diff options
| author | Baban Kenkre <Baban.Kenkre@Sun.COM> | 2008-11-07 12:09:53 -0800 |
|---|---|---|
| committer | Baban Kenkre <Baban.Kenkre@Sun.COM> | 2008-11-07 12:09:53 -0800 |
| commit | 2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1f (patch) | |
| tree | b9f0bc817d950cefb1af4653dad8de547a17e061 /usr/src/lib/passwdutil/switch_utils.c | |
| parent | 0a2b1d27cac02f57e17b310f8baeb1dda082c83a (diff) | |
| download | illumos-joyent-2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1f.tar.gz | |
PSARC/2008/441 Active Directory name service module (nss_ad)
6722476 name service switch module for AD (nss_ad) needed
Diffstat (limited to 'usr/src/lib/passwdutil/switch_utils.c')
| -rw-r--r-- | usr/src/lib/passwdutil/switch_utils.c | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/usr/src/lib/passwdutil/switch_utils.c b/usr/src/lib/passwdutil/switch_utils.c index 3b2221bff7..8145ed360e 100644 --- a/usr/src/lib/passwdutil/switch_utils.c +++ b/usr/src/lib/passwdutil/switch_utils.c @@ -23,7 +23,6 @@ * Use is subject to license terms. */ - #include <sys/types.h> #include <nsswitch.h> #include <stdlib.h> @@ -134,6 +133,8 @@ get_ns(pwu_repository_t *rep, int accesstype) enum __nsw_parse_err pserr; struct __nsw_lookup *lkp; struct __nsw_lookup *lkp2; + struct __nsw_lookup *lkp3; + struct __nsw_lookup *lkpn; int result = REP_NOREP; if (rep != PWU_DEFAULT_REP) { @@ -150,7 +151,7 @@ get_ns(pwu_repository_t *rep, int accesstype) * find the name service switch entry. (Backward compat) */ syslog(LOG_ERR, "passwdutil.so: nameservice switch entry for " - "passwd not found."); + "passwd not found."); result = REP_FILES | REP_NIS; return (result); } @@ -158,9 +159,13 @@ get_ns(pwu_repository_t *rep, int accesstype) lkp = conf->lookups; /* - * Supported nsswitch.conf can have a maximum of 2 repositories. + * Supported nsswitch.conf can have a maximum of 3 repositories. * If we encounter an unsupported nsswitch.conf, we return REP_NSS * to fall back to the nsswitch backend. + * + * Note that specifying 'ad' in the configuration is acceptable + * though changing AD users' passwords through passwd(1) is not. + * Therefore "ad" will be silently ignored. */ if (conf->num_lookups == 1) { /* files or compat */ @@ -185,6 +190,35 @@ get_ns(pwu_repository_t *rep, int accesstype) result |= REP_NIS; else if (strcmp(lkp2->service_name, "nisplus") == 0) result |= REP_NISPLUS; + else if (strcmp(lkp2->service_name, "ad") != 0) + result = REP_NSS; + /* AD is ignored */ + } else { + result = REP_NSS; + } + } else if (conf->num_lookups == 3) { + /* + * Valid configurations with 3 repositories are: + * files ad [nis | ldap | nisplus] OR + * files [nis | ldap | nisplus] ad + */ + lkp2 = lkp->next; + lkp3 = lkp2->next; + if (strcmp(lkp2->service_name, "ad") == 0) + lkpn = lkp3; + else if (strcmp(lkp3->service_name, "ad") == 0) + lkpn = lkp2; + else + lkpn = NULL; + if (strcmp(lkp->service_name, "files") == 0 && + lkpn != NULL) { + result = REP_FILES; + if (strcmp(lkpn->service_name, "ldap") == 0) + result |= REP_LDAP; + else if (strcmp(lkpn->service_name, "nis") == 0) + result |= REP_NIS; + else if (strcmp(lkpn->service_name, "nisplus") == 0) + result |= REP_NISPLUS; else result = REP_NSS; } else { |