ldap/common/getpwnam.c

2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A/*
2N/A * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A#include <pwd.h>
2N/A#include "ldap_common.h"
2N/A
2N/A/* passwd attributes filters */
2N/A#define _PWD_CN         "cn"
2N/A#define _PWD_UID        "uid"
2N/A#define _PWD_USERPASSWORD   "userpassword"
2N/A#define _PWD_UIDNUMBER      "uidnumber"
2N/A#define _PWD_GIDNUMBER      "gidnumber"
2N/A#define _PWD_GECOS      "gecos"
2N/A#define _PWD_DESCRIPTION    "description"
2N/A#define _PWD_HOMEDIRECTORY  "homedirectory"
2N/A#define _PWD_LOGINSHELL     "loginshell"
2N/A
2N/A#define _F_GETPWUID     "(&(objectClass=posixAccount)(uidNumber=%ld))"
2N/A#define _F_GETPWUID_SSD     "(&(%%s)(uidNumber=%ld))"
2N/A
2N/Astatic const char *pwd_attrs[] = {
2N/A    _PWD_CN,
2N/A    _PWD_UID,
2N/A    _PWD_UIDNUMBER,
2N/A    _PWD_GIDNUMBER,
2N/A    _PWD_GECOS,
2N/A    _PWD_DESCRIPTION,
2N/A    _PWD_HOMEDIRECTORY,
2N/A    _PWD_LOGINSHELL,
2N/A    (char *)NULL
2N/A};
2N/A
2N/A/* Use this attribute to ask for server type from libsldap. */
2N/Astatic const char *pwd_extra_info_attr[] = {
2N/A    "__ns_ldap_op_attr_server_type",
2N/A    (char *)NULL
2N/A};
2N/A
2N/A/*
2N/A * dn2uid_cache_state is set in getgrent.c when group dn2uid cache is created.
2N/A */
2N/Aextern nss_ldap_cache_state_t dn2uid_cache_state;
2N/A
2N/A/*
2N/A * _nss_ldap_passwd2str is the data marshaling method for the passwd getXbyY
2N/A * (e.g., getbyuid(), getbyname(), getpwent()) backend processes. This method is
2N/A * called after a successful ldap search has been performed. This method will
2N/A * parse the ldap search values into the file format.
2N/A * e.g.
2N/A *
2N/A * nobody:x:60001:60001:Nobody:/:
2N/A *
2N/A */
2N/Astatic int
2N/A_nss_ldap_passwd2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
2N/A{
2N/A    int     nss_result;
2N/A    int     buflen = 0;
2N/A    unsigned long   str_len = 0L;
2N/A    char        *buffer = NULL;
2N/A    ns_ldap_result_t    *result = be->result;
2N/A    ns_ldap_entry_t *entry;
2N/A    char        **dn_v;
2N/A    int     dnlen = 0;
2N/A    char        **uid_v, **uidn_v, **gidn_v;
2N/A    char        **gecos_v, **homedir_v, **shell_v;
2N/A    char        *NULL_STR = "";
2N/A    char        uid_nobody[NOBODY_STR_LEN];
2N/A    char        gid_nobody[NOBODY_STR_LEN], *end;
2N/A    char        *uid_nobody_v[1], *gid_nobody_v[1];
2N/A    char        *server_type;
2N/A
2N/A    (void) snprintf(uid_nobody, sizeof (uid_nobody), "%u", UID_NOBODY);
2N/A    uid_nobody_v[0] = uid_nobody;
2N/A    (void) snprintf(gid_nobody, sizeof (gid_nobody), "%u", GID_NOBODY);
2N/A    gid_nobody_v[0] = gid_nobody;
2N/A
2N/A    if (result == NULL) {
2N/A        if (be->extra_info != NULL) {
2N/A            __ns_ldap_freeEntry(be->extra_info);
2N/A            be->extra_info = NULL;
2N/A        }
2N/A        return (NSS_STR_PARSE_PARSE);
2N/A    }
2N/A
2N/A    entry = result->entry;
2N/A
2N/A    buflen = argp->buf.buflen;
2N/A    buffer = argp->buf.buffer;
2N/A
2N/A    nss_result = NSS_STR_PARSE_SUCCESS;
2N/A    (void) memset(buffer, 0, buflen);
2N/A
2N/A    /* 8 = 6 ':' + 1 '\0' + 1 'x' */
2N/A    str_len = 8;
2N/A
2N/A    uid_v = __ns_ldap_getAttr(entry, _PWD_UID);
2N/A    uidn_v = __ns_ldap_getAttr(entry, _PWD_UIDNUMBER);
2N/A    gidn_v = __ns_ldap_getAttr(entry, _PWD_GIDNUMBER);
2N/A    if (uid_v == NULL || uidn_v == NULL || gidn_v == NULL ||
2N/A        uid_v[0] == NULL || uidn_v[0] == NULL || gidn_v[0] == NULL) {
2N/A        nss_result = NSS_STR_PARSE_PARSE;
2N/A        goto result_pwd2str;
2N/A    }
2N/A    /* Validate UID and GID */
2N/A    if (strtoul(uidn_v[0], &end, 10) > MAXUID)
2N/A        uidn_v = uid_nobody_v;
2N/A    if (strtoul(gidn_v[0], &end, 10) > MAXUID)
2N/A        gidn_v = gid_nobody_v;
2N/A    str_len += strlen(uid_v[0]) + strlen(uidn_v[0]) + strlen(gidn_v[0]);
2N/A    if (str_len >  buflen) {
2N/A        nss_result = NSS_STR_PARSE_ERANGE;
2N/A        goto result_pwd2str;
2N/A    }
2N/A
2N/A    gecos_v = __ns_ldap_getAttr(entry, _PWD_GECOS);
2N/A    if (gecos_v == NULL || gecos_v[0] == NULL || *gecos_v[0] == '\0')
2N/A        gecos_v = &NULL_STR;
2N/A    else
2N/A        str_len += strlen(gecos_v[0]);
2N/A
2N/A    homedir_v = __ns_ldap_getAttr(entry, _PWD_HOMEDIRECTORY);
2N/A    if (homedir_v == NULL || homedir_v[0] == NULL || *homedir_v[0] == '\0')
2N/A        homedir_v = &NULL_STR;
2N/A    else
2N/A        str_len += strlen(homedir_v[0]);
2N/A
2N/A    shell_v = __ns_ldap_getAttr(entry, _PWD_LOGINSHELL);
2N/A    if (shell_v == NULL || shell_v[0] == NULL || *shell_v[0] == '\0')
2N/A        shell_v = &NULL_STR;
2N/A    else
2N/A        str_len += strlen(shell_v[0]);
2N/A
2N/A    if (str_len >  buflen) {
2N/A        nss_result = NSS_STR_PARSE_ERANGE;
2N/A        goto result_pwd2str;
2N/A    }
2N/A
2N/A    if (argp->buf.result != NULL) {
2N/A        be->buflen = str_len;
2N/A        be->buffer = malloc(be->buflen);
2N/A        if (be->buffer == NULL) {
2N/A            nss_result = (int)NSS_STR_PARSE_ERANGE;
2N/A            goto result_pwd2str;
2N/A        }
2N/A
2N/A        (void) snprintf(be->buffer, be->buflen,
2N/A            "%s:%s:%s:%s:%s:%s:%s",
2N/A            uid_v[0], "x", uidn_v[0], gidn_v[0],
2N/A            gecos_v[0], homedir_v[0], shell_v[0]);
2N/A    } else {
2N/A        int plen;
2N/A        /*
2N/A         * Save the entry DN as an optional data, if
2N/A         * dn to uid caching is being performed and
2N/A         * not processing enumeration results and
2N/A         * there's enough room in the buffer.
2N/A         * Format is (passwd data followed by the optional data):
2N/A         * <passwd data> + '\0' + '#dn:' + <server_type>' + ':' +
2N/A         * <DN> + '\0'
2N/A         */
2N/A        if (dn2uid_cache_state == NSS_LDAP_CACHE_INITED &&
2N/A            be->enumcookie == NULL) {
2N/A            dn_v = __ns_ldap_getAttr(entry, "dn");
2N/A            (void) _nss_ldap_get_server_type(be->extra_info,
2N/A                &server_type);
2N/A            dnlen = NSS_LDAP_DN_TAG_LEN +
2N/A                strlen(server_type) + 1 + strlen(dn_v[0]) + 1;
2N/A            if ((str_len + dnlen) > buflen)
2N/A                dnlen = 0;
2N/A        }
2N/A
2N/A        if (dnlen == 0) {
2N/A            plen = snprintf(argp->buf.buffer, buflen,
2N/A                "%s:%s:%s:%s:%s:%s:%s",
2N/A                uid_v[0], "x", uidn_v[0], gidn_v[0],
2N/A                gecos_v[0], homedir_v[0], shell_v[0]);
2N/A            be->have_dn = B_FALSE;
2N/A        } else {
2N/A            plen = snprintf(argp->buf.buffer, buflen,
2N/A                "%s:%s:%s:%s:%s:%s:%s%c%s%s:%s",
2N/A                uid_v[0], "x", uidn_v[0], gidn_v[0],
2N/A                gecos_v[0], homedir_v[0], shell_v[0],
2N/A                '\0', NSS_LDAP_DN_TAG, server_type, dn_v[0]);
2N/A            be->have_dn = B_TRUE;
2N/A        }
2N/A        if (plen >= buflen)
2N/A            nss_result = (int)NSS_STR_PARSE_ERANGE;
2N/A    }
2N/A
2N/Aresult_pwd2str:
2N/A
2N/A    if (be->extra_info != NULL) {
2N/A        __ns_ldap_freeEntry(be->extra_info);
2N/A        be->extra_info = NULL;
2N/A    }
2N/A    (void) __ns_ldap_freeResult(&be->result);
2N/A    return ((int)nss_result);
2N/A}
2N/A
2N/A/*
2N/A * getbyname gets a passwd entry by uid name. This function constructs an ldap
2N/A * search filter using the name invocation parameter and the getpwnam search
2N/A * filter defined. Once the filter is constructed, we search for a matching
2N/A * entry and marshal the data results into struct passwd for the frontend
2N/A * process. The function _nss_ldap_passwd2ent performs the data marshaling.
2N/A */
2N/A
2N/Astatic nss_status_t
2N/Agetbyname(ldap_backend_ptr be, void *a)
2N/A{
2N/A    nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
2N/A    char        searchfilter[SEARCHFILTERLEN];
2N/A    char        userdata[SEARCHFILTERLEN];
2N/A    char        name[SEARCHFILTERLEN];
2N/A    int     ret;
2N/A
2N/A    if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
2N/A        return ((nss_status_t)NSS_NOTFOUND);
2N/A
2N/A    ret = snprintf(searchfilter, sizeof (searchfilter), _F_GETPWNAM, name);
2N/A    if (ret >= sizeof (searchfilter) || ret < 0)
2N/A        return ((nss_status_t)NSS_NOTFOUND);
2N/A
2N/A    ret = snprintf(userdata, sizeof (userdata), _F_GETPWNAM_SSD, name);
2N/A    if (ret >= sizeof (userdata) || ret < 0)
2N/A        return ((nss_status_t)NSS_NOTFOUND);
2N/A
2N/A    be->extra_info_attr = pwd_extra_info_attr;
2N/A    return ((nss_status_t)_nss_ldap_lookup(be, argp,
2N/A        _PASSWD, searchfilter, NULL, _merge_SSD_filter, userdata));
2N/A}
2N/A
2N/A
2N/A/*
2N/A * getbyuid gets a passwd entry by uid number. This function constructs an ldap
2N/A * search filter using the uid invocation parameter and the getpwuid search
2N/A * filter defined. Once the filter is constructed, we search for a matching
2N/A * entry and marshal the data results into struct passwd for the frontend
2N/A * process. The function _nss_ldap_passwd2ent performs the data marshaling.
2N/A */
2N/A
2N/Astatic nss_status_t
2N/Agetbyuid(ldap_backend_ptr be, void *a)
2N/A{
2N/A    nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
2N/A    char        searchfilter[SEARCHFILTERLEN];
2N/A    char        userdata[SEARCHFILTERLEN];
2N/A    int     ret;
2N/A
2N/A    if (argp->key.uid > MAXUID)
2N/A        return ((nss_status_t)NSS_NOTFOUND);
2N/A
2N/A    ret = snprintf(searchfilter, sizeof (searchfilter),
2N/A        _F_GETPWUID, (long)argp->key.uid);
2N/A    if (ret >= sizeof (searchfilter) || ret < 0)
2N/A        return ((nss_status_t)NSS_NOTFOUND);
2N/A
2N/A    ret = snprintf(userdata, sizeof (userdata),
2N/A        _F_GETPWUID_SSD, (long)argp->key.uid);
2N/A    if (ret >= sizeof (userdata) || ret < 0)
2N/A        return ((nss_status_t)NSS_NOTFOUND);
2N/A
2N/A    return ((nss_status_t)_nss_ldap_lookup(be, argp,
2N/A        _PASSWD, searchfilter, NULL, _merge_SSD_filter, userdata));
2N/A}
2N/A
2N/Astatic ldap_backend_op_t passwd_ops[] = {
2N/A    _nss_ldap_destr,
2N/A    _nss_ldap_endent,
2N/A    _nss_ldap_setent,
2N/A    _nss_ldap_getent,
2N/A    getbyname,
2N/A    getbyuid
2N/A};
2N/A
2N/A
2N/A/*
2N/A * _nss_ldap_passwd_constr is where life begins. This function calls the
2N/A * generic ldap constructor function to define and build the abstract
2N/A * data types required to support ldap operations.
2N/A */
2N/A
2N/A/*ARGSUSED0*/
2N/Anss_backend_t *
2N/A_nss_ldap_passwd_constr(const char *dummy1, const char *dummy2,
2N/A            const char *dummy3)
2N/A{
2N/A
2N/A    return ((nss_backend_t *)_nss_ldap_constr(passwd_ops,
2N/A        sizeof (passwd_ops)/sizeof (passwd_ops[0]),
2N/A        _PASSWD, pwd_attrs, _nss_ldap_passwd2str));
2N/A}