netname.c revision 141ae8360b129ba4ff145d9c7fd3353cc2a300f6
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * CDDL HEADER START
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * The contents of this file are subject to the terms of the
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Common Development and Distribution License (the "License").
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * You may not use this file except in compliance with the License.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * See the License for the specific language governing permissions
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * and limitations under the License.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * When distributing Covered Code, include this CDDL HEADER in each
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * If applicable, add the following below this CDDL HEADER, with the
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * fields enclosed by brackets "[]" replaced with your own identifying
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * information: Portions Copyright [yyyy] [name of copyright owner]
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * CDDL HEADER END
f76ee27a7c2e4dbe22aec6ce187c04e980f90349pawelw * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Use is subject to license terms.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf/* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf/* All Rights Reserved */
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Portions of this source code were derived from Berkeley
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * 4.3 BSD under license from the Regents of the University of
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * California.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * ==== hack-attack: possibly MT-safe but definitely not MT-hot.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * ==== turn this into a real switch frontend and backends
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Well, at least the API doesn't involve pointers-to-static.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf#pragma ident "%Z%%M% %I% %E% SMI"
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * netname utility routines (getnetname, user2netname, host2netname).
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Convert from unix names (uid, gid) to network wide names.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * This module is operating system dependent!
f76ee27a7c2e4dbe22aec6ce187c04e980f90349pawelw * What we define here will work with any unix system that has adopted
f76ee27a7c2e4dbe22aec6ce187c04e980f90349pawelw * the Sun NIS domain architecture.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * the value for NOBODY_UID is set by the SVID. The following define also
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * appears in netnamer.c
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlfextern int getdomainname();
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlfextern int key_call();
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * default publickey policy:
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * publickey: nis [NOTFOUND = return] files
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf/* NSW_NOTSUCCESS NSW_NOTFOUND NSW_UNAVAIL NSW_TRYAGAIN */
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf#define DEF_ACTION {__NSW_RETURN, __NSW_RETURN, __NSW_CONTINUE, __NSW_CONTINUE}
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlfstatic struct __nsw_lookup lookup_files = {"files", DEF_ACTION, NULL, NULL},
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Convert unix cred to network-name using nisplus
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * nisplus cred table has the following format:
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * cname auth_type auth_name public private
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * ----------------------------------------------------------
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * nisname DES netname pubkey private_key
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * nisname LOCAL uid gidlist
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Obtain netname given <uid,domain>.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * 0. If domain is NULL (indicating local domain), first try to get
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * netname from keyserv (keylogin sets this).
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * 1. Get the nisplus principal name from the LOCAL entry of the cred
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * table in the specified domain (the local domain if domain is NULL).
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * 2. Using the principal name, lookup the DES entry and extract netname.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlfuser2netname_nisplus(int *err, char netname[MAXNETNAMELEN + 1], uid_t uid,
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Look up the keyserv interface routines to see if
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * netname is stored there.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (1);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * 1. Determine user's nis+ principal name.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * If domain is specified, we want to look up the uid in the
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * specified domain to determine the user's principal name.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Otherwise, get principal name from local directory.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Don't use nis_local_principal here because we want to
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * catch the TRYAGAIN case so that we handle it properly.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf "user2netname: (nis+ lookup): %s\n",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf "user2netname: (nis+ lookup): %s\n",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
c03acfcad7780db4ddf763511a82026680b3b2c1ls * 2. use nis+ principal name to get netname by getting a PK entry.
c03acfcad7780db4ddf763511a82026680b3b2c1ls * (Use NOAUTH to prevent recursion.)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
c03acfcad7780db4ddf763511a82026680b3b2c1ls * Loop thru mechanism types till we find one in the
c03acfcad7780db4ddf763511a82026680b3b2c1ls * cred table for this user.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf "[cname=\"%s\",auth_type=\"%s\"],%s.%s",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * If the entry is not found, let's try the next one,
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * else it's success or a serious enough NIS+ err
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * to bail on.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * No valid mechs exist or the AUTH_DES compat entry was
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * found in the security cf.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf "[cname=\"%s\",auth_type=DES],%s.%s",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf break; /* go and do something useful */
7a70ede882eacbae00c8d5209afb443e7755684cpawelw return (0);
7a70ede882eacbae00c8d5209afb443e7755684cpawelw "user2netname: (nis+ lookup): %s\n",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Principal with more than one entry for this mech type?
7a1efdfee8cbdecea34d3d866bbfb46e39b06e0apawelw * Something wrong with cred table. Should be unique.
7a1efdfee8cbdecea34d3d866bbfb46e39b06e0apawelw * Warn user and continue.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf "user2netname: %s entry for %s not unique",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf syslog(LOG_ERR, "user2netname: netname of '%s' too long",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf (void) strncpy(netname, ENTRY_VAL(nres->objects.objects_val, 2), len);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (1);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf#define MAXIPRINT (11) /* max length of printed integer */
37a077ef1920ee044b2887247b2a802e726d3368ls * Convert unix cred to network-name by concatenating the
37a077ef1920ee044b2887247b2a802e726d3368ls * 3 pieces of information <opsys type> <uid> <domain>.
37a077ef1920ee044b2887247b2a802e726d3368lsuser2netname_nis(int *err, char netname[MAXNETNAMELEN + 1], uid_t uid,
37a077ef1920ee044b2887247b2a802e726d3368ls return (0);
37a077ef1920ee044b2887247b2a802e726d3368ls return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (1);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Figure out my fully qualified network name
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Figure out the fully qualified network name for the given uid.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * This is a private interface.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf__getnetnamebyuid(char name[MAXNETNAMELEN + 1], uid_t uid)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Convert unix cred to network-name
37a077ef1920ee044b2887247b2a802e726d3368ls * It uses the publickey policy in the /etc/nsswitch.conf file
37a077ef1920ee044b2887247b2a802e726d3368ls * (Unless the netname is "nobody", which is special cased).
37a077ef1920ee044b2887247b2a802e726d3368ls * If there is no publickey policy in /etc/nsswitch.conf,
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * the default publickey policy is used, which is
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * publickey: nis [NOTFOUND=return] files
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Note that for the non-nisplus case, there is no failover
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * so only the first entry would be relevant for those cases.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlfuser2netname(char netname[MAXNETNAMELEN + 1], const uid_t uid,
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf const char *domain)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Take care of the special case of "nobody". If the uid is
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * the value assigned by the SVID for nobody, return the string
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * "nobody".
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (1);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf netname[0] = '\0'; /* make null first (no need for memset) */
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * This thread already holds this lock. This scenario
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * occurs when a process requires a netname which
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * itself requires a netname to look up. As we clearly
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * can't continue like this we return 'nobody'.
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (1);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf /* ldap, nis, and files all do the same thing. */
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf "user2netname: unknown nameservice \
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf for publickey info '%s'\n",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf "user2netname: Unknown action for nameservice '%s'",
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Convert host to network-name
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * This routine returns following netnames given the host and domain
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * arguments defined below: (domainname=y.z)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * Arguments
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * host domain netname
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * ---- ------ -------
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * - - unix.m@y.z (hostname=m)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * - a.b unix.m@a.b (hostname=m)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * - - unix.m@y.z (hostname=m.w.x)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * - a.b unix.m@a.b (hostname=m.w.x)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * h - unix.h@y.z
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * h a.b unix.h@a.b
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * h.w.x - unix.h@w.x
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf * h.w.x a.b unix.h@a.b
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlfhost2netname(char netname[MAXNETNAMELEN + 1], const char *host,
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf const char *domain)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf netname[0] = '\0'; /* make null first (no need for memset) */
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf (void) strncpy(hostname, nis_local_host(), sizeof (hostname));
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf *p++ = '\0';
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf /* if no domain passed, use tail of nis_local_host() */
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf if (i == 0)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf /* No domainname */
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf if ((strlen(domainname) + strlen(hostname) + OPSYS_LEN + 3)
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (0);
66f9d5cb3cc0652e2d9d1366fb950efbe4ca2f24mlf return (1);