nslcd/db_passwd.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

/*
   passwd.c - password entry lookup routines
   Parts of this file were part of the nss_ldap library (as ldap-pwd.c)
   which has been forked into the nss-pam-ldapd library.

   Copyright (C) 1997-2005 Luke Howard
   Copyright (C) 2006 West Consulting
   Copyright (C) 2006-2014 Arthur de Jong
   Copyright (C) 2014 Luke Shumaker

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with this library; if not, write to the Free Software
   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
   02110-1301 USA
*/

#include "config.h"

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <string.h>
#include <pthread.h>

#include "common.h"
#include "log.h"
#include "cfg.h"
#include "common/dict.h"
#include "compat/strndup.h"

#ifndef NSS_FLAVOUR_GLIBC
/* only check nsswitch.conf for glibc */
#define check_nsswitch_reload()
#define shadow_uses_nslcd() (1)
#endif /* NSS_FLAVOUR_GLIBC */

/* Note that the resulting password value should be one of:
   <empty> - no password set, allow login without password
   !       - used to prevent logins
   x       - "valid" encrypted password that does not match any valid password
             often used to indicate that the password is defined elsewhere
   other   - encrypted password, in crypt(3) format */

static int write_passwd(TFILE *fp, struct passwd *entry, uid_t calleruid)
{
  const char *passwd;
  /* if we are using shadow maps and this entry looks like it would return
     shadow information, make the passwd entry indicate it */
  if (nsswitch_shadow_uses_nslcd())
  {
    passwd = "x";
  }
  else
  {
    passwd = entry->pw_passwd;
    if ((passwd == NULL) || (calleruid != 0))
      passwd = "!";
  }
  if (entry->pw_uid >= nslcd_cfg->nss_min_uid)
  {
    WRITE_INT32(fp, NSLCD_RESULT_BEGIN);
    WRITE_STRING(fp, entry->pw_name );
    WRITE_STRING(fp, passwd         );
    WRITE_INT32( fp, entry->pw_uid  );
    WRITE_INT32( fp, entry->pw_gid  );
    WRITE_STRING(fp, entry->pw_gecos);
    WRITE_STRING(fp, entry->pw_dir  );
    WRITE_STRING(fp, entry->pw_shell);
  }
  return 0;
}

NSLCD_HANDLE_UID(PASSWD, BYNAME
  ,/* decls */
  char name[BUFLEN_NAME];
  ,/* read */
  READ_STRING(fp, name);
  log_setrequest("passwd=\"%s\"", name);
  ,/* check */
  if (!isvalidname(name))
  {
    log_log(LOG_WARNING, "request denied by validnames option");
    return -1;
  }
  nsswitch_check_reload();
  ,/* search */
  struct passwd,
  static size_t i = 0;
  for (; i < session->cnt; i++)
  {
    if (session->users[i].pw_uid > 0 &&
        STR_CMP(name, session->users[i].pw_name)==0) {
      *rcp = 0;
      i = session->cnt;
      return &(session->users[i]);
    }
  }
  return NULL;
  ,/* write */
  return write_passwd(fp, entry, calleruid);
  ,/* cleanup */
)

NSLCD_HANDLE_UID(PASSWD, BYUID
  ,/* decls */
  uid_t uid;
  ,/* read */
  READ_INT32(fp, uid);
  log_setrequest("passwd=%lu", (unsigned long int)uid);
  ,/* check */
  if (uid < nslcd_cfg->nss_min_uid)
  {
    /* return an empty result */
    WRITE_INT32(fp, NSLCD_VERSION);
    WRITE_INT32(fp, NSLCD_ACTION_PASSWD_BYUID);
    WRITE_INT32(fp, NSLCD_RESULT_END);
    return 0;
  }
  nsswitch_check_reload();
  ,/* search */
  struct passwd,
  static size_t i = 0;
  for (; i < session->cnt; i++)
  {
    if (uid == session->users[i].pw_uid) {
      *rcp = 0;
      i = session->cnt;
      return &(session->users[i]);
    }
  }
  return NULL;
  ,/* write */
  return write_passwd(fp, entry, calleruid);
  ,/* cleanup */
)

NSLCD_HANDLE_UID(PASSWD, ALL
  ,/* decls */
  ,/* read */
  log_setrequest("passwd(all)");
  ,/* check */
  nsswitch_check_reload();
  ,/* search */
  struct passwd,
  static size_t i = 0;
  for (; i < session->cnt; i++)
  {
    if (session->users[i].pw_uid > 0) {
      *rcp = 0;
      return &(session->users[i]);
    }
  }
  return NULL;
  ,/* write */
  return write_passwd(fp, entry, calleruid);
  ,/* cleanup */
)