1c5c4113dSnw /* 2c5c4113dSnw * CDDL HEADER START 3c5c4113dSnw * 4c5c4113dSnw * The contents of this file are subject to the terms of the 5c5c4113dSnw * Common Development and Distribution License (the "License"). 6c5c4113dSnw * You may not use this file except in compliance with the License. 7c5c4113dSnw * 8c5c4113dSnw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9c5c4113dSnw * or http://www.opensolaris.org/os/licensing. 10c5c4113dSnw * See the License for the specific language governing permissions 11c5c4113dSnw * and limitations under the License. 12c5c4113dSnw * 13c5c4113dSnw * When distributing Covered Code, include this CDDL HEADER in each 14c5c4113dSnw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15c5c4113dSnw * If applicable, add the following below this CDDL HEADER, with the 16c5c4113dSnw * fields enclosed by brackets "[]" replaced with your own identifying 17c5c4113dSnw * information: Portions Copyright [yyyy] [name of copyright owner] 18c5c4113dSnw * 19c5c4113dSnw * CDDL HEADER END 20c5c4113dSnw */ 21c5c4113dSnw /* 22*148c5f43SAlan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23c5c4113dSnw */ 24c5c4113dSnw 25c5c4113dSnw 26c5c4113dSnw /* 27c5c4113dSnw * Service routines 28c5c4113dSnw */ 29c5c4113dSnw 30c5c4113dSnw #include "idmapd.h" 31c5c4113dSnw #include "idmap_priv.h" 32e8c27ec8Sbaban #include "nldaputils.h" 33c5c4113dSnw #include <signal.h> 34c5c4113dSnw #include <thread.h> 35c5c4113dSnw #include <string.h> 36c5c4113dSnw #include <strings.h> 37c5c4113dSnw #include <errno.h> 38c5c4113dSnw #include <assert.h> 39c5c4113dSnw #include <sys/types.h> 40c5c4113dSnw #include <sys/stat.h> 419fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States #include <sys/sid.h> 42c5c4113dSnw #include <ucred.h> 43c5c4113dSnw #include <pwd.h> 44c5c4113dSnw #include <auth_attr.h> 45c5c4113dSnw #include <secdb.h> 460dcc7149Snw #include <sys/u8_textprep.h> 471fcced4cSJordan Brown #include <note.h> 48c5c4113dSnw 49c5c4113dSnw #define _VALIDATE_LIST_CB_DATA(col, val, siz)\ 50c5c4113dSnw retcode = validate_list_cb_data(cb_data, argc, argv, col,\ 51c5c4113dSnw (uchar_t **)val, siz);\ 52c5c4113dSnw if (retcode == IDMAP_NEXT) {\ 53c5c4113dSnw result->retcode = IDMAP_NEXT;\ 54c5c4113dSnw return (0);\ 55c5c4113dSnw } else if (retcode < 0) {\ 56c5c4113dSnw result->retcode = retcode;\ 57c5c4113dSnw return (1);\ 58c5c4113dSnw } 59c5c4113dSnw 6048258c6bSjp #define PROCESS_LIST_SVC_SQL(rcode, db, dbname, sql, limit, flag, cb, res, len)\ 6148258c6bSjp rcode = process_list_svc_sql(db, dbname, sql, limit, flag, cb, res);\ 62c5c4113dSnw if (rcode == IDMAP_ERR_BUSY)\ 63c5c4113dSnw res->retcode = IDMAP_ERR_BUSY;\ 64c5c4113dSnw else if (rcode == IDMAP_SUCCESS && len == 0)\ 65c5c4113dSnw res->retcode = IDMAP_ERR_NOTFOUND; 66c5c4113dSnw 67c5c4113dSnw 688e228215Sdm #define STRDUP_OR_FAIL(to, from) \ 698e228215Sdm if ((from) == NULL) \ 708e228215Sdm to = NULL; \ 718e228215Sdm else { \ 728e228215Sdm if ((to = strdup(from)) == NULL) \ 738e228215Sdm return (1); \ 748e228215Sdm } 758e228215Sdm 76479ac375Sdm #define STRDUP_CHECK(to, from) \ 77479ac375Sdm if ((from) != NULL) { \ 78479ac375Sdm to = strdup(from); \ 79479ac375Sdm if (to == NULL) { \ 80479ac375Sdm result->retcode = IDMAP_ERR_MEMORY; \ 81479ac375Sdm goto out; \ 82479ac375Sdm } \ 83479ac375Sdm } 84479ac375Sdm 85c5c4113dSnw /* ARGSUSED */ 86c5c4113dSnw bool_t 87cd37da74Snw idmap_null_1_svc(void *result, struct svc_req *rqstp) 88cd37da74Snw { 89c5c4113dSnw return (TRUE); 90c5c4113dSnw } 91c5c4113dSnw 92334e3463Sbaban /* 93334e3463Sbaban * RPC layer allocates empty strings to replace NULL char *. 94334e3463Sbaban * This utility function frees these empty strings. 95334e3463Sbaban */ 96e8c27ec8Sbaban static 97e8c27ec8Sbaban void 98334e3463Sbaban sanitize_mapping_request(idmap_mapping *req) 99334e3463Sbaban { 100fe1c642dSBill Krier if (EMPTY_STRING(req->id1name)) { 101fe1c642dSBill Krier free(req->id1name); 102fe1c642dSBill Krier req->id1name = NULL; 103fe1c642dSBill Krier } 104fe1c642dSBill Krier if (EMPTY_STRING(req->id1domain)) { 105fe1c642dSBill Krier free(req->id1domain); 106fe1c642dSBill Krier req->id1domain = NULL; 107fe1c642dSBill Krier } 108fe1c642dSBill Krier if (EMPTY_STRING(req->id2name)) { 109fe1c642dSBill Krier free(req->id2name); 110fe1c642dSBill Krier req->id2name = NULL; 111fe1c642dSBill Krier } 112fe1c642dSBill Krier if (EMPTY_STRING(req->id2domain)) { 113fe1c642dSBill Krier free(req->id2domain); 114fe1c642dSBill Krier req->id2domain = NULL; 115fe1c642dSBill Krier } 116e8c27ec8Sbaban req->direction = _IDMAP_F_DONE; 117334e3463Sbaban } 118334e3463Sbaban 1190dcc7149Snw static 1200dcc7149Snw int 1210dcc7149Snw validate_mapped_id_by_name_req(idmap_mapping *req) 1220dcc7149Snw { 1230dcc7149Snw int e; 1240dcc7149Snw 125*148c5f43SAlan Wright if (IS_ID_UID(req->id1) || IS_ID_GID(req->id1)) 1260dcc7149Snw return (IDMAP_SUCCESS); 1270dcc7149Snw 128*148c5f43SAlan Wright if (IS_ID_SID(req->id1)) { 1290dcc7149Snw if (!EMPTY_STRING(req->id1name) && 1300dcc7149Snw u8_validate(req->id1name, strlen(req->id1name), 1310dcc7149Snw NULL, U8_VALIDATE_ENTIRE, &e) < 0) 1320dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1330dcc7149Snw if (!EMPTY_STRING(req->id1domain) && 1340dcc7149Snw u8_validate(req->id1domain, strlen(req->id1domain), 1350dcc7149Snw NULL, U8_VALIDATE_ENTIRE, &e) < 0) 1360dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1370dcc7149Snw } 1380dcc7149Snw 1390dcc7149Snw return (IDMAP_SUCCESS); 1400dcc7149Snw } 1410dcc7149Snw 1420dcc7149Snw static 1430dcc7149Snw int 1440dcc7149Snw validate_rule(idmap_namerule *rule) 1450dcc7149Snw { 1460dcc7149Snw int e; 1470dcc7149Snw 1480dcc7149Snw if (!EMPTY_STRING(rule->winname) && 1490dcc7149Snw u8_validate(rule->winname, strlen(rule->winname), 1500dcc7149Snw NULL, U8_VALIDATE_ENTIRE, &e) < 0) 1510dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1520dcc7149Snw 1530dcc7149Snw if (!EMPTY_STRING(rule->windomain) && 1540dcc7149Snw u8_validate(rule->windomain, strlen(rule->windomain), 1550dcc7149Snw NULL, U8_VALIDATE_ENTIRE, &e) < 0) 1560dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1570dcc7149Snw 1580dcc7149Snw return (IDMAP_SUCCESS); 1590dcc7149Snw 1600dcc7149Snw } 1610dcc7149Snw 1620dcc7149Snw static 1630dcc7149Snw bool_t 1640dcc7149Snw validate_rules(idmap_update_batch *batch) 1650dcc7149Snw { 1660dcc7149Snw idmap_update_op *up; 1670dcc7149Snw int i; 1680dcc7149Snw 1690dcc7149Snw for (i = 0; i < batch->idmap_update_batch_len; i++) { 1700dcc7149Snw up = &(batch->idmap_update_batch_val[i]); 1710dcc7149Snw if (validate_rule(&(up->idmap_update_op_u.rule)) 1720dcc7149Snw != IDMAP_SUCCESS) 1730dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1740dcc7149Snw } 1750dcc7149Snw 1760dcc7149Snw return (IDMAP_SUCCESS); 1770dcc7149Snw } 1780dcc7149Snw 179c5c4113dSnw /* ARGSUSED */ 180c5c4113dSnw bool_t 181c5c4113dSnw idmap_get_mapped_ids_1_svc(idmap_mapping_batch batch, 182cd37da74Snw idmap_ids_res *result, struct svc_req *rqstp) 183cd37da74Snw { 184c5c4113dSnw sqlite *cache = NULL, *db = NULL; 185c5c4113dSnw lookup_state_t state; 186e8c27ec8Sbaban idmap_retcode retcode; 18762c60062Sbaban uint_t i; 188*148c5f43SAlan Wright idmap_mapping *req; 189*148c5f43SAlan Wright idmap_id_res *res; 190*148c5f43SAlan Wright boolean_t any_tracing; 191c5c4113dSnw 192c5c4113dSnw /* Init */ 193c5c4113dSnw (void) memset(result, 0, sizeof (*result)); 194c5c4113dSnw (void) memset(&state, 0, sizeof (state)); 195c5c4113dSnw 196c5c4113dSnw /* Return success if nothing was requested */ 197c5c4113dSnw if (batch.idmap_mapping_batch_len < 1) 198c5c4113dSnw goto out; 199c5c4113dSnw 200c5c4113dSnw /* Get cache handle */ 201c5c4113dSnw result->retcode = get_cache_handle(&cache); 202c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 203c5c4113dSnw goto out; 204479ac375Sdm state.cache = cache; 205c5c4113dSnw 206c5c4113dSnw /* Get db handle */ 207c5c4113dSnw result->retcode = get_db_handle(&db); 208c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 209c5c4113dSnw goto out; 210479ac375Sdm state.db = db; 211c5c4113dSnw 212c5c4113dSnw /* Allocate result array */ 213c5c4113dSnw result->ids.ids_val = calloc(batch.idmap_mapping_batch_len, 214cd37da74Snw sizeof (idmap_id_res)); 215c5c4113dSnw if (result->ids.ids_val == NULL) { 216c5c4113dSnw idmapdlog(LOG_ERR, "Out of memory"); 217c5c4113dSnw result->retcode = IDMAP_ERR_MEMORY; 218c5c4113dSnw goto out; 219c5c4113dSnw } 220c5c4113dSnw result->ids.ids_len = batch.idmap_mapping_batch_len; 221c5c4113dSnw 22262c60062Sbaban /* Allocate hash table to check for duplicate sids */ 22362c60062Sbaban state.sid_history = calloc(batch.idmap_mapping_batch_len, 224cd37da74Snw sizeof (*state.sid_history)); 22562c60062Sbaban if (state.sid_history == NULL) { 22662c60062Sbaban idmapdlog(LOG_ERR, "Out of memory"); 22762c60062Sbaban result->retcode = IDMAP_ERR_MEMORY; 22862c60062Sbaban goto out; 22962c60062Sbaban } 23062c60062Sbaban state.sid_history_size = batch.idmap_mapping_batch_len; 23162c60062Sbaban for (i = 0; i < state.sid_history_size; i++) { 23262c60062Sbaban state.sid_history[i].key = state.sid_history_size; 23362c60062Sbaban state.sid_history[i].next = state.sid_history_size; 23462c60062Sbaban } 23562c60062Sbaban state.batch = &batch; 23662c60062Sbaban state.result = result; 23762c60062Sbaban 238e8c27ec8Sbaban /* Get directory-based name mapping info */ 239479ac375Sdm result->retcode = load_cfg_in_state(&state); 240e8c27ec8Sbaban if (result->retcode != IDMAP_SUCCESS) 241e8c27ec8Sbaban goto out; 242e8c27ec8Sbaban 243c5c4113dSnw /* Init our 'done' flags */ 244c5c4113dSnw state.sid2pid_done = state.pid2sid_done = TRUE; 245c5c4113dSnw 246*148c5f43SAlan Wright any_tracing = B_FALSE; 247*148c5f43SAlan Wright 248c5c4113dSnw /* First stage */ 249c5c4113dSnw for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 250*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 251*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 252*148c5f43SAlan Wright if (TRACING(req)) 253*148c5f43SAlan Wright any_tracing = B_TRUE; 25462c60062Sbaban state.curpos = i; 255*148c5f43SAlan Wright (void) sanitize_mapping_request(req); 256*148c5f43SAlan Wright TRACE(req, res, "Start mapping"); 257*148c5f43SAlan Wright if (IS_ID_SID(req->id1)) { 258c5c4113dSnw retcode = sid2pid_first_pass( 259cd37da74Snw &state, 260*148c5f43SAlan Wright req, 261*148c5f43SAlan Wright res); 262*148c5f43SAlan Wright } else if (IS_ID_UID(req->id1)) { 263c5c4113dSnw retcode = pid2sid_first_pass( 264cd37da74Snw &state, 265*148c5f43SAlan Wright req, 266*148c5f43SAlan Wright res, 1); 267*148c5f43SAlan Wright } else if (IS_ID_GID(req->id1)) { 268c5c4113dSnw retcode = pid2sid_first_pass( 269cd37da74Snw &state, 270*148c5f43SAlan Wright req, 271*148c5f43SAlan Wright res, 0); 272c5c4113dSnw } else { 273*148c5f43SAlan Wright res->retcode = IDMAP_ERR_IDTYPE; 274c5c4113dSnw continue; 275c5c4113dSnw } 276c5c4113dSnw if (IDMAP_FATAL_ERROR(retcode)) { 277c5c4113dSnw result->retcode = retcode; 278c5c4113dSnw goto out; 279c5c4113dSnw } 280c5c4113dSnw } 281c5c4113dSnw 282c5c4113dSnw /* Check if we are done */ 283c5c4113dSnw if (state.sid2pid_done == TRUE && state.pid2sid_done == TRUE) 284c5c4113dSnw goto out; 285c5c4113dSnw 286e8c27ec8Sbaban /* 287e8c27ec8Sbaban * native LDAP lookups: 288479ac375Sdm * pid2sid: 289479ac375Sdm * - nldap or mixed mode. Lookup nldap by pid or unixname to get 290479ac375Sdm * winname. 291479ac375Sdm * sid2pid: 292479ac375Sdm * - nldap mode. Got winname and sid (either given or found in 293479ac375Sdm * name_cache). Lookup nldap by winname to get pid and 294479ac375Sdm * unixname. 295e8c27ec8Sbaban */ 296e8c27ec8Sbaban if (state.nldap_nqueries) { 297e8c27ec8Sbaban retcode = nldap_lookup_batch(&state, &batch, result); 298e8c27ec8Sbaban if (IDMAP_FATAL_ERROR(retcode)) { 299*148c5f43SAlan Wright TRACE(req, res, "Native LDAP lookup error=%d", retcode); 300e8c27ec8Sbaban result->retcode = retcode; 301e8c27ec8Sbaban goto out; 302e8c27ec8Sbaban } 303*148c5f43SAlan Wright if (any_tracing) { 304*148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 305*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 306*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 307*148c5f43SAlan Wright if (IDMAP_ERROR(res->retcode)) { 308*148c5f43SAlan Wright TRACE(req, res, 309*148c5f43SAlan Wright "Native LDAP lookup error=%d", 310*148c5f43SAlan Wright res->retcode); 311*148c5f43SAlan Wright } else { 312*148c5f43SAlan Wright TRACE(req, res, "Native LDAP lookup"); 313*148c5f43SAlan Wright } 314*148c5f43SAlan Wright } 315*148c5f43SAlan Wright } 316e8c27ec8Sbaban } 317e8c27ec8Sbaban 318e8c27ec8Sbaban /* 319e8c27ec8Sbaban * AD lookups: 320479ac375Sdm * pid2sid: 321479ac375Sdm * - nldap or mixed mode. Got winname from nldap lookup. 322479ac375Sdm * winname2sid could not be resolved locally. Lookup AD 323479ac375Sdm * by winname to get sid. 324479ac375Sdm * - ad mode. Got unixname. Lookup AD by unixname to get 325479ac375Sdm * winname and sid. 326479ac375Sdm * sid2pid: 327479ac375Sdm * - ad or mixed mode. Lookup AD by sid or winname to get 328479ac375Sdm * winname, sid and unixname. 329479ac375Sdm * - any mode. Got either sid or winname but not both. Lookup 330479ac375Sdm * AD by sid or winname to get winname, sid. 331e8c27ec8Sbaban */ 332c5c4113dSnw if (state.ad_nqueries) { 333e8c27ec8Sbaban retcode = ad_lookup_batch(&state, &batch, result); 334e8c27ec8Sbaban if (IDMAP_FATAL_ERROR(retcode)) { 335*148c5f43SAlan Wright TRACE(req, res, "AD lookup error=%d", retcode); 336e8c27ec8Sbaban result->retcode = retcode; 337e8c27ec8Sbaban goto out; 338e8c27ec8Sbaban } 339*148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 340*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 341*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 342*148c5f43SAlan Wright if (res->retcode == IDMAP_ERR_DOMAIN_NOTFOUND && 343*148c5f43SAlan Wright req->id1.idmap_id_u.sid.prefix != NULL && 344*148c5f43SAlan Wright req->id1name != NULL) { 345*148c5f43SAlan Wright /* 346*148c5f43SAlan Wright * If AD lookup failed Domain Not Found but 347*148c5f43SAlan Wright * we have a winname and SID, it means that 348*148c5f43SAlan Wright * - LSA succeeded 349*148c5f43SAlan Wright * - it's a request a cross-forest trust 350*148c5f43SAlan Wright * and 351*148c5f43SAlan Wright * - we were looking for directory-based 352*148c5f43SAlan Wright * mapping information. 353*148c5f43SAlan Wright * In that case, we're OK, just go on. 354*148c5f43SAlan Wright * 355*148c5f43SAlan Wright * If this seems more convoluted than it 356*148c5f43SAlan Wright * should be, it is - really, we probably 357*148c5f43SAlan Wright * shouldn't even be attempting AD lookups 358*148c5f43SAlan Wright * in this situation, but that's a more 359*148c5f43SAlan Wright * intricate cleanup that will have to wait 360*148c5f43SAlan Wright * for later. 361*148c5f43SAlan Wright */ 362*148c5f43SAlan Wright res->retcode = IDMAP_SUCCESS; 363*148c5f43SAlan Wright TRACE(req, res, 364*148c5f43SAlan Wright "AD lookup - domain not found (ignored)"); 365*148c5f43SAlan Wright continue; 366*148c5f43SAlan Wright } 367*148c5f43SAlan Wright if (res->retcode == IDMAP_SUCCESS) 368*148c5f43SAlan Wright TRACE(req, res, "Found in AD"); 369*148c5f43SAlan Wright else if (res->retcode == IDMAP_ERR_NOTFOUND) 370*148c5f43SAlan Wright TRACE(req, res, "Not found in AD"); 371*148c5f43SAlan Wright else 372*148c5f43SAlan Wright TRACE(req, res, "AD lookup error"); 373*148c5f43SAlan Wright } 374e8c27ec8Sbaban } 375e8c27ec8Sbaban 376e8c27ec8Sbaban /* 377e8c27ec8Sbaban * native LDAP lookups: 378479ac375Sdm * sid2pid: 379479ac375Sdm * - nldap mode. Got winname and sid from AD lookup. Lookup nldap 380479ac375Sdm * by winname to get pid and unixname. 381e8c27ec8Sbaban */ 382e8c27ec8Sbaban if (state.nldap_nqueries) { 383e8c27ec8Sbaban retcode = nldap_lookup_batch(&state, &batch, result); 384e8c27ec8Sbaban if (IDMAP_FATAL_ERROR(retcode)) { 385*148c5f43SAlan Wright TRACE(req, res, "Native LDAP lookup error=%d", retcode); 386e8c27ec8Sbaban result->retcode = retcode; 387c5c4113dSnw goto out; 388c5c4113dSnw } 389*148c5f43SAlan Wright if (any_tracing) { 390*148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 391*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 392*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 393*148c5f43SAlan Wright TRACE(req, res, "Native LDAP lookup"); 394*148c5f43SAlan Wright } 395*148c5f43SAlan Wright } 396e8c27ec8Sbaban } 397c5c4113dSnw 398e8c27ec8Sbaban /* Reset 'done' flags */ 399e8c27ec8Sbaban state.sid2pid_done = state.pid2sid_done = TRUE; 400c5c4113dSnw 401c5c4113dSnw /* Second stage */ 402c5c4113dSnw for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 403*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 404*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 40562c60062Sbaban state.curpos = i; 406*148c5f43SAlan Wright if (IS_ID_SID(req->id1)) { 407c5c4113dSnw retcode = sid2pid_second_pass( 408cd37da74Snw &state, 409*148c5f43SAlan Wright req, 410*148c5f43SAlan Wright res); 411*148c5f43SAlan Wright } else if (IS_ID_UID(req->id1)) { 412e8c27ec8Sbaban retcode = pid2sid_second_pass( 413e8c27ec8Sbaban &state, 414*148c5f43SAlan Wright req, 415*148c5f43SAlan Wright res, 1); 416*148c5f43SAlan Wright } else if (IS_ID_GID(req->id1)) { 417e8c27ec8Sbaban retcode = pid2sid_second_pass( 418e8c27ec8Sbaban &state, 419*148c5f43SAlan Wright req, 420*148c5f43SAlan Wright res, 0); 421e8c27ec8Sbaban } else { 422e8c27ec8Sbaban /* First stage has already set the error */ 423e8c27ec8Sbaban continue; 424e8c27ec8Sbaban } 425e8c27ec8Sbaban if (IDMAP_FATAL_ERROR(retcode)) { 426e8c27ec8Sbaban result->retcode = retcode; 427e8c27ec8Sbaban goto out; 428c5c4113dSnw } 429c5c4113dSnw } 430c5c4113dSnw 431c5c4113dSnw /* Check if we are done */ 432c5c4113dSnw if (state.sid2pid_done == TRUE && state.pid2sid_done == TRUE) 433c5c4113dSnw goto out; 434c5c4113dSnw 435c5c4113dSnw /* Reset our 'done' flags */ 436c5c4113dSnw state.sid2pid_done = state.pid2sid_done = TRUE; 437c5c4113dSnw 438c5c4113dSnw /* Update cache in a single transaction */ 43971590c90Snw if (sql_exec_no_cb(cache, IDMAP_CACHENAME, "BEGIN TRANSACTION;") 44071590c90Snw != IDMAP_SUCCESS) 441c5c4113dSnw goto out; 442c5c4113dSnw 443c5c4113dSnw for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 444*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 445*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 44662c60062Sbaban state.curpos = i; 447*148c5f43SAlan Wright if (IS_ID_SID(req->id1)) { 448c5c4113dSnw (void) update_cache_sid2pid( 449cd37da74Snw &state, 450*148c5f43SAlan Wright req, 451*148c5f43SAlan Wright res); 452*148c5f43SAlan Wright } else if ((IS_ID_UID(req->id1)) || 453*148c5f43SAlan Wright (IS_ID_GID(req->id1))) { 454c5c4113dSnw (void) update_cache_pid2sid( 455cd37da74Snw &state, 456*148c5f43SAlan Wright req, 457*148c5f43SAlan Wright res); 458c5c4113dSnw } 459c5c4113dSnw } 460c5c4113dSnw 461da6c28aaSamw /* Commit if we have at least one successful update */ 462c5c4113dSnw if (state.sid2pid_done == FALSE || state.pid2sid_done == FALSE) 46371590c90Snw (void) sql_exec_no_cb(cache, IDMAP_CACHENAME, 46471590c90Snw "COMMIT TRANSACTION;"); 465c5c4113dSnw else 46671590c90Snw (void) sql_exec_no_cb(cache, IDMAP_CACHENAME, 46771590c90Snw "END TRANSACTION;"); 468c5c4113dSnw 469c5c4113dSnw out: 470e8c27ec8Sbaban cleanup_lookup_state(&state); 471c5c4113dSnw if (IDMAP_ERROR(result->retcode)) { 472*148c5f43SAlan Wright if (any_tracing) { 473*148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 474*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 475*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 476*148c5f43SAlan Wright TRACE(req, res, 477*148c5f43SAlan Wright "Failure code %d", result->retcode); 478*148c5f43SAlan Wright } 479*148c5f43SAlan Wright } 480c5c4113dSnw xdr_free(xdr_idmap_ids_res, (caddr_t)result); 481c5c4113dSnw result->ids.ids_len = 0; 482c5c4113dSnw result->ids.ids_val = NULL; 483*148c5f43SAlan Wright } else { 484*148c5f43SAlan Wright if (any_tracing) { 485*148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 486*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 487*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 488*148c5f43SAlan Wright TRACE(req, res, "Done"); 489*148c5f43SAlan Wright } 490*148c5f43SAlan Wright } 491c5c4113dSnw } 492c5c4113dSnw result->retcode = idmap_stat4prot(result->retcode); 493*148c5f43SAlan Wright 494*148c5f43SAlan Wright for (i = 0; i < result->ids.ids_len; i++) { 495*148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 496*148c5f43SAlan Wright res = &result->ids.ids_val[i]; 497*148c5f43SAlan Wright 498*148c5f43SAlan Wright if (!(req->flag & IDMAP_REQ_FLG_MAPPING_INFO) && 499*148c5f43SAlan Wright res->retcode == IDMAP_SUCCESS) 500*148c5f43SAlan Wright idmap_how_clear(&res->info.how); 501*148c5f43SAlan Wright } 502c5c4113dSnw return (TRUE); 503c5c4113dSnw } 504c5c4113dSnw 505c5c4113dSnw 506c5c4113dSnw /* ARGSUSED */ 507cd37da74Snw static 508cd37da74Snw int 509cd37da74Snw list_mappings_cb(void *parg, int argc, char **argv, char **colnames) 510cd37da74Snw { 511c5c4113dSnw list_cb_data_t *cb_data; 512c5c4113dSnw char *str; 513c5c4113dSnw idmap_mappings_res *result; 514c5c4113dSnw idmap_retcode retcode; 515c5c4113dSnw int w2u, u2w; 516c5c4113dSnw char *end; 517cd37da74Snw static int validated_column_names = 0; 51848258c6bSjp idmap_how *how; 51948258c6bSjp 52048258c6bSjp cb_data = (list_cb_data_t *)parg; 521cd37da74Snw 522cd37da74Snw if (!validated_column_names) { 523cd37da74Snw assert(strcmp(colnames[0], "rowid") == 0); 524cd37da74Snw assert(strcmp(colnames[1], "sidprefix") == 0); 525cd37da74Snw assert(strcmp(colnames[2], "rid") == 0); 526cd37da74Snw assert(strcmp(colnames[3], "pid") == 0); 527cd37da74Snw assert(strcmp(colnames[4], "w2u") == 0); 528cd37da74Snw assert(strcmp(colnames[5], "u2w") == 0); 529cd37da74Snw assert(strcmp(colnames[6], "windomain") == 0); 530cd37da74Snw assert(strcmp(colnames[7], "canon_winname") == 0); 531cd37da74Snw assert(strcmp(colnames[8], "unixname") == 0); 532cd37da74Snw assert(strcmp(colnames[9], "is_user") == 0); 533cd37da74Snw assert(strcmp(colnames[10], "is_wuser") == 0); 53448258c6bSjp assert(strcmp(colnames[11], "map_type") == 0); 53548258c6bSjp assert(strcmp(colnames[12], "map_dn") == 0); 53648258c6bSjp assert(strcmp(colnames[13], "map_attr") == 0); 53748258c6bSjp assert(strcmp(colnames[14], "map_value") == 0); 53848258c6bSjp assert(strcmp(colnames[15], "map_windomain") == 0); 53948258c6bSjp assert(strcmp(colnames[16], "map_winname") == 0); 54048258c6bSjp assert(strcmp(colnames[17], "map_unixname") == 0); 54148258c6bSjp assert(strcmp(colnames[18], "map_is_nt4") == 0); 542cd37da74Snw validated_column_names = 1; 543cd37da74Snw } 544cd37da74Snw 545c5c4113dSnw result = (idmap_mappings_res *)cb_data->result; 546c5c4113dSnw 54748258c6bSjp _VALIDATE_LIST_CB_DATA(19, &result->mappings.mappings_val, 548cd37da74Snw sizeof (idmap_mapping)); 549c5c4113dSnw 550c5c4113dSnw result->mappings.mappings_len++; 551c5c4113dSnw 552c5c4113dSnw if ((str = strdup(argv[1])) == NULL) 553c5c4113dSnw return (1); 554c5c4113dSnw result->mappings.mappings_val[cb_data->next].id1.idmap_id_u.sid.prefix = 555cd37da74Snw str; 556c5c4113dSnw result->mappings.mappings_val[cb_data->next].id1.idmap_id_u.sid.rid = 557cd37da74Snw strtoul(argv[2], &end, 10); 558cd37da74Snw result->mappings.mappings_val[cb_data->next].id1.idtype = 559cd37da74Snw strtol(argv[10], &end, 10) ? IDMAP_USID : IDMAP_GSID; 560c5c4113dSnw 561c5c4113dSnw result->mappings.mappings_val[cb_data->next].id2.idmap_id_u.uid = 562cd37da74Snw strtoul(argv[3], &end, 10); 563cd37da74Snw result->mappings.mappings_val[cb_data->next].id2.idtype = 564cd37da74Snw strtol(argv[9], &end, 10) ? IDMAP_UID : IDMAP_GID; 565c5c4113dSnw 566cd37da74Snw w2u = argv[4] ? strtol(argv[4], &end, 10) : 0; 567cd37da74Snw u2w = argv[5] ? strtol(argv[5], &end, 10) : 0; 568c5c4113dSnw 569c5c4113dSnw if (w2u > 0 && u2w == 0) 570651c0131Sbaban result->mappings.mappings_val[cb_data->next].direction = 571651c0131Sbaban IDMAP_DIRECTION_W2U; 572c5c4113dSnw else if (w2u == 0 && u2w > 0) 573651c0131Sbaban result->mappings.mappings_val[cb_data->next].direction = 574651c0131Sbaban IDMAP_DIRECTION_U2W; 575c5c4113dSnw else 576651c0131Sbaban result->mappings.mappings_val[cb_data->next].direction = 577651c0131Sbaban IDMAP_DIRECTION_BI; 578c5c4113dSnw 5798e228215Sdm STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id1domain, 5808e228215Sdm argv[6]); 581c5c4113dSnw 5828e228215Sdm STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id1name, 5838e228215Sdm argv[7]); 5848e228215Sdm 5858e228215Sdm STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id2name, 5868e228215Sdm argv[8]); 587c5c4113dSnw 58848258c6bSjp if (cb_data->flag & IDMAP_REQ_FLG_MAPPING_INFO) { 58948258c6bSjp how = &result->mappings.mappings_val[cb_data->next].info.how; 59048258c6bSjp how->map_type = strtoul(argv[11], &end, 10); 59148258c6bSjp switch (how->map_type) { 59248258c6bSjp case IDMAP_MAP_TYPE_DS_AD: 59348258c6bSjp how->idmap_how_u.ad.dn = 59448258c6bSjp strdup(argv[12]); 59548258c6bSjp how->idmap_how_u.ad.attr = 59648258c6bSjp strdup(argv[13]); 59748258c6bSjp how->idmap_how_u.ad.value = 59848258c6bSjp strdup(argv[14]); 59948258c6bSjp break; 60048258c6bSjp 60148258c6bSjp case IDMAP_MAP_TYPE_DS_NLDAP: 60248258c6bSjp how->idmap_how_u.nldap.dn = 60348258c6bSjp strdup(argv[12]); 60448258c6bSjp how->idmap_how_u.nldap.attr = 60548258c6bSjp strdup(argv[13]); 60648258c6bSjp how->idmap_how_u.nldap.value = 60748258c6bSjp strdup(argv[14]); 60848258c6bSjp break; 60948258c6bSjp 61048258c6bSjp case IDMAP_MAP_TYPE_RULE_BASED: 61148258c6bSjp how->idmap_how_u.rule.windomain = 61248258c6bSjp strdup(argv[15]); 61348258c6bSjp how->idmap_how_u.rule.winname = 61448258c6bSjp strdup(argv[16]); 61548258c6bSjp how->idmap_how_u.rule.unixname = 61648258c6bSjp strdup(argv[17]); 61748258c6bSjp how->idmap_how_u.rule.is_nt4 = 61848258c6bSjp strtoul(argv[18], &end, 10); 61948258c6bSjp how->idmap_how_u.rule.is_user = 62048258c6bSjp strtol(argv[9], &end, 10); 62148258c6bSjp how->idmap_how_u.rule.is_wuser = 62248258c6bSjp strtol(argv[10], &end, 10); 62348258c6bSjp break; 62448258c6bSjp 62548258c6bSjp case IDMAP_MAP_TYPE_EPHEMERAL: 62648258c6bSjp break; 62748258c6bSjp 62848258c6bSjp case IDMAP_MAP_TYPE_LOCAL_SID: 62948258c6bSjp break; 63048258c6bSjp 631e3f2c991SKeyur Desai case IDMAP_MAP_TYPE_IDMU: 632e3f2c991SKeyur Desai how->idmap_how_u.idmu.dn = 633e3f2c991SKeyur Desai strdup(argv[12]); 634e3f2c991SKeyur Desai how->idmap_how_u.idmu.attr = 635e3f2c991SKeyur Desai strdup(argv[13]); 636e3f2c991SKeyur Desai how->idmap_how_u.idmu.value = 637e3f2c991SKeyur Desai strdup(argv[14]); 638e3f2c991SKeyur Desai break; 639e3f2c991SKeyur Desai 64048258c6bSjp default: 641e3f2c991SKeyur Desai /* Unknown mapping type */ 64248258c6bSjp assert(FALSE); 64348258c6bSjp } 64448258c6bSjp 64548258c6bSjp } 646c5c4113dSnw 647c5c4113dSnw result->lastrowid = strtoll(argv[0], &end, 10); 648c5c4113dSnw cb_data->next++; 649c5c4113dSnw result->retcode = IDMAP_SUCCESS; 650c5c4113dSnw return (0); 651c5c4113dSnw } 652c5c4113dSnw 653c5c4113dSnw 654c5c4113dSnw /* ARGSUSED */ 655c5c4113dSnw bool_t 65648258c6bSjp idmap_list_mappings_1_svc(int64_t lastrowid, uint64_t limit, int32_t flag, 657cd37da74Snw idmap_mappings_res *result, struct svc_req *rqstp) 658cd37da74Snw { 659c5c4113dSnw sqlite *cache = NULL; 660c5c4113dSnw char lbuf[30], rbuf[30]; 661c5c4113dSnw uint64_t maxlimit; 662c5c4113dSnw idmap_retcode retcode; 663c5c4113dSnw char *sql = NULL; 66448258c6bSjp time_t curtime; 665c5c4113dSnw 666c5c4113dSnw (void) memset(result, 0, sizeof (*result)); 667c5c4113dSnw 66848258c6bSjp /* Current time */ 66948258c6bSjp errno = 0; 67048258c6bSjp if ((curtime = time(NULL)) == (time_t)-1) { 67148258c6bSjp idmapdlog(LOG_ERR, "Failed to get current time (%s)", 67248258c6bSjp strerror(errno)); 67348258c6bSjp retcode = IDMAP_ERR_INTERNAL; 67448258c6bSjp goto out; 67548258c6bSjp } 67648258c6bSjp 677c5c4113dSnw RDLOCK_CONFIG(); 678c5c4113dSnw maxlimit = _idmapdstate.cfg->pgcfg.list_size_limit; 679c5c4113dSnw UNLOCK_CONFIG(); 680c5c4113dSnw 681c5c4113dSnw /* Get cache handle */ 682c5c4113dSnw result->retcode = get_cache_handle(&cache); 683c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 684c5c4113dSnw goto out; 685c5c4113dSnw 686c5c4113dSnw result->retcode = IDMAP_ERR_INTERNAL; 687c5c4113dSnw 688c5c4113dSnw /* Create LIMIT expression. */ 689c5c4113dSnw if (limit == 0 || (maxlimit > 0 && maxlimit < limit)) 690c5c4113dSnw limit = maxlimit; 691c5c4113dSnw if (limit > 0) 692c5c4113dSnw (void) snprintf(lbuf, sizeof (lbuf), 693cd37da74Snw "LIMIT %" PRIu64, limit + 1ULL); 694bbf6f00cSJordan Brown else 695bbf6f00cSJordan Brown lbuf[0] = '\0'; 696c5c4113dSnw 697c5c4113dSnw (void) snprintf(rbuf, sizeof (rbuf), "rowid > %" PRIu64, lastrowid); 698c5c4113dSnw 699c5c4113dSnw /* 700c5c4113dSnw * Combine all the above into a giant SELECT statement that 701c5c4113dSnw * will return the requested mappings 702c5c4113dSnw */ 70348258c6bSjp 70448258c6bSjp sql = sqlite_mprintf("SELECT rowid, sidprefix, rid, pid, w2u, " 70548258c6bSjp "u2w, windomain, canon_winname, unixname, is_user, is_wuser, " 70648258c6bSjp "map_type, map_dn, map_attr, map_value, map_windomain, " 70748258c6bSjp "map_winname, map_unixname, map_is_nt4 " 70848258c6bSjp "FROM idmap_cache WHERE %s AND " 70948258c6bSjp "(pid >= 2147483648 OR (expiration = 0 OR " 71048258c6bSjp "expiration ISNULL OR expiration > %d)) " 71148258c6bSjp "%s;", 71248258c6bSjp rbuf, curtime, lbuf); 713c5c4113dSnw if (sql == NULL) { 714479ac375Sdm result->retcode = IDMAP_ERR_MEMORY; 715c5c4113dSnw idmapdlog(LOG_ERR, "Out of memory"); 716c5c4113dSnw goto out; 717c5c4113dSnw } 718c5c4113dSnw 719c5c4113dSnw /* Execute the SQL statement and update the return buffer */ 72071590c90Snw PROCESS_LIST_SVC_SQL(retcode, cache, IDMAP_CACHENAME, sql, limit, 72148258c6bSjp flag, list_mappings_cb, result, result->mappings.mappings_len); 722c5c4113dSnw 723c5c4113dSnw out: 724c5c4113dSnw if (sql) 725c5c4113dSnw sqlite_freemem(sql); 726c5c4113dSnw if (IDMAP_ERROR(result->retcode)) 727c5c4113dSnw (void) xdr_free(xdr_idmap_mappings_res, (caddr_t)result); 728c5c4113dSnw result->retcode = idmap_stat4prot(result->retcode); 729c5c4113dSnw return (TRUE); 730c5c4113dSnw } 731c5c4113dSnw 732c5c4113dSnw 733c5c4113dSnw /* ARGSUSED */ 734cd37da74Snw static 735cd37da74Snw int 736cd37da74Snw list_namerules_cb(void *parg, int argc, char **argv, char **colnames) 737cd37da74Snw { 738c5c4113dSnw list_cb_data_t *cb_data; 739c5c4113dSnw idmap_namerules_res *result; 740c5c4113dSnw idmap_retcode retcode; 741c5c4113dSnw int w2u_order, u2w_order; 742c5c4113dSnw char *end; 743cd37da74Snw static int validated_column_names = 0; 744cd37da74Snw 745cd37da74Snw if (!validated_column_names) { 746cd37da74Snw assert(strcmp(colnames[0], "rowid") == 0); 747cd37da74Snw assert(strcmp(colnames[1], "is_user") == 0); 748cd37da74Snw assert(strcmp(colnames[2], "is_wuser") == 0); 749cd37da74Snw assert(strcmp(colnames[3], "windomain") == 0); 750cd37da74Snw assert(strcmp(colnames[4], "winname_display") == 0); 751cd37da74Snw assert(strcmp(colnames[5], "is_nt4") == 0); 752cd37da74Snw assert(strcmp(colnames[6], "unixname") == 0); 753cd37da74Snw assert(strcmp(colnames[7], "w2u_order") == 0); 754cd37da74Snw assert(strcmp(colnames[8], "u2w_order") == 0); 755cd37da74Snw validated_column_names = 1; 756cd37da74Snw } 757c5c4113dSnw 758c5c4113dSnw cb_data = (list_cb_data_t *)parg; 759c5c4113dSnw result = (idmap_namerules_res *)cb_data->result; 760c5c4113dSnw 761cd37da74Snw _VALIDATE_LIST_CB_DATA(9, &result->rules.rules_val, 762cd37da74Snw sizeof (idmap_namerule)); 763c5c4113dSnw 764c5c4113dSnw result->rules.rules_len++; 765c5c4113dSnw 766c5c4113dSnw result->rules.rules_val[cb_data->next].is_user = 767cd37da74Snw strtol(argv[1], &end, 10); 768cd37da74Snw 769cd37da74Snw result->rules.rules_val[cb_data->next].is_wuser = 770cd37da74Snw strtol(argv[2], &end, 10); 771c5c4113dSnw 7728e228215Sdm STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].windomain, 773cd37da74Snw argv[3]); 774c5c4113dSnw 7758e228215Sdm STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].winname, 776cd37da74Snw argv[4]); 777c5c4113dSnw 778c5c4113dSnw result->rules.rules_val[cb_data->next].is_nt4 = 779cd37da74Snw strtol(argv[5], &end, 10); 780c5c4113dSnw 7818e228215Sdm STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].unixname, 782cd37da74Snw argv[6]); 783c5c4113dSnw 784cd37da74Snw w2u_order = argv[7] ? strtol(argv[7], &end, 10) : 0; 785cd37da74Snw u2w_order = argv[8] ? strtol(argv[8], &end, 10) : 0; 786c5c4113dSnw 787c5c4113dSnw if (w2u_order > 0 && u2w_order == 0) 788651c0131Sbaban result->rules.rules_val[cb_data->next].direction = 789651c0131Sbaban IDMAP_DIRECTION_W2U; 790c5c4113dSnw else if (w2u_order == 0 && u2w_order > 0) 791651c0131Sbaban result->rules.rules_val[cb_data->next].direction = 792651c0131Sbaban IDMAP_DIRECTION_U2W; 793c5c4113dSnw else 794651c0131Sbaban result->rules.rules_val[cb_data->next].direction = 795651c0131Sbaban IDMAP_DIRECTION_BI; 796c5c4113dSnw 797c5c4113dSnw result->lastrowid = strtoll(argv[0], &end, 10); 798c5c4113dSnw cb_data->next++; 799c5c4113dSnw result->retcode = IDMAP_SUCCESS; 800c5c4113dSnw return (0); 801c5c4113dSnw } 802c5c4113dSnw 803c5c4113dSnw 804c5c4113dSnw /* ARGSUSED */ 805c5c4113dSnw bool_t 806c5c4113dSnw idmap_list_namerules_1_svc(idmap_namerule rule, uint64_t lastrowid, 807c5c4113dSnw uint64_t limit, idmap_namerules_res *result, 808cd37da74Snw struct svc_req *rqstp) 809cd37da74Snw { 810c5c4113dSnw 811c5c4113dSnw sqlite *db = NULL; 812c5c4113dSnw char lbuf[30], rbuf[30]; 813c5c4113dSnw char *sql = NULL; 814cd37da74Snw char *expr = NULL; 815c5c4113dSnw uint64_t maxlimit; 816c5c4113dSnw idmap_retcode retcode; 817c5c4113dSnw 818c5c4113dSnw (void) memset(result, 0, sizeof (*result)); 819c5c4113dSnw 8200dcc7149Snw result->retcode = validate_rule(&rule); 8210dcc7149Snw if (result->retcode != IDMAP_SUCCESS) 8220dcc7149Snw goto out; 8230dcc7149Snw 824c5c4113dSnw RDLOCK_CONFIG(); 825c5c4113dSnw maxlimit = _idmapdstate.cfg->pgcfg.list_size_limit; 826c5c4113dSnw UNLOCK_CONFIG(); 827c5c4113dSnw 828c5c4113dSnw /* Get db handle */ 829c5c4113dSnw result->retcode = get_db_handle(&db); 830c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 831c5c4113dSnw goto out; 832c5c4113dSnw 8330dcc7149Snw result->retcode = gen_sql_expr_from_rule(&rule, &expr); 8340dcc7149Snw if (result->retcode != IDMAP_SUCCESS) 835cd37da74Snw goto out; 836c5c4113dSnw 837c5c4113dSnw /* Create LIMIT expression. */ 838c5c4113dSnw if (limit == 0 || (maxlimit > 0 && maxlimit < limit)) 839c5c4113dSnw limit = maxlimit; 840c5c4113dSnw if (limit > 0) 841c5c4113dSnw (void) snprintf(lbuf, sizeof (lbuf), 842cd37da74Snw "LIMIT %" PRIu64, limit + 1ULL); 843bbf6f00cSJordan Brown else 844bbf6f00cSJordan Brown lbuf[0] = '\0'; 845c5c4113dSnw 846c5c4113dSnw (void) snprintf(rbuf, sizeof (rbuf), "rowid > %" PRIu64, lastrowid); 847c5c4113dSnw 848c5c4113dSnw /* 849c5c4113dSnw * Combine all the above into a giant SELECT statement that 850c5c4113dSnw * will return the requested rules 851c5c4113dSnw */ 852cd37da74Snw sql = sqlite_mprintf("SELECT rowid, is_user, is_wuser, windomain, " 853cd37da74Snw "winname_display, is_nt4, unixname, w2u_order, u2w_order " 854cd37da74Snw "FROM namerules WHERE " 855bbf6f00cSJordan Brown " %s %s %s;", 856bbf6f00cSJordan Brown rbuf, expr, lbuf); 857cd37da74Snw 858c5c4113dSnw if (sql == NULL) { 859479ac375Sdm result->retcode = IDMAP_ERR_MEMORY; 860c5c4113dSnw idmapdlog(LOG_ERR, "Out of memory"); 861c5c4113dSnw goto out; 862c5c4113dSnw } 863c5c4113dSnw 864c5c4113dSnw /* Execute the SQL statement and update the return buffer */ 86571590c90Snw PROCESS_LIST_SVC_SQL(retcode, db, IDMAP_DBNAME, sql, limit, 86648258c6bSjp 0, list_namerules_cb, result, result->rules.rules_len); 867c5c4113dSnw 868c5c4113dSnw out: 869cd37da74Snw if (expr) 870cd37da74Snw sqlite_freemem(expr); 871c5c4113dSnw if (sql) 872c5c4113dSnw sqlite_freemem(sql); 873c5c4113dSnw if (IDMAP_ERROR(result->retcode)) 874c5c4113dSnw (void) xdr_free(xdr_idmap_namerules_res, (caddr_t)result); 875c5c4113dSnw result->retcode = idmap_stat4prot(result->retcode); 876c5c4113dSnw return (TRUE); 877c5c4113dSnw } 878c5c4113dSnw 879c5c4113dSnw #define IDMAP_RULES_AUTH "solaris.admin.idmap.rules" 880c5c4113dSnw static int 881cd37da74Snw verify_rules_auth(struct svc_req *rqstp) 882cd37da74Snw { 883c5c4113dSnw ucred_t *uc = NULL; 884c5c4113dSnw uid_t uid; 885c5c4113dSnw char buf[1024]; 886c5c4113dSnw struct passwd pwd; 887c5c4113dSnw 888c5c4113dSnw if (svc_getcallerucred(rqstp->rq_xprt, &uc) != 0) { 88971590c90Snw idmapdlog(LOG_ERR, "svc_getcallerucred failed during " 89071590c90Snw "authorization (%s)", strerror(errno)); 891c5c4113dSnw return (-1); 892c5c4113dSnw } 893c5c4113dSnw 894c5c4113dSnw uid = ucred_geteuid(uc); 895c5c4113dSnw if (uid == (uid_t)-1) { 89671590c90Snw idmapdlog(LOG_ERR, "ucred_geteuid failed during " 89771590c90Snw "authorization (%s)", strerror(errno)); 898c5c4113dSnw ucred_free(uc); 899c5c4113dSnw return (-1); 900c5c4113dSnw } 901c5c4113dSnw 902c5c4113dSnw if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) { 90371590c90Snw idmapdlog(LOG_ERR, "getpwuid_r(%u) failed during " 90471590c90Snw "authorization (%s)", uid, strerror(errno)); 905c5c4113dSnw ucred_free(uc); 906c5c4113dSnw return (-1); 907c5c4113dSnw } 908c5c4113dSnw 909c5c4113dSnw if (chkauthattr(IDMAP_RULES_AUTH, pwd.pw_name) != 1) { 91071590c90Snw idmapdlog(LOG_INFO, "%s is not authorized (%s)", 91171590c90Snw pwd.pw_name, IDMAP_RULES_AUTH); 912c5c4113dSnw ucred_free(uc); 913c5c4113dSnw return (-1); 914c5c4113dSnw } 915c5c4113dSnw 916c5c4113dSnw ucred_free(uc); 917c5c4113dSnw return (1); 918c5c4113dSnw } 919c5c4113dSnw 9208e228215Sdm /* 9218e228215Sdm * Meaning of the return values is the following: For retcode == 9228e228215Sdm * IDMAP_SUCCESS, everything went OK and error_index is 9238e228215Sdm * undefined. Otherwise, error_index >=0 shows the failed batch 9248e228215Sdm * element. errro_index == -1 indicates failure at the beginning, 9258e228215Sdm * error_index == -2 at the end. 9268e228215Sdm */ 9278e228215Sdm 928c5c4113dSnw /* ARGSUSED */ 929c5c4113dSnw bool_t 9308e228215Sdm idmap_update_1_svc(idmap_update_batch batch, idmap_update_res *res, 931cd37da74Snw struct svc_req *rqstp) 932cd37da74Snw { 933c5c4113dSnw sqlite *db = NULL; 934c5c4113dSnw idmap_update_op *up; 935c5c4113dSnw int i; 93684decf41Sjp int trans = FALSE; 937c5c4113dSnw 9388e228215Sdm res->error_index = -1; 9398e228215Sdm (void) memset(&res->error_rule, 0, sizeof (res->error_rule)); 9408e228215Sdm (void) memset(&res->conflict_rule, 0, sizeof (res->conflict_rule)); 9418e228215Sdm 942c5c4113dSnw if (verify_rules_auth(rqstp) < 0) { 9438e228215Sdm res->retcode = IDMAP_ERR_PERMISSION_DENIED; 944c5c4113dSnw goto out; 945c5c4113dSnw } 946c5c4113dSnw 947c5c4113dSnw if (batch.idmap_update_batch_len == 0 || 948cd37da74Snw batch.idmap_update_batch_val == NULL) { 9498e228215Sdm res->retcode = IDMAP_SUCCESS; 950c5c4113dSnw goto out; 951c5c4113dSnw } 952c5c4113dSnw 9530dcc7149Snw res->retcode = validate_rules(&batch); 9540dcc7149Snw if (res->retcode != IDMAP_SUCCESS) 9550dcc7149Snw goto out; 9560dcc7149Snw 957c5c4113dSnw /* Get db handle */ 9588e228215Sdm res->retcode = get_db_handle(&db); 9598e228215Sdm if (res->retcode != IDMAP_SUCCESS) 960c5c4113dSnw goto out; 961c5c4113dSnw 96271590c90Snw res->retcode = sql_exec_no_cb(db, IDMAP_DBNAME, "BEGIN TRANSACTION;"); 9638e228215Sdm if (res->retcode != IDMAP_SUCCESS) 964c5c4113dSnw goto out; 96584decf41Sjp trans = TRUE; 966c5c4113dSnw 967c5c4113dSnw for (i = 0; i < batch.idmap_update_batch_len; i++) { 968c5c4113dSnw up = &batch.idmap_update_batch_val[i]; 969c5c4113dSnw switch (up->opnum) { 970c5c4113dSnw case OP_NONE: 9718e228215Sdm res->retcode = IDMAP_SUCCESS; 972c5c4113dSnw break; 973c5c4113dSnw case OP_ADD_NAMERULE: 9748e228215Sdm res->retcode = add_namerule(db, 975cd37da74Snw &up->idmap_update_op_u.rule); 976c5c4113dSnw break; 977c5c4113dSnw case OP_RM_NAMERULE: 9788e228215Sdm res->retcode = rm_namerule(db, 979cd37da74Snw &up->idmap_update_op_u.rule); 980c5c4113dSnw break; 981c5c4113dSnw case OP_FLUSH_NAMERULES: 982cd37da74Snw res->retcode = flush_namerules(db); 983c5c4113dSnw break; 984c5c4113dSnw default: 9858e228215Sdm res->retcode = IDMAP_ERR_NOTSUPPORTED; 9868e228215Sdm break; 987c5c4113dSnw }; 988c5c4113dSnw 9898e228215Sdm if (res->retcode != IDMAP_SUCCESS) { 9908e228215Sdm res->error_index = i; 9918e228215Sdm if (up->opnum == OP_ADD_NAMERULE || 9928e228215Sdm up->opnum == OP_RM_NAMERULE) { 9938e228215Sdm idmap_stat r2 = 9948e228215Sdm idmap_namerule_cpy(&res->error_rule, 995cd37da74Snw &up->idmap_update_op_u.rule); 9968e228215Sdm if (r2 != IDMAP_SUCCESS) 9978e228215Sdm res->retcode = r2; 9988e228215Sdm } 999c5c4113dSnw goto out; 10008e228215Sdm } 1001c5c4113dSnw } 1002c5c4113dSnw 1003c5c4113dSnw out: 100484decf41Sjp if (trans) { 10058e228215Sdm if (res->retcode == IDMAP_SUCCESS) { 10068e228215Sdm res->retcode = 100771590c90Snw sql_exec_no_cb(db, IDMAP_DBNAME, 100871590c90Snw "COMMIT TRANSACTION;"); 10099fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (res->retcode == IDMAP_SUCCESS) { 10109fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States /* 10119fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * We've updated the rules. Expire the cache 10129fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * so that existing mappings will be 10139fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * reconsidered. 10149fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */ 10159fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States res->retcode = 10169fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_cache_flush(IDMAP_FLUSH_EXPIRE); 10179fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } else { 10188e228215Sdm res->error_index = -2; 10199fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 10208e228215Sdm } 102184decf41Sjp else 102271590c90Snw (void) sql_exec_no_cb(db, IDMAP_DBNAME, 102371590c90Snw "ROLLBACK TRANSACTION;"); 1024c5c4113dSnw } 10258e228215Sdm 10268e228215Sdm res->retcode = idmap_stat4prot(res->retcode); 10278e228215Sdm 1028c5c4113dSnw return (TRUE); 1029c5c4113dSnw } 1030c5c4113dSnw 1031fe1c642dSBill Krier static 1032fe1c642dSBill Krier int 1033fe1c642dSBill Krier copy_string(char **to, char *from) 1034fe1c642dSBill Krier { 1035fe1c642dSBill Krier if (EMPTY_STRING(from)) { 1036fe1c642dSBill Krier *to = NULL; 1037fe1c642dSBill Krier } else { 1038fe1c642dSBill Krier *to = strdup(from); 1039fe1c642dSBill Krier if (*to == NULL) { 1040fe1c642dSBill Krier idmapdlog(LOG_ERR, "Out of memory"); 1041fe1c642dSBill Krier return (IDMAP_ERR_MEMORY); 1042fe1c642dSBill Krier } 1043fe1c642dSBill Krier } 1044fe1c642dSBill Krier return (IDMAP_SUCCESS); 1045fe1c642dSBill Krier } 1046fe1c642dSBill Krier 1047fe1c642dSBill Krier static 1048fe1c642dSBill Krier int 1049fe1c642dSBill Krier copy_id(idmap_id *to, idmap_id *from) 1050fe1c642dSBill Krier { 1051fe1c642dSBill Krier (void) memset(to, 0, sizeof (*to)); 1052fe1c642dSBill Krier 1053fe1c642dSBill Krier to->idtype = from->idtype; 1054fe1c642dSBill Krier if (IS_ID_SID(*from)) { 1055fe1c642dSBill Krier idmap_retcode retcode; 1056fe1c642dSBill Krier 1057fe1c642dSBill Krier to->idmap_id_u.sid.rid = from->idmap_id_u.sid.rid; 1058fe1c642dSBill Krier retcode = copy_string(&to->idmap_id_u.sid.prefix, 1059fe1c642dSBill Krier from->idmap_id_u.sid.prefix); 1060fe1c642dSBill Krier 1061fe1c642dSBill Krier return (retcode); 1062fe1c642dSBill Krier } else { 1063fe1c642dSBill Krier to->idmap_id_u.uid = from->idmap_id_u.uid; 1064fe1c642dSBill Krier return (IDMAP_SUCCESS); 1065fe1c642dSBill Krier } 1066fe1c642dSBill Krier } 1067fe1c642dSBill Krier 1068fe1c642dSBill Krier static 1069fe1c642dSBill Krier int 1070fe1c642dSBill Krier copy_mapping(idmap_mapping *mapping, idmap_mapping *request) 1071fe1c642dSBill Krier { 1072fe1c642dSBill Krier idmap_retcode retcode; 1073fe1c642dSBill Krier 1074fe1c642dSBill Krier (void) memset(mapping, 0, sizeof (*mapping)); 1075fe1c642dSBill Krier 1076fe1c642dSBill Krier mapping->flag = request->flag; 1077fe1c642dSBill Krier mapping->direction = _IDMAP_F_DONE; 1078fe1c642dSBill Krier 1079fe1c642dSBill Krier retcode = copy_id(&mapping->id1, &request->id1); 1080fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1081fe1c642dSBill Krier goto errout; 1082fe1c642dSBill Krier 1083fe1c642dSBill Krier retcode = copy_string(&mapping->id1domain, request->id1domain); 1084fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1085fe1c642dSBill Krier goto errout; 1086fe1c642dSBill Krier 1087fe1c642dSBill Krier retcode = copy_string(&mapping->id1name, request->id1name); 1088fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1089fe1c642dSBill Krier goto errout; 1090fe1c642dSBill Krier 1091fe1c642dSBill Krier retcode = copy_id(&mapping->id2, &request->id2); 1092fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1093fe1c642dSBill Krier goto errout; 1094fe1c642dSBill Krier 1095fe1c642dSBill Krier retcode = copy_string(&mapping->id2domain, request->id2domain); 1096fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1097fe1c642dSBill Krier goto errout; 1098fe1c642dSBill Krier retcode = copy_string(&mapping->id2name, request->id2name); 1099fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1100fe1c642dSBill Krier goto errout; 1101fe1c642dSBill Krier 1102fe1c642dSBill Krier return (IDMAP_SUCCESS); 1103fe1c642dSBill Krier 1104fe1c642dSBill Krier errout: 1105fe1c642dSBill Krier if (IS_ID_SID(mapping->id1)) 1106fe1c642dSBill Krier free(mapping->id1.idmap_id_u.sid.prefix); 1107fe1c642dSBill Krier free(mapping->id1domain); 1108fe1c642dSBill Krier free(mapping->id1name); 1109fe1c642dSBill Krier if (IS_ID_SID(mapping->id2)) 1110fe1c642dSBill Krier free(mapping->id2.idmap_id_u.sid.prefix); 1111fe1c642dSBill Krier free(mapping->id2domain); 1112fe1c642dSBill Krier free(mapping->id2name); 1113fe1c642dSBill Krier 1114fe1c642dSBill Krier (void) memset(mapping, 0, sizeof (*mapping)); 1115fe1c642dSBill Krier return (retcode); 1116fe1c642dSBill Krier } 1117fe1c642dSBill Krier 1118c5c4113dSnw 1119c5c4113dSnw /* ARGSUSED */ 1120c5c4113dSnw bool_t 1121c5c4113dSnw idmap_get_mapped_id_by_name_1_svc(idmap_mapping request, 1122cd37da74Snw idmap_mappings_res *result, struct svc_req *rqstp) 1123cd37da74Snw { 1124fe1c642dSBill Krier idmap_mapping_batch batch_request; 1125fe1c642dSBill Krier idmap_ids_res batch_result; 1126fe1c642dSBill Krier idmap_mapping *map; 1127c5c4113dSnw 1128fe1c642dSBill Krier /* Clear out things we might want to xdr_free on error */ 1129fe1c642dSBill Krier (void) memset(&batch_result, 0, sizeof (batch_result)); 1130c5c4113dSnw (void) memset(result, 0, sizeof (*result)); 1131c5c4113dSnw 11320dcc7149Snw result->retcode = validate_mapped_id_by_name_req(&request); 11330dcc7149Snw if (result->retcode != IDMAP_SUCCESS) 11340dcc7149Snw goto out; 11350dcc7149Snw 1136fe1c642dSBill Krier /* 1137fe1c642dSBill Krier * Copy the request. We need to modify it, and 1138fe1c642dSBill Krier * what we have is a shallow copy. Freeing pointers from 1139fe1c642dSBill Krier * our copy will lead to problems, since the RPC framework 1140fe1c642dSBill Krier * has its own copy of those pointers. Besides, we need 1141fe1c642dSBill Krier * a copy to return. 1142fe1c642dSBill Krier */ 1143fe1c642dSBill Krier map = calloc(1, sizeof (idmap_mapping)); 1144fe1c642dSBill Krier if (map == NULL) { 1145fe1c642dSBill Krier idmapdlog(LOG_ERR, "Out of memory"); 1146fe1c642dSBill Krier result->retcode = IDMAP_ERR_MEMORY; 1147c5c4113dSnw goto out; 1148fe1c642dSBill Krier } 1149c5c4113dSnw 1150fe1c642dSBill Krier /* 1151fe1c642dSBill Krier * Set up to return the filled-in mapping structure. 1152fe1c642dSBill Krier * Note that we xdr_free result on error, and that'll take 1153fe1c642dSBill Krier * care of freeing the mapping structure. 1154fe1c642dSBill Krier */ 1155fe1c642dSBill Krier result->mappings.mappings_val = map; 1156fe1c642dSBill Krier result->mappings.mappings_len = 1; 1157fe1c642dSBill Krier 1158fe1c642dSBill Krier result->retcode = copy_mapping(map, &request); 1159c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 1160c5c4113dSnw goto out; 1161c5c4113dSnw 1162fe1c642dSBill Krier /* Set up for the request to the batch API */ 1163fe1c642dSBill Krier batch_request.idmap_mapping_batch_val = map; 1164fe1c642dSBill Krier batch_request.idmap_mapping_batch_len = 1; 1165fe1c642dSBill Krier 1166fe1c642dSBill Krier /* Do the real work. */ 1167fe1c642dSBill Krier (void) idmap_get_mapped_ids_1_svc(batch_request, 1168fe1c642dSBill Krier &batch_result, rqstp); 1169fe1c642dSBill Krier 1170fe1c642dSBill Krier /* Copy what we need out of the batch response */ 1171fe1c642dSBill Krier 1172fe1c642dSBill Krier if (batch_result.retcode != IDMAP_SUCCESS) { 1173fe1c642dSBill Krier result->retcode = batch_result.retcode; 1174c5c4113dSnw goto out; 1175c5c4113dSnw } 1176c5c4113dSnw 1177fe1c642dSBill Krier result->retcode = copy_id(&map->id2, &batch_result.ids.ids_val[0].id); 1178fe1c642dSBill Krier if (result->retcode != IDMAP_SUCCESS) 1179fe1c642dSBill Krier goto out; 1180cd37da74Snw 1181fe1c642dSBill Krier map->direction = batch_result.ids.ids_val[0].direction; 1182fe1c642dSBill Krier 1183fe1c642dSBill Krier result->retcode = batch_result.ids.ids_val[0].retcode; 1184fe1c642dSBill Krier 1185*148c5f43SAlan Wright idmap_info_mov(&map->info, &batch_result.ids.ids_val[0].info); 1186c5c4113dSnw 1187c5c4113dSnw out: 1188c5c4113dSnw if (IDMAP_FATAL_ERROR(result->retcode)) { 1189c5c4113dSnw xdr_free(xdr_idmap_mappings_res, (caddr_t)result); 1190c5c4113dSnw result->mappings.mappings_len = 0; 1191c5c4113dSnw result->mappings.mappings_val = NULL; 1192c5c4113dSnw } 1193c5c4113dSnw result->retcode = idmap_stat4prot(result->retcode); 1194fe1c642dSBill Krier 1195fe1c642dSBill Krier xdr_free(xdr_idmap_ids_res, (char *)&batch_result); 1196fe1c642dSBill Krier 1197c5c4113dSnw return (TRUE); 1198c5c4113dSnw } 1199c5c4113dSnw 1200479ac375Sdm /* ARGSUSED */ 1201479ac375Sdm bool_t 1202479ac375Sdm idmap_get_prop_1_svc(idmap_prop_type request, 1203479ac375Sdm idmap_prop_res *result, struct svc_req *rqstp) 1204479ac375Sdm { 1205479ac375Sdm idmap_pg_config_t *pgcfg; 1206479ac375Sdm 1207479ac375Sdm /* Init */ 1208479ac375Sdm (void) memset(result, 0, sizeof (*result)); 1209479ac375Sdm result->retcode = IDMAP_SUCCESS; 1210479ac375Sdm result->value.prop = request; 1211479ac375Sdm 1212479ac375Sdm RDLOCK_CONFIG(); 1213479ac375Sdm 1214479ac375Sdm /* Just shortcuts: */ 1215479ac375Sdm pgcfg = &_idmapdstate.cfg->pgcfg; 12164d61c878SJulian Pullen 1217479ac375Sdm 1218479ac375Sdm switch (request) { 1219479ac375Sdm case PROP_LIST_SIZE_LIMIT: 1220479ac375Sdm result->value.idmap_prop_val_u.intval = pgcfg->list_size_limit; 1221479ac375Sdm result->auto_discovered = FALSE; 1222479ac375Sdm break; 1223479ac375Sdm case PROP_DEFAULT_DOMAIN: 1224479ac375Sdm result->auto_discovered = FALSE; 1225479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1226479ac375Sdm pgcfg->default_domain); 1227479ac375Sdm break; 1228479ac375Sdm case PROP_DOMAIN_NAME: 1229479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1230479ac375Sdm pgcfg->domain_name); 1231479ac375Sdm result->auto_discovered = 12324d61c878SJulian Pullen pgcfg->domain_name_auto_disc; 1233479ac375Sdm break; 1234479ac375Sdm case PROP_MACHINE_SID: 1235479ac375Sdm result->auto_discovered = FALSE; 1236479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1237479ac375Sdm pgcfg->machine_sid); 1238479ac375Sdm break; 1239479ac375Sdm case PROP_DOMAIN_CONTROLLER: 1240479ac375Sdm if (pgcfg->domain_controller != NULL) { 1241479ac375Sdm (void) memcpy(&result->value.idmap_prop_val_u.dsval, 1242479ac375Sdm pgcfg->domain_controller, 1243479ac375Sdm sizeof (idmap_ad_disc_ds_t)); 1244479ac375Sdm } 12454d61c878SJulian Pullen result->auto_discovered = pgcfg->domain_controller_auto_disc; 1246479ac375Sdm break; 1247479ac375Sdm case PROP_FOREST_NAME: 1248479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1249479ac375Sdm pgcfg->forest_name); 12504d61c878SJulian Pullen result->auto_discovered = pgcfg->forest_name_auto_disc; 1251479ac375Sdm break; 1252479ac375Sdm case PROP_SITE_NAME: 1253479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1254479ac375Sdm pgcfg->site_name); 12554d61c878SJulian Pullen result->auto_discovered = pgcfg->site_name_auto_disc; 1256479ac375Sdm break; 1257479ac375Sdm case PROP_GLOBAL_CATALOG: 1258479ac375Sdm if (pgcfg->global_catalog != NULL) { 1259479ac375Sdm (void) memcpy(&result->value.idmap_prop_val_u.dsval, 1260479ac375Sdm pgcfg->global_catalog, sizeof (idmap_ad_disc_ds_t)); 1261479ac375Sdm } 12624d61c878SJulian Pullen result->auto_discovered = pgcfg->global_catalog_auto_disc; 1263479ac375Sdm break; 1264479ac375Sdm case PROP_AD_UNIXUSER_ATTR: 1265479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1266479ac375Sdm pgcfg->ad_unixuser_attr); 1267479ac375Sdm result->auto_discovered = FALSE; 1268479ac375Sdm break; 1269479ac375Sdm case PROP_AD_UNIXGROUP_ATTR: 1270479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1271479ac375Sdm pgcfg->ad_unixgroup_attr); 1272479ac375Sdm result->auto_discovered = FALSE; 1273479ac375Sdm break; 1274479ac375Sdm case PROP_NLDAP_WINNAME_ATTR: 1275479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1276479ac375Sdm pgcfg->nldap_winname_attr); 1277479ac375Sdm result->auto_discovered = FALSE; 1278479ac375Sdm break; 1279e3f2c991SKeyur Desai case PROP_DIRECTORY_BASED_MAPPING: 1280e3f2c991SKeyur Desai STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1281e3f2c991SKeyur Desai enum_lookup(pgcfg->directory_based_mapping, 1282e3f2c991SKeyur Desai directory_mapping_map)); 1283479ac375Sdm result->auto_discovered = FALSE; 1284479ac375Sdm break; 1285479ac375Sdm default: 1286479ac375Sdm result->retcode = IDMAP_ERR_PROP_UNKNOWN; 1287479ac375Sdm break; 1288479ac375Sdm } 1289479ac375Sdm 1290479ac375Sdm out: 1291479ac375Sdm UNLOCK_CONFIG(); 1292479ac375Sdm if (IDMAP_FATAL_ERROR(result->retcode)) { 1293479ac375Sdm xdr_free(xdr_idmap_prop_res, (caddr_t)result); 1294479ac375Sdm result->value.prop = PROP_UNKNOWN; 1295479ac375Sdm } 1296479ac375Sdm result->retcode = idmap_stat4prot(result->retcode); 1297479ac375Sdm return (TRUE); 1298479ac375Sdm } 1299479ac375Sdm 13009fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States int 13019fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_flush_1_svc( 13029fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_flush_op op, 13039fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_retcode *result, 13049fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States struct svc_req *rqstp) 13059fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States { 13069fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States NOTE(ARGUNUSED(rqstp)) 13079fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (verify_rules_auth(rqstp) < 0) { 13089fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States *result = IDMAP_ERR_PERMISSION_DENIED; 13099fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (TRUE); 13109fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 13119fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 13129fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States *result = idmap_cache_flush(op); 13139fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 13149fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (TRUE); 13159fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 1316c5c4113dSnw 1317c5c4113dSnw /* ARGSUSED */ 1318c5c4113dSnw int 1319c5c4113dSnw idmap_prog_1_freeresult(SVCXPRT *transp, xdrproc_t xdr_result, 1320cd37da74Snw caddr_t result) 1321cd37da74Snw { 1322c5c4113dSnw (void) xdr_free(xdr_result, result); 1323c5c4113dSnw return (TRUE); 1324c5c4113dSnw } 13251fcced4cSJordan Brown 13261fcced4cSJordan Brown /* 13271fcced4cSJordan Brown * This function is called by rpc_svc.c when it encounters an error. 13281fcced4cSJordan Brown */ 13291fcced4cSJordan Brown NOTE(PRINTFLIKE(1)) 13301fcced4cSJordan Brown void 13311fcced4cSJordan Brown idmap_rpc_msgout(const char *fmt, ...) 13321fcced4cSJordan Brown { 13331fcced4cSJordan Brown va_list va; 13341fcced4cSJordan Brown char buf[1000]; 13351fcced4cSJordan Brown 13361fcced4cSJordan Brown va_start(va, fmt); 13371fcced4cSJordan Brown (void) vsnprintf(buf, sizeof (buf), fmt, va); 13381fcced4cSJordan Brown va_end(va); 13391fcced4cSJordan Brown 13401fcced4cSJordan Brown idmapdlog(LOG_ERR, "idmap RPC: %s", buf); 13411fcced4cSJordan Brown } 1342