NSS: Replace exported NSS lookup functions with stubs [BZ #21962]
Commit 384ca551743318bd9c9e24a496d6397f2e3f2a49 from 2007 added this to
nss/XXX-lookup.c:
+#ifndef NO_COMPAT
+int
+internal_function attribute_compat_text_section
+DB_COMPAT_FCT (service_user **ni, const char *fct_name, void **fctp)
+{
+ return DB_LOOKUP_FCT (ni, fct_name, NULL, fctp);
+}
+#endif
That is, it adds a pseudo-compat function with an internal_function
attribute. The function it was supposed to replace did not have the
attribute:
extern int DB_LOOKUP_FCT (service_user **ni, const char *fct_name,
- void **fctp) internal_function;
+ const char *fct2_name, void **fctp)
+ internal_function;
This changed the calling convention on i386 for the following
functions in the public ABI:
__nss_passwd_lookup
__nss_group_lookup
__nss_hosts_lookup
This commit replaces the functions with always-failing stubs,
with true compat symbols. Due to a happy accident, the calling
convention of the stub is identical for the internal_function
and non-internal_function case on i386.
In addition, this commit auto-generates the __nss_*_lookup2
function declarations as part of <nsswitch.h>.
2017-08-14 Florian Weimer <fweimer@redhat.com>
[BZ #21962]
NSS: Create stubs for accidentally exported lookup functions.
* grp/initgroups.c (__nss_group_lookup, __nss_lookup_function):
Remove declaration.
* inet/ether_hton.c (__nss_ethers_lookup): Likewise.
(ether_hostton): Call __nss_ethers_lookup2 instead.
* inet/ether_ntoh.c (__nss_ethers_lookup): Remove declaration.
(ether_ntohost): Call __nss_ethers_lookup2 instead.
* inet/getnetgrent_r.c (__nss_netgroup_lookup): Remove declaration.
(setup): Call __nss_netgroup_lookup2 instead.
* nss/Makefile (routines): Add compat-lookup.
* nss/Versions (GLIBC_2.27): Add symbol version.
* nss/XXX-lookup (DB_LOOKUP_FCT): Remove declaration. Now provided by <nsswitch.h>.
(DB_COMPAT_FCT): Remove.
* nss/compat-lookup.c: New file.
* nss/nsswitch.h: Generate __nss_*_lookup2 function prototypes
from databases.def.
* nss/service-lookup.c (NO_COMPAT): Remove definition.
* sunrpc/netname.c (__nss_publickey_lookup): Remove declaration.
(netname2user): Call __nss_publickey_lookup2 instead.
* sunrpc/publickey.c (__nss_publickey_lookup): Remove declaration.
(getpublickey, getsecretkey): Call __nss_publickey_lookup2
instead.
@@ -36,11 +36,6 @@ typedef enum nss_status (*initgroups_dyn_function) (const char *, gid_t,
long int *, long int *,
gid_t **, long int, int *);
-/* The lookup function for the first entry of this service. */
-extern int __nss_group_lookup (service_user **nip, const char *name,
- void **fctp);
-extern void *__nss_lookup_function (service_user *ni, const char *fct_name);
-
extern service_user *__nss_group_database attribute_hidden;
service_user *__nss_initgroups_database;
static bool use_initgroups_entry;
@@ -27,11 +27,6 @@
typedef int (*lookup_function) (const char *, struct etherent *, char *, int,
int *);
-/* The lookup function for the first entry of this service. */
-extern int __nss_ethers_lookup (service_user **nip, const char *name,
- void **fctp) internal_function;
-
-
int
ether_hostton (const char *hostname, struct ether_addr *addr)
{
@@ -49,7 +44,7 @@ ether_hostton (const char *hostname, struct ether_addr *addr)
if (startp == NULL)
{
- no_more = __nss_ethers_lookup (&nip, "gethostton_r", &fct.ptr);
+ no_more = __nss_ethers_lookup2 (&nip, "gethostton_r", NULL, &fct.ptr);
if (no_more)
startp = (service_user *) -1;
else
@@ -28,11 +28,6 @@
typedef int (*lookup_function) (const struct ether_addr *, struct etherent *,
char *, size_t, int *);
-/* The lookup function for the first entry of this service. */
-extern int __nss_ethers_lookup (service_user **nip, const char *name,
- void **fctp) internal_function;
-
-
int
ether_ntohost (char *hostname, const struct ether_addr *addr)
{
@@ -50,7 +45,7 @@ ether_ntohost (char *hostname, const struct ether_addr *addr)
if (startp == NULL)
{
- no_more = __nss_ethers_lookup (&nip, "getntohost_r", &fct.ptr);
+ no_more = __nss_ethers_lookup2 (&nip, "getntohost_r", NULL, &fct.ptr);
if (no_more)
startp = (service_user *) -1;
else
@@ -36,10 +36,6 @@ __libc_lock_define_initialized (static, lock)
kept in this structure. */
static struct __netgrent dataset;
-/* The lookup function for the first entry of this service. */
-extern int __nss_netgroup_lookup (service_user **nipp, const char *name,
- void **fctp) internal_function;
-
/* Set up NIP to run through the services. Return nonzero if there are no
services (left). */
static int
@@ -54,7 +50,7 @@ setup (void **fctp, service_user **nipp)
{
/* Executing this more than once at the same time must yield the
same result every time. So we need no locking. */
- no_more = __nss_netgroup_lookup (nipp, "setnetgrent", fctp);
+ no_more = __nss_netgroup_lookup2 (nipp, "setnetgrent", NULL, fctp);
startp = no_more ? (service_user *) -1 : *nipp;
#ifdef PTR_MANGLE
PTR_MANGLE (startp);
@@ -27,7 +27,8 @@ headers := nss.h
# This is the trivial part which goes into libc itself.
routines = nsswitch getnssent getnssent_r digits_dots \
valid_field valid_list_field rewrite_field \
- $(addsuffix -lookup,$(databases))
+ $(addsuffix -lookup,$(databases)) \
+ compat-lookup
# These are the databases that go through nss dispatch.
# Caution: if you add a database here, you must add its real name
@@ -7,6 +7,8 @@ libc {
GLIBC_2.2.2 {
__nss_hostname_digits_dots;
}
+ GLIBC_2.27 {
+ }
GLIBC_PRIVATE {
_nss_files_parse_grent; _nss_files_parse_pwent; _nss_files_parse_spent;
__nss_disable_nscd; __nss_lookup_function; _nss_files_parse_sgent;
@@ -34,7 +34,6 @@
\*******************************************************************/
#define DB_LOOKUP_FCT CONCAT3_1 (__nss_, DATABASE_NAME, _lookup2)
-#define DB_COMPAT_FCT CONCAT3_1 (__nss_, DATABASE_NAME, _lookup)
#define CONCAT3_1(Pre, Name, Post) CONCAT3_2 (Pre, Name, Post)
#define CONCAT3_2(Pre, Name, Post) Pre##Name##Post
@@ -55,10 +54,6 @@
service_user *DATABASE_NAME_SYMBOL attribute_hidden;
-extern int DB_LOOKUP_FCT (service_user **ni, const char *fct_name,
- const char *fct2_name, void **fctp);
-libc_hidden_proto (DB_LOOKUP_FCT)
-
int
DB_LOOKUP_FCT (service_user **ni, const char *fct_name, const char *fct2_name,
void **fctp)
@@ -73,13 +68,3 @@ DB_LOOKUP_FCT (service_user **ni, const char *fct_name, const char *fct2_name,
return __nss_lookup (ni, fct_name, fct2_name, fctp);
}
libc_hidden_def (DB_LOOKUP_FCT)
-
-
-#ifndef NO_COMPAT
-int
-attribute_compat_text_section
-DB_COMPAT_FCT (service_user **ni, const char *fct_name, void **fctp)
-{
- return DB_LOOKUP_FCT (ni, fct_name, NULL, fctp);
-}
-#endif
new file mode 100644
@@ -0,0 +1,42 @@
+/* Compatibility stubs of accidentally exported __nss_*_lookup functions.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <shlib-compat.h>
+#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_27)
+
+# include <errno.h>
+# include <nsswitch.h>
+
+/* On i386, the function calling convention changed from the standard
+ ABI calling convention to three register parameters in glibc 2.8.
+ The following error-returning stub happens to be compatible with
+ glibc 2.7 and earlier and glibc 2.8 and later, even on i386. */
+int
+attribute_compat_text_section
+__nss_passwd_lookup (service_user **ni, const char *fct_name, void **fctp)
+{
+ __set_errno (ENOSYS);
+ return -1;
+}
+compat_symbol (libc, __nss_passwd_lookup, __nss_passwd_lookup, GLIBC_2_0);
+strong_alias (__nss_passwd_lookup, __nss_group_lookup)
+compat_symbol (libc, __nss_group_lookup, __nss_group_lookup, GLIBC_2_0);
+strong_alias (__nss_passwd_lookup, __nss_hosts_lookup)
+compat_symbol (libc, __nss_hosts_lookup, __nss_hosts_lookup, GLIBC_2_0);
+
+#endif /* SHLIB_COMPAT */
@@ -219,4 +219,12 @@ libc_hidden_proto (__nss_hostname_digits_dots)
#define MAX_NR_ALIASES 48
#define MAX_NR_ADDRS 48
+/* Prototypes for __nss_*_lookup2 functions. */
+#define DEFINE_DATABASE(arg) \
+ int __nss_##arg##_lookup2 (service_user **, const char *, \
+ const char *, void **); \
+ libc_hidden_proto (__nss_##arg##_lookup2)
+#include "databases.def"
+#undef DEFINE_DATABASE
+
#endif /* nsswitch.h */
@@ -17,6 +17,5 @@
<http://www.gnu.org/licenses/>. */
#define DATABASE_NAME services
-#define NO_COMPAT
#include "XXX-lookup.c"
@@ -140,9 +140,6 @@ libc_hidden_nolink_sunrpc (getnetname, GLIBC_2_1)
/* Type of the lookup function for netname2user. */
typedef int (*netname2user_function) (const char netname[MAXNETNAMELEN + 1],
uid_t *, gid_t *, int *, gid_t *);
-/* The lookup function for the first entry of this service. */
-extern int __nss_publickey_lookup (service_user ** nip, const char *name,
- void **fctp) internal_function;
int
netname2user (const char netname[MAXNETNAMELEN + 1], uid_t * uidp, gid_t * gidp,
@@ -161,7 +158,7 @@ netname2user (const char netname[MAXNETNAMELEN + 1], uid_t * uidp, gid_t * gidp,
if (startp == NULL)
{
- no_more = __nss_publickey_lookup (&nip, "netname2user", &fct.ptr);
+ no_more = __nss_publickey_lookup2 (&nip, "netname2user", NULL, &fct.ptr);
if (no_more)
startp = (service_user *) - 1;
else
@@ -31,11 +31,6 @@ typedef int (*public_function) (const char *, char *, int *);
/* Type of the lookup function for the secret key. */
typedef int (*secret_function) (const char *, char *, const char *, int *);
-/* The lookup function for the first entry of this service. */
-extern int __nss_publickey_lookup (service_user **nip, const char *name,
- void **fctp) internal_function;
-
-
int
getpublickey (const char *name, char *key)
{
@@ -52,7 +47,7 @@ getpublickey (const char *name, char *key)
if (startp == NULL)
{
- no_more = __nss_publickey_lookup (&nip, "getpublickey", &fct.ptr);
+ no_more = __nss_publickey_lookup2 (&nip, "getpublickey", NULL, &fct.ptr);
if (no_more)
startp = (service_user *) -1;
else
@@ -95,7 +90,7 @@ getsecretkey (const char *name, char *key, const char *passwd)
if (startp == NULL)
{
- no_more = __nss_publickey_lookup (&nip, "getsecretkey", &fct.ptr);
+ no_more = __nss_publickey_lookup2 (&nip, "getsecretkey", NULL, &fct.ptr);
if (no_more)
startp = (service_user *) -1;
else