1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright (c) 1999-2001 by Sun Microsystems, Inc. 24*7c478bd9Sstevel@tonic-gate * All rights reserved. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 30*7c478bd9Sstevel@tonic-gate #include <user_attr.h> 31*7c478bd9Sstevel@tonic-gate #include <pwd.h> 32*7c478bd9Sstevel@tonic-gate #include <grp.h> 33*7c478bd9Sstevel@tonic-gate #include <userdefs.h> 34*7c478bd9Sstevel@tonic-gate #include <project.h> 35*7c478bd9Sstevel@tonic-gate #include <memory.h> 36*7c478bd9Sstevel@tonic-gate #include <nss_dbdefs.h> 37*7c478bd9Sstevel@tonic-gate #include <stdio.h> 38*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 39*7c478bd9Sstevel@tonic-gate #include <string.h> 40*7c478bd9Sstevel@tonic-gate #include <sys/param.h> 41*7c478bd9Sstevel@tonic-gate #include <sys/mman.h> 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate #pragma weak setprojent = _setprojent 44*7c478bd9Sstevel@tonic-gate #pragma weak endprojent = _endprojent 45*7c478bd9Sstevel@tonic-gate #pragma weak getprojent = _getprojent 46*7c478bd9Sstevel@tonic-gate #pragma weak fgetprojent = _fgetprojent 47*7c478bd9Sstevel@tonic-gate #pragma weak getprojbyid = _getprojbyid 48*7c478bd9Sstevel@tonic-gate #pragma weak getprojbyname = _getprojbyname 49*7c478bd9Sstevel@tonic-gate #pragma weak getdefaultproj = _getdefaultproj 50*7c478bd9Sstevel@tonic-gate #pragma weak inproj = _inproj 51*7c478bd9Sstevel@tonic-gate #pragma weak getprojidbyname = _getprojidbyname 52*7c478bd9Sstevel@tonic-gate 53*7c478bd9Sstevel@tonic-gate #define DEFAULT_PROJECT 1 54*7c478bd9Sstevel@tonic-gate #define NORMAL_PROJECT 0 55*7c478bd9Sstevel@tonic-gate 56*7c478bd9Sstevel@tonic-gate static int ismember(struct project *, const char *, gid_t, int); 57*7c478bd9Sstevel@tonic-gate static int str2project(const char *, int, void *, char *, int); 58*7c478bd9Sstevel@tonic-gate 59*7c478bd9Sstevel@tonic-gate static DEFINE_NSS_DB_ROOT(db_root); 60*7c478bd9Sstevel@tonic-gate static DEFINE_NSS_GETENT(context); 61*7c478bd9Sstevel@tonic-gate 62*7c478bd9Sstevel@tonic-gate void 63*7c478bd9Sstevel@tonic-gate _nss_initf_project(nss_db_params_t *p) 64*7c478bd9Sstevel@tonic-gate { 65*7c478bd9Sstevel@tonic-gate p->name = NSS_DBNAM_PROJECT; 66*7c478bd9Sstevel@tonic-gate p->default_config = NSS_DEFCONF_PROJECT; 67*7c478bd9Sstevel@tonic-gate } 68*7c478bd9Sstevel@tonic-gate 69*7c478bd9Sstevel@tonic-gate void 70*7c478bd9Sstevel@tonic-gate _setprojent(void) 71*7c478bd9Sstevel@tonic-gate { 72*7c478bd9Sstevel@tonic-gate nss_setent(&db_root, _nss_initf_project, &context); 73*7c478bd9Sstevel@tonic-gate } 74*7c478bd9Sstevel@tonic-gate 75*7c478bd9Sstevel@tonic-gate void 76*7c478bd9Sstevel@tonic-gate _endprojent(void) 77*7c478bd9Sstevel@tonic-gate { 78*7c478bd9Sstevel@tonic-gate nss_endent(&db_root, _nss_initf_project, &context); 79*7c478bd9Sstevel@tonic-gate nss_delete(&db_root); 80*7c478bd9Sstevel@tonic-gate } 81*7c478bd9Sstevel@tonic-gate 82*7c478bd9Sstevel@tonic-gate struct project * 83*7c478bd9Sstevel@tonic-gate _getprojent(struct project *result, void *buffer, size_t buflen) 84*7c478bd9Sstevel@tonic-gate { 85*7c478bd9Sstevel@tonic-gate nss_XbyY_args_t arg; 86*7c478bd9Sstevel@tonic-gate 87*7c478bd9Sstevel@tonic-gate NSS_XbyY_INIT(&arg, result, buffer, buflen, str2project); 88*7c478bd9Sstevel@tonic-gate (void) nss_getent(&db_root, _nss_initf_project, &context, &arg); 89*7c478bd9Sstevel@tonic-gate return ((struct project *)NSS_XbyY_FINI(&arg)); 90*7c478bd9Sstevel@tonic-gate } 91*7c478bd9Sstevel@tonic-gate 92*7c478bd9Sstevel@tonic-gate struct project * 93*7c478bd9Sstevel@tonic-gate _fgetprojent(FILE *f, struct project *result, void *buffer, size_t buflen) 94*7c478bd9Sstevel@tonic-gate { 95*7c478bd9Sstevel@tonic-gate extern void _nss_XbyY_fgets(FILE *, nss_XbyY_args_t *); 96*7c478bd9Sstevel@tonic-gate nss_XbyY_args_t arg; 97*7c478bd9Sstevel@tonic-gate 98*7c478bd9Sstevel@tonic-gate NSS_XbyY_INIT(&arg, result, buffer, buflen, str2project); 99*7c478bd9Sstevel@tonic-gate _nss_XbyY_fgets(f, &arg); 100*7c478bd9Sstevel@tonic-gate return ((struct project *)NSS_XbyY_FINI(&arg)); 101*7c478bd9Sstevel@tonic-gate } 102*7c478bd9Sstevel@tonic-gate 103*7c478bd9Sstevel@tonic-gate struct project * 104*7c478bd9Sstevel@tonic-gate _getprojbyid(projid_t projid, struct project *result, 105*7c478bd9Sstevel@tonic-gate void *buffer, size_t buflen) 106*7c478bd9Sstevel@tonic-gate { 107*7c478bd9Sstevel@tonic-gate nss_XbyY_args_t arg; 108*7c478bd9Sstevel@tonic-gate 109*7c478bd9Sstevel@tonic-gate NSS_XbyY_INIT(&arg, result, buffer, buflen, str2project); 110*7c478bd9Sstevel@tonic-gate arg.key.projid = projid; 111*7c478bd9Sstevel@tonic-gate (void) nss_search(&db_root, _nss_initf_project, 112*7c478bd9Sstevel@tonic-gate NSS_DBOP_PROJECT_BYID, &arg); 113*7c478bd9Sstevel@tonic-gate return ((struct project *)NSS_XbyY_FINI(&arg)); 114*7c478bd9Sstevel@tonic-gate } 115*7c478bd9Sstevel@tonic-gate 116*7c478bd9Sstevel@tonic-gate struct project * 117*7c478bd9Sstevel@tonic-gate _getprojbyname(const char *name, struct project *result, 118*7c478bd9Sstevel@tonic-gate void *buffer, size_t buflen) 119*7c478bd9Sstevel@tonic-gate { 120*7c478bd9Sstevel@tonic-gate nss_XbyY_args_t arg; 121*7c478bd9Sstevel@tonic-gate NSS_XbyY_INIT(&arg, result, buffer, buflen, str2project); 122*7c478bd9Sstevel@tonic-gate arg.key.name = name; 123*7c478bd9Sstevel@tonic-gate (void) nss_search(&db_root, _nss_initf_project, 124*7c478bd9Sstevel@tonic-gate NSS_DBOP_PROJECT_BYNAME, &arg); 125*7c478bd9Sstevel@tonic-gate return ((struct project *)NSS_XbyY_FINI(&arg)); 126*7c478bd9Sstevel@tonic-gate } 127*7c478bd9Sstevel@tonic-gate 128*7c478bd9Sstevel@tonic-gate /* 129*7c478bd9Sstevel@tonic-gate * The following routine checks if user specified by the second argument 130*7c478bd9Sstevel@tonic-gate * is allowed to join the project specified as project structure in first 131*7c478bd9Sstevel@tonic-gate * argument. Information about user's default group and whether or not 132*7c478bd9Sstevel@tonic-gate * the project specified in the first argument is user's default project 133*7c478bd9Sstevel@tonic-gate * (i.e., user_attr, "default", "user.username", or "group.groupname" 134*7c478bd9Sstevel@tonic-gate * should also be provided. If is_default is set to DEFAULT_PROJECT, 135*7c478bd9Sstevel@tonic-gate * then this function returns 1 (true), unless specified user explicitly 136*7c478bd9Sstevel@tonic-gate * excluded with "!user", or "!group" wildcards. 137*7c478bd9Sstevel@tonic-gate */ 138*7c478bd9Sstevel@tonic-gate static int 139*7c478bd9Sstevel@tonic-gate ismember(struct project *proj, const char *user, gid_t gid, int is_default) 140*7c478bd9Sstevel@tonic-gate { 141*7c478bd9Sstevel@tonic-gate char grbuf[NSS_BUFLEN_GROUP]; 142*7c478bd9Sstevel@tonic-gate char groupname[MAXGLEN + 1]; 143*7c478bd9Sstevel@tonic-gate int res = is_default; 144*7c478bd9Sstevel@tonic-gate struct group grp; 145*7c478bd9Sstevel@tonic-gate int group_ok = 0; 146*7c478bd9Sstevel@tonic-gate char **u, **g; 147*7c478bd9Sstevel@tonic-gate char *member; 148*7c478bd9Sstevel@tonic-gate 149*7c478bd9Sstevel@tonic-gate if (getgrgid_r(gid, &grp, grbuf, NSS_BUFLEN_GROUP) != NULL) { 150*7c478bd9Sstevel@tonic-gate group_ok = 1; 151*7c478bd9Sstevel@tonic-gate (void) snprintf(groupname, MAXGLEN, grp.gr_name); 152*7c478bd9Sstevel@tonic-gate } 153*7c478bd9Sstevel@tonic-gate 154*7c478bd9Sstevel@tonic-gate /* 155*7c478bd9Sstevel@tonic-gate * Scan project's user list. 156*7c478bd9Sstevel@tonic-gate */ 157*7c478bd9Sstevel@tonic-gate for (u = proj->pj_users; *u; u++) { 158*7c478bd9Sstevel@tonic-gate member = *u; 159*7c478bd9Sstevel@tonic-gate if (member[0] == '!' && 160*7c478bd9Sstevel@tonic-gate (strcmp(member + 1, user) == 0 || 161*7c478bd9Sstevel@tonic-gate strcmp(member + 1, "*") == 0)) 162*7c478bd9Sstevel@tonic-gate return (0); 163*7c478bd9Sstevel@tonic-gate if (strcmp(member, "*") == 0 || strcmp(member, user) == 0) 164*7c478bd9Sstevel@tonic-gate res = 1; 165*7c478bd9Sstevel@tonic-gate } 166*7c478bd9Sstevel@tonic-gate 167*7c478bd9Sstevel@tonic-gate /* 168*7c478bd9Sstevel@tonic-gate * Scan project's group list. 169*7c478bd9Sstevel@tonic-gate */ 170*7c478bd9Sstevel@tonic-gate for (g = proj->pj_groups; *g; g++) { 171*7c478bd9Sstevel@tonic-gate member = *g; 172*7c478bd9Sstevel@tonic-gate /* 173*7c478bd9Sstevel@tonic-gate * Check if user's default group is included here. 174*7c478bd9Sstevel@tonic-gate */ 175*7c478bd9Sstevel@tonic-gate if (group_ok) { 176*7c478bd9Sstevel@tonic-gate if (member[0] == '!' && 177*7c478bd9Sstevel@tonic-gate (strcmp(member + 1, groupname) == 0 || 178*7c478bd9Sstevel@tonic-gate strcmp(member + 1, "*") == 0)) 179*7c478bd9Sstevel@tonic-gate return (0); 180*7c478bd9Sstevel@tonic-gate if (strcmp(member, "*") == 0 || 181*7c478bd9Sstevel@tonic-gate strcmp(member, groupname) == 0) 182*7c478bd9Sstevel@tonic-gate res = 1; 183*7c478bd9Sstevel@tonic-gate } 184*7c478bd9Sstevel@tonic-gate /* 185*7c478bd9Sstevel@tonic-gate * Check if user is a member of one of project's groups. 186*7c478bd9Sstevel@tonic-gate */ 187*7c478bd9Sstevel@tonic-gate if (getgrnam_r(member, &grp, grbuf, NSS_BUFLEN_GROUP) != NULL) { 188*7c478bd9Sstevel@tonic-gate for (u = grp.gr_mem; *u; u++) 189*7c478bd9Sstevel@tonic-gate if (strcmp(*u, user) == 0) 190*7c478bd9Sstevel@tonic-gate res = 1; 191*7c478bd9Sstevel@tonic-gate } 192*7c478bd9Sstevel@tonic-gate } 193*7c478bd9Sstevel@tonic-gate return (res); 194*7c478bd9Sstevel@tonic-gate } 195*7c478bd9Sstevel@tonic-gate 196*7c478bd9Sstevel@tonic-gate struct project * 197*7c478bd9Sstevel@tonic-gate _getdefaultproj(const char *user, struct project *result, 198*7c478bd9Sstevel@tonic-gate void *buffer, size_t buflen) 199*7c478bd9Sstevel@tonic-gate { 200*7c478bd9Sstevel@tonic-gate char projname[PROJNAME_MAX + 1]; 201*7c478bd9Sstevel@tonic-gate nss_XbyY_args_t arg; 202*7c478bd9Sstevel@tonic-gate userattr_t *uattr; 203*7c478bd9Sstevel@tonic-gate struct passwd p; 204*7c478bd9Sstevel@tonic-gate struct group g; 205*7c478bd9Sstevel@tonic-gate char *attrproj; 206*7c478bd9Sstevel@tonic-gate 207*7c478bd9Sstevel@tonic-gate NSS_XbyY_INIT(&arg, result, buffer, buflen, str2project); 208*7c478bd9Sstevel@tonic-gate 209*7c478bd9Sstevel@tonic-gate /* 210*7c478bd9Sstevel@tonic-gate * Need user's default group ID for ismember() calls later 211*7c478bd9Sstevel@tonic-gate */ 212*7c478bd9Sstevel@tonic-gate if (getpwnam_r(user, &p, buffer, buflen) == NULL) 213*7c478bd9Sstevel@tonic-gate return (NULL); 214*7c478bd9Sstevel@tonic-gate 215*7c478bd9Sstevel@tonic-gate /* 216*7c478bd9Sstevel@tonic-gate * Check user_attr database first 217*7c478bd9Sstevel@tonic-gate */ 218*7c478bd9Sstevel@tonic-gate if ((uattr = getusernam(user)) != NULL) { 219*7c478bd9Sstevel@tonic-gate if ((attrproj = kva_match(uattr->attr, "project")) != NULL) { 220*7c478bd9Sstevel@tonic-gate arg.key.name = attrproj; 221*7c478bd9Sstevel@tonic-gate (void) nss_search(&db_root, _nss_initf_project, 222*7c478bd9Sstevel@tonic-gate NSS_DBOP_PROJECT_BYNAME, &arg); 223*7c478bd9Sstevel@tonic-gate if ((result = NSS_XbyY_FINI(&arg)) != NULL) { 224*7c478bd9Sstevel@tonic-gate free_userattr(uattr); 225*7c478bd9Sstevel@tonic-gate return (result); 226*7c478bd9Sstevel@tonic-gate } 227*7c478bd9Sstevel@tonic-gate } 228*7c478bd9Sstevel@tonic-gate free_userattr(uattr); 229*7c478bd9Sstevel@tonic-gate } 230*7c478bd9Sstevel@tonic-gate 231*7c478bd9Sstevel@tonic-gate /* 232*7c478bd9Sstevel@tonic-gate * Check user.{username} and group.{groupname} projects 233*7c478bd9Sstevel@tonic-gate */ 234*7c478bd9Sstevel@tonic-gate (void) snprintf(projname, PROJNAME_MAX, "user.%s", user); 235*7c478bd9Sstevel@tonic-gate arg.key.name = projname; 236*7c478bd9Sstevel@tonic-gate (void) nss_search(&db_root, _nss_initf_project, 237*7c478bd9Sstevel@tonic-gate NSS_DBOP_PROJECT_BYNAME, &arg); 238*7c478bd9Sstevel@tonic-gate if ((result = NSS_XbyY_FINI(&arg)) != NULL && 239*7c478bd9Sstevel@tonic-gate ismember(result, user, p.pw_gid, DEFAULT_PROJECT)) 240*7c478bd9Sstevel@tonic-gate return (result); 241*7c478bd9Sstevel@tonic-gate if (getgrgid_r(p.pw_gid, &g, buffer, buflen) != NULL) { 242*7c478bd9Sstevel@tonic-gate (void) snprintf(projname, PROJNAME_MAX, "group.%s", g.gr_name); 243*7c478bd9Sstevel@tonic-gate arg.key.name = projname; 244*7c478bd9Sstevel@tonic-gate (void) nss_search(&db_root, _nss_initf_project, 245*7c478bd9Sstevel@tonic-gate NSS_DBOP_PROJECT_BYNAME, &arg); 246*7c478bd9Sstevel@tonic-gate if ((result = NSS_XbyY_FINI(&arg)) != NULL && 247*7c478bd9Sstevel@tonic-gate ismember(result, user, p.pw_gid, DEFAULT_PROJECT)) 248*7c478bd9Sstevel@tonic-gate return (result); 249*7c478bd9Sstevel@tonic-gate } 250*7c478bd9Sstevel@tonic-gate arg.key.name = "default"; 251*7c478bd9Sstevel@tonic-gate (void) nss_search(&db_root, _nss_initf_project, 252*7c478bd9Sstevel@tonic-gate NSS_DBOP_PROJECT_BYNAME, &arg); 253*7c478bd9Sstevel@tonic-gate if ((result = NSS_XbyY_FINI(&arg)) != NULL && 254*7c478bd9Sstevel@tonic-gate ismember(result, user, p.pw_gid, DEFAULT_PROJECT)) 255*7c478bd9Sstevel@tonic-gate return (result); 256*7c478bd9Sstevel@tonic-gate return (NULL); 257*7c478bd9Sstevel@tonic-gate } 258*7c478bd9Sstevel@tonic-gate 259*7c478bd9Sstevel@tonic-gate int 260*7c478bd9Sstevel@tonic-gate _inproj(const char *user, const char *name, void *buffer, size_t buflen) 261*7c478bd9Sstevel@tonic-gate { 262*7c478bd9Sstevel@tonic-gate char projname[PROJNAME_MAX + 1]; 263*7c478bd9Sstevel@tonic-gate char grbuf[NSS_BUFLEN_GROUP]; 264*7c478bd9Sstevel@tonic-gate nss_XbyY_args_t arg; 265*7c478bd9Sstevel@tonic-gate struct project proj; 266*7c478bd9Sstevel@tonic-gate struct passwd pwd; 267*7c478bd9Sstevel@tonic-gate userattr_t *uattr; 268*7c478bd9Sstevel@tonic-gate struct group grp; 269*7c478bd9Sstevel@tonic-gate char *attrproj; 270*7c478bd9Sstevel@tonic-gate gid_t gid; 271*7c478bd9Sstevel@tonic-gate 272*7c478bd9Sstevel@tonic-gate NSS_XbyY_INIT(&arg, &proj, buffer, buflen, str2project); 273*7c478bd9Sstevel@tonic-gate 274*7c478bd9Sstevel@tonic-gate /* 275*7c478bd9Sstevel@tonic-gate * 0. Sanity checks. 276*7c478bd9Sstevel@tonic-gate */ 277*7c478bd9Sstevel@tonic-gate if (getpwnam_r(user, &pwd, buffer, buflen) == NULL) 278*7c478bd9Sstevel@tonic-gate return (0); /* user does not exist */ 279*7c478bd9Sstevel@tonic-gate gid = pwd.pw_gid; 280*7c478bd9Sstevel@tonic-gate if (getprojbyname(name, &proj, buffer, buflen) == NULL) 281*7c478bd9Sstevel@tonic-gate return (0); /* project does not exist */ 282*7c478bd9Sstevel@tonic-gate 283*7c478bd9Sstevel@tonic-gate /* 284*7c478bd9Sstevel@tonic-gate * 1. Check for special "default" project. 285*7c478bd9Sstevel@tonic-gate */ 286*7c478bd9Sstevel@tonic-gate if (strcmp("default", name) == 0) 287*7c478bd9Sstevel@tonic-gate return (ismember(&proj, user, gid, DEFAULT_PROJECT)); 288*7c478bd9Sstevel@tonic-gate 289*7c478bd9Sstevel@tonic-gate /* 290*7c478bd9Sstevel@tonic-gate * 2. Check user_attr database. 291*7c478bd9Sstevel@tonic-gate */ 292*7c478bd9Sstevel@tonic-gate if ((uattr = getusernam(user)) != NULL) { 293*7c478bd9Sstevel@tonic-gate if ((attrproj = kva_match(uattr->attr, "project")) != NULL) { 294*7c478bd9Sstevel@tonic-gate if (strcmp(attrproj, name) == 0) { 295*7c478bd9Sstevel@tonic-gate free_userattr(uattr); 296*7c478bd9Sstevel@tonic-gate return (ismember(&proj, user, gid, 297*7c478bd9Sstevel@tonic-gate DEFAULT_PROJECT)); 298*7c478bd9Sstevel@tonic-gate } 299*7c478bd9Sstevel@tonic-gate } 300*7c478bd9Sstevel@tonic-gate free_userattr(uattr); 301*7c478bd9Sstevel@tonic-gate } 302*7c478bd9Sstevel@tonic-gate 303*7c478bd9Sstevel@tonic-gate /* 304*7c478bd9Sstevel@tonic-gate * 3. Check if this is a special "user.username" project. 305*7c478bd9Sstevel@tonic-gate * 306*7c478bd9Sstevel@tonic-gate * User "username" is considered to be a member of project 307*7c478bd9Sstevel@tonic-gate * "user.username" even if project's user lists do not 308*7c478bd9Sstevel@tonic-gate * include "username". 309*7c478bd9Sstevel@tonic-gate */ 310*7c478bd9Sstevel@tonic-gate (void) snprintf(projname, PROJNAME_MAX, "user.%s", user); 311*7c478bd9Sstevel@tonic-gate if (strcmp(projname, name) == 0) 312*7c478bd9Sstevel@tonic-gate return (ismember(&proj, user, gid, DEFAULT_PROJECT)); 313*7c478bd9Sstevel@tonic-gate 314*7c478bd9Sstevel@tonic-gate /* 315*7c478bd9Sstevel@tonic-gate * 4. Check if this is a special "group.groupname" project. 316*7c478bd9Sstevel@tonic-gate * 317*7c478bd9Sstevel@tonic-gate * User "username" with default group "groupname" is considered 318*7c478bd9Sstevel@tonic-gate * to be a member of project "group.groupname" even if project's 319*7c478bd9Sstevel@tonic-gate * group list does not include "groupname". 320*7c478bd9Sstevel@tonic-gate */ 321*7c478bd9Sstevel@tonic-gate if (getgrgid_r(gid, &grp, grbuf, NSS_LINELEN_GROUP) != NULL) { 322*7c478bd9Sstevel@tonic-gate (void) snprintf(projname, PROJNAME_MAX, 323*7c478bd9Sstevel@tonic-gate "group.%s", grp.gr_name); 324*7c478bd9Sstevel@tonic-gate if (strcmp(projname, name) == 0) 325*7c478bd9Sstevel@tonic-gate return (ismember(&proj, user, gid, DEFAULT_PROJECT)); 326*7c478bd9Sstevel@tonic-gate } 327*7c478bd9Sstevel@tonic-gate 328*7c478bd9Sstevel@tonic-gate /* 329*7c478bd9Sstevel@tonic-gate * 5. Handle all other (non-default) projects. 330*7c478bd9Sstevel@tonic-gate */ 331*7c478bd9Sstevel@tonic-gate return (ismember(&proj, user, gid, NORMAL_PROJECT)); 332*7c478bd9Sstevel@tonic-gate } 333*7c478bd9Sstevel@tonic-gate 334*7c478bd9Sstevel@tonic-gate /* 335*7c478bd9Sstevel@tonic-gate * Just a quick wrapper around getprojbyname so that the caller does not 336*7c478bd9Sstevel@tonic-gate * need to allocate the buffer. 337*7c478bd9Sstevel@tonic-gate */ 338*7c478bd9Sstevel@tonic-gate projid_t 339*7c478bd9Sstevel@tonic-gate _getprojidbyname(const char *name) 340*7c478bd9Sstevel@tonic-gate { 341*7c478bd9Sstevel@tonic-gate struct project proj; 342*7c478bd9Sstevel@tonic-gate char buf[PROJECT_BUFSZ]; 343*7c478bd9Sstevel@tonic-gate 344*7c478bd9Sstevel@tonic-gate if (getprojbyname(name, &proj, &buf, PROJECT_BUFSZ) != NULL) 345*7c478bd9Sstevel@tonic-gate return (proj.pj_projid); 346*7c478bd9Sstevel@tonic-gate else 347*7c478bd9Sstevel@tonic-gate return ((projid_t)-1); 348*7c478bd9Sstevel@tonic-gate } 349*7c478bd9Sstevel@tonic-gate 350*7c478bd9Sstevel@tonic-gate static char * 351*7c478bd9Sstevel@tonic-gate gettok(char **nextpp, char sep) 352*7c478bd9Sstevel@tonic-gate { 353*7c478bd9Sstevel@tonic-gate char *p = *nextpp; 354*7c478bd9Sstevel@tonic-gate char *q = p; 355*7c478bd9Sstevel@tonic-gate char c; 356*7c478bd9Sstevel@tonic-gate 357*7c478bd9Sstevel@tonic-gate if (p == NULL) 358*7c478bd9Sstevel@tonic-gate return (NULL); 359*7c478bd9Sstevel@tonic-gate while ((c = *q) != '\0' && c != sep) 360*7c478bd9Sstevel@tonic-gate q++; 361*7c478bd9Sstevel@tonic-gate if (c == '\0') 362*7c478bd9Sstevel@tonic-gate *nextpp = 0; 363*7c478bd9Sstevel@tonic-gate else { 364*7c478bd9Sstevel@tonic-gate *q++ = '\0'; 365*7c478bd9Sstevel@tonic-gate *nextpp = q; 366*7c478bd9Sstevel@tonic-gate } 367*7c478bd9Sstevel@tonic-gate return (p); 368*7c478bd9Sstevel@tonic-gate } 369*7c478bd9Sstevel@tonic-gate 370*7c478bd9Sstevel@tonic-gate 371*7c478bd9Sstevel@tonic-gate /* 372*7c478bd9Sstevel@tonic-gate * Return values: 0 = success, 1 = parse error, 2 = erange ... 373*7c478bd9Sstevel@tonic-gate * The structure pointer passed in is a structure in the caller's space 374*7c478bd9Sstevel@tonic-gate * wherein the field pointers would be set to areas in the buffer if 375*7c478bd9Sstevel@tonic-gate * need be. instring and buffer should be separate areas. 376*7c478bd9Sstevel@tonic-gate */ 377*7c478bd9Sstevel@tonic-gate static int 378*7c478bd9Sstevel@tonic-gate str2project(const char *instr, int lenstr, void *ent, char *buffer, int buflen) 379*7c478bd9Sstevel@tonic-gate { 380*7c478bd9Sstevel@tonic-gate struct project *project = ent; 381*7c478bd9Sstevel@tonic-gate char *p, *next; 382*7c478bd9Sstevel@tonic-gate char *users, *groups; 383*7c478bd9Sstevel@tonic-gate char **uglist; 384*7c478bd9Sstevel@tonic-gate char **limit; 385*7c478bd9Sstevel@tonic-gate 386*7c478bd9Sstevel@tonic-gate if (lenstr + 1 > buflen) 387*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_ERANGE); 388*7c478bd9Sstevel@tonic-gate /* 389*7c478bd9Sstevel@tonic-gate * We copy the input string into the output buffer and 390*7c478bd9Sstevel@tonic-gate * operate on it in place. 391*7c478bd9Sstevel@tonic-gate */ 392*7c478bd9Sstevel@tonic-gate (void) memcpy(buffer, instr, lenstr); 393*7c478bd9Sstevel@tonic-gate buffer[lenstr] = '\0'; 394*7c478bd9Sstevel@tonic-gate next = buffer; 395*7c478bd9Sstevel@tonic-gate 396*7c478bd9Sstevel@tonic-gate limit = (char **)ROUND_DOWN(buffer + buflen, sizeof (char *)); 397*7c478bd9Sstevel@tonic-gate 398*7c478bd9Sstevel@tonic-gate /* 399*7c478bd9Sstevel@tonic-gate * Parsers for passwd and group have always been pretty rigid; 400*7c478bd9Sstevel@tonic-gate * we wouldn't want to buck a Unix tradition 401*7c478bd9Sstevel@tonic-gate */ 402*7c478bd9Sstevel@tonic-gate p = gettok(&next, ':'); 403*7c478bd9Sstevel@tonic-gate if (p == NULL || *p == '\0' || strlen(p) > PROJNAME_MAX) { 404*7c478bd9Sstevel@tonic-gate /* 405*7c478bd9Sstevel@tonic-gate * empty or very long project names are not allowed 406*7c478bd9Sstevel@tonic-gate */ 407*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_ERANGE); 408*7c478bd9Sstevel@tonic-gate } 409*7c478bd9Sstevel@tonic-gate project->pj_name = p; 410*7c478bd9Sstevel@tonic-gate 411*7c478bd9Sstevel@tonic-gate p = gettok(&next, ':'); 412*7c478bd9Sstevel@tonic-gate if (p == NULL || *p == '\0') { 413*7c478bd9Sstevel@tonic-gate /* 414*7c478bd9Sstevel@tonic-gate * projid field shouldn't be empty 415*7c478bd9Sstevel@tonic-gate */ 416*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 417*7c478bd9Sstevel@tonic-gate } 418*7c478bd9Sstevel@tonic-gate project->pj_projid = (projid_t)strtol(p, NULL, 10); 419*7c478bd9Sstevel@tonic-gate if (project->pj_projid < 0) { 420*7c478bd9Sstevel@tonic-gate /* 421*7c478bd9Sstevel@tonic-gate * projids should be positive number 422*7c478bd9Sstevel@tonic-gate */ 423*7c478bd9Sstevel@tonic-gate project->pj_projid = 0; 424*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 425*7c478bd9Sstevel@tonic-gate } 426*7c478bd9Sstevel@tonic-gate 427*7c478bd9Sstevel@tonic-gate p = gettok(&next, ':'); 428*7c478bd9Sstevel@tonic-gate if (p == NULL) { 429*7c478bd9Sstevel@tonic-gate /* 430*7c478bd9Sstevel@tonic-gate * comment field can be empty but should not be last field 431*7c478bd9Sstevel@tonic-gate */ 432*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 433*7c478bd9Sstevel@tonic-gate } 434*7c478bd9Sstevel@tonic-gate project->pj_comment = p; 435*7c478bd9Sstevel@tonic-gate 436*7c478bd9Sstevel@tonic-gate if ((users = gettok(&next, ':')) == NULL) { 437*7c478bd9Sstevel@tonic-gate /* 438*7c478bd9Sstevel@tonic-gate * users field should not be last field 439*7c478bd9Sstevel@tonic-gate */ 440*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 441*7c478bd9Sstevel@tonic-gate } 442*7c478bd9Sstevel@tonic-gate 443*7c478bd9Sstevel@tonic-gate if ((groups = gettok(&next, ':')) == NULL) { 444*7c478bd9Sstevel@tonic-gate /* 445*7c478bd9Sstevel@tonic-gate * groups field should not be last field 446*7c478bd9Sstevel@tonic-gate */ 447*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 448*7c478bd9Sstevel@tonic-gate } 449*7c478bd9Sstevel@tonic-gate 450*7c478bd9Sstevel@tonic-gate if (next == NULL) { 451*7c478bd9Sstevel@tonic-gate /* 452*7c478bd9Sstevel@tonic-gate * attributes field should be last 453*7c478bd9Sstevel@tonic-gate */ 454*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_PARSE); 455*7c478bd9Sstevel@tonic-gate } 456*7c478bd9Sstevel@tonic-gate 457*7c478bd9Sstevel@tonic-gate project->pj_attr = next; 458*7c478bd9Sstevel@tonic-gate 459*7c478bd9Sstevel@tonic-gate uglist = (char **)ROUND_UP(buffer + lenstr + 1, sizeof (char *)); 460*7c478bd9Sstevel@tonic-gate *uglist = NULL; 461*7c478bd9Sstevel@tonic-gate project->pj_users = uglist; 462*7c478bd9Sstevel@tonic-gate while (uglist < limit) { 463*7c478bd9Sstevel@tonic-gate p = gettok(&users, ','); 464*7c478bd9Sstevel@tonic-gate if (p == NULL || *p == '\0') { 465*7c478bd9Sstevel@tonic-gate *uglist = 0; 466*7c478bd9Sstevel@tonic-gate break; 467*7c478bd9Sstevel@tonic-gate } 468*7c478bd9Sstevel@tonic-gate *uglist++ = p; 469*7c478bd9Sstevel@tonic-gate } 470*7c478bd9Sstevel@tonic-gate if (uglist >= limit) 471*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_ERANGE); 472*7c478bd9Sstevel@tonic-gate 473*7c478bd9Sstevel@tonic-gate uglist++; 474*7c478bd9Sstevel@tonic-gate *uglist = NULL; 475*7c478bd9Sstevel@tonic-gate project->pj_groups = uglist; 476*7c478bd9Sstevel@tonic-gate while (uglist < limit) { 477*7c478bd9Sstevel@tonic-gate p = gettok(&groups, ','); 478*7c478bd9Sstevel@tonic-gate if (p == NULL || *p == '\0') { 479*7c478bd9Sstevel@tonic-gate *uglist = 0; 480*7c478bd9Sstevel@tonic-gate break; 481*7c478bd9Sstevel@tonic-gate } 482*7c478bd9Sstevel@tonic-gate *uglist++ = p; 483*7c478bd9Sstevel@tonic-gate } 484*7c478bd9Sstevel@tonic-gate if (uglist >= limit) 485*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_ERANGE); 486*7c478bd9Sstevel@tonic-gate 487*7c478bd9Sstevel@tonic-gate return (NSS_STR_PARSE_SUCCESS); 488*7c478bd9Sstevel@tonic-gate } 489