Get rid of getpwuid and friends to avoid nsswitch (arangodb#20447)

* Avoid nsswitch.conf for user and group lookup on Linux.

* Fix compilation on Mac.

* CHANGELOG.

* Improve include situation.

* Apply suggestions from code review

Co-authored-by: Jan <jsteemann@users.noreply.github.com>

Author: neunhoef

CHANGELOG

@@ -1,6 +1,9 @@
 devel
 -----
 
+* No longer use getpwuid, getpwnam, getgrgid and getgrnam on Linux to
+  avoid crashes due to /etc/nsswitch.conf on older Linux distributions.
+
 * Escape control characters (e.g. newlines) in the query strings that are
   logged in an instance's audit log.
 

arangod/RestServer/PrivilegeFeature.cpp

@@ -28,6 +28,7 @@
 
 #include "Basics/application-exit.h"
 #include "Basics/error.h"
+#include "Basics/FileUtils.h"
 
 #ifdef TRI_HAVE_UNISTD_H
 #include <unistd.h>
@@ -136,21 +137,18 @@ void PrivilegeFeature::extractPrivileges() {
 
     if (valid && gidNumber >= 0) {
 #ifdef ARANGODB_HAVE_GETGRGID
-      group* g = getgrgid(gidNumber);
-
-      if (g == nullptr) {
+      std::optional<gid_t> gid = FileUtils::findGroup(_gid);
+      if (!gid) {
         LOG_TOPIC("3d53b", FATAL, arangodb::Logger::FIXME)
             << "unknown numeric gid '" << _gid << "'";
         FATAL_ERROR_EXIT();
       }
 #endif
     } else {
 #ifdef ARANGODB_HAVE_GETGRNAM
-      std::string name = _gid;
-      group* g = getgrnam(name.c_str());
-
-      if (g != nullptr) {
-        gidNumber = g->gr_gid;
+      std::optional<gid_t> gid = FileUtils::findGroup(_gid);
+      if (gid) {
+        gidNumber = gid.value();
       } else {
         TRI_set_errno(TRI_ERROR_SYS_ERROR);
         LOG_TOPIC("20096", FATAL, arangodb::Logger::FIXME)
@@ -179,20 +177,18 @@ void PrivilegeFeature::extractPrivileges() {
 
     if (valid) {
 #ifdef ARANGODB_HAVE_GETPWUID
-      passwd* p = getpwuid(uidNumber);
-
-      if (p == nullptr) {
+      std::optional<uid_t> uid = FileUtils::findUser(_uid);
+      if (!uid) {
         LOG_TOPIC("09f8d", FATAL, arangodb::Logger::FIXME)
             << "unknown numeric uid '" << _uid << "'";
         FATAL_ERROR_EXIT();
       }
 #endif
     } else {
 #ifdef ARANGODB_HAVE_GETPWNAM
-      passwd* p = getpwnam(_uid.c_str());
-
-      if (p != nullptr) {
-        uidNumber = p->pw_uid;
+      std::optional<uid_t> uid = FileUtils::findUser(_uid);
+      if (uid) {
+        uidNumber = uid.value();
       } else {
         LOG_TOPIC("d54b7", FATAL, arangodb::Logger::FIXME)
             << "cannot convert username '" << _uid << "' to numeric uid";
@@ -215,10 +211,10 @@ void PrivilegeFeature::dropPrivilegesPermanently() {
     defined(ARANGODB_HAVE_SETUID)
   // clear all supplementary groups
   if (!_gid.empty() && !_uid.empty()) {
-    struct passwd* pwent = getpwuid(_numericUid);
+    std::optional<std::string> name = FileUtils::findUserName(_numericUid);
 
-    if (pwent != nullptr) {
-      initgroups(pwent->pw_name, _numericGid);
+    if (name) {
+      initgroups(name.value().c_str(), _numericGid);
     }
   }
 #endif

lib/Basics/FileUtils.cpp

@@ -33,8 +33,8 @@
 
 #include "FileUtils.h"
 
-#include "Basics/operating-system.h"
 #include "Basics/process-utils.h"
+#include "Basics/NumberUtils.h"
 
 #ifdef TRI_HAVE_DIRENT_H
 #include <dirent.h>
@@ -756,17 +756,17 @@ void makePathAbsolute(std::string& path) {
   }
 }
 
-std::string slurpProgram(std::string const& program) {
+namespace {
+
+std::string slurpProgramInternal(std::string const& program,
+                                 std::vector<std::string> const& moreArgs) {
   ExternalProcess const* process;
   ExternalId external;
   ExternalProcessStatus res;
   std::string output;
-  std::vector<std::string> moreArgs;
   std::vector<std::string> additionalEnv;
   char buf[1024];
 
-  moreArgs.push_back(std::string("version"));
-
   TRI_CreateExternalProcess(program.c_str(), moreArgs, additionalEnv, true,
                             &external);
   if (external._pid == TRI_INVALID_PROCESS_ID) {
@@ -804,4 +804,100 @@ std::string slurpProgram(std::string const& program) {
   return output;
 }
 
+}  // namespace
+
+std::string slurpProgram(std::string const& program) {
+  std::vector<std::string> moreArgs{std::string("version")};
+  return slurpProgramInternal(program, moreArgs);
+}
+
+#ifdef ARANGODB_HAVE_GETPWUID
+std::optional<uid_t> findUser(std::string const& nameOrId) noexcept {
+  // We avoid getpwuid and getpwnam because they pose problems when
+  // we build static binaries with glibc (because of /etc/nsswitch.conf).
+  // However, we know that `id` exists for basically all Linux variants
+  // and for Mac.
+  try {
+    std::vector<std::string> args{"-u", nameOrId};
+    std::string output = slurpProgramInternal("/usr/bin/id", args);
+    StringUtils::trimInPlace(output);
+    bool valid = false;
+    uid_t uidNumber = NumberUtils::atoi_positive<int>(
+        output.data(), output.data() + output.size(), valid);
+    if (valid) {
+      return {uidNumber};
+    }
+  } catch (std::exception const&) {
+  }
+  return {std::nullopt};
+}
+
+std::optional<std::string> findUserName(uid_t id) noexcept {
+#ifdef __APPLE__
+  // For Mac we use the getpwuid function.
+  struct passwd* pwent = getpwuid(id);
+  if (pwent != nullptr) {
+    return {std::string(pwent->pw_name)};
+  }
+#else
+  // For Linux (and other Unixes), we avoid this function because it
+  // poses problems when we build static binaries with glibc (because of
+  // /etc/nsswitch.conf).
+  try {
+    std::vector<std::string> args{"passwd", std::to_string(id)};
+    std::string output = slurpProgramInternal("/usr/bin/getent", args);
+    StringUtils::trimInPlace(output);
+    auto parts = StringUtils::split(output, ':');
+    if (parts.size() >= 1) {
+      return {std::move(parts[0])};
+    }
+  } catch (std::exception const&) {
+  }
+#endif
+  return {std::nullopt};
+}
+#endif
+
+#ifdef ARANGODB_HAVE_GETGRGID
+std::optional<gid_t> findGroup(std::string const& nameOrId) noexcept {
+#ifdef __APPLE__
+  // For Mac we use the getgrgid and getgrnam functions.
+  bool valid = false;
+  int gidNumber = NumberUtils::atoi_positive<int>(
+      nameOrId.data(), nameOrId.data() + nameOrId.size(), valid);
+
+  if (valid && gidNumber >= 0) {
+    group* g = getgrgid(gidNumber);
+    if (g != nullptr) {
+      return {gidNumber};
+    }
+  } else {
+    group* g = getgrnam(nameOrId.c_str());
+    if (g != nullptr) {
+      return {g->gr_gid};
+    }
+  }
+#else
+  // For Linux (and other Unixes), we avoid these functions because they
+  // pose problems when we build static binaries with glibc (because of
+  // /etc/nsswitch.conf).
+  try {
+    std::vector<std::string> args{"group", nameOrId};
+    std::string output = slurpProgramInternal("/usr/bin/getent", args);
+    StringUtils::trimInPlace(output);
+    auto parts = StringUtils::split(output, ':');
+    if (parts.size() >= 3) {
+      bool valid = false;
+      uid_t gidNumber = NumberUtils::atoi_positive<int>(
+          parts[2].data(), parts[2].data() + parts[2].size(), valid);
+      if (valid) {
+        return {gidNumber};
+      }
+    }
+  } catch (std::exception const&) {
+  }
+#endif
+  return {std::nullopt};
+}
+#endif
 }  // namespace arangodb::basics::FileUtils

lib/Basics/FileUtils.h

@@ -25,13 +25,23 @@
 
 #include <stddef.h>
 #include <functional>
+#include <optional>
 #include <string>
 #include <vector>
 
 #include "Basics/Common.h"
 #include "Basics/FileResult.h"
 #include "Basics/FileResultString.h"
 #include "Basics/Result.h"
+#include "Basics/operating-system.h"
+
+#ifdef ARANGODB_HAVE_GETGRGID
+#include <grp.h>
+#endif
+
+#ifdef ARANGODB_HAVE_GETPWNAM
+#include <pwd.h>
+#endif
 
 namespace arangodb::basics::FileUtils {
 
@@ -154,4 +164,12 @@ std::string dirname(std::string const&);
 // returns the output of a program
 std::string slurpProgram(std::string const& program);
 
+#ifdef ARANGODB_HAVE_GETPWUID
+std::optional<uid_t> findUser(std::string const& nameOrId) noexcept;
+std::optional<std::string> findUserName(uid_t id) noexcept;
+#endif
+#ifdef ARANGODB_HAVE_GETGRGID
+std::optional<gid_t> findGroup(std::string const& nameOrId) noexcept;
+#endif
+
 }  // namespace arangodb::basics::FileUtils

lib/Logger/LoggerFeature.cpp

@@ -39,6 +39,7 @@
 #include "LoggerFeature.h"
 
 #include "ApplicationFeatures/ApplicationServer.h"
+#include "Basics/FileUtils.h"
 #include "Basics/NumberUtils.h"
 #include "Basics/StringUtils.h"
 #include "Basics/Thread.h"
@@ -655,20 +656,18 @@ void LoggerFeature::validateOptions(std::shared_ptr<ProgramOptions> options) {
 
     if (valid && gidNumber >= 0) {
 #ifdef ARANGODB_HAVE_GETGRGID
-      group* g = getgrgid(gidNumber);
-
-      if (g == nullptr) {
+      std::optional<gid_t> gid = FileUtils::findGroup(_fileGroup);
+      if (!gid) {
         LOG_TOPIC("174c2", FATAL, arangodb::Logger::FIXME)
             << "unknown numeric gid '" << _fileGroup << "'";
         FATAL_ERROR_EXIT();
       }
 #endif
     } else {
 #ifdef ARANGODB_HAVE_GETGRNAM
-      group* g = getgrnam(_fileGroup.c_str());
-
-      if (g != nullptr) {
-        gidNumber = g->gr_gid;
+      std::optional<gid_t> gid = FileUtils::findGroup(_fileGroup);
+      if (gid) {
+        gidNumber = gid.value();
       } else {
         TRI_set_errno(TRI_ERROR_SYS_ERROR);
         LOG_TOPIC("11a2c", FATAL, arangodb::Logger::FIXME)