nss_mc_group.c revision e61044d99ce1e68057fda236f04a731f1f3f299a
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * System Security Services Daemon. NSS client interface
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * Copyright (C) Simo Sorce 2011
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * This program is free software; you can redistribute it and/or modify
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * it under the terms of the GNU Lesser General Public License as
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * published by the Free Software Foundation; either version 2.1 of the
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * License, or (at your option) any later version.
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * This program is distributed in the hope that it will be useful,
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * but WITHOUT ANY WARRANTY; without even the implied warranty of
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce * GNU Lesser General Public License for more details.
287e76479d68db4134274d4a4fca5fe0fbc9a605Jan Cholasta * You should have received a copy of the GNU Lesser General Public License
287e76479d68db4134274d4a4fca5fe0fbc9a605Jan Cholasta * along with this program. If not, see <http://www.gnu.org/licenses/>.
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce/* GROUP database NSS interface using mmap cache */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorcestruct sss_cli_mc_ctx gr_mc_ctx = { false, -1, 0, NULL, 0, NULL, 0, NULL, 0 };
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorcestatic errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec,
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* additional checks before filling result*/
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* entry is now invalid */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* fill in glibc provided structs */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* copy in buffer */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* fill in group */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce ret = sss_nss_str_ptr_from_buffer(&result->gr_name, &cookie,
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce ret = sss_nss_str_ptr_from_buffer(&result->gr_passwd, &cookie,
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce ret = sss_nss_str_ptr_from_buffer(&result->gr_mem[i], &cookie,
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorceerrno_t sss_nss_mc_getgrnam(const char *name, size_t name_len,
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek /* Get max address of data table. */
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek max_addr = gr_mc_ctx.data_table + gr_mc_ctx.dt_size;
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* hashes are calculated including the NULL terminator */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce hash = sss_nss_mc_hash(&gr_mc_ctx, name, name_len + 1);
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek /* If slot is not within the bounds of mmaped region and
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek * it's value is not MC_INVALID_VAL, then the cache is
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek * probbably corrupted. */
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek while (slot < MC_SIZE_TO_SLOTS(gr_mc_ctx.dt_size)) {
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce ret = sss_nss_mc_get_record(&gr_mc_ctx, slot, &rec);
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* check record matches what we are searching for */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* if name hash does not match we can skip this immediately */
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek strs_offset = offsetof(struct sss_mc_grp_data, strs);
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek /* Integrity check
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek * - name_len cannot be longer than all strings
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek * - data->name cannot point outside strings
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek * - all strings must be within data_table */
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek || (data->name + name_len) > (strs_offset + data->strs_len)
8a5931bcc8e9034e4beb92fc9addf3f7fcf83fd6Michal Zidek || (uint8_t *)data->strs + data->strs_len > max_addr) {
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek if (slot >= MC_SIZE_TO_SLOTS(gr_mc_ctx.dt_size)) {
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce ret = sss_nss_mc_parse_result(rec, result, buffer, buflen);
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* hashes are calculated including the NULL terminator */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce hash = sss_nss_mc_hash(&gr_mc_ctx, gidstr, len+1);
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek /* If slot is not within the bounds of mmaped region and
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek * it's value is not MC_INVALID_VAL, then the cache is
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek * probbably corrupted. */
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek while (slot < MC_SIZE_TO_SLOTS(gr_mc_ctx.dt_size)) {
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce ret = sss_nss_mc_get_record(&gr_mc_ctx, slot, &rec);
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* check record matches what we are searching for */
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce /* if uid hash does not match we can skip this immediately */
e61044d99ce1e68057fda236f04a731f1f3f299aMichal Zidek if (slot >= MC_SIZE_TO_SLOTS(gr_mc_ctx.dt_size)) {