diff options
| author | Baban Kenkre <Baban.Kenkre@Sun.COM> | 2008-11-07 12:09:53 -0800 |
|---|---|---|
| committer | Baban Kenkre <Baban.Kenkre@Sun.COM> | 2008-11-07 12:09:53 -0800 |
| commit | 2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1f (patch) | |
| tree | b9f0bc817d950cefb1af4653dad8de547a17e061 /usr/src/lib/nsswitch/compat/common/getgrent.c | |
| parent | 0a2b1d27cac02f57e17b310f8baeb1dda082c83a (diff) | |
| download | illumos-joyent-2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1f.tar.gz | |
PSARC/2008/441 Active Directory name service module (nss_ad)
6722476 name service switch module for AD (nss_ad) needed
Diffstat (limited to 'usr/src/lib/nsswitch/compat/common/getgrent.c')
| -rw-r--r-- | usr/src/lib/nsswitch/compat/common/getgrent.c | 53 |
1 files changed, 49 insertions, 4 deletions
diff --git a/usr/src/lib/nsswitch/compat/common/getgrent.c b/usr/src/lib/nsswitch/compat/common/getgrent.c index 0457392e59..6f9c81b1e0 100644 --- a/usr/src/lib/nsswitch/compat/common/getgrent.c +++ b/usr/src/lib/nsswitch/compat/common/getgrent.c @@ -21,7 +21,7 @@ /* * getgrent.c * - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * lib/nsswitch/compat/getgrent.c -- name-service-switch backend for getgrnam() @@ -43,8 +43,6 @@ * - People who recursively specify "compat" deserve what they get. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <grp.h> #include <stdlib.h> #include <unistd.h> /* for GF_PATH */ @@ -62,6 +60,51 @@ _nss_initf_group_compat(p) p->default_config = NSS_DEFCONF_GROUP_COMPAT; } +/* + * Validates group entry replacing gid > MAXUID by GID_NOBODY. + */ +int +validate_group_ids(char *line, int *linelenp, int buflen, int extra_chars) +{ + char *linep, *limit, *gidp; + ulong_t gid; + int oldgidlen, idlen; + int linelen = *linelenp, newlinelen; + + if (linelen == 0 || *line == '+' || *line == '-') + return (NSS_STR_PARSE_SUCCESS); + + linep = line; + limit = line + linelen; + + while (linep < limit && *linep++ != ':') /* skip groupname */ + continue; + while (linep < limit && *linep++ != ':') /* skip password */ + continue; + if (linep == limit) + return (NSS_STR_PARSE_PARSE); + + gidp = linep; + gid = strtoul(gidp, (char **)&linep, 10); /* grab gid */ + oldgidlen = linep - gidp; + if (linep >= limit || oldgidlen == 0) + return (NSS_STR_PARSE_PARSE); + + if (gid <= MAXUID) + return (NSS_STR_PARSE_SUCCESS); + + idlen = snprintf(NULL, 0, "%u", GID_NOBODY); + newlinelen = linelen + idlen - oldgidlen; + if (newlinelen + extra_chars > buflen) + return (NSS_STR_PARSE_ERANGE); + + (void) bcopy(linep, gidp + idlen, limit - linep + extra_chars); + (void) snprintf(gidp, idlen + 1, "%u", GID_NOBODY); + *(gidp + idlen) = ':'; + *linelenp = newlinelen; + return (NSS_STR_PARSE_SUCCESS); +} + static const char * get_grname(argp) nss_XbyY_args_t *argp; @@ -107,6 +150,8 @@ getbygid(be, a) { nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; + if (argp->key.gid > MAXUID) + return (NSS_NOTFOUND); return (_nss_compat_XY_all(be, argp, check_grgid, NSS_DBOP_GROUP_BYGID)); } @@ -211,7 +256,7 @@ merge_grents(be, argp, fields) /* Really "out of memory", but PARSE_PARSE will have to do */ } s = buf; - (void) snprintf(s, NSS_LINELEN_GROUP, "%s:%s:%d:", + (void) snprintf(s, NSS_LINELEN_GROUP, "%s:%s:%u:", g->gr_name, fields[1] != 0 ? fields[1] : g->gr_passwd, g->gr_gid); |