10990 Get UNIX group info. from AD/LDAP with partial RFC2307 schema

Reviewed by: Matt Barden <matt.barden@nexenta.com> Reviewed by: Evan Layton <evan.layton@nexenta.com> Reviewed by: Chris Ridd <chrisridd@mac.com> Approved by: Dan McDonald <danmcd@joyent.com>
author: Gordon Ross <gwr@nexenta.com> 2017-09-07 16:12:22 -0400
committer: Gordon Ross <gwr@nexenta.com> 2019-05-30 17:30:45 -0400
commit: 695ef821379e863d33c30fb148f4ecf87038b246 (patch)
tree: 97ce963e87bde32470e5c27252477301645aeca6 /usr/src/lib/libsldap
parent: dbcaafbddbc82f9a7b3310551c4bcdb862b2515a (diff)
download: illumos-joyent-695ef821379e863d33c30fb148f4ecf87038b246.tar.gz
6 files changed, 111 insertions, 18 deletions
diff --git a/usr/src/lib/libsldap/common/mapfile-vers b/usr/src/lib/libsldap/common/mapfile-vers
index 8c88eb55bb..542afde60c 100644
--- a/usr/src/lib/libsldap/common/mapfile-vers
+++ b/usr/src/lib/libsldap/common/mapfile-vers
@@ -20,6 +20,7 @@
 #
 #
 # Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
 #
 #
 
@@ -48,6 +49,7 @@ SYMBOL_VERSION SUNWprivate_1.1 {
 	__ns_ldap_check_all_preq;
 	__ns_ldap_check_dns_preq;
 	__ns_ldap_check_gssapi_preq;
+	__ns_ldap_dn2uid;
 	__ns_ldap_getAcctMgmt;
 	__ns_ldap_getAttrStruct;
 	__ns_ldap_getConnectionInfoFromDUA;
diff --git a/usr/src/lib/libsldap/common/ns_connmgmt.c b/usr/src/lib/libsldap/common/ns_connmgmt.c
index 1bacf7fdd8..975d5ad079 100755..100644
--- a/usr/src/lib/libsldap/common/ns_connmgmt.c
+++ b/usr/src/lib/libsldap/common/ns_connmgmt.c
@@ -21,10 +21,10 @@
 /*
  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <string.h>
 #include <errno.h>
 #include <syslog.h>
diff --git a/usr/src/lib/libsldap/common/ns_connmgmt.h b/usr/src/lib/libsldap/common/ns_connmgmt.h
index bb7849bf86..5d4040a95b 100755..100644
--- a/usr/src/lib/libsldap/common/ns_connmgmt.h
+++ b/usr/src/lib/libsldap/common/ns_connmgmt.h
@@ -21,14 +21,13 @@
 /*
  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  */
 
-
 #ifndef	_NS_CONNMGMT_H
 #define	_NS_CONNMGMT_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/usr/src/lib/libsldap/common/ns_internal.h b/usr/src/lib/libsldap/common/ns_internal.h
index bc46e6df6e..9a7e076c5a 100644
--- a/usr/src/lib/libsldap/common/ns_internal.h
+++ b/usr/src/lib/libsldap/common/ns_internal.h
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  */
 
 
@@ -63,9 +64,12 @@ extern "C" {
 #define	CREDFILE		0
 #define	CONFIGFILE		1
 #define	UIDNUMFILTER		"(&(objectclass=posixAccount)(uidnumber=%s))"
-#define	UIDNUMFILTER_SSD 	"(&(%%s)(uidnumber=%s))"
+#define	UIDNUMFILTER_SSD	"(&(%%s)(uidnumber=%s))"
 #define	UIDFILTER		"(&(objectclass=posixAccount)(uid=%s))"
 #define	UIDFILTER_SSD		"(&(%%s)(uid=%s))"
+#define	UIDDNFILTER	"(&(objectclass=posixAccount)(distinguishedName=%s))"
+#define	UIDDNFILTER_SSD		"(&(%%s)(distinguishedName=%s))"
+
 #define	HOSTFILTER		"(&(objectclass=ipHost)(cn=%s))"
 #define	HOSTFILTER_SSD		"(&(%%s)(cn=%s))"
 
@@ -455,7 +459,7 @@ typedef struct ns_default_config {
 	ns_conftype_t	config_type;	/* CLIENT/SERVER/CREDCONFIG */
 	ns_datatype_t	data_type;	/* ppc,pi,pc,int etc... */
 	int		single_valued;	/* TRUE OR FALSE */
-	ns_version_t 	version;	/* Version # for attribute */
+	ns_version_t	version;	/* Version # for attribute */
 	const char	*profile_name;	/* profile schema attribute name */
 	ns_param_t	defval;		/* config file parameter default */
 	int		(*ns_verify)(ParamIndexType i,
@@ -579,7 +583,7 @@ typedef struct connection {
 	LDAP			*ld;
 	thread_t		threadID;	/* thread ID using it */
 	struct ns_ldap_cookie	*cookieInfo;
-	char 			**controls;		/* from server_info */
+	char			**controls;		/* from server_info */
 	char			**saslMechanisms;	/* from server_info */
 } Connection;
 
@@ -626,7 +630,7 @@ typedef struct ns_ldap_cookie {
 
 		/* search filter callback */
 	int			use_filtercb;
-	int 	(*init_filter_cb)(const ns_ldap_search_desc_t *desc,
+	int	(*init_filter_cb)(const ns_ldap_search_desc_t *desc,
 			char **realfilter, const void *userdata);
 
 		/* user callback */
@@ -642,7 +646,7 @@ typedef struct ns_ldap_cookie {
 	const char * const	*i_attr;
 	const char		*i_sortattr;
 	const ns_cred_t		*i_auth;
-	int 			i_flags;
+	int			i_flags;
 
 	/* OUTPUTS */
 	ns_ldap_result_t	*result;
@@ -679,12 +683,12 @@ typedef struct ns_ldap_cookie {
 	char			**dns;
 	char			*currentdn;
 	int			flag;
-	struct berval   	*ctrlCookie;
+	struct berval		*ctrlCookie;
 
 	/* REFERRALS PROCESSING */
 	/* referralinfo list & position */
-	ns_referral_info_t  	*reflist;
-	ns_referral_info_t  	*refpos;
+	ns_referral_info_t	*reflist;
+	ns_referral_info_t	*refpos;
 	/* search timeout value */
 	struct timeval		search_timeout;
 	/* response control to hold account management information */
@@ -713,7 +717,7 @@ typedef struct ns_ldap_cookie {
 typedef struct ns_server_info {
 	char	*server;
 	char	*serverFQDN;
-	char 	**controls;
+	char	**controls;
 	char	**saslMechanisms;
 } ns_server_info_t;
 
@@ -873,7 +877,7 @@ __ns_ldap_check_all_preq(int foreground,
 		ns_ldap_error_t **errpp);
 
 /* internal un-exposed APIs */
-ns_cred_t 	*__ns_ldap_dupAuth(const ns_cred_t *authp);
+ns_cred_t	*__ns_ldap_dupAuth(const ns_cred_t *authp);
 boolean_t	__s_api_is_auth_matched(const ns_cred_t *auth1,
 		    const ns_cred_t *auth2);
 int		__s_api_get_SSD_from_SSDtoUse_service(const char *service,
@@ -901,10 +905,10 @@ void		__s_api_free_server_info(ns_server_info_t *sinfo);
 void		__s_api_freeConnection(Connection *con);
 
 /* internal referrals APIs */
-int 		__s_api_toFollowReferrals(const int flags,
+int		__s_api_toFollowReferrals(const int flags,
 			int *toFollow,
 			ns_ldap_error_t **errorp);
-int 		__s_api_addRefInfo(ns_referral_info_t **head,
+int		__s_api_addRefInfo(ns_referral_info_t **head,
 			char *url, char *baseDN, int *scope,
 			char *filter, LDAP *ld);
 void		__s_api_deleteRefInfo(ns_referral_info_t *head);
diff --git a/usr/src/lib/libsldap/common/ns_reads.c b/usr/src/lib/libsldap/common/ns_reads.c
index 726aea2bc1..83e93cd3d0 100644
--- a/usr/src/lib/libsldap/common/ns_reads.c
+++ b/usr/src/lib/libsldap/common/ns_reads.c
@@ -20,6 +20,7 @@
  */
 /*
  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #include <stdio.h>
@@ -227,7 +228,8 @@ _cvtDN(const char *service, const char *dn) {
 	if ((rdns = ldap_explode_dn(dn, 0)) == NULL)
 		return (NULL);
 
-	for (nRdn = 0; rdns[nRdn] != NULL; nRdn++);
+	for (nRdn = 0; rdns[nRdn] != NULL; nRdn++)
+		;
 
 	if ((mapped_rdns = (char **)calloc(nRdn, sizeof (char *))) == NULL) {
 		ldap_value_free(rdns);
@@ -4231,6 +4233,85 @@ __ns_ldap_uid2dn(const char *uid,
 	return (NS_LDAP_SUCCESS);
 }
 
+#define	_P_UID	"uid"
+static const char *dn2uid_attrs[] = {
+	_P_CN,
+	_P_UID,
+	(char *)NULL
+};
+
+/*ARGSUSED*/
+int
+__ns_ldap_dn2uid(const char *dn,
+		char **userID,
+		const ns_cred_t *cred,	/* cred is ignored */
+		ns_ldap_error_t **errorp)
+{
+	ns_ldap_result_t	*result = NULL;
+	char		*filter, *userdata;
+	char		errstr[MAXERROR];
+	char		**value;
+	int		rc = 0;
+	size_t		len;
+
+	*errorp = NULL;
+	*userID = NULL;
+	if ((dn == NULL) || (dn[0] == '\0'))
+		return (NS_LDAP_INVALID_PARAM);
+
+	len = strlen(UIDDNFILTER) + strlen(dn) + 1;
+	filter = (char *)malloc(len);
+	if (filter == NULL) {
+		return (NS_LDAP_MEMORY);
+	}
+	(void) snprintf(filter, len, UIDDNFILTER, dn);
+
+	len = strlen(UIDDNFILTER_SSD) + strlen(dn) + 1;
+	userdata = (char *)malloc(len);
+	if (userdata == NULL) {
+		return (NS_LDAP_MEMORY);
+	}
+	(void) snprintf(userdata, len, UIDDNFILTER_SSD, dn);
+
+	/*
+	 * Unlike uid2dn, we DO want attribute mapping, so that
+	 * "uid" is mapped to/from samAccountName, for example.
+	 */
+	rc = __ns_ldap_list("passwd", filter,
+	    __s_api_merge_SSD_filter,
+	    dn2uid_attrs, cred, 0,
+	    &result, errorp, NULL,
+	    userdata);
+	free(filter);
+	filter = NULL;
+	free(userdata);
+	userdata = NULL;
+	if (rc != NS_LDAP_SUCCESS)
+		goto out;
+
+	if (result->entries_count > 1) {
+		(void) sprintf(errstr,
+		    gettext("Too many entries are returned for %s"), dn);
+		MKERROR(LOG_WARNING, *errorp, NS_LDAP_INTERNAL, strdup(errstr),
+		    NULL);
+		rc = NS_LDAP_INTERNAL;
+		goto out;
+	}
+
+	value = __ns_ldap_getAttr(result->entry, _P_UID);
+	if (value == NULL || value[0] == NULL) {
+		rc = NS_LDAP_NOTFOUND;
+		goto out;
+	}
+
+	*userID = strdup(value[0]);
+	rc = NS_LDAP_SUCCESS;
+
+out:
+	(void) __ns_ldap_freeResult(&result);
+	result = NULL;
+	return (rc);
+}
 
 /*ARGSUSED*/
 int
diff --git a/usr/src/lib/libsldap/common/ns_sldap.h b/usr/src/lib/libsldap/common/ns_sldap.h
index 7d27d20371..fbee323739 100644
--- a/usr/src/lib/libsldap/common/ns_sldap.h
+++ b/usr/src/lib/libsldap/common/ns_sldap.h
@@ -20,6 +20,7 @@
  */
 /*
  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  */
 
 
@@ -814,6 +815,12 @@ int  __ns_ldap_uid2dn(
 	const ns_cred_t *cred,
 	ns_ldap_error_t ** errorp);
 
+int  __ns_ldap_dn2uid(
+	const char *dn,
+	char **userID,
+	const ns_cred_t *cred,
+	ns_ldap_error_t ** errorp);
+
 int  __ns_ldap_host2dn(
 	const char *host,
 	const char *domain,
author	Gordon Ross <gwr@nexenta.com>	2017-09-07 16:12:22 -0400
committer	Gordon Ross <gwr@nexenta.com>	2019-05-30 17:30:45 -0400
commit	695ef821379e863d33c30fb148f4ecf87038b246 (patch)
tree	97ce963e87bde32470e5c27252477301645aeca6 /usr/src/lib/libsldap
parent	dbcaafbddbc82f9a7b3310551c4bcdb862b2515a (diff)
download	illumos-joyent-695ef821379e863d33c30fb148f4ecf87038b246.tar.gz