src/passwd/getspnam_r.c

50276Speter#include <fcntl.h>
174993Srafan#include <unistd.h>
50276Speter#include <sys/stat.h>
50276Speter#include <ctype.h>
50276Speter#include <pthread.h>
50276Speter#include "pwf.h"
50276Speter
50276Speter/* This implementation support Openwall-style TCB passwords in place of
50276Speter * traditional shadow, if the appropriate directories and files exist.
50276Speter * Thus, it is careful to avoid following symlinks or blocking on fifos
50276Speter * which a malicious user might create in place of his or her TCB shadow
50276Speter * file. It also avoids any allocation to prevent memory-exhaustion
50276Speter * attacks via huge TCB shadow files. */
50276Speter
50276Speterstatic long xatol(char **s)
50276Speter{
50276Speter	long x;
50276Speter	if (**s == ':' || **s == '\n') return -1;
50276Speter	for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
50276Speter	return x;
50276Speter}
50276Speter
50276Speterint __parsespent(char *s, struct spwd *sp)
50276Speter{
50276Speter	sp->sp_namp = s;
50276Speter	if (!(s = strchr(s, ':'))) return -1;
50276Speter	*s = 0;
50276Speter
50276Speter	sp->sp_pwdp = ++s;
174993Srafan	if (!(s = strchr(s, ':'))) return -1;
50276Speter	*s = 0;
50276Speter
50276Speter	s++; sp->sp_lstchg = xatol(&s);
50276Speter	if (*s != ':') return -1;
166124Srafan
50276Speter	s++; sp->sp_min = xatol(&s);
50276Speter	if (*s != ':') return -1;
50276Speter
50276Speter	s++; sp->sp_max = xatol(&s);
50276Speter	if (*s != ':') return -1;
50276Speter
50276Speter	s++; sp->sp_warn = xatol(&s);
174993Srafan	if (*s != ':') return -1;
50276Speter
50276Speter	s++; sp->sp_inact = xatol(&s);
50276Speter	if (*s != ':') return -1;
50276Speter
50276Speter	s++; sp->sp_expire = xatol(&s);
76726Speter	if (*s != ':') return -1;
62449Speter
50276Speter	s++; sp->sp_flag = xatol(&s);
62449Speter	if (*s != '\n') return -1;
166124Srafan	return 0;
50276Speter}
166124Srafan
50276Speterstatic void cleanup(void *p)
174993Srafan{
174993Srafan	fclose(p);
174993Srafan}
174993Srafan
166124Srafanint getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
50276Speter{
62449Speter	char path[20+NAME_MAX];
174993Srafan	FILE *f = 0;
174993Srafan	int rv = 0;
50276Speter	int fd;
174993Srafan	size_t k, l = strlen(name);
174993Srafan	int skip = 0;
62449Speter	int cs;
62449Speter
62449Speter	*res = 0;
50276Speter
62449Speter	/* Disallow potentially-malicious user names */
62449Speter	if (*name=='.' || strchr(name, '/') || !l)
97049Speter		return EINVAL;
97049Speter
62449Speter	/* Buffer size must at least be able to hold name, plus some.. */
62449Speter	if (size < l+100) return ERANGE;
62449Speter
62449Speter	/* Protect against truncation */
50276Speter	if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
62449Speter		return EINVAL;
174993Srafan
174993Srafan	fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
62449Speter	if (fd >= 0) {
50276Speter		struct stat st = { 0 };
62449Speter		errno = EINVAL;
174993Srafan		if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
174993Srafan			pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
174993Srafan			close(fd);
174993Srafan			pthread_setcancelstate(cs, 0);
174993Srafan			return errno;
174993Srafan		}
50276Speter	} else {
166124Srafan		f = fopen("/etc/shadow", "rbe");
174993Srafan		if (!f) return errno;
166124Srafan	}
174993Srafan
174993Srafan	pthread_cleanup_push(cleanup, f);
174993Srafan	while (fgets(buf, size, f) && (k=strlen(buf))>0) {
166124Srafan		if (skip || strncmp(name, buf, l) || buf[l]!=':') {
166124Srafan			skip = buf[k-1] != '\n';
166124Srafan			continue;
166124Srafan		}
50276Speter		if (buf[k-1] != '\n') {
62449Speter			rv = ERANGE;
50276Speter			break;
166124Srafan		}
174993Srafan
174993Srafan		if (__parsespent(buf, sp) < 0) continue;
174993Srafan		*res = sp;
174993Srafan		break;
174993Srafan	}
174993Srafan	pthread_cleanup_pop(1);
50276Speter	return rv;
62449Speter}
50276Speter