diff options
Diffstat (limited to 'nslcd/db_shadow.c')
-rw-r--r-- | nslcd/db_shadow.c | 125 |
1 files changed, 70 insertions, 55 deletions
diff --git a/nslcd/db_shadow.c b/nslcd/db_shadow.c index 4011c7e..cd791a9 100644 --- a/nslcd/db_shadow.c +++ b/nslcd/db_shadow.c @@ -29,16 +29,16 @@ #include "log.h" struct shadow { - /* for the integers: a value < 0 means empty */ - char *name; /* the account name */ - char *hash; /* a crypt(3) formatted password hash */ - int32_t lastchange_date; /* days since Jan 1, 1970 */ - int32_t min_days; /* minimum number of days between changes */ - int32_t max_days; /* maximum number of days between changes */ - int32_t warn_days; /* how long before max_days is up to warn the user */ - int32_t inact_days; /* how long after max_days to accept the pw */ - int32_t expire_date; /* days since Jarn 1, 1970 */ - int32_t flag; /* unused on Linux/Glibc */ + /* for the integers: a value < 0 means empty */ + char *name; /* the account name */ + char *hash; /* a crypt(3) formatted password hash */ + int32_t lastchange_date; /* days since Jan 1, 1970 */ + int32_t min_days; /* minimum number of days between changes */ + int32_t max_days; /* maximum number of days between changes */ + int32_t warn_days; /* how long before max_days is up to warn the user */ + int32_t inact_days; /* how long after max_days to accept the pw */ + int32_t expire_date; /* days since Jarn 1, 1970 */ + int32_t flag; /* unused on Linux/Glibc */ }; static void passwd2shadow(struct passwd *p, struct shadow *s) @@ -54,79 +54,94 @@ static void passwd2shadow(struct passwd *p, struct shadow *s) s->flag = -1; } -static int write_shadow(TFILE *fp, struct shadow *entry, uid_t calleruid) +static int write_shadow(TFILE *fp, struct shadow *entry) { - if (calleruid == 0) - { - WRITE_INT32(fp, NSLCD_RESULT_BEGIN); - WRITE_STRING(fp, entry->name); - WRITE_STRING(fp, entry->hash ? entry->hash : "!"); - WRITE_INT32( fp, entry->lastchange_date); - WRITE_INT32( fp, entry->min_days); - WRITE_INT32( fp, entry->max_days); - WRITE_INT32( fp, entry->warn_days); - WRITE_INT32( fp, entry->inact_days); - WRITE_INT32( fp, entry->expire_date); - WRITE_INT32( fp, entry->flag); - } + WRITE_STRING(fp, entry->name); + WRITE_STRING(fp, entry->hash ? entry->hash : "!"); + WRITE_INT32( fp, entry->lastchange_date); + WRITE_INT32( fp, entry->min_days); + WRITE_INT32( fp, entry->max_days); + WRITE_INT32( fp, entry->warn_days); + WRITE_INT32( fp, entry->inact_days); + WRITE_INT32( fp, entry->expire_date); + WRITE_INT32( fp, entry->flag); return 0; } NSLCD_HANDLE_UID(SHADOW, BYNAME - ,/* decls */ - char name[BUFLEN_NAME]; - struct shadow ret; - ,/* int read(TFILE *fp) */ - READ_STRING(fp, name); - log_setrequest("shadow=\"%s\"", name); + ,/* request data */ + struct { + char name[BUFLEN_NAME]; + } + ,/* search data */ + struct { + int cnt; + struct shadow ret; + } + ,/* entry type */ + struct shadow + ,/* int read(TFILE *fp, *req) */ + READ_STRING(fp, req->name); + log_setrequest("shadow=\"%s\"", req->name); return 0; ,/* check */ - if (!isvalidname(name)) + if (!isvalidname(req->name)) { log_log(LOG_WARNING, "request denied by validnames option"); return -1; } - ,/* tentry *search(struct session *session, int *rcp, bool *more) */ - struct shadow, - *more = false; + return 0; + ,/* search(*session, *req, *searchdat, *entry) */ + *entry = NULL; + if (calleruid != 0 || searchdat->cnt++ != 0) + return 0; for (size_t i = 0; i < session->cnt; i++) { if (session->users[i].pw_uid != UID_INVALID && - STR_CMP(name, session->users[i].pw_name)==0) + STR_CMP(req->name, session->users[i].pw_name)==0) { - *rcp = 0; - passwd2shadow(&(session->users[i]), &ret); - return &ret; + if (session->users[i].pw_uid < nslcd_cfg->nss_min_uid) + return -1; + passwd2shadow(&(session->users[i]), &(searchdat->ret)); + *entry = &(searchdat->ret); + break; } } - return NULL; + return 0; ,/* int write(TFILE *fp, tentry *entry) */ - return write_shadow(fp, entry, calleruid); + return write_shadow(fp, entry); ,/* cleanup */ ) NSLCD_HANDLE_UID(SHADOW, ALL - ,/* decls */ - struct shadow ret; - ,/* int read(TFILE *fp) */ + ,/* request data */ + int + ,/* search data */ + struct { + size_t i; + struct shadow ret; + } + ,/* entry type */ + struct shadow + ,/* int read(TFILE *fp, *req) */ log_setrequest("shadow(all)"); return 0; ,/* check */ - ,/* tentry *search(struct session *session, int *rcp, bool *more) */ - struct shadow, - static __thread size_t i = 0; - *more = true; - for (; i < session->cnt; i++) + return 0; + ,/* search(*session, *req, *searchdat, *entry) */ + *entry = NULL; + for (; searchdat->i < session->cnt; searchdat->i++) { - if (session->users[i].pw_uid != UID_INVALID) { - *rcp = 0; - passwd2shadow(&(session->users[i]), &ret); - return &ret; + if (session->users[searchdat->i].pw_uid != UID_INVALID && + session->users[searchdat->i].pw_uid >= nslcd_cfg->nss_min_uid) { + passwd2shadow(&(session->users[searchdat->i]), &(searchdat->ret)); + *entry = &(searchdat->ret); + searchdat->i++; + break; } } - i = 0; - return NULL; + return 0; ,/* write */ - return write_shadow(fp, entry, calleruid); + return write_shadow(fp, entry); ,/* cleanup */ ) |