xref: /titanic_44/usr/src/cmd/idmap/idmapd/server.c (revision 6a634c9dca3093f3922e4b7ab826d7bdf17bf78e) 
1c5c4113dSnw141292 /*
2c5c4113dSnw141292  * CDDL HEADER START
3c5c4113dSnw141292  *
4c5c4113dSnw141292  * The contents of this file are subject to the terms of the
5c5c4113dSnw141292  * Common Development and Distribution License (the "License").
6c5c4113dSnw141292  * You may not use this file except in compliance with the License.
7c5c4113dSnw141292  *
8c5c4113dSnw141292  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9c5c4113dSnw141292  * or http://www.opensolaris.org/os/licensing.
10c5c4113dSnw141292  * See the License for the specific language governing permissions
11c5c4113dSnw141292  * and limitations under the License.
12c5c4113dSnw141292  *
13c5c4113dSnw141292  * When distributing Covered Code, include this CDDL HEADER in each
14c5c4113dSnw141292  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15c5c4113dSnw141292  * If applicable, add the following below this CDDL HEADER, with the
16c5c4113dSnw141292  * fields enclosed by brackets "[]" replaced with your own identifying
17c5c4113dSnw141292  * information: Portions Copyright [yyyy] [name of copyright owner]
18c5c4113dSnw141292  *
19c5c4113dSnw141292  * CDDL HEADER END
20c5c4113dSnw141292  */
21c5c4113dSnw141292 /*
22*148c5f43SAlan Wright  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23c5c4113dSnw141292  */
24c5c4113dSnw141292 
25c5c4113dSnw141292 
26c5c4113dSnw141292 /*
27c5c4113dSnw141292  * Service routines
28c5c4113dSnw141292  */
29c5c4113dSnw141292 
30c5c4113dSnw141292 #include "idmapd.h"
31c5c4113dSnw141292 #include "idmap_priv.h"
32e8c27ec8Sbaban #include "nldaputils.h"
33c5c4113dSnw141292 #include <signal.h>
34c5c4113dSnw141292 #include <thread.h>
35c5c4113dSnw141292 #include <string.h>
36c5c4113dSnw141292 #include <strings.h>
37c5c4113dSnw141292 #include <errno.h>
38c5c4113dSnw141292 #include <assert.h>
39c5c4113dSnw141292 #include <sys/types.h>
40c5c4113dSnw141292 #include <sys/stat.h>
419fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States #include <sys/sid.h>
42c5c4113dSnw141292 #include <ucred.h>
43c5c4113dSnw141292 #include <pwd.h>
44c5c4113dSnw141292 #include <auth_attr.h>
45c5c4113dSnw141292 #include <secdb.h>
460dcc7149Snw141292 #include <sys/u8_textprep.h>
471fcced4cSJordan Brown #include <note.h>
48c5c4113dSnw141292 
49c5c4113dSnw141292 #define	_VALIDATE_LIST_CB_DATA(col, val, siz)\
50c5c4113dSnw141292 	retcode = validate_list_cb_data(cb_data, argc, argv, col,\
51c5c4113dSnw141292 			(uchar_t **)val, siz);\
52c5c4113dSnw141292 	if (retcode == IDMAP_NEXT) {\
53c5c4113dSnw141292 		result->retcode = IDMAP_NEXT;\
54c5c4113dSnw141292 		return (0);\
55c5c4113dSnw141292 	} else if (retcode < 0) {\
56c5c4113dSnw141292 		result->retcode = retcode;\
57c5c4113dSnw141292 		return (1);\
58c5c4113dSnw141292 	}
59c5c4113dSnw141292 
6048258c6bSjp151216 #define	PROCESS_LIST_SVC_SQL(rcode, db, dbname, sql, limit, flag, cb, res, len)\
6148258c6bSjp151216 	rcode = process_list_svc_sql(db, dbname, sql, limit, flag, cb, res);\
62c5c4113dSnw141292 	if (rcode == IDMAP_ERR_BUSY)\
63c5c4113dSnw141292 		res->retcode = IDMAP_ERR_BUSY;\
64c5c4113dSnw141292 	else if (rcode == IDMAP_SUCCESS && len == 0)\
65c5c4113dSnw141292 		res->retcode = IDMAP_ERR_NOTFOUND;
66c5c4113dSnw141292 
67c5c4113dSnw141292 
688e228215Sdm199847 #define	STRDUP_OR_FAIL(to, from) \
698e228215Sdm199847 	if ((from) == NULL) \
708e228215Sdm199847 		to = NULL; \
718e228215Sdm199847 	else { \
728e228215Sdm199847 		if ((to = strdup(from)) == NULL) \
738e228215Sdm199847 			return (1); \
748e228215Sdm199847 	}
758e228215Sdm199847 
76479ac375Sdm199847 #define	STRDUP_CHECK(to, from) \
77479ac375Sdm199847 	if ((from) != NULL) { \
78479ac375Sdm199847 		to = strdup(from); \
79479ac375Sdm199847 		if (to == NULL) { \
80479ac375Sdm199847 			result->retcode = IDMAP_ERR_MEMORY; \
81479ac375Sdm199847 			goto out; \
82479ac375Sdm199847 		} \
83479ac375Sdm199847 	}
84479ac375Sdm199847 
85c5c4113dSnw141292 /* ARGSUSED */
86c5c4113dSnw141292 bool_t
idmap_null_1_svc(void * result,struct svc_req * rqstp)87cd37da74Snw141292 idmap_null_1_svc(void *result, struct svc_req *rqstp)
88cd37da74Snw141292 {
89c5c4113dSnw141292 	return (TRUE);
90c5c4113dSnw141292 }
91c5c4113dSnw141292 
92334e3463Sbaban /*
93334e3463Sbaban  * RPC layer allocates empty strings to replace NULL char *.
94334e3463Sbaban  * This utility function frees these empty strings.
95334e3463Sbaban  */
96e8c27ec8Sbaban static
97e8c27ec8Sbaban void
sanitize_mapping_request(idmap_mapping * req)98334e3463Sbaban sanitize_mapping_request(idmap_mapping *req)
99334e3463Sbaban {
100fe1c642dSBill Krier 	if (EMPTY_STRING(req->id1name)) {
101334e3463Sbaban 		free(req->id1name);
102334e3463Sbaban 		req->id1name = NULL;
103fe1c642dSBill Krier 	}
104fe1c642dSBill Krier 	if (EMPTY_STRING(req->id1domain)) {
105334e3463Sbaban 		free(req->id1domain);
106334e3463Sbaban 		req->id1domain = NULL;
107fe1c642dSBill Krier 	}
108fe1c642dSBill Krier 	if (EMPTY_STRING(req->id2name)) {
109334e3463Sbaban 		free(req->id2name);
110334e3463Sbaban 		req->id2name = NULL;
111fe1c642dSBill Krier 	}
112fe1c642dSBill Krier 	if (EMPTY_STRING(req->id2domain)) {
113334e3463Sbaban 		free(req->id2domain);
114334e3463Sbaban 		req->id2domain = NULL;
115fe1c642dSBill Krier 	}
116e8c27ec8Sbaban 	req->direction = _IDMAP_F_DONE;
117334e3463Sbaban }
118334e3463Sbaban 
1190dcc7149Snw141292 static
1200dcc7149Snw141292 int
validate_mapped_id_by_name_req(idmap_mapping * req)1210dcc7149Snw141292 validate_mapped_id_by_name_req(idmap_mapping *req)
1220dcc7149Snw141292 {
1230dcc7149Snw141292 	int e;
1240dcc7149Snw141292 
125*148c5f43SAlan Wright 	if (IS_ID_UID(req->id1) || IS_ID_GID(req->id1))
1260dcc7149Snw141292 		return (IDMAP_SUCCESS);
1270dcc7149Snw141292 
128*148c5f43SAlan Wright 	if (IS_ID_SID(req->id1)) {
1290dcc7149Snw141292 		if (!EMPTY_STRING(req->id1name) &&
1300dcc7149Snw141292 		    u8_validate(req->id1name, strlen(req->id1name),
1310dcc7149Snw141292 		    NULL, U8_VALIDATE_ENTIRE, &e) < 0)
1320dcc7149Snw141292 			return (IDMAP_ERR_BAD_UTF8);
1330dcc7149Snw141292 		if (!EMPTY_STRING(req->id1domain) &&
1340dcc7149Snw141292 		    u8_validate(req->id1domain, strlen(req->id1domain),
1350dcc7149Snw141292 		    NULL, U8_VALIDATE_ENTIRE, &e) < 0)
1360dcc7149Snw141292 			return (IDMAP_ERR_BAD_UTF8);
1370dcc7149Snw141292 	}
1380dcc7149Snw141292 
1390dcc7149Snw141292 	return (IDMAP_SUCCESS);
1400dcc7149Snw141292 }
1410dcc7149Snw141292 
1420dcc7149Snw141292 static
1430dcc7149Snw141292 int
validate_rule(idmap_namerule * rule)1440dcc7149Snw141292 validate_rule(idmap_namerule *rule)
1450dcc7149Snw141292 {
1460dcc7149Snw141292 	int e;
1470dcc7149Snw141292 
1480dcc7149Snw141292 	if (!EMPTY_STRING(rule->winname) &&
1490dcc7149Snw141292 	    u8_validate(rule->winname, strlen(rule->winname),
1500dcc7149Snw141292 	    NULL, U8_VALIDATE_ENTIRE, &e) < 0)
1510dcc7149Snw141292 		return (IDMAP_ERR_BAD_UTF8);
1520dcc7149Snw141292 
1530dcc7149Snw141292 	if (!EMPTY_STRING(rule->windomain) &&
1540dcc7149Snw141292 	    u8_validate(rule->windomain, strlen(rule->windomain),
1550dcc7149Snw141292 	    NULL, U8_VALIDATE_ENTIRE, &e) < 0)
1560dcc7149Snw141292 		return (IDMAP_ERR_BAD_UTF8);
1570dcc7149Snw141292 
1580dcc7149Snw141292 	return (IDMAP_SUCCESS);
1590dcc7149Snw141292 
1600dcc7149Snw141292 }
1610dcc7149Snw141292 
1620dcc7149Snw141292 static
1630dcc7149Snw141292 bool_t
validate_rules(idmap_update_batch * batch)1640dcc7149Snw141292 validate_rules(idmap_update_batch *batch)
1650dcc7149Snw141292 {
1660dcc7149Snw141292 	idmap_update_op	*up;
1670dcc7149Snw141292 	int i;
1680dcc7149Snw141292 
1690dcc7149Snw141292 	for (i = 0; i < batch->idmap_update_batch_len; i++) {
1700dcc7149Snw141292 		up = &(batch->idmap_update_batch_val[i]);
1710dcc7149Snw141292 		if (validate_rule(&(up->idmap_update_op_u.rule))
1720dcc7149Snw141292 		    != IDMAP_SUCCESS)
1730dcc7149Snw141292 			return (IDMAP_ERR_BAD_UTF8);
1740dcc7149Snw141292 	}
1750dcc7149Snw141292 
1760dcc7149Snw141292 	return (IDMAP_SUCCESS);
1770dcc7149Snw141292 }
1780dcc7149Snw141292 
179c5c4113dSnw141292 /* ARGSUSED */
180c5c4113dSnw141292 bool_t
idmap_get_mapped_ids_1_svc(idmap_mapping_batch batch,idmap_ids_res * result,struct svc_req * rqstp)181c5c4113dSnw141292 idmap_get_mapped_ids_1_svc(idmap_mapping_batch batch,
182cd37da74Snw141292 		idmap_ids_res *result, struct svc_req *rqstp)
183cd37da74Snw141292 {
184c5c4113dSnw141292 	sqlite		*cache = NULL, *db = NULL;
185c5c4113dSnw141292 	lookup_state_t	state;
186e8c27ec8Sbaban 	idmap_retcode	retcode;
18762c60062Sbaban 	uint_t		i;
188*148c5f43SAlan Wright 	idmap_mapping	*req;
189*148c5f43SAlan Wright 	idmap_id_res	*res;
190*148c5f43SAlan Wright 	boolean_t	any_tracing;
191c5c4113dSnw141292 
192c5c4113dSnw141292 	/* Init */
193c5c4113dSnw141292 	(void) memset(result, 0, sizeof (*result));
194c5c4113dSnw141292 	(void) memset(&state, 0, sizeof (state));
195c5c4113dSnw141292 
196c5c4113dSnw141292 	/* Return success if nothing was requested */
197c5c4113dSnw141292 	if (batch.idmap_mapping_batch_len < 1)
198c5c4113dSnw141292 		goto out;
199c5c4113dSnw141292 
200c5c4113dSnw141292 	/* Get cache handle */
201c5c4113dSnw141292 	result->retcode = get_cache_handle(&cache);
202c5c4113dSnw141292 	if (result->retcode != IDMAP_SUCCESS)
203c5c4113dSnw141292 		goto out;
204479ac375Sdm199847 	state.cache = cache;
205c5c4113dSnw141292 
206c5c4113dSnw141292 	/* Get db handle */
207c5c4113dSnw141292 	result->retcode = get_db_handle(&db);
208c5c4113dSnw141292 	if (result->retcode != IDMAP_SUCCESS)
209c5c4113dSnw141292 		goto out;
210479ac375Sdm199847 	state.db = db;
211c5c4113dSnw141292 
212c5c4113dSnw141292 	/* Allocate result array */
213c5c4113dSnw141292 	result->ids.ids_val = calloc(batch.idmap_mapping_batch_len,
214c5c4113dSnw141292 	    sizeof (idmap_id_res));
215c5c4113dSnw141292 	if (result->ids.ids_val == NULL) {
216c5c4113dSnw141292 		idmapdlog(LOG_ERR, "Out of memory");
217c5c4113dSnw141292 		result->retcode = IDMAP_ERR_MEMORY;
218c5c4113dSnw141292 		goto out;
219c5c4113dSnw141292 	}
220c5c4113dSnw141292 	result->ids.ids_len = batch.idmap_mapping_batch_len;
221c5c4113dSnw141292 
22262c60062Sbaban 	/* Allocate hash table to check for duplicate sids */
22362c60062Sbaban 	state.sid_history = calloc(batch.idmap_mapping_batch_len,
22462c60062Sbaban 	    sizeof (*state.sid_history));
22562c60062Sbaban 	if (state.sid_history == NULL) {
22662c60062Sbaban 		idmapdlog(LOG_ERR, "Out of memory");
22762c60062Sbaban 		result->retcode = IDMAP_ERR_MEMORY;
22862c60062Sbaban 		goto out;
22962c60062Sbaban 	}
23062c60062Sbaban 	state.sid_history_size = batch.idmap_mapping_batch_len;
23162c60062Sbaban 	for (i = 0; i < state.sid_history_size; i++) {
23262c60062Sbaban 		state.sid_history[i].key = state.sid_history_size;
23362c60062Sbaban 		state.sid_history[i].next = state.sid_history_size;
23462c60062Sbaban 	}
23562c60062Sbaban 	state.batch = &batch;
23662c60062Sbaban 	state.result = result;
23762c60062Sbaban 
238e8c27ec8Sbaban 	/* Get directory-based name mapping info */
239479ac375Sdm199847 	result->retcode = load_cfg_in_state(&state);
240e8c27ec8Sbaban 	if (result->retcode != IDMAP_SUCCESS)
241e8c27ec8Sbaban 		goto out;
242e8c27ec8Sbaban 
243c5c4113dSnw141292 	/* Init our 'done' flags */
244c5c4113dSnw141292 	state.sid2pid_done = state.pid2sid_done = TRUE;
245c5c4113dSnw141292 
246*148c5f43SAlan Wright 	any_tracing = B_FALSE;
247*148c5f43SAlan Wright 
248c5c4113dSnw141292 	/* First stage */
249c5c4113dSnw141292 	for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
250*148c5f43SAlan Wright 		req = &batch.idmap_mapping_batch_val[i];
251*148c5f43SAlan Wright 		res = &result->ids.ids_val[i];
252*148c5f43SAlan Wright 		if (TRACING(req))
253*148c5f43SAlan Wright 			any_tracing = B_TRUE;
25462c60062Sbaban 		state.curpos = i;
255*148c5f43SAlan Wright 		(void) sanitize_mapping_request(req);
256*148c5f43SAlan Wright 		TRACE(req, res, "Start mapping");
257*148c5f43SAlan Wright 		if (IS_ID_SID(req->id1)) {
258c5c4113dSnw141292 			retcode = sid2pid_first_pass(
259c5c4113dSnw141292 			    &state,
260*148c5f43SAlan Wright 			    req,
261*148c5f43SAlan Wright 			    res);
262*148c5f43SAlan Wright 		} else if (IS_ID_UID(req->id1)) {
263c5c4113dSnw141292 			retcode = pid2sid_first_pass(
264c5c4113dSnw141292 			    &state,
265*148c5f43SAlan Wright 			    req,
266*148c5f43SAlan Wright 			    res, 1);
267*148c5f43SAlan Wright 		} else if (IS_ID_GID(req->id1)) {
268c5c4113dSnw141292 			retcode = pid2sid_first_pass(
269c5c4113dSnw141292 			    &state,
270*148c5f43SAlan Wright 			    req,
271*148c5f43SAlan Wright 			    res, 0);
272c5c4113dSnw141292 		} else {
273*148c5f43SAlan Wright 			res->retcode = IDMAP_ERR_IDTYPE;
274c5c4113dSnw141292 			continue;
275c5c4113dSnw141292 		}
276c5c4113dSnw141292 		if (IDMAP_FATAL_ERROR(retcode)) {
277c5c4113dSnw141292 			result->retcode = retcode;
278c5c4113dSnw141292 			goto out;
279c5c4113dSnw141292 		}
280c5c4113dSnw141292 	}
281c5c4113dSnw141292 
282c5c4113dSnw141292 	/* Check if we are done */
283c5c4113dSnw141292 	if (state.sid2pid_done == TRUE && state.pid2sid_done == TRUE)
284c5c4113dSnw141292 		goto out;
285c5c4113dSnw141292 
286e8c27ec8Sbaban 	/*
287e8c27ec8Sbaban 	 * native LDAP lookups:
288479ac375Sdm199847 	 *  pid2sid:
289479ac375Sdm199847 	 *	- nldap or mixed mode. Lookup nldap by pid or unixname to get
290479ac375Sdm199847 	 *	  winname.
291479ac375Sdm199847 	 *  sid2pid:
292479ac375Sdm199847 	 *	- nldap mode. Got winname and sid (either given or found in
293479ac375Sdm199847 	 *	  name_cache). Lookup nldap by winname to get pid and
294479ac375Sdm199847 	 *	  unixname.
295e8c27ec8Sbaban 	 */
296e8c27ec8Sbaban 	if (state.nldap_nqueries) {
297e8c27ec8Sbaban 		retcode = nldap_lookup_batch(&state, &batch, result);
298e8c27ec8Sbaban 		if (IDMAP_FATAL_ERROR(retcode)) {
299*148c5f43SAlan Wright 			TRACE(req, res, "Native LDAP lookup error=%d", retcode);
300e8c27ec8Sbaban 			result->retcode = retcode;
301c5c4113dSnw141292 			goto out;
302c5c4113dSnw141292 		}
303*148c5f43SAlan Wright 		if (any_tracing) {
304*148c5f43SAlan Wright 			for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
305*148c5f43SAlan Wright 				res = &result->ids.ids_val[i];
306*148c5f43SAlan Wright 				req = &batch.idmap_mapping_batch_val[i];
307*148c5f43SAlan Wright 				if (IDMAP_ERROR(res->retcode)) {
308*148c5f43SAlan Wright 					TRACE(req, res,
309*148c5f43SAlan Wright 					    "Native LDAP lookup error=%d",
310*148c5f43SAlan Wright 					    res->retcode);
311*148c5f43SAlan Wright 				} else {
312*148c5f43SAlan Wright 					TRACE(req, res, "Native LDAP lookup");
313*148c5f43SAlan Wright 				}
314*148c5f43SAlan Wright 			}
315*148c5f43SAlan Wright 		}
316e8c27ec8Sbaban 	}
317c5c4113dSnw141292 
318e8c27ec8Sbaban 	/*
319e8c27ec8Sbaban 	 * AD lookups:
320479ac375Sdm199847 	 *  pid2sid:
321479ac375Sdm199847 	 *	- nldap or mixed mode. Got winname from nldap lookup.
322479ac375Sdm199847 	 *	  winname2sid could not be resolved locally. Lookup AD
323479ac375Sdm199847 	 *	  by winname to get sid.
324479ac375Sdm199847 	 *	- ad mode. Got unixname. Lookup AD by unixname to get
325479ac375Sdm199847 	 *	  winname and sid.
326479ac375Sdm199847 	 *  sid2pid:
327479ac375Sdm199847 	 *	- ad or mixed mode. Lookup AD by sid or winname to get
328479ac375Sdm199847 	 *	  winname, sid and unixname.
329479ac375Sdm199847 	 *	- any mode. Got either sid or winname but not both. Lookup
330479ac375Sdm199847 	 *	  AD by sid or winname to get winname, sid.
331e8c27ec8Sbaban 	 */
332e8c27ec8Sbaban 	if (state.ad_nqueries) {
333e8c27ec8Sbaban 		retcode = ad_lookup_batch(&state, &batch, result);
334e8c27ec8Sbaban 		if (IDMAP_FATAL_ERROR(retcode)) {
335*148c5f43SAlan Wright 			TRACE(req, res, "AD lookup error=%d", retcode);
336e8c27ec8Sbaban 			result->retcode = retcode;
337e8c27ec8Sbaban 			goto out;
338e8c27ec8Sbaban 		}
339*148c5f43SAlan Wright 		for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
340*148c5f43SAlan Wright 			res = &result->ids.ids_val[i];
341*148c5f43SAlan Wright 			req = &batch.idmap_mapping_batch_val[i];
342*148c5f43SAlan Wright 			if (res->retcode == IDMAP_ERR_DOMAIN_NOTFOUND &&
343*148c5f43SAlan Wright 			    req->id1.idmap_id_u.sid.prefix != NULL &&
344*148c5f43SAlan Wright 			    req->id1name != NULL) {
345*148c5f43SAlan Wright 				/*
346*148c5f43SAlan Wright 				 * If AD lookup failed Domain Not Found but
347*148c5f43SAlan Wright 				 * we have a winname and SID, it means that
348*148c5f43SAlan Wright 				 * - LSA succeeded
349*148c5f43SAlan Wright 				 * - it's a request a cross-forest trust
350*148c5f43SAlan Wright 				 * and
351*148c5f43SAlan Wright 				 * - we were looking for directory-based
352*148c5f43SAlan Wright 				 *   mapping information.
353*148c5f43SAlan Wright 				 * In that case, we're OK, just go on.
354*148c5f43SAlan Wright 				 *
355*148c5f43SAlan Wright 				 * If this seems more convoluted than it
356*148c5f43SAlan Wright 				 * should be, it is - really, we probably
357*148c5f43SAlan Wright 				 * shouldn't even be attempting AD lookups
358*148c5f43SAlan Wright 				 * in this situation, but that's a more
359*148c5f43SAlan Wright 				 * intricate cleanup that will have to wait
360*148c5f43SAlan Wright 				 * for later.
361*148c5f43SAlan Wright 				 */
362*148c5f43SAlan Wright 				res->retcode = IDMAP_SUCCESS;
363*148c5f43SAlan Wright 				TRACE(req, res,
364*148c5f43SAlan Wright 				    "AD lookup - domain not found (ignored)");
365*148c5f43SAlan Wright 				continue;
366*148c5f43SAlan Wright 			}
367*148c5f43SAlan Wright 		}
368e8c27ec8Sbaban 	}
369e8c27ec8Sbaban 
370e8c27ec8Sbaban 	/*
371e8c27ec8Sbaban 	 * native LDAP lookups:
372479ac375Sdm199847 	 *  sid2pid:
373479ac375Sdm199847 	 *	- nldap mode. Got winname and sid from AD lookup. Lookup nldap
374479ac375Sdm199847 	 *	  by winname to get pid and unixname.
375e8c27ec8Sbaban 	 */
376e8c27ec8Sbaban 	if (state.nldap_nqueries) {
377e8c27ec8Sbaban 		retcode = nldap_lookup_batch(&state, &batch, result);
378e8c27ec8Sbaban 		if (IDMAP_FATAL_ERROR(retcode)) {
379*148c5f43SAlan Wright 			TRACE(req, res, "Native LDAP lookup error=%d", retcode);
380e8c27ec8Sbaban 			result->retcode = retcode;
381e8c27ec8Sbaban 			goto out;
382e8c27ec8Sbaban 		}
383*148c5f43SAlan Wright 		if (any_tracing) {
384*148c5f43SAlan Wright 			for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
385*148c5f43SAlan Wright 				res = &result->ids.ids_val[i];
386*148c5f43SAlan Wright 				req = &batch.idmap_mapping_batch_val[i];
387*148c5f43SAlan Wright 				TRACE(req, res, "Native LDAP lookup");
388*148c5f43SAlan Wright 			}
389*148c5f43SAlan Wright 		}
390e8c27ec8Sbaban 	}
391e8c27ec8Sbaban 
392e8c27ec8Sbaban 	/* Reset 'done' flags */
393e8c27ec8Sbaban 	state.sid2pid_done = state.pid2sid_done = TRUE;
394c5c4113dSnw141292 
395c5c4113dSnw141292 	/* Second stage */
396c5c4113dSnw141292 	for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
397*148c5f43SAlan Wright 		req = &batch.idmap_mapping_batch_val[i];
398*148c5f43SAlan Wright 		res = &result->ids.ids_val[i];
39962c60062Sbaban 		state.curpos = i;
400*148c5f43SAlan Wright 		if (IS_ID_SID(req->id1)) {
401c5c4113dSnw141292 			retcode = sid2pid_second_pass(
402c5c4113dSnw141292 			    &state,
403*148c5f43SAlan Wright 			    req,
404*148c5f43SAlan Wright 			    res);
405*148c5f43SAlan Wright 		} else if (IS_ID_UID(req->id1)) {
406e8c27ec8Sbaban 			retcode = pid2sid_second_pass(
407e8c27ec8Sbaban 			    &state,
408*148c5f43SAlan Wright 			    req,
409*148c5f43SAlan Wright 			    res, 1);
410*148c5f43SAlan Wright 		} else if (IS_ID_GID(req->id1)) {
411e8c27ec8Sbaban 			retcode = pid2sid_second_pass(
412e8c27ec8Sbaban 			    &state,
413*148c5f43SAlan Wright 			    req,
414*148c5f43SAlan Wright 			    res, 0);
415e8c27ec8Sbaban 		} else {
416e8c27ec8Sbaban 			/* First stage has already set the error */
417e8c27ec8Sbaban 			continue;
418e8c27ec8Sbaban 		}
419c5c4113dSnw141292 		if (IDMAP_FATAL_ERROR(retcode)) {
420c5c4113dSnw141292 			result->retcode = retcode;
421c5c4113dSnw141292 			goto out;
422c5c4113dSnw141292 		}
423c5c4113dSnw141292 	}
424c5c4113dSnw141292 
425c5c4113dSnw141292 	/* Check if we are done */
426c5c4113dSnw141292 	if (state.sid2pid_done == TRUE && state.pid2sid_done == TRUE)
427c5c4113dSnw141292 		goto out;
428c5c4113dSnw141292 
429c5c4113dSnw141292 	/* Reset our 'done' flags */
430c5c4113dSnw141292 	state.sid2pid_done = state.pid2sid_done = TRUE;
431c5c4113dSnw141292 
432c5c4113dSnw141292 	/* Update cache in a single transaction */
43371590c90Snw141292 	if (sql_exec_no_cb(cache, IDMAP_CACHENAME, "BEGIN TRANSACTION;")
43471590c90Snw141292 	    != IDMAP_SUCCESS)
435c5c4113dSnw141292 		goto out;
436c5c4113dSnw141292 
437c5c4113dSnw141292 	for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
438*148c5f43SAlan Wright 		req = &batch.idmap_mapping_batch_val[i];
439*148c5f43SAlan Wright 		res = &result->ids.ids_val[i];
44062c60062Sbaban 		state.curpos = i;
441*148c5f43SAlan Wright 		if (IS_ID_SID(req->id1)) {
442c5c4113dSnw141292 			(void) update_cache_sid2pid(
443c5c4113dSnw141292 			    &state,
444*148c5f43SAlan Wright 			    req,
445*148c5f43SAlan Wright 			    res);
446*148c5f43SAlan Wright 		} else if ((IS_ID_UID(req->id1)) ||
447*148c5f43SAlan Wright 		    (IS_ID_GID(req->id1))) {
448c5c4113dSnw141292 			(void) update_cache_pid2sid(
449c5c4113dSnw141292 			    &state,
450*148c5f43SAlan Wright 			    req,
451*148c5f43SAlan Wright 			    res);
452c5c4113dSnw141292 		}
453c5c4113dSnw141292 	}
454c5c4113dSnw141292 
455c5c4113dSnw141292 	/* Commit if we have at least one successful update */
456c5c4113dSnw141292 	if (state.sid2pid_done == FALSE || state.pid2sid_done == FALSE)
45771590c90Snw141292 		(void) sql_exec_no_cb(cache, IDMAP_CACHENAME,
45871590c90Snw141292 		    "COMMIT TRANSACTION;");
459c5c4113dSnw141292 	else
46071590c90Snw141292 		(void) sql_exec_no_cb(cache, IDMAP_CACHENAME,
46171590c90Snw141292 		    "END TRANSACTION;");
462c5c4113dSnw141292 
463c5c4113dSnw141292 out:
464e8c27ec8Sbaban 	cleanup_lookup_state(&state);
465c5c4113dSnw141292 	if (IDMAP_ERROR(result->retcode)) {
466*148c5f43SAlan Wright 		if (any_tracing) {
467*148c5f43SAlan Wright 			for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
468*148c5f43SAlan Wright 				req = &batch.idmap_mapping_batch_val[i];
469*148c5f43SAlan Wright 				res = &result->ids.ids_val[i];
470*148c5f43SAlan Wright 				TRACE(req, res,
471*148c5f43SAlan Wright 				    "Failure code %d", result->retcode);
472*148c5f43SAlan Wright 			}
473*148c5f43SAlan Wright 		}
474c5c4113dSnw141292 		xdr_free(xdr_idmap_ids_res, (caddr_t)result);
475c5c4113dSnw141292 		result->ids.ids_len = 0;
476c5c4113dSnw141292 		result->ids.ids_val = NULL;
477*148c5f43SAlan Wright 	} else {
478*148c5f43SAlan Wright 		if (any_tracing) {
479*148c5f43SAlan Wright 			for (i = 0; i < batch.idmap_mapping_batch_len; i++) {
480*148c5f43SAlan Wright 				req = &batch.idmap_mapping_batch_val[i];
481*148c5f43SAlan Wright 				res = &result->ids.ids_val[i];
482*148c5f43SAlan Wright 				TRACE(req, res, "Done");
483*148c5f43SAlan Wright 			}
484*148c5f43SAlan Wright 		}
485c5c4113dSnw141292 	}
486c5c4113dSnw141292 	result->retcode = idmap_stat4prot(result->retcode);
487*148c5f43SAlan Wright 
488*148c5f43SAlan Wright 	for (i = 0; i < result->ids.ids_len; i++) {
489*148c5f43SAlan Wright 		req = &batch.idmap_mapping_batch_val[i];
490*148c5f43SAlan Wright 		res = &result->ids.ids_val[i];
491*148c5f43SAlan Wright 
492*148c5f43SAlan Wright 		if (!(req->flag & IDMAP_REQ_FLG_MAPPING_INFO) &&
493*148c5f43SAlan Wright 		    res->retcode == IDMAP_SUCCESS)
494*148c5f43SAlan Wright 			idmap_how_clear(&res->info.how);
495*148c5f43SAlan Wright 	}
496c5c4113dSnw141292 	return (TRUE);
497c5c4113dSnw141292 }
498c5c4113dSnw141292 
499c5c4113dSnw141292 
500c5c4113dSnw141292 /* ARGSUSED */
501cd37da74Snw141292 static
502cd37da74Snw141292 int
list_mappings_cb(void * parg,int argc,char ** argv,char ** colnames)503cd37da74Snw141292 list_mappings_cb(void *parg, int argc, char **argv, char **colnames)
504cd37da74Snw141292 {
505c5c4113dSnw141292 	list_cb_data_t		*cb_data;
506c5c4113dSnw141292 	char			*str;
507c5c4113dSnw141292 	idmap_mappings_res	*result;
508c5c4113dSnw141292 	idmap_retcode		retcode;
509c5c4113dSnw141292 	int			w2u, u2w;
510c5c4113dSnw141292 	char			*end;
511cd37da74Snw141292 	static int		validated_column_names = 0;
51248258c6bSjp151216 	idmap_how		*how;
51348258c6bSjp151216 
51448258c6bSjp151216 	cb_data = (list_cb_data_t *)parg;
515cd37da74Snw141292 
516cd37da74Snw141292 	if (!validated_column_names) {
517cd37da74Snw141292 		assert(strcmp(colnames[0], "rowid") == 0);
518cd37da74Snw141292 		assert(strcmp(colnames[1], "sidprefix") == 0);
519cd37da74Snw141292 		assert(strcmp(colnames[2], "rid") == 0);
520cd37da74Snw141292 		assert(strcmp(colnames[3], "pid") == 0);
521cd37da74Snw141292 		assert(strcmp(colnames[4], "w2u") == 0);
522cd37da74Snw141292 		assert(strcmp(colnames[5], "u2w") == 0);
523cd37da74Snw141292 		assert(strcmp(colnames[6], "windomain") == 0);
524cd37da74Snw141292 		assert(strcmp(colnames[7], "canon_winname") == 0);
525cd37da74Snw141292 		assert(strcmp(colnames[8], "unixname") == 0);
526cd37da74Snw141292 		assert(strcmp(colnames[9], "is_user") == 0);
527cd37da74Snw141292 		assert(strcmp(colnames[10], "is_wuser") == 0);
52848258c6bSjp151216 		assert(strcmp(colnames[11], "map_type") == 0);
52948258c6bSjp151216 		assert(strcmp(colnames[12], "map_dn") == 0);
53048258c6bSjp151216 		assert(strcmp(colnames[13], "map_attr") == 0);
53148258c6bSjp151216 		assert(strcmp(colnames[14], "map_value") == 0);
53248258c6bSjp151216 		assert(strcmp(colnames[15], "map_windomain") == 0);
53348258c6bSjp151216 		assert(strcmp(colnames[16], "map_winname") == 0);
53448258c6bSjp151216 		assert(strcmp(colnames[17], "map_unixname") == 0);
53548258c6bSjp151216 		assert(strcmp(colnames[18], "map_is_nt4") == 0);
536cd37da74Snw141292 		validated_column_names = 1;
537cd37da74Snw141292 	}
538cd37da74Snw141292 
539c5c4113dSnw141292 	result = (idmap_mappings_res *)cb_data->result;
540c5c4113dSnw141292 
54148258c6bSjp151216 	_VALIDATE_LIST_CB_DATA(19, &result->mappings.mappings_val,
542c5c4113dSnw141292 	    sizeof (idmap_mapping));
543c5c4113dSnw141292 
544c5c4113dSnw141292 	result->mappings.mappings_len++;
545c5c4113dSnw141292 
546c5c4113dSnw141292 	if ((str = strdup(argv[1])) == NULL)
547c5c4113dSnw141292 		return (1);
548c5c4113dSnw141292 	result->mappings.mappings_val[cb_data->next].id1.idmap_id_u.sid.prefix =
549c5c4113dSnw141292 	    str;
550c5c4113dSnw141292 	result->mappings.mappings_val[cb_data->next].id1.idmap_id_u.sid.rid =
551c5c4113dSnw141292 	    strtoul(argv[2], &end, 10);
552cd37da74Snw141292 	result->mappings.mappings_val[cb_data->next].id1.idtype =
553cd37da74Snw141292 	    strtol(argv[10], &end, 10) ? IDMAP_USID : IDMAP_GSID;
554c5c4113dSnw141292 
555c5c4113dSnw141292 	result->mappings.mappings_val[cb_data->next].id2.idmap_id_u.uid =
556c5c4113dSnw141292 	    strtoul(argv[3], &end, 10);
557cd37da74Snw141292 	result->mappings.mappings_val[cb_data->next].id2.idtype =
558cd37da74Snw141292 	    strtol(argv[9], &end, 10) ? IDMAP_UID : IDMAP_GID;
559c5c4113dSnw141292 
560c5c4113dSnw141292 	w2u = argv[4] ? strtol(argv[4], &end, 10) : 0;
561c5c4113dSnw141292 	u2w = argv[5] ? strtol(argv[5], &end, 10) : 0;
562c5c4113dSnw141292 
563c5c4113dSnw141292 	if (w2u > 0 && u2w == 0)
564651c0131Sbaban 		result->mappings.mappings_val[cb_data->next].direction =
565651c0131Sbaban 		    IDMAP_DIRECTION_W2U;
566c5c4113dSnw141292 	else if (w2u == 0 && u2w > 0)
567651c0131Sbaban 		result->mappings.mappings_val[cb_data->next].direction =
568651c0131Sbaban 		    IDMAP_DIRECTION_U2W;
569c5c4113dSnw141292 	else
570651c0131Sbaban 		result->mappings.mappings_val[cb_data->next].direction =
571651c0131Sbaban 		    IDMAP_DIRECTION_BI;
572c5c4113dSnw141292 
5738e228215Sdm199847 	STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id1domain,
5748e228215Sdm199847 	    argv[6]);
575c5c4113dSnw141292 
5768e228215Sdm199847 	STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id1name,
5778e228215Sdm199847 	    argv[7]);
578c5c4113dSnw141292 
5798e228215Sdm199847 	STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id2name,
5808e228215Sdm199847 	    argv[8]);
5818e228215Sdm199847 
58248258c6bSjp151216 	if (cb_data->flag & IDMAP_REQ_FLG_MAPPING_INFO) {
58348258c6bSjp151216 		how = &result->mappings.mappings_val[cb_data->next].info.how;
58448258c6bSjp151216 		how->map_type = strtoul(argv[11], &end, 10);
58548258c6bSjp151216 		switch (how->map_type) {
58648258c6bSjp151216 		case IDMAP_MAP_TYPE_DS_AD:
58748258c6bSjp151216 			how->idmap_how_u.ad.dn =
58848258c6bSjp151216 			    strdup(argv[12]);
58948258c6bSjp151216 			how->idmap_how_u.ad.attr =
59048258c6bSjp151216 			    strdup(argv[13]);
59148258c6bSjp151216 			how->idmap_how_u.ad.value =
59248258c6bSjp151216 			    strdup(argv[14]);
59348258c6bSjp151216 			break;
59448258c6bSjp151216 
59548258c6bSjp151216 		case IDMAP_MAP_TYPE_DS_NLDAP:
59648258c6bSjp151216 			how->idmap_how_u.nldap.dn =
59748258c6bSjp151216 			    strdup(argv[12]);
59848258c6bSjp151216 			how->idmap_how_u.nldap.attr =
59948258c6bSjp151216 			    strdup(argv[13]);
60048258c6bSjp151216 			how->idmap_how_u.nldap.value =
60148258c6bSjp151216 			    strdup(argv[14]);
60248258c6bSjp151216 			break;
60348258c6bSjp151216 
60448258c6bSjp151216 		case IDMAP_MAP_TYPE_RULE_BASED:
60548258c6bSjp151216 			how->idmap_how_u.rule.windomain =
60648258c6bSjp151216 			    strdup(argv[15]);
60748258c6bSjp151216 			how->idmap_how_u.rule.winname =
60848258c6bSjp151216 			    strdup(argv[16]);
60948258c6bSjp151216 			how->idmap_how_u.rule.unixname =
61048258c6bSjp151216 			    strdup(argv[17]);
61148258c6bSjp151216 			how->idmap_how_u.rule.is_nt4 =
61248258c6bSjp151216 			    strtoul(argv[18], &end, 10);
61348258c6bSjp151216 			how->idmap_how_u.rule.is_user =
61448258c6bSjp151216 			    strtol(argv[9], &end, 10);
61548258c6bSjp151216 			how->idmap_how_u.rule.is_wuser =
61648258c6bSjp151216 			    strtol(argv[10], &end, 10);
61748258c6bSjp151216 			break;
61848258c6bSjp151216 
61948258c6bSjp151216 		case IDMAP_MAP_TYPE_EPHEMERAL:
62048258c6bSjp151216 			break;
62148258c6bSjp151216 
62248258c6bSjp151216 		case IDMAP_MAP_TYPE_LOCAL_SID:
62348258c6bSjp151216 			break;
62448258c6bSjp151216 
625e3f2c991SKeyur Desai 		case IDMAP_MAP_TYPE_IDMU:
626e3f2c991SKeyur Desai 			how->idmap_how_u.idmu.dn =
627e3f2c991SKeyur Desai 			    strdup(argv[12]);
628e3f2c991SKeyur Desai 			how->idmap_how_u.idmu.attr =
629e3f2c991SKeyur Desai 			    strdup(argv[13]);
630e3f2c991SKeyur Desai 			how->idmap_how_u.idmu.value =
631e3f2c991SKeyur Desai 			    strdup(argv[14]);
632e3f2c991SKeyur Desai 			break;
633e3f2c991SKeyur Desai 
63448258c6bSjp151216 		default:
635e3f2c991SKeyur Desai 			/* Unknown mapping type */
63648258c6bSjp151216 			assert(FALSE);
63748258c6bSjp151216 		}
63848258c6bSjp151216 
63948258c6bSjp151216 	}
640c5c4113dSnw141292 
641c5c4113dSnw141292 	result->lastrowid = strtoll(argv[0], &end, 10);
642c5c4113dSnw141292 	cb_data->next++;
643c5c4113dSnw141292 	result->retcode = IDMAP_SUCCESS;
644c5c4113dSnw141292 	return (0);
645c5c4113dSnw141292 }
646c5c4113dSnw141292 
647c5c4113dSnw141292 
648c5c4113dSnw141292 /* ARGSUSED */
649c5c4113dSnw141292 bool_t
idmap_list_mappings_1_svc(int64_t lastrowid,uint64_t limit,int32_t flag,idmap_mappings_res * result,struct svc_req * rqstp)65048258c6bSjp151216 idmap_list_mappings_1_svc(int64_t lastrowid, uint64_t limit, int32_t flag,
651cd37da74Snw141292     idmap_mappings_res *result, struct svc_req *rqstp)
652cd37da74Snw141292 {
653c5c4113dSnw141292 	sqlite		*cache = NULL;
654c5c4113dSnw141292 	char		lbuf[30], rbuf[30];
655c5c4113dSnw141292 	uint64_t	maxlimit;
656c5c4113dSnw141292 	idmap_retcode	retcode;
657c5c4113dSnw141292 	char		*sql = NULL;
65848258c6bSjp151216 	time_t		curtime;
659c5c4113dSnw141292 
660c5c4113dSnw141292 	(void) memset(result, 0, sizeof (*result));
661c5c4113dSnw141292 
66248258c6bSjp151216 	/* Current time */
66348258c6bSjp151216 	errno = 0;
66448258c6bSjp151216 	if ((curtime = time(NULL)) == (time_t)-1) {
66548258c6bSjp151216 		idmapdlog(LOG_ERR, "Failed to get current time (%s)",
66648258c6bSjp151216 		    strerror(errno));
66748258c6bSjp151216 		retcode = IDMAP_ERR_INTERNAL;
66848258c6bSjp151216 		goto out;
66948258c6bSjp151216 	}
67048258c6bSjp151216 
671c5c4113dSnw141292 	RDLOCK_CONFIG();
672c5c4113dSnw141292 	maxlimit = _idmapdstate.cfg->pgcfg.list_size_limit;
673c5c4113dSnw141292 	UNLOCK_CONFIG();
674c5c4113dSnw141292 
675c5c4113dSnw141292 	/* Get cache handle */
676c5c4113dSnw141292 	result->retcode = get_cache_handle(&cache);
677c5c4113dSnw141292 	if (result->retcode != IDMAP_SUCCESS)
678c5c4113dSnw141292 		goto out;
679c5c4113dSnw141292 
680c5c4113dSnw141292 	result->retcode = IDMAP_ERR_INTERNAL;
681c5c4113dSnw141292 
682c5c4113dSnw141292 	/* Create LIMIT expression. */
683c5c4113dSnw141292 	if (limit == 0 || (maxlimit > 0 && maxlimit < limit))
684c5c4113dSnw141292 		limit = maxlimit;
685c5c4113dSnw141292 	if (limit > 0)
686c5c4113dSnw141292 		(void) snprintf(lbuf, sizeof (lbuf),
687c5c4113dSnw141292 		    "LIMIT %" PRIu64, limit + 1ULL);
688bbf6f00cSJordan Brown 	else
689bbf6f00cSJordan Brown 		lbuf[0] = '\0';
690c5c4113dSnw141292 
691c5c4113dSnw141292 	(void) snprintf(rbuf, sizeof (rbuf), "rowid > %" PRIu64, lastrowid);
692c5c4113dSnw141292 
693c5c4113dSnw141292 	/*
694c5c4113dSnw141292 	 * Combine all the above into a giant SELECT statement that
695c5c4113dSnw141292 	 * will return the requested mappings
696c5c4113dSnw141292 	 */
69748258c6bSjp151216 
69848258c6bSjp151216 	sql = sqlite_mprintf("SELECT rowid, sidprefix, rid, pid, w2u, "
69948258c6bSjp151216 	    "u2w, windomain, canon_winname, unixname, is_user, is_wuser, "
70048258c6bSjp151216 	    "map_type, map_dn, map_attr, map_value, map_windomain, "
70148258c6bSjp151216 	    "map_winname, map_unixname, map_is_nt4 "
70248258c6bSjp151216 	    "FROM idmap_cache WHERE %s AND "
70348258c6bSjp151216 	    "(pid >= 2147483648 OR (expiration = 0 OR "
70448258c6bSjp151216 	    "expiration ISNULL  OR expiration > %d)) "
70548258c6bSjp151216 	    "%s;",
70648258c6bSjp151216 	    rbuf, curtime, lbuf);
707c5c4113dSnw141292 	if (sql == NULL) {
708479ac375Sdm199847 		result->retcode = IDMAP_ERR_MEMORY;
709c5c4113dSnw141292 		idmapdlog(LOG_ERR, "Out of memory");
710c5c4113dSnw141292 		goto out;
711c5c4113dSnw141292 	}
712c5c4113dSnw141292 
713c5c4113dSnw141292 	/* Execute the SQL statement and update the return buffer */
71471590c90Snw141292 	PROCESS_LIST_SVC_SQL(retcode, cache, IDMAP_CACHENAME, sql, limit,
71548258c6bSjp151216 	    flag, list_mappings_cb, result, result->mappings.mappings_len);
716c5c4113dSnw141292 
717c5c4113dSnw141292 out:
718c5c4113dSnw141292 	if (sql)
719c5c4113dSnw141292 		sqlite_freemem(sql);
720c5c4113dSnw141292 	if (IDMAP_ERROR(result->retcode))
721c5c4113dSnw141292 		(void) xdr_free(xdr_idmap_mappings_res, (caddr_t)result);
722c5c4113dSnw141292 	result->retcode = idmap_stat4prot(result->retcode);
723c5c4113dSnw141292 	return (TRUE);
724c5c4113dSnw141292 }
725c5c4113dSnw141292 
726c5c4113dSnw141292 
727c5c4113dSnw141292 /* ARGSUSED */
728cd37da74Snw141292 static
729cd37da74Snw141292 int
list_namerules_cb(void * parg,int argc,char ** argv,char ** colnames)730cd37da74Snw141292 list_namerules_cb(void *parg, int argc, char **argv, char **colnames)
731cd37da74Snw141292 {
732c5c4113dSnw141292 	list_cb_data_t		*cb_data;
733c5c4113dSnw141292 	idmap_namerules_res	*result;
734c5c4113dSnw141292 	idmap_retcode		retcode;
735c5c4113dSnw141292 	int			w2u_order, u2w_order;
736c5c4113dSnw141292 	char			*end;
737cd37da74Snw141292 	static int		validated_column_names = 0;
738cd37da74Snw141292 
739cd37da74Snw141292 	if (!validated_column_names) {
740cd37da74Snw141292 		assert(strcmp(colnames[0], "rowid") == 0);
741cd37da74Snw141292 		assert(strcmp(colnames[1], "is_user") == 0);
742cd37da74Snw141292 		assert(strcmp(colnames[2], "is_wuser") == 0);
743cd37da74Snw141292 		assert(strcmp(colnames[3], "windomain") == 0);
744cd37da74Snw141292 		assert(strcmp(colnames[4], "winname_display") == 0);
745cd37da74Snw141292 		assert(strcmp(colnames[5], "is_nt4") == 0);
746cd37da74Snw141292 		assert(strcmp(colnames[6], "unixname") == 0);
747cd37da74Snw141292 		assert(strcmp(colnames[7], "w2u_order") == 0);
748cd37da74Snw141292 		assert(strcmp(colnames[8], "u2w_order") == 0);
749cd37da74Snw141292 		validated_column_names = 1;
750cd37da74Snw141292 	}
751c5c4113dSnw141292 
752c5c4113dSnw141292 	cb_data = (list_cb_data_t *)parg;
753c5c4113dSnw141292 	result = (idmap_namerules_res *)cb_data->result;
754c5c4113dSnw141292 
755cd37da74Snw141292 	_VALIDATE_LIST_CB_DATA(9, &result->rules.rules_val,
756c5c4113dSnw141292 	    sizeof (idmap_namerule));
757c5c4113dSnw141292 
758c5c4113dSnw141292 	result->rules.rules_len++;
759c5c4113dSnw141292 
760c5c4113dSnw141292 	result->rules.rules_val[cb_data->next].is_user =
761c5c4113dSnw141292 	    strtol(argv[1], &end, 10);
762c5c4113dSnw141292 
763cd37da74Snw141292 	result->rules.rules_val[cb_data->next].is_wuser =
764cd37da74Snw141292 	    strtol(argv[2], &end, 10);
765c5c4113dSnw141292 
766cd37da74Snw141292 	STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].windomain,
7678e228215Sdm199847 	    argv[3]);
768c5c4113dSnw141292 
769cd37da74Snw141292 	STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].winname,
770cd37da74Snw141292 	    argv[4]);
771cd37da74Snw141292 
772c5c4113dSnw141292 	result->rules.rules_val[cb_data->next].is_nt4 =
773cd37da74Snw141292 	    strtol(argv[5], &end, 10);
774c5c4113dSnw141292 
7758e228215Sdm199847 	STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].unixname,
776cd37da74Snw141292 	    argv[6]);
777c5c4113dSnw141292 
778cd37da74Snw141292 	w2u_order = argv[7] ? strtol(argv[7], &end, 10) : 0;
779cd37da74Snw141292 	u2w_order = argv[8] ? strtol(argv[8], &end, 10) : 0;
780c5c4113dSnw141292 
781c5c4113dSnw141292 	if (w2u_order > 0 && u2w_order == 0)
782651c0131Sbaban 		result->rules.rules_val[cb_data->next].direction =
783651c0131Sbaban 		    IDMAP_DIRECTION_W2U;
784c5c4113dSnw141292 	else if (w2u_order == 0 && u2w_order > 0)
785651c0131Sbaban 		result->rules.rules_val[cb_data->next].direction =
786651c0131Sbaban 		    IDMAP_DIRECTION_U2W;
787c5c4113dSnw141292 	else
788651c0131Sbaban 		result->rules.rules_val[cb_data->next].direction =
789651c0131Sbaban 		    IDMAP_DIRECTION_BI;
790c5c4113dSnw141292 
791c5c4113dSnw141292 	result->lastrowid = strtoll(argv[0], &end, 10);
792c5c4113dSnw141292 	cb_data->next++;
793c5c4113dSnw141292 	result->retcode = IDMAP_SUCCESS;
794c5c4113dSnw141292 	return (0);
795c5c4113dSnw141292 }
796c5c4113dSnw141292 
797c5c4113dSnw141292 
798c5c4113dSnw141292 /* ARGSUSED */
799c5c4113dSnw141292 bool_t
idmap_list_namerules_1_svc(idmap_namerule rule,uint64_t lastrowid,uint64_t limit,idmap_namerules_res * result,struct svc_req * rqstp)800c5c4113dSnw141292 idmap_list_namerules_1_svc(idmap_namerule rule, uint64_t lastrowid,
801c5c4113dSnw141292 		uint64_t limit, idmap_namerules_res *result,
802cd37da74Snw141292 		struct svc_req *rqstp)
803cd37da74Snw141292 {
804c5c4113dSnw141292 
805c5c4113dSnw141292 	sqlite		*db = NULL;
806c5c4113dSnw141292 	char		lbuf[30], rbuf[30];
807c5c4113dSnw141292 	char		*sql = NULL;
808cd37da74Snw141292 	char		*expr = NULL;
809c5c4113dSnw141292 	uint64_t	maxlimit;
810c5c4113dSnw141292 	idmap_retcode	retcode;
811c5c4113dSnw141292 
812c5c4113dSnw141292 	(void) memset(result, 0, sizeof (*result));
813c5c4113dSnw141292 
8140dcc7149Snw141292 	result->retcode = validate_rule(&rule);
8150dcc7149Snw141292 	if (result->retcode != IDMAP_SUCCESS)
8160dcc7149Snw141292 		goto out;
8170dcc7149Snw141292 
818c5c4113dSnw141292 	RDLOCK_CONFIG();
819c5c4113dSnw141292 	maxlimit = _idmapdstate.cfg->pgcfg.list_size_limit;
820c5c4113dSnw141292 	UNLOCK_CONFIG();
821c5c4113dSnw141292 
822c5c4113dSnw141292 	/* Get db handle */
823c5c4113dSnw141292 	result->retcode = get_db_handle(&db);
824c5c4113dSnw141292 	if (result->retcode != IDMAP_SUCCESS)
825c5c4113dSnw141292 		goto out;
826c5c4113dSnw141292 
8270dcc7149Snw141292 	result->retcode = gen_sql_expr_from_rule(&rule, &expr);
8280dcc7149Snw141292 	if (result->retcode != IDMAP_SUCCESS)
829c5c4113dSnw141292 		goto out;
830c5c4113dSnw141292 
831c5c4113dSnw141292 	/* Create LIMIT expression. */
832c5c4113dSnw141292 	if (limit == 0 || (maxlimit > 0 && maxlimit < limit))
833c5c4113dSnw141292 		limit = maxlimit;
834c5c4113dSnw141292 	if (limit > 0)
835c5c4113dSnw141292 		(void) snprintf(lbuf, sizeof (lbuf),
836c5c4113dSnw141292 		    "LIMIT %" PRIu64, limit + 1ULL);
837bbf6f00cSJordan Brown 	else
838bbf6f00cSJordan Brown 		lbuf[0] = '\0';
839c5c4113dSnw141292 
840c5c4113dSnw141292 	(void) snprintf(rbuf, sizeof (rbuf), "rowid > %" PRIu64, lastrowid);
841c5c4113dSnw141292 
842c5c4113dSnw141292 	/*
843c5c4113dSnw141292 	 * Combine all the above into a giant SELECT statement that
844c5c4113dSnw141292 	 * will return the requested rules
845c5c4113dSnw141292 	 */
846cd37da74Snw141292 	sql = sqlite_mprintf("SELECT rowid, is_user, is_wuser, windomain, "
847cd37da74Snw141292 	    "winname_display, is_nt4, unixname, w2u_order, u2w_order "
848c5c4113dSnw141292 	    "FROM namerules WHERE "
849bbf6f00cSJordan Brown 	    " %s %s %s;",
850bbf6f00cSJordan Brown 	    rbuf, expr, lbuf);
851cd37da74Snw141292 
852c5c4113dSnw141292 	if (sql == NULL) {
853479ac375Sdm199847 		result->retcode = IDMAP_ERR_MEMORY;
854c5c4113dSnw141292 		idmapdlog(LOG_ERR, "Out of memory");
855c5c4113dSnw141292 		goto out;
856c5c4113dSnw141292 	}
857c5c4113dSnw141292 
858c5c4113dSnw141292 	/* Execute the SQL statement and update the return buffer */
85971590c90Snw141292 	PROCESS_LIST_SVC_SQL(retcode, db, IDMAP_DBNAME, sql, limit,
86048258c6bSjp151216 	    0, list_namerules_cb, result, result->rules.rules_len);
861c5c4113dSnw141292 
862c5c4113dSnw141292 out:
863cd37da74Snw141292 	if (expr)
864cd37da74Snw141292 		sqlite_freemem(expr);
865c5c4113dSnw141292 	if (sql)
866c5c4113dSnw141292 		sqlite_freemem(sql);
867c5c4113dSnw141292 	if (IDMAP_ERROR(result->retcode))
868c5c4113dSnw141292 		(void) xdr_free(xdr_idmap_namerules_res, (caddr_t)result);
869c5c4113dSnw141292 	result->retcode = idmap_stat4prot(result->retcode);
870c5c4113dSnw141292 	return (TRUE);
871c5c4113dSnw141292 }
872c5c4113dSnw141292 
873c5c4113dSnw141292 #define	IDMAP_RULES_AUTH	"solaris.admin.idmap.rules"
874c5c4113dSnw141292 static int
verify_rules_auth(struct svc_req * rqstp)875cd37da74Snw141292 verify_rules_auth(struct svc_req *rqstp)
876cd37da74Snw141292 {
877c5c4113dSnw141292 	ucred_t		*uc = NULL;
878c5c4113dSnw141292 	uid_t		uid;
879c5c4113dSnw141292 	char		buf[1024];
880c5c4113dSnw141292 	struct passwd	pwd;
881c5c4113dSnw141292 
882c5c4113dSnw141292 	if (svc_getcallerucred(rqstp->rq_xprt, &uc) != 0) {
88371590c90Snw141292 		idmapdlog(LOG_ERR, "svc_getcallerucred failed during "
88471590c90Snw141292 		    "authorization (%s)", strerror(errno));
885c5c4113dSnw141292 		return (-1);
886c5c4113dSnw141292 	}
887c5c4113dSnw141292 
888c5c4113dSnw141292 	uid = ucred_geteuid(uc);
889c5c4113dSnw141292 	if (uid == (uid_t)-1) {
89071590c90Snw141292 		idmapdlog(LOG_ERR, "ucred_geteuid failed during "
89171590c90Snw141292 		    "authorization (%s)", strerror(errno));
892c5c4113dSnw141292 		ucred_free(uc);
893c5c4113dSnw141292 		return (-1);
894c5c4113dSnw141292 	}
895c5c4113dSnw141292 
896c5c4113dSnw141292 	if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) {
89771590c90Snw141292 		idmapdlog(LOG_ERR, "getpwuid_r(%u) failed during "
89871590c90Snw141292 		    "authorization (%s)", uid, strerror(errno));
899c5c4113dSnw141292 		ucred_free(uc);
900c5c4113dSnw141292 		return (-1);
901c5c4113dSnw141292 	}
902c5c4113dSnw141292 
903c5c4113dSnw141292 	if (chkauthattr(IDMAP_RULES_AUTH, pwd.pw_name) != 1) {
90471590c90Snw141292 		idmapdlog(LOG_INFO, "%s is not authorized (%s)",
90571590c90Snw141292 		    pwd.pw_name, IDMAP_RULES_AUTH);
906c5c4113dSnw141292 		ucred_free(uc);
907c5c4113dSnw141292 		return (-1);
908c5c4113dSnw141292 	}
909c5c4113dSnw141292 
910c5c4113dSnw141292 	ucred_free(uc);
911c5c4113dSnw141292 	return (1);
912c5c4113dSnw141292 }
913c5c4113dSnw141292 
9148e228215Sdm199847 /*
9158e228215Sdm199847  * Meaning of the return values is the following: For retcode ==
9168e228215Sdm199847  * IDMAP_SUCCESS, everything went OK and error_index is
9178e228215Sdm199847  * undefined. Otherwise, error_index >=0 shows the failed batch
9188e228215Sdm199847  * element. errro_index == -1 indicates failure at the beginning,
9198e228215Sdm199847  * error_index == -2 at the end.
9208e228215Sdm199847  */
9218e228215Sdm199847 
922c5c4113dSnw141292 /* ARGSUSED */
923c5c4113dSnw141292 bool_t
idmap_update_1_svc(idmap_update_batch batch,idmap_update_res * res,struct svc_req * rqstp)9248e228215Sdm199847 idmap_update_1_svc(idmap_update_batch batch, idmap_update_res *res,
925cd37da74Snw141292 		struct svc_req *rqstp)
926cd37da74Snw141292 {
927c5c4113dSnw141292 	sqlite		*db = NULL;
928c5c4113dSnw141292 	idmap_update_op	*up;
929c5c4113dSnw141292 	int		i;
93084decf41Sjp151216 	int		trans = FALSE;
931c5c4113dSnw141292 
9328e228215Sdm199847 	res->error_index = -1;
9338e228215Sdm199847 	(void) memset(&res->error_rule, 0, sizeof (res->error_rule));
9348e228215Sdm199847 	(void) memset(&res->conflict_rule, 0, sizeof (res->conflict_rule));
9358e228215Sdm199847 
936c5c4113dSnw141292 	if (verify_rules_auth(rqstp) < 0) {
9378e228215Sdm199847 		res->retcode = IDMAP_ERR_PERMISSION_DENIED;
938c5c4113dSnw141292 		goto out;
939c5c4113dSnw141292 	}
940c5c4113dSnw141292 
941c5c4113dSnw141292 	if (batch.idmap_update_batch_len == 0 ||
942c5c4113dSnw141292 	    batch.idmap_update_batch_val == NULL) {
9438e228215Sdm199847 		res->retcode = IDMAP_SUCCESS;
944c5c4113dSnw141292 		goto out;
945c5c4113dSnw141292 	}
946c5c4113dSnw141292 
9470dcc7149Snw141292 	res->retcode = validate_rules(&batch);
9480dcc7149Snw141292 	if (res->retcode != IDMAP_SUCCESS)
9490dcc7149Snw141292 		goto out;
9500dcc7149Snw141292 
951c5c4113dSnw141292 	/* Get db handle */
9528e228215Sdm199847 	res->retcode = get_db_handle(&db);
9538e228215Sdm199847 	if (res->retcode != IDMAP_SUCCESS)
954c5c4113dSnw141292 		goto out;
955c5c4113dSnw141292 
95671590c90Snw141292 	res->retcode = sql_exec_no_cb(db, IDMAP_DBNAME, "BEGIN TRANSACTION;");
9578e228215Sdm199847 	if (res->retcode != IDMAP_SUCCESS)
958c5c4113dSnw141292 		goto out;
95984decf41Sjp151216 	trans = TRUE;
960c5c4113dSnw141292 
961c5c4113dSnw141292 	for (i = 0; i < batch.idmap_update_batch_len; i++) {
962c5c4113dSnw141292 		up = &batch.idmap_update_batch_val[i];
963c5c4113dSnw141292 		switch (up->opnum) {
964c5c4113dSnw141292 		case OP_NONE:
9658e228215Sdm199847 			res->retcode = IDMAP_SUCCESS;
966c5c4113dSnw141292 			break;
967c5c4113dSnw141292 		case OP_ADD_NAMERULE:
9688e228215Sdm199847 			res->retcode = add_namerule(db,
969c5c4113dSnw141292 			    &up->idmap_update_op_u.rule);
970c5c4113dSnw141292 			break;
971c5c4113dSnw141292 		case OP_RM_NAMERULE:
9728e228215Sdm199847 			res->retcode = rm_namerule(db,
973c5c4113dSnw141292 			    &up->idmap_update_op_u.rule);
974c5c4113dSnw141292 			break;
975c5c4113dSnw141292 		case OP_FLUSH_NAMERULES:
976cd37da74Snw141292 			res->retcode = flush_namerules(db);
977c5c4113dSnw141292 			break;
978c5c4113dSnw141292 		default:
9798e228215Sdm199847 			res->retcode = IDMAP_ERR_NOTSUPPORTED;
9808e228215Sdm199847 			break;
981c5c4113dSnw141292 		};
982c5c4113dSnw141292 
9838e228215Sdm199847 		if (res->retcode != IDMAP_SUCCESS) {
9848e228215Sdm199847 			res->error_index = i;
9858e228215Sdm199847 			if (up->opnum == OP_ADD_NAMERULE ||
9868e228215Sdm199847 			    up->opnum == OP_RM_NAMERULE) {
9878e228215Sdm199847 				idmap_stat r2 =
9888e228215Sdm199847 				    idmap_namerule_cpy(&res->error_rule,
9898e228215Sdm199847 				    &up->idmap_update_op_u.rule);
9908e228215Sdm199847 				if (r2 != IDMAP_SUCCESS)
9918e228215Sdm199847 					res->retcode = r2;
9928e228215Sdm199847 			}
993c5c4113dSnw141292 			goto out;
994c5c4113dSnw141292 		}
9958e228215Sdm199847 	}
996c5c4113dSnw141292 
997c5c4113dSnw141292 out:
99884decf41Sjp151216 	if (trans) {
9998e228215Sdm199847 		if (res->retcode == IDMAP_SUCCESS) {
10008e228215Sdm199847 			res->retcode =
100171590c90Snw141292 			    sql_exec_no_cb(db, IDMAP_DBNAME,
100271590c90Snw141292 			    "COMMIT TRANSACTION;");
10039fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 			if (res->retcode ==  IDMAP_SUCCESS) {
10049fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 				/*
10059fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 				 * We've updated the rules.  Expire the cache
10069fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 				 * so that existing mappings will be
10079fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 				 * reconsidered.
10089fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 				 */
10099fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 				res->retcode =
10109fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 				    idmap_cache_flush(IDMAP_FLUSH_EXPIRE);
10119fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 			} else {
10128e228215Sdm199847 				res->error_index = -2;
10138e228215Sdm199847 			}
10149fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 		}
101584decf41Sjp151216 		else
101671590c90Snw141292 			(void) sql_exec_no_cb(db, IDMAP_DBNAME,
101771590c90Snw141292 			    "ROLLBACK TRANSACTION;");
1018c5c4113dSnw141292 	}
10198e228215Sdm199847 
10208e228215Sdm199847 	res->retcode = idmap_stat4prot(res->retcode);
10218e228215Sdm199847 
1022c5c4113dSnw141292 	return (TRUE);
1023c5c4113dSnw141292 }
1024c5c4113dSnw141292 
1025fe1c642dSBill Krier static
1026fe1c642dSBill Krier int
copy_string(char ** to,char * from)1027fe1c642dSBill Krier copy_string(char **to, char *from)
1028fe1c642dSBill Krier {
1029fe1c642dSBill Krier 	if (EMPTY_STRING(from)) {
1030fe1c642dSBill Krier 		*to = NULL;
1031fe1c642dSBill Krier 	} else {
1032fe1c642dSBill Krier 		*to = strdup(from);
1033fe1c642dSBill Krier 		if (*to == NULL) {
1034fe1c642dSBill Krier 			idmapdlog(LOG_ERR, "Out of memory");
1035fe1c642dSBill Krier 			return (IDMAP_ERR_MEMORY);
1036fe1c642dSBill Krier 		}
1037fe1c642dSBill Krier 	}
1038fe1c642dSBill Krier 	return (IDMAP_SUCCESS);
1039fe1c642dSBill Krier }
1040fe1c642dSBill Krier 
1041fe1c642dSBill Krier static
1042fe1c642dSBill Krier int
copy_id(idmap_id * to,idmap_id * from)1043fe1c642dSBill Krier copy_id(idmap_id *to, idmap_id *from)
1044fe1c642dSBill Krier {
1045fe1c642dSBill Krier 	(void) memset(to, 0, sizeof (*to));
1046fe1c642dSBill Krier 
1047fe1c642dSBill Krier 	to->idtype = from->idtype;
1048fe1c642dSBill Krier 	if (IS_ID_SID(*from)) {
1049fe1c642dSBill Krier 		idmap_retcode retcode;
1050fe1c642dSBill Krier 
1051fe1c642dSBill Krier 		to->idmap_id_u.sid.rid = from->idmap_id_u.sid.rid;
1052fe1c642dSBill Krier 		retcode = copy_string(&to->idmap_id_u.sid.prefix,
1053fe1c642dSBill Krier 		    from->idmap_id_u.sid.prefix);
1054fe1c642dSBill Krier 
1055fe1c642dSBill Krier 		return (retcode);
1056fe1c642dSBill Krier 	} else {
1057fe1c642dSBill Krier 		to->idmap_id_u.uid = from->idmap_id_u.uid;
1058fe1c642dSBill Krier 		return (IDMAP_SUCCESS);
1059fe1c642dSBill Krier 	}
1060fe1c642dSBill Krier }
1061fe1c642dSBill Krier 
1062fe1c642dSBill Krier static
1063fe1c642dSBill Krier int
copy_mapping(idmap_mapping * mapping,idmap_mapping * request)1064fe1c642dSBill Krier copy_mapping(idmap_mapping *mapping, idmap_mapping *request)
1065fe1c642dSBill Krier {
1066fe1c642dSBill Krier 	idmap_retcode retcode;
1067fe1c642dSBill Krier 
1068fe1c642dSBill Krier 	(void) memset(mapping, 0, sizeof (*mapping));
1069fe1c642dSBill Krier 
1070fe1c642dSBill Krier 	mapping->flag = request->flag;
1071fe1c642dSBill Krier 	mapping->direction = _IDMAP_F_DONE;
1072fe1c642dSBill Krier 
1073fe1c642dSBill Krier 	retcode = copy_id(&mapping->id1, &request->id1);
1074fe1c642dSBill Krier 	if (retcode != IDMAP_SUCCESS)
1075fe1c642dSBill Krier 		goto errout;
1076fe1c642dSBill Krier 
1077fe1c642dSBill Krier 	retcode = copy_string(&mapping->id1domain, request->id1domain);
1078fe1c642dSBill Krier 	if (retcode != IDMAP_SUCCESS)
1079fe1c642dSBill Krier 		goto errout;
1080fe1c642dSBill Krier 
1081fe1c642dSBill Krier 	retcode = copy_string(&mapping->id1name, request->id1name);
1082fe1c642dSBill Krier 	if (retcode != IDMAP_SUCCESS)
1083fe1c642dSBill Krier 		goto errout;
1084fe1c642dSBill Krier 
1085fe1c642dSBill Krier 	retcode = copy_id(&mapping->id2, &request->id2);
1086fe1c642dSBill Krier 	if (retcode != IDMAP_SUCCESS)
1087fe1c642dSBill Krier 		goto errout;
1088fe1c642dSBill Krier 
1089fe1c642dSBill Krier 	retcode = copy_string(&mapping->id2domain, request->id2domain);
1090fe1c642dSBill Krier 	if (retcode != IDMAP_SUCCESS)
1091fe1c642dSBill Krier 		goto errout;
1092fe1c642dSBill Krier 	retcode = copy_string(&mapping->id2name, request->id2name);
1093fe1c642dSBill Krier 	if (retcode != IDMAP_SUCCESS)
1094fe1c642dSBill Krier 		goto errout;
1095fe1c642dSBill Krier 
1096fe1c642dSBill Krier 	return (IDMAP_SUCCESS);
1097fe1c642dSBill Krier 
1098fe1c642dSBill Krier errout:
1099fe1c642dSBill Krier 	if (IS_ID_SID(mapping->id1))
1100fe1c642dSBill Krier 		free(mapping->id1.idmap_id_u.sid.prefix);
1101fe1c642dSBill Krier 	free(mapping->id1domain);
1102fe1c642dSBill Krier 	free(mapping->id1name);
1103fe1c642dSBill Krier 	if (IS_ID_SID(mapping->id2))
1104fe1c642dSBill Krier 		free(mapping->id2.idmap_id_u.sid.prefix);
1105fe1c642dSBill Krier 	free(mapping->id2domain);
1106fe1c642dSBill Krier 	free(mapping->id2name);
1107fe1c642dSBill Krier 
1108fe1c642dSBill Krier 	(void) memset(mapping, 0, sizeof (*mapping));
1109fe1c642dSBill Krier 	return (retcode);
1110fe1c642dSBill Krier }
1111fe1c642dSBill Krier 
1112c5c4113dSnw141292 
1113c5c4113dSnw141292 /* ARGSUSED */
1114c5c4113dSnw141292 bool_t
idmap_get_mapped_id_by_name_1_svc(idmap_mapping request,idmap_mappings_res * result,struct svc_req * rqstp)1115c5c4113dSnw141292 idmap_get_mapped_id_by_name_1_svc(idmap_mapping request,
1116cd37da74Snw141292 		idmap_mappings_res *result, struct svc_req *rqstp)
1117cd37da74Snw141292 {
1118fe1c642dSBill Krier 	idmap_mapping_batch batch_request;
1119fe1c642dSBill Krier 	idmap_ids_res batch_result;
1120fe1c642dSBill Krier 	idmap_mapping *map;
1121c5c4113dSnw141292 
1122fe1c642dSBill Krier 	/* Clear out things we might want to xdr_free on error */
1123fe1c642dSBill Krier 	(void) memset(&batch_result, 0, sizeof (batch_result));
1124c5c4113dSnw141292 	(void) memset(result, 0, sizeof (*result));
1125c5c4113dSnw141292 
11260dcc7149Snw141292 	result->retcode = validate_mapped_id_by_name_req(&request);
11270dcc7149Snw141292 	if (result->retcode != IDMAP_SUCCESS)
11280dcc7149Snw141292 		goto out;
11290dcc7149Snw141292 
1130fe1c642dSBill Krier 	/*
1131fe1c642dSBill Krier 	 * Copy the request.  We need to modify it, and
1132fe1c642dSBill Krier 	 * what we have is a shallow copy.  Freeing pointers from
1133fe1c642dSBill Krier 	 * our copy will lead to problems, since the RPC framework
1134fe1c642dSBill Krier 	 * has its own copy of those pointers.  Besides, we need
1135fe1c642dSBill Krier 	 * a copy to return.
1136fe1c642dSBill Krier 	 */
1137fe1c642dSBill Krier 	map = calloc(1, sizeof (idmap_mapping));
1138fe1c642dSBill Krier 	if (map == NULL) {
1139c5c4113dSnw141292 		idmapdlog(LOG_ERR, "Out of memory");
1140c5c4113dSnw141292 		result->retcode = IDMAP_ERR_MEMORY;
1141c5c4113dSnw141292 		goto out;
1142c5c4113dSnw141292 	}
1143fe1c642dSBill Krier 
1144fe1c642dSBill Krier 	/*
1145fe1c642dSBill Krier 	 * Set up to return the filled-in mapping structure.
1146fe1c642dSBill Krier 	 * Note that we xdr_free result on error, and that'll take
1147fe1c642dSBill Krier 	 * care of freeing the mapping structure.
1148fe1c642dSBill Krier 	 */
1149fe1c642dSBill Krier 	result->mappings.mappings_val = map;
1150c5c4113dSnw141292 	result->mappings.mappings_len = 1;
1151c5c4113dSnw141292 
1152fe1c642dSBill Krier 	result->retcode = copy_mapping(map, &request);
1153fe1c642dSBill Krier 	if (result->retcode != IDMAP_SUCCESS)
1154fe1c642dSBill Krier 		goto out;
1155cd37da74Snw141292 
1156fe1c642dSBill Krier 	/* Set up for the request to the batch API */
1157fe1c642dSBill Krier 	batch_request.idmap_mapping_batch_val = map;
1158fe1c642dSBill Krier 	batch_request.idmap_mapping_batch_len = 1;
1159fe1c642dSBill Krier 
1160fe1c642dSBill Krier 	/* Do the real work. */
1161fe1c642dSBill Krier 	(void) idmap_get_mapped_ids_1_svc(batch_request,
1162fe1c642dSBill Krier 	    &batch_result, rqstp);
1163fe1c642dSBill Krier 
1164fe1c642dSBill Krier 	/* Copy what we need out of the batch response */
1165fe1c642dSBill Krier 
1166fe1c642dSBill Krier 	if (batch_result.retcode != IDMAP_SUCCESS) {
1167fe1c642dSBill Krier 		result->retcode = batch_result.retcode;
1168fe1c642dSBill Krier 		goto out;
1169fe1c642dSBill Krier 	}
1170fe1c642dSBill Krier 
1171fe1c642dSBill Krier 	result->retcode = copy_id(&map->id2, &batch_result.ids.ids_val[0].id);
1172fe1c642dSBill Krier 	if (result->retcode != IDMAP_SUCCESS)
1173fe1c642dSBill Krier 		goto out;
1174fe1c642dSBill Krier 
1175fe1c642dSBill Krier 	map->direction = batch_result.ids.ids_val[0].direction;
1176fe1c642dSBill Krier 
1177fe1c642dSBill Krier 	result->retcode = batch_result.ids.ids_val[0].retcode;
1178fe1c642dSBill Krier 
1179*148c5f43SAlan Wright 	idmap_info_mov(&map->info, &batch_result.ids.ids_val[0].info);
1180c5c4113dSnw141292 
1181c5c4113dSnw141292 out:
1182c5c4113dSnw141292 	if (IDMAP_FATAL_ERROR(result->retcode)) {
1183c5c4113dSnw141292 		xdr_free(xdr_idmap_mappings_res, (caddr_t)result);
1184c5c4113dSnw141292 		result->mappings.mappings_len = 0;
1185c5c4113dSnw141292 		result->mappings.mappings_val = NULL;
1186c5c4113dSnw141292 	}
1187c5c4113dSnw141292 	result->retcode = idmap_stat4prot(result->retcode);
1188fe1c642dSBill Krier 
1189fe1c642dSBill Krier 	xdr_free(xdr_idmap_ids_res, (char *)&batch_result);
1190fe1c642dSBill Krier 
1191c5c4113dSnw141292 	return (TRUE);
1192c5c4113dSnw141292 }
1193c5c4113dSnw141292 
1194479ac375Sdm199847 /* ARGSUSED */
1195479ac375Sdm199847 bool_t
idmap_get_prop_1_svc(idmap_prop_type request,idmap_prop_res * result,struct svc_req * rqstp)1196479ac375Sdm199847 idmap_get_prop_1_svc(idmap_prop_type request,
1197479ac375Sdm199847 		idmap_prop_res *result, struct svc_req *rqstp)
1198479ac375Sdm199847 {
1199479ac375Sdm199847 	idmap_pg_config_t *pgcfg;
1200479ac375Sdm199847 
1201479ac375Sdm199847 	/* Init */
1202479ac375Sdm199847 	(void) memset(result, 0, sizeof (*result));
1203479ac375Sdm199847 	result->retcode = IDMAP_SUCCESS;
1204479ac375Sdm199847 	result->value.prop = request;
1205479ac375Sdm199847 
1206479ac375Sdm199847 	RDLOCK_CONFIG();
1207479ac375Sdm199847 
1208479ac375Sdm199847 	/* Just shortcuts: */
1209479ac375Sdm199847 	pgcfg = &_idmapdstate.cfg->pgcfg;
12104d61c878SJulian Pullen 
1211479ac375Sdm199847 
1212479ac375Sdm199847 	switch (request) {
1213479ac375Sdm199847 	case PROP_LIST_SIZE_LIMIT:
1214479ac375Sdm199847 		result->value.idmap_prop_val_u.intval = pgcfg->list_size_limit;
1215479ac375Sdm199847 		result->auto_discovered = FALSE;
1216479ac375Sdm199847 		break;
1217479ac375Sdm199847 	case PROP_DEFAULT_DOMAIN:
1218479ac375Sdm199847 		result->auto_discovered = FALSE;
1219479ac375Sdm199847 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1220479ac375Sdm199847 		    pgcfg->default_domain);
1221479ac375Sdm199847 		break;
1222479ac375Sdm199847 	case PROP_DOMAIN_NAME:
1223479ac375Sdm199847 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1224479ac375Sdm199847 		    pgcfg->domain_name);
1225479ac375Sdm199847 		result->auto_discovered =
12264d61c878SJulian Pullen 		    pgcfg->domain_name_auto_disc;
1227479ac375Sdm199847 		break;
1228479ac375Sdm199847 	case PROP_MACHINE_SID:
1229479ac375Sdm199847 		result->auto_discovered = FALSE;
1230479ac375Sdm199847 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1231479ac375Sdm199847 		    pgcfg->machine_sid);
1232479ac375Sdm199847 		break;
1233479ac375Sdm199847 	case PROP_DOMAIN_CONTROLLER:
1234479ac375Sdm199847 		if (pgcfg->domain_controller != NULL) {
1235479ac375Sdm199847 			(void) memcpy(&result->value.idmap_prop_val_u.dsval,
1236479ac375Sdm199847 			    pgcfg->domain_controller,
1237479ac375Sdm199847 			    sizeof (idmap_ad_disc_ds_t));
1238479ac375Sdm199847 		}
12394d61c878SJulian Pullen 		result->auto_discovered = pgcfg->domain_controller_auto_disc;
1240479ac375Sdm199847 		break;
1241479ac375Sdm199847 	case PROP_FOREST_NAME:
1242479ac375Sdm199847 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1243479ac375Sdm199847 		    pgcfg->forest_name);
12444d61c878SJulian Pullen 		result->auto_discovered = pgcfg->forest_name_auto_disc;
1245479ac375Sdm199847 		break;
1246479ac375Sdm199847 	case PROP_SITE_NAME:
1247479ac375Sdm199847 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1248479ac375Sdm199847 		    pgcfg->site_name);
12494d61c878SJulian Pullen 		result->auto_discovered = pgcfg->site_name_auto_disc;
1250479ac375Sdm199847 		break;
1251479ac375Sdm199847 	case PROP_GLOBAL_CATALOG:
1252479ac375Sdm199847 		if (pgcfg->global_catalog != NULL) {
1253479ac375Sdm199847 			(void) memcpy(&result->value.idmap_prop_val_u.dsval,
1254479ac375Sdm199847 			    pgcfg->global_catalog, sizeof (idmap_ad_disc_ds_t));
1255479ac375Sdm199847 		}
12564d61c878SJulian Pullen 		result->auto_discovered = pgcfg->global_catalog_auto_disc;
1257479ac375Sdm199847 		break;
1258479ac375Sdm199847 	case PROP_AD_UNIXUSER_ATTR:
1259479ac375Sdm199847 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1260479ac375Sdm199847 		    pgcfg->ad_unixuser_attr);
1261479ac375Sdm199847 		result->auto_discovered = FALSE;
1262479ac375Sdm199847 		break;
1263479ac375Sdm199847 	case PROP_AD_UNIXGROUP_ATTR:
1264479ac375Sdm199847 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1265479ac375Sdm199847 		    pgcfg->ad_unixgroup_attr);
1266479ac375Sdm199847 		result->auto_discovered = FALSE;
1267479ac375Sdm199847 		break;
1268479ac375Sdm199847 	case PROP_NLDAP_WINNAME_ATTR:
1269479ac375Sdm199847 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1270479ac375Sdm199847 		    pgcfg->nldap_winname_attr);
1271479ac375Sdm199847 		result->auto_discovered = FALSE;
1272479ac375Sdm199847 		break;
1273e3f2c991SKeyur Desai 	case PROP_DIRECTORY_BASED_MAPPING:
1274e3f2c991SKeyur Desai 		STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val,
1275e3f2c991SKeyur Desai 		    enum_lookup(pgcfg->directory_based_mapping,
1276e3f2c991SKeyur Desai 		    directory_mapping_map));
1277479ac375Sdm199847 		result->auto_discovered = FALSE;
1278479ac375Sdm199847 		break;
1279479ac375Sdm199847 	default:
1280479ac375Sdm199847 		result->retcode = IDMAP_ERR_PROP_UNKNOWN;
1281479ac375Sdm199847 		break;
1282479ac375Sdm199847 	}
1283479ac375Sdm199847 
1284479ac375Sdm199847 out:
1285479ac375Sdm199847 	UNLOCK_CONFIG();
1286479ac375Sdm199847 	if (IDMAP_FATAL_ERROR(result->retcode)) {
1287479ac375Sdm199847 		xdr_free(xdr_idmap_prop_res, (caddr_t)result);
1288479ac375Sdm199847 		result->value.prop = PROP_UNKNOWN;
1289479ac375Sdm199847 	}
1290479ac375Sdm199847 	result->retcode = idmap_stat4prot(result->retcode);
1291479ac375Sdm199847 	return (TRUE);
1292479ac375Sdm199847 }
1293479ac375Sdm199847 
12949fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States int
idmap_flush_1_svc(idmap_flush_op op,idmap_retcode * result,struct svc_req * rqstp)12959fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_flush_1_svc(
12969fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States     idmap_flush_op  op,
12979fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States     idmap_retcode *result,
12989fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States     struct svc_req *rqstp)
12999fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States {
13009fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 	NOTE(ARGUNUSED(rqstp))
13019fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 	if (verify_rules_auth(rqstp) < 0) {
13029fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 		*result = IDMAP_ERR_PERMISSION_DENIED;
13039fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 		return (TRUE);
13049fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 	}
13059fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 
13069fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 	*result = idmap_cache_flush(op);
13079fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 
13089fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 	return (TRUE);
13099fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
1310c5c4113dSnw141292 
1311c5c4113dSnw141292 /* ARGSUSED */
1312c5c4113dSnw141292 int
idmap_prog_1_freeresult(SVCXPRT * transp,xdrproc_t xdr_result,caddr_t result)1313c5c4113dSnw141292 idmap_prog_1_freeresult(SVCXPRT *transp, xdrproc_t xdr_result,
1314cd37da74Snw141292 		caddr_t result)
1315cd37da74Snw141292 {
1316c5c4113dSnw141292 	(void) xdr_free(xdr_result, result);
1317c5c4113dSnw141292 	return (TRUE);
1318c5c4113dSnw141292 }
13191fcced4cSJordan Brown 
13201fcced4cSJordan Brown /*
13211fcced4cSJordan Brown  * This function is called by rpc_svc.c when it encounters an error.
13221fcced4cSJordan Brown  */
13231fcced4cSJordan Brown NOTE(PRINTFLIKE(1))
13241fcced4cSJordan Brown void
idmap_rpc_msgout(const char * fmt,...)13251fcced4cSJordan Brown idmap_rpc_msgout(const char *fmt, ...)
13261fcced4cSJordan Brown {
13271fcced4cSJordan Brown 	va_list va;
13281fcced4cSJordan Brown 	char buf[1000];
13291fcced4cSJordan Brown 
13301fcced4cSJordan Brown 	va_start(va, fmt);
13311fcced4cSJordan Brown 	(void) vsnprintf(buf, sizeof (buf), fmt, va);
13321fcced4cSJordan Brown 	va_end(va);
13331fcced4cSJordan Brown 
13341fcced4cSJordan Brown 	idmapdlog(LOG_ERR, "idmap RPC:  %s", buf);
13351fcced4cSJordan Brown }
1336