10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
52830Sdjl * Common Development and Distribution License (the "License").
62830Sdjl * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate /*
22*10020SJoep.Vesseur@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
230Sstevel@tonic-gate * Use is subject to license terms.
240Sstevel@tonic-gate */
250Sstevel@tonic-gate
260Sstevel@tonic-gate #include <secdb.h>
270Sstevel@tonic-gate #include <exec_attr.h>
280Sstevel@tonic-gate #include "ldap_common.h"
290Sstevel@tonic-gate
300Sstevel@tonic-gate
310Sstevel@tonic-gate /* exec_attr attributes filters */
320Sstevel@tonic-gate #define ISWILD(x) (x == NULL) ? "*" : x
330Sstevel@tonic-gate #define _EXEC_NAME "cn"
340Sstevel@tonic-gate #define _EXEC_POLICY "SolarisKernelSecurityPolicy"
350Sstevel@tonic-gate #define _EXEC_TYPE "SolarisProfileType"
360Sstevel@tonic-gate #define _EXEC_RES1 "SolarisAttrRes1"
370Sstevel@tonic-gate #define _EXEC_RES2 "SolarisAttrRes2"
380Sstevel@tonic-gate #define _EXEC_ID "SolarisProfileId"
390Sstevel@tonic-gate #define _EXEC_ATTRS "SolarisAttrKeyValue"
400Sstevel@tonic-gate #define _EXEC_GETEXECNAME "(&(objectClass=SolarisExecAttr)(cn=%s)"\
410Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\
420Sstevel@tonic-gate "(SolarisProfileType=%s))"
430Sstevel@tonic-gate #define _EXEC_GETEXECNAME_SSD "(&(%%s)(cn=%s)"\
440Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\
450Sstevel@tonic-gate "(SolarisProfileType=%s))"
460Sstevel@tonic-gate #define _EXEC_GETEXECID "(&(objectClass=SolarisExecAttr)"\
470Sstevel@tonic-gate "(SolarisProfileId=%s)"\
480Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\
490Sstevel@tonic-gate "(SolarisProfileType=%s))"
500Sstevel@tonic-gate #define _EXEC_GETEXECID_SSD "(&(%%s)"\
510Sstevel@tonic-gate "(SolarisProfileId=%s)"\
520Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\
530Sstevel@tonic-gate "(SolarisProfileType=%s))"
540Sstevel@tonic-gate #define _EXEC_GETEXECNAMEID "(&(objectClass=SolarisExecAttr)(cn=%s)"\
550Sstevel@tonic-gate "(SolarisProfileId=%s)"\
560Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\
570Sstevel@tonic-gate "(SolarisProfileType=%s))"
580Sstevel@tonic-gate #define _EXEC_GETEXECNAMEID_SSD "(&(%%s)(cn=%s)"\
590Sstevel@tonic-gate "(SolarisProfileId=%s)"\
600Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\
610Sstevel@tonic-gate "(SolarisProfileType=%s))"
620Sstevel@tonic-gate
630Sstevel@tonic-gate
640Sstevel@tonic-gate /* from libnsl */
650Sstevel@tonic-gate extern int _doexeclist(nss_XbyY_args_t *);
660Sstevel@tonic-gate extern char *_exec_wild_id(char *, const char *);
670Sstevel@tonic-gate extern void _exec_cleanup(nss_status_t, nss_XbyY_args_t *);
680Sstevel@tonic-gate
690Sstevel@tonic-gate
700Sstevel@tonic-gate static const char *exec_attrs[] = {
710Sstevel@tonic-gate _EXEC_NAME,
720Sstevel@tonic-gate _EXEC_POLICY,
730Sstevel@tonic-gate _EXEC_TYPE,
740Sstevel@tonic-gate _EXEC_RES1,
750Sstevel@tonic-gate _EXEC_RES2,
760Sstevel@tonic-gate _EXEC_ID,
770Sstevel@tonic-gate _EXEC_ATTRS,
780Sstevel@tonic-gate (char *)NULL
790Sstevel@tonic-gate };
800Sstevel@tonic-gate
810Sstevel@tonic-gate
820Sstevel@tonic-gate #ifdef DEBUG
830Sstevel@tonic-gate static void
_print_execstr(execstr_t * exec)840Sstevel@tonic-gate _print_execstr(execstr_t *exec)
850Sstevel@tonic-gate {
860Sstevel@tonic-gate
870Sstevel@tonic-gate (void) fprintf(stdout, " exec-name: [%s]\n", exec->name);
880Sstevel@tonic-gate if (exec->policy != (char *)NULL) {
890Sstevel@tonic-gate (void) fprintf(stdout, " policy: [%s]\n", exec->policy);
900Sstevel@tonic-gate }
910Sstevel@tonic-gate if (exec->type != (char *)NULL) {
920Sstevel@tonic-gate (void) fprintf(stdout, " type: [%s]\n", exec->type);
930Sstevel@tonic-gate }
940Sstevel@tonic-gate if (exec->res1 != (char *)NULL) {
950Sstevel@tonic-gate (void) fprintf(stdout, " res1: [%s]\n", exec->res1);
960Sstevel@tonic-gate }
970Sstevel@tonic-gate if (exec->res2 != (char *)NULL) {
980Sstevel@tonic-gate (void) fprintf(stdout, " res2: [%s]\n", exec->res2);
990Sstevel@tonic-gate }
1000Sstevel@tonic-gate if (exec->id != (char *)NULL) {
1010Sstevel@tonic-gate (void) fprintf(stdout, " id: [%s]\n", exec->id);
1020Sstevel@tonic-gate }
1030Sstevel@tonic-gate if (exec->attr != (char *)NULL) {
1040Sstevel@tonic-gate (void) fprintf(stdout, " attr: [%s]\n", exec->attr);
1050Sstevel@tonic-gate }
1060Sstevel@tonic-gate if (exec->next != (execstr_t *)NULL) {
1070Sstevel@tonic-gate (void) fprintf(stdout, " next: [%s]\n", exec->next->name);
1080Sstevel@tonic-gate (void) fprintf(stdout, "\n");
1090Sstevel@tonic-gate _print_execstr(exec->next);
1100Sstevel@tonic-gate }
1110Sstevel@tonic-gate }
1120Sstevel@tonic-gate #endif /* DEBUG */
1130Sstevel@tonic-gate
1140Sstevel@tonic-gate
1150Sstevel@tonic-gate static int
_exec_ldap_exec2ent(ns_ldap_entry_t * entry,nss_XbyY_args_t * argp)1160Sstevel@tonic-gate _exec_ldap_exec2ent(ns_ldap_entry_t *entry, nss_XbyY_args_t *argp)
1170Sstevel@tonic-gate {
1180Sstevel@tonic-gate
1190Sstevel@tonic-gate int i;
1200Sstevel@tonic-gate unsigned long len = 0L;
1210Sstevel@tonic-gate int buflen = (int)0;
1220Sstevel@tonic-gate char *nullstring = (char *)NULL;
1230Sstevel@tonic-gate char *buffer = (char *)NULL;
1240Sstevel@tonic-gate char *ceiling = (char *)NULL;
1250Sstevel@tonic-gate execstr_t *exec = (execstr_t *)NULL;
1260Sstevel@tonic-gate ns_ldap_attr_t *attrptr;
1270Sstevel@tonic-gate
1280Sstevel@tonic-gate buffer = argp->buf.buffer;
1290Sstevel@tonic-gate buflen = (size_t)argp->buf.buflen;
1300Sstevel@tonic-gate (void) memset(argp->buf.buffer, 0, buflen);
1310Sstevel@tonic-gate exec = (execstr_t *)(argp->buf.result);
1320Sstevel@tonic-gate ceiling = buffer + buflen;
1330Sstevel@tonic-gate exec->name = (char *)NULL;
1340Sstevel@tonic-gate exec->policy = (char *)NULL;
1350Sstevel@tonic-gate exec->type = (char *)NULL;
1360Sstevel@tonic-gate exec->res1 = (char *)NULL;
1370Sstevel@tonic-gate exec->res2 = (char *)NULL;
1380Sstevel@tonic-gate exec->id = (char *)NULL;
1390Sstevel@tonic-gate exec->attr = (char *)NULL;
1400Sstevel@tonic-gate
1410Sstevel@tonic-gate for (i = 0; i < entry->attr_count; i++) {
1420Sstevel@tonic-gate attrptr = entry->attr_pair[i];
1430Sstevel@tonic-gate if (attrptr == NULL) {
1440Sstevel@tonic-gate return ((int)NSS_STR_PARSE_PARSE);
1450Sstevel@tonic-gate }
1460Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_NAME) == 0) {
1470Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) ||
1480Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) {
1490Sstevel@tonic-gate return ((int)NSS_STR_PARSE_PARSE);
1500Sstevel@tonic-gate }
1510Sstevel@tonic-gate exec->name = buffer;
1520Sstevel@tonic-gate buffer += len + 1;
1530Sstevel@tonic-gate if (buffer >= ceiling) {
1540Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE);
1550Sstevel@tonic-gate }
1560Sstevel@tonic-gate (void) strcpy(exec->name, attrptr->attrvalue[0]);
1570Sstevel@tonic-gate continue;
1580Sstevel@tonic-gate }
1590Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_POLICY) == 0) {
1600Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) ||
1610Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) {
1620Sstevel@tonic-gate exec->policy = nullstring;
1630Sstevel@tonic-gate } else {
1640Sstevel@tonic-gate exec->policy = buffer;
1650Sstevel@tonic-gate buffer += len + 1;
1660Sstevel@tonic-gate if (buffer >= ceiling) {
1670Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE);
1680Sstevel@tonic-gate }
1690Sstevel@tonic-gate (void) strcpy(exec->policy,
1700Sstevel@tonic-gate attrptr->attrvalue[0]);
1710Sstevel@tonic-gate }
1720Sstevel@tonic-gate continue;
1730Sstevel@tonic-gate }
1740Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_TYPE) == 0) {
1750Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) ||
1760Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) {
1770Sstevel@tonic-gate exec->type = nullstring;
1780Sstevel@tonic-gate } else {
1790Sstevel@tonic-gate exec->type = buffer;
1800Sstevel@tonic-gate buffer += len + 1;
1810Sstevel@tonic-gate if (buffer >= ceiling) {
1820Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE);
1830Sstevel@tonic-gate }
1840Sstevel@tonic-gate (void) strcpy(exec->type,
1850Sstevel@tonic-gate attrptr->attrvalue[0]);
1860Sstevel@tonic-gate }
1870Sstevel@tonic-gate continue;
1880Sstevel@tonic-gate }
1890Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_RES1) == 0) {
1900Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) ||
1910Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) {
1920Sstevel@tonic-gate exec->res1 = nullstring;
1930Sstevel@tonic-gate } else {
1940Sstevel@tonic-gate exec->res1 = buffer;
1950Sstevel@tonic-gate buffer += len + 1;
1960Sstevel@tonic-gate if (buffer >= ceiling) {
1970Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE);
1980Sstevel@tonic-gate }
1990Sstevel@tonic-gate (void) strcpy(exec->res1,
2000Sstevel@tonic-gate attrptr->attrvalue[0]);
2010Sstevel@tonic-gate }
2020Sstevel@tonic-gate continue;
2030Sstevel@tonic-gate }
2040Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_RES2) == 0) {
2050Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) ||
2060Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) {
2070Sstevel@tonic-gate exec->res2 = nullstring;
2080Sstevel@tonic-gate } else {
2090Sstevel@tonic-gate exec->res2 = buffer;
2100Sstevel@tonic-gate buffer += len + 1;
2110Sstevel@tonic-gate if (buffer >= ceiling) {
2120Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE);
2130Sstevel@tonic-gate }
2140Sstevel@tonic-gate (void) strcpy(exec->res2,
2150Sstevel@tonic-gate attrptr->attrvalue[0]);
2160Sstevel@tonic-gate }
2170Sstevel@tonic-gate continue;
2180Sstevel@tonic-gate }
2190Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_ID) == 0) {
2200Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) ||
2210Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) {
2220Sstevel@tonic-gate exec->id = nullstring;
2230Sstevel@tonic-gate } else {
2240Sstevel@tonic-gate exec->id = buffer;
2250Sstevel@tonic-gate buffer += len + 1;
2260Sstevel@tonic-gate if (buffer >= ceiling) {
2270Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE);
2280Sstevel@tonic-gate }
2290Sstevel@tonic-gate (void) strcpy(exec->id, attrptr->attrvalue[0]);
2300Sstevel@tonic-gate }
2310Sstevel@tonic-gate continue;
2320Sstevel@tonic-gate }
2330Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_ATTRS) == 0) {
2340Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) ||
2350Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) {
2360Sstevel@tonic-gate exec->attr = nullstring;
2370Sstevel@tonic-gate } else {
2380Sstevel@tonic-gate exec->attr = buffer;
2390Sstevel@tonic-gate buffer += len + 1;
2400Sstevel@tonic-gate if (buffer >= ceiling) {
2410Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE);
2420Sstevel@tonic-gate }
2430Sstevel@tonic-gate (void) strcpy(exec->attr,
2440Sstevel@tonic-gate attrptr->attrvalue[0]);
2450Sstevel@tonic-gate }
2460Sstevel@tonic-gate continue;
2470Sstevel@tonic-gate }
2480Sstevel@tonic-gate }
2490Sstevel@tonic-gate
2500Sstevel@tonic-gate exec->next = (execstr_t *)NULL;
2510Sstevel@tonic-gate
2520Sstevel@tonic-gate #ifdef DEBUG
2530Sstevel@tonic-gate (void) fprintf(stdout, "\n[getexecattr.c: _exec_ldap_exec2ent]\n");
2540Sstevel@tonic-gate _print_execstr(exec);
2550Sstevel@tonic-gate #endif /* DEBUG */
2560Sstevel@tonic-gate
2570Sstevel@tonic-gate return ((int)NSS_STR_PARSE_SUCCESS);
2580Sstevel@tonic-gate }
2590Sstevel@tonic-gate
2600Sstevel@tonic-gate
2610Sstevel@tonic-gate /*
2622830Sdjl * place the results from ldap object structure into the file format
2630Sstevel@tonic-gate * returns NSS_STR_PARSE_{SUCCESS, ERANGE, PARSE}
2640Sstevel@tonic-gate */
2650Sstevel@tonic-gate static int
_nss_ldap_exec2str(ldap_backend_ptr be,nss_XbyY_args_t * argp)2662830Sdjl _nss_ldap_exec2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
2670Sstevel@tonic-gate {
2682830Sdjl int status = NSS_STR_PARSE_SUCCESS;
2690Sstevel@tonic-gate ns_ldap_result_t *result = be->result;
2702830Sdjl int len;
2712830Sdjl char *buffer, **name, **policy, **type;
2722830Sdjl char **res1, **res2, **id, **attr;
2732830Sdjl char *policy_str, *type_str, *res1_str, *res2_str;
2742830Sdjl char *id_str, *attr_str;
2750Sstevel@tonic-gate
2762830Sdjl if (result == NULL)
2772830Sdjl return (NSS_STR_PARSE_PARSE);
2782830Sdjl
2792830Sdjl (void) memset(argp->buf.buffer, 0, argp->buf.buflen);
2802830Sdjl
2812830Sdjl name = __ns_ldap_getAttr(result->entry, _EXEC_NAME);
2822830Sdjl if (name == NULL || name[0] == NULL ||
283*10020SJoep.Vesseur@Sun.COM (strlen(name[0]) < 1)) {
2842830Sdjl status = NSS_STR_PARSE_PARSE;
2852830Sdjl goto result_exec2str;
2860Sstevel@tonic-gate }
2870Sstevel@tonic-gate
2882830Sdjl policy = __ns_ldap_getAttr(result->entry, _EXEC_POLICY);
2892830Sdjl
2902830Sdjl if (policy == NULL || policy[0] == NULL)
2912830Sdjl policy_str = _NO_VALUE;
2922830Sdjl else
2932830Sdjl policy_str = policy[0];
2942830Sdjl
2952830Sdjl type = __ns_ldap_getAttr(result->entry, _EXEC_TYPE);
2962830Sdjl if (type == NULL || type[0] == NULL)
2972830Sdjl type_str = _NO_VALUE;
2982830Sdjl else
2992830Sdjl type_str = type[0];
3002830Sdjl
3012830Sdjl res1 = __ns_ldap_getAttr(result->entry, _EXEC_RES1);
3022830Sdjl if (res1 == NULL || res1[0] == NULL)
3032830Sdjl res1_str = _NO_VALUE;
3042830Sdjl else
3052830Sdjl res1_str = res1[0];
3062830Sdjl
3072830Sdjl res2 = __ns_ldap_getAttr(result->entry, _EXEC_RES2);
3082830Sdjl if (res2 == NULL || res2[0] == NULL)
3092830Sdjl res2_str = _NO_VALUE;
3102830Sdjl else
3112830Sdjl res2_str = res2[0];
3122830Sdjl
3132830Sdjl id = __ns_ldap_getAttr(result->entry, _EXEC_ID);
3142830Sdjl if (id == NULL || id[0] == NULL)
3152830Sdjl id_str = _NO_VALUE;
3162830Sdjl else
3172830Sdjl id_str = id[0];
3182830Sdjl
3192830Sdjl attr = __ns_ldap_getAttr(result->entry, _EXEC_ATTRS);
3202830Sdjl if (attr == NULL || attr[0] == NULL)
3212830Sdjl attr_str = _NO_VALUE;
3222830Sdjl else
3232830Sdjl attr_str = attr[0];
3242830Sdjl
3252830Sdjl /* 7 = 6 ':' + 1 '\0' */
3262830Sdjl len = strlen(name[0]) + strlen(policy_str) + strlen(type_str) +
327*10020SJoep.Vesseur@Sun.COM strlen(res1_str) + strlen(res2_str) + strlen(id_str) +
328*10020SJoep.Vesseur@Sun.COM strlen(attr_str) + 7;
3292830Sdjl
3302830Sdjl if (len > argp->buf.buflen) {
3312830Sdjl status = NSS_STR_PARSE_ERANGE;
3322830Sdjl goto result_exec2str;
3332830Sdjl }
3342830Sdjl if (argp->buf.result != NULL) {
3352830Sdjl if ((be->buffer = calloc(1, len)) == NULL) {
3362830Sdjl status = NSS_STR_PARSE_PARSE;
3372830Sdjl goto result_exec2str;
3380Sstevel@tonic-gate }
3392830Sdjl buffer = be->buffer;
3402830Sdjl } else
3412830Sdjl buffer = argp->buf.buffer;
3420Sstevel@tonic-gate
3432830Sdjl (void) snprintf(buffer, len, "%s:%s:%s:%s:%s:%s:%s",
344*10020SJoep.Vesseur@Sun.COM name[0], policy_str, type_str, res1_str,
345*10020SJoep.Vesseur@Sun.COM res2_str, id_str, attr_str);
3462830Sdjl /* The front end marshaller does not need the trailing null */
3472830Sdjl if (argp->buf.result != NULL)
3482830Sdjl be->buflen = strlen(buffer);
3492830Sdjl result_exec2str:
3500Sstevel@tonic-gate (void) __ns_ldap_freeResult(&be->result);
3510Sstevel@tonic-gate return (status);
3520Sstevel@tonic-gate }
3530Sstevel@tonic-gate
3540Sstevel@tonic-gate
3550Sstevel@tonic-gate static nss_status_t
_exec_process_val(ldap_backend_ptr be,nss_XbyY_args_t * argp)3560Sstevel@tonic-gate _exec_process_val(ldap_backend_ptr be, nss_XbyY_args_t *argp)
3570Sstevel@tonic-gate {
3580Sstevel@tonic-gate int status;
3590Sstevel@tonic-gate nss_status_t nss_stat = NSS_UNAVAIL;
3600Sstevel@tonic-gate ns_ldap_attr_t *attrptr;
3610Sstevel@tonic-gate ns_ldap_entry_t *entry;
3620Sstevel@tonic-gate ns_ldap_result_t *result = be->result;
3630Sstevel@tonic-gate _priv_execattr *_priv_exec = (_priv_execattr *)(argp->key.attrp);
3640Sstevel@tonic-gate
3650Sstevel@tonic-gate argp->returnval = NULL;
3660Sstevel@tonic-gate attrptr = getattr(result, 0);
3670Sstevel@tonic-gate if (attrptr == NULL) {
3680Sstevel@tonic-gate (void) __ns_ldap_freeResult(&be->result);
3690Sstevel@tonic-gate return (nss_stat);
3700Sstevel@tonic-gate }
3710Sstevel@tonic-gate for (entry = result->entry; entry != NULL; entry = entry->next) {
3720Sstevel@tonic-gate status = _exec_ldap_exec2ent(entry, argp);
3730Sstevel@tonic-gate switch (status) {
3740Sstevel@tonic-gate case NSS_STR_PARSE_SUCCESS:
3750Sstevel@tonic-gate argp->returnval = argp->buf.result;
3760Sstevel@tonic-gate nss_stat = NSS_SUCCESS;
377*10020SJoep.Vesseur@Sun.COM if (IS_GET_ALL(_priv_exec->search_flag)) {
3780Sstevel@tonic-gate if (_doexeclist(argp) == 0) {
3790Sstevel@tonic-gate nss_stat = NSS_UNAVAIL;
3800Sstevel@tonic-gate }
3810Sstevel@tonic-gate }
3820Sstevel@tonic-gate break;
3830Sstevel@tonic-gate case NSS_STR_PARSE_ERANGE:
3840Sstevel@tonic-gate argp->erange = 1;
3850Sstevel@tonic-gate nss_stat = NSS_NOTFOUND;
3860Sstevel@tonic-gate break;
3870Sstevel@tonic-gate case NSS_STR_PARSE_PARSE:
3880Sstevel@tonic-gate nss_stat = NSS_NOTFOUND;
3890Sstevel@tonic-gate break;
3900Sstevel@tonic-gate default:
3910Sstevel@tonic-gate nss_stat = NSS_UNAVAIL;
3920Sstevel@tonic-gate break;
3930Sstevel@tonic-gate }
3940Sstevel@tonic-gate
395*10020SJoep.Vesseur@Sun.COM if (IS_GET_ONE(_priv_exec->search_flag) ||
3960Sstevel@tonic-gate (nss_stat != NSS_SUCCESS)) {
3970Sstevel@tonic-gate break;
3980Sstevel@tonic-gate }
3990Sstevel@tonic-gate }
4000Sstevel@tonic-gate
4010Sstevel@tonic-gate return (nss_stat);
4020Sstevel@tonic-gate }
4030Sstevel@tonic-gate
4040Sstevel@tonic-gate
4050Sstevel@tonic-gate /*
4060Sstevel@tonic-gate * Check if we have either an exact match or a wild-card entry for that id.
4070Sstevel@tonic-gate */
4080Sstevel@tonic-gate static nss_status_t
get_wild(ldap_backend_ptr be,nss_XbyY_args_t * argp,int getby_flag)4090Sstevel@tonic-gate get_wild(ldap_backend_ptr be, nss_XbyY_args_t *argp, int getby_flag)
4100Sstevel@tonic-gate {
4110Sstevel@tonic-gate char *dup_id = NULL;
4120Sstevel@tonic-gate char *wild_id;
4130Sstevel@tonic-gate char searchfilter[SEARCHFILTERLEN];
4140Sstevel@tonic-gate char userdata[SEARCHFILTERLEN];
4150Sstevel@tonic-gate char name[SEARCHFILTERLEN];
4160Sstevel@tonic-gate char id[SEARCHFILTERLEN];
4170Sstevel@tonic-gate int ret;
4180Sstevel@tonic-gate nss_status_t nss_stat = NSS_NOTFOUND;
4190Sstevel@tonic-gate _priv_execattr *_priv_exec = (_priv_execattr *)(argp->key.attrp);
4200Sstevel@tonic-gate const char *policy = _priv_exec->policy;
4210Sstevel@tonic-gate const char *type = _priv_exec->type;
4220Sstevel@tonic-gate
4230Sstevel@tonic-gate if (strpbrk(policy, "*()\\") != NULL ||
4240Sstevel@tonic-gate type != NULL && strpbrk(type, "*()\\") != NULL)
4250Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND);
4260Sstevel@tonic-gate
4270Sstevel@tonic-gate if (_priv_exec->id != NULL)
4280Sstevel@tonic-gate dup_id = strdup(_priv_exec->id);
4290Sstevel@tonic-gate
4300Sstevel@tonic-gate switch (getby_flag) {
4310Sstevel@tonic-gate case NSS_DBOP_EXECATTR_BYNAMEID:
4320Sstevel@tonic-gate if (_ldap_filter_name(name, _priv_exec->name,
4330Sstevel@tonic-gate sizeof (name)) != 0)
4340Sstevel@tonic-gate goto go_out;
4350Sstevel@tonic-gate break;
4360Sstevel@tonic-gate }
4370Sstevel@tonic-gate
4380Sstevel@tonic-gate wild_id = dup_id;
4390Sstevel@tonic-gate do {
4400Sstevel@tonic-gate if (wild_id != NULL) {
4410Sstevel@tonic-gate if (_ldap_filter_name(id, wild_id, sizeof (id)) != 0)
4420Sstevel@tonic-gate goto go_out;
4430Sstevel@tonic-gate } else
4440Sstevel@tonic-gate (void) strlcpy(id, "*", sizeof (id));
4450Sstevel@tonic-gate
4460Sstevel@tonic-gate switch (getby_flag) {
4470Sstevel@tonic-gate case NSS_DBOP_EXECATTR_BYID:
4480Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter),
4490Sstevel@tonic-gate _EXEC_GETEXECID, id, policy, ISWILD(type));
4500Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0)
4510Sstevel@tonic-gate goto go_out;
4520Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata),
4530Sstevel@tonic-gate _EXEC_GETEXECID_SSD, id, policy, ISWILD(type));
4540Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0)
4550Sstevel@tonic-gate goto go_out;
4560Sstevel@tonic-gate break;
4570Sstevel@tonic-gate
4580Sstevel@tonic-gate case NSS_DBOP_EXECATTR_BYNAMEID:
4590Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter),
4600Sstevel@tonic-gate _EXEC_GETEXECNAMEID, name, id,
4610Sstevel@tonic-gate policy, ISWILD(type));
4620Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0)
4630Sstevel@tonic-gate goto go_out;
4640Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata),
4650Sstevel@tonic-gate _EXEC_GETEXECNAMEID_SSD, name, id,
4660Sstevel@tonic-gate policy, ISWILD(type));
4670Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0)
4680Sstevel@tonic-gate goto go_out;
4690Sstevel@tonic-gate break;
4700Sstevel@tonic-gate
4710Sstevel@tonic-gate default:
4720Sstevel@tonic-gate goto go_out;
4730Sstevel@tonic-gate }
4740Sstevel@tonic-gate nss_stat = _nss_ldap_nocb_lookup(be, argp, _EXECATTR,
4750Sstevel@tonic-gate searchfilter, NULL, _merge_SSD_filter, userdata);
4760Sstevel@tonic-gate if (nss_stat == NSS_SUCCESS)
4770Sstevel@tonic-gate break;
4780Sstevel@tonic-gate } while ((wild_id = _exec_wild_id(wild_id, type)) != NULL);
4790Sstevel@tonic-gate
4800Sstevel@tonic-gate go_out:
4810Sstevel@tonic-gate free(dup_id);
4820Sstevel@tonic-gate
4830Sstevel@tonic-gate return (nss_stat);
4840Sstevel@tonic-gate }
4850Sstevel@tonic-gate
4860Sstevel@tonic-gate static nss_status_t
exec_attr_process_val(ldap_backend_ptr be,nss_XbyY_args_t * argp)4872830Sdjl exec_attr_process_val(ldap_backend_ptr be, nss_XbyY_args_t *argp) {
4882830Sdjl
4892830Sdjl _priv_execattr *_priv_exec = (_priv_execattr *)(argp->key.attrp);
4902830Sdjl int stat, nss_stat = NSS_SUCCESS;
4912830Sdjl
492*10020SJoep.Vesseur@Sun.COM if (IS_GET_ONE(_priv_exec->search_flag)) {
4932830Sdjl /* ns_ldap_entry_t -> file format */
4942830Sdjl stat = (*be->ldapobj2str)(be, argp);
4952830Sdjl
4962830Sdjl if (stat == NSS_STR_PARSE_SUCCESS) {
4972830Sdjl if (argp->buf.result != NULL) {
4982830Sdjl /* file format -> execstr_t */
4992830Sdjl stat = (*argp->str2ent)(be->buffer,
5002830Sdjl be->buflen,
5012830Sdjl argp->buf.result,
5022830Sdjl argp->buf.buffer,
5032830Sdjl argp->buf.buflen);
5042830Sdjl if (stat == NSS_STR_PARSE_SUCCESS) {
5052830Sdjl argp->returnval = argp->buf.result;
5062830Sdjl argp->returnlen = 1; /* irrelevant */
5072830Sdjl nss_stat = NSS_SUCCESS;
5082830Sdjl } else {
5092830Sdjl argp->returnval = NULL;
5102830Sdjl argp->returnlen = 0;
5112830Sdjl nss_stat = NSS_NOTFOUND;
5122830Sdjl }
5132830Sdjl } else {
5142830Sdjl /* return file format in argp->buf.buffer */
5152830Sdjl argp->returnval = argp->buf.buffer;
5162830Sdjl argp->returnlen = strlen(argp->buf.buffer);
5172830Sdjl nss_stat = NSS_SUCCESS;
5182830Sdjl }
5192830Sdjl } else {
5202830Sdjl argp->returnval = NULL;
5212830Sdjl argp->returnlen = 0;
5222830Sdjl nss_stat = NSS_NOTFOUND;
5232830Sdjl }
5242830Sdjl } else {
5252830Sdjl /* GET_ALL */
5262830Sdjl nss_stat = _exec_process_val(be, argp);
5272830Sdjl _exec_cleanup(nss_stat, argp);
5282830Sdjl }
5292830Sdjl
5302830Sdjl return (nss_stat);
5312830Sdjl
5322830Sdjl }
5332830Sdjl
5342830Sdjl static nss_status_t
getbynam(ldap_backend_ptr be,void * a)5350Sstevel@tonic-gate getbynam(ldap_backend_ptr be, void *a)
5360Sstevel@tonic-gate {
5370Sstevel@tonic-gate char searchfilter[SEARCHFILTERLEN];
5380Sstevel@tonic-gate char userdata[SEARCHFILTERLEN];
5390Sstevel@tonic-gate char name[SEARCHFILTERLEN];
5400Sstevel@tonic-gate int ret;
5410Sstevel@tonic-gate nss_status_t nss_stat;
5420Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
5430Sstevel@tonic-gate _priv_execattr *_priv_exec = (_priv_execattr *)(argp->key.attrp);
5440Sstevel@tonic-gate const char *policy = _priv_exec->policy;
5450Sstevel@tonic-gate const char *type = _priv_exec->type;
5460Sstevel@tonic-gate
5470Sstevel@tonic-gate if (strpbrk(policy, "*()\\") != NULL ||
5480Sstevel@tonic-gate type != NULL && strpbrk(type, "*()\\") != NULL ||
5490Sstevel@tonic-gate _ldap_filter_name(name, _priv_exec->name, sizeof (name)) != 0)
5500Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND);
5510Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter),
5520Sstevel@tonic-gate _EXEC_GETEXECNAME, name, policy, ISWILD(type));
5530Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0)
5540Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND);
5550Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata),
5560Sstevel@tonic-gate _EXEC_GETEXECNAME_SSD, name, policy, ISWILD(type));
5570Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0)
5580Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND);
5590Sstevel@tonic-gate
5600Sstevel@tonic-gate nss_stat = _nss_ldap_nocb_lookup(be, argp, _EXECATTR,
5610Sstevel@tonic-gate searchfilter, NULL, _merge_SSD_filter, userdata);
5620Sstevel@tonic-gate
5632830Sdjl if (nss_stat == NSS_SUCCESS)
5642830Sdjl nss_stat = exec_attr_process_val(be, argp);
5650Sstevel@tonic-gate
5660Sstevel@tonic-gate return (nss_stat);
5670Sstevel@tonic-gate }
5680Sstevel@tonic-gate
5690Sstevel@tonic-gate static nss_status_t
getbyid(ldap_backend_ptr be,void * a)5700Sstevel@tonic-gate getbyid(ldap_backend_ptr be, void *a)
5710Sstevel@tonic-gate {
5722830Sdjl nss_status_t nss_stat = NSS_SUCCESS;
5730Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
5740Sstevel@tonic-gate
5750Sstevel@tonic-gate nss_stat = get_wild(be, argp, NSS_DBOP_EXECATTR_BYID);
5760Sstevel@tonic-gate
5772830Sdjl if (nss_stat == NSS_SUCCESS)
5782830Sdjl nss_stat = exec_attr_process_val(be, argp);
5790Sstevel@tonic-gate
5800Sstevel@tonic-gate return (nss_stat);
5810Sstevel@tonic-gate }
5820Sstevel@tonic-gate
5830Sstevel@tonic-gate
5840Sstevel@tonic-gate static nss_status_t
getbynameid(ldap_backend_ptr be,void * a)5850Sstevel@tonic-gate getbynameid(ldap_backend_ptr be, void *a)
5860Sstevel@tonic-gate {
5870Sstevel@tonic-gate nss_status_t nss_stat;
5880Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
5890Sstevel@tonic-gate
5900Sstevel@tonic-gate nss_stat = get_wild(be, argp, NSS_DBOP_EXECATTR_BYNAMEID);
5910Sstevel@tonic-gate
5922830Sdjl if (nss_stat == NSS_SUCCESS)
5932830Sdjl nss_stat = exec_attr_process_val(be, argp);
5940Sstevel@tonic-gate
5950Sstevel@tonic-gate return (nss_stat);
5960Sstevel@tonic-gate }
5970Sstevel@tonic-gate
5980Sstevel@tonic-gate
5990Sstevel@tonic-gate static ldap_backend_op_t execattr_ops[] = {
6000Sstevel@tonic-gate _nss_ldap_destr,
6010Sstevel@tonic-gate _nss_ldap_endent,
6020Sstevel@tonic-gate _nss_ldap_setent,
6030Sstevel@tonic-gate _nss_ldap_getent,
6040Sstevel@tonic-gate getbynam,
6050Sstevel@tonic-gate getbyid,
6060Sstevel@tonic-gate getbynameid
6070Sstevel@tonic-gate };
6080Sstevel@tonic-gate
6090Sstevel@tonic-gate
6100Sstevel@tonic-gate /*ARGSUSED0*/
6110Sstevel@tonic-gate nss_backend_t *
_nss_ldap_exec_attr_constr(const char * dummy1,const char * dummy2,const char * dummy3,const char * dummy4,const char * dummy5,const char * dummy6,const char * dummy7)6120Sstevel@tonic-gate _nss_ldap_exec_attr_constr(const char *dummy1,
6130Sstevel@tonic-gate const char *dummy2,
6140Sstevel@tonic-gate const char *dummy3,
6150Sstevel@tonic-gate const char *dummy4,
6160Sstevel@tonic-gate const char *dummy5,
6170Sstevel@tonic-gate const char *dummy6,
6180Sstevel@tonic-gate const char *dummy7)
6190Sstevel@tonic-gate {
6200Sstevel@tonic-gate #ifdef DEBUG
6210Sstevel@tonic-gate (void) fprintf(stdout,
6220Sstevel@tonic-gate "\n[getexecattr.c: _nss_ldap_exec_attr_constr]\n");
6230Sstevel@tonic-gate #endif
6240Sstevel@tonic-gate return ((nss_backend_t *)_nss_ldap_constr(execattr_ops,
625*10020SJoep.Vesseur@Sun.COM sizeof (execattr_ops)/sizeof (execattr_ops[0]), _EXECATTR,
626*10020SJoep.Vesseur@Sun.COM exec_attrs, _nss_ldap_exec2str));
6270Sstevel@tonic-gate }
628