glibc/nis/nss_nisplus/nisplus-publickey.c
Ulrich Drepper 4360eafdd2 Update.
1999-06-18  Zack Weinberg  <zack@rabi.columbia.edu>

	* include/features.h: Define new macros __GNUC_PREREQ and
	__GLIBC_PREREQ which can be used to test the version of gcc
	and glibc respectively.

	* assert/assert.h: Use __GNUC_PREREQ.
	* intl/libintl.h: Likewise.
	* math/complex.h: Likewise.
	* math/tgmath.h: Likewise.
	* misc/sys/cdefs.h: Likewise.
	* posix/sys/types.h: Likewise.
	* socket/sys/socket.h: Likewise.
	* string/bits/string2.h: Likewise.
	* sysdeps/alpha/fpu/bits/mathinline.h: Likewise.
	* sysdeps/i386/fpu/bits/mathinline.h: Likewise.

1999-06-18  Zack Weinberg  <zack@rabi.columbia.edu>

	* include/libintl.h: Declare _libc_intl_domainname here.
	Define _ and N_ here.
	* include/libc-symbols.h: Don't include <libintl.h>.  Don't
	define _ and N_.  Don't declare _libc_intl_domainname.
	* Makeconfig (CPPFLAGS): Use -imacros to read libc-symbols.h.

	* db2/config.h: Don't include sys/stat.h or define
	HAVE_ST_BLKSIZE here...
	* db2/compat.h: ...do it here.

	* linuxthreads/internals.h: Include bits/libc-tsd.h after all
	other headers.
	* linuxthreads/no-tsd.c: Include sys/cdefs.h for __P.
	* iconv/iconv.c: Include stddef.h for NULL.
	* malloc/malloc.h: Include features.h.
	* sysdeps/generic/morecore.c: Use __malloc_ptr_t not __ptr_t.

	* sysdeps/unix/make_errlist.c: Write an "#include <libintl.h>"
	into the generated file.
	* sysdeps/gnu/errlist.awk: Likewise.
	* sysdeps/gnu/errlist.c: Rebuilt.

	* assert/assert-perr.c: Include libintl.h.
	* assert/assert.c: Likewise.
	* elf/dl-open.c: Likewise.
	* elf/dlsym.c: Likewise.
	* elf/dlvsym.c: Likewise.
	* iconv/iconv_prog.c: Likewise.
	* inet/rcmd.c: Likewise.
	* inet/ruserpass.c: Likewise.
	* locale/programs/charset.c: Likewise.
	* locale/programs/ld-collate.c: Likewise.
	* locale/programs/ld-ctype.c: Likewise.
	* locale/programs/ld-messages.c: Likewise.
	* locale/programs/ld-monetary.c: Likewise.
	* locale/programs/ld-numeric.c: Likewise.
	* locale/programs/ld-time.c: Likewise.
	* locale/programs/locfile.c: Likewise.
	* locale/programs/repertoire.c: Likewise.
	* login/programs/database.c: Likewise.
	* login/programs/request.c: Likewise.
	* malloc/mcheck.c: Likewise.
	* misc/error.c: Likewise.
	* nis/nis_call.c: Likewise.
	* nis/nis_callback.c: Likewise.
	* nis/nis_error.c: Likewise.
	* nis/nis_local_names.c: Likewise.
	* nis/nis_print.c: Likewise.
	* nis/nis_print_group_entry.c: Likewise.
	* nis/ypclnt.c: Likewise.
	* nis/nss_nisplus/nisplus-publickey.c: Likewise.
	* nscd/cache.c: Likewise.
	* nscd/connections.c: Likewise.
	* nscd/grpcache.c: Likewise.
	* nscd/hstcache.c: Likewise.
	* nscd/nscd_conf.c: Likewise.
	* nscd/nscd_stat.c: Likewise.
	* nscd/pwdcache.c: Likewise.
	* posix/id.c: Likewise.
	* resolv/herror.c: Likewise.
	* stdio-common/psignal.c: Likewise.
	* string/strsignal.c: Likewise.
	* sunrpc/auth_unix.c: Likewise.
	* sunrpc/clnt_perr.c: Likewise.
	* sunrpc/clnt_raw.c: Likewise.
	* sunrpc/clnt_tcp.c: Likewise.
	* sunrpc/clnt_udp.c: Likewise.
	* sunrpc/clnt_unix.c: Likewise.
	* sunrpc/get_myaddr.c: Likewise.
	* sunrpc/pm_getmaps.c: Likewise.
	* sunrpc/pmap_clnt.c: Likewise.
	* sunrpc/pmap_rmt.c: Likewise.
	* sunrpc/rpc_main.c: Likewise.
	* sunrpc/rpc_scan.c: Likewise.
	* sunrpc/svc_run.c: Likewise.
	* sunrpc/svc_simple.c: Likewise.
	* sunrpc/svc_tcp.c: Likewise.
	* sunrpc/svc_udp.c: Likewise.
	* sunrpc/svc_unix.c: Likewise.
	* sunrpc/xdr_rec.c: Likewise.
	* sunrpc/xdr_ref.c: Likewise.
	* sysdeps/mach/hurd/mips/dl-machine.c: Likewise.
	* sysdeps/posix/gai_strerror.c: Likewise.
	* sysdeps/unix/siglist.c: Likewise.
	* sysdeps/unix/sysv/linux/siglist.c: Likewise.
	* sysdeps/unix/sysv/linux/arm/siglist.c: Likewise.
	* sysdeps/unix/sysv/sysv4/solaris2/sparc/errlist.c: Likewise.
	* timezone/zic.c: Likewise.
1999-06-19 09:58:37 +00:00

367 lines
9.3 KiB
C

/* Copyright (c) 1997 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public
License along with the GNU C Library; see the file COPYING.LIB. If not,
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
#include <nss.h>
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <libintl.h>
#include <syslog.h>
#include <rpc/rpc.h>
#include <rpcsvc/nis.h>
#include <rpc/key_prot.h>
extern int xdecrypt (char *, char *);
#include <nss-nisplus.h>
/* If we haven't found the entry, we give a SUCCESS and an empty key back. */
enum nss_status
_nss_nisplus_getpublickey (const char *netname, char *pkey, int *errnop)
{
nis_result *res;
enum nss_status retval;
char buf[NIS_MAXNAMELEN+2];
size_t slen;
char *domain, *cptr;
int len;
pkey[0] = 0;
if (netname == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
domain = strchr (netname, '@');
if (!domain)
return NSS_STATUS_UNAVAIL;
domain++;
slen = snprintf (buf, NIS_MAXNAMELEN,
"[auth_name=%s,auth_type=DES],cred.org_dir.%s",
netname, domain);
if (buf[slen - 1] != '.')
{
buf[slen++] = '.';
buf[slen] = '\0';
}
res = nis_list (buf, USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS+FOLLOW_PATH,
NULL, NULL);
retval = niserr2nss (res->status);
if (retval != NSS_STATUS_SUCCESS)
{
if (retval == NSS_STATUS_TRYAGAIN)
*errnop = errno;
if (res->status == NIS_NOTFOUND)
retval = NSS_STATUS_SUCCESS;
nis_freeresult (res);
return retval;
}
if (res->objects.objects_len > 1)
{
/*
* More than one principal with same uid?
* something wrong with cred table. Should be unique
* Warn user and continue.
*/
printf (_("DES entry for netname %s not unique\n"), netname);
nis_freeresult (res);
return NSS_STATUS_SUCCESS;
}
len = ENTRY_LEN (res->objects.objects_val, 3);
memcpy (pkey, ENTRY_VAL (res->objects.objects_val,3), len);
pkey[len] = 0;
cptr = strchr (pkey, ':');
if (cptr)
cptr[0] = '\0';
nis_freeresult (res);
return NSS_STATUS_SUCCESS;
}
enum nss_status
_nss_nisplus_getsecretkey (const char *netname, char *skey, char *passwd,
int *errnop)
{
nis_result *res;
enum nss_status retval;
char buf[NIS_MAXNAMELEN+2];
size_t slen;
char *domain, *cptr;
int len;
skey[0] = 0;
if (netname == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
domain = strchr (netname, '@');
if (!domain)
return NSS_STATUS_UNAVAIL;
domain++;
slen = snprintf (buf, NIS_MAXNAMELEN,
"[auth_name=%s,auth_type=DES],cred.org_dir.%s",
netname, domain);
if (buf[slen - 1] != '.')
{
buf[slen++] = '.';
buf[slen] = '\0';
}
res = nis_list (buf, USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS+FOLLOW_PATH,
NULL, NULL);
retval = niserr2nss (res->status);
if (retval != NSS_STATUS_SUCCESS)
{
if (retval == NSS_STATUS_TRYAGAIN)
*errnop = errno;
nis_freeresult (res);
return retval;
}
if (res->objects.objects_len > 1)
{
/*
* More than one principal with same uid?
* something wrong with cred table. Should be unique
* Warn user and continue.
*/
printf (_("DES entry for netname %s not unique\n"), netname);
nis_freeresult (res);
return NSS_STATUS_SUCCESS;
}
len = ENTRY_LEN (res->objects.objects_val, 4);
memcpy (buf, ENTRY_VAL (res->objects.objects_val,4), len);
buf[len] = '\0';
cptr = strchr (buf, ':');
if (cptr)
cptr[0] = '\0';
nis_freeresult (res);
if (!xdecrypt (buf, passwd))
return NSS_STATUS_SUCCESS;
if (memcmp (buf, &(buf[HEXKEYBYTES]), KEYCHECKSUMSIZE) != 0)
return NSS_STATUS_SUCCESS;
buf[HEXKEYBYTES] = 0;
strcpy (skey, buf);
return NSS_STATUS_SUCCESS;
}
/* Parse information from the passed string.
The format of the string passed is gid,grp,grp, ... */
static enum nss_status
parse_grp_str (const char *s, gid_t *gidp, int *gidlenp, gid_t *gidlist,
int *errnop)
{
int gidlen;
if (!s || (!isdigit (*s)))
{
syslog (LOG_ERR, _("netname2user: missing group id list in `%s'."), s);
return NSS_STATUS_NOTFOUND;
}
*gidp = atoi (s);
gidlen = 0;
while ((s = strchr (s, ',')) != NULL)
{
s++;
gidlist[gidlen++] = atoi (s);
}
*gidlenp = gidlen;
return NSS_STATUS_SUCCESS;
}
enum nss_status
_nss_nisplus_netname2user (char netname[MAXNETNAMELEN + 1], uid_t *uidp,
gid_t *gidp, int *gidlenp, gid_t *gidlist, int *errnop)
{
char *domain;
nis_result *res;
char sname[NIS_MAXNAMELEN+1]; /* search criteria + table name */
size_t slen;
char principal[NIS_MAXNAMELEN+1];
int len;
/* 1. Get home domain of user. */
domain = strchr (netname, '@');
if (! domain)
return NSS_STATUS_UNAVAIL;
++domain; /* skip '@' */
/* 2. Get user's nisplus principal name. */
if ((strlen (netname) + strlen (domain)+45) >
(size_t) NIS_MAXNAMELEN)
return NSS_STATUS_UNAVAIL;
slen = snprintf (sname, NIS_MAXNAMELEN,
"[auth_name=%s,auth_type=DES],cred.org_dir.%s",
netname, domain);
if (sname[slen - 1] != '.')
{
sname[slen++] = '.';
sname[slen] = '\0';
}
/* must use authenticated call here */
/* XXX but we cant, for now. XXX */
res = nis_list (sname, USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS+FOLLOW_PATH,
NULL, NULL);
switch (res->status)
{
case NIS_SUCCESS:
case NIS_S_SUCCESS:
break; /* go and do something useful */
case NIS_NOTFOUND:
case NIS_PARTIAL:
case NIS_NOSUCHNAME:
case NIS_NOSUCHTABLE:
nis_freeresult (res);
return NSS_STATUS_NOTFOUND;
case NIS_S_NOTFOUND:
case NIS_TRYAGAIN:
syslog (LOG_ERR, _("netname2user: (nis+ lookup): %s\n"),
nis_sperrno (res->status));
nis_freeresult (res);
*errnop = errno;
return NSS_STATUS_TRYAGAIN;
default:
syslog (LOG_ERR, _("netname2user: (nis+ lookup): %s\n"),
nis_sperrno (res->status));
nis_freeresult (res);
return NSS_STATUS_UNAVAIL;
}
if (res->objects.objects_len > 1)
/*
* A netname belonging to more than one principal?
* Something wrong with cred table. should be unique.
* Warn user and continue.
*/
syslog (LOG_ALERT,
_("netname2user: DES entry for %s in directory %s not unique"),
netname, domain);
len = ENTRY_LEN (res->objects.objects_val, 0);
strncpy (principal, ENTRY_VAL (res->objects.objects_val, 0), len);
principal[len] = '\0';
nis_freeresult (res);
if (principal[0] == '\0')
return NSS_STATUS_UNAVAIL;
/*
* 3. Use principal name to look up uid/gid information in
* LOCAL entry in **local** cred table.
*/
domain = nis_local_directory ();
if ((strlen (principal) + strlen (domain) + 45) > (size_t) NIS_MAXNAMELEN)
{
syslog (LOG_ERR, _("netname2user: principal name `%s' too long"),
principal);
return NSS_STATUS_UNAVAIL;
}
slen = sprintf (sname, "[cname=%s,auth_type=LOCAL],cred.org_dir.%s",
principal, domain);
if (sname[slen - 1] != '.')
{
sname[slen++] = '.';
sname[slen] = '\0';
}
/* must use authenticated call here */
/* XXX but we cant, for now. XXX */
res = nis_list (sname, USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS+FOLLOW_PATH,
NULL, NULL);
switch(res->status)
{
case NIS_NOTFOUND:
case NIS_PARTIAL:
case NIS_NOSUCHNAME:
case NIS_NOSUCHTABLE:
nis_freeresult (res);
return NSS_STATUS_NOTFOUND;
case NIS_S_NOTFOUND:
case NIS_TRYAGAIN:
syslog (LOG_ERR, _("netname2user: (nis+ lookup): %s\n"),
nis_sperrno (res->status));
nis_freeresult (res);
*errnop = errno;
return NSS_STATUS_TRYAGAIN;
case NIS_SUCCESS:
case NIS_S_SUCCESS:
break; /* go and do something useful */
default:
syslog (LOG_ERR, _("netname2user: (nis+ lookup): %s\n"),
nis_sperrno (res->status));
nis_freeresult (res);
return NSS_STATUS_UNAVAIL;
}
if (res->objects.objects_len > 1)
/*
* A principal can have more than one LOCAL entry?
* Something wrong with cred table.
* Warn user and continue.
*/
syslog (LOG_ALERT,
_("netname2user: LOCAL entry for %s in directory %s not unique"),
netname, domain);
/* Fetch the uid */
*uidp = atoi (ENTRY_VAL (res->objects.objects_val, 2));
if (*uidp == 0)
{
syslog (LOG_ERR, _("netname2user: should not have uid 0"));
return NSS_STATUS_NOTFOUND;
}
parse_grp_str (ENTRY_VAL (res->objects.objects_val, 3),
gidp, gidlenp, gidlist, errnop);
nis_freeresult (res);
return NSS_STATUS_SUCCESS;
}