Back to index

glibc  2.9
nis-publickey.c
Go to the documentation of this file.
00001 /* Copyright (C) 1996-1999,2001,2002,2005,2006 Free Software Foundation, Inc.
00002    This file is part of the GNU C Library.
00003    Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
00004 
00005    The GNU C Library is free software; you can redistribute it and/or
00006    modify it under the terms of the GNU Lesser General Public
00007    License as published by the Free Software Foundation; either
00008    version 2.1 of the License, or (at your option) any later version.
00009 
00010    The GNU C Library is distributed in the hope that it will be useful,
00011    but WITHOUT ANY WARRANTY; without even the implied warranty of
00012    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013    Lesser General Public License for more details.
00014 
00015    You should have received a copy of the GNU Lesser General Public
00016    License along with the GNU C Library; if not, write to the Free
00017    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
00018    02111-1307 USA.  */
00019 
00020 #include <nss.h>
00021 #include <ctype.h>
00022 #include <errno.h>
00023 #include <string.h>
00024 #include <syslog.h>
00025 #include <rpc/rpc.h>
00026 #include <rpcsvc/yp.h>
00027 #include <rpcsvc/ypclnt.h>
00028 #include <rpc/key_prot.h>
00029 extern int xdecrypt (char *, char *);
00030 
00031 #include "nss-nis.h"
00032 
00033 /* If we haven't found the entry, we give a SUCCESS and an empty key back.
00034    Solaris docu says: sizeof (pkey) == HEXKEYBYTES + 1.
00035 */
00036 enum nss_status
00037 _nss_nis_getpublickey (const char *netname, char *pkey, int *errnop)
00038 {
00039   pkey[0] = 0;
00040 
00041   if (netname == NULL)
00042     {
00043       *errnop = EINVAL;
00044       return NSS_STATUS_UNAVAIL;
00045     }
00046 
00047   char *domain = strchr (netname, '@');
00048   if (domain == NULL)
00049     {
00050       *errnop = EINVAL;
00051       return NSS_STATUS_UNAVAIL;
00052     }
00053   ++domain;
00054 
00055   char *result;
00056   int len;
00057   int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname),
00058                      &result, &len);
00059 
00060   if (__builtin_expect (yperr != YPERR_SUCCESS, 0))
00061     {
00062       enum nss_status retval = yperr2nss (yperr);
00063 
00064       if (retval == NSS_STATUS_TRYAGAIN)
00065        *errnop = errno;
00066       return retval;
00067     }
00068 
00069   if (result != NULL)
00070     {
00071       char *p = strchr (result, ':');
00072       if (p != NULL)
00073        *p = 0;
00074       strncpy (pkey, result, HEXKEYBYTES + 1);
00075       pkey[HEXKEYBYTES] = '\0';
00076       free (result);
00077     }
00078   return NSS_STATUS_SUCCESS;
00079 }
00080 
00081 enum nss_status
00082 _nss_nis_getsecretkey (const char *netname, char *skey, char *passwd,
00083                      int *errnop)
00084 {
00085   skey[0] = 0;
00086 
00087   if (netname == NULL || passwd == NULL)
00088     {
00089       *errnop = EINVAL;
00090       return NSS_STATUS_UNAVAIL;
00091     }
00092 
00093   char *domain = strchr (netname, '@');
00094   if (domain == NULL)
00095     {
00096       *errnop = EINVAL;
00097       return NSS_STATUS_UNAVAIL;
00098     }
00099   ++domain;
00100 
00101   char *result;
00102   int len;
00103   int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname),
00104                      &result, &len);
00105 
00106   if (__builtin_expect (yperr != YPERR_SUCCESS, 0))
00107     {
00108       enum nss_status retval = yperr2nss (yperr);
00109 
00110       if (retval == NSS_STATUS_TRYAGAIN)
00111        *errnop = errno;
00112       return retval;
00113     }
00114 
00115   if (result != NULL)
00116     {
00117       char *p = strchr (result, ':');
00118       if (p != NULL)
00119        {
00120          char buf[2 * (HEXKEYBYTES + 1)];
00121 
00122          ++p;
00123          strncpy (buf, p, 2 * (HEXKEYBYTES + 1));
00124          buf[2 * HEXKEYBYTES + 1] = '\0';
00125          if (xdecrypt (buf, passwd)
00126              && memcmp (buf, &(buf[HEXKEYBYTES]), KEYCHECKSUMSIZE) == 0)
00127            {
00128              buf[HEXKEYBYTES] = '\0';
00129              strcpy (skey, buf);
00130            }
00131        }
00132 
00133       free (result);
00134     }
00135   return NSS_STATUS_SUCCESS;
00136 }
00137 
00138 /* Parse uid and group information from the passed string.
00139    The format of the string passed is uid:gid,grp,grp, ...  */
00140 static enum nss_status
00141 parse_netid_str (const char *s, uid_t *uidp, gid_t *gidp, int *gidlenp,
00142                gid_t *gidlist)
00143 {
00144   char *p, *ep;
00145   int gidlen;
00146 
00147   if (!s || !isdigit (*s))
00148     {
00149       syslog (LOG_ERR, "netname2user: expecting uid '%s'", s);
00150       return NSS_STATUS_NOTFOUND;  /* XXX need a better error */
00151     }
00152 
00153   /* Fetch the uid */
00154   *uidp = strtoul (s, NULL, 10);
00155 
00156   if (*uidp == 0)
00157     {
00158       syslog (LOG_ERR, "netname2user: should not have uid 0");
00159       return NSS_STATUS_NOTFOUND;
00160     }
00161 
00162   /* Now get the group list */
00163   p = strchr (s, ':');
00164   if (!p)
00165     {
00166       syslog (LOG_ERR, "netname2user: missing group id list in '%s'", s);
00167       return NSS_STATUS_NOTFOUND;
00168     }
00169   ++p;                      /* skip ':' */
00170   if (!p || (!isdigit (*p)))
00171     {
00172       syslog (LOG_ERR, "netname2user: missing group id list in '%s'.", p);
00173       return NSS_STATUS_NOTFOUND;
00174     }
00175 
00176   *gidp = strtoul (p, &ep, 10);
00177 
00178   gidlen = 0;
00179 
00180   /* After strtoul() ep should point to the first invalid character.
00181      This is the marker "," we search for the next value.  */
00182   while (ep != NULL && *ep == ',')
00183     {
00184       ep++;
00185       p = ep;
00186       gidlist[gidlen++] = strtoul (p, &ep, 10);
00187     }
00188 
00189   *gidlenp = gidlen;
00190 
00191   return NSS_STATUS_SUCCESS;
00192 }
00193 
00194 
00195 enum nss_status
00196 _nss_nis_netname2user (char netname[MAXNETNAMELEN + 1], uid_t *uidp,
00197                      gid_t *gidp, int *gidlenp, gid_t *gidlist, int *errnop)
00198 {
00199   char *domain = strchr (netname, '@');
00200   if (domain == NULL)
00201     {
00202       *errnop = EINVAL;
00203       return NSS_STATUS_UNAVAIL;
00204     }
00205 
00206   /* Point past the '@' character */
00207   ++domain;
00208   char *lookup = NULL;
00209   int len;
00210   int yperr = yp_match (domain, "netid.byname", netname, strlen (netname),
00211                      &lookup, &len);
00212   switch (yperr)
00213     {
00214     case YPERR_SUCCESS:
00215       break;                /* the successful case */
00216     case YPERR_DOMAIN:
00217     case YPERR_KEY:
00218       return NSS_STATUS_NOTFOUND;
00219     case YPERR_MAP:
00220     default:
00221       return NSS_STATUS_UNAVAIL;
00222     }
00223 
00224   if (lookup == NULL)
00225     return NSS_STATUS_NOTFOUND;
00226 
00227 
00228   lookup[len] = '\0';
00229 
00230   enum nss_status err = parse_netid_str (lookup, uidp, gidp, gidlenp, gidlist);
00231 
00232   free (lookup);
00233 
00234   return err;
00235 }