10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
51574Speteh * Common Development and Distribution License (the "License").
61574Speteh * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
20132Srobinson */
21132Srobinson
22132Srobinson /*
2311262SRajagopal.Andra@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
240Sstevel@tonic-gate * Use is subject to license terms.
250Sstevel@tonic-gate */
260Sstevel@tonic-gate /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
270Sstevel@tonic-gate /* All Rights Reserved */
280Sstevel@tonic-gate /*
290Sstevel@tonic-gate * Portions of this source code were derived from Berkeley
300Sstevel@tonic-gate * 4.3 BSD under license from the Regents of the University of
310Sstevel@tonic-gate * California.
320Sstevel@tonic-gate */
330Sstevel@tonic-gate /*
340Sstevel@tonic-gate * ==== hack-attack: possibly MT-safe but definitely not MT-hot.
350Sstevel@tonic-gate * ==== turn this into a real switch frontend and backends
360Sstevel@tonic-gate *
370Sstevel@tonic-gate * Well, at least the API doesn't involve pointers-to-static.
380Sstevel@tonic-gate */
390Sstevel@tonic-gate
400Sstevel@tonic-gate /*
410Sstevel@tonic-gate * netname utility routines (getnetname, user2netname, host2netname).
420Sstevel@tonic-gate *
430Sstevel@tonic-gate * Convert from unix names (uid, gid) to network wide names.
440Sstevel@tonic-gate * This module is operating system dependent!
450Sstevel@tonic-gate * What we define here will work with any unix system that has adopted
460Sstevel@tonic-gate * the Sun NIS domain architecture.
470Sstevel@tonic-gate */
480Sstevel@tonic-gate
490Sstevel@tonic-gate #undef NIS
500Sstevel@tonic-gate
510Sstevel@tonic-gate #include "mt.h"
520Sstevel@tonic-gate #include "rpc_mt.h"
530Sstevel@tonic-gate #include <stdio.h>
540Sstevel@tonic-gate #include <stdlib.h>
550Sstevel@tonic-gate #include <unistd.h>
560Sstevel@tonic-gate #include <sys/types.h>
570Sstevel@tonic-gate #include <ctype.h>
580Sstevel@tonic-gate #include <string.h>
590Sstevel@tonic-gate #include <syslog.h>
600Sstevel@tonic-gate #include <sys/param.h>
610Sstevel@tonic-gate #include <rpc/rpc.h>
620Sstevel@tonic-gate #include <rpcsvc/nis.h>
630Sstevel@tonic-gate #include <rpcsvc/nis_dhext.h>
640Sstevel@tonic-gate #include <nsswitch.h>
650Sstevel@tonic-gate #include <syslog.h>
661574Speteh #include <errno.h>
670Sstevel@tonic-gate
680Sstevel@tonic-gate #ifndef MAXHOSTNAMELEN
690Sstevel@tonic-gate #define MAXHOSTNAMELEN 256
700Sstevel@tonic-gate #endif
710Sstevel@tonic-gate #ifndef NGROUPS
720Sstevel@tonic-gate #define NGROUPS 16
730Sstevel@tonic-gate #endif
740Sstevel@tonic-gate
750Sstevel@tonic-gate /*
760Sstevel@tonic-gate * the value for NOBODY_UID is set by the SVID. The following define also
770Sstevel@tonic-gate * appears in netnamer.c
780Sstevel@tonic-gate */
790Sstevel@tonic-gate
800Sstevel@tonic-gate #define NOBODY_UID 60001
810Sstevel@tonic-gate
820Sstevel@tonic-gate extern int getdomainname();
830Sstevel@tonic-gate extern int key_call();
840Sstevel@tonic-gate #define OPSYS_LEN 4
850Sstevel@tonic-gate static const char *OPSYS = "unix";
860Sstevel@tonic-gate
870Sstevel@tonic-gate /*
880Sstevel@tonic-gate * default publickey policy:
890Sstevel@tonic-gate * publickey: nis [NOTFOUND = return] files
900Sstevel@tonic-gate */
910Sstevel@tonic-gate
920Sstevel@tonic-gate
930Sstevel@tonic-gate /* NSW_NOTSUCCESS NSW_NOTFOUND NSW_UNAVAIL NSW_TRYAGAIN */
940Sstevel@tonic-gate #define DEF_ACTION {__NSW_RETURN, __NSW_RETURN, __NSW_CONTINUE, __NSW_CONTINUE}
950Sstevel@tonic-gate
960Sstevel@tonic-gate static struct __nsw_lookup lookup_files = {"files", DEF_ACTION, NULL, NULL},
970Sstevel@tonic-gate lookup_nis = {"nis", DEF_ACTION, NULL, &lookup_files};
980Sstevel@tonic-gate static struct __nsw_switchconfig publickey_default =
990Sstevel@tonic-gate {0, "publickey", 2, &lookup_nis};
1000Sstevel@tonic-gate
1011574Speteh static mutex_t serialize_netname = ERRORCHECKMUTEX;
1020Sstevel@tonic-gate
1030Sstevel@tonic-gate
1040Sstevel@tonic-gate #define MAXIPRINT (11) /* max length of printed integer */
1050Sstevel@tonic-gate
1060Sstevel@tonic-gate /*
1070Sstevel@tonic-gate * Convert unix cred to network-name by concatenating the
1080Sstevel@tonic-gate * 3 pieces of information <opsys type> <uid> <domain>.
1090Sstevel@tonic-gate */
1100Sstevel@tonic-gate
1110Sstevel@tonic-gate static int
user2netname_nis(int * err,char netname[MAXNETNAMELEN+1],uid_t uid,char * domain)112132Srobinson user2netname_nis(int *err, char netname[MAXNETNAMELEN + 1], uid_t uid,
113132Srobinson char *domain)
1140Sstevel@tonic-gate {
1150Sstevel@tonic-gate int i;
1160Sstevel@tonic-gate char *dfltdom;
1170Sstevel@tonic-gate if (domain == NULL) {
1180Sstevel@tonic-gate if (__rpc_get_default_domain(&dfltdom) != 0) {
1190Sstevel@tonic-gate *err = __NSW_UNAVAIL;
1200Sstevel@tonic-gate return (0);
1210Sstevel@tonic-gate }
1220Sstevel@tonic-gate domain = dfltdom;
1230Sstevel@tonic-gate }
1240Sstevel@tonic-gate if ((strlen(domain) + OPSYS_LEN + 3 + MAXIPRINT) >
12511262SRajagopal.Andra@Sun.COM (size_t)MAXNETNAMELEN) {
1260Sstevel@tonic-gate *err = __NSW_UNAVAIL;
1270Sstevel@tonic-gate return (0);
1280Sstevel@tonic-gate }
129132Srobinson (void) snprintf(netname, MAXNETNAMELEN + 1,
13011262SRajagopal.Andra@Sun.COM "%s.%d@%s", OPSYS, (int)uid, domain);
1310Sstevel@tonic-gate i = strlen(netname);
1320Sstevel@tonic-gate if (netname[i-1] == '.')
1330Sstevel@tonic-gate netname[i-1] = '\0';
1340Sstevel@tonic-gate *err = __NSW_SUCCESS;
1350Sstevel@tonic-gate return (1);
1360Sstevel@tonic-gate }
1370Sstevel@tonic-gate
1380Sstevel@tonic-gate /*
1390Sstevel@tonic-gate * Figure out my fully qualified network name
1400Sstevel@tonic-gate */
1410Sstevel@tonic-gate int
getnetname(char name[MAXNETNAMELEN+1])142132Srobinson getnetname(char name[MAXNETNAMELEN + 1])
1430Sstevel@tonic-gate {
1440Sstevel@tonic-gate uid_t uid;
1450Sstevel@tonic-gate
1460Sstevel@tonic-gate uid = geteuid();
1470Sstevel@tonic-gate if (uid == 0)
148132Srobinson return (host2netname(name, NULL, NULL));
149132Srobinson return (user2netname(name, uid, NULL));
1500Sstevel@tonic-gate }
1510Sstevel@tonic-gate
1520Sstevel@tonic-gate
1530Sstevel@tonic-gate /*
1540Sstevel@tonic-gate * Figure out the fully qualified network name for the given uid.
1550Sstevel@tonic-gate * This is a private interface.
1560Sstevel@tonic-gate */
1570Sstevel@tonic-gate int
__getnetnamebyuid(char name[MAXNETNAMELEN+1],uid_t uid)158132Srobinson __getnetnamebyuid(char name[MAXNETNAMELEN + 1], uid_t uid)
1590Sstevel@tonic-gate {
1600Sstevel@tonic-gate if (uid == 0)
161132Srobinson return (host2netname(name, NULL, NULL));
162132Srobinson return (user2netname(name, uid, NULL));
1630Sstevel@tonic-gate }
1640Sstevel@tonic-gate
1650Sstevel@tonic-gate /*
1660Sstevel@tonic-gate * Convert unix cred to network-name
1670Sstevel@tonic-gate *
1680Sstevel@tonic-gate * It uses the publickey policy in the /etc/nsswitch.conf file
1690Sstevel@tonic-gate * (Unless the netname is "nobody", which is special cased).
1700Sstevel@tonic-gate * If there is no publickey policy in /etc/nsswitch.conf,
1710Sstevel@tonic-gate * the default publickey policy is used, which is
1720Sstevel@tonic-gate * publickey: nis [NOTFOUND=return] files
1730Sstevel@tonic-gate * Note that for the non-nisplus case, there is no failover
1740Sstevel@tonic-gate * so only the first entry would be relevant for those cases.
1750Sstevel@tonic-gate */
1760Sstevel@tonic-gate int
user2netname(char netname[MAXNETNAMELEN+1],const uid_t uid,const char * domain)177132Srobinson user2netname(char netname[MAXNETNAMELEN + 1], const uid_t uid,
178132Srobinson const char *domain)
1790Sstevel@tonic-gate {
1800Sstevel@tonic-gate struct __nsw_switchconfig *conf;
1810Sstevel@tonic-gate struct __nsw_lookup *look;
1820Sstevel@tonic-gate int needfree = 1, res = 0;
1830Sstevel@tonic-gate enum __nsw_parse_err perr;
1840Sstevel@tonic-gate int err;
1850Sstevel@tonic-gate
1860Sstevel@tonic-gate /*
1870Sstevel@tonic-gate * Take care of the special case of "nobody". If the uid is
1880Sstevel@tonic-gate * the value assigned by the SVID for nobody, return the string
1890Sstevel@tonic-gate * "nobody".
1900Sstevel@tonic-gate */
1910Sstevel@tonic-gate
1920Sstevel@tonic-gate if (uid == NOBODY_UID) {
1931574Speteh (void) strlcpy(netname, "nobody", sizeof (netname));
1940Sstevel@tonic-gate return (1);
1950Sstevel@tonic-gate }
1960Sstevel@tonic-gate
1970Sstevel@tonic-gate netname[0] = '\0'; /* make null first (no need for memset) */
1980Sstevel@tonic-gate
1991574Speteh if (mutex_lock(&serialize_netname) == EDEADLK) {
2001574Speteh /*
2011574Speteh * This thread already holds this lock. This scenario
2021574Speteh * occurs when a process requires a netname which
2031574Speteh * itself requires a netname to look up. As we clearly
2041574Speteh * can't continue like this we return 'nobody'.
2051574Speteh */
2061574Speteh (void) strlcpy(netname, "nobody", sizeof (netname));
2071574Speteh return (1);
2081574Speteh }
2090Sstevel@tonic-gate
2100Sstevel@tonic-gate conf = __nsw_getconfig("publickey", &perr);
211132Srobinson if (!conf) {
2120Sstevel@tonic-gate conf = &publickey_default;
2130Sstevel@tonic-gate needfree = 0;
2140Sstevel@tonic-gate }
2150Sstevel@tonic-gate
2160Sstevel@tonic-gate for (look = conf->lookups; look; look = look->next) {
2170Sstevel@tonic-gate /* ldap, nis, and files all do the same thing. */
21811262SRajagopal.Andra@Sun.COM if (strcmp(look->service_name, "ldap") == 0 ||
21911262SRajagopal.Andra@Sun.COM strcmp(look->service_name, "nis") == 0 ||
22011262SRajagopal.Andra@Sun.COM strcmp(look->service_name, "files") == 0)
2210Sstevel@tonic-gate res = user2netname_nis(&err,
22211262SRajagopal.Andra@Sun.COM netname, uid, (char *)domain);
2230Sstevel@tonic-gate else {
2240Sstevel@tonic-gate syslog(LOG_INFO,
22511262SRajagopal.Andra@Sun.COM "user2netname: unknown nameservice \
2260Sstevel@tonic-gate for publickey info '%s'\n",
22711262SRajagopal.Andra@Sun.COM look->service_name);
2280Sstevel@tonic-gate err = __NSW_UNAVAIL;
2290Sstevel@tonic-gate }
2300Sstevel@tonic-gate switch (look->actions[err]) {
2310Sstevel@tonic-gate case __NSW_CONTINUE :
2320Sstevel@tonic-gate break;
2330Sstevel@tonic-gate case __NSW_RETURN :
2340Sstevel@tonic-gate if (needfree)
235*11411SSurya.Prakki@Sun.COM (void) __nsw_freeconfig(conf);
236132Srobinson (void) mutex_unlock(&serialize_netname);
2370Sstevel@tonic-gate return (res);
2380Sstevel@tonic-gate default :
2390Sstevel@tonic-gate syslog(LOG_ERR,
2400Sstevel@tonic-gate "user2netname: Unknown action for nameservice '%s'",
24111262SRajagopal.Andra@Sun.COM look->service_name);
2420Sstevel@tonic-gate }
2430Sstevel@tonic-gate }
2440Sstevel@tonic-gate if (needfree)
245*11411SSurya.Prakki@Sun.COM (void) __nsw_freeconfig(conf);
246132Srobinson (void) mutex_unlock(&serialize_netname);
2470Sstevel@tonic-gate return (0);
2480Sstevel@tonic-gate }
2490Sstevel@tonic-gate
2500Sstevel@tonic-gate
2510Sstevel@tonic-gate /*
2520Sstevel@tonic-gate * Convert host to network-name
2530Sstevel@tonic-gate * This routine returns following netnames given the host and domain
2540Sstevel@tonic-gate * arguments defined below: (domainname=y.z)
2550Sstevel@tonic-gate * Arguments
2560Sstevel@tonic-gate * host domain netname
2570Sstevel@tonic-gate * ---- ------ -------
2580Sstevel@tonic-gate * - - unix.m@y.z (hostname=m)
2590Sstevel@tonic-gate * - a.b unix.m@a.b (hostname=m)
2600Sstevel@tonic-gate * - - unix.m@y.z (hostname=m.w.x)
2610Sstevel@tonic-gate * - a.b unix.m@a.b (hostname=m.w.x)
2620Sstevel@tonic-gate * h - unix.h@y.z
2630Sstevel@tonic-gate * h a.b unix.h@a.b
2640Sstevel@tonic-gate * h.w.x - unix.h@w.x
2650Sstevel@tonic-gate * h.w.x a.b unix.h@a.b
2660Sstevel@tonic-gate */
2670Sstevel@tonic-gate int
host2netname(char netname[MAXNETNAMELEN+1],const char * host,const char * domain)268132Srobinson host2netname(char netname[MAXNETNAMELEN + 1], const char *host,
269132Srobinson const char *domain)
2700Sstevel@tonic-gate {
2710Sstevel@tonic-gate char *p;
2720Sstevel@tonic-gate char hostname[MAXHOSTNAMELEN + 1];
2730Sstevel@tonic-gate char domainname[MAXHOSTNAMELEN + 1];
2740Sstevel@tonic-gate char *dot_in_host;
2750Sstevel@tonic-gate int i;
2760Sstevel@tonic-gate size_t len;
2770Sstevel@tonic-gate
2780Sstevel@tonic-gate netname[0] = '\0'; /* make null first (no need for memset) */
2790Sstevel@tonic-gate
2800Sstevel@tonic-gate if (host == NULL) {
2810Sstevel@tonic-gate (void) strncpy(hostname, nis_local_host(), sizeof (hostname));
2820Sstevel@tonic-gate p = (char *)strchr(hostname, '.');
2830Sstevel@tonic-gate if (p) {
2840Sstevel@tonic-gate *p++ = '\0';
2850Sstevel@tonic-gate /* if no domain passed, use tail of nis_local_host() */
2860Sstevel@tonic-gate if (domain == NULL) {
2870Sstevel@tonic-gate domain = p;
2880Sstevel@tonic-gate }
2890Sstevel@tonic-gate }
2900Sstevel@tonic-gate } else {
2910Sstevel@tonic-gate len = strlen(host);
2920Sstevel@tonic-gate if (len >= sizeof (hostname)) {
2930Sstevel@tonic-gate return (0);
2940Sstevel@tonic-gate }
2950Sstevel@tonic-gate (void) strcpy(hostname, host);
2960Sstevel@tonic-gate }
2970Sstevel@tonic-gate
2980Sstevel@tonic-gate dot_in_host = (char *)strchr(hostname, '.');
2990Sstevel@tonic-gate if (domain == NULL) {
3000Sstevel@tonic-gate p = dot_in_host;
3010Sstevel@tonic-gate if (p) {
3020Sstevel@tonic-gate p = (char *)nis_domain_of(hostname);
3030Sstevel@tonic-gate len = strlen(p);
3040Sstevel@tonic-gate if (len >= sizeof (domainname)) {
3050Sstevel@tonic-gate return (0);
3060Sstevel@tonic-gate }
3070Sstevel@tonic-gate (void) strcpy(domainname, p);
3080Sstevel@tonic-gate } else {
3090Sstevel@tonic-gate domainname[0] = NULL;
3100Sstevel@tonic-gate if (getdomainname(domainname, MAXHOSTNAMELEN) < 0)
3110Sstevel@tonic-gate return (0);
3120Sstevel@tonic-gate }
3130Sstevel@tonic-gate } else {
3140Sstevel@tonic-gate len = strlen(domain);
3150Sstevel@tonic-gate if (len >= sizeof (domainname)) {
3160Sstevel@tonic-gate return (0);
3170Sstevel@tonic-gate }
3180Sstevel@tonic-gate (void) strcpy(domainname, domain);
3190Sstevel@tonic-gate }
3200Sstevel@tonic-gate
3210Sstevel@tonic-gate i = strlen(domainname);
3220Sstevel@tonic-gate if (i == 0)
3230Sstevel@tonic-gate /* No domainname */
3240Sstevel@tonic-gate return (0);
3250Sstevel@tonic-gate if (domainname[i - 1] == '.')
3260Sstevel@tonic-gate domainname[i - 1] = 0;
3270Sstevel@tonic-gate
3280Sstevel@tonic-gate if (dot_in_host) { /* strip off rest of name */
3290Sstevel@tonic-gate *dot_in_host = '\0';
3300Sstevel@tonic-gate }
3310Sstevel@tonic-gate
3320Sstevel@tonic-gate if ((strlen(domainname) + strlen(hostname) + OPSYS_LEN + 3)
3330Sstevel@tonic-gate > (size_t)MAXNETNAMELEN) {
3340Sstevel@tonic-gate return (0);
3350Sstevel@tonic-gate }
3360Sstevel@tonic-gate
337132Srobinson (void) snprintf(netname, MAXNETNAMELEN + 1,
33811262SRajagopal.Andra@Sun.COM "%s.%s@%s", OPSYS, hostname, domainname);
3390Sstevel@tonic-gate return (1);
3400Sstevel@tonic-gate }
341