xref: /titanic_51/usr/src/lib/nsswitch/ad/common/getgrent.c (revision 1fdeec650620e8498c06f832ea4bd2292f7e9632) 
12b4a7802SBaban Kenkre /*
22b4a7802SBaban Kenkre  * CDDL HEADER START
32b4a7802SBaban Kenkre  *
42b4a7802SBaban Kenkre  * The contents of this file are subject to the terms of the
52b4a7802SBaban Kenkre  * Common Development and Distribution License (the "License").
62b4a7802SBaban Kenkre  * You may not use this file except in compliance with the License.
72b4a7802SBaban Kenkre  *
82b4a7802SBaban Kenkre  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
92b4a7802SBaban Kenkre  * or http://www.opensolaris.org/os/licensing.
102b4a7802SBaban Kenkre  * See the License for the specific language governing permissions
112b4a7802SBaban Kenkre  * and limitations under the License.
122b4a7802SBaban Kenkre  *
132b4a7802SBaban Kenkre  * When distributing Covered Code, include this CDDL HEADER in each
142b4a7802SBaban Kenkre  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
152b4a7802SBaban Kenkre  * If applicable, add the following below this CDDL HEADER, with the
162b4a7802SBaban Kenkre  * fields enclosed by brackets "[]" replaced with your own identifying
172b4a7802SBaban Kenkre  * information: Portions Copyright [yyyy] [name of copyright owner]
182b4a7802SBaban Kenkre  *
192b4a7802SBaban Kenkre  * CDDL HEADER END
202b4a7802SBaban Kenkre  */
212b4a7802SBaban Kenkre /*
22*1fdeec65Sjoyce mcintosh  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
232b4a7802SBaban Kenkre  */
242b4a7802SBaban Kenkre 
252b4a7802SBaban Kenkre #include <grp.h>
262b4a7802SBaban Kenkre #include <idmap.h>
272b4a7802SBaban Kenkre #include "ad_common.h"
282b4a7802SBaban Kenkre 
292b4a7802SBaban Kenkre static int
302b4a7802SBaban Kenkre update_buffer(ad_backend_ptr be, nss_XbyY_args_t *argp,
312b4a7802SBaban Kenkre 		const char *name, const char *domain, gid_t gid)
322b4a7802SBaban Kenkre {
332b4a7802SBaban Kenkre 	int	buflen;
342b4a7802SBaban Kenkre 	char	*buffer;
352b4a7802SBaban Kenkre 
362b4a7802SBaban Kenkre 	if (domain == NULL)
372b4a7802SBaban Kenkre 		domain = WK_DOMAIN;
382b4a7802SBaban Kenkre 
392b4a7802SBaban Kenkre 	buflen = snprintf(NULL, 0, "%s@%s::%u:", name, domain, gid) + 1;
402b4a7802SBaban Kenkre 
412b4a7802SBaban Kenkre 	if (argp->buf.result != NULL) {
422b4a7802SBaban Kenkre 		buffer = be->buffer = malloc(buflen);
432b4a7802SBaban Kenkre 		if (be->buffer == NULL)
442b4a7802SBaban Kenkre 			return (-1);
452b4a7802SBaban Kenkre 		be->buflen = buflen;
462b4a7802SBaban Kenkre 	} else {
472b4a7802SBaban Kenkre 		if (buflen > argp->buf.buflen)
482b4a7802SBaban Kenkre 			return (-1);
492b4a7802SBaban Kenkre 		buflen = argp->buf.buflen;
502b4a7802SBaban Kenkre 		buffer = argp->buf.buffer;
512b4a7802SBaban Kenkre 	}
522b4a7802SBaban Kenkre 
532b4a7802SBaban Kenkre 	(void) snprintf(buffer, buflen, "%s@%s::%u:", name, domain, gid);
542b4a7802SBaban Kenkre 	return (0);
552b4a7802SBaban Kenkre }
562b4a7802SBaban Kenkre 
572b4a7802SBaban Kenkre /*
582b4a7802SBaban Kenkre  * getbynam gets a group entry by name. This function constructs an ldap
592b4a7802SBaban Kenkre  * search filter using the name invocation parameter and the getgrnam search
602b4a7802SBaban Kenkre  * filter defined. Once the filter is constructed, we search for a matching
612b4a7802SBaban Kenkre  * entry and marshal the data results into struct group for the frontend
622b4a7802SBaban Kenkre  * process. The function _nss_ad_group2ent performs the data marshaling.
632b4a7802SBaban Kenkre  */
642b4a7802SBaban Kenkre static nss_status_t
652b4a7802SBaban Kenkre getbynam(ad_backend_ptr be, void *a)
662b4a7802SBaban Kenkre {
672b4a7802SBaban Kenkre 	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
682b4a7802SBaban Kenkre 	char		name[SEARCHFILTERLEN];
692b4a7802SBaban Kenkre 	char		*dname;
702b4a7802SBaban Kenkre 	nss_status_t	stat;
712b4a7802SBaban Kenkre 	idmap_stat	idmaprc;
722b4a7802SBaban Kenkre 	gid_t		gid;
732b4a7802SBaban Kenkre 	int		is_user, is_wuser;
742b4a7802SBaban Kenkre 
752b4a7802SBaban Kenkre 	be->db_type = NSS_AD_DB_GROUP_BYNAME;
762b4a7802SBaban Kenkre 
772b4a7802SBaban Kenkre 	/* Sanitize name so that it can be used in our LDAP filter */
782b4a7802SBaban Kenkre 	if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
792b4a7802SBaban Kenkre 		return ((nss_status_t)NSS_NOTFOUND);
802b4a7802SBaban Kenkre 
812b4a7802SBaban Kenkre 	if ((dname = strchr(name, '@')) == NULL)
822b4a7802SBaban Kenkre 		return ((nss_status_t)NSS_NOTFOUND);
832b4a7802SBaban Kenkre 
842b4a7802SBaban Kenkre 	*dname = '\0';
852b4a7802SBaban Kenkre 	dname++;
862b4a7802SBaban Kenkre 
872b4a7802SBaban Kenkre 	/*
882b4a7802SBaban Kenkre 	 * Map the name to gid using idmap service.
892b4a7802SBaban Kenkre 	 */
902b4a7802SBaban Kenkre 	is_wuser = -1;
912b4a7802SBaban Kenkre 	is_user = 0; /* Map name to gid */
92*1fdeec65Sjoyce mcintosh 	idmaprc = idmap_get_w2u_mapping(NULL, NULL, name, dname,
932b4a7802SBaban Kenkre 	    0, &is_user, &is_wuser, &gid, NULL, NULL, NULL);
942b4a7802SBaban Kenkre 	if (idmaprc != IDMAP_SUCCESS) {
952b4a7802SBaban Kenkre 		RESET_ERRNO();
962b4a7802SBaban Kenkre 		return ((nss_status_t)NSS_NOTFOUND);
972b4a7802SBaban Kenkre 	}
982b4a7802SBaban Kenkre 
992b4a7802SBaban Kenkre 	/* Create group(4) style string */
1002b4a7802SBaban Kenkre 	if (update_buffer(be, argp, name, dname, gid) < 0)
1012b4a7802SBaban Kenkre 		return ((nss_status_t)NSS_NOTFOUND);
1022b4a7802SBaban Kenkre 
1032b4a7802SBaban Kenkre 	/* Marshall the data, sanitize the return status and return */
1042b4a7802SBaban Kenkre 	stat = _nss_ad_marshall_data(be, argp);
1052b4a7802SBaban Kenkre 	return (_nss_ad_sanitize_status(be, argp, stat));
1062b4a7802SBaban Kenkre }
1072b4a7802SBaban Kenkre 
1082b4a7802SBaban Kenkre /*
1092b4a7802SBaban Kenkre  * getbygid gets a group entry by number. This function constructs an ldap
1102b4a7802SBaban Kenkre  * search filter using the name invocation parameter and the getgrgid search
1112b4a7802SBaban Kenkre  * filter defined. Once the filter is constructed, we searche for a matching
1122b4a7802SBaban Kenkre  * entry and marshal the data results into struct group for the frontend
1132b4a7802SBaban Kenkre  * process. The function _nss_ad_group2ent performs the data marshaling.
1142b4a7802SBaban Kenkre  */
1152b4a7802SBaban Kenkre static nss_status_t
1162b4a7802SBaban Kenkre getbygid(ad_backend_ptr be, void *a)
1172b4a7802SBaban Kenkre {
1182b4a7802SBaban Kenkre 	nss_XbyY_args_t		*argp = (nss_XbyY_args_t *)a;
1192b4a7802SBaban Kenkre 	char			*winname = NULL, *windomain = NULL;
1202b4a7802SBaban Kenkre 	nss_status_t		stat;
1212b4a7802SBaban Kenkre 
1222b4a7802SBaban Kenkre 	be->db_type = NSS_AD_DB_GROUP_BYGID;
1232b4a7802SBaban Kenkre 
1242b4a7802SBaban Kenkre 	stat = (nss_status_t)NSS_NOTFOUND;
1252b4a7802SBaban Kenkre 
1262b4a7802SBaban Kenkre 	/* nss_ad does not support non ephemeral gids */
1272b4a7802SBaban Kenkre 	if (argp->key.gid <= MAXUID)
1282b4a7802SBaban Kenkre 		goto out;
1292b4a7802SBaban Kenkre 
1302b4a7802SBaban Kenkre 	/* Map the given GID to a SID using the idmap service */
131*1fdeec65Sjoyce mcintosh 	if (idmap_get_u2w_mapping(&argp->key.gid, NULL, 0,
1322b4a7802SBaban Kenkre 	    0, NULL, NULL, NULL, &winname, &windomain,
1332b4a7802SBaban Kenkre 	    NULL, NULL) != 0) {
1342b4a7802SBaban Kenkre 		RESET_ERRNO();
1352b4a7802SBaban Kenkre 		goto out;
1362b4a7802SBaban Kenkre 	}
1372b4a7802SBaban Kenkre 
1382b4a7802SBaban Kenkre 	/*
1392b4a7802SBaban Kenkre 	 * NULL winname implies a local SID or unresolvable SID both of
1402b4a7802SBaban Kenkre 	 * which cannot be used to generated group(4) entry
1412b4a7802SBaban Kenkre 	 */
1422b4a7802SBaban Kenkre 	if (winname == NULL)
1432b4a7802SBaban Kenkre 		goto out;
1442b4a7802SBaban Kenkre 
1452b4a7802SBaban Kenkre 	/* Create group(4) style string */
1462b4a7802SBaban Kenkre 	if (update_buffer(be, argp, winname, windomain, argp->key.gid) < 0)
1472b4a7802SBaban Kenkre 		goto out;
1482b4a7802SBaban Kenkre 
1492b4a7802SBaban Kenkre 	/* Marshall the data, sanitize the return status and return */
1502b4a7802SBaban Kenkre 	stat = _nss_ad_marshall_data(be, argp);
1512b4a7802SBaban Kenkre 	stat = _nss_ad_sanitize_status(be, argp, stat);
1522b4a7802SBaban Kenkre 
1532b4a7802SBaban Kenkre out:
1542b4a7802SBaban Kenkre 	idmap_free(winname);
1552b4a7802SBaban Kenkre 	idmap_free(windomain);
1562b4a7802SBaban Kenkre 	return (stat);
1572b4a7802SBaban Kenkre }
1582b4a7802SBaban Kenkre 
1592b4a7802SBaban Kenkre static ad_backend_op_t gr_ops[] = {
1602b4a7802SBaban Kenkre 	_nss_ad_destr,
1612b4a7802SBaban Kenkre 	_nss_ad_endent,
1622b4a7802SBaban Kenkre 	_nss_ad_setent,
1632b4a7802SBaban Kenkre 	_nss_ad_getent,
1642b4a7802SBaban Kenkre 	getbynam,
1652b4a7802SBaban Kenkre 	getbygid
1662b4a7802SBaban Kenkre };
1672b4a7802SBaban Kenkre 
1682b4a7802SBaban Kenkre /*ARGSUSED0*/
1692b4a7802SBaban Kenkre nss_backend_t *
1702b4a7802SBaban Kenkre _nss_ad_group_constr(const char *dummy1, const char *dummy2,
1712b4a7802SBaban Kenkre 			const char *dummy3)
1722b4a7802SBaban Kenkre {
1732b4a7802SBaban Kenkre 
1742b4a7802SBaban Kenkre 	return ((nss_backend_t *)_nss_ad_constr(gr_ops,
1752b4a7802SBaban Kenkre 	    sizeof (gr_ops)/sizeof (gr_ops[0]), _GROUP, NULL, NULL));
1762b4a7802SBaban Kenkre }
177