enum nss_status
_nss_nisplus_getgrnam_r (const char *name, struct group *gr,
char *buffer, size_t buflen, int *errnop)
{
int parse_res;
if (grp_tablename_val == NULL)
{
enum nss_status status = _nss_grp_create_tablename (errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
}
if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_NOTFOUND;
}
nis_result *result;
char buf[strlen (name) + 9 + grp_tablename_len];
int olderr = errno;
snprintf (buf, sizeof (buf), "[name=%s],%s", name, grp_tablename_val);
result = nis_list (buf, FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
if (result == NULL)
{
*errnop = ENOMEM;
return NSS_STATUS_TRYAGAIN;
}
if (__glibc_unlikely (niserr2nss (result->status) != NSS_STATUS_SUCCESS))
{
enum nss_status status = niserr2nss (result->status);
nis_freeresult (result);
return status;
}
parse_res = _nss_nisplus_parse_grent (result, gr, buffer, buflen, errnop);
nis_freeresult (result);
if (__glibc_unlikely (parse_res < 1))
{
if (parse_res == -1)
{
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
else
{
__set_errno (olderr);
return NSS_STATUS_NOTFOUND;
}
}
return NSS_STATUS_SUCCESS;
}
static enum nss_status
internal_nisplus_getspent_r (struct spwd *sp, char *buffer, size_t buflen,
int *errnop)
{
int parse_res;
/* Get the next entry until we found a correct one. */
do
{
nis_result *saved_res;
if (result == NULL)
{
saved_res = NULL;
if (tablename_val == NULL)
{
enum nss_status status = _nss_create_tablename (errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
}
result = nis_first_entry (tablename_val);
if (niserr2nss (result->status) != NSS_STATUS_SUCCESS)
return niserr2nss (result->status);
}
else
{
nis_result *res;
saved_res = result;
res = nis_next_entry (tablename_val, &result->cookie);
result = res;
if (niserr2nss (result->status) != NSS_STATUS_SUCCESS)
{
nis_freeresult (saved_res);
return niserr2nss (result->status);
}
}
parse_res = _nss_nisplus_parse_spent (result, sp, buffer,
buflen, errnop);
if (parse_res == -1)
{
nis_freeresult (result);
result = saved_res;
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
else
{
if (saved_res)
nis_freeresult (saved_res);
}
} while (!parse_res);
return NSS_STATUS_SUCCESS;
}
enum nss_status
_nss_nisplus_getpwuid_r (const uid_t uid, struct passwd *pw,
char *buffer, size_t buflen, int *errnop)
{
if (pwd_tablename_val == NULL)
{
enum nss_status status = _nss_pwd_create_tablename (errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
}
int parse_res;
nis_result *result;
char buf[8 + 3 * sizeof (unsigned long int) + pwd_tablename_len];
int olderr = errno;
snprintf (buf, sizeof (buf), "[uid=%lu],%s",
(unsigned long int) uid, pwd_tablename_val);
result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM, NULL, NULL);
if (result == NULL)
{
*errnop = ENOMEM;
return NSS_STATUS_TRYAGAIN;
}
if (niserr2nss (result->status) != NSS_STATUS_SUCCESS)
{
enum nss_status status = niserr2nss (result->status);
errno = olderr;
nis_freeresult (result);
return status;
}
parse_res = _nss_nisplus_parse_pwent (result, pw, buffer, buflen, errnop);
nis_freeresult (result);
if (parse_res < 1)
{
if (parse_res == -1)
{
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
else
{
errno = olderr;
return NSS_STATUS_NOTFOUND;
}
}
return NSS_STATUS_SUCCESS;
}
enum nss_status
_nss_nisplus_gethostton_r (const char *name, struct etherent *eth,
char *buffer, size_t buflen, int *errnop)
{
if (tablename_val == NULL)
{
enum nss_status status = _nss_create_tablename (errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
}
if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
int olderr = errno;
snprintf (buf, sizeof (buf), "[name=%s],%s", name, tablename_val);
nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
NULL, NULL);
if (result == NULL)
{
*errnop = ENOMEM;
return NSS_STATUS_TRYAGAIN;
}
if (__glibc_unlikely (niserr2nss (result->status) != NSS_STATUS_SUCCESS))
{
enum nss_status status = niserr2nss (result->status);
nis_freeresult (result);
return status;
}
int parse_res = _nss_nisplus_parse_etherent (result, eth, buffer,
buflen, errnop);
/* We do not need the lookup result anymore. */
nis_freeresult (result);
if (__glibc_unlikely (parse_res < 1))
{
__set_errno (olderr);
if (parse_res == -1)
return NSS_STATUS_TRYAGAIN;
return NSS_STATUS_NOTFOUND;
}
return NSS_STATUS_SUCCESS;
}
enum nss_status
_nss_nisplus_getgrgid_r (const gid_t gid, struct group *gr,
char *buffer, size_t buflen, int *errnop)
{
if (grp_tablename_val == NULL)
{
enum nss_status status = _nss_grp_create_tablename (errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
}
int parse_res;
nis_result *result;
char buf[8 + 3 * sizeof (unsigned long int) + grp_tablename_len];
int olderr = errno;
snprintf (buf, sizeof (buf), "[gid=%lu],%s",
(unsigned long int) gid, grp_tablename_val);
result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
if (result == NULL)
{
*errnop = ENOMEM;
return NSS_STATUS_TRYAGAIN;
}
if (__glibc_unlikely (niserr2nss (result->status) != NSS_STATUS_SUCCESS))
{
enum nss_status status = niserr2nss (result->status);
__set_errno (olderr);
nis_freeresult (result);
return status;
}
parse_res = _nss_nisplus_parse_grent (result, gr, buffer, buflen, errnop);
nis_freeresult (result);
if (__glibc_unlikely (parse_res < 1))
{
__set_errno (olderr);
if (parse_res == -1)
{
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
else
return NSS_STATUS_NOTFOUND;
}
return NSS_STATUS_SUCCESS;
}
nis_result *
nis_checkpoint (const_nis_name dirname)
{
nis_result *res;
res = calloc (1, sizeof (nis_result));
if (res == NULL)
return NULL;
if (dirname != NULL)
{
nis_result *res2;
u_int i;
res2 = nis_lookup (dirname, EXPAND_NAME);
if (NIS_RES_STATUS (res2) != NIS_SUCCESS)
{
free (res);
return res2;
}
/* Check if obj is really a diryectory object */
if (__type_of (NIS_RES_OBJECT (res2)) != NIS_DIRECTORY_OBJ)
{
nis_freeresult (res2);
NIS_RES_STATUS (res) = NIS_INVALIDOBJ;
return res;
}
for (i = 0;
i < NIS_RES_OBJECT (res2)->DI_data.do_servers.do_servers_len; ++i)
{
cp_result cpres;
memset (&cpres, '\0', sizeof (cp_result));
if (__do_niscall2 (&NIS_RES_OBJECT(res2)->DI_data.do_servers.do_servers_val[i],
1, NIS_CHECKPOINT, (xdrproc_t) _xdr_nis_name,
(caddr_t) &dirname, (xdrproc_t) _xdr_cp_result,
(caddr_t) &cpres, 0, NULL) != NIS_SUCCESS)
NIS_RES_STATUS (res) = NIS_RPCERROR;
else
{
NIS_RES_STATUS (res) = cpres.cp_status;
res->zticks += cpres.cp_zticks;
res->dticks += cpres.cp_dticks;
}
}
nis_freeresult (res2);
}
else
NIS_RES_STATUS (res) = NIS_NOSUCHNAME;
return res;
}
enum nss_status
_nss_nisplus_getpwnam_r (const char *name, struct passwd *pw,
char *buffer, size_t buflen, int *errnop)
{
int parse_res;
if (tablename_val == NULL)
{
enum nss_status status = _nss_create_tablename (errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
}
if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
else
{
nis_result *result;
char buf[strlen (name) + 24 + tablename_len];
sprintf (buf, "[name=%s],%s", name, tablename_val);
result = nis_list(buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
if (niserr2nss (result->status) != NSS_STATUS_SUCCESS)
{
enum nss_status status = niserr2nss (result->status);
nis_freeresult (result);
return status;
}
parse_res = _nss_nisplus_parse_pwent (result, pw, buffer, buflen,
errnop);
nis_freeresult (result);
if (parse_res < 1)
{
if (parse_res == -1)
{
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
else
return NSS_STATUS_NOTFOUND;
}
return NSS_STATUS_SUCCESS;
}
}
nis_error
nis_destroygroup (const_nis_name group)
{
if (group != NULL && group[0] != '\0')
{
size_t grouplen = strlen (group);
char buf[grouplen + 50];
char leafbuf[grouplen + 3];
char domainbuf[grouplen + 3];
nis_error status;
nis_result *res;
char *cp, *cp2;
cp = stpcpy (buf, nis_leaf_of_r (group, leafbuf, sizeof (leafbuf) - 1));
cp = stpcpy (cp, ".groups_dir");
cp2 = nis_domain_of_r (group, domainbuf, sizeof (domainbuf) - 1);
if (cp2 != NULL && cp2[0] != '\0')
{
*cp++ = '.';
stpcpy (cp, cp2);
}
res = nis_remove (buf, NULL);
status = NIS_RES_STATUS (res);
nis_freeresult (res);
return status;
}
else
return NIS_FAIL;
}
static void
internal_endnetgrent (struct __netgrent *netgrp)
{
nis_freeresult ((nis_result *) netgrp->data);
netgrp->data = NULL;
netgrp->data_size = 0;
netgrp->position = 0;
}
void
nis_ping (const_nis_name dirname, unsigned int utime,
const nis_object *dirobj)
{
nis_result *res = NULL;
nis_object *obj;
ping_args args;
unsigned int i;
if (dirname == NULL && dirobj == NULL)
abort ();
if (dirobj == NULL)
{
res = nis_lookup (dirname, MASTER_ONLY);
if (res == NULL || NIS_RES_STATUS (res) != NIS_SUCCESS)
{
nis_freeresult (res);
return;
}
obj = res->objects.objects_val;
}
else
obj = (nis_object *) dirobj;
/* Check if obj is really a diryectory object */
if (__type_of (obj) != NIS_DIRECTORY_OBJ)
{
nis_freeresult (res);
return;
}
if (dirname == NULL)
args.dir = obj->DI_data.do_name;
else
args.dir = (char *) dirname;
args.stamp = utime;
/* Send the ping only to replicas */
for (i = 1; i < obj->DI_data.do_servers.do_servers_len; ++i)
__do_niscall2 (&obj->DI_data.do_servers.do_servers_val[i], 1,
NIS_PING, (xdrproc_t) _xdr_ping_args,
(caddr_t) &args, (xdrproc_t) xdr_void,
(caddr_t) NULL, 0, NULL);
nis_freeresult (res);
}
enum nss_status
_nss_nisplus_endspent (void)
{
__libc_lock_lock (lock);
if (result)
nis_freeresult (result);
result = NULL;
__libc_lock_unlock (lock);
return NSS_STATUS_SUCCESS;
}
int
nisplus_reload(mnt_map *m, char *map, void (*fn) ())
{
int error = 0;
struct nis_callback_data data;
nis_result *result;
char *org; /* if map does not have ".org_dir" then append it */
nis_name map_name;
size_t l;
org = strstr(map, NISPLUS_ORGDIR);
if (org == NULL)
org = NISPLUS_ORGDIR;
else
org = "";
/* make some room for the NIS map_name */
l = strlen(map) + sizeof(NISPLUS_ORGDIR);
map_name = xmalloc(l);
if (map_name == NULL) {
plog(XLOG_ERROR, "Unable to create map_name %s: %s",
map, strerror(ENOMEM));
return ENOMEM;
}
xsnprintf(map_name, l, "%s%s", map, org);
data.ncd_m = m;
data.ncd_map = map_name;
data.ncd_fn = fn;
dlog("NISplus reload for %s", map);
result = nis_list(map_name,
EXPAND_NAME | FOLLOW_LINKS | FOLLOW_PATH,
(int (*)()) nisplus_callback,
&data);
/* free off the NIS map_name */
XFREE(map_name);
if (result->status != NIS_SUCCESS && result->status != NIS_CBRESULTS)
error = 1;
if (error)
plog(XLOG_ERROR, "error grabbing nisplus map of %s: %s",
map,
nis_sperrno(result->status));
nis_freeresult(result);
return error;
}
/* Check that someone else don't have the same auth information already */
static
nis_error
auth_exists(char *princname, char *auth_name, char *auth_type, char *domain)
{
char sname[NIS_MAXNAMELEN+MAXHOSTNAMELEN+64];
nis_result *res;
nis_error status;
char *foundprinc;
(void) sprintf(sname, "[auth_name=%s,auth_type=%s],%s.%s",
auth_name, auth_type, CRED_TABLE, domain);
if (sname[strlen(sname)-1] != '.')
strcat(sname, ".");
/* Don't want FOLLOW_PATH here */
res = nis_list(sname,
MASTER_ONLY+USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS,
NULL, NULL);
status = res->status;
switch (res->status) {
case NIS_NOTFOUND:
break;
case NIS_TRYAGAIN :
(void) fprintf(stderr,
"%s: NIS+ server busy, try again later.\n",
program_name);
exit(1);
case NIS_PERMISSION :
(void) fprintf(stderr,
"%s: insufficient permission to look up old credentials.\n",
program_name);
exit(1);
case NIS_SUCCESS:
foundprinc = ENTRY_VAL(res->objects.objects_val, 0);
if (nis_dir_cmp(foundprinc, princname) != SAME_NAME) {
(void) fprintf(stderr,
"%s: %s credentials with auth_name '%s' already belong to '%s'.\n",
program_name, auth_type, auth_name, foundprinc);
exit(1);
}
break;
default:
(void) fprintf(stderr,
"%s: error looking at cred table, NIS+ error: %s\n",
program_name, nis_sperrno(res->status));
exit(1);
}
nis_freeresult(res);
return (status);
}
nis_name
nis_local_principal (void)
{
static char __principal[NIS_MAXNAMELEN + 1];
if (__principal[0] == '\0')
{
char buf[NIS_MAXNAMELEN + 1];
nis_result *res;
uid_t uid = geteuid ();
if (uid != 0)
{
int len = snprintf (buf, NIS_MAXNAMELEN - 1,
"[auth_name=%d,auth_type=LOCAL],cred.org_dir.%s",
uid, nis_local_directory ());
if (len >= NIS_MAXNAMELEN - 1)
nobody:
/* XXX The buffer is too small. Can this happen??? */
return strcpy (__principal, "nobody");
if (buf[len - 1] != '.')
{
buf[len++] = '.';
buf[len] = '\0';
}
res = nis_list (buf, USE_DGRAM + NO_AUTHINFO + FOLLOW_LINKS +
FOLLOW_PATH, NULL, NULL);
if (res == NULL)
goto nobody;
if (NIS_RES_STATUS (res) == NIS_SUCCESS)
{
if (res->objects.objects_len > 1)
{
/* More than one principal with same uid? something
wrong with cred table. Should be unique. Warn user
and continue. */
printf (_("\
LOCAL entry for UID %d in directory %s not unique\n"),
uid, nis_local_directory ());
}
strcpy (__principal, ENTRY_VAL (res->objects.objects_val, 0));
nis_freeresult (res);
return __principal;
}
int
nisplus_init(mnt_map *m, char *map, time_t *tp)
{
nis_result *result;
char *org; /* if map does not have ".org_dir" then append it */
nis_name map_name;
int error = 0;
size_t l;
org = strstr(map, NISPLUS_ORGDIR);
if (org == NULL)
org = NISPLUS_ORGDIR;
else
org = "";
/* make some room for the NIS map_name */
l = strlen(map) + sizeof(NISPLUS_ORGDIR);
map_name = xmalloc(l);
if (map_name == NULL) {
plog(XLOG_ERROR,
"Unable to create map_name %s: %s",
map,
strerror(ENOMEM));
return ENOMEM;
}
xsnprintf(map_name, l, "%s%s", map, org);
result = nis_lookup(map_name, (EXPAND_NAME | FOLLOW_LINKS | FOLLOW_PATH));
/* free off the NIS map_name */
XFREE(map_name);
if (result == NULL) {
plog(XLOG_ERROR, "NISplus init <%s>: %s", map, strerror(ENOMEM));
return ENOMEM;
}
if (result->status != NIS_SUCCESS) {
dlog("NISplus init <%s>: %s (%d)",
map, nis_sperrno(result->status), result->status);
error = ENOENT;
}
*tp = 0; /* no time */
nis_freeresult(result);
return error;
}
enum nss_status
_nss_nisplus_setspent (int stayopen)
{
enum nss_status status = NSS_STATUS_SUCCESS;
int err;
__libc_lock_lock (lock);
if (result)
nis_freeresult (result);
result = NULL;
if (tablename_val == NULL)
status = _nss_create_tablename (&err);
__libc_lock_unlock (lock);
return NSS_STATUS_SUCCESS;
}
enum nss_status
_nss_nisplus_setetherent (int stayopen)
{
enum nss_status status;
int err;
status = NSS_STATUS_SUCCESS;
__libc_lock_lock (lock);
if (result != NULL)
{
nis_freeresult (result);
result = NULL;
}
if (_nss_create_tablename (&err) != NSS_STATUS_SUCCESS)
status = NSS_STATUS_UNAVAIL;
__libc_lock_unlock (lock);
return status;
}
nis_result *
nis_lookup (const_nis_name name, const unsigned int flags)
{
nis_result *res = calloc (1, sizeof (nis_result));
struct ns_request req;
nis_name *names;
nis_error status;
int link_first_try = 0;
int count_links = 0; /* We will follow only 16 links in the deep */
int done = 0;
int name_nr = 0;
nis_name namebuf[2] = {NULL, NULL};
if (res == NULL)
return NULL;
if ((flags & EXPAND_NAME) && (name[strlen (name) - 1] != '.'))
{
names = nis_getnames (name);
if (names == NULL)
{
NIS_RES_STATUS (res) = NIS_NAMEUNREACHABLE;
return res;
}
}
else
{
names = namebuf;
names[0] = (nis_name)name;
}
req.ns_name = names[0];
while (!done)
{
dir_binding bptr;
directory_obj *dir = NULL;
req.ns_object.ns_object_len = 0;
req.ns_object.ns_object_val = NULL;
status = __nisfind_server (req.ns_name, &dir);
if (status != NIS_SUCCESS)
{
NIS_RES_STATUS (res) = status;
return res;
}
status = __nisbind_create (&bptr, dir->do_servers.do_servers_val,
dir->do_servers.do_servers_len, flags);
if (status != NIS_SUCCESS)
{
NIS_RES_STATUS (res) = status;
nis_free_directory (dir);
return res;
}
while (__nisbind_connect (&bptr) != NIS_SUCCESS)
{
if (__nisbind_next (&bptr) != NIS_SUCCESS)
{
__nisbind_destroy (&bptr);
nis_free_directory (dir);
NIS_RES_STATUS (res) = NIS_NAMEUNREACHABLE;
return res;
}
}
do
{
static struct timeval RPCTIMEOUT = {10, 0};
enum clnt_stat result;
again:
result = clnt_call (bptr.clnt, NIS_LOOKUP,
(xdrproc_t) _xdr_ns_request,
(caddr_t) &req, (xdrproc_t) _xdr_nis_result,
(caddr_t) res, RPCTIMEOUT);
if (result != RPC_SUCCESS)
status = NIS_RPCERROR;
else
{
status = NIS_SUCCESS;
if (NIS_RES_STATUS (res) == NIS_SUCCESS)
{
if (__type_of(NIS_RES_OBJECT (res)) == NIS_LINK_OBJ &&
flags & FOLLOW_LINKS) /* We are following links */
{
if (count_links)
free (req.ns_name);
/* if we hit the link limit, bail */
if (count_links > NIS_MAXLINKS)
{
NIS_RES_STATUS (res) = NIS_LINKNAMEERROR;
break;
}
++count_links;
req.ns_name =
strdup (NIS_RES_OBJECT (res)->LI_data.li_name);
if (req.ns_name == NULL)
return NULL;
nis_freeresult (res);
res = calloc (1, sizeof (nis_result));
if (res == NULL)
{
__nisbind_destroy (&bptr);
return NULL;
}
link_first_try = 1; /* Try at first the old binding */
goto again;
}
}
else
if ((NIS_RES_STATUS (res) == NIS_SYSTEMERROR) ||
(NIS_RES_STATUS (res) == NIS_NOSUCHNAME) ||
(NIS_RES_STATUS (res) == NIS_NOT_ME))
{
if (link_first_try)
{
__nisbind_destroy (&bptr);
nis_free_directory (dir);
if (__nisfind_server (req.ns_name, &dir) != NIS_SUCCESS)
return res;
if (__nisbind_create (&bptr,
dir->do_servers.do_servers_val,
dir->do_servers.do_servers_len,
flags) != NIS_SUCCESS)
{
nis_free_directory (dir);
return res;
}
}
else
if (__nisbind_next (&bptr) != NIS_SUCCESS)
break; /* No more servers to search */
while (__nisbind_connect (&bptr) != NIS_SUCCESS)
{
if (__nisbind_next (&bptr) != NIS_SUCCESS)
{
__nisbind_destroy (&bptr);
nis_free_directory (dir);
return res;
}
}
goto again;
}
break;
}
link_first_try = 0; /* Set it back */
}
while ((flags & HARD_LOOKUP) && status == NIS_RPCERROR);
__nisbind_destroy (&bptr);
nis_free_directory (dir);
if (status != NIS_SUCCESS)
{
NIS_RES_STATUS (res) = status;
return res;
}
switch (NIS_RES_STATUS (res))
{
case NIS_PARTIAL:
case NIS_SUCCESS:
case NIS_S_SUCCESS:
case NIS_LINKNAMEERROR: /* We follow to max links */
case NIS_UNAVAIL: /* NIS+ is not installed, or all servers are down */
++done;
break;
default:
/* Try the next domainname if we don't follow a link */
if (count_links)
{
free (req.ns_name);
NIS_RES_STATUS (res) = NIS_LINKNAMEERROR;
++done;
break;
}
++name_nr;
if (names[name_nr] == NULL)
{
++done;
break;
}
req.ns_name = names[name_nr];
break;
}
}
if (names != namebuf)
nis_freenames (names);
return res;
}
nis_error
nis_addmember (const_nis_name member, const_nis_name group)
{
if (group != NULL && group[0] != '\0')
{
size_t grouplen = strlen (group);
char buf[grouplen + 14 + NIS_MAXNAMELEN];
char leafbuf[grouplen + 2];
char domainbuf[grouplen + 2];
nis_result *res, *res2;
nis_error status;
char *cp, *cp2;
cp = stpcpy (buf, nis_leaf_of_r (group, leafbuf, sizeof (leafbuf) - 1));
cp = stpcpy (cp, ".groups_dir");
cp2 = nis_domain_of_r (group, domainbuf, sizeof (domainbuf) - 1);
if (cp2 != NULL && cp2[0] != '\0')
{
*cp++ = '.';
stpcpy (cp, cp2);
}
res = nis_lookup (buf, FOLLOW_LINKS|EXPAND_NAME);
if (NIS_RES_STATUS (res) != NIS_SUCCESS)
{
status = NIS_RES_STATUS (res);
nis_freeresult (res);
return status;
}
if ((NIS_RES_NUMOBJ (res) != 1) ||
(__type_of (NIS_RES_OBJECT (res)) != NIS_GROUP_OBJ))
{
nis_freeresult (res);
return NIS_INVALIDOBJ;
}
NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val
= realloc (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val,
(NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_len + 1)
* sizeof (char *));
if (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val == NULL)
goto nomem_out;
NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val[NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_len] = strdup (member);
if (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val[NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_len] == NULL)
{
free (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val);
nomem_out:
nis_freeresult (res);
return NIS_NOMEMORY;
}
++NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_len;
cp = stpcpy (buf, NIS_RES_OBJECT(res)->zo_name);
*cp++ = '.';
strncpy (cp, NIS_RES_OBJECT (res)->zo_domain, NIS_MAXNAMELEN);
res2 = nis_modify (buf, NIS_RES_OBJECT (res));
status = NIS_RES_STATUS (res2);
nis_freeresult (res);
nis_freeresult (res2);
return status;
}
else
return NIS_FAIL;
}
/*
* Try to locate a key using NIS+.
*/
int
nisplus_search(mnt_map *m, char *map, char *key, char **val, time_t *tp)
{
nis_result *result;
int error = 0;
struct nisplus_search_callback_data data;
nis_name index;
char *org; /* if map does not have ".org_dir" then append it */
size_t l;
org = strstr(map, NISPLUS_ORGDIR);
if (org == NULL)
org = NISPLUS_ORGDIR;
else
org = "";
/* make some room for the NIS index */
l = sizeof('[') /* for opening selection criteria */
+ sizeof(NISPLUS_KEY)
+ strlen(key)
+ sizeof(']') /* for closing selection criteria */
+ sizeof(',') /* + 1 for , separator */
+ strlen(map)
+ sizeof(NISPLUS_ORGDIR);
index = xmalloc(l);
if (index == NULL) {
plog(XLOG_ERROR,
"Unable to create index %s: %s",
map,
strerror(ENOMEM));
return ENOMEM;
}
xsnprintf(index, l, "[%s%s],%s%s", NISPLUS_KEY, key, map, org);
data.key = key;
data.value = NULL;
dlog("NISplus search for %s", index);
result = nis_list(index,
EXPAND_NAME | FOLLOW_LINKS | FOLLOW_PATH,
(int (*)()) nisplus_search_callback,
&data);
/* free off the NIS index */
XFREE(index);
if (result == NULL) {
plog(XLOG_ERROR, "nisplus_search: %s: %s", map, strerror(ENOMEM));
return ENOMEM;
}
/*
* Do something interesting with the return code
*/
switch (result->status) {
case NIS_SUCCESS:
case NIS_CBRESULTS:
if (data.value == NULL) {
nis_object *value = result->objects.objects_val;
dlog("NISplus search found <nothing>");
dlog("NISplus search for %s: %s(%d)",
map, nis_sperrno(result->status), result->status);
if (value != NULL)
data.value = strnsave(ENTRY_VAL(value, 1), ENTRY_LEN(value, 1));
}
if (m->cfm && (m->cfm->cfm_flags & CFM_SUN_MAP_SYNTAX)) {
*val = sun_entry2amd(key, data.value);
XFREE(data.value); /* strnsave malloc'ed it above */
} else
*val = data.value;
if (*val) {
error = 0;
dlog("NISplus search found %s", *val);
} else {
error = ENOENT;
dlog("NISplus search found nothing");
}
*tp = 0;
break;
case NIS_NOSUCHNAME:
dlog("NISplus search returned %d", result->status);
error = ENOENT;
break;
default:
plog(XLOG_ERROR, "nisplus_search: %s: %s", map, nis_sperrno(result->status));
error = EIO;
break;
}
nis_freeresult(result);
return error;
}
static int
nisplus_find(void *handle, uschar *filename, uschar *query, int length,
uschar **result, uschar **errmsg, uint *do_cache)
{
int i;
int ssize = 0;
int offset = 0;
int error_error = FAIL;
uschar *field_name = NULL;
nis_result *nrt = NULL;
nis_result *nre = NULL;
nis_object *tno, *eno;
struct entry_obj *eo;
struct table_obj *ta;
uschar *p = query + length;
uschar *yield = NULL;
do_cache = do_cache; /* Placate picky compilers */
/* Search backwards for a colon to see if a result field name
has been given. */
while (p > query && p[-1] != ':') p--;
if (p > query)
{
field_name = p;
p[-1] = 0;
}
else p = query + length;
/* Now search backwards to find the comma that starts the
table name. */
while (p > query && p[-1] != ',') p--;
if (p <= query)
{
*errmsg = US"NIS+ query malformed";
error_error = DEFER;
goto NISPLUS_EXIT;
}
/* Look up the data for the table, in order to get the field names,
check that we got back a table, and set up pointers so the field
names can be scanned. */
nrt = nis_lookup(CS p, EXPAND_NAME | NO_CACHE);
if (nrt->status != NIS_SUCCESS)
{
*errmsg = string_sprintf("NIS+ error accessing %s table: %s", p,
nis_sperrno(nrt->status));
if (nrt->status != NIS_NOTFOUND && nrt->status != NIS_NOSUCHTABLE)
error_error = DEFER;
goto NISPLUS_EXIT;
}
tno = nrt->objects.objects_val;
if (tno->zo_data.zo_type != TABLE_OBJ)
{
*errmsg = string_sprintf("NIS+ error: %s is not a table", p);
goto NISPLUS_EXIT;
}
ta = &(tno->zo_data.objdata_u.ta_data);
/* Now look up the entry in the table, check that we got precisely one
object and that it is a table entry. */
nre = nis_list(CS query, EXPAND_NAME, NULL, NULL);
if (nre->status != NIS_SUCCESS)
{
*errmsg = string_sprintf("NIS+ error accessing entry %s: %s",
query, nis_sperrno(nre->status));
goto NISPLUS_EXIT;
}
if (nre->objects.objects_len > 1)
{
*errmsg = string_sprintf("NIS+ returned more than one object for %s",
query);
goto NISPLUS_EXIT;
}
else if (nre->objects.objects_len < 1)
{
*errmsg = string_sprintf("NIS+ returned no data for %s", query);
goto NISPLUS_EXIT;
}
eno = nre->objects.objects_val;
if (eno->zo_data.zo_type != ENTRY_OBJ)
{
*errmsg = string_sprintf("NIS+ error: %s is not an entry", query);
goto NISPLUS_EXIT;
}
/* Scan the columns in the entry and in the table. If a result field
was given, look for that field; otherwise concatenate all the fields
with their names. */
eo = &(eno->zo_data.objdata_u.en_data);
for (i = 0; i < eo->en_cols.en_cols_len; i++)
{
table_col *tc = ta->ta_cols.ta_cols_val + i;
entry_col *ec = eo->en_cols.en_cols_val + i;
int len = ec->ec_value.ec_value_len;
uschar *value = US ec->ec_value.ec_value_val;
/* The value may be NULL for a zero-length field. Turn this into an
empty string for consistency. Remove trailing whitespace and zero
bytes. */
if (value == NULL) value = US""; else
while (len > 0 && (value[len-1] == 0 || isspace(value[len-1])))
len--;
/* Concatenate all fields if no specific one selected */
if (field_name == NULL)
{
yield = string_cat(yield, &ssize, &offset,US tc->tc_name,
Ustrlen(tc->tc_name));
yield = string_cat(yield, &ssize, &offset, US"=", 1);
/* Quote the value if it contains spaces or is empty */
if (value[0] == 0 || Ustrchr(value, ' ') != NULL)
{
int j;
yield = string_cat(yield, &ssize, &offset, US"\"", 1);
for (j = 0; j < len; j++)
{
if (value[j] == '\"' || value[j] == '\\')
yield = string_cat(yield, &ssize, &offset, US"\\", 1);
yield = string_cat(yield, &ssize, &offset, value+j, 1);
}
yield = string_cat(yield, &ssize, &offset, US"\"", 1);
}
else yield = string_cat(yield, &ssize, &offset, value, len);
yield = string_cat(yield, &ssize, &offset, US" ", 1);
}
/* When the specified field is found, grab its data and finish */
else if (Ustrcmp(field_name, tc->tc_name) == 0)
{
yield = string_copyn(value, len);
goto NISPLUS_EXIT;
}
}
/* Error if a field name was specified and we didn't find it; if no
field name, ensure the concatenated data is zero-terminated. */
if (field_name != NULL)
*errmsg = string_sprintf("NIS+ field %s not found for %s", field_name,
query);
else
{
yield[offset] = 0;
store_reset(yield + offset + 1);
}
/* Restore the colon in the query, and free result store before
finishing. */
NISPLUS_EXIT:
if (field_name != NULL) field_name[-1] = ':';
if (nrt != NULL) nis_freeresult(nrt);
if (nre != NULL) nis_freeresult(nre);
if (yield != NULL)
{
*result = yield;
return OK;
}
return error_error; /* FAIL or DEFER */
}
enum nss_status
_nss_nisplus_initgroups_dyn (const char *user, gid_t group, long int *start,
long int *size, gid_t **groupsp, long int limit,
int *errnop)
{
if (grp_tablename_val == NULL)
{
enum nss_status status = _nss_grp_create_tablename (errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
}
nis_result *result;
char buf[strlen (user) + 12 + grp_tablename_len];
snprintf (buf, sizeof (buf), "[members=%s],%s", user, grp_tablename_val);
result = nis_list (buf, FOLLOW_LINKS | FOLLOW_PATH | ALL_RESULTS, NULL, NULL);
if (result == NULL)
{
*errnop = ENOMEM;
return NSS_STATUS_TRYAGAIN;
}
if (__builtin_expect (niserr2nss (result->status) != NSS_STATUS_SUCCESS, 0))
{
enum nss_status status = niserr2nss (result->status);
nis_freeresult (result);
return status;
}
if (NIS_RES_NUMOBJ (result) == 0)
{
errout:
nis_freeresult (result);
return NSS_STATUS_NOTFOUND;
}
gid_t *groups = *groupsp;
nis_object *obj = NIS_RES_OBJECT (result);
for (unsigned int cnt = 0; cnt < NIS_RES_NUMOBJ (result); ++cnt, ++obj)
{
if (__type_of (obj) != NIS_ENTRY_OBJ
|| strcmp (obj->EN_data.en_type, "group_tbl") != 0
|| obj->EN_data.en_cols.en_cols_len < 4)
continue;
char *numstr = NISOBJVAL (2, obj);
size_t len = NISOBJLEN (2, obj);
if (len == 0 || numstr[0] == '\0')
continue;
gid_t gid;
char *endp;
if (__builtin_expect (numstr[len - 1] != '\0', 0))
{
char numstrbuf[len + 1];
memcpy (numstrbuf, numstr, len);
numstrbuf[len] = '\0';
gid = strtoul (numstrbuf, &endp, 10);
if (*endp)
continue;
}
else
{
gid = strtoul (numstr, &endp, 10);
if (*endp)
continue;
}
if (gid == group)
continue;
/* Insert this group. */
if (*start == *size)
{
/* Need a bigger buffer. */
long int newsize;
if (limit > 0 && *size == limit)
/* We reached the maximum. */
break;
if (limit <= 0)
newsize = 2 * *size;
else
newsize = MIN (limit, 2 * *size);
gid_t *newgroups = realloc (groups, newsize * sizeof (*groups));
if (newgroups == NULL)
goto errout;
*groupsp = groups = newgroups;
*size = newsize;
}
groups[*start] = gid;
*start += 1;
}
nis_freeresult (result);
return NSS_STATUS_SUCCESS;
}
nis_error
nis_removemember (const_nis_name member, const_nis_name group)
{
if (group != NULL && group[0] != '\0')
{
size_t grouplen = strlen (group);
char buf[grouplen + 14 + NIS_MAXNAMELEN];
char leafbuf[grouplen + 2];
char domainbuf[grouplen + 2];
nis_name *newmem;
nis_result *res, *res2;
nis_error status;
char *cp, *cp2;
unsigned long int i, j, k;
cp = stpcpy (buf, nis_leaf_of_r (group, leafbuf, sizeof (leafbuf) - 1));
cp = stpcpy (cp, ".groups_dir");
cp2 = nis_domain_of_r (group, domainbuf, sizeof (domainbuf) - 1);
if (cp2 != NULL && cp2[0] != '\0')
{
cp = stpcpy (cp, ".");
stpcpy (cp, cp2);
}
res = nis_lookup (buf, FOLLOW_LINKS|EXPAND_NAME);
if (res == NULL || NIS_RES_STATUS (res) != NIS_SUCCESS)
{
if (res)
{
status = NIS_RES_STATUS (res);
nis_freeresult (res);
}
else
return NIS_NOMEMORY;
return status;
}
if ((res->objects.objects_len != 1) ||
(__type_of (NIS_RES_OBJECT (res)) != NIS_GROUP_OBJ))
{
nis_freeresult (res);
return NIS_INVALIDOBJ;
}
newmem =
calloc (NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_len,
sizeof (char *));
if (newmem == NULL)
return NIS_NOMEMORY;
k = NIS_RES_OBJECT (res)[0].GR_data.gr_members.gr_members_len;
j = 0;
for (i = 0; i < NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_len;
++i)
{
if (strcmp (NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_val[i],
member) != 0)
{
newmem[j] = NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_val[i];
++j;
}
else
{
free (NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_val[i]);
--k;
}
}
free (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val);
newmem = realloc (newmem, k * sizeof (char*));
if (newmem == NULL)
return NIS_NOMEMORY;
NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val = newmem;
NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_len = k;
cp = stpcpy (buf, NIS_RES_OBJECT (res)->zo_name);
*cp++ = '.';
strncpy (cp, NIS_RES_OBJECT (res)->zo_domain, NIS_MAXNAMELEN);
res2 = nis_modify (buf, NIS_RES_OBJECT (res));
status = NIS_RES_STATUS (res2);
nis_freeresult (res);
nis_freeresult (res2);
return status;
}
else
return NIS_FAIL;
}
nis_error
nis_creategroup (const_nis_name group, unsigned int flags)
{
if (group != NULL && group[0] != '\0')
{
size_t grouplen = strlen (group);
char buf[grouplen + 50];
char leafbuf[grouplen + 2];
char domainbuf[grouplen + 2];
nis_error status;
nis_result *res;
char *cp, *cp2;
nis_object *obj;
cp = stpcpy (buf, nis_leaf_of_r (group, leafbuf, sizeof (leafbuf) - 1));
cp = stpcpy (cp, ".groups_dir");
cp2 = nis_domain_of_r (group, domainbuf, sizeof (domainbuf) - 1);
if (cp2 != NULL && cp2[0] != '\0')
{
*cp++ = '.';
stpcpy (cp, cp2);
}
else
return NIS_BADNAME;
obj = calloc (1, sizeof (nis_object));
if (__builtin_expect (obj == NULL, 0))
return NIS_NOMEMORY;
obj->zo_oid.ctime = obj->zo_oid.mtime = time (NULL);
obj->zo_name = strdup (leafbuf);
obj->zo_owner = __nis_default_owner (NULL);
obj->zo_group = __nis_default_group (NULL);
obj->zo_domain = strdup (domainbuf);
if (obj->zo_name == NULL || obj->zo_owner == NULL
|| obj->zo_group == NULL || obj->zo_domain == NULL)
{
free (obj->zo_group);
free (obj->zo_owner);
free (obj->zo_name);
free (obj);
return NIS_NOMEMORY;
}
obj->zo_access = __nis_default_access (NULL, 0);
obj->zo_ttl = 60 * 60;
obj->zo_data.zo_type = NIS_GROUP_OBJ;
obj->zo_data.objdata_u.gr_data.gr_flags = flags;
obj->zo_data.objdata_u.gr_data.gr_members.gr_members_len = 0;
obj->zo_data.objdata_u.gr_data.gr_members.gr_members_val = NULL;
res = nis_add (buf, obj);
nis_free_object (obj);
if (res == NULL)
return NIS_NOMEMORY;
status = NIS_RES_STATUS (res);
nis_freeresult (res);
return status;
}
return NIS_FAIL;
}
enum nss_status
_nss_nisplus_getntohost_r (const struct ether_addr *addr, struct etherent *eth,
char *buffer, size_t buflen, int *errnop)
{
if (tablename_val == NULL)
{
__libc_lock_lock (lock);
enum nss_status status = _nss_create_tablename (errnop);
__libc_lock_unlock (lock);
if (status != NSS_STATUS_SUCCESS)
return status;
}
if (addr == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[26 + tablename_len];
snprintf (buf, sizeof (buf),
"[addr=%" PRIx8 ":%" PRIx8 ":%" PRIx8 ":%" PRIx8 ":%" PRIx8
":%" PRIx8 "],%s",
addr->ether_addr_octet[0], addr->ether_addr_octet[1],
addr->ether_addr_octet[2], addr->ether_addr_octet[3],
addr->ether_addr_octet[4], addr->ether_addr_octet[5],
tablename_val);
nis_result *result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS | USE_DGRAM,
NULL, NULL);
if (result == NULL)
{
*errnop = ENOMEM;
return NSS_STATUS_TRYAGAIN;
}
if (__glibc_unlikely (niserr2nss (result->status) != NSS_STATUS_SUCCESS))
{
enum nss_status status = niserr2nss (result->status);
nis_freeresult (result);
return status;
}
int parse_res = _nss_nisplus_parse_etherent (result, eth, buffer,
buflen, errnop);
/* We do not need the lookup result anymore. */
nis_freeresult (result);
if (__glibc_unlikely (parse_res < 1))
{
if (parse_res == -1)
return NSS_STATUS_TRYAGAIN;
return NSS_STATUS_NOTFOUND;
}
return NSS_STATUS_SUCCESS;
}
nis_error
nis_addmember (const_nis_name member, const_nis_name group)
{
if (group != NULL && group[0] != '\0')
{
size_t grouplen = strlen (group);
char buf[grouplen + 14 + NIS_MAXNAMELEN];
char domainbuf[grouplen + 2];
nis_result *res, *res2;
nis_error status;
char *cp, *cp2;
cp = rawmemchr (nis_leaf_of_r (group, buf, sizeof (buf) - 1), '\0');
cp = stpcpy (cp, ".groups_dir");
cp2 = nis_domain_of_r (group, domainbuf, sizeof (domainbuf) - 1);
if (cp2 != NULL && cp2[0] != '\0')
{
*cp++ = '.';
stpcpy (cp, cp2);
}
res = nis_lookup (buf, FOLLOW_LINKS | EXPAND_NAME);
if (NIS_RES_STATUS (res) != NIS_SUCCESS)
{
status = NIS_RES_STATUS (res);
nis_freeresult (res);
return status;
}
if (NIS_RES_NUMOBJ (res) != 1
|| __type_of (NIS_RES_OBJECT (res)) != NIS_GROUP_OBJ)
{
nis_freeresult (res);
return NIS_INVALIDOBJ;
}
u_int gr_members_len
= NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_len;
nis_name *new_gr_members_val
= realloc (NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val,
(gr_members_len + 1) * sizeof (nis_name));
if (new_gr_members_val == NULL)
goto nomem_out;
NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val
= new_gr_members_val;
new_gr_members_val[gr_members_len] = strdup (member);
if (new_gr_members_val[gr_members_len] == NULL)
{
nomem_out:
nis_freeresult (res);
return NIS_NOMEMORY;
}
++NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_len;
/* Check the buffer bounds are not exceeded. */
assert (strlen (NIS_RES_OBJECT(res)->zo_name) + 1 < grouplen + 14);
cp = stpcpy (buf, NIS_RES_OBJECT(res)->zo_name);
*cp++ = '.';
strncpy (cp, NIS_RES_OBJECT (res)->zo_domain, NIS_MAXNAMELEN);
res2 = nis_modify (buf, NIS_RES_OBJECT (res));
status = NIS_RES_STATUS (res2);
nis_freeresult (res);
nis_freeresult (res2);
return status;
}
else
return NIS_FAIL;
}
void
nis_print_group_entry (const_nis_name group)
{
if (group != NULL && group[0] != '\0')
{
size_t grouplen = strlen (group);
char buf[grouplen + 50];
char leafbuf[grouplen + 3];
char domainbuf[grouplen + 3];
nis_result *res;
char *cp, *cp2;
u_int i;
cp = stpcpy (buf, nis_leaf_of_r (group, leafbuf, sizeof (leafbuf) - 1));
cp = stpcpy (cp, ".groups_dir");
cp2 = nis_domain_of_r (group, domainbuf, sizeof (domainbuf) - 1);
if (cp2 != NULL && cp2[0] != '\0')
{
*cp++ = '.';
stpcpy (cp, cp2);
}
res = nis_lookup (buf, FOLLOW_LINKS | EXPAND_NAME);
if (res == NULL)
return;
if (NIS_RES_STATUS (res) != NIS_SUCCESS
|| NIS_RES_NUMOBJ (res) != 1
|| __type_of (NIS_RES_OBJECT (res)) != NIS_GROUP_OBJ)
{
nis_freeresult (res);
return;
}
char *mem_exp[NIS_RES_NUMOBJ (res)];
char *mem_imp[NIS_RES_NUMOBJ (res)];
char *mem_rec[NIS_RES_NUMOBJ (res)];
char *nomem_exp[NIS_RES_NUMOBJ (res)];
char *nomem_imp[NIS_RES_NUMOBJ (res)];
char *nomem_rec[NIS_RES_NUMOBJ (res)];
unsigned long mem_exp_cnt = 0, mem_imp_cnt = 0, mem_rec_cnt = 0;
unsigned long nomem_exp_cnt = 0, nomem_imp_cnt = 0, nomem_rec_cnt = 0;
for (i = 0;
i < NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_len; ++i)
{
char *grmem =
NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val[i];
int neg = grmem[0] == '-';
switch (grmem[neg])
{
case '*':
if (neg)
{
nomem_imp[nomem_imp_cnt] = grmem;
++nomem_imp_cnt;
}
else
{
mem_imp[mem_imp_cnt] = grmem;
++mem_imp_cnt;
}
break;
case '@':
if (neg)
{
nomem_rec[nomem_rec_cnt] = grmem;
++nomem_rec_cnt;
}
else
{
mem_rec[mem_rec_cnt] = grmem;
++mem_rec_cnt;
}
break;
default:
if (neg)
{
nomem_exp[nomem_exp_cnt] = grmem;
++nomem_exp_cnt;
}
else
{
mem_exp[mem_exp_cnt] = grmem;
++mem_exp_cnt;
}
break;
}
}
{
char buf[strlen (NIS_RES_OBJECT (res)->zo_domain) + 10];
printf (_("Group entry for \"%s.%s\" group:\n"),
NIS_RES_OBJECT (res)->zo_name,
nis_domain_of_r (NIS_RES_OBJECT (res)->zo_domain,
buf, strlen (NIS_RES_OBJECT (res)->zo_domain)
+ 10));
}
if (mem_exp_cnt)
{
fputs (_(" Explicit members:\n"), stdout);
for (i = 0; i < mem_exp_cnt; ++i)
printf ("\t%s\n", mem_exp[i]);
}
else
fputs (_(" No explicit members\n"), stdout);
if (mem_imp_cnt)
{
fputs (_(" Implicit members:\n"), stdout);
for (i = 0; i < mem_imp_cnt; ++i)
printf ("\t%s\n", &mem_imp[i][2]);
}
else
fputs (_(" No implicit members\n"), stdout);
if (mem_rec_cnt)
{
fputs (_(" Recursive members:\n"), stdout);
for (i = 0; i < mem_rec_cnt; ++i)
printf ("\t%s\n", &mem_rec[i][1]);
}
else
fputs (_(" No recursive members\n"), stdout);
if (nomem_exp_cnt)
{
fputs (_(" Explicit nonmembers:\n"), stdout);
for (i = 0; i < nomem_exp_cnt; ++i)
printf ("\t%s\n", &nomem_exp[i][1]);
}
else
fputs (_(" No explicit nonmembers\n"), stdout);
if (nomem_imp_cnt)
{
fputs (_(" Implicit nonmembers:\n"), stdout);
for (i = 0; i < nomem_imp_cnt; ++i)
printf ("\t%s\n", &nomem_imp[i][3]);
}
else
fputs (_(" No implicit nonmembers\n"), stdout);
if (nomem_rec_cnt)
{
fputs (_(" Recursive nonmembers:\n"), stdout);
for (i = 0; i < nomem_rec_cnt; ++i)
printf ("\t%s=n", &nomem_rec[i][2]);
}
else
fputs (_(" No recursive nonmembers\n"), stdout);
nis_freeresult (res);
}
}
nis_result *
nis_list (const_nis_name name, unsigned int flags,
int (*callback) (const_nis_name name,
const nis_object *object,
const void *userdata),
const void *userdata)
{
nis_result *res = malloc (sizeof (nis_result));
ib_request *ibreq;
int status;
enum clnt_stat clnt_status;
int count_links = 0; /* We will only follow NIS_MAXLINKS links! */
int done = 0;
nis_name *names;
nis_name namebuf[2] = {NULL, NULL};
int name_nr = 0;
nis_cb *cb = NULL;
char *tableptr;
char *tablepath = NULL;
int first_try = 0; /* Do we try the old binding at first ? */
nis_result *allres = NULL;
if (res == NULL)
return NULL;
if (name == NULL)
{
status = NIS_BADNAME;
err_out:
nis_freeresult (allres);
memset (res, '\0', sizeof (nis_result));
NIS_RES_STATUS (res) = status;
return res;
}
ibreq = __create_ib_request (name, flags);
if (ibreq == NULL)
{
status = NIS_BADNAME;
goto err_out;
}
if ((flags & EXPAND_NAME)
&& ibreq->ibr_name[strlen (ibreq->ibr_name) - 1] != '.')
{
names = nis_getnames (ibreq->ibr_name);
free (ibreq->ibr_name);
ibreq->ibr_name = NULL;
if (names == NULL)
{
nis_free_request (ibreq);
status = NIS_BADNAME;
goto err_out;
}
ibreq->ibr_name = strdup (names[name_nr]);
if (ibreq->ibr_name == NULL)
{
nis_freenames (names);
nis_free_request (ibreq);
status = NIS_NOMEMORY;
goto err_out;
}
}
else
{
names = namebuf;
names[name_nr] = ibreq->ibr_name;
}
cb = NULL;
while (!done)
{
dir_binding bptr;
directory_obj *dir = NULL;
memset (res, '\0', sizeof (nis_result));
status = __nisfind_server (ibreq->ibr_name,
ibreq->ibr_srch.ibr_srch_val != NULL,
&dir, &bptr, flags & ~MASTER_ONLY);
if (status != NIS_SUCCESS)
{
NIS_RES_STATUS (res) = status;
goto fail3;
}
while (__nisbind_connect (&bptr) != NIS_SUCCESS)
if (__nisbind_next (&bptr) != NIS_SUCCESS)
{
NIS_RES_STATUS (res) = NIS_NAMEUNREACHABLE;
goto fail;
}
if (callback != NULL)
{
assert (cb == NULL);
cb = __nis_create_callback (callback, userdata, flags);
ibreq->ibr_cbhost.ibr_cbhost_len = 1;
ibreq->ibr_cbhost.ibr_cbhost_val = cb->serv;
}
again:
clnt_status = clnt_call (bptr.clnt, NIS_IBLIST,
(xdrproc_t) _xdr_ib_request, (caddr_t) ibreq,
(xdrproc_t) _xdr_nis_result,
(caddr_t) res, RPCTIMEOUT);
if (clnt_status != RPC_SUCCESS)
NIS_RES_STATUS (res) = NIS_RPCERROR;
else
switch (NIS_RES_STATUS (res))
{ /* start switch */
case NIS_PARTIAL:
case NIS_SUCCESS:
case NIS_S_SUCCESS:
if (__type_of (NIS_RES_OBJECT (res)) == NIS_LINK_OBJ
&& (flags & FOLLOW_LINKS)) /* We are following links. */
{
free (ibreq->ibr_name);
ibreq->ibr_name = NULL;
/* If we hit the link limit, bail. */
if (count_links > NIS_MAXLINKS)
{
NIS_RES_STATUS (res) = NIS_LINKNAMEERROR;
++done;
break;
}
++count_links;
ibreq->ibr_name =
strdup (NIS_RES_OBJECT (res)->LI_data.li_name);
if (ibreq->ibr_name == NULL)
{
NIS_RES_STATUS (res) = NIS_NOMEMORY;
fail:
__nisbind_destroy (&bptr);
nis_free_directory (dir);
fail3:
free (tablepath);
if (cb)
{
__nis_destroy_callback (cb);
ibreq->ibr_cbhost.ibr_cbhost_len = 0;
ibreq->ibr_cbhost.ibr_cbhost_val = NULL;
}
if (names != namebuf)
nis_freenames (names);
nis_free_request (ibreq);
nis_freeresult (allres);
return res;
}
if (NIS_RES_OBJECT (res)->LI_data.li_attrs.li_attrs_len)
if (ibreq->ibr_srch.ibr_srch_len == 0)
{
ibreq->ibr_srch.ibr_srch_len =
NIS_RES_OBJECT (res)->LI_data.li_attrs.li_attrs_len;
ibreq->ibr_srch.ibr_srch_val =
NIS_RES_OBJECT (res)->LI_data.li_attrs.li_attrs_val;
}
/* The following is a non-obvious optimization. A
nis_freeresult call would call xdr_free as the
following code. But it also would unnecessarily
free the result structure. We avoid this here
along with the necessary tests. */
xdr_free ((xdrproc_t) _xdr_nis_result, (char *)res);
memset (res, '\0', sizeof (*res));
first_try = 1; /* Try at first the old binding */
goto again;
}
else if ((flags & FOLLOW_PATH)
&& NIS_RES_STATUS (res) == NIS_PARTIAL)
{
enum nis_error err = __follow_path (&tablepath, &tableptr,
ibreq, &bptr);
if (err != NIS_SUCCESS)
{
if (err == NIS_NOMEMORY)
NIS_RES_STATUS (res) = err;
++done;
}
else
{
/* The following is a non-obvious optimization. A
nis_freeresult call would call xdr_free as the
following code. But it also would unnecessarily
free the result structure. We avoid this here
along with the necessary tests. */
xdr_free ((xdrproc_t) _xdr_nis_result, (char *) res);
memset (res, '\0', sizeof (*res));
first_try = 1;
goto again;
}
}
else if ((flags & (FOLLOW_PATH | ALL_RESULTS))
== (FOLLOW_PATH | ALL_RESULTS))
{
if (allres == NULL)
{
allres = res;
res = malloc (sizeof (nis_result));
if (res == NULL)
{
res = allres;
allres = NULL;
NIS_RES_STATUS (res) = NIS_NOMEMORY;
goto fail;
}
NIS_RES_STATUS (res) = NIS_RES_STATUS (allres);
}
else
{
nis_object *objects_val
= realloc (NIS_RES_OBJECT (allres),
(NIS_RES_NUMOBJ (allres)
+ NIS_RES_NUMOBJ (res))
* sizeof (nis_object));
if (objects_val == NULL)
{
NIS_RES_STATUS (res) = NIS_NOMEMORY;
goto fail;
}
NIS_RES_OBJECT (allres) = objects_val;
memcpy (NIS_RES_OBJECT (allres) + NIS_RES_NUMOBJ (allres),
NIS_RES_OBJECT (res),
NIS_RES_NUMOBJ (res) * sizeof (nis_object));
NIS_RES_NUMOBJ (allres) += NIS_RES_NUMOBJ (res);
NIS_RES_NUMOBJ (res) = 0;
free (NIS_RES_OBJECT (res));
NIS_RES_OBJECT (res) = NULL;
NIS_RES_STATUS (allres) = NIS_RES_STATUS (res);
xdr_free ((xdrproc_t) _xdr_nis_result, (char *) res);
}
enum nis_error err = __follow_path (&tablepath, &tableptr,
ibreq, &bptr);
if (err != NIS_SUCCESS)
{
/* Prepare for the nis_freeresult call. */
memset (res, '\0', sizeof (*res));
if (err == NIS_NOMEMORY)
NIS_RES_STATUS (allres) = err;
++done;
}
}
else
++done;
break;
case NIS_CBRESULTS:
if (cb != NULL)
{
__nis_do_callback (&bptr, &res->cookie, cb);
NIS_RES_STATUS (res) = cb->result;
if (!(flags & ALL_RESULTS))
++done;
else
{
enum nis_error err
= __follow_path (&tablepath, &tableptr, ibreq, &bptr);
if (err != NIS_SUCCESS)
{
if (err == NIS_NOMEMORY)
NIS_RES_STATUS (res) = err;
++done;
}
}
}
break;
case NIS_SYSTEMERROR:
case NIS_NOSUCHNAME:
case NIS_NOT_ME:
/* If we had first tried the old binding, do nothing, but
get a new binding */
if (!first_try)
{
if (__nisbind_next (&bptr) != NIS_SUCCESS)
{
++done;
break; /* No more servers to search */
}
while (__nisbind_connect (&bptr) != NIS_SUCCESS)
{
if (__nisbind_next (&bptr) != NIS_SUCCESS)
{
++done;
break; /* No more servers to search */
}
}
goto again;
}
break;
default:
if (!first_try)
{
/* Try the next domainname if we don't follow a link. */
free (ibreq->ibr_name);
ibreq->ibr_name = NULL;
if (count_links)
{
NIS_RES_STATUS (res) = NIS_LINKNAMEERROR;
++done;
break;
}
++name_nr;
if (names[name_nr] == NULL)
{
++done;
break;
}
ibreq->ibr_name = strdup (names[name_nr]);
if (ibreq->ibr_name == NULL)
{
NIS_RES_STATUS (res) = NIS_NOMEMORY;
goto fail;
}
first_try = 1; /* Try old binding at first */
goto again;
}
break;
}
first_try = 0;
if (cb)
{
__nis_destroy_callback (cb);
ibreq->ibr_cbhost.ibr_cbhost_len = 0;
ibreq->ibr_cbhost.ibr_cbhost_val = NULL;
cb = NULL;
}
__nisbind_destroy (&bptr);
nis_free_directory (dir);
}
free (tablepath);
if (names != namebuf)
nis_freenames (names);
nis_free_request (ibreq);
if (allres)
{
nis_freeresult (res);
return allres;
}
return res;
}
enum nss_status
_nss_nisplus_getspnam_r (const char *name, struct spwd *sp,
char *buffer, size_t buflen, int *errnop)
{
int parse_res;
if (pwd_tablename_val == NULL)
{
enum nss_status status = _nss_pwd_create_tablename (errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
}
if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_NOTFOUND;
}
nis_result *result;
char buf[strlen (name) + 9 + pwd_tablename_len];
int olderr = errno;
snprintf (buf, sizeof (buf), "[name=%s],%s", name, pwd_tablename_val);
result = nis_list (buf, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
if (result == NULL)
{
*errnop = ENOMEM;
return NSS_STATUS_TRYAGAIN;
}
if (__builtin_expect (niserr2nss (result->status) != NSS_STATUS_SUCCESS, 0))
{
enum nss_status status = niserr2nss (result->status);
__set_errno (olderr);
nis_freeresult (result);
return status;
}
parse_res = _nss_nisplus_parse_spent (result, sp, buffer, buflen, errnop);
nis_freeresult (result);
if (__builtin_expect (parse_res < 1, 0))
{
if (parse_res == -1)
{
*errnop = ERANGE;
return NSS_STATUS_TRYAGAIN;
}
else
{
__set_errno (olderr);
return NSS_STATUS_NOTFOUND;
}
}
return NSS_STATUS_SUCCESS;
}
/* internal_nis_ismember ()
return codes: -1 principal is in -group
0 principal isn't in any group
1 pirncipal is in group */
static int
internal_ismember (const_nis_name principal, const_nis_name group)
{
size_t grouplen = strlen (group);
char buf[grouplen + 50];
char leafbuf[grouplen + 2];
char domainbuf[grouplen + 2];
nis_result *res;
char *cp, *cp2;
u_int i;
cp = stpcpy (buf, nis_leaf_of_r (group, leafbuf, sizeof (leafbuf) - 1));
cp = stpcpy (cp, ".groups_dir");
cp2 = nis_domain_of_r (group, domainbuf, sizeof (domainbuf) - 1);
if (cp2 != NULL && cp2[0] != '\0')
{
*cp++ = '.';
strcpy (cp, cp2);
}
res = nis_lookup (buf, EXPAND_NAME|FOLLOW_LINKS);
if (res == NULL || NIS_RES_STATUS (res) != NIS_SUCCESS)
{
nis_freeresult (res);
return 0;
}
if ((NIS_RES_NUMOBJ (res) != 1)
|| (__type_of (NIS_RES_OBJECT (res)) != NIS_GROUP_OBJ))
{
nis_freeresult (res);
return 0;
}
/* We search twice in the list, at first, if we have the name
with a "-", then if without. "-member" has priority */
for (i = 0; i < NIS_RES_OBJECT(res)->GR_data.gr_members.gr_members_len; ++i)
{
cp = NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val[i];
if (cp[0] == '-')
{
if (strcmp (&cp[1], principal) == 0)
{
nis_freeresult (res);
return -1;
}
if (cp[1] == '@')
switch (internal_ismember (principal, &cp[2]))
{
case -1:
nis_freeresult (res);
return -1;
case 1:
nis_freeresult (res);
return 1;
default:
break;
}
else
if (cp[1] == '*')
{
char buf1[strlen (principal) + 2];
char buf2[strlen (cp) + 2];
if (strcmp (nis_domain_of_r (principal, buf1, sizeof buf1),
nis_domain_of_r (cp, buf2, sizeof buf2)) == 0)
{
nis_freeresult (res);
return -1;
}
}
}
}
for (i = 0; i < NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_len; ++i)
{
cp = NIS_RES_OBJECT (res)->GR_data.gr_members.gr_members_val[i];
if (cp[0] != '-')
{
if (strcmp (cp, principal) == 0)
{
nis_freeresult (res);
return 1;
}
if (cp[0] == '@')
switch (internal_ismember (principal, &cp[1]))
{
case -1:
nis_freeresult (res);
return -1;
case 1:
nis_freeresult (res);
return 1;
default:
break;
}
else
if (cp[0] == '*')
{
char buf1[strlen (principal) + 2];
char buf2[strlen (cp) + 2];
if (strcmp (nis_domain_of_r (principal, buf1, sizeof buf1),
nis_domain_of_r (cp, buf2, sizeof buf2)) == 0)
{
nis_freeresult (res);
return 1;
}
}
}
}
nis_freeresult (res);
return 0;
}
