10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*2388Smj162486 * Common Development and Distribution License (the "License"). 6*2388Smj162486 * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*2388Smj162486 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 270Sstevel@tonic-gate 280Sstevel@tonic-gate #include <syslog.h> 290Sstevel@tonic-gate #include "ldap_common.h" 300Sstevel@tonic-gate 310Sstevel@tonic-gate /* netgroup attributes filters */ 320Sstevel@tonic-gate #define _N_TRIPLE "nisnetgrouptriple" 330Sstevel@tonic-gate #define _N_MEMBER "membernisnetgroup" 340Sstevel@tonic-gate 350Sstevel@tonic-gate #define PRINT_VAL(a) (((a).argc == 0) || ((a).argv == NULL) || \ 360Sstevel@tonic-gate ((a).argv[0] == NULL)) ? "*" : (a).argv[0] 370Sstevel@tonic-gate #define ISNULL(a) (a == NULL ? "<NULL>" : a) 380Sstevel@tonic-gate #define MAX_DOMAIN_LEN 1024 390Sstevel@tonic-gate #define MAX_TRIPLE_LEN (MAXHOSTNAMELEN + LOGNAME_MAX + \ 400Sstevel@tonic-gate MAX_DOMAIN_LEN + 5) 410Sstevel@tonic-gate 420Sstevel@tonic-gate #define _F_SETMEMBER "(&(objectClass=nisNetGroup)(cn=%s))" 430Sstevel@tonic-gate #define _F_SETMEMBER_SSD "(&(%%s)(cn=%s))" 440Sstevel@tonic-gate 450Sstevel@tonic-gate #define N_HASH 257 46*2388Smj162486 #define COMMA ',' 470Sstevel@tonic-gate 480Sstevel@tonic-gate static const char *netgrent_attrs[] = { 490Sstevel@tonic-gate _N_TRIPLE, 500Sstevel@tonic-gate _N_MEMBER, 510Sstevel@tonic-gate (char *)NULL 520Sstevel@tonic-gate }; 530Sstevel@tonic-gate 540Sstevel@tonic-gate typedef struct netgroup_name { 550Sstevel@tonic-gate char *name; 560Sstevel@tonic-gate struct netgroup_name *next; 570Sstevel@tonic-gate struct netgroup_name *next_hash; 580Sstevel@tonic-gate } netgroup_name_t; 590Sstevel@tonic-gate 600Sstevel@tonic-gate typedef struct { 610Sstevel@tonic-gate netgroup_name_t *hash_list[N_HASH]; 620Sstevel@tonic-gate netgroup_name_t *to_do; 630Sstevel@tonic-gate netgroup_name_t *done; 640Sstevel@tonic-gate } netgroup_table_t; 650Sstevel@tonic-gate 660Sstevel@tonic-gate typedef struct { 670Sstevel@tonic-gate ns_ldap_result_t *results; 680Sstevel@tonic-gate ns_ldap_entry_t *entry; 690Sstevel@tonic-gate char **attrs; 700Sstevel@tonic-gate void *cookie; 710Sstevel@tonic-gate char *netgroup; 720Sstevel@tonic-gate netgroup_table_t tab; 730Sstevel@tonic-gate } getnetgrent_cookie_t; 740Sstevel@tonic-gate 750Sstevel@tonic-gate typedef struct { 760Sstevel@tonic-gate struct nss_innetgr_args *ia; 770Sstevel@tonic-gate const char *ssd_filter; 780Sstevel@tonic-gate const char *netgrname; 790Sstevel@tonic-gate const char *membername; 800Sstevel@tonic-gate netgroup_table_t tab; 810Sstevel@tonic-gate } innetgr_cookie_t; 820Sstevel@tonic-gate 830Sstevel@tonic-gate typedef unsigned int hash_t; 840Sstevel@tonic-gate 850Sstevel@tonic-gate static hash_t 860Sstevel@tonic-gate get_hash(const char *s) 870Sstevel@tonic-gate { 880Sstevel@tonic-gate unsigned int sum = 0; 890Sstevel@tonic-gate unsigned int i; 900Sstevel@tonic-gate 910Sstevel@tonic-gate for (i = 0; s[i] != '\0'; i++) 920Sstevel@tonic-gate sum += ((unsigned char *)s)[i]; 930Sstevel@tonic-gate 940Sstevel@tonic-gate return ((sum + i) % N_HASH); 950Sstevel@tonic-gate } 960Sstevel@tonic-gate 970Sstevel@tonic-gate /* 980Sstevel@tonic-gate * Adds a name to the netgroup table 990Sstevel@tonic-gate * 1000Sstevel@tonic-gate * Returns 1010Sstevel@tonic-gate * 0 if successfully added or already present 1020Sstevel@tonic-gate * -1 if memory allocation error 1030Sstevel@tonic-gate */ 1040Sstevel@tonic-gate 1050Sstevel@tonic-gate static int 1060Sstevel@tonic-gate add_netgroup_name(const char *name, netgroup_table_t *tab) 1070Sstevel@tonic-gate { 1080Sstevel@tonic-gate hash_t h; 1090Sstevel@tonic-gate netgroup_name_t *ng; 1100Sstevel@tonic-gate netgroup_name_t *ng_new; 1110Sstevel@tonic-gate 1120Sstevel@tonic-gate if (tab == NULL || name == NULL || *name == '\0') 1130Sstevel@tonic-gate return (NULL); 1140Sstevel@tonic-gate 1150Sstevel@tonic-gate h = get_hash(name); 1160Sstevel@tonic-gate ng = tab->hash_list[h]; 1170Sstevel@tonic-gate 1180Sstevel@tonic-gate while (ng != NULL) { 1190Sstevel@tonic-gate if (strcmp(name, ng->name) == 0) 1200Sstevel@tonic-gate break; 1210Sstevel@tonic-gate ng = ng->next_hash; 1220Sstevel@tonic-gate } 1230Sstevel@tonic-gate 1240Sstevel@tonic-gate if (ng == NULL) { 1250Sstevel@tonic-gate ng_new = (netgroup_name_t *) 1260Sstevel@tonic-gate calloc(1, sizeof (netgroup_name_t)); 1270Sstevel@tonic-gate if (ng_new == NULL) 1280Sstevel@tonic-gate return (-1); 1290Sstevel@tonic-gate ng_new->name = strdup(name); 1300Sstevel@tonic-gate if (ng_new->name == NULL) { 1310Sstevel@tonic-gate free(ng_new); 1320Sstevel@tonic-gate return (-1); 1330Sstevel@tonic-gate } 1340Sstevel@tonic-gate ng_new->next_hash = tab->hash_list[h]; 1350Sstevel@tonic-gate tab->hash_list[h] = ng_new; 1360Sstevel@tonic-gate ng_new->next = tab->to_do; 1370Sstevel@tonic-gate tab->to_do = ng_new; 1380Sstevel@tonic-gate } 1390Sstevel@tonic-gate return (0); 1400Sstevel@tonic-gate } 1410Sstevel@tonic-gate 1420Sstevel@tonic-gate static netgroup_name_t * 1430Sstevel@tonic-gate get_next_netgroup(netgroup_table_t *tab) 1440Sstevel@tonic-gate { 1450Sstevel@tonic-gate netgroup_name_t *ng; 1460Sstevel@tonic-gate 1470Sstevel@tonic-gate if (tab == NULL) 1480Sstevel@tonic-gate return (NULL); 1490Sstevel@tonic-gate 1500Sstevel@tonic-gate ng = tab->to_do; 1510Sstevel@tonic-gate if (ng != NULL) { 1520Sstevel@tonic-gate tab->to_do = ng->next; 1530Sstevel@tonic-gate ng->next = tab->done; 1540Sstevel@tonic-gate tab->done = ng; 1550Sstevel@tonic-gate } 1560Sstevel@tonic-gate return (ng); 1570Sstevel@tonic-gate } 1580Sstevel@tonic-gate 1590Sstevel@tonic-gate static void 1600Sstevel@tonic-gate free_netgroup_table(netgroup_table_t *tab) 1610Sstevel@tonic-gate { 1620Sstevel@tonic-gate netgroup_name_t *ng, *next; 1630Sstevel@tonic-gate 1640Sstevel@tonic-gate if (tab == NULL) 1650Sstevel@tonic-gate return; 1660Sstevel@tonic-gate 1670Sstevel@tonic-gate for (ng = tab->to_do; ng != NULL; ng = next) { 1680Sstevel@tonic-gate if (ng->name != NULL) 1690Sstevel@tonic-gate free(ng->name); 1700Sstevel@tonic-gate next = ng->next; 1710Sstevel@tonic-gate free(ng); 1720Sstevel@tonic-gate } 1730Sstevel@tonic-gate 1740Sstevel@tonic-gate for (ng = tab->done; ng != NULL; ng = next) { 1750Sstevel@tonic-gate if (ng->name != NULL) 1760Sstevel@tonic-gate free(ng->name); 1770Sstevel@tonic-gate next = ng->next; 1780Sstevel@tonic-gate free(ng); 1790Sstevel@tonic-gate } 1800Sstevel@tonic-gate (void) memset(tab, 0, sizeof (*tab)); 1810Sstevel@tonic-gate } 1820Sstevel@tonic-gate 1830Sstevel@tonic-gate /* 1840Sstevel@tonic-gate * domain comparing routine 1850Sstevel@tonic-gate * n1: See if n1 is n2 or an ancestor of it 1860Sstevel@tonic-gate * n2: (in string terms, n1 is a suffix of n2) 1870Sstevel@tonic-gate * Returns ZERO for success, -1 for failure. 1880Sstevel@tonic-gate */ 1890Sstevel@tonic-gate static int 1900Sstevel@tonic-gate domcmp(const char *n1, const char *n2) 1910Sstevel@tonic-gate { 1920Sstevel@tonic-gate #define PASS 0 1930Sstevel@tonic-gate #define FAIL -1 1940Sstevel@tonic-gate 1950Sstevel@tonic-gate size_t l1, l2; 1960Sstevel@tonic-gate 1970Sstevel@tonic-gate if ((n1 == NULL) || (n2 == NULL)) 1980Sstevel@tonic-gate return (FAIL); 1990Sstevel@tonic-gate 2000Sstevel@tonic-gate l1 = strlen(n1); 2010Sstevel@tonic-gate l2 = strlen(n2); 2020Sstevel@tonic-gate 2030Sstevel@tonic-gate /* Turn a blind eye to the presence or absence of trailing periods */ 2040Sstevel@tonic-gate if (l1 != 0 && n1[l1 - 1] == '.') { 2050Sstevel@tonic-gate --l1; 2060Sstevel@tonic-gate } 2070Sstevel@tonic-gate if (l2 != 0 && n2[l2 - 1] == '.') { 2080Sstevel@tonic-gate --l2; 2090Sstevel@tonic-gate } 2100Sstevel@tonic-gate if (l1 > l2) { /* Can't be a suffix */ 2110Sstevel@tonic-gate return (FAIL); 2120Sstevel@tonic-gate } else if (l1 == 0) { /* Trivially a suffix; */ 2130Sstevel@tonic-gate /* (do we want this case?) */ 2140Sstevel@tonic-gate return (PASS); 2150Sstevel@tonic-gate } 2160Sstevel@tonic-gate /* So 0 < l1 <= l2 */ 2170Sstevel@tonic-gate if (l1 < l2 && n2[l2 - l1 - 1] != '.') { 2180Sstevel@tonic-gate return (FAIL); 2190Sstevel@tonic-gate } 2200Sstevel@tonic-gate if (strncasecmp(n1, &n2[l2 - l1], l1) == 0) { 2210Sstevel@tonic-gate return (PASS); 2220Sstevel@tonic-gate } else { 2230Sstevel@tonic-gate return (FAIL); 2240Sstevel@tonic-gate } 2250Sstevel@tonic-gate } 2260Sstevel@tonic-gate 2270Sstevel@tonic-gate static int 2280Sstevel@tonic-gate split_triple(char *triple, char **hostname, char **username, char **domain) 2290Sstevel@tonic-gate { 2300Sstevel@tonic-gate int i, syntax_err; 2310Sstevel@tonic-gate char *splittriple[3]; 2320Sstevel@tonic-gate char *p = triple; 2330Sstevel@tonic-gate 2340Sstevel@tonic-gate #ifdef DEBUG 2350Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: split_triple]\n"); 2360Sstevel@tonic-gate #endif /* DEBUG */ 2370Sstevel@tonic-gate 2380Sstevel@tonic-gate if (triple == NULL) 2390Sstevel@tonic-gate return (-1); 2400Sstevel@tonic-gate 2410Sstevel@tonic-gate p++; 2420Sstevel@tonic-gate syntax_err = 0; 2430Sstevel@tonic-gate for (i = 0; i < 3; i++) { 2440Sstevel@tonic-gate char *start; 2450Sstevel@tonic-gate char *limit; 2460Sstevel@tonic-gate const char *terminators = ",) \t"; 2470Sstevel@tonic-gate 2480Sstevel@tonic-gate if (i == 2) { 2490Sstevel@tonic-gate /* Don't allow comma */ 2500Sstevel@tonic-gate terminators++; 2510Sstevel@tonic-gate } 2520Sstevel@tonic-gate while (isspace(*p)) { 2530Sstevel@tonic-gate p++; 2540Sstevel@tonic-gate } 2550Sstevel@tonic-gate start = p; 2560Sstevel@tonic-gate limit = strpbrk(start, terminators); 2570Sstevel@tonic-gate if (limit == 0) { 2580Sstevel@tonic-gate syntax_err++; 2590Sstevel@tonic-gate break; 2600Sstevel@tonic-gate } 2610Sstevel@tonic-gate p = limit; 2620Sstevel@tonic-gate while (isspace(*p)) { 2630Sstevel@tonic-gate p++; 2640Sstevel@tonic-gate } 2650Sstevel@tonic-gate if (*p == terminators[0]) { 2660Sstevel@tonic-gate /* 2670Sstevel@tonic-gate * Successfully parsed this name and 2680Sstevel@tonic-gate * the separator after it (comma or 2690Sstevel@tonic-gate * right paren); leave p ready for 2700Sstevel@tonic-gate * next parse. 2710Sstevel@tonic-gate */ 2720Sstevel@tonic-gate p++; 2730Sstevel@tonic-gate if (start == limit) { 2740Sstevel@tonic-gate /* Wildcard */ 2750Sstevel@tonic-gate splittriple[i] = NULL; 2760Sstevel@tonic-gate } else { 2770Sstevel@tonic-gate *limit = '\0'; 2780Sstevel@tonic-gate splittriple[i] = start; 2790Sstevel@tonic-gate } 2800Sstevel@tonic-gate } else { 2810Sstevel@tonic-gate syntax_err++; 2820Sstevel@tonic-gate break; 2830Sstevel@tonic-gate } 2840Sstevel@tonic-gate } 2850Sstevel@tonic-gate 2860Sstevel@tonic-gate if (syntax_err != 0) 2870Sstevel@tonic-gate return (-1); 2880Sstevel@tonic-gate 2890Sstevel@tonic-gate *hostname = splittriple[0]; 2900Sstevel@tonic-gate *username = splittriple[1]; 2910Sstevel@tonic-gate *domain = splittriple[2]; 2920Sstevel@tonic-gate 2930Sstevel@tonic-gate return (0); 2940Sstevel@tonic-gate } 2950Sstevel@tonic-gate 2960Sstevel@tonic-gate /* 297*2388Smj162486 * Test membership in triple 298*2388Smj162486 * return 0 = no match 299*2388Smj162486 * return 1 = match 3000Sstevel@tonic-gate */ 3010Sstevel@tonic-gate 3020Sstevel@tonic-gate static int 3030Sstevel@tonic-gate match_triple_entry(struct nss_innetgr_args *ia, const ns_ldap_entry_t *entry) 3040Sstevel@tonic-gate { 3050Sstevel@tonic-gate int ndomains; 3060Sstevel@tonic-gate char **pdomains; 3070Sstevel@tonic-gate int nhost; 3080Sstevel@tonic-gate char **phost; 3090Sstevel@tonic-gate int nusers; 3100Sstevel@tonic-gate char **pusers; 3110Sstevel@tonic-gate char **attr; 3120Sstevel@tonic-gate char triple[MAX_TRIPLE_LEN]; 3130Sstevel@tonic-gate char *tuser, *thost, *tdomain; 3140Sstevel@tonic-gate int i; 315*2388Smj162486 char *current, *limit; 316*2388Smj162486 int pulen, phlen; 317*2388Smj162486 char *pusers0, *phost0; 3180Sstevel@tonic-gate 3190Sstevel@tonic-gate nhost = ia->arg[NSS_NETGR_MACHINE].argc; 3200Sstevel@tonic-gate phost = (char **)ia->arg[NSS_NETGR_MACHINE].argv; 321*2388Smj162486 if (phost == NULL || *phost == NULL) { 3220Sstevel@tonic-gate nhost = 0; 323*2388Smj162486 } else { 324*2388Smj162486 phost0 = phost[0]; 325*2388Smj162486 phlen = strlen(phost0); 326*2388Smj162486 } 3270Sstevel@tonic-gate nusers = ia->arg[NSS_NETGR_USER].argc; 3280Sstevel@tonic-gate pusers = (char **)ia->arg[NSS_NETGR_USER].argv; 329*2388Smj162486 if (pusers == NULL || *pusers == NULL) { 3300Sstevel@tonic-gate nusers = 0; 331*2388Smj162486 } else { 332*2388Smj162486 pusers0 = pusers[0]; 333*2388Smj162486 pulen = strlen(pusers0); 334*2388Smj162486 } 3350Sstevel@tonic-gate ndomains = ia->arg[NSS_NETGR_DOMAIN].argc; 3360Sstevel@tonic-gate pdomains = (char **)ia->arg[NSS_NETGR_DOMAIN].argv; 3370Sstevel@tonic-gate if (pdomains == NULL || *pdomains == NULL) 3380Sstevel@tonic-gate ndomains = 0; 3390Sstevel@tonic-gate 3400Sstevel@tonic-gate attr = __ns_ldap_getAttr(entry, _N_TRIPLE); 3410Sstevel@tonic-gate if (attr == NULL || *attr == NULL) 3420Sstevel@tonic-gate return (0); 3430Sstevel@tonic-gate 344*2388Smj162486 /* Special cases for speedup */ 345*2388Smj162486 if (nusers == 1 && nhost == 0 && ndomains == 0) { 346*2388Smj162486 /* Special case for finding a single user in a netgroup */ 347*2388Smj162486 for (; *attr; attr++) { 348*2388Smj162486 /* jump to first comma and check next character */ 349*2388Smj162486 current = *attr; 350*2388Smj162486 if ((current = strchr(current, COMMA)) == NULL) 351*2388Smj162486 continue; 352*2388Smj162486 current++; 353*2388Smj162486 354*2388Smj162486 /* skip whitespaces */ 355*2388Smj162486 while (isspace(*current)) 356*2388Smj162486 current++; 357*2388Smj162486 358*2388Smj162486 /* if user part is null, then treat as wildcard */ 359*2388Smj162486 if (*current == COMMA) 360*2388Smj162486 return (1); 361*2388Smj162486 362*2388Smj162486 /* compare first character */ 363*2388Smj162486 if (*pusers0 != *current) 364*2388Smj162486 continue; 365*2388Smj162486 366*2388Smj162486 /* limit username to COMMA */ 367*2388Smj162486 if ((limit = strchr(current, COMMA)) == NULL) 368*2388Smj162486 continue; 369*2388Smj162486 *limit = '\0'; 370*2388Smj162486 371*2388Smj162486 /* remove blanks before COMMA */ 372*2388Smj162486 if ((limit = strpbrk(current, " \t")) != NULL) 373*2388Smj162486 *limit = '\0'; 374*2388Smj162486 375*2388Smj162486 /* compare size of username */ 376*2388Smj162486 if (pulen != strlen(current)) { 377*2388Smj162486 continue; 378*2388Smj162486 } 379*2388Smj162486 380*2388Smj162486 /* do actual compare */ 381*2388Smj162486 if (strncmp(pusers0, current, pulen) == 0) { 382*2388Smj162486 return (1); 383*2388Smj162486 } else { 384*2388Smj162486 continue; 385*2388Smj162486 } 386*2388Smj162486 } 387*2388Smj162486 } else if (nusers == 0 && nhost == 1 && ndomains == 0) { 388*2388Smj162486 /* Special case for finding a single host in a netgroup */ 389*2388Smj162486 for (; *attr; attr++) { 390*2388Smj162486 391*2388Smj162486 /* jump to first character and check */ 392*2388Smj162486 current = *attr; 393*2388Smj162486 current++; 394*2388Smj162486 395*2388Smj162486 /* skip whitespaces */ 396*2388Smj162486 while (isspace(*current)) 397*2388Smj162486 current++; 398*2388Smj162486 399*2388Smj162486 /* if host part is null, then treat as wildcard */ 400*2388Smj162486 if (*current == COMMA) 401*2388Smj162486 return (1); 402*2388Smj162486 403*2388Smj162486 /* compare first character */ 404*2388Smj162486 if (tolower(*phost0) != tolower(*current)) 405*2388Smj162486 continue; 406*2388Smj162486 407*2388Smj162486 /* limit hostname to COMMA */ 408*2388Smj162486 if ((limit = strchr(current, COMMA)) == NULL) 409*2388Smj162486 continue; 410*2388Smj162486 *limit = '\0'; 411*2388Smj162486 412*2388Smj162486 /* remove blanks before COMMA */ 413*2388Smj162486 if ((limit = strpbrk(current, " \t")) != NULL) 414*2388Smj162486 *limit = '\0'; 415*2388Smj162486 416*2388Smj162486 /* compare size of hostname */ 417*2388Smj162486 if (phlen != strlen(current)) { 418*2388Smj162486 continue; 419*2388Smj162486 } 420*2388Smj162486 421*2388Smj162486 /* do actual compare */ 422*2388Smj162486 if (strncasecmp(phost0, current, phlen) == 0) { 423*2388Smj162486 return (1); 424*2388Smj162486 } else { 425*2388Smj162486 continue; 426*2388Smj162486 } 427*2388Smj162486 } 428*2388Smj162486 } else { 429*2388Smj162486 for (; *attr; attr++) { 430*2388Smj162486 if (strlcpy(triple, *attr, 431*2388Smj162486 sizeof (triple)) >= sizeof (triple)) 432*2388Smj162486 continue; 433*2388Smj162486 if (split_triple(triple, &thost, &tuser, &tdomain) != 0) 434*2388Smj162486 continue; 435*2388Smj162486 if (thost != NULL && *thost != '\0' && nhost != 0) { 436*2388Smj162486 for (i = 0; i < nhost; i++) 437*2388Smj162486 if (strcasecmp(thost, phost[i]) == 0) 438*2388Smj162486 break; 439*2388Smj162486 if (i == nhost) 440*2388Smj162486 continue; 441*2388Smj162486 } 442*2388Smj162486 if (tuser != NULL && *tuser != '\0' && nusers != 0) { 443*2388Smj162486 for (i = 0; i < nusers; i++) 444*2388Smj162486 if (strcmp(tuser, pusers[i]) == 0) 445*2388Smj162486 break; 446*2388Smj162486 if (i == nusers) 447*2388Smj162486 continue; 448*2388Smj162486 } 449*2388Smj162486 if (tdomain != NULL && *tdomain != '\0' && 450*2388Smj162486 ndomains != 0) { 451*2388Smj162486 for (i = 0; i < ndomains; i++) 452*2388Smj162486 if (domcmp(tdomain, pdomains[i]) == 0) 453*2388Smj162486 break; 454*2388Smj162486 if (i == ndomains) 455*2388Smj162486 continue; 456*2388Smj162486 } 457*2388Smj162486 return (1); 458*2388Smj162486 } 4590Sstevel@tonic-gate } 4600Sstevel@tonic-gate 4610Sstevel@tonic-gate return (0); 4620Sstevel@tonic-gate } 4630Sstevel@tonic-gate 4640Sstevel@tonic-gate static int 4650Sstevel@tonic-gate match_triple(struct nss_innetgr_args *ia, ns_ldap_result_t *result) 4660Sstevel@tonic-gate { 4670Sstevel@tonic-gate ns_ldap_entry_t *entry; 4680Sstevel@tonic-gate 4690Sstevel@tonic-gate for (entry = result->entry; entry != NULL; entry = entry->next) 4700Sstevel@tonic-gate if (match_triple_entry(ia, entry) == 1) 4710Sstevel@tonic-gate return (1); 4720Sstevel@tonic-gate 4730Sstevel@tonic-gate return (0); 4740Sstevel@tonic-gate } 4750Sstevel@tonic-gate 4760Sstevel@tonic-gate static int 4770Sstevel@tonic-gate add_netgroup_member_entry(ns_ldap_entry_t *entry, netgroup_table_t *tab) 4780Sstevel@tonic-gate { 4790Sstevel@tonic-gate char **attrs; 4800Sstevel@tonic-gate char **a; 4810Sstevel@tonic-gate 4820Sstevel@tonic-gate attrs = __ns_ldap_getAttr(entry, _N_MEMBER); 4830Sstevel@tonic-gate if (attrs == NULL || *attrs == NULL) 4840Sstevel@tonic-gate return (0); 4850Sstevel@tonic-gate 4860Sstevel@tonic-gate for (a = attrs; *a != NULL; a++) {} 4870Sstevel@tonic-gate 4880Sstevel@tonic-gate do { 4890Sstevel@tonic-gate a--; 4900Sstevel@tonic-gate if (add_netgroup_name(*a, tab) != 0) 4910Sstevel@tonic-gate return (-1); 4920Sstevel@tonic-gate } while (a > attrs); 4930Sstevel@tonic-gate return (0); 4940Sstevel@tonic-gate } 4950Sstevel@tonic-gate 4960Sstevel@tonic-gate static int 4970Sstevel@tonic-gate add_netgroup_member(ns_ldap_result_t *result, netgroup_table_t *tab) 4980Sstevel@tonic-gate { 4990Sstevel@tonic-gate ns_ldap_entry_t *entry; 5000Sstevel@tonic-gate int ret = 0; 5010Sstevel@tonic-gate 5020Sstevel@tonic-gate for (entry = result->entry; entry != NULL; entry = entry->next) { 5030Sstevel@tonic-gate ret = add_netgroup_member_entry(entry, tab); 5040Sstevel@tonic-gate if (ret != 0) 5050Sstevel@tonic-gate break; 5060Sstevel@tonic-gate } 5070Sstevel@tonic-gate return (ret); 5080Sstevel@tonic-gate } 5090Sstevel@tonic-gate 5100Sstevel@tonic-gate /* 5110Sstevel@tonic-gate * top_down_search checks only checks the netgroup specified in netgrname 5120Sstevel@tonic-gate */ 5130Sstevel@tonic-gate static nss_status_t 5140Sstevel@tonic-gate top_down_search(struct nss_innetgr_args *ia, char *netgrname) 5150Sstevel@tonic-gate { 5160Sstevel@tonic-gate char searchfilter[SEARCHFILTERLEN]; 5170Sstevel@tonic-gate char name[SEARCHFILTERLEN]; 5180Sstevel@tonic-gate char userdata[SEARCHFILTERLEN]; 5190Sstevel@tonic-gate ns_ldap_result_t *result = NULL; 5200Sstevel@tonic-gate ns_ldap_error_t *error = NULL; 5210Sstevel@tonic-gate int rc; 5220Sstevel@tonic-gate void *cookie = NULL; 5230Sstevel@tonic-gate nss_status_t status = NSS_NOTFOUND; 5240Sstevel@tonic-gate netgroup_table_t tab; 5250Sstevel@tonic-gate netgroup_name_t *ng; 5260Sstevel@tonic-gate int ret; 5270Sstevel@tonic-gate 5280Sstevel@tonic-gate (void) memset(&tab, 0, sizeof (tab)); 5290Sstevel@tonic-gate 5300Sstevel@tonic-gate if (add_netgroup_name(netgrname, &tab) != 0) 5310Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 5320Sstevel@tonic-gate 5330Sstevel@tonic-gate while ((ng = get_next_netgroup(&tab)) != NULL) { 5340Sstevel@tonic-gate if (_ldap_filter_name(name, ng->name, sizeof (name)) != 0) 5350Sstevel@tonic-gate break; 5360Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter), _F_SETMEMBER, 5370Sstevel@tonic-gate name); 5380Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0) 5390Sstevel@tonic-gate break; 5400Sstevel@tonic-gate 5410Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata), _F_SETMEMBER_SSD, name); 5420Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0) 5430Sstevel@tonic-gate break; 5440Sstevel@tonic-gate 5450Sstevel@tonic-gate rc = __ns_ldap_firstEntry(_NETGROUP, searchfilter, 5460Sstevel@tonic-gate _merge_SSD_filter, netgrent_attrs, NULL, 0, &cookie, &result, 5470Sstevel@tonic-gate &error, userdata); 5480Sstevel@tonic-gate 5490Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 5500Sstevel@tonic-gate while (rc == NS_LDAP_SUCCESS && result != NULL) { 5510Sstevel@tonic-gate if (match_triple(ia, result) == 1) { 5520Sstevel@tonic-gate /* We found a match */ 5530Sstevel@tonic-gate ia->status = NSS_NETGR_FOUND; 5540Sstevel@tonic-gate status = NSS_SUCCESS; 5550Sstevel@tonic-gate break; 5560Sstevel@tonic-gate } 5570Sstevel@tonic-gate 5580Sstevel@tonic-gate rc = add_netgroup_member(result, &tab); 5590Sstevel@tonic-gate (void) __ns_ldap_freeResult(&result); 5600Sstevel@tonic-gate 5610Sstevel@tonic-gate if (rc != NS_LDAP_SUCCESS) 5620Sstevel@tonic-gate break; 5630Sstevel@tonic-gate rc = __ns_ldap_nextEntry(cookie, &result, &error); 5640Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 5650Sstevel@tonic-gate } 5660Sstevel@tonic-gate (void) __ns_ldap_freeResult(&result); 5670Sstevel@tonic-gate (void) __ns_ldap_endEntry(&cookie, &error); 5680Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 5690Sstevel@tonic-gate 5700Sstevel@tonic-gate if (status == NSS_SUCCESS || 5710Sstevel@tonic-gate (rc != NS_LDAP_SUCCESS && rc != NS_LDAP_NOTFOUND)) 5720Sstevel@tonic-gate break; 5730Sstevel@tonic-gate } 5740Sstevel@tonic-gate 5750Sstevel@tonic-gate (void) __ns_ldap_freeResult(&result); 5760Sstevel@tonic-gate (void) __ns_ldap_endEntry(&cookie, &error); 5770Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 5780Sstevel@tonic-gate free_netgroup_table(&tab); 5790Sstevel@tonic-gate return (status); 5800Sstevel@tonic-gate } 5810Sstevel@tonic-gate 5820Sstevel@tonic-gate /* 5830Sstevel@tonic-gate * __netgr_in checks only checks the netgroup specified in ngroup 5840Sstevel@tonic-gate */ 5850Sstevel@tonic-gate static nss_status_t 5860Sstevel@tonic-gate __netgr_in(void *a, char *netgrname) 5870Sstevel@tonic-gate { 5880Sstevel@tonic-gate struct nss_innetgr_args *ia = (struct nss_innetgr_args *)a; 5890Sstevel@tonic-gate nss_status_t status = NSS_NOTFOUND; 5900Sstevel@tonic-gate 5910Sstevel@tonic-gate #ifdef DEBUG 5920Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: netgr_in]\n"); 5930Sstevel@tonic-gate (void) fprintf(stdout, "\tmachine: argc[%d]='%s' user: " 5940Sstevel@tonic-gate "argc[%d]='%s',\n\tdomain:argc[%d]='%s' " 5950Sstevel@tonic-gate "netgroup: argc[%d]='%s'\n", 5960Sstevel@tonic-gate NSS_NETGR_MACHINE, 5970Sstevel@tonic-gate PRINT_VAL(ia->arg[NSS_NETGR_MACHINE]), 5980Sstevel@tonic-gate NSS_NETGR_USER, 5990Sstevel@tonic-gate PRINT_VAL(ia->arg[NSS_NETGR_USER]), 6000Sstevel@tonic-gate NSS_NETGR_DOMAIN, 6010Sstevel@tonic-gate PRINT_VAL(ia->arg[NSS_NETGR_DOMAIN]), 6020Sstevel@tonic-gate NSS_NETGR_N, 6030Sstevel@tonic-gate PRINT_VAL(ia->arg[NSS_NETGR_N])); 6040Sstevel@tonic-gate (void) fprintf(stdout, "\tgroups='%s'\n", netgrname); 6050Sstevel@tonic-gate #endif /* DEBUG */ 6060Sstevel@tonic-gate 6070Sstevel@tonic-gate ia->status = NSS_NETGR_NO; 6080Sstevel@tonic-gate 6090Sstevel@tonic-gate if (netgrname == NULL) 6100Sstevel@tonic-gate return (status); 6110Sstevel@tonic-gate 612*2388Smj162486 return (top_down_search(ia, netgrname)); 6130Sstevel@tonic-gate } 6140Sstevel@tonic-gate 6150Sstevel@tonic-gate /*ARGSUSED0*/ 6160Sstevel@tonic-gate static nss_status_t 6170Sstevel@tonic-gate netgr_in(ldap_backend_ptr be, void *a) 6180Sstevel@tonic-gate { 6190Sstevel@tonic-gate struct nss_innetgr_args *ia = (struct nss_innetgr_args *)a; 6200Sstevel@tonic-gate int i; 6210Sstevel@tonic-gate nss_status_t rc = (nss_status_t)NSS_NOTFOUND; 6220Sstevel@tonic-gate 6230Sstevel@tonic-gate ia->status = NSS_NETGR_NO; 6240Sstevel@tonic-gate for (i = 0; i < ia->groups.argc; i++) { 6250Sstevel@tonic-gate rc = __netgr_in(a, ia->groups.argv[i]); 6260Sstevel@tonic-gate if (ia->status == NSS_NETGR_FOUND) 6270Sstevel@tonic-gate return (NSS_SUCCESS); 6280Sstevel@tonic-gate } 6290Sstevel@tonic-gate return (rc); 6300Sstevel@tonic-gate } 6310Sstevel@tonic-gate 6320Sstevel@tonic-gate /* 6330Sstevel@tonic-gate * 6340Sstevel@tonic-gate */ 6350Sstevel@tonic-gate 6360Sstevel@tonic-gate static nss_status_t 6370Sstevel@tonic-gate getnetgr_ldap_setent(ldap_backend_ptr be, void *a) 6380Sstevel@tonic-gate { 6390Sstevel@tonic-gate const char *netgroup = (const char *) a; 6400Sstevel@tonic-gate getnetgrent_cookie_t *cookie; 6410Sstevel@tonic-gate 6420Sstevel@tonic-gate #ifdef DEBUG 6430Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_setent]\n"); 6440Sstevel@tonic-gate #endif /* DEBUG */ 6450Sstevel@tonic-gate 6460Sstevel@tonic-gate cookie = (getnetgrent_cookie_t *)be->netgroup_cookie; 6470Sstevel@tonic-gate if (cookie != NULL && cookie->netgroup != NULL) { 6480Sstevel@tonic-gate /* is this another set on the same netgroup */ 6490Sstevel@tonic-gate if (strcmp(cookie->netgroup, netgroup) == 0) 6500Sstevel@tonic-gate return ((nss_status_t)NSS_SUCCESS); 6510Sstevel@tonic-gate } 6520Sstevel@tonic-gate 6530Sstevel@tonic-gate return (NSS_NOTFOUND); 6540Sstevel@tonic-gate } 6550Sstevel@tonic-gate 6560Sstevel@tonic-gate static void 6570Sstevel@tonic-gate free_getnetgrent_cookie(getnetgrent_cookie_t **cookie) 6580Sstevel@tonic-gate { 6590Sstevel@tonic-gate ns_ldap_error_t *error = NULL; 6600Sstevel@tonic-gate getnetgrent_cookie_t *p = *cookie; 6610Sstevel@tonic-gate 6620Sstevel@tonic-gate #ifdef DEBUG 6630Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: free_getnetgrent_cookie]\n"); 6640Sstevel@tonic-gate #endif /* DEBUG */ 6650Sstevel@tonic-gate 6660Sstevel@tonic-gate if (p == NULL) 6670Sstevel@tonic-gate return; 6680Sstevel@tonic-gate 6690Sstevel@tonic-gate (void) __ns_ldap_freeResult(&p->results); 6700Sstevel@tonic-gate (void) __ns_ldap_endEntry(&p->cookie, &error); 6710Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 6720Sstevel@tonic-gate free_netgroup_table(&p->tab); 6730Sstevel@tonic-gate free(p->netgroup); 6740Sstevel@tonic-gate free(p); 6750Sstevel@tonic-gate *cookie = NULL; 6760Sstevel@tonic-gate } 6770Sstevel@tonic-gate 6780Sstevel@tonic-gate /*ARGSUSED1*/ 6790Sstevel@tonic-gate static nss_status_t 6800Sstevel@tonic-gate getnetgr_ldap_endent(ldap_backend_ptr be, void *a) 6810Sstevel@tonic-gate { 6820Sstevel@tonic-gate 6830Sstevel@tonic-gate #ifdef DEBUG 6840Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_endent]\n"); 6850Sstevel@tonic-gate #endif /* DEBUG */ 6860Sstevel@tonic-gate 6870Sstevel@tonic-gate free_getnetgrent_cookie((getnetgrent_cookie_t **)&be->netgroup_cookie); 6880Sstevel@tonic-gate 6890Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 6900Sstevel@tonic-gate } 6910Sstevel@tonic-gate 6920Sstevel@tonic-gate 6930Sstevel@tonic-gate /*ARGSUSED1*/ 6940Sstevel@tonic-gate static nss_status_t 6950Sstevel@tonic-gate getnetgr_ldap_destr(ldap_backend_ptr be, void *a) 6960Sstevel@tonic-gate { 6970Sstevel@tonic-gate 6980Sstevel@tonic-gate #ifdef DEBUG 6990Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_destr]\n"); 7000Sstevel@tonic-gate #endif /* DEBUG */ 7010Sstevel@tonic-gate 7020Sstevel@tonic-gate free_getnetgrent_cookie((getnetgrent_cookie_t **)&be->netgroup_cookie); 7030Sstevel@tonic-gate free(be); 7040Sstevel@tonic-gate 7050Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 7060Sstevel@tonic-gate } 7070Sstevel@tonic-gate 7080Sstevel@tonic-gate 7090Sstevel@tonic-gate static nss_status_t 7100Sstevel@tonic-gate getnetgr_ldap_getent(ldap_backend_ptr be, void *a) 7110Sstevel@tonic-gate { 7120Sstevel@tonic-gate struct nss_getnetgrent_args *args; 7130Sstevel@tonic-gate getnetgrent_cookie_t *p; 7140Sstevel@tonic-gate char searchfilter[SEARCHFILTERLEN]; 7150Sstevel@tonic-gate char userdata[SEARCHFILTERLEN]; 7160Sstevel@tonic-gate char name[SEARCHFILTERLEN]; 7170Sstevel@tonic-gate int rc; 7180Sstevel@tonic-gate void *cookie = NULL; 7190Sstevel@tonic-gate ns_ldap_result_t *result = NULL; 7200Sstevel@tonic-gate ns_ldap_error_t *error = NULL; 7210Sstevel@tonic-gate char **attrs; 7220Sstevel@tonic-gate char *hostname, *username, *domain; 7230Sstevel@tonic-gate char *buffer; 7240Sstevel@tonic-gate nss_status_t status = NSS_SUCCESS; 7250Sstevel@tonic-gate netgroup_name_t *ng; 7260Sstevel@tonic-gate int ret; 7270Sstevel@tonic-gate 7280Sstevel@tonic-gate #ifdef DEBUG 7290Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_getent]\n"); 7300Sstevel@tonic-gate #endif /* DEBUG */ 7310Sstevel@tonic-gate 7320Sstevel@tonic-gate args = (struct nss_getnetgrent_args *)a; 7330Sstevel@tonic-gate 7340Sstevel@tonic-gate args->status = NSS_NETGR_NO; 7350Sstevel@tonic-gate 7360Sstevel@tonic-gate p = (getnetgrent_cookie_t *)be->netgroup_cookie; 7370Sstevel@tonic-gate if (p == NULL) 7380Sstevel@tonic-gate return ((nss_status_t)NSS_SUCCESS); 7390Sstevel@tonic-gate 7400Sstevel@tonic-gate for (;;) { 7410Sstevel@tonic-gate while (p->cookie == NULL) { 7420Sstevel@tonic-gate ng = get_next_netgroup(&p->tab); 7430Sstevel@tonic-gate if (ng == NULL) /* no more */ 7440Sstevel@tonic-gate break; 7450Sstevel@tonic-gate 7460Sstevel@tonic-gate if (_ldap_filter_name(name, ng->name, sizeof (name)) != 0) 7470Sstevel@tonic-gate break; 7480Sstevel@tonic-gate 7490Sstevel@tonic-gate ret = snprintf(searchfilter, sizeof (searchfilter), 7500Sstevel@tonic-gate _F_SETMEMBER, name); 7510Sstevel@tonic-gate if (ret >= sizeof (searchfilter) || ret < 0) 7520Sstevel@tonic-gate break; 7530Sstevel@tonic-gate 7540Sstevel@tonic-gate ret = snprintf(userdata, sizeof (userdata), _F_SETMEMBER_SSD, 7550Sstevel@tonic-gate name); 7560Sstevel@tonic-gate if (ret >= sizeof (userdata) || ret < 0) 7570Sstevel@tonic-gate break; 7580Sstevel@tonic-gate 7590Sstevel@tonic-gate result = NULL; 7600Sstevel@tonic-gate rc = __ns_ldap_firstEntry(_NETGROUP, searchfilter, 7610Sstevel@tonic-gate _merge_SSD_filter, netgrent_attrs, NULL, 0, &cookie, 7620Sstevel@tonic-gate &result, &error, userdata); 7630Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 7640Sstevel@tonic-gate 7650Sstevel@tonic-gate if (rc == NS_LDAP_SUCCESS && result != NULL) { 7660Sstevel@tonic-gate p->cookie = cookie; 7670Sstevel@tonic-gate p->results = result; 7680Sstevel@tonic-gate break; 7690Sstevel@tonic-gate } 7700Sstevel@tonic-gate (void) __ns_ldap_freeResult(&result); 7710Sstevel@tonic-gate (void) __ns_ldap_endEntry(&cookie, &error); 7720Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 7730Sstevel@tonic-gate } 7740Sstevel@tonic-gate if (p->cookie == NULL) 7750Sstevel@tonic-gate break; 7760Sstevel@tonic-gate if (p->results == NULL) { 7770Sstevel@tonic-gate result = NULL; 7780Sstevel@tonic-gate rc = __ns_ldap_nextEntry(p->cookie, &result, &error); 7790Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 7800Sstevel@tonic-gate if (rc == NS_LDAP_SUCCESS && result != NULL) 7810Sstevel@tonic-gate p->results = result; 7820Sstevel@tonic-gate else { 7830Sstevel@tonic-gate (void) __ns_ldap_freeResult(&result); 7840Sstevel@tonic-gate (void) __ns_ldap_endEntry(&p->cookie, &error); 7850Sstevel@tonic-gate (void) __ns_ldap_freeError(&error); 7860Sstevel@tonic-gate p->cookie = NULL; 7870Sstevel@tonic-gate } 7880Sstevel@tonic-gate } 7890Sstevel@tonic-gate if (p->results == NULL) 7900Sstevel@tonic-gate continue; 7910Sstevel@tonic-gate 7920Sstevel@tonic-gate if (p->entry == NULL) 7930Sstevel@tonic-gate p->entry = p->results->entry; 7940Sstevel@tonic-gate 7950Sstevel@tonic-gate if (p->entry == NULL) 7960Sstevel@tonic-gate continue; 7970Sstevel@tonic-gate 7980Sstevel@tonic-gate if (p->attrs == NULL) { 7990Sstevel@tonic-gate attrs = __ns_ldap_getAttr(p->entry, _N_TRIPLE); 8000Sstevel@tonic-gate if (attrs != NULL && *attrs != NULL) 8010Sstevel@tonic-gate p->attrs = attrs; 8020Sstevel@tonic-gate } 8030Sstevel@tonic-gate 8040Sstevel@tonic-gate if (p->attrs != NULL) { 8050Sstevel@tonic-gate attrs = p->attrs; 8060Sstevel@tonic-gate buffer = args->buffer; 8070Sstevel@tonic-gate 8080Sstevel@tonic-gate if (strlcpy(buffer, *attrs, args->buflen) >= args->buflen) { 8090Sstevel@tonic-gate status = NSS_STR_PARSE_ERANGE; 8100Sstevel@tonic-gate break; 8110Sstevel@tonic-gate } 8120Sstevel@tonic-gate 8130Sstevel@tonic-gate rc = split_triple(buffer, &hostname, &username, &domain); 8140Sstevel@tonic-gate attrs++; 8150Sstevel@tonic-gate if (attrs != NULL && *attrs != NULL) 8160Sstevel@tonic-gate p->attrs = attrs; 8170Sstevel@tonic-gate else 8180Sstevel@tonic-gate p->attrs = NULL; 8190Sstevel@tonic-gate if (rc == 0) { 8200Sstevel@tonic-gate args->retp[NSS_NETGR_MACHINE] = hostname; 8210Sstevel@tonic-gate args->retp[NSS_NETGR_USER] = username; 8220Sstevel@tonic-gate args->retp[NSS_NETGR_DOMAIN] = domain; 8230Sstevel@tonic-gate args->status = NSS_NETGR_FOUND; 8240Sstevel@tonic-gate if (p->attrs != NULL) 8250Sstevel@tonic-gate break; 8260Sstevel@tonic-gate } 8270Sstevel@tonic-gate } 8280Sstevel@tonic-gate 8290Sstevel@tonic-gate if (p->attrs == NULL) { 8300Sstevel@tonic-gate rc = add_netgroup_member_entry(p->entry, &p->tab); 8310Sstevel@tonic-gate if (rc != 0) { 8320Sstevel@tonic-gate args->status = NSS_NETGR_NO; 8330Sstevel@tonic-gate break; 8340Sstevel@tonic-gate } 8350Sstevel@tonic-gate 8360Sstevel@tonic-gate p->entry = p->entry->next; 8370Sstevel@tonic-gate if (p->entry == NULL) 8380Sstevel@tonic-gate (void) __ns_ldap_freeResult(&p->results); 8390Sstevel@tonic-gate if (args->status == NSS_NETGR_FOUND) 8400Sstevel@tonic-gate break; 8410Sstevel@tonic-gate } 8420Sstevel@tonic-gate } 8430Sstevel@tonic-gate 8440Sstevel@tonic-gate return (status); 8450Sstevel@tonic-gate } 8460Sstevel@tonic-gate 8470Sstevel@tonic-gate static ldap_backend_op_t getnetgroup_ops[] = { 8480Sstevel@tonic-gate getnetgr_ldap_destr, 8490Sstevel@tonic-gate getnetgr_ldap_endent, 8500Sstevel@tonic-gate getnetgr_ldap_setent, 8510Sstevel@tonic-gate getnetgr_ldap_getent, 8520Sstevel@tonic-gate }; 8530Sstevel@tonic-gate 8540Sstevel@tonic-gate /* 8550Sstevel@tonic-gate * 8560Sstevel@tonic-gate */ 8570Sstevel@tonic-gate 8580Sstevel@tonic-gate static nss_status_t 8590Sstevel@tonic-gate netgr_set(ldap_backend_ptr be, void *a) 8600Sstevel@tonic-gate { 8610Sstevel@tonic-gate struct nss_setnetgrent_args *args = 8620Sstevel@tonic-gate (struct nss_setnetgrent_args *)a; 8630Sstevel@tonic-gate ldap_backend_ptr get_be; 8640Sstevel@tonic-gate getnetgrent_cookie_t *p; 8650Sstevel@tonic-gate 8660Sstevel@tonic-gate #ifdef DEBUG 8670Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: netgr_set]\n"); 8680Sstevel@tonic-gate (void) fprintf(stdout, 8690Sstevel@tonic-gate "\targs->netgroup: %s\n", ISNULL(args->netgroup)); 8700Sstevel@tonic-gate #endif /* DEBUG */ 8710Sstevel@tonic-gate 8720Sstevel@tonic-gate if (args->netgroup == NULL) 8730Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 8740Sstevel@tonic-gate 8750Sstevel@tonic-gate free_getnetgrent_cookie((getnetgrent_cookie_t **)&be->netgroup_cookie); 8760Sstevel@tonic-gate p = (getnetgrent_cookie_t *)calloc(1, sizeof (getnetgrent_cookie_t)); 8770Sstevel@tonic-gate if (p == NULL) 8780Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 8790Sstevel@tonic-gate p->netgroup = strdup(args->netgroup); 8800Sstevel@tonic-gate if (p->netgroup == NULL) { 8810Sstevel@tonic-gate free(p); 8820Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 8830Sstevel@tonic-gate } 8840Sstevel@tonic-gate if (add_netgroup_name(args->netgroup, &p->tab) == -1) { 8850Sstevel@tonic-gate free_getnetgrent_cookie(&p); 8860Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 8870Sstevel@tonic-gate } 8880Sstevel@tonic-gate 8890Sstevel@tonic-gate /* now allocate and return iteration backend structure */ 8900Sstevel@tonic-gate if ((get_be = (ldap_backend_ptr)malloc(sizeof (*get_be))) == NULL) 8910Sstevel@tonic-gate return (NSS_UNAVAIL); 8920Sstevel@tonic-gate get_be->ops = getnetgroup_ops; 8930Sstevel@tonic-gate get_be->nops = sizeof (getnetgroup_ops) / sizeof (getnetgroup_ops[0]); 8940Sstevel@tonic-gate get_be->tablename = NULL; 8950Sstevel@tonic-gate get_be->attrs = netgrent_attrs; 8960Sstevel@tonic-gate get_be->result = NULL; 8970Sstevel@tonic-gate get_be->ldapobj2ent = NULL; 8980Sstevel@tonic-gate get_be->setcalled = 1; 8990Sstevel@tonic-gate get_be->filter = NULL; 9000Sstevel@tonic-gate get_be->toglue = NULL; 9010Sstevel@tonic-gate get_be->enumcookie = NULL; 9020Sstevel@tonic-gate get_be->netgroup_cookie = p; 9030Sstevel@tonic-gate args->iterator = (nss_backend_t *)get_be; 9040Sstevel@tonic-gate 9050Sstevel@tonic-gate (void) __ns_ldap_freeResult(&be->result); 9060Sstevel@tonic-gate 9070Sstevel@tonic-gate return (NSS_SUCCESS); 9080Sstevel@tonic-gate } 9090Sstevel@tonic-gate 9100Sstevel@tonic-gate 9110Sstevel@tonic-gate /*ARGSUSED1*/ 9120Sstevel@tonic-gate static nss_status_t 9130Sstevel@tonic-gate netgr_ldap_destr(ldap_backend_ptr be, void *a) 9140Sstevel@tonic-gate { 9150Sstevel@tonic-gate 9160Sstevel@tonic-gate #ifdef DEBUG 9170Sstevel@tonic-gate (void) fprintf(stdout, "\n[getnetgrent.c: netgr_ldap_destr]\n"); 9180Sstevel@tonic-gate #endif /* DEBUG */ 9190Sstevel@tonic-gate 9200Sstevel@tonic-gate (void) _clean_ldap_backend(be); 9210Sstevel@tonic-gate 9220Sstevel@tonic-gate return ((nss_status_t)NSS_NOTFOUND); 9230Sstevel@tonic-gate } 9240Sstevel@tonic-gate 9250Sstevel@tonic-gate 9260Sstevel@tonic-gate 9270Sstevel@tonic-gate 9280Sstevel@tonic-gate static ldap_backend_op_t netgroup_ops[] = { 9290Sstevel@tonic-gate netgr_ldap_destr, 9300Sstevel@tonic-gate 0, 9310Sstevel@tonic-gate 0, 9320Sstevel@tonic-gate 0, 9330Sstevel@tonic-gate netgr_in, /* innetgr() */ 9340Sstevel@tonic-gate netgr_set /* setnetgrent() */ 9350Sstevel@tonic-gate }; 9360Sstevel@tonic-gate 9370Sstevel@tonic-gate 9380Sstevel@tonic-gate /* 9390Sstevel@tonic-gate * _nss_ldap_netgroup_constr is where life begins. This function calls the 9400Sstevel@tonic-gate * generic ldap constructor function to define and build the abstract data 9410Sstevel@tonic-gate * types required to support ldap operations. 9420Sstevel@tonic-gate */ 9430Sstevel@tonic-gate 9440Sstevel@tonic-gate /*ARGSUSED0*/ 9450Sstevel@tonic-gate nss_backend_t * 9460Sstevel@tonic-gate _nss_ldap_netgroup_constr(const char *dummy1, const char *dummy2, 9470Sstevel@tonic-gate const char *dummy3) 9480Sstevel@tonic-gate { 9490Sstevel@tonic-gate 9500Sstevel@tonic-gate #ifdef DEBUG 9510Sstevel@tonic-gate (void) fprintf(stdout, 9520Sstevel@tonic-gate "\n[getnetgrent.c: _nss_ldap_netgroup_constr]\n"); 9530Sstevel@tonic-gate #endif /* DEBUG */ 9540Sstevel@tonic-gate 9550Sstevel@tonic-gate return ((nss_backend_t *)_nss_ldap_constr(netgroup_ops, 9560Sstevel@tonic-gate sizeof (netgroup_ops)/sizeof (netgroup_ops[0]), _NETGROUP, 9570Sstevel@tonic-gate netgrent_attrs, NULL)); 9580Sstevel@tonic-gate } 959