From 0ca2bd6370e617112ce90b892149453461a323be Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Thu, 23 Aug 2012 18:09:10 -0400
Subject: add shadow, passwd.adjuct, base64-encode nis-disallowed-chars

* add a definition for shadow.byname
* add a definition for passwd.adjunct.byname
* make passwd.byname/passwd.byuid hide userPassword if objectClass==shadowAccount
* base64-encode nis-disallowed-chars when we are printing defaults
---
 src/defs-nis.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 67 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/defs-nis.c b/src/defs-nis.c
index b4a7d33..efd9a37 100644
--- a/src/defs-nis.c
+++ b/src/defs-nis.c
@@ -23,6 +23,7 @@
 #include "config.h"
 #endif
 
+#include <sys/param.h>
 #include <rpc/xdr.h>
 #include <fnmatch.h>
 #include <paths.h>
@@ -51,12 +52,22 @@ static struct configuration {
 	{"passwd.byname", config_exact, FALSE, NULL,
 	 "(objectClass=posixAccount)",
 	 "%{uid}", NULL,
-	 "%{uid}:%regsubi(\"%{userPassword}\",\"^\\\\{CRYPT\\\\}(..*)\",\"%1\",\"*\"):%regmatch(\"%{uidNumber}\",\"[0-9]+\"):%regmatch(\"%{gidNumber}\",\"[0-9]+\"):%{gecos:-%{cn:-}}:%{homeDirectory:-/}:%{loginShell:-" _PATH_BSHELL "}", NULL,
+	 "%{uid}:%ifeq(\"objectClass\",\"shadowAccount\",\"x\",\"%regsubi(\\\"%{userPassword}\\\",\\\"^\\\\\\\\{CRYPT\\\\\\\\}(..*)\\\",\\\"%1\\\",\\\"*\\\")\"):%regmatch(\"%{uidNumber}\",\"[0-9]+\"):%regmatch(\"%{gidNumber}\",\"[0-9]+\"):%{gecos:-%{cn:-}}:%{homeDirectory:-/}:%{loginShell:-" _PATH_BSHELL "}", NULL,
 	 ":\r\n"},
 	{"passwd.byuid", config_exact, FALSE, NULL,
 	 "(objectClass=posixAccount)",
 	 "%{uidNumber}", NULL,
-	 "%{uid}:%regsubi(\"%{userPassword}\",\"^\\\\{CRYPT\\\\}(..*)\",\"%1\",\"*\"):%regmatch(\"%{uidNumber}\",\"[0-9]+\"):%regmatch(\"%{gidNumber}\",\"[0-9]+\"):%{gecos:-%{cn:-}}:%{homeDirectory:-/}:%{loginShell:-" _PATH_BSHELL "}", NULL,
+	 "%{uid}:%ifeq(\"objectClass\",\"shadowAccount\",\"x\",\"%regsubi(\\\"%{userPassword}\\\",\\\"^\\\\\\\\{CRYPT\\\\\\\\}(..*)\\\",\\\"%1\\\",\\\"*\\\")\"):%regmatch(\"%{uidNumber}\",\"[0-9]+\"):%regmatch(\"%{gidNumber}\",\"[0-9]+\"):%{gecos:-%{cn:-}}:%{homeDirectory:-/}:%{loginShell:-" _PATH_BSHELL "}", NULL,
+	 ":\r\n"},
+	{"shadow.byname", config_exact, TRUE, NULL,
+	 "(objectClass=shadowAccount)",
+	 "%{uid}", NULL,
+	 "%{uid}:%regsubi(\"%{userPassword}\",\"^\\\\{CRYPT\\\\}(..*)\",\"%1\",\"*\"):%{shadowLastChange:-}:%{shadowMin:-}:%{shadowMax:-}:%{shadowWarning:-}:%{shadowInactive:-}:%{shadowExpire:-}:%{shadowFlag:-}", NULL,
+	 ":\r\n"},
+	{"passwd.adjunct.byname", config_exact, TRUE, NULL,
+	 "(objectClass=shadowAccount)",
+	 "%{uid}", NULL,
+	 "%{uid}:%regsubi(\"%{userPassword}\",\"^\\\\{CRYPT\\\\}(..*)\",\"%1\",\"*\")::::::", NULL,
 	 ":\r\n"},
 	{"group.byname", config_exact, FALSE, NULL,
 	 "(objectClass=posixGroup)",
@@ -264,6 +275,56 @@ usage(const char *argv0)
 	fprintf(stderr, "Usage: %s [-d domain] [-s suffix] [-m map]\n",
 		strchr(argv0, '/') ?  strrchr(argv0, '/') + 1 : argv0);
 }
+static char *
+base64enc(const char *s)
+{
+	size_t len;
+	uint32_t i;
+	int c;
+	const char *p, *alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+				   "abcdefghijklmnopqrstuvwxyz"
+				   "0123456789"
+				   "+/";
+	char *ret, *r;
+
+	len = howmany(strlen(s), 3) * 4;
+	ret = malloc(len + 1);
+	if (ret == NULL) {
+		return NULL;
+	}
+	memset(ret, '\0', len + 1);
+	for (p = s, r = ret, i = 0, c = 0; *p != '\0'; p++) {
+		i <<= 8;
+		i |= *p;
+		c++;
+		if (c == 3) {
+			*r++ = alphabet[((i >> 18) & 0x3f)];
+			*r++ = alphabet[((i >> 12) & 0x3f)];
+			*r++ = alphabet[((i >>  6) & 0x3f)];
+			*r++ = alphabet[((i      ) & 0x3f)];
+			c = 0;
+			i = 0;
+		}
+	}
+	switch (c) {
+	case 1:
+		i <<= 16;
+		*r++ = alphabet[((i >> 18) & 0x3f)];
+		*r++ = alphabet[((i >> 12) & 0x3f)];
+		*r++ = '=';
+		*r++ = '=';
+		break;
+	case 2:
+		i <<= 8;
+		*r++ = alphabet[((i >> 18) & 0x3f)];
+		*r++ = alphabet[((i >> 12) & 0x3f)];
+		*r++ = alphabet[((i >>  6) & 0x3f)];
+		*r++ = '=';
+		break;
+	}
+	*r++ = '\0';
+	return ret;
+}
 int
 main(int argc, char **argv)
 {
@@ -349,9 +410,11 @@ main(int argc, char **argv)
 			       config[i].value_format : "");
 		}
 		if (config[i].disallowed_chars != NULL) {
-			printf("%s: %s\n",
+			char *p;
+			printf("%s:: %s\n",
 			       NIS_MAP_CONFIGURATION_DISALLOWED_CHARS_ATTR,
-			       config[i].disallowed_chars);
+			       p = base64enc(config[i].disallowed_chars));
+			free(p);
 		}
 		if (config[i].secure) {
 			printf("%s: yes\n", NIS_MAP_CONFIGURATION_SECURE_ATTR);
-- 
cgit