diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:22:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:22:06 +0000 |
commit | 741c1ef7a4f2ac316ad6e557ddbe03023413478d (patch) | |
tree | 38890f681daa26c57e865b4feca10d0ca53e1046 /lib/shadow.c | |
parent | Initial commit. (diff) | |
download | shadow-upstream.tar.xz shadow-upstream.zip |
Adding upstream version 1:4.5.upstream/1%4.5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | lib/shadow.c | 557 |
1 files changed, 557 insertions, 0 deletions
diff --git a/lib/shadow.c b/lib/shadow.c new file mode 100644 index 0000000..05cb0e4 --- /dev/null +++ b/lib/shadow.c @@ -0,0 +1,557 @@ +/* + * Copyright (c) 1989 - 1994, Julianne Frances Haugh + * Copyright (c) 1996 - 1998, Marek Michałkiewicz + * Copyright (c) 2003 - 2005, Tomasz Kłoczko + * Copyright (c) 2009 , Nicolas François + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the copyright holders or contributors may not be used to + * endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <config.h> + +/* Newer versions of Linux libc already have shadow support. */ +#ifndef HAVE_GETSPNAM + +#ident "$Id$" + +#include <sys/types.h> +#include "prototypes.h" +#include "defines.h" +#include <stdio.h> +#ifdef USE_NIS +static bool nis_used; +static bool nis_ignore; +static enum { native, start, middle, native2 } nis_state; +static bool nis_bound; +static char *nis_domain; +static char *nis_key; +static int nis_keylen; +static char *nis_val; +static int nis_vallen; + +#define IS_NISCHAR(c) ((c)=='+') +#endif + +static FILE *shadow; + +#define FIELDS 9 +#define OFIELDS 5 + +#ifdef USE_NIS + +/* + * __setspNIS - turn on or off NIS searches + */ + +void __setspNIS (bool flag) +{ + nis_ignore = !flag; + + if (nis_ignore) { + nis_used = false; + } +} + +/* + * bind_nis - bind to NIS server + */ + +static int bind_nis (void) +{ + if (yp_get_default_domain (&nis_domain)) { + return -1; + } + + nis_bound = true; + return 0; +} +#endif + +/* + * setspent - initialize access to shadow text and DBM files + */ + +void setspent (void) +{ + if (NULL != shadow) { + rewind (shadow); + }else { + shadow = fopen (SHADOW_FILE, "r"); + } + +#ifdef USE_NIS + nis_state = native; +#endif +} + +/* + * endspent - terminate access to shadow text and DBM files + */ + +void endspent (void) +{ + if (NULL != shadow) { + (void) fclose (shadow); + } + + shadow = (FILE *) 0; +} + +/* + * my_sgetspent - convert string in shadow file format to (struct spwd *) + */ + +static struct spwd *my_sgetspent (const char *string) +{ + static char spwbuf[BUFSIZ]; + static struct spwd spwd; + char *fields[FIELDS]; + char *cp; + char *cpp; + int i; + + /* + * Copy string to local buffer. It has to be tokenized and we + * have to do that to our private copy. + */ + + if (strlen (string) >= sizeof spwbuf) + return 0; + strcpy (spwbuf, string); + + cp = strrchr (spwbuf, '\n'); + if (NULL != cp) + *cp = '\0'; + + /* + * Tokenize the string into colon separated fields. Allow up to + * FIELDS different fields. + */ + + for (cp = spwbuf, i = 0; *cp && i < FIELDS; i++) { + fields[i] = cp; + while (*cp && *cp != ':') + cp++; + + if (*cp) + *cp++ = '\0'; + } + + if (i == (FIELDS - 1)) + fields[i++] = cp; + + if ((cp && *cp) || (i != FIELDS && i != OFIELDS)) + return 0; + + /* + * Start populating the structure. The fields are all in + * static storage, as is the structure we pass back. If we + * ever see a name with '+' as the first character, we try + * to turn on NIS processing. + */ + + spwd.sp_namp = fields[0]; +#ifdef USE_NIS + if (IS_NISCHAR (fields[0][0])) { + nis_used = true; + } +#endif + spwd.sp_pwdp = fields[1]; + + /* + * Get the last changed date. For all of the integer fields, + * we check for proper format. It is an error to have an + * incorrectly formatted number, unless we are using NIS. + */ + + if (fields[2][0] == '\0') { + spwd.sp_lstchg = -1; + } else { + if (getlong (fields[2], &spwd.sp_lstchg) == 0) { +#ifdef USE_NIS + if (nis_used) { + spwd.sp_lstchg = -1; + } else +#endif + return 0; + } else if (spwd.sp_lstchg < 0) { + return 0; + } + } + + /* + * Get the minimum period between password changes. + */ + + if (fields[3][0] == '\0') { + spwd.sp_min = -1; + } else { + if (getlong (fields[3], &spwd.sp_min) == 0) { +#ifdef USE_NIS + if (nis_used) { + spwd.sp_min = -1; + } else +#endif + { + return 0; + } + } else if (spwd.sp_min < 0) { + return 0; + } + } + + /* + * Get the maximum number of days a password is valid. + */ + + if (fields[4][0] == '\0') { + spwd.sp_max = -1; + } else { + if (getlong (fields[4], &spwd.sp_max) == 0) { +#ifdef USE_NIS + if (nis_used) { + spwd.sp_max = -1; + } else +#endif + return 0; + } else if (spwd.sp_max < 0) { + return 0; + } + } + + /* + * If there are only OFIELDS fields (this is a SVR3.2 /etc/shadow + * formatted file), initialize the other field members to -1. + */ + + if (i == OFIELDS) { + spwd.sp_warn = -1; + spwd.sp_inact = -1; + spwd.sp_expire = -1; + spwd.sp_flag = SHADOW_SP_FLAG_UNSET; + + return &spwd; + } + + /* + * Get the number of days of password expiry warning. + */ + + if (fields[5][0] == '\0') { + spwd.sp_warn = -1; + } else { + if (getlong (fields[5], &spwd.sp_warn) == 0) { +#ifdef USE_NIS + if (nis_used) { + spwd.sp_warn = -1; + } else +#endif + { + return 0; + } + } else if (spwd.sp_warn < 0) { + return 0; + } + } + + /* + * Get the number of days of inactivity before an account is + * disabled. + */ + + if (fields[6][0] == '\0') { + spwd.sp_inact = -1; + } else { + if (getlong (fields[6], &spwd.sp_inact) == 0) { +#ifdef USE_NIS + if (nis_used) { + spwd.sp_inact = -1; + } else +#endif + { + return 0; + } + } else if (spwd.sp_inact < 0) { + return 0; + } + } + + /* + * Get the number of days after the epoch before the account is + * set to expire. + */ + + if (fields[7][0] == '\0') { + spwd.sp_expire = -1; + } else { + if (getlong (fields[7], &spwd.sp_expire) == 0) { +#ifdef USE_NIS + if (nis_used) { + spwd.sp_expire = -1; + } else +#endif + { + return 0; + } + } else if (spwd.sp_expire < 0) { + return 0; + } + } + + /* + * This field is reserved for future use. But it isn't supposed + * to have anything other than a valid integer in it. + */ + + if (fields[8][0] == '\0') { + spwd.sp_flag = SHADOW_SP_FLAG_UNSET; + } else { + if (getlong (fields[8], &spwd.sp_flag) == 0) { + /* FIXME: add a getulong function */ +#ifdef USE_NIS + if (nis_used) { + spwd.sp_flag = SHADOW_SP_FLAG_UNSET; + } else +#endif + { + return 0; + } + } else if (spwd.sp_flag < 0) { + return 0; + } + } + + return (&spwd); +} + +/* + * fgetspent - get an entry from a /etc/shadow formatted stream + */ + +struct spwd *fgetspent (FILE * fp) +{ + char buf[BUFSIZ]; + char *cp; + + if (NULL == fp) { + return (0); + } + +#ifdef USE_NIS + while (fgets (buf, (int) sizeof buf, fp) != (char *) 0) +#else + if (fgets (buf, (int) sizeof buf, fp) != (char *) 0) +#endif + { + cp = strchr (buf, '\n'); + if (NULL != cp) { + *cp = '\0'; + } +#ifdef USE_NIS + if (nis_ignore && IS_NISCHAR (buf[0])) { + continue; + } +#endif + return my_sgetspent (buf); + } + return 0; +} + +/* + * getspent - get a (struct spwd *) from the current shadow file + */ + +struct spwd *getspent (void) +{ +#ifdef USE_NIS + int nis_1_user = 0; + struct spwd *val; + char buf[BUFSIZ]; +#endif + if (NULL == shadow) { + setspent (); + } + +#ifdef USE_NIS + again: + /* + * See if we are reading from the local file. + */ + + if (nis_state == native || nis_state == native2) { + + /* + * Get the next entry from the shadow file. Return NULL + * right away if there is none. + */ + + val = fgetspent (shadow); + if (NULL == val) + return 0; + + /* + * If this entry began with a NIS escape character, we have + * to see if this is just a single user, or if the entire + * map is being asked for. + */ + + if (IS_NISCHAR (val->sp_namp[0])) { + if (val->sp_namp[1]) + nis_1_user = 1; + else + nis_state = start; + } + + /* + * If this isn't a NIS user and this isn't an escape to go + * use a NIS map, it must be a regular local user. + */ + + if (nis_1_user == 0 && nis_state != start) + return val; + + /* + * If this is an escape to use an NIS map, switch over to + * that bunch of code. + */ + + if (nis_state == start) + goto again; + + /* + * NEEDSWORK. Here we substitute pieces-parts of this entry. + */ + + return 0; + } else { + if (!nis_bound) { + if (bind_nis ()) { + nis_state = native2; + goto again; + } + } + if (nis_state == start) { + if (yp_first (nis_domain, "shadow.bynam", &nis_key, + &nis_keylen, &nis_val, &nis_vallen)) { + nis_state = native2; + goto again; + } + nis_state = middle; + } else if (nis_state == middle) { + if (yp_next (nis_domain, "shadow.bynam", nis_key, + nis_keylen, &nis_key, &nis_keylen, + &nis_val, &nis_vallen)) { + nis_state = native2; + goto again; + } + } + return my_sgetspent (nis_val); + } +#else + return (fgetspent (shadow)); +#endif +} + +/* + * getspnam - get a shadow entry by name + */ + +struct spwd *getspnam (const char *name) +{ + struct spwd *sp; + +#ifdef USE_NIS + char buf[BUFSIZ]; + static char save_name[16]; + bool nis_disabled = false; +#endif + + setspent (); + +#ifdef USE_NIS + /* + * Search the shadow.byname map for this user. + */ + + if (!nis_ignore && !nis_bound) { + bind_nis (); + } + + if (!nis_ignore && nis_bound) { + char *cp; + + if (yp_match (nis_domain, "shadow.byname", name, + strlen (name), &nis_val, &nis_vallen) == 0) { + + cp = strchr (nis_val, '\n'); + if (NULL != cp) { + *cp = '\0'; + } + + nis_state = middle; + sp = my_sgetspent (nis_val); + if (NULL != sp) { + strcpy (save_name, sp->sp_namp); + nis_key = save_name; + nis_keylen = strlen (save_name); + } + endspent (); + return sp; + } else { + nis_state = native2; + } + } +#endif +#ifdef USE_NIS + /* + * NEEDSWORK -- this is a mess, and it is the same mess in the + * other three files. I can't just blindly turn off NIS because + * this might be the first pass through the local files. In + * that case, I never discover that NIS is present. + */ + + if (nis_used) { + nis_ignore = true; + nis_disabled = true; + } +#endif + while ((sp = getspent ()) != (struct spwd *) 0) { + if (strcmp (name, sp->sp_namp) == 0) { + break; + } + } +#ifdef USE_NIS + if (nis_disabled) { + nis_ignore = false; + } +#endif + endspent (); + return (sp); +} +#else +extern int errno; /* warning: ANSI C forbids an empty source file */ +#endif + |