ns_common.c revision 689c2bf45cbd08f8feb29c8c945a57f48267abd9
1N/A * The contents of this file are subject to the terms of the 1N/A * Common Development and Distribution License (the "License"). 1N/A * You may not use this file except in compliance with the License. 1N/A * See the License for the specific language governing permissions 1N/A * and limitations under the License. 1N/A * When distributing Covered Code, include this CDDL HEADER in each 1N/A * If applicable, add the following below this CDDL HEADER, with the 1N/A * fields enclosed by brackets "[]" replaced with your own identifying 1N/A * information: Portions Copyright [yyyy] [name of copyright owner] 1N/A * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 1N/A * Use is subject to license terms. 1N/A#
pragma ident "%Z%%M% %I% %E% SMI" 1N/A {
"shadow",
"ou=people,",
"passwd" },
1N/A {
"user_attr",
"ou=people,",
"passwd" },
1N/A {
"audit_user",
"ou=people,",
"passwd" },
1N/A {
"project",
"ou=projects,",
NULL },
1N/A {
"protocols",
"ou=protocols,",
NULL },
1N/A {
"networks",
"ou=networks,",
NULL },
1N/A {
"netmasks",
"ou=networks,",
"networks" },
1N/A {
"netgroup",
"ou=netgroup,",
NULL },
1N/A {
"aliases",
"ou=aliases,",
NULL },
1N/A {
"ipnodes",
"ou=Hosts,",
"hosts" },
1N/A {
"Services",
"ou=Services,",
NULL },
1N/A {
"bootparams",
"ou=ethers,",
"ethers" },
1N/A {
"auth_attr",
"ou=SolarisAuthAttr,",
NULL },
1N/A {
"prof_attr",
"ou=SolarisProfAttr,",
NULL },
1N/A {
"exec_attr",
"ou=SolarisProfAttr,",
"prof_attr" },
1N/A {
"profile",
"ou=profile,",
NULL },
1N/A {
"printers",
"ou=printers,",
NULL },
1N/A {
"tnrhdb",
"ou=ipTnet,",
"tnrhtp" },
1N/A * FUNCTION: s_api_printResult 1N/A * Given a ns_ldap_result structure print it. 1N/A (
void)
printf(
"--------------------------------------\n");
1N/A (
void)
printf(
"entry %d has attr_count = %d \n", i,
1N/A (
void)
printf(
"entry %d has attr_pair[%d] = %s \n", i, j,
1N/A "entry %d has attr_pair[%d]->attrvalue[%d] = %s \n",
1N/A (
void)
printf(
"\n--------------------------------------\n");
1N/A * FUNCTION: __s_api_getSearchScope 1N/A * Retrieve the search scope for ldap search from the config module. 1N/A * RETURN VALUES: NS_LDAP_SUCCESS, NS_LDAP_CONFIG 1N/A * OUTPUT: searchScope, errorp 1N/A * FUNCTION: __ns_ldap_dupAuth 1N/A * Duplicates an authentication structure. 1N/A * RETURN VALUES: copy of authp or NULL on error 1N/A * FUNCTION: __ns_ldap_freeCred 1N/A * Frees all the memory associated with a ns_cred_t structure. 1N/A * RETURN VALUES: NS_LDAP_INVALID_PARAM, NS_LDAP_SUCCESS, NS_LDAP_CONFIG 1N/A * FUNCTION: __s_api_getDNs 1N/A * Retrieves the default base dn for the given 1N/A * RETURN VALUES: NS_LDAP_SUCCESS, NS_LDAP_MEMORY, NS_LDAP_CONFIG 1N/A /* automount entries */ 1N/A /* strlen("nisMapName")+"="+","+'\0' = 13 */ 1N/A * FUNCTION: __s_api_get_search_DNs_v1 1N/A * Retrieves the list of search DNS from the V1 profile for the given 1N/A * RETURN VALUES: NS_LDAP_SUCCESS, NS_LDAP_MEMORY, NS_LDAP_CONFIG 1N/A * Parse a special formated list(val) into an array of char *. 1N/A * RETURN VALUE: A char * pointer to the new list of dns. 1N/A * INPUT: val, service 1N/A * This routine is only called 1N/A * to process V1 profile and 1N/A * for V1 profile, map service 1N/A * to the corresponding SSD_service 1N/A * which is associated with a 1N/A * real container in the LDAP directory 1N/A * tree, e.g., map "shadow" to 1N/A * "password". See function 1N/A * __s_api_get_SSD_from_SSDtoUse_service 1N/A * for similar service to SSD_service 1N/A * mapping handling for V2 profile. 1N/A * __s_api_get_local_interfaces 1N/A * Returns a pointer to an array of addresses and netmasks of all interfaces 1N/A * configured on the system. 1N/A * NOTE: This function is very IPv4 centric. 1N/A * __s_api_samenet(char *, struct ifinfo *) 1N/A * Returns 1 if address is on the same subnet of the array of addresses 1N/A * NOTE: This function is only valid for IPv4 addresses. 1N/A /* Remove port number. */ 1N/A /* Loop through interface list to find match. */ 1N/A * FUNCTION: __s_api_getServers 1N/A * Retrieve a list of ldap servers from the config module. 1N/A * RETURN VALUE: NS_LDAP_SUCCESS, NS_LDAP_CONFIG, NS_LDAP_MEMORY 1N/A * OUTPUT: servers, error 1N/A /* get profile version number */ 1N/A * For version 2, default server list could be 1N/A * Get server address(es) and go through them. 1N/A /* Sort servers based on network. */ 1N/A /* Get preferred server list and sort servers based on that. */ 1N/A * FUNCTION: sortServerNet 1N/A * Sort the serverlist based on the distance from client as long 1N/A * as the list only contains IPv4 addresses. Otherwise do nothing. 1N/A /* Count the number of servers to sort. */ 1N/A /* Make room for the returned list of servers. */ 1N/A /* Make a temporary list of servers. */ 1N/A /* Filter servers on the same subnet */ 1N/A /* Filter remaining servers. */ 1N/A * FUNCTION: sortServerPref 1N/A * Sort the serverlist based on the preferred server list. 1N/A * The sorting algorithm works as follows: 1N/A * If version 1, if flag is TRUE, find all the servers in both preflist 1N/A * and srvlist, then append other servers in srvlist to this list 1N/A * and return the list. 1N/A * If flag is FALSE, just return srvlist. 1N/A * srvlist can not be empty. 1N/A * If version 2, append all the servers in srvlist 1N/A * but not in preflist to preflist, and return the merged list. 1N/A * If srvlist is empty, just return preflist. 1N/A * If preflist is empty, just return srvlist. 1N/A /* Count the number of servers to sort. */ 1N/A /* Count the number of preferred servers */ 1N/A /* Make room for the returned list of servers */ 1N/A * if the preferred server list is empty, 1N/A * just return a copy of the server list 1N/A * if the server list is empty, 1N/A * just return a copy of the preferred server list 1N/A /* Make room for the servers whose memory needs to be freed */ 1N/A * throw out preferred servers not on server list. 1N/A * If version 2, make a copy of the preferred server list. 1N/A * if PREF_ONLY is false, we append the non-preferred servers 1N/A * to bottom of list. 1N/A * For version 2, always append. 1N/A /* free memory for duplicate servers */ 1N/A * FUNCTION: __s_api_removeBadServers 1N/A * Contacts the ldap cache manager for marking the 1N/A * problem servers as down, so that the server is 1N/A * not contacted until the TTL expires. 1N/A * Couldn't remove server from 1N/A * server list. Log a warning. 1N/A "not remove %s from servers list", *
host);
1N/A * FUNCTION: __s_api_free2dArray 1N/A * FUNCTION: __s_api_cp2dArray 1N/A * FUNCTION: __s_api_isCtrlSupported 1N/A * Determines if the passed control is supported by the LDAP sever. 1N/A * RETURNS: NS_LDAP_SUCCESS if yes, NS_LDAP_OP_FAIL if not. 1N/A * FUNCTION: __s_api_toFollowReferrals 1N/A * Determines if need to follow referral for an SLDAP API. 1N/A * RETURN VALUES: NS_LDAP_SUCCESS, NS_LDAP_INVALID_PARAM, or 1N/A * other rc from __ns_ldap_getParam() 1N/A * OUTPUT: toFollow, errorp 1N/A /* Either NS_LDAP_NOREF or NS_LDAP_FOLLOWREF not both */ 1N/A * if the NS_LDAP_NOREF or NS_LDAP_FOLLOWREF is set 1N/A * this will take precendence over the values specified 1N/A * in the configuration file 1N/A * FUNCTION: __s_api_addRefInfo 1N/A * Insert a referral info into a referral info list. 1N/A * RETURN VALUES: NS_LDAP_SUCCESS, NS_LDAP_MEMORY, NS_LDAP_OP_FAILED 1N/A * INPUT: LDAP URL, pointer to the referral info list, 1N/A * search baseDN, search scope, search filter, 1N/A * previous connection 1N/A * log error and return NS_LDAP_SUCCESS 1N/A * if one of the following: 1N/A * 2. LDAP URL which can not be parsed 1N/A " processing referrals URL"),
1N/A * we do have a valid URL and we were able to parse it 1N/A * however, we still need to find out what hostport to 1N/A * use if none were provided in the LDAP URL 1N/A * (e.g., ldap:///...) 1N/A " processing referrals URL"),
1N/A "host when processing " 1N/A * 1 for the last '\0'. 1N/A * 1 for host and prot separator ":" 1N/A * and "[" & "]" for possible ipV6 addressing 1N/A * serverAddr = host:port 1N/A * if host is an IPV6 address 1N/A /* serverAddr = host */ 1N/A /* insert the referral info */ 1N/A * FUNCTION: __s_api_deleteRefInfo 1N/A * Delete a referral info list. 1N/A * INPUT: pointer to the referral info list 1N/A * FUNCTION: __s_api_get_SSD_from_SSDtoUse_service 1N/A * Retrieves the Service Search Descriptors which should be used for 1N/A * the given service. For example, return all the "passwd" SSDs for 1N/A * service "shadow" if no SSD is defined for service "shadow" and 1N/A * no filter component is defined in all the "passwd" SSDs. This idea 1N/A * of sharing the SSDs defined for some other service is to reduce the 1N/A * configuration complexity. For a service, which does not have its own 1N/A * entries in the LDAP directory, SSD for it is useless, and should not 1N/A * be set. But since this service must share the container with at least 1N/A * one other service which does have it own entries, the SSD for 1N/A * this other service will be shared by this service. 1N/A * This other service is called the SSD-to-use service. 1N/A * The static data structure, ns_def_map[], in this file 1N/A * defines the SSD-to-use service for all the services supported. 1N/A * RETURN VALUES: NS_LDAP_SUCCESS, NS_LDAP_MEMORY, NS_LDAP_INVALID_PARAM 1N/A * OUTPUT: *SSDlist, *errorp if error 1N/A "__s_api_get_SSD_from_SSDtoUse_service START\n");
1N/A * First try to return the configured SSDs for the input server 1N/A * If service == auto_* and SSD is not found, 1N/A * then try automount to see if there is an SSD 1N/A * If SSDlist is found, 1N/A * prepend automountMapName to the basedn 1N/A * Find the SSDtoUse service. 1N/A * If none found, flag "found" remains FALSE. 1N/A * return the SSDs for SSD_service only if no optional filter 1N/A * component is defined in the SSDs 1N/A /* check to see if filter defined in SSD */ 1N/A "service '%s' contains filter, " 1N/A "which can not be used for " 1N/A * verify addr is an IPv4 address with the optional [:portno] 1N/A * RFC2373 & RFC2732 & RFC2396 1N/A * verify addr is an IPv6 address with the optional [IPv6]:portno 1N/A * RFC2373 & RFC2732 & RFC2396 1N/A /* only 1 ']' should be in an addr */ * verify addr is a valid hostname with the optional [:portno] * RFC2373 & RFC2732 & RFC2396 /* must start with alpha character */ * Prepend automountMapName=auto_xxx to the basedn * Prepend automountMapName=auto_xxx to the DN * "automountMapName=auto_xxx,dn" * If automountMapName is mapped to some other attribute, * then use the mapping in the setup. * If a version 1 profile is in use, use nisMapName for * backward compatibility (i.e. "nisMapName=auto_xxx,dn"). /* Find mapped attribute name of auto_xxx first */ * if mapped attribute name of auto_xxx is not found, * find the mapped attribute name of automount * if mapped attr is not found, use the default automountmapname * Copy it from the mapped attr list * Assume it's 1 to 1 mapping * 1 to n does not make sense * automountmapname is mapped to an empty string "Attribute automountMapName is " "mapped to an empty string.\n"));
/* automountMapName + "=" + service + "," + dn + '\0' */ /* free the original dn */ * Map the LDAP error code and error message from LDAP server * case 3 (Modify passwd): * the user is not allow to change * password; only admin can change it * the user account is locked due to * too many login failures. * case 5 (Modify passwd): * syntax error: the new password * has length less than defined * case 6 (Modify passwd): * trivial password: same valule as * that of attribute cn, sn, or uid ... * case 7 (Modify passwd): * re-use one of the old passwords * case 8 (Modify passwd): * password not allowed to be * changed yet; within minimum * Determine if the input OID list contains * one of the password control OIDs, which are: * LDAP_CONTROL_PWEXPIRED: 2.16.840.1.113730.3.4.4 * LDAP_CONTROL_PWEXPIRING: 2.16.840.1.113730.3.4.5. * If yes, return 1, if no, 0. * Determine if the input OID list contains LDAP V3 password less * account management control OID, which is: * NS_LDAP_ACCOUNT_USABLE_CONTROL:1.3.6.1.4.1.42.2.27.9.5.8 * If yes, return 1, if no, 0. * For some databases in name switch, the name and aliases are saved * as "cn". When the "cn" valuse are retrieved, there is no distinction * which is the name and which is(are) aliase(s). * This function is to parse RDN and find the value of the "cn" and * then find the matching value in "cn" attribute. * Also see RFC 2307 section 5.6. * attrptr: A attribute which value appears in RDN * This should be "cn" for the name switch for now. * case_ignore: 0 Case sensitive comparison on the attribute value * 1 Case insensitive comparison * The value of an attrbute which is used as canonical name * This is read only and the caller should not try to free it. * If it's a NULL, it could be either an RDN parsing error * or RDN value does not match any existing "cn" values. * dn: cn=xx+ipserviceprotocol=udp,...... * Although the name switch/ldap's rdn is in "cn=xx" or "cn=xx+..." * format, this function makes no such assumption. If the DN * is saved as "dn: yy=...+sn=my_canocical_name, ..", then it can still work. * The comments use "cn" as an example only. typedef int (*
cmpfunc)(
const char *,
const char *);
/* "values" is read-only */ /* Assume the rdn is normalized */ /* parse attribute name and value, get attribute name first */ * After parsing RDN and find the matching attribute in RDN, * match rdn value with values in "cn". /* RDN "cn" value matches the "cn" value */ * This function requests a server to be removed from * the cache manager maintained server list. This is * done via the door functionality. * Returns 0 if OK, else a negative value. /* try to remove the server via the door interface */ /* clean up the door call */