname2(name, af);
5168 return nwrap_gethostbyname2(name, af);
5172 static struct hostent *nwrap_gethostbyaddr(const void *addr,
5173 socklen_t len, int type)
5175 return nwrap_files_gethostbyaddr(addr, len, type);
5178 struct hostent *gethostbyaddr(const void *addr,
5179 socklen_t len, int type)
5181 if (!nss_wrapper_hosts_enabled()) {
5182 return libc_gethostbyaddr(addr, len, type);
5185 return nwrap_gethostbyaddr(addr, len, type);
5188 static const struct addrinfo default_hints =
5190 .ai_flags = AI_ADDRCONFIG|AI_V4MAPPED,
5191 .ai_family = AF_UNSPEC,
5196 .ai_canonname = NULL,
5200 static int nwrap_convert_he_ai(const struct hostent *he,
5201 unsigned short port,
5202 const struct addrinfo *hints,
5203 struct addrinfo **pai,
5204 bool skip_canonname)
5206 struct addrinfo *ai;
5213 switch (he->h_addrtype) {
5215 socklen = sizeof(struct sockaddr_in);
5219 socklen = sizeof(struct sockaddr_in6);
5226 ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + socklen);
5231 ai->ai_flags = hints->ai_flags;
5232 ai->ai_family = he->h_addrtype;
5233 ai->ai_socktype = hints->ai_socktype;
5234 ai->ai_protocol = hints->ai_protocol;
5235 ai->ai_canonname = NULL;
5237 if (ai->ai_socktype == 0) {
5238 ai->ai_socktype = SOCK_DGRAM;
5240 if (ai->ai_protocol == 0) {
5241 if (ai->ai_socktype == SOCK_DGRAM) {
5242 ai->ai_protocol = IPPROTO_UDP;
5243 } else if (ai->ai_socktype == SOCK_STREAM) {
5244 ai->ai_protocol = IPPROTO_TCP;
5248 ai->ai_addrlen = socklen;
5249 ai->ai_addr = (void *)(ai + 1);
5251 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
5252 ai->ai_addr->sa_len = socklen;
5254 ai->ai_addr->sa_family = he->h_addrtype;
5256 switch (he->h_addrtype) {
5260 struct sockaddr *sa;
5261 struct sockaddr_in *in;
5264 addr.sa = ai->ai_addr;
5266 memset(addr.in, 0, sizeof(struct sockaddr_in));
5268 addr.in->sin_port = htons(port);
5269 addr.in->sin_family = AF_INET;
5271 memset(addr.in->sin_zero,
5273 sizeof (addr.in->sin_zero));
5274 memcpy(&(addr.in->sin_addr),
5284 struct sockaddr *sa;
5285 struct sockaddr_in6 *in6;
5288 addr.sa = ai->ai_addr;
5290 memset(addr.in6, 0, sizeof(struct sockaddr_in6));
5292 addr.in6->sin6_port = htons(port);
5293 addr.in6->sin6_family = AF_INET6;
5295 memcpy(&addr.in6->sin6_addr,
5305 if (he->h_name && !skip_canonname) {
5306 ai->ai_canonname = strdup(he->h_name);
5307 if (ai->ai_canonname == NULL) {
5317 static int nwrap_getaddrinfo(const char *node,
5318 const char *service,
5319 const struct addrinfo *hints,
5320 struct addrinfo **res)
5322 struct addrinfo *ai = NULL;
5323 unsigned short port = 0;
5333 .family = AF_UNSPEC,
5337 if (node == NULL && service == NULL) {
5341 if (hints == NULL) {
5342 hints = &default_hints;
5346 hints.ai_flags contains invalid flags; or, hints.ai_flags
5347 included AI_CANONNAME and name was NULL.
5349 if ((hints->ai_flags & AI_CANONNAME) && (node == NULL)) {
5350 return EAI_BADFLAGS;
5353 /* If no node has been specified, let glibc deal with it */
5356 struct addrinfo *p = NULL;
5358 ret = libc_getaddrinfo(node, service, hints, &p);
5366 if (service != NULL && service[0] != '\0') {
5367 const char *proto = NULL;
5373 sl = strtol(service, &end_ptr, 10);
5375 if (*end_ptr == '\0') {
5378 } else if (hints->ai_flags & AI_NUMERICSERV) {
5382 if (hints->ai_protocol != 0) {
5383 struct protoent *pent;
5385 pent = getprotobynumber(hints->ai_protocol);
5387 proto = pent->p_name;
5391 s = getservbyname(service, proto);
5395 port = ntohs(s->s_port);
5400 rc = inet_pton(AF_INET, node, &addr.in.v4);
5402 addr.family = AF_INET;
5405 if (addr.family == AF_UNSPEC) {
5406 rc = inet_pton(AF_INET6, node, &addr.in.v6);
5408 addr.family = AF_INET6;
5413 if (addr.family == AF_UNSPEC) {
5414 if (hints->ai_flags & AI_NUMERICHOST) {
5417 } else if ((hints->ai_family != AF_UNSPEC) &&
5418 (hints->ai_family != addr.family))
5420 return EAI_ADDRFAMILY;
5423 rc = nwrap_files_getaddrinfo(node, port, hints, &ai);
5426 struct addrinfo *p = NULL;
5428 ret = libc_getaddrinfo(node, service, hints, &p);
5432 * nwrap_files_getaddrinfo failed, but libc was
5433 * successful -- use the result from libc.
5443 * If the socktype was not specified, duplicate
5444 * each ai returned, so that we have variants for
5447 if (hints->ai_socktype == 0) {
5448 struct addrinfo *ai_cur;
5450 /* freeaddrinfo() frees ai_canonname and ai so allocate them */
5451 for (ai_cur = ai; ai_cur != NULL; ai_cur = ai_cur->ai_next) {
5452 struct addrinfo *ai_new;
5454 /* duplicate the current entry */
5456 ai_new = malloc(sizeof(struct addrinfo));
5457 if (ai_new == NULL) {
5462 memcpy(ai_new, ai_cur, sizeof(struct addrinfo));
5463 ai_new->ai_next = NULL;
5465 /* We need a deep copy or freeaddrinfo() will blow up */
5466 if (ai_cur->ai_canonname != NULL) {
5467 ai_new->ai_canonname =
5468 strdup(ai_cur->ai_canonname);
5471 if (ai_cur->ai_socktype == SOCK_DGRAM) {
5472 ai_new->ai_socktype = SOCK_STREAM;
5473 } else if (ai_cur->ai_socktype == SOCK_STREAM) {
5474 ai_new->ai_socktype = SOCK_DGRAM;
5476 if (ai_cur->ai_protocol == IPPROTO_TCP) {
5477 ai_new->ai_protocol = IPPROTO_UDP;
5478 } else if (ai_cur->ai_protocol == IPPROTO_UDP) {
5479 ai_new->ai_protocol = IPPROTO_TCP;
5482 /* now insert the new entry */
5484 ai_new->ai_next = ai_cur->ai_next;
5485 ai_cur->ai_next = ai_new;
5487 /* and move on (don't duplicate the new entry) */
5498 int getaddrinfo(const char *node, const char *service,
5499 const struct addrinfo *hints,
5500 struct addrinfo **res)
5502 if (!nss_wrapper_hosts_enabled()) {
5503 return libc_getaddrinfo(node, service, hints, res);
5506 return nwrap_getaddrinfo(node, service, hints, res);
5509 static int nwrap_getnameinfo(const struct sockaddr *sa, socklen_t salen,
5510 char *host, size_t hostlen,
5511 char *serv, size_t servlen,
5515 struct servent *service;
5522 if (sa == NULL || salen < sizeof(sa_family_t)) {
5526 if ((flags & NI_NAMEREQD) && host == NULL && serv == NULL) {
5530 type = sa->sa_family;
5534 const struct sockaddr *sa;
5535 const struct sockaddr_in *in;
5538 if (salen < sizeof(struct sockaddr_in)) {
5544 addr = &(a.in->sin_addr);
5545 addrlen = sizeof(a.in->sin_addr);
5546 port = ntohs(a.in->sin_port);
5552 const struct sockaddr *sa;
5553 const struct sockaddr_in6 *in6;
5556 if (salen < sizeof(struct sockaddr_in6)) {
5562 addr = &(a.in6->sin6_addr);
5563 addrlen = sizeof(a.in6->sin6_addr);
5564 port = ntohs(a.in6->sin6_port);
5574 if ((flags & NI_NUMERICHOST) == 0) {
5575 he = nwrap_files_gethostbyaddr(addr, addrlen, type);
5576 if ((flags & NI_NAMEREQD) && (he == NULL || he->h_name == NULL))
5579 if (he != NULL && he->h_name != NULL) {
5580 if (strlen(he->h_name) >= hostlen)
5581 return EAI_OVERFLOW;
5582 snprintf(host, hostlen, "%s", he->h_name);
5583 if (flags & NI_NOFQDN)
5584 host[strcspn(host, ".")] = '\0';
5586 if (inet_ntop(type, addr, host, hostlen) == NULL)
5587 return (errno == ENOSPC) ? EAI_OVERFLOW : EAI_FAIL;
5593 if ((flags & NI_NUMERICSERV) == 0) {
5594 proto = (flags & NI_DGRAM) ? "udp" : "tcp";
5595 service = getservbyport(htons(port), proto);
5597 if (service != NULL) {
5598 if (strlen(service->s_name) >= servlen)
5599 return EAI_OVERFLOW;
5600 snprintf(serv, servlen, "%s", service->s_name);
5602 if (snprintf(serv, servlen, "%u", port) >= (int) servlen)
5603 return EAI_OVERFLOW;
5610 #ifdef HAVE_LINUX_GETNAMEINFO
5611 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5612 char *host, socklen_t hostlen,
5613 char *serv, socklen_t servlen,
5615 #elif defined(HAVE_LINUX_GETNAMEINFO_UNSIGNED)
5616 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5617 char *host, socklen_t hostlen,
5618 char *serv, socklen_t servlen,
5621 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5622 char *host, size_t hostlen,
5623 char *serv, size_t servlen,
5627 if (!nss_wrapper_hosts_enabled()) {
5628 return libc_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
5631 return nwrap_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
5634 static int nwrap_gethostname(char *name, size_t len)
5636 const char *hostname = getenv("NSS_WRAPPER_HOSTNAME");
5638 if (strlen(hostname) >= len) {
5639 errno = ENAMETOOLONG;
5642 snprintf(name, len, "%s", hostname);
5647 #ifdef HAVE_SOLARIS_GETHOSTNAME
5648 int gethostname(char *name, int len)
5649 #else /* HAVE_SOLARIS_GETHOSTNAME */
5650 int gethostname(char *name, size_t len)
5651 #endif /* HAVE_SOLARIS_GETHOSTNAME */
5653 if (!nwrap_hostname_enabled()) {
5654 return libc_gethostname(name, len);
5657 return nwrap_gethostname(name, len);
5660 /****************************
5662 ***************************/
5663 void nwrap_constructor(void)
5666 * If we hold a lock and the application forks, then the child
5667 * is not able to unlock the mutex and we are in a deadlock.
5669 * Setting these handlers should prevent such deadlocks.
5671 pthread_atfork(&nwrap_thread_prepare,
5672 &nwrap_thread_parent,
5673 &nwrap_thread_child);
5675 /* Do not call nwrap_init() here. */
5678 /****************************
5680 ***************************/
5683 * This function is called when the library is unloaded and makes sure that
5684 * sockets get closed and the unix file for the socket are unlinked.
5686 void nwrap_destructor(void)
5691 if (nwrap_main_global != NULL) {
5692 struct nwrap_main *m = nwrap_main_global;
5695 if (m->libc != NULL) {
5696 SAFE_FREE(m->libc->fns);
5697 if (m->libc->handle != NULL) {
5698 dlclose(m->libc->handle);
5700 if (m->libc->nsl_handle != NULL) {
5701 dlclose(m->libc->nsl_handle);
5703 if (m->libc->sock_handle != NULL) {
5704 dlclose(m->libc->sock_handle);
5710 if (m->backends != NULL) {
5711 for (i = 0; i < m->num_backends; i++) {
5712 struct nwrap_backend *b = &(m->backends[i]);
5714 if (b->so_handle != NULL) {
5715 dlclose(b->so_handle);
5719 SAFE_FREE(m->backends);
5723 if (nwrap_pw_global.cache != NULL) {
5724 struct nwrap_cache *c = nwrap_pw_global.cache;
5726 nwrap_files_cache_unload(c);
5732 SAFE_FREE(nwrap_pw_global.list);
5733 nwrap_pw_global.num = 0;
5736 if (nwrap_gr_global.cache != NULL) {
5737 struct nwrap_cache *c = nwrap_gr_global.cache;
5739 nwrap_files_cache_unload(c);
5745 SAFE_FREE(nwrap_gr_global.list);
5746 nwrap_pw_global.num = 0;
5749 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
5750 if (nwrap_sp_global.cache != NULL) {
5751 struct nwrap_cache *c = nwrap_sp_global.cache;
5753 nwrap_files_cache_unload(c);
5759 nwrap_sp_global.num = 0;
5761 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
5763 if (nwrap_he_global.cache != NULL) {
5764 struct nwrap_cache *c = nwrap_he_global.cache;
5766 nwrap_files_cache_unload(c);
5772 nwrap_he_global.num = 0;
5775 free(user_addrlist.items);
5776 #ifdef HAVE_GETHOSTBYNAME2
5777 free(user_addrlist2.items);