xref: /onnv-gate/usr/src/lib/nsswitch/compat/common/getpwent.c (revision 11262:b7ebfbf2359e)
10Sstevel@tonic-gate /*
20Sstevel@tonic-gate  * CDDL HEADER START
30Sstevel@tonic-gate  *
40Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
52830Sdjl  * Common Development and Distribution License (the "License").
62830Sdjl  * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate  *
80Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate  * See the License for the specific language governing permissions
110Sstevel@tonic-gate  * and limitations under the License.
120Sstevel@tonic-gate  *
130Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate  *
190Sstevel@tonic-gate  * CDDL HEADER END
200Sstevel@tonic-gate  */
210Sstevel@tonic-gate /*
22*11262SRajagopal.Andra@Sun.COM  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
232830Sdjl  * Use is subject to license terms.
240Sstevel@tonic-gate  *
252830Sdjl  *	getpwent.c
260Sstevel@tonic-gate  *
270Sstevel@tonic-gate  * lib/nsswitch/compat/getpwent.c -- name-service-switch backend for getpwnam()
280Sstevel@tonic-gate  *   et al that does 4.x compatibility.  It looks in /etc/passwd; if it finds
290Sstevel@tonic-gate  *   passwd entries there that begin with "+" or "-", it consults other
300Sstevel@tonic-gate  *   services.  By default it uses NIS (YP), but the user can override this
310Sstevel@tonic-gate  *   with a "passwd_compat" entry in /etc/nsswitch.conf, e.g.
32*11262SRajagopal.Andra@Sun.COM  *			passwd_compat: ldap
330Sstevel@tonic-gate  *
340Sstevel@tonic-gate  * This code tries to produce the same results as the 4.x code, even when
350Sstevel@tonic-gate  *   the latter seems ill thought-out (mostly in the handling of netgroups,
360Sstevel@tonic-gate  *   "-", and the combination thereof).  Bug-compatible, in other words.
370Sstevel@tonic-gate  *   Though we do try to be more reasonable about the format of "+" and "-"
380Sstevel@tonic-gate  *   entries here, i.e. you don't have to pad them with spurious colons and
390Sstevel@tonic-gate  *   bogus uid/gid values.
400Sstevel@tonic-gate  *
410Sstevel@tonic-gate  * Caveats:
420Sstevel@tonic-gate  *    -	More than one source may be specified, with the usual switch semantics,
430Sstevel@tonic-gate  *	but having multiple sources here is definitely odd.
440Sstevel@tonic-gate  *    -	People who recursively specify "compat" deserve what they get.
450Sstevel@tonic-gate  *    -	Entries that begin with "+@" or "-@" are interpreted using
460Sstevel@tonic-gate  *	getnetgrent() and innetgr(), which use the "netgroup" entry in
470Sstevel@tonic-gate  *	/etc/nsswitch.conf.  If the sources for "passwd_compat" and "netgroup"
480Sstevel@tonic-gate  *	differ, everything should work fine, but the semantics will be pretty
490Sstevel@tonic-gate  *	confusing.
500Sstevel@tonic-gate  */
510Sstevel@tonic-gate 
520Sstevel@tonic-gate #include <pwd.h>
530Sstevel@tonic-gate #include <shadow.h>		/* For PASSWD (pathname to passwd file) */
540Sstevel@tonic-gate #include <stdlib.h>
550Sstevel@tonic-gate #include <strings.h>
560Sstevel@tonic-gate #include "compat_common.h"
570Sstevel@tonic-gate 
580Sstevel@tonic-gate static DEFINE_NSS_DB_ROOT(db_root);
590Sstevel@tonic-gate 
602830Sdjl static void
_nss_initf_passwd_compat(p)610Sstevel@tonic-gate _nss_initf_passwd_compat(p)
620Sstevel@tonic-gate 	nss_db_params_t	*p;
630Sstevel@tonic-gate {
640Sstevel@tonic-gate 	p->name		  = NSS_DBNAM_PASSWD;
650Sstevel@tonic-gate 	p->config_name	  = NSS_DBNAM_PASSWD_COMPAT;
660Sstevel@tonic-gate 	p->default_config = NSS_DEFCONF_PASSWD_COMPAT;
670Sstevel@tonic-gate }
680Sstevel@tonic-gate 
698040SBaban.Kenkre@Sun.COM /*
708040SBaban.Kenkre@Sun.COM  * Validates passwd entry replacing uid/gid > MAXUID by ID_NOBODY.
718040SBaban.Kenkre@Sun.COM  */
728040SBaban.Kenkre@Sun.COM int
validate_passwd_ids(char * line,int * linelenp,int buflen,int extra_chars)738040SBaban.Kenkre@Sun.COM validate_passwd_ids(char *line, int *linelenp, int buflen, int extra_chars)
748040SBaban.Kenkre@Sun.COM {
758040SBaban.Kenkre@Sun.COM 	char	*linep, *limit, *uidp, *gidp;
768040SBaban.Kenkre@Sun.COM 	uid_t	uid;
778040SBaban.Kenkre@Sun.COM 	gid_t	gid;
788040SBaban.Kenkre@Sun.COM 	ulong_t	uidl, gidl;
798040SBaban.Kenkre@Sun.COM 	int	olduidlen, oldgidlen, idlen;
808040SBaban.Kenkre@Sun.COM 	int	linelen = *linelenp, newlinelen;
818040SBaban.Kenkre@Sun.COM 
828040SBaban.Kenkre@Sun.COM 	if (linelen == 0 || *line == '+' || *line == '-')
838040SBaban.Kenkre@Sun.COM 		return (NSS_STR_PARSE_SUCCESS);
848040SBaban.Kenkre@Sun.COM 
858040SBaban.Kenkre@Sun.COM 	linep = line;
868040SBaban.Kenkre@Sun.COM 	limit = line + linelen;
878040SBaban.Kenkre@Sun.COM 
888040SBaban.Kenkre@Sun.COM 	while (linep < limit && *linep++ != ':') /* skip username */
898040SBaban.Kenkre@Sun.COM 		continue;
908040SBaban.Kenkre@Sun.COM 	while (linep < limit && *linep++ != ':') /* skip password */
918040SBaban.Kenkre@Sun.COM 		continue;
928040SBaban.Kenkre@Sun.COM 	if (linep == limit)
938040SBaban.Kenkre@Sun.COM 		return (NSS_STR_PARSE_PARSE);
948040SBaban.Kenkre@Sun.COM 
958040SBaban.Kenkre@Sun.COM 	uidp = linep;
968040SBaban.Kenkre@Sun.COM 	uidl = strtoul(uidp, (char **)&linep, 10); /* grab uid */
978040SBaban.Kenkre@Sun.COM 	olduidlen = linep - uidp;
988040SBaban.Kenkre@Sun.COM 	if (++linep >= limit || olduidlen == 0)
998040SBaban.Kenkre@Sun.COM 		return (NSS_STR_PARSE_PARSE);
1008040SBaban.Kenkre@Sun.COM 
1018040SBaban.Kenkre@Sun.COM 	gidp = linep;
1028040SBaban.Kenkre@Sun.COM 	gidl = strtoul(gidp, (char **)&linep, 10); /* grab gid */
1038040SBaban.Kenkre@Sun.COM 	oldgidlen = linep - gidp;
1048040SBaban.Kenkre@Sun.COM 	if (linep >= limit || oldgidlen == 0)
1058040SBaban.Kenkre@Sun.COM 		return (NSS_STR_PARSE_PARSE);
1068040SBaban.Kenkre@Sun.COM 
1078040SBaban.Kenkre@Sun.COM 	if (uidl <= MAXUID && gidl <= MAXUID)
1088040SBaban.Kenkre@Sun.COM 		return (NSS_STR_PARSE_SUCCESS);
1098040SBaban.Kenkre@Sun.COM 	uid = (uidl > MAXUID) ? UID_NOBODY : (uid_t)uidl;
1108040SBaban.Kenkre@Sun.COM 	gid = (gidl > MAXUID) ? GID_NOBODY : (gid_t)gidl;
1118040SBaban.Kenkre@Sun.COM 
1128040SBaban.Kenkre@Sun.COM 	/* Check if we have enough space in the buffer */
1138040SBaban.Kenkre@Sun.COM 	idlen = snprintf(NULL, 0, "%u:%u", uid, gid);
1148040SBaban.Kenkre@Sun.COM 	newlinelen = linelen + idlen - olduidlen - oldgidlen - 1;
1158040SBaban.Kenkre@Sun.COM 	if (newlinelen + extra_chars > buflen)
1168040SBaban.Kenkre@Sun.COM 		return (NSS_STR_PARSE_ERANGE);
1178040SBaban.Kenkre@Sun.COM 
1188040SBaban.Kenkre@Sun.COM 	/* Replace ephemeral ids by ID_NOBODY */
1198040SBaban.Kenkre@Sun.COM 	(void) bcopy(linep, uidp + idlen, limit - linep + extra_chars);
1208040SBaban.Kenkre@Sun.COM 	(void) snprintf(uidp, idlen + 1, "%u:%u", uid, gid);
1218040SBaban.Kenkre@Sun.COM 	*(uidp + idlen) = ':'; /* restore : that was overwritten by snprintf */
1228040SBaban.Kenkre@Sun.COM 	*linelenp = newlinelen;
1238040SBaban.Kenkre@Sun.COM 	return (NSS_STR_PARSE_SUCCESS);
1248040SBaban.Kenkre@Sun.COM }
1258040SBaban.Kenkre@Sun.COM 
1260Sstevel@tonic-gate static const char *
get_pwname(argp)1270Sstevel@tonic-gate get_pwname(argp)
1280Sstevel@tonic-gate 	nss_XbyY_args_t		*argp;
1290Sstevel@tonic-gate {
1300Sstevel@tonic-gate 	struct passwd		*p = (struct passwd *)argp->returnval;
1310Sstevel@tonic-gate 
1320Sstevel@tonic-gate 	return (p->pw_name);
1330Sstevel@tonic-gate }
1340Sstevel@tonic-gate 
1350Sstevel@tonic-gate static int
check_pwname(argp)1360Sstevel@tonic-gate check_pwname(argp)
1370Sstevel@tonic-gate 	nss_XbyY_args_t		*argp;
1380Sstevel@tonic-gate {
1390Sstevel@tonic-gate 	struct passwd		*p = (struct passwd *)argp->returnval;
1400Sstevel@tonic-gate 
1410Sstevel@tonic-gate 	return (strcmp(p->pw_name, argp->key.name) == 0);
1420Sstevel@tonic-gate }
1430Sstevel@tonic-gate 
1440Sstevel@tonic-gate static nss_status_t
getbyname(be,a)1450Sstevel@tonic-gate getbyname(be, a)
1460Sstevel@tonic-gate 	compat_backend_ptr_t	be;
1470Sstevel@tonic-gate 	void			*a;
1480Sstevel@tonic-gate {
1492830Sdjl 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
1500Sstevel@tonic-gate 
1510Sstevel@tonic-gate 	return (_nss_compat_XY_all(be, argp,
1520Sstevel@tonic-gate 				check_pwname, NSS_DBOP_PASSWD_BYNAME));
1530Sstevel@tonic-gate }
1540Sstevel@tonic-gate 
1550Sstevel@tonic-gate static int
check_pwuid(argp)1560Sstevel@tonic-gate check_pwuid(argp)
1570Sstevel@tonic-gate 	nss_XbyY_args_t		*argp;
1580Sstevel@tonic-gate {
1590Sstevel@tonic-gate 	struct passwd		*p = (struct passwd *)argp->returnval;
1600Sstevel@tonic-gate 
1610Sstevel@tonic-gate 	return (p->pw_uid == argp->key.uid);
1620Sstevel@tonic-gate }
1630Sstevel@tonic-gate 
1640Sstevel@tonic-gate static nss_status_t
getbyuid(be,a)1650Sstevel@tonic-gate getbyuid(be, a)
1660Sstevel@tonic-gate 	compat_backend_ptr_t	be;
1670Sstevel@tonic-gate 	void			*a;
1680Sstevel@tonic-gate {
1692830Sdjl 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
1700Sstevel@tonic-gate 
1718040SBaban.Kenkre@Sun.COM 	if (argp->key.uid > MAXUID)
1728040SBaban.Kenkre@Sun.COM 		return (NSS_NOTFOUND);
1730Sstevel@tonic-gate 	return (_nss_compat_XY_all(be, argp,
1740Sstevel@tonic-gate 				check_pwuid, NSS_DBOP_PASSWD_BYUID));
1750Sstevel@tonic-gate }
1760Sstevel@tonic-gate 
1770Sstevel@tonic-gate /*ARGSUSED*/
1780Sstevel@tonic-gate static int
merge_pwents(be,argp,fields)1790Sstevel@tonic-gate merge_pwents(be, argp, fields)
1800Sstevel@tonic-gate 	compat_backend_ptr_t	be;
1810Sstevel@tonic-gate 	nss_XbyY_args_t		*argp;
1820Sstevel@tonic-gate 	const char		**fields;
1830Sstevel@tonic-gate {
1840Sstevel@tonic-gate 	struct passwd		*pw	= (struct passwd *)argp->buf.result;
1850Sstevel@tonic-gate 	char			*buf	= malloc(NSS_LINELEN_PASSWD);
1860Sstevel@tonic-gate 	char			*s;
1870Sstevel@tonic-gate 	int			parsestat;
1882830Sdjl 	int			len;
1892830Sdjl 	int			buflen;
1900Sstevel@tonic-gate 
1910Sstevel@tonic-gate 	if (buf == 0) {
1920Sstevel@tonic-gate 		return (NSS_STR_PARSE_PARSE);
1930Sstevel@tonic-gate 		/* Really "out of memory", but PARSE_PARSE will have to do */
1940Sstevel@tonic-gate 	}
1950Sstevel@tonic-gate 	/*
1960Sstevel@tonic-gate 	 * Don't allow overriding of
1970Sstevel@tonic-gate 	 *	- username
1980Sstevel@tonic-gate 	 *	- uid
1990Sstevel@tonic-gate 	 *	- gid
2000Sstevel@tonic-gate 	 * That's what the SunOS 4.x code did;  who are we to question it...
2010Sstevel@tonic-gate 	 */
2020Sstevel@tonic-gate 	s = buf;
2032830Sdjl 	buflen = argp->buf.buflen;
2042830Sdjl 
2052830Sdjl 	if (fields[1] != 0)
2062830Sdjl 		len = snprintf(s, buflen, "%s:%s",
2072830Sdjl 				pw->pw_name, fields[1]);
2082830Sdjl 	else {
2090Sstevel@tonic-gate /* ====> Does this do the right thing? */
2102830Sdjl 		if (pw->pw_age != 0 && *pw->pw_age != '\0')
2112830Sdjl 			len = snprintf(s, buflen, "%s:%s,%s",
2122830Sdjl 				pw->pw_name, pw->pw_passwd, pw->pw_age);
2132830Sdjl 		else
2142830Sdjl 			len = snprintf(s, buflen, "%s:%s",
2152830Sdjl 				pw->pw_name, pw->pw_passwd);
2160Sstevel@tonic-gate 	}
2172830Sdjl 
2182830Sdjl 	if (len > buflen)
2192830Sdjl 		return (NSS_STR_PARSE_ERANGE);
2202830Sdjl 
2212830Sdjl 	s += len;
2222830Sdjl 	buflen -= len;
2238040SBaban.Kenkre@Sun.COM 	len = snprintf(s, buflen, ":%u:%u:%s:%s:%s",
2240Sstevel@tonic-gate 		pw->pw_uid,
2250Sstevel@tonic-gate 		pw->pw_gid,
2260Sstevel@tonic-gate 		fields[4] != 0 ? fields[4] : pw->pw_gecos,
2270Sstevel@tonic-gate 		fields[5] != 0 ? fields[5] : pw->pw_dir,
2280Sstevel@tonic-gate 		fields[6] != 0 ? fields[6] : pw->pw_shell);
2292830Sdjl 
2302830Sdjl 	if (len > buflen)
2312830Sdjl 		return (NSS_STR_PARSE_ERANGE);
2322830Sdjl 
2332830Sdjl 	s += len;
2342830Sdjl 	len = s - buf;
2352830Sdjl 
2362830Sdjl 	/*
2372830Sdjl 	 * if asked, return the data in /etc file format
2382830Sdjl 	 */
2392830Sdjl 	if (be->return_string_data == 1) {
2402830Sdjl 		/* reset the result ptr to the original value */
2412830Sdjl 		argp->buf.result = NULL;
2422830Sdjl 
2432830Sdjl 		if (len > argp->buf.buflen) {
2442830Sdjl 			parsestat = NSS_STR_PARSE_ERANGE;
2452830Sdjl 		} else {
2462830Sdjl 			(void) strncpy(argp->buf.buffer, buf, len);
2472830Sdjl 			argp->returnval = argp->buf.buffer;
2482830Sdjl 			argp->returnlen = len;
2492830Sdjl 			parsestat = NSS_SUCCESS;
2502830Sdjl 		}
2512830Sdjl 	} else {
2522830Sdjl 		parsestat = (*argp->str2ent)(buf, len,
2530Sstevel@tonic-gate 				    argp->buf.result,
2540Sstevel@tonic-gate 				    argp->buf.buffer,
2550Sstevel@tonic-gate 				    argp->buf.buflen);
2562830Sdjl 	}
2570Sstevel@tonic-gate 	free(buf);
2580Sstevel@tonic-gate 	return (parsestat);
2590Sstevel@tonic-gate }
2600Sstevel@tonic-gate 
2610Sstevel@tonic-gate static compat_backend_op_t passwd_ops[] = {
2620Sstevel@tonic-gate 	_nss_compat_destr,
2630Sstevel@tonic-gate 	_nss_compat_endent,
2640Sstevel@tonic-gate 	_nss_compat_setent,
2650Sstevel@tonic-gate 	_nss_compat_getent,
2660Sstevel@tonic-gate 	getbyname,
2670Sstevel@tonic-gate 	getbyuid
2680Sstevel@tonic-gate };
2690Sstevel@tonic-gate 
2700Sstevel@tonic-gate /*ARGSUSED*/
2710Sstevel@tonic-gate nss_backend_t *
_nss_compat_passwd_constr(dummy1,dummy2,dummy3)2720Sstevel@tonic-gate _nss_compat_passwd_constr(dummy1, dummy2, dummy3)
2730Sstevel@tonic-gate 	const char	*dummy1, *dummy2, *dummy3;
2740Sstevel@tonic-gate {
2750Sstevel@tonic-gate 	return (_nss_compat_constr(passwd_ops,
2760Sstevel@tonic-gate 				sizeof (passwd_ops) / sizeof (passwd_ops[0]),
2770Sstevel@tonic-gate 				PASSWD,
2780Sstevel@tonic-gate 				NSS_LINELEN_PASSWD,
2790Sstevel@tonic-gate 				&db_root,
2800Sstevel@tonic-gate 				_nss_initf_passwd_compat,
2810Sstevel@tonic-gate 				1,
2820Sstevel@tonic-gate 				get_pwname,
2830Sstevel@tonic-gate 				merge_pwents));
2840Sstevel@tonic-gate }
285