1c5c4113dSnw /* 2c5c4113dSnw * CDDL HEADER START 3c5c4113dSnw * 4c5c4113dSnw * The contents of this file are subject to the terms of the 5c5c4113dSnw * Common Development and Distribution License (the "License"). 6c5c4113dSnw * You may not use this file except in compliance with the License. 7c5c4113dSnw * 8c5c4113dSnw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9c5c4113dSnw * or http://www.opensolaris.org/os/licensing. 10c5c4113dSnw * See the License for the specific language governing permissions 11c5c4113dSnw * and limitations under the License. 12c5c4113dSnw * 13c5c4113dSnw * When distributing Covered Code, include this CDDL HEADER in each 14c5c4113dSnw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15c5c4113dSnw * If applicable, add the following below this CDDL HEADER, with the 16c5c4113dSnw * fields enclosed by brackets "[]" replaced with your own identifying 17c5c4113dSnw * information: Portions Copyright [yyyy] [name of copyright owner] 18c5c4113dSnw * 19c5c4113dSnw * CDDL HEADER END 20c5c4113dSnw */ 21c5c4113dSnw /* 22148c5f43SAlan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23c5c4113dSnw */ 24c5c4113dSnw 25c5c4113dSnw 26c5c4113dSnw /* 27c5c4113dSnw * Service routines 28c5c4113dSnw */ 29c5c4113dSnw 30c5c4113dSnw #include "idmapd.h" 31c5c4113dSnw #include "idmap_priv.h" 32e8c27ec8Sbaban #include "nldaputils.h" 33c5c4113dSnw #include <signal.h> 34c5c4113dSnw #include <thread.h> 35c5c4113dSnw #include <string.h> 36c5c4113dSnw #include <strings.h> 37c5c4113dSnw #include <errno.h> 38c5c4113dSnw #include <assert.h> 39c5c4113dSnw #include <sys/types.h> 40c5c4113dSnw #include <sys/stat.h> 419fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States #include <sys/sid.h> 42c5c4113dSnw #include <ucred.h> 43c5c4113dSnw #include <pwd.h> 44c5c4113dSnw #include <auth_attr.h> 45c5c4113dSnw #include <secdb.h> 460dcc7149Snw #include <sys/u8_textprep.h> 471fcced4cSJordan Brown #include <note.h> 48c5c4113dSnw 49c5c4113dSnw #define _VALIDATE_LIST_CB_DATA(col, val, siz)\ 50c5c4113dSnw retcode = validate_list_cb_data(cb_data, argc, argv, col,\ 51c5c4113dSnw (uchar_t **)val, siz);\ 52c5c4113dSnw if (retcode == IDMAP_NEXT) {\ 53c5c4113dSnw result->retcode = IDMAP_NEXT;\ 54c5c4113dSnw return (0);\ 55c5c4113dSnw } else if (retcode < 0) {\ 56c5c4113dSnw result->retcode = retcode;\ 57c5c4113dSnw return (1);\ 58c5c4113dSnw } 59c5c4113dSnw 6048258c6bSjp #define PROCESS_LIST_SVC_SQL(rcode, db, dbname, sql, limit, flag, cb, res, len)\ 6148258c6bSjp rcode = process_list_svc_sql(db, dbname, sql, limit, flag, cb, res);\ 62c5c4113dSnw if (rcode == IDMAP_ERR_BUSY)\ 63c5c4113dSnw res->retcode = IDMAP_ERR_BUSY;\ 64c5c4113dSnw else if (rcode == IDMAP_SUCCESS && len == 0)\ 65c5c4113dSnw res->retcode = IDMAP_ERR_NOTFOUND; 66c5c4113dSnw 67c5c4113dSnw 688e228215Sdm #define STRDUP_OR_FAIL(to, from) \ 698e228215Sdm if ((from) == NULL) \ 708e228215Sdm to = NULL; \ 718e228215Sdm else { \ 728e228215Sdm if ((to = strdup(from)) == NULL) \ 738e228215Sdm return (1); \ 748e228215Sdm } 758e228215Sdm 76479ac375Sdm #define STRDUP_CHECK(to, from) \ 77479ac375Sdm if ((from) != NULL) { \ 78479ac375Sdm to = strdup(from); \ 79479ac375Sdm if (to == NULL) { \ 80479ac375Sdm result->retcode = IDMAP_ERR_MEMORY; \ 81479ac375Sdm goto out; \ 82479ac375Sdm } \ 83479ac375Sdm } 84479ac375Sdm 85c5c4113dSnw /* ARGSUSED */ 86c5c4113dSnw bool_t 87cd37da74Snw idmap_null_1_svc(void *result, struct svc_req *rqstp) 88cd37da74Snw { 89c5c4113dSnw return (TRUE); 90c5c4113dSnw } 91c5c4113dSnw 92334e3463Sbaban /* 93334e3463Sbaban * RPC layer allocates empty strings to replace NULL char *. 94334e3463Sbaban * This utility function frees these empty strings. 95334e3463Sbaban */ 96e8c27ec8Sbaban static 97e8c27ec8Sbaban void 98334e3463Sbaban sanitize_mapping_request(idmap_mapping *req) 99334e3463Sbaban { 100fe1c642dSBill Krier if (EMPTY_STRING(req->id1name)) { 101fe1c642dSBill Krier free(req->id1name); 102fe1c642dSBill Krier req->id1name = NULL; 103fe1c642dSBill Krier } 104fe1c642dSBill Krier if (EMPTY_STRING(req->id1domain)) { 105fe1c642dSBill Krier free(req->id1domain); 106fe1c642dSBill Krier req->id1domain = NULL; 107fe1c642dSBill Krier } 108fe1c642dSBill Krier if (EMPTY_STRING(req->id2name)) { 109fe1c642dSBill Krier free(req->id2name); 110fe1c642dSBill Krier req->id2name = NULL; 111fe1c642dSBill Krier } 112fe1c642dSBill Krier if (EMPTY_STRING(req->id2domain)) { 113fe1c642dSBill Krier free(req->id2domain); 114fe1c642dSBill Krier req->id2domain = NULL; 115fe1c642dSBill Krier } 116e8c27ec8Sbaban req->direction = _IDMAP_F_DONE; 117334e3463Sbaban } 118334e3463Sbaban 1190dcc7149Snw static 1200dcc7149Snw int 1210dcc7149Snw validate_mapped_id_by_name_req(idmap_mapping *req) 1220dcc7149Snw { 1230dcc7149Snw int e; 1240dcc7149Snw 125148c5f43SAlan Wright if (IS_ID_UID(req->id1) || IS_ID_GID(req->id1)) 1260dcc7149Snw return (IDMAP_SUCCESS); 1270dcc7149Snw 128148c5f43SAlan Wright if (IS_ID_SID(req->id1)) { 1290dcc7149Snw if (!EMPTY_STRING(req->id1name) && 1300dcc7149Snw u8_validate(req->id1name, strlen(req->id1name), 1310dcc7149Snw NULL, U8_VALIDATE_ENTIRE, &e) < 0) 1320dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1330dcc7149Snw if (!EMPTY_STRING(req->id1domain) && 1340dcc7149Snw u8_validate(req->id1domain, strlen(req->id1domain), 1350dcc7149Snw NULL, U8_VALIDATE_ENTIRE, &e) < 0) 1360dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1370dcc7149Snw } 1380dcc7149Snw 1390dcc7149Snw return (IDMAP_SUCCESS); 1400dcc7149Snw } 1410dcc7149Snw 1420dcc7149Snw static 1430dcc7149Snw int 1440dcc7149Snw validate_rule(idmap_namerule *rule) 1450dcc7149Snw { 1460dcc7149Snw int e; 1470dcc7149Snw 1480dcc7149Snw if (!EMPTY_STRING(rule->winname) && 1490dcc7149Snw u8_validate(rule->winname, strlen(rule->winname), 1500dcc7149Snw NULL, U8_VALIDATE_ENTIRE, &e) < 0) 1510dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1520dcc7149Snw 1530dcc7149Snw if (!EMPTY_STRING(rule->windomain) && 1540dcc7149Snw u8_validate(rule->windomain, strlen(rule->windomain), 1550dcc7149Snw NULL, U8_VALIDATE_ENTIRE, &e) < 0) 1560dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1570dcc7149Snw 1580dcc7149Snw return (IDMAP_SUCCESS); 1590dcc7149Snw 1600dcc7149Snw } 1610dcc7149Snw 1620dcc7149Snw static 1630dcc7149Snw bool_t 1640dcc7149Snw validate_rules(idmap_update_batch *batch) 1650dcc7149Snw { 1660dcc7149Snw idmap_update_op *up; 1670dcc7149Snw int i; 1680dcc7149Snw 1690dcc7149Snw for (i = 0; i < batch->idmap_update_batch_len; i++) { 1700dcc7149Snw up = &(batch->idmap_update_batch_val[i]); 1710dcc7149Snw if (validate_rule(&(up->idmap_update_op_u.rule)) 1720dcc7149Snw != IDMAP_SUCCESS) 1730dcc7149Snw return (IDMAP_ERR_BAD_UTF8); 1740dcc7149Snw } 1750dcc7149Snw 1760dcc7149Snw return (IDMAP_SUCCESS); 1770dcc7149Snw } 1780dcc7149Snw 179c5c4113dSnw /* ARGSUSED */ 180c5c4113dSnw bool_t 181c5c4113dSnw idmap_get_mapped_ids_1_svc(idmap_mapping_batch batch, 182*a17ce845SMarcel Telka idmap_ids_res *result, struct svc_req *rqstp) 183cd37da74Snw { 184c5c4113dSnw sqlite *cache = NULL, *db = NULL; 185c5c4113dSnw lookup_state_t state; 186e8c27ec8Sbaban idmap_retcode retcode; 18762c60062Sbaban uint_t i; 188148c5f43SAlan Wright idmap_mapping *req; 189148c5f43SAlan Wright idmap_id_res *res; 190148c5f43SAlan Wright boolean_t any_tracing; 191c5c4113dSnw 192c5c4113dSnw /* Init */ 193c5c4113dSnw (void) memset(result, 0, sizeof (*result)); 194c5c4113dSnw (void) memset(&state, 0, sizeof (state)); 195c5c4113dSnw 196c5c4113dSnw /* Return success if nothing was requested */ 197c5c4113dSnw if (batch.idmap_mapping_batch_len < 1) 198c5c4113dSnw goto out; 199c5c4113dSnw 200c5c4113dSnw /* Get cache handle */ 201c5c4113dSnw result->retcode = get_cache_handle(&cache); 202c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 203c5c4113dSnw goto out; 204479ac375Sdm state.cache = cache; 205c5c4113dSnw 206c5c4113dSnw /* Get db handle */ 207c5c4113dSnw result->retcode = get_db_handle(&db); 208c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 209c5c4113dSnw goto out; 210479ac375Sdm state.db = db; 211c5c4113dSnw 212c5c4113dSnw /* Allocate result array */ 213c5c4113dSnw result->ids.ids_val = calloc(batch.idmap_mapping_batch_len, 214cd37da74Snw sizeof (idmap_id_res)); 215c5c4113dSnw if (result->ids.ids_val == NULL) { 216c5c4113dSnw idmapdlog(LOG_ERR, "Out of memory"); 217c5c4113dSnw result->retcode = IDMAP_ERR_MEMORY; 218c5c4113dSnw goto out; 219c5c4113dSnw } 220c5c4113dSnw result->ids.ids_len = batch.idmap_mapping_batch_len; 221c5c4113dSnw 22262c60062Sbaban /* Allocate hash table to check for duplicate sids */ 22362c60062Sbaban state.sid_history = calloc(batch.idmap_mapping_batch_len, 224cd37da74Snw sizeof (*state.sid_history)); 22562c60062Sbaban if (state.sid_history == NULL) { 22662c60062Sbaban idmapdlog(LOG_ERR, "Out of memory"); 22762c60062Sbaban result->retcode = IDMAP_ERR_MEMORY; 22862c60062Sbaban goto out; 22962c60062Sbaban } 23062c60062Sbaban state.sid_history_size = batch.idmap_mapping_batch_len; 23162c60062Sbaban for (i = 0; i < state.sid_history_size; i++) { 23262c60062Sbaban state.sid_history[i].key = state.sid_history_size; 23362c60062Sbaban state.sid_history[i].next = state.sid_history_size; 23462c60062Sbaban } 23562c60062Sbaban state.batch = &batch; 23662c60062Sbaban state.result = result; 23762c60062Sbaban 238e8c27ec8Sbaban /* Get directory-based name mapping info */ 239479ac375Sdm result->retcode = load_cfg_in_state(&state); 240e8c27ec8Sbaban if (result->retcode != IDMAP_SUCCESS) 241e8c27ec8Sbaban goto out; 242e8c27ec8Sbaban 243c5c4113dSnw /* Init our 'done' flags */ 244c5c4113dSnw state.sid2pid_done = state.pid2sid_done = TRUE; 245c5c4113dSnw 246148c5f43SAlan Wright any_tracing = B_FALSE; 247148c5f43SAlan Wright 248c5c4113dSnw /* First stage */ 249c5c4113dSnw for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 250148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 251148c5f43SAlan Wright res = &result->ids.ids_val[i]; 252148c5f43SAlan Wright if (TRACING(req)) 253148c5f43SAlan Wright any_tracing = B_TRUE; 25462c60062Sbaban state.curpos = i; 255148c5f43SAlan Wright (void) sanitize_mapping_request(req); 256148c5f43SAlan Wright TRACE(req, res, "Start mapping"); 257148c5f43SAlan Wright if (IS_ID_SID(req->id1)) { 258c5c4113dSnw retcode = sid2pid_first_pass( 259cd37da74Snw &state, 260148c5f43SAlan Wright req, 261148c5f43SAlan Wright res); 262148c5f43SAlan Wright } else if (IS_ID_UID(req->id1)) { 263c5c4113dSnw retcode = pid2sid_first_pass( 264cd37da74Snw &state, 265148c5f43SAlan Wright req, 266148c5f43SAlan Wright res, 1); 267148c5f43SAlan Wright } else if (IS_ID_GID(req->id1)) { 268c5c4113dSnw retcode = pid2sid_first_pass( 269cd37da74Snw &state, 270148c5f43SAlan Wright req, 271148c5f43SAlan Wright res, 0); 272c5c4113dSnw } else { 273148c5f43SAlan Wright res->retcode = IDMAP_ERR_IDTYPE; 274c5c4113dSnw continue; 275c5c4113dSnw } 276c5c4113dSnw if (IDMAP_FATAL_ERROR(retcode)) { 277c5c4113dSnw result->retcode = retcode; 278c5c4113dSnw goto out; 279c5c4113dSnw } 280c5c4113dSnw } 281c5c4113dSnw 282c5c4113dSnw /* Check if we are done */ 283c5c4113dSnw if (state.sid2pid_done == TRUE && state.pid2sid_done == TRUE) 284c5c4113dSnw goto out; 285c5c4113dSnw 286e8c27ec8Sbaban /* 287e8c27ec8Sbaban * native LDAP lookups: 288479ac375Sdm * pid2sid: 289479ac375Sdm * - nldap or mixed mode. Lookup nldap by pid or unixname to get 290479ac375Sdm * winname. 291479ac375Sdm * sid2pid: 292479ac375Sdm * - nldap mode. Got winname and sid (either given or found in 293479ac375Sdm * name_cache). Lookup nldap by winname to get pid and 294479ac375Sdm * unixname. 295e8c27ec8Sbaban */ 296e8c27ec8Sbaban if (state.nldap_nqueries) { 297e8c27ec8Sbaban retcode = nldap_lookup_batch(&state, &batch, result); 298e8c27ec8Sbaban if (IDMAP_FATAL_ERROR(retcode)) { 299148c5f43SAlan Wright TRACE(req, res, "Native LDAP lookup error=%d", retcode); 300e8c27ec8Sbaban result->retcode = retcode; 301e8c27ec8Sbaban goto out; 302e8c27ec8Sbaban } 303148c5f43SAlan Wright if (any_tracing) { 304148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 305148c5f43SAlan Wright res = &result->ids.ids_val[i]; 306148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 307148c5f43SAlan Wright if (IDMAP_ERROR(res->retcode)) { 308148c5f43SAlan Wright TRACE(req, res, 309148c5f43SAlan Wright "Native LDAP lookup error=%d", 310148c5f43SAlan Wright res->retcode); 311148c5f43SAlan Wright } else { 312148c5f43SAlan Wright TRACE(req, res, "Native LDAP lookup"); 313148c5f43SAlan Wright } 314148c5f43SAlan Wright } 315148c5f43SAlan Wright } 316e8c27ec8Sbaban } 317e8c27ec8Sbaban 318e8c27ec8Sbaban /* 319e8c27ec8Sbaban * AD lookups: 320479ac375Sdm * pid2sid: 321479ac375Sdm * - nldap or mixed mode. Got winname from nldap lookup. 322479ac375Sdm * winname2sid could not be resolved locally. Lookup AD 323479ac375Sdm * by winname to get sid. 324479ac375Sdm * - ad mode. Got unixname. Lookup AD by unixname to get 325479ac375Sdm * winname and sid. 326479ac375Sdm * sid2pid: 327479ac375Sdm * - ad or mixed mode. Lookup AD by sid or winname to get 328479ac375Sdm * winname, sid and unixname. 329479ac375Sdm * - any mode. Got either sid or winname but not both. Lookup 330479ac375Sdm * AD by sid or winname to get winname, sid. 331e8c27ec8Sbaban */ 332c5c4113dSnw if (state.ad_nqueries) { 333e8c27ec8Sbaban retcode = ad_lookup_batch(&state, &batch, result); 334e8c27ec8Sbaban if (IDMAP_FATAL_ERROR(retcode)) { 335148c5f43SAlan Wright TRACE(req, res, "AD lookup error=%d", retcode); 336e8c27ec8Sbaban result->retcode = retcode; 337e8c27ec8Sbaban goto out; 338e8c27ec8Sbaban } 339148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 340148c5f43SAlan Wright res = &result->ids.ids_val[i]; 341148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 342148c5f43SAlan Wright if (res->retcode == IDMAP_ERR_DOMAIN_NOTFOUND && 343148c5f43SAlan Wright req->id1.idmap_id_u.sid.prefix != NULL && 344148c5f43SAlan Wright req->id1name != NULL) { 345148c5f43SAlan Wright /* 346148c5f43SAlan Wright * If AD lookup failed Domain Not Found but 347148c5f43SAlan Wright * we have a winname and SID, it means that 348148c5f43SAlan Wright * - LSA succeeded 349148c5f43SAlan Wright * - it's a request a cross-forest trust 350148c5f43SAlan Wright * and 351148c5f43SAlan Wright * - we were looking for directory-based 352148c5f43SAlan Wright * mapping information. 353148c5f43SAlan Wright * In that case, we're OK, just go on. 354148c5f43SAlan Wright * 355148c5f43SAlan Wright * If this seems more convoluted than it 356148c5f43SAlan Wright * should be, it is - really, we probably 357148c5f43SAlan Wright * shouldn't even be attempting AD lookups 358148c5f43SAlan Wright * in this situation, but that's a more 359148c5f43SAlan Wright * intricate cleanup that will have to wait 360148c5f43SAlan Wright * for later. 361148c5f43SAlan Wright */ 362148c5f43SAlan Wright res->retcode = IDMAP_SUCCESS; 363148c5f43SAlan Wright TRACE(req, res, 364148c5f43SAlan Wright "AD lookup - domain not found (ignored)"); 365148c5f43SAlan Wright continue; 366148c5f43SAlan Wright } 367148c5f43SAlan Wright } 368e8c27ec8Sbaban } 369e8c27ec8Sbaban 370e8c27ec8Sbaban /* 371e8c27ec8Sbaban * native LDAP lookups: 372479ac375Sdm * sid2pid: 373479ac375Sdm * - nldap mode. Got winname and sid from AD lookup. Lookup nldap 374479ac375Sdm * by winname to get pid and unixname. 375e8c27ec8Sbaban */ 376e8c27ec8Sbaban if (state.nldap_nqueries) { 377e8c27ec8Sbaban retcode = nldap_lookup_batch(&state, &batch, result); 378e8c27ec8Sbaban if (IDMAP_FATAL_ERROR(retcode)) { 379148c5f43SAlan Wright TRACE(req, res, "Native LDAP lookup error=%d", retcode); 380e8c27ec8Sbaban result->retcode = retcode; 381c5c4113dSnw goto out; 382c5c4113dSnw } 383148c5f43SAlan Wright if (any_tracing) { 384148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 385148c5f43SAlan Wright res = &result->ids.ids_val[i]; 386148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 387148c5f43SAlan Wright TRACE(req, res, "Native LDAP lookup"); 388148c5f43SAlan Wright } 389148c5f43SAlan Wright } 390e8c27ec8Sbaban } 391c5c4113dSnw 392e8c27ec8Sbaban /* Reset 'done' flags */ 393e8c27ec8Sbaban state.sid2pid_done = state.pid2sid_done = TRUE; 394c5c4113dSnw 395c5c4113dSnw /* Second stage */ 396c5c4113dSnw for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 397148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 398148c5f43SAlan Wright res = &result->ids.ids_val[i]; 39962c60062Sbaban state.curpos = i; 400148c5f43SAlan Wright if (IS_ID_SID(req->id1)) { 401c5c4113dSnw retcode = sid2pid_second_pass( 402cd37da74Snw &state, 403148c5f43SAlan Wright req, 404148c5f43SAlan Wright res); 405148c5f43SAlan Wright } else if (IS_ID_UID(req->id1)) { 406e8c27ec8Sbaban retcode = pid2sid_second_pass( 407e8c27ec8Sbaban &state, 408148c5f43SAlan Wright req, 409148c5f43SAlan Wright res, 1); 410148c5f43SAlan Wright } else if (IS_ID_GID(req->id1)) { 411e8c27ec8Sbaban retcode = pid2sid_second_pass( 412e8c27ec8Sbaban &state, 413148c5f43SAlan Wright req, 414148c5f43SAlan Wright res, 0); 415e8c27ec8Sbaban } else { 416e8c27ec8Sbaban /* First stage has already set the error */ 417e8c27ec8Sbaban continue; 418e8c27ec8Sbaban } 419e8c27ec8Sbaban if (IDMAP_FATAL_ERROR(retcode)) { 420e8c27ec8Sbaban result->retcode = retcode; 421e8c27ec8Sbaban goto out; 422c5c4113dSnw } 423c5c4113dSnw } 424c5c4113dSnw 425c5c4113dSnw /* Check if we are done */ 426c5c4113dSnw if (state.sid2pid_done == TRUE && state.pid2sid_done == TRUE) 427c5c4113dSnw goto out; 428c5c4113dSnw 429c5c4113dSnw /* Reset our 'done' flags */ 430c5c4113dSnw state.sid2pid_done = state.pid2sid_done = TRUE; 431c5c4113dSnw 432c5c4113dSnw /* Update cache in a single transaction */ 43371590c90Snw if (sql_exec_no_cb(cache, IDMAP_CACHENAME, "BEGIN TRANSACTION;") 43471590c90Snw != IDMAP_SUCCESS) 435c5c4113dSnw goto out; 436c5c4113dSnw 437c5c4113dSnw for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 438148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 439148c5f43SAlan Wright res = &result->ids.ids_val[i]; 44062c60062Sbaban state.curpos = i; 441148c5f43SAlan Wright if (IS_ID_SID(req->id1)) { 442c5c4113dSnw (void) update_cache_sid2pid( 443cd37da74Snw &state, 444148c5f43SAlan Wright req, 445148c5f43SAlan Wright res); 446148c5f43SAlan Wright } else if ((IS_ID_UID(req->id1)) || 447148c5f43SAlan Wright (IS_ID_GID(req->id1))) { 448c5c4113dSnw (void) update_cache_pid2sid( 449cd37da74Snw &state, 450148c5f43SAlan Wright req, 451148c5f43SAlan Wright res); 452c5c4113dSnw } 453c5c4113dSnw } 454c5c4113dSnw 455da6c28aaSamw /* Commit if we have at least one successful update */ 456c5c4113dSnw if (state.sid2pid_done == FALSE || state.pid2sid_done == FALSE) 45771590c90Snw (void) sql_exec_no_cb(cache, IDMAP_CACHENAME, 45871590c90Snw "COMMIT TRANSACTION;"); 459c5c4113dSnw else 46071590c90Snw (void) sql_exec_no_cb(cache, IDMAP_CACHENAME, 46171590c90Snw "END TRANSACTION;"); 462c5c4113dSnw 463c5c4113dSnw out: 464e8c27ec8Sbaban cleanup_lookup_state(&state); 465c5c4113dSnw if (IDMAP_ERROR(result->retcode)) { 466148c5f43SAlan Wright if (any_tracing) { 467148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 468148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 469148c5f43SAlan Wright res = &result->ids.ids_val[i]; 470148c5f43SAlan Wright TRACE(req, res, 471148c5f43SAlan Wright "Failure code %d", result->retcode); 472148c5f43SAlan Wright } 473148c5f43SAlan Wright } 474c5c4113dSnw xdr_free(xdr_idmap_ids_res, (caddr_t)result); 475c5c4113dSnw result->ids.ids_len = 0; 476c5c4113dSnw result->ids.ids_val = NULL; 477148c5f43SAlan Wright } else { 478148c5f43SAlan Wright if (any_tracing) { 479148c5f43SAlan Wright for (i = 0; i < batch.idmap_mapping_batch_len; i++) { 480148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 481148c5f43SAlan Wright res = &result->ids.ids_val[i]; 482148c5f43SAlan Wright TRACE(req, res, "Done"); 483148c5f43SAlan Wright } 484148c5f43SAlan Wright } 485c5c4113dSnw } 486c5c4113dSnw result->retcode = idmap_stat4prot(result->retcode); 487148c5f43SAlan Wright 488148c5f43SAlan Wright for (i = 0; i < result->ids.ids_len; i++) { 489148c5f43SAlan Wright req = &batch.idmap_mapping_batch_val[i]; 490148c5f43SAlan Wright res = &result->ids.ids_val[i]; 491148c5f43SAlan Wright 492148c5f43SAlan Wright if (!(req->flag & IDMAP_REQ_FLG_MAPPING_INFO) && 493148c5f43SAlan Wright res->retcode == IDMAP_SUCCESS) 494148c5f43SAlan Wright idmap_how_clear(&res->info.how); 495148c5f43SAlan Wright } 496c5c4113dSnw return (TRUE); 497c5c4113dSnw } 498c5c4113dSnw 499c5c4113dSnw 500c5c4113dSnw /* ARGSUSED */ 501cd37da74Snw static 502cd37da74Snw int 503cd37da74Snw list_mappings_cb(void *parg, int argc, char **argv, char **colnames) 504cd37da74Snw { 505c5c4113dSnw list_cb_data_t *cb_data; 506c5c4113dSnw char *str; 507c5c4113dSnw idmap_mappings_res *result; 508c5c4113dSnw idmap_retcode retcode; 509c5c4113dSnw int w2u, u2w; 510c5c4113dSnw char *end; 511cd37da74Snw static int validated_column_names = 0; 51248258c6bSjp idmap_how *how; 51348258c6bSjp 51448258c6bSjp cb_data = (list_cb_data_t *)parg; 515cd37da74Snw 516cd37da74Snw if (!validated_column_names) { 517cd37da74Snw assert(strcmp(colnames[0], "rowid") == 0); 518cd37da74Snw assert(strcmp(colnames[1], "sidprefix") == 0); 519cd37da74Snw assert(strcmp(colnames[2], "rid") == 0); 520cd37da74Snw assert(strcmp(colnames[3], "pid") == 0); 521cd37da74Snw assert(strcmp(colnames[4], "w2u") == 0); 522cd37da74Snw assert(strcmp(colnames[5], "u2w") == 0); 523cd37da74Snw assert(strcmp(colnames[6], "windomain") == 0); 524cd37da74Snw assert(strcmp(colnames[7], "canon_winname") == 0); 525cd37da74Snw assert(strcmp(colnames[8], "unixname") == 0); 526cd37da74Snw assert(strcmp(colnames[9], "is_user") == 0); 527cd37da74Snw assert(strcmp(colnames[10], "is_wuser") == 0); 52848258c6bSjp assert(strcmp(colnames[11], "map_type") == 0); 52948258c6bSjp assert(strcmp(colnames[12], "map_dn") == 0); 53048258c6bSjp assert(strcmp(colnames[13], "map_attr") == 0); 53148258c6bSjp assert(strcmp(colnames[14], "map_value") == 0); 53248258c6bSjp assert(strcmp(colnames[15], "map_windomain") == 0); 53348258c6bSjp assert(strcmp(colnames[16], "map_winname") == 0); 53448258c6bSjp assert(strcmp(colnames[17], "map_unixname") == 0); 53548258c6bSjp assert(strcmp(colnames[18], "map_is_nt4") == 0); 536cd37da74Snw validated_column_names = 1; 537cd37da74Snw } 538cd37da74Snw 539c5c4113dSnw result = (idmap_mappings_res *)cb_data->result; 540c5c4113dSnw 54148258c6bSjp _VALIDATE_LIST_CB_DATA(19, &result->mappings.mappings_val, 542cd37da74Snw sizeof (idmap_mapping)); 543c5c4113dSnw 544c5c4113dSnw result->mappings.mappings_len++; 545c5c4113dSnw 546c5c4113dSnw if ((str = strdup(argv[1])) == NULL) 547c5c4113dSnw return (1); 548c5c4113dSnw result->mappings.mappings_val[cb_data->next].id1.idmap_id_u.sid.prefix = 549cd37da74Snw str; 550c5c4113dSnw result->mappings.mappings_val[cb_data->next].id1.idmap_id_u.sid.rid = 551cd37da74Snw strtoul(argv[2], &end, 10); 552cd37da74Snw result->mappings.mappings_val[cb_data->next].id1.idtype = 553cd37da74Snw strtol(argv[10], &end, 10) ? IDMAP_USID : IDMAP_GSID; 554c5c4113dSnw 555c5c4113dSnw result->mappings.mappings_val[cb_data->next].id2.idmap_id_u.uid = 556cd37da74Snw strtoul(argv[3], &end, 10); 557cd37da74Snw result->mappings.mappings_val[cb_data->next].id2.idtype = 558cd37da74Snw strtol(argv[9], &end, 10) ? IDMAP_UID : IDMAP_GID; 559c5c4113dSnw 560cd37da74Snw w2u = argv[4] ? strtol(argv[4], &end, 10) : 0; 561cd37da74Snw u2w = argv[5] ? strtol(argv[5], &end, 10) : 0; 562c5c4113dSnw 563c5c4113dSnw if (w2u > 0 && u2w == 0) 564651c0131Sbaban result->mappings.mappings_val[cb_data->next].direction = 565651c0131Sbaban IDMAP_DIRECTION_W2U; 566c5c4113dSnw else if (w2u == 0 && u2w > 0) 567651c0131Sbaban result->mappings.mappings_val[cb_data->next].direction = 568651c0131Sbaban IDMAP_DIRECTION_U2W; 569c5c4113dSnw else 570651c0131Sbaban result->mappings.mappings_val[cb_data->next].direction = 571651c0131Sbaban IDMAP_DIRECTION_BI; 572c5c4113dSnw 5738e228215Sdm STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id1domain, 5748e228215Sdm argv[6]); 575c5c4113dSnw 5768e228215Sdm STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id1name, 5778e228215Sdm argv[7]); 5788e228215Sdm 5798e228215Sdm STRDUP_OR_FAIL(result->mappings.mappings_val[cb_data->next].id2name, 5808e228215Sdm argv[8]); 581c5c4113dSnw 58248258c6bSjp if (cb_data->flag & IDMAP_REQ_FLG_MAPPING_INFO) { 58348258c6bSjp how = &result->mappings.mappings_val[cb_data->next].info.how; 58448258c6bSjp how->map_type = strtoul(argv[11], &end, 10); 58548258c6bSjp switch (how->map_type) { 58648258c6bSjp case IDMAP_MAP_TYPE_DS_AD: 58748258c6bSjp how->idmap_how_u.ad.dn = 58848258c6bSjp strdup(argv[12]); 58948258c6bSjp how->idmap_how_u.ad.attr = 59048258c6bSjp strdup(argv[13]); 59148258c6bSjp how->idmap_how_u.ad.value = 59248258c6bSjp strdup(argv[14]); 59348258c6bSjp break; 59448258c6bSjp 59548258c6bSjp case IDMAP_MAP_TYPE_DS_NLDAP: 59648258c6bSjp how->idmap_how_u.nldap.dn = 59748258c6bSjp strdup(argv[12]); 59848258c6bSjp how->idmap_how_u.nldap.attr = 59948258c6bSjp strdup(argv[13]); 60048258c6bSjp how->idmap_how_u.nldap.value = 60148258c6bSjp strdup(argv[14]); 60248258c6bSjp break; 60348258c6bSjp 60448258c6bSjp case IDMAP_MAP_TYPE_RULE_BASED: 60548258c6bSjp how->idmap_how_u.rule.windomain = 60648258c6bSjp strdup(argv[15]); 60748258c6bSjp how->idmap_how_u.rule.winname = 60848258c6bSjp strdup(argv[16]); 60948258c6bSjp how->idmap_how_u.rule.unixname = 61048258c6bSjp strdup(argv[17]); 61148258c6bSjp how->idmap_how_u.rule.is_nt4 = 61248258c6bSjp strtoul(argv[18], &end, 10); 61348258c6bSjp how->idmap_how_u.rule.is_user = 61448258c6bSjp strtol(argv[9], &end, 10); 61548258c6bSjp how->idmap_how_u.rule.is_wuser = 61648258c6bSjp strtol(argv[10], &end, 10); 61748258c6bSjp break; 61848258c6bSjp 61948258c6bSjp case IDMAP_MAP_TYPE_EPHEMERAL: 62048258c6bSjp break; 62148258c6bSjp 62248258c6bSjp case IDMAP_MAP_TYPE_LOCAL_SID: 62348258c6bSjp break; 62448258c6bSjp 625e3f2c991SKeyur Desai case IDMAP_MAP_TYPE_IDMU: 626e3f2c991SKeyur Desai how->idmap_how_u.idmu.dn = 627e3f2c991SKeyur Desai strdup(argv[12]); 628e3f2c991SKeyur Desai how->idmap_how_u.idmu.attr = 629e3f2c991SKeyur Desai strdup(argv[13]); 630e3f2c991SKeyur Desai how->idmap_how_u.idmu.value = 631e3f2c991SKeyur Desai strdup(argv[14]); 632e3f2c991SKeyur Desai break; 633e3f2c991SKeyur Desai 63448258c6bSjp default: 635e3f2c991SKeyur Desai /* Unknown mapping type */ 63648258c6bSjp assert(FALSE); 63748258c6bSjp } 63848258c6bSjp 63948258c6bSjp } 640c5c4113dSnw 641c5c4113dSnw result->lastrowid = strtoll(argv[0], &end, 10); 642c5c4113dSnw cb_data->next++; 643c5c4113dSnw result->retcode = IDMAP_SUCCESS; 644c5c4113dSnw return (0); 645c5c4113dSnw } 646c5c4113dSnw 647c5c4113dSnw 648c5c4113dSnw /* ARGSUSED */ 649c5c4113dSnw bool_t 65048258c6bSjp idmap_list_mappings_1_svc(int64_t lastrowid, uint64_t limit, int32_t flag, 651cd37da74Snw idmap_mappings_res *result, struct svc_req *rqstp) 652cd37da74Snw { 653c5c4113dSnw sqlite *cache = NULL; 654c5c4113dSnw char lbuf[30], rbuf[30]; 655c5c4113dSnw uint64_t maxlimit; 656c5c4113dSnw idmap_retcode retcode; 657c5c4113dSnw char *sql = NULL; 65848258c6bSjp time_t curtime; 659c5c4113dSnw 660c5c4113dSnw (void) memset(result, 0, sizeof (*result)); 661c5c4113dSnw 66248258c6bSjp /* Current time */ 66348258c6bSjp errno = 0; 66448258c6bSjp if ((curtime = time(NULL)) == (time_t)-1) { 66548258c6bSjp idmapdlog(LOG_ERR, "Failed to get current time (%s)", 66648258c6bSjp strerror(errno)); 66748258c6bSjp retcode = IDMAP_ERR_INTERNAL; 66848258c6bSjp goto out; 66948258c6bSjp } 67048258c6bSjp 671c5c4113dSnw RDLOCK_CONFIG(); 672c5c4113dSnw maxlimit = _idmapdstate.cfg->pgcfg.list_size_limit; 673c5c4113dSnw UNLOCK_CONFIG(); 674c5c4113dSnw 675c5c4113dSnw /* Get cache handle */ 676c5c4113dSnw result->retcode = get_cache_handle(&cache); 677c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 678c5c4113dSnw goto out; 679c5c4113dSnw 680c5c4113dSnw result->retcode = IDMAP_ERR_INTERNAL; 681c5c4113dSnw 682c5c4113dSnw /* Create LIMIT expression. */ 683c5c4113dSnw if (limit == 0 || (maxlimit > 0 && maxlimit < limit)) 684c5c4113dSnw limit = maxlimit; 685c5c4113dSnw if (limit > 0) 686c5c4113dSnw (void) snprintf(lbuf, sizeof (lbuf), 687cd37da74Snw "LIMIT %" PRIu64, limit + 1ULL); 688bbf6f00cSJordan Brown else 689bbf6f00cSJordan Brown lbuf[0] = '\0'; 690c5c4113dSnw 691c5c4113dSnw (void) snprintf(rbuf, sizeof (rbuf), "rowid > %" PRIu64, lastrowid); 692c5c4113dSnw 693c5c4113dSnw /* 694c5c4113dSnw * Combine all the above into a giant SELECT statement that 695c5c4113dSnw * will return the requested mappings 696c5c4113dSnw */ 69748258c6bSjp 69848258c6bSjp sql = sqlite_mprintf("SELECT rowid, sidprefix, rid, pid, w2u, " 69948258c6bSjp "u2w, windomain, canon_winname, unixname, is_user, is_wuser, " 70048258c6bSjp "map_type, map_dn, map_attr, map_value, map_windomain, " 70148258c6bSjp "map_winname, map_unixname, map_is_nt4 " 70248258c6bSjp "FROM idmap_cache WHERE %s AND " 70348258c6bSjp "(pid >= 2147483648 OR (expiration = 0 OR " 70448258c6bSjp "expiration ISNULL OR expiration > %d)) " 70548258c6bSjp "%s;", 70648258c6bSjp rbuf, curtime, lbuf); 707c5c4113dSnw if (sql == NULL) { 708479ac375Sdm result->retcode = IDMAP_ERR_MEMORY; 709c5c4113dSnw idmapdlog(LOG_ERR, "Out of memory"); 710c5c4113dSnw goto out; 711c5c4113dSnw } 712c5c4113dSnw 713c5c4113dSnw /* Execute the SQL statement and update the return buffer */ 71471590c90Snw PROCESS_LIST_SVC_SQL(retcode, cache, IDMAP_CACHENAME, sql, limit, 71548258c6bSjp flag, list_mappings_cb, result, result->mappings.mappings_len); 716c5c4113dSnw 717c5c4113dSnw out: 718c5c4113dSnw if (sql) 719c5c4113dSnw sqlite_freemem(sql); 720c5c4113dSnw if (IDMAP_ERROR(result->retcode)) 721*a17ce845SMarcel Telka xdr_free(xdr_idmap_mappings_res, (caddr_t)result); 722c5c4113dSnw result->retcode = idmap_stat4prot(result->retcode); 723c5c4113dSnw return (TRUE); 724c5c4113dSnw } 725c5c4113dSnw 726c5c4113dSnw 727c5c4113dSnw /* ARGSUSED */ 728cd37da74Snw static 729cd37da74Snw int 730cd37da74Snw list_namerules_cb(void *parg, int argc, char **argv, char **colnames) 731cd37da74Snw { 732c5c4113dSnw list_cb_data_t *cb_data; 733c5c4113dSnw idmap_namerules_res *result; 734c5c4113dSnw idmap_retcode retcode; 735c5c4113dSnw int w2u_order, u2w_order; 736c5c4113dSnw char *end; 737cd37da74Snw static int validated_column_names = 0; 738cd37da74Snw 739cd37da74Snw if (!validated_column_names) { 740cd37da74Snw assert(strcmp(colnames[0], "rowid") == 0); 741cd37da74Snw assert(strcmp(colnames[1], "is_user") == 0); 742cd37da74Snw assert(strcmp(colnames[2], "is_wuser") == 0); 743cd37da74Snw assert(strcmp(colnames[3], "windomain") == 0); 744cd37da74Snw assert(strcmp(colnames[4], "winname_display") == 0); 745cd37da74Snw assert(strcmp(colnames[5], "is_nt4") == 0); 746cd37da74Snw assert(strcmp(colnames[6], "unixname") == 0); 747cd37da74Snw assert(strcmp(colnames[7], "w2u_order") == 0); 748cd37da74Snw assert(strcmp(colnames[8], "u2w_order") == 0); 749cd37da74Snw validated_column_names = 1; 750cd37da74Snw } 751c5c4113dSnw 752c5c4113dSnw cb_data = (list_cb_data_t *)parg; 753c5c4113dSnw result = (idmap_namerules_res *)cb_data->result; 754c5c4113dSnw 755cd37da74Snw _VALIDATE_LIST_CB_DATA(9, &result->rules.rules_val, 756cd37da74Snw sizeof (idmap_namerule)); 757c5c4113dSnw 758c5c4113dSnw result->rules.rules_len++; 759c5c4113dSnw 760c5c4113dSnw result->rules.rules_val[cb_data->next].is_user = 761cd37da74Snw strtol(argv[1], &end, 10); 762cd37da74Snw 763cd37da74Snw result->rules.rules_val[cb_data->next].is_wuser = 764cd37da74Snw strtol(argv[2], &end, 10); 765c5c4113dSnw 7668e228215Sdm STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].windomain, 767cd37da74Snw argv[3]); 768c5c4113dSnw 7698e228215Sdm STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].winname, 770cd37da74Snw argv[4]); 771c5c4113dSnw 772c5c4113dSnw result->rules.rules_val[cb_data->next].is_nt4 = 773cd37da74Snw strtol(argv[5], &end, 10); 774c5c4113dSnw 7758e228215Sdm STRDUP_OR_FAIL(result->rules.rules_val[cb_data->next].unixname, 776cd37da74Snw argv[6]); 777c5c4113dSnw 778cd37da74Snw w2u_order = argv[7] ? strtol(argv[7], &end, 10) : 0; 779cd37da74Snw u2w_order = argv[8] ? strtol(argv[8], &end, 10) : 0; 780c5c4113dSnw 781c5c4113dSnw if (w2u_order > 0 && u2w_order == 0) 782651c0131Sbaban result->rules.rules_val[cb_data->next].direction = 783651c0131Sbaban IDMAP_DIRECTION_W2U; 784c5c4113dSnw else if (w2u_order == 0 && u2w_order > 0) 785651c0131Sbaban result->rules.rules_val[cb_data->next].direction = 786651c0131Sbaban IDMAP_DIRECTION_U2W; 787c5c4113dSnw else 788651c0131Sbaban result->rules.rules_val[cb_data->next].direction = 789651c0131Sbaban IDMAP_DIRECTION_BI; 790c5c4113dSnw 791c5c4113dSnw result->lastrowid = strtoll(argv[0], &end, 10); 792c5c4113dSnw cb_data->next++; 793c5c4113dSnw result->retcode = IDMAP_SUCCESS; 794c5c4113dSnw return (0); 795c5c4113dSnw } 796c5c4113dSnw 797c5c4113dSnw 798c5c4113dSnw /* ARGSUSED */ 799c5c4113dSnw bool_t 800c5c4113dSnw idmap_list_namerules_1_svc(idmap_namerule rule, uint64_t lastrowid, 801*a17ce845SMarcel Telka uint64_t limit, idmap_namerules_res *result, struct svc_req *rqstp) 802cd37da74Snw { 803c5c4113dSnw 804c5c4113dSnw sqlite *db = NULL; 805c5c4113dSnw char lbuf[30], rbuf[30]; 806c5c4113dSnw char *sql = NULL; 807cd37da74Snw char *expr = NULL; 808c5c4113dSnw uint64_t maxlimit; 809c5c4113dSnw idmap_retcode retcode; 810c5c4113dSnw 811c5c4113dSnw (void) memset(result, 0, sizeof (*result)); 812c5c4113dSnw 8130dcc7149Snw result->retcode = validate_rule(&rule); 8140dcc7149Snw if (result->retcode != IDMAP_SUCCESS) 8150dcc7149Snw goto out; 8160dcc7149Snw 817c5c4113dSnw RDLOCK_CONFIG(); 818c5c4113dSnw maxlimit = _idmapdstate.cfg->pgcfg.list_size_limit; 819c5c4113dSnw UNLOCK_CONFIG(); 820c5c4113dSnw 821c5c4113dSnw /* Get db handle */ 822c5c4113dSnw result->retcode = get_db_handle(&db); 823c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 824c5c4113dSnw goto out; 825c5c4113dSnw 8260dcc7149Snw result->retcode = gen_sql_expr_from_rule(&rule, &expr); 8270dcc7149Snw if (result->retcode != IDMAP_SUCCESS) 828cd37da74Snw goto out; 829c5c4113dSnw 830c5c4113dSnw /* Create LIMIT expression. */ 831c5c4113dSnw if (limit == 0 || (maxlimit > 0 && maxlimit < limit)) 832c5c4113dSnw limit = maxlimit; 833c5c4113dSnw if (limit > 0) 834c5c4113dSnw (void) snprintf(lbuf, sizeof (lbuf), 835cd37da74Snw "LIMIT %" PRIu64, limit + 1ULL); 836bbf6f00cSJordan Brown else 837bbf6f00cSJordan Brown lbuf[0] = '\0'; 838c5c4113dSnw 839c5c4113dSnw (void) snprintf(rbuf, sizeof (rbuf), "rowid > %" PRIu64, lastrowid); 840c5c4113dSnw 841c5c4113dSnw /* 842c5c4113dSnw * Combine all the above into a giant SELECT statement that 843c5c4113dSnw * will return the requested rules 844c5c4113dSnw */ 845cd37da74Snw sql = sqlite_mprintf("SELECT rowid, is_user, is_wuser, windomain, " 846cd37da74Snw "winname_display, is_nt4, unixname, w2u_order, u2w_order " 847cd37da74Snw "FROM namerules WHERE " 848bbf6f00cSJordan Brown " %s %s %s;", 849bbf6f00cSJordan Brown rbuf, expr, lbuf); 850cd37da74Snw 851c5c4113dSnw if (sql == NULL) { 852479ac375Sdm result->retcode = IDMAP_ERR_MEMORY; 853c5c4113dSnw idmapdlog(LOG_ERR, "Out of memory"); 854c5c4113dSnw goto out; 855c5c4113dSnw } 856c5c4113dSnw 857c5c4113dSnw /* Execute the SQL statement and update the return buffer */ 85871590c90Snw PROCESS_LIST_SVC_SQL(retcode, db, IDMAP_DBNAME, sql, limit, 85948258c6bSjp 0, list_namerules_cb, result, result->rules.rules_len); 860c5c4113dSnw 861c5c4113dSnw out: 862cd37da74Snw if (expr) 863cd37da74Snw sqlite_freemem(expr); 864c5c4113dSnw if (sql) 865c5c4113dSnw sqlite_freemem(sql); 866c5c4113dSnw if (IDMAP_ERROR(result->retcode)) 867*a17ce845SMarcel Telka xdr_free(xdr_idmap_namerules_res, (caddr_t)result); 868c5c4113dSnw result->retcode = idmap_stat4prot(result->retcode); 869c5c4113dSnw return (TRUE); 870c5c4113dSnw } 871c5c4113dSnw 872c5c4113dSnw #define IDMAP_RULES_AUTH "solaris.admin.idmap.rules" 873c5c4113dSnw static int 874cd37da74Snw verify_rules_auth(struct svc_req *rqstp) 875cd37da74Snw { 876c5c4113dSnw ucred_t *uc = NULL; 877c5c4113dSnw uid_t uid; 878c5c4113dSnw char buf[1024]; 879c5c4113dSnw struct passwd pwd; 880c5c4113dSnw 881c5c4113dSnw if (svc_getcallerucred(rqstp->rq_xprt, &uc) != 0) { 88271590c90Snw idmapdlog(LOG_ERR, "svc_getcallerucred failed during " 88371590c90Snw "authorization (%s)", strerror(errno)); 884c5c4113dSnw return (-1); 885c5c4113dSnw } 886c5c4113dSnw 887c5c4113dSnw uid = ucred_geteuid(uc); 888c5c4113dSnw if (uid == (uid_t)-1) { 88971590c90Snw idmapdlog(LOG_ERR, "ucred_geteuid failed during " 89071590c90Snw "authorization (%s)", strerror(errno)); 891c5c4113dSnw ucred_free(uc); 892c5c4113dSnw return (-1); 893c5c4113dSnw } 894c5c4113dSnw 895c5c4113dSnw if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) { 89671590c90Snw idmapdlog(LOG_ERR, "getpwuid_r(%u) failed during " 89771590c90Snw "authorization (%s)", uid, strerror(errno)); 898c5c4113dSnw ucred_free(uc); 899c5c4113dSnw return (-1); 900c5c4113dSnw } 901c5c4113dSnw 902c5c4113dSnw if (chkauthattr(IDMAP_RULES_AUTH, pwd.pw_name) != 1) { 90371590c90Snw idmapdlog(LOG_INFO, "%s is not authorized (%s)", 90471590c90Snw pwd.pw_name, IDMAP_RULES_AUTH); 905c5c4113dSnw ucred_free(uc); 906c5c4113dSnw return (-1); 907c5c4113dSnw } 908c5c4113dSnw 909c5c4113dSnw ucred_free(uc); 910c5c4113dSnw return (1); 911c5c4113dSnw } 912c5c4113dSnw 9138e228215Sdm /* 9148e228215Sdm * Meaning of the return values is the following: For retcode == 9158e228215Sdm * IDMAP_SUCCESS, everything went OK and error_index is 9168e228215Sdm * undefined. Otherwise, error_index >=0 shows the failed batch 9178e228215Sdm * element. errro_index == -1 indicates failure at the beginning, 9188e228215Sdm * error_index == -2 at the end. 9198e228215Sdm */ 9208e228215Sdm 921c5c4113dSnw /* ARGSUSED */ 922c5c4113dSnw bool_t 9238e228215Sdm idmap_update_1_svc(idmap_update_batch batch, idmap_update_res *res, 924*a17ce845SMarcel Telka struct svc_req *rqstp) 925cd37da74Snw { 926c5c4113dSnw sqlite *db = NULL; 927c5c4113dSnw idmap_update_op *up; 928c5c4113dSnw int i; 92984decf41Sjp int trans = FALSE; 930c5c4113dSnw 9318e228215Sdm res->error_index = -1; 9328e228215Sdm (void) memset(&res->error_rule, 0, sizeof (res->error_rule)); 9338e228215Sdm (void) memset(&res->conflict_rule, 0, sizeof (res->conflict_rule)); 9348e228215Sdm 935c5c4113dSnw if (verify_rules_auth(rqstp) < 0) { 9368e228215Sdm res->retcode = IDMAP_ERR_PERMISSION_DENIED; 937c5c4113dSnw goto out; 938c5c4113dSnw } 939c5c4113dSnw 940c5c4113dSnw if (batch.idmap_update_batch_len == 0 || 941cd37da74Snw batch.idmap_update_batch_val == NULL) { 9428e228215Sdm res->retcode = IDMAP_SUCCESS; 943c5c4113dSnw goto out; 944c5c4113dSnw } 945c5c4113dSnw 9460dcc7149Snw res->retcode = validate_rules(&batch); 9470dcc7149Snw if (res->retcode != IDMAP_SUCCESS) 9480dcc7149Snw goto out; 9490dcc7149Snw 950c5c4113dSnw /* Get db handle */ 9518e228215Sdm res->retcode = get_db_handle(&db); 9528e228215Sdm if (res->retcode != IDMAP_SUCCESS) 953c5c4113dSnw goto out; 954c5c4113dSnw 95571590c90Snw res->retcode = sql_exec_no_cb(db, IDMAP_DBNAME, "BEGIN TRANSACTION;"); 9568e228215Sdm if (res->retcode != IDMAP_SUCCESS) 957c5c4113dSnw goto out; 95884decf41Sjp trans = TRUE; 959c5c4113dSnw 960c5c4113dSnw for (i = 0; i < batch.idmap_update_batch_len; i++) { 961c5c4113dSnw up = &batch.idmap_update_batch_val[i]; 962c5c4113dSnw switch (up->opnum) { 963c5c4113dSnw case OP_NONE: 9648e228215Sdm res->retcode = IDMAP_SUCCESS; 965c5c4113dSnw break; 966c5c4113dSnw case OP_ADD_NAMERULE: 9678e228215Sdm res->retcode = add_namerule(db, 968cd37da74Snw &up->idmap_update_op_u.rule); 969c5c4113dSnw break; 970c5c4113dSnw case OP_RM_NAMERULE: 9718e228215Sdm res->retcode = rm_namerule(db, 972cd37da74Snw &up->idmap_update_op_u.rule); 973c5c4113dSnw break; 974c5c4113dSnw case OP_FLUSH_NAMERULES: 975cd37da74Snw res->retcode = flush_namerules(db); 976c5c4113dSnw break; 977c5c4113dSnw default: 9788e228215Sdm res->retcode = IDMAP_ERR_NOTSUPPORTED; 9798e228215Sdm break; 980c5c4113dSnw }; 981c5c4113dSnw 9828e228215Sdm if (res->retcode != IDMAP_SUCCESS) { 9838e228215Sdm res->error_index = i; 9848e228215Sdm if (up->opnum == OP_ADD_NAMERULE || 9858e228215Sdm up->opnum == OP_RM_NAMERULE) { 9868e228215Sdm idmap_stat r2 = 9878e228215Sdm idmap_namerule_cpy(&res->error_rule, 988cd37da74Snw &up->idmap_update_op_u.rule); 9898e228215Sdm if (r2 != IDMAP_SUCCESS) 9908e228215Sdm res->retcode = r2; 9918e228215Sdm } 992c5c4113dSnw goto out; 9938e228215Sdm } 994c5c4113dSnw } 995c5c4113dSnw 996c5c4113dSnw out: 99784decf41Sjp if (trans) { 9988e228215Sdm if (res->retcode == IDMAP_SUCCESS) { 9998e228215Sdm res->retcode = 100071590c90Snw sql_exec_no_cb(db, IDMAP_DBNAME, 100171590c90Snw "COMMIT TRANSACTION;"); 10029fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (res->retcode == IDMAP_SUCCESS) { 10039fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States /* 10049fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * We've updated the rules. Expire the cache 10059fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * so that existing mappings will be 10069fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * reconsidered. 10079fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */ 10089fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States res->retcode = 10099fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_cache_flush(IDMAP_FLUSH_EXPIRE); 10109fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } else { 10118e228215Sdm res->error_index = -2; 10129fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 10138e228215Sdm } 101484decf41Sjp else 101571590c90Snw (void) sql_exec_no_cb(db, IDMAP_DBNAME, 101671590c90Snw "ROLLBACK TRANSACTION;"); 1017c5c4113dSnw } 10188e228215Sdm 10198e228215Sdm res->retcode = idmap_stat4prot(res->retcode); 10208e228215Sdm 1021c5c4113dSnw return (TRUE); 1022c5c4113dSnw } 1023c5c4113dSnw 1024fe1c642dSBill Krier static 1025fe1c642dSBill Krier int 1026fe1c642dSBill Krier copy_string(char **to, char *from) 1027fe1c642dSBill Krier { 1028fe1c642dSBill Krier if (EMPTY_STRING(from)) { 1029fe1c642dSBill Krier *to = NULL; 1030fe1c642dSBill Krier } else { 1031fe1c642dSBill Krier *to = strdup(from); 1032fe1c642dSBill Krier if (*to == NULL) { 1033fe1c642dSBill Krier idmapdlog(LOG_ERR, "Out of memory"); 1034fe1c642dSBill Krier return (IDMAP_ERR_MEMORY); 1035fe1c642dSBill Krier } 1036fe1c642dSBill Krier } 1037fe1c642dSBill Krier return (IDMAP_SUCCESS); 1038fe1c642dSBill Krier } 1039fe1c642dSBill Krier 1040fe1c642dSBill Krier static 1041fe1c642dSBill Krier int 1042fe1c642dSBill Krier copy_id(idmap_id *to, idmap_id *from) 1043fe1c642dSBill Krier { 1044fe1c642dSBill Krier (void) memset(to, 0, sizeof (*to)); 1045fe1c642dSBill Krier 1046fe1c642dSBill Krier to->idtype = from->idtype; 1047fe1c642dSBill Krier if (IS_ID_SID(*from)) { 1048fe1c642dSBill Krier idmap_retcode retcode; 1049fe1c642dSBill Krier 1050fe1c642dSBill Krier to->idmap_id_u.sid.rid = from->idmap_id_u.sid.rid; 1051fe1c642dSBill Krier retcode = copy_string(&to->idmap_id_u.sid.prefix, 1052fe1c642dSBill Krier from->idmap_id_u.sid.prefix); 1053fe1c642dSBill Krier 1054fe1c642dSBill Krier return (retcode); 1055fe1c642dSBill Krier } else { 1056fe1c642dSBill Krier to->idmap_id_u.uid = from->idmap_id_u.uid; 1057fe1c642dSBill Krier return (IDMAP_SUCCESS); 1058fe1c642dSBill Krier } 1059fe1c642dSBill Krier } 1060fe1c642dSBill Krier 1061fe1c642dSBill Krier static 1062fe1c642dSBill Krier int 1063fe1c642dSBill Krier copy_mapping(idmap_mapping *mapping, idmap_mapping *request) 1064fe1c642dSBill Krier { 1065fe1c642dSBill Krier idmap_retcode retcode; 1066fe1c642dSBill Krier 1067fe1c642dSBill Krier (void) memset(mapping, 0, sizeof (*mapping)); 1068fe1c642dSBill Krier 1069fe1c642dSBill Krier mapping->flag = request->flag; 1070fe1c642dSBill Krier mapping->direction = _IDMAP_F_DONE; 1071fe1c642dSBill Krier 1072fe1c642dSBill Krier retcode = copy_id(&mapping->id1, &request->id1); 1073fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1074fe1c642dSBill Krier goto errout; 1075fe1c642dSBill Krier 1076fe1c642dSBill Krier retcode = copy_string(&mapping->id1domain, request->id1domain); 1077fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1078fe1c642dSBill Krier goto errout; 1079fe1c642dSBill Krier 1080fe1c642dSBill Krier retcode = copy_string(&mapping->id1name, request->id1name); 1081fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1082fe1c642dSBill Krier goto errout; 1083fe1c642dSBill Krier 1084fe1c642dSBill Krier retcode = copy_id(&mapping->id2, &request->id2); 1085fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1086fe1c642dSBill Krier goto errout; 1087fe1c642dSBill Krier 1088fe1c642dSBill Krier retcode = copy_string(&mapping->id2domain, request->id2domain); 1089fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1090fe1c642dSBill Krier goto errout; 1091fe1c642dSBill Krier retcode = copy_string(&mapping->id2name, request->id2name); 1092fe1c642dSBill Krier if (retcode != IDMAP_SUCCESS) 1093fe1c642dSBill Krier goto errout; 1094fe1c642dSBill Krier 1095fe1c642dSBill Krier return (IDMAP_SUCCESS); 1096fe1c642dSBill Krier 1097fe1c642dSBill Krier errout: 1098fe1c642dSBill Krier if (IS_ID_SID(mapping->id1)) 1099fe1c642dSBill Krier free(mapping->id1.idmap_id_u.sid.prefix); 1100fe1c642dSBill Krier free(mapping->id1domain); 1101fe1c642dSBill Krier free(mapping->id1name); 1102fe1c642dSBill Krier if (IS_ID_SID(mapping->id2)) 1103fe1c642dSBill Krier free(mapping->id2.idmap_id_u.sid.prefix); 1104fe1c642dSBill Krier free(mapping->id2domain); 1105fe1c642dSBill Krier free(mapping->id2name); 1106fe1c642dSBill Krier 1107fe1c642dSBill Krier (void) memset(mapping, 0, sizeof (*mapping)); 1108fe1c642dSBill Krier return (retcode); 1109fe1c642dSBill Krier } 1110fe1c642dSBill Krier 1111c5c4113dSnw 1112c5c4113dSnw /* ARGSUSED */ 1113c5c4113dSnw bool_t 1114c5c4113dSnw idmap_get_mapped_id_by_name_1_svc(idmap_mapping request, 1115*a17ce845SMarcel Telka idmap_mappings_res *result, struct svc_req *rqstp) 1116cd37da74Snw { 1117fe1c642dSBill Krier idmap_mapping_batch batch_request; 1118fe1c642dSBill Krier idmap_ids_res batch_result; 1119fe1c642dSBill Krier idmap_mapping *map; 1120c5c4113dSnw 1121fe1c642dSBill Krier /* Clear out things we might want to xdr_free on error */ 1122fe1c642dSBill Krier (void) memset(&batch_result, 0, sizeof (batch_result)); 1123c5c4113dSnw (void) memset(result, 0, sizeof (*result)); 1124c5c4113dSnw 11250dcc7149Snw result->retcode = validate_mapped_id_by_name_req(&request); 11260dcc7149Snw if (result->retcode != IDMAP_SUCCESS) 11270dcc7149Snw goto out; 11280dcc7149Snw 1129fe1c642dSBill Krier /* 1130fe1c642dSBill Krier * Copy the request. We need to modify it, and 1131fe1c642dSBill Krier * what we have is a shallow copy. Freeing pointers from 1132fe1c642dSBill Krier * our copy will lead to problems, since the RPC framework 1133fe1c642dSBill Krier * has its own copy of those pointers. Besides, we need 1134fe1c642dSBill Krier * a copy to return. 1135fe1c642dSBill Krier */ 1136fe1c642dSBill Krier map = calloc(1, sizeof (idmap_mapping)); 1137fe1c642dSBill Krier if (map == NULL) { 1138fe1c642dSBill Krier idmapdlog(LOG_ERR, "Out of memory"); 1139fe1c642dSBill Krier result->retcode = IDMAP_ERR_MEMORY; 1140c5c4113dSnw goto out; 1141fe1c642dSBill Krier } 1142c5c4113dSnw 1143fe1c642dSBill Krier /* 1144fe1c642dSBill Krier * Set up to return the filled-in mapping structure. 1145fe1c642dSBill Krier * Note that we xdr_free result on error, and that'll take 1146fe1c642dSBill Krier * care of freeing the mapping structure. 1147fe1c642dSBill Krier */ 1148fe1c642dSBill Krier result->mappings.mappings_val = map; 1149fe1c642dSBill Krier result->mappings.mappings_len = 1; 1150fe1c642dSBill Krier 1151fe1c642dSBill Krier result->retcode = copy_mapping(map, &request); 1152c5c4113dSnw if (result->retcode != IDMAP_SUCCESS) 1153c5c4113dSnw goto out; 1154c5c4113dSnw 1155fe1c642dSBill Krier /* Set up for the request to the batch API */ 1156fe1c642dSBill Krier batch_request.idmap_mapping_batch_val = map; 1157fe1c642dSBill Krier batch_request.idmap_mapping_batch_len = 1; 1158fe1c642dSBill Krier 1159fe1c642dSBill Krier /* Do the real work. */ 1160fe1c642dSBill Krier (void) idmap_get_mapped_ids_1_svc(batch_request, 1161fe1c642dSBill Krier &batch_result, rqstp); 1162fe1c642dSBill Krier 1163fe1c642dSBill Krier /* Copy what we need out of the batch response */ 1164fe1c642dSBill Krier 1165fe1c642dSBill Krier if (batch_result.retcode != IDMAP_SUCCESS) { 1166fe1c642dSBill Krier result->retcode = batch_result.retcode; 1167c5c4113dSnw goto out; 1168c5c4113dSnw } 1169c5c4113dSnw 1170fe1c642dSBill Krier result->retcode = copy_id(&map->id2, &batch_result.ids.ids_val[0].id); 1171fe1c642dSBill Krier if (result->retcode != IDMAP_SUCCESS) 1172fe1c642dSBill Krier goto out; 1173cd37da74Snw 1174fe1c642dSBill Krier map->direction = batch_result.ids.ids_val[0].direction; 1175fe1c642dSBill Krier 1176fe1c642dSBill Krier result->retcode = batch_result.ids.ids_val[0].retcode; 1177fe1c642dSBill Krier 1178148c5f43SAlan Wright idmap_info_mov(&map->info, &batch_result.ids.ids_val[0].info); 1179c5c4113dSnw 1180c5c4113dSnw out: 1181c5c4113dSnw if (IDMAP_FATAL_ERROR(result->retcode)) { 1182c5c4113dSnw xdr_free(xdr_idmap_mappings_res, (caddr_t)result); 1183c5c4113dSnw result->mappings.mappings_len = 0; 1184c5c4113dSnw result->mappings.mappings_val = NULL; 1185c5c4113dSnw } 1186c5c4113dSnw result->retcode = idmap_stat4prot(result->retcode); 1187fe1c642dSBill Krier 1188fe1c642dSBill Krier xdr_free(xdr_idmap_ids_res, (char *)&batch_result); 1189fe1c642dSBill Krier 1190c5c4113dSnw return (TRUE); 1191c5c4113dSnw } 1192c5c4113dSnw 1193479ac375Sdm /* ARGSUSED */ 1194479ac375Sdm bool_t 1195479ac375Sdm idmap_get_prop_1_svc(idmap_prop_type request, 1196*a17ce845SMarcel Telka idmap_prop_res *result, struct svc_req *rqstp) 1197479ac375Sdm { 1198479ac375Sdm idmap_pg_config_t *pgcfg; 1199479ac375Sdm 1200479ac375Sdm /* Init */ 1201479ac375Sdm (void) memset(result, 0, sizeof (*result)); 1202479ac375Sdm result->retcode = IDMAP_SUCCESS; 1203479ac375Sdm result->value.prop = request; 1204479ac375Sdm 1205479ac375Sdm RDLOCK_CONFIG(); 1206479ac375Sdm 1207479ac375Sdm /* Just shortcuts: */ 1208479ac375Sdm pgcfg = &_idmapdstate.cfg->pgcfg; 12094d61c878SJulian Pullen 1210479ac375Sdm 1211479ac375Sdm switch (request) { 1212479ac375Sdm case PROP_LIST_SIZE_LIMIT: 1213479ac375Sdm result->value.idmap_prop_val_u.intval = pgcfg->list_size_limit; 1214479ac375Sdm result->auto_discovered = FALSE; 1215479ac375Sdm break; 1216479ac375Sdm case PROP_DEFAULT_DOMAIN: 1217479ac375Sdm result->auto_discovered = FALSE; 1218479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1219479ac375Sdm pgcfg->default_domain); 1220479ac375Sdm break; 1221479ac375Sdm case PROP_DOMAIN_NAME: 1222479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1223479ac375Sdm pgcfg->domain_name); 1224479ac375Sdm result->auto_discovered = 12254d61c878SJulian Pullen pgcfg->domain_name_auto_disc; 1226479ac375Sdm break; 1227479ac375Sdm case PROP_MACHINE_SID: 1228479ac375Sdm result->auto_discovered = FALSE; 1229479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1230479ac375Sdm pgcfg->machine_sid); 1231479ac375Sdm break; 1232479ac375Sdm case PROP_DOMAIN_CONTROLLER: 1233479ac375Sdm if (pgcfg->domain_controller != NULL) { 1234479ac375Sdm (void) memcpy(&result->value.idmap_prop_val_u.dsval, 1235479ac375Sdm pgcfg->domain_controller, 1236479ac375Sdm sizeof (idmap_ad_disc_ds_t)); 1237479ac375Sdm } 12384d61c878SJulian Pullen result->auto_discovered = pgcfg->domain_controller_auto_disc; 1239479ac375Sdm break; 1240479ac375Sdm case PROP_FOREST_NAME: 1241479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1242479ac375Sdm pgcfg->forest_name); 12434d61c878SJulian Pullen result->auto_discovered = pgcfg->forest_name_auto_disc; 1244479ac375Sdm break; 1245479ac375Sdm case PROP_SITE_NAME: 1246479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1247479ac375Sdm pgcfg->site_name); 12484d61c878SJulian Pullen result->auto_discovered = pgcfg->site_name_auto_disc; 1249479ac375Sdm break; 1250479ac375Sdm case PROP_GLOBAL_CATALOG: 1251479ac375Sdm if (pgcfg->global_catalog != NULL) { 1252479ac375Sdm (void) memcpy(&result->value.idmap_prop_val_u.dsval, 1253479ac375Sdm pgcfg->global_catalog, sizeof (idmap_ad_disc_ds_t)); 1254479ac375Sdm } 12554d61c878SJulian Pullen result->auto_discovered = pgcfg->global_catalog_auto_disc; 1256479ac375Sdm break; 1257479ac375Sdm case PROP_AD_UNIXUSER_ATTR: 1258479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1259479ac375Sdm pgcfg->ad_unixuser_attr); 1260479ac375Sdm result->auto_discovered = FALSE; 1261479ac375Sdm break; 1262479ac375Sdm case PROP_AD_UNIXGROUP_ATTR: 1263479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1264479ac375Sdm pgcfg->ad_unixgroup_attr); 1265479ac375Sdm result->auto_discovered = FALSE; 1266479ac375Sdm break; 1267479ac375Sdm case PROP_NLDAP_WINNAME_ATTR: 1268479ac375Sdm STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1269479ac375Sdm pgcfg->nldap_winname_attr); 1270479ac375Sdm result->auto_discovered = FALSE; 1271479ac375Sdm break; 1272e3f2c991SKeyur Desai case PROP_DIRECTORY_BASED_MAPPING: 1273e3f2c991SKeyur Desai STRDUP_CHECK(result->value.idmap_prop_val_u.utf8val, 1274e3f2c991SKeyur Desai enum_lookup(pgcfg->directory_based_mapping, 1275e3f2c991SKeyur Desai directory_mapping_map)); 1276479ac375Sdm result->auto_discovered = FALSE; 1277479ac375Sdm break; 1278479ac375Sdm default: 1279479ac375Sdm result->retcode = IDMAP_ERR_PROP_UNKNOWN; 1280479ac375Sdm break; 1281479ac375Sdm } 1282479ac375Sdm 1283479ac375Sdm out: 1284479ac375Sdm UNLOCK_CONFIG(); 1285479ac375Sdm if (IDMAP_FATAL_ERROR(result->retcode)) { 1286479ac375Sdm xdr_free(xdr_idmap_prop_res, (caddr_t)result); 1287479ac375Sdm result->value.prop = PROP_UNKNOWN; 1288479ac375Sdm } 1289479ac375Sdm result->retcode = idmap_stat4prot(result->retcode); 1290479ac375Sdm return (TRUE); 1291479ac375Sdm } 1292479ac375Sdm 12939fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States int 12949fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_flush_1_svc( 12959fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_flush_op op, 12969fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_retcode *result, 12979fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States struct svc_req *rqstp) 12989fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States { 12999fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States NOTE(ARGUNUSED(rqstp)) 13009fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (verify_rules_auth(rqstp) < 0) { 13019fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States *result = IDMAP_ERR_PERMISSION_DENIED; 13029fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (TRUE); 13039fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 13049fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 13059fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States *result = idmap_cache_flush(op); 13069fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 13079fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (TRUE); 13089fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 1309c5c4113dSnw 1310c5c4113dSnw /* ARGSUSED */ 1311c5c4113dSnw int 1312c5c4113dSnw idmap_prog_1_freeresult(SVCXPRT *transp, xdrproc_t xdr_result, 1313*a17ce845SMarcel Telka caddr_t result) 1314cd37da74Snw { 1315*a17ce845SMarcel Telka xdr_free(xdr_result, result); 1316c5c4113dSnw return (TRUE); 1317c5c4113dSnw } 13181fcced4cSJordan Brown 13191fcced4cSJordan Brown /* 13201fcced4cSJordan Brown * This function is called by rpc_svc.c when it encounters an error. 13211fcced4cSJordan Brown */ 13221fcced4cSJordan Brown NOTE(PRINTFLIKE(1)) 13231fcced4cSJordan Brown void 13241fcced4cSJordan Brown idmap_rpc_msgout(const char *fmt, ...) 13251fcced4cSJordan Brown { 13261fcced4cSJordan Brown va_list va; 13271fcced4cSJordan Brown char buf[1000]; 13281fcced4cSJordan Brown 13291fcced4cSJordan Brown va_start(va, fmt); 13301fcced4cSJordan Brown (void) vsnprintf(buf, sizeof (buf), fmt, va); 13311fcced4cSJordan Brown va_end(va); 13321fcced4cSJordan Brown 13331fcced4cSJordan Brown idmapdlog(LOG_ERR, "idmap RPC: %s", buf); 13341fcced4cSJordan Brown } 1335