2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <synch.h>
27 #include <strings.h>
28 #include <sys/time.h>
29 #include <ctype.h>
30
31 #include "ldap_op.h"
32 #include "ldap_util.h"
33 #include "ldap_structs.h"
34 #include "ldap_ruleval.h"
35 #include "ldap_attr.h"
36 #include "ldap_print.h"
37 #include "ldap_glob.h"
38
39 #include "nis_parse_ldap_conf.h"
40
41 #ifndef LDAPS_PORT
498
499 void
500 decrementRC(__nis_ldap_conn_t *lc) {
501 if (lc == 0)
502 return;
503
504 (void) mutex_lock(&lc->rcMutex);
505 if (lc->refCount > 0)
506 lc->refCount--;
507 (void) mutex_unlock(&lc->rcMutex);
508 }
509
510 /* Accept a server/port indication, and call ldap_init() */
511 static LDAP *
512 ldapInit(char *srv, int port, bool_t use_ssl) {
513 LDAP *ld;
514 int ldapVersion = LDAP_VERSION3;
515 int derefOption = LDAP_DEREF_ALWAYS;
516 int timelimit = proxyInfo.search_time_limit;
517 int sizelimit = proxyInfo.search_size_limit;
518 char *myself = "ldapInit";
519
520 if (srv == 0)
521 return (0);
522
523 if (use_ssl) {
524 ld = ldapssl_init(srv, port, 1);
525 } else {
526 ld = ldap_init(srv, port);
527 }
528
529 if (ld != 0) {
530 (void) ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
531 &ldapVersion);
532 (void) ldap_set_option(ld, LDAP_OPT_DEREF, &derefOption);
533 (void) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
534 (void) ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
535 (void) ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &sizelimit);
536 (void) ldap_set_option(ld, LDAP_OPT_REBIND_ARG, 0);
537 }
538
601 }
602
603 if (ret != LDAP_SUCCESS) {
604 (void) ldap_unbind_s(ld);
605 *ldP = 0;
606 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
607 "%s: Unable to bind as: %s: %s",
608 myself, who, ldap_err2string(ret));
609 }
610
611 return (ret);
612 }
613
614 /*
615 * Free 'lc' and all related memory. Caller must hold the exclusive lock.
616 * Return LDAP_UNAVAILABLE upon success, in which case the caller mustn't
617 * try to use the structure pointer in any way.
618 */
619 static int
620 freeCon(__nis_ldap_conn_t *lc) {
621 char *myself = "freeCon";
622
623 if (!assertExclusive(lc))
624 return (LDAP_PARAM_ERROR);
625
626 incrementRC(lc);
627
628 /* Must be unused, unbound, and not on the 'ldapCon' list */
629 if (lc->onList || lc->refCount != 1 || lc->isBound) {
630 lc->doDel++;
631 decrementRC(lc);
632 return (LDAP_BUSY);
633 }
634
635 sfree(lc->sp);
636 sfree(lc->who);
637 sfree(lc->cred);
638
639 /* Delete structure with both mutex:es held */
640
641 free(lc);
1017
1018 if (serverList == 0)
1019 return (LDAP_PARAM_ERROR);
1020
1021 (void) rw_wrlock(&ldapConLock);
1022
1023 if (ldapCon != 0) {
1024 /* Assume we've already been called and done the set-up */
1025 (void) rw_unlock(&ldapConLock);
1026 return (LDAP_SUCCESS);
1027 }
1028
1029 /* Work on a copy of 'serverList' */
1030 sl = sls = sdup(myself, T, serverList);
1031 if (sl == 0) {
1032 (void) rw_unlock(&ldapConLock);
1033 return (LDAP_NO_MEMORY);
1034 }
1035
1036 /* Remove leading white space */
1037 for (0; *sl == ' ' || *sl == '\t'; sl++);
1038
1039 /* Create connection for each server on the list */
1040 for (s = sl; *s != '\0'; s = e+1) {
1041 int l;
1042
1043 /* Find end of server/port token */
1044 for (e = s; *e != ' ' && *e != '\t' && *e != '\0'; e++);
1045 if (*e != '\0')
1046 *e = '\0';
1047 else
1048 e--;
1049 l = slen(s);
1050
1051 if (l > 0) {
1052 lc = createCon(s, who, cred, method, 0);
1053 if (lc == 0) {
1054 free(sls);
1055 (void) rw_unlock(&ldapConLock);
1056 return (LDAP_NO_MEMORY);
1057 }
2210 }
2211
2212 /*
2213 * Modify the specified 'dn' per the attribute names/values in 'rv'.
2214 * If 'rv' is NULL, we attempt to delete the entire entry.
2215 *
2216 * The 'objClassAttrs' parameter is needed if the entry must be added
2217 * (i.e., created), or a modify fails with an object class violation.
2218 *
2219 * If 'addFirst' is set, we try an add before a modify; modify before
2220 * add otherwise (ignored if we're deleting).
2221 */
2222 int
2223 ldapModify(char *dn, __nis_rule_value_t *rv, char *objClassAttrs,
2224 int addFirst) {
2225 int stat, add = 0;
2226 LDAPMod **mods = 0;
2227 __nis_ldap_conn_t *lc;
2228 struct timeval tv;
2229 LDAPMessage *msg = 0;
2230 char *myself = "ldapModify";
2231 int msgid;
2232 int lderr;
2233 char **referralsp = NULL;
2234 bool_t delete = FALSE;
2235
2236 if (dn == 0)
2237 return (LDAP_PARAM_ERROR);
2238
2239 if ((lc = findCon(&stat)) == 0)
2240 return (stat);
2241
2242 if (rv == 0) {
2243 delete = TRUE;
2244 /* Simple case: if rv == 0, try to delete the entire entry */
2245 msgid = ldap_delete(lc->ld, dn);
2246 if (msgid == -1) {
2247 (void) ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER,
2248 &stat);
2249 goto cleanup;
2250 }
|
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2015 Gary Mills
23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #include <synch.h>
28 #include <strings.h>
29 #include <sys/time.h>
30 #include <ctype.h>
31
32 #include "ldap_op.h"
33 #include "ldap_util.h"
34 #include "ldap_structs.h"
35 #include "ldap_ruleval.h"
36 #include "ldap_attr.h"
37 #include "ldap_print.h"
38 #include "ldap_glob.h"
39
40 #include "nis_parse_ldap_conf.h"
41
42 #ifndef LDAPS_PORT
499
500 void
501 decrementRC(__nis_ldap_conn_t *lc) {
502 if (lc == 0)
503 return;
504
505 (void) mutex_lock(&lc->rcMutex);
506 if (lc->refCount > 0)
507 lc->refCount--;
508 (void) mutex_unlock(&lc->rcMutex);
509 }
510
511 /* Accept a server/port indication, and call ldap_init() */
512 static LDAP *
513 ldapInit(char *srv, int port, bool_t use_ssl) {
514 LDAP *ld;
515 int ldapVersion = LDAP_VERSION3;
516 int derefOption = LDAP_DEREF_ALWAYS;
517 int timelimit = proxyInfo.search_time_limit;
518 int sizelimit = proxyInfo.search_size_limit;
519
520 if (srv == 0)
521 return (0);
522
523 if (use_ssl) {
524 ld = ldapssl_init(srv, port, 1);
525 } else {
526 ld = ldap_init(srv, port);
527 }
528
529 if (ld != 0) {
530 (void) ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
531 &ldapVersion);
532 (void) ldap_set_option(ld, LDAP_OPT_DEREF, &derefOption);
533 (void) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
534 (void) ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
535 (void) ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &sizelimit);
536 (void) ldap_set_option(ld, LDAP_OPT_REBIND_ARG, 0);
537 }
538
601 }
602
603 if (ret != LDAP_SUCCESS) {
604 (void) ldap_unbind_s(ld);
605 *ldP = 0;
606 logmsg(MSG_NOTIMECHECK, LOG_WARNING,
607 "%s: Unable to bind as: %s: %s",
608 myself, who, ldap_err2string(ret));
609 }
610
611 return (ret);
612 }
613
614 /*
615 * Free 'lc' and all related memory. Caller must hold the exclusive lock.
616 * Return LDAP_UNAVAILABLE upon success, in which case the caller mustn't
617 * try to use the structure pointer in any way.
618 */
619 static int
620 freeCon(__nis_ldap_conn_t *lc) {
621
622 if (!assertExclusive(lc))
623 return (LDAP_PARAM_ERROR);
624
625 incrementRC(lc);
626
627 /* Must be unused, unbound, and not on the 'ldapCon' list */
628 if (lc->onList || lc->refCount != 1 || lc->isBound) {
629 lc->doDel++;
630 decrementRC(lc);
631 return (LDAP_BUSY);
632 }
633
634 sfree(lc->sp);
635 sfree(lc->who);
636 sfree(lc->cred);
637
638 /* Delete structure with both mutex:es held */
639
640 free(lc);
1016
1017 if (serverList == 0)
1018 return (LDAP_PARAM_ERROR);
1019
1020 (void) rw_wrlock(&ldapConLock);
1021
1022 if (ldapCon != 0) {
1023 /* Assume we've already been called and done the set-up */
1024 (void) rw_unlock(&ldapConLock);
1025 return (LDAP_SUCCESS);
1026 }
1027
1028 /* Work on a copy of 'serverList' */
1029 sl = sls = sdup(myself, T, serverList);
1030 if (sl == 0) {
1031 (void) rw_unlock(&ldapConLock);
1032 return (LDAP_NO_MEMORY);
1033 }
1034
1035 /* Remove leading white space */
1036 for (; *sl == ' ' || *sl == '\t'; sl++);
1037
1038 /* Create connection for each server on the list */
1039 for (s = sl; *s != '\0'; s = e+1) {
1040 int l;
1041
1042 /* Find end of server/port token */
1043 for (e = s; *e != ' ' && *e != '\t' && *e != '\0'; e++);
1044 if (*e != '\0')
1045 *e = '\0';
1046 else
1047 e--;
1048 l = slen(s);
1049
1050 if (l > 0) {
1051 lc = createCon(s, who, cred, method, 0);
1052 if (lc == 0) {
1053 free(sls);
1054 (void) rw_unlock(&ldapConLock);
1055 return (LDAP_NO_MEMORY);
1056 }
2209 }
2210
2211 /*
2212 * Modify the specified 'dn' per the attribute names/values in 'rv'.
2213 * If 'rv' is NULL, we attempt to delete the entire entry.
2214 *
2215 * The 'objClassAttrs' parameter is needed if the entry must be added
2216 * (i.e., created), or a modify fails with an object class violation.
2217 *
2218 * If 'addFirst' is set, we try an add before a modify; modify before
2219 * add otherwise (ignored if we're deleting).
2220 */
2221 int
2222 ldapModify(char *dn, __nis_rule_value_t *rv, char *objClassAttrs,
2223 int addFirst) {
2224 int stat, add = 0;
2225 LDAPMod **mods = 0;
2226 __nis_ldap_conn_t *lc;
2227 struct timeval tv;
2228 LDAPMessage *msg = 0;
2229 int msgid;
2230 int lderr;
2231 char **referralsp = NULL;
2232 bool_t delete = FALSE;
2233
2234 if (dn == 0)
2235 return (LDAP_PARAM_ERROR);
2236
2237 if ((lc = findCon(&stat)) == 0)
2238 return (stat);
2239
2240 if (rv == 0) {
2241 delete = TRUE;
2242 /* Simple case: if rv == 0, try to delete the entire entry */
2243 msgid = ldap_delete(lc->ld, dn);
2244 if (msgid == -1) {
2245 (void) ldap_get_option(lc->ld, LDAP_OPT_ERROR_NUMBER,
2246 &stat);
2247 goto cleanup;
2248 }
|