/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2012 Milan Jurik. All rights reserved.
*/
#include <stdio.h>
#include <stdlib.h>
#include <libintl.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include <lber.h>
#include <ldap.h>
#include <syslog.h>
#include <stddef.h>
#include "ns_sldap.h"
#include "ns_internal.h"
#include "ns_connmgmt.h"
#include "ns_cache_door.h"
/* Additional headers for addTypedEntry Conversion routines */
#include <pwd.h>
#include <project.h>
#include <shadow.h>
#include <grp.h>
#include <netdb.h>
#include <auth_attr.h>
#include <exec_attr.h>
#include <prof_attr.h>
#include <user_attr.h>
static int send_to_cachemgr(const char *,
ns_ldap_attr_t **, ns_ldap_error_t **);
static int escape_str(char *, char *);
/*
* If the rdn is a mapped attr:
* return NS_LDAP_SUCCESS and a new_dn.
* If no mapped attr is found in the rdn:
* return NS_LDAP_SUCCESS and *new_dn == NULL
* For example:
* service = abc
* dn = cn=foo,dc=bar,dc=com
* attributeMapping: abc:cn=sn
* Then:
* new_dn = sn=foo,dc=bar,dc=com
*
*/
static int
{
char **mappedattr;
char *rservice;
int dn_len = 0;
/*
* separate dn into individual componets
* e.g.
* "automountKey=user_01" , "automountMapName_test=auto_home", ...
*/
return (NS_LDAP_INVALID_PARAM);
if (!cur) {
return (NS_LDAP_INVALID_PARAM);
}
*cur = '\0';
/* we only check schema mapping for automount, not for auto_* */
sizeof (NS_LDAP_TYPE_AUTOMOUNT) - 1) == 0)
rservice = "automount";
else
if (!mappedattr || !mappedattr[0]) {
if (mappedattr)
return (NS_LDAP_SUCCESS);
}
/*
* The new length is *dn length + (difference between
* orig attr and mapped attr) + 1 ;
* e.g.
* automountKey=aa,automountMapName=auto_home,dc=foo,dc=com
* ==>
* cn=aa,automountMapName=auto_home,dc=foo,dc=com
*/
return (NS_LDAP_MEMORY);
}
return (NS_LDAP_SUCCESS);
}
/*
* The following function is only used by the
* "gecos" 1 to N attribute mapping code. It expects
*/
static int
int mop,
char *mtype,
char *mvptr,
int mvlen)
{
/* dup attribute name */
return (-1);
/*
* assume single value,
*/
return (-1);
}
return (-1);
}
/* set pointer to data */
/* set length */
/*
* turn on the BVALUE bit to indicate
* that the length of data is supplied
*/
return (0);
}
static void
{
int i, j;
int name_is_oc;
return;
for (i = 0; mods[i]; i++) {
/* free attribute name */
name_is_oc = FALSE;
name_is_oc = TRUE;
}
continue;
/*
* LDAP_MOD_BVALUES is only set by
* the "gecos" 1 to N attribute mapping
* code, and the attribute is single valued.
*/
if (mods[i]->mod_bvalues[0])
} else {
if (name_is_oc) {
/*
* only values for the "objectclass"
* were dupped using strdup.
* other attribute values were
* not dupped, but via pointer
* assignment. So here the
* values for "objectclass"
* is freed one by one,
* but the values for other
* attributes need not be freed.
*/
for (j = 0; mods[i]->mod_values[j]; j++)
}
}
}
/* modlist */
}
static LDAPMod **
const char *service,
const ns_ldap_attr_t * const *attr,
const int mod_op,
const int count,
const int flags)
{
char **modval;
char **mapping;
int i;
int j;
/*
* add 2 for "gecos" 1 to up to 3 attribute mapping
*/
return (NULL);
}
/*
* add 2 for "gecos" 1 to up to 3 attribute mapping
*/
return (NULL);
}
sizeof (NS_LDAP_TYPE_AUTOMOUNT) - 1) == 0)
auto_service = TRUE;
/*
* see if schema mapping existed for the given service
*/
if (mapping) {
}
/*
* Perform attribute mapping if necessary.
*/
} else
(flags & NS_LDAP_NOMAP) == 0) {
/*
* if service == auto_xxx and
* no mapped attribute is found
* and NS_LDAP_NOMAP is not set
* then try automount's mapped attribute
*/
}
goto free_memory;
} else {
/*
* 1 to N attribute mapping is only done for "gecos",
* and only 1 to 3 mapping.
* nine cases here:
*
* A. attrMap=passwd:gecos=a
* 1. gecos="xx,yy,zz" -> a="xx,yy,zz"
* 2. gecos="xx,yy" -> a="xx,yy"
* 3. gecos="xx" -> a="xx"
*
* B. attrMap=passwd:gecos=a b
* 4. gecos="xx,yy,zz" -> a="xx" b="yy,zz"
* 5. gecos="xx,yy" -> a="xx" b="yy"
* 6. gecos="xx" -> a="xx"
*
* C. attrMap=passwd:gecos=a b c
* 7. gecos="xx,yy,zz" -> a="xx" b="yy" c="zz"
* 8. gecos="xx,yy" -> a="xx" b="yy"
* 9. gecos="xx" -> a="xx"
*
* This can be grouped as:
*
* c1 cases: 1,2,3,6,9
* if ((attrMap=passwd:gecos=a) ||
* (no "," in gecos value))
* same as other no-mapping attributes,
* no special processing needed
* else
*
* c2 cases: 4,5,8
* if ((attrMap=passwd:gecos=a b) ||
* (only one "," in gecos value))
* a=xx b=yy[,...]
* else
*
* c3 case: 7
* a=xx b=yy c=...
*
* notes: in case c2 and c3, ... could still contain ","
*/
/* is there a second comma? */
/*
* Process case c2 or c3.
* case c2: mapped to two attributes or just
* one comma
*/
/* case c2 */
/*
* int mod structure for the first attribute
*/
if (vlen > 0 && c) {
if (rc != 0)
goto free_memory;
} else {
/* don't leave a hole in mods array */
i--;
}
/*
* init mod structure for the 2nd attribute
*/
continue;
}
i++;
/*
* get pointer to data.
* Skip leading spaces.
*/
/* empty */
}
/* get data length */
if (vlen > 0 && c) {
if (rc != 0)
goto free_memory;
} else {
/* don't leave a hole in mods array */
i--;
}
/* done with the mapping array */
continue;
} else {
/* case c3 */
/*
* int mod structure for the first attribute
*/
if (vlen > 0 && c) {
if (rc != 0)
goto free_memory;
} else {
/* don't leave a hole in mods array */
i--;
}
/*
* init mod structure for the 2nd attribute
*/
i++;
/*
* get pointer to data.
* Skip leading spaces.
*/
/* empty */
};
/* get data length */
if (vlen > 0 && c) {
if (rc != 0)
goto free_memory;
} else {
/* don't leave a hole in mods array */
i--;
}
/*
* init mod structure for the 3rd attribute
*/
continue;
}
i++;
/*
* get pointer to data.
* Skip leading spaces.
*/
/* empty */
}
/* get data length */
if (vlen > 0 && c) {
if (rc != 0)
goto free_memory;
} else {
/* don't leave a hole in mods array */
i--;
}
/* done with the mapping array */
continue;
}
}
/* case c1 */
goto free_memory;
}
}
sizeof (char *));
goto free_memory;
/*
* Perform objectclass mapping.
* Note that the values for the "objectclass" attribute
* will be dupped using strdup. Values for other
* attributes will be referenced via pointer
* assignments.
*/
for (j = 0; j < attr[k]->value_count; j++) {
if (schema_mapping_existed &&
(flags & NS_LDAP_NOMAP) == 0)
mapping =
else
(flags & NS_LDAP_NOMAP) == 0)
/*
* if service == auto_xxx and
* no mapped objectclass is found
* then try automount
*/
mapping =
/* assume single mapping */
} else {
attrvalue[j]);
}
goto free_memory;
}
} else {
for (j = 0; j < attr[k]->value_count; j++) {
/* ASSIGN NOT COPY */
}
}
}
return (mods);
if (mapping)
return (NULL);
}
static LDAPMod **
const char *service,
const ns_ldap_attr_t * const *attr,
const int mod_op,
const int flags)
{
int count = 0;
return (NULL);
/* count number of attributes */
while (*aptr++)
count++;
}
static void
{
}
}
}
/*
* operations to configured LDAP servers.
*/
static int
int ldap_op,
char *dn,
const int flags,
{
int len;
int msgid;
int Errno;
/* referrals returned by the LDAP operation */
/*
* list of referrals used by the state machine, built from
* the referrals variable above
*/
/* current referral */
int do_not_fail_if_new_pwd_reqd = 0;
int passwd_mgmt = 0;
int i = 0;
int ldap_error;
int nopasswd_acct_mgmt = 0;
while (always) {
switch (state) {
case W_EXIT:
/* return the MT connection and free the conn user */
}
}
}
if (connectionId > -1)
if (ref_list)
if (target_dn && target_dn_allocated)
return (return_rc);
case W_INIT:
/* see if need to follow referrals */
if (rc != NS_LDAP_SUCCESS) {
break;
}
errorp);
else
if (rc != NS_LDAP_SUCCESS) {
}
else
break;
case GET_CONNECTION:
/* identify self as a write user */
/*
* If password control attached
* in *errorp,
* e.g. rc == NS_LDAP_SUCCESS_WITH_INFO,
* free the error structure (we do not need
* the password management info).
* Reset rc to NS_LDAP_SUCCESS.
*/
if (rc == NS_LDAP_SUCCESS_WITH_INFO) {
(void) __ns_ldap_freeError(errorp);
}
if (rc != NS_LDAP_SUCCESS) {
break;
}
if (followRef)
else
break;
case SELECT_OPERATION_SYNC:
if (ldap_op == LDAP_REQ_ADD)
else if (ldap_op == LDAP_REQ_DELETE)
else if (ldap_op == LDAP_REQ_MODIFY)
break;
case SELECT_OPERATION_ASYNC:
if (ldap_op == LDAP_REQ_ADD)
else if (ldap_op == LDAP_REQ_DELETE)
else if (ldap_op == LDAP_REQ_MODIFY)
break;
case DO_ADD_SYNC:
break;
case DO_DELETE_SYNC:
break;
case DO_MODIFY_SYNC:
break;
case DO_ADD_ASYNC:
break;
case DO_DELETE_ASYNC:
break;
case DO_MODIFY_ASYNC:
break;
case GET_RESULT_SYNC:
if (rc != LDAP_SUCCESS) {
/*
* No need to deal with the error message if
* it's an empty string.
*/
/*
* ldap_get_lderrno does not expect
* errmsg to be freed after use, while
* ldap_parse_result below does, so set
* a flag to indicate source.
*/
}
} else {
}
break;
case GET_RESULT_ASYNC:
/* if no server response, set Errno */
if (rc == -1) {
break;
}
rc == LDAP_RES_DELETE) {
break;
} else {
}
break;
case PARSE_RESULT:
/*
* need Errno, referrals, error msg,
* and the last "1" is to free
* the result (res)
*/
/*
* free errmsg if it is an empty string
*/
}
/*
* If we received referral data, process
* it if:
* - we are configured to follow referrals
* - and not already in referral mode (to keep
* consistency with search_state_machine()
* which follows 1 level of referrals only;
* see proc_result_referrals() and
* proc_search_references().
*/
/* add to referral list */
if (rc != NS_LDAP_SUCCESS) {
break;
}
}
if (rc != NS_LDAP_MEMORY)
} else {
}
if (errmsg) {
}
break;
}
if (Errno != LDAP_SUCCESS) {
} else {
}
break;
case GET_REFERRAL_CONNECTION:
/*
* since we are starting over,
* discard the old error info
*/
if (*errorp)
(void) __ns_ldap_freeError(errorp);
if (connectionId > -1)
/* set it up to use a referral connection */
/*
* If an MT connection is being used,
* return it to the pool.
*/
}
/*
* If password control attached
* in errorp,
* e.g. rc == NS_LDAP_SUCCESS_WITH_INFO,
* free the error structure (we do not need
* the password management info).
* Reset rc to NS_LDAP_SUCCESS.
*/
if (rc == NS_LDAP_SUCCESS_WITH_INFO) {
(void) __ns_ldap_freeError(errorp);
}
if (rc != NS_LDAP_SUCCESS) {
/*
* If current referral is not
* available for some reason,
* try next referral in the list.
* Get LDAP error code from errorp.
*/
if (ldap_error == LDAP_BUSY ||
ldap_error == LDAP_UNAVAILABLE ||
ldap_error ==
ldap_error == LDAP_CONNECT_ERROR ||
ldap_error == LDAP_SERVER_DOWN) {
if (current_ref == NULL) {
/* no more referral to follow */
} else
/*
* free errorp before going to
* next referral
*/
(void) __ns_ldap_freeError(
errorp);
break;
}
/*
* free errorp before going to W_ERROR
*/
(void) __ns_ldap_freeError(errorp);
}
/* else, exit */
break;
}
/* target DN may changed due to referrals */
if (current_ref->refDN) {
if (target_dn && target_dn_allocated) {
}
}
break;
case W_LDAP_ERROR:
/*
* map error code and error message
* to password status if necessary.
* This is to see if password updates
* failed due to password policy or
* password syntax checking.
*/
if (errmsg) {
/*
* check if server supports
* password management
*/
if (passwd_mgmt)
/*
* free only if not returned by ldap_get_lderrno
*/
if (!from_get_lderrno)
}
if (pwd_status != NS_PASSWD_GOOD) {
pwd_status, 0, NULL);
} else {
}
(Errno == LDAP_SERVER_DOWN ||
Errno == LDAP_CONNECT_ERROR)) {
}
break;
case W_ERROR:
default:
gettext("Internal write State machine exit"
" (state = %d, rc = %d)."),
break;
}
}
}
/*
* should never be here, the next line is to eliminating
* lint message
*/
return (NS_LDAP_INTERNAL);
}
/*ARGSUSED*/
int
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const int flags,
{
int rc = 0;
#ifdef DEBUG
#endif
/* Sanity check */
return (NS_LDAP_INVALID_PARAM);
return (NS_LDAP_MEMORY);
}
return (rc);
}
/*ARGSUSED*/
int
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const int flags,
{
int rc = 0;
#ifdef DEBUG
#endif
/* Sanity check */
return (NS_LDAP_INVALID_PARAM);
return (NS_LDAP_MEMORY);
}
return (rc);
}
/* Retrieve the admin bind password from the configuration, if allowed. */
static int
{
/*
* admin bind password
*/
return (NS_LDAP_SUCCESS);
/*
* Retrieve admin bind password.
* The admin bind password is available
* only in the ldap_cachemgr process as
* they are not exposed outside of that
* process.
*/
return (ldaprc);
rc = NS_LDAP_CONFIG;
gettext("Admin bind password not configured"));
rc = NS_LDAP_MEMORY;
return (rc);
}
(void) __ns_ldap_freeParam(¶mVal);
if (modparamVal != NULL)
rc = NS_LDAP_CONFIG;
gettext("bind password not valid"));
rc = NS_LDAP_MEMORY;
return (rc);
}
return (NS_LDAP_SUCCESS);
}
{
if (errorp)
(void) __ns_ldap_freeError(&errorp);
return (B_FALSE);
}
(*enable_shadow[0] == NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE)) {
(void) __ns_ldap_freeParam((void ***)&enable_shadow);
return (B_TRUE);
}
if (enable_shadow != NULL)
(void) __ns_ldap_freeParam((void ***)&enable_shadow);
return (B_FALSE);
}
/*
* __ns_ldap_repAttr modifies ldap attributes of the 'dn' entry stored
* on the LDAP server. 'service' indicates the type of database entries
* to modify. When the Native LDAP client is configured with 'shadow update
* enabled', Shadowshadow(4) entries can only be modified by privileged users.
* Such users use the NS_LDAP_UPDATE_SHADOW flag to indicate the call is
* for such a shadow(4) update, which would be forwarded to ldap_cachemgr
* for performing the LDAP modify operation. ldap_cachemgr would call
* this function again and use the special service NS_ADMIN_SHADOW_UPDATE
* to identify itself, so that admin credential would be obtained and
* the actual LDAP modify operation be done.
*/
/*ARGSUSED*/
int
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const int flags,
{
int rc = 0;
#ifdef DEBUG
#endif
/* Sanity check */
return (NS_LDAP_INVALID_PARAM);
/* Privileged shadow modify? */
if ((flags & NS_LDAP_UPDATE_SHADOW) != 0 &&
/* Shadow update enabled ? If not, error out */
if (!shadow_update_enabled) {
gettext("Shadow Update is not enabled"));
return (NS_LDAP_CONFIG);
}
/* privileged shadow modify requires euid 0 or all zone privs */
if (!priv) {
}
if (!priv)
return (NS_LDAP_OP_FAILED);
return (rc);
}
return (NS_LDAP_INVALID_PARAM);
/*
* If service is NS_ADMIN_SHADOW_UPDATE, the caller should be
* ldap_cachemgr. We need to get the admin cred to do work.
* If the caller is not ldap_cachemgr, but use the service
* NS_ADMIN_SHADOW_UPDATE, get_admin_passwd() will fail,
* as the admin cred is not available to the caller.
*/
return (rc);
}
return (NS_LDAP_MEMORY);
return (rc);
}
/*ARGSUSED*/
int
const char *service,
const char *dn,
const ns_ldap_entry_t *entry,
const int flags,
{
int nAttr = 0;
int rc = 0;
#ifdef DEBUG
#endif
return (NS_LDAP_INVALID_PARAM);
/* Construct array of LDAPMod representing attributes of new entry. */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (new_dn)
return (rc);
}
/*ARGSUSED*/
int
const char *service,
const char *dn,
const int flags,
{
int rc;
#ifdef DEBUG
#endif
return (NS_LDAP_INVALID_PARAM);
return (rc);
}
/*
* Add Typed Entry Helper routines
*/
/*
* Add Typed Entry Conversion routines
*/
static int
{
ns_ldap_attr_t *a;
char *v;
if (a == NULL)
return (NS_LDAP_MEMORY);
return (NS_LDAP_MEMORY);
return (NS_LDAP_MEMORY);
a->value_count = 1;
if (v == NULL)
return (NS_LDAP_MEMORY);
a->attrvalue[0] = v;
e->attr_pair[e->attr_count] = a;
e->attr_count++;
return (NS_LDAP_SUCCESS);
}
static int
{
ns_ldap_attr_t *a;
char *v;
char **av;
int i, j;
if (a == NULL)
return (NS_LDAP_MEMORY);
return (NS_LDAP_MEMORY);
;
return (NS_LDAP_MEMORY);
a->value_count = i;
for (j = 0; j < i; j++) {
if (v == NULL)
return (NS_LDAP_MEMORY);
a->attrvalue[j] = v;
}
e->attr_pair[e->attr_count] = a;
e->attr_count++;
return (NS_LDAP_SUCCESS);
}
static ns_ldap_entry_t *
{
ns_ldap_entry_t *e;
if (e == NULL)
return (NULL);
/* allocate attributes, +1 for objectclass, +1 for NULL terminator */
e->attr_pair = (ns_ldap_attr_t **)
free(e);
return (NULL);
}
e->attr_count = 0;
free(e);
return (NULL);
}
return (e);
}
/*
* Conversion: passwd
* Input format: struct passwd
* Exported objectclass: posixAccount
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"posixAccount",
"shadowAccount",
"account",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* escape_str function escapes special characters in str and
* copies to escstr string.
*
* return 0 for successful
* 1 for fail
*/
{
int index = 0;
*escstr++ = '\\';
index += 2;
} else {
index++;
}
}
if (*str == '\0') {
*escstr = '\0';
return (0);
} else {
return (1);
}
}
/*
* Conversion: project
* Input format: struct project
* Exported objectclass: SolarisProject
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"SolarisProject",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
/* Project name */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
/*
* Project ID:
* ibuf is 11 chars big, which should be enough for string
* representation of 32bit number + nul-car
*/
return (NS_LDAP_INVALID_PARAM);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
/* Comment/Description */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
/* Attributes */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
/* Users */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
/* Groups */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: shadow
* Input format: struct shadow
* Exported objectclass: shadowAccount
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"posixAccount",
"shadowAccount",
"account",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_INVALID_PARAM);
} else {
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: group
* Input format: struct group
* Exported objectclass: posixGroup
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j, k;
static char *oclist[] = {
"posixGroup",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++) {
for (k = 0; k < j; k++)
return (NS_LDAP_MEMORY);
}
}
for (j = 0; j < i; j++) {
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: hosts
* Input format: struct hostent
* Exported objectclass: ipHost
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j, k;
static char *oclist[] = {
"ipHost",
"device",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
/*
* If there is a description, 'i' will contain
* the index of the description in the aliases list
*/
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
} else {
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++) {
for (k = 0; k < j; k++)
return (NS_LDAP_MEMORY);
}
}
for (j = 0; j < i; j++) {
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
} else {
return (NS_LDAP_INVALID_PARAM);
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: rpc
* Input format: struct rpcent
* Exported objectclass: oncRpc
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j;
char **nm;
static char *oclist[] = {
"oncRpc",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
} else {
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: protocols
* Input format: struct protoent
* Exported objectclass: ipProtocol
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j;
char **nm;
static char *oclist[] = {
"ipProtocol",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
} else {
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: services
* Input format: struct servent
* Exported objectclass: ipService
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j;
char **nm;
static char *oclist[] = {
"ipService",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/*
* Escape special characters in service name.
*/
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
} else {
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: networks
* Input format: struct netent
* Exported objectclass: ipNetwork
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j;
char **nm;
static char *oclist[] = {
"ipNetwork",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
} else {
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: netmasks
* Input format: struct _ns_netmasks
* Exported objectclass: ipNetwork
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"ipNetwork",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: netgroups
* Input format: struct _ns_netgroups
* Exported objectclass: nisNetgroup
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j;
char **nm;
static char *oclist[] = {
"nisNetgroup",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
/* Error check the data and add the attributes */
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: bootparams
* Input format: struct _ns_bootp
* Exported objectclass: bootableDevice, device
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j;
char **nm;
static char *oclist[] = {
"bootableDevice",
"device",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
/* Error check the data and add the attributes */
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: ethers
* Input format: struct _ns_ethers
* Exported objectclass: ieee802Device, device
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"ieee802Device",
"device",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_SUCCESS);
}
/*
* This function is used when processing an ethers (objectclass: ieee802Device)
* or a bootparams (objectclass: bootableDevice) entry, and the entry is
* already found in LDAP. Since both ethers and bootparams share the same
* LDAP container, we want to check that the entry found in LDAP is:
* - either the same entry (same cn, same objectclass): we don't do anything
* in this case
* - or an entry which does not have the objectclass we are interesting in:
* in this case, we modify the existing entry by adding the relevant
* objectclass (ieee802Device or bootableDevice) and the relevant attribute(s)
* from the attribute list previously computing by the relevant conversion
* function.
* Note: from conversion functions __s_cvt_ethers() and __s_cvt_bootparams()
* we know that there is only 1 more attribute today to add (macAddress
* or bootParameter)
*/
static int
const char *service,
const char *rdn,
const char *fulldn,
const ns_ldap_attr_t * const *attrlist,
const int flags,
{
int rc = 0;
int i;
return (NS_LDAP_OP_FAILED);
new_attrlist[0] = &new_attrlist0;
"(&(objectClass=ieee802Device)(%s))", rdn);
} else {
"(&(objectClass=bootableDevice)(%s))", rdn);
}
switch (rc) {
case NS_LDAP_SUCCESS:
/*
* entry already exists for this service
* return NS_LDAP_INTERNAL and do not modify the incoming errorp
*/
break;
case NS_LDAP_NOTFOUND:
/*
* entry not found with the given objectclasss but entry exists
* hence add the relevant attribute (macAddress or bootparams).
*/
i = 1;
while (*aptr && (i < _MAX_ATTR_ETHBOOTP)) {
/* aptr2 needed here to avoid lint warning */
"objectclass") != 0)) {
}
}
if (i != _MAX_ATTR_ETHBOOTP) {
/* we haven't found all expected attributes */
break;
}
/* clean errorp first */
(void) __ns_ldap_freeError(errorp);
errorp);
break;
default:
/*
* unexpected error happenned
* returning relevant error
*/
(void) __ns_ldap_freeError(errorp);
*errorp = new_errorp;
break;
}
return (rc);
}
/*
* Conversion: publickey
* Input format: struct _ns_pubkey
* Exported objectclass: NisKeyObject
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"NisKeyObject",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
else
return (NS_LDAP_MEMORY);
}
/* Error check the data and add the attributes */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: aliases
* Input format: struct _ns_alias
* Exported objectclass: mailGroup
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int i, j;
char **nm;
static char *oclist[] = {
"mailGroup",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
/* Error check the data and add the attributes */
;
return (NS_LDAP_MEMORY);
}
for (j = 0; j < i; j++)
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: automount
* Input format: struct _ns_automount
* Exported objectclass: automount
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
int version1 = 0;
static char *oclist[] = {
NULL,
"top",
};
return (NS_LDAP_OP_FAILED);
/* determine profile version number */
version1 = 1;
if (paramVal)
(void) __ns_ldap_freeParam(¶mVal);
(void) __ns_ldap_freeError(errorp);
/* use old schema for version 1 profiles */
if (version1)
oclist[0] = "nisObject";
else
oclist[0] = "automount";
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
/*
* even for version 2, if automount is mapped to nisObject we
* still need 'nisMapName' attribute
*/
if (mappedschema && mappedschema[0] &&
version1 = 1;
if (mappedschema)
if (version1) {
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: auth_attr
* Input format: authstr_t
* Exported objectclass: SolarisAuthAttr
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"SolarisAuthAttr",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: exec_attr
* Input format: execstr_t
* Exported objectclass: SolarisExecAttr
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"SolarisExecAttr",
"SolarisProfAttr",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/*
* Escape special characters in ProfileID.
*/
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
"+SolarisProfileType=%s+SolarisProfileId=%s",
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: prof_attr
* Input format: profstr_t
* Exported objectclass: SolarisProfAttr
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"SolarisProfAttr",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: user_attr
* Input format: userstr_t
* Exported objectclass: SolarisUserAttr
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"SolarisUserAttr",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/*
* SolarisUserAttr has no uid attribute
*/
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: audit_user
* Input format: au_user_str_t
* Exported objectclass: SolarisAuditUser
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"SolarisAuditUser",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
/*
* Solaris AuditUser has no uid attribute
*/
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: tnrhtp
* Input format: tsol_tpstr_t
* Exported objectclass: ipTnetTemplate
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"ipTnetTemplate",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/*
* Escape special characters in Template name.
*/
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_SUCCESS);
}
/*
* Conversion: tnrhdb
* Input format: tsol_rhstr_t
* Exported objectclass: ipTnetHost
*/
static int
{
ns_ldap_entry_t *e;
int rc;
/* routine specific */
static char *oclist[] = {
"ipTnetHost",
"ipTnetTemplate",
"top",
};
return (NS_LDAP_OP_FAILED);
if (e == NULL)
return (NS_LDAP_MEMORY);
/* Convert the structure */
return (NS_LDAP_INVALID_PARAM);
}
/* Create an appropriate rdn */
return (NS_LDAP_MEMORY);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_SUCCESS);
}
/*
* Add Typed Entry Conversion data structures
*/
typedef struct __ns_cvt_type {
const char *service;
int flags;
char **rdn,
{ NS_LDAP_TYPE_PASSWD, 0, __s_cvt_passwd },
{ NS_LDAP_TYPE_GROUP, 0, __s_cvt_group },
{ NS_LDAP_TYPE_HOSTS, 0, __s_cvt_hosts },
{ NS_LDAP_TYPE_IPNODES, 0, __s_cvt_hosts },
{ NS_LDAP_TYPE_RPC, 0, __s_cvt_rpc },
{ NS_LDAP_TYPE_PROTOCOLS, 0, __s_cvt_protocols },
{ NS_LDAP_TYPE_NETWORKS, 0, __s_cvt_networks },
{ NS_LDAP_TYPE_NETGROUP, 0, __s_cvt_netgroups },
{ NS_LDAP_TYPE_ALIASES, 0, __s_cvt_aliases },
{ NS_LDAP_TYPE_SERVICES, 0, __s_cvt_services },
{ NS_LDAP_TYPE_ETHERS, 0, __s_cvt_ethers },
{ NS_LDAP_TYPE_SHADOW, 0, __s_cvt_shadow },
{ NS_LDAP_TYPE_NETMASKS, 0, __s_cvt_netmasks },
{ NS_LDAP_TYPE_AUTHATTR, 0, __s_cvt_authattr },
{ NS_LDAP_TYPE_EXECATTR, 0, __s_cvt_execattr },
{ NS_LDAP_TYPE_PROFILE, 0, __s_cvt_profattr },
{ NS_LDAP_TYPE_AUTOMOUNT, 0, __s_cvt_auto_mount },
{ NS_LDAP_TYPE_TNRHTP, 0, __s_cvt_tnrhtp },
{ NS_LDAP_TYPE_TNRHDB, 0, __s_cvt_tnrhdb },
{ NS_LDAP_TYPE_PROJECT, 0, __s_cvt_project },
};
/*
* Add Typed Entry Routine
*/
/*ARGSUSED*/
const char *servicetype,
const char *basedn,
const void *data,
const int create,
const int flags,
{
int rc = 0;
int automount = 0;
int i, s;
continue;
break;
/* Or, check if the servicetype is auto_ */
NS_LDAP_TYPE_AUTOMOUNT) == 0 &&
sizeof (NS_LDAP_TYPE_AUTOMOUNT) - 1) == 0) {
automount++;
break;
}
}
return (rc);
/* Convert the data */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
return (NS_LDAP_OP_FAILED);
}
else
} else
/* Create the Full DN */
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS) {
if (dns) {
}
return (rc);
}
} else {
} else {
return (NS_LDAP_OP_FAILED);
}
}
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
(void) __ns_ldap_freeParam(¶mVal);
return (NS_LDAP_MEMORY);
}
(char *)(paramVal[0]));
(void) __ns_ldap_freeParam(¶mVal);
} else {
return (NS_LDAP_MEMORY);
}
}
} else {
return (NS_LDAP_MEMORY);
}
}
/* Check to see if the entry exists already */
/* May need to delete or update first */
if (create != 1) {
/* Modify the entry */
/*
* To add a shadow-like entry, the addTypedEntry function
* would call __ns_ldap_repAttr first, and if server says
* LDAP_NO_SUCH_OBJECT, then it tries __ns_ldap_addEntry.
* This is to allow a netmask entry to be added even if the
* base network entry is not in the directory. It would work
* because the difference between the schema for the network
* and netmask data contains only MAY attributes.
*
* But for shadow data, the attributes do not have MUST
* attributes the base entry needs, so if the __ns_ldap_addEntry
* is executed, it would fail. The real reason, however, is that
* the base entry did not exist. So returning
* LDAP_OBJECT_CLASS_VIOLATION would just confused.
*/
else {
(void) __ns_ldap_freeError(errorp);
}
}
} else {
/* Add the entry */
}
}
/* Free up entry created by conversion routine */
return (rc);
}
/*
* Append the default base dn to the dn
* when it ends with ','.
* e.g.
* SSD = service:ou=foo,
*/
int
const char *dn,
char **new_dn,
int *allocated,
ns_ldap_error_t **errp) {
return (NS_LDAP_INVALID_PARAM);
if (rc != NS_LDAP_SUCCESS) {
if (param)
(void) __ns_ldap_freeParam(¶m);
return (rc);
}
(void) __ns_ldap_freeParam(¶m);
return (NS_LDAP_MEMORY);
}
(void) __ns_ldap_freeParam(¶m);
return (NS_LDAP_SUCCESS);
}
/*
* Flatten the input ns_ldap_attr_t list, 'attr', and convert it into an
* ldap_strlist_t structure in buffer 'buf', to be used by ldap_cachemgr.
* The output contains a count, a list of offsets, which show where the
* corresponding copied attribute type and attribute value are located.
* For example, for dn=aaaa, userpassword=bbbb, shadowlastchange=cccc,
* the output is the ldap_strlist_t structure with: ldap_count = 6,
* (buf + ldap_offsets[0]) -> "dn"
* (buf + ldap_offsets[1]) -> "aaaa"
* (buf + ldap_offsets[2]) -> "userPassword"
* (buf + ldap_offsets[3]) -> "bbbb"
* (buf + ldap_offsets[4]) -> "shadowlastchange"
* (buf + ldap_offsets[5]) -> "cccc"
* and all the string data shown above copied into the buffer after
* the offset array. The total length of the data will be the return
* value, or -1 if error.
*/
static int
{
int c = 0;
char *ap;
int ao;
/* bufsize > strlen(dn) + strlen("dn") + 1 ('\0') */
return (-1);
/* count number of attributes */
while (*aptr++)
c++;
al->ldap_count;
return (-1);
ao += 3;
/* copy entry DN */
return (-1);
ap += 3;
return (-1);
a = *aptr;
return (-1);
return (-1);
c++;
};
return (ao);
}
/*
* Send a modify request to the ldap_cachemgr daemon
* which will use the admin credential to perform the
* operation.
*/
static int
const char *dn,
{
union {
} space;
int ndata;
int adata;
int len;
int rc;
if (len <= 0)
return (NS_LDAP_INVALID_PARAM);
case NS_CACHE_SUCCESS:
break;
case NS_CACHE_NOTFOUND:
gettext("Door call ADMINMODIFY to "
"ldap_cachemgr failed - error: %d"),
return (NS_LDAP_OP_FAILED);
default:
return (NS_LDAP_OP_FAILED);
}
else {
if (admin_result->msg_size == 0)
NULL);
else
admin_result->msg);
}
/* clean up the door call */
}
return (rc);
}