nis_opacc.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 1998-2001 by Sun Microsystems, Inc.
* All rights reserved.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdio.h>
#include <malloc.h>
#include <syslog.h>
#include <string.h>
#include "nis_proc.h"
static __match_class __subop_match_class(char *);
#define nil(x) (x)?(x):"<NULL>"
#define OP_ACC_TABLE "proto_op_access"
#define OP_COL "op"
#define SUBOP_COL "subop"
#define SUBOP_COL_NUM 1
#define MAX_OPNAME "NIS_FINDDIRECTORY"
#define MAX_SUBOPNAME "Make sure this is longer than the longest tag etc."
/*
* Verify access to the specified NIS+ protocol operation (and, optionally,
* sub-operation). Parameters:
*
* op Required. Name of operation. Example: "NIS_PING".
*
* subop Optional. Name of sub-operation. Example: "TAG_DEBUG"
* for the "NIS_STATUS" operation.
*
* dir Optional. NIS+ directory for which check is performed.
* If NULL, all directories served by this rpc.nisd are
* checked.
*
* pname Optional. Name of principal. If NULL, this routine
* derives the principal name from the reqstp argument.
*
* reqstp Optional and ignored unless pname == NULL. The RPC
* request.
*/
char pnamebuf[1024];
char *dirl;
/* No check at security levels 0 and 1 */
if (secure_level < 2)
return (TRUE);
/* Sanity check arguments */
if (op == 0 ||
return (FALSE);
/* Get the principal name */
if (pname == 0) {
}
#ifdef OPACCDEBUG
printf("nis_op_access(%s, %s, %s, %s, 0x%x)\n",
#endif /* OPACCDEBUG */
} else {
return (FALSE);
#ifdef OPACCDEBUG
#endif /* OPACCDEBUG */
nxtdir++;
if (*nxtdir != '\0')
*nxtdir++ = '\0';
return (FALSE);
}
}
}
return (TRUE);
}
static
sizeof (OP_ACC_TABLE) + /* table name */
sizeof (MAX_OPNAME) + /* search ... */
sizeof (MAX_SUBOPNAME)+ /* ... criteria */
sizeof ("[=,=]. ")]; /* syntax + NUL */
int i;
if (subop == 0)
else
if (err != NIS_SUCCESS)
return (TRUE);
#ifdef OPACCDEBUG
printf("nis_local_lookup(%s) => 0x%x, status = %d\n",
#endif /* OPACCDEBUG */
/* No result at all or no such table => assume access OK */
if (res == 0)
return (TRUE);
return (TRUE);
}
/*
* If we didn't find any entries, then one of two situations apply:
*
* (1) We were looking for 'op' only, and if it isn't in the
* the table, we allow access.
*
* (2) We were looking for both 'op' and 'subop'. It's possible
* that there's an entry for 'op' only, so try again.
*/
if (subop == 0) {
return (TRUE);
} else {
}
/*
* XXX Should we succeed or fail ?
* For maximum backward compatibility, we declare success
*/
#ifdef OPACCDEBUG
for (i = 0; i < NIS_RES_NUMOBJ(res); i++) {
printf("\t------------- %d --------------\n", i);
}
#endif /* OPACCDEBUG */
return (TRUE);
}
/*
* If there was more than one result, look for one that:
*
* (1) has a matching sub-operation, or
*
* (2) has an empty string in the subop field, or
*
* (3) has a NIL subop field, or
*
* (4) has no subop field
*
* in that order.
*/
#ifdef OPACCDEBUG
printf("\tone matching entry\n");
#endif /* OPACCDEBUG */
best_entry = 0;
#ifdef OPACCDEBUG
#endif /* OPACCDEBUG */
#ifdef OPACCDEBUG
#endif /* OPACCDEBUG */
best_entry = i;
if (be_match <= required_match)
break;
}
}
#ifdef OPACCDEBUG
printf("\trequired_match = %d, be_match = %d, best_entry = %d\n",
printf("\t\t%s %s\n",
#endif /* OPACCDEBUG */
}
#ifdef OPACCDEBUG
#endif /* OPACCDEBUG */
return (ret);
}
static anonid_t callback_anonid = 0;
static DECLMUTEXLOCK(anonid);
/*
* Add id to callback list
*/
return(NOANONID);
}
/*
* In the MT case, we use the thread id as the anonymous id. We do
* this because we want to avoid race conditions by having the thread
* itself both insert and remove its entry on the callback_id_list.
* Hence, since the id is returned by the parent of the thread,
* the implication is that the anonymous id must be something known
* to both, and the thread id fits that requirement.
*/
return(anonid);
}
/*
* Remove callback id
*/
void
if (id == INV_PTHREAD_ID)
return;
break;
}
}
return;
}
/*
* Return the id and principal name corresponding to an anonymous id
*/
if (pname != 0) {
}
break;
}
}
return(id);
}
/* Classify a subop string */
__subop_match_class(char *subop) {
if (subop == 0) {
#ifdef OPACCDEBUG
printf("\t\t\t<NIL>\n");
#endif /* OPACCDEBUG */
return (NIL);
} else if (*subop == '\0') {
#ifdef OPACCDEBUG
printf("\t\t\t<EMPTY>\n");
#endif /* OPACCDEBUG */
return (EMPTY);
} else {
#ifdef OPACCDEBUG
#endif /* OPACCDEBUG */
return (STRING);
}
}
/*
* Classify the subop in an entry. If it's a string, compare to the
* subop argument.
*/
char *entry_subop;
} else {
}
return (ret);
}