1 /* Copyright (C) 1998-2023 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <https://www.gnu.org/licenses/>. */
17
18 #include <alloca.h>
19 #include <assert.h>
20 #include <errno.h>
21 #include <grp.h>
22 #include <stdint.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <unistd.h>
27 #include <sys/mman.h>
28 #include <sys/socket.h>
29 #include <sys/uio.h>
30 #include <sys/un.h>
31 #include <not-cancel.h>
32 #include <_itoa.h>
33 #include <scratch_buffer.h>
34
35 #include "nscd-client.h"
36 #include "nscd_proto.h"
37
38 int __nss_not_use_nscd_group;
39
40 static int nscd_getgr_r (const char *key, size_t keylen, request_type type,
41 struct group *resultbuf, char *buffer,
42 size_t buflen, struct group **result);
43
44
45 int
46 __nscd_getgrnam_r (const char *name, struct group *resultbuf, char *buffer,
47 size_t buflen, struct group **result)
48 {
49 return nscd_getgr_r (name, strlen (name) + 1, GETGRBYNAME, resultbuf,
50 buffer, buflen, result);
51 }
52
53
54 int
55 __nscd_getgrgid_r (gid_t gid, struct group *resultbuf, char *buffer,
56 size_t buflen, struct group **result)
57 {
58 char buf[3 * sizeof (gid_t)];
59 buf[sizeof (buf) - 1] = '\0';
60 char *cp = _itoa_word (gid, buf + sizeof (buf) - 1, 10, 0);
61
62 return nscd_getgr_r (cp, buf + sizeof (buf) - cp, GETGRBYGID, resultbuf,
63 buffer, buflen, result);
64 }
65
66
67 libc_locked_map_ptr (,__gr_map_handle) attribute_hidden;
68 /* Note that we only free the structure if necessary. The memory
69 mapping is not removed since it is not visible to the malloc
70 handling. */
71 void
72 __nscd_gr_map_freemem (void)
73 {
74 if (__gr_map_handle.mapped != NO_MAPPING)
75 {
76 void *p = __gr_map_handle.mapped;
77 __gr_map_handle.mapped = NO_MAPPING;
78 free (p);
79 }
80 }
81
82
83 static int
84 nscd_getgr_r (const char *key, size_t keylen, request_type type,
85 struct group *resultbuf, char *buffer, size_t buflen,
86 struct group **result)
87 {
88 int gc_cycle;
89 int nretries = 0;
90 const uint32_t *len = NULL;
91 struct scratch_buffer lenbuf;
92 scratch_buffer_init (&lenbuf);
93
94 /* If the mapping is available, try to search there instead of
95 communicating with the nscd. */
96 struct mapped_database *mapped = __nscd_get_map_ref (GETFDGR, "group",
97 &__gr_map_handle,
98 &gc_cycle);
99 retry:;
100 const char *gr_name = NULL;
101 size_t gr_name_len = 0;
102 int retval = -1;
103 const char *recend = (const char *) ~UINTMAX_C (0);
104 gr_response_header gr_resp;
105
106 if (mapped != NO_MAPPING)
107 {
108 struct datahead *found = __nscd_cache_search (type, key, keylen, mapped,
109 sizeof gr_resp);
110 if (found != NULL)
111 {
112 len = (const uint32_t *) (&found->data[0].grdata + 1);
113 gr_resp = found->data[0].grdata;
114 gr_name = ((const char *) len
115 + gr_resp.gr_mem_cnt * sizeof (uint32_t));
116 gr_name_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
117 recend = (const char *) found->data + found->recsize;
118 /* Now check if we can trust gr_resp fields. If GC is
119 in progress, it can contain anything. */
120 if (mapped->head->gc_cycle != gc_cycle)
121 {
122 retval = -2;
123 goto out;
124 }
125
126 /* The alignment is always sufficient, unless GC is in progress. */
127 assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0);
128 }
129 }
130
131 int sock = -1;
132 if (gr_name == NULL)
133 {
134 sock = __nscd_open_socket (key, keylen, type, &gr_resp,
135 sizeof (gr_resp));
136 if (sock == -1)
137 {
138 __nss_not_use_nscd_group = 1;
139 goto out;
140 }
141 }
142
143 /* No value found so far. */
144 *result = NULL;
145
146 if (__glibc_unlikely (gr_resp.found == -1))
147 {
148 /* The daemon does not cache this database. */
149 __nss_not_use_nscd_group = 1;
150 goto out_close;
151 }
152
153 if (gr_resp.found == 1)
154 {
155 struct iovec vec[2];
156 char *p = buffer;
157 size_t total_len;
158 uintptr_t align;
159 nscd_ssize_t cnt;
160
161 /* Now allocate the buffer the array for the group members. We must
162 align the pointer. */
163 align = ((__alignof__ (char *) - ((uintptr_t) p))
164 & (__alignof__ (char *) - 1));
165 total_len = (align + (1 + gr_resp.gr_mem_cnt) * sizeof (char *)
166 + gr_resp.gr_name_len + gr_resp.gr_passwd_len);
167 if (__glibc_unlikely (buflen < total_len))
168 {
169 no_room:
170 __set_errno (ERANGE);
171 retval = ERANGE;
172 goto out_close;
173 }
174 buflen -= total_len;
175
176 p += align;
177 resultbuf->gr_mem = (char **) p;
178 p += (1 + gr_resp.gr_mem_cnt) * sizeof (char *);
179
180 /* Set pointers for strings. */
181 resultbuf->gr_name = p;
182 p += gr_resp.gr_name_len;
183 resultbuf->gr_passwd = p;
184 p += gr_resp.gr_passwd_len;
185
186 /* Fill in what we know now. */
187 resultbuf->gr_gid = gr_resp.gr_gid;
188
189 /* Read the length information, group name, and password. */
190 if (gr_name == NULL)
191 {
192 /* Handle a simple, usual case: no group members. */
193 if (__glibc_likely (gr_resp.gr_mem_cnt == 0))
194 {
195 size_t n = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
196 if (__builtin_expect (__readall (sock, resultbuf->gr_name, n)
197 != (ssize_t) n, 0))
198 goto out_close;
199 }
200 else
201 {
202 /* Allocate array to store lengths. */
203 if (!scratch_buffer_set_array_size
204 (&lenbuf, gr_resp.gr_mem_cnt, sizeof (uint32_t)))
205 goto out_close;
206 len = lenbuf.data;
207
208 vec[0].iov_base = (void *) len;
209 vec[0].iov_len = gr_resp.gr_mem_cnt * sizeof (uint32_t);
210 vec[1].iov_base = resultbuf->gr_name;
211 vec[1].iov_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len;
212 total_len = vec[0].iov_len + vec[1].iov_len;
213
214 /* Get this data. */
215 size_t n = __readvall (sock, vec, 2);
216 if (__glibc_unlikely (n != total_len))
217 goto out_close;
218 }
219 }
220 else
221 /* We already have the data. Just copy the group name and
222 password. */
223 memcpy (resultbuf->gr_name, gr_name,
224 gr_resp.gr_name_len + gr_resp.gr_passwd_len);
225
226 /* Clear the terminating entry. */
227 resultbuf->gr_mem[gr_resp.gr_mem_cnt] = NULL;
228
229 /* Prepare reading the group members. */
230 total_len = 0;
231 for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
232 {
233 resultbuf->gr_mem[cnt] = p;
234 total_len += len[cnt];
235 p += len[cnt];
236 }
237
238 if (__glibc_unlikely (gr_name + gr_name_len + total_len > recend))
239 {
240 /* len array might contain garbage during nscd GC cycle,
241 retry rather than fail in that case. */
242 if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
243 retval = -2;
244 goto out_close;
245 }
246 if (__glibc_unlikely (total_len > buflen))
247 {
248 /* len array might contain garbage during nscd GC cycle,
249 retry rather than fail in that case. */
250 if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle)
251 {
252 retval = -2;
253 goto out_close;
254 }
255 else
256 goto no_room;
257 }
258
259 retval = 0;
260
261 /* If there are no group members TOTAL_LEN is zero. */
262 if (gr_name == NULL)
263 {
264 if (total_len > 0
265 && __builtin_expect (__readall (sock, resultbuf->gr_mem[0],
266 total_len) != total_len, 0))
267 {
268 /* The `errno' to some value != ERANGE. */
269 __set_errno (ENOENT);
270 retval = ENOENT;
271 }
272 else
273 *result = resultbuf;
274 }
275 else
276 {
277 /* Copy the group member names. */
278 memcpy (resultbuf->gr_mem[0], gr_name + gr_name_len, total_len);
279
280 /* Try to detect corrupt databases. */
281 if (resultbuf->gr_name[gr_name_len - 1] != '\0'
282 || resultbuf->gr_passwd[gr_resp.gr_passwd_len - 1] != '\0'
283 || ({for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt)
284 if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0')
285 break;
286 cnt < gr_resp.gr_mem_cnt; }))
287 {
288 /* We cannot use the database. */
289 retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1;
290 goto out_close;
291 }
292
293 *result = resultbuf;
294 }
295 }
296 else
297 {
298 /* Set errno to 0 to indicate no error, just no found record. */
299 __set_errno (0);
300 /* Even though we have not found anything, the result is zero. */
301 retval = 0;
302 }
303
304 out_close:
305 if (sock != -1)
306 __close_nocancel_nostatus (sock);
307 out:
308 if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0)
309 {
310 /* When we come here this means there has been a GC cycle while we
311 were looking for the data. This means the data might have been
312 inconsistent. Retry if possible. */
313 if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1)
314 {
315 /* nscd is just running gc now. Disable using the mapping. */
316 if (atomic_fetch_add_relaxed (&mapped->counter, -1) == 1)
317 __nscd_unmap (mapped);
318 mapped = NO_MAPPING;
319 }
320
321 if (retval != -1)
322 goto retry;
323 }
324
325 scratch_buffer_free (&lenbuf);
326
327 return retval;
328 }