namemaps.c revision 61b364a9162c5e321625fcd2f640da7e1dd2417e
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <errno.h>
#include <ldap.h>
#include <libintl.h>
#include <strings.h>
#include <strings.h>
#include "idmap_impl.h"
#include "ns_sldap.h"
/* From adutils.c: */
/* A single DS */
struct idmap_nm_handle {
/* LDAP DS info */
char *ad_host;
int ad_port;
/* hardwired to SASL GSSAPI only for now */
char *saslmech;
unsigned saslflags;
char *windomain;
char *ad_unixuser_attr;
char *ad_unixgroup_attr;
char *nldap_winname_attr;
char *default_domain;
int direction;
};
static
{
return (IDMAP_SUCCESS);
}
} else {
gettext("Invalid authentication method \"%s\" specified\n"),
from);
return (IDMAP_ERR_ARG);
}
return (IDMAP_SUCCESS);
}
static
{
return (rc);
return (IDMAP_ERR_MEMORY);
}
return (IDMAP_ERR_MEMORY);
}
}
return (IDMAP_SUCCESS);
}
/*ARGSUSED*/
static int
{
return (LDAP_PARAM_ERROR);
interact++) {
}
return (LDAP_SUCCESS);
}
static
{
int zero = 0;
/* Open and bind an LDAP connection */
goto out;
}
NULL);
if (ldap_rc != LDAP_SUCCESS) {
}
out:
return (rc);
}
static
{
/*
* For now, there is nothing to initialize in nldap. This is just to
* make it future-proof, especially standalone libsldap-proof
*/
return (0);
}
static
{
ad_ctx = ad_disc_init();
gettext("AD autodiscovery initialization failed"));
return (IDMAP_ERR_INTERNAL);
}
/* Based on the supplied or default domain, find the proper AD: */
gettext("Setting a domain name \"%s\" for autodiscovery"
" failed, most likely not enough memory"), p->windomain);
goto cleanup;
}
rc = IDMAP_ERR_ARG;
gettext("A domain controller for the "
"domain \"%s\" not found."), p->windomain);
goto cleanup;
}
goto cleanup;
}
goto cleanup;
}
rc = idmap_open_ad_conn(p);
if (rc != IDMAP_SUCCESS)
goto cleanup;
return (rc);
}
void
{
if (p == NULL)
return;
if (p->ad_unixgroup_attr != NULL)
free(p->ad_unixgroup_attr);
if (p->ad_unixuser_attr != NULL)
free(p->ad_unixuser_attr);
if (p->nldap_winname_attr)
free(p->nldap_winname_attr);
if (p->default_domain != NULL)
free(p->default_domain);
}
/* No archeology: */
}
if (p->ad)
(void) ldap_unbind(p->ad);
free(p);
}
int direction)
{
if (p == NULL)
return (IDMAP_ERR_MEMORY);
&p->default_domain);
if (rc != IDMAP_SUCCESS) {
gettext("Error obtaining default domain from idmapd (%s)"),
goto cleanup;
}
&p->ad_unixuser_attr);
if (rc != IDMAP_SUCCESS) {
gettext("Error obtaining AD unixuser attribute (%s)"),
goto cleanup;
}
&p->ad_unixgroup_attr);
if (rc != IDMAP_SUCCESS) {
gettext("Error obtaining AD unixgroup attribute (%s)"),
goto cleanup;
}
&p->nldap_winname_attr);
if (rc != IDMAP_SUCCESS) {
gettext("Error obtaining AD unixgroup attribute (%s)"),
goto cleanup;
}
goto cleanup;
}
} else if (!EMPTY_STRING(p->default_domain)) {
goto cleanup;
}
} else if (direction == IDMAP_DIRECTION_W2U) {
gettext("Windows domain not given and idmapd daemon"
" didn't provide a default one"));
rc = IDMAP_ERR_ARG;
goto cleanup;
}
direction != IDMAP_DIRECTION_U2W) {
rc = idmap_init_ad(p);
if (rc != IDMAP_SUCCESS) {
goto cleanup;
}
}
rc = idmap_init_nldap(p);
if (rc != IDMAP_SUCCESS) {
goto cleanup;
}
if (rc != IDMAP_SUCCESS) {
goto cleanup;
}
}
if (rc == IDMAP_SUCCESS) {
*adh = p;
return (IDMAP_SUCCESS);
}
/* There was an error: */
return (rc);
}
static
char *
{
int num_lvl = 1;
char *buf;
it ++;
num_lvl ++;
}
for (;;) {
break;
} else {
}
}
return (buf);
}
static
char **value)
{
/* No value means it is not requested */
return (IDMAP_SUCCESS);
else {
}
return (rc);
}
/* Split winname to its name and domain part */
static
{
char *at;
}
/* There is no domain - leave domain NULL */
goto errout;
return (IDMAP_SUCCESS);
}
goto errout;
goto errout;
if (*at == '\\') {
}
return (IDMAP_SUCCESS);
return (IDMAP_ERR_MEMORY);
}
static
{
int rc_ns;
char filter[255];
static const char *attribs[3];
char **attrs;
attribs[0] = p->nldap_winname_attr;
unixname);
if (rc_ns == NS_LDAP_NOTFOUND) {
return (IDMAP_ERR_NOTFOUND);
} else if (rc_ns != NS_LDAP_SUCCESS) {
char *msg = "Cause unidentified";
}
return (IDMAP_ERR_ARG);
}
return (IDMAP_ERR_ARG);
}
p->nldap_winname_attr);
} else {
}
}
unixname);
return (IDMAP_ERR_ARG);
}
}
return (rc);
}
#define FILTER "(sAMAccountName=%s)"
/* Puts the values of attributes to unixuser and unixgroup, unless NULL */
static
{
char *base;
char *filter;
int flen;
char *attribs[4];
int i;
int ldap_rc;
/* Query: */
return (IDMAP_ERR_MEMORY);
}
i = 0;
attribs[i++] = "objectClass";
attribs[i++] = p->ad_unixuser_attr;
attribs[i++] = p->ad_unixgroup_attr;
return (IDMAP_ERR_MEMORY);
}
if (ldap_rc != LDAP_SUCCESS) {
"Ldap query to server %s port %d failed. (%s)",
(void) ldap_msgfree(results);
return (IDMAP_ERR_OTHER);
}
int i = 0;
(void) ldap_msgfree(results);
return (IDMAP_ERR_MEMORY);
}
for (i = 0; i < ldap_count_values(values); i++) {
/*
* is_wuser can be IDMAP_UNKNOWN, in that case we accept
*/
(void) ldap_msgfree(results);
return (IDMAP_ERR_MEMORY);
}
break;
}
}
break;
}
return (IDMAP_ERR_NOTFOUND);
}
unixuser);
(void) ldap_msgfree(results);
return (rc);
}
/* set the given attribute to the given value. If value is NULL, unset it */
static
{
int ldap_rc;
} else {
}
if (ldap_rc != LDAP_SUCCESS) {
"Ldap modify of %s, attribute %s failed. (%s)",
}
ldap_mods_free(mods, 0);
return (rc);
}
/*
* This function takes the p argument just for the beauty of the symmetry
* with idmap_ad_set (and for future enhancements).
*/
static
/* LINTED E_FUNC_ARG_UNUSED */
{
int ldaprc;
return (IDMAP_ERR_MEMORY);
return (IDMAP_ERR_MEMORY);
}
} else {
attrs[0]->value_count = 0;
}
} else if (is_new)
else
if (ldaprc != NS_LDAP_SUCCESS) {
char *msg = "Cause unidentified";
}
" failed (%s)"), msg);
return (IDMAP_ERR_ARG);
}
return (IDMAP_SUCCESS);
}
{
char *oldwinname = NULL;
char *oldwindomain = NULL;
if (direction == IDMAP_DIRECTION_W2U) {
if (!p->is_ad) {
rc = IDMAP_ERR_ARG;
gettext("AD namemaps aren't set up."));
goto cleanup;
}
if (rc != IDMAP_SUCCESS)
goto cleanup;
p->ad_unixgroup_attr, unixname);
if (rc != IDMAP_SUCCESS)
goto cleanup;
}
if (direction == IDMAP_DIRECTION_U2W) {
char *fullname;
if (!p->is_nldap) {
rc = IDMAP_ERR_ARG;
gettext("Native ldap namemaps aren't set up."));
goto cleanup;
}
&oldwinname, &oldwindomain);
if (rc != IDMAP_SUCCESS)
goto cleanup;
goto cleanup;
} else {
goto cleanup;
}
}
if (rc != IDMAP_SUCCESS)
goto cleanup;
}
if (oldwindomain != NULL)
if (oldwinname != NULL)
return (rc);
}
{
char *oldwinname = NULL;
char *oldwindomain = NULL;
if (direction == IDMAP_DIRECTION_W2U) {
if (!p->is_ad) {
rc = IDMAP_ERR_ARG;
gettext("AD namemaps aren't set up."));
goto cleanup;
}
if (rc != IDMAP_SUCCESS)
goto cleanup;
p->ad_unixgroup_attr, unixname);
if (rc != IDMAP_SUCCESS)
goto cleanup;
} else { /* direction == IDMAP_DIRECTION_U2W */
if (!p->is_nldap) {
rc = IDMAP_ERR_ARG;
gettext("Native ldap namemaps aren't set up."));
goto cleanup;
}
if (rc != IDMAP_SUCCESS)
goto cleanup;
if (rc != IDMAP_SUCCESS)
goto cleanup;
}
if (oldwindomain != NULL)
if (oldwinname != NULL)
return (rc);
}
{
rc = IDMAP_ERR_ARG;
gettext("AD namemaps are not active."));
goto cleanup;
/* In future maybe resolve winname and try nldap? */
}
if (rc != IDMAP_SUCCESS) {
gettext("Winname %s@%s not found in AD."),
}
char *unixname;
int is_user;
*is_source_ad = IDMAP_NO;
rc = IDMAP_ERR_ARG;
gettext("Native ldap namemaps aren't active."));
goto cleanup;
/* In future maybe resolve unixname and try AD? */
}
}
if (rc != IDMAP_SUCCESS) {
gettext("%s %s not found in native ldap."),
unixname);
goto cleanup;
}
} else {
rc = IDMAP_ERR_ARG;
goto cleanup;
}
return (rc);
}