newkey.c revision 36e852a172cba914383d7341c988128b2c667fbd
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
/*
* University Copyright- Copyright (c) 1982, 1986, 1988
* The Regents of the University of California
* All Rights Reserved
*
* University Acknowledgment- Portions of this document are derived from
* software developed by the University of California, Berkeley, and its
* contributors.
*/
/*
* Administrative tool to add a new user to the publickey database
*/
#include <stdio.h>
#include <stdlib.h>
#include <rpc/key_prot.h>
#include <netdb.h>
#include <pwd.h>
#include <shadow.h>
#include <crypt.h>
#include <string.h>
#include <sys/resource.h>
#include <netdir.h>
#define MAXMAPNAMELEN 256
#define PK_FILES 1
#define PK_YP 2
#define PK_LDAP 4
#define DESCREDPASSLEN sizeof (des_block)
extern int optind;
extern char *optarg;
extern int __getnetnamebyuid();
extern int self_check(char *name);
char *program_name;
int pk_database;
static char *get_password();
static char *basename();
static char PKMAP[] = "publickey.byname";
static char UPDATEFILE[] = "updaters";
static void usage(void);
int
{
int status;
struct nd_hostserv service;
struct nd_addrlist *addrs;
int c;
char host_pname[NIS_MAXNAMELEN];
program_name = argv[0];
switch (c) {
case 's':
if (pk_service == NULL)
pk_service = optarg;
else
usage();
break;
case 'u':
if (username || target_host)
usage();
break;
case 'h':
if (username || target_host)
usage();
break;
default:
usage();
}
}
usage();
}
usage();
if (geteuid() != 0) {
exit(1);
}
if (username) {
exit(1);
}
if (uid == 0) {
if (! getnetname(name)) {
"%s: could not get the equivalent netname for %s\n",
usage();
}
< 0) {
"%s: could not get the hostname for %s\n",
usage();
}
}
"%s: could not get the equivalent netname for %s\n",
usage();
}
} else {
/* -h hostname option */
/* verify if this is a valid hostname */
nc_handle = setnetconfig();
/* fails to open netconfig file */
"%s: failed in routine setnetconfig()\n",
exit(2);
}
/* check to see if hostname exists for this transport */
/* at least one valid address */
break;
}
}
if (!validhost) {
exit(1);
}
uid = 0;
}
exit(1);
short_pass)) {
switch (pk_database) {
case PK_YP:
"%s: unable to update NIS database (%u): %s\n",
break;
case PK_FILES:
"%s: hence, unable to update publickey database\n",
break;
default:
"%s: could not update unknown database: %d\n",
}
exit(1);
}
return (0);
}
/*
* Set the entry in the public key file
*/
int
int database;
char *name;
char *public;
char *secret;
char *pw;
{
switch (database) {
case PK_YP:
/* check that we're on the master server */
(void) yp_get_default_domain(&domain);
"%s: cannot find master of NIS publickey database\n",
exit(1);
}
"%s: cannot find my own host name\n",
exit(1);
}
"%s: can only be used on NIS master machine '%s'\n",
exit(1);
}
}
"Please wait for the database to get updated ...\n");
case PK_FILES:
case PK_LDAP:
default:
break;
}
return (1);
}
void
usage(void)
{
"usage:\t%s -u username [-s ldap | nis | files]\n",
"\t%s -h hostname [-s ldap | nis | files]\n",
exit(1);
}
/*
* The parameters passed into the routine get_password and the
* return values are as follows:
* If the -h flag was specified on the command line:
* (a) username is null
* (b) target_host is non-null
* (c) uid is 0
* (d) the login password of root on target_host is returned
*
* If the -u flag was specified on the command line:
* (a) username is non-null
* (b) target_host is null in all cases except when username is root;
* in that case target_host is set to the local host
* (c) uid is set to the username's uid
* (d) the login password of the user <username> is returned
*/
static char *
char *target_host;
char *username;
{
char *encrypted_password,
*login_password = NULL,
if ((username != 0) ||
/*
* "-u username" or "-h localhost" was specified on the
* command line
*/
if (! pw) {
"%s: unable to locate password record for uid %d\n",
program_name, uid);
return (0);
}
if (spw)
"%s: unable to locate shadow password record for %s\n",
return (0);
}
if (uid == 0) {
} else
return (0);
}
/* Verify that password supplied matches login password */
/*
* Give another chance for typo
*/
return (0);
}
"%s: ERROR, invalid password.\n",
return (0);
}
}
} else {
/*
* "-h remotehost" was specified on the command line
*
* Since we cannot verify the root password of the remote
* host we have to trust what the user inputs. We can,
* however, reduce the possibility of an error by prompting
* the user to enter the target host's password twice and
* comparing those two. We can also authenticate the
* user to be root by checking the real uid.
*/
if (getuid() != 0) {
return (0);
}
"Enter %s's root login password:",
if (!pass) {
"%s: getpass failed.\n",
return (0);
}
if (!*pass) {
"%s: Invalid root password.\n",
return (0);
}
/*
* Now re-enter the password and compare it to the
* one just read.
*/
"Please confirm %s's root login password:",
if (!pass) {
"%s: getpass failed.\n",
return (0);
}
if (!*pass) {
"%s: Invalid root password.\n",
return (0);
}
"%s: Password Incorrect.\n",
return (0);
}
}
return (password);
}