2 * Copyright (c) 1996, 1998-2005, 2007-2008
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Sponsored in part by the Defense Advanced Research Projects
18 * Agency (DARPA) and Air Force Research Laboratory, Air Force
19 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
24 #include <sys/types.h>
26 #include <sys/param.h>
35 #endif /* STDC_HEADERS */
37 # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
42 # ifdef HAVE_STRINGS_H
45 #endif /* HAVE_STRING_H */
48 #endif /* HAVE_UNISTD_H */
56 __unused static const char rcsid[] = "$Sudo: pwutil.c,v 1.21 2008/11/09 14:13:12 millert Exp $";
60 extern void (*my_setgrent) __P((void));
61 extern void (*my_endgrent) __P((void));
62 extern struct group *(*my_getgrnam) __P((const char *));
63 extern struct group *(*my_getgrgid) __P((gid_t));
64 #define setgrent() my_setgrent()
65 #define endgrent() my_endgrent()
66 #define getgrnam(n) my_getgrnam(n)
67 #define getgrgid(g) my_getgrgid(g)
69 extern void (*my_setpwent) __P((void));
70 extern void (*my_endpwent) __P((void));
71 extern struct passwd *(*my_getpwnam) __P((const char *));
72 extern struct passwd *(*my_getpwuid) __P((uid_t));
73 #define setpwent() my_setpwent()
74 #define endpwent() my_endpwent()
75 #define getpwnam(n) my_getpwnam(n)
76 #define getpwuid(u) my_getpwuid(u)
80 * The passwd and group caches.
82 static struct rbtree *pwcache_byuid, *pwcache_byname;
83 static struct rbtree *grcache_bygid, *grcache_byname;
85 static int cmp_pwuid __P((const void *, const void *));
86 static int cmp_pwnam __P((const void *, const void *));
87 static int cmp_grgid __P((const void *, const void *));
88 static int cmp_grnam __P((const void *, const void *));
98 const struct passwd *pw1 = (const struct passwd *) v1;
99 const struct passwd *pw2 = (const struct passwd *) v2;
100 return(pw1->pw_uid - pw2->pw_uid);
104 * Compare by user name.
111 const struct passwd *pw1 = (const struct passwd *) v1;
112 const struct passwd *pw2 = (const struct passwd *) v2;
113 return(strcmp(pw1->pw_name, pw2->pw_name));
116 #define FIELD_SIZE(src, name, size) \
119 size = strlen(src->name) + 1; \
124 #define FIELD_COPY(src, dst, name, size) \
127 memcpy(cp, src->name, size); \
134 * Dynamically allocate space for a struct password and the constituent parts
135 * that we care about. Fills in pw_passwd from shadow file.
137 static struct passwd *
139 const struct passwd *pw;
142 const char *pw_shell;
143 size_t nsize, psize, csize, gsize, dsize, ssize, total;
144 struct passwd *newpw;
146 /* If shell field is empty, expand to _PATH_BSHELL. */
147 pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
148 ? _PATH_BSHELL : pw->pw_shell;
150 /* Allocate in one big chunk for easy freeing. */
151 nsize = psize = csize = gsize = dsize = ssize = 0;
152 total = sizeof(struct passwd);
153 FIELD_SIZE(pw, pw_name, nsize);
154 FIELD_SIZE(pw, pw_passwd, psize);
155 #ifdef HAVE_LOGIN_CAP_H
156 FIELD_SIZE(pw, pw_class, csize);
158 FIELD_SIZE(pw, pw_gecos, gsize);
159 FIELD_SIZE(pw, pw_dir, dsize);
160 FIELD_SIZE(pw, pw_shell, ssize);
162 if ((cp = malloc(total)) == NULL)
164 newpw = (struct passwd *) cp;
167 * Copy in passwd contents and make strings relative to space
168 * at the end of the buffer.
170 memcpy(newpw, pw, sizeof(struct passwd));
171 cp += sizeof(struct passwd);
172 FIELD_COPY(pw, newpw, pw_name, nsize);
173 FIELD_COPY(pw, newpw, pw_passwd, psize);
174 #ifdef HAVE_LOGIN_CAP_H
175 FIELD_COPY(pw, newpw, pw_class, csize);
177 FIELD_COPY(pw, newpw, pw_gecos, gsize);
178 FIELD_COPY(pw, newpw, pw_dir, dsize);
179 FIELD_COPY(pw, newpw, pw_shell, ssize);
185 * Get a password entry by uid and allocate space for it.
186 * Fills in pw_passwd from shadow file if necessary.
192 struct passwd key, *pw;
197 if ((node = rbfind(pwcache_byuid, &key)) != NULL) {
198 pw = (struct passwd *) node->data;
199 return(pw->pw_name != NULL ? pw : NULL);
202 * Cache passwd db entry if it exists or a negative response if not.
204 if ((pw = getpwuid(uid)) != NULL) {
206 cp = sudo_getepw(pw); /* get shadow password */
207 if (pw->pw_passwd != NULL)
208 zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
211 if (rbinsert(pwcache_byname, (void *) pw) != NULL)
212 errorx(1, "unable to cache user name, already exists");
213 if (rbinsert(pwcache_byuid, (void *) pw) != NULL)
214 errorx(1, "unable to cache uid, already exists");
217 pw = emalloc(sizeof(*pw));
218 zero_bytes(pw, sizeof(*pw));
220 if (rbinsert(pwcache_byuid, (void *) pw) != NULL)
221 errorx(1, "unable to cache uid, already exists");
227 * Get a password entry by name and allocate space for it.
228 * Fills in pw_passwd from shadow file if necessary.
234 struct passwd key, *pw;
239 key.pw_name = (char *) name;
240 if ((node = rbfind(pwcache_byname, &key)) != NULL) {
241 pw = (struct passwd *) node->data;
242 return(pw->pw_uid != (uid_t) -1 ? pw : NULL);
245 * Cache passwd db entry if it exists or a negative response if not.
247 if ((pw = getpwnam(name)) != NULL) {
249 cp = sudo_getepw(pw); /* get shadow password */
250 if (pw->pw_passwd != NULL)
251 zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
254 if (rbinsert(pwcache_byname, (void *) pw) != NULL)
255 errorx(1, "unable to cache user name, already exists");
256 if (rbinsert(pwcache_byuid, (void *) pw) != NULL)
257 errorx(1, "unable to cache uid, already exists");
260 len = strlen(name) + 1;
261 cp = emalloc(sizeof(*pw) + len);
262 zero_bytes(cp, sizeof(*pw));
263 pw = (struct passwd *) cp;
265 memcpy(cp, name, len);
267 pw->pw_uid = (uid_t) -1;
268 if (rbinsert(pwcache_byname, (void *) pw) != NULL)
269 errorx(1, "unable to cache user name, already exists");
275 * Take a uid in string form "#123" and return a faked up passwd struct.
278 sudo_fakepwnam(user, gid)
287 pw = emalloc(sizeof(struct passwd) + len + 1 /* pw_name */ +
288 sizeof("*") /* pw_passwd */ + sizeof("") /* pw_gecos */ +
289 sizeof("/") /* pw_dir */ + sizeof(_PATH_BSHELL));
290 zero_bytes(pw, sizeof(struct passwd));
291 pw->pw_uid = (uid_t) atoi(user + 1);
293 pw->pw_name = (char *)pw + sizeof(struct passwd);
294 memcpy(pw->pw_name, user, len + 1);
295 pw->pw_passwd = pw->pw_name + len + 1;
296 memcpy(pw->pw_passwd, "*", 2);
297 pw->pw_gecos = pw->pw_passwd + 2;
298 pw->pw_gecos[0] = '\0';
299 pw->pw_dir = pw->pw_gecos + 1;
300 memcpy(pw->pw_dir, "/", 2);
301 pw->pw_shell = pw->pw_dir + 2;
302 memcpy(pw->pw_shell, _PATH_BSHELL, sizeof(_PATH_BSHELL));
304 /* Store by uid and by name, overwriting cached version. */
305 if ((node = rbinsert(pwcache_byuid, pw)) != NULL) {
307 node->data = (void *) pw;
309 if ((node = rbinsert(pwcache_byname, pw)) != NULL) {
311 node->data = (void *) pw;
317 * Take a gid in string form "#123" and return a faked up group struct.
320 sudo_fakegrnam(group)
328 gr = emalloc(sizeof(struct group) + len + 1);
329 zero_bytes(gr, sizeof(struct group));
330 gr->gr_gid = (gid_t) atoi(group + 1);
331 gr->gr_name = (char *)gr + sizeof(struct group);
332 strlcpy(gr->gr_name, group, len + 1);
334 /* Store by gid and by name, overwriting cached version. */
335 if ((node = rbinsert(grcache_bygid, gr)) != NULL) {
337 node->data = (void *) gr;
339 if ((node = rbinsert(grcache_byname, gr)) != NULL) {
341 node->data = (void *) gr;
351 if (pwcache_byuid == NULL)
352 pwcache_byuid = rbcreate(cmp_pwuid);
353 if (pwcache_byname == NULL)
354 pwcache_byname = rbcreate(cmp_pwnam);
358 static void pw_free __P((void *));
363 if (pwcache_byuid != NULL) {
364 rbdestroy(pwcache_byuid, pw_free);
365 pwcache_byuid = NULL;
367 if (pwcache_byname != NULL) {
368 rbdestroy(pwcache_byname, NULL);
369 pwcache_byname = NULL;
377 struct passwd *pw = (struct passwd *) v;
379 if (pw->pw_passwd != NULL) {
380 zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
381 efree(pw->pw_passwd);
405 const struct group *grp1 = (const struct group *) v1;
406 const struct group *grp2 = (const struct group *) v2;
407 return(grp1->gr_gid - grp2->gr_gid);
411 * Compare by group name.
418 const struct group *grp1 = (const struct group *) v1;
419 const struct group *grp2 = (const struct group *) v2;
420 return(strcmp(grp1->gr_name, grp2->gr_name));
425 const struct group *gr;
428 size_t nsize, psize, nmem, total, len;
431 /* Allocate in one big chunk for easy freeing. */
432 nsize = psize = nmem = 0;
433 total = sizeof(struct group);
434 FIELD_SIZE(gr, gr_name, nsize);
435 FIELD_SIZE(gr, gr_passwd, psize);
437 for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++)
438 total += strlen(gr->gr_mem[nmem]) + 1;
440 total += sizeof(char *) * nmem;
442 if ((cp = malloc(total)) == NULL)
444 newgr = (struct group *)cp;
447 * Copy in group contents and make strings relative to space
448 * at the end of the buffer. Note that gr_mem must come
449 * immediately after struct group to guarantee proper alignment.
451 (void)memcpy(newgr, gr, sizeof(struct group));
452 cp += sizeof(struct group);
454 newgr->gr_mem = (char **)cp;
455 cp += sizeof(char *) * nmem;
456 for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) {
457 len = strlen(gr->gr_mem[nmem]) + 1;
458 memcpy(cp, gr->gr_mem[nmem], len);
459 newgr->gr_mem[nmem] = cp;
462 newgr->gr_mem[nmem] = NULL;
464 FIELD_COPY(gr, newgr, gr_passwd, psize);
465 FIELD_COPY(gr, newgr, gr_name, nsize);
471 * Get a group entry by gid and allocate space for it.
477 struct group key, *gr;
481 if ((node = rbfind(grcache_bygid, &key)) != NULL) {
482 gr = (struct group *) node->data;
483 return(gr->gr_name != NULL ? gr : NULL);
486 * Cache group db entry if it exists or a negative response if not.
488 if ((gr = getgrgid(gid)) != NULL) {
490 if (rbinsert(grcache_byname, (void *) gr) != NULL)
491 errorx(1, "unable to cache group name, already exists");
492 if (rbinsert(grcache_bygid, (void *) gr) != NULL)
493 errorx(1, "unable to cache gid, already exists");
496 gr = emalloc(sizeof(*gr));
497 zero_bytes(gr, sizeof(*gr));
499 if (rbinsert(grcache_bygid, (void *) gr) != NULL)
500 errorx(1, "unable to cache gid, already exists");
506 * Get a group entry by name and allocate space for it.
512 struct group key, *gr;
517 key.gr_name = (char *) name;
518 if ((node = rbfind(grcache_byname, &key)) != NULL) {
519 gr = (struct group *) node->data;
520 return(gr->gr_gid != (gid_t) -1 ? gr : NULL);
523 * Cache group db entry if it exists or a negative response if not.
525 if ((gr = getgrnam(name)) != NULL) {
527 if (rbinsert(grcache_byname, (void *) gr) != NULL)
528 errorx(1, "unable to cache group name, already exists");
529 if (rbinsert(grcache_bygid, (void *) gr) != NULL)
530 errorx(1, "unable to cache gid, already exists");
533 len = strlen(name) + 1;
534 cp = emalloc(sizeof(*gr) + len);
535 zero_bytes(cp, sizeof(*gr));
536 gr = (struct group *) cp;
538 memcpy(cp, name, len);
540 gr->gr_gid = (gid_t) -1;
541 if (rbinsert(grcache_byname, (void *) gr) != NULL)
542 errorx(1, "unable to cache group name, already exists");
551 if (grcache_bygid == NULL)
552 grcache_bygid = rbcreate(cmp_grgid);
553 if (grcache_byname == NULL)
554 grcache_byname = rbcreate(cmp_grnam);
561 if (grcache_bygid != NULL) {
562 rbdestroy(grcache_bygid, free);
563 grcache_bygid = NULL;
565 if (grcache_byname != NULL) {
566 rbdestroy(grcache_byname, NULL);
567 grcache_byname = NULL;