18040SBaban.Kenkre@Sun.COM /*
28040SBaban.Kenkre@Sun.COM * CDDL HEADER START
38040SBaban.Kenkre@Sun.COM *
48040SBaban.Kenkre@Sun.COM * The contents of this file are subject to the terms of the
58040SBaban.Kenkre@Sun.COM * Common Development and Distribution License (the "License").
68040SBaban.Kenkre@Sun.COM * You may not use this file except in compliance with the License.
78040SBaban.Kenkre@Sun.COM *
88040SBaban.Kenkre@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
98040SBaban.Kenkre@Sun.COM * or http://www.opensolaris.org/os/licensing.
108040SBaban.Kenkre@Sun.COM * See the License for the specific language governing permissions
118040SBaban.Kenkre@Sun.COM * and limitations under the License.
128040SBaban.Kenkre@Sun.COM *
138040SBaban.Kenkre@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each
148040SBaban.Kenkre@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
158040SBaban.Kenkre@Sun.COM * If applicable, add the following below this CDDL HEADER, with the
168040SBaban.Kenkre@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying
178040SBaban.Kenkre@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner]
188040SBaban.Kenkre@Sun.COM *
198040SBaban.Kenkre@Sun.COM * CDDL HEADER END
208040SBaban.Kenkre@Sun.COM */
218040SBaban.Kenkre@Sun.COM /*
22*12914SJoyce.McIntosh@Sun.COM * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
238040SBaban.Kenkre@Sun.COM */
248040SBaban.Kenkre@Sun.COM
258040SBaban.Kenkre@Sun.COM #include <grp.h>
268040SBaban.Kenkre@Sun.COM #include <idmap.h>
278040SBaban.Kenkre@Sun.COM #include "ad_common.h"
288040SBaban.Kenkre@Sun.COM
298040SBaban.Kenkre@Sun.COM static int
update_buffer(ad_backend_ptr be,nss_XbyY_args_t * argp,const char * name,const char * domain,gid_t gid)308040SBaban.Kenkre@Sun.COM update_buffer(ad_backend_ptr be, nss_XbyY_args_t *argp,
318040SBaban.Kenkre@Sun.COM const char *name, const char *domain, gid_t gid)
328040SBaban.Kenkre@Sun.COM {
338040SBaban.Kenkre@Sun.COM int buflen;
348040SBaban.Kenkre@Sun.COM char *buffer;
358040SBaban.Kenkre@Sun.COM
368040SBaban.Kenkre@Sun.COM if (domain == NULL)
378040SBaban.Kenkre@Sun.COM domain = WK_DOMAIN;
388040SBaban.Kenkre@Sun.COM
398040SBaban.Kenkre@Sun.COM buflen = snprintf(NULL, 0, "%s@%s::%u:", name, domain, gid) + 1;
408040SBaban.Kenkre@Sun.COM
418040SBaban.Kenkre@Sun.COM if (argp->buf.result != NULL) {
428040SBaban.Kenkre@Sun.COM buffer = be->buffer = malloc(buflen);
438040SBaban.Kenkre@Sun.COM if (be->buffer == NULL)
448040SBaban.Kenkre@Sun.COM return (-1);
458040SBaban.Kenkre@Sun.COM be->buflen = buflen;
468040SBaban.Kenkre@Sun.COM } else {
478040SBaban.Kenkre@Sun.COM if (buflen > argp->buf.buflen)
488040SBaban.Kenkre@Sun.COM return (-1);
498040SBaban.Kenkre@Sun.COM buflen = argp->buf.buflen;
508040SBaban.Kenkre@Sun.COM buffer = argp->buf.buffer;
518040SBaban.Kenkre@Sun.COM }
528040SBaban.Kenkre@Sun.COM
538040SBaban.Kenkre@Sun.COM (void) snprintf(buffer, buflen, "%s@%s::%u:", name, domain, gid);
548040SBaban.Kenkre@Sun.COM return (0);
558040SBaban.Kenkre@Sun.COM }
568040SBaban.Kenkre@Sun.COM
578040SBaban.Kenkre@Sun.COM /*
588040SBaban.Kenkre@Sun.COM * getbynam gets a group entry by name. This function constructs an ldap
598040SBaban.Kenkre@Sun.COM * search filter using the name invocation parameter and the getgrnam search
608040SBaban.Kenkre@Sun.COM * filter defined. Once the filter is constructed, we search for a matching
618040SBaban.Kenkre@Sun.COM * entry and marshal the data results into struct group for the frontend
628040SBaban.Kenkre@Sun.COM * process. The function _nss_ad_group2ent performs the data marshaling.
638040SBaban.Kenkre@Sun.COM */
648040SBaban.Kenkre@Sun.COM static nss_status_t
getbynam(ad_backend_ptr be,void * a)658040SBaban.Kenkre@Sun.COM getbynam(ad_backend_ptr be, void *a)
668040SBaban.Kenkre@Sun.COM {
678040SBaban.Kenkre@Sun.COM nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
688040SBaban.Kenkre@Sun.COM char name[SEARCHFILTERLEN];
698040SBaban.Kenkre@Sun.COM char *dname;
708040SBaban.Kenkre@Sun.COM nss_status_t stat;
718040SBaban.Kenkre@Sun.COM idmap_stat idmaprc;
728040SBaban.Kenkre@Sun.COM gid_t gid;
738040SBaban.Kenkre@Sun.COM int is_user, is_wuser;
748040SBaban.Kenkre@Sun.COM
758040SBaban.Kenkre@Sun.COM be->db_type = NSS_AD_DB_GROUP_BYNAME;
768040SBaban.Kenkre@Sun.COM
778040SBaban.Kenkre@Sun.COM /* Sanitize name so that it can be used in our LDAP filter */
788040SBaban.Kenkre@Sun.COM if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
798040SBaban.Kenkre@Sun.COM return ((nss_status_t)NSS_NOTFOUND);
808040SBaban.Kenkre@Sun.COM
818040SBaban.Kenkre@Sun.COM if ((dname = strchr(name, '@')) == NULL)
828040SBaban.Kenkre@Sun.COM return ((nss_status_t)NSS_NOTFOUND);
838040SBaban.Kenkre@Sun.COM
848040SBaban.Kenkre@Sun.COM *dname = '\0';
858040SBaban.Kenkre@Sun.COM dname++;
868040SBaban.Kenkre@Sun.COM
878040SBaban.Kenkre@Sun.COM /*
888040SBaban.Kenkre@Sun.COM * Map the name to gid using idmap service.
898040SBaban.Kenkre@Sun.COM */
908040SBaban.Kenkre@Sun.COM is_wuser = -1;
918040SBaban.Kenkre@Sun.COM is_user = 0; /* Map name to gid */
92*12914SJoyce.McIntosh@Sun.COM idmaprc = idmap_get_w2u_mapping(NULL, NULL, name, dname,
938040SBaban.Kenkre@Sun.COM 0, &is_user, &is_wuser, &gid, NULL, NULL, NULL);
948040SBaban.Kenkre@Sun.COM if (idmaprc != IDMAP_SUCCESS) {
958040SBaban.Kenkre@Sun.COM RESET_ERRNO();
968040SBaban.Kenkre@Sun.COM return ((nss_status_t)NSS_NOTFOUND);
978040SBaban.Kenkre@Sun.COM }
988040SBaban.Kenkre@Sun.COM
998040SBaban.Kenkre@Sun.COM /* Create group(4) style string */
1008040SBaban.Kenkre@Sun.COM if (update_buffer(be, argp, name, dname, gid) < 0)
1018040SBaban.Kenkre@Sun.COM return ((nss_status_t)NSS_NOTFOUND);
1028040SBaban.Kenkre@Sun.COM
1038040SBaban.Kenkre@Sun.COM /* Marshall the data, sanitize the return status and return */
1048040SBaban.Kenkre@Sun.COM stat = _nss_ad_marshall_data(be, argp);
1058040SBaban.Kenkre@Sun.COM return (_nss_ad_sanitize_status(be, argp, stat));
1068040SBaban.Kenkre@Sun.COM }
1078040SBaban.Kenkre@Sun.COM
1088040SBaban.Kenkre@Sun.COM /*
1098040SBaban.Kenkre@Sun.COM * getbygid gets a group entry by number. This function constructs an ldap
1108040SBaban.Kenkre@Sun.COM * search filter using the name invocation parameter and the getgrgid search
1118040SBaban.Kenkre@Sun.COM * filter defined. Once the filter is constructed, we searche for a matching
1128040SBaban.Kenkre@Sun.COM * entry and marshal the data results into struct group for the frontend
1138040SBaban.Kenkre@Sun.COM * process. The function _nss_ad_group2ent performs the data marshaling.
1148040SBaban.Kenkre@Sun.COM */
1158040SBaban.Kenkre@Sun.COM static nss_status_t
getbygid(ad_backend_ptr be,void * a)1168040SBaban.Kenkre@Sun.COM getbygid(ad_backend_ptr be, void *a)
1178040SBaban.Kenkre@Sun.COM {
1188040SBaban.Kenkre@Sun.COM nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
1198040SBaban.Kenkre@Sun.COM char *winname = NULL, *windomain = NULL;
1208040SBaban.Kenkre@Sun.COM nss_status_t stat;
1218040SBaban.Kenkre@Sun.COM
1228040SBaban.Kenkre@Sun.COM be->db_type = NSS_AD_DB_GROUP_BYGID;
1238040SBaban.Kenkre@Sun.COM
1248040SBaban.Kenkre@Sun.COM stat = (nss_status_t)NSS_NOTFOUND;
1258040SBaban.Kenkre@Sun.COM
1268040SBaban.Kenkre@Sun.COM /* nss_ad does not support non ephemeral gids */
1278040SBaban.Kenkre@Sun.COM if (argp->key.gid <= MAXUID)
1288040SBaban.Kenkre@Sun.COM goto out;
1298040SBaban.Kenkre@Sun.COM
1308040SBaban.Kenkre@Sun.COM /* Map the given GID to a SID using the idmap service */
131*12914SJoyce.McIntosh@Sun.COM if (idmap_get_u2w_mapping(&argp->key.gid, NULL, 0,
1328040SBaban.Kenkre@Sun.COM 0, NULL, NULL, NULL, &winname, &windomain,
1338040SBaban.Kenkre@Sun.COM NULL, NULL) != 0) {
1348040SBaban.Kenkre@Sun.COM RESET_ERRNO();
1358040SBaban.Kenkre@Sun.COM goto out;
1368040SBaban.Kenkre@Sun.COM }
1378040SBaban.Kenkre@Sun.COM
1388040SBaban.Kenkre@Sun.COM /*
1398040SBaban.Kenkre@Sun.COM * NULL winname implies a local SID or unresolvable SID both of
1408040SBaban.Kenkre@Sun.COM * which cannot be used to generated group(4) entry
1418040SBaban.Kenkre@Sun.COM */
1428040SBaban.Kenkre@Sun.COM if (winname == NULL)
1438040SBaban.Kenkre@Sun.COM goto out;
1448040SBaban.Kenkre@Sun.COM
1458040SBaban.Kenkre@Sun.COM /* Create group(4) style string */
1468040SBaban.Kenkre@Sun.COM if (update_buffer(be, argp, winname, windomain, argp->key.gid) < 0)
1478040SBaban.Kenkre@Sun.COM goto out;
1488040SBaban.Kenkre@Sun.COM
1498040SBaban.Kenkre@Sun.COM /* Marshall the data, sanitize the return status and return */
1508040SBaban.Kenkre@Sun.COM stat = _nss_ad_marshall_data(be, argp);
1518040SBaban.Kenkre@Sun.COM stat = _nss_ad_sanitize_status(be, argp, stat);
1528040SBaban.Kenkre@Sun.COM
1538040SBaban.Kenkre@Sun.COM out:
1548040SBaban.Kenkre@Sun.COM idmap_free(winname);
1558040SBaban.Kenkre@Sun.COM idmap_free(windomain);
1568040SBaban.Kenkre@Sun.COM return (stat);
1578040SBaban.Kenkre@Sun.COM }
1588040SBaban.Kenkre@Sun.COM
1598040SBaban.Kenkre@Sun.COM static ad_backend_op_t gr_ops[] = {
1608040SBaban.Kenkre@Sun.COM _nss_ad_destr,
1618040SBaban.Kenkre@Sun.COM _nss_ad_endent,
1628040SBaban.Kenkre@Sun.COM _nss_ad_setent,
1638040SBaban.Kenkre@Sun.COM _nss_ad_getent,
1648040SBaban.Kenkre@Sun.COM getbynam,
1658040SBaban.Kenkre@Sun.COM getbygid
1668040SBaban.Kenkre@Sun.COM };
1678040SBaban.Kenkre@Sun.COM
1688040SBaban.Kenkre@Sun.COM /*ARGSUSED0*/
1698040SBaban.Kenkre@Sun.COM nss_backend_t *
_nss_ad_group_constr(const char * dummy1,const char * dummy2,const char * dummy3)1708040SBaban.Kenkre@Sun.COM _nss_ad_group_constr(const char *dummy1, const char *dummy2,
1718040SBaban.Kenkre@Sun.COM const char *dummy3)
1728040SBaban.Kenkre@Sun.COM {
1738040SBaban.Kenkre@Sun.COM
1748040SBaban.Kenkre@Sun.COM return ((nss_backend_t *)_nss_ad_constr(gr_ops,
1758040SBaban.Kenkre@Sun.COM sizeof (gr_ops)/sizeof (gr_ops[0]), _GROUP, NULL, NULL));
1768040SBaban.Kenkre@Sun.COM }
177