17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*36e852a1SRaja Andra * Common Development and Distribution License (the "License"). 6*36e852a1SRaja Andra * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*36e852a1SRaja Andra * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #include <errno.h> 277c478bd9Sstevel@tonic-gate #include <sys/types.h> 287c478bd9Sstevel@tonic-gate #include <sys/types.h> 297c478bd9Sstevel@tonic-gate #include <nsswitch.h> 307c478bd9Sstevel@tonic-gate #include <stdlib.h> 317c478bd9Sstevel@tonic-gate #include <stdio.h> 327c478bd9Sstevel@tonic-gate #include <string.h> 337c478bd9Sstevel@tonic-gate #include <syslog.h> 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gate #include "passwdutil.h" 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate int 38*36e852a1SRaja Andra __set_authtoken_attr(char *name, char *oldpw, pwu_repository_t *rep, 39*36e852a1SRaja Andra attrlist *items, int *updated_reps) 407c478bd9Sstevel@tonic-gate { 417c478bd9Sstevel@tonic-gate attrlist *p; 427c478bd9Sstevel@tonic-gate int repositories; 437c478bd9Sstevel@tonic-gate int i; 447c478bd9Sstevel@tonic-gate void *buf; /* workspace for repository specific funcs */ 457c478bd9Sstevel@tonic-gate int err = PWU_NOT_FOUND; 467c478bd9Sstevel@tonic-gate int rep_success = REP_NOREP; /* first successfull update */ 477c478bd9Sstevel@tonic-gate int updated = REP_NOREP; /* (bitmask) all updates */ 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate /* Can't set name uid or flag */ 507c478bd9Sstevel@tonic-gate for (p = items; p != NULL; p = p->next) { 517c478bd9Sstevel@tonic-gate switch (p->type) { 527c478bd9Sstevel@tonic-gate case ATTR_NAME: 537c478bd9Sstevel@tonic-gate case ATTR_UID: 547c478bd9Sstevel@tonic-gate case ATTR_FLAG: 557c478bd9Sstevel@tonic-gate return (EINVAL); 567c478bd9Sstevel@tonic-gate } 577c478bd9Sstevel@tonic-gate } 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gate repositories = get_ns(rep, PWU_WRITE); 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate if (repositories == 0) 627c478bd9Sstevel@tonic-gate return (PWU_SYSTEM_ERROR); 637c478bd9Sstevel@tonic-gate 647c478bd9Sstevel@tonic-gate /* 657c478bd9Sstevel@tonic-gate * updating requires that either 667c478bd9Sstevel@tonic-gate * - PAM_REPOSITORY is set: we know what to update 677c478bd9Sstevel@tonic-gate * - PAM_REPOSITORY is not set, but we recognize the nsswitch.conf 687c478bd9Sstevel@tonic-gate * passwd: entry 697c478bd9Sstevel@tonic-gate */ 707c478bd9Sstevel@tonic-gate if (repositories == REP_ERANGE || repositories == REP_NSS) 717c478bd9Sstevel@tonic-gate return (PWU_REPOSITORY_ERROR); 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate /* 747c478bd9Sstevel@tonic-gate * Loop over selected repositories to update 757c478bd9Sstevel@tonic-gate * We should update the remote repositories first, FILES last. 767c478bd9Sstevel@tonic-gate */ 777c478bd9Sstevel@tonic-gate for (i = REP_LAST; i; i >>= 1) { 787c478bd9Sstevel@tonic-gate if (repositories & i) { 797c478bd9Sstevel@tonic-gate buf = NULL; 807c478bd9Sstevel@tonic-gate 8103c65128Swy83408 if (rops[i]->lock && (err = rops[i]->lock())) { 827c478bd9Sstevel@tonic-gate return (err); 837c478bd9Sstevel@tonic-gate } 847c478bd9Sstevel@tonic-gate 8503c65128Swy83408 if (rops[i]->getpwnam) { 8603c65128Swy83408 err = rops[i]->getpwnam(name, items, rep, &buf); 877c478bd9Sstevel@tonic-gate } 887c478bd9Sstevel@tonic-gate 8903c65128Swy83408 if ((err == PWU_SUCCESS) && rops[i]->update) 9003c65128Swy83408 err = rops[i]->update(items, rep, buf); 917c478bd9Sstevel@tonic-gate 9203c65128Swy83408 if ((err == PWU_SUCCESS) && rops[i]->putpwnam) 93*36e852a1SRaja Andra err = rops[i]->putpwnam(name, oldpw, rep, buf); 947c478bd9Sstevel@tonic-gate 9503c65128Swy83408 if (rops[i]->unlock) 9603c65128Swy83408 (void) rops[i]->unlock(); 977c478bd9Sstevel@tonic-gate 987c478bd9Sstevel@tonic-gate if (buf) { 997c478bd9Sstevel@tonic-gate (void) free(buf); 1007c478bd9Sstevel@tonic-gate buf = NULL; 1017c478bd9Sstevel@tonic-gate } 1027c478bd9Sstevel@tonic-gate if (err == PWU_SUCCESS) { 1037c478bd9Sstevel@tonic-gate rep_success = i; /* this rep succeeded */ 1047c478bd9Sstevel@tonic-gate updated |= i; 1057c478bd9Sstevel@tonic-gate } else if (err != PWU_SUCCESS && err != PWU_NOT_FOUND) { 1067c478bd9Sstevel@tonic-gate break; 1077c478bd9Sstevel@tonic-gate } 1087c478bd9Sstevel@tonic-gate } 1097c478bd9Sstevel@tonic-gate } 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate if (buf) 1127c478bd9Sstevel@tonic-gate free(buf); 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate if (updated_reps) 1157c478bd9Sstevel@tonic-gate *updated_reps = (updated != REP_NOREP) ? updated : i; 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate /* 1187c478bd9Sstevel@tonic-gate * err contains either 1197c478bd9Sstevel@tonic-gate * PWU_SUCCESS : everyting went OK 1207c478bd9Sstevel@tonic-gate * PWU_NOT_FOUND : none of the repositories contained the user 1217c478bd9Sstevel@tonic-gate * error-code : the specific error that occurred 1227c478bd9Sstevel@tonic-gate */ 1237c478bd9Sstevel@tonic-gate if (rep_success != REP_NOREP) { 1247c478bd9Sstevel@tonic-gate return (PWU_SUCCESS); 1257c478bd9Sstevel@tonic-gate } else { 1267c478bd9Sstevel@tonic-gate return (err); 1277c478bd9Sstevel@tonic-gate } 1287c478bd9Sstevel@tonic-gate } 129