1 /* Copyright (C) 1989, 1991-2023 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <https://www.gnu.org/licenses/>. */
17
18 #include <assert.h>
19 #include <errno.h>
20 #include <grp.h>
21 #include <limits.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <unistd.h>
25 #include <sys/param.h>
26 #include <sys/types.h>
27 #include <nsswitch.h>
28 #include <scratch_buffer.h>
29 #include <config.h>
30
31 #include "../nscd/nscd-client.h"
32 #include "../nscd/nscd_proto.h"
33
34 /* Type of the lookup function. */
35 typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t,
36 long int *, long int *,
37 gid_t **, long int, int *);
38
39 static bool use_initgroups_entry;
40
41
42 #include "compat-initgroups.c"
43
44
45 static int
46 internal_getgrouplist (const char *user, gid_t group, long int *size,
47 gid_t **groupsp, long int limit)
48 {
49 #ifdef USE_NSCD
50 if (__nss_not_use_nscd_group > 0
51 && ++__nss_not_use_nscd_group > NSS_NSCD_RETRY)
52 __nss_not_use_nscd_group = 0;
53 if (!__nss_not_use_nscd_group
54 && !__nss_database_custom[NSS_DBSIDX_group])
55 {
56 int n = __nscd_getgrouplist (user, group, size, groupsp, limit);
57 if (n >= 0)
58 return n;
59
60 /* nscd is not usable. */
61 __nss_not_use_nscd_group = 1;
62 }
63 #endif
64
65 enum nss_status status = NSS_STATUS_UNAVAIL;
66
67 /* Never store more than the starting *SIZE number of elements. */
68 assert (*size > 0);
69 (*groupsp)[0] = group;
70 /* Start is one, because we have the first group as parameter. */
71 long int start = 1;
72
73 nss_action_list nip;
74
75 if (__nss_database_get (nss_database_initgroups, &nip)
76 && nip != NULL)
77 {
78 use_initgroups_entry = true;
79 }
80 else if (__nss_database_get (nss_database_group, &nip)
81 && nip != NULL)
82 {
83 use_initgroups_entry = false;
84 }
85 else
86 {
87 nip = __nss_action_parse ("files");
88 use_initgroups_entry = false;
89 }
90
91 while (nip && nip->module)
92 {
93 long int prev_start = start;
94
95 initgroups_dyn_function fct = __nss_lookup_function (nip,
96 "initgroups_dyn");
97 if (fct == NULL)
98 status = compat_call (nip, user, group, &start, size, groupsp,
99 limit, &errno);
100 else
101 status = DL_CALL_FCT (fct, (user, group, &start, size, groupsp,
102 limit, &errno));
103
104 /* Remove duplicates. */
105 long int cnt = prev_start;
106 while (cnt < start)
107 {
108 long int inner;
109 for (inner = 0; inner < prev_start; ++inner)
110 if ((*groupsp)[inner] == (*groupsp)[cnt])
111 break;
112
113 if (inner < prev_start)
114 (*groupsp)[cnt] = (*groupsp)[--start];
115 else
116 ++cnt;
117 }
118
119 /* This is really only for debugging. */
120 if (NSS_STATUS_TRYAGAIN > status || status > NSS_STATUS_RETURN)
121 __libc_fatal ("Illegal status in internal_getgrouplist.\n");
122
123 /* For compatibility reason we will continue to look for more
124 entries using the next service even though data has already
125 been found if the nsswitch.conf file contained only a 'groups'
126 line and no 'initgroups' line. If the latter is available
127 we always respect the status. This means that the default
128 for successful lookups is to return. */
129 if ((use_initgroups_entry || status != NSS_STATUS_SUCCESS)
130 && nss_next_action (nip, status) == NSS_ACTION_RETURN)
131 break;
132
133 nip++;
134 }
135
136 return start;
137 }
138
139 /* Store at most *NGROUPS members of the group set for USER into
140 *GROUPS. Also include GROUP. The actual number of groups found is
141 returned in *NGROUPS. Return -1 if the if *NGROUPS is too small. */
142 int
143 getgrouplist (const char *user, gid_t group, gid_t *groups, int *ngroups)
144 {
145 long int size = MAX (1, *ngroups);
146
147 gid_t *newgroups = (gid_t *) malloc (size * sizeof (gid_t));
148 if (__glibc_unlikely (newgroups == NULL))
149 /* No more memory. */
150 // XXX This is wrong. The user provided memory, we have to use
151 // XXX it. The internal functions must be called with the user
152 // XXX provided buffer and not try to increase the size if it is
153 // XXX too small. For initgroups a flag could say: increase size.
154 return -1;
155
156 int total = internal_getgrouplist (user, group, &size, &newgroups, -1);
157
158 memcpy (groups, newgroups, MIN (*ngroups, total) * sizeof (gid_t));
159
160 free (newgroups);
161
162 int retval = total > *ngroups ? -1 : total;
163 *ngroups = total;
164
165 return retval;
166 }
167
168 nss_interface_function (getgrouplist)
169
170 /* Initialize the group set for the current user
171 by reading the group database and using all groups
172 of which USER is a member. Also include GROUP. */
173 int
174 initgroups (const char *user, gid_t group)
175 {
176 #if defined NGROUPS_MAX && NGROUPS_MAX == 0
177
178 /* No extra groups allowed. */
179 return 0;
180
181 #else
182
183 long int size;
184 gid_t *groups;
185 int ngroups;
186 int result;
187
188 /* We always use sysconf even if NGROUPS_MAX is defined. That way, the
189 limit can be raised in the kernel configuration without having to
190 recompile libc. */
191 long int limit = __sysconf (_SC_NGROUPS_MAX);
192
193 if (limit > 0)
194 /* We limit the size of the initially allocated array. */
195 size = MIN (limit, 64);
196 else
197 /* No fixed limit on groups. Pick a starting buffer size. */
198 size = 16;
199
200 groups = (gid_t *) malloc (size * sizeof (gid_t));
201 if (__glibc_unlikely (groups == NULL))
202 /* No more memory. */
203 return -1;
204
205 ngroups = internal_getgrouplist (user, group, &size, &groups, limit);
206
207 /* Try to set the maximum number of groups the kernel can handle. */
208 do
209 result = setgroups (ngroups, groups);
210 while (result == -1 && errno == EINVAL && --ngroups > 0);
211
212 free (groups);
213
214 return result;
215 #endif
216 }
217
218 nss_interface_function (initgroups)