void
nfsmapid_str_gid(struct mapid_arg *argp, size_t arg_size)
{
struct mapid_res result;
struct group grp;
struct group *grp_ptr;
int grp_rc;
char *grp_buf;
char *group;
char *domain;
idmap_stat rc;
if (argp->u_arg.len <= 0 ||
arg_size < MAPID_ARG_LEN(argp->u_arg.len)) {
result.status = NFSMAPID_INVALID;
result.u_res.gid = GID_NOBODY;
goto done;
}
if (!extract_domain(argp->str, &group, &domain)) {
unsigned long id;
/*
* Invalid "group@domain" string. Still, the
* group part might be an encoded gid, so do a
* final check. Remember, domain part of string
* was not set since not a valid string.
*/
if (!validate_id_str(group)) {
result.status = NFSMAPID_UNMAPPABLE;
result.u_res.gid = GID_NOBODY;
goto done;
}
errno = 0;
id = strtoul(group, (char **)NULL, 10);
/*
* We don't accept ephemeral ids from the wire.
*/
if (errno || id > UID_MAX) {
result.status = NFSMAPID_UNMAPPABLE;
result.u_res.gid = GID_NOBODY;
goto done;
}
result.u_res.gid = (gid_t)id;
result.status = NFSMAPID_NUMSTR;
goto done;
}
/*
* String properly constructed. Now we check for domain and
* group validity.
*/
if (!cur_domain_null() && !valid_domain(domain)) {
/*
* If the domain part of the string does not
* match the NFS domain, try to map it using
* idmap service.
*/
rc = idmap_getgidbywinname(group, domain, &result.u_res.gid);
if (rc != IDMAP_SUCCESS) {
result.status = NFSMAPID_BADDOMAIN;
result.u_res.gid = GID_NOBODY;
goto done;
}
result.status = NFSMAPID_OK;
goto done;
}
if ((grp_buf = malloc(grp_buflen)) == NULL ||
(grp_rc = getgrnam_r(group, &grp, grp_buf, grp_buflen, &grp_ptr))
!= 0 || grp_ptr == NULL) {
if (grp_buf == NULL || grp_rc != 0)
result.status = NFSMAPID_INTERNAL;
else {
/*
* Not a valid group
*/
result.status = NFSMAPID_NOTFOUND;
free(grp_buf);
}
result.u_res.gid = GID_NOBODY;
goto done;
}
/*
* Valid group entry
*/
result.status = NFSMAPID_OK;
result.u_res.gid = grp.gr_gid;
free(grp_buf);
done:
(void) door_return((char *)&result, sizeof (struct mapid_res), NULL, 0);
}
void
nfsmapid_str_uid(struct mapid_arg *argp, size_t arg_size)
{
struct mapid_res result;
struct passwd pwd;
struct passwd *pwd_ptr;
int pwd_rc;
char *pwd_buf;
char *user;
char *domain;
idmap_stat rc;
if (argp->u_arg.len <= 0 || arg_size < MAPID_ARG_LEN(argp->u_arg.len)) {
result.status = NFSMAPID_INVALID;
result.u_res.uid = UID_NOBODY;
goto done;
}
if (!extract_domain(argp->str, &user, &domain)) {
unsigned long id;
/*
* Invalid "user@domain" string. Still, the user
* part might be an encoded uid, so do a final check.
* Remember, domain part of string was not set since
* not a valid string.
*/
if (!validate_id_str(user)) {
result.status = NFSMAPID_UNMAPPABLE;
result.u_res.uid = UID_NOBODY;
goto done;
}
errno = 0;
id = strtoul(user, (char **)NULL, 10);
/*
* We don't accept ephemeral ids from the wire.
*/
if (errno || id > UID_MAX) {
result.status = NFSMAPID_UNMAPPABLE;
result.u_res.uid = UID_NOBODY;
goto done;
}
result.u_res.uid = (uid_t)id;
result.status = NFSMAPID_NUMSTR;
goto done;
}
/*
* String properly constructed. Now we check for domain and
* group validity.
*/
if (!cur_domain_null() && !valid_domain(domain)) {
/*
* If the domain part of the string does not
* match the NFS domain, try to map it using
* idmap service.
*/
rc = idmap_getuidbywinname(user, domain, &result.u_res.uid);
if (rc != IDMAP_SUCCESS) {
result.status = NFSMAPID_BADDOMAIN;
result.u_res.uid = UID_NOBODY;
goto done;
}
result.status = NFSMAPID_OK;
goto done;
}
if ((pwd_buf = malloc(pwd_buflen)) == NULL ||
(pwd_rc = getpwnam_r(user, &pwd, pwd_buf, pwd_buflen, &pwd_ptr))
!= 0 || pwd_ptr == NULL) {
if (pwd_buf == NULL || pwd_rc != 0)
result.status = NFSMAPID_INTERNAL;
else {
/*
* Not a valid user
*/
result.status = NFSMAPID_NOTFOUND;
free(pwd_buf);
}
result.u_res.uid = UID_NOBODY;
goto done;
}
/*
* Valid user entry
*/
result.u_res.uid = pwd.pw_uid;
result.status = NFSMAPID_OK;
free(pwd_buf);
done:
(void) door_return((char *)&result, sizeof (struct mapid_res), NULL, 0);
}
static int
check_valid_cookie_attribute(request_rec *r, const char *value)
{
char *pstat;
char *pair;
char *first_pair;
char *domain_pair;
char *path_pair;
char *expire_pair;
char *secure_pair;
char *p;
DBG(r, "start check_valid_cookie_attribute() value:[%s]", value);
domain_pair = path_pair = expire_pair = secure_pair = NULL;
p = apr_pstrdup(r->pool, value);
/* pass first pair */
first_pair = apr_strtok(p, ";", &pstat);
for (;;) {
pair = apr_strtok(NULL, ";", &pstat);
if (! pair) break;
pair = qs_trim_string(r->pool, pair);
if (STRNCASEEQ('d','D',"domain", pair, sizeof("domain")-1)) {
domain_pair = apr_pstrdup(r->pool, pair);
}
else if (STRNCASEEQ('p','P',"path", pair, sizeof("path")-1)) {
path_pair = apr_pstrdup(r->pool, pair);
}
else if (STRNCASEEQ('e','E',"expires", pair, sizeof("expires")-1)) {
expire_pair = apr_pstrdup(r->pool, pair);
}
else if (STRNCASEEQ('s','S',"secure", pair, sizeof("secure")-1)) {
secure_pair = apr_pstrdup(r->pool, pair);
}
}
if (domain_pair) {
if (!valid_domain(r, domain_pair)) {
DBG(r, "invalid domain. domain_pair:[%s]", domain_pair);
return CHXJ_FALSE;
}
}
if (path_pair) {
if (!valid_path(r, path_pair)) {
DBG(r, "invalid path. path_pair:[%s]", path_pair);
return CHXJ_FALSE;
}
}
if (expire_pair) {
if (!valid_expires(r, expire_pair)) {
DBG(r, "invalid expire. expire_pair:[%s]", expire_pair);
return CHXJ_FALSE;
}
}
if (secure_pair) {
if (!valid_secure(r, secure_pair)) {
DBG(r, "invalid secure. secure_pair:[%s]", secure_pair);
return CHXJ_FALSE;
}
}
DBG(r, "end check_valid_cookie_attribute() value:[%s]", value);
return CHXJ_TRUE;
}
