static int add_netgroup_member_entry(ns_ldap_entry_t *entry, netgroup_table_t *tab) { char **attrs; char **a; attrs = __ns_ldap_getAttr(entry, _N_MEMBER); if (attrs == NULL || *attrs == NULL) return (0); for (a = attrs; *a != NULL; a++) {} do { a--; if (add_netgroup_name(*a, tab) != 0) return (-1); } while (a > attrs); return (0); }
static int _nss_ldap_shadow2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) { int nss_result; int buflen = 0; int shadow_update_enabled; unsigned long len = 0L; char *tmp, *buffer = NULL; char *pw_passwd = NULL; ns_ldap_result_t *result = be->result; char **uid, **passwd, **last, **smin, **smax; char **warning, **inactive, **expire, **flag; char *last_str, *min_str, *max_str, *warning_str; char *inactive_str, *expire_str, *flag_str; if (result == NULL) return (NSS_STR_PARSE_PARSE); buflen = argp->buf.buflen; nss_result = NSS_STR_PARSE_SUCCESS; (void) memset(argp->buf.buffer, 0, buflen); uid = __ns_ldap_getAttr(result->entry, _S_UID); if (uid == NULL || uid[0] == NULL || (strlen(uid[0]) < 1)) { nss_result = NSS_STR_PARSE_PARSE; goto result_spd2str; } len += strlen(uid[0]); passwd = __ns_ldap_getAttr(result->entry, _S_USERPASSWORD); if (passwd == NULL || passwd[0] == NULL) { /* * ACL does not allow userpassword to return or * userpassword is not defined */ pw_passwd = NOPWDRTR; } else if (strcmp(passwd[0], "") == 0) { /* * An empty password is not supported */ nss_result = NSS_STR_PARSE_PARSE; goto result_spd2str; } else { if ((tmp = strstr(passwd[0], "{crypt}")) != NULL || (tmp = strstr(passwd[0], "{CRYPT}")) != NULL) { if (tmp != passwd[0]) pw_passwd = NOPWDRTR; else { pw_passwd = tmp + strlen("{crypt}"); if (strcmp(pw_passwd, NS_LDAP_NO_UNIX_PASSWORD) == 0) *pw_passwd = '\0'; } } else { /* mark password as not retrievable */ pw_passwd = NOPWDRTR; } } len += strlen(pw_passwd); /* * If shadow update is not enabled, ignore the following * password aging related attributes: * -- shadowlastchange * -- shadowmin * -- shadowmax * -- shadowwarning * -- shadowinactive * -- shadowexpire * When shadow update is not enabled, the LDAP naming * service does not support the password aging fields * defined in the shadow structure. These fields, sp_lstchg, * sp_min, sp_max, sp_warn, sp_inact, and sp_expire, * will be set to -1 by the front end marshaller. */ shadow_update_enabled = __ns_ldap_is_shadow_update_enabled(); if (shadow_update_enabled) { last = __ns_ldap_getAttr(result->entry, _S_LASTCHANGE); if (last == NULL || last[0] == NULL) last_str = _NO_VALUE; else last_str = last[0]; len += strlen(last_str); smin = __ns_ldap_getAttr(result->entry, _S_MIN); if (smin == NULL || smin[0] == NULL) min_str = _NO_VALUE; else min_str = smin[0]; len += strlen(min_str); smax = __ns_ldap_getAttr(result->entry, _S_MAX); if (smax == NULL || smax[0] == NULL) max_str = _NO_VALUE; else max_str = smax[0]; len += strlen(max_str); warning = __ns_ldap_getAttr(result->entry, _S_WARNING); if (warning == NULL || warning[0] == NULL) warning_str = _NO_VALUE; else warning_str = warning[0]; len += strlen(warning_str); inactive = __ns_ldap_getAttr(result->entry, _S_INACTIVE); if (inactive == NULL || inactive[0] == NULL) inactive_str = _NO_VALUE; else inactive_str = inactive[0]; len += strlen(inactive_str); expire = __ns_ldap_getAttr(result->entry, _S_EXPIRE); if (expire == NULL || expire[0] == NULL) expire_str = _NO_VALUE; else expire_str = expire[0]; len += strlen(expire_str); } flag = __ns_ldap_getAttr(result->entry, _S_FLAG); if (flag == NULL || flag[0] == NULL) flag_str = _NO_VALUE; else flag_str = flag[0]; /* 9 = 8 ':' + 1 '\0' */ len += strlen(flag_str) + 9; if (len > buflen) { nss_result = NSS_STR_PARSE_ERANGE; goto result_spd2str; } if (argp->buf.result != NULL) { be->buffer = calloc(1, len); if (be->buffer == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_spd2str; } buffer = be->buffer; } else buffer = argp->buf.buffer; if (shadow_update_enabled) { (void) snprintf(buffer, len, "%s:%s:%s:%s:%s:%s:%s:%s:%s", uid[0], pw_passwd, last_str, min_str, max_str, warning_str, inactive_str, expire_str, flag_str); } else { (void) snprintf(buffer, len, "%s:%s:::::::%s", uid[0], pw_passwd, flag_str); } /* The front end marhsaller doesn't need the trailing null */ if (argp->buf.result != NULL) be->buflen = strlen(be->buffer); result_spd2str: (void) __ns_ldap_freeResult(&be->result); return ((int)nss_result); }
static int _nss_ldap_group2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) { int i; int nss_result; int buflen = 0, len; int firstime = 1; char *buffer = NULL; ns_ldap_result_t *result = be->result; char **gname, **passwd, **gid, *password, *end; char gid_nobody[NOBODY_STR_LEN]; char *gid_nobody_v[1]; char *member_str, *strtok_state; ns_ldap_attr_t *members; (void) snprintf(gid_nobody, sizeof (gid_nobody), "%u", GID_NOBODY); gid_nobody_v[0] = gid_nobody; if (result == NULL) return (NSS_STR_PARSE_PARSE); buflen = argp->buf.buflen; if (argp->buf.result != NULL) { if ((be->buffer = calloc(1, buflen)) == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_grp2str; } buffer = be->buffer; } else buffer = argp->buf.buffer; nss_result = NSS_STR_PARSE_SUCCESS; (void) memset(buffer, 0, buflen); gname = __ns_ldap_getAttr(result->entry, _G_NAME); if (gname == NULL || gname[0] == NULL || (strlen(gname[0]) < 1)) { nss_result = NSS_STR_PARSE_PARSE; goto result_grp2str; } passwd = __ns_ldap_getAttr(result->entry, _G_PASSWD); if (passwd == NULL || passwd[0] == NULL || (strlen(passwd[0]) == 0)) { /* group password could be NULL, replace it with "" */ password = _NO_PASSWD_VAL; } else { /* * Preen "{crypt}" if necessary. * If the password does not include the {crypt} prefix * then the password may be plain text. And thus * perhaps crypt(3c) should be used to encrypt it. * Currently the password is copied verbatim. */ if (strncasecmp(passwd[0], _CRYPT, strlen(_CRYPT)) == 0) password = passwd[0] + strlen(_CRYPT); else password = passwd[0]; } gid = __ns_ldap_getAttr(result->entry, _G_GID); if (gid == NULL || gid[0] == NULL || (strlen(gid[0]) < 1)) { nss_result = NSS_STR_PARSE_PARSE; goto result_grp2str; } /* Validate GID */ if (strtoul(gid[0], &end, 10) > MAXUID) gid = gid_nobody_v; len = snprintf(buffer, buflen, "%s:%s:%s:", gname[0], password, gid[0]); TEST_AND_ADJUST(len, buffer, buflen, result_grp2str); members = __ns_ldap_getAttrStruct(result->entry, _G_MEM); if (members == NULL || members->attrvalue == NULL) { /* no member is fine, skip processing the member list */ goto nomember; } for (i = 0; i < members->value_count; i++) { if (members->attrvalue[i] == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_grp2str; } /* * If we find an '=' in the member attribute value, treat it as * a DN, otherwise as a username. */ if (member_str = strchr(members->attrvalue[i], '=')) { member_str++; /* skip over the '=' */ /* Fail if we can't pull a username out of the RDN */ if (! (member_str = strtok_r(member_str, ",", &strtok_state))) { nss_result = NSS_STR_PARSE_PARSE; goto result_grp2str; } } else { member_str = members->attrvalue[i]; } if (*member_str != '\0') { if (firstime) { len = snprintf(buffer, buflen, "%s", member_str); TEST_AND_ADJUST(len, buffer, buflen, result_grp2str); firstime = 0; } else { len = snprintf(buffer, buflen, ",%s", member_str); TEST_AND_ADJUST(len, buffer, buflen, result_grp2str); } } } nomember: /* The front end marshaller doesn't need the trailing nulls */ if (argp->buf.result != NULL) be->buflen = strlen(be->buffer); result_grp2str: (void) __ns_ldap_freeResult(&be->result); return (nss_result); }
static nss_status_t getbymember(ldap_backend_ptr be, void *a) { int i, j, k; int gcnt = (int)0; char **groupvalue, **membervalue, *member_str; char *strtok_state; nss_status_t lstat; struct nss_groupsbymem *argp = (struct nss_groupsbymem *)a; char searchfilter[SEARCHFILTERLEN]; char userdata[SEARCHFILTERLEN]; char name[SEARCHFILTERLEN]; ns_ldap_result_t *result; ns_ldap_entry_t *curEntry; char *username, **dn_attr, *dn; gid_t gid; int ret; if (strcmp(argp->username, "") == 0 || strcmp(argp->username, "root") == 0) return ((nss_status_t)NSS_NOTFOUND); if (_ldap_filter_name(name, argp->username, sizeof (name)) != 0) return ((nss_status_t)NSS_NOTFOUND); ret = snprintf(searchfilter, sizeof (searchfilter), _F_GETPWNAM, name); if (ret >= sizeof (searchfilter) || ret < 0) return ((nss_status_t)NSS_NOTFOUND); ret = snprintf(userdata, sizeof (userdata), _F_GETPWNAM_SSD, name); if (ret >= sizeof (userdata) || ret < 0) return ((nss_status_t)NSS_NOTFOUND); /* * Look up the user DN in ldap. If it's not found, search solely by * username. */ lstat = (nss_status_t)_nss_ldap_nocb_lookup(be, NULL, _PASSWD, searchfilter, NULL, _merge_SSD_filter, userdata); if (lstat != (nss_status_t)NS_LDAP_SUCCESS) return ((nss_status_t)lstat); if (be->result == NULL || !(dn_attr = __ns_ldap_getAttr(be->result->entry, "dn"))) dn = name; else dn = dn_attr[0]; ret = snprintf(searchfilter, sizeof (searchfilter), _F_GETGRMEM, name, dn); if (ret >= sizeof (searchfilter) || ret < 0) return ((nss_status_t)NSS_NOTFOUND); ret = snprintf(userdata, sizeof (userdata), _F_GETGRMEM_SSD, name, dn); if (ret >= sizeof (userdata) || ret < 0) return ((nss_status_t)NSS_NOTFOUND); /* * Free up resources from user DN search before performing group * search. */ (void) __ns_ldap_freeResult((ns_ldap_result_t **)&be->result); gcnt = (int)argp->numgids; lstat = (nss_status_t)_nss_ldap_nocb_lookup(be, NULL, _GROUP, searchfilter, NULL, _merge_SSD_filter, userdata); if (lstat != (nss_status_t)NS_LDAP_SUCCESS) return ((nss_status_t)lstat); if (be->result == NULL) return (NSS_NOTFOUND); username = (char *)argp->username; result = (ns_ldap_result_t *)be->result; curEntry = (ns_ldap_entry_t *)result->entry; for (i = 0; i < result->entries_count && curEntry != NULL; i++) { membervalue = __ns_ldap_getAttr(curEntry, "memberUid"); if (membervalue == NULL) { curEntry = curEntry->next; continue; } for (j = 0; membervalue[j]; j++) { /* * If we find an '=' in the member attribute * value, treat it as a DN, otherwise as a * username. */ if (member_str = strchr(membervalue[j], '=')) { member_str++; /* skip over the '=' */ member_str = strtok_r(member_str, ",", &strtok_state); } else { member_str = membervalue[j]; } if (member_str != NULL && strcmp(member_str, username) == 0) { groupvalue = __ns_ldap_getAttr(curEntry, "gidnumber"); if (groupvalue == NULL || groupvalue[0] == NULL) { /* Drop this group from the list */ break; } errno = 0; gid = (gid_t)strtol(groupvalue[0], (char **)NULL, 10); if (errno == 0 && argp->numgids < argp->maxgids) { for (k = 0; k < argp->numgids; k++) { if (argp->gid_array[k] == gid) /* already exists */ break; } if (k == argp->numgids) argp->gid_array[argp->numgids++] = gid; } break; } } curEntry = curEntry->next; } (void) __ns_ldap_freeResult((ns_ldap_result_t **)&be->result); if (gcnt == argp->numgids) return ((nss_status_t)NSS_NOTFOUND); /* * Return NSS_SUCCESS only if array is full. * Explained in <nss_dbdefs.h>. */ return ((nss_status_t)((argp->numgids == argp->maxgids) ? NSS_SUCCESS : NSS_NOTFOUND)); }
/* * _nss_ldap_passwd2str is the data marshaling method for the passwd getXbyY * (e.g., getbyuid(), getbyname(), getpwent()) backend processes. This method is * called after a successful ldap search has been performed. This method will * parse the ldap search values into the file format. * e.g. * * nobody:x:60001:60001:Nobody:/: * */ static int _nss_ldap_passwd2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) { int nss_result; int buflen = 0; unsigned long str_len = 0L; char *buffer = NULL; ns_ldap_result_t *result = be->result; ns_ldap_entry_t *entry; char **uid_v, **uidn_v, **gidn_v; char **gecos_v, **homedir_v, **shell_v; char *NULL_STR = ""; char uid_nobody[NOBODY_STR_LEN]; char gid_nobody[NOBODY_STR_LEN], *end; char *uid_nobody_v[1], *gid_nobody_v[1]; (void) snprintf(uid_nobody, sizeof (uid_nobody), "%u", UID_NOBODY); uid_nobody_v[0] = uid_nobody; (void) snprintf(gid_nobody, sizeof (gid_nobody), "%u", GID_NOBODY); gid_nobody_v[0] = gid_nobody; if (result == NULL) return (NSS_STR_PARSE_PARSE); entry = result->entry; buflen = argp->buf.buflen; buffer = argp->buf.buffer; nss_result = NSS_STR_PARSE_SUCCESS; (void) memset(buffer, 0, buflen); /* 8 = 6 ':' + 1 '\0' + 1 'x' */ buflen -= 8; uid_v = __ns_ldap_getAttr(entry, _PWD_UID); uidn_v = __ns_ldap_getAttr(entry, _PWD_UIDNUMBER); gidn_v = __ns_ldap_getAttr(entry, _PWD_GIDNUMBER); if (uid_v == NULL || uidn_v == NULL || gidn_v == NULL || uid_v[0] == NULL || uidn_v[0] == NULL || gidn_v[0] == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_pwd2str; } /* Validate UID and GID */ if (strtoul(uidn_v[0], &end, 10) > MAXUID) uidn_v = uid_nobody_v; if (strtoul(gidn_v[0], &end, 10) > MAXUID) gidn_v = gid_nobody_v; str_len = strlen(uid_v[0]) + strlen(uidn_v[0]) + strlen(gidn_v[0]); if (str_len > buflen) { nss_result = NSS_STR_PARSE_ERANGE; goto result_pwd2str; } gecos_v = __ns_ldap_getAttr(entry, _PWD_GECOS); if (gecos_v == NULL || gecos_v[0] == NULL || *gecos_v[0] == '\0') gecos_v = &NULL_STR; else str_len += strlen(gecos_v[0]); homedir_v = __ns_ldap_getAttr(entry, _PWD_HOMEDIRECTORY); if (homedir_v == NULL || homedir_v[0] == NULL || *homedir_v[0] == '\0') homedir_v = &NULL_STR; else str_len += strlen(homedir_v[0]); shell_v = __ns_ldap_getAttr(entry, _PWD_LOGINSHELL); if (shell_v == NULL || shell_v[0] == NULL || *shell_v[0] == '\0') shell_v = &NULL_STR; else str_len += strlen(shell_v[0]); if (str_len > buflen) { nss_result = NSS_STR_PARSE_ERANGE; goto result_pwd2str; } if (argp->buf.result != NULL) { be->buflen = str_len + 8; be->buffer = malloc(be->buflen); if (be->buffer == NULL) { nss_result = (int)NSS_STR_PARSE_ERANGE; goto result_pwd2str; } (void) snprintf(be->buffer, be->buflen, "%s:%s:%s:%s:%s:%s:%s", uid_v[0], "x", uidn_v[0], gidn_v[0], gecos_v[0], homedir_v[0], shell_v[0]); } else { (void) snprintf(argp->buf.buffer, (str_len + 8), "%s:%s:%s:%s:%s:%s:%s", uid_v[0], "x", uidn_v[0], gidn_v[0], gecos_v[0], homedir_v[0], shell_v[0]); } result_pwd2str: (void) __ns_ldap_freeResult(&be->result); return ((int)nss_result); }
/* * _nss_ldap_rpc2str is the data marshaling method for the rpc getXbyY * (e.g., getbyname(), getbynumber(), getrpcent()) backend processes. * This method is called after a successful ldap search has been performed. * This method will parse the ldap search values into the file format. * e.g. * * nfs_acl 100227 * snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk */ static int _nss_ldap_rpc2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) { uint_t i; int nss_result; int buflen = 0, len; char *cname = NULL; char *buffer = NULL; ns_ldap_result_t *result = be->result; ns_ldap_attr_t *names; char **rpcnumber; if (result == NULL) return (NSS_STR_PARSE_PARSE); nss_result = NSS_STR_PARSE_SUCCESS; (void) memset(argp->buf.buffer, 0, buflen); buflen = argp->buf.buflen; if (argp->buf.result != NULL) { if ((be->buffer = calloc(1, buflen)) == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_rpc2str; } buffer = be->buffer; } else buffer = argp->buf.buffer; names = __ns_ldap_getAttrStruct(result->entry, _R_NAME); if (names == NULL || names->attrvalue == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_rpc2str; } /* Get the canonical rpc name */ cname = __s_api_get_canonical_name(result->entry, names, 1); if (cname == NULL || (len = strlen(cname)) < 1) { nss_result = NSS_STR_PARSE_PARSE; goto result_rpc2str; } rpcnumber = __ns_ldap_getAttr(result->entry, _R_NUMBER); if (rpcnumber == NULL || rpcnumber[0] == NULL || (len = strlen(rpcnumber[0])) < 1) { nss_result = NSS_STR_PARSE_PARSE; goto result_rpc2str; } len = snprintf(buffer, buflen, "%s %s", cname, rpcnumber[0]); TEST_AND_ADJUST(len, buffer, buflen, result_rpc2str); /* Append aliases */ for (i = 0; i < names->value_count; i++) { if (names->attrvalue[i] == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_rpc2str; } /* Skip the canonical name */ if (strcasecmp(names->attrvalue[i], cname) != 0) { len = snprintf(buffer, buflen, " %s", names->attrvalue[i]); TEST_AND_ADJUST(len, buffer, buflen, result_rpc2str); } } /* The front end marshaller doesn't need to copy trailing nulls */ if (argp->buf.result != NULL) be->buflen = strlen(be->buffer); result_rpc2str: (void) __ns_ldap_freeResult(&be->result); return (nss_result); }
static nss_status_t getnetgr_ldap_getent(ldap_backend_ptr be, void *a) { struct nss_getnetgrent_args *args; getnetgrent_cookie_t *p; char searchfilter[SEARCHFILTERLEN]; char userdata[SEARCHFILTERLEN]; char name[SEARCHFILTERLEN]; int rc; void *cookie = NULL; ns_ldap_result_t *result = NULL; ns_ldap_error_t *error = NULL; char **attrs; char *hostname, *username, *domain; char *buffer; nss_status_t status = NSS_SUCCESS; netgroup_name_t *ng; int ret; #ifdef DEBUG (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_getent]\n"); #endif /* DEBUG */ args = (struct nss_getnetgrent_args *)a; args->status = NSS_NETGR_NO; p = (getnetgrent_cookie_t *)be->netgroup_cookie; if (p == NULL) return ((nss_status_t)NSS_SUCCESS); for (;;) { while (p->cookie == NULL) { ng = get_next_netgroup(&p->tab); if (ng == NULL) /* no more */ break; if (_ldap_filter_name(name, ng->name, sizeof (name)) != 0) break; ret = snprintf(searchfilter, sizeof (searchfilter), _F_SETMEMBER, name); if (ret >= sizeof (searchfilter) || ret < 0) break; ret = snprintf(userdata, sizeof (userdata), _F_SETMEMBER_SSD, name); if (ret >= sizeof (userdata) || ret < 0) break; result = NULL; rc = __ns_ldap_firstEntry(_NETGROUP, searchfilter, _merge_SSD_filter, netgrent_attrs, NULL, 0, &cookie, &result, &error, userdata); (void) __ns_ldap_freeError(&error); if (rc == NS_LDAP_SUCCESS && result != NULL) { p->cookie = cookie; p->results = result; break; } (void) __ns_ldap_freeResult(&result); (void) __ns_ldap_endEntry(&cookie, &error); (void) __ns_ldap_freeError(&error); } if (p->cookie == NULL) break; if (p->results == NULL) { result = NULL; rc = __ns_ldap_nextEntry(p->cookie, &result, &error); (void) __ns_ldap_freeError(&error); if (rc == NS_LDAP_SUCCESS && result != NULL) p->results = result; else { (void) __ns_ldap_freeResult(&result); (void) __ns_ldap_endEntry(&p->cookie, &error); (void) __ns_ldap_freeError(&error); p->cookie = NULL; } } if (p->results == NULL) continue; if (p->entry == NULL) p->entry = p->results->entry; if (p->entry == NULL) continue; if (p->attrs == NULL) { attrs = __ns_ldap_getAttr(p->entry, _N_TRIPLE); if (attrs != NULL && *attrs != NULL) p->attrs = attrs; } if (p->attrs != NULL) { attrs = p->attrs; buffer = args->buffer; if (strlcpy(buffer, *attrs, args->buflen) >= args->buflen) { status = NSS_STR_PARSE_ERANGE; break; } rc = split_triple(buffer, &hostname, &username, &domain); attrs++; if (attrs != NULL && *attrs != NULL) p->attrs = attrs; else p->attrs = NULL; if (rc == 0) { args->retp[NSS_NETGR_MACHINE] = hostname; args->retp[NSS_NETGR_USER] = username; args->retp[NSS_NETGR_DOMAIN] = domain; args->status = NSS_NETGR_FOUND; if (p->attrs != NULL) break; } } if (p->attrs == NULL) { rc = add_netgroup_member_entry(p->entry, &p->tab); if (rc != 0) { args->status = NSS_NETGR_NO; break; } p->entry = p->entry->next; if (p->entry == NULL) (void) __ns_ldap_freeResult(&p->results); if (args->status == NSS_NETGR_FOUND) break; } } return (status); }
static int match_triple_entry(struct nss_innetgr_args *ia, const ns_ldap_entry_t *entry) { int ndomains; char **pdomains; int nhost; char **phost; int nusers; char **pusers; char **attr; char triple[MAX_TRIPLE_LEN]; char *tuser, *thost, *tdomain; int i; char *current, *limit; int pulen, phlen; char *pusers0, *phost0; nhost = ia->arg[NSS_NETGR_MACHINE].argc; phost = (char **)ia->arg[NSS_NETGR_MACHINE].argv; if (phost == NULL || *phost == NULL) { nhost = 0; } else { phost0 = phost[0]; phlen = strlen(phost0); } nusers = ia->arg[NSS_NETGR_USER].argc; pusers = (char **)ia->arg[NSS_NETGR_USER].argv; if (pusers == NULL || *pusers == NULL) { nusers = 0; } else { pusers0 = pusers[0]; pulen = strlen(pusers0); } ndomains = ia->arg[NSS_NETGR_DOMAIN].argc; pdomains = (char **)ia->arg[NSS_NETGR_DOMAIN].argv; if (pdomains == NULL || *pdomains == NULL) ndomains = 0; attr = __ns_ldap_getAttr(entry, _N_TRIPLE); if (attr == NULL || *attr == NULL) return (0); /* Special cases for speedup */ if (nusers == 1 && nhost == 0 && ndomains == 0) { /* Special case for finding a single user in a netgroup */ for (; *attr; attr++) { /* jump to first comma and check next character */ current = *attr; if ((current = strchr(current, COMMA)) == NULL) continue; current++; /* skip whitespaces */ while (isspace(*current)) current++; /* if user part is null, then treat as wildcard */ if (*current == COMMA) return (1); /* compare first character */ if (*pusers0 != *current) continue; /* limit username to COMMA */ if ((limit = strchr(current, COMMA)) == NULL) continue; *limit = '\0'; /* remove blanks before COMMA */ if ((limit = strpbrk(current, " \t")) != NULL) *limit = '\0'; /* compare size of username */ if (pulen != strlen(current)) { continue; } /* do actual compare */ if (strncmp(pusers0, current, pulen) == 0) { return (1); } else { continue; } } } else if (nusers == 0 && nhost == 1 && ndomains == 0) { /* Special case for finding a single host in a netgroup */ for (; *attr; attr++) { /* jump to first character and check */ current = *attr; current++; /* skip whitespaces */ while (isspace(*current)) current++; /* if host part is null, then treat as wildcard */ if (*current == COMMA) return (1); /* limit hostname to COMMA */ if ((limit = strchr(current, COMMA)) == NULL) continue; *limit = '\0'; /* remove blanks before COMMA */ if ((limit = strpbrk(current, " \t")) != NULL) *limit = '\0'; /* compare size of hostname */ if (phlen != strlen(current)) { continue; } /* do actual compare */ if (strncasecmp(phost0, current, phlen) == 0) { return (1); } else { continue; } } } else { for (; *attr; attr++) { if (strlcpy(triple, *attr, sizeof (triple)) >= sizeof (triple)) continue; if (split_triple(triple, &thost, &tuser, &tdomain) != 0) continue; if (thost != NULL && *thost != '\0' && nhost != 0) { for (i = 0; i < nhost; i++) if (strcasecmp(thost, phost[i]) == 0) break; if (i == nhost) continue; } if (tuser != NULL && *tuser != '\0' && nusers != 0) { for (i = 0; i < nusers; i++) if (strcmp(tuser, pusers[i]) == 0) break; if (i == nusers) continue; } if (tdomain != NULL && *tdomain != '\0' && ndomains != 0) { for (i = 0; i < ndomains; i++) if (domcmp(tdomain, pdomains[i]) == 0) break; if (i == ndomains) continue; } return (1); } } return (0); }
static idmap_stat unixname2dn(idmap_nm_handle_t *p, char *unixname, int is_user, char **dn, char **winname, char **windomain) { idmap_stat rc = IDMAP_SUCCESS; int rc_ns; char filter[255]; static const char *attribs[3]; ns_ldap_result_t *res; ns_ldap_error_t *errorp = NULL; char **attrs; attribs[0] = p->nldap_winname_attr; attribs[1] = "dn"; attribs[2] = NULL; (void) snprintf(filter, sizeof (filter), is_user ? "uid=%s" : "cn=%s", unixname); rc_ns = __ns_ldap_list(is_user ? "passwd" : "group", filter, NULL, attribs, NULL, 0, &res, &errorp, NULL, NULL); if (rc_ns == NS_LDAP_NOTFOUND) { namemap_log(is_user ? gettext("User %s not found.") : gettext("Group %s not found."), unixname); return (IDMAP_ERR_NOTFOUND); } else if (rc_ns != NS_LDAP_SUCCESS) { char *msg = "Cause unidentified"; if (errorp != NULL) { (void) __ns_ldap_err2str(errorp->status, &msg); } namemap_log(gettext("Ldap list failed (%s)."), msg); return (IDMAP_ERR_ARG); } if (res == NULL) { namemap_log(gettext("User %s not found"), unixname); return (IDMAP_ERR_ARG); } if (winname != NULL && windomain != NULL) { attrs = __ns_ldap_getAttr(&res->entry[0], p->nldap_winname_attr); if (attrs != NULL && attrs[0] != NULL) { rc = split_fqwn(attrs[0], winname, windomain); } else { *winname = *windomain = NULL; } } if (dn != NULL) { attrs = __ns_ldap_getAttr(&res->entry[0], "dn"); if (attrs == NULL || attrs[0] == NULL) { namemap_log(gettext("dn for %s not found"), unixname); return (IDMAP_ERR_ARG); } *dn = strdup(attrs[0]); } return (rc); }
/* * _nss_ldap_networks2str is the data marshaling method for the networks * getXbyY * (e.g., getbyname(), getbyaddr(), getnetent() backend processes. * This method is called after a successful ldap search has been performed. * This method will parse the ldap search values into the file format. * e.g. * * SunRay-ce2 10.34.96.0 SunRay * */ static int _nss_ldap_networks2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) { uint_t i; int nss_result; int buflen = 0, len; char **network, *cname = NULL; char *buffer = NULL; ns_ldap_result_t *result = be->result; ns_ldap_attr_t *names; if (result == NULL) return (NSS_STR_PARSE_PARSE); buflen = argp->buf.buflen; if (argp->buf.result != NULL) { if ((be->buffer = calloc(1, buflen)) == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_net2str; } buffer = be->buffer; } else buffer = argp->buf.buffer; nss_result = NSS_STR_PARSE_SUCCESS; (void) memset(argp->buf.buffer, 0, buflen); names = __ns_ldap_getAttrStruct(result->entry, _N_NAME); if (names == NULL || names->attrvalue == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_net2str; } /* Get the canonical name */ cname = __s_api_get_canonical_name(result->entry, names, 1); /* * The definition of the object class "ipNetwork" has a * discrepency between RFC 2307 and 2307bis. * In 2307, "cn" is a MUST attribute. In 2307bis, "cn" is a * MAY attribute. * If "cn" is a MAY attribute, it does not appear in RDN and can't * be derived from RDN as a canonical "cn" name. In that case, use 1st * "cn" value as the official name. */ if (cname == NULL) /* 2307bis case */ cname = names->attrvalue[0]; if (cname == NULL || (len = strlen(cname)) < 1) { nss_result = NSS_STR_PARSE_PARSE; goto result_net2str; } network = __ns_ldap_getAttr(result->entry, _N_NETWORK); if (network == NULL || network[0] == NULL || (len = strlen(network[0])) < 1) { nss_result = NSS_STR_PARSE_PARSE; goto result_net2str; } len = snprintf(buffer, buflen, "%s %s", cname, network[0]); TEST_AND_ADJUST(len, buffer, buflen, result_net2str); /* Append aliases */ for (i = 0; i < names->value_count; i++) { if (names->attrvalue[i] == NULL) { nss_result = NSS_STR_PARSE_PARSE; goto result_net2str; } /* Skip the canonical name */ if (strcasecmp(names->attrvalue[i], cname) != 0) { len = snprintf(buffer, buflen, " %s", names->attrvalue[i]); TEST_AND_ADJUST(len, buffer, buflen, result_net2str); } } /* The front end marshaller doesn't need to copy trailing nulls */ if (argp->buf.result != NULL) be->buflen = strlen(be->buffer); result_net2str: (void) __ns_ldap_freeResult(&be->result); return (nss_result); }