idmap/idmapd/nldaputils.c

e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban/*
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * CDDL HEADER START
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban *
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * The contents of this file are subject to the terms of the
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * Common Development and Distribution License (the "License").
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * You may not use this file except in compliance with the License.
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban *
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * or http://www.opensolaris.org/os/licensing.
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * See the License for the specific language governing permissions
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * and limitations under the License.
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban *
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * When distributing Covered Code, include this CDDL HEADER in each
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * If applicable, add the following below this CDDL HEADER, with the
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * fields enclosed by brackets "[]" replaced with your own identifying
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * information: Portions Copyright [yyyy] [name of copyright owner]
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban *
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * CDDL HEADER END
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban/*
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * native LDAP related utility routines
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban#include "idmapd.h"
479ac37569625bae44ffb80071d4bc865fc710eddm#include "idmap_priv.h"
479ac37569625bae44ffb80071d4bc865fc710eddm#include "ns_sldap.h"
479ac37569625bae44ffb80071d4bc865fc710eddm#include "nldaputils.h"
479ac37569625bae44ffb80071d4bc865fc710eddm#include <assert.h>
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * The following are format strings used to construct LDAP search filters
479ac37569625bae44ffb80071d4bc865fc710eddm * when looking up Native LDAP directory service. The _F_XXX_SSD format
479ac37569625bae44ffb80071d4bc865fc710eddm * is used by the libsldap API if a corresponding SSD is defined in
479ac37569625bae44ffb80071d4bc865fc710eddm * Native LDAP configuration. The SSD contains a string that replaces
479ac37569625bae44ffb80071d4bc865fc710eddm * the first %s in _F_XXX_SSD. If no SSD is defined then the regular
479ac37569625bae44ffb80071d4bc865fc710eddm * _F_XXX format is used.
479ac37569625bae44ffb80071d4bc865fc710eddm *
479ac37569625bae44ffb80071d4bc865fc710eddm * Note that '\\' needs to be represented as "\\5c" in LDAP filters.
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/* Native LDAP lookup using UNIX username */
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETPWNAM     "(&(objectClass=posixAccount)(uid=%s))"
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETPWNAM_SSD     "(&(%%s)(uid=%s))"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * Native LDAP user lookup using names of well-known SIDs
479ac37569625bae44ffb80071d4bc865fc710eddm * Note the use of 1$, 2$ in the format string which basically
479ac37569625bae44ffb80071d4bc865fc710eddm * allows snprintf to re-use its first two arguments.
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETPWWNAMWK \
479ac37569625bae44ffb80071d4bc865fc710eddm        "(&(objectClass=posixAccount)(|(%s=%s)(%1$s=BUILTIN\\5c%2$s)))"
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETPWWNAMWK_SSD  "(&(%%s)(|(%s=%s)(%1$s=BUILTIN\\5c%2$s)))"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/* Native LDAP user lookup using winname@windomain OR windomain\winname */
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETPWWNAMDOM \
479ac37569625bae44ffb80071d4bc865fc710eddm    "(&(objectClass=posixAccount)(|(%s=%s@%s)(%1$s=%3$s\\5c%2$s)))"
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETPWWNAMDOM_SSD "(&(%%s)(|(%s=%s@%s)(%1$s=%3$s\\5c%2$s)))"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/* Native LDAP lookup using UID */
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETPWUID     "(&(objectClass=posixAccount)(uidNumber=%u))"
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETPWUID_SSD     "(&(%%s)(uidNumber=%u))"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/* Native LDAP lookup using UNIX groupname */
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETGRNAM     "(&(objectClass=posixGroup)(cn=%s))"
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETGRNAM_SSD     "(&(%%s)(cn=%s))"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/* Native LDAP group lookup using names of well-known SIDs */
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETGRWNAMWK \
479ac37569625bae44ffb80071d4bc865fc710eddm        "(&(objectClass=posixGroup)(|(%s=%s)(%1$s=BUILTIN\\5c%2$s)))"
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETGRWNAMWK_SSD  "(&(%%s)(|(%s=%s)(%1$s=BUILTIN\\5c%2$s)))"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/* Native LDAP group lookup using winname@windomain OR windomain\winname */
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETGRWNAMDOM \
479ac37569625bae44ffb80071d4bc865fc710eddm        "(&(objectClass=posixGroup)(|(%s=%s@%s)(%1$s=%3$s\\5c%2$s)))"
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETGRWNAMDOM_SSD "(&(%%s)(|(%s=%s@%s)(%1$s=%3$s\\5c%2$s)))"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/* Native LDAP lookup using GID */
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETGRGID     "(&(objectClass=posixGroup)(gidNumber=%u))"
479ac37569625bae44ffb80071d4bc865fc710eddm#define _F_GETGRGID_SSD     "(&(%%s)(gidNumber=%u))"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/* Native LDAP attribute names */
479ac37569625bae44ffb80071d4bc865fc710eddm#define UID         "uid"
479ac37569625bae44ffb80071d4bc865fc710eddm#define CN          "cn"
479ac37569625bae44ffb80071d4bc865fc710eddm#define UIDNUMBER       "uidnumber"
479ac37569625bae44ffb80071d4bc865fc710eddm#define GIDNUMBER       "gidnumber"
479ac37569625bae44ffb80071d4bc865fc710eddm#define DN          "dn"
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm#define IS_NLDAP_RC_FATAL(x)    ((x == NS_LDAP_MEMORY) ? 1 : 0)
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddmtypedef struct idmap_nldap_q {
479ac37569625bae44ffb80071d4bc865fc710eddm    char            **winname;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            **windomain;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            **unixname;
479ac37569625bae44ffb80071d4bc865fc710eddm    uid_t           *pid;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            **dn;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            **attr;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            **value;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         is_user;
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_retcode       *rc;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         lrc;
479ac37569625bae44ffb80071d4bc865fc710eddm    ns_ldap_result_t    *result;
479ac37569625bae44ffb80071d4bc865fc710eddm    ns_ldap_error_t     *errorp;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            *filter;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            *udata;
479ac37569625bae44ffb80071d4bc865fc710eddm} idmap_nldap_q_t;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddmtypedef struct idmap_nldap_query_state {
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *nldap_winname_attr;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *defdom;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         nqueries;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         qid;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         flag;
479ac37569625bae44ffb80071d4bc865fc710eddm    ns_ldap_list_batch_t    *batch;
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_nldap_q_t     queries[1];
479ac37569625bae44ffb80071d4bc865fc710eddm} idmap_nldap_query_state_t;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * This routine has been copied from lib/nsswitch/ldap/common/ldap_utils.c
479ac37569625bae44ffb80071d4bc865fc710eddm * after removing the debug statements.
479ac37569625bae44ffb80071d4bc865fc710eddm *
479ac37569625bae44ffb80071d4bc865fc710eddm * This is a generic filter callback function for merging the filter
479ac37569625bae44ffb80071d4bc865fc710eddm * from service search descriptor with an existing search filter. This
479ac37569625bae44ffb80071d4bc865fc710eddm * routine expects userdata to contain a format string with a single %s
479ac37569625bae44ffb80071d4bc865fc710eddm * in it, and will use the format string with sprintf() to insert the
479ac37569625bae44ffb80071d4bc865fc710eddm * SSD filter.
479ac37569625bae44ffb80071d4bc865fc710eddm *
479ac37569625bae44ffb80071d4bc865fc710eddm * This routine and userdata are passed to the __ns_ldap_list_batch_add()
479ac37569625bae44ffb80071d4bc865fc710eddm * API.
479ac37569625bae44ffb80071d4bc865fc710eddm *
479ac37569625bae44ffb80071d4bc865fc710eddm * Consider an example that uses __ns_ldap_list_batch_add() to lookup
479ac37569625bae44ffb80071d4bc865fc710eddm * native LDAP directory using a given userid 'xy12345'. In this
479ac37569625bae44ffb80071d4bc865fc710eddm * example the userdata will contain the filter "(&(%s)(cn=xy1234))".
479ac37569625bae44ffb80071d4bc865fc710eddm * If a SSD is defined to replace the rfc2307bis specified filter
479ac37569625bae44ffb80071d4bc865fc710eddm * i.e. (objectClass=posixAccount) by a site-specific filter
479ac37569625bae44ffb80071d4bc865fc710eddm * say (department=sds) then this routine when called will produce
479ac37569625bae44ffb80071d4bc865fc710eddm * "(&(department=sds)(uid=xy1234))" as the real search filter.
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
479ac37569625bae44ffb80071d4bc865fc710eddmint
479ac37569625bae44ffb80071d4bc865fc710eddmmerge_SSD_filter(const ns_ldap_search_desc_t *desc,
479ac37569625bae44ffb80071d4bc865fc710eddm    char **realfilter, const void *userdata)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    int len;
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe    char *checker;
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe
479ac37569625bae44ffb80071d4bc865fc710eddm    if (realfilter == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm        return (NS_LDAP_INVALID_PARAM);
479ac37569625bae44ffb80071d4bc865fc710eddm    *realfilter = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm    if (desc == NULL || desc->filter == NULL || userdata == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm        return (NS_LDAP_INVALID_PARAM);
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe    /* Parameter check.  We only want one %s here, otherwise bail. */
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe    len = 0;    /* Reuse 'len' as "Number of %s hits"... */
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe    checker = (char *)userdata;
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe    do {
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe        checker = strchr(checker, '%');
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe        if (checker != NULL) {
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe            if (len > 0 || *(checker + 1) != 's')
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe                return (NS_LDAP_INVALID_PARAM);
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe            len++;  /* Got our %s. */
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe            checker += 2;
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe        } else if (len != 1)
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe            return (NS_LDAP_INVALID_PARAM);
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe    } while (checker != NULL);
528b7d8ba791f2da280ff1ddd45c61eb47a2744eRichard Lowe
479ac37569625bae44ffb80071d4bc865fc710eddm    len = strlen(userdata) + strlen(desc->filter) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm    *realfilter = (char *)malloc(len);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (*realfilter == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm        return (NS_LDAP_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    (void) sprintf(*realfilter, (char *)userdata, desc->filter);
479ac37569625bae44ffb80071d4bc865fc710eddm    return (NS_LDAP_SUCCESS);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
479ac37569625bae44ffb80071d4bc865fc710eddmchar
479ac37569625bae44ffb80071d4bc865fc710eddmhex_char(int n)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    return ("0123456789abcdef"[n & 0xf]);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * If the input string contains special characters that needs to be
479ac37569625bae44ffb80071d4bc865fc710eddm * escaped before the string can be used in a LDAP filter then this
479ac37569625bae44ffb80071d4bc865fc710eddm * function will return a new sanitized string. Otherwise this function
479ac37569625bae44ffb80071d4bc865fc710eddm * returns the input string (This saves us un-necessary memory allocations
479ac37569625bae44ffb80071d4bc865fc710eddm * especially when processing a batch of requests). The caller must free
479ac37569625bae44ffb80071d4bc865fc710eddm * the returned string if it isn't the input string.
479ac37569625bae44ffb80071d4bc865fc710eddm *
479ac37569625bae44ffb80071d4bc865fc710eddm * The escape mechanism for LDAP filter is described in RFC2254 basically
479ac37569625bae44ffb80071d4bc865fc710eddm * it's \hh where hh are the two hexadecimal digits representing the ASCII
479ac37569625bae44ffb80071d4bc865fc710eddm * value of the encoded character (case of hh is not significant).
479ac37569625bae44ffb80071d4bc865fc710eddm * Example: * -> \2a, ( -> \28, ) -> \29, \ -> \5c,
479ac37569625bae44ffb80071d4bc865fc710eddm *
479ac37569625bae44ffb80071d4bc865fc710eddm * outstring = sanitize_for_ldap_filter(instring);
479ac37569625bae44ffb80071d4bc865fc710eddm * if (outstring == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm *  Out of memory
479ac37569625bae44ffb80071d4bc865fc710eddm * else
479ac37569625bae44ffb80071d4bc865fc710eddm *  Use outstring
479ac37569625bae44ffb80071d4bc865fc710eddm *  if (outstring != instring)
479ac37569625bae44ffb80071d4bc865fc710eddm *      free(outstring);
479ac37569625bae44ffb80071d4bc865fc710eddm * done
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmchar *
479ac37569625bae44ffb80071d4bc865fc710eddmsanitize_for_ldap_filter(const char *str)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    const char  *p;
479ac37569625bae44ffb80071d4bc865fc710eddm    char        *q, *s_str = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm    int     n;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    /* Get a count of special characters */
479ac37569625bae44ffb80071d4bc865fc710eddm    for (p = str, n = 0; *p; p++)
479ac37569625bae44ffb80071d4bc865fc710eddm        if (*p == '*' || *p == '(' || *p == ')' ||
479ac37569625bae44ffb80071d4bc865fc710eddm            *p == '\\' || *p == '%')
479ac37569625bae44ffb80071d4bc865fc710eddm            n++;
479ac37569625bae44ffb80071d4bc865fc710eddm    /* If count is zero then no need to sanitize */
479ac37569625bae44ffb80071d4bc865fc710eddm    if (n == 0)
479ac37569625bae44ffb80071d4bc865fc710eddm        return ((char *)str);
479ac37569625bae44ffb80071d4bc865fc710eddm    /* Create output buffer that will contain the sanitized value */
479ac37569625bae44ffb80071d4bc865fc710eddm    s_str = calloc(1, n * 2 + strlen(str) + 1);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_str == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm        return (NULL);
479ac37569625bae44ffb80071d4bc865fc710eddm    for (p = str, q = s_str; *p; p++) {
479ac37569625bae44ffb80071d4bc865fc710eddm        if (*p == '*' || *p == '(' || *p == ')' ||
479ac37569625bae44ffb80071d4bc865fc710eddm            *p == '\\' || *p == '%') {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q++ = '\\';
479ac37569625bae44ffb80071d4bc865fc710eddm            *q++ = hex_char(*p >> 4);
479ac37569625bae44ffb80071d4bc865fc710eddm            *q++ = hex_char(*p & 0xf);
479ac37569625bae44ffb80071d4bc865fc710eddm        } else
479ac37569625bae44ffb80071d4bc865fc710eddm            *q++ = *p;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    return (s_str);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * Map libsldap status to idmap  status
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_retcode
479ac37569625bae44ffb80071d4bc865fc710eddmnldaprc2retcode(int rc)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    switch (rc) {
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_SUCCESS:
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_SUCCESS_WITH_INFO:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_SUCCESS);
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_NOTFOUND:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_NOTFOUND);
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_MEMORY:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_CONFIG:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_NS_LDAP_CFG);
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_OP_FAILED:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_NS_LDAP_OP_FAILED);
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_PARTIAL:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_NS_LDAP_PARTIAL);
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_INTERNAL:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_INTERNAL);
479ac37569625bae44ffb80071d4bc865fc710eddm    case NS_LDAP_INVALID_PARAM:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_ARG);
479ac37569625bae44ffb80071d4bc865fc710eddm    default:
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_OTHER);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    /*NOTREACHED*/
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * Create a batch for native LDAP lookup.
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_retcode
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_nldap_lookup_batch_start(int nqueries, idmap_nldap_query_state_t **qs)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_nldap_query_state_t   *s;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    s = calloc(1, sizeof (*s) +
479ac37569625bae44ffb80071d4bc865fc710eddm        (nqueries - 1) * sizeof (idmap_nldap_q_t));
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (__ns_ldap_list_batch_start(&s->batch) != NS_LDAP_SUCCESS) {
479ac37569625bae44ffb80071d4bc865fc710eddm        free(s);
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    s->nqueries = nqueries;
479ac37569625bae44ffb80071d4bc865fc710eddm    s->flag = NS_LDAP_KEEP_CONN;
479ac37569625bae44ffb80071d4bc865fc710eddm    *qs = s;
479ac37569625bae44ffb80071d4bc865fc710eddm    return (IDMAP_SUCCESS);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * Add a lookup by winname request to the batch.
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babanidmap_retcode
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_nldap_bywinname_batch_add(idmap_nldap_query_state_t *qs,
479ac37569625bae44ffb80071d4bc865fc710eddm    const char *winname, const char *windomain, int is_user,
479ac37569625bae44ffb80071d4bc865fc710eddm    char **dn, char **attr, char **value,
479ac37569625bae44ffb80071d4bc865fc710eddm    char **unixname, uid_t *pid, idmap_retcode *rc)
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban{
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_nldap_q_t     *q;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *db, *filter, *udata;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         flen, ulen, wksid = 0;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            *s_winname, *s_windomain;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      **attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *pwd_attrs[] = {UID, UIDNUMBER, NULL, NULL};
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *grp_attrs[] = {CN, GIDNUMBER, NULL, NULL};
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    s_winname = s_windomain = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm    q = &(qs->queries[qs->qid++]);
479ac37569625bae44ffb80071d4bc865fc710eddm    q->unixname = unixname;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->pid = pid;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->rc = rc;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->is_user = is_user;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->dn = dn;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->attr = attr;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->value = value;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (is_user) {
479ac37569625bae44ffb80071d4bc865fc710eddm        db = "passwd";
08f0d8da054d72c87f9a35f2ea891d2c3541ceb5afshin salek ardakani - Sun Microsystems - Irvine United States        if (lookup_wksids_name2sid(winname, NULL, NULL, NULL, NULL,
08f0d8da054d72c87f9a35f2ea891d2c3541ceb5afshin salek ardakani - Sun Microsystems - Irvine United States            NULL, NULL) == IDMAP_SUCCESS) {
479ac37569625bae44ffb80071d4bc865fc710eddm            filter = _F_GETPWWNAMWK;
479ac37569625bae44ffb80071d4bc865fc710eddm            udata = _F_GETPWWNAMWK_SSD;
479ac37569625bae44ffb80071d4bc865fc710eddm            wksid = 1;
479ac37569625bae44ffb80071d4bc865fc710eddm        } else if (windomain != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            filter = _F_GETPWWNAMDOM;
479ac37569625bae44ffb80071d4bc865fc710eddm            udata = _F_GETPWWNAMDOM_SSD;
479ac37569625bae44ffb80071d4bc865fc710eddm        } else {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->rc = IDMAP_ERR_DOMAIN_NOTFOUND;
479ac37569625bae44ffb80071d4bc865fc710eddm            goto errout;
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        pwd_attrs[2] = qs->nldap_winname_attr;
479ac37569625bae44ffb80071d4bc865fc710eddm        attrs = pwd_attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    } else {
479ac37569625bae44ffb80071d4bc865fc710eddm        db = "group";
08f0d8da054d72c87f9a35f2ea891d2c3541ceb5afshin salek ardakani - Sun Microsystems - Irvine United States        if (lookup_wksids_name2sid(winname, NULL, NULL, NULL, NULL,
08f0d8da054d72c87f9a35f2ea891d2c3541ceb5afshin salek ardakani - Sun Microsystems - Irvine United States            NULL, NULL) == IDMAP_SUCCESS) {
479ac37569625bae44ffb80071d4bc865fc710eddm            filter = _F_GETGRWNAMWK;
479ac37569625bae44ffb80071d4bc865fc710eddm            udata = _F_GETGRWNAMWK_SSD;
479ac37569625bae44ffb80071d4bc865fc710eddm            wksid = 1;
479ac37569625bae44ffb80071d4bc865fc710eddm        } else if (windomain != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            filter = _F_GETGRWNAMDOM;
479ac37569625bae44ffb80071d4bc865fc710eddm            udata = _F_GETGRWNAMDOM_SSD;
479ac37569625bae44ffb80071d4bc865fc710eddm        } else {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->rc = IDMAP_ERR_DOMAIN_NOTFOUND;
479ac37569625bae44ffb80071d4bc865fc710eddm            goto errout;
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        grp_attrs[2] = qs->nldap_winname_attr;
479ac37569625bae44ffb80071d4bc865fc710eddm        attrs = grp_attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban    /*
479ac37569625bae44ffb80071d4bc865fc710eddm     * Sanitize names. No need to sanitize qs->nldap_winname_attr
479ac37569625bae44ffb80071d4bc865fc710eddm     * because if it contained any of the special characters then
479ac37569625bae44ffb80071d4bc865fc710eddm     * it would have been rejected by the function that reads it
479ac37569625bae44ffb80071d4bc865fc710eddm     * from the SMF config. LDAP attribute names can only contain
479ac37569625bae44ffb80071d4bc865fc710eddm     * letters, digits or hyphens.
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban     */
479ac37569625bae44ffb80071d4bc865fc710eddm    s_winname = sanitize_for_ldap_filter(winname);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_winname == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm        goto errout;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    /* windomain could be NULL for names of well-known SIDs */
479ac37569625bae44ffb80071d4bc865fc710eddm    if (windomain != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        s_windomain = sanitize_for_ldap_filter(windomain);
479ac37569625bae44ffb80071d4bc865fc710eddm        if (s_windomain == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm            goto errout;
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    /* Construct the filter and udata using snprintf. */
479ac37569625bae44ffb80071d4bc865fc710eddm    if (wksid) {
479ac37569625bae44ffb80071d4bc865fc710eddm        flen = snprintf(NULL, 0, filter, qs->nldap_winname_attr,
479ac37569625bae44ffb80071d4bc865fc710eddm            s_winname) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm        ulen = snprintf(NULL, 0, udata, qs->nldap_winname_attr,
479ac37569625bae44ffb80071d4bc865fc710eddm            s_winname) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm    } else {
479ac37569625bae44ffb80071d4bc865fc710eddm        flen = snprintf(NULL, 0, filter, qs->nldap_winname_attr,
479ac37569625bae44ffb80071d4bc865fc710eddm            s_winname, s_windomain) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm        ulen = snprintf(NULL, 0, udata, qs->nldap_winname_attr,
479ac37569625bae44ffb80071d4bc865fc710eddm            s_winname, s_windomain) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    q->filter = malloc(flen);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (q->filter == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm        goto errout;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    q->udata = malloc(ulen);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (q->udata == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm        goto errout;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (wksid) {
479ac37569625bae44ffb80071d4bc865fc710eddm        (void) snprintf(q->filter, flen, filter,
479ac37569625bae44ffb80071d4bc865fc710eddm            qs->nldap_winname_attr, s_winname);
479ac37569625bae44ffb80071d4bc865fc710eddm        (void) snprintf(q->udata, ulen, udata,
479ac37569625bae44ffb80071d4bc865fc710eddm            qs->nldap_winname_attr, s_winname);
479ac37569625bae44ffb80071d4bc865fc710eddm    } else {
479ac37569625bae44ffb80071d4bc865fc710eddm        (void) snprintf(q->filter, flen, filter,
479ac37569625bae44ffb80071d4bc865fc710eddm            qs->nldap_winname_attr, s_winname, s_windomain);
479ac37569625bae44ffb80071d4bc865fc710eddm        (void) snprintf(q->udata, ulen, udata,
479ac37569625bae44ffb80071d4bc865fc710eddm            qs->nldap_winname_attr, s_winname, s_windomain);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_winname != winname)
479ac37569625bae44ffb80071d4bc865fc710eddm        free(s_winname);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_windomain != windomain)
479ac37569625bae44ffb80071d4bc865fc710eddm        free(s_windomain);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    q->lrc = __ns_ldap_list_batch_add(qs->batch, db, q->filter,
479ac37569625bae44ffb80071d4bc865fc710eddm        merge_SSD_filter, attrs, NULL, qs->flag, &q->result,
479ac37569625bae44ffb80071d4bc865fc710eddm        &q->errorp, &q->lrc, NULL, q->udata);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (IS_NLDAP_RC_FATAL(q->lrc))
479ac37569625bae44ffb80071d4bc865fc710eddm        return (nldaprc2retcode(q->lrc));
479ac37569625bae44ffb80071d4bc865fc710eddm    return (IDMAP_SUCCESS);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddmerrout:
479ac37569625bae44ffb80071d4bc865fc710eddm    /* query q and its content will be freed by batch_release */
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_winname != winname)
479ac37569625bae44ffb80071d4bc865fc710eddm        free(s_winname);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_windomain != windomain)
479ac37569625bae44ffb80071d4bc865fc710eddm        free(s_windomain);
479ac37569625bae44ffb80071d4bc865fc710eddm    return (*q->rc);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * Add a lookup by uid/gid request to the batch.
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_retcode
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_nldap_bypid_batch_add(idmap_nldap_query_state_t *qs,
479ac37569625bae44ffb80071d4bc865fc710eddm    uid_t pid, int is_user, char **dn, char **attr, char **value,
479ac37569625bae44ffb80071d4bc865fc710eddm    char **winname, char **windomain,
479ac37569625bae44ffb80071d4bc865fc710eddm    char **unixname, idmap_retcode *rc)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_nldap_q_t     *q;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *db, *filter, *udata;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         len;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      **attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *pwd_attrs[] = {UID, NULL, NULL};
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *grp_attrs[] = {CN, NULL, NULL};
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    q = &(qs->queries[qs->qid++]);
479ac37569625bae44ffb80071d4bc865fc710eddm    q->winname = winname;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->windomain = windomain;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->unixname = unixname;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->rc = rc;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->is_user = is_user;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->dn = dn;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->attr = attr;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->value = value;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (is_user) {
479ac37569625bae44ffb80071d4bc865fc710eddm        db = "passwd";
479ac37569625bae44ffb80071d4bc865fc710eddm        filter = _F_GETPWUID;
479ac37569625bae44ffb80071d4bc865fc710eddm        udata = _F_GETPWUID_SSD;
479ac37569625bae44ffb80071d4bc865fc710eddm        pwd_attrs[1] = qs->nldap_winname_attr;
479ac37569625bae44ffb80071d4bc865fc710eddm        attrs = pwd_attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    } else {
479ac37569625bae44ffb80071d4bc865fc710eddm        db = "group";
479ac37569625bae44ffb80071d4bc865fc710eddm        filter = _F_GETGRGID;
479ac37569625bae44ffb80071d4bc865fc710eddm        udata = _F_GETGRGID_SSD;
479ac37569625bae44ffb80071d4bc865fc710eddm        grp_attrs[1] = qs->nldap_winname_attr;
479ac37569625bae44ffb80071d4bc865fc710eddm        attrs = grp_attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    len = snprintf(NULL, 0, filter, pid) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->filter = malloc(len);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (q->filter == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    (void) snprintf(q->filter, len, filter, pid);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    len = snprintf(NULL, 0, udata, pid) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->udata = malloc(len);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (q->udata == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    (void) snprintf(q->udata, len, udata, pid);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    q->lrc = __ns_ldap_list_batch_add(qs->batch, db, q->filter,
479ac37569625bae44ffb80071d4bc865fc710eddm        merge_SSD_filter, attrs, NULL, qs->flag, &q->result,
479ac37569625bae44ffb80071d4bc865fc710eddm        &q->errorp, &q->lrc, NULL, q->udata);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (IS_NLDAP_RC_FATAL(q->lrc))
479ac37569625bae44ffb80071d4bc865fc710eddm        return (nldaprc2retcode(q->lrc));
479ac37569625bae44ffb80071d4bc865fc710eddm    return (IDMAP_SUCCESS);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * Add a lookup by user/group name request to the batch.
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_retcode
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_nldap_byunixname_batch_add(idmap_nldap_query_state_t *qs,
479ac37569625bae44ffb80071d4bc865fc710eddm    const char *unixname, int is_user,
479ac37569625bae44ffb80071d4bc865fc710eddm    char **dn, char **attr, char **value,
479ac37569625bae44ffb80071d4bc865fc710eddm    char **winname, char **windomain, uid_t *pid, idmap_retcode *rc)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_nldap_q_t     *q;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *db, *filter, *udata;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         len;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            *s_unixname = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      **attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *pwd_attrs[] = {UIDNUMBER, NULL, NULL};
479ac37569625bae44ffb80071d4bc865fc710eddm    const char      *grp_attrs[] = {GIDNUMBER, NULL, NULL};
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    q = &(qs->queries[qs->qid++]);
479ac37569625bae44ffb80071d4bc865fc710eddm    q->winname = winname;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->windomain = windomain;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->pid = pid;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->rc = rc;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->is_user = is_user;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->dn = dn;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->attr = attr;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->value = value;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (is_user) {
479ac37569625bae44ffb80071d4bc865fc710eddm        db = "passwd";
479ac37569625bae44ffb80071d4bc865fc710eddm        filter = _F_GETPWNAM;
479ac37569625bae44ffb80071d4bc865fc710eddm        udata = _F_GETPWNAM_SSD;
479ac37569625bae44ffb80071d4bc865fc710eddm        pwd_attrs[1] = qs->nldap_winname_attr;
479ac37569625bae44ffb80071d4bc865fc710eddm        attrs = pwd_attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    } else {
479ac37569625bae44ffb80071d4bc865fc710eddm        db = "group";
479ac37569625bae44ffb80071d4bc865fc710eddm        filter = _F_GETGRNAM;
479ac37569625bae44ffb80071d4bc865fc710eddm        udata = _F_GETGRNAM_SSD;
479ac37569625bae44ffb80071d4bc865fc710eddm        grp_attrs[1] = qs->nldap_winname_attr;
479ac37569625bae44ffb80071d4bc865fc710eddm        attrs = grp_attrs;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    s_unixname = sanitize_for_ldap_filter(unixname);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_unixname == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    len = snprintf(NULL, 0, filter, s_unixname) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->filter = malloc(len);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (q->filter == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        if (s_unixname != unixname)
479ac37569625bae44ffb80071d4bc865fc710eddm            free(s_unixname);
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    (void) snprintf(q->filter, len, filter, s_unixname);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    len = snprintf(NULL, 0, udata, s_unixname) + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm    q->udata = malloc(len);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (q->udata == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm        if (s_unixname != unixname)
479ac37569625bae44ffb80071d4bc865fc710eddm            free(s_unixname);
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_ERR_MEMORY);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    (void) snprintf(q->udata, len, udata, s_unixname);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (s_unixname != unixname)
479ac37569625bae44ffb80071d4bc865fc710eddm        free(s_unixname);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    q->lrc = __ns_ldap_list_batch_add(qs->batch, db, q->filter,
479ac37569625bae44ffb80071d4bc865fc710eddm        merge_SSD_filter, attrs, NULL, qs->flag, &q->result,
479ac37569625bae44ffb80071d4bc865fc710eddm        &q->errorp, &q->lrc, NULL, q->udata);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (IS_NLDAP_RC_FATAL(q->lrc))
479ac37569625bae44ffb80071d4bc865fc710eddm        return (nldaprc2retcode(q->lrc));
479ac37569625bae44ffb80071d4bc865fc710eddm    return (IDMAP_SUCCESS);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * Free the batch
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
479ac37569625bae44ffb80071d4bc865fc710eddmvoid
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_nldap_lookup_batch_release(idmap_nldap_query_state_t *qs)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_nldap_q_t     *q;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         i;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (qs->batch != NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm        (void) __ns_ldap_list_batch_release(qs->batch);
479ac37569625bae44ffb80071d4bc865fc710eddm    for (i = 0; i < qs->qid; i++) {
479ac37569625bae44ffb80071d4bc865fc710eddm        q = &(qs->queries[i]);
479ac37569625bae44ffb80071d4bc865fc710eddm        free(q->filter);
479ac37569625bae44ffb80071d4bc865fc710eddm        free(q->udata);
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->errorp != NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm            (void) __ns_ldap_freeError(&q->errorp);
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->result != NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm            (void) __ns_ldap_freeResult(&q->result);
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm    free(qs);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm/*
479ac37569625bae44ffb80071d4bc865fc710eddm * Process all requests added to the batch and then free the batch.
479ac37569625bae44ffb80071d4bc865fc710eddm * The results for individual requests will be accessible using the
479ac37569625bae44ffb80071d4bc865fc710eddm * pointers passed during idmap_nldap_lookup_batch_end.
479ac37569625bae44ffb80071d4bc865fc710eddm */
479ac37569625bae44ffb80071d4bc865fc710eddmstatic
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_retcode
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_nldap_lookup_batch_end(idmap_nldap_query_state_t *qs)
479ac37569625bae44ffb80071d4bc865fc710eddm{
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_nldap_q_t     *q;
479ac37569625bae44ffb80071d4bc865fc710eddm    int         i;
479ac37569625bae44ffb80071d4bc865fc710eddm    ns_ldap_entry_t     *entry;
479ac37569625bae44ffb80071d4bc865fc710eddm    char            **val, *end, *str, *name, *dom;
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_retcode       rc = IDMAP_SUCCESS;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    (void) __ns_ldap_list_batch_end(qs->batch);
479ac37569625bae44ffb80071d4bc865fc710eddm    qs->batch = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm    for (i = 0; i < qs->qid; i++) {
479ac37569625bae44ffb80071d4bc865fc710eddm        q = &(qs->queries[i]);
479ac37569625bae44ffb80071d4bc865fc710eddm        *q->rc = nldaprc2retcode(q->lrc);
479ac37569625bae44ffb80071d4bc865fc710eddm        if (*q->rc != IDMAP_SUCCESS)
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->result == NULL ||
479ac37569625bae44ffb80071d4bc865fc710eddm            !q->result->entries_count ||
479ac37569625bae44ffb80071d4bc865fc710eddm            (entry = q->result->entry) == NULL ||
479ac37569625bae44ffb80071d4bc865fc710eddm            !entry->attr_count) {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->rc = IDMAP_ERR_NOTFOUND;
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        /* Get uid/gid */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->pid != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            val = __ns_ldap_getAttr(entry,
479ac37569625bae44ffb80071d4bc865fc710eddm                (q->is_user) ? UIDNUMBER : GIDNUMBER);
479ac37569625bae44ffb80071d4bc865fc710eddm            if (val != NULL && *val != NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm                *q->pid = strtoul(*val, &end, 10);
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        /* Get unixname */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->unixname != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            val = __ns_ldap_getAttr(entry,
479ac37569625bae44ffb80071d4bc865fc710eddm                (q->is_user) ? UID : CN);
479ac37569625bae44ffb80071d4bc865fc710eddm            if (val != NULL && *val != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                *q->unixname = strdup(*val);
479ac37569625bae44ffb80071d4bc865fc710eddm                if (*q->unixname == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                    rc = *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm                    goto out;
479ac37569625bae44ffb80071d4bc865fc710eddm                }
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        /* Get DN for how info */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->dn != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            val = __ns_ldap_getAttr(entry, DN);
479ac37569625bae44ffb80071d4bc865fc710eddm            if (val != NULL && *val != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                *q->dn = strdup(*val);
479ac37569625bae44ffb80071d4bc865fc710eddm                if (*q->dn == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                    rc = *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm                    goto out;
479ac37569625bae44ffb80071d4bc865fc710eddm                }
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        /* Get nldap name mapping attr name for how info */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->attr != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->attr = strdup(qs->nldap_winname_attr);
479ac37569625bae44ffb80071d4bc865fc710eddm            if (*q->attr == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                rc = *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm                goto out;
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        /* Get nldap name mapping attr value for how info */
479ac37569625bae44ffb80071d4bc865fc710eddm        val =  __ns_ldap_getAttr(entry, qs->nldap_winname_attr);
479ac37569625bae44ffb80071d4bc865fc710eddm        if (val == NULL || *val == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->value != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->value = strdup(*val);
479ac37569625bae44ffb80071d4bc865fc710eddm            if (*q->value == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                rc = *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm                goto out;
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm        /* Get winname and windomain */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->winname == NULL && q->windomain == NULL)
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm        /*
479ac37569625bae44ffb80071d4bc865fc710eddm         * We need to split the value into winname and
479ac37569625bae44ffb80071d4bc865fc710eddm         * windomain. The value could be either in NT4
479ac37569625bae44ffb80071d4bc865fc710eddm         * style (i.e. dom\name) or AD-style (i.e. name@dom).
479ac37569625bae44ffb80071d4bc865fc710eddm         * We choose the first '\\' if it's in NT4 style and
479ac37569625bae44ffb80071d4bc865fc710eddm         * the last '@' if it's in AD-style for the split.
479ac37569625bae44ffb80071d4bc865fc710eddm         */
479ac37569625bae44ffb80071d4bc865fc710eddm        name = dom = NULL;
08f0d8da054d72c87f9a35f2ea891d2c3541ceb5afshin salek ardakani - Sun Microsystems - Irvine United States        if (lookup_wksids_name2sid(*val, NULL, NULL, NULL, NULL, NULL,
08f0d8da054d72c87f9a35f2ea891d2c3541ceb5afshin salek ardakani - Sun Microsystems - Irvine United States            NULL) == IDMAP_SUCCESS) {
479ac37569625bae44ffb80071d4bc865fc710eddm            name = *val;
479ac37569625bae44ffb80071d4bc865fc710eddm            dom = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm        } else if ((str = strchr(*val, '\\')) != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            *str = '\0';
479ac37569625bae44ffb80071d4bc865fc710eddm            name = str + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm            dom = *val;
479ac37569625bae44ffb80071d4bc865fc710eddm        } else if ((str = strrchr(*val, '@')) != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            *str = '\0';
479ac37569625bae44ffb80071d4bc865fc710eddm            name = *val;
479ac37569625bae44ffb80071d4bc865fc710eddm            dom = str + 1;
479ac37569625bae44ffb80071d4bc865fc710eddm        } else {
479ac37569625bae44ffb80071d4bc865fc710eddm            idmapdlog(LOG_INFO, "Domain-less "
479ac37569625bae44ffb80071d4bc865fc710eddm                "winname (%s) found in Native LDAP", *val);
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->rc = IDMAP_ERR_NS_LDAP_BAD_WINNAME;
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->winname != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->winname = strdup(name);
479ac37569625bae44ffb80071d4bc865fc710eddm            if (*q->winname == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                rc = *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm                goto out;
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        if (q->windomain != NULL && dom != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm            *q->windomain = strdup(dom);
479ac37569625bae44ffb80071d4bc865fc710eddm            if (*q->windomain == NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                rc = *q->rc = IDMAP_ERR_MEMORY;
479ac37569625bae44ffb80071d4bc865fc710eddm                goto out;
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddmout:
479ac37569625bae44ffb80071d4bc865fc710eddm    (void) idmap_nldap_lookup_batch_release(qs);
479ac37569625bae44ffb80071d4bc865fc710eddm    return (rc);
479ac37569625bae44ffb80071d4bc865fc710eddm}
479ac37569625bae44ffb80071d4bc865fc710eddm
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban/* ARGSUSED */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babanidmap_retcode
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babannldap_lookup_batch(lookup_state_t *state, idmap_mapping_batch *batch,
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        idmap_ids_res *result)
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban{
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_retcode           retcode, rc1;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright    int             i, add;
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_mapping           *req;
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_id_res            *res;
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_nldap_query_state_t   *qs = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm    idmap_how           *how;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (state->nldap_nqueries == 0)
479ac37569625bae44ffb80071d4bc865fc710eddm        return (IDMAP_SUCCESS);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    /* Create nldap lookup batch */
479ac37569625bae44ffb80071d4bc865fc710eddm    retcode = idmap_nldap_lookup_batch_start(state->nldap_nqueries, &qs);
479ac37569625bae44ffb80071d4bc865fc710eddm    if (retcode != IDMAP_SUCCESS) {
479ac37569625bae44ffb80071d4bc865fc710eddm        idmapdlog(LOG_ERR,
479ac37569625bae44ffb80071d4bc865fc710eddm            "Failed to create batch for native LDAP lookup");
479ac37569625bae44ffb80071d4bc865fc710eddm        goto out;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    qs->nldap_winname_attr = state->nldap_winname_attr;
479ac37569625bae44ffb80071d4bc865fc710eddm    qs->defdom = state->defdom;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    /* Add requests to the batch */
479ac37569625bae44ffb80071d4bc865fc710eddm    for (i = 0, add = 0; i < batch->idmap_mapping_batch_len; i++) {
479ac37569625bae44ffb80071d4bc865fc710eddm        req = &batch->idmap_mapping_batch_val[i];
479ac37569625bae44ffb80071d4bc865fc710eddm        res = &result->ids.ids_val[i];
479ac37569625bae44ffb80071d4bc865fc710eddm        retcode = IDMAP_SUCCESS;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm        /* Skip if not marked for nldap lookup */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (!(req->direction & _IDMAP_F_LOOKUP_NLDAP))
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        if (IS_ID_SID(req->id1)) {
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* win2unix request: */
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /*
479ac37569625bae44ffb80071d4bc865fc710eddm             * When processing a win2unix request, nldap lookup
479ac37569625bae44ffb80071d4bc865fc710eddm             * is performed after AD lookup or a successful
479ac37569625bae44ffb80071d4bc865fc710eddm             * name-cache lookup. Therefore we should already
479ac37569625bae44ffb80071d4bc865fc710eddm             * have sid, winname and sidtype. Note that
479ac37569625bae44ffb80071d4bc865fc710eddm             * windomain could be NULL e.g. well-known SIDs.
479ac37569625bae44ffb80071d4bc865fc710eddm             */
479ac37569625bae44ffb80071d4bc865fc710eddm            assert(req->id1name != NULL &&
479ac37569625bae44ffb80071d4bc865fc710eddm                (res->id.idtype == IDMAP_UID ||
479ac37569625bae44ffb80071d4bc865fc710eddm                res->id.idtype == IDMAP_GID));
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* Skip if we already have pid and unixname */
479ac37569625bae44ffb80071d4bc865fc710eddm            if (req->id2name != NULL &&
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States                res->id.idmap_id_u.uid != IDMAP_SENTINEL_PID) {
479ac37569625bae44ffb80071d4bc865fc710eddm                res->retcode = IDMAP_SUCCESS;
479ac37569625bae44ffb80071d4bc865fc710eddm                continue;
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* Clear leftover value */
479ac37569625bae44ffb80071d4bc865fc710eddm            free(req->id2name);
479ac37569625bae44ffb80071d4bc865fc710eddm            req->id2name = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* Lookup nldap by winname to get pid and unixname */
479ac37569625bae44ffb80071d4bc865fc710eddm            add = 1;
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright            idmap_how_clear(&res->info.how);
479ac37569625bae44ffb80071d4bc865fc710eddm            res->info.src = IDMAP_MAP_SRC_NEW;
479ac37569625bae44ffb80071d4bc865fc710eddm            how = &res->info.how;
479ac37569625bae44ffb80071d4bc865fc710eddm            how->map_type = IDMAP_MAP_TYPE_DS_NLDAP;
479ac37569625bae44ffb80071d4bc865fc710eddm            retcode = idmap_nldap_bywinname_batch_add(
479ac37569625bae44ffb80071d4bc865fc710eddm                qs, req->id1name, req->id1domain,
479ac37569625bae44ffb80071d4bc865fc710eddm                (res->id.idtype == IDMAP_UID) ? 1 : 0,
479ac37569625bae44ffb80071d4bc865fc710eddm                &how->idmap_how_u.nldap.dn,
479ac37569625bae44ffb80071d4bc865fc710eddm                &how->idmap_how_u.nldap.attr,
479ac37569625bae44ffb80071d4bc865fc710eddm                &how->idmap_how_u.nldap.value,
479ac37569625bae44ffb80071d4bc865fc710eddm                &req->id2name, &res->id.idmap_id_u.uid,
479ac37569625bae44ffb80071d4bc865fc710eddm                &res->retcode);
479ac37569625bae44ffb80071d4bc865fc710eddm
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        } else if (IS_ID_UID(req->id1) || IS_ID_GID(req->id1)) {
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* unix2win request: */
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* Skip if we already have winname */
479ac37569625bae44ffb80071d4bc865fc710eddm            if (req->id2name != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                res->retcode = IDMAP_SUCCESS;
479ac37569625bae44ffb80071d4bc865fc710eddm                continue;
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* Clear old value */
479ac37569625bae44ffb80071d4bc865fc710eddm            free(req->id2domain);
479ac37569625bae44ffb80071d4bc865fc710eddm            req->id2domain = NULL;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* Set how info */
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright            idmap_how_clear(&res->info.how);
479ac37569625bae44ffb80071d4bc865fc710eddm            res->info.src = IDMAP_MAP_SRC_NEW;
479ac37569625bae44ffb80071d4bc865fc710eddm            how = &res->info.how;
479ac37569625bae44ffb80071d4bc865fc710eddm            how->map_type = IDMAP_MAP_TYPE_DS_NLDAP;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            /* Lookup nldap by pid or unixname to get winname */
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States            if (req->id1.idmap_id_u.uid != IDMAP_SENTINEL_PID) {
479ac37569625bae44ffb80071d4bc865fc710eddm                add = 1;
479ac37569625bae44ffb80071d4bc865fc710eddm                retcode = idmap_nldap_bypid_batch_add(
479ac37569625bae44ffb80071d4bc865fc710eddm                    qs, req->id1.idmap_id_u.uid,
479ac37569625bae44ffb80071d4bc865fc710eddm                    (req->id1.idtype == IDMAP_UID) ? 1 : 0,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &how->idmap_how_u.nldap.dn,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &how->idmap_how_u.nldap.attr,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &how->idmap_how_u.nldap.value,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &req->id2name, &req->id2domain,
479ac37569625bae44ffb80071d4bc865fc710eddm                    (req->id1name == NULL) ?
479ac37569625bae44ffb80071d4bc865fc710eddm                    &req->id1name : NULL,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &res->retcode);
479ac37569625bae44ffb80071d4bc865fc710eddm            } else if (req->id1name != NULL) {
479ac37569625bae44ffb80071d4bc865fc710eddm                add = 1;
479ac37569625bae44ffb80071d4bc865fc710eddm                retcode = idmap_nldap_byunixname_batch_add(
479ac37569625bae44ffb80071d4bc865fc710eddm                    qs, req->id1name,
479ac37569625bae44ffb80071d4bc865fc710eddm                    (req->id1.idtype == IDMAP_UID) ? 1 : 0,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &how->idmap_how_u.nldap.dn,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &how->idmap_how_u.nldap.attr,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &how->idmap_how_u.nldap.value,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &req->id2name, &req->id2domain,
479ac37569625bae44ffb80071d4bc865fc710eddm                    &req->id1.idmap_id_u.uid, &res->retcode);
479ac37569625bae44ffb80071d4bc865fc710eddm            }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm        /*
479ac37569625bae44ffb80071d4bc865fc710eddm         * nldap_batch_add API returns error only on fatal failures
479ac37569625bae44ffb80071d4bc865fc710eddm         * otherwise it returns success and the actual status
479ac37569625bae44ffb80071d4bc865fc710eddm         * is stored in the individual request (res->retcode).
479ac37569625bae44ffb80071d4bc865fc710eddm         * Stop adding requests to this batch on fatal failures
479ac37569625bae44ffb80071d4bc865fc710eddm         * (i.e. if retcode != success)
479ac37569625bae44ffb80071d4bc865fc710eddm         */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (retcode != IDMAP_SUCCESS)
479ac37569625bae44ffb80071d4bc865fc710eddm            break;
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    if (!add)
479ac37569625bae44ffb80071d4bc865fc710eddm        idmap_nldap_lookup_batch_release(qs);
479ac37569625bae44ffb80071d4bc865fc710eddm    else if (retcode != IDMAP_SUCCESS)
479ac37569625bae44ffb80071d4bc865fc710eddm        idmap_nldap_lookup_batch_release(qs);
479ac37569625bae44ffb80071d4bc865fc710eddm    else
479ac37569625bae44ffb80071d4bc865fc710eddm        retcode = idmap_nldap_lookup_batch_end(qs);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddmout:
479ac37569625bae44ffb80071d4bc865fc710eddm    for (i = 0; i < batch->idmap_mapping_batch_len; i++) {
479ac37569625bae44ffb80071d4bc865fc710eddm        req = &batch->idmap_mapping_batch_val[i];
479ac37569625bae44ffb80071d4bc865fc710eddm        res = &result->ids.ids_val[i];
479ac37569625bae44ffb80071d4bc865fc710eddm        if (!(req->direction & _IDMAP_F_LOOKUP_NLDAP))
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm        /* Reset nldap flag */
479ac37569625bae44ffb80071d4bc865fc710eddm        req->direction &= ~(_IDMAP_F_LOOKUP_NLDAP);
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm        /*
479ac37569625bae44ffb80071d4bc865fc710eddm         * As noted earlier retcode != success if there were fatal
479ac37569625bae44ffb80071d4bc865fc710eddm         * errors during batch_start and batch_adds. If so then set
479ac37569625bae44ffb80071d4bc865fc710eddm         * the status of each nldap request to that error.
479ac37569625bae44ffb80071d4bc865fc710eddm         */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (retcode != IDMAP_SUCCESS) {
479ac37569625bae44ffb80071d4bc865fc710eddm            res->retcode = retcode;
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm        if (!add)
479ac37569625bae44ffb80071d4bc865fc710eddm            continue;
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm        /*
479ac37569625bae44ffb80071d4bc865fc710eddm         * If we successfully retrieved winname from nldap entry
479ac37569625bae44ffb80071d4bc865fc710eddm         * then lookup winname2sid locally. If not found locally
479ac37569625bae44ffb80071d4bc865fc710eddm         * then mark this request for AD lookup.
479ac37569625bae44ffb80071d4bc865fc710eddm         */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (res->retcode == IDMAP_SUCCESS &&
479ac37569625bae44ffb80071d4bc865fc710eddm            req->id2name != NULL &&
479ac37569625bae44ffb80071d4bc865fc710eddm            res->id.idmap_id_u.sid.prefix == NULL &&
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright            (IS_ID_UID(req->id1) || IS_ID_GID(req->id1))) {
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm            rc1 = lookup_name2sid(state->cache,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright                req->id2name, req->id2domain, -1,
08f0d8da054d72c87f9a35f2ea891d2c3541ceb5afshin salek ardakani - Sun Microsystems - Irvine United States                NULL, NULL,
479ac37569625bae44ffb80071d4bc865fc710eddm                &res->id.idmap_id_u.sid.prefix,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright                &res->id.idmap_id_u.sid.rid,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright                &res->id.idtype,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright                req, 1);
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright            if (rc1 == IDMAP_ERR_NOTFOUND) {
479ac37569625bae44ffb80071d4bc865fc710eddm                req->direction |= _IDMAP_F_LOOKUP_AD;
479ac37569625bae44ffb80071d4bc865fc710eddm                state->ad_nqueries++;
479ac37569625bae44ffb80071d4bc865fc710eddm            } else
479ac37569625bae44ffb80071d4bc865fc710eddm                res->retcode = rc1;
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm        /*
479ac37569625bae44ffb80071d4bc865fc710eddm         * Unset non-fatal errors in individual request. This allows
479ac37569625bae44ffb80071d4bc865fc710eddm         * the next pass to process other mapping mechanisms for
479ac37569625bae44ffb80071d4bc865fc710eddm         * this request.
479ac37569625bae44ffb80071d4bc865fc710eddm         */
479ac37569625bae44ffb80071d4bc865fc710eddm        if (res->retcode != IDMAP_SUCCESS &&
479ac37569625bae44ffb80071d4bc865fc710eddm            res->retcode != IDMAP_ERR_NS_LDAP_BAD_WINNAME &&
479ac37569625bae44ffb80071d4bc865fc710eddm            !(IDMAP_FATAL_ERROR(res->retcode))) {
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright            idmap_how_clear(&res->info.how);
479ac37569625bae44ffb80071d4bc865fc710eddm            res->retcode = IDMAP_SUCCESS;
479ac37569625bae44ffb80071d4bc865fc710eddm        }
479ac37569625bae44ffb80071d4bc865fc710eddm    }
479ac37569625bae44ffb80071d4bc865fc710eddm
479ac37569625bae44ffb80071d4bc865fc710eddm    state->nldap_nqueries = 0;
479ac37569625bae44ffb80071d4bc865fc710eddm    return (retcode);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban}