diff options
Diffstat (limited to 'usr/src')
-rw-r--r-- | usr/src/cmd/idmap/idmapd/adutils.c | 2 | ||||
-rw-r--r-- | usr/src/cmd/idmap/idmapd/dbutils.c | 142 | ||||
-rw-r--r-- | usr/src/cmd/idmap/idmapd/idmap_config.c | 109 | ||||
-rw-r--r-- | usr/src/cmd/idmap/idmapd/idmap_config.h | 1 | ||||
-rw-r--r-- | usr/src/cmd/idmap/idmapd/idmapd.c | 3 | ||||
-rw-r--r-- | usr/src/cmd/idmap/idmapd/init.c | 6 | ||||
-rw-r--r-- | usr/src/cmd/idmap/idmapd/server.c | 24 | ||||
-rw-r--r-- | usr/src/lib/libidmap/common/idmap_api.c | 112 | ||||
-rw-r--r-- | usr/src/lib/libidmap/common/idmap_impl.h | 16 | ||||
-rw-r--r-- | usr/src/lib/libidmap/common/idmap_priv.h | 6 | ||||
-rw-r--r-- | usr/src/lib/libidmap/common/utils.c | 32 |
11 files changed, 231 insertions, 222 deletions
diff --git a/usr/src/cmd/idmap/idmapd/adutils.c b/usr/src/cmd/idmap/idmapd/adutils.c index 544eba857a..5f550a4f7c 100644 --- a/usr/src/cmd/idmap/idmapd/adutils.c +++ b/usr/src/cmd/idmap/idmapd/adutils.c @@ -159,7 +159,7 @@ static pthread_mutex_t qstatelock = PTHREAD_MUTEX_INITIALIZER; * List of DSs, needed by the idle connection reaper thread */ static ad_host_t *host_head = NULL; -static pthread_t reaperid = (pthread_t)-1; +static pthread_t reaperid = 0; static pthread_mutex_t adhostlock = PTHREAD_MUTEX_INITIALIZER; /*ARGSUSED*/ diff --git a/usr/src/cmd/idmap/idmapd/dbutils.c b/usr/src/cmd/idmap/idmapd/dbutils.c index 05786f4e35..446462109c 100644 --- a/usr/src/cmd/idmap/idmapd/dbutils.c +++ b/usr/src/cmd/idmap/idmapd/dbutils.c @@ -481,7 +481,8 @@ get_namerule_order(char *winname, char *windomain, char *unixname, * Note that "" has priority over specific names because "" inhibits * mappings and traditionally deny rules always had higher priority. */ - if (direction == 0 || direction == 1) { + if (direction != IDMAP_DIRECTION_U2W) { + /* bi-directional or from windows to unix */ if (winname == NULL) return (IDMAP_ERR_W2U_NAMERULE); else if (unixname == NULL) @@ -528,11 +529,14 @@ get_namerule_order(char *winname, char *windomain, char *unixname, * 4. * to "" * 5. * to winname@domain (or winname) */ - if (direction == 0 || direction == 2) { + if (direction != IDMAP_DIRECTION_W2U) { + /* bi-directional or from unix to windows */ if (unixname == NULL || EMPTY_NAME(unixname)) return (IDMAP_ERR_U2W_NAMERULE); else if (winname == NULL) return (IDMAP_ERR_U2W_NAMERULE); + else if (windomain && *windomain == '*') + return (IDMAP_ERR_U2W_NAMERULE); else if (*unixname == '*') { if (*winname == '*') *u2w_order = 3; @@ -669,13 +673,13 @@ rm_namerule(sqlite *db, idmap_namerule *rule) { if (rule->direction < 0) { buf[0] = 0; - } else if (rule->direction == 0) { + } else if (rule->direction == IDMAP_DIRECTION_BI) { (void) snprintf(buf, sizeof (buf), "AND w2u_order > 0" " AND u2w_order > 0"); - } else if (rule->direction == 1) { + } else if (rule->direction == IDMAP_DIRECTION_W2U) { (void) snprintf(buf, sizeof (buf), "AND w2u_order > 0" " AND (u2w_order = 0 OR u2w_order ISNULL)"); - } else if (rule->direction == 2) { + } else if (rule->direction == IDMAP_DIRECTION_U2W) { (void) snprintf(buf, sizeof (buf), "AND u2w_order > 0" " AND (w2u_order = 0 OR w2u_order ISNULL)"); } @@ -810,10 +814,9 @@ lookup_wksids_sid2pid(idmap_mapping *req, idmap_id_res *res) { int i; for (i = 0; wksidstable[i].sidprefix; i++) { if ((strcasecmp(wksidstable[i].sidprefix, - req->id1.idmap_id_u.sid.prefix) == 0) && - req->id1.idmap_id_u.sid.rid == - wksidstable[i].rid && - wksidstable[i].direction != 2) { + req->id1.idmap_id_u.sid.prefix) == 0) && + req->id1.idmap_id_u.sid.rid == wksidstable[i].rid && + wksidstable[i].direction != IDMAP_DIRECTION_U2W) { switch (req->id2.idtype) { case IDMAP_UID: if (wksidstable[i].is_user == 0) @@ -846,9 +849,9 @@ lookup_wksids_pid2sid(idmap_mapping *req, idmap_id_res *res, int is_user) { int i; for (i = 0; wksidstable[i].sidprefix; i++) { if (req->id1.idmap_id_u.uid == wksidstable[i].pid && - wksidstable[i].direction != 1 && - (wksidstable[i].is_user < 0 || - is_user == wksidstable[i].is_user)) { + wksidstable[i].direction != IDMAP_DIRECTION_W2U && + (wksidstable[i].is_user < 0 || + is_user == wksidstable[i].is_user)) { switch (req->id2.idtype) { case IDMAP_SID: res->id.idmap_id_u.sid.rid = @@ -939,7 +942,7 @@ lookup_cache_sid2pid(sqlite *cache, idmap_mapping *req, idmap_id_res *res) { res->id.idmap_id_u.uid = pid; res->id.idtype = is_user? IDMAP_UID:IDMAP_GID; - res->direction = 0; + res->direction = IDMAP_DIRECTION_BI; req->direction |= is_user? _IDMAP_F_EXP_EPH_UID: _IDMAP_F_EXP_EPH_GID; @@ -976,9 +979,10 @@ out: if (retcode == IDMAP_SUCCESS) { if (values[4]) res->direction = - (strtol(values[4], &end, 10) == 0)?1:0; + (strtol(values[4], &end, 10) == 0)? + IDMAP_DIRECTION_W2U:IDMAP_DIRECTION_BI; else - res->direction = 1; + res->direction = IDMAP_DIRECTION_W2U; if (values[3]) { str = &req->id2name; @@ -1306,7 +1310,7 @@ generate_localsid(idmap_mapping *req, idmap_id_res *res, int is_user) { res->id.idmap_id_u.sid.rid = (is_user)?req->id1.idmap_id_u.uid + LOCALRID_MIN: req->id1.idmap_id_u.gid + INT32_MAX + 1; - res->direction = 0; + res->direction = IDMAP_DIRECTION_BI; /* * Don't update name_cache because local sids don't have @@ -1558,9 +1562,10 @@ out: if (retcode == IDMAP_SUCCESS) { if (values[1]) res->direction = - (strtol(values[1], &end, 10) == 0)?1:0; + (strtol(values[1], &end, 10) == 0)? + IDMAP_DIRECTION_W2U:IDMAP_DIRECTION_BI; else - res->direction = 1; + res->direction = IDMAP_DIRECTION_W2U; str = &req->id2name; retcode = idmap_str2utf8(&str, unixname, 0); } @@ -1623,19 +1628,19 @@ dynamic_ephemeral_mapping(sqlite *cache, idmap_mapping *req, uid_t next_pid; if (IS_EPHEMERAL(res->id.idmap_id_u.uid)) { - res->direction = 0; + res->direction = IDMAP_DIRECTION_BI; } else if (res->id.idtype == IDMAP_UID) { if (get_next_eph_uid(&next_pid) != 0) return (IDMAP_ERR_INTERNAL); res->id.idmap_id_u.uid = next_pid; res->id.idtype = IDMAP_UID; - res->direction = 0; + res->direction = IDMAP_DIRECTION_BI; } else { if (get_next_eph_gid(&next_pid) != 0) return (IDMAP_ERR_INTERNAL); res->id.idmap_id_u.gid = next_pid; res->id.idtype = IDMAP_GID; - res->direction = 0; + res->direction = IDMAP_DIRECTION_BI; } return (IDMAP_SUCCESS); @@ -1950,9 +1955,10 @@ lookup_cache_pid2sid(sqlite *cache, idmap_mapping *req, idmap_id_res *res, if (values[4]) res->direction = - (strtol(values[4], &end, 10) == 0)?2:0; + (strtol(values[4], &end, 10) == 0)? + IDMAP_DIRECTION_U2W:IDMAP_DIRECTION_BI; else - res->direction = 2; + res->direction = IDMAP_DIRECTION_U2W; if (getname == 0 || values[2] == NULL) break; @@ -2259,9 +2265,10 @@ out: if (retcode == IDMAP_SUCCESS) { if (values[2]) res->direction = - (strtol(values[2], &end, 10) == 0)?2:0; + (strtol(values[2], &end, 10) == 0)? + IDMAP_DIRECTION_U2W:IDMAP_DIRECTION_BI; else - res->direction = 2; + res->direction = IDMAP_DIRECTION_U2W; str = &req->id2name; retcode = idmap_str2utf8(&str, winname, 0); if (retcode == IDMAP_SUCCESS) { @@ -2419,69 +2426,70 @@ out: return (retcode); } -static void -copy_id_mapping(idmap_mapping *mapping, idmap_mapping *request) +static int +copy_mapping_request(idmap_mapping *mapping, idmap_mapping *request) { + (void) memset(mapping, 0, sizeof (*mapping)); + mapping->flag = request->flag; mapping->direction = request->direction; + mapping->id2.idtype = request->id2.idtype; mapping->id1.idtype = request->id1.idtype; if (request->id1.idtype == IDMAP_SID) { mapping->id1.idmap_id_u.sid.rid = request->id1.idmap_id_u.sid.rid; - if (request->id1.idmap_id_u.sid.prefix) + if (!EMPTY_STRING(request->id1.idmap_id_u.sid.prefix)) { mapping->id1.idmap_id_u.sid.prefix = strdup(request->id1.idmap_id_u.sid.prefix); - else - mapping->id1.idmap_id_u.sid.prefix = NULL; + if (mapping->id1.idmap_id_u.sid.prefix == NULL) + return (-1); + } } else { mapping->id1.idmap_id_u.uid = request->id1.idmap_id_u.uid; } mapping->id1domain.idmap_utf8str_len = request->id1domain.idmap_utf8str_len; - if (mapping->id1domain.idmap_utf8str_len) + if (mapping->id1domain.idmap_utf8str_len) { mapping->id1domain.idmap_utf8str_val = strdup(request->id1domain.idmap_utf8str_val); - else - mapping->id1domain.idmap_utf8str_val = NULL; + if (mapping->id1domain.idmap_utf8str_val == NULL) + return (-1); + } mapping->id1name.idmap_utf8str_len = request->id1name.idmap_utf8str_len; - if (mapping->id1name.idmap_utf8str_len) + if (mapping->id1name.idmap_utf8str_len) { mapping->id1name.idmap_utf8str_val = strdup(request->id1name.idmap_utf8str_val); - else - mapping->id1name.idmap_utf8str_val = NULL; + if (mapping->id1name.idmap_utf8str_val == NULL) + return (-1); + } - mapping->id2.idtype = request->id2.idtype; - if (request->id2.idtype == IDMAP_SID) { - mapping->id2.idmap_id_u.sid.rid = - request->id2.idmap_id_u.sid.rid; - if (request->id2.idmap_id_u.sid.prefix) - mapping->id2.idmap_id_u.sid.prefix = - strdup(request->id2.idmap_id_u.sid.prefix); - else - mapping->id2.idmap_id_u.sid.prefix = NULL; - } else { - mapping->id2.idmap_id_u.uid = request->id2.idmap_id_u.uid; + /* We don't need the rest of the request i.e request->id2 */ + return (0); + +errout: + if (mapping->id1.idmap_id_u.sid.prefix) { + free(mapping->id1.idmap_id_u.sid.prefix); + mapping->id1.idmap_id_u.sid.prefix = NULL; } - mapping->id2domain.idmap_utf8str_len = - request->id2domain.idmap_utf8str_len; - if (mapping->id2domain.idmap_utf8str_len) - mapping->id2domain.idmap_utf8str_val = - strdup(request->id2domain.idmap_utf8str_val); - else - mapping->id2domain.idmap_utf8str_val = NULL; + if (mapping->id1domain.idmap_utf8str_val) { + free(mapping->id1domain.idmap_utf8str_val); + mapping->id1domain.idmap_utf8str_val = NULL; + mapping->id1domain.idmap_utf8str_len = 0; + } - mapping->id2name.idmap_utf8str_len = - request->id2name.idmap_utf8str_len; - if (mapping->id2name.idmap_utf8str_len) - mapping->id2name.idmap_utf8str_val = - strdup(request->id2name.idmap_utf8str_val); - else - mapping->id2name.idmap_utf8str_val = NULL; + if (mapping->id1name.idmap_utf8str_val) { + free(mapping->id1name.idmap_utf8str_val); + mapping->id1name.idmap_utf8str_val = NULL; + mapping->id1name.idmap_utf8str_len = 0; + } + + (void) memset(mapping, 0, sizeof (*mapping)); + return (-1); } @@ -2510,7 +2518,10 @@ get_w2u_mapping(sqlite *cache, sqlite *db, idmap_mapping *request, } /* Copy data from request to result */ - copy_id_mapping(mapping, request); + if (copy_mapping_request(mapping, request) < 0) { + retcode = IDMAP_ERR_MEMORY; + goto out; + } winname = mapping->id1name.idmap_utf8str_val; windomain = mapping->id1domain.idmap_utf8str_val; @@ -2537,7 +2548,7 @@ get_w2u_mapping(sqlite *cache, sqlite *db, idmap_mapping *request, windomain = mapping->id1domain.idmap_utf8str_val; } - if (winname && EMPTY_STRING(mapping->id1.idmap_id_u.sid.prefix)) { + if (winname && mapping->id1.idmap_id_u.sid.prefix == NULL) { retcode = lookup_name2sid(cache, winname, windomain, &is_user, &mapping->id1.idmap_id_u.sid.prefix, &mapping->id1.idmap_id_u.sid.rid, mapping); @@ -2605,7 +2616,10 @@ get_u2w_mapping(sqlite *cache, sqlite *db, idmap_mapping *request, (void) memset(&state, 0, sizeof (state)); /* Copy data from request to result */ - copy_id_mapping(mapping, request); + if (copy_mapping_request(mapping, request) < 0) { + retcode = IDMAP_ERR_MEMORY; + goto out; + } unixname = mapping->id1name.idmap_utf8str_val; diff --git a/usr/src/cmd/idmap/idmapd/idmap_config.c b/usr/src/cmd/idmap/idmapd/idmap_config.c index f6a951971f..74f5a0d9ba 100644 --- a/usr/src/cmd/idmap/idmapd/idmap_config.c +++ b/usr/src/cmd/idmap/idmapd/idmap_config.c @@ -38,7 +38,7 @@ #include <libintl.h> #include <ctype.h> #include <errno.h> -#include "idmap_config.h" +#include "idmapd.h" #include <stdio.h> #include <stdarg.h> @@ -47,65 +47,10 @@ #define CONFIG_PG "config" #define GENERAL_PG "general" -#define IDMAP_CFG_DEBUG 0 - /* initial length of the array for policy options/attributes: */ #define DEF_ARRAY_LENGTH 16 -static char errmess_buf [1000] = - "Internal error: idmap configuration has not been initialized"; - -static void -errmess(char *format, va_list ap) -{ -/*LINTED: E_SEC_PRINTF_VAR_FMT*/ - (void) vsnprintf(errmess_buf, sizeof (errmess_buf), format, ap); - (void) strlcat(errmess_buf, "\n", sizeof (errmess_buf)); - -#if IDMAP_CFG_DEBUG - (void) fprintf(stderr, errmess_buf); - fflush(stderr); -#endif -} - - -static void -idmap_error(char *format, ...) -{ - va_list ap; - va_start(ap, format); - errmess(format, ap); - va_end(ap); -} - -static void -idmap_scf_error(char *format, ...) -{ - const char *scf_message; - char *new_format; - char *sep = ": "; - va_list ap; - - va_start(ap, format); - - scf_message = scf_strerror(scf_error()); - new_format = (char *) malloc(sizeof (char) * - (strlen(format) + strlen(scf_message) + strlen(sep) + 1)); - - (void) strcpy(new_format, format); - (void) strcat(new_format, sep); - (void) strcat(new_format, scf_message); - - errmess(new_format, ap); - - va_end(ap); - free(new_format); -} - -char * -idmap_cfg_error() { - return (errmess_buf); -} +static const char *me = "idmapd"; /* Check if in the case of failure the original value of *val is preserved */ static int @@ -137,8 +82,8 @@ get_val_int(idmap_cfg_t *cfg, char *name, void *val, scf_type_t type) rc = scf_value_get_integer(value, val); break; default: - idmap_scf_error(gettext("Internal error: invalid int type %d"), - type); + idmapdlog(LOG_ERR, "%s: Invalid scf integer type (%d)", + me, type); rc = -1; break; } @@ -170,8 +115,7 @@ scf_value2string(scf_value_t *value) { buf_size *= 2; buf = (char *)realloc(buf, buf_size * sizeof (char)); if (!buf) { - idmap_scf_error( - gettext("Not enough memory")); + idmapdlog(LOG_ERR, "%s: Out of memory", me); rc = -1; goto destruction; } @@ -206,15 +150,18 @@ get_val_astring(idmap_cfg_t *cfg, char *name, char **val) goto destruction; if (0 > scf_property_get_value(scf_prop, value)) { - idmap_scf_error(gettext("Cannot get the astring %s"), name); + idmapdlog(LOG_ERR, + "%s: scf_property_get_value(%s) failed: %s", + me, name, scf_strerror(scf_error())); rc = -1; goto destruction; } if (!(*val = scf_value2string(value))) { rc = -1; - idmap_scf_error(gettext("Cannot retrieve the astring %s"), - name); + idmapdlog(LOG_ERR, + "%s: scf_value2string(%s) failed: %s", + me, name, scf_strerror(scf_error())); } destruction: @@ -242,12 +189,14 @@ idmap_cfg_load(idmap_cfg_t *cfg) cfg->pgcfg.global_catalog = NULL; if (0 > scf_pg_update(cfg->handles.config_pg)) { - idmap_scf_error(gettext("Error updating config pg")); + idmapdlog(LOG_ERR, "%s: scf_pg_update() failed: %s", + me, scf_strerror(scf_error())); return (-1); } if (0 > scf_pg_update(cfg->handles.general_pg)) { - idmap_scf_error(gettext("Error updating general pg")); + idmapdlog(LOG_ERR, "%s: scf_pg_update() failed: %s", + me, scf_strerror(scf_error())); return (-1); } @@ -262,7 +211,6 @@ idmap_cfg_load(idmap_cfg_t *cfg) return (-1); /* - * TBD: * If there is no mapping_domain in idmap's smf config then * set it to the joined domain. * Till domain join is implemented, temporarily set it to @@ -278,8 +226,8 @@ idmap_cfg_load(idmap_cfg_t *cfg) cfg->pgcfg.mapping_domain, dname_size); } if (dname_size <= 0) { - idmap_scf_error( - gettext("Error obtaining the default domain")); + idmapdlog(LOG_ERR, + "%s: unable to get name service domain", me); if (cfg->pgcfg.mapping_domain) free(cfg->pgcfg.mapping_domain); cfg->pgcfg.mapping_domain = NULL; @@ -302,26 +250,28 @@ idmap_cfg_load(idmap_cfg_t *cfg) return (rc); } +/* + * Initialize 'cfg'. + */ idmap_cfg_t * idmap_cfg_init() { - /* - * The following initializes 'cfg'. - */ /* First the smf repository handles: */ idmap_cfg_t *cfg = calloc(1, sizeof (idmap_cfg_t)); if (!cfg) { - idmap_error(gettext("Not enough memory")); + idmapdlog(LOG_ERR, "%s: Out of memory", me); return (NULL); } if (!(cfg->handles.main = scf_handle_create(SCF_VERSION))) { - idmap_scf_error(gettext("SCF handle not created")); + idmapdlog(LOG_ERR, "%s: scf_handle_create() failed: %s", + me, scf_strerror(scf_error())); goto error; } if (0 > scf_handle_bind(cfg->handles.main)) { - idmap_scf_error(gettext("SCF connection failed")); + idmapdlog(LOG_ERR, "%s: scf_handle_bind() failed: %s", + me, scf_strerror(scf_error())); goto error; } @@ -329,7 +279,8 @@ idmap_cfg_init() { !(cfg->handles.instance = scf_instance_create(cfg->handles.main)) || !(cfg->handles.config_pg = scf_pg_create(cfg->handles.main)) || !(cfg->handles.general_pg = scf_pg_create(cfg->handles.main))) { - idmap_scf_error(gettext("SCF handle creation failed")); + idmapdlog(LOG_ERR, "%s: scf handle creation failed: %s", + me, scf_strerror(scf_error())); goto error; } @@ -341,14 +292,16 @@ idmap_cfg_init() { cfg->handles.config_pg, /* pg */ NULL, /* prop */ SCF_DECODE_FMRI_EXACT)) { - idmap_scf_error(gettext("SCF fmri decoding failed")); + idmapdlog(LOG_ERR, "%s: scf_handle_decode_fmri() failed: %s", + me, scf_strerror(scf_error())); goto error; } if (0 > scf_service_get_pg(cfg->handles.service, GENERAL_PG, cfg->handles.general_pg)) { - idmap_scf_error(gettext("SCF general pg not obtained")); + idmapdlog(LOG_ERR, "%s: scf_service_get_pg() failed: %s", + me, scf_strerror(scf_error())); goto error; } diff --git a/usr/src/cmd/idmap/idmapd/idmap_config.h b/usr/src/cmd/idmap/idmapd/idmap_config.h index 77bf513001..c454175e84 100644 --- a/usr/src/cmd/idmap/idmapd/idmap_config.h +++ b/usr/src/cmd/idmap/idmapd/idmap_config.h @@ -63,7 +63,6 @@ typedef struct idmap_cfg { extern idmap_cfg_t *idmap_cfg_init(); extern int idmap_cfg_fini(idmap_cfg_t *); extern int idmap_cfg_load(idmap_cfg_t *); -extern char *idmap_cfg_error(); #ifdef __cplusplus } diff --git a/usr/src/cmd/idmap/idmapd/idmapd.c b/usr/src/cmd/idmap/idmapd/idmapd.c index 3f17c060e8..e71afc4dbd 100644 --- a/usr/src/cmd/idmap/idmapd/idmapd.c +++ b/usr/src/cmd/idmap/idmapd/idmapd.c @@ -249,8 +249,7 @@ main(int argc, char **argv) DAEMON_UID, DAEMON_GID, PRIV_PROC_AUDIT, PRIV_FILE_DAC_READ, (char *)NULL) == -1) { - (void) idmapdlog(LOG_ERR, - gettext("idmapd: unable to drop privileges")); + (void) idmapdlog(LOG_ERR, "idmapd: unable to drop privileges"); exit(1); } diff --git a/usr/src/cmd/idmap/idmapd/init.c b/usr/src/cmd/idmap/idmapd/init.c index f07256058c..bd78c65dc6 100644 --- a/usr/src/cmd/idmap/idmapd/init.c +++ b/usr/src/cmd/idmap/idmapd/init.c @@ -62,15 +62,13 @@ fini_mapping_system() { int load_config() { if ((_idmapdstate.cfg = idmap_cfg_init()) == NULL) { - idmapdlog(LOG_ERR, "%s: config init failed - %s", - me, CHECK_NULL(idmap_cfg_error())); + idmapdlog(LOG_ERR, "%s: failed to initialize config", me); return (-1); } if (_idmapdstate.ad != NULL) idmap_ad_free(&_idmapdstate.ad); if (idmap_cfg_load(_idmapdstate.cfg) < 0) { - idmapdlog(LOG_ERR, "%s: config load failed - %s", - me, CHECK_NULL(idmap_cfg_error())); + idmapdlog(LOG_ERR, "%s: failed to load config", me); return (-1); } if (_idmapdstate.cfg->pgcfg.mapping_domain == NULL || diff --git a/usr/src/cmd/idmap/idmapd/server.c b/usr/src/cmd/idmap/idmapd/server.c index a79c6e2f5a..ab084756b3 100644 --- a/usr/src/cmd/idmap/idmapd/server.c +++ b/usr/src/cmd/idmap/idmapd/server.c @@ -280,11 +280,14 @@ list_mappings_cb(void *parg, int argc, char **argv, char **colnames) { u2w = argv[5]?strtol(argv[5], &end, 10):0; if (w2u > 0 && u2w == 0) - result->mappings.mappings_val[cb_data->next].direction = 1; + result->mappings.mappings_val[cb_data->next].direction = + IDMAP_DIRECTION_W2U; else if (w2u == 0 && u2w > 0) - result->mappings.mappings_val[cb_data->next].direction = 2; + result->mappings.mappings_val[cb_data->next].direction = + IDMAP_DIRECTION_U2W; else - result->mappings.mappings_val[cb_data->next].direction = 0; + result->mappings.mappings_val[cb_data->next].direction = + IDMAP_DIRECTION_BI; ptr = &result->mappings.mappings_val[cb_data->next].id1domain; if (idmap_str2utf8(&ptr, argv[6], 0) != IDMAP_SUCCESS) @@ -409,11 +412,14 @@ list_namerules_cb(void *parg, int argc, char **argv, char **colnames) { u2w_order = argv[7]?strtol(argv[7], &end, 10):0; if (w2u_order > 0 && u2w_order == 0) - result->rules.rules_val[cb_data->next].direction = 1; + result->rules.rules_val[cb_data->next].direction = + IDMAP_DIRECTION_W2U; else if (w2u_order == 0 && u2w_order > 0) - result->rules.rules_val[cb_data->next].direction = 2; + result->rules.rules_val[cb_data->next].direction = + IDMAP_DIRECTION_U2W; else - result->rules.rules_val[cb_data->next].direction = 0; + result->rules.rules_val[cb_data->next].direction = + IDMAP_DIRECTION_BI; result->lastrowid = strtoll(argv[0], &end, 10); cb_data->next++; @@ -453,14 +459,14 @@ idmap_list_namerules_1_svc(idmap_namerule rule, uint64_t lastrowid, if (rule.direction < 0) { w2ubuf[0] = u2wbuf[0] = 0; - } else if (rule.direction == 0) { + } else if (rule.direction == IDMAP_DIRECTION_BI) { (void) snprintf(w2ubuf, sizeof (w2ubuf), "AND w2u_order > 0"); (void) snprintf(u2wbuf, sizeof (u2wbuf), "AND u2w_order > 0"); - } else if (rule.direction == 1) { + } else if (rule.direction == IDMAP_DIRECTION_W2U) { (void) snprintf(w2ubuf, sizeof (w2ubuf), "AND w2u_order > 0"); (void) snprintf(u2wbuf, sizeof (u2wbuf), "AND (u2w_order = 0 OR u2w_order ISNULL)"); - } else if (rule.direction == 2) { + } else if (rule.direction == IDMAP_DIRECTION_U2W) { (void) snprintf(w2ubuf, sizeof (w2ubuf), "AND (w2u_order = 0 OR w2u_order ISNULL)"); (void) snprintf(u2wbuf, sizeof (u2wbuf), "AND u2w_order > 0"); diff --git a/usr/src/lib/libidmap/common/idmap_api.c b/usr/src/lib/libidmap/common/idmap_api.c index ff0d6fe64f..3b2e538dd1 100644 --- a/usr/src/lib/libidmap/common/idmap_api.c +++ b/usr/src/lib/libidmap/common/idmap_api.c @@ -213,9 +213,12 @@ idmap_udt_commit(idmap_udt_handle_t *udthandle) { (xdrproc_t)xdr_idmap_update_batch, (caddr_t)&udthandle->batch, (xdrproc_t)xdr_idmap_retcode, (caddr_t)&retcode, TIMEOUT); - if (clntstat != RPC_SUCCESS) { - return (IDMAP_ERR_RPC); - } + + /* reset handle so that it can be used again */ + _IDMAP_RESET_UDT_HANDLE(udthandle); + + if (clntstat != RPC_SUCCESS) + return (_idmap_rpc2stat(clnt)); if (retcode != IDMAP_SUCCESS) errno = idmap_stat2errno(retcode); return (retcode); @@ -239,10 +242,10 @@ idmap_udt_add_namerule(idmap_udt_handle_t *udthandle, const char *windomain, boolean_t is_user, const char *winname, const char *unixname, boolean_t is_nt4, int direction) { idmap_retcode retcode; - idmap_namerule *rule; + idmap_namerule *rule = NULL; idmap_utf8str *str; - retcode = _udt_extend_batch(udthandle, OP_ADD_NAMERULE); + retcode = _udt_extend_batch(udthandle); if (retcode != IDMAP_SUCCESS) goto errout; @@ -270,11 +273,16 @@ idmap_udt_add_namerule(idmap_udt_handle_t *udthandle, const char *windomain, if (retcode != IDMAP_SUCCESS) goto errout; } + + udthandle->batch.idmap_update_batch_val[udthandle->next].opnum = + OP_ADD_NAMERULE; udthandle->next++; return (IDMAP_SUCCESS); errout: - (void) xdr_free(xdr_idmap_update_batch, (caddr_t)&udthandle->batch); + /* The batch should still be usable */ + if (rule) + (void) xdr_free(xdr_idmap_namerule, (caddr_t)rule); errno = idmap_stat2errno(retcode); return (retcode); } @@ -286,10 +294,10 @@ idmap_udt_rm_namerule(idmap_udt_handle_t *udthandle, boolean_t is_user, const char *windomain, const char *winname, const char *unixname, int direction) { idmap_retcode retcode; - idmap_namerule *rule; + idmap_namerule *rule = NULL; idmap_utf8str *str; - retcode = _udt_extend_batch(udthandle, OP_RM_NAMERULE); + retcode = _udt_extend_batch(udthandle); if (retcode != IDMAP_SUCCESS) goto errout; @@ -316,11 +324,14 @@ idmap_udt_rm_namerule(idmap_udt_handle_t *udthandle, boolean_t is_user, if (retcode != IDMAP_SUCCESS) goto errout; } + udthandle->batch.idmap_update_batch_val[udthandle->next].opnum = + OP_RM_NAMERULE; udthandle->next++; return (IDMAP_SUCCESS); errout: - (void) xdr_free(xdr_idmap_update_batch, (caddr_t)&udthandle->batch); + if (rule) + (void) xdr_free(xdr_idmap_namerule, (caddr_t)rule); errno = idmap_stat2errno(retcode); return (retcode); } @@ -331,18 +342,19 @@ idmap_stat idmap_udt_flush_namerules(idmap_udt_handle_t *udthandle, boolean_t is_user) { idmap_retcode retcode; - retcode = _udt_extend_batch(udthandle, OP_FLUSH_NAMERULES); + retcode = _udt_extend_batch(udthandle); if (retcode != IDMAP_SUCCESS) goto errout; udthandle->batch.idmap_update_batch_val[udthandle->next]. idmap_update_op_u.is_user = is_user; + udthandle->batch.idmap_update_batch_val[udthandle->next].opnum = + OP_FLUSH_NAMERULES; udthandle->next++; return (IDMAP_SUCCESS); errout: - (void) xdr_free(xdr_idmap_update_batch, (caddr_t)&udthandle->batch); errno = idmap_stat2errno(retcode); return (retcode); } @@ -393,7 +405,7 @@ idmap_iter_namerules(idmap_handle_t *handle, const char *windomain, rule = &arg->rule; rule->is_user = is_user; - rule->direction = -1; + rule->direction = IDMAP_DIRECTION_UNDEF; if (windomain) { str = &rule->windomain; retcode = idmap_str2utf8(&str, windomain, 0); @@ -463,7 +475,7 @@ idmap_iter_next_namerule(idmap_iter_t *iter, char **windomain, if (is_nt4) *is_nt4 = 0; if (direction) - *direction = -1; + *direction = IDMAP_DIRECTION_UNDEF; __ITER_CHECK(iter, IDMAP_LIST_NAMERULES); @@ -603,7 +615,7 @@ idmap_iter_next_mapping(idmap_iter_t *iter, char **sidprefix, if (pid) *pid = UINT32_MAX; if (direction) - *direction = -1; + *direction = IDMAP_DIRECTION_UNDEF; __ITER_CHECK(iter, IDMAP_LIST_MAPPINGS); @@ -784,7 +796,7 @@ idmap_get_uidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, int flag, uid_t *uid, idmap_stat *stat) { idmap_retcode retcode; - idmap_mapping *mapping; + idmap_mapping *mapping = NULL; /* sanity checks */ if (gh == NULL) @@ -816,10 +828,9 @@ idmap_get_uidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, return (IDMAP_SUCCESS); errout: - (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch); - free(gh->retlist); - gh->retlist = NULL; - gh->next = 0; + /* Batch created so far should still be usable */ + if (mapping) + (void) memset(mapping, 0, sizeof (*mapping)); errno = idmap_stat2errno(retcode); return (retcode); } @@ -844,7 +855,7 @@ idmap_get_gidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, int flag, gid_t *gid, idmap_stat *stat) { idmap_retcode retcode; - idmap_mapping *mapping; + idmap_mapping *mapping = NULL; /* sanity checks */ if (gh == NULL) @@ -876,10 +887,8 @@ idmap_get_gidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, return (IDMAP_SUCCESS); errout: - (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch); - free(gh->retlist); - gh->retlist = NULL; - gh->next = 0; + if (mapping) + (void) memset(mapping, 0, sizeof (*mapping)); errno = idmap_stat2errno(retcode); return (retcode); } @@ -905,7 +914,7 @@ idmap_stat idmap_get_pidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, int flag, uid_t *pid, int *is_user, idmap_stat *stat) { idmap_retcode retcode; - idmap_mapping *mapping; + idmap_mapping *mapping = NULL; /* sanity checks */ if (gh == NULL) @@ -939,10 +948,8 @@ idmap_get_pidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid, return (IDMAP_SUCCESS); errout: - (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch); - free(gh->retlist); - gh->retlist = NULL; - gh->next = 0; + if (mapping) + (void) memset(mapping, 0, sizeof (*mapping)); errno = idmap_stat2errno(retcode); return (retcode); } @@ -967,7 +974,7 @@ idmap_get_sidbyuid(idmap_get_handle_t *gh, uid_t uid, int flag, char **sidprefix, idmap_rid_t *rid, idmap_stat *stat) { idmap_retcode retcode; - idmap_mapping *mapping; + idmap_mapping *mapping = NULL; /* sanity checks */ if (gh == NULL) @@ -996,10 +1003,8 @@ idmap_get_sidbyuid(idmap_get_handle_t *gh, uid_t uid, int flag, return (IDMAP_SUCCESS); errout: - (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch); - free(gh->retlist); - gh->retlist = NULL; - gh->next = 0; + if (mapping) + (void) memset(mapping, 0, sizeof (*mapping)); errno = idmap_stat2errno(retcode); return (retcode); } @@ -1024,7 +1029,7 @@ idmap_get_sidbygid(idmap_get_handle_t *gh, gid_t gid, int flag, char **sidprefix, idmap_rid_t *rid, idmap_stat *stat) { idmap_retcode retcode; - idmap_mapping *mapping; + idmap_mapping *mapping = NULL; /* sanity checks */ if (gh == NULL) @@ -1053,10 +1058,8 @@ idmap_get_sidbygid(idmap_get_handle_t *gh, gid_t gid, int flag, return (IDMAP_SUCCESS); errout: - (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch); - free(gh->retlist); - gh->retlist = NULL; - gh->next = 0; + if (mapping) + (void) memset(mapping, 0, sizeof (*mapping)); errno = idmap_stat2errno(retcode); return (retcode); } @@ -1090,7 +1093,7 @@ idmap_get_mappings(idmap_get_handle_t *gh) { (caddr_t)&res, TIMEOUT); if (clntstat != RPC_SUCCESS) { - retcode = IDMAP_ERR_RPC; + retcode = _idmap_rpc2stat(clnt); goto out; } if (res.retcode != IDMAP_SUCCESS) { @@ -1142,10 +1145,7 @@ idmap_get_mappings(idmap_get_handle_t *gh) { retcode = IDMAP_SUCCESS; out: - (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch); - free(gh->retlist); - gh->retlist = NULL; - gh->next = 0; + _IDMAP_RESET_GET_HANDLE(gh); (void) xdr_free(xdr_idmap_ids_res, (caddr_t)&res); errno = idmap_stat2errno(retcode); return (retcode); @@ -1197,7 +1197,7 @@ idmap_get_w2u_mapping(idmap_handle_t *handle, if (unixname) *unixname = NULL; if (direction) - *direction = -1; + *direction = IDMAP_DIRECTION_UNDEF; request.flag = flag; request.id1.idtype = IDMAP_SID; @@ -1235,9 +1235,8 @@ idmap_get_w2u_mapping(idmap_handle_t *handle, (xdrproc_t)xdr_idmap_mappings_res, (caddr_t)&result, TIMEOUT); - if (clntstat != RPC_SUCCESS) { - return (IDMAP_ERR_RPC); - } + if (clntstat != RPC_SUCCESS) + return (_idmap_rpc2stat(clnt)); retcode = result.retcode; @@ -1300,7 +1299,7 @@ idmap_get_u2w_mapping(idmap_handle_t *handle, if (rid) *rid = UINT32_MAX; if (direction) - *direction = -1; + *direction = IDMAP_DIRECTION_UNDEF; (void) memset(&request, 0, sizeof (request)); (void) memset(&result, 0, sizeof (result)); @@ -1328,9 +1327,8 @@ idmap_get_u2w_mapping(idmap_handle_t *handle, (xdrproc_t)xdr_idmap_mappings_res, (caddr_t)&result, TIMEOUT); - if (clntstat != RPC_SUCCESS) { - return (IDMAP_ERR_RPC); - } + if (clntstat != RPC_SUCCESS) + return (_idmap_rpc2stat(clnt)); retcode = result.retcode; @@ -1342,7 +1340,7 @@ idmap_get_u2w_mapping(idmap_handle_t *handle, if (direction) *direction = mapping->direction; - if (sidprefix) { + if (sidprefix && mapping->id2.idmap_id_u.sid.prefix) { *sidprefix = strdup(mapping->id2.idmap_id_u.sid.prefix); if (*sidprefix == NULL) { retcode = IDMAP_ERR_MEMORY; @@ -1489,7 +1487,7 @@ static stat_table_t stattable[] = { {IDMAP_ERR_NORESULT, gettext("No results available"), EINVAL}, {IDMAP_ERR_NOTUSER, gettext("Not a user"), EINVAL}, {IDMAP_ERR_NOTGROUP, gettext("Not a group"), EINVAL}, - {IDMAP_ERR_NOTSUPPORTED, gettext("Operation not supported"), EINVAL}, + {IDMAP_ERR_NOTSUPPORTED, gettext("Operation not supported"), ENOTSUP}, {IDMAP_ERR_W2U_NAMERULE, gettext("Invalid Windows to UNIX name-based rule"), EINVAL}, {IDMAP_ERR_U2W_NAMERULE, @@ -1499,11 +1497,11 @@ static stat_table_t stattable[] = { {IDMAP_ERR_ARG, gettext("Invalid argument"), EINVAL}, {IDMAP_ERR_SID, gettext("Invalid SID"), EINVAL}, {IDMAP_ERR_IDTYPE, gettext("Invalid identity type"), EINVAL}, - {IDMAP_ERR_RPC_HANDLE, gettext("Bad RPC handle"), EINVAL}, + {IDMAP_ERR_RPC_HANDLE, gettext("Bad RPC handle"), EBADF}, {IDMAP_ERR_RPC, gettext("RPC error"), EINVAL}, {IDMAP_ERR_CLIENT_HANDLE, gettext("Bad client handle"), EINVAL}, - {IDMAP_ERR_BUSY, gettext("Server is busy"), EINVAL}, - {IDMAP_ERR_PERMISSION_DENIED, gettext("Permisssion denied"), EINVAL}, + {IDMAP_ERR_BUSY, gettext("Server is busy"), EBUSY}, + {IDMAP_ERR_PERMISSION_DENIED, gettext("Permisssion denied"), EACCES}, {IDMAP_ERR_NOMAPPING, gettext("Mapping not found or inhibited"), EINVAL}, {IDMAP_ERR_NEW_ID_ALLOC_REQD, diff --git a/usr/src/lib/libidmap/common/idmap_impl.h b/usr/src/lib/libidmap/common/idmap_impl.h index 858654957d..584e42a993 100644 --- a/usr/src/lib/libidmap/common/idmap_impl.h +++ b/usr/src/lib/libidmap/common/idmap_impl.h @@ -61,9 +61,12 @@ struct idmap_udt_handle { struct idmap_handle *ih; idmap_update_batch batch; uint64_t next; - char *lastmsg; }; +#define _IDMAP_RESET_UDT_HANDLE(uh) \ + (void) xdr_free(xdr_idmap_update_batch, (caddr_t)&uh->batch);\ + uh->next = 0; + typedef struct idmap_get_res { idmap_id_type idtype; uid_t *uid; @@ -79,9 +82,15 @@ struct idmap_get_handle { idmap_mapping_batch batch; idmap_get_res_t *retlist; uint64_t next; - char *lastmsg; }; +#define _IDMAP_RESET_GET_HANDLE(gh) \ + (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch);\ + if (gh->retlist) \ + free(gh->retlist);\ + gh->retlist = NULL;\ + gh->next = 0; + struct idmap_iter { struct idmap_handle *ih; int type; @@ -101,10 +110,11 @@ typedef struct stat_table { typedef idmap_retcode _idmap_stat; -extern idmap_retcode _udt_extend_batch(idmap_udt_handle_t *, int); +extern idmap_retcode _udt_extend_batch(idmap_udt_handle_t *); extern idmap_retcode _get_ids_extend_batch(idmap_get_handle_t *); extern idmap_stat _iter_get_next_list(int, idmap_iter_t *, void *, uchar_t **, size_t, xdrproc_t, xdrproc_t); +extern idmap_stat _idmap_rpc2stat(CLIENT *); #ifdef __cplusplus } diff --git a/usr/src/lib/libidmap/common/idmap_priv.h b/usr/src/lib/libidmap/common/idmap_priv.h index d5a54b5387..42de37b785 100644 --- a/usr/src/lib/libidmap/common/idmap_priv.h +++ b/usr/src/lib/libidmap/common/idmap_priv.h @@ -45,6 +45,12 @@ extern "C" { #define IDMAP_FATAL_ERROR(rc) rc == IDMAP_ERR_MEMORY ||\ rc == IDMAP_ERR_DB +/* Direction in which mapping is valid */ +#define IDMAP_DIRECTION_UNDEF -1 /* not defined */ +#define IDMAP_DIRECTION_BI 0 /* bi-directional */ +#define IDMAP_DIRECTION_W2U 1 /* windows to unix only */ +#define IDMAP_DIRECTION_U2W 2 /* unix to windows only */ + /* Opaque handle to batch config add/remove operations */ typedef struct idmap_udt_handle idmap_udt_handle_t; diff --git a/usr/src/lib/libidmap/common/utils.c b/usr/src/lib/libidmap/common/utils.c index c9d9c69001..80b9141c47 100644 --- a/usr/src/lib/libidmap/common/utils.c +++ b/usr/src/lib/libidmap/common/utils.c @@ -42,7 +42,7 @@ static struct timeval TIMEOUT = { 25, 0 }; idmap_retcode -_udt_extend_batch(idmap_udt_handle_t *udthandle, int opnum) { +_udt_extend_batch(idmap_udt_handle_t *udthandle) { idmap_update_op *tmplist; size_t nsize; @@ -61,7 +61,7 @@ _udt_extend_batch(idmap_udt_handle_t *udthandle, int opnum) { udthandle->batch.idmap_update_batch_len += _UDT_SIZE_INCR; } udthandle->batch.idmap_update_batch_val[udthandle->next].opnum = - opnum; + OP_NONE; return (IDMAP_SUCCESS); } @@ -125,8 +125,34 @@ _iter_get_next_list(int type, idmap_iter_t *iter, TIMEOUT); if (clntstat != RPC_SUCCESS) { free(*list); - return (IDMAP_ERR_RPC); + return (_idmap_rpc2stat(clnt)); } iter->retlist = *list; return (IDMAP_SUCCESS); } + +idmap_stat +_idmap_rpc2stat(CLIENT *clnt) { + /* + * We only deal with door_call(3C) errors here. We look at + * r_err.re_errno instead of r_err.re_status because we need + * to differentiate between RPC failures caused by bad door fd + * and others. + */ + struct rpc_err r_err; + if (clnt) { + clnt_geterr(clnt, &r_err); + errno = r_err.re_errno; + switch (r_err.re_errno) { + case ENOMEM: + return (IDMAP_ERR_MEMORY); + case EBADF: + return (IDMAP_ERR_RPC_HANDLE); + default: + return (IDMAP_ERR_RPC); + } + } + + /* null handle */ + return (IDMAP_ERR_RPC_HANDLE); +} |