xref: /titanic_50/usr/src/lib/libnisdb/ldap_val.c (revision a87701e9837f8a9ee9e4c4d3186295c0e29f743f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2015 Gary Mills
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 
28 #include <lber.h>
29 #include <ldap.h>
30 #include <strings.h>
31 #include <errno.h>
32 
33 #include "nisdb_mt.h"
34 
35 #include "ldap_util.h"
36 #include "ldap_op.h"
37 #include "ldap_ruleval.h"
38 #include "ldap_attr.h"
39 #include "ldap_val.h"
40 #include "ldap_ldap.h"
41 
42 extern int yp2ldap;
43 
44 
45 __nis_mapping_format_t *
cloneMappingFormat(__nis_mapping_format_t * m)46 cloneMappingFormat(__nis_mapping_format_t *m) {
47 	__nis_mapping_format_t	*new;
48 	int			i, nf, err;
49 	char			*myself = "cloneMappingFormat";
50 
51 	if (m == 0)
52 		return (0);
53 
54 	for (nf = 0; m[nf].type != mmt_end; nf++);
55 	nf++;
56 
57 	new = am(myself, nf * sizeof (new[0]));
58 	if (new == 0)
59 		return (0);
60 
61 	/* Copy the whole array */
62 	memcpy(new, m, nf * sizeof (new[0]));
63 
64 	/* Make copies of allocated stuff */
65 	for (i = 0, err = 0; i < nf; i++) {
66 		switch (m[i].type) {
67 		case mmt_string:
68 			new[i].match.string = sdup(myself, T,
69 							m[i].match.string);
70 			if (new[i].match.string == 0 && m[i].match.string != 0)
71 				err++;
72 			break;
73 		case mmt_single:
74 			new[i].match.single.lo =
75 				am(myself, m[i].match.single.numRange *
76 					sizeof (new[i].match.single.lo[0]));
77 			new[i].match.single.hi =
78 				am(myself, m[i].match.single.numRange *
79 					sizeof (new[i].match.single.hi[0]));
80 			if (new[i].match.single.lo != 0)
81 				memcpy(new[i].match.single.lo,
82 					m[i].match.single.lo,
83 					m[i].match.single.numRange);
84 			else if (m[i].match.single.lo != 0)
85 				err++;
86 			if (new[i].match.single.hi != 0)
87 				memcpy(new[i].match.single.hi,
88 					m[i].match.single.hi,
89 					m[i].match.single.numRange);
90 			else if (m[i].match.single.hi != 0)
91 				err++;
92 			break;
93 		case mmt_berstring:
94 			new[i].match.berString = sdup(myself, T,
95 							m[i].match.berString);
96 			if (new[i].match.berString == 0 &&
97 					m[i].match.berString != 0)
98 				err++;
99 			break;
100 		case mmt_item:
101 		case mmt_limit:
102 		case mmt_any:
103 		case mmt_begin:
104 		case mmt_end:
105 		default:
106 			break;
107 		}
108 	}
109 
110 	/* If there were memory allocation errors, free the copy */
111 	if (err > 0) {
112 		freeMappingFormat(new);
113 		new = 0;
114 	}
115 
116 	return (new);
117 }
118 
119 void
freeMappingFormat(__nis_mapping_format_t * m)120 freeMappingFormat(__nis_mapping_format_t *m) {
121 	int	i;
122 
123 	if (m == 0)
124 		return;
125 
126 	for (i = 0; m[i].type != mmt_end; i++) {
127 		switch (m[i].type) {
128 		case mmt_string:
129 			sfree(m[i].match.string);
130 			break;
131 		case mmt_single:
132 			sfree(m[i].match.single.lo);
133 			sfree(m[i].match.single.hi);
134 			break;
135 		case mmt_berstring:
136 			sfree(m[i].match.berString);
137 			break;
138 		case mmt_item:
139 		case mmt_limit:
140 		case mmt_any:
141 		case mmt_begin:
142 		case mmt_end:
143 		default:
144 			break;
145 		}
146 	}
147 
148 	free(m);
149 }
150 
151 
152 void
copyIndex(__nis_index_t * old,__nis_index_t * new,int * err)153 copyIndex(__nis_index_t *old, __nis_index_t *new, int *err) {
154 	int	i;
155 	char	*myself = "copyIndex";
156 
157 	if (old == 0 || new == 0) {
158 		*err = EINVAL;
159 		return;
160 	}
161 
162 	for (i = 0; i < old->numIndexes; i++) {
163 		new->name[i] = sdup(myself, T, old->name[i]);
164 		if (new->name[i] == 0 && old->name[i] != 0) {
165 			*err = ENOMEM;
166 			return;
167 		}
168 		new->value[i] = cloneMappingFormat(old->value[i]);
169 		if (new->value[i] == 0 && old->value[i] != 0) {
170 			*err = ENOMEM;
171 			return;
172 		}
173 	}
174 
175 	new->numIndexes = old->numIndexes;
176 }
177 
178 __nis_index_t *
cloneIndex(__nis_index_t * old)179 cloneIndex(__nis_index_t *old) {
180 	char		*myself = "cloneIndex";
181 	int		err = 0;
182 	__nis_index_t	*new = am(myself, sizeof (*new));
183 
184 	if (old == 0)
185 		return (0);
186 
187 	if (new != 0) {
188 		copyIndex(old, new, &err);
189 		if (err != 0) {
190 			freeIndex(new, 1);
191 			new = 0;
192 		}
193 	}
194 
195 	return (new);
196 }
197 
198 void
freeIndex(__nis_index_t * old,bool_t doFree)199 freeIndex(__nis_index_t *old, bool_t doFree) {
200 	int	i;
201 
202 	if (old == 0)
203 		return;
204 
205 	for (i = 0; i < old->numIndexes; i++) {
206 		sfree(old->name[i]);
207 		freeMappingFormat(old->value[i]);
208 	}
209 
210 	if (doFree)
211 		free(old);
212 }
213 
214 char **
cloneName(char ** name,int numNames)215 cloneName(char **name, int numNames) {
216 	char	**new;
217 	int	i;
218 	char	*myself = "cloneName";
219 
220 	if (name == 0 || numNames <= 0)
221 		return (0);
222 
223 	new = am(myself, numNames * sizeof (new[0]));
224 	if (new == 0)
225 		return (0);
226 
227 	for (i = 0; i < numNames; i++) {
228 		if (name[i] != 0) {
229 			new[i] = sdup(myself, T, name[i]);
230 			if (new[i] == 0) {
231 				for (i--; i >= 0; i--) {
232 					sfree(new[i]);
233 				}
234 				sfree(new);
235 				return (0);
236 			}
237 		} else {
238 			new[i] = 0;
239 		}
240 	}
241 
242 	return (new);
243 }
244 
245 void
freeValue(__nis_value_t * val,int count)246 freeValue(__nis_value_t *val, int count) {
247 	int	c, i;
248 
249 	if (val == 0)
250 		return;
251 
252 	for (c = 0; c < count; c++) {
253 		if (val[c].val != 0) {
254 			for (i = 0; i < val[c].numVals; i++) {
255 				sfree(val[c].val[i].value);
256 			}
257 			free(val[c].val);
258 		}
259 	}
260 
261 	free(val);
262 }
263 
264 __nis_value_t *
cloneValue(__nis_value_t * val,int count)265 cloneValue(__nis_value_t *val, int count) {
266 	__nis_value_t	*n;
267 	int		c, i;
268 	char		*myself = "cloneValue";
269 
270 	if (count <= 0 || val == 0)
271 		return (0);
272 
273 	n = am(myself, count * sizeof (*n));
274 	if (n == 0)
275 		return (0);
276 
277 	for (c = 0; c < count; c++) {
278 		n[c].type = val[c].type;
279 		n[c].repeat = val[c].repeat;
280 		n[c].numVals = val[c].numVals;
281 		if (n[c].numVals > 0) {
282 			n[c].val = am(myself, n[c].numVals *
283 						sizeof (n[c].val[0]));
284 			if (n[c].val == 0) {
285 				freeValue(n, c);
286 				return (0);
287 			}
288 		} else {
289 			n[c].val = 0;
290 		}
291 		for (i = 0; i < n[c].numVals; i++) {
292 			int	amlen = val[c].val[i].length;
293 
294 			/*
295 			 * The functions that create string values try to
296 			 * make sure that there's a NUL at the end. However,
297 			 * both NIS+ and LDAP have a tendency to store strings
298 			 * without a NUL, so the value length may not include
299 			 * the NUL (even though it's there). In order to
300 			 * preserve that NUL, we add a byte to the length if
301 			 * the type is vt_string, and there isn't already a
302 			 * NUL at the end. The memory allocation function
303 			 * (am()) will take care of actually putting the NUL
304 			 * in place, since it allocates zero-initialized
305 			 * memory.
306 			 */
307 			n[c].val[i].length = val[c].val[i].length;
308 			if (n[c].type == vt_string && amlen > 0 &&
309 				((char *)val[c].val[i].value)[amlen-1] !=
310 					'\0') {
311 				amlen++;
312 			}
313 			n[c].val[i].value = am(myself, amlen);
314 			if (amlen > 0 && n[c].val[i].value == 0) {
315 				freeValue(n, c);
316 				return (0);
317 			}
318 			memcpy(n[c].val[i].value, val[c].val[i].value,
319 				n[c].val[i].length);
320 		}
321 	}
322 
323 	return (n);
324 }
325 
326 /* Define LBER_USE_DER per ber_decode(3LDAP) */
327 #ifndef	LBER_USE_DER
328 #define	LBER_USE_DER	0x01
329 #endif	/* LBER_USE_DER */
330 
331 /*
332  * Return a copy of 'valIn' where each value has been replaced by the
333  * BER encoded equivalent specified by 'berstring'. 'valIn' is unchanged.
334  */
335 __nis_value_t *
berEncode(__nis_value_t * valIn,char * berstring)336 berEncode(__nis_value_t *valIn, char *berstring) {
337 	char		*myself = "berEncode";
338 	__nis_value_t	*val;
339 	int		i;
340 
341 	if (valIn == 0 || berstring == 0)
342 		return (0);
343 
344 	val = cloneValue(valIn, 1);
345 	if (val == 0)
346 		return (0);
347 
348 	for (i = 0; i < val->numVals; i++) {
349 		BerElement	*ber = ber_alloc();
350 		struct berval	*bv = 0;
351 		int		ret;
352 
353 		if (ber == 0) {
354 			logmsg(MSG_NOMEM, LOG_ERR, "%s: ber_alloc() => NULL",
355 				myself);
356 			freeValue(val, 1);
357 			return (0);
358 		}
359 
360 		if ((strcmp("b", berstring) == 0 ||
361 				strcmp("i", berstring) == 0)) {
362 			if (val->val[i].length >= sizeof (int)) {
363 				ret = ber_printf(ber, berstring,
364 					*((int *)(val->val[i].value)));
365 			} else {
366 				ret = -1;
367 			}
368 		} else if (strcmp("B", berstring) == 0) {
369 			ret = ber_printf(ber, berstring,
370 				val->val[i].value,
371 				val->val[i].length * 8);
372 		} else if (strcmp("n", berstring) == 0) {
373 			ret = ber_printf(ber, berstring);
374 		} else if (strcmp("o", berstring) == 0) {
375 			ret = ber_printf(ber, berstring,
376 				val->val[i].value, val->val[i].length);
377 		} else if (strcmp("s", berstring) == 0) {
378 			char	*str = am(myself, val->val[i].length + 1);
379 
380 			if (str != 0) {
381 				ret = ber_printf(ber, berstring, str);
382 				free(str);
383 			} else {
384 				ret = -1;
385 			}
386 		} else {
387 			ret = -1;
388 		}
389 
390 		if (ret == -1) {
391 			reportError(NPL_BERENCODE, "%s: BER encoding error",
392 					myself);
393 			ber_free(ber, 1);
394 			freeValue(val, 1);
395 			return (0);
396 		}
397 
398 		if (ber_flatten(ber, &bv) != 0 || bv == 0) {
399 			reportError(NPL_BERENCODE, "%s: ber_flatten() error",
400 					myself);
401 			ber_free(ber, 1);
402 			freeValue(val, 1);
403 			return (0);
404 		}
405 
406 		sfree(val->val[i].value);
407 		val->val[i].length = bv->bv_len;
408 		val->val[i].value = bv->bv_val;
409 
410 		ber_free(ber, 1);
411 	}
412 
413 	val->type = vt_ber;
414 
415 	return (val);
416 }
417 
418 __nis_value_t *
berDecode(__nis_value_t * valIn,char * berstring)419 berDecode(__nis_value_t *valIn, char *berstring) {
420 	__nis_value_t	*val;
421 	int		i;
422 	char		*myself = "berDecode";
423 
424 	if (valIn == 0 || berstring == 0)
425 		return (0);
426 
427 	val = cloneValue(valIn, 1);
428 	if (val == 0)
429 		return (0);
430 
431 	for (i = 0; i < val->numVals; i++) {
432 		void		*v = 0;
433 		int		ret, len = 0;
434 		struct berval	bv;
435 		BerElement	*ber;
436 
437 		if (val->val[i].value == 0 || val->val[i].length <= 0)
438 			continue;
439 
440 		bv.bv_val = val->val[i].value;
441 		bv.bv_len = val->val[i].length;
442 		ber = ber_init(&bv);
443 		if (ber == 0) {
444 			reportError(NPL_BERDECODE, "%s: ber_init() error",
445 				myself);
446 			freeValue(val, 1);
447 			return (0);
448 		}
449 
450 		if ((strcmp("b", berstring) == 0 ||
451 				strcmp("i", berstring) == 0)) {
452 			len = sizeof (int);
453 			v = am(myself, len);
454 			if (v != 0) {
455 				ret = ber_scanf(ber, berstring, v);
456 			} else {
457 				ret = -1;
458 			}
459 		} else if (strcmp("B", berstring) == 0) {
460 			long	llen;
461 
462 			ret = ber_scanf(ber, berstring, &v, &llen);
463 			if (ret != -1) {
464 				len = llen/8;
465 			}
466 		} else if (strcmp("n", berstring) == 0) {
467 			ret = 0;
468 		} else if (strcmp("o", berstring) == 0) {
469 			struct berval	*bv = am(myself, sizeof (*bv));
470 
471 			if (bv != 0) {
472 				ret = ber_scanf(ber, "O", &bv);
473 				if (ret != -1 && bv != 0) {
474 					v = bv->bv_val;
475 					len = bv->bv_len;
476 				} else {
477 					ret = -1;
478 				}
479 				/* Only free 'bv' itself */
480 				free(bv);
481 			} else {
482 				ret = -1;
483 			}
484 		} else if (strcmp("s", berstring) == 0) {
485 			ret = ber_scanf(ber, "a", &v);
486 			if (ret != -1) {
487 				len = slen(v);
488 			}
489 		} else {
490 			ret = -1;
491 		}
492 
493 		if (ret == -1) {
494 			reportError(NPL_BERDECODE, "%s: BER decoding error",
495 					myself);
496 			freeValue(val, 1);
497 			return (0);
498 		}
499 
500 		/* Free the old value, and replace it with the decoded one */
501 		sfree(val->val[i].value);
502 		val->val[i].value = v;
503 		val->val[i].length = len;
504 	}
505 
506 	return (val);
507 }
508 
509 /*
510  * Return the value of the specified item.
511  */
512 __nis_value_t *
getMappingItemVal(__nis_mapping_item_t * item,__nis_mapping_item_type_t native,__nis_rule_value_t * rv,char * berstring,int * np_ldap_stat)513 getMappingItemVal(__nis_mapping_item_t *item, __nis_mapping_item_type_t native,
514 		__nis_rule_value_t *rv, char *berstring, int *np_ldap_stat) {
515 	__nis_value_t				*val = 0, *nameVal, *exVal = 0;
516 	int					numName, caseInsens, cmp;
517 	int					i, j, k;
518 	char					**name;
519 	enum {rvOnly, rvThenLookup, lookupOnly}	check;
520 	unsigned char				fromldap = '\0';
521 
522 	if (item == 0)
523 		return (0);
524 
525 	/*
526 	 * First, we decide if we should look for the value in 'rv',
527 	 * directly from NIS+/LDAP, or both.
528 	 */
529 	switch (item->type) {
530 	case mit_nisplus:
531 		/* Do we have a valid index/object spec ? */
532 		if (item->searchSpec.obj.index.numIndexes <= 0 &&
533 				item->searchSpec.obj.name == 0) {
534 			/*
535 			 * No valid index/object. If we have a rule-value,
536 			 * use it. Otherwise, return error.
537 			 */
538 			if (rv != 0) {
539 				name = rv->colName;
540 				nameVal = rv->colVal;
541 				numName = rv->numColumns;
542 				caseInsens = 0;
543 				check = rvOnly;
544 			} else {
545 				return (0);
546 			}
547 		} else {
548 			/*
549 			 * Valid index, so skip the rule-value and do
550 			 * a direct NIS+ lookup.
551 			 */
552 			check = lookupOnly;
553 		}
554 		break;
555 	case mit_ldap:
556 		if (rv != 0) {
557 			name = rv->attrName;
558 			nameVal = rv->attrVal;
559 			numName = rv->numAttrs;
560 			caseInsens = 1;
561 			fromldap = '1';
562 		}
563 		/* Do we have a valid triple ? */
564 		if (item->searchSpec.triple.scope == LDAP_SCOPE_UNKNOWN) {
565 			/*
566 			 * No valid triple. If we have a rule-value, use it.
567 			 * Otherwise, return error.
568 			 */
569 			if (rv != 0) {
570 				check = rvOnly;
571 			} else {
572 				return (0);
573 			}
574 		} else if (item->searchSpec.triple.base == 0 &&
575 				item->searchSpec.triple.scope ==
576 					LDAP_SCOPE_ONELEVEL &&
577 				item->searchSpec.triple.attrs == 0 &&
578 				item->searchSpec.triple.element == 0) {
579 			/*
580 			 * We have a valid triple, but it points to the
581 			 * current LDAP container. Thus, first look in
582 			 * the rule-value; if that fails, perform a direct
583 			 * LDAP lookup.
584 			 */
585 			if (rv != 0) {
586 				check = rvThenLookup;
587 			} else {
588 				check = lookupOnly;
589 			}
590 		} else {
591 			/*
592 			 * Valid triple, and it's not the current container
593 			 * (at least not in the trivial sense). Hence, do
594 			 * a direct LDAP lookup.
595 			 */
596 			check = lookupOnly;
597 		}
598 		break;
599 	default:
600 		return (0);
601 	}
602 
603 	/* Check the rule-value */
604 	if (check == rvOnly || check == rvThenLookup) {
605 		for (i = 0; i < numName; i++) {
606 			if (caseInsens)
607 				cmp = strcasecmp(item->name, name[i]);
608 			else
609 				cmp = strcmp(item->name, name[i]);
610 			if (cmp == 0) {
611 				if (nameVal[i].numVals <= 0)
612 					break;
613 				if (berstring == 0) {
614 					val = cloneValue(&nameVal[i], 1);
615 				} else if (yp2ldap && berstring[0] == 'a') {
616 					val = cloneValue(&nameVal[i], 1);
617 				} else {
618 					val = berDecode(&nameVal[i],
619 						berstring);
620 				}
621 				if (val != 0) {
622 					val->repeat = item->repeat;
623 					/*
624 					 * If value for nis+ column is
625 					 * passed with value, val is
626 					 * manipulated in cloneValue().
627 					 * To decide whether there are
628 					 * enough nis+ column values
629 					 * for rule to produce a value,
630 					 * we need nis+ column values
631 					 * as well as nis_mapping_element
632 					 * from the rule. If we are here,
633 					 * it indicates that the 'val has
634 					 * an valid value for the column
635 					 * item-> name. So set
636 					 * NP_LDAP_MAP_SUCCESS
637 					 * to np_ldap-stat.
638 					 */
639 
640 					if (np_ldap_stat != NULL)
641 						*np_ldap_stat =
642 							NP_LDAP_MAP_SUCCESS;
643 				}
644 				break;
645 			}
646 		}
647 	}
648 
649 	/* Do a direct lookup ? */
650 	if (val == 0 && (check == rvThenLookup || check == lookupOnly)) {
651 		if (item->type == mit_ldap) {
652 			int	err = 0;
653 			__nis_search_triple_t	triple;
654 			char			*baseDN;
655 
656 			/*
657 			 * If item->searchSpec.triple.base is NULL, or ends
658 			 * in a comma, append the current search base from
659 			 * the TSD (put there by an upper layer).
660 			 *
661 			 * Special case for N2L mode:
662 			 * if item->searchSpec.triple.base ends in a comma,
663 			 * the current domain Context is used.
664 			 */
665 			if (yp2ldap && item->searchSpec.triple.base &&
666 				strlen(item->searchSpec.triple.base) > 0) {
667 				baseDN = __nisdb_get_tsd()->domainContext;
668 			} else {
669 				baseDN = __nisdb_get_tsd()->searchBase;
670 			}
671 			triple.base = appendBase(item->searchSpec.triple.base,
672 				baseDN, &err, 0);
673 			if (err == 0) {
674 				triple.scope = item->searchSpec.triple.scope;
675 				triple.attrs = item->searchSpec.triple.attrs;
676 				triple.element =
677 					item->searchSpec.triple.element;
678 				val = lookupLDAP(&triple, item->name, rv, 0,
679 					np_ldap_stat);
680 				fromldap = '1';
681 			} else {
682 				val = 0;
683 			}
684 			sfree(triple.base);
685 		}
686 	}
687 
688 
689 	/* Special processing for NIS to LDAP mode */
690 	if (yp2ldap && val != 0) {
691 
692 		/*
693 		 * Escape special chars from dn before sending to DIT,
694 		 * provided val is not ldap-based
695 		 */
696 		if (fromldap == '\0' && __nisdb_get_tsd()->escapeFlag == '1') {
697 			if (escapeSpecialChars(val) < 0) {
698 				freeValue(val, 1);
699 				return (0);
700 			}
701 		} else if (__nisdb_get_tsd()->escapeFlag == '2') {
702 			/* Remove escape chars from data received from DIT */
703 			(void) removeEscapeChars(val);
704 		}
705 
706 		/*
707 		 * Remove from 'val', any values obtained using
708 		 * the 'removespec' syntax
709 		 */
710 
711 		/* Obtain exVal */
712 		if (item->exItem)
713 			exVal = getMappingItemVal(item->exItem, native, rv,
714 			    berstring, NULL);
715 
716 		/* delete */
717 		if (exVal != 0) {
718 			for (i = 0; i < val->numVals; ) {
719 				for (j = 0; j < exVal->numVals; j++) {
720 					if (sstrncmp(val->val[i].value,
721 							exVal->val[j].value,
722 							MAX(val->val[i].length,
723 							exVal->val[j].length))
724 							== 0)
725 						break;
726 				}
727 				if (j < exVal->numVals) {
728 					sfree(val->val[i].value);
729 					val->val[i].value = 0;
730 					val->val[i].length = 0;
731 					for (k = i; k < val->numVals - 1; k++) {
732 						val->val[k] = val->val[k + 1];
733 						val->val[k + 1].value = 0;
734 						val->val[k + 1].length = 0;
735 					}
736 					val->numVals--;
737 				} else
738 					i++;
739 			}
740 
741 			freeValue(exVal, 1);
742 
743 			/*
744 			 * If val->numVals <= 0, then we have no val to
745 			 * return. So free up stuff.
746 			 */
747 			if (val->numVals <= 0) {
748 				free(val->val);
749 				val->val = 0;
750 				free(val);
751 				return (0);
752 			}
753 		}
754 	}
755 
756 	return (val);
757 }
758 
759 __nis_value_t *
getMappingFormat(__nis_mapping_format_t * f,__nis_rule_value_t * rv,__nis_format_arg_t at,void * a,int * numArg)760 getMappingFormat(__nis_mapping_format_t *f, __nis_rule_value_t *rv,
761 			__nis_format_arg_t at, void *a, int *numArg) {
762 	char		*myself = "getMappingFormat";
763 	__nis_value_t	*val = 0;
764 	__nis_buffer_t	b = {0, 0};
765 	int		i;
766 
767 	if (f == 0)
768 		return (0);
769 
770 	if (rv == 0) {
771 		val = am(myself, sizeof (*val));
772 		if (val == 0)
773 			return (0);
774 
775 		switch (f->type) {
776 		case mmt_item:
777 			bp2buf(myself, &b, "%%s");
778 			break;
779 		case mmt_string:
780 			bp2buf(myself, &b, "%s", NIL(f->match.string));
781 			break;
782 		case mmt_single:
783 			bp2buf(myself, &b, "[");
784 			for (i = 0; i < f->match.single.numRange; i++) {
785 				if (f->match.single.lo[i] ==
786 						f->match.single.hi[i])
787 					bp2buf(myself, &b, "%c",
788 						f->match.single.lo[i]);
789 				else
790 					bp2buf(myself, &b, "%c-%c",
791 						f->match.single.lo[i],
792 						f->match.single.hi[i]);
793 			}
794 			bp2buf(myself, &b, "]");
795 			break;
796 		case mmt_limit:
797 			break;
798 		case mmt_any:
799 			bp2buf(myself, &b, "*");
800 			break;
801 		case mmt_berstring:
802 			bp2buf(myself, &b, "%s", NIL(f->match.berString));
803 			break;
804 		case mmt_begin:
805 		case mmt_end:
806 			bp2buf(myself, &b, "\"");
807 			break;
808 		default:
809 			bp2buf(myself, &b, "<unknown>");
810 		}
811 		val->type = vt_string;
812 		val->numVals = 1;
813 		val->val = am(myself, sizeof (val->val[0]));
814 		if (val->val == 0) {
815 			sfree(val);
816 			return (0);
817 		}
818 		val->val[0].value = b.buf;
819 		val->val[0].length = b.len;
820 	} else {
821 		switch (f->type) {
822 		case mmt_item:
823 		case mmt_berstring:
824 			if (a != 0) {
825 				if (at == fa_item) {
826 					val = getMappingItemVal(
827 						(__nis_mapping_item_t *)a,
828 						mit_any, rv,
829 		(f->type == mmt_berstring) ? f->match.berString : 0, NULL);
830 					if (numArg != 0)
831 						(*numArg)++;
832 				} else {
833 					val = cloneValue(
834 						(__nis_value_t *)a, 1);
835 					if (numArg != 0)
836 						(*numArg)++;
837 				}
838 			}
839 			break;
840 		case mmt_string:
841 			val = am(myself, sizeof (*val));
842 			if (val == 0)
843 				return (0);
844 			val->type = vt_string;
845 			val->numVals = 1;
846 			val->val = am(myself, sizeof (val->val[0]));
847 			if (val->val == 0) {
848 				sfree(val);
849 				return (0);
850 			}
851 			val->val[0].value = sdup(myself, T, f->match.string);
852 			val->val[0].length = strlen(val->val[0].value);
853 			break;
854 		case mmt_single:
855 		case mmt_limit:
856 		case mmt_any:
857 		case mmt_begin:
858 		case mmt_end:
859 			/* Not an error, so return an empty value */
860 			val = am(myself, sizeof (*val));
861 			if (val == 0)
862 				return (0);
863 			val->type = vt_string;
864 			val->numVals = 0;
865 			val->val = 0;
866 			break;
867 		default:
868 			/* Do nothing */
869 			val = 0;
870 			break;
871 		}
872 	}
873 	return (val);
874 }
875 
876 /*
877  * Used when evaluating an expression. Typically, the value of the
878  * expression so far will be kept in 'v1', and 'v2' is the value
879  * of the current component of the expression. In the general case,
880  * both will be multi-valued, and the result is an "explosion"
881  * resulting in N*M new values (if 'v1' had N values, and 'v2'
882  * M ditto).
883  *
884  * For example, if v1 = {"ab", "cd", "ef"}, and v2 = {"gh", "ij", "kl"},
885  * the result will be {"abgh", "abij", "abkl", "cdgh", "cdij", "cdkl",
886  * "efgh", "efij", "efkl"}.
887  *
888  * There are special cases when v1->repeat and/or v2->repeat are set.
889  * Repeat mostly makes sense with single values; for example, if
890  * v1 = {"x="} with repeat on, and v2 = {"1", "2", "3"}, the result
891  * is {"x=1", "x=2", "x=3"}.
892  *
893  * The result if v2 also had repeat on would be {"x=1x=2x=3"}. It's
894  * not clear if there's a useful application for this, but the code's
895  * there for the sake of orthogonality.
896  */
897 __nis_value_t *
explodeValues(__nis_value_t * v1,__nis_value_t * v2)898 explodeValues(__nis_value_t *v1, __nis_value_t *v2) {
899 	int		i1, i2, n, nv;
900 	__nis_value_t	*v;
901 	__nis_buffer_t	b = {0, 0};
902 	char		*myself = "explodeValues";
903 
904 	if (v1 == 0 || v1->numVals <= 0)
905 		return (cloneValue(v2, 1));
906 	if (v2 == 0 || v2->numVals <= 0)
907 		return (cloneValue(v1, 1));
908 
909 	/*
910 	 * XXX What should we do if (v1->type != v2->type) ?
911 	 * Policy: Just explode anyway, even though the result is
912 	 * unlikely to be very useful.
913 	 */
914 
915 	v = am(myself, sizeof (*v));
916 	if (v == 0)
917 		return (0);
918 
919 	if (!v1->repeat && !v2->repeat)
920 		nv = v1->numVals * v2->numVals;
921 	else if (v1->repeat && !v2->repeat)
922 		nv = v2->numVals;
923 	else if (!v1->repeat && v2->repeat)
924 		nv = v1->numVals;
925 	else /* v1->repeat && v2->repeat */
926 		nv = 1;
927 
928 	v->val = am(myself, nv * sizeof (v->val[0]));
929 	if (v->val == 0) {
930 		free(v);
931 		return (0);
932 	}
933 
934 	/*
935 	 * Four different cases, depending on the 'repeat' flags.
936 	 */
937 	if (!v1->repeat && !v2->repeat) {
938 		for (i1 = 0, n = 0; i1 < v1->numVals; i1++) {
939 			for (i2 = 0; i2 < v2->numVals; i2++) {
940 				if (v1->type == vt_string)
941 					sbc2buf(myself, v1->val[i1].value,
942 						v1->val[i1].length,
943 						&b);
944 				else
945 					bc2buf(myself, v1->val[i1].value,
946 						v1->val[i1].length,
947 						&b);
948 				if (v2->type == vt_string)
949 					sbc2buf(myself, v2->val[i2].value,
950 						v2->val[i2].length,
951 						&b);
952 				else
953 					bc2buf(myself, v2->val[i2].value,
954 						v2->val[i2].length,
955 						&b);
956 				v->val[n].value = b.buf;
957 				v->val[n].length = b.len;
958 				n++;
959 				b.buf = 0;
960 				b.len = 0;
961 			}
962 		}
963 	} else if (v1->repeat && !v2->repeat) {
964 		for (i2 = 0; i2 < v2->numVals; i2++) {
965 			for (i1 = 0, n = 0; i1 < v1->numVals; i1++) {
966 				if (v1->type == vt_string)
967 					sbc2buf(myself, v1->val[i1].value,
968 						v1->val[i1].length,
969 						&b);
970 				else
971 					bc2buf(myself, v1->val[i1].value,
972 						v1->val[i1].length,
973 						&b);
974 				if (v2->type == vt_string)
975 					sbc2buf(myself, v2->val[i2].value,
976 						v2->val[i2].length,
977 						&b);
978 				else
979 					bc2buf(myself, v2->val[i2].value,
980 						v2->val[i2].length,
981 						&b);
982 			}
983 			v->val[n].value = b.buf;
984 			v->val[n].length = b.len;
985 			n++;
986 			b.buf = 0;
987 			b.len = 0;
988 		}
989 	} else if (!v1->repeat && v2->repeat) {
990 		for (i1 = 0, n = 0; i1 < v1->numVals; i1++) {
991 			for (i2 = 0; i2 < v2->numVals; i2++) {
992 				if (v1->type == vt_string)
993 					sbc2buf(myself, v1->val[i1].value,
994 						v1->val[i1].length,
995 						&b);
996 				else
997 					bc2buf(myself, v1->val[i1].value,
998 						v1->val[i1].length,
999 						&b);
1000 				if (v2->type == vt_string)
1001 					sbc2buf(myself, v2->val[i2].value,
1002 						v2->val[i2].length,
1003 						&b);
1004 				else
1005 					bc2buf(myself, v2->val[i2].value,
1006 						v2->val[i2].length,
1007 						&b);
1008 			}
1009 			v->val[n].value = b.buf;
1010 			v->val[n].length = b.len;
1011 			n++;
1012 			b.buf = 0;
1013 			b.len = 0;
1014 		}
1015 	} else { /* v1->repeat && v2->repeat */
1016 		for (i1 = 0, n = 0; i1 < v1->numVals; i1++) {
1017 			for (i2 = 0; i2 < v2->numVals; i2++) {
1018 				if (v1->type == vt_string)
1019 					sbc2buf(myself, v1->val[i1].value,
1020 						v1->val[i1].length,
1021 						&b);
1022 				else
1023 					bc2buf(myself, v1->val[i1].value,
1024 						v1->val[i1].length,
1025 						&b);
1026 				if (v2->type == vt_string)
1027 					sbc2buf(myself, v2->val[i2].value,
1028 						v2->val[i2].length,
1029 						&b);
1030 				else
1031 					bc2buf(myself, v2->val[i2].value,
1032 						v2->val[i2].length,
1033 						&b);
1034 			}
1035 		}
1036 		v->val[n].value = b.buf;
1037 		v->val[n].length = b.len;
1038 		n++;
1039 		b.buf = 0;
1040 		b.len = 0;
1041 	}
1042 
1043 #ifdef	NISDB_LDAP_DEBUG
1044 	/* Sanity check */
1045 	if (n != nv)
1046 		abort();
1047 #endif	/* NISD__LDAP_DEBUG */
1048 
1049 	v->type = (v1->type == vt_string) ?
1050 			((v2->type == vt_string) ?
1051 				vt_string : vt_ber) : vt_ber;
1052 	v->repeat = 0;
1053 	v->numVals = n;
1054 
1055 	return (v);
1056 }
1057 
1058 __nis_value_t *
getMappingFormatArray(__nis_mapping_format_t * a,__nis_rule_value_t * rv,__nis_format_arg_t at,int numArgs,void * arg)1059 getMappingFormatArray(__nis_mapping_format_t *a, __nis_rule_value_t *rv,
1060 			__nis_format_arg_t at, int numArgs, void *arg) {
1061 	int			i, ia = 0;
1062 	__nis_value_t		*val, *v = 0;
1063 	bool_t			moreFormat = (a != 0);
1064 	bool_t			moreArgs = (numArgs > 0);
1065 
1066 	while (moreFormat && (arg == 0 || ia < numArgs)) {
1067 		for (i = 0; moreFormat; i++) {
1068 			moreFormat = (a[i].type != mmt_end);
1069 			if (at == fa_item) {
1070 				__nis_mapping_item_t *item = arg;
1071 				val = getMappingFormat(&a[i], rv, at,
1072 					((item != 0) ? &item[ia] : 0), &ia);
1073 			} else {
1074 				__nis_value_t **ival = arg;
1075 				val = getMappingFormat(&a[i], rv, at,
1076 					((ival != 0) ? ival[ia] : 0), &ia);
1077 			}
1078 			if (val != 0) {
1079 				__nis_value_t	*new = explodeValues(v, val);
1080 
1081 				freeValue(v, 1);
1082 				freeValue(val, 1);
1083 				if (new == 0)
1084 					return (0);
1085 
1086 				v = new;
1087 			} else {
1088 				freeValue(v, 1);
1089 				return (0);
1090 			}
1091 			/*
1092 			 * If we run out of arguments, but still have format
1093 			 * remaining, repeat the last argument. Keep track of
1094 			 * the fact that we've really consumed all arguments.
1095 			 */
1096 			if (moreFormat && ia >= numArgs) {
1097 				ia = (numArgs > 0) ? numArgs - 1 : 0;
1098 				moreArgs = FALSE;
1099 			}
1100 		}
1101 		/*
1102 		 * We've run out of format, so if we still have arguments
1103 		 * left, start over on the format.
1104 		 */
1105 		if (ia < numArgs && moreArgs) {
1106 			/*
1107 			 * However, if we didn't consume any arguments going
1108 			 * through the format once, abort to avoid an infinite
1109 			 * loop.
1110 			 */
1111 			if (numArgs > 0 && ia <= 0) {
1112 				freeValue(v, 1);
1113 				return (0);
1114 			}
1115 			moreFormat = 1;
1116 		}
1117 	}
1118 
1119 	return (v);
1120 }
1121 
1122 /*
1123  * Returns a string representation (such as "[name=foo, value=bar]")
1124  * of a nis_index_t.
1125  */
1126 char *
getIndex(__nis_index_t * i,int * len)1127 getIndex(__nis_index_t *i, int *len) {
1128 	int		n;
1129 	__nis_buffer_t	b = {0, 0};
1130 	char		*myself = "getIndex";
1131 
1132 	if (i == 0)
1133 		return (0);
1134 
1135 	if (i->numIndexes > 0) {
1136 		bp2buf(myself, &b, "[");
1137 		for (n = 0; n < i->numIndexes; n++) {
1138 			__nis_value_t	*val;
1139 			int		j;
1140 
1141 			val = getMappingFormatArray(i->value[n],
1142 						0, fa_any, 0, 0);
1143 			if (n > 0)
1144 				bp2buf(myself, &b, ", ");
1145 			bp2buf(myself, &b, "%s=", i->name[n]);
1146 			if (val != 0) {
1147 				for (j = 0; j < val->numVals; j++) {
1148 					bc2buf(myself, val->val[j].value,
1149 						val->val[j].length, &b);
1150 				}
1151 			} else {
1152 				bp2buf(myself, &b, "<no-vals>");
1153 			}
1154 			freeValue(val, 1);
1155 		}
1156 		bp2buf(myself, &b, "]");
1157 	}
1158 	if (len != 0)
1159 		*len = b.len;
1160 	return (b.buf);
1161 }
1162 
1163 char *
getObjSpec(__nis_obj_spec_t * o,int * len)1164 getObjSpec(__nis_obj_spec_t *o, int *len) {
1165 	__nis_buffer_t	b = {0, 0};
1166 	char		*myself = "getObjSpec";
1167 
1168 	if (o == 0)
1169 		return (0);
1170 
1171 	b.buf = getIndex(&o->index, &b.len);
1172 	sbc2buf(myself, o->name, slen(o->name), &b);
1173 	if (len != 0)
1174 		*len = b.len;
1175 	return (b.buf);
1176 }
1177 
1178 /*
1179  * Returns a string representation of the LDAP scope. Note that the
1180  * returned value is a static entity, and must be copied by the
1181  * caller (but, obviously, must not be freed).
1182  */
1183 char *
getScope(int scope)1184 getScope(int scope) {
1185 	switch (scope) {
1186 	case LDAP_SCOPE_BASE:
1187 		return ("base");
1188 	case LDAP_SCOPE_ONELEVEL:
1189 		return ("one");
1190 	case LDAP_SCOPE_SUBTREE:
1191 		return ("sub");
1192 	default:
1193 		return ("one");
1194 	}
1195 }
1196 
1197 /*
1198  * Return a string representation of an LDAP search triple (such as
1199  * "ou=Hosts,dc=eng,dc=sun,dc=com?one?cn=xyzzy").
1200  */
1201 char *
getSearchTriple(__nis_search_triple_t * s,int * len)1202 getSearchTriple(__nis_search_triple_t *s, int *len) {
1203 	__nis_buffer_t	b = {0, 0};
1204 	char		*a;
1205 	int		l;
1206 	char		*myself = "getSearchTriple";
1207 
1208 	/* If the scope is LDAP_SCOPE_UNKNOWN, the search triple is unused */
1209 	if (s == 0 || s->scope == LDAP_SCOPE_UNKNOWN) {
1210 		if (len != 0)
1211 			*len = 0;
1212 		return (0);
1213 	}
1214 
1215 	if (s->base != 0)
1216 		sbc2buf(myself, s->base, slen(s->base), &b);
1217 	if (!(s->scope == LDAP_SCOPE_ONELEVEL &&
1218 			(s->base == 0 || s->base[0] == '\0'))) {
1219 		bp2buf(myself, &b, "?%s?", getScope(s->scope));
1220 	}
1221 	if ((l = slen(s->attrs)) > 0) {
1222 		/*
1223 		 * Remove white space from the filter/attribute list.
1224 		 * The parser usually keeps any white space from the
1225 		 * config file (or LDAP/command line), but we don't
1226 		 * want it.
1227 		 */
1228 		a = am(myself, l+1);
1229 		if (a != 0) {
1230 			int	i, la;
1231 
1232 			for (i = 0, la = 0; i < l; i++) {
1233 				if (s->attrs[i] != ' ' &&
1234 						s->attrs[i] != '\t')
1235 					a[la++] = s->attrs[i];
1236 			}
1237 			sbc2buf(myself, a, la, &b);
1238 			sfree(a);
1239 		} else {
1240 			sbc2buf(myself, s->attrs, slen(s->attrs), &b);
1241 		}
1242 	}
1243 
1244 	if (len != 0)
1245 		*len = b.len;
1246 	return (b.buf);
1247 }
1248 
1249 __nis_value_t *
getMappingItem(__nis_mapping_item_t * i,__nis_mapping_item_type_t native,__nis_rule_value_t * rv,char * berstring,int * np_ldap_stat)1250 getMappingItem(__nis_mapping_item_t *i, __nis_mapping_item_type_t native,
1251 		__nis_rule_value_t *rv, char *berstring, int *np_ldap_stat) {
1252 	char		*myself = "getMappingItem";
1253 	__nis_value_t	*val = 0;
1254 	__nis_buffer_t	b = {0, 0};
1255 	int		len = 0;
1256 	char		*buf;
1257 
1258 	if (i == 0)
1259 		return (0);
1260 
1261 	if (rv != 0)
1262 		return (getMappingItemVal(i, native, rv, berstring,
1263 			np_ldap_stat));
1264 
1265 	val = am(myself, sizeof (*val));
1266 	if (val == 0)
1267 		return (0);
1268 
1269 	switch (i->type) {
1270 	case mit_nisplus:
1271 		if (native != mit_nisplus)
1272 			bp2buf(myself, &b, "nis+:");
1273 		bp2buf(myself, &b, "%s", NIL(i->name));
1274 		buf = getObjSpec(&i->searchSpec.obj, &len);
1275 		if (buf != 0 && len > 0) {
1276 			bc2buf(myself, ":", 1, &b);
1277 			sbc2buf(myself, buf, len, &b);
1278 		}
1279 		sfree(buf);
1280 		val->type = vt_string;
1281 		val->repeat = i->repeat;
1282 		val->numVals = 1;
1283 		val->val = am(myself, sizeof (val->val[0]));
1284 		if (val->val == 0) {
1285 			sfree(b.buf);
1286 			free(val);
1287 			return (0);
1288 		}
1289 		val->val[0].value = b.buf;
1290 		val->val[0].length = b.len;
1291 		break;
1292 	case mit_ldap:
1293 		if (native != mit_ldap)
1294 			bp2buf(myself, &b, "ldap:");
1295 		bp2buf(myself, &b, "%s", NIL(i->name));
1296 		buf = getSearchTriple(&i->searchSpec.triple, &len);
1297 		if (buf != 0 && len > 0) {
1298 			bc2buf(myself, ":", 1, &b);
1299 			sbc2buf(myself, buf, len, &b);
1300 		}
1301 		sfree(buf);
1302 		val->type = vt_string;
1303 		val->repeat = i->repeat;
1304 		val->numVals = 1;
1305 		val->val = am(myself, sizeof (val->val[0]));
1306 		if (val->val == 0) {
1307 			sfree(b.buf);
1308 			free(val);
1309 			return (0);
1310 		}
1311 		val->val[0].value = b.buf;
1312 		val->val[0].length = b.len;
1313 		break;
1314 	default:
1315 		p2buf(myself, "<unknown>:");
1316 		p2buf(myself, "%s", NIL(i->name));
1317 		break;
1318 	}
1319 
1320 	return (val);
1321 }
1322 
1323 void
copyObjSpec(__nis_obj_spec_t * old,__nis_obj_spec_t * new,int * err)1324 copyObjSpec(__nis_obj_spec_t *old, __nis_obj_spec_t *new, int *err) {
1325 	char	*myself = "copyObjSpec";
1326 
1327 	if (old == 0 || new == 0) {
1328 		*err = EINVAL;
1329 		return;
1330 	}
1331 
1332 	if (new->index.name == 0) {
1333 		new->index.name = am(myself, old->index.numIndexes *
1334 						sizeof (new->index.name[0]));
1335 		if (old->index.numIndexes > 0 && new->index.name == 0) {
1336 			*err = ENOMEM;
1337 			return;
1338 		}
1339 		new->index.value = am(myself, old->index.numIndexes *
1340 						sizeof (new->index.value[0]));
1341 		if (old->index.numIndexes > 0 && new->index.value == 0) {
1342 			*err = ENOMEM;
1343 			return;
1344 		}
1345 	}
1346 	new->name = sdup(myself, T, old->name);
1347 	if (new->name == 0 && old->name != 0) {
1348 		*err = ENOMEM;
1349 		return;
1350 	}
1351 	copyIndex(&old->index, &new->index, err);
1352 }
1353 
1354 __nis_obj_spec_t *
cloneObjSpec(__nis_obj_spec_t * old)1355 cloneObjSpec(__nis_obj_spec_t *old) {
1356 	char			*myself = "cloneObjSpec";
1357 	int			err = 0;
1358 	__nis_obj_spec_t	*new = am(myself, sizeof (*new));
1359 
1360 	if (new != 0) {
1361 		copyObjSpec(old, new, &err);
1362 		if (err != 0) {
1363 			freeObjSpec(new, 1);
1364 			new = 0;
1365 		}
1366 	}
1367 
1368 	return (new);
1369 }
1370 
1371 void
freeObjSpec(__nis_obj_spec_t * old,bool_t doFree)1372 freeObjSpec(__nis_obj_spec_t *old, bool_t doFree) {
1373 
1374 	if (old == 0)
1375 		return;
1376 
1377 	sfree(old->name);
1378 	freeIndex(&old->index, FALSE);
1379 	if (doFree)
1380 		free(old);
1381 }
1382 
1383 void
copySearchTriple(__nis_search_triple_t * old,__nis_search_triple_t * new,int * err)1384 copySearchTriple(__nis_search_triple_t *old, __nis_search_triple_t *new,
1385 		int *err) {
1386 	char			*myself = "copySearchTriple";
1387 
1388 	*err = 0;
1389 
1390 	if (old == 0 || new == 0) {
1391 		*err = EINVAL;
1392 		return;
1393 	}
1394 
1395 	if (old->base != NULL)
1396 		new->base = sdup(myself, T, old->base);
1397 	else
1398 		new->base = NULL;
1399 	if (old->attrs != NULL)
1400 		new->attrs = sdup(myself, T, old->attrs);
1401 	else
1402 		new->attrs = NULL;
1403 	if ((new->base == 0 && old->base != 0) ||
1404 			(new->attrs == 0 && old->attrs != 0)) {
1405 		sfree(new->base);
1406 		new->base = 0;
1407 		sfree(new->attrs);
1408 		new->attrs = 0;
1409 		*err = ENOMEM;
1410 		return;
1411 	}
1412 	new->scope = old->scope;
1413 	/*
1414 	 * XXX Really should have a cloneMappingElement() function.
1415 	 * However, since whatever the 'element' field points to
1416 	 * is allocated at parse time, and never is freed or modified,
1417 	 * it's sufficient to copy the pointer value.
1418 	 */
1419 	new->element = old->element;
1420 }
1421 
1422 __nis_search_triple_t *
cloneSearchTriple(__nis_search_triple_t * old)1423 cloneSearchTriple(__nis_search_triple_t *old) {
1424 	char			*myself = "cloneSearchTriple";
1425 	int			err = 0;
1426 	__nis_search_triple_t	*new = am(myself, sizeof (*new));
1427 
1428 	if (new != 0) {
1429 		copySearchTriple(old, new, &err);
1430 		if (err != 0) {
1431 			freeSearchTriple(new, 1);
1432 			new = 0;
1433 		}
1434 	}
1435 
1436 	return (new);
1437 }
1438 
1439 void
freeSearchTriple(__nis_search_triple_t * old,bool_t doFree)1440 freeSearchTriple(__nis_search_triple_t *old, bool_t doFree) {
1441 
1442 	if (old == 0)
1443 		return;
1444 
1445 	sfree(old->base);
1446 	sfree(old->attrs);
1447 	/*
1448 	 * Since we only copied the element pointer when this structure
1449 	 * was created, we don't free old->element.
1450 	 */
1451 	if (doFree)
1452 		free(old);
1453 }
1454 
1455 void
copyTripleOrObj(__nis_mapping_item_type_t type,__nis_triple_or_obj_t * old,__nis_triple_or_obj_t * new,int * err)1456 copyTripleOrObj(__nis_mapping_item_type_t type,
1457 		__nis_triple_or_obj_t *old, __nis_triple_or_obj_t *new,
1458 		int *err) {
1459 
1460 	*err = 0;
1461 
1462 	if (old == 0 || new == 0) {
1463 		*err = EINVAL;
1464 		return;
1465 	}
1466 
1467 	if (type == mit_nisplus) {
1468 		copyObjSpec(&old->obj, &new->obj, err);
1469 	} else if (type == mit_ldap) {
1470 		copySearchTriple(&old->triple, &new->triple, err);
1471 	}
1472 }
1473 
1474 __nis_triple_or_obj_t *
cloneTripleOrObj(__nis_mapping_item_type_t type,__nis_triple_or_obj_t * old)1475 cloneTripleOrObj(__nis_mapping_item_type_t type, __nis_triple_or_obj_t *old) {
1476 	char			*myself = "cloneTripleOrObj";
1477 	int			err = 0;
1478 	__nis_triple_or_obj_t	*new = am(myself, sizeof (*new));
1479 
1480 	if (new != 0) {
1481 		copyTripleOrObj(type, old, new, &err);
1482 		if (err != 0) {
1483 			freeTripleOrObj(type, new, 1);
1484 			new = 0;
1485 		}
1486 	}
1487 
1488 	return (new);
1489 }
1490 
1491 void
freeTripleOrObj(__nis_mapping_item_type_t type,__nis_triple_or_obj_t * old,bool_t doFree)1492 freeTripleOrObj(__nis_mapping_item_type_t type, __nis_triple_or_obj_t *old,
1493 		bool_t doFree) {
1494 
1495 	if (old == 0)
1496 		return;
1497 
1498 	if (type == mit_nisplus)
1499 		freeObjSpec(&old->obj, doFree);
1500 	else if (type == mit_ldap)
1501 		freeSearchTriple(&old->triple, doFree);
1502 
1503 	if (doFree)
1504 		free(old);
1505 }
1506 
1507 void
copyItem(__nis_mapping_item_t * old,__nis_mapping_item_t * new,int * err)1508 copyItem(__nis_mapping_item_t *old, __nis_mapping_item_t *new, int *err) {
1509 
1510 	*err = 0;
1511 
1512 	if (old == 0 || new == 0) {
1513 		*err = EINVAL;
1514 		return;
1515 	}
1516 
1517 	new->type = old->type;
1518 	new->repeat = old->repeat;
1519 	if (old->name != 0) {
1520 		new->name = strdup(old->name);
1521 		if (new->name == 0) {
1522 			*err = ENOMEM;
1523 			return;
1524 		}
1525 	} else {
1526 		new->name = 0;
1527 	}
1528 	if (old->type == mit_nisplus || old->type == mit_ldap)
1529 		copyTripleOrObj(old->type, &old->searchSpec, &new->searchSpec,
1530 				err);
1531 	else
1532 		memset(&new->searchSpec, 0, sizeof (new->searchSpec));
1533 }
1534 
1535 __nis_mapping_item_t *
cloneItem(__nis_mapping_item_t * old)1536 cloneItem(__nis_mapping_item_t *old) {
1537 	__nis_mapping_item_t	*new;
1538 	int			err = 0;
1539 	char			*myself = "cloneItem";
1540 
1541 	if (old == 0)
1542 		return (0);
1543 
1544 	new = am(myself, sizeof (*new));
1545 	if (new == 0)
1546 		return (0);
1547 
1548 	copyItem(old, new, &err);
1549 	if (err != 0) {
1550 		freeMappingItem(new, 1);
1551 		return (0);
1552 	}
1553 
1554 	return (new);
1555 }
1556 
1557 void
freeMappingItem(__nis_mapping_item_t * item,int numItems)1558 freeMappingItem(__nis_mapping_item_t *item, int numItems) {
1559 	int	i;
1560 
1561 	if (item == 0)
1562 		return;
1563 
1564 	for (i = 0; i < numItems; i++) {
1565 		sfree(item[i].name);
1566 		freeTripleOrObj(item[i].type, &item[i].searchSpec, FALSE);
1567 	}
1568 	sfree(item);
1569 }
1570 
1571 __nis_mapping_item_t *
concatenateMappingItem(__nis_mapping_item_t * old,int numItems,__nis_mapping_item_t * cat)1572 concatenateMappingItem(__nis_mapping_item_t *old, int numItems,
1573 		__nis_mapping_item_t *cat) {
1574 	__nis_mapping_item_t	*new;
1575 	int			i, err = 0;
1576 	char			*myself = "concatenateMappingItem";
1577 
1578 	if (old == 0 || numItems < 1)
1579 		return (cloneItem(cat));
1580 
1581 	new = am(myself, (numItems + 1) * sizeof (*new));
1582 	if (new == 0)
1583 		return (0);
1584 
1585 	for (i = 0; i < numItems; i++) {
1586 		copyItem(&old[i], &new[i], &err);
1587 		if (err != 0) {
1588 			freeMappingItem(new, i);
1589 			return (0);
1590 		}
1591 	}
1592 	copyItem(cat, &new[numItems], &err);
1593 	if (err != 0) {
1594 		freeMappingItem(new, numItems);
1595 		new = 0;
1596 	}
1597 
1598 	return (new);
1599 }
1600 
1601 __nis_value_t *
concatenateValues(__nis_value_t * v1,__nis_value_t * v2)1602 concatenateValues(__nis_value_t *v1, __nis_value_t *v2) {
1603 	int		i, n, a;
1604 	__nis_value_t	*v;
1605 	char		*myself = "concatenateValues";
1606 
1607 	if (v1 == 0 || v1->numVals <= 0)
1608 		return (cloneValue(v2, 1));
1609 	if (v2 == 0 || v2->numVals <= 0)
1610 		return (cloneValue(v1, 1));
1611 
1612 	if (v1->type != v2->type)
1613 		return (0);
1614 
1615 	n = v1->numVals + v2->numVals;
1616 	v = am(myself, sizeof (*v));
1617 	if (v == 0)
1618 		return (0);
1619 	v->val = am(myself, n * sizeof (v->val[0]));
1620 	if (v->val == 0) {
1621 		free(v);
1622 		return (0);
1623 	}
1624 	v->type = v1->type;
1625 	v->numVals = 0;
1626 
1627 	for (a = 0; a < 2; a++) {
1628 		__nis_single_value_t	*val = (a == 0) ? v1->val : v2->val;
1629 		int			numv = (a == 0) ? v1->numVals :
1630 							v2->numVals;
1631 		for (i = 0; i < numv; i++) {
1632 			int	clen, alen = val[i].length;
1633 
1634 			clen = alen;
1635 
1636 			/*
1637 			 * Make sure there's a NUL at the end of a string,
1638 			 * but avoid adding to the allocated length if there's
1639 			 * already a NUL at the end.
1640 			 */
1641 			if (alen > 0 && v->type == vt_string &&
1642 					((char *)val[i].value)[alen-1] != '\0')
1643 				alen += 1;
1644 			v->val[v->numVals].value = am(myself, alen);
1645 			if (v->val[v->numVals].value == 0) {
1646 				freeValue(v, 1);
1647 				return (0);
1648 			}
1649 			memcpy(v->val[v->numVals].value, val[i].value, clen);
1650 			v->val[v->numVals].length = val[i].length;
1651 			v->numVals++;
1652 		}
1653 	}
1654 
1655 	return (v);
1656 }
1657 
1658 __nis_value_t *
splitMappingItem(__nis_mapping_item_t * item,char delim,__nis_rule_value_t * rv)1659 splitMappingItem(__nis_mapping_item_t *item, char delim,
1660 		__nis_rule_value_t *rv) {
1661 	__nis_value_t		*val = getMappingItem(item, mit_any,
1662 			rv, 0, NULL);
1663 	__nis_single_value_t	*nval;
1664 	int			i, n, nv;
1665 
1666 	if (val == 0)
1667 		return (0);
1668 	else if (delim == 0 || val->val == 0 || val->numVals <= 0 ||
1669 			val->type != vt_string) {
1670 		freeValue(val, 1);
1671 		return (0);
1672 	}
1673 
1674 	nval = val->val;
1675 	nv = val->numVals;
1676 	val->repeat = FALSE;
1677 	val->val = 0;
1678 	val->numVals = 0;
1679 
1680 	/* In N2L, space and tab delimiters are treated the same */
1681 	if (yp2ldap && delim == '\t')
1682 		delim = ' ';
1683 
1684 	/* If the item has multiple values, we split each one independently */
1685 	for (i = 0; i < nv; i++) {
1686 		char			*str;
1687 		int			s, e;
1688 		char			*newstr;
1689 		__nis_single_value_t	*newval;
1690 
1691 		if (yp2ldap && delim == ' ')
1692 			nval[i].value = trimWhiteSpaces(nval[i].value,
1693 							&nval[i].length, 1);
1694 
1695 		str = nval[i].value;
1696 
1697 		if (nval[i].value == 0)
1698 			continue;
1699 
1700 		for (s = 0; s < nval[i].length; s = e+1) {
1701 			/* Find the next delimiter, or end-of-string */
1702 			for (e = s; str[e] != '\0' && str[e] != delim; e++);
1703 			/*
1704 			 * 'str[e]' is either a delimiter, or the concluding
1705 			 * NUL. Make sure it's NUL.
1706 			 */
1707 			str[e] = '\0';
1708 			/* Add to val->val */
1709 			newstr = strdup(&str[s]);
1710 			newval = realloc(val->val,
1711 					(val->numVals+1) *
1712 						sizeof (val->val[0]));
1713 			if (newval != 0)
1714 				val->val = newval;
1715 			if (newstr == 0 || newval == 0) {
1716 				freeValue(val, 1);
1717 				for (n = i; n < nv; n++) {
1718 					sfree(nval[n].value);
1719 				}
1720 				free(nval);
1721 				sfree(newstr);
1722 				return (0);
1723 			}
1724 			val->val[val->numVals].value = newstr;
1725 			val->val[val->numVals].length = strlen(newstr) + 1;
1726 			val->numVals++;
1727 		}
1728 		free(nval[i].value);
1729 		nval[i].value = 0;
1730 	}
1731 	/* Already freed the nval[i].value's as we traversed nval */
1732 	free(nval);
1733 
1734 	return (val);
1735 }
1736 
1737 /*
1738  * Match the format spec 'f[curf]' to the input value string 'str'.
1739  *
1740  * If successful, returns the updated position in the value string 'str'.
1741  * Otherwise, NULL is returned.
1742  *
1743  * curf		Current index (i.e., the one we should look at) in 'f'
1744  * nf		Number of elements in 'f', including 'mmt_end'
1745  * str		The value string we're scanning
1746  * val		Pointer to where an item value (if any) should be returned
1747  *		Set to NULL if not an 'mmt_item'.
1748  * fmtstart	If non-zero on entry, skip characters in 'str' until we find
1749  *		the f[curf].type data, if doing so makes any sense. On exit,
1750  *		set to the start of the fmt element data (which will be 'str',
1751  *		unless we did skip characters)
1752  * sepset	List of separators
1753  */
1754 char *
scanMappingFormat(__nis_mapping_format_t * f,int curf,int nf,char * str,char ** val,char ** fmtstart,char * sepset)1755 scanMappingFormat(__nis_mapping_format_t *f, int curf, int nf, char *str,
1756 		char **val, char **fmtstart, char *sepset) {
1757 	char	*mstr, *next, *start = 0, *tmpstr;
1758 	int	i, len;
1759 	bool_t	match;
1760 	char	*myself = "scanMappingFormat";
1761 	/* N2L variables */
1762 	int	af, skipspaces = 0;
1763 	bool_t	ipaddr = FALSE;
1764 	char	*spacestr = " ", *emptystr = "";
1765 
1766 
1767 	if (f == 0 || curf < 0 || nf <= 0 || str == 0)
1768 		return (0);
1769 
1770 	/*
1771 	 * If separator list is NULL (which will be the case for
1772 	 * nis+2ldap), then simply use empty string
1773 	 */
1774 	if (sepset == 0)
1775 		sepset = emptystr;
1776 
1777 	if (curf >= nf) {
1778 		/* OK if the string also is exhausted */
1779 		if (strchr(sepset, *str) != 0)
1780 			return (str);
1781 		else
1782 			return (0);
1783 	}
1784 
1785 	switch (f[curf].type) {
1786 	case mmt_berstring:
1787 		if (f[curf].match.berString[0] != 'a') {
1788 			/* Not a matchable element */
1789 			return (0);
1790 		}
1791 
1792 		/*
1793 		 * If here, it means it's an IP address (N2L case)
1794 		 * So continue processing as if it was mmt_item
1795 		 */
1796 		ipaddr = TRUE;
1797 
1798 	case mmt_item:
1799 		/*
1800 		 * In order to find the end of the item value, we must look
1801 		 * ahead and determine the start of the next formatting element.
1802 		 * If successful, 'next' will be the start of the fmt element
1803 		 * after the next one; we don't care about that, other than to
1804 		 * check for error.
1805 		 *
1806 		 * Since an item match is somewhat like an any match, in that
1807 		 * we don't know a priori if the first occurence of the next
1808 		 * element really is the one we want, we have to scan ahead
1809 		 * until we've reached the end.
1810 		 */
1811 		tmpstr = str;
1812 		while ((next = scanMappingFormat(f, curf+1, nf, tmpstr, 0,
1813 				&start, sepset)) != 0) {
1814 			char	*tmp = next;
1815 			int	cf;
1816 
1817 			for (cf = curf+2; cf < nf; cf++) {
1818 				tmp = scanMappingFormat(f, cf, nf, tmp, 0,
1819 					0, sepset);
1820 				if (tmp == 0)
1821 					break;
1822 			}
1823 			if (tmp == 0) {
1824 				tmpstr = next;
1825 			} else if (strchr(sepset, *tmp) != 0) {
1826 				break;
1827 			} else {
1828 				return (0);
1829 			}
1830 
1831 		}
1832 		if (next == 0 || start == 0)
1833 			return (0);
1834 
1835 		if (val != 0) {
1836 			len = (int)((long)start - (long)str);
1837 			*val = am(myself, len + 1);
1838 			if (*val == 0)
1839 				return (0);
1840 			memcpy(*val, str, len);
1841 			(*val)[len] = '\0';
1842 
1843 			if (ipaddr == TRUE) {
1844 				/*
1845 				 * In N2L, we need to check if *val is truly an
1846 				 * IP address
1847 				 */
1848 				af = checkIPaddress(*val, len, &tmpstr);
1849 
1850 				if (af == -2) {
1851 					logmsg(MSG_NOTIMECHECK, LOG_WARNING,
1852 						"%s:Internal error while "
1853 						"processing IPaddress %s",
1854 						myself, *val);
1855 					sfree(*val);
1856 					return (0);
1857 				} else if (af == -1) {
1858 					logmsg(MSG_NOTIMECHECK, LOG_WARNING,
1859 						"%s:%s is not an IP address",
1860 						myself, *val);
1861 					sfree(*val);
1862 					return (0);
1863 				} else if (af == 0) {
1864 					logmsg(MSG_NOTIMECHECK, LOG_WARNING,
1865 						"%s:IP address %s is not "
1866 						"supported by rfc2307bis",
1867 						myself, *val);
1868 					sfree(*val);
1869 					return (0);
1870 				} else if (sstrncmp(*val, tmpstr, len) != 0) {
1871 					logmsg(MSG_NOTIMECHECK, LOG_WARNING,
1872 						"%s:IPaddress %s converted "
1873 						"to %s", myself, *val, tmpstr);
1874 				}
1875 
1876 				sfree(*val);
1877 				*val = tmpstr;
1878 			}
1879 		}
1880 
1881 		if (fmtstart != 0)
1882 			*fmtstart = str;
1883 
1884 		return (start);
1885 
1886 	case mmt_string:
1887 		if ((mstr = f[curf].match.string) == 0 || *mstr == '\0') {
1888 			/*
1889 			 * Count this as a successful match of an empty
1890 			 * string.
1891 			 */
1892 			if (fmtstart != 0)
1893 				*fmtstart = str;
1894 			return (str);
1895 		}
1896 
1897 		/*
1898 		 * In N2L, if the format string 'mstr' contains only
1899 		 * whitespaces (spaces and tabs), then it should
1900 		 * match one or more whitespaces from the input
1901 		 * string 'str'.
1902 		 */
1903 		if (yp2ldap && strspn(mstr, " \t") == strlen(mstr)) {
1904 				mstr = spacestr;
1905 				skipspaces = 1;
1906 				next = str + strcspn(str, " \t");
1907 				/*
1908 				 * Even if there is no whitespace in 'str',
1909 				 * it's OK. This is to allow formats like
1910 				 * "%s %s %s" to match inputs like "foo bar".
1911 				 */
1912 				if (*next == '\0')
1913 					mstr = emptystr;
1914 		} else {
1915 			/* No match string in 'str' => failure */
1916 			if ((next = strstr(str, mstr)) == 0)
1917 				return (0);
1918 		}
1919 
1920 		/* If 'fmtstart' == 0, we require 'next' == 'str' */
1921 		if (fmtstart == 0 && next != str)
1922 			return (0);
1923 		/* Success; save start of match string if requested */
1924 		if (fmtstart != 0)
1925 			*fmtstart = next;
1926 		/* Update position in the value string */
1927 		str = (char *)((long)next + (long)strlen(mstr));
1928 
1929 		/* Skip whitespaces for N2L */
1930 		if (skipspaces == 1)
1931 			for (; *str == ' ' || *str == '\t'; str++);
1932 
1933 		return (str);
1934 
1935 	case mmt_single:
1936 		if (fmtstart != 0) {
1937 			match = FALSE;
1938 			/* Skip ahead until we match */
1939 			for (next = str; *next != '\0'; next++) {
1940 				unsigned char	*lo = f[curf].match.single.lo;
1941 				unsigned char	*hi = f[curf].match.single.hi;
1942 
1943 				for (i = 0; i < f[curf].match.single.numRange;
1944 						i++) {
1945 					if (*next >= lo[i] && *next <= hi[i]) {
1946 						match = TRUE;
1947 						break;
1948 					}
1949 				}
1950 				if (match)
1951 					break;
1952 			}
1953 			if (!match)
1954 				return (0);
1955 			*fmtstart = next;
1956 			str = next;
1957 		} else {
1958 			match = FALSE;
1959 			for (i = 0; i < f[curf].match.single.numRange; i++) {
1960 				if (*str >= f[curf].match.single.lo[i] &&
1961 					*str <= f[curf].match.single.hi[i]) {
1962 					match = TRUE;
1963 					break;
1964 				}
1965 			}
1966 			if (!match)
1967 				return (0);
1968 		}
1969 		/* Step over the matched character */
1970 		str++;
1971 		return (str);
1972 
1973 	case mmt_any:
1974 		/*
1975 		 * Look ahead to find the beginning of the next element.
1976 		 * Because a wildcard-match isn't necessarily uniquely
1977 		 * determined until we've reached the end, we then continue
1978 		 * to scan ahead.
1979 		 */
1980 		while ((next = scanMappingFormat(f, curf+1, nf, str, 0,
1981 						&start, sepset)) != 0) {
1982 			char	*tmp = next;
1983 			int	cf;
1984 
1985 			for (cf = curf+2; cf < nf; cf++) {
1986 				tmp = scanMappingFormat(f, cf, nf, tmp, 0,
1987 					0, sepset);
1988 				if (tmp == 0)
1989 					break;
1990 			}
1991 			if (tmp == 0) {
1992 				str = next;
1993 			} else if (*tmp == '\0') {
1994 				break;
1995 			} else {
1996 				return (0);
1997 			}
1998 		}
1999 		if (next == 0 || start == 0)
2000 			return (0);
2001 
2002 		if (fmtstart != 0)
2003 			*fmtstart = str;
2004 
2005 		return (start);
2006 
2007 	case mmt_limit:
2008 		if (f[curf].match.limit == eos) {
2009 			if (fmtstart != 0) {
2010 				/* Skip to the end */
2011 				str = str + strcspn(str, sepset);
2012 				*fmtstart = str;
2013 			} else if (strchr(sepset, *str) == 0) {
2014 				return (0);
2015 			}
2016 		}
2017 		return (str);
2018 
2019 	case mmt_begin:
2020 		if (fmtstart != 0)
2021 			*fmtstart = str;
2022 		return (str);
2023 
2024 	case mmt_end:
2025 		if (fmtstart != 0) {
2026 			/* Skip to the end */
2027 			str = str + strcspn(str, sepset);
2028 			*fmtstart = str;
2029 			return (str);
2030 		}
2031 		/* No skipping, so we must be at the end of the value */
2032 		if (strchr(sepset, *str) == 0)
2033 			return (0);
2034 		return (str);
2035 
2036 	default:
2037 		break;
2038 	}
2039 
2040 	return (0);
2041 }
2042 
2043 /*
2044  * Verify that the string 'str' matches the mapping format array 'f'.
2045  * Returns 1 in case of a match, 0 otherwise.
2046  */
2047 int
verifyMappingMatch(__nis_mapping_format_t * f,char * str)2048 verifyMappingMatch(__nis_mapping_format_t *f, char *str) {
2049 	int			n, nf;
2050 	__nis_mapping_format_t	*ftmp;
2051 
2052 	/* Count the number of format elements in the format */
2053 	for (nf = 0, ftmp = f; ftmp->type != mmt_end; ftmp++) {
2054 		nf++;
2055 	}
2056 	/* Count the mmt_end as well */
2057 	nf++;
2058 
2059 	for (n = 0; n < nf; n++) {
2060 		str = scanMappingFormat(f, n, nf, str, 0, 0, 0);
2061 		if (str == 0)
2062 			break;
2063 	}
2064 
2065 	return ((str != 0) ? 1 : 0);
2066 }
2067 
2068 /*
2069  * Perform a match operation. For example, given the rule
2070  *	("{%s}%s", auth_name, public_data)=nisPublicKey
2071  * and assuming that 'nisPublicKey' has the value "{dh640-0}abcdef12345",
2072  * assign "dh640-0" to 'auth_name' and "abcdef12345" to 'public_data'.
2073  *
2074  * Note that this function doesn't perform the actual assignment. Rather,
2075  * it returns an array of __nis_value_t's, with element zero of the value
2076  * array being the new value of the first matched item, element one the
2077  * value of the second matched item, etc. In the example above, we'd
2078  * return a value array with two elements.
2079  *
2080  * If there is more than one input value (inVal->numVals > 1), the
2081  * output array elements will also be multi-valued.
2082  *
2083  * f		The match format
2084  * inVal	Input value(s)
2085  * numVal	Number of elements in the output value array
2086  * sepset	List of separators
2087  * outstr	Points to the updated position upto which the
2088  *		input string has been matched
2089  */
2090 __nis_value_t **
matchMappingItem(__nis_mapping_format_t * f,__nis_value_t * inVal,int * numVals,char * sepset,char ** outstr)2091 matchMappingItem(__nis_mapping_format_t *f, __nis_value_t *inVal,
2092 		int *numVals, char *sepset, char **outstr) {
2093 	__nis_value_t		**v = 0;
2094 	int			i, n, ni, numItems, nf;
2095 	char			*str, *valstr;
2096 	__nis_mapping_format_t	*ftmp;
2097 	char			*myself = "matchMappingItem";
2098 
2099 	if (f == 0 ||
2100 		inVal == 0 || inVal->numVals < 1 || inVal->type != vt_string)
2101 		return (0);
2102 
2103 	/* Count the number of format elements and items in the format */
2104 	for (nf = numItems = 0, ftmp = f; ftmp->type != mmt_end; ftmp++) {
2105 		nf++;
2106 
2107 		/*
2108 		 * Count mmt_item and mmt_berstring (used by N2L to
2109 		 * represent address %a)
2110 		 */
2111 		if (ftmp->type == mmt_item)
2112 				numItems++;
2113 		else if (ftmp->type == mmt_berstring && ftmp->match.berString &&
2114 				ftmp->match.berString[0] == 'a')
2115 				numItems++;
2116 	}
2117 	/* Count the mmt_end as well */
2118 	nf++;
2119 
2120 	/*
2121 	 * If no items, there will be no values. This isn't exactly an error
2122 	 * from the limited point of view of this function, so we return a
2123 	 * __nis_value_t with zero values.
2124 	 */
2125 	if (numItems <= 0) {
2126 		v = am(myself, sizeof (v[0]));
2127 		if (v == 0)
2128 			return (0);
2129 		v[0] = am(myself, sizeof (*v[0]));
2130 		if (v[0] == 0) {
2131 			sfree(v);
2132 			return (0);
2133 		}
2134 		v[0]->type = vt_string;
2135 		v[0]->numVals = 0;
2136 		v[0]->val = 0;
2137 		if (numVals != 0)
2138 			*numVals = 1;
2139 		return (v);
2140 	}
2141 
2142 	/* Allocate and initialize the return array */
2143 	v = am(myself, numItems * sizeof (v[0]));
2144 	if (v == 0)
2145 		return (0);
2146 	for (n = 0; n < numItems; n++) {
2147 		v[n] = am(myself, sizeof (*v[n]));
2148 		if (v[n] == 0) {
2149 			int	j;
2150 
2151 			for (j = 0; j < n; j++)
2152 				freeValue(v[j], 1);
2153 			sfree(v);
2154 			return (0);
2155 		}
2156 		v[n]->type = vt_string;
2157 		v[n]->numVals = 0;
2158 		v[n]->val = am(myself, inVal->numVals * sizeof (v[n]->val[0]));
2159 		if (v[n]->val == 0) {
2160 			int	j;
2161 
2162 			for (j = 0; j < n; j++)
2163 				freeValue(v[j], 1);
2164 			sfree(v);
2165 			return (0);
2166 		}
2167 		for (i = 0; i < inVal->numVals; i++) {
2168 			v[n]->val[i].length = 0;
2169 			v[n]->val[i].value = 0;
2170 		}
2171 	}
2172 
2173 	/* For each input value, perform the match operation */
2174 	for (i = 0; i < inVal->numVals; i++) {
2175 		str = inVal->val[i].value;
2176 		if (str == 0)
2177 			continue;
2178 		for (n = 0, ni = 0; n < nf; n++) {
2179 			valstr = 0;
2180 			str = scanMappingFormat(f, n, nf, str, &valstr,
2181 				0, sepset);
2182 			if (str == 0)
2183 				break;
2184 			if (valstr != 0 && ni < numItems &&
2185 					v[ni]->numVals < inVal->numVals) {
2186 				v[ni]->val[v[ni]->numVals].value = valstr;
2187 				v[ni]->val[v[ni]->numVals].length =
2188 							strlen(valstr) + 1;
2189 				v[ni]->numVals++;
2190 				ni++;
2191 			} else if (valstr != 0) {
2192 				sfree(valstr);
2193 			}
2194 		}
2195 		if (str == 0) {
2196 			for (n = 0; n < numItems; n++)
2197 				freeValue(v[n], 1);
2198 			sfree(v);
2199 			return (0);
2200 		}
2201 	}
2202 
2203 	if (numVals != 0)
2204 		*numVals = numItems;
2205 
2206 	/*
2207 	 * Update the return string upto the point it has been matched
2208 	 * This string will be used by the N2L code in its next call
2209 	 * to this function
2210 	 */
2211 	if (outstr != 0)
2212 		*outstr = str;
2213 
2214 	return (v);
2215 }
2216 
2217 /*
2218  * Perform an extract operation. For example, given the expression
2219  *	(name, "%s.*")
2220  * and assuming 'name' is an item with the value "some.thing", the
2221  * value returned by the extract is "some".
2222  */
2223 __nis_value_t *
extractMappingItem(__nis_mapping_item_t * item,__nis_mapping_format_t * f,__nis_rule_value_t * rv,int * stat)2224 extractMappingItem(__nis_mapping_item_t *item, __nis_mapping_format_t *f,
2225 		__nis_rule_value_t *rv, int *stat) {
2226 	__nis_value_t		*val = getMappingItem(item, mit_any,
2227 			rv, 0, stat);
2228 	__nis_single_value_t	*nval;
2229 	int			i, n, nv, nf;
2230 	__nis_mapping_format_t	*ftmp;
2231 
2232 	if (val == 0)
2233 		return (0);
2234 	else if (f == 0 || rv == 0 || val->val == 0 ||
2235 			val->numVals <= 0 || val->type != vt_string) {
2236 		freeValue(val, 1);
2237 		return (0);
2238 	}
2239 
2240 	/* Sanity check the format; it must have one and only one mmt_item */
2241 	{
2242 		int	numitem;
2243 
2244 		for (nf = numitem = 0, ftmp = f; ftmp->type != mmt_end;
2245 				ftmp++) {
2246 			nf++;
2247 			if (ftmp->type == mmt_item)
2248 				numitem++;
2249 		}
2250 		/* Count the mmt_end as well */
2251 		nf++;
2252 		if (numitem != 1) {
2253 			freeValue(val, 1);
2254 			return (0);
2255 		}
2256 	}
2257 
2258 	nval = val->val;
2259 	nv = val->numVals;
2260 	val->repeat = FALSE;
2261 	val->val = 0;
2262 	val->numVals = 0;
2263 
2264 	/* If the item has multiple values, we extract each one independently */
2265 	for (i = 0; i < nv; i++) {
2266 		char			*str = nval[i].value;
2267 		char			*newstr = 0;
2268 		__nis_single_value_t	*newval;
2269 
2270 		if (nval[i].value == 0)
2271 			continue;
2272 
2273 		/*
2274 		 * We match the whole string, even if we find a value for
2275 		 * the item before exhausting all format elements. By doing
2276 		 * this, we ensure that the string really matches the complete
2277 		 * format specification.
2278 		 */
2279 		for (n = 0; n < nf; n++) {
2280 			str = scanMappingFormat(f, n, nf, str, &newstr, 0, 0);
2281 			if (str == 0)
2282 				break;
2283 		}
2284 
2285 		/*
2286 		 * *str should now be NUL, meaning we've reached the end of
2287 		 * the string (value), and it completely matched the format.
2288 		 * If 'str' is NULL, there was an error, and if 'newstr' is
2289 		 * 0, we somehow failed to obtain a value.
2290 		 */
2291 		if (str == 0 || *str != '\0' || newstr == 0 ||
2292 				(newval = realloc(val->val,
2293 					(val->numVals+1) *
2294 					sizeof (val->val[0]))) == 0) {
2295 			freeValue(val, 1);
2296 			for (n = 0; n < nv; n++) {
2297 				sfree(nval[n].value);
2298 			}
2299 			free(nval);
2300 			sfree(newstr);
2301 			return (0);
2302 		}
2303 
2304 		val->val = newval;
2305 		val->val[val->numVals].value = newstr;
2306 		val->val[val->numVals].length = strlen(newstr) + 1;
2307 		val->numVals++;
2308 
2309 		free(nval[i].value);
2310 		nval[i].value = 0;
2311 	}
2312 	free(nval);
2313 
2314 	return (val);
2315 }
2316 
2317 /*
2318  * For each value in 'val', remove the last character, provided that
2319  * it matches 'elide'.
2320  */
2321 void
stringElide(__nis_value_t * val,char elide)2322 stringElide(__nis_value_t *val, char elide) {
2323 
2324 	if (val != 0 && val->type == vt_string) {
2325 		int	i;
2326 
2327 		for (i = 0; i < val->numVals; i++) {
2328 			int	end = val->val[i].length;
2329 			char	*str = val->val[i].value;
2330 
2331 			if (str == 0 || end <= 0)
2332 				continue;
2333 
2334 			/*
2335 			 * If the NUL was counted in the length, step back
2336 			 * over it.
2337 			 */
2338 			if (str[end-1] == '\0')
2339 				end--;
2340 			if (end > 0 && str[end-1] == elide) {
2341 				str[end-1] = '\0';
2342 				val->val[i].length--;
2343 			}
2344 		}
2345 	}
2346 }
2347 
2348 /*
2349  * Obtain the value for the mapping sub-element 'e', given the input
2350  * rule-value 'rv'.
2351  */
2352 __nis_value_t *
getMappingSubElement(__nis_mapping_sub_element_t * e,__nis_rule_value_t * rv,int * np_ldap_stat)2353 getMappingSubElement(__nis_mapping_sub_element_t *e,
2354 	__nis_rule_value_t *rv, int *np_ldap_stat) {
2355 	__nis_value_t	*val;
2356 
2357 	if (e == 0)
2358 		return (0);
2359 
2360 	switch (e->type) {
2361 	case me_item:
2362 		val = getMappingItem(&e->element.item, mit_any, rv, 0,
2363 			np_ldap_stat);
2364 		break;
2365 	case me_print:
2366 		val = getMappingFormatArray(e->element.print.fmt, rv,
2367 						fa_item,
2368 						e->element.print.numItems,
2369 						e->element.print.item);
2370 		if (e->element.print.doElide)
2371 			stringElide(val, e->element.print.elide);
2372 		break;
2373 	case me_split:
2374 		val = splitMappingItem(&e->element.split.item,
2375 					e->element.split.delim,
2376 					rv);
2377 		break;
2378 	case me_extract:
2379 		val = extractMappingItem(&e->element.extract.item,
2380 					e->element.extract.fmt,
2381 					rv, np_ldap_stat);
2382 		break;
2383 	case me_match:
2384 	default:
2385 		val = 0;
2386 		break;
2387 	}
2388 
2389 	return (val);
2390 }
2391 
2392 /*
2393  * Obtain the value of the mapping element 'e', given the input rule-
2394  * value 'rv'. The 'native' mapping type is used when 'rv' is NULL,
2395  * and the result is a string representation of the mapping element;
2396  * in that case, items of the 'native' type are printed without their
2397  * type designation ("nis+" or "ldap").
2398  */
2399 __nis_value_t *
getMappingElement(__nis_mapping_element_t * e,__nis_mapping_item_type_t native,__nis_rule_value_t * rv,int * stat)2400 getMappingElement(__nis_mapping_element_t *e, __nis_mapping_item_type_t native,
2401 		__nis_rule_value_t *rv, int *stat) {
2402 	__nis_value_t	*val, **tv;
2403 	int		i, success = 0, novalue = 0;
2404 	int *np_ldap_stat;
2405 	char		*myself = "getMappingElement";
2406 
2407 	switch (e->type) {
2408 	case me_item:
2409 		val = getMappingItem(&e->element.item, native, rv, 0, NULL);
2410 		break;
2411 	case me_print:
2412 		tv = am(myself, e->element.print.numSubElements *
2413 			sizeof (tv[0]));
2414 		np_ldap_stat = am(myself,
2415 			e->element.print.numSubElements * sizeof (int));
2416 		if ((e->element.print.numSubElements > 0) &&
2417 				(tv == 0 || np_ldap_stat == 0)) {
2418 			val = 0;
2419 			sfree(tv);
2420 			sfree(np_ldap_stat);
2421 			break;
2422 		}
2423 		for (i = 0; i < e->element.print.numSubElements; i++) {
2424 			np_ldap_stat[i] = 0;
2425 			tv[i] = getMappingSubElement(
2426 				&e->element.print.subElement[i],
2427 				rv, &np_ldap_stat[i]);
2428 		}
2429 		/*
2430 		 * if we get NP_LDAP_NO_VALUE to any of the subelement
2431 		 * and we get NP_LDAP_MAP_SUCCESS to all other subelement
2432 		 * then we had enough nis+ column values which can
2433 		 * produce value for this rule, but didn't. So return
2434 		 * NP_LDAP_RULES_NO_VALUE to indicate to proceed to
2435 		 * next database id.
2436 		 */
2437 		for (i = 0; i < e->element.print.numSubElements; i++) {
2438 			if (np_ldap_stat[i] == NP_LDAP_MAP_SUCCESS)
2439 				success++;
2440 			if (np_ldap_stat[i] == NP_LDAP_NO_VALUE)
2441 				novalue++;
2442 		}
2443 		if (stat != NULL && novalue > 0 &&
2444 				((novalue+success) ==
2445 					e->element.print.numSubElements))
2446 					    *stat = NP_LDAP_RULES_NO_VALUE;
2447 		val = getMappingFormatArray(e->element.print.fmt, rv,
2448 						fa_value,
2449 						e->element.print.numSubElements,
2450 						tv);
2451 		for (i = 0; i < e->element.print.numSubElements; i++) {
2452 			freeValue(tv[i], 1);
2453 		}
2454 		sfree(tv);
2455 		sfree(np_ldap_stat);
2456 		if (e->element.print.doElide)
2457 			stringElide(val, e->element.print.elide);
2458 		break;
2459 	case me_split:
2460 		val = splitMappingItem(&e->element.split.item,
2461 					e->element.split.delim,
2462 					rv);
2463 		break;
2464 	case me_match:
2465 		/*
2466 		 * A match doesn't produce an assignable value per se,
2467 		 * so we shouldn't get one here.
2468 		 */
2469 		val = 0;
2470 		break;
2471 	case me_extract:
2472 		val = extractMappingItem(&e->element.extract.item,
2473 					e->element.extract.fmt,
2474 					rv, NULL);
2475 		break;
2476 	default:
2477 		val = 0;
2478 		break;
2479 	}
2480 
2481 	return (val);
2482 }
2483