From patchwork Fri Dec 11 01:58:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: DJ Delorie X-Patchwork-Id: 41359 X-Patchwork-Delegate: siddhesh@gotplt.org Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 37F0B388A411; Fri, 11 Dec 2020 01:59:00 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 37F0B388A411 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1607651940; bh=mT4rwV0Lc6+KOSteYJc4n+de8k3zHCiri7sXM81BHgc=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=L7aIpF9JZmqcTS9UsqrVi6YKXt1OIWHLeVlgVsGNU5OQyvh2fDQLq+Ze6wwn1KjkA FrrU7LBcwb0EVvcrffXD3Hx+TzOOtEifW9c7iUWcWRNyp2l8wtL2YRTpYggasGA+y1 +B4Up0OpuA/2/6QkOvelRnfFZN4z58hFB9+66/EE= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by sourceware.org (Postfix) with ESMTP id 207F9385702F for ; Fri, 11 Dec 2020 01:58:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 207F9385702F Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-443-97xwsYKRMCekcCsCCBL4Zg-1; Thu, 10 Dec 2020 20:58:51 -0500 X-MC-Unique: 97xwsYKRMCekcCsCCBL4Zg-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 537BE107ACE3 for ; Fri, 11 Dec 2020 01:58:50 +0000 (UTC) Received: from greed.delorie.com (ovpn-113-151.rdu2.redhat.com [10.10.113.151]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1EFE760BF1 for ; Fri, 11 Dec 2020 01:58:50 +0000 (UTC) Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1]) by greed.delorie.com (8.14.7/8.14.7) with ESMTP id 0BB1wm6H015074 for ; Thu, 10 Dec 2020 20:58:48 -0500 To: libc-alpha@sourceware.org Subject: [v2] nsswitch: handle missing actions properly Date: Thu, 10 Dec 2020 20:58:48 -0500 Message-ID: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: DJ Delorie via Libc-alpha From: DJ Delorie Reply-To: DJ Delorie Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" v2: syntax fixed, added testcases. ------------------------------ Some internal functions need to know if a database has a nonzero list of actions; success getting the database does not guarantee that. Add checks for such as needed. Skip the ":" in each nsswitch.conf line so as not to add a dummy action libnss_:.so See also https://bugzilla.redhat.com/show_bug.cgi?id=1906066 Reviewed-by: Siddhesh Poyarekar diff --git a/grp/Makefile b/grp/Makefile index 9d1dae91db..20683f649d 100644 --- a/grp/Makefile +++ b/grp/Makefile @@ -31,6 +31,10 @@ routines := fgetgrent initgroups setgroups \ tests := testgrp tst-putgrent +tests-container = \ + tst-initgroups1 \ + tst-initgroups2 + ifeq (yes,$(build-shared)) test-srcs := tst_fgetgrent ifeq ($(run-built-tests),yes) diff --git a/grp/initgroups.c b/grp/initgroups.c index a60ca1c395..22736a17e2 100644 --- a/grp/initgroups.c +++ b/grp/initgroups.c @@ -72,11 +72,13 @@ internal_getgrouplist (const char *user, gid_t group, long int *size, nss_action_list nip; - if (__nss_database_get (nss_database_initgroups, &nip)) + if (__nss_database_get (nss_database_initgroups, &nip) + && nip != NULL) { use_initgroups_entry = true; } - else if (__nss_database_get (nss_database_group, &nip)) + else if (__nss_database_get (nss_database_group, &nip) + && nip != NULL) { use_initgroups_entry = false; } diff --git a/grp/tst-initgroups1.c b/grp/tst-initgroups1.c new file mode 100644 index 0000000000..f6551cae9b --- /dev/null +++ b/grp/tst-initgroups1.c @@ -0,0 +1,56 @@ +/* Test that initgroups works. + Copyright (C) 2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +/* Test that initgroups includes secondary groups. + https://bugzilla.redhat.com/show_bug.cgi?id=1906066 */ + +/* This version uses the wrapper around the groups module. */ + +#define EXPECTED_N_GROUPS 4 +static gid_t expected_groups[] = + { 20, 30, 50, 51 }; + +static int +do_test (void) +{ + gid_t mygroups [50]; + int i, n; + + n = 50; + getgrouplist ("dj", 20, mygroups, &n); + + TEST_COMPARE (n, EXPECTED_N_GROUPS); + for (i=0; i diff --git a/grp/tst-initgroups1.root/etc/group b/grp/tst-initgroups1.root/etc/group new file mode 100644 index 0000000000..0dac1cc2ba --- /dev/null +++ b/grp/tst-initgroups1.root/etc/group @@ -0,0 +1,7 @@ +abc:x:10: +def:x:20: +ghi:x:30:dj +jkl:x:40: +m:x:50:not,dj +n:x:51:dj,not +np:x:60:djx diff --git a/grp/tst-initgroups1.root/etc/nsswitch.conf b/grp/tst-initgroups1.root/etc/nsswitch.conf new file mode 100644 index 0000000000..8d0a1aea13 --- /dev/null +++ b/grp/tst-initgroups1.root/etc/nsswitch.conf @@ -0,0 +1 @@ +group : files diff --git a/grp/tst-initgroups1.root/etc/passwd b/grp/tst-initgroups1.root/etc/passwd new file mode 100644 index 0000000000..5e3a2a5eea --- /dev/null +++ b/grp/tst-initgroups1.root/etc/passwd @@ -0,0 +1 @@ +dj:x:84:20:DJ:/:/bin/sh diff --git a/grp/tst-initgroups2.c b/grp/tst-initgroups2.c new file mode 100644 index 0000000000..776e560ec9 --- /dev/null +++ b/grp/tst-initgroups2.c @@ -0,0 +1,21 @@ +/* Test that initgroups works. + Copyright (C) 2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include "tst-initgroups1.c" + +/* This version uses the initgroups built in to the files module. */ diff --git a/grp/tst-initgroups2.root/etc/group b/grp/tst-initgroups2.root/etc/group new file mode 100644 index 0000000000..0dac1cc2ba --- /dev/null +++ b/grp/tst-initgroups2.root/etc/group @@ -0,0 +1,7 @@ +abc:x:10: +def:x:20: +ghi:x:30:dj +jkl:x:40: +m:x:50:not,dj +n:x:51:dj,not +np:x:60:djx diff --git a/grp/tst-initgroups2.root/etc/nsswitch.conf b/grp/tst-initgroups2.root/etc/nsswitch.conf new file mode 100644 index 0000000000..c61f3624f6 --- /dev/null +++ b/grp/tst-initgroups2.root/etc/nsswitch.conf @@ -0,0 +1,2 @@ +initgroups : files +group : notfiles diff --git a/grp/tst-initgroups2.root/etc/passwd b/grp/tst-initgroups2.root/etc/passwd new file mode 100644 index 0000000000..5e3a2a5eea --- /dev/null +++ b/grp/tst-initgroups2.root/etc/passwd @@ -0,0 +1 @@ +dj:x:84:20:DJ:/:/bin/sh diff --git a/nss/nss_database.c b/nss/nss_database.c index e8c307d1f3..a036e95fbf 100644 --- a/nss/nss_database.c +++ b/nss/nss_database.c @@ -212,7 +212,8 @@ process_line (struct nss_database_data *data, char *line) if (line[0] == '\0' || name == line) /* Syntax error. Skip this line. */ return true; - *line++ = '\0'; + while (line[0] != '\0' && (isspace (line[0]) || line[0] == ':')) + *line++ = '\0'; int db = name_to_database_index (name); if (db < 0) diff --git a/nss/nsswitch.c b/nss/nsswitch.c index 40109c744d..5b46d06c6a 100644 --- a/nss/nsswitch.c +++ b/nss/nsswitch.c @@ -81,7 +81,10 @@ __nss_database_lookup2 (const char *database, const char *alternate_name, if (database_names[database_id] == NULL) return -1; - if (__nss_database_get (database_id, ni)) + /* If *NI is NULL, the database was not mentioned in nsswitch.conf. + If *NI is not NULL, but *NI->module is NULL, the database was in + nsswitch.conf but listed no actions. We test for the former. */ + if (__nss_database_get (database_id, ni) && *ni != NULL) { /* Success. */ return 0;