OpenSolaris Launch

author: stevel@tonic-gate <none@none> 2005-06-14 00:00:00 -0700
committer: stevel@tonic-gate <none@none> 2005-06-14 00:00:00 -0700
commit: 7c478bd95313f5f23a4c958a745db2134aa03244 (patch)
tree: c871e58545497667cbb4b0a4f2daf204743e1fe7 /usr/src/lib/nsswitch/ldap/common/getexecattr.c
download: illumos-joyent-7c478bd95313f5f23a4c958a745db2134aa03244.tar.gz
1 files changed, 540 insertions, 0 deletions
diff --git a/usr/src/lib/nsswitch/ldap/common/getexecattr.c b/usr/src/lib/nsswitch/ldap/common/getexecattr.c
new file mode 100644
index 0000000000..4dfedc8628
--- /dev/null
+++ b/usr/src/lib/nsswitch/ldap/common/getexecattr.c
@@ -0,0 +1,540 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License").  You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+#include <secdb.h>
+#include <exec_attr.h>
+#include "ldap_common.h"
+
+
+/* exec_attr attributes filters */
+#define	ISWILD(x)		(x == NULL) ? "*" : x
+#define	_EXEC_NAME		"cn"
+#define	_EXEC_POLICY		"SolarisKernelSecurityPolicy"
+#define	_EXEC_TYPE		"SolarisProfileType"
+#define	_EXEC_RES1		"SolarisAttrRes1"
+#define	_EXEC_RES2		"SolarisAttrRes2"
+#define	_EXEC_ID		"SolarisProfileId"
+#define	_EXEC_ATTRS		"SolarisAttrKeyValue"
+#define	_EXEC_GETEXECNAME	"(&(objectClass=SolarisExecAttr)(cn=%s)"\
+				"(SolarisKernelSecurityPolicy=%s)"\
+				"(SolarisProfileType=%s))"
+#define	_EXEC_GETEXECNAME_SSD	"(&(%%s)(cn=%s)"\
+				"(SolarisKernelSecurityPolicy=%s)"\
+				"(SolarisProfileType=%s))"
+#define	_EXEC_GETEXECID		"(&(objectClass=SolarisExecAttr)"\
+				"(SolarisProfileId=%s)"\
+				"(SolarisKernelSecurityPolicy=%s)"\
+				"(SolarisProfileType=%s))"
+#define	_EXEC_GETEXECID_SSD	"(&(%%s)"\
+				"(SolarisProfileId=%s)"\
+				"(SolarisKernelSecurityPolicy=%s)"\
+				"(SolarisProfileType=%s))"
+#define	_EXEC_GETEXECNAMEID	"(&(objectClass=SolarisExecAttr)(cn=%s)"\
+				"(SolarisProfileId=%s)"\
+				"(SolarisKernelSecurityPolicy=%s)"\
+				"(SolarisProfileType=%s))"
+#define	_EXEC_GETEXECNAMEID_SSD	"(&(%%s)(cn=%s)"\
+				"(SolarisProfileId=%s)"\
+				"(SolarisKernelSecurityPolicy=%s)"\
+				"(SolarisProfileType=%s))"
+
+
+/* from libnsl */
+extern int _doexeclist(nss_XbyY_args_t *);
+extern char *_exec_wild_id(char *, const char *);
+extern void _exec_cleanup(nss_status_t, nss_XbyY_args_t *);
+
+
+static const char *exec_attrs[] = {
+	_EXEC_NAME,
+	_EXEC_POLICY,
+	_EXEC_TYPE,
+	_EXEC_RES1,
+	_EXEC_RES2,
+	_EXEC_ID,
+	_EXEC_ATTRS,
+	(char *)NULL
+};
+
+
+#ifdef	DEBUG
+static void
+_print_execstr(execstr_t *exec)
+{
+
+	(void) fprintf(stdout, "      exec-name: [%s]\n", exec->name);
+	if (exec->policy != (char *)NULL) {
+		(void) fprintf(stdout, "      policy: [%s]\n", exec->policy);
+	}
+	if (exec->type != (char *)NULL) {
+		(void) fprintf(stdout, "      type: [%s]\n", exec->type);
+	}
+	if (exec->res1 != (char *)NULL) {
+		(void) fprintf(stdout, "      res1: [%s]\n", exec->res1);
+	}
+	if (exec->res2 != (char *)NULL) {
+		(void) fprintf(stdout, "      res2: [%s]\n", exec->res2);
+	}
+	if (exec->id != (char *)NULL) {
+		(void) fprintf(stdout, "      id: [%s]\n", exec->id);
+	}
+	if (exec->attr != (char *)NULL) {
+		(void) fprintf(stdout, "      attr: [%s]\n", exec->attr);
+	}
+	if (exec->next != (execstr_t *)NULL) {
+		(void) fprintf(stdout, "      next: [%s]\n", exec->next->name);
+		(void) fprintf(stdout, "\n");
+		_print_execstr(exec->next);
+	}
+}
+#endif	/* DEBUG */
+
+
+static int
+_exec_ldap_exec2ent(ns_ldap_entry_t *entry, nss_XbyY_args_t *argp)
+{
+
+	int			i;
+	unsigned long		len = 0L;
+	int			buflen = (int)0;
+	char			*nullstring = (char *)NULL;
+	char			*buffer = (char *)NULL;
+	char			*ceiling = (char *)NULL;
+	execstr_t		*exec = (execstr_t *)NULL;
+	ns_ldap_attr_t		*attrptr;
+
+	buffer = argp->buf.buffer;
+	buflen = (size_t)argp->buf.buflen;
+	(void) memset(argp->buf.buffer, 0, buflen);
+	exec = (execstr_t *)(argp->buf.result);
+	ceiling = buffer + buflen;
+	exec->name = (char *)NULL;
+	exec->policy = (char *)NULL;
+	exec->type = (char *)NULL;
+	exec->res1 = (char *)NULL;
+	exec->res2 = (char *)NULL;
+	exec->id = (char *)NULL;
+	exec->attr = (char *)NULL;
+
+	for (i = 0; i < entry->attr_count; i++) {
+		attrptr = entry->attr_pair[i];
+		if (attrptr == NULL) {
+			return ((int)NSS_STR_PARSE_PARSE);
+		}
+		if (strcasecmp(attrptr->attrname, _EXEC_NAME) == 0) {
+			if ((attrptr->attrvalue[0] == NULL) ||
+			    (len = strlen(attrptr->attrvalue[0])) < 1) {
+				return ((int)NSS_STR_PARSE_PARSE);
+			}
+			exec->name = buffer;
+			buffer += len + 1;
+			if (buffer >= ceiling) {
+				return ((int)NSS_STR_PARSE_ERANGE);
+			}
+			(void) strcpy(exec->name, attrptr->attrvalue[0]);
+			continue;
+		}
+		if (strcasecmp(attrptr->attrname, _EXEC_POLICY) == 0) {
+			if ((attrptr->attrvalue[0] == NULL) ||
+			    (len = strlen(attrptr->attrvalue[0])) < 1) {
+				exec->policy = nullstring;
+			} else {
+				exec->policy = buffer;
+				buffer += len + 1;
+				if (buffer >= ceiling) {
+					return ((int)NSS_STR_PARSE_ERANGE);
+				}
+				(void) strcpy(exec->policy,
+				    attrptr->attrvalue[0]);
+			}
+			continue;
+		}
+		if (strcasecmp(attrptr->attrname, _EXEC_TYPE) == 0) {
+			if ((attrptr->attrvalue[0] == NULL) ||
+			    (len = strlen(attrptr->attrvalue[0])) < 1) {
+				exec->type = nullstring;
+			} else {
+				exec->type = buffer;
+				buffer += len + 1;
+				if (buffer >= ceiling) {
+					return ((int)NSS_STR_PARSE_ERANGE);
+				}
+				(void) strcpy(exec->type,
+				    attrptr->attrvalue[0]);
+			}
+			continue;
+		}
+		if (strcasecmp(attrptr->attrname, _EXEC_RES1) == 0) {
+			if ((attrptr->attrvalue[0] == NULL) ||
+			    (len = strlen(attrptr->attrvalue[0])) < 1) {
+				exec->res1 = nullstring;
+			} else {
+				exec->res1 = buffer;
+				buffer += len + 1;
+				if (buffer >= ceiling) {
+					return ((int)NSS_STR_PARSE_ERANGE);
+				}
+				(void) strcpy(exec->res1,
+				    attrptr->attrvalue[0]);
+			}
+			continue;
+		}
+		if (strcasecmp(attrptr->attrname, _EXEC_RES2) == 0) {
+			if ((attrptr->attrvalue[0] == NULL) ||
+			    (len = strlen(attrptr->attrvalue[0])) < 1) {
+				exec->res2 = nullstring;
+			} else {
+				exec->res2 = buffer;
+				buffer += len + 1;
+				if (buffer >= ceiling) {
+					return ((int)NSS_STR_PARSE_ERANGE);
+				}
+				(void) strcpy(exec->res2,
+				    attrptr->attrvalue[0]);
+			}
+			continue;
+		}
+		if (strcasecmp(attrptr->attrname, _EXEC_ID) == 0) {
+			if ((attrptr->attrvalue[0] == NULL) ||
+			    (len = strlen(attrptr->attrvalue[0])) < 1) {
+				exec->id = nullstring;
+			} else {
+				exec->id = buffer;
+				buffer += len + 1;
+				if (buffer >= ceiling) {
+					return ((int)NSS_STR_PARSE_ERANGE);
+				}
+				(void) strcpy(exec->id, attrptr->attrvalue[0]);
+			}
+			continue;
+		}
+		if (strcasecmp(attrptr->attrname, _EXEC_ATTRS) == 0) {
+			if ((attrptr->attrvalue[0] == NULL) ||
+			    (len = strlen(attrptr->attrvalue[0])) < 1) {
+				exec->attr = nullstring;
+			} else {
+				exec->attr = buffer;
+				buffer += len + 1;
+				if (buffer >= ceiling) {
+					return ((int)NSS_STR_PARSE_ERANGE);
+				}
+				(void) strcpy(exec->attr,
+				    attrptr->attrvalue[0]);
+			}
+			continue;
+		}
+	}
+
+	exec->next = (execstr_t *)NULL;
+
+#ifdef	DEBUG
+	(void) fprintf(stdout, "\n[getexecattr.c: _exec_ldap_exec2ent]\n");
+	_print_execstr(exec);
+#endif	/* DEBUG */
+
+	return ((int)NSS_STR_PARSE_SUCCESS);
+}
+
+
+/*
+ * place the results from ldap object structure into argp->buf.result
+ * returns NSS_STR_PARSE_{SUCCESS, ERANGE, PARSE}
+ */
+static int
+_nss_ldap_exec2ent(ldap_backend_ptr be, nss_XbyY_args_t *argp)
+{
+	int			status = (int)NSS_STR_PARSE_SUCCESS;
+	ns_ldap_entry_t		*entry;
+	ns_ldap_result_t	*result = be->result;
+
+	if (!argp->buf.result) {
+		status = (int)NSS_STR_PARSE_ERANGE;
+		goto result_exec2ent;
+	}
+
+	for (entry = result->entry; entry != NULL; entry = entry->next) {
+		status = _exec_ldap_exec2ent(entry, argp);
+		if (status != NSS_STR_PARSE_SUCCESS) {
+			goto result_exec2ent;
+		}
+	}
+
+result_exec2ent:
+	(void) __ns_ldap_freeResult(&be->result);
+	return (status);
+}
+
+
+static nss_status_t
+_exec_process_val(ldap_backend_ptr be, nss_XbyY_args_t *argp)
+{
+	int 			status;
+	nss_status_t		nss_stat = NSS_UNAVAIL;
+	ns_ldap_attr_t		*attrptr;
+	ns_ldap_entry_t		*entry;
+	ns_ldap_result_t	*result = be->result;
+	_priv_execattr	*_priv_exec = (_priv_execattr *)(argp->key.attrp);
+
+#ifdef	DEBUG
+	(void) fprintf(stdout, "\n[getexecattr.c: _exec_process_val]\n");
+#endif	/* DEBUG */
+
+	argp->returnval = NULL;
+	attrptr = getattr(result, 0);
+	if (attrptr == NULL) {
+		(void) __ns_ldap_freeResult(&be->result);
+		return (nss_stat);
+	}
+	for (entry = result->entry; entry != NULL; entry = entry->next) {
+		status = _exec_ldap_exec2ent(entry, argp);
+		switch (status) {
+		case NSS_STR_PARSE_SUCCESS:
+			argp->returnval = argp->buf.result;
+			nss_stat = NSS_SUCCESS;
+			if (_priv_exec->search_flag == GET_ALL) {
+				if (_doexeclist(argp) == 0) {
+					nss_stat = NSS_UNAVAIL;
+				}
+			}
+			break;
+		case NSS_STR_PARSE_ERANGE:
+			argp->erange = 1;
+			nss_stat = NSS_NOTFOUND;
+			break;
+		case NSS_STR_PARSE_PARSE:
+			nss_stat = NSS_NOTFOUND;
+			break;
+		default:
+			nss_stat = NSS_UNAVAIL;
+			break;
+		}
+
+		if ((_priv_exec->search_flag == GET_ONE) ||
+		    (nss_stat != NSS_SUCCESS)) {
+			break;
+		}
+	}
+
+	return (nss_stat);
+}
+
+
+/*
+ * Check if we have either an exact match or a wild-card entry for that id.
+ */
+static nss_status_t
+get_wild(ldap_backend_ptr be, nss_XbyY_args_t *argp, int getby_flag)
+{
+	char		*dup_id = NULL;
+	char		*wild_id;
+	char		searchfilter[SEARCHFILTERLEN];
+	char		userdata[SEARCHFILTERLEN];
+	char		name[SEARCHFILTERLEN];
+	char		id[SEARCHFILTERLEN];
+	int		ret;
+	nss_status_t	nss_stat = NSS_NOTFOUND;
+	_priv_execattr	*_priv_exec = (_priv_execattr *)(argp->key.attrp);
+	const char	*policy = _priv_exec->policy;
+	const char	*type = _priv_exec->type;
+
+	if (strpbrk(policy, "*()\\") != NULL ||
+	    type != NULL && strpbrk(type, "*()\\") != NULL)
+		return ((nss_status_t)NSS_NOTFOUND);
+
+	if (_priv_exec->id != NULL)
+		dup_id = strdup(_priv_exec->id);
+
+	switch (getby_flag) {
+	case NSS_DBOP_EXECATTR_BYNAMEID:
+		if (_ldap_filter_name(name, _priv_exec->name,
+		    sizeof (name)) != 0)
+			goto go_out;
+		break;
+	}
+
+	wild_id = dup_id;
+	do {
+		if (wild_id != NULL) {
+			if (_ldap_filter_name(id, wild_id, sizeof (id)) != 0)
+				goto go_out;
+		} else
+			(void) strlcpy(id, "*", sizeof (id));
+
+		switch (getby_flag) {
+		case NSS_DBOP_EXECATTR_BYID:
+			ret = snprintf(searchfilter, sizeof (searchfilter),
+			    _EXEC_GETEXECID, id, policy, ISWILD(type));
+			if (ret >= sizeof (searchfilter) || ret < 0)
+				goto go_out;
+			ret = snprintf(userdata, sizeof (userdata),
+			    _EXEC_GETEXECID_SSD, id, policy, ISWILD(type));
+			if (ret >= sizeof (userdata) || ret < 0)
+				goto go_out;
+			break;
+
+		case NSS_DBOP_EXECATTR_BYNAMEID:
+			ret = snprintf(searchfilter, sizeof (searchfilter),
+			    _EXEC_GETEXECNAMEID, name, id,
+			    policy, ISWILD(type));
+			if (ret >= sizeof (searchfilter) || ret < 0)
+				goto go_out;
+			ret = snprintf(userdata, sizeof (userdata),
+			    _EXEC_GETEXECNAMEID_SSD, name, id,
+			    policy, ISWILD(type));
+			if (ret >= sizeof (userdata) || ret < 0)
+				goto go_out;
+			break;
+
+		default:
+			goto go_out;
+		}
+		nss_stat = _nss_ldap_nocb_lookup(be, argp, _EXECATTR,
+		    searchfilter, NULL, _merge_SSD_filter, userdata);
+		if (nss_stat == NSS_SUCCESS)
+			break;
+	} while ((wild_id = _exec_wild_id(wild_id, type)) != NULL);
+
+go_out:
+	free(dup_id);
+
+	return (nss_stat);
+}
+
+static nss_status_t
+getbynam(ldap_backend_ptr be, void *a)
+{
+	char		searchfilter[SEARCHFILTERLEN];
+	char		userdata[SEARCHFILTERLEN];
+	char		name[SEARCHFILTERLEN];
+	int		ret;
+	nss_status_t	nss_stat;
+	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
+	_priv_execattr	*_priv_exec = (_priv_execattr *)(argp->key.attrp);
+	const char	*policy = _priv_exec->policy;
+	const char	*type = _priv_exec->type;
+
+#ifdef	DEBUG
+	(void) fprintf(stdout, "\n[getexecattr.c: getbyname]\n");
+#endif	/* DEBUG */
+
+	if (strpbrk(policy, "*()\\") != NULL ||
+	    type != NULL && strpbrk(type, "*()\\") != NULL ||
+	    _ldap_filter_name(name, _priv_exec->name, sizeof (name)) != 0)
+		return ((nss_status_t)NSS_NOTFOUND);
+	ret = snprintf(searchfilter, sizeof (searchfilter),
+	    _EXEC_GETEXECNAME, name, policy, ISWILD(type));
+	if (ret >= sizeof (searchfilter) || ret < 0)
+		return ((nss_status_t)NSS_NOTFOUND);
+	ret = snprintf(userdata, sizeof (userdata),
+	    _EXEC_GETEXECNAME_SSD, name, policy, ISWILD(type));
+	if (ret >= sizeof (userdata) || ret < 0)
+		return ((nss_status_t)NSS_NOTFOUND);
+
+	nss_stat = _nss_ldap_nocb_lookup(be, argp, _EXECATTR,
+	    searchfilter, NULL, _merge_SSD_filter, userdata);
+
+	if (nss_stat == NSS_SUCCESS)
+		nss_stat = _exec_process_val(be, argp);
+
+	_exec_cleanup(nss_stat, argp);
+
+	return (nss_stat);
+}
+
+
+static nss_status_t
+getbyid(ldap_backend_ptr be, void *a)
+{
+	nss_status_t	nss_stat;
+	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
+
+#ifdef	DEBUG
+	(void) fprintf(stdout, "\n[getexecattr.c: getbyid]\n");
+#endif	/* DEBUG */
+
+	nss_stat = get_wild(be, argp, NSS_DBOP_EXECATTR_BYID);
+
+	if (nss_stat == NSS_SUCCESS)
+		nss_stat = _exec_process_val(be, argp);
+
+	_exec_cleanup(nss_stat, argp);
+
+	return (nss_stat);
+}
+
+
+static nss_status_t
+getbynameid(ldap_backend_ptr be, void *a)
+{
+	nss_status_t	nss_stat;
+	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
+
+#ifdef	DEBUG
+	(void) fprintf(stdout, "\n[getexecattr.c: getbynameid]\n");
+#endif	/* DEBUG */
+
+	nss_stat = get_wild(be, argp, NSS_DBOP_EXECATTR_BYNAMEID);
+
+	if (nss_stat == NSS_SUCCESS)
+		nss_stat = _exec_process_val(be, argp);
+
+	_exec_cleanup(nss_stat, argp);
+
+	return (nss_stat);
+}
+
+
+static ldap_backend_op_t execattr_ops[] = {
+	_nss_ldap_destr,
+	_nss_ldap_endent,
+	_nss_ldap_setent,
+	_nss_ldap_getent,
+	getbynam,
+	getbyid,
+	getbynameid
+};
+
+
+/*ARGSUSED0*/
+nss_backend_t *
+_nss_ldap_exec_attr_constr(const char *dummy1,
+    const char *dummy2,
+    const char *dummy3,
+    const char *dummy4,
+    const char *dummy5,
+    const char *dummy6,
+    const char *dummy7)
+{
+#ifdef	DEBUG
+	(void) fprintf(stdout,
+	    "\n[getexecattr.c: _nss_ldap_exec_attr_constr]\n");
+#endif
+	return ((nss_backend_t *)_nss_ldap_constr(execattr_ops,
+		sizeof (execattr_ops)/sizeof (execattr_ops[0]), _EXECATTR,
+		exec_attrs, _nss_ldap_exec2ent));
+}
author	stevel@tonic-gate <none@none>	2005-06-14 00:00:00 -0700
committer	stevel@tonic-gate <none@none>	2005-06-14 00:00:00 -0700
commit	7c478bd95313f5f23a4c958a745db2134aa03244 (patch)
tree	c871e58545497667cbb4b0a4f2daf204743e1fe7 /usr/src/lib/nsswitch/ldap/common/getexecattr.c
download	illumos-joyent-7c478bd95313f5f23a4c958a745db2134aa03244.tar.gz