17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5cb5caa98Sdjl * Common Development and Distribution License (the "License").
6cb5caa98Sdjl * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*2b4a7802SBaban Kenkre * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23cb5caa98Sdjl * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate *
257c478bd9Sstevel@tonic-gate * files/getpwnam.c -- "files" backend for nsswitch "passwd" database
267c478bd9Sstevel@tonic-gate */
277c478bd9Sstevel@tonic-gate
287c478bd9Sstevel@tonic-gate #include <pwd.h>
297c478bd9Sstevel@tonic-gate #include <shadow.h>
307c478bd9Sstevel@tonic-gate #include <unistd.h> /* for PF_PATH */
317c478bd9Sstevel@tonic-gate #include "files_common.h"
327c478bd9Sstevel@tonic-gate #include <strings.h>
33cb5caa98Sdjl #include <stdlib.h>
347c478bd9Sstevel@tonic-gate
35cb5caa98Sdjl static uint_t
hash_pwname(nss_XbyY_args_t * argp,int keyhash,const char * line,int linelen)36cb5caa98Sdjl hash_pwname(nss_XbyY_args_t *argp, int keyhash, const char *line,
37cb5caa98Sdjl int linelen)
387c478bd9Sstevel@tonic-gate {
39cb5caa98Sdjl const char *name;
40cb5caa98Sdjl int namelen, i;
41cb5caa98Sdjl uint_t hash = 0;
427c478bd9Sstevel@tonic-gate
43cb5caa98Sdjl if (keyhash) {
44cb5caa98Sdjl name = argp->key.name;
45cb5caa98Sdjl namelen = strlen(name);
46cb5caa98Sdjl } else {
47cb5caa98Sdjl name = line;
48cb5caa98Sdjl namelen = 0;
49cb5caa98Sdjl while (linelen-- && *line++ != ':')
50cb5caa98Sdjl namelen++;
51cb5caa98Sdjl }
527c478bd9Sstevel@tonic-gate
53cb5caa98Sdjl for (i = 0; i < namelen; i++)
54cb5caa98Sdjl hash = hash * 15 + name[i];
557c478bd9Sstevel@tonic-gate return (hash);
567c478bd9Sstevel@tonic-gate }
577c478bd9Sstevel@tonic-gate
58cb5caa98Sdjl static uint_t
hash_pwuid(nss_XbyY_args_t * argp,int keyhash,const char * line,int linelen)59cb5caa98Sdjl hash_pwuid(nss_XbyY_args_t *argp, int keyhash, const char *line,
60cb5caa98Sdjl int linelen)
617c478bd9Sstevel@tonic-gate {
62cb5caa98Sdjl uint_t id;
63cb5caa98Sdjl const char *linep, *limit, *end;
64cb5caa98Sdjl
65cb5caa98Sdjl linep = line;
66cb5caa98Sdjl limit = line + linelen;
67cb5caa98Sdjl
68cb5caa98Sdjl if (keyhash)
69cb5caa98Sdjl return ((uint_t)argp->key.uid);
70cb5caa98Sdjl
71*2b4a7802SBaban Kenkre while (linep < limit && *linep++ != ':') /* skip username */
72*2b4a7802SBaban Kenkre continue;
73*2b4a7802SBaban Kenkre while (linep < limit && *linep++ != ':') /* skip password */
74*2b4a7802SBaban Kenkre continue;
75cb5caa98Sdjl if (linep == limit)
76cb5caa98Sdjl return (UID_NOBODY);
77cb5caa98Sdjl
78cb5caa98Sdjl /* uid */
79cb5caa98Sdjl end = linep;
80*2b4a7802SBaban Kenkre id = (uint_t)strtoul(linep, (char **)&end, 10);
81cb5caa98Sdjl
82cb5caa98Sdjl /* empty uid */
83cb5caa98Sdjl if (linep == end)
84cb5caa98Sdjl return (UID_NOBODY);
85cb5caa98Sdjl
86cb5caa98Sdjl return (id);
877c478bd9Sstevel@tonic-gate }
887c478bd9Sstevel@tonic-gate
897c478bd9Sstevel@tonic-gate static files_hash_func hash_pw[2] = { hash_pwname, hash_pwuid };
907c478bd9Sstevel@tonic-gate
917c478bd9Sstevel@tonic-gate static files_hash_t hashinfo = {
927c478bd9Sstevel@tonic-gate DEFAULTMUTEX,
937c478bd9Sstevel@tonic-gate sizeof (struct passwd),
947c478bd9Sstevel@tonic-gate NSS_BUFLEN_PASSWD,
957c478bd9Sstevel@tonic-gate 2,
967c478bd9Sstevel@tonic-gate hash_pw
977c478bd9Sstevel@tonic-gate };
987c478bd9Sstevel@tonic-gate
997c478bd9Sstevel@tonic-gate static int
check_pwname(nss_XbyY_args_t * argp,const char * line,int linelen)100cb5caa98Sdjl check_pwname(nss_XbyY_args_t *argp, const char *line, int linelen)
1017c478bd9Sstevel@tonic-gate {
102cb5caa98Sdjl const char *linep, *limit;
103cb5caa98Sdjl const char *keyp = argp->key.name;
104cb5caa98Sdjl
105cb5caa98Sdjl linep = line;
106cb5caa98Sdjl limit = line + linelen;
1077c478bd9Sstevel@tonic-gate
1087c478bd9Sstevel@tonic-gate /* +/- entries valid for compat source only */
109cb5caa98Sdjl if (linelen == 0 || *line == '+' || *line == '-')
1107c478bd9Sstevel@tonic-gate return (0);
111cb5caa98Sdjl while (*keyp && linep < limit && *keyp == *linep) {
112cb5caa98Sdjl keyp++;
113cb5caa98Sdjl linep++;
114cb5caa98Sdjl }
115cb5caa98Sdjl return (linep < limit && *keyp == '\0' && *linep == ':');
1167c478bd9Sstevel@tonic-gate }
1177c478bd9Sstevel@tonic-gate
1187c478bd9Sstevel@tonic-gate static nss_status_t
getbyname(be,a)1197c478bd9Sstevel@tonic-gate getbyname(be, a)
1207c478bd9Sstevel@tonic-gate files_backend_ptr_t be;
1217c478bd9Sstevel@tonic-gate void *a;
1227c478bd9Sstevel@tonic-gate {
1237c478bd9Sstevel@tonic-gate return (_nss_files_XY_hash(be, a, 0, &hashinfo, 0, check_pwname));
1247c478bd9Sstevel@tonic-gate }
1257c478bd9Sstevel@tonic-gate
1267c478bd9Sstevel@tonic-gate static int
check_pwuid(nss_XbyY_args_t * argp,const char * line,int linelen)127cb5caa98Sdjl check_pwuid(nss_XbyY_args_t *argp, const char *line, int linelen)
1287c478bd9Sstevel@tonic-gate {
129cb5caa98Sdjl const char *linep, *limit, *end;
130*2b4a7802SBaban Kenkre ulong_t pw_uid;
131cb5caa98Sdjl
132cb5caa98Sdjl linep = line;
133cb5caa98Sdjl limit = line + linelen;
1347c478bd9Sstevel@tonic-gate
1357c478bd9Sstevel@tonic-gate /* +/- entries valid for compat source only */
136cb5caa98Sdjl if (linelen == 0 || *line == '+' || *line == '-')
1377c478bd9Sstevel@tonic-gate return (0);
138cb5caa98Sdjl
139*2b4a7802SBaban Kenkre while (linep < limit && *linep++ != ':') /* skip username */
140*2b4a7802SBaban Kenkre continue;
141*2b4a7802SBaban Kenkre while (linep < limit && *linep++ != ':') /* skip password */
142*2b4a7802SBaban Kenkre continue;
143cb5caa98Sdjl if (linep == limit)
144cb5caa98Sdjl return (0);
145cb5caa98Sdjl
146cb5caa98Sdjl /* uid */
147cb5caa98Sdjl end = linep;
148*2b4a7802SBaban Kenkre pw_uid = strtoul(linep, (char **)&end, 10);
149cb5caa98Sdjl
150*2b4a7802SBaban Kenkre /* check if the uid is empty or overflows */
151*2b4a7802SBaban Kenkre if (linep == end || pw_uid > UINT32_MAX)
152cb5caa98Sdjl return (0);
153cb5caa98Sdjl
154*2b4a7802SBaban Kenkre return ((uid_t)pw_uid == argp->key.uid);
1557c478bd9Sstevel@tonic-gate }
1567c478bd9Sstevel@tonic-gate
1577c478bd9Sstevel@tonic-gate static nss_status_t
getbyuid(be,a)1587c478bd9Sstevel@tonic-gate getbyuid(be, a)
1597c478bd9Sstevel@tonic-gate files_backend_ptr_t be;
1607c478bd9Sstevel@tonic-gate void *a;
1617c478bd9Sstevel@tonic-gate {
162*2b4a7802SBaban Kenkre nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
163*2b4a7802SBaban Kenkre
164*2b4a7802SBaban Kenkre if (argp->key.uid > MAXUID)
165*2b4a7802SBaban Kenkre return (NSS_NOTFOUND);
166*2b4a7802SBaban Kenkre return (_nss_files_XY_hash(be, argp, 0, &hashinfo, 1, check_pwuid));
167*2b4a7802SBaban Kenkre }
168*2b4a7802SBaban Kenkre
169*2b4a7802SBaban Kenkre /*
170*2b4a7802SBaban Kenkre * Validates passwd entry replacing uid/gid > MAXUID by ID_NOBODY.
171*2b4a7802SBaban Kenkre */
172*2b4a7802SBaban Kenkre int
validate_passwd_ids(char * line,int * linelenp,int buflen,int extra_chars)173*2b4a7802SBaban Kenkre validate_passwd_ids(char *line, int *linelenp, int buflen, int extra_chars)
174*2b4a7802SBaban Kenkre {
175*2b4a7802SBaban Kenkre char *linep, *limit, *uidp, *gidp;
176*2b4a7802SBaban Kenkre uid_t uid;
177*2b4a7802SBaban Kenkre gid_t gid;
178*2b4a7802SBaban Kenkre ulong_t uidl, gidl;
179*2b4a7802SBaban Kenkre int olduidlen, oldgidlen, idlen;
180*2b4a7802SBaban Kenkre int linelen = *linelenp, newlinelen;
181*2b4a7802SBaban Kenkre
182*2b4a7802SBaban Kenkre /*
183*2b4a7802SBaban Kenkre * +name entries in passwd(4) do not override uid and gid
184*2b4a7802SBaban Kenkre * values. Therefore no need to validate the ids in these
185*2b4a7802SBaban Kenkre * entries.
186*2b4a7802SBaban Kenkre */
187*2b4a7802SBaban Kenkre if (linelen == 0 || *line == '+' || *line == '-')
188*2b4a7802SBaban Kenkre return (NSS_STR_PARSE_SUCCESS);
189*2b4a7802SBaban Kenkre
190*2b4a7802SBaban Kenkre linep = line;
191*2b4a7802SBaban Kenkre limit = line + linelen;
192*2b4a7802SBaban Kenkre
193*2b4a7802SBaban Kenkre while (linep < limit && *linep++ != ':') /* skip username */
194*2b4a7802SBaban Kenkre continue;
195*2b4a7802SBaban Kenkre while (linep < limit && *linep++ != ':') /* skip password */
196*2b4a7802SBaban Kenkre continue;
197*2b4a7802SBaban Kenkre if (linep == limit)
198*2b4a7802SBaban Kenkre return (NSS_STR_PARSE_PARSE);
199*2b4a7802SBaban Kenkre
200*2b4a7802SBaban Kenkre uidp = linep;
201*2b4a7802SBaban Kenkre uidl = strtoul(uidp, (char **)&linep, 10); /* grab uid */
202*2b4a7802SBaban Kenkre olduidlen = linep - uidp;
203*2b4a7802SBaban Kenkre if (++linep >= limit || olduidlen == 0)
204*2b4a7802SBaban Kenkre return (NSS_STR_PARSE_PARSE);
205*2b4a7802SBaban Kenkre
206*2b4a7802SBaban Kenkre gidp = linep;
207*2b4a7802SBaban Kenkre gidl = strtoul(gidp, (char **)&linep, 10); /* grab gid */
208*2b4a7802SBaban Kenkre oldgidlen = linep - gidp;
209*2b4a7802SBaban Kenkre if (linep >= limit || oldgidlen == 0)
210*2b4a7802SBaban Kenkre return (NSS_STR_PARSE_PARSE);
211*2b4a7802SBaban Kenkre
212*2b4a7802SBaban Kenkre if (uidl <= MAXUID && gidl <= MAXUID)
213*2b4a7802SBaban Kenkre return (NSS_STR_PARSE_SUCCESS);
214*2b4a7802SBaban Kenkre uid = (uidl > MAXUID) ? UID_NOBODY : (uid_t)uidl;
215*2b4a7802SBaban Kenkre gid = (gidl > MAXUID) ? GID_NOBODY : (gid_t)gidl;
216*2b4a7802SBaban Kenkre
217*2b4a7802SBaban Kenkre /* Check if we have enough space in the buffer */
218*2b4a7802SBaban Kenkre idlen = snprintf(NULL, 0, "%u:%u", uid, gid);
219*2b4a7802SBaban Kenkre newlinelen = linelen + idlen - olduidlen - oldgidlen - 1;
220*2b4a7802SBaban Kenkre if (newlinelen + extra_chars > buflen)
221*2b4a7802SBaban Kenkre return (NSS_STR_PARSE_ERANGE);
222*2b4a7802SBaban Kenkre
223*2b4a7802SBaban Kenkre /* Replace ephemeral ids by ID_NOBODY */
224*2b4a7802SBaban Kenkre (void) bcopy(linep, uidp + idlen, limit - linep + extra_chars);
225*2b4a7802SBaban Kenkre (void) snprintf(uidp, idlen + 1, "%u:%u", uid, gid);
226*2b4a7802SBaban Kenkre *(uidp + idlen) = ':'; /* restore : that was overwritten by snprintf */
227*2b4a7802SBaban Kenkre *linelenp = newlinelen;
228*2b4a7802SBaban Kenkre return (NSS_STR_PARSE_SUCCESS);
2297c478bd9Sstevel@tonic-gate }
2307c478bd9Sstevel@tonic-gate
2317c478bd9Sstevel@tonic-gate static files_backend_op_t passwd_ops[] = {
2327c478bd9Sstevel@tonic-gate _nss_files_destr,
2337c478bd9Sstevel@tonic-gate _nss_files_endent,
2347c478bd9Sstevel@tonic-gate _nss_files_setent,
2357c478bd9Sstevel@tonic-gate _nss_files_getent_rigid,
2367c478bd9Sstevel@tonic-gate getbyname,
2377c478bd9Sstevel@tonic-gate getbyuid
2387c478bd9Sstevel@tonic-gate };
2397c478bd9Sstevel@tonic-gate
2407c478bd9Sstevel@tonic-gate /*ARGSUSED*/
2417c478bd9Sstevel@tonic-gate nss_backend_t *
_nss_files_passwd_constr(dummy1,dummy2,dummy3)2427c478bd9Sstevel@tonic-gate _nss_files_passwd_constr(dummy1, dummy2, dummy3)
2437c478bd9Sstevel@tonic-gate const char *dummy1, *dummy2, *dummy3;
2447c478bd9Sstevel@tonic-gate {
2457c478bd9Sstevel@tonic-gate return (_nss_files_constr(passwd_ops,
2467c478bd9Sstevel@tonic-gate sizeof (passwd_ops) / sizeof (passwd_ops[0]),
2477c478bd9Sstevel@tonic-gate PF_PATH,
2487c478bd9Sstevel@tonic-gate NSS_LINELEN_PASSWD,
2497c478bd9Sstevel@tonic-gate &hashinfo));
2507c478bd9Sstevel@tonic-gate }
251