xref: /illumos-gate/usr/src/lib/nsswitch/ldap/common/getauthattr.c (revision 4283d10e18fc3904736c7c067fb29de9bb67d25d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <secdb.h>
27 #include <auth_attr.h>
28 #include "ldap_common.h"
29 
30 
31 /* auth_attr attributes filters */
32 #define	_AUTH_NAME		"cn"
33 #define	_AUTH_RES1		"SolarisAttrReserved1"
34 #define	_AUTH_RES2		"SolarisAttrReserved2"
35 #define	_AUTH_SHORTDES		"SolarisAttrShortDesc"
36 #define	_AUTH_LONGDES		"SolarisAttrLongDesc"
37 #define	_AUTH_ATTRS		"SolarisAttrKeyValue"
38 #define	_AUTH_GETAUTHNAME 	"(&(objectClass=SolarisAuthAttr)(cn=%s))"
39 #define	_AUTH_GETAUTHNAME_SSD 	"(&(%%s)(cn=%s))"
40 
41 
42 static const char *auth_attrs[] = {
43 	_AUTH_NAME,
44 	_AUTH_RES1,
45 	_AUTH_RES2,
46 	_AUTH_SHORTDES,
47 	_AUTH_LONGDES,
48 	_AUTH_ATTRS,
49 	(char *)NULL
50 };
51 /*
52  * _nss_ldap_auth2str is the data marshaling method for the auth_attr
53  * system call getauthattr and getauthnam.
54  * This method is called after a successful search has been performed.
55  * This method will parse the search results into the file format.
56  * e.g.
57  *
58  * solaris.:::All Solaris Authorizations::help=AllSolAuthsHeader.html
59  *
60  */
61 static int
62 _nss_ldap_auth2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
63 {
64 	int			nss_result;
65 	int			buflen = 0;
66 	unsigned long		len = 0L;
67 	char			*buffer = NULL;
68 	ns_ldap_result_t	*result = be->result;
69 	char			**name, **res1, **res2, **sdes, **ldes, **attr;
70 	char			*res1_str, *res2_str, *sdes_str, *ldes_str;
71 	char			*attr_str;
72 
73 	if (result == NULL)
74 		return (NSS_STR_PARSE_PARSE);
75 
76 	buflen = argp->buf.buflen;
77 	nss_result = NSS_STR_PARSE_SUCCESS;
78 	(void) memset(argp->buf.buffer, 0, buflen);
79 
80 	name = __ns_ldap_getAttr(result->entry, _AUTH_NAME);
81 	if (name == NULL || name[0] == NULL ||
82 			(strlen(name[0]) < 1)) {
83 		nss_result = NSS_STR_PARSE_PARSE;
84 		goto result_auth2str;
85 	}
86 	res1 = __ns_ldap_getAttr(result->entry, _AUTH_RES1);
87 	if (res1 == NULL || res1[0] == NULL || (strlen(res1[0]) < 1))
88 		res1_str = _NO_VALUE;
89 	else
90 		res1_str = res1[0];
91 
92 	res2 = __ns_ldap_getAttr(result->entry, _AUTH_RES2);
93 	if (res2 == NULL || res2[0] == NULL || (strlen(res2[0]) < 1))
94 		res2_str = _NO_VALUE;
95 	else
96 		res2_str = res2[0];
97 
98 	sdes = __ns_ldap_getAttr(result->entry, _AUTH_SHORTDES);
99 	if (sdes == NULL || sdes[0] == NULL || (strlen(sdes[0]) < 1))
100 		sdes_str = _NO_VALUE;
101 	else
102 		sdes_str = sdes[0];
103 
104 	ldes = __ns_ldap_getAttr(result->entry, _AUTH_LONGDES);
105 	if (ldes == NULL || ldes[0] == NULL || (strlen(ldes[0]) < 1))
106 		ldes_str = _NO_VALUE;
107 	else
108 		ldes_str = ldes[0];
109 
110 	attr = __ns_ldap_getAttr(result->entry, _AUTH_ATTRS);
111 	if (attr == NULL || attr[0] == NULL || (strlen(attr[0]) < 1))
112 		attr_str = _NO_VALUE;
113 	else
114 		attr_str = attr[0];
115 	/* 6 = 5 ':' + 1 '\0' */
116 	len = strlen(name[0]) + strlen(res1_str) + strlen(res2_str) +
117 		strlen(sdes_str) + strlen(ldes_str) + strlen(attr_str) + 6;
118 	if (len > buflen) {
119 		nss_result = NSS_STR_PARSE_ERANGE;
120 		goto result_auth2str;
121 	}
122 
123 	if (argp->buf.result != NULL) {
124 		if ((be->buffer = calloc(1, len)) == NULL) {
125 			nss_result = NSS_STR_PARSE_PARSE;
126 			goto result_auth2str;
127 		}
128 		buffer = be->buffer;
129 	} else
130 		buffer = argp->buf.buffer;
131 	(void) snprintf(buffer, len, "%s:%s:%s:%s:%s:%s",
132 			name[0], res1_str, res2_str, sdes_str,
133 			ldes_str, attr_str);
134 	/* The front end marshaller doesn't need the trailing null */
135 	if (argp->buf.result != NULL)
136 		be->buflen = strlen(be->buffer);
137 
138 result_auth2str:
139 	(void) __ns_ldap_freeResult(&be->result);
140 	return ((int)nss_result);
141 }
142 
143 
144 static nss_status_t
145 getbyname(ldap_backend_ptr be, void *a)
146 {
147 	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
148 	char		searchfilter[SEARCHFILTERLEN];
149 	char		userdata[SEARCHFILTERLEN];
150 	char		name[SEARCHFILTERLEN];
151 	int		ret;
152 
153 	if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
154 		return ((nss_status_t)NSS_NOTFOUND);
155 
156 	ret = snprintf(searchfilter, SEARCHFILTERLEN,
157 	    _AUTH_GETAUTHNAME, name);
158 	if (ret >= sizeof (searchfilter) || ret < 0)
159 		return ((nss_status_t)NSS_NOTFOUND);
160 
161 	ret = snprintf(userdata, sizeof (userdata),
162 	    _AUTH_GETAUTHNAME_SSD, name);
163 	if (ret >= sizeof (userdata) || ret < 0)
164 		return ((nss_status_t)NSS_NOTFOUND);
165 
166 	return ((nss_status_t)_nss_ldap_lookup(be, argp,
167 	    _AUTHATTR, searchfilter, NULL, _merge_SSD_filter, userdata));
168 }
169 
170 
171 static ldap_backend_op_t authattr_ops[] = {
172 	_nss_ldap_destr,
173 	_nss_ldap_endent,
174 	_nss_ldap_setent,
175 	_nss_ldap_getent,
176 	getbyname
177 };
178 
179 
180 /*ARGSUSED0*/
181 nss_backend_t *
182 _nss_ldap_auth_attr_constr(const char *dummy1,
183     const char *dummy2,
184     const char *dummy3,
185     const char *dummy4,
186     const char *dummy5)
187 {
188 	return ((nss_backend_t *)_nss_ldap_constr(authattr_ops,
189 		sizeof (authattr_ops)/sizeof (authattr_ops[0]), _AUTHATTR,
190 		auth_attrs, _nss_ldap_auth2str));
191 }
192