summaryrefslogtreecommitdiff
path: root/src/passwd
AgeCommit message (Collapse)AuthorLines
2019-05-16fix format strings for uid/gid values in putpwent/putgrentRich Felker-2/+2
commit 648c3b4e18b2ce2b6af7d44783e42ca267ea49f5 omitted this change, which is needed to be able to use uid/gid values greater than INT_MAX with these interfaces. it fixes alpine linux bug #10460.
2018-12-28halt getspnam[_r] search on error accessing TCB shadowRich Felker-0/+2
fallback to /etc/shadow should happen only when the entry is not found in the TCB shadow. otherwise transient errors or permission errors can cause inconsistent results.
2018-12-28don't set errno or return an error when getspnam[_r] finds no entryRich Felker-3/+9
this case is specified as success with a null result, rather than an error, and errno is not to be set on success.
2018-09-12reduce spurious inclusion of libc.hRich Felker-1/+1
libc.h was intended to be a header for access to global libc state and related interfaces, but ended up included all over the place because it was the way to get the weak_alias macro. most of the inclusions removed here are places where weak_alias was needed. a few were recently introduced for hidden. some go all the way back to when libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented) cancellation points had to include it. remaining spurious users are mostly callers of the LOCK/UNLOCK macros and files that use the LFS64 macro to define the awful *64 aliases. in a few places, new inclusion of libc.h is added because several internal headers no longer implicitly include libc.h. declarations for __lockfile and __unlockfile are moved from libc.h to stdio_impl.h so that the latter does not need libc.h. putting them in libc.h made no sense at all, since the macros in stdio_impl.h are needed to use them correctly anyway.
2018-09-12apply hidden visibility to various remaining internal interfacesRich Felker-6/+6
2017-06-21fix regression in getspnam[_r] error code for insufficient buffer sizeRich Felker-1/+1
commit 2d7d05f031e014068a61d3076c6178513395d2ae wrongly changed ERANGE to EINVAL, likely as the result of copy-and-paste error.
2017-06-15set errno when getpw*_r, getgr*_r, and getspnam_r failRich Felker-3/+7
these functions return an error code, and are not explicitly documented to set errno, but they are nonstandard and the historical implementations do set errno as well, and some applications expect this behavior. do likewise for compatibility. patch by Rudolph Pereira.
2016-07-13revert unrelated change that slipped into last commitRich Felker-1/+1
2016-07-13fix regression in tcsetattr on all mips archsRich Felker-1/+1
revert commit 8c316e9e49d37ad92c2e7493e16166a2afca419f. it was wrong and does not match how the kernel API works.
2015-06-09fix spurious errors from pwd/grp functions when nscd backend is absentRich Felker-4/+8
for several pwd/grp functions, the only way the caller can distinguish between a successful negative result ("no such user/group") and an internal error is by clearing errno before the call and checking errno afterwards. the nscd backend support code correctly simulated a not-found response on systems where such a backend is not running, but failed to restore errno. this commit also fixed an outdated/incorrect comment.
2015-05-01fix mishandling of ENOMEM return case in internal getgrent_a functionRich Felker-1/+2
due to an incorrect return statement in this error case, the previously blocked cancellation state was not restored and no result was stored. this could lead to invalid (read) accesses in the caller resulting in crashes or nonsensical result data in the event of memory exhaustion.
2015-03-15avoid sending huge names as nscd passwd/group queriesRich Felker-2/+3
overly long user/group names are potentially a DoS vector and source of other problems like partial writes by sendmsg, and not useful.
2015-03-15simplify nscd lookup code for alt passwd/group backendsRich Felker-15/+15
previously, a sentinel value of (FILE *)-1 was used to inform the caller of __nscd_query that nscd is not in use. aside from being an ugly hack, this resulted in duplicate code paths for two logically equivalent cases: no nscd, and "not found" result from nscd. now, __nscd_query simply skips closing the socket and returns a valid FILE pointer when nscd is not in use, and produces a fake "not found" response header. the caller is then responsible for closing the socket just like it would do if it had gotten a real "not found" response.
2015-03-15add alternate backend support for getgrouplistJosiah Worcester-0/+86
This completes the alternate backend support that was previously added to the getpw* and getgr* functions. Unlike those, though, it unconditionally queries nscd. Any groups from nscd that aren't in the /etc/groups file are added to the returned list, and any that are present in the file are ignored. The purpose of this behavior is to provide a view of the group database consistent with what is observed by the getgr* functions. If group memberships reported by nscd were honored when the corresponding group already has a definition in the /etc/groups file, the user's getgrouplist-based membership in the group would conflict with their non-membership in the reported gr_mem[] for the group. The changes made also make getgrouplist thread-safe and eliminate its clobbering of the global getgrent state.
2015-02-23support alternate backends for the passwd and group dbsJosiah Worcester-2/+390
when we fail to find the entry in the commonly accepted files, we query a server over a Unix domain socket on /var/run/nscd/socket. the protocol used here is compatible with glibc's nscd protocol on most systems (all that use 32-bit numbers for all the protocol fields, which appears to be everything but Alpha).
2015-02-23fix spurious errors in refactored passwd/group codeRich Felker-2/+2
errno was treated as the error status when the return value of getline was negative, but this condition can simply indicate EOF and is not necessarily an error. the spurious errors caused by this bug masked the bug which was fixed in commit fc5a96c9c8aa186effad7520d5df6b616bbfd29d.
2015-02-23fix crashes in refactored passwd/group codeRich Felker-4/+4
the wrong condition was used in determining the presence of a result that needs space/copying for the _r functions. a zero return value does not necessarily mean success; it can also be a non-error negative result: no such user/group.
2015-02-13refactor group file access codeJosiah Worcester-51/+71
this allows getgrnam and getgrgid to share code with the _r versions in preparation for alternate backend support.
2015-02-10refactor passwd file access codeJosiah Worcester-49/+65
this allows getpwnam and getpwuid to share code with the _r versions in preparation for alternate backend support.
2015-01-21fix erroneous return of partial username matches by getspnam[_r]Rich Felker-1/+1
when using /etc/shadow (rather than tcb) as its backend, getspnam_r matched any username starting with the caller-provided string rather than requiring an exact match. in practice this seems to have affected only systems where one valid username is a prefix for another valid username, and where the longer username appears first in the shadow file.
2013-12-12include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy-0/+4
2013-11-24shadow: Implement fgetspentMichael Forney-1/+10
2013-11-24shadow: Move spent parsing to internal functionMichael Forney-31/+40
2013-11-24shadow: Implement putspentMichael Forney-5/+13
2013-11-23putgrent: Add missing newlineMichael Forney-0/+1
2013-11-23putgrent: Stop writing output on first failureMichael Forney-2/+3
This way, if an fprintf fails, we get an incomplete group entry rather than a corrupted one.
2013-09-29fix off-by-one error in getgrnam_r and getgrgid_r, clobbering gr_nameRich Felker-2/+2
bug report and patch by Michael Forney. the terminating null pointer at the end of the gr_mem array was overwriting the beginning of the string data, causing the gr_name member to always be a zero-length string.
2013-07-19change uid_t, gid_t, and id_t to unsigned typesRich Felker-6/+20
this change is both to fix one of the remaining type (and thus C++ ABI) mismatches with glibc/LSB and to allow use of the full range of uid and gid values, if so desired. passwd/group access functions were not prepared to deal with unsigned values, so they too have been fixed with this commit.
2013-04-04add put*ent functions for passwd/group files and similar for shadowRich Felker-0/+34
since shadow does not yet support enumeration (getspent), the corresponding FILE-based get and put versions are also subbed out for now. this is partly out of laziness and partly because it's not clear how they should work in the presence of TCB shadow files. the stubs should make it possible to compile some software that expects them to exist, but such software still may not work properly.
2013-02-17add fgetgrent functionRich Felker-0/+9
based on patch by Isaac Dunham, moved to its own file to avoid increasing bss on static linked programs not using this nonstandard function but using the standard getgrent function, and vice versa.
2012-09-29more close-on-exec fixes, mostly using new "e" flag to fopenRich Felker-6/+6
2012-02-01make passwd/group functions safe against cancellation in stdioRich Felker-6/+35
these changes are a prerequisite to making stdio cancellable.
2012-01-29add fgetpwent (nonstandard function)Rich Felker-0/+9
based on patch by Jeremy Huntwork
2011-09-27fix clobbering of errno in get(pw|gr)([ug]id|nam) by fcloseRich Felker-0/+12
2011-09-21protect against/handle cancellation reading shadow passwordsRich Felker-1/+11
2011-06-30fix buffer overrun in getgrent code when there are no group membersRich Felker-4/+8
2011-06-08it's called getgrgid_r, not getgruid_r...Rich Felker-1/+1
2011-04-20shadow password fixes: empty fields should read as -1 not 0Rich Felker-7/+13
2011-02-14guard against hard links to non-ordinary-files when reading tcb shadowRich Felker-2/+4
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker-0/+404