1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 26 /* 27 * libidmap API 28 */ 29 30 #include <stdlib.h> 31 #include <sys/varargs.h> 32 #include <inttypes.h> 33 #include <errno.h> 34 #include <strings.h> 35 #include <ctype.h> 36 #include <sys/param.h> 37 #include <sys/types.h> 38 #include <sys/stat.h> 39 #include <dlfcn.h> 40 #include <libintl.h> 41 #include <ucontext.h> 42 #include <syslog.h> 43 #include "idmap_impl.h" 44 #include "idmap_cache.h" 45 46 /*LINTLIBRARY*/ 47 48 static struct timeval TIMEOUT = { 25, 0 }; 49 50 static int idmap_stat2errno(idmap_stat); 51 static idmap_stat idmap_strdupnull(char **, const char *); 52 53 #define __ITER_CREATE(itera, argu, handl, ityp)\ 54 if (handl == NULL) {\ 55 errno = EINVAL;\ 56 return (IDMAP_ERR_ARG);\ 57 }\ 58 itera = calloc(1, sizeof (*itera));\ 59 if (itera == NULL) {\ 60 errno = ENOMEM;\ 61 return (IDMAP_ERR_MEMORY);\ 62 }\ 63 argu = calloc(1, sizeof (*argu));\ 64 if (argu == NULL) {\ 65 free(itera);\ 66 errno = ENOMEM;\ 67 return (IDMAP_ERR_MEMORY);\ 68 }\ 69 itera->ih = handl;\ 70 itera->type = ityp;\ 71 itera->retcode = IDMAP_NEXT;\ 72 itera->limit = 1024;\ 73 itera->arg = argu; 74 75 76 #define __ITER_ERR_RETURN(itera, argu, xdr_argu, iretcod)\ 77 if (argu) {\ 78 xdr_free(xdr_argu, (caddr_t)argu);\ 79 free(argu);\ 80 }\ 81 if (itera)\ 82 free(itera);\ 83 return (iretcod); 84 85 86 #define __ITER_CHECK(itera, ityp)\ 87 if (itera == NULL) {\ 88 errno = EINVAL;\ 89 return (IDMAP_ERR_ARG);\ 90 }\ 91 if (itera->type != ityp) {\ 92 errno = EINVAL;\ 93 return (IDMAP_ERR_ARG);\ 94 } 95 96 /* 97 * Free memory allocated by libidmap API 98 * 99 * Input: 100 * ptr - memory to be freed 101 */ 102 void 103 idmap_free(void *ptr) 104 { 105 free(ptr); 106 } 107 108 109 #define MIN_STACK_NEEDS 65536 110 111 /* 112 * Create and Initialize idmap client handle for rpc/doors 113 * 114 * Output: 115 * handle - idmap handle 116 */ 117 idmap_stat 118 idmap_init(idmap_handle_t **handle) 119 { 120 CLIENT *clnt = NULL; 121 struct idmap_handle *hptr; 122 uint_t sendsz = 0; 123 stack_t st; 124 125 *handle = NULL; 126 hptr = (struct idmap_handle *)calloc(1, sizeof (*hptr)); 127 if (hptr == NULL) 128 return (IDMAP_ERR_MEMORY); 129 130 /* 131 * clnt_door_call() alloca()s sendsz bytes (twice too, once for 132 * the call args buffer and once for the call result buffer), so 133 * we want to pick a sendsz that will be large enough, but not 134 * too large. 135 */ 136 if (stack_getbounds(&st) == 0) { 137 /* 138 * Estimate how much stack space is left; 139 * st.ss_sp is the top of stack. 140 */ 141 if ((char *)&sendsz < (char *)st.ss_sp) 142 /* stack grows up */ 143 sendsz = ((char *)st.ss_sp - (char *)&sendsz); 144 else 145 /* stack grows down */ 146 sendsz = ((char *)&sendsz - (char *)st.ss_sp); 147 148 if (sendsz <= MIN_STACK_NEEDS) { 149 sendsz = 0; /* RPC call may fail */ 150 } else { 151 /* Leave 64Kb (just a guess) for our needs */ 152 sendsz -= MIN_STACK_NEEDS; 153 154 /* Divide the stack space left by two */ 155 sendsz = RNDUP(sendsz / 2); 156 157 /* Limit sendsz to 256KB */ 158 if (sendsz > IDMAP_MAX_DOOR_RPC) 159 sendsz = IDMAP_MAX_DOOR_RPC; 160 } 161 } 162 163 clnt = clnt_door_create(IDMAP_PROG, IDMAP_V1, sendsz); 164 if (clnt == NULL) { 165 free(hptr); 166 return (IDMAP_ERR_RPC); 167 } 168 hptr->type = _IDMAP_HANDLE_RPC_DOORS; 169 hptr->privhandle = clnt; 170 *handle = hptr; 171 return (IDMAP_SUCCESS); 172 } 173 174 175 /* 176 * Finalize idmap handle 177 * 178 * Input: 179 * handle - idmap handle 180 */ 181 idmap_stat 182 idmap_fini(idmap_handle_t *handle) 183 { 184 CLIENT *clnt; 185 struct idmap_handle *hptr; 186 187 if (handle == NULL) 188 return (IDMAP_SUCCESS); 189 190 hptr = (struct idmap_handle *)handle; 191 192 switch (hptr->type) { 193 case _IDMAP_HANDLE_RPC_DOORS: 194 clnt = (CLIENT *)hptr->privhandle; 195 if (clnt) { 196 if (clnt->cl_auth) 197 auth_destroy(clnt->cl_auth); 198 clnt_destroy(clnt); 199 } 200 break; 201 default: 202 break; 203 } 204 free(hptr); 205 return (IDMAP_SUCCESS); 206 } 207 208 209 static idmap_stat 210 idmap_get_prop(idmap_handle_t *handle, idmap_prop_type pr, idmap_prop_res *res) 211 { 212 CLIENT *clnt; 213 enum clnt_stat clntstat; 214 215 216 (void) memset(res, 0, sizeof (*res)); 217 _IDMAP_GET_CLIENT_HANDLE(handle, clnt); 218 219 clntstat = clnt_call(clnt, IDMAP_GET_PROP, 220 (xdrproc_t)xdr_idmap_prop_type, (caddr_t)&pr, 221 (xdrproc_t)xdr_idmap_prop_res, (caddr_t)res, TIMEOUT); 222 223 if (clntstat != RPC_SUCCESS) { 224 return (_idmap_rpc2stat(clnt)); 225 } 226 227 return (res->retcode); /* This might not be IDMAP_SUCCESS! */ 228 } 229 230 231 idmap_stat 232 idmap_get_prop_ds(idmap_handle_t *handle, idmap_prop_type pr, 233 idmap_ad_disc_ds_t *dc) 234 { 235 idmap_prop_res res; 236 idmap_stat rc = IDMAP_SUCCESS; 237 238 rc = idmap_get_prop(handle, pr, &res); 239 if (rc < 0) 240 return (rc); 241 242 dc->port = res.value.idmap_prop_val_u.dsval.port; 243 (void) strlcpy(dc->host, res.value.idmap_prop_val_u.dsval.host, 244 AD_DISC_MAXHOSTNAME); 245 246 /* xdr doesn't guarantee 0-termination of char[]: */ 247 dc->host[AD_DISC_MAXHOSTNAME - 1] = '\0'; 248 249 return (rc); 250 } 251 252 253 /* 254 * Sometimes the property is not set. In that case, str is set to NULL but 255 * otherwise IDMAP_SUCCESS is returned. 256 */ 257 idmap_stat 258 idmap_get_prop_str(idmap_handle_t *handle, idmap_prop_type pr, char **str) 259 { 260 idmap_prop_res res; 261 idmap_stat rc = IDMAP_SUCCESS; 262 263 rc = idmap_get_prop(handle, pr, &res); 264 if (rc < 0) 265 return (rc); 266 267 rc = idmap_strdupnull(str, res.value.idmap_prop_val_u.utf8val); 268 return (rc); 269 } 270 271 /* 272 * Create/Initialize handle for updates 273 * 274 * Output: 275 * udthandle - update handle 276 */ 277 idmap_stat 278 idmap_udt_create(idmap_handle_t *handle, idmap_udt_handle_t **udthandle) 279 { 280 idmap_udt_handle_t *tmp; 281 282 if (handle == NULL || udthandle == NULL) { 283 errno = EINVAL; 284 return (IDMAP_ERR_ARG); 285 } 286 if ((tmp = calloc(1, sizeof (*tmp))) == NULL) { 287 errno = ENOMEM; 288 return (IDMAP_ERR_MEMORY); 289 } 290 291 tmp->ih = handle; 292 *udthandle = tmp; 293 return (IDMAP_SUCCESS); 294 } 295 296 297 /* 298 * All the updates specified by the update handle are committed 299 * in a single transaction. i.e either all succeed or none. 300 * 301 * Input: 302 * udthandle - update handle with the update requests 303 * 304 * Return value: 305 * Status of the commit 306 */ 307 idmap_stat 308 idmap_udt_commit(idmap_udt_handle_t *udthandle) 309 { 310 CLIENT *clnt; 311 enum clnt_stat clntstat; 312 idmap_update_res res; 313 idmap_stat retcode; 314 315 if (udthandle == NULL) { 316 errno = EINVAL; 317 return (IDMAP_ERR_ARG); 318 } 319 320 (void) memset(&res, 0, sizeof (res)); 321 322 _IDMAP_GET_CLIENT_HANDLE(udthandle->ih, clnt); 323 clntstat = clnt_call(clnt, IDMAP_UPDATE, 324 (xdrproc_t)xdr_idmap_update_batch, (caddr_t)&udthandle->batch, 325 (xdrproc_t)xdr_idmap_update_res, (caddr_t)&res, 326 TIMEOUT); 327 328 if (clntstat != RPC_SUCCESS) { 329 retcode = _idmap_rpc2stat(clnt); 330 goto out; 331 } 332 333 retcode = udthandle->commit_stat = res.retcode; 334 udthandle->error_index = res.error_index; 335 336 if (retcode != IDMAP_SUCCESS) { 337 338 if (udthandle->error_index < 0) 339 goto out; 340 341 retcode = idmap_namerule_cpy(&udthandle->error_rule, 342 &res.error_rule); 343 if (retcode != IDMAP_SUCCESS) { 344 udthandle->error_index = -2; 345 goto out; 346 } 347 348 retcode = idmap_namerule_cpy(&udthandle->conflict_rule, 349 &res.conflict_rule); 350 if (retcode != IDMAP_SUCCESS) { 351 udthandle->error_index = -2; 352 goto out; 353 } 354 } 355 356 retcode = res.retcode; 357 358 359 out: 360 /* reset handle so that it can be used again */ 361 if (retcode == IDMAP_SUCCESS) { 362 _IDMAP_RESET_UDT_HANDLE(udthandle); 363 } 364 365 (void) xdr_free(xdr_idmap_update_res, (caddr_t)&res); 366 errno = idmap_stat2errno(retcode); 367 return (retcode); 368 } 369 370 371 static void 372 idmap_namerule_parts_clear(char **windomain, char **winname, 373 char **unixname, boolean_t *is_user, boolean_t *is_wuser, 374 boolean_t *is_nt4, int *direction) 375 { 376 if (windomain) 377 *windomain = NULL; 378 if (winname) 379 *winname = NULL; 380 if (unixname) 381 *unixname = NULL; 382 383 if (is_nt4) 384 *is_nt4 = 0; 385 if (is_user) 386 *is_user = -1; 387 if (is_wuser) 388 *is_wuser = -1; 389 if (direction) 390 *direction = IDMAP_DIRECTION_UNDEF; 391 } 392 393 static idmap_stat 394 idmap_namerule2parts(idmap_namerule *rule, 395 char **windomain, char **winname, 396 char **unixname, boolean_t *is_user, boolean_t *is_wuser, 397 boolean_t *is_nt4, int *direction) 398 { 399 idmap_stat retcode; 400 401 if (EMPTY_STRING(rule->winname) && EMPTY_STRING(rule->unixname)) 402 return (IDMAP_ERR_NORESULT); 403 404 405 retcode = idmap_strdupnull(windomain, rule->windomain); 406 if (retcode != IDMAP_SUCCESS) 407 goto errout; 408 409 retcode = idmap_strdupnull(winname, rule->winname); 410 if (retcode != IDMAP_SUCCESS) 411 goto errout; 412 413 retcode = idmap_strdupnull(unixname, rule->unixname); 414 if (retcode != IDMAP_SUCCESS) 415 goto errout; 416 417 418 if (is_user) 419 *is_user = rule->is_user; 420 if (is_wuser) 421 *is_wuser = rule->is_wuser; 422 if (is_nt4) 423 *is_nt4 = rule->is_nt4; 424 if (direction) 425 *direction = rule->direction; 426 427 428 return (IDMAP_SUCCESS); 429 430 errout: 431 if (windomain && *windomain) 432 free(*windomain); 433 if (winname && *winname) 434 free(*winname); 435 if (unixname && *unixname) 436 free(*unixname); 437 438 idmap_namerule_parts_clear(windomain, winname, 439 unixname, is_user, is_wuser, is_nt4, direction); 440 441 return (retcode); 442 443 } 444 445 /* 446 * Retrieve the index of the failed batch element. error_index == -1 447 * indicates failure at the beginning, -2 at the end. 448 * 449 * If idmap_udt_commit didn't return error, the returned value is undefined. 450 * 451 * Return value: 452 * IDMAP_SUCCESS 453 */ 454 455 idmap_stat 456 idmap_udt_get_error_index(idmap_udt_handle_t *udthandle, 457 int64_t *error_index) 458 { 459 if (error_index) 460 *error_index = udthandle->error_index; 461 462 return (IDMAP_SUCCESS); 463 } 464 465 466 /* 467 * Retrieve the rule which caused the batch to fail. If 468 * idmap_udt_commit didn't return error or if error_index is < 0, the 469 * retrieved rule is undefined. 470 * 471 * Return value: 472 * IDMAP_ERR_NORESULT if there is no error rule. 473 * IDMAP_SUCCESS if the rule was obtained OK. 474 * other error code (IDMAP_ERR_NOMEMORY etc) 475 */ 476 477 idmap_stat 478 idmap_udt_get_error_rule(idmap_udt_handle_t *udthandle, 479 char **windomain, char **winname, 480 char **unixname, boolean_t *is_user, boolean_t *is_wuser, 481 boolean_t *is_nt4, int *direction) 482 { 483 idmap_namerule_parts_clear(windomain, winname, 484 unixname, is_user, is_wuser, is_nt4, direction); 485 486 if (udthandle->commit_stat == IDMAP_SUCCESS || 487 udthandle->error_index < 0) 488 return (IDMAP_ERR_NORESULT); 489 490 return (idmap_namerule2parts( 491 &udthandle->error_rule, 492 windomain, 493 winname, 494 unixname, 495 is_user, 496 is_wuser, 497 is_nt4, 498 direction)); 499 } 500 501 /* 502 * Retrieve the rule with which there was a conflict. TODO: retrieve 503 * the value. 504 * 505 * Return value: 506 * IDMAP_ERR_NORESULT if there is no error rule. 507 * IDMAP_SUCCESS if the rule was obtained OK. 508 * other error code (IDMAP_ERR_NOMEMORY etc) 509 */ 510 511 idmap_stat 512 idmap_udt_get_conflict_rule(idmap_udt_handle_t *udthandle, 513 char **windomain, char **winname, 514 char **unixname, boolean_t *is_user, boolean_t *is_wuser, 515 boolean_t *is_nt4, int *direction) 516 { 517 idmap_namerule_parts_clear(windomain, winname, 518 unixname, is_user, is_wuser, is_nt4, direction); 519 520 if (udthandle->commit_stat != IDMAP_ERR_W2U_NAMERULE_CONFLICT && 521 udthandle->commit_stat != IDMAP_ERR_U2W_NAMERULE_CONFLICT) { 522 return (IDMAP_ERR_NORESULT); 523 } 524 525 return (idmap_namerule2parts( 526 &udthandle->conflict_rule, 527 windomain, 528 winname, 529 unixname, 530 is_user, 531 is_wuser, 532 is_nt4, 533 direction)); 534 } 535 536 537 /* 538 * Destroy the update handle 539 */ 540 void 541 idmap_udt_destroy(idmap_udt_handle_t *udthandle) 542 { 543 if (udthandle == NULL) 544 return; 545 (void) xdr_free(xdr_idmap_update_batch, (caddr_t)&udthandle->batch); 546 (void) xdr_free(xdr_idmap_namerule, (caddr_t)&udthandle->error_rule); 547 (void) xdr_free(xdr_idmap_namerule, (caddr_t)&udthandle->conflict_rule); 548 free(udthandle); 549 } 550 551 552 idmap_stat 553 idmap_udt_add_namerule(idmap_udt_handle_t *udthandle, const char *windomain, 554 boolean_t is_user, boolean_t is_wuser, const char *winname, 555 const char *unixname, boolean_t is_nt4, int direction) 556 { 557 idmap_retcode retcode; 558 idmap_namerule *rule = NULL; 559 560 retcode = _udt_extend_batch(udthandle); 561 if (retcode != IDMAP_SUCCESS) 562 goto errout; 563 564 rule = &udthandle->batch. 565 idmap_update_batch_val[udthandle->next]. 566 idmap_update_op_u.rule; 567 rule->is_user = is_user; 568 rule->is_wuser = is_wuser; 569 rule->direction = direction; 570 rule->is_nt4 = is_nt4; 571 572 retcode = idmap_strdupnull(&rule->windomain, windomain); 573 if (retcode != IDMAP_SUCCESS) 574 goto errout; 575 576 retcode = idmap_strdupnull(&rule->winname, winname); 577 if (retcode != IDMAP_SUCCESS) 578 goto errout; 579 580 retcode = idmap_strdupnull(&rule->unixname, unixname); 581 if (retcode != IDMAP_SUCCESS) 582 goto errout; 583 584 udthandle->batch.idmap_update_batch_val[udthandle->next].opnum = 585 OP_ADD_NAMERULE; 586 udthandle->next++; 587 return (IDMAP_SUCCESS); 588 589 errout: 590 /* The batch should still be usable */ 591 if (rule) 592 (void) xdr_free(xdr_idmap_namerule, (caddr_t)rule); 593 errno = idmap_stat2errno(retcode); 594 return (retcode); 595 } 596 597 598 /* ARGSUSED */ 599 idmap_stat 600 idmap_udt_rm_namerule(idmap_udt_handle_t *udthandle, boolean_t is_user, 601 boolean_t is_wuser, const char *windomain, const char *winname, 602 const char *unixname, int direction) 603 { 604 idmap_retcode retcode; 605 idmap_namerule *rule = NULL; 606 607 retcode = _udt_extend_batch(udthandle); 608 if (retcode != IDMAP_SUCCESS) 609 goto errout; 610 611 rule = &udthandle->batch. 612 idmap_update_batch_val[udthandle->next]. 613 idmap_update_op_u.rule; 614 rule->is_user = is_user; 615 rule->is_wuser = is_wuser; 616 rule->direction = direction; 617 618 retcode = idmap_strdupnull(&rule->windomain, windomain); 619 if (retcode != IDMAP_SUCCESS) 620 goto errout; 621 622 retcode = idmap_strdupnull(&rule->winname, winname); 623 if (retcode != IDMAP_SUCCESS) 624 goto errout; 625 626 retcode = idmap_strdupnull(&rule->unixname, unixname); 627 if (retcode != IDMAP_SUCCESS) 628 goto errout; 629 630 udthandle->batch.idmap_update_batch_val[udthandle->next].opnum = 631 OP_RM_NAMERULE; 632 udthandle->next++; 633 return (IDMAP_SUCCESS); 634 635 errout: 636 if (rule) 637 (void) xdr_free(xdr_idmap_namerule, (caddr_t)rule); 638 errno = idmap_stat2errno(retcode); 639 return (retcode); 640 } 641 642 643 /* ARGSUSED */ 644 idmap_stat 645 idmap_udt_flush_namerules(idmap_udt_handle_t *udthandle) 646 { 647 idmap_retcode retcode; 648 649 retcode = _udt_extend_batch(udthandle); 650 if (retcode != IDMAP_SUCCESS) 651 goto errout; 652 653 udthandle->batch.idmap_update_batch_val[udthandle->next].opnum = 654 OP_FLUSH_NAMERULES; 655 udthandle->next++; 656 return (IDMAP_SUCCESS); 657 658 errout: 659 errno = idmap_stat2errno(retcode); 660 return (retcode); 661 } 662 663 664 /* 665 * Set the number of entries requested per batch by the iterator 666 * 667 * Input: 668 * iter - iterator 669 * limit - number of entries requested per batch 670 */ 671 idmap_stat 672 idmap_iter_set_limit(idmap_iter_t *iter, uint64_t limit) 673 { 674 if (iter == NULL) { 675 errno = EINVAL; 676 return (IDMAP_ERR_ARG); 677 } 678 iter->limit = limit; 679 return (IDMAP_SUCCESS); 680 } 681 682 683 /* 684 * Create iterator to get name-based mapping rules 685 * 686 * Input: 687 * windomain - Windows domain 688 * is_user - user or group rules 689 * winname - Windows user or group name 690 * unixname - Unix user or group name 691 * 692 * Output: 693 * iter - iterator 694 */ 695 idmap_stat 696 idmap_iter_namerules(idmap_handle_t *handle, const char *windomain, 697 boolean_t is_user, boolean_t is_wuser, const char *winname, 698 const char *unixname, idmap_iter_t **iter) 699 { 700 701 idmap_iter_t *tmpiter; 702 idmap_list_namerules_1_argument *arg = NULL; 703 idmap_namerule *rule; 704 idmap_retcode retcode; 705 706 __ITER_CREATE(tmpiter, arg, handle, IDMAP_LIST_NAMERULES); 707 708 rule = &arg->rule; 709 rule->is_user = is_user; 710 rule->is_wuser = is_wuser; 711 rule->direction = IDMAP_DIRECTION_UNDEF; 712 713 retcode = idmap_strdupnull(&rule->windomain, windomain); 714 if (retcode != IDMAP_SUCCESS) 715 goto errout; 716 717 retcode = idmap_strdupnull(&rule->winname, winname); 718 if (retcode != IDMAP_SUCCESS) 719 goto errout; 720 721 retcode = idmap_strdupnull(&rule->unixname, unixname); 722 if (retcode != IDMAP_SUCCESS) 723 goto errout; 724 725 *iter = tmpiter; 726 return (IDMAP_SUCCESS); 727 728 errout: 729 __ITER_ERR_RETURN(tmpiter, arg, 730 xdr_idmap_list_namerules_1_argument, retcode); 731 } 732 733 734 /* 735 * Iterate through the name-based mapping rules 736 * 737 * Input: 738 * iter - iterator 739 * 740 * Output: 741 * windomain - Windows domain 742 * winname - Windows user or group name 743 * unixname - Unix user or group name 744 * is_nt4 - NT4 or AD 745 * direction - bi(0), win2unix(1), unix2win(2) 746 * 747 * Return value: 748 * 0 - done 749 * 1 - more results available 750 * < 0 - error 751 */ 752 idmap_stat 753 idmap_iter_next_namerule(idmap_iter_t *iter, char **windomain, 754 char **winname, char **unixname, boolean_t *is_user, 755 boolean_t *is_wuser, boolean_t *is_nt4, int *direction) 756 { 757 idmap_namerules_res *namerules; 758 idmap_list_namerules_1_argument *arg; 759 idmap_retcode retcode; 760 761 idmap_namerule_parts_clear(windomain, winname, 762 unixname, is_user, is_wuser, is_nt4, direction); 763 764 765 __ITER_CHECK(iter, IDMAP_LIST_NAMERULES); 766 767 namerules = (idmap_namerules_res *)iter->retlist; 768 if (iter->retcode == IDMAP_NEXT && (namerules == NULL || 769 iter->next >= namerules->rules.rules_len)) { 770 771 if ((arg = iter->arg) == NULL) { 772 errno = EINVAL; 773 return (IDMAP_ERR_ARG); 774 } 775 arg->limit = iter->limit; 776 777 retcode = _iter_get_next_list(IDMAP_LIST_NAMERULES, 778 iter, arg, 779 (uchar_t **)&namerules, sizeof (*namerules), 780 (xdrproc_t)xdr_idmap_list_namerules_1_argument, 781 (xdrproc_t)xdr_idmap_namerules_res); 782 if (retcode != IDMAP_SUCCESS) 783 return (retcode); 784 785 if (IDMAP_ERROR(namerules->retcode)) { 786 retcode = namerules->retcode; 787 xdr_free(xdr_idmap_namerules_res, (caddr_t)namerules); 788 free(namerules); 789 iter->retlist = NULL; 790 return (retcode); 791 } 792 iter->retcode = namerules->retcode; 793 arg->lastrowid = namerules->lastrowid; 794 } 795 796 if (namerules == NULL || namerules->rules.rules_len == 0) 797 return (IDMAP_SUCCESS); 798 799 if (iter->next >= namerules->rules.rules_len) { 800 return (IDMAP_ERR_ARG); 801 } 802 803 retcode = idmap_strdupnull(windomain, 804 namerules->rules.rules_val[iter->next].windomain); 805 if (retcode != IDMAP_SUCCESS) 806 goto errout; 807 808 retcode = idmap_strdupnull(winname, 809 namerules->rules.rules_val[iter->next].winname); 810 if (retcode != IDMAP_SUCCESS) 811 goto errout; 812 813 retcode = idmap_strdupnull(unixname, 814 namerules->rules.rules_val[iter->next].unixname); 815 if (retcode != IDMAP_SUCCESS) 816 goto errout; 817 818 if (is_nt4) 819 *is_nt4 = namerules->rules.rules_val[iter->next].is_nt4; 820 if (is_user) 821 *is_user = namerules->rules.rules_val[iter->next].is_user; 822 if (is_wuser) 823 *is_wuser = namerules->rules.rules_val[iter->next].is_wuser; 824 if (direction) 825 *direction = namerules->rules.rules_val[iter->next].direction; 826 iter->next++; 827 828 if (iter->next == namerules->rules.rules_len) 829 return (iter->retcode); 830 else 831 return (IDMAP_NEXT); 832 833 errout: 834 if (windomain && *windomain) 835 free(*windomain); 836 if (winname && *winname) 837 free(*winname); 838 if (unixname && *unixname) 839 free(*unixname); 840 return (retcode); 841 } 842 843 844 /* 845 * Create iterator to get SID to UID/GID mappings 846 * 847 * Output: 848 * iter - iterator 849 */ 850 idmap_stat 851 idmap_iter_mappings(idmap_handle_t *handle, idmap_iter_t **iter, int flag) 852 { 853 idmap_iter_t *tmpiter; 854 idmap_list_mappings_1_argument *arg = NULL; 855 856 __ITER_CREATE(tmpiter, arg, handle, IDMAP_LIST_MAPPINGS); 857 858 arg->flag = flag; 859 *iter = tmpiter; 860 return (IDMAP_SUCCESS); 861 } 862 863 864 /* 865 * Iterate through the SID to UID/GID mappings 866 * 867 * Input: 868 * iter - iterator 869 * 870 * Output: 871 * sid - SID in canonical form 872 * pid - UID or GID 873 * 874 * Return value: 875 * 0 - done 876 * 1 - more results available 877 * < 0 - error 878 */ 879 idmap_stat 880 idmap_iter_next_mapping(idmap_iter_t *iter, char **sidprefix, 881 idmap_rid_t *rid, uid_t *pid, char **winname, 882 char **windomain, char **unixname, boolean_t *is_user, 883 boolean_t *is_wuser, int *direction, idmap_info *info) 884 { 885 idmap_mappings_res *mappings; 886 idmap_list_mappings_1_argument *arg; 887 idmap_retcode retcode; 888 char *str; 889 890 if (sidprefix) 891 *sidprefix = NULL; 892 if (rid) 893 *rid = UINT32_MAX; 894 if (winname) 895 *winname = NULL; 896 if (windomain) 897 *windomain = NULL; 898 if (unixname) 899 *unixname = NULL; 900 if (pid) 901 *pid = UINT32_MAX; 902 if (is_user) 903 *is_user = -1; 904 if (is_wuser) 905 *is_wuser = -1; 906 if (direction) 907 *direction = IDMAP_DIRECTION_UNDEF; 908 909 __ITER_CHECK(iter, IDMAP_LIST_MAPPINGS); 910 911 mappings = (idmap_mappings_res *)iter->retlist; 912 if (iter->retcode == IDMAP_NEXT && (mappings == NULL || 913 iter->next >= mappings->mappings.mappings_len)) { 914 915 if ((arg = iter->arg) == NULL) { 916 errno = EINVAL; 917 return (IDMAP_ERR_ARG); 918 } 919 arg->limit = iter->limit; 920 921 retcode = _iter_get_next_list(IDMAP_LIST_MAPPINGS, 922 iter, arg, 923 (uchar_t **)&mappings, sizeof (*mappings), 924 (xdrproc_t)xdr_idmap_list_mappings_1_argument, 925 (xdrproc_t)xdr_idmap_mappings_res); 926 if (retcode != IDMAP_SUCCESS) 927 return (retcode); 928 929 if (IDMAP_ERROR(mappings->retcode)) { 930 retcode = mappings->retcode; 931 xdr_free(xdr_idmap_mappings_res, (caddr_t)mappings); 932 free(mappings); 933 iter->retlist = NULL; 934 return (retcode); 935 } 936 iter->retcode = mappings->retcode; 937 arg->lastrowid = mappings->lastrowid; 938 } 939 940 if (mappings == NULL || mappings->mappings.mappings_len == 0) 941 return (IDMAP_SUCCESS); 942 943 if (iter->next >= mappings->mappings.mappings_len) { 944 return (IDMAP_ERR_ARG); 945 } 946 947 if (sidprefix) { 948 str = mappings->mappings.mappings_val[iter->next].id1. 949 idmap_id_u.sid.prefix; 950 if (str && *str != '\0') { 951 *sidprefix = strdup(str); 952 if (*sidprefix == NULL) { 953 retcode = IDMAP_ERR_MEMORY; 954 goto errout; 955 } 956 } 957 } 958 if (rid) 959 *rid = mappings->mappings.mappings_val[iter->next].id1. 960 idmap_id_u.sid.rid; 961 962 retcode = idmap_strdupnull(windomain, 963 mappings->mappings.mappings_val[iter->next].id1domain); 964 if (retcode != IDMAP_SUCCESS) 965 goto errout; 966 967 retcode = idmap_strdupnull(winname, 968 mappings->mappings.mappings_val[iter->next].id1name); 969 if (retcode != IDMAP_SUCCESS) 970 goto errout; 971 972 retcode = idmap_strdupnull(unixname, 973 mappings->mappings.mappings_val[iter->next].id2name); 974 if (retcode != IDMAP_SUCCESS) 975 goto errout; 976 977 978 if (pid) 979 *pid = mappings->mappings.mappings_val[iter->next].id2. 980 idmap_id_u.uid; 981 if (direction) 982 *direction = mappings->mappings.mappings_val[iter->next]. 983 direction; 984 if (is_user) 985 *is_user = (mappings->mappings.mappings_val[iter->next].id2 986 .idtype == IDMAP_UID)?1:0; 987 if (is_wuser) 988 *is_wuser = (mappings->mappings.mappings_val[iter->next].id1 989 .idtype == IDMAP_USID)?1:0; 990 991 if (info) { 992 retcode = idmap_info_cpy(info, 993 &mappings->mappings.mappings_val[iter->next].info); 994 if (retcode != IDMAP_SUCCESS) 995 goto errout; 996 } 997 iter->next++; 998 999 if (iter->next == mappings->mappings.mappings_len) 1000 return (iter->retcode); 1001 else 1002 return (IDMAP_NEXT); 1003 1004 errout: 1005 if (sidprefix && *sidprefix) 1006 free(*sidprefix); 1007 if (winname && *winname) 1008 free(*winname); 1009 if (windomain && *windomain) 1010 free(*windomain); 1011 if (unixname && *unixname) 1012 free(*unixname); 1013 return (retcode); 1014 } 1015 1016 1017 /* 1018 * Destroy the iterator 1019 */ 1020 void 1021 idmap_iter_destroy(idmap_iter_t *iter) 1022 { 1023 xdrproc_t _xdr_argument, _xdr_result; 1024 1025 if (iter == NULL) 1026 return; 1027 1028 switch (iter->type) { 1029 case IDMAP_LIST_NAMERULES: 1030 _xdr_argument = (xdrproc_t)xdr_idmap_list_namerules_1_argument; 1031 _xdr_result = (xdrproc_t)xdr_idmap_namerules_res; 1032 break; 1033 case IDMAP_LIST_MAPPINGS: 1034 _xdr_argument = (xdrproc_t)xdr_idmap_list_mappings_1_argument; 1035 _xdr_result = (xdrproc_t)xdr_idmap_mappings_res; 1036 break; 1037 default: 1038 free(iter); 1039 return; 1040 }; 1041 1042 if (iter->arg) { 1043 xdr_free(_xdr_argument, (caddr_t)iter->arg); 1044 free(iter->arg); 1045 } 1046 if (iter->retlist) { 1047 xdr_free(_xdr_result, (caddr_t)iter->retlist); 1048 free(iter->retlist); 1049 } 1050 free(iter); 1051 } 1052 1053 1054 /* 1055 * Create handle to get SID to UID/GID mapping entries 1056 * 1057 * Input: 1058 * gh - "get mapping" handle 1059 */ 1060 idmap_stat 1061 idmap_get_create(idmap_handle_t *handle, idmap_get_handle_t **gh) 1062 { 1063 idmap_get_handle_t *tmp; 1064 1065 /* sanity checks */ 1066 if (handle == NULL || gh == NULL) { 1067 errno = EINVAL; 1068 return (IDMAP_ERR_ARG); 1069 } 1070 1071 /* allocate the handle */ 1072 if ((tmp = calloc(1, sizeof (*tmp))) == NULL) { 1073 errno = ENOMEM; 1074 return (IDMAP_ERR_MEMORY); 1075 } 1076 1077 tmp->ih = handle; 1078 *gh = tmp; 1079 return (IDMAP_SUCCESS); 1080 } 1081 1082 1083 /* 1084 * Given SID, get UID 1085 * 1086 * Input: 1087 * sidprefix - SID prefix 1088 * rid - RID 1089 * flag - flag 1090 * 1091 * Output: 1092 * stat - status of the get request 1093 * uid - POSIX UID if stat = 0 1094 * 1095 * Note: The output parameters will be set by idmap_get_mappings() 1096 */ 1097 idmap_stat 1098 idmap_get_uidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, 1099 int flag, uid_t *uid, idmap_stat *stat) 1100 { 1101 return (idmap_getext_uidbysid(gh, sidprefix, rid, flag, uid, 1102 NULL, stat)); 1103 } 1104 1105 /* 1106 * Given SID, get UID 1107 * 1108 * Input: 1109 * sidprefix - SID prefix 1110 * rid - RID 1111 * flag - flag 1112 * 1113 * Output: 1114 * stat - status of the get request 1115 * uid - POSIX UID if stat = 0 1116 * how - mapping type if stat = 0 1117 * 1118 * Note: The output parameters will be set by idmap_get_mappings() 1119 */ 1120 1121 idmap_stat 1122 idmap_getext_uidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, 1123 int flag, uid_t *uid, idmap_info *info, idmap_stat *stat) 1124 { 1125 idmap_retcode retcode; 1126 idmap_mapping *mapping = NULL; 1127 1128 /* sanity checks */ 1129 if (gh == NULL) 1130 return (IDMAP_ERR_ARG); 1131 if (uid == NULL || sidprefix == NULL) 1132 return (IDMAP_ERR_ARG); 1133 1134 if ((flag & IDMAP_REQ_FLG_USE_CACHE) && 1135 !(flag & IDMAP_REQ_FLG_MAPPING_INFO)) { 1136 retcode = idmap_cache_lookup_uidbysid(sidprefix, rid, uid); 1137 if (retcode == IDMAP_SUCCESS || retcode == IDMAP_ERR_MEMORY) { 1138 *stat = retcode; 1139 return (retcode); 1140 } 1141 } 1142 1143 /* Extend the request array and the return list */ 1144 if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS) 1145 goto errout; 1146 1147 /* Setup the request */ 1148 mapping = &gh->batch.idmap_mapping_batch_val[gh->next]; 1149 mapping->flag = flag; 1150 mapping->id1.idtype = IDMAP_SID; 1151 mapping->id1.idmap_id_u.sid.rid = rid; 1152 if ((mapping->id1.idmap_id_u.sid.prefix = strdup(sidprefix)) == NULL) { 1153 retcode = IDMAP_ERR_MEMORY; 1154 goto errout; 1155 } 1156 mapping->id2.idtype = IDMAP_UID; 1157 1158 /* Setup pointers for the result */ 1159 gh->retlist[gh->next].idtype = IDMAP_UID; 1160 gh->retlist[gh->next].uid = uid; 1161 gh->retlist[gh->next].stat = stat; 1162 gh->retlist[gh->next].info = info; 1163 gh->retlist[gh->next].cache_res = flag & IDMAP_REQ_FLG_USE_CACHE; 1164 1165 gh->next++; 1166 return (IDMAP_SUCCESS); 1167 1168 errout: 1169 /* Batch created so far should still be usable */ 1170 if (mapping) 1171 (void) memset(mapping, 0, sizeof (*mapping)); 1172 errno = idmap_stat2errno(retcode); 1173 return (retcode); 1174 } 1175 1176 1177 /* 1178 * Given SID, get GID 1179 * 1180 * Input: 1181 * sidprefix - SID prefix 1182 * rid - rid 1183 * flag - flag 1184 * 1185 * Output: 1186 * stat - status of the get request 1187 * gid - POSIX GID if stat = 0 1188 * 1189 * Note: The output parameters will be set by idmap_get_mappings() 1190 */ 1191 idmap_stat 1192 idmap_get_gidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, 1193 int flag, gid_t *gid, idmap_stat *stat) 1194 { 1195 return (idmap_getext_gidbysid(gh, sidprefix, rid, flag, gid, 1196 NULL, stat)); 1197 } 1198 1199 1200 /* 1201 * Given SID, get GID 1202 * 1203 * Input: 1204 * sidprefix - SID prefix 1205 * rid - rid 1206 * flag - flag 1207 * 1208 * Output: 1209 * stat - status of the get request 1210 * gid - POSIX GID if stat = 0 1211 * how - mapping type if stat = 0 1212 * 1213 * Note: The output parameters will be set by idmap_get_mappings() 1214 */ 1215 idmap_stat 1216 idmap_getext_gidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, 1217 int flag, gid_t *gid, idmap_info *info, idmap_stat *stat) 1218 { 1219 1220 idmap_retcode retcode; 1221 idmap_mapping *mapping = NULL; 1222 1223 /* sanity checks */ 1224 if (gh == NULL) 1225 return (IDMAP_ERR_ARG); 1226 if (gid == NULL || sidprefix == NULL) 1227 return (IDMAP_ERR_ARG); 1228 1229 if ((flag & IDMAP_REQ_FLG_USE_CACHE) && 1230 !(flag & IDMAP_REQ_FLG_MAPPING_INFO)) { 1231 retcode = idmap_cache_lookup_gidbysid(sidprefix, rid, gid); 1232 if (retcode == IDMAP_SUCCESS || retcode == IDMAP_ERR_MEMORY) { 1233 *stat = retcode; 1234 return (retcode); 1235 } 1236 } 1237 1238 /* Extend the request array and the return list */ 1239 if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS) 1240 goto errout; 1241 1242 /* Setup the request */ 1243 mapping = &gh->batch.idmap_mapping_batch_val[gh->next]; 1244 mapping->flag = flag; 1245 mapping->id1.idtype = IDMAP_SID; 1246 mapping->id1.idmap_id_u.sid.rid = rid; 1247 if ((mapping->id1.idmap_id_u.sid.prefix = strdup(sidprefix)) == NULL) { 1248 retcode = IDMAP_ERR_MEMORY; 1249 goto errout; 1250 } 1251 mapping->id2.idtype = IDMAP_GID; 1252 1253 /* Setup pointers for the result */ 1254 gh->retlist[gh->next].idtype = IDMAP_GID; 1255 gh->retlist[gh->next].gid = gid; 1256 gh->retlist[gh->next].stat = stat; 1257 gh->retlist[gh->next].info = info; 1258 gh->retlist[gh->next].cache_res = flag & IDMAP_REQ_FLG_USE_CACHE; 1259 1260 gh->next++; 1261 return (IDMAP_SUCCESS); 1262 1263 errout: 1264 if (mapping) 1265 (void) memset(mapping, 0, sizeof (*mapping)); 1266 errno = idmap_stat2errno(retcode); 1267 return (retcode); 1268 } 1269 1270 1271 1272 /* 1273 * Given SID, get POSIX ID i.e. UID/GID 1274 * 1275 * Input: 1276 * sidprefix - SID prefix 1277 * rid - rid 1278 * flag - flag 1279 * 1280 * Output: 1281 * stat - status of the get request 1282 * is_user - user or group 1283 * pid - POSIX UID if stat = 0 and is_user = 1 1284 * POSIX GID if stat = 0 and is_user = 0 1285 * 1286 * Note: The output parameters will be set by idmap_get_mappings() 1287 */ 1288 idmap_stat 1289 idmap_get_pidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, 1290 int flag, uid_t *pid, int *is_user, idmap_stat *stat) 1291 { 1292 return (idmap_getext_pidbysid(gh, sidprefix, rid, flag, pid, is_user, 1293 NULL, stat)); 1294 } 1295 1296 1297 1298 /* 1299 * Given SID, get POSIX ID i.e. UID/GID 1300 * 1301 * Input: 1302 * sidprefix - SID prefix 1303 * rid - rid 1304 * flag - flag 1305 * 1306 * Output: 1307 * stat - status of the get request 1308 * is_user - user or group 1309 * pid - POSIX UID if stat = 0 and is_user = 1 1310 * POSIX GID if stat = 0 and is_user = 0 1311 * how - mapping type if stat = 0 1312 * 1313 * Note: The output parameters will be set by idmap_get_mappings() 1314 */ 1315 idmap_stat 1316 idmap_getext_pidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, 1317 int flag, uid_t *pid, int *is_user, idmap_info *info, idmap_stat *stat) 1318 { 1319 idmap_retcode retcode; 1320 idmap_mapping *mapping = NULL; 1321 1322 /* sanity checks */ 1323 if (gh == NULL) 1324 return (IDMAP_ERR_ARG); 1325 if (pid == NULL || sidprefix == NULL || is_user == NULL) 1326 return (IDMAP_ERR_ARG); 1327 1328 if ((flag & IDMAP_REQ_FLG_USE_CACHE) && 1329 !(flag & IDMAP_REQ_FLG_MAPPING_INFO)) { 1330 retcode = idmap_cache_lookup_pidbysid(sidprefix, rid, pid, 1331 is_user); 1332 if (retcode == IDMAP_SUCCESS || retcode == IDMAP_ERR_MEMORY) { 1333 *stat = retcode; 1334 return (retcode); 1335 } 1336 } 1337 1338 /* Extend the request array and the return list */ 1339 if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS) 1340 goto errout; 1341 1342 /* Setup the request */ 1343 mapping = &gh->batch.idmap_mapping_batch_val[gh->next]; 1344 mapping->flag = flag; 1345 mapping->id1.idtype = IDMAP_SID; 1346 mapping->id1.idmap_id_u.sid.rid = rid; 1347 if ((mapping->id1.idmap_id_u.sid.prefix = strdup(sidprefix)) == NULL) { 1348 retcode = IDMAP_ERR_MEMORY; 1349 goto errout; 1350 } 1351 mapping->id2.idtype = IDMAP_POSIXID; 1352 1353 /* Setup pointers for the result */ 1354 gh->retlist[gh->next].idtype = IDMAP_POSIXID; 1355 gh->retlist[gh->next].uid = pid; 1356 gh->retlist[gh->next].gid = pid; 1357 gh->retlist[gh->next].is_user = is_user; 1358 gh->retlist[gh->next].stat = stat; 1359 gh->retlist[gh->next].info = info; 1360 gh->retlist[gh->next].cache_res = flag & IDMAP_REQ_FLG_USE_CACHE; 1361 1362 gh->next++; 1363 return (IDMAP_SUCCESS); 1364 1365 errout: 1366 if (mapping) 1367 (void) memset(mapping, 0, sizeof (*mapping)); 1368 errno = idmap_stat2errno(retcode); 1369 return (retcode); 1370 } 1371 1372 1373 /* 1374 * Given UID, get SID 1375 * 1376 * Input: 1377 * uid - POSIX UID 1378 * flag - flag 1379 * 1380 * Output: 1381 * stat - status of the get request 1382 * sid - SID prefix (if stat == 0) 1383 * rid - rid 1384 * 1385 * Note: The output parameters will be set by idmap_get_mappings() 1386 */ 1387 idmap_stat 1388 idmap_get_sidbyuid(idmap_get_handle_t *gh, uid_t uid, int flag, 1389 char **sidprefix, idmap_rid_t *rid, idmap_stat *stat) 1390 { 1391 return (idmap_getext_sidbyuid(gh, uid, flag, sidprefix, rid, 1392 NULL, stat)); 1393 } 1394 1395 1396 /* 1397 * Given UID, get SID 1398 * 1399 * Input: 1400 * uid - POSIX UID 1401 * flag - flag 1402 * 1403 * Output: 1404 * stat - status of the get request 1405 * sid - SID prefix (if stat == 0) 1406 * rid - rid 1407 * how - mapping type if stat = 0 1408 * 1409 * Note: The output parameters will be set by idmap_get_mappings() 1410 */ 1411 idmap_stat 1412 idmap_getext_sidbyuid(idmap_get_handle_t *gh, uid_t uid, int flag, 1413 char **sidprefix, idmap_rid_t *rid, idmap_info *info, idmap_stat *stat) 1414 { 1415 1416 idmap_retcode retcode; 1417 idmap_mapping *mapping = NULL; 1418 1419 /* sanity checks */ 1420 if (gh == NULL) 1421 return (IDMAP_ERR_ARG); 1422 if (sidprefix == NULL) 1423 return (IDMAP_ERR_ARG); 1424 1425 if ((flag & IDMAP_REQ_FLG_USE_CACHE) && 1426 !(flag & IDMAP_REQ_FLG_MAPPING_INFO)) { 1427 retcode = idmap_cache_lookup_sidbyuid(sidprefix, rid, uid); 1428 if (retcode == IDMAP_SUCCESS || retcode == IDMAP_ERR_MEMORY) { 1429 *stat = retcode; 1430 return (retcode); 1431 } 1432 } 1433 1434 /* Extend the request array and the return list */ 1435 if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS) 1436 goto errout; 1437 1438 /* Setup the request */ 1439 mapping = &gh->batch.idmap_mapping_batch_val[gh->next]; 1440 mapping->flag = flag; 1441 mapping->id1.idtype = IDMAP_UID; 1442 mapping->id1.idmap_id_u.uid = uid; 1443 mapping->id2.idtype = IDMAP_SID; 1444 1445 /* Setup pointers for the result */ 1446 gh->retlist[gh->next].idtype = IDMAP_SID; 1447 gh->retlist[gh->next].sidprefix = sidprefix; 1448 gh->retlist[gh->next].rid = rid; 1449 gh->retlist[gh->next].stat = stat; 1450 gh->retlist[gh->next].info = info; 1451 gh->retlist[gh->next].cache_res = flag & IDMAP_REQ_FLG_USE_CACHE; 1452 1453 gh->next++; 1454 return (IDMAP_SUCCESS); 1455 1456 errout: 1457 if (mapping) 1458 (void) memset(mapping, 0, sizeof (*mapping)); 1459 errno = idmap_stat2errno(retcode); 1460 return (retcode); 1461 } 1462 1463 1464 /* 1465 * Given GID, get SID 1466 * 1467 * Input: 1468 * gid - POSIX GID 1469 * flag - flag 1470 * 1471 * Output: 1472 * stat - status of the get request 1473 * sidprefix - SID prefix (if stat == 0) 1474 * rid - rid 1475 * 1476 * Note: The output parameters will be set by idmap_get_mappings() 1477 */ 1478 idmap_stat 1479 idmap_get_sidbygid(idmap_get_handle_t *gh, gid_t gid, int flag, 1480 char **sidprefix, idmap_rid_t *rid, idmap_stat *stat) 1481 { 1482 return (idmap_getext_sidbygid(gh, gid, flag, sidprefix, rid, 1483 NULL, stat)); 1484 } 1485 1486 1487 /* 1488 * Given GID, get SID 1489 * 1490 * Input: 1491 * gid - POSIX GID 1492 * flag - flag 1493 * 1494 * Output: 1495 * stat - status of the get request 1496 * sidprefix - SID prefix (if stat == 0) 1497 * rid - rid 1498 * how - mapping type if stat = 0 1499 * 1500 * Note: The output parameters will be set by idmap_get_mappings() 1501 */ 1502 idmap_stat 1503 idmap_getext_sidbygid(idmap_get_handle_t *gh, gid_t gid, int flag, 1504 char **sidprefix, idmap_rid_t *rid, idmap_info *info, idmap_stat *stat) 1505 { 1506 1507 idmap_retcode retcode; 1508 idmap_mapping *mapping = NULL; 1509 1510 /* sanity checks */ 1511 if (gh == NULL) 1512 return (IDMAP_ERR_ARG); 1513 if (sidprefix == NULL) 1514 return (IDMAP_ERR_ARG); 1515 1516 if ((flag & IDMAP_REQ_FLG_USE_CACHE) && 1517 !(flag & IDMAP_REQ_FLG_MAPPING_INFO)) { 1518 retcode = idmap_cache_lookup_sidbygid(sidprefix, rid, gid); 1519 if (retcode == IDMAP_SUCCESS || retcode == IDMAP_ERR_MEMORY) { 1520 *stat = retcode; 1521 return (retcode); 1522 } 1523 } 1524 1525 /* Extend the request array and the return list */ 1526 if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS) 1527 goto errout; 1528 1529 /* Setup the request */ 1530 mapping = &gh->batch.idmap_mapping_batch_val[gh->next]; 1531 mapping->flag = flag; 1532 mapping->id1.idtype = IDMAP_GID; 1533 mapping->id1.idmap_id_u.gid = gid; 1534 mapping->id2.idtype = IDMAP_SID; 1535 1536 /* Setup pointers for the result */ 1537 gh->retlist[gh->next].idtype = IDMAP_SID; 1538 gh->retlist[gh->next].sidprefix = sidprefix; 1539 gh->retlist[gh->next].rid = rid; 1540 gh->retlist[gh->next].stat = stat; 1541 gh->retlist[gh->next].info = info; 1542 gh->retlist[gh->next].cache_res = flag & IDMAP_REQ_FLG_USE_CACHE; 1543 1544 gh->next++; 1545 return (IDMAP_SUCCESS); 1546 1547 errout: 1548 if (mapping) 1549 (void) memset(mapping, 0, sizeof (*mapping)); 1550 errno = idmap_stat2errno(retcode); 1551 return (retcode); 1552 } 1553 1554 1555 /* 1556 * Process the batched "get mapping" requests. The results (i.e. 1557 * status and identity) will be available in the data areas 1558 * provided by individual requests. 1559 */ 1560 idmap_stat 1561 idmap_get_mappings(idmap_get_handle_t *gh) 1562 { 1563 CLIENT *clnt; 1564 enum clnt_stat clntstat; 1565 idmap_retcode retcode; 1566 idmap_ids_res res; 1567 idmap_id *res_id; 1568 int i; 1569 idmap_id *req_id; 1570 int direction; 1571 1572 if (gh == NULL) { 1573 errno = EINVAL; 1574 return (IDMAP_ERR_ARG); 1575 } 1576 _IDMAP_GET_CLIENT_HANDLE(gh->ih, clnt); 1577 1578 (void) memset(&res, 0, sizeof (idmap_ids_res)); 1579 clntstat = clnt_call(clnt, IDMAP_GET_MAPPED_IDS, 1580 (xdrproc_t)xdr_idmap_mapping_batch, 1581 (caddr_t)&gh->batch, 1582 (xdrproc_t)xdr_idmap_ids_res, 1583 (caddr_t)&res, 1584 TIMEOUT); 1585 if (clntstat != RPC_SUCCESS) { 1586 retcode = _idmap_rpc2stat(clnt); 1587 goto out; 1588 } 1589 if (res.retcode != IDMAP_SUCCESS) { 1590 retcode = res.retcode; 1591 goto out; 1592 } 1593 for (i = 0; i < gh->next; i++) { 1594 if (i >= res.ids.ids_len) { 1595 *gh->retlist[i].stat = IDMAP_ERR_NORESULT; 1596 continue; 1597 } 1598 *gh->retlist[i].stat = res.ids.ids_val[i].retcode; 1599 res_id = &res.ids.ids_val[i].id; 1600 direction = res.ids.ids_val[i].direction; 1601 req_id = &gh->batch.idmap_mapping_batch_val[i].id1; 1602 switch (res_id->idtype) { 1603 case IDMAP_UID: 1604 if (gh->retlist[i].uid) 1605 *gh->retlist[i].uid = res_id->idmap_id_u.uid; 1606 if (gh->retlist[i].is_user) 1607 *gh->retlist[i].is_user = 1; 1608 1609 if (res.ids.ids_val[i].retcode == IDMAP_SUCCESS && 1610 gh->retlist[i].cache_res) { 1611 if (gh->retlist[i].is_user != NULL) 1612 idmap_cache_add_sid2pid( 1613 req_id->idmap_id_u.sid.prefix, 1614 req_id->idmap_id_u.sid.rid, 1615 res_id->idmap_id_u.uid, 1, 1616 direction); 1617 else 1618 idmap_cache_add_sid2uid( 1619 req_id->idmap_id_u.sid.prefix, 1620 req_id->idmap_id_u.sid.rid, 1621 res_id->idmap_id_u.uid, 1622 direction); 1623 } 1624 break; 1625 1626 case IDMAP_GID: 1627 if (gh->retlist[i].gid) 1628 *gh->retlist[i].gid = res_id->idmap_id_u.gid; 1629 if (gh->retlist[i].is_user) 1630 *gh->retlist[i].is_user = 0; 1631 1632 if (res.ids.ids_val[i].retcode == IDMAP_SUCCESS && 1633 gh->retlist[i].cache_res) { 1634 if (gh->retlist[i].is_user != NULL) 1635 idmap_cache_add_sid2pid( 1636 req_id->idmap_id_u.sid.prefix, 1637 req_id->idmap_id_u.sid.rid, 1638 res_id->idmap_id_u.gid, 0, 1639 direction); 1640 else 1641 idmap_cache_add_sid2gid( 1642 req_id->idmap_id_u.sid.prefix, 1643 req_id->idmap_id_u.sid.rid, 1644 res_id->idmap_id_u.gid, 1645 direction); 1646 } 1647 break; 1648 1649 case IDMAP_POSIXID: 1650 if (gh->retlist[i].uid) 1651 *gh->retlist[i].uid = 60001; 1652 if (gh->retlist[i].is_user) 1653 *gh->retlist[i].is_user = -1; 1654 break; 1655 1656 case IDMAP_SID: 1657 case IDMAP_USID: 1658 case IDMAP_GSID: 1659 if (gh->retlist[i].rid) 1660 *gh->retlist[i].rid = 1661 res_id->idmap_id_u.sid.rid; 1662 if (gh->retlist[i].sidprefix) { 1663 if (res_id->idmap_id_u.sid.prefix == NULL || 1664 *res_id->idmap_id_u.sid.prefix == '\0') { 1665 *gh->retlist[i].sidprefix = NULL; 1666 break; 1667 } 1668 *gh->retlist[i].sidprefix = 1669 strdup(res_id->idmap_id_u.sid.prefix); 1670 if (*gh->retlist[i].sidprefix == NULL) 1671 *gh->retlist[i].stat = 1672 IDMAP_ERR_MEMORY; 1673 } 1674 if (res.ids.ids_val[i].retcode == IDMAP_SUCCESS && 1675 gh->retlist[i].cache_res) { 1676 if (req_id->idtype == IDMAP_UID) 1677 idmap_cache_add_sid2uid( 1678 res_id->idmap_id_u.sid.prefix, 1679 res_id->idmap_id_u.sid.rid, 1680 req_id->idmap_id_u.uid, 1681 direction); 1682 else /* req_id->idtype == IDMAP_GID */ 1683 idmap_cache_add_sid2gid( 1684 res_id->idmap_id_u.sid.prefix, 1685 res_id->idmap_id_u.sid.rid, 1686 req_id->idmap_id_u.gid, 1687 direction); 1688 } 1689 break; 1690 1691 case IDMAP_NONE: 1692 break; 1693 1694 default: 1695 *gh->retlist[i].stat = IDMAP_ERR_NORESULT; 1696 break; 1697 } 1698 if (gh->retlist[i].info != NULL) 1699 (void) idmap_info_cpy(gh->retlist[i].info, 1700 &res.ids.ids_val[i].info); 1701 } 1702 retcode = IDMAP_SUCCESS; 1703 1704 out: 1705 _IDMAP_RESET_GET_HANDLE(gh); 1706 (void) xdr_free(xdr_idmap_ids_res, (caddr_t)&res); 1707 errno = idmap_stat2errno(retcode); 1708 return (retcode); 1709 } 1710 1711 1712 /* 1713 * Destroy the "get mapping" handle 1714 */ 1715 void 1716 idmap_get_destroy(idmap_get_handle_t *gh) 1717 { 1718 if (gh == NULL) 1719 return; 1720 (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch); 1721 if (gh->retlist) 1722 free(gh->retlist); 1723 free(gh); 1724 } 1725 1726 1727 /* 1728 * Get windows to unix mapping 1729 */ 1730 idmap_stat 1731 idmap_get_w2u_mapping(idmap_handle_t *handle, 1732 const char *sidprefix, idmap_rid_t *rid, 1733 const char *winname, const char *windomain, 1734 int flag, int *is_user, int *is_wuser, 1735 uid_t *pid, char **unixname, int *direction, idmap_info *info) 1736 { 1737 CLIENT *clnt; 1738 enum clnt_stat clntstat; 1739 idmap_mapping request, *mapping; 1740 idmap_mappings_res result; 1741 idmap_retcode retcode, rc; 1742 1743 if (handle == NULL) { 1744 errno = EINVAL; 1745 return (IDMAP_ERR_ARG); 1746 } 1747 1748 _IDMAP_GET_CLIENT_HANDLE(handle, clnt); 1749 1750 (void) memset(&request, 0, sizeof (request)); 1751 (void) memset(&result, 0, sizeof (result)); 1752 1753 if (pid) 1754 *pid = UINT32_MAX; 1755 if (unixname) 1756 *unixname = NULL; 1757 if (direction) 1758 *direction = IDMAP_DIRECTION_UNDEF; 1759 1760 request.flag = flag; 1761 request.id1.idtype = IDMAP_SID; 1762 if (sidprefix && rid) { 1763 request.id1.idmap_id_u.sid.prefix = (char *)sidprefix; 1764 request.id1.idmap_id_u.sid.rid = *rid; 1765 } else if (winname) { 1766 retcode = idmap_strdupnull(&request.id1name, winname); 1767 if (retcode != IDMAP_SUCCESS) 1768 goto out; 1769 1770 retcode = idmap_strdupnull(&request.id1domain, windomain); 1771 if (retcode != IDMAP_SUCCESS) 1772 goto out; 1773 1774 request.id1.idmap_id_u.sid.prefix = NULL; 1775 } else { 1776 errno = EINVAL; 1777 return (IDMAP_ERR_ARG); 1778 } 1779 1780 if (*is_user == 1) 1781 request.id2.idtype = IDMAP_UID; 1782 else if (*is_user == 0) 1783 request.id2.idtype = IDMAP_GID; 1784 else 1785 request.id2.idtype = IDMAP_POSIXID; 1786 1787 if (*is_wuser == 1) 1788 request.id1.idtype = IDMAP_USID; 1789 else if (*is_wuser == 0) 1790 request.id1.idtype = IDMAP_GSID; 1791 else 1792 request.id1.idtype = IDMAP_SID; 1793 1794 clntstat = clnt_call(clnt, IDMAP_GET_MAPPED_ID_BY_NAME, 1795 (xdrproc_t)xdr_idmap_mapping, (caddr_t)&request, 1796 (xdrproc_t)xdr_idmap_mappings_res, (caddr_t)&result, 1797 TIMEOUT); 1798 1799 if (clntstat != RPC_SUCCESS) 1800 return (_idmap_rpc2stat(clnt)); 1801 1802 retcode = result.retcode; 1803 1804 if ((mapping = result.mappings.mappings_val) == NULL) { 1805 if (retcode == IDMAP_SUCCESS) 1806 retcode = IDMAP_ERR_NORESULT; 1807 goto out; 1808 } 1809 1810 if (mapping->id2.idtype == IDMAP_UID) { 1811 *is_user = 1; 1812 } else if (mapping->id2.idtype == IDMAP_GID) { 1813 *is_user = 0; 1814 } else { 1815 goto out; 1816 } 1817 1818 if (mapping->id1.idtype == IDMAP_USID) { 1819 *is_wuser = 1; 1820 } else if (mapping->id1.idtype == IDMAP_GSID) { 1821 *is_wuser = 0; 1822 } else { 1823 goto out; 1824 } 1825 1826 if (direction) 1827 *direction = mapping->direction; 1828 if (pid) 1829 *pid = mapping->id2.idmap_id_u.uid; 1830 1831 rc = idmap_strdupnull(unixname, mapping->id2name); 1832 if (rc != IDMAP_SUCCESS) 1833 retcode = rc; 1834 1835 rc = idmap_info_cpy(info, &mapping->info); 1836 if (rc != IDMAP_SUCCESS) 1837 retcode = rc; 1838 1839 out: 1840 if (request.id1name != NULL) 1841 free(request.id1name); 1842 if (request.id1domain != NULL) 1843 free(request.id1domain); 1844 xdr_free(xdr_idmap_mappings_res, (caddr_t)&result); 1845 if (retcode != IDMAP_SUCCESS) 1846 errno = idmap_stat2errno(retcode); 1847 return (retcode); 1848 } 1849 1850 1851 /* 1852 * Get unix to windows mapping 1853 */ 1854 idmap_stat 1855 idmap_get_u2w_mapping(idmap_handle_t *handle, 1856 uid_t *pid, const char *unixname, 1857 int flag, int is_user, int *is_wuser, 1858 char **sidprefix, idmap_rid_t *rid, 1859 char **winname, char **windomain, 1860 int *direction, idmap_info *info) 1861 { 1862 CLIENT *clnt; 1863 enum clnt_stat clntstat; 1864 idmap_mapping request, *mapping; 1865 idmap_mappings_res result; 1866 idmap_retcode retcode, rc; 1867 1868 if (handle == NULL) { 1869 errno = EINVAL; 1870 return (IDMAP_ERR_ARG); 1871 } 1872 1873 _IDMAP_GET_CLIENT_HANDLE(handle, clnt); 1874 1875 if (sidprefix) 1876 *sidprefix = NULL; 1877 if (winname) 1878 *winname = NULL; 1879 if (windomain) 1880 *windomain = NULL; 1881 if (rid) 1882 *rid = UINT32_MAX; 1883 if (direction) 1884 *direction = IDMAP_DIRECTION_UNDEF; 1885 1886 (void) memset(&request, 0, sizeof (request)); 1887 (void) memset(&result, 0, sizeof (result)); 1888 1889 request.flag = flag; 1890 request.id1.idtype = is_user?IDMAP_UID:IDMAP_GID; 1891 1892 if (pid && *pid != UINT32_MAX) { 1893 request.id1.idmap_id_u.uid = *pid; 1894 } else if (unixname) { 1895 request.id1name = (char *)unixname; 1896 request.id1.idmap_id_u.uid = UINT32_MAX; 1897 } else { 1898 errno = EINVAL; 1899 return (IDMAP_ERR_ARG); 1900 } 1901 1902 if (is_wuser == NULL) 1903 request.id2.idtype = IDMAP_SID; 1904 else if (*is_wuser == -1) 1905 request.id2.idtype = IDMAP_SID; 1906 else if (*is_wuser == 0) 1907 request.id2.idtype = IDMAP_GSID; 1908 else if (*is_wuser == 1) 1909 request.id2.idtype = IDMAP_USID; 1910 1911 clntstat = clnt_call(clnt, IDMAP_GET_MAPPED_ID_BY_NAME, 1912 (xdrproc_t)xdr_idmap_mapping, (caddr_t)&request, 1913 (xdrproc_t)xdr_idmap_mappings_res, (caddr_t)&result, 1914 TIMEOUT); 1915 1916 if (clntstat != RPC_SUCCESS) 1917 return (_idmap_rpc2stat(clnt)); 1918 1919 retcode = result.retcode; 1920 1921 if ((mapping = result.mappings.mappings_val) == NULL) { 1922 if (retcode == IDMAP_SUCCESS) 1923 retcode = IDMAP_ERR_NORESULT; 1924 goto out; 1925 } 1926 1927 if (direction != NULL) 1928 *direction = mapping->direction; 1929 1930 if (is_wuser != NULL) { 1931 if (mapping->id2.idtype == IDMAP_USID) 1932 *is_wuser = 1; 1933 else if (mapping->id2.idtype == IDMAP_GSID) 1934 *is_wuser = 0; 1935 else 1936 *is_wuser = -1; 1937 } 1938 1939 if (sidprefix && mapping->id2.idmap_id_u.sid.prefix && 1940 *mapping->id2.idmap_id_u.sid.prefix != '\0') { 1941 *sidprefix = strdup(mapping->id2.idmap_id_u.sid.prefix); 1942 if (*sidprefix == NULL) { 1943 retcode = IDMAP_ERR_MEMORY; 1944 goto errout; 1945 } 1946 } 1947 if (rid) 1948 *rid = mapping->id2.idmap_id_u.sid.rid; 1949 1950 rc = idmap_strdupnull(winname, mapping->id2name); 1951 if (rc != IDMAP_SUCCESS) 1952 retcode = rc; 1953 1954 rc = idmap_strdupnull(windomain, mapping->id2domain); 1955 if (rc != IDMAP_SUCCESS) 1956 retcode = rc; 1957 1958 rc = idmap_info_cpy(info, &mapping->info); 1959 if (rc != IDMAP_SUCCESS) 1960 retcode = rc; 1961 1962 goto out; 1963 1964 errout: 1965 if (sidprefix && *sidprefix) { 1966 free(*sidprefix); 1967 *sidprefix = NULL; 1968 } 1969 if (winname && *winname) { 1970 free(*winname); 1971 *winname = NULL; 1972 } 1973 if (windomain && *windomain) { 1974 free(*windomain); 1975 *windomain = NULL; 1976 } 1977 1978 out: 1979 xdr_free(xdr_idmap_mappings_res, (caddr_t)&result); 1980 if (retcode != IDMAP_SUCCESS) 1981 errno = idmap_stat2errno(retcode); 1982 return (retcode); 1983 } 1984 1985 1986 1987 #define gettext(s) s 1988 static stat_table_t stattable[] = { 1989 {IDMAP_SUCCESS, gettext("Success"), 0}, 1990 {IDMAP_NEXT, gettext("More results available"), 0}, 1991 {IDMAP_ERR_OTHER, gettext("Undefined error"), EINVAL}, 1992 {IDMAP_ERR_INTERNAL, gettext("Internal error"), EINVAL}, 1993 {IDMAP_ERR_MEMORY, gettext("Out of memory"), ENOMEM}, 1994 {IDMAP_ERR_NORESULT, gettext("No results available"), EINVAL}, 1995 {IDMAP_ERR_NOTUSER, gettext("Not a user"), EINVAL}, 1996 {IDMAP_ERR_NOTGROUP, gettext("Not a group"), EINVAL}, 1997 {IDMAP_ERR_NOTSUPPORTED, gettext("Operation not supported"), ENOTSUP}, 1998 {IDMAP_ERR_W2U_NAMERULE, 1999 gettext("Invalid Windows to UNIX name-based rule"), EINVAL}, 2000 {IDMAP_ERR_U2W_NAMERULE, 2001 gettext("Invalid UNIX to Windows name-based rule"), EINVAL}, 2002 {IDMAP_ERR_CACHE, gettext("Invalid cache"), EINVAL}, 2003 {IDMAP_ERR_DB, gettext("Invalid database"), EINVAL}, 2004 {IDMAP_ERR_ARG, gettext("Invalid argument"), EINVAL}, 2005 {IDMAP_ERR_SID, gettext("Invalid SID"), EINVAL}, 2006 {IDMAP_ERR_IDTYPE, gettext("Invalid identity type"), EINVAL}, 2007 {IDMAP_ERR_RPC_HANDLE, gettext("Bad RPC handle"), EBADF}, 2008 {IDMAP_ERR_RPC, gettext("RPC error"), EINVAL}, 2009 {IDMAP_ERR_CLIENT_HANDLE, gettext("Bad client handle"), EINVAL}, 2010 {IDMAP_ERR_BUSY, gettext("Server is busy"), EBUSY}, 2011 {IDMAP_ERR_PERMISSION_DENIED, gettext("Permission denied"), EACCES}, 2012 {IDMAP_ERR_NOMAPPING, 2013 gettext("Mapping not found or inhibited"), EINVAL}, 2014 {IDMAP_ERR_NEW_ID_ALLOC_REQD, 2015 gettext("New mapping needs to be created"), EINVAL}, 2016 {IDMAP_ERR_DOMAIN, gettext("Invalid domain"), EINVAL}, 2017 {IDMAP_ERR_SECURITY, gettext("Security issue"), EINVAL}, 2018 {IDMAP_ERR_NOTFOUND, gettext("Not found"), EINVAL}, 2019 {IDMAP_ERR_DOMAIN_NOTFOUND, gettext("Domain not found"), EINVAL}, 2020 {IDMAP_ERR_UPDATE_NOTALLOWED, gettext("Update not allowed"), EINVAL}, 2021 {IDMAP_ERR_CFG, gettext("Configuration error"), EINVAL}, 2022 {IDMAP_ERR_CFG_CHANGE, gettext("Invalid configuration change"), EINVAL}, 2023 {IDMAP_ERR_NOTMAPPED_WELLKNOWN, 2024 gettext("No mapping for well-known SID"), EINVAL}, 2025 {IDMAP_ERR_RETRIABLE_NET_ERR, 2026 gettext("Windows lookup failed"), EINVAL}, 2027 {IDMAP_ERR_W2U_NAMERULE_CONFLICT, 2028 gettext("Duplicate rule or conflicts with an existing " 2029 "Windows to UNIX name-based rule"), EINVAL}, 2030 {IDMAP_ERR_U2W_NAMERULE_CONFLICT, 2031 gettext("Duplicate rule or conflicts with an existing " 2032 "Unix to Windows name-based rule"), EINVAL}, 2033 {IDMAP_ERR_BAD_UTF8, 2034 gettext("Invalid or illegal UTF-8 sequence found in " 2035 "a given Windows entity name or domain name"), EINVAL}, 2036 {IDMAP_ERR_NONE_GENERATED, 2037 gettext("Mapping not found and none created (see -c option)"), 2038 EINVAL}, 2039 {IDMAP_ERR_PROP_UNKNOWN, 2040 gettext("Undefined property"), 2041 EINVAL}, 2042 {IDMAP_ERR_NS_LDAP_CFG, 2043 gettext("Native LDAP configuration error"), EINVAL}, 2044 {IDMAP_ERR_NS_LDAP_PARTIAL, 2045 gettext("Partial result from Native LDAP"), EINVAL}, 2046 {IDMAP_ERR_NS_LDAP_OP_FAILED, 2047 gettext("Native LDAP operation failed"), EINVAL}, 2048 {IDMAP_ERR_NS_LDAP_BAD_WINNAME, 2049 gettext("Improper winname form found in Native LDAP"), EINVAL}, 2050 {IDMAP_ERR_NO_ACTIVEDIRECTORY, 2051 gettext("No AD servers"), 2052 EINVAL}, 2053 {-1, NULL, 0} 2054 }; 2055 #undef gettext 2056 2057 2058 /* 2059 * Get description of status code 2060 * 2061 * Input: 2062 * status - Status code returned by libidmap API call 2063 * 2064 * Return Value: 2065 * human-readable localized description of idmap_stat 2066 */ 2067 /* ARGSUSED */ 2068 const char * 2069 idmap_stat2string(idmap_handle_t *handle, idmap_stat status) 2070 { 2071 int i; 2072 2073 for (i = 0; stattable[i].msg; i++) { 2074 if (stattable[i].retcode == status) 2075 return (dgettext(TEXT_DOMAIN, stattable[i].msg)); 2076 } 2077 return (dgettext(TEXT_DOMAIN, "Unknown error")); 2078 } 2079 2080 2081 static int 2082 idmap_stat2errno(idmap_stat stat) 2083 { 2084 int i; 2085 for (i = 0; stattable[i].msg; i++) { 2086 if (stattable[i].retcode == stat) 2087 return (stattable[i].errnum); 2088 } 2089 return (EINVAL); 2090 } 2091 2092 2093 /* 2094 * Get status code from string 2095 */ 2096 idmap_stat 2097 idmap_string2stat(const char *str) 2098 { 2099 if (str == NULL) 2100 return (IDMAP_ERR_INTERNAL); 2101 2102 #define return_cmp(a) \ 2103 if (0 == strcmp(str, "IDMAP_ERR_" #a)) \ 2104 return (IDMAP_ERR_ ## a); 2105 2106 return_cmp(OTHER); 2107 return_cmp(INTERNAL); 2108 return_cmp(MEMORY); 2109 return_cmp(NORESULT); 2110 return_cmp(NOTUSER); 2111 return_cmp(NOTGROUP); 2112 return_cmp(NOTSUPPORTED); 2113 return_cmp(W2U_NAMERULE); 2114 return_cmp(U2W_NAMERULE); 2115 return_cmp(CACHE); 2116 return_cmp(DB); 2117 return_cmp(ARG); 2118 return_cmp(SID); 2119 return_cmp(IDTYPE); 2120 return_cmp(RPC_HANDLE); 2121 return_cmp(RPC); 2122 return_cmp(CLIENT_HANDLE); 2123 return_cmp(BUSY); 2124 return_cmp(PERMISSION_DENIED); 2125 return_cmp(NOMAPPING); 2126 return_cmp(NEW_ID_ALLOC_REQD); 2127 return_cmp(DOMAIN); 2128 return_cmp(SECURITY); 2129 return_cmp(NOTFOUND); 2130 return_cmp(DOMAIN_NOTFOUND); 2131 return_cmp(MEMORY); 2132 return_cmp(UPDATE_NOTALLOWED); 2133 return_cmp(CFG); 2134 return_cmp(CFG_CHANGE); 2135 return_cmp(NOTMAPPED_WELLKNOWN); 2136 return_cmp(RETRIABLE_NET_ERR); 2137 return_cmp(W2U_NAMERULE_CONFLICT); 2138 return_cmp(U2W_NAMERULE_CONFLICT); 2139 return_cmp(BAD_UTF8); 2140 return_cmp(NONE_GENERATED); 2141 return_cmp(PROP_UNKNOWN); 2142 return_cmp(NS_LDAP_CFG); 2143 return_cmp(NS_LDAP_PARTIAL); 2144 return_cmp(NS_LDAP_OP_FAILED); 2145 return_cmp(NS_LDAP_BAD_WINNAME); 2146 return_cmp(NO_ACTIVEDIRECTORY); 2147 #undef return_cmp 2148 2149 return (IDMAP_ERR_OTHER); 2150 } 2151 2152 2153 /* 2154 * Map the given status to one that can be returned by the protocol 2155 */ 2156 idmap_stat 2157 idmap_stat4prot(idmap_stat status) 2158 { 2159 switch (status) { 2160 case IDMAP_ERR_MEMORY: 2161 case IDMAP_ERR_CACHE: 2162 return (IDMAP_ERR_INTERNAL); 2163 } 2164 return (status); 2165 } 2166 2167 2168 /* 2169 * This is a convenience routine which duplicates a string after 2170 * checking for NULL pointers. This function will return success if 2171 * either the 'to' OR 'from' pointers are NULL. 2172 */ 2173 static idmap_stat 2174 idmap_strdupnull(char **to, const char *from) 2175 { 2176 if (to == NULL) 2177 return (IDMAP_SUCCESS); 2178 2179 if (from == NULL || *from == '\0') { 2180 *to = NULL; 2181 return (IDMAP_SUCCESS); 2182 } 2183 2184 *to = strdup(from); 2185 if (*to == NULL) 2186 return (IDMAP_ERR_MEMORY); 2187 return (IDMAP_SUCCESS); 2188 } 2189 2190 2191 idmap_stat 2192 idmap_namerule_cpy(idmap_namerule *to, idmap_namerule *from) 2193 { 2194 idmap_stat retval; 2195 2196 if (to == NULL) 2197 return (IDMAP_SUCCESS); 2198 2199 (void) memcpy(to, from, sizeof (idmap_namerule)); 2200 to->windomain = NULL; 2201 to->winname = NULL; 2202 to->unixname = NULL; 2203 2204 retval = idmap_strdupnull(&to->windomain, from->windomain); 2205 if (retval != IDMAP_SUCCESS) 2206 return (retval); 2207 2208 retval = idmap_strdupnull(&to->winname, from->winname); 2209 if (retval != IDMAP_SUCCESS) { 2210 free(to->windomain); 2211 to->windomain = NULL; 2212 return (retval); 2213 } 2214 2215 retval = idmap_strdupnull(&to->unixname, from->unixname); 2216 if (retval != IDMAP_SUCCESS) { 2217 free(to->windomain); 2218 to->windomain = NULL; 2219 free(to->winname); 2220 to->winname = NULL; 2221 return (retval); 2222 } 2223 2224 return (retval); 2225 } 2226 2227 2228 static 2229 idmap_stat 2230 idmap_how_ds_based_cpy(idmap_how_ds_based *to, idmap_how_ds_based *from) 2231 { 2232 idmap_stat retval; 2233 2234 if (to == NULL) 2235 return (IDMAP_SUCCESS); 2236 2237 retval = idmap_strdupnull(&to->dn, from->dn); 2238 if (retval != IDMAP_SUCCESS) 2239 return (retval); 2240 2241 retval = idmap_strdupnull(&to->attr, from->attr); 2242 if (retval != IDMAP_SUCCESS) { 2243 free(to->dn); 2244 to->dn = NULL; 2245 return (retval); 2246 } 2247 2248 retval = idmap_strdupnull(&to->value, from->value); 2249 if (retval != IDMAP_SUCCESS) { 2250 free(to->dn); 2251 to->dn = NULL; 2252 free(to->attr); 2253 to->attr = NULL; 2254 return (retval); 2255 } 2256 2257 return (retval); 2258 } 2259 2260 idmap_stat 2261 idmap_info_cpy(idmap_info *to, idmap_info *from) 2262 { 2263 idmap_stat retval = IDMAP_SUCCESS; 2264 2265 if (to == NULL) 2266 return (IDMAP_SUCCESS); 2267 2268 (void) memset(to, 0, sizeof (idmap_info)); 2269 2270 to->src = from->src; 2271 to->how.map_type = from->how.map_type; 2272 switch (to->how.map_type) { 2273 case IDMAP_MAP_TYPE_DS_AD: 2274 retval = idmap_how_ds_based_cpy(&to->how.idmap_how_u.ad, 2275 &from->how.idmap_how_u.ad); 2276 break; 2277 2278 case IDMAP_MAP_TYPE_DS_NLDAP: 2279 retval = idmap_how_ds_based_cpy(&to->how.idmap_how_u.nldap, 2280 &from->how.idmap_how_u.nldap); 2281 break; 2282 2283 case IDMAP_MAP_TYPE_RULE_BASED: 2284 retval = idmap_namerule_cpy(&to->how.idmap_how_u.rule, 2285 &from->how.idmap_how_u.rule); 2286 break; 2287 2288 case IDMAP_MAP_TYPE_EPHEMERAL: 2289 break; 2290 2291 case IDMAP_MAP_TYPE_LOCAL_SID: 2292 break; 2293 2294 case IDMAP_MAP_TYPE_KNOWN_SID: 2295 break; 2296 2297 case IDMAP_MAP_TYPE_IDMU: 2298 retval = idmap_how_ds_based_cpy(&to->how.idmap_how_u.idmu, 2299 &from->how.idmap_how_u.idmu); 2300 break; 2301 } 2302 return (retval); 2303 } 2304 2305 2306 /* 2307 * This routine is similar to idmap_info_cpy, but the strings 2308 * are moved from the "from" info to the "to" info. 2309 * This routine is equivalent to: 2310 * 2311 * idmap_info_cpy(to,from); 2312 * idmap_info_free(from); 2313 */ 2314 idmap_stat 2315 idmap_info_mov(idmap_info *to, idmap_info *from) 2316 { 2317 idmap_stat retval = IDMAP_SUCCESS; 2318 2319 if (to == NULL) { 2320 idmap_info_free(from); 2321 return (IDMAP_SUCCESS); 2322 } 2323 (void) memcpy(to, from, sizeof (idmap_info)); 2324 2325 (void) memset(from, 0, sizeof (idmap_info)); 2326 2327 return (retval); 2328 } 2329 2330 2331 void 2332 idmap_info_free(idmap_info *info) 2333 { 2334 idmap_how *how; 2335 2336 if (info == NULL) 2337 return; 2338 2339 how = &info->how; 2340 switch (how->map_type) { 2341 case IDMAP_MAP_TYPE_DS_AD: 2342 free(how->idmap_how_u.ad.dn); 2343 how->idmap_how_u.ad.dn = NULL; 2344 free(how->idmap_how_u.ad.attr); 2345 how->idmap_how_u.ad.attr = NULL; 2346 free(how->idmap_how_u.ad.value); 2347 how->idmap_how_u.ad.value = NULL; 2348 break; 2349 2350 case IDMAP_MAP_TYPE_DS_NLDAP: 2351 free(how->idmap_how_u.nldap.dn); 2352 how->idmap_how_u.nldap.dn = NULL; 2353 free(how->idmap_how_u.nldap.attr); 2354 how->idmap_how_u.nldap.attr = NULL; 2355 free(how->idmap_how_u.nldap.value); 2356 how->idmap_how_u.nldap.value = NULL; 2357 break; 2358 2359 case IDMAP_MAP_TYPE_RULE_BASED: 2360 free(how->idmap_how_u.rule.windomain); 2361 how->idmap_how_u.rule.windomain = NULL; 2362 free(how->idmap_how_u.rule.winname); 2363 how->idmap_how_u.rule.winname = NULL; 2364 free(how->idmap_how_u.rule.unixname); 2365 how->idmap_how_u.rule.unixname = NULL; 2366 break; 2367 2368 case IDMAP_MAP_TYPE_EPHEMERAL: 2369 break; 2370 2371 case IDMAP_MAP_TYPE_LOCAL_SID: 2372 break; 2373 2374 case IDMAP_MAP_TYPE_IDMU: 2375 free(how->idmap_how_u.idmu.dn); 2376 how->idmap_how_u.idmu.dn = NULL; 2377 free(how->idmap_how_u.idmu.attr); 2378 how->idmap_how_u.idmu.attr = NULL; 2379 free(how->idmap_how_u.idmu.value); 2380 how->idmap_how_u.idmu.value = NULL; 2381 break; 2382 } 2383 how->map_type = IDMAP_MAP_TYPE_UNKNOWN; 2384 info->src = IDMAP_MAP_SRC_UNKNOWN; 2385 } 2386 2387 2388 /* 2389 * Get uid given Windows name 2390 */ 2391 idmap_stat 2392 idmap_getuidbywinname(const char *name, const char *domain, int flag, 2393 uid_t *uid) 2394 { 2395 idmap_handle_t *ih; 2396 idmap_retcode rc; 2397 int is_user = 1; 2398 int is_wuser = -1; 2399 int direction; 2400 2401 if (uid == NULL) 2402 return (IDMAP_ERR_ARG); 2403 2404 if (flag & IDMAP_REQ_FLG_USE_CACHE) { 2405 rc = idmap_cache_lookup_uidbywinname(name, domain, uid); 2406 if (rc == IDMAP_SUCCESS || rc == IDMAP_ERR_MEMORY) 2407 return (rc); 2408 } 2409 /* Get mapping */ 2410 if ((rc = idmap_init(&ih)) != IDMAP_SUCCESS) 2411 return (rc); 2412 rc = idmap_get_w2u_mapping(ih, NULL, NULL, name, domain, flag, 2413 &is_user, &is_wuser, uid, NULL, &direction, NULL); 2414 (void) idmap_fini(ih); 2415 2416 if (rc == IDMAP_SUCCESS && (flag & IDMAP_REQ_FLG_USE_CACHE)) { 2417 /* If we have not got the domain don't store UID to winname */ 2418 if (domain == NULL) 2419 direction = IDMAP_DIRECTION_W2U; 2420 idmap_cache_add_winname2uid(name, domain, *uid, direction); 2421 } 2422 2423 return (rc); 2424 } 2425 2426 2427 /* 2428 * Get gid given Windows name 2429 */ 2430 idmap_stat 2431 idmap_getgidbywinname(const char *name, const char *domain, int flag, 2432 gid_t *gid) 2433 { 2434 idmap_handle_t *ih; 2435 idmap_retcode rc; 2436 int is_user = 0; 2437 int is_wuser = -1; 2438 int direction; 2439 2440 if (gid == NULL) 2441 return (IDMAP_ERR_ARG); 2442 2443 if (flag & IDMAP_REQ_FLG_USE_CACHE) { 2444 rc = idmap_cache_lookup_gidbywinname(name, domain, gid); 2445 if (rc == IDMAP_SUCCESS || rc == IDMAP_ERR_MEMORY) 2446 return (rc); 2447 } 2448 2449 /* Get mapping */ 2450 if ((rc = idmap_init(&ih)) != IDMAP_SUCCESS) 2451 return (rc); 2452 rc = idmap_get_w2u_mapping(ih, NULL, NULL, name, domain, flag, 2453 &is_user, &is_wuser, gid, NULL, &direction, NULL); 2454 (void) idmap_fini(ih); 2455 2456 if (rc == IDMAP_SUCCESS && (flag & IDMAP_REQ_FLG_USE_CACHE)) { 2457 /* If we have not got the domain don't store GID to winname */ 2458 if (domain == NULL) 2459 direction = IDMAP_DIRECTION_W2U; 2460 idmap_cache_add_winname2gid(name, domain, *gid, direction); 2461 } 2462 2463 return (rc); 2464 } 2465 2466 2467 /* 2468 * Get winname given pid 2469 */ 2470 static idmap_retcode 2471 idmap_getwinnamebypid(uid_t pid, int is_user, int flag, char **name, 2472 char **domain) 2473 { 2474 idmap_handle_t *ih; 2475 idmap_retcode rc; 2476 int len; 2477 char *winname, *windomain; 2478 int direction; 2479 2480 if (name == NULL) 2481 return (IDMAP_ERR_ARG); 2482 2483 if (flag & IDMAP_REQ_FLG_USE_CACHE) { 2484 if (is_user) 2485 rc = idmap_cache_lookup_winnamebyuid(&winname, 2486 &windomain, pid); 2487 else 2488 rc = idmap_cache_lookup_winnamebygid(&winname, 2489 &windomain, pid); 2490 if (rc == IDMAP_SUCCESS) 2491 goto out; 2492 if (rc == IDMAP_ERR_MEMORY) 2493 return (rc); 2494 } 2495 2496 /* Get mapping */ 2497 if ((rc = idmap_init(&ih)) != IDMAP_SUCCESS) 2498 return (rc); 2499 rc = idmap_get_u2w_mapping(ih, &pid, NULL, flag, is_user, NULL, 2500 NULL, NULL, &winname, &windomain, &direction, NULL); 2501 (void) idmap_fini(ih); 2502 2503 /* Return on error */ 2504 if (rc != IDMAP_SUCCESS) 2505 return (rc); 2506 2507 /* 2508 * The given PID may have been mapped to a locally 2509 * generated SID in which case there isn't any 2510 * Windows name 2511 */ 2512 if (winname == NULL || windomain == NULL) { 2513 idmap_free(winname); 2514 idmap_free(windomain); 2515 return (IDMAP_ERR_NORESULT); 2516 } 2517 2518 if (flag & IDMAP_REQ_FLG_USE_CACHE) { 2519 if (is_user) 2520 idmap_cache_add_winname2uid(winname, windomain, 2521 pid, direction); 2522 else 2523 idmap_cache_add_winname2gid(winname, windomain, 2524 pid, direction); 2525 } 2526 2527 out: 2528 if (domain != NULL) { 2529 *name = winname; 2530 *domain = windomain; 2531 } else { 2532 len = strlen(winname) + strlen(windomain) + 2; 2533 if ((*name = malloc(len)) != NULL) 2534 (void) snprintf(*name, len, "%s@%s", winname, 2535 windomain); 2536 else 2537 rc = IDMAP_ERR_MEMORY; 2538 idmap_free(winname); 2539 idmap_free(windomain); 2540 } 2541 2542 return (rc); 2543 } 2544 2545 2546 /* 2547 * Get winname given uid 2548 */ 2549 idmap_stat 2550 idmap_getwinnamebyuid(uid_t uid, int flag, char **name, char **domain) 2551 { 2552 return (idmap_getwinnamebypid(uid, 1, flag, name, domain)); 2553 } 2554 2555 2556 /* 2557 * Get winname given gid 2558 */ 2559 idmap_stat 2560 idmap_getwinnamebygid(gid_t gid, int flag, char **name, char **domain) 2561 { 2562 return (idmap_getwinnamebypid(gid, 0, flag, name, domain)); 2563 } 2564 2565 idmap_stat 2566 idmap_flush(idmap_handle_t *handle, idmap_flush_op op) 2567 { 2568 CLIENT *clnt; 2569 enum clnt_stat clntstat; 2570 idmap_retcode res; 2571 2572 res = IDMAP_SUCCESS; 2573 _IDMAP_GET_CLIENT_HANDLE(handle, clnt); 2574 2575 clntstat = clnt_call(clnt, IDMAP_FLUSH, 2576 (xdrproc_t)xdr_idmap_flush_op, (caddr_t)&op, 2577 (xdrproc_t)xdr_idmap_retcode, (caddr_t)&res, TIMEOUT); 2578 2579 if (clntstat != RPC_SUCCESS) { 2580 return (_idmap_rpc2stat(clnt)); 2581 } 2582 return (res); 2583 } 2584 2585 2586 /* 2587 * syslog is the default logger. 2588 * It can be overwritten by supplying a logger 2589 * with idmap_set_logger() 2590 */ 2591 idmap_logger_t logger = syslog; 2592 2593 2594 void 2595 idmap_set_logger(idmap_logger_t funct) 2596 { 2597 logger = funct; 2598 } 2599