xref: /illumos-gate/usr/src/lib/nsswitch/ldap/common/getauuser.c (revision 7a6d80f1660abd4755c68cbd094d4a914681d26e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <secdb.h>
27 #include "ldap_common.h"
28 #include <bsm/libbsm.h>
29 
30 
31 /* audit_user attributes */
32 #define	_AU_NAME		"uid"
33 #define	_AU_ALWAYS		"SolarisAuditAlways"
34 #define	_AU_NEVER		"SolarisAuditNever"
35 #define	_AU_GETAUUSERNAME	"(&(objectClass=SolarisAuditUser)(uid=%s))"
36 #define	_AU_GETAUUSERNAME_SSD	"(&(%%s)(uid=%s))"
37 
38 
39 static const char *auuser_attrs[] = {
40 	_AU_NAME,
41 	_AU_ALWAYS,
42 	_AU_NEVER,
43 	(char *)NULL
44 };
45 /*
46  * _nss_ldap_au2str is the data marshaling method for the audit_user
47  * system call getauusernam, getauusernam_r, getauuserent and getauuserent_r.
48  * This method is called after a successful search has been performed.
49  * This method will parse the search results into the file format.
50  * e.g.
51  *
52  * root:lo:no
53  *
54  */
55 static int
56 _nss_ldap_au2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
57 {
58 	int			nss_result;
59 	int			buflen = 0;
60 	unsigned long		len = 0L;
61 	char			*buffer = NULL;
62 	ns_ldap_result_t	*result = be->result;
63 	char			**name, **al, **ne, *al_str, *ne_str;
64 
65 	if (result == NULL)
66 		return (NSS_STR_PARSE_PARSE);
67 
68 	buflen = argp->buf.buflen;
69 	nss_result = NSS_STR_PARSE_SUCCESS;
70 	(void) memset(argp->buf.buffer, 0, buflen);
71 
72 	name = __ns_ldap_getAttr(result->entry, _AU_NAME);
73 	if (name == NULL || name[0] == NULL ||
74 			(strlen(name[0]) < 1)) {
75 		nss_result = NSS_STR_PARSE_PARSE;
76 		goto result_au2str;
77 	}
78 	al = __ns_ldap_getAttr(result->entry, _AU_ALWAYS);
79 	if (al == NULL || al[0] == NULL || (strlen(al[0]) < 1))
80 		al_str = _NO_VALUE;
81 	else
82 		al_str = al[0];
83 
84 	ne = __ns_ldap_getAttr(result->entry, _AU_NEVER);
85 	if (ne == NULL || ne[0] == NULL || (strlen(ne[0]) < 1))
86 		ne_str = _NO_VALUE;
87 	else
88 		ne_str = ne[0];
89 
90 	/* 3 = 2 ':' + 1 '\0' */
91 	len = strlen(name[0]) + strlen(al_str) + strlen(ne_str) + 3;
92 	if (len > buflen) {
93 		nss_result = NSS_STR_PARSE_ERANGE;
94 		goto result_au2str;
95 	}
96 
97 	if (argp->buf.result != NULL) {
98 		if ((be->buffer = calloc(1, len)) == NULL) {
99 			nss_result = NSS_STR_PARSE_PARSE;
100 			goto result_au2str;
101 		}
102 		buffer = be->buffer;
103 	} else
104 		buffer = argp->buf.buffer;
105 	(void) snprintf(buffer, len, "%s:%s:%s",
106 			name[0], al_str, ne_str);
107 	/* The front end marshaller doesn't need the trailing null */
108 	if (argp->buf.result != NULL)
109 		be->buflen = strlen(be->buffer);
110 
111 result_au2str:
112 	(void) __ns_ldap_freeResult(&be->result);
113 	return ((int)nss_result);
114 }
115 
116 
117 static nss_status_t
118 getbyname(ldap_backend_ptr be, void *a)
119 {
120 	char		searchfilter[SEARCHFILTERLEN];
121 	char		userdata[SEARCHFILTERLEN];
122 	char		name[SEARCHFILTERLEN];
123 	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
124 	int		ret;
125 
126 	if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
127 		return ((nss_status_t)NSS_NOTFOUND);
128 
129 	ret = snprintf(searchfilter, sizeof (searchfilter),
130 	    _AU_GETAUUSERNAME, name);
131 
132 	if (ret >= sizeof (searchfilter) || ret < 0)
133 		return ((nss_status_t)NSS_NOTFOUND);
134 
135 	ret = snprintf(userdata, sizeof (userdata),
136 	    _AU_GETAUUSERNAME_SSD, name);
137 
138 	if (ret >= sizeof (userdata) || ret < 0)
139 		return ((nss_status_t)NSS_NOTFOUND);
140 
141 	return (_nss_ldap_lookup(be, argp, _AUUSER, searchfilter, NULL,
142 	    _merge_SSD_filter, userdata));
143 }
144 
145 
146 static ldap_backend_op_t auuser_ops[] = {
147 	_nss_ldap_destr,
148 	_nss_ldap_endent,
149 	_nss_ldap_setent,
150 	_nss_ldap_getent,
151 	getbyname
152 };
153 
154 
155 /*ARGSUSED0*/
156 nss_backend_t *
157 _nss_ldap_audit_user_constr(const char *dummy1,
158     const char *dummy2,
159     const char *dummy3,
160     const char *dummy4,
161     const char *dummy5)
162 {
163 	return ((nss_backend_t *)_nss_ldap_constr(auuser_ops,
164 		sizeof (auuser_ops)/sizeof (auuser_ops[0]), _AUUSER,
165 		auuser_attrs, _nss_ldap_au2str));
166 }
167