xref: /illumos-gate/usr/src/lib/nsswitch/compat/common/getpwent.c (revision df3cd224ef765c29101e4110546062199562f757)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  *	getpwent.c
26  *
27  * lib/nsswitch/compat/getpwent.c -- name-service-switch backend for getpwnam()
28  *   et al that does 4.x compatibility.  It looks in /etc/passwd; if it finds
29  *   passwd entries there that begin with "+" or "-", it consults other
30  *   services.  By default it uses NIS (YP), but the user can override this
31  *   with a "passwd_compat" entry in /etc/nsswitch.conf, e.g.
32  *			passwd_compat: ldap
33  *
34  * This code tries to produce the same results as the 4.x code, even when
35  *   the latter seems ill thought-out (mostly in the handling of netgroups,
36  *   "-", and the combination thereof).  Bug-compatible, in other words.
37  *   Though we do try to be more reasonable about the format of "+" and "-"
38  *   entries here, i.e. you don't have to pad them with spurious colons and
39  *   bogus uid/gid values.
40  *
41  * Caveats:
42  *    -	More than one source may be specified, with the usual switch semantics,
43  *	but having multiple sources here is definitely odd.
44  *    -	People who recursively specify "compat" deserve what they get.
45  *    -	Entries that begin with "+@" or "-@" are interpreted using
46  *	getnetgrent() and innetgr(), which use the "netgroup" entry in
47  *	/etc/nsswitch.conf.  If the sources for "passwd_compat" and "netgroup"
48  *	differ, everything should work fine, but the semantics will be pretty
49  *	confusing.
50  */
51 
52 #include <pwd.h>
53 #include <shadow.h>		/* For PASSWD (pathname to passwd file) */
54 #include <stdlib.h>
55 #include <strings.h>
56 #include "compat_common.h"
57 
58 static DEFINE_NSS_DB_ROOT(db_root);
59 
60 static void
61 _nss_initf_passwd_compat(p)
62 	nss_db_params_t	*p;
63 {
64 	p->name		  = NSS_DBNAM_PASSWD;
65 	p->config_name	  = NSS_DBNAM_PASSWD_COMPAT;
66 	p->default_config = NSS_DEFCONF_PASSWD_COMPAT;
67 }
68 
69 /*
70  * Validates passwd entry replacing uid/gid > MAXUID by ID_NOBODY.
71  */
72 int
73 validate_passwd_ids(char *line, int *linelenp, int buflen, int extra_chars)
74 {
75 	char	*linep, *limit, *uidp, *gidp;
76 	uid_t	uid;
77 	gid_t	gid;
78 	ulong_t	uidl, gidl;
79 	int	olduidlen, oldgidlen, idlen;
80 	int	linelen = *linelenp, newlinelen;
81 
82 	if (linelen == 0 || *line == '+' || *line == '-')
83 		return (NSS_STR_PARSE_SUCCESS);
84 
85 	linep = line;
86 	limit = line + linelen;
87 
88 	while (linep < limit && *linep++ != ':') /* skip username */
89 		continue;
90 	while (linep < limit && *linep++ != ':') /* skip password */
91 		continue;
92 	if (linep == limit)
93 		return (NSS_STR_PARSE_PARSE);
94 
95 	uidp = linep;
96 	uidl = strtoul(uidp, (char **)&linep, 10); /* grab uid */
97 	olduidlen = linep - uidp;
98 	if (++linep >= limit || olduidlen == 0)
99 		return (NSS_STR_PARSE_PARSE);
100 
101 	gidp = linep;
102 	gidl = strtoul(gidp, (char **)&linep, 10); /* grab gid */
103 	oldgidlen = linep - gidp;
104 	if (linep >= limit || oldgidlen == 0)
105 		return (NSS_STR_PARSE_PARSE);
106 
107 	if (uidl <= MAXUID && gidl <= MAXUID)
108 		return (NSS_STR_PARSE_SUCCESS);
109 	uid = (uidl > MAXUID) ? UID_NOBODY : (uid_t)uidl;
110 	gid = (gidl > MAXUID) ? GID_NOBODY : (gid_t)gidl;
111 
112 	/* Check if we have enough space in the buffer */
113 	idlen = snprintf(NULL, 0, "%u:%u", uid, gid);
114 	newlinelen = linelen + idlen - olduidlen - oldgidlen - 1;
115 	if (newlinelen + extra_chars > buflen)
116 		return (NSS_STR_PARSE_ERANGE);
117 
118 	/* Replace ephemeral ids by ID_NOBODY */
119 	(void) bcopy(linep, uidp + idlen, limit - linep + extra_chars);
120 	(void) snprintf(uidp, idlen + 1, "%u:%u", uid, gid);
121 	*(uidp + idlen) = ':'; /* restore : that was overwritten by snprintf */
122 	*linelenp = newlinelen;
123 	return (NSS_STR_PARSE_SUCCESS);
124 }
125 
126 static const char *
127 get_pwname(argp)
128 	nss_XbyY_args_t		*argp;
129 {
130 	struct passwd		*p = (struct passwd *)argp->returnval;
131 
132 	return (p->pw_name);
133 }
134 
135 static int
136 check_pwname(argp)
137 	nss_XbyY_args_t		*argp;
138 {
139 	struct passwd		*p = (struct passwd *)argp->returnval;
140 
141 	return (strcmp(p->pw_name, argp->key.name) == 0);
142 }
143 
144 static nss_status_t
145 getbyname(be, a)
146 	compat_backend_ptr_t	be;
147 	void			*a;
148 {
149 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
150 
151 	return (_nss_compat_XY_all(be, argp,
152 				check_pwname, NSS_DBOP_PASSWD_BYNAME));
153 }
154 
155 static int
156 check_pwuid(argp)
157 	nss_XbyY_args_t		*argp;
158 {
159 	struct passwd		*p = (struct passwd *)argp->returnval;
160 
161 	return (p->pw_uid == argp->key.uid);
162 }
163 
164 static nss_status_t
165 getbyuid(be, a)
166 	compat_backend_ptr_t	be;
167 	void			*a;
168 {
169 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
170 
171 	if (argp->key.uid > MAXUID)
172 		return (NSS_NOTFOUND);
173 	return (_nss_compat_XY_all(be, argp,
174 				check_pwuid, NSS_DBOP_PASSWD_BYUID));
175 }
176 
177 /*ARGSUSED*/
178 static int
179 merge_pwents(be, argp, fields)
180 	compat_backend_ptr_t	be;
181 	nss_XbyY_args_t		*argp;
182 	const char		**fields;
183 {
184 	struct passwd		*pw	= (struct passwd *)argp->buf.result;
185 	char			*buf	= malloc(NSS_LINELEN_PASSWD);
186 	char			*s;
187 	int			parsestat;
188 	int			len;
189 	int			buflen;
190 
191 	if (buf == 0) {
192 		return (NSS_STR_PARSE_PARSE);
193 		/* Really "out of memory", but PARSE_PARSE will have to do */
194 	}
195 	/*
196 	 * Don't allow overriding of
197 	 *	- username
198 	 *	- uid
199 	 *	- gid
200 	 * That's what the SunOS 4.x code did;  who are we to question it...
201 	 */
202 	s = buf;
203 	buflen = argp->buf.buflen;
204 
205 	if (fields[1] != 0)
206 		len = snprintf(s, buflen, "%s:%s",
207 				pw->pw_name, fields[1]);
208 	else {
209 /* ====> Does this do the right thing? */
210 		if (pw->pw_age != 0 && *pw->pw_age != '\0')
211 			len = snprintf(s, buflen, "%s:%s,%s",
212 				pw->pw_name, pw->pw_passwd, pw->pw_age);
213 		else
214 			len = snprintf(s, buflen, "%s:%s",
215 				pw->pw_name, pw->pw_passwd);
216 	}
217 
218 	if (len > buflen)
219 		return (NSS_STR_PARSE_ERANGE);
220 
221 	s += len;
222 	buflen -= len;
223 	len = snprintf(s, buflen, ":%u:%u:%s:%s:%s",
224 		pw->pw_uid,
225 		pw->pw_gid,
226 		fields[4] != 0 ? fields[4] : pw->pw_gecos,
227 		fields[5] != 0 ? fields[5] : pw->pw_dir,
228 		fields[6] != 0 ? fields[6] : pw->pw_shell);
229 
230 	if (len > buflen)
231 		return (NSS_STR_PARSE_ERANGE);
232 
233 	s += len;
234 	len = s - buf;
235 
236 	/*
237 	 * if asked, return the data in /etc file format
238 	 */
239 	if (be->return_string_data == 1) {
240 		/* reset the result ptr to the original value */
241 		argp->buf.result = NULL;
242 
243 		if (len > argp->buf.buflen) {
244 			parsestat = NSS_STR_PARSE_ERANGE;
245 		} else {
246 			(void) strncpy(argp->buf.buffer, buf, len);
247 			argp->returnval = argp->buf.buffer;
248 			argp->returnlen = len;
249 			parsestat = NSS_SUCCESS;
250 		}
251 	} else {
252 		parsestat = (*argp->str2ent)(buf, len,
253 				    argp->buf.result,
254 				    argp->buf.buffer,
255 				    argp->buf.buflen);
256 	}
257 	free(buf);
258 	return (parsestat);
259 }
260 
261 static compat_backend_op_t passwd_ops[] = {
262 	_nss_compat_destr,
263 	_nss_compat_endent,
264 	_nss_compat_setent,
265 	_nss_compat_getent,
266 	getbyname,
267 	getbyuid
268 };
269 
270 /*ARGSUSED*/
271 nss_backend_t *
272 _nss_compat_passwd_constr(dummy1, dummy2, dummy3)
273 	const char	*dummy1, *dummy2, *dummy3;
274 {
275 	return (_nss_compat_constr(passwd_ops,
276 				sizeof (passwd_ops) / sizeof (passwd_ops[0]),
277 				PASSWD,
278 				NSS_LINELEN_PASSWD,
279 				&db_root,
280 				_nss_initf_passwd_compat,
281 				1,
282 				get_pwname,
283 				merge_pwents));
284 }
285