/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/* libsldap - cachemgr side configuration components */
#include <stdio.h>
#include <stdlib.h>
#include <libintl.h>
#include <string.h>
#include <ctype.h>
#include <fcntl.h>
#include <unistd.h>
#include <syslog.h>
#include <locale.h>
#include <errno.h>
#include "ns_sldap.h"
#include "ns_internal.h"
#include "ns_cache_door.h"
/*
* **************************************************************
* Configuration File Routines
* **************************************************************
*/
/* Size of the errstr buffer needs to be MAXERROR */
static int
{
int linelen;
char c;
*errstr = '\0';
if (c == EOF)
break;
switch (c) {
case '\n':
/* Continuation line found */
--linelen;
} else {
/* end of line found */
return (linelen);
}
break;
default:
}
}
gettext("Buffer overflow, line too long."));
return (-2);
gettext("Unterminated continuation line."));
return (-2);
} else {
/* end of file */
}
}
static ns_parse_status
{
ParamIndexType i = 0;
int ret;
int linelen;
char *file;
if (cred_file) {
file = NSCREDFILE;
} else {
file = NSCONFIGFILE;
}
gettext("Unable to open filename '%s' "
return (NS_NOTFOUND);
}
emptyfile = 1;
lineno = 0;
for (; ; ) {
errstr)) < 0)
/* End of file */
break;
lineno++;
if (linelen == 0)
continue;
/* get rid of comment lines */
if (buffer[0] == '#')
continue;
emptyfile = 0;
gettext("Missing Name or Value on line %d."),
lineno);
return (NS_PARSE_ERR);
}
gettext("Illegal profile type on line %d."),
lineno);
return (NS_PARSE_ERR);
}
if (!first && i == NS_LDAP_FILE_VERSION_P) {
gettext("Illegal NS_LDAP_FILE_VERSION "
"on line %d."), lineno);
return (NS_PARSE_ERR);
}
first = 0;
switch (__s_api_get_configtype(i)) {
case SERVERCONFIG:
case CLIENTCONFIG:
if (cred_file == 0) {
error);
if (ret != NS_SUCCESS) {
return (ret);
}
} else if (i != NS_LDAP_FILE_VERSION_P) {
gettext("Illegal entry in '%s' on "
return (NS_PARSE_ERR);
}
break;
case CREDCONFIG:
if (i == NS_LDAP_FILE_VERSION_P)
break;
if (cred_file) {
error);
if (ret != NS_SUCCESS) {
return (ret);
}
} else {
gettext("Illegal entry in '%s' on "
return (NS_PARSE_ERR);
}
}
}
/* Error in read_line */
NULL);
return (NS_PARSE_ERR);
}
if (linelen == -2) {
/* Error in read_line */
NULL);
return (NS_PARSE_ERR);
}
return (NS_SUCCESS);
}
static
char *attr_name,
char *attr_val,
{
return (NS_LDAP_INVALID_PARAM);
}
/*
* This double call is made due to the presence of
* two sets of LDAP config. attribute names.
* An LDAP configuration can be obtained either from a server
* or from SMF. The former sends a DUA with attributes' names
* styled like "preferredServerList". But local configurations
* "NS_LDAP_SERVER_PREF".
* So, the standalone bits are able to process both sets of
* attributes' names.
*/
gettext("Ignoring unrecognized DUAProfile property: <%s>."),
NULL);
(void) __ns_ldap_freeError(errorp);
return (NS_LDAP_SUCCESS);
}
}
/*
* This function creates a configuration which will be used
* for all LDAP requests in the Standalone mode.
*
* INPUT:
* config - a buffer returned by __ns_ldap_getConnectionInfo()'s
* dua_profile parameter.
*
*/
{
return (NULL);
return (NULL);
}
if (!attr) {
gettext("DUAProfile received from the server"
" has bad format"));
return (NULL);
}
do {
return (NULL);
}
/* Get the version of the profile. */
errorp) != NS_LDAP_SUCCESS) {
return (NULL);
}
} else if (strcasecmp(attrVal,
_PROFILE1_OBJECTCLASS) == 0) {
errorp) != NS_LDAP_SUCCESS) {
return (NULL);
}
}
continue;
}
return (NULL);
}
!= NS_SUCCESS) {
return (NULL);
}
return (configStruct);
}
/*
* Cache Manager side of configuration file loading
*/
{
ptr = __s_api_create_config();
gettext("__ns_ldap_LoadConfiguration: Out of memory."));
return (error);
}
/* Load in Configuration file */
if (ret != NS_SUCCESS) {
return (error);
}
/* Load in Credential file */
if (ret != NS_SUCCESS) {
return (error);
}
return (error);
}
return (NULL);
}
int
{
int newsz = 0;
int newmax = 0;
char *str;
return (-1);
}
/* Round up to next buffer and add 1 */
else {
/*
* if realloc() returns NULL,
* the original buffer is untouched.
* It needs to be freed.
*/
}
else
}
return (-1);
}
}
/* now add new 'toprint' data to buffer */
}
return (0);
}
/*
* __ns_ldap_LoadDoorInfo is a routine used by the ldapcachemgr
* to create a configuration buffer to transmit back to a client
* domainname is transmitted to ldapcachemgr and ldapcachemgr uses
* it to select a configuration to transmit back. Otherwise it
* is essentially unused in sldap.
* If cred_only is not 0, then only the credentials for shadow
* update are taken care of.
*/
{
char *str;
ParamIndexType i = 0;
int len;
/*
* If new is NULL, it outputs the flatten data of current default
* config, if it's non-NULL, it outputs the flatten data of a temporary
* config. It's used to compare the new config data with the current
* default config data.
*/
else
gettext("No configuration information available for %s."),
return (errorp);
}
for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) {
if (cred_only) {
/* only exposed credential for shadow update */
if (i != NS_LDAP_ADMIN_BINDDN_P &&
continue;
} else {
/* credential for shadow update is not to be exposed */
if (i == NS_LDAP_ADMIN_BINDDN_P ||
continue;
}
continue;
gettext("__print2buf: Out of memory."));
return (errorp);
}
}
/*
* The new interface of the configuration between ldap_cachemgr
* & libsldap contains a header structure ldap_config_out_t.
* The flatten configuration data configinfo->str is cloned
* to cout->config_str, configinfo->len is saved in
* cout->data_size and cout->cookie is set later after this function
* is returned in ldap_cachemgr.
* configinfo->str & configinfo->len are reused to save info of
* header + data.
* The format:
* [cookie|data_size|config_str .............]
*/
if (configinfo->str) {
len = sizeof (ldap_config_out_t) - sizeof (int) +
configinfo->len = 0;
gettext("calloc: Out of memory."));
return (errorp);
}
/*
* cout->cookie is set by the caller,
* which is in ldap_cachemgr.
*/
configinfo->len);
}
return (NULL);
}
{
char *str;
ParamIndexType i = 0;
gettext("No configuration information available."));
NULL);
return (errorp);
}
} else {
gettext("Unable to open filename %s for ldif "
return (errorp);
}
}
"ldif fields not present"));
NULL);
return (errorp);
}
/*
* Construct DN, but since this is the profile, there is no need
* to worry about mapping. The profile itself can not be mapped
*/
/* dump objectclass names */
} else {
}
/* For each parameter - construct value */
for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) {
continue;
/*
* don't dump binddn, bind password, admin binddn, admin
* bind password, enableShadowUpdate flag, or cert path
* as they are not part of version 2 profiles
*/
if ((i != NS_LDAP_BINDDN_P) &&
(i != NS_LDAP_BINDPASSWD_P) &&
(i != NS_LDAP_ADMIN_BINDDN_P) &&
(i != NS_LDAP_ADMIN_BINDPASSWD_P) &&
(i != NS_LDAP_ENABLE_SHADOW_UPDATE_P) &&
(i != NS_LDAP_HOST_CERTPATH_P))
}
return (NULL);
}
/*
* the credential files at the same time.
* files is char *[3] = { "config", "cred", NULL };
*/
static
{
char *filename;
int fi;
int docred;
char *str;
ParamIndexType i = 0;
int rc;
int cfgtype;
gettext("No configuration information available."));
NULL);
return (errorp);
}
docred = 0;
continue;
if (fi == 1)
docred++;
gettext("Unable to open filename %s"
" for configuration dump (%s)."),
return (errorp);
}
if (rc == 0) {
gettext("Unable to set permissions for file"
" %s for configuration dump (%s)."),
break;
}
} else {
gettext("Unable to set permissions for file"
" %s for configuration dump (%s)."),
break;
}
}
"Writing to file %s for configuration dump failed "
}
/* assume VERSION is set and it outputs first */
/* For each parameter - construct value */
for (i = 0; !file_export_error && (i <= NS_LDAP_MAX_PIT_P);
i++) {
continue;
continue;
gettext("Writing to file %s for"
"configuration dump failed (%s)."),
}
}
/* Break if error already hit */
if (file_export_error)
break;
"Writing to file %s for configuration dump failed "
"during file close (%s)."), filename,
break;
}
}
if (file_export_error) {
}
return (errorp);
}
{
}
return (ret);
}
/*
* **************************************************************
* Misc Routines
* **************************************************************
*/
{
int l, m;
char *attrname;
char **attrval;
int prof_ver;
char *sepstr;
return (NULL);
gettext("Configuration Error: More than one profile "
"found"));
(void) __ns_ldap_freeError(&errorp);
return (NULL);
}
ptr = __s_api_create_config();
return (NULL);
return (NULL);
}
/* Check to see if the profile is version 1 or version 2 */
prof_ver = 1;
for (l = 0; l < entry->attr_count; l++) {
continue;
for (m = 0; m < attr->value_count; m++) {
prof_ver = 2;
break;
}
}
}
}
/* update the configuration to accept v1 or v2 attributes */
if (prof_ver == 1) {
} else {
}
for (l = 0; l < entry->attr_count; l++) {
continue;
continue;
switch (index) {
case NS_LDAP_SEARCH_DN_P:
case NS_LDAP_ATTRIBUTEMAP_P:
case NS_LDAP_OBJECTCLASSMAP_P:
/* Multiple Value - insert 1 at a time */
for (m = 0; m < attr->value_count; m++) {
}
break;
default:
/* Single or Multiple Value */
for (m = 0; m < attr->value_count; m++) {
}
goto makeconfigerror;
}
&error);
}
break;
}
}
&error);
}
CHARPTR) {
(void) __ns_ldap_setParamValue(ptr,
&error);
}
char *valt;
}
CHARPTR) {
(void) __ns_ldap_setParamValue(ptr,
&error);
}
CHARPTR) {
(void) __ns_ldap_setParamValue(ptr,
curr_ptr->
&error);
}
CHARPTR) {
(void) __ns_ldap_setParamValue(ptr,
&error);
}
}
return (ptr);
"__ns_ldap_make_config: Not enough memory");
return (NULL);
}
/*
* Download a profile into our internal structure. The calling application
* needs to DumpConfig() to save the information to NSCONFIGFILE and NSCREDFILE
* if desired.
*/
int
{
int rc;
return (NS_LDAP_INVALID_PARAM);
gettext("No configuration information available."));
NULL);
return (NS_LDAP_CONFIG);
}
errorp);
if (rc != NS_LDAP_SUCCESS) {
return (rc);
}
if (rc != NS_LDAP_SUCCESS)
return (rc);
if (rc != NS_LDAP_SUCCESS)
return (rc);
(void) __ns_ldap_freeResult(&result);
return (NS_LDAP_OP_FAILED);
if (rc != NS_LDAP_SUCCESS) {
NULL);
return (NS_LDAP_CONFIG);
}
return (rc);
}
/*
* **************************************************************
* Configuration Printing Routines
* **************************************************************
*/
/*
* Yes the use of stdio is okay here because all we are doing is sending
* output to stdout. This would not be necessary if we could get to the
* configuration pointer outside this file.
*/
{
char *str;
int i;
return (errorp);
gettext("No configuration information."));
return (errorp);
}
}
(void) putchar('\n');
}
/* For each parameter - construct value */
for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) {
/*
* Version 1 skipped this entry because:
*
* don't print default cache TTL for now since
* we don't store it in the ldap_client_file.
*/
continue;
/* the credential for shadow update is not to be exposed */
if (i == NS_LDAP_ADMIN_BINDDN_P ||
continue;
continue;
if (verbose)
(void) putchar('\t');
}
return (NULL);
}