صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
hongwenjun
/
musl
mirrorاز https://git.musl-libc.org/git/musl
1
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: c7bb9c41d2
شاخه‌ها تگ‌ها
musl
/
src
/
passwd
/
getpw_a.c

getpw_a.c 3.1 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. #include <pthread.h>
    2. 

  2. #include <byteswap.h>
    3. 

  3. #include <string.h>
    4. 

  4. #include <unistd.h>
    5. 

  5. #include "pwf.h"
    6. 

  6. #include "nscd.h"
    7. 

  7. 

  8. static char *itoa(char *p, uint32_t x)
    9. 

  9. {
    10. 

  10. 	// number of digits in a uint32_t + NUL
    11. 

  11. 	p += 11;
    12. 

  12. 	*--p = 0;
    13. 

  13. 	do {
    14. 

  14. 		*--p = '0' + x % 10;
    15. 

  15. 		x /= 10;
    16. 

  16. 	} while (x);
    17. 

  17. 	return p;
    18. 

  18. }
    19. 

  19. 

  20. int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t *size, struct passwd **res)
    21. 

  21. {
    22. 

  22. 	FILE *f;
    23. 

  23. 	int cs;
    24. 

  24. 	int rv = 0;
    25. 

  25. 

  26. 	*res = 0;
    27. 

  27. 

  28. 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
    29. 

  29. 

  30. 	f = fopen("/etc/passwd", "rbe");
    31. 

  31. 	if (!f) {
    32. 

  32. 		rv = errno;
    33. 

  33. 		goto done;
    34. 

  34. 	}
    35. 

  35. 

  36. 	while (!(rv = __getpwent_a(f, pw, buf, size, res)) && *res) {
    37. 

  37. 		if (name && !strcmp(name, (*res)->pw_name)
    38. 

  38. 		|| !name && (*res)->pw_uid == uid)
    39. 

  39. 			break;
    40. 

  40. 	}
    41. 

  41. 	fclose(f);
    42. 

  42. 

  43. 	if (!*res && (rv == 0 || rv == ENOENT || rv == ENOTDIR)) {
    44. 

  44. 		int32_t req = name ? GETPWBYNAME : GETPWBYUID;
    45. 

  45. 		const char *key;
    46. 

  46. 		int32_t passwdbuf[PW_LEN] = {0};
    47. 

  47. 		size_t len = 0;
    48. 

  48. 		char uidbuf[11] = {0};
    49. 

  49. 

  50. 		if (name) {
    51. 

  51. 			key = name;
    52. 

  52. 		} else {
    53. 

  53. 			/* uid outside of this range can't be queried with the
    54. 

  54. 			 * nscd interface, but might happen if uid_t ever
    55. 

  55. 			 * happens to be a larger type (this is not true as of
    56. 

  56. 			 * now)
    57. 

  57. 			 */
    58. 

  58. 			if(uid < 0 || uid > UINT32_MAX) {
    59. 

  59. 				rv = 0;
    60. 

  60. 				goto done;
    61. 

  61. 			}
    62. 

  62. 			key = itoa(uidbuf, uid);
    63. 

  63. 		}
    64. 

  64. 

  65. 		f = __nscd_query(req, key, passwdbuf, sizeof passwdbuf, (int[]){0});
    66. 

  66. 		if (!f) { rv = errno; goto done; }
    67. 

  67. 

  68. 		if(!passwdbuf[PWFOUND]) { rv = 0; goto cleanup_f; }
    69. 

  69. 

  70. 		/* A zero length response from nscd is invalid. We ignore
    71. 

  71. 		 * invalid responses and just report an error, rather than
    72. 

  72. 		 * trying to do something with them.
    73. 

  73. 		 */
    74. 

  74. 		if (!passwdbuf[PWNAMELEN] || !passwdbuf[PWPASSWDLEN]
    75. 

  75. 		|| !passwdbuf[PWGECOSLEN] || !passwdbuf[PWDIRLEN]
    76. 

  76. 		|| !passwdbuf[PWSHELLLEN]) {
    77. 

  77. 			rv = EIO;
    78. 

  78. 			goto cleanup_f;
    79. 

  79. 		}
    80. 

  80. 

  81. 		if ((passwdbuf[PWNAMELEN]|passwdbuf[PWPASSWDLEN]
    82. 

  82. 		     |passwdbuf[PWGECOSLEN]|passwdbuf[PWDIRLEN]
    83. 

  83. 		     |passwdbuf[PWSHELLLEN]) >= SIZE_MAX/8) {
    84. 

  84. 			rv = ENOMEM;
    85. 

  85. 			goto cleanup_f;
    86. 

  86. 		}
    87. 

  87. 

  88. 		len = passwdbuf[PWNAMELEN] + passwdbuf[PWPASSWDLEN]
    89. 

  89. 		    + passwdbuf[PWGECOSLEN] + passwdbuf[PWDIRLEN]
    90. 

  90. 		    + passwdbuf[PWSHELLLEN];
    91. 

  91. 

  92. 		if (len > *size || !*buf) {
    93. 

  93. 			char *tmp = realloc(*buf, len);
    94. 

  94. 			if (!tmp) {
    95. 

  95. 				rv = errno;
    96. 

  96. 				goto cleanup_f;
    97. 

  97. 			}
    98. 

  98. 			*buf = tmp;
    99. 

  99. 			*size = len;
    100. 

  100. 		}
    101. 

  101. 

  102. 		if (!fread(*buf, len, 1, f)) {
    103. 

  103. 			rv = ferror(f) ? errno : EIO;
    104. 

  104. 			goto cleanup_f;
    105. 

  105. 		}
    106. 

  106. 

  107. 		pw->pw_name = *buf;
    108. 

  108. 		pw->pw_passwd = pw->pw_name + passwdbuf[PWNAMELEN];
    109. 

  109. 		pw->pw_gecos = pw->pw_passwd + passwdbuf[PWPASSWDLEN];
    110. 

  110. 		pw->pw_dir = pw->pw_gecos + passwdbuf[PWGECOSLEN];
    111. 

  111. 		pw->pw_shell = pw->pw_dir + passwdbuf[PWDIRLEN];
    112. 

  112. 		pw->pw_uid = passwdbuf[PWUID];
    113. 

  113. 		pw->pw_gid = passwdbuf[PWGID];
    114. 

  114. 

  115. 		/* Don't assume that nscd made sure to null terminate strings.
    116. 

  116. 		 * It's supposed to, but malicious nscd should be ignored
    117. 

  117. 		 * rather than causing a crash.
    118. 

  118. 		 */
    119. 

  119. 		if (pw->pw_passwd[-1] || pw->pw_gecos[-1] || pw->pw_dir[-1]
    120. 

  120. 		|| pw->pw_shell[passwdbuf[PWSHELLLEN]-1]) {
    121. 

  121. 			rv = EIO;
    122. 

  122. 			goto cleanup_f;
    123. 

  123. 		}
    124. 

  124. 

  125. 		if (name && strcmp(name, pw->pw_name)
    126. 

  126. 		|| !name && uid != pw->pw_uid) {
    127. 

  127. 			rv = EIO;
    128. 

  128. 			goto cleanup_f;
    129. 

  129. 		}
    130. 

  130. 

  131. 

  132. 		*res = pw;
    133. 

  133. cleanup_f:
    134. 

  134. 		fclose(f);
    135. 

  135. 		goto done;
    136. 

  136. 	}
    137. 

  137. 

  138. done:
    139. 

  139. 	pthread_setcancelstate(cs, 0);
    140. 

  140. 	if (rv) errno = rv;
    141. 

  141. 	return rv;
    142. 

  142. }
    143.