/* passwd.cc: getpwnam () and friends Copyright 1996, 1997, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc. This file is part of Cygwin. This software is a copyrighted work licensed under the terms of the Cygwin license. Please consult the file "CYGWIN_LICENSE" for details. */ #include "winsup.h" #include #include #include #include "cygerrno.h" #include "security.h" #include "path.h" #include "fhandler.h" #include "dtable.h" #include "pinfo.h" #include "cygheap.h" #include "shared_info.h" #include "miscfuncs.h" #include "ldap.h" #include "tls_pbuf.h" /* Parse /etc/passwd line into passwd structure. */ bool pwdgrp::parse_passwd () { pg_pwd &res = passwd ()[curr_lines]; res.p.pw_name = next_str (':'); res.p.pw_passwd = next_str (':'); if (!next_num (res.p.pw_uid)) return false; if (!next_num (res.p.pw_gid)) return false; res.p.pw_comment = NULL; res.p.pw_gecos = next_str (':'); res.p.pw_dir = next_str (':'); res.p.pw_shell = next_str (':'); res.sid.getfrompw (&res.p); return true; } void pwdgrp::init_pwd () { pwdgrp_buf_elem_size = sizeof (pg_pwd); parse = &pwdgrp::parse_passwd; } pwdgrp * pwdgrp::prep_tls_pwbuf () { if (!_my_tls.locals.pwbuf) { _my_tls.locals.pwbuf = ccalloc_abort (HEAP_BUF, 1, sizeof (pwdgrp) + sizeof (pg_pwd)); pwdgrp *pw = (pwdgrp *) _my_tls.locals.pwbuf; pw->init_pwd (); pw->pwdgrp_buf = (void *) (pw + 1); pw->max_lines = 1; } pwdgrp *pw = (pwdgrp *) _my_tls.locals.pwbuf; if (pw->curr_lines) { cfree (pw->passwd ()[0].p.pw_name); pw->curr_lines = 0; } return pw; } struct passwd * pwdgrp::find_user (cygpsid &sid) { for (ULONG i = 0; i < curr_lines; i++) if (sid == passwd ()[i].sid) return &passwd ()[i].p; return NULL; } struct passwd * pwdgrp::find_user (const char *name) { for (ULONG i = 0; i < curr_lines; i++) /* on Windows NT user names are case-insensitive */ if (strcasematch (name, passwd ()[i].p.pw_name)) return &passwd ()[i].p; return NULL; } struct passwd * pwdgrp::find_user (uid_t uid) { for (ULONG i = 0; i < curr_lines; i++) if (uid == passwd ()[i].p.pw_uid) return &passwd ()[i].p; return NULL; } struct passwd * internal_getpwsid (cygpsid &sid) { struct passwd *ret; cygheap->pg.nss_init (); if (cygheap->pg.nss_pwd_files ()) { cygheap->pg.pwd_cache.file.check_file (false); if ((ret = cygheap->pg.pwd_cache.file.find_user (sid))) return ret; if ((ret = cygheap->pg.pwd_cache.file.add_user_from_file (sid))) return ret; } if (cygheap->pg.nss_pwd_db ()) { if ((ret = cygheap->pg.pwd_cache.win.find_user (sid))) return ret; return cygheap->pg.pwd_cache.win.add_user_from_windows (sid); } return NULL; } struct passwd * internal_getpwnam (const char *name) { struct passwd *ret; cygheap->pg.nss_init (); if (cygheap->pg.nss_pwd_files ()) { cygheap->pg.pwd_cache.file.check_file (false); if ((ret = cygheap->pg.pwd_cache.file.find_user (name))) return ret; if ((ret = cygheap->pg.pwd_cache.file.add_user_from_file (name))) return ret; } if (cygheap->pg.nss_pwd_db ()) { if ((ret = cygheap->pg.pwd_cache.win.find_user (name))) return ret; return cygheap->pg.pwd_cache.win.add_user_from_windows (name); } return NULL; } struct passwd * internal_getpwuid (uid_t uid) { struct passwd *ret; cygheap->pg.nss_init (); if (cygheap->pg.nss_pwd_files ()) { cygheap->pg.pwd_cache.file.check_file (false); if ((ret = cygheap->pg.pwd_cache.file.find_user (uid))) return ret; if ((ret = cygheap->pg.pwd_cache.file.add_user_from_file (uid))) return ret; } if (cygheap->pg.nss_pwd_db ()) { if ((ret = cygheap->pg.pwd_cache.win.find_user (uid))) return ret; return cygheap->pg.pwd_cache.win.add_user_from_windows (uid); } else if (uid == ILLEGAL_UID) return cygheap->pg.pwd_cache.win.add_user_from_windows (uid); return NULL; } extern "C" struct passwd * getpwuid32 (uid_t uid) { struct passwd *temppw = internal_getpwuid (uid); pthread_testcancel (); return temppw; } #ifdef __x86_64__ EXPORT_ALIAS (getpwuid32, getpwuid) #else extern "C" struct passwd * getpwuid (__uid16_t uid) { return getpwuid32 (uid16touid32 (uid)); } #endif extern "C" int getpwuid_r32 (uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) { *result = NULL; if (!pwd || !buffer) return ERANGE; struct passwd *temppw = internal_getpwuid (uid); pthread_testcancel (); if (!temppw) return 0; /* check needed buffer size. */ size_t needsize = strlen (temppw->pw_name) + strlen (temppw->pw_passwd) + strlen (temppw->pw_gecos) + strlen (temppw->pw_dir) + strlen (temppw->pw_shell) + 5; if (needsize > bufsize) return ERANGE; /* make a copy of temppw */ *result = pwd; pwd->pw_uid = temppw->pw_uid; pwd->pw_gid = temppw->pw_gid; buffer = stpcpy (pwd->pw_name = buffer, temppw->pw_name); buffer = stpcpy (pwd->pw_passwd = buffer + 1, temppw->pw_passwd); buffer = stpcpy (pwd->pw_gecos = buffer + 1, temppw->pw_gecos); buffer = stpcpy (pwd->pw_dir = buffer + 1, temppw->pw_dir); stpcpy (pwd->pw_shell = buffer + 1, temppw->pw_shell); pwd->pw_comment = NULL; return 0; } #ifdef __x86_64__ EXPORT_ALIAS (getpwuid_r32, getpwuid_r) #else extern "C" int getpwuid_r (__uid16_t uid, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) { return getpwuid_r32 (uid16touid32 (uid), pwd, buffer, bufsize, result); } #endif extern "C" struct passwd * getpwnam (const char *name) { struct passwd *temppw = internal_getpwnam (name); pthread_testcancel (); return temppw; } /* the max size buffer we can expect to * use is returned via sysconf with _SC_GETPW_R_SIZE_MAX. * This may need updating! - Rob Collins April 2001. */ extern "C" int getpwnam_r (const char *nam, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) { *result = NULL; if (!pwd || !buffer || !nam) return ERANGE; struct passwd *temppw = internal_getpwnam (nam); pthread_testcancel (); if (!temppw) return 0; /* check needed buffer size. */ size_t needsize = strlen (temppw->pw_name) + strlen (temppw->pw_passwd) + strlen (temppw->pw_gecos) + strlen (temppw->pw_dir) + strlen (temppw->pw_shell) + 5; if (needsize > bufsize) return ERANGE; /* make a copy of temppw */ *result = pwd; pwd->pw_uid = temppw->pw_uid; pwd->pw_gid = temppw->pw_gid; buffer = stpcpy (pwd->pw_name = buffer, temppw->pw_name); buffer = stpcpy (pwd->pw_passwd = buffer + 1, temppw->pw_passwd); buffer = stpcpy (pwd->pw_gecos = buffer + 1, temppw->pw_gecos); buffer = stpcpy (pwd->pw_dir = buffer + 1, temppw->pw_dir); stpcpy (pwd->pw_shell = buffer + 1, temppw->pw_shell); pwd->pw_comment = NULL; return 0; } /* getpwent functions are not reentrant. */ static pw_ent pwent; void pg_ent::clear_cache () { if (pg.curr_lines) { if (state > from_file) cfree (group ? grp.g.gr_name : pwd.p.pw_name); pg.curr_lines = 0; } } void pg_ent::setent (bool _group, int _enums, PCWSTR _enum_tdoms) { endent (_group); if (!_enums && !_enum_tdoms) { enums = cygheap->pg.nss_db_enums (); enum_tdoms = cygheap->pg.nss_db_enum_tdoms (); } else { enums = _enums; enum_tdoms = _enum_tdoms; } if (_group) { from_files = cygheap->pg.nss_grp_files (); from_db = cygheap->pg.nss_grp_db (); } else { from_files = cygheap->pg.nss_pwd_files (); from_db = cygheap->pg.nss_pwd_db (); } state = from_cache; } void * pg_ent::getent (void) { void *entry; switch (state) { case rewound: state = from_cache; /*FALLTHRU*/ case from_cache: if (nss_db_enum_caches () && (entry = enumerate_caches ())) return entry; state = from_file; /*FALLTHRU*/ case from_file: if (from_files && nss_db_enum_files () && (entry = enumerate_file ())) return entry; state = from_builtin; /*FALLTHRU*/ case from_builtin: if (from_db && nss_db_enum_builtin () && (entry = enumerate_builtin ())) return entry; state = from_local; /*FALLTHRU*/ case from_local: if (from_db && nss_db_enum_local () && (!cygheap->dom.member_machine () || !nss_db_enum_primary ()) && (entry = enumerate_local ())) return entry; state = from_sam; /*FALLTHRU*/ case from_sam: if (from_db && nss_db_enum_local () /* Domain controller? If so, sam and ad are one and the same and "local ad" would list all domain accounts twice without this test. */ && (cygheap->dom.account_flat_name ()[0] != L'@' || !nss_db_enum_primary ()) && (entry = enumerate_sam ())) return entry; state = from_ad; /*FALLTHRU*/ case from_ad: if (cygheap->dom.member_machine () && from_db && (entry = enumerate_ad ())) return entry; state = finished; /*FALLTHRU*/ case finished: break; } return NULL; } void pg_ent::endent (bool _group) { if (buf) { if (state == from_file) free (buf); else if (state == from_local || state == from_sam) NetApiBufferFree (buf); buf = NULL; } if (!pg.curr_lines) { if ((group = _group)) { pg.init_grp (); pg.pwdgrp_buf = (void *) &grp; } else { pg.init_pwd (); pg.pwdgrp_buf = (void *) &pwd; } pg.max_lines = 1; } else clear_cache (); cldap.close (); rl.close (); cnt = max = resume = 0; enums = 0; enum_tdoms = NULL; state = rewound; } void * pg_ent::enumerate_file () { void *entry; if (!cnt) { pwdgrp &prf = group ? cygheap->pg.grp_cache.file : cygheap->pg.pwd_cache.file; if (prf.check_file (group)) { if (!buf) buf = (char *) malloc (NT_MAX_PATH); if (buf && !rl.init (prf.file_attr (), buf, NT_MAX_PATH)) { free (buf); buf = NULL; } } } ++cnt; if ((entry = pg.add_account_post_fetch (rl.gets (), false))) return entry; rl.close (); free (buf); buf = NULL; cnt = max = resume = 0; return NULL; } void * pg_ent::enumerate_builtin () { static const char *pwd_builtins[] = { /* SYSTEM */ "S-1-5-18", /* LocalService */ "S-1-5-19", /* NetworkService */ "S-1-5-20", /* Administrators */ "S-1-5-32-544", /* TrustedInstaller */ "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464", /* The end */ NULL }; static const char *grp_builtins[] = { /* SYSTEM */ "S-1-5-18", /* TrustedInstaller */ "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464", /* The end */ NULL }; const char **builtins = group ? grp_builtins : pwd_builtins; if (!builtins[cnt]) { cnt = max = resume = 0; return NULL; } cygsid sid (builtins[cnt++]); fetch_user_arg_t arg; arg.type = SID_arg; arg.sid = &sid; char *line = pg.fetch_account_from_windows (arg, group); return pg.add_account_post_fetch (line, false); } void * pg_ent::enumerate_sam () { while (true) { if (!cnt) { DWORD total; NET_API_STATUS ret; if (buf) { NetApiBufferFree (buf); buf = NULL; } if (resume == ULONG_MAX) ret = ERROR_NO_MORE_ITEMS; else if (group) ret = NetGroupEnum (NULL, 2, (PBYTE *) &buf, MAX_PREFERRED_LENGTH, &max, &total, &resume); else ret = NetUserEnum (NULL, 20, FILTER_NORMAL_ACCOUNT, (PBYTE *) &buf, MAX_PREFERRED_LENGTH, &max, &total, (PDWORD) &resume); if (ret == NERR_Success) resume = ULONG_MAX; else if (ret != ERROR_MORE_DATA) { cnt = max = resume = 0; return NULL; } } while (cnt < max) { cygsid sid (cygheap->dom.account_sid ()); sid_sub_auth (sid, sid_sub_auth_count (sid)) = group ? ((PGROUP_INFO_2) buf)[cnt].grpi2_group_id : ((PUSER_INFO_20) buf)[cnt].usri20_user_id; ++cnt; ++sid_sub_auth_count (sid); fetch_user_arg_t arg; arg.type = SID_arg; arg.sid = &sid; char *line = pg.fetch_account_from_windows (arg, group); if (line) return pg.add_account_post_fetch (line, false); } cnt = 0; } } void * pg_ent::enumerate_ad () { while (true) { if (!cnt) { PDS_DOMAIN_TRUSTSW td; if (!resume) { if (!cldap.open (NULL)) return NULL; ++resume; if (!nss_db_enum_primary () || !cldap.enumerate_ad_accounts (NULL, group)) continue; } else if ((td = cygheap->dom.trusted_domain (resume - 1))) { ++resume; if ((td->Flags & DS_DOMAIN_PRIMARY) || !td->DomainSid || (!nss_db_enum_tdom (td->NetbiosDomainName) && !nss_db_enum_tdom (td->DnsDomainName)) || !cldap.enumerate_ad_accounts (td->DnsDomainName, group)) continue; } else { cldap.close (); return NULL; } } ++cnt; cygsid sid; if (cldap.next_account (sid)) { fetch_user_arg_t arg; arg.type = SID_arg; arg.sid = &sid; char *line = pg.fetch_account_from_windows (arg, group); if (line) return pg.add_account_post_fetch (line, false); } cnt = 0; } } void * pw_ent::enumerate_caches () { if (!max && from_files) { pwdgrp &prf = cygheap->pg.pwd_cache.file; prf.check_file (false); if (cnt < prf.cached_users ()) return &prf.passwd ()[cnt++].p; cnt = 0; max = 1; } if (from_db && cygheap->pg.nss_db_caching ()) { pwdgrp &prw = cygheap->pg.pwd_cache.win; if (cnt < prw.cached_users ()) return &prw.passwd ()[cnt++].p; } cnt = max = 0; return NULL; } void * pw_ent::enumerate_local () { return NULL; } struct passwd * pw_ent::getpwent (void) { if (state == rewound) setent (false); else clear_cache (); return (struct passwd *) getent (); } extern "C" void setpwent () { pwent.setpwent (); } extern "C" struct passwd * getpwent (void) { return pwent.getpwent (); } extern "C" void endpwent (void) { pwent.endpwent (); } /* *_filtered functions are called from mkpasswd */ void * setpwent_filtered (int enums, PCWSTR enum_tdoms) { pw_ent *pw = new pw_ent; if (pw) pw->setpwent (enums, enum_tdoms); return (void *) pw; } void * getpwent_filtered (void *pw) { return (void *) ((pw_ent *) pw)->getpwent (); } void endpwent_filtered (void *pw) { ((pw_ent *) pw)->endpwent (); } #ifndef __x86_64__ extern "C" struct passwd * getpwduid (__uid16_t) { return NULL; } #endif extern "C" int setpassent (int) { return 0; } static void _getpass_close_fd (void *arg) { if (arg) fclose ((FILE *) arg); } extern "C" char * getpass (const char * prompt) { char *pass = _my_tls.locals.pass; struct termios ti, newti; bool tc_set = false; /* Try to use controlling tty in the first place. Use stdin and stderr only as fallback. */ FILE *in = stdin, *err = stderr; FILE *tty = fopen ("/dev/tty", "w+b"); pthread_cleanup_push (_getpass_close_fd, tty); if (tty) { /* Set close-on-exec for obvious reasons. */ fcntl (fileno (tty), F_SETFD, fcntl (fileno (tty), F_GETFD) | FD_CLOEXEC); in = err = tty; } /* Make sure to notice if stdin is closed. */ if (fileno (in) >= 0) { flockfile (in); /* Change tty attributes if possible. */ if (!tcgetattr (fileno (in), &ti)) { newti = ti; newti.c_lflag &= ~(ECHO | ISIG); /* No echo, no signal handling. */ if (!tcsetattr (fileno (in), TCSANOW, &newti)) tc_set = true; } fputs (prompt, err); fflush (err); fgets (pass, _PASSWORD_LEN, in); fprintf (err, "\n"); if (tc_set) tcsetattr (fileno (in), TCSANOW, &ti); funlockfile (in); char *crlf = strpbrk (pass, "\r\n"); if (crlf) *crlf = '\0'; } pthread_cleanup_pop (1); return pass; }