int principal2uid(char *principal, uid_t * puid)
{
#ifdef _USE_NFSIDMAP
gid_t gss_gid;
uid_t gss_uid;
int rc;
if(uidmap_get(principal, (unsigned long *)&gss_uid) != ID_MAPPER_SUCCESS)
{
if(!nfsidmap_set_conf())
{
LogCrit(COMPONENT_IDMAPPER,
"principal2uid: nfsidmap_set_conf failed");
return 0;
}
/* nfs4_gss_princ_to_ids required to extract uid/gid from gss creds */
LogFullDebug(COMPONENT_IDMAPPER,
"calling nfs4_gss_princ_to_ids() to map principal to uid/gid");
rc = nfs4_gss_princ_to_ids("krb5", principal, &gss_uid, &gss_gid);
if(rc)
{
LogFullDebug(COMPONENT_IDMAPPER,
"principal2uid: nfs4_gss_princ_to_ids %s failed %d (%s)",
principal, -rc, strerror(-rc));
return 0;
}
if(uidmap_add(principal, gss_uid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"principal2uid: uidmap_add %s %d failed",
principal, gss_uid);
return 0;
}
if(uidgidmap_add(gss_uid, gss_gid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"principal2uid: uidgidmap_add gss_uid %d gss_gid %d failed",
gss_uid, gss_gid);
return 0;
}
}
LogFullDebug(COMPONENT_IDMAPPER,
"principal2uid: uidmap_get mapped %s to uid= %d",
principal, gss_uid);
*puid = gss_uid;
return 1;
#else
return 0 ;
#endif /* _USE_NFSIDMAP */
} /* principal2uid */
/**
*
* name2uid: convert a name to a uid
*
* convert a name to a uid
*
* @param name [IN] the name of the user
* @param puid [OUT] the resulting uid
*
* return 1 if successful, 0 otherwise
*
*/
int name2uid(char *name, uid_t * puid)
{
struct passwd passwd;
struct passwd *ppasswd;
char buff[NFS4_MAX_DOMAIN_LEN];
uid_t uid;
#ifdef _HAVE_GSSAPI
gid_t gss_gid;
uid_t gss_uid;
#endif
#ifdef _USE_NFSIDMAP
char fqname[NFS4_MAX_DOMAIN_LEN];
int rc;
#endif
/* NFsv4 specific features: RPCSEC_GSS will provide user like nfs/<host>
* choice is made to map them to root */
if(!strncmp(name, "nfs/", 4))
{
/* This is a "root" request made from the hostbased nfs principal, use root */
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: mapping %s to root (uid = 0)",
name);
*puid = 0;
return 1;
}
if(uidmap_get(name, (unsigned long *)&uid) == ID_MAPPER_SUCCESS)
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: uidmap_get mapped %s to uid= %d",
name, uid);
*puid = uid;
return 1 ;
}
else
{
#ifdef _SOLARIS
if(getpwnam_r(name, &passwd, buff, NFS4_MAX_DOMAIN_LEN) != 0)
#else
if(getpwnam_r(name, &passwd, buff, NFS4_MAX_DOMAIN_LEN, &ppasswd) != 0)
#endif /* _SOLARIS */
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: getpwnam_r %s failed",
name);
*puid = -1;
return 0;
}
else
{
*puid = passwd.pw_uid;
#ifdef _HAVE_GSSAPI
if(uidgidmap_add(passwd.pw_uid, passwd.pw_gid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: uidgidmap_add gss_uid %d gss_gid %d failed",
gss_uid, gss_gid);
return 0;
}
#endif /* _HAVE_GSSAPI */
if(uidmap_add(name, passwd.pw_uid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: uidmap_add %s %d failed",
name, passwd.pw_uid);
return 0;
}
return 1 ; /* Job is done */
}
#ifdef _USE_NFSIDMAP
if(!nfsidmap_set_conf())
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: nfsidmap_set_conf failed");
return 0;
}
/* obtain fully qualified name */
if(strchr(name, '@') == NULL)
sprintf(fqname, "%s@%s", name, idmap_domain);
else
strncpy(fqname, name, NFS4_MAX_DOMAIN_LEN - 1);
rc = nfs4_name_to_uid(fqname, puid);
if(rc)
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: nfs4_name_to_uid %s failed %d (%s)",
fqname, -rc, strerror(-rc));
return 0;
}
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: nfs4_name_to_uid %s returned %d",
fqname, *puid);
if(uidmap_add(fqname, *puid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: uidmap_add %s %d failed",
fqname, *puid);
return 0;
}
#ifdef _HAVE_GSSAPI
/* nfs4_gss_princ_to_ids required to extract uid/gid from gss creds
* XXX: currently uses unqualified name as per libnfsidmap comments */
rc = nfs4_gss_princ_to_ids("krb5", name, &gss_uid, &gss_gid);
if(rc)
{
LogFullDebug(COMPONENT_IDMAPPER,
"name2uid: nfs4_gss_princ_to_ids %s failed %d (%s)",
name, -rc, strerror(-rc));
return 0;
}
if(uidgidmap_add(gss_uid, gss_gid) != ID_MAPPER_SUCCESS)
{
LogCrit(COMPONENT_IDMAPPER,
"name2uid: uidgidmap_add gss_uid %d gss_gid %d failed",
gss_uid, gss_gid);
return 0;
}
#endif /* _HAVE_GSSAPI */
#endif /* _USE_NFSIDMAP */
}
return 1;
} /* name2uid */
