getspent.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 1988-1995 Sun Microsystems Inc
* All Rights Reserved.
*
* nisplus/getspent.c: implementations of getspnam(), getspent(), setspent(),
* endspent() for NIS+. We keep the shadow information in a column
* ("shadow") of the same table that stores vanilla passwd information.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <shadow.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <thread.h>
#include "nisplus_common.h"
#include "nisplus_tables.h"
extern int key_secretkey_is_set_g();
/*
* bugid 4301477:
* We lock NIS+/getspnam() so there is only one at a time,
* So applications which link with libthread can now call
* getspnam() (or UNIX pam_authenticate() which calls getspnam)
* in a Secure NIS+ environment (as per CERT Advisory 96.10).
* threaded, note dtlogin is now linked with libthread (bugid 4263325)
* which is why this bug exists (Note thr_main() check was removed)
*/
static nss_status_t
void *a;
{
const char *username;
char *save_buf;
/* part of fix for bugid 4301477 */
/*
* There is a dirty little private protocol with the nis_object2ent()
* routine below: it gives us back a uid in the argp->key.uid
* field. Since "key" is a union, and we're using key.name,
*/
/*
* passwd.org_dir may have its access rights set up so that
* the passwd field can only be read by the user whom
* the entry describes. If we get an *NP* in the password
* field we should try to get it again as the user. If not,
* we return now.
*/
/* fix for bugid 4301477 DELETED if (_thr_main() != -1) goto out; */
goto out;
/* Get our current euid and that of the entry */
/*
* If the entry uid differs from our own euid, set our euid to
* the entry uid and try the lookup again.
*/
/*
* Do the second lookup only if secretkey is set for
* this euid, otherwise it will be pointless. Also,
* make sure we can allocate space to save the old
* results.
*/
if (key_secretkey_is_set_g(0, 0) &&
/* Save the old results in case the new lookup fails */
/* Do the lookup (this time as the user). */
username);
/* If it failed, restore the old results */
if (status != NSS_SUCCESS) {
}
}
/* Set uid back */
}
out:
/* end of fix for bugid 4301477 unlock NIS+/getspnam() */
return (status);
}
/*
* place the results from the nis_object structure into argp->buf.result
* Returns NSS_STR_PARSE_{SUCCESS, ERANGE, PARSE}
*/
/*ARGSUSED*/
static int
int nobj;
{
char *val;
int len;
char *endnum;
char *p;
long x;
/*
* If we got more than one nis_object, we just ignore it.
* Although it should never have happened.
*
* ASSUMPTION: All the columns in the NIS+ tables are
* null terminated.
*/
return (NSS_STR_PARSE_PARSE);
}
/*
* sp_namp: user name
*/
if (len < 2)
return (NSS_STR_PARSE_PARSE);
return (NSS_STR_PARSE_ERANGE);
/*
* sp_pwdp: password
*/
if (len < 2) {
/*
* don't return NULL pointer, lot of stupid programs
* out there.
*/
*buffer = '\0';
return (NSS_STR_PARSE_ERANGE);
} else {
return (NSS_STR_PARSE_ERANGE);
}
/*
* get uid
*/
if (len < 2)
return (NSS_STR_PARSE_PARSE);
if (*endnum != 0)
return (NSS_STR_PARSE_PARSE);
/*
* See discussion of private protocol in getbynam() above.
* Note that we also end up doing this if we're called from
* _nss_nisplus_getent(), but that's OK -- when we're doing
* enumerations we don't care what's in the argp->key union.
*/
/*
* Default values
*/
/*
* shadow information
*
* We will be lenient to no shadow field or a shadow field
* with less than the desired number of ":" separated longs.
* XXX - should we be more strict ?
*/
if (len < 2)
return (NSS_STR_PARSE_SUCCESS);
/*
* Parse val for the aging fields (quickly, they might die)
*/
p = val;
return (NSS_STR_PARSE_SUCCESS);
if (endnum != p)
p = endnum + 1;
return (NSS_STR_PARSE_SUCCESS);
if (endnum != p)
p = endnum + 1;
return (NSS_STR_PARSE_SUCCESS);
if (endnum != p)
p = endnum + 1;
return (NSS_STR_PARSE_SUCCESS);
if (endnum != p)
p = endnum + 1;
return (NSS_STR_PARSE_SUCCESS);
if (endnum != p) {
}
p = endnum + 1;
return (NSS_STR_PARSE_SUCCESS);
if (endnum != p)
p = endnum + 1;
return (NSS_STR_PARSE_SUCCESS);
if (endnum != p)
return (NSS_STR_PARSE_SUCCESS);
}
static nisplus_backend_op_t sp_ops[] = {
};
/*ARGSUSED*/
{
return (_nss_nisplus_constr(sp_ops,
}