diff options
author | DJ Delorie <dj@redhat.com> | 2021-02-15 21:34:23 -0500 |
---|---|---|
committer | DJ Delorie <dj@redhat.com> | 2021-03-09 14:34:50 -0500 |
commit | 9b456c5da968ee832ea4b2b73a18a5bf6d2118a6 (patch) | |
tree | e0f9e838dd5862499207e16cf6e8b3d15d49d374 /nss/nss_test1.c | |
parent | NEWS: Add entry for CVE-2021-27645 (diff) | |
download | glibc-9b456c5da968ee832ea4b2b73a18a5bf6d2118a6.tar.gz glibc-9b456c5da968ee832ea4b2b73a18a5bf6d2118a6.tar.bz2 glibc-9b456c5da968ee832ea4b2b73a18a5bf6d2118a6.zip |
nss: fix nss_database_lookup2's alternate handling [BZ #27416]
__nss_database_lookup2's extra arguments were left unused in the
nsswitch reloading patch set; this broke compat (default config
ignored) and shadow files (secondary name ignored) which relies on
these fallbacks.
This patch adds in the previous behavior by correcting the
initialization of the database list to reflect the fallbacks. This
means that the nss_database_lookup2 interface no longer needs to be
passed the fallback info, so API and callers were adjusted.
Since all callers needed to be edited anyway, the calls were changed
from __nss_database_lookup2 to the faster __nss_database_get. This
was an intended optimization which was deferred during the initial
lookup changes to avoid touching so many files.
The test case verifies that compat targets work (passwd) and that the
default configuration works (group). Tested on x86-64.
Diffstat (limited to 'nss/nss_test1.c')
-rw-r--r-- | nss/nss_test1.c | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/nss/nss_test1.c b/nss/nss_test1.c index f73c7a6cd8..f8d81831ee 100644 --- a/nss/nss_test1.c +++ b/nss/nss_test1.c @@ -66,6 +66,9 @@ static int npwd_data = default_npwd_data; static struct group *grp_data = NULL; static int ngrp_data = 0; +static struct spwd *spwd_data = NULL; +static int nspwd_data = 0; + static struct hostent *host_data = NULL; static int nhost_data = 0; @@ -102,6 +105,13 @@ init(void) ; ngrp_data = i; } + if (t.spwd_table) + { + spwd_data = t.spwd_table; + for (i=0; ! SPWD_ISLAST(& spwd_data[i]); i++) + ; + nspwd_data = i; + } if (t.host_table) { host_data = t.host_table; @@ -324,6 +334,89 @@ NAME(getgrnam_r) (const char *name, struct group *result, char *buffer, } /* -------------------------------------------------- */ +/* Shadow password handling. */ + +static size_t spwd_iter; +#define CURSPWD spwd_data[spwd_iter] + +static pthread_mutex_t spwd_lock = PTHREAD_MUTEX_INITIALIZER; + +enum nss_status +NAME(setspent) (int stayopen) +{ + init(); + spwd_iter = 0; + return NSS_STATUS_SUCCESS; +} + + +enum nss_status +NAME(endspwent) (void) +{ + init(); + return NSS_STATUS_SUCCESS; +} + +static enum nss_status +copy_shadow (struct spwd *result, struct spwd *local, + char *buffer, size_t buflen, int *errnop) +{ + struct alloc_buffer buf = alloc_buffer_create (buffer, buflen); + + result->sp_namp = alloc_buffer_maybe_copy_string (&buf, local->sp_namp); + result->sp_pwdp = alloc_buffer_maybe_copy_string (&buf, local->sp_pwdp); + result->sp_lstchg = local->sp_lstchg; + result->sp_min = local->sp_min; + result->sp_max = local->sp_max; + result->sp_warn = local->sp_warn; + result->sp_inact = local->sp_inact; + result->sp_expire = local->sp_expire; + result->sp_flag = local->sp_flag; + + if (alloc_buffer_has_failed (&buf)) + { + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } + + return NSS_STATUS_SUCCESS; +} + +enum nss_status +NAME(getspent_r) (struct spwd *result, char *buffer, size_t buflen, + int *errnop) +{ + int res = NSS_STATUS_SUCCESS; + + init(); + pthread_mutex_lock (&spwd_lock); + + if (spwd_iter >= nspwd_data) + res = NSS_STATUS_NOTFOUND; + else + { + res = copy_shadow (result, &CURSPWD, buffer, buflen, errnop); + ++spwd_iter; + } + + pthread_mutex_unlock (&spwd_lock); + + return res; +} + +enum nss_status +NAME(getspnam_r) (const char *name, struct spwd *result, char *buffer, + size_t buflen, int *errnop) +{ + init(); + for (size_t idx = 0; idx < nspwd_data; ++idx) + if (strcmp (spwd_data[idx].sp_namp, name) == 0) + return copy_shadow (result, &spwd_data[idx], buffer, buflen, errnop); + + return NSS_STATUS_NOTFOUND; +} + +/* -------------------------------------------------- */ /* Host handling. */ static size_t host_iter; |