17c478bdstevel@tonic-gate/*
27c478bdstevel@tonic-gate * CDDL HEADER START
37c478bdstevel@tonic-gate *
47c478bdstevel@tonic-gate * The contents of this file are subject to the terms of the
57c478bdstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
67c478bdstevel@tonic-gate * (the "License").  You may not use this file except in compliance
77c478bdstevel@tonic-gate * with the License.
87c478bdstevel@tonic-gate *
97c478bdstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
107c478bdstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
117c478bdstevel@tonic-gate * See the License for the specific language governing permissions
127c478bdstevel@tonic-gate * and limitations under the License.
137c478bdstevel@tonic-gate *
147c478bdstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
157c478bdstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
167c478bdstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
177c478bdstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
187c478bdstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
197c478bdstevel@tonic-gate *
207c478bdstevel@tonic-gate * CDDL HEADER END
217c478bdstevel@tonic-gate */
227c478bdstevel@tonic-gate/*
237c478bdstevel@tonic-gate * Copyright 2000 Sun Microsystems, Inc.  All rights reserved.
247c478bdstevel@tonic-gate * Use is subject to license terms.
257c478bdstevel@tonic-gate */
267c478bdstevel@tonic-gate
277c478bdstevel@tonic-gate/*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
287c478bdstevel@tonic-gate/*	  All Rights Reserved  	*/
297c478bdstevel@tonic-gate
307c478bdstevel@tonic-gate/*
317c478bdstevel@tonic-gate * University Copyright- Copyright (c) 1982, 1986, 1988
327c478bdstevel@tonic-gate * The Regents of the University of California
337c478bdstevel@tonic-gate * All Rights Reserved
347c478bdstevel@tonic-gate *
357c478bdstevel@tonic-gate * University Acknowledgment- Portions of this document are derived from
367c478bdstevel@tonic-gate * software developed by the University of California, Berkeley, and its
377c478bdstevel@tonic-gate * contributors.
387c478bdstevel@tonic-gate */
397c478bdstevel@tonic-gate
407c478bdstevel@tonic-gate#pragma ident	"%Z%%M%	%I%	%E% SMI"
417c478bdstevel@tonic-gate
427c478bdstevel@tonic-gate/*
437c478bdstevel@tonic-gate * Administrative tool to add a new user to the publickey database
447c478bdstevel@tonic-gate */
457c478bdstevel@tonic-gate#include <stdio.h>
467c478bdstevel@tonic-gate#include <stdlib.h>
477c478bdstevel@tonic-gate#include <unistd.h>
487c478bdstevel@tonic-gate#include <rpc/rpc.h>
497c478bdstevel@tonic-gate#include <rpc/key_prot.h>
507c478bdstevel@tonic-gate#include <rpcsvc/ypclnt.h>
517c478bdstevel@tonic-gate#include <sys/wait.h>
527c478bdstevel@tonic-gate#include <netdb.h>
537c478bdstevel@tonic-gate#include <string.h>
547c478bdstevel@tonic-gate#include <sys/stat.h>
557c478bdstevel@tonic-gate#include <errno.h>
567c478bdstevel@tonic-gate
577c478bdstevel@tonic-gate#define	MAXMAPNAMELEN 256
587c478bdstevel@tonic-gate
597c478bdstevel@tonic-gateextern	char	*program_name;
607c478bdstevel@tonic-gate
617c478bdstevel@tonic-gatestatic	char	*basename(char *path);
627c478bdstevel@tonic-gatestatic	int	match(char *line, char *name);
637c478bdstevel@tonic-gatestatic	int	_openchild(char *command, FILE **fto, FILE **ffrom);
647c478bdstevel@tonic-gatestatic	char	SHELL[] = "/bin/sh";
657c478bdstevel@tonic-gatestatic	char	UPDATEFILE[] = "updaters";
667c478bdstevel@tonic-gatestatic	char	MAKE[] = "/usr/ccs/bin/make";
677c478bdstevel@tonic-gate
687c478bdstevel@tonic-gate/*
697c478bdstevel@tonic-gate * Determine if requester is allowed to update the given map,
707c478bdstevel@tonic-gate * and update it if so. Returns the yp status, which is zero
717c478bdstevel@tonic-gate * if there is no access violation.
727c478bdstevel@tonic-gate */
737c478bdstevel@tonic-gateint
747c478bdstevel@tonic-gatemapupdate(char *name, char *mapname, uint_t op, char *data)
757c478bdstevel@tonic-gate{
767c478bdstevel@tonic-gate	char	updater[MAXMAPNAMELEN + 40];
777c478bdstevel@tonic-gate	FILE	*childargs;
787c478bdstevel@tonic-gate	FILE	*childrslt;
797c478bdstevel@tonic-gate#ifdef WEXITSTATUS
807c478bdstevel@tonic-gate	int	status;
817c478bdstevel@tonic-gate#else
827c478bdstevel@tonic-gate	union wait status;
837c478bdstevel@tonic-gate#endif
847c478bdstevel@tonic-gate	pid_t	pid;
857c478bdstevel@tonic-gate	uint_t	yperrno;
867c478bdstevel@tonic-gate	int	namelen, datalen;
877c478bdstevel@tonic-gate	struct	stat	stbuf;
887c478bdstevel@tonic-gate
897c478bdstevel@tonic-gate#ifdef DEBUG
907c478bdstevel@tonic-gate	(void) fprintf(stderr, "%s %s\n", name, data);
917c478bdstevel@tonic-gate#endif
927c478bdstevel@tonic-gate	namelen = strlen(name);
937c478bdstevel@tonic-gate	datalen = strlen(data);
947c478bdstevel@tonic-gate	errno = 0;
957c478bdstevel@tonic-gate	if (stat(MAKE, &stbuf) < 0)
967c478bdstevel@tonic-gate		switch (errno) {
977c478bdstevel@tonic-gate		case ENOENT:
987c478bdstevel@tonic-gate			(void) fprintf(stderr,
997c478bdstevel@tonic-gate			"%s: %s not found, please install on the system\n",
1007c478bdstevel@tonic-gate			program_name, MAKE);
1017c478bdstevel@tonic-gate			return (1);
1027c478bdstevel@tonic-gate		default:
1037c478bdstevel@tonic-gate			(void) fprintf(stderr,
1047c478bdstevel@tonic-gate				"%s: cannot access %s, errno=%d.\n",
1057c478bdstevel@tonic-gate				program_name, MAKE, errno);
1067c478bdstevel@tonic-gate			return (1);
1077c478bdstevel@tonic-gate		}
1087c478bdstevel@tonic-gate	(void) sprintf(updater, "%s -s -f %s %s",
1097c478bdstevel@tonic-gate			MAKE, UPDATEFILE, mapname);
1107c478bdstevel@tonic-gate	pid = _openchild(updater, &childargs, &childrslt);
1117c478bdstevel@tonic-gate	if (pid < 0)
1127c478bdstevel@tonic-gate		return (YPERR_YPERR);
1137c478bdstevel@tonic-gate
1147c478bdstevel@tonic-gate	/*
1157c478bdstevel@tonic-gate	 * Write to child
1167c478bdstevel@tonic-gate	 */
1177c478bdstevel@tonic-gate	(void) fprintf(childargs, "%s\n", name);
1187c478bdstevel@tonic-gate	(void) fprintf(childargs, "%u\n", op);
1197c478bdstevel@tonic-gate	(void) fprintf(childargs, "%u\n", namelen);
1207c478bdstevel@tonic-gate	(void) fwrite(name, namelen, 1, childargs);
1217c478bdstevel@tonic-gate	(void) fprintf(childargs, "\n");
1227c478bdstevel@tonic-gate	(void) fprintf(childargs, "%u\n", datalen);
1237c478bdstevel@tonic-gate	(void) fwrite(data, datalen, 1, childargs);
1247c478bdstevel@tonic-gate	(void) fprintf(childargs, "\n");
1257c478bdstevel@tonic-gate	(void) fclose(childargs);
1267c478bdstevel@tonic-gate
1277c478bdstevel@tonic-gate	/*
1287c478bdstevel@tonic-gate	 * Read from child
1297c478bdstevel@tonic-gate	 */
1307c478bdstevel@tonic-gate	(void) fscanf(childrslt, "%d", &yperrno);
1317c478bdstevel@tonic-gate	(void) fclose(childrslt);
1327c478bdstevel@tonic-gate
1337c478bdstevel@tonic-gate	(void) wait(&status);
1347c478bdstevel@tonic-gate#ifdef WEXITSTATUS
1357c478bdstevel@tonic-gate	if (WEXITSTATUS(status) != 0) {
1367c478bdstevel@tonic-gate#else
1377c478bdstevel@tonic-gate	if (status.w_retcode != 0) {
1387c478bdstevel@tonic-gate#endif
1397c478bdstevel@tonic-gate		return (YPERR_YPERR);
1407c478bdstevel@tonic-gate	}
1417c478bdstevel@tonic-gate	return (yperrno);
1427c478bdstevel@tonic-gate}
1437c478bdstevel@tonic-gate
1447c478bdstevel@tonic-gate/*
1457c478bdstevel@tonic-gate * returns pid, or -1 for failure
1467c478bdstevel@tonic-gate */
1477c478bdstevel@tonic-gatestatic int
1487c478bdstevel@tonic-gate_openchild(char *command, FILE **fto, FILE **ffrom)
1497c478bdstevel@tonic-gate{
1507c478bdstevel@tonic-gate	int i;
1517c478bdstevel@tonic-gate	pid_t pid;
1527c478bdstevel@tonic-gate	int pdto[2];
1537c478bdstevel@tonic-gate	int pdfrom[2];
1547c478bdstevel@tonic-gate	char *com;
1557c478bdstevel@tonic-gate
1567c478bdstevel@tonic-gate	if (pipe(pdto) < 0) {
1577c478bdstevel@tonic-gate		goto error1;
1587c478bdstevel@tonic-gate	}
1597c478bdstevel@tonic-gate	if (pipe(pdfrom) < 0) {
1607c478bdstevel@tonic-gate		goto error2;
1617c478bdstevel@tonic-gate	}
1627c478bdstevel@tonic-gate#ifdef VFORK
1637c478bdstevel@tonic-gate	switch (pid = vfork()) {
1647c478bdstevel@tonic-gate#else
1657c478bdstevel@tonic-gate	switch (pid = fork()) {
1667c478bdstevel@tonic-gate#endif
1677c478bdstevel@tonic-gate	case -1:
1687c478bdstevel@tonic-gate		goto error3;
1697c478bdstevel@tonic-gate
1707c478bdstevel@tonic-gate	case 0:
1717c478bdstevel@tonic-gate		/*
1727c478bdstevel@tonic-gate		 * child: read from pdto[0], write into pdfrom[1]
1737c478bdstevel@tonic-gate		 */
1747c478bdstevel@tonic-gate		(void) close(0);
1757c478bdstevel@tonic-gate		(void) dup(pdto[0]);
1767c478bdstevel@tonic-gate		(void) close(1);
1777c478bdstevel@tonic-gate		(void) dup(pdfrom[1]);
1787c478bdstevel@tonic-gate		closefrom(3);
1797c478bdstevel@tonic-gate		com = malloc((unsigned)strlen(command) + 6);
1807c478bdstevel@tonic-gate		if (com == NULL) {
1817c478bdstevel@tonic-gate			_exit(~0);
1827c478bdstevel@tonic-gate		}
1837c478bdstevel@tonic-gate		(void) sprintf(com, "exec %s", command);
1847c478bdstevel@tonic-gate		execl(SHELL, basename(SHELL), "-c", com, NULL);
1857c478bdstevel@tonic-gate		_exit(~0);
1867c478bdstevel@tonic-gate
1877c478bdstevel@tonic-gate	default:
1887c478bdstevel@tonic-gate		/*
1897c478bdstevel@tonic-gate		 * parent: write into pdto[1], read from pdfrom[0]
1907c478bdstevel@tonic-gate		 */
1917c478bdstevel@tonic-gate		*fto = fdopen(pdto[1], "w");
1927c478bdstevel@tonic-gate		(void) close(pdto[0]);
1937c478bdstevel@tonic-gate		*ffrom = fdopen(pdfrom[0], "r");
1947c478bdstevel@tonic-gate		(void) close(pdfrom[1]);
1957c478bdstevel@tonic-gate		break;
1967c478bdstevel@tonic-gate	}
1977c478bdstevel@tonic-gate	return (pid);
1987c478bdstevel@tonic-gate
1997c478bdstevel@tonic-gate	/*
2007c478bdstevel@tonic-gate	 * error cleanup and return
2017c478bdstevel@tonic-gate	 */
2027c478bdstevel@tonic-gateerror3:
2037c478bdstevel@tonic-gate	(void) close(pdfrom[0]);
2047c478bdstevel@tonic-gate	(void) close(pdfrom[1]);
2057c478bdstevel@tonic-gateerror2:
2067c478bdstevel@tonic-gate	(void) close(pdto[0]);
2077c478bdstevel@tonic-gate	(void) close(pdto[1]);
2087c478bdstevel@tonic-gateerror1:
2097c478bdstevel@tonic-gate	return (-1);
2107c478bdstevel@tonic-gate}
2117c478bdstevel@tonic-gate
2127c478bdstevel@tonic-gatestatic char *
2137c478bdstevel@tonic-gatebasename(char *path)
2147c478bdstevel@tonic-gate{
2157c478bdstevel@tonic-gate	char	*p;
2167c478bdstevel@tonic-gate
2177c478bdstevel@tonic-gate	p = strrchr(path, '/');
2187c478bdstevel@tonic-gate	if (p == NULL)
2197c478bdstevel@tonic-gate		return (path);
2207c478bdstevel@tonic-gate	return (p + 1);
2217c478bdstevel@tonic-gate}
2227c478bdstevel@tonic-gate
2237c478bdstevel@tonic-gate/*
2247c478bdstevel@tonic-gate * Determine if requester is allowed to update the given map,
2257c478bdstevel@tonic-gate * and update it if so. Returns the status, which is zero
2267c478bdstevel@tonic-gate * if there is no access violation, 1 otherwise.
2277c478bdstevel@tonic-gate * This function updates the local file.
2287c478bdstevel@tonic-gate */
2297c478bdstevel@tonic-gateint
2307c478bdstevel@tonic-gatelocalupdate(char *name, char *filename, uint_t op, char *data)
2317c478bdstevel@tonic-gate{
2327c478bdstevel@tonic-gate	char	line[256];
2337c478bdstevel@tonic-gate	FILE	*rf;
2347c478bdstevel@tonic-gate	FILE	*wf;
2357c478bdstevel@tonic-gate	int	wfd;
2367c478bdstevel@tonic-gate	char	tmpname[80];
2377c478bdstevel@tonic-gate	int	err;
2387c478bdstevel@tonic-gate
2397c478bdstevel@tonic-gate	/*
2407c478bdstevel@tonic-gate	 * Check permission
2417c478bdstevel@tonic-gate	 */
2427c478bdstevel@tonic-gate	if (strcmp(name, "nobody") == 0) {
2437c478bdstevel@tonic-gate		/* cannot change keys for nobody */
2447c478bdstevel@tonic-gate		(void) fprintf(stderr,
2457c478bdstevel@tonic-gate			"%s: cannot change key-pair for %s\n",
2467c478bdstevel@tonic-gate			program_name, name);
2477c478bdstevel@tonic-gate		return (1);
2487c478bdstevel@tonic-gate	}
2497c478bdstevel@tonic-gate
2507c478bdstevel@tonic-gate	/*
2517c478bdstevel@tonic-gate	 * Open files
2527c478bdstevel@tonic-gate	 */
2537c478bdstevel@tonic-gate	(void) memset(tmpname, 0, 80);
2547c478bdstevel@tonic-gate	(void) sprintf(tmpname, "%s.tmp", filename);
2557c478bdstevel@tonic-gate	rf = fopen(filename, "r");
2567c478bdstevel@tonic-gate	if (rf == NULL) {
2577c478bdstevel@tonic-gate		(void) fprintf(stderr,
2587c478bdstevel@tonic-gate		"%s: cannot read %s\n", program_name, filename);
2597c478bdstevel@tonic-gate		return (1);
2607c478bdstevel@tonic-gate	}
2617c478bdstevel@tonic-gate
2627c478bdstevel@tonic-gate	(void) umask(0);
2637c478bdstevel@tonic-gate
2647c478bdstevel@tonic-gate	/*
2657c478bdstevel@tonic-gate	 * Create the new file with the correct permissions
2667c478bdstevel@tonic-gate	 */
2677c478bdstevel@tonic-gate	wfd = open(tmpname, O_CREAT|O_RDWR|O_TRUNC,
2687c478bdstevel@tonic-gate					S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
2697c478bdstevel@tonic-gate	if (wfd == -1) {
2707c478bdstevel@tonic-gate		(void) fprintf(stderr, "%s: cannot create '%s' to write to.\n",
2717c478bdstevel@tonic-gate			program_name, tmpname);
2727c478bdstevel@tonic-gate		(void) fclose(rf);
2737c478bdstevel@tonic-gate		return (1);
2747c478bdstevel@tonic-gate	}
2757c478bdstevel@tonic-gate	wf = fdopen(wfd, "w");
2767c478bdstevel@tonic-gate	if (wf == NULL) {
2777c478bdstevel@tonic-gate		(void) fprintf(stderr, "%s: cannot fdopen '%s'.\n",
2787c478bdstevel@tonic-gate			program_name, tmpname);
2797c478bdstevel@tonic-gate		(void) close(wfd);
2807c478bdstevel@tonic-gate		(void) fclose(rf);
2817c478bdstevel@tonic-gate		return (1);
2827c478bdstevel@tonic-gate	}
2837c478bdstevel@tonic-gate
2847c478bdstevel@tonic-gate	err = -1;
2857c478bdstevel@tonic-gate	while (fgets(line, sizeof (line), rf)) {
2867c478bdstevel@tonic-gate		if (err < 0 && match(line, name)) {
2877c478bdstevel@tonic-gate			switch (op) {
2887c478bdstevel@tonic-gate			case YPOP_INSERT:
2897c478bdstevel@tonic-gate				err = 1;
2907c478bdstevel@tonic-gate				break;
2917c478bdstevel@tonic-gate			case YPOP_STORE:
2927c478bdstevel@tonic-gate			case YPOP_CHANGE:
2937c478bdstevel@tonic-gate				(void) fprintf(wf, "%s\t%s\n", name, data);
2947c478bdstevel@tonic-gate				err = 0;
2957c478bdstevel@tonic-gate				break;
2967c478bdstevel@tonic-gate			case YPOP_DELETE:
2977c478bdstevel@tonic-gate				/* do nothing */
2987c478bdstevel@tonic-gate				err = 0;
2997c478bdstevel@tonic-gate				break;
3007c478bdstevel@tonic-gate			}
3017c478bdstevel@tonic-gate		} else {
3027c478bdstevel@tonic-gate			fputs(line, wf);
3037c478bdstevel@tonic-gate		}
3047c478bdstevel@tonic-gate	}
3057c478bdstevel@tonic-gate	if (err < 0) {
3067c478bdstevel@tonic-gate		switch (op) {
3077c478bdstevel@tonic-gate		case YPOP_CHANGE:
3087c478bdstevel@tonic-gate		case YPOP_DELETE:
3097c478bdstevel@tonic-gate			err = 1;
3107c478bdstevel@tonic-gate			break;
3117c478bdstevel@tonic-gate		case YPOP_INSERT:
3127c478bdstevel@tonic-gate		case YPOP_STORE:
3137c478bdstevel@tonic-gate			err = 0;
3147c478bdstevel@tonic-gate			(void) fprintf(wf, "%s\t%s\n", name, data);
3157c478bdstevel@tonic-gate			break;
3167c478bdstevel@tonic-gate		}
3177c478bdstevel@tonic-gate	}
3187c478bdstevel@tonic-gate	(void) fclose(wf);
3197c478bdstevel@tonic-gate	(void) fclose(rf);
3207c478bdstevel@tonic-gate	if (err == 0) {
3217c478bdstevel@tonic-gate		if (rename(tmpname, filename) < 0) {
3227c478bdstevel@tonic-gate			(void) fprintf(stderr,
3237c478bdstevel@tonic-gate				"%s: cannot rename %s to %s\n",
3247c478bdstevel@tonic-gate				program_name, tmpname, filename);
3257c478bdstevel@tonic-gate			return (1);
3267c478bdstevel@tonic-gate		}
3277c478bdstevel@tonic-gate	} else {
3287c478bdstevel@tonic-gate		if (unlink(tmpname) < 0) {
3297c478bdstevel@tonic-gate			(void) fprintf(stderr,
3307c478bdstevel@tonic-gate				"%s: cannot delete %s\n",
3317c478bdstevel@tonic-gate				program_name, tmpname);
3327c478bdstevel@tonic-gate			return (1);
3337c478bdstevel@tonic-gate		}
3347c478bdstevel@tonic-gate	}
3357c478bdstevel@tonic-gate	return (err);
3367c478bdstevel@tonic-gate}
3377c478bdstevel@tonic-gate
3387c478bdstevel@tonic-gatestatic int
3397c478bdstevel@tonic-gatematch(char *line, char *name)
3407c478bdstevel@tonic-gate{
3417c478bdstevel@tonic-gate	int	len;
3427c478bdstevel@tonic-gate
3437c478bdstevel@tonic-gate	len = strlen(name);
3447c478bdstevel@tonic-gate	return (strncmp(line, name, len) == 0 &&
3457c478bdstevel@tonic-gate		(line[len] == ' ' || line[len] == '\t'));
3467c478bdstevel@tonic-gate}
347