summaryrefslogtreecommitdiff
path: root/src/passwd
AgeCommit message (Collapse)AuthorLines
2015-06-09fix spurious errors from pwd/grp functions when nscd backend is absentRich Felker-4/+8
for several pwd/grp functions, the only way the caller can distinguish between a successful negative result ("no such user/group") and an internal error is by clearing errno before the call and checking errno afterwards. the nscd backend support code correctly simulated a not-found response on systems where such a backend is not running, but failed to restore errno. this commit also fixed an outdated/incorrect comment.
2015-05-01fix mishandling of ENOMEM return case in internal getgrent_a functionRich Felker-1/+2
due to an incorrect return statement in this error case, the previously blocked cancellation state was not restored and no result was stored. this could lead to invalid (read) accesses in the caller resulting in crashes or nonsensical result data in the event of memory exhaustion.
2015-03-15avoid sending huge names as nscd passwd/group queriesRich Felker-2/+3
overly long user/group names are potentially a DoS vector and source of other problems like partial writes by sendmsg, and not useful.
2015-03-15simplify nscd lookup code for alt passwd/group backendsRich Felker-15/+15
previously, a sentinel value of (FILE *)-1 was used to inform the caller of __nscd_query that nscd is not in use. aside from being an ugly hack, this resulted in duplicate code paths for two logically equivalent cases: no nscd, and "not found" result from nscd. now, __nscd_query simply skips closing the socket and returns a valid FILE pointer when nscd is not in use, and produces a fake "not found" response header. the caller is then responsible for closing the socket just like it would do if it had gotten a real "not found" response.
2015-03-15add alternate backend support for getgrouplistJosiah Worcester-0/+86
This completes the alternate backend support that was previously added to the getpw* and getgr* functions. Unlike those, though, it unconditionally queries nscd. Any groups from nscd that aren't in the /etc/groups file are added to the returned list, and any that are present in the file are ignored. The purpose of this behavior is to provide a view of the group database consistent with what is observed by the getgr* functions. If group memberships reported by nscd were honored when the corresponding group already has a definition in the /etc/groups file, the user's getgrouplist-based membership in the group would conflict with their non-membership in the reported gr_mem[] for the group. The changes made also make getgrouplist thread-safe and eliminate its clobbering of the global getgrent state.
2015-02-23support alternate backends for the passwd and group dbsJosiah Worcester-2/+390
when we fail to find the entry in the commonly accepted files, we query a server over a Unix domain socket on /var/run/nscd/socket. the protocol used here is compatible with glibc's nscd protocol on most systems (all that use 32-bit numbers for all the protocol fields, which appears to be everything but Alpha).
2015-02-23fix spurious errors in refactored passwd/group codeRich Felker-2/+2
errno was treated as the error status when the return value of getline was negative, but this condition can simply indicate EOF and is not necessarily an error. the spurious errors caused by this bug masked the bug which was fixed in commit fc5a96c9c8aa186effad7520d5df6b616bbfd29d.
2015-02-23fix crashes in refactored passwd/group codeRich Felker-4/+4
the wrong condition was used in determining the presence of a result that needs space/copying for the _r functions. a zero return value does not necessarily mean success; it can also be a non-error negative result: no such user/group.
2015-02-13refactor group file access codeJosiah Worcester-51/+71
this allows getgrnam and getgrgid to share code with the _r versions in preparation for alternate backend support.
2015-02-10refactor passwd file access codeJosiah Worcester-49/+65
this allows getpwnam and getpwuid to share code with the _r versions in preparation for alternate backend support.
2015-01-21fix erroneous return of partial username matches by getspnam[_r]Rich Felker-1/+1
when using /etc/shadow (rather than tcb) as its backend, getspnam_r matched any username starting with the caller-provided string rather than requiring an exact match. in practice this seems to have affected only systems where one valid username is a prefix for another valid username, and where the longer username appears first in the shadow file.
2013-12-12include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy-0/+4
2013-11-24shadow: Implement fgetspentMichael Forney-1/+10
2013-11-24shadow: Move spent parsing to internal functionMichael Forney-31/+40
2013-11-24shadow: Implement putspentMichael Forney-5/+13
2013-11-23putgrent: Add missing newlineMichael Forney-0/+1
2013-11-23putgrent: Stop writing output on first failureMichael Forney-2/+3
This way, if an fprintf fails, we get an incomplete group entry rather than a corrupted one.
2013-09-29fix off-by-one error in getgrnam_r and getgrgid_r, clobbering gr_nameRich Felker-2/+2
bug report and patch by Michael Forney. the terminating null pointer at the end of the gr_mem array was overwriting the beginning of the string data, causing the gr_name member to always be a zero-length string.
2013-07-19change uid_t, gid_t, and id_t to unsigned typesRich Felker-6/+20
this change is both to fix one of the remaining type (and thus C++ ABI) mismatches with glibc/LSB and to allow use of the full range of uid and gid values, if so desired. passwd/group access functions were not prepared to deal with unsigned values, so they too have been fixed with this commit.
2013-04-04add put*ent functions for passwd/group files and similar for shadowRich Felker-0/+34
since shadow does not yet support enumeration (getspent), the corresponding FILE-based get and put versions are also subbed out for now. this is partly out of laziness and partly because it's not clear how they should work in the presence of TCB shadow files. the stubs should make it possible to compile some software that expects them to exist, but such software still may not work properly.
2013-02-17add fgetgrent functionRich Felker-0/+9
based on patch by Isaac Dunham, moved to its own file to avoid increasing bss on static linked programs not using this nonstandard function but using the standard getgrent function, and vice versa.
2012-09-29more close-on-exec fixes, mostly using new "e" flag to fopenRich Felker-6/+6
2012-02-01make passwd/group functions safe against cancellation in stdioRich Felker-6/+35
these changes are a prerequisite to making stdio cancellable.
2012-01-29add fgetpwent (nonstandard function)Rich Felker-0/+9
based on patch by Jeremy Huntwork
2011-09-27fix clobbering of errno in get(pw|gr)([ug]id|nam) by fcloseRich Felker-0/+12
2011-09-21protect against/handle cancellation reading shadow passwordsRich Felker-1/+11
2011-06-30fix buffer overrun in getgrent code when there are no group membersRich Felker-4/+8
2011-06-08it's called getgrgid_r, not getgruid_r...Rich Felker-1/+1
2011-04-20shadow password fixes: empty fields should read as -1 not 0Rich Felker-7/+13
2011-02-14guard against hard links to non-ordinary-files when reading tcb shadowRich Felker-2/+4
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker-0/+404