7 /* This implementation support Openwall-style TCB passwords in place of
8 * traditional shadow, if the appropriate directories and files exist.
9 * Thus, it is careful to avoid following symlinks or blocking on fifos
10 * which a malicious user might create in place of his or her TCB shadow
11 * file. It also avoids any allocation to prevent memory-exhaustion
12 * attacks via huge TCB shadow files. */
14 static long xatol(const char *s)
16 return isdigit(*s) ? atol(s) : -1;
19 int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
21 char path[20+NAME_MAX];
25 size_t k, l = strlen(name);
31 /* Disallow potentially-malicious user names */
32 if (*name=='.' || strchr(name, '/') || !l)
35 /* Buffer size must at least be able to hold name, plus some.. */
36 if (size < l+100) return ERANGE;
38 /* Protect against truncation */
39 if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
42 fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK);
44 struct stat st = { 0 };
46 if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
51 f = fopen("/etc/shadow", "rb");
55 while (fgets(buf, size, f) && (k=strlen(buf))>0) {
56 if (skip || strncmp(name, buf, l)) {
57 skip = buf[k-1] != '\n';
60 if (buf[k-1] != '\n') {
68 if (!(s = strchr(s, ':'))) continue;
70 *s++ = 0; sp->sp_pwdp = s;
71 if (!(s = strchr(s, ':'))) continue;
73 *s++ = 0; sp->sp_lstchg = xatol(s);
74 if (!(s = strchr(s, ':'))) continue;
76 *s++ = 0; sp->sp_min = xatol(s);
77 if (!(s = strchr(s, ':'))) continue;
79 *s++ = 0; sp->sp_max = xatol(s);
80 if (!(s = strchr(s, ':'))) continue;
82 *s++ = 0; sp->sp_warn = xatol(s);
83 if (!(s = strchr(s, ':'))) continue;
85 *s++ = 0; sp->sp_inact = xatol(s);
86 if (!(s = strchr(s, ':'))) continue;
88 *s++ = 0; sp->sp_expire = xatol(s);
89 if (!(s = strchr(s, ':'))) continue;
91 *s++ = 0; sp->sp_flag = xatol(s);