aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDJ Delorie <dj@redhat.com>2021-02-15 21:34:23 -0500
committerDJ Delorie <dj@redhat.com>2021-03-09 14:34:50 -0500
commit9b456c5da968ee832ea4b2b73a18a5bf6d2118a6 (patch)
treee0f9e838dd5862499207e16cf6e8b3d15d49d374 /nss/nss_test1.c
parentNEWS: Add entry for CVE-2021-27645 (diff)
downloadglibc-9b456c5da968ee832ea4b2b73a18a5bf6d2118a6.tar.gz
glibc-9b456c5da968ee832ea4b2b73a18a5bf6d2118a6.tar.bz2
glibc-9b456c5da968ee832ea4b2b73a18a5bf6d2118a6.zip
nss: fix nss_database_lookup2's alternate handling [BZ #27416]
__nss_database_lookup2's extra arguments were left unused in the nsswitch reloading patch set; this broke compat (default config ignored) and shadow files (secondary name ignored) which relies on these fallbacks. This patch adds in the previous behavior by correcting the initialization of the database list to reflect the fallbacks. This means that the nss_database_lookup2 interface no longer needs to be passed the fallback info, so API and callers were adjusted. Since all callers needed to be edited anyway, the calls were changed from __nss_database_lookup2 to the faster __nss_database_get. This was an intended optimization which was deferred during the initial lookup changes to avoid touching so many files. The test case verifies that compat targets work (passwd) and that the default configuration works (group). Tested on x86-64.
Diffstat (limited to 'nss/nss_test1.c')
-rw-r--r--nss/nss_test1.c93
1 files changed, 93 insertions, 0 deletions
diff --git a/nss/nss_test1.c b/nss/nss_test1.c
index f73c7a6cd8..f8d81831ee 100644
--- a/nss/nss_test1.c
+++ b/nss/nss_test1.c
@@ -66,6 +66,9 @@ static int npwd_data = default_npwd_data;
static struct group *grp_data = NULL;
static int ngrp_data = 0;
+static struct spwd *spwd_data = NULL;
+static int nspwd_data = 0;
+
static struct hostent *host_data = NULL;
static int nhost_data = 0;
@@ -102,6 +105,13 @@ init(void)
;
ngrp_data = i;
}
+ if (t.spwd_table)
+ {
+ spwd_data = t.spwd_table;
+ for (i=0; ! SPWD_ISLAST(& spwd_data[i]); i++)
+ ;
+ nspwd_data = i;
+ }
if (t.host_table)
{
host_data = t.host_table;
@@ -324,6 +334,89 @@ NAME(getgrnam_r) (const char *name, struct group *result, char *buffer,
}
/* -------------------------------------------------- */
+/* Shadow password handling. */
+
+static size_t spwd_iter;
+#define CURSPWD spwd_data[spwd_iter]
+
+static pthread_mutex_t spwd_lock = PTHREAD_MUTEX_INITIALIZER;
+
+enum nss_status
+NAME(setspent) (int stayopen)
+{
+ init();
+ spwd_iter = 0;
+ return NSS_STATUS_SUCCESS;
+}
+
+
+enum nss_status
+NAME(endspwent) (void)
+{
+ init();
+ return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status
+copy_shadow (struct spwd *result, struct spwd *local,
+ char *buffer, size_t buflen, int *errnop)
+{
+ struct alloc_buffer buf = alloc_buffer_create (buffer, buflen);
+
+ result->sp_namp = alloc_buffer_maybe_copy_string (&buf, local->sp_namp);
+ result->sp_pwdp = alloc_buffer_maybe_copy_string (&buf, local->sp_pwdp);
+ result->sp_lstchg = local->sp_lstchg;
+ result->sp_min = local->sp_min;
+ result->sp_max = local->sp_max;
+ result->sp_warn = local->sp_warn;
+ result->sp_inact = local->sp_inact;
+ result->sp_expire = local->sp_expire;
+ result->sp_flag = local->sp_flag;
+
+ if (alloc_buffer_has_failed (&buf))
+ {
+ *errnop = ERANGE;
+ return NSS_STATUS_TRYAGAIN;
+ }
+
+ return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status
+NAME(getspent_r) (struct spwd *result, char *buffer, size_t buflen,
+ int *errnop)
+{
+ int res = NSS_STATUS_SUCCESS;
+
+ init();
+ pthread_mutex_lock (&spwd_lock);
+
+ if (spwd_iter >= nspwd_data)
+ res = NSS_STATUS_NOTFOUND;
+ else
+ {
+ res = copy_shadow (result, &CURSPWD, buffer, buflen, errnop);
+ ++spwd_iter;
+ }
+
+ pthread_mutex_unlock (&spwd_lock);
+
+ return res;
+}
+
+enum nss_status
+NAME(getspnam_r) (const char *name, struct spwd *result, char *buffer,
+ size_t buflen, int *errnop)
+{
+ init();
+ for (size_t idx = 0; idx < nspwd_data; ++idx)
+ if (strcmp (spwd_data[idx].sp_namp, name) == 0)
+ return copy_shadow (result, &spwd_data[idx], buffer, buflen, errnop);
+
+ return NSS_STATUS_NOTFOUND;
+}
+
+/* -------------------------------------------------- */
/* Host handling. */
static size_t host_iter;