1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25 /*
26 * getspent.c
27 *
28 * lib/nsswitch/compat/getspent.c -- name-service-switch backend for getspnam()
29 * It looks in /etc/shadow; if it finds shadow entries there that begin
30 * with "+" or "-", it consults other services. By default it uses NIS (YP),
31 * but the user can override this with a "passwd_compat" entry in
32 * /etc/nsswitch.conf, e.g.
33 * passwd_compat: ldap
34 * The main criterion for this code is that it behave in the same way as
35 * the code for getpwnam() and friends (in getpwent.c). Note that it uses
36 * the same nsswitch.conf entry, not a separate entry for "shadow_compat".
37 *
38 * Caveats:
39 * - More than one source may be specified, with the usual switch semantics,
40 * but having multiple sources here is definitely odd.
41 * - People who recursively specify "compat" deserve what they get.
42 * - Entries that begin with "+@" or "-@" are interpreted using
43 * getnetgrent() and innetgr(), which use the "netgroup" entry in
44 * /etc/nsswitch.conf. If the sources for "passwd_compat" and "netgroup"
45 * differ, everything should work fine, but the semantics will be pretty
46 * confusing.
47 */
48
49 #include <shadow.h>
50 #include <string.h>
51 #include <stdlib.h>
52 #include "compat_common.h"
53
54 static DEFINE_NSS_DB_ROOT(db_root);
55
56 static void
_nss_initf_shadow_compat(p)57 _nss_initf_shadow_compat(p)
58 nss_db_params_t *p;
59 {
60 p->name = NSS_DBNAM_SHADOW;
61 p->config_name = NSS_DBNAM_PASSWD_COMPAT;
62 p->default_config = NSS_DEFCONF_PASSWD_COMPAT;
63 }
64
65 static const char *
get_spnamp(argp)66 get_spnamp(argp)
67 nss_XbyY_args_t *argp;
68 {
69 struct spwd *s = (struct spwd *)argp->returnval;
70
71 return (s->sp_namp);
72 }
73
74 static int
check_spnamp(argp)75 check_spnamp(argp)
76 nss_XbyY_args_t *argp;
77 {
78 struct spwd *s = (struct spwd *)argp->returnval;
79
80 return (strcmp(s->sp_namp, argp->key.name) == 0);
81 }
82
83 static nss_status_t
getbyname(be,a)84 getbyname(be, a)
85 compat_backend_ptr_t be;
86 void *a;
87 {
88 nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
89
90 return (_nss_compat_XY_all(be, argp, check_spnamp,
91 NSS_DBOP_SHADOW_BYNAME));
92 }
93
94 /*ARGSUSED*/
95 static int
merge_spents(be,argp,fields)96 merge_spents(be, argp, fields)
97 compat_backend_ptr_t be;
98 nss_XbyY_args_t *argp;
99 const char **fields;
100 {
101 struct spwd *sp = (struct spwd *)argp->buf.result;
102
103 /*
104 * Don't allow overriding of the username; apart from that,
105 * anything is fair game.
106 */
107
108 if (fields[1] != 0) {
109 size_t namelen = strlen(sp->sp_namp) + 1;
110 size_t passlen = strlen(fields[1]) + 1;
111
112 /* ===> Probably merits an explanation... */
113 if (namelen + passlen > argp->buf.buflen) {
114 return (NSS_STR_PARSE_ERANGE);
115 }
116 if (sp->sp_namp != argp->buf.buffer) {
117 (void) memmove(argp->buf.buffer,
118 sp->sp_namp, namelen);
119 sp->sp_namp = argp->buf.buffer;
120 }
121 (void) memcpy(argp->buf.buffer + namelen,
122 fields[1], passlen);
123 }
124
125 #define override(field, longp) \
126 if ((field) != 0) { \
127 char *end; \
128 long val = strtol(field, &end, 10); \
129 \
130 if (*end == '\0') { \
131 *(longp) = val; \
132 } else { \
133 return (NSS_STR_PARSE_PARSE); \
134 } \
135 }
136
137 /* do not override last changed date, it never gets reset. */
138 /* override(fields[2], &sp->sp_lstchg); */
139 override(fields[3], &sp->sp_min);
140 override(fields[4], &sp->sp_max);
141 override(fields[5], &sp->sp_warn);
142 override(fields[6], &sp->sp_inact);
143 override(fields[7], &sp->sp_expire);
144 override(fields[8], &sp->sp_flag);
145
146 /*
147 * if asked, return the data in /etc file format
148 */
149 if (be->return_string_data == 1) {
150 int n;
151 char b[16 * 7];
152
153 /* reset the result ptr to the original value */
154 argp->buf.result = NULL;
155
156 #define printnum(i, num) \
157 sprintf(b + (i * 16), "%d", num)) ? b + (i * 16) : ""
158
159 n = snprintf(argp->buf.buffer, argp->buf.buflen,
160 "%s:%s:%s:%s:%s:%s:%s:%s:%s", sp->sp_namp,
161 (sp->sp_pwdp ? sp->sp_pwdp : ""),
162 (sp->sp_lstchg >= 0 && printnum(0, sp->sp_lstchg),
163 (sp->sp_min >= 0 && printnum(1, sp->sp_min),
164 (sp->sp_max >= 0 && printnum(2, sp->sp_max),
165 (sp->sp_warn > 0 && printnum(3, sp->sp_warn),
166 (sp->sp_inact > 0 && printnum(4, sp->sp_inact),
167 (sp->sp_expire > 0 && printnum(5, sp->sp_expire),
168 (sp->sp_flag != 0 && printnum(6, sp->sp_flag));
169
170 if (n > argp->buf.buflen)
171 return (NSS_STR_PARSE_ERANGE);
172 else {
173 argp->returnlen = n - 1;
174 return (NSS_SUCCESS);
175 }
176
177 } else
178 return (NSS_STR_PARSE_SUCCESS);
179 }
180
181 static compat_backend_op_t shadow_ops[] = {
182 _nss_compat_destr,
183 _nss_compat_endent,
184 _nss_compat_setent,
185 _nss_compat_getent,
186 getbyname
187 };
188
189 /*ARGSUSED*/
190 nss_backend_t *
191 _nss_compat_shadow_constr(dummy1, dummy2, dummy3)
192 const char *dummy1, *dummy2, *dummy3;
193 {
194 return (_nss_compat_constr(shadow_ops,
195 sizeof (shadow_ops) / sizeof (shadow_ops[0]),
196 SHADOW,
197 NSS_LINELEN_SHADOW,
198 &db_root,
199 _nss_initf_shadow_compat,
200 1,
201 get_spnamp,
202 merge_spents));
203 }
204