summaryrefslogtreecommitdiff
path: root/nss/nss_files
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright dates with scripts/update-copyrights.Joseph Myers2019-01-0117-17/+17
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* nss_files: Fix file stream leak in aliases lookup [BZ #23521]Florian Weimer2018-08-141-0/+9
| | | | | In order to get a clean test case, it was necessary to fix partially fixed bug 23522 as well.
* nss_files: Fix re-reading of long lines [BZ #18991]Florian Weimer2018-07-061-71/+50
| | | | | Use the new __libc_readline_unlocked function to pick up reading at the same line in case the buffer needs to be enlarged.
* nss_files: Use struct scratch_buffer instead of extend_alloca [BZ #18023]Florian Weimer2018-06-251-22/+10
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2018-01-0117-17/+17
| | | | | | | * All files with FSF copyright notices: Update copyright dates using scripts/update-copyrights. * locale/programs/charmap-kw.h: Regenerated. * locale/programs/locfile-kw.h: Likewise.
* nss_files: Avoid large buffers with many host addresses [BZ #22078]Florian Weimer2017-10-111-96/+129
| | | | | The previous implementation had at least a quadratic space requirement in the number of host addresses and aliases.
* nss_files: Use struct scratch_buffer for gethostbyname [BZ #18023]Florian Weimer2017-10-111-156/+138
|
* nss_files: Refactor gethostbyname3 multi case into separate functionFlorian Weimer2017-10-101-193/+202
| | | | This is in preparation of further cleanup work.
* Assume that O_CLOEXEC is always defined and worksFlorian Weimer2017-04-183-93/+0
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2017-01-0118-18/+18
|
* resolv: Deprecate the "inet6" option and RES_USE_INET6 [BZ #19582]Florian Weimer2016-12-311-5/+5
|
* Update copyright dates with scripts/update-copyrights.Joseph Myers2016-01-0418-18/+18
|
* Move bits/libc-lock.h and bits/libc-lockP.h out of bits/ (bug 14912).Joseph Myers2015-09-082-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was noted in <https://sourceware.org/ml/libc-alpha/2012-09/msg00305.html> that the bits/*.h naming scheme should only be used for installed headers. This patch renames bits/libc-lock.h to plain libc-lock.h and bits/libc-lockP.h to plain libc-lockP.h to follow that convention. Note that I don't know where libc-lockP.h comes from for Hurd (the Hurd libc-lock.h includes libc-lockP.h, but the only libc-lockP.h in the glibc source tree is for NPTL) - some unmerged patch? - but I updated the #include in the Hurd libc-lock.h anyway. Tested for x86_64 (testsuite, and that installed stripped shared libraries are unchanged by the patch). [BZ #14912] * bits/libc-lock.h: Move to ... * sysdeps/generic/libc-lock.h: ...here. (_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H. * sysdeps/mach/hurd/bits/libc-lock.h: Move to ... * sysdeps/mach/hurd/libc-lock.h: ...here. (_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H. [_LIBC]: Include <libc-lockP.h> instead of <bits/libc-lockP.h>. * sysdeps/mach/bits/libc-lock.h: Move to ... * sysdeps/mach/libc-lock.h: ...here. (_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H. * sysdeps/nptl/bits/libc-lock.h: Move to ... * sysdeps/nptl/libc-lock.h: ...here. (_BITS_LIBC_LOCK_H): Rename macro to _LIBC_LOCK_H. * sysdeps/nptl/bits/libc-lockP.h: Move to ... * sysdeps/nptl/libc-lockP.h: ...here. (_BITS_LIBC_LOCKP_H): Rename macro to _LIBC_LOCKP_H. * crypt/crypt_util.c: Include <libc-lock.h> instead of <bits/libc-lock.h>. * dirent/scandir-tail.c: Likewise. * dlfcn/dlerror.c: Likewise. * elf/dl-close.c: Likewise. * elf/dl-iteratephdr.c: Likewise. * elf/dl-lookup.c: Likewise. * elf/dl-open.c: Likewise. * elf/dl-support.c: Likewise. * elf/dl-writev.h: Likewise. * elf/rtld.c: Likewise. * grp/fgetgrent.c: Likewise. * gshadow/fgetsgent.c: Likewise. * gshadow/sgetsgent.c: Likewise. * iconv/gconv_conf.c: Likewise. * iconv/gconv_db.c: Likewise. * iconv/gconv_dl.c: Likewise. * iconv/gconv_int.h: Likewise. * iconv/gconv_trans.c: Likewise. * include/link.h: Likewise. * inet/getnameinfo.c: Likewise. * inet/getnetgrent.c: Likewise. * inet/getnetgrent_r.c: Likewise. * intl/bindtextdom.c: Likewise. * intl/dcigettext.c: Likewise. * intl/finddomain.c: Likewise. * intl/gettextP.h: Likewise. * intl/loadmsgcat.c: Likewise. * intl/localealias.c: Likewise. * intl/textdomain.c: Likewise. * libidn/idn-stub.c: Likewise. * libio/libioP.h: Likewise. * locale/duplocale.c: Likewise. * locale/freelocale.c: Likewise. * locale/newlocale.c: Likewise. * locale/setlocale.c: Likewise. * login/getutent_r.c: Likewise. * login/getutid_r.c: Likewise. * login/getutline_r.c: Likewise. * login/utmp-private.h: Likewise. * login/utmpname.c: Likewise. * malloc/mtrace.c: Likewise. * misc/efgcvt.c: Likewise. * misc/error.c: Likewise. * misc/fstab.c: Likewise. * misc/getpass.c: Likewise. * misc/mntent.c: Likewise. * misc/syslog.c: Likewise. * nis/nis_call.c: Likewise. * nis/nis_callback.c: Likewise. * nis/nss-default.c: Likewise. * nis/nss_compat/compat-grp.c: Likewise. * nis/nss_compat/compat-initgroups.c: Likewise. * nis/nss_compat/compat-pwd.c: Likewise. * nis/nss_compat/compat-spwd.c: Likewise. * nis/nss_nis/nis-alias.c: Likewise. * nis/nss_nis/nis-ethers.c: Likewise. * nis/nss_nis/nis-grp.c: Likewise. * nis/nss_nis/nis-hosts.c: Likewise. * nis/nss_nis/nis-network.c: Likewise. * nis/nss_nis/nis-proto.c: Likewise. * nis/nss_nis/nis-pwd.c: Likewise. * nis/nss_nis/nis-rpc.c: Likewise. * nis/nss_nis/nis-service.c: Likewise. * nis/nss_nis/nis-spwd.c: Likewise. * nis/nss_nisplus/nisplus-alias.c: Likewise. * nis/nss_nisplus/nisplus-ethers.c: Likewise. * nis/nss_nisplus/nisplus-grp.c: Likewise. * nis/nss_nisplus/nisplus-hosts.c: Likewise. * nis/nss_nisplus/nisplus-initgroups.c: Likewise. * nis/nss_nisplus/nisplus-network.c: Likewise. * nis/nss_nisplus/nisplus-proto.c: Likewise. * nis/nss_nisplus/nisplus-pwd.c: Likewise. * nis/nss_nisplus/nisplus-rpc.c: Likewise. * nis/nss_nisplus/nisplus-service.c: Likewise. * nis/nss_nisplus/nisplus-spwd.c: Likewise. * nis/ypclnt.c: Likewise. * nptl/libc_pthread_init.c: Likewise. * nss/getXXbyYY.c: Likewise. * nss/getXXent.c: Likewise. * nss/getXXent_r.c: Likewise. * nss/nss_db/db-XXX.c: Likewise. * nss/nss_db/db-netgrp.c: Likewise. * nss/nss_db/nss_db.h: Likewise. * nss/nss_files/files-XXX.c: Likewise. * nss/nss_files/files-alias.c: Likewise. * nss/nsswitch.c: Likewise. * posix/regex_internal.h: Likewise. * posix/wordexp.c: Likewise. * pwd/fgetpwent.c: Likewise. * resolv/res_hconf.c: Likewise. * resolv/res_libc.c: Likewise. * shadow/fgetspent.c: Likewise. * shadow/lckpwdf.c: Likewise. * shadow/sgetspent.c: Likewise. * socket/opensock.c: Likewise. * stdio-common/reg-modifier.c: Likewise. * stdio-common/reg-printf.c: Likewise. * stdio-common/reg-type.c: Likewise. * stdio-common/vfprintf.c: Likewise. * stdio-common/vfscanf.c: Likewise. * stdlib/abort.c: Likewise. * stdlib/cxa_atexit.c: Likewise. * stdlib/fmtmsg.c: Likewise. * stdlib/random.c: Likewise. * stdlib/setenv.c: Likewise. * string/strsignal.c: Likewise. * sunrpc/auth_none.c: Likewise. * sunrpc/bindrsvprt.c: Likewise. * sunrpc/create_xid.c: Likewise. * sunrpc/key_call.c: Likewise. * sunrpc/rpc_thread.c: Likewise. * sysdeps/arm/backtrace.c: Likewise. * sysdeps/generic/ldsodefs.h: Likewise. * sysdeps/generic/stdio-lock.h: Likewise. * sysdeps/generic/unwind-dw2-fde.c: Likewise. * sysdeps/i386/backtrace.c: Likewise. * sysdeps/ieee754/ldbl-opt/nldbl-compat.c: Likewise. * sysdeps/m68k/backtrace.c: Likewise. * sysdeps/mach/hurd/cthreads.c: Likewise. * sysdeps/mach/hurd/dirstream.h: Likewise. * sysdeps/mach/hurd/malloc-machine.h: Likewise. * sysdeps/nptl/malloc-machine.h: Likewise. * sysdeps/nptl/stdio-lock.h: Likewise. * sysdeps/posix/dirstream.h: Likewise. * sysdeps/posix/getaddrinfo.c: Likewise. * sysdeps/posix/system.c: Likewise. * sysdeps/pthread/aio_suspend.c: Likewise. * sysdeps/s390/s390-32/backtrace.c: Likewise. * sysdeps/s390/s390-64/backtrace.c: Likewise. * sysdeps/unix/sysv/linux/check_pf.c: Likewise. * sysdeps/unix/sysv/linux/if_index.c: Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/getutent_r.c: Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/getutid_r.c: Likewise. * sysdeps/unix/sysv/linux/s390/s390-32/getutline_r.c: Likewise. * sysdeps/unix/sysv/linux/shm-directory.c: Likewise. * sysdeps/unix/sysv/linux/system.c: Likewise. * sysdeps/x86_64/backtrace.c: Likewise. * time/alt_digit.c: Likewise. * time/era.c: Likewise. * time/tzset.c: Likewise. * wcsmbs/wcsmbsload.c: Likewise. * nptl/tst-initializers1.c (do_test): Refer to <libc-lock.h> instead of <bits/libc-lock.h> in comment.
* Separate internal state between getXXent and getXXbyYY NSS calls (bug 18007)Andreas Schwab2015-05-113-167/+67
|
* CVE-2014-8121: Do not close NSS files database during iteration [BZ #18007]Florian Weimer2015-04-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Robin Hack discovered Samba would enter an infinite loop processing certain quota-related requests. We eventually tracked this down to a glibc issue. Running a (simplified) test case under strace shows that /etc/passwd is continuously opened and closed: … open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 lseek(3, 0, SEEK_CUR) = 0 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 lseek(3, 2717, SEEK_SET) = 2717 close(3) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 lseek(3, 0, SEEK_CUR) = 0 lseek(3, 0, SEEK_SET) = 0 read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2717 lseek(3, 2717, SEEK_SET) = 2717 close(3) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 lseek(3, 0, SEEK_CUR) = 0 … The lookup function implementation in nss/nss_files/files-XXX.c:DB_LOOKUP has code to prevent that. It is supposed skip closing the input file if it was already open. /* Reset file pointer to beginning or open file. */ \ status = internal_setent (keep_stream); \ \ if (status == NSS_STATUS_SUCCESS) \ { \ /* Tell getent function that we have repositioned the file pointer. */ \ last_use = getby; \ \ while ((status = internal_getent (result, buffer, buflen, errnop \ H_ERRNO_ARG EXTRA_ARGS_VALUE)) \ == NSS_STATUS_SUCCESS) \ { break_if_match } \ \ if (! keep_stream) \ internal_endent (); \ } \ keep_stream is initialized from the stayopen flag in internal_setent. internal_setent is called from the set*ent implementation as: status = internal_setent (stayopen); However, for non-host database, this flag is always 0, per the STAYOPEN magic in nss/getXXent_r.c. Thus, the fix is this: - status = internal_setent (stayopen); + status = internal_setent (1); This is not a behavioral change even for the hosts database (where the application can specify the stayopen flag) because with a call to sethostent(0), the file handle is still not closed in the implementation of gethostent.
* Enhance nscd's inotify support (Bug 14906).Carlos O'Donell2015-03-131-25/+21
| | | | | | | | | | | | | | | | | | | | | | In bug 14906 the user complains that the inotify support in nscd is not sufficient when it comes to detecting changes in the configurationfiles that should be watched for the various databases. The current nscd implementation uses inotify to watch for changes in the configuration files, but adds watches only for IN_DELETE_SELF and IN_MODIFY. These watches are insufficient to cover even the most basic uses by a system administrator. For example using emacs or vim to edit a configuration file should trigger a reload but it might not if the editors use move to atomically update the file. This atomic update changes the inode and thus removes the notification on the file (as inotify is based on inodes). Thus the inotify support in nscd for configuration files is insufficient to account for the average use cases of system administrators and users. The inotify support is significantly enhanced and described here: https://www.sourceware.org/ml/libc-alpha/2015-02/msg00504.html Tested on x86_64 with and without inotify support.
* Update copyright dates with scripts/update-copyrights.Joseph Myers2015-01-0218-18/+18
|
* Remove IS_IN_libcSiddhesh Poyarekar2014-11-241-1/+1
| | | | | | | | | Replace it with IS_IN (libc) and remove the one place that it is defined in. The generated code remains unchanged on x86_64. * include/shlib-compat.h [!NOT_IN_libc]: Remove. * nss/nss_files/files-parse.c (IS_IN_libc): Replace with IS_IN (libc).
* BZ#14498: fix infinite loop in nss_db_getservbynameAlexandre Oliva2014-11-211-2/+5
| | | | | | | | | | | | | | | | nss_db uses nss_files code for services, but a continue on protocol mismatch that doesn't affect nss_files skipped the code that advanced to the next db entry. Any one of these changes would suffice to fix it, but fixing both makes them both safer to reuse elsewhere. for ChangeLog [BZ #14498] * NEWS: Fixed. * nss/nss_db/db-XXX.c (_nss_db_get##name##_r): Update hidx after parsing line but before break_if_match. * nss/nss_files/files-service (DB_LOOKUP): Don't "continue;" if there is a protocol mismatch.
* Don't ignore too long lines in nss_files (BZ #17079)Andreas Schwab2014-06-231-1/+3
|
* Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878)Siddhesh Poyarekar2014-05-261-1/+1
| | | | | | | | | | | | The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer.
* Use glibc_likely instead __builtin_expect.Ondřej Bílka2014-02-101-1/+1
|
* Fix invalid memory access when parsing netgroup files with blank lines (BZ ↵Siddhesh Poyarekar2014-01-271-1/+2
| | | | | | | | | | | | | | | | | | | | | | #16506) The netgroups file parsing code tries to access the character before the newline in parsed lines to see if it is a backslash (\). This results in an access before the block allocated for the line if the line is blank, i.e. does not have anything other than the newline character. This doesn't seem like it will cause any crashes because the byte belongs to the malloc metadata block and hence access to it will always succeed. There could be an invalid alteration in code flow where a blank line is seen as a continuation due to the preceding byte *happening* to be '\\'. This could be done by interposing malloc, but that's not really a security problem since one could interpose getnetgrent_r itself and achieve a similar 'exploit'. The possibility of actually exploiting this is remote to impossible since it also requires the previous line to end with a '\\', which would happen only on invalid configurations.
* Update copyright notices with scripts/update-copyrightsAllan McRae2014-01-0118-18/+18
|
* Use herrnop directlySiddhesh Poyarekar2013-12-021-2/+2
| | | | | H_ERRNO_ARGS is unnecessary since we this file is specifically for hosts lookup.
* Get canonical name in getaddrinfo from hosts file for AF_INET (fixes 16077)Siddhesh Poyarekar2013-11-281-250/+257
| | | | | | | | AF_INET lookup in hosts file uses _nss_files_gethostbyname2_r, which is not capable of returning a canonical name if it has found one. This change adds _nss_files_gethostbyname3_r, which wraps around _nss_files_gethostbyname2_r and then returns result.h_name as the canonical name.
* Fix reads for sizes larger than INT_MAX in AF_INET lookupSiddhesh Poyarekar2013-10-301-8/+51
| | | | | | | | | | | | | | | Currently for AF_INET lookups from the hosts file, buffer sizes larger than INT_MAX silently overflow and may result in access beyond bounds of a buffer. This happens when the number of results in an AF_INET lookup in /etc/hosts are very large. There are two aspects to the problem. One problem is that the size computed from the buffer size is stored into an int, which results in overflow for large sizes. Additionally, even if this size was expanded, the function used to read content into the buffer (fgets) accepts only int sizes. As a result, the fix is to have a function wrap around fgets that calls it multiple times with int sizes if necessary.
* Use proper #include for xdecrypt declarations.Roland McGrath2013-08-261-3/+1
|
* Fix leading whitespaces.Ondrej Bilka2013-06-061-1/+1
|
* Add #include <stdint.h> for uint[32|64]_t usage (except installed headers).Ryan S. Arnold2013-05-162-0/+2
|
* Remove non-standard initialisation of flexible array memberAndreas Schwab2013-04-231-1/+8
| | | | This avoids GCC bug 28865.
* Update copyright notices with scripts/update-copyrights.Joseph Myers2013-01-0218-19/+18
|
* BZ#13696: Add --disable-nscd configure option.Roland McGrath2012-08-221-1/+5
|
* Fix lots of bitrot for stub configurations.Roland McGrath2012-07-301-1/+3
|
* Replace FSF snail mail address with URLs.Paul Eggert2012-02-0918-54/+36
|
* Clean up internal fopen usesUlrich Drepper2011-11-155-7/+7
| | | | No need to ever not use c and e.
* Fix buffer allocation in files initgroups handlerAndreas Schwab2011-11-071-1/+1
|
* Implement caching of nscdUlrich Drepper2011-10-071-0/+3
|
* Optimize libnss_files initializationUlrich Drepper2011-09-281-35/+18
|
* Correctly reparse group line after enlarging the bufferAndreas Schwab2011-09-271-4/+8
|
* More optimizations of nss_filesUlrich Drepper2011-08-202-7/+5
|
* Minor optimizatin in alias lookup in files NSS moduleUlrich Drepper2011-08-201-3/+3
|
* Generalize framework to register monitoring of files in nscdUlrich Drepper2011-07-111-0/+72
| | | | | | | | nscd can clear caches when certain files change. The list of files was hardcoded so far and worked for nss_files and nss_dns and those modules which need no monitoring. nss_db, for instance, has its own set of files to monitor. Now the NSS modules themselves can request that certain files are monitored.
* Reenable nss_db with a completely new implementationUlrich Drepper2011-06-1511-33/+34
| | | | | | No longer is Berkeley db used. Instead a simple hash function is used. The database files are not updated once they are created and therefore no complicated database is needed.
* Report if no record is found by initgroups in nss_files.Ulrich Drepper2011-05-061-1/+3
|
* Fix reallocation bug in last nss_files change.Ulrich Drepper2011-04-211-1/+2
|
* Fix little issue with last change.Ulrich Drepper2011-04-191-2/+4
|
* Define initgroups callback for nss_files.Ulrich Drepper2011-04-191-0/+132
|
* Handle long lines in host lookups in the right place.Ulrich Drepper2011-01-131-6/+55
|
* Add self-contained test for NSS.Ulrich Drepper2010-08-111-3/+3
| | | | | While at it fix interaction between __nss_configure_lookup and nscd. Otherwise the test fails if nscd is runnung.