server.c revision 84decf41e1c0970e397cc8710dfcf81db5b8c6da
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Service routines
*/
#include "idmapd.h"
#include "idmap_priv.h"
#include <signal.h>
#include <thread.h>
#include <string.h>
#include <strings.h>
#include <errno.h>
#include <assert.h>
#include <ucred.h>
#include <pwd.h>
#include <auth_attr.h>
#include <secdb.h>
if (retcode == IDMAP_NEXT) {\
return (0);\
} else if (retcode < 0) {\
return (1);\
}
if (rcode == IDMAP_ERR_BUSY)\
/* ARGSUSED */
return (TRUE);
}
#define IS_BATCH_SID(batch, i)\
#define IS_BATCH_UID(batch, i)\
#define IS_BATCH_GID(batch, i)\
#define IS_REQUEST_SID(request)\
#define IS_REQUEST_UID(request)\
#define IS_REQUEST_GID(request)\
/* ARGSUSED */
uint_t i;
/* Init */
/* Return success if nothing was requested */
goto out;
/* Get cache handle */
goto out;
/* Get db handle */
goto out;
/* Allocate result array */
sizeof (idmap_id_res));
goto out;
}
/* Allocate hash table to check for duplicate sids */
sizeof (*state.sid_history));
goto out;
}
for (i = 0; i < state.sid_history_size; i++) {
}
/* Init our 'done' flags */
/* First stage */
for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
if (IS_BATCH_SID(batch, i)) {
&state,
} else if (IS_BATCH_UID(batch, i)) {
&state,
db,
} else if (IS_BATCH_GID(batch, i)) {
&state,
db,
} else {
continue;
}
if (IDMAP_FATAL_ERROR(retcode)) {
goto out;
}
}
/* Check if we are done */
goto out;
/* Process Windows server lookups for sid2name */
if (state.ad_nqueries) {
result);
if (IDMAP_FATAL_ERROR(winrc)) {
goto out;
}
} else
/* Reset sid2pid 'done' flag */
/* Second stage */
for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
/* Process sid to pid ONLY */
if (IS_BATCH_SID(batch, i)) {
if (IDMAP_ERROR(winrc))
&state,
db,
if (IDMAP_FATAL_ERROR(retcode)) {
goto out;
}
}
}
/* Check if we are done */
goto out;
/* Reset our 'done' flags */
/* Update cache in a single transaction */
goto out;
for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
if (IS_BATCH_SID(batch, i)) {
(void) update_cache_sid2pid(
&state,
} else if ((IS_BATCH_UID(batch, i)) ||
(IS_BATCH_GID(batch, i))) {
(void) update_cache_pid2sid(
&state,
}
}
/* Commit if we have atleast one successful update */
else
out:
if (state.sid_history)
}
return (TRUE);
}
/* ARGSUSED */
static int
char *str;
char *end;
sizeof (idmap_mapping));
return (1);
str;
else
return (1);
return (1);
return (1);
return (0);
}
/* ARGSUSED */
/* Get cache handle */
goto out;
/* Create LIMIT expression. */
if (limit > 0)
/*
* Combine all the above into a giant SELECT statement that
* will return the requested mappings
*/
" windomain, winname, unixname"
" FROM idmap_cache WHERE "
" %s AND is_user = %d %s;",
goto out;
}
/* Execute the SQL statement and update the return buffer */
out:
if (sql)
return (TRUE);
}
/* ARGSUSED */
static int
char *end;
sizeof (idmap_namerule));
return (1);
return (1);
return (1);
else
return (0);
}
/* ARGSUSED */
char *s_unixname = NULL;
/* Get db handle */
goto out;
"AND (u2w_order = 0 OR u2w_order ISNULL)");
"AND (w2u_order = 0 OR w2u_order ISNULL)");
}
/* Create where statement for windomain */
goto out;
}
/* Create where statement for winname */
goto out;
}
/* Create where statement for unixname */
goto out;
}
/* Create LIMIT expression. */
if (limit > 0)
/*
* Combine all the above into a giant SELECT statement that
* will return the requested rules
*/
"is_nt4, unixname, w2u_order, u2w_order "
"FROM namerules WHERE "
" %s AND is_user = %d %s %s %s %s %s %s;",
goto out;
}
/* Execute the SQL statement and update the return buffer */
out:
if (s_windomain)
if (s_winname)
if (s_unixname)
if (sql)
return (TRUE);
}
#define IDMAP_RULES_AUTH "solaris.admin.idmap.rules"
static int
char buf[1024];
const char *me = "verify_rules_auth";
"%s: svc_getcallerucred failed (errno=%d)",
return (-1);
}
"%s: ucred_geteuid failed (errno=%d)",
ucred_free(uc);
return (-1);
}
"%s: getpwuid_r(%u) failed (errno=%d)",
ucred_free(uc);
return (-1);
}
"%s: %s does not have authorization.",
ucred_free(uc);
return (-1);
}
ucred_free(uc);
return (1);
}
/* ARGSUSED */
int i;
if (verify_rules_auth(rqstp) < 0) {
goto out;
}
if (batch.idmap_update_batch_len == 0 ||
*result = IDMAP_SUCCESS;
goto out;
}
/* Get db handle */
if (*result != IDMAP_SUCCESS)
goto out;
if (*result != IDMAP_SUCCESS)
goto out;
for (i = 0; i < batch.idmap_update_batch_len; i++) {
case OP_NONE:
*result = IDMAP_SUCCESS;
break;
case OP_ADD_NAMERULE:
break;
case OP_RM_NAMERULE:
break;
case OP_FLUSH_NAMERULES:
break;
default:
goto out;
};
if (*result != IDMAP_SUCCESS)
goto out;
}
out:
if (trans) {
if (*result == IDMAP_SUCCESS)
else
}
return (TRUE);
}
/* ARGSUSED */
/* Init */
/* Get cache handle */
goto out;
/* Get db handle */
goto out;
/* Allocate result */
goto out;
}
if (IS_REQUEST_SID(request)) {
db,
&request,
} else if (IS_REQUEST_UID(request)) {
db,
&request,
1);
} else if (IS_REQUEST_GID(request)) {
db,
&request,
0);
} else {
}
out:
}
return (TRUE);
}
/* ARGSUSED */
int
return (TRUE);
}