summaryrefslogtreecommitdiff
blob: 983237d93a8ad654fc08178fd02ebb2ff9aaf2bd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
/* Group merging implementation.
   Copyright (C) 2016-2021 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */

#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <grp.h>
#include <grp-merge.h>

#define BUFCHECK(size)			\
  ({					\
    do					\
      {					\
	if (c + (size) > buflen)	\
          {				\
	    free (members);		\
	    return ERANGE;		\
	  }				\
      }					\
    while (0);				\
  })

int
__copy_grp (const struct group srcgrp, const size_t buflen,
	    struct group *destgrp, char *destbuf, char **endptr)
{
  size_t i;
  size_t c = 0;
  size_t len;
  size_t memcount;
  char **members = NULL;

  /* Copy the GID.  */
  destgrp->gr_gid = srcgrp.gr_gid;

  /* Copy the name.  */
  len = strlen (srcgrp.gr_name) + 1;
  BUFCHECK (len);
  memcpy (&destbuf[c], srcgrp.gr_name, len);
  destgrp->gr_name = &destbuf[c];
  c += len;

  /* Copy the password.  */
  len = strlen (srcgrp.gr_passwd) + 1;
  BUFCHECK (len);
  memcpy (&destbuf[c], srcgrp.gr_passwd, len);
  destgrp->gr_passwd = &destbuf[c];
  c += len;

  /* Count all of the members.  */
  for (memcount = 0; srcgrp.gr_mem[memcount]; memcount++)
    ;

  /* Allocate a temporary holding area for the pointers to the member
     contents, including space for a NULL-terminator.  */
  members = malloc (sizeof (char *) * (memcount + 1));
  if (members == NULL)
    return ENOMEM;

  /* Copy all of the group members to destbuf and add a pointer to each of
     them into the 'members' array.  */
  for (i = 0; srcgrp.gr_mem[i]; i++)
    {
      len = strlen (srcgrp.gr_mem[i]) + 1;
      BUFCHECK (len);
      memcpy (&destbuf[c], srcgrp.gr_mem[i], len);
      members[i] = &destbuf[c];
      c += len;
    }
  members[i] = NULL;

  /* Align for pointers.  We can't simply align C because we need to
     align destbuf[c].  */
  if ((((uintptr_t)destbuf + c) & (__alignof__(char **) - 1)) != 0)
    {
      uintptr_t mis_align = ((uintptr_t)destbuf + c) & (__alignof__(char **) - 1);
      c += __alignof__(char **) - mis_align;
    }

  /* Copy the pointers from the members array into the buffer and assign them
     to the gr_mem member of destgrp.  */
  destgrp->gr_mem = (char **) &destbuf[c];
  len = sizeof (char *) * (memcount + 1);
  BUFCHECK (len);
  memcpy (&destbuf[c], members, len);
  c += len;
  free (members);
  members = NULL;

  /* Save the count of members at the end.  */
  BUFCHECK (sizeof (size_t));
  memcpy (&destbuf[c], &memcount, sizeof (size_t));
  c += sizeof (size_t);

  if (endptr)
    *endptr = destbuf + c;
  return 0;
}
libc_hidden_def (__copy_grp)

/* Check that the name, GID and passwd fields match, then
   copy in the gr_mem array.  */
int
__merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
	     size_t buflen, struct group *mergegrp, char *mergebuf)
{
  size_t c, i, len;
  size_t savedmemcount;
  size_t memcount;
  size_t membersize;
  char **members = NULL;

  /* We only support merging members of groups with identical names and
     GID values. If we hit this case, we need to overwrite the current
     buffer with the saved one (which is functionally equivalent to
     treating the new lookup as NSS_STATUS_NOTFOUND).  */
  if (mergegrp->gr_gid != savedgrp->gr_gid
      || strcmp (mergegrp->gr_name, savedgrp->gr_name))
    return __copy_grp (*savedgrp, buflen, mergegrp, mergebuf, NULL);

  /* Get the count of group members from the last sizeof (size_t) bytes in the
     mergegrp buffer.  */
  savedmemcount = *(size_t *) (savedend - sizeof (size_t));

  /* Get the count of new members to add.  */
  for (memcount = 0; mergegrp->gr_mem[memcount]; memcount++)
    ;

  /* Create a temporary array to hold the pointers to the member values from
     both the saved and merge groups.  */
  membersize = savedmemcount + memcount + 1;
  members = malloc (sizeof (char *) * membersize);
  if (members == NULL)
    return ENOMEM;

  /* Copy in the existing member pointers from the saved group
     Note: this is not NULL-terminated yet.  */
  memcpy (members, savedgrp->gr_mem, sizeof (char *) * savedmemcount);

  /* Back up into the savedbuf until we get back to the NULL-terminator of the
     group member list. (This means walking back savedmemcount + 1 (char *) pointers
     and the member count value.
     The value of c is going to be the used length of the buffer backed up by
     the member count and further backed up by the size of the pointers.  */
  c = savedend - savedbuf
      - sizeof (size_t)
      - sizeof (char *) * (savedmemcount + 1);

  /* Add all the new group members, overwriting the old NULL-terminator while
     adding the new pointers to the temporary array.  */
  for (i = 0; mergegrp->gr_mem[i]; i++)
    {
      len = strlen (mergegrp->gr_mem[i]) + 1;
      BUFCHECK (len);
      memcpy (&savedbuf[c], mergegrp->gr_mem[i], len);
      members[savedmemcount + i] = &savedbuf[c];
      c += len;
    }
  /* Add the NULL-terminator.  */
  members[savedmemcount + memcount] = NULL;

  /* Align for pointers.  We can't simply align C because we need to
     align savedbuf[c].  */
  if ((((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1)) != 0)
    {
      uintptr_t mis_align = ((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1);
      c += __alignof__(char **) - mis_align;
    }

  /* Copy the member array back into the buffer after the member list and free
     the member array.  */
  savedgrp->gr_mem = (char **) &savedbuf[c];
  len = sizeof (char *) * membersize;
  BUFCHECK (len);
  memcpy (&savedbuf[c], members, len);
  c += len;

  free (members);
  members = NULL;

  /* Finally, copy the results back into mergebuf, since that's the buffer
     that we were provided by the caller.  */
  return __copy_grp (*savedgrp, buflen, mergegrp, mergebuf, NULL);
}
libc_hidden_def (__merge_grp)