xref: /titanic_44/usr/src/lib/nsswitch/ad/common/getspent.c (revision 6a634c9dca3093f3922e4b7ab826d7bdf17bf78e) 
12b4a7802SBaban Kenkre /*
22b4a7802SBaban Kenkre  * CDDL HEADER START
32b4a7802SBaban Kenkre  *
42b4a7802SBaban Kenkre  * The contents of this file are subject to the terms of the
52b4a7802SBaban Kenkre  * Common Development and Distribution License (the "License").
62b4a7802SBaban Kenkre  * You may not use this file except in compliance with the License.
72b4a7802SBaban Kenkre  *
82b4a7802SBaban Kenkre  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
92b4a7802SBaban Kenkre  * or http://www.opensolaris.org/os/licensing.
102b4a7802SBaban Kenkre  * See the License for the specific language governing permissions
112b4a7802SBaban Kenkre  * and limitations under the License.
122b4a7802SBaban Kenkre  *
132b4a7802SBaban Kenkre  * When distributing Covered Code, include this CDDL HEADER in each
142b4a7802SBaban Kenkre  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
152b4a7802SBaban Kenkre  * If applicable, add the following below this CDDL HEADER, with the
162b4a7802SBaban Kenkre  * fields enclosed by brackets "[]" replaced with your own identifying
172b4a7802SBaban Kenkre  * information: Portions Copyright [yyyy] [name of copyright owner]
182b4a7802SBaban Kenkre  *
192b4a7802SBaban Kenkre  * CDDL HEADER END
202b4a7802SBaban Kenkre  */
212b4a7802SBaban Kenkre /*
22*1fdeec65Sjoyce mcintosh  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
232b4a7802SBaban Kenkre  */
242b4a7802SBaban Kenkre 
252b4a7802SBaban Kenkre #include <shadow.h>
262b4a7802SBaban Kenkre #include <stdlib.h>
272b4a7802SBaban Kenkre #include "ad_common.h"
282b4a7802SBaban Kenkre 
292b4a7802SBaban Kenkre static int
update_buffer(ad_backend_ptr be,nss_XbyY_args_t * argp,const char * name,const char * domain)302b4a7802SBaban Kenkre update_buffer(ad_backend_ptr be, nss_XbyY_args_t *argp,
312b4a7802SBaban Kenkre 		const char *name, const char *domain)
322b4a7802SBaban Kenkre {
332b4a7802SBaban Kenkre 	int	buflen;
342b4a7802SBaban Kenkre 	char	*buffer;
352b4a7802SBaban Kenkre 
362b4a7802SBaban Kenkre 	/*
372b4a7802SBaban Kenkre 	 * The user password is not available in the AD object and therefore
382b4a7802SBaban Kenkre 	 * sp_pwdp will be "*NP*".
392b4a7802SBaban Kenkre 	 *
402b4a7802SBaban Kenkre 	 * nss_ad will leave aging fields empty (i.e. The front end
412b4a7802SBaban Kenkre 	 * marshaller will set sp_lstchgst, sp_min, sp_max, sp_warn,
422b4a7802SBaban Kenkre 	 * sp_inact, and sp_expire to -1 and sp_flag to 0) because shadow
432b4a7802SBaban Kenkre 	 * fields are irrevalent with AD and krb5.
442b4a7802SBaban Kenkre 	 */
452b4a7802SBaban Kenkre 
462b4a7802SBaban Kenkre 	buflen = snprintf(NULL, 0, "%s@%s:*NP*:::::::", name, domain) + 1;
472b4a7802SBaban Kenkre 
482b4a7802SBaban Kenkre 	if (argp->buf.result != NULL) {
492b4a7802SBaban Kenkre 		buffer = be->buffer = malloc(buflen);
502b4a7802SBaban Kenkre 		if (be->buffer == NULL)
512b4a7802SBaban Kenkre 			return (-1);
522b4a7802SBaban Kenkre 		be->buflen = buflen;
532b4a7802SBaban Kenkre 	} else {
542b4a7802SBaban Kenkre 		if (buflen > argp->buf.buflen)
552b4a7802SBaban Kenkre 			return (-1);
562b4a7802SBaban Kenkre 		buflen = argp->buf.buflen;
572b4a7802SBaban Kenkre 		buffer = argp->buf.buffer;
582b4a7802SBaban Kenkre 	}
592b4a7802SBaban Kenkre 
602b4a7802SBaban Kenkre 	buflen = snprintf(buffer, buflen, "%s@%s:*NP*:::::::",
612b4a7802SBaban Kenkre 	    name, domain) + 1;
622b4a7802SBaban Kenkre 	return (0);
632b4a7802SBaban Kenkre }
642b4a7802SBaban Kenkre 
652b4a7802SBaban Kenkre /*
662b4a7802SBaban Kenkre  * getbynam gets a shadow entry by winname. This function constructs an ldap
672b4a7802SBaban Kenkre  * search filter using the name invocation parameter and the getspnam search
682b4a7802SBaban Kenkre  * filter defined. Once the filter is constructed we search for a matching
692b4a7802SBaban Kenkre  * entry and marshal the data results into struct shadow for the frontend
702b4a7802SBaban Kenkre  * process. The function _nss_ad_shadow2ent performs the data marshaling.
712b4a7802SBaban Kenkre  */
722b4a7802SBaban Kenkre static nss_status_t
getbynam(ad_backend_ptr be,void * a)732b4a7802SBaban Kenkre getbynam(ad_backend_ptr be, void *a)
742b4a7802SBaban Kenkre {
752b4a7802SBaban Kenkre 	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
762b4a7802SBaban Kenkre 	char		name[SEARCHFILTERLEN + 1];
772b4a7802SBaban Kenkre 	char		*dname;
782b4a7802SBaban Kenkre 	nss_status_t	stat;
792b4a7802SBaban Kenkre 	idmap_stat	idmaprc;
802b4a7802SBaban Kenkre 	uid_t		uid;
812b4a7802SBaban Kenkre 	int		is_user, is_wuser;
822b4a7802SBaban Kenkre 
832b4a7802SBaban Kenkre 	be->db_type = NSS_AD_DB_SHADOW_BYNAME;
842b4a7802SBaban Kenkre 
852b4a7802SBaban Kenkre 	/* Sanitize name so that it can be used in our LDAP filter */
862b4a7802SBaban Kenkre 	if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
872b4a7802SBaban Kenkre 		return ((nss_status_t)NSS_NOTFOUND);
882b4a7802SBaban Kenkre 
892b4a7802SBaban Kenkre 	if ((dname = strchr(name, '@')) == NULL)
902b4a7802SBaban Kenkre 		return ((nss_status_t)NSS_NOTFOUND);
912b4a7802SBaban Kenkre 
922b4a7802SBaban Kenkre 	*dname = '\0';
932b4a7802SBaban Kenkre 	dname++;
942b4a7802SBaban Kenkre 
952b4a7802SBaban Kenkre 	/*
962b4a7802SBaban Kenkre 	 * Use idmap service to verify that the given
972b4a7802SBaban Kenkre 	 * name is a valid Windows name.
982b4a7802SBaban Kenkre 	 */
992b4a7802SBaban Kenkre 	is_wuser = -1;
1002b4a7802SBaban Kenkre 	is_user = 1;
101*1fdeec65Sjoyce mcintosh 	idmaprc = idmap_get_w2u_mapping(NULL, NULL, name, dname,
1022b4a7802SBaban Kenkre 	    0, &is_user, &is_wuser, &uid, NULL, NULL, NULL);
1032b4a7802SBaban Kenkre 	if (idmaprc != IDMAP_SUCCESS) {
1042b4a7802SBaban Kenkre 		RESET_ERRNO();
1052b4a7802SBaban Kenkre 		return ((nss_status_t)NSS_NOTFOUND);
1062b4a7802SBaban Kenkre 	}
1072b4a7802SBaban Kenkre 
1082b4a7802SBaban Kenkre 	/* Create shadow(4) style string */
1092b4a7802SBaban Kenkre 	if (update_buffer(be, argp, name, dname) < 0)
1102b4a7802SBaban Kenkre 		return ((nss_status_t)NSS_NOTFOUND);
1112b4a7802SBaban Kenkre 
1122b4a7802SBaban Kenkre 	/* Marshall the data, sanitize the return status and return */
1132b4a7802SBaban Kenkre 	stat = _nss_ad_marshall_data(be, argp);
1142b4a7802SBaban Kenkre 	return (_nss_ad_sanitize_status(be, argp, stat));
1152b4a7802SBaban Kenkre }
1162b4a7802SBaban Kenkre 
1172b4a7802SBaban Kenkre static ad_backend_op_t sp_ops[] = {
1182b4a7802SBaban Kenkre     _nss_ad_destr,
1192b4a7802SBaban Kenkre     _nss_ad_endent,
1202b4a7802SBaban Kenkre     _nss_ad_setent,
1212b4a7802SBaban Kenkre     _nss_ad_getent,
1222b4a7802SBaban Kenkre     getbynam
1232b4a7802SBaban Kenkre };
1242b4a7802SBaban Kenkre 
1252b4a7802SBaban Kenkre 
1262b4a7802SBaban Kenkre /*
1272b4a7802SBaban Kenkre  * _nss_ad_passwd_constr is where life begins. This function calls the
1282b4a7802SBaban Kenkre  * generic ldap constructor function to define and build the abstract
1292b4a7802SBaban Kenkre  * data types required to support ldap operations.
1302b4a7802SBaban Kenkre  */
1312b4a7802SBaban Kenkre /*ARGSUSED0*/
1322b4a7802SBaban Kenkre nss_backend_t *
_nss_ad_shadow_constr(const char * dummy1,const char * dummy2,const char * dummy3)1332b4a7802SBaban Kenkre _nss_ad_shadow_constr(const char *dummy1, const char *dummy2,
1342b4a7802SBaban Kenkre 			const char *dummy3)
1352b4a7802SBaban Kenkre {
1362b4a7802SBaban Kenkre 
1372b4a7802SBaban Kenkre 	return ((nss_backend_t *)_nss_ad_constr(sp_ops,
1382b4a7802SBaban Kenkre 	    sizeof (sp_ops)/sizeof (sp_ops[0]),
1392b4a7802SBaban Kenkre 	    _SHADOW, NULL, NULL));
1402b4a7802SBaban Kenkre }
141