Print this page
5910 libnisdb won't build with modern GCC
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libnisdb/nis_parse_ldap_conf.c
+++ new/usr/src/lib/libnisdb/nis_parse_ldap_conf.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 + * Copyright 2015 Gary Mills
22 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 24 * Use is subject to license terms.
24 25 */
25 26
26 27 #include <stdio.h>
27 28 #include <string.h>
28 29 #include <stdlib.h>
29 30 #include <ctype.h>
30 31 #include <fcntl.h>
31 32 #include <unistd.h>
32 33 #include <errno.h>
33 34 #include <locale.h>
34 35 #include <sys/stat.h>
35 36 #include <lber.h>
36 37 #include <ldap.h>
37 38 #include <deflt.h>
38 39
39 40 #include "ldap_map.h"
40 41
41 42 #include "ldap_parse.h"
42 43 #include "ldap_glob.h"
43 44 #include "nis_parse_ldap_conf.h"
44 45
45 46 __nis_ldap_proxy_info proxyInfo =
46 47 {NULL, (auth_method_t)NO_VALUE_SET, (tls_method_t)NO_VALUE_SET, NULL,
47 48 NULL, NULL, NULL, NULL, (follow_referral_t)NO_VALUE_SET};
48 49 __nis_config_t ldapConfig;
49 50 __nisdb_table_mapping_t ldapDBTableMapping;
50 51 __nis_table_mapping_t *ldapTableMapping = NULL;
51 52 __yp_domain_context_t ypDomains;
52 53
53 54 parse_error p_error = no_parse_error;
54 55 int cur_line_num = 0;
55 56 int start_line_num = 0;
56 57 int seq_num = 0;
57 58 const char *warn_file = NULL;
58 59
59 60 char _key_val[38];
60 61 const char *command_line_source = NULL;
61 62 const char *file_source = NULL;
62 63 const char *ldap_source = NULL;
63 64
64 65 static
65 66 const char *const *cmdline_config = NULL;
66 67 static bool_t got_config_data = FALSE;
67 68
68 69 /* high level parsing functions functions */
69 70 static int parse_ldap_cmd_line(const char *const *cmdline_options,
70 71 __nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
71 72 __nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
72 73 __nisdb_table_mapping_t *table_info);
73 74 static int parse_ldap_default_conf(__nis_ldap_proxy_info *proxy_info,
74 75 __nis_config_t *nis_config, __nis_config_info_t *config_info,
75 76 __nisdb_table_mapping_t *table_info);
76 77 static int parse_ldap_config_file(const char *config_file,
|
↓ open down ↓ |
45 lines elided |
↑ open up ↑ |
77 78 __nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
78 79 __nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
79 80 __nisdb_table_mapping_t *table_info);
80 81 static int parse_ldap_config_dn_attrs(__nis_ldap_proxy_info *proxy_info,
81 82 __nis_config_t *nis_config, __nis_table_mapping_t **table_mapping,
82 83 __nis_config_info_t *config_info, __nisdb_table_mapping_t *table_info);
83 84 static int yp_parse_ldap_default_conf(__nis_ldap_proxy_info *proxy_info,
84 85 __nis_config_t *nis_config, __nis_config_info_t *config_info,
85 86 __nisdb_table_mapping_t *table_info);
86 87
88 +/* Forward declarations */
89 +int yp_parse_ldap_config_file(const char *, __nis_ldap_proxy_info *,
90 + __nis_config_t *, __nis_table_mapping_t **, __nis_config_info_t *,
91 + __nisdb_table_mapping_t *, __yp_domain_context_t *);
87 92
93 +
88 94 /* helper functions */
89 95 static config_key get_attrib_num_cmdline(const char *s,
90 96 const char **begin_s, const char **end_s);
91 97 static config_key get_file_attr_val(int fd, char **attr_val);
92 98 static void get_attribute_list(
93 99 const __nis_ldap_proxy_info *proxy_info,
94 100 const __nis_config_t *nis_config,
95 101 const __nis_config_info_t *config_info,
96 102 const __nisdb_table_mapping_t *table_info,
97 103 char **ldap_config_attributes);
98 104
99 105 /*
100 106 * FUNCTION: parse_ldap_migration
101 107 *
102 108 * Parses the information for LDAP. The values are first
103 109 * obtained from the command line, secondly from the preference
104 110 * file, and finally from an LDAP profile (if so configured in
105 111 * the command line or preference file). Any unset values will
106 112 * be set to their default values.
107 113 *
108 114 * If no command line options, no settings in the /etc/default
109 115 * configuration file, and no mapping file, then no mapping
110 116 * should be used.
111 117 *
112 118 * RETURN VALUE:
113 119 * 0 Success
114 120 * -1 Config file stat/open or parse error
115 121 * 1 No mapping should be used.
116 122 *
117 123 * INPUT: command line parameters, configuration file
118 124 */
119 125
120 126 int
|
↓ open down ↓ |
23 lines elided |
↑ open up ↑ |
121 127 parse_ldap_migration(
122 128 const char *const *cmdline_options,
123 129 const char *config_file)
124 130 {
125 131 int rc = 0;
126 132 __nis_config_info_t config_info
127 133 = {NULL, NULL, (auth_method_t)NO_VALUE_SET,
128 134 (tls_method_t)NO_VALUE_SET, NULL,
129 135 NULL, NULL};
130 136 struct stat buf;
131 - int i = 0;
132 137
133 138 p_error = no_parse_error;
134 139
135 140 if (verbose)
136 141 report_info("Getting LDAP configuration", NULL);
137 142
138 143 initialize_parse_structs(&proxyInfo, &ldapConfig, &ldapDBTableMapping);
139 144
140 145 if (yp2ldap)
141 146 initialize_yp_parse_structs(&ypDomains);
142 147
143 148 if (cmdline_options != NULL) {
144 149 got_config_data = TRUE;
145 150 /* NIS to LDAP does not read command line attributes */
146 151 if (!yp2ldap)
147 152 rc = parse_ldap_cmd_line(cmdline_options, &proxyInfo,
148 153 &ldapConfig, &ldapTableMapping, &config_info,
149 154 &ldapDBTableMapping);
150 155 else
151 156 rc = 0;
152 157 }
153 158
154 159 if (rc == 0) {
155 160 if (yp2ldap)
156 161 rc = yp_parse_ldap_default_conf(&proxyInfo, &ldapConfig,
157 162 &config_info, &ldapDBTableMapping);
158 163 else
159 164 rc = parse_ldap_default_conf(&proxyInfo, &ldapConfig,
160 165 &config_info, &ldapDBTableMapping);
161 166 }
162 167
163 168 if (config_file == NULL) {
164 169 if (yp2ldap) {
165 170 if (stat(YP_DEFAULT_MAPPING_FILE, &buf) == 0)
166 171 config_file = YP_DEFAULT_MAPPING_FILE;
167 172 } else {
168 173 if (stat(DEFAULT_MAPPING_FILE, &buf) == 0)
169 174 config_file = DEFAULT_MAPPING_FILE;
170 175 }
171 176 }
172 177
173 178 if (rc == 0 && config_file != NULL) {
174 179 got_config_data = TRUE;
175 180 warn_file = config_file;
176 181 cmdline_config = cmdline_options;
177 182 if (yp2ldap)
178 183 rc = yp_parse_ldap_config_file(config_file, &proxyInfo,
179 184 &ldapConfig, &ldapTableMapping, &config_info,
180 185 &ldapDBTableMapping, &ypDomains);
181 186 else
182 187 rc = parse_ldap_config_file(config_file, &proxyInfo,
183 188 &ldapConfig, &ldapTableMapping, &config_info,
184 189 &ldapDBTableMapping);
185 190
186 191 warn_file = NULL;
187 192 cmdline_config = NULL;
188 193 }
189 194 if (rc == 0 && (config_info.config_dn != NULL) &&
190 195 (config_info.config_dn[0] != '\0')) {
191 196 rc = parse_ldap_config_dn_attrs(&proxyInfo,
192 197 &ldapConfig, &ldapTableMapping, &config_info,
193 198 &ldapDBTableMapping);
194 199 }
195 200
196 201 free_config_info(&config_info);
197 202
198 203 if (rc == 0 && got_config_data == FALSE)
199 204 rc = 1;
200 205
201 206 set_default_values(&proxyInfo, &ldapConfig, &ldapDBTableMapping);
202 207
203 208 if (yp2ldap == 1 && rc == 0) {
204 209 rc = second_parser_pass(&ldapTableMapping);
205 210 if (rc == 0)
206 211 rc = final_parser_pass(&ldapTableMapping, &ypDomains);
207 212 if (rc == -2)
208 213 return (-1);
209 214 }
210 215
211 216 if (rc == 0)
212 217 rc = finish_parse(&proxyInfo, &ldapTableMapping);
213 218
214 219 if (rc == 0)
215 220 rc = linked2hash(ldapTableMapping);
216 221
217 222 if ((rc == 0) && yptol_mode)
218 223 rc = map_id_list_init();
219 224
220 225 if (rc != 0) {
221 226 free_parse_structs();
222 227 } else if (verbose)
223 228 report_info("LDAP configuration complete", NULL);
224 229 return (rc);
225 230 }
226 231
227 232 /*
228 233 * FUNCTION: parse_ldap_cmd_line
229 234 *
230 235 * Parses the information for LDAP from the command line
231 236 *
232 237 * RETURN VALUE: 0 on success, -1 on failure
233 238 *
234 239 * INPUT: command line values
235 240 */
236 241
237 242 static int
238 243 parse_ldap_cmd_line(
239 244 const char *const *cmdline_options,
240 245 __nis_ldap_proxy_info *proxy_info,
241 246 __nis_config_t *nis_config,
242 247 __nis_table_mapping_t **table_mapping,
243 248 __nis_config_info_t *config_info,
244 249 __nisdb_table_mapping_t *table_info)
245 250 {
246 251 int rc = 0;
247 252 config_key attrib_num;
248 253 const char *begin_s;
249 254 const char *end_s;
250 255
251 256 if (verbose)
252 257 report_info("Command line values: ", NULL);
253 258 while (*cmdline_options != NULL) {
254 259 if (verbose)
255 260 report_info("\t", *cmdline_options);
256 261
257 262 attrib_num = get_attrib_num_cmdline(
258 263 *cmdline_options, &begin_s, &end_s);
259 264 if (attrib_num == key_bad) {
260 265 command_line_source = "command line";
261 266 report_error(*cmdline_options, NULL);
262 267 command_line_source = NULL;
263 268 rc = -1;
264 269 break;
265 270 } else if (IS_CONFIG_KEYWORD(attrib_num)) {
266 271 rc = add_config_attribute(attrib_num,
267 272 begin_s, end_s - begin_s, config_info);
268 273 } else if (IS_BIND_INFO(attrib_num)) {
269 274 rc = add_bind_attribute(attrib_num,
270 275 begin_s, end_s - begin_s, proxy_info);
271 276 } else if (IS_OPER_INFO(attrib_num)) {
272 277 rc = add_operation_attribute(attrib_num,
273 278 begin_s, end_s - begin_s, nis_config,
274 279 table_info);
275 280 } else {
276 281 rc = add_mapping_attribute(attrib_num,
277 282 begin_s, end_s - begin_s, table_mapping);
278 283 }
279 284
280 285 if (rc < 0) {
281 286 command_line_source = "command line";
282 287 report_error(begin_s, _key_val);
283 288 command_line_source = NULL;
284 289 break;
285 290 }
286 291 cmdline_options++;
287 292 }
288 293 return (rc);
289 294 }
290 295
291 296 static int
292 297 parse_ldap_default_conf(
293 298 __nis_ldap_proxy_info *proxy_info,
294 299 __nis_config_t *nis_config,
295 300 __nis_config_info_t *config_info,
296 301 __nisdb_table_mapping_t *table_info)
297 302 {
298 303 int rc = 0;
299 304 char *ldap_config_attributes[n_config_keys];
300 305 char attr_buf[128];
301 306 char *attr;
302 307 char *attr_val;
303 308 int defflags;
304 309 config_key attrib_num;
305 310 int i;
306 311 int len;
307 312 int attr_len;
308 313 void *defp;
309 314
310 315 if ((defp = defopen_r(ETCCONFFILE)) != NULL) {
311 316 file_source = ETCCONFFILE;
312 317 if (verbose)
313 318 report_info("default configuration values: ", NULL);
314 319 /* Set defread_r() to be case insensitive */
315 320 defflags = defcntl_r(DC_GETFLAGS, 0, defp);
316 321 TURNOFF(defflags, DC_CASE);
317 322 (void) defcntl_r(DC_SETFLAGS, defflags, defp);
318 323
319 324 get_attribute_list(proxy_info, nis_config, config_info,
320 325 table_info, ldap_config_attributes);
321 326 i = 0;
322 327 while ((attr = ldap_config_attributes[i++]) != NULL) {
323 328 (void) strlcpy(attr_buf, attr, sizeof (attr_buf));
324 329 /*
325 330 * if nisplusUpdateBatching, make sure
326 331 * we don't match nisplusUpdateBatchingTimeout
327 332 */
328 333 if (strcmp(attr, UPDATE_BATCHING) == 0) {
329 334 attr_len = strlen(attr);
330 335 attr_buf[attr_len] = '=';
331 336 attr_buf[attr_len + 1] = '\0';
332 337 attr_val = defread_r(attr_buf, defp);
333 338
334 339 if (attr_val == 0) {
335 340 attr_buf[attr_len] = ' ';
336 341 attr_val = defread_r(attr_buf, defp);
337 342 }
338 343 if (attr_val == 0) {
339 344 attr_buf[attr_len] = '\t';
340 345 attr_val = defread_r(attr_buf, defp);
341 346 }
342 347 if (attr_val == 0) {
343 348 attr_buf[attr_len] = '\n';
344 349 attr_val = defread_r(attr_buf, defp);
345 350 }
346 351 } else {
347 352 attr_val = defread_r(attr_buf, defp);
348 353 }
349 354 if (attr_val == NULL)
350 355 continue;
351 356
352 357 got_config_data = TRUE;
353 358 attrib_num = get_attrib_num(attr, strlen(attr));
354 359 if (attrib_num == key_bad) {
355 360 report_error(attr, NULL);
356 361 rc = -1;
357 362 break;
358 363 }
359 364
360 365 /*
361 366 * Allow either entries of the form
362 367 * attr val
363 368 * or
364 369 * attr = val
365 370 */
366 371 while (is_whitespace(*attr_val))
367 372 attr_val++;
368 373 if (*attr_val == '=')
369 374 attr_val++;
370 375 while (is_whitespace(*attr_val))
371 376 attr_val++;
372 377 len = strlen(attr_val);
373 378 while (len > 0 && is_whitespace(attr_val[len - 1]))
374 379 len--;
375 380
376 381 if (verbose) {
377 382 report_info("\t", attr);
378 383 report_info("\t\t", attr_val);
379 384 }
380 385 if (IS_BIND_INFO(attrib_num)) {
381 386 rc = add_bind_attribute(attrib_num,
382 387 attr_val, len, proxy_info);
383 388 } else if (IS_OPER_INFO(attrib_num)) {
384 389 rc = add_operation_attribute(attrib_num,
385 390 attr_val, len, nis_config,
386 391 table_info);
387 392 }
388 393 if (p_error != no_parse_error) {
389 394 report_error(attr_val, attr);
390 395 rc = -1;
391 396 break;
392 397 }
393 398 }
394 399 file_source = NULL;
395 400 /* Close the /etc/default file */
396 401 defclose_r(defp);
397 402 }
398 403 return (rc);
399 404 }
400 405
401 406 static int
402 407 yp_parse_ldap_default_conf(
403 408 __nis_ldap_proxy_info *proxy_info,
404 409 __nis_config_t *nis_config,
|
↓ open down ↓ |
263 lines elided |
↑ open up ↑ |
405 410 __nis_config_info_t *config_info,
406 411 __nisdb_table_mapping_t *table_info)
407 412 {
408 413 int rc = 0;
409 414 char *ldap_config_attributes[n_config_keys];
410 415 char attr_buf[128];
411 416 char *attr;
412 417 char *attr_val;
413 418 int defflags;
414 419 config_key attrib_num;
415 - int i, len, attr_len;
420 + int i, len;
416 421 void *defp;
417 422
418 423 if ((defp = defopen_r(YP_ETCCONFFILE)) != NULL) {
419 424 file_source = YP_ETCCONFFILE;
420 425 if (verbose)
421 426 report_info("default configuration values: ", NULL);
422 427 /* Set defread_r() to be case insensitive */
423 428 defflags = defcntl_r(DC_GETFLAGS, 0, defp);
424 429 TURNOFF(defflags, DC_CASE);
425 430 (void) defcntl_r(DC_SETFLAGS, defflags, defp);
426 431
427 432 get_attribute_list(proxy_info, nis_config, config_info,
428 433 table_info, ldap_config_attributes);
429 434 i = 0;
430 435 while ((attr = ldap_config_attributes[i++]) != NULL) {
431 436 if ((strlcpy(attr_buf, attr, sizeof (attr_buf))) >=
432 437 sizeof (attr_buf)) {
433 438 report_error(
434 439 "Static buffer attr_buf overflow", NULL);
435 440 defclose_r(defp);
436 441 return (-1);
437 442 }
438 443
439 444 if ((attr_val = defread_r(attr_buf, defp)) == NULL)
440 445 continue;
441 446
442 447 got_config_data = TRUE;
443 448 attrib_num = get_attrib_num(attr, strlen(attr));
444 449 if (attrib_num == key_bad) {
445 450 report_error(attr, NULL);
446 451 rc = -1;
447 452 break;
448 453 }
449 454
450 455 /*
451 456 * Allow either entries of the form
452 457 * attr val
453 458 * or
454 459 * attr = val
455 460 */
456 461 while (is_whitespace(*attr_val))
457 462 attr_val++;
458 463 if (*attr_val == '=')
459 464 attr_val++;
460 465 while (is_whitespace(*attr_val))
461 466 attr_val++;
462 467 len = strlen(attr_val);
463 468 while (len > 0 && is_whitespace(attr_val[len - 1]))
464 469 len--;
465 470
466 471 if (verbose) {
467 472 report_info("\t", attr);
468 473 report_info("\t\t", attr_val);
469 474 }
470 475 if (IS_YP_BIND_INFO(attrib_num)) {
471 476 rc = add_bind_attribute(attrib_num,
472 477 attr_val, len, proxy_info);
473 478 } else if (IS_YP_OPER_INFO(attrib_num)) {
474 479 rc = add_operation_attribute(attrib_num,
475 480 attr_val, len, nis_config,
476 481 table_info);
477 482 }
478 483 if (p_error != no_parse_error) {
479 484 report_error(attr_val, attr);
480 485 rc = -1;
481 486 break;
482 487 }
483 488 }
484 489 file_source = NULL;
485 490 /* Close the /etc/default file */
486 491 defclose_r(defp);
487 492 }
488 493 return (rc);
489 494 }
490 495
491 496 /*
492 497 * FUNCTION: get_attrib_num_cmdline
493 498 *
494 499 * Parses the information for LDAP from the command line
495 500 * The form of the command line request is
496 501 * -x attribute=value
497 502 *
498 503 * RETURN VALUE: 0 on success, -1 on failure
499 504 *
500 505 * INPUT: command line values
501 506 */
502 507
503 508 static config_key
504 509 get_attrib_num_cmdline(
505 510 const char *s,
506 511 const char **begin_s,
507 512 const char **end_s)
508 513 {
509 514 const char *s_end = s + strlen(s);
510 515 const char *equal_s;
511 516 const char *s1;
512 517 config_key attrib_num;
513 518
514 519 while (s < s_end && is_whitespace(*s))
515 520 s++;
516 521
517 522 for (equal_s = s; equal_s < s_end; equal_s++)
518 523 if (*equal_s == EQUAL_CHAR)
519 524 break;
520 525
521 526 if (equal_s == s_end) {
522 527 p_error = parse_bad_command_line_attribute_format;
523 528 return (key_bad);
524 529 }
525 530
526 531 for (s1 = equal_s; s1 > s && is_whitespace(s1[-1]); s1--)
527 532 ;
528 533
529 534 if (s1 == s) {
530 535 p_error = parse_bad_command_line_attribute_format;
531 536 return (key_bad);
532 537 }
533 538
534 539 attrib_num = get_attrib_num(s, s1 - s);
535 540
536 541 if (attrib_num != key_bad) {
537 542 s1 = equal_s + 1;
538 543 while (s1 < s_end && is_whitespace(*s1))
539 544 s1++;
540 545 *begin_s = s1;
541 546 while (s_end > s1 && is_whitespace(s_end[-1]))
542 547 s_end--;
543 548 *end_s = s_end;
544 549 }
545 550
546 551 return (attrib_num);
547 552 }
548 553
549 554 /*
550 555 * FUNCTION: parse_ldap_config_file
551 556 *
552 557 * Parses the information for LDAP from a configuration
553 558 * file. If no file is specified, /var/nis/NIS+LDAPmapping
554 559 * is used
555 560 *
556 561 * RETURN VALUE: 0 on success, -1 on failure
557 562 *
558 563 * INPUT: configuration file name
559 564 */
560 565
561 566 static int
562 567 parse_ldap_config_file(
563 568 const char *config_file,
564 569 __nis_ldap_proxy_info *proxy_info,
565 570 __nis_config_t *nis_config,
566 571 __nis_table_mapping_t **table_mapping,
567 572 __nis_config_info_t *config_info,
568 573 __nisdb_table_mapping_t *table_info)
569 574 {
570 575 int rc = 0;
571 576 config_key attrib_num;
572 577 int fd;
573 578 char *attr_val;
574 579 int len;
575 580
576 581 if ((fd = open(config_file, O_RDONLY)) == -1) {
577 582 p_error = parse_open_file_error;
578 583 report_error(config_file, NULL);
579 584 return (-1);
580 585 }
581 586
582 587 start_line_num = 1;
583 588 cur_line_num = 1;
584 589
585 590 if (verbose)
586 591 report_info("Reading configuration from ", config_file);
587 592
588 593 file_source = config_file;
589 594 while ((attrib_num = get_file_attr_val(fd, &attr_val)) > 0) {
590 595 len = attr_val == NULL ? 0 : strlen(attr_val);
591 596 if (IS_CONFIG_KEYWORD(attrib_num)) {
592 597 rc = add_config_attribute(attrib_num,
593 598 attr_val, len, config_info);
594 599 } else if (IS_BIND_INFO(attrib_num)) {
595 600 rc = add_bind_attribute(attrib_num,
596 601 attr_val, len, proxy_info);
597 602 } else if (IS_OPER_INFO(attrib_num)) {
598 603 rc = add_operation_attribute(attrib_num,
599 604 attr_val, len, nis_config, table_info);
600 605 } else {
601 606 rc = add_mapping_attribute(attrib_num,
602 607 attr_val, len, table_mapping);
603 608 }
604 609
605 610 if (rc < 0) {
606 611 report_error(attr_val == NULL ?
607 612 "<no attribute>" : attr_val, _key_val);
608 613 if (attr_val)
609 614 free(attr_val);
610 615 break;
611 616 }
612 617 if (attr_val)
613 618 free(attr_val);
614 619 }
615 620
616 621 (void) close(fd);
617 622 if (attrib_num == key_bad) {
618 623 report_error(_key_val, NULL);
619 624 rc = -1;
620 625 }
621 626 start_line_num = 0;
622 627 file_source = NULL;
623 628 return (rc);
624 629 }
625 630
626 631 /*
627 632 * FUNCTION: yp_parse_ldap_config_file
628 633 *
629 634 * Parses the information for LDAP from a configuration
630 635 * file. If no file is specified, /var/yp/NISLDAPmapping
631 636 * is used
632 637 *
633 638 * RETURN VALUE: 0 on success, -1 on failure
634 639 *
635 640 * INPUT: configuration file name
636 641 */
637 642
638 643 int
|
↓ open down ↓ |
213 lines elided |
↑ open up ↑ |
639 644 yp_parse_ldap_config_file(
640 645 const char *config_file,
641 646 __nis_ldap_proxy_info *proxy_info,
642 647 __nis_config_t *nis_config,
643 648 __nis_table_mapping_t **table_mapping,
644 649 __nis_config_info_t *config_info,
645 650 __nisdb_table_mapping_t *table_info,
646 651 __yp_domain_context_t *ypDomains)
647 652 {
648 653 int rc = 0;
649 - int numDomains = 0;
650 654 config_key attrib_num;
651 655 int fd;
652 656 char *attr_val = NULL;
653 657 int len;
654 658
655 659 if ((fd = open(config_file, O_RDONLY)) == -1) {
656 660 p_error = parse_open_file_error;
657 661 report_error(config_file, NULL);
658 662 return (-1);
659 663 }
660 664
661 665 start_line_num = 1;
662 666 cur_line_num = 1;
663 667
664 668 if (verbose)
665 669 report_info("Reading configuration from ", config_file);
666 670
667 671 file_source = config_file;
668 672 while ((attrib_num = get_file_attr_val(fd, &attr_val)) > 0) {
669 673 len = attr_val == NULL ? 0 : strlen(attr_val);
670 674 if (IS_YP_CONFIG_KEYWORD(attrib_num)) {
671 675 rc = add_config_attribute(attrib_num,
672 676 attr_val, len, config_info);
673 677 } else if (IS_YP_BIND_INFO(attrib_num)) {
674 678 rc = add_bind_attribute(attrib_num,
675 679 attr_val, len, proxy_info);
676 680 } else if (IS_YP_OPER_INFO(attrib_num)) {
677 681 rc = add_operation_attribute(attrib_num,
678 682 attr_val, len, nis_config, table_info);
679 683 } else if (IS_YP_DOMAIN_INFO(attrib_num)) {
680 684 rc = add_ypdomains_attribute(attrib_num,
681 685 attr_val, len, ypDomains);
682 686 } else if (IS_YP_MAP_ATTR(attrib_num)) {
683 687 rc = add_mapping_attribute(attrib_num,
684 688 attr_val, len, table_mapping);
685 689 } else {
686 690 rc = -1;
687 691 p_error = parse_unsupported_format;
688 692 }
689 693
690 694 if (rc < 0) {
691 695 report_error(attr_val == NULL ?
692 696 "<no attribute>" : attr_val, _key_val);
693 697 if (attr_val)
694 698 free(attr_val);
695 699 break;
696 700 }
697 701 if (attr_val) {
698 702 free(attr_val);
699 703 attr_val = NULL;
700 704 }
701 705 }
702 706
703 707 (void) close(fd);
704 708 if (attrib_num == key_bad) {
705 709 report_error(_key_val, NULL);
706 710 rc = -1;
707 711 }
708 712 start_line_num = 0;
709 713 file_source = NULL;
710 714 return (rc);
711 715 }
712 716
713 717 /*
714 718 * FUNCTION: get_file_attr_val
715 719 *
716 720 * Gets the next attribute from the configuration file.
717 721 *
718 722 * RETURN VALUE: The config key if more attributes
719 723 * no_more_keys if eof
720 724 * key_bad if error
721 725 */
722 726
723 727 static config_key
724 728 get_file_attr_val(int fd, char **attr_val)
725 729 {
|
↓ open down ↓ |
66 lines elided |
↑ open up ↑ |
726 730 char buf[BUFSIZE];
727 731 char *start_tag;
728 732 char *start_val;
729 733 char *end_val;
730 734 char *cut_here;
731 735 char *s;
732 736 char *a;
733 737 char *attribute_value;
734 738 int ret;
735 739 config_key attrib_num = no_more_keys;
736 - int found_quote = 0;
737 740
738 741 *attr_val = NULL;
739 742
740 743 if ((ret = read_line(fd, buf, sizeof (buf))) > 0) {
741 744 for (s = buf; is_whitespace(*s); s++)
742 745 ;
743 746
744 747 start_tag = s;
745 748 while (*s != '\0' && !is_whitespace(*s))
746 749 s++;
747 750
748 751 if (verbose)
749 752 report_info("\t", start_tag);
750 753 attrib_num = get_attrib_num(start_tag, s - start_tag);
751 754 if (attrib_num == key_bad)
752 755 return (key_bad);
753 756
754 757 while (is_whitespace(*s))
755 758 s++;
756 759 if (*s == '\0')
757 760 return (attrib_num);
758 761 start_val = s;
759 762
760 763 /* note that read_line will not return a line ending with \ */
761 764 for (; *s != '\0'; s++) {
762 765 if (*s == ESCAPE_CHAR)
763 766 s++;
764 767 }
765 768 while (s > start_val && is_whitespace(s[-1]))
766 769 s--;
767 770
768 771 attribute_value =
769 772 calloc(1, (size_t)(s - start_val) + 1);
770 773 if (attribute_value == NULL) {
771 774 p_error = parse_no_mem_error;
772 775 return (key_bad);
773 776 }
774 777 attr_val[0] = attribute_value;
775 778
776 779 a = *attr_val;
777 780 end_val = s;
778 781 cut_here = 0;
779 782 for (s = start_val; s < end_val; s++) {
780 783 if (*s == POUND_SIGN) {
781 784 cut_here = s;
782 785 while (s < end_val) {
783 786 if (*s == DOUBLE_QUOTE_CHAR ||
784 787 *s == SINGLE_QUOTE_CHAR) {
785 788 cut_here = 0;
786 789 break;
787 790 }
788 791 s++;
789 792 }
790 793 }
791 794 }
792 795 if (cut_here != 0)
793 796 end_val = cut_here;
794 797
795 798 for (s = start_val; s < end_val; s++)
796 799 *a++ = *s;
797 800 *a++ = '\0';
798 801 }
799 802 if (ret == -1)
800 803 return (key_bad);
|
↓ open down ↓ |
54 lines elided |
↑ open up ↑ |
801 804
802 805 return (attrib_num);
803 806 }
804 807
805 808 static LDAP *
806 809 connect_to_ldap_config_server(
807 810 char *sever_name,
808 811 int server_port,
809 812 __nis_config_info_t *config_info)
810 813 {
811 - int rc = 0;
812 814 LDAP *ld = NULL;
813 815 int ldapVersion = LDAP_VERSION3;
814 816 int derefOption = LDAP_DEREF_ALWAYS;
815 817 int timelimit = LDAP_NO_LIMIT;
816 818 int sizelimit = LDAP_NO_LIMIT;
817 819 int errnum;
818 820 bool_t retrying = FALSE;
819 821 int sleep_seconds = 1;
820 822 struct berval cred;
821 823
822 824 if (config_info->tls_method == no_tls) {
823 825 ld = ldap_init(sever_name, server_port);
824 826 if (ld == NULL) {
825 827 p_error = parse_ldap_init_error;
826 828 report_error(strerror(errno), NULL);
827 829 return (NULL);
828 830 }
829 831 } else {
830 832 if ((errnum = ldapssl_client_init(
831 833 config_info->tls_cert_db, NULL)) < 0) {
832 834 p_error = parse_ldapssl_client_init_error;
833 835 report_error(ldapssl_err2string(errnum), NULL);
834 836 return (NULL);
835 837 }
836 838 ld = ldapssl_init(sever_name, server_port, 1);
837 839 if (ld == NULL) {
838 840 p_error = parse_ldapssl_init_error;
839 841 report_error(strerror(errno), NULL);
840 842 return (NULL);
841 843 }
842 844 }
843 845
844 846 (void) ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
845 847 &ldapVersion);
846 848 (void) ldap_set_option(ld, LDAP_OPT_DEREF, &derefOption);
847 849 (void) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
848 850 (void) ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
849 851 (void) ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &sizelimit);
850 852
851 853 /*
852 854 * Attempt to bind to the LDAP server.
853 855 * We will loop until success or until an error other
854 856 * than LDAP_CONNECT_ERROR or LDAP_SERVER_DOWN
855 857 */
856 858 if (verbose)
857 859 report_info("Connecting to ", sever_name);
858 860
859 861 for (;;) {
860 862 if (config_info->auth_method == simple) {
861 863 errnum = ldap_simple_bind_s(ld, config_info->proxy_dn,
862 864 config_info->proxy_passwd);
863 865 } else if (config_info->auth_method == cram_md5) {
864 866 cred.bv_len = strlen(config_info->proxy_passwd);
865 867 cred.bv_val = config_info->proxy_passwd;
866 868 errnum = ldap_sasl_cram_md5_bind_s(ld,
867 869 config_info->proxy_dn, &cred, NULL, NULL);
868 870 } else if (config_info->auth_method == digest_md5) {
869 871 cred.bv_len = strlen(config_info->proxy_passwd);
870 872 cred.bv_val = config_info->proxy_passwd;
871 873 errnum = ldap_x_sasl_digest_md5_bind_s(ld,
872 874 config_info->proxy_dn, &cred, NULL, NULL);
873 875 } else {
874 876 errnum = ldap_simple_bind_s(ld, NULL, NULL);
875 877 }
876 878
877 879 if (errnum == LDAP_SUCCESS)
878 880 break;
879 881
880 882 if (errnum == LDAP_CONNECT_ERROR ||
881 883 errnum == LDAP_SERVER_DOWN) {
882 884 if (!retrying) {
883 885 if (verbose)
884 886 report_info(
885 887 "LDAP server unavailable. Retrying...",
886 888 NULL);
887 889 retrying = TRUE;
888 890 }
889 891 (void) sleep(sleep_seconds);
890 892 sleep_seconds *= 2;
891 893 if (sleep_seconds > MAX_LDAP_CONFIG_RETRY_TIME)
892 894 sleep_seconds = MAX_LDAP_CONFIG_RETRY_TIME;
893 895 p_error = no_parse_error;
894 896 continue;
895 897 }
896 898 p_error = parse_ldap_bind_error;
897 899 report_error2(config_info->proxy_dn, ldap_err2string(errnum));
898 900 (void) ldap_unbind(ld);
899 901 return (NULL);
900 902 }
901 903
902 904 if (verbose)
903 905 report_info("Reading values from ", config_info->config_dn);
904 906
905 907 return (ld);
906 908 }
907 909
908 910 /*
909 911 * FUNCTION: process_ldap_config_result
910 912 *
911 913 * Extracts the LDAPMessage containing the nis+/LDAP
912 914 * configuration
913 915 *
914 916 * RETURN VALUE: 0 on success, -1 on failure
915 917 *
916 918 * INPUT: LDAP the LDAP connection
917 919 * LDAPMessage the LDAP message
918 920 */
919 921
920 922 static int
921 923 process_ldap_config_result(
922 924 LDAP *ld,
923 925 LDAPMessage *resultMsg,
924 926 __nis_ldap_proxy_info *proxy_info,
925 927 __nis_config_t *nis_config,
926 928 __nis_table_mapping_t **table_mapping,
927 929 __nisdb_table_mapping_t *table_info)
928 930 {
929 931 LDAPMessage *e;
930 932 int errnum;
931 933 char *attr;
932 934 BerElement *ber = NULL;
933 935 config_key attrib_num;
934 936 char **vals;
935 937 int n;
936 938 int i;
937 939 char *attr_val;
938 940 int len;
939 941 int rc = 0;
940 942 bool_t error_reported = FALSE;
941 943
942 944 e = ldap_first_entry(ld, resultMsg);
943 945
944 946 if (e != NULL) {
945 947 for (attr = ldap_first_attribute(ld, e, &ber); attr != NULL;
946 948 attr = ldap_next_attribute(ld, e, ber)) {
947 949 if (verbose)
948 950 report_info("\t", attr);
949 951 attrib_num = get_attrib_num(attr, strlen(attr));
950 952 if (attrib_num == key_bad) {
951 953 report_error(attr, NULL);
952 954 break;
953 955 }
954 956 if ((vals = ldap_get_values(ld, e, attr)) != NULL) {
955 957 n = ldap_count_values(vals);
956 958 /* parse the attribute values */
957 959 for (i = 0; i < n; i++) {
958 960 attr_val = vals[i];
959 961 while (is_whitespace(*attr_val))
960 962 attr_val++;
961 963 if (verbose)
962 964 report_info("\t\t", attr_val);
963 965 len = strlen(attr_val);
964 966 while (len > 0 &&
965 967 is_whitespace(attr_val[len - 1]))
966 968 len--;
967 969 if (yp2ldap) {
968 970 if (IS_YP_BIND_INFO(attrib_num)) {
969 971 rc = add_bind_attribute(attrib_num, attr_val,
970 972 len, proxy_info);
971 973 } else if (IS_YP_OPER_INFO(attrib_num)) {
972 974 rc = add_operation_attribute(attrib_num,
973 975 attr_val, len, nis_config, table_info);
974 976 } else if (IS_YP_MAP_ATTR(attrib_num)) {
975 977 rc = add_mapping_attribute(attrib_num, attr_val,
976 978 len, table_mapping);
977 979 } else {
978 980 p_error = parse_unsupported_format;
979 981 }
980 982 } else {
981 983 if (IS_BIND_INFO(attrib_num)) {
982 984 rc = add_bind_attribute(attrib_num, attr_val,
983 985 len, proxy_info);
984 986 } else if (IS_OPER_INFO(attrib_num)) {
985 987 rc = add_operation_attribute(attrib_num,
986 988 attr_val, len, nis_config, table_info);
987 989 } else {
988 990 rc = add_mapping_attribute(attrib_num, attr_val,
989 991 len, table_mapping);
990 992 }
991 993 }
992 994 if (p_error != no_parse_error) {
993 995 report_error(attr_val, attr);
994 996 error_reported = TRUE;
995 997 break;
996 998 }
997 999 }
998 1000 ldap_value_free(vals);
999 1001 } else {
1000 1002 (void) ldap_get_option(ld,
1001 1003 LDAP_OPT_ERROR_NUMBER, &errnum);
1002 1004 if (errnum != LDAP_SUCCESS)
1003 1005 p_error = parse_ldap_get_values_error;
1004 1006 }
1005 1007 ldap_memfree(attr);
1006 1008 if (p_error != no_parse_error)
1007 1009 break;
1008 1010 }
1009 1011 } else {
1010 1012 errnum = ldap_result2error(ld, resultMsg, FALSE);
1011 1013 if (errnum != LDAP_SUCCESS)
1012 1014 p_error = parse_ldap_search_error;
1013 1015 }
1014 1016 if (ber != NULL)
1015 1017 ber_free(ber, 0);
1016 1018
1017 1019 if (!error_reported && p_error != no_parse_error) {
1018 1020 report_error(ldap_err2string(errnum), 0);
1019 1021 }
1020 1022
1021 1023 if (p_error != no_parse_error)
1022 1024 rc = -1;
1023 1025 return (rc);
1024 1026 }
1025 1027
1026 1028 /*
1027 1029 * FUNCTION: process_ldap_referral
1028 1030 *
1029 1031 * Retrieves the configuration for a referral url
1030 1032 *
1031 1033 * RETURN VALUE: 0 on success, -1 on failure, 1 on skip
1032 1034 *
1033 1035 * INPUT: url the ldap url
1034 1036 * __nis_ldap_proxy_info
1035 1037 */
1036 1038
1037 1039 static int
1038 1040 process_ldap_referral(
1039 1041 char *url,
1040 1042 char **attrs,
1041 1043 __nis_ldap_proxy_info *proxy_info,
1042 1044 __nis_config_t *nis_config,
1043 1045 __nis_table_mapping_t **table_mapping,
1044 1046 __nis_config_info_t *config_info,
1045 1047 __nisdb_table_mapping_t *table_info)
1046 1048 {
1047 1049 LDAPURLDesc *ludpp = NULL;
1048 1050 int rc;
1049 1051 LDAP *ld = NULL;
1050 1052 int errnum;
1051 1053 LDAPMessage *resultMsg = NULL;
1052 1054
1053 1055 if ((rc = ldap_url_parse(url, &ludpp)) != LDAP_SUCCESS)
1054 1056 return (1);
1055 1057
1056 1058 #ifdef LDAP_URL_OPT_SECURE
1057 1059 if (ludpp->lud_options & LDAP_URL_OPT_SECURE) {
1058 1060 if (config_info->tls_method != ssl_tls) {
1059 1061 ldap_free_urldesc(ludpp);
1060 1062 return (1);
1061 1063 }
1062 1064 } else {
1063 1065 if (config_info->tls_method != no_tls) {
1064 1066 ldap_free_urldesc(ludpp);
1065 1067 return (1);
1066 1068 }
1067 1069 }
1068 1070 #endif
1069 1071
1070 1072 if ((ld = connect_to_ldap_config_server(ludpp->lud_host,
1071 1073 ludpp->lud_port, config_info)) == NULL) {
1072 1074 ldap_free_urldesc(ludpp);
1073 1075 return (-1);
1074 1076 }
1075 1077
1076 1078 errnum = ldap_search_s(ld, config_info->config_dn, LDAP_SCOPE_BASE,
1077 1079 "objectclass=nisplusLDAPconfig", attrs, 0, &resultMsg);
1078 1080
1079 1081 ldap_source = config_info->config_dn;
1080 1082
1081 1083 if (errnum != LDAP_SUCCESS) {
1082 1084 p_error = parse_ldap_search_error;
1083 1085 report_error(ldap_err2string(errnum), 0);
1084 1086 rc = -1;
1085 1087 } else {
1086 1088 rc = process_ldap_config_result(ld, resultMsg, proxy_info,
1087 1089 nis_config, table_mapping, table_info);
1088 1090 }
1089 1091
1090 1092 ldap_source = NULL;
1091 1093 (void) ldap_unbind(ld);
1092 1094 if (resultMsg != NULL)
1093 1095 (void) ldap_msgfree(resultMsg);
1094 1096
1095 1097 return (rc);
1096 1098 }
1097 1099
1098 1100 /*
1099 1101 * FUNCTION: process_ldap_referral_msg
1100 1102 *
1101 1103 * Retrieves the configuration from referred servers
1102 1104 *
1103 1105 * RETURN VALUE: 0 on success, -1 on failure
1104 1106 *
1105 1107 * INPUT: LDAP the LDAP connection
1106 1108 * LDAPMessage the LDAP message
1107 1109 * __nis_ldap_proxy_info
1108 1110 */
1109 1111
1110 1112 static int
1111 1113 process_ldap_referral_msg(
1112 1114 LDAP *ld,
1113 1115 LDAPMessage *resultMsg,
1114 1116 char **attrs,
1115 1117 __nis_ldap_proxy_info *proxy_info,
1116 1118 __nis_config_t *nis_config,
1117 1119 __nis_table_mapping_t **table_mapping,
1118 1120 __nis_config_info_t *config_info,
1119 1121 __nisdb_table_mapping_t *table_info)
1120 1122 {
1121 1123 int errCode;
1122 1124 char **referralsp = NULL;
1123 1125 int i;
1124 1126 int rc;
1125 1127
1126 1128 rc = ldap_parse_result(ld, resultMsg, &errCode, NULL, NULL, &referralsp,
1127 1129 NULL, 0);
1128 1130
1129 1131 if (rc != LDAP_SUCCESS || errCode != LDAP_REFERRAL) {
1130 1132 p_error = parse_ldap_get_values_error;
1131 1133 report_error(ldap_err2string(errCode), 0);
1132 1134 rc = -1;
1133 1135 } else {
1134 1136 for (i = 0; referralsp[i] != NULL; i++) {
1135 1137 rc = process_ldap_referral(referralsp[i], attrs,
1136 1138 proxy_info, nis_config, table_mapping,
1137 1139 config_info, table_info);
1138 1140 if (rc <= 0)
1139 1141 break;
1140 1142 else
1141 1143 report_info("Cannot use referral \n",
1142 1144 referralsp[i]);
1143 1145
1144 1146 }
1145 1147 if (rc > 0) {
1146 1148 p_error = parse_no_available_referrals_error;
1147 1149 report_error(0, 0);
1148 1150 }
1149 1151 }
1150 1152
1151 1153 if (referralsp)
1152 1154 ldap_value_free(referralsp);
1153 1155
1154 1156 return (rc);
1155 1157 }
1156 1158
1157 1159 /*
1158 1160 * FUNCTION: parse_ldap_config_dn_attrs
1159 1161 *
1160 1162 * Parses the information for LDAP from the LDAP profile
1161 1163 * - the profile object name, the LDAP server, and the
1162 1164 * authentication method must be specified.
1163 1165 *
1164 1166 * RETURN VALUE: 0 on success, -1 on failure
1165 1167 *
1166 1168 * INPUT: __nis_ldap_proxy_info
1167 1169 */
1168 1170
1169 1171 static int
1170 1172 parse_ldap_config_dn_attrs(
1171 1173 __nis_ldap_proxy_info *proxy_info,
1172 1174 __nis_config_t *nis_config,
1173 1175 __nis_table_mapping_t **table_mapping,
1174 1176 __nis_config_info_t *config_info,
1175 1177 __nisdb_table_mapping_t *table_info)
1176 1178 {
1177 1179 int rc = 0;
1178 1180 LDAP *ld = NULL;
1179 1181 int errnum;
1180 1182 char *ldap_config_attributes[n_config_keys];
1181 1183 LDAPMessage *resultMsg = NULL;
1182 1184
1183 1185 /* Determine if properly configured for LDAP lookup */
1184 1186 if (config_info->auth_method == simple &&
1185 1187 config_info->proxy_dn == NULL)
1186 1188 p_error = parse_no_proxy_dn_error;
1187 1189 else if (config_info->auth_method ==
1188 1190 (auth_method_t)NO_VALUE_SET)
1189 1191 p_error = parse_no_config_auth_error;
1190 1192 else if ((config_info->default_servers == NULL) ||
1191 1193 (config_info->default_servers[0] == '\0'))
1192 1194 p_error = parse_no_config_server_addr;
1193 1195 if (p_error != no_parse_error) {
1194 1196 report_error(NULL, NULL);
1195 1197 return (-1);
1196 1198 }
1197 1199
1198 1200 if (config_info->tls_method == (tls_method_t)NO_VALUE_SET)
1199 1201 config_info->tls_method = no_tls;
1200 1202 else if (config_info->tls_method == ssl_tls &&
1201 1203 (config_info->tls_cert_db == NULL ||
1202 1204 *config_info->tls_cert_db == '\0')) {
1203 1205 p_error = parse_no_config_cert_db;
1204 1206 report_error(NULL, NULL);
1205 1207 return (-1);
1206 1208 }
1207 1209
1208 1210 if (verbose)
1209 1211 report_info(
1210 1212 "Getting configuration from LDAP server(s): ",
1211 1213 config_info->default_servers);
1212 1214
1213 1215 /* Determine which attributes should be retrieved */
1214 1216 get_attribute_list(proxy_info, nis_config, NULL, table_info,
1215 1217 ldap_config_attributes);
1216 1218
1217 1219 if ((ld = connect_to_ldap_config_server(config_info->default_servers, 0,
1218 1220 config_info)) == NULL)
1219 1221 return (-1);
1220 1222
1221 1223 /* Get the attribute values */
1222 1224 errnum = ldap_search_s(ld, config_info->config_dn, LDAP_SCOPE_BASE,
1223 1225 "objectclass=nisplusLDAPconfig",
1224 1226 ldap_config_attributes, 0, &resultMsg);
1225 1227 ldap_source = config_info->config_dn;
1226 1228
1227 1229 if (errnum == LDAP_REFERRAL) {
1228 1230 rc = process_ldap_referral_msg(ld, resultMsg,
1229 1231 ldap_config_attributes, proxy_info, nis_config,
1230 1232 table_mapping, config_info, table_info);
1231 1233 } else if (errnum != LDAP_SUCCESS) {
1232 1234 p_error = parse_ldap_search_error;
1233 1235 report_error(ldap_err2string(errnum), 0);
1234 1236 rc = -1;
1235 1237 } else {
1236 1238 rc = process_ldap_config_result(ld, resultMsg, proxy_info,
1237 1239 nis_config, table_mapping, table_info);
1238 1240 }
1239 1241
1240 1242 ldap_source = NULL;
1241 1243 (void) ldap_unbind(ld);
1242 1244 if (resultMsg != NULL)
1243 1245 (void) ldap_msgfree(resultMsg);
1244 1246
1245 1247 return (rc);
1246 1248 }
1247 1249
1248 1250 bool_t
1249 1251 is_cmd_line_option(config_key a_num)
1250 1252 {
1251 1253 const char *const *cmdline_options = cmdline_config;
1252 1254 config_key attrib_num;
1253 1255 const char *begin_s;
1254 1256 const char *end_s;
1255 1257
1256 1258 if (cmdline_options == NULL)
1257 1259 return (FALSE);
1258 1260
1259 1261 while (*cmdline_options != NULL) {
1260 1262 attrib_num = get_attrib_num_cmdline(
1261 1263 *cmdline_options, &begin_s, &end_s);
1262 1264 if (attrib_num == a_num)
1263 1265 break;
1264 1266 cmdline_options++;
1265 1267 }
1266 1268 return (*cmdline_options != NULL);
1267 1269 }
1268 1270
1269 1271 /*
1270 1272 * FUNCTION: get_attribute_list
1271 1273 *
1272 1274 * Get a list of attributes from the LDAP server that have not yet
1273 1275 * been gotten. If config_info is NULL, the associated parameters
1274 1276 * are not needed.
1275 1277 *
1276 1278 * RETURN VALUE: none
1277 1279 *
1278 1280 * INPUT: Returns a list of parameters in attributes
1279 1281 * which is assumed to be of sufficient size.
1280 1282 */
1281 1283
1282 1284 static void
1283 1285 get_attribute_list(
1284 1286 const __nis_ldap_proxy_info *proxy_info,
1285 1287 const __nis_config_t *nis_config,
1286 1288 const __nis_config_info_t *config_info,
1287 1289 const __nisdb_table_mapping_t *table_info,
1288 1290 char **attributes)
1289 1291 {
1290 1292 int n_attrs;
1291 1293
1292 1294 /* Determine which attributes should be retrieved */
1293 1295 n_attrs = 0;
1294 1296
1295 1297 if (config_info != NULL) {
1296 1298 if (yp2ldap) {
1297 1299 if (config_info->config_dn == NULL)
1298 1300 attributes[n_attrs++] = YP_CONFIG_DN;
1299 1301 if (config_info->default_servers == NULL)
1300 1302 attributes[n_attrs++] = YP_CONFIG_SERVER_LIST;
1301 1303 if (config_info->auth_method ==
1302 1304 (auth_method_t)NO_VALUE_SET)
1303 1305 attributes[n_attrs++] = YP_CONFIG_AUTH_METHOD;
1304 1306 if (config_info->tls_method ==
1305 1307 (tls_method_t)NO_VALUE_SET)
1306 1308 attributes[n_attrs++] = YP_CONFIG_TLS_OPTION;
1307 1309 if (config_info->proxy_dn == NULL)
1308 1310 attributes[n_attrs++] = YP_CONFIG_PROXY_USER;
1309 1311 if (config_info->proxy_passwd == NULL)
1310 1312 attributes[n_attrs++] = YP_CONFIG_PROXY_PASSWD;
1311 1313 if (config_info->tls_cert_db == NULL)
1312 1314 attributes[n_attrs++] = YP_CONFIG_TLS_CERT_DB;
1313 1315 } else {
1314 1316 if (config_info->config_dn == NULL)
1315 1317 attributes[n_attrs++] = CONFIG_DN;
1316 1318 if (config_info->default_servers == NULL)
1317 1319 attributes[n_attrs++] = CONFIG_SERVER_LIST;
1318 1320 if (config_info->auth_method ==
1319 1321 (auth_method_t)NO_VALUE_SET)
1320 1322 attributes[n_attrs++] = CONFIG_AUTH_METHOD;
1321 1323 if (config_info->tls_method ==
1322 1324 (tls_method_t)NO_VALUE_SET)
1323 1325 attributes[n_attrs++] = CONFIG_TLS_OPTION;
1324 1326 if (config_info->proxy_dn == NULL)
1325 1327 attributes[n_attrs++] = CONFIG_PROXY_USER;
1326 1328 if (config_info->proxy_passwd == NULL)
1327 1329 attributes[n_attrs++] = CONFIG_PROXY_PASSWD;
1328 1330 if (config_info->tls_cert_db == NULL)
1329 1331 attributes[n_attrs++] = CONFIG_TLS_CERT_DB;
1330 1332 }
1331 1333 } else {
1332 1334 if (yp2ldap) {
1333 1335 attributes[n_attrs++] = YP_DOMAIN_CONTEXT;
1334 1336 attributes[n_attrs++] = YPPASSWDD_DOMAINS;
1335 1337 attributes[n_attrs++] = YP_DB_ID_MAP;
1336 1338 attributes[n_attrs++] = YP_COMMENT_CHAR;
1337 1339 attributes[n_attrs++] = YP_MAP_FLAGS;
1338 1340 attributes[n_attrs++] = YP_ENTRY_TTL;
1339 1341 attributes[n_attrs++] = YP_NAME_FIELDS;
1340 1342 attributes[n_attrs++] = YP_SPLIT_FIELD;
1341 1343 attributes[n_attrs++] = YP_REPEATED_FIELD_SEPARATORS;
1342 1344 attributes[n_attrs++] = YP_LDAP_OBJECT_DN;
1343 1345 attributes[n_attrs++] = NIS_TO_LDAP_MAP;
1344 1346 attributes[n_attrs++] = LDAP_TO_NIS_MAP;
1345 1347 } else {
1346 1348 attributes[n_attrs++] = DB_ID_MAP;
1347 1349 attributes[n_attrs++] = ENTRY_TTL;
1348 1350 attributes[n_attrs++] = LDAP_OBJECT_DN;
1349 1351 attributes[n_attrs++] = NISPLUS_TO_LDAP_MAP;
1350 1352 attributes[n_attrs++] = LDAP_TO_NISPLUS_MAP;
1351 1353 }
1352 1354 }
1353 1355
1354 1356 if (yp2ldap) {
1355 1357 if (proxy_info->default_servers == NULL)
1356 1358 attributes[n_attrs++] = PREFERRED_SERVERS;
1357 1359 if (proxy_info->auth_method == (auth_method_t)NO_VALUE_SET)
1358 1360 attributes[n_attrs++] = AUTH_METHOD;
1359 1361 if (proxy_info->tls_method == (tls_method_t)NO_VALUE_SET)
1360 1362 attributes[n_attrs++] = YP_TLS_OPTION;
1361 1363 if (proxy_info->tls_cert_db == NULL)
1362 1364 attributes[n_attrs++] = YP_TLS_CERT_DB;
1363 1365 if (proxy_info->default_search_base == NULL)
1364 1366 attributes[n_attrs++] = SEARCH_BASE;
1365 1367 if (proxy_info->proxy_dn == NULL)
1366 1368 attributes[n_attrs++] = YP_PROXY_USER;
1367 1369 if (proxy_info->proxy_passwd == NULL)
1368 1370 attributes[n_attrs++] = YP_PROXY_PASSWD;
1369 1371 if (proxy_info->default_nis_domain == NULL)
1370 1372 attributes[n_attrs++] = YP_LDAP_BASE_DOMAIN;
1371 1373 if (proxy_info->bind_timeout.tv_sec ==
1372 1374 (time_t)NO_VALUE_SET)
1373 1375 attributes[n_attrs++] = YP_BIND_TIMEOUT;
1374 1376 if (proxy_info->search_timeout.tv_sec ==
1375 1377 (time_t)NO_VALUE_SET)
1376 1378 attributes[n_attrs++] = YP_SEARCH_TIMEOUT;
1377 1379 if (proxy_info->modify_timeout.tv_sec ==
1378 1380 (time_t)NO_VALUE_SET)
1379 1381 attributes[n_attrs++] = YP_MODIFY_TIMEOUT;
1380 1382 if (proxy_info->add_timeout.tv_sec == (time_t)NO_VALUE_SET)
1381 1383 attributes[n_attrs++] = YP_ADD_TIMEOUT;
1382 1384 if (proxy_info->delete_timeout.tv_sec ==
1383 1385 (time_t)NO_VALUE_SET)
1384 1386 attributes[n_attrs++] = YP_DELETE_TIMEOUT;
1385 1387 if (proxy_info->search_time_limit == (int)NO_VALUE_SET)
1386 1388 attributes[n_attrs++] = YP_SEARCH_TIME_LIMIT;
1387 1389 if (proxy_info->search_size_limit == (int)NO_VALUE_SET)
1388 1390 attributes[n_attrs++] = YP_SEARCH_SIZE_LIMIT;
1389 1391 if (proxy_info->follow_referral ==
1390 1392 (follow_referral_t)NO_VALUE_SET)
1391 1393 attributes[n_attrs++] = YP_FOLLOW_REFERRAL;
1392 1394
1393 1395 if (table_info->retrieveError ==
1394 1396 (__nis_retrieve_error_t)NO_VALUE_SET)
1395 1397 attributes[n_attrs++] = YP_RETRIEVE_ERROR_ACTION;
1396 1398 if (table_info->retrieveErrorRetry.attempts == NO_VALUE_SET)
1397 1399 attributes[n_attrs++] = YP_RETREIVE_ERROR_ATTEMPTS;
1398 1400 if (table_info->retrieveErrorRetry.timeout ==
1399 1401 (time_t)NO_VALUE_SET)
1400 1402 attributes[n_attrs++] = YP_RETREIVE_ERROR_TIMEOUT;
1401 1403 if (table_info->storeError ==
1402 1404 (__nis_store_error_t)NO_VALUE_SET)
1403 1405 attributes[n_attrs++] = YP_STORE_ERROR_ACTION;
1404 1406 if (table_info->storeErrorRetry.attempts == NO_VALUE_SET)
1405 1407 attributes[n_attrs++] = YP_STORE_ERROR_ATTEMPTS;
1406 1408 if (table_info->storeErrorRetry.timeout ==
1407 1409 (time_t)NO_VALUE_SET)
1408 1410 attributes[n_attrs++] = YP_STORE_ERROR_TIMEOUT;
1409 1411 if (table_info->refreshError ==
1410 1412 (__nis_refresh_error_t)NO_VALUE_SET)
1411 1413 attributes[n_attrs++] = REFRESH_ERROR_ACTION;
1412 1414 if (table_info->refreshErrorRetry.attempts == NO_VALUE_SET)
1413 1415 attributes[n_attrs++] = REFRESH_ERROR_ATTEMPTS;
1414 1416 if (table_info->refreshErrorRetry.timeout ==
1415 1417 (time_t)NO_VALUE_SET)
1416 1418 attributes[n_attrs++] = REFRESH_ERROR_TIMEOUT;
1417 1419 if (table_info->matchFetch ==
1418 1420 (__nis_match_fetch_t)NO_VALUE_SET)
1419 1421 attributes[n_attrs++] = YP_MATCH_FETCH;
1420 1422 } else {
1421 1423 if (proxy_info->default_servers == NULL)
1422 1424 attributes[n_attrs++] = PREFERRED_SERVERS;
1423 1425 if (proxy_info->auth_method == (auth_method_t)NO_VALUE_SET)
1424 1426 attributes[n_attrs++] = AUTH_METHOD;
1425 1427 if (proxy_info->tls_method == (tls_method_t)NO_VALUE_SET)
1426 1428 attributes[n_attrs++] = TLS_OPTION;
1427 1429 if (proxy_info->tls_cert_db == NULL)
1428 1430 attributes[n_attrs++] = TLS_CERT_DB;
1429 1431 if (proxy_info->default_search_base == NULL)
1430 1432 attributes[n_attrs++] = SEARCH_BASE;
1431 1433 if (proxy_info->proxy_dn == NULL)
1432 1434 attributes[n_attrs++] = PROXY_USER;
1433 1435 if (proxy_info->proxy_passwd == NULL)
1434 1436 attributes[n_attrs++] = PROXY_PASSWD;
1435 1437 if (proxy_info->default_nis_domain == NULL)
1436 1438 attributes[n_attrs++] = LDAP_BASE_DOMAIN;
1437 1439 if (proxy_info->bind_timeout.tv_sec ==
1438 1440 (time_t)NO_VALUE_SET)
1439 1441 attributes[n_attrs++] = BIND_TIMEOUT;
1440 1442 if (proxy_info->search_timeout.tv_sec ==
1441 1443 (time_t)NO_VALUE_SET)
1442 1444 attributes[n_attrs++] = SEARCH_TIMEOUT;
1443 1445 if (proxy_info->modify_timeout.tv_sec ==
1444 1446 (time_t)NO_VALUE_SET)
1445 1447 attributes[n_attrs++] = MODIFY_TIMEOUT;
1446 1448 if (proxy_info->add_timeout.tv_sec == (time_t)NO_VALUE_SET)
1447 1449 attributes[n_attrs++] = ADD_TIMEOUT;
1448 1450 if (proxy_info->delete_timeout.tv_sec ==
1449 1451 (time_t)NO_VALUE_SET)
1450 1452 attributes[n_attrs++] = DELETE_TIMEOUT;
1451 1453 if (proxy_info->search_time_limit == (int)NO_VALUE_SET)
1452 1454 attributes[n_attrs++] = SEARCH_TIME_LIMIT;
1453 1455 if (proxy_info->search_size_limit == (int)NO_VALUE_SET)
1454 1456 attributes[n_attrs++] = SEARCH_SIZE_LIMIT;
1455 1457 if (proxy_info->follow_referral ==
1456 1458 (follow_referral_t)NO_VALUE_SET)
1457 1459 attributes[n_attrs++] = FOLLOW_REFERRAL;
1458 1460
1459 1461 if (table_info->retrieveError ==
1460 1462 (__nis_retrieve_error_t)NO_VALUE_SET)
1461 1463 attributes[n_attrs++] = RETRIEVE_ERROR_ACTION;
1462 1464 if (table_info->retrieveErrorRetry.attempts == NO_VALUE_SET)
1463 1465 attributes[n_attrs++] = RETREIVE_ERROR_ATTEMPTS;
1464 1466 if (table_info->retrieveErrorRetry.timeout ==
1465 1467 (time_t)NO_VALUE_SET)
1466 1468 attributes[n_attrs++] = RETREIVE_ERROR_TIMEOUT;
1467 1469 if (table_info->storeError ==
1468 1470 (__nis_store_error_t)NO_VALUE_SET)
1469 1471 attributes[n_attrs++] = STORE_ERROR_ACTION;
1470 1472 if (table_info->storeErrorRetry.attempts == NO_VALUE_SET)
1471 1473 attributes[n_attrs++] = STORE_ERROR_ATTEMPTS;
1472 1474 if (table_info->storeErrorRetry.timeout ==
1473 1475 (time_t)NO_VALUE_SET)
1474 1476 attributes[n_attrs++] = STORE_ERROR_TIMEOUT;
1475 1477 if (table_info->refreshError ==
1476 1478 (__nis_refresh_error_t)NO_VALUE_SET)
1477 1479 attributes[n_attrs++] = REFRESH_ERROR_ACTION;
1478 1480 if (table_info->refreshErrorRetry.attempts == NO_VALUE_SET)
1479 1481 attributes[n_attrs++] = REFRESH_ERROR_ATTEMPTS;
1480 1482 if (table_info->refreshErrorRetry.timeout ==
1481 1483 (time_t)NO_VALUE_SET)
1482 1484 attributes[n_attrs++] = REFRESH_ERROR_TIMEOUT;
1483 1485 if (table_info->matchFetch ==
1484 1486 (__nis_match_fetch_t)NO_VALUE_SET)
1485 1487 attributes[n_attrs++] = MATCH_FETCH;
1486 1488 }
1487 1489
1488 1490 switch (nis_config->initialUpdate) {
1489 1491 case (__nis_initial_update_t)NO_VALUE_SET:
1490 1492 attributes[n_attrs++] = INITIAL_UPDATE_ACTION;
1491 1493 attributes[n_attrs++] = INITIAL_UPDATE_ONLY;
1492 1494 break;
1493 1495 case (__nis_initial_update_t)INITIAL_UPDATE_NO_ACTION:
1494 1496 case (__nis_initial_update_t)NO_INITIAL_UPDATE_NO_ACTION:
1495 1497 attributes[n_attrs++] = INITIAL_UPDATE_ACTION;
1496 1498 break;
1497 1499 case (__nis_initial_update_t)FROM_NO_INITIAL_UPDATE:
1498 1500 case (__nis_initial_update_t)TO_NO_INITIAL_UPDATE:
1499 1501 attributes[n_attrs++] = INITIAL_UPDATE_ONLY;
1500 1502 break;
1501 1503 }
1502 1504
1503 1505 if (nis_config->threadCreationError ==
1504 1506 (__nis_thread_creation_error_t)NO_VALUE_SET)
1505 1507 attributes[n_attrs++] = THREAD_CREATE_ERROR_ACTION;
1506 1508 if (nis_config->threadCreationErrorTimeout.attempts == NO_VALUE_SET)
1507 1509 attributes[n_attrs++] = THREAD_CREATE_ERROR_ATTEMPTS;
1508 1510 if (nis_config->threadCreationErrorTimeout.timeout ==
1509 1511 (time_t)NO_VALUE_SET)
1510 1512 attributes[n_attrs++] = THREAD_CREATE_ERROR_TIMEOUT;
1511 1513 if (nis_config->dumpError == (__nis_dump_error_t)NO_VALUE_SET)
1512 1514 attributes[n_attrs++] = DUMP_ERROR_ACTION;
1513 1515 if (nis_config->dumpErrorTimeout.attempts == NO_VALUE_SET)
1514 1516 attributes[n_attrs++] = DUMP_ERROR_ATTEMPTS;
1515 1517 if (nis_config->dumpErrorTimeout.timeout == (time_t)NO_VALUE_SET)
1516 1518 attributes[n_attrs++] = DUMP_ERROR_TIMEOUT;
1517 1519 if (nis_config->resyncService == (__nis_resync_service_t)NO_VALUE_SET)
1518 1520 attributes[n_attrs++] = RESYNC;
1519 1521 if (nis_config->updateBatching ==
1520 1522 (__nis_update_batching_t)NO_VALUE_SET)
1521 1523 attributes[n_attrs++] = UPDATE_BATCHING;
1522 1524 if (nis_config->updateBatchingTimeout.timeout == (time_t)NO_VALUE_SET)
1523 1525 attributes[n_attrs++] = UPDATE_BATCHING_TIMEOUT;
1524 1526 if (nis_config->numberOfServiceThreads == (int)NO_VALUE_SET)
1525 1527 attributes[n_attrs++] = NUMBER_THEADS;
1526 1528 if (nis_config->emulate_yp == (int)NO_VALUE_SET)
1527 1529 attributes[n_attrs++] = YP_EMULATION;
1528 1530
1529 1531 /* maxRPCRecordSize is not configurable through LDAP profiles */
1530 1532 if (nis_config->maxRPCRecordSize == (int)NO_VALUE_SET)
1531 1533 attributes[n_attrs++] = MAX_RPC_RECSIZE;
1532 1534
1533 1535 attributes[n_attrs++] = NULL;
1534 1536 }
1535 1537
1536 1538 /*
1537 1539 * Notes on adding new attributes
1538 1540 * 1. Determine where the attribute value will be saved
1539 1541 * Currently, the following structures are defined:
1540 1542 * __nis_config_info_t config_info
1541 1543 * __nis_ldap_proxy_info proxyInfo
1542 1544 * __nis_config_t ldapConfig
1543 1545 * __nisdb_table_mapping_t ldapDBTableMapping
1544 1546 * __nis_table_mapping_t ldapTableMapping
1545 1547 * or add a new structure or variable - this will require
1546 1548 * more code.
1547 1549 * 2. Initialize the value to a known unconfigured value.
1548 1550 * This can be done in initialize_parse_structs or
1549 1551 * parse_ldap_migration.
1550 1552 * 3. In the header file nis_parse_ldap_conf.h, add the name
1551 1553 * of the attribute. (Currently, the attribute name is assumed
1552 1554 * to be the same for the command line, the preference file,
1553 1555 * and LDAP.) The names are grouped logically. Add a corresponding
1554 1556 * config_key to the enum. Note that position in this file is
1555 1557 * essential because the macros such as IS_BIND_INFO depend on
1556 1558 * the sequence. The corresponding macro (IS_CONFIG_KEYWORD,
1557 1559 * IS_BIND_INFO, or IS_OPER_INFO) may need to be adjusted. These
1558 1560 * are used to partition the attributes into smaller chunks.
1559 1561 * 4. Add the correspond entry to the keyword_lookup array in
1560 1562 * nis_parse_ldap_attr.c, which is used to determine the config_key
1561 1563 * from the corresponding key word.
1562 1564 * 5. Add the attribute to the list of attributes to retrieve from
1563 1565 * the LDAP server if no value has been set in the function
1564 1566 * parse_ldap_config_dn_attrs. (This assumes that the attribute
1565 1567 * is not used to get the configuration from the LDAP server.)
1566 1568 * 6. Add logic to parse the individual attribute in
1567 1569 * add_config_attribute, add_bind_attribute,
1568 1570 * add_operation_attribute, or add_mapping_attribute depending
1569 1571 * which group of attributes the added attribute belongs to.
1570 1572 * 7. In set_default_values, if the attribute value has not been set, set
1571 1573 * the default value. If any additional fixup is needed depending
1572 1574 * on other configuration values, it should be done here.
1573 1575 * 8. If an attribute name is a subset of another, parse_ldap_default_conf
1574 1576 * should be modified.
1575 1577 */
|
↓ open down ↓ |
754 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX