Import /etc/shadow support from Musl for Linux

Fixes #992
2025-01-31 03:27:39 +00:00 · 2023-12-07 16:26:04 -08:00 · 2023-12-07 16:26:04 -08:00 · f8ea02d4d1
commit f8ea02d4d1
parent 06ace4e7b4
9 changed files with 224 additions and 7 deletions
--- a/libc/isystem/shadow.h
+++ b/libc/isystem/shadow.h
@ -0,0 +1,4 @@
+#ifndef _SHADOW_H
+#define _SHADOW_H
+#include "third_party/musl/shadow.h"
+#endif /* _SHADOW_H */
--- a/third_party/musl/fgetspent.c
+++ b/third_party/musl/fgetspent.c
@ -0,0 +1,15 @@
+#include "pwf.internal.h"
+#include <pthread.h>
+
+struct spwd *fgetspent(FILE *f)
+{
+	static char *line;
+	static struct spwd sp;
+	size_t size = 0;
+	struct spwd *res = 0;
+	int cs;
+	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
+	if (getline(&line, &size, f) >= 0 && __parsespent(line, &sp) >= 0) res = &sp;
+	pthread_setcancelstate(cs, 0);
+	return res;
+}
--- a/third_party/musl/getspnam_r.c
+++ b/third_party/musl/getspnam_r.c
@ -0,0 +1,125 @@
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <pthread.h>
+#include "pwf.internal.h"
+
+/* This implementation support Openwall-style TCB passwords in place of
+ * traditional shadow, if the appropriate directories and files exist.
+ * Thus, it is careful to avoid following symlinks or blocking on fifos
+ * which a malicious user might create in place of his or her TCB shadow
+ * file. It also avoids any allocation to prevent memory-exhaustion
+ * attacks via huge TCB shadow files. */
+
+static long xatol(char **s)
+{
+	long x;
+	if (**s == ':' || **s == '\n') return -1;
+	for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
+	return x;
+}
+
+int __parsespent(char *s, struct spwd *sp)
+{
+	sp->sp_namp = s;
+	if (!(s = strchr(s, ':'))) return -1;
+	*s = 0;
+
+	sp->sp_pwdp = ++s;
+	if (!(s = strchr(s, ':'))) return -1;
+	*s = 0;
+
+	s++; sp->sp_lstchg = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_min = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_max = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_warn = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_inact = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_expire = xatol(&s);
+	if (*s != ':') return -1;
+
+	s++; sp->sp_flag = xatol(&s);
+	if (*s != '\n') return -1;
+	return 0;
+}
+
+static void cleanup(void *p)
+{
+	fclose(p);
+}
+
+int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
+{
+	char path[20+NAME_MAX];
+	FILE *f = 0;
+	int rv = 0;
+	int fd;
+	size_t k, l = strlen(name);
+	int skip = 0;
+	int cs;
+	int orig_errno = errno;
+
+	*res = 0;
+
+	/* Disallow potentially-malicious user names */
+	if (*name=='.' || strchr(name, '/') || !l)
+		return errno = EINVAL;
+
+	/* Buffer size must at least be able to hold name, plus some.. */
+	if (size < l+100)
+		return errno = ERANGE;
+
+	/* Protect against truncation */
+	if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
+		return errno = EINVAL;
+
+	fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
+	if (fd >= 0) {
+		struct stat st = { 0 };
+		errno = EINVAL;
+		if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
+			pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
+			close(fd);
+			pthread_setcancelstate(cs, 0);
+			return errno;
+		}
+	} else {
+		if (errno != ENOENT && errno != ENOTDIR)
+			return errno;
+		f = fopen("/etc/shadow", "rbe");
+		if (!f) {
+			if (errno != ENOENT && errno != ENOTDIR)
+				return errno;
+			return 0;
+		}
+	}
+
+	pthread_cleanup_push(cleanup, f);
+	while (fgets(buf, size, f) && (k=strlen(buf))>0) {
+		if (skip || strncmp(name, buf, l) || buf[l]!=':') {
+			skip = buf[k-1] != '\n';
+			continue;
+		}
+		if (buf[k-1] != '\n') {
+			rv = ERANGE;
+			break;
+		}
+
+		if (__parsespent(buf, sp) < 0) continue;
+		*res = sp;
+		break;
+	}
+	pthread_cleanup_pop(1);
+	errno = rv ? rv : orig_errno;
+	return rv;
+}
--- a/third_party/musl/grp.c
+++ b/third_party/musl/grp.c
@ -46,7 +46,7 @@ static unsigned atou(char **s) {
  return x;
 }

-static int __getgrent_a(FILE *f, struct group *gr, char **line, size_t *size,
+int __getgrent_a(FILE *f, struct group *gr, char **line, size_t *size,
 		 char ***mem, size_t *nmem, struct group **res) {
  ssize_t l;
  char *s, *mems;
@ -103,7 +103,7 @@ end:
  return rv;
 }

-static int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf,
+int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf,
 	      size_t *size, char ***mem, size_t *nmem,
 	      struct group **res) {
  FILE *f;
--- a/third_party/musl/lckpwdf.c
+++ b/third_party/musl/lckpwdf.c
@ -0,0 +1,11 @@
+#include <shadow.h>
+
+int lckpwdf()
+{
+	return 0;
+}
+
+int ulckpwdf()
+{
+	return 0;
+}
--- a/third_party/musl/putspent.c
+++ b/third_party/musl/putspent.c
@ -0,0 +1,13 @@
+#include <shadow.h>
+#include <stdio.h>
+
+#define NUM(n) ((n) == -1 ? 0 : -1), ((n) == -1 ? 0 : (n))
+#define STR(s) ((s) ? (s) : "")
+
+int putspent(const struct spwd *sp, FILE *f)
+{
+	return fprintf(f, "%s:%s:%.*ld:%.*ld:%.*ld:%.*ld:%.*ld:%.*ld:%.*lu\n",
+		STR(sp->sp_namp), STR(sp->sp_pwdp), NUM(sp->sp_lstchg),
+		NUM(sp->sp_min), NUM(sp->sp_max), NUM(sp->sp_warn),
+		NUM(sp->sp_inact), NUM(sp->sp_expire), NUM(sp->sp_flag)) < 0 ? -1 : 0;
+}
--- a/third_party/musl/pwd.c
+++ b/third_party/musl/pwd.c
@ -115,7 +115,7 @@ atou(char **s)
 	return x;
 }

-static int
+int
 __getpwent_a(FILE *f, struct passwd *pw, char **line, size_t *size,
 	     struct passwd **res)
 {
@ -161,7 +161,7 @@ __getpwent_a(FILE *f, struct passwd *pw, char **line, size_t *size,
 	return rv;
 }

-static int
+int
 __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf,
 	  size_t *size, struct passwd **res)
 {
--- a/third_party/musl/pwf.internal.h
+++ b/third_party/musl/pwf.internal.h
@ -0,0 +1,15 @@
+#include <pwd.h>
+#include <grp.h>
+#include <shadow.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+
+int __getpwent_a(FILE *f, struct passwd *pw, char **line, size_t *size, struct passwd **res);
+int __getpw_a(const char *name, uid_t uid, struct passwd *pw, char **buf, size_t *size, struct passwd **res);
+int __getgrent_a(FILE *f, struct group *gr, char **line, size_t *size, char ***mem, size_t *nmem, struct group **res);
+int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t *size, char ***mem, size_t *nmem, struct group **res);
+int __parsespent(char *s, struct spwd *sp);
--- a/third_party/musl/shadow.h
+++ b/third_party/musl/shadow.h
@ -0,0 +1,34 @@
+#ifndef COSMOPOLITAN_THIRD_PARTY_MUSL_SHADOW_H_
+#define COSMOPOLITAN_THIRD_PARTY_MUSL_SHADOW_H_
+#include "libc/stdio/internal.h"
+COSMOPOLITAN_C_START_
+
+#define	SHADOW "/etc/shadow"
+
+struct spwd {
+	char *sp_namp;
+	char *sp_pwdp;
+	long sp_lstchg;
+	long sp_min;
+	long sp_max;
+	long sp_warn;
+	long sp_inact;
+	long sp_expire;
+	unsigned long sp_flag;
+};
+
+void setspent(void);
+void endspent(void);
+struct spwd *getspent(void);
+struct spwd *fgetspent(FILE *);
+struct spwd *sgetspent(const char *);
+int putspent(const struct spwd *, FILE *);
+
+struct spwd *getspnam(const char *);
+int getspnam_r(const char *, struct spwd *, char *, size_t, struct spwd **);
+
+int lckpwdf(void);
+int ulckpwdf(void);
+
+COSMOPOLITAN_C_END_
+#endif /* COSMOPOLITAN_THIRD_PARTY_MUSL_SHADOW_H_ */