search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't run tests checking xecutable stack when SELinux is enforcing.
[glibc.git] / nis / nss_nis / nis-publickey.c
blobf58eb154adeff17022a91556244ff445a1eb53ef
1 /* Copyright (C) 1996-1999,2001,2002,2005,2006 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Thorsten Kukuk <kukuk@suse.de>, 1996.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
18 02111-1307 USA. */
19
20 #include <nss.h>
21 #include <ctype.h>
22 #include <errno.h>
23 #include <string.h>
24 #include <syslog.h>
25 #include <rpc/rpc.h>
26 #include <rpcsvc/yp.h>
27 #include <rpcsvc/ypclnt.h>
28 #include <rpc/key_prot.h>
29 extern int xdecrypt (char *, char *);
30
31 #include "nss-nis.h"
32
33 /* If we haven't found the entry, we give a SUCCESS and an empty key back.
34 Solaris docu says: sizeof (pkey) == HEXKEYBYTES + 1.
35 */
36 enum nss_status
37 _nss_nis_getpublickey (const char *netname, char *pkey, int *errnop)
38 {
39 pkey[0] = 0;
40
41 if (netname == NULL)
42 {
43 *errnop = EINVAL;
44 return NSS_STATUS_UNAVAIL;
45 }
46
47 char *domain = strchr (netname, '@');
48 if (domain == NULL)
49 {
50 *errnop = EINVAL;
51 return NSS_STATUS_UNAVAIL;
52 }
53 ++domain;
54
55 char *result;
56 int len;
57 int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname),
58 &result, &len);
59
60 if (__builtin_expect (yperr != YPERR_SUCCESS, 0))
61 {
62 enum nss_status retval = yperr2nss (yperr);
63
64 if (retval == NSS_STATUS_TRYAGAIN)
65 *errnop = errno;
66 return retval;
67 }
68
69 if (result != NULL)
70 {
71 char *p = strchr (result, ':');
72 if (p != NULL)
73 *p = 0;
74 strncpy (pkey, result, HEXKEYBYTES + 1);
75 pkey[HEXKEYBYTES] = '\0';
76 free (result);
77 }
78 return NSS_STATUS_SUCCESS;
79 }
80
81 enum nss_status
82 _nss_nis_getsecretkey (const char *netname, char *skey, char *passwd,
83 int *errnop)
84 {
85 skey[0] = 0;
86
87 if (netname == NULL || passwd == NULL)
88 {
89 *errnop = EINVAL;
90 return NSS_STATUS_UNAVAIL;
91 }
92
93 char *domain = strchr (netname, '@');
94 if (domain == NULL)
95 {
96 *errnop = EINVAL;
97 return NSS_STATUS_UNAVAIL;
98 }
99 ++domain;
100
101 char *result;
102 int len;
103 int yperr = yp_match (domain, "publickey.byname", netname, strlen (netname),
104 &result, &len);
105
106 if (__builtin_expect (yperr != YPERR_SUCCESS, 0))
107 {
108 enum nss_status retval = yperr2nss (yperr);
109
110 if (retval == NSS_STATUS_TRYAGAIN)
111 *errnop = errno;
112 return retval;
113 }
114
115 if (result != NULL)
116 {
117 char *p = strchr (result, ':');
118 if (p != NULL)
119 {
120 char buf[2 * (HEXKEYBYTES + 1)];
121
122 ++p;
123 strncpy (buf, p, 2 * (HEXKEYBYTES + 1));
124 buf[2 * HEXKEYBYTES + 1] = '\0';
125 if (xdecrypt (buf, passwd)
126 && memcmp (buf, &(buf[HEXKEYBYTES]), KEYCHECKSUMSIZE) == 0)
127 {
128 buf[HEXKEYBYTES] = '\0';
129 strcpy (skey, buf);
130 }
131 }
132
133 free (result);
134 }
135 return NSS_STATUS_SUCCESS;
136 }
137
138 /* Parse uid and group information from the passed string.
139 The format of the string passed is uid:gid,grp,grp, ... */
140 static enum nss_status
141 parse_netid_str (const char *s, uid_t *uidp, gid_t *gidp, int *gidlenp,
142 gid_t *gidlist)
143 {
144 char *p, *ep;
145 int gidlen;
146
147 if (!s || !isdigit (*s))
148 {
149 syslog (LOG_ERR, "netname2user: expecting uid '%s'", s);
150 return NSS_STATUS_NOTFOUND; /* XXX need a better error */
151 }
152
153 /* Fetch the uid */
154 *uidp = strtoul (s, NULL, 10);
155
156 if (*uidp == 0)
157 {
158 syslog (LOG_ERR, "netname2user: should not have uid 0");
159 return NSS_STATUS_NOTFOUND;
160 }
161
162 /* Now get the group list */
163 p = strchr (s, ':');
164 if (!p)
165 {
166 syslog (LOG_ERR, "netname2user: missing group id list in '%s'", s);
167 return NSS_STATUS_NOTFOUND;
168 }
169 ++p; /* skip ':' */
170 if (!p || (!isdigit (*p)))
171 {
172 syslog (LOG_ERR, "netname2user: missing group id list in '%s'.", p);
173 return NSS_STATUS_NOTFOUND;
174 }
175
176 *gidp = strtoul (p, &ep, 10);
177
178 gidlen = 0;
179
180 /* After strtoul() ep should point to the first invalid character.
181 This is the marker "," we search for the next value. */
182 while (ep != NULL && *ep == ',')
183 {
184 ep++;
185 p = ep;
186 gidlist[gidlen++] = strtoul (p, &ep, 10);
187 }
188
189 *gidlenp = gidlen;
190
191 return NSS_STATUS_SUCCESS;
192 }
193
194
195 enum nss_status
196 _nss_nis_netname2user (char netname[MAXNETNAMELEN + 1], uid_t *uidp,
197 gid_t *gidp, int *gidlenp, gid_t *gidlist, int *errnop)
198 {
199 char *domain = strchr (netname, '@');
200 if (domain == NULL)
201 {
202 *errnop = EINVAL;
203 return NSS_STATUS_UNAVAIL;
204 }
205
206 /* Point past the '@' character */
207 ++domain;
208 char *lookup = NULL;
209 int len;
210 int yperr = yp_match (domain, "netid.byname", netname, strlen (netname),
211 &lookup, &len);
212 switch (yperr)
213 {
214 case YPERR_SUCCESS:
215 break; /* the successful case */
216 case YPERR_DOMAIN:
217 case YPERR_KEY:
218 return NSS_STATUS_NOTFOUND;
219 case YPERR_MAP:
220 default:
221 return NSS_STATUS_UNAVAIL;
222 }
223
224 if (lookup == NULL)
225 return NSS_STATUS_NOTFOUND;
226
227
228 lookup[len] = '\0';
229
230 enum nss_status err = parse_netid_str (lookup, uidp, gidp, gidlenp, gidlist);
231
232 free (lookup);
233
234 return err;
235 }
sources.redhat.com git mirror of glibc CVS