xref: /illumos-gate/usr/src/lib/nsswitch/ldap/common/getauuser.c (revision 35a5a3587fd94b666239c157d3722745250ccbd7)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <secdb.h>
29 #include "ldap_common.h"
30 #include <bsm/libbsm.h>
31 
32 
33 /* audit_user attributes */
34 #define	_AU_NAME		"uid"
35 #define	_AU_ALWAYS		"SolarisAuditAlways"
36 #define	_AU_NEVER		"SolarisAuditNever"
37 #define	_AU_GETAUUSERNAME	"(&(objectClass=SolarisAuditUser)(uid=%s))"
38 #define	_AU_GETAUUSERNAME_SSD	"(&(%%s)(uid=%s))"
39 
40 
41 static const char *auuser_attrs[] = {
42 	_AU_NAME,
43 	_AU_ALWAYS,
44 	_AU_NEVER,
45 	(char *)NULL
46 };
47 /*
48  * _nss_ldap_au2str is the data marshaling method for the audit_user
49  * system call getauusernam, getauusernam_r, getauuserent and getauuserent_r.
50  * This method is called after a successful search has been performed.
51  * This method will parse the search results into the file format.
52  * e.g.
53  *
54  * root:lo:no
55  *
56  */
57 static int
58 _nss_ldap_au2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
59 {
60 	int			nss_result;
61 	int			buflen = 0;
62 	unsigned long		len = 0L;
63 	char			*buffer = NULL;
64 	ns_ldap_result_t	*result = be->result;
65 	char			**name, **al, **ne, *al_str, *ne_str;
66 
67 	if (result == NULL)
68 		return (NSS_STR_PARSE_PARSE);
69 
70 	buflen = argp->buf.buflen;
71 	nss_result = NSS_STR_PARSE_SUCCESS;
72 	(void) memset(argp->buf.buffer, 0, buflen);
73 
74 	name = __ns_ldap_getAttr(result->entry, _AU_NAME);
75 	if (name == NULL || name[0] == NULL ||
76 			(strlen(name[0]) < 1)) {
77 		nss_result = NSS_STR_PARSE_PARSE;
78 		goto result_au2str;
79 	}
80 	al = __ns_ldap_getAttr(result->entry, _AU_ALWAYS);
81 	if (al == NULL || al[0] == NULL || (strlen(al[0]) < 1))
82 		al_str = _NO_VALUE;
83 	else
84 		al_str = al[0];
85 
86 	ne = __ns_ldap_getAttr(result->entry, _AU_NEVER);
87 	if (ne == NULL || ne[0] == NULL || (strlen(ne[0]) < 1))
88 		ne_str = _NO_VALUE;
89 	else
90 		ne_str = ne[0];
91 
92 	/* 3 = 2 ':' + 1 '\0' */
93 	len = strlen(name[0]) + strlen(al_str) + strlen(ne_str) + 3;
94 	if (len > buflen) {
95 		nss_result = NSS_STR_PARSE_ERANGE;
96 		goto result_au2str;
97 	}
98 
99 	if (argp->buf.result != NULL) {
100 		if ((be->buffer = calloc(1, len)) == NULL) {
101 			nss_result = NSS_STR_PARSE_PARSE;
102 			goto result_au2str;
103 		}
104 		buffer = be->buffer;
105 	} else
106 		buffer = argp->buf.buffer;
107 	(void) snprintf(buffer, len, "%s:%s:%s",
108 			name[0], al_str, ne_str);
109 	/* The front end marshaller doesn't need the trailing null */
110 	if (argp->buf.result != NULL)
111 		be->buflen = strlen(be->buffer);
112 
113 result_au2str:
114 	(void) __ns_ldap_freeResult(&be->result);
115 	return ((int)nss_result);
116 }
117 
118 
119 static nss_status_t
120 getbyname(ldap_backend_ptr be, void *a)
121 {
122 	char		searchfilter[SEARCHFILTERLEN];
123 	char		userdata[SEARCHFILTERLEN];
124 	char		name[SEARCHFILTERLEN];
125 	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
126 	int		ret;
127 
128 	if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
129 		return ((nss_status_t)NSS_NOTFOUND);
130 
131 	ret = snprintf(searchfilter, sizeof (searchfilter),
132 	    _AU_GETAUUSERNAME, name);
133 
134 	if (ret >= sizeof (searchfilter) || ret < 0)
135 		return ((nss_status_t)NSS_NOTFOUND);
136 
137 	ret = snprintf(userdata, sizeof (userdata),
138 	    _AU_GETAUUSERNAME_SSD, name);
139 
140 	if (ret >= sizeof (userdata) || ret < 0)
141 		return ((nss_status_t)NSS_NOTFOUND);
142 
143 	return (_nss_ldap_lookup(be, argp, _AUUSER, searchfilter, NULL,
144 	    _merge_SSD_filter, userdata));
145 }
146 
147 
148 static ldap_backend_op_t auuser_ops[] = {
149 	_nss_ldap_destr,
150 	_nss_ldap_endent,
151 	_nss_ldap_setent,
152 	_nss_ldap_getent,
153 	getbyname
154 };
155 
156 
157 /*ARGSUSED0*/
158 nss_backend_t *
159 _nss_ldap_audit_user_constr(const char *dummy1,
160     const char *dummy2,
161     const char *dummy3,
162     const char *dummy4,
163     const char *dummy5)
164 {
165 	return ((nss_backend_t *)_nss_ldap_constr(auuser_ops,
166 		sizeof (auuser_ops)/sizeof (auuser_ops[0]), _AUUSER,
167 		auuser_attrs, _nss_ldap_au2str));
168 }
169