int principal2uid(char *principal, uid_t * puid)
{
#ifdef _USE_NFSIDMAP
gid_t gss_gid;
uid_t gss_uid;
int rc;
if(uidmap_get(principal, (unsigned long *)&gss_uid) != ID_MAPPER_SUCCESS)
{
if(!nfsidmap_set_conf())
{
LogCrit(COMPONENT_IDMAPPER,
"principal2uid: nfsidmap_set_conf failed");
return 0;
}
/* nfs4_gss_princ_to_ids required to extract uid/gid from gss creds */
LogFullDebug(COMPONENT_IDMAPPER,
"calling nfs4_gss_princ_to_ids() to map principal to uid/gid");
rc = nfs4_gss_princ_to_ids("krb5", principal, &gss_uid, &gss_gid);
if(rc)
{
LogFullDebug(COMPONENT_IDMAPPER,
"principal2uid: nfs4_gss_princ_to_ids %s failed %d (%s)",
principal, -rc, strerror(-rc));
return 0;
}
if(uidmap_add(principal, gss_uid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"principal2uid: uidmap_add %s %d failed",
principal, gss_uid);
return 0;
}
if(uidgidmap_add(gss_uid, gss_gid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"principal2uid: uidgidmap_add gss_uid %d gss_gid %d failed",
gss_uid, gss_gid);
return 0;
}
}
LogFullDebug(COMPONENT_IDMAPPER,
"principal2uid: uidmap_get mapped %s to uid= %d",
principal, gss_uid);
*puid = gss_uid;
return 1;
#else
return 0 ;
#endif /* _USE_NFSIDMAP */
} /* principal2uid */
/**
*
* name2gid: convert a name to a gid
*
* convert a name to a gid
*
* @param name [IN] the name of the user
* @param pgid [OUT] the resulting gid
*
* return 1 if successful, 0 otherwise
*
*/
int name2gid(char *name, gid_t * pgid)
{
#ifndef _USE_NFSIDMAP
struct group g;
#ifndef _SOLARIS
struct group *pg = NULL;
#endif
static char buff[NFS4_MAX_DOMAIN_LEN]; /* Working area for getgrnam_r */
#endif
gid_t gid;
int rc;
if(gidmap_get(name, (unsigned long *)&gid) == ID_MAPPER_SUCCESS)
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2gid: gidmap_get mapped %s to gid= %d",
name, gid);
*pgid = gid;
}
else
{
#ifdef _USE_NFSIDMAP
if(!nfsidmap_set_conf())
{
LogCrit(COMPONENT_IDMAPPER,
"name2gid: nfsidmap_set_conf failed");
return 0;
}
rc = nfs4_name_to_gid(name, pgid);
if(rc)
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2gid: nfs4_name_to_gid %s failed %d (%s)",
name, -rc, strerror(-rc));
return 0;
}
LogFullDebug(COMPONENT_IDMAPPER,
"name2gid: nfs4_name_to_gid %s returned %d",
name, *pgid);
if(gidmap_add(name, *pgid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2gid: gidmap_add %s %d failed",
name, *pgid);
return 0;
}
#else
#ifdef _SOLARIS
if(getgrnam_r(name, &g, buff, NFS4_MAX_DOMAIN_LEN) != 0)
#else
if(getgrnam_r(name, &g, buff, NFS4_MAX_DOMAIN_LEN, &pg) != 0)
#endif
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2gid: getgrnam_r %s failed",
name);
*pgid = -1;
return 0;
}
else
{
*pgid = g.gr_gid;
if(gidmap_add(name, g.gr_gid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2gid: gidmap_add %s %d failed",
name, g.gr_gid);
return 0;
}
}
#endif /* _USE_NFSIDMAP */
}
return 1;
} /* name2gid */
/**
*
* gid2name: convert a gid to a name.
*
* convert a uid to a name.
*
* @param name [OUT] the name of the user
* @param gid [IN] the input gid
*
* return 1 if successful, 0 otherwise
*
*/
int gid2name(char *name, gid_t * pgid)
{
#ifndef _USE_NFSIDMAP
struct group g;
#ifndef _SOLARIS
struct group *pg = NULL;
#endif
static char buff[NFS4_MAX_DOMAIN_LEN]; /* Working area for getgrnam_r */
#endif
#ifdef _USE_NFSIDMAP
int rc;
if(gnamemap_get(*pgid, name) == ID_MAPPER_SUCCESS)
{
LogFullDebug(COMPONENT_IDMAPPER,
"gid2name: unamemap_get gid %d returned %s",
*pgid, name);
return 1;
}
else
{
if(!nfsidmap_set_conf())
{
LogCrit(COMPONENT_IDMAPPER,
"gid2name: nfsidmap_set_conf failed");
return 0;
}
rc = nfs4_gid_to_name(*pgid, idmap_domain, name, NFS4_MAX_DOMAIN_LEN);
if(rc != 0)
{
LogDebug(COMPONENT_IDMAPPER,
"gid2name: nfs4_gid_to_name %d returned %d (%s)",
*pgid, -rc, strerror(-rc));
return 0;
}
LogFullDebug(COMPONENT_IDMAPPER,
"gid2name: nfs4_gid_to_name gid %d returned %s",
*pgid, name);
if(gidmap_add(name, *pgid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"gid2name: gidmap_add %s %d failed",
name, *pgid);
return 0;
}
}
return 1;
#else
if(gnamemap_get(*pgid, name) == ID_MAPPER_SUCCESS)
{
LogFullDebug(COMPONENT_IDMAPPER,
"gid2name: gnamemap_get gid %d returned %s",
*pgid, name);
return 1;
}
else
{
#ifdef _SOLARIS
if(getgrgid_r(*pgid, &g, buff, NFS4_MAX_DOMAIN_LEN) != 0)
#else
if((getgrgid_r(*pgid, &g, buff, NFS4_MAX_DOMAIN_LEN, &pg) != 0) ||
(pg == NULL))
#endif /* _SOLARIS */
{
LogFullDebug(COMPONENT_IDMAPPER,
"gid2name: getgrgid_r %d failed",
*pgid);
return 0;
}
strncpy(name, g.gr_name, NFS4_MAX_DOMAIN_LEN);
LogFullDebug(COMPONENT_IDMAPPER,
"gid2name: getgrgid_r gid %d returned %s",
*pgid, name);
if(gidmap_add(name, *pgid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"gid2name: gidmap_add %s %d failed",
name, *pgid);
return 0;
}
}
return 1;
#endif /* _USE_NFSIDMAP */
} /* gid2name */
/**
*
* name2uid: convert a name to a uid
*
* convert a name to a uid
*
* @param name [IN] the name of the user
* @param puid [OUT] the resulting uid
*
* return 1 if successful, 0 otherwise
*
*/
int name2uid(char *name, uid_t * puid)
{
struct passwd passwd;
struct passwd *ppasswd;
char buff[NFS4_MAX_DOMAIN_LEN];
uid_t uid;
#ifdef _HAVE_GSSAPI
gid_t gss_gid;
uid_t gss_uid;
#endif
#ifdef _USE_NFSIDMAP
char fqname[NFS4_MAX_DOMAIN_LEN];
int rc;
#endif
/* NFsv4 specific features: RPCSEC_GSS will provide user like nfs/<host>
* choice is made to map them to root */
if(!strncmp(name, "nfs/", 4))
{
/* This is a "root" request made from the hostbased nfs principal, use root */
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: mapping %s to root (uid = 0)",
name);
*puid = 0;
return 1;
}
if(uidmap_get(name, (unsigned long *)&uid) == ID_MAPPER_SUCCESS)
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: uidmap_get mapped %s to uid= %d",
name, uid);
*puid = uid;
return 1 ;
}
else
{
#ifdef _SOLARIS
if(getpwnam_r(name, &passwd, buff, NFS4_MAX_DOMAIN_LEN) != 0)
#else
if(getpwnam_r(name, &passwd, buff, NFS4_MAX_DOMAIN_LEN, &ppasswd) != 0)
#endif /* _SOLARIS */
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: getpwnam_r %s failed",
name);
*puid = -1;
return 0;
}
else
{
*puid = passwd.pw_uid;
#ifdef _HAVE_GSSAPI
if(uidgidmap_add(passwd.pw_uid, passwd.pw_gid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: uidgidmap_add gss_uid %d gss_gid %d failed",
gss_uid, gss_gid);
return 0;
}
#endif /* _HAVE_GSSAPI */
if(uidmap_add(name, passwd.pw_uid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: uidmap_add %s %d failed",
name, passwd.pw_uid);
return 0;
}
return 1 ; /* Job is done */
}
#ifdef _USE_NFSIDMAP
if(!nfsidmap_set_conf())
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: nfsidmap_set_conf failed");
return 0;
}
/* obtain fully qualified name */
if(strchr(name, '@') == NULL)
sprintf(fqname, "%s@%s", name, idmap_domain);
else
strncpy(fqname, name, NFS4_MAX_DOMAIN_LEN - 1);
rc = nfs4_name_to_uid(fqname, puid);
if(rc)
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: nfs4_name_to_uid %s failed %d (%s)",
fqname, -rc, strerror(-rc));
return 0;
}
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: nfs4_name_to_uid %s returned %d",
fqname, *puid);
if(uidmap_add(fqname, *puid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: uidmap_add %s %d failed",
fqname, *puid);
return 0;
}
#ifdef _HAVE_GSSAPI
/* nfs4_gss_princ_to_ids required to extract uid/gid from gss creds
* XXX: currently uses unqualified name as per libnfsidmap comments */
rc = nfs4_gss_princ_to_ids("krb5", name, &gss_uid, &gss_gid);
if(rc)
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: nfs4_gss_princ_to_ids %s failed %d (%s)",
name, -rc, strerror(-rc));
return 0;
}
if(uidgidmap_add(gss_uid, gss_gid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: uidgidmap_add gss_uid %d gss_gid %d failed",
gss_uid, gss_gid);
return 0;
}
#endif /* _HAVE_GSSAPI */
#endif /* _USE_NFSIDMAP */
}
return 1;
} /* name2uid */
/**
*
* uid2name: convert a uid to a name.
*
* convert a uid to a name.
*
* @param name [OUT] the name of the user
* @param uid [IN] the input uid
*
* return 1 if successful, 0 otherwise
*
*/
int uid2name(char *name, uid_t * puid)
{
char fqname[NFS4_MAX_DOMAIN_LEN];
#ifdef _USE_NFSIDMAP
int rc;
if(!nfsidmap_set_conf())
{
LogCrit(COMPONENT_IDMAPPER,
"uid2name: nfsidmap_set_conf failed");
return 0;
}
if(unamemap_get(*puid, name) == ID_MAPPER_SUCCESS)
{
LogFullDebug(COMPONENT_IDMAPPER,
"uid2name: unamemap_get uid %d returned %s",
*puid, name);
return 1;
}
else
{
rc = nfs4_uid_to_name(*puid, idmap_domain, name, NFS4_MAX_DOMAIN_LEN);
if(rc != 0)
{
LogDebug(COMPONENT_IDMAPPER,
"uid2name: nfs4_uid_to_name %d returned %d (%s)",
*puid, -rc, strerror(-rc));
return 0;
}
strncpy(fqname, name, NFS4_MAX_DOMAIN_LEN);
if(strchr(name, '@') == NULL)
{
LogFullDebug(COMPONENT_IDMAPPER,
"uid2name: adding domain %s",
idmap_domain);
sprintf(fqname, "%s@%s", name, idmap_domain);
strncpy(name, fqname, NFS4_MAX_DOMAIN_LEN);
}
LogFullDebug(COMPONENT_IDMAPPER,
"uid2name: nfs4_uid_to_name uid %d returned %s",
*puid, name);
if(uidmap_add(fqname, *puid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"uid2name: uidmap_add %s %d failed",
fqname, *puid);
return 0;
}
}
return 1;
#else
struct passwd p;
struct passwd *pp;
char buff[NFS4_MAX_DOMAIN_LEN];
if(unamemap_get(*puid, name) == ID_MAPPER_SUCCESS)
{
LogFullDebug(COMPONENT_IDMAPPER,
"uid2name: unamemap_get uid %d returned %s",
*puid, name);
return 1;
}
else
{
#ifdef _SOLARIS
if(getpwuid_r(*puid, &p, buff, MAXPATHLEN) != 0)
#else
if((getpwuid_r(*puid, &p, buff, MAXPATHLEN, &pp) != 0) ||
(pp == NULL))
#endif /* _SOLARIS */
{
LogFullDebug(COMPONENT_IDMAPPER,
"uid2name: getpwuid_r %d failed",
*puid);
return 0;
}
strncpy(name, p.pw_name, NFS4_MAX_DOMAIN_LEN);
LogFullDebug(COMPONENT_IDMAPPER,
"uid2name: getpwuid_r uid %d returned %s",
*puid, name);
if(uidmap_add(name, *puid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"uid2name: uidmap_add %s %d failed",
name, *puid);
return 0;
}
}
return 1;
#endif /* _USE_NFSIDMAP */
} /* uid2name */
