10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*2830Sdjl * Common Development and Distribution License (the "License"). 6*2830Sdjl * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*2830Sdjl * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23*2830Sdjl * Use is subject to license terms. 240Sstevel@tonic-gate * 25*2830Sdjl * getpwent.c 260Sstevel@tonic-gate * 270Sstevel@tonic-gate * lib/nsswitch/compat/getpwent.c -- name-service-switch backend for getpwnam() 280Sstevel@tonic-gate * et al that does 4.x compatibility. It looks in /etc/passwd; if it finds 290Sstevel@tonic-gate * passwd entries there that begin with "+" or "-", it consults other 300Sstevel@tonic-gate * services. By default it uses NIS (YP), but the user can override this 310Sstevel@tonic-gate * with a "passwd_compat" entry in /etc/nsswitch.conf, e.g. 320Sstevel@tonic-gate * passwd_compat: nisplus 330Sstevel@tonic-gate * 340Sstevel@tonic-gate * This code tries to produce the same results as the 4.x code, even when 350Sstevel@tonic-gate * the latter seems ill thought-out (mostly in the handling of netgroups, 360Sstevel@tonic-gate * "-", and the combination thereof). Bug-compatible, in other words. 370Sstevel@tonic-gate * Though we do try to be more reasonable about the format of "+" and "-" 380Sstevel@tonic-gate * entries here, i.e. you don't have to pad them with spurious colons and 390Sstevel@tonic-gate * bogus uid/gid values. 400Sstevel@tonic-gate * 410Sstevel@tonic-gate * Caveats: 420Sstevel@tonic-gate * - More than one source may be specified, with the usual switch semantics, 430Sstevel@tonic-gate * but having multiple sources here is definitely odd. 440Sstevel@tonic-gate * - People who recursively specify "compat" deserve what they get. 450Sstevel@tonic-gate * - Entries that begin with "+@" or "-@" are interpreted using 460Sstevel@tonic-gate * getnetgrent() and innetgr(), which use the "netgroup" entry in 470Sstevel@tonic-gate * /etc/nsswitch.conf. If the sources for "passwd_compat" and "netgroup" 480Sstevel@tonic-gate * differ, everything should work fine, but the semantics will be pretty 490Sstevel@tonic-gate * confusing. 500Sstevel@tonic-gate */ 510Sstevel@tonic-gate 520Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 530Sstevel@tonic-gate 540Sstevel@tonic-gate #include <pwd.h> 550Sstevel@tonic-gate #include <shadow.h> /* For PASSWD (pathname to passwd file) */ 560Sstevel@tonic-gate #include <stdlib.h> 570Sstevel@tonic-gate #include <strings.h> 580Sstevel@tonic-gate #include "compat_common.h" 590Sstevel@tonic-gate 600Sstevel@tonic-gate static DEFINE_NSS_DB_ROOT(db_root); 610Sstevel@tonic-gate 62*2830Sdjl static void 630Sstevel@tonic-gate _nss_initf_passwd_compat(p) 640Sstevel@tonic-gate nss_db_params_t *p; 650Sstevel@tonic-gate { 660Sstevel@tonic-gate p->name = NSS_DBNAM_PASSWD; 670Sstevel@tonic-gate p->config_name = NSS_DBNAM_PASSWD_COMPAT; 680Sstevel@tonic-gate p->default_config = NSS_DEFCONF_PASSWD_COMPAT; 690Sstevel@tonic-gate } 700Sstevel@tonic-gate 710Sstevel@tonic-gate static const char * 720Sstevel@tonic-gate get_pwname(argp) 730Sstevel@tonic-gate nss_XbyY_args_t *argp; 740Sstevel@tonic-gate { 750Sstevel@tonic-gate struct passwd *p = (struct passwd *)argp->returnval; 760Sstevel@tonic-gate 770Sstevel@tonic-gate return (p->pw_name); 780Sstevel@tonic-gate } 790Sstevel@tonic-gate 800Sstevel@tonic-gate static int 810Sstevel@tonic-gate check_pwname(argp) 820Sstevel@tonic-gate nss_XbyY_args_t *argp; 830Sstevel@tonic-gate { 840Sstevel@tonic-gate struct passwd *p = (struct passwd *)argp->returnval; 850Sstevel@tonic-gate 860Sstevel@tonic-gate return (strcmp(p->pw_name, argp->key.name) == 0); 870Sstevel@tonic-gate } 880Sstevel@tonic-gate 890Sstevel@tonic-gate static nss_status_t 900Sstevel@tonic-gate getbyname(be, a) 910Sstevel@tonic-gate compat_backend_ptr_t be; 920Sstevel@tonic-gate void *a; 930Sstevel@tonic-gate { 94*2830Sdjl nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 950Sstevel@tonic-gate 960Sstevel@tonic-gate return (_nss_compat_XY_all(be, argp, 970Sstevel@tonic-gate check_pwname, NSS_DBOP_PASSWD_BYNAME)); 980Sstevel@tonic-gate } 990Sstevel@tonic-gate 1000Sstevel@tonic-gate static int 1010Sstevel@tonic-gate check_pwuid(argp) 1020Sstevel@tonic-gate nss_XbyY_args_t *argp; 1030Sstevel@tonic-gate { 1040Sstevel@tonic-gate struct passwd *p = (struct passwd *)argp->returnval; 1050Sstevel@tonic-gate 1060Sstevel@tonic-gate return (p->pw_uid == argp->key.uid); 1070Sstevel@tonic-gate } 1080Sstevel@tonic-gate 1090Sstevel@tonic-gate static nss_status_t 1100Sstevel@tonic-gate getbyuid(be, a) 1110Sstevel@tonic-gate compat_backend_ptr_t be; 1120Sstevel@tonic-gate void *a; 1130Sstevel@tonic-gate { 114*2830Sdjl nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 1150Sstevel@tonic-gate 1160Sstevel@tonic-gate return (_nss_compat_XY_all(be, argp, 1170Sstevel@tonic-gate check_pwuid, NSS_DBOP_PASSWD_BYUID)); 1180Sstevel@tonic-gate } 1190Sstevel@tonic-gate 1200Sstevel@tonic-gate /*ARGSUSED*/ 1210Sstevel@tonic-gate static int 1220Sstevel@tonic-gate merge_pwents(be, argp, fields) 1230Sstevel@tonic-gate compat_backend_ptr_t be; 1240Sstevel@tonic-gate nss_XbyY_args_t *argp; 1250Sstevel@tonic-gate const char **fields; 1260Sstevel@tonic-gate { 1270Sstevel@tonic-gate struct passwd *pw = (struct passwd *)argp->buf.result; 1280Sstevel@tonic-gate char *buf = malloc(NSS_LINELEN_PASSWD); 1290Sstevel@tonic-gate char *s; 1300Sstevel@tonic-gate int parsestat; 131*2830Sdjl int len; 132*2830Sdjl int buflen; 1330Sstevel@tonic-gate 1340Sstevel@tonic-gate if (buf == 0) { 1350Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 1360Sstevel@tonic-gate /* Really "out of memory", but PARSE_PARSE will have to do */ 1370Sstevel@tonic-gate } 1380Sstevel@tonic-gate /* 1390Sstevel@tonic-gate * Don't allow overriding of 1400Sstevel@tonic-gate * - username 1410Sstevel@tonic-gate * - uid 1420Sstevel@tonic-gate * - gid 1430Sstevel@tonic-gate * That's what the SunOS 4.x code did; who are we to question it... 1440Sstevel@tonic-gate */ 1450Sstevel@tonic-gate s = buf; 146*2830Sdjl buflen = argp->buf.buflen; 147*2830Sdjl 148*2830Sdjl if (fields[1] != 0) 149*2830Sdjl len = snprintf(s, buflen, "%s:%s", 150*2830Sdjl pw->pw_name, fields[1]); 151*2830Sdjl else { 1520Sstevel@tonic-gate /* ====> Does this do the right thing? */ 153*2830Sdjl if (pw->pw_age != 0 && *pw->pw_age != '\0') 154*2830Sdjl len = snprintf(s, buflen, "%s:%s,%s", 155*2830Sdjl pw->pw_name, pw->pw_passwd, pw->pw_age); 156*2830Sdjl else 157*2830Sdjl len = snprintf(s, buflen, "%s:%s", 158*2830Sdjl pw->pw_name, pw->pw_passwd); 1590Sstevel@tonic-gate } 160*2830Sdjl 161*2830Sdjl if (len > buflen) 162*2830Sdjl return (NSS_STR_PARSE_ERANGE); 163*2830Sdjl 164*2830Sdjl s += len; 165*2830Sdjl buflen -= len; 166*2830Sdjl len = snprintf(s, buflen, ":%ld:%ld:%s:%s:%s", 1670Sstevel@tonic-gate pw->pw_uid, 1680Sstevel@tonic-gate pw->pw_gid, 1690Sstevel@tonic-gate fields[4] != 0 ? fields[4] : pw->pw_gecos, 1700Sstevel@tonic-gate fields[5] != 0 ? fields[5] : pw->pw_dir, 1710Sstevel@tonic-gate fields[6] != 0 ? fields[6] : pw->pw_shell); 172*2830Sdjl 173*2830Sdjl if (len > buflen) 174*2830Sdjl return (NSS_STR_PARSE_ERANGE); 175*2830Sdjl 176*2830Sdjl s += len; 177*2830Sdjl len = s - buf; 178*2830Sdjl 179*2830Sdjl /* 180*2830Sdjl * if asked, return the data in /etc file format 181*2830Sdjl */ 182*2830Sdjl if (be->return_string_data == 1) { 183*2830Sdjl /* reset the result ptr to the original value */ 184*2830Sdjl argp->buf.result = NULL; 185*2830Sdjl 186*2830Sdjl if (len > argp->buf.buflen) { 187*2830Sdjl parsestat = NSS_STR_PARSE_ERANGE; 188*2830Sdjl } else { 189*2830Sdjl (void) strncpy(argp->buf.buffer, buf, len); 190*2830Sdjl argp->returnval = argp->buf.buffer; 191*2830Sdjl argp->returnlen = len; 192*2830Sdjl parsestat = NSS_SUCCESS; 193*2830Sdjl } 194*2830Sdjl } else { 195*2830Sdjl parsestat = (*argp->str2ent)(buf, len, 1960Sstevel@tonic-gate argp->buf.result, 1970Sstevel@tonic-gate argp->buf.buffer, 1980Sstevel@tonic-gate argp->buf.buflen); 199*2830Sdjl } 2000Sstevel@tonic-gate free(buf); 2010Sstevel@tonic-gate return (parsestat); 2020Sstevel@tonic-gate } 2030Sstevel@tonic-gate 2040Sstevel@tonic-gate static compat_backend_op_t passwd_ops[] = { 2050Sstevel@tonic-gate _nss_compat_destr, 2060Sstevel@tonic-gate _nss_compat_endent, 2070Sstevel@tonic-gate _nss_compat_setent, 2080Sstevel@tonic-gate _nss_compat_getent, 2090Sstevel@tonic-gate getbyname, 2100Sstevel@tonic-gate getbyuid 2110Sstevel@tonic-gate }; 2120Sstevel@tonic-gate 2130Sstevel@tonic-gate /*ARGSUSED*/ 2140Sstevel@tonic-gate nss_backend_t * 2150Sstevel@tonic-gate _nss_compat_passwd_constr(dummy1, dummy2, dummy3) 2160Sstevel@tonic-gate const char *dummy1, *dummy2, *dummy3; 2170Sstevel@tonic-gate { 2180Sstevel@tonic-gate return (_nss_compat_constr(passwd_ops, 2190Sstevel@tonic-gate sizeof (passwd_ops) / sizeof (passwd_ops[0]), 2200Sstevel@tonic-gate PASSWD, 2210Sstevel@tonic-gate NSS_LINELEN_PASSWD, 2220Sstevel@tonic-gate &db_root, 2230Sstevel@tonic-gate _nss_initf_passwd_compat, 2240Sstevel@tonic-gate 1, 2250Sstevel@tonic-gate get_pwname, 2260Sstevel@tonic-gate merge_pwents)); 2270Sstevel@tonic-gate } 228