1 /* Copyright (C) 1998-2022 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <https://www.gnu.org/licenses/>. */
17
18 #include <alloca.h>
19 #include <assert.h>
20 #include <errno.h>
21 #include <grp.h>
22 #include <stdint.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <unistd.h>
27 #include <sys/mman.h>
28 #include <sys/socket.h>
29 #include <sys/uio.h>
30 #include <sys/un.h>
31 #include <not-cancel.h>
32 #include <_itoa.h>
33 #include <scratch_buffer.h>
34
35 #include "nscd-client.h"
36 #include "nscd_proto.h"
37
38 int __nss_not_use_nscd_group;
39
40 static int nscd_getgr_r (const char *key, size_t keylen, request_type type,
41 struct group *resultbuf, char *buffer,
42 size_t buflen, struct group **result);
43
44
45 int
__nscd_getgrnam_r(const char * name,struct group * resultbuf,char * buffer,size_t buflen,struct group ** result)46 __nscd_getgrnam_r (const char *name, struct group *resultbuf, char *buffer,
47 size_t buflen, struct group **result)
48 {
49 return nscd_getgr_r (name, strlen (name) + 1, GETGRBYNAME, resultbuf,
50 buffer, buflen, result);
51 }
52
53
54 int
__nscd_getgrgid_r(gid_t gid,struct group * resultbuf,char * buffer,size_t buflen,struct group ** result)55 __nscd_getgrgid_r (gid_t gid, struct group *resultbuf, char *buffer,
56 size_t buflen, struct group **result)
57 {
58 char buf[3 * sizeof (gid_t)];
59 buf[sizeof (buf) - 1] = '\0';
60 char *cp = _itoa_word (gid, buf + sizeof (buf) - 1, 10, 0);
61
62 return nscd_getgr_r (cp, buf + sizeof (buf) - cp, GETGRBYGID, resultbuf,
63 buffer, buflen, result);
64 }
65
66
67 libc_locked_map_ptr (,__gr_map_handle) attribute_hidden;
68 /* Note that we only free the structure if necessary. The memory
69 mapping is not removed since it is not visible to the malloc
70 handling. */
libc_freeres_fn(gr_map_free)71 libc_freeres_fn (gr_map_free)
72 {
73 if (__gr_map_handle.mapped != NO_MAPPING)
74 {
75 void *p = __gr_map_handle.mapped;
76 __gr_map_handle.mapped = NO_MAPPING;
77 free (p);
78 }
79 }
80
81
82 static int
nscd_getgr_r(const char * key,size_t keylen,request_type type,struct group * resultbuf,char * buffer,size_t buflen,struct group ** result)83 nscd_getgr_r (const char *key, size_t keylen, request_type type,
84 struct group *resultbuf, char *buffer, size_t buflen,
85 struct group **result)
86 {
87 int gc_cycle;
88 int nretries = 0;
89 const uint32_t *len = NULL;
90 struct scratch_buffer lenbuf;
91 scratch_buffer_init (&lenbuf);
92
93 /* If the mapping is available, try to search there instead of
94 communicating with the nscd. */
95 struct mapped_database *mapped = __nscd_get_map_ref (GETFDGR, "group",
96 &__gr_map_handle,
97 &gc_cycle);
98 retry:;
99 const char *gr_name = NULL;
100 size_t gr_name_len = 0;
101 int retval = -1;
102 const char *recend = (const char *) ~UINTMAX_C (0);
103 gr_response_header gr_resp;
104
105 if (mapped != NO_MAPPING)
106 {
107 struct datahead *found = __nscd_cache_search (type, key, keylen, mapped,
108 sizeof gr_resp);
109 if (found != NULL)
110 {
111 len = (const uint32_t *) (&found->data[0].grdata + 1);
112 gr_resp = found->data[0].grdata;
113 gr_name = ((const char *) len
114 + gr_resp.gr_mem_cnt * sizeof (uint32_t));
115 gr_name_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
116 recend = (const char *) found->data + found->recsize;
117 /* Now check if we can trust gr_resp fields. If GC is
118 in progress, it can contain anything. */
119 if (mapped->head->gc_cycle != gc_cycle)
120 {
121 retval = -2;
122 goto out;
123 }
124
125 /* The alignment is always sufficient, unless GC is in progress. */
126 assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0);
127 }
128 }
129
130 int sock = -1;
131 if (gr_name == NULL)
132 {
133 sock = __nscd_open_socket (key, keylen, type, &gr_resp,
134 sizeof (gr_resp));
135 if (sock == -1)
136 {
137 __nss_not_use_nscd_group = 1;
138 goto out;
139 }
140 }
141
142 /* No value found so far. */
143 *result = NULL;
144
145 if (__glibc_unlikely (gr_resp.found == -1))
146 {
147 /* The daemon does not cache this database. */
148 __nss_not_use_nscd_group = 1;
149 goto out_close;
150 }
151
152 if (gr_resp.found == 1)
153 {
154 struct iovec vec[2];
155 char *p = buffer;
156 size_t total_len;
157 uintptr_t align;
158 nscd_ssize_t cnt;
159
160 /* Now allocate the buffer the array for the group members. We must
161 align the pointer. */
162 align = ((__alignof__ (char *) - (p - ((char *) 0)))
163 & (__alignof__ (char *) - 1));
164 total_len = (align + (1 + gr_resp.gr_mem_cnt) * sizeof (char *)
165 + gr_resp.gr_name_len + gr_resp.gr_passwd_len);
166 if (__glibc_unlikely (buflen < total_len))
167 {
168 no_room:
169 __set_errno (ERANGE);
170 retval = ERANGE;
171 goto out_close;
172 }
173 buflen -= total_len;
174
175 p += align;
176 resultbuf->gr_mem = (char **) p;
177 p += (1 + gr_resp.gr_mem_cnt) * sizeof (char *);
178
179 /* Set pointers for strings. */
180 resultbuf->gr_name = p;
181 p += gr_resp.gr_name_len;
182 resultbuf->gr_passwd = p;
183 p += gr_resp.gr_passwd_len;
184
185 /* Fill in what we know now. */
186 resultbuf->gr_gid = gr_resp.gr_gid;
187
188 /* Read the length information, group name, and password. */
189 if (gr_name == NULL)
190 {
191 /* Handle a simple, usual case: no group members. */
192 if (__glibc_likely (gr_resp.gr_mem_cnt == 0))
193 {
194 size_t n = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
195 if (__builtin_expect (__readall (sock, resultbuf->gr_name, n)
196 != (ssize_t) n, 0))
197 goto out_close;
198 }
199 else
200 {
201 /* Allocate array to store lengths. */
202 if (!scratch_buffer_set_array_size
203 (&lenbuf, gr_resp.gr_mem_cnt, sizeof (uint32_t)))
204 goto out_close;
205 len = lenbuf.data;
206
207 vec[0].iov_base = (void *) len;
208 vec[0].iov_len = gr_resp.gr_mem_cnt * sizeof (uint32_t);
209 vec[1].iov_base = resultbuf->gr_name;
210 vec[1].iov_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
211 total_len = vec[0].iov_len + vec[1].iov_len;
212
213 /* Get this data. */
214 size_t n = __readvall (sock, vec, 2);
215 if (__glibc_unlikely (n != total_len))
216 goto out_close;
217 }
218 }
219 else
220 /* We already have the data. Just copy the group name and
221 password. */
222 memcpy (resultbuf->gr_name, gr_name,
223 gr_resp.gr_name_len + gr_resp.gr_passwd_len);
224
225 /* Clear the terminating entry. */
226 resultbuf->gr_mem[gr_resp.gr_mem_cnt] = NULL;
227
228 /* Prepare reading the group members. */
229 total_len = 0;
230 for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
231 {
232 resultbuf->gr_mem[cnt] = p;
233 total_len += len[cnt];
234 p += len[cnt];
235 }
236
237 if (__glibc_unlikely (gr_name + gr_name_len + total_len > recend))
238 {
239 /* len array might contain garbage during nscd GC cycle,
240 retry rather than fail in that case. */
241 if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
242 retval = -2;
243 goto out_close;
244 }
245 if (__glibc_unlikely (total_len > buflen))
246 {
247 /* len array might contain garbage during nscd GC cycle,
248 retry rather than fail in that case. */
249 if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
250 {
251 retval = -2;
252 goto out_close;
253 }
254 else
255 goto no_room;
256 }
257
258 retval = 0;
259
260 /* If there are no group members TOTAL_LEN is zero. */
261 if (gr_name == NULL)
262 {
263 if (total_len > 0
264 && __builtin_expect (__readall (sock, resultbuf->gr_mem[0],
265 total_len) != total_len, 0))
266 {
267 /* The `errno' to some value != ERANGE. */
268 __set_errno (ENOENT);
269 retval = ENOENT;
270 }
271 else
272 *result = resultbuf;
273 }
274 else
275 {
276 /* Copy the group member names. */
277 memcpy (resultbuf->gr_mem[0], gr_name + gr_name_len, total_len);
278
279 /* Try to detect corrupt databases. */
280 if (resultbuf->gr_name[gr_name_len - 1] != '\0'
281 || resultbuf->gr_passwd[gr_resp.gr_passwd_len - 1] != '\0'
282 || ({for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
283 if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0')
284 break;
285 cnt < gr_resp.gr_mem_cnt; }))
286 {
287 /* We cannot use the database. */
288 retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1;
289 goto out_close;
290 }
291
292 *result = resultbuf;
293 }
294 }
295 else
296 {
297 /* Set errno to 0 to indicate no error, just no found record. */
298 __set_errno (0);
299 /* Even though we have not found anything, the result is zero. */
300 retval = 0;
301 }
302
303 out_close:
304 if (sock != -1)
305 __close_nocancel_nostatus (sock);
306 out:
307 if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
308 {
309 /* When we come here this means there has been a GC cycle while we
310 were looking for the data. This means the data might have been
311 inconsistent. Retry if possible. */
312 if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
313 {
314 /* nscd is just running gc now. Disable using the mapping. */
315 if (atomic_decrement_val (&mapped->counter) == 0)
316 __nscd_unmap (mapped);
317 mapped = NO_MAPPING;
318 }
319
320 if (retval != -1)
321 goto retry;
322 }
323
324 scratch_buffer_free (&lenbuf);
325
326 return retval;
327 }
328