1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <secdb.h> 30 #include <auth_attr.h> 31 #include "ldap_common.h" 32 33 34 /* auth_attr attributes filters */ 35 #define _AUTH_NAME "cn" 36 #define _AUTH_RES1 "SolarisAttrReserved1" 37 #define _AUTH_RES2 "SolarisAttrReserved2" 38 #define _AUTH_SHORTDES "SolarisAttrShortDesc" 39 #define _AUTH_LONGDES "SolarisAttrLongDesc" 40 #define _AUTH_ATTRS "SolarisAttrKeyValue" 41 #define _AUTH_GETAUTHNAME "(&(objectClass=SolarisAuthAttr)(cn=%s))" 42 #define _AUTH_GETAUTHNAME_SSD "(&(%%s)(cn=%s))" 43 44 45 static const char *auth_attrs[] = { 46 _AUTH_NAME, 47 _AUTH_RES1, 48 _AUTH_RES2, 49 _AUTH_SHORTDES, 50 _AUTH_LONGDES, 51 _AUTH_ATTRS, 52 (char *)NULL 53 }; 54 55 56 static int 57 _nss_ldap_auth2ent(ldap_backend_ptr be, nss_XbyY_args_t *argp) 58 { 59 int i, nss_result; 60 int buflen = (int)0; 61 unsigned long len = 0L; 62 char *nullstring = (char *)NULL; 63 char *buffer = (char *)NULL; 64 char *ceiling = (char *)NULL; 65 authstr_t *auth = (authstr_t *)NULL; 66 ns_ldap_attr_t *attrptr; 67 ns_ldap_result_t *result = be->result; 68 69 buffer = argp->buf.buffer; 70 buflen = (size_t)argp->buf.buflen; 71 if (!argp->buf.result) { 72 nss_result = (int)NSS_STR_PARSE_ERANGE; 73 goto result_auth2ent; 74 } 75 auth = (authstr_t *)(argp->buf.result); 76 ceiling = buffer + buflen; 77 auth->name = (char *)NULL; 78 auth->res1 = (char *)NULL; 79 auth->res2 = (char *)NULL; 80 auth->short_desc = (char *)NULL; 81 auth->long_desc = (char *)NULL; 82 auth->attr = (char *)NULL; 83 nss_result = (int)NSS_STR_PARSE_SUCCESS; 84 (void) memset(argp->buf.buffer, 0, buflen); 85 86 attrptr = getattr(result, 0); 87 if (attrptr == NULL) { 88 nss_result = (int)NSS_STR_PARSE_PARSE; 89 goto result_auth2ent; 90 } 91 92 for (i = 0; i < result->entry->attr_count; i++) { 93 attrptr = getattr(result, i); 94 if (attrptr == NULL) { 95 nss_result = (int)NSS_STR_PARSE_PARSE; 96 goto result_auth2ent; 97 } 98 if (strcasecmp(attrptr->attrname, _AUTH_NAME) == 0) { 99 if ((attrptr->attrvalue[0] == NULL) || 100 (len = strlen(attrptr->attrvalue[0])) < 1) { 101 nss_result = (int)NSS_STR_PARSE_PARSE; 102 goto result_auth2ent; 103 } 104 auth->name = buffer; 105 buffer += len + 1; 106 if (buffer >= ceiling) { 107 nss_result = (int)NSS_STR_PARSE_ERANGE; 108 goto result_auth2ent; 109 } 110 (void) strcpy(auth->name, attrptr->attrvalue[0]); 111 continue; 112 } 113 if (strcasecmp(attrptr->attrname, _AUTH_RES1) == 0) { 114 if ((attrptr->attrvalue[0] == NULL) || 115 (len = strlen(attrptr->attrvalue[0])) < 1) { 116 auth->res1 = nullstring; 117 } else { 118 auth->res1 = buffer; 119 buffer += len + 1; 120 if (buffer >= ceiling) { 121 nss_result = (int)NSS_STR_PARSE_ERANGE; 122 goto result_auth2ent; 123 } 124 (void) strcpy(auth->res1, 125 attrptr->attrvalue[0]); 126 } 127 continue; 128 } 129 if (strcasecmp(attrptr->attrname, _AUTH_RES2) == 0) { 130 if ((attrptr->attrvalue[0] == NULL) || 131 (len = strlen(attrptr->attrvalue[0])) < 1) { 132 auth->res2 = nullstring; 133 } else { 134 auth->res2 = buffer; 135 buffer += len + 1; 136 if (buffer >= ceiling) { 137 nss_result = (int)NSS_STR_PARSE_ERANGE; 138 goto result_auth2ent; 139 } 140 (void) strcpy(auth->res2, 141 attrptr->attrvalue[0]); 142 } 143 continue; 144 } 145 if (strcasecmp(attrptr->attrname, _AUTH_SHORTDES) == 0) { 146 if ((attrptr->attrvalue[0] == NULL) || 147 (len = strlen(attrptr->attrvalue[0])) < 1) { 148 auth->short_desc = nullstring; 149 } else { 150 auth->short_desc = buffer; 151 buffer += len + 1; 152 if (buffer >= ceiling) { 153 nss_result = (int)NSS_STR_PARSE_ERANGE; 154 goto result_auth2ent; 155 } 156 (void) strcpy(auth->short_desc, 157 attrptr->attrvalue[0]); 158 } 159 continue; 160 } 161 if (strcasecmp(attrptr->attrname, _AUTH_LONGDES) == 0) { 162 if ((attrptr->attrvalue[0] == NULL) || 163 (len = strlen(attrptr->attrvalue[0])) < 1) { 164 auth->long_desc = nullstring; 165 } else { 166 auth->long_desc = buffer; 167 buffer += len + 1; 168 if (buffer >= ceiling) { 169 nss_result = (int)NSS_STR_PARSE_ERANGE; 170 goto result_auth2ent; 171 } 172 (void) strcpy(auth->long_desc, 173 attrptr->attrvalue[0]); 174 } 175 continue; 176 } 177 if (strcasecmp(attrptr->attrname, _AUTH_ATTRS) == 0) { 178 if ((attrptr->attrvalue[0] == NULL) || 179 (len = strlen(attrptr->attrvalue[0])) < 1) { 180 auth->attr = nullstring; 181 } else { 182 auth->attr = buffer; 183 buffer += len + 1; 184 if (buffer >= ceiling) { 185 nss_result = (int)NSS_STR_PARSE_ERANGE; 186 goto result_auth2ent; 187 } 188 (void) strcpy(auth->attr, 189 attrptr->attrvalue[0]); 190 } 191 continue; 192 } 193 } 194 195 #ifdef DEBUG 196 (void) fprintf(stdout, "\n[getauthattr.c: _nss_ldap_auth2ent]\n"); 197 (void) fprintf(stdout, " auth-name: [%s]\n", auth->name); 198 if (auth->res1 != (char *)NULL) { 199 (void) fprintf(stdout, " res1: [%s]\n", auth->res1); 200 } 201 if (auth->res2 != (char *)NULL) { 202 (void) fprintf(stdout, " res2: [%s]\n", auth->res2); 203 } 204 if (auth->short_desc != (char *)NULL) { 205 (void) fprintf(stdout, " short_desc: [%s]\n", 206 auth->short_desc); 207 } 208 if (auth->long_desc != (char *)NULL) { 209 (void) fprintf(stdout, " long_desc: [%s]\n", 210 auth->long_desc); 211 } 212 if (auth->attr != (char *)NULL) { 213 (void) fprintf(stdout, " attr: [%s]\n", auth->attr); 214 } 215 #endif /* DEBUG */ 216 217 result_auth2ent: 218 (void) __ns_ldap_freeResult(&be->result); 219 return ((int)nss_result); 220 } 221 222 223 static nss_status_t 224 getbyname(ldap_backend_ptr be, void *a) 225 { 226 nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 227 char searchfilter[SEARCHFILTERLEN]; 228 char userdata[SEARCHFILTERLEN]; 229 char name[SEARCHFILTERLEN]; 230 int ret; 231 232 #ifdef DEBUG 233 (void) fprintf(stdout, "\n[getauthattr.c: getbyname]\n"); 234 #endif /* DEBUG */ 235 236 if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0) 237 return ((nss_status_t)NSS_NOTFOUND); 238 239 ret = snprintf(searchfilter, SEARCHFILTERLEN, 240 _AUTH_GETAUTHNAME, name); 241 if (ret >= sizeof (searchfilter) || ret < 0) 242 return ((nss_status_t)NSS_NOTFOUND); 243 244 ret = snprintf(userdata, sizeof (userdata), 245 _AUTH_GETAUTHNAME_SSD, name); 246 if (ret >= sizeof (userdata) || ret < 0) 247 return ((nss_status_t)NSS_NOTFOUND); 248 249 return ((nss_status_t)_nss_ldap_lookup(be, argp, 250 _AUTHATTR, searchfilter, NULL, _merge_SSD_filter, userdata)); 251 } 252 253 254 static ldap_backend_op_t authattr_ops[] = { 255 _nss_ldap_destr, 256 _nss_ldap_endent, 257 _nss_ldap_setent, 258 _nss_ldap_getent, 259 getbyname 260 }; 261 262 263 /*ARGSUSED0*/ 264 nss_backend_t * 265 _nss_ldap_auth_attr_constr(const char *dummy1, 266 const char *dummy2, 267 const char *dummy3, 268 const char *dummy4, 269 const char *dummy5) 270 { 271 #ifdef DEBUG 272 (void) fprintf(stdout, 273 "\n[getauthattr.c: _nss_ldap_auth_attr_constr]\n"); 274 #endif 275 return ((nss_backend_t *)_nss_ldap_constr(authattr_ops, 276 sizeof (authattr_ops)/sizeof (authattr_ops[0]), _AUTHATTR, 277 auth_attrs, _nss_ldap_auth2ent)); 278 } 279