1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * CDDL HEADER START
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * The contents of this file are subject to the terms of the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Common Development and Distribution License (the "License").
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * You may not use this file except in compliance with the License.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * See the License for the specific language governing permissions
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * and limitations under the License.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * When distributing Covered Code, include this CDDL HEADER in each
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * If applicable, add the following below this CDDL HEADER, with the
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * fields enclosed by brackets "[]" replaced with your own identifying
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * information: Portions Copyright [yyyy] [name of copyright owner]
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * CDDL HEADER END
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Retrieve directory information for standard UNIX users/groups.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * (NB: not just from files, but all nsswitch sources.)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brownstatic directory_error_t machine_sid_dav(directory_values_rpc *lvals,
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown unsigned int rid);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brownstatic directory_error_t directory_provider_nsswitch_populate(
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown directory_entry_rpc *pent, struct passwd *pwd, struct group *grp,
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Retrieve information by name.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Called indirectly through the directory_provider_static structure.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* 6835280 spurious lint error if the strlen is in the declaration */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown int host_name_len = strlen(_idmapdstate.hostname);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown (void) strcpy(my_host_name, _idmapdstate.hostname);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* We use len later, so this is not merely a workaround for 6835280 */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown int machine_sid_len = strlen(_idmapdstate.cfg->pgcfg.machine_sid);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown (void) strcpy(my_machine_sid, _idmapdstate.cfg->pgcfg.machine_sid);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown for (i = 0; i < ids->idmap_utf8str_list_len; i++) {
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Extract the type for this particular ID.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Advance to the next type, if it's there, else keep
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * using this type until we run out of IDs.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * If this entry has already been handled, one way or another,
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Is it our SID?
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Check whether the first part matches, then a "-",
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * then a single RID.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown if (strncasecmp(id, my_machine_sid, machine_sid_len) !=
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown if (*p != '\0')
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* Builtin, not handled here */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "getpwuid: %2 (%1)",
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "getgrgid: %2 (%1)",
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * If the caller has requested user or group
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * information specifically, we only set one of
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * pwd or grp.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * If the caller has requested either type, we try
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * both in the hopes of getting one.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Note that directory_provider_nsswitch_populate
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * considers it to be an error if both are set.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* prep for not found / error case */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "getpwnam: %2 (%1)",
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown /* prep for not found / error case */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "getgrnam: %2 (%1)",
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Didn't find it, don't populate the structure.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Another provider might populate it.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown de = directory_provider_nsswitch_populate(&del[i], pwd, grp,
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Given a pwd structure or a grp structure, and a list of attributes that
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * were requested, populate the structure to return to the caller.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * If it wasn't for this case, everything would be a lot simpler.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * UNIX allows users and groups with the same name. Windows doesn't.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "Ambiguous name, is both a user and a group",
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown llvals = calloc(nattrs, sizeof (directory_values_rpc));
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown pent->directory_entry_rpc_u.attrs.attrs_val = llvals;
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown pent->directory_entry_rpc_u.attrs.attrs_len = nattrs;
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown for (j = 0; j < nattrs; j++) {
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * We're going to refer to these a lot, so make a shorthand
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Start by assuming no errors and that we don't have
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * the information
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Handle attributes for user entries.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "posixAccount",
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh } else if (uu_strcaseeq(a, "distinguishedName")) {
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "uid=%s,ou=people,dc=%s",
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh } else if (uu_strcaseeq(a, "homeDirectory")) {
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh } else if (uu_strcaseeq(a, "x-sun-canonicalName")) {
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh } else if (uu_strcaseeq(a, "x-sun-provider")) {
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Handle attributes for group entries.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "posixGroup",
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh } else if (uu_strcaseeq(a, "distinguishedName")) {
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "cn=%s,ou=group,dc=%s",
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * NEEDSWORK: There is probably a non-cast
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * way to do this, but I don't immediately
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh } else if (uu_strcaseeq(a, "x-sun-canonicalName")) {
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh } else if (uu_strcaseeq(a, "x-sun-provider")) {
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "No memory allocating return value for user lookup", NULL));
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * Populate a directory attribute value with a SID based on our machine SID
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * and the specified RID.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * It's a bit perverse that we must take a text-format SID and turn it into
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * a binary-format SID, only to have the caller probably turn it back into
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown * text format, but SIDs are carried across LDAP in binary format.
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brownmachine_sid_dav(directory_values_rpc *lvals, unsigned int rid)
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown int len = strlen(_idmapdstate.cfg->pgcfg.machine_sid);
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown char buf[len + 100]; /* 100 is enough space for any RID */
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown de = bin_list_dav(lvals, sid, 1, sid_len(sid));
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown return (directory_error("ENOMEM.machine_sid_dav",
1fcced4c370617db71610fecffd5451a5894ca5eJordan Brown "Out of memory allocating return value for lookup", NULL));