4 * Copyright (c) 2007, Stefan Metzmacher <metze@samba.org>
5 * Copyright (c) 2009, Guenther Deschner <gd@samba.org>
6 * Copyright (c) 2014-2015, Michael Adam <obnox@samba.org>
7 * Copyright (c) 2015, Robin Hack <hack.robin@gmail.com>
8 * Copyright (c) 2013-2018, Andreas Schneider <asn@samba.org>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * 3. Neither the name of the author nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 #include <sys/types.h>
45 #include <sys/socket.h>
58 #include <netinet/in.h>
64 * Defining _POSIX_PTHREAD_SEMANTICS before including pwd.h and grp.h gives us
65 * the posix getpwnam_r(), getpwuid_r(), getgrnam_r and getgrgid_r calls on
68 #ifndef _POSIX_PTHREAD_SEMANTICS
69 #define _POSIX_PTHREAD_SEMANTICS
76 #endif /* HAVE_SHADOW_H */
79 #include <arpa/inet.h>
80 #include <netinet/in.h>
84 #if defined(HAVE_NSS_H)
88 typedef enum nss_status NSS_STATUS;
89 #elif defined(HAVE_NSS_COMMON_H)
91 #include <nss_common.h>
92 #include <nss_dbdefs.h>
95 typedef nss_status_t NSS_STATUS;
97 # define NSS_STATUS_SUCCESS NSS_SUCCESS
98 # define NSS_STATUS_NOTFOUND NSS_NOTFOUND
99 # define NSS_STATUS_UNAVAIL NSS_UNAVAIL
100 # define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
102 # error "No nsswitch support detected"
106 #define PTR_DIFF(p1, p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2)))
114 #define EAI_NODATA EAI_NONAME
117 #ifndef EAI_ADDRFAMILY
118 #define EAI_ADDRFAMILY EAI_FAMILY
122 #define __STRING(x) #x
125 #ifndef __STRINGSTRING
126 #define __STRINGSTRING(x) __STRING(x)
130 #define __LINESTR__ __STRINGSTRING(__LINE__)
134 #define __location__ __FILE__ ":" __LINESTR__
138 #define DNS_NAME_MAX 255
141 /* GCC have printf type attribute check. */
142 #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT
143 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
145 #define PRINTF_ATTRIBUTE(a,b)
146 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
148 #ifdef HAVE_CONSTRUCTOR_ATTRIBUTE
149 #define CONSTRUCTOR_ATTRIBUTE __attribute__ ((constructor))
151 #define CONSTRUCTOR_ATTRIBUTE
152 #endif /* HAVE_CONSTRUCTOR_ATTRIBUTE */
154 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
155 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
157 #define DESTRUCTOR_ATTRIBUTE
158 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
160 #define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
163 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
166 #ifndef discard_const
167 #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
170 #ifndef discard_const_p
171 #define discard_const_p(type, ptr) ((type *)discard_const(ptr))
175 #define NWRAP_INET_ADDRSTRLEN INET6_ADDRSTRLEN
177 #define NWRAP_INET_ADDRSTRLEN INET_ADDRSTRLEN
180 #define NWRAP_LOCK(m) do { \
181 pthread_mutex_lock(&( m ## _mutex)); \
184 #define NWRAP_UNLOCK(m) do { \
185 pthread_mutex_unlock(&( m ## _mutex)); \
189 static bool nwrap_initialized = false;
190 static pthread_mutex_t nwrap_initialized_mutex = PTHREAD_MUTEX_INITIALIZER;
192 /* The mutex or accessing the id */
193 static pthread_mutex_t nwrap_global_mutex = PTHREAD_MUTEX_INITIALIZER;
194 static pthread_mutex_t nwrap_gr_global_mutex = PTHREAD_MUTEX_INITIALIZER;
195 static pthread_mutex_t nwrap_he_global_mutex = PTHREAD_MUTEX_INITIALIZER;
196 static pthread_mutex_t nwrap_pw_global_mutex = PTHREAD_MUTEX_INITIALIZER;
197 static pthread_mutex_t nwrap_sp_global_mutex = PTHREAD_MUTEX_INITIALIZER;
199 /* Add new global locks here please */
200 /* Also don't forget to add locks to
201 * nwrap_init() function.
203 # define NWRAP_LOCK_ALL do { \
204 NWRAP_LOCK(nwrap_initialized); \
205 NWRAP_LOCK(nwrap_global); \
206 NWRAP_LOCK(nwrap_gr_global); \
207 NWRAP_LOCK(nwrap_he_global); \
208 NWRAP_LOCK(nwrap_pw_global); \
209 NWRAP_LOCK(nwrap_sp_global); \
212 # define NWRAP_UNLOCK_ALL do {\
213 NWRAP_UNLOCK(nwrap_sp_global); \
214 NWRAP_UNLOCK(nwrap_pw_global); \
215 NWRAP_UNLOCK(nwrap_he_global); \
216 NWRAP_UNLOCK(nwrap_gr_global); \
217 NWRAP_UNLOCK(nwrap_global); \
218 NWRAP_UNLOCK(nwrap_initialized); \
221 static void nwrap_init(void);
223 static void nwrap_thread_prepare(void)
229 static void nwrap_thread_parent(void)
234 static void nwrap_thread_child(void)
239 enum nwrap_dbglvl_e {
247 # define NWRAP_LOG(...)
250 static void nwrap_log(enum nwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
251 # define NWRAP_LOG(dbglvl, ...) nwrap_log((dbglvl), __func__, __VA_ARGS__)
253 static void nwrap_log(enum nwrap_dbglvl_e dbglvl,
255 const char *format, ...)
260 unsigned int lvl = 0;
263 d = getenv("NSS_WRAPPER_DEBUGLEVEL");
268 va_start(va, format);
269 vsnprintf(buffer, sizeof(buffer), format, va);
274 case NWRAP_LOG_ERROR:
276 "NWRAP_ERROR(%d) - %s: %s\n",
281 "NWRAP_WARN(%d) - %s: %s\n",
284 case NWRAP_LOG_DEBUG:
286 "NWRAP_DEBUG(%d) - %s: %s\n",
289 case NWRAP_LOG_TRACE:
291 "NWRAP_TRACE(%d) - %s: %s\n",
297 #endif /* NDEBUG NWRAP_LOG */
299 struct nwrap_libc_fns {
300 struct passwd *(*_libc_getpwnam)(const char *name);
301 int (*_libc_getpwnam_r)(const char *name, struct passwd *pwd,
302 char *buf, size_t buflen, struct passwd **result);
303 struct passwd *(*_libc_getpwuid)(uid_t uid);
304 int (*_libc_getpwuid_r)(uid_t uid, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result);
305 void (*_libc_setpwent)(void);
306 struct passwd *(*_libc_getpwent)(void);
307 #ifdef HAVE_GETPWENT_R
308 # ifdef HAVE_SOLARIS_GETPWENT_R
309 struct passwd *(*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen);
310 # else /* HAVE_SOLARIS_GETPWENT_R */
311 int (*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen, struct passwd **pwbufp);
312 # endif /* HAVE_SOLARIS_GETPWENT_R */
313 #endif /* HAVE_GETPWENT_R */
314 void (*_libc_endpwent)(void);
315 int (*_libc_initgroups)(const char *user, gid_t gid);
316 struct group *(*_libc_getgrnam)(const char *name);
317 int (*_libc_getgrnam_r)(const char *name, struct group *grp, char *buf, size_t buflen, struct group **result);
318 struct group *(*_libc_getgrgid)(gid_t gid);
319 int (*_libc_getgrgid_r)(gid_t gid, struct group *grp, char *buf, size_t buflen, struct group **result);
320 void (*_libc_setgrent)(void);
321 struct group *(*_libc_getgrent)(void);
322 #ifdef HAVE_GETGRENT_R
323 # ifdef HAVE_SOLARIS_GETGRENT_R
324 struct group *(*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen);
325 # else /* HAVE_SOLARIS_GETGRENT_R */
326 int (*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen, struct group **result);
327 # endif /* HAVE_SOLARIS_GETGRENT_R */
328 #endif /* HAVE_GETGRENT_R */
329 void (*_libc_endgrent)(void);
330 int (*_libc_getgrouplist)(const char *user, gid_t group, gid_t *groups, int *ngroups);
332 void (*_libc_sethostent)(int stayopen);
333 struct hostent *(*_libc_gethostent)(void);
334 void (*_libc_endhostent)(void);
336 struct hostent *(*_libc_gethostbyname)(const char *name);
337 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
338 struct hostent *(*_libc_gethostbyname2)(const char *name, int af);
340 struct hostent *(*_libc_gethostbyaddr)(const void *addr, socklen_t len, int type);
342 int (*_libc_getaddrinfo)(const char *node, const char *service,
343 const struct addrinfo *hints,
344 struct addrinfo **res);
345 int (*_libc_getnameinfo)(const struct sockaddr *sa, socklen_t salen,
346 char *host, size_t hostlen,
347 char *serv, size_t servlen,
349 int (*_libc_gethostname)(char *name, size_t len);
350 #ifdef HAVE_GETHOSTBYNAME_R
351 int (*_libc_gethostbyname_r)(const char *name,
353 char *buf, size_t buflen,
354 struct hostent **result, int *h_errnop);
356 #ifdef HAVE_GETHOSTBYADDR_R
357 int (*_libc_gethostbyaddr_r)(const void *addr, socklen_t len, int type,
359 char *buf, size_t buflen,
360 struct hostent **result, int *h_errnop);
364 struct nwrap_module_nss_fns {
365 NSS_STATUS (*_nss_getpwnam_r)(const char *name, struct passwd *result, char *buffer,
366 size_t buflen, int *errnop);
367 NSS_STATUS (*_nss_getpwuid_r)(uid_t uid, struct passwd *result, char *buffer,
368 size_t buflen, int *errnop);
369 NSS_STATUS (*_nss_setpwent)(void);
370 NSS_STATUS (*_nss_getpwent_r)(struct passwd *result, char *buffer,
371 size_t buflen, int *errnop);
372 NSS_STATUS (*_nss_endpwent)(void);
373 NSS_STATUS (*_nss_initgroups)(const char *user, gid_t group, long int *start,
374 long int *size, gid_t **groups, long int limit, int *errnop);
375 NSS_STATUS (*_nss_getgrnam_r)(const char *name, struct group *result, char *buffer,
376 size_t buflen, int *errnop);
377 NSS_STATUS (*_nss_getgrgid_r)(gid_t gid, struct group *result, char *buffer,
378 size_t buflen, int *errnop);
379 NSS_STATUS (*_nss_setgrent)(void);
380 NSS_STATUS (*_nss_getgrent_r)(struct group *result, char *buffer,
381 size_t buflen, int *errnop);
382 NSS_STATUS (*_nss_endgrent)(void);
385 struct nwrap_backend {
389 struct nwrap_ops *ops;
390 struct nwrap_module_nss_fns *fns;
394 struct passwd * (*nw_getpwnam)(struct nwrap_backend *b,
396 int (*nw_getpwnam_r)(struct nwrap_backend *b,
397 const char *name, struct passwd *pwdst,
398 char *buf, size_t buflen, struct passwd **pwdstp);
399 struct passwd * (*nw_getpwuid)(struct nwrap_backend *b,
401 int (*nw_getpwuid_r)(struct nwrap_backend *b,
402 uid_t uid, struct passwd *pwdst,
403 char *buf, size_t buflen, struct passwd **pwdstp);
404 void (*nw_setpwent)(struct nwrap_backend *b);
405 struct passwd * (*nw_getpwent)(struct nwrap_backend *b);
406 int (*nw_getpwent_r)(struct nwrap_backend *b,
407 struct passwd *pwdst, char *buf,
408 size_t buflen, struct passwd **pwdstp);
409 void (*nw_endpwent)(struct nwrap_backend *b);
410 int (*nw_initgroups)(struct nwrap_backend *b,
411 const char *user, gid_t group);
412 struct group * (*nw_getgrnam)(struct nwrap_backend *b,
414 int (*nw_getgrnam_r)(struct nwrap_backend *b,
415 const char *name, struct group *grdst,
416 char *buf, size_t buflen, struct group **grdstp);
417 struct group * (*nw_getgrgid)(struct nwrap_backend *b,
419 int (*nw_getgrgid_r)(struct nwrap_backend *b,
420 gid_t gid, struct group *grdst,
421 char *buf, size_t buflen, struct group **grdstp);
422 void (*nw_setgrent)(struct nwrap_backend *b);
423 struct group * (*nw_getgrent)(struct nwrap_backend *b);
424 int (*nw_getgrent_r)(struct nwrap_backend *b,
425 struct group *grdst, char *buf,
426 size_t buflen, struct group **grdstp);
427 void (*nw_endgrent)(struct nwrap_backend *b);
430 /* Public prototypes */
432 bool nss_wrapper_enabled(void);
433 bool nss_wrapper_shadow_enabled(void);
434 bool nss_wrapper_hosts_enabled(void);
436 /* prototypes for files backend */
439 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
441 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
442 const char *name, struct passwd *pwdst,
443 char *buf, size_t buflen, struct passwd **pwdstp);
444 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
446 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
447 uid_t uid, struct passwd *pwdst,
448 char *buf, size_t buflen, struct passwd **pwdstp);
449 static void nwrap_files_setpwent(struct nwrap_backend *b);
450 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b);
451 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
452 struct passwd *pwdst, char *buf,
453 size_t buflen, struct passwd **pwdstp);
454 static void nwrap_files_endpwent(struct nwrap_backend *b);
455 static int nwrap_files_initgroups(struct nwrap_backend *b,
456 const char *user, gid_t group);
457 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
459 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
460 const char *name, struct group *grdst,
461 char *buf, size_t buflen, struct group **grdstp);
462 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
464 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
465 gid_t gid, struct group *grdst,
466 char *buf, size_t buflen, struct group **grdstp);
467 static void nwrap_files_setgrent(struct nwrap_backend *b);
468 static struct group *nwrap_files_getgrent(struct nwrap_backend *b);
469 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
470 struct group *grdst, char *buf,
471 size_t buflen, struct group **grdstp);
472 static void nwrap_files_endgrent(struct nwrap_backend *b);
474 /* prototypes for module backend */
476 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b);
477 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
478 struct passwd *pwdst, char *buf,
479 size_t buflen, struct passwd **pwdstp);
480 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
482 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
483 const char *name, struct passwd *pwdst,
484 char *buf, size_t buflen, struct passwd **pwdstp);
485 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
487 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
488 uid_t uid, struct passwd *pwdst,
489 char *buf, size_t buflen, struct passwd **pwdstp);
490 static void nwrap_module_setpwent(struct nwrap_backend *b);
491 static void nwrap_module_endpwent(struct nwrap_backend *b);
492 static struct group *nwrap_module_getgrent(struct nwrap_backend *b);
493 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
494 struct group *grdst, char *buf,
495 size_t buflen, struct group **grdstp);
496 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
498 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
499 const char *name, struct group *grdst,
500 char *buf, size_t buflen, struct group **grdstp);
501 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
503 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
504 gid_t gid, struct group *grdst,
505 char *buf, size_t buflen, struct group **grdstp);
506 static void nwrap_module_setgrent(struct nwrap_backend *b);
507 static void nwrap_module_endgrent(struct nwrap_backend *b);
508 static int nwrap_module_initgroups(struct nwrap_backend *b,
509 const char *user, gid_t group);
511 struct nwrap_ops nwrap_files_ops = {
512 .nw_getpwnam = nwrap_files_getpwnam,
513 .nw_getpwnam_r = nwrap_files_getpwnam_r,
514 .nw_getpwuid = nwrap_files_getpwuid,
515 .nw_getpwuid_r = nwrap_files_getpwuid_r,
516 .nw_setpwent = nwrap_files_setpwent,
517 .nw_getpwent = nwrap_files_getpwent,
518 .nw_getpwent_r = nwrap_files_getpwent_r,
519 .nw_endpwent = nwrap_files_endpwent,
520 .nw_initgroups = nwrap_files_initgroups,
521 .nw_getgrnam = nwrap_files_getgrnam,
522 .nw_getgrnam_r = nwrap_files_getgrnam_r,
523 .nw_getgrgid = nwrap_files_getgrgid,
524 .nw_getgrgid_r = nwrap_files_getgrgid_r,
525 .nw_setgrent = nwrap_files_setgrent,
526 .nw_getgrent = nwrap_files_getgrent,
527 .nw_getgrent_r = nwrap_files_getgrent_r,
528 .nw_endgrent = nwrap_files_endgrent,
531 struct nwrap_ops nwrap_module_ops = {
532 .nw_getpwnam = nwrap_module_getpwnam,
533 .nw_getpwnam_r = nwrap_module_getpwnam_r,
534 .nw_getpwuid = nwrap_module_getpwuid,
535 .nw_getpwuid_r = nwrap_module_getpwuid_r,
536 .nw_setpwent = nwrap_module_setpwent,
537 .nw_getpwent = nwrap_module_getpwent,
538 .nw_getpwent_r = nwrap_module_getpwent_r,
539 .nw_endpwent = nwrap_module_endpwent,
540 .nw_initgroups = nwrap_module_initgroups,
541 .nw_getgrnam = nwrap_module_getgrnam,
542 .nw_getgrnam_r = nwrap_module_getgrnam_r,
543 .nw_getgrgid = nwrap_module_getgrgid,
544 .nw_getgrgid_r = nwrap_module_getgrgid_r,
545 .nw_setgrent = nwrap_module_setgrent,
546 .nw_getgrent = nwrap_module_getgrent,
547 .nw_getgrent_r = nwrap_module_getgrent_r,
548 .nw_endgrent = nwrap_module_endgrent,
555 struct nwrap_libc_fns *fns;
560 struct nwrap_backend *backends;
561 struct nwrap_libc *libc;
564 static struct nwrap_main *nwrap_main_global;
565 static struct nwrap_main __nwrap_main_global;
570 static int nwrap_convert_he_ai(const struct hostent *he,
572 const struct addrinfo *hints,
573 struct addrinfo **pai,
574 bool skip_canonname);
580 #define DEFAULT_VECTOR_CAPACITY 16
582 struct nwrap_vector {
588 /* Macro returns pointer to first element of vector->items array.
590 * nwrap_vector is used as a memory backend which take care of
591 * memory allocations and other stuff like memory growing.
592 * nwrap_vectors should not be considered as some abstract structures.
593 * On this level, vectors are more handy than direct realloc/malloc
596 * nwrap_vector->items is array inside nwrap_vector which can be
597 * directly pointed by libc structure assembled by cwrap itself.
601 * 1) struct hostent contains char **h_addr_list element.
602 * 2) nwrap_vector holds array of pointers to addresses.
603 * It's easier to use vector to store results of
606 * Now, pretend that cwrap assembled struct hostent and
607 * we need to set h_addr_list to point to nwrap_vector.
608 * Idea behind is to shield users from internal nwrap_vector
610 * (Yes, not fully - array terminated by NULL is needed because
611 * it's result expected by libc function caller.)
617 * struct nwrap_vector *vector = malloc(sizeof(struct nwrap_vector));
618 * ... don't care about failed allocation now ...
620 * ... fill nwrap vector ...
623 * he.h_addr_list = nwrap_vector_head(vector);
626 #define nwrap_vector_head(vect) ((void *)((vect)->items))
628 #define nwrap_vector_foreach(item, vect, iter) \
629 for (iter = 0, (item) = (vect).items == NULL ? NULL : (vect).items[0]; \
631 (item) = (vect).items[++iter])
633 #define nwrap_vector_is_initialized(vector) ((vector)->items != NULL)
635 static inline bool nwrap_vector_init(struct nwrap_vector *const vector)
637 if (vector == NULL) {
641 /* count is initialized by ZERO_STRUCTP */
642 ZERO_STRUCTP(vector);
643 vector->items = malloc(sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
644 if (vector->items == NULL) {
647 vector->capacity = DEFAULT_VECTOR_CAPACITY;
648 memset(vector->items, '\0', sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
653 static bool nwrap_vector_add_item(struct nwrap_vector *vector, void *const item)
655 assert (vector != NULL);
657 if (vector->items == NULL) {
658 nwrap_vector_init(vector);
661 if (vector->count == vector->capacity) {
662 /* Items array _MUST_ be NULL terminated because it's passed
663 * as result to caller which expect NULL terminated array from libc.
665 void **items = realloc(vector->items, sizeof(void *) * ((vector->capacity * 2) + 1));
669 vector->items = items;
671 /* Don't count ending NULL to capacity */
672 vector->capacity *= 2;
675 vector->items[vector->count] = item;
678 vector->items[vector->count] = NULL;
683 static bool nwrap_vector_merge(struct nwrap_vector *dst,
684 struct nwrap_vector *src)
686 void **dst_items = NULL;
689 if (src->count == 0) {
693 count = dst->count + src->count;
695 /* We don't need reallocation if we have enough capacity. */
696 if (src->count > (dst->capacity - dst->count)) {
697 dst_items = (void **)realloc(dst->items, (count + 1) * sizeof(void *));
698 if (dst_items == NULL) {
701 dst->items = dst_items;
702 dst->capacity = count;
705 memcpy((void *)(((long *)dst->items) + dst->count),
707 src->count * sizeof(void *));
720 struct nwrap_vector lines;
722 bool (*parse_line)(struct nwrap_cache *, char *line);
723 void (*unload)(struct nwrap_cache *);
728 struct nwrap_cache *cache;
735 struct nwrap_cache __nwrap_cache_pw;
736 struct nwrap_pw nwrap_pw_global;
738 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line);
739 static void nwrap_pw_unload(struct nwrap_cache *nwrap);
742 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
744 struct nwrap_cache *cache;
751 struct nwrap_cache __nwrap_cache_sp;
752 struct nwrap_sp nwrap_sp_global;
754 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line);
755 static void nwrap_sp_unload(struct nwrap_cache *nwrap);
756 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
760 struct nwrap_cache *cache;
767 struct nwrap_cache __nwrap_cache_gr;
768 struct nwrap_gr nwrap_gr_global;
771 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line);
772 static void nwrap_he_unload(struct nwrap_cache *nwrap);
774 struct nwrap_addrdata {
775 unsigned char host_addr[16]; /* IPv4 or IPv6 address */
778 static size_t max_hostents = 100;
780 struct nwrap_entdata {
781 struct nwrap_addrdata addr;
784 struct nwrap_vector nwrap_addrdata;
786 ssize_t aliases_count;
789 struct nwrap_entlist {
790 struct nwrap_entlist *next;
791 struct nwrap_entdata *ed;
795 struct nwrap_cache *cache;
797 struct nwrap_vector entries;
798 struct nwrap_vector lists;
804 static struct nwrap_cache __nwrap_cache_he;
805 static struct nwrap_he nwrap_he_global;
808 /*********************************************************
810 *********************************************************/
812 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line);
813 static void nwrap_gr_unload(struct nwrap_cache *nwrap);
814 void nwrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
815 void nwrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
817 /*********************************************************
818 * NWRAP LIBC LOADER FUNCTIONS
819 *********************************************************/
828 static const char *nwrap_str_lib(enum nwrap_lib lib)
835 case NWRAP_LIBSOCKET:
839 /* Compiler would warn us about unhandled enum value if we get here */
844 static void *nwrap_load_lib_handle(enum nwrap_lib lib)
846 int flags = RTLD_LAZY;
851 const char *env = getenv("LD_PRELOAD");
853 /* Don't do a deepbind if we run with libasan */
854 if (env != NULL && strlen(env) < 1024) {
855 const char *p = strstr(env, "libasan.so");
857 flags |= RTLD_DEEPBIND;
865 handle = nwrap_main_global->libc->nsl_handle;
866 if (handle == NULL) {
867 for (i = 10; i >= 0; i--) {
868 char soname[256] = {0};
870 snprintf(soname, sizeof(soname), "libnsl.so.%d", i);
871 handle = dlopen(soname, flags);
872 if (handle != NULL) {
877 nwrap_main_global->libc->nsl_handle = handle;
882 case NWRAP_LIBSOCKET:
883 #ifdef HAVE_LIBSOCKET
884 handle = nwrap_main_global->libc->sock_handle;
885 if (handle == NULL) {
886 for (i = 10; i >= 0; i--) {
887 char soname[256] = {0};
889 snprintf(soname, sizeof(soname), "libsocket.so.%d", i);
890 handle = dlopen(soname, flags);
891 if (handle != NULL) {
896 nwrap_main_global->libc->sock_handle = handle;
902 handle = nwrap_main_global->libc->handle;
903 if (handle == NULL) {
904 for (i = 10; i >= 0; i--) {
905 char soname[256] = {0};
907 snprintf(soname, sizeof(soname), "libc.so.%d", i);
908 handle = dlopen(soname, flags);
909 if (handle != NULL) {
914 nwrap_main_global->libc->handle = handle;
919 if (handle == NULL) {
921 handle = nwrap_main_global->libc->handle
922 = nwrap_main_global->libc->sock_handle
923 = nwrap_main_global->libc->nsl_handle
926 NWRAP_LOG(NWRAP_LOG_ERROR,
927 "Failed to dlopen library: %s\n",
936 static void *_nwrap_load_lib_function(enum nwrap_lib lib, const char *fn_name)
943 handle = nwrap_load_lib_handle(lib);
945 func = dlsym(handle, fn_name);
947 NWRAP_LOG(NWRAP_LOG_ERROR,
948 "Failed to find %s: %s\n",
953 NWRAP_LOG(NWRAP_LOG_TRACE,
955 fn_name, nwrap_str_lib(lib));
959 #define nwrap_load_lib_function(lib, fn_name) \
960 if (nwrap_main_global->libc->fns->_libc_##fn_name == NULL) { \
961 *(void **) (&nwrap_main_global->libc->fns->_libc_##fn_name) = \
962 _nwrap_load_lib_function(lib, #fn_name); \
965 /* INTERNAL HELPER FUNCTIONS */
966 static void nwrap_lines_unload(struct nwrap_cache *const nwrap)
970 nwrap_vector_foreach(item, nwrap->lines, p) {
971 /* Maybe some vectors were merged ... */
974 SAFE_FREE(nwrap->lines.items);
975 ZERO_STRUCTP(&nwrap->lines);
981 * Functions expeciall from libc need to be loaded individually, you can't load
982 * all at once or gdb will segfault at startup. The same applies to valgrind and
983 * has probably something todo with with the linker.
984 * So we need load each function at the point it is called the first time.
986 static struct passwd *libc_getpwnam(const char *name)
988 nwrap_load_lib_function(NWRAP_LIBC, getpwnam);
990 return nwrap_main_global->libc->fns->_libc_getpwnam(name);
993 #ifdef HAVE_GETPWNAM_R
994 static int libc_getpwnam_r(const char *name,
998 struct passwd **result)
1000 #ifdef HAVE___POSIX_GETPWNAM_R
1001 if (nwrap_main_global->libc->fns->_libc_getpwnam_r == NULL) {
1002 *(void **) (&nwrap_main_global->libc->fns->_libc_getpwnam_r) =
1003 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getpwnam_r");
1006 nwrap_load_lib_function(NWRAP_LIBC, getpwnam_r);
1009 return nwrap_main_global->libc->fns->_libc_getpwnam_r(name,
1017 static struct passwd *libc_getpwuid(uid_t uid)
1019 nwrap_load_lib_function(NWRAP_LIBC, getpwuid);
1021 return nwrap_main_global->libc->fns->_libc_getpwuid(uid);
1024 #ifdef HAVE_GETPWUID_R
1025 static int libc_getpwuid_r(uid_t uid,
1029 struct passwd **result)
1031 #ifdef HAVE___POSIX_GETPWUID_R
1032 if (nwrap_main_global->libc->fns->_libc_getpwuid_r == NULL) {
1033 *(void **) (&nwrap_main_global->libc->fns->_libc_getpwuid_r) =
1034 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getpwuid_r");
1037 nwrap_load_lib_function(NWRAP_LIBC, getpwuid_r);
1040 return nwrap_main_global->libc->fns->_libc_getpwuid_r(uid,
1048 static inline void str_tolower(char *dst, char *src)
1050 register char *src_tmp = src;
1051 register char *dst_tmp = dst;
1053 while (*src_tmp != '\0') {
1054 *dst_tmp = tolower(*src_tmp);
1060 static bool str_tolower_copy(char **dst_name, const char *const src_name)
1064 if ((dst_name == NULL) || (src_name == NULL)) {
1068 h_name_lower = strdup(src_name);
1069 if (h_name_lower == NULL) {
1070 NWRAP_LOG(NWRAP_LOG_DEBUG, "Out of memory while strdup");
1074 str_tolower(h_name_lower, h_name_lower);
1075 *dst_name = h_name_lower;
1079 static void libc_setpwent(void)
1081 nwrap_load_lib_function(NWRAP_LIBC, setpwent);
1083 nwrap_main_global->libc->fns->_libc_setpwent();
1086 static struct passwd *libc_getpwent(void)
1088 nwrap_load_lib_function(NWRAP_LIBC, getpwent);
1090 return nwrap_main_global->libc->fns->_libc_getpwent();
1093 #ifdef HAVE_GETPWENT_R
1094 # ifdef HAVE_SOLARIS_GETPWENT_R
1095 static struct passwd *libc_getpwent_r(struct passwd *pwdst,
1099 nwrap_load_lib_function(NWRAP_LIBC, getpwent_r);
1101 return nwrap_main_global->libc->fns->_libc_getpwent_r(pwdst,
1105 # else /* HAVE_SOLARIS_GETPWENT_R */
1106 static int libc_getpwent_r(struct passwd *pwdst,
1109 struct passwd **pwdstp)
1111 nwrap_load_lib_function(NWRAP_LIBC, getpwent_r);
1113 return nwrap_main_global->libc->fns->_libc_getpwent_r(pwdst,
1118 # endif /* HAVE_SOLARIS_GETPWENT_R */
1119 #endif /* HAVE_GETPWENT_R */
1121 static void libc_endpwent(void)
1123 nwrap_load_lib_function(NWRAP_LIBC, endpwent);
1125 nwrap_main_global->libc->fns->_libc_endpwent();
1128 static int libc_initgroups(const char *user, gid_t gid)
1130 nwrap_load_lib_function(NWRAP_LIBC, initgroups);
1132 return nwrap_main_global->libc->fns->_libc_initgroups(user, gid);
1135 static struct group *libc_getgrnam(const char *name)
1137 nwrap_load_lib_function(NWRAP_LIBC, getgrnam);
1139 return nwrap_main_global->libc->fns->_libc_getgrnam(name);
1142 #ifdef HAVE_GETGRNAM_R
1143 static int libc_getgrnam_r(const char *name,
1147 struct group **result)
1149 #ifdef HAVE___POSIX_GETGRNAM_R
1150 if (nwrap_main_global->libc->fns->_libc_getgrnam_r == NULL) {
1151 *(void **) (&nwrap_main_global->libc->fns->_libc_getgrnam_r) =
1152 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getgrnam_r");
1155 nwrap_load_lib_function(NWRAP_LIBC, getgrnam_r);
1158 return nwrap_main_global->libc->fns->_libc_getgrnam_r(name,
1166 static struct group *libc_getgrgid(gid_t gid)
1168 nwrap_load_lib_function(NWRAP_LIBC, getgrgid);
1170 return nwrap_main_global->libc->fns->_libc_getgrgid(gid);
1173 #ifdef HAVE_GETGRGID_R
1174 static int libc_getgrgid_r(gid_t gid,
1178 struct group **result)
1180 #ifdef HAVE___POSIX_GETGRGID_R
1181 if (nwrap_main_global->libc->fns->_libc_getgrgid_r == NULL) {
1182 *(void **) (&nwrap_main_global->libc->fns->_libc_getgrgid_r) =
1183 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getgrgid_r");
1186 nwrap_load_lib_function(NWRAP_LIBC, getgrgid_r);
1189 return nwrap_main_global->libc->fns->_libc_getgrgid_r(gid,
1197 static void libc_setgrent(void)
1199 nwrap_load_lib_function(NWRAP_LIBC, setgrent);
1201 nwrap_main_global->libc->fns->_libc_setgrent();
1204 static struct group *libc_getgrent(void)
1206 nwrap_load_lib_function(NWRAP_LIBC, getgrent);
1208 return nwrap_main_global->libc->fns->_libc_getgrent();
1211 #ifdef HAVE_GETGRENT_R
1212 # ifdef HAVE_SOLARIS_GETGRENT_R
1213 static struct group *libc_getgrent_r(struct group *group,
1217 nwrap_load_lib_function(NWRAP_LIBC, getgrent_r);
1219 return nwrap_main_global->libc->fns->_libc_getgrent_r(group,
1223 # else /* HAVE_SOLARIS_GETGRENT_R */
1224 static int libc_getgrent_r(struct group *group,
1227 struct group **result)
1229 nwrap_load_lib_function(NWRAP_LIBC, getgrent_r);
1231 return nwrap_main_global->libc->fns->_libc_getgrent_r(group,
1236 # endif /* HAVE_SOLARIS_GETGRENT_R */
1237 #endif /* HAVE_GETGRENT_R */
1239 static void libc_endgrent(void)
1241 nwrap_load_lib_function(NWRAP_LIBC, endgrent);
1243 nwrap_main_global->libc->fns->_libc_endgrent();
1246 #ifdef HAVE_GETGROUPLIST
1247 static int libc_getgrouplist(const char *user,
1252 nwrap_load_lib_function(NWRAP_LIBC, getgrouplist);
1254 return nwrap_main_global->libc->fns->_libc_getgrouplist(user,
1261 static void libc_sethostent(int stayopen)
1263 nwrap_load_lib_function(NWRAP_LIBNSL, sethostent);
1265 nwrap_main_global->libc->fns->_libc_sethostent(stayopen);
1268 static struct hostent *libc_gethostent(void)
1270 nwrap_load_lib_function(NWRAP_LIBNSL, gethostent);
1272 return nwrap_main_global->libc->fns->_libc_gethostent();
1275 static void libc_endhostent(void)
1277 nwrap_load_lib_function(NWRAP_LIBNSL, endhostent);
1279 nwrap_main_global->libc->fns->_libc_endhostent();
1282 static struct hostent *libc_gethostbyname(const char *name)
1284 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname);
1286 return nwrap_main_global->libc->fns->_libc_gethostbyname(name);
1289 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
1290 static struct hostent *libc_gethostbyname2(const char *name, int af)
1292 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname2);
1294 return nwrap_main_global->libc->fns->_libc_gethostbyname2(name, af);
1298 static struct hostent *libc_gethostbyaddr(const void *addr,
1302 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyaddr);
1304 return nwrap_main_global->libc->fns->_libc_gethostbyaddr(addr,
1309 static int libc_gethostname(char *name, size_t len)
1311 nwrap_load_lib_function(NWRAP_LIBNSL, gethostname);
1313 return nwrap_main_global->libc->fns->_libc_gethostname(name, len);
1316 #ifdef HAVE_GETHOSTBYNAME_R
1317 static int libc_gethostbyname_r(const char *name,
1318 struct hostent *ret,
1321 struct hostent **result,
1324 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname_r);
1326 return nwrap_main_global->libc->fns->_libc_gethostbyname_r(name,
1335 #ifdef HAVE_GETHOSTBYADDR_R
1336 static int libc_gethostbyaddr_r(const void *addr,
1339 struct hostent *ret,
1342 struct hostent **result,
1345 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyaddr_r);
1347 return nwrap_main_global->libc->fns->_libc_gethostbyaddr_r(addr,
1358 static int libc_getaddrinfo(const char *node,
1359 const char *service,
1360 const struct addrinfo *hints,
1361 struct addrinfo **res)
1363 nwrap_load_lib_function(NWRAP_LIBSOCKET, getaddrinfo);
1365 return nwrap_main_global->libc->fns->_libc_getaddrinfo(node,
1371 static int libc_getnameinfo(const struct sockaddr *sa,
1379 nwrap_load_lib_function(NWRAP_LIBSOCKET, getnameinfo);
1381 return nwrap_main_global->libc->fns->_libc_getnameinfo(sa,
1390 /*********************************************************
1391 * NWRAP NSS MODULE LOADER FUNCTIONS
1392 *********************************************************/
1394 static void *nwrap_load_module_fn(struct nwrap_backend *b,
1395 const char *fn_name)
1400 if (!b->so_handle) {
1401 NWRAP_LOG(NWRAP_LOG_ERROR, "No handle");
1405 if (asprintf(&s, "_nss_%s_%s", b->name, fn_name) == -1) {
1406 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1410 res = dlsym(b->so_handle, s);
1412 NWRAP_LOG(NWRAP_LOG_ERROR,
1413 "Cannot find function %s in %s",
1420 static struct nwrap_module_nss_fns *nwrap_load_module_fns(struct nwrap_backend *b)
1422 struct nwrap_module_nss_fns *fns;
1424 if (!b->so_handle) {
1428 fns = (struct nwrap_module_nss_fns *)malloc(sizeof(struct nwrap_module_nss_fns));
1433 *(void **)(&fns->_nss_getpwnam_r) =
1434 nwrap_load_module_fn(b, "getpwnam_r");
1435 *(void **)(&fns->_nss_getpwuid_r) =
1436 nwrap_load_module_fn(b, "getpwuid_r");
1437 *(void **)(&fns->_nss_setpwent) =
1438 nwrap_load_module_fn(b, "setpwent");
1439 *(void **)(&fns->_nss_getpwent_r) =
1440 nwrap_load_module_fn(b, "getpwent_r");
1441 *(void **)(&fns->_nss_endpwent) =
1442 nwrap_load_module_fn(b, "endpwent");
1443 *(void **)(&fns->_nss_initgroups) =
1444 nwrap_load_module_fn(b, "initgroups_dyn");
1445 *(void **)(&fns->_nss_getgrnam_r) =
1446 nwrap_load_module_fn(b, "getgrnam_r");
1447 *(void **)(&fns->_nss_getgrgid_r)=
1448 nwrap_load_module_fn(b, "getgrgid_r");
1449 *(void **)(&fns->_nss_setgrent) =
1450 nwrap_load_module_fn(b, "setgrent");
1451 *(void **)(&fns->_nss_getgrent_r) =
1452 nwrap_load_module_fn(b, "getgrent_r");
1453 *(void **)(&fns->_nss_endgrent) =
1454 nwrap_load_module_fn(b, "endgrent");
1459 static void *nwrap_load_module(const char *so_path)
1463 if (!so_path || !strlen(so_path)) {
1467 h = dlopen(so_path, RTLD_LAZY);
1469 NWRAP_LOG(NWRAP_LOG_ERROR,
1470 "Cannot open shared library %s",
1478 static bool nwrap_module_init(const char *name,
1479 struct nwrap_ops *ops,
1480 const char *so_path,
1482 struct nwrap_backend **backends)
1484 struct nwrap_backend *b;
1486 *backends = (struct nwrap_backend *)realloc(*backends,
1487 sizeof(struct nwrap_backend) * ((*num_backends) + 1));
1489 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1493 b = &((*backends)[*num_backends]);
1497 b->so_path = so_path;
1499 if (so_path != NULL) {
1500 b->so_handle = nwrap_load_module(so_path);
1501 b->fns = nwrap_load_module_fns(b);
1502 if (b->fns == NULL) {
1506 b->so_handle = NULL;
1515 static void nwrap_libc_init(struct nwrap_main *r)
1517 r->libc = calloc(1, sizeof(struct nwrap_libc));
1518 if (r->libc == NULL) {
1519 printf("Failed to allocate memory for libc");
1523 r->libc->fns = calloc(1, sizeof(struct nwrap_libc_fns));
1524 if (r->libc->fns == NULL) {
1525 printf("Failed to allocate memory for libc functions");
1530 static void nwrap_backend_init(struct nwrap_main *r)
1532 const char *module_so_path = getenv("NSS_WRAPPER_MODULE_SO_PATH");
1533 const char *module_fn_name = getenv("NSS_WRAPPER_MODULE_FN_PREFIX");
1535 r->num_backends = 0;
1538 if (!nwrap_module_init("files", &nwrap_files_ops, NULL,
1541 NWRAP_LOG(NWRAP_LOG_ERROR,
1542 "Failed to initialize 'files' backend");
1546 if (module_so_path != NULL &&
1547 module_so_path[0] != '\0' &&
1548 module_fn_name != NULL &&
1549 module_fn_name[0] != '\0') {
1550 if (!nwrap_module_init(module_fn_name,
1555 NWRAP_LOG(NWRAP_LOG_ERROR,
1556 "Failed to initialize '%s' backend",
1563 static void nwrap_init(void)
1567 size_t max_hostents_tmp;
1570 NWRAP_LOCK(nwrap_initialized);
1571 if (nwrap_initialized) {
1572 NWRAP_UNLOCK(nwrap_initialized);
1577 * Still holding nwrap_initialized lock here.
1578 * We don't use NWRAP_(UN)LOCK_ALL macros here because we
1579 * want to avoid overhead when other threads do their job.
1581 NWRAP_LOCK(nwrap_global);
1582 NWRAP_LOCK(nwrap_gr_global);
1583 NWRAP_LOCK(nwrap_he_global);
1584 NWRAP_LOCK(nwrap_pw_global);
1585 NWRAP_LOCK(nwrap_sp_global);
1587 nwrap_initialized = true;
1589 env = getenv("NSS_WRAPPER_MAX_HOSTENTS");
1591 max_hostents_tmp = (size_t)strtoul(env, &endptr, 10);
1592 if ((*env == '\0') ||
1593 (*endptr != '\0') ||
1594 (max_hostents_tmp == 0)) {
1595 NWRAP_LOG(NWRAP_LOG_DEBUG,
1596 "Error parsing NSS_WRAPPER_MAX_HOSTENTS "
1597 "value or value is too small. "
1598 "Using default value: %lu.",
1599 (unsigned long)max_hostents);
1601 max_hostents = max_hostents_tmp;
1604 /* Initialize hash table */
1605 NWRAP_LOG(NWRAP_LOG_DEBUG,
1606 "Initializing hash table of size %lu items.",
1607 (unsigned long)max_hostents);
1608 ok = hcreate(max_hostents);
1610 NWRAP_LOG(NWRAP_LOG_ERROR,
1611 "Failed to initialize hash table");
1615 nwrap_main_global = &__nwrap_main_global;
1617 nwrap_libc_init(nwrap_main_global);
1619 nwrap_backend_init(nwrap_main_global);
1622 nwrap_pw_global.cache = &__nwrap_cache_pw;
1624 nwrap_pw_global.cache->path = getenv("NSS_WRAPPER_PASSWD");
1625 nwrap_pw_global.cache->fp = NULL;
1626 nwrap_pw_global.cache->fd = -1;
1627 nwrap_pw_global.cache->private_data = &nwrap_pw_global;
1628 nwrap_pw_global.cache->parse_line = nwrap_pw_parse_line;
1629 nwrap_pw_global.cache->unload = nwrap_pw_unload;
1632 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1633 nwrap_sp_global.cache = &__nwrap_cache_sp;
1635 nwrap_sp_global.cache->path = getenv("NSS_WRAPPER_SHADOW");
1636 nwrap_sp_global.cache->fp = NULL;
1637 nwrap_sp_global.cache->fd = -1;
1638 nwrap_sp_global.cache->private_data = &nwrap_sp_global;
1639 nwrap_sp_global.cache->parse_line = nwrap_sp_parse_line;
1640 nwrap_sp_global.cache->unload = nwrap_sp_unload;
1641 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1644 nwrap_gr_global.cache = &__nwrap_cache_gr;
1646 nwrap_gr_global.cache->path = getenv("NSS_WRAPPER_GROUP");
1647 nwrap_gr_global.cache->fp = NULL;
1648 nwrap_gr_global.cache->fd = -1;
1649 nwrap_gr_global.cache->private_data = &nwrap_gr_global;
1650 nwrap_gr_global.cache->parse_line = nwrap_gr_parse_line;
1651 nwrap_gr_global.cache->unload = nwrap_gr_unload;
1654 nwrap_he_global.cache = &__nwrap_cache_he;
1656 nwrap_he_global.cache->path = getenv("NSS_WRAPPER_HOSTS");
1657 nwrap_he_global.cache->fp = NULL;
1658 nwrap_he_global.cache->fd = -1;
1659 nwrap_he_global.cache->private_data = &nwrap_he_global;
1660 nwrap_he_global.cache->parse_line = nwrap_he_parse_line;
1661 nwrap_he_global.cache->unload = nwrap_he_unload;
1663 /* We hold all locks here so we can use NWRAP_UNLOCK_ALL. */
1667 bool nss_wrapper_enabled(void)
1671 if (nwrap_pw_global.cache->path == NULL ||
1672 nwrap_pw_global.cache->path[0] == '\0') {
1675 if (nwrap_gr_global.cache->path == NULL ||
1676 nwrap_gr_global.cache->path[0] == '\0') {
1683 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1684 bool nss_wrapper_shadow_enabled(void)
1688 if (nwrap_sp_global.cache->path == NULL ||
1689 nwrap_sp_global.cache->path[0] == '\0') {
1695 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1697 bool nss_wrapper_hosts_enabled(void)
1701 if (nwrap_he_global.cache->path == NULL ||
1702 nwrap_he_global.cache->path[0] == '\0') {
1709 static bool nwrap_hostname_enabled(void)
1713 if (getenv("NSS_WRAPPER_HOSTNAME") == NULL) {
1720 static bool nwrap_parse_file(struct nwrap_cache *nwrap)
1724 /* Unused but getline needs it */
1728 if (nwrap->st.st_size == 0) {
1729 NWRAP_LOG(NWRAP_LOG_DEBUG, "size == 0");
1733 /* Support for 32-bit system I guess */
1734 if (nwrap->st.st_size > INT32_MAX) {
1735 NWRAP_LOG(NWRAP_LOG_ERROR,
1736 "Size[%u] larger than INT32_MAX",
1737 (unsigned)nwrap->st.st_size);
1744 n = getline(&line, &len, nwrap->fp);
1747 if (feof(nwrap->fp)) {
1751 NWRAP_LOG(NWRAP_LOG_ERROR,
1752 "Unable to read line from file: %s",
1757 if (line[n - 1] == '\n') {
1761 if (line[0] == '\0') {
1766 ok = nwrap->parse_line(nwrap, line);
1768 NWRAP_LOG(NWRAP_LOG_ERROR,
1769 "Unable to parse line file: %s",
1775 /* Line is parsed without issues so add it to list */
1776 ok = nwrap_vector_add_item(&(nwrap->lines), (void *const) line);
1778 NWRAP_LOG(NWRAP_LOG_ERROR,
1779 "Unable to add line to vector");
1783 /* This forces getline to allocate new memory for line. */
1785 } while (!feof(nwrap->fp));
1790 static void nwrap_files_cache_unload(struct nwrap_cache *nwrap)
1792 nwrap->unload(nwrap);
1794 nwrap_lines_unload(nwrap);
1797 static bool nwrap_files_cache_reload(struct nwrap_cache *nwrap)
1802 bool retried = false;
1804 assert(nwrap != NULL);
1807 if (nwrap->fd < 0) {
1808 nwrap->fp = fopen(nwrap->path, "re");
1809 if (nwrap->fp == NULL) {
1811 NWRAP_LOG(NWRAP_LOG_ERROR,
1812 "Unable to open '%s' readonly %d:%s",
1813 nwrap->path, nwrap->fd,
1818 nwrap->fd = fileno(nwrap->fp);
1819 NWRAP_LOG(NWRAP_LOG_DEBUG, "Open '%s'", nwrap->path);
1822 ret = fstat(nwrap->fd, &st);
1824 NWRAP_LOG(NWRAP_LOG_ERROR,
1825 "fstat(%s) - %d:%s",
1835 if (retried == false && st.st_nlink == 0) {
1836 /* maybe someone has replaced the file... */
1837 NWRAP_LOG(NWRAP_LOG_TRACE,
1838 "st_nlink == 0, reopen %s",
1841 memset(&nwrap->st, 0, sizeof(nwrap->st));
1848 if (st.st_mtime == nwrap->st.st_mtime) {
1849 NWRAP_LOG(NWRAP_LOG_TRACE,
1850 "st_mtime[%u] hasn't changed, skip reload",
1851 (unsigned)st.st_mtime);
1855 NWRAP_LOG(NWRAP_LOG_TRACE,
1856 "st_mtime has changed [%u] => [%u], start reload",
1857 (unsigned)st.st_mtime,
1858 (unsigned)nwrap->st.st_mtime);
1862 nwrap_files_cache_unload(nwrap);
1864 ok = nwrap_parse_file(nwrap);
1866 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to reload %s", nwrap->path);
1867 nwrap_files_cache_unload(nwrap);
1871 NWRAP_LOG(NWRAP_LOG_TRACE, "Reloaded %s", nwrap->path);
1876 * the caller has to call nwrap_unload() on failure
1878 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line)
1880 struct nwrap_pw *nwrap_pw;
1887 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
1889 list_size = sizeof(*nwrap_pw->list) * (nwrap_pw->num+1);
1890 pw = (struct passwd *)realloc(nwrap_pw->list, list_size);
1892 NWRAP_LOG(NWRAP_LOG_ERROR,
1893 "realloc(%u) failed",
1894 (unsigned)list_size);
1897 nwrap_pw->list = pw;
1899 pw = &nwrap_pw->list[nwrap_pw->num];
1906 NWRAP_LOG(NWRAP_LOG_ERROR,
1907 "Invalid line[%s]: '%s'",
1917 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", pw->pw_name);
1922 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1930 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]\n", pw->pw_passwd);
1935 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1941 pw->pw_uid = (uid_t)strtoul(c, &e, 10);
1943 NWRAP_LOG(NWRAP_LOG_ERROR,
1944 "Invalid line[%s]: '%s' - %s",
1945 line, c, strerror(errno));
1949 NWRAP_LOG(NWRAP_LOG_ERROR,
1950 "Invalid line[%s]: '%s' - %s",
1951 line, c, strerror(errno));
1955 NWRAP_LOG(NWRAP_LOG_ERROR,
1956 "Invalid line[%s]: '%s' - %s",
1957 line, c, strerror(errno));
1962 NWRAP_LOG(NWRAP_LOG_TRACE, "uid[%u]", pw->pw_uid);
1967 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1973 pw->pw_gid = (gid_t)strtoul(c, &e, 10);
1975 NWRAP_LOG(NWRAP_LOG_ERROR,
1976 "Invalid line[%s]: '%s' - %s",
1977 line, c, strerror(errno));
1981 NWRAP_LOG(NWRAP_LOG_ERROR,
1982 "Invalid line[%s]: '%s' - %s",
1983 line, c, strerror(errno));
1987 NWRAP_LOG(NWRAP_LOG_ERROR,
1988 "Invalid line[%s]: '%s' - %s",
1989 line, c, strerror(errno));
1994 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]\n", pw->pw_gid);
1996 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
1997 pw->pw_class = discard_const_p(char, "");
1999 NWRAP_LOG(NWRAP_LOG_TRACE, "class[%s]", pw->pw_class);
2000 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
2002 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
2005 NWRAP_LOG(NWRAP_LOG_TRACE,
2007 (unsigned long)pw->pw_change);
2008 #endif /* HAVE_STRUCT_PASSWD_PW_CHANGE */
2010 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
2013 NWRAP_LOG(NWRAP_LOG_TRACE,
2015 (unsigned long)pw->pw_expire);
2016 #endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE */
2021 NWRAP_LOG(NWRAP_LOG_ERROR, "invalid line[%s]: '%s'", line, c);
2029 NWRAP_LOG(NWRAP_LOG_TRACE, "gecos[%s]", pw->pw_gecos);
2034 NWRAP_LOG(NWRAP_LOG_ERROR, "'%s'", c);
2042 NWRAP_LOG(NWRAP_LOG_TRACE, "dir[%s]", pw->pw_dir);
2046 NWRAP_LOG(NWRAP_LOG_TRACE, "shell[%s]", pw->pw_shell);
2048 NWRAP_LOG(NWRAP_LOG_DEBUG,
2049 "Added user[%s:%s:%u:%u:%s:%s:%s]",
2050 pw->pw_name, pw->pw_passwd,
2051 pw->pw_uid, pw->pw_gid,
2052 pw->pw_gecos, pw->pw_dir, pw->pw_shell);
2058 static void nwrap_pw_unload(struct nwrap_cache *nwrap)
2060 struct nwrap_pw *nwrap_pw;
2061 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
2063 SAFE_FREE(nwrap_pw->list);
2068 static int nwrap_pw_copy_r(const struct passwd *src, struct passwd *dst,
2069 char *buf, size_t buflen, struct passwd **dstp)
2075 first = src->pw_name;
2077 last = src->pw_shell;
2078 while (*last) last++;
2080 ofs = PTR_DIFF(last + 1, first);
2082 if (ofs > (off_t) buflen) {
2086 memcpy(buf, first, ofs);
2088 ofs = PTR_DIFF(src->pw_name, first);
2089 dst->pw_name = buf + ofs;
2090 ofs = PTR_DIFF(src->pw_passwd, first);
2091 dst->pw_passwd = buf + ofs;
2092 dst->pw_uid = src->pw_uid;
2093 dst->pw_gid = src->pw_gid;
2094 ofs = PTR_DIFF(src->pw_gecos, first);
2095 dst->pw_gecos = buf + ofs;
2096 ofs = PTR_DIFF(src->pw_dir, first);
2097 dst->pw_dir = buf + ofs;
2098 ofs = PTR_DIFF(src->pw_shell, first);
2099 dst->pw_shell = buf + ofs;
2108 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
2109 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line)
2111 struct nwrap_sp *nwrap_sp;
2118 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2120 list_size = sizeof(*nwrap_sp->list) * (nwrap_sp->num+1);
2121 sp = (struct spwd *)realloc(nwrap_sp->list, list_size);
2123 NWRAP_LOG(NWRAP_LOG_ERROR,
2124 "realloc(%u) failed",
2125 (unsigned)list_size);
2128 nwrap_sp->list = sp;
2130 sp = &nwrap_sp->list[nwrap_sp->num];
2137 NWRAP_LOG(NWRAP_LOG_ERROR,
2138 "name -- Invalid line[%s]: '%s'",
2148 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", sp->sp_namp);
2153 NWRAP_LOG(NWRAP_LOG_ERROR,
2154 "pwd -- Invalid line[%s]: '%s'",
2171 NWRAP_LOG(NWRAP_LOG_ERROR,
2172 "lstchg -- Invalid line[%s]: '%s'",
2179 sp->sp_lstchg = strtol(c, &e, 10);
2181 NWRAP_LOG(NWRAP_LOG_ERROR,
2182 "lstchg -- Invalid line[%s]: '%s' - %s",
2183 line, c, strerror(errno));
2187 NWRAP_LOG(NWRAP_LOG_ERROR,
2188 "lstchg -- Invalid line[%s]: '%s' - %s",
2189 line, c, strerror(errno));
2193 NWRAP_LOG(NWRAP_LOG_ERROR,
2194 "lstchg -- Invalid line[%s]: '%s' - %s",
2195 line, c, strerror(errno));
2208 NWRAP_LOG(NWRAP_LOG_ERROR,
2209 "min -- Invalid line[%s]: '%s'",
2216 sp->sp_min = strtol(c, &e, 10);
2218 NWRAP_LOG(NWRAP_LOG_ERROR,
2219 "min -- Invalid line[%s]: '%s' - %s",
2220 line, c, strerror(errno));
2224 NWRAP_LOG(NWRAP_LOG_ERROR,
2225 "min -- Invalid line[%s]: '%s' - %s",
2226 line, c, strerror(errno));
2230 NWRAP_LOG(NWRAP_LOG_ERROR,
2231 "min -- Invalid line[%s]: '%s' - %s",
2232 line, c, strerror(errno));
2245 NWRAP_LOG(NWRAP_LOG_ERROR,
2246 "max -- Invalid line[%s]: '%s'",
2253 sp->sp_max = strtol(c, &e, 10);
2255 NWRAP_LOG(NWRAP_LOG_ERROR,
2256 "max -- Invalid line[%s]: '%s' - %s",
2257 line, c, strerror(errno));
2261 NWRAP_LOG(NWRAP_LOG_ERROR,
2262 "max -- Invalid line[%s]: '%s' - %s",
2263 line, c, strerror(errno));
2267 NWRAP_LOG(NWRAP_LOG_ERROR,
2268 "max -- Invalid line[%s]: '%s' - %s",
2269 line, c, strerror(errno));
2282 NWRAP_LOG(NWRAP_LOG_ERROR,
2283 "warn -- Invalid line[%s]: '%s'",
2290 sp->sp_warn = strtol(c, &e, 10);
2292 NWRAP_LOG(NWRAP_LOG_ERROR,
2293 "warn -- Invalid line[%s]: '%s' - %s",
2294 line, c, strerror(errno));
2298 NWRAP_LOG(NWRAP_LOG_ERROR,
2299 "warn -- Invalid line[%s]: '%s' - %s",
2300 line, c, strerror(errno));
2304 NWRAP_LOG(NWRAP_LOG_ERROR,
2305 "warn -- Invalid line[%s]: '%s' - %s",
2306 line, c, strerror(errno));
2319 NWRAP_LOG(NWRAP_LOG_ERROR,
2320 "inact -- Invalid line[%s]: '%s'",
2327 sp->sp_inact = strtol(c, &e, 10);
2329 NWRAP_LOG(NWRAP_LOG_ERROR,
2330 "inact -- Invalid line[%s]: '%s' - %s",
2331 line, c, strerror(errno));
2335 NWRAP_LOG(NWRAP_LOG_ERROR,
2336 "inact -- Invalid line[%s]: '%s' - %s",
2337 line, c, strerror(errno));
2341 NWRAP_LOG(NWRAP_LOG_ERROR,
2342 "inact -- Invalid line[%s]: '%s' - %s",
2343 line, c, strerror(errno));
2356 NWRAP_LOG(NWRAP_LOG_ERROR,
2357 "expire -- Invalid line[%s]: '%s'",
2364 sp->sp_expire = strtol(c, &e, 10);
2366 NWRAP_LOG(NWRAP_LOG_ERROR,
2367 "expire -- Invalid line[%s]: '%s' - %s",
2368 line, c, strerror(errno));
2372 NWRAP_LOG(NWRAP_LOG_ERROR,
2373 "expire -- Invalid line[%s]: '%s' - %s",
2374 line, c, strerror(errno));
2378 NWRAP_LOG(NWRAP_LOG_ERROR,
2379 "expire -- Invalid line[%s]: '%s' - %s",
2380 line, c, strerror(errno));
2390 static void nwrap_sp_unload(struct nwrap_cache *nwrap)
2392 struct nwrap_sp *nwrap_sp;
2393 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2395 SAFE_FREE(nwrap_sp->list);
2399 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
2402 * the caller has to call nwrap_unload() on failure
2404 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line)
2406 struct nwrap_gr *nwrap_gr;
2414 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2416 list_size = sizeof(*nwrap_gr->list) * (nwrap_gr->num+1);
2417 gr = (struct group *)realloc(nwrap_gr->list, list_size);
2419 NWRAP_LOG(NWRAP_LOG_ERROR, "realloc failed");
2422 nwrap_gr->list = gr;
2424 gr = &nwrap_gr->list[nwrap_gr->num];
2431 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2439 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]", gr->gr_name);
2444 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2452 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]", gr->gr_passwd);
2457 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2463 gr->gr_gid = (gid_t)strtoul(c, &e, 10);
2465 NWRAP_LOG(NWRAP_LOG_ERROR,
2466 "Invalid line[%s]: '%s' - %s",
2467 line, c, strerror(errno));
2471 NWRAP_LOG(NWRAP_LOG_ERROR,
2472 "Invalid line[%s]: '%s' - %s",
2473 line, c, strerror(errno));
2477 NWRAP_LOG(NWRAP_LOG_ERROR,
2478 "Invalid line[%s]: '%s' - %s",
2479 line, c, strerror(errno));
2484 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]", gr->gr_gid);
2487 gr->gr_mem = (char **)malloc(sizeof(char *));
2489 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
2492 gr->gr_mem[0] = NULL;
2494 for(nummem=0; p; nummem++) {
2504 if (strlen(c) == 0) {
2508 m_size = sizeof(char *) * (nummem+2);
2509 m = (char **)realloc(gr->gr_mem, m_size);
2511 NWRAP_LOG(NWRAP_LOG_ERROR,
2512 "realloc(%zd) failed",
2517 gr->gr_mem[nummem] = c;
2518 gr->gr_mem[nummem+1] = NULL;
2520 NWRAP_LOG(NWRAP_LOG_TRACE,
2522 nummem, gr->gr_mem[nummem]);
2525 NWRAP_LOG(NWRAP_LOG_DEBUG,
2526 "Added group[%s:%s:%u:] with %u members",
2527 gr->gr_name, gr->gr_passwd, gr->gr_gid, nummem);
2533 static void nwrap_gr_unload(struct nwrap_cache *nwrap)
2536 struct nwrap_gr *nwrap_gr;
2537 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2539 if (nwrap_gr->list) {
2540 for (i=0; i < nwrap_gr->num; i++) {
2541 SAFE_FREE(nwrap_gr->list[i].gr_mem);
2543 SAFE_FREE(nwrap_gr->list);
2550 static int nwrap_gr_copy_r(const struct group *src, struct group *dst,
2551 char *buf, size_t buflen, struct group **dstp)
2565 first = src->gr_name;
2567 lastm = src->gr_mem;
2574 last = src->gr_passwd;
2576 while (*last) last++;
2578 ofsb = PTR_DIFF(last + 1, first);
2579 ofsm = PTR_DIFF(lastm + 1, src->gr_mem);
2581 if ((ofsb + ofsm) > (off_t) buflen) {
2585 memcpy(buf, first, ofsb);
2586 memcpy(buf + ofsb, src->gr_mem, ofsm);
2588 ofs = PTR_DIFF(src->gr_name, first);
2589 dst->gr_name = buf + ofs;
2590 ofs = PTR_DIFF(src->gr_passwd, first);
2591 dst->gr_passwd = buf + ofs;
2592 dst->gr_gid = src->gr_gid;
2594 g.ptr = (buf + ofsb);
2595 dst->gr_mem = g.data;
2596 for (i=0; src->gr_mem[i]; i++) {
2597 ofs = PTR_DIFF(src->gr_mem[i], first);
2598 dst->gr_mem[i] = buf + ofs;
2608 static struct nwrap_entlist *nwrap_entlist_init(struct nwrap_entdata *ed)
2610 struct nwrap_entlist *el;
2613 NWRAP_LOG(NWRAP_LOG_ERROR,
2614 "entry is NULL, can't create list item");
2618 el = (struct nwrap_entlist *)malloc(sizeof(struct nwrap_entlist));
2620 NWRAP_LOG(NWRAP_LOG_ERROR, "malloc failed");
2630 static bool nwrap_ed_inventarize_add_new(char *const h_name,
2631 struct nwrap_entdata *const ed)
2635 struct nwrap_entlist *el;
2638 if (h_name == NULL) {
2639 NWRAP_LOG(NWRAP_LOG_ERROR, "h_name NULL - can't add");
2643 el = nwrap_entlist_init(ed);
2649 e.data = (void *)el;
2651 p = hsearch(e, ENTER);
2653 NWRAP_LOG(NWRAP_LOG_ERROR,
2654 "Hash table is full (%s)!",
2659 ok = nwrap_vector_add_item(&(nwrap_he_global.lists), (void *)el);
2661 NWRAP_LOG(NWRAP_LOG_ERROR,
2662 "Failed to add list entry to vector.");
2669 static bool nwrap_ed_inventarize_add_to_existing(struct nwrap_entdata *const ed,
2670 struct nwrap_entlist *const el)
2672 struct nwrap_entlist *cursor;
2673 struct nwrap_entlist *el_new;
2676 NWRAP_LOG(NWRAP_LOG_ERROR, "list is NULL, can not add");
2681 for (cursor = el; cursor->next != NULL; cursor = cursor->next)
2683 if (cursor->ed == ed) {
2684 /* The entry already exists in this list. */
2689 if (cursor->ed == ed) {
2690 /* The entry already exists in this list. */
2694 el_new = nwrap_entlist_init(ed);
2695 if (el_new == NULL) {
2699 cursor->next = el_new;
2703 static bool nwrap_ed_inventarize(char *const name,
2704 struct nwrap_entdata *const ed)
2713 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching name: %s", e.key);
2715 p = hsearch(e, FIND);
2717 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found. Adding...", name);
2718 ok = nwrap_ed_inventarize_add_new(name, ed);
2720 struct nwrap_entlist *el = (struct nwrap_entlist *)p->data;
2722 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s found. Add record to list.", name);
2723 ok = nwrap_ed_inventarize_add_to_existing(ed, el);
2729 static bool nwrap_add_hname(struct nwrap_entdata *const ed)
2731 char *const h_name = (char *const)(ed->ht.h_name);
2735 ok = nwrap_ed_inventarize(h_name, ed);
2740 if (ed->ht.h_aliases == NULL) {
2744 /* Itemize aliases */
2745 for (i = 0; ed->ht.h_aliases[i] != NULL; ++i) {
2748 h_name_alias = ed->ht.h_aliases[i];
2750 NWRAP_LOG(NWRAP_LOG_DEBUG, "Add alias: %s", h_name_alias);
2752 if (!nwrap_ed_inventarize(h_name_alias, ed)) {
2753 NWRAP_LOG(NWRAP_LOG_ERROR,
2754 "Unable to add alias: %s", h_name_alias);
2762 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line)
2764 struct nwrap_he *nwrap_he = (struct nwrap_he *)nwrap->private_data;
2765 bool do_aliases = true;
2766 ssize_t aliases_count = 0;
2774 struct nwrap_entdata *ed = (struct nwrap_entdata *)
2775 malloc(sizeof(struct nwrap_entdata));
2777 NWRAP_LOG(NWRAP_LOG_ERROR,
2778 "Unable to allocate memory for nwrap_entdata");
2789 /* Walk to first char */
2790 for (p = i; *p != '.' && *p != ':' && !isxdigit((int) *p); p++) {
2792 NWRAP_LOG(NWRAP_LOG_ERROR,
2793 "Invalid line[%s]: '%s'",
2800 for (i = p; !isspace((int)*p); p++) {
2802 NWRAP_LOG(NWRAP_LOG_ERROR,
2803 "Invalid line[%s]: '%s'",
2812 if (inet_pton(AF_INET, i, ed->addr.host_addr)) {
2813 ed->ht.h_addrtype = AF_INET;
2814 ed->ht.h_length = 4;
2816 } else if (inet_pton(AF_INET6, i, ed->addr.host_addr)) {
2817 ed->ht.h_addrtype = AF_INET6;
2818 ed->ht.h_length = 16;
2821 NWRAP_LOG(NWRAP_LOG_ERROR,
2822 "Invalid line[%s]: '%s'",
2830 ok = nwrap_vector_add_item(&(ed->nwrap_addrdata),
2831 (void *const)ed->addr.host_addr);
2833 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add addrdata to vector");
2837 ed->ht.h_addr_list = nwrap_vector_head(&ed->nwrap_addrdata);
2845 /* Walk to first char */
2846 for (n = p; *p != '_' && !isalnum((int) *p); p++) {
2848 NWRAP_LOG(NWRAP_LOG_ERROR,
2849 "Invalid line[%s]: '%s'",
2857 for (n = p; !isspace((int)*p); p++) {
2866 /* Convert to lowercase. This operate on same memory region */
2870 /* glib's getent always dereferences he->h_aliases */
2871 ed->ht.h_aliases = malloc(sizeof(char *));
2872 if (ed->ht.h_aliases == NULL) {
2876 ed->ht.h_aliases[0] = NULL;
2881 while (do_aliases) {
2887 /* Walk to first char */
2888 for (a = p; *p != '_' && !isalnum((int) *p); p++) {
2894 /* Only trailing spaces are left */
2899 for (a = p; !isspace((int)*p); p++) {
2908 aliases = realloc(ed->ht.h_aliases, sizeof(char *) * (aliases_count + 2));
2909 if (aliases == NULL) {
2913 ed->ht.h_aliases = aliases;
2916 aliases[aliases_count] = a;
2917 aliases[aliases_count + 1] = NULL;
2922 ok = nwrap_vector_add_item(&(nwrap_he->entries), (void *const)ed);
2924 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add entry to vector");
2929 ed->aliases_count = aliases_count;
2930 /* Inventarize item */
2931 ok = nwrap_add_hname(ed);
2936 ok = nwrap_ed_inventarize(ip, ed);
2945 static void nwrap_he_unload(struct nwrap_cache *nwrap)
2947 struct nwrap_he *nwrap_he =
2948 (struct nwrap_he *)nwrap->private_data;
2949 struct nwrap_entdata *ed;
2950 struct nwrap_entlist *el;
2954 nwrap_vector_foreach (ed, nwrap_he->entries, i)
2956 SAFE_FREE(ed->nwrap_addrdata.items);
2957 SAFE_FREE(ed->ht.h_aliases);
2960 SAFE_FREE(nwrap_he->entries.items);
2961 nwrap_he->entries.count = nwrap_he->entries.capacity = 0;
2963 nwrap_vector_foreach(el, nwrap_he->lists, i)
2965 while (el != NULL) {
2966 struct nwrap_entlist *el_next;
2973 SAFE_FREE(nwrap_he->lists.items);
2974 nwrap_he->lists.count = nwrap_he->lists.capacity = 0;
2980 * If we unload the file, the pointers in the hash table point to
2981 * invalid memory. So we need to destroy the hash table and recreate
2985 rc = hcreate(max_hostents);
2987 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to initialize hash table");
2993 /* user functions */
2994 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
3000 (void) b; /* unused */
3002 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3004 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3006 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3010 for (i=0; i<nwrap_pw_global.num; i++) {
3011 if (strcmp(nwrap_pw_global.list[i].pw_name, name) == 0) {
3012 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3013 return &nwrap_pw_global.list[i];
3015 NWRAP_LOG(NWRAP_LOG_DEBUG,
3016 "user[%s] does not match [%s]",
3018 nwrap_pw_global.list[i].pw_name);
3021 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3027 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
3028 const char *name, struct passwd *pwdst,
3029 char *buf, size_t buflen, struct passwd **pwdstp)
3033 pw = nwrap_files_getpwnam(b, name);
3041 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3044 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
3050 (void) b; /* unused */
3052 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3054 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3058 for (i=0; i<nwrap_pw_global.num; i++) {
3059 if (nwrap_pw_global.list[i].pw_uid == uid) {
3060 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] found", uid);
3061 return &nwrap_pw_global.list[i];
3063 NWRAP_LOG(NWRAP_LOG_DEBUG,
3064 "uid[%u] does not match [%u]",
3066 nwrap_pw_global.list[i].pw_uid);
3069 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] not found\n", uid);
3075 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
3076 uid_t uid, struct passwd *pwdst,
3077 char *buf, size_t buflen, struct passwd **pwdstp)
3081 pw = nwrap_files_getpwuid(b, uid);
3089 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3092 /* user enum functions */
3093 static void nwrap_files_setpwent(struct nwrap_backend *b)
3095 (void) b; /* unused */
3097 nwrap_pw_global.idx = 0;
3100 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b)
3104 (void) b; /* unused */
3106 if (nwrap_pw_global.idx == 0) {
3108 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3110 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3115 if (nwrap_pw_global.idx >= nwrap_pw_global.num) {
3120 pw = &nwrap_pw_global.list[nwrap_pw_global.idx++];
3122 NWRAP_LOG(NWRAP_LOG_DEBUG,
3123 "return user[%s] uid[%u]",
3124 pw->pw_name, pw->pw_uid);
3129 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
3130 struct passwd *pwdst, char *buf,
3131 size_t buflen, struct passwd **pwdstp)
3135 pw = nwrap_files_getpwent(b);
3143 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3146 static void nwrap_files_endpwent(struct nwrap_backend *b)
3148 (void) b; /* unused */
3150 nwrap_pw_global.idx = 0;
3155 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
3157 #ifdef HAVE_SETSPENT
3158 static void nwrap_files_setspent(void)
3160 nwrap_sp_global.idx = 0;
3163 static struct spwd *nwrap_files_getspent(void)
3167 if (nwrap_sp_global.idx == 0) {
3170 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3172 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3177 if (nwrap_sp_global.idx >= nwrap_sp_global.num) {
3182 sp = &nwrap_sp_global.list[nwrap_sp_global.idx++];
3184 NWRAP_LOG(NWRAP_LOG_DEBUG,
3191 static void nwrap_files_endspent(void)
3193 nwrap_sp_global.idx = 0;
3195 #endif /* HAVE_SETSPENT */
3197 static struct spwd *nwrap_files_getspnam(const char *name)
3202 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3204 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3206 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3210 for (i=0; i<nwrap_sp_global.num; i++) {
3211 if (strcmp(nwrap_sp_global.list[i].sp_namp, name) == 0) {
3212 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3213 return &nwrap_sp_global.list[i];
3215 NWRAP_LOG(NWRAP_LOG_DEBUG,
3216 "user[%s] does not match [%s]",
3218 nwrap_sp_global.list[i].sp_namp);
3221 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3226 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
3228 /* misc functions */
3229 static int nwrap_files_initgroups(struct nwrap_backend *b,
3238 groups = (gid_t *)malloc(size * sizeof(gid_t));
3239 if (groups == NULL) {
3240 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
3246 nwrap_files_setgrent(b);
3247 while ((grp = nwrap_files_getgrent(b)) != NULL) {
3250 NWRAP_LOG(NWRAP_LOG_DEBUG,
3251 "Inspecting %s for group membership",
3254 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
3255 if (group != grp->gr_gid &&
3256 (strcmp(user, grp->gr_mem[i]) == 0)) {
3257 NWRAP_LOG(NWRAP_LOG_DEBUG,
3258 "%s is member of %s",
3262 groups = (gid_t *)realloc(groups,
3263 (size + 1) * sizeof(gid_t));
3264 if (groups == NULL) {
3265 NWRAP_LOG(NWRAP_LOG_ERROR,
3271 groups[size] = grp->gr_gid;
3277 nwrap_files_endgrent(b);
3279 NWRAP_LOG(NWRAP_LOG_DEBUG,
3280 "%s is member of %d groups",
3283 /* This really only works if uid_wrapper is loaded */
3284 rc = setgroups(size, groups);
3291 /* group functions */
3292 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
3298 (void) b; /* unused */
3300 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3302 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3306 for (i=0; i<nwrap_gr_global.num; i++) {
3307 if (strcmp(nwrap_gr_global.list[i].gr_name, name) == 0) {
3308 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] found", name);
3309 return &nwrap_gr_global.list[i];
3311 NWRAP_LOG(NWRAP_LOG_DEBUG,
3312 "group[%s] does not match [%s]",
3314 nwrap_gr_global.list[i].gr_name);
3317 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] not found", name);
3323 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
3324 const char *name, struct group *grdst,
3325 char *buf, size_t buflen, struct group **grdstp)
3329 gr = nwrap_files_getgrnam(b, name);
3337 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3340 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
3346 (void) b; /* unused */
3348 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3350 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3354 for (i=0; i<nwrap_gr_global.num; i++) {
3355 if (nwrap_gr_global.list[i].gr_gid == gid) {
3356 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] found", gid);
3357 return &nwrap_gr_global.list[i];
3359 NWRAP_LOG(NWRAP_LOG_DEBUG,
3360 "gid[%u] does not match [%u]",
3362 nwrap_gr_global.list[i].gr_gid);
3365 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] not found", gid);
3371 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
3372 gid_t gid, struct group *grdst,
3373 char *buf, size_t buflen, struct group **grdstp)
3377 gr = nwrap_files_getgrgid(b, gid);
3385 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3388 /* group enum functions */
3389 static void nwrap_files_setgrent(struct nwrap_backend *b)
3391 (void) b; /* unused */
3393 nwrap_gr_global.idx = 0;
3396 static struct group *nwrap_files_getgrent(struct nwrap_backend *b)
3400 (void) b; /* unused */
3402 if (nwrap_gr_global.idx == 0) {
3405 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3407 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3412 if (nwrap_gr_global.idx >= nwrap_gr_global.num) {
3417 gr = &nwrap_gr_global.list[nwrap_gr_global.idx++];
3419 NWRAP_LOG(NWRAP_LOG_DEBUG,
3420 "return group[%s] gid[%u]",
3421 gr->gr_name, gr->gr_gid);
3426 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
3427 struct group *grdst, char *buf,
3428 size_t buflen, struct group **grdstp)
3432 gr = nwrap_files_getgrent(b);
3440 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3443 static void nwrap_files_endgrent(struct nwrap_backend *b)
3445 (void) b; /* unused */
3447 nwrap_gr_global.idx = 0;
3450 /* hosts functions */
3451 static int nwrap_files_gethostbyname(const char *name, int af,
3452 struct hostent *result,
3453 struct nwrap_vector *addr_list)
3455 struct nwrap_entlist *el;
3460 char canon_name[DNS_NAME_MAX] = { 0 };
3462 bool he_found = false;
3465 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3467 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3471 name_len = strlen(name);
3472 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
3473 memcpy(canon_name, name, name_len - 1);
3474 canon_name[name_len] = '\0';
3478 if (!str_tolower_copy(&h_name_lower, name)) {
3479 NWRAP_LOG(NWRAP_LOG_DEBUG,
3480 "Out of memory while converting to lower case");
3484 /* Look at hash table for element */
3485 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3486 e.key = h_name_lower;
3488 e_p = hsearch(e, FIND);
3490 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3491 SAFE_FREE(h_name_lower);
3494 SAFE_FREE(h_name_lower);
3496 /* Always cleanup vector and results */
3497 if (!nwrap_vector_is_initialized(addr_list)) {
3498 if (!nwrap_vector_init(addr_list)) {
3499 NWRAP_LOG(NWRAP_LOG_DEBUG,
3500 "Unable to initialize memory for addr_list vector");
3504 /* When vector is initialized data are valid no more.
3505 * Quick way how to free vector is: */
3506 addr_list->count = 0;
3509 /* Iterate through results */
3510 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3514 /* Filter by address familiy if provided */
3515 if (af != AF_UNSPEC && he->h_addrtype != af) {
3521 * glibc doesn't return ipv6 addresses when AF_UNSPEC is used
3523 if (af == AF_UNSPEC && he->h_addrtype != AF_INET) {
3528 memcpy(result, he, sizeof(struct hostent));
3529 NWRAP_LOG(NWRAP_LOG_DEBUG,
3530 "Name found. Returning record for %s",
3534 nwrap_vector_merge(addr_list, &el->ed->nwrap_addrdata);
3535 result->h_addr_list = nwrap_vector_head(addr_list);
3541 NWRAP_LOG(NWRAP_LOG_DEBUG,
3542 "Name found in database. No records matches type.");
3549 #ifdef HAVE_GETHOSTBYNAME_R
3550 static int nwrap_gethostbyname_r(const char *name,
3551 struct hostent *ret,
3552 char *buf, size_t buflen,
3553 struct hostent **result, int *h_errnop)
3555 struct nwrap_vector *addr_list = malloc(sizeof(struct nwrap_vector));
3562 if (addr_list == NULL) {
3563 NWRAP_LOG(NWRAP_LOG_ERROR,
3564 "Unable to allocate memory for address list");
3569 ZERO_STRUCTP(addr_list);
3571 rc = nwrap_files_gethostbyname(name, AF_UNSPEC, ret, addr_list);
3573 *h_errnop = h_errno;
3574 if (addr_list->items != NULL) {
3575 free(addr_list->items);
3577 SAFE_FREE(addr_list);
3582 if (buflen < (addr_list->count * sizeof(void *))) {
3583 SAFE_FREE(addr_list->items);
3584 SAFE_FREE(addr_list);
3588 /* Copy all to user provided buffer and change
3589 * pointers in returned structure.
3590 * +1 is for ending NULL pointer. */
3591 memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *));
3593 free(addr_list->items);
3597 ret->h_addr_list = g.list;
3602 int gethostbyname_r(const char *name,
3603 struct hostent *ret,
3604 char *buf, size_t buflen,
3605 struct hostent **result, int *h_errnop)
3607 if (!nss_wrapper_hosts_enabled()) {
3608 return libc_gethostbyname_r(name,
3616 return nwrap_gethostbyname_r(name, ret, buf, buflen, result, h_errnop);
3620 static int nwrap_files_getaddrinfo(const char *name,
3621 unsigned short port,
3622 const struct addrinfo *hints,
3623 struct addrinfo **ai)
3625 struct nwrap_entlist *el;
3627 struct addrinfo *ai_head = NULL;
3628 struct addrinfo *ai_cur = NULL;
3631 char canon_name[DNS_NAME_MAX] = { 0 };
3632 bool skip_canonname = false;
3640 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3642 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3646 name_len = strlen(name);
3647 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
3648 memcpy(canon_name, name, name_len - 1);
3649 canon_name[name_len] = '\0';
3653 if (!str_tolower_copy(&h_name_lower, name)) {
3654 NWRAP_LOG(NWRAP_LOG_DEBUG,
3655 "Out of memory while converting to lower case");
3659 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3660 e.key = h_name_lower;
3662 e_p = hsearch(e, FIND);
3664 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3665 SAFE_FREE(h_name_lower);
3669 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name: %s found.", h_name_lower);
3670 SAFE_FREE(h_name_lower);
3673 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3676 struct addrinfo *ai_new = NULL;
3680 if (hints->ai_family != AF_UNSPEC &&
3681 he->h_addrtype != hints->ai_family)
3683 NWRAP_LOG(NWRAP_LOG_DEBUG,
3684 "Entry found but with wrong AF - "
3685 "remembering EAI_ADDRINFO.");
3686 rc = EAI_ADDRFAMILY;
3690 /* Function allocates memory and returns it in ai. */
3691 rc2 = nwrap_convert_he_ai(he,
3697 NWRAP_LOG(NWRAP_LOG_ERROR, "Error converting he to ai");
3698 if (ai_head != NULL) {
3699 freeaddrinfo(ai_head);
3703 skip_canonname = true;
3705 if (ai_head == NULL) {
3708 if (ai_cur != NULL) {
3709 ai_cur->ai_next = ai_new;
3714 if (ai_head != NULL) {
3723 static struct hostent *nwrap_files_gethostbyaddr(const void *addr,
3724 socklen_t len, int type)
3727 char ip[NWRAP_INET_ADDRSTRLEN] = {0};
3728 struct nwrap_entdata *ed;
3733 (void) len; /* unused */
3735 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3737 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3741 a = inet_ntop(type, addr, ip, sizeof(ip));
3747 nwrap_vector_foreach(ed, nwrap_he_global.entries, i)
3750 if (he->h_addrtype != type) {
3754 if (memcmp(addr, he->h_addr_list[0], he->h_length) == 0) {
3763 #ifdef HAVE_GETHOSTBYADDR_R
3764 static int nwrap_gethostbyaddr_r(const void *addr, socklen_t len, int type,
3765 struct hostent *ret,
3766 char *buf, size_t buflen,
3767 struct hostent **result, int *h_errnop)
3769 *result = nwrap_files_gethostbyaddr(addr, len, type);
3770 if (*result != NULL) {
3771 memset(buf, '\0', buflen);
3775 *h_errnop = h_errno;
3780 int gethostbyaddr_r(const void *addr, socklen_t len, int type,
3781 struct hostent *ret,
3782 char *buf, size_t buflen,
3783 struct hostent **result, int *h_errnop)
3785 if (!nss_wrapper_hosts_enabled()) {
3786 return libc_gethostbyaddr_r(addr,
3796 return nwrap_gethostbyaddr_r(addr, len, type, ret, buf, buflen, result, h_errnop);
3800 /* hosts enum functions */
3801 static void nwrap_files_sethostent(void)
3803 nwrap_he_global.idx = 0;
3806 static struct hostent *nwrap_files_gethostent(void)
3810 if (nwrap_he_global.idx == 0) {
3813 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3815 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading hosts file");
3820 if (nwrap_he_global.idx >= nwrap_he_global.num) {
3825 he = &((struct nwrap_entdata *)nwrap_he_global.entries.items[nwrap_he_global.idx++])->ht;
3827 NWRAP_LOG(NWRAP_LOG_DEBUG, "return hosts[%s]", he->h_name);
3832 static void nwrap_files_endhostent(void)
3834 nwrap_he_global.idx = 0;
3842 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
3845 static struct passwd pwd;
3846 static char buf[1000];
3849 if (!b->fns->_nss_getpwnam_r) {
3853 status = b->fns->_nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &errno);
3854 if (status == NSS_STATUS_NOTFOUND) {
3857 if (status != NSS_STATUS_SUCCESS) {
3864 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
3865 const char *name, struct passwd *pwdst,
3866 char *buf, size_t buflen, struct passwd **pwdstp)
3872 if (!b->fns->_nss_getpwnam_r) {
3873 return NSS_STATUS_NOTFOUND;
3876 ret = b->fns->_nss_getpwnam_r(name, pwdst, buf, buflen, &errno);
3878 case NSS_STATUS_SUCCESS:
3881 case NSS_STATUS_NOTFOUND:
3886 case NSS_STATUS_TRYAGAIN:
3899 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
3902 static struct passwd pwd;
3903 static char buf[1000];
3906 if (!b->fns->_nss_getpwuid_r) {
3910 status = b->fns->_nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &errno);
3911 if (status == NSS_STATUS_NOTFOUND) {
3914 if (status != NSS_STATUS_SUCCESS) {
3920 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
3921 uid_t uid, struct passwd *pwdst,
3922 char *buf, size_t buflen, struct passwd **pwdstp)
3928 if (!b->fns->_nss_getpwuid_r) {
3932 ret = b->fns->_nss_getpwuid_r(uid, pwdst, buf, buflen, &errno);
3934 case NSS_STATUS_SUCCESS:
3937 case NSS_STATUS_NOTFOUND:
3942 case NSS_STATUS_TRYAGAIN:
3955 static void nwrap_module_setpwent(struct nwrap_backend *b)
3957 if (!b->fns->_nss_setpwent) {
3961 b->fns->_nss_setpwent();
3964 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b)
3966 static struct passwd pwd;
3967 static char buf[1000];
3970 if (!b->fns->_nss_getpwent_r) {
3974 status = b->fns->_nss_getpwent_r(&pwd, buf, sizeof(buf), &errno);
3975 if (status == NSS_STATUS_NOTFOUND) {
3978 if (status != NSS_STATUS_SUCCESS) {
3984 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
3985 struct passwd *pwdst, char *buf,
3986 size_t buflen, struct passwd **pwdstp)
3992 if (!b->fns->_nss_getpwent_r) {
3996 ret = b->fns->_nss_getpwent_r(pwdst, buf, buflen, &errno);
3998 case NSS_STATUS_SUCCESS:
4001 case NSS_STATUS_NOTFOUND:
4006 case NSS_STATUS_TRYAGAIN:
4019 static void nwrap_module_endpwent(struct nwrap_backend *b)
4021 if (!b->fns->_nss_endpwent) {
4025 b->fns->_nss_endpwent();
4028 static int nwrap_module_initgroups(struct nwrap_backend *b,
4029 const char *user, gid_t group)
4035 if (!b->fns->_nss_initgroups) {
4036 return NSS_STATUS_UNAVAIL;
4039 return b->fns->_nss_initgroups(user, group, &start, &size, &groups, 0, &errno);
4042 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
4045 static struct group grp;
4047 static int buflen = 1000;
4050 if (!b->fns->_nss_getgrnam_r) {
4055 buf = (char *)malloc(buflen);
4058 status = b->fns->_nss_getgrnam_r(name, &grp, buf, buflen, &errno);
4059 if (status == NSS_STATUS_TRYAGAIN) {
4061 buf = (char *)realloc(buf, buflen);
4067 if (status == NSS_STATUS_NOTFOUND) {
4071 if (status != NSS_STATUS_SUCCESS) {
4078 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
4079 const char *name, struct group *grdst,
4080 char *buf, size_t buflen, struct group **grdstp)
4086 if (!b->fns->_nss_getgrnam_r) {
4090 ret = b->fns->_nss_getgrnam_r(name, grdst, buf, buflen, &errno);
4092 case NSS_STATUS_SUCCESS:
4095 case NSS_STATUS_NOTFOUND:
4100 case NSS_STATUS_TRYAGAIN:
4113 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
4116 static struct group grp;
4118 static int buflen = 1000;
4121 if (!b->fns->_nss_getgrgid_r) {
4126 buf = (char *)malloc(buflen);
4130 status = b->fns->_nss_getgrgid_r(gid, &grp, buf, buflen, &errno);
4131 if (status == NSS_STATUS_TRYAGAIN) {
4133 buf = (char *)realloc(buf, buflen);
4139 if (status == NSS_STATUS_NOTFOUND) {
4143 if (status != NSS_STATUS_SUCCESS) {
4150 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
4151 gid_t gid, struct group *grdst,
4152 char *buf, size_t buflen, struct group **grdstp)
4158 if (!b->fns->_nss_getgrgid_r) {
4162 ret = b->fns->_nss_getgrgid_r(gid, grdst, buf, buflen, &errno);
4164 case NSS_STATUS_SUCCESS:
4167 case NSS_STATUS_NOTFOUND:
4172 case NSS_STATUS_TRYAGAIN:
4185 static void nwrap_module_setgrent(struct nwrap_backend *b)
4187 if (!b->fns->_nss_setgrent) {
4191 b->fns->_nss_setgrent();
4194 static struct group *nwrap_module_getgrent(struct nwrap_backend *b)
4196 static struct group grp;
4198 static int buflen = 1024;
4201 if (!b->fns->_nss_getgrent_r) {
4206 buf = (char *)malloc(buflen);
4210 status = b->fns->_nss_getgrent_r(&grp, buf, buflen, &errno);
4211 if (status == NSS_STATUS_TRYAGAIN) {
4213 buf = (char *)realloc(buf, buflen);
4219 if (status == NSS_STATUS_NOTFOUND) {
4223 if (status != NSS_STATUS_SUCCESS) {
4230 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
4231 struct group *grdst, char *buf,
4232 size_t buflen, struct group **grdstp)
4238 if (!b->fns->_nss_getgrent_r) {
4242 ret = b->fns->_nss_getgrent_r(grdst, buf, buflen, &errno);
4244 case NSS_STATUS_SUCCESS:
4247 case NSS_STATUS_NOTFOUND:
4252 case NSS_STATUS_TRYAGAIN:
4265 static void nwrap_module_endgrent(struct nwrap_backend *b)
4267 if (!b->fns->_nss_endgrent) {
4271 b->fns->_nss_endgrent();
4274 /****************************************************************************
4276 ***************************************************************************/
4278 static struct passwd *nwrap_getpwnam(const char *name)
4283 for (i=0; i < nwrap_main_global->num_backends; i++) {
4284 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4285 pwd = b->ops->nw_getpwnam(b, name);
4294 struct passwd *getpwnam(const char *name)
4296 if (!nss_wrapper_enabled()) {
4297 return libc_getpwnam(name);
4300 return nwrap_getpwnam(name);
4303 /****************************************************************************
4305 ***************************************************************************/
4307 static int nwrap_getpwnam_r(const char *name, struct passwd *pwdst,
4308 char *buf, size_t buflen, struct passwd **pwdstp)
4312 for (i=0; i < nwrap_main_global->num_backends; i++) {
4313 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4314 ret = b->ops->nw_getpwnam_r(b, name, pwdst, buf, buflen, pwdstp);
4315 if (ret == ENOENT) {
4324 #ifdef HAVE_GETPWNAM_R
4325 # ifdef HAVE_SOLARIS_GETPWNAM_R
4326 int getpwnam_r(const char *name, struct passwd *pwdst,
4327 char *buf, int buflen, struct passwd **pwdstp)
4328 # else /* HAVE_SOLARIS_GETPWNAM_R */
4329 int getpwnam_r(const char *name, struct passwd *pwdst,
4330 char *buf, size_t buflen, struct passwd **pwdstp)
4331 # endif /* HAVE_SOLARIS_GETPWNAM_R */
4333 if (!nss_wrapper_enabled()) {
4334 return libc_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
4337 return nwrap_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
4341 /****************************************************************************
4343 ***************************************************************************/
4345 static struct passwd *nwrap_getpwuid(uid_t uid)
4350 for (i=0; i < nwrap_main_global->num_backends; i++) {
4351 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4352 pwd = b->ops->nw_getpwuid(b, uid);
4361 struct passwd *getpwuid(uid_t uid)
4363 if (!nss_wrapper_enabled()) {
4364 return libc_getpwuid(uid);
4367 return nwrap_getpwuid(uid);
4370 /****************************************************************************
4372 ***************************************************************************/
4374 static int nwrap_getpwuid_r(uid_t uid, struct passwd *pwdst,
4375 char *buf, size_t buflen, struct passwd **pwdstp)
4379 for (i=0; i < nwrap_main_global->num_backends; i++) {
4380 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4381 ret = b->ops->nw_getpwuid_r(b, uid, pwdst, buf, buflen, pwdstp);
4382 if (ret == ENOENT) {
4391 #ifdef HAVE_SOLARIS_GETPWUID_R
4392 int getpwuid_r(uid_t uid, struct passwd *pwdst,
4393 char *buf, int buflen, struct passwd **pwdstp)
4395 int getpwuid_r(uid_t uid, struct passwd *pwdst,
4396 char *buf, size_t buflen, struct passwd **pwdstp)
4399 if (!nss_wrapper_enabled()) {
4400 return libc_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
4403 return nwrap_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
4406 /****************************************************************************
4408 ***************************************************************************/
4410 static void nwrap_setpwent(void)
4414 for (i=0; i < nwrap_main_global->num_backends; i++) {
4415 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4416 b->ops->nw_setpwent(b);
4422 if (!nss_wrapper_enabled()) {
4430 /****************************************************************************
4432 ***************************************************************************/
4434 static struct passwd *nwrap_getpwent(void)
4439 for (i=0; i < nwrap_main_global->num_backends; i++) {
4440 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4441 pwd = b->ops->nw_getpwent(b);
4450 struct passwd *getpwent(void)
4452 if (!nss_wrapper_enabled()) {
4453 return libc_getpwent();
4456 return nwrap_getpwent();
4459 /****************************************************************************
4461 ***************************************************************************/
4463 #ifdef HAVE_GETPWENT_R
4464 static int nwrap_getpwent_r(struct passwd *pwdst, char *buf,
4465 size_t buflen, struct passwd **pwdstp)
4469 for (i=0; i < nwrap_main_global->num_backends; i++) {
4470 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4471 ret = b->ops->nw_getpwent_r(b, pwdst, buf, buflen, pwdstp);
4472 if (ret == ENOENT) {
4481 # ifdef HAVE_SOLARIS_GETPWENT_R
4482 struct passwd *getpwent_r(struct passwd *pwdst, char *buf, int buflen)
4484 struct passwd *pwdstp = NULL;
4487 if (!nss_wrapper_enabled()) {
4488 return libc_getpwent_r(pwdst, buf, buflen);
4490 rc = nwrap_getpwent_r(pwdst, buf, buflen, &pwdstp);
4497 # else /* HAVE_SOLARIS_GETPWENT_R */
4498 int getpwent_r(struct passwd *pwdst, char *buf,
4499 size_t buflen, struct passwd **pwdstp)
4501 if (!nss_wrapper_enabled()) {
4502 return libc_getpwent_r(pwdst, buf, buflen, pwdstp);
4505 return nwrap_getpwent_r(pwdst, buf, buflen, pwdstp);
4507 # endif /* HAVE_SOLARIS_GETPWENT_R */
4508 #endif /* HAVE_GETPWENT_R */
4510 /****************************************************************************
4512 ***************************************************************************/
4514 static void nwrap_endpwent(void)
4518 for (i=0; i < nwrap_main_global->num_backends; i++) {
4519 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4520 b->ops->nw_endpwent(b);
4526 if (!nss_wrapper_enabled()) {
4534 /****************************************************************************
4536 ***************************************************************************/
4538 static int nwrap_initgroups(const char *user, gid_t group)
4542 for (i=0; i < nwrap_main_global->num_backends; i++) {
4543 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4546 rc = b->ops->nw_initgroups(b, user, group);
4556 int initgroups(const char *user, gid_t group)
4558 if (!nss_wrapper_enabled()) {
4559 return libc_initgroups(user, group);
4562 return nwrap_initgroups(user, group);
4565 /****************************************************************************
4567 ***************************************************************************/
4569 static struct group *nwrap_getgrnam(const char *name)
4574 for (i=0; i < nwrap_main_global->num_backends; i++) {
4575 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4576 grp = b->ops->nw_getgrnam(b, name);
4585 struct group *getgrnam(const char *name)
4587 if (!nss_wrapper_enabled()) {
4588 return libc_getgrnam(name);
4591 return nwrap_getgrnam(name);
4594 /****************************************************************************
4596 ***************************************************************************/
4598 static int nwrap_getgrnam_r(const char *name, struct group *grdst,
4599 char *buf, size_t buflen, struct group **grdstp)
4603 for (i=0; i < nwrap_main_global->num_backends; i++) {
4604 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4605 ret = b->ops->nw_getgrnam_r(b, name, grdst, buf, buflen, grdstp);
4606 if (ret == ENOENT) {
4615 #ifdef HAVE_GETGRNAM_R
4616 # ifdef HAVE_SOLARIS_GETGRNAM_R
4617 int getgrnam_r(const char *name, struct group *grp,
4618 char *buf, int buflen, struct group **pgrp)
4619 # else /* HAVE_SOLARIS_GETGRNAM_R */
4620 int getgrnam_r(const char *name, struct group *grp,
4621 char *buf, size_t buflen, struct group **pgrp)
4622 # endif /* HAVE_SOLARIS_GETGRNAM_R */
4624 if (!nss_wrapper_enabled()) {
4625 return libc_getgrnam_r(name,
4632 return nwrap_getgrnam_r(name, grp, buf, buflen, pgrp);
4634 #endif /* HAVE_GETGRNAM_R */
4636 /****************************************************************************
4638 ***************************************************************************/
4640 static struct group *nwrap_getgrgid(gid_t gid)
4645 for (i=0; i < nwrap_main_global->num_backends; i++) {
4646 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4647 grp = b->ops->nw_getgrgid(b, gid);
4656 struct group *getgrgid(gid_t gid)
4658 if (!nss_wrapper_enabled()) {
4659 return libc_getgrgid(gid);
4662 return nwrap_getgrgid(gid);
4665 /****************************************************************************
4667 ***************************************************************************/
4669 static int nwrap_getgrgid_r(gid_t gid, struct group *grdst,
4670 char *buf, size_t buflen, struct group **grdstp)
4674 for (i=0; i < nwrap_main_global->num_backends; i++) {
4675 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4676 ret = b->ops->nw_getgrgid_r(b, gid, grdst, buf, buflen, grdstp);
4677 if (ret == ENOENT) {
4686 #ifdef HAVE_GETGRGID_R
4687 # ifdef HAVE_SOLARIS_GETGRGID_R
4688 int getgrgid_r(gid_t gid, struct group *grdst,
4689 char *buf, int buflen, struct group **grdstp)
4690 # else /* HAVE_SOLARIS_GETGRGID_R */
4691 int getgrgid_r(gid_t gid, struct group *grdst,
4692 char *buf, size_t buflen, struct group **grdstp)
4693 # endif /* HAVE_SOLARIS_GETGRGID_R */
4695 if (!nss_wrapper_enabled()) {
4696 return libc_getgrgid_r(gid, grdst, buf, buflen, grdstp);
4699 return nwrap_getgrgid_r(gid, grdst, buf, buflen, grdstp);
4703 /****************************************************************************
4705 ***************************************************************************/
4707 static void nwrap_setgrent(void)
4711 for (i=0; i < nwrap_main_global->num_backends; i++) {
4712 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4713 b->ops->nw_setgrent(b);
4717 #ifdef HAVE_BSD_SETGRENT
4723 if (!nss_wrapper_enabled()) {
4731 #ifdef HAVE_BSD_SETGRENT
4738 /****************************************************************************
4740 ***************************************************************************/
4742 static struct group *nwrap_getgrent(void)
4747 for (i=0; i < nwrap_main_global->num_backends; i++) {
4748 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4749 grp = b->ops->nw_getgrent(b);
4758 struct group *getgrent(void)
4760 if (!nss_wrapper_enabled()) {
4761 return libc_getgrent();
4764 return nwrap_getgrent();
4767 /****************************************************************************
4769 ***************************************************************************/
4771 #ifdef HAVE_GETGRENT_R
4772 static int nwrap_getgrent_r(struct group *grdst, char *buf,
4773 size_t buflen, struct group **grdstp)
4777 for (i=0; i < nwrap_main_global->num_backends; i++) {
4778 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4779 ret = b->ops->nw_getgrent_r(b, grdst, buf, buflen, grdstp);
4780 if (ret == ENOENT) {
4789 # ifdef HAVE_SOLARIS_GETGRENT_R
4790 struct group *getgrent_r(struct group *src, char *buf, int buflen)
4792 struct group *grdstp = NULL;
4795 if (!nss_wrapper_enabled()) {
4796 return libc_getgrent_r(src, buf, buflen);
4799 rc = nwrap_getgrent_r(src, buf, buflen, &grdstp);
4806 # else /* HAVE_SOLARIS_GETGRENT_R */
4807 int getgrent_r(struct group *src, char *buf,
4808 size_t buflen, struct group **grdstp)
4810 if (!nss_wrapper_enabled()) {
4811 return libc_getgrent_r(src, buf, buflen, grdstp);
4814 return nwrap_getgrent_r(src, buf, buflen, grdstp);
4816 # endif /* HAVE_SOLARIS_GETGRENT_R */
4817 #endif /* HAVE_GETGRENT_R */
4819 /****************************************************************************
4821 ***************************************************************************/
4823 static void nwrap_endgrent(void)
4827 for (i=0; i < nwrap_main_global->num_backends; i++) {
4828 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4829 b->ops->nw_endgrent(b);
4835 if (!nss_wrapper_enabled()) {
4843 /****************************************************************************
4845 ***************************************************************************/
4847 #ifdef HAVE_GETGROUPLIST
4848 static int nwrap_getgrouplist(const char *user, gid_t group,
4849 gid_t *groups, int *ngroups)
4855 NWRAP_LOG(NWRAP_LOG_DEBUG, "getgrouplist called for %s", user);
4857 groups_tmp = (gid_t *)malloc(count * sizeof(gid_t));
4859 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
4863 groups_tmp[0] = group;
4866 while ((grp = nwrap_getgrent()) != NULL) {
4869 NWRAP_LOG(NWRAP_LOG_DEBUG,
4870 "Inspecting %s for group membership",
4873 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
4875 if (group != grp->gr_gid &&
4876 (strcmp(user, grp->gr_mem[i]) == 0)) {
4878 NWRAP_LOG(NWRAP_LOG_DEBUG,
4879 "%s is member of %s",
4883 groups_tmp = (gid_t *)realloc(groups_tmp, (count + 1) * sizeof(gid_t));
4885 NWRAP_LOG(NWRAP_LOG_ERROR,
4890 groups_tmp[count] = grp->gr_gid;
4899 NWRAP_LOG(NWRAP_LOG_DEBUG,
4900 "%s is member of %d groups",
4903 if (*ngroups < count) {
4910 memcpy(groups, groups_tmp, count * sizeof(gid_t));
4916 int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups)
4918 if (!nss_wrapper_enabled()) {
4919 return libc_getgrouplist(user, group, groups, ngroups);
4922 return nwrap_getgrouplist(user, group, groups, ngroups);
4926 /**********************************************************
4928 **********************************************************/
4930 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
4932 #ifdef HAVE_SETSPENT
4933 static void nwrap_setspent(void)
4935 nwrap_files_setspent();
4940 if (!nss_wrapper_shadow_enabled()) {
4947 static struct spwd *nwrap_getspent(void)
4949 return nwrap_files_getspent();
4952 struct spwd *getspent(void)
4954 if (!nss_wrapper_shadow_enabled()) {
4958 return nwrap_getspent();
4961 static void nwrap_endspent(void)
4963 nwrap_files_endspent();
4968 if (!nss_wrapper_shadow_enabled()) {
4974 #endif /* HAVE_SETSPENT */
4976 static struct spwd *nwrap_getspnam(const char *name)
4978 return nwrap_files_getspnam(name);
4981 struct spwd *getspnam(const char *name)
4983 if (!nss_wrapper_shadow_enabled()) {
4987 return nwrap_getspnam(name);
4990 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
4992 /**********************************************************
4994 **********************************************************/
4996 static void nwrap_sethostent(int stayopen) {
4997 (void) stayopen; /* ignored */
4999 nwrap_files_sethostent();
5002 #ifdef HAVE_SOLARIS_SETHOSTENT
5003 int sethostent(int stayopen)
5005 if (!nss_wrapper_hosts_enabled()) {
5006 libc_sethostent(stayopen);
5010 nwrap_sethostent(stayopen);
5014 #else /* HAVE_SOLARIS_SETHOSTENT */
5015 void sethostent(int stayopen)
5017 if (!nss_wrapper_hosts_enabled()) {
5018 libc_sethostent(stayopen);
5022 nwrap_sethostent(stayopen);
5024 #endif /* HAVE_SOLARIS_SETHOSTENT */
5026 static struct hostent *nwrap_gethostent(void)
5028 return nwrap_files_gethostent();
5031 struct hostent *gethostent(void) {
5032 if (!nss_wrapper_hosts_enabled()) {
5033 return libc_gethostent();
5036 return nwrap_gethostent();
5039 static void nwrap_endhostent(void) {
5040 nwrap_files_endhostent();
5043 #ifdef HAVE_SOLARIS_ENDHOSTENT
5044 int endhostent(void)
5046 if (!nss_wrapper_hosts_enabled()) {
5055 #else /* HAVE_SOLARIS_ENDHOSTENT */
5056 void endhostent(void)
5058 if (!nss_wrapper_hosts_enabled()) {
5065 #endif /* HAVE_SOLARIS_ENDHOSTENT */
5068 /* BSD implementation stores data in thread local storage but GLIBC does not */
5069 static __thread struct hostent user_he;
5070 static __thread struct nwrap_vector user_addrlist;
5072 static struct hostent user_he;
5073 static struct nwrap_vector user_addrlist;
5075 static struct hostent *nwrap_gethostbyname(const char *name)
5077 if (nwrap_files_gethostbyname(name, AF_UNSPEC, &user_he, &user_addrlist) == -1) {
5083 struct hostent *gethostbyname(const char *name)
5085 if (!nss_wrapper_hosts_enabled()) {
5086 return libc_gethostbyname(name);
5089 return nwrap_gethostbyname(name);
5092 /* This is a GNU extension - Also can be found on BSD systems */
5093 #ifdef HAVE_GETHOSTBYNAME2
5095 /* BSD implementation stores data in thread local storage but GLIBC not */
5096 static __thread struct hostent user_he2;
5097 static __thread struct nwrap_vector user_addrlist2;
5099 static struct hostent user_he2;
5100 static struct nwrap_vector user_addrlist2;
5102 static struct hostent *nwrap_gethostbyname2(const char *name, int af)
5104 if (nwrap_files_gethostbyname(name, af, &user_he2, &user_addrlist2) == -1) {
5110 struct hostent *gethostbyname2(const char *name, int af)
5112 if (!nss_wrapper_hosts_enabled()) {
5113 return libc_gethostbyname2(name, af);
5116 return nwrap_gethostbyname2(name, af);
5120 static struct hostent *nwrap_gethostbyaddr(const void *addr,
5121 socklen_t len, int type)
5123 return nwrap_files_gethostbyaddr(addr, len, type);
5126 struct hostent *gethostbyaddr(const void *addr,
5127 socklen_t len, int type)
5129 if (!nss_wrapper_hosts_enabled()) {
5130 return libc_gethostbyaddr(addr, len, type);
5133 return nwrap_gethostbyaddr(addr, len, type);
5136 static const struct addrinfo default_hints =
5138 .ai_flags = AI_ADDRCONFIG|AI_V4MAPPED,
5139 .ai_family = AF_UNSPEC,
5144 .ai_canonname = NULL,
5148 static int nwrap_convert_he_ai(const struct hostent *he,
5149 unsigned short port,
5150 const struct addrinfo *hints,
5151 struct addrinfo **pai,
5152 bool skip_canonname)
5154 struct addrinfo *ai;
5161 switch (he->h_addrtype) {
5163 socklen = sizeof(struct sockaddr_in);
5167 socklen = sizeof(struct sockaddr_in6);
5174 ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + socklen);
5179 ai->ai_flags = hints->ai_flags;
5180 ai->ai_family = he->h_addrtype;
5181 ai->ai_socktype = hints->ai_socktype;
5182 ai->ai_protocol = hints->ai_protocol;
5183 ai->ai_canonname = NULL;
5185 if (ai->ai_socktype == 0) {
5186 ai->ai_socktype = SOCK_DGRAM;
5188 if (ai->ai_protocol == 0) {
5189 if (ai->ai_socktype == SOCK_DGRAM) {
5190 ai->ai_protocol = IPPROTO_UDP;
5191 } else if (ai->ai_socktype == SOCK_STREAM) {
5192 ai->ai_protocol = IPPROTO_TCP;
5196 ai->ai_addrlen = socklen;
5197 ai->ai_addr = (void *)(ai + 1);
5199 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
5200 ai->ai_addr->sa_len = socklen;
5202 ai->ai_addr->sa_family = he->h_addrtype;
5204 switch (he->h_addrtype) {
5207 struct sockaddr_in *sinp =
5208 (struct sockaddr_in *) ai->ai_addr;
5210 memset(sinp, 0, sizeof(struct sockaddr_in));
5212 sinp->sin_port = htons(port);
5213 sinp->sin_family = AF_INET;
5215 memset (sinp->sin_zero, '\0', sizeof (sinp->sin_zero));
5216 memcpy(&sinp->sin_addr, he->h_addr_list[0], he->h_length);
5223 struct sockaddr_in6 *sin6p =
5224 (struct sockaddr_in6 *) ai->ai_addr;
5226 memset(sin6p, 0, sizeof(struct sockaddr_in6));
5228 sin6p->sin6_port = htons(port);
5229 sin6p->sin6_family = AF_INET6;
5231 memcpy(&sin6p->sin6_addr,
5241 if (he->h_name && !skip_canonname) {
5242 ai->ai_canonname = strdup(he->h_name);
5243 if (ai->ai_canonname == NULL) {
5253 static int nwrap_getaddrinfo(const char *node,
5254 const char *service,
5255 const struct addrinfo *hints,
5256 struct addrinfo **res)
5258 struct addrinfo *ai = NULL;
5259 unsigned short port = 0;
5269 .family = AF_UNSPEC,
5273 if (node == NULL && service == NULL) {
5277 if (hints == NULL) {
5278 hints = &default_hints;
5282 hints.ai_flags contains invalid flags; or, hints.ai_flags
5283 included AI_CANONNAME and name was NULL.
5285 if ((hints->ai_flags & AI_CANONNAME) && (node == NULL)) {
5286 return EAI_BADFLAGS;
5289 /* If no node has been specified, let glibc deal with it */
5292 struct addrinfo *p = NULL;
5294 ret = libc_getaddrinfo(node, service, hints, &p);
5302 if (service != NULL && service[0] != '\0') {
5303 const char *proto = NULL;
5309 sl = strtol(service, &end_ptr, 10);
5311 if (*end_ptr == '\0') {
5314 } else if (hints->ai_flags & AI_NUMERICSERV) {
5318 if (hints->ai_protocol != 0) {
5319 struct protoent *pent;
5321 pent = getprotobynumber(hints->ai_protocol);
5323 proto = pent->p_name;
5327 s = getservbyname(service, proto);
5331 port = ntohs(s->s_port);
5336 rc = inet_pton(AF_INET, node, &addr.in.v4);
5338 addr.family = AF_INET;
5341 if (addr.family == AF_UNSPEC) {
5342 rc = inet_pton(AF_INET6, node, &addr.in.v6);
5344 addr.family = AF_INET6;
5349 if (addr.family == AF_UNSPEC) {
5350 if (hints->ai_flags & AI_NUMERICHOST) {
5353 } else if ((hints->ai_family != AF_UNSPEC) &&
5354 (hints->ai_family != addr.family))
5356 return EAI_ADDRFAMILY;
5359 rc = nwrap_files_getaddrinfo(node, port, hints, &ai);
5362 struct addrinfo *p = NULL;
5364 ret = libc_getaddrinfo(node, service, hints, &p);
5368 * nwrap_files_getaddrinfo failed, but libc was
5369 * successful -- use the result from libc.
5379 * If the socktype was not specified, duplicate
5380 * each ai returned, so that we have variants for
5383 if (hints->ai_socktype == 0) {
5384 struct addrinfo *ai_cur;
5386 /* freeaddrinfo() frees ai_canonname and ai so allocate them */
5387 for (ai_cur = ai; ai_cur != NULL; ai_cur = ai_cur->ai_next) {
5388 struct addrinfo *ai_new;
5390 /* duplicate the current entry */
5392 ai_new = malloc(sizeof(struct addrinfo));
5393 if (ai_new == NULL) {
5398 memcpy(ai_new, ai_cur, sizeof(struct addrinfo));
5399 ai_new->ai_next = NULL;
5401 /* We need a deep copy or freeaddrinfo() will blow up */
5402 if (ai_cur->ai_canonname != NULL) {
5403 ai_new->ai_canonname =
5404 strdup(ai_cur->ai_canonname);
5407 if (ai_cur->ai_socktype == SOCK_DGRAM) {
5408 ai_new->ai_socktype = SOCK_STREAM;
5409 } else if (ai_cur->ai_socktype == SOCK_STREAM) {
5410 ai_new->ai_socktype = SOCK_DGRAM;
5412 if (ai_cur->ai_protocol == IPPROTO_TCP) {
5413 ai_new->ai_protocol = IPPROTO_UDP;
5414 } else if (ai_cur->ai_protocol == IPPROTO_UDP) {
5415 ai_new->ai_protocol = IPPROTO_TCP;
5418 /* now insert the new entry */
5420 ai_new->ai_next = ai_cur->ai_next;
5421 ai_cur->ai_next = ai_new;
5423 /* and move on (don't duplicate the new entry) */
5434 int getaddrinfo(const char *node, const char *service,
5435 const struct addrinfo *hints,
5436 struct addrinfo **res)
5438 if (!nss_wrapper_hosts_enabled()) {
5439 return libc_getaddrinfo(node, service, hints, res);
5442 return nwrap_getaddrinfo(node, service, hints, res);
5445 static int nwrap_getnameinfo(const struct sockaddr *sa, socklen_t salen,
5446 char *host, size_t hostlen,
5447 char *serv, size_t servlen,
5451 struct servent *service;
5458 if (sa == NULL || salen < sizeof(sa_family_t)) {
5462 if ((flags & NI_NAMEREQD) && host == NULL && serv == NULL) {
5466 type = sa->sa_family;
5469 if (salen < sizeof(struct sockaddr_in))
5471 addr = &((const struct sockaddr_in *)sa)->sin_addr;
5472 addrlen = sizeof(((const struct sockaddr_in *)sa)->sin_addr);
5473 port = ntohs(((const struct sockaddr_in *)sa)->sin_port);
5477 if (salen < sizeof(struct sockaddr_in6))
5479 addr = &((const struct sockaddr_in6 *)sa)->sin6_addr;
5480 addrlen = sizeof(((const struct sockaddr_in6 *)sa)->sin6_addr);
5481 port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port);
5490 if ((flags & NI_NUMERICHOST) == 0) {
5491 he = nwrap_files_gethostbyaddr(addr, addrlen, type);
5492 if ((flags & NI_NAMEREQD) && (he == NULL || he->h_name == NULL))
5495 if (he != NULL && he->h_name != NULL) {
5496 if (strlen(he->h_name) >= hostlen)
5497 return EAI_OVERFLOW;
5498 snprintf(host, hostlen, "%s", he->h_name);
5499 if (flags & NI_NOFQDN)
5500 host[strcspn(host, ".")] = '\0';
5502 if (inet_ntop(type, addr, host, hostlen) == NULL)
5503 return (errno == ENOSPC) ? EAI_OVERFLOW : EAI_FAIL;
5509 if ((flags & NI_NUMERICSERV) == 0) {
5510 proto = (flags & NI_DGRAM) ? "udp" : "tcp";
5511 service = getservbyport(htons(port), proto);
5513 if (service != NULL) {
5514 if (strlen(service->s_name) >= servlen)
5515 return EAI_OVERFLOW;
5516 snprintf(serv, servlen, "%s", service->s_name);
5518 if (snprintf(serv, servlen, "%u", port) >= (int) servlen)
5519 return EAI_OVERFLOW;
5526 #ifdef HAVE_LINUX_GETNAMEINFO
5527 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5528 char *host, socklen_t hostlen,
5529 char *serv, socklen_t servlen,
5531 #elif defined(HAVE_LINUX_GETNAMEINFO_UNSIGNED)
5532 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5533 char *host, socklen_t hostlen,
5534 char *serv, socklen_t servlen,
5537 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5538 char *host, size_t hostlen,
5539 char *serv, size_t servlen,
5543 if (!nss_wrapper_hosts_enabled()) {
5544 return libc_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
5547 return nwrap_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
5550 static int nwrap_gethostname(char *name, size_t len)
5552 const char *hostname = getenv("NSS_WRAPPER_HOSTNAME");
5554 if (strlen(hostname) >= len) {
5555 errno = ENAMETOOLONG;
5558 snprintf(name, len, "%s", hostname);
5563 #ifdef HAVE_SOLARIS_GETHOSTNAME
5564 int gethostname(char *name, int len)
5565 #else /* HAVE_SOLARIS_GETHOSTNAME */
5566 int gethostname(char *name, size_t len)
5567 #endif /* HAVE_SOLARIS_GETHOSTNAME */
5569 if (!nwrap_hostname_enabled()) {
5570 return libc_gethostname(name, len);
5573 return nwrap_gethostname(name, len);
5576 /****************************
5578 ***************************/
5579 void nwrap_constructor(void)
5582 * If we hold a lock and the application forks, then the child
5583 * is not able to unlock the mutex and we are in a deadlock.
5585 * Setting these handlers should prevent such deadlocks.
5587 pthread_atfork(&nwrap_thread_prepare,
5588 &nwrap_thread_parent,
5589 &nwrap_thread_child);
5591 /* Do not call nwrap_init() here. */
5594 /****************************
5596 ***************************/
5599 * This function is called when the library is unloaded and makes sure that
5600 * sockets get closed and the unix file for the socket are unlinked.
5602 void nwrap_destructor(void)
5607 if (nwrap_main_global != NULL) {
5608 struct nwrap_main *m = nwrap_main_global;
5611 if (m->libc != NULL) {
5612 SAFE_FREE(m->libc->fns);
5613 if (m->libc->handle != NULL) {
5614 dlclose(m->libc->handle);
5616 if (m->libc->nsl_handle != NULL) {
5617 dlclose(m->libc->nsl_handle);
5619 if (m->libc->sock_handle != NULL) {
5620 dlclose(m->libc->sock_handle);
5626 if (m->backends != NULL) {
5627 for (i = 0; i < m->num_backends; i++) {
5628 struct nwrap_backend *b = &(m->backends[i]);
5630 if (b->so_handle != NULL) {
5631 dlclose(b->so_handle);
5635 SAFE_FREE(m->backends);
5639 if (nwrap_pw_global.cache != NULL) {
5640 struct nwrap_cache *c = nwrap_pw_global.cache;
5642 nwrap_files_cache_unload(c);
5648 SAFE_FREE(nwrap_pw_global.list);
5649 nwrap_pw_global.num = 0;
5652 if (nwrap_gr_global.cache != NULL) {
5653 struct nwrap_cache *c = nwrap_gr_global.cache;
5655 nwrap_files_cache_unload(c);
5661 SAFE_FREE(nwrap_gr_global.list);
5662 nwrap_pw_global.num = 0;
5665 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
5666 if (nwrap_sp_global.cache != NULL) {
5667 struct nwrap_cache *c = nwrap_sp_global.cache;
5669 nwrap_files_cache_unload(c);
5675 nwrap_sp_global.num = 0;
5677 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
5679 if (nwrap_he_global.cache != NULL) {
5680 struct nwrap_cache *c = nwrap_he_global.cache;
5682 nwrap_files_cache_unload(c);
5688 nwrap_he_global.num = 0;
5691 free(user_addrlist.items);
5692 #ifdef HAVE_GETHOSTBYNAME2
5693 free(user_addrlist2.items);