1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <sys/types.h>
#include <errno.h>
#include <stdlib.h>
#include <pwd.h>
#include <shadow.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <nss_dbdefs.h>
#include "passwdutil.h"
/* from files_attr.c */
struct passwd *private_getpwnam_r(const char *name, struct passwd *result,
char *buffer, int buflen);
int nss_getattr(char *name, attrlist *item, pwu_repository_t *rep);
int nss_getpwnam(char *name, attrlist *items, pwu_repository_t *rep,
void **buf);
/*
* nss function pointer table, used by passwdutil_init to initialize
* the global Repository-OPerations table "rops"
*/
struct repops nss_repops = {
NULL, /* checkhistory */
nss_getattr,
nss_getpwnam,
NULL, /* update */
NULL, /* putpwnam */
NULL, /* user_to_authenticate */
NULL, /* lock */
NULL /* unlock */
};
/*
* this structure defines the buffer used to keep state between
* get/update/put calls
*/
struct pwbuf {
struct passwd *pwd;
char *pwd_scratch;
struct spwd *spwd;
char *spwd_scratch;
char *rep_name;
};
/*
* We should use sysconf, but there is no sysconf name for SHADOW
* so we use these from nss_dbdefs
*/
#define PWD_SCRATCH_SIZE NSS_LINELEN_PASSWD
#define SPW_SCRATCH_SIZE NSS_LINELEN_SHADOW
/*
* nss_getpwnam(name, items, rep, buf)
*
*/
/*ARGSUSED*/
int
nss_getpwnam(char *name, attrlist *items, pwu_repository_t *rep, void **buf)
{
attrlist *p;
struct pwbuf *pwbuf;
int repositories = REP_ERANGE; /* changed if ATTR_REP_NAME is set */
int err = PWU_SUCCESS;
*buf = calloc(1, sizeof (struct pwbuf));
pwbuf = (struct pwbuf *)*buf;
if (pwbuf == NULL)
return (PWU_NOMEM);
/*
* determine which password structure (/etc/passwd or /etc/shadow)
* we need for the items we need to update
*/
for (p = items; p != NULL; p = p->next) {
switch (p->type) {
case ATTR_NAME:
case ATTR_UID:
case ATTR_GID:
case ATTR_AGE:
case ATTR_COMMENT:
case ATTR_GECOS:
case ATTR_HOMEDIR:
case ATTR_SHELL:
if (pwbuf->pwd == NULL)
pwbuf->pwd = (struct passwd *)
malloc(sizeof (struct passwd));
if (pwbuf->pwd == NULL) {
errno = ENOMEM;
if (pwbuf->spwd)
free(pwbuf->spwd);
return (PWU_NOMEM);
}
break;
case ATTR_PASSWD:
case ATTR_PASSWD_SERVER_POLICY:
case ATTR_LSTCHG:
case ATTR_MIN:
case ATTR_MAX:
case ATTR_WARN:
case ATTR_INACT:
case ATTR_EXPIRE:
case ATTR_FLAG:
case ATTR_LOCK_ACCOUNT:
case ATTR_EXPIRE_PASSWORD:
case ATTR_FAILED_LOGINS:
if (pwbuf->spwd == NULL)
pwbuf->spwd = (struct spwd *)
malloc(sizeof (struct spwd));
if (pwbuf->spwd == NULL) {
errno = ENOMEM;
if (pwbuf->pwd)
free(pwbuf->pwd);
return (PWU_NOMEM);
}
break;
case ATTR_REP_NAME:
/* get the compat names (REP_COMPAT_*) */
repositories = get_ns(rep, PWU_READ);
break;
default:
/*
* Some other repository might have different values
* so we ignore those.
*/
break;
}
}
if (pwbuf->pwd) {
if ((pwbuf->pwd_scratch = malloc(PWD_SCRATCH_SIZE)) == NULL) {
err = PWU_NOMEM;
goto error;
}
if (getpwnam_r(name, pwbuf->pwd, pwbuf->pwd_scratch,
PWD_SCRATCH_SIZE) == NULL) {
err = PWU_NOT_FOUND;
goto error;
}
}
if (pwbuf->spwd) {
if ((pwbuf->spwd_scratch = malloc(SPW_SCRATCH_SIZE)) == NULL) {
err = PWU_NOMEM;
goto error;
}
if (getspnam_r(name, pwbuf->spwd, pwbuf->spwd_scratch,
SPW_SCRATCH_SIZE) == NULL) {
err = PWU_NOT_FOUND;
goto error;
}
}
/* pwbuf->rep_name tells us where the user in fact comes from */
if (repositories != REP_ERANGE) {
struct passwd pwd;
char pwd_scratch[PWD_SCRATCH_SIZE];
/* can we find the user locally? */
if (private_getpwnam_r(name, &pwd, pwd_scratch,
PWD_SCRATCH_SIZE) != NULL)
pwbuf->rep_name = "files";
else if (repositories & REP_COMPAT_LDAP)
pwbuf->rep_name = "ldap";
else if (repositories & REP_COMPAT_NIS)
pwbuf->rep_name = "nis";
else
pwbuf->rep_name = "nss";
} else
pwbuf->rep_name = "nss";
return (PWU_SUCCESS);
error:
if (pwbuf->pwd) free(pwbuf->pwd);
if (pwbuf->pwd_scratch) free(pwbuf->pwd_scratch);
if (pwbuf->spwd) free(pwbuf->spwd);
if (pwbuf->spwd_scratch) free(pwbuf->spwd_scratch);
free(pwbuf);
*buf = NULL;
return (err);
}
/*
* nss_getattr(name, items, rep)
*
* Get attributes specified in list 'items'
*/
int
nss_getattr(char *name, attrlist *items, pwu_repository_t *rep)
{
struct pwbuf *pwbuf;
struct passwd *pw;
struct spwd *spw;
attrlist *w;
int res = 0;
res = nss_getpwnam(name, items, rep, (void **)&pwbuf);
if (res != PWU_SUCCESS)
return (res);
pw = pwbuf->pwd;
spw = pwbuf->spwd;
for (w = items; res == PWU_SUCCESS && w != NULL; w = w->next) {
switch (w->type) {
case ATTR_NAME:
if ((w->data.val_s = strdup(pw->pw_name)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_COMMENT:
if ((w->data.val_s = strdup(pw->pw_comment)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_GECOS:
if ((w->data.val_s = strdup(pw->pw_gecos)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_HOMEDIR:
if ((w->data.val_s = strdup(pw->pw_dir)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_SHELL:
if ((w->data.val_s = strdup(pw->pw_shell)) == NULL)
res = PWU_NOMEM;
break;
/*
* Nothing special needs to be done for
* server policy
*/
case ATTR_PASSWD:
case ATTR_PASSWD_SERVER_POLICY:
if ((w->data.val_s = strdup(spw->sp_pwdp)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_AGE:
if ((w->data.val_s = strdup(pw->pw_age)) == NULL)
res = PWU_NOMEM;
break;
case ATTR_REP_NAME:
if ((w->data.val_s = strdup(pwbuf->rep_name)) == NULL)
res = PWU_NOMEM;
break;
/* integer values */
case ATTR_UID:
w->data.val_i = pw->pw_uid;
break;
case ATTR_GID:
w->data.val_i = pw->pw_gid;
break;
case ATTR_LSTCHG:
w->data.val_i = spw->sp_lstchg;
break;
case ATTR_MIN:
w->data.val_i = spw->sp_min;
break;
case ATTR_MAX:
w->data.val_i = spw->sp_max;
break;
case ATTR_WARN:
w->data.val_i = spw->sp_warn;
break;
case ATTR_INACT:
w->data.val_i = spw->sp_inact;
break;
case ATTR_EXPIRE:
w->data.val_i = spw->sp_expire;
break;
case ATTR_FLAG:
w->data.val_i = spw->sp_flag;
break;
case ATTR_FAILED_LOGINS:
w->data.val_i = spw->sp_flag & FAILCOUNT_MASK;
break;
default:
break;
}
}
if (pwbuf->pwd) free(pwbuf->pwd);
if (pwbuf->pwd_scratch) free(pwbuf->pwd_scratch);
if (pwbuf->spwd) free(pwbuf->spwd);
if (pwbuf->spwd_scratch) free(pwbuf->spwd_scratch);
free(pwbuf);
return (res);
}
|
