1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <secdb.h> 29 #include "ldap_common.h" 30 #include <bsm/libbsm.h> 31 32 33 /* audit_user attributes */ 34 #define _AU_NAME "uid" 35 #define _AU_ALWAYS "SolarisAuditAlways" 36 #define _AU_NEVER "SolarisAuditNever" 37 #define _AU_GETAUUSERNAME "(&(objectClass=SolarisAuditUser)(uid=%s))" 38 #define _AU_GETAUUSERNAME_SSD "(&(%%s)(uid=%s))" 39 40 41 static const char *auuser_attrs[] = { 42 _AU_NAME, 43 _AU_ALWAYS, 44 _AU_NEVER, 45 (char *)NULL 46 }; 47 /* 48 * _nss_ldap_au2str is the data marshaling method for the audit_user 49 * system call getauusernam, getauusernam_r, getauuserent and getauuserent_r. 50 * This method is called after a successful search has been performed. 51 * This method will parse the search results into the file format. 52 * e.g. 53 * 54 * root:lo:no 55 * 56 */ 57 static int 58 _nss_ldap_au2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) 59 { 60 int nss_result; 61 int buflen = 0; 62 unsigned long len = 0L; 63 char *buffer = NULL; 64 ns_ldap_result_t *result = be->result; 65 char **name, **al, **ne, *al_str, *ne_str; 66 67 if (result == NULL) 68 return (NSS_STR_PARSE_PARSE); 69 70 buflen = argp->buf.buflen; 71 nss_result = NSS_STR_PARSE_SUCCESS; 72 (void) memset(argp->buf.buffer, 0, buflen); 73 74 name = __ns_ldap_getAttr(result->entry, _AU_NAME); 75 if (name == NULL || name[0] == NULL || 76 (strlen(name[0]) < 1)) { 77 nss_result = NSS_STR_PARSE_PARSE; 78 goto result_au2str; 79 } 80 al = __ns_ldap_getAttr(result->entry, _AU_ALWAYS); 81 if (al == NULL || al[0] == NULL || (strlen(al[0]) < 1)) 82 al_str = _NO_VALUE; 83 else 84 al_str = al[0]; 85 86 ne = __ns_ldap_getAttr(result->entry, _AU_NEVER); 87 if (ne == NULL || ne[0] == NULL || (strlen(ne[0]) < 1)) 88 ne_str = _NO_VALUE; 89 else 90 ne_str = ne[0]; 91 92 /* 3 = 2 ':' + 1 '\0' */ 93 len = strlen(name[0]) + strlen(al_str) + strlen(ne_str) + 3; 94 if (len > buflen) { 95 nss_result = NSS_STR_PARSE_ERANGE; 96 goto result_au2str; 97 } 98 99 if (argp->buf.result != NULL) { 100 if ((be->buffer = calloc(1, len)) == NULL) { 101 nss_result = NSS_STR_PARSE_PARSE; 102 goto result_au2str; 103 } 104 buffer = be->buffer; 105 } else 106 buffer = argp->buf.buffer; 107 (void) snprintf(buffer, len, "%s:%s:%s", 108 name[0], al_str, ne_str); 109 /* The front end marshaller doesn't need the trailing null */ 110 if (argp->buf.result != NULL) 111 be->buflen = strlen(be->buffer); 112 113 result_au2str: 114 (void) __ns_ldap_freeResult(&be->result); 115 return ((int)nss_result); 116 } 117 118 119 static nss_status_t 120 getbyname(ldap_backend_ptr be, void *a) 121 { 122 char searchfilter[SEARCHFILTERLEN]; 123 char userdata[SEARCHFILTERLEN]; 124 char name[SEARCHFILTERLEN]; 125 nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 126 int ret; 127 128 if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0) 129 return ((nss_status_t)NSS_NOTFOUND); 130 131 ret = snprintf(searchfilter, sizeof (searchfilter), 132 _AU_GETAUUSERNAME, name); 133 134 if (ret >= sizeof (searchfilter) || ret < 0) 135 return ((nss_status_t)NSS_NOTFOUND); 136 137 ret = snprintf(userdata, sizeof (userdata), 138 _AU_GETAUUSERNAME_SSD, name); 139 140 if (ret >= sizeof (userdata) || ret < 0) 141 return ((nss_status_t)NSS_NOTFOUND); 142 143 return (_nss_ldap_lookup(be, argp, _AUUSER, searchfilter, NULL, 144 _merge_SSD_filter, userdata)); 145 } 146 147 148 static ldap_backend_op_t auuser_ops[] = { 149 _nss_ldap_destr, 150 _nss_ldap_endent, 151 _nss_ldap_setent, 152 _nss_ldap_getent, 153 getbyname 154 }; 155 156 157 /*ARGSUSED0*/ 158 nss_backend_t * 159 _nss_ldap_audit_user_constr(const char *dummy1, 160 const char *dummy2, 161 const char *dummy3, 162 const char *dummy4, 163 const char *dummy5) 164 { 165 return ((nss_backend_t *)_nss_ldap_constr(auuser_ops, 166 sizeof (auuser_ops)/sizeof (auuser_ops[0]), _AUUSER, 167 auuser_attrs, _nss_ldap_au2str)); 168 } 169