10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 52830Sdjl * Common Development and Distribution License (the "License"). 62830Sdjl * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*10020SJoep.Vesseur@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate #include <secdb.h> 270Sstevel@tonic-gate #include <exec_attr.h> 280Sstevel@tonic-gate #include "ldap_common.h" 290Sstevel@tonic-gate 300Sstevel@tonic-gate 310Sstevel@tonic-gate /* exec_attr attributes filters */ 320Sstevel@tonic-gate #define ISWILD(x) (x == NULL) ? "*" : x 330Sstevel@tonic-gate #define _EXEC_NAME "cn" 340Sstevel@tonic-gate #define _EXEC_POLICY "SolarisKernelSecurityPolicy" 350Sstevel@tonic-gate #define _EXEC_TYPE "SolarisProfileType" 360Sstevel@tonic-gate #define _EXEC_RES1 "SolarisAttrRes1" 370Sstevel@tonic-gate #define _EXEC_RES2 "SolarisAttrRes2" 380Sstevel@tonic-gate #define _EXEC_ID "SolarisProfileId" 390Sstevel@tonic-gate #define _EXEC_ATTRS "SolarisAttrKeyValue" 400Sstevel@tonic-gate #define _EXEC_GETEXECNAME "(&(objectClass=SolarisExecAttr)(cn=%s)"\ 410Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\ 420Sstevel@tonic-gate "(SolarisProfileType=%s))" 430Sstevel@tonic-gate #define _EXEC_GETEXECNAME_SSD "(&(%%s)(cn=%s)"\ 440Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\ 450Sstevel@tonic-gate "(SolarisProfileType=%s))" 460Sstevel@tonic-gate #define _EXEC_GETEXECID "(&(objectClass=SolarisExecAttr)"\ 470Sstevel@tonic-gate "(SolarisProfileId=%s)"\ 480Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\ 490Sstevel@tonic-gate "(SolarisProfileType=%s))" 500Sstevel@tonic-gate #define _EXEC_GETEXECID_SSD "(&(%%s)"\ 510Sstevel@tonic-gate "(SolarisProfileId=%s)"\ 520Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\ 530Sstevel@tonic-gate "(SolarisProfileType=%s))" 540Sstevel@tonic-gate #define _EXEC_GETEXECNAMEID "(&(objectClass=SolarisExecAttr)(cn=%s)"\ 550Sstevel@tonic-gate "(SolarisProfileId=%s)"\ 560Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\ 570Sstevel@tonic-gate "(SolarisProfileType=%s))" 580Sstevel@tonic-gate #define _EXEC_GETEXECNAMEID_SSD "(&(%%s)(cn=%s)"\ 590Sstevel@tonic-gate "(SolarisProfileId=%s)"\ 600Sstevel@tonic-gate "(SolarisKernelSecurityPolicy=%s)"\ 610Sstevel@tonic-gate "(SolarisProfileType=%s))" 620Sstevel@tonic-gate 630Sstevel@tonic-gate 640Sstevel@tonic-gate /* from libnsl */ 650Sstevel@tonic-gate extern int _doexeclist(nss_XbyY_args_t *); 660Sstevel@tonic-gate extern char *_exec_wild_id(char *, const char *); 670Sstevel@tonic-gate extern void _exec_cleanup(nss_status_t, nss_XbyY_args_t *); 680Sstevel@tonic-gate 690Sstevel@tonic-gate 700Sstevel@tonic-gate static const char *exec_attrs[] = { 710Sstevel@tonic-gate _EXEC_NAME, 720Sstevel@tonic-gate _EXEC_POLICY, 730Sstevel@tonic-gate _EXEC_TYPE, 740Sstevel@tonic-gate _EXEC_RES1, 750Sstevel@tonic-gate _EXEC_RES2, 760Sstevel@tonic-gate _EXEC_ID, 770Sstevel@tonic-gate _EXEC_ATTRS, 780Sstevel@tonic-gate (char *)NULL 790Sstevel@tonic-gate }; 800Sstevel@tonic-gate 810Sstevel@tonic-gate 820Sstevel@tonic-gate #ifdef DEBUG 830Sstevel@tonic-gate static void 840Sstevel@tonic-gate _print_execstr(execstr_t *exec) 850Sstevel@tonic-gate { 860Sstevel@tonic-gate 870Sstevel@tonic-gate (void) fprintf(stdout, " exec-name: [%s]\n", exec->name); 880Sstevel@tonic-gate if (exec->policy != (char *)NULL) { 890Sstevel@tonic-gate (void) fprintf(stdout, " policy: [%s]\n", exec->policy); 900Sstevel@tonic-gate } 910Sstevel@tonic-gate if (exec->type != (char *)NULL) { 920Sstevel@tonic-gate (void) fprintf(stdout, " type: [%s]\n", exec->type); 930Sstevel@tonic-gate } 940Sstevel@tonic-gate if (exec->res1 != (char *)NULL) { 950Sstevel@tonic-gate (void) fprintf(stdout, " res1: [%s]\n", exec->res1); 960Sstevel@tonic-gate } 970Sstevel@tonic-gate if (exec->res2 != (char *)NULL) { 980Sstevel@tonic-gate (void) fprintf(stdout, " res2: [%s]\n", exec->res2); 990Sstevel@tonic-gate } 1000Sstevel@tonic-gate if (exec->id != (char *)NULL) { 1010Sstevel@tonic-gate (void) fprintf(stdout, " id: [%s]\n", exec->id); 1020Sstevel@tonic-gate } 1030Sstevel@tonic-gate if (exec->attr != (char *)NULL) { 1040Sstevel@tonic-gate (void) fprintf(stdout, " attr: [%s]\n", exec->attr); 1050Sstevel@tonic-gate } 1060Sstevel@tonic-gate if (exec->next != (execstr_t *)NULL) { 1070Sstevel@tonic-gate (void) fprintf(stdout, " next: [%s]\n", exec->next->name); 1080Sstevel@tonic-gate (void) fprintf(stdout, "\n"); 1090Sstevel@tonic-gate _print_execstr(exec->next); 1100Sstevel@tonic-gate } 1110Sstevel@tonic-gate } 1120Sstevel@tonic-gate #endif /* DEBUG */ 1130Sstevel@tonic-gate 1140Sstevel@tonic-gate 1150Sstevel@tonic-gate static int 1160Sstevel@tonic-gate _exec_ldap_exec2ent(ns_ldap_entry_t *entry, nss_XbyY_args_t *argp) 1170Sstevel@tonic-gate { 1180Sstevel@tonic-gate 1190Sstevel@tonic-gate int i; 1200Sstevel@tonic-gate unsigned long len = 0L; 1210Sstevel@tonic-gate int buflen = (int)0; 1220Sstevel@tonic-gate char *nullstring = (char *)NULL; 1230Sstevel@tonic-gate char *buffer = (char *)NULL; 1240Sstevel@tonic-gate char *ceiling = (char *)NULL; 1250Sstevel@tonic-gate execstr_t *exec = (execstr_t *)NULL; 1260Sstevel@tonic-gate ns_ldap_attr_t *attrptr; 1270Sstevel@tonic-gate 1280Sstevel@tonic-gate buffer = argp->buf.buffer; 1290Sstevel@tonic-gate buflen = (size_t)argp->buf.buflen; 1300Sstevel@tonic-gate (void) memset(argp->buf.buffer, 0, buflen); 1310Sstevel@tonic-gate exec = (execstr_t *)(argp->buf.result); 1320Sstevel@tonic-gate ceiling = buffer + buflen; 1330Sstevel@tonic-gate exec->name = (char *)NULL; 1340Sstevel@tonic-gate exec->policy = (char *)NULL; 1350Sstevel@tonic-gate exec->type = (char *)NULL; 1360Sstevel@tonic-gate exec->res1 = (char *)NULL; 1370Sstevel@tonic-gate exec->res2 = (char *)NULL; 1380Sstevel@tonic-gate exec->id = (char *)NULL; 1390Sstevel@tonic-gate exec->attr = (char *)NULL; 1400Sstevel@tonic-gate 1410Sstevel@tonic-gate for (i = 0; i < entry->attr_count; i++) { 1420Sstevel@tonic-gate attrptr = entry->attr_pair[i]; 1430Sstevel@tonic-gate if (attrptr == NULL) { 1440Sstevel@tonic-gate return ((int)NSS_STR_PARSE_PARSE); 1450Sstevel@tonic-gate } 1460Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_NAME) == 0) { 1470Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) || 1480Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) { 1490Sstevel@tonic-gate return ((int)NSS_STR_PARSE_PARSE); 1500Sstevel@tonic-gate } 1510Sstevel@tonic-gate exec->name = buffer; 1520Sstevel@tonic-gate buffer += len + 1; 1530Sstevel@tonic-gate if (buffer >= ceiling) { 1540Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE); 1550Sstevel@tonic-gate } 1560Sstevel@tonic-gate (void) strcpy(exec->name, attrptr->attrvalue[0]); 1570Sstevel@tonic-gate continue; 1580Sstevel@tonic-gate } 1590Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_POLICY) == 0) { 1600Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) || 1610Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) { 1620Sstevel@tonic-gate exec->policy = nullstring; 1630Sstevel@tonic-gate } else { 1640Sstevel@tonic-gate exec->policy = buffer; 1650Sstevel@tonic-gate buffer += len + 1; 1660Sstevel@tonic-gate if (buffer >= ceiling) { 1670Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE); 1680Sstevel@tonic-gate } 1690Sstevel@tonic-gate (void) strcpy(exec->policy, 1700Sstevel@tonic-gate attrptr->attrvalue[0]); 1710Sstevel@tonic-gate } 1720Sstevel@tonic-gate continue; 1730Sstevel@tonic-gate } 1740Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_TYPE) == 0) { 1750Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) || 1760Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) { 1770Sstevel@tonic-gate exec->type = nullstring; 1780Sstevel@tonic-gate } else { 1790Sstevel@tonic-gate exec->type = buffer; 1800Sstevel@tonic-gate buffer += len + 1; 1810Sstevel@tonic-gate if (buffer >= ceiling) { 1820Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE); 1830Sstevel@tonic-gate } 1840Sstevel@tonic-gate (void) strcpy(exec->type, 1850Sstevel@tonic-gate attrptr->attrvalue[0]); 1860Sstevel@tonic-gate } 1870Sstevel@tonic-gate continue; 1880Sstevel@tonic-gate } 1890Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_RES1) == 0) { 1900Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) || 1910Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) { 1920Sstevel@tonic-gate exec->res1 = nullstring; 1930Sstevel@tonic-gate } else { 1940Sstevel@tonic-gate exec->res1 = buffer; 1950Sstevel@tonic-gate buffer += len + 1; 1960Sstevel@tonic-gate if (buffer >= ceiling) { 1970Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE); 1980Sstevel@tonic-gate } 1990Sstevel@tonic-gate (void) strcpy(exec->res1, 2000Sstevel@tonic-gate attrptr->attrvalue[0]); 2010Sstevel@tonic-gate } 2020Sstevel@tonic-gate continue; 2030Sstevel@tonic-gate } 2040Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_RES2) == 0) { 2050Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) || 2060Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) { 2070Sstevel@tonic-gate exec->res2 = nullstring; 2080Sstevel@tonic-gate } else { 2090Sstevel@tonic-gate exec->res2 = buffer; 2100Sstevel@tonic-gate buffer += len + 1; 2110Sstevel@tonic-gate if (buffer >= ceiling) { 2120Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE); 2130Sstevel@tonic-gate } 2140Sstevel@tonic-gate (void) strcpy(exec->res2, 2150Sstevel@tonic-gate attrptr->attrvalue[0]); 2160Sstevel@tonic-gate } 2170Sstevel@tonic-gate continue; 2180Sstevel@tonic-gate } 2190Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_ID) == 0) { 2200Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) || 2210Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) { 2220Sstevel@tonic-gate exec->id = nullstring; 2230Sstevel@tonic-gate } else { 2240Sstevel@tonic-gate exec->id = buffer; 2250Sstevel@tonic-gate buffer += len + 1; 2260Sstevel@tonic-gate if (buffer >= ceiling) { 2270Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE); 2280Sstevel@tonic-gate } 2290Sstevel@tonic-gate (void) strcpy(exec->id, attrptr->attrvalue[0]); 2300Sstevel@tonic-gate } 2310Sstevel@tonic-gate continue; 2320Sstevel@tonic-gate } 2330Sstevel@tonic-gate if (strcasecmp(attrptr->attrname, _EXEC_ATTRS) == 0) { 2340Sstevel@tonic-gate if ((attrptr->attrvalue[0] == NULL) || 2350Sstevel@tonic-gate (len = strlen(attrptr->attrvalue[0])) < 1) { 2360Sstevel@tonic-gate exec->attr = nullstring; 2370Sstevel@tonic-gate } else { 2380Sstevel@tonic-gate exec->attr = buffer; 2390Sstevel@tonic-gate buffer += len + 1; 2400Sstevel@tonic-gate if (buffer >= ceiling) { 2410Sstevel@tonic-gate return ((int)NSS_STR_PARSE_ERANGE); 2420Sstevel@tonic-gate } 2430Sstevel@tonic-gate (void) strcpy(exec->attr, 2440Sstevel@tonic-gate attrptr->attrvalue[0]); 2450Sstevel@tonic-gate } 2460Sstevel@tonic-gate continue; 2470Sstevel@tonic-gate } 2480Sstevel@tonic-gate } 2490Sstevel@tonic-gate 2500Sstevel@tonic-gate exec->next = (execstr_t *)NULL; 2510Sstevel@tonic-gate 2520Sstevel@tonic-gate #ifdef DEBUG 2530Sstevel@tonic-gate (void) fprintf(stdout, "\n[getexecattr.c: _exec_ldap_exec2ent]\n"); 2540Sstevel@tonic-gate _print_execstr(exec); 2550Sstevel@tonic-gate #endif /* DEBUG */ 2560Sstevel@tonic-gate 2570Sstevel@tonic-gate return ((int)NSS_STR_PARSE_SUCCESS); 2580Sstevel@tonic-gate } 2590Sstevel@tonic-gate 2600Sstevel@tonic-gate 2610Sstevel@tonic-gate /* 2622830Sdjl * place the results from ldap object structure into the file format 2630Sstevel@tonic-gate * returns NSS_STR_PARSE_{SUCCESS, ERANGE, PARSE} 2640Sstevel@tonic-gate */ 2650Sstevel@tonic-gate static int 2662830Sdjl _nss_ldap_exec2str(ldap_backend_ptr be, nss_XbyY_args_t *argp) 2670Sstevel@tonic-gate { 2682830Sdjl int status = NSS_STR_PARSE_SUCCESS; 2690Sstevel@tonic-gate ns_ldap_result_t *result = be->result; 2702830Sdjl int len; 2712830Sdjl char *buffer, **name, **policy, **type; 2722830Sdjl char **res1, **res2, **id, **attr; 2732830Sdjl char *policy_str, *type_str, *res1_str, *res2_str; 2742830Sdjl char *id_str, *attr_str; 2750Sstevel@tonic-gate 2762830Sdjl if (result == NULL) 2772830Sdjl return (NSS_STR_PARSE_PARSE); 2782830Sdjl 2792830Sdjl (void) memset(argp->buf.buffer, 0, argp->buf.buflen); 2802830Sdjl 2812830Sdjl name = __ns_ldap_getAttr(result->entry, _EXEC_NAME); 2822830Sdjl if (name == NULL || name[0] == NULL || 283*10020SJoep.Vesseur@Sun.COM (strlen(name[0]) < 1)) { 2842830Sdjl status = NSS_STR_PARSE_PARSE; 2852830Sdjl goto result_exec2str; 2860Sstevel@tonic-gate } 2870Sstevel@tonic-gate 2882830Sdjl policy = __ns_ldap_getAttr(result->entry, _EXEC_POLICY); 2892830Sdjl 2902830Sdjl if (policy == NULL || policy[0] == NULL) 2912830Sdjl policy_str = _NO_VALUE; 2922830Sdjl else 2932830Sdjl policy_str = policy[0]; 2942830Sdjl 2952830Sdjl type = __ns_ldap_getAttr(result->entry, _EXEC_TYPE); 2962830Sdjl if (type == NULL || type[0] == NULL) 2972830Sdjl type_str = _NO_VALUE; 2982830Sdjl else 2992830Sdjl type_str = type[0]; 3002830Sdjl 3012830Sdjl res1 = __ns_ldap_getAttr(result->entry, _EXEC_RES1); 3022830Sdjl if (res1 == NULL || res1[0] == NULL) 3032830Sdjl res1_str = _NO_VALUE; 3042830Sdjl else 3052830Sdjl res1_str = res1[0]; 3062830Sdjl 3072830Sdjl res2 = __ns_ldap_getAttr(result->entry, _EXEC_RES2); 3082830Sdjl if (res2 == NULL || res2[0] == NULL) 3092830Sdjl res2_str = _NO_VALUE; 3102830Sdjl else 3112830Sdjl res2_str = res2[0]; 3122830Sdjl 3132830Sdjl id = __ns_ldap_getAttr(result->entry, _EXEC_ID); 3142830Sdjl if (id == NULL || id[0] == NULL) 3152830Sdjl id_str = _NO_VALUE; 3162830Sdjl else 3172830Sdjl id_str = id[0]; 3182830Sdjl 3192830Sdjl attr = __ns_ldap_getAttr(result->entry, _EXEC_ATTRS); 3202830Sdjl if (attr == NULL || attr[0] == NULL) 3212830Sdjl attr_str = _NO_VALUE; 3222830Sdjl else 3232830Sdjl attr_str = attr[0]; 3242830Sdjl 3252830Sdjl /* 7 = 6 ':' + 1 '\0' */ 3262830Sdjl len = strlen(name[0]) + strlen(policy_str) + strlen(type_str) + 327*10020SJoep.Vesseur@Sun.COM strlen(res1_str) + strlen(res2_str) + strlen(id_str) + 328*10020SJoep.Vesseur@Sun.COM strlen(attr_str) + 7; 3292830Sdjl 3302830Sdjl if (len > argp->buf.buflen) { 3312830Sdjl status = NSS_STR_PARSE_ERANGE; 3322830Sdjl goto result_exec2str; 3332830Sdjl } 3342830Sdjl if (argp->buf.result != NULL) { 3352830Sdjl if ((be->buffer = calloc(1, len)) == NULL) { 3362830Sdjl status = NSS_STR_PARSE_PARSE; 3372830Sdjl goto result_exec2str; 3380Sstevel@tonic-gate } 3392830Sdjl buffer = be->buffer; 3402830Sdjl } else 3412830Sdjl buffer = argp->buf.buffer; 3420Sstevel@tonic-gate 3432830Sdjl (void) snprintf(buffer, len, "%s:%s:%s:%s:%s:%s:%s", 344*10020SJoep.Vesseur@Sun.COM name[0], policy_str, type_str, res1_str, 345*10020SJoep.Vesseur@Sun.COM res2_str, id_str, attr_str); 3462830Sdjl /* The front end marshaller does not need the trailing null */ 3472830Sdjl if (argp->buf.result != NULL) 3482830Sdjl be->buflen = strlen(buffer); 3492830Sdjl result_exec2str: 3500Sstevel@tonic-gate (void) __ns_ldap_freeResult(&be->result); 3510Sstevel@tonic-gate return (status); 3520Sstevel@tonic-gate } 3530Sstevel@tonic-gate 3540Sstevel@tonic-gate 3550Sstevel@tonic-gate static nss_status_t 3560Sstevel@tonic-gate _exec_process_val(ldap_backend_ptr be, nss_XbyY_args_t *argp) 3570Sstevel@tonic-gate { 3580Sstevel@tonic-gate int status; 3590Sstevel@tonic-gate nss_status_t nss_stat = NSS_UNAVAIL; 3600Sstevel@tonic-gate ns_ldap_attr_t *attrptr; 3610Sstevel@tonic-gate ns_ldap_entry_t *entry; 3620Sstevel@tonic-gate ns_ldap_result_t *result = be->result; 3630Sstevel@tonic-gate _priv_execattr *_priv_exec = (_priv_execattr *)(argp->key.attrp); 3640Sstevel@tonic-gate 3650Sstevel@tonic-gate argp->returnval = NULL; 3660Sstevel@tonic-gate attrptr = getattr(result, 0); 3670Sstevel@tonic-gate if (attrptr == NULL) { 3680Sstevel@tonic-gate (void) __ns_ldap_freeResult(&be->result); 3690Sstevel@tonic-gate return (nss_stat); 3700Sstevel@tonic-gate } 3710Sstevel@tonic-gate for (entry = result->entry; entry != NULL; entry = entry->next) { 3720Sstevel@tonic-gate status = _exec_ldap_exec2ent(entry, argp); 3730Sstevel@tonic-gate switch (status) { 3740Sstevel@tonic-gate case NSS_STR_PARSE_SUCCESS: 3750Sstevel@tonic-gate argp->returnval = argp->buf.result; 3760Sstevel@tonic-gate nss_stat = NSS_SUCCESS; 377*10020SJoep.Vesseur@Sun.COM if (IS_GET_ALL(_priv_exec->search_flag)) { 3780Sstevel@tonic-gate if (_doexeclist(argp) == 0) { 3790Sstevel@tonic-gate nss_stat = NSS_UNAVAIL; 3800Sstevel@tonic-gate } 3810Sstevel@tonic-gate } 3820Sstevel@tonic-gate break; 3830Sstevel@tonic-gate case NSS_STR_PARSE_ERANGE: 3840Sstevel@tonic-gate argp->erange = 1; 3850Sstevel@tonic-gate nss_stat = NSS_NOTFOUND; 3860Sstevel@tonic-gate break; 3870Sstevel@tonic-gate case NSS_STR_PARSE_PARSE: 3880Sstevel@tonic-gate nss_stat = NSS_NOTFOUND; 3890Sstevel@tonic-gate break; 3900Sstevel@tonic-gate default: 3910Sstevel@tonic-gate nss_stat = NSS_UNAVAIL; 3920Sstevel@tonic-gate break; 3930Sstevel@tonic-gate } 3940Sstevel@tonic-gate 395*10020SJoep.Vesseur@Sun.COM if (IS_GET_ONE(_priv_exec->search_flag) || 3960Sstevel@tonic-gate (nss_stat != NSS_SUCCESS)) { 3970Sstevel@tonic-gate break; 3980Sstevel@tonic-gate } 3990Sstevel@tonic-gate } 4000Sstevel@tonic-gate 4010Sstevel@tonic-gate return (nss_stat); 4020Sstevel@tonic-gate } 4030Sstevel@tonic-gate 4040Sstevel@tonic-gate 4050Sstevel@tonic-gate /* 4060Sstevel@tonic-gate * Check if we have either an exact match or a wild-card entry for that id. 4070Sstevel@tonic-gate */ 4080Sstevel@tonic-gate static nss_status_t 4090Sstevel@tonic-gate get_wild(ldap_backend_ptr be, nss_XbyY_args_t *argp, int getby_flag) 4100Sstevel@tonic-gate { 4110Sstevel@tonic-gate char *dup_id = NULL; 4120Sstevel@tonic-gate char *wild_id; 4130Sstevel@tonic-gate char searchfilter[SEARCHFILTERLEN]; 4140Sstevel@tonic-gate char userdata[SEARCHFILTERLEN]; 4150Sstevel@tonic-gate char name[SEARCHFILTERLEN]; 4160Sstevel@tonic-gate char id[SEARCHFILTERLEN]; 4170Sstevel@tonic-gate int ret; 4180Sstevel@tonic-gate nss_status_t nss_stat = NSS_NOTFOUND; 4190Sstevel@tonic-gate _priv_execattr *_priv_exec = (_priv_execattr *)(argp->key.attrp); 4200Sstevel@tonic-gate const char *policy = _priv_exec->policy; 4210Sstevel@tonic-gate const char *type = _priv_exec->type; 4220Sstevel@tonic-gate 4230Sstevel@tonic-gate if (strpbrk(policy, "*()\\") != NULL || 4240Sstevel@tonic-gate type != NULL && strpbrk(type, "*()\\") != NULL) 4250Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 4260Sstevel@tonic-gate 4270Sstevel@tonic-gate if (_priv_exec->id != NULL) 4280Sstevel@tonic-gate dup_id = strdup(_priv_exec->id); 4290Sstevel@tonic-gate 4300Sstevel@tonic-gate switch (getby_flag) { 4310Sstevel@tonic-gate case NSS_DBOP_EXECATTR_BYNAMEID: 4320Sstevel@tonic-gate if (_ldap_filter_name(name, _priv_exec->name, 4330Sstevel@tonic-gate sizeof (name)) != 0) 4340Sstevel@tonic-gate goto go_out; 4350Sstevel@tonic-gate break; 4360Sstevel@tonic-gate } 4370Sstevel@tonic-gate 4380Sstevel@tonic-gate wild_id = dup_id; 4390Sstevel@tonic-gate do { 4400Sstevel@tonic-gate if (wild_id != NULL) { 4410Sstevel@tonic-gate if (_ldap_filter_name(id, wild_id, sizeof (id)) != 0) 4420Sstevel@tonic-gate goto go_out; 4430Sstevel@tonic-gate } else 4440Sstevel@tonic-gate (void) strlcpy(id, "*", sizeof (id)); 4450Sstevel@tonic-gate 4460Sstevel@tonic-gate switch (getby_flag) { 4470Sstevel@tonic-gate case NSS_DBOP_EXECATTR_BYID: 4480Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter), 4490Sstevel@tonic-gate _EXEC_GETEXECID, id, policy, ISWILD(type)); 4500Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0) 4510Sstevel@tonic-gate goto go_out; 4520Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata), 4530Sstevel@tonic-gate _EXEC_GETEXECID_SSD, id, policy, ISWILD(type)); 4540Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0) 4550Sstevel@tonic-gate goto go_out; 4560Sstevel@tonic-gate break; 4570Sstevel@tonic-gate 4580Sstevel@tonic-gate case NSS_DBOP_EXECATTR_BYNAMEID: 4590Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter), 4600Sstevel@tonic-gate _EXEC_GETEXECNAMEID, name, id, 4610Sstevel@tonic-gate policy, ISWILD(type)); 4620Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0) 4630Sstevel@tonic-gate goto go_out; 4640Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata), 4650Sstevel@tonic-gate _EXEC_GETEXECNAMEID_SSD, name, id, 4660Sstevel@tonic-gate policy, ISWILD(type)); 4670Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0) 4680Sstevel@tonic-gate goto go_out; 4690Sstevel@tonic-gate break; 4700Sstevel@tonic-gate 4710Sstevel@tonic-gate default: 4720Sstevel@tonic-gate goto go_out; 4730Sstevel@tonic-gate } 4740Sstevel@tonic-gate nss_stat = _nss_ldap_nocb_lookup(be, argp, _EXECATTR, 4750Sstevel@tonic-gate searchfilter, NULL, _merge_SSD_filter, userdata); 4760Sstevel@tonic-gate if (nss_stat == NSS_SUCCESS) 4770Sstevel@tonic-gate break; 4780Sstevel@tonic-gate } while ((wild_id = _exec_wild_id(wild_id, type)) != NULL); 4790Sstevel@tonic-gate 4800Sstevel@tonic-gate go_out: 4810Sstevel@tonic-gate free(dup_id); 4820Sstevel@tonic-gate 4830Sstevel@tonic-gate return (nss_stat); 4840Sstevel@tonic-gate } 4850Sstevel@tonic-gate 4860Sstevel@tonic-gate static nss_status_t 4872830Sdjl exec_attr_process_val(ldap_backend_ptr be, nss_XbyY_args_t *argp) { 4882830Sdjl 4892830Sdjl _priv_execattr *_priv_exec = (_priv_execattr *)(argp->key.attrp); 4902830Sdjl int stat, nss_stat = NSS_SUCCESS; 4912830Sdjl 492*10020SJoep.Vesseur@Sun.COM if (IS_GET_ONE(_priv_exec->search_flag)) { 4932830Sdjl /* ns_ldap_entry_t -> file format */ 4942830Sdjl stat = (*be->ldapobj2str)(be, argp); 4952830Sdjl 4962830Sdjl if (stat == NSS_STR_PARSE_SUCCESS) { 4972830Sdjl if (argp->buf.result != NULL) { 4982830Sdjl /* file format -> execstr_t */ 4992830Sdjl stat = (*argp->str2ent)(be->buffer, 5002830Sdjl be->buflen, 5012830Sdjl argp->buf.result, 5022830Sdjl argp->buf.buffer, 5032830Sdjl argp->buf.buflen); 5042830Sdjl if (stat == NSS_STR_PARSE_SUCCESS) { 5052830Sdjl argp->returnval = argp->buf.result; 5062830Sdjl argp->returnlen = 1; /* irrelevant */ 5072830Sdjl nss_stat = NSS_SUCCESS; 5082830Sdjl } else { 5092830Sdjl argp->returnval = NULL; 5102830Sdjl argp->returnlen = 0; 5112830Sdjl nss_stat = NSS_NOTFOUND; 5122830Sdjl } 5132830Sdjl } else { 5142830Sdjl /* return file format in argp->buf.buffer */ 5152830Sdjl argp->returnval = argp->buf.buffer; 5162830Sdjl argp->returnlen = strlen(argp->buf.buffer); 5172830Sdjl nss_stat = NSS_SUCCESS; 5182830Sdjl } 5192830Sdjl } else { 5202830Sdjl argp->returnval = NULL; 5212830Sdjl argp->returnlen = 0; 5222830Sdjl nss_stat = NSS_NOTFOUND; 5232830Sdjl } 5242830Sdjl } else { 5252830Sdjl /* GET_ALL */ 5262830Sdjl nss_stat = _exec_process_val(be, argp); 5272830Sdjl _exec_cleanup(nss_stat, argp); 5282830Sdjl } 5292830Sdjl 5302830Sdjl return (nss_stat); 5312830Sdjl 5322830Sdjl } 5332830Sdjl 5342830Sdjl static nss_status_t 5350Sstevel@tonic-gate getbynam(ldap_backend_ptr be, void *a) 5360Sstevel@tonic-gate { 5370Sstevel@tonic-gate char searchfilter[SEARCHFILTERLEN]; 5380Sstevel@tonic-gate char userdata[SEARCHFILTERLEN]; 5390Sstevel@tonic-gate char name[SEARCHFILTERLEN]; 5400Sstevel@tonic-gate int ret; 5410Sstevel@tonic-gate nss_status_t nss_stat; 5420Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 5430Sstevel@tonic-gate _priv_execattr *_priv_exec = (_priv_execattr *)(argp->key.attrp); 5440Sstevel@tonic-gate const char *policy = _priv_exec->policy; 5450Sstevel@tonic-gate const char *type = _priv_exec->type; 5460Sstevel@tonic-gate 5470Sstevel@tonic-gate if (strpbrk(policy, "*()\\") != NULL || 5480Sstevel@tonic-gate type != NULL && strpbrk(type, "*()\\") != NULL || 5490Sstevel@tonic-gate _ldap_filter_name(name, _priv_exec->name, sizeof (name)) != 0) 5500Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 5510Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter), 5520Sstevel@tonic-gate _EXEC_GETEXECNAME, name, policy, ISWILD(type)); 5530Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0) 5540Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 5550Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata), 5560Sstevel@tonic-gate _EXEC_GETEXECNAME_SSD, name, policy, ISWILD(type)); 5570Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0) 5580Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 5590Sstevel@tonic-gate 5600Sstevel@tonic-gate nss_stat = _nss_ldap_nocb_lookup(be, argp, _EXECATTR, 5610Sstevel@tonic-gate searchfilter, NULL, _merge_SSD_filter, userdata); 5620Sstevel@tonic-gate 5632830Sdjl if (nss_stat == NSS_SUCCESS) 5642830Sdjl nss_stat = exec_attr_process_val(be, argp); 5650Sstevel@tonic-gate 5660Sstevel@tonic-gate return (nss_stat); 5670Sstevel@tonic-gate } 5680Sstevel@tonic-gate 5690Sstevel@tonic-gate static nss_status_t 5700Sstevel@tonic-gate getbyid(ldap_backend_ptr be, void *a) 5710Sstevel@tonic-gate { 5722830Sdjl nss_status_t nss_stat = NSS_SUCCESS; 5730Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 5740Sstevel@tonic-gate 5750Sstevel@tonic-gate nss_stat = get_wild(be, argp, NSS_DBOP_EXECATTR_BYID); 5760Sstevel@tonic-gate 5772830Sdjl if (nss_stat == NSS_SUCCESS) 5782830Sdjl nss_stat = exec_attr_process_val(be, argp); 5790Sstevel@tonic-gate 5800Sstevel@tonic-gate return (nss_stat); 5810Sstevel@tonic-gate } 5820Sstevel@tonic-gate 5830Sstevel@tonic-gate 5840Sstevel@tonic-gate static nss_status_t 5850Sstevel@tonic-gate getbynameid(ldap_backend_ptr be, void *a) 5860Sstevel@tonic-gate { 5870Sstevel@tonic-gate nss_status_t nss_stat; 5880Sstevel@tonic-gate nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a; 5890Sstevel@tonic-gate 5900Sstevel@tonic-gate nss_stat = get_wild(be, argp, NSS_DBOP_EXECATTR_BYNAMEID); 5910Sstevel@tonic-gate 5922830Sdjl if (nss_stat == NSS_SUCCESS) 5932830Sdjl nss_stat = exec_attr_process_val(be, argp); 5940Sstevel@tonic-gate 5950Sstevel@tonic-gate return (nss_stat); 5960Sstevel@tonic-gate } 5970Sstevel@tonic-gate 5980Sstevel@tonic-gate 5990Sstevel@tonic-gate static ldap_backend_op_t execattr_ops[] = { 6000Sstevel@tonic-gate _nss_ldap_destr, 6010Sstevel@tonic-gate _nss_ldap_endent, 6020Sstevel@tonic-gate _nss_ldap_setent, 6030Sstevel@tonic-gate _nss_ldap_getent, 6040Sstevel@tonic-gate getbynam, 6050Sstevel@tonic-gate getbyid, 6060Sstevel@tonic-gate getbynameid 6070Sstevel@tonic-gate }; 6080Sstevel@tonic-gate 6090Sstevel@tonic-gate 6100Sstevel@tonic-gate /*ARGSUSED0*/ 6110Sstevel@tonic-gate nss_backend_t * 6120Sstevel@tonic-gate _nss_ldap_exec_attr_constr(const char *dummy1, 6130Sstevel@tonic-gate const char *dummy2, 6140Sstevel@tonic-gate const char *dummy3, 6150Sstevel@tonic-gate const char *dummy4, 6160Sstevel@tonic-gate const char *dummy5, 6170Sstevel@tonic-gate const char *dummy6, 6180Sstevel@tonic-gate const char *dummy7) 6190Sstevel@tonic-gate { 6200Sstevel@tonic-gate #ifdef DEBUG 6210Sstevel@tonic-gate (void) fprintf(stdout, 6220Sstevel@tonic-gate "\n[getexecattr.c: _nss_ldap_exec_attr_constr]\n"); 6230Sstevel@tonic-gate #endif 6240Sstevel@tonic-gate return ((nss_backend_t *)_nss_ldap_constr(execattr_ops, 625*10020SJoep.Vesseur@Sun.COM sizeof (execattr_ops)/sizeof (execattr_ops[0]), _EXECATTR, 626*10020SJoep.Vesseur@Sun.COM exec_attrs, _nss_ldap_exec2str)); 6270Sstevel@tonic-gate } 628