import less(1)
[unleashed/tickless.git] / usr / src / lib / libc / port / nsl / nis_misc_proc.c
blobe2dc9073d10165742d9555b6e48d5988050a6785
1 /*
2 * CDDL HEADER START
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
19 * CDDL HEADER END
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
28 * This contains miscellaneous functions moved from commands to the library.
31 #include "mt.h"
32 #include <stdlib.h>
33 #include <stdio.h>
34 #include <syslog.h>
35 #include <string.h>
36 #include <unistd.h>
37 #include <gssapi/gssapi.h>
38 #include <rpc/rpc.h>
39 #include <rpcsvc/nis.h>
40 #include <rpcsvc/nis_dhext.h>
41 #include <rpc/auth.h>
42 #include <rpc/auth_sys.h>
43 #include <rpc/auth_des.h>
44 #include <rpc/key_prot.h>
45 #include <netdir.h>
46 #include <netconfig.h>
47 #include <sys/socket.h>
48 #include <netinet/in.h>
49 #include <netdb.h>
50 #include <dlfcn.h>
51 #include <gssapi/gssapi.h>
54 static char hex[16] = {
55 '0', '1', '2', '3', '4', '5', '6', '7',
56 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f',
59 static int
60 bin2hex(int len, unsigned char *binnum, char *hexnum)
62 int i;
63 unsigned val;
65 for (i = 0; i < len; i++) {
66 val = binnum[i];
67 hexnum[i*2] = hex[val >> 4];
68 hexnum[i*2+1] = hex[val & 0xf];
70 hexnum[len*2] = 0;
71 return (1);
74 #define MECH_LIB_PREFIX1 "/usr/lib/"
76 #ifdef _LP64
78 #define MECH_LIB_PREFIX2 "64/"
80 #else /* _LP64 */
82 #define MECH_LIB_PREFIX2 ""
84 #endif /* _LP64 */
86 #define MECH_LIB_DIR "gss/"
88 #define MECH_LIB_PREFIX MECH_LIB_PREFIX1 MECH_LIB_PREFIX2
90 #define MECHDH MECH_LIB_PREFIX MECH_LIB_DIR "mech_dh.so.1"
91 #define LIBGSS MECH_LIB_PREFIX "libgss.so.1"
93 static gss_OID_desc __dh_gss_c_nt_netname = {
94 9, "\053\006\004\001\052\002\032\001\001"
97 mutex_t gss_load_lock = DEFAULTMUTEX;
98 static gss_OID GSS_EXPORT_NAME = 0;
99 static gss_OID DH_NETNAME = &__dh_gss_c_nt_netname;
101 typedef OM_uint32 (*gss_fptr)();
102 OM_uint32 (*g_import_name)();
103 OM_uint32 (*g_display_name)();
104 OM_uint32 (*g_release_name)();
105 OM_uint32 (*g_release_buffer)();
106 OM_uint32 (*g_release_oid)();
109 * gss_OID_load()
111 * This routine is called by __nis_gssprin2netname to define values for
112 * the gss-api-export-name OID, the Diffie-Hellman netname OID, and
113 * the gss support routines that it needs.
114 * The reason for this support routine is that libnsl cannot have an
115 * explicit dependency on libgss. Callers of __nisgssprin2netname are
116 * expected to have loaded libgss through the rpcsec layer. The work around
117 * is to dlopen the needed shared objects and grab the symbols with dlsym.
118 * This routine opens libgss RTLD_NOLOAD. If this fails then libgss.so.1
119 * is not loaded and we return error. Otherwise it uses dlsym to
120 * defines GSS_EXPORT_NAME to have the value of GSS_C_NT_EXPORT_NAME and
121 * to assign the above fuction pointers.
122 * If this succeeds then the routine will attempt to load mech_dh.so.1
123 * and over ride DH_NETNAME with the value of __DH_GSS_C_NT_NETNAME from
124 * that shared object. We don't consider it an error if this fails because
125 * its conceivable that another mechanism backend will support the netname
126 * name type and mech_dh.so.1 not be available.
128 * Return 0 on failer, 1 on success.
131 static int
132 gss_OID_load()
134 void *dh;
135 gss_OID *OIDptr;
136 int stat = 0;
138 (void) mutex_lock(&gss_load_lock);
139 if (GSS_EXPORT_NAME) {
140 (void) mutex_unlock(&gss_load_lock);
141 return (0);
144 /* if LIBGSS is not loaded return an error */
145 if ((dh = dlopen(LIBGSS, RTLD_NOLOAD)) == NULL) {
146 (void) mutex_unlock(&gss_load_lock);
147 return (0);
150 OIDptr = (gss_OID *)dlsym(dh, "GSS_C_NT_EXPORT_NAME");
151 if (OIDptr)
152 GSS_EXPORT_NAME = *OIDptr;
153 else
154 goto Done;
156 g_import_name = (gss_fptr)dlsym(dh, "gss_import_name");
157 if (g_import_name == 0)
158 goto Done;
160 g_display_name = (gss_fptr)dlsym(dh, "gss_display_name");
161 if (g_display_name == 0)
162 goto Done;
164 g_release_name = (gss_fptr)dlsym(dh, "gss_release_name");
165 if (g_release_name == 0)
166 goto Done;
168 g_release_buffer = (gss_fptr)dlsym(dh, "gss_release_buffer");
169 if (g_release_buffer == 0)
170 goto Done;
172 g_release_oid = (gss_fptr)dlsym(dh, "gss_release_oid");
173 if (g_release_oid == 0)
174 goto Done;
176 stat = 1;
178 * Try and get the official netname oid from mech_dh.so.
179 * If this fails will just keep our default from above.
182 if ((dh = dlopen(MECHDH, RTLD_LAZY)) != NULL) {
184 OIDptr = (gss_OID *)dlsym(dh, "__DH_GSS_C_NT_NETNAME");
185 if (OIDptr)
186 DH_NETNAME = *OIDptr;
189 Done:
190 (void) mutex_unlock(&gss_load_lock);
192 if (stat == 0)
193 GSS_EXPORT_NAME = 0;
195 return (stat);
200 * int
201 * __nis_gssprin2netname(rpc_gss_principal_t prin,
202 * char netname[MAXNETNAMELEN+1])
204 * This routine attempts to extract the netname from an rpc_gss_principal_t
205 * which is in { gss-api-exorted-name } format. Return 0 if a netname was
206 * found, else return -1.
210 * This routine has a dependency on libgss.so. So we will pragma weak
211 * the interfaces that we need. When this routine is called libgss
212 * should have been loaded by the rpcsec layer. We will call gss_OID_load
213 * to get the value for GSS_EXPORT_NAME. If gss_OID_load failes return -1.
216 #define OID_IS_EQUAL(o1, o2) ((o1) && (o2) && \
217 ((o1)->length == (o2)->length) && \
218 (memcmp((o1)->elements, (o2)->elements, (o1)->length) == 0))
221 __nis_gssprin2netname(rpc_gss_principal_t prin, char netname[MAXNETNAMELEN+1])
223 gss_buffer_desc display_name;
224 gss_name_t name;
225 gss_OID name_type;
226 gss_buffer_desc expName;
227 int stat = -1;
228 OM_uint32 major, minor;
230 /* See if we already got the OID */
231 if (GSS_EXPORT_NAME == 0) {
232 /* Nope. See if GSS is loaded and get the OIDs */
233 if (!gss_OID_load())
234 return (-1); /* if libgss.so.1 isn't loaded */
237 expName.length = prin->len;
238 expName.value = prin->name;
240 major = (*g_import_name)(&minor, &expName,
241 (gss_OID) GSS_EXPORT_NAME, &name);
243 if (major == GSS_S_COMPLETE) {
244 major = (*g_display_name)(&minor, name,
245 &display_name, &name_type);
247 /* We're done with the gss_internal name */
248 (void) (*g_release_name)(&minor, &name);
250 if (major == GSS_S_COMPLETE) {
252 * Check if we've got a netname. If we do we copy it
253 * and make sure that its null terminated.
255 if (OID_IS_EQUAL(DH_NETNAME, name_type)) {
256 (void) strncpy(netname,
257 (char *)display_name.value,
258 MAXNETNAMELEN);
259 netname[MAXNETNAMELEN] = '\0';
260 stat = 0;
263 * If there are other display formats that can
264 * be converted to netnames easily, insert here.
266 * else if (OID_IS_EQUAL(OTHER_NT_OID, name_type)) {
267 * convert2netname(display_name.value, netname);
268 * } ...
271 /* Release temporty storage */
272 (void) (*g_release_buffer)(&minor, &display_name);
273 (void) (*g_release_oid)(&minor, &name_type);
277 if (stat == 0)
278 return (stat);
280 return (stat);
284 * Extract a public key given a key length and alg. type from a packed
285 * netobj containing extended Diffie-Hellman keys.
287 char *
288 __nis_dhext_extract_pkey(netobj *no, keylen_t keylen, algtype_t algtype)
290 char *hexkey;
291 /* LINTED pointer cast */
292 extdhkey_t *keyent = (extdhkey_t *)no->n_bytes;
294 /* LINTED pointer cast */
295 while (keyent < (extdhkey_t *)(no->n_bytes + no->n_len)) {
296 char *keyoffset;
297 size_t binlen = (ntohs(keyent->keylen) + 7) / 8;
298 size_t binpadlen = ((binlen + 3) / 4) * 4;
299 size_t hexkeylen = binlen * 2 + 1;
301 if (keylen == ntohs(keyent->keylen) &&
302 algtype == ntohs(keyent->algtype)) {
304 if (!(hexkey = malloc(hexkeylen)))
305 return (NULL);
307 (void) bin2hex(binlen, keyent->key, hexkey);
308 return (hexkey);
310 keyoffset = (char *)keyent + (sizeof (ushort_t) * 2) +
311 binpadlen;
312 /* LINTED pointer cast */
313 keyent = (extdhkey_t *)keyoffset;
315 return (NULL);