/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
*/
#include <pwd.h>
#include "ldap_common.h"
/* passwd attributes filters */
#define _PWD_CN "cn"
#define _PWD_UID "uid"
#define _PWD_USERPASSWORD "userpassword"
#define _PWD_UIDNUMBER "uidnumber"
#define _PWD_GIDNUMBER "gidnumber"
#define _PWD_GECOS "gecos"
#define _PWD_DESCRIPTION "description"
#define _PWD_HOMEDIRECTORY "homedirectory"
#define _PWD_LOGINSHELL "loginshell"
#define _F_GETPWUID "(&(objectClass=posixAccount)(uidNumber=%ld))"
#define _F_GETPWUID_SSD "(&(%%s)(uidNumber=%ld))"
static const char *pwd_attrs[] = {
_PWD_CN,
_PWD_UID,
_PWD_UIDNUMBER,
_PWD_GIDNUMBER,
_PWD_GECOS,
_PWD_DESCRIPTION,
_PWD_HOMEDIRECTORY,
_PWD_LOGINSHELL,
(char *)NULL
};
/* Use this attribute to ask for server type from libsldap. */
static const char *pwd_extra_info_attr[] = {
"__ns_ldap_op_attr_server_type",
(char *)NULL
};
/*
* dn2uid_cache_state is set in getgrent.c when group dn2uid cache is created.
*/
extern nss_ldap_cache_state_t dn2uid_cache_state;
/*
* _nss_ldap_passwd2str is the data marshaling method for the passwd getXbyY
* (e.g., getbyuid(), getbyname(), getpwent()) backend processes. This method is
* called after a successful ldap search has been performed. This method will
* parse the ldap search values into the file format.
* e.g.
*
* nobody:x:60001:60001:Nobody:/:
*
*/
static int
_nss_ldap_passwd2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
{
int nss_result;
int buflen = 0;
unsigned long str_len = 0L;
char *buffer = NULL;
ns_ldap_result_t *result = be->result;
ns_ldap_entry_t *entry;
char **dn_v;
int dnlen = 0;
char **uid_v, **uidn_v, **gidn_v;
char **gecos_v, **homedir_v, **shell_v;
char *NULL_STR = "";
char uid_nobody[NOBODY_STR_LEN];
char gid_nobody[NOBODY_STR_LEN], *end;
char *uid_nobody_v[1], *gid_nobody_v[1];
char *server_type;
(void) snprintf(uid_nobody, sizeof (uid_nobody), "%u", UID_NOBODY);
uid_nobody_v[0] = uid_nobody;
(void) snprintf(gid_nobody, sizeof (gid_nobody), "%u", GID_NOBODY);
gid_nobody_v[0] = gid_nobody;
if (result == NULL) {
if (be->extra_info != NULL) {
__ns_ldap_freeEntry(be->extra_info);
be->extra_info = NULL;
}
return (NSS_STR_PARSE_PARSE);
}
entry = result->entry;
buflen = argp->buf.buflen;
buffer = argp->buf.buffer;
nss_result = NSS_STR_PARSE_SUCCESS;
(void) memset(buffer, 0, buflen);
/* 8 = 6 ':' + 1 '\0' + 1 'x' */
str_len = 8;
uid_v = __ns_ldap_getAttr(entry, _PWD_UID);
uidn_v = __ns_ldap_getAttr(entry, _PWD_UIDNUMBER);
gidn_v = __ns_ldap_getAttr(entry, _PWD_GIDNUMBER);
if (uid_v == NULL || uidn_v == NULL || gidn_v == NULL ||
uid_v[0] == NULL || uidn_v[0] == NULL || gidn_v[0] == NULL) {
nss_result = NSS_STR_PARSE_PARSE;
goto result_pwd2str;
}
/* Validate UID and GID */
if (strtoul(uidn_v[0], &end, 10) > MAXUID)
uidn_v = uid_nobody_v;
if (strtoul(gidn_v[0], &end, 10) > MAXUID)
gidn_v = gid_nobody_v;
str_len += strlen(uid_v[0]) + strlen(uidn_v[0]) + strlen(gidn_v[0]);
if (str_len > buflen) {
nss_result = NSS_STR_PARSE_ERANGE;
goto result_pwd2str;
}
gecos_v = __ns_ldap_getAttr(entry, _PWD_GECOS);
if (gecos_v == NULL || gecos_v[0] == NULL || *gecos_v[0] == '\0')
gecos_v = &NULL_STR;
else
str_len += strlen(gecos_v[0]);
homedir_v = __ns_ldap_getAttr(entry, _PWD_HOMEDIRECTORY);
if (homedir_v == NULL || homedir_v[0] == NULL || *homedir_v[0] == '\0')
homedir_v = &NULL_STR;
else
str_len += strlen(homedir_v[0]);
shell_v = __ns_ldap_getAttr(entry, _PWD_LOGINSHELL);
if (shell_v == NULL || shell_v[0] == NULL || *shell_v[0] == '\0')
shell_v = &NULL_STR;
else
str_len += strlen(shell_v[0]);
if (str_len > buflen) {
nss_result = NSS_STR_PARSE_ERANGE;
goto result_pwd2str;
}
if (argp->buf.result != NULL) {
be->buflen = str_len;
be->buffer = malloc(be->buflen);
if (be->buffer == NULL) {
nss_result = (int)NSS_STR_PARSE_ERANGE;
goto result_pwd2str;
}
(void) snprintf(be->buffer, be->buflen,
"%s:%s:%s:%s:%s:%s:%s",
uid_v[0], "x", uidn_v[0], gidn_v[0],
gecos_v[0], homedir_v[0], shell_v[0]);
} else {
int plen;
/*
* Save the entry DN as an optional data, if
* dn to uid caching is being performed and
* not processing enumeration results and
* there's enough room in the buffer.
* Format is (passwd data followed by the optional data):
* <passwd data> + '\0' + '#dn:' + <server_type>' + ':' +
* <DN> + '\0'
*/
if (dn2uid_cache_state == NSS_LDAP_CACHE_INITED &&
be->enumcookie == NULL) {
dn_v = __ns_ldap_getAttr(entry, "dn");
(void) _nss_ldap_get_server_type(be->extra_info,
&server_type);
dnlen = NSS_LDAP_DN_TAG_LEN +
strlen(server_type) + 1 + strlen(dn_v[0]) + 1;
if ((str_len + dnlen) > buflen)
dnlen = 0;
}
if (dnlen == 0) {
plen = snprintf(argp->buf.buffer, buflen,
"%s:%s:%s:%s:%s:%s:%s",
uid_v[0], "x", uidn_v[0], gidn_v[0],
gecos_v[0], homedir_v[0], shell_v[0]);
be->have_dn = B_FALSE;
} else {
plen = snprintf(argp->buf.buffer, buflen,
"%s:%s:%s:%s:%s:%s:%s%c%s%s:%s",
uid_v[0], "x", uidn_v[0], gidn_v[0],
gecos_v[0], homedir_v[0], shell_v[0],
'\0', NSS_LDAP_DN_TAG, server_type, dn_v[0]);
be->have_dn = B_TRUE;
}
if (plen >= buflen)
nss_result = (int)NSS_STR_PARSE_ERANGE;
}
result_pwd2str:
if (be->extra_info != NULL) {
__ns_ldap_freeEntry(be->extra_info);
be->extra_info = NULL;
}
(void) __ns_ldap_freeResult(&be->result);
return ((int)nss_result);
}
/*
* getbyname gets a passwd entry by uid name. This function constructs an ldap
* search filter using the name invocation parameter and the getpwnam search
* filter defined. Once the filter is constructed, we search for a matching
* entry and marshal the data results into struct passwd for the frontend
* process. The function _nss_ldap_passwd2ent performs the data marshaling.
*/
static nss_status_t
getbyname(ldap_backend_ptr be, void *a)
{
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
char searchfilter[SEARCHFILTERLEN];
char userdata[SEARCHFILTERLEN];
char name[SEARCHFILTERLEN];
int ret;
if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(searchfilter, sizeof (searchfilter), _F_GETPWNAM, name);
if (ret >= sizeof (searchfilter) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(userdata, sizeof (userdata), _F_GETPWNAM_SSD, name);
if (ret >= sizeof (userdata) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
be->extra_info_attr = pwd_extra_info_attr;
return ((nss_status_t)_nss_ldap_lookup(be, argp,
_PASSWD, searchfilter, NULL, _merge_SSD_filter, userdata));
}
/*
* getbyuid gets a passwd entry by uid number. This function constructs an ldap
* search filter using the uid invocation parameter and the getpwuid search
* filter defined. Once the filter is constructed, we search for a matching
* entry and marshal the data results into struct passwd for the frontend
* process. The function _nss_ldap_passwd2ent performs the data marshaling.
*/
static nss_status_t
getbyuid(ldap_backend_ptr be, void *a)
{
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
char searchfilter[SEARCHFILTERLEN];
char userdata[SEARCHFILTERLEN];
int ret;
if (argp->key.uid > MAXUID)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(searchfilter, sizeof (searchfilter),
_F_GETPWUID, (long)argp->key.uid);
if (ret >= sizeof (searchfilter) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(userdata, sizeof (userdata),
_F_GETPWUID_SSD, (long)argp->key.uid);
if (ret >= sizeof (userdata) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
return ((nss_status_t)_nss_ldap_lookup(be, argp,
_PASSWD, searchfilter, NULL, _merge_SSD_filter, userdata));
}
static ldap_backend_op_t passwd_ops[] = {
_nss_ldap_destr,
_nss_ldap_endent,
_nss_ldap_setent,
_nss_ldap_getent,
getbyname,
getbyuid
};
/*
* _nss_ldap_passwd_constr is where life begins. This function calls the
* generic ldap constructor function to define and build the abstract
* data types required to support ldap operations.
*/
/*ARGSUSED0*/
nss_backend_t *
_nss_ldap_passwd_constr(const char *dummy1, const char *dummy2,
const char *dummy3)
{
return ((nss_backend_t *)_nss_ldap_constr(passwd_ops,
sizeof (passwd_ops)/sizeof (passwd_ops[0]),
_PASSWD, pwd_attrs, _nss_ldap_passwd2str));
}