| chkey.c (7d1e83948cb684521e72cab96020be241508f449) | chkey.c (36e852a172cba914383d7341c988128b2c667fbd) |
|---|---|
| 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 35 unchanged lines hidden (view full) --- 44#include <pwd.h> 45#include <shadow.h> 46#include <crypt.h> 47#include <sys/types.h> 48#include <unistd.h> 49#include <rpc/rpc.h> 50#include <rpc/key_prot.h> 51#include <rpcsvc/nis.h> | 1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 35 unchanged lines hidden (view full) --- 44#include <pwd.h> 45#include <shadow.h> 46#include <crypt.h> 47#include <sys/types.h> 48#include <unistd.h> 49#include <rpc/rpc.h> 50#include <rpc/key_prot.h> 51#include <rpcsvc/nis.h> |
| 52#include <rpcsvc/nispasswd.h> | |
| 53#include <rpcsvc/nis_dhext.h> 54#include <rpcsvc/ypclnt.h> 55#include <nsswitch.h> 56 57#define PK_FILES 1 58#define PK_YP 2 | 52#include <rpcsvc/nis_dhext.h> 53#include <rpcsvc/ypclnt.h> 54#include <nsswitch.h> 55 56#define PK_FILES 1 57#define PK_YP 2 |
| 59#define PK_NISPLUS 3 | |
| 60#define PK_LDAP 4 61 62#define CURMECH mechs[mcount] | 58#define PK_LDAP 4 59 60#define CURMECH mechs[mcount] |
| 61#define DESCREDPASSLEN sizeof (des_block) |
|
| 63 64static char CRED_TABLE[] = "cred.org_dir"; 65static char PKMAP[] = "publickey.byname"; 66static char PKFILE[] = "/etc/publickey"; 67#define MAXHOSTNAMELEN 256 68 69#define ROOTKEY_FILE "/etc/.rootkey" 70#define ROOTKEY_FILE_BACKUP "/etc/.rootkey.bak" --- 25 unchanged lines hidden (view full) --- 96 97char **rpc_pws = NULL; /* List of S-RPC passwords */ 98int rpc_pw_count = 0; /* Number of passwords entered by user */ 99char *login_pw = NULL; /* Unencrypted login password */ 100char short_login_pw[DESCREDPASSLEN + 1]; 101/* Short S-RPC password, which has first 8 chars of login_pw */ 102 103static int add_cred_obj(nis_object *, char *); | 62 63static char CRED_TABLE[] = "cred.org_dir"; 64static char PKMAP[] = "publickey.byname"; 65static char PKFILE[] = "/etc/publickey"; 66#define MAXHOSTNAMELEN 256 67 68#define ROOTKEY_FILE "/etc/.rootkey" 69#define ROOTKEY_FILE_BACKUP "/etc/.rootkey.bak" --- 25 unchanged lines hidden (view full) --- 95 96char **rpc_pws = NULL; /* List of S-RPC passwords */ 97int rpc_pw_count = 0; /* Number of passwords entered by user */ 98char *login_pw = NULL; /* Unencrypted login password */ 99char short_login_pw[DESCREDPASSLEN + 1]; 100/* Short S-RPC password, which has first 8 chars of login_pw */ 101 102static int add_cred_obj(nis_object *, char *); |
| 104static nis_error auth_exists(char *, char *, char *, char *); | |
| 105static void cmp_passwd(); | 103static void cmp_passwd(); |
| 106static nis_error cred_exists(const char *, const char *, const char *); | |
| 107static void encryptkeys(); 108static void error_msg(); 109static char *fgets_ignorenul(); 110static void getpublics(); 111static void getrpcpws(); 112static void getsecrets(); 113static void initkeylist(bool_t); 114static void keylogin(keylen_t, algtype_t); 115static void keylogin_des(); 116static void makenewkeys(); 117static int modify_cred_obj(nis_object *, char *); | 104static void encryptkeys(); 105static void error_msg(); 106static char *fgets_ignorenul(); 107static void getpublics(); 108static void getrpcpws(); 109static void getsecrets(); 110static void initkeylist(bool_t); 111static void keylogin(keylen_t, algtype_t); 112static void keylogin_des(); 113static void makenewkeys(); 114static int modify_cred_obj(nis_object *, char *); |
| 118static int nisplus_update(nis_name, char *, char *, char *); 119static int sanity_checks(char *, char *, char *); | |
| 120static void storekeys(); 121static void usage(); 122static void write_rootkey(); 123 | 115static void storekeys(); 116static void usage(); 117static void write_rootkey(); 118 |
| 124extern char *get_nisplus_principal(char *, uid_t); | |
| 125extern nis_object *init_entry(); 126extern int get_pk_source(char *); 127extern int localupdate(char *, char *, uint_t, char *); 128extern int xencrypt(); 129extern int xencrypt_g(); 130extern int __gen_dhkeys(); 131extern int key_setnet(); 132extern int key_setnet_g(); --- 5 unchanged lines hidden (view full) --- 138 139static void 140error_msg() 141{ 142 if (sec_domain && *sec_domain && 143 strcasecmp(sec_domain, local_domain)) { 144 fprintf(stderr, 145"The system default domain '%s' is different from the Secure RPC\n\ | 119extern nis_object *init_entry(); 120extern int get_pk_source(char *); 121extern int localupdate(char *, char *, uint_t, char *); 122extern int xencrypt(); 123extern int xencrypt_g(); 124extern int __gen_dhkeys(); 125extern int key_setnet(); 126extern int key_setnet_g(); --- 5 unchanged lines hidden (view full) --- 132 133static void 134error_msg() 135{ 136 if (sec_domain && *sec_domain && 137 strcasecmp(sec_domain, local_domain)) { 138 fprintf(stderr, 139"The system default domain '%s' is different from the Secure RPC\n\ |
| 146domain %s where the key is stored. The Secure RPC domainname is\n\ 147defined by the directory object stored in the /var/nis/NIS_COLD_START file.\n\ 148If you need to change this Secure RPC domainname, please use the nisinit(1M)\n\ 149command with the `-k` option.\n", local_domain, sec_domain); | 140domain %s where the key is stored. \n", local_domain, sec_domain); |
| 150 exit(1); 151 } 152} 153 154 155static void 156usage() 157{ | 141 exit(1); 142 } 143} 144 145 146static void 147usage() 148{ |
| 158 fprintf(stderr, "usage: %s [-p] [-s ldap | nisplus | nis | files] \n", | 149 fprintf(stderr, "usage: %s [-p] [-s ldap | nis | files] \n", |
| 159 program_name); 160 exit(1); 161} 162 163 164/* Encrypt secret key(s) with login_pw */ 165static void 166encryptkeys() --- 198 unchanged lines hidden (view full) --- 365 * password 366 */ 367static void 368cmp_passwd() 369{ 370 char baseprompt[] = "Please enter the login password for"; 371 char prompt[BUFSIZ]; 372 char *en_login_pw = spw->sp_pwdp; | 150 program_name); 151 exit(1); 152} 153 154 155/* Encrypt secret key(s) with login_pw */ 156static void 157encryptkeys() --- 198 unchanged lines hidden (view full) --- 356 * password 357 */ 358static void 359cmp_passwd() 360{ 361 char baseprompt[] = "Please enter the login password for"; 362 char prompt[BUFSIZ]; 363 char *en_login_pw = spw->sp_pwdp; |
| 373 char short_en_login_pw[DESCREDPASSLEN + 1]; | 364 char short_en_login_pw[DESCREDPASSLEN + 1]; |
| 374 char *try_en_login_pw; 375 bool_t pwmatch = FALSE; 376 int done = 0, tries = 0, pcount; 377 378 snprintf(prompt, BUFSIZ, "%s %s:", baseprompt, pw->pw_name); 379 380 (void) strlcpy(short_en_login_pw, en_login_pw, 381 sizeof (short_en_login_pw)); --- 458 unchanged lines hidden (view full) --- 840 unlink(ROOTKEY_FILE_BACKUP); 841 return; 842 843rootkey_err: 844 fprintf(stderr, "WARNING: Could not write %s key to /etc/.rootkey\n", 845 flavor); 846} 847 | 365 char *try_en_login_pw; 366 bool_t pwmatch = FALSE; 367 int done = 0, tries = 0, pcount; 368 369 snprintf(prompt, BUFSIZ, "%s %s:", baseprompt, pw->pw_name); 370 371 (void) strlcpy(short_en_login_pw, en_login_pw, 372 sizeof (short_en_login_pw)); --- 458 unchanged lines hidden (view full) --- 831 unlink(ROOTKEY_FILE_BACKUP); 832 return; 833 834rootkey_err: 835 fprintf(stderr, "WARNING: Could not write %s key to /etc/.rootkey\n", 836 flavor); 837} 838 |
| 848 849/* Returns 0 if check fails; 1 if successful. */ 850static int 851sanity_checks(char *nis_princ, char *domain, char *authtype) 852{ 853 char netdomainaux[MAXHOSTNAMELEN+1]; 854 char *princdomain, *netdomain; 855 int len; 856 857 /* Sanity check 0. Do we have a nis+ principal name to work with? */ 858 if (nis_princ == NULL) { 859 (void) fprintf(stderr, 860 "%s: you must create a \"LOCAL\" credential for '%s' first.\n", 861 program_name, netname); 862 (void) fprintf(stderr, "\tSee nisaddcred(1).\n"); 863 return (0); 864 } 865 866 /* Sanity check 0.5. NIS+ principal names must be dotted. */ 867 len = strlen(nis_princ); 868 if (nis_princ[len-1] != '.') { 869 (void) fprintf(stderr, 870 "%s: invalid principal name: '%s' (forgot ending dot?).\n", 871 program_name, nis_princ); 872 return (0); 873 } 874 875 /* Sanity check 1. We only deal with one type of netnames. */ 876 if (strncmp(netname, "unix", 4) != 0) { 877 (void) fprintf(stderr, 878 "%s: unrecognized netname type: '%s'.\n", 879 program_name, netname); 880 return (0); 881 } 882 883 /* Sanity check 2. Should only add DES cred in home domain. */ 884 princdomain = nis_domain_of(nis_princ); 885 if (strcasecmp(princdomain, domain) != 0) { 886 (void) fprintf(stderr, 887"%s: domain of principal '%s' does not match destination domain '%s'.\n", 888 program_name, nis_princ, domain); 889 (void) fprintf(stderr, 890 "Should only add DES credential of principal in its home domain\n"); 891 return (0); 892 } 893 894 /* 895 * Sanity check 3: Make sure netname's domain same as principal's 896 * and don't have extraneous dot at the end. 897 */ 898 netdomain = (char *)strchr(netname, '@'); 899 if (! netdomain || netname[strlen(netname)-1] == '.') { 900 (void) fprintf(stderr, "%s: invalid netname: '%s'. \n", 901 program_name, netname); 902 return (0); 903 } 904 netdomain++; /* skip '@' */ 905 906 if (strlcpy(netdomainaux, netdomain, sizeof (netdomainaux)) >= 907 sizeof (netdomainaux)) { 908 (void) fprintf(stderr, "%s: net domain name %s is too long\n", 909 program_name, netdomain); 910 return (0); 911 } 912 913 if (netdomainaux[strlen(netdomainaux) - 1] != '.') { 914 if (strlcat(netdomainaux, ".", sizeof (netdomainaux)) >= 915 sizeof (netdomainaux)) { 916 (void) fprintf(stderr, 917 "%s: net domain name %s is too long\n", 918 program_name, netdomainaux); 919 return (0); 920 } 921 } 922 923 if (strcasecmp(princdomain, netdomainaux) != 0) { 924 (void) fprintf(stderr, 925 "%s: domain of netname %s should be same as that of principal %s\n", 926 program_name, netname, nis_princ); 927 return (0); 928 } 929 930 /* Another principal owns same credentials? (exits if that happens) */ 931 (void) auth_exists(nis_princ, netname, authtype, domain); 932 933 return (1); /* all passed */ 934} 935 936 | |
| 937/* Store new key information in the specified name service */ 938static void 939storekeys() 940{ 941 int mcount, ucount = 0; 942 char *ypmaster, *ypdomain = NULL, pkent[MAXPKENTLEN]; 943 nis_name nis_princ; 944 945 946 /* Setup */ 947 switch (dest_service) { 948 case PK_LDAP: 949 break; | 839/* Store new key information in the specified name service */ 840static void 841storekeys() 842{ 843 int mcount, ucount = 0; 844 char *ypmaster, *ypdomain = NULL, pkent[MAXPKENTLEN]; 845 nis_name nis_princ; 846 847 848 /* Setup */ 849 switch (dest_service) { 850 case PK_LDAP: 851 break; |
| 950 case PK_NISPLUS: 951 nis_princ = get_nisplus_principal(nis_local_directory(), 952 geteuid()); 953 break; | |
| 954 case PK_YP: 955 yp_get_default_domain(&ypdomain); 956 if (yp_master(ypdomain, PKMAP, &ypmaster) != 0) { 957 fprintf(stderr, 958 "%s: cannot find master of NIS publickey database\n", 959 program_name); 960 exit(1); 961 } --- 42 unchanged lines hidden (view full) --- 1004 login_pw)) 1005 fprintf(stderr, 1006 "%s: unable to update %s key in LDAP database\n", 1007 program_name, authtype); 1008 else 1009 ucount++; 1010 break; 1011 | 852 case PK_YP: 853 yp_get_default_domain(&ypdomain); 854 if (yp_master(ypdomain, PKMAP, &ypmaster) != 0) { 855 fprintf(stderr, 856 "%s: cannot find master of NIS publickey database\n", 857 program_name); 858 exit(1); 859 } --- 42 unchanged lines hidden (view full) --- 902 login_pw)) 903 fprintf(stderr, 904 "%s: unable to update %s key in LDAP database\n", 905 program_name, authtype); 906 else 907 ucount++; 908 break; 909 |
| 1012 case PK_NISPLUS: 1013 if (nisplus_update(nis_princ, 1014 authtype, 1015 plist[mcount], 1016 clist[mcount])) 1017 fprintf(stderr, 1018 "%s: unable to update %s key in nisplus database\n", 1019 program_name, authtype); 1020 else 1021 ucount++; 1022 break; 1023 | |
| 1024 case PK_YP: 1025 /* Should never get here. */ 1026 break; 1027 1028 case PK_FILES: 1029 /* Should never get here. */ 1030 break; 1031 } --- 11 unchanged lines hidden (view full) --- 1043 login_pw)) { 1044 fprintf(stderr, 1045 "%s: unable to update %s key in LDAP database\n", 1046 program_name); 1047 exit(1); 1048 } 1049 break; 1050 | 910 case PK_YP: 911 /* Should never get here. */ 912 break; 913 914 case PK_FILES: 915 /* Should never get here. */ 916 break; 917 } --- 11 unchanged lines hidden (view full) --- 929 login_pw)) { 930 fprintf(stderr, 931 "%s: unable to update %s key in LDAP database\n", 932 program_name); 933 exit(1); 934 } 935 break; 936 |
| 1051 case PK_NISPLUS: 1052 assert(plist[0] && clist[0]); 1053 if (nisplus_update(nis_princ, 1054 AUTH_DES_AUTH_TYPE, 1055 plist[0], 1056 clist[0])) { 1057 fprintf(stderr, 1058 "%s: unable to update nisplus database\n", 1059 program_name); 1060 exit(1); 1061 } 1062 break; 1063 | |
| 1064 case PK_YP: 1065 if (status = yp_update(ypdomain, PKMAP, 1066 YPOP_STORE, netname, 1067 strlen(netname), pkent, 1068 strlen(pkent))) { 1069 fprintf(stderr, 1070 "%s: unable to update NIS database (%u): %s\n", 1071 program_name, status, --- 19 unchanged lines hidden (view full) --- 1091 } 1092 if (!ucount) { 1093 fprintf(stderr, "%s: unable to update any key-pairs for %s.\n", 1094 program_name, pw->pw_name); 1095 exit(1); 1096 } 1097} 1098 | 937 case PK_YP: 938 if (status = yp_update(ypdomain, PKMAP, 939 YPOP_STORE, netname, 940 strlen(netname), pkent, 941 strlen(pkent))) { 942 fprintf(stderr, 943 "%s: unable to update NIS database (%u): %s\n", 944 program_name, status, --- 19 unchanged lines hidden (view full) --- 964 } 965 if (!ucount) { 966 fprintf(stderr, "%s: unable to update any key-pairs for %s.\n", 967 program_name, pw->pw_name); 968 exit(1); 969 } 970} 971 |
| 1099/* Check that someone else don't have the same auth information already */ 1100static 1101nis_error 1102auth_exists(char *princname, char *auth_name, char *auth_type, char *domain) 1103{ 1104 char sname[NIS_MAXNAMELEN+1]; 1105 nis_result *res; 1106 nis_error status; 1107 char *foundprinc; 1108 1109 (void) sprintf(sname, "[auth_name=%s,auth_type=%s],%s.%s", 1110 auth_name, auth_type, CRED_TABLE, domain); 1111 if (sname[strlen(sname)-1] != '.') 1112 strcat(sname, "."); 1113 /* Don't want FOLLOW_PATH here */ 1114 res = nis_list(sname, 1115 MASTER_ONLY+USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS, 1116 NULL, NULL); 1117 1118 status = res->status; 1119 switch (res->status) { 1120 case NIS_NOTFOUND: 1121 break; 1122 case NIS_TRYAGAIN: 1123 (void) fprintf(stderr, 1124 "%s: NIS+ server busy, try again later.\n", 1125 program_name); 1126 exit(1); 1127 break; 1128 case NIS_PERMISSION: 1129 (void) fprintf(stderr, 1130 "%s: insufficient permission to look up old credentials.\n", 1131 program_name); 1132 exit(1); 1133 break; 1134 case NIS_SUCCESS: 1135 foundprinc = ENTRY_VAL(res->objects.objects_val, 0); 1136 if (nis_dir_cmp(foundprinc, princname) != SAME_NAME) { 1137 (void) fprintf(stderr, 1138 "%s: %s credentials with auth_name '%s' already belong to '%s'.\n", 1139 program_name, auth_type, auth_name, foundprinc); 1140 exit(1); 1141 } 1142 break; 1143 default: 1144 (void) fprintf(stderr, 1145 "%s: error looking at cred table, NIS+ error: %s\n", 1146 program_name, nis_sperrno(res->status)); 1147 exit(1); 1148 } 1149 nis_freeresult(res); 1150 return (status); 1151} 1152 1153 1154/* Check whether this principal already has this type of credentials */ 1155static nis_error 1156cred_exists(const char *nisprinc, const char *flavor, const char *domain) 1157{ 1158 char sname[NIS_MAXNAMELEN+1]; 1159 nis_result *res; 1160 nis_error status; 1161 1162 snprintf(sname, NIS_MAXNAMELEN, 1163 "[cname=\"%s\",auth_type=%s],%s.%s", 1164 nisprinc, flavor, CRED_TABLE, domain); 1165 if (sname[strlen(sname)-1] != '.') 1166 strcat(sname, "."); 1167 1168 /* Don't want FOLLOW_PATH here */ 1169 res = nis_list(sname, 1170 MASTER_ONLY+USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS, 1171 NULL, NULL); 1172 1173 status = res->status; 1174 switch (status) { 1175 case NIS_NOTFOUND: 1176 break; 1177 case NIS_TRYAGAIN: 1178 fprintf(stderr, 1179 "%s: NIS+ server busy, try again later.\n", 1180 program_name); 1181 exit(1); 1182 break; 1183 case NIS_PERMISSION: 1184 (void) fprintf(stderr, 1185 "%s: insufficient permission to look at credentials table\n", 1186 program_name); 1187 exit(1); 1188 break; 1189 case NIS_SUCCESS: 1190 case NIS_S_SUCCESS: 1191 break; 1192 default: 1193 (void) fprintf(stderr, 1194 "%s: error looking at cred table, NIS+ error: %s\n", 1195 program_name, nis_sperrno(res->status)); 1196 exit(1); 1197 } 1198 nis_freeresult(res); 1199 return (status); 1200} 1201 1202 1203static int 1204modify_cred_obj(nis_object *obj, char *domain) 1205{ 1206 int status = 0; 1207 char sname[NIS_MAXNAMELEN+1]; 1208 nis_result *res; 1209 1210 (void) sprintf(sname, "%s.%s", CRED_TABLE, domain); 1211 res = nis_modify_entry(sname, obj, 0); 1212 switch (res->status) { 1213 case NIS_TRYAGAIN: 1214 (void) fprintf(stderr, 1215 "%s: NIS+ server busy, try again later.\n", 1216 program_name); 1217 exit(1); 1218 break; 1219 case NIS_PERMISSION: 1220 (void) fprintf(stderr, 1221 "%s: insufficient permission to update credentials.\n", 1222 program_name); 1223 exit(1); 1224 break; 1225 case NIS_SUCCESS: 1226 status = 1; 1227 break; 1228 default: 1229 (void) fprintf(stderr, 1230 "%s: error modifying credential, NIS+ error: %s.\n", 1231 program_name, nis_sperrno(res->status)); 1232 exit(1); 1233 } 1234 nis_freeresult(res); 1235 return (status); 1236} 1237 1238 1239static int 1240add_cred_obj(nis_object *obj, char *domain) 1241{ 1242 int status = 0; 1243 char sname[NIS_MAXNAMELEN+1]; 1244 nis_result *res; 1245 1246 /* Assume check for cred_exists performed already */ 1247 1248 (void) sprintf(sname, "%s.%s", CRED_TABLE, domain); 1249 res = nis_add_entry(sname, obj, 0); 1250 switch (res->status) { 1251 case NIS_TRYAGAIN: 1252 (void) fprintf(stderr, 1253 "%s: NIS+ server busy, try again later.\n", 1254 program_name); 1255 exit(1); 1256 break; 1257 case NIS_PERMISSION: 1258 (void) fprintf(stderr, 1259 "%s: insufficient permission to update credentials.\n", 1260 program_name); 1261 exit(1); 1262 break; 1263 case NIS_SUCCESS: 1264 status = 1; 1265 break; 1266 default: 1267 (void) fprintf(stderr, 1268 "%s: error creating credential, NIS+ error: %s.\n", 1269 program_name, nis_sperrno(res->status)); 1270 exit(1); 1271 } 1272 nis_freeresult(res); 1273 return (status); 1274} 1275 1276 1277/* Update NIS+ table with new key information */ 1278static int 1279nisplus_update(nis_name nis_princ, char *authtype, char *public, char *crypt) 1280{ 1281 nis_object *obj = init_entry(); 1282 int status; 1283 bool_t addition; 1284 char cmpdomain[MAXHOSTNAMELEN + 1]; 1285 char *userdomain, *domain; 1286 1287 if (!(userdomain = strchr(netname, '@'))) { 1288 fprintf(stderr, "%s: invalid netname: '%s'.\n", 1289 program_name, netname); 1290 exit(1); 1291 } 1292 userdomain++; 1293 1294 if (strlcpy(cmpdomain, userdomain, sizeof (cmpdomain)) >= 1295 sizeof (cmpdomain)) { 1296 (void) fprintf(stderr, 1297 "%s: net domain name %s is too long\n", 1298 program_name, cmpdomain); 1299 exit(1); 1300 } 1301 1302 if (cmpdomain[strlen(cmpdomain) - 1] != '.') { 1303 if (strlcat(cmpdomain, ".", sizeof (cmpdomain)) >= 1304 sizeof (cmpdomain)) { 1305 (void) fprintf(stderr, 1306 "%s: net domain name %s is too long\n", 1307 program_name, cmpdomain); 1308 exit(1); 1309 } 1310 } 1311 1312 domain = nis_domain_of(nis_princ); 1313 if (strcasecmp(domain, cmpdomain) != 0) 1314 domain = nis_local_directory(); 1315 1316 if (!sanity_checks(nis_princ, domain, authtype)) 1317 exit(1); 1318 1319 addition = (cred_exists(nis_princ, authtype, domain) == NIS_NOTFOUND); 1320 1321 ENTRY_VAL(obj, 0) = nis_princ; 1322 ENTRY_LEN(obj, 0) = strlen(nis_princ) + 1; 1323 1324 ENTRY_VAL(obj, 1) = authtype; 1325 ENTRY_LEN(obj, 1) = strlen(authtype) + 1; 1326 1327 ENTRY_VAL(obj, 2) = netname; 1328 ENTRY_LEN(obj, 2) = strlen(netname) + 1; 1329 1330 ENTRY_VAL(obj, 3) = public; 1331 ENTRY_LEN(obj, 3) = strlen(public) + 1; 1332 1333 ENTRY_VAL(obj, 4) = crypt; 1334 ENTRY_LEN(obj, 4) = strlen(crypt) + 1; 1335 1336 if (addition) { 1337 obj->zo_owner = nis_princ; 1338 obj->zo_group = nis_local_group(); 1339 obj->zo_domain = domain; 1340 /* owner: r, group: rmcd */ 1341 obj->zo_access = ((NIS_READ_ACC<<16)| 1342 (NIS_READ_ACC|NIS_MODIFY_ACC|NIS_CREATE_ACC| 1343 NIS_DESTROY_ACC)<<8); 1344 status = add_cred_obj(obj, domain); 1345 } else { 1346 obj->EN_data.en_cols.en_cols_val[3].ec_flags |= EN_MODIFIED; 1347 obj->EN_data.en_cols.en_cols_val[4].ec_flags |= EN_MODIFIED; 1348 status = modify_cred_obj(obj, domain); 1349 } 1350 return (status == 1 ? 0 : 1); 1351} 1352 1353 | |
| 1354void 1355addmechtolist(char *mechtype) 1356{ 1357 mechanism_t **realmechlist; 1358 int i; 1359 1360 if (realmechlist = __nis_get_mechanisms(FALSE)) { 1361 /* Match requested mech with list */ --- 179 unchanged lines hidden (view full) --- 1541 * Call getspnam() after the keylogin has been done so we have 1542 * the best chance of having read access to the encrypted pw. 1543 * 1544 * The eUID must be 0 for the getspnam() so the name service 1545 * switch can handle the following eUID sensitive cases: 1546 * 1547 * files/compat: read /etc/shadow 1548 * | 972void 973addmechtolist(char *mechtype) 974{ 975 mechanism_t **realmechlist; 976 int i; 977 978 if (realmechlist = __nis_get_mechanisms(FALSE)) { 979 /* Match requested mech with list */ --- 179 unchanged lines hidden (view full) --- 1159 * Call getspnam() after the keylogin has been done so we have 1160 * the best chance of having read access to the encrypted pw. 1161 * 1162 * The eUID must be 0 for the getspnam() so the name service 1163 * switch can handle the following eUID sensitive cases: 1164 * 1165 * files/compat: read /etc/shadow 1166 * |
| 1549 * nisplus: try to read the encrypted pw as the root 1550 * principal and if that fails, and if the 1551 * user's secret key is set, seteuid(user) 1552 * and retry the read. | |
| 1553 */ 1554 if ((spw = getspnam(pw->pw_name)) == 0) { 1555 1556 /* Set eUID back to user */ 1557 (void) seteuid(uid); 1558 1559 (void) fprintf(stderr, 1560 "%s: cannot find shadow entry for %s.\n", --- 73 unchanged lines hidden --- | 1167 */ 1168 if ((spw = getspnam(pw->pw_name)) == 0) { 1169 1170 /* Set eUID back to user */ 1171 (void) seteuid(uid); 1172 1173 (void) fprintf(stderr, 1174 "%s: cannot find shadow entry for %s.\n", --- 73 unchanged lines hidden --- |