ldap_ruleval.c revision 36e852a172cba914383d7341c988128b2c667fbd
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <lber.h>
#include <ldap.h>
#include <strings.h>
#include "nisdb_mt.h"
#include "ldap_util.h"
#include "ldap_val.h"
#include "ldap_attr.h"
#include "ldap_ldap.h"
#include "ldap_ruleval.h"
/*
* Free an array of 'count' rule-value elements.
*/
void
freeRuleValue(__nis_rule_value_t *rv, int count) {
int n, i, j;
if (rv == 0)
return;
for (n = 0; n < count; n++) {
if (rv[n].colName != 0) {
for (i = 0; i < rv[n].numColumns; i++) {
sfree(rv[n].colName[i]);
}
free(rv[n].colName);
}
if (rv[n].colVal != 0) {
for (i = 0; i < rv[n].numColumns; i++) {
for (j = 0; j < rv[n].colVal[i].numVals; j++) {
sfree(rv[n].colVal[i].val[j].value);
}
if (rv[n].colVal[i].numVals > 0)
sfree(rv[n].colVal[i].val);
}
free(rv[n].colVal);
}
if (rv[n].attrName != 0) {
for (i = 0; i < rv[n].numAttrs; i++) {
sfree(rv[n].attrName[i]);
}
free(rv[n].attrName);
}
if (rv[n].attrVal != 0) {
for (i = 0; i < rv[n].numAttrs; i++) {
for (j = 0; j < rv[n].attrVal[i].numVals;
j++) {
sfree(rv[n].attrVal[i].val[j].value);
}
if (rv[n].attrVal[i].numVals > 0)
sfree(rv[n].attrVal[i].val);
}
free(rv[n].attrVal);
}
}
sfree(rv);
}
/*
* Return an array of 'count' __nis_rule_value_t elements, initialized
* to be copies of 'rvIn' if supplied; empty otherwise.
*/
__nis_rule_value_t *
initRuleValue(int count, __nis_rule_value_t *rvIn) {
return (growRuleValue(0, count, 0, rvIn));
}
static const __nis_rule_value_t rvZero = {0};
/*
* Grow 'old' from 'oldCount' to 'newCount' elements, initialize the
* new portion to 'rvIn' (empty if not supplied), and return a pointer
* to the result. Following a call to this function, the caller must
* refer only to the returned array, not to 'old'.
*/
__nis_rule_value_t *
growRuleValue(int oldCount, int newCount, __nis_rule_value_t *old,
__nis_rule_value_t *rvIn) {
__nis_rule_value_t *rv;
int i, j;
char *myself = "growRuleValue";
if (newCount <= 0 || newCount <= oldCount)
return (old);
if (oldCount <= 0) {
oldCount = 0;
old = 0;
}
if (rvIn == 0)
rvIn = (__nis_rule_value_t *)&rvZero;
rv = realloc(old, newCount * sizeof (rv[0]));
if (rv == 0) {
logmsg(MSG_NOMEM, LOG_ERR,
"%s: realloc(%d ((%d+%d)*%d)) => 0",
myself, (oldCount+newCount) * sizeof (rv[0]),
oldCount, newCount, sizeof (rv[0]));
freeRuleValue(old, oldCount);
return (0);
}
(void) memset(&rv[oldCount], 0, (newCount-oldCount)*sizeof (rv[0]));
for (i = oldCount; i < newCount; i++) {
rv[i].numColumns = rvIn->numColumns;
if (rv[i].numColumns > 0) {
rv[i].colName = cloneName(rvIn->colName,
rv[i].numColumns);
rv[i].colVal = cloneValue(rvIn->colVal,
rv[i].numColumns);
}
if (rv[i].numColumns > 0 &&
(rv[i].colName == 0 || rv[i].colVal == 0)) {
freeRuleValue(rv, i);
return (0);
}
rv[i].numAttrs = rvIn->numAttrs;
rv[i].attrName = cloneName(rvIn->attrName, rv[i].numAttrs);
rv[i].attrVal = cloneValue(rvIn->attrVal, rv[i].numAttrs);
if (rv[i].numAttrs > 0 &&
(rv[i].attrName == 0 || rv[i].attrVal == 0)) {
freeRuleValue(rv, i);
return (0);
}
}
return (rv);
}
/*
* Merge the source rule-value 's' into the target rule-value 't'.
* If successful, unless 's' is a sub-set of 't', 't' will be changed
* on exit, and will contain the values from 's' as well.
*/
int
mergeRuleValue(__nis_rule_value_t *t, __nis_rule_value_t *s) {
int i, j;
if (s == 0)
return (0);
else if (t == 0)
return (-1);
for (i = 0; i < s->numColumns; i++) {
for (j = 0; j < s->colVal[i].numVals; j++) {
if (addCol2RuleValue(s->colVal[i].type, s->colName[i],
s->colVal[i].val[j].value,
s->colVal[i].val[j].length,
t))
return (-1);
}
}
for (i = 0; i < s->numAttrs; i++) {
for (j = 0; j < s->attrVal[i].numVals; j++) {
if (addAttr2RuleValue(s->attrVal[i].type,
s->attrName[i],
s->attrVal[i].val[j].value,
s->attrVal[i].val[j].length,
t))
return (-1);
}
}
return (0);
}
static int
addVal2RuleValue(char *msg, int caseSens, int snipNul, __nis_value_type_t type,
char *name, void *value, int valueLen,
int *numP, char ***inNameP, __nis_value_t **inValP) {
int i, j, copyLen = valueLen;
__nis_single_value_t *v;
char **inName = *inNameP;
__nis_value_t *inVal = *inValP;
int num = *numP;
int (*comp)(const char *s1, const char *s2);
char *myself = "addVal2RuleValue";
/* Internal function, so assume arguments OK */
if (msg == 0)
msg = myself;
/* Should we match the 'inName' value case sensitive or not ? */
if (caseSens)
comp = strcmp;
else
comp = strcasecmp;
/*
* String-valued NIS+ entries count the concluding NUL in the
* length, while LDAP entries don't. In order to support this,
* we implement the following for vt_string value types:
*
* If the last byte of the value isn't a NUL, add one to the
* allocated length, so that there always is a NUL after the
* value, making it safe to pass to strcmp() etc.
*
* If 'snipNul' is set (presumably meaning we're inserting a
* value derived from a NIS+ entry), and the last byte of the
* value already is a NUL, decrement the length to be copied by
* one. This (a) doesn't count the NUL in the value length, but
* (b) still leaves a NUL following the value.
*
* In N2L, for all cases we set 'copyLen' to the number of non-0
* characters in 'value'.
*/
if (type == vt_string && valueLen > 0) {
char *charval = value;
if (charval[valueLen-1] != '\0')
valueLen += 1;
else if (yp2ldap || snipNul)
copyLen -= 1;
} else if (valueLen == 0) {
/*
* If the 'value' pointer is non-NULL, we create a zero-
* length value with one byte allocated. This takes care
* of empty strings.
*/
valueLen += 1;
}
/* If we already have values for this attribute, add another one */
for (i = 0; i < num; i++) {
if ((*comp)(inName[i], name) == 0) {
/*
* Our caller often doesn't know the type of the
* value; this happens because the type (vt_string
* or vt_ber) is determined by the format in the
* rule sets, and we may be invoked as a preparation
* for evaluating the rules. Hence, we only use the
* supplied 'type' if we need to create a value.
* Otherwise, we accept mixed types.
*
* Strings are OK in any case, since we always make
* sure to have a zero byte at the end of any value,
* whatever the type.
*/
if (inVal[i].numVals < 0) {
/*
* Used to indicate deletion of attribute,
* so we honor that and don't add a value.
*/
return (0);
}
/*
* If 'value' is NULL, we should delete, so
* remove any existing values, and set the
* 'numVals' field to -1.
*/
if (value == 0) {
for (j = 0; j < inVal[i].numVals; j++) {
sfree(inVal[i].val[j].value);
}
sfree(inVal[i].val);
inVal[i].val = 0;
inVal[i].numVals = -1;
return (0);
}
/* Is the value a duplicate ? */
for (j = 0; j < inVal[i].numVals; j++) {
if (copyLen == inVal[i].val[j].length &&
memcmp(value, inVal[i].val[j].value,
copyLen) == 0) {
break;
}
}
if (j < inVal[i].numVals)
return (0);
/* Not a duplicate, so add the name/value pair */
v = realloc(inVal[i].val,
(inVal[i].numVals+1) *
sizeof (inVal[i].val[0]));
if (v == 0)
return (-1);
inVal[i].val = v;
v[inVal[i].numVals].length = copyLen;
v[inVal[i].numVals].value = am(msg, valueLen);
if (v[inVal[i].numVals].value == 0 &&
value != 0) {
sfree(v);
return (-1);
}
memcpy(v[inVal[i].numVals].value, value, copyLen);
inVal[i].numVals++;
return (0);
}
}
/* No previous value for this attribute */
/*
* value == 0 means deletion, in which case we create a
* __nis_value_t with the numVals field set to -1.
*/
if (value != 0) {
if ((v = am(msg, sizeof (*v))) == 0)
return (-1);
v->length = copyLen;
v->value = am(msg, valueLen);
if (v->value == 0 && value != 0) {
sfree(v);
return (-1);
}
memcpy(v->value, value, copyLen);
}
inVal = realloc(inVal, (num+1)*sizeof (inVal[0]));
if (inVal == 0) {
if (value != 0) {
sfree(v->value);
sfree(v);
}
return (-1);
}
*inValP = inVal;
inName = realloc(inName,
(num+1)*sizeof (inName[0]));
if (inName == 0 || (inName[num] =
sdup(msg, T, name)) == 0) {
sfree(v->value);
sfree(v);
return (-1);
}
*inNameP = inName;
inVal[num].type = type;
inVal[num].repeat = 0;
if (value != 0) {
inVal[num].numVals = 1;
inVal[num].val = v;
} else {
inVal[num].numVals = -1;
inVal[num].val = 0;
}
*numP += 1;
return (0);
}
int
addAttr2RuleValue(__nis_value_type_t type, char *name, void *value,
int valueLen, __nis_rule_value_t *rv) {
char *myself = "addAttr2RuleValue";
if (name == 0 || rv == 0)
return (-1);
return (addVal2RuleValue(myself, 0, 0, type, name, value, valueLen,
&rv->numAttrs, &rv->attrName, &rv->attrVal));
}
int
addSAttr2RuleValue(char *name, char *value, __nis_rule_value_t *rv) {
return (addAttr2RuleValue(vt_string, name, value, slen(value), rv));
}
int
addCol2RuleValue(__nis_value_type_t type, char *name, void *value,
int valueLen, __nis_rule_value_t *rv) {
char *myself = "addCol2RuleValue";
if (name == 0 || rv == 0)
return (-1);
return (addVal2RuleValue(myself, 1, 1, type, name, value, valueLen,
&rv->numColumns, &rv->colName, &rv->colVal));
}
int
addSCol2RuleValue(char *name, char *value, __nis_rule_value_t *rv) {
return (addCol2RuleValue(vt_string, name, value, slen(value), rv));
}
/*
* Given a table mapping, a NIS+ DB query, and (optionally) an existing
* and compatible __nis_rule_value_t, return a new __nis_rule_value_t
* with the values from the query added.
*/
__nis_rule_value_t *
buildNisPlusRuleValue(__nis_table_mapping_t *t, db_query *q,
__nis_rule_value_t *rv) {
int i;
__nis_single_value_t *sv;
char *myself = "buildNisPlusRuleValue";
if (t == 0 || q == 0)
return (0);
rv = initRuleValue(1, rv);
if (rv == 0)
return (0);
for (i = 0; i < q->components.components_len; i++) {
int ic;
int iv, v, dup;
int len;
/* Ignore out-of-range column index */
if (q->components.components_val[i].which_index >=
t->numColumns)
continue;
/*
* Add the query value. A NULL value indicates deletion,
* but addCol2RuleValue() takes care of that for us.
*/
if (addCol2RuleValue(vt_string,
t->column[q->components.components_val[i].
which_index],
q->components.components_val[i].index_value->
itemvalue.itemvalue_val,
q->components.components_val[i].index_value->
itemvalue.itemvalue_len, rv) != 0) {
freeRuleValue(rv, 1);
rv = 0;
break;
}
}
return (rv);
}
/*
* Given a LHS rule 'rl', return an array containing the item names,
* and the number of elements in the array in '*numItems'.
*
* If there are 'me_match' __nis_mapping_element_t's, we use the
* supplied '*rval' (if any) to derive values for the items in
* the 'me_match', and add the values thus derived to '*rval' (in
* which case the '*rval' pointer will change; the old '*rval'
* is deleted).
*/
__nis_mapping_item_t *
buildLvalue(__nis_mapping_rlhs_t *rl, __nis_value_t **rval, int *numItems) {
__nis_value_t *val, *r;
__nis_mapping_item_t *item = 0;
int i, n, ni = 0, nv = 0;
int repeat = 0;
if (rl == 0)
return (0);
if (rval != 0) {
r = *rval;
repeat = r->repeat;
} else
r = 0;
/* If there is more than one element, we concatenate the items */
for (i = 0; i < rl->numElements; i++) {
__nis_mapping_element_t *e = &rl->element[i];
__nis_mapping_item_t *olditem, *tmpitem = 0;
__nis_value_t **tmp;
switch (e->type) {
case me_item:
tmpitem = cloneItem(&e->element.item);
break;
case me_match:
/*
* Obtain values for the items in the 'me_match'
* element.
*/
tmp = matchMappingItem(e->element.match.fmt, r, &nv,
0, 0);
if (tmp != 0) {
freeValue(r, 1);
val = 0;
for (n = 0; n < nv; n++) {
r = concatenateValues(val, tmp[n]);
freeValue(val, 1);
freeValue(tmp[n], 1);
val = r;
if (val == 0) {
for (n++; n < nv; n++) {
freeValue(tmp[n], 1);
}
break;
}
}
free(tmp);
if (rval != 0) {
if (repeat && val != 0)
val->repeat = repeat;
*rval = val;
}
for (n = 0; n < e->element.match.numItems;
n++) {
olditem = item;
item = concatenateMappingItem(item, ni,
&e->element.match.item[n]);
freeMappingItem(olditem, ni);
if (item == 0) {
ni = 0;
break;
}
ni++;
}
}
break;
case me_print:
case me_split:
case me_extract:
default:
/* These shouldn't show up on the LHS; ignore */
break;
}
if (tmpitem != 0) {
olditem = item;
item = concatenateMappingItem(item, ni, tmpitem);
freeMappingItem(olditem, ni);
freeMappingItem(tmpitem, 1);
ni++;
if (item == 0) {
ni = 0;
break;
}
}
}
if (numItems != 0)
*numItems = ni;
return (item);
}
__nis_value_t *
buildRvalue(__nis_mapping_rlhs_t *rl, __nis_mapping_item_type_t native,
__nis_rule_value_t *rv, int *stat) {
__nis_value_t *val, *vold = 0, *vnew;
int i;
char *myself = "buildRvalue";
if (rl == 0 || rl->numElements <= 0) {
/*
* No RHS indicates deletion, as does a __nis_value_t
* with numVals == -1, so we return such a creature.
*/
val = am(myself, sizeof (*val));
if (val != 0) {
val->type = vt_string;
val->numVals = -1;
}
return (val);
}
/* If there is more than one element, we concatenate the values */
for (i = 0; i < rl->numElements; i++) {
vnew = getMappingElement(&rl->element[i], native, rv, stat);
val = concatenateValues(vold, vnew);
freeValue(vnew, 1);
freeValue(vold, 1);
vold = val;
}
return (val);
}
/*
* Derive values for the LDAP attributes specified by the rule 'r',
* and add them to the rule-value 'rv'.
*
* If 'doAssign' is set, out-of-context assignments are performed,
* otherwise not.
*/
__nis_rule_value_t *
addLdapRuleValue(__nis_table_mapping_t *t,
__nis_mapping_rule_t *r,
__nis_mapping_item_type_t lnative,
__nis_mapping_item_type_t rnative,
__nis_rule_value_t *rv,
int doAssign, int *stat) {
int i, j;
char **new;
__nis_value_t *rval, *lval;
__nis_buffer_t b = {0, 0};
__nis_mapping_item_t *litem;
int numItems;
char **dn = 0;
int numDN = 0;
char *myself = "addLdapRuleValue";
/* Do we have the required values ? */
if (rv == 0)
return (0);
/*
* Establish appropriate search base. For rnative == mit_nisplus,
* we're deriving LDAP attribute values from NIS+ columns; in other
* words, we're writing to LDAP, and should use the write.base value.
*/
__nisdb_get_tsd()->searchBase = (rnative == mit_nisplus) ?
t->objectDN->write.base : t->objectDN->read.base;
/* Set escapeFlag if LHS is "dn" to escape special chars */
if (yp2ldap && r->lhs.numElements == 1 &&
r->lhs.element->type == me_item &&
r->lhs.element->element.item.type == mit_ldap &&
strcasecmp(r->lhs.element->element.item.name, "dn") == 0) {
__nisdb_get_tsd()->escapeFlag = '1';
}
/* Build the RHS value */
rval = buildRvalue(&r->rhs, rnative, rv, stat);
/* Reset escapeFlag */
__nisdb_get_tsd()->escapeFlag = '\0';
if (rval == 0)
return (rv);
/*
* Special case: If we got no value for the RHS (presumably because
* we're missing one or more item values), we don't produce an lval.
* Note that this isn't the same thing as an empty value, which we
* faithfully try to transmit to LDAP.
*/
if (rval->numVals == 1 && rval->val[0].value == 0) {
freeValue(rval, 1);
return (rv);
}
/* Obtain the LHS item names */
litem = buildLvalue(&r->lhs, &rval, &numItems);
if (litem == 0) {
freeValue(rval, 1);
return (rv);
}
/* Get string representations of the LHS item names */
lval = 0;
for (i = 0; i < numItems; i++) {
__nis_value_t *tmpval, *old;
tmpval = getMappingItem(&litem[i], lnative, 0, 0, NULL);
/*
* If the LHS item is out-of-context, we do the
* assignment right here.
*/
if (doAssign && litem[i].type == mit_ldap &&
litem[i].searchSpec.triple.scope !=
LDAP_SCOPE_UNKNOWN &&
slen(litem[i].searchSpec.triple.base) > 0 &&
(slen(litem[i].searchSpec.triple.attrs) > 0 ||
litem[i].searchSpec.triple.element != 0)) {
int stat;
if (dn == 0)
dn = findDNs(myself, rv, 1,
t->objectDN->write.base,
&numDN);
stat = storeLDAP(&litem[i], i, numItems, rval,
t->objectDN, dn, numDN);
if (stat != LDAP_SUCCESS) {
char *iname = "<unknown>";
if (tmpval != 0 &&
tmpval->numVals == 1)
iname = tmpval->val[0].value;
logmsg(MSG_NOTIMECHECK, LOG_ERR,
"%s: LDAP store \"%s\": %s",
myself, iname,
ldap_err2string(stat));
}
freeValue(tmpval, 1);
continue;
}
old = lval;
lval = concatenateValues(old, tmpval);
freeValue(tmpval, 1);
freeValue(old, 1);
}
/* Don't need the LHS items themselves anymore */
freeMappingItem(litem, numItems);
/*
* If we don't have an 'lval' (probably because all litem[i]:s
* were out-of-context assignments), we're done.
*/
if (lval == 0 || lval->numVals <= 0) {
freeValue(lval, 1);
freeValue(rval, 1);
return (rv);
}
for (i = 0, j = 0; i < lval->numVals; i++) {
/* Special case: rval->numVals < 0 means deletion */
if (rval->numVals < 0) {
(void) addAttr2RuleValue(rval->type,
lval->val[i].value, 0, 0, rv);
continue;
}
/* If we're out of values, repeat the last one */
if (j >= rval->numVals)
j = (rval->numVals > 0) ? rval->numVals-1 : 0;
for (0; j < rval->numVals; j++) {
/*
* If this is the 'dn', and the value ends in a
* comma, append the appropriate search base.
*/
if (strcasecmp("dn", lval->val[i].value) == 0 &&
lastChar(&rval->val[j]) == ',' &&
t->objectDN->write.scope !=
LDAP_SCOPE_UNKNOWN) {
void *nval;
int nlen = -1;
nval = appendString2SingleVal(
t->objectDN->write.base, &rval->val[j],
&nlen);
if (nval != 0 && nlen >= 0) {
sfree(rval->val[j].value);
rval->val[j].value = nval;
rval->val[j].length = nlen;
}
}
(void) addAttr2RuleValue(rval->type,
lval->val[i].value, rval->val[j].value,
rval->val[j].length, rv);
/*
* If the lval is multi-valued, go on to the
* other values; otherwise, quit (but increment
* the 'rval' value index).
*/
if (!lval->repeat) {
j++;
break;
}
}
}
/* Clean up */
freeValue(lval, 1);
freeValue(rval, 1);
return (rv);
}
/*
* Remove the indicated attribute, and any values for it, from the
* rule-value.
*/
void
delAttrFromRuleValue(__nis_rule_value_t *rv, char *attrName) {
int i;
if (rv == 0 || attrName == 0)
return;
for (i = 0; i < rv->numAttrs; i++) {
if (strcasecmp(attrName, rv->attrName[i]) == 0) {
int j;
for (j = 0; j < rv->attrVal[i].numVals; j++)
sfree(rv->attrVal[i].val[j].value);
if (rv->attrVal[i].numVals > 0)
sfree(rv->attrVal[i].val);
sfree(rv->attrName[i]);
/* Move up the rest of the attribute names/values */
for (j = i+1; j < rv->numAttrs; j++) {
rv->attrName[j-1] = rv->attrName[j];
rv->attrVal[j-1] = rv->attrVal[j];
}
rv->numAttrs -= 1;
break;
}
}
}
/*
* Remove the indicated column, and any values for it, from the
* rule-value.
*/
void
delColFromRuleValue(__nis_rule_value_t *rv, char *colName) {
int i;
if (rv == 0 || colName == 0)
return;
for (i = 0; i < rv->numColumns; i++) {
if (strcmp(colName, rv->colName[i]) == 0) {
int j;
for (j = 0; j < rv->colVal[i].numVals; j++)
sfree(rv->colVal[i].val[j].value);
if (rv->colVal[i].numVals > 0)
sfree(rv->colVal[i].val);
sfree(rv->colName[i]);
/* Move up the rest of the column names/values */
for (j = i+1; j < rv->numColumns; j++) {
rv->colName[j-1] = rv->colName[j];
rv->colVal[j-1] = rv->colVal[j];
}
rv->numColumns -= 1;
break;
}
}
}
/*
* Add the write-mode object classes specified by 'objClassAttrs' to the
* rule-value 'rv'.
* If there's an error, 'rv' is deleted, and NULL returned.
*/
__nis_rule_value_t *
addObjectClasses(__nis_rule_value_t *rv, char *objClassAttrs) {
char *filter = 0, **fc = 0;
int i, nfc = 0;
/*
* Expect to only use this for existing rule-values, so rv == 0 is
* an error.
*/
if (rv == 0)
return (0);
/*
* If 'objClassAttrs' is NULL, we trivially have nothing to do.
* Assume the caller knows what it's doing, and return success.
*/
if (objClassAttrs == 0)
return (rv);
/*
* Make an AND-filter of the object classes, and split into
* components. (Yes, this is a bit round-about, but leverages
* existing functions.)
*/
filter = makeFilter(objClassAttrs);
if (filter == 0) {
freeRuleValue(rv, 1);
return (0);
}
fc = makeFilterComp(filter, &nfc);
if (fc == 0 || nfc <= 0) {
free(filter);
freeRuleValue(rv, 1);
return (0);
}
/* Add the objectClass attributes to the rule-value */
for (i = 0; i < nfc; i++) {
char *name, *value;
name = fc[i];
/* Skip if not of the "name=value" form */
if ((value = strchr(name, '=')) == 0)
continue;
*value = '\0';
value++;
/* Skip if the attribute name isn't "objectClass" */
if (strcasecmp("objectClass", name) != 0)
continue;
if (addSAttr2RuleValue(name, value, rv) != 0) {
free(filter);
freeFilterComp(fc, nfc);
freeRuleValue(rv, 1);
return (0);
}
}
free(filter);
freeFilterComp(fc, nfc);
return (rv);
}
static char *
valString(__nis_value_t *val) {
int i;
if (val == 0 || val->type != vt_string)
return (0);
for (i = 0; i < val->numVals; i++) {
/* Look for a non-NULL, non-zero length value */
if (val->val[i].value != 0 && val->val[i].length > 0) {
char *v = val->val[i].value;
/*
* Check that there's a NUL at the end. True,
* if there isn't, we may be looking beyond
* allocated memory. However, we would have done
* so in any case when the supposed string was
* traversed (printed, etc.), very possibly by
* a lot more than one byte. So, it's better to
* take a small risk here than a large one later.
*/
if (v[val->val[i].length-1] == '\0' ||
v[val->val[i].length] == '\0')
return (v);
}
}
return (0);
}
char *
findVal(char *name, __nis_rule_value_t *rv, __nis_mapping_item_type_t type) {
int i;
if (type == mit_nisplus) {
for (i = 0; i < rv->numColumns; i++) {
if (rv->colName[i] == 0)
continue;
if (strcmp(name, rv->colName[i]) == 0) {
return (valString(&rv->colVal[i]));
}
}
} else if (type == mit_ldap) {
for (i = 0; i < rv->numAttrs; i++) {
if (rv->attrName[i] == 0)
continue;
if (strcasecmp(name, rv->attrName[i]) == 0) {
return (valString(&rv->attrVal[i]));
}
}
}
return (0);
}
static char *norv = "<NIL>";
static char *unknown = "<unknown>";
/*
* Attempt to derive a string identifying the rule-value 'rv'. The
* returned string is a pointer, either into 'rv', or to static
* storage, and must not be freed.
*/
char *
rvId(__nis_rule_value_t *rv, __nis_mapping_item_type_t type) {
char *v;
if (rv == 0)
return (norv);
if (rv->numColumns > 0 && type == mit_nisplus) {
/*
* Look for a column called "cname" or "name".
* If that fails, try "key" or "alias".
*/
if ((v = findVal("cname", rv, type)) != 0)
return (v);
else if ((v = findVal("name", rv, type)) != 0)
return (v);
else if ((v = findVal("key", rv, type)) != 0)
return (v);
else if ((v = findVal("alias", rv, type)) != 0)
return (v);
} else if (rv->numAttrs > 0 && type == mit_ldap) {
/*
* Look for "dn", or "cn".
*/
if ((v = findVal("dn", rv, type)) != 0)
return (v);
else if ((v = findVal("cn", rv, type)) != 0)
return (v);
}
return (unknown);
}
/*
* Merge the rule-values with the same DN into one. Each rule-value
* in the returned array will have unique 'dn'. On entry, *numVals
* contains the number of rule-values in 'rv'. On exit, it contains
* the number of rule-values in the returned array or -1 on error.
*/
__nis_rule_value_t *
mergeRuleValueWithSameDN(__nis_rule_value_t *rv, int *numVals) {
__nis_rule_value_t *rvq = 0;
char *dn, *odn;
int count = 0;
int i, j;
if (numVals == 0)
return (0);
for (i = 0; i < *numVals; i++) {
if ((dn = findVal("dn", &rv[i], mit_ldap)) != 0) {
for (j = 0; j < count; j++) {
if ((odn = findVal("dn", &rvq[j],
mit_ldap)) != 0) {
/* case sensitive compare */
if (strcmp(dn, odn) != 0)
continue;
if (mergeRuleValue(&rvq[j],
&rv[i]) == -1) {
freeRuleValue(rvq, count);
*numVals = -1;
return (0);
}
break;
} else {
freeRuleValue(rvq, count);
*numVals = -1;
return (0);
}
}
/* if no match, then add it to the rulevalue array */
if (j == count) {
rvq = growRuleValue(count, count + 1, rvq,
&rv[i]);
if (rvq == 0) {
*numVals = -1;
return (0);
}
count++;
}
}
}
*numVals = count;
return (rvq);
}