idmap/idmapd/adutils.c

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER START
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * The contents of this file are subject to the terms of the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Common Development and Distribution License (the "License").
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You may not use this file except in compliance with the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * or http://www.opensolaris.org/os/licensing.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * See the License for the specific language governing permissions
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * and limitations under the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * When distributing Covered Code, include this CDDL HEADER in each
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * If applicable, add the following below this CDDL HEADER, with the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * fields enclosed by brackets "[]" replaced with your own identifying
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * information: Portions Copyright [yyyy] [name of copyright owner]
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER END
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Processes name2sid & sid2name batched lookups for a given user or
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * computer from an AD Directory server using GSSAPI authentication
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <stdio.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <stdlib.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <alloca.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <string.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <strings.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <lber.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <ldap.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <sasl/sasl.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <string.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <ctype.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <pthread.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <synch.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <atomic.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <errno.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <assert.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <limits.h>
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre#include <time.h>
cd37da7426f0c49c14ad9a8a07638ca971477566nw#include <sys/u8_textprep.h>
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre#include "libadutils.h"
479ac37569625bae44ffb80071d4bc865fc710eddm#include "nldaputils.h"
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include "idmapd.h"
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* Attribute names and filter format strings */
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw#define SAN     "sAMAccountName"
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw#define OBJSID      "objectSid"
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw#define OBJCLASS    "objectClass"
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai#define UIDNUMBER   "uidNumber"
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai#define GIDNUMBER   "gidNumber"
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai#define UIDNUMBERFILTER "(&(objectclass=user)(uidNumber=%u))"
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai#define GIDNUMBERFILTER "(&(objectclass=group)(gidNumber=%u))"
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai#define SANFILTER   "(sAMAccountName=%s)"
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw#define OBJSIDFILTER    "(objectSid=%s)"
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkrevoid    idmap_ldap_res_search_cb(LDAP *ld, LDAPMessage **res, int rc,
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        int qid, void *argp);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * A place to put the results of a batched (async) query
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * There is one of these for every query added to a batch object
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * (idmap_query_state, see below).
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwtypedef struct idmap_q {
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    /*
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * data used for validating search result entries for name->SID
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban     * lookups
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     */
cd37da7426f0c49c14ad9a8a07638ca971477566nw    char            *ecanonname;    /* expected canon name */
cd37da7426f0c49c14ad9a8a07638ca971477566nw    char            *edomain;   /* expected domain name */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    idmap_id_type       esidtype;   /* expected SID type */
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    /* results */
cd37da7426f0c49c14ad9a8a07638ca971477566nw    char            **canonname;    /* actual canon name */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    char            **domain;   /* name of domain of object */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    char            **sid;      /* stringified SID */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    rid_t           *rid;       /* RID */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    idmap_id_type       *sid_type;  /* user or group SID? */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    char            **unixname; /* unixname for name mapping */
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char            **dn;       /* DN of entry */
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char            **attr;     /* Attr for name mapping */
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char            **value;    /* value for name mapping */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    posix_id_t      *pid;       /* Posix ID found via IDMU */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    idmap_retcode       *rc;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    adutils_rc      ad_rc;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    adutils_result_t    *result;
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
bcced03bbdd2d55d8573d1da7b39a496f30d68cbjp    /*
bcced03bbdd2d55d8573d1da7b39a496f30d68cbjp     * The LDAP search entry result is placed here to be processed
bcced03bbdd2d55d8573d1da7b39a496f30d68cbjp     * when the search done result is received.
bcced03bbdd2d55d8573d1da7b39a496f30d68cbjp     */
bcced03bbdd2d55d8573d1da7b39a496f30d68cbjp    LDAPMessage     *search_res;    /* The LDAP search result */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw} idmap_q_t;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* Batch context structure; typedef is in header file */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstruct idmap_query_state {
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    adutils_query_state_t   *qs;
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    int         qsize;      /* Queue size */
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    uint32_t        qcount;     /* Number of queued requests */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    const char      *ad_unixuser_attr;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    const char      *ad_unixgroup_attr;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    int         directory_based_mapping;    /* enum */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char            *default_domain;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    idmap_q_t       queries[1]; /* array of query results */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw};
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
651c0131ccc65381cbda174bee44a4fd7a518d6bbabanstatic pthread_t    reaperid = 0;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Keep connection management simple for now, extend or replace later
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * with updated libsldap code.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#define ADREAPERSLEEP   60
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Idle connection reaping side of connection management
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Every minute wake up and look for connections that have been idle for
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * five minutes or more and close them.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*ARGSUSED*/
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstatic
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwvoid
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwadreaper(void *arg)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    timespec_t  ts;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    ts.tv_sec = ADREAPERSLEEP;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    ts.tv_nsec = 0;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    for (;;) {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        /*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw         * nanosleep(3RT) is thead-safe (no SIGALRM) and more
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw         * portable than usleep(3C)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw         */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        (void) nanosleep(&ts, NULL);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        adutils_reap_idle_connections();
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Take ad_host_config_t information, create a ad_host_t,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * populate it and add it to the list of hosts.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwint
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkreidmap_add_ds(adutils_ad_t *ad, const char *host, int port)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    int ret = -1;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    if (adutils_add_ds(ad, host, port) == ADUTILS_SUCCESS)
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        ret = 0;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    /* Start reaper if it doesn't exist */
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    if (ret == 0 && reaperid == 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        (void) pthread_create(&reaperid, NULL,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw            (void *(*)(void *))adreaper, (void *)NULL);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    return (ret);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstatic
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkreidmap_retcode
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkremap_adrc2idmaprc(adutils_rc adrc)
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre{
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    switch (adrc) {
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    case ADUTILS_SUCCESS:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return (IDMAP_SUCCESS);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    case ADUTILS_ERR_NOTFOUND:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return (IDMAP_ERR_NOTFOUND);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    case ADUTILS_ERR_MEMORY:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return (IDMAP_ERR_MEMORY);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    case ADUTILS_ERR_DOMAIN:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return (IDMAP_ERR_DOMAIN);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    case ADUTILS_ERR_OTHER:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return (IDMAP_ERR_OTHER);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    case ADUTILS_ERR_RETRIABLE_NET_ERR:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return (IDMAP_ERR_RETRIABLE_NET_ERR);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    default:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return (IDMAP_ERR_INTERNAL);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    }
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    /* NOTREACHED */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_retcode
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkreidmap_lookup_batch_start(adutils_ad_t *ad, int nqueries,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    int directory_based_mapping, const char *default_domain,
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    idmap_query_state_t **state)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    idmap_query_state_t *new_state;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    adutils_rc      rc;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    *state = NULL;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    assert(ad != NULL);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    new_state = calloc(1, sizeof (idmap_query_state_t) +
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        (nqueries - 1) * sizeof (idmap_q_t));
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (new_state == NULL)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (IDMAP_ERR_MEMORY);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    if ((rc = adutils_lookup_batch_start(ad, nqueries,
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        idmap_ldap_res_search_cb, new_state, &new_state->qs))
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        != ADUTILS_SUCCESS) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        idmap_lookup_release_batch(&new_state);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return (map_adrc2idmaprc(rc));
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    new_state->default_domain = strdup(default_domain);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (new_state->default_domain == NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        idmap_lookup_release_batch(&new_state);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        return (IDMAP_ERR_MEMORY);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    new_state->directory_based_mapping = directory_based_mapping;
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    new_state->qsize = nqueries;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    *state = new_state;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    return (IDMAP_SUCCESS);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban/*
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * Set unixuser_attr and unixgroup_attr for AD-based name mapping
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babanvoid
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babanidmap_lookup_batch_set_unixattr(idmap_query_state_t *state,
4edd44c51fec55142bfb7fb1ee7aaa13a910a80fjp        const char *unixuser_attr, const char *unixgroup_attr)
4edd44c51fec55142bfb7fb1ee7aaa13a910a80fjp{
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    state->ad_unixuser_attr = unixuser_attr;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    state->ad_unixgroup_attr = unixgroup_attr;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban}
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
cd37da7426f0c49c14ad9a8a07638ca971477566nw * Take parsed attribute values from a search result entry and check if
cd37da7426f0c49c14ad9a8a07638ca971477566nw * it is the result that was desired and, if so, set the result fields
cd37da7426f0c49c14ad9a8a07638ca971477566nw * of the given idmap_q_t.
cd37da7426f0c49c14ad9a8a07638ca971477566nw *
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * Except for dn and attr, all strings are consumed, either by transferring
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * them over into the request results (where the caller will eventually free
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * them) or by freeing them here.  Note that this aligns with the "const"
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * declarations below.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstatic
cd37da7426f0c49c14ad9a8a07638ca971477566nwvoid
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desaiidmap_setqresults(
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    idmap_q_t *q,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char *san,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    const char *dn,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    const char *attr,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char *value,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char *sid,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    rid_t rid,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    int sid_type,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char *unixname,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    posix_id_t pid)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
cd37da7426f0c49c14ad9a8a07638ca971477566nw    char *domain;
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown    int err1;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
cd37da7426f0c49c14ad9a8a07638ca971477566nw    assert(dn != NULL);
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    if ((domain = adutils_dn2dns(dn)) == NULL)
cd37da7426f0c49c14ad9a8a07638ca971477566nw        goto out;
cd37da7426f0c49c14ad9a8a07638ca971477566nw
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (q->ecanonname != NULL && san != NULL) {
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        /* Check that this is the canonname that we were looking for */
cd37da7426f0c49c14ad9a8a07638ca971477566nw        if (u8_strcmp(q->ecanonname, san, 0,
cd37da7426f0c49c14ad9a8a07638ca971477566nw            U8_STRCMP_CI_LOWER, /* no normalization, for now */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban            U8_UNICODE_LATEST, &err1) != 0 || err1 != 0)
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban            goto out;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    }
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (q->edomain != NULL) {
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        /* Check that this is the domain that we were looking for */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown        if (!domain_eq(q->edomain, domain))
cd37da7426f0c49c14ad9a8a07638ca971477566nw            goto out;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    }
cd37da7426f0c49c14ad9a8a07638ca971477566nw
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    /* Copy the DN and attr and value */
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    if (q->dn != NULL)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        *q->dn = strdup(dn);
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    if (q->attr != NULL && attr != NULL)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        *q->attr = strdup(attr);
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (q->value != NULL && value != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        *q->value = value;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        value = NULL;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    /* Set results */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (q->sid) {
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        *q->sid = sid;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        sid = NULL;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    }
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (q->rid)
cd37da7426f0c49c14ad9a8a07638ca971477566nw        *q->rid = rid;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (q->sid_type)
cd37da7426f0c49c14ad9a8a07638ca971477566nw        *q->sid_type = sid_type;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (q->unixname) {
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        *q->unixname = unixname;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        unixname = NULL;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    }
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (q->domain != NULL) {
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        *q->domain = domain;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        domain = NULL;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    }
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (q->canonname != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        /*
479ac37569625bae44ffb80071d4bc865fc710eddm         * The caller may be replacing the given winname by its
479ac37569625bae44ffb80071d4bc865fc710eddm         * canonical name and therefore free any old name before
479ac37569625bae44ffb80071d4bc865fc710eddm         * overwriting the field by the canonical name.
479ac37569625bae44ffb80071d4bc865fc710eddm         */
479ac37569625bae44ffb80071d4bc865fc710eddm        free(*q->canonname);
cd37da7426f0c49c14ad9a8a07638ca971477566nw        *q->canonname = san;
cd37da7426f0c49c14ad9a8a07638ca971477566nw        san = NULL;
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    }
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States    if (q->pid != NULL && pid != IDMAP_SENTINEL_PID) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        *q->pid = pid;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    q->ad_rc = ADUTILS_SUCCESS;
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
cd37da7426f0c49c14ad9a8a07638ca971477566nwout:
cd37da7426f0c49c14ad9a8a07638ca971477566nw    /* Free unused attribute values */
cd37da7426f0c49c14ad9a8a07638ca971477566nw    free(san);
cd37da7426f0c49c14ad9a8a07638ca971477566nw    free(sid);
cd37da7426f0c49c14ad9a8a07638ca971477566nw    free(domain);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    free(unixname);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    free(value);
cd37da7426f0c49c14ad9a8a07638ca971477566nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#define BVAL_CASEEQ(bv, str) \
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        (((*(bv))->bv_len == (sizeof (str) - 1)) && \
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw            strncasecmp((*(bv))->bv_val, str, (*(bv))->bv_len) == 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
cd37da7426f0c49c14ad9a8a07638ca971477566nw * Extract the class of the result entry.  Returns 1 on success, 0 on
cd37da7426f0c49c14ad9a8a07638ca971477566nw * failure.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstatic
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nwint
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_bv_objclass2sidtype(BerValue **bvalues, int *sid_type)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    BerValue    **cbval;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    *sid_type = IDMAP_SID;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (bvalues == NULL)
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw        return (0);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
cd37da7426f0c49c14ad9a8a07638ca971477566nw    /*
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai     * We consider Computer to be a subclass of User, so we can just
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai     * ignore Computer entries and pay attention to the accompanying
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai     * User entries.
cd37da7426f0c49c14ad9a8a07638ca971477566nw     */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    for (cbval = bvalues; *cbval != NULL; cbval++) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        if (BVAL_CASEEQ(cbval, "group")) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright            *sid_type = IDMAP_GSID;
cd37da7426f0c49c14ad9a8a07638ca971477566nw            break;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        } else if (BVAL_CASEEQ(cbval, "user")) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright            *sid_type = IDMAP_USID;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            break;
cd37da7426f0c49c14ad9a8a07638ca971477566nw        }
cd37da7426f0c49c14ad9a8a07638ca971477566nw        /*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright         * "else if (*sid_type = IDMAP_USID)" then this is a
cd37da7426f0c49c14ad9a8a07638ca971477566nw         * new sub-class of user -- what to do with it??
cd37da7426f0c49c14ad9a8a07638ca971477566nw         */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    }
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    return (1);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Handle a given search result entry
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstatic
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwvoid
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkreidmap_extract_object(idmap_query_state_t *state, idmap_q_t *q,
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    LDAPMessage *res, LDAP *ld)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    BerValue        **bvalues;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    const char      *attr = NULL;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char            *value = NULL;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char            *unix_name = NULL;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char            *dn;
cd37da7426f0c49c14ad9a8a07638ca971477566nw    char            *san = NULL;
cd37da7426f0c49c14ad9a8a07638ca971477566nw    char            *sid = NULL;
cd37da7426f0c49c14ad9a8a07638ca971477566nw    rid_t           rid = 0;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    int         sid_type;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    int         ok;
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States    posix_id_t      pid = IDMAP_SENTINEL_PID;
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    assert(q->rc != NULL);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    assert(q->domain == NULL || *q->domain == NULL);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    if ((dn = ldap_get_dn(ld, res)) == NULL)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    bvalues = ldap_get_values_len(ld, res, OBJCLASS);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (bvalues == NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        /*
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * Didn't find objectclass. Something's wrong with our
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * AD data.
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        idmapdlog(LOG_ERR, "%s has no %s", dn, OBJCLASS);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        goto out;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    ok = idmap_bv_objclass2sidtype(bvalues, &sid_type);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    ldap_value_free_len(bvalues);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (!ok) {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        /*
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * Didn't understand objectclass. Something's wrong with our
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * AD data.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw         */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        idmapdlog(LOG_ERR, "%s has unexpected %s", dn, OBJCLASS);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        goto out;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (state->directory_based_mapping == DIRECTORY_MAPPING_IDMU &&
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        q->pid != NULL) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        if (sid_type == IDMAP_USID)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            attr = UIDNUMBER;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        else if (sid_type == IDMAP_GSID)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            attr = GIDNUMBER;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        if (attr != NULL) {
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            bvalues = ldap_get_values_len(ld, res, attr);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            if (bvalues != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                value = adutils_bv_str(bvalues[0]);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                if (!adutils_bv_uint(bvalues[0], &pid)) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                    idmapdlog(LOG_ERR,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                        "%s has Invalid %s value \"%s\"",
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                        dn, attr, value);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban                }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                ldap_value_free_len(bvalues);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban            }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (state->directory_based_mapping == DIRECTORY_MAPPING_NAME &&
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        q->unixname != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        /*
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * If the caller has requested unixname then determine the
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * AD attribute name that will have the unixname, and retrieve
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * its value.
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        idmap_id_type esidtype;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        /*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright         * Determine the target type.
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         *
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * If the caller specified one, use that.  Otherwise, give the
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         * same type that as we found for the Windows user.
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai         */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        esidtype = q->esidtype;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        if (esidtype == IDMAP_SID)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright            esidtype = sid_type;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        if (esidtype == IDMAP_USID)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            attr = state->ad_unixuser_attr;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        else if (esidtype == IDMAP_GSID)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            attr = state->ad_unixgroup_attr;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        if (attr != NULL) {
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            bvalues = ldap_get_values_len(ld, res, attr);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            if (bvalues != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                unix_name = adutils_bv_str(bvalues[0]);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                ldap_value_free_len(bvalues);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai                value = strdup(unix_name);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    bvalues = ldap_get_values_len(ld, res, SAN);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (bvalues != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        san = adutils_bv_str(bvalues[0]);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        ldap_value_free_len(bvalues);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (q->sid != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        bvalues = ldap_get_values_len(ld, res, OBJSID);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        if (bvalues != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            sid = adutils_bv_objsid2sidstr(bvalues[0], &rid);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            ldap_value_free_len(bvalues);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        }
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    }
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    idmap_setqresults(q, san, dn,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        attr, value,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        sid, rid, sid_type,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        unix_name, pid);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desaiout:
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    ldap_memfree(dn);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkrevoid
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkreidmap_ldap_res_search_cb(LDAP *ld, LDAPMessage **res, int rc, int qid,
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        void *argp)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    idmap_query_state_t *state = (idmap_query_state_t *)argp;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    idmap_q_t       *q = &(state->queries[qid]);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    switch (rc) {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    case LDAP_RES_SEARCH_RESULT:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        if (q->search_res != NULL) {
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            idmap_extract_object(state, q, q->search_res, ld);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            (void) ldap_msgfree(q->search_res);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            q->search_res = NULL;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        } else
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            q->ad_rc = ADUTILS_ERR_NOTFOUND;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        break;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    case LDAP_RES_SEARCH_ENTRY:
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        if (q->search_res == NULL) {
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            q->search_res = *res;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            *res = NULL;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        break;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    default:
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        break;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    }
84decf41e1c0970e397cc8710dfcf81db5b8c6dajp}
84decf41e1c0970e397cc8710dfcf81db5b8c6dajp
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nwstatic
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nwvoid
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nwidmap_cleanup_batch(idmap_query_state_t *batch)
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw{
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    int i;
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    for (i = 0; i < batch->qcount; i++) {
cd37da7426f0c49c14ad9a8a07638ca971477566nw        if (batch->queries[i].ecanonname != NULL)
cd37da7426f0c49c14ad9a8a07638ca971477566nw            free(batch->queries[i].ecanonname);
cd37da7426f0c49c14ad9a8a07638ca971477566nw        batch->queries[i].ecanonname = NULL;
cd37da7426f0c49c14ad9a8a07638ca971477566nw        if (batch->queries[i].edomain != NULL)
cd37da7426f0c49c14ad9a8a07638ca971477566nw            free(batch->queries[i].edomain);
cd37da7426f0c49c14ad9a8a07638ca971477566nw        batch->queries[i].edomain = NULL;
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    }
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw}
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
84decf41e1c0970e397cc8710dfcf81db5b8c6dajp/*
84decf41e1c0970e397cc8710dfcf81db5b8c6dajp * This routine frees the idmap_query_state_t structure
84decf41e1c0970e397cc8710dfcf81db5b8c6dajp */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwvoid
84decf41e1c0970e397cc8710dfcf81db5b8c6dajpidmap_lookup_release_batch(idmap_query_state_t **state)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    if (state == NULL || *state == NULL)
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        return;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    adutils_lookup_batch_release(&(*state)->qs);
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    idmap_cleanup_batch(*state);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    free((*state)->default_domain);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    free(*state);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    *state = NULL;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_retcode
0dcc71495bad040a0c83830efc85acf8d897350dnwidmap_lookup_batch_end(idmap_query_state_t **state)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    adutils_rc      ad_rc;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    int         i;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    idmap_query_state_t *id_qs = *state;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    ad_rc = adutils_lookup_batch_end(&id_qs->qs);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    /*
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre     * Map adutils rc to idmap_retcode in each
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre     * query because consumers in dbutils.c
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre     * expects idmap_retcode.
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre     */
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    for (i = 0; i < id_qs->qcount; i++) {
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        *id_qs->queries[i].rc =
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre            map_adrc2idmaprc(id_qs->queries[i].ad_rc);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    }
84decf41e1c0970e397cc8710dfcf81db5b8c6dajp    idmap_lookup_release_batch(state);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    return (map_adrc2idmaprc(ad_rc));
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Send one prepared search, queue up msgid, process what results are
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * available
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstatic
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_retcode
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejpidmap_batch_add1(idmap_query_state_t *state, const char *filter,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    char *ecanonname, char *edomain, idmap_id_type esidtype,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char **dn, char **attr, char **value,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char **canonname, char **dname,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    char **sid, rid_t *rid, idmap_id_type *sid_type, char **unixname,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    posix_id_t *pid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    idmap_retcode *rc)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    adutils_rc  ad_rc;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    int     qid, i;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    idmap_q_t   *q;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char    *attrs[20]; /* Plenty */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    qid = atomic_inc_32_nv(&state->qcount) - 1;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    q = &(state->queries[qid]);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    assert(qid < state->qsize);
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen
cd37da7426f0c49c14ad9a8a07638ca971477566nw    /*
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre     * Remember the expected canonname, domainname and unix type
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre     * so we can check the results * against it
cd37da7426f0c49c14ad9a8a07638ca971477566nw     */
cd37da7426f0c49c14ad9a8a07638ca971477566nw    q->ecanonname = ecanonname;
cd37da7426f0c49c14ad9a8a07638ca971477566nw    q->edomain = edomain;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    q->esidtype = esidtype;
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    /* Remember where to put the results */
cd37da7426f0c49c14ad9a8a07638ca971477566nw    q->canonname = canonname;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    q->sid = sid;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    q->domain = dname;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    q->rid = rid;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    q->sid_type = sid_type;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    q->rc = rc;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    q->unixname = unixname;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    q->dn = dn;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    q->attr = attr;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    q->value = value;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    q->pid = pid;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    /* Add attributes that are not always needed */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    i = 0;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    attrs[i++] = SAN;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    attrs[i++] = OBJSID;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    attrs[i++] = OBJCLASS;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (unixname != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        /* Add unixuser/unixgroup attribute names to the attrs list */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        if (esidtype != IDMAP_GSID &&
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban            state->ad_unixuser_attr != NULL)
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban            attrs[i++] = (char *)state->ad_unixuser_attr;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        if (esidtype != IDMAP_USID &&
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban            state->ad_unixgroup_attr != NULL)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            attrs[i++] = (char *)state->ad_unixgroup_attr;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (pid != NULL) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        if (esidtype != IDMAP_GSID)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            attrs[i++] = UIDNUMBER;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        if (esidtype != IDMAP_USID)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            attrs[i++] = GIDNUMBER;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    attrs[i] = NULL;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    /*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     * Provide sane defaults for the results in case we never hear
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     * back from the DS before closing the connection.
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     *
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * In particular we default the result to indicate a retriable
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * error.  The first complete matching result entry will cause
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * this to be set to IDMAP_SUCCESS, and the end of the results
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * for this search will cause this to indicate "not found" if no
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * result entries arrived or no complete ones matched the lookup
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * we were doing.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    *rc = IDMAP_ERR_RETRIABLE_NET_ERR;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (sid_type != NULL)
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        *sid_type = IDMAP_SID;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (sid != NULL)
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        *sid = NULL;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (dname != NULL)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        *dname = NULL;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (rid != NULL)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        *rid = 0;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    if (dn != NULL)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        *dn = NULL;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    if (attr != NULL)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        *attr = NULL;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    if (value != NULL)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        *value = NULL;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
479ac37569625bae44ffb80071d4bc865fc710eddm    /*
479ac37569625bae44ffb80071d4bc865fc710eddm     * Don't set *canonname to NULL because it may be pointing to the
479ac37569625bae44ffb80071d4bc865fc710eddm     * given winname. Later on if we get a canonical name from AD the
479ac37569625bae44ffb80071d4bc865fc710eddm     * old name if any will be freed before assigning the new name.
479ac37569625bae44ffb80071d4bc865fc710eddm     */
479ac37569625bae44ffb80071d4bc865fc710eddm
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    /*
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre     * Invoke the mother of all APIs i.e. the adutils API
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     */
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    ad_rc = adutils_lookup_batch_add(state->qs, filter,
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        (const char **)attrs,
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre        edomain, &q->result, &q->ad_rc);
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    return (map_adrc2idmaprc(ad_rc));
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_retcode
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_name2sid_batch_add1(idmap_query_state_t *state,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    const char *name, const char *dname, idmap_id_type esidtype,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char **dn, char **attr, char **value,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char **canonname, char **sid, rid_t *rid,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    idmap_id_type *sid_type, char **unixname,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    posix_id_t *pid, idmap_retcode *rc)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    idmap_retcode   retcode;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char        *filter, *s_name;
cd37da7426f0c49c14ad9a8a07638ca971477566nw    char        *ecanonname, *edomain; /* expected canonname */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    /*
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * Strategy: search the global catalog for user/group by
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * sAMAccountName = user/groupname with "" as the base DN and by
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * userPrincipalName = user/groupname@domain.  The result
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * entries will be checked to conform to the name and domain
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * name given here.  The DN, sAMAccountName, userPrincipalName,
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * objectSid and objectClass of the result entries are all we
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * need to figure out which entries match the lookup, the SID of
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw     * the user/group and whether it is a user or a group.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
cd37da7426f0c49c14ad9a8a07638ca971477566nw    if ((ecanonname = strdup(name)) == NULL)
cd37da7426f0c49c14ad9a8a07638ca971477566nw        return (IDMAP_ERR_MEMORY);
cd37da7426f0c49c14ad9a8a07638ca971477566nw
d3a612ca42c17c3baa6c96ded00f98db349cc881nw    if (dname == NULL || *dname == '\0') {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        /* 'name' not qualified and dname not given */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        dname = state->default_domain;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        edomain = strdup(dname);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        if (edomain == NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            free(ecanonname);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            return (IDMAP_ERR_MEMORY);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        }
cd37da7426f0c49c14ad9a8a07638ca971477566nw    } else {
cd37da7426f0c49c14ad9a8a07638ca971477566nw        if ((edomain = strdup(dname)) == NULL) {
cd37da7426f0c49c14ad9a8a07638ca971477566nw            free(ecanonname);
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw            return (IDMAP_ERR_MEMORY);
cd37da7426f0c49c14ad9a8a07638ca971477566nw        }
e3c2d6aa3bc760b22fad3c83f876553f0d2c5b66nw    }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    if (!adutils_lookup_check_domain(state->qs, dname)) {
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen        free(ecanonname);
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen        free(edomain);
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen        return (IDMAP_ERR_DOMAIN_NOTFOUND);
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    }
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen
479ac37569625bae44ffb80071d4bc865fc710eddm    s_name = sanitize_for_ldap_filter(name);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_name == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        free(ecanonname);
479ac37569625bae44ffb80071d4bc865fc710eddm        free(edomain);
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    /* Assemble filter */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    (void) asprintf(&filter, SANFILTER, s_name);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (s_name != name)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        free(s_name);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (filter == NULL) {
cd37da7426f0c49c14ad9a8a07638ca971477566nw        free(ecanonname);
479ac37569625bae44ffb80071d4bc865fc710eddm        free(edomain);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (IDMAP_ERR_MEMORY);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
cd37da7426f0c49c14ad9a8a07638ca971477566nw    retcode = idmap_batch_add1(state, filter, ecanonname, edomain,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        esidtype, dn, attr, value, canonname, NULL, sid, rid, sid_type,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        unixname, pid, rc);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    free(filter);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    return (retcode);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_retcode
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_sid2name_batch_add1(idmap_query_state_t *state,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    const char *sid, const rid_t *rid, idmap_id_type esidtype,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char **dn, char **attr, char **value,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    char **name, char **dname, idmap_id_type *sid_type,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char **unixname, posix_id_t *pid, idmap_retcode *rc)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw{
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    idmap_retcode   retcode;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    int     ret;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char        *filter;
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    char        cbinsid[ADUTILS_MAXHEXBINSID + 1];
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    /*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     * Strategy: search [the global catalog] for user/group by
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     * objectSid = SID with empty base DN.  The DN, sAMAccountName
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     * and objectClass of the result are all we need to figure out
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     * the name of the SID and whether it is a user, a group or a
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     * computer.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw     */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen    if (!adutils_lookup_check_sid_prefix(state->qs, sid))
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen        return (IDMAP_ERR_DOMAIN_NOTFOUND);
4d61c878ad5fbf36c5338bef5994cc5fe88a589aJulian Pullen
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre    ret = adutils_txtsid2hexbinsid(sid, rid, &cbinsid[0], sizeof (cbinsid));
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (ret != 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (IDMAP_ERR_SID);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    /* Assemble filter */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    (void) asprintf(&filter, OBJSIDFILTER, cbinsid);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (filter == NULL)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (IDMAP_ERR_MEMORY);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    retcode = idmap_batch_add1(state, filter, NULL, NULL, esidtype,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        dn, attr, value, name, dname, NULL, NULL, sid_type, unixname,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        pid, rc);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    free(filter);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    return (retcode);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban}
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babanidmap_retcode
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babanidmap_unixname2sid_batch_add1(idmap_query_state_t *state,
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    const char *unixname, int is_user, int is_wuser,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char **dn, char **attr, char **value,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    char **sid, rid_t *rid, char **name,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    char **dname, idmap_id_type *sid_type, idmap_retcode *rc)
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban{
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    idmap_retcode   retcode;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char        *filter, *s_unixname;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    const char  *attrname;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    /* Get unixuser or unixgroup AD attribute name */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    attrname = (is_user) ?
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        state->ad_unixuser_attr : state->ad_unixgroup_attr;
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    if (attrname == NULL)
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        return (IDMAP_ERR_NOTFOUND);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
479ac37569625bae44ffb80071d4bc865fc710eddm    s_unixname = sanitize_for_ldap_filter(unixname);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_unixname == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    /*  Assemble filter */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    (void) asprintf(&filter, "(&(objectclass=%s)(%s=%s))",
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        is_wuser ? "user" : "group", attrname, s_unixname);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_unixname != unixname)
479ac37569625bae44ffb80071d4bc865fc710eddm        free(s_unixname);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (filter == NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        return (IDMAP_ERR_MEMORY);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    retcode = idmap_batch_add1(state, filter, NULL, NULL,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        IDMAP_POSIXID, dn, NULL, NULL, name, dname, sid, rid, sid_type,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        NULL, NULL, rc);
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    if (retcode == IDMAP_SUCCESS && attr != NULL) {
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        if ((*attr = strdup(attrname)) == NULL)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp            retcode = IDMAP_ERR_MEMORY;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    }
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    if (retcode == IDMAP_SUCCESS && value != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        if ((*value = strdup(unixname)) == NULL)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            retcode = IDMAP_ERR_MEMORY;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    free(filter);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    return (retcode);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai}
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desaiidmap_retcode
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desaiidmap_pid2sid_batch_add1(idmap_query_state_t *state,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    posix_id_t pid, int is_user,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char **dn, char **attr, char **value,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char **sid, rid_t *rid, char **name,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    char **dname, idmap_id_type *sid_type, idmap_retcode *rc)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai{
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    idmap_retcode   retcode;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    char        *filter;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    const char  *attrname;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    /*  Assemble filter */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (is_user) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        (void) asprintf(&filter, UIDNUMBERFILTER, pid);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        attrname = UIDNUMBER;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    } else {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        (void) asprintf(&filter, GIDNUMBERFILTER, pid);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        attrname = GIDNUMBER;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (filter == NULL)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        return (IDMAP_ERR_MEMORY);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    retcode = idmap_batch_add1(state, filter, NULL, NULL,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        IDMAP_POSIXID, dn, NULL, NULL, name, dname, sid, rid, sid_type,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        NULL, NULL, rc);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (retcode == IDMAP_SUCCESS && attr != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        if ((*attr = strdup(attrname)) == NULL)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            retcode = IDMAP_ERR_MEMORY;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    }
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    if (retcode == IDMAP_SUCCESS && value != NULL) {
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        (void) asprintf(value, "%u", pid);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        if (*value == NULL)
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai            retcode = IDMAP_ERR_MEMORY;
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp    }
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    free(filter);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    return (retcode);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}