]>
Commit | Line | Data |
---|---|---|
b168057a | 1 | /* Copyright (C) 1996-2015 Free Software Foundation, Inc. |
6259ec0d | 2 | This file is part of the GNU C Library. |
b85697f6 | 3 | Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996. |
6259ec0d UD |
4 | |
5 | The GNU C Library is free software; you can redistribute it and/or | |
41bdb6e2 AJ |
6 | modify it under the terms of the GNU Lesser General Public |
7 | License as published by the Free Software Foundation; either | |
8 | version 2.1 of the License, or (at your option) any later version. | |
6259ec0d UD |
9 | |
10 | The GNU C Library is distributed in the hope that it will be useful, | |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
41bdb6e2 | 13 | Lesser General Public License for more details. |
6259ec0d | 14 | |
41bdb6e2 | 15 | You should have received a copy of the GNU Lesser General Public |
59ba27a6 PE |
16 | License along with the GNU C Library; if not, see |
17 | <http://www.gnu.org/licenses/>. */ | |
6259ec0d UD |
18 | |
19 | #include <nss.h> | |
20 | #include <ctype.h> | |
21 | #include <errno.h> | |
22 | #include <string.h> | |
23 | #include <syslog.h> | |
26dee9c4 | 24 | #include <rpc/rpc.h> |
6259ec0d UD |
25 | #include <rpcsvc/yp.h> |
26 | #include <rpcsvc/ypclnt.h> | |
26dee9c4 | 27 | #include <rpc/key_prot.h> |
59d112a4 | 28 | #include <rpc/des_crypt.h> |
6259ec0d UD |
29 | |
30 | #include "nss-nis.h" | |
31 | ||
0c6cee5d UD |
32 | /* If we haven't found the entry, we give a SUCCESS and an empty key back. |
33 | Solaris docu says: sizeof (pkey) == HEXKEYBYTES + 1. | |
34 | */ | |
6259ec0d | 35 | enum nss_status |
d71b808a | 36 | _nss_nis_getpublickey (const char *netname, char *pkey, int *errnop) |
6259ec0d | 37 | { |
6259ec0d UD |
38 | pkey[0] = 0; |
39 | ||
40 | if (netname == NULL) | |
41 | { | |
ac9f45cf | 42 | *errnop = EINVAL; |
6259ec0d UD |
43 | return NSS_STATUS_UNAVAIL; |
44 | } | |
45 | ||
ab9a9ff8 UD |
46 | char *domain = strchr (netname, '@'); |
47 | if (domain == NULL) | |
b85697f6 UD |
48 | { |
49 | *errnop = EINVAL; | |
50 | return NSS_STATUS_UNAVAIL; | |
51 | } | |
52 | ++domain; | |
6259ec0d | 53 | |
ab9a9ff8 UD |
54 | char *result; |
55 | int len; | |
56 | int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname), | |
57 | &result, &len); | |
6259ec0d | 58 | |
a1ffb40e | 59 | if (__glibc_unlikely (yperr != YPERR_SUCCESS)) |
6259ec0d | 60 | { |
ab9a9ff8 UD |
61 | enum nss_status retval = yperr2nss (yperr); |
62 | ||
34816665 | 63 | if (retval == NSS_STATUS_TRYAGAIN) |
d71b808a | 64 | *errnop = errno; |
6259ec0d UD |
65 | return retval; |
66 | } | |
67 | ||
68 | if (result != NULL) | |
69 | { | |
70 | char *p = strchr (result, ':'); | |
71 | if (p != NULL) | |
72 | *p = 0; | |
0c6cee5d UD |
73 | strncpy (pkey, result, HEXKEYBYTES + 1); |
74 | pkey[HEXKEYBYTES] = '\0'; | |
0292b0dd | 75 | free (result); |
6259ec0d UD |
76 | } |
77 | return NSS_STATUS_SUCCESS; | |
78 | } | |
79 | ||
80 | enum nss_status | |
d71b808a UD |
81 | _nss_nis_getsecretkey (const char *netname, char *skey, char *passwd, |
82 | int *errnop) | |
6259ec0d | 83 | { |
6259ec0d UD |
84 | skey[0] = 0; |
85 | ||
86 | if (netname == NULL || passwd == NULL) | |
87 | { | |
ac9f45cf | 88 | *errnop = EINVAL; |
6259ec0d UD |
89 | return NSS_STATUS_UNAVAIL; |
90 | } | |
91 | ||
ab9a9ff8 UD |
92 | char *domain = strchr (netname, '@'); |
93 | if (domain == NULL) | |
b85697f6 UD |
94 | { |
95 | *errnop = EINVAL; | |
96 | return NSS_STATUS_UNAVAIL; | |
97 | } | |
98 | ++domain; | |
6259ec0d | 99 | |
ab9a9ff8 UD |
100 | char *result; |
101 | int len; | |
102 | int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname), | |
103 | &result, &len); | |
6259ec0d | 104 | |
a1ffb40e | 105 | if (__glibc_unlikely (yperr != YPERR_SUCCESS)) |
6259ec0d | 106 | { |
ab9a9ff8 UD |
107 | enum nss_status retval = yperr2nss (yperr); |
108 | ||
34816665 | 109 | if (retval == NSS_STATUS_TRYAGAIN) |
d71b808a | 110 | *errnop = errno; |
6259ec0d UD |
111 | return retval; |
112 | } | |
113 | ||
114 | if (result != NULL) | |
115 | { | |
116 | char *p = strchr (result, ':'); | |
0292b0dd UD |
117 | if (p != NULL) |
118 | { | |
ab9a9ff8 UD |
119 | char buf[2 * (HEXKEYBYTES + 1)]; |
120 | ||
0292b0dd UD |
121 | ++p; |
122 | strncpy (buf, p, 2 * (HEXKEYBYTES + 1)); | |
123 | buf[2 * HEXKEYBYTES + 1] = '\0'; | |
124 | if (xdecrypt (buf, passwd) | |
125 | && memcmp (buf, &(buf[HEXKEYBYTES]), KEYCHECKSUMSIZE) == 0) | |
126 | { | |
127 | buf[HEXKEYBYTES] = '\0'; | |
128 | strcpy (skey, buf); | |
129 | } | |
130 | } | |
131 | ||
132 | free (result); | |
6259ec0d UD |
133 | } |
134 | return NSS_STATUS_SUCCESS; | |
135 | } | |
136 | ||
137 | /* Parse uid and group information from the passed string. | |
138 | The format of the string passed is uid:gid,grp,grp, ... */ | |
139 | static enum nss_status | |
140 | parse_netid_str (const char *s, uid_t *uidp, gid_t *gidp, int *gidlenp, | |
141 | gid_t *gidlist) | |
142 | { | |
8e9b2075 | 143 | char *p, *ep; |
f166d865 | 144 | int gidlen; |
6259ec0d UD |
145 | |
146 | if (!s || !isdigit (*s)) | |
147 | { | |
148 | syslog (LOG_ERR, "netname2user: expecting uid '%s'", s); | |
149 | return NSS_STATUS_NOTFOUND; /* XXX need a better error */ | |
150 | } | |
151 | ||
152 | /* Fetch the uid */ | |
8e9b2075 | 153 | *uidp = strtoul (s, NULL, 10); |
6259ec0d UD |
154 | |
155 | if (*uidp == 0) | |
156 | { | |
157 | syslog (LOG_ERR, "netname2user: should not have uid 0"); | |
158 | return NSS_STATUS_NOTFOUND; | |
159 | } | |
160 | ||
161 | /* Now get the group list */ | |
162 | p = strchr (s, ':'); | |
163 | if (!p) | |
164 | { | |
165 | syslog (LOG_ERR, "netname2user: missing group id list in '%s'", s); | |
166 | return NSS_STATUS_NOTFOUND; | |
167 | } | |
168 | ++p; /* skip ':' */ | |
169 | if (!p || (!isdigit (*p))) | |
170 | { | |
171 | syslog (LOG_ERR, "netname2user: missing group id list in '%s'.", p); | |
172 | return NSS_STATUS_NOTFOUND; | |
173 | } | |
174 | ||
8e9b2075 | 175 | *gidp = strtoul (p, &ep, 10); |
6259ec0d | 176 | |
f166d865 UD |
177 | gidlen = 0; |
178 | ||
8e9b2075 | 179 | /* After strtoul() ep should point to the first invalid character. |
34816665 | 180 | This is the marker "," we search for the next value. */ |
8e9b2075 | 181 | while (ep != NULL && *ep == ',') |
6259ec0d | 182 | { |
8e9b2075 UD |
183 | ep++; |
184 | p = ep; | |
185 | gidlist[gidlen++] = strtoul (p, &ep, 10); | |
6259ec0d | 186 | } |
f166d865 UD |
187 | |
188 | *gidlenp = gidlen; | |
6259ec0d UD |
189 | |
190 | return NSS_STATUS_SUCCESS; | |
191 | } | |
192 | ||
193 | ||
194 | enum nss_status | |
195 | _nss_nis_netname2user (char netname[MAXNETNAMELEN + 1], uid_t *uidp, | |
d71b808a | 196 | gid_t *gidp, int *gidlenp, gid_t *gidlist, int *errnop) |
6259ec0d | 197 | { |
ab9a9ff8 UD |
198 | char *domain = strchr (netname, '@'); |
199 | if (domain == NULL) | |
b85697f6 UD |
200 | { |
201 | *errnop = EINVAL; | |
202 | return NSS_STATUS_UNAVAIL; | |
203 | } | |
6259ec0d UD |
204 | |
205 | /* Point past the '@' character */ | |
b85697f6 | 206 | ++domain; |
ab9a9ff8 UD |
207 | char *lookup = NULL; |
208 | int len; | |
209 | int yperr = yp_match (domain, "netid.byname", netname, strlen (netname), | |
210 | &lookup, &len); | |
6259ec0d UD |
211 | switch (yperr) |
212 | { | |
213 | case YPERR_SUCCESS: | |
214 | break; /* the successful case */ | |
215 | case YPERR_DOMAIN: | |
216 | case YPERR_KEY: | |
217 | return NSS_STATUS_NOTFOUND; | |
218 | case YPERR_MAP: | |
219 | default: | |
220 | return NSS_STATUS_UNAVAIL; | |
221 | } | |
b85697f6 | 222 | |
ab9a9ff8 | 223 | if (lookup == NULL) |
a334319f | 224 | return NSS_STATUS_NOTFOUND; |
0ecb606c | 225 | |
ab9a9ff8 UD |
226 | |
227 | lookup[len] = '\0'; | |
228 | ||
229 | enum nss_status err = parse_netid_str (lookup, uidp, gidp, gidlenp, gidlist); | |
230 | ||
231 | free (lookup); | |
232 | ||
233 | return err; | |
6259ec0d | 234 | } |