Home | History | Annotate | Line # | Download | only in gen
getpwent.c revision 1.41
      1  1.41     lukem /*	$NetBSD: getpwent.c,v 1.41 1999/04/18 02:04:05 lukem Exp $	*/
      2  1.12       cgd 
      3   1.1       cgd /*
      4  1.12       cgd  * Copyright (c) 1988, 1993
      5  1.12       cgd  *	The Regents of the University of California.  All rights reserved.
      6  1.14      phil  * Portions Copyright (c) 1994, 1995, Jason Downs.  All rights reserved.
      7   1.1       cgd  *
      8   1.1       cgd  * Redistribution and use in source and binary forms, with or without
      9   1.1       cgd  * modification, are permitted provided that the following conditions
     10   1.1       cgd  * are met:
     11   1.1       cgd  * 1. Redistributions of source code must retain the above copyright
     12   1.1       cgd  *    notice, this list of conditions and the following disclaimer.
     13   1.1       cgd  * 2. Redistributions in binary form must reproduce the above copyright
     14   1.1       cgd  *    notice, this list of conditions and the following disclaimer in the
     15   1.1       cgd  *    documentation and/or other materials provided with the distribution.
     16   1.1       cgd  * 3. All advertising materials mentioning features or use of this software
     17   1.1       cgd  *    must display the following acknowledgement:
     18   1.1       cgd  *	This product includes software developed by the University of
     19   1.1       cgd  *	California, Berkeley and its contributors.
     20   1.1       cgd  * 4. Neither the name of the University nor the names of its contributors
     21   1.1       cgd  *    may be used to endorse or promote products derived from this software
     22   1.1       cgd  *    without specific prior written permission.
     23   1.1       cgd  *
     24   1.1       cgd  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
     25   1.1       cgd  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     26   1.1       cgd  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     27   1.1       cgd  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
     28   1.1       cgd  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     29   1.1       cgd  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     30   1.1       cgd  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     31   1.1       cgd  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     32   1.1       cgd  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     33   1.1       cgd  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     34   1.1       cgd  * SUCH DAMAGE.
     35   1.1       cgd  */
     36   1.1       cgd 
     37  1.22  christos #include <sys/cdefs.h>
     38   1.1       cgd #if defined(LIBC_SCCS) && !defined(lint)
     39  1.12       cgd #if 0
     40  1.24     perry static char sccsid[] = "@(#)getpwent.c	8.2 (Berkeley) 4/27/95";
     41  1.12       cgd #else
     42  1.41     lukem __RCSID("$NetBSD: getpwent.c,v 1.41 1999/04/18 02:04:05 lukem Exp $");
     43  1.12       cgd #endif
     44   1.1       cgd #endif /* LIBC_SCCS and not lint */
     45   1.1       cgd 
     46  1.23       jtc #include "namespace.h"
     47   1.1       cgd #include <sys/param.h>
     48   1.1       cgd #include <fcntl.h>
     49   1.1       cgd #include <db.h>
     50   1.1       cgd #include <syslog.h>
     51   1.1       cgd #include <pwd.h>
     52   1.1       cgd #include <utmp.h>
     53   1.1       cgd #include <errno.h>
     54   1.1       cgd #include <unistd.h>
     55   1.1       cgd #include <stdlib.h>
     56   1.1       cgd #include <string.h>
     57   1.1       cgd #include <limits.h>
     58  1.14      phil #include <netgroup.h>
     59  1.32     lukem #include <nsswitch.h>
     60  1.32     lukem #ifdef HESIOD
     61  1.32     lukem #include <hesiod.h>
     62  1.32     lukem #endif
     63   1.4   deraadt #ifdef YP
     64  1.14      phil #include <machine/param.h>
     65   1.4   deraadt #include <stdio.h>
     66   1.4   deraadt #include <rpc/rpc.h>
     67   1.4   deraadt #include <rpcsvc/yp_prot.h>
     68   1.4   deraadt #include <rpcsvc/ypclnt.h>
     69  1.41     lukem #endif
     70  1.41     lukem 
     71  1.41     lukem #ifdef __STDC__
     72  1.41     lukem #include <stdarg.h>
     73  1.41     lukem #else
     74  1.41     lukem #include <varargs.h>
     75  1.23       jtc #endif
     76  1.23       jtc 
     77  1.27   thorpej #include "pw_private.h"
     78  1.27   thorpej 
     79  1.40     lukem #if defined(YP) || defined(HESIOD)
     80  1.40     lukem #define _PASSWD_COMPAT
     81  1.40     lukem #endif
     82  1.40     lukem 
     83  1.23       jtc #ifdef __weak_alias
     84  1.23       jtc __weak_alias(endpwent,_endpwent);
     85  1.23       jtc __weak_alias(getpwent,_getpwent);
     86  1.23       jtc __weak_alias(getpwnam,_getpwnam);
     87  1.23       jtc __weak_alias(getpwuid,_getpwuid);
     88  1.23       jtc __weak_alias(setpassent,_setpassent);
     89  1.23       jtc __weak_alias(setpwent,_setpwent);
     90   1.4   deraadt #endif
     91   1.1       cgd 
     92  1.24     perry 
     93  1.24     perry /*
     94  1.24     perry  * The lookup techniques and data extraction code here must be kept
     95  1.24     perry  * in sync with that in `pwd_mkdb'.
     96  1.24     perry  */
     97  1.24     perry 
     98   1.1       cgd static struct passwd _pw_passwd;	/* password structure */
     99   1.1       cgd static DB *_pw_db;			/* password database */
    100   1.1       cgd static int _pw_keynum;			/* key counter */
    101   1.1       cgd static int _pw_stayopen;		/* keep fd's open */
    102  1.14      phil static int _pw_flags;			/* password flags */
    103  1.32     lukem static int _pw_none;			/* true if getpwent got EOF */
    104  1.32     lukem 
    105  1.14      phil static int __hashpw __P((DBT *));
    106  1.14      phil static int __initdb __P((void));
    107  1.14      phil 
    108  1.14      phil const char __yp_token[] = "__YP!";	/* Let pwd_mkdb pull this in. */
    109  1.36     lukem static const ns_src compatsrc[] = {
    110  1.36     lukem 	{ NSSRC_COMPAT, NS_SUCCESS },
    111  1.36     lukem 	{ 0 }
    112  1.36     lukem };
    113   1.1       cgd 
    114   1.4   deraadt #ifdef YP
    115  1.32     lukem static char     *__ypcurrent, *__ypdomain;
    116  1.32     lukem static int      __ypcurrentlen;
    117  1.32     lukem #endif
    118  1.32     lukem 
    119  1.32     lukem #ifdef HESIOD
    120  1.32     lukem static int	_pw_hesnum;
    121  1.32     lukem #endif
    122  1.32     lukem 
    123  1.40     lukem #ifdef _PASSWD_COMPAT
    124  1.32     lukem enum _pwmode { PWMODE_NONE, PWMODE_FULL, PWMODE_USER, PWMODE_NETGRP };
    125  1.32     lukem static enum _pwmode __pwmode;
    126  1.14      phil 
    127  1.26     lukem enum _ypmap { YPMAP_NONE, YPMAP_ADJUNCT, YPMAP_MASTER };
    128  1.26     lukem 
    129  1.32     lukem static struct passwd	*__pwproto = (struct passwd *)NULL;
    130  1.32     lukem static int		 __pwproto_flags;
    131  1.32     lukem static char		 line[1024];
    132  1.32     lukem static long		 prbuf[1024 / sizeof(long)];
    133  1.32     lukem static DB		*__pwexclude = (DB *)NULL;
    134  1.32     lukem 
    135  1.32     lukem static int	__pwexclude_add __P((const char *));
    136  1.32     lukem static int	__pwexclude_is __P((const char *));
    137  1.32     lukem static void	__pwproto_set __P((void));
    138  1.32     lukem static int	__ypmaptype __P((void));
    139  1.32     lukem static int	__pwparse __P((struct passwd *, char *));
    140  1.14      phil 
    141  1.26     lukem 	/* macros for deciding which YP maps to use. */
    142  1.26     lukem #define PASSWD_BYNAME	(__ypmaptype() == YPMAP_MASTER \
    143  1.26     lukem 			    ? "master.passwd.byname" : "passwd.byname")
    144  1.26     lukem #define PASSWD_BYUID	(__ypmaptype() == YPMAP_MASTER \
    145  1.26     lukem 			    ? "master.passwd.byuid" : "passwd.byuid")
    146  1.26     lukem 
    147  1.32     lukem /*
    148  1.32     lukem  * add a name to the compat mode exclude list
    149  1.32     lukem  */
    150  1.14      phil static int
    151  1.32     lukem __pwexclude_add(name)
    152  1.26     lukem 	const char *name;
    153  1.14      phil {
    154  1.30  christos 	DBT key;
    155  1.30  christos 	DBT data;
    156  1.14      phil 
    157  1.14      phil 	/* initialize the exclusion table if needed. */
    158  1.32     lukem 	if(__pwexclude == (DB *)NULL) {
    159  1.32     lukem 		__pwexclude = dbopen(NULL, O_RDWR, 600, DB_HASH, NULL);
    160  1.32     lukem 		if(__pwexclude == (DB *)NULL)
    161  1.32     lukem 			return 1;
    162  1.14      phil 	}
    163  1.14      phil 
    164  1.14      phil 	/* set up the key */
    165  1.30  christos 	key.size = strlen(name);
    166  1.30  christos 	/* LINTED key does not get modified */
    167  1.14      phil 	key.data = (char *)name;
    168  1.14      phil 
    169  1.14      phil 	/* data is nothing. */
    170  1.14      phil 	data.data = NULL;
    171  1.14      phil 	data.size = 0;
    172  1.14      phil 
    173  1.14      phil 	/* store it */
    174  1.32     lukem 	if((__pwexclude->put)(__pwexclude, &key, &data, 0) == -1)
    175  1.32     lukem 		return 1;
    176  1.14      phil 
    177  1.32     lukem 	return 0;
    178  1.14      phil }
    179  1.14      phil 
    180  1.32     lukem /*
    181  1.32     lukem  * test if a name is on the compat mode exclude list
    182  1.32     lukem  */
    183  1.14      phil static int
    184  1.32     lukem __pwexclude_is(name)
    185  1.26     lukem 	const char *name;
    186  1.14      phil {
    187  1.31  christos 	DBT key;
    188  1.30  christos 	DBT data;
    189  1.14      phil 
    190  1.32     lukem 	if(__pwexclude == (DB *)NULL)
    191  1.32     lukem 		return 0;	/* nothing excluded */
    192  1.14      phil 
    193  1.14      phil 	/* set up the key */
    194  1.30  christos 	key.size = strlen(name);
    195  1.30  christos 	/* LINTED key does not get modified */
    196  1.14      phil 	key.data = (char *)name;
    197  1.14      phil 
    198  1.32     lukem 	if((__pwexclude->get)(__pwexclude, &key, &data, 0) == 0)
    199  1.32     lukem 		return 1;	/* excluded */
    200  1.14      phil 
    201  1.32     lukem 	return 0;
    202  1.14      phil }
    203  1.14      phil 
    204  1.32     lukem /*
    205  1.32     lukem  * setup the compat mode prototype template
    206  1.32     lukem  */
    207  1.14      phil static void
    208  1.32     lukem __pwproto_set()
    209  1.14      phil {
    210  1.17     lukem 	char *ptr;
    211  1.17     lukem 	struct passwd *pw = &_pw_passwd;
    212  1.14      phil 
    213  1.14      phil 	/* make this the new prototype */
    214  1.30  christos 	ptr = (char *)(void *)prbuf;
    215  1.14      phil 
    216  1.14      phil 	/* first allocate the struct. */
    217  1.37  christos 	__pwproto = (struct passwd *)(void *)ptr;
    218  1.14      phil 	ptr += sizeof(struct passwd);
    219  1.14      phil 
    220  1.14      phil 	/* name */
    221  1.14      phil 	if(pw->pw_name && (pw->pw_name)[0]) {
    222  1.37  christos 		ptr = (char *)ALIGN((u_long)ptr);
    223  1.29     perry 		memmove(ptr, pw->pw_name, strlen(pw->pw_name) + 1);
    224  1.32     lukem 		__pwproto->pw_name = ptr;
    225  1.14      phil 		ptr += (strlen(pw->pw_name) + 1);
    226  1.14      phil 	} else
    227  1.32     lukem 		__pwproto->pw_name = (char *)NULL;
    228  1.14      phil 
    229  1.14      phil 	/* password */
    230  1.14      phil 	if(pw->pw_passwd && (pw->pw_passwd)[0]) {
    231  1.37  christos 		ptr = (char *)ALIGN((u_long)ptr);
    232  1.29     perry 		memmove(ptr, pw->pw_passwd, strlen(pw->pw_passwd) + 1);
    233  1.32     lukem 		__pwproto->pw_passwd = ptr;
    234  1.14      phil 		ptr += (strlen(pw->pw_passwd) + 1);
    235  1.14      phil 	} else
    236  1.32     lukem 		__pwproto->pw_passwd = (char *)NULL;
    237  1.14      phil 
    238  1.14      phil 	/* uid */
    239  1.32     lukem 	__pwproto->pw_uid = pw->pw_uid;
    240  1.14      phil 
    241  1.14      phil 	/* gid */
    242  1.32     lukem 	__pwproto->pw_gid = pw->pw_gid;
    243  1.14      phil 
    244  1.14      phil 	/* change (ignored anyway) */
    245  1.32     lukem 	__pwproto->pw_change = pw->pw_change;
    246  1.14      phil 
    247  1.14      phil 	/* class (ignored anyway) */
    248  1.32     lukem 	__pwproto->pw_class = "";
    249  1.14      phil 
    250  1.14      phil 	/* gecos */
    251  1.14      phil 	if(pw->pw_gecos && (pw->pw_gecos)[0]) {
    252  1.37  christos 		ptr = (char *)ALIGN((u_long)ptr);
    253  1.29     perry 		memmove(ptr, pw->pw_gecos, strlen(pw->pw_gecos) + 1);
    254  1.32     lukem 		__pwproto->pw_gecos = ptr;
    255  1.14      phil 		ptr += (strlen(pw->pw_gecos) + 1);
    256  1.14      phil 	} else
    257  1.32     lukem 		__pwproto->pw_gecos = (char *)NULL;
    258  1.14      phil 
    259  1.14      phil 	/* dir */
    260  1.14      phil 	if(pw->pw_dir && (pw->pw_dir)[0]) {
    261  1.37  christos 		ptr = (char *)ALIGN((u_long)ptr);
    262  1.29     perry 		memmove(ptr, pw->pw_dir, strlen(pw->pw_dir) + 1);
    263  1.32     lukem 		__pwproto->pw_dir = ptr;
    264  1.14      phil 		ptr += (strlen(pw->pw_dir) + 1);
    265  1.14      phil 	} else
    266  1.32     lukem 		__pwproto->pw_dir = (char *)NULL;
    267  1.14      phil 
    268  1.14      phil 	/* shell */
    269  1.14      phil 	if(pw->pw_shell && (pw->pw_shell)[0]) {
    270  1.37  christos 		ptr = (char *)ALIGN((u_long)ptr);
    271  1.29     perry 		memmove(ptr, pw->pw_shell, strlen(pw->pw_shell) + 1);
    272  1.32     lukem 		__pwproto->pw_shell = ptr;
    273  1.14      phil 		ptr += (strlen(pw->pw_shell) + 1);
    274  1.14      phil 	} else
    275  1.32     lukem 		__pwproto->pw_shell = (char *)NULL;
    276  1.14      phil 
    277  1.14      phil 	/* expire (ignored anyway) */
    278  1.32     lukem 	__pwproto->pw_expire = pw->pw_expire;
    279  1.14      phil 
    280  1.14      phil 	/* flags */
    281  1.32     lukem 	__pwproto_flags = _pw_flags;
    282  1.14      phil }
    283   1.4   deraadt 
    284   1.5   deraadt static int
    285  1.26     lukem __ypmaptype()
    286  1.26     lukem {
    287  1.26     lukem 	static int maptype = -1;
    288  1.26     lukem 	int order, r;
    289  1.26     lukem 
    290  1.26     lukem 	if (maptype != -1)
    291  1.26     lukem 		return (maptype);
    292  1.26     lukem 
    293  1.26     lukem 	maptype = YPMAP_NONE;
    294  1.26     lukem 	if (geteuid() != 0)
    295  1.26     lukem 		return (maptype);
    296  1.26     lukem 
    297  1.26     lukem 	if (!__ypdomain) {
    298  1.26     lukem 		if( _yp_check(&__ypdomain) == 0)
    299  1.26     lukem 			return (maptype);
    300  1.26     lukem 	}
    301  1.26     lukem 
    302  1.26     lukem 	r = yp_order(__ypdomain, "master.passwd.byname", &order);
    303  1.26     lukem 	if (r == 0) {
    304  1.26     lukem 		maptype = YPMAP_MASTER;
    305  1.26     lukem 		return (maptype);
    306  1.26     lukem 	}
    307  1.26     lukem 
    308  1.26     lukem 	/*
    309  1.26     lukem 	 * NIS+ in YP compat mode doesn't support
    310  1.26     lukem 	 * YPPROC_ORDER -- no point in continuing.
    311  1.26     lukem 	 */
    312  1.26     lukem 	if (r == YPERR_YPERR)
    313  1.26     lukem 		return (maptype);
    314  1.26     lukem 
    315  1.26     lukem 	/* master.passwd doesn't exist -- try passwd.adjunct */
    316  1.26     lukem 	if (r == YPERR_MAP) {
    317  1.26     lukem 		r = yp_order(__ypdomain, "passwd.adjunct.byname", &order);
    318  1.26     lukem 		if (r == 0)
    319  1.26     lukem 			maptype = YPMAP_ADJUNCT;
    320  1.26     lukem 		return (maptype);
    321  1.26     lukem 	}
    322  1.26     lukem 
    323  1.26     lukem 	return (maptype);
    324  1.26     lukem }
    325  1.26     lukem 
    326  1.32     lukem /*
    327  1.32     lukem  * parse an old-style passwd file line (from NIS or HESIOD)
    328  1.32     lukem  */
    329  1.26     lukem static int
    330  1.32     lukem __pwparse(pw, s)
    331  1.26     lukem 	struct passwd *pw;
    332  1.26     lukem 	char *s;
    333   1.4   deraadt {
    334  1.26     lukem 	static char adjunctpw[YPMAXRECORD + 2];
    335  1.26     lukem 	int flags, maptype;
    336   1.4   deraadt 
    337  1.26     lukem 	maptype = __ypmaptype();
    338  1.26     lukem 	flags = _PASSWORD_NOWARN;
    339  1.26     lukem 	if (maptype != YPMAP_MASTER)
    340  1.26     lukem 		flags |= _PASSWORD_OLDFMT;
    341  1.27   thorpej 	if (! __pw_scan(s, pw, &flags))
    342  1.13   mycroft 		return 1;
    343  1.14      phil 
    344  1.14      phil 	/* now let the prototype override, if set. */
    345  1.32     lukem 	if(__pwproto != (struct passwd *)NULL) {
    346  1.32     lukem #ifdef PW_OVERRIDE_PASSWD
    347  1.32     lukem 		if(__pwproto->pw_passwd != (char *)NULL)
    348  1.32     lukem 			pw->pw_passwd = __pwproto->pw_passwd;
    349  1.14      phil #endif
    350  1.32     lukem 		if(!(__pwproto_flags & _PASSWORD_NOUID))
    351  1.32     lukem 			pw->pw_uid = __pwproto->pw_uid;
    352  1.32     lukem 		if(!(__pwproto_flags & _PASSWORD_NOGID))
    353  1.32     lukem 			pw->pw_gid = __pwproto->pw_gid;
    354  1.32     lukem 		if(__pwproto->pw_gecos != (char *)NULL)
    355  1.32     lukem 			pw->pw_gecos = __pwproto->pw_gecos;
    356  1.32     lukem 		if(__pwproto->pw_dir != (char *)NULL)
    357  1.32     lukem 			pw->pw_dir = __pwproto->pw_dir;
    358  1.32     lukem 		if(__pwproto->pw_shell != (char *)NULL)
    359  1.32     lukem 			pw->pw_shell = __pwproto->pw_shell;
    360  1.14      phil 	}
    361  1.26     lukem 	if ((maptype == YPMAP_ADJUNCT) &&
    362  1.26     lukem 	    (strstr(pw->pw_passwd, "##") != NULL)) {
    363  1.26     lukem 		char *data, *bp;
    364  1.26     lukem 		int datalen;
    365  1.26     lukem 
    366  1.26     lukem 		if (yp_match(__ypdomain, "passwd.adjunct.byname", pw->pw_name,
    367  1.30  christos 		    (int)strlen(pw->pw_name), &data, &datalen) == 0) {
    368  1.26     lukem 			if (datalen > sizeof(adjunctpw) - 1)
    369  1.26     lukem 				datalen = sizeof(adjunctpw) - 1;
    370  1.37  christos 			strncpy(adjunctpw, data, (size_t)datalen);
    371  1.26     lukem 
    372  1.26     lukem 				/* skip name to get password */
    373  1.26     lukem 			if ((bp = strsep(&data, ":")) != NULL &&
    374  1.26     lukem 			    (bp = strsep(&data, ":")) != NULL)
    375  1.26     lukem 				pw->pw_passwd = bp;
    376  1.26     lukem 		}
    377  1.26     lukem 	}
    378   1.4   deraadt 	return 0;
    379   1.4   deraadt }
    380  1.40     lukem #endif /* _PASSWD_COMPAT */
    381  1.32     lukem 
    382  1.32     lukem /*
    383  1.32     lukem  * local files implementation of getpw*()
    384  1.32     lukem  * varargs: type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ]
    385  1.32     lukem  */
    386  1.32     lukem static int	_local_getpw __P((void *, void *, va_list));
    387   1.4   deraadt 
    388  1.37  christos /*ARGSUSED*/
    389  1.32     lukem static int
    390  1.32     lukem _local_getpw(rv, cb_data, ap)
    391  1.32     lukem 	void	*rv;
    392  1.32     lukem 	void	*cb_data;
    393  1.32     lukem 	va_list	 ap;
    394   1.1       cgd {
    395  1.32     lukem 	DBT		 key;
    396  1.37  christos 	char		 bf[/*CONSTCOND*/ MAX(MAXLOGNAME, sizeof(_pw_keynum)) + 1];
    397  1.32     lukem 	uid_t		 uid;
    398  1.32     lukem 	int		 search, len, rval;
    399  1.32     lukem 	const char	*name;
    400   1.1       cgd 
    401   1.1       cgd 	if (!_pw_db && !__initdb())
    402  1.32     lukem 		return NS_UNAVAIL;
    403  1.32     lukem 
    404  1.32     lukem 	search = va_arg(ap, int);
    405  1.32     lukem 	bf[0] = search;
    406  1.32     lukem 	switch (search) {
    407  1.32     lukem 	case _PW_KEYBYNUM:
    408  1.32     lukem 		++_pw_keynum;
    409  1.37  christos 		memmove(bf + 1, &_pw_keynum, sizeof(_pw_keynum));
    410  1.32     lukem 		key.size = sizeof(_pw_keynum) + 1;
    411  1.32     lukem 		break;
    412  1.32     lukem 	case _PW_KEYBYNAME:
    413  1.32     lukem 		name = va_arg(ap, const char *);
    414  1.32     lukem 		len = strlen(name);
    415  1.37  christos 		memmove(bf + 1, name, (size_t)MIN(len, MAXLOGNAME));
    416  1.32     lukem 		key.size = len + 1;
    417  1.32     lukem 		break;
    418  1.32     lukem 	case _PW_KEYBYUID:
    419  1.32     lukem 		uid = va_arg(ap, uid_t);
    420  1.37  christos 		memmove(bf + 1, &uid, sizeof(len));
    421  1.32     lukem 		key.size = sizeof(uid) + 1;
    422  1.32     lukem 		break;
    423  1.32     lukem 	default:
    424  1.32     lukem 		abort();
    425  1.32     lukem 	}
    426  1.32     lukem 
    427  1.32     lukem 	key.data = (u_char *)bf;
    428  1.32     lukem 	rval = __hashpw(&key);
    429  1.32     lukem 	if (rval == NS_NOTFOUND && search == _PW_KEYBYNUM) {
    430  1.32     lukem 		_pw_none = 1;
    431  1.32     lukem 		rval = NS_SUCCESS;
    432  1.32     lukem 	}
    433  1.32     lukem 
    434  1.32     lukem 	if (!_pw_stayopen && (search != _PW_KEYBYNUM)) {
    435  1.32     lukem 		(void)(_pw_db->close)(_pw_db);
    436  1.32     lukem 		_pw_db = (DB *)NULL;
    437  1.32     lukem 	}
    438  1.32     lukem 	return (rval);
    439  1.32     lukem }
    440  1.32     lukem 
    441  1.32     lukem #ifdef HESIOD
    442  1.32     lukem /*
    443  1.32     lukem  * hesiod implementation of getpw*()
    444  1.32     lukem  * varargs: type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ]
    445  1.32     lukem  */
    446  1.32     lukem static int	_dns_getpw __P((void *, void *, va_list));
    447  1.32     lukem 
    448  1.37  christos /*ARGSUSED*/
    449  1.32     lukem static int
    450  1.32     lukem _dns_getpw(rv, cb_data, ap)
    451  1.32     lukem 	void	*rv;
    452  1.32     lukem 	void	*cb_data;
    453  1.32     lukem 	va_list	 ap;
    454  1.32     lukem {
    455  1.32     lukem 	const char	 *name;
    456  1.32     lukem 	uid_t		  uid;
    457  1.32     lukem 	int		  search;
    458  1.39     lukem 
    459  1.38   mycroft 	char		 *map;
    460  1.32     lukem 	char		**hp;
    461  1.39     lukem 	void		 *context;
    462  1.39     lukem 	int		  r;
    463  1.32     lukem 
    464  1.32     lukem 	search = va_arg(ap, int);
    465  1.32     lukem 	switch (search) {
    466  1.32     lukem 	case _PW_KEYBYNUM:
    467  1.32     lukem 		snprintf(line, sizeof(line) - 1, "passwd-%u", _pw_hesnum);
    468  1.32     lukem 		_pw_hesnum++;
    469  1.38   mycroft 		map = "passwd";
    470  1.32     lukem 		break;
    471  1.32     lukem 	case _PW_KEYBYNAME:
    472  1.32     lukem 		name = va_arg(ap, const char *);
    473  1.32     lukem 		strncpy(line, name, sizeof(line));
    474  1.38   mycroft 		map = "passwd";
    475  1.32     lukem 		break;
    476  1.32     lukem 	case _PW_KEYBYUID:
    477  1.32     lukem 		uid = va_arg(ap, uid_t);
    478  1.33     lukem 		snprintf(line, sizeof(line), "%u", (unsigned int)uid);
    479  1.40     lukem 		map = "uid";		/* XXX this is `passwd' on ultrix */
    480  1.32     lukem 		break;
    481  1.32     lukem 	default:
    482  1.32     lukem 		abort();
    483  1.32     lukem 	}
    484  1.32     lukem 	line[sizeof(line) - 1] = '\0';
    485  1.32     lukem 
    486  1.39     lukem 	r = NS_UNAVAIL;
    487  1.39     lukem 	if (hesiod_init(&context) == -1)
    488  1.39     lukem 		return (r);
    489  1.39     lukem 
    490  1.39     lukem 	hp = hesiod_resolve(context, line, map);
    491  1.32     lukem 	if (hp == NULL) {
    492  1.39     lukem 		if (errno == ENOENT) {
    493  1.32     lukem 			if (search == _PW_KEYBYNUM) {
    494  1.32     lukem 				_pw_hesnum = 0;
    495  1.32     lukem 				_pw_none = 1;
    496  1.39     lukem 				r = NS_SUCCESS;
    497  1.39     lukem 			} else
    498  1.39     lukem 				r = NS_NOTFOUND;
    499  1.32     lukem 		}
    500  1.39     lukem 		goto cleanup_dns_getpw;
    501  1.32     lukem 	}
    502  1.32     lukem 
    503  1.32     lukem 	strncpy(line, hp[0], sizeof(line));	/* only check first elem */
    504  1.32     lukem 	line[sizeof(line) - 1] = '\0';
    505  1.39     lukem 	hesiod_free_list(context, hp);
    506  1.32     lukem 	if (__pwparse(&_pw_passwd, line))
    507  1.39     lukem 		r = NS_UNAVAIL;
    508  1.39     lukem 	else
    509  1.39     lukem 		r = NS_SUCCESS;
    510  1.39     lukem  cleanup_dns_getpw:
    511  1.39     lukem 	hesiod_end(context);
    512  1.39     lukem 	return (r);
    513  1.32     lukem }
    514  1.32     lukem #endif
    515   1.1       cgd 
    516   1.4   deraadt #ifdef YP
    517  1.32     lukem /*
    518  1.32     lukem  * nis implementation of getpw*()
    519  1.32     lukem  * varargs: type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ]
    520  1.32     lukem  */
    521  1.32     lukem static int	_nis_getpw __P((void *, void *, va_list));
    522  1.14      phil 
    523  1.37  christos /*ARGSUSED*/
    524  1.32     lukem static int
    525  1.32     lukem _nis_getpw(rv, cb_data, ap)
    526  1.32     lukem 	void	*rv;
    527  1.32     lukem 	void	*cb_data;
    528  1.32     lukem 	va_list	 ap;
    529  1.32     lukem {
    530  1.32     lukem 	const char	*name;
    531  1.32     lukem 	uid_t		 uid;
    532  1.32     lukem 	int		 search;
    533  1.32     lukem 	char		*key, *data;
    534  1.32     lukem 	char		*map = PASSWD_BYNAME;
    535  1.32     lukem 	int		 keylen, datalen, r;
    536  1.32     lukem 
    537  1.32     lukem 	if(__ypdomain == NULL) {
    538  1.32     lukem 		if(_yp_check(&__ypdomain) == 0)
    539  1.32     lukem 			return NS_UNAVAIL;
    540  1.32     lukem 	}
    541  1.32     lukem 
    542  1.32     lukem 	search = va_arg(ap, int);
    543  1.32     lukem 	switch (search) {
    544  1.32     lukem 	case _PW_KEYBYNUM:
    545  1.32     lukem 		break;
    546  1.32     lukem 	case _PW_KEYBYNAME:
    547  1.32     lukem 		name = va_arg(ap, const char *);
    548  1.32     lukem 		strncpy(line, name, sizeof(line));
    549  1.32     lukem 		break;
    550  1.32     lukem 	case _PW_KEYBYUID:
    551  1.32     lukem 		uid = va_arg(ap, uid_t);
    552  1.33     lukem 		snprintf(line, sizeof(line), "%u", (unsigned int)uid);
    553  1.32     lukem 		map = PASSWD_BYUID;
    554  1.32     lukem 		break;
    555  1.32     lukem 	default:
    556  1.32     lukem 		abort();
    557  1.32     lukem 	}
    558  1.32     lukem 	line[sizeof(line) - 1] = '\0';
    559  1.32     lukem 	if (search != _PW_KEYBYNUM) {
    560  1.32     lukem 		data = NULL;
    561  1.32     lukem 		r = yp_match(__ypdomain, map, line, (int)strlen(line),
    562  1.32     lukem 				&data, &datalen);
    563  1.32     lukem 		switch (r) {
    564  1.32     lukem 		case 0:
    565  1.32     lukem 			break;
    566  1.32     lukem 		case YPERR_KEY:
    567  1.32     lukem 			r =  NS_NOTFOUND;
    568  1.32     lukem 			break;
    569  1.32     lukem 		default:
    570  1.32     lukem 			r = NS_UNAVAIL;
    571  1.32     lukem 			break;
    572  1.32     lukem 		}
    573  1.32     lukem 		if (r != 0) {
    574  1.32     lukem 			if (data)
    575  1.32     lukem 				free(data);
    576  1.32     lukem 			return r;
    577   1.4   deraadt 		}
    578  1.32     lukem 		data[datalen] = '\0';		/* clear trailing \n */
    579  1.32     lukem 		strncpy(line, data, sizeof(line));
    580  1.32     lukem 		line[sizeof(line) - 1] = '\0';
    581  1.32     lukem 		free(data);
    582  1.32     lukem 		if (__pwparse(&_pw_passwd, line))
    583  1.32     lukem 			return NS_UNAVAIL;
    584  1.32     lukem 		return NS_SUCCESS;
    585  1.32     lukem 	}
    586  1.32     lukem 
    587  1.32     lukem 	for (;;) {
    588  1.32     lukem 		data = key = NULL;
    589  1.32     lukem 		if (__ypcurrent) {
    590  1.32     lukem 			r = yp_next(__ypdomain, map,
    591  1.14      phil 					__ypcurrent, __ypcurrentlen,
    592  1.14      phil 					&key, &keylen, &data, &datalen);
    593  1.32     lukem 			free(__ypcurrent);
    594  1.32     lukem 			switch (r) {
    595  1.32     lukem 			case 0:
    596  1.32     lukem 				__ypcurrent = key;
    597  1.32     lukem 				__ypcurrentlen = keylen;
    598  1.32     lukem 				break;
    599  1.32     lukem 			case YPERR_NOMORE:
    600  1.32     lukem 				__ypcurrent = NULL;
    601  1.32     lukem 				_pw_none = 1;
    602  1.32     lukem 				if (key)
    603  1.32     lukem 					free(key);
    604  1.32     lukem 				return NS_SUCCESS;
    605  1.32     lukem 			default:
    606  1.32     lukem 				r = NS_UNAVAIL;
    607  1.32     lukem 				break;
    608  1.17     lukem 			}
    609  1.32     lukem 		} else {
    610  1.32     lukem 			r = 0;
    611  1.32     lukem 			if (yp_first(__ypdomain, map, &__ypcurrent,
    612  1.32     lukem 					&__ypcurrentlen, &data, &datalen))
    613  1.32     lukem 				r = NS_UNAVAIL;
    614  1.32     lukem 		}
    615  1.32     lukem 		if (r != 0) {
    616  1.32     lukem 			if (key)
    617  1.32     lukem 				free(key);
    618  1.32     lukem 			if (data)
    619  1.32     lukem 				free(data);
    620  1.32     lukem 			return r;
    621  1.32     lukem 		}
    622  1.32     lukem 		data[datalen] = '\0';		/* clear trailing \n */
    623  1.32     lukem 		strncpy(line, data, sizeof(line));
    624  1.32     lukem 		line[sizeof(line) - 1] = '\0';
    625  1.32     lukem 				free(data);
    626  1.32     lukem 		if (! __pwparse(&_pw_passwd, line))
    627  1.32     lukem 			return NS_SUCCESS;
    628  1.32     lukem 	}
    629  1.32     lukem 	/* NOTREACHED */
    630  1.32     lukem } /* _nis_getpw */
    631  1.32     lukem #endif
    632  1.32     lukem 
    633  1.40     lukem #ifdef _PASSWD_COMPAT
    634  1.32     lukem /*
    635  1.32     lukem  * See if the compat token is in the database.  Only works if pwd_mkdb knows
    636  1.32     lukem  * about the token.
    637  1.32     lukem  */
    638  1.32     lukem static int	__has_compatpw __P((void));
    639  1.32     lukem 
    640  1.32     lukem static int
    641  1.32     lukem __has_compatpw()
    642  1.32     lukem {
    643  1.32     lukem 	DBT key, data;
    644  1.32     lukem 	DBT pkey, pdata;
    645  1.35     lukem 	char bf[MAXLOGNAME];
    646  1.32     lukem 
    647  1.37  christos 	/*LINTED*/
    648  1.32     lukem 	key.data = (u_char *)__yp_token;
    649  1.32     lukem 	key.size = strlen(__yp_token);
    650  1.32     lukem 
    651  1.32     lukem 	/* Pre-token database support. */
    652  1.32     lukem 	bf[0] = _PW_KEYBYNAME;
    653  1.35     lukem 	bf[1] = '+';
    654  1.32     lukem 	pkey.data = (u_char *)bf;
    655  1.35     lukem 	pkey.size = 2;
    656  1.32     lukem 
    657  1.32     lukem 	if ((_pw_db->get)(_pw_db, &key, &data, 0)
    658  1.32     lukem 	    && (_pw_db->get)(_pw_db, &pkey, &pdata, 0))
    659  1.32     lukem 		return 0;		/* No compat token */
    660  1.32     lukem 	return 1;
    661  1.32     lukem }
    662  1.32     lukem 
    663  1.32     lukem /*
    664  1.32     lukem  * log an error if "files" or "compat" is specified in passwd_compat database
    665  1.32     lukem  */
    666  1.32     lukem static int	_bad_getpw __P((void *, void *, va_list));
    667  1.32     lukem 
    668  1.37  christos /*ARGSUSED*/
    669  1.32     lukem static int
    670  1.32     lukem _bad_getpw(rv, cb_data, ap)
    671  1.32     lukem 	void	*rv;
    672  1.32     lukem 	void	*cb_data;
    673  1.32     lukem 	va_list	 ap;
    674  1.32     lukem {
    675  1.32     lukem 	static int warned;
    676  1.32     lukem 	if (!warned) {
    677  1.32     lukem 		syslog(LOG_ERR,
    678  1.32     lukem 			"nsswitch.conf passwd_compat database can't use '%s'",
    679  1.32     lukem 			(char *)cb_data);
    680  1.32     lukem 	}
    681  1.32     lukem 	warned = 1;
    682  1.32     lukem 	return NS_UNAVAIL;
    683  1.32     lukem }
    684  1.32     lukem 
    685  1.32     lukem /*
    686  1.32     lukem  * when a name lookup in compat mode is required (e.g., '+name', or a name in
    687  1.32     lukem  * '+@netgroup'), look it up in the 'passwd_compat' nsswitch database.
    688  1.32     lukem  * only Hesiod and NIS is supported - it doesn't make sense to lookup
    689  1.32     lukem  * compat names from 'files' or 'compat'.
    690  1.32     lukem  */
    691  1.32     lukem static int	__getpwcompat __P((int, uid_t, const char *));
    692  1.32     lukem 
    693  1.32     lukem static int
    694  1.32     lukem __getpwcompat(type, uid, name)
    695  1.32     lukem 	int		 type;
    696  1.32     lukem 	uid_t		 uid;
    697  1.32     lukem 	const char	*name;
    698  1.32     lukem {
    699  1.36     lukem 	static const ns_dtab dtab[] = {
    700  1.35     lukem 		NS_FILES_CB(_bad_getpw, "files")
    701  1.35     lukem 		NS_DNS_CB(_dns_getpw, NULL)
    702  1.35     lukem 		NS_NIS_CB(_nis_getpw, NULL)
    703  1.35     lukem 		NS_COMPAT_CB(_bad_getpw, "compat")
    704  1.35     lukem 		{ 0 }
    705  1.32     lukem 	};
    706  1.36     lukem 	static const ns_src defaultnis[] = {
    707  1.36     lukem 		{ NSSRC_NIS, 	NS_SUCCESS },
    708  1.36     lukem 		{ 0 }
    709  1.36     lukem 	};
    710  1.32     lukem 
    711  1.32     lukem 	switch (type) {
    712  1.32     lukem 	case _PW_KEYBYNUM:
    713  1.35     lukem 		return nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "getpwcompat",
    714  1.36     lukem 		    defaultnis, type);
    715  1.32     lukem 	case _PW_KEYBYNAME:
    716  1.35     lukem 		return nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "getpwcompat",
    717  1.36     lukem 		    defaultnis, type, name);
    718  1.32     lukem 	case _PW_KEYBYUID:
    719  1.35     lukem 		return nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "getpwcompat",
    720  1.36     lukem 		    defaultnis, type, uid);
    721  1.32     lukem 	default:
    722  1.32     lukem 		abort();
    723  1.37  christos 		/*NOTREACHED*/
    724  1.32     lukem 	}
    725  1.32     lukem }
    726  1.40     lukem #endif /* _PASSWD_COMPAT */
    727  1.32     lukem 
    728  1.32     lukem /*
    729  1.32     lukem  * compat implementation of getpwent()
    730  1.32     lukem  * varargs (ignored):
    731  1.32     lukem  *	type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ]
    732  1.32     lukem  */
    733  1.32     lukem static int	_compat_getpwent __P((void *, void *, va_list));
    734  1.32     lukem 
    735  1.37  christos /*ARGSUSED*/
    736  1.32     lukem static int
    737  1.32     lukem _compat_getpwent(rv, cb_data, ap)
    738  1.32     lukem 	void	*rv;
    739  1.32     lukem 	void	*cb_data;
    740  1.32     lukem 	va_list	 ap;
    741  1.32     lukem {
    742  1.32     lukem 	DBT		 key;
    743  1.32     lukem 	char		 bf[sizeof(_pw_keynum) + 1];
    744  1.40     lukem #ifdef _PASSWD_COMPAT
    745  1.32     lukem 	static char	*name = NULL;
    746  1.32     lukem 	const char	*user, *host, *dom;
    747  1.32     lukem 	int		 has_compatpw;
    748  1.40     lukem #endif
    749  1.32     lukem 
    750  1.32     lukem 	if (!_pw_db && !__initdb())
    751  1.32     lukem 		return NS_UNAVAIL;
    752  1.32     lukem 
    753  1.40     lukem #ifdef _PASSWD_COMPAT
    754  1.32     lukem 	has_compatpw = __has_compatpw();
    755  1.32     lukem 
    756  1.32     lukem again:
    757  1.32     lukem 	if (has_compatpw && (__pwmode != PWMODE_NONE)) {
    758  1.32     lukem 		int r;
    759  1.32     lukem 
    760  1.32     lukem 		switch (__pwmode) {
    761  1.32     lukem 		case PWMODE_FULL:
    762  1.32     lukem 			r = __getpwcompat(_PW_KEYBYNUM, 0, NULL);
    763  1.32     lukem 			if (r == NS_SUCCESS)
    764  1.32     lukem 				return r;
    765  1.32     lukem 			__pwmode = PWMODE_NONE;
    766  1.14      phil 			break;
    767  1.32     lukem 
    768  1.32     lukem 		case PWMODE_NETGRP:
    769  1.32     lukem 			r = getnetgrent(&host, &user, &dom);
    770  1.32     lukem 			if (r == 0) {	/* end of group */
    771  1.14      phil 				endnetgrent();
    772  1.32     lukem 				__pwmode = PWMODE_NONE;
    773  1.32     lukem 				break;
    774  1.14      phil 			}
    775  1.32     lukem 			if (!user || !*user)
    776  1.32     lukem 				break;
    777  1.32     lukem 			r = __getpwcompat(_PW_KEYBYNAME, 0, user);
    778  1.32     lukem 			if (r == NS_SUCCESS)
    779  1.32     lukem 				return r;
    780  1.14      phil 			break;
    781  1.32     lukem 
    782  1.32     lukem 		case PWMODE_USER:
    783  1.32     lukem 			if (name == NULL) {
    784  1.32     lukem 				__pwmode = PWMODE_NONE;
    785  1.32     lukem 				break;
    786   1.4   deraadt 			}
    787  1.32     lukem 			r = __getpwcompat(_PW_KEYBYNAME, 0, name);
    788  1.32     lukem 			free(name);
    789  1.32     lukem 			name = NULL;
    790  1.32     lukem 			if (r == NS_SUCCESS)
    791  1.32     lukem 				return r;
    792  1.14      phil 			break;
    793  1.32     lukem 
    794  1.32     lukem 		case PWMODE_NONE:
    795  1.32     lukem 			abort();
    796   1.4   deraadt 		}
    797  1.32     lukem 		goto again;
    798   1.4   deraadt 	}
    799  1.40     lukem #endif
    800   1.4   deraadt 
    801   1.1       cgd 	++_pw_keynum;
    802   1.1       cgd 	bf[0] = _PW_KEYBYNUM;
    803  1.37  christos 	memmove(bf + 1, &_pw_keynum, sizeof(_pw_keynum));
    804  1.32     lukem 	key.data = (u_char *)bf;
    805  1.32     lukem 	key.size = sizeof(_pw_keynum) + 1;
    806  1.32     lukem 	if(__hashpw(&key) == NS_SUCCESS) {
    807  1.40     lukem #ifdef _PASSWD_COMPAT
    808  1.14      phil 		/* if we don't have YP at all, don't bother. */
    809  1.32     lukem 		if (has_compatpw) {
    810  1.14      phil 			if(_pw_passwd.pw_name[0] == '+') {
    811  1.14      phil 				/* set the mode */
    812  1.14      phil 				switch(_pw_passwd.pw_name[1]) {
    813  1.14      phil 				case '\0':
    814  1.32     lukem 					__pwmode = PWMODE_FULL;
    815  1.14      phil 					break;
    816  1.14      phil 				case '@':
    817  1.32     lukem 					__pwmode = PWMODE_NETGRP;
    818  1.14      phil 					setnetgrent(_pw_passwd.pw_name + 2);
    819  1.14      phil 					break;
    820  1.14      phil 				default:
    821  1.32     lukem 					__pwmode = PWMODE_USER;
    822  1.14      phil 					name = strdup(_pw_passwd.pw_name + 1);
    823  1.14      phil 					break;
    824  1.14      phil 				}
    825  1.14      phil 
    826  1.14      phil 				/* save the prototype */
    827  1.32     lukem 				__pwproto_set();
    828  1.14      phil 				goto again;
    829  1.14      phil 			} else if(_pw_passwd.pw_name[0] == '-') {
    830  1.14      phil 				/* an attempted exclusion */
    831  1.14      phil 				switch(_pw_passwd.pw_name[1]) {
    832  1.14      phil 				case '\0':
    833  1.14      phil 					break;
    834  1.14      phil 				case '@':
    835  1.14      phil 					setnetgrent(_pw_passwd.pw_name + 2);
    836  1.14      phil 					while(getnetgrent(&host, &user, &dom)) {
    837  1.14      phil 						if(user && *user)
    838  1.32     lukem 							__pwexclude_add(user);
    839  1.14      phil 					}
    840  1.14      phil 					endnetgrent();
    841  1.14      phil 					break;
    842  1.14      phil 				default:
    843  1.32     lukem 					__pwexclude_add(_pw_passwd.pw_name + 1);
    844  1.14      phil 					break;
    845  1.14      phil 				}
    846  1.14      phil 				goto again;
    847  1.14      phil 			}
    848   1.4   deraadt 		}
    849  1.40     lukem #endif
    850  1.32     lukem 		return NS_SUCCESS;
    851   1.4   deraadt 	}
    852  1.32     lukem 	return NS_NOTFOUND;
    853   1.1       cgd }
    854   1.1       cgd 
    855  1.14      phil /*
    856  1.32     lukem  * compat implementation of getpwnam() and getpwuid()
    857  1.32     lukem  * varargs: type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ]
    858  1.14      phil  */
    859  1.32     lukem static int	_compat_getpw __P((void *, void *, va_list));
    860  1.32     lukem 
    861  1.14      phil static int
    862  1.32     lukem _compat_getpw(rv, cb_data, ap)
    863  1.32     lukem 	void	*rv;
    864  1.32     lukem 	void	*cb_data;
    865  1.32     lukem 	va_list	 ap;
    866  1.14      phil {
    867  1.40     lukem #ifdef _PASSWD_COMPAT
    868  1.32     lukem 	DBT		key;
    869  1.34     lukem 	int		search, rval, r, s;
    870  1.32     lukem 	uid_t		uid;
    871  1.32     lukem 	char		bf[MAXLOGNAME + 1];
    872  1.34     lukem 	const char	*name, *host, *user, *dom;
    873  1.40     lukem #endif
    874  1.34     lukem 
    875  1.34     lukem 	if (!_pw_db && !__initdb())
    876  1.34     lukem 		return NS_UNAVAIL;
    877  1.34     lukem 
    878  1.34     lukem 		/*
    879  1.34     lukem 		 * If there isn't a compat token in the database, use files.
    880  1.34     lukem 		 */
    881  1.40     lukem #ifdef _PASSWD_COMPAT
    882  1.34     lukem 	if (! __has_compatpw())
    883  1.40     lukem #endif
    884  1.34     lukem 		return (_local_getpw(rv, cb_data, ap));
    885  1.32     lukem 
    886  1.40     lukem #ifdef _PASSWD_COMPAT
    887  1.32     lukem 	search = va_arg(ap, int);
    888  1.32     lukem 	uid = 0;
    889  1.32     lukem 	name = NULL;
    890  1.32     lukem 	rval = NS_NOTFOUND;
    891  1.32     lukem 	switch (search) {
    892  1.32     lukem 	case _PW_KEYBYNAME:
    893  1.32     lukem 		name = va_arg(ap, const char *);
    894  1.32     lukem 		break;
    895  1.32     lukem 	case _PW_KEYBYUID:
    896  1.32     lukem 		uid = va_arg(ap, uid_t);
    897  1.32     lukem 		break;
    898  1.32     lukem 	default:
    899  1.32     lukem 		abort();
    900  1.32     lukem 	}
    901  1.14      phil 
    902  1.34     lukem 	for(s = -1, _pw_keynum=1; _pw_keynum; _pw_keynum++) {
    903  1.34     lukem 		bf[0] = _PW_KEYBYNUM;
    904  1.37  christos 		memmove(bf + 1, &_pw_keynum, sizeof(_pw_keynum));
    905  1.34     lukem 		key.data = (u_char *)bf;
    906  1.34     lukem 		key.size = sizeof(_pw_keynum) + 1;
    907  1.34     lukem 		if(__hashpw(&key) != NS_SUCCESS)
    908  1.34     lukem 			break;
    909  1.34     lukem 		switch(_pw_passwd.pw_name[0]) {
    910  1.34     lukem 		case '+':
    911  1.34     lukem 			/* save the prototype */
    912  1.34     lukem 			__pwproto_set();
    913  1.34     lukem 
    914  1.34     lukem 			switch(_pw_passwd.pw_name[1]) {
    915  1.34     lukem 			case '\0':
    916  1.34     lukem 				r = __getpwcompat(search, uid, name);
    917  1.34     lukem 				if (r != NS_SUCCESS)
    918  1.34     lukem 					continue;
    919  1.10   deraadt 				break;
    920  1.34     lukem 			case '@':
    921  1.14      phil pwnam_netgrp:
    922  1.34     lukem 				if(__ypcurrent) {
    923  1.34     lukem 					free(__ypcurrent);
    924  1.34     lukem 					__ypcurrent = NULL;
    925  1.34     lukem 				}
    926  1.34     lukem 				if (s == -1)		/* first time */
    927  1.34     lukem 					setnetgrent(_pw_passwd.pw_name + 2);
    928  1.34     lukem 				s = getnetgrent(&host, &user, &dom);
    929  1.34     lukem 				if (s == 0) {		/* end of group */
    930  1.34     lukem 					endnetgrent();
    931  1.34     lukem 					s = -1;
    932  1.34     lukem 					continue;
    933  1.34     lukem 				}
    934  1.34     lukem 				if (!user || !*user)
    935  1.34     lukem 					goto pwnam_netgrp;
    936  1.32     lukem 
    937  1.34     lukem 				r = __getpwcompat(_PW_KEYBYNAME, 0, user);
    938  1.32     lukem 
    939  1.34     lukem 				if (r == NS_UNAVAIL)
    940  1.34     lukem 					return r;
    941  1.34     lukem 				if (r == NS_NOTFOUND) {
    942  1.34     lukem 					/*
    943  1.34     lukem 					 * just because this user is bad
    944  1.34     lukem 					 * it doesn't mean they all are.
    945  1.34     lukem 					 */
    946  1.34     lukem 					goto pwnam_netgrp;
    947   1.4   deraadt 				}
    948  1.34     lukem 				break;
    949  1.34     lukem 			default:
    950  1.34     lukem 				user = _pw_passwd.pw_name + 1;
    951  1.34     lukem 				r = __getpwcompat(_PW_KEYBYNAME, 0, user);
    952  1.34     lukem 
    953  1.34     lukem 				if (r == NS_UNAVAIL)
    954  1.34     lukem 					return r;
    955  1.34     lukem 				if (r == NS_NOTFOUND)
    956  1.10   deraadt 					continue;
    957  1.14      phil 				break;
    958  1.34     lukem 			}
    959  1.34     lukem 			if(__pwexclude_is(_pw_passwd.pw_name)) {
    960  1.34     lukem 				if(s == 1)		/* inside netgroup */
    961  1.34     lukem 					goto pwnam_netgrp;
    962  1.34     lukem 				continue;
    963  1.34     lukem 			}
    964  1.34     lukem 			break;
    965  1.34     lukem 		case '-':
    966  1.34     lukem 			/* attempted exclusion */
    967  1.34     lukem 			switch(_pw_passwd.pw_name[1]) {
    968  1.34     lukem 			case '\0':
    969  1.34     lukem 				break;
    970  1.34     lukem 			case '@':
    971  1.34     lukem 				setnetgrent(_pw_passwd.pw_name + 2);
    972  1.34     lukem 				while(getnetgrent(&host, &user, &dom)) {
    973  1.34     lukem 					if(user && *user)
    974  1.34     lukem 						__pwexclude_add(user);
    975  1.14      phil 				}
    976  1.34     lukem 				endnetgrent();
    977  1.14      phil 				break;
    978  1.34     lukem 			default:
    979  1.34     lukem 				__pwexclude_add(_pw_passwd.pw_name + 1);
    980  1.32     lukem 				break;
    981   1.4   deraadt 			}
    982  1.34     lukem 			break;
    983  1.34     lukem 		}
    984  1.34     lukem 		if ((search == _PW_KEYBYNAME &&
    985  1.34     lukem 			    strcmp(_pw_passwd.pw_name, name) == 0)
    986  1.34     lukem 		 || (search == _PW_KEYBYUID && _pw_passwd.pw_uid == uid)) {
    987  1.34     lukem 			rval = NS_SUCCESS;
    988  1.34     lukem 			break;
    989   1.4   deraadt 		}
    990  1.34     lukem 		if(s == 1)				/* inside netgroup */
    991  1.34     lukem 			goto pwnam_netgrp;
    992  1.34     lukem 		continue;
    993   1.4   deraadt 	}
    994  1.34     lukem 	__pwproto = (struct passwd *)NULL;
    995   1.1       cgd 
    996   1.1       cgd 	if (!_pw_stayopen) {
    997   1.1       cgd 		(void)(_pw_db->close)(_pw_db);
    998   1.1       cgd 		_pw_db = (DB *)NULL;
    999   1.1       cgd 	}
   1000  1.32     lukem 	if(__pwexclude != (DB *)NULL) {
   1001  1.32     lukem 		(void)(__pwexclude->close)(__pwexclude);
   1002  1.32     lukem 			__pwexclude = (DB *)NULL;
   1003  1.32     lukem 	}
   1004  1.32     lukem 	return rval;
   1005  1.40     lukem #endif /* _PASSWD_COMPAT */
   1006   1.1       cgd }
   1007   1.1       cgd 
   1008   1.1       cgd struct passwd *
   1009  1.32     lukem getpwent()
   1010   1.1       cgd {
   1011  1.32     lukem 	int		r;
   1012  1.36     lukem 	static const ns_dtab dtab[] = {
   1013  1.35     lukem 		NS_FILES_CB(_local_getpw, NULL)
   1014  1.35     lukem 		NS_DNS_CB(_dns_getpw, NULL)
   1015  1.35     lukem 		NS_NIS_CB(_nis_getpw, NULL)
   1016  1.35     lukem 		NS_COMPAT_CB(_compat_getpwent, NULL)
   1017  1.35     lukem 		{ 0 }
   1018  1.32     lukem 	};
   1019  1.32     lukem 
   1020  1.32     lukem 	_pw_none = 0;
   1021  1.36     lukem 	r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwent", compatsrc,
   1022  1.35     lukem 	    _PW_KEYBYNUM);
   1023  1.32     lukem 	if (_pw_none || r != NS_SUCCESS)
   1024  1.32     lukem 		return (struct passwd *)NULL;
   1025  1.32     lukem 	return &_pw_passwd;
   1026  1.32     lukem }
   1027  1.10   deraadt 
   1028  1.32     lukem struct passwd *
   1029  1.32     lukem getpwnam(name)
   1030  1.32     lukem 	const char *name;
   1031  1.32     lukem {
   1032  1.32     lukem 	int		r;
   1033  1.36     lukem 	static const ns_dtab dtab[] = {
   1034  1.35     lukem 		NS_FILES_CB(_local_getpw, NULL)
   1035  1.35     lukem 		NS_DNS_CB(_dns_getpw, NULL)
   1036  1.35     lukem 		NS_NIS_CB(_nis_getpw, NULL)
   1037  1.35     lukem 		NS_COMPAT_CB(_compat_getpw, NULL)
   1038  1.35     lukem 		{ 0 }
   1039  1.32     lukem 	};
   1040   1.4   deraadt 
   1041  1.32     lukem 	if (name == NULL || name[0] == '\0')
   1042  1.32     lukem 		return (struct passwd *)NULL;
   1043   1.4   deraadt 
   1044  1.36     lukem 	r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwnam", compatsrc,
   1045  1.35     lukem 	    _PW_KEYBYNAME, name);
   1046  1.32     lukem 	return (r == NS_SUCCESS ? &_pw_passwd : (struct passwd *)NULL);
   1047  1.32     lukem }
   1048  1.14      phil 
   1049  1.32     lukem struct passwd *
   1050  1.32     lukem getpwuid(uid)
   1051  1.32     lukem 	uid_t uid;
   1052  1.32     lukem {
   1053  1.32     lukem 	int		r;
   1054  1.36     lukem 	static const ns_dtab dtab[] = {
   1055  1.35     lukem 		NS_FILES_CB(_local_getpw, NULL)
   1056  1.35     lukem 		NS_DNS_CB(_dns_getpw, NULL)
   1057  1.35     lukem 		NS_NIS_CB(_nis_getpw, NULL)
   1058  1.35     lukem 		NS_COMPAT_CB(_compat_getpw, NULL)
   1059  1.35     lukem 		{ 0 }
   1060  1.32     lukem 	};
   1061   1.1       cgd 
   1062  1.36     lukem 	r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwuid", compatsrc,
   1063  1.35     lukem 	    _PW_KEYBYUID, uid);
   1064  1.32     lukem 	return (r == NS_SUCCESS ? &_pw_passwd : (struct passwd *)NULL);
   1065   1.1       cgd }
   1066   1.1       cgd 
   1067   1.1       cgd int
   1068   1.1       cgd setpassent(stayopen)
   1069   1.1       cgd 	int stayopen;
   1070   1.1       cgd {
   1071   1.1       cgd 	_pw_keynum = 0;
   1072   1.1       cgd 	_pw_stayopen = stayopen;
   1073   1.9       jtc #ifdef YP
   1074  1.32     lukem 	__pwmode = PWMODE_NONE;
   1075   1.9       jtc 	if(__ypcurrent)
   1076   1.9       jtc 		free(__ypcurrent);
   1077   1.9       jtc 	__ypcurrent = NULL;
   1078  1.32     lukem #endif
   1079  1.32     lukem #ifdef HESIOD
   1080  1.32     lukem 	_pw_hesnum = 0;
   1081  1.32     lukem #endif
   1082  1.40     lukem #ifdef _PASSWD_COMPAT
   1083  1.32     lukem 	if(__pwexclude != (DB *)NULL) {
   1084  1.32     lukem 		(void)(__pwexclude->close)(__pwexclude);
   1085  1.32     lukem 		__pwexclude = (DB *)NULL;
   1086  1.14      phil 	}
   1087  1.32     lukem 	__pwproto = (struct passwd *)NULL;
   1088   1.9       jtc #endif
   1089  1.32     lukem 	return 1;
   1090   1.1       cgd }
   1091   1.1       cgd 
   1092   1.8       jtc void
   1093   1.1       cgd setpwent()
   1094   1.1       cgd {
   1095   1.9       jtc 	(void) setpassent(0);
   1096   1.1       cgd }
   1097   1.1       cgd 
   1098   1.1       cgd void
   1099   1.1       cgd endpwent()
   1100   1.1       cgd {
   1101   1.1       cgd 	_pw_keynum = 0;
   1102   1.1       cgd 	if (_pw_db) {
   1103   1.1       cgd 		(void)(_pw_db->close)(_pw_db);
   1104   1.1       cgd 		_pw_db = (DB *)NULL;
   1105   1.1       cgd 	}
   1106  1.40     lukem #ifdef _PASSWD_COMPAT
   1107  1.32     lukem 	__pwmode = PWMODE_NONE;
   1108  1.32     lukem #endif
   1109   1.4   deraadt #ifdef YP
   1110   1.4   deraadt 	if(__ypcurrent)
   1111   1.4   deraadt 		free(__ypcurrent);
   1112   1.4   deraadt 	__ypcurrent = NULL;
   1113  1.32     lukem #endif
   1114  1.32     lukem #ifdef HESIOD
   1115  1.32     lukem 	_pw_hesnum = 0;
   1116  1.32     lukem #endif
   1117  1.40     lukem #ifdef _PASSWD_COMPAT
   1118  1.32     lukem 	if(__pwexclude != (DB *)NULL) {
   1119  1.32     lukem 		(void)(__pwexclude->close)(__pwexclude);
   1120  1.32     lukem 		__pwexclude = (DB *)NULL;
   1121  1.14      phil 	}
   1122  1.32     lukem 	__pwproto = (struct passwd *)NULL;
   1123   1.4   deraadt #endif
   1124   1.1       cgd }
   1125   1.1       cgd 
   1126   1.4   deraadt static int
   1127   1.1       cgd __initdb()
   1128   1.1       cgd {
   1129   1.1       cgd 	static int warned;
   1130   1.1       cgd 	char *p;
   1131   1.1       cgd 
   1132  1.40     lukem #ifdef _PASSWD_COMPAT
   1133  1.32     lukem 	__pwmode = PWMODE_NONE;
   1134  1.14      phil #endif
   1135  1.25       mrg 	if (geteuid() == 0) {
   1136  1.25       mrg 		_pw_db = dbopen((p = _PATH_SMP_DB), O_RDONLY, 0, DB_HASH, NULL);
   1137  1.25       mrg 		if (_pw_db)
   1138  1.25       mrg 			return(1);
   1139  1.25       mrg 	}
   1140  1.25       mrg 	_pw_db = dbopen((p = _PATH_MP_DB), O_RDONLY, 0, DB_HASH, NULL);
   1141   1.1       cgd 	if (_pw_db)
   1142  1.32     lukem 		return 1;
   1143   1.1       cgd 	if (!warned)
   1144   1.1       cgd 		syslog(LOG_ERR, "%s: %m", p);
   1145  1.11   deraadt 	warned = 1;
   1146  1.32     lukem 	return 0;
   1147   1.1       cgd }
   1148   1.1       cgd 
   1149   1.4   deraadt static int
   1150   1.1       cgd __hashpw(key)
   1151   1.1       cgd 	DBT *key;
   1152   1.1       cgd {
   1153  1.17     lukem 	char *p, *t;
   1154   1.1       cgd 	static u_int max;
   1155  1.30  christos 	static char *buf;
   1156   1.1       cgd 	DBT data;
   1157   1.1       cgd 
   1158  1.32     lukem 	switch ((_pw_db->get)(_pw_db, key, &data, 0)) {
   1159  1.32     lukem 	case 0:
   1160  1.32     lukem 		break;			/* found */
   1161  1.32     lukem 	case 1:
   1162  1.32     lukem 		return NS_NOTFOUND;
   1163  1.32     lukem 	case -1:
   1164  1.32     lukem 		return NS_UNAVAIL;	/* error in db routines */
   1165  1.32     lukem 	default:
   1166  1.32     lukem 		abort();
   1167  1.32     lukem 	}
   1168  1.32     lukem 
   1169   1.1       cgd 	p = (char *)data.data;
   1170  1.30  christos 	if (data.size > max && !(buf = realloc(buf, (max += 1024))))
   1171  1.32     lukem 		return NS_UNAVAIL;
   1172   1.1       cgd 
   1173  1.24     perry 	/* THIS CODE MUST MATCH THAT IN pwd_mkdb. */
   1174  1.30  christos 	t = buf;
   1175  1.14      phil #define	EXPAND(e)	e = t; while ((*t++ = *p++));
   1176  1.24     perry #define	SCALAR(v)	memmove(&(v), p, sizeof v); p += sizeof v
   1177   1.1       cgd 	EXPAND(_pw_passwd.pw_name);
   1178   1.1       cgd 	EXPAND(_pw_passwd.pw_passwd);
   1179  1.24     perry 	SCALAR(_pw_passwd.pw_uid);
   1180  1.24     perry 	SCALAR(_pw_passwd.pw_gid);
   1181  1.24     perry 	SCALAR(_pw_passwd.pw_change);
   1182   1.1       cgd 	EXPAND(_pw_passwd.pw_class);
   1183   1.1       cgd 	EXPAND(_pw_passwd.pw_gecos);
   1184   1.1       cgd 	EXPAND(_pw_passwd.pw_dir);
   1185   1.1       cgd 	EXPAND(_pw_passwd.pw_shell);
   1186  1.24     perry 	SCALAR(_pw_passwd.pw_expire);
   1187  1.14      phil 
   1188  1.14      phil 	/* See if there's any data left.  If so, read in flags. */
   1189  1.14      phil 	if (data.size > (p - (char *)data.data)) {
   1190  1.24     perry 		SCALAR(_pw_flags);
   1191  1.14      phil 	} else
   1192  1.14      phil 		_pw_flags = _PASSWORD_NOUID|_PASSWORD_NOGID;	/* default */
   1193  1.14      phil 
   1194  1.32     lukem 	return NS_SUCCESS;
   1195   1.1       cgd }
   1196