/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#include <ctype.h>
#include <libintl.h>
#include <strings.h>
#include <stdio.h>
#include <tsol/label.h>
#include "../../../lib/libsldap/common/ns_sldap.h"
#define SAME 0
struct mapping {
char *database;
char *def_type;
char *objectclass;
char *actual_db;
};
#define PUBLICKEY 0
static struct mapping maplist[] = {
{"publickey", "uidnumber", "niskeyobject", "passwd"},
{"publickey", "cn", "niskeyobject", "host"},
{"bootparams", "cn", "bootableDevice", NULL},
{"ethers", "cn", "ieee802Device", NULL},
{"group", "cn", "posixgroup", NULL},
{"hosts", "cn", "iphost", NULL},
{"ipnodes", "cn", "iphost", NULL},
{"netgroup", "cn", "nisnetgroup", NULL},
{"netmasks", "ipnetworknumber", "ipnetwork", NULL},
{"networks", "ipnetworknumber", "ipnetwork", NULL},
{"passwd", "uid", "posixaccount", NULL},
{"protocols", "cn", "ipprotocol", NULL},
{"rpc", "cn", "oncrpc", NULL},
{"services", "cn", "ipservice", NULL},
{"aliases", "cn", "mailGroup", NULL},
{"project", "SolarisProjectID", "SolarisProject", NULL},
{"printers", "printer-uri", "sunPrinter", NULL},
{"shadow", "uid", "shadowaccount", NULL},
{"auth_attr", "cn", "SolarisAuthAttr", NULL},
{"prof_attr", "cn", "SolarisProfAttr", NULL},
{"exec_attr", "cn", "SolarisExecAttr", NULL},
{"user_attr", "uid", "SolarisUserAttr", NULL},
{"tnrhtp", "ipTnetTemplateName", "ipTnetTemplate", NULL},
{"tnrhdb", "ipTnetNumber", "ipTnetHost", NULL},
{NULL, NULL, NULL, NULL}
};
#define PROF_ATTR_FILTER \
"(&(objectclass=SolarisProfAttr)(!(SolarisKernelSecurityPolicy=*))%s)"
#define TNRHTP_FILTER \
"(&(objectclass=ipTnetTemplate)(!(objectclass=ipTnetHost))%s)"
#define OC_FILTER "objectclass=%s"
#define OC_FLEN 15
#define OC_FILTER2 "(&(objectclass=%s)%s)"
#define OC_FLEN2 22
/* Malloc and print error message in case of failure */
#define MALLOC(ptr, len) \
if ((ptr = (char *)malloc(len)) == NULL) { \
(void) fprintf(stderr, gettext("out of memory\n")); \
}
/*
* Allocate memory for filter and user data. Set
* error to 1 if either of the mallocs fail.
* In addition, free the memory allocated for filter,
* if memory allocation for user data fails.
*/
#define MALLOC_FILTER_UDATA(ptr1, len1, ptr2, len2, error) \
error = 0; \
MALLOC(ptr1, len1); \
if (!ptr1) { \
error = 1; \
} \
else { \
MALLOC(ptr2, len2); \
if (!ptr2) { \
error = 1; \
free(ptr1); \
} \
}
void
printMapping()
{
int i;
(void) fprintf(stdout,
gettext("database default type objectclass\n"));
(void) fprintf(stdout,
gettext("============= ================= =============\n"));
/* first dump auto_* and automount which are not in maplist[] */
(void) fprintf(stdout, "%-15s%-20s%s\n", "auto_*", "automountKey",
"automount");
(void) fprintf(stdout, "%-15s%-20s%s\n", "automount",
"automountMapName", "automountMap");
for (i = 0; maplist[i].database != NULL; i++) {
/* skip printing shadow */
if (strcasecmp(maplist[i].database, "shadow") == 0)
continue;
if (!is_system_labeled()) {
/*
* do not print tnrhdb and tnrhtp if system is
* not configured with Trusted Extensions
*/
if ((strcasecmp(maplist[i].database, "tnrhdb") == 0) ||
(strcasecmp(maplist[i].database, "tnrhtp") == 0))
continue;
}
(void) fprintf(stdout, "%-15s%-20s%s\n", maplist[i].database,
maplist[i].def_type, maplist[i].objectclass);
}
}
/*
* set_key routine to handle user specified keys.
* A key can be of the form: attribute=value or value.
* A filter is constructed from a set of keys specified in
* the form (|(key1)(key2)...(keyn))
* It returns: NULL if no keys are defined or
* the keyfilter as constructed above.
*/
char *
set_keys(char **key, char *attrtype)
{
char *keyeq = NULL;
char *keyfilter = NULL;
int len, totlen = 1; /* Terminating NULL byte */
char *k, **karray;
char *tmpptr;
if (!key || !key[0]) /* should never contain NULL string */
return (NULL);
if (key[1]) {
totlen += 3;
/* Allocate memory for '(|)' */
MALLOC(keyfilter, totlen);
if (!keyfilter)
exit(2);
(void) snprintf(keyfilter, totlen, "(|");
}
karray = key;
while ((k = *karray) != 0) {
keyeq = strchr(k, '=');
if (keyeq) {
/* make enough room for (%s) */
totlen += strlen(k) + 2;
} else {
/* make enough room for (%s=%s) */
totlen += strlen(attrtype) + strlen(k) + 3;
}
len = keyfilter ? strlen(keyfilter) : 0;
if (!(tmpptr = (char *)realloc(keyfilter, totlen))) {
if (keyfilter)
free(keyfilter);
(void) fprintf(stderr, gettext("out of memory\n"));
exit(2);
}
keyfilter = tmpptr;
if (keyeq) {
(void) snprintf(keyfilter + len, totlen - len,
"(%s)", k);
} else {
(void) snprintf(keyfilter + len, totlen - len,
"(%s=%s)", attrtype, k);
}
karray++;
}
if (key[1]) {
/* We allocated memory for this earlier */
(void) strlcat(keyfilter, ")", totlen);
}
return (keyfilter);
}
/*
* A special set_key routine for to handle public keys.
* If the key starts with a digiti, view it as a user id.
* Otherwise, view it as a hostname.
* It returns: -1 no keys defined, 0 key defined but none for type
* specified, n>0 number of matches found.
*/
int
set_keys_publickey(char **key, char *attrtype, int type, char **ret)
{
char *keyeq = NULL;
char *keyfilter = NULL;
char *pre_filter = NULL;
char *k, **karray;
int count = 0;
int len, totlen = 1; /* Terminating NULL byte */
char *tmpptr;
if (!key || !key[0]) { /* should never contain NULL string */
*ret = NULL;
return (-1);
}
karray = key;
while ((k = *karray) != 0) {
keyeq = strchr(k, '=');
if (keyeq) {
/* make enough room for (%s) */
totlen += strlen(k) + 2;
} else {
if ((type == 0 && isdigit(*k)) ||
/* user type keys */
(type == 1 && (!isdigit(*k)))) {
/* hosts type keys */
/* make enough room for (%s=%s) */
totlen += strlen(k) + strlen(attrtype) + 3;
} else {
karray++;
continue;
}
}
len = pre_filter ? strlen(pre_filter) : 0;
if (!(tmpptr = (char *)realloc(pre_filter, totlen))) {
if (pre_filter)
free(pre_filter);
(void) fprintf(stderr, gettext("out of memory\n"));
exit(2);
}
pre_filter = tmpptr;
if (keyeq) {
(void) snprintf(pre_filter + len, totlen - len,
"(%s)", k);
} else {
(void) snprintf(pre_filter + len, totlen - len,
"(%s=%s)", attrtype, k);
}
karray++;
count++;
}
if (count > 1) {
len = strlen(pre_filter) + 4;
if (!(keyfilter = (char *)malloc(len))) {
(void) fprintf(stderr, gettext("out of memory\n"));
free(pre_filter);
exit(2);
}
(void) snprintf(keyfilter, len, "(|%s)", pre_filter);
free(pre_filter);
*ret = keyfilter;
} else
*ret = pre_filter;
return (count);
}
/*
* publickey specific set_filter
* type 0 -> check for user publickeys
* type 1 -> check for hosts publickeys
*/
char *
set_filter_publickey(char **key, char *database, int type, char **udata)
{
char *filter = NULL;
char *userdata;
char *keyfilter = NULL;
int rc;
int filterlen, udatalen;
short nomem = 0;
if (!database || !udata) {
return (NULL);
}
if (strcasecmp(database, maplist[PUBLICKEY].database) == SAME) {
rc = set_keys_publickey(key,
maplist[PUBLICKEY + type].def_type, type, &keyfilter);
switch (rc) {
case -1:
filterlen = strlen(maplist[PUBLICKEY].objectclass) + 13;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
"objectclass=%s",
maplist[PUBLICKEY].objectclass);
(void) snprintf(userdata, udatalen, "%%s");
}
break;
case 0:
return (NULL);
default:
filterlen = strlen(maplist[PUBLICKEY].objectclass) +
strlen(keyfilter) + 18;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
"(&(objectclass=%s)%s)",
maplist[PUBLICKEY].objectclass, keyfilter);
(void) snprintf(userdata, udatalen,
"(&(%%s)%s)", keyfilter);
}
}
} else {
if ((keyfilter = set_keys(key, "cn")) == NULL) {
filterlen = 14;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
"objectclass=*");
(void) snprintf(userdata, udatalen, "%%s");
}
} else {
filterlen = strlen(keyfilter) + 1;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen, "%s",
keyfilter);
(void) snprintf(userdata, udatalen,
"(&(%%s)%s)", keyfilter);
}
}
}
#ifdef DEBUG
(void) fprintf(stdout, "set_filter: filter=\"%s\"\n", filter);
(void) fprintf(stdout, "set_filter: userdata=\"%s\"\n", userdata);
#endif /* DEBUG */
if (keyfilter)
free(keyfilter);
if (nomem)
exit(2);
*udata = userdata;
return (filter);
}
/* generic set_filter, this function is not thread safe */
char *
set_filter(char **key, char *database, char **udata)
{
char *filter = NULL;
char *userdata = NULL;
char *keyfilter;
int i, filterlen, udatalen;
int rc, v2 = 1;
int dbpf, dbtp;
void **paramVal = NULL;
ns_ldap_error_t *errorp = NULL;
short nomem;
if (!database || !udata) {
return (NULL);
}
/*
* Check for version of the profile the client is using
*
* For version 1 profiles we do use nisMap and nisObject schema
* for backward compatibility with Solaris 8 clients.
*
* For version 2 profiles we use automountMap and automount as
* default attributes (which can then be overridden in libsldap
* if schema mapping is configured in the profile).
*
* If profile version is not available, use version 2 as default.
*/
rc = __ns_ldap_getParam(NS_LDAP_FILE_VERSION_P, &paramVal, &errorp);
if (rc != NS_LDAP_SUCCESS || !paramVal || !*paramVal) {
/* should print a message here: using v2 defaults */
(void) __ns_ldap_freeError(&errorp);
} else {
if (strcasecmp(*paramVal, NS_LDAP_VERSION_1) == 0)
v2 = 0;
(void) __ns_ldap_freeParam(&paramVal);
}
/*
* starts at 2 to skip over publickey databases.
* These databases are handled separately.
*/
for (i = 2; maplist[i].database != NULL; i++) {
if (strcasecmp(database, maplist[i].database) == SAME) {
dbpf = 0, dbtp = 0;
if (strcasecmp(database, "prof_attr") == 0)
dbpf = 1;
else if (strcasecmp(database, "tnrhtp") == 0)
dbtp = 1;
if ((keyfilter = set_keys(key, maplist[i].def_type))
== NULL) {
filterlen = strlen(maplist[i].objectclass);
udatalen = 3;
if (dbpf)
filterlen += strlen(PROF_ATTR_FILTER)
+ 1;
else if (dbtp)
filterlen += strlen(TNRHTP_FILTER) + 1;
else
filterlen += OC_FLEN;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
udatalen, nomem);
if (nomem)
goto done;
if (dbpf)
(void) snprintf(filter, filterlen,
PROF_ATTR_FILTER, "");
else if (dbtp)
(void) snprintf(filter, filterlen,
TNRHTP_FILTER, "");
else
(void) snprintf(filter, filterlen,
OC_FILTER,
maplist[i].objectclass);
(void) snprintf(userdata, udatalen, "%%s");
} else {
filterlen = strlen(maplist[i].objectclass) +
strlen(keyfilter);
if (dbpf)
filterlen += strlen(PROF_ATTR_FILTER)
+ 1;
else if (dbtp)
filterlen += strlen(TNRHTP_FILTER) + 1;
else
filterlen += OC_FLEN2;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
udatalen, nomem);
if (nomem)
goto done;
if (dbpf)
(void) snprintf(filter, filterlen,
PROF_ATTR_FILTER, keyfilter);
else if (dbtp)
(void) snprintf(filter, filterlen,
TNRHTP_FILTER, keyfilter);
else
(void) snprintf(filter, filterlen,
OC_FILTER2,
maplist[i].objectclass, keyfilter);
(void) snprintf(userdata, udatalen,
"(&(%%s)%s)", keyfilter);
}
goto done;
}
}
/* special cases for automounter and other services */
/* auto_* services */
if (strncasecmp(database, "auto_", 5) == SAME) {
if (v2) {
if ((keyfilter = set_keys(key, "automountKey"))
!= NULL) {
filterlen = strlen(keyfilter) + 27;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen,
userdata, udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
"(&(objectclass=automount)%s)",
keyfilter);
(void) snprintf(userdata, udatalen,
"(&(%%s)%s)", keyfilter);
}
} else {
filterlen = 22;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen,
userdata, udatalen, nomem);
if (!nomem) {
(void) strlcpy(filter,
"objectclass=automount", filterlen);
(void) strlcpy(userdata, "%s",
udatalen);
}
}
} else {
if ((keyfilter = set_keys(key, "cn")) != NULL) {
filterlen = strlen(keyfilter) + 27;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen,
userdata, udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
"(&(objectclass=nisObject)%s)",
keyfilter);
(void) snprintf(userdata, udatalen,
"(&(%%s)%s)", keyfilter);
}
} else {
filterlen = 22;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen,
userdata, udatalen, nomem);
if (!nomem) {
(void) strlcpy(filter,
"objectclass=nisObject", filterlen);
(void) strlcpy(userdata, "%s",
udatalen);
}
}
}
goto done;
}
/* automount service */
if (strcasecmp(database, "automount") == SAME) {
if (v2) {
if ((keyfilter = set_keys(key, "automountMapName"))
!= NULL) {
filterlen = strlen(keyfilter) + 30;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen,
userdata, udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
"(&(objectclass=automountMap)%s)",
keyfilter);
(void) snprintf(userdata, udatalen,
"(&(%%s)%s)", keyfilter);
}
} else {
filterlen = 25;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen,
userdata, udatalen, nomem);
if (!nomem) {
(void) strlcpy(filter,
"objectclass=automountMap",
filterlen);
(void) strlcpy(userdata, "%s",
udatalen);
}
}
} else {
if ((keyfilter = set_keys(key, "nisMapName"))
!= NULL) {
filterlen = strlen(keyfilter) + 24;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen,
userdata, udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
"(&(objectclass=nisMap)%s)",
keyfilter);
(void) snprintf(userdata, udatalen,
"(&(%%s)%s)", keyfilter);
}
} else {
filterlen = 19;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen,
userdata, udatalen, nomem);
if (!nomem) {
(void) strlcpy(filter,
"objectclass=nisMap", filterlen);
(void) strlcpy(userdata, "%s",
udatalen);
}
}
}
goto done;
}
/* other services (catch all) */
if ((keyfilter = set_keys(key, "cn")) == NULL) {
filterlen = 14;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen, userdata, udatalen,
nomem);
if (!nomem) {
(void) snprintf(filter, filterlen, "objectclass=*");
(void) strlcpy(userdata, "%s", udatalen);
}
} else {
filterlen = strlen(keyfilter) + 1;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen, userdata, udatalen,
nomem);
if (!nomem) {
(void) snprintf(filter, filterlen, "%s", keyfilter);
(void) snprintf(userdata, udatalen, "(&(%%s)%s)",
keyfilter);
}
}
done:
#ifdef DEBUG
(void) fprintf(stdout, "set_filter: filter=\"%s\"\n", filter);
(void) fprintf(stdout, "set_filter: userdata=\"%s\"\n", userdata);
#endif /* DEBUG */
if (keyfilter)
free(keyfilter);
if (nomem)
exit(2);
*udata = userdata;
return (filter);
}