static nss_status_t
getbynam(ldap_backend_ptr be, void *a)
{
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
char searchfilter[SEARCHFILTERLEN];
char userdata[SEARCHFILTERLEN];
char groupname[SEARCHFILTERLEN];
int ret;
if (_ldap_filter_name(groupname, argp->key.name, sizeof (groupname)) !=
0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(searchfilter, sizeof (searchfilter),
_F_GETGRNAM, groupname);
if (ret >= sizeof (searchfilter) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(userdata, sizeof (userdata), _F_GETGRNAM_SSD, groupname);
if (ret >= sizeof (userdata) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
return ((nss_status_t)_nss_ldap_lookup(be, argp,
_GROUP, searchfilter, NULL, _merge_SSD_filter, userdata));
}
static nss_status_t
getbyname(ldap_backend_ptr be, void *a)
{
char hostname[3 * MAXHOSTNAMELEN];
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
char searchfilter[SEARCHFILTERLEN];
char userdata[SEARCHFILTERLEN];
int ret;
if (_ldap_filter_name(hostname, argp->key.name, sizeof (hostname)) != 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(searchfilter, sizeof (searchfilter),
_F_GETBOOTPARAMBYNAME, hostname);
if (ret >= sizeof (searchfilter) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(userdata, sizeof (userdata),
_F_GETBOOTPARAMBYNAME_SSD, hostname);
if (ret >= sizeof (userdata) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
return ((nss_status_t)_nss_ldap_lookup(be, argp,
_BOOTPARAMS, searchfilter, NULL,
_merge_SSD_filter, userdata));
}
static nss_status_t
getbyname(ldap_backend_ptr be, void *a)
{
char searchfilter[SEARCHFILTERLEN];
char userdata[SEARCHFILTERLEN];
char name[SEARCHFILTERLEN];
int ret;
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
#ifdef DEBUG
(void) fprintf(stdout, "\n[getprofattr.c: getbyname]\n");
#endif /* DEBUG */
if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(searchfilter, sizeof (searchfilter),
_PROF_GETPROFNAME, name);
if (ret < 0 || ret >= sizeof (searchfilter))
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(userdata, sizeof (userdata),
_PROF_GETPROFNAME_SSD, name);
if (ret < 0 || ret >= sizeof (userdata))
return ((nss_status_t)NSS_NOTFOUND);
return (_nss_ldap_lookup(be, argp,
_PROFATTR, searchfilter, NULL, _merge_SSD_filter, userdata));
}
static nss_status_t
getbymember(ldap_backend_ptr be, void *a)
{
int i, j, k;
int gcnt = (int)0;
char **groupvalue, **membervalue, *member_str;
char *strtok_state;
nss_status_t lstat;
struct nss_groupsbymem *argp = (struct nss_groupsbymem *)a;
char searchfilter[SEARCHFILTERLEN];
char userdata[SEARCHFILTERLEN];
char name[SEARCHFILTERLEN];
ns_ldap_result_t *result;
ns_ldap_entry_t *curEntry;
char *username, **dn_attr, *dn;
gid_t gid;
int ret;
if (strcmp(argp->username, "") == 0 ||
strcmp(argp->username, "root") == 0)
return ((nss_status_t)NSS_NOTFOUND);
if (_ldap_filter_name(name, argp->username, sizeof (name)) != 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(searchfilter, sizeof (searchfilter), _F_GETPWNAM, name);
if (ret >= sizeof (searchfilter) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(userdata, sizeof (userdata), _F_GETPWNAM_SSD, name);
if (ret >= sizeof (userdata) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
/*
* Look up the user DN in ldap. If it's not found, search solely by
* username.
*/
lstat = (nss_status_t)_nss_ldap_nocb_lookup(be, NULL,
_PASSWD, searchfilter, NULL, _merge_SSD_filter, userdata);
if (lstat != (nss_status_t)NS_LDAP_SUCCESS)
return ((nss_status_t)lstat);
if (be->result == NULL ||
!(dn_attr = __ns_ldap_getAttr(be->result->entry, "dn")))
dn = name;
else
dn = dn_attr[0];
ret = snprintf(searchfilter, sizeof (searchfilter), _F_GETGRMEM, name,
dn);
if (ret >= sizeof (searchfilter) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
ret = snprintf(userdata, sizeof (userdata), _F_GETGRMEM_SSD, name,
dn);
if (ret >= sizeof (userdata) || ret < 0)
return ((nss_status_t)NSS_NOTFOUND);
/*
* Free up resources from user DN search before performing group
* search.
*/
(void) __ns_ldap_freeResult((ns_ldap_result_t **)&be->result);
gcnt = (int)argp->numgids;
lstat = (nss_status_t)_nss_ldap_nocb_lookup(be, NULL,
_GROUP, searchfilter, NULL, _merge_SSD_filter, userdata);
if (lstat != (nss_status_t)NS_LDAP_SUCCESS)
return ((nss_status_t)lstat);
if (be->result == NULL)
return (NSS_NOTFOUND);
username = (char *)argp->username;
result = (ns_ldap_result_t *)be->result;
curEntry = (ns_ldap_entry_t *)result->entry;
for (i = 0; i < result->entries_count && curEntry != NULL; i++) {
membervalue = __ns_ldap_getAttr(curEntry, "memberUid");
if (membervalue == NULL) {
curEntry = curEntry->next;
continue;
}
for (j = 0; membervalue[j]; j++) {
/*
* If we find an '=' in the member attribute
* value, treat it as a DN, otherwise as a
* username.
*/
if (member_str = strchr(membervalue[j], '=')) {
member_str++; /* skip over the '=' */
member_str = strtok_r(member_str, ",",
&strtok_state);
} else {
member_str = membervalue[j];
}
if (member_str != NULL &&
strcmp(member_str, username) == 0) {
groupvalue = __ns_ldap_getAttr(curEntry,
"gidnumber");
if (groupvalue == NULL ||
groupvalue[0] == NULL) {
/* Drop this group from the list */
break;
}
errno = 0;
gid = (gid_t)strtol(groupvalue[0],
(char **)NULL, 10);
if (errno == 0 &&
argp->numgids < argp->maxgids) {
for (k = 0; k < argp->numgids; k++) {
if (argp->gid_array[k] == gid)
/* already exists */
break;
}
if (k == argp->numgids)
argp->gid_array[argp->numgids++]
= gid;
}
break;
}
}
curEntry = curEntry->next;
}
(void) __ns_ldap_freeResult((ns_ldap_result_t **)&be->result);
if (gcnt == argp->numgids)
return ((nss_status_t)NSS_NOTFOUND);
/*
* Return NSS_SUCCESS only if array is full.
* Explained in <nss_dbdefs.h>.
*/
return ((nss_status_t)((argp->numgids == argp->maxgids)
? NSS_SUCCESS
: NSS_NOTFOUND));
}
static nss_status_t
getbyname(ad_backend_ptr be, void *a)
{
nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
char *searchfilter;
char name[SEARCHFILTERLEN];
char *dname;
int filterlen, namelen;
int flag;
nss_status_t stat;
idmap_stat idmaprc;
uid_t uid;
gid_t gid;
int is_user, is_wuser, try_idmap;
be->db_type = NSS_AD_DB_PASSWD_BYNAME;
/* Sanitize name so that it can be used in our LDAP filter */
if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
return ((nss_status_t)NSS_NOTFOUND);
if ((dname = strchr(name, '@')) == NULL)
return ((nss_status_t)NSS_NOTFOUND);
*dname = '\0';
dname++;
/*
* Map the given name to UID using idmap service. If idmap
* call fails then this will save us doing AD discovery and
* AD lookup here.
*/
flag = (strcasecmp(dname, WK_DOMAIN) == 0) ?
IDMAP_REQ_FLG_WK_OR_LOCAL_SIDS_ONLY : 0;
is_wuser = -1;
is_user = 1;
if (idmap_get_w2u_mapping(NULL, NULL, name,
dname, flag, &is_user, &is_wuser, &be->uid, NULL,
NULL, NULL) != IDMAP_SUCCESS) {
RESET_ERRNO();
return ((nss_status_t)NSS_NOTFOUND);
}
/* If this is not a Well-Known SID then try AD lookup. */
if (strcasecmp(dname, WK_DOMAIN) != 0) {
/* Assemble filter using the given name */
namelen = strlen(name);
filterlen = snprintf(NULL, 0, _F_GETPWNAM, namelen, name) + 1;
if ((searchfilter = (char *)malloc(filterlen)) == NULL)
return ((nss_status_t)NSS_NOTFOUND);
(void) snprintf(searchfilter, filterlen, _F_GETPWNAM,
namelen, name);
stat = _nss_ad_lookup(be, argp, _PASSWD, searchfilter,
dname, &try_idmap);
free(searchfilter);
if (!try_idmap)
return (stat);
}
/*
* Either this is a Well-Known SID or AD lookup failed. Map
* the given name to GID using idmap service and construct
* the passwd entry.
*/
is_wuser = -1;
is_user = 0; /* Map name to primary gid */
idmaprc = idmap_get_w2u_mapping(NULL, NULL, name, dname,
flag, &is_user, &is_wuser, &gid, NULL, NULL, NULL);
if (idmaprc != IDMAP_SUCCESS) {
RESET_ERRNO();
return ((nss_status_t)NSS_NOTFOUND);
}
/* Create passwd(4) style string */
if (update_buffer(be, argp, name, dname,
be->uid, gid, "", "", "") < 0)
return ((nss_status_t)NSS_NOTFOUND);
/* Marshall the data, sanitize the return status and return */
stat = _nss_ad_marshall_data(be, argp);
return (_nss_ad_sanitize_status(be, argp, stat));
}
static nss_status_t
getnetgr_ldap_getent(ldap_backend_ptr be, void *a)
{
struct nss_getnetgrent_args *args;
getnetgrent_cookie_t *p;
char searchfilter[SEARCHFILTERLEN];
char userdata[SEARCHFILTERLEN];
char name[SEARCHFILTERLEN];
int rc;
void *cookie = NULL;
ns_ldap_result_t *result = NULL;
ns_ldap_error_t *error = NULL;
char **attrs;
char *hostname, *username, *domain;
char *buffer;
nss_status_t status = NSS_SUCCESS;
netgroup_name_t *ng;
int ret;
#ifdef DEBUG
(void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_getent]\n");
#endif /* DEBUG */
args = (struct nss_getnetgrent_args *)a;
args->status = NSS_NETGR_NO;
p = (getnetgrent_cookie_t *)be->netgroup_cookie;
if (p == NULL)
return ((nss_status_t)NSS_SUCCESS);
for (;;) {
while (p->cookie == NULL) {
ng = get_next_netgroup(&p->tab);
if (ng == NULL) /* no more */
break;
if (_ldap_filter_name(name, ng->name, sizeof (name)) != 0)
break;
ret = snprintf(searchfilter, sizeof (searchfilter),
_F_SETMEMBER, name);
if (ret >= sizeof (searchfilter) || ret < 0)
break;
ret = snprintf(userdata, sizeof (userdata), _F_SETMEMBER_SSD,
name);
if (ret >= sizeof (userdata) || ret < 0)
break;
result = NULL;
rc = __ns_ldap_firstEntry(_NETGROUP, searchfilter,
_merge_SSD_filter, netgrent_attrs, NULL, 0, &cookie,
&result, &error, userdata);
(void) __ns_ldap_freeError(&error);
if (rc == NS_LDAP_SUCCESS && result != NULL) {
p->cookie = cookie;
p->results = result;
break;
}
(void) __ns_ldap_freeResult(&result);
(void) __ns_ldap_endEntry(&cookie, &error);
(void) __ns_ldap_freeError(&error);
}
if (p->cookie == NULL)
break;
if (p->results == NULL) {
result = NULL;
rc = __ns_ldap_nextEntry(p->cookie, &result, &error);
(void) __ns_ldap_freeError(&error);
if (rc == NS_LDAP_SUCCESS && result != NULL)
p->results = result;
else {
(void) __ns_ldap_freeResult(&result);
(void) __ns_ldap_endEntry(&p->cookie, &error);
(void) __ns_ldap_freeError(&error);
p->cookie = NULL;
}
}
if (p->results == NULL)
continue;
if (p->entry == NULL)
p->entry = p->results->entry;
if (p->entry == NULL)
continue;
if (p->attrs == NULL) {
attrs = __ns_ldap_getAttr(p->entry, _N_TRIPLE);
if (attrs != NULL && *attrs != NULL)
p->attrs = attrs;
}
if (p->attrs != NULL) {
attrs = p->attrs;
buffer = args->buffer;
if (strlcpy(buffer, *attrs, args->buflen) >= args->buflen) {
status = NSS_STR_PARSE_ERANGE;
break;
}
rc = split_triple(buffer, &hostname, &username, &domain);
attrs++;
if (attrs != NULL && *attrs != NULL)
p->attrs = attrs;
else
p->attrs = NULL;
if (rc == 0) {
args->retp[NSS_NETGR_MACHINE] = hostname;
args->retp[NSS_NETGR_USER] = username;
args->retp[NSS_NETGR_DOMAIN] = domain;
args->status = NSS_NETGR_FOUND;
if (p->attrs != NULL)
break;
}
}
if (p->attrs == NULL) {
rc = add_netgroup_member_entry(p->entry, &p->tab);
if (rc != 0) {
args->status = NSS_NETGR_NO;
break;
}
p->entry = p->entry->next;
if (p->entry == NULL)
(void) __ns_ldap_freeResult(&p->results);
if (args->status == NSS_NETGR_FOUND)
break;
}
}
return (status);
}
/*
* top_down_search checks only checks the netgroup specified in netgrname
*/
static nss_status_t
top_down_search(struct nss_innetgr_args *ia, char *netgrname)
{
char searchfilter[SEARCHFILTERLEN];
char name[SEARCHFILTERLEN];
char userdata[SEARCHFILTERLEN];
ns_ldap_result_t *result = NULL;
ns_ldap_error_t *error = NULL;
int rc;
void *cookie = NULL;
nss_status_t status = NSS_NOTFOUND;
netgroup_table_t tab;
netgroup_name_t *ng;
int ret;
(void) memset(&tab, 0, sizeof (tab));
if (add_netgroup_name(netgrname, &tab) != 0)
return ((nss_status_t)NSS_NOTFOUND);
while ((ng = get_next_netgroup(&tab)) != NULL) {
if (_ldap_filter_name(name, ng->name, sizeof (name)) != 0)
break;
ret = snprintf(searchfilter, sizeof (searchfilter), _F_SETMEMBER,
name);
if (ret >= sizeof (searchfilter) || ret < 0)
break;
ret = snprintf(userdata, sizeof (userdata), _F_SETMEMBER_SSD, name);
if (ret >= sizeof (userdata) || ret < 0)
break;
rc = __ns_ldap_firstEntry(_NETGROUP, searchfilter,
_merge_SSD_filter, netgrent_attrs, NULL, 0, &cookie, &result,
&error, userdata);
(void) __ns_ldap_freeError(&error);
while (rc == NS_LDAP_SUCCESS && result != NULL) {
if (match_triple(ia, result) == 1) {
/* We found a match */
ia->status = NSS_NETGR_FOUND;
status = NSS_SUCCESS;
break;
}
rc = add_netgroup_member(result, &tab);
(void) __ns_ldap_freeResult(&result);
if (rc != NS_LDAP_SUCCESS)
break;
rc = __ns_ldap_nextEntry(cookie, &result, &error);
(void) __ns_ldap_freeError(&error);
}
(void) __ns_ldap_freeResult(&result);
(void) __ns_ldap_endEntry(&cookie, &error);
(void) __ns_ldap_freeError(&error);
if (status == NSS_SUCCESS ||
(rc != NS_LDAP_SUCCESS && rc != NS_LDAP_NOTFOUND))
break;
}
(void) __ns_ldap_freeResult(&result);
(void) __ns_ldap_endEntry(&cookie, &error);
(void) __ns_ldap_freeError(&error);
free_netgroup_table(&tab);
return (status);
}
