diff options
| author | DJ Delorie <dj@redhat.com> | 2021-02-15 21:34:23 -0500 |
|---|---|---|
| committer | DJ Delorie <dj@redhat.com> | 2021-03-09 14:34:50 -0500 |
| commit | 9b456c5da968ee832ea4b2b73a18a5bf6d2118a6 (patch) | |
| tree | e0f9e838dd5862499207e16cf6e8b3d15d49d374 | |
| parent | 24eb3be5db5befefe4bcf0f438bf6629a9c3a608 (diff) | |
| download | glibc-9b456c5da968ee832ea4b2b73a18a5bf6d2118a6.tar.xz glibc-9b456c5da968ee832ea4b2b73a18a5bf6d2118a6.zip | |
nss: fix nss_database_lookup2's alternate handling [BZ #27416]
__nss_database_lookup2's extra arguments were left unused in the
nsswitch reloading patch set; this broke compat (default config
ignored) and shadow files (secondary name ignored) which relies on
these fallbacks.
This patch adds in the previous behavior by correcting the
initialization of the database list to reflect the fallbacks. This
means that the nss_database_lookup2 interface no longer needs to be
passed the fallback info, so API and callers were adjusted.
Since all callers needed to be edited anyway, the calls were changed
from __nss_database_lookup2 to the faster __nss_database_get. This
was an intended optimization which was deferred during the initial
lookup changes to avoid touching so many files.
The test case verifies that compat targets work (passwd) and that the
default configuration works (group). Tested on x86-64.
32 files changed, 252 insertions, 105 deletions
diff --git a/nscd/aicache.c b/nscd/aicache.c index 1b4245ea53..737ace11cc 100644 --- a/nscd/aicache.c +++ b/nscd/aicache.c @@ -77,9 +77,7 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req, int rc4 = 0; int herrno = 0; - no_more = __nss_database_lookup2 ("hosts", NULL, - "dns [!UNAVAIL=return] files", - &nip); + no_more = !__nss_database_get (nss_database_hosts, &nip); /* Initialize configurations. */ struct resolv_context *ctx = __resolv_context_get (); diff --git a/nscd/initgrcache.c b/nscd/initgrcache.c index f7e326811f..62d7316f70 100644 --- a/nscd/initgrcache.c +++ b/nscd/initgrcache.c @@ -82,8 +82,7 @@ addinitgroupsX (struct database_dyn *db, int fd, request_header *req, int no_more; if (group_database == NULL) - no_more = __nss_database_lookup2 ("group", NULL, "files", - &group_database); + no_more = !__nss_database_get (nss_database_group, &group_database); else no_more = 0; nip = group_database; diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c index ad2daddafd..2f71bf2999 100644 --- a/nscd/netgroupcache.c +++ b/nscd/netgroupcache.c @@ -143,7 +143,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, *tofreep = NULL; if (netgroup_database == NULL - && __nss_database_lookup2 ("netgroup", NULL, NULL, &netgroup_database)) + && !__nss_database_get (nss_database_netgroup, &netgroup_database)) { /* No such service. */ cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, diff --git a/nss/Makefile b/nss/Makefile index 0906202db9..71fbe583bf 100644 --- a/nss/Makefile +++ b/nss/Makefile @@ -63,6 +63,7 @@ tests = test-netdb test-digits-dots tst-nss-getpwent bug17079 \ xtests = bug-erange tests-container = \ + tst-nss-compat1 \ tst-nss-test3 \ tst-nss-files-hosts-long \ tst-nss-db-endpwent \ diff --git a/nss/Versions b/nss/Versions index 71703750bf..fdddea104c 100644 --- a/nss/Versions +++ b/nss/Versions @@ -17,7 +17,7 @@ libc { __nss_passwd_lookup2; __nss_group_lookup2; __nss_hosts_lookup2; __nss_services_lookup2; __nss_next2; __nss_lookup; - __nss_hash; __nss_database_lookup2; + __nss_hash; __nss_database_get; __nss_files_fopen; __nss_readline; __nss_parse_line_result; } } diff --git a/nss/XXX-lookup.c b/nss/XXX-lookup.c index 48fc7b92fc..f1c97f7c8e 100644 --- a/nss/XXX-lookup.c +++ b/nss/XXX-lookup.c @@ -37,27 +37,20 @@ #define CONCAT3_1(Pre, Name, Post) CONCAT3_2 (Pre, Name, Post) #define CONCAT3_2(Pre, Name, Post) Pre##Name##Post +#define DATABASE_NAME_ID CONCAT2_1 (nss_database_, DATABASE_NAME) +#define CONCAT2_1(Pre, Name) CONCAT2_2 (Pre, Name) +#define CONCAT2_2(Pre, Name) Pre##Name + #define DATABASE_NAME_SYMBOL CONCAT3_1 (__nss_, DATABASE_NAME, _database) #define DATABASE_NAME_STRING STRINGIFY1 (DATABASE_NAME) #define STRINGIFY1(Name) STRINGIFY2 (Name) #define STRINGIFY2(Name) #Name -#ifdef ALTERNATE_NAME -#define ALTERNATE_NAME_STRING STRINGIFY1 (ALTERNATE_NAME) -#else -#define ALTERNATE_NAME_STRING NULL -#endif - -#ifndef DEFAULT_CONFIG -#define DEFAULT_CONFIG NULL -#endif - int DB_LOOKUP_FCT (nss_action_list *ni, const char *fct_name, const char *fct2_name, void **fctp) { - if (__nss_database_lookup2 (DATABASE_NAME_STRING, ALTERNATE_NAME_STRING, - DEFAULT_CONFIG, &DATABASE_NAME_SYMBOL) < 0) + if (! __nss_database_get (DATABASE_NAME_ID, &DATABASE_NAME_SYMBOL)) return -1; *ni = DATABASE_NAME_SYMBOL; diff --git a/nss/databases.def b/nss/databases.def index df5fab4168..3dc95648a8 100644 --- a/nss/databases.def +++ b/nss/databases.def @@ -23,17 +23,20 @@ DEFINE_DATABASE (aliases) DEFINE_DATABASE (ethers) DEFINE_DATABASE (group) +DEFINE_DATABASE (group_compat) DEFINE_DATABASE (gshadow) DEFINE_DATABASE (hosts) DEFINE_DATABASE (initgroups) DEFINE_DATABASE (netgroup) DEFINE_DATABASE (networks) DEFINE_DATABASE (passwd) +DEFINE_DATABASE (passwd_compat) DEFINE_DATABASE (protocols) DEFINE_DATABASE (publickey) DEFINE_DATABASE (rpc) DEFINE_DATABASE (services) DEFINE_DATABASE (shadow) +DEFINE_DATABASE (shadow_compat) /* Local Variables: diff --git a/nss/grp-lookup.c b/nss/grp-lookup.c index 7099544be5..034fa2ab7f 100644 --- a/nss/grp-lookup.c +++ b/nss/grp-lookup.c @@ -19,6 +19,5 @@ #include <config.h> #define DATABASE_NAME group -#define DEFAULT_CONFIG "files" #include "XXX-lookup.c" diff --git a/nss/hosts-lookup.c b/nss/hosts-lookup.c index c96b60ed66..1acafd01cd 100644 --- a/nss/hosts-lookup.c +++ b/nss/hosts-lookup.c @@ -17,6 +17,5 @@ <https://www.gnu.org/licenses/>. */ #define DATABASE_NAME hosts -#define DEFAULT_CONFIG "dns [!UNAVAIL=return] files" #include "XXX-lookup.c" diff --git a/nss/key-lookup.c b/nss/key-lookup.c index 60d803ded5..aa267d36f9 100644 --- a/nss/key-lookup.c +++ b/nss/key-lookup.c @@ -17,6 +17,5 @@ <https://www.gnu.org/licenses/>. */ #define DATABASE_NAME publickey -#define DEFAULT_CONFIG "nis nisplus" #include "XXX-lookup.c" diff --git a/nss/network-lookup.c b/nss/network-lookup.c index 8c1eeb3c84..eed4dc3d0f 100644 --- a/nss/network-lookup.c +++ b/nss/network-lookup.c @@ -17,6 +17,5 @@ <https://www.gnu.org/licenses/>. */ #define DATABASE_NAME networks -#define DEFAULT_CONFIG "dns [!UNAVAIL=return] files" #include "XXX-lookup.c" diff --git a/nss/nss_compat/compat-grp.c b/nss/nss_compat/compat-grp.c index eb4c68d5d4..aaf35e75b4 100644 --- a/nss/nss_compat/compat-grp.c +++ b/nss/nss_compat/compat-grp.c @@ -81,7 +81,7 @@ static bool in_blacklist (const char *, int, ent_t *); static void init_nss_interface (void) { - if (__nss_database_lookup2 ("group_compat", NULL, "nis", &ni) >= 0) + if (__nss_database_get (nss_database_group_compat, &ni)) { setgrent_impl = __nss_lookup_function (ni, "setgrent"); getgrnam_r_impl = __nss_lookup_function (ni, "getgrnam_r"); diff --git a/nss/nss_compat/compat-initgroups.c b/nss/nss_compat/compat-initgroups.c index cfd36b64b8..c3b065c931 100644 --- a/nss/nss_compat/compat-initgroups.c +++ b/nss/nss_compat/compat-initgroups.c @@ -91,7 +91,7 @@ init_nss_interface (void) /* Retest. */ if (ni == NULL - && __nss_database_lookup2 ("group_compat", NULL, "nis", &ni) >= 0) + && __nss_database_get (nss_database_group_compat, &ni)) { initgroups_dyn_impl = __nss_lookup_function (ni, "initgroups_dyn"); getgrnam_r_impl = __nss_lookup_function (ni, "getgrnam_r"); diff --git a/nss/nss_compat/compat-pwd.c b/nss/nss_compat/compat-pwd.c index f536754559..64d708ff63 100644 --- a/nss/nss_compat/compat-pwd.c +++ b/nss/nss_compat/compat-pwd.c @@ -91,7 +91,7 @@ static bool in_blacklist (const char *, int, ent_t *); static void init_nss_interface (void) { - if (__nss_database_lookup2 ("passwd_compat", NULL, "nis", &ni) >= 0) + if (__nss_database_get (nss_database_passwd_compat, &ni)) { setpwent_impl = __nss_lookup_function (ni, "setpwent"); getpwnam_r_impl = __nss_lookup_function (ni, "getpwnam_r"); diff --git a/nss/nss_compat/compat-spwd.c b/nss/nss_compat/compat-spwd.c index 5c91f9572a..b548dfbee1 100644 --- a/nss/nss_compat/compat-spwd.c +++ b/nss/nss_compat/compat-spwd.c @@ -88,8 +88,7 @@ static bool in_blacklist (const char *, int, ent_t *); static void init_nss_interface (void) { - if (__nss_database_lookup2 ("shadow_compat", "passwd_compat", - "nis", &ni) >= 0) + if (__nss_database_get (nss_database_shadow_compat, &ni)) { setspent_impl = __nss_lookup_function (ni, "setspent"); getspnam_r_impl = __nss_lookup_function (ni, "getspnam_r"); diff --git a/nss/nss_database.c b/nss/nss_database.c index fb72d0cc03..1e11294406 100644 --- a/nss/nss_database.c +++ b/nss/nss_database.c @@ -93,13 +93,16 @@ enum nss_database_default static const char per_database_defaults[NSS_DATABASE_COUNT] = { [nss_database_group] = nss_database_default_compat, + [nss_database_group_compat] = nss_database_default_nis, [nss_database_gshadow] = nss_database_default_files, [nss_database_hosts] = nss_database_default_dns, [nss_database_initgroups] = nss_database_default_none, [nss_database_networks] = nss_database_default_dns, [nss_database_passwd] = nss_database_default_compat, + [nss_database_passwd_compat] = nss_database_default_nis, [nss_database_publickey] = nss_database_default_nis_nisplus, [nss_database_shadow] = nss_database_default_compat, + [nss_database_shadow_compat] = nss_database_default_nis, }; struct nss_database_default_cache @@ -166,13 +169,12 @@ nss_database_select_default (struct nss_database_default_cache *cache, assert (errno == ENOMEM); return false; } - else - return true; + return true; } /* database_name must be large enough for each individual name plus a null terminator. */ -typedef char database_name[11]; +typedef char database_name[14]; #define DEFINE_DATABASE(name) \ _Static_assert (sizeof (#name) <= sizeof (database_name), #name); #include "databases.def" @@ -323,14 +325,43 @@ nss_database_reload (struct nss_database_data *staging, /* No other threads have access to fp. */ __fsetlocking (fp, FSETLOCKING_BYCALLER); + /* We start with all of *staging pointing to NULL. */ + bool ok = true; if (fp != NULL) ok = nss_database_reload_1 (staging, fp); + /* Now we have non-NULL entries where the user explictly listed the + service in nsswitch.conf. */ + /* Apply defaults. */ if (ok) { struct nss_database_default_cache cache = { }; + + /* These three default to other services if the user listed the + other service. */ + + /* "shadow_compat" defaults to "passwd_compat" if only the + latter is given. */ + if (staging->services[nss_database_shadow_compat] == NULL) + staging->services[nss_database_shadow_compat] = + staging->services[nss_database_passwd_compat]; + + /* "shadow" defaults to "passwd" if only the latter is + given. */ + if (staging->services[nss_database_shadow] == NULL) + staging->services[nss_database_shadow] = + staging->services[nss_database_passwd]; + + /* "gshadow" defaults to "group" if only the latter is + given. */ + if (staging->services[nss_database_gshadow] == NULL) + staging->services[nss_database_gshadow] = + staging->services[nss_database_group]; + + /* For anything still unspecified, load the default configs. */ + for (int i = 0; i < NSS_DATABASE_COUNT; ++i) if (staging->services[i] == NULL) { @@ -440,6 +471,7 @@ __nss_database_get (enum nss_database db, nss_action_list *actions) struct nss_database_state *local = nss_database_state_get (); return nss_database_check_reload_and_get (local, actions, db); } +libc_hidden_def (__nss_database_get) nss_action_list __nss_database_get_noreload (enum nss_database db) diff --git a/nss/nss_database.h b/nss/nss_database.h index 1f827e6def..d4b23b5295 100644 --- a/nss/nss_database.h +++ b/nss/nss_database.h @@ -52,12 +52,11 @@ enum nss_database NSS_DATABASE_COUNT }; - /* Looks up the action list for DB and stores it in *ACTIONS. Returns true on success or false on failure. Success can mean that *ACTIONS is NULL. */ -bool __nss_database_get (enum nss_database db, nss_action_list *actions) - attribute_hidden; +bool __nss_database_get (enum nss_database db, nss_action_list *actions); +libc_hidden_proto (__nss_database_get) /* Like __nss_database_get, but does not reload /etc/nsswitch.conf from disk. This assumes that there has been a previous successful diff --git a/nss/nss_module.c b/nss/nss_module.c index 6c5f341f3e..60c070c851 100644 --- a/nss/nss_module.c +++ b/nss/nss_module.c @@ -31,14 +31,6 @@ #include <stdlib.h> #include <string.h> -#ifdef LINK_OBSOLETE_NSL -# define DEFAULT_CONFIG "compat [NOTFOUND=return] files" -# define DEFAULT_DEFCONFIG "nis [NOTFOUND=return] files" -#else -# define DEFAULT_CONFIG "files" -# define DEFAULT_DEFCONFIG "files" -#endif - /* Suffix after .so of NSS service modules. This is a bit of magic, but we assume LIBNSS_FILES_SO looks like "libnss_files.so.2" and we want a pointer to the ".2" part. We have no API to extract this @@ -292,11 +284,11 @@ __nss_module_get_function (struct nss_module *module, const char *name) #if defined SHARED && defined USE_NSCD /* Load all libraries for the service. */ static void -nss_load_all_libraries (const char *service, const char *def) +nss_load_all_libraries (enum nss_database service) { nss_action_list ni = NULL; - if (__nss_database_lookup2 (service, NULL, def, &ni) == 0) + if (__nss_database_get (service, &ni)) while (ni->module != NULL) { __nss_module_load (ni->module); @@ -323,10 +315,10 @@ __nss_disable_nscd (void (*cb) (size_t, struct traced_file *)) is_nscd = true; /* Find all the relevant modules so that the init functions are called. */ - nss_load_all_libraries ("passwd", DEFAULT_CONFIG); - nss_load_all_libraries ("group", DEFAULT_CONFIG); - nss_load_all_libraries ("hosts", "dns [!UNAVAIL=return] files"); - nss_load_all_libraries ("services", NULL); + nss_load_all_libraries (nss_database_passwd); + nss_load_all_libraries (nss_database_group); + nss_load_all_libraries (nss_database_hosts); + nss_load_all_libraries (nss_database_services); /* Make sure NSCD purges its cache if nsswitch.conf changes. */ init_traced_file (&pwd_traced_file.file, _PATH_NSSWITCH_CONF, 0); diff --git a/nss/nss_test.h b/nss/nss_test.h index f8b81c27a7..db3d617585 100644 --- a/nss/nss_test.h +++ b/nss/nss_test.h @@ -33,11 +33,13 @@ #include <pwd.h> #include <grp.h> +#include <shadow.h> #include <netdb.h> typedef struct test_tables { struct passwd *pwd_table; struct group *grp_table; + struct spwd *spwd_table; struct hostent *host_table; } test_tables; @@ -46,10 +48,12 @@ extern void _nss_test2_init_hook (test_tables *) __attribute__((weak)); #define PWD_LAST() { .pw_name = NULL, .pw_uid = 0 } #define GRP_LAST() { .gr_name = NULL, .gr_gid = 0 } +#define SPWD_LAST() { .sp_namp = NULL, .sp_pwdp = NULL } #define HOST_LAST() { .h_name = NULL, .h_aliases = NULL, .h_length = 0, .h_addr_list = NULL } #define PWD_ISLAST(p) ((p)->pw_name == NULL && (p)->pw_uid == 0)</ |