xref: /onnv-gate/usr/src/lib/nsswitch/compat/common/getspent.c (revision 11262:b7ebfbf2359e)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */
/*
 *	getspent.c
 *
 * lib/nsswitch/compat/getspent.c -- name-service-switch backend for getspnam()
 *   It looks in /etc/shadow; if it finds shadow entries there that begin
 *   with "+" or "-", it consults other services.  By default it uses NIS (YP),
 *   but the user can override this with a "passwd_compat" entry in
 *   /etc/nsswitch.conf, e.g.
 *			passwd_compat: ldap
 * The main criterion for this code is that it behave in the same way as
 * the code for getpwnam() and friends (in getpwent.c).  Note that it uses
 * the same nsswitch.conf entry, not a separate entry for "shadow_compat".
 *
 * Caveats:
 *    -	More than one source may be specified, with the usual switch semantics,
 *	but having multiple sources here is definitely odd.
 *    -	People who recursively specify "compat" deserve what they get.
 *    -	Entries that begin with "+@" or "-@" are interpreted using
 *	getnetgrent() and innetgr(), which use the "netgroup" entry in
 *	/etc/nsswitch.conf.  If the sources for "passwd_compat" and "netgroup"
 *	differ, everything should work fine, but the semantics will be pretty
 *	confusing.
 */

#include <shadow.h>
#include <string.h>
#include <stdlib.h>
#include "compat_common.h"

static DEFINE_NSS_DB_ROOT(db_root);

static void
_nss_initf_shadow_compat(p)
	nss_db_params_t	*p;
{
	p->name		  = NSS_DBNAM_SHADOW;
	p->config_name	  = NSS_DBNAM_PASSWD_COMPAT;
	p->default_config = NSS_DEFCONF_PASSWD_COMPAT;
}

static const char *
get_spnamp(argp)
	nss_XbyY_args_t		*argp;
{
	struct spwd		*s = (struct spwd *)argp->returnval;

	return (s->sp_namp);
}

static int
check_spnamp(argp)
	nss_XbyY_args_t		*argp;
{
	struct spwd		*s = (struct spwd *)argp->returnval;

	return (strcmp(s->sp_namp, argp->key.name) == 0);
}

static nss_status_t
getbyname(be, a)
	compat_backend_ptr_t	be;
	void			*a;
{
	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;

	return (_nss_compat_XY_all(be, argp, check_spnamp,
				NSS_DBOP_SHADOW_BYNAME));
}

/*ARGSUSED*/
static int
merge_spents(be, argp, fields)
	compat_backend_ptr_t	be;
	nss_XbyY_args_t		*argp;
	const char		**fields;
{
	struct spwd		*sp	= (struct spwd *)argp->buf.result;

	/*
	 * Don't allow overriding of the username;  apart from that,
	 *   anything is fair game.
	 */

	if (fields[1] != 0) {
		size_t	namelen = strlen(sp->sp_namp) + 1;
		size_t	passlen = strlen(fields[1])   + 1;

		/* ===> Probably merits an explanation... */
		if (namelen + passlen > argp->buf.buflen) {
			return (NSS_STR_PARSE_ERANGE);
		}
		if (sp->sp_namp != argp->buf.buffer) {
			(void) memmove(argp->buf.buffer,
				sp->sp_namp, namelen);
			sp->sp_namp = argp->buf.buffer;
		}
		(void) memcpy(argp->buf.buffer + namelen,
			fields[1], passlen);
	}

#define	override(field, longp)				\
	if ((field) != 0) {				\
		char	*end;				\
		long	val = strtol(field, &end, 10);	\
							\
		if (*end == '\0') {			\
			*(longp) = val;			\
		} else {				\
			return (NSS_STR_PARSE_PARSE);	\
		}					\
	}

	/* do not override last changed date, it never gets reset. */
	/* override(fields[2], &sp->sp_lstchg); */
	override(fields[3], &sp->sp_min);
	override(fields[4], &sp->sp_max);
	override(fields[5], &sp->sp_warn);
	override(fields[6], &sp->sp_inact);
	override(fields[7], &sp->sp_expire);
	override(fields[8], &sp->sp_flag);

	/*
	 * if asked, return the data in /etc file format
	 */
	if (be->return_string_data == 1) {
		int	n;
		char	b[16 * 7];

		/* reset the result ptr to the original value */
		argp->buf.result = NULL;

#define	printnum(i, num)	\
    sprintf(b + (i * 16), "%d", num)) ? b + (i * 16) : ""

		n = snprintf(argp->buf.buffer, argp->buf.buflen,
			"%s:%s:%s:%s:%s:%s:%s:%s:%s", sp->sp_namp,
			(sp->sp_pwdp ? sp->sp_pwdp : ""),
			(sp->sp_lstchg >= 0 && printnum(0, sp->sp_lstchg),
			(sp->sp_min >= 0 && printnum(1, sp->sp_min),
			(sp->sp_max >= 0 && printnum(2, sp->sp_max),
			(sp->sp_warn > 0 && printnum(3, sp->sp_warn),
			(sp->sp_inact > 0 && printnum(4, sp->sp_inact),
			(sp->sp_expire > 0 && printnum(5, sp->sp_expire),
			(sp->sp_flag != 0 && printnum(6, sp->sp_flag));

		if (n > argp->buf.buflen)
			return (NSS_STR_PARSE_ERANGE);
		else {
			argp->returnlen = n - 1;
			return (NSS_SUCCESS);
		}

	} else
		return (NSS_STR_PARSE_SUCCESS);
}

static compat_backend_op_t shadow_ops[] = {
	_nss_compat_destr,
	_nss_compat_endent,
	_nss_compat_setent,
	_nss_compat_getent,
	getbyname
};

/*ARGSUSED*/
nss_backend_t *
_nss_compat_shadow_constr(dummy1, dummy2, dummy3)
	const char	*dummy1, *dummy2, *dummy3;
{
	return (_nss_compat_constr(shadow_ops,
				sizeof (shadow_ops) / sizeof (shadow_ops[0]),
				SHADOW,
				NSS_LINELEN_SHADOW,
				&db_root,
				_nss_initf_shadow_compat,
				1,
				get_spnamp,
				merge_spents));
}