1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <secdb.h> 30 #include "ldap_common.h" 31 #include <bsm/libbsm.h> 32 33 34 /* audit_user attributes */ 35 #define _AU_NAME "uid" 36 #define _AU_ALWAYS "SolarisAuditAlways" 37 #define _AU_NEVER "SolarisAuditNever" 38 #define _AU_GETAUUSERNAME "(&(objectClass=SolarisAuditUser)(uid=%s))" 39 #define _AU_GETAUUSERNAME_SSD "(&(%%s)(uid=%s))" 40 41 42 static const char *auuser_attrs[] = { 43 _AU_NAME, 44 _AU_ALWAYS, 45 _AU_NEVER, 46 (char *)NULL 47 }; 48 49 50 static int 51 _nss_ldap_au2ent(ldap_backend_ptr be, nss_XbyY_args_t *argp) 52 { 53 int i, nss_result; 54 int buflen = (int)0; 55 unsigned long len = 0L; 56 char *nullstring = (char *)NULL; 57 char *buffer = (char *)NULL; 58 char *ceiling = (char *)NULL; 59 au_user_str_t *au_user = (au_user_str_t *)NULL; 60 ns_ldap_attr_t *attrptr; 61 ns_ldap_result_t *result = be->result; 62 63 buffer = argp->buf.buffer; 64 buflen = (size_t)argp->buf.buflen; 65 if (!argp->buf.result) { 66 nss_result = (int)NSS_STR_PARSE_ERANGE; 67 goto result_au2ent; 68 } 69 au_user = (au_user_str_t *)(argp->buf.result); 70 ceiling = buffer + buflen; 71 au_user->au_name = (char *)NULL; 72 au_user->au_always = (char *)NULL; 73 au_user->au_never = (char *)NULL; 74 nss_result = (int)NSS_STR_PARSE_SUCCESS; 75 (void) memset(argp->buf.buffer, 0, buflen); 76 77 attrptr = getattr(result, 0); 78 if (attrptr == NULL) { 79 nss_result = (int)NSS_STR_PARSE_PARSE; 80 goto result_au2ent; 81 } 82 for (i = 0; i < result->entry->attr_count; i++) { 83 attrptr = getattr(result, i); 84 if (attrptr == NULL) { 85 nss_result = (int)NSS_STR_PARSE_PARSE; 86 goto result_au2ent; 87 } 88 if (strcasecmp(attrptr->attrname, _AU_NAME) == 0) { 89 if ((attrptr->attrvalue[0] == NULL) || 90 (len = strlen(attrptr->attrvalue[0])) < 1) { 91 nss_result = (int)NSS_STR_PARSE_PARSE; 92 goto result_au2ent; 93 } 94 au_user->au_name = buffer; 95 buffer += len + 1; 96 if (buffer >= ceiling) { 97 nss_result = (int)NSS_STR_PARSE_ERANGE; 98 goto result_au2ent; 99 } 100 (void) strcpy(au_user->au_name, attrptr->attrvalue[0]); 101 continue; 102 } 103 if (strcasecmp(attrptr->attrname, _AU_ALWAYS) == 0) { 104 if ((attrptr->attrvalue[0] == NULL) || 105 (len = strlen(attrptr->attrvalue[0])) < 1) { 106 au_user->au_always = nullstring; 107 } else { 108 au_user->au_always = buffer; 109 buffer += len + 1; 110 if (buffer >= ceiling) { 111 nss_result = (int)NSS_STR_PARSE_ERANGE; 112 goto result_au2ent; 113 } 114 (void) strcpy(au_user->au_always, 115 attrptr->attrvalue[0]); 116 } 117 continue; 118 } 119 if (strcasecmp(attrptr->attrname, _AU_NEVER) == 0) { 120 if ((attrptr->attrvalue[0] == NULL) || 121 (len = strlen(attrptr->attrvalue[0])) < 1) { 122 au_user->au_never = nullstring; 123 } else { 124 au_user->au_never = buffer; 125 buffer += len + 1; 126 if (buffer >= ceiling) { 127 nss_result = (int)NSS_STR_PARSE_ERANGE; 128 goto result_au2ent; 129 } 130 (void) strcpy(au_user->au_never, 131 attrptr->attrvalue[0]); 132 } 133 continue; 134 } 135 } 136 137 #ifdef DEBUG 138 (void) fprintf(stdout, "\n[getauuser.c: _nss_ldap_au2ent]\n"); 139 (void) fprintf(stdout, " au_name: [%s]\n", au_user->au_name); 140 if (au_user->au_always != (char *)NULL) { 141 (void) fprintf(stdout, " au_always: [%s]\n", 142 au_user->au_always); 143 } 144 if (au_user->au_never != (char *)NULL) { 145 (void) fprintf(stdout, " au_never: [%s]\n", 146 au_user->au_never); 147 } 148 #endif /* DEBUG */ 149 150 result_au2ent: 151 (void) __ns_ldap_freeResult(&be->result); 152 return ((int)nss_result); 153 } 154 155 156 static nss_status_t 157 getbyname(ldap_backend_ptr be, void *a) 158 { 159 char searchfilter[SEARCHFILTERLEN]; 160 char userdata[SEARCHFILTERLEN]; 161 char name[SEARCHFILTERLEN]; 162 nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 163 int ret; 164 165 #ifdef DEBUG 166 (void) fprintf(stdout, "\n[getauuser.c: getbyname]\n"); 167 #endif /* DEBUG */ 168 169 if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0) 170 return ((nss_status_t)NSS_NOTFOUND); 171 172 ret = snprintf(searchfilter, sizeof (searchfilter), 173 _AU_GETAUUSERNAME, name); 174 175 if (ret >= sizeof (searchfilter) || ret < 0) 176 return ((nss_status_t)NSS_NOTFOUND); 177 178 ret = snprintf(userdata, sizeof (userdata), 179 _AU_GETAUUSERNAME_SSD, name); 180 181 if (ret >= sizeof (userdata) || ret < 0) 182 return ((nss_status_t)NSS_NOTFOUND); 183 184 return (_nss_ldap_lookup(be, argp, _AUUSER, searchfilter, NULL, 185 _merge_SSD_filter, userdata)); 186 } 187 188 189 static ldap_backend_op_t auuser_ops[] = { 190 _nss_ldap_destr, 191 _nss_ldap_endent, 192 _nss_ldap_setent, 193 _nss_ldap_getent, 194 getbyname 195 }; 196 197 198 /*ARGSUSED0*/ 199 nss_backend_t * 200 _nss_ldap_audit_user_constr(const char *dummy1, 201 const char *dummy2, 202 const char *dummy3, 203 const char *dummy4, 204 const char *dummy5) 205 { 206 #ifdef DEBUG 207 (void) fprintf(stdout, 208 "\n[getauuser.c: _nss_ldap_audit_user_constr]\n"); 209 #endif 210 return ((nss_backend_t *)_nss_ldap_constr(auuser_ops, 211 sizeof (auuser_ops)/sizeof (auuser_ops[0]), _AUUSER, 212 auuser_attrs, _nss_ldap_au2ent)); 213 } 214