usr/src/lib/nsswitch/ldap/common/getauthattr.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #pragma ident   "%Z%%M% %I%     %E% SMI"
  27
  28 #include <secdb.h>
  29 #include <auth_attr.h>
  30 #include "ldap_common.h"
  31
  32
  33 /* auth_attr attributes filters */
  34 #define _AUTH_NAME              "cn"
  35 #define _AUTH_RES1              "SolarisAttrReserved1"
  36 #define _AUTH_RES2              "SolarisAttrReserved2"
  37 #define _AUTH_SHORTDES          "SolarisAttrShortDesc"
  38 #define _AUTH_LONGDES           "SolarisAttrLongDesc"
  39 #define _AUTH_ATTRS             "SolarisAttrKeyValue"
  40 #define _AUTH_GETAUTHNAME       "(&(objectClass=SolarisAuthAttr)(cn=%s))"
  41 #define _AUTH_GETAUTHNAME_SSD   "(&(%%s)(cn=%s))"
  42
  43
  44 static const char *auth_attrs[] = {
  45         _AUTH_NAME,
  46         _AUTH_RES1,
  47         _AUTH_RES2,
  48         _AUTH_SHORTDES,
  49         _AUTH_LONGDES,
  50         _AUTH_ATTRS,
  51         NULL
  52 };
  53 /*
  54  * _nss_ldap_auth2str is the data marshaling method for the auth_attr
  55  * system call getauthattr and getauthnam.
  56  * This method is called after a successful search has been performed.
  57  * This method will parse the search results into the file format.
  58  * e.g.
  59  *
  60  * solaris.:::All Solaris Authorizations::help=AllSolAuthsHeader.html
  61  *
  62  */
  63 static int
  64 _nss_ldap_auth2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
  65 {
  66         int                     nss_result;
  67         int                     buflen = 0;
  68         unsigned long           len = 0L;
  69         char                    *buffer = NULL;
  70         ns_ldap_result_t        *result = be->result;
  71         char                    **name, **res1, **res2, **sdes, **ldes, **attr;
  72         char                    *res1_str, *res2_str, *sdes_str, *ldes_str;
  73         char                    *attr_str;
  74
  75         if (result == NULL)
  76                 return (NSS_STR_PARSE_PARSE);
  77
  78         buflen = argp->buf.buflen;
  79         nss_result = NSS_STR_PARSE_SUCCESS;
  80         (void) memset(argp->buf.buffer, 0, buflen);
  81
  82         name = __ns_ldap_getAttr(result->entry, _AUTH_NAME);
  83         if (name == NULL || name[0] == NULL ||
  84                         (strlen(name[0]) < 1)) {
  85                 nss_result = NSS_STR_PARSE_PARSE;
  86                 goto result_auth2str;
  87         }
  88         res1 = __ns_ldap_getAttr(result->entry, _AUTH_RES1);
  89         if (res1 == NULL || res1[0] == NULL || (strlen(res1[0]) < 1))
  90                 res1_str = _NO_VALUE;
  91         else
  92                 res1_str = res1[0];
  93
  94         res2 = __ns_ldap_getAttr(result->entry, _AUTH_RES2);
  95         if (res2 == NULL || res2[0] == NULL || (strlen(res2[0]) < 1))
  96                 res2_str = _NO_VALUE;
  97         else
  98                 res2_str = res2[0];
  99
 100         sdes = __ns_ldap_getAttr(result->entry, _AUTH_SHORTDES);
 101         if (sdes == NULL || sdes[0] == NULL || (strlen(sdes[0]) < 1))
 102                 sdes_str = _NO_VALUE;
 103         else
 104                 sdes_str = sdes[0];
 105
 106         ldes = __ns_ldap_getAttr(result->entry, _AUTH_LONGDES);
 107         if (ldes == NULL || ldes[0] == NULL || (strlen(ldes[0]) < 1))
 108                 ldes_str = _NO_VALUE;
 109         else
 110                 ldes_str = ldes[0];
 111
 112         attr = __ns_ldap_getAttr(result->entry, _AUTH_ATTRS);
 113         if (attr == NULL || attr[0] == NULL || (strlen(attr[0]) < 1))
 114                 attr_str = _NO_VALUE;
 115         else
 116                 attr_str = attr[0];
 117         /* 6 = 5 ':' + 1 '\0' */
 118         len = strlen(name[0]) + strlen(res1_str) + strlen(res2_str) +
 119                 strlen(sdes_str) + strlen(ldes_str) + strlen(attr_str) + 6;
 120         if (len > buflen) {
 121                 nss_result = NSS_STR_PARSE_ERANGE;
 122                 goto result_auth2str;
 123         }
 124
 125         if (argp->buf.result != NULL) {
 126                 if ((be->buffer = calloc(1, len)) == NULL) {
 127                         nss_result = NSS_STR_PARSE_PARSE;
 128                         goto result_auth2str;
 129                 }
 130                 buffer = be->buffer;
 131         } else
 132                 buffer = argp->buf.buffer;
 133         (void) snprintf(buffer, len, "%s:%s:%s:%s:%s:%s",
 134                         name[0], res1_str, res2_str, sdes_str,
 135                         ldes_str, attr_str);
 136         /* The front end marshaller doesn't need the trailing null */
 137         if (argp->buf.result != NULL)
 138                 be->buflen = strlen(be->buffer);
 139
 140 result_auth2str:
 141         (void) __ns_ldap_freeResult(&be->result);
 142         return ((int)nss_result);
 143 }
 144
 145
 146 static nss_status_t
 147 getbyname(ldap_backend_ptr be, void *a)
 148 {
 149         nss_XbyY_args_t *argp = (nss_XbyY_args_t *)a;
 150         char            searchfilter[SEARCHFILTERLEN];
 151         char            userdata[SEARCHFILTERLEN];
 152         char            name[SEARCHFILTERLEN];
 153         int             ret;
 154
 155         if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
 156                 return ((nss_status_t)NSS_NOTFOUND);
 157
 158         ret = snprintf(searchfilter, SEARCHFILTERLEN,
 159             _AUTH_GETAUTHNAME, name);
 160         if (ret >= sizeof (searchfilter) || ret < 0)
 161                 return ((nss_status_t)NSS_NOTFOUND);
 162
 163         ret = snprintf(userdata, sizeof (userdata),
 164             _AUTH_GETAUTHNAME_SSD, name);
 165         if (ret >= sizeof (userdata) || ret < 0)
 166                 return ((nss_status_t)NSS_NOTFOUND);
 167
 168         return ((nss_status_t)_nss_ldap_lookup(be, argp,
 169             _AUTHATTR, searchfilter, NULL, _merge_SSD_filter, userdata));
 170 }
 171
 172
 173 static ldap_backend_op_t authattr_ops[] = {
 174         _nss_ldap_destr,
 175         _nss_ldap_endent,
 176         _nss_ldap_setent,
 177         _nss_ldap_getent,
 178         getbyname
 179 };
 180
 181
 182 /*ARGSUSED0*/
 183 nss_backend_t *
 184 _nss_ldap_auth_attr_constr(const char *dummy1,
 185     const char *dummy2,
 186     const char *dummy3,
 187     const char *dummy4,
 188     const char *dummy5)
 189 {
 190         return ((nss_backend_t *)_nss_ldap_constr(authattr_ops,
 191                 sizeof (authattr_ops)/sizeof (authattr_ops[0]), _AUTHATTR,
 192                 auth_attrs, _nss_ldap_auth2str));
 193 }