search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
6811333 Remove prom_printf() message in emlxs driver
[opensolaris.git] / usr / src / lib / libnisdb / ldap_map.c
blob3e733e06a7315fd457c3a834694931e788b4d722
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <strings.h>
30 #include <sys/types.h>
31 #include <sys/stat.h>
32 #include <errno.h>
33 #include <stdio.h>
34 #include <rpcsvc/nis.h>
35 #include <rpc/xdr.h>
36
37 #include "ldap_util.h"
38 #include "ldap_attr.h"
39 #include "ldap_ruleval.h"
40 #include "ldap_op.h"
41 #include "ldap_map.h"
42 #include "ldap_nisplus.h"
43 #include "ldap_glob.h"
44 #include "ldap_xdr.h"
45 #include "ldap_val.h"
46
47 /* From yptol/dit_access_utils.h */
48 #define N2LKEY "rf_key"
49 #define N2LIPKEY "rf_ipkey"
50
51 __nis_hash_table_mt ldapMappingList = NIS_HASH_TABLE_MT_INIT;
52 extern int yp2ldap;
53
54
55 int
56 setColumnNames(__nis_table_mapping_t *t) {
57 int i, j, nic, noc, stat;
58 char **col;
59 zotypes type;
60 char *myself = "setColumnNames";
61
62 if (t == 0)
63 return (0);
64
65 type = t->objType;
66 col = t->column;
67 nic = (col != 0) ? t->numColumns : -1;
68
69 t->objType = NIS_BOGUS_OBJ;
70 t->obj = 0;
71
72 stat = initializeColumnNames(t->objName, &t->column, &t->numColumns,
73 &t->objType, &t->obj);
74 if (stat == LDAP_OBJECT_CLASS_VIOLATION) {
75 /* Not a table object; that's OK */
76 sfree(col);
77 return (0);
78 } else if (justTesting && stat != LDAP_SUCCESS) {
79 /*
80 * Restore the parser initialization. This will only work
81 * correctly if the config file is consistent in the ordering
82 * of column names, and either no NIS+ lookups are needed,
83 * or the ordering is the same as in NIS+.
84 */
85 t->column = col;
86 t->numColumns = nic;
87 /* Make a guess at the object type, based on the name */
88 if (strstr(t->objName, ".org_dir") != 0)
89 t->objType = NIS_TABLE_OBJ;
90 else if (strncmp(t->objName, "admin.groups_dir",
91 sizeof ("admin.groups_dir")) != 0)
92 t->objType = NIS_GROUP_OBJ;
93 else
94 t->objType = NIS_DIRECTORY_OBJ;
95 return (0);
96 }
97
98 /*
99 * If it's a table object, but there are no translation rules,
100 * this mapping is for the table object itself. In that case,
101 * we throw away the column names (if any).
102 */
103 if (t->objType == NIS_TABLE_OBJ && t->numRulesFromLDAP == 0 &&
104 t->numRulesToLDAP == 0) {
105 for (i = 0; i < t->numColumns; i++)
106 sfree(t->column[i]);
107 sfree(t->column);
108 t->column = 0;
109 t->numColumns = 0;
110 noc = 0;
111 }
112
113 /*
114 * Verify that all column names found by the parser
115 * are present in the actual column list.
116 */
117 if (verbose) {
118 for (i = 0, noc = 0; i < nic; i++) {
119 int found = 0;
120
121 if (col[i] == 0)
122 continue;
123 /* Skip the 'zo_*' special column names */
124 if (isObjAttrString(col[i]))
125 continue;
126 for (j = 0; j < t->numColumns; j++) {
127 if (strcmp(col[i], t->column[j]) == 0) {
128 noc++;
129 found = 1;
130 break;
131 }
132 }
133 if (!found) {
134 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
135 "%s: No column \"%s\" in \"%s\"",
136 myself, NIL(col[i]), NIL(t->objName));
137 }
138 }
139 }
140
141 /* Remove any setup by the parser */
142 for (i = 0; i < nic; i++) {
143 sfree(col[i]);
144 }
145 sfree(col);
146
147 return (0);
148 }
149
150 void
151 freeSingleObjAttr(__nis_obj_attr_t *attr) {
152 if (attr == 0)
153 return;
154
155 sfree(attr->zo_owner);
156 sfree(attr->zo_group);
157 sfree(attr->zo_domain);
158 sfree(attr);
159 }
160
161 void
162 freeObjAttr(__nis_obj_attr_t **attr, int numAttr) {
163 int i;
164
165 if (attr == 0)
166 return;
167
168 for (i = 0; i < numAttr; i++) {
169 freeSingleObjAttr(attr[i]);
170 }
171
172 sfree(attr);
173 }
174
175 __nis_obj_attr_t *
176 cloneObjAttr(__nis_obj_attr_t *old) {
177 __nis_obj_attr_t *new;
178 char *myself = "cloneObjAttr";
179
180 if (old == 0)
181 return (0);
182
183 new = am(myself, sizeof (*new));
184 if (new == 0)
185 return (0);
186
187 new->zo_owner = sdup(myself, T, old->zo_owner);
188 if (new->zo_owner == 0 && old->zo_owner != 0)
189 goto cleanup;
190
191 new->zo_group = sdup(myself, T, old->zo_group);
192 if (new->zo_group == 0 && old->zo_group != 0)
193 goto cleanup;
194
195 new->zo_domain = sdup(myself, T, old->zo_domain);
196 if (new->zo_domain == 0 && old->zo_domain != 0)
197 goto cleanup;
198
199 new->zo_access = old->zo_access;
200 new->zo_ttl = old->zo_ttl;
201
202 return (new);
203
204 cleanup:
205 freeSingleObjAttr(new);
206
207 return (0);
208 }
209
210
211 /*
212 * Obtain NIS+ entries (in the form of db_query's) from the supplied table
213 * mapping and db_query.
214 *
215 * If 'qin' is NULL, enumeration is desired.
216 *
217 * On exit, '*numQueries' contains the number of (db_query *)'s in the
218 * return array, '*ldapStat' the LDAP operation status, and '*objAttr'
219 * a pointer to an array (of '*numQueries elements) of object attributes
220 * (zo_owner, etc.). If no object attributes were retrieved, '*objAttr'
221 * is NULL; any and all of the (*objAttr)[i]'s may be NULL.
222 */
223 db_query **
224 mapFromLDAP(__nis_table_mapping_t *t, db_query *qin, int *numQueries,
225 char *dbId, int *ldapStat, __nis_obj_attr_t ***objAttr) {
226 __nis_table_mapping_t **tp;
227 db_query **q;
228 __nis_rule_value_t *rv;
229 __nis_ldap_search_t *ls;
230 int n, numVals, numMatches = 0;
231 int stat;
232 __nis_obj_attr_t **attr;
233 char *myself = "mapFromLDAP";
234
235 if (ldapStat == 0)
236 ldapStat = &stat;
237
238 if (t == 0 || numQueries == 0) {
239 *ldapStat = LDAP_PARAM_ERROR;
240 return (0);
241 }
242
243 /* Select the correct table mapping(s) */
244 tp = selectTableMapping(t, qin, 0, 0, dbId, &numMatches);
245 if (tp == 0 || numMatches <= 0) {
246 /*
247 * Not really an error; just no matching mapping
248 * for the query.
249 */
250 *ldapStat = LDAP_SUCCESS;
251 return (0);
252 }
253
254 q = 0;
255 attr = 0;
256
257 /* For each mapping */
258 for (numVals = 0, n = 0; n < numMatches; n++) {
259 db_query **qt;
260 int i, nqt = 0, filterOnQin, res = 0;
261
262 t = tp[n];
263
264 if (qin != 0) {
265 rv = buildNisPlusRuleValue(t, qin, 0);
266 if (rv != 0) {
267 /*
268 * Depending on the value of res, we shall
269 * proceed to next table mapping.
270 */
271 ls = createLdapRequest(t, rv, 0, 1, &res, NULL);
272 }
273 else
274 ls = 0;
275 } else {
276 /* Build enumeration request */
277 rv = 0;
278 ls = createLdapRequest(t, 0, 0, 1, NULL, NULL);
279 }
280
281 freeRuleValue(rv, 1);
282
283 if (ls == 0) {
284 /*
285 * if the res is NP_LDAP_RULES_NO_VALUE, that means we
286 * have enough NIS+ columns for the rules to produce
287 * values, but none of them did, so continue to the
288 * next table mapping. Otherwise do cleanup and return
289 * error.
290 */
291 if (res == NP_LDAP_RULES_NO_VALUE)
292 continue;
293 for (i = 0; i < numVals; i++)
294 freeQuery(q[i]);
295 sfree(q);
296 free(tp);
297 *ldapStat = LDAP_OPERATIONS_ERROR;
298 return (0);
299 }
300
301 /* Query LDAP */
302 nqt = (ls->isDN || qin != 0) ? 0 : -1;
303 rv = ldapSearch(ls, &nqt, 0, ldapStat);
304
305 /*
306 * If qin != 0, then we need to make sure that the
307 * LDAP search is filtered so that only entries that
308 * are compatible with 'qin' are retained. This will
309 * happen automatically if we do a DN search (in which
310 * case, no need to filter on 'qin').
311 */
312 if (ls->isDN || qin == 0)
313 filterOnQin = 0;
314 else
315 filterOnQin = 1;
316
317 freeLdapSearch(ls);
318
319 /* Convert rule-values to db_query's */
320 if (rv != 0 && nqt > 0) {
321 int nrv = nqt;
322 __nis_obj_attr_t **at = 0;
323
324 qt = ruleValue2Query(t, rv,
325 (filterOnQin) ? qin : 0, &at, &nqt);
326 freeRuleValue(rv, nrv);
327
328 if (qt != 0 && q == 0) {
329 q = qt;
330 attr = at;
331 numVals = nqt;
332 } else if (qt != 0) {
333 db_query **tmp;
334 __nis_obj_attr_t **atmp;
335
336 /* Extend the 'q' array */
337 tmp = realloc(q,
338 (numVals+nqt) * sizeof (q[0]));
339 /* ... and the 'attr' array */
340 atmp = realloc(attr,
341 (numVals+nqt) * sizeof (attr[0]));
342 if (tmp == 0 || atmp == 0) {
343 logmsg(MSG_NOMEM, LOG_ERR,
344 "%s: realloc(%d) => NULL",
345 myself,
346 (numVals+nqt) * sizeof (q[0]));
347 for (i = 0; i < numVals; i++)
348 freeQuery(q[i]);
349 for (i = 0; i < nqt; i++)
350 freeQuery(qt[i]);
351 sfree(tmp);
352 sfree(atmp);
353 sfree(q);
354 sfree(qt);
355 sfree(tp);
356 freeObjAttr(at, nqt);
357 freeObjAttr(attr, numVals);
358 *ldapStat = LDAP_NO_MEMORY;
359 return (0);
360 }
361 q = tmp;
362 attr = atmp;
363 /* Add the results for this 't' */
364 (void) memcpy(&q[numVals], qt,
365 nqt * sizeof (qt[0]));
366 (void) memcpy(&attr[numVals], at,
367 nqt * sizeof (at[0]));
368 numVals += nqt;
369
370 sfree(qt);
371 sfree(at);
372 }
373 }
374 }
375
376 *numQueries = numVals;
377 if (objAttr != 0)
378 *objAttr = attr;
379 else
380 freeObjAttr(attr, numVals);
381 sfree(tp);
382
383 return (q);
384 }
385
386 /*
387 * Add the object attributes (zo_owner, etc.) to the rule-value 'rv'.
388 * Returns a pointer to the (possibly newly allocated) rule-value,
389 * or NULL in case of failure. If not returning 'rvIn', the latter
390 * will have been freed.
391 */
392 __nis_rule_value_t *
393 addObjAttr2RuleValue(nis_object *obj, __nis_rule_value_t *rvIn) {
394 __nis_rule_value_t *rv;
395 char abuf[2 * sizeof (obj->zo_access) + 1];
396 char tbuf[2 * sizeof (obj->zo_ttl) + 1];
397
398 if (obj == 0)
399 return (0);
400
401 if (rvIn != 0) {
402 rv = rvIn;
403 } else {
404 rv = initRuleValue(1, 0);
405 if (rv == 0)
406 return (0);
407 }
408
409 if (obj->zo_owner != 0) {
410 if (addSCol2RuleValue("zo_owner", obj->zo_owner, rv) != 0) {
411 freeRuleValue(rv, 1);
412 return (0);
413 }
414 }
415
416 if (obj->zo_group != 0) {
417 if (addSCol2RuleValue("zo_group", obj->zo_group, rv) != 0) {
418 freeRuleValue(rv, 1);
419 return (0);
420 }
421 }
422
423 if (obj->zo_domain != 0) {
424 if (addSCol2RuleValue("zo_domain", obj->zo_domain, rv) != 0) {
425 freeRuleValue(rv, 1);
426 return (0);
427 }
428 }
429
430 (void) memset(abuf, 0, sizeof (abuf));
431 (void) memset(tbuf, 0, sizeof (tbuf));
432
433 sprintf(abuf, "%x", obj->zo_access);
434 sprintf(tbuf, "%x", obj->zo_ttl);
435
436 if (addSCol2RuleValue("zo_access", abuf, rv) != 0) {
437 freeRuleValue(rv, 1);
438 return (0);
439 }
440 if (addSCol2RuleValue("zo_ttl", tbuf, rv) != 0) {
441 freeRuleValue(rv, 1);
442 return (0);
443 }
444
445 return (rv);
446 }
447
448 /*
449 * Returns a pointer to (NOT a copy of) the value for the specified
450 * column 'col' in the rule-value 'rv'.
451 */
452 __nis_value_t *
453 findColValue(char *col, __nis_rule_value_t *rv) {
454 int i;
455
456 if (col == 0 || rv == 0 || rv->numColumns <= 0)
457 return (0);
458
459 for (i = 0; i < rv->numColumns; i++) {
460 if (strcmp(col, rv->colName[i]) == 0)
461 return (&rv->colVal[i]);
462 }
463
464 return (0);
465 }
466
467 /*
468 * Return the NIS+ object attributes (if any) in the rule-value 'rv'.
469 */
470 __nis_obj_attr_t *
471 ruleValue2ObjAttr(__nis_rule_value_t *rv) {
472 __nis_obj_attr_t *attr;
473 __nis_value_t *val;
474 char *myself = "ruleValue2ObjAttr";
475
476 if (rv == 0 || rv->numColumns <= 0)
477 return (0);
478
479 attr = am(myself, sizeof (*attr));
480
481 if ((val = findColValue("zo_owner", rv)) != 0 &&
482 val->type == vt_string && val->numVals == 1 &&
483 val->val[0].value != 0) {
484 attr->zo_owner = sdup(myself, T, val->val[0].value);
485 if (attr->zo_owner == 0) {
486 freeSingleObjAttr(attr);
487 return (0);
488 }
489 }
490
491 if ((val = findColValue("zo_group", rv)) != 0 &&
492 val->type == vt_string && val->numVals == 1 &&
493 val->val[0].value != 0) {
494 attr->zo_group = sdup(myself, T, val->val[0].value);
495 if (attr->zo_group == 0) {
496 freeSingleObjAttr(attr);
497 return (0);
498 }
499 }
500
501 if ((val = findColValue("zo_domain", rv)) != 0 &&
502 val->type == vt_string && val->numVals == 1 &&
503 val->val[0].value != 0) {
504 attr->zo_domain = sdup(myself, T, val->val[0].value);
505 if (attr->zo_domain == 0) {
506 freeSingleObjAttr(attr);
507 return (0);
508 }
509 }
510
511 if ((val = findColValue("zo_access", rv)) != 0 &&
512 val->type == vt_string && val->numVals == 1 &&
513 val->val[0].value != 0) {
514 if (sscanf(val->val[0].value, "%x", &attr->zo_access) != 1) {
515 freeSingleObjAttr(attr);
516 return (0);
517 }
518 }
519
520 if ((val = findColValue("zo_ttl", rv)) != 0 &&
521 val->type == vt_string && val->numVals == 1 &&
522 val->val[0].value != 0) {
523 if (sscanf(val->val[0].value, "%x", &attr->zo_ttl) != 1) {
524 freeSingleObjAttr(attr);
525 return (0);
526 }
527 }
528
529 return (attr);
530 }
531
532 /*
533 * If the supplied string is one of the object attributes, return one.
534 * Otherwise, return zero.
535 */
536 int
537 isObjAttrString(char *str) {
538 if (str == 0)
539 return (0);
540
541 if (strcmp("zo_owner", str) == 0 ||
542 strcmp("zo_group", str) == 0 ||
543 strcmp("zo_domain", str) == 0 ||
544 strcmp("zo_access", str) == 0 ||
545 strcmp("zo_ttl", str) == 0)
546 return (1);
547 else
548 return (0);
549 }
550
551
552 /*
553 * If the supplied value is one of the object attribute strings, return
554 * a pointer to the string. Otherwise, return NULL.
555 */
556 char *
557 isObjAttr(__nis_single_value_t *val) {
558 if (val == 0 || val->length <= 0 || val->value == 0)
559 return (0);
560
561 if (isObjAttrString(val->value))
562 return (val->value);
563 else
564 return (0);
565 }
566
567 int
568 setObjAttrField(char *attrName, __nis_single_value_t *val,
569 __nis_obj_attr_t **objAttr) {
570 __nis_obj_attr_t *attr;
571 char *myself = "setObjAttrField";
572
573 if (attrName == 0 || val == 0 || objAttr == 0 ||
574 val->value == 0 || val->length <= 0)
575 return (-1);
576
577 if (*objAttr != 0) {
578 attr = *objAttr;
579 } else {
580 attr = am(myself, sizeof (*attr));
581 if (attr == 0)
582 return (-2);
583 *objAttr = attr;
584 }
585
586 if (strcmp("zo_owner", attrName) == 0) {
587 if (attr->zo_owner == 0) {
588 attr->zo_owner = sdup(myself, T, val->value);
589 if (attr->zo_owner == 0)
590 return (-11);
591 }
592 } else if (strcmp("zo_group", attrName) == 0) {
593 if (attr->zo_group == 0) {
594 attr->zo_group = sdup(myself, T, val->value);
595 if (attr->zo_group == 0)
596 return (-12);
597 }
598 } else if (strcmp("zo_domain", attrName) == 0) {
599 if (attr->zo_domain == 0) {
600 attr->zo_domain = sdup(myself, T, val->value);
601 if (attr->zo_domain == 0)
602 return (-13);
603 }
604 } else if (strcmp("zo_access", attrName) == 0) {
605 if (attr->zo_access == 0) {
606 if (sscanf(val->value, "%x", &attr->zo_access) != 1)
607 return (-14);
608 }
609 } else if (strcmp("zo_ttl", attrName) == 0) {
610 if (attr->zo_ttl == 0) {
611 if (sscanf(val->value, "%x", &attr->zo_ttl) != 1)
612 return (-15);
613 }
614 }
615
616 return (0);
617 }
618
619 /*
620 * Return a DN and rule-value for the supplied mapping, db_query's, and
621 * input rule-value. This function only works on a single mapping. See
622 * mapToLDAP() below for a description of the action depending on the
623 * values of 'old' and 'new'.
624 *
625 * If both 'old' and 'new' are supplied, and the modify would result
626 * in a change to the DN, '*oldDN' will contain the old DN. Otherwise
627 * (and normally), '*oldDN' will be NULL.
628 */
629 char *
630 map1qToLDAP(__nis_table_mapping_t *t, db_query *old, db_query *new,
631 __nis_rule_value_t *rvIn, __nis_rule_value_t **rvOutP,
632 char **oldDnP) {
633
634 __nis_rule_value_t *rv, *rvt;
635 __nis_ldap_search_t *ls;
636 char *dn = 0, *oldDn = 0;
637 __nis_table_mapping_t del;
638 char *myself = "map1qToLDAP";
639
640 if (t == 0 || (old == 0 && new == 0) || rvOutP == 0)
641 return (0);
642
643 /*
644 * If entry should be deleted, we look at the delete
645 * policy in the table mapping. Should it specify a
646 * rule set, we use that rule set to build a rule-
647 * value, and the delete actually becomes a modify
648 * operation.
649 */
650 if (old != 0 && new == 0) {
651 if (t->objectDN->delDisp == dd_perDbId) {
652 /*
653 * The functions that build a rule-value from a
654 * rule set expect a __nis_table_mapping_t, but the
655 * rule set in the __nis_object_dn_t isn't of that
656 * form. So, build a pseudo-__nis_table_mapping_t that
657 * borrows heavily from 't'.
658 */
659 del = *t;
660
661 del.numRulesToLDAP = del.objectDN->numDbIds;
662 del.ruleToLDAP = del.objectDN->dbId;
663
664 /*
665 * Do a modify with the pseudo-table
666 * mapping, and the 'old' db_query
667 * supplying input to the delete rule
668 * set.
669 */
670 t = &del;
671 new = old;
672 } else if (t->objectDN->delDisp == dd_always) {
673
674 /* Nothing to do here; all handled below */
675
676 } else if (t->objectDN->delDisp == dd_never) {
677
678 return (0);
679
680 } else {
681
682 logmsg(MSG_INVALIDDELDISP, LOG_WARNING,
683 "%s: Invalid delete disposition %d for \"%s\"",
684 myself, t->objectDN->delDisp,
685 NIL(t->dbId));
686 return (0);
687
688 }
689 }
690
691 /* Make a copy of the input rule-value */
692 if (rvIn != 0) {
693 rv = initRuleValue(1, rvIn);
694 if (rv == 0)
695 return (0);
696 } else {
697 rv = 0;
698 }
699
700 /* First get a rule-value from the supplied NIS+ entry. */
701 rvt = rv;
702 rv = buildNisPlusRuleValue(t, ((old != 0) ? old : new), rvt);
703 freeRuleValue(rvt, 1);
704 if (rv == 0) {
705 logmsg(MSG_NORULEVALUE, LOG_WARNING,
706 "%s: No in-query rule-value derived for \"%s\"",
707 myself, NIL(t->dbId));
708 return (0);
709 }
710
711 /*
712 * Create a request (really only care about the DN) from the
713 * supplied NIS+ entry data.
714 */
715 ls = createLdapRequest(t, rv, &dn, 0, NULL, NULL);
716 if (ls == 0 || dn == 0) {
717 logmsg(MSG_NOTIMECHECK, LOG_ERR,
718 "%s: Unable to create LDAP request for %s: %s",
719 myself, NIL(t->dbId),
720 (dn != 0) ? dn : rvId(rv, mit_nisplus));
721 sfree(dn);
722 freeLdapSearch(ls);
723 freeRuleValue(rv, 1);
724 return (0);
725 }
726
727 freeLdapSearch(ls);
728
729 if (new != 0) {
730 /*
731 * Create a rule-value from the new NIS+ entry.
732 * Don't want to mix in the rule-value derived
733 * from 'old', so delete it. However, we still
734 * want the owner, group, etc., from 'rvIn'.
735 */
736 if (old != 0) {
737 freeRuleValue(rv, 1);
738 if (rvIn != 0) {
739 rv = initRuleValue(1, rvIn);
740 if (rv == 0) {
741 sfree(dn);
742 return (0);
743 }
744 } else {
745 rv = 0;
746 }
747 }
748 rvt = rv;
749 rv = buildNisPlusRuleValue(t, new, rvt);
750 freeRuleValue(rvt, 1);
751 if (rv == 0) {
752 logmsg(MSG_NORULEVALUE, LOG_WARNING,
753 "%s: No new rule-value derived for \"%s: %s\"",
754 myself, NIL(t->dbId), dn);
755 sfree(dn);
756 return (0);
757 }
758 /*
759 * Check if the proposed modification would result in a
760 * a change to the DN.
761 */
762 if (old != 0) {
763 oldDn = dn;
764 dn = 0;
765 ls = createLdapRequest(t, rv, &dn, 0, NULL, NULL);
766 if (ls == 0 || dn == 0) {
767 logmsg(MSG_NOTIMECHECK, LOG_ERR,
768 "%s: Unable to create new DN for \"%s: %s\"",
769 myself, NIL(t->dbId), oldDn);
770 sfree(oldDn);
771 freeLdapSearch(ls);
772 freeRuleValue(rv, 1);
773 return (0);
774 }
775 freeLdapSearch(ls);
776 if (strcasecmp(oldDn, dn) == 0) {
777 sfree(oldDn);
778 oldDn = 0;
779 }
780 }
781 }
782
783
784 *rvOutP = rv;
785 if (oldDnP != 0)
786 *oldDnP = oldDn;
787
788 return (dn);
789 }
790
791 /*
792 * Since the DN hash list is an automatic variable, there's no need for
793 * locking, and we remove the locking overhead by using the libnsl
794 * hash functions.
795 */
796 #undef NIS_HASH_ITEM
797 #undef NIS_HASH_TABLE
798 #undef nis_insert_item
799 #undef nis_find_item
800 #undef nis_pop_item
801 #undef nis_remove_item
802
803 typedef struct {
804 NIS_HASH_ITEM item;
805 int index;
806 char *oldDn;
807 } __dn_item_t;
808
809 /*
810 * Update LDAP per the supplied table mapping and db_query's.
811 *
812 * 'nq' is the number of elements in the 'old', 'new', and 'rvIn'
813 * arrays. mapToLDAP() generally performs one update for each
814 * element; however, if one or more of the individual queries
815 * produce the same DN, they're merged into a single update.
816 *
817 * There are four cases, depending on the values of 'old[iq]' and
818 * 'new[iq]':
819 *
820 * (1) old[iq] == 0 && new[iq] == 0
821 * No action; skip to next query
822 *
823 * (2) old[iq] == 0 && new[iq] != 0
824 * Attempt to use the 'new' db_query to get a DN, and try to create
825 * the corresponding LDAP entry.
826 *
827 * (3) old[iq] != 0 && new[iq] == 0
828 * Use the 'old' db_query to get a DN, and try to delete the LDAP
829 * entry per the table mapping.
830 *
831 * (4) old[iq] != 0 && new[iq] != 0
832 * Use the 'old' db_query to get a DN, and update (possibly create)
833 * the corresponding LDAP entry per the 'new' db_query.
834 *
835 * If 'rvIn' is non-NULL, it is expected to contain the object attributes
836 * (zo_owner, etc.) to be written to LDAP. 'rvIn' is an array with 'nq'
837 * elements.
838 *
839 * If 'firstOnly' is set, only the first old[iq]/new[iq] pair is used
840 * to perform the actual update. Any additional queries specified will
841 * have their values folded in, but are not used to derive update targets.
842 * This mode is inteded to support the case where multiple NIS+ entries
843 * map to one and the same LDAP entry. Note that 'rvIn' must still be
844 * an array of 'nq' elements, though if 'firstOnly' is set, it should be
845 * OK to leave all but 'rvIn[0]' empty.
846 *
847 * 'dbId' is used to further narow down the selection of mapping candidates
848 * to those matching the 'dbId' value.
849 */
850 int
851 mapToLDAP(__nis_table_mapping_t *tm, int nq, db_query **old, db_query **new,
852 __nis_rule_value_t *rvIn, int firstOnly, char *dbId) {
853 __nis_table_mapping_t **tp, **tpa;
854 int i, n, rnq, iq, r, ret = LDAP_SUCCESS;
855 int maxMatches, numMatches = 0;
856 __nis_ldap_search_t *ls;
857 char **dn = 0, **odn = 0;
858 __nis_rule_value_t **rv;
859 NIS_HASH_TABLE dntab;
860 __dn_item_t *dni;
861 char *myself = "mapToLDAP";
862
863
864 if (tm == 0 || (old == 0 && new == 0) || nq <= 0)
865 return (LDAP_PARAM_ERROR);
866
867 /* Determine maximum number of table mapping matches */
868 if (nq == 1) {
869 tp = selectTableMapping(tm,
870 (old != 0 && old[0] != 0) ? old[0] : new[0], 1, 0,
871 dbId, &maxMatches);
872 numMatches = maxMatches;
873 } else {
874 tp = selectTableMapping(tm, 0, 1, 0, dbId, &maxMatches);
875 }
876
877 /*
878 * If no matching mapping, we're not mapping to LDAP in this
879 * particular case.
880 */
881 if (tp == 0 || maxMatches == 0) {
882 sfree(tp);
883 return (LDAP_SUCCESS);
884 }
885
886 /*
887 * Allocate the 'rv', 'dn', and 'tpa' arrays. Worst case is that
888 * we need nq * maxMatches elements in each array. However, if
889 * 'firstOnly' is set, we only need one element per matching
890 * mapping in each.
891 */
892 dn = am(myself, (firstOnly ? 1 : nq) * maxMatches * sizeof (dn[0]));
893 odn = am(myself, (firstOnly ? 1 : nq) * maxMatches * sizeof (odn[0]));
894 rv = am(myself, (firstOnly ? 1 : nq) * maxMatches * sizeof (rv[0]));
895 tpa = am(myself, (firstOnly ? 1 : nq) * maxMatches * sizeof (tpa[0]));
896 if (dn == 0 || odn == 0 || rv == 0 || tpa == 0) {
897 sfree(tp);
898 sfree(dn);
899 sfree(odn);
900 sfree(rv);
901 sfree(tpa);
902 return (LDAP_NO_MEMORY);
903 }
904
905 /* Unless nq == 1, we don't need the 'tp' value */
906 if (nq != 1)
907 sfree(tp);
908
909 logmsg(MSG_NOTIMECHECK,
910 #ifdef NISDB_LDAP_DEBUG
911 LOG_WARNING,
912 #else
913 LOG_INFO,
914 #endif /* NISDB_LDAP_DEBUG */
915 "%s: %s: %d * %d potential updates",
916 myself, NIL(tm->objName), nq, maxMatches);
917
918 (void) memset(&dntab, 0, sizeof (dntab));
919
920 /*
921 * Create DNs, column and attribute values, and merge duplicate DNs.
922 */
923 for (iq = 0, rnq = 0; iq < nq; iq++) {
924 int idx;
925
926 if ((old == 0 || old[iq] == 0) &&
927 (new == 0 || new[iq] == 0))
928 continue;
929
930 /*
931 * Select matching table mappings; if nq == 1, we've already
932 * got the 'tp' array from above. We expect this to be the
933 * most common case, so it's worth special treatment.
934 */
935 if (nq != 1)
936 tp = selectTableMapping(tm,
937 (old != 0 && old[iq] != 0) ? old[iq] : new[iq], 1, 0,
938 dbId, &numMatches);
939 if (tp == 0)
940 continue;
941 else if (numMatches <= 0) {
942 sfree(tp);
943 continue;
944 }
945
946 idx = iq * maxMatches;
947
948 if (idx == 0 || !firstOnly)
949 (void) memcpy(&tpa[idx], tp,
950 numMatches * sizeof (tpa[idx]));
951
952 for (n = 0; n < numMatches; n++) {
953 char *dnt, *odnt;
954 __nis_rule_value_t *rvt = 0;
955
956 if (tp[n] == 0)
957 continue;
958
959 dnt = map1qToLDAP(tp[n],
960 (old != 0) ? old[iq] : 0,
961 (new != 0) ? new[iq] : 0,
962 (rvIn != 0) ? &rvIn[iq] : 0,
963 &rvt, &odnt);
964
965 if (dnt == 0)
966 continue;
967 if (rvt == 0) {
968 #ifdef NISDB_LDAP_DEBUG
969 abort();
970 #else
971 sfree(dnt);
972 sfree(odnt);
973 continue;
974 #endif /* NISDB_LDAP_DEBUG */
975 }
976
977 /*
978 * Create a request to get a rule-value with
979 * NIS+ data translated to LDAP equivalents.
980 */
981 ls = createLdapRequest(tp[n], rvt, 0, 0, NULL, NULL);
982 if (ls == 0) {
983 if (ret == LDAP_SUCCESS)
984 ret = LDAP_OPERATIONS_ERROR;
985 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
986 "%s: Unable to map to LDAP attrs for %s:dn=%s",
987 myself, NIL(tp[n]->dbId), dnt);
988 sfree(dnt);
989 freeRuleValue(rvt, 1);
990 continue;
991 }
992 freeLdapSearch(ls);
993
994 /*
995 * If the DN is the same as one we already know
996 * about, merge the rule-values.
997 */
998
999 dni = (__dn_item_t *)nis_find_item(dnt, &dntab);
1000 if (dni != 0) {
1001 i = dni->index;
1002
1003 if (i >= (firstOnly ? ((idx < maxMatches) ?
1004 idx : maxMatches) : idx)) {
1005 goto update_cleanup;
1006 }
1007
1008 if (odnt != 0 && (dni->oldDn == 0 ||
1009 strcasecmp(odnt, dni->oldDn) !=
1010 0)) {
1011 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
1012 "%s: DN mismatch while merging updates: %s: %s != %s",
1013 myself, NIL(tpa[i]->dbId),
1014 NIL(odnt), NIL(dni->oldDn));
1015 goto update_cleanup;
1016 }
1017
1018 if (mergeRuleValue(rv[i], rvt)) {
1019 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
1020 "%s: Error merging updates for %s:dn=%s",
1021 myself, NIL(tpa[i]->dbId),
1022 dn[i]);
1023 if ((dni = (__dn_item_t *)
1024 nis_remove_item(dnt, &dntab)) !=
1025 0) {
1026 i = dni->index;
1027 sfree(dn[i]);
1028 dn[i] = 0;
1029 tpa[i] = 0;
1030 freeRuleValue(rv[i], 1);
1031 rv[i] = 0;
1032 sfree(dni);
1033 }
1034 goto update_cleanup;
1035 }
1036 update_cleanup:
1037 sfree(dnt);
1038 dnt = 0;
1039 sfree(odnt);
1040 odnt = 0;
1041 freeRuleValue(rvt, 1);
1042 rvt = 0;
1043 } else if ((iq == 0 || !firstOnly) && dnt != 0) {
1044 dni = am(myself, sizeof (*dni));
1045 if (dni != 0) {
1046 dni->item.name = dnt;
1047 dni->index = idx + n;
1048 dni->oldDn = odnt;
1049 } else {
1050 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
1051 "%s: Skipping update for dn=\"%s\"",
1052 myself, dnt);
1053 sfree(dnt);
1054 dnt = 0;
1055 }
1056 if (dni != 0 &&
1057 nis_insert_item((NIS_HASH_ITEM *)dni,
1058 &dntab) != 1) {
1059 logmsg(MSG_NOTIMECHECK, LOG_ERR,
1060 "%s: Unable to memorize dn=\"%s\"",
1061 myself, dnt);
1062 sfree(dnt);
1063 dnt = 0;
1064 sfree(odnt);
1065 odnt = 0;
1066 }
1067 if (dnt != 0) {
1068 dn[idx+n] = dnt;
1069 odn[idx+n] = odnt;
1070 rv[idx+n] = rvt;
1071 rnq++;
1072 } else {
1073 freeRuleValue(rvt, 1);
1074 rvt = 0;
1075 }
1076 } else if (dnt != 0) {
1077 sfree(dnt);
1078 sfree(odnt);
1079 freeRuleValue(rvt, 1);
1080 }
1081 }
1082 sfree(tp);
1083 }
1084
1085 /* Done with the dntab */
1086 while ((dni = (__dn_item_t *)nis_pop_item(&dntab)) != 0) {
1087 sfree(dni);
1088 }
1089
1090 logmsg(MSG_NOTIMECHECK,
1091 #ifdef NISDB_LDAP_DEBUG
1092 LOG_WARNING,
1093 #else
1094 LOG_INFO,
1095 #endif /* NISDB_LDAP_DEBUG */
1096 "%s: %s: %d update%s requested",
1097 myself, NIL(tm->objName), rnq, rnq != 1 ? "s" : "");
1098
1099 /* Perform the updates */
1100 for (i = rnq = 0; i < (firstOnly ? maxMatches : nq*maxMatches); i++) {
1101 int delPerDbId;
1102
1103 if (dn[i] == 0)
1104 continue;
1105
1106 #ifdef NISDB_LDAP_DEBUG
1107 logmsg(MSG_NOTIMECHECK, LOG_INFO,
1108 "%s: %s %s:dn=%s",
1109 myself,
1110 (new != 0 && new[i/maxMatches] != 0) ?
1111 "modify" : "delete",
1112 NIL(tpa[i]->dbId), dn[i]);
1113 #endif /* NISDB_LDAP_DEBUG */
1114
1115 delPerDbId = (tpa[i]->objectDN->delDisp == dd_perDbId);
1116 if ((new != 0 && new[i/maxMatches] != 0) || delPerDbId) {
1117 /*
1118 * Try to modify/create the specified DN. First,
1119 * however, if the update changes the DN, make
1120 * that change.
1121 */
1122 if (odn[i] == 0 || (r = ldapChangeDN(odn[i], dn[i])) ==
1123 LDAP_SUCCESS) {
1124 int addFirst;
1125
1126 addFirst = (new != 0 &&
1127 new[i/maxMatches] != 0 &&
1128 !delPerDbId);
1129 r = ldapModify(dn[i], rv[i],
1130 tpa[i]->objectDN->write.attrs,
1131 addFirst);
1132 }
1133 } else {
1134 /* Try to delete the specified DN */
1135 r = ldapModify(dn[i], 0,
1136 tpa[i]->objectDN->write.attrs, 0);
1137 }
1138
1139 if (r == LDAP_SUCCESS) {
1140 rnq++;
1141 } else {
1142 if (ret == LDAP_SUCCESS)
1143 ret = r;
1144 logmsg(MSG_NOTIMECHECK, LOG_ERR,
1145 "%s: LDAP %s request error %d for %s:dn=%s",
1146 myself,
1147 (new != 0 && new[i/maxMatches] != 0) ?
1148 "modify" : "delete",
1149 r, NIL(tpa[i]->dbId), dn[i]);
1150 }
1151
1152 sfree(dn[i]);
1153 dn[i] = 0;
1154 freeRuleValue(rv[i], 1);
1155 rv[i] = 0;
1156 }
1157
1158 sfree(dn);
1159 sfree(odn);
1160 sfree(rv);
1161 sfree(tpa);
1162
1163 logmsg(MSG_NOTIMECHECK,
1164 #ifdef NISDB_LDAP_DEBUG
1165 LOG_WARNING,
1166 #else
1167 LOG_INFO,
1168 #endif /* NISDB_LDAP_DEBUG */
1169 "%s: %s: %d update%s performed",
1170 myself, NIL(tm->objName), rnq, rnq != 1 ? "s" : "");
1171
1172 return (ret);
1173 }
1174
1175 /*
1176 * In nis+2ldap, check if the query 'q' matches the selector index 'x->index'.
1177 *
1178 * In nis2ldap, if 'name' is provided then check if its value in 'val'
1179 * matches the selector index. If 'name' is NULL, then check if rule-value 'rv'
1180 * matches the index.
1181 * To match the selector index, all fieldspecs in the indexlist should match
1182 * (AND). In nis2ldap, an exception is, if there are multiple fieldspecs with
1183 * the same fieldname then only one of them needs to match (OR).
1184 * Example:
1185 * Indexlist = [host="H*", host="I*", user="U*", domain="D*"]
1186 * Then,
1187 * host = "H1", user="U1", domain="D1" ==> pass
1188 * host = "I1", user="U1", domain="D1" ==> pass
1189 * host = "X1", user="U1", domain="D1" ==> fail
1190 * host = "H1", user="X1", domain="D1" ==> fail
1191 * host = "H1", user="U1" ==> fail
1192 *
1193 * Return 1 in case of a match, 0 otherwise.
1194 */
1195 int
1196 verifyIndexMatch(__nis_table_mapping_t *x, db_query *q,
1197 __nis_rule_value_t *rv, char *name, char *val) {
1198 int i, j, k, match = 1;
1199 char *myself = "verifyIndexMatch";
1200
1201 /*
1202 * The pass and fail arrays are used by N2L to keep track of
1203 * index matches. This saves us from having matches in a
1204 * nested loop to decide OR or AND.
1205 */
1206 int ppos, fpos;
1207 char **pass, **fail;
1208
1209 if (x == 0)
1210 return (0);
1211
1212 /* Trivial match */
1213 if (x->index.numIndexes <= 0 || (!yp2ldap && q == 0))
1214 return (1);
1215
1216 if (yp2ldap) {
1217 if (!(pass = am(myself, x->index.numIndexes * sizeof (char *))))
1218 return (0);
1219 if (!(fail = am(myself,
1220 x->index.numIndexes * sizeof (char *)))) {
1221 sfree(pass);
1222 return (0);
1223 }
1224 ppos = fpos = 0;
1225 }
1226
1227 /* Check each index */
1228 for (i = 0; i < x->index.numIndexes; i++) {
1229 int len = 0;
1230 char *value = 0;
1231
1232 /* Skip NULL index names */
1233 if (x->index.name[i] == 0)
1234 continue;
1235
1236 /* Check N2L values */
1237 if (yp2ldap) {
1238 if (name) {
1239 if (strcasecmp(x->index.name[i], name) == 0)
1240 value = val;
1241 else
1242 continue;
1243 } else if (rv) {
1244 if (strcasecmp(x->index.name[i], N2LKEY) == 0 ||
1245 strcasecmp(x->index.name[i], N2LIPKEY)
1246 == 0)
1247 continue;
1248 value = findVal(x->index.name[i], rv,
1249 mit_nisplus);
1250 }
1251
1252 if (value && verifyMappingMatch(x->index.value[i],
1253 value))
1254 pass[ppos++] = x->index.name[i];
1255 else
1256 fail[fpos++] = x->index.name[i];
1257 continue;
1258 }
1259
1260 /* If here, means nis+2ldap */
1261
1262 /* Is the index name a known column ? */
1263 for (j = 0; j < x->numColumns; j++) {
1264 if (strcmp(x->index.name[i], x->column[j]) == 0) {
1265 /*
1266 * Do we have a value for the column ?
1267 */
1268 for (k = 0; k < q->components.components_len;
1269 k++) {
1270 if (q->components.components_val[k].
1271 which_index == j) {
1272 value = q->components.
1273 components_val[k].
1274 index_value->
1275 itemvalue.
1276 itemvalue_val;
1277 len = q->components.
1278 components_val[k].
1279 index_value->
1280 itemvalue.
1281 itemvalue_len;
1282 break;
1283 }
1284 }
1285 if (value != 0)
1286 break;
1287 }
1288 }
1289
1290 /*
1291 * If we found a value, check if it matches the
1292 * format. If no value found or no match, this
1293 * mapping is _not_ an alternative. Otherwise,
1294 * we continue checking any other indexes.
1295 */
1296 if (value == 0 ||
1297 !verifyMappingMatch(x->index.value[i],
1298 value)) {
1299 match = 0;
1300 break;
1301 }
1302 }
1303
1304 if (yp2ldap) {
1305 for (--fpos; fpos >= 0; fpos--) {
1306 for (i = 0; i < ppos; i++) {
1307 if (strcmp(pass[i], fail[fpos]) == 0)
1308 break;
1309 }
1310 if (i == ppos) {
1311 match = 0;
1312 break;
1313 }
1314 }
1315 sfree(pass);
1316 sfree(fail);
1317 }
1318
1319 return (match);
1320 }
1321
1322 /*
1323 * Return all table mappings that match the column values in 'q'.
1324 * If there's no match, return those alternative mappings that don't
1325 * have an index; if no such mapping exists, return NULL.
1326 *
1327 * If 'wantWrite' is set, we want mappings for writing (i.e., data
1328 * to LDAP); otherwise, we want mappings for reading.
1329 *
1330 * If 'wantObj' is set, we want object mappings only (i.e., _not_
1331 * those used to map entries in tables).
1332 *
1333 * If 'dbId' is non-NULL, we select mappings with a matching dbId field.
1334 */
1335 __nis_table_mapping_t **
1336 selectTableMapping(__nis_table_mapping_t *t, db_query *q,
1337 int wantWrite, int wantObj, char *dbId,
1338 int *numMatches) {
1339 __nis_table_mapping_t *r, *x, **tp;
1340 int i, j, k, nm, numap;
1341 char *myself = "selectTableMapping";
1342
1343 if (numMatches == 0)
1344 numMatches = &nm;
1345
1346 /*
1347 * Count the number of possible mappings, so that we can
1348 * allocate the 'tp' array up front.
1349 */
1350 for (numap = 0, x = t; x != 0; numap++, x = x->next);
1351
1352 if (numap == 0) {
1353 *numMatches = 0;
1354 return (0);
1355 }
1356
1357 tp = am(myself, numap * sizeof (tp[0]));
1358 if (tp == 0) {
1359 *numMatches = -1;
1360 return (0);
1361 }
1362
1363 /*
1364 * Special cases:
1365 *
1366 * q == 0 trivially matches any 't' of the correct object type
1367 *
1368 * wantObj != 0 means we ignore 'q'
1369 */
1370 if (q == 0 || wantObj) {
1371 for (i = 0, x = t, nm = 0; i < numap; i++, x = x->next) {
1372 if (x->objectDN == 0)
1373 continue;
1374 if (wantWrite) {
1375 if (x->objectDN->write.scope ==
1376 LDAP_SCOPE_UNKNOWN)
1377 continue;
1378 } else {
1379 if (x->objectDN->read.scope ==
1380 LDAP_SCOPE_UNKNOWN)
1381 continue;
1382 }
1383 if (wantObj) {
1384 if (x->numColumns > 0)
1385 continue;
1386 } else {
1387 if (x->numColumns <= 0)
1388 continue;
1389 }
1390 if (dbId != 0 && x->dbId != 0 &&
1391 strcmp(dbId, x->dbId) != 0)
1392 continue;
1393 tp[nm] = x;
1394 nm++;
1395 }
1396 *numMatches = nm;
1397 if (nm == 0) {
1398 sfree(tp);
1399 tp = 0;
1400 }
1401 return (tp);
1402 }
1403
1404 /* Scan all mappings, and collect candidates */
1405 for (nm = 0, r = 0, x = t; x != 0; x = x->next) {
1406 if (x->objectDN == 0)
1407 continue;
1408 if (wantWrite) {
1409 if (x->objectDN->write.scope == LDAP_SCOPE_UNKNOWN)
1410 continue;
1411 } else {
1412 if (x->objectDN->read.scope == LDAP_SCOPE_UNKNOWN)
1413 continue;
1414 }
1415 /* Only want table/entry mappings */
1416 if (x->numColumns <= 0)
1417 continue;
1418 if (dbId != 0 && x->dbId != 0 &&
1419 strcmp(dbId, x->dbId) != 0)
1420 continue;
1421 /*
1422 * It's a match if: there are no indexes, or we actually
1423 * match the query with the indexes.
1424 */
1425 if (x->index.numIndexes <= 0 ||
1426 verifyIndexMatch(x, q, 0, 0, 0)) {
1427 tp[nm] = x;
1428 nm++;
1429 }
1430 }
1431
1432 if (nm == 0) {
1433 free(tp);
1434 tp = 0;
1435 }
1436
1437 *numMatches = nm;
1438
1439 return (tp);
1440 }
1441
1442 /*
1443 * Return 1 if there's an indexed mapping, 0 otherwise.
1444 */
1445 int
1446 haveIndexedMapping(__nis_table_mapping_t *t) {
1447 __nis_table_mapping_t *x;
1448
1449 for (x = t; x != 0; x = x->next) {
1450 if (x->index.numIndexes > 0)
1451 return (1);
1452 }
1453
1454 return (0);
1455 }
1456
1457 /*
1458 * Given an input string 'attrs' of the form "attr1=val1,attr2=val2,...",
1459 * or a filter, return the value associated with the attribute 'attrName'.
1460 * If no instance of 'attrName' is found, return 'default'. In all cases,
1461 * the return value is a copy, and must be freed by the caller.
1462 *
1463 * Of course, return NULL in case of failure.
1464 */
1465 static char *
1466 attrVal(char *msg, char *attrName, char *def, char *attrs) {
1467 char *val, *filter, **fc = 0;
1468 int i, nfc;
1469 char *myself = "attrVal";
1470
1471 if (attrName == 0 || attrs == 0)
1472 return (0);
1473
1474 if (msg == 0)
1475 msg = myself;
1476
1477 val = def;
1478
1479 filter = makeFilter(attrs);
1480 if (filter != 0 && (fc = makeFilterComp(filter, &nfc)) != 0 &&
1481 nfc > 0) {
1482 for (i = 0; i < nfc; i++) {
1483 char *name, *value;
1484
1485 name = fc[i];
1486 /* Skip if not of attr=value form */
1487 if ((value = strchr(name, '=')) == 0)
1488 continue;
1489
1490 *value = '\0';
1491 value++;
1492
1493 if (strcasecmp(attrName, name) == 0) {
1494 val = value;
1495 break;
1496 }
1497 }
1498 }
1499
1500 if (val != 0)
1501 val = sdup(msg, T, val);
1502
1503 sfree(filter);
1504 freeFilterComp(fc, nfc);
1505
1506 return (val);
1507 }
1508
1509 extern bool_t xdr_nis_object(register XDR *xdrs, nis_object *objp);
1510
1511 /*
1512 * Copy an XDR:ed version of the NIS+ object 'o' (or the one indicated
1513 * by 't->objName' if 'o' is NULL) to the place indicated by
1514 * 't->objectDN->write'. Return an appropriate LDAP status code.
1515 */
1516 int
1517 objToLDAP(__nis_table_mapping_t *t, nis_object *o, entry_obj **ea, int numEa) {
1518 __nis_table_mapping_t **tp;
1519 XDR xdr;
1520 nis_result *res = 0;
1521 char *objName;
1522 int stat, osize, n, numMatches = 0;
1523 void *buf;
1524 __nis_rule_value_t *rv;
1525 __nis_value_t *val;
1526 __nis_single_value_t *sv;
1527 char **attrName, *dn;
1528 char *myself = "objToLDAP";
1529
1530 if (t == 0)
1531 return (LDAP_PARAM_ERROR);
1532
1533 logmsg(MSG_NOTIMECHECK,
1534 #ifdef NISDB_LDAP_DEBUG
1535 LOG_WARNING,
1536 #else
1537 LOG_INFO,
1538 #endif /* NISDB_LDAP_DEBUG */
1539 "%s: %s", myself, NIL(t->objName));
1540
1541 tp = selectTableMapping(t, 0, 1, 1, 0, &numMatches);
1542 if (tp == 0 || numMatches <= 0) {
1543 sfree(tp);
1544 logmsg(MSG_NOTIMECHECK,
1545 #ifdef NISDB_LDAP_DEBUG
1546 LOG_WARNING,
1547 #else
1548 LOG_INFO,
1549 #endif /* NISDB_LDAP_DEBUG */
1550 "%s: %s (no mapping)", myself, NIL(t->objName));
1551 return (LDAP_SUCCESS);
1552 }
1553
1554 for (n = 0; n < numMatches; n++) {
1555
1556 t = tp[n];
1557
1558 if (o == 0) {
1559 stat = getNisPlusObj(t->objName, myself, &res);
1560 if (stat != LDAP_SUCCESS) {
1561 sfree(tp);
1562 return (stat);
1563 }
1564
1565 /*
1566 * getNisPlusObj() only returns success when res != 0,
1567 * and res->objects.objects_len > 0, so no need to
1568 * check for those conditons.
1569 */
1570
1571 o = res->objects.objects_val;
1572 if (o == 0) {
1573 sfree(tp);
1574 nis_freeresult(res);
1575 return (LDAP_OPERATIONS_ERROR);
1576 }
1577 if (o->zo_data.zo_type == NIS_DIRECTORY_OBJ) {
1578 /* XXX??? get dir list, set 'ea' and 'numEa' */
1579 }
1580 }
1581
1582 buf = (char *)xdrNisObject(o, ea, numEa, &osize);
1583 if (res != 0) {
1584 nis_freeresult(res);
1585 res = 0;
1586 }
1587 if (buf == 0) {
1588 sfree(tp);
1589 return (LDAP_OPERATIONS_ERROR);
1590 }
1591
1592 /*
1593 * Prepare to build a rule-value containing the XDR:ed
1594 * object
1595 */
1596 rv = am(myself, sizeof (*rv));
1597 sv = am(myself, sizeof (*sv));
1598 val = am(myself, sizeof (*val));
1599 attrName = am(myself, sizeof (attrName[0]));
1600 if (attrName != 0)
1601 attrName[0] = attrVal(myself, "nisplusObject",
1602 "nisplusObject",
1603 t->objectDN->write.attrs);
1604 if (rv == 0 || sv == 0 || val == 0 || attrName == 0 ||
1605 attrName[0] == 0) {
1606 sfree(tp);
1607 sfree(buf);
1608 sfree(rv);
1609 sfree(sv);
1610 sfree(val);
1611 sfree(attrName);
1612 return (LDAP_NO_MEMORY);
1613 }
1614
1615 sv->length = osize;
1616 sv->value = buf;
1617
1618 /* 'vt_ber' just means "not a NUL-terminated string" */
1619 val->type = vt_ber;
1620 val->repeat = 0;
1621 val->numVals = 1;
1622 val->val = sv;
1623
1624 rv->numAttrs = 1;
1625 rv->attrName = attrName;
1626 rv->attrVal = val;
1627
1628 /*
1629 * The 'write.base' is the actual DN of the entry (and the
1630 * scope had better be 'base', but we don't check that).
1631 */
1632 dn = t->objectDN->write.base;
1633
1634 stat = ldapModify(dn, rv, t->objectDN->write.attrs, 1);
1635
1636 freeRuleValue(rv, 1);
1637
1638 logmsg(MSG_NOTIMECHECK,
1639 #ifdef NISDB_LDAP_DEBUG
1640 LOG_WARNING,
1641 #else
1642 LOG_INFO,
1643 #endif /* NISDB_LDAP_DEBUG */
1644 "%s: %s (%s)", myself, NIL(t->objName), ldap_err2string(stat));
1645
1646 if (stat != LDAP_SUCCESS)
1647 break;
1648
1649 }
1650
1651 sfree(tp);
1652
1653 return (stat);
1654 }
1655
1656 /*
1657 * Retrieve a copy of the 't->objName' object from LDAP, where it's
1658 * stored in XDR:ed form in the place indicated by 't->objectDN->read'.
1659 * Un-XDR the object, and return a pointer to it in '*obj'; it's the
1660 * responsibility of the caller to free the object when it's no
1661 * longer needed.
1662 *
1663 * Returns an appropriate LDAP status.
1664 */
1665 int
1666 objFromLDAP(__nis_table_mapping_t *t, nis_object **obj,
1667 entry_obj ***eaP, int *numEaP) {
1668 __nis_table_mapping_t **tp;
1669 XDR xdr;
1670 nis_object *o;
1671 __nis_rule_value_t *rv;
1672 __nis_ldap_search_t *ls;
1673 char *attrs[2], *filter, **fc = 0;
1674 void *buf;
1675 int i, j, nfc, nrv, blen, stat = LDAP_SUCCESS;
1676 int n, numMatches;
1677 char *myself = "objFromLDAP";
1678
1679 if (t == 0)
1680 return (LDAP_PARAM_ERROR);
1681
1682 /*
1683 * If there's nowhere to store the result, we might as
1684 * well pretend all went well, and return right away.
1685 */
1686 if (obj == 0)
1687 return (LDAP_SUCCESS);
1688
1689 /* Prepare for the worst */
1690 *obj = 0;
1691
1692 logmsg(MSG_NOTIMECHECK,
1693 #ifdef NISDB_LDAP_DEBUG
1694 LOG_WARNING,
1695 #else
1696 LOG_INFO,
1697 #endif /* NISDB_LDAP_DEBUG */
1698 "%s: %s", myself, NIL(t->objName));
1699
1700 tp = selectTableMapping(t, 0, 0, 1, 0, &numMatches);
1701 if (tp == 0 || numMatches <= 0) {
1702 sfree(tp);
1703 logmsg(MSG_NOTIMECHECK,
1704 #ifdef NISDB_LDAP_DEBUG
1705 LOG_WARNING,
1706 #else
1707 LOG_INFO,
1708 #endif /* NISDB_LDAP_DEBUG */
1709 "%s: %s (no mapping)", myself, NIL(t->objName));
1710 return (LDAP_SUCCESS);
1711 }
1712
1713 for (n = 0; n < numMatches; n++) {
1714
1715 t = tp[n];
1716
1717 filter = makeFilter(t->objectDN->read.attrs);
1718 if (filter == 0 || (fc = makeFilterComp(filter, &nfc)) == 0 ||
1719 nfc <= 0) {
1720 sfree(tp);
1721 sfree(filter);
1722 freeFilterComp(fc, nfc);
1723 return ((t->objectDN->read.attrs != 0) ?
1724 LDAP_NO_MEMORY : LDAP_PARAM_ERROR);
1725 }
1726 /* Don't need the filter, just the components */
1727 sfree(filter);
1728
1729 /*
1730 * Look for a "nisplusObject" attribute, and (if found) copy
1731 * the value to attrs[0]. Also remove the "nisplusObject"
1732 * attribute and value from the filter components.
1733 */
1734 attrs[0] = sdup(myself, T, "nisplusObject");
1735 if (attrs[0] == 0) {
1736 sfree(tp);
1737 freeFilterComp(fc, nfc);
1738 return (LDAP_NO_MEMORY);
1739 }
1740 attrs[1] = 0;
1741 for (i = 0; i < nfc; i++) {
1742 char *name, *value;
1743 int compare;
1744
1745 name = fc[i];
1746 /* Skip if not of attr=value form */
1747 if ((value = strchr(name, '=')) == 0)
1748 continue;
1749
1750 /* Temporarily overWrite the '=' with a '\0' */
1751 *value = '\0';
1752
1753 /* Compare with our target attribute name */
1754 compare = strcasecmp("nisplusObject", name);
1755
1756 /* Put back the '=' */
1757 *value = '=';
1758
1759 /* Is it the name we're looking for ? */
1760 if (compare == 0) {
1761 sfree(attrs[0]);
1762 attrs[0] = sdup(myself, T, value+1);
1763 if (attrs[0] == 0) {
1764 sfree(tp);
1765 freeFilterComp(fc, nfc);
1766 return (LDAP_NO_MEMORY);
1767 }
1768 sfree(fc[i]);
1769 if (i < nfc-1)
1770 (void) memmove(&fc[i], &fc[i+1],
1771 (nfc-1-i) * sizeof (fc[i]));
1772 nfc--;
1773 break;
1774 }
1775 }
1776
1777 ls = buildLdapSearch(t->objectDN->read.base,
1778 t->objectDN->read.scope,
1779 nfc, fc, 0, attrs, 0, 1);
1780 sfree(attrs[0]);
1781 freeFilterComp(fc, nfc);
1782 if (ls == 0) {
1783 sfree(tp);
1784 return (LDAP_OPERATIONS_ERROR);
1785 }
1786
1787 nrv = 0;
1788 rv = ldapSearch(ls, &nrv, 0, &stat);
1789 if (rv == 0) {
1790 sfree(tp);
1791 freeLdapSearch(ls);
1792 return (stat);
1793 }
1794
1795 for (i = 0, buf = 0; i < nrv && buf == 0; i++) {
1796 for (j = 0; j < rv[i].numAttrs; j++) {
1797 if (strcasecmp(ls->attrs[0],
1798 rv[i].attrName[j]) == 0) {
1799 if (rv[i].attrVal[j].numVals <= 0)
1800 continue;
1801 buf = rv[i].attrVal[j].val[0].value;
1802 blen = rv[i].attrVal[j].val[0].length;
1803 break;
1804 }
1805 }
1806 }
1807
1808 if (buf != 0) {
1809 o = unXdrNisObject(buf, blen, eaP, numEaP);
1810 if (o == 0) {
1811 sfree(tp);
1812 freeLdapSearch(ls);
1813 freeRuleValue(rv, nrv);
1814 return (LDAP_OPERATIONS_ERROR);
1815 }
1816 stat = LDAP_SUCCESS;
1817 *obj = o;
1818 } else {
1819 stat = LDAP_NO_SUCH_OBJECT;
1820 }
1821
1822 freeLdapSearch(ls);
1823 freeRuleValue(rv, nrv);
1824
1825 logmsg(MSG_NOTIMECHECK,
1826 #ifdef NISDB_LDAP_DEBUG
1827 LOG_WARNING,
1828 #else
1829 LOG_INFO,
1830 #endif /* NISDB_LDAP_DEBUG */
1831 "%s: %s (%s)", myself, NIL(t->objName), ldap_err2string(stat));
1832
1833 if (stat != LDAP_SUCCESS)
1834 break;
1835
1836 }
1837
1838 sfree(tp);
1839
1840 return (stat);
1841 }
1842
1843 int
1844 deleteLDAPobj(__nis_table_mapping_t *t) {
1845 __nis_table_mapping_t **tp;
1846 int n, stat, numMatches = 0;
1847 char *myself = "deleteLDAPobj";
1848
1849 if (t == 0)
1850 return (LDAP_PARAM_ERROR);
1851
1852 logmsg(MSG_NOTIMECHECK,
1853 #ifdef NISDB_LDAP_DEBUG
1854 LOG_WARNING,
1855 #else
1856 LOG_INFO,
1857 #endif /* NISDB_LDAP_DEBUG */
1858 "%s: %s", myself, NIL(t->objName));
1859
1860 tp = selectTableMapping(t, 0, 1, 1, 0, &numMatches);
1861 if (tp == 0 || numMatches <= 0) {
1862 sfree(tp);
1863 logmsg(MSG_NOTIMECHECK,
1864 #ifdef NISDB_LDAP_DEBUG
1865 LOG_WARNING,
1866 #else
1867 LOG_INFO,
1868 #endif /* NISDB_LDAP_DEBUG */
1869 "%s: %s (no mapping)", myself, NIL(t->objName));
1870 return (LDAP_SUCCESS);
1871 }
1872
1873 for (n = 0; n < numMatches; n++) {
1874
1875 t = tp[n];
1876
1877 if (t->objectDN->delDisp == dd_always) {
1878 /* Delete entire entry */
1879 stat = ldapModify(t->objectDN->write.base, 0,
1880 t->objectDN->write.attrs, 1);
1881 } else if (t->objectDN->delDisp == dd_perDbId) {
1882 /*
1883 * Delete the attribute holding the object.
1884 * First, determine what that attribute is called.
1885 */
1886 char *attrName =
1887 attrVal(myself,
1888 "nisplusObject",
1889 "nisplusObject",
1890 t->objectDN->write.attrs);
1891 __nis_rule_value_t rv;
1892 __nis_value_t val;
1893
1894 if (attrName == 0) {
1895 sfree(tp);
1896 return (LDAP_NO_MEMORY);
1897 }
1898
1899 /*
1900 * Build a __nis_value_t with 'numVals' < 0 to
1901 * indicate deletion.
1902 */
1903 val.type = vt_ber;
1904 val.numVals = -1;
1905 val.val = 0;
1906
1907 /*
1908 * Build a rule-value with the name we determined
1909 * above, and the deletion value.
1910 */
1911 (void) memset(&rv, 0, sizeof (rv));
1912 rv.numAttrs = 1;
1913 rv.attrName = &attrName;
1914 rv.attrVal = &val;
1915
1916 stat = ldapModify(t->objectDN->write.base, &rv,
1917 t->objectDN->write.attrs, 0);
1918
1919 sfree(attrName);
1920 } else if (t->objectDN->delDisp == dd_never) {
1921 /* Nothing to do, so we're trivially successful */
1922 stat = LDAP_SUCCESS;
1923 } else {
1924 stat = LDAP_PARAM_ERROR;
1925 }
1926
1927 logmsg(MSG_NOTIMECHECK,
1928 #ifdef NISDB_LDAP_DEBUG
1929 LOG_WARNING,
1930 #else
1931 LOG_INFO,
1932 #endif /* NISDB_LDAP_DEBUG */
1933 "%s: %s (%s)", myself, NIL(t->objName), ldap_err2string(stat));
1934
1935 /* If there were no such object, we've trivially succeeded */
1936 if (stat == LDAP_NO_SUCH_OBJECT)
1937 stat = LDAP_SUCCESS;
1938
1939 if (stat != LDAP_SUCCESS)
1940 break;
1941
1942 }
1943
1944 sfree(tp);
1945
1946 return (stat);
1947 }
OpenSolaris (git bridge)