int principal2uid(char *principal, uid_t * puid) { #ifdef _USE_NFSIDMAP gid_t gss_gid; uid_t gss_uid; int rc; if(uidmap_get(principal, (unsigned long *)&gss_uid) != ID_MAPPER_SUCCESS) { if(!nfsidmap_set_conf()) { LogCrit(COMPONENT_IDMAPPER, "principal2uid: nfsidmap_set_conf failed"); return 0; } /* nfs4_gss_princ_to_ids required to extract uid/gid from gss creds */ LogFullDebug(COMPONENT_IDMAPPER, "calling nfs4_gss_princ_to_ids() to map principal to uid/gid"); rc = nfs4_gss_princ_to_ids("krb5", principal, &gss_uid, &gss_gid); if(rc) { LogFullDebug(COMPONENT_IDMAPPER, "principal2uid: nfs4_gss_princ_to_ids %s failed %d (%s)", principal, -rc, strerror(-rc)); return 0; } if(uidmap_add(principal, gss_uid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "principal2uid: uidmap_add %s %d failed", principal, gss_uid); return 0; } if(uidgidmap_add(gss_uid, gss_gid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "principal2uid: uidgidmap_add gss_uid %d gss_gid %d failed", gss_uid, gss_gid); return 0; } } LogFullDebug(COMPONENT_IDMAPPER, "principal2uid: uidmap_get mapped %s to uid= %d", principal, gss_uid); *puid = gss_uid; return 1; #else return 0 ; #endif /* _USE_NFSIDMAP */ } /* principal2uid */
/** * * name2gid: convert a name to a gid * * convert a name to a gid * * @param name [IN] the name of the user * @param pgid [OUT] the resulting gid * * return 1 if successful, 0 otherwise * */ int name2gid(char *name, gid_t * pgid) { #ifndef _USE_NFSIDMAP struct group g; #ifndef _SOLARIS struct group *pg = NULL; #endif static char buff[NFS4_MAX_DOMAIN_LEN]; /* Working area for getgrnam_r */ #endif gid_t gid; int rc; if(gidmap_get(name, (unsigned long *)&gid) == ID_MAPPER_SUCCESS) { LogFullDebug(COMPONENT_IDMAPPER, "name2gid: gidmap_get mapped %s to gid= %d", name, gid); *pgid = gid; } else { #ifdef _USE_NFSIDMAP if(!nfsidmap_set_conf()) { LogCrit(COMPONENT_IDMAPPER, "name2gid: nfsidmap_set_conf failed"); return 0; } rc = nfs4_name_to_gid(name, pgid); if(rc) { LogFullDebug(COMPONENT_IDMAPPER, "name2gid: nfs4_name_to_gid %s failed %d (%s)", name, -rc, strerror(-rc)); return 0; } LogFullDebug(COMPONENT_IDMAPPER, "name2gid: nfs4_name_to_gid %s returned %d", name, *pgid); if(gidmap_add(name, *pgid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2gid: gidmap_add %s %d failed", name, *pgid); return 0; } #else #ifdef _SOLARIS if(getgrnam_r(name, &g, buff, NFS4_MAX_DOMAIN_LEN) != 0) #else if(getgrnam_r(name, &g, buff, NFS4_MAX_DOMAIN_LEN, &pg) != 0) #endif { LogFullDebug(COMPONENT_IDMAPPER, "name2gid: getgrnam_r %s failed", name); *pgid = -1; return 0; } else { *pgid = g.gr_gid; if(gidmap_add(name, g.gr_gid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2gid: gidmap_add %s %d failed", name, g.gr_gid); return 0; } } #endif /* _USE_NFSIDMAP */ } return 1; } /* name2gid */
/** * * gid2name: convert a gid to a name. * * convert a uid to a name. * * @param name [OUT] the name of the user * @param gid [IN] the input gid * * return 1 if successful, 0 otherwise * */ int gid2name(char *name, gid_t * pgid) { #ifndef _USE_NFSIDMAP struct group g; #ifndef _SOLARIS struct group *pg = NULL; #endif static char buff[NFS4_MAX_DOMAIN_LEN]; /* Working area for getgrnam_r */ #endif #ifdef _USE_NFSIDMAP int rc; if(gnamemap_get(*pgid, name) == ID_MAPPER_SUCCESS) { LogFullDebug(COMPONENT_IDMAPPER, "gid2name: unamemap_get gid %d returned %s", *pgid, name); return 1; } else { if(!nfsidmap_set_conf()) { LogCrit(COMPONENT_IDMAPPER, "gid2name: nfsidmap_set_conf failed"); return 0; } rc = nfs4_gid_to_name(*pgid, idmap_domain, name, NFS4_MAX_DOMAIN_LEN); if(rc != 0) { LogDebug(COMPONENT_IDMAPPER, "gid2name: nfs4_gid_to_name %d returned %d (%s)", *pgid, -rc, strerror(-rc)); return 0; } LogFullDebug(COMPONENT_IDMAPPER, "gid2name: nfs4_gid_to_name gid %d returned %s", *pgid, name); if(gidmap_add(name, *pgid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "gid2name: gidmap_add %s %d failed", name, *pgid); return 0; } } return 1; #else if(gnamemap_get(*pgid, name) == ID_MAPPER_SUCCESS) { LogFullDebug(COMPONENT_IDMAPPER, "gid2name: gnamemap_get gid %d returned %s", *pgid, name); return 1; } else { #ifdef _SOLARIS if(getgrgid_r(*pgid, &g, buff, NFS4_MAX_DOMAIN_LEN) != 0) #else if((getgrgid_r(*pgid, &g, buff, NFS4_MAX_DOMAIN_LEN, &pg) != 0) || (pg == NULL)) #endif /* _SOLARIS */ { LogFullDebug(COMPONENT_IDMAPPER, "gid2name: getgrgid_r %d failed", *pgid); return 0; } strncpy(name, g.gr_name, NFS4_MAX_DOMAIN_LEN); LogFullDebug(COMPONENT_IDMAPPER, "gid2name: getgrgid_r gid %d returned %s", *pgid, name); if(gidmap_add(name, *pgid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "gid2name: gidmap_add %s %d failed", name, *pgid); return 0; } } return 1; #endif /* _USE_NFSIDMAP */ } /* gid2name */
/** * * name2uid: convert a name to a uid * * convert a name to a uid * * @param name [IN] the name of the user * @param puid [OUT] the resulting uid * * return 1 if successful, 0 otherwise * */ int name2uid(char *name, uid_t * puid) { struct passwd passwd; struct passwd *ppasswd; char buff[NFS4_MAX_DOMAIN_LEN]; uid_t uid; #ifdef _HAVE_GSSAPI gid_t gss_gid; uid_t gss_uid; #endif #ifdef _USE_NFSIDMAP char fqname[NFS4_MAX_DOMAIN_LEN]; int rc; #endif /* NFsv4 specific features: RPCSEC_GSS will provide user like nfs/<host> * choice is made to map them to root */ if(!strncmp(name, "nfs/", 4)) { /* This is a "root" request made from the hostbased nfs principal, use root */ LogFullDebug(COMPONENT_IDMAPPER, "name2uid: mapping %s to root (uid = 0)", name); *puid = 0; return 1; } if(uidmap_get(name, (unsigned long *)&uid) == ID_MAPPER_SUCCESS) { LogFullDebug(COMPONENT_IDMAPPER, "name2uid: uidmap_get mapped %s to uid= %d", name, uid); *puid = uid; return 1 ; } else { #ifdef _SOLARIS if(getpwnam_r(name, &passwd, buff, NFS4_MAX_DOMAIN_LEN) != 0) #else if(getpwnam_r(name, &passwd, buff, NFS4_MAX_DOMAIN_LEN, &ppasswd) != 0) #endif /* _SOLARIS */ { LogFullDebug(COMPONENT_IDMAPPER, "name2uid: getpwnam_r %s failed", name); *puid = -1; return 0; } else { *puid = passwd.pw_uid; #ifdef _HAVE_GSSAPI if(uidgidmap_add(passwd.pw_uid, passwd.pw_gid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2uid: uidgidmap_add gss_uid %d gss_gid %d failed", gss_uid, gss_gid); return 0; } #endif /* _HAVE_GSSAPI */ if(uidmap_add(name, passwd.pw_uid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2uid: uidmap_add %s %d failed", name, passwd.pw_uid); return 0; } return 1 ; /* Job is done */ } #ifdef _USE_NFSIDMAP if(!nfsidmap_set_conf()) { LogCrit(COMPONENT_IDMAPPER, "name2uid: nfsidmap_set_conf failed"); return 0; } /* obtain fully qualified name */ if(strchr(name, '@') == NULL) sprintf(fqname, "%s@%s", name, idmap_domain); else strncpy(fqname, name, NFS4_MAX_DOMAIN_LEN - 1); rc = nfs4_name_to_uid(fqname, puid); if(rc) { LogFullDebug(COMPONENT_IDMAPPER, "name2uid: nfs4_name_to_uid %s failed %d (%s)", fqname, -rc, strerror(-rc)); return 0; } LogFullDebug(COMPONENT_IDMAPPER, "name2uid: nfs4_name_to_uid %s returned %d", fqname, *puid); if(uidmap_add(fqname, *puid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2uid: uidmap_add %s %d failed", fqname, *puid); return 0; } #ifdef _HAVE_GSSAPI /* nfs4_gss_princ_to_ids required to extract uid/gid from gss creds * XXX: currently uses unqualified name as per libnfsidmap comments */ rc = nfs4_gss_princ_to_ids("krb5", name, &gss_uid, &gss_gid); if(rc) { LogFullDebug(COMPONENT_IDMAPPER, "name2uid: nfs4_gss_princ_to_ids %s failed %d (%s)", name, -rc, strerror(-rc)); return 0; } if(uidgidmap_add(gss_uid, gss_gid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2uid: uidgidmap_add gss_uid %d gss_gid %d failed", gss_uid, gss_gid); return 0; } #endif /* _HAVE_GSSAPI */ #endif /* _USE_NFSIDMAP */ } return 1; } /* name2uid */
/** * * uid2name: convert a uid to a name. * * convert a uid to a name. * * @param name [OUT] the name of the user * @param uid [IN] the input uid * * return 1 if successful, 0 otherwise * */ int uid2name(char *name, uid_t * puid) { char fqname[NFS4_MAX_DOMAIN_LEN]; #ifdef _USE_NFSIDMAP int rc; if(!nfsidmap_set_conf()) { LogCrit(COMPONENT_IDMAPPER, "uid2name: nfsidmap_set_conf failed"); return 0; } if(unamemap_get(*puid, name) == ID_MAPPER_SUCCESS) { LogFullDebug(COMPONENT_IDMAPPER, "uid2name: unamemap_get uid %d returned %s", *puid, name); return 1; } else { rc = nfs4_uid_to_name(*puid, idmap_domain, name, NFS4_MAX_DOMAIN_LEN); if(rc != 0) { LogDebug(COMPONENT_IDMAPPER, "uid2name: nfs4_uid_to_name %d returned %d (%s)", *puid, -rc, strerror(-rc)); return 0; } strncpy(fqname, name, NFS4_MAX_DOMAIN_LEN); if(strchr(name, '@') == NULL) { LogFullDebug(COMPONENT_IDMAPPER, "uid2name: adding domain %s", idmap_domain); sprintf(fqname, "%s@%s", name, idmap_domain); strncpy(name, fqname, NFS4_MAX_DOMAIN_LEN); } LogFullDebug(COMPONENT_IDMAPPER, "uid2name: nfs4_uid_to_name uid %d returned %s", *puid, name); if(uidmap_add(fqname, *puid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "uid2name: uidmap_add %s %d failed", fqname, *puid); return 0; } } return 1; #else struct passwd p; struct passwd *pp; char buff[NFS4_MAX_DOMAIN_LEN]; if(unamemap_get(*puid, name) == ID_MAPPER_SUCCESS) { LogFullDebug(COMPONENT_IDMAPPER, "uid2name: unamemap_get uid %d returned %s", *puid, name); return 1; } else { #ifdef _SOLARIS if(getpwuid_r(*puid, &p, buff, MAXPATHLEN) != 0) #else if((getpwuid_r(*puid, &p, buff, MAXPATHLEN, &pp) != 0) || (pp == NULL)) #endif /* _SOLARIS */ { LogFullDebug(COMPONENT_IDMAPPER, "uid2name: getpwuid_r %d failed", *puid); return 0; } strncpy(name, p.pw_name, NFS4_MAX_DOMAIN_LEN); LogFullDebug(COMPONENT_IDMAPPER, "uid2name: getpwuid_r uid %d returned %s", *puid, name); if(uidmap_add(name, *puid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "uid2name: uidmap_add %s %d failed", name, *puid); return 0; } } return 1; #endif /* _USE_NFSIDMAP */ } /* uid2name */