2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A
2N/A/*
2N/A * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
2N/A * Use is subject to license terms.
2N/A */
2N/A
2N/A#include <sys/types.h>
2N/A#include <nsswitch.h>
2N/A#include <stdlib.h>
2N/A#include <stdio.h>
2N/A#include <string.h>
2N/A#include <syslog.h>
2N/A#include <stdlib.h>
2N/A#include <unistd.h>
2N/A
2N/A#include "ns_sldap.h"
2N/A#include <nss_dbdefs.h>
2N/A#include <nsswitch.h>
2N/A#include <pwd.h>
2N/A#include <shadow.h>
2N/A#include <rpcsvc/nis.h>
2N/A
2N/A#include "passwdutil.h"
2N/A
2N/A/*
2N/A * name_to_int(rep)
2N/A *
2N/A * Translate the repository to a bitmask.
2N/A * if we don't recognise the repository name, we return REP_ERANGE
2N/A */
2N/Aint
2N/Aname_to_int(char *rep_name)
2N/A{
2N/A int result = REP_ERANGE;
2N/A
2N/A if (strcmp(rep_name, "files") == 0)
2N/A result = REP_FILES;
2N/A else if (strcmp(rep_name, "nis") == 0)
2N/A result = REP_NIS;
2N/A else if (strcmp(rep_name, "ldap") == 0)
2N/A result = REP_LDAP;
2N/A else if (strcmp(rep_name, "compat") == 0) {
2N/A struct __nsw_switchconfig *cfg;
2N/A enum __nsw_parse_err pserr;
2N/A
2N/A cfg = __nsw_getconfig("passwd_compat", &pserr);
2N/A if (cfg == NULL) {
2N/A result = REP_FILES | REP_NIS;
2N/A } else {
2N/A if (strcmp(cfg->lookups->service_name, "ldap") == 0)
2N/A result = REP_FILES | REP_LDAP;
2N/A else
2N/A result = REP_ERANGE;
2N/A (void) __nsw_freeconfig(cfg);
2N/A }
2N/A }
2N/A
2N/A return (result);
2N/A}
2N/A
2N/A/*
2N/A * Figure out which repository we use in compat mode.
2N/A */
2N/Aint
2N/Aget_compat_mode(void)
2N/A{
2N/A struct __nsw_switchconfig *cfg;
2N/A enum __nsw_parse_err pserr;
2N/A int result = REP_COMPAT_NIS;
2N/A
2N/A if ((cfg = __nsw_getconfig("passwd_compat", &pserr)) != NULL) {
2N/A if (strcmp(cfg->lookups->service_name, "ldap") == 0)
2N/A result = REP_COMPAT_LDAP;
2N/A }
2N/A (void) __nsw_freeconfig(cfg);
2N/A
2N/A return (result);
2N/A}
2N/A
2N/A/*
2N/A * get_ns(rep, accesstype)
2N/A *
2N/A * returns a bitmask of repositories to use based on either
2N/A * 1. the repository that is given as argument
2N/A * 2. the nsswitch.conf file
2N/A * 3. the type of access requested
2N/A *
2N/A * "accesstype" indicates whether we are reading from or writing to the
2N/A * repository. We need to know this since "compat" will translate into
2N/A * REP_NSS (the nss-switch) for READ access (needed to decode
2N/A * the black-magic '+' entries) but it translates into a bitmask
2N/A * on WRITE access.
2N/A *
2N/A * If we detect read-access in compat mode, we augment the result
2N/A * with one of REP_COMPAT_{NIS,LDAP}. We need this in order to
2N/A * implement ATTR_REP_NAME in nss_getpwnam.
2N/A *
2N/A * A return value of REP_NOREP indicates an error.
2N/A */
2N/Aint
2N/Aget_ns(pwu_repository_t *rep, int accesstype)
2N/A{
2N/A struct __nsw_switchconfig *conf = NULL;
2N/A enum __nsw_parse_err pserr;
2N/A struct __nsw_lookup *lkp;
2N/A struct __nsw_lookup *lkp2;
2N/A struct __nsw_lookup *lkp3;
2N/A struct __nsw_lookup *lkpn;
2N/A int result = REP_NOREP;
2N/A
2N/A if (rep != PWU_DEFAULT_REP) {
2N/A result = name_to_int(rep->type);
2N/A return (result);
2N/A }
2N/A
2N/A conf = __nsw_getconfig("passwd", &pserr);
2N/A if (conf == NULL) {
2N/A /*
2N/A * No config found. The user didn't supply a repository,
2N/A * so we try to change the password in the default
2N/A * repositories (files and nis) even though we cannot
2N/A * find the name service switch entry. (Backward compat)
2N/A */
2N/A syslog(LOG_ERR, "passwdutil.so: nameservice switch entry for "
2N/A "passwd not found.");
2N/A result = REP_FILES | REP_NIS;
2N/A return (result);
2N/A }
2N/A
2N/A lkp = conf->lookups;
2N/A
2N/A /*
2N/A * Supported nsswitch.conf can have a maximum of 3 repositories.
2N/A * If we encounter an unsupported nsswitch.conf, we return REP_NSS
2N/A * to fall back to the nsswitch backend.
2N/A *
2N/A * Note that specifying 'ad' in the configuration is acceptable
2N/A * though changing AD users' passwords through passwd(1) is not.
2N/A * Therefore "ad" will be silently ignored.
2N/A */
2N/A if (conf->num_lookups == 1) {
2N/A /* files or compat */
2N/A
2N/A if (strcmp(lkp->service_name, "files") == 0) {
2N/A result = name_to_int(lkp->service_name);
2N/A } else if (strcmp(lkp->service_name, "compat") == 0) {
2N/A if (accesstype == PWU_READ)
2N/A result = REP_NSS | get_compat_mode();
2N/A else
2N/A result = name_to_int(lkp->service_name);
2N/A } else
2N/A result = REP_NSS;
2N/A
2N/A } else if (conf->num_lookups == 2) {
2N/A lkp2 = lkp->next;
2N/A if (strcmp(lkp->service_name, "files") == 0) {
2N/A result = REP_FILES;
2N/A if (strcmp(lkp2->service_name, "ldap") == 0)
2N/A result |= REP_LDAP;
2N/A else if (strcmp(lkp2->service_name, "nis") == 0)
2N/A result |= REP_NIS;
2N/A else if (strcmp(lkp2->service_name, "ad") != 0)
2N/A result = REP_NSS;
2N/A /* AD is ignored */
2N/A } else {
2N/A result = REP_NSS;
2N/A }
2N/A } else if (conf->num_lookups == 3) {
2N/A /*
2N/A * Valid configurations with 3 repositories are:
2N/A * files ad [nis | ldap ] OR
2N/A * files [nis | ldap ] ad
2N/A */
2N/A lkp2 = lkp->next;
2N/A lkp3 = lkp2->next;
2N/A if (strcmp(lkp2->service_name, "ad") == 0)
2N/A lkpn = lkp3;
2N/A else if (strcmp(lkp3->service_name, "ad") == 0)
2N/A lkpn = lkp2;
2N/A else
2N/A lkpn = NULL;
2N/A if (strcmp(lkp->service_name, "files") == 0 &&
2N/A lkpn != NULL) {
2N/A result = REP_FILES;
2N/A if (strcmp(lkpn->service_name, "ldap") == 0)
2N/A result |= REP_LDAP;
2N/A else if (strcmp(lkpn->service_name, "nis") == 0)
2N/A result |= REP_NIS;
2N/A else
2N/A result = REP_NSS;
2N/A } else {
2N/A result = REP_NSS;
2N/A }
2N/A } else {
2N/A result = REP_NSS;
2N/A }
2N/A
2N/A (void) __nsw_freeconfig(conf);
2N/A return (result);
2N/A}
2N/A
2N/Astatic void
2N/Anss_ldap_passwd(p)
2N/A nss_db_params_t *p;
2N/A{
2N/A p->name = NSS_DBNAM_PASSWD;
2N/A p->flags |= NSS_USE_DEFAULT_CONFIG;
2N/A p->default_config = "ldap";
2N/A}
2N/A
2N/Astatic void
2N/Anss_ldap_shadow(p)
2N/A nss_db_params_t *p;
2N/A{
2N/A p->name = NSS_DBNAM_SHADOW;
2N/A p->config_name = NSS_DBNAM_PASSWD; /* Use config for "passwd" */
2N/A p->flags |= NSS_USE_DEFAULT_CONFIG;
2N/A p->default_config = "ldap";
2N/A}
2N/A
2N/A
2N/A#ifdef PAM_NIS
2N/Astatic void
2N/Anss_nis_passwd(p)
2N/A nss_db_params_t *p;
2N/A{
2N/A p->name = NSS_DBNAM_PASSWD;
2N/A p->flags |= NSS_USE_DEFAULT_CONFIG;
2N/A p->default_config = "nis";
2N/A}
2N/A
2N/Astatic void
2N/Anss_nis_shadow(p)
2N/A nss_db_params_t *p;
2N/A{
2N/A p->name = NSS_DBNAM_SHADOW;
2N/A p->config_name = NSS_DBNAM_PASSWD; /* Use config for "passwd" */
2N/A p->flags |= NSS_USE_DEFAULT_CONFIG;
2N/A p->default_config = "nis";
2N/A}
2N/A#endif /* PAM_NIS */
2N/A
2N/Astatic char *
2N/Agettok(nextpp)
2N/A char **nextpp;
2N/A{
2N/A char *p = *nextpp;
2N/A char *q = p;
2N/A char c;
2N/A
2N/A if (p == 0) {
2N/A return (0);
2N/A }
2N/A while ((c = *q) != '\0' && c != ':') {
2N/A q++;
2N/A }
2N/A if (c == '\0') {
2N/A *nextpp = 0;
2N/A } else {
2N/A *q++ = '\0';
2N/A *nextpp = q;
2N/A }
2N/A return (p);
2N/A}
2N/A
2N/A/*
2N/A * Return values: 0 = success, 1 = parse error, 2 = erange ...
2N/A * The structure pointer passed in is a structure in the caller's space
2N/A * wherein the field pointers would be set to areas in the buffer if
2N/A * need be. instring and buffer should be separate areas.
2N/A */
2N/Astatic int
2N/Astr2passwd(const char *instr, int lenstr, void *ent, char *buffer, int buflen)
2N/A{
2N/A struct passwd *passwd = (struct passwd *)ent;
2N/A char *p, *next;
2N/A int black_magic; /* "+" or "-" entry */
2N/A
2N/A if (lenstr + 1 > buflen) {
2N/A return (NSS_STR_PARSE_ERANGE);
2N/A }
2N/A /*
2N/A * We copy the input string into the output buffer and
2N/A * operate on it in place.
2N/A */
2N/A (void) memcpy(buffer, instr, lenstr);
2N/A buffer[lenstr] = '\0';
2N/A
2N/A next = buffer;
2N/A
2N/A passwd->pw_name = p = gettok(&next); /* username */
2N/A if (*p == '\0') {
2N/A /* Empty username; not allowed */
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A black_magic = (*p == '+' || *p == '-');
2N/A if (black_magic) {
2N/A passwd->pw_uid = UID_NOBODY;
2N/A passwd->pw_gid = GID_NOBODY;
2N/A /*
2N/A * pwconv tests pw_passwd and pw_age == NULL
2N/A */
2N/A passwd->pw_passwd = "";
2N/A passwd->pw_age = "";
2N/A /*
2N/A * the rest of the passwd entry is "optional"
2N/A */
2N/A passwd->pw_comment = "";
2N/A passwd->pw_gecos = "";
2N/A passwd->pw_dir = "";
2N/A passwd->pw_shell = "";
2N/A }
2N/A
2N/A passwd->pw_passwd = p = gettok(&next); /* password */
2N/A if (p == 0) {
2N/A if (black_magic)
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A for (; *p != '\0'; p++) { /* age */
2N/A if (*p == ',') {
2N/A *p++ = '\0';
2N/A break;
2N/A }
2N/A }
2N/A passwd->pw_age = p;
2N/A
2N/A p = next; /* uid */
2N/A if (p == 0 || *p == '\0') {
2N/A if (black_magic)
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A if (!black_magic) {
2N/A passwd->pw_uid = strtol(p, &next, 10);
2N/A if (next == p) {
2N/A /* uid field should be nonempty */
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A /*
2N/A * The old code (in 2.0 thru 2.5) would check
2N/A * for the uid being negative, or being greater
2N/A * than 60001 (the rfs limit). If it met either of
2N/A * these conditions, the uid was translated to 60001.
2N/A *
2N/A * Now we just check for ephemeral uids; anything else
2N/A * is administrative policy
2N/A */
2N/A if (passwd->pw_uid > MAXUID)
2N/A passwd->pw_uid = UID_NOBODY;
2N/A }
2N/A if (*next++ != ':') {
2N/A if (black_magic)
2N/A p = gettok(&next);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A p = next; /* gid */
2N/A if (p == 0 || *p == '\0') {
2N/A if (black_magic)
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A if (!black_magic) {
2N/A passwd->pw_gid = strtol(p, &next, 10);
2N/A if (next == p) {
2N/A /* gid field should be nonempty */
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A /*
2N/A * gid should be non-negative; anything else
2N/A * is administrative policy.
2N/A */
2N/A if (passwd->pw_gid > MAXUID)
2N/A passwd->pw_gid = GID_NOBODY;
2N/A }
2N/A if (*next++ != ':') {
2N/A if (black_magic)
2N/A p = gettok(&next);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A
2N/A passwd->pw_gecos = passwd->pw_comment = p = gettok(&next);
2N/A if (p == 0) {
2N/A if (black_magic)
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A
2N/A passwd->pw_dir = p = gettok(&next);
2N/A if (p == 0) {
2N/A if (black_magic)
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A
2N/A passwd->pw_shell = p = gettok(&next);
2N/A if (p == 0) {
2N/A if (black_magic)
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A
2N/A /* Better not be any more fields... */
2N/A if (next == 0) {
2N/A /* Successfully parsed and stored */
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A }
2N/A return (NSS_STR_PARSE_PARSE);
2N/A}
2N/A
2N/Atypedef const char *constp;
2N/A
2N/A/*
2N/A * Return value 1 means success and more input, 0 means error or no more
2N/A */
2N/Astatic int
2N/Agetfield(nextp, limit, uns, valp)
2N/A constp *nextp;
2N/A constp limit;
2N/A int uns;
2N/A void *valp;
2N/A{
2N/A constp p = *nextp;
2N/A char *endfield;
2N/A char numbuf[12]; /* Holds -2^31 and trailing ':' */
2N/A int len;
2N/A long x;
2N/A unsigned long ux;
2N/A
2N/A if (p == 0 || p >= limit) {
2N/A return (0);
2N/A }
2N/A if (*p == ':') {
2N/A p++;
2N/A *nextp = p;
2N/A return (p < limit);
2N/A }
2N/A if ((len = limit - p) > sizeof (numbuf) - 1) {
2N/A len = sizeof (numbuf) - 1;
2N/A }
2N/A /*
2N/A * We want to use strtol() and we have a readonly non-zero-terminated
2N/A * string, so first we copy and terminate the interesting bit.
2N/A * Ugh. (It's convenient to terminate with a colon rather than \0).
2N/A */
2N/A if ((endfield = memccpy(numbuf, p, ':', len)) == 0) {
2N/A if (len != limit - p) {
2N/A /* Error -- field is too big to be a legit number */
2N/A return (0);
2N/A }
2N/A numbuf[len] = ':';
2N/A p = limit;
2N/A } else {
2N/A p += (endfield - numbuf);
2N/A }
2N/A if (uns) {
2N/A ux = strtoul(numbuf, &endfield, 10);
2N/A if (*endfield != ':') {
2N/A /* Error -- expected <integer><colon> */
2N/A return (0);
2N/A }
2N/A *((unsigned int *)valp) = (unsigned int)ux;
2N/A } else {
2N/A x = strtol(numbuf, &endfield, 10);
2N/A if (*endfield != ':') {
2N/A /* Error -- expected <integer><colon> */
2N/A return (0);
2N/A }
2N/A *((int *)valp) = (int)x;
2N/A }
2N/A *nextp = p;
2N/A return (p < limit);
2N/A}
2N/A
2N/A/*
2N/A * str2spwd() -- convert a string to a shadow passwd entry. The parser is
2N/A * more liberal than the passwd or group parsers; since it's legitimate
2N/A * for almost all the fields here to be blank, the parser lets one omit
2N/A * any number of blank fields at the end of the entry. The acceptable
2N/A * forms for '+' and '-' entries are the same as those for normal entries.
2N/A * === Is this likely to do more harm than good?
2N/A *
2N/A * Return values: 0 = success, 1 = parse error, 2 = erange ...
2N/A * The structure pointer passed in is a structure in the caller's space
2N/A * wherein the field pointers would be set to areas in the buffer if
2N/A * need be. instring and buffer should be separate areas.
2N/A */
2N/Aint
2N/Astr2spwd(instr, lenstr, ent, buffer, buflen)
2N/A const char *instr;
2N/A int lenstr;
2N/A void *ent; /* really (struct spwd *) */
2N/A char *buffer;
2N/A int buflen;
2N/A{
2N/A struct spwd *shadow = (struct spwd *)ent;
2N/A const char *p = instr, *limit;
2N/A char *bufp;
2N/A int lencopy, black_magic;
2N/A
2N/A limit = p + lenstr;
2N/A if ((p = memchr(instr, ':', lenstr)) == 0 ||
2N/A ++p >= limit ||
2N/A (p = memchr(p, ':', limit - p)) == 0) {
2N/A lencopy = lenstr;
2N/A p = 0;
2N/A } else {
2N/A lencopy = p - instr;
2N/A p++;
2N/A }
2N/A if (lencopy + 1 > buflen) {
2N/A return (NSS_STR_PARSE_ERANGE);
2N/A }
2N/A (void) memcpy(buffer, instr, lencopy);
2N/A buffer[lencopy] = 0;
2N/A
2N/A black_magic = (*instr == '+' || *instr == '-');
2N/A shadow->sp_namp = bufp = buffer;
2N/A shadow->sp_pwdp = 0;
2N/A shadow->sp_lstchg = -1;
2N/A shadow->sp_min = -1;
2N/A shadow->sp_max = -1;
2N/A shadow->sp_warn = -1;
2N/A shadow->sp_inact = -1;
2N/A shadow->sp_expire = -1;
2N/A shadow->sp_flag = 0;
2N/A
2N/A if ((bufp = strchr(bufp, ':')) == 0) {
2N/A if (black_magic)
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A *bufp++ = '\0';
2N/A
2N/A shadow->sp_pwdp = bufp;
2N/A if (instr == 0) {
2N/A if ((bufp = strchr(bufp, ':')) == 0) {
2N/A if (black_magic)
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A else
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A *bufp++ = '\0';
2N/A p = bufp;
2N/A } /* else p was set when we copied name and passwd into the buffer */
2N/A
2N/A if (!getfield(&p, limit, 0, &shadow->sp_lstchg))
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A if (!getfield(&p, limit, 0, &shadow->sp_min))
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A if (!getfield(&p, limit, 0, &shadow->sp_max))
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A if (!getfield(&p, limit, 0, &shadow->sp_warn))
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A if (!getfield(&p, limit, 0, &shadow->sp_inact))
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A if (!getfield(&p, limit, 0, &shadow->sp_expire))
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A if (!getfield(&p, limit, 1, &shadow->sp_flag))
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A if (p != limit) {
2N/A /* Syntax error -- garbage at end of line */
2N/A return (NSS_STR_PARSE_PARSE);
2N/A }
2N/A return (NSS_STR_PARSE_SUCCESS);
2N/A}
2N/A
2N/Astatic nss_XbyY_buf_t *buffer;
2N/Astatic DEFINE_NSS_DB_ROOT(db_root);
2N/A
2N/A#define GETBUF() \
2N/A NSS_XbyY_ALLOC(&buffer, sizeof (struct passwd), NSS_BUFLEN_PASSWD)
2N/A
2N/A#pragma fini(endutilpwent)
2N/A
2N/Astatic void
2N/Aendutilpwent(void)
2N/A{
2N/A NSS_XbyY_FREE(&buffer);
2N/A nss_delete(&db_root);
2N/A}
2N/A
2N/A/*ARGSUSED*/
2N/Astruct passwd *
2N/Agetpwnam_from(const char *name, pwu_repository_t *rep, int reptype)
2N/A{
2N/A nss_XbyY_buf_t *b = GETBUF();
2N/A nss_XbyY_args_t arg;
2N/A
2N/A if (b == 0)
2N/A return (0);
2N/A
2N/A NSS_XbyY_INIT(&arg, b->result, b->buffer, b->buflen, str2passwd);
2N/A arg.key.name = name;
2N/A
2N/A switch (reptype) {
2N/A case REP_LDAP:
2N/A (void) nss_search(&db_root, nss_ldap_passwd,
2N/A NSS_DBOP_PASSWD_BYNAME, &arg);
2N/A break;
2N/A#ifdef PAM_NIS
2N/A case REP_NIS:
2N/A (void) nss_search(&db_root, nss_nis_passwd,
2N/A NSS_DBOP_PASSWD_BYNAME, &arg);
2N/A break;
2N/A#endif
2N/A default:
2N/A return (NULL);
2N/A }
2N/A
2N/A return (struct passwd *)NSS_XbyY_FINI(&arg);
2N/A}
2N/A
2N/A/*ARGSUSED*/
2N/Astruct passwd *
2N/Agetpwuid_from(uid_t uid, pwu_repository_t *rep, int reptype)
2N/A{
2N/A nss_XbyY_buf_t *b = GETBUF();
2N/A nss_XbyY_args_t arg;
2N/A
2N/A if (b == 0)
2N/A return (0);
2N/A
2N/A NSS_XbyY_INIT(&arg, b->result, b->buffer, b->buflen, str2passwd);
2N/A arg.key.uid = uid;
2N/A
2N/A switch (reptype) {
2N/A case REP_LDAP:
2N/A (void) nss_search(&db_root, nss_ldap_passwd,
2N/A NSS_DBOP_PASSWD_BYUID, &arg);
2N/A break;
2N/A#ifdef PAM_NIS
2N/A case REP_NIS:
2N/A (void) nss_search(&db_root, nss_nis_passwd,
2N/A NSS_DBOP_PASSWD_BYUID, &arg);
2N/A break;
2N/A#endif
2N/A default:
2N/A return (NULL);
2N/A }
2N/A
2N/A return (struct passwd *)NSS_XbyY_FINI(&arg);
2N/A}
2N/A
2N/Astatic nss_XbyY_buf_t *spbuf;
2N/Astatic DEFINE_NSS_DB_ROOT(spdb_root);
2N/A
2N/A#define GETSPBUF() \
2N/A NSS_XbyY_ALLOC(&spbuf, sizeof (struct spwd), NSS_BUFLEN_SHADOW)
2N/A
2N/A#pragma fini(endutilspent)
2N/A
2N/Astatic void
2N/Aendutilspent(void)
2N/A{
2N/A NSS_XbyY_FREE(&spbuf);
2N/A nss_delete(&spdb_root);
2N/A}
2N/A
2N/A/*ARGSUSED*/
2N/Astruct spwd *
2N/Agetspnam_from(const char *name, pwu_repository_t *rep, int reptype)
2N/A{
2N/A nss_XbyY_buf_t *b = GETSPBUF();
2N/A nss_XbyY_args_t arg;
2N/A
2N/A if (b == 0)
2N/A return (0);
2N/A
2N/A NSS_XbyY_INIT(&arg, b->result, b->buffer, b->buflen, str2spwd);
2N/A arg.key.name = name;
2N/A switch (reptype) {
2N/A case REP_LDAP:
2N/A (void) nss_search(&spdb_root, nss_ldap_shadow,
2N/A NSS_DBOP_SHADOW_BYNAME, &arg);
2N/A break;
2N/A#ifdef PAM_NIS
2N/A case REP_NIS:
2N/A (void) nss_search(&spdb_root, nss_nis_shadow,
2N/A NSS_DBOP_SHADOW_BYNAME, &arg);
2N/A break;
2N/A#endif
2N/A default:
2N/A return (NULL);
2N/A }
2N/A return (struct spwd *)NSS_XbyY_FINI(&arg);
2N/A}