1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * libsldap - library side configuration components 28 * Routines to manage the config structure 29 */ 30 31 #include <stdio.h> 32 #include <stdlib.h> 33 #include <stddef.h> 34 #include <string.h> 35 #include <strings.h> 36 #include <libintl.h> 37 #include <locale.h> 38 #include <thread.h> 39 #include <synch.h> 40 #include <errno.h> 41 #include <unistd.h> 42 #include <fcntl.h> 43 #include <ctype.h> 44 #include <crypt.h> 45 #include <arpa/inet.h> 46 #include <sys/types.h> 47 #include <sys/stat.h> 48 #include <syslog.h> 49 #include <netdb.h> 50 #include <sys/systeminfo.h> 51 #include <sys/mman.h> 52 #include <sys/time.h> 53 #include <limits.h> 54 #include "ns_sldap.h" 55 #include "ns_internal.h" 56 #include "ns_cache_door.h" 57 #include "ns_connmgmt.h" 58 59 #pragma fini(__s_api_shutdown_conn_mgmt, \ 60 _free_config, __ns_ldap_doorfd_close) 61 62 static mutex_t ns_parse_lock = DEFAULTMUTEX; 63 static mutex_t ns_loadrefresh_lock = DEFAULTMUTEX; 64 static ns_config_t *current_config = NULL; 65 66 static int cache_server = FALSE; 67 extern thread_key_t ns_cmgkey; 68 69 /* 70 * Parameter Index Type validation routines 71 */ 72 static int 73 __s_val_postime(ParamIndexType i, ns_default_config *def, 74 ns_param_t *param, char *errbuf); 75 static int 76 __s_val_basedn(ParamIndexType i, ns_default_config *def, 77 ns_param_t *param, char *errbuf); 78 79 static int 80 __s_val_binddn(ParamIndexType i, ns_default_config *def, 81 ns_param_t *param, char *errbuf); 82 83 static int 84 __s_val_bindpw(ParamIndexType i, ns_default_config *def, 85 ns_param_t *param, char *errbuf); 86 87 static int 88 __s_val_serverList(ParamIndexType i, ns_default_config *def, 89 ns_param_t *param, char *errbuf); 90 91 /* 92 * Forward declarations 93 */ 94 95 static ns_parse_status 96 verify_value(ns_config_t *cfg, char *name, char *value, char *errstr); 97 98 static int 99 set_default_value(ns_config_t *configptr, char *name, char *value, 100 ns_ldap_error_t **error); 101 102 static void 103 set_curr_config(ns_config_t *ptr); 104 105 static int 106 __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error); 107 108 static ns_config_t * 109 SetDoorInfo(char *buffer, ns_ldap_error_t **errorp); 110 111 static boolean_t 112 timetorefresh(ns_config_t *cfg); 113 114 static ns_config_t * 115 LoadCacheConfiguration(ns_config_t *, ns_ldap_error_t **error); 116 117 static void ** 118 dupParam(ns_param_t *ptr); 119 120 static time_t 121 conv_time(char *s); 122 123 /* 124 * Structures used in enum <-> string mapping routines 125 */ 126 127 static ns_enum_map ns_auth_enum_v1[] = { 128 { ENUM2INT(NS_LDAP_EA_NONE), "NS_LDAP_AUTH_NONE" }, 129 { ENUM2INT(NS_LDAP_EA_SIMPLE), "NS_LDAP_AUTH_SIMPLE" }, 130 { ENUM2INT(NS_LDAP_EA_SASL_CRAM_MD5), "NS_LDAP_AUTH_SASL_CRAM_MD5" }, 131 { -1, NULL }, 132 }; 133 134 static ns_enum_map ns_auth_enum_v2[] = { 135 { ENUM2INT(NS_LDAP_EA_NONE), "none" }, 136 { ENUM2INT(NS_LDAP_EA_SIMPLE), "simple" }, 137 { ENUM2INT(NS_LDAP_EA_SASL_CRAM_MD5), "sasl/CRAM-MD5" }, 138 { ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5), "sasl/DIGEST-MD5" }, 139 { ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5_INT), 140 "sasl/DIGEST-MD5:auth-int" }, 141 { ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5_CONF), 142 "sasl/DIGEST-MD5:auth-conf" }, 143 { ENUM2INT(NS_LDAP_EA_SASL_EXTERNAL), "sasl/EXTERNAL" }, 144 { ENUM2INT(NS_LDAP_EA_SASL_GSSAPI), "sasl/GSSAPI" }, 145 { ENUM2INT(NS_LDAP_EA_TLS_NONE), "tls:none" }, 146 { ENUM2INT(NS_LDAP_EA_TLS_SIMPLE), "tls:simple" }, 147 { ENUM2INT(NS_LDAP_EA_TLS_SASL_CRAM_MD5), "tls:sasl/CRAM-MD5" }, 148 { ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5), "tls:sasl/DIGEST-MD5" }, 149 { ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT), 150 "tls:sasl/DIGEST-MD5:auth-int" }, 151 { ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF), 152 "tls:sasl/DIGEST-MD5:auth-conf" }, 153 { ENUM2INT(NS_LDAP_EA_TLS_SASL_EXTERNAL), "tls:sasl/EXTERNAL" }, 154 { -1, NULL }, 155 }; 156 157 /* V1 ONLY */ 158 static ns_enum_map ns_sec_enum_v1[] = { 159 { ENUM2INT(NS_LDAP_TLS_NONE), "NS_LDAP_SEC_NONE" }, 160 { -1, NULL }, 161 }; 162 163 /* V2 ONLY */ 164 static ns_enum_map ns_cred_enum_v2[] = { 165 { ENUM2INT(NS_LDAP_CRED_ANON), "anonymous" }, 166 { ENUM2INT(NS_LDAP_CRED_PROXY), "proxy" }, 167 { ENUM2INT(NS_LDAP_CRED_SELF), "self" }, 168 { -1, NULL }, 169 }; 170 171 static ns_enum_map ns_ref_enum_v1[] = { 172 { ENUM2INT(NS_LDAP_FOLLOWREF), "NS_LDAP_FOLLOWREF" }, 173 { ENUM2INT(NS_LDAP_NOREF), "NS_LDAP_NOREF" }, 174 { -1, NULL }, 175 }; 176 177 static ns_enum_map ns_ref_enum_v2[] = { 178 { ENUM2INT(NS_LDAP_FOLLOWREF), "TRUE" }, 179 { ENUM2INT(NS_LDAP_NOREF), "FALSE" }, 180 { -1, NULL }, 181 }; 182 183 static ns_enum_map ns_scope_enum_v1[] = { 184 { ENUM2INT(NS_LDAP_SCOPE_BASE), "NS_LDAP_SCOPE_BASE" }, 185 { ENUM2INT(NS_LDAP_SCOPE_ONELEVEL), "NS_LDAP_SCOPE_ONELEVEL" }, 186 { ENUM2INT(NS_LDAP_SCOPE_SUBTREE), "NS_LDAP_SCOPE_SUBTREE" }, 187 { -1, NULL }, 188 }; 189 190 static ns_enum_map ns_scope_enum_v2[] = { 191 { ENUM2INT(NS_LDAP_SCOPE_BASE), "base" }, 192 { ENUM2INT(NS_LDAP_SCOPE_ONELEVEL), "one" }, 193 { ENUM2INT(NS_LDAP_SCOPE_SUBTREE), "sub" }, 194 { -1, NULL }, 195 }; 196 197 static ns_enum_map ns_pref_enum[] = { 198 { ENUM2INT(NS_LDAP_PREF_FALSE), "NS_LDAP_FALSE" }, 199 { ENUM2INT(NS_LDAP_PREF_TRUE), "NS_LDAP_TRUE" }, 200 { -1, NULL }, 201 }; 202 203 static ns_enum_map ns_shadow_update_enum[] = { 204 { ENUM2INT(NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE), "FALSE" }, 205 { ENUM2INT(NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE), "TRUE" }, 206 { -1, NULL }, 207 }; 208 209 static int ns_def_auth_v1[] = { 210 ENUM2INT(NS_LDAP_EA_NONE), 211 0 212 }; 213 214 static int ns_def_auth_v2[] = { 215 ENUM2INT(NS_LDAP_EA_NONE), 216 0 217 }; 218 219 static int ns_def_cred_v1[] = { 220 ENUM2INT(NS_LDAP_CRED_PROXY), 221 0 222 }; 223 224 static int ns_def_cred_v2[] = { 225 ENUM2INT(NS_LDAP_CRED_ANON), 226 0 227 }; 228 229 /* 230 * The next macro places an integer in the first sizeof(int) bytes of a 231 * void pointer location. For 32-bit, it is the same as "(void *) i". It 232 * is used to solve a problem found during 64-bit testing. The problem 233 * was that for a configuration parameter such as NS_LDAP_SEARCH_REF_P, 234 * which is of type INT and has defined default value, an int 235 * variable(ns_param.ns_pu.i) defined inside an union(ns_pu) structure, is 236 * used to access the defined default value. This requires the default 237 * value to be in the first sizeof(int) bytes of the union element. If 238 * just using "(void *) intval" to declare the default value in the 239 * following defconfig[] structure, the intval data will be placed is the 240 * last sizeof(int) bytes. In which case, when accessing via ns_pu_i in 241 * a 64-bit system, ZERO will be returned as the default value, not the 242 * defined one. 243 * 244 * Note since amd64 is little-endian, the problem is not an issue. 245 * INT2VOIDPTR will just leave the data (i) unchanged. 246 */ 247 #if defined(__amd64) 248 #define INT2VOIDPTR(i) (void *)i 249 #else 250 #define INT2VOIDPTR(i) \ 251 (void *)(((long)(i))<<(8*(sizeof (void *) - sizeof (int)))) 252 #endif 253 /* 254 * The default configuration table 255 * Version 1 entries are first, V2 entries follow. 256 */ 257 static ns_default_config defconfig[] = { 258 /* optional V1 profile */ 259 {"NS_LDAP_FILE_VERSION", NS_LDAP_FILE_VERSION_P, 260 CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 261 NULL, /* No version number defined in V1 */ 262 { CHARPTR, 0, (void *)NS_LDAP_VERSION_1 }, 263 NULL, NULL }, 264 265 /* ---------- V1 profile ---------- */ 266 {"NS_LDAP_BINDDN", NS_LDAP_BINDDN_P, 267 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 268 _P1_BINDDN, 269 { CHARPTR, 0, NULL }, 270 __s_val_binddn, NULL }, 271 272 {"NS_LDAP_BINDPASSWD", NS_LDAP_BINDPASSWD_P, 273 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 274 _P1_BINDPASSWORD, 275 { CHARPTR, 0, NULL }, 276 __s_val_bindpw, NULL }, 277 278 {"NS_LDAP_SERVERS", NS_LDAP_SERVERS_P, 279 SERVERCONFIG, ARRAYCP, FALSE, NS_LDAP_V1, 280 _P1_SERVERS, 281 { ARRAYCP, 0, NULL }, 282 __s_val_serverList, NULL }, 283 284 {"NS_LDAP_SEARCH_BASEDN", NS_LDAP_SEARCH_BASEDN_P, 285 SERVERCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 286 _P1_SEARCHBASEDN, 287 { CHARPTR, 0, NULL }, 288 __s_val_basedn, NULL }, 289 290 {"NS_LDAP_AUTH", NS_LDAP_AUTH_P, 291 CLIENTCONFIG, ARRAYAUTH, FALSE, NS_LDAP_V1, 292 _P1_AUTHMETHOD, 293 { ARRAYAUTH, 1, (void *)&ns_def_auth_v1[0] }, 294 NULL, ns_auth_enum_v1 }, 295 296 {"NS_LDAP_TRANSPORT_SEC", NS_LDAP_TRANSPORT_SEC_P, 297 CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 298 _P1_TRANSPORTSECURITY, 299 { INT, 0, INT2VOIDPTR(NS_LDAP_TLS_NONE) }, 300 NULL, ns_sec_enum_v1 }, 301 302 {"NS_LDAP_SEARCH_REF", NS_LDAP_SEARCH_REF_P, 303 CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 304 _P1_SEARCHREFERRAL, 305 { INT, 0, INT2VOIDPTR(NS_LDAP_FOLLOWREF) }, 306 NULL, ns_ref_enum_v1 }, 307 308 {"NS_LDAP_DOMAIN", NS_LDAP_DOMAIN_P, 309 CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 310 NULL, /* not defined in the Profile */ 311 { CHARPTR, 0, NULL }, 312 NULL, NULL }, 313 314 {"NS_LDAP_EXP", NS_LDAP_EXP_P, 315 SERVERCONFIG, TIMET, TRUE, NS_LDAP_V1, 316 NULL, /* initialized by code to time+NS_LDAP_CACHETTL */ 317 { INT, 0, 0 }, 318 NULL, NULL }, 319 320 {"NS_LDAP_CERT_PATH", NS_LDAP_CERT_PATH_P, 321 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 322 _P1_CERTIFICATEPATH, 323 { CHARPTR, 0, NULL }, 324 NULL, NULL }, 325 326 {"NS_LDAP_CERT_PASS", NS_LDAP_CERT_PASS_P, 327 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 328 _P1_CERTIFICATEPASSWORD, 329 { CHARPTR, 0, NULL }, 330 NULL, NULL }, 331 332 {"NS_LDAP_SEARCH_DN", NS_LDAP_SEARCH_DN_P, 333 CLIENTCONFIG, SSDLIST, FALSE, NS_LDAP_V1, 334 _P1_DATASEARCHDN, 335 { SSDLIST, 0, NULL }, 336 NULL, NULL }, 337 338 {"NS_LDAP_SEARCH_SCOPE", NS_LDAP_SEARCH_SCOPE_P, 339 CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 340 _P1_SEARCHSCOPE, 341 { INT, 0, INT2VOIDPTR(NS_LDAP_SCOPE_ONELEVEL) }, 342 NULL, ns_scope_enum_v1 }, 343 344 {"NS_LDAP_SEARCH_TIME", NS_LDAP_SEARCH_TIME_P, 345 CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 346 _P1_SEARCHTIMELIMIT, 347 { INT, 0, INT2VOIDPTR(NS_DEFAULT_SEARCH_TIMEOUT) }, 348 NULL, NULL }, 349 350 {"NS_LDAP_SERVER_PREF", NS_LDAP_SERVER_PREF_P, 351 CLIENTCONFIG, ARRAYCP, FALSE, NS_LDAP_V1, 352 _P1_PREFERREDSERVER, 353 { ARRAYCP, 0, NULL }, 354 __s_val_serverList, NULL }, 355 356 {"NS_LDAP_PREF_ONLY", NS_LDAP_PREF_ONLY_P, 357 CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 358 _P1_PREFERREDSERVERONLY, 359 { INT, 0, INT2VOIDPTR(NS_LDAP_PREF_FALSE) }, 360 NULL, ns_pref_enum }, 361 362 {"NS_LDAP_CACHETTL", NS_LDAP_CACHETTL_P, 363 CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 364 _P1_CACHETTL, 365 { CHARPTR, 0, (void *)EXP_DEFAULT_TTL }, 366 __s_val_postime, NULL }, 367 368 {"NS_LDAP_PROFILE", NS_LDAP_PROFILE_P, 369 CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 370 _P_CN, 371 { CHARPTR, 0, (void *)DEFAULTCONFIGNAME }, 372 NULL, NULL }, 373 374 {"NS_LDAP_BIND_TIME", NS_LDAP_BIND_TIME_P, 375 CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 376 _P1_BINDTIMELIMIT, 377 { INT, 0, INT2VOIDPTR(NS_DEFAULT_BIND_TIMEOUT) }, 378 NULL, NULL }, 379 380 /* This configuration option is not visible in V1 */ 381 {"NS_LDAP_CREDENTIAL_LEVEL", NS_LDAP_CREDENTIAL_LEVEL_P, 382 CLIENTCONFIG, ARRAYCRED, TRUE, NS_LDAP_V1, 383 NULL, /* No version defined in V1 */ 384 { ARRAYCRED, 0, (void *)&ns_def_cred_v1[0] }, 385 NULL, NULL }, 386 387 /* ---------- V2 profile ---------- */ 388 {"NS_LDAP_FILE_VERSION", NS_LDAP_FILE_VERSION_P, 389 CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 390 NULL, /* No version number defined in V1 */ 391 { CHARPTR, 0, (void *)NS_LDAP_VERSION_2 }, 392 NULL, NULL }, 393 394 {"NS_LDAP_BINDDN", NS_LDAP_BINDDN_P, 395 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 396 NULL, /* not defined in the Profile */ 397 { CHARPTR, 0, NULL }, 398 __s_val_binddn, NULL }, 399 400 {"NS_LDAP_BINDPASSWD", NS_LDAP_BINDPASSWD_P, 401 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 402 NULL, /* not defined in the Profile */ 403 { CHARPTR, 0, NULL }, 404 __s_val_bindpw, NULL }, 405 406 {"NS_LDAP_ENABLE_SHADOW_UPDATE", NS_LDAP_ENABLE_SHADOW_UPDATE_P, 407 CREDCONFIG, INT, TRUE, NS_LDAP_V2, 408 NULL, /* not defined in the Profile */ 409 { INT, 0, INT2VOIDPTR(NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE) }, 410 NULL, ns_shadow_update_enum }, 411 412 {"NS_LDAP_ADMIN_BINDDN", NS_LDAP_ADMIN_BINDDN_P, 413 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 414 NULL, /* not defined in the Profile */ 415 { CHARPTR, 0, NULL }, 416 __s_val_binddn, NULL }, 417 418 {"NS_LDAP_ADMIN_BINDPASSWD", NS_LDAP_ADMIN_BINDPASSWD_P, 419 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 420 NULL, /* not defined in the Profile */ 421 { CHARPTR, 0, NULL }, 422 __s_val_bindpw, NULL }, 423 424 {"NS_LDAP_EXP", NS_LDAP_EXP_P, 425 SERVERCONFIG, TIMET, TRUE, NS_LDAP_V2, 426 NULL, /* initialized by code to time+NS_LDAP_CACHETTL */ 427 { INT, 0, 0 }, 428 NULL, NULL }, 429 430 {"NS_LDAP_SERVER_PREF", NS_LDAP_SERVER_PREF_P, 431 CLIENTCONFIG, SERVLIST, FALSE, NS_LDAP_V2, 432 _P2_PREFERREDSERVER, 433 { SERVLIST, 0, NULL }, 434 __s_val_serverList, NULL }, 435 436 {"NS_LDAP_SERVERS", NS_LDAP_SERVERS_P, 437 SERVERCONFIG, SERVLIST, FALSE, NS_LDAP_V2, 438 _P2_DEFAULTSERVER, 439 { SERVLIST, 0, NULL }, 440 __s_val_serverList, NULL }, 441 442 {"NS_LDAP_SEARCH_BASEDN", NS_LDAP_SEARCH_BASEDN_P, 443 SERVERCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 444 _P2_SEARCHBASEDN, 445 { CHARPTR, 0, NULL }, 446 __s_val_basedn, NULL }, 447 448 {"NS_LDAP_SEARCH_SCOPE", NS_LDAP_SEARCH_SCOPE_P, 449 CLIENTCONFIG, INT, TRUE, NS_LDAP_V2, 450 _P2_SEARCHSCOPE, 451 { INT, 0, INT2VOIDPTR(NS_LDAP_SCOPE_ONELEVEL) }, 452 NULL, ns_scope_enum_v2 }, 453 454 {"NS_LDAP_AUTH", NS_LDAP_AUTH_P, 455 CLIENTCONFIG, ARRAYAUTH, FALSE, NS_LDAP_V2, 456 _P2_AUTHMETHOD, 457 { ARRAYAUTH, 2, (void *)&ns_def_auth_v2[0] }, 458 NULL, ns_auth_enum_v2 }, 459 460 {"NS_LDAP_CREDENTIAL_LEVEL", NS_LDAP_CREDENTIAL_LEVEL_P, 461 CLIENTCONFIG, ARRAYCRED, FALSE, NS_LDAP_V2, 462 _P2_CREDENTIALLEVEL, 463 { ARRAYCRED, 0, (void *)&ns_def_cred_v2[0] }, 464 NULL, ns_cred_enum_v2 }, 465 466 {"NS_LDAP_SERVICE_SEARCH_DESC", NS_LDAP_SERVICE_SEARCH_DESC_P, 467 CLIENTCONFIG, SSDLIST, FALSE, NS_LDAP_V2, 468 _P2_SERVICESEARCHDESC, 469 { SSDLIST, 0, NULL }, 470 NULL, NULL }, 471 472 {"NS_LDAP_SEARCH_TIME", NS_LDAP_SEARCH_TIME_P, 473 CLIENTCONFIG, INT, TRUE, NS_LDAP_V2, 474 _P2_SEARCHTIMELIMIT, 475 { INT, 0, INT2VOIDPTR(NS_DEFAULT_SEARCH_TIMEOUT) }, 476 NULL, NULL }, 477 478 {"NS_LDAP_BIND_TIME", NS_LDAP_BIND_TIME_P, 479 CLIENTCONFIG, INT, TRUE, NS_LDAP_V2, 480 _P2_BINDTIMELIMIT, 481 { INT, 0, INT2VOIDPTR(NS_DEFAULT_BIND_TIMEOUT) }, 482 NULL, NULL }, 483 484 {"NS_LDAP_SEARCH_REF", NS_LDAP_SEARCH_REF_P, 485 CLIENTCONFIG, INT, TRUE, NS_LDAP_V2, 486 _P2_FOLLOWREFERRALS, 487 { INT, 0, INT2VOIDPTR(NS_LDAP_FOLLOWREF) }, 488 NULL, ns_ref_enum_v2 }, 489 490 {"NS_LDAP_CACHETTL", NS_LDAP_CACHETTL_P, 491 CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 492 _P2_PROFILETTL, 493 { CHARPTR, 0, (void *)EXP_DEFAULT_TTL }, 494 __s_val_postime, NULL }, 495 496 {"NS_LDAP_ATTRIBUTEMAP", NS_LDAP_ATTRIBUTEMAP_P, 497 CLIENTCONFIG, ATTRMAP, FALSE, NS_LDAP_V2, 498 _P2_ATTRIBUTEMAP, 499 { ATTRMAP, 0, NULL }, 500 NULL, NULL }, 501 502 {"NS_LDAP_OBJECTCLASSMAP", NS_LDAP_OBJECTCLASSMAP_P, 503 CLIENTCONFIG, OBJMAP, FALSE, NS_LDAP_V2, 504 _P2_OBJECTCLASSMAP, 505 { OBJMAP, 0, NULL }, 506 NULL, NULL }, 507 508 {"NS_LDAP_PROFILE", NS_LDAP_PROFILE_P, 509 CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 510 _P_CN, 511 { CHARPTR, 0, (void *)DEFAULTCONFIGNAME }, 512 NULL, NULL }, 513 514 {"NS_LDAP_SERVICE_AUTH_METHOD", NS_LDAP_SERVICE_AUTH_METHOD_P, 515 CLIENTCONFIG, SAMLIST, FALSE, NS_LDAP_V2, 516 _P2_SERVICEAUTHMETHOD, 517 { SAMLIST, 0, NULL }, 518 NULL, NULL }, 519 520 {"NS_LDAP_SERVICE_CRED_LEVEL", NS_LDAP_SERVICE_CRED_LEVEL_P, 521 CLIENTCONFIG, SCLLIST, FALSE, NS_LDAP_V2, 522 _P2_SERVICECREDLEVEL, 523 { SCLLIST, 0, NULL }, 524 NULL, NULL }, 525 526 {"NS_LDAP_HOST_CERTPATH", NS_LDAP_HOST_CERTPATH_P, 527 CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 528 NULL, /* not defined in the Profile */ 529 { CHARPTR, 0, (void *)NSLDAPDIRECTORY }, 530 NULL, NULL }, 531 532 /* array terminator [not an entry] */ 533 {NULL, NS_LDAP_FILE_VERSION_P, 534 CLIENTCONFIG, NS_UNKNOWN, TRUE, NULL, 535 NULL, 536 { NS_UNKNOWN, 0, NULL }, 537 NULL, NULL }, 538 }; 539 540 static char * 541 __getdomainname() 542 { 543 /* 544 * The sysinfo man page recommends using a buffer size 545 * of 257 bytes. MAXHOSTNAMELEN is 256. So add 1 here. 546 */ 547 char buf[MAXHOSTNAMELEN + 1]; 548 int status; 549 550 status = sysinfo(SI_SRPC_DOMAIN, buf, MAXHOSTNAMELEN); 551 if (status < 0) 552 return (NULL); 553 /* error: not enough space to hold returned value */ 554 if (status > sizeof (buf)) 555 return (NULL); 556 return (strdup(buf)); 557 } 558 559 void 560 __ns_ldap_setServer(int set) 561 { 562 cache_server = set; 563 } 564 565 static boolean_t 566 timetorefresh(ns_config_t *cfg) 567 { 568 struct timeval tp; 569 static time_t expire = 0; 570 571 if (cfg == NULL || gettimeofday(&tp, NULL) == -1) 572 return (B_TRUE); 573 574 if (cfg->paramList[NS_LDAP_EXP_P].ns_ptype == TIMET) 575 expire = cfg->paramList[NS_LDAP_EXP_P].ns_tm; 576 else 577 return (B_TRUE); 578 579 return (expire != 0 && tp.tv_sec > expire); 580 } 581 582 int 583 __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i) 584 { 585 register ns_enum_map *mapp; 586 char *pstart = value; 587 char *pend; 588 int len; 589 590 if (pstart == NULL) 591 return (-1); 592 593 /* skip leading spaces */ 594 while (*pstart == SPACETOK) 595 pstart++; 596 /* skip trailing spaces */ 597 pend = pstart + strlen(pstart) - 1; 598 for (; pend >= pstart && *pend == SPACETOK; pend--) 599 ; 600 len = pend - pstart + 1; 601 if (len == 0) 602 return (-1); 603 604 switch (i) { 605 case NS_LDAP_AUTH_P: 606 if (ptr->version == NS_LDAP_V1) 607 mapp = &ns_auth_enum_v1[0]; 608 else 609 mapp = &ns_auth_enum_v2[0]; 610 break; 611 case NS_LDAP_TRANSPORT_SEC_P: 612 return (-1); 613 case NS_LDAP_SEARCH_SCOPE_P: 614 if (ptr->version == NS_LDAP_V1) 615 mapp = &ns_scope_enum_v1[0]; 616 else 617 mapp = &ns_scope_enum_v2[0]; 618 break; 619 case NS_LDAP_SEARCH_REF_P: 620 if (ptr->version == NS_LDAP_V1) 621 mapp = &ns_ref_enum_v1[0]; 622 else 623 mapp = &ns_ref_enum_v2[0]; 624 break; 625 case NS_LDAP_PREF_ONLY_P: 626 mapp = &ns_pref_enum[0]; 627 break; 628 case NS_LDAP_ENABLE_SHADOW_UPDATE_P: 629 mapp = &ns_shadow_update_enum[0]; 630 break; 631 case NS_LDAP_CREDENTIAL_LEVEL_P: 632 if (ptr->version == NS_LDAP_V1) 633 return (-1); 634 else 635 mapp = &ns_cred_enum_v2[0]; 636 break; 637 case NS_LDAP_SERVICE_AUTH_METHOD_P: 638 mapp = &ns_auth_enum_v2[0]; 639 break; 640 case NS_LDAP_SERVICE_CRED_LEVEL_P: 641 mapp = &ns_cred_enum_v2[0]; 642 break; 643 default: 644 return (-1); 645 } 646 647 for (; mapp->name != NULL; mapp++) { 648 if (strncasecmp(pstart, mapp->name, len) == 0 && 649 (strlen(mapp->name) == len)) { 650 return (mapp->value); 651 } 652 } 653 return (-1); 654 } 655 656 char * 657 __s_get_auth_name(ns_config_t *ptr, AuthType_t type) 658 { 659 register ns_enum_map *mapp; 660 661 if (ptr->version == NS_LDAP_V1) 662 mapp = &ns_auth_enum_v1[0]; 663 else 664 mapp = &ns_auth_enum_v2[0]; 665 666 for (; mapp->name != NULL; mapp++) { 667 if (type == INT2AUTHENUM(mapp->value)) { 668 return (mapp->name); 669 } 670 } 671 return ("Unknown AuthType_t type specified"); 672 } 673 674 675 char * 676 __s_get_security_name(ns_config_t *ptr, TlsType_t type) 677 { 678 register ns_enum_map *mapp; 679 680 if (ptr->version == NS_LDAP_V1) { 681 mapp = &ns_sec_enum_v1[0]; 682 683 for (; mapp->name != NULL; mapp++) { 684 if (type == INT2SECENUM(mapp->value)) { 685 return (mapp->name); 686 } 687 } 688 } 689 return ("Unknown TlsType_t type specified"); 690 } 691 692 693 char * 694 __s_get_scope_name(ns_config_t *ptr, ScopeType_t type) 695 { 696 register ns_enum_map *mapp; 697 698 if (ptr->version == NS_LDAP_V1) 699 mapp = &ns_scope_enum_v1[0]; 700 else 701 mapp = &ns_scope_enum_v2[0]; 702 703 for (; mapp->name != NULL; mapp++) { 704 if (type == INT2SCOPEENUM(mapp->value)) { 705 return (mapp->name); 706 } 707 } 708 return ("Unknown ScopeType_t type specified"); 709 } 710 711 712 char * 713 __s_get_pref_name(PrefOnly_t type) 714 { 715 register ns_enum_map *mapp = &ns_pref_enum[0]; 716 717 for (; mapp->name != NULL; mapp++) { 718 if (type == INT2PREFONLYENUM(mapp->value)) { 719 return (mapp->name); 720 } 721 } 722 return ("Unknown PrefOnly_t type specified"); 723 } 724 725 char * 726 __s_get_searchref_name(ns_config_t *ptr, SearchRef_t type) 727 { 728 register ns_enum_map *mapp; 729 730 if (ptr->version == NS_LDAP_V1) 731 mapp = &ns_ref_enum_v1[0]; 732 else 733 mapp = &ns_ref_enum_v2[0]; 734 735 for (; mapp->name != NULL; mapp++) { 736 if (type == INT2SEARCHREFENUM(mapp->value)) { 737 return (mapp->name); 738 } 739 } 740 return ("Unknown SearchRef_t type specified"); 741 } 742 743 char * 744 __s_get_shadowupdate_name(enableShadowUpdate_t type) 745 { 746 register ns_enum_map *mapp; 747 748 mapp = &ns_shadow_update_enum[0]; 749 750 for (; mapp->name != NULL; mapp++) { 751 if (type == INT2SHADOWUPDATENUM(mapp->value)) { 752 return (mapp->name); 753 } 754 } 755 return ("Unknown enableShadowUpdate_t type specified"); 756 } 757 758 static char * 759 __s_get_credlvl_name(ns_config_t *ptr, CredLevel_t type) 760 { 761 register ns_enum_map *mapp; 762 763 if (ptr->version == NS_LDAP_V2) { 764 mapp = &ns_cred_enum_v2[0]; 765 for (; mapp->name != NULL; mapp++) { 766 if (type == INT2CREDLEVELENUM(mapp->value)) { 767 return (mapp->name); 768 } 769 } 770 } 771 return ("Unknown CredLevel_t type specified"); 772 } 773 774 static void 775 destroy_param(ns_config_t *ptr, ParamIndexType type) 776 { 777 int i, j; 778 char **ppc; 779 780 if (ptr == NULL) 781 return; 782 783 /* 784 * This routine is not lock protected because 785 * the config param it may be destroying is not 786 * necessarily THE config. Mutex protect elsewhere. 787 */ 788 switch (ptr->paramList[type].ns_ptype) { 789 case CHARPTR: 790 if (ptr->paramList[type].ns_pc) { 791 free(ptr->paramList[type].ns_pc); 792 ptr->paramList[type].ns_pc = NULL; 793 } 794 break; 795 case SAMLIST: 796 case SCLLIST: 797 case SSDLIST: 798 case ARRAYCP: 799 case SERVLIST: 800 if (ptr->paramList[type].ns_ppc) { 801 ppc = ptr->paramList[type].ns_ppc; 802 j = ptr->paramList[type].ns_acnt; 803 for (i = 0; i < j && ppc[i] != NULL; i++) { 804 free((void *)ppc[i]); 805 } 806 free((void *)ppc); 807 ptr->paramList[type].ns_ppc = NULL; 808 } 809 break; 810 case ARRAYAUTH: 811 case ARRAYCRED: 812 if (ptr->paramList[type].ns_pi) { 813 free(ptr->paramList[type].ns_pi); 814 ptr->paramList[type].ns_pi = NULL; 815 } 816 break; 817 case INT: 818 ptr->paramList[type].ns_i = 0; 819 break; 820 case ATTRMAP: 821 break; 822 case OBJMAP: 823 break; 824 default: 825 break; 826 } 827 ptr->paramList[type].ns_ptype = NS_UNKNOWN; 828 } 829 830 static void 831 destroy_config(ns_config_t *ptr) 832 { 833 ParamIndexType i; 834 835 if (ptr != NULL) { 836 if (ptr == current_config) 837 current_config = NULL; 838 free(ptr->domainName); 839 ptr->domainName = NULL; 840 for (i = 0; i <= LAST_VALUE; i++) { 841 destroy_param(ptr, i); 842 } 843 __s_api_destroy_hash(ptr); 844 free(ptr); 845 } 846 } 847 848 /* 849 * Marks the ns_config_t to be deleted and then releases it. (If no other 850 * caller is using, then __s_api_release_config will destroy it.) 851 * 852 * Note that __s_api_destroy_config should only be called if the caller has 853 * created the ns_config_t with __s_api_create_config (with the exception 854 * of set_curr_config). The ns_config_t should be private to the caller. 855 * 856 * This function should not be called with the current_config except by 857 * set_curr_config which locks ns_parse_lock to ensure that no thread 858 * will be waiting on current_config->config_mutex. This ensures that 859 * no caller with be waiting on cfg->config_mutex while it is being 860 * destroyed by __s_api_release_config. 861 */ 862 863 void 864 __s_api_destroy_config(ns_config_t *cfg) 865 { 866 if (cfg != NULL) { 867 (void) mutex_lock(&cfg->config_mutex); 868 cfg->delete = TRUE; 869 (void) mutex_unlock(&cfg->config_mutex); 870 __s_api_release_config(cfg); 871 } 872 } 873 874 875 /* 876 * Increment the configuration use count by one - assumes ns_parse_lock has 877 * been obtained. 878 */ 879 880 static ns_config_t * 881 get_curr_config_unlocked(ns_config_t *cfg, boolean_t global) 882 { 883 ns_config_t *ret; 884 885 ret = cfg; 886 if (cfg != NULL) { 887 (void) mutex_lock(&cfg->config_mutex); 888 /* 889 * allow access to per connection management (non-global) 890 * config so operations on connection being closed can still 891 * be completed 892 */ 893 if (cfg->delete && global == B_TRUE) 894 ret = NULL; 895 else 896 cfg->nUse++; 897 (void) mutex_unlock(&cfg->config_mutex); 898 } 899 return (ret); 900 } 901 902 /* 903 * set_curr_config_global sets the current global config to the 904 * specified ns_config_t. Note that this function is similar 905 * to the project private function __s_api_init_config_global 906 * except that it does not release the new ns_config_t. 907 */ 908 static void 909 set_curr_config_global(ns_config_t *ptr) 910 { 911 ns_config_t *cfg; 912 ns_config_t *cur_cfg; 913 914 (void) mutex_lock(&ns_parse_lock); 915 cur_cfg = current_config; 916 cfg = get_curr_config_unlocked(cur_cfg, B_TRUE); 917 if (cfg != ptr) { 918 __s_api_destroy_config(cfg); 919 current_config = ptr; 920 } 921 (void) mutex_unlock(&ns_parse_lock); 922 } 923 924 925 /* 926 * set_curr_config sets the current config or the per connection 927 * management one to the specified ns_config_t. Note that this function 928 * is similar to the project private function __s_api_init_config 929 * except that it does not release the new ns_config_t. Also note 930 * that if there's no per connection management one to set, the 931 * global current config will be set. 932 */ 933 934 static void 935 set_curr_config(ns_config_t *ptr) 936 { 937 ns_config_t *cfg; 938 ns_config_t *cur_cfg; 939 ns_conn_mgmt_t *cmg; 940 int rc; 941 942 rc = thr_getspecific(ns_cmgkey, (void **)&cmg); 943 944 /* set the per connection management config if possible */ 945 if (rc == 0 && cmg != NULL && cmg->config != NULL) { 946 (void) mutex_lock(&cmg->cfg_lock); 947 cur_cfg = cmg->config; 948 cfg = get_curr_config_unlocked(cur_cfg, B_FALSE); 949 if (cfg != ptr) { 950 __s_api_destroy_config(cfg); 951 cmg->config = ptr; 952 } 953 (void) mutex_unlock(&cmg->cfg_lock); 954 return; 955 } 956 957 /* else set the global current config */ 958 set_curr_config_global(ptr); 959 } 960 961 /* 962 * Decrements the ns_config_t usage count by one. Delete if delete flag 963 * is set and no other callers are using. 964 */ 965 966 void 967 __s_api_release_config(ns_config_t *cfg) 968 { 969 if (cfg != NULL) { 970 (void) mutex_lock(&cfg->config_mutex); 971 cfg->nUse--; 972 if (cfg->nUse == 0 && cfg->delete) { 973 destroy_config(cfg); 974 } else 975 (void) mutex_unlock(&cfg->config_mutex); 976 } 977 } 978 979 /* 980 * __s_api_init_config function destroys the previous global configuration 981 * sets the new global configuration and then releases it 982 */ 983 void 984 __s_api_init_config_global(ns_config_t *ptr) 985 { 986 set_curr_config_global(ptr); 987 __s_api_release_config(ptr); 988 } 989 990 /* 991 * __s_api_init_config function destroys the previous configuration 992 * sets the new configuration and then releases it. The configuration 993 * may be the global one or the per connection management one. 994 */ 995 void 996 __s_api_init_config(ns_config_t *ptr) 997 { 998 set_curr_config(ptr); 999 __s_api_release_config(ptr); 1000 } 1001 1002 1003 /* 1004 * Create an ns_config_t, set the usage count to one 1005 */ 1006 1007 ns_config_t * 1008 __s_api_create_config(void) 1009 { 1010 ns_config_t *ret; 1011 ret = (ns_config_t *)calloc(1, sizeof (ns_config_t)); 1012 if (ret == NULL) 1013 return (NULL); 1014 1015 ret->domainName = __getdomainname(); 1016 if (ret->domainName == NULL) { 1017 free(ret); 1018 return (NULL); 1019 } 1020 ret->version = NS_LDAP_V1; 1021 (void) mutex_init(&ret->config_mutex, USYNC_THREAD, NULL); 1022 ret->nUse = 1; 1023 ret->delete = B_FALSE; 1024 return (ret); 1025 } 1026 1027 /* 1028 * __s_api_get_default_config_global returns the current global config 1029 */ 1030 ns_config_t * 1031 __s_api_get_default_config_global(void) 1032 { 1033 ns_config_t *cfg; 1034 ns_config_t *cur_cfg; 1035 1036 (void) mutex_lock(&ns_parse_lock); 1037 cur_cfg = current_config; 1038 cfg = get_curr_config_unlocked(cur_cfg, B_TRUE); 1039 (void) mutex_unlock(&ns_parse_lock); 1040 1041 return (cfg); 1042 } 1043 1044 /* 1045 * __s_api_get_default_config returns the current global config or the 1046 * per connection management one. 1047 */ 1048 ns_config_t * 1049 __s_api_get_default_config(void) 1050 { 1051 ns_config_t *cfg; 1052 ns_config_t *cur_cfg; 1053 ns_conn_mgmt_t *cmg; 1054 int rc; 1055 1056 rc = thr_getspecific(ns_cmgkey, (void **)&cmg); 1057 1058 /* get the per connection management config if available */ 1059 if (rc == 0 && cmg != NULL && cmg->config != NULL) { 1060 (void) mutex_lock(&cmg->cfg_lock); 1061 cur_cfg = cmg->config; 1062 cfg = get_curr_config_unlocked(cur_cfg, B_FALSE); 1063 (void) mutex_unlock(&cmg->cfg_lock); 1064 return (cfg); 1065 } 1066 1067 /* else get the global current config */ 1068 return (__s_api_get_default_config_global()); 1069 } 1070 1071 static char * 1072 stripdup(const char *instr) 1073 { 1074 char *pstart = (char *)instr; 1075 char *pend, *ret; 1076 int len; 1077 1078 if (pstart == NULL) 1079 return (NULL); 1080 /* remove leading spaces */ 1081 while (*pstart == SPACETOK) 1082 pstart++; 1083 /* remove trailing spaces */ 1084 pend = pstart + strlen(pstart) - 1; 1085 for (; pend >= pstart && *pend == SPACETOK; pend--) 1086 ; 1087 len = pend - pstart + 1; 1088 if ((ret = malloc(len + 1)) == NULL) 1089 return (NULL); 1090 if (len != 0) { 1091 (void) strncpy(ret, pstart, len); 1092 } 1093 ret[len] = '\0'; 1094 return (ret); 1095 } 1096 1097 /* 1098 * Note that __s_api_crosscheck is assumed to be called with an ns_config_t 1099 * that is properly protected - so that it will not change during the 1100 * duration of the call 1101 */ 1102 1103 /* Size of errstr needs to be MAXERROR */ 1104 ns_parse_status 1105 __s_api_crosscheck(ns_config_t *ptr, char *errstr, int check_dn) 1106 { 1107 int value, j; 1108 time_t tm; 1109 const char *str, *str1; 1110 int i, cnt; 1111 int self, gssapi; 1112 1113 if (ptr == NULL) 1114 return (NS_SUCCESS); 1115 1116 /* check for no server specified */ 1117 if (ptr->paramList[NS_LDAP_SERVERS_P].ns_ppc == NULL) { 1118 if (ptr->version == NS_LDAP_V1) { 1119 str = NULL_OR_STR(__s_api_get_configname( 1120 NS_LDAP_SERVERS_P)); 1121 (void) snprintf(errstr, MAXERROR, 1122 gettext("Configuration Error: No entry for " 1123 "'%s' found"), str); 1124 return (NS_PARSE_ERR); 1125 } else if (ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc == 1126 NULL) { 1127 str = NULL_OR_STR(__s_api_get_configname( 1128 NS_LDAP_SERVERS_P)); 1129 str1 = NULL_OR_STR(__s_api_get_configname( 1130 NS_LDAP_SERVER_PREF_P)); 1131 (void) snprintf(errstr, MAXERROR, 1132 gettext("Configuration Error: " 1133 "Neither '%s' nor '%s' is defined"), str, str1); 1134 return (NS_PARSE_ERR); 1135 } 1136 } 1137 if (ptr->paramList[NS_LDAP_CERT_PASS_P].ns_pc != NULL && 1138 ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc == NULL) { 1139 str = NULL_OR_STR(__s_api_get_configname( 1140 NS_LDAP_CERT_PASS_P)); 1141 str1 = NULL_OR_STR(__s_api_get_configname( 1142 NS_LDAP_CERT_PATH_P)); 1143 (void) snprintf(errstr, MAXERROR, 1144 gettext("Configuration Error: %s specified " 1145 "but no value for '%s' found"), str, str1); 1146 return (NS_PARSE_ERR); 1147 } 1148 if (ptr->paramList[NS_LDAP_CERT_PASS_P].ns_pc == NULL && 1149 ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc != NULL) { 1150 str = NULL_OR_STR(__s_api_get_configname( 1151 NS_LDAP_CERT_PATH_P)); 1152 str1 = NULL_OR_STR(__s_api_get_configname( 1153 NS_LDAP_CERT_PASS_P)); 1154 (void) snprintf(errstr, MAXERROR, 1155 gettext("Configuration Error: %s specified " 1156 "but no value for '%s' found"), str, str1); 1157 return (NS_PARSE_ERR); 1158 } 1159 /* check if search basedn has been specified */ 1160 if (ptr->paramList[NS_LDAP_SEARCH_BASEDN_P].ns_ppc == NULL) { 1161 str = NULL_OR_STR(__s_api_get_configname( 1162 NS_LDAP_SEARCH_BASEDN_P)); 1163 (void) snprintf(errstr, MAXERROR, 1164 gettext("Configuration Error: No entry for " 1165 "'%s' found"), str); 1166 return (NS_PARSE_ERR); 1167 } 1168 1169 if (check_dn) { 1170 /* check for auth value....passwd/bindn if necessary */ 1171 1172 for (j = 0; ptr->paramList[NS_LDAP_AUTH_P].ns_pi != NULL && 1173 ptr->paramList[NS_LDAP_AUTH_P].ns_pi[j] != NULL; j++) { 1174 value = ptr->paramList[NS_LDAP_AUTH_P].ns_pi[j]; 1175 switch (value) { 1176 case NS_LDAP_EA_SIMPLE: 1177 case NS_LDAP_EA_SASL_CRAM_MD5: 1178 case NS_LDAP_EA_SASL_DIGEST_MD5: 1179 case NS_LDAP_EA_SASL_DIGEST_MD5_INT: 1180 case NS_LDAP_EA_SASL_DIGEST_MD5_CONF: 1181 case NS_LDAP_EA_TLS_SIMPLE: 1182 case NS_LDAP_EA_TLS_SASL_CRAM_MD5: 1183 case NS_LDAP_EA_TLS_SASL_DIGEST_MD5: 1184 case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT: 1185 case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF: 1186 if (ptr->paramList[NS_LDAP_BINDDN_P].ns_ppc == NULL) { 1187 str = NULL_OR_STR(__s_api_get_configname( 1188 NS_LDAP_BINDDN_P)); 1189 (void) snprintf(errstr, MAXERROR, 1190 gettext("Configuration Error: No entry for " 1191 "'%s' found"), str); 1192 return (NS_PARSE_ERR); 1193 } 1194 if (ptr->paramList[NS_LDAP_BINDPASSWD_P].ns_ppc 1195 == NULL) { 1196 str = NULL_OR_STR(__s_api_get_configname( 1197 NS_LDAP_BINDPASSWD_P)); 1198 (void) snprintf(errstr, MAXERROR, 1199 gettext("Configuration Error: No entry for " 1200 "'%s' found"), str); 1201 return (NS_PARSE_ERR); 1202 } 1203 break; 1204 } 1205 } 1206 } 1207 1208 /* 1209 * If NS_LDAP_CACHETTL is not specified, 1210 * init NS_LDAP_EXP_P here. Otherwise, 1211 * ldap_cachemgr will never refresh the profile. 1212 * Set it to current time + default 1213 * NS_LDAP_CACHETTL 1214 */ 1215 if (ptr->paramList[NS_LDAP_CACHETTL_P].ns_pc == NULL) { 1216 tm = conv_time( 1217 defconfig[NS_LDAP_CACHETTL_P].defval.ns_pc); 1218 ptr->paramList[NS_LDAP_EXP_P].ns_ptype = TIMET; 1219 if (tm != 0) { 1220 tm += time(NULL); 1221 } 1222 ptr->paramList[NS_LDAP_EXP_P].ns_tm = tm; 1223 } 1224 /* 1225 * If credential level self is defined, there should be 1226 * at least an auth method sasl/GSSAPI and vice versa. 1227 */ 1228 self = 0; 1229 cnt = ptr->paramList[NS_LDAP_CREDENTIAL_LEVEL_P].ns_acnt; 1230 for (i = 0; i < cnt; i++) { 1231 if (ptr->paramList[NS_LDAP_CREDENTIAL_LEVEL_P].ns_pi[i] == 1232 NS_LDAP_CRED_SELF) 1233 self++; 1234 } 1235 gssapi = 0; 1236 cnt = ptr->paramList[NS_LDAP_AUTH_P].ns_acnt; 1237 for (i = 0; i < cnt; i++) { 1238 if (ptr->paramList[NS_LDAP_AUTH_P].ns_pi[i] == 1239 NS_LDAP_EA_SASL_GSSAPI) 1240 gssapi++; 1241 } 1242 if (gssapi == 0 && self > 0) { 1243 (void) snprintf(errstr, MAXERROR, 1244 gettext("Configuration Error: " 1245 "Credential level self requires " 1246 "authentication method sasl/GSSAPI")); 1247 return (NS_PARSE_ERR); 1248 } 1249 if (gssapi > 0 && self == 0) { 1250 (void) snprintf(errstr, MAXERROR, 1251 gettext("Configuration Error: " 1252 "Authentication method sasl/GSSAPI " 1253 "requires credential level self")); 1254 return (NS_PARSE_ERR); 1255 } 1256 return (NS_SUCCESS); 1257 } 1258 1259 1260 int 1261 __s_api_get_type(const char *value, ParamIndexType *type) 1262 { 1263 int i; 1264 1265 for (i = 0; defconfig[i].name != NULL; i++) { 1266 if (strcasecmp(defconfig[i].name, value) == 0) { 1267 *type = defconfig[i].index; 1268 return (0); 1269 } 1270 } 1271 return (-1); 1272 } 1273 1274 /* 1275 * Externally defined version of get_type. 1276 * Includes extra error checking 1277 */ 1278 1279 int 1280 __ns_ldap_getParamType(const char *value, ParamIndexType *type) 1281 { 1282 if (value == NULL || type == NULL) 1283 return (-1); 1284 return (__s_api_get_type(value, type)); 1285 } 1286 1287 int 1288 __s_api_get_versiontype(ns_config_t *ptr, char *value, ParamIndexType *type) 1289 { 1290 ns_version_t ver; 1291 int i; 1292 1293 if (ptr == NULL) 1294 return (-1); 1295 1296 ver = ptr->version; 1297 1298 for (i = 0; defconfig[i].name != NULL; i++) { 1299 if (strcasecmp(defconfig[i].name, value) == 0) { 1300 if (defconfig[i].version == ver) { 1301 *type = defconfig[i].index; 1302 return (0); 1303 } 1304 } 1305 } 1306 return (-1); 1307 } 1308 1309 int 1310 __s_api_get_profiletype(char *value, ParamIndexType *type) 1311 { 1312 int i; 1313 1314 for (i = 0; defconfig[i].name != NULL; i++) { 1315 if (defconfig[i].profile_name == NULL) 1316 continue; 1317 if (strcasecmp(defconfig[i].profile_name, value) == 0) { 1318 *type = defconfig[i].index; 1319 return (0); 1320 } 1321 } 1322 return (-1); 1323 } 1324 1325 int 1326 __s_api_get_configtype(ParamIndexType type) 1327 { 1328 int i; 1329 1330 for (i = 0; defconfig[i].name != NULL; i++) { 1331 if (defconfig[i].index == type) { 1332 return (defconfig[i].config_type); 1333 } 1334 } 1335 return (-1); 1336 } 1337 1338 const char * 1339 __s_api_get_configname(ParamIndexType type) 1340 { 1341 int i; 1342 1343 for (i = 0; defconfig[i].name != NULL; i++) { 1344 if (defconfig[i].index == type) { 1345 if (defconfig[i].name[0] == '\0') 1346 return (NULL); 1347 else 1348 return (defconfig[i].name); 1349 } 1350 } 1351 return (NULL); 1352 } 1353 1354 static ns_default_config * 1355 get_defconfig(ns_config_t *ptr, ParamIndexType type) 1356 { 1357 ns_version_t ver; 1358 int i; 1359 1360 ver = ptr->version; 1361 1362 for (i = 0; defconfig[i].name != NULL; i++) { 1363 if (defconfig[i].index == type && 1364 defconfig[i].version == ver) { 1365 return (&defconfig[i]); 1366 } 1367 } 1368 return (NULL); 1369 } 1370 1371 static int 1372 set_default_value(ns_config_t *configptr, char *name, 1373 char *value, ns_ldap_error_t **error) 1374 { 1375 ParamIndexType i; 1376 int ret; 1377 char errstr[MAXERROR]; 1378 1379 if (__s_api_get_type(name, &i) < 0) { 1380 (void) snprintf(errstr, sizeof (errstr), gettext( 1381 "Illegal type name (%s).\n"), name); 1382 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), 1383 NULL); 1384 return (NS_LDAP_CONFIG); 1385 } 1386 1387 if (i != NS_LDAP_SERVERS_P && 1388 i != NS_LDAP_SERVICE_AUTH_METHOD_P && 1389 i != NS_LDAP_SERVICE_CRED_LEVEL_P && 1390 i != NS_LDAP_SERVICE_SEARCH_DESC_P && 1391 i != NS_LDAP_SERVER_PREF_P && 1392 i != NS_LDAP_SEARCH_DN_P) { 1393 if (configptr->paramList[i].ns_ptype != NS_UNKNOWN) { 1394 destroy_param(configptr, i); 1395 } 1396 } 1397 1398 ret = __ns_ldap_setParamValue(configptr, i, value, error); 1399 return (ret); 1400 } 1401 1402 1403 /* 1404 * Initialize config to a default state 1405 * By default leave configuration empty 1406 * getParam will automatically get the 1407 * appropriate default value if none exists 1408 */ 1409 1410 void 1411 __ns_ldap_default_config() 1412 { 1413 ns_config_t *ptr; 1414 1415 ptr = __s_api_create_config(); 1416 if (ptr == NULL) 1417 return; 1418 1419 set_curr_config(ptr); 1420 __s_api_release_config(ptr); 1421 } 1422 1423 /* 1424 * Get the current configuration pointer and return it. 1425 * If necessary initialize or refresh the current 1426 * configuration as applicable. If global is set, returns 1427 * the global one. 1428 */ 1429 1430 static ns_config_t * 1431 loadrefresh_config(boolean_t global) 1432 { 1433 ns_config_t *cfg; 1434 ns_config_t *new_cfg; 1435 ns_ldap_error_t *errorp; 1436 1437 /* We want to refresh only one configuration at a time */ 1438 (void) mutex_lock(&ns_loadrefresh_lock); 1439 if (global == B_TRUE) 1440 cfg = __s_api_get_default_config_global(); 1441 else 1442 cfg = __s_api_get_default_config(); 1443 1444 /* (re)initialize configuration if necessary */ 1445 if (!__s_api_isStandalone() && timetorefresh(cfg)) { 1446 new_cfg = LoadCacheConfiguration(cfg, &errorp); 1447 if (new_cfg != NULL && new_cfg != cfg) { 1448 __s_api_release_config(cfg); 1449 if (global == B_TRUE) 1450 set_curr_config_global(new_cfg); 1451 else 1452 set_curr_config(new_cfg); 1453 cfg = new_cfg; 1454 } 1455 if (errorp != NULL) 1456 (void) __ns_ldap_freeError(&errorp); 1457 } 1458 (void) mutex_unlock(&ns_loadrefresh_lock); 1459 return (cfg); 1460 } 1461 1462 /* 1463 * Get the current global configuration pointer and return it. 1464 * If necessary initialize or refresh the current 1465 * configuration as applicable. 1466 */ 1467 1468 ns_config_t * 1469 __s_api_loadrefresh_config_global() 1470 { 1471 return (loadrefresh_config(B_TRUE)); 1472 } 1473 1474 /* 1475 * Get the current configuration pointer and return it. 1476 * If necessary initialize or refresh the current 1477 * configuration as applicable. The configuration may 1478 * be the global one or the per connection management one. 1479 */ 1480 1481 ns_config_t * 1482 __s_api_loadrefresh_config() 1483 { 1484 return (loadrefresh_config(B_FALSE)); 1485 } 1486 1487 /* 1488 * In general this routine is not very usefull. Individual routines can be 1489 * created to do this job. Once that is done, this function can be removed. 1490 * Size of errstr buffer needs to be MAXERROR. 1491 */ 1492 static ns_parse_status 1493 verify_value(ns_config_t *cfg, char *name, char *value, char *errstr) 1494 { 1495 ParamIndexType index = 0; 1496 int found = 0, j; 1497 char *ptr = NULL, *strptr = NULL, buffer[BUFSIZE]; 1498 char *rest; 1499 ns_default_config *def = NULL; 1500 1501 if (__s_api_get_type(name, &index) != 0) { 1502 (void) snprintf(errstr, MAXERROR, 1503 gettext("Unknown keyword encountered '%s'."), name); 1504 return (NS_PARSE_ERR); 1505 } 1506 1507 def = get_defconfig(cfg, index); 1508 1509 /* eat up beginning quote, if any */ 1510 while (value != NULL && (*value == QUOTETOK || *value == SPACETOK)) 1511 value++; 1512 1513 /* eat up space/quote at end of value */ 1514 if (strlen(value) > 0) 1515 ptr = value + strlen(value) - 1; 1516 else 1517 ptr = value; 1518 for (; ptr != value && (*ptr == SPACETOK || *ptr == QUOTETOK); ptr--) { 1519 *ptr = '\0'; 1520 } 1521 1522 switch (index) { 1523 case NS_LDAP_EXP_P: 1524 case NS_LDAP_CACHETTL_P: 1525 case NS_LDAP_CERT_PATH_P: 1526 case NS_LDAP_CERT_PASS_P: 1527 case NS_LDAP_CERT_NICKNAME_P: 1528 case NS_LDAP_BINDDN_P: 1529 case NS_LDAP_BINDPASSWD_P: 1530 case NS_LDAP_ADMIN_BINDDN_P: 1531 case NS_LDAP_ADMIN_BINDPASSWD_P: 1532 case NS_LDAP_DOMAIN_P: 1533 case NS_LDAP_SEARCH_BASEDN_P: 1534 case NS_LDAP_SEARCH_TIME_P: 1535 case NS_LDAP_PROFILE_P: 1536 case NS_LDAP_AUTH_P: 1537 case NS_LDAP_SEARCH_SCOPE_P: 1538 case NS_LDAP_CREDENTIAL_LEVEL_P: 1539 case NS_LDAP_SERVICE_SEARCH_DESC_P: 1540 case NS_LDAP_BIND_TIME_P: 1541 case NS_LDAP_ATTRIBUTEMAP_P: 1542 case NS_LDAP_OBJECTCLASSMAP_P: 1543 case NS_LDAP_SERVICE_AUTH_METHOD_P: 1544 case NS_LDAP_SERVICE_CRED_LEVEL_P: 1545 case NS_LDAP_HOST_CERTPATH_P: 1546 break; 1547 case NS_LDAP_SEARCH_DN_P: 1548 /* depreciated because of service descriptors */ 1549 /* Parse as appropriate at descriptor create time */ 1550 break; 1551 case NS_LDAP_FILE_VERSION_P: 1552 if (value != NULL && 1553 strcasecmp(value, NS_LDAP_VERSION_1) != 0 && 1554 strcasecmp(value, NS_LDAP_VERSION_2) != 0) { 1555 (void) snprintf(errstr, MAXERROR, 1556 gettext("Version mismatch, expected " 1557 "cache version '%s' or '%s' but " 1558 "encountered version '%s'."), 1559 NS_LDAP_VERSION_1, 1560 NS_LDAP_VERSION_2, value); 1561 return (NS_PARSE_ERR); 1562 } 1563 break; 1564 case NS_LDAP_SERVERS_P: 1565 case NS_LDAP_SERVER_PREF_P: 1566 (void) strcpy(buffer, value); 1567 strptr = strtok_r(buffer, ",", &rest); 1568 while (strptr != NULL) { 1569 char *tmp = NULL; 1570 tmp = stripdup(strptr); 1571 if (tmp == NULL || (strchr(tmp, ' ') != NULL)) { 1572 (void) snprintf(errstr, MAXERROR, 1573 gettext("Invalid parameter values " 1574 "'%s' specified for keyword '%s'."), 1575 tmp, name); 1576 free(tmp); 1577 return (NS_PARSE_ERR); 1578 } 1579 free(tmp); 1580 strptr = strtok_r(NULL, ",", &rest); 1581 } 1582 break; 1583 default: 1584 found = 0; j = 0; 1585 while (def->allowed != NULL && 1586 def->allowed[j].name != NULL && j < DEFMAX) { 1587 if (strcmp(def->allowed[j].name, 1588 value) == 0) { 1589 found = 1; 1590 break; 1591 } 1592 j++; 1593 } 1594 if (!found) { 1595 (void) snprintf(errstr, MAXERROR, 1596 gettext("Invalid option specified for " 1597 "'%s' keyword. '%s' is not a recognized " 1598 "keyword value."), name, value); 1599 return (NS_PARSE_ERR); 1600 } 1601 } 1602 1603 return (NS_SUCCESS); 1604 } 1605 1606 void 1607 __s_api_split_key_value(char *buffer, char **name, char **value) 1608 { 1609 char *ptr; 1610 1611 *name = buffer; 1612 /* split into name value pair */ 1613 if ((ptr = strchr(buffer, TOKENSEPARATOR)) != NULL) { 1614 *ptr = '\0'; 1615 ptr++; 1616 /* trim whitespace */ 1617 while (*ptr == SPACETOK) 1618 ptr++; 1619 *value = ptr; 1620 } 1621 } 1622 1623 /* 1624 * Set a parameter value in a generic configuration structure 1625 * Assume any necessary locks are in place. This routine would 1626 * be better named: __ns_ldap_translateString2Param 1627 * 1628 * This routine translates external string format into internal 1629 * param format and saves the result in the param table. 1630 */ 1631 int 1632 __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, 1633 const void *data, ns_ldap_error_t **error) 1634 { 1635 ns_default_config *def = NULL; 1636 ns_param_t conf; 1637 ns_mapping_t *map, *rmap; 1638 int i, j, len; 1639 char *cp, *cp2, *end; 1640 char *tcp = NULL; 1641 char errstr[2 * MAXERROR]; 1642 char tbuf[100], *ptbuf; 1643 char *sid, *origA, **mapA; 1644 char **attr; 1645 time_t tm; 1646 int free_memory, exitrc; 1647 char **p; 1648 1649 /* Find ParamIndexType default configuration data */ 1650 def = get_defconfig(ptr, type); 1651 if (def == NULL) { 1652 (void) snprintf(errstr, sizeof (errstr), 1653 gettext("Unable to set value: " 1654 "invalid ParamIndexType (%d)"), type); 1655 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), 1656 NULL); 1657 return (NS_LDAP_CONFIG); 1658 } 1659 1660 (void) memset(&conf, 0, sizeof (conf)); 1661 1662 /* data is actually const char */ 1663 cp = (char *)data; 1664 1665 /* eat up beginning quote, if any */ 1666 while (cp && (*cp == QUOTETOK || *cp == SPACETOK)) 1667 cp++; 1668 1669 /* eat up space/quote at end of value */ 1670 end = cp2 = cp + strlen(cp) - 1; 1671 for (; cp2 > cp && (*cp2 == SPACETOK || *cp2 == QUOTETOK); cp2--) 1672 ; 1673 /* data is const, must duplicate */ 1674 if (cp2 != end) { 1675 tcp = (char *)calloc((int)(cp2 - cp + 2), sizeof (char)); 1676 if (tcp == NULL) 1677 return (NS_LDAP_MEMORY); 1678 end = cp2; 1679 cp2 = tcp; 1680 while (cp <= end) { 1681 *cp2++ = *cp++; 1682 } 1683 *cp2 = '\0'; 1684 cp = tcp; 1685 } 1686 1687 /* Parse data according to type */ 1688 switch (def->data_type) { 1689 case INT: 1690 switch (def->index) { 1691 case NS_LDAP_PREF_ONLY_P: 1692 case NS_LDAP_SEARCH_REF_P: 1693 case NS_LDAP_SEARCH_SCOPE_P: 1694 case NS_LDAP_ENABLE_SHADOW_UPDATE_P: 1695 i = __s_get_enum_value(ptr, cp, def->index); 1696 if (i < 0) { 1697 (void) snprintf(errstr, sizeof (errstr), 1698 gettext("Unable to set value: " 1699 "invalid %s (%d)"), def->name, 1700 def->index); 1701 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1702 strdup(errstr), NULL); 1703 if (tcp != NULL) 1704 free(tcp); 1705 return (NS_LDAP_CONFIG); 1706 } 1707 conf.ns_i = i; 1708 break; 1709 case NS_LDAP_TRANSPORT_SEC_P: /* ignore TRANSPORT_SEC */ 1710 break; 1711 default: 1712 cp2 = cp; 1713 if ((*cp2 == '+') || (*cp2 == '-')) 1714 cp2++; 1715 for (/* empty */; *cp2; cp2++) { 1716 if (isdigit(*cp2)) 1717 continue; 1718 1719 (void) snprintf(errstr, sizeof (errstr), 1720 gettext("Unable to set value: " 1721 "invalid %s (%d)"), def->name, 1722 def->index); 1723 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1724 strdup(errstr), NULL); 1725 if (tcp != NULL) 1726 free(tcp); 1727 return (NS_LDAP_CONFIG); 1728 } 1729 i = atoi(cp); 1730 conf.ns_i = i; 1731 break; 1732 } 1733 break; 1734 case TIMET: 1735 /* Do nothing with a TIMET. Initialize it below */ 1736 break; 1737 case CHARPTR: 1738 conf.ns_pc = (char *)strdup(cp); 1739 if (conf.ns_pc == NULL) { 1740 if (tcp != NULL) 1741 free(tcp); 1742 return (NS_LDAP_MEMORY); 1743 } 1744 break; 1745 case SAMLIST: 1746 /* first check to see if colon (:) is there */ 1747 if ((strchr(cp, COLONTOK)) == NULL) { 1748 (void) snprintf(errstr, sizeof (errstr), 1749 gettext("Unable to set value: " 1750 "invalid serviceAuthenticationMethod (%s)"), 1751 cp); 1752 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1753 strdup(errstr), NULL); 1754 if (tcp != NULL) 1755 free(tcp); 1756 return (NS_LDAP_CONFIG); 1757 } 1758 /* Appends an entry to the existing list */ 1759 if (ptr->paramList[type].ns_ptype != SAMLIST) { 1760 conf.ns_ppc = (char **)calloc(2, sizeof (char *)); 1761 if (conf.ns_ppc == NULL) { 1762 if (tcp != NULL) 1763 free(tcp); 1764 return (NS_LDAP_MEMORY); 1765 } 1766 conf.ns_acnt = 1; 1767 conf.ns_ppc[0] = (char *)strdup(cp); 1768 if (conf.ns_ppc[0] == NULL) { 1769 free(conf.ns_ppc); 1770 if (tcp != NULL) 1771 free(tcp); 1772 return (NS_LDAP_MEMORY); 1773 } 1774 } else { 1775 char *dp, *dpend; 1776 int fnd = 0; 1777 1778 /* Attempt to replace if possible */ 1779 dpend = strchr(cp, COLONTOK); 1780 len = dpend - cp; 1781 dp = (char *)malloc(len+1); 1782 if (dp == NULL) { 1783 if (tcp != NULL) 1784 free(tcp); 1785 return (NS_LDAP_MEMORY); 1786 } 1787 (void) strlcpy(dp, cp, len+1); 1788 fnd = 0; 1789 for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { 1790 dpend = strchr(ptr->paramList[type].ns_ppc[j], 1791 COLONTOK); 1792 if (dpend == NULL) 1793 continue; 1794 i = dpend - ptr->paramList[type].ns_ppc[j]; 1795 if (i != len) 1796 continue; 1797 if (strncmp(ptr->paramList[type].ns_ppc[j], 1798 dp, len) == 0) { 1799 conf.ns_acnt = 1800 ptr->paramList[type].ns_acnt; 1801 conf.ns_ppc = 1802 ptr->paramList[type].ns_ppc; 1803 ptr->paramList[type].ns_ppc = NULL; 1804 free(conf.ns_ppc[j]); 1805 conf.ns_ppc[j] = (char *)strdup(cp); 1806 if (conf.ns_ppc[j] == NULL) { 1807 free(dp); 1808 __s_api_free2dArray 1809 (conf.ns_ppc); 1810 if (tcp != NULL) 1811 free(tcp); 1812 return (NS_LDAP_MEMORY); 1813 } 1814 fnd = 1; 1815 break; 1816 } 1817 } 1818 free(dp); 1819 1820 if (fnd) 1821 break; /* Replaced completed */ 1822 1823 /* Append */ 1824 len = ptr->paramList[type].ns_acnt + 1; 1825 if (len > 1) { 1826 p = (char **)dupParam(&ptr->paramList[type]); 1827 if (p == NULL) { 1828 if (tcp != NULL) 1829 free(tcp); 1830 return (NS_LDAP_MEMORY); 1831 } 1832 } else 1833 p = NULL; 1834 conf.ns_ppc = 1835 (char **)realloc(p, (len+1) * sizeof (char *)); 1836 if (conf.ns_ppc == NULL) { 1837 __s_api_free2dArray(p); 1838 if (tcp != NULL) 1839 free(tcp); 1840 return (NS_LDAP_MEMORY); 1841 } 1842 conf.ns_acnt = len; 1843 conf.ns_ppc[len-1] = (char *)strdup(cp); 1844 if (conf.ns_ppc[len-1] == NULL) { 1845 __s_api_free2dArray(conf.ns_ppc); 1846 if (tcp != NULL) 1847 free(tcp); 1848 return (NS_LDAP_MEMORY); 1849 } 1850 conf.ns_ppc[len] = NULL; 1851 } 1852 break; 1853 case SCLLIST: 1854 /* first check to see if colon (:) is there */ 1855 if ((strchr(cp, COLONTOK)) == NULL) { 1856 (void) snprintf(errstr, sizeof (errstr), 1857 gettext("Unable to set value: " 1858 "invalid serviceCredentialLevel (%s)"), 1859 cp); 1860 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1861 strdup(errstr), NULL); 1862 if (tcp != NULL) 1863 free(tcp); 1864 return (NS_LDAP_CONFIG); 1865 } 1866 /* Appends an entry to the existing list */ 1867 if (ptr->paramList[type].ns_ptype != SCLLIST) { 1868 conf.ns_ppc = (char **)calloc(2, sizeof (char *)); 1869 if (conf.ns_ppc == NULL) { 1870 if (tcp != NULL) 1871 free(tcp); 1872 return (NS_LDAP_MEMORY); 1873 } 1874 conf.ns_acnt = 1; 1875 conf.ns_ppc[0] = (char *)strdup(cp); 1876 if (conf.ns_ppc[0] == NULL) { 1877 free(conf.ns_ppc); 1878 if (tcp != NULL) 1879 free(tcp); 1880 return (NS_LDAP_MEMORY); 1881 } 1882 } else { 1883 char *dp, *dpend; 1884 int fnd = 0; 1885 1886 /* Attempt to replace if possible */ 1887 dpend = strchr(cp, COLONTOK); 1888 len = dpend - cp; 1889 dp = (char *)malloc(len+1); 1890 if (dp == NULL) { 1891 if (tcp != NULL) 1892 free(tcp); 1893 return (NS_LDAP_MEMORY); 1894 } 1895 (void) strlcpy(dp, cp, len+1); 1896 fnd = 0; 1897 for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { 1898 dpend = strchr(ptr->paramList[type].ns_ppc[j], 1899 COLONTOK); 1900 if (dpend == NULL) 1901 continue; 1902 i = dpend - ptr->paramList[type].ns_ppc[j]; 1903 if (i != len) 1904 continue; 1905 if (strncmp(ptr->paramList[type].ns_ppc[j], 1906 dp, len) == 0) { 1907 conf.ns_acnt = 1908 ptr->paramList[type].ns_acnt; 1909 conf.ns_ppc = 1910 ptr->paramList[type].ns_ppc; 1911 ptr->paramList[type].ns_ppc = NULL; 1912 free(conf.ns_ppc[j]); 1913 conf.ns_ppc[j] = (char *)strdup(cp); 1914 if (conf.ns_ppc[j] == NULL) { 1915 free(dp); 1916 __s_api_free2dArray 1917 (conf.ns_ppc); 1918 if (tcp != NULL) 1919 free(tcp); 1920 return (NS_LDAP_MEMORY); 1921 } 1922 fnd = 1; 1923 break; 1924 } 1925 } 1926 free(dp); 1927 1928 if (fnd) 1929 break; /* Replaced completed */ 1930 1931 /* Append */ 1932 len = ptr->paramList[type].ns_acnt + 1; 1933 if (len > 1) { 1934 p = (char **)dupParam(&ptr->paramList[type]); 1935 if (p == NULL) { 1936 if (tcp != NULL) 1937 free(tcp); 1938 return (NS_LDAP_MEMORY); 1939 } 1940 } else 1941 p = NULL; 1942 conf.ns_ppc = 1943 (char **)realloc(p, (len+1) * sizeof (char *)); 1944 if (conf.ns_ppc == NULL) { 1945 __s_api_free2dArray(p); 1946 if (tcp != NULL) 1947 free(tcp); 1948 return (NS_LDAP_MEMORY); 1949 } 1950 conf.ns_acnt = len; 1951 conf.ns_ppc[len-1] = (char *)strdup(cp); 1952 if (conf.ns_ppc[len-1] == NULL) { 1953 __s_api_free2dArray(conf.ns_ppc); 1954 if (tcp != NULL) 1955 free(tcp); 1956 return (NS_LDAP_MEMORY); 1957 } 1958 conf.ns_ppc[len] = NULL; 1959 } 1960 break; 1961 case SSDLIST: 1962 /* 1963 * first check to see if colon (:) is there, 1964 * if so, make sure the serviceId is specified, 1965 * i.e., colon is not the first character 1966 */ 1967 if ((strchr(cp, COLONTOK)) == NULL || *cp == COLONTOK) { 1968 (void) snprintf(errstr, sizeof (errstr), 1969 gettext("Unable to set value: " 1970 "invalid serviceSearchDescriptor (%s)"), 1971 cp); 1972 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1973 strdup(errstr), NULL); 1974 if (tcp != NULL) 1975 free(tcp); 1976 return (NS_LDAP_CONFIG); 1977 } 1978 /* Appends an entry to the existing list */ 1979 if (ptr->paramList[type].ns_ptype != SSDLIST) { 1980 conf.ns_ppc = (char **)calloc(2, sizeof (char *)); 1981 if (conf.ns_ppc == NULL) { 1982 if (tcp != NULL) 1983 free(tcp); 1984 return (NS_LDAP_MEMORY); 1985 } 1986 conf.ns_acnt = 1; 1987 conf.ns_ppc[0] = (char *)strdup(cp); 1988 if (conf.ns_ppc[0] == NULL) { 1989 free(conf.ns_ppc); 1990 if (tcp != NULL) 1991 free(tcp); 1992 return (NS_LDAP_MEMORY); 1993 } 1994 } else { 1995 char *dp, *dpend; 1996 int fnd = 0; 1997 1998 /* Attempt to replace if possible */ 1999 dpend = strchr(cp, COLONTOK); 2000 len = dpend - cp; 2001 dp = (char *)malloc(len+1); 2002 if (dp == NULL) { 2003 if (tcp != NULL) 2004 free(tcp); 2005 return (NS_LDAP_MEMORY); 2006 } 2007 (void) strlcpy(dp, cp, len+1); 2008 fnd = 0; 2009 for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { 2010 dpend = strchr(ptr->paramList[type].ns_ppc[j], 2011 COLONTOK); 2012 if (dpend == NULL) 2013 continue; 2014 i = dpend - ptr->paramList[type].ns_ppc[j]; 2015 if (i != len) 2016 continue; 2017 if (strncmp(ptr->paramList[type].ns_ppc[j], 2018 dp, len) == 0) { 2019 conf.ns_acnt = 2020 ptr->paramList[type].ns_acnt; 2021 conf.ns_ppc = 2022 ptr->paramList[type].ns_ppc; 2023 ptr->paramList[type].ns_ppc = NULL; 2024 free(conf.ns_ppc[j]); 2025 conf.ns_ppc[j] = (char *)strdup(cp); 2026 if (conf.ns_ppc[j] == NULL) { 2027 free(dp); 2028 __s_api_free2dArray 2029 (conf.ns_ppc); 2030 if (tcp != NULL) 2031 free(tcp); 2032 return (NS_LDAP_MEMORY); 2033 } 2034 fnd = 1; 2035 break; 2036 } 2037 } 2038 free(dp); 2039 2040 if (fnd) 2041 break; /* Replaced completed */ 2042 2043 /* Append */ 2044 len = ptr->paramList[type].ns_acnt + 1; 2045 if (len > 1) { 2046 p = (char **)dupParam(&ptr->paramList[type]); 2047 if (p == NULL) { 2048 if (tcp != NULL) 2049 free(tcp); 2050 return (NS_LDAP_MEMORY); 2051 } 2052 } else 2053 p = NULL; 2054 conf.ns_ppc = 2055 (char **)realloc(p, (len+1) * sizeof (char *)); 2056 if (conf.ns_ppc == NULL) { 2057 __s_api_free2dArray(p); 2058 if (tcp != NULL) 2059 free(tcp); 2060 return (NS_LDAP_MEMORY); 2061 } 2062 conf.ns_acnt = len; 2063 conf.ns_ppc[len-1] = (char *)strdup(cp); 2064 if (conf.ns_ppc[len-1] == NULL) { 2065 __s_api_free2dArray(conf.ns_ppc); 2066 if (tcp != NULL) 2067 free(tcp); 2068 return (NS_LDAP_MEMORY); 2069 } 2070 conf.ns_ppc[len] = NULL; 2071 } 2072 break; 2073 case ARRAYCP: 2074 len = 0; 2075 for (cp2 = cp; *cp2; cp2++) { 2076 if (*cp2 == COMMATOK) 2077 len++; 2078 } 2079 if (cp != cp2) 2080 len++; 2081 if (len == 0) { 2082 conf.ns_ppc = (char **)NULL; 2083 conf.ns_acnt = 0; 2084 break; 2085 } 2086 conf.ns_ppc = (char **)calloc(len + 1, sizeof (char *)); 2087 if (conf.ns_ppc == NULL) { 2088 if (tcp != NULL) 2089 free(tcp); 2090 return (NS_LDAP_MEMORY); 2091 } 2092 conf.ns_acnt = len; 2093 i = 0; 2094 for (cp2 = cp; *cp2; cp2++) { 2095 if (*cp2 == COMMATOK) { 2096 j = cp2 - cp + 1; 2097 conf.ns_ppc[i] = (char *)malloc(j + 1); 2098 if (conf.ns_ppc[i] == NULL) { 2099 __s_api_free2dArray(conf.ns_ppc); 2100 if (tcp != NULL) 2101 free(tcp); 2102 return (NS_LDAP_MEMORY); 2103 } 2104 (void) strlcpy(conf.ns_ppc[i], cp, j); 2105 cp = cp2+1; 2106 while (*cp == SPACETOK || *cp == COMMATOK) 2107 cp++; 2108 cp2 = cp - 1; 2109 i++; 2110 } 2111 } 2112 j = cp2 - cp + 1; 2113 conf.ns_ppc[i] = (char *)malloc(j + 1); 2114 if (conf.ns_ppc[i] == NULL) { 2115 __s_api_free2dArray(conf.ns_ppc); 2116 if (tcp != NULL) 2117 free(tcp); 2118 return (NS_LDAP_MEMORY); 2119 } 2120 (void) strlcpy(conf.ns_ppc[i], cp, j); 2121 break; 2122 case SERVLIST: 2123 len = 0; 2124 for (cp2 = cp; *cp2; cp2++) { 2125 if (*cp2 == SPACETOK || *cp2 == COMMATOK) { 2126 len++; 2127 for (; *(cp2 + 1) == SPACETOK || 2128 *(cp2 +1) == COMMATOK; cp2++) 2129 ; 2130 } 2131 } 2132 if (cp != cp2) 2133 len++; 2134 if (len == 0) { 2135 conf.ns_ppc = (char **)NULL; 2136 conf.ns_acnt = 0; 2137 break; 2138 } 2139 conf.ns_ppc = (char **)calloc(len + 1, sizeof (char *)); 2140 if (conf.ns_ppc == NULL) { 2141 if (tcp != NULL) 2142 free(tcp); 2143 return (NS_LDAP_MEMORY); 2144 } 2145 conf.ns_acnt = len; 2146 i = 0; 2147 for (cp2 = cp; *cp2; cp2++) { 2148 if (*cp2 == SPACETOK || *cp2 == COMMATOK) { 2149 j = cp2 - cp + 1; 2150 conf.ns_ppc[i] = (char *)malloc(j + 1); 2151 if (conf.ns_ppc[i] == NULL) { 2152 __s_api_free2dArray(conf.ns_ppc); 2153 if (tcp != NULL) 2154 free(tcp); 2155 return (NS_LDAP_MEMORY); 2156 } 2157 (void) strlcpy(conf.ns_ppc[i], cp, j); 2158 cp = cp2+1; 2159 while (*cp == SPACETOK || *cp == COMMATOK) 2160 cp++; 2161 cp2 = cp - 1; 2162 i++; 2163 } 2164 } 2165 j = cp2 - cp + 1; 2166 conf.ns_ppc[i] = (char *)malloc(j + 1); 2167 if (conf.ns_ppc[i] == NULL) { 2168 __s_api_free2dArray(conf.ns_ppc); 2169 if (tcp != NULL) 2170 free(tcp); 2171 return (NS_LDAP_MEMORY); 2172 } 2173 (void) strlcpy(conf.ns_ppc[i], cp, j); 2174 break; 2175 case ARRAYAUTH: 2176 len = 0; 2177 for (cp2 = cp; *cp2; cp2++) { 2178 if (*cp2 == SEMITOK || *cp2 == COMMATOK) 2179 len++; 2180 } 2181 if (cp != cp2) 2182 len++; 2183 if (len == 0) { 2184 conf.ns_pi = (int *)NULL; 2185 conf.ns_acnt = 0; 2186 break; 2187 } 2188 conf.ns_pi = (int *)calloc(len + 1, sizeof (int)); 2189 if (conf.ns_pi == NULL) { 2190 if (tcp != NULL) 2191 free(tcp); 2192 return (NS_LDAP_MEMORY); 2193 } 2194 conf.ns_acnt = len; 2195 i = 0; 2196 for (cp2 = cp; *cp2; cp2++) { 2197 if (*cp2 == SEMITOK || *cp2 == COMMATOK) { 2198 j = cp2 - cp + 1; 2199 if (j > sizeof (tbuf)) { 2200 j = -1; 2201 ptbuf = cp; 2202 } else { 2203 (void) strlcpy(tbuf, cp, j); 2204 j = __s_get_enum_value(ptr, tbuf, 2205 def->index); 2206 ptbuf = tbuf; 2207 } 2208 if (j < 0) { 2209 (void) snprintf(errstr, sizeof (errstr), 2210 gettext("Unable to set value: " 2211 "invalid " 2212 "authenticationMethod (%s)"), 2213 ptbuf); 2214 MKERROR(LOG_ERR, *error, 2215 NS_CONFIG_SYNTAX, 2216 strdup(errstr), NULL); 2217 free(conf.ns_pi); 2218 if (tcp != NULL) 2219 free(tcp); 2220 return (NS_LDAP_CONFIG); 2221 } 2222 conf.ns_pi[i] = j; 2223 cp = cp2+1; 2224 i++; 2225 } 2226 } 2227 j = cp2 - cp + 1; 2228 if (j > sizeof (tbuf)) { 2229 j = -1; 2230 ptbuf = cp; 2231 } else { 2232 (void) strlcpy(tbuf, cp, j); 2233 j = __s_get_enum_value(ptr, tbuf, def->index); 2234 ptbuf = tbuf; 2235 } 2236 if (j < 0) { 2237 (void) snprintf(errstr, sizeof (errstr), 2238 gettext("Unable to set value: " 2239 "invalid authenticationMethod (%s)"), ptbuf); 2240 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 2241 strdup(errstr), NULL); 2242 if (tcp != NULL) 2243 free(tcp); 2244 return (NS_LDAP_CONFIG); 2245 } 2246 conf.ns_pi[i] = j; 2247 break; 2248 case ARRAYCRED: 2249 len = 0; 2250 for (cp2 = cp; *cp2; cp2++) { 2251 if (*cp2 == SPACETOK) 2252 len++; 2253 } 2254 if (cp != cp2) 2255 len++; 2256 if (len == 0) { 2257 conf.ns_pi = (int *)NULL; 2258 conf.ns_acnt = 0; 2259 break; 2260 } 2261 conf.ns_pi = (int *)calloc(len + 1, sizeof (int)); 2262 if (conf.ns_pi == NULL) { 2263 if (tcp != NULL) 2264 free(tcp); 2265 return (NS_LDAP_MEMORY); 2266 } 2267 conf.ns_acnt = len; 2268 i = 0; 2269 for (cp2 = cp; *cp2; cp2++) { 2270 if (*cp2 == SPACETOK) { 2271 j = cp2 - cp + 1; 2272 if (j > sizeof (tbuf)) { 2273 j = -1; 2274 ptbuf = cp; 2275 } else { 2276 (void) strlcpy(tbuf, cp, j); 2277 j = __s_get_enum_value(ptr, tbuf, 2278 def->index); 2279 ptbuf = tbuf; 2280 } 2281 if (j < 0) { 2282 (void) snprintf(errstr, sizeof (errstr), 2283 gettext("Unable to set value: " 2284 "invalid credentialLevel (%s)"), 2285 ptbuf); 2286 MKERROR(LOG_ERR, *error, 2287 NS_CONFIG_SYNTAX, 2288 strdup(errstr), NULL); 2289 free(conf.ns_pi); 2290 if (tcp != NULL) 2291 free(tcp); 2292 return (NS_LDAP_CONFIG); 2293 } 2294 conf.ns_pi[i] = j; 2295 cp = cp2+1; 2296 i++; 2297 } 2298 } 2299 j = cp2 - cp + 1; 2300 if (j > sizeof (tbuf)) { 2301 j = -1; 2302 ptbuf = cp; 2303 } else { 2304 (void) strlcpy(tbuf, cp, j); 2305 j = __s_get_enum_value(ptr, tbuf, def->index); 2306 ptbuf = tbuf; 2307 } 2308 if (j < 0) { 2309 (void) snprintf(errstr, sizeof (errstr), 2310 gettext("Unable to set value: " 2311 "invalid credentialLevel (%s)"), ptbuf); 2312 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 2313 strdup(errstr), NULL); 2314 if (tcp != NULL) 2315 free(tcp); 2316 return (NS_LDAP_CONFIG); 2317 } 2318 conf.ns_pi[i] = j; 2319 break; 2320 case ATTRMAP: 2321 case OBJMAP: 2322 i = __s_api_parse_map(cp, &sid, &origA, &mapA); 2323 if (i != NS_HASH_RC_SUCCESS) { 2324 if (i == NS_HASH_RC_NO_MEMORY) { 2325 exitrc = NS_LDAP_MEMORY; 2326 } else { 2327 (void) snprintf(errstr, sizeof (errstr), 2328 gettext("Unable to set value: " 2329 "invalid schema mapping (%s)"), cp); 2330 exitrc = NS_LDAP_CONFIG; 2331 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 2332 strdup(errstr), NULL); 2333 } 2334 if (tcp) 2335 free(tcp); 2336 return (exitrc); 2337 } 2338 2339 /* 2340 * Add reverse map first. 2341 * There could be more than one. 2342 */ 2343 for (attr = mapA; *attr; attr++) { 2344 2345 free_memory = 1; 2346 exitrc = NS_LDAP_MEMORY; 2347 2348 rmap = (ns_mapping_t *)calloc(1, 2349 sizeof (ns_mapping_t)); 2350 if (rmap) { 2351 rmap->service = strdup(sid); 2352 if (rmap->service) { 2353 rmap->orig = strdup(*attr); 2354 if (rmap->orig) { 2355 rmap->map = (char **)calloc(2, 2356 sizeof (char *)); 2357 if (rmap->map) { 2358 (rmap->map)[0] = 2359 strdup(origA); 2360 if ((rmap->map)[0]) 2361 free_memory = 0; 2362 } 2363 } 2364 } 2365 } 2366 2367 if (free_memory == 0) { 2368 if (def->data_type == ATTRMAP) { 2369 rmap->type = NS_ATTR_MAP; 2370 i = __s_api_add_map2hash(ptr, 2371 NS_HASH_RAMAP, rmap); 2372 } else { 2373 rmap->type = NS_OBJ_MAP; 2374 i = __s_api_add_map2hash(ptr, 2375 NS_HASH_ROMAP, rmap); 2376 } 2377 2378 if (i != NS_HASH_RC_SUCCESS) { 2379 switch (i) { 2380 case NS_HASH_RC_CONFIG_ERROR: 2381 exitrc = NS_LDAP_INTERNAL; 2382 (void) snprintf(errstr, 2383 sizeof (errstr), 2384 gettext( 2385 "Unable to set value: " 2386 "no configuration info " 2387 "for schema map " 2388 "update (%s)"), cp); 2389 MKERROR(LOG_ERR, *error, 2390 NS_LDAP_INTERNAL, 2391 strdup(errstr), 2392 NULL); 2393 break; 2394 case NS_HASH_RC_EXISTED: 2395 exitrc = NS_LDAP_CONFIG; 2396 (void) snprintf(errstr, 2397 sizeof (errstr), 2398 gettext( 2399 "Unable to set value: " 2400 "schema map " 2401 "already existed for " 2402 "(%s, %s)."), 2403 *attr, origA); 2404 MKERROR(LOG_ERR, *error, 2405 NS_CONFIG_SYNTAX, 2406 strdup(errstr), 2407 NULL); 2408 break; 2409 case NS_HASH_RC_NO_MEMORY: 2410 exitrc = NS_LDAP_MEMORY; 2411 break; 2412 } 2413 free_memory = 1; 2414 } 2415 } 2416 2417 if (free_memory) { 2418 if (tcp) 2419 free(tcp); 2420 free(sid); 2421 free(origA); 2422 __s_api_free2dArray(mapA); 2423 if (rmap) { 2424 if (rmap->service) 2425 free(rmap->service); 2426 if (rmap->orig) 2427 free(rmap->orig); 2428 if (rmap->map) { 2429 if ((rmap->map)[0]) 2430 free((rmap->map)[0]); 2431 free(rmap->map); 2432 } 2433 free(rmap); 2434 } 2435 return (exitrc); 2436 } 2437 } 2438 2439 /* 2440 * For performance gain, 2441 * add a "schema mapping existed" indicator 2442 * for the given service if not already added. 2443 * This dummy map needs not be removed, if 2444 * the next real map add operation fails. 2445 * since the caller, e.g. ldap_cachemgr. 2446 * should exit anyway. 2447 */ 2448 free_memory = 1; 2449 exitrc = NS_LDAP_MEMORY; 2450 2451 map = (ns_mapping_t *)calloc(1, 2452 sizeof (ns_mapping_t)); 2453 if (map) { 2454 map->service = strdup(sid); 2455 if (map->service) { 2456 map->orig = strdup( 2457 NS_HASH_SCHEMA_MAPPING_EXISTED); 2458 if (map->orig) { 2459 map->map = (char **)calloc(2, 2460 sizeof (char *)); 2461 if (map->map) { 2462 (map->map)[0] = 2463 strdup(sid); 2464 if ((map->map)[0]) 2465 free_memory = 0; 2466 } 2467 } 2468 } 2469 } 2470 2471 if (free_memory == 0) { 2472 map->type = NS_ATTR_MAP; 2473 /* 2474 * add to reverse map, 2475 * so that "ldapclient list" 2476 * would not show it 2477 */ 2478 i = __s_api_add_map2hash(ptr, 2479 NS_HASH_RAMAP, map); 2480 2481 /* 2482 * ignore "map already existed" error, 2483 * just need one per service. 2484 * Need however to free memory allocated 2485 * for map. 2486 */ 2487 if (i != NS_HASH_RC_SUCCESS && 2488 i != NS_HASH_RC_EXISTED) { 2489 switch (i) { 2490 case NS_HASH_RC_CONFIG_ERROR: 2491 exitrc = NS_LDAP_INTERNAL; 2492 (void) snprintf(errstr, 2493 sizeof (errstr), 2494 gettext( 2495 "Unable to set value: " 2496 "no configuration info " 2497 "for schema map " 2498 "update (%s)"), cp); 2499 MKERROR(LOG_ERR, *error, 2500 NS_LDAP_INTERNAL, 2501 strdup(errstr), 2502 NULL); 2503 break; 2504 case NS_HASH_RC_NO_MEMORY: 2505 exitrc = NS_LDAP_MEMORY; 2506 break; 2507 } 2508 free_memory = 1; 2509 } else if (i == NS_HASH_RC_EXISTED) { 2510 if (map->service) 2511 free(map->service); 2512 if (map->orig) 2513 free(map->orig); 2514 if (map->map) { 2515 if ((map->map)[0]) 2516 free((map->map)[0]); 2517 free(map->map); 2518 } 2519 free(map); 2520 map = NULL; 2521 } 2522 } 2523 2524 if (free_memory) { 2525 if (tcp) 2526 free(tcp); 2527 free(sid); 2528 free(origA); 2529 __s_api_free2dArray(mapA); 2530 if (map) { 2531 if (map->service) 2532 free(map->service); 2533 if (map->orig) 2534 free(map->orig); 2535 if (map->map) { 2536 if ((map->map)[0]) 2537 free((map->map)[0]); 2538 free(map->map); 2539 } 2540 free(map); 2541 } 2542 return (exitrc); 2543 } 2544 2545 /* 2546 * add the real schema map 2547 */ 2548 free_memory = 1; 2549 exitrc = NS_LDAP_MEMORY; 2550 map = (ns_mapping_t *)calloc(1, sizeof (ns_mapping_t)); 2551 if (map) { 2552 map->service = sid; 2553 map->orig = origA; 2554 map->map = mapA; 2555 2556 if (def->data_type == ATTRMAP) { 2557 map->type = NS_ATTR_MAP; 2558 i = __s_api_add_map2hash(ptr, 2559 NS_HASH_AMAP, map); 2560 } else { 2561 map->type = NS_OBJ_MAP; 2562 i = __s_api_add_map2hash(ptr, 2563 NS_HASH_OMAP, map); 2564 } 2565 2566 if (i != NS_HASH_RC_SUCCESS) { 2567 switch (i) { 2568 case NS_HASH_RC_CONFIG_ERROR: 2569 exitrc = NS_LDAP_INTERNAL; 2570 (void) snprintf(errstr, 2571 sizeof (errstr), 2572 gettext( 2573 "Unable to set value: " 2574 "no configuration info " 2575 "for schema map " 2576 "update (%s)"), cp); 2577 MKERROR(LOG_ERR, *error, 2578 NS_LDAP_INTERNAL, 2579 strdup(errstr), 2580 NULL); 2581 break; 2582 case NS_HASH_RC_EXISTED: 2583 exitrc = NS_LDAP_CONFIG; 2584 (void) snprintf(errstr, 2585 sizeof (errstr), 2586 gettext( 2587 "Unable to set value: " 2588 "schema map " 2589 "already existed for " 2590 "'%s'."), origA); 2591 MKERROR(LOG_ERR, *error, 2592 NS_CONFIG_SYNTAX, 2593 strdup(errstr), 2594 NULL); 2595 break; 2596 case NS_HASH_RC_NO_MEMORY: 2597 exitrc = NS_LDAP_MEMORY; 2598 break; 2599 } 2600 free_memory = 1; 2601 } else 2602 free_memory = 0; 2603 } 2604 2605 if (free_memory) { 2606 if (tcp) 2607 free(tcp); 2608 free(sid); 2609 free(origA); 2610 __s_api_free2dArray(mapA); 2611 if (map) 2612 free(map); 2613 return (exitrc); 2614 } 2615 2616 break; 2617 default: 2618 /* This should never happen. */ 2619 (void) snprintf(errstr, sizeof (errstr), 2620 gettext("Unable to set value: invalid configuration " 2621 "type (%d)"), def->data_type); 2622 MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), 2623 NULL); 2624 if (tcp != NULL) 2625 free(tcp); 2626 return (NS_LDAP_CONFIG); 2627 } 2628 conf.ns_ptype = def->data_type; 2629 if (tcp != NULL) 2630 free(tcp); 2631 2632 /* Individually written verify routines here can replace */ 2633 /* verify_value. Verify conf (data) as appropriate here */ 2634 if (def->ns_verify != NULL) { 2635 if ((*def->ns_verify)(type, def, &conf, errstr) != NS_SUCCESS) { 2636 ns_param_t sav_conf; 2637 2638 (void) snprintf(errstr, sizeof (errstr), 2639 gettext("%s"), errstr); 2640 MKERROR(LOG_WARNING, *error, NS_CONFIG_SYNTAX, 2641 strdup(errstr), NULL); 2642 2643 sav_conf = ptr->paramList[type]; 2644 ptr->paramList[type] = conf; 2645 destroy_param(ptr, type); 2646 ptr->paramList[type] = sav_conf; 2647 2648 return (NS_LDAP_CONFIG); 2649 } 2650 } 2651 2652 /* post evaluate the data */ 2653 2654 /* 2655 * if this is for setting a password, 2656 * encrypt the password first. 2657 * NOTE evalue() is smart and will just return 2658 * the value passed if it is already encrypted. 2659 * 2660 * Init NS_LDAP_EXP_P here when CACHETTL is updated 2661 */ 2662 if (type == NS_LDAP_BINDPASSWD_P || 2663 type == NS_LDAP_ADMIN_BINDPASSWD_P) { 2664 cp = conf.ns_pc; 2665 cp2 = evalue((char *)cp); 2666 conf.ns_pc = cp2; 2667 free(cp); 2668 cp = NULL; 2669 } else if (type == NS_LDAP_FILE_VERSION_P) { 2670 ptr->version = NS_LDAP_V1; 2671 if (strcasecmp(conf.ns_pc, NS_LDAP_VERSION_2) == 0) { 2672 ptr->version = NS_LDAP_V2; 2673 } 2674 } else if (type == NS_LDAP_CACHETTL_P) { 2675 cp = conf.ns_pc; 2676 tm = conv_time(cp); 2677 ptr->paramList[NS_LDAP_EXP_P].ns_ptype = TIMET; 2678 if (tm != 0) { 2679 tm += time(NULL); 2680 } 2681 ptr->paramList[NS_LDAP_EXP_P].ns_tm = tm; 2682 } 2683 2684 /* Everything checks out move new values into param */ 2685 destroy_param(ptr, type); 2686 /* Assign new/updated value into paramList */ 2687 ptr->paramList[type] = conf; 2688 2689 return (NS_LDAP_SUCCESS); 2690 } 2691 2692 2693 /* 2694 * Set a parameter value in the 'config' configuration structure 2695 * Lock as appropriate 2696 */ 2697 2698 int 2699 __ns_ldap_setParam(const ParamIndexType type, 2700 const void *data, ns_ldap_error_t **error) 2701 { 2702 ns_ldap_error_t *errorp; 2703 int ret; 2704 char errstr[2 * MAXERROR]; 2705 ns_config_t *cfg; 2706 ns_config_t *cfg_g = (ns_config_t *)-1; 2707 ns_config_t *new_cfg; 2708 boolean_t reinit_connmgmt = B_FALSE; 2709 2710 /* We want to refresh only one configuration at a time */ 2711 (void) mutex_lock(&ns_loadrefresh_lock); 2712 cfg = __s_api_get_default_config(); 2713 2714 if (cache_server == TRUE) { 2715 if (cfg == NULL) { 2716 __ns_ldap_default_config(); 2717 cfg = __s_api_get_default_config(); 2718 if (cfg == NULL) { 2719 (void) mutex_unlock(&ns_loadrefresh_lock); 2720 return (NS_LDAP_MEMORY); 2721 } 2722 } 2723 } else { 2724 /* 2725 * This code always return error here on client side, 2726 * this needs to change once libsldap is used by more 2727 * applications that need to set parameters. 2728 */ 2729 (void) snprintf(errstr, sizeof (errstr), 2730 gettext("Unable to set parameter from a client in " 2731 "__ns_ldap_setParam()")); 2732 MKERROR(LOG_WARNING, *error, NS_CONFIG_SYNTAX, strdup(errstr), 2733 NULL); 2734 if (cfg != NULL) 2735 __s_api_release_config(cfg); 2736 (void) mutex_unlock(&ns_loadrefresh_lock); 2737 return (NS_LDAP_CONFIG); 2738 } 2739 2740 /* (re)initialize configuration if necessary */ 2741 if (!__s_api_isStandalone() && 2742 cache_server == FALSE && timetorefresh(cfg)) 2743 cfg_g = __s_api_get_default_config_global(); 2744 /* only (re)initialize the global configuration */ 2745 if (cfg == cfg_g) { 2746 if (cfg_g != NULL) 2747 __s_api_release_config(cfg_g); 2748 new_cfg = LoadCacheConfiguration(cfg, &errorp); 2749 if (new_cfg != cfg) 2750 __s_api_release_config(cfg); 2751 if (new_cfg == NULL) { 2752 (void) snprintf(errstr, sizeof (errstr), 2753 gettext("Unable to load configuration '%s' " 2754 "('%s')."), NSCONFIGFILE, 2755 errorp != NULL && errorp->message != NULL ? 2756 errorp->message : ""); 2757 MKERROR(LOG_WARNING, *error, NS_CONFIG_NOTLOADED, 2758 strdup(errstr), NULL); 2759 if (errorp != NULL) 2760 (void) __ns_ldap_freeError(&errorp); 2761 (void) mutex_unlock(&ns_loadrefresh_lock); 2762 return (NS_LDAP_CONFIG); 2763 } 2764 if (new_cfg != cfg) { 2765 set_curr_config_global(new_cfg); 2766 cfg = new_cfg; 2767 reinit_connmgmt = B_TRUE; 2768 } 2769 } 2770 (void) mutex_unlock(&ns_loadrefresh_lock); 2771 2772 if (reinit_connmgmt == B_TRUE) 2773 __s_api_reinit_conn_mgmt_new_config(cfg); 2774 2775 /* translate input and save in the parameter list */ 2776 ret = __ns_ldap_setParamValue(cfg, type, data, error); 2777 2778 __s_api_release_config(cfg); 2779 2780 return (ret); 2781 } 2782 2783 2784 /* 2785 * Make a copy of a parameter entry 2786 */ 2787 2788 static void ** 2789 dupParam(ns_param_t *ptr) 2790 { 2791 int count, i; 2792 void **dupdata, *ret; 2793 int *intptr; 2794 char *cp, tmbuf[32]; 2795 static time_t expire = 0; 2796 ns_auth_t *ap; 2797 2798 switch (ptr->ns_ptype) { 2799 case ARRAYAUTH: 2800 case ARRAYCRED: 2801 case SAMLIST: 2802 case SCLLIST: 2803 case SSDLIST: 2804 case SERVLIST: 2805 case ARRAYCP: 2806 count = ptr->ns_acnt; 2807 if (count == 0) 2808 return (NULL); 2809 break; 2810 case CHARPTR: 2811 case INT: 2812 case TIMET: 2813 count = 1; 2814 } 2815 2816 dupdata = (void **)calloc((count + 1), sizeof (void *)); 2817 if (dupdata == NULL) 2818 return (NULL); 2819 2820 switch (ptr->ns_ptype) { 2821 case ARRAYAUTH: 2822 for (i = 0; i < count; i++) { 2823 ap = __s_api_AuthEnumtoStruct( 2824 (EnumAuthType_t)ptr->ns_pi[i]); 2825 if (ap == NULL) { 2826 free(dupdata); 2827 return (NULL); 2828 } 2829 dupdata[i] = ap; 2830 } 2831 break; 2832 case ARRAYCRED: 2833 for (i = 0; i < count; i++) { 2834 intptr = (int *)malloc(sizeof (int)); 2835 if (intptr == NULL) { 2836 free(dupdata); 2837 return (NULL); 2838 } 2839 dupdata[i] = (void *)intptr; 2840 *intptr = ptr->ns_pi[i]; 2841 } 2842 break; 2843 case SAMLIST: 2844 case SCLLIST: 2845 case SSDLIST: 2846 case SERVLIST: 2847 case ARRAYCP: 2848 for (i = 0; i < count; i++) { 2849 ret = (void *)strdup(ptr->ns_ppc[i]); 2850 if (ret == NULL) { 2851 free(dupdata); 2852 return (NULL); 2853 } 2854 dupdata[i] = ret; 2855 } 2856 break; 2857 case CHARPTR: 2858 if (ptr->ns_pc == NULL) { 2859 free(dupdata); 2860 return (NULL); 2861 } 2862 ret = (void *)strdup(ptr->ns_pc); 2863 if (ret == NULL) { 2864 free(dupdata); 2865 return (NULL); 2866 } 2867 dupdata[0] = ret; 2868 break; 2869 case INT: 2870 intptr = (int *)malloc(sizeof (int)); 2871 if (intptr == NULL) { 2872 free(dupdata); 2873 return (NULL); 2874 } 2875 *intptr = ptr->ns_i; 2876 dupdata[0] = (void *)intptr; 2877 break; 2878 case TIMET: 2879 expire = ptr->ns_tm; 2880 tmbuf[31] = '\0'; 2881 cp = lltostr((long)expire, &tmbuf[31]); 2882 ret = (void *)strdup(cp); 2883 if (ret == NULL) { 2884 free(dupdata); 2885 return (NULL); 2886 } 2887 dupdata[0] = ret; 2888 break; 2889 } 2890 return (dupdata); 2891 } 2892 2893 int 2894 __ns_ldap_freeParam(void ***data) 2895 { 2896 void **tmp; 2897 int i = 0; 2898 2899 if (*data == NULL) 2900 return (NS_LDAP_SUCCESS); 2901 2902 for (i = 0, tmp = *data; tmp[i] != NULL; i++) 2903 free(tmp[i]); 2904 2905 free(*data); 2906 2907 *data = NULL; 2908 2909 return (NS_LDAP_SUCCESS); 2910 } 2911 2912 /* 2913 * Get the internal format for a parameter value. This 2914 * routine makes a copy of an internal param value from 2915 * the currently active parameter list and returns it. 2916 */ 2917 2918 int 2919 __ns_ldap_getParam(const ParamIndexType Param, 2920 void ***data, ns_ldap_error_t **error) 2921 { 2922 char errstr[2 * MAXERROR]; 2923 ns_ldap_error_t *errorp; 2924 ns_default_config *def; 2925 ns_config_t *cfg; 2926 ns_config_t *cfg_g = (ns_config_t *)-1; 2927 ns_config_t *new_cfg; 2928 boolean_t reinit_connmgmt = B_FALSE; 2929 2930 if (data == NULL) 2931 return (NS_LDAP_INVALID_PARAM); 2932 2933 *data = NULL; 2934 2935 /* We want to refresh only one configuration at a time */ 2936 (void) mutex_lock(&ns_loadrefresh_lock); 2937 cfg = __s_api_get_default_config(); 2938 2939 /* (re)initialize configuration if necessary */ 2940 if (!__s_api_isStandalone() && 2941 cache_server == FALSE && timetorefresh(cfg)) 2942 cfg_g = __s_api_get_default_config_global(); 2943 /* only (re)initialize the global configuration */ 2944 if (cfg == cfg_g) { 2945 if (cfg_g != NULL) 2946 __s_api_release_config(cfg_g); 2947 new_cfg = LoadCacheConfiguration(cfg, &errorp); 2948 if (new_cfg != cfg) 2949 __s_api_release_config(cfg); 2950 if (new_cfg == NULL) { 2951 (void) snprintf(errstr, sizeof (errstr), 2952 gettext("Unable to load configuration " 2953 "'%s' ('%s')."), 2954 NSCONFIGFILE, 2955 errorp != NULL && errorp->message != NULL ? 2956 errorp->message : ""); 2957 MKERROR(LOG_WARNING, *error, NS_CONFIG_NOTLOADED, 2958 strdup(errstr), NULL); 2959 if (errorp != NULL) 2960 (void) __ns_ldap_freeError(&errorp); 2961 (void) mutex_unlock(&ns_loadrefresh_lock); 2962 return (NS_LDAP_CONFIG); 2963 } 2964 if (new_cfg != cfg) { 2965 set_curr_config_global(new_cfg); 2966 cfg = new_cfg; 2967 reinit_connmgmt = B_TRUE; 2968 } 2969 } 2970 (void) mutex_unlock(&ns_loadrefresh_lock); 2971 2972 if (reinit_connmgmt == B_TRUE) 2973 __s_api_reinit_conn_mgmt_new_config(cfg); 2974 2975 if (cfg == NULL) { 2976 (void) snprintf(errstr, sizeof (errstr), 2977 gettext("No configuration information available.")); 2978 MKERROR(LOG_ERR, *error, NS_CONFIG_NOTLOADED, 2979 strdup(errstr), NULL); 2980 return (NS_LDAP_CONFIG); 2981 } 2982 2983 if (Param == NS_LDAP_DOMAIN_P) { 2984 *data = (void **)calloc(2, sizeof (void *)); 2985 if (*data == NULL) { 2986 __s_api_release_config(cfg); 2987 return (NS_LDAP_MEMORY); 2988 } 2989 (*data)[0] = (void *)strdup(cfg->domainName); 2990 if ((*data)[0] == NULL) { 2991 free(*data); 2992 __s_api_release_config(cfg); 2993 return (NS_LDAP_MEMORY); 2994 } 2995 } else if (cfg->paramList[Param].ns_ptype == NS_UNKNOWN) { 2996 /* get default */ 2997 def = get_defconfig(cfg, Param); 2998 if (def != NULL) 2999 *data = dupParam(&def->defval); 3000 } else { 3001 *data = dupParam(&(cfg->paramList[Param])); 3002 } 3003 __s_api_release_config(cfg); 3004 3005 return (NS_LDAP_SUCCESS); 3006 } 3007 3008 /* 3009 * This routine takes a parameter in internal format and 3010 * translates it into a variety of string formats for various 3011 * outputs (doors/file/ldif). This routine would be better 3012 * named: __ns_ldap_translateParam2String 3013 */ 3014 3015 char * 3016 __s_api_strValue(ns_config_t *cfg, ParamIndexType index, ns_strfmt_t fmt) 3017 { 3018 ns_default_config *def = NULL; 3019 ns_param_t *ptr; 3020 ns_hash_t *hptr; 3021 ns_mapping_t *mptr; 3022 char ibuf[14]; 3023 char abuf[64], **cpp; 3024 int count, i; 3025 boolean_t first = B_TRUE; 3026 LineBuf lbuf; 3027 LineBuf *buffer = &lbuf; 3028 char *retstring; 3029 char *sepstr; 3030 3031 if (cfg == NULL) 3032 return (NULL); 3033 3034 /* NS_LDAP_EXP and TRANSPORT_SEC are not exported externally */ 3035 if (index == NS_LDAP_EXP_P || index == NS_LDAP_TRANSPORT_SEC_P) 3036 return (NULL); 3037 3038 /* Return nothing if the value is the default */ 3039 if (cfg->paramList[index].ns_ptype == NS_UNKNOWN) 3040 return (NULL); 3041 3042 (void) memset((char *)buffer, 0, sizeof (LineBuf)); 3043 3044 ptr = &(cfg->paramList[index]); 3045 3046 abuf[0] = '\0'; 3047 3048 /* get default */ 3049 def = get_defconfig(cfg, index); 3050 if (def == NULL) 3051 return (NULL); 3052 3053 switch (fmt) { 3054 case NS_DOOR_FMT: 3055 (void) strlcpy(abuf, def->name, sizeof (abuf)); 3056 (void) strlcat(abuf, EQUALSEP, sizeof (abuf)); 3057 break; 3058 case NS_FILE_FMT: 3059 (void) strlcpy(abuf, def->name, sizeof (abuf)); 3060 (void) strlcat(abuf, EQUSPSEP, sizeof (abuf)); 3061 break; 3062 case NS_LDIF_FMT: 3063 /* If no LDIF attr exists ignore the entry */ 3064 if (def->profile_name == NULL) 3065 return (NULL); 3066 (void) strlcpy(abuf, def->profile_name, sizeof (abuf)); 3067 (void) strlcat(abuf, COLSPSEP, sizeof (abuf)); 3068 break; 3069 default: 3070 break; 3071 } 3072 3073 if (__print2buf(buffer, abuf, NULL)) 3074 goto strValueError; 3075 3076 switch (ptr->ns_ptype) { 3077 case ARRAYAUTH: 3078 count = ptr->ns_acnt; 3079 for (i = 0; i < count; i++) { 3080 sepstr = NULL; 3081 if (i != count-1) { 3082 if (cfg->version == NS_LDAP_V1) { 3083 sepstr = COMMASEP; 3084 } else { 3085 sepstr = SEMISEP; 3086 } 3087 } 3088 if (__print2buf(buffer, __s_get_auth_name(cfg, 3089 (AuthType_t)(ptr->ns_pi[i])), sepstr)) 3090 goto strValueError; 3091 } 3092 break; 3093 case ARRAYCRED: 3094 count = ptr->ns_acnt; 3095 for (i = 0; i < count; i++) { 3096 sepstr = NULL; 3097 if (i != count-1) { 3098 sepstr = SPACESEP; 3099 } 3100 if (__print2buf(buffer, __s_get_credlvl_name(cfg, 3101 (CredLevel_t)ptr->ns_pi[i]), sepstr)) 3102 goto strValueError; 3103 } 3104 break; 3105 case SAMLIST: 3106 case SCLLIST: 3107 case SSDLIST: 3108 count = ptr->ns_acnt; 3109 for (i = 0; i < count; i++) { 3110 if (__print2buf(buffer, ptr->ns_ppc[i], NULL)) 3111 goto strValueError; 3112 3113 if (i == count-1) 3114 continue; 3115 3116 /* Separate items */ 3117 switch (fmt) { 3118 case NS_DOOR_FMT: 3119 if (__print2buf(buffer, DOORLINESEP, NULL) || 3120 __print2buf(buffer, def->name, EQUALSEP)) 3121 goto strValueError; 3122 break; 3123 case NS_FILE_FMT: 3124 if (__print2buf(buffer, "\n", NULL) || 3125 __print2buf(buffer, def->name, EQUSPSEP)) 3126 goto strValueError; 3127 break; 3128 case NS_LDIF_FMT: 3129 if (__print2buf(buffer, "\n", NULL) || 3130 __print2buf(buffer, def->profile_name, 3131 COLSPSEP)) 3132 goto strValueError; 3133 break; 3134 } 3135 } 3136 break; 3137 case ARRAYCP: 3138 count = ptr->ns_acnt; 3139 for (i = 0; i < count; i++) { 3140 sepstr = NULL; 3141 if (i != count-1) { 3142 sepstr = COMMASEP; 3143 } 3144 if (__print2buf(buffer, ptr->ns_ppc[i], sepstr)) 3145 goto strValueError; 3146 } 3147 break; 3148 case SERVLIST: 3149 count = ptr->ns_acnt; 3150 for (i = 0; i < count; i++) { 3151 sepstr = NULL; 3152 if (i != count-1) { 3153 if (fmt == NS_LDIF_FMT) { 3154 sepstr = SPACESEP; 3155 } else { 3156 sepstr = COMMASEP; 3157 } 3158 } 3159 if (__print2buf(buffer, ptr->ns_ppc[i], sepstr)) 3160 goto strValueError; 3161 } 3162 break; 3163 case CHARPTR: 3164 if (ptr->ns_pc == NULL) 3165 break; 3166 if (__print2buf(buffer, ptr->ns_pc, NULL)) 3167 goto strValueError; 3168 break; 3169 case INT: 3170 switch (def->index) { 3171 case NS_LDAP_PREF_ONLY_P: 3172 if (__print2buf(buffer, 3173 __s_get_pref_name((PrefOnly_t)ptr->ns_i), NULL)) 3174 goto strValueError; 3175 break; 3176 case NS_LDAP_SEARCH_REF_P: 3177 if (__print2buf(buffer, __s_get_searchref_name(cfg, 3178 (SearchRef_t)ptr->ns_i), NULL)) 3179 goto strValueError; 3180 break; 3181 case NS_LDAP_SEARCH_SCOPE_P: 3182 if (__print2buf(buffer, __s_get_scope_name(cfg, 3183 (ScopeType_t)ptr->ns_i), NULL)) 3184 goto strValueError; 3185 break; 3186 case NS_LDAP_ENABLE_SHADOW_UPDATE_P: 3187 if (__print2buf(buffer, __s_get_shadowupdate_name( 3188 (enableShadowUpdate_t)ptr->ns_i), NULL)) 3189 goto strValueError; 3190 break; 3191 default: 3192 (void) snprintf(ibuf, sizeof (ibuf), 3193 "%d", ptr->ns_i); 3194 if (__print2buf(buffer, ibuf, NULL)) 3195 goto strValueError; 3196 break; 3197 } 3198 break; 3199 case ATTRMAP: 3200 for (hptr = cfg->llHead; hptr; hptr = hptr->h_llnext) { 3201 if (hptr->h_type != NS_HASH_AMAP) { 3202 continue; 3203 } 3204 if (!first) { 3205 /* print abuf as "separator" */ 3206 if (fmt == NS_DOOR_FMT) { 3207 if (__print2buf(buffer, DOORLINESEP, 3208 abuf)) 3209 goto strValueError; 3210 } else { 3211 if (__print2buf(buffer, "\n", abuf)) 3212 goto strValueError; 3213 } 3214 } 3215 mptr = hptr->h_map; 3216 if (__print2buf(buffer, mptr->service, COLONSEP) || 3217 __print2buf(buffer, mptr->orig, EQUALSEP)) 3218 goto strValueError; 3219 for (cpp = mptr->map; cpp && *cpp; cpp++) { 3220 /* print *cpp as "separator" */ 3221 sepstr = ""; 3222 if (cpp != mptr->map) 3223 sepstr = SPACESEP; 3224 if (__print2buf(buffer, sepstr, *cpp)) 3225 goto strValueError; 3226 } 3227 first = B_FALSE; 3228 } 3229 break; 3230 case OBJMAP: 3231 for (hptr = cfg->llHead; hptr; hptr = hptr->h_llnext) { 3232 if (hptr->h_type != NS_HASH_OMAP) { 3233 continue; 3234 } 3235 if (!first) { 3236 /* print abuf as "separator" */ 3237 if (fmt == NS_DOOR_FMT) { 3238 if (__print2buf(buffer, DOORLINESEP, 3239 abuf)) 3240 goto strValueError; 3241 } else { 3242 if (__print2buf(buffer, "\n", abuf)) 3243 goto strValueError; 3244 } 3245 } 3246 mptr = hptr->h_map; 3247 if (__print2buf(buffer, mptr->service, COLONSEP) || 3248 __print2buf(buffer, mptr->orig, EQUALSEP)) 3249 goto strValueError; 3250 for (cpp = mptr->map; cpp && *cpp; cpp++) { 3251 /* print *cpp as "separator" */ 3252 sepstr = ""; 3253 if (cpp != mptr->map) 3254 sepstr = SPACESEP; 3255 if (__print2buf(buffer, sepstr, *cpp)) 3256 goto strValueError; 3257 } 3258 first = B_FALSE; 3259 } 3260 break; 3261 } 3262 3263 retstring = buffer->str; 3264 return (retstring); 3265 3266 strValueError: 3267 if (buffer->len > 0) 3268 free(buffer->str); 3269 return (NULL); 3270 } 3271 3272 /* shared by __door_getldapconfig() and __door_getadmincred() */ 3273 int 3274 __door_getconf(char **buffer, int *buflen, ns_ldap_error_t **error, 3275 int callnumber) 3276 { 3277 typedef union { 3278 ldap_data_t s_d; 3279 char s_b[DOORBUFFERSIZE]; 3280 } space_t; 3281 space_t *space; 3282 3283 ldap_data_t *sptr; 3284 int ndata; 3285 int adata; 3286 char errstr[MAXERROR]; 3287 char *domainname; 3288 ns_ldap_return_code retCode; 3289 ldap_config_out_t *cfghdr; 3290 3291 *error = NULL; 3292 3293 domainname = __getdomainname(); 3294 if (domainname == NULL || buffer == NULL || buflen == NULL || 3295 (strlen(domainname) >= (sizeof (space_t) 3296 - sizeof (space->s_d.ldap_call.ldap_callnumber)))) { 3297 return (NS_LDAP_OP_FAILED); 3298 } 3299 3300 space = (space_t *)calloc(1, sizeof (space_t)); 3301 if (space == NULL) 3302 return (NS_LDAP_MEMORY); 3303 3304 adata = (sizeof (ldap_call_t) + strlen(domainname) +1); 3305 ndata = sizeof (space_t); 3306 space->s_d.ldap_call.ldap_callnumber = callnumber; 3307 (void) strcpy(space->s_d.ldap_call.ldap_u.domainname, domainname); 3308 free(domainname); 3309 domainname = NULL; 3310 sptr = &space->s_d; 3311 3312 switch (__ns_ldap_trydoorcall(&sptr, &ndata, &adata)) { 3313 case NS_CACHE_SUCCESS: 3314 break; 3315 case NS_CACHE_NOTFOUND: 3316 (void) snprintf(errstr, sizeof (errstr), 3317 gettext("Door call to " 3318 "ldap_cachemgr failed - error: %d."), 3319 space->s_d.ldap_ret.ldap_errno); 3320 MKERROR(LOG_WARNING, *error, NS_CONFIG_CACHEMGR, 3321 strdup(errstr), NULL); 3322 free(space); 3323 return (NS_LDAP_OP_FAILED); 3324 default: 3325 free(space); 3326 return (NS_LDAP_OP_FAILED); 3327 } 3328 3329 retCode = NS_LDAP_SUCCESS; 3330 3331 /* copy info from door call to buffer here */ 3332 cfghdr = &sptr->ldap_ret.ldap_u.config_str; 3333 *buflen = offsetof(ldap_config_out_t, config_str) + 3334 cfghdr->data_size + 1; 3335 *buffer = calloc(*buflen, sizeof (char)); 3336 if (*buffer == NULL) { 3337 retCode = NS_LDAP_MEMORY; 3338 } else 3339 (void) memcpy(*buffer, cfghdr, *buflen - 1); 3340 3341 if (sptr != &space->s_d) { 3342 (void) munmap((char *)sptr, ndata); 3343 } 3344 free(space); 3345 3346 return (retCode); 3347 } 3348 3349 static int 3350 __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error) 3351 { 3352 return (__door_getconf(buffer, buflen, error, GETLDAPCONFIGV1)); 3353 } 3354 3355 /* 3356 * SetDoorInfoToUnixCred parses ldapcachemgr configuration information 3357 * for Admin credentials. 3358 */ 3359 int 3360 SetDoorInfoToUnixCred(char *buffer, ns_ldap_error_t **errorp, 3361 UnixCred_t **cred) 3362 { 3363 UnixCred_t *ptr; 3364 char errstr[MAXERROR]; 3365 char *name, *value, valbuf[BUFSIZE]; 3366 char *bufptr = buffer; 3367 char *strptr; 3368 char *rest; 3369 ParamIndexType index = 0; 3370 ldap_config_out_t *cfghdr; 3371 3372 if (errorp == NULL || cred == NULL || *cred == NULL) 3373 return (NS_LDAP_INVALID_PARAM); 3374 *errorp = NULL; 3375 3376 ptr = *cred; 3377 3378 cfghdr = (ldap_config_out_t *)bufptr; 3379 bufptr = (char *)cfghdr->config_str; 3380 3381 strptr = (char *)strtok_r(bufptr, DOORLINESEP, &rest); 3382 for (; ; ) { 3383 if (strptr == NULL) 3384 break; 3385 (void) strlcpy(valbuf, strptr, sizeof (valbuf)); 3386 __s_api_split_key_value(valbuf, &name, &value); 3387 if (__ns_ldap_getParamType(name, &index) != 0) { 3388 (void) snprintf(errstr, MAXERROR, 3389 gettext("SetDoorInfoToUnixCred: " 3390 "Unknown keyword encountered '%s'."), name); 3391 MKERROR(LOG_ERR, *errorp, NS_CONFIG_SYNTAX, 3392 strdup(errstr), NULL); 3393 return (NS_LDAP_CONFIG); 3394 } 3395 switch (index) { 3396 case NS_LDAP_ADMIN_BINDDN_P: 3397 ptr->userID = (char *)strdup(value); 3398 break; 3399 case NS_LDAP_ADMIN_BINDPASSWD_P: 3400 ptr->passwd = (char *)strdup(value); 3401 break; 3402 default: 3403 (void) snprintf(errstr, MAXERROR, 3404 gettext("SetDoorInfoToUnixCred: " 3405 "Unknown index encountered '%d'."), index); 3406 MKERROR(LOG_ERR, *errorp, NS_CONFIG_SYNTAX, 3407 strdup(errstr), NULL); 3408 return (NS_LDAP_CONFIG); 3409 } 3410 strptr = (char *)strtok_r(NULL, DOORLINESEP, &rest); 3411 } 3412 3413 return (NS_LDAP_SUCCESS); 3414 } 3415 3416 /* 3417 * SetDoorInfo parses ldapcachemgr configuration information 3418 * and verifies that the profile is version 1 or version 2 based. 3419 * version 2 profiles must have a version number as the first profile 3420 * attribute in the configuration. 3421 */ 3422 static ns_config_t * 3423 SetDoorInfo(char *buffer, ns_ldap_error_t **errorp) 3424 { 3425 ns_config_t *ptr; 3426 char errstr[MAXERROR], errbuf[MAXERROR]; 3427 char *name, *value, valbuf[BUFSIZE]; 3428 char *strptr; 3429 char *rest; 3430 char *bufptr = buffer; 3431 ParamIndexType i; 3432 int ret; 3433 int first = 1; 3434 int errfnd = 0; 3435 ldap_config_out_t *cfghdr; 3436 3437 if (errorp == NULL) 3438 return (NULL); 3439 *errorp = NULL; 3440 3441 ptr = __s_api_create_config(); 3442 if (ptr == NULL) { 3443 return (NULL); 3444 } 3445 3446 /* get config cookie from the header */ 3447 cfghdr = (ldap_config_out_t *)bufptr; 3448 ptr->config_cookie = cfghdr->cookie; 3449 bufptr = (char *)cfghdr->config_str; 3450 3451 strptr = (char *)strtok_r(bufptr, DOORLINESEP, &rest); 3452 for (; ; ) { 3453 if (strptr == NULL) 3454 break; 3455 (void) strlcpy(valbuf, strptr, sizeof (valbuf)); 3456 __s_api_split_key_value(valbuf, &name, &value); 3457 /* Use get_versiontype and check for V1 vs V2 prototypes */ 3458 if (__s_api_get_versiontype(ptr, name, &i) < 0) { 3459 (void) snprintf(errstr, sizeof (errstr), 3460 "%s (%s)\n", 3461 gettext("Illegal profile entry " 3462 "line in configuration."), 3463 name); 3464 errfnd++; 3465 /* Write verify routines and get rid of verify_value here */ 3466 } else if (verify_value(ptr, name, 3467 value, errbuf) != NS_SUCCESS) { 3468 (void) snprintf(errstr, sizeof (errstr), 3469 gettext("%s\n"), errbuf); 3470 errfnd++; 3471 } else if (!first && i == NS_LDAP_FILE_VERSION_P) { 3472 (void) snprintf(errstr, sizeof (errstr), 3473 gettext("Illegal NS_LDAP_FILE_VERSION " 3474 "line in configuration.\n")); 3475 errfnd++; 3476 } 3477 if (errfnd) { 3478 MKERROR(LOG_ERR, *errorp, NS_CONFIG_SYNTAX, 3479 strdup(errstr), NULL); 3480 } else { 3481 ret = set_default_value(ptr, name, value, errorp); 3482 } 3483 if (errfnd || ret != NS_SUCCESS) { 3484 __s_api_destroy_config(ptr); 3485 return (NULL); 3486 } 3487 first = 0; 3488 3489 strptr = (char *)strtok_r(NULL, DOORLINESEP, &rest); 3490 } 3491 3492 if (__s_api_crosscheck(ptr, errstr, B_TRUE) != NS_SUCCESS) { 3493 __s_api_destroy_config(ptr); 3494 MKERROR(LOG_WARNING, *errorp, NS_CONFIG_SYNTAX, strdup(errstr), 3495 NULL); 3496 return (NULL); 3497 } 3498 3499 return (ptr); 3500 } 3501 3502 static ns_config_t * 3503 LoadCacheConfiguration(ns_config_t *oldcfg, ns_ldap_error_t **error) 3504 { 3505 char *buffer = NULL; 3506 int buflen = 0; 3507 int ret; 3508 ns_config_t *cfg; 3509 ldap_config_out_t *cfghdr; 3510 ldap_get_chg_cookie_t old_cookie; 3511 ldap_get_chg_cookie_t new_cookie; 3512 3513 *error = NULL; 3514 ret = __door_getldapconfig(&buffer, &buflen, error); 3515 3516 if (ret != NS_LDAP_SUCCESS) { 3517 if (*error != NULL && (*error)->message != NULL) 3518 syslog(LOG_WARNING, "libsldap: %s", (*error)->message); 3519 return (NULL); 3520 } 3521 3522 /* No need to reload configuration if config cookie is the same */ 3523 cfghdr = (ldap_config_out_t *)buffer; 3524 new_cookie = cfghdr->cookie; 3525 if (oldcfg != NULL) 3526 old_cookie = oldcfg->config_cookie; 3527 3528 if (oldcfg != NULL && old_cookie.mgr_pid == new_cookie.mgr_pid && 3529 old_cookie.seq_num == new_cookie.seq_num) { 3530 free(buffer); 3531 return (oldcfg); 3532 } 3533 3534 /* now convert from door format */ 3535 cfg = SetDoorInfo(buffer, error); 3536 free(buffer); 3537 3538 if (cfg == NULL && *error != NULL && (*error)->message != NULL) 3539 syslog(LOG_WARNING, "libsldap: %s", (*error)->message); 3540 return (cfg); 3541 } 3542 3543 /* 3544 * converts the time string into seconds. The time string can be specified 3545 * using one of the following time units: 3546 * #s (# of seconds) 3547 * #m (# of minutes) 3548 * #h (# of hours) 3549 * #d (# of days) 3550 * #w (# of weeks) 3551 * NOTE: you can only specify one the above. No combination of the above 3552 * units is allowed. If no unit specified, it will default to "seconds". 3553 */ 3554 static time_t 3555 conv_time(char *s) 3556 { 3557 time_t t; 3558 char c; 3559 int l, m; 3560 long tot; 3561 3562 l = strlen(s); 3563 if (l == 0) 3564 return (0); 3565 c = s[--l]; 3566 m = 0; 3567 switch (c) { 3568 case 'w': /* weeks */ 3569 m = 604800; 3570 break; 3571 case 'd': /* days */ 3572 m = 86400; 3573 break; 3574 case 'h': /* hours */ 3575 m = 3600; 3576 break; 3577 case 'm': /* minutes */ 3578 m = 60; 3579 break; 3580 case 's': /* seconds */ 3581 m = 1; 3582 break; 3583 /* the default case is set to "second" */ 3584 } 3585 if (m != 0) 3586 s[l] = '\0'; 3587 else 3588 m = 1; 3589 errno = 0; 3590 tot = atol(s); 3591 if ((0 == tot) && (EINVAL == errno)) 3592 return (0); 3593 if (((LONG_MAX == tot) || (LONG_MIN == tot)) && (EINVAL == errno)) 3594 return (0); 3595 3596 tot = tot * m; 3597 t = (time_t)tot; 3598 return (t); 3599 } 3600 3601 3602 ns_auth_t * 3603 __s_api_AuthEnumtoStruct(const EnumAuthType_t i) 3604 { 3605 ns_auth_t *ap; 3606 3607 ap = (ns_auth_t *)calloc(1, sizeof (ns_auth_t)); 3608 if (ap == NULL) 3609 return (NULL); 3610 switch (i) { 3611 case NS_LDAP_EA_NONE: 3612 break; 3613 case NS_LDAP_EA_SIMPLE: 3614 ap->type = NS_LDAP_AUTH_SIMPLE; 3615 break; 3616 case NS_LDAP_EA_SASL_CRAM_MD5: 3617 ap->type = NS_LDAP_AUTH_SASL; 3618 ap->saslmech = NS_LDAP_SASL_CRAM_MD5; 3619 break; 3620 case NS_LDAP_EA_SASL_DIGEST_MD5: 3621 ap->type = NS_LDAP_AUTH_SASL; 3622 ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 3623 break; 3624 case NS_LDAP_EA_SASL_DIGEST_MD5_INT: 3625 ap->type = NS_LDAP_AUTH_SASL; 3626 ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 3627 ap->saslopt = NS_LDAP_SASLOPT_INT; 3628 break; 3629 case NS_LDAP_EA_SASL_DIGEST_MD5_CONF: 3630 ap->type = NS_LDAP_AUTH_SASL; 3631 ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 3632 ap->saslopt = NS_LDAP_SASLOPT_PRIV; 3633 break; 3634 case NS_LDAP_EA_SASL_EXTERNAL: 3635 ap->type = NS_LDAP_AUTH_SASL; 3636 ap->saslmech = NS_LDAP_SASL_EXTERNAL; 3637 break; 3638 case NS_LDAP_EA_SASL_GSSAPI: 3639 ap->type = NS_LDAP_AUTH_SASL; 3640 ap->saslmech = NS_LDAP_SASL_GSSAPI; 3641 ap->saslopt = NS_LDAP_SASLOPT_INT | 3642 NS_LDAP_SASLOPT_PRIV; 3643 break; 3644 case NS_LDAP_EA_TLS_NONE: 3645 ap->type = NS_LDAP_AUTH_TLS; 3646 ap->tlstype = NS_LDAP_TLS_NONE; 3647 break; 3648 case NS_LDAP_EA_TLS_SIMPLE: 3649 ap->type = NS_LDAP_AUTH_TLS; 3650 ap->tlstype = NS_LDAP_TLS_SIMPLE; 3651 break; 3652 case NS_LDAP_EA_TLS_SASL_CRAM_MD5: 3653 ap->type = NS_LDAP_AUTH_TLS; 3654 ap->tlstype = NS_LDAP_TLS_SASL; 3655 ap->saslmech = NS_LDAP_SASL_CRAM_MD5; 3656 break; 3657 case NS_LDAP_EA_TLS_SASL_DIGEST_MD5: 3658 ap->type = NS_LDAP_AUTH_TLS; 3659 ap->tlstype = NS_LDAP_TLS_SASL; 3660 ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 3661 break; 3662 case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT: 3663 ap->type = NS_LDAP_AUTH_TLS; 3664 ap->tlstype = NS_LDAP_TLS_SASL; 3665 ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 3666 ap->saslopt = NS_LDAP_SASLOPT_INT; 3667 break; 3668 case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF: 3669 ap->type = NS_LDAP_AUTH_TLS; 3670 ap->tlstype = NS_LDAP_TLS_SASL; 3671 ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 3672 ap->saslopt = NS_LDAP_SASLOPT_PRIV; 3673 break; 3674 case NS_LDAP_EA_TLS_SASL_EXTERNAL: 3675 ap->type = NS_LDAP_AUTH_TLS; 3676 ap->tlstype = NS_LDAP_TLS_SASL; 3677 ap->saslmech = NS_LDAP_SASL_EXTERNAL; 3678 break; 3679 default: 3680 /* should never get here */ 3681 free(ap); 3682 return (NULL); 3683 } 3684 return (ap); 3685 } 3686 3687 3688 /* 3689 * Parameter Index Type validation routines 3690 */ 3691 3692 /* Validate a positive integer */ 3693 /* Size of errbuf needs to be MAXERROR */ 3694 /* ARGSUSED */ 3695 static int 3696 __s_val_postime(ParamIndexType i, ns_default_config *def, 3697 ns_param_t *param, char *errbuf) 3698 { 3699 char *cp; 3700 long tot; 3701 3702 if (param && param->ns_ptype == CHARPTR && param->ns_pc) { 3703 for (cp = param->ns_pc; cp && *cp; cp++) { 3704 if (*cp >= '0' && *cp <= '9') 3705 continue; 3706 switch (*cp) { 3707 case 'w': /* weeks */ 3708 case 'd': /* days */ 3709 case 'h': /* hours */ 3710 case 'm': /* minutes */ 3711 case 's': /* seconds */ 3712 if (*(cp+1) == '\0') { 3713 break; 3714 } 3715 /* FALLTHROUGH */ 3716 default: 3717 (void) strcpy(errbuf, "Illegal time value"); 3718 return (NS_PARSE_ERR); 3719 } 3720 } 3721 /* Valid form: [0-9][0-9]*[wdhms]* */ 3722 tot = atol(param->ns_pc); /* check overflow */ 3723 if (tot >= 0) 3724 return (NS_SUCCESS); 3725 } 3726 (void) snprintf(errbuf, MAXERROR, 3727 gettext("Illegal time value in %s"), def->name); 3728 return (NS_PARSE_ERR); 3729 } 3730 3731 3732 /* Validate the Base DN */ 3733 /* It can be empty (RootDSE request) or needs to have an '=' */ 3734 /* Size of errbuf needs to be MAXERROR */ 3735 /* ARGSUSED */ 3736 static int 3737 __s_val_basedn(ParamIndexType i, ns_default_config *def, 3738 ns_param_t *param, char *errbuf) 3739 { 3740 if (param && param->ns_ptype == CHARPTR && 3741 i == NS_LDAP_SEARCH_BASEDN_P && 3742 ((param->ns_pc == NULL) || /* empty */ 3743 (*(param->ns_pc) == '\0') || /* empty */ 3744 (strchr(param->ns_pc, '=') != NULL))) /* '=' */ 3745 { 3746 return (NS_SUCCESS); 3747 } 3748 (void) snprintf(errbuf, MAXERROR, 3749 gettext("Non-existent or invalid DN in %s"), 3750 def->name); 3751 return (NS_PARSE_ERR); 3752 } 3753 3754 3755 /* Validate the serverList */ 3756 /* For each server in list, check if valid IP or hostname */ 3757 /* Size of errbuf needs to be MAXERROR */ 3758 /* ARGSUSED */ 3759 static int 3760 __s_val_serverList(ParamIndexType i, ns_default_config *def, 3761 ns_param_t *param, char *errbuf) 3762 { 3763 for (i = 0; i < param->ns_acnt; i++) { 3764 if ((__s_api_isipv4(param->ns_ppc[i])) || 3765 (__s_api_isipv6(param->ns_ppc[i])) || 3766 (__s_api_ishost(param->ns_ppc[i]))) { 3767 continue; 3768 } 3769 /* err */ 3770 (void) snprintf(errbuf, MAXERROR, 3771 gettext("Invalid server (%s) in %s"), 3772 param->ns_ppc[i], def->name); 3773 return (NS_PARSE_ERR); 3774 } 3775 3776 return (NS_SUCCESS); 3777 } 3778 3779 3780 /* Check for a BINDDN */ 3781 /* It can not be empty and needs to have an '=' */ 3782 /* Size of errbuf needs to be MAXERROR */ 3783 /* ARGSUSED */ 3784 static int 3785 __s_val_binddn(ParamIndexType i, ns_default_config *def, 3786 ns_param_t *param, char *errbuf) 3787 { 3788 char *dntype; 3789 3790 if (param && param->ns_ptype == CHARPTR && 3791 (i == NS_LDAP_BINDDN_P || i == NS_LDAP_ADMIN_BINDDN_P) && 3792 ((param->ns_pc == NULL) || 3793 ((*(param->ns_pc) != '\0') && 3794 (strchr(param->ns_pc, '=') != NULL)))) { 3795 return (NS_SUCCESS); 3796 } 3797 if (i == NS_LDAP_BINDDN_P) 3798 dntype = "proxy"; 3799 else 3800 dntype = "update"; 3801 (void) snprintf(errbuf, MAXERROR, 3802 gettext("NULL or invalid %s bind DN"), dntype); 3803 return (NS_PARSE_ERR); 3804 } 3805 3806 3807 /* Check for a BINDPASSWD */ 3808 /* The string can not be NULL or empty */ 3809 /* Size of errbuf needs to be MAXERROR */ 3810 /* ARGSUSED */ 3811 static int 3812 __s_val_bindpw(ParamIndexType i, ns_default_config *def, 3813 ns_param_t *param, char *errbuf) 3814 { 3815 char *pwtype; 3816 3817 if (param && param->ns_ptype == CHARPTR && 3818 (i == NS_LDAP_BINDPASSWD_P || i == NS_LDAP_ADMIN_BINDPASSWD_P) && 3819 ((param->ns_pc == NULL) || 3820 (*(param->ns_pc) != '\0'))) { 3821 return (NS_SUCCESS); 3822 } 3823 if (i == NS_LDAP_BINDPASSWD_P) 3824 pwtype = "proxy"; 3825 else 3826 pwtype = "admin"; 3827 (void) snprintf(errbuf, MAXERROR, 3828 gettext("NULL %s bind password"), pwtype); 3829 return (NS_PARSE_ERR); 3830 } 3831 3832 /* 3833 * __s_get_hostcertpath returns either the configured host certificate path 3834 * or, if none, the default host certificate path (/var/ldap). Note that this 3835 * does not use __ns_ldap_getParam because it may be called during connection 3836 * setup. This can fail due to insufficient memory. 3837 */ 3838 3839 char * 3840 __s_get_hostcertpath(void) 3841 { 3842 ns_config_t *cfg; 3843 ns_param_t *param; 3844 char *ret = NULL; 3845 3846 cfg = __s_api_get_default_config(); 3847 if (cfg != NULL) { 3848 param = &cfg->paramList[NS_LDAP_HOST_CERTPATH_P]; 3849 if (param->ns_ptype == CHARPTR) 3850 ret = strdup(param->ns_pc); 3851 __s_api_release_config(cfg); 3852 } 3853 if (ret == NULL) 3854 ret = strdup(NSLDAPDIRECTORY); 3855 return (ret); 3856 } 3857 3858 static void 3859 _free_config() 3860 { 3861 if (current_config != NULL) 3862 destroy_config(current_config); 3863 3864 current_config = NULL; 3865 } 3866