1 files changed, 298 insertions, 0 deletions
diff --git a/usr/src/lib/nsswitch/ldap/common/getspent.c b/usr/src/lib/nsswitch/ldap/common/getspent.c
new file mode 100644
index 0000000000..cf5ea84652
--- /dev/null
+++ b/usr/src/lib/nsswitch/ldap/common/getspent.c
@@ -0,0 +1,298 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License").  You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+#include <shadow.h>
+#include <stdlib.h>
+#include "ldap_common.h"
+
+/* shadow attributes filters */
+#define	_S_CN			"cn"
+#define	_S_UID			"uid"
+#define	_S_USERPASSWORD		"userpassword"
+#define	_S_FLAG			"shadowflag"
+
+#define	_F_GETSPNAM		"(&(objectClass=shadowAccount)(uid=%s))"
+#define	_F_GETSPNAM_SSD		"(&(%%s)(uid=%s))"
+
+static const char *sp_attrs[] = {
+	_S_UID,
+	_S_USERPASSWORD,
+	_S_FLAG,
+	(char *)NULL
+};
+
+
+extern ns_ldap_attr_t *getattr(ns_ldap_result_t *result, int i);
+
+/*
+ * _nss_ldap_shadow2ent is the data marshaling method for the passwd getXbyY
+ * (e.g., getspnam(), getspent()) backend processes. This method is called after
+ * a successful ldap search has been performed. This method will parse the
+ * ldap search values into struct spwd = argp->buf.buffer which the frontend
+ * process expects. Three error conditions are expected and returned to
+ * nsswitch.
+ */
+
+static int
+_nss_ldap_shadow2ent(ldap_backend_ptr be, nss_XbyY_args_t *argp)
+{
+	int		i = 0;
+	int		nss_result;
+	int		buflen = (int)0;
+	unsigned long	len = 0L;
+	char		*buffer = (char *)NULL;
+	char		*ceiling = (char *)NULL;
+	char		*pw_passwd = (char *)NULL;
+	char		*nullstring = (char *)NULL;
+	char		np[] = "*NP*";
+	ns_ldap_result_t	*result = be->result;
+	ns_ldap_attr_t	*attrptr;
+	long		ltmp = (long)0L;
+	struct spwd	*spd = (struct spwd *)NULL;
+
+#ifdef DEBUG
+	(void) fprintf(stdout, "\n[getspent.c: _nss_ldap_shadow2ent]\n");
+#endif /* DEBUG */
+
+	buffer = argp->buf.buffer;
+	buflen = (size_t)argp->buf.buflen;
+	if (!argp->buf.result) {
+		nss_result = (int)NSS_STR_PARSE_ERANGE;
+		goto result_spd2ent;
+	}
+	spd = (struct spwd *)argp->buf.result;
+	ceiling = buffer + buflen;
+	nullstring = (buffer + (buflen - 1));
+
+	/* Default values */
+	spd->sp_lstchg = -1;	spd->sp_min    = -1;
+	spd->sp_max    = -1;	spd->sp_warn   = -1;
+	spd->sp_inact  = -1;	spd->sp_expire = -1;
+	spd->sp_flag   = 0;	spd->sp_pwdp = NULL;
+
+	nss_result = (int)NSS_STR_PARSE_SUCCESS;
+	(void) memset(buffer, 0, buflen);
+
+	attrptr = getattr(result, 0);
+	if (attrptr == NULL) {
+		nss_result = (int)NSS_STR_PARSE_PARSE;
+		goto result_spd2ent;
+	}
+
+	for (i = 0; i < result->entry->attr_count; i++) {
+		attrptr = getattr(result, i);
+		if (strcasecmp(attrptr->attrname, _S_UID) == 0) {
+			if ((attrptr->attrvalue[0] == NULL) ||
+			    (len = strlen(attrptr->attrvalue[0])) < 1) {
+				nss_result = (int)NSS_STR_PARSE_PARSE;
+				goto result_spd2ent;
+			}
+			spd->sp_namp = buffer;
+			buffer += len + 1;
+			if (buffer >= ceiling) {
+				nss_result = (int)NSS_STR_PARSE_ERANGE;
+				goto result_spd2ent;
+			}
+			(void) strcpy(spd->sp_namp, attrptr->attrvalue[0]);
+			continue;
+		}
+		if (strcasecmp(attrptr->attrname, _S_USERPASSWORD) == 0) {
+			if (attrptr->attrvalue[0] == '\0') {
+				spd->sp_pwdp = nullstring;
+				nss_result = (int)NSS_STR_PARSE_PARSE;
+				goto result_spd2ent;
+			}
+			pw_passwd = attrptr->attrvalue[0];
+			if (pw_passwd) {
+				char	*tmp;
+
+				if ((tmp = strstr(pw_passwd, "{crypt}"))
+					!= NULL) {
+					if (tmp != pw_passwd)
+						pw_passwd = np;
+					else
+						pw_passwd += 7;
+				} else if ((tmp = strstr(pw_passwd, "{CRYPT}"))
+					!= NULL) {
+					if (tmp != pw_passwd)
+						pw_passwd = np;
+					else
+						pw_passwd += 7;
+				} else {
+					pw_passwd = np;
+				}
+			}
+			len = (unsigned long)strlen(pw_passwd);
+			if (len < 1) {
+				spd->sp_pwdp = nullstring;
+			} else {
+				spd->sp_pwdp = buffer;
+				buffer += len + 1;
+				if (buffer >= ceiling) {
+					nss_result = (int)NSS_STR_PARSE_ERANGE;
+					goto result_spd2ent;
+				}
+			}
+			(void) strcpy(spd->sp_pwdp, pw_passwd);
+		}
+
+		/*
+		 * Ignore the following password aging related attributes:
+		 * -- shadowlastchange
+		 * -- shadowmin
+		 * -- shadowmax
+		 * -- shadowwarning
+		 * -- shadowinactive
+		 * -- shadowexpire
+		 * This is because the LDAP naming service does not
+		 * really support the password aging fields defined
+		 * in the shadow structure. These fields, sp_lstchg,
+		 * sp_min, sp_max, sp_warn, sp_inact, and sp_expire,
+		 * have been set to -1.
+		 */
+
+		if (strcasecmp(attrptr->attrname, _S_FLAG) == 0) {
+			if (attrptr->attrvalue[0] == '\0') {
+				nss_result = (int)NSS_STR_PARSE_PARSE;
+				goto result_spd2ent;
+			}
+			errno = 0;
+			ltmp = strtol(attrptr->attrvalue[0], (char **)NULL, 10);
+			if (errno != 0) {
+				nss_result = (int)NSS_STR_PARSE_PARSE;
+				goto result_spd2ent;
+			}
+			spd->sp_flag = (int)ltmp;
+			continue;
+		}
+	}
+
+	/* we will not allow for an empty password to be */
+	/* returned to the front end as this is not a supported */
+	/* configuration.  Since we got to this point without */
+	/* the password being set, we assume that no password was */
+	/* set on the server which is consider a misconfiguration. */
+	/* We will proceed and set the password to *NP* as no password */
+	/* is not supported */
+
+	if (spd->sp_pwdp == NULL) {
+		spd->sp_pwdp = buffer;
+		buffer += strlen(np) + 1;
+		if (buffer >= ceiling) {
+			nss_result = (int)NSS_STR_PARSE_ERANGE;
+			goto result_spd2ent;
+		}
+		strcpy(spd->sp_pwdp, np);
+	}
+
+
+#ifdef DEBUG
+	(void) fprintf(stdout, "\n[getspent.c: _nss_ldap_shadow2ent]\n");
+	(void) fprintf(stdout, "       sp_namp: [%s]\n", spd->sp_namp);
+	(void) fprintf(stdout, "       sp_pwdp: [%s]\n", spd->sp_pwdp);
+	(void) fprintf(stdout, "     sp_latchg: [%d]\n", spd->sp_lstchg);
+	(void) fprintf(stdout, "        sp_min: [%d]\n", spd->sp_min);
+	(void) fprintf(stdout, "        sp_max: [%d]\n", spd->sp_max);
+	(void) fprintf(stdout, "       sp_warn: [%d]\n", spd->sp_warn);
+	(void) fprintf(stdout, "      sp_inact: [%d]\n", spd->sp_inact);
+	(void) fprintf(stdout, "     sp_expire: [%d]\n", spd->sp_expire);
+	(void) fprintf(stdout, "       sp_flag: [%d]\n", spd->sp_flag);
+#endif /* DEBUG */
+
+result_spd2ent:
+
+	(void) __ns_ldap_freeResult(&be->result);
+	return ((int)nss_result);
+}
+
+/*
+ * getbynam gets a passwd entry by uid name. This function constructs an ldap
+ * search filter using the name invocation parameter and the getspnam search
+ * filter defined. Once the filter is constructed we search for a matching
+ * entry and marshal the data results into struct shadow for the frontend
+ * process. The function _nss_ldap_shadow2ent performs the data marshaling.
+ */
+
+static nss_status_t
+getbynam(ldap_backend_ptr be, void *a)
+{
+	nss_XbyY_args_t	*argp = (nss_XbyY_args_t *)a;
+	char		searchfilter[SEARCHFILTERLEN];
+	char		userdata[SEARCHFILTERLEN];
+	char		name[SEARCHFILTERLEN + 1];
+	int		len;
+	int		ret;
+
+#ifdef DEBUG
+	(void) fprintf(stdout, "\n[getspent.c: getbynam]\n");
+#endif /* DEBUG */
+
+	if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
+		return ((nss_status_t)NSS_NOTFOUND);
+
+	ret = snprintf(searchfilter, sizeof (searchfilter), _F_GETSPNAM, name);
+	if (ret >= sizeof (searchfilter) || ret < 0)
+		return ((nss_status_t)NSS_NOTFOUND);
+
+	ret = snprintf(userdata, sizeof (userdata), _F_GETSPNAM_SSD, name);
+	if (ret >= sizeof (userdata) || ret < 0)
+		return ((nss_status_t)NSS_NOTFOUND);
+
+	return (_nss_ldap_lookup(be, argp, _SHADOW, searchfilter, NULL,
+		_merge_SSD_filter, userdata));
+}
+
+static ldap_backend_op_t sp_ops[] = {
+    _nss_ldap_destr,
+    _nss_ldap_endent,
+    _nss_ldap_setent,
+    _nss_ldap_getent,
+    getbynam
+};
+
+
+/*
+ * _nss_ldap_passwd_constr is where life begins. This function calls the
+ * generic ldap constructor function to define and build the abstract
+ * data types required to support ldap operations.
+ */
+
+/*ARGSUSED0*/
+nss_backend_t *
+_nss_ldap_shadow_constr(const char *dummy1, const char *dummy2,
+			const char *dummy3)
+{
+
+#ifdef DEBUG
+	(void) fprintf(stdout, "\n[getspent.c: _nss_ldap_shadow_constr]\n");
+#endif /* DEBUG */
+
+	return ((nss_backend_t *)_nss_ldap_constr(sp_ops,
+		sizeof (sp_ops)/sizeof (sp_ops[0]),
+		_SHADOW, sp_attrs, _nss_ldap_shadow2ent));
+}