예제 #1
0
void
nfsmapid_str_gid(struct mapid_arg *argp, size_t arg_size)
{
	struct mapid_res	result;
	struct group		grp;
	struct group		*grp_ptr;
	int			grp_rc;
	char			*grp_buf;
	char			*group;
	char			*domain;
	idmap_stat		rc;

	if (argp->u_arg.len <= 0 ||
	    arg_size < MAPID_ARG_LEN(argp->u_arg.len)) {
		result.status = NFSMAPID_INVALID;
		result.u_res.gid = GID_NOBODY;
		goto done;
	}

	if (!extract_domain(argp->str, &group, &domain)) {
		unsigned long id;

		/*
		 * Invalid "group@domain" string. Still, the
		 * group part might be an encoded gid, so do a
		 * final check. Remember, domain part of string
		 * was not set since not a valid string.
		 */
		if (!validate_id_str(group)) {
			result.status = NFSMAPID_UNMAPPABLE;
			result.u_res.gid = GID_NOBODY;
			goto done;
		}

		errno = 0;
		id = strtoul(group, (char **)NULL, 10);

		/*
		 * We don't accept ephemeral ids from the wire.
		 */
		if (errno || id > UID_MAX) {
			result.status = NFSMAPID_UNMAPPABLE;
			result.u_res.gid = GID_NOBODY;
			goto done;
		}

		result.u_res.gid = (gid_t)id;
		result.status = NFSMAPID_NUMSTR;
		goto done;
	}

	/*
	 * String properly constructed. Now we check for domain and
	 * group validity.
	 */
	if (!cur_domain_null() && !valid_domain(domain)) {
		/*
		 * If the domain part of the string does not
		 * match the NFS domain, try to map it using
		 * idmap service.
		 */
		rc = idmap_getgidbywinname(group, domain, &result.u_res.gid);
		if (rc != IDMAP_SUCCESS) {
			result.status = NFSMAPID_BADDOMAIN;
			result.u_res.gid = GID_NOBODY;
			goto done;
		}
		result.status = NFSMAPID_OK;
		goto done;
	}

	if ((grp_buf = malloc(grp_buflen)) == NULL ||
	    (grp_rc = getgrnam_r(group, &grp, grp_buf, grp_buflen, &grp_ptr))
	    != 0 || grp_ptr == NULL) {

		if (grp_buf == NULL || grp_rc != 0)
			result.status = NFSMAPID_INTERNAL;
		else {
			/*
			 * Not a valid group
			 */
			result.status = NFSMAPID_NOTFOUND;
			free(grp_buf);
		}
		result.u_res.gid = GID_NOBODY;
		goto done;
	}

	/*
	 * Valid group entry
	 */
	result.status = NFSMAPID_OK;
	result.u_res.gid = grp.gr_gid;
	free(grp_buf);
done:
	(void) door_return((char *)&result, sizeof (struct mapid_res), NULL, 0);
}
예제 #2
0
void
nfsmapid_str_uid(struct mapid_arg *argp, size_t arg_size)
{
	struct mapid_res result;
	struct passwd	 pwd;
	struct passwd	*pwd_ptr;
	int		 pwd_rc;
	char		*pwd_buf;
	char		*user;
	char		*domain;
	idmap_stat	 rc;

	if (argp->u_arg.len <= 0 || arg_size < MAPID_ARG_LEN(argp->u_arg.len)) {
		result.status = NFSMAPID_INVALID;
		result.u_res.uid = UID_NOBODY;
		goto done;
	}

	if (!extract_domain(argp->str, &user, &domain)) {
		unsigned long id;

		/*
		 * Invalid "user@domain" string. Still, the user
		 * part might be an encoded uid, so do a final check.
		 * Remember, domain part of string was not set since
		 * not a valid string.
		 */
		if (!validate_id_str(user)) {
			result.status = NFSMAPID_UNMAPPABLE;
			result.u_res.uid = UID_NOBODY;
			goto done;
		}

		errno = 0;
		id = strtoul(user, (char **)NULL, 10);

		/*
		 * We don't accept ephemeral ids from the wire.
		 */
		if (errno || id > UID_MAX) {
			result.status = NFSMAPID_UNMAPPABLE;
			result.u_res.uid = UID_NOBODY;
			goto done;
		}

		result.u_res.uid = (uid_t)id;
		result.status = NFSMAPID_NUMSTR;
		goto done;
	}

	/*
	 * String properly constructed. Now we check for domain and
	 * group validity.
	 */
	if (!cur_domain_null() && !valid_domain(domain)) {
		/*
		 * If the domain part of the string does not
		 * match the NFS domain, try to map it using
		 * idmap service.
		 */
		rc = idmap_getuidbywinname(user, domain, &result.u_res.uid);
		if (rc != IDMAP_SUCCESS) {
			result.status = NFSMAPID_BADDOMAIN;
			result.u_res.uid = UID_NOBODY;
			goto done;
		}
		result.status = NFSMAPID_OK;
		goto done;
	}

	if ((pwd_buf = malloc(pwd_buflen)) == NULL ||
	    (pwd_rc = getpwnam_r(user, &pwd, pwd_buf, pwd_buflen, &pwd_ptr))
	    != 0 || pwd_ptr == NULL) {

		if (pwd_buf == NULL || pwd_rc != 0)
			result.status = NFSMAPID_INTERNAL;
		else {
			/*
			 * Not a valid user
			 */
			result.status = NFSMAPID_NOTFOUND;
			free(pwd_buf);
		}
		result.u_res.uid = UID_NOBODY;
		goto done;
	}

	/*
	 * Valid user entry
	 */
	result.u_res.uid = pwd.pw_uid;
	result.status = NFSMAPID_OK;
	free(pwd_buf);
done:
	(void) door_return((char *)&result, sizeof (struct mapid_res), NULL, 0);
}
예제 #3
0
static int
check_valid_cookie_attribute(request_rec *r, const char *value)
{
  char *pstat;
  char *pair;
  char *first_pair;
  char *domain_pair;
  char *path_pair;
  char *expire_pair;
  char *secure_pair;
  char *p;

  DBG(r, "start check_valid_cookie_attribute() value:[%s]", value);

  domain_pair = path_pair = expire_pair = secure_pair = NULL;
  p = apr_pstrdup(r->pool, value);

  /* pass first pair */
  first_pair = apr_strtok(p, ";", &pstat);  

  for (;;) {
    pair = apr_strtok(NULL, ";", &pstat);
    if (! pair) break;
    pair = qs_trim_string(r->pool, pair);
    if (STRNCASEEQ('d','D',"domain", pair, sizeof("domain")-1)) {
      domain_pair = apr_pstrdup(r->pool, pair);
    }
    else if (STRNCASEEQ('p','P',"path", pair, sizeof("path")-1)) {
      path_pair = apr_pstrdup(r->pool, pair);
    }
    else if (STRNCASEEQ('e','E',"expires", pair, sizeof("expires")-1)) {
      expire_pair = apr_pstrdup(r->pool, pair);
    }
    else if (STRNCASEEQ('s','S',"secure", pair, sizeof("secure")-1)) {
      secure_pair = apr_pstrdup(r->pool, pair);
    }
  }

  if (domain_pair) {
    if (!valid_domain(r, domain_pair)) {
      DBG(r, "invalid domain. domain_pair:[%s]", domain_pair);
      return CHXJ_FALSE;
    }
  }
  if (path_pair) {
    if (!valid_path(r, path_pair)) {
      DBG(r, "invalid path. path_pair:[%s]", path_pair);
      return CHXJ_FALSE;
    }
  }
  if (expire_pair) {
    if (!valid_expires(r, expire_pair)) {
      DBG(r, "invalid expire. expire_pair:[%s]", expire_pair);
      return CHXJ_FALSE;
    }
  }
  if (secure_pair) {
    if (!valid_secure(r, secure_pair)) {
      DBG(r, "invalid secure. secure_pair:[%s]", secure_pair);
      return CHXJ_FALSE;
    }
  }
  DBG(r, "end check_valid_cookie_attribute() value:[%s]", value);
  return CHXJ_TRUE;
}