17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*cb5caa98Sdjl * Common Development and Distribution License (the "License"). 6*cb5caa98Sdjl * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 21*cb5caa98Sdjl 227c478bd9Sstevel@tonic-gate /* 23*cb5caa98Sdjl * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24*cb5caa98Sdjl * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate * 267c478bd9Sstevel@tonic-gate * nis/getspent.c -- "nis" backend for nsswitch "shadow" database 277c478bd9Sstevel@tonic-gate */ 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate #include <shadow.h> 327c478bd9Sstevel@tonic-gate #include <string.h> 337c478bd9Sstevel@tonic-gate #include "nis_common.h" 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gate /* 367c478bd9Sstevel@tonic-gate * Most of the information in a struct spwd simply isn't available from the 377c478bd9Sstevel@tonic-gate * YP maps, we dummy out all the numeric fields and just get sp_namp and 387c478bd9Sstevel@tonic-gate * sp_pwdp (name and password) from the YP passwd map. Thus we don't 397c478bd9Sstevel@tonic-gate * use the str2ent() routine that's passed to us, but instead have our 407c478bd9Sstevel@tonic-gate * own dummy routine: 417c478bd9Sstevel@tonic-gate * 427c478bd9Sstevel@tonic-gate * Return values: 0 = success, 1 = parse error, 2 = erange ... 437c478bd9Sstevel@tonic-gate * The structure pointer passed in is a structure in the caller's space 447c478bd9Sstevel@tonic-gate * wherein the field pointers would be set to areas in the buffer if 457c478bd9Sstevel@tonic-gate * need be. instring and buffer should be separate areas. Let's not 467c478bd9Sstevel@tonic-gate * fight over crumbs. 477c478bd9Sstevel@tonic-gate */ 487c478bd9Sstevel@tonic-gate static int 497c478bd9Sstevel@tonic-gate nis_str2spent(instr, lenstr, ent, buffer, buflen) 507c478bd9Sstevel@tonic-gate const char *instr; 517c478bd9Sstevel@tonic-gate int lenstr; 527c478bd9Sstevel@tonic-gate void *ent; /* it is really (struct spwd *) */ 537c478bd9Sstevel@tonic-gate char *buffer; 547c478bd9Sstevel@tonic-gate int buflen; 557c478bd9Sstevel@tonic-gate { 567c478bd9Sstevel@tonic-gate struct spwd *spwd = (struct spwd *)ent; 57*cb5caa98Sdjl char *p, *q, *r; 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gate /* 607c478bd9Sstevel@tonic-gate * We know that instr != 0 because we're in 'nis', not 'files' 617c478bd9Sstevel@tonic-gate */ 627c478bd9Sstevel@tonic-gate if ((p = memchr(instr, ':', lenstr)) == 0) { 637c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 647c478bd9Sstevel@tonic-gate } 657c478bd9Sstevel@tonic-gate if ((q = memchr(p + 1, ':', lenstr - (p + 1 - instr))) == 0) { 667c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 677c478bd9Sstevel@tonic-gate } 687c478bd9Sstevel@tonic-gate /* Don't bother checking the rest of the YP passwd entry... */ 697c478bd9Sstevel@tonic-gate 707c478bd9Sstevel@tonic-gate if (q + 1 - instr > buflen) { 717c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_ERANGE); 727c478bd9Sstevel@tonic-gate } 73*cb5caa98Sdjl /* 74*cb5caa98Sdjl * "name:password" is copied 75*cb5caa98Sdjl */ 76*cb5caa98Sdjl (void) memcpy(buffer, instr, q - instr); 77*cb5caa98Sdjl if (spwd) { 787c478bd9Sstevel@tonic-gate buffer[p - instr] = '\0'; 797c478bd9Sstevel@tonic-gate buffer[q - instr] = '\0'; 807c478bd9Sstevel@tonic-gate 817c478bd9Sstevel@tonic-gate spwd->sp_namp = buffer; 827c478bd9Sstevel@tonic-gate spwd->sp_pwdp = buffer + (p + 1 - instr); 837c478bd9Sstevel@tonic-gate spwd->sp_lstchg = -1; 847c478bd9Sstevel@tonic-gate spwd->sp_min = -1; 857c478bd9Sstevel@tonic-gate spwd->sp_max = -1; 867c478bd9Sstevel@tonic-gate spwd->sp_warn = -1; 877c478bd9Sstevel@tonic-gate spwd->sp_inact = -1; 887c478bd9Sstevel@tonic-gate spwd->sp_expire = -1; 897c478bd9Sstevel@tonic-gate spwd->sp_flag = 0; 90*cb5caa98Sdjl } else { 91*cb5caa98Sdjl /* 92*cb5caa98Sdjl * NSS2: nscd is running. Return files format. 93*cb5caa98Sdjl * 94*cb5caa98Sdjl * name:password::::::: 95*cb5caa98Sdjl */ 96*cb5caa98Sdjl r = buffer + (q - instr); 97*cb5caa98Sdjl *r = '\0'; 98*cb5caa98Sdjl if (strlcat(buffer, ":::::::", buflen) >= buflen) 99*cb5caa98Sdjl return (NSS_STR_PARSE_ERANGE); 100*cb5caa98Sdjl } 1017c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_SUCCESS); 1027c478bd9Sstevel@tonic-gate } 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate typedef int (*cstr2ent_t)(const char *, int, void *, char *, int); 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate static nss_status_t 1077c478bd9Sstevel@tonic-gate getbyname(be, a) 1087c478bd9Sstevel@tonic-gate nis_backend_ptr_t be; 1097c478bd9Sstevel@tonic-gate void *a; 1107c478bd9Sstevel@tonic-gate { 1117c478bd9Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 1127c478bd9Sstevel@tonic-gate cstr2ent_t save_c2e; 1137c478bd9Sstevel@tonic-gate nss_status_t res; 1147c478bd9Sstevel@tonic-gate struct spwd *spwd; 115*cb5caa98Sdjl char *p; 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate save_c2e = argp->str2ent; 1187c478bd9Sstevel@tonic-gate argp->str2ent = nis_str2spent; 1197c478bd9Sstevel@tonic-gate res = _nss_nis_lookup(be, argp, 0, "passwd.byname", argp->key.name, 0); 1207c478bd9Sstevel@tonic-gate spwd = (struct spwd *)argp->buf.result; 1217c478bd9Sstevel@tonic-gate /* 1227c478bd9Sstevel@tonic-gate * check for the C2 security flag "##" in the passwd field. 1237c478bd9Sstevel@tonic-gate * If the first 2 chars in the passwd field is "##", get 1247c478bd9Sstevel@tonic-gate * the user's passwd from passwd.adjunct.byname map. 1257c478bd9Sstevel@tonic-gate * The lookup to this passwd.adjunct.byname map will only 1267c478bd9Sstevel@tonic-gate * succeed if the caller's uid is 0 because only root user 1277c478bd9Sstevel@tonic-gate * can use privilege port. 1287c478bd9Sstevel@tonic-gate */ 129*cb5caa98Sdjl if (res == NSS_SUCCESS) { 130*cb5caa98Sdjl if (spwd) { 131*cb5caa98Sdjl if ((spwd->sp_pwdp) && (*(spwd->sp_pwdp) == '#') && 132*cb5caa98Sdjl (*(spwd->sp_pwdp + 1) == '#')) { 1337c478bd9Sstevel@tonic-gate /* get password from passwd.adjunct.byname */ 1347c478bd9Sstevel@tonic-gate res = _nss_nis_lookup_rsvdport(be, argp, 0, 1357c478bd9Sstevel@tonic-gate "passwd.adjunct.byname", 1367c478bd9Sstevel@tonic-gate argp->key.name, 0); 1377c478bd9Sstevel@tonic-gate } 138*cb5caa98Sdjl } else { 139*cb5caa98Sdjl /* 140*cb5caa98Sdjl * getent request from nscd 141*cb5caa98Sdjl */ 142*cb5caa98Sdjl if ((p = memchr(argp->buf.buffer, ':', 143*cb5caa98Sdjl argp->buf.buflen)) == NULL) 144*cb5caa98Sdjl return (NSS_STR_PARSE_PARSE); 145*cb5caa98Sdjl if (strncmp(p + 1, "##", 2) == 0) 146*cb5caa98Sdjl /* get password from passwd.adjunct.byname */ 147*cb5caa98Sdjl res = _nss_nis_lookup_rsvdport(be, argp, 0, 148*cb5caa98Sdjl "passwd.adjunct.byname", 149*cb5caa98Sdjl argp->key.name, 0); 150*cb5caa98Sdjl if (res == NSS_SUCCESS) { 151*cb5caa98Sdjl argp->returnval = argp->buf.buffer; 152*cb5caa98Sdjl argp->returnlen = strlen(argp->buf.buffer); 153*cb5caa98Sdjl } 154*cb5caa98Sdjl } 155*cb5caa98Sdjl } 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate argp->str2ent = save_c2e; 1587c478bd9Sstevel@tonic-gate return (res); 1597c478bd9Sstevel@tonic-gate } 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate #define NIS_SP_GETENT 1627c478bd9Sstevel@tonic-gate 1637c478bd9Sstevel@tonic-gate #ifdef NIS_SP_GETENT 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate static nss_status_t 1667c478bd9Sstevel@tonic-gate getent(be, a) 1677c478bd9Sstevel@tonic-gate nis_backend_ptr_t be; 1687c478bd9Sstevel@tonic-gate void *a; 1697c478bd9Sstevel@tonic-gate { 1707c478bd9Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 1717c478bd9Sstevel@tonic-gate cstr2ent_t save_c2e; 1727c478bd9Sstevel@tonic-gate nss_status_t res; 1737c478bd9Sstevel@tonic-gate struct spwd *spwd; 174*cb5caa98Sdjl char *p; 1757c478bd9Sstevel@tonic-gate 1767c478bd9Sstevel@tonic-gate save_c2e = argp->str2ent; 1777c478bd9Sstevel@tonic-gate argp->str2ent = nis_str2spent; 1787c478bd9Sstevel@tonic-gate res = _nss_nis_getent_rigid(be, argp); 1797c478bd9Sstevel@tonic-gate spwd = (struct spwd *)argp->buf.result; 1807c478bd9Sstevel@tonic-gate /* 1817c478bd9Sstevel@tonic-gate * check for the C2 security flag "##" in the passwd field. 1827c478bd9Sstevel@tonic-gate * If the first 2 chars in the passwd field is "##", get 1837c478bd9Sstevel@tonic-gate * the user's passwd from passwd.adjunct.byname map. 1847c478bd9Sstevel@tonic-gate * The lookup to this passwd.adjunct.byname map will only 1857c478bd9Sstevel@tonic-gate * succeed if the caller's uid is 0 because only root user 1867c478bd9Sstevel@tonic-gate * can use privilege port. 1877c478bd9Sstevel@tonic-gate */ 188*cb5caa98Sdjl if (res == NSS_SUCCESS) { 189*cb5caa98Sdjl if (spwd) { 190*cb5caa98Sdjl if ((spwd->sp_pwdp) && (*(spwd->sp_pwdp) == '#') && 191*cb5caa98Sdjl (*(spwd->sp_pwdp + 1) == '#')) { 1927c478bd9Sstevel@tonic-gate /* get password from passwd.adjunct.byname */ 1937c478bd9Sstevel@tonic-gate res = _nss_nis_lookup_rsvdport(be, argp, 0, 1947c478bd9Sstevel@tonic-gate "passwd.adjunct.byname", 1957c478bd9Sstevel@tonic-gate spwd->sp_namp, 0); 1967c478bd9Sstevel@tonic-gate } 197*cb5caa98Sdjl } else { 198*cb5caa98Sdjl /* 199*cb5caa98Sdjl * getent request from nscd 200*cb5caa98Sdjl */ 201*cb5caa98Sdjl if ((p = memchr(argp->buf.buffer, ':', 202*cb5caa98Sdjl argp->buf.buflen)) == NULL) 203*cb5caa98Sdjl return (NSS_STR_PARSE_PARSE); 204*cb5caa98Sdjl if (strncmp(p + 1, "##", 2) == 0) { 205*cb5caa98Sdjl /* need the name for the next search */ 206*cb5caa98Sdjl *p = '\0'; 207*cb5caa98Sdjl /* get password from passwd.adjunct.byname */ 208*cb5caa98Sdjl res = _nss_nis_lookup_rsvdport(be, argp, 0, 209*cb5caa98Sdjl "passwd.adjunct.byname", p, 0); 210*cb5caa98Sdjl } 211*cb5caa98Sdjl if (res == NSS_SUCCESS) { 212*cb5caa98Sdjl argp->returnval = argp->buf.buffer; 213*cb5caa98Sdjl argp->returnlen = strlen(argp->buf.buffer); 214*cb5caa98Sdjl } 215*cb5caa98Sdjl } 216*cb5caa98Sdjl } 217*cb5caa98Sdjl 2187c478bd9Sstevel@tonic-gate argp->str2ent = save_c2e; 2197c478bd9Sstevel@tonic-gate return (res); 2207c478bd9Sstevel@tonic-gate } 2217c478bd9Sstevel@tonic-gate 2227c478bd9Sstevel@tonic-gate #endif /* NIS_SP_GETENT */ 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate static nis_backend_op_t shadow_ops[] = { 2257c478bd9Sstevel@tonic-gate _nss_nis_destr, 2267c478bd9Sstevel@tonic-gate _nss_nis_endent, 2277c478bd9Sstevel@tonic-gate _nss_nis_setent, 2287c478bd9Sstevel@tonic-gate #ifdef NIS_SP_GETENT 2297c478bd9Sstevel@tonic-gate getent, 2307c478bd9Sstevel@tonic-gate #else 2317c478bd9Sstevel@tonic-gate 0, 2327c478bd9Sstevel@tonic-gate #endif /* NIS_SP_GETENT */ 2337c478bd9Sstevel@tonic-gate getbyname 2347c478bd9Sstevel@tonic-gate }; 2357c478bd9Sstevel@tonic-gate 236*cb5caa98Sdjl /*ARGSUSED*/ 2377c478bd9Sstevel@tonic-gate nss_backend_t * 2387c478bd9Sstevel@tonic-gate _nss_nis_shadow_constr(dummy1, dummy2, dummy3) 2397c478bd9Sstevel@tonic-gate const char *dummy1, *dummy2, *dummy3; 2407c478bd9Sstevel@tonic-gate { 2417c478bd9Sstevel@tonic-gate return (_nss_nis_constr(shadow_ops, 2427c478bd9Sstevel@tonic-gate sizeof (shadow_ops) / sizeof (shadow_ops[0]), 2437c478bd9Sstevel@tonic-gate "passwd.byname")); 2447c478bd9Sstevel@tonic-gate } 245