1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "%Z%%M% %I% %E% SMI"
27
28 #include <secdb.h>
29 #include "ldap_common.h"
30 #include <bsm/libbsm.h>
31
32
33 /* audit_user attributes */
34 #define _AU_NAME "uid"
35 #define _AU_ALWAYS "SolarisAuditAlways"
36 #define _AU_NEVER "SolarisAuditNever"
37 #define _AU_GETAUUSERNAME "(&(objectClass=SolarisAuditUser)(uid=%s))"
38 #define _AU_GETAUUSERNAME_SSD "(&(%%s)(uid=%s))"
39
40
41 static const char *auuser_attrs[] = {
42 _AU_NAME,
43 _AU_ALWAYS,
44 _AU_NEVER,
45 (char *)NULL
46 };
47 /*
48 * _nss_ldap_au2str is the data marshaling method for the audit_user
49 * system call getauusernam, getauusernam_r, getauuserent and getauuserent_r.
50 * This method is called after a successful search has been performed.
51 * This method will parse the search results into the file format.
52 * e.g.
53 *
54 * root:lo:no
55 *
56 */
57 static int
_nss_ldap_au2str(ldap_backend_ptr be,nss_XbyY_args_t * argp)58 _nss_ldap_au2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
59 {
60 int nss_result;
61 int buflen = 0;
62 unsigned long len = 0L;
63 char *buffer = NULL;
64 ns_ldap_result_t *result = be->result;
65 char **name, **al, **ne, *al_str, *ne_str;
66
67 if (result == NULL)
68 return (NSS_STR_PARSE_PARSE);
69
70 buflen = argp->buf.buflen;
71 nss_result = NSS_STR_PARSE_SUCCESS;
72 (void) memset(argp->buf.buffer, 0, buflen);
73
74 name = __ns_ldap_getAttr(result->entry, _AU_NAME);
75 if (name == NULL || name[0] == NULL ||
76 (strlen(name[0]) < 1)) {
77 nss_result = NSS_STR_PARSE_PARSE;
78 goto result_au2str;
79 }
80 al = __ns_ldap_getAttr(result->entry, _AU_ALWAYS);
81 if (al == NULL || al[0] == NULL || (strlen(al[0]) < 1))
82 al_str = _NO_VALUE;
83 else
84 al_str = al[0];
85
86 ne = __ns_ldap_getAttr(result->entry, _AU_NEVER);
87 if (ne == NULL || ne[0] == NULL || (strlen(ne[0]) < 1))
88 ne_str = _NO_VALUE;
89 else
90 ne_str = ne[0];
91
92 /* 3 = 2 ':' + 1 '\0' */
93 len = strlen(name[0]) + strlen(al_str) + strlen(ne_str) + 3;
94 if (len > buflen) {
95 nss_result = NSS_STR_PARSE_ERANGE;
96 goto result_au2str;
97 }
98
99 if (argp->buf.result != NULL) {
100 if ((be->buffer = calloc(1, len)) == NULL) {
101 nss_result = NSS_STR_PARSE_PARSE;
102 goto result_au2str;
103 }
104 buffer = be->buffer;
105 } else
106 buffer = argp->buf.buffer;
107 (void) snprintf(buffer, len, "%s:%s:%s",
108 name[0], al_str, ne_str);
109 /* The front end marshaller doesn't need the trailing null */
110 if (argp->buf.result != NULL)
111 be->buflen = strlen(be->buffer);
112
113 result_au2str:
114 (void) __ns_ldap_freeResult(&be->result);
115 return ((int)nss_result);
116 }
117
118
119 static nss_status_t
getbyname(ldap_backend_ptr be,void * a)120 getbyname(ldap_backend_ptr be, void *a)
121 {
122 char searchfilter[SEARCHFILTERLEN];
123 char userdata[SEARCHFILTERLEN];
124 char name[SEARCHFILTERLEN];
125 nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
126 int ret;
127
128 if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
129 return ((nss_status_t)NSS_NOTFOUND);
130
131 ret = snprintf(searchfilter, sizeof (searchfilter),
132 _AU_GETAUUSERNAME, name);
133
134 if (ret >= sizeof (searchfilter) || ret < 0)
135 return ((nss_status_t)NSS_NOTFOUND);
136
137 ret = snprintf(userdata, sizeof (userdata),
138 _AU_GETAUUSERNAME_SSD, name);
139
140 if (ret >= sizeof (userdata) || ret < 0)
141 return ((nss_status_t)NSS_NOTFOUND);
142
143 return (_nss_ldap_lookup(be, argp, _AUUSER, searchfilter, NULL,
144 _merge_SSD_filter, userdata));
145 }
146
147
148 static ldap_backend_op_t auuser_ops[] = {
149 _nss_ldap_destr,
150 _nss_ldap_endent,
151 _nss_ldap_setent,
152 _nss_ldap_getent,
153 getbyname
154 };
155
156
157 /*ARGSUSED0*/
158 nss_backend_t *
_nss_ldap_audit_user_constr(const char * dummy1,const char * dummy2,const char * dummy3,const char * dummy4,const char * dummy5)159 _nss_ldap_audit_user_constr(const char *dummy1,
160 const char *dummy2,
161 const char *dummy3,
162 const char *dummy4,
163 const char *dummy5)
164 {
165 return ((nss_backend_t *)_nss_ldap_constr(auuser_ops,
166 sizeof (auuser_ops)/sizeof (auuser_ops[0]), _AUUSER,
167 auuser_attrs, _nss_ldap_au2str));
168 }
169