/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * getpwent.c * * lib/nsswitch/compat/getpwent.c -- name-service-switch backend for getpwnam() * et al that does 4.x compatibility. It looks in /etc/passwd; if it finds * passwd entries there that begin with "+" or "-", it consults other * services. By default it uses NIS (YP), but the user can override this * with a "passwd_compat" entry in /etc/nsswitch.conf, e.g. * passwd_compat: ldap * * This code tries to produce the same results as the 4.x code, even when * the latter seems ill thought-out (mostly in the handling of netgroups, * "-", and the combination thereof). Bug-compatible, in other words. * Though we do try to be more reasonable about the format of "+" and "-" * entries here, i.e. you don't have to pad them with spurious colons and * bogus uid/gid values. * * Caveats: * - More than one source may be specified, with the usual switch semantics, * but having multiple sources here is definitely odd. * - People who recursively specify "compat" deserve what they get. * - Entries that begin with "+@" or "-@" are interpreted using * getnetgrent() and innetgr(), which use the "netgroup" entry in * /etc/nsswitch.conf. If the sources for "passwd_compat" and "netgroup" * differ, everything should work fine, but the semantics will be pretty * confusing. */ #include <pwd.h> #include <shadow.h> /* For PASSWD (pathname to passwd file) */ #include <stdlib.h> #include <strings.h> #include "compat_common.h" static DEFINE_NSS_DB_ROOT(db_root); static void _nss_initf_passwd_compat(p) nss_db_params_t *p; { p->name = NSS_DBNAM_PASSWD; p->config_name = NSS_DBNAM_PASSWD_COMPAT; p->default_config = NSS_DEFCONF_PASSWD_COMPAT; } /* * Validates passwd entry replacing uid/gid > MAXUID by ID_NOBODY. */ int validate_passwd_ids(char *line, int *linelenp, int buflen, int extra_chars) { char *linep, *limit, *uidp, *gidp; uid_t uid; gid_t gid; ulong_t uidl, gidl; int olduidlen, oldgidlen, idlen; int linelen = *linelenp, newlinelen; if (linelen == 0 || *line == '+' || *line == '-') return (NSS_STR_PARSE_SUCCESS); linep = line; limit = line + linelen; while (linep < limit && *linep++ != ':') /* skip username */ continue; while (linep < limit && *linep++ != ':') /* skip password */ continue; if (linep == limit) return (NSS_STR_PARSE_PARSE); uidp = linep; uidl = strtoul(uidp, (char **)&linep, 10); /* grab uid */ olduidlen = linep - uidp; if (++linep >= limit || olduidlen == 0) return (NSS_STR_PARSE_PARSE); gidp = linep; gidl = strtoul(gidp, (char **)&linep, 10); /* grab gid */ oldgidlen = linep - gidp; if (linep >= limit || oldgidlen == 0) return (NSS_STR_PARSE_PARSE); if (uidl <= MAXUID && gidl <= MAXUID) return (NSS_STR_PARSE_SUCCESS); uid = (uidl > MAXUID) ? UID_NOBODY : (uid_t)uidl; gid = (gidl > MAXUID) ? GID_NOBODY : (gid_t)gidl; /* Check if we have enough space in the buffer */ idlen = snprintf(NULL, 0, "%u:%u", uid, gid); newlinelen = linelen + idlen - olduidlen - oldgidlen - 1; if (newlinelen + extra_chars > buflen) return (NSS_STR_PARSE_ERANGE); /* Replace ephemeral ids by ID_NOBODY */ (void) bcopy(linep, uidp + idlen, limit - linep + extra_chars); (void) snprintf(uidp, idlen + 1, "%u:%u", uid, gid); *(uidp + idlen) = ':'; /* restore : that was overwritten by snprintf */ *linelenp = newlinelen; return (NSS_STR_PARSE_SUCCESS); } static const char * get_pwname(argp) nss_XbyY_args_t *argp; { struct passwd *p = (struct passwd *)argp->returnval; return (p->pw_name); } static int check_pwname(argp) nss_XbyY_args_t *argp; { struct passwd *p = (struct passwd *)argp->returnval; return (strcmp(p->pw_name, argp->key.name) == 0); } static nss_status_t getbyname(be, a) compat_backend_ptr_t be; void *a; { nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; return (_nss_compat_XY_all(be, argp, check_pwname, NSS_DBOP_PASSWD_BYNAME)); } static int check_pwuid(argp) nss_XbyY_args_t *argp; { struct passwd *p = (struct passwd *)argp->returnval; return (p->pw_uid == argp->key.uid); } static nss_status_t getbyuid(be, a) compat_backend_ptr_t be; void *a; { nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; if (argp->key.uid > MAXUID) return (NSS_NOTFOUND); return (_nss_compat_XY_all(be, argp, check_pwuid, NSS_DBOP_PASSWD_BYUID)); } /*ARGSUSED*/ static int merge_pwents(be, argp, fields) compat_backend_ptr_t be; nss_XbyY_args_t *argp; const char **fields; { struct passwd *pw = (struct passwd *)argp->buf.result; char *buf = malloc(NSS_LINELEN_PASSWD); char *s; int parsestat; int len; int buflen; if (buf == 0) { return (NSS_STR_PARSE_PARSE); /* Really "out of memory", but PARSE_PARSE will have to do */ } /* * Don't allow overriding of * - username * - uid * - gid * That's what the SunOS 4.x code did; who are we to question it... */ s = buf; buflen = argp->buf.buflen; if (fields[1] != 0) len = snprintf(s, buflen, "%s:%s", pw->pw_name, fields[1]); else { /* ====> Does this do the right thing? */ if (pw->pw_age != 0 && *pw->pw_age != '\0') len = snprintf(s, buflen, "%s:%s,%s", pw->pw_name, pw->pw_passwd, pw->pw_age); else len = snprintf(s, buflen, "%s:%s", pw->pw_name, pw->pw_passwd); } if (len > buflen) return (NSS_STR_PARSE_ERANGE); s += len; buflen -= len; len = snprintf(s, buflen, ":%u:%u:%s:%s:%s", pw->pw_uid, pw->pw_gid, fields[4] != 0 ? fields[4] : pw->pw_gecos, fields[5] != 0 ? fields[5] : pw->pw_dir, fields[6] != 0 ? fields[6] : pw->pw_shell); if (len > buflen) return (NSS_STR_PARSE_ERANGE); s += len; len = s - buf; /* * if asked, return the data in /etc file format */ if (be->return_string_data == 1) { /* reset the result ptr to the original value */ argp->buf.result = NULL; if (len > argp->buf.buflen) { parsestat = NSS_STR_PARSE_ERANGE; } else { (void) strncpy(argp->buf.buffer, buf, len); argp->returnval = argp->buf.buffer; argp->returnlen = len; parsestat = NSS_SUCCESS; } } else { parsestat = (*argp->str2ent)(buf, len, argp->buf.result, argp->buf.buffer, argp->buf.buflen); } free(buf); return (parsestat); } static compat_backend_op_t passwd_ops[] = { _nss_compat_destr, _nss_compat_endent, _nss_compat_setent, _nss_compat_getent, getbyname, getbyuid }; /*ARGSUSED*/ nss_backend_t * _nss_compat_passwd_constr(dummy1, dummy2, dummy3) const char *dummy1, *dummy2, *dummy3; { return (_nss_compat_constr(passwd_ops, sizeof (passwd_ops) / sizeof (passwd_ops[0]), PASSWD, NSS_LINELEN_PASSWD, &db_root, _nss_initf_passwd_compat, 1, get_pwname, merge_pwents)); }