3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 #include <stdio.h>
26 #include <sys/types.h>
27 #include <stdlib.h>
28 #include <libintl.h>
29 #include <ctype.h>
30 #include <syslog.h>
31 #include <sys/stat.h>
32 #include <fcntl.h>
33 #include <unistd.h>
34 #include <string.h>
35 #include <strings.h>
36 #include <priv.h>
37
38 #include "ns_sldap.h"
39 #include "ns_internal.h"
40 #include "ns_cache_door.h"
41 #include "ns_connmgmt.h"
42
210 * is converted to
211 * dn: cn=aaa+iphostnumber=9.9.9.9,dc=central,dc=sun,dc=com
212 *
213 * Input - service: e.g. hosts, passwd etc.
214 * dn: the value of a distinguished name
215 * Return - NULL: error
216 * non-NULL: A converted DN and the memory is allocated
217 */
218 static char *
219 _cvtDN(const char *service, const char *dn) {
220 char **mapped_rdns;
221 char **rdns, *new_rdn, *new_dn = NULL;
222 int nRdn = 0, i, len = 0, rdn_mapped;
223
224 if (service == NULL || dn == NULL)
225 return (NULL);
226
227 if ((rdns = ldap_explode_dn(dn, 0)) == NULL)
228 return (NULL);
229
230 for (nRdn = 0; rdns[nRdn] != NULL; nRdn++);
231
232 if ((mapped_rdns = (char **)calloc(nRdn, sizeof (char *))) == NULL) {
233 ldap_value_free(rdns);
234 return (NULL);
235 }
236
237 rdn_mapped = 0;
238 /* Break down RDNs in a DN */
239 for (i = 0; i < nRdn; i++) {
240 if ((new_rdn = _cvtRDN(service, rdns[i])) != NULL) {
241 mapped_rdns[i] = new_rdn;
242 rdn_mapped = 1;
243 }
244 }
245 if (rdn_mapped == 0) {
246 /*
247 * No RDN contains any attribute mapping.
248 * Don't bother to reconstruct DN from RDN. Copy DN directly.
249 */
250 new_dn = strdup(dn);
4213 return (rc);
4214 }
4215 if (result->entries_count > 1) {
4216 (void) __ns_ldap_freeResult(&result);
4217 result = NULL;
4218 *userDN = NULL;
4219 (void) sprintf(errstr,
4220 gettext("Too many entries are returned for %s"), uid);
4221 MKERROR(LOG_WARNING, *errorp, NS_LDAP_INTERNAL, strdup(errstr),
4222 NULL);
4223 return (NS_LDAP_INTERNAL);
4224 }
4225
4226 value = __ns_ldap_getAttr(result->entry, "dn");
4227 *userDN = strdup(value[0]);
4228 (void) __ns_ldap_freeResult(&result);
4229 result = NULL;
4230 return (NS_LDAP_SUCCESS);
4231 }
4232
4233
4234 /*ARGSUSED*/
4235 int
4236 __ns_ldap_host2dn(const char *host,
4237 const char *domain,
4238 char **hostDN,
4239 const ns_cred_t *cred, /* cred is ignored */
4240 ns_ldap_error_t **errorp)
4241 {
4242 ns_ldap_result_t *result = NULL;
4243 char *filter, *userdata;
4244 char errstr[MAXERROR];
4245 char **value;
4246 int rc;
4247 size_t len;
4248
4249 /*
4250 * XXX
4251 * the domain parameter needs to be used in case domain is not local, if
4252 * this routine is to support multi domain setups, it needs lots of work...
4253 */
4254 *errorp = NULL;
|
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
24 */
25
26 #include <stdio.h>
27 #include <sys/types.h>
28 #include <stdlib.h>
29 #include <libintl.h>
30 #include <ctype.h>
31 #include <syslog.h>
32 #include <sys/stat.h>
33 #include <fcntl.h>
34 #include <unistd.h>
35 #include <string.h>
36 #include <strings.h>
37 #include <priv.h>
38
39 #include "ns_sldap.h"
40 #include "ns_internal.h"
41 #include "ns_cache_door.h"
42 #include "ns_connmgmt.h"
43
211 * is converted to
212 * dn: cn=aaa+iphostnumber=9.9.9.9,dc=central,dc=sun,dc=com
213 *
214 * Input - service: e.g. hosts, passwd etc.
215 * dn: the value of a distinguished name
216 * Return - NULL: error
217 * non-NULL: A converted DN and the memory is allocated
218 */
219 static char *
220 _cvtDN(const char *service, const char *dn) {
221 char **mapped_rdns;
222 char **rdns, *new_rdn, *new_dn = NULL;
223 int nRdn = 0, i, len = 0, rdn_mapped;
224
225 if (service == NULL || dn == NULL)
226 return (NULL);
227
228 if ((rdns = ldap_explode_dn(dn, 0)) == NULL)
229 return (NULL);
230
231 for (nRdn = 0; rdns[nRdn] != NULL; nRdn++)
232 ;
233
234 if ((mapped_rdns = (char **)calloc(nRdn, sizeof (char *))) == NULL) {
235 ldap_value_free(rdns);
236 return (NULL);
237 }
238
239 rdn_mapped = 0;
240 /* Break down RDNs in a DN */
241 for (i = 0; i < nRdn; i++) {
242 if ((new_rdn = _cvtRDN(service, rdns[i])) != NULL) {
243 mapped_rdns[i] = new_rdn;
244 rdn_mapped = 1;
245 }
246 }
247 if (rdn_mapped == 0) {
248 /*
249 * No RDN contains any attribute mapping.
250 * Don't bother to reconstruct DN from RDN. Copy DN directly.
251 */
252 new_dn = strdup(dn);
4215 return (rc);
4216 }
4217 if (result->entries_count > 1) {
4218 (void) __ns_ldap_freeResult(&result);
4219 result = NULL;
4220 *userDN = NULL;
4221 (void) sprintf(errstr,
4222 gettext("Too many entries are returned for %s"), uid);
4223 MKERROR(LOG_WARNING, *errorp, NS_LDAP_INTERNAL, strdup(errstr),
4224 NULL);
4225 return (NS_LDAP_INTERNAL);
4226 }
4227
4228 value = __ns_ldap_getAttr(result->entry, "dn");
4229 *userDN = strdup(value[0]);
4230 (void) __ns_ldap_freeResult(&result);
4231 result = NULL;
4232 return (NS_LDAP_SUCCESS);
4233 }
4234
4235 #define _P_UID "uid"
4236 static const char *dn2uid_attrs[] = {
4237 _P_CN,
4238 _P_UID,
4239 (char *)NULL
4240 };
4241
4242 /*ARGSUSED*/
4243 int
4244 __ns_ldap_dn2uid(const char *dn,
4245 char **userID,
4246 const ns_cred_t *cred, /* cred is ignored */
4247 ns_ldap_error_t **errorp)
4248 {
4249 ns_ldap_result_t *result = NULL;
4250 char *filter, *userdata;
4251 char errstr[MAXERROR];
4252 char **value;
4253 int rc = 0;
4254 size_t len;
4255
4256 *errorp = NULL;
4257 *userID = NULL;
4258 if ((dn == NULL) || (dn[0] == '\0'))
4259 return (NS_LDAP_INVALID_PARAM);
4260
4261 len = strlen(UIDDNFILTER) + strlen(dn) + 1;
4262 filter = (char *)malloc(len);
4263 if (filter == NULL) {
4264 return (NS_LDAP_MEMORY);
4265 }
4266 (void) snprintf(filter, len, UIDDNFILTER, dn);
4267
4268 len = strlen(UIDDNFILTER_SSD) + strlen(dn) + 1;
4269 userdata = (char *)malloc(len);
4270 if (userdata == NULL) {
4271 return (NS_LDAP_MEMORY);
4272 }
4273 (void) snprintf(userdata, len, UIDDNFILTER_SSD, dn);
4274
4275 /*
4276 * Unlike uid2dn, we DO want attribute mapping, so that
4277 * "uid" is mapped to/from samAccountName, for example.
4278 */
4279 rc = __ns_ldap_list("passwd", filter,
4280 __s_api_merge_SSD_filter,
4281 dn2uid_attrs, cred, 0,
4282 &result, errorp, NULL,
4283 userdata);
4284 free(filter);
4285 filter = NULL;
4286 free(userdata);
4287 userdata = NULL;
4288 if (rc != NS_LDAP_SUCCESS)
4289 goto out;
4290
4291 if (result->entries_count > 1) {
4292 (void) sprintf(errstr,
4293 gettext("Too many entries are returned for %s"), dn);
4294 MKERROR(LOG_WARNING, *errorp, NS_LDAP_INTERNAL, strdup(errstr),
4295 NULL);
4296 rc = NS_LDAP_INTERNAL;
4297 goto out;
4298 }
4299
4300 value = __ns_ldap_getAttr(result->entry, _P_UID);
4301 if (value == NULL || value[0] == NULL) {
4302 rc = NS_LDAP_NOTFOUND;
4303 goto out;
4304 }
4305
4306 *userID = strdup(value[0]);
4307 rc = NS_LDAP_SUCCESS;
4308
4309 out:
4310 (void) __ns_ldap_freeResult(&result);
4311 result = NULL;
4312 return (rc);
4313 }
4314
4315 /*ARGSUSED*/
4316 int
4317 __ns_ldap_host2dn(const char *host,
4318 const char *domain,
4319 char **hostDN,
4320 const ns_cred_t *cred, /* cred is ignored */
4321 ns_ldap_error_t **errorp)
4322 {
4323 ns_ldap_result_t *result = NULL;
4324 char *filter, *userdata;
4325 char errstr[MAXERROR];
4326 char **value;
4327 int rc;
4328 size_t len;
4329
4330 /*
4331 * XXX
4332 * the domain parameter needs to be used in case domain is not local, if
4333 * this routine is to support multi domain setups, it needs lots of work...
4334 */
4335 *errorp = NULL;
|