Major overhaul. Now uses DSA signatures rather than the bogus symmetric

[become] / src / userdb.c

/* -*-c-*-
 *
 * $Id: userdb.c,v 1.9 2003/10/12 00:14:55 mdw Exp $
 *
 * User database management
 *
 * (c) 1998 EBI
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of `become'
 *
 * `Become' is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * `Become' is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with `become'; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------*
 *
 * $Log: userdb.c,v $
 * Revision 1.9  2003/10/12 00:14:55  mdw
 * Major overhaul.  Now uses DSA signatures rather than the bogus symmetric
 * encrypt-and-hope thing.  Integrated with mLib and Catacomb.
 *
 * Revision 1.8  1998/06/08 11:21:22  mdw
 * Fixed bug in password and group file reading: strtok doesn't handle
 * double colons nicely.
 *
 * Revision 1.7  1998/04/23 13:27:46  mdw
 * Switch to using the ypstuff interface to YP server.
 *
 * Revision 1.6  1998/01/12 16:46:33  mdw
 * Fix copyright date.
 *
 * Revision 1.5  1997/09/17  10:24:08  mdw
 * Use `uid_t' instead of `int' for uids and gids.  Not quite sure why I
 * didn't do this before.
 *
 * Revision 1.4  1997/08/20  16:24:58  mdw
 * Patch memory leak.  Rename `userdb_reinit' to `userdb_end' for more
 * sensible restart.
 *
 * Revision 1.3  1997/08/07 09:44:29  mdw
 * Read NIS-based passwords from the YP server directly, rather than using
 * `popen(ypcat)', which is probably both slower and less secure.
 *
 * Revision 1.2  1997/08/04 10:24:26  mdw
 * Sources placed under CVS control.
 *
 * Revision 1.1  1997/07/21  13:47:43  mdw
 * Initial revision
 *
 */

/*----- Header files ------------------------------------------------------*/

/* --- ANSI headers --- */

#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

/* --- Unix headers --- */

#include "config.h"

#include <sys/types.h>

#include <grp.h>
#include <pwd.h>
#include <unistd.h>

/* --- mLib headers --- */

#include <mLib/alloc.h>
#include <mLib/sym.h>
#include <mLib/trace.h>

/* --- Local headers --- */

#include "become.h"
#include "userdb.h"
#include "ypstuff.h"

/*----- Type definitions --------------------------------------------------*/

/* --- A map link --- */

typedef struct userdb__node {
  struct userdb__node *next;
  void *rec;
} userdb__node;

/* --- A reference to a real record --- */

typedef struct userdb__sym {
  sym_base _base;
  void *rec;
} userdb__sym;

/* --- A name- and number-mapping --- */

typedef struct userdb__map {
  sym_table nmap;
  sym_table idmap;
  userdb__node *list;
} userdb__map;

/*----- Static variables --------------------------------------------------*/

static userdb__map userdb__users;       /* Map of user info blocks */
static sym_iter userdb__useri;          /* Iterator for users */
static userdb__map userdb__groups;      /* Map of group info blocks */
static sym_iter userdb__groupi;         /* Iterator for groups */

/*----- Map management functions ------------------------------------------*/

/* --- @userdb__createMap@ --- *
 *
 * Arguments:   @userdb__map *m@ = pointer to a map block
 *
 * Returns:     ---
 *
 * Use:         Initialises a map table.
 */

static void userdb__createMap(userdb__map *m)
{
  sym_create(&m->nmap);
  sym_create(&m->idmap);
  m->list = 0;
}

/* --- @userdb__addToMap@ --- *
 *
 * Arguments:   @userdb__map *m@ = pointer to the map block
 *              @const char *name@ = pointer to the item's name
 *              @uid_t id@ = the item's id number
 *              @void *rec@ = pointer to the actual record
 *
 * Returns:     ---
 *
 * Use:         Adds an item to the given map.
 */

static void userdb__addToMap(userdb__map *m,
                             const char *name,
                             uid_t id, void *rec)
{
  unsigned f;
  userdb__sym *s;
  userdb__node *n;

  s = sym_find(&m->nmap, name, -1, sizeof(*s), &f);
  if (!f)
    s->rec = rec;

  s = sym_find(&m->idmap, (char *)&id, sizeof(id), sizeof(*s), &f);
  if (!f)
    s->rec = rec;

  n = xmalloc(sizeof(*n));
  n->rec = rec;
  n->next = m->list;
  m->list = n;
}

/* --- @userdb__byName@ --- *
 *
 * Arguments:   @userdb__map *m@ = pointer to a map block
 *              @const char *name@ = name to look up
 *
 * Returns:     A pointer to the appropriate block, or zero if not found.
 *
 * Use:         Looks up a name in a mapping and returns the result.
 */

static void *userdb__byName(userdb__map *m, const char *name)
{
  userdb__sym *s = sym_find(&m->nmap, name, -1, 0, 0);
  return (s ? s->rec : 0);
}

/* --- @userdb__byId@ --- *
 *
 * Arguments:   @userdb__map *m@ = pointer to a map block
 *              @uid_t id@ = id number to find
 *
 * Returns:     A pointer to the appropriate block, or zero if not found.
 *
 * Use:         Looks up an ID in a mapping, and returns the result.
 */

static void *userdb__byId(userdb__map *m, uid_t id)
{
  userdb__sym *s = sym_find(&m->idmap, (char *)&id, sizeof(id), 0, 0);
  return (s ? s->rec : 0);
}

/* --- @userdb__clearMap@ --- *
 *
 * Arguments:   @userdb__map *m@ = pointer to a map block
 *              @void (*freerec)(void *rec)@ = pointer to a free-record proc
 *
 * Returns:     ---
 *
 * Use:         Clears a map, emptying it and releasing the memory it
 *              occupied.
 */

static void userdb__clearMap(userdb__map *m, void (*freerec)(void *rec))
{
  userdb__node *n, *t;

  sym_destroy(&m->nmap);
  sym_destroy(&m->idmap);

  for (n = m->list; n; n = t) {
    t = n->next;
    freerec(n->rec);
    free(n);
  }
}

/*----- User and group block management -----------------------------------*/

/* --- @userdb__dumpUser@ --- *
 *
 * Arguments:   @const struct passwd *pw@ = pointer to a user block
 *
 * Returns:     ---
 *
 * Use:         Writes a user's informationt to a stream.
 */

#ifndef NTRACE

static void userdb__dumpUser(const struct passwd *pw)
{
  trace(TRACE_DEBUG,
        "debug: name `%s' passwd `%s' uid %i gid %i",
        pw->pw_name, pw->pw_passwd, (int)pw->pw_uid, (int)pw->pw_gid);
  trace(TRACE_DEBUG,
        "debug: ... gecos `%s' home `%s' shell `%s'",
        pw->pw_gecos, pw->pw_dir, pw->pw_shell);
}

#endif

/* --- @userdb__split@ --- *
 *
 * Arguments:   @char *p@ = pointer to string
 *              @char **v@ = pointer to vector to fill in
 *              @int sz@ = maximum number of fields to split
 *
 * Returns:     Number of fields extracted.
 *
 * Use:         Splits a string into fields at colon characters.
 */

static int userdb__split(char *p, char **v, int sz)
{
  int count = 0;

  *v++ = p; sz--; count++;
  if (!sz)
    goto done;
  while (*p) {
    if (*p++ == ':') {
      p[-1] = 0;
      *v++ = p; sz--; count++;
      if (!sz)
        goto done;
    }
  }
  while (sz--)
    *v++ = 0;

done:
  return (count);
}

/* --- @userdb_copyUser@ --- *
 *
 * Arguments:   @struct passwd *pw@ = pointer to block to copy
 *
 * Returns:     Pointer to the copy.
 *
 * Use:         Copies a user block.  The copy is `deep' so all the strings
 *              are copied too.  Free the copy with @userdb_freeUser@ when
 *              you don't want it any more.
 */

struct passwd *userdb_copyUser(struct passwd *pw)
{
  struct passwd *npw;

  if (!pw)
    return (0);

  npw = xmalloc(sizeof(*npw));

  npw->pw_name = xstrdup(pw->pw_name);
  npw->pw_passwd = xstrdup(pw->pw_passwd);
  npw->pw_uid = pw->pw_uid;
  npw->pw_gid = pw->pw_gid;
  npw->pw_gecos = xstrdup(pw->pw_gecos);
  npw->pw_dir = xstrdup(pw->pw_dir);
  npw->pw_shell = xstrdup(pw->pw_shell);

  return (npw);
}

/* --- @userdb__buildUser@ --- *
 *
 * Arguments:   @char *s@ = pointer to user string
 *
 * Returns:     Pointer to a user block.
 *
 * Use:         Converts a line from a user file into a password entry.
 *              Note that the string is corrupted by @strtok@ while it gets
 *              parsed.
 */

static struct passwd *userdb__buildUser(char *s)
{
  struct passwd *pw = xmalloc(sizeof(*pw));
  char *v[7];

  if (userdb__split(s, v, 7) < 7) {
    free(pw);
    return (0);
  }

  pw->pw_name = xstrdup(v[0]);
  pw->pw_passwd = xstrdup(v[1]);
  pw->pw_uid = (uid_t)atol(v[2]);
  pw->pw_gid = (gid_t)atol(v[3]);
  pw->pw_gecos = xstrdup(v[4]);
  pw->pw_dir = xstrdup(v[5]);
  pw->pw_shell = xstrdup(v[6]);
  return (pw);
}

/* --- @userdb_freeUser@ --- *
 *
 * Arguments:   @void *rec@ = pointer to a user record
 *
 * Returns:     ---
 *
 * Use:         Frees a user record.
 */

void userdb_freeUser(void *rec)
{
  struct passwd *pw;

  if (!rec)
    return;

  pw = rec;
  free(pw->pw_name);
  free(pw->pw_passwd);
  free(pw->pw_gecos);
  free(pw->pw_dir);
  free(pw->pw_shell);
  free(pw);
} 

/* --- @userdb__dumpGroup@ --- *
 *
 * Arguments:   @const struct group *gr@ = pointer to a group block
 *              @FILE *fp@ = pointer to stream to write on
 *
 * Returns:     ---
 *
 * Use:         Writes a group's information to a stream.
 */

#ifndef NTRACE

static void userdb__dumpGroup(const struct group *gr)
{
  char *const *p;

  trace(TRACE_DEBUG,
         "debug: name `%s' passwd `%s' gid %i",
         gr->gr_name, gr->gr_passwd, (int)gr->gr_gid);
  for (p = gr->gr_mem; *p; p++)
    trace(TRACE_DEBUG,"debug: ... `%s'", *p);
}

#endif

/* --- @userdb_copyGroup@ --- *
 *
 * Arguments:   @struct group *gr@ = pointer to group block
 *
 * Returns:     Pointer to copied block
 *
 * Use:         Copies a group block.  The copy is `deep' so all the strings
 *              are copied too.  Free the copy with @userdb_freeGroup@ when
 *              you don't want it any more.
 */

struct group *userdb_copyGroup(struct group *gr)
{
  struct group *ngr;
  int i, max;

  if (!gr)
    return (0);

  ngr = xmalloc(sizeof(*ngr));

  ngr->gr_name = xstrdup(gr->gr_name);
  ngr->gr_passwd = xstrdup(gr->gr_passwd);
  ngr->gr_gid = gr->gr_gid;

  for (max = 0; gr->gr_mem[max]; max++)
    ;
  ngr->gr_mem = xmalloc((max + 1) * sizeof(char *));
  for (i = 0; i < max; i++)
    ngr->gr_mem[i] = xstrdup(gr->gr_mem[i]);
  ngr->gr_mem[max] = 0;

  return (ngr);
}

/* --- @userdb__buildGroup@ --- *
 *
 * Arguments:   @char *s@ = pointer to group line string
 *
 * Returns:     Pointer to a group block
 *
 * Use:         Parses an entry in the groups file.  The string is garbled
 *              by @strtok@ as we go.
 */

static struct group *userdb__buildGroup(char *s)
{
  struct group *gr = xmalloc(sizeof(*gr));
  char *v[4];
  int i;

  /* --- Do the easy bits --- */

  if (userdb__split(s, v, 4) < 3) {
    free(gr);
    return (0);
  }
  gr->gr_name = xstrdup(v[0]);
  gr->gr_passwd = xstrdup(v[1]);
  gr->gr_gid = (gid_t)atol(v[2]);

  /* --- Count the number of members --- */

  s = v[3];
  i = 0;
  if (s && s[0]) {
    for (;;) {
      i++;
      if ((s = strpbrk(s, ",")) == 0)
        break;
      s++;
    }
  }

  /* --- Allocate the block and fill it --- */

  gr->gr_mem = xmalloc((i + 1) * sizeof(char *));
  i = 0;
  if (v[3]) {
    s = strtok(v[3], ",");
    while (s) {
      gr->gr_mem[i++] = xstrdup(s);
      s = strtok(0, ",");
    }
  }
  gr->gr_mem[i] = 0;

  return (gr);
}

/* --- @userdb_freeGroup@ --- *
 *
 * Arguments:   @void *rec@ = pointer to a group record
 *
 * Returns:     ---
 *
 * Use:         Frees a group record.
 */

void userdb_freeGroup(void *rec)
{
  struct group *gr;
  char **p;

  if (!rec)
    return;

  gr = rec;
  free(gr->gr_name);
  free(gr->gr_passwd);
  for (p = gr->gr_mem; *p; p++)
    free(*p);
  free(gr->gr_mem);
  free(gr);
} 

/*----- Answering queries -------------------------------------------------*/

/* --- @userdb_userByName@, @userdb_userById@ --- *
 *
 * Arguments:   @const char *name@ = pointer to user's name
 *              @uid_t id@ = user id to find
 *
 * Returns:     Pointer to user block, or zero if not found.
 *
 * Use:         Looks up a user by name or id.
 */

struct passwd *userdb_userByName(const char *name)
{ return (userdb__byName(&userdb__users, name)); }

struct passwd *userdb_userById(uid_t id)
{ return (userdb__byId(&userdb__users, id)); }

/* --- @userdb_iterateUsers@, @userdb_iterateUsers_r@ --- *
 *
 * Arguments:   @userdb_iter *i@ = pointer to a symbol table iterator object
 *
 * Returns:     ---
 *
 * Use:         Initialises an iteration for the user database.
 */

void userdb_iterateUsers(void)
{ userdb_iterateUsers_r(&userdb__useri); }

void userdb_iterateUsers_r(userdb_iter *i)
{ sym_mkiter(i, &userdb__users.nmap); }

/* --- @userdb_nextUser@, @userdb_nextUser_r@ --- *
 *
 * Arguments:   @userdb_iter *i@ = pointer to a symbol table iterator oject
 *
 * Returns:     Pointer to the next user block, or null.
 *
 * Use:         Returns another user block.
 */

struct passwd *userdb_nextUser(void)
{ return (userdb_nextUser_r(&userdb__useri)); }

struct passwd *userdb_nextUser_r(userdb_iter *i)
{
  userdb__sym *s = sym_next(i);
  return (s ? s->rec : 0);
}

/* --- @userdb_groupByName@, @userdb_groupById@ --- *
 *
 * Arguments:   @const char *name@ = pointer to group's name
 *              @gid_t id@ = group id to find
 *
 * Returns:     Pointer to group block, or zero if not found.
 *
 * Use:         Looks up a group by name or id.
 */

struct group *userdb_groupByName(const char *name)
{ return (userdb__byName(&userdb__groups, name)); }

struct group *userdb_groupById(gid_t id)
{ return (userdb__byId(&userdb__groups, id)); }

/* --- @userdb_iterateGroups@, @userdb_iterateGroups_r@ --- *
 *
 * Arguments:   @userdb_iter *i@ = pointer to a symbol table iterator object
 *
 * Returns:     ---
 *
 * Use:         Initialises an iteration for the group database.
 */

void userdb_iterateGroups(void)
{ userdb_iterateGroups_r(&userdb__groupi); }

void userdb_iterateGroups_r(userdb_iter *i)
{ sym_mkiter(i, &userdb__groups.nmap); }

/* --- @userdb_nextGroup@, @userdb_nextGroup_r@ --- *
 *
 * Arguments:   @userdb_iter *i@ = pointer to a symbol table iterator oject
 *
 * Returns:     Pointer to the next group block, or null.
 *
 * Use:         Returns another group block.
 */

struct group *userdb_nextGroup(void)
{ return (userdb_nextGroup_r(&userdb__groupi)); }

struct group *userdb_nextGroup_r(userdb_iter *i)
{
  userdb__sym *s = sym_next(i);
  return (s ? s->rec : 0);
}

/*----- Yellow pages support ----------------------------------------------*/

#ifdef HAVE_YP

/* --- @userdb__foreachUser@ --- *
 *
 * Arguments:   @int st@ = YP protocol-level status code
 *              @char *k@ = address of the key for this record
 *              @int ksz@ = size of the key
 *              @char *v@ = address of the value for this record
 *              @int vsz@ = size of the value
 *              @char *data@ = pointer to some data passed to me
 *
 * Returns:     Zero to be called again, nonzero to end the enumeration.
 *
 * Use:         Handles an incoming user record.
 */

static int userdb__foreachUser(int st, char *k, int ksz,
                               char *v, int vsz, char *data)
{
  char *cv;
  struct passwd *pw;

  if (st != YP_TRUE)
    return (-1);
  cv = xmalloc(vsz + 1);
  memcpy(cv, v, vsz);
  cv[vsz] = 0;
  T( trace(TRACE_DEBUG, "debug: nis string: `%s'", cv); )
  pw = userdb__buildUser(cv);
  if (pw && !userdb__byName(&userdb__users, pw->pw_name)) {
    IF_TRACING(TRACE_DEBUG, userdb__dumpUser(pw); )
    userdb__addToMap(&userdb__users, pw->pw_name, pw->pw_uid, pw);
  } else
    userdb_freeUser(pw);
  free(cv);
  return (0);
}

/* --- @userdb__foreachGroup@ --- *
 *
 * Arguments:   @int st@ = YP protocol-level status code
 *              @char *k@ = address of the key for this record
 *              @int ksz@ = size of the key
 *              @char *v@ = address of the value for this record
 *              @int vsz@ = size of the value
 *              @char *data@ = pointer to some data passed to me
 *
 * Returns:     Zero to be called again, nonzero to end the enumeration.
 *
 * Use:         Handles an incoming user record.
 */

static int userdb__foreachGroup(int st, char *k, int ksz,
                                char *v, int vsz, char *data)
{
  char *cv;
  struct group *gr;

  if (st != YP_TRUE)
    return (-1);
  cv = xmalloc(vsz + 1);
  memcpy(cv, v, vsz);
  cv[vsz] = 0;
  T( trace(TRACE_DEBUG, "debug: nis string: `%s'", cv); )
  gr = userdb__buildGroup(cv);
  if (gr && !userdb__byName(&userdb__groups, gr->gr_name)) {
    IF_TRACING(TRACE_DEBUG, userdb__dumpGroup(gr); )
    userdb__addToMap(&userdb__groups, gr->gr_name, gr->gr_gid, gr);
  } else
    userdb_freeGroup(gr);
  free(cv);
  return (0);
}

/* --- @userdb_yp@ --- *
 *
 * Arguments:   ---
 *
 * Returns:     ---
 *
 * Use:         Fetches the YP database of users.
 */

void userdb_yp(void)
{
  /* --- Bind to a server --- */

  ypstuff_bind();
  if (!yp_domain)
    return;

  T( trace(TRACE_DEBUG, "debug: adding NIS users"); )

  /* --- Fetch the users map --- */

  {
    static struct ypall_callback ucb = { userdb__foreachUser, 0 };
    yp_all(yp_domain, "passwd.byuid", &ucb);
  }

  /* --- Fetch the groups map --- */

  {
    static struct ypall_callback gcb = { userdb__foreachGroup, 0 };
    yp_all(yp_domain, "group.bygid", &gcb);
  }
}

#else

void userdb_yp(void) { ; }

#endif

/*----- Building the databases --------------------------------------------*/

/* --- @userdb_local@ --- *
 *
 * Arguments:   ---
 *
 * Returns:     ---
 *
 * Use:         Reads the local list of users into the maps.
 */

void userdb_local(void)
{
  T( trace(TRACE_DEBUG, "debug: adding local users"); )

  /* --- Fetch users first --- */

  {
    struct passwd *pw;

    setpwent();
    while ((pw = getpwent()) != 0) {
      IF_TRACING(TRACE_DEBUG, userdb__dumpUser(pw); )
      if (!userdb__byName(&userdb__users, pw->pw_name))
        userdb__addToMap(&userdb__users, pw->pw_name, pw->pw_uid,
                         userdb_copyUser(pw));
    }
    endpwent();
  }

  /* --- Then fetch groups --- */

  {
    struct group *gr;

    setgrent();
    while ((gr = getgrent()) != 0) {
      IF_TRACING(TRACE_DEBUG, userdb__dumpGroup(gr); )
      if (!userdb__byName(&userdb__groups, gr->gr_name))
        userdb__addToMap(&userdb__groups, gr->gr_name, gr->gr_gid,
                         userdb_copyGroup(gr));
    }
    endgrent();
  }
}

/* --- @userdb_init@ --- *
 *
 * Arguments:   ---
 *
 * Returns:     ---
 *
 * Use:         Initialises the user database.
 */

void userdb_init(void)
{
  userdb__createMap(&userdb__users);
  userdb__createMap(&userdb__groups);
}

/* --- @userdb_end@ --- *
 *
 * Arguments:   ---
 *
 * Returns:     ---
 *
 * Use:         Closes down the user database.
 */

void userdb_end(void)
{
  userdb__clearMap(&userdb__users, userdb_freeUser);
  userdb__clearMap(&userdb__groups, userdb_freeGroup);
}

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

void dumpit(const char *msg)
{
  trace(TRACE_DEBUG, "debug: %s", msg);

  {
    struct passwd *pw;
    for (userdb_iterateUsers(); (pw = userdb_nextUser()) != 0; )
      userdb__dumpUser(pw);
  }

  {
    struct group *gr;
    for (userdb_iterateGroups(); (gr = userdb_nextGroup()) != 0; )
      userdb__dumpGroup(gr);
  }
}

int main(void)
{
  ego("userdb-test");
  traceon(stdout, TRACE_ALL);
  userdb_init();
  userdb_local();
  userdb_yp();
  dumpit("spong");
/*  printf("loaded (%lu)\n", track_memused()); */
  getchar();
  for (;;) {
    userdb_end();
/*    printf("cleared (%lu)\n", track_memused()); */
/*    track_memlist(); */
    userdb_init();
    userdb_local();
    userdb_yp();
/*    printf("reloaded (%lu)\n", track_memused()); */
    getchar();
  }
  return (0);
}

#endif

/*----- That's all, folks -------------------------------------------------*/