Commit Graph

24 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
83804ea074 The fallback flag in nsdispatch prevents the fallback implementation of
getgroupmembership() from invoking the correct backend in the compat case.
Replace it with a nesting depth counter so it only blocks one level (the
first is the group -> group_compat translation, the second is the actual
backend).  This is one of two bugs that break getgrouplist() in the compat
case, the second being that the backend's own getgroupmembership() method
is ignored.  Unfortunately, that is not easily fixable without a redesign
of our nss implementation (which is also needed to implement the +@group
syntax in /etc/passwd).

PR:		190055
MFC after:	1 week
2014-11-25 09:47:15 +00:00
Mark Johnston
f53b045631 Eliminate conf_lock and instead rely on the NSS write lock to protect
NSS configuration state.

As a side effect, this fixes a race condition which can occur if multiple
threads call nsdispatch(3) concurrently before nsswitch.conf has been
parsed. Previously, the thread holding conf_lock could cause other threads
to return from nss_configure() before nsswitch.conf had been parsed, forcing
them to fall back to the default sources for their NSS methods.

Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D994
MFC after:		1 month
Sponsored by:		EMC / Isilon Storage Division
2014-10-24 20:29:14 +00:00
Jilles Tjoelker
a93705b06e libc: Make various internal file descriptors from fopen() close-on-exec. 2013-08-23 13:59:47 +00:00
Ed Maste
9eafd63574 Remove clause 3 and 4 from TNF licenses
Per the NetBSD Foundation statement
  Third parties are encouraged to change the license on any files which
  have a 4-clause license contributed to the NetBSD Foundation to a
  2-clause license.
2013-05-29 01:54:10 +00:00
Colin Percival
3e65b9c6e6 Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by:    so (cperciva)
Approved by:    re (bz)
Security:       FreeBSD-SA-11:06.bind
Security:       FreeBSD-SA-11:07.chroot
Security:       FreeBSD-SA-11:08.telnetd
Security:       FreeBSD-SA-11:09.pam_ssh
Security:       FreeBSD-SA-11:10.pam
2011-12-23 15:00:37 +00:00
Hajimu UMEMOTO
f700faa590 Clear errno for each method dispatch.
Spotted by:	Kostik Belousov <kostikbel__at__gmail.com>
MFC after:	2 weeks
2010-10-04 15:28:01 +00:00
Zachary Loafman
6d72217368 Fix an issue when nss fallback routines are used in a multithreaded application.
Reviewed by:        bushman
Approved by:        dfr (mentor)
2009-05-27 17:01:59 +00:00
John Baldwin
ab9306707a Include libc_private.h for the declaration of __isthreaded instead of
relying on namespace pollution in stdio.h.

MFC after:	3 days
2008-05-02 14:51:22 +00:00
Michael Bushkov
36736e35e8 Moved logging out of the nss_method_lookup() in order not to
flood logs with failed fallback method lookup attempts.
2007-12-17 16:12:57 +00:00
Michael Bushkov
a59d6a8724 Implementing 'fallback' nsswitch source. 'fallback' source is used
when particular function can't be found in nsswitch-module. For
example, getgrouplist(3) will use module-supplied 'getgroupmembership'
function (which can work in an optimal way for such source as LDAP) and
will fall back to the stanard iterate-through-all-groups implementation
otherwise.

PR:		ports/114655
Submitted by:	Michael Hanselmann <freebsd AT hansmi DOT ch>
Reviewed by:	brooks (mentor)
2007-12-12 10:08:03 +00:00
Jonathan Chen
7a800a56f7 fix memory leak from reading nsswitch.conf
MFC after:	1 week
2007-05-17 03:33:23 +00:00
Hajimu UMEMOTO
06a99fe36f - Extend the nsswitch to support Services, Protocols and Rpc
databases.
- Make nsswitch support caching.

Submitted by:	Michael Bushkov <bushman__at__rsu.ru>
Sponsored by:	Google Summer of Code 2005
2006-04-28 12:03:38 +00:00
Jacques Vidrine
8074e24dce The previous commit changed the behavior of nsdispatch() in the
case where an /etc/nsswitch.conf file was present, but could not
be opened (e.g. due to permissions).  Previously, the open failure
condition was suppressed, and the built-in defaults were used.  In
revision 1.11, however, propagated the open failure causing all
nsdispatch() invocations to return NS_UNAVAIL, and thus many APIs
including getpwnam and gethostbyname unconditionally failed.

This commit restores the previous behavior.

Pointy hat:	nectar  (+1 for obstinance; ache had to use clue bat)
Reported by:	ache
2004-04-01 19:12:45 +00:00
Jacques Vidrine
a03fd3b656 When a dynamic NSS module is built and linked against a thread
library, it may pull in that thread library at run time.  If the
process started out single-threaded, this could cause attempts to
release locks that do not exist.  Guard against this possibility by
checking __isthreaded before invoking thread primitives.

A similar problem remains if the process is linked against one thread
library, but the NSS module is linked against another.  This can only
be avoided by careful design of the NSS module.

Submitted by:	Sean McNeil <sean@mcneil.com> (mostly; bugs are mine)
2004-03-30 15:56:15 +00:00
Dag-Erling Smørgrav
4705e3da6a Make this compile with -O2. A proper fix would use a struct to represent
vectors, instead of requiring the caller to keep track of element size
and count and pass them in by reference.
2004-03-15 08:14:35 +00:00
Dag-Erling Smørgrav
2fb05f85d5 Whitespace nits. 2004-03-15 08:03:10 +00:00
Jacques Vidrine
43f9b2521d Don't complain about missing NSS methods when built statically. It is
annoying and not very useful.

Sponsored by:	DARPA, Network Associates Laboratories
2003-04-24 19:57:31 +00:00
Jacques Vidrine
46d9306383 = Implement name service switch modules (NSS modules). NSS modules
may be built into libc (`static NSS modules') or dynamically loaded
  via dlopen (`dynamic NSS modules').  Modules are loaded/initialized
  at configuration time (i.e.  when nsdispatch is called and nsswitch.conf
  is read or re-read).

= Make the nsdispatch(3) core thread-safe.

= New status code for nsdispatch(3) `NS_RETURN', currently used to
  signal ERANGE-type issues.

= syslog(3) problems, don't warn/err/abort.

= Try harder to avoid namespace pollution.

= Implement some shims to assist in porting NSS modules written for
  the GNU C Library nsswitch interface.

Sponsored by:	DARPA, Network Associates Laboratories
2003-04-17 14:14:22 +00:00
Jacques Vidrine
2bbd7cf820 Eliminate 19 warnings in libc (at level WARNS=2) of the
`implicit declaration of function' variety.
2003-02-27 13:40:01 +00:00
Alfred Perlstein
a82bbc730e Assume __STDC__, remove non-__STDC__ code.
Submitted by: keramida
2002-05-28 17:03:12 +00:00
David E. O'Brien
333fc21e3c Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.
2002-03-22 21:53:29 +00:00
David E. O'Brien
c05ac53b8b Remove __P() usage. 2002-03-21 22:49:10 +00:00
Bruce Evans
ac8e56a7f9 Fixed namespace pollution related to `err' in libc in the same way as for
`warn'.  Now a whole 2 members of the err() family don't cause pollution.

This fixes world breakage in awk for NOSHARED worlds. contrib/awk/msg.c
has had its own version of err() for a long time, but this somehow
didn't cause problems until the update to awk-3.1.0.
2001-11-11 02:48:09 +00:00
Jacques Vidrine
248aee623c Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.

= Hesiod has been added to libc (see hesiod(3)).

= A library routine for parsing nsswitch.conf and invoking callback
  functions as specified has been added to libc (see nsdispatch(3)).

= The following C library functions have been modified to use nsdispatch:
    . getgrent, getgrnam, getgrgid
    . getpwent, getpwnam, getpwuid
    . getusershell
    . getaddrinfo
    . gethostbyname, gethostbyname2, gethostbyaddr
    . getnetbyname, getnetbyaddr
    . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr

= host.conf has been removed from src/etc.  rc.network has been modified
  to warn that host.conf is no longer used at boot time.  In addition, if
  there is a host.conf but no nsswitch.conf, the latter is created at boot
  time from the former.

Obtained from:	NetBSD
2000-09-06 18:16:48 +00:00