1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "%Z%%M% %I% %E% SMI"
27
28 #include <secdb.h>
29 #include <auth_attr.h>
30 #include "ldap_common.h"
31
32
33 /* auth_attr attributes filters */
34 #define _AUTH_NAME "cn"
35 #define _AUTH_RES1 "SolarisAttrReserved1"
36 #define _AUTH_RES2 "SolarisAttrReserved2"
37 #define _AUTH_SHORTDES "SolarisAttrShortDesc"
38 #define _AUTH_LONGDES "SolarisAttrLongDesc"
39 #define _AUTH_ATTRS "SolarisAttrKeyValue"
40 #define _AUTH_GETAUTHNAME "(&(objectClass=SolarisAuthAttr)(cn=%s))"
41 #define _AUTH_GETAUTHNAME_SSD "(&(%%s)(cn=%s))"
42
43
44 static const char *auth_attrs[] = {
45 _AUTH_NAME,
46 _AUTH_RES1,
47 _AUTH_RES2,
48 _AUTH_SHORTDES,
49 _AUTH_LONGDES,
50 _AUTH_ATTRS,
51 (char *)NULL
52 };
53 /*
54 * _nss_ldap_auth2str is the data marshaling method for the auth_attr
55 * system call getauthattr and getauthnam.
56 * This method is called after a successful search has been performed.
57 * This method will parse the search results into the file format.
58 * e.g.
59 *
60 * solaris.:::All Solaris Authorizations::help=AllSolAuthsHeader.html
61 *
62 */
63 static int
_nss_ldap_auth2str(ldap_backend_ptr be,nss_XbyY_args_t * argp)64 _nss_ldap_auth2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
65 {
66 int nss_result;
67 int buflen = 0;
68 unsigned long len = 0L;
69 char *buffer = NULL;
70 ns_ldap_result_t *result = be->result;
71 char **name, **res1, **res2, **sdes, **ldes, **attr;
72 char *res1_str, *res2_str, *sdes_str, *ldes_str;
73 char *attr_str;
74
75 if (result == NULL)
76 return (NSS_STR_PARSE_PARSE);
77
78 buflen = argp->buf.buflen;
79 nss_result = NSS_STR_PARSE_SUCCESS;
80 (void) memset(argp->buf.buffer, 0, buflen);
81
82 name = __ns_ldap_getAttr(result->entry, _AUTH_NAME);
83 if (name == NULL || name[0] == NULL ||
84 (strlen(name[0]) < 1)) {
85 nss_result = NSS_STR_PARSE_PARSE;
86 goto result_auth2str;
87 }
88 res1 = __ns_ldap_getAttr(result->entry, _AUTH_RES1);
89 if (res1 == NULL || res1[0] == NULL || (strlen(res1[0]) < 1))
90 res1_str = _NO_VALUE;
91 else
92 res1_str = res1[0];
93
94 res2 = __ns_ldap_getAttr(result->entry, _AUTH_RES2);
95 if (res2 == NULL || res2[0] == NULL || (strlen(res2[0]) < 1))
96 res2_str = _NO_VALUE;
97 else
98 res2_str = res2[0];
99
100 sdes = __ns_ldap_getAttr(result->entry, _AUTH_SHORTDES);
101 if (sdes == NULL || sdes[0] == NULL || (strlen(sdes[0]) < 1))
102 sdes_str = _NO_VALUE;
103 else
104 sdes_str = sdes[0];
105
106 ldes = __ns_ldap_getAttr(result->entry, _AUTH_LONGDES);
107 if (ldes == NULL || ldes[0] == NULL || (strlen(ldes[0]) < 1))
108 ldes_str = _NO_VALUE;
109 else
110 ldes_str = ldes[0];
111
112 attr = __ns_ldap_getAttr(result->entry, _AUTH_ATTRS);
113 if (attr == NULL || attr[0] == NULL || (strlen(attr[0]) < 1))
114 attr_str = _NO_VALUE;
115 else
116 attr_str = attr[0];
117 /* 6 = 5 ':' + 1 '\0' */
118 len = strlen(name[0]) + strlen(res1_str) + strlen(res2_str) +
119 strlen(sdes_str) + strlen(ldes_str) + strlen(attr_str) + 6;
120 if (len > buflen) {
121 nss_result = NSS_STR_PARSE_ERANGE;
122 goto result_auth2str;
123 }
124
125 if (argp->buf.result != NULL) {
126 if ((be->buffer = calloc(1, len)) == NULL) {
127 nss_result = NSS_STR_PARSE_PARSE;
128 goto result_auth2str;
129 }
130 buffer = be->buffer;
131 } else
132 buffer = argp->buf.buffer;
133 (void) snprintf(buffer, len, "%s:%s:%s:%s:%s:%s",
134 name[0], res1_str, res2_str, sdes_str,
135 ldes_str, attr_str);
136 /* The front end marshaller doesn't need the trailing null */
137 if (argp->buf.result != NULL)
138 be->buflen = strlen(be->buffer);
139
140 result_auth2str:
141 (void) __ns_ldap_freeResult(&be->result);
142 return ((int)nss_result);
143 }
144
145
146 static nss_status_t
getbyname(ldap_backend_ptr be,void * a)147 getbyname(ldap_backend_ptr be, void *a)
148 {
149 nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
150 char searchfilter[SEARCHFILTERLEN];
151 char userdata[SEARCHFILTERLEN];
152 char name[SEARCHFILTERLEN];
153 int ret;
154
155 if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
156 return ((nss_status_t)NSS_NOTFOUND);
157
158 ret = snprintf(searchfilter, SEARCHFILTERLEN,
159 _AUTH_GETAUTHNAME, name);
160 if (ret >= sizeof (searchfilter) || ret < 0)
161 return ((nss_status_t)NSS_NOTFOUND);
162
163 ret = snprintf(userdata, sizeof (userdata),
164 _AUTH_GETAUTHNAME_SSD, name);
165 if (ret >= sizeof (userdata) || ret < 0)
166 return ((nss_status_t)NSS_NOTFOUND);
167
168 return ((nss_status_t)_nss_ldap_lookup(be, argp,
169 _AUTHATTR, searchfilter, NULL, _merge_SSD_filter, userdata));
170 }
171
172
173 static ldap_backend_op_t authattr_ops[] = {
174 _nss_ldap_destr,
175 _nss_ldap_endent,
176 _nss_ldap_setent,
177 _nss_ldap_getent,
178 getbyname
179 };
180
181
182 /*ARGSUSED0*/
183 nss_backend_t *
_nss_ldap_auth_attr_constr(const char * dummy1,const char * dummy2,const char * dummy3,const char * dummy4,const char * dummy5)184 _nss_ldap_auth_attr_constr(const char *dummy1,
185 const char *dummy2,
186 const char *dummy3,
187 const char *dummy4,
188 const char *dummy5)
189 {
190 return ((nss_backend_t *)_nss_ldap_constr(authattr_ops,
191 sizeof (authattr_ops)/sizeof (authattr_ops[0]), _AUTHATTR,
192 auth_attrs, _nss_ldap_auth2str));
193 }
194