6 /* This implementation support Openwall-style TCB passwords in place of
7 * traditional shadow, if the appropriate directories and files exist.
8 * Thus, it is careful to avoid following symlinks or blocking on fifos
9 * which a malicious user might create in place of his or her TCB shadow
10 * file. It also avoids any allocation to prevent memory-exhaustion
11 * attacks via huge TCB shadow files. */
13 int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
15 char path[20+NAME_MAX];
19 size_t k, l = strlen(name);
25 /* Disallow potentially-malicious user names */
26 if (*name=='.' || strchr(name, '/') || !l)
29 /* Buffer size must at least be able to hold name, plus some.. */
30 if (size < l+100) return ERANGE;
32 /* Protect against truncation */
33 if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
36 fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK);
38 struct stat st = { 0 };
40 if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
45 f = fopen("/etc/shadow", "rb");
49 while (fgets(buf, size, f) && (k=strlen(buf))>0) {
50 if (skip || strncmp(name, buf, l)) {
51 skip = buf[k-1] != '\n';
54 if (buf[k-1] != '\n') {
62 if (!(s = strchr(s, ':'))) continue;
64 *s++ = 0; sp->sp_pwdp = s;
65 if (!(s = strchr(s, ':'))) continue;
67 *s++ = 0; sp->sp_lstchg = atol(s);
68 if (!(s = strchr(s, ':'))) continue;
70 *s++ = 0; sp->sp_min = atol(s);
71 if (!(s = strchr(s, ':'))) continue;
73 *s++ = 0; sp->sp_max = atol(s);
74 if (!(s = strchr(s, ':'))) continue;
76 *s++ = 0; sp->sp_warn = atol(s);
77 if (!(s = strchr(s, ':'))) continue;
79 *s++ = 0; sp->sp_inact = atol(s);
80 if (!(s = strchr(s, ':'))) continue;
82 *s++ = 0; sp->sp_expire = atol(s);
83 if (!(s = strchr(s, ':'))) continue;
85 *s++ = 0; sp->sp_flag = atol(s);