summaryrefslogblamecommitdiff
path: root/src/passwd/getpw_a.c
blob: 15a70c0330c13cb4b67457b1aa0b15609721db3b (plain) (tree)
1
                    
















                                               























                                                                                                            























                                                                                    






































































                                                                              




                                      
#include <pthread.h>
#include <byteswap.h>
#include <string.h>
#include <unistd.h>
#include "pwf.h"
#include "nscd.h"

static char *itoa(char *p, uint32_t x)
{
	// number of digits in a uint32_t + NUL
	p += 11;
	*--p = 0;
	do {
		*--p = '0' + x % 10;
		x /= 10;
	} while (x);
	return p;
}

int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t *size, struct passwd **res)
{
	FILE *f;
	int cs;
	int rv = 0;

	*res = 0;

	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);

	f = fopen("/etc/passwd", "rbe");
	if (!f) {
		rv = errno;
		goto done;
	}

	while (!(rv = __getpwent_a(f, pw, buf, size, res)) && *res) {
		if (name && !strcmp(name, (*res)->pw_name)
		|| !name && (*res)->pw_uid == uid)
			break;
	}
	fclose(f);

	if (!*res && (rv == 0 || rv == ENOENT || rv == ENOTDIR)) {
		int32_t req = name ? GETPWBYNAME : GETPWBYUID;
		const char *key;
		int32_t passwdbuf[PW_LEN] = {0};
		size_t len = 0;
		char uidbuf[11] = {0};

		if (name) {
			key = name;
		} else {
			/* uid outside of this range can't be queried with the
			 * nscd interface, but might happen if uid_t ever
			 * happens to be a larger type (this is not true as of
			 * now)
			 */
			if(uid < 0 || uid > UINT32_MAX) {
				rv = 0;
				goto done;
			}
			key = itoa(uidbuf, uid);
		}

		f = __nscd_query(req, key, passwdbuf, sizeof passwdbuf, (int[]){0});
		if (!f) { rv = errno; goto done; }

		if(!passwdbuf[PWFOUND]) { rv = 0; goto cleanup_f; }

		/* A zero length response from nscd is invalid. We ignore
		 * invalid responses and just report an error, rather than
		 * trying to do something with them.
		 */
		if (!passwdbuf[PWNAMELEN] || !passwdbuf[PWPASSWDLEN]
		|| !passwdbuf[PWGECOSLEN] || !passwdbuf[PWDIRLEN]
		|| !passwdbuf[PWSHELLLEN]) {
			rv = EIO;
			goto cleanup_f;
		}

		if ((passwdbuf[PWNAMELEN]|passwdbuf[PWPASSWDLEN]
		     |passwdbuf[PWGECOSLEN]|passwdbuf[PWDIRLEN]
		     |passwdbuf[PWSHELLLEN]) >= SIZE_MAX/8) {
			rv = ENOMEM;
			goto cleanup_f;
		}

		len = passwdbuf[PWNAMELEN] + passwdbuf[PWPASSWDLEN]
		    + passwdbuf[PWGECOSLEN] + passwdbuf[PWDIRLEN]
		    + passwdbuf[PWSHELLLEN];

		if (len > *size || !*buf) {
			char *tmp = realloc(*buf, len);
			if (!tmp) {
				rv = errno;
				goto cleanup_f;
			}
			*buf = tmp;
			*size = len;
		}

		if (!fread(*buf, len, 1, f)) {
			rv = ferror(f) ? errno : EIO;
			goto cleanup_f;
		}

		pw->pw_name = *buf;
		pw->pw_passwd = pw->pw_name + passwdbuf[PWNAMELEN];
		pw->pw_gecos = pw->pw_passwd + passwdbuf[PWPASSWDLEN];
		pw->pw_dir = pw->pw_gecos + passwdbuf[PWGECOSLEN];
		pw->pw_shell = pw->pw_dir + passwdbuf[PWDIRLEN];
		pw->pw_uid = passwdbuf[PWUID];
		pw->pw_gid = passwdbuf[PWGID];

		/* Don't assume that nscd made sure to null terminate strings.
		 * It's supposed to, but malicious nscd should be ignored
		 * rather than causing a crash.
		 */
		if (pw->pw_passwd[-1] || pw->pw_gecos[-1] || pw->pw_dir[-1]
		|| pw->pw_shell[passwdbuf[PWSHELLLEN]-1]) {
			rv = EIO;
			goto cleanup_f;
		}

		if (name && strcmp(name, pw->pw_name)
		|| !name && uid != pw->pw_uid) {
			rv = EIO;
			goto cleanup_f;
		}


		*res = pw;
cleanup_f:
		fclose(f);
		goto done;
	}

done:
	pthread_setcancelstate(cs, 0);
	if (rv) errno = rv;
	return rv;
}