2 * Copyright (C) Stefan Metzmacher 2007 <metze@samba.org>
3 * Copyright (C) Guenther Deschner 2009 <gd@samba.org>
4 * Copyright (C) Andreas Schneider 2013 <asn@samba.org>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the author nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #include <sys/types.h>
42 #include <sys/socket.h>
55 #include <netinet/in.h>
61 * Defining _POSIX_PTHREAD_SEMANTICS before including pwd.h and grp.h gives us
62 * the posix getpwnam_r(), getpwuid_r(), getgrnam_r and getgrgid_r calls on
65 #ifndef _POSIX_PTHREAD_SEMANTICS
66 #define _POSIX_PTHREAD_SEMANTICS
73 #endif /* HAVE_SHADOW_H */
76 #include <arpa/inet.h>
77 #include <netinet/in.h>
81 #if defined(HAVE_NSS_H)
85 typedef enum nss_status NSS_STATUS;
86 #elif defined(HAVE_NSS_COMMON_H)
88 #include <nss_common.h>
89 #include <nss_dbdefs.h>
92 typedef nss_status_t NSS_STATUS;
94 # define NSS_STATUS_SUCCESS NSS_SUCCESS
95 # define NSS_STATUS_NOTFOUND NSS_NOTFOUND
96 # define NSS_STATUS_UNAVAIL NSS_UNAVAIL
97 # define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN
99 # error "No nsswitch support detected"
103 #define PTR_DIFF(p1, p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2)))
111 #define EAI_NODATA EAI_NONAME
114 #ifndef EAI_ADDRFAMILY
115 #define EAI_ADDRFAMILY EAI_FAMILY
119 #define __STRING(x) #x
122 #ifndef __STRINGSTRING
123 #define __STRINGSTRING(x) __STRING(x)
127 #define __LINESTR__ __STRINGSTRING(__LINE__)
131 #define __location__ __FILE__ ":" __LINESTR__
135 #define DNS_NAME_MAX 255
138 /* GCC have printf type attribute check. */
139 #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT
140 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
142 #define PRINTF_ATTRIBUTE(a,b)
143 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
145 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
146 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
148 #define DESTRUCTOR_ATTRIBUTE
149 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
151 #define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
154 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
157 #ifndef discard_const
158 #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
161 #ifndef discard_const_p
162 #define discard_const_p(type, ptr) ((type *)discard_const(ptr))
166 #define NWRAP_INET_ADDRSTRLEN INET6_ADDRSTRLEN
168 #define NWRAP_INET_ADDRSTRLEN INET_ADDRSTRLEN
171 #define NWRAP_LOCK(m) do { \
172 pthread_mutex_lock(&( m ## _mutex)); \
175 #define NWRAP_UNLOCK(m) do { \
176 pthread_mutex_unlock(&( m ## _mutex)); \
180 static bool nwrap_initialized = false;
181 static pthread_mutex_t nwrap_initialized_mutex = PTHREAD_MUTEX_INITIALIZER;
183 /* The mutex or accessing the id */
184 static pthread_mutex_t nwrap_global_mutex = PTHREAD_MUTEX_INITIALIZER;
185 static pthread_mutex_t nwrap_gr_global_mutex = PTHREAD_MUTEX_INITIALIZER;
186 static pthread_mutex_t nwrap_he_global_mutex = PTHREAD_MUTEX_INITIALIZER;
187 static pthread_mutex_t nwrap_pw_global_mutex = PTHREAD_MUTEX_INITIALIZER;
188 static pthread_mutex_t nwrap_sp_global_mutex = PTHREAD_MUTEX_INITIALIZER;
190 /* Add new global locks here please */
191 /* Also don't forget to add locks to
192 * nwrap_init() function.
194 # define NWRAP_LOCK_ALL do { \
195 NWRAP_LOCK(nwrap_initialized); \
196 NWRAP_LOCK(nwrap_global); \
197 NWRAP_LOCK(nwrap_gr_global); \
198 NWRAP_LOCK(nwrap_he_global); \
199 NWRAP_LOCK(nwrap_pw_global); \
200 NWRAP_LOCK(nwrap_sp_global); \
203 # define NWRAP_UNLOCK_ALL do {\
204 NWRAP_UNLOCK(nwrap_sp_global); \
205 NWRAP_UNLOCK(nwrap_pw_global); \
206 NWRAP_UNLOCK(nwrap_he_global); \
207 NWRAP_UNLOCK(nwrap_gr_global); \
208 NWRAP_UNLOCK(nwrap_global); \
209 NWRAP_UNLOCK(nwrap_initialized); \
212 static void nwrap_thread_prepare(void)
217 static void nwrap_thread_parent(void)
222 static void nwrap_thread_child(void)
227 enum nwrap_dbglvl_e {
235 # define NWRAP_LOG(...)
238 static void nwrap_log(enum nwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
239 # define NWRAP_LOG(dbglvl, ...) nwrap_log((dbglvl), __func__, __VA_ARGS__)
241 static void nwrap_log(enum nwrap_dbglvl_e dbglvl,
243 const char *format, ...)
248 unsigned int lvl = 0;
251 d = getenv("NSS_WRAPPER_DEBUGLEVEL");
256 va_start(va, format);
257 vsnprintf(buffer, sizeof(buffer), format, va);
262 case NWRAP_LOG_ERROR:
264 "NWRAP_ERROR(%d) - %s: %s\n",
269 "NWRAP_WARN(%d) - %s: %s\n",
272 case NWRAP_LOG_DEBUG:
274 "NWRAP_DEBUG(%d) - %s: %s\n",
277 case NWRAP_LOG_TRACE:
279 "NWRAP_TRACE(%d) - %s: %s\n",
285 #endif /* NDEBUG NWRAP_LOG */
287 struct nwrap_libc_fns {
288 struct passwd *(*_libc_getpwnam)(const char *name);
289 int (*_libc_getpwnam_r)(const char *name, struct passwd *pwd,
290 char *buf, size_t buflen, struct passwd **result);
291 struct passwd *(*_libc_getpwuid)(uid_t uid);
292 int (*_libc_getpwuid_r)(uid_t uid, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result);
293 void (*_libc_setpwent)(void);
294 struct passwd *(*_libc_getpwent)(void);
295 #ifdef HAVE_SOLARIS_GETPWENT_R
296 struct passwd *(*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen);
298 int (*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen, struct passwd **pwbufp);
300 void (*_libc_endpwent)(void);
301 int (*_libc_initgroups)(const char *user, gid_t gid);
302 struct group *(*_libc_getgrnam)(const char *name);
303 int (*_libc_getgrnam_r)(const char *name, struct group *grp, char *buf, size_t buflen, struct group **result);
304 struct group *(*_libc_getgrgid)(gid_t gid);
305 int (*_libc_getgrgid_r)(gid_t gid, struct group *grp, char *buf, size_t buflen, struct group **result);
306 void (*_libc_setgrent)(void);
307 struct group *(*_libc_getgrent)(void);
308 #ifdef HAVE_SOLARIS_GETGRENT_R
309 struct group *(*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen);
311 int (*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen, struct group **result);
313 void (*_libc_endgrent)(void);
314 int (*_libc_getgrouplist)(const char *user, gid_t group, gid_t *groups, int *ngroups);
316 void (*_libc_sethostent)(int stayopen);
317 struct hostent *(*_libc_gethostent)(void);
318 void (*_libc_endhostent)(void);
320 struct hostent *(*_libc_gethostbyname)(const char *name);
321 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
322 struct hostent *(*_libc_gethostbyname2)(const char *name, int af);
324 struct hostent *(*_libc_gethostbyaddr)(const void *addr, socklen_t len, int type);
326 int (*_libc_getaddrinfo)(const char *node, const char *service,
327 const struct addrinfo *hints,
328 struct addrinfo **res);
329 int (*_libc_getnameinfo)(const struct sockaddr *sa, socklen_t salen,
330 char *host, size_t hostlen,
331 char *serv, size_t servlen,
333 int (*_libc_gethostname)(char *name, size_t len);
334 #ifdef HAVE_GETHOSTBYNAME_R
335 int (*_libc_gethostbyname_r)(const char *name,
337 char *buf, size_t buflen,
338 struct hostent **result, int *h_errnop);
340 #ifdef HAVE_GETHOSTBYADDR_R
341 int (*_libc_gethostbyaddr_r)(const void *addr, socklen_t len, int type,
343 char *buf, size_t buflen,
344 struct hostent **result, int *h_errnop);
348 struct nwrap_module_nss_fns {
349 NSS_STATUS (*_nss_getpwnam_r)(const char *name, struct passwd *result, char *buffer,
350 size_t buflen, int *errnop);
351 NSS_STATUS (*_nss_getpwuid_r)(uid_t uid, struct passwd *result, char *buffer,
352 size_t buflen, int *errnop);
353 NSS_STATUS (*_nss_setpwent)(void);
354 NSS_STATUS (*_nss_getpwent_r)(struct passwd *result, char *buffer,
355 size_t buflen, int *errnop);
356 NSS_STATUS (*_nss_endpwent)(void);
357 NSS_STATUS (*_nss_initgroups)(const char *user, gid_t group, long int *start,
358 long int *size, gid_t **groups, long int limit, int *errnop);
359 NSS_STATUS (*_nss_getgrnam_r)(const char *name, struct group *result, char *buffer,
360 size_t buflen, int *errnop);
361 NSS_STATUS (*_nss_getgrgid_r)(gid_t gid, struct group *result, char *buffer,
362 size_t buflen, int *errnop);
363 NSS_STATUS (*_nss_setgrent)(void);
364 NSS_STATUS (*_nss_getgrent_r)(struct group *result, char *buffer,
365 size_t buflen, int *errnop);
366 NSS_STATUS (*_nss_endgrent)(void);
369 struct nwrap_backend {
373 struct nwrap_ops *ops;
374 struct nwrap_module_nss_fns *fns;
378 struct passwd * (*nw_getpwnam)(struct nwrap_backend *b,
380 int (*nw_getpwnam_r)(struct nwrap_backend *b,
381 const char *name, struct passwd *pwdst,
382 char *buf, size_t buflen, struct passwd **pwdstp);
383 struct passwd * (*nw_getpwuid)(struct nwrap_backend *b,
385 int (*nw_getpwuid_r)(struct nwrap_backend *b,
386 uid_t uid, struct passwd *pwdst,
387 char *buf, size_t buflen, struct passwd **pwdstp);
388 void (*nw_setpwent)(struct nwrap_backend *b);
389 struct passwd * (*nw_getpwent)(struct nwrap_backend *b);
390 int (*nw_getpwent_r)(struct nwrap_backend *b,
391 struct passwd *pwdst, char *buf,
392 size_t buflen, struct passwd **pwdstp);
393 void (*nw_endpwent)(struct nwrap_backend *b);
394 int (*nw_initgroups)(struct nwrap_backend *b,
395 const char *user, gid_t group);
396 struct group * (*nw_getgrnam)(struct nwrap_backend *b,
398 int (*nw_getgrnam_r)(struct nwrap_backend *b,
399 const char *name, struct group *grdst,
400 char *buf, size_t buflen, struct group **grdstp);
401 struct group * (*nw_getgrgid)(struct nwrap_backend *b,
403 int (*nw_getgrgid_r)(struct nwrap_backend *b,
404 gid_t gid, struct group *grdst,
405 char *buf, size_t buflen, struct group **grdstp);
406 void (*nw_setgrent)(struct nwrap_backend *b);
407 struct group * (*nw_getgrent)(struct nwrap_backend *b);
408 int (*nw_getgrent_r)(struct nwrap_backend *b,
409 struct group *grdst, char *buf,
410 size_t buflen, struct group **grdstp);
411 void (*nw_endgrent)(struct nwrap_backend *b);
414 /* Public prototypes */
416 bool nss_wrapper_enabled(void);
417 bool nss_wrapper_shadow_enabled(void);
418 bool nss_wrapper_hosts_enabled(void);
420 /* prototypes for files backend */
423 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
425 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
426 const char *name, struct passwd *pwdst,
427 char *buf, size_t buflen, struct passwd **pwdstp);
428 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
430 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
431 uid_t uid, struct passwd *pwdst,
432 char *buf, size_t buflen, struct passwd **pwdstp);
433 static void nwrap_files_setpwent(struct nwrap_backend *b);
434 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b);
435 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
436 struct passwd *pwdst, char *buf,
437 size_t buflen, struct passwd **pwdstp);
438 static void nwrap_files_endpwent(struct nwrap_backend *b);
439 static int nwrap_files_initgroups(struct nwrap_backend *b,
440 const char *user, gid_t group);
441 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
443 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
444 const char *name, struct group *grdst,
445 char *buf, size_t buflen, struct group **grdstp);
446 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
448 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
449 gid_t gid, struct group *grdst,
450 char *buf, size_t buflen, struct group **grdstp);
451 static void nwrap_files_setgrent(struct nwrap_backend *b);
452 static struct group *nwrap_files_getgrent(struct nwrap_backend *b);
453 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
454 struct group *grdst, char *buf,
455 size_t buflen, struct group **grdstp);
456 static void nwrap_files_endgrent(struct nwrap_backend *b);
458 /* prototypes for module backend */
460 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b);
461 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
462 struct passwd *pwdst, char *buf,
463 size_t buflen, struct passwd **pwdstp);
464 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
466 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
467 const char *name, struct passwd *pwdst,
468 char *buf, size_t buflen, struct passwd **pwdstp);
469 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
471 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
472 uid_t uid, struct passwd *pwdst,
473 char *buf, size_t buflen, struct passwd **pwdstp);
474 static void nwrap_module_setpwent(struct nwrap_backend *b);
475 static void nwrap_module_endpwent(struct nwrap_backend *b);
476 static struct group *nwrap_module_getgrent(struct nwrap_backend *b);
477 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
478 struct group *grdst, char *buf,
479 size_t buflen, struct group **grdstp);
480 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
482 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
483 const char *name, struct group *grdst,
484 char *buf, size_t buflen, struct group **grdstp);
485 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
487 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
488 gid_t gid, struct group *grdst,
489 char *buf, size_t buflen, struct group **grdstp);
490 static void nwrap_module_setgrent(struct nwrap_backend *b);
491 static void nwrap_module_endgrent(struct nwrap_backend *b);
492 static int nwrap_module_initgroups(struct nwrap_backend *b,
493 const char *user, gid_t group);
495 struct nwrap_ops nwrap_files_ops = {
496 .nw_getpwnam = nwrap_files_getpwnam,
497 .nw_getpwnam_r = nwrap_files_getpwnam_r,
498 .nw_getpwuid = nwrap_files_getpwuid,
499 .nw_getpwuid_r = nwrap_files_getpwuid_r,
500 .nw_setpwent = nwrap_files_setpwent,
501 .nw_getpwent = nwrap_files_getpwent,
502 .nw_getpwent_r = nwrap_files_getpwent_r,
503 .nw_endpwent = nwrap_files_endpwent,
504 .nw_initgroups = nwrap_files_initgroups,
505 .nw_getgrnam = nwrap_files_getgrnam,
506 .nw_getgrnam_r = nwrap_files_getgrnam_r,
507 .nw_getgrgid = nwrap_files_getgrgid,
508 .nw_getgrgid_r = nwrap_files_getgrgid_r,
509 .nw_setgrent = nwrap_files_setgrent,
510 .nw_getgrent = nwrap_files_getgrent,
511 .nw_getgrent_r = nwrap_files_getgrent_r,
512 .nw_endgrent = nwrap_files_endgrent,
515 struct nwrap_ops nwrap_module_ops = {
516 .nw_getpwnam = nwrap_module_getpwnam,
517 .nw_getpwnam_r = nwrap_module_getpwnam_r,
518 .nw_getpwuid = nwrap_module_getpwuid,
519 .nw_getpwuid_r = nwrap_module_getpwuid_r,
520 .nw_setpwent = nwrap_module_setpwent,
521 .nw_getpwent = nwrap_module_getpwent,
522 .nw_getpwent_r = nwrap_module_getpwent_r,
523 .nw_endpwent = nwrap_module_endpwent,
524 .nw_initgroups = nwrap_module_initgroups,
525 .nw_getgrnam = nwrap_module_getgrnam,
526 .nw_getgrnam_r = nwrap_module_getgrnam_r,
527 .nw_getgrgid = nwrap_module_getgrgid,
528 .nw_getgrgid_r = nwrap_module_getgrgid_r,
529 .nw_setgrent = nwrap_module_setgrent,
530 .nw_getgrent = nwrap_module_getgrent,
531 .nw_getgrent_r = nwrap_module_getgrent_r,
532 .nw_endgrent = nwrap_module_endgrent,
539 struct nwrap_libc_fns *fns;
544 struct nwrap_backend *backends;
545 struct nwrap_libc *libc;
548 static struct nwrap_main *nwrap_main_global;
549 static struct nwrap_main __nwrap_main_global;
554 static int nwrap_convert_he_ai(const struct hostent *he,
556 const struct addrinfo *hints,
557 struct addrinfo **pai,
558 bool skip_canonname);
564 #define DEFAULT_VECTOR_CAPACITY 16
566 struct nwrap_vector {
572 /* Macro returns pointer to first element of vector->items array.
574 * nwrap_vector is used as a memory backend which take care of
575 * memory allocations and other stuff like memory growing.
576 * nwrap_vectors should not be considered as some abstract structures.
577 * On this level, vectors are more handy than direct realloc/malloc
580 * nwrap_vector->items is array inside nwrap_vector which can be
581 * directly pointed by libc structure assembled by cwrap itself.
585 * 1) struct hostent contains char **h_addr_list element.
586 * 2) nwrap_vector holds array of pointers to addresses.
587 * It's easier to use vector to store results of
590 * Now, pretend that cwrap assembled struct hostent and
591 * we need to set h_addr_list to point to nwrap_vector.
592 * Idea behind is to shield users from internal nwrap_vector
594 * (Yes, not fully - array terminated by NULL is needed because
595 * it's result expected by libc function caller.)
601 * struct nwrap_vector *vector = malloc(sizeof(struct nwrap_vector));
602 * ... don't care about failed allocation now ...
604 * ... fill nwrap vector ...
607 * he.h_addr_list = nwrap_vector_head(vector);
610 #define nwrap_vector_head(vect) ((void *)((vect)->items))
612 #define nwrap_vector_foreach(item, vect, iter) \
613 for (iter = 0, (item) = (vect).items == NULL ? NULL : (vect).items[0]; \
615 (item) = (vect).items[++iter])
617 #define nwrap_vector_is_initialized(vector) ((vector)->items != NULL)
619 static inline bool nwrap_vector_init(struct nwrap_vector *const vector)
621 if (vector == NULL) {
625 /* count is initialized by ZERO_STRUCTP */
626 ZERO_STRUCTP(vector);
627 vector->items = malloc(sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
628 if (vector->items == NULL) {
631 vector->capacity = DEFAULT_VECTOR_CAPACITY;
632 memset(vector->items, '\0', sizeof(void *) * (DEFAULT_VECTOR_CAPACITY + 1));
637 static bool nwrap_vector_add_item(struct nwrap_vector *vector, void *const item)
639 assert (vector != NULL);
641 if (vector->items == NULL) {
642 nwrap_vector_init(vector);
645 if (vector->count == vector->capacity) {
646 /* Items array _MUST_ be NULL terminated because it's passed
647 * as result to caller which expect NULL terminated array from libc.
649 void **items = realloc(vector->items, sizeof(void *) * ((vector->capacity * 2) + 1));
653 vector->items = items;
655 /* Don't count ending NULL to capacity */
656 vector->capacity *= 2;
659 vector->items[vector->count] = item;
662 vector->items[vector->count] = NULL;
667 static bool nwrap_vector_merge(struct nwrap_vector *dst,
668 struct nwrap_vector *src)
670 void **dst_items = NULL;
673 if (src->count == 0) {
677 count = dst->count + src->count;
679 /* We don't need reallocation if we have enough capacity. */
680 if (src->count > (dst->capacity - dst->count)) {
681 dst_items = (void **)realloc(dst->items, (count + 1) * sizeof(void *));
682 if (dst_items == NULL) {
685 dst->items = dst_items;
686 dst->capacity = count;
689 memcpy((void *)(((long *)dst->items) + dst->count),
691 src->count * sizeof(void *));
704 struct nwrap_vector lines;
706 bool (*parse_line)(struct nwrap_cache *, char *line);
707 void (*unload)(struct nwrap_cache *);
712 struct nwrap_cache *cache;
719 struct nwrap_cache __nwrap_cache_pw;
720 struct nwrap_pw nwrap_pw_global;
722 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line);
723 static void nwrap_pw_unload(struct nwrap_cache *nwrap);
726 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
728 struct nwrap_cache *cache;
735 struct nwrap_cache __nwrap_cache_sp;
736 struct nwrap_sp nwrap_sp_global;
738 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line);
739 static void nwrap_sp_unload(struct nwrap_cache *nwrap);
740 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
744 struct nwrap_cache *cache;
751 struct nwrap_cache __nwrap_cache_gr;
752 struct nwrap_gr nwrap_gr_global;
755 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line);
756 static void nwrap_he_unload(struct nwrap_cache *nwrap);
758 struct nwrap_addrdata {
759 unsigned char host_addr[16]; /* IPv4 or IPv6 address */
762 static size_t max_hostents = 100;
764 struct nwrap_entdata {
765 struct nwrap_addrdata addr;
768 struct nwrap_vector nwrap_addrdata;
770 ssize_t aliases_count;
773 struct nwrap_entlist {
774 struct nwrap_entlist *next;
775 struct nwrap_entdata *ed;
779 struct nwrap_cache *cache;
781 struct nwrap_vector entries;
782 struct nwrap_vector lists;
788 static struct nwrap_cache __nwrap_cache_he;
789 static struct nwrap_he nwrap_he_global;
792 /*********************************************************
794 *********************************************************/
796 static void nwrap_init(void);
797 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line);
798 static void nwrap_gr_unload(struct nwrap_cache *nwrap);
799 void nwrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
801 /*********************************************************
802 * NWRAP LIBC LOADER FUNCTIONS
803 *********************************************************/
812 static const char *nwrap_str_lib(enum nwrap_lib lib)
819 case NWRAP_LIBSOCKET:
823 /* Compiler would warn us about unhandled enum value if we get here */
828 static void *nwrap_load_lib_handle(enum nwrap_lib lib)
830 int flags = RTLD_LAZY;
835 flags |= RTLD_DEEPBIND;
841 handle = nwrap_main_global->libc->nsl_handle;
842 if (handle == NULL) {
843 for (i = 10; i >= 0; i--) {
844 char soname[256] = {0};
846 snprintf(soname, sizeof(soname), "libnsl.so.%d", i);
847 handle = dlopen(soname, flags);
848 if (handle != NULL) {
853 nwrap_main_global->libc->nsl_handle = handle;
858 case NWRAP_LIBSOCKET:
859 #ifdef HAVE_LIBSOCKET
860 handle = nwrap_main_global->libc->sock_handle;
861 if (handle == NULL) {
862 for (i = 10; i >= 0; i--) {
863 char soname[256] = {0};
865 snprintf(soname, sizeof(soname), "libsocket.so.%d", i);
866 handle = dlopen(soname, flags);
867 if (handle != NULL) {
872 nwrap_main_global->libc->sock_handle = handle;
878 handle = nwrap_main_global->libc->handle;
879 if (handle == NULL) {
880 for (i = 10; i >= 0; i--) {
881 char soname[256] = {0};
883 snprintf(soname, sizeof(soname), "libc.so.%d", i);
884 handle = dlopen(soname, flags);
885 if (handle != NULL) {
890 nwrap_main_global->libc->handle = handle;
895 if (handle == NULL) {
897 handle = nwrap_main_global->libc->handle
898 = nwrap_main_global->libc->sock_handle
899 = nwrap_main_global->libc->nsl_handle
902 NWRAP_LOG(NWRAP_LOG_ERROR,
903 "Failed to dlopen library: %s\n",
912 static void *_nwrap_load_lib_function(enum nwrap_lib lib, const char *fn_name)
919 handle = nwrap_load_lib_handle(lib);
921 func = dlsym(handle, fn_name);
923 NWRAP_LOG(NWRAP_LOG_ERROR,
924 "Failed to find %s: %s\n",
929 NWRAP_LOG(NWRAP_LOG_TRACE,
931 fn_name, nwrap_str_lib(lib));
935 #define nwrap_load_lib_function(lib, fn_name) \
936 if (nwrap_main_global->libc->fns->_libc_##fn_name == NULL) { \
937 *(void **) (&nwrap_main_global->libc->fns->_libc_##fn_name) = \
938 _nwrap_load_lib_function(lib, #fn_name); \
941 /* INTERNAL HELPER FUNCTIONS */
942 static void nwrap_lines_unload(struct nwrap_cache *const nwrap)
946 nwrap_vector_foreach(item, nwrap->lines, p) {
947 /* Maybe some vectors were merged ... */
950 SAFE_FREE(nwrap->lines.items);
951 ZERO_STRUCTP(&nwrap->lines);
957 * Functions expeciall from libc need to be loaded individually, you can't load
958 * all at once or gdb will segfault at startup. The same applies to valgrind and
959 * has probably something todo with with the linker.
960 * So we need load each function at the point it is called the first time.
962 static struct passwd *libc_getpwnam(const char *name)
964 nwrap_load_lib_function(NWRAP_LIBC, getpwnam);
966 return nwrap_main_global->libc->fns->_libc_getpwnam(name);
969 #ifdef HAVE_GETPWNAM_R
970 static int libc_getpwnam_r(const char *name,
974 struct passwd **result)
976 #ifdef HAVE___POSIX_GETPWNAM_R
977 if (nwrap_main_global->libc->fns->_libc_getpwnam_r == NULL) {
978 *(void **) (&nwrap_main_global->libc->fns->_libc_getpwnam_r) =
979 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getpwnam_r");
982 nwrap_load_lib_function(NWRAP_LIBC, getpwnam_r);
985 return nwrap_main_global->libc->fns->_libc_getpwnam_r(name,
993 static struct passwd *libc_getpwuid(uid_t uid)
995 nwrap_load_lib_function(NWRAP_LIBC, getpwuid);
997 return nwrap_main_global->libc->fns->_libc_getpwuid(uid);
1000 #ifdef HAVE_GETPWUID_R
1001 static int libc_getpwuid_r(uid_t uid,
1005 struct passwd **result)
1007 #ifdef HAVE___POSIX_GETPWUID_R
1008 if (nwrap_main_global->libc->fns->_libc_getpwuid_r == NULL) {
1009 *(void **) (&nwrap_main_global->libc->fns->_libc_getpwuid_r) =
1010 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getpwuid_r");
1013 nwrap_load_lib_function(NWRAP_LIBC, getpwuid_r);
1016 return nwrap_main_global->libc->fns->_libc_getpwuid_r(uid,
1024 static inline void str_tolower(char *dst, char *src)
1026 register char *src_tmp = src;
1027 register char *dst_tmp = dst;
1029 while (*src_tmp != '\0') {
1030 *dst_tmp = tolower(*src_tmp);
1036 static bool str_tolower_copy(char **dst_name, const char *const src_name)
1040 if ((dst_name == NULL) || (src_name == NULL)) {
1044 h_name_lower = strdup(src_name);
1045 if (h_name_lower == NULL) {
1046 NWRAP_LOG(NWRAP_LOG_DEBUG, "Out of memory while strdup");
1050 str_tolower(h_name_lower, h_name_lower);
1051 *dst_name = h_name_lower;
1055 static void libc_setpwent(void)
1057 nwrap_load_lib_function(NWRAP_LIBC, setpwent);
1059 nwrap_main_global->libc->fns->_libc_setpwent();
1062 static struct passwd *libc_getpwent(void)
1064 nwrap_load_lib_function(NWRAP_LIBC, getpwent);
1066 return nwrap_main_global->libc->fns->_libc_getpwent();
1069 #ifdef HAVE_SOLARIS_GETPWENT_R
1070 static struct passwd *libc_getpwent_r(struct passwd *pwdst,
1074 nwrap_load_lib_function(NWRAP_LIBC, getpwent_r);
1076 return nwrap_main_global->libc->fns->_libc_getpwent_r(pwdst,
1080 #else /* HAVE_SOLARIS_GETPWENT_R */
1081 static int libc_getpwent_r(struct passwd *pwdst,
1084 struct passwd **pwdstp)
1086 nwrap_load_lib_function(NWRAP_LIBC, getpwent_r);
1088 return nwrap_main_global->libc->fns->_libc_getpwent_r(pwdst,
1093 #endif /* HAVE_SOLARIS_GETPWENT_R */
1095 static void libc_endpwent(void)
1097 nwrap_load_lib_function(NWRAP_LIBC, endpwent);
1099 nwrap_main_global->libc->fns->_libc_endpwent();
1102 static int libc_initgroups(const char *user, gid_t gid)
1104 nwrap_load_lib_function(NWRAP_LIBC, initgroups);
1106 return nwrap_main_global->libc->fns->_libc_initgroups(user, gid);
1109 static struct group *libc_getgrnam(const char *name)
1111 nwrap_load_lib_function(NWRAP_LIBC, getgrnam);
1113 return nwrap_main_global->libc->fns->_libc_getgrnam(name);
1116 #ifdef HAVE_GETGRNAM_R
1117 static int libc_getgrnam_r(const char *name,
1121 struct group **result)
1123 #ifdef HAVE___POSIX_GETGRNAM_R
1124 if (nwrap_main_global->libc->fns->_libc_getgrnam_r == NULL) {
1125 *(void **) (&nwrap_main_global->libc->fns->_libc_getgrnam_r) =
1126 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getgrnam_r");
1129 nwrap_load_lib_function(NWRAP_LIBC, getgrnam_r);
1132 return nwrap_main_global->libc->fns->_libc_getgrnam_r(name,
1140 static struct group *libc_getgrgid(gid_t gid)
1142 nwrap_load_lib_function(NWRAP_LIBC, getgrgid);
1144 return nwrap_main_global->libc->fns->_libc_getgrgid(gid);
1147 #ifdef HAVE_GETGRGID_R
1148 static int libc_getgrgid_r(gid_t gid,
1152 struct group **result)
1154 #ifdef HAVE___POSIX_GETGRGID_R
1155 if (nwrap_main_global->libc->fns->_libc_getgrgid_r == NULL) {
1156 *(void **) (&nwrap_main_global->libc->fns->_libc_getgrgid_r) =
1157 _nwrap_load_lib_function(NWRAP_LIBC, "__posix_getgrgid_r");
1160 nwrap_load_lib_function(NWRAP_LIBC, getgrgid_r);
1163 return nwrap_main_global->libc->fns->_libc_getgrgid_r(gid,
1171 static void libc_setgrent(void)
1173 nwrap_load_lib_function(NWRAP_LIBC, setgrent);
1175 nwrap_main_global->libc->fns->_libc_setgrent();
1178 static struct group *libc_getgrent(void)
1180 nwrap_load_lib_function(NWRAP_LIBC, getgrent);
1182 return nwrap_main_global->libc->fns->_libc_getgrent();
1185 #ifdef HAVE_GETGRENT_R
1186 #ifdef HAVE_SOLARIS_GETGRENT_R
1187 static struct group *libc_getgrent_r(struct group *group,
1191 nwrap_load_lib_function(NWRAP_LIBC, getgrent_r);
1193 return nwrap_main_global->libc->fns->_libc_getgrent_r(group,
1197 #else /* !HAVE_SOLARIS_GETGRENT_R */
1198 static int libc_getgrent_r(struct group *group,
1201 struct group **result)
1203 nwrap_load_lib_function(NWRAP_LIBC, getgrent_r);
1205 return nwrap_main_global->libc->fns->_libc_getgrent_r(group,
1210 #endif /* HAVE_SOLARIS_GETGRENT_R */
1211 #endif /* HAVE_GETGRENT_R */
1213 static void libc_endgrent(void)
1215 nwrap_load_lib_function(NWRAP_LIBC, endgrent);
1217 nwrap_main_global->libc->fns->_libc_endgrent();
1220 #ifdef HAVE_GETGROUPLIST
1221 static int libc_getgrouplist(const char *user,
1226 nwrap_load_lib_function(NWRAP_LIBC, getgrouplist);
1228 return nwrap_main_global->libc->fns->_libc_getgrouplist(user,
1235 static void libc_sethostent(int stayopen)
1237 nwrap_load_lib_function(NWRAP_LIBNSL, sethostent);
1239 nwrap_main_global->libc->fns->_libc_sethostent(stayopen);
1242 static struct hostent *libc_gethostent(void)
1244 nwrap_load_lib_function(NWRAP_LIBNSL, gethostent);
1246 return nwrap_main_global->libc->fns->_libc_gethostent();
1249 static void libc_endhostent(void)
1251 nwrap_load_lib_function(NWRAP_LIBNSL, endhostent);
1253 nwrap_main_global->libc->fns->_libc_endhostent();
1256 static struct hostent *libc_gethostbyname(const char *name)
1258 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname);
1260 return nwrap_main_global->libc->fns->_libc_gethostbyname(name);
1263 #ifdef HAVE_GETHOSTBYNAME2 /* GNU extension */
1264 static struct hostent *libc_gethostbyname2(const char *name, int af)
1266 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname2);
1268 return nwrap_main_global->libc->fns->_libc_gethostbyname2(name, af);
1272 static struct hostent *libc_gethostbyaddr(const void *addr,
1276 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyaddr);
1278 return nwrap_main_global->libc->fns->_libc_gethostbyaddr(addr,
1283 static int libc_gethostname(char *name, size_t len)
1285 nwrap_load_lib_function(NWRAP_LIBNSL, gethostname);
1287 return nwrap_main_global->libc->fns->_libc_gethostname(name, len);
1290 #ifdef HAVE_GETHOSTBYNAME_R
1291 static int libc_gethostbyname_r(const char *name,
1292 struct hostent *ret,
1295 struct hostent **result,
1298 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyname_r);
1300 return nwrap_main_global->libc->fns->_libc_gethostbyname_r(name,
1309 #ifdef HAVE_GETHOSTBYADDR_R
1310 static int libc_gethostbyaddr_r(const void *addr,
1313 struct hostent *ret,
1316 struct hostent **result,
1319 nwrap_load_lib_function(NWRAP_LIBNSL, gethostbyaddr_r);
1321 return nwrap_main_global->libc->fns->_libc_gethostbyaddr_r(addr,
1332 static int libc_getaddrinfo(const char *node,
1333 const char *service,
1334 const struct addrinfo *hints,
1335 struct addrinfo **res)
1337 nwrap_load_lib_function(NWRAP_LIBSOCKET, getaddrinfo);
1339 return nwrap_main_global->libc->fns->_libc_getaddrinfo(node,
1345 static int libc_getnameinfo(const struct sockaddr *sa,
1353 nwrap_load_lib_function(NWRAP_LIBSOCKET, getnameinfo);
1355 return nwrap_main_global->libc->fns->_libc_getnameinfo(sa,
1364 /*********************************************************
1365 * NWRAP NSS MODULE LOADER FUNCTIONS
1366 *********************************************************/
1368 static void *nwrap_load_module_fn(struct nwrap_backend *b,
1369 const char *fn_name)
1374 if (!b->so_handle) {
1375 NWRAP_LOG(NWRAP_LOG_ERROR, "No handle");
1379 if (asprintf(&s, "_nss_%s_%s", b->name, fn_name) == -1) {
1380 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1384 res = dlsym(b->so_handle, s);
1386 NWRAP_LOG(NWRAP_LOG_ERROR,
1387 "Cannot find function %s in %s",
1394 static struct nwrap_module_nss_fns *nwrap_load_module_fns(struct nwrap_backend *b)
1396 struct nwrap_module_nss_fns *fns;
1398 if (!b->so_handle) {
1402 fns = (struct nwrap_module_nss_fns *)malloc(sizeof(struct nwrap_module_nss_fns));
1407 *(void **)(&fns->_nss_getpwnam_r) =
1408 nwrap_load_module_fn(b, "getpwnam_r");
1409 *(void **)(&fns->_nss_getpwuid_r) =
1410 nwrap_load_module_fn(b, "getpwuid_r");
1411 *(void **)(&fns->_nss_setpwent) =
1412 nwrap_load_module_fn(b, "setpwent");
1413 *(void **)(&fns->_nss_getpwent_r) =
1414 nwrap_load_module_fn(b, "getpwent_r");
1415 *(void **)(&fns->_nss_endpwent) =
1416 nwrap_load_module_fn(b, "endpwent");
1417 *(void **)(&fns->_nss_initgroups) =
1418 nwrap_load_module_fn(b, "initgroups_dyn");
1419 *(void **)(&fns->_nss_getgrnam_r) =
1420 nwrap_load_module_fn(b, "getgrnam_r");
1421 *(void **)(&fns->_nss_getgrgid_r)=
1422 nwrap_load_module_fn(b, "getgrgid_r");
1423 *(void **)(&fns->_nss_setgrent) =
1424 nwrap_load_module_fn(b, "setgrent");
1425 *(void **)(&fns->_nss_getgrent_r) =
1426 nwrap_load_module_fn(b, "getgrent_r");
1427 *(void **)(&fns->_nss_endgrent) =
1428 nwrap_load_module_fn(b, "endgrent");
1433 static void *nwrap_load_module(const char *so_path)
1437 if (!so_path || !strlen(so_path)) {
1441 h = dlopen(so_path, RTLD_LAZY);
1443 NWRAP_LOG(NWRAP_LOG_ERROR,
1444 "Cannot open shared library %s",
1452 static bool nwrap_module_init(const char *name,
1453 struct nwrap_ops *ops,
1454 const char *so_path,
1456 struct nwrap_backend **backends)
1458 struct nwrap_backend *b;
1460 *backends = (struct nwrap_backend *)realloc(*backends,
1461 sizeof(struct nwrap_backend) * ((*num_backends) + 1));
1463 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
1467 b = &((*backends)[*num_backends]);
1471 b->so_path = so_path;
1473 if (so_path != NULL) {
1474 b->so_handle = nwrap_load_module(so_path);
1475 b->fns = nwrap_load_module_fns(b);
1476 if (b->fns == NULL) {
1480 b->so_handle = NULL;
1489 static void nwrap_libc_init(struct nwrap_main *r)
1491 r->libc = malloc(sizeof(struct nwrap_libc));
1492 if (r->libc == NULL) {
1493 printf("Failed to allocate memory for libc");
1496 ZERO_STRUCTP(r->libc);
1498 r->libc->fns = malloc(sizeof(struct nwrap_libc_fns));
1499 if (r->libc->fns == NULL) {
1500 printf("Failed to allocate memory for libc functions");
1503 ZERO_STRUCTP(r->libc->fns);
1506 static void nwrap_backend_init(struct nwrap_main *r)
1508 const char *module_so_path = getenv("NSS_WRAPPER_MODULE_SO_PATH");
1509 const char *module_fn_name = getenv("NSS_WRAPPER_MODULE_FN_PREFIX");
1511 r->num_backends = 0;
1514 if (!nwrap_module_init("files", &nwrap_files_ops, NULL,
1517 NWRAP_LOG(NWRAP_LOG_ERROR,
1518 "Failed to initialize 'files' backend");
1522 if (module_so_path != NULL &&
1523 module_so_path[0] != '\0' &&
1524 module_fn_name != NULL &&
1525 module_fn_name[0] != '\0') {
1526 if (!nwrap_module_init(module_fn_name,
1531 NWRAP_LOG(NWRAP_LOG_ERROR,
1532 "Failed to initialize '%s' backend",
1539 static void nwrap_init(void)
1543 size_t max_hostents_tmp;
1545 NWRAP_LOCK(nwrap_initialized);
1546 if (nwrap_initialized) {
1547 NWRAP_UNLOCK(nwrap_initialized);
1552 * Still holding nwrap_initialized lock here.
1553 * We don't use NWRAP_(UN)LOCK_ALL macros here because we
1554 * want to avoid overhead when other threads do their job.
1556 NWRAP_LOCK(nwrap_global);
1557 NWRAP_LOCK(nwrap_gr_global);
1558 NWRAP_LOCK(nwrap_he_global);
1559 NWRAP_LOCK(nwrap_pw_global);
1560 NWRAP_LOCK(nwrap_sp_global);
1562 nwrap_initialized = true;
1564 /* Initialize pthread_atfork handlers */
1565 pthread_atfork(&nwrap_thread_prepare, &nwrap_thread_parent,
1566 &nwrap_thread_child);
1568 env = getenv("NSS_WRAPPER_MAX_HOSTENTS");
1570 max_hostents_tmp = (size_t)strtoul(env, &endptr, 10);
1571 if ((*env == '\0') ||
1572 (*endptr != '\0') ||
1573 (max_hostents_tmp == 0)) {
1574 NWRAP_LOG(NWRAP_LOG_DEBUG,
1575 "Error parsing NSS_WRAPPER_MAX_HOSTENTS "
1576 "value or value is too small. "
1577 "Using default value: %lu.",
1578 (unsigned long)max_hostents);
1580 max_hostents = max_hostents_tmp;
1583 /* Initialize hash table */
1584 NWRAP_LOG(NWRAP_LOG_DEBUG,
1585 "Initializing hash table of size %lu items.",
1586 (unsigned long)max_hostents);
1587 if (hcreate(max_hostents) == 0) {
1588 NWRAP_LOG(NWRAP_LOG_ERROR,
1589 "Failed to initialize hash table");
1593 nwrap_main_global = &__nwrap_main_global;
1595 nwrap_libc_init(nwrap_main_global);
1597 nwrap_backend_init(nwrap_main_global);
1600 nwrap_pw_global.cache = &__nwrap_cache_pw;
1602 nwrap_pw_global.cache->path = getenv("NSS_WRAPPER_PASSWD");
1603 nwrap_pw_global.cache->fp = NULL;
1604 nwrap_pw_global.cache->fd = -1;
1605 nwrap_pw_global.cache->private_data = &nwrap_pw_global;
1606 nwrap_pw_global.cache->parse_line = nwrap_pw_parse_line;
1607 nwrap_pw_global.cache->unload = nwrap_pw_unload;
1610 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1611 nwrap_sp_global.cache = &__nwrap_cache_sp;
1613 nwrap_sp_global.cache->path = getenv("NSS_WRAPPER_SHADOW");
1614 nwrap_sp_global.cache->fp = NULL;
1615 nwrap_sp_global.cache->fd = -1;
1616 nwrap_sp_global.cache->private_data = &nwrap_sp_global;
1617 nwrap_sp_global.cache->parse_line = nwrap_sp_parse_line;
1618 nwrap_sp_global.cache->unload = nwrap_sp_unload;
1619 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1622 nwrap_gr_global.cache = &__nwrap_cache_gr;
1624 nwrap_gr_global.cache->path = getenv("NSS_WRAPPER_GROUP");
1625 nwrap_gr_global.cache->fp = NULL;
1626 nwrap_gr_global.cache->fd = -1;
1627 nwrap_gr_global.cache->private_data = &nwrap_gr_global;
1628 nwrap_gr_global.cache->parse_line = nwrap_gr_parse_line;
1629 nwrap_gr_global.cache->unload = nwrap_gr_unload;
1632 nwrap_he_global.cache = &__nwrap_cache_he;
1634 nwrap_he_global.cache->path = getenv("NSS_WRAPPER_HOSTS");
1635 nwrap_he_global.cache->fp = NULL;
1636 nwrap_he_global.cache->fd = -1;
1637 nwrap_he_global.cache->private_data = &nwrap_he_global;
1638 nwrap_he_global.cache->parse_line = nwrap_he_parse_line;
1639 nwrap_he_global.cache->unload = nwrap_he_unload;
1642 /* We hold all locks here so we can use NWRAP_UNLOCK_ALL. */
1646 bool nss_wrapper_enabled(void)
1650 if (nwrap_pw_global.cache->path == NULL ||
1651 nwrap_pw_global.cache->path[0] == '\0') {
1654 if (nwrap_gr_global.cache->path == NULL ||
1655 nwrap_gr_global.cache->path[0] == '\0') {
1662 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
1663 bool nss_wrapper_shadow_enabled(void)
1667 if (nwrap_sp_global.cache->path == NULL ||
1668 nwrap_sp_global.cache->path[0] == '\0') {
1674 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
1676 bool nss_wrapper_hosts_enabled(void)
1680 if (nwrap_he_global.cache->path == NULL ||
1681 nwrap_he_global.cache->path[0] == '\0') {
1688 static bool nwrap_hostname_enabled(void)
1692 if (getenv("NSS_WRAPPER_HOSTNAME") == NULL) {
1699 static bool nwrap_parse_file(struct nwrap_cache *nwrap)
1703 /* Unused but getline needs it */
1707 if (nwrap->st.st_size == 0) {
1708 NWRAP_LOG(NWRAP_LOG_DEBUG, "size == 0");
1712 /* Support for 32-bit system I guess */
1713 if (nwrap->st.st_size > INT32_MAX) {
1714 NWRAP_LOG(NWRAP_LOG_ERROR,
1715 "Size[%u] larger than INT32_MAX",
1716 (unsigned)nwrap->st.st_size);
1723 n = getline(&line, &len, nwrap->fp);
1726 if (feof(nwrap->fp)) {
1730 NWRAP_LOG(NWRAP_LOG_ERROR,
1731 "Unable to read line from file: %s",
1736 if (line[n - 1] == '\n') {
1740 if (line[0] == '\0') {
1745 ok = nwrap->parse_line(nwrap, line);
1747 NWRAP_LOG(NWRAP_LOG_ERROR,
1748 "Unable to parse line file: %s",
1754 /* Line is parsed without issues so add it to list */
1755 ok = nwrap_vector_add_item(&(nwrap->lines), (void *const) line);
1757 NWRAP_LOG(NWRAP_LOG_ERROR,
1758 "Unable to add line to vector");
1762 /* This forces getline to allocate new memory for line. */
1764 } while (!feof(nwrap->fp));
1769 static void nwrap_files_cache_unload(struct nwrap_cache *nwrap)
1771 nwrap->unload(nwrap);
1773 nwrap_lines_unload(nwrap);
1776 static bool nwrap_files_cache_reload(struct nwrap_cache *nwrap)
1781 bool retried = false;
1783 assert(nwrap != NULL);
1786 if (nwrap->fd < 0) {
1787 nwrap->fp = fopen(nwrap->path, "re");
1788 if (nwrap->fp == NULL) {
1790 NWRAP_LOG(NWRAP_LOG_ERROR,
1791 "Unable to open '%s' readonly %d:%s",
1792 nwrap->path, nwrap->fd,
1797 nwrap->fd = fileno(nwrap->fp);
1798 NWRAP_LOG(NWRAP_LOG_DEBUG, "Open '%s'", nwrap->path);
1801 ret = fstat(nwrap->fd, &st);
1803 NWRAP_LOG(NWRAP_LOG_ERROR,
1804 "fstat(%s) - %d:%s",
1814 if (retried == false && st.st_nlink == 0) {
1815 /* maybe someone has replaced the file... */
1816 NWRAP_LOG(NWRAP_LOG_TRACE,
1817 "st_nlink == 0, reopen %s",
1820 memset(&nwrap->st, 0, sizeof(nwrap->st));
1827 if (st.st_mtime == nwrap->st.st_mtime) {
1828 NWRAP_LOG(NWRAP_LOG_TRACE,
1829 "st_mtime[%u] hasn't changed, skip reload",
1830 (unsigned)st.st_mtime);
1834 NWRAP_LOG(NWRAP_LOG_TRACE,
1835 "st_mtime has changed [%u] => [%u], start reload",
1836 (unsigned)st.st_mtime,
1837 (unsigned)nwrap->st.st_mtime);
1841 nwrap_files_cache_unload(nwrap);
1843 ok = nwrap_parse_file(nwrap);
1845 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to reload %s", nwrap->path);
1846 nwrap_files_cache_unload(nwrap);
1850 NWRAP_LOG(NWRAP_LOG_TRACE, "Reloaded %s", nwrap->path);
1855 * the caller has to call nwrap_unload() on failure
1857 static bool nwrap_pw_parse_line(struct nwrap_cache *nwrap, char *line)
1859 struct nwrap_pw *nwrap_pw;
1866 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
1868 list_size = sizeof(*nwrap_pw->list) * (nwrap_pw->num+1);
1869 pw = (struct passwd *)realloc(nwrap_pw->list, list_size);
1871 NWRAP_LOG(NWRAP_LOG_ERROR,
1872 "realloc(%u) failed",
1873 (unsigned)list_size);
1876 nwrap_pw->list = pw;
1878 pw = &nwrap_pw->list[nwrap_pw->num];
1885 NWRAP_LOG(NWRAP_LOG_ERROR,
1886 "Invalid line[%s]: '%s'",
1896 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", pw->pw_name);
1901 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1909 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]\n", pw->pw_passwd);
1914 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1920 pw->pw_uid = (uid_t)strtoul(c, &e, 10);
1922 NWRAP_LOG(NWRAP_LOG_ERROR,
1923 "Invalid line[%s]: '%s' - %s",
1924 line, c, strerror(errno));
1928 NWRAP_LOG(NWRAP_LOG_ERROR,
1929 "Invalid line[%s]: '%s' - %s",
1930 line, c, strerror(errno));
1934 NWRAP_LOG(NWRAP_LOG_ERROR,
1935 "Invalid line[%s]: '%s' - %s",
1936 line, c, strerror(errno));
1941 NWRAP_LOG(NWRAP_LOG_TRACE, "uid[%u]", pw->pw_uid);
1946 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
1952 pw->pw_gid = (gid_t)strtoul(c, &e, 10);
1954 NWRAP_LOG(NWRAP_LOG_ERROR,
1955 "Invalid line[%s]: '%s' - %s",
1956 line, c, strerror(errno));
1960 NWRAP_LOG(NWRAP_LOG_ERROR,
1961 "Invalid line[%s]: '%s' - %s",
1962 line, c, strerror(errno));
1966 NWRAP_LOG(NWRAP_LOG_ERROR,
1967 "Invalid line[%s]: '%s' - %s",
1968 line, c, strerror(errno));
1973 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]\n", pw->pw_gid);
1975 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
1976 pw->pw_class = discard_const_p(char, "");
1978 NWRAP_LOG(NWRAP_LOG_TRACE, "class[%s]", pw->pw_class);
1979 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
1981 #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
1984 NWRAP_LOG(NWRAP_LOG_TRACE,
1986 (unsigned long)pw->pw_change);
1987 #endif /* HAVE_STRUCT_PASSWD_PW_CHANGE */
1989 #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
1992 NWRAP_LOG(NWRAP_LOG_TRACE,
1994 (unsigned long)pw->pw_expire);
1995 #endif /* HAVE_STRUCT_PASSWD_PW_EXPIRE */
2000 NWRAP_LOG(NWRAP_LOG_ERROR, "invalid line[%s]: '%s'", line, c);
2008 NWRAP_LOG(NWRAP_LOG_TRACE, "gecos[%s]", pw->pw_gecos);
2013 NWRAP_LOG(NWRAP_LOG_ERROR, "'%s'", c);
2021 NWRAP_LOG(NWRAP_LOG_TRACE, "dir[%s]", pw->pw_dir);
2025 NWRAP_LOG(NWRAP_LOG_TRACE, "shell[%s]", pw->pw_shell);
2027 NWRAP_LOG(NWRAP_LOG_DEBUG,
2028 "Added user[%s:%s:%u:%u:%s:%s:%s]",
2029 pw->pw_name, pw->pw_passwd,
2030 pw->pw_uid, pw->pw_gid,
2031 pw->pw_gecos, pw->pw_dir, pw->pw_shell);
2037 static void nwrap_pw_unload(struct nwrap_cache *nwrap)
2039 struct nwrap_pw *nwrap_pw;
2040 nwrap_pw = (struct nwrap_pw *)nwrap->private_data;
2042 SAFE_FREE(nwrap_pw->list);
2047 static int nwrap_pw_copy_r(const struct passwd *src, struct passwd *dst,
2048 char *buf, size_t buflen, struct passwd **dstp)
2054 first = src->pw_name;
2056 last = src->pw_shell;
2057 while (*last) last++;
2059 ofs = PTR_DIFF(last + 1, first);
2061 if (ofs > (off_t) buflen) {
2065 memcpy(buf, first, ofs);
2067 ofs = PTR_DIFF(src->pw_name, first);
2068 dst->pw_name = buf + ofs;
2069 ofs = PTR_DIFF(src->pw_passwd, first);
2070 dst->pw_passwd = buf + ofs;
2071 dst->pw_uid = src->pw_uid;
2072 dst->pw_gid = src->pw_gid;
2073 ofs = PTR_DIFF(src->pw_gecos, first);
2074 dst->pw_gecos = buf + ofs;
2075 ofs = PTR_DIFF(src->pw_dir, first);
2076 dst->pw_dir = buf + ofs;
2077 ofs = PTR_DIFF(src->pw_shell, first);
2078 dst->pw_shell = buf + ofs;
2087 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
2088 static bool nwrap_sp_parse_line(struct nwrap_cache *nwrap, char *line)
2090 struct nwrap_sp *nwrap_sp;
2097 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2099 list_size = sizeof(*nwrap_sp->list) * (nwrap_sp->num+1);
2100 sp = (struct spwd *)realloc(nwrap_sp->list, list_size);
2102 NWRAP_LOG(NWRAP_LOG_ERROR,
2103 "realloc(%u) failed",
2104 (unsigned)list_size);
2107 nwrap_sp->list = sp;
2109 sp = &nwrap_sp->list[nwrap_sp->num];
2116 NWRAP_LOG(NWRAP_LOG_ERROR,
2117 "name -- Invalid line[%s]: '%s'",
2127 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]\n", sp->sp_namp);
2132 NWRAP_LOG(NWRAP_LOG_ERROR,
2133 "pwd -- Invalid line[%s]: '%s'",
2150 NWRAP_LOG(NWRAP_LOG_ERROR,
2151 "lstchg -- Invalid line[%s]: '%s'",
2158 sp->sp_lstchg = strtol(c, &e, 10);
2160 NWRAP_LOG(NWRAP_LOG_ERROR,
2161 "lstchg -- Invalid line[%s]: '%s' - %s",
2162 line, c, strerror(errno));
2166 NWRAP_LOG(NWRAP_LOG_ERROR,
2167 "lstchg -- Invalid line[%s]: '%s' - %s",
2168 line, c, strerror(errno));
2172 NWRAP_LOG(NWRAP_LOG_ERROR,
2173 "lstchg -- Invalid line[%s]: '%s' - %s",
2174 line, c, strerror(errno));
2187 NWRAP_LOG(NWRAP_LOG_ERROR,
2188 "min -- Invalid line[%s]: '%s'",
2195 sp->sp_min = strtol(c, &e, 10);
2197 NWRAP_LOG(NWRAP_LOG_ERROR,
2198 "min -- Invalid line[%s]: '%s' - %s",
2199 line, c, strerror(errno));
2203 NWRAP_LOG(NWRAP_LOG_ERROR,
2204 "min -- Invalid line[%s]: '%s' - %s",
2205 line, c, strerror(errno));
2209 NWRAP_LOG(NWRAP_LOG_ERROR,
2210 "min -- Invalid line[%s]: '%s' - %s",
2211 line, c, strerror(errno));
2224 NWRAP_LOG(NWRAP_LOG_ERROR,
2225 "max -- Invalid line[%s]: '%s'",
2232 sp->sp_max = strtol(c, &e, 10);
2234 NWRAP_LOG(NWRAP_LOG_ERROR,
2235 "max -- Invalid line[%s]: '%s' - %s",
2236 line, c, strerror(errno));
2240 NWRAP_LOG(NWRAP_LOG_ERROR,
2241 "max -- Invalid line[%s]: '%s' - %s",
2242 line, c, strerror(errno));
2246 NWRAP_LOG(NWRAP_LOG_ERROR,
2247 "max -- Invalid line[%s]: '%s' - %s",
2248 line, c, strerror(errno));
2261 NWRAP_LOG(NWRAP_LOG_ERROR,
2262 "warn -- Invalid line[%s]: '%s'",
2269 sp->sp_warn = strtol(c, &e, 10);
2271 NWRAP_LOG(NWRAP_LOG_ERROR,
2272 "warn -- Invalid line[%s]: '%s' - %s",
2273 line, c, strerror(errno));
2277 NWRAP_LOG(NWRAP_LOG_ERROR,
2278 "warn -- Invalid line[%s]: '%s' - %s",
2279 line, c, strerror(errno));
2283 NWRAP_LOG(NWRAP_LOG_ERROR,
2284 "warn -- Invalid line[%s]: '%s' - %s",
2285 line, c, strerror(errno));
2298 NWRAP_LOG(NWRAP_LOG_ERROR,
2299 "inact -- Invalid line[%s]: '%s'",
2306 sp->sp_inact = strtol(c, &e, 10);
2308 NWRAP_LOG(NWRAP_LOG_ERROR,
2309 "inact -- Invalid line[%s]: '%s' - %s",
2310 line, c, strerror(errno));
2314 NWRAP_LOG(NWRAP_LOG_ERROR,
2315 "inact -- Invalid line[%s]: '%s' - %s",
2316 line, c, strerror(errno));
2320 NWRAP_LOG(NWRAP_LOG_ERROR,
2321 "inact -- Invalid line[%s]: '%s' - %s",
2322 line, c, strerror(errno));
2335 NWRAP_LOG(NWRAP_LOG_ERROR,
2336 "expire -- Invalid line[%s]: '%s'",
2343 sp->sp_expire = strtol(c, &e, 10);
2345 NWRAP_LOG(NWRAP_LOG_ERROR,
2346 "expire -- Invalid line[%s]: '%s' - %s",
2347 line, c, strerror(errno));
2351 NWRAP_LOG(NWRAP_LOG_ERROR,
2352 "expire -- Invalid line[%s]: '%s' - %s",
2353 line, c, strerror(errno));
2357 NWRAP_LOG(NWRAP_LOG_ERROR,
2358 "expire -- Invalid line[%s]: '%s' - %s",
2359 line, c, strerror(errno));
2369 static void nwrap_sp_unload(struct nwrap_cache *nwrap)
2371 struct nwrap_sp *nwrap_sp;
2372 nwrap_sp = (struct nwrap_sp *)nwrap->private_data;
2374 SAFE_FREE(nwrap_sp->list);
2378 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
2381 * the caller has to call nwrap_unload() on failure
2383 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line)
2385 struct nwrap_gr *nwrap_gr;
2393 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2395 list_size = sizeof(*nwrap_gr->list) * (nwrap_gr->num+1);
2396 gr = (struct group *)realloc(nwrap_gr->list, list_size);
2398 NWRAP_LOG(NWRAP_LOG_ERROR, "realloc failed");
2401 nwrap_gr->list = gr;
2403 gr = &nwrap_gr->list[nwrap_gr->num];
2410 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2418 NWRAP_LOG(NWRAP_LOG_TRACE, "name[%s]", gr->gr_name);
2423 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2431 NWRAP_LOG(NWRAP_LOG_TRACE, "password[%s]", gr->gr_passwd);
2436 NWRAP_LOG(NWRAP_LOG_ERROR, "Invalid line[%s]: '%s'", line, c);
2442 gr->gr_gid = (gid_t)strtoul(c, &e, 10);
2444 NWRAP_LOG(NWRAP_LOG_ERROR,
2445 "Invalid line[%s]: '%s' - %s",
2446 line, c, strerror(errno));
2450 NWRAP_LOG(NWRAP_LOG_ERROR,
2451 "Invalid line[%s]: '%s' - %s",
2452 line, c, strerror(errno));
2456 NWRAP_LOG(NWRAP_LOG_ERROR,
2457 "Invalid line[%s]: '%s' - %s",
2458 line, c, strerror(errno));
2463 NWRAP_LOG(NWRAP_LOG_TRACE, "gid[%u]", gr->gr_gid);
2466 gr->gr_mem = (char **)malloc(sizeof(char *));
2468 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
2471 gr->gr_mem[0] = NULL;
2473 for(nummem=0; p; nummem++) {
2483 if (strlen(c) == 0) {
2487 m_size = sizeof(char *) * (nummem+2);
2488 m = (char **)realloc(gr->gr_mem, m_size);
2490 NWRAP_LOG(NWRAP_LOG_ERROR,
2491 "realloc(%zd) failed",
2496 gr->gr_mem[nummem] = c;
2497 gr->gr_mem[nummem+1] = NULL;
2499 NWRAP_LOG(NWRAP_LOG_TRACE,
2501 nummem, gr->gr_mem[nummem]);
2504 NWRAP_LOG(NWRAP_LOG_DEBUG,
2505 "Added group[%s:%s:%u:] with %u members",
2506 gr->gr_name, gr->gr_passwd, gr->gr_gid, nummem);
2512 static void nwrap_gr_unload(struct nwrap_cache *nwrap)
2515 struct nwrap_gr *nwrap_gr;
2516 nwrap_gr = (struct nwrap_gr *)nwrap->private_data;
2518 if (nwrap_gr->list) {
2519 for (i=0; i < nwrap_gr->num; i++) {
2520 SAFE_FREE(nwrap_gr->list[i].gr_mem);
2522 SAFE_FREE(nwrap_gr->list);
2529 static int nwrap_gr_copy_r(const struct group *src, struct group *dst,
2530 char *buf, size_t buflen, struct group **dstp)
2540 first = src->gr_name;
2542 lastm = src->gr_mem;
2549 last = src->gr_passwd;
2551 while (*last) last++;
2553 ofsb = PTR_DIFF(last + 1, first);
2554 ofsm = PTR_DIFF(lastm + 1, src->gr_mem);
2556 if ((ofsb + ofsm) > (off_t) buflen) {
2560 memcpy(buf, first, ofsb);
2561 memcpy(buf + ofsb, src->gr_mem, ofsm);
2563 ofs = PTR_DIFF(src->gr_name, first);
2564 dst->gr_name = buf + ofs;
2565 ofs = PTR_DIFF(src->gr_passwd, first);
2566 dst->gr_passwd = buf + ofs;
2567 dst->gr_gid = src->gr_gid;
2569 dst->gr_mem = (char **)(buf + ofsb);
2570 for (i=0; src->gr_mem[i]; i++) {
2571 ofs = PTR_DIFF(src->gr_mem[i], first);
2572 dst->gr_mem[i] = buf + ofs;
2582 static struct nwrap_entlist *nwrap_entlist_init(struct nwrap_entdata *ed)
2584 struct nwrap_entlist *el;
2587 NWRAP_LOG(NWRAP_LOG_ERROR,
2588 "entry is NULL, can't create list item");
2592 el = (struct nwrap_entlist *)malloc(sizeof(struct nwrap_entlist));
2594 NWRAP_LOG(NWRAP_LOG_ERROR, "malloc failed");
2604 static bool nwrap_ed_inventarize_add_new(char *const h_name,
2605 struct nwrap_entdata *const ed)
2609 struct nwrap_entlist *el;
2612 if (h_name == NULL) {
2613 NWRAP_LOG(NWRAP_LOG_ERROR, "h_name NULL - can't add");
2617 el = nwrap_entlist_init(ed);
2623 e.data = (void *)el;
2625 p = hsearch(e, ENTER);
2627 NWRAP_LOG(NWRAP_LOG_ERROR, "Hash table is full!");
2631 ok = nwrap_vector_add_item(&(nwrap_he_global.lists), (void *)el);
2633 NWRAP_LOG(NWRAP_LOG_ERROR,
2634 "Failed to add list entry to vector.");
2641 static bool nwrap_ed_inventarize_add_to_existing(struct nwrap_entdata *const ed,
2642 struct nwrap_entlist *const el)
2644 struct nwrap_entlist *cursor;
2645 struct nwrap_entlist *el_new;
2648 NWRAP_LOG(NWRAP_LOG_ERROR, "list is NULL, can not add");
2653 for (cursor = el; cursor->next != NULL; cursor = cursor->next)
2655 if (cursor->ed == ed) {
2656 /* The entry already exists in this list. */
2661 if (cursor->ed == ed) {
2662 /* The entry already exists in this list. */
2666 el_new = nwrap_entlist_init(ed);
2667 if (el_new == NULL) {
2671 cursor->next = el_new;
2675 static bool nwrap_ed_inventarize(char *const name,
2676 struct nwrap_entdata *const ed)
2685 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching name: %s", e.key);
2687 p = hsearch(e, FIND);
2689 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found. Adding...", name);
2690 ok = nwrap_ed_inventarize_add_new(name, ed);
2692 struct nwrap_entlist *el = (struct nwrap_entlist *)p->data;
2694 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s found. Add record to list.", name);
2695 ok = nwrap_ed_inventarize_add_to_existing(ed, el);
2701 static bool nwrap_add_hname(struct nwrap_entdata *const ed)
2703 char *const h_name = (char *const)(ed->ht.h_name);
2707 ok = nwrap_ed_inventarize(h_name, ed);
2712 if (ed->ht.h_aliases == NULL) {
2716 /* Itemize aliases */
2717 for (i = 0; ed->ht.h_aliases[i] != NULL; ++i) {
2720 h_name_alias = ed->ht.h_aliases[i];
2722 NWRAP_LOG(NWRAP_LOG_DEBUG, "Add alias: %s", h_name_alias);
2724 if (!nwrap_ed_inventarize(h_name_alias, ed)) {
2725 NWRAP_LOG(NWRAP_LOG_ERROR,
2726 "Unable to add alias: %s", h_name_alias);
2734 static bool nwrap_he_parse_line(struct nwrap_cache *nwrap, char *line)
2736 struct nwrap_he *nwrap_he = (struct nwrap_he *)nwrap->private_data;
2737 bool do_aliases = true;
2738 ssize_t aliases_count = 0;
2746 struct nwrap_entdata *ed = (struct nwrap_entdata *)
2747 malloc(sizeof(struct nwrap_entdata));
2749 NWRAP_LOG(NWRAP_LOG_ERROR,
2750 "Unable to allocate memory for nwrap_entdata");
2761 /* Walk to first char */
2762 for (p = i; *p != '.' && *p != ':' && !isxdigit((int) *p); p++) {
2764 NWRAP_LOG(NWRAP_LOG_ERROR,
2765 "Invalid line[%s]: '%s'",
2772 for (i = p; !isspace((int)*p); p++) {
2774 NWRAP_LOG(NWRAP_LOG_ERROR,
2775 "Invalid line[%s]: '%s'",
2784 if (inet_pton(AF_INET, i, ed->addr.host_addr)) {
2785 ed->ht.h_addrtype = AF_INET;
2786 ed->ht.h_length = 4;
2788 } else if (inet_pton(AF_INET6, i, ed->addr.host_addr)) {
2789 ed->ht.h_addrtype = AF_INET6;
2790 ed->ht.h_length = 16;
2793 NWRAP_LOG(NWRAP_LOG_ERROR,
2794 "Invalid line[%s]: '%s'",
2802 ok = nwrap_vector_add_item(&(ed->nwrap_addrdata),
2803 (void *const)ed->addr.host_addr);
2805 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add addrdata to vector");
2809 ed->ht.h_addr_list = nwrap_vector_head(&ed->nwrap_addrdata);
2817 /* Walk to first char */
2818 for (n = p; *p != '_' && !isalnum((int) *p); p++) {
2820 NWRAP_LOG(NWRAP_LOG_ERROR,
2821 "Invalid line[%s]: '%s'",
2829 for (n = p; !isspace((int)*p); p++) {
2838 /* Convert to lowercase. This operate on same memory region */
2842 /* glib's getent always dereferences he->h_aliases */
2843 ed->ht.h_aliases = malloc(sizeof(char *));
2844 if (ed->ht.h_aliases == NULL) {
2848 ed->ht.h_aliases[0] = NULL;
2853 while (do_aliases) {
2859 /* Walk to first char */
2860 for (a = p; *p != '_' && !isalnum((int) *p); p++) {
2866 /* Only trailing spaces are left */
2871 for (a = p; !isspace((int)*p); p++) {
2880 aliases = realloc(ed->ht.h_aliases, sizeof(char *) * (aliases_count + 2));
2881 if (aliases == NULL) {
2885 ed->ht.h_aliases = aliases;
2888 aliases[aliases_count] = a;
2889 aliases[aliases_count + 1] = NULL;
2894 ok = nwrap_vector_add_item(&(nwrap_he->entries), (void *const)ed);
2896 NWRAP_LOG(NWRAP_LOG_ERROR, "Unable to add entry to vector");
2901 ed->aliases_count = aliases_count;
2902 /* Inventarize item */
2903 ok = nwrap_add_hname(ed);
2908 ok = nwrap_ed_inventarize(ip, ed);
2917 static void nwrap_he_unload(struct nwrap_cache *nwrap)
2919 struct nwrap_he *nwrap_he =
2920 (struct nwrap_he *)nwrap->private_data;
2921 struct nwrap_entdata *ed;
2922 struct nwrap_entlist *el;
2926 nwrap_vector_foreach (ed, nwrap_he->entries, i)
2928 SAFE_FREE(ed->nwrap_addrdata.items);
2929 SAFE_FREE(ed->ht.h_aliases);
2932 SAFE_FREE(nwrap_he->entries.items);
2933 nwrap_he->entries.count = nwrap_he->entries.capacity = 0;
2935 nwrap_vector_foreach(el, nwrap_he->lists, i)
2937 while (el != NULL) {
2938 struct nwrap_entlist *el_next;
2945 SAFE_FREE(nwrap_he->lists.items);
2946 nwrap_he->lists.count = nwrap_he->lists.capacity = 0;
2952 * If we unload the file, the pointers in the hash table point to
2953 * invalid memory. So we need to destroy the hash table and recreate
2957 rc = hcreate(max_hostents);
2959 NWRAP_LOG(NWRAP_LOG_ERROR, "Failed to initialize hash table");
2965 /* user functions */
2966 static struct passwd *nwrap_files_getpwnam(struct nwrap_backend *b,
2972 (void) b; /* unused */
2974 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
2976 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
2978 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
2982 for (i=0; i<nwrap_pw_global.num; i++) {
2983 if (strcmp(nwrap_pw_global.list[i].pw_name, name) == 0) {
2984 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
2985 return &nwrap_pw_global.list[i];
2987 NWRAP_LOG(NWRAP_LOG_DEBUG,
2988 "user[%s] does not match [%s]",
2990 nwrap_pw_global.list[i].pw_name);
2993 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
2999 static int nwrap_files_getpwnam_r(struct nwrap_backend *b,
3000 const char *name, struct passwd *pwdst,
3001 char *buf, size_t buflen, struct passwd **pwdstp)
3005 pw = nwrap_files_getpwnam(b, name);
3013 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3016 static struct passwd *nwrap_files_getpwuid(struct nwrap_backend *b,
3022 (void) b; /* unused */
3024 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3026 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3030 for (i=0; i<nwrap_pw_global.num; i++) {
3031 if (nwrap_pw_global.list[i].pw_uid == uid) {
3032 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] found", uid);
3033 return &nwrap_pw_global.list[i];
3035 NWRAP_LOG(NWRAP_LOG_DEBUG,
3036 "uid[%u] does not match [%u]",
3038 nwrap_pw_global.list[i].pw_uid);
3041 NWRAP_LOG(NWRAP_LOG_DEBUG, "uid[%u] not found\n", uid);
3047 static int nwrap_files_getpwuid_r(struct nwrap_backend *b,
3048 uid_t uid, struct passwd *pwdst,
3049 char *buf, size_t buflen, struct passwd **pwdstp)
3053 pw = nwrap_files_getpwuid(b, uid);
3061 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3064 /* user enum functions */
3065 static void nwrap_files_setpwent(struct nwrap_backend *b)
3067 (void) b; /* unused */
3069 nwrap_pw_global.idx = 0;
3072 static struct passwd *nwrap_files_getpwent(struct nwrap_backend *b)
3076 (void) b; /* unused */
3078 if (nwrap_pw_global.idx == 0) {
3080 ok = nwrap_files_cache_reload(nwrap_pw_global.cache);
3082 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading passwd file");
3087 if (nwrap_pw_global.idx >= nwrap_pw_global.num) {
3092 pw = &nwrap_pw_global.list[nwrap_pw_global.idx++];
3094 NWRAP_LOG(NWRAP_LOG_DEBUG,
3095 "return user[%s] uid[%u]",
3096 pw->pw_name, pw->pw_uid);
3101 static int nwrap_files_getpwent_r(struct nwrap_backend *b,
3102 struct passwd *pwdst, char *buf,
3103 size_t buflen, struct passwd **pwdstp)
3107 pw = nwrap_files_getpwent(b);
3115 return nwrap_pw_copy_r(pw, pwdst, buf, buflen, pwdstp);
3118 static void nwrap_files_endpwent(struct nwrap_backend *b)
3120 (void) b; /* unused */
3122 nwrap_pw_global.idx = 0;
3127 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
3129 #ifdef HAVE_SETSPENT
3130 static void nwrap_files_setspent(void)
3132 nwrap_sp_global.idx = 0;
3135 static struct spwd *nwrap_files_getspent(void)
3139 if (nwrap_sp_global.idx == 0) {
3142 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3144 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3149 if (nwrap_sp_global.idx >= nwrap_sp_global.num) {
3154 sp = &nwrap_sp_global.list[nwrap_sp_global.idx++];
3156 NWRAP_LOG(NWRAP_LOG_DEBUG,
3163 static void nwrap_files_endspent(void)
3165 nwrap_sp_global.idx = 0;
3167 #endif /* HAVE_SETSPENT */
3169 static struct spwd *nwrap_files_getspnam(const char *name)
3174 NWRAP_LOG(NWRAP_LOG_DEBUG, "Lookup user %s in files", name);
3176 ok = nwrap_files_cache_reload(nwrap_sp_global.cache);
3178 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading shadow file");
3182 for (i=0; i<nwrap_sp_global.num; i++) {
3183 if (strcmp(nwrap_sp_global.list[i].sp_namp, name) == 0) {
3184 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] found", name);
3185 return &nwrap_sp_global.list[i];
3187 NWRAP_LOG(NWRAP_LOG_DEBUG,
3188 "user[%s] does not match [%s]",
3190 nwrap_sp_global.list[i].sp_namp);
3193 NWRAP_LOG(NWRAP_LOG_DEBUG, "user[%s] not found\n", name);
3198 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
3200 /* misc functions */
3201 static int nwrap_files_initgroups(struct nwrap_backend *b,
3210 groups = (gid_t *)malloc(size * sizeof(gid_t));
3211 if (groups == NULL) {
3212 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
3218 nwrap_files_setgrent(b);
3219 while ((grp = nwrap_files_getgrent(b)) != NULL) {
3222 NWRAP_LOG(NWRAP_LOG_DEBUG,
3223 "Inspecting %s for group membership",
3226 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
3227 if (group != grp->gr_gid &&
3228 (strcmp(user, grp->gr_mem[i]) == 0)) {
3229 NWRAP_LOG(NWRAP_LOG_DEBUG,
3230 "%s is member of %s",
3234 groups = (gid_t *)realloc(groups,
3235 (size + 1) * sizeof(gid_t));
3236 if (groups == NULL) {
3237 NWRAP_LOG(NWRAP_LOG_ERROR,
3243 groups[size] = grp->gr_gid;
3249 nwrap_files_endgrent(b);
3251 NWRAP_LOG(NWRAP_LOG_DEBUG,
3252 "%s is member of %d groups",
3255 /* This really only works if uid_wrapper is loaded */
3256 rc = setgroups(size, groups);
3263 /* group functions */
3264 static struct group *nwrap_files_getgrnam(struct nwrap_backend *b,
3270 (void) b; /* unused */
3272 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3274 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3278 for (i=0; i<nwrap_gr_global.num; i++) {
3279 if (strcmp(nwrap_gr_global.list[i].gr_name, name) == 0) {
3280 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] found", name);
3281 return &nwrap_gr_global.list[i];
3283 NWRAP_LOG(NWRAP_LOG_DEBUG,
3284 "group[%s] does not match [%s]",
3286 nwrap_gr_global.list[i].gr_name);
3289 NWRAP_LOG(NWRAP_LOG_DEBUG, "group[%s] not found", name);
3295 static int nwrap_files_getgrnam_r(struct nwrap_backend *b,
3296 const char *name, struct group *grdst,
3297 char *buf, size_t buflen, struct group **grdstp)
3301 gr = nwrap_files_getgrnam(b, name);
3309 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3312 static struct group *nwrap_files_getgrgid(struct nwrap_backend *b,
3318 (void) b; /* unused */
3320 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3322 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3326 for (i=0; i<nwrap_gr_global.num; i++) {
3327 if (nwrap_gr_global.list[i].gr_gid == gid) {
3328 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] found", gid);
3329 return &nwrap_gr_global.list[i];
3331 NWRAP_LOG(NWRAP_LOG_DEBUG,
3332 "gid[%u] does not match [%u]",
3334 nwrap_gr_global.list[i].gr_gid);
3337 NWRAP_LOG(NWRAP_LOG_DEBUG, "gid[%u] not found", gid);
3343 static int nwrap_files_getgrgid_r(struct nwrap_backend *b,
3344 gid_t gid, struct group *grdst,
3345 char *buf, size_t buflen, struct group **grdstp)
3349 gr = nwrap_files_getgrgid(b, gid);
3357 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3360 /* group enum functions */
3361 static void nwrap_files_setgrent(struct nwrap_backend *b)
3363 (void) b; /* unused */
3365 nwrap_gr_global.idx = 0;
3368 static struct group *nwrap_files_getgrent(struct nwrap_backend *b)
3372 (void) b; /* unused */
3374 if (nwrap_gr_global.idx == 0) {
3377 ok = nwrap_files_cache_reload(nwrap_gr_global.cache);
3379 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading group file");
3384 if (nwrap_gr_global.idx >= nwrap_gr_global.num) {
3389 gr = &nwrap_gr_global.list[nwrap_gr_global.idx++];
3391 NWRAP_LOG(NWRAP_LOG_DEBUG,
3392 "return group[%s] gid[%u]",
3393 gr->gr_name, gr->gr_gid);
3398 static int nwrap_files_getgrent_r(struct nwrap_backend *b,
3399 struct group *grdst, char *buf,
3400 size_t buflen, struct group **grdstp)
3404 gr = nwrap_files_getgrent(b);
3412 return nwrap_gr_copy_r(gr, grdst, buf, buflen, grdstp);
3415 static void nwrap_files_endgrent(struct nwrap_backend *b)
3417 (void) b; /* unused */
3419 nwrap_gr_global.idx = 0;
3422 /* hosts functions */
3423 static int nwrap_files_gethostbyname(const char *name, int af,
3424 struct hostent *result,
3425 struct nwrap_vector *addr_list)
3427 struct nwrap_entlist *el;
3432 char canon_name[DNS_NAME_MAX] = { 0 };
3434 bool he_found = false;
3437 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3439 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3443 name_len = strlen(name);
3444 if (name_len < sizeof(canon_name) && name[name_len - 1] == '.') {
3445 strncpy(canon_name, name, name_len - 1);
3449 if (!str_tolower_copy(&h_name_lower, name)) {
3450 NWRAP_LOG(NWRAP_LOG_DEBUG,
3451 "Out of memory while converting to lower case");
3455 /* Look at hash table for element */
3456 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3457 e.key = h_name_lower;
3459 e_p = hsearch(e, FIND);
3461 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3462 SAFE_FREE(h_name_lower);
3465 SAFE_FREE(h_name_lower);
3467 /* Always cleanup vector and results */
3468 if (!nwrap_vector_is_initialized(addr_list)) {
3469 if (!nwrap_vector_init(addr_list)) {
3470 NWRAP_LOG(NWRAP_LOG_DEBUG,
3471 "Unable to initialize memory for addr_list vector");
3475 /* When vector is initialized data are valid no more.
3476 * Quick way how to free vector is: */
3477 addr_list->count = 0;
3480 /* Iterate through results */
3481 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3485 /* Filter by address familiy if provided */
3486 if (af != AF_UNSPEC && he->h_addrtype != af) {
3492 * glibc doesn't return ipv6 addresses when AF_UNSPEC is used
3494 if (af == AF_UNSPEC && he->h_addrtype != AF_INET) {
3499 memcpy(result, he, sizeof(struct hostent));
3500 NWRAP_LOG(NWRAP_LOG_DEBUG,
3501 "Name found. Returning record for %s",
3505 nwrap_vector_merge(addr_list, &el->ed->nwrap_addrdata);
3506 result->h_addr_list = nwrap_vector_head(addr_list);
3512 NWRAP_LOG(NWRAP_LOG_DEBUG,
3513 "Name found in database. No records matches type.");
3520 #ifdef HAVE_GETHOSTBYNAME_R
3521 static int nwrap_gethostbyname_r(const char *name,
3522 struct hostent *ret,
3523 char *buf, size_t buflen,
3524 struct hostent **result, int *h_errnop)
3526 struct nwrap_vector *addr_list = malloc(sizeof(struct nwrap_vector));
3529 if (addr_list == NULL) {
3530 NWRAP_LOG(NWRAP_LOG_ERROR,
3531 "Unable to allocate memory for address list");
3536 ZERO_STRUCTP(addr_list);
3538 rc = nwrap_files_gethostbyname(name, AF_UNSPEC, ret, addr_list);
3540 *h_errnop = h_errno;
3541 if (addr_list->items != NULL) {
3542 free(addr_list->items);
3544 SAFE_FREE(addr_list);
3549 if (buflen < (addr_list->count * sizeof(void *))) {
3550 SAFE_FREE(addr_list->items);
3551 SAFE_FREE(addr_list);
3555 /* Copy all to user provided buffer and change
3556 * pointers in returned structure.
3557 * +1 is for ending NULL pointer. */
3558 memcpy(buf, addr_list->items, (addr_list->count + 1) * sizeof(void *));
3560 free(addr_list->items);
3563 ret->h_addr_list = (char **)buf;
3568 int gethostbyname_r(const char *name,
3569 struct hostent *ret,
3570 char *buf, size_t buflen,
3571 struct hostent **result, int *h_errnop)
3573 if (!nss_wrapper_hosts_enabled()) {
3574 return libc_gethostbyname_r(name,
3582 return nwrap_gethostbyname_r(name, ret, buf, buflen, result, h_errnop);
3586 static int nwrap_files_getaddrinfo(const char *name,
3587 unsigned short port,
3588 const struct addrinfo *hints,
3589 struct addrinfo **ai)
3591 struct nwrap_entlist *el;
3593 struct addrinfo *ai_head = NULL;
3594 struct addrinfo *ai_cur = NULL;
3597 char canon_name[DNS_NAME_MAX] = { 0 };
3598 bool skip_canonname = false;
3606 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3608 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3612 name_len = strlen(name);
3613 if (name_len < DNS_NAME_MAX && name[name_len - 1] == '.') {
3614 strncpy(canon_name, name, name_len - 1);
3618 if (!str_tolower_copy(&h_name_lower, name)) {
3619 NWRAP_LOG(NWRAP_LOG_DEBUG,
3620 "Out of memory while converting to lower case");
3624 NWRAP_LOG(NWRAP_LOG_DEBUG, "Searching for name: %s", h_name_lower);
3625 e.key = h_name_lower;
3627 e_p = hsearch(e, FIND);
3629 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name %s not found.", h_name_lower);
3630 SAFE_FREE(h_name_lower);
3634 NWRAP_LOG(NWRAP_LOG_DEBUG, "Name: %s found.", h_name_lower);
3635 SAFE_FREE(h_name_lower);
3638 for (el = (struct nwrap_entlist *)e_p->data; el != NULL; el = el->next)
3641 struct addrinfo *ai_new = NULL;
3645 if (hints->ai_family != AF_UNSPEC &&
3646 he->h_addrtype != hints->ai_family)
3648 NWRAP_LOG(NWRAP_LOG_DEBUG,
3649 "Entry found but with wrong AF - "
3650 "remembering EAI_ADDRINFO.");
3651 rc = EAI_ADDRFAMILY;
3655 /* Function allocates memory and returns it in ai. */
3656 rc2 = nwrap_convert_he_ai(he,
3662 NWRAP_LOG(NWRAP_LOG_ERROR, "Error converting he to ai");
3663 if (ai_head != NULL) {
3664 freeaddrinfo(ai_head);
3668 skip_canonname = true;
3670 if (ai_head == NULL) {
3673 if (ai_cur != NULL) {
3674 ai_cur->ai_next = ai_new;
3679 if (ai_head != NULL) {
3688 static struct hostent *nwrap_files_gethostbyaddr(const void *addr,
3689 socklen_t len, int type)
3692 char ip[NWRAP_INET_ADDRSTRLEN] = {0};
3693 struct nwrap_entdata *ed;
3698 (void) len; /* unused */
3700 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3702 NWRAP_LOG(NWRAP_LOG_ERROR, "error loading hosts file");
3706 a = inet_ntop(type, addr, ip, sizeof(ip));
3712 nwrap_vector_foreach(ed, nwrap_he_global.entries, i)
3715 if (he->h_addrtype != type) {
3719 if (memcmp(addr, he->h_addr_list[0], he->h_length) == 0) {
3728 #ifdef HAVE_GETHOSTBYADDR_R
3729 static int nwrap_gethostbyaddr_r(const void *addr, socklen_t len, int type,
3730 struct hostent *ret,
3731 char *buf, size_t buflen,
3732 struct hostent **result, int *h_errnop)
3734 *result = nwrap_files_gethostbyaddr(addr, len, type);
3735 if (*result != NULL) {
3736 memset(buf, '\0', buflen);
3740 *h_errnop = h_errno;
3745 int gethostbyaddr_r(const void *addr, socklen_t len, int type,
3746 struct hostent *ret,
3747 char *buf, size_t buflen,
3748 struct hostent **result, int *h_errnop)
3750 if (!nss_wrapper_hosts_enabled()) {
3751 return libc_gethostbyaddr_r(addr,
3761 return nwrap_gethostbyaddr_r(addr, len, type, ret, buf, buflen, result, h_errnop);
3765 /* hosts enum functions */
3766 static void nwrap_files_sethostent(void)
3768 nwrap_he_global.idx = 0;
3771 static struct hostent *nwrap_files_gethostent(void)
3775 if (nwrap_he_global.idx == 0) {
3778 ok = nwrap_files_cache_reload(nwrap_he_global.cache);
3780 NWRAP_LOG(NWRAP_LOG_ERROR, "Error loading hosts file");
3785 if (nwrap_he_global.idx >= nwrap_he_global.num) {
3790 he = &((struct nwrap_entdata *)nwrap_he_global.entries.items[nwrap_he_global.idx++])->ht;
3792 NWRAP_LOG(NWRAP_LOG_DEBUG, "return hosts[%s]", he->h_name);
3797 static void nwrap_files_endhostent(void)
3799 nwrap_he_global.idx = 0;
3807 static struct passwd *nwrap_module_getpwnam(struct nwrap_backend *b,
3810 static struct passwd pwd;
3811 static char buf[1000];
3814 if (!b->fns->_nss_getpwnam_r) {
3818 status = b->fns->_nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &errno);
3819 if (status == NSS_STATUS_NOTFOUND) {
3822 if (status != NSS_STATUS_SUCCESS) {
3829 static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
3830 const char *name, struct passwd *pwdst,
3831 char *buf, size_t buflen, struct passwd **pwdstp)
3835 (void) b; /* unused */
3836 (void) pwdst; /* unused */
3837 (void) pwdstp; /* unused */
3839 if (!b->fns->_nss_getpwnam_r) {
3840 return NSS_STATUS_NOTFOUND;
3843 ret = b->fns->_nss_getpwnam_r(name, pwdst, buf, buflen, &errno);
3845 case NSS_STATUS_SUCCESS:
3847 case NSS_STATUS_NOTFOUND:
3852 case NSS_STATUS_TRYAGAIN:
3865 static struct passwd *nwrap_module_getpwuid(struct nwrap_backend *b,
3868 static struct passwd pwd;
3869 static char buf[1000];
3872 if (!b->fns->_nss_getpwuid_r) {
3876 status = b->fns->_nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &errno);
3877 if (status == NSS_STATUS_NOTFOUND) {
3880 if (status != NSS_STATUS_SUCCESS) {
3886 static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
3887 uid_t uid, struct passwd *pwdst,
3888 char *buf, size_t buflen, struct passwd **pwdstp)
3892 (void) pwdstp; /* unused */
3894 if (!b->fns->_nss_getpwuid_r) {
3898 ret = b->fns->_nss_getpwuid_r(uid, pwdst, buf, buflen, &errno);
3900 case NSS_STATUS_SUCCESS:
3902 case NSS_STATUS_NOTFOUND:
3907 case NSS_STATUS_TRYAGAIN:
3920 static void nwrap_module_setpwent(struct nwrap_backend *b)
3922 if (!b->fns->_nss_setpwent) {
3926 b->fns->_nss_setpwent();
3929 static struct passwd *nwrap_module_getpwent(struct nwrap_backend *b)
3931 static struct passwd pwd;
3932 static char buf[1000];
3935 if (!b->fns->_nss_getpwent_r) {
3939 status = b->fns->_nss_getpwent_r(&pwd, buf, sizeof(buf), &errno);
3940 if (status == NSS_STATUS_NOTFOUND) {
3943 if (status != NSS_STATUS_SUCCESS) {
3949 static int nwrap_module_getpwent_r(struct nwrap_backend *b,
3950 struct passwd *pwdst, char *buf,
3951 size_t buflen, struct passwd **pwdstp)
3955 (void) pwdstp; /* unused */
3957 if (!b->fns->_nss_getpwent_r) {
3961 ret = b->fns->_nss_getpwent_r(pwdst, buf, buflen, &errno);
3963 case NSS_STATUS_SUCCESS:
3965 case NSS_STATUS_NOTFOUND:
3970 case NSS_STATUS_TRYAGAIN:
3983 static void nwrap_module_endpwent(struct nwrap_backend *b)
3985 if (!b->fns->_nss_endpwent) {
3989 b->fns->_nss_endpwent();
3992 static int nwrap_module_initgroups(struct nwrap_backend *b,
3993 const char *user, gid_t group)
3999 if (!b->fns->_nss_initgroups) {
4000 return NSS_STATUS_UNAVAIL;
4003 return b->fns->_nss_initgroups(user, group, &start, &size, &groups, 0, &errno);
4006 static struct group *nwrap_module_getgrnam(struct nwrap_backend *b,
4009 static struct group grp;
4011 static int buflen = 1000;
4014 if (!b->fns->_nss_getgrnam_r) {
4019 buf = (char *)malloc(buflen);
4022 status = b->fns->_nss_getgrnam_r(name, &grp, buf, buflen, &errno);
4023 if (status == NSS_STATUS_TRYAGAIN) {
4025 buf = (char *)realloc(buf, buflen);
4031 if (status == NSS_STATUS_NOTFOUND) {
4035 if (status != NSS_STATUS_SUCCESS) {
4042 static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
4043 const char *name, struct group *grdst,
4044 char *buf, size_t buflen, struct group **grdstp)
4048 (void) grdstp; /* unused */
4050 if (!b->fns->_nss_getgrnam_r) {
4054 ret = b->fns->_nss_getgrnam_r(name, grdst, buf, buflen, &errno);
4056 case NSS_STATUS_SUCCESS:
4058 case NSS_STATUS_NOTFOUND:
4063 case NSS_STATUS_TRYAGAIN:
4076 static struct group *nwrap_module_getgrgid(struct nwrap_backend *b,
4079 static struct group grp;
4081 static int buflen = 1000;
4084 if (!b->fns->_nss_getgrgid_r) {
4089 buf = (char *)malloc(buflen);
4093 status = b->fns->_nss_getgrgid_r(gid, &grp, buf, buflen, &errno);
4094 if (status == NSS_STATUS_TRYAGAIN) {
4096 buf = (char *)realloc(buf, buflen);
4102 if (status == NSS_STATUS_NOTFOUND) {
4106 if (status != NSS_STATUS_SUCCESS) {
4113 static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
4114 gid_t gid, struct group *grdst,
4115 char *buf, size_t buflen, struct group **grdstp)
4119 (void) grdstp; /* unused */
4121 if (!b->fns->_nss_getgrgid_r) {
4125 ret = b->fns->_nss_getgrgid_r(gid, grdst, buf, buflen, &errno);
4127 case NSS_STATUS_SUCCESS:
4129 case NSS_STATUS_NOTFOUND:
4134 case NSS_STATUS_TRYAGAIN:
4147 static void nwrap_module_setgrent(struct nwrap_backend *b)
4149 if (!b->fns->_nss_setgrent) {
4153 b->fns->_nss_setgrent();
4156 static struct group *nwrap_module_getgrent(struct nwrap_backend *b)
4158 static struct group grp;
4160 static int buflen = 1024;
4163 if (!b->fns->_nss_getgrent_r) {
4168 buf = (char *)malloc(buflen);
4172 status = b->fns->_nss_getgrent_r(&grp, buf, buflen, &errno);
4173 if (status == NSS_STATUS_TRYAGAIN) {
4175 buf = (char *)realloc(buf, buflen);
4181 if (status == NSS_STATUS_NOTFOUND) {
4185 if (status != NSS_STATUS_SUCCESS) {
4192 static int nwrap_module_getgrent_r(struct nwrap_backend *b,
4193 struct group *grdst, char *buf,
4194 size_t buflen, struct group **grdstp)
4198 (void) grdstp; /* unused */
4200 if (!b->fns->_nss_getgrent_r) {
4204 ret = b->fns->_nss_getgrent_r(grdst, buf, buflen, &errno);
4206 case NSS_STATUS_SUCCESS:
4208 case NSS_STATUS_NOTFOUND:
4213 case NSS_STATUS_TRYAGAIN:
4226 static void nwrap_module_endgrent(struct nwrap_backend *b)
4228 if (!b->fns->_nss_endgrent) {
4232 b->fns->_nss_endgrent();
4235 /****************************************************************************
4237 ***************************************************************************/
4239 static struct passwd *nwrap_getpwnam(const char *name)
4244 for (i=0; i < nwrap_main_global->num_backends; i++) {
4245 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4246 pwd = b->ops->nw_getpwnam(b, name);
4255 struct passwd *getpwnam(const char *name)
4257 if (!nss_wrapper_enabled()) {
4258 return libc_getpwnam(name);
4261 return nwrap_getpwnam(name);
4264 /****************************************************************************
4266 ***************************************************************************/
4268 static int nwrap_getpwnam_r(const char *name, struct passwd *pwdst,
4269 char *buf, size_t buflen, struct passwd **pwdstp)
4273 for (i=0; i < nwrap_main_global->num_backends; i++) {
4274 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4275 ret = b->ops->nw_getpwnam_r(b, name, pwdst, buf, buflen, pwdstp);
4276 if (ret == ENOENT) {
4285 #ifdef HAVE_GETPWNAM_R
4286 # ifdef HAVE_SOLARIS_GETPWNAM_R
4287 int getpwnam_r(const char *name, struct passwd *pwdst,
4288 char *buf, int buflen, struct passwd **pwdstp)
4289 # else /* HAVE_SOLARIS_GETPWNAM_R */
4290 int getpwnam_r(const char *name, struct passwd *pwdst,
4291 char *buf, size_t buflen, struct passwd **pwdstp)
4292 # endif /* HAVE_SOLARIS_GETPWNAM_R */
4294 if (!nss_wrapper_enabled()) {
4295 return libc_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
4298 return nwrap_getpwnam_r(name, pwdst, buf, buflen, pwdstp);
4302 /****************************************************************************
4304 ***************************************************************************/
4306 static struct passwd *nwrap_getpwuid(uid_t uid)
4311 for (i=0; i < nwrap_main_global->num_backends; i++) {
4312 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4313 pwd = b->ops->nw_getpwuid(b, uid);
4322 struct passwd *getpwuid(uid_t uid)
4324 if (!nss_wrapper_enabled()) {
4325 return libc_getpwuid(uid);
4328 return nwrap_getpwuid(uid);
4331 /****************************************************************************
4333 ***************************************************************************/
4335 static int nwrap_getpwuid_r(uid_t uid, struct passwd *pwdst,
4336 char *buf, size_t buflen, struct passwd **pwdstp)
4340 for (i=0; i < nwrap_main_global->num_backends; i++) {
4341 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4342 ret = b->ops->nw_getpwuid_r(b, uid, pwdst, buf, buflen, pwdstp);
4343 if (ret == ENOENT) {
4352 #ifdef HAVE_SOLARIS_GETPWUID_R
4353 int getpwuid_r(uid_t uid, struct passwd *pwdst,
4354 char *buf, int buflen, struct passwd **pwdstp)
4356 int getpwuid_r(uid_t uid, struct passwd *pwdst,
4357 char *buf, size_t buflen, struct passwd **pwdstp)
4360 if (!nss_wrapper_enabled()) {
4361 return libc_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
4364 return nwrap_getpwuid_r(uid, pwdst, buf, buflen, pwdstp);
4367 /****************************************************************************
4369 ***************************************************************************/
4371 static void nwrap_setpwent(void)
4375 for (i=0; i < nwrap_main_global->num_backends; i++) {
4376 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4377 b->ops->nw_setpwent(b);
4383 if (!nss_wrapper_enabled()) {
4391 /****************************************************************************
4393 ***************************************************************************/
4395 static struct passwd *nwrap_getpwent(void)
4400 for (i=0; i < nwrap_main_global->num_backends; i++) {
4401 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4402 pwd = b->ops->nw_getpwent(b);
4411 struct passwd *getpwent(void)
4413 if (!nss_wrapper_enabled()) {
4414 return libc_getpwent();
4417 return nwrap_getpwent();
4420 /****************************************************************************
4422 ***************************************************************************/
4424 static int nwrap_getpwent_r(struct passwd *pwdst, char *buf,
4425 size_t buflen, struct passwd **pwdstp)
4429 for (i=0; i < nwrap_main_global->num_backends; i++) {
4430 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4431 ret = b->ops->nw_getpwent_r(b, pwdst, buf, buflen, pwdstp);
4432 if (ret == ENOENT) {
4441 #ifdef HAVE_SOLARIS_GETPWENT_R
4442 struct passwd *getpwent_r(struct passwd *pwdst, char *buf, int buflen)
4444 struct passwd *pwdstp = NULL;
4447 if (!nss_wrapper_enabled()) {
4448 return libc_getpwent_r(pwdst, buf, buflen);
4450 rc = nwrap_getpwent_r(pwdst, buf, buflen, &pwdstp);
4457 #else /* HAVE_SOLARIS_GETPWENT_R */
4458 int getpwent_r(struct passwd *pwdst, char *buf,
4459 size_t buflen, struct passwd **pwdstp)
4461 if (!nss_wrapper_enabled()) {
4462 return libc_getpwent_r(pwdst, buf, buflen, pwdstp);
4465 return nwrap_getpwent_r(pwdst, buf, buflen, pwdstp);
4467 #endif /* HAVE_SOLARIS_GETPWENT_R */
4469 /****************************************************************************
4471 ***************************************************************************/
4473 static void nwrap_endpwent(void)
4477 for (i=0; i < nwrap_main_global->num_backends; i++) {
4478 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4479 b->ops->nw_endpwent(b);
4485 if (!nss_wrapper_enabled()) {
4493 /****************************************************************************
4495 ***************************************************************************/
4497 static int nwrap_initgroups(const char *user, gid_t group)
4501 for (i=0; i < nwrap_main_global->num_backends; i++) {
4502 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4505 rc = b->ops->nw_initgroups(b, user, group);
4515 int initgroups(const char *user, gid_t group)
4517 if (!nss_wrapper_enabled()) {
4518 return libc_initgroups(user, group);
4521 return nwrap_initgroups(user, group);
4524 /****************************************************************************
4526 ***************************************************************************/
4528 static struct group *nwrap_getgrnam(const char *name)
4533 for (i=0; i < nwrap_main_global->num_backends; i++) {
4534 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4535 grp = b->ops->nw_getgrnam(b, name);
4544 struct group *getgrnam(const char *name)
4546 if (!nss_wrapper_enabled()) {
4547 return libc_getgrnam(name);
4550 return nwrap_getgrnam(name);
4553 /****************************************************************************
4555 ***************************************************************************/
4557 static int nwrap_getgrnam_r(const char *name, struct group *grdst,
4558 char *buf, size_t buflen, struct group **grdstp)
4562 for (i=0; i < nwrap_main_global->num_backends; i++) {
4563 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4564 ret = b->ops->nw_getgrnam_r(b, name, grdst, buf, buflen, grdstp);
4565 if (ret == ENOENT) {
4574 #ifdef HAVE_GETGRNAM_R
4575 # ifdef HAVE_SOLARIS_GETGRNAM_R
4576 int getgrnam_r(const char *name, struct group *grp,
4577 char *buf, int buflen, struct group **pgrp)
4578 # else /* HAVE_SOLARIS_GETGRNAM_R */
4579 int getgrnam_r(const char *name, struct group *grp,
4580 char *buf, size_t buflen, struct group **pgrp)
4581 # endif /* HAVE_SOLARIS_GETGRNAM_R */
4583 if (!nss_wrapper_enabled()) {
4584 return libc_getgrnam_r(name,
4591 return nwrap_getgrnam_r(name, grp, buf, buflen, pgrp);
4593 #endif /* HAVE_GETGRNAM_R */
4595 /****************************************************************************
4597 ***************************************************************************/
4599 static struct group *nwrap_getgrgid(gid_t gid)
4604 for (i=0; i < nwrap_main_global->num_backends; i++) {
4605 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4606 grp = b->ops->nw_getgrgid(b, gid);
4615 struct group *getgrgid(gid_t gid)
4617 if (!nss_wrapper_enabled()) {
4618 return libc_getgrgid(gid);
4621 return nwrap_getgrgid(gid);
4624 /****************************************************************************
4626 ***************************************************************************/
4628 static int nwrap_getgrgid_r(gid_t gid, struct group *grdst,
4629 char *buf, size_t buflen, struct group **grdstp)
4633 for (i=0; i < nwrap_main_global->num_backends; i++) {
4634 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4635 ret = b->ops->nw_getgrgid_r(b, gid, grdst, buf, buflen, grdstp);
4636 if (ret == ENOENT) {
4645 #ifdef HAVE_GETGRGID_R
4646 # ifdef HAVE_SOLARIS_GETGRGID_R
4647 int getgrgid_r(gid_t gid, struct group *grdst,
4648 char *buf, int buflen, struct group **grdstp)
4649 # else /* HAVE_SOLARIS_GETGRGID_R */
4650 int getgrgid_r(gid_t gid, struct group *grdst,
4651 char *buf, size_t buflen, struct group **grdstp)
4652 # endif /* HAVE_SOLARIS_GETGRGID_R */
4654 if (!nss_wrapper_enabled()) {
4655 return libc_getgrgid_r(gid, grdst, buf, buflen, grdstp);
4658 return nwrap_getgrgid_r(gid, grdst, buf, buflen, grdstp);
4662 /****************************************************************************
4664 ***************************************************************************/
4666 static void nwrap_setgrent(void)
4670 for (i=0; i < nwrap_main_global->num_backends; i++) {
4671 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4672 b->ops->nw_setgrent(b);
4676 #ifdef HAVE_BSD_SETGRENT
4682 if (!nss_wrapper_enabled()) {
4690 #ifdef HAVE_BSD_SETGRENT
4697 /****************************************************************************
4699 ***************************************************************************/
4701 static struct group *nwrap_getgrent(void)
4706 for (i=0; i < nwrap_main_global->num_backends; i++) {
4707 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4708 grp = b->ops->nw_getgrent(b);
4717 struct group *getgrent(void)
4719 if (!nss_wrapper_enabled()) {
4720 return libc_getgrent();
4723 return nwrap_getgrent();
4726 /****************************************************************************
4728 ***************************************************************************/
4730 static int nwrap_getgrent_r(struct group *grdst, char *buf,
4731 size_t buflen, struct group **grdstp)
4735 for (i=0; i < nwrap_main_global->num_backends; i++) {
4736 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4737 ret = b->ops->nw_getgrent_r(b, grdst, buf, buflen, grdstp);
4738 if (ret == ENOENT) {
4747 #ifdef HAVE_SOLARIS_GETGRENT_R
4748 struct group *getgrent_r(struct group *src, char *buf, int buflen)
4750 struct group *grdstp = NULL;
4753 if (!nss_wrapper_enabled()) {
4754 return libc_getgrent_r(src, buf, buflen);
4757 rc = nwrap_getgrent_r(src, buf, buflen, &grdstp);
4764 #else /* HAVE_SOLARIS_GETGRENT_R */
4765 int getgrent_r(struct group *src, char *buf,
4766 size_t buflen, struct group **grdstp)
4768 if (!nss_wrapper_enabled()) {
4769 return libc_getgrent_r(src, buf, buflen, grdstp);
4772 return nwrap_getgrent_r(src, buf, buflen, grdstp);
4774 #endif /* HAVE_SOLARIS_GETGRENT_R */
4776 /****************************************************************************
4778 ***************************************************************************/
4780 static void nwrap_endgrent(void)
4784 for (i=0; i < nwrap_main_global->num_backends; i++) {
4785 struct nwrap_backend *b = &nwrap_main_global->backends[i];
4786 b->ops->nw_endgrent(b);
4792 if (!nss_wrapper_enabled()) {
4800 /****************************************************************************
4802 ***************************************************************************/
4804 #ifdef HAVE_GETGROUPLIST
4805 static int nwrap_getgrouplist(const char *user, gid_t group,
4806 gid_t *groups, int *ngroups)
4812 NWRAP_LOG(NWRAP_LOG_DEBUG, "getgrouplist called for %s", user);
4814 groups_tmp = (gid_t *)malloc(count * sizeof(gid_t));
4816 NWRAP_LOG(NWRAP_LOG_ERROR, "Out of memory");
4820 groups_tmp[0] = group;
4823 while ((grp = nwrap_getgrent()) != NULL) {
4826 NWRAP_LOG(NWRAP_LOG_DEBUG,
4827 "Inspecting %s for group membership",
4830 for (i=0; grp->gr_mem && grp->gr_mem[i] != NULL; i++) {
4832 if (group != grp->gr_gid &&
4833 (strcmp(user, grp->gr_mem[i]) == 0)) {
4835 NWRAP_LOG(NWRAP_LOG_DEBUG,
4836 "%s is member of %s",
4840 groups_tmp = (gid_t *)realloc(groups_tmp, (count + 1) * sizeof(gid_t));
4842 NWRAP_LOG(NWRAP_LOG_ERROR,
4847 groups_tmp[count] = grp->gr_gid;
4856 NWRAP_LOG(NWRAP_LOG_DEBUG,
4857 "%s is member of %d groups",
4860 if (*ngroups < count) {
4867 memcpy(groups, groups_tmp, count * sizeof(gid_t));
4873 int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups)
4875 if (!nss_wrapper_enabled()) {
4876 return libc_getgrouplist(user, group, groups, ngroups);
4879 return nwrap_getgrouplist(user, group, groups, ngroups);
4883 /**********************************************************
4885 **********************************************************/
4887 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
4889 #ifdef HAVE_SETSPENT
4890 static void nwrap_setspent(void)
4892 nwrap_files_setspent();
4897 if (!nss_wrapper_shadow_enabled()) {
4904 static struct spwd *nwrap_getspent(void)
4906 return nwrap_files_getspent();
4909 struct spwd *getspent(void)
4911 if (!nss_wrapper_shadow_enabled()) {
4915 return nwrap_getspent();
4918 static void nwrap_endspent(void)
4920 nwrap_files_endspent();
4925 if (!nss_wrapper_shadow_enabled()) {
4931 #endif /* HAVE_SETSPENT */
4933 static struct spwd *nwrap_getspnam(const char *name)
4935 return nwrap_files_getspnam(name);
4938 struct spwd *getspnam(const char *name)
4940 if (!nss_wrapper_shadow_enabled()) {
4944 return nwrap_getspnam(name);
4947 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
4949 /**********************************************************
4951 **********************************************************/
4953 static void nwrap_sethostent(int stayopen) {
4954 (void) stayopen; /* ignored */
4956 nwrap_files_sethostent();
4959 #ifdef HAVE_SOLARIS_SETHOSTENT
4960 int sethostent(int stayopen)
4962 if (!nss_wrapper_hosts_enabled()) {
4963 libc_sethostent(stayopen);
4967 nwrap_sethostent(stayopen);
4971 #else /* HAVE_SOLARIS_SETHOSTENT */
4972 void sethostent(int stayopen)
4974 if (!nss_wrapper_hosts_enabled()) {
4975 libc_sethostent(stayopen);
4979 nwrap_sethostent(stayopen);
4981 #endif /* HAVE_SOLARIS_SETHOSTENT */
4983 static struct hostent *nwrap_gethostent(void)
4985 return nwrap_files_gethostent();
4988 struct hostent *gethostent(void) {
4989 if (!nss_wrapper_hosts_enabled()) {
4990 return libc_gethostent();
4993 return nwrap_gethostent();
4996 static void nwrap_endhostent(void) {
4997 nwrap_files_endhostent();
5000 #ifdef HAVE_SOLARIS_ENDHOSTENT
5001 int endhostent(void)
5003 if (!nss_wrapper_hosts_enabled()) {
5012 #else /* HAVE_SOLARIS_ENDHOSTENT */
5013 void endhostent(void)
5015 if (!nss_wrapper_hosts_enabled()) {
5022 #endif /* HAVE_SOLARIS_ENDHOSTENT */
5025 /* BSD implementation stores data in thread local storage but GLIBC does not */
5026 static __thread struct hostent user_he;
5027 static __thread struct nwrap_vector user_addrlist;
5029 static struct hostent user_he;
5030 static struct nwrap_vector user_addrlist;
5032 static struct hostent *nwrap_gethostbyname(const char *name)
5034 if (nwrap_files_gethostbyname(name, AF_UNSPEC, &user_he, &user_addrlist) == -1) {
5040 struct hostent *gethostbyname(const char *name)
5042 if (!nss_wrapper_hosts_enabled()) {
5043 return libc_gethostbyname(name);
5046 return nwrap_gethostbyname(name);
5049 /* This is a GNU extension - Also can be found on BSD systems */
5050 #ifdef HAVE_GETHOSTBYNAME2
5052 /* BSD implementation stores data in thread local storage but GLIBC not */
5053 static __thread struct hostent user_he2;
5054 static __thread struct nwrap_vector user_addrlist2;
5056 static struct hostent user_he2;
5057 static struct nwrap_vector user_addrlist2;
5059 static struct hostent *nwrap_gethostbyname2(const char *name, int af)
5061 if (nwrap_files_gethostbyname(name, af, &user_he2, &user_addrlist2) == -1) {
5067 struct hostent *gethostbyname2(const char *name, int af)
5069 if (!nss_wrapper_hosts_enabled()) {
5070 return libc_gethostbyname2(name, af);
5073 return nwrap_gethostbyname2(name, af);
5077 static struct hostent *nwrap_gethostbyaddr(const void *addr,
5078 socklen_t len, int type)
5080 return nwrap_files_gethostbyaddr(addr, len, type);
5083 struct hostent *gethostbyaddr(const void *addr,
5084 socklen_t len, int type)
5086 if (!nss_wrapper_hosts_enabled()) {
5087 return libc_gethostbyaddr(addr, len, type);
5090 return nwrap_gethostbyaddr(addr, len, type);
5093 static const struct addrinfo default_hints =
5095 .ai_flags = AI_ADDRCONFIG|AI_V4MAPPED,
5096 .ai_family = AF_UNSPEC,
5101 .ai_canonname = NULL,
5105 static int nwrap_convert_he_ai(const struct hostent *he,
5106 unsigned short port,
5107 const struct addrinfo *hints,
5108 struct addrinfo **pai,
5109 bool skip_canonname)
5111 struct addrinfo *ai;
5118 switch (he->h_addrtype) {
5120 socklen = sizeof(struct sockaddr_in);
5124 socklen = sizeof(struct sockaddr_in6);
5131 ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + socklen);
5136 ai->ai_flags = hints->ai_flags;
5137 ai->ai_family = he->h_addrtype;
5138 ai->ai_socktype = hints->ai_socktype;
5139 ai->ai_protocol = hints->ai_protocol;
5140 ai->ai_canonname = NULL;
5142 if (ai->ai_socktype == 0) {
5143 ai->ai_socktype = SOCK_DGRAM;
5145 if (ai->ai_protocol == 0) {
5146 if (ai->ai_socktype == SOCK_DGRAM) {
5147 ai->ai_protocol = IPPROTO_UDP;
5148 } else if (ai->ai_socktype == SOCK_STREAM) {
5149 ai->ai_protocol = IPPROTO_TCP;
5153 ai->ai_addrlen = socklen;
5154 ai->ai_addr = (void *)(ai + 1);
5156 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
5157 ai->ai_addr->sa_len = socklen;
5159 ai->ai_addr->sa_family = he->h_addrtype;
5161 switch (he->h_addrtype) {
5164 struct sockaddr_in *sinp =
5165 (struct sockaddr_in *) ai->ai_addr;
5167 memset(sinp, 0, sizeof(struct sockaddr_in));
5169 sinp->sin_port = htons(port);
5170 sinp->sin_family = AF_INET;
5172 memset (sinp->sin_zero, '\0', sizeof (sinp->sin_zero));
5173 memcpy(&sinp->sin_addr, he->h_addr_list[0], he->h_length);
5180 struct sockaddr_in6 *sin6p =
5181 (struct sockaddr_in6 *) ai->ai_addr;
5183 memset(sin6p, 0, sizeof(struct sockaddr_in6));
5185 sin6p->sin6_port = htons(port);
5186 sin6p->sin6_family = AF_INET6;
5188 memcpy(&sin6p->sin6_addr,
5198 if (he->h_name && !skip_canonname) {
5199 ai->ai_canonname = strdup(he->h_name);
5200 if (ai->ai_canonname == NULL) {
5210 static int nwrap_getaddrinfo(const char *node,
5211 const char *service,
5212 const struct addrinfo *hints,
5213 struct addrinfo **res)
5215 struct addrinfo *ai = NULL;
5216 unsigned short port = 0;
5226 .family = AF_UNSPEC,
5230 if (node == NULL && service == NULL) {
5234 if (hints == NULL) {
5235 hints = &default_hints;
5239 hints.ai_flags contains invalid flags; or, hints.ai_flags
5240 included AI_CANONNAME and name was NULL.
5242 if ((hints->ai_flags & AI_CANONNAME) && (node == NULL)) {
5243 return EAI_BADFLAGS;
5246 /* If no node has been specified, let glibc deal with it */
5249 struct addrinfo *p = NULL;
5251 ret = libc_getaddrinfo(node, service, hints, &p);
5259 if (service != NULL && service[0] != '\0') {
5260 const char *proto = NULL;
5266 sl = strtol(service, &end_ptr, 10);
5268 if (*end_ptr == '\0') {
5271 } else if (hints->ai_flags & AI_NUMERICSERV) {
5275 if (hints->ai_protocol != 0) {
5276 struct protoent *pent;
5278 pent = getprotobynumber(hints->ai_protocol);
5280 proto = pent->p_name;
5284 s = getservbyname(service, proto);
5288 port = ntohs(s->s_port);
5293 rc = inet_pton(AF_INET, node, &addr.in.v4);
5295 addr.family = AF_INET;
5298 if (addr.family == AF_UNSPEC) {
5299 rc = inet_pton(AF_INET6, node, &addr.in.v6);
5301 addr.family = AF_INET6;
5306 if (addr.family == AF_UNSPEC) {
5307 if (hints->ai_flags & AI_NUMERICHOST) {
5310 } else if ((hints->ai_family != AF_UNSPEC) &&
5311 (hints->ai_family != addr.family))
5313 return EAI_ADDRFAMILY;
5316 rc = nwrap_files_getaddrinfo(node, port, hints, &ai);
5319 struct addrinfo *p = NULL;
5321 ret = libc_getaddrinfo(node, service, hints, &p);
5325 * nwrap_files_getaddrinfo failed, but libc was
5326 * successful -- use the result from libc.
5336 * If the socktype was not specified, duplicate
5337 * each ai returned, so that we have variants for
5340 if (hints->ai_socktype == 0) {
5341 struct addrinfo *ai_cur;
5343 /* freeaddrinfo() frees ai_canonname and ai so allocate them */
5344 for (ai_cur = ai; ai_cur != NULL; ai_cur = ai_cur->ai_next) {
5345 struct addrinfo *ai_new;
5347 /* duplicate the current entry */
5349 ai_new = malloc(sizeof(struct addrinfo));
5350 if (ai_new == NULL) {
5355 memcpy(ai_new, ai_cur, sizeof(struct addrinfo));
5356 ai_new->ai_next = NULL;
5358 /* We need a deep copy or freeaddrinfo() will blow up */
5359 if (ai_cur->ai_canonname != NULL) {
5360 ai_new->ai_canonname =
5361 strdup(ai_cur->ai_canonname);
5364 if (ai_cur->ai_socktype == SOCK_DGRAM) {
5365 ai_new->ai_socktype = SOCK_STREAM;
5366 } else if (ai_cur->ai_socktype == SOCK_STREAM) {
5367 ai_new->ai_socktype = SOCK_DGRAM;
5369 if (ai_cur->ai_protocol == IPPROTO_TCP) {
5370 ai_new->ai_protocol = IPPROTO_UDP;
5371 } else if (ai_cur->ai_protocol == IPPROTO_UDP) {
5372 ai_new->ai_protocol = IPPROTO_TCP;
5375 /* now insert the new entry */
5377 ai_new->ai_next = ai_cur->ai_next;
5378 ai_cur->ai_next = ai_new;
5380 /* and move on (don't duplicate the new entry) */
5391 int getaddrinfo(const char *node, const char *service,
5392 const struct addrinfo *hints,
5393 struct addrinfo **res)
5395 if (!nss_wrapper_hosts_enabled()) {
5396 return libc_getaddrinfo(node, service, hints, res);
5399 return nwrap_getaddrinfo(node, service, hints, res);
5402 static int nwrap_getnameinfo(const struct sockaddr *sa, socklen_t salen,
5403 char *host, size_t hostlen,
5404 char *serv, size_t servlen,
5408 struct servent *service;
5415 if (sa == NULL || salen < sizeof(sa_family_t)) {
5419 if ((flags & NI_NAMEREQD) && host == NULL && serv == NULL) {
5423 type = sa->sa_family;
5426 if (salen < sizeof(struct sockaddr_in))
5428 addr = &((const struct sockaddr_in *)sa)->sin_addr;
5429 addrlen = sizeof(((const struct sockaddr_in *)sa)->sin_addr);
5430 port = ntohs(((const struct sockaddr_in *)sa)->sin_port);
5434 if (salen < sizeof(struct sockaddr_in6))
5436 addr = &((const struct sockaddr_in6 *)sa)->sin6_addr;
5437 addrlen = sizeof(((const struct sockaddr_in6 *)sa)->sin6_addr);
5438 port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port);
5447 if ((flags & NI_NUMERICHOST) == 0) {
5448 he = nwrap_files_gethostbyaddr(addr, addrlen, type);
5449 if ((flags & NI_NAMEREQD) && (he == NULL || he->h_name == NULL))
5452 if (he != NULL && he->h_name != NULL) {
5453 if (strlen(he->h_name) >= hostlen)
5454 return EAI_OVERFLOW;
5455 snprintf(host, hostlen, "%s", he->h_name);
5456 if (flags & NI_NOFQDN)
5457 host[strcspn(host, ".")] = '\0';
5459 if (inet_ntop(type, addr, host, hostlen) == NULL)
5460 return (errno == ENOSPC) ? EAI_OVERFLOW : EAI_FAIL;
5466 if ((flags & NI_NUMERICSERV) == 0) {
5467 proto = (flags & NI_DGRAM) ? "udp" : "tcp";
5468 service = getservbyport(htons(port), proto);
5470 if (service != NULL) {
5471 if (strlen(service->s_name) >= servlen)
5472 return EAI_OVERFLOW;
5473 snprintf(serv, servlen, "%s", service->s_name);
5475 if (snprintf(serv, servlen, "%u", port) >= (int) servlen)
5476 return EAI_OVERFLOW;
5483 #ifdef HAVE_LINUX_GETNAMEINFO
5484 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5485 char *host, socklen_t hostlen,
5486 char *serv, socklen_t servlen,
5488 #elif defined(HAVE_LINUX_GETNAMEINFO_UNSIGNED)
5489 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5490 char *host, socklen_t hostlen,
5491 char *serv, socklen_t servlen,
5494 int getnameinfo(const struct sockaddr *sa, socklen_t salen,
5495 char *host, size_t hostlen,
5496 char *serv, size_t servlen,
5500 if (!nss_wrapper_hosts_enabled()) {
5501 return libc_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
5504 return nwrap_getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
5507 static int nwrap_gethostname(char *name, size_t len)
5509 const char *hostname = getenv("NSS_WRAPPER_HOSTNAME");
5511 if (strlen(hostname) >= len) {
5512 errno = ENAMETOOLONG;
5515 snprintf(name, len, "%s", hostname);
5520 #ifdef HAVE_SOLARIS_GETHOSTNAME
5521 int gethostname(char *name, int len)
5522 #else /* HAVE_SOLARIS_GETHOSTNAME */
5523 int gethostname(char *name, size_t len)
5524 #endif /* HAVE_SOLARIS_GETHOSTNAME */
5526 if (!nwrap_hostname_enabled()) {
5527 return libc_gethostname(name, len);
5530 return nwrap_gethostname(name, len);
5533 /****************************
5535 ***************************/
5538 * This function is called when the library is unloaded and makes sure that
5539 * sockets get closed and the unix file for the socket are unlinked.
5541 void nwrap_destructor(void)
5546 if (nwrap_main_global != NULL) {
5547 struct nwrap_main *m = nwrap_main_global;
5550 SAFE_FREE(m->libc->fns);
5551 if (m->libc->handle != NULL) {
5552 dlclose(m->libc->handle);
5554 if (m->libc->nsl_handle != NULL) {
5555 dlclose(m->libc->nsl_handle);
5557 if (m->libc->sock_handle != NULL) {
5558 dlclose(m->libc->sock_handle);
5563 for (i = 0; i < m->num_backends; i++) {
5564 struct nwrap_backend *b = &(m->backends[i]);
5566 if (b->so_handle != NULL) {
5567 dlclose(b->so_handle);
5571 SAFE_FREE(m->backends);
5574 if (nwrap_pw_global.cache != NULL) {
5575 struct nwrap_cache *c = nwrap_pw_global.cache;
5577 nwrap_files_cache_unload(c);
5583 SAFE_FREE(nwrap_pw_global.list);
5584 nwrap_pw_global.num = 0;
5587 if (nwrap_gr_global.cache != NULL) {
5588 struct nwrap_cache *c = nwrap_gr_global.cache;
5590 nwrap_files_cache_unload(c);
5596 SAFE_FREE(nwrap_gr_global.list);
5597 nwrap_pw_global.num = 0;
5600 #if defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM)
5601 if (nwrap_sp_global.cache != NULL) {
5602 struct nwrap_cache *c = nwrap_sp_global.cache;
5604 nwrap_files_cache_unload(c);
5610 nwrap_sp_global.num = 0;
5612 #endif /* defined(HAVE_SHADOW_H) && defined(HAVE_GETSPNAM) */
5614 if (nwrap_he_global.cache != NULL) {
5615 struct nwrap_cache *c = nwrap_he_global.cache;
5617 nwrap_files_cache_unload(c);
5623 nwrap_he_global.num = 0;
5626 free(user_addrlist.items);
5627 #ifdef HAVE_GETHOSTBYNAME2
5628 free(user_addrlist2.items);