Print this page
2989 Eliminate use of LOGNAME_MAX in ON
1166 useradd have warning with name more 8 chars
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/nsswitch/ldap/common/getnetgrent.c
+++ new/usr/src/lib/nsswitch/ldap/common/getnetgrent.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 + * Copyright (c) 2013 Gary Mills
23 + *
22 24 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 25 * Use is subject to license terms.
24 26 */
25 27
26 28
27 29 #include <syslog.h>
28 30 #include "ldap_common.h"
29 31
30 32 /* netgroup attributes filters */
31 33 #define _N_TRIPLE "nisnetgrouptriple"
32 34 #define _N_MEMBER "membernisnetgroup"
33 35
34 36 #define PRINT_VAL(a) (((a).argc == 0) || ((a).argv == NULL) || \
35 37 ((a).argv[0] == NULL)) ? "*" : (a).argv[0]
36 38 #define ISNULL(a) (a == NULL ? "<NULL>" : a)
37 39 #define MAX_DOMAIN_LEN 1024
40 +#ifdef LOGNAME_MAX_ILLUMOS
41 +#define MAX_TRIPLE_LEN (MAXHOSTNAMELEN + LOGNAME_MAX_ILLUMOS + \
42 + MAX_DOMAIN_LEN + 5)
43 +#else /* LOGNAME_MAX_ILLUMOS */
38 44 #define MAX_TRIPLE_LEN (MAXHOSTNAMELEN + LOGNAME_MAX + \
39 45 MAX_DOMAIN_LEN + 5)
46 +#endif /* LOGNAME_MAX_ILLUMOS */
40 47
41 48 #define _F_SETMEMBER "(&(objectClass=nisNetGroup)(cn=%s))"
42 49 #define _F_SETMEMBER_SSD "(&(%%s)(cn=%s))"
43 50
44 51 #define N_HASH 257
45 52 #define COMMA ','
46 53
47 54 static const char *netgrent_attrs[] = {
48 55 _N_TRIPLE,
49 56 _N_MEMBER,
50 57 (char *)NULL
51 58 };
52 59
53 60 typedef struct netgroup_name {
54 61 char *name;
55 62 struct netgroup_name *next;
56 63 struct netgroup_name *next_hash;
57 64 } netgroup_name_t;
58 65
59 66 typedef struct {
60 67 netgroup_name_t *hash_list[N_HASH];
61 68 netgroup_name_t *to_do;
62 69 netgroup_name_t *done;
63 70 } netgroup_table_t;
64 71
65 72 typedef struct {
66 73 ns_ldap_result_t *results;
67 74 ns_ldap_entry_t *entry;
68 75 char **attrs;
69 76 char *netgroup;
70 77 netgroup_table_t tab;
71 78 } getnetgrent_cookie_t;
72 79
73 80 typedef struct {
74 81 struct nss_innetgr_args *ia;
75 82 const char *ssd_filter;
76 83 const char *netgrname;
77 84 const char *membername;
78 85 netgroup_table_t tab;
79 86 } innetgr_cookie_t;
80 87
81 88 typedef unsigned int hash_t;
82 89
83 90 static hash_t
84 91 get_hash(const char *s)
85 92 {
86 93 unsigned int sum = 0;
87 94 unsigned int i;
88 95
89 96 for (i = 0; s[i] != '\0'; i++)
90 97 sum += ((unsigned char *)s)[i];
91 98
92 99 return ((sum + i) % N_HASH);
93 100 }
94 101
95 102 /*
96 103 * Adds a name to the netgroup table
97 104 *
98 105 * Returns
99 106 * 0 if successfully added or already present
100 107 * -1 if memory allocation error or NULL netgroup_table_t
101 108 * from caller.
102 109 */
103 110
104 111 static int
105 112 add_netgroup_name(const char *name, netgroup_table_t *tab)
106 113 {
107 114 hash_t h;
108 115 netgroup_name_t *ng;
109 116 netgroup_name_t *ng_new;
110 117
111 118 if (tab == NULL) {
112 119 /*
113 120 * Should never happen. But if it does,
114 121 * that's an error condition.
115 122 */
116 123 return (-1);
117 124 }
118 125 if (name == NULL || *name == '\0') {
119 126 /* no name to add means success */
120 127 return (0);
121 128 }
122 129
123 130 h = get_hash(name);
124 131 ng = tab->hash_list[h];
125 132
126 133 while (ng != NULL) {
127 134 if (strcmp(name, ng->name) == 0)
128 135 break;
129 136 ng = ng->next_hash;
130 137 }
131 138
132 139 if (ng == NULL) {
133 140 ng_new = (netgroup_name_t *)
134 141 calloc(1, sizeof (netgroup_name_t));
135 142 if (ng_new == NULL)
136 143 return (-1);
137 144 ng_new->name = strdup(name);
138 145 if (ng_new->name == NULL) {
139 146 free(ng_new);
140 147 return (-1);
141 148 }
142 149 ng_new->next_hash = tab->hash_list[h];
143 150 tab->hash_list[h] = ng_new;
144 151 ng_new->next = tab->to_do;
145 152 tab->to_do = ng_new;
146 153 }
147 154 return (0);
148 155 }
149 156
150 157 static netgroup_name_t *
151 158 get_next_netgroup(netgroup_table_t *tab)
152 159 {
153 160 netgroup_name_t *ng;
154 161
155 162 if (tab == NULL)
156 163 return (NULL);
157 164
158 165 ng = tab->to_do;
159 166 if (ng != NULL) {
160 167 tab->to_do = ng->next;
161 168 ng->next = tab->done;
162 169 tab->done = ng;
163 170 }
164 171 return (ng);
165 172 }
166 173
167 174 static void
168 175 free_netgroup_table(netgroup_table_t *tab)
169 176 {
170 177 netgroup_name_t *ng, *next;
171 178
172 179 if (tab == NULL)
173 180 return;
174 181
175 182 for (ng = tab->to_do; ng != NULL; ng = next) {
176 183 if (ng->name != NULL)
177 184 free(ng->name);
178 185 next = ng->next;
179 186 free(ng);
180 187 }
181 188
182 189 for (ng = tab->done; ng != NULL; ng = next) {
183 190 if (ng->name != NULL)
184 191 free(ng->name);
185 192 next = ng->next;
186 193 free(ng);
187 194 }
188 195 (void) memset(tab, 0, sizeof (*tab));
189 196 }
190 197
191 198 /*
192 199 * domain comparing routine
193 200 * n1: See if n1 is n2 or an ancestor of it
194 201 * n2: (in string terms, n1 is a suffix of n2)
195 202 * Returns ZERO for success, -1 for failure.
196 203 */
197 204 static int
198 205 domcmp(const char *n1, const char *n2)
199 206 {
200 207 #define PASS 0
201 208 #define FAIL -1
202 209
203 210 size_t l1, l2;
204 211
205 212 if ((n1 == NULL) || (n2 == NULL))
206 213 return (FAIL);
207 214
208 215 l1 = strlen(n1);
209 216 l2 = strlen(n2);
210 217
211 218 /* Turn a blind eye to the presence or absence of trailing periods */
212 219 if (l1 != 0 && n1[l1 - 1] == '.') {
213 220 --l1;
214 221 }
215 222 if (l2 != 0 && n2[l2 - 1] == '.') {
216 223 --l2;
217 224 }
218 225 if (l1 > l2) { /* Can't be a suffix */
219 226 return (FAIL);
220 227 } else if (l1 == 0) { /* Trivially a suffix; */
221 228 /* (do we want this case?) */
222 229 return (PASS);
223 230 }
224 231 /* So 0 < l1 <= l2 */
225 232 if (l1 < l2 && n2[l2 - l1 - 1] != '.') {
226 233 return (FAIL);
227 234 }
228 235 if (strncasecmp(n1, &n2[l2 - l1], l1) == 0) {
229 236 return (PASS);
230 237 } else {
231 238 return (FAIL);
232 239 }
233 240 }
234 241
235 242 static int
236 243 split_triple(char *triple, char **hostname, char **username, char **domain)
237 244 {
238 245 int i, syntax_err;
239 246 char *splittriple[3];
240 247 char *p = triple;
241 248
242 249 #ifdef DEBUG
243 250 (void) fprintf(stdout, "\n[getnetgrent.c: split_triple]\n");
244 251 #endif /* DEBUG */
245 252
246 253 if (triple == NULL)
247 254 return (-1);
248 255
249 256 p++;
250 257 syntax_err = 0;
251 258 for (i = 0; i < 3; i++) {
252 259 char *start;
253 260 char *limit;
254 261 const char *terminators = ",) \t";
255 262
256 263 if (i == 2) {
257 264 /* Don't allow comma */
258 265 terminators++;
259 266 }
260 267 while (isspace(*p)) {
261 268 p++;
262 269 }
263 270 start = p;
264 271 limit = strpbrk(start, terminators);
265 272 if (limit == 0) {
266 273 syntax_err++;
267 274 break;
268 275 }
269 276 p = limit;
270 277 while (isspace(*p)) {
271 278 p++;
272 279 }
273 280 if (*p == terminators[0]) {
274 281 /*
275 282 * Successfully parsed this name and
276 283 * the separator after it (comma or
277 284 * right paren); leave p ready for
278 285 * next parse.
279 286 */
280 287 p++;
281 288 if (start == limit) {
282 289 /* Wildcard */
283 290 splittriple[i] = NULL;
284 291 } else {
285 292 *limit = '\0';
286 293 splittriple[i] = start;
287 294 }
288 295 } else {
289 296 syntax_err++;
290 297 break;
291 298 }
292 299 }
293 300
294 301 if (syntax_err != 0)
295 302 return (-1);
296 303
297 304 *hostname = splittriple[0];
298 305 *username = splittriple[1];
299 306 *domain = splittriple[2];
300 307
301 308 return (0);
302 309 }
303 310
304 311 /*
305 312 * Test membership in triple
306 313 * return 0 = no match
307 314 * return 1 = match
308 315 */
309 316
310 317 static int
311 318 match_triple_entry(struct nss_innetgr_args *ia, const ns_ldap_entry_t *entry)
312 319 {
313 320 int ndomains;
314 321 char **pdomains;
315 322 int nhost;
316 323 char **phost;
317 324 int nusers;
318 325 char **pusers;
319 326 char **attr;
320 327 char triple[MAX_TRIPLE_LEN];
321 328 char *tuser, *thost, *tdomain;
322 329 int i;
323 330 char *current, *limit;
324 331 int pulen, phlen;
325 332 char *pusers0, *phost0;
326 333
327 334 nhost = ia->arg[NSS_NETGR_MACHINE].argc;
328 335 phost = (char **)ia->arg[NSS_NETGR_MACHINE].argv;
329 336 if (phost == NULL || *phost == NULL) {
330 337 nhost = 0;
331 338 } else {
332 339 phost0 = phost[0];
333 340 phlen = strlen(phost0);
334 341 #ifdef DEBUG
335 342 syslog(LOG_DEBUG, "nss_ldap: match_triple_entry: "
336 343 "entering with host: %s", phost0 ? phost0 : "");
337 344 #endif
338 345 }
339 346 nusers = ia->arg[NSS_NETGR_USER].argc;
340 347 pusers = (char **)ia->arg[NSS_NETGR_USER].argv;
341 348 if (pusers == NULL || *pusers == NULL) {
342 349 nusers = 0;
343 350 } else {
344 351 pusers0 = pusers[0];
345 352 pulen = strlen(pusers0);
346 353 #ifdef DEBUG
347 354 syslog(LOG_DEBUG, "nss_ldap: match_triple_entry: "
348 355 "entering with user: %s", pusers0 ? pusers0 : "");
349 356 #endif
350 357 }
351 358 ndomains = ia->arg[NSS_NETGR_DOMAIN].argc;
352 359 pdomains = (char **)ia->arg[NSS_NETGR_DOMAIN].argv;
353 360 if (pdomains == NULL || *pdomains == NULL)
354 361 ndomains = 0;
355 362 #ifdef DEBUG
356 363 else
357 364 syslog(LOG_DEBUG, "nss_ldap: match_triple_entry: "
358 365 "entering with domain: %s", pdomains[0] ? pdomains[0] : "");
359 366 #endif
360 367
361 368 attr = __ns_ldap_getAttr(entry, _N_TRIPLE);
362 369 if (attr == NULL || *attr == NULL)
363 370 return (0);
364 371
365 372 #ifdef DEBUG
366 373 syslog(LOG_DEBUG, "nss_ldap: match_triple_entry: "
367 374 "(nusers: %d, nhost:%d, ndomains: %d)",
368 375 nusers, nhost, ndomains);
369 376 #endif
370 377
371 378 /* Special cases for speedup */
372 379 if (nusers == 1 && nhost == 0 && ndomains == 0) {
373 380 /* Special case for finding a single user in a netgroup */
374 381 for (; *attr; attr++) {
375 382 /* jump to first comma and check next character */
376 383 current = *attr;
377 384 #ifdef DEBUG
378 385 syslog(LOG_DEBUG, "nss_ldap: match_triple_entry: "
379 386 "current is: %s", current);
380 387 #endif
381 388 if ((current = strchr(current, COMMA)) == NULL)
382 389 continue;
383 390 current++;
384 391
385 392 /* skip whitespaces */
386 393 while (isspace(*current))
387 394 current++;
388 395
389 396 /* if user part is null, then treat as wildcard */
390 397 if (*current == COMMA)
391 398 return (1);
392 399
393 400 /* compare first character */
394 401 if (*pusers0 != *current)
395 402 continue;
396 403
397 404 /* limit username to COMMA */
398 405 if ((limit = strchr(current, COMMA)) == NULL)
399 406 continue;
400 407 *limit = '\0';
401 408
402 409 /* remove blanks before COMMA */
403 410 if ((limit = strpbrk(current, " \t")) != NULL)
404 411 *limit = '\0';
405 412
406 413 /* compare size of username */
407 414 if (pulen != strlen(current)) {
408 415 continue;
409 416 }
410 417
411 418 /* do actual compare */
412 419 if (strncmp(pusers0, current, pulen) == 0) {
413 420 return (1);
414 421 } else {
415 422 continue;
416 423 }
417 424 }
418 425 } else if (nusers == 0 && nhost == 1 && ndomains == 0) {
419 426 /* Special case for finding a single host in a netgroup */
420 427 for (; *attr; attr++) {
421 428
422 429 /* jump to first character and check */
423 430 current = *attr;
424 431 #ifdef DEBUG
425 432 syslog(LOG_DEBUG, "nss_ldap: match_triple_entry: "
426 433 "current is: %s", current);
427 434 #endif
428 435 current++;
429 436
430 437 /* skip whitespaces */
431 438 while (isspace(*current))
432 439 current++;
433 440
434 441 /* if host part is null, then treat as wildcard */
435 442 if (*current == COMMA)
436 443 return (1);
437 444
438 445 /* limit hostname to COMMA */
439 446 if ((limit = strchr(current, COMMA)) == NULL)
440 447 continue;
441 448 *limit = '\0';
442 449
443 450 /* remove blanks before COMMA */
444 451 if ((limit = strpbrk(current, " \t")) != NULL)
445 452 *limit = '\0';
446 453
447 454 /* compare size of hostname */
448 455 if (phlen != strlen(current)) {
449 456 continue;
450 457 }
451 458
452 459 /* do actual compare */
453 460 if (strncasecmp(phost0, current, phlen) == 0) {
454 461 return (1);
455 462 } else {
456 463 continue;
457 464 }
458 465 }
459 466 } else {
460 467 for (; *attr; attr++) {
461 468 if (strlcpy(triple, *attr,
462 469 sizeof (triple)) >= sizeof (triple))
463 470 continue;
464 471 #ifdef DEBUG
465 472 syslog(LOG_DEBUG, "nss_ldap: match_triple_entry: "
466 473 "triple is: %s", triple);
467 474 #endif
468 475 if (split_triple(triple, &thost, &tuser, &tdomain) != 0)
469 476 continue;
470 477 if (thost != NULL && *thost != '\0' && nhost != 0) {
471 478 for (i = 0; i < nhost; i++)
472 479 if (strcasecmp(thost, phost[i]) == 0)
473 480 break;
474 481 if (i == nhost)
475 482 continue;
476 483 }
477 484 if (tuser != NULL && *tuser != '\0' && nusers != 0) {
478 485 for (i = 0; i < nusers; i++)
479 486 if (strcmp(tuser, pusers[i]) == 0)
480 487 break;
481 488 if (i == nusers)
482 489 continue;
483 490 }
484 491 if (tdomain != NULL && *tdomain != '\0' &&
485 492 ndomains != 0) {
486 493 for (i = 0; i < ndomains; i++)
487 494 if (domcmp(tdomain, pdomains[i]) == 0)
488 495 break;
489 496 if (i == ndomains)
490 497 continue;
491 498 }
492 499 return (1);
493 500 }
494 501 }
495 502
496 503 return (0);
497 504 }
498 505
499 506 static int
500 507 match_triple(struct nss_innetgr_args *ia, ns_ldap_result_t *result)
501 508 {
502 509 ns_ldap_entry_t *entry;
503 510
504 511 for (entry = result->entry; entry != NULL; entry = entry->next)
505 512 if (match_triple_entry(ia, entry) == 1)
506 513 return (1);
507 514
508 515 return (0);
509 516 }
510 517
511 518 static int
512 519 add_netgroup_member_entry(ns_ldap_entry_t *entry, netgroup_table_t *tab)
513 520 {
514 521 char **attrs;
515 522 char **a;
516 523
517 524 attrs = __ns_ldap_getAttr(entry, _N_MEMBER);
518 525 if (attrs == NULL || *attrs == NULL)
519 526 return (0);
520 527
521 528 for (a = attrs; *a != NULL; a++) {}
522 529
523 530 do {
524 531 a--;
525 532 if (add_netgroup_name(*a, tab) != 0)
526 533 return (-1);
527 534 } while (a > attrs);
528 535 return (0);
529 536 }
530 537
531 538 static int
532 539 add_netgroup_member(ns_ldap_result_t *result, netgroup_table_t *tab)
533 540 {
534 541 ns_ldap_entry_t *entry;
535 542 int ret = 0;
536 543
537 544 for (entry = result->entry; entry != NULL; entry = entry->next) {
538 545 ret = add_netgroup_member_entry(entry, tab);
539 546 if (ret != 0)
540 547 break;
541 548 }
542 549 return (ret);
543 550 }
544 551
545 552 /*
546 553 * top_down_search checks only checks the netgroup specified in netgrname
547 554 */
548 555 static nss_status_t
549 556 top_down_search(struct nss_innetgr_args *ia, char *netgrname)
550 557 {
551 558 char searchfilter[SEARCHFILTERLEN];
552 559 char name[SEARCHFILTERLEN];
553 560 char userdata[SEARCHFILTERLEN];
554 561 ns_ldap_result_t *result = NULL;
555 562 ns_ldap_error_t *error = NULL;
556 563 int rc;
557 564 nss_status_t status = NSS_NOTFOUND;
558 565 nss_status_t status1;
559 566 netgroup_table_t tab;
560 567 netgroup_name_t *ng;
561 568 int ret;
562 569
563 570 (void) memset(&tab, 0, sizeof (tab));
564 571
565 572 if (add_netgroup_name(netgrname, &tab) != 0)
566 573 return ((nss_status_t)NSS_NOTFOUND);
567 574
568 575 while ((ng = get_next_netgroup(&tab)) != NULL) {
569 576 #ifdef DEBUG
570 577 syslog(LOG_DEBUG, "nss_ldap: top_down_search: netgroup loop "
571 578 "(ng->name: %s)", ng->name ? ng->name : "null !");
572 579 #endif
573 580 if (_ldap_filter_name(name, ng->name, sizeof (name)) != 0)
574 581 break;
575 582 ret = snprintf(searchfilter, sizeof (searchfilter),
576 583 _F_SETMEMBER, name);
577 584 if (ret >= sizeof (searchfilter) || ret < 0)
578 585 break;
579 586
580 587 ret = snprintf(userdata, sizeof (userdata), _F_SETMEMBER_SSD,
581 588 name);
582 589 if (ret >= sizeof (userdata) || ret < 0)
583 590 break;
584 591
585 592 /* searching for current netgroup name entry */
586 593 rc = __ns_ldap_list(_NETGROUP, searchfilter,
587 594 _merge_SSD_filter, netgrent_attrs, NULL, 0, &result,
588 595 &error, NULL, userdata);
589 596
590 597 if (error != NULL) {
591 598 status1 = switch_err(rc, error);
592 599 if (status1 == NSS_TRYAGAIN) {
593 600 (void) __ns_ldap_freeError(&error);
594 601 free_netgroup_table(&tab);
595 602 return (status1);
596 603 }
597 604 }
598 605
599 606 (void) __ns_ldap_freeError(&error);
600 607 if (rc == NS_LDAP_SUCCESS) {
601 608 if (match_triple(ia, result) == 1) {
602 609 /* We found a match */
603 610 ia->status = NSS_NETGR_FOUND;
604 611 status = NSS_SUCCESS;
605 612 #ifdef DEBUG
606 613 syslog(LOG_DEBUG, "nss_ldap: top_down_search: "
607 614 "found match");
608 615 #endif
609 616 break;
610 617 }
611 618
612 619 /*
613 620 * No match found. Check for membernisnetgroup
614 621 * in result and if yes, start again with those.
615 622 */
616 623 rc = add_netgroup_member(result, &tab);
617 624 if (rc != 0)
618 625 break;
619 626 } else if (rc != NS_LDAP_NOTFOUND) {
620 627 break;
621 628 }
622 629 (void) __ns_ldap_freeResult(&result);
623 630 }
624 631
625 632 (void) __ns_ldap_freeResult(&result);
626 633 free_netgroup_table(&tab);
627 634 return (status);
628 635 }
629 636
630 637 /*
631 638 * __netgr_in checks only checks the netgroup specified in ngroup
632 639 */
633 640 static nss_status_t
634 641 __netgr_in(void *a, char *netgrname)
635 642 {
636 643 struct nss_innetgr_args *ia = (struct nss_innetgr_args *)a;
637 644 nss_status_t status = NSS_NOTFOUND;
638 645
639 646 #ifdef DEBUG
640 647 (void) fprintf(stdout, "\n[getnetgrent.c: netgr_in]\n");
641 648 (void) fprintf(stdout, "\tmachine: argc[%d]='%s' user: "
642 649 "argc[%d]='%s',\n\tdomain:argc[%d]='%s' "
643 650 "netgroup: argc[%d]='%s'\n",
644 651 NSS_NETGR_MACHINE,
645 652 PRINT_VAL(ia->arg[NSS_NETGR_MACHINE]),
646 653 NSS_NETGR_USER,
647 654 PRINT_VAL(ia->arg[NSS_NETGR_USER]),
648 655 NSS_NETGR_DOMAIN,
649 656 PRINT_VAL(ia->arg[NSS_NETGR_DOMAIN]),
650 657 NSS_NETGR_N,
651 658 PRINT_VAL(ia->arg[NSS_NETGR_N]));
652 659 (void) fprintf(stdout, "\tgroups='%s'\n", netgrname);
653 660 #endif /* DEBUG */
654 661
655 662 ia->status = NSS_NETGR_NO;
656 663
657 664 if (netgrname == NULL)
658 665 return (status);
659 666
660 667 return (top_down_search(ia, netgrname));
661 668 }
662 669
663 670 /*ARGSUSED0*/
664 671 static nss_status_t
665 672 netgr_in(ldap_backend_ptr be, void *a)
666 673 {
667 674 struct nss_innetgr_args *ia = (struct nss_innetgr_args *)a;
668 675 int i;
669 676 nss_status_t rc = (nss_status_t)NSS_NOTFOUND;
670 677
671 678 ia->status = NSS_NETGR_NO;
672 679 for (i = 0; i < ia->groups.argc; i++) {
673 680 rc = __netgr_in(a, ia->groups.argv[i]);
674 681 if (ia->status == NSS_NETGR_FOUND)
675 682 return (NSS_SUCCESS);
676 683 }
677 684 return (rc);
678 685 }
679 686
680 687 /*
681 688 *
682 689 */
683 690
684 691 static nss_status_t
685 692 getnetgr_ldap_setent(ldap_backend_ptr be, void *a)
686 693 {
687 694 const char *netgroup = (const char *) a;
688 695 getnetgrent_cookie_t *cookie;
689 696
690 697 #ifdef DEBUG
691 698 (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_setent]\n");
692 699 #endif /* DEBUG */
693 700
694 701 cookie = (getnetgrent_cookie_t *)be->netgroup_cookie;
695 702 if (cookie != NULL && cookie->netgroup != NULL) {
696 703 /* is this another set on the same netgroup */
697 704 if (strcmp(cookie->netgroup, netgroup) == 0)
698 705 return ((nss_status_t)NSS_SUCCESS);
699 706 }
700 707
701 708 return (NSS_NOTFOUND);
702 709 }
703 710
704 711 static void
705 712 free_getnetgrent_cookie(getnetgrent_cookie_t **cookie)
706 713 {
707 714 getnetgrent_cookie_t *p = *cookie;
708 715
709 716 #ifdef DEBUG
710 717 (void) fprintf(stdout, "\n[getnetgrent.c: free_getnetgrent_cookie]\n");
711 718 #endif /* DEBUG */
712 719
713 720 if (p == NULL)
714 721 return;
715 722
716 723 (void) __ns_ldap_freeResult(&p->results);
717 724 free_netgroup_table(&p->tab);
718 725 free(p->netgroup);
719 726 free(p);
720 727 *cookie = NULL;
721 728 }
722 729
723 730 /*ARGSUSED1*/
724 731 static nss_status_t
725 732 getnetgr_ldap_endent(ldap_backend_ptr be, void *a)
726 733 {
727 734
728 735 #ifdef DEBUG
729 736 (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_endent]\n");
730 737 #endif /* DEBUG */
731 738
732 739 free_getnetgrent_cookie((getnetgrent_cookie_t **)&be->netgroup_cookie);
733 740
734 741 return ((nss_status_t)NSS_NOTFOUND);
735 742 }
736 743
737 744
738 745 /*ARGSUSED1*/
739 746 static nss_status_t
740 747 getnetgr_ldap_destr(ldap_backend_ptr be, void *a)
741 748 {
742 749
743 750 #ifdef DEBUG
744 751 (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_destr]\n");
745 752 #endif /* DEBUG */
746 753
747 754 free_getnetgrent_cookie((getnetgrent_cookie_t **)&be->netgroup_cookie);
748 755 free(be);
749 756
750 757 return ((nss_status_t)NSS_NOTFOUND);
751 758 }
752 759
753 760
754 761 static nss_status_t
755 762 getnetgr_ldap_getent(ldap_backend_ptr be, void *a)
756 763 {
757 764 struct nss_getnetgrent_args *args;
758 765 getnetgrent_cookie_t *p;
759 766 char searchfilter[SEARCHFILTERLEN];
760 767 char userdata[SEARCHFILTERLEN];
761 768 char name[SEARCHFILTERLEN];
762 769 int rc;
763 770 ns_ldap_result_t *result = NULL;
764 771 ns_ldap_error_t *error = NULL;
765 772 char **attrs;
766 773 char *hostname, *username, *domain;
767 774 char *buffer;
768 775 nss_status_t status = NSS_SUCCESS;
769 776 netgroup_name_t *ng;
770 777 int ret;
771 778
772 779 #ifdef DEBUG
773 780 (void) fprintf(stdout, "\n[getnetgrent.c: getnetgr_ldap_getent]\n");
774 781 #endif /* DEBUG */
775 782
776 783 args = (struct nss_getnetgrent_args *)a;
777 784
778 785 args->status = NSS_NETGR_NO;
779 786
780 787 p = (getnetgrent_cookie_t *)be->netgroup_cookie;
781 788 if (p == NULL)
782 789 return ((nss_status_t)NSS_SUCCESS);
783 790
784 791 for (;;) {
785 792 /*
786 793 * Search through each netgroup consecutively: only search
787 794 * next netgroup when results from previous netgroup are
788 795 * processed.
789 796 * Needed for nested netgroup (memberNisNetgroup attributes).
790 797 */
791 798 if (p->results == NULL) {
792 799 if ((ng = get_next_netgroup(&p->tab)) != NULL) {
793 800 if (_ldap_filter_name(name, ng->name,
794 801 sizeof (name)) != 0)
795 802 break;
796 803
797 804 ret = snprintf(searchfilter,
798 805 sizeof (searchfilter),
799 806 _F_SETMEMBER, name);
800 807 if (ret >= sizeof (searchfilter) || ret < 0)
801 808 break;
802 809
803 810 #ifdef DEBUG
804 811 syslog(LOG_DEBUG, "nss_ldap: "
805 812 "getnetgr_ldap_getent: "
806 813 "netgroup name: %s", name);
807 814 #endif
808 815 ret = snprintf(userdata, sizeof (userdata),
809 816 _F_SETMEMBER_SSD, name);
810 817 if (ret >= sizeof (userdata) || ret < 0)
811 818 break;
812 819
813 820 result = NULL;
814 821 rc = __ns_ldap_list(_NETGROUP, searchfilter,
815 822 _merge_SSD_filter, netgrent_attrs, NULL,
816 823 0, &result, &error, NULL, userdata);
817 824 (void) __ns_ldap_freeError(&error);
818 825
819 826 if (rc == NS_LDAP_SUCCESS && result != NULL) {
820 827 p->results = result;
821 828 } else {
822 829 #ifdef DEBUG
823 830 syslog(LOG_DEBUG, "nss_ldap: "
824 831 "getnetgr_ldap_getent: "
825 832 "__ns_ldap_list() returned %d "
826 833 "(result: 0x%x)", rc, result);
827 834 #endif
828 835 /*
829 836 * Will exit when no more netgroup
830 837 * to search and no more p->results
831 838 * to process.
832 839 */
833 840 (void) __ns_ldap_freeResult(&result);
834 841 }
835 842 } else { /* no more netgroup to process */
836 843 /*
837 844 * If no more results to process, and since
838 845 * there's no more netgroup to process either,
839 846 * then it's time to break and exit the for
840 847 * loop.
841 848 */
842 849 #ifdef DEBUG
843 850 syslog(LOG_DEBUG, "nss_ldap: "
844 851 "getnetgr_ldap_getent: no more netgroup "
845 852 "to process, p->results: 0x%x",
846 853 p->results);
847 854 #endif
848 855 if (p->results == NULL)
849 856 break;
850 857 }
851 858 }
852 859 if (p->results == NULL)
853 860 continue;
854 861
855 862 if (p->entry == NULL)
856 863 p->entry = p->results->entry;
857 864
858 865 if (p->entry == NULL)
859 866 continue;
860 867
861 868 if (p->attrs == NULL) {
862 869 attrs = __ns_ldap_getAttr(p->entry, _N_TRIPLE);
863 870 if (attrs != NULL && *attrs != NULL)
864 871 p->attrs = attrs;
865 872 }
866 873
867 874 if (p->attrs != NULL) {
868 875 attrs = p->attrs;
869 876 buffer = args->buffer;
870 877
871 878 if (strlcpy(buffer, *attrs, args->buflen) >=
872 879 args->buflen) {
873 880 status = NSS_STR_PARSE_ERANGE;
874 881 break;
875 882 }
876 883
877 884 rc = split_triple(buffer, &hostname, &username,
878 885 &domain);
879 886 attrs++;
880 887 if (attrs != NULL && *attrs != NULL)
881 888 p->attrs = attrs;
882 889 else
883 890 p->attrs = NULL;
884 891 if (rc == 0) {
885 892 args->retp[NSS_NETGR_MACHINE] = hostname;
886 893 args->retp[NSS_NETGR_USER] = username;
887 894 args->retp[NSS_NETGR_DOMAIN] = domain;
888 895 args->status = NSS_NETGR_FOUND;
889 896 #ifdef DEBUG
890 897 syslog(LOG_DEBUG, "nss_ldap: "
891 898 "getnetgr_ldap_getent: found triple "
892 899 "(%s, %s, %s), 0x%x to process",
893 900 hostname ? hostname : "",
894 901 username ? username : "",
895 902 domain ? domain : "",
896 903 p->attrs);
897 904 #endif
898 905 if (p->attrs != NULL)
899 906 break;
900 907 }
901 908 }
902 909
903 910 if (p->attrs == NULL) {
904 911 rc = add_netgroup_member_entry(p->entry, &p->tab);
905 912 if (rc != 0) {
906 913 args->status = NSS_NETGR_NO;
907 914 break;
908 915 }
909 916
910 917 p->entry = p->entry->next;
911 918 if (p->entry == NULL)
912 919 (void) __ns_ldap_freeResult(&p->results);
913 920 if (args->status == NSS_NETGR_FOUND)
914 921 break;
915 922 }
916 923 }
917 924
918 925 return (status);
919 926 }
920 927
921 928 static ldap_backend_op_t getnetgroup_ops[] = {
922 929 getnetgr_ldap_destr,
923 930 getnetgr_ldap_endent,
924 931 getnetgr_ldap_setent,
925 932 getnetgr_ldap_getent,
926 933 };
927 934
928 935 /*
929 936 *
930 937 */
931 938
932 939 static nss_status_t
933 940 netgr_set(ldap_backend_ptr be, void *a)
934 941 {
935 942 struct nss_setnetgrent_args *args =
936 943 (struct nss_setnetgrent_args *)a;
937 944 ldap_backend_ptr get_be;
938 945 getnetgrent_cookie_t *p;
939 946
940 947 #ifdef DEBUG
941 948 (void) fprintf(stdout, "\n[getnetgrent.c: netgr_set]\n");
942 949 (void) fprintf(stdout,
943 950 "\targs->netgroup: %s\n", ISNULL(args->netgroup));
944 951 #endif /* DEBUG */
945 952
946 953 if (args->netgroup == NULL)
947 954 return ((nss_status_t)NSS_NOTFOUND);
948 955
949 956 free_getnetgrent_cookie((getnetgrent_cookie_t **)&be->netgroup_cookie);
950 957 p = (getnetgrent_cookie_t *)calloc(1, sizeof (getnetgrent_cookie_t));
951 958 if (p == NULL)
952 959 return ((nss_status_t)NSS_NOTFOUND);
953 960 p->netgroup = strdup(args->netgroup);
954 961 if (p->netgroup == NULL) {
955 962 free(p);
956 963 return ((nss_status_t)NSS_NOTFOUND);
957 964 }
958 965 if (add_netgroup_name(args->netgroup, &p->tab) == -1) {
959 966 free_getnetgrent_cookie(&p);
960 967 return ((nss_status_t)NSS_NOTFOUND);
961 968 }
962 969
963 970 /* now allocate and return iteration backend structure */
964 971 if ((get_be = (ldap_backend_ptr)malloc(sizeof (*get_be))) == NULL)
965 972 return (NSS_UNAVAIL);
966 973 get_be->ops = getnetgroup_ops;
967 974 get_be->nops = sizeof (getnetgroup_ops) / sizeof (getnetgroup_ops[0]);
968 975 get_be->tablename = NULL;
969 976 get_be->attrs = netgrent_attrs;
970 977 get_be->result = NULL;
971 978 get_be->ldapobj2str = NULL;
972 979 get_be->setcalled = 1;
973 980 get_be->filter = NULL;
974 981 get_be->toglue = NULL;
975 982 get_be->enumcookie = NULL;
976 983 get_be->netgroup_cookie = p;
977 984 args->iterator = (nss_backend_t *)get_be;
978 985
979 986 (void) __ns_ldap_freeResult(&be->result);
980 987
981 988 return (NSS_SUCCESS);
982 989 }
983 990
984 991
985 992 /*ARGSUSED1*/
986 993 static nss_status_t
987 994 netgr_ldap_destr(ldap_backend_ptr be, void *a)
988 995 {
989 996
990 997 #ifdef DEBUG
991 998 (void) fprintf(stdout, "\n[getnetgrent.c: netgr_ldap_destr]\n");
992 999 #endif /* DEBUG */
993 1000
994 1001 (void) _clean_ldap_backend(be);
995 1002
996 1003 return ((nss_status_t)NSS_NOTFOUND);
997 1004 }
998 1005
999 1006
1000 1007
1001 1008
1002 1009 static ldap_backend_op_t netgroup_ops[] = {
1003 1010 netgr_ldap_destr,
1004 1011 0,
1005 1012 0,
1006 1013 0,
1007 1014 netgr_in, /* innetgr() */
1008 1015 netgr_set /* setnetgrent() */
1009 1016 };
1010 1017
1011 1018
1012 1019 /*
1013 1020 * _nss_ldap_netgroup_constr is where life begins. This function calls the
1014 1021 * generic ldap constructor function to define and build the abstract data
1015 1022 * types required to support ldap operations.
1016 1023 */
1017 1024
1018 1025 /*ARGSUSED0*/
1019 1026 nss_backend_t *
1020 1027 _nss_ldap_netgroup_constr(const char *dummy1, const char *dummy2,
1021 1028 const char *dummy3)
1022 1029 {
1023 1030
1024 1031 #ifdef DEBUG
1025 1032 (void) fprintf(stdout,
1026 1033 "\n[getnetgrent.c: _nss_ldap_netgroup_constr]\n");
1027 1034 #endif /* DEBUG */
1028 1035
1029 1036 return ((nss_backend_t *)_nss_ldap_constr(netgroup_ops,
1030 1037 sizeof (netgroup_ops)/sizeof (netgroup_ops[0]), _NETGROUP,
1031 1038 netgrent_attrs, NULL));
1032 1039 }
|
↓ open down ↓ |
983 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX