6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 #include <grp.h>
29 #include "ldap_common.h"
30 #include <string.h>
31
32 /* String which may need to be removed from beginning of group password */
33 #define _CRYPT "{CRYPT}"
34 #define _NO_PASSWD_VAL ""
35
36 /* Group attributes filters */
37 #define _G_NAME "cn"
38 #define _G_GID "gidnumber"
39 #define _G_PASSWD "userpassword"
40 #define _G_MEMUID "memberuid"
41 #define _G_MEM_DN "member" /* DN */
42
43 #define _F_GETGRNAM "(&(objectClass=posixGroup)(cn=%s))"
44 #define _F_GETGRNAM_SSD "(&(%%s)(cn=%s))"
45 #define _F_GETGRGID "(&(objectClass=posixGroup)(gidNumber=%u))"
222 return (nss_result);
223 }
224
225 /*
226 * Process the list values from the "member" attribute of the
227 * current group. Note that this list is ONLY one that can be
228 * assumed to be non-empty. The problem here is that this list
229 * contains the list of members as "distinguished names" (DN),
230 * and we want the Unix names (known here as "uid"). We must
231 * lookup the "uid" for each DN in the member list. Example:
232 * CN=Doe\, John,OU=Users,DC=contoso,DC=com => john.doe
233 */
234 static int
235 getmembers_DN(char **bufpp, int *lenp, ns_ldap_attr_t *members)
236 {
237 ns_ldap_error_t *error = NULL;
238 char *member_dn, *member_uid;
239 char *buffer;
240 int buflen;
241 int i, len;
242 int nss_result = 0;
243 int firsttime;
244
245 buffer = *bufpp;
246 buflen = *lenp;
247 firsttime = (buffer[-1] == ':');
248
249 for (i = 0; i < members->value_count; i++) {
250 member_dn = members->attrvalue[i];
251 if (member_dn == NULL)
252 goto out;
253
254 /*
255 * The attribute name was "member", so these should be
256 * full distinguished names (DNs). We need to loookup
257 * the Unix UID (name) for each.
258 */
259 #ifdef DEBUG
260 (void) fprintf(stdout, "getmembers_DN: dn=%s\n",
261 member_dn);
262 #endif
263 if (member_dn[0] == '\0')
264 continue;
265
266 nss_result = __ns_ldap_dn2uid(member_dn,
267 &member_uid, NULL, &error);
268 if (nss_result != NS_LDAP_SUCCESS) {
269 (void) __ns_ldap_freeError(&error);
270 error = NULL;
271 continue;
272 }
273 #ifdef DEBUG
274 (void) fprintf(stdout, "getmembers_DN: uid=<%s>\n",
275 member_uid);
276 #endif
277 /* Skip invalid names. */
278 if (member_uid[0] == '\0' ||
279 strpbrk(member_uid, " ,:=") != NULL) {
280 free(member_uid);
281 continue;
282 }
283
284 if (firsttime) {
285 len = snprintf(buffer, buflen, "%s", member_uid);
286 firsttime = 0;
287 } else {
288 len = snprintf(buffer, buflen, ",%s", member_uid);
|
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
26 * Copyright 2020 Joyent, Inc.
27 */
28
29 #include <grp.h>
30 #include "ldap_common.h"
31 #include <string.h>
32
33 /* String which may need to be removed from beginning of group password */
34 #define _CRYPT "{CRYPT}"
35 #define _NO_PASSWD_VAL ""
36
37 /* Group attributes filters */
38 #define _G_NAME "cn"
39 #define _G_GID "gidnumber"
40 #define _G_PASSWD "userpassword"
41 #define _G_MEMUID "memberuid"
42 #define _G_MEM_DN "member" /* DN */
43
44 #define _F_GETGRNAM "(&(objectClass=posixGroup)(cn=%s))"
45 #define _F_GETGRNAM_SSD "(&(%%s)(cn=%s))"
46 #define _F_GETGRGID "(&(objectClass=posixGroup)(gidNumber=%u))"
223 return (nss_result);
224 }
225
226 /*
227 * Process the list values from the "member" attribute of the
228 * current group. Note that this list is ONLY one that can be
229 * assumed to be non-empty. The problem here is that this list
230 * contains the list of members as "distinguished names" (DN),
231 * and we want the Unix names (known here as "uid"). We must
232 * lookup the "uid" for each DN in the member list. Example:
233 * CN=Doe\, John,OU=Users,DC=contoso,DC=com => john.doe
234 */
235 static int
236 getmembers_DN(char **bufpp, int *lenp, ns_ldap_attr_t *members)
237 {
238 ns_ldap_error_t *error = NULL;
239 char *member_dn, *member_uid;
240 char *buffer;
241 int buflen;
242 int i, len;
243 int nss_result = 0; /* used by TEST_AND_ADJUST macro */
244 int firsttime;
245
246 buffer = *bufpp;
247 buflen = *lenp;
248 firsttime = (buffer[-1] == ':');
249
250 for (i = 0; i < members->value_count; i++) {
251 member_dn = members->attrvalue[i];
252 if (member_dn == NULL)
253 goto out;
254
255 /*
256 * The attribute name was "member", so these should be
257 * full distinguished names (DNs). We need to loookup
258 * the Unix UID (name) for each.
259 */
260 #ifdef DEBUG
261 (void) fprintf(stdout, "getmembers_DN: dn=%s\n",
262 member_dn);
263 #endif
264 if (member_dn[0] == '\0')
265 continue;
266
267 if (__ns_ldap_dn2uid(member_dn,
268 &member_uid, NULL, &error) != NS_LDAP_SUCCESS) {
269 (void) __ns_ldap_freeError(&error);
270 error = NULL;
271 continue;
272 }
273 #ifdef DEBUG
274 (void) fprintf(stdout, "getmembers_DN: uid=<%s>\n",
275 member_uid);
276 #endif
277 /* Skip invalid names. */
278 if (member_uid[0] == '\0' ||
279 strpbrk(member_uid, " ,:=") != NULL) {
280 free(member_uid);
281 continue;
282 }
283
284 if (firsttime) {
285 len = snprintf(buffer, buflen, "%s", member_uid);
286 firsttime = 0;
287 } else {
288 len = snprintf(buffer, buflen, ",%s", member_uid);
|