10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5*2830Sdjl * Common Development and Distribution License (the "License").
6*2830Sdjl * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate /*
22*2830Sdjl * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
230Sstevel@tonic-gate * Use is subject to license terms.
240Sstevel@tonic-gate */
250Sstevel@tonic-gate
260Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
270Sstevel@tonic-gate
280Sstevel@tonic-gate #include <secdb.h>
290Sstevel@tonic-gate #include "ldap_common.h"
300Sstevel@tonic-gate #include <bsm/libbsm.h>
310Sstevel@tonic-gate
320Sstevel@tonic-gate
330Sstevel@tonic-gate /* audit_user attributes */
340Sstevel@tonic-gate #define _AU_NAME "uid"
350Sstevel@tonic-gate #define _AU_ALWAYS "SolarisAuditAlways"
360Sstevel@tonic-gate #define _AU_NEVER "SolarisAuditNever"
370Sstevel@tonic-gate #define _AU_GETAUUSERNAME "(&(objectClass=SolarisAuditUser)(uid=%s))"
380Sstevel@tonic-gate #define _AU_GETAUUSERNAME_SSD "(&(%%s)(uid=%s))"
390Sstevel@tonic-gate
400Sstevel@tonic-gate
410Sstevel@tonic-gate static const char *auuser_attrs[] = {
420Sstevel@tonic-gate _AU_NAME,
430Sstevel@tonic-gate _AU_ALWAYS,
440Sstevel@tonic-gate _AU_NEVER,
450Sstevel@tonic-gate (char *)NULL
460Sstevel@tonic-gate };
47*2830Sdjl /*
48*2830Sdjl * _nss_ldap_au2str is the data marshaling method for the audit_user
49*2830Sdjl * system call getauusernam, getauusernam_r, getauuserent and getauuserent_r.
50*2830Sdjl * This method is called after a successful search has been performed.
51*2830Sdjl * This method will parse the search results into the file format.
52*2830Sdjl * e.g.
53*2830Sdjl *
54*2830Sdjl * root:lo:no
55*2830Sdjl *
56*2830Sdjl */
570Sstevel@tonic-gate static int
_nss_ldap_au2str(ldap_backend_ptr be,nss_XbyY_args_t * argp)58*2830Sdjl _nss_ldap_au2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
590Sstevel@tonic-gate {
60*2830Sdjl int nss_result;
61*2830Sdjl int buflen = 0;
620Sstevel@tonic-gate unsigned long len = 0L;
63*2830Sdjl char *buffer = NULL;
640Sstevel@tonic-gate ns_ldap_result_t *result = be->result;
65*2830Sdjl char **name, **al, **ne, *al_str, *ne_str;
660Sstevel@tonic-gate
67*2830Sdjl if (result == NULL)
68*2830Sdjl return (NSS_STR_PARSE_PARSE);
69*2830Sdjl
70*2830Sdjl buflen = argp->buf.buflen;
71*2830Sdjl nss_result = NSS_STR_PARSE_SUCCESS;
720Sstevel@tonic-gate (void) memset(argp->buf.buffer, 0, buflen);
730Sstevel@tonic-gate
74*2830Sdjl name = __ns_ldap_getAttr(result->entry, _AU_NAME);
75*2830Sdjl if (name == NULL || name[0] == NULL ||
76*2830Sdjl (strlen(name[0]) < 1)) {
77*2830Sdjl nss_result = NSS_STR_PARSE_PARSE;
78*2830Sdjl goto result_au2str;
790Sstevel@tonic-gate }
80*2830Sdjl al = __ns_ldap_getAttr(result->entry, _AU_ALWAYS);
81*2830Sdjl if (al == NULL || al[0] == NULL || (strlen(al[0]) < 1))
82*2830Sdjl al_str = _NO_VALUE;
83*2830Sdjl else
84*2830Sdjl al_str = al[0];
85*2830Sdjl
86*2830Sdjl ne = __ns_ldap_getAttr(result->entry, _AU_NEVER);
87*2830Sdjl if (ne == NULL || ne[0] == NULL || (strlen(ne[0]) < 1))
88*2830Sdjl ne_str = _NO_VALUE;
89*2830Sdjl else
90*2830Sdjl ne_str = ne[0];
91*2830Sdjl
92*2830Sdjl /* 3 = 2 ':' + 1 '\0' */
93*2830Sdjl len = strlen(name[0]) + strlen(al_str) + strlen(ne_str) + 3;
94*2830Sdjl if (len > buflen) {
95*2830Sdjl nss_result = NSS_STR_PARSE_ERANGE;
96*2830Sdjl goto result_au2str;
970Sstevel@tonic-gate }
980Sstevel@tonic-gate
99*2830Sdjl if (argp->buf.result != NULL) {
100*2830Sdjl if ((be->buffer = calloc(1, len)) == NULL) {
101*2830Sdjl nss_result = NSS_STR_PARSE_PARSE;
102*2830Sdjl goto result_au2str;
103*2830Sdjl }
104*2830Sdjl buffer = be->buffer;
105*2830Sdjl } else
106*2830Sdjl buffer = argp->buf.buffer;
107*2830Sdjl (void) snprintf(buffer, len, "%s:%s:%s",
108*2830Sdjl name[0], al_str, ne_str);
109*2830Sdjl /* The front end marshaller doesn't need the trailing null */
110*2830Sdjl if (argp->buf.result != NULL)
111*2830Sdjl be->buflen = strlen(be->buffer);
1120Sstevel@tonic-gate
113*2830Sdjl result_au2str:
1140Sstevel@tonic-gate (void) __ns_ldap_freeResult(&be->result);
1150Sstevel@tonic-gate return ((int)nss_result);
1160Sstevel@tonic-gate }
1170Sstevel@tonic-gate
1180Sstevel@tonic-gate
1190Sstevel@tonic-gate static nss_status_t
getbyname(ldap_backend_ptr be,void * a)1200Sstevel@tonic-gate getbyname(ldap_backend_ptr be, void *a)
1210Sstevel@tonic-gate {
1220Sstevel@tonic-gate char searchfilter[SEARCHFILTERLEN];
1230Sstevel@tonic-gate char userdata[SEARCHFILTERLEN];
1240Sstevel@tonic-gate char name[SEARCHFILTERLEN];
1250Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
1260Sstevel@tonic-gate int ret;
1270Sstevel@tonic-gate
1280Sstevel@tonic-gate if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
1290Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND);
1300Sstevel@tonic-gate
1310Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter),
1320Sstevel@tonic-gate _AU_GETAUUSERNAME, name);
1330Sstevel@tonic-gate
1340Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0)
1350Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND);
1360Sstevel@tonic-gate
1370Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata),
1380Sstevel@tonic-gate _AU_GETAUUSERNAME_SSD, name);
1390Sstevel@tonic-gate
1400Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0)
1410Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND);
1420Sstevel@tonic-gate
1430Sstevel@tonic-gate return (_nss_ldap_lookup(be, argp, _AUUSER, searchfilter, NULL,
1440Sstevel@tonic-gate _merge_SSD_filter, userdata));
1450Sstevel@tonic-gate }
1460Sstevel@tonic-gate
1470Sstevel@tonic-gate
1480Sstevel@tonic-gate static ldap_backend_op_t auuser_ops[] = {
1490Sstevel@tonic-gate _nss_ldap_destr,
1500Sstevel@tonic-gate _nss_ldap_endent,
1510Sstevel@tonic-gate _nss_ldap_setent,
1520Sstevel@tonic-gate _nss_ldap_getent,
1530Sstevel@tonic-gate getbyname
1540Sstevel@tonic-gate };
1550Sstevel@tonic-gate
1560Sstevel@tonic-gate
1570Sstevel@tonic-gate /*ARGSUSED0*/
1580Sstevel@tonic-gate nss_backend_t *
_nss_ldap_audit_user_constr(const char * dummy1,const char * dummy2,const char * dummy3,const char * dummy4,const char * dummy5)1590Sstevel@tonic-gate _nss_ldap_audit_user_constr(const char *dummy1,
1600Sstevel@tonic-gate const char *dummy2,
1610Sstevel@tonic-gate const char *dummy3,
1620Sstevel@tonic-gate const char *dummy4,
1630Sstevel@tonic-gate const char *dummy5)
1640Sstevel@tonic-gate {
1650Sstevel@tonic-gate return ((nss_backend_t *)_nss_ldap_constr(auuser_ops,
1660Sstevel@tonic-gate sizeof (auuser_ops)/sizeof (auuser_ops[0]), _AUUSER,
167*2830Sdjl auuser_attrs, _nss_ldap_au2str));
1680Sstevel@tonic-gate }
169