1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <secdb.h> 29 #include <auth_attr.h> 30 #include "ldap_common.h" 31 32 33 /* auth_attr attributes filters */ 34 #define _AUTH_NAME "cn" 35 #define _AUTH_RES1 "SolarisAttrReserved1" 36 #define _AUTH_RES2 "SolarisAttrReserved2" 37 #define _AUTH_SHORTDES "SolarisAttrShortDesc" 38 #define _AUTH_LONGDES "SolarisAttrLongDesc" 39 #define _AUTH_ATTRS "SolarisAttrKeyValue" 40 #define _AUTH_GETAUTHNAME "(&(objectClass=SolarisAuthAttr)(cn=%s))" 41 #define _AUTH_GETAUTHNAME_SSD "(&(%%s)(cn=%s))" 42 43 44 static const char *auth_attrs[] = { 45 _AUTH_NAME, 46 _AUTH_RES1, 47 _AUTH_RES2, 48 _AUTH_SHORTDES, 49 _AUTH_LONGDES, 50 _AUTH_ATTRS, 51 (char *)NULL 52 }; 53 /* 54 * _nss_ldap_auth2str is the data marshaling method for the auth_attr 55 * system call getauthattr and getauthnam. 56 * This method is called after a successful search has been performed. 57 * This method will parse the search results into the file format. 58 * e.g. 59 * 60 * solaris.:::All Solaris Authorizations::help=AllSolAuthsHeader.html 61 * 62 */ 63 static int 64 _nss_ldap_auth2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) 65 { 66 int nss_result; 67 int buflen = 0; 68 unsigned long len = 0L; 69 char *buffer = NULL; 70 ns_ldap_result_t *result = be->result; 71 char **name, **res1, **res2, **sdes, **ldes, **attr; 72 char *res1_str, *res2_str, *sdes_str, *ldes_str; 73 char *attr_str; 74 75 if (result == NULL) 76 return (NSS_STR_PARSE_PARSE); 77 78 buflen = argp->buf.buflen; 79 nss_result = NSS_STR_PARSE_SUCCESS; 80 (void) memset(argp->buf.buffer, 0, buflen); 81 82 name = __ns_ldap_getAttr(result->entry, _AUTH_NAME); 83 if (name == NULL || name[0] == NULL || 84 (strlen(name[0]) < 1)) { 85 nss_result = NSS_STR_PARSE_PARSE; 86 goto result_auth2str; 87 } 88 res1 = __ns_ldap_getAttr(result->entry, _AUTH_RES1); 89 if (res1 == NULL || res1[0] == NULL || (strlen(res1[0]) < 1)) 90 res1_str = _NO_VALUE; 91 else 92 res1_str = res1[0]; 93 94 res2 = __ns_ldap_getAttr(result->entry, _AUTH_RES2); 95 if (res2 == NULL || res2[0] == NULL || (strlen(res2[0]) < 1)) 96 res2_str = _NO_VALUE; 97 else 98 res2_str = res2[0]; 99 100 sdes = __ns_ldap_getAttr(result->entry, _AUTH_SHORTDES); 101 if (sdes == NULL || sdes[0] == NULL || (strlen(sdes[0]) < 1)) 102 sdes_str = _NO_VALUE; 103 else 104 sdes_str = sdes[0]; 105 106 ldes = __ns_ldap_getAttr(result->entry, _AUTH_LONGDES); 107 if (ldes == NULL || ldes[0] == NULL || (strlen(ldes[0]) < 1)) 108 ldes_str = _NO_VALUE; 109 else 110 ldes_str = ldes[0]; 111 112 attr = __ns_ldap_getAttr(result->entry, _AUTH_ATTRS); 113 if (attr == NULL || attr[0] == NULL || (strlen(attr[0]) < 1)) 114 attr_str = _NO_VALUE; 115 else 116 attr_str = attr[0]; 117 /* 6 = 5 ':' + 1 '\0' */ 118 len = strlen(name[0]) + strlen(res1_str) + strlen(res2_str) + 119 strlen(sdes_str) + strlen(ldes_str) + strlen(attr_str) + 6; 120 if (len > buflen) { 121 nss_result = NSS_STR_PARSE_ERANGE; 122 goto result_auth2str; 123 } 124 125 if (argp->buf.result != NULL) { 126 if ((be->buffer = calloc(1, len)) == NULL) { 127 nss_result = NSS_STR_PARSE_PARSE; 128 goto result_auth2str; 129 } 130 buffer = be->buffer; 131 } else 132 buffer = argp->buf.buffer; 133 (void) snprintf(buffer, len, "%s:%s:%s:%s:%s:%s", 134 name[0], res1_str, res2_str, sdes_str, 135 ldes_str, attr_str); 136 /* The front end marshaller doesn't need the trailing null */ 137 if (argp->buf.result != NULL) 138 be->buflen = strlen(be->buffer); 139 140 result_auth2str: 141 (void) __ns_ldap_freeResult(&be->result); 142 return ((int)nss_result); 143 } 144 145 146 static nss_status_t 147 getbyname(ldap_backend_ptr be, void *a) 148 { 149 nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 150 char searchfilter[SEARCHFILTERLEN]; 151 char userdata[SEARCHFILTERLEN]; 152 char name[SEARCHFILTERLEN]; 153 int ret; 154 155 if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0) 156 return ((nss_status_t)NSS_NOTFOUND); 157 158 ret = snprintf(searchfilter, SEARCHFILTERLEN, 159 _AUTH_GETAUTHNAME, name); 160 if (ret >= sizeof (searchfilter) || ret < 0) 161 return ((nss_status_t)NSS_NOTFOUND); 162 163 ret = snprintf(userdata, sizeof (userdata), 164 _AUTH_GETAUTHNAME_SSD, name); 165 if (ret >= sizeof (userdata) || ret < 0) 166 return ((nss_status_t)NSS_NOTFOUND); 167 168 return ((nss_status_t)_nss_ldap_lookup(be, argp, 169 _AUTHATTR, searchfilter, NULL, _merge_SSD_filter, userdata)); 170 } 171 172 173 static ldap_backend_op_t authattr_ops[] = { 174 _nss_ldap_destr, 175 _nss_ldap_endent, 176 _nss_ldap_setent, 177 _nss_ldap_getent, 178 getbyname 179 }; 180 181 182 /*ARGSUSED0*/ 183 nss_backend_t * 184 _nss_ldap_auth_attr_constr(const char *dummy1, 185 const char *dummy2, 186 const char *dummy3, 187 const char *dummy4, 188 const char *dummy5) 189 { 190 return ((nss_backend_t *)_nss_ldap_constr(authattr_ops, 191 sizeof (authattr_ops)/sizeof (authattr_ops[0]), _AUTHATTR, 192 auth_attrs, _nss_ldap_auth2str)); 193 } 194