getpwent.c revision 1.55
1 /* $NetBSD: getpwent.c,v 1.55 2003/10/13 15:36:33 agc Exp $ */ 2 3 /* 4 * Copyright (c) 1988, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the University nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /* 33 * Portions Copyright (c) 1994, 1995, Jason Downs. All rights reserved. 34 * 35 * Redistribution and use in source and binary forms, with or without 36 * modification, are permitted provided that the following conditions 37 * are met: 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 44 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 45 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 46 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 47 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 48 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 49 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 50 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 51 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 52 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 53 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 54 * SUCH DAMAGE. 55 */ 56 57 #include <sys/cdefs.h> 58 #if defined(LIBC_SCCS) && !defined(lint) 59 #if 0 60 static char sccsid[] = "@(#)getpwent.c 8.2 (Berkeley) 4/27/95"; 61 #else 62 __RCSID("$NetBSD: getpwent.c,v 1.55 2003/10/13 15:36:33 agc Exp $"); 63 #endif 64 #endif /* LIBC_SCCS and not lint */ 65 66 #include "namespace.h" 67 #include <sys/param.h> 68 69 #include <assert.h> 70 #include <db.h> 71 #include <errno.h> 72 #include <fcntl.h> 73 #include <limits.h> 74 #include <netgroup.h> 75 #include <nsswitch.h> 76 #include <pwd.h> 77 #include <stdarg.h> 78 #include <stdlib.h> 79 #include <string.h> 80 #include <syslog.h> 81 #include <unistd.h> 82 #include <utmp.h> 83 84 #ifdef HESIOD 85 #include <hesiod.h> 86 #endif 87 #ifdef YP 88 #include <machine/param.h> 89 #include <stdio.h> 90 #include <rpc/rpc.h> 91 #include <rpcsvc/yp_prot.h> 92 #include <rpcsvc/ypclnt.h> 93 #endif 94 95 #include "pw_private.h" 96 97 #if defined(YP) || defined(HESIOD) 98 #define _PASSWD_COMPAT 99 #endif 100 101 #ifdef __weak_alias 102 __weak_alias(endpwent,_endpwent) 103 __weak_alias(getpwent,_getpwent) 104 __weak_alias(getpwnam,_getpwnam) 105 __weak_alias(getpwuid,_getpwuid) 106 __weak_alias(setpassent,_setpassent) 107 __weak_alias(setpwent,_setpwent) 108 #endif 109 110 111 /* 112 * The lookup techniques and data extraction code here must be kept 113 * in sync with that in `pwd_mkdb'. 114 */ 115 116 static struct passwd _pw_passwd; /* password structure */ 117 static DB *_pw_db; /* password database */ 118 static int _pw_keynum; /* key counter. no more records if -1 */ 119 static int _pw_stayopen; /* keep fd's open */ 120 static int _pw_flags; /* password flags */ 121 122 static int __hashpw __P((DBT *)); 123 static int __initdb __P((void)); 124 125 const char __yp_token[] = "__YP!"; /* Let pwd_mkdb pull this in. */ 126 static const ns_src compatsrc[] = { 127 { NSSRC_COMPAT, NS_SUCCESS }, 128 { 0 } 129 }; 130 131 #ifdef YP 132 static char *__ypcurrent, *__ypdomain; 133 static int __ypcurrentlen; 134 static int _pw_ypdone; /* non-zero if no more yp records */ 135 #endif 136 137 #ifdef HESIOD 138 static int _pw_hesnum; /* hes counter. no more records if -1 */ 139 #endif 140 141 #ifdef _PASSWD_COMPAT 142 enum _pwmode { PWMODE_NONE, PWMODE_FULL, PWMODE_USER, PWMODE_NETGRP }; 143 static enum _pwmode __pwmode; 144 145 enum _ypmap { YPMAP_NONE, YPMAP_ADJUNCT, YPMAP_MASTER }; 146 147 static struct passwd *__pwproto = (struct passwd *)NULL; 148 static int __pwproto_flags; 149 static char line[1024]; 150 static long prbuf[1024 / sizeof(long)]; 151 static DB *__pwexclude = (DB *)NULL; 152 153 static int __pwexclude_add __P((const char *)); 154 static int __pwexclude_is __P((const char *)); 155 static void __pwproto_set __P((void)); 156 static int __ypmaptype __P((void)); 157 static int __pwparse __P((struct passwd *, char *)); 158 159 /* macros for deciding which YP maps to use. */ 160 #define PASSWD_BYNAME (__ypmaptype() == YPMAP_MASTER \ 161 ? "master.passwd.byname" : "passwd.byname") 162 #define PASSWD_BYUID (__ypmaptype() == YPMAP_MASTER \ 163 ? "master.passwd.byuid" : "passwd.byuid") 164 165 /* 166 * add a name to the compat mode exclude list 167 */ 168 static int 169 __pwexclude_add(name) 170 const char *name; 171 { 172 DBT key; 173 DBT data; 174 175 _DIAGASSERT(name != NULL); 176 177 /* initialize the exclusion table if needed. */ 178 if(__pwexclude == (DB *)NULL) { 179 __pwexclude = dbopen(NULL, O_RDWR, 600, DB_HASH, NULL); 180 if(__pwexclude == (DB *)NULL) 181 return 1; 182 } 183 184 /* set up the key */ 185 key.size = strlen(name); 186 /* LINTED key does not get modified */ 187 key.data = (char *)name; 188 189 /* data is nothing. */ 190 data.data = NULL; 191 data.size = 0; 192 193 /* store it */ 194 if((__pwexclude->put)(__pwexclude, &key, &data, 0) == -1) 195 return 1; 196 197 return 0; 198 } 199 200 /* 201 * test if a name is on the compat mode exclude list 202 */ 203 static int 204 __pwexclude_is(name) 205 const char *name; 206 { 207 DBT key; 208 DBT data; 209 210 _DIAGASSERT(name != NULL); 211 212 if(__pwexclude == (DB *)NULL) 213 return 0; /* nothing excluded */ 214 215 /* set up the key */ 216 key.size = strlen(name); 217 /* LINTED key does not get modified */ 218 key.data = (char *)name; 219 220 if((__pwexclude->get)(__pwexclude, &key, &data, 0) == 0) 221 return 1; /* excluded */ 222 223 return 0; 224 } 225 226 /* 227 * setup the compat mode prototype template 228 */ 229 static void 230 __pwproto_set() 231 { 232 char *ptr; 233 struct passwd *pw = &_pw_passwd; 234 235 /* make this the new prototype */ 236 ptr = (char *)(void *)prbuf; 237 238 /* first allocate the struct. */ 239 __pwproto = (struct passwd *)(void *)ptr; 240 ptr += sizeof(struct passwd); 241 242 /* name */ 243 if(pw->pw_name && (pw->pw_name)[0]) { 244 ptr = (char *)ALIGN((u_long)ptr); 245 memmove(ptr, pw->pw_name, strlen(pw->pw_name) + 1); 246 __pwproto->pw_name = ptr; 247 ptr += (strlen(pw->pw_name) + 1); 248 } else 249 __pwproto->pw_name = (char *)NULL; 250 251 /* password */ 252 if(pw->pw_passwd && (pw->pw_passwd)[0]) { 253 ptr = (char *)ALIGN((u_long)ptr); 254 memmove(ptr, pw->pw_passwd, strlen(pw->pw_passwd) + 1); 255 __pwproto->pw_passwd = ptr; 256 ptr += (strlen(pw->pw_passwd) + 1); 257 } else 258 __pwproto->pw_passwd = (char *)NULL; 259 260 /* uid */ 261 __pwproto->pw_uid = pw->pw_uid; 262 263 /* gid */ 264 __pwproto->pw_gid = pw->pw_gid; 265 266 /* change (ignored anyway) */ 267 __pwproto->pw_change = pw->pw_change; 268 269 /* class (ignored anyway) */ 270 __pwproto->pw_class = ""; 271 272 /* gecos */ 273 if(pw->pw_gecos && (pw->pw_gecos)[0]) { 274 ptr = (char *)ALIGN((u_long)ptr); 275 memmove(ptr, pw->pw_gecos, strlen(pw->pw_gecos) + 1); 276 __pwproto->pw_gecos = ptr; 277 ptr += (strlen(pw->pw_gecos) + 1); 278 } else 279 __pwproto->pw_gecos = (char *)NULL; 280 281 /* dir */ 282 if(pw->pw_dir && (pw->pw_dir)[0]) { 283 ptr = (char *)ALIGN((u_long)ptr); 284 memmove(ptr, pw->pw_dir, strlen(pw->pw_dir) + 1); 285 __pwproto->pw_dir = ptr; 286 ptr += (strlen(pw->pw_dir) + 1); 287 } else 288 __pwproto->pw_dir = (char *)NULL; 289 290 /* shell */ 291 if(pw->pw_shell && (pw->pw_shell)[0]) { 292 ptr = (char *)ALIGN((u_long)ptr); 293 memmove(ptr, pw->pw_shell, strlen(pw->pw_shell) + 1); 294 __pwproto->pw_shell = ptr; 295 ptr += (strlen(pw->pw_shell) + 1); 296 } else 297 __pwproto->pw_shell = (char *)NULL; 298 299 /* expire (ignored anyway) */ 300 __pwproto->pw_expire = pw->pw_expire; 301 302 /* flags */ 303 __pwproto_flags = _pw_flags; 304 } 305 306 static int 307 __ypmaptype() 308 { 309 static int maptype = -1; 310 int order, r; 311 312 if (maptype != -1) 313 return (maptype); 314 315 maptype = YPMAP_NONE; 316 if (geteuid() != 0) 317 return (maptype); 318 319 if (!__ypdomain) { 320 if( _yp_check(&__ypdomain) == 0) 321 return (maptype); 322 } 323 324 r = yp_order(__ypdomain, "master.passwd.byname", &order); 325 if (r == 0) { 326 maptype = YPMAP_MASTER; 327 return (maptype); 328 } 329 330 /* 331 * NIS+ in YP compat mode doesn't support 332 * YPPROC_ORDER -- no point in continuing. 333 */ 334 if (r == YPERR_YPERR) 335 return (maptype); 336 337 /* master.passwd doesn't exist -- try passwd.adjunct */ 338 if (r == YPERR_MAP) { 339 r = yp_order(__ypdomain, "passwd.adjunct.byname", &order); 340 if (r == 0) 341 maptype = YPMAP_ADJUNCT; 342 return (maptype); 343 } 344 345 return (maptype); 346 } 347 348 /* 349 * parse a passwd file line (from NIS or HESIOD). 350 * assumed to be `old-style' if maptype != YPMAP_MASTER. 351 */ 352 static int 353 __pwparse(pw, s) 354 struct passwd *pw; 355 char *s; 356 { 357 static char adjunctpw[YPMAXRECORD + 2]; 358 int flags, maptype; 359 360 _DIAGASSERT(pw != NULL); 361 _DIAGASSERT(s != NULL); 362 363 maptype = __ypmaptype(); 364 flags = _PASSWORD_NOWARN; 365 if (maptype != YPMAP_MASTER) 366 flags |= _PASSWORD_OLDFMT; 367 if (! __pw_scan(s, pw, &flags)) 368 return 1; 369 370 /* now let the prototype override, if set. */ 371 if(__pwproto != (struct passwd *)NULL) { 372 #ifdef PW_OVERRIDE_PASSWD 373 if(__pwproto->pw_passwd != (char *)NULL) 374 pw->pw_passwd = __pwproto->pw_passwd; 375 #endif 376 if(!(__pwproto_flags & _PASSWORD_NOUID)) 377 pw->pw_uid = __pwproto->pw_uid; 378 if(!(__pwproto_flags & _PASSWORD_NOGID)) 379 pw->pw_gid = __pwproto->pw_gid; 380 if(__pwproto->pw_gecos != (char *)NULL) 381 pw->pw_gecos = __pwproto->pw_gecos; 382 if(__pwproto->pw_dir != (char *)NULL) 383 pw->pw_dir = __pwproto->pw_dir; 384 if(__pwproto->pw_shell != (char *)NULL) 385 pw->pw_shell = __pwproto->pw_shell; 386 } 387 if ((maptype == YPMAP_ADJUNCT) && 388 (strstr(pw->pw_passwd, "##") != NULL)) { 389 char *data, *bp; 390 int datalen; 391 392 if (yp_match(__ypdomain, "passwd.adjunct.byname", pw->pw_name, 393 (int)strlen(pw->pw_name), &data, &datalen) == 0) { 394 strlcpy(adjunctpw, data, MIN((size_t)datalen, 395 sizeof(adjunctpw))); 396 397 /* skip name to get password */ 398 if ((bp = strsep(&data, ":")) != NULL && 399 (bp = strsep(&data, ":")) != NULL) 400 pw->pw_passwd = bp; 401 } 402 } 403 return 0; 404 } 405 #endif /* _PASSWD_COMPAT */ 406 407 /* 408 * local files implementation of getpw*() 409 * varargs: type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ] 410 */ 411 static int _local_getpw __P((void *, void *, va_list)); 412 413 /*ARGSUSED*/ 414 static int 415 _local_getpw(rv, cb_data, ap) 416 void *rv; 417 void *cb_data; 418 va_list ap; 419 { 420 DBT key; 421 char bf[/*CONSTCOND*/ MAX(MAXLOGNAME, sizeof(_pw_keynum)) + 1]; 422 uid_t uid; 423 size_t len; 424 int search, rval; 425 const char *name; 426 427 if (!_pw_db && !__initdb()) 428 return NS_UNAVAIL; 429 430 search = va_arg(ap, int); 431 bf[0] = search; 432 switch (search) { 433 case _PW_KEYBYNUM: 434 if (_pw_keynum == -1) 435 return NS_NOTFOUND; /* no more local records */ 436 ++_pw_keynum; 437 memmove(bf + 1, &_pw_keynum, sizeof(_pw_keynum)); 438 key.size = sizeof(_pw_keynum) + 1; 439 break; 440 case _PW_KEYBYNAME: 441 name = va_arg(ap, const char *); 442 len = strlen(name); 443 if (len > MAXLOGNAME) 444 return NS_NOTFOUND; 445 memmove(bf + 1, name, len); 446 key.size = len + 1; 447 break; 448 case _PW_KEYBYUID: 449 uid = va_arg(ap, uid_t); 450 memmove(bf + 1, &uid, sizeof(uid)); 451 key.size = sizeof(uid) + 1; 452 break; 453 default: 454 abort(); 455 } 456 457 key.data = (u_char *)bf; 458 rval = __hashpw(&key); 459 if (rval == NS_NOTFOUND && search == _PW_KEYBYNUM) 460 _pw_keynum = -1; /* flag `no more local records' */ 461 462 if (!_pw_stayopen && (search != _PW_KEYBYNUM)) { 463 (void)(_pw_db->close)(_pw_db); 464 _pw_db = (DB *)NULL; 465 } 466 return (rval); 467 } 468 469 #ifdef HESIOD 470 /* 471 * hesiod implementation of getpw*() 472 * varargs: type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ] 473 */ 474 static int _dns_getpw __P((void *, void *, va_list)); 475 476 /*ARGSUSED*/ 477 static int 478 _dns_getpw(rv, cb_data, ap) 479 void *rv; 480 void *cb_data; 481 va_list ap; 482 { 483 const char *name; 484 uid_t uid; 485 int search; 486 487 const char *map; 488 char **hp; 489 void *context; 490 int r; 491 492 search = va_arg(ap, int); 493 nextdnsbynum: 494 switch (search) { 495 case _PW_KEYBYNUM: 496 if (_pw_hesnum == -1) 497 return NS_NOTFOUND; /* no more hesiod records */ 498 snprintf(line, sizeof(line) - 1, "passwd-%u", _pw_hesnum); 499 _pw_hesnum++; 500 map = "passwd"; 501 break; 502 case _PW_KEYBYNAME: 503 name = va_arg(ap, const char *); 504 strlcpy(line, name, sizeof(line)); 505 map = "passwd"; 506 break; 507 case _PW_KEYBYUID: 508 uid = va_arg(ap, uid_t); 509 snprintf(line, sizeof(line), "%u", (unsigned int)uid); 510 map = "uid"; /* XXX this is `passwd' on ultrix */ 511 break; 512 default: 513 abort(); 514 } 515 516 r = NS_UNAVAIL; 517 if (hesiod_init(&context) == -1) 518 return (r); 519 520 hp = hesiod_resolve(context, line, map); 521 if (hp == NULL) { 522 if (errno == ENOENT) { 523 /* flag `no more hesiod records' */ 524 if (search == _PW_KEYBYNUM) 525 _pw_hesnum = -1; 526 r = NS_NOTFOUND; 527 } 528 goto cleanup_dns_getpw; 529 } 530 531 strlcpy(line, hp[0], sizeof(line)); /* only check first elem */ 532 hesiod_free_list(context, hp); 533 if (__pwparse(&_pw_passwd, line)) { 534 if (search == _PW_KEYBYNUM) 535 goto nextdnsbynum; /* skip dogdy entries */ 536 r = NS_UNAVAIL; 537 } else 538 r = NS_SUCCESS; 539 cleanup_dns_getpw: 540 hesiod_end(context); 541 return (r); 542 } 543 #endif 544 545 #ifdef YP 546 /* 547 * nis implementation of getpw*() 548 * varargs: type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ] 549 */ 550 static int _nis_getpw __P((void *, void *, va_list)); 551 552 /*ARGSUSED*/ 553 static int 554 _nis_getpw(rv, cb_data, ap) 555 void *rv; 556 void *cb_data; 557 va_list ap; 558 { 559 const char *name; 560 uid_t uid; 561 int search; 562 char *key, *data; 563 const char *map; 564 int keylen, datalen, r, rval; 565 566 if(__ypdomain == NULL) { 567 if(_yp_check(&__ypdomain) == 0) 568 return NS_UNAVAIL; 569 } 570 571 map = PASSWD_BYNAME; 572 search = va_arg(ap, int); 573 switch (search) { 574 case _PW_KEYBYNUM: 575 break; 576 case _PW_KEYBYNAME: 577 name = va_arg(ap, const char *); 578 strlcpy(line, name, sizeof(line)); 579 break; 580 case _PW_KEYBYUID: 581 uid = va_arg(ap, uid_t); 582 snprintf(line, sizeof(line), "%u", (unsigned int)uid); 583 map = PASSWD_BYUID; 584 break; 585 default: 586 abort(); 587 } 588 rval = NS_UNAVAIL; 589 if (search != _PW_KEYBYNUM) { 590 data = NULL; 591 r = yp_match(__ypdomain, map, line, (int)strlen(line), 592 &data, &datalen); 593 if (r == YPERR_KEY) 594 rval = NS_NOTFOUND; 595 if (r != 0) { 596 if (data) 597 free(data); 598 return (rval); 599 } 600 data[datalen] = '\0'; /* clear trailing \n */ 601 strlcpy(line, data, sizeof(line)); 602 free(data); 603 if (__pwparse(&_pw_passwd, line)) 604 return NS_UNAVAIL; 605 return NS_SUCCESS; 606 } 607 608 if (_pw_ypdone) 609 return NS_NOTFOUND; 610 for (;;) { 611 data = key = NULL; 612 if (__ypcurrent) { 613 r = yp_next(__ypdomain, map, 614 __ypcurrent, __ypcurrentlen, 615 &key, &keylen, &data, &datalen); 616 free(__ypcurrent); 617 switch (r) { 618 case 0: 619 __ypcurrent = key; 620 __ypcurrentlen = keylen; 621 break; 622 case YPERR_NOMORE: 623 __ypcurrent = NULL; 624 /* flag `no more yp records' */ 625 _pw_ypdone = 1; 626 rval = NS_NOTFOUND; 627 } 628 } else { 629 r = yp_first(__ypdomain, map, &__ypcurrent, 630 &__ypcurrentlen, &data, &datalen); 631 } 632 if (r != 0) { 633 if (key) 634 free(key); 635 if (data) 636 free(data); 637 return (rval); 638 } 639 data[datalen] = '\0'; /* clear trailing \n */ 640 strlcpy(line, data, sizeof(line)); 641 free(data); 642 if (! __pwparse(&_pw_passwd, line)) 643 return NS_SUCCESS; 644 } 645 /* NOTREACHED */ 646 } /* _nis_getpw */ 647 #endif 648 649 #ifdef _PASSWD_COMPAT 650 /* 651 * See if the compat token is in the database. Only works if pwd_mkdb knows 652 * about the token. 653 */ 654 static int __has_compatpw __P((void)); 655 656 static int 657 __has_compatpw() 658 { 659 DBT key, data; 660 DBT pkey, pdata; 661 char bf[MAXLOGNAME]; 662 663 /*LINTED*/ 664 key.data = (u_char *)__yp_token; 665 key.size = strlen(__yp_token); 666 667 /* Pre-token database support. */ 668 bf[0] = _PW_KEYBYNAME; 669 bf[1] = '+'; 670 pkey.data = (u_char *)bf; 671 pkey.size = 2; 672 673 if ((_pw_db->get)(_pw_db, &key, &data, 0) 674 && (_pw_db->get)(_pw_db, &pkey, &pdata, 0)) 675 return 0; /* No compat token */ 676 return 1; 677 } 678 679 /* 680 * log an error if "files" or "compat" is specified in passwd_compat database 681 */ 682 static int _bad_getpw __P((void *, void *, va_list)); 683 684 /*ARGSUSED*/ 685 static int 686 _bad_getpw(rv, cb_data, ap) 687 void *rv; 688 void *cb_data; 689 va_list ap; 690 { 691 static int warned; 692 693 _DIAGASSERT(cb_data != NULL); 694 695 if (!warned) { 696 syslog(LOG_ERR, 697 "nsswitch.conf passwd_compat database can't use '%s'", 698 (char *)cb_data); 699 } 700 warned = 1; 701 return NS_UNAVAIL; 702 } 703 704 /* 705 * when a name lookup in compat mode is required (e.g., '+name', or a name in 706 * '+@netgroup'), look it up in the 'passwd_compat' nsswitch database. 707 * only Hesiod and NIS is supported - it doesn't make sense to lookup 708 * compat names from 'files' or 'compat'. 709 */ 710 static int __getpwcompat __P((int, uid_t, const char *)); 711 712 static int 713 __getpwcompat(type, uid, name) 714 int type; 715 uid_t uid; 716 const char *name; 717 { 718 static const ns_dtab dtab[] = { 719 NS_FILES_CB(_bad_getpw, "files") 720 NS_DNS_CB(_dns_getpw, NULL) 721 NS_NIS_CB(_nis_getpw, NULL) 722 NS_COMPAT_CB(_bad_getpw, "compat") 723 { 0 } 724 }; 725 static const ns_src defaultnis[] = { 726 { NSSRC_NIS, NS_SUCCESS }, 727 { 0 } 728 }; 729 730 switch (type) { 731 case _PW_KEYBYNUM: 732 return nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "getpwcompat", 733 defaultnis, type); 734 case _PW_KEYBYNAME: 735 _DIAGASSERT(name != NULL); 736 return nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "getpwcompat", 737 defaultnis, type, name); 738 case _PW_KEYBYUID: 739 return nsdispatch(NULL, dtab, NSDB_PASSWD_COMPAT, "getpwcompat", 740 defaultnis, type, uid); 741 default: 742 abort(); 743 /*NOTREACHED*/ 744 } 745 } 746 #endif /* _PASSWD_COMPAT */ 747 748 /* 749 * compat implementation of getpwent() 750 * varargs (ignored): 751 * type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ] 752 */ 753 static int _compat_getpwent __P((void *, void *, va_list)); 754 755 /*ARGSUSED*/ 756 static int 757 _compat_getpwent(rv, cb_data, ap) 758 void *rv; 759 void *cb_data; 760 va_list ap; 761 { 762 DBT key; 763 int rval; 764 char bf[sizeof(_pw_keynum) + 1]; 765 #ifdef _PASSWD_COMPAT 766 static char *name = NULL; 767 const char *user, *host, *dom; 768 int has_compatpw; 769 #endif 770 771 if (!_pw_db && !__initdb()) 772 return NS_UNAVAIL; 773 774 #ifdef _PASSWD_COMPAT 775 has_compatpw = __has_compatpw(); 776 777 again: 778 if (has_compatpw && (__pwmode != PWMODE_NONE)) { 779 int r; 780 781 switch (__pwmode) { 782 case PWMODE_FULL: 783 r = __getpwcompat(_PW_KEYBYNUM, 0, NULL); 784 if (r == NS_SUCCESS) 785 return r; 786 __pwmode = PWMODE_NONE; 787 break; 788 789 case PWMODE_NETGRP: 790 r = getnetgrent(&host, &user, &dom); 791 if (r == 0) { /* end of group */ 792 endnetgrent(); 793 __pwmode = PWMODE_NONE; 794 break; 795 } 796 if (!user || !*user) 797 break; 798 r = __getpwcompat(_PW_KEYBYNAME, 0, user); 799 if (r == NS_SUCCESS) 800 return r; 801 break; 802 803 case PWMODE_USER: 804 if (name == NULL) { 805 __pwmode = PWMODE_NONE; 806 break; 807 } 808 r = __getpwcompat(_PW_KEYBYNAME, 0, name); 809 free(name); 810 name = NULL; 811 if (r == NS_SUCCESS) 812 return r; 813 break; 814 815 case PWMODE_NONE: 816 abort(); 817 } 818 goto again; 819 } 820 #endif 821 822 if (_pw_keynum == -1) 823 return NS_NOTFOUND; /* no more local records */ 824 ++_pw_keynum; 825 bf[0] = _PW_KEYBYNUM; 826 memmove(bf + 1, &_pw_keynum, sizeof(_pw_keynum)); 827 key.data = (u_char *)bf; 828 key.size = sizeof(_pw_keynum) + 1; 829 rval = __hashpw(&key); 830 if (rval == NS_NOTFOUND) 831 _pw_keynum = -1; /* flag `no more local records' */ 832 else if (rval == NS_SUCCESS) { 833 #ifdef _PASSWD_COMPAT 834 /* if we don't have YP at all, don't bother. */ 835 if (has_compatpw) { 836 if(_pw_passwd.pw_name[0] == '+') { 837 /* set the mode */ 838 switch(_pw_passwd.pw_name[1]) { 839 case '\0': 840 __pwmode = PWMODE_FULL; 841 break; 842 case '@': 843 __pwmode = PWMODE_NETGRP; 844 setnetgrent(_pw_passwd.pw_name + 2); 845 break; 846 default: 847 __pwmode = PWMODE_USER; 848 name = strdup(_pw_passwd.pw_name + 1); 849 break; 850 } 851 852 /* save the prototype */ 853 __pwproto_set(); 854 goto again; 855 } else if(_pw_passwd.pw_name[0] == '-') { 856 /* an attempted exclusion */ 857 switch(_pw_passwd.pw_name[1]) { 858 case '\0': 859 break; 860 case '@': 861 setnetgrent(_pw_passwd.pw_name + 2); 862 while(getnetgrent(&host, &user, &dom)) { 863 if(user && *user) 864 __pwexclude_add(user); 865 } 866 endnetgrent(); 867 break; 868 default: 869 __pwexclude_add(_pw_passwd.pw_name + 1); 870 break; 871 } 872 goto again; 873 } 874 } 875 #endif 876 } 877 return (rval); 878 } 879 880 /* 881 * compat implementation of getpwnam() and getpwuid() 882 * varargs: type, [ uid (type == _PW_KEYBYUID) | name (type == _PW_KEYBYNAME) ] 883 */ 884 static int _compat_getpw __P((void *, void *, va_list)); 885 886 static int 887 _compat_getpw(rv, cb_data, ap) 888 void *rv; 889 void *cb_data; 890 va_list ap; 891 { 892 #ifdef _PASSWD_COMPAT 893 DBT key; 894 int search, rval, r, s, keynum; 895 uid_t uid; 896 char bf[sizeof(keynum) + 1]; 897 const char *name, *host, *user, *dom; 898 #endif 899 900 if (!_pw_db && !__initdb()) 901 return NS_UNAVAIL; 902 903 /* 904 * If there isn't a compat token in the database, use files. 905 */ 906 #ifdef _PASSWD_COMPAT 907 if (! __has_compatpw()) 908 #endif 909 return (_local_getpw(rv, cb_data, ap)); 910 911 #ifdef _PASSWD_COMPAT 912 search = va_arg(ap, int); 913 uid = 0; 914 name = NULL; 915 rval = NS_NOTFOUND; 916 switch (search) { 917 case _PW_KEYBYNAME: 918 name = va_arg(ap, const char *); 919 break; 920 case _PW_KEYBYUID: 921 uid = va_arg(ap, uid_t); 922 break; 923 default: 924 abort(); 925 } 926 927 for (s = -1, keynum = 1 ; ; keynum++) { 928 bf[0] = _PW_KEYBYNUM; 929 memmove(bf + 1, &keynum, sizeof(keynum)); 930 key.data = (u_char *)bf; 931 key.size = sizeof(keynum) + 1; 932 if(__hashpw(&key) != NS_SUCCESS) 933 break; 934 switch(_pw_passwd.pw_name[0]) { 935 case '+': 936 /* save the prototype */ 937 __pwproto_set(); 938 939 switch(_pw_passwd.pw_name[1]) { 940 case '\0': 941 r = __getpwcompat(search, uid, name); 942 if (r != NS_SUCCESS) 943 continue; 944 break; 945 case '@': 946 pwnam_netgrp: 947 #if 0 /* XXX: is this a hangover from pre-nsswitch? */ 948 if(__ypcurrent) { 949 free(__ypcurrent); 950 __ypcurrent = NULL; 951 } 952 #endif 953 if (s == -1) /* first time */ 954 setnetgrent(_pw_passwd.pw_name + 2); 955 s = getnetgrent(&host, &user, &dom); 956 if (s == 0) { /* end of group */ 957 endnetgrent(); 958 s = -1; 959 continue; 960 } 961 if (!user || !*user) 962 goto pwnam_netgrp; 963 964 r = __getpwcompat(_PW_KEYBYNAME, 0, user); 965 966 if (r == NS_UNAVAIL) 967 return r; 968 if (r == NS_NOTFOUND) { 969 /* 970 * just because this user is bad 971 * it doesn't mean they all are. 972 */ 973 goto pwnam_netgrp; 974 } 975 break; 976 default: 977 user = _pw_passwd.pw_name + 1; 978 r = __getpwcompat(_PW_KEYBYNAME, 0, user); 979 980 if (r == NS_UNAVAIL) 981 return r; 982 if (r == NS_NOTFOUND) 983 continue; 984 break; 985 } 986 if(__pwexclude_is(_pw_passwd.pw_name)) { 987 if(s == 1) /* inside netgroup */ 988 goto pwnam_netgrp; 989 continue; 990 } 991 break; 992 case '-': 993 /* attempted exclusion */ 994 switch(_pw_passwd.pw_name[1]) { 995 case '\0': 996 break; 997 case '@': 998 setnetgrent(_pw_passwd.pw_name + 2); 999 while(getnetgrent(&host, &user, &dom)) { 1000 if(user && *user) 1001 __pwexclude_add(user); 1002 } 1003 endnetgrent(); 1004 break; 1005 default: 1006 __pwexclude_add(_pw_passwd.pw_name + 1); 1007 break; 1008 } 1009 break; 1010 } 1011 if ((search == _PW_KEYBYNAME && 1012 strcmp(_pw_passwd.pw_name, name) == 0) 1013 || (search == _PW_KEYBYUID && _pw_passwd.pw_uid == uid)) { 1014 rval = NS_SUCCESS; 1015 break; 1016 } 1017 if(s == 1) /* inside netgroup */ 1018 goto pwnam_netgrp; 1019 continue; 1020 } 1021 __pwproto = (struct passwd *)NULL; 1022 1023 if (!_pw_stayopen) { 1024 (void)(_pw_db->close)(_pw_db); 1025 _pw_db = (DB *)NULL; 1026 } 1027 if(__pwexclude != (DB *)NULL) { 1028 (void)(__pwexclude->close)(__pwexclude); 1029 __pwexclude = (DB *)NULL; 1030 } 1031 return rval; 1032 #endif /* _PASSWD_COMPAT */ 1033 } 1034 1035 struct passwd * 1036 getpwent() 1037 { 1038 int r; 1039 static const ns_dtab dtab[] = { 1040 NS_FILES_CB(_local_getpw, NULL) 1041 NS_DNS_CB(_dns_getpw, NULL) 1042 NS_NIS_CB(_nis_getpw, NULL) 1043 NS_COMPAT_CB(_compat_getpwent, NULL) 1044 { 0 } 1045 }; 1046 1047 r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwent", compatsrc, 1048 _PW_KEYBYNUM); 1049 if (r != NS_SUCCESS) 1050 return (struct passwd *)NULL; 1051 return &_pw_passwd; 1052 } 1053 1054 struct passwd * 1055 getpwnam(name) 1056 const char *name; 1057 { 1058 int r; 1059 static const ns_dtab dtab[] = { 1060 NS_FILES_CB(_local_getpw, NULL) 1061 NS_DNS_CB(_dns_getpw, NULL) 1062 NS_NIS_CB(_nis_getpw, NULL) 1063 NS_COMPAT_CB(_compat_getpw, NULL) 1064 { 0 } 1065 }; 1066 1067 if (name == NULL || name[0] == '\0') 1068 return (struct passwd *)NULL; 1069 1070 r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwnam", compatsrc, 1071 _PW_KEYBYNAME, name); 1072 return (r == NS_SUCCESS ? &_pw_passwd : (struct passwd *)NULL); 1073 } 1074 1075 struct passwd * 1076 getpwuid(uid) 1077 uid_t uid; 1078 { 1079 int r; 1080 static const ns_dtab dtab[] = { 1081 NS_FILES_CB(_local_getpw, NULL) 1082 NS_DNS_CB(_dns_getpw, NULL) 1083 NS_NIS_CB(_nis_getpw, NULL) 1084 NS_COMPAT_CB(_compat_getpw, NULL) 1085 { 0 } 1086 }; 1087 1088 r = nsdispatch(NULL, dtab, NSDB_PASSWD, "getpwuid", compatsrc, 1089 _PW_KEYBYUID, uid); 1090 return (r == NS_SUCCESS ? &_pw_passwd : (struct passwd *)NULL); 1091 } 1092 1093 int 1094 setpassent(stayopen) 1095 int stayopen; 1096 { 1097 _pw_keynum = 0; 1098 _pw_stayopen = stayopen; 1099 #ifdef YP 1100 __pwmode = PWMODE_NONE; 1101 if(__ypcurrent) 1102 free(__ypcurrent); 1103 __ypcurrent = NULL; 1104 _pw_ypdone = 0; 1105 #endif 1106 #ifdef HESIOD 1107 _pw_hesnum = 0; 1108 #endif 1109 #ifdef _PASSWD_COMPAT 1110 if(__pwexclude != (DB *)NULL) { 1111 (void)(__pwexclude->close)(__pwexclude); 1112 __pwexclude = (DB *)NULL; 1113 } 1114 __pwproto = (struct passwd *)NULL; 1115 #endif 1116 return 1; 1117 } 1118 1119 void 1120 setpwent() 1121 { 1122 (void) setpassent(0); 1123 } 1124 1125 void 1126 endpwent() 1127 { 1128 _pw_keynum = 0; 1129 if (_pw_db) { 1130 (void)(_pw_db->close)(_pw_db); 1131 _pw_db = (DB *)NULL; 1132 } 1133 #ifdef _PASSWD_COMPAT 1134 __pwmode = PWMODE_NONE; 1135 #endif 1136 #ifdef YP 1137 if(__ypcurrent) 1138 free(__ypcurrent); 1139 __ypcurrent = NULL; 1140 _pw_ypdone = 0; 1141 #endif 1142 #ifdef HESIOD 1143 _pw_hesnum = 0; 1144 #endif 1145 #ifdef _PASSWD_COMPAT 1146 if(__pwexclude != (DB *)NULL) { 1147 (void)(__pwexclude->close)(__pwexclude); 1148 __pwexclude = (DB *)NULL; 1149 } 1150 __pwproto = (struct passwd *)NULL; 1151 #endif 1152 } 1153 1154 static int 1155 __initdb() 1156 { 1157 static int warned; 1158 char *p; 1159 1160 #ifdef _PASSWD_COMPAT 1161 __pwmode = PWMODE_NONE; 1162 #endif 1163 if (geteuid() == 0) { 1164 _pw_db = dbopen((p = _PATH_SMP_DB), O_RDONLY, 0, DB_HASH, NULL); 1165 if (_pw_db) 1166 return(1); 1167 } 1168 _pw_db = dbopen((p = _PATH_MP_DB), O_RDONLY, 0, DB_HASH, NULL); 1169 if (_pw_db) 1170 return 1; 1171 if (!warned) 1172 syslog(LOG_ERR, "%s: %m", p); 1173 warned = 1; 1174 return 0; 1175 } 1176 1177 static int 1178 __hashpw(key) 1179 DBT *key; 1180 { 1181 char *p, *t, *oldbuf; 1182 static u_int max; 1183 static char *buf; 1184 DBT data; 1185 1186 _DIAGASSERT(key != NULL); 1187 1188 switch ((_pw_db->get)(_pw_db, key, &data, 0)) { 1189 case 0: 1190 break; /* found */ 1191 case 1: 1192 return NS_NOTFOUND; 1193 case -1: 1194 return NS_UNAVAIL; /* error in db routines */ 1195 default: 1196 abort(); 1197 } 1198 1199 p = (char *)data.data; 1200 if (data.size > max) { 1201 max = roundup(data.size, 1024); 1202 oldbuf = buf; 1203 if ((buf = realloc(buf, max)) == NULL) { 1204 if (oldbuf != NULL) 1205 free(oldbuf); 1206 max = 0; 1207 return NS_UNAVAIL; 1208 } 1209 } 1210 1211 /* THIS CODE MUST MATCH THAT IN pwd_mkdb. */ 1212 t = buf; 1213 #define EXPAND(e) e = t; while ((*t++ = *p++)); 1214 #define SCALAR(v) memmove(&(v), p, sizeof v); p += sizeof v 1215 EXPAND(_pw_passwd.pw_name); 1216 EXPAND(_pw_passwd.pw_passwd); 1217 SCALAR(_pw_passwd.pw_uid); 1218 SCALAR(_pw_passwd.pw_gid); 1219 SCALAR(_pw_passwd.pw_change); 1220 EXPAND(_pw_passwd.pw_class); 1221 EXPAND(_pw_passwd.pw_gecos); 1222 EXPAND(_pw_passwd.pw_dir); 1223 EXPAND(_pw_passwd.pw_shell); 1224 SCALAR(_pw_passwd.pw_expire); 1225 1226 /* See if there's any data left. If so, read in flags. */ 1227 if (data.size > (size_t) (p - (char *)data.data)) { 1228 SCALAR(_pw_flags); 1229 } else 1230 _pw_flags = _PASSWORD_NOUID|_PASSWORD_NOGID; /* default */ 1231 1232 return NS_SUCCESS; 1233 } 1234
Indexes created Wed Sep 24 05:09:52 GMT 2025