xref: /titanic_50/usr/src/lib/nsswitch/nis/common/getspent.c (revision cb5caa98562cf06753163f558cbcfe30b8f4673a) 
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5*cb5caa98Sdjl  * Common Development and Distribution License (the "License").
6*cb5caa98Sdjl  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
21*cb5caa98Sdjl 
227c478bd9Sstevel@tonic-gate /*
23*cb5caa98Sdjl  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24*cb5caa98Sdjl  * Use is subject to license terms.
257c478bd9Sstevel@tonic-gate  *
267c478bd9Sstevel@tonic-gate  *	nis/getspent.c -- "nis" backend for nsswitch "shadow" database
277c478bd9Sstevel@tonic-gate  */
287c478bd9Sstevel@tonic-gate 
297c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
307c478bd9Sstevel@tonic-gate 
317c478bd9Sstevel@tonic-gate #include <shadow.h>
327c478bd9Sstevel@tonic-gate #include <string.h>
337c478bd9Sstevel@tonic-gate #include "nis_common.h"
347c478bd9Sstevel@tonic-gate 
357c478bd9Sstevel@tonic-gate /*
367c478bd9Sstevel@tonic-gate  * Most of the information in a struct spwd simply isn't available from the
377c478bd9Sstevel@tonic-gate  * YP maps, we dummy out all the numeric fields and just get sp_namp and
387c478bd9Sstevel@tonic-gate  * sp_pwdp (name and password) from the YP passwd map.  Thus we don't
397c478bd9Sstevel@tonic-gate  * use the str2ent() routine that's passed to us, but instead have our
407c478bd9Sstevel@tonic-gate  * own dummy routine:
417c478bd9Sstevel@tonic-gate  *
427c478bd9Sstevel@tonic-gate  * Return values: 0 = success, 1 = parse error, 2 = erange ...
437c478bd9Sstevel@tonic-gate  * The structure pointer passed in is a structure in the caller's space
447c478bd9Sstevel@tonic-gate  * wherein the field pointers would be set to areas in the buffer if
457c478bd9Sstevel@tonic-gate  * need be. instring and buffer should be separate areas. Let's not
467c478bd9Sstevel@tonic-gate  * fight over crumbs.
477c478bd9Sstevel@tonic-gate  */
487c478bd9Sstevel@tonic-gate static int
nis_str2spent(instr,lenstr,ent,buffer,buflen)497c478bd9Sstevel@tonic-gate nis_str2spent(instr, lenstr, ent, buffer, buflen)
507c478bd9Sstevel@tonic-gate 	const char		*instr;
517c478bd9Sstevel@tonic-gate 	int			lenstr;
527c478bd9Sstevel@tonic-gate 	void	*ent; /* it is really (struct spwd *) */
537c478bd9Sstevel@tonic-gate 	char	*buffer;
547c478bd9Sstevel@tonic-gate 	int	buflen;
557c478bd9Sstevel@tonic-gate {
567c478bd9Sstevel@tonic-gate 	struct spwd		*spwd	= (struct spwd *)ent;
57*cb5caa98Sdjl 	char			*p, *q, *r;
587c478bd9Sstevel@tonic-gate 
597c478bd9Sstevel@tonic-gate 	/*
607c478bd9Sstevel@tonic-gate 	 * We know that instr != 0 because we're in 'nis', not 'files'
617c478bd9Sstevel@tonic-gate 	 */
627c478bd9Sstevel@tonic-gate 	if ((p = memchr(instr, ':', lenstr)) == 0) {
637c478bd9Sstevel@tonic-gate 		return (NSS_STR_PARSE_PARSE);
647c478bd9Sstevel@tonic-gate 	}
657c478bd9Sstevel@tonic-gate 	if ((q = memchr(p + 1, ':', lenstr - (p + 1 - instr))) == 0) {
667c478bd9Sstevel@tonic-gate 		return (NSS_STR_PARSE_PARSE);
677c478bd9Sstevel@tonic-gate 	}
687c478bd9Sstevel@tonic-gate 	/* Don't bother checking the rest of the YP passwd entry... */
697c478bd9Sstevel@tonic-gate 
707c478bd9Sstevel@tonic-gate 	if (q + 1 - instr > buflen) {
717c478bd9Sstevel@tonic-gate 		return (NSS_STR_PARSE_ERANGE);
727c478bd9Sstevel@tonic-gate 	}
73*cb5caa98Sdjl 	/*
74*cb5caa98Sdjl 	 * "name:password" is copied
75*cb5caa98Sdjl 	 */
76*cb5caa98Sdjl 	(void) memcpy(buffer, instr, q - instr);
77*cb5caa98Sdjl 	if (spwd) {
787c478bd9Sstevel@tonic-gate 		buffer[p - instr] = '\0';
797c478bd9Sstevel@tonic-gate 		buffer[q - instr] = '\0';
807c478bd9Sstevel@tonic-gate 
817c478bd9Sstevel@tonic-gate 		spwd->sp_namp	= buffer;
827c478bd9Sstevel@tonic-gate 		spwd->sp_pwdp	= buffer + (p + 1 - instr);
837c478bd9Sstevel@tonic-gate 		spwd->sp_lstchg	= -1;
847c478bd9Sstevel@tonic-gate 		spwd->sp_min	= -1;
857c478bd9Sstevel@tonic-gate 		spwd->sp_max	= -1;
867c478bd9Sstevel@tonic-gate 		spwd->sp_warn	= -1;
877c478bd9Sstevel@tonic-gate 		spwd->sp_inact	= -1;
887c478bd9Sstevel@tonic-gate 		spwd->sp_expire	= -1;
897c478bd9Sstevel@tonic-gate 		spwd->sp_flag	= 0;
90*cb5caa98Sdjl 	} else {
91*cb5caa98Sdjl 		/*
92*cb5caa98Sdjl 		 *  NSS2: nscd is running. Return files format.
93*cb5caa98Sdjl 		 *
94*cb5caa98Sdjl 		 *  name:password:::::::
95*cb5caa98Sdjl 		 */
96*cb5caa98Sdjl 		r = buffer + (q - instr);
97*cb5caa98Sdjl 		*r = '\0';
98*cb5caa98Sdjl 		if (strlcat(buffer, ":::::::", buflen) >= buflen)
99*cb5caa98Sdjl 			return (NSS_STR_PARSE_ERANGE);
100*cb5caa98Sdjl 	}
1017c478bd9Sstevel@tonic-gate 	return (NSS_STR_PARSE_SUCCESS);
1027c478bd9Sstevel@tonic-gate }
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate typedef int	(*cstr2ent_t)(const char *, int, void *, char *, int);
1057c478bd9Sstevel@tonic-gate 
1067c478bd9Sstevel@tonic-gate static nss_status_t
getbyname(be,a)1077c478bd9Sstevel@tonic-gate getbyname(be, a)
1087c478bd9Sstevel@tonic-gate 	nis_backend_ptr_t	be;
1097c478bd9Sstevel@tonic-gate 	void			*a;
1107c478bd9Sstevel@tonic-gate {
1117c478bd9Sstevel@tonic-gate 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
1127c478bd9Sstevel@tonic-gate 	cstr2ent_t		save_c2e;
1137c478bd9Sstevel@tonic-gate 	nss_status_t		res;
1147c478bd9Sstevel@tonic-gate 	struct spwd 		*spwd;
115*cb5caa98Sdjl 	char			*p;
1167c478bd9Sstevel@tonic-gate 
1177c478bd9Sstevel@tonic-gate 	save_c2e	= argp->str2ent;
1187c478bd9Sstevel@tonic-gate 	argp->str2ent	= nis_str2spent;
1197c478bd9Sstevel@tonic-gate 	res = _nss_nis_lookup(be, argp, 0, "passwd.byname", argp->key.name, 0);
1207c478bd9Sstevel@tonic-gate 	spwd = (struct spwd *)argp->buf.result;
1217c478bd9Sstevel@tonic-gate 	/*
1227c478bd9Sstevel@tonic-gate 	 * check for the C2 security flag "##" in the passwd field.
1237c478bd9Sstevel@tonic-gate 	 * If the first 2 chars in the passwd field is "##", get
1247c478bd9Sstevel@tonic-gate 	 * the user's passwd from passwd.adjunct.byname map.
1257c478bd9Sstevel@tonic-gate 	 * The lookup to this passwd.adjunct.byname map will only
1267c478bd9Sstevel@tonic-gate 	 * succeed if the caller's uid is 0 because only root user
1277c478bd9Sstevel@tonic-gate 	 * can use privilege port.
1287c478bd9Sstevel@tonic-gate 	 */
129*cb5caa98Sdjl 	if (res == NSS_SUCCESS) {
130*cb5caa98Sdjl 		if (spwd) {
131*cb5caa98Sdjl 			if ((spwd->sp_pwdp) && (*(spwd->sp_pwdp) == '#') &&
132*cb5caa98Sdjl 				(*(spwd->sp_pwdp + 1) == '#')) {
1337c478bd9Sstevel@tonic-gate 			/* get password from passwd.adjunct.byname */
1347c478bd9Sstevel@tonic-gate 				res = _nss_nis_lookup_rsvdport(be, argp, 0,
1357c478bd9Sstevel@tonic-gate 						"passwd.adjunct.byname",
1367c478bd9Sstevel@tonic-gate 						argp->key.name, 0);
1377c478bd9Sstevel@tonic-gate 			}
138*cb5caa98Sdjl 		} else {
139*cb5caa98Sdjl 			/*
140*cb5caa98Sdjl 			 * getent request from nscd
141*cb5caa98Sdjl 			 */
142*cb5caa98Sdjl 			if ((p = memchr(argp->buf.buffer, ':',
143*cb5caa98Sdjl 					argp->buf.buflen)) == NULL)
144*cb5caa98Sdjl 				return (NSS_STR_PARSE_PARSE);
145*cb5caa98Sdjl 			if (strncmp(p + 1, "##", 2) == 0)
146*cb5caa98Sdjl 				/* get password from passwd.adjunct.byname */
147*cb5caa98Sdjl 				res = _nss_nis_lookup_rsvdport(be, argp, 0,
148*cb5caa98Sdjl 						"passwd.adjunct.byname",
149*cb5caa98Sdjl 						argp->key.name, 0);
150*cb5caa98Sdjl 			if (res ==  NSS_SUCCESS) {
151*cb5caa98Sdjl 				argp->returnval = argp->buf.buffer;
152*cb5caa98Sdjl 				argp->returnlen = strlen(argp->buf.buffer);
153*cb5caa98Sdjl 			}
154*cb5caa98Sdjl 		}
155*cb5caa98Sdjl 	}
1567c478bd9Sstevel@tonic-gate 
1577c478bd9Sstevel@tonic-gate 	argp->str2ent	= save_c2e;
1587c478bd9Sstevel@tonic-gate 	return (res);
1597c478bd9Sstevel@tonic-gate }
1607c478bd9Sstevel@tonic-gate 
1617c478bd9Sstevel@tonic-gate #define	NIS_SP_GETENT
1627c478bd9Sstevel@tonic-gate 
1637c478bd9Sstevel@tonic-gate #ifdef	NIS_SP_GETENT
1647c478bd9Sstevel@tonic-gate 
1657c478bd9Sstevel@tonic-gate static nss_status_t
getent(be,a)1667c478bd9Sstevel@tonic-gate getent(be, a)
1677c478bd9Sstevel@tonic-gate 	nis_backend_ptr_t	be;
1687c478bd9Sstevel@tonic-gate 	void			*a;
1697c478bd9Sstevel@tonic-gate {
1707c478bd9Sstevel@tonic-gate 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
1717c478bd9Sstevel@tonic-gate 	cstr2ent_t		save_c2e;
1727c478bd9Sstevel@tonic-gate 	nss_status_t		res;
1737c478bd9Sstevel@tonic-gate 	struct spwd 		*spwd;
174*cb5caa98Sdjl 	char			*p;
1757c478bd9Sstevel@tonic-gate 
1767c478bd9Sstevel@tonic-gate 	save_c2e	= argp->str2ent;
1777c478bd9Sstevel@tonic-gate 	argp->str2ent	= nis_str2spent;
1787c478bd9Sstevel@tonic-gate 	res = _nss_nis_getent_rigid(be, argp);
1797c478bd9Sstevel@tonic-gate 	spwd = (struct spwd *)argp->buf.result;
1807c478bd9Sstevel@tonic-gate 	/*
1817c478bd9Sstevel@tonic-gate 	 * check for the C2 security flag "##" in the passwd field.
1827c478bd9Sstevel@tonic-gate 	 * If the first 2 chars in the passwd field is "##", get
1837c478bd9Sstevel@tonic-gate 	 * the user's passwd from passwd.adjunct.byname map.
1847c478bd9Sstevel@tonic-gate 	 * The lookup to this passwd.adjunct.byname map will only
1857c478bd9Sstevel@tonic-gate 	 * succeed if the caller's uid is 0 because only root user
1867c478bd9Sstevel@tonic-gate 	 * can use privilege port.
1877c478bd9Sstevel@tonic-gate 	 */
188*cb5caa98Sdjl 	if (res == NSS_SUCCESS) {
189*cb5caa98Sdjl 		if (spwd) {
190*cb5caa98Sdjl 			if ((spwd->sp_pwdp) && (*(spwd->sp_pwdp) == '#') &&
191*cb5caa98Sdjl 				(*(spwd->sp_pwdp + 1) == '#')) {
1927c478bd9Sstevel@tonic-gate 				/* get password from passwd.adjunct.byname */
1937c478bd9Sstevel@tonic-gate 				res = _nss_nis_lookup_rsvdport(be, argp, 0,
1947c478bd9Sstevel@tonic-gate 					"passwd.adjunct.byname",
1957c478bd9Sstevel@tonic-gate 					spwd->sp_namp, 0);
1967c478bd9Sstevel@tonic-gate 			}
197*cb5caa98Sdjl 		} else {
198*cb5caa98Sdjl 			/*
199*cb5caa98Sdjl 			 * getent request from nscd
200*cb5caa98Sdjl 			 */
201*cb5caa98Sdjl 			if ((p = memchr(argp->buf.buffer, ':',
202*cb5caa98Sdjl 					argp->buf.buflen)) == NULL)
203*cb5caa98Sdjl 				return (NSS_STR_PARSE_PARSE);
204*cb5caa98Sdjl 			if (strncmp(p + 1, "##", 2) == 0) {
205*cb5caa98Sdjl 				/* need the name for the next search */
206*cb5caa98Sdjl 				*p = '\0';
207*cb5caa98Sdjl 				/* get password from passwd.adjunct.byname */
208*cb5caa98Sdjl 				res = _nss_nis_lookup_rsvdport(be, argp, 0,
209*cb5caa98Sdjl 					"passwd.adjunct.byname", p, 0);
210*cb5caa98Sdjl 			}
211*cb5caa98Sdjl 			if (res ==  NSS_SUCCESS) {
212*cb5caa98Sdjl 				argp->returnval = argp->buf.buffer;
213*cb5caa98Sdjl 				argp->returnlen = strlen(argp->buf.buffer);
214*cb5caa98Sdjl 			}
215*cb5caa98Sdjl 		}
216*cb5caa98Sdjl 	}
217*cb5caa98Sdjl 
2187c478bd9Sstevel@tonic-gate 	argp->str2ent	= save_c2e;
2197c478bd9Sstevel@tonic-gate 	return (res);
2207c478bd9Sstevel@tonic-gate }
2217c478bd9Sstevel@tonic-gate 
2227c478bd9Sstevel@tonic-gate #endif	/* NIS_SP_GETENT */
2237c478bd9Sstevel@tonic-gate 
2247c478bd9Sstevel@tonic-gate static nis_backend_op_t shadow_ops[] = {
2257c478bd9Sstevel@tonic-gate 	_nss_nis_destr,
2267c478bd9Sstevel@tonic-gate 	_nss_nis_endent,
2277c478bd9Sstevel@tonic-gate 	_nss_nis_setent,
2287c478bd9Sstevel@tonic-gate #ifdef	NIS_SP_GETENT
2297c478bd9Sstevel@tonic-gate 	getent,
2307c478bd9Sstevel@tonic-gate #else
2317c478bd9Sstevel@tonic-gate 	0,
2327c478bd9Sstevel@tonic-gate #endif	/* NIS_SP_GETENT */
2337c478bd9Sstevel@tonic-gate 	getbyname
2347c478bd9Sstevel@tonic-gate };
2357c478bd9Sstevel@tonic-gate 
236*cb5caa98Sdjl /*ARGSUSED*/
2377c478bd9Sstevel@tonic-gate nss_backend_t *
_nss_nis_shadow_constr(dummy1,dummy2,dummy3)2387c478bd9Sstevel@tonic-gate _nss_nis_shadow_constr(dummy1, dummy2, dummy3)
2397c478bd9Sstevel@tonic-gate 	const char	*dummy1, *dummy2, *dummy3;
2407c478bd9Sstevel@tonic-gate {
2417c478bd9Sstevel@tonic-gate 	return (_nss_nis_constr(shadow_ops,
2427c478bd9Sstevel@tonic-gate 				sizeof (shadow_ops) / sizeof (shadow_ops[0]),
2437c478bd9Sstevel@tonic-gate 				"passwd.byname"));
2447c478bd9Sstevel@tonic-gate }
245