/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* files/getpwnam.c -- "files" backend for nsswitch "passwd" database
*/
#include <pwd.h>
#include <shadow.h>
#include <unistd.h> /* for PF_PATH */
#include "files_common.h"
#include <strings.h>
#include <stdlib.h>
static uint_t
hash_pwname(nss_XbyY_args_t *argp, int keyhash, const char *line,
int linelen)
{
const char *name;
int namelen, i;
uint_t hash = 0;
if (keyhash) {
name = argp->key.name;
namelen = strlen(name);
} else {
name = line;
namelen = 0;
while (linelen-- && *line++ != ':')
namelen++;
}
for (i = 0; i < namelen; i++)
hash = hash * 15 + name[i];
return (hash);
}
static uint_t
hash_pwuid(nss_XbyY_args_t *argp, int keyhash, const char *line,
int linelen)
{
uint_t id;
const char *linep, *limit, *end;
linep = line;
limit = line + linelen;
if (keyhash)
return ((uint_t)argp->key.uid);
while (linep < limit && *linep++ != ':') /* skip username */
continue;
while (linep < limit && *linep++ != ':') /* skip password */
continue;
if (linep == limit)
return (UID_NOBODY);
/* uid */
end = linep;
id = (uint_t)strtoul(linep, (char **)&end, 10);
/* empty uid */
if (linep == end)
return (UID_NOBODY);
return (id);
}
static files_hash_func hash_pw[2] = { hash_pwname, hash_pwuid };
static files_hash_t hashinfo = {
DEFAULTMUTEX,
sizeof (struct passwd),
NSS_BUFLEN_PASSWD,
2,
hash_pw
};
static int
check_pwname(nss_XbyY_args_t *argp, const char *line, int linelen)
{
const char *linep, *limit;
const char *keyp = argp->key.name;
linep = line;
limit = line + linelen;
/* +/- entries valid for compat source only */
if (linelen == 0 || *line == '+' || *line == '-')
return (0);
while (*keyp && linep < limit && *keyp == *linep) {
keyp++;
linep++;
}
return (linep < limit && *keyp == '\0' && *linep == ':');
}
static nss_status_t
getbyname(be, a)
files_backend_ptr_t be;
void *a;
{
return (_nss_files_XY_hash(be, a, 0, &hashinfo, 0, check_pwname));
}
static int
check_pwuid(nss_XbyY_args_t *argp, const char *line, int linelen)
{
const char *linep, *limit, *end;
ulong_t pw_uid;
linep = line;
limit = line + linelen;
/* +/- entries valid for compat source only */
if (linelen == 0 || *line == '+' || *line == '-')
return (0);
while (linep < limit && *linep++ != ':') /* skip username */
continue;
while (linep < limit && *linep++ != ':') /* skip password */
continue;
if (linep == limit)
return (0);
/* uid */
end = linep;
pw_uid = strtoul(linep, (char **)&end, 10);
/* check if the uid is empty or overflows */
if (linep == end || pw_uid > UINT32_MAX)
return (0);
return ((uid_t)pw_uid == argp->key.uid);
}
static nss_status_t
getbyuid(be, a)
files_backend_ptr_t be;
void *a;
{
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
if (argp->key.uid > MAXUID)
return (NSS_NOTFOUND);
return (_nss_files_XY_hash(be, argp, 0, &hashinfo, 1, check_pwuid));
}
/*
* Validates passwd entry replacing uid/gid > MAXUID by ID_NOBODY.
*/
int
validate_passwd_ids(char *line, int *linelenp, int buflen, int extra_chars)
{
char *linep, *limit, *uidp, *gidp;
uid_t uid;
gid_t gid;
ulong_t uidl, gidl;
int olduidlen, oldgidlen, idlen;
int linelen = *linelenp, newlinelen;
/*
* +name entries in passwd(4) do not override uid and gid
* values. Therefore no need to validate the ids in these
* entries.
*/
if (linelen == 0 || *line == '+' || *line == '-')
return (NSS_STR_PARSE_SUCCESS);
linep = line;
limit = line + linelen;
while (linep < limit && *linep++ != ':') /* skip username */
continue;
while (linep < limit && *linep++ != ':') /* skip password */
continue;
if (linep == limit)
return (NSS_STR_PARSE_PARSE);
uidp = linep;
uidl = strtoul(uidp, (char **)&linep, 10); /* grab uid */
olduidlen = linep - uidp;
if (++linep >= limit || olduidlen == 0)
return (NSS_STR_PARSE_PARSE);
gidp = linep;
gidl = strtoul(gidp, (char **)&linep, 10); /* grab gid */
oldgidlen = linep - gidp;
if (linep >= limit || oldgidlen == 0)
return (NSS_STR_PARSE_PARSE);
if (uidl <= MAXUID && gidl <= MAXUID)
return (NSS_STR_PARSE_SUCCESS);
uid = (uidl > MAXUID) ? UID_NOBODY : (uid_t)uidl;
gid = (gidl > MAXUID) ? GID_NOBODY : (gid_t)gidl;
/* Check if we have enough space in the buffer */
idlen = snprintf(NULL, 0, "%u:%u", uid, gid);
newlinelen = linelen + idlen - olduidlen - oldgidlen - 1;
if (newlinelen + extra_chars > buflen)
return (NSS_STR_PARSE_ERANGE);
/* Replace ephemeral ids by ID_NOBODY */
(void) bcopy(linep, uidp + idlen, limit - linep + extra_chars);
(void) snprintf(uidp, idlen + 1, "%u:%u", uid, gid);
*(uidp + idlen) = ':'; /* restore : that was overwritten by snprintf */
*linelenp = newlinelen;
return (NSS_STR_PARSE_SUCCESS);
}
static files_backend_op_t passwd_ops[] = {
_nss_files_destr,
_nss_files_endent,
_nss_files_setent,
_nss_files_getent_rigid,
getbyname,
getbyuid
};
/*ARGSUSED*/
nss_backend_t *
_nss_files_passwd_constr(dummy1, dummy2, dummy3)
const char *dummy1, *dummy2, *dummy3;
{
return (_nss_files_constr(passwd_ops,
sizeof (passwd_ops) / sizeof (passwd_ops[0]),
PF_PATH,
NSS_LINELEN_PASSWD,
&hashinfo));
}