nss_module.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435
  1. /* Global list of NSS service modules.
  2. Copyright (c) 2020-2026 Free Software Foundation, Inc.
  3. This file is part of the GNU C Library.
  4. The GNU C Library is free software; you can redistribute it and/or
  5. modify it under the terms of the GNU Lesser General Public
  6. License as published by the Free Software Foundation; either
  7. version 2.1 of the License, or (at your option) any later version.
  8. The GNU C Library is distributed in the hope that it will be useful,
  9. but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  11. Lesser General Public License for more details.
  12. You should have received a copy of the GNU Lesser General Public
  13. License along with the GNU C Library; if not, see
  14. <https://www.gnu.org/licenses/>. */
  15. #include <nsswitch.h>
  16. #include <nscd/nscd.h>
  17. #include <nscd/nscd_proto.h>
  18. #include <array_length.h>
  19. #include <assert.h>
  20. #include <atomic.h>
  21. #include <dlfcn.h>
  22. #include <gnu/lib-names.h>
  23. #include <libc-lock.h>
  24. #include <nss_dns.h>
  25. #include <nss_files.h>
  26. #include <stddef.h>
  27. #include <stdio.h>
  28. #include <stdlib.h>
  29. #include <string.h>
  30. #include <pointer_guard.h>
  31. /* Suffix after .so of NSS service modules. This is a bit of magic,
  32. but we assume LIBNSS_FILES_SO looks like "libnss_files.so.2" and we
  33. want a pointer to the ".2" part. We have no API to extract this
  34. except through the auto-generated lib-names.h and some static
  35. pointer manipulation. The "-1" accounts for the trailing NUL
  36. included in the sizeof. */
  37. static const char *const __nss_shlib_revision
  38. = &LIBNSS_FILES_SO[sizeof("libnss_files.so") - 1];
  39. /* A single-linked list used to implement a mapping from service names
  40. to NSS modules. (Most systems only use five or so modules, so a
  41. list is sufficient here.) Elements of this list are never freed
  42. during normal operation. */
  43. static struct nss_module *nss_module_list;
  44. /* Covers the list and also loading of individual NSS service
  45. modules. */
  46. __libc_lock_define (static, nss_module_list_lock);
  47. #if defined SHARED && defined USE_NSCD
  48. /* Nonzero if this is the nscd process. */
  49. static bool is_nscd;
  50. /* The callback passed to the init functions when nscd is used. */
  51. static void (*nscd_init_cb) (size_t, struct traced_file *);
  52. #endif
  53. /* Allocate the service NAME with length NAME_LENGTH. If the service
  54. is already allocated in the nss_module_list cache then we return a
  55. pointer to the struct nss_module, otherwise we try to allocate a
  56. new struct nss_module entry and add it to the global
  57. nss_modules_list cache. If we fail to allocate the entry we return
  58. NULL. Failure to allocate the entry is always transient. */
  59. struct nss_module *
  60. __nss_module_allocate (const char *name, size_t name_length)
  61. {
  62. __libc_lock_lock (nss_module_list_lock);
  63. struct nss_module *result = NULL;
  64. for (struct nss_module *p = nss_module_list; p != NULL; p = p->next)
  65. if (strncmp (p->name, name, name_length) == 0
  66. && p->name[name_length] == '\0')
  67. {
  68. /* Return the previously existing object. */
  69. result = p;
  70. break;
  71. }
  72. if (result == NULL)
  73. {
  74. /* Allocate a new list entry if the name was not found in the
  75. list. */
  76. result = malloc (sizeof (*result) + name_length + 1);
  77. if (result != NULL)
  78. {
  79. result->state = nss_module_uninitialized;
  80. memcpy (result->name, name, name_length);
  81. result->name[name_length] = '\0';
  82. result->handle = NULL;
  83. result->next = nss_module_list;
  84. nss_module_list = result;
  85. }
  86. }
  87. __libc_lock_unlock (nss_module_list_lock);
  88. return result;
  89. }
  90. /* Long enough to store the name of any function in the
  91. nss_function_name_array list below, as getprotobynumber_r is the
  92. longest entry in that list. */
  93. typedef char function_name[sizeof("getprotobynumber_r")];
  94. static const function_name nss_function_name_array[] =
  95. {
  96. #undef DEFINE_NSS_FUNCTION
  97. #define DEFINE_NSS_FUNCTION(x) #x,
  98. #include "function.def"
  99. };
  100. /* Loads a built-in module, binding the symbols using the supplied
  101. callback function. Always returns true. */
  102. static bool
  103. module_load_builtin (struct nss_module *module,
  104. void (*bind) (nss_module_functions_untyped))
  105. {
  106. /* Initialize the function pointers, following the double-checked
  107. locking idiom. */
  108. __libc_lock_lock (nss_module_list_lock);
  109. switch ((enum nss_module_state) atomic_load_acquire (&module->state))
  110. {
  111. case nss_module_uninitialized:
  112. case nss_module_failed:
  113. bind (module->functions.untyped);
  114. for (int i = 0; i < nss_module_functions_count; ++i)
  115. PTR_MANGLE (module->functions.untyped[i]);
  116. module->handle = NULL;
  117. /* Synchronizes with unlocked __nss_module_load atomic_load_acquire. */
  118. atomic_store_release (&module->state, nss_module_loaded);
  119. break;
  120. case nss_module_loaded:
  121. /* Nothing to clean up. */
  122. break;
  123. }
  124. __libc_lock_unlock (nss_module_list_lock);
  125. return true;
  126. }
  127. /* Loads the built-in nss_files module. */
  128. static bool
  129. module_load_nss_files (struct nss_module *module)
  130. {
  131. #if defined SHARED && defined USE_NSCD
  132. if (is_nscd)
  133. {
  134. void (*cb) (size_t, struct traced_file *) = nscd_init_cb;
  135. PTR_DEMANGLE (cb);
  136. _nss_files_init (cb);
  137. }
  138. #endif
  139. return module_load_builtin (module, __nss_files_functions);
  140. }
  141. /* Loads the built-in nss_dns module. */
  142. static bool
  143. module_load_nss_dns (struct nss_module *module)
  144. {
  145. return module_load_builtin (module, __nss_dns_functions);
  146. }
  147. /* Internal implementation of __nss_module_load. */
  148. static bool
  149. module_load (struct nss_module *module)
  150. {
  151. if (strcmp (module->name, "files") == 0)
  152. return module_load_nss_files (module);
  153. if (strcmp (module->name, "dns") == 0)
  154. return module_load_nss_dns (module);
  155. void *handle;
  156. {
  157. char *shlib_name;
  158. if (__asprintf (&shlib_name, "libnss_%s.so%s",
  159. module->name, __nss_shlib_revision) < 0)
  160. /* This is definitely a temporary failure. Do not update
  161. module->state. This will trigger another attempt at the next
  162. call. */
  163. return false;
  164. handle = __libc_dlopen (shlib_name);
  165. free (shlib_name);
  166. }
  167. /* Failing to load the module can be caused by several different
  168. scenarios. One such scenario is that the module has been removed
  169. from the disk. In which case the in-memory version is all that
  170. we have, and if the module->state indidates it is loaded then we
  171. can use it. */
  172. if (handle == NULL)
  173. {
  174. /* dlopen failure. We do not know if this a temporary or
  175. permanent error. See bug 22041. Update the state using the
  176. double-checked locking idiom. */
  177. __libc_lock_lock (nss_module_list_lock);
  178. bool result = result;
  179. switch ((enum nss_module_state) atomic_load_acquire (&module->state))
  180. {
  181. case nss_module_uninitialized:
  182. atomic_store_release (&module->state, nss_module_failed);
  183. result = false;
  184. break;
  185. case nss_module_loaded:
  186. result = true;
  187. break;
  188. case nss_module_failed:
  189. result = false;
  190. break;
  191. }
  192. __libc_lock_unlock (nss_module_list_lock);
  193. return result;
  194. }
  195. nss_module_functions_untyped pointers;
  196. /* Look up and store locally all the function pointers we may need
  197. later. Doing this now means the data will not change in the
  198. future. */
  199. for (size_t idx = 0; idx < array_length (nss_function_name_array); ++idx)
  200. {
  201. char *function_name;
  202. if (__asprintf (&function_name, "_nss_%s_%s",
  203. module->name, nss_function_name_array[idx]) < 0)
  204. {
  205. /* Definitely a temporary error. */
  206. __libc_dlclose (handle);
  207. return false;
  208. }
  209. pointers[idx] = __libc_dlsym (handle, function_name);
  210. free (function_name);
  211. PTR_MANGLE (pointers[idx]);
  212. }
  213. # if defined SHARED && defined USE_NSCD
  214. if (is_nscd)
  215. {
  216. /* Call the init function when nscd is used. */
  217. size_t initlen = (5 + strlen (module->name)
  218. + strlen ("_init") + 1);
  219. char init_name[initlen];
  220. /* Construct the init function name. */
  221. __stpcpy (__stpcpy (__stpcpy (init_name,
  222. "_nss_"),
  223. module->name),
  224. "_init");
  225. /* Find the optional init function. */
  226. void (*ifct) (void (*) (size_t, struct traced_file *))
  227. = __libc_dlsym (handle, init_name);
  228. if (ifct != NULL)
  229. {
  230. void (*cb) (size_t, struct traced_file *) = nscd_init_cb;
  231. PTR_DEMANGLE (cb);
  232. ifct (cb);
  233. }
  234. }
  235. # endif
  236. /* Install the function pointers, following the double-checked
  237. locking idiom. Delay this after all processing, in case loading
  238. the module triggers unwinding. */
  239. __libc_lock_lock (nss_module_list_lock);
  240. switch ((enum nss_module_state) atomic_load_acquire (&module->state))
  241. {
  242. case nss_module_uninitialized:
  243. case nss_module_failed:
  244. memcpy (module->functions.untyped, pointers,
  245. sizeof (module->functions.untyped));
  246. module->handle = handle;
  247. /* Synchronizes with unlocked __nss_module_load atomic_load_acquire. */
  248. atomic_store_release (&module->state, nss_module_loaded);
  249. break;
  250. case nss_module_loaded:
  251. /* If the module was already loaded, close our own handle. This
  252. does not actually unload the modules, only the reference
  253. counter is decremented for the loaded module. */
  254. __libc_dlclose (handle);
  255. break;
  256. }
  257. __libc_lock_unlock (nss_module_list_lock);
  258. return true;
  259. }
  260. /* Force the module identified by MODULE to be loaded. We return
  261. false if the module could not be loaded, true otherwise. Loading
  262. the module requires looking up all the possible interface APIs and
  263. caching the results. */
  264. bool
  265. __nss_module_load (struct nss_module *module)
  266. {
  267. switch ((enum nss_module_state) atomic_load_acquire (&module->state))
  268. {
  269. case nss_module_uninitialized:
  270. return module_load (module);
  271. case nss_module_loaded:
  272. /* Loading has already succeeded. */
  273. return true;
  274. case nss_module_failed:
  275. /* Loading previously failed. */
  276. return false;
  277. }
  278. __builtin_unreachable ();
  279. }
  280. static int
  281. name_search (const void *left, const void *right)
  282. {
  283. return strcmp (left, right);
  284. }
  285. /* Load module MODULE (if it isn't already) and return a pointer to
  286. the module's implementation of NAME, otherwise return NULL on
  287. failure or error. */
  288. void *
  289. __nss_module_get_function (struct nss_module *module, const char *name)
  290. {
  291. /* A successful dlopen might clobber errno. */
  292. int saved_errno = errno;
  293. if (!__nss_module_load (module))
  294. {
  295. /* Reporting module load failure is currently inaccurate. See
  296. bug 22041. Not changing errno is the conservative choice. */
  297. __set_errno (saved_errno);
  298. return NULL;
  299. }
  300. __set_errno (saved_errno);
  301. function_name *name_entry = bsearch (name, nss_function_name_array,
  302. array_length (nss_function_name_array),
  303. sizeof (function_name), name_search);
  304. assert (name_entry != NULL);
  305. size_t idx = name_entry - nss_function_name_array;
  306. void *fptr = module->functions.untyped[idx];
  307. PTR_DEMANGLE (fptr);
  308. return fptr;
  309. }
  310. #if defined SHARED && defined USE_NSCD
  311. /* Load all libraries for the service. */
  312. static void
  313. nss_load_all_libraries (enum nss_database service)
  314. {
  315. nss_action_list ni = NULL;
  316. if (__nss_database_get (service, &ni))
  317. while (ni->module != NULL)
  318. {
  319. __nss_module_load (ni->module);
  320. ++ni;
  321. }
  322. }
  323. define_traced_file (pwd, _PATH_NSSWITCH_CONF);
  324. define_traced_file (grp, _PATH_NSSWITCH_CONF);
  325. define_traced_file (hst, _PATH_NSSWITCH_CONF);
  326. define_traced_file (serv, _PATH_NSSWITCH_CONF);
  327. define_traced_file (netgr, _PATH_NSSWITCH_CONF);
  328. /* Called by nscd and nscd alone. */
  329. void
  330. __nss_disable_nscd (void (*cb) (size_t, struct traced_file *))
  331. {
  332. void (*cb1) (size_t, struct traced_file *);
  333. cb1 = cb;
  334. PTR_MANGLE (cb);
  335. nscd_init_cb = cb;
  336. is_nscd = true;
  337. /* Find all the relevant modules so that the init functions are called. */
  338. nss_load_all_libraries (nss_database_passwd);
  339. nss_load_all_libraries (nss_database_group);
  340. nss_load_all_libraries (nss_database_hosts);
  341. nss_load_all_libraries (nss_database_services);
  342. /* Make sure NSCD purges its cache if nsswitch.conf changes. */
  343. init_traced_file (&pwd_traced_file.file, _PATH_NSSWITCH_CONF, 0);
  344. cb1 (pwddb, &pwd_traced_file.file);
  345. init_traced_file (&grp_traced_file.file, _PATH_NSSWITCH_CONF, 0);
  346. cb1 (grpdb, &grp_traced_file.file);
  347. init_traced_file (&hst_traced_file.file, _PATH_NSSWITCH_CONF, 0);
  348. cb1 (hstdb, &hst_traced_file.file);
  349. init_traced_file (&serv_traced_file.file, _PATH_NSSWITCH_CONF, 0);
  350. cb1 (servdb, &serv_traced_file.file);
  351. init_traced_file (&netgr_traced_file.file, _PATH_NSSWITCH_CONF, 0);
  352. cb1 (netgrdb, &netgr_traced_file.file);
  353. /* Disable all uses of NSCD. */
  354. __nss_not_use_nscd_passwd = -1;
  355. __nss_not_use_nscd_group = -1;
  356. __nss_not_use_nscd_hosts = -1;
  357. __nss_not_use_nscd_services = -1;
  358. __nss_not_use_nscd_netgroup = -1;
  359. }
  360. #endif
  361. /* Block attempts to dlopen any module we haven't already opened. */
  362. void
  363. __nss_module_disable_loading (void)
  364. {
  365. __libc_lock_lock (nss_module_list_lock);
  366. for (struct nss_module *p = nss_module_list; p != NULL; p = p->next)
  367. if (p->state == nss_module_uninitialized)
  368. p->state = nss_module_failed;
  369. __libc_lock_unlock (nss_module_list_lock);
  370. }
  371. void
  372. __nss_module_freeres (void)
  373. {
  374. struct nss_module *current = nss_module_list;
  375. while (current != NULL)
  376. {
  377. /* Ignore built-in modules (which have a NULL handle). */
  378. if (current->state == nss_module_loaded
  379. && current->handle != NULL)
  380. __libc_dlclose (current->handle);
  381. struct nss_module *next = current->next;
  382. free (current);
  383. current = next;
  384. }
  385. nss_module_list = NULL;
  386. }