static bool idmapname2id(char *name, size_t len, uint32_t *id, const uint32_t anon, bool group, gid_t *gid, bool *got_gid, char *at) { #ifdef USE_NFSIDMAP int rc; if (group) rc = nfs4_name_to_gid(name, id); else rc = nfs4_name_to_uid(name, id); if (rc == 0) { return true; } else { LogInfo(COMPONENT_IDMAPPER, "%s %s failed with %d, using anonymous.", (group ? "nfs4_name_to_gid" : "nfs4_name_to_uid"), name, -rc); return false; } #else /* USE_NFSIDMAP */ return false; #endif /* USE_NFSIDMAP */ }
/** * * name2uid: convert a name to a uid * * convert a name to a uid * * @param name [IN] the name of the user * @param puid [OUT] the resulting uid * * return 1 if successful, 0 otherwise * */ int name2uid(char *name, uid_t * puid) { struct passwd passwd; struct passwd *ppasswd; char buff[NFS4_MAX_DOMAIN_LEN]; uid_t uid; #ifdef _HAVE_GSSAPI gid_t gss_gid; uid_t gss_uid; #endif #ifdef _USE_NFSIDMAP char fqname[NFS4_MAX_DOMAIN_LEN]; int rc; #endif /* NFsv4 specific features: RPCSEC_GSS will provide user like nfs/<host> * choice is made to map them to root */ if(!strncmp(name, "nfs/", 4)) { /* This is a "root" request made from the hostbased nfs principal, use root */ LogFullDebug(COMPONENT_IDMAPPER, "name2uid: mapping %s to root (uid = 0)", name); *puid = 0; return 1; } if(uidmap_get(name, (unsigned long *)&uid) == ID_MAPPER_SUCCESS) { LogFullDebug(COMPONENT_IDMAPPER, "name2uid: uidmap_get mapped %s to uid= %d", name, uid); *puid = uid; return 1 ; } else { #ifdef _SOLARIS if(getpwnam_r(name, &passwd, buff, NFS4_MAX_DOMAIN_LEN) != 0) #else if(getpwnam_r(name, &passwd, buff, NFS4_MAX_DOMAIN_LEN, &ppasswd) != 0) #endif /* _SOLARIS */ { LogFullDebug(COMPONENT_IDMAPPER, "name2uid: getpwnam_r %s failed", name); *puid = -1; return 0; } else { *puid = passwd.pw_uid; #ifdef _HAVE_GSSAPI if(uidgidmap_add(passwd.pw_uid, passwd.pw_gid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2uid: uidgidmap_add gss_uid %d gss_gid %d failed", gss_uid, gss_gid); return 0; } #endif /* _HAVE_GSSAPI */ if(uidmap_add(name, passwd.pw_uid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2uid: uidmap_add %s %d failed", name, passwd.pw_uid); return 0; } return 1 ; /* Job is done */ } #ifdef _USE_NFSIDMAP if(!nfsidmap_set_conf()) { LogCrit(COMPONENT_IDMAPPER, "name2uid: nfsidmap_set_conf failed"); return 0; } /* obtain fully qualified name */ if(strchr(name, '@') == NULL) sprintf(fqname, "%s@%s", name, idmap_domain); else strncpy(fqname, name, NFS4_MAX_DOMAIN_LEN - 1); rc = nfs4_name_to_uid(fqname, puid); if(rc) { LogFullDebug(COMPONENT_IDMAPPER, "name2uid: nfs4_name_to_uid %s failed %d (%s)", fqname, -rc, strerror(-rc)); return 0; } LogFullDebug(COMPONENT_IDMAPPER, "name2uid: nfs4_name_to_uid %s returned %d", fqname, *puid); if(uidmap_add(fqname, *puid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2uid: uidmap_add %s %d failed", fqname, *puid); return 0; } #ifdef _HAVE_GSSAPI /* nfs4_gss_princ_to_ids required to extract uid/gid from gss creds * XXX: currently uses unqualified name as per libnfsidmap comments */ rc = nfs4_gss_princ_to_ids("krb5", name, &gss_uid, &gss_gid); if(rc) { LogFullDebug(COMPONENT_IDMAPPER, "name2uid: nfs4_gss_princ_to_ids %s failed %d (%s)", name, -rc, strerror(-rc)); return 0; } if(uidgidmap_add(gss_uid, gss_gid) != ID_MAPPER_SUCCESS) { LogCrit(COMPONENT_IDMAPPER, "name2uid: uidgidmap_add gss_uid %d gss_gid %d failed", gss_uid, gss_gid); return 0; } #endif /* _HAVE_GSSAPI */ #endif /* _USE_NFSIDMAP */ } return 1; } /* name2uid */