mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-24 10:22:41 +08:00
26dee9c49c
1997-04-05 03:11 Ulrich Drepper <drepper@cygnus.com> * inet/arpa/inet.h: Rewrite. Don't use the ugly BSD way to write headers but instead add comments and parameter names. Don't use BSD specific types in prototypes. * manual/nss.texi: Correct a few typos and errors. * sysdeps/libm-ieee754/s_cbrt.c: Complete rewrite based on better algorithm. * sysdeps/libm-ieee754/s_cbrtf.c: Likewise. * sysdeps/libm-ieee754/s_cbrtl.c: Likewise. * sysdeps/libm-i387/s_cbrt.S: New file. Optimized assembler version with new algorithm. * sysdeps/libm-i387/s_cbrtf.S: New file. * sysdeps/libm-i387/s_cbrtl.S: New file. * sysdeps/libm-i387/s_frexp.S: Optimize even more. * sysdeps/libm-i387/s_frexpf.S: Likewise. * sysdeps/libm-i387/s_frexpl.S: Likewise. 1997-04-04 18:55 Thorsten Kukuk <kukuk@vt.uni-paderborn.de> * nis/Makefile: Remove CFLAGS-*, add publickey to databases. * nis/nis_call.c: Add MASTER_ONLY and HARD_LOOKUP flags, compile DES part only with secure RPC add-on. * nis/nis_names.c (nis_modify): Fix rpc function number. * nis/nis_server.c: Fix typos. * nis/nss_compat/compat-grp.c: Add NIS+ support. * nis/nss_compat/compat-pwd.c: Likewise. * nis/nss_compat/compat-spwd.c: Likewise. * nis/nss_nis/nis-grp.c: Only a return value > 0 from parse_line signals success. * nis/nss_nis/nis-publickey.c: Changes for compiling with/without secure RPC. * nis/nss_nisplus/nisplus-publickey.c: Likewise. * nis/ypclnt.c: Likewise. * nis/nis_intern.h: Likewise. * nis/nss_nisplus/nisplus-alias.c: Correct parser return code. * nis/nss_nisplus/nisplus-ethers.c: Likewise. * nis/nss_nisplus/nisplus-hosts.c: Likewise. * nis/nss_nisplus/nisplus-network.c: Likewise. * nis/nss_nisplus/nisplus-proto.c: Likewise. * nis/nss_nisplus/nisplus-pwd.c: Likewise. * nis/nss_nisplus/nisplus-rpc.c: Likewise. * nis/nss_nisplus/nisplus-service.c: Likewise. * nis/nss_nisplus/nisplus-spwd.c: Likewise. * nis/nss_nisplus/nisplus-grp.c: Rewrite parser for fixing errors and speedup. * nis/nss_nisplus/nisplus-netgrp.c: Likewise. 1997-04-04 17:03 Ulrich Drepper <drepper@cygnus.com> * math/libm-test.c (cbrt_test): Add tests for +-inf and NaN arguments. 1997-04-03 19:24 H.J. Lu <hjl@gnu.ai.mit.edu> * sysdeps/unix/sysv/linux/sigset.h (__sigisemptyset): Fix a typo. 1997-04-03 16:10 Andreas Jaeger <aj@arthur.pfalz.de> * sysdeps/libm-ieee754/s_nanf.c: * sysdeps/libm-ieee754/s_nan.c: * sysdeps/libm-ieee754/s_nanl.c: Include <stdio.h> for declaration of sprintf. 1997-04-03 13:37 Ulrich Drepper <drepper@cygnus.com> * sysdeps/libm-ieee754/s_cexp.c: Fix type: string_alias -> strong_alias. Reported by sun <asun@zoology.washington.edu>. * rpc/auth.h: Removed. * rpc/auth_des.h: Removed. * sunrpc/rpc/auth.h: Moved to ... * sysdeps/generic/rpc/auth.h: ...here. * sunrpc/rpc/auth_des.h: Moved to ... * sysdeps/generic/rpc/auth_des.h: ...here. 1997-04-03 04:28 Ulrich Drepper <drepper@cygnus.com> * sysdeps/libm-i387/s_frexp.S: New file. ix87 optimized version. * sysdeps/libm-i387/s_frexpf.S: New file. * sysdeps/libm-i387/s_frexpl.S: New file. 1997-04-01 10:11 H.J. Lu <hjl@gnu.ai.mit.edu> * sysdeps/unix/sysv/linux/Makefile [$(subdir)=inet] (sysdep_headers): Remove netinet/icmp.h. Describe `inf', `infinity', `nan', `nan(...)' inputs for strtod * sysdeps/i386/memcmp.S: Likewise. * time/antarctica: Likewise. * time/australasia: Likewise.
356 lines
9.0 KiB
C
356 lines
9.0 KiB
C
/* Copyright (c) 1997 Free Software Foundation, Inc.
|
|
This file is part of the GNU C Library.
|
|
Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1997.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Library General Public License as
|
|
published by the Free Software Foundation; either version 2 of the
|
|
License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Library General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Library General Public
|
|
License along with the GNU C Library; see the file COPYING.LIB. If not,
|
|
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA. */
|
|
|
|
#include <nss.h>
|
|
#include <ctype.h>
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <syslog.h>
|
|
#include <rpc/rpc.h>
|
|
#include <rpcsvc/nis.h>
|
|
#include <rpcsvc/nislib.h>
|
|
#ifdef HAVE_SECURE_RPC
|
|
#include <rpc/key_prot.h>
|
|
extern int xdecrypt (char *, char *);
|
|
#endif
|
|
|
|
#include <nss-nisplus.h>
|
|
|
|
/* If we haven't found the entry, we give a SUCCESS and an empty key back. */
|
|
enum nss_status
|
|
_nss_nisplus_getpublickey (const char *netname, char *pkey)
|
|
{
|
|
nis_result *res;
|
|
enum nss_status retval;
|
|
char buf[NIS_MAXNAMELEN+2];
|
|
char *domain, *cptr;
|
|
int len;
|
|
|
|
pkey[0] = 0;
|
|
|
|
if (netname == NULL)
|
|
{
|
|
__set_errno (EINVAL);
|
|
return NSS_STATUS_UNAVAIL;
|
|
}
|
|
|
|
domain = strchr (netname, '@');
|
|
if (!domain)
|
|
return NSS_STATUS_UNAVAIL;
|
|
domain++;
|
|
|
|
snprintf (buf, NIS_MAXNAMELEN,
|
|
"[auth_name=%s,auth_type=DES],cred.org_dir.%s",
|
|
netname, domain);
|
|
|
|
if (buf[strlen (buf)-1] != '.')
|
|
strcat(buf, ".");
|
|
|
|
res = nis_list(buf, USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS+FOLLOW_PATH,
|
|
NULL, NULL);
|
|
|
|
retval = niserr2nss (res->status);
|
|
|
|
if (retval != NSS_STATUS_SUCCESS)
|
|
{
|
|
if (retval == NSS_STATUS_TRYAGAIN)
|
|
__set_errno (EAGAIN);
|
|
if (res->status == NIS_NOTFOUND)
|
|
retval = NSS_STATUS_SUCCESS;
|
|
nis_freeresult (res);
|
|
return retval;
|
|
}
|
|
|
|
if (res->objects.objects_len > 1)
|
|
{
|
|
/*
|
|
* More than one principal with same uid?
|
|
* something wrong with cred table. Should be unique
|
|
* Warn user and continue.
|
|
*/
|
|
printf (_("DES entry for netname %s not unique\n"), netname);
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_SUCCESS;
|
|
}
|
|
|
|
len = ENTRY_LEN (res->objects.objects_val, 3);
|
|
memcpy (pkey, ENTRY_VAL (res->objects.objects_val,3), len);
|
|
pkey[len] = 0;
|
|
cptr = strchr (pkey, ':');
|
|
if (cptr)
|
|
cptr[0] = '\0';
|
|
nis_freeresult (res);
|
|
|
|
return NSS_STATUS_SUCCESS;
|
|
}
|
|
|
|
enum nss_status
|
|
_nss_nisplus_getsecretkey (const char *netname, char *skey, char *passwd)
|
|
{
|
|
#ifdef HAVE_SECURE_RPC
|
|
nis_result *res;
|
|
enum nss_status retval;
|
|
char buf[NIS_MAXNAMELEN+2];
|
|
char *domain, *cptr;
|
|
int len;
|
|
|
|
skey[0] = 0;
|
|
|
|
if (netname == NULL)
|
|
{
|
|
__set_errno (EINVAL);
|
|
return NSS_STATUS_UNAVAIL;
|
|
}
|
|
|
|
domain = strchr (netname, '@');
|
|
if (!domain)
|
|
return NSS_STATUS_UNAVAIL;
|
|
domain++;
|
|
|
|
snprintf (buf, NIS_MAXNAMELEN,
|
|
"[auth_name=%s,auth_type=DES],cred.org_dir.%s",
|
|
netname, domain);
|
|
|
|
if (buf[strlen(buf)-1] != '.')
|
|
strcat(buf, ".");
|
|
|
|
res = nis_list (buf, USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS+FOLLOW_PATH,
|
|
NULL, NULL);
|
|
|
|
retval = niserr2nss (res->status);
|
|
|
|
if (retval != NSS_STATUS_SUCCESS)
|
|
{
|
|
if (retval == NSS_STATUS_TRYAGAIN)
|
|
__set_errno (EAGAIN);
|
|
nis_freeresult (res);
|
|
return retval;
|
|
}
|
|
|
|
if (res->objects.objects_len > 1)
|
|
{
|
|
/*
|
|
* More than one principal with same uid?
|
|
* something wrong with cred table. Should be unique
|
|
* Warn user and continue.
|
|
*/
|
|
printf (_("DES entry for netname %s not unique\n"), netname);
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_SUCCESS;
|
|
}
|
|
|
|
len = ENTRY_LEN (res->objects.objects_val, 4);
|
|
memcpy (buf, ENTRY_VAL (res->objects.objects_val,4), len);
|
|
skey[len] = 0;
|
|
cptr = strchr (skey, ':');
|
|
if (cptr)
|
|
cptr[0] = '\0';
|
|
nis_freeresult (res);
|
|
|
|
if (!xdecrypt (buf, passwd))
|
|
return NSS_STATUS_SUCCESS;
|
|
|
|
if (memcmp (buf, &(buf[HEXKEYBYTES]), KEYCHECKSUMSIZE) != 0)
|
|
return NSS_STATUS_SUCCESS;
|
|
|
|
buf[HEXKEYBYTES] = 0;
|
|
strcpy (skey, buf);
|
|
#else
|
|
skey[0] = 0;
|
|
#endif
|
|
|
|
return NSS_STATUS_SUCCESS;
|
|
}
|
|
|
|
/* Parse information from the passed string.
|
|
The format of the string passed is gid,grp,grp, ... */
|
|
static enum nss_status
|
|
parse_grp_str (const char *s, gid_t *gidp, int *gidlenp, gid_t *gidlist)
|
|
{
|
|
int gidlen;
|
|
|
|
if (!s || (!isdigit (*s)))
|
|
{
|
|
syslog (LOG_ERR, "netname2user: missing group id list in '%s'.", s);
|
|
return NSS_STATUS_NOTFOUND;
|
|
}
|
|
|
|
*gidp = (atoi (s));
|
|
|
|
gidlen = 0;
|
|
|
|
while ((s = strchr (s, ',')) != NULL)
|
|
{
|
|
s++;
|
|
gidlist[gidlen++] = atoi (s);
|
|
}
|
|
*gidlenp = gidlen;
|
|
|
|
return NSS_STATUS_SUCCESS;
|
|
}
|
|
|
|
enum nss_status
|
|
_nss_nisplus_netname2user (char netname[MAXNETNAMELEN + 1], uid_t *uidp,
|
|
gid_t *gidp, int *gidlenp, gid_t *gidlist)
|
|
{
|
|
char *domain;
|
|
nis_result *res;
|
|
char sname[NIS_MAXNAMELEN+1]; /* search criteria + table name */
|
|
char principal[NIS_MAXNAMELEN+1];
|
|
int len;
|
|
|
|
/* 1. Get home domain of user. */
|
|
domain = strchr (netname, '@');
|
|
if (! domain)
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
domain++; /* skip '@' */
|
|
|
|
/* 2. Get user's nisplus principal name. */
|
|
if ((strlen (netname) + strlen (domain)+45) >
|
|
(size_t) NIS_MAXNAMELEN)
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
snprintf (sname, NIS_MAXNAMELEN,
|
|
"[auth_name=%s,auth_type=DES],cred.org_dir.%s",
|
|
netname, domain);
|
|
if (sname[strlen (sname) - 1] != '.')
|
|
strcat(sname, ".");
|
|
|
|
/* must use authenticated call here */
|
|
/* XXX but we cant, for now. XXX */
|
|
res = nis_list (sname, USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS+FOLLOW_PATH,
|
|
NULL, NULL);
|
|
switch(res->status)
|
|
{
|
|
case NIS_SUCCESS:
|
|
case NIS_S_SUCCESS:
|
|
break; /* go and do something useful */
|
|
case NIS_NOTFOUND:
|
|
case NIS_PARTIAL:
|
|
case NIS_NOSUCHNAME:
|
|
case NIS_NOSUCHTABLE:
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_NOTFOUND;
|
|
case NIS_S_NOTFOUND:
|
|
case NIS_TRYAGAIN:
|
|
syslog (LOG_ERR, "netname2user: (nis+ lookup): %s\n",
|
|
nis_sperrno (res->status));
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_TRYAGAIN;
|
|
default:
|
|
syslog (LOG_ERR, "netname2user: (nis+ lookup): %s\n",
|
|
nis_sperrno (res->status));
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_UNAVAIL;
|
|
}
|
|
|
|
if (res->objects.objects_len > 1)
|
|
{
|
|
/*
|
|
* A netname belonging to more than one principal?
|
|
* Something wrong with cred table. should be unique.
|
|
* Warn user and continue.
|
|
*/
|
|
syslog (LOG_ALERT,
|
|
_("netname2user: DES entry for %s in directory %s not unique"),
|
|
netname, domain);
|
|
}
|
|
|
|
len = ENTRY_LEN(res->objects.objects_val, 0);
|
|
strncpy(principal, ENTRY_VAL(res->objects.objects_val, 0), len);
|
|
principal[len] = '\0';
|
|
nis_freeresult(res);
|
|
|
|
if (principal[0] == '\0')
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
/*
|
|
* 3. Use principal name to look up uid/gid information in
|
|
* LOCAL entry in **local** cred table.
|
|
*/
|
|
domain = nis_local_directory ();
|
|
if ((strlen(principal)+strlen(domain)+45) >
|
|
(size_t) NIS_MAXNAMELEN)
|
|
{
|
|
syslog (LOG_ERR, _("netname2user: principal name '%s' too long"),
|
|
principal);
|
|
return NSS_STATUS_UNAVAIL;
|
|
}
|
|
sprintf(sname, "[cname=%s,auth_type=LOCAL],cred.org_dir.%s",
|
|
principal, domain);
|
|
if (sname[strlen(sname) - 1] != '.')
|
|
strcat(sname, ".");
|
|
|
|
/* must use authenticated call here */
|
|
/* XXX but we cant, for now. XXX */
|
|
res = nis_list(sname, USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS+FOLLOW_PATH,
|
|
NULL, NULL);
|
|
switch(res->status) {
|
|
case NIS_NOTFOUND:
|
|
case NIS_PARTIAL:
|
|
case NIS_NOSUCHNAME:
|
|
case NIS_NOSUCHTABLE:
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_NOTFOUND;
|
|
case NIS_S_NOTFOUND:
|
|
case NIS_TRYAGAIN:
|
|
syslog (LOG_ERR,
|
|
"netname2user: (nis+ lookup): %s\n",
|
|
nis_sperrno (res->status));
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_TRYAGAIN;
|
|
case NIS_SUCCESS:
|
|
case NIS_S_SUCCESS:
|
|
break; /* go and do something useful */
|
|
default:
|
|
syslog (LOG_ERR, "netname2user: (nis+ lookup): %s\n",
|
|
nis_sperrno (res->status));
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_UNAVAIL;
|
|
}
|
|
|
|
if (res->objects.objects_len > 1)
|
|
{
|
|
/*
|
|
* A principal can have more than one LOCAL entry?
|
|
* Something wrong with cred table.
|
|
* Warn user and continue.
|
|
*/
|
|
syslog(LOG_ALERT,
|
|
_("netname2user: LOCAL entry for %s in directory %s not unique"),
|
|
netname, domain);
|
|
}
|
|
/* Fetch the uid */
|
|
*uidp = (atoi (ENTRY_VAL (res->objects.objects_val, 2)));
|
|
|
|
if (*uidp == 0)
|
|
{
|
|
syslog (LOG_ERR, _("netname2user: should not have uid 0"));
|
|
return NSS_STATUS_NOTFOUND;
|
|
}
|
|
|
|
parse_grp_str (ENTRY_VAL (res->objects.objects_val, 3),
|
|
gidp, gidlenp, gidlist);
|
|
|
|
nis_freeresult (res);
|
|
return NSS_STATUS_SUCCESS;
|
|
}
|