void nfsmapid_str_gid(struct mapid_arg *argp, size_t arg_size) { struct mapid_res result; struct group grp; struct group *grp_ptr; int grp_rc; char *grp_buf; char *group; char *domain; idmap_stat rc; if (argp->u_arg.len <= 0 || arg_size < MAPID_ARG_LEN(argp->u_arg.len)) { result.status = NFSMAPID_INVALID; result.u_res.gid = GID_NOBODY; goto done; } if (!extract_domain(argp->str, &group, &domain)) { unsigned long id; /* * Invalid "group@domain" string. Still, the * group part might be an encoded gid, so do a * final check. Remember, domain part of string * was not set since not a valid string. */ if (!validate_id_str(group)) { result.status = NFSMAPID_UNMAPPABLE; result.u_res.gid = GID_NOBODY; goto done; } errno = 0; id = strtoul(group, (char **)NULL, 10); /* * We don't accept ephemeral ids from the wire. */ if (errno || id > UID_MAX) { result.status = NFSMAPID_UNMAPPABLE; result.u_res.gid = GID_NOBODY; goto done; } result.u_res.gid = (gid_t)id; result.status = NFSMAPID_NUMSTR; goto done; } /* * String properly constructed. Now we check for domain and * group validity. */ if (!cur_domain_null() && !valid_domain(domain)) { /* * If the domain part of the string does not * match the NFS domain, try to map it using * idmap service. */ rc = idmap_getgidbywinname(group, domain, &result.u_res.gid); if (rc != IDMAP_SUCCESS) { result.status = NFSMAPID_BADDOMAIN; result.u_res.gid = GID_NOBODY; goto done; } result.status = NFSMAPID_OK; goto done; } if ((grp_buf = malloc(grp_buflen)) == NULL || (grp_rc = getgrnam_r(group, &grp, grp_buf, grp_buflen, &grp_ptr)) != 0 || grp_ptr == NULL) { if (grp_buf == NULL || grp_rc != 0) result.status = NFSMAPID_INTERNAL; else { /* * Not a valid group */ result.status = NFSMAPID_NOTFOUND; free(grp_buf); } result.u_res.gid = GID_NOBODY; goto done; } /* * Valid group entry */ result.status = NFSMAPID_OK; result.u_res.gid = grp.gr_gid; free(grp_buf); done: (void) door_return((char *)&result, sizeof (struct mapid_res), NULL, 0); }
void nfsmapid_str_uid(struct mapid_arg *argp, size_t arg_size) { struct mapid_res result; struct passwd pwd; struct passwd *pwd_ptr; int pwd_rc; char *pwd_buf; char *user; char *domain; idmap_stat rc; if (argp->u_arg.len <= 0 || arg_size < MAPID_ARG_LEN(argp->u_arg.len)) { result.status = NFSMAPID_INVALID; result.u_res.uid = UID_NOBODY; goto done; } if (!extract_domain(argp->str, &user, &domain)) { unsigned long id; /* * Invalid "user@domain" string. Still, the user * part might be an encoded uid, so do a final check. * Remember, domain part of string was not set since * not a valid string. */ if (!validate_id_str(user)) { result.status = NFSMAPID_UNMAPPABLE; result.u_res.uid = UID_NOBODY; goto done; } errno = 0; id = strtoul(user, (char **)NULL, 10); /* * We don't accept ephemeral ids from the wire. */ if (errno || id > UID_MAX) { result.status = NFSMAPID_UNMAPPABLE; result.u_res.uid = UID_NOBODY; goto done; } result.u_res.uid = (uid_t)id; result.status = NFSMAPID_NUMSTR; goto done; } /* * String properly constructed. Now we check for domain and * group validity. */ if (!cur_domain_null() && !valid_domain(domain)) { /* * If the domain part of the string does not * match the NFS domain, try to map it using * idmap service. */ rc = idmap_getuidbywinname(user, domain, &result.u_res.uid); if (rc != IDMAP_SUCCESS) { result.status = NFSMAPID_BADDOMAIN; result.u_res.uid = UID_NOBODY; goto done; } result.status = NFSMAPID_OK; goto done; } if ((pwd_buf = malloc(pwd_buflen)) == NULL || (pwd_rc = getpwnam_r(user, &pwd, pwd_buf, pwd_buflen, &pwd_ptr)) != 0 || pwd_ptr == NULL) { if (pwd_buf == NULL || pwd_rc != 0) result.status = NFSMAPID_INTERNAL; else { /* * Not a valid user */ result.status = NFSMAPID_NOTFOUND; free(pwd_buf); } result.u_res.uid = UID_NOBODY; goto done; } /* * Valid user entry */ result.u_res.uid = pwd.pw_uid; result.status = NFSMAPID_OK; free(pwd_buf); done: (void) door_return((char *)&result, sizeof (struct mapid_res), NULL, 0); }
static int check_valid_cookie_attribute(request_rec *r, const char *value) { char *pstat; char *pair; char *first_pair; char *domain_pair; char *path_pair; char *expire_pair; char *secure_pair; char *p; DBG(r, "start check_valid_cookie_attribute() value:[%s]", value); domain_pair = path_pair = expire_pair = secure_pair = NULL; p = apr_pstrdup(r->pool, value); /* pass first pair */ first_pair = apr_strtok(p, ";", &pstat); for (;;) { pair = apr_strtok(NULL, ";", &pstat); if (! pair) break; pair = qs_trim_string(r->pool, pair); if (STRNCASEEQ('d','D',"domain", pair, sizeof("domain")-1)) { domain_pair = apr_pstrdup(r->pool, pair); } else if (STRNCASEEQ('p','P',"path", pair, sizeof("path")-1)) { path_pair = apr_pstrdup(r->pool, pair); } else if (STRNCASEEQ('e','E',"expires", pair, sizeof("expires")-1)) { expire_pair = apr_pstrdup(r->pool, pair); } else if (STRNCASEEQ('s','S',"secure", pair, sizeof("secure")-1)) { secure_pair = apr_pstrdup(r->pool, pair); } } if (domain_pair) { if (!valid_domain(r, domain_pair)) { DBG(r, "invalid domain. domain_pair:[%s]", domain_pair); return CHXJ_FALSE; } } if (path_pair) { if (!valid_path(r, path_pair)) { DBG(r, "invalid path. path_pair:[%s]", path_pair); return CHXJ_FALSE; } } if (expire_pair) { if (!valid_expires(r, expire_pair)) { DBG(r, "invalid expire. expire_pair:[%s]", expire_pair); return CHXJ_FALSE; } } if (secure_pair) { if (!valid_secure(r, secure_pair)) { DBG(r, "invalid secure. secure_pair:[%s]", secure_pair); return CHXJ_FALSE; } } DBG(r, "end check_valid_cookie_attribute() value:[%s]", value); return CHXJ_TRUE; }