[thirdparty/glibc.git] / nis / nss_nis / nis-publickey.c

/* Copyright (C) 1996-2019 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <http://www.gnu.org/licenses/>.  */

#include <nss.h>
#include <ctype.h>
#include <errno.h>
#include <string.h>
#include <syslog.h>
#include <rpc/rpc.h>
#include <rpcsvc/yp.h>
#include <rpcsvc/ypclnt.h>
#include <rpc/key_prot.h>
#include <rpc/des_crypt.h>

#include "nss-nis.h"

/* If we haven't found the entry, we give a SUCCESS and an empty key back.
   Solaris docu says: sizeof (pkey) == HEXKEYBYTES + 1.
*/
enum nss_status
_nss_nis_getpublickey (const char *netname, char *pkey, int *errnop)
{
  pkey[0] = 0;

  if (netname == NULL)
    {
      *errnop = EINVAL;
      return NSS_STATUS_UNAVAIL;
    }

  char *domain = strchr (netname, '@');
  if (domain == NULL)
    {
      *errnop = EINVAL;
      return NSS_STATUS_UNAVAIL;
    }
  ++domain;

  char *result;
  int len;
  int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname),
			&result, &len);

  if (__glibc_unlikely (yperr != YPERR_SUCCESS))
    {
      enum nss_status retval = yperr2nss (yperr);

      if (retval == NSS_STATUS_TRYAGAIN)
	*errnop = errno;
      return retval;
    }

  if (result != NULL)
    {
      char *p = strchr (result, ':');
      if (p != NULL)
	*p = 0;
      strncpy (pkey, result, HEXKEYBYTES + 1);
      pkey[HEXKEYBYTES] = '\0';
      free (result);
    }
  return NSS_STATUS_SUCCESS;
}

enum nss_status
_nss_nis_getsecretkey (const char *netname, char *skey, char *passwd,
		       int *errnop)
{
  skey[0] = 0;

  if (netname == NULL || passwd == NULL)
    {
      *errnop = EINVAL;
      return NSS_STATUS_UNAVAIL;
    }

  char *domain = strchr (netname, '@');
  if (domain == NULL)
    {
      *errnop = EINVAL;
      return NSS_STATUS_UNAVAIL;
    }
  ++domain;

  char *result;
  int len;
  int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname),
			&result, &len);

  if (__glibc_unlikely (yperr != YPERR_SUCCESS))
    {
      enum nss_status retval = yperr2nss (yperr);

      if (retval == NSS_STATUS_TRYAGAIN)
	*errnop = errno;
      return retval;
    }

  if (result != NULL)
    {
      char *p = strchr (result, ':');
      if (p != NULL)
	{
	  char buf[2 * (HEXKEYBYTES + 1)];

	  ++p;
	  strncpy (buf, p, 2 * (HEXKEYBYTES + 1));
	  buf[2 * HEXKEYBYTES + 1] = '\0';
	  if (xdecrypt (buf, passwd)
	      && memcmp (buf, &(buf[HEXKEYBYTES]), KEYCHECKSUMSIZE) == 0)
	    {
	      buf[HEXKEYBYTES] = '\0';
	      strcpy (skey, buf);
	    }
	}

      free (result);
    }
  return NSS_STATUS_SUCCESS;
}

/* Parse uid and group information from the passed string.
   The format of the string passed is uid:gid,grp,grp, ...  */
static enum nss_status
parse_netid_str (const char *s, uid_t *uidp, gid_t *gidp, int *gidlenp,
		 gid_t *gidlist)
{
  char *p, *ep;
  int gidlen;

  if (!s || !isdigit (*s))
    {
      syslog (LOG_ERR, "netname2user: expecting uid '%s'", s);
      return NSS_STATUS_NOTFOUND;	/* XXX need a better error */
    }

  /* Fetch the uid */
  *uidp = strtoul (s, NULL, 10);

  if (*uidp == 0)
    {
      syslog (LOG_ERR, "netname2user: should not have uid 0");
      return NSS_STATUS_NOTFOUND;
    }

  /* Now get the group list */
  p = strchr (s, ':');
  if (!p)
    {
      syslog (LOG_ERR, "netname2user: missing group id list in '%s'", s);
      return NSS_STATUS_NOTFOUND;
    }
  ++p;				/* skip ':' */
  if (!p || (!isdigit (*p)))
    {
      syslog (LOG_ERR, "netname2user: missing group id list in '%s'.", p);
      return NSS_STATUS_NOTFOUND;
    }

  *gidp = strtoul (p, &ep, 10);

  gidlen = 0;

  /* After strtoul() ep should point to the first invalid character.
     This is the marker "," we search for the next value.  */
  while (ep != NULL && *ep == ',')
    {
      ep++;
      p = ep;
      gidlist[gidlen++] = strtoul (p, &ep, 10);
    }

  *gidlenp = gidlen;

  return NSS_STATUS_SUCCESS;
}


enum nss_status
_nss_nis_netname2user (char netname[MAXNETNAMELEN + 1], uid_t *uidp,
		       gid_t *gidp, int *gidlenp, gid_t *gidlist, int *errnop)
{
  char *domain = strchr (netname, '@');
  if (domain == NULL)
    {
      *errnop = EINVAL;
      return NSS_STATUS_UNAVAIL;
    }

  /* Point past the '@' character */
  ++domain;
  char *lookup = NULL;
  int len;
  int yperr = yp_match (domain, "netid.byname", netname, strlen (netname),
			&lookup, &len);
  switch (yperr)
    {
    case YPERR_SUCCESS:
      break;			/* the successful case */
    case YPERR_DOMAIN:
    case YPERR_KEY:
      return NSS_STATUS_NOTFOUND;
    case YPERR_MAP:
    default:
      return NSS_STATUS_UNAVAIL;
    }

  if (lookup == NULL)
    return NSS_STATUS_NOTFOUND;


  lookup[len] = '\0';

  enum nss_status err = parse_netid_str (lookup, uidp, gidp, gidlenp, gidlist);

  free (lookup);

  return err;
}
Commit	Line	Data
04277e02	1	/* Copyright (C) 1996-2019 Free Software Foundation, Inc.
6259ec0d	2	This file is part of the GNU C Library.
b85697f6	3	Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
6259ec0d UD	4
6259ec0d UD	5	The GNU C Library is free software; you can redistribute it and/or
41bdb6e2 AJ	6	modify it under the terms of the GNU Lesser General Public
	7	License as published by the Free Software Foundation; either
	8	version 2.1 of the License, or (at your option) any later version.
6259ec0d UD	9
	10	The GNU C Library is distributed in the hope that it will be useful,
	11	but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41bdb6e2	13	Lesser General Public License for more details.
6259ec0d	14
41bdb6e2	15	You should have received a copy of the GNU Lesser General Public
59ba27a6 PE	16	License along with the GNU C Library; if not, see
59ba27a6 PE	17	<http://www.gnu.org/licenses/>. */
6259ec0d UD	18
	19	#include <nss.h>
	20	#include <ctype.h>
	21	#include <errno.h>
	22	#include <string.h>
	23	#include <syslog.h>
26dee9c4	24	#include <rpc/rpc.h>
6259ec0d UD	25	#include <rpcsvc/yp.h>
6259ec0d UD	26	#include <rpcsvc/ypclnt.h>
26dee9c4	27	#include <rpc/key_prot.h>
59d112a4	28	#include <rpc/des_crypt.h>
6259ec0d UD	29
	30	#include "nss-nis.h"
	31
0c6cee5d UD	32	/* If we haven't found the entry, we give a SUCCESS and an empty key back.
	33	Solaris docu says: sizeof (pkey) == HEXKEYBYTES + 1.
	34	*/
6259ec0d	35	enum nss_status
d71b808a	36	_nss_nis_getpublickey (const char netname, char pkey, int *errnop)
6259ec0d	37	{
6259ec0d UD	38	pkey[0] = 0;
	39
	40	if (netname == NULL)
	41	{
ac9f45cf	42	*errnop = EINVAL;
6259ec0d UD	43	return NSS_STATUS_UNAVAIL;
	44	}
	45
ab9a9ff8 UD	46	char *domain = strchr (netname, '@');
ab9a9ff8 UD	47	if (domain == NULL)
b85697f6 UD	48	{
	49	*errnop = EINVAL;
	50	return NSS_STATUS_UNAVAIL;
	51	}
	52	++domain;
6259ec0d	53
ab9a9ff8 UD	54	char *result;
	55	int len;
	56	int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname),
	57	&result, &len);
6259ec0d	58
a1ffb40e	59	if (__glibc_unlikely (yperr != YPERR_SUCCESS))
6259ec0d	60	{
ab9a9ff8 UD	61	enum nss_status retval = yperr2nss (yperr);
ab9a9ff8 UD	62
34816665	63	if (retval == NSS_STATUS_TRYAGAIN)
d71b808a	64	*errnop = errno;
6259ec0d UD	65	return retval;
	66	}
	67
	68	if (result != NULL)
	69	{
	70	char *p = strchr (result, ':');
	71	if (p != NULL)
	72	*p = 0;
0c6cee5d UD	73	strncpy (pkey, result, HEXKEYBYTES + 1);
0c6cee5d UD	74	pkey[HEXKEYBYTES] = '\0';
0292b0dd	75	free (result);
6259ec0d UD	76	}
	77	return NSS_STATUS_SUCCESS;
	78	}
	79
	80	enum nss_status
d71b808a UD	81	_nss_nis_getsecretkey (const char netname, char skey, char *passwd,
d71b808a UD	82	int *errnop)
6259ec0d	83	{
6259ec0d UD	84	skey[0] = 0;
	85
	86	if (netname == NULL \|\| passwd == NULL)
	87	{
ac9f45cf	88	*errnop = EINVAL;
6259ec0d UD	89	return NSS_STATUS_UNAVAIL;
	90	}
	91
ab9a9ff8 UD	92	char *domain = strchr (netname, '@');
ab9a9ff8 UD	93	if (domain == NULL)
b85697f6 UD	94	{
	95	*errnop = EINVAL;
	96	return NSS_STATUS_UNAVAIL;
	97	}
	98	++domain;
6259ec0d	99
ab9a9ff8 UD	100	char *result;
	101	int len;
	102	int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname),
	103	&result, &len);
6259ec0d	104
a1ffb40e	105	if (__glibc_unlikely (yperr != YPERR_SUCCESS))
6259ec0d	106	{
ab9a9ff8 UD	107	enum nss_status retval = yperr2nss (yperr);
ab9a9ff8 UD	108
34816665	109	if (retval == NSS_STATUS_TRYAGAIN)
d71b808a	110	*errnop = errno;
6259ec0d UD	111	return retval;
	112	}
	113
	114	if (result != NULL)
	115	{
	116	char *p = strchr (result, ':');
0292b0dd UD	117	if (p != NULL)
0292b0dd UD	118	{
ab9a9ff8 UD	119	char buf[2 * (HEXKEYBYTES + 1)];
ab9a9ff8 UD	120
0292b0dd UD	121	++p;
	122	strncpy (buf, p, 2 * (HEXKEYBYTES + 1));
	123	buf[2 * HEXKEYBYTES + 1] = '\0';
	124	if (xdecrypt (buf, passwd)
	125	&& memcmp (buf, &(buf[HEXKEYBYTES]), KEYCHECKSUMSIZE) == 0)
	126	{
	127	buf[HEXKEYBYTES] = '\0';
	128	strcpy (skey, buf);
	129	}
	130	}
	131
	132	free (result);
6259ec0d UD	133	}
	134	return NSS_STATUS_SUCCESS;
	135	}
	136
	137	/* Parse uid and group information from the passed string.
	138	The format of the string passed is uid:gid,grp,grp, ... */
	139	static enum nss_status
	140	parse_netid_str (const char s, uid_t uidp, gid_t gidp, int gidlenp,
	141	gid_t *gidlist)
	142	{
8e9b2075	143	char p, ep;
f166d865	144	int gidlen;
6259ec0d UD	145
	146	if (!s \|\| !isdigit (*s))
	147	{
	148	syslog (LOG_ERR, "netname2user: expecting uid '%s'", s);
	149	return NSS_STATUS_NOTFOUND; /* XXX need a better error */
	150	}
	151
	152	/* Fetch the uid */
8e9b2075	153	*uidp = strtoul (s, NULL, 10);
6259ec0d UD	154
	155	if (*uidp == 0)
	156	{
	157	syslog (LOG_ERR, "netname2user: should not have uid 0");
	158	return NSS_STATUS_NOTFOUND;
	159	}
	160
	161	/* Now get the group list */
	162	p = strchr (s, ':');
	163	if (!p)
	164	{
	165	syslog (LOG_ERR, "netname2user: missing group id list in '%s'", s);
	166	return NSS_STATUS_NOTFOUND;
	167	}
	168	++p; /* skip ':' */
	169	if (!p \|\| (!isdigit (*p)))
	170	{
	171	syslog (LOG_ERR, "netname2user: missing group id list in '%s'.", p);
	172	return NSS_STATUS_NOTFOUND;
	173	}
	174
8e9b2075	175	*gidp = strtoul (p, &ep, 10);
6259ec0d	176
f166d865 UD	177	gidlen = 0;
f166d865 UD	178
8e9b2075	179	/* After strtoul() ep should point to the first invalid character.
34816665	180	This is the marker "," we search for the next value. */
8e9b2075	181	while (ep != NULL && *ep == ',')
6259ec0d	182	{
8e9b2075 UD	183	ep++;
	184	p = ep;
	185	gidlist[gidlen++] = strtoul (p, &ep, 10);
6259ec0d	186	}
f166d865 UD	187
f166d865 UD	188	*gidlenp = gidlen;
6259ec0d UD	189
	190	return NSS_STATUS_SUCCESS;
	191	}
	192
	193
	194	enum nss_status
	195	_nss_nis_netname2user (char netname[MAXNETNAMELEN + 1], uid_t *uidp,
d71b808a	196	gid_t gidp, int gidlenp, gid_t gidlist, int errnop)
6259ec0d	197	{
ab9a9ff8 UD	198	char *domain = strchr (netname, '@');
ab9a9ff8 UD	199	if (domain == NULL)
b85697f6 UD	200	{
	201	*errnop = EINVAL;
	202	return NSS_STATUS_UNAVAIL;
	203	}
6259ec0d UD	204
6259ec0d UD	205	/* Point past the '@' character */
b85697f6	206	++domain;
ab9a9ff8 UD	207	char *lookup = NULL;
	208	int len;
	209	int yperr = yp_match (domain, "netid.byname", netname, strlen (netname),
	210	&lookup, &len);
6259ec0d UD	211	switch (yperr)
	212	{
	213	case YPERR_SUCCESS:
	214	break; /* the successful case */
	215	case YPERR_DOMAIN:
	216	case YPERR_KEY:
	217	return NSS_STATUS_NOTFOUND;
	218	case YPERR_MAP:
	219	default:
	220	return NSS_STATUS_UNAVAIL;
	221	}
b85697f6	222
ab9a9ff8	223	if (lookup == NULL)
a334319f	224	return NSS_STATUS_NOTFOUND;
0ecb606c	225
ab9a9ff8 UD	226
	227	lookup[len] = '\0';
	228
	229	enum nss_status err = parse_netid_str (lookup, uidp, gidp, gidlenp, gidlist);
	230
	231	free (lookup);
	232
	233	return err;
6259ec0d	234	}