1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <secdb.h> 27 #include "ldap_common.h" 28 #include <bsm/libbsm.h> 29 30 31 /* audit_user attributes */ 32 #define _AU_NAME "uid" 33 #define _AU_ALWAYS "SolarisAuditAlways" 34 #define _AU_NEVER "SolarisAuditNever" 35 #define _AU_GETAUUSERNAME "(&(objectClass=SolarisAuditUser)(uid=%s))" 36 #define _AU_GETAUUSERNAME_SSD "(&(%%s)(uid=%s))" 37 38 39 static const char *auuser_attrs[] = { 40 _AU_NAME, 41 _AU_ALWAYS, 42 _AU_NEVER, 43 (char *)NULL 44 }; 45 /* 46 * _nss_ldap_au2str is the data marshaling method for the audit_user 47 * system call getauusernam, getauusernam_r, getauuserent and getauuserent_r. 48 * This method is called after a successful search has been performed. 49 * This method will parse the search results into the file format. 50 * e.g. 51 * 52 * root:lo:no 53 * 54 */ 55 static int 56 _nss_ldap_au2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) 57 { 58 int nss_result; 59 int buflen = 0; 60 unsigned long len = 0L; 61 char *buffer = NULL; 62 ns_ldap_result_t *result = be->result; 63 char **name, **al, **ne, *al_str, *ne_str; 64 65 if (result == NULL) 66 return (NSS_STR_PARSE_PARSE); 67 68 buflen = argp->buf.buflen; 69 nss_result = NSS_STR_PARSE_SUCCESS; 70 (void) memset(argp->buf.buffer, 0, buflen); 71 72 name = __ns_ldap_getAttr(result->entry, _AU_NAME); 73 if (name == NULL || name[0] == NULL || 74 (strlen(name[0]) < 1)) { 75 nss_result = NSS_STR_PARSE_PARSE; 76 goto result_au2str; 77 } 78 al = __ns_ldap_getAttr(result->entry, _AU_ALWAYS); 79 if (al == NULL || al[0] == NULL || (strlen(al[0]) < 1)) 80 al_str = _NO_VALUE; 81 else 82 al_str = al[0]; 83 84 ne = __ns_ldap_getAttr(result->entry, _AU_NEVER); 85 if (ne == NULL || ne[0] == NULL || (strlen(ne[0]) < 1)) 86 ne_str = _NO_VALUE; 87 else 88 ne_str = ne[0]; 89 90 /* 3 = 2 ':' + 1 '\0' */ 91 len = strlen(name[0]) + strlen(al_str) + strlen(ne_str) + 3; 92 if (len > buflen) { 93 nss_result = NSS_STR_PARSE_ERANGE; 94 goto result_au2str; 95 } 96 97 if (argp->buf.result != NULL) { 98 if ((be->buffer = calloc(1, len)) == NULL) { 99 nss_result = NSS_STR_PARSE_PARSE; 100 goto result_au2str; 101 } 102 buffer = be->buffer; 103 } else 104 buffer = argp->buf.buffer; 105 (void) snprintf(buffer, len, "%s:%s:%s", 106 name[0], al_str, ne_str); 107 /* The front end marshaller doesn't need the trailing null */ 108 if (argp->buf.result != NULL) 109 be->buflen = strlen(be->buffer); 110 111 result_au2str: 112 (void) __ns_ldap_freeResult(&be->result); 113 return ((int)nss_result); 114 } 115 116 117 static nss_status_t 118 getbyname(ldap_backend_ptr be, void *a) 119 { 120 char searchfilter[SEARCHFILTERLEN]; 121 char userdata[SEARCHFILTERLEN]; 122 char name[SEARCHFILTERLEN]; 123 nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 124 int ret; 125 126 if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0) 127 return ((nss_status_t)NSS_NOTFOUND); 128 129 ret = snprintf(searchfilter, sizeof (searchfilter), 130 _AU_GETAUUSERNAME, name); 131 132 if (ret >= sizeof (searchfilter) || ret < 0) 133 return ((nss_status_t)NSS_NOTFOUND); 134 135 ret = snprintf(userdata, sizeof (userdata), 136 _AU_GETAUUSERNAME_SSD, name); 137 138 if (ret >= sizeof (userdata) || ret < 0) 139 return ((nss_status_t)NSS_NOTFOUND); 140 141 return (_nss_ldap_lookup(be, argp, _AUUSER, searchfilter, NULL, 142 _merge_SSD_filter, userdata)); 143 } 144 145 146 static ldap_backend_op_t auuser_ops[] = { 147 _nss_ldap_destr, 148 _nss_ldap_endent, 149 _nss_ldap_setent, 150 _nss_ldap_getent, 151 getbyname 152 }; 153 154 155 /*ARGSUSED0*/ 156 nss_backend_t * 157 _nss_ldap_audit_user_constr(const char *dummy1, 158 const char *dummy2, 159 const char *dummy3, 160 const char *dummy4, 161 const char *dummy5) 162 { 163 return ((nss_backend_t *)_nss_ldap_constr(auuser_ops, 164 sizeof (auuser_ops)/sizeof (auuser_ops[0]), _AUUSER, 165 auuser_attrs, _nss_ldap_au2str)); 166 } 167