/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* This module contains the subroutines used by the server to manipulate
* objects and names.
*/
#include "mt.h"
#include <pwd.h>
#include <grp.h>
#include <syslog.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/fcntl.h>
#include <netinet/in.h>
#include <rpc/rpc.h> /* Must be ahead of rpcb_clnt.h */
#include <rpc/svc.h>
#include <tiuser.h>
#include <netconfig.h>
#include <netdir.h>
#include <rpc/rpcb_clnt.h>
#include <rpc/pmap_clnt.h>
#include <rpcsvc/nis.h>
#include <rpcsvc/nis_dhext.h>
#include "nis_clnt.h"
#include <sys/systeminfo.h>
#include <nsswitch.h>
#define MAXIPRINT (11) /* max length of printed integer */
/*
* send and receive buffer size used for clnt_tli_create if not specified.
* This is only used for "UDP" connection.
* This limit can be changed from the application if this value is too
* small for the application. To use the maximum value for the transport,
* set this value to 0.
*/
int __nisipbufsize = 8192;
/*
* Static function prototypes.
*/
static struct local_names *__get_local_names(void);
static char *__map_addr(struct netconfig *, char *, rpcprog_t, rpcvers_t);
/*
* nis_dir_cmp() -- the results can be read as:
* "Name 'n1' is a $result than name 'n2'"
*/
name_pos
nis_dir_cmp(
nis_name n1,
nis_name n2) /* See if these are the same domain */
{
size_t l1, l2;
name_pos result;
if ((n1 == NULL) || (n2 == NULL))
return (BAD_NAME);
l1 = strlen(n1);
l2 = strlen(n2);
/* In this routine we're lenient and don't require a trailing '.' */
/* so we need to ignore it if it does appear. */
/* ==== That's what the previous version did so this one does */
/* too, but why? Is this inconsistent with rest of system? */
if (l1 != 0 && n1[l1 - 1] == '.') {
--l1;
}
if (l2 != 0 && n2[l2 - 1] == '.') {
--l2;
}
if (l1 > l2) {
result = LOWER_NAME;
} else if (l1 == l2) {
result = SAME_NAME;
} else /* (l1 < l2); swap l1/l2 and n1/n2 */ {
nis_name ntmp;
size_t ltmp;
ntmp = n1; n1 = n2; n2 = ntmp;
ltmp = l1; l1 = l2; l2 = ltmp;
result = HIGHER_NAME;
}
/* Now l1 >= l2 in all cases */
if (l2 == 0) {
/* Special case for n2 == "." or "" */
return (result);
}
if (l1 > l2) {
n1 += l1 - l2;
if (n1[-1] != '.') {
return (NOT_SEQUENTIAL);
}
}
if (strncasecmp(n1, n2, l2) == 0) {
return (result);
}
return (NOT_SEQUENTIAL);
}
#define LN_BUFSIZE (size_t)1024
struct principal_list {
uid_t uid;
char principal[LN_BUFSIZE];
struct principal_list *next;
};
struct local_names {
char domain[LN_BUFSIZE];
char host[LN_BUFSIZE];
char *rpcdomain;
struct principal_list *principal_map;
char group[LN_BUFSIZE];
};
static mutex_t ln_lock = DEFAULTMUTEX; /* lock level 2 */
static struct local_names *ln = NULL;
static struct local_names *__get_local_names1();
static struct local_names *
__get_local_names(void)
{
struct local_names *names;
sig_mutex_lock(&ln_lock);
names = __get_local_names1();
sig_mutex_unlock(&ln_lock);
return (names);
}
static struct local_names *
__get_local_names1(void)
{
char *t;
if (ln != NULL) {
/* Second and subsequent calls go this way */
return (ln);
}
/* First call goes this way */
ln = calloc(1, sizeof (*ln));
if (ln == NULL) {
syslog(LOG_ERR, "__get_local_names: Out of heap.");
return (NULL);
}
ln->principal_map = NULL;
if (sysinfo(SI_SRPC_DOMAIN, ln->domain, LN_BUFSIZE) < 0)
return (ln);
/* If no dot exists, add one. */
if (ln->domain[strlen(ln->domain)-1] != '.')
(void) strcat(ln->domain, ".");
if (sysinfo(SI_HOSTNAME, ln->host, LN_BUFSIZE) < 0)
return (ln);
/*
* Check for fully qualified hostname. If it's a fully qualified
* hostname, strip off the domain part. We always use the local
* domainname for the host principal name.
*/
t = strchr(ln->host, '.');
if (t)
*t = 0;
if (ln->domain[0] != '.')
(void) strcat(ln->host, ".");
ln->rpcdomain = strdup(ln->domain);
(void) strcat(ln->host, ln->domain);
t = getenv("NIS_GROUP");
if (t == NULL) {
ln->group[0] = '\0';
} else {
size_t maxlen = LN_BUFSIZE-1; /* max chars to copy */
char *temp; /* temp marker */
/*
* Copy <= maximum characters from NIS_GROUP; strncpy()
* doesn't terminate, so we do that manually. #1223323
* Also check to see if it's "". If it's the null string,
* we return because we don't want to add ".domain".
*/
(void) strncpy(ln->group, t, maxlen);
if (strcmp(ln->group, "") == 0) {
return (ln);
}
ln->group[maxlen] = '\0';
/* Is the group name somewhat fully-qualified? */
temp = strrchr(ln->group, '.');
/* If not, we need to add ".domain" to the group */
if ((temp == NULL) || (temp[1] != '\0')) {
/* truncate to make room for ".domain" */
ln->group[maxlen - (strlen(ln->domain)+1)] = '\0';
/* concat '.' if domain doesn't already have it */
if (ln->domain[0] != '.') {
(void) strcat(ln->group, ".");
}
(void) strcat(ln->group, ln->domain);
}
}
return (ln);
}
/*
* nis_local_group()
*
* Return's the group name of the current user.
*/
nis_name
nis_local_group(void)
{
struct local_names *ln = __get_local_names();
/* LOCK NOTE: Warning, after initialization, "ln" is expected */
/* to stay constant, So no need to lock here. If this assumption */
/* is changed, this code must be protected. */
if (!ln)
return (NULL);
return (ln->group);
}
/*
* __nis_nextsep_of()
*
* This internal funtion will accept a pointer to a NIS name string and
* return a pointer to the next separator occurring in it (it will point
* just past the first label). It allows for labels to be "quoted" to
* prevent the the dot character within them to be interpreted as a
* separator, also the quote character itself can be quoted by using
* it twice. If the the name contains only one label and no trailing
* dot character, a pointer to the terminating NULL is returned.
*/
nis_name
__nis_nextsep_of(char *s)
{
char *d;
int in_quotes = FALSE, quote_quote = FALSE;
if (!s)
return (NULL);
for (d = s; (in_quotes && (*d != '\0')) ||
(!in_quotes && (*d != '.') && (*d != '\0')); d++) {
if (quote_quote && in_quotes && (*d != '"')) {
quote_quote = FALSE;
in_quotes = FALSE;
if (*d == '.')
break;
} else if (quote_quote && in_quotes && (*d == '"')) {
quote_quote = FALSE;
} else if (quote_quote && (*d != '"')) {
quote_quote = FALSE;
in_quotes = TRUE;
} else if (quote_quote && (*d == '"')) {
quote_quote = FALSE;
} else if (in_quotes && (*d == '"')) {
quote_quote = TRUE;
} else if (!in_quotes && (*d == '"')) {
quote_quote = TRUE;
}
}
if (quote_quote || in_quotes) {
syslog(LOG_DEBUG, "__nis_nextsep_of: "
"Mismatched quotes in %s", s);
}
return (d);
}
/*
* nis_domain_of()
*
* This internal funtion will accept a pointer to a NIS name string and
* return a pointer to the "domain" part of it.
*
* ==== We don't need nis_domain_of_r(), but should we provide one for
* uniformity?
*/
nis_name
nis_domain_of(char *s)
{
char *d;
d = __nis_nextsep_of(s);
if (d == NULL)
return (NULL);
if (*d == '.')
d++;
if (*d == '\0') /* Don't return a zero length string */
return ("."); /* return root domain instead */
return (d);
}
/*
* nis_leaf_of()
*
* Returns the first label of a name. (other half of __domain_of)
*/
nis_name
nis_leaf_of_r(
const nis_name s,
char *buf,
size_t bufsize)
{
size_t nchars;
const char *d = __nis_nextsep_of((char *)s);
if (d == 0) {
return (0);
}
nchars = d - s;
if (bufsize < nchars + 1) {
return (0);
}
(void) strncpy(buf, s, nchars);
buf[nchars] = '\0';
return (buf);
}
static pthread_key_t buf_key = PTHREAD_ONCE_KEY_NP;
static char buf_main[LN_BUFSIZE];
nis_name
nis_leaf_of(char *s)
{
char *buf = thr_main()? buf_main :
thr_get_storage(&buf_key, LN_BUFSIZE, free);
if (buf == NULL)
return (NULL);
return (nis_leaf_of_r(s, buf, LN_BUFSIZE));
}
/*
* nis_name_of()
* This internal function will remove from the NIS name, the domain
* name of the current server, this will leave the unique part in
* the name this becomes the "internal" version of the name. If this
* function returns NULL then the name we were given to resolve is
* bad somehow.
* NB: Uses static storage and this is a no-no with threads. XXX
*/
nis_name
nis_name_of_r(
char *s, /* string with the name in it. */
char *buf,
size_t bufsize)
{
char *d;
struct local_names *ln = __get_local_names();
size_t dl, sl;
name_pos p;
#ifdef lint
bufsize = bufsize;
#endif /* lint */
if ((!s) || (!ln))
return (NULL); /* No string, this can't continue */
d = &(ln->domain[0]);
dl = strlen(ln->domain); /* _always dot terminated_ */
sl = strlen(s);
if (sl >= bufsize || (s[sl-1] != '.' && sl >= bufsize-1))
return (NULL);
(void) strcpy(buf, s); /* Make a private copy of 's' */
if (buf[sl-1] != '.') { /* Add a dot if necessary. */
(void) strcat(buf, ".");
sl++;
}
if (dl == 1) { /* We're the '.' directory */
buf[sl-1] = '\0'; /* Lose the 'dot' */
return (buf);
}
p = nis_dir_cmp(buf, d);
/* 's' is above 'd' in the tree */
if ((p == HIGHER_NAME) || (p == NOT_SEQUENTIAL) || (p == SAME_NAME))
return (NULL);
/* Insert a NUL where the domain name starts in the string */
buf[(sl - dl) - 1] = '\0';
/* Don't return a zero length name */
if (buf[0] == '\0')
return (NULL);
return (buf);
}
nis_name
nis_name_of(
char *s) /* string with the name in it. */
{
char *buf = thr_main()? buf_main :
thr_get_storage(&buf_key, LN_BUFSIZE, free);
if (!buf)
return (NULL);
return (nis_name_of_r(s, buf, LN_BUFSIZE));
}
/*
* nis_local_directory()
*
* Return a pointer to a string with the local directory name in it.
*/
nis_name
nis_local_directory(void)
{
struct local_names *ln = __get_local_names();
/* LOCK NOTE: Warning, after initialization, "ln" is expected */
/* to stay constant, So no need to lock here. If this assumption */
/* is changed, this code must be protected. */
if (ln == NULL)
return (NULL);
return (ln->domain);
}
/*
* __nis_rpc_domain()
*
* Return a pointer to a string with the rpc domain name in it.
*/
nis_name
__nis_rpc_domain()
{
struct local_names *ln = __get_local_names();
/* LOCK NOTE: Warning, after initialization, "ln" is expected */
/* to stay constant, So no need to lock here. If this assumption */
/* is changed, this code must be protected. */
if (ln == NULL)
return (NULL);
return (ln->rpcdomain);
}
/*
* nis_local_host()
* Generate the principal name for this host, "hostname"+"domainname"
* unless the hostname already has "dots" in its name.
*/
nis_name
nis_local_host(void)
{
struct local_names *ln = __get_local_names();
/* LOCK NOTE: Warning, after initialization, "ln" is expected */
/* to stay constant, So no need to lock here. If this assumption */
/* is changed, this code must be protected. */
if (ln == NULL)
return (NULL);
return (ln->host);
}
/*
* nis_destroy_object()
* This function takes a pointer to a NIS object and deallocates it. This
* is the inverse of __clone_object below. It must be able to correctly
* deallocate partially allocated objects because __clone_object will call
* it if it runs out of memory and has to abort. Everything is freed,
* INCLUDING the pointer that is passed.
*/
void
nis_destroy_object(nis_object *obj) /* The object to clone */
{
if (obj == 0)
return;
xdr_free(xdr_nis_object, (char *)obj);
free(obj);
} /* nis_destroy_object */
static void
destroy_nis_sdata(void *p)
{
struct nis_sdata *ns = p;
if (ns->buf != 0)
free(ns->buf);
free(ns);
}
/* XXX Why are these static ? */
/* static XDR in_xdrs, out_xdrs; */
/*
* __clone_object_r()
* This function takes a pointer to a NIS object and clones it. This
* duplicate object is now available for use in the local context.
*/
nis_object *
nis_clone_object_r(
nis_object *obj, /* The object to clone */
nis_object *dest, /* Use this pointer if non-null */
struct nis_sdata *clone_buf_ptr)
{
nis_object *result; /* The clone itself */
int status; /* a counter variable */
XDR in_xdrs, out_xdrs;
if (!nis_get_static_storage(clone_buf_ptr, 1,
xdr_sizeof(xdr_nis_object, obj)))
return (NULL);
(void) memset(&in_xdrs, 0, sizeof (in_xdrs));
(void) memset(&out_xdrs, 0, sizeof (out_xdrs));
xdrmem_create(&in_xdrs, clone_buf_ptr->buf, clone_buf_ptr->size,
XDR_ENCODE);
xdrmem_create(&out_xdrs, clone_buf_ptr->buf, clone_buf_ptr->size,
XDR_DECODE);
/* Allocate a basic NIS object structure */
if (dest) {
(void) memset(dest, 0, sizeof (nis_object));
result = dest;
} else
result = calloc(1, sizeof (nis_object));
if (result == NULL)
return (NULL);
/* Encode our object into the clone buffer */
(void) xdr_setpos(&in_xdrs, 0);
status = xdr_nis_object(&in_xdrs, obj);
if (status == FALSE)
return (NULL);
/* Now decode the buffer into our result pointer ... */
(void) xdr_setpos(&out_xdrs, 0);
status = xdr_nis_object(&out_xdrs, result);
if (status == FALSE)
return (NULL);
/* presto changeo, a new object */
return (result);
} /* __clone_object_r */
nis_object *
nis_clone_object(
nis_object *obj, /* The object to clone */
nis_object *dest) /* Use this pointer if non-null */
{
static pthread_key_t clone_buf_key = PTHREAD_ONCE_KEY_NP;
static struct nis_sdata clone_buf_main;
struct nis_sdata *clone_buf_ptr;
clone_buf_ptr = thr_main()? &clone_buf_main :
thr_get_storage(&clone_buf_key, sizeof (struct nis_sdata),
destroy_nis_sdata);
return (nis_clone_object_r(obj, dest, clone_buf_ptr));
} /* __clone_object */
/* Various subroutines used by the server code */
nis_object *
nis_read_obj(char *f) /* name of the object to read */
{
FILE *rootfile;
int status; /* Status of the XDR decoding */
XDR xdrs; /* An xdr stream handle */
nis_object *res;
res = calloc(1, sizeof (nis_object));
if (!res)
return (NULL);
rootfile = fopen(f, "rF");
if (rootfile == NULL) {
/* This is ok if we are the root of roots. */
free(res);
return (NULL);
}
/* Now read in the object */
xdrstdio_create(&xdrs, rootfile, XDR_DECODE);
status = xdr_nis_object(&xdrs, res);
xdr_destroy(&xdrs);
(void) fclose(rootfile);
if (!status) {
syslog(LOG_ERR, "Object file %s is corrupt!", f);
xdr_free(xdr_nis_object, (char *)res);
free(res);
return (NULL);
}
return (res);
}
int
nis_write_obj(
char *f, /* name of the object to read */
nis_object *o) /* The object to write */
{
FILE *rootfile;
int status; /* Status of the XDR decoding */
XDR xdrs; /* An xdr stream handle */
rootfile = fopen(f, "wF");
if (rootfile == NULL) {
return (0);
}
/* Now encode the object */
xdrstdio_create(&xdrs, rootfile, XDR_ENCODE);
status = xdr_nis_object(&xdrs, o);
xdr_destroy(&xdrs);
(void) fclose(rootfile);
return (status);
}
/*
* Transport INDEPENDENT RPC code. This code assumes you
* are using the new RPC/tli code and will build
* a ping handle on top of a datagram transport.
*/
/*
* __map_addr()
*
* This is our internal function that replaces rpcb_getaddr(). We
* build our own to prevent calling netdir_getbyname() which could
* recurse to the nameservice.
*/
static char *
__map_addr(
struct netconfig *nc, /* Our transport */
char *uaddr, /* RPCBIND address */
rpcprog_t prog, /* Name service Prog */
rpcvers_t ver)
{
CLIENT *client;
RPCB parms; /* Parameters for RPC binder */
enum clnt_stat clnt_st; /* Result from the rpc call */
char *ua = NULL; /* Universal address of service */
char *res = NULL; /* Our result to the parent */
struct timeval tv; /* Timeout for our rpcb call */
int ilen, olen; /* buffer length for clnt_tli_create */
/*
* If using "udp", use __nisipbufsize if inbuf and outbuf are set to 0.
*/
if (strcmp(NC_UDP, nc->nc_proto) == 0) {
/* for udp only */
ilen = olen = __nisipbufsize;
} else {
ilen = olen = 0;
}
client = __nis_clnt_create(RPC_ANYFD, nc, uaddr, 0, 0,
RPCBPROG, RPCBVERS, ilen, olen);
if (!client)
return (NULL);
(void) clnt_control(client, CLSET_FD_CLOSE, NULL);
/*
* Now make the call to get the NIS service address.
* We set the retry timeout to 3 seconds so that we
* will retry a few times. Retries should be rare
* because we are usually only called when we know
* a server is available.
*/
tv.tv_sec = 3;
tv.tv_usec = 0;
(void) clnt_control(client, CLSET_RETRY_TIMEOUT, (char *)&tv);
tv.tv_sec = 10;
tv.tv_usec = 0;
parms.r_prog = prog;
parms.r_vers = ver;
parms.r_netid = nc->nc_netid; /* not needed */
parms.r_addr = ""; /* not needed; just for xdring */
parms.r_owner = ""; /* not needed; just for xdring */
clnt_st = clnt_call(client, RPCBPROC_GETADDR, xdr_rpcb, (char *)&parms,
xdr_wrapstring, (char *)&ua, tv);
if (clnt_st == RPC_SUCCESS) {
clnt_destroy(client);
if (*ua == '\0') {
free(ua);
return (NULL);
}
res = strdup(ua);
xdr_free(xdr_wrapstring, (char *)&ua);
return (res);
} else if (((clnt_st == RPC_PROGVERSMISMATCH) ||
(clnt_st == RPC_PROGUNAVAIL)) &&
(strcmp(nc->nc_protofmly, NC_INET) == 0)) {
/*
* version 3 not available. Try version 2
* The assumption here is that the netbuf
* is arranged in the sockaddr_in
* style for IP cases.
*
* Note: If the remote host doesn't support version 3,
* we assume it doesn't know IPv6 either.
*/
ushort_t port;
struct sockaddr_in *sa;
struct netbuf remote;
int protocol;
char buf[32];
(void) clnt_control(client, CLGET_SVC_ADDR, (char *)&remote);
/* LINTED pointer cast */
sa = (struct sockaddr_in *)(remote.buf);
protocol = strcmp(nc->nc_proto, NC_TCP) ?
IPPROTO_UDP : IPPROTO_TCP;
port = (ushort_t)pmap_getport(sa, prog, ver, protocol);
if (port != 0) {
port = htons(port);
(void) sprintf(buf, "%d.%d.%d.%d.%d.%d",
(sa->sin_addr.s_addr >> 24) & 0xff,
(sa->sin_addr.s_addr >> 16) & 0xff,
(sa->sin_addr.s_addr >> 8) & 0xff,
(sa->sin_addr.s_addr) & 0xff,
(port >> 8) & 0xff,
port & 0xff);
res = strdup(buf);
} else
res = NULL;
clnt_destroy(client);
return (res);
}
if (clnt_st == RPC_TIMEDOUT)
syslog(LOG_ERR, "NIS+ server not responding");
else
syslog(LOG_ERR, "NIS+ server could not be contacted: %s",
clnt_sperrno(clnt_st));
clnt_destroy(client);
return (NULL);
}
#define MAX_EP (20)
extern int __can_use_af(sa_family_t af);
CLIENT *
__nis_clnt_create(int fd, struct netconfig *nc, char *uaddr,
struct netbuf *addr, int domapaddr,
int prog, int ver, int inbuf, int outbuf) {
char *svc_addr;
CLIENT *clnt;
int freeaddr = 0;
/* Sanity check */
if (nc == 0 || (addr == 0 && uaddr == 0)) {
return (0);
}
/*
* Check if we have a useable interface for this address family.
* This check properly belongs in RPC (or even further down),
* but until they provide it, we roll our own.
*/
if (__can_use_af((strcmp(nc->nc_protofmly, NC_INET6) == 0) ?
AF_INET6 : AF_INET) == 0) {
return (0);
}
if (domapaddr) {
svc_addr = __map_addr(nc, uaddr, prog, ver);
if (svc_addr == 0)
return (0);
addr = uaddr2taddr(nc, svc_addr);
freeaddr = 1;
free(svc_addr);
} else if (addr == 0) {
addr = uaddr2taddr(nc, uaddr);
freeaddr = 1;
}
if (addr == 0) {
return (0);
}
clnt = clnt_tli_create(fd, nc, addr, prog, ver, outbuf, inbuf);
if (clnt) {
if (clnt_control(clnt, CLGET_FD, (char *)&fd))
/* make it "close on exec" */
(void) fcntl(fd, F_SETFD, FD_CLOEXEC);
(void) clnt_control(clnt, CLSET_FD_CLOSE, NULL);
}
if (freeaddr)
netdir_free(addr, ND_ADDR);
return (clnt);
}
static mutex_t __nis_ss_used_lock = DEFAULTMUTEX; /* lock level 3 */
int __nis_ss_used = 0;
/*
* nis_get_static_storage()
*
* This function is used by various functions in their effort to minimize the
* hassles of memory management in an RPC daemon. Because the service doesn't
* implement any hard limits, this function allows people to get automatically
* growing buffers that meet their storage requirements. It returns the
* pointer in the nis_sdata structure.
*
*/
void *
nis_get_static_storage(
struct nis_sdata *bs, /* User buffer structure */
uint_t el, /* Sizeof elements */
uint_t nel) /* Number of elements */
{
uint_t sz;
sz = nel * el;
if (!bs)
return (NULL);
if (!bs->buf) {
bs->buf = malloc(sz);
if (!bs->buf)
return (NULL);
bs->size = sz;
sig_mutex_lock(&__nis_ss_used_lock);
__nis_ss_used += sz;
sig_mutex_unlock(&__nis_ss_used_lock);
} else if (bs->size < sz) {
int size_delta;
free(bs->buf);
size_delta = - (bs->size);
bs->buf = malloc(sz);
/* check the result of malloc() first */
/* then update the statistic. */
if (!bs->buf)
return (NULL);
bs->size = sz;
size_delta += sz;
sig_mutex_lock(&__nis_ss_used_lock);
__nis_ss_used += size_delta;
sig_mutex_unlock(&__nis_ss_used_lock);
}
(void) memset(bs->buf, 0, sz); /* SYSV version of bzero() */
return (bs->buf);
}