nis_attr.c revision 36e852a172cba914383d7341c988128b2c667fbd
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <pwd.h>
#include <unistd.h>
#include <syslog.h>
#include <netdb.h>
#include <rpcsvc/yppasswd.h>
#include "passwdutil.h"
void **buf);
char **auth_user, int *privileged);
/*
* nis function pointer table, used by passwdutil_init to initialize
* the global Repository-OPerations table "rops"
*/
struct repops nis_repops = {
NULL, /* checkhistory */
NULL, /* lock */
NULL /* unlock */
};
/*
*/
typedef struct {
char *domain;
char *master;
char *scratch;
int scratchlen;
char *c2scratch;
int c2scratchlen;
} nisbuf_t;
/*
* Are we a 'privileged' process? Yes if we are running on the
* NIS server AND we are root...
*/
int
{
char thishost[MAXHOSTNAMELEN];
return (0);
}
return (0);
/* We're running on the NIS server. */
return (getuid() == 0);
}
/*
* nis_to_pwd()
*
* convert password-entry-line to "struct passwd"
*/
void
{
}
/*
* nis_user_to_authenticate(name, rep, auth_user, privileged)
*
*/
/*ARGSUSED*/
int
char **auth_user, int *privileged)
{
int res;
/*
* special NIS case: don't bother to get "root" from NIS
*/
return (PWU_NOT_FOUND);
if (res != PWU_SUCCESS)
return (res);
if (nis_privileged(buf)) {
*privileged = 1;
res = PWU_SUCCESS;
} else {
/* root, or user herself can change attributes */
res = PWU_SUCCESS;
} else {
res = PWU_DENIED;
}
}
/*
* Do not release buf->domain.
* It's been set by yp_get_default_domain()
* and must not be freed.
* See man page yp_get_default_domain(3NSL)
* for details.
*/
return (res);
}
/*
* nis_getattr(name, items, rep)
*
* get account attributes specified in 'items'
*/
int
{
attrlist *w;
int res;
if (res != PWU_SUCCESS)
return (res);
switch (w->type) {
case ATTR_NAME:
break;
case ATTR_COMMENT:
break;
case ATTR_GECOS:
break;
case ATTR_HOMEDIR:
break;
case ATTR_SHELL:
break;
case ATTR_PASSWD:
break;
case ATTR_REP_NAME:
break;
/* integer values */
case ATTR_UID:
break;
case ATTR_GID:
break;
case ATTR_LSTCHG:
case ATTR_MIN:
case ATTR_MAX:
case ATTR_WARN:
case ATTR_INACT:
case ATTR_EXPIRE:
case ATTR_FLAG:
case ATTR_AGE:
break;
default:
break;
}
}
/*
* Do not release nisbuf->domain.
* It's been set by yp_get_default_domain()
* and must not be freed.
* See man page yp_get_default_domain(3NSL)
* for details.
*/
return (res);
}
/*
* nis_getpwnam(name, items, rep)
*
* Get the account information of user 'name'
*/
/*ARGSUSED*/
int
void **buf)
{
int nisresult;
return (PWU_NOMEM);
return (PWU_NOMEM);
}
/*
* Do not release nisbuf->domain.
* It is going to be set by yp_get_default_domain()
* and must not be freed.
* See man page yp_get_default_domain(3NSL)
* for details.
*/
return (PWU_SERVER_ERROR);
}
"passwdutil.so: can't get master for passwd map");
return (PWU_SERVER_ERROR);
}
&(nisbuf->scratchlen));
if (nisresult != 0) {
return (PWU_NOT_FOUND);
}
/*
* check for the C2 security flag "##" in the passwd field.
* If the first 2 chars in the passwd field is "##", get
* the user's passwd from passwd.adjunct.byname map.
* The lookup to this passwd.adjunct.byname map will only
* succeed if the caller's uid is 0 because only root user
* can use privilege port.
*/
int keylen;
char *p;
&(nisbuf->c2scratchlen));
/* Skip username (first field), and pick up password */
(void) strsep(&p, ":");
}
}
return (PWU_SUCCESS);
}
/*
* nis_update(items, rep, buf)
*
* specified in "items".
*/
/*ARGSUSED*/
int
{
attrlist *p;
char *salt;
switch (p->type) {
case ATTR_NAME:
break;
/*
* Nothing special needs to be done for
* server policy
*/
case ATTR_PASSWD:
return (PWU_NOMEM);
else {
/* algorithm problem? */
"passwdutil: crypt_gensalt "
"%m");
return (PWU_UPDATE_FAILED);
}
}
break;
case ATTR_UID:
break;
case ATTR_GID:
break;
case ATTR_AGE:
break;
case ATTR_COMMENT:
break;
case ATTR_GECOS:
break;
case ATTR_HOMEDIR:
break;
case ATTR_SHELL:
break;
case ATTR_LSTCHG:
case ATTR_MIN:
case ATTR_MAX:
case ATTR_WARN:
case ATTR_INACT:
case ATTR_EXPIRE:
case ATTR_FLAG:
default:
break;
}
}
return (PWU_SUCCESS);
}
/*
* nis_putpwnam(name, oldpw, rep, buf)
*
* Update the NIS server. The passwd structure in buf will be sent to
* the server for user "name" authenticating with password "oldpw".
*/
/*ARGSUSED*/
int
void *buf)
{
int ok;
return (PWU_NOT_FOUND);
/*
* If we are privileged, we create a ticlts connection to the
* NIS server so that it can check our credentials
*/
if (nis_privileged(nisbuf)) {
if (!nconf) {
"passwdutil.so: Couldn't get netconfig entry");
return (PWU_SYSTEM_ERROR);
}
} else {
/* Try IPv6 first */
YPPASSWDVERS, "udp6");
YPPASSWDVERS, "udp");
}
"passwdutil.so: couldn't create client to YP master");
return (PWU_SERVER_ERROR);
}
(void) clnt_destroy(client);
if (ans != RPC_SUCCESS) {
return (PWU_UPDATE_FAILED);
}
/* These errors are obtained from the yppasswdd.c code */
switch (ok) {
case 2: return (PWU_DENIED);
case 8: return (PWU_BUSY);
case 9: return (PWU_SERVER_ERROR);
case 4: return (PWU_NOT_FOUND);
case 3: return (PWU_NO_CHANGE);
case 7: return (PWU_DENIED);
case 0: return (PWU_SUCCESS);
default: return (PWU_SYSTEM_ERROR);
}
}