17c478bd9Sstevel@tonic-gate /* 2*7800901eSjbeck * Copyright (c) 2001-2007 Sendmail, Inc. and its suppliers. 37c478bd9Sstevel@tonic-gate * All rights reserved. 47c478bd9Sstevel@tonic-gate * 57c478bd9Sstevel@tonic-gate * By using this file, you agree to the terms and conditions set 67c478bd9Sstevel@tonic-gate * forth in the LICENSE file which can be found at the top level of 77c478bd9Sstevel@tonic-gate * the sendmail distribution. 87c478bd9Sstevel@tonic-gate */ 97c478bd9Sstevel@tonic-gate 107c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 117c478bd9Sstevel@tonic-gate 12058561cbSjbeck /* some "deprecated" calls are used, e.g., ldap_get_values() */ 13058561cbSjbeck #define LDAP_DEPRECATED 1 14058561cbSjbeck 157c478bd9Sstevel@tonic-gate #include <sm/gen.h> 16*7800901eSjbeck SM_RCSID("@(#)$Id: ldap.c,v 1.80 2007/10/12 00:19:44 ca Exp $") 177c478bd9Sstevel@tonic-gate 187c478bd9Sstevel@tonic-gate #if LDAPMAP 197c478bd9Sstevel@tonic-gate # include <sys/types.h> 207c478bd9Sstevel@tonic-gate # include <errno.h> 217c478bd9Sstevel@tonic-gate # include <setjmp.h> 227c478bd9Sstevel@tonic-gate # include <stdlib.h> 237c478bd9Sstevel@tonic-gate # include <unistd.h> 247c478bd9Sstevel@tonic-gate 257c478bd9Sstevel@tonic-gate # include <sm/bitops.h> 267c478bd9Sstevel@tonic-gate # include <sm/clock.h> 277c478bd9Sstevel@tonic-gate # include <sm/conf.h> 287c478bd9Sstevel@tonic-gate # include <sm/debug.h> 297c478bd9Sstevel@tonic-gate # include <sm/errstring.h> 307c478bd9Sstevel@tonic-gate # include <sm/ldap.h> 317c478bd9Sstevel@tonic-gate # include <sm/string.h> 327c478bd9Sstevel@tonic-gate # ifdef EX_OK 337c478bd9Sstevel@tonic-gate # undef EX_OK /* for SVr4.2 SMP */ 347c478bd9Sstevel@tonic-gate # endif /* EX_OK */ 357c478bd9Sstevel@tonic-gate # include <sm/sysexits.h> 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate SM_DEBUG_T SmLDAPTrace = SM_DEBUG_INITIALIZER("sm_trace_ldap", 387c478bd9Sstevel@tonic-gate "@(#)$Debug: sm_trace_ldap - trace LDAP operations $"); 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate static void ldaptimeout __P((int)); 417c478bd9Sstevel@tonic-gate static bool sm_ldap_has_objectclass __P((SM_LDAP_STRUCT *, LDAPMessage *, char *)); 427c478bd9Sstevel@tonic-gate static SM_LDAP_RECURSE_ENTRY *sm_ldap_add_recurse __P((SM_LDAP_RECURSE_LIST **, char *, int, SM_RPOOL_T *)); 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate /* 457c478bd9Sstevel@tonic-gate ** SM_LDAP_CLEAR -- set default values for SM_LDAP_STRUCT 467c478bd9Sstevel@tonic-gate ** 477c478bd9Sstevel@tonic-gate ** Parameters: 487c478bd9Sstevel@tonic-gate ** lmap -- pointer to SM_LDAP_STRUCT to clear 497c478bd9Sstevel@tonic-gate ** 507c478bd9Sstevel@tonic-gate ** Returns: 517c478bd9Sstevel@tonic-gate ** None. 527c478bd9Sstevel@tonic-gate ** 537c478bd9Sstevel@tonic-gate */ 547c478bd9Sstevel@tonic-gate 55445f2479Sjbeck #if _FFR_LDAP_VERSION 56445f2479Sjbeck # if defined(LDAP_VERSION_MAX) && _FFR_LDAP_VERSION > LDAP_VERSION_MAX 57445f2479Sjbeck ERROR FFR_LDAP_VERSION > _LDAP_VERSION_MAX 58445f2479Sjbeck # endif /* defined(LDAP_VERSION_MAX) && _FFR_LDAP_VERSION > LDAP_VERSION_MAX */ 59445f2479Sjbeck # if defined(LDAP_VERSION_MIN) && _FFR_LDAP_VERSION < LDAP_VERSION_MIN 60445f2479Sjbeck ERROR FFR_LDAP_VERSION < _LDAP_VERSION_MIN 61445f2479Sjbeck # endif /* defined(LDAP_VERSION_MIN) && _FFR_LDAP_VERSION < LDAP_VERSION_MIN */ 62445f2479Sjbeck # define SM_LDAP_VERSION_DEFAULT _FFR_LDAP_VERSION 63445f2479Sjbeck #else /* _FFR_LDAP_VERSION */ 64445f2479Sjbeck # define SM_LDAP_VERSION_DEFAULT 0 65445f2479Sjbeck #endif /* _FFR_LDAP_VERSION */ 66445f2479Sjbeck 677c478bd9Sstevel@tonic-gate void 687c478bd9Sstevel@tonic-gate sm_ldap_clear(lmap) 697c478bd9Sstevel@tonic-gate SM_LDAP_STRUCT *lmap; 707c478bd9Sstevel@tonic-gate { 717c478bd9Sstevel@tonic-gate if (lmap == NULL) 727c478bd9Sstevel@tonic-gate return; 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate lmap->ldap_host = NULL; 757c478bd9Sstevel@tonic-gate lmap->ldap_port = LDAP_PORT; 767c478bd9Sstevel@tonic-gate lmap->ldap_uri = NULL; 77445f2479Sjbeck lmap->ldap_version = SM_LDAP_VERSION_DEFAULT; 787c478bd9Sstevel@tonic-gate lmap->ldap_deref = LDAP_DEREF_NEVER; 797c478bd9Sstevel@tonic-gate lmap->ldap_timelimit = LDAP_NO_LIMIT; 807c478bd9Sstevel@tonic-gate lmap->ldap_sizelimit = LDAP_NO_LIMIT; 817c478bd9Sstevel@tonic-gate # ifdef LDAP_REFERRALS 827c478bd9Sstevel@tonic-gate lmap->ldap_options = LDAP_OPT_REFERRALS; 837c478bd9Sstevel@tonic-gate # else /* LDAP_REFERRALS */ 847c478bd9Sstevel@tonic-gate lmap->ldap_options = 0; 857c478bd9Sstevel@tonic-gate # endif /* LDAP_REFERRALS */ 867c478bd9Sstevel@tonic-gate lmap->ldap_attrsep = '\0'; 877c478bd9Sstevel@tonic-gate lmap->ldap_binddn = NULL; 887c478bd9Sstevel@tonic-gate lmap->ldap_secret = NULL; 897c478bd9Sstevel@tonic-gate lmap->ldap_method = LDAP_AUTH_SIMPLE; 907c478bd9Sstevel@tonic-gate lmap->ldap_base = NULL; 917c478bd9Sstevel@tonic-gate lmap->ldap_scope = LDAP_SCOPE_SUBTREE; 927c478bd9Sstevel@tonic-gate lmap->ldap_attrsonly = LDAPMAP_FALSE; 937c478bd9Sstevel@tonic-gate lmap->ldap_timeout.tv_sec = 0; 947c478bd9Sstevel@tonic-gate lmap->ldap_timeout.tv_usec = 0; 957c478bd9Sstevel@tonic-gate lmap->ldap_ld = NULL; 967c478bd9Sstevel@tonic-gate lmap->ldap_filter = NULL; 977c478bd9Sstevel@tonic-gate lmap->ldap_attr[0] = NULL; 987c478bd9Sstevel@tonic-gate lmap->ldap_attr_type[0] = SM_LDAP_ATTR_NONE; 997c478bd9Sstevel@tonic-gate lmap->ldap_attr_needobjclass[0] = NULL; 1007c478bd9Sstevel@tonic-gate lmap->ldap_res = NULL; 1017c478bd9Sstevel@tonic-gate lmap->ldap_next = NULL; 1027c478bd9Sstevel@tonic-gate lmap->ldap_pid = 0; 103058561cbSjbeck lmap->ldap_multi_args = false; 1047c478bd9Sstevel@tonic-gate } 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate /* 1077c478bd9Sstevel@tonic-gate ** SM_LDAP_START -- actually connect to an LDAP server 1087c478bd9Sstevel@tonic-gate ** 1097c478bd9Sstevel@tonic-gate ** Parameters: 1107c478bd9Sstevel@tonic-gate ** name -- name of map for debug output. 1117c478bd9Sstevel@tonic-gate ** lmap -- the LDAP map being opened. 1127c478bd9Sstevel@tonic-gate ** 1137c478bd9Sstevel@tonic-gate ** Returns: 1147c478bd9Sstevel@tonic-gate ** true if connection is successful, false otherwise. 1157c478bd9Sstevel@tonic-gate ** 1167c478bd9Sstevel@tonic-gate ** Side Effects: 1177c478bd9Sstevel@tonic-gate ** Populates lmap->ldap_ld. 1187c478bd9Sstevel@tonic-gate */ 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate static jmp_buf LDAPTimeout; 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate #define SM_LDAP_SETTIMEOUT(to) \ 1237c478bd9Sstevel@tonic-gate do \ 1247c478bd9Sstevel@tonic-gate { \ 1257c478bd9Sstevel@tonic-gate if (to != 0) \ 1267c478bd9Sstevel@tonic-gate { \ 1277c478bd9Sstevel@tonic-gate if (setjmp(LDAPTimeout) != 0) \ 1287c478bd9Sstevel@tonic-gate { \ 1297c478bd9Sstevel@tonic-gate errno = ETIMEDOUT; \ 1307c478bd9Sstevel@tonic-gate return false; \ 1317c478bd9Sstevel@tonic-gate } \ 1327c478bd9Sstevel@tonic-gate ev = sm_setevent(to, ldaptimeout, 0); \ 1337c478bd9Sstevel@tonic-gate } \ 1347c478bd9Sstevel@tonic-gate } while (0) 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate #define SM_LDAP_CLEARTIMEOUT() \ 1377c478bd9Sstevel@tonic-gate do \ 1387c478bd9Sstevel@tonic-gate { \ 1397c478bd9Sstevel@tonic-gate if (ev != NULL) \ 1407c478bd9Sstevel@tonic-gate sm_clrevent(ev); \ 1417c478bd9Sstevel@tonic-gate } while (0) 1427c478bd9Sstevel@tonic-gate 1437c478bd9Sstevel@tonic-gate bool 1447c478bd9Sstevel@tonic-gate sm_ldap_start(name, lmap) 1457c478bd9Sstevel@tonic-gate char *name; 1467c478bd9Sstevel@tonic-gate SM_LDAP_STRUCT *lmap; 1477c478bd9Sstevel@tonic-gate { 1487c478bd9Sstevel@tonic-gate int bind_result; 1497c478bd9Sstevel@tonic-gate int save_errno = 0; 1507c478bd9Sstevel@tonic-gate char *id; 1517c478bd9Sstevel@tonic-gate SM_EVENT *ev = NULL; 1527c478bd9Sstevel@tonic-gate LDAP *ld = NULL; 1537c478bd9Sstevel@tonic-gate 1547c478bd9Sstevel@tonic-gate if (sm_debug_active(&SmLDAPTrace, 2)) 1557c478bd9Sstevel@tonic-gate sm_dprintf("ldapmap_start(%s)\n", name == NULL ? "" : name); 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate if (lmap->ldap_host != NULL) 1587c478bd9Sstevel@tonic-gate id = lmap->ldap_host; 1597c478bd9Sstevel@tonic-gate else if (lmap->ldap_uri != NULL) 1607c478bd9Sstevel@tonic-gate id = lmap->ldap_uri; 1617c478bd9Sstevel@tonic-gate else 1627c478bd9Sstevel@tonic-gate id = "localhost"; 1637c478bd9Sstevel@tonic-gate 1647c478bd9Sstevel@tonic-gate if (sm_debug_active(&SmLDAPTrace, 9)) 1657c478bd9Sstevel@tonic-gate { 1667c478bd9Sstevel@tonic-gate /* Don't print a port number for LDAP URIs */ 1677c478bd9Sstevel@tonic-gate if (lmap->ldap_uri != NULL) 1687c478bd9Sstevel@tonic-gate sm_dprintf("ldapmap_start(%s)\n", id); 1697c478bd9Sstevel@tonic-gate else 1707c478bd9Sstevel@tonic-gate sm_dprintf("ldapmap_start(%s, %d)\n", id, 1717c478bd9Sstevel@tonic-gate lmap->ldap_port); 1727c478bd9Sstevel@tonic-gate } 1737c478bd9Sstevel@tonic-gate 1747c478bd9Sstevel@tonic-gate if (lmap->ldap_uri != NULL) 1757c478bd9Sstevel@tonic-gate { 1767c478bd9Sstevel@tonic-gate #if SM_CONF_LDAP_INITIALIZE 1777c478bd9Sstevel@tonic-gate /* LDAP server supports URIs so use them directly */ 1787c478bd9Sstevel@tonic-gate save_errno = ldap_initialize(&ld, lmap->ldap_uri); 1797c478bd9Sstevel@tonic-gate #else /* SM_CONF_LDAP_INITIALIZE */ 1807c478bd9Sstevel@tonic-gate int err; 1817c478bd9Sstevel@tonic-gate LDAPURLDesc *ludp = NULL; 1827c478bd9Sstevel@tonic-gate 1837c478bd9Sstevel@tonic-gate /* Blast apart URL and use the ldap_init/ldap_open below */ 1847c478bd9Sstevel@tonic-gate err = ldap_url_parse(lmap->ldap_uri, &ludp); 1857c478bd9Sstevel@tonic-gate if (err != 0) 1867c478bd9Sstevel@tonic-gate { 1877c478bd9Sstevel@tonic-gate errno = err + E_LDAPURLBASE; 1887c478bd9Sstevel@tonic-gate return false; 1897c478bd9Sstevel@tonic-gate } 1907c478bd9Sstevel@tonic-gate lmap->ldap_host = sm_strdup_x(ludp->lud_host); 1917c478bd9Sstevel@tonic-gate if (lmap->ldap_host == NULL) 1927c478bd9Sstevel@tonic-gate { 1937c478bd9Sstevel@tonic-gate save_errno = errno; 1947c478bd9Sstevel@tonic-gate ldap_free_urldesc(ludp); 1957c478bd9Sstevel@tonic-gate errno = save_errno; 1967c478bd9Sstevel@tonic-gate return false; 1977c478bd9Sstevel@tonic-gate } 1987c478bd9Sstevel@tonic-gate lmap->ldap_port = ludp->lud_port; 1997c478bd9Sstevel@tonic-gate ldap_free_urldesc(ludp); 2007c478bd9Sstevel@tonic-gate #endif /* SM_CONF_LDAP_INITIALIZE */ 2017c478bd9Sstevel@tonic-gate } 2027c478bd9Sstevel@tonic-gate 2037c478bd9Sstevel@tonic-gate if (ld == NULL) 2047c478bd9Sstevel@tonic-gate { 2057c478bd9Sstevel@tonic-gate # if USE_LDAP_INIT 2067c478bd9Sstevel@tonic-gate ld = ldap_init(lmap->ldap_host, lmap->ldap_port); 2077c478bd9Sstevel@tonic-gate save_errno = errno; 2087c478bd9Sstevel@tonic-gate # else /* USE_LDAP_INIT */ 2097c478bd9Sstevel@tonic-gate /* 2107c478bd9Sstevel@tonic-gate ** If using ldap_open(), the actual connection to the server 2117c478bd9Sstevel@tonic-gate ** happens now so we need the timeout here. For ldap_init(), 2127c478bd9Sstevel@tonic-gate ** the connection happens at bind time. 2137c478bd9Sstevel@tonic-gate */ 2147c478bd9Sstevel@tonic-gate 2157c478bd9Sstevel@tonic-gate SM_LDAP_SETTIMEOUT(lmap->ldap_timeout.tv_sec); 2167c478bd9Sstevel@tonic-gate ld = ldap_open(lmap->ldap_host, lmap->ldap_port); 2177c478bd9Sstevel@tonic-gate save_errno = errno; 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate /* clear the event if it has not sprung */ 2207c478bd9Sstevel@tonic-gate SM_LDAP_CLEARTIMEOUT(); 2217c478bd9Sstevel@tonic-gate # endif /* USE_LDAP_INIT */ 2227c478bd9Sstevel@tonic-gate } 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate errno = save_errno; 2257c478bd9Sstevel@tonic-gate if (ld == NULL) 2267c478bd9Sstevel@tonic-gate return false; 2277c478bd9Sstevel@tonic-gate 2287c478bd9Sstevel@tonic-gate sm_ldap_setopts(ld, lmap); 2297c478bd9Sstevel@tonic-gate 2307c478bd9Sstevel@tonic-gate # if USE_LDAP_INIT 2317c478bd9Sstevel@tonic-gate /* 2327c478bd9Sstevel@tonic-gate ** If using ldap_init(), the actual connection to the server 2337c478bd9Sstevel@tonic-gate ** happens at ldap_bind_s() so we need the timeout here. 2347c478bd9Sstevel@tonic-gate */ 2357c478bd9Sstevel@tonic-gate 2367c478bd9Sstevel@tonic-gate SM_LDAP_SETTIMEOUT(lmap->ldap_timeout.tv_sec); 2377c478bd9Sstevel@tonic-gate # endif /* USE_LDAP_INIT */ 2387c478bd9Sstevel@tonic-gate 2397c478bd9Sstevel@tonic-gate # ifdef LDAP_AUTH_KRBV4 2407c478bd9Sstevel@tonic-gate if (lmap->ldap_method == LDAP_AUTH_KRBV4 && 2417c478bd9Sstevel@tonic-gate lmap->ldap_secret != NULL) 2427c478bd9Sstevel@tonic-gate { 2437c478bd9Sstevel@tonic-gate /* 2447c478bd9Sstevel@tonic-gate ** Need to put ticket in environment here instead of 2457c478bd9Sstevel@tonic-gate ** during parseargs as there may be different tickets 2467c478bd9Sstevel@tonic-gate ** for different LDAP connections. 2477c478bd9Sstevel@tonic-gate */ 2487c478bd9Sstevel@tonic-gate 2497c478bd9Sstevel@tonic-gate (void) putenv(lmap->ldap_secret); 2507c478bd9Sstevel@tonic-gate } 2517c478bd9Sstevel@tonic-gate # endif /* LDAP_AUTH_KRBV4 */ 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate bind_result = ldap_bind_s(ld, lmap->ldap_binddn, 2547c478bd9Sstevel@tonic-gate lmap->ldap_secret, lmap->ldap_method); 2557c478bd9Sstevel@tonic-gate 2567c478bd9Sstevel@tonic-gate # if USE_LDAP_INIT 2577c478bd9Sstevel@tonic-gate /* clear the event if it has not sprung */ 2587c478bd9Sstevel@tonic-gate SM_LDAP_CLEARTIMEOUT(); 2597c478bd9Sstevel@tonic-gate # endif /* USE_LDAP_INIT */ 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate if (bind_result != LDAP_SUCCESS) 2627c478bd9Sstevel@tonic-gate { 2637c478bd9Sstevel@tonic-gate errno = bind_result + E_LDAPBASE; 2647c478bd9Sstevel@tonic-gate return false; 2657c478bd9Sstevel@tonic-gate } 2667c478bd9Sstevel@tonic-gate 2677c478bd9Sstevel@tonic-gate /* Save PID to make sure only this PID closes the LDAP connection */ 2687c478bd9Sstevel@tonic-gate lmap->ldap_pid = getpid(); 2697c478bd9Sstevel@tonic-gate lmap->ldap_ld = ld; 2707c478bd9Sstevel@tonic-gate return true; 2717c478bd9Sstevel@tonic-gate } 2727c478bd9Sstevel@tonic-gate 2737c478bd9Sstevel@tonic-gate /* ARGSUSED */ 2747c478bd9Sstevel@tonic-gate static void 2757c478bd9Sstevel@tonic-gate ldaptimeout(unused) 2767c478bd9Sstevel@tonic-gate int unused; 2777c478bd9Sstevel@tonic-gate { 2787c478bd9Sstevel@tonic-gate /* 2797c478bd9Sstevel@tonic-gate ** NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER. DO NOT ADD 2807c478bd9Sstevel@tonic-gate ** ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE 2817c478bd9Sstevel@tonic-gate ** DOING. 2827c478bd9Sstevel@tonic-gate */ 2837c478bd9Sstevel@tonic-gate 2847c478bd9Sstevel@tonic-gate errno = ETIMEDOUT; 2857c478bd9Sstevel@tonic-gate longjmp(LDAPTimeout, 1); 2867c478bd9Sstevel@tonic-gate } 2877c478bd9Sstevel@tonic-gate 2887c478bd9Sstevel@tonic-gate /* 289058561cbSjbeck ** SM_LDAP_SEARCH_M -- initiate multi-key LDAP search 2907c478bd9Sstevel@tonic-gate ** 2917c478bd9Sstevel@tonic-gate ** Initiate an LDAP search, return the msgid. 2927c478bd9Sstevel@tonic-gate ** The calling function must collect the results. 2937c478bd9Sstevel@tonic-gate ** 2947c478bd9Sstevel@tonic-gate ** Parameters: 2957c478bd9Sstevel@tonic-gate ** lmap -- LDAP map information 296058561cbSjbeck ** argv -- key vector of substitutions in LDAP filter 297058561cbSjbeck ** NOTE: argv must have SM_LDAP_ARGS elements to prevent 298058561cbSjbeck ** out of bound array references 2997c478bd9Sstevel@tonic-gate ** 3007c478bd9Sstevel@tonic-gate ** Returns: 301058561cbSjbeck ** <0 on failure (SM_LDAP_ERR*), msgid on success 3027c478bd9Sstevel@tonic-gate ** 3037c478bd9Sstevel@tonic-gate */ 3047c478bd9Sstevel@tonic-gate 3057c478bd9Sstevel@tonic-gate int 306058561cbSjbeck sm_ldap_search_m(lmap, argv) 3077c478bd9Sstevel@tonic-gate SM_LDAP_STRUCT *lmap; 308058561cbSjbeck char **argv; 3097c478bd9Sstevel@tonic-gate { 3107c478bd9Sstevel@tonic-gate int msgid; 3117c478bd9Sstevel@tonic-gate char *fp, *p, *q; 3127c478bd9Sstevel@tonic-gate char filter[LDAPMAP_MAX_FILTER + 1]; 3137c478bd9Sstevel@tonic-gate 314058561cbSjbeck SM_REQUIRE(lmap != NULL); 315058561cbSjbeck SM_REQUIRE(argv != NULL); 316058561cbSjbeck SM_REQUIRE(argv[0] != NULL); 317058561cbSjbeck 3187c478bd9Sstevel@tonic-gate memset(filter, '\0', sizeof filter); 3197c478bd9Sstevel@tonic-gate fp = filter; 3207c478bd9Sstevel@tonic-gate p = lmap->ldap_filter; 3217c478bd9Sstevel@tonic-gate while ((q = strchr(p, '%')) != NULL) 3227c478bd9Sstevel@tonic-gate { 323058561cbSjbeck char *key; 324058561cbSjbeck 325058561cbSjbeck if (lmap->ldap_multi_args) 326058561cbSjbeck { 327058561cbSjbeck #if SM_LDAP_ARGS < 10 328058561cbSjbeck # ERROR _SM_LDAP_ARGS must be 10 329058561cbSjbeck #endif /* SM_LDAP_ARGS < 10 */ 330058561cbSjbeck if (q[1] == 's') 331058561cbSjbeck key = argv[0]; 332058561cbSjbeck else if (q[1] >= '0' && q[1] <= '9') 333058561cbSjbeck { 334058561cbSjbeck key = argv[q[1] - '0']; 335058561cbSjbeck if (key == NULL) 336058561cbSjbeck { 337058561cbSjbeck # if SM_LDAP_ERROR_ON_MISSING_ARGS 338058561cbSjbeck return SM_LDAP_ERR_ARG_MISS; 339058561cbSjbeck # else /* SM_LDAP_ERROR_ON_MISSING_ARGS */ 340058561cbSjbeck key = ""; 341058561cbSjbeck # endif /* SM_LDAP_ERROR_ON_MISSING_ARGS */ 342058561cbSjbeck } 343058561cbSjbeck } 344058561cbSjbeck else 345058561cbSjbeck key = NULL; 346058561cbSjbeck } 347058561cbSjbeck else 348058561cbSjbeck key = argv[0]; 349058561cbSjbeck 3507c478bd9Sstevel@tonic-gate if (q[1] == 's') 3517c478bd9Sstevel@tonic-gate { 3527c478bd9Sstevel@tonic-gate (void) sm_snprintf(fp, SPACELEFT(filter, fp), 3537c478bd9Sstevel@tonic-gate "%.*s%s", (int) (q - p), p, key); 3547c478bd9Sstevel@tonic-gate fp += strlen(fp); 3557c478bd9Sstevel@tonic-gate p = q + 2; 3567c478bd9Sstevel@tonic-gate } 357058561cbSjbeck else if (q[1] == '0' || 358058561cbSjbeck (lmap->ldap_multi_args && q[1] >= '0' && q[1] <= '9')) 3597c478bd9Sstevel@tonic-gate { 3607c478bd9Sstevel@tonic-gate char *k = key; 3617c478bd9Sstevel@tonic-gate 3627c478bd9Sstevel@tonic-gate (void) sm_snprintf(fp, SPACELEFT(filter, fp), 3637c478bd9Sstevel@tonic-gate "%.*s", (int) (q - p), p); 3647c478bd9Sstevel@tonic-gate fp += strlen(fp); 3657c478bd9Sstevel@tonic-gate p = q + 2; 3667c478bd9Sstevel@tonic-gate 3677c478bd9Sstevel@tonic-gate /* Properly escape LDAP special characters */ 3687c478bd9Sstevel@tonic-gate while (SPACELEFT(filter, fp) > 0 && 3697c478bd9Sstevel@tonic-gate *k != '\0') 3707c478bd9Sstevel@tonic-gate { 3717c478bd9Sstevel@tonic-gate if (*k == '*' || *k == '(' || 3727c478bd9Sstevel@tonic-gate *k == ')' || *k == '\\') 3737c478bd9Sstevel@tonic-gate { 3747c478bd9Sstevel@tonic-gate (void) sm_strlcat(fp, 3757c478bd9Sstevel@tonic-gate (*k == '*' ? "\\2A" : 3767c478bd9Sstevel@tonic-gate (*k == '(' ? "\\28" : 3777c478bd9Sstevel@tonic-gate (*k == ')' ? "\\29" : 3787c478bd9Sstevel@tonic-gate (*k == '\\' ? "\\5C" : 3797c478bd9Sstevel@tonic-gate "\00")))), 3807c478bd9Sstevel@tonic-gate SPACELEFT(filter, fp)); 3817c478bd9Sstevel@tonic-gate fp += strlen(fp); 3827c478bd9Sstevel@tonic-gate k++; 3837c478bd9Sstevel@tonic-gate } 3847c478bd9Sstevel@tonic-gate else 3857c478bd9Sstevel@tonic-gate *fp++ = *k++; 3867c478bd9Sstevel@tonic-gate } 3877c478bd9Sstevel@tonic-gate } 3887c478bd9Sstevel@tonic-gate else 3897c478bd9Sstevel@tonic-gate { 3907c478bd9Sstevel@tonic-gate (void) sm_snprintf(fp, SPACELEFT(filter, fp), 3917c478bd9Sstevel@tonic-gate "%.*s", (int) (q - p + 1), p); 3927c478bd9Sstevel@tonic-gate p = q + (q[1] == '%' ? 2 : 1); 3937c478bd9Sstevel@tonic-gate fp += strlen(fp); 3947c478bd9Sstevel@tonic-gate } 3957c478bd9Sstevel@tonic-gate } 3967c478bd9Sstevel@tonic-gate (void) sm_strlcpy(fp, p, SPACELEFT(filter, fp)); 3977c478bd9Sstevel@tonic-gate if (sm_debug_active(&SmLDAPTrace, 20)) 3987c478bd9Sstevel@tonic-gate sm_dprintf("ldap search filter=%s\n", filter); 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate lmap->ldap_res = NULL; 4017c478bd9Sstevel@tonic-gate msgid = ldap_search(lmap->ldap_ld, lmap->ldap_base, 4027c478bd9Sstevel@tonic-gate lmap->ldap_scope, filter, 4037c478bd9Sstevel@tonic-gate (lmap->ldap_attr[0] == NULL ? NULL : 4047c478bd9Sstevel@tonic-gate lmap->ldap_attr), 4057c478bd9Sstevel@tonic-gate lmap->ldap_attrsonly); 4067c478bd9Sstevel@tonic-gate return msgid; 4077c478bd9Sstevel@tonic-gate } 4087c478bd9Sstevel@tonic-gate 4097c478bd9Sstevel@tonic-gate /* 410058561cbSjbeck ** SM_LDAP_SEARCH -- initiate LDAP search 411058561cbSjbeck ** 412058561cbSjbeck ** Initiate an LDAP search, return the msgid. 413058561cbSjbeck ** The calling function must collect the results. 414058561cbSjbeck ** Note this is just a wrapper into sm_ldap_search_m() 415058561cbSjbeck ** 416058561cbSjbeck ** Parameters: 417058561cbSjbeck ** lmap -- LDAP map information 418058561cbSjbeck ** key -- key to substitute in LDAP filter 419058561cbSjbeck ** 420058561cbSjbeck ** Returns: 421058561cbSjbeck ** <0 on failure, msgid on success 422058561cbSjbeck ** 423058561cbSjbeck */ 424058561cbSjbeck 425058561cbSjbeck int 426058561cbSjbeck sm_ldap_search(lmap, key) 427058561cbSjbeck SM_LDAP_STRUCT *lmap; 428058561cbSjbeck char *key; 429058561cbSjbeck { 430058561cbSjbeck char *argv[SM_LDAP_ARGS]; 431058561cbSjbeck 432058561cbSjbeck memset(argv, '\0', sizeof argv); 433058561cbSjbeck argv[0] = key; 434058561cbSjbeck return sm_ldap_search_m(lmap, argv); 435058561cbSjbeck } 436058561cbSjbeck 437058561cbSjbeck /* 4387c478bd9Sstevel@tonic-gate ** SM_LDAP_HAS_OBJECTCLASS -- determine if an LDAP entry is part of a 4397c478bd9Sstevel@tonic-gate ** particular objectClass 4407c478bd9Sstevel@tonic-gate ** 4417c478bd9Sstevel@tonic-gate ** Parameters: 4427c478bd9Sstevel@tonic-gate ** lmap -- pointer to SM_LDAP_STRUCT in use 4437c478bd9Sstevel@tonic-gate ** entry -- current LDAP entry struct 4447c478bd9Sstevel@tonic-gate ** ocvalue -- particular objectclass in question. 4457c478bd9Sstevel@tonic-gate ** may be of form (fee|foo|fum) meaning 4467c478bd9Sstevel@tonic-gate ** any entry can be part of either fee, 4477c478bd9Sstevel@tonic-gate ** foo or fum objectclass 4487c478bd9Sstevel@tonic-gate ** 4497c478bd9Sstevel@tonic-gate ** Returns: 4507c478bd9Sstevel@tonic-gate ** true if item has that objectClass 4517c478bd9Sstevel@tonic-gate */ 4527c478bd9Sstevel@tonic-gate 4537c478bd9Sstevel@tonic-gate static bool 4547c478bd9Sstevel@tonic-gate sm_ldap_has_objectclass(lmap, entry, ocvalue) 4557c478bd9Sstevel@tonic-gate SM_LDAP_STRUCT *lmap; 4567c478bd9Sstevel@tonic-gate LDAPMessage *entry; 4577c478bd9Sstevel@tonic-gate char *ocvalue; 4587c478bd9Sstevel@tonic-gate { 4597c478bd9Sstevel@tonic-gate char **vals = NULL; 4607c478bd9Sstevel@tonic-gate int i; 4617c478bd9Sstevel@tonic-gate 4627c478bd9Sstevel@tonic-gate if (ocvalue == NULL) 4637c478bd9Sstevel@tonic-gate return false; 4647c478bd9Sstevel@tonic-gate 4657c478bd9Sstevel@tonic-gate vals = ldap_get_values(lmap->ldap_ld, entry, "objectClass"); 4667c478bd9Sstevel@tonic-gate if (vals == NULL) 4677c478bd9Sstevel@tonic-gate return false; 4687c478bd9Sstevel@tonic-gate 4697c478bd9Sstevel@tonic-gate for (i = 0; vals[i] != NULL; i++) 4707c478bd9Sstevel@tonic-gate { 4717c478bd9Sstevel@tonic-gate char *p; 4727c478bd9Sstevel@tonic-gate char *q; 4737c478bd9Sstevel@tonic-gate 4747c478bd9Sstevel@tonic-gate p = q = ocvalue; 4757c478bd9Sstevel@tonic-gate while (*p != '\0') 4767c478bd9Sstevel@tonic-gate { 4777c478bd9Sstevel@tonic-gate while (*p != '\0' && *p != '|') 4787c478bd9Sstevel@tonic-gate p++; 4797c478bd9Sstevel@tonic-gate 4807c478bd9Sstevel@tonic-gate if ((p - q) == strlen(vals[i]) && 4817c478bd9Sstevel@tonic-gate sm_strncasecmp(vals[i], q, p - q) == 0) 4827c478bd9Sstevel@tonic-gate { 4837c478bd9Sstevel@tonic-gate ldap_value_free(vals); 4847c478bd9Sstevel@tonic-gate return true; 4857c478bd9Sstevel@tonic-gate } 4867c478bd9Sstevel@tonic-gate 4877c478bd9Sstevel@tonic-gate while (*p == '|') 4887c478bd9Sstevel@tonic-gate p++; 4897c478bd9Sstevel@tonic-gate q = p; 4907c478bd9Sstevel@tonic-gate } 4917c478bd9Sstevel@tonic-gate } 4927c478bd9Sstevel@tonic-gate 4937c478bd9Sstevel@tonic-gate ldap_value_free(vals); 4947c478bd9Sstevel@tonic-gate return false; 4957c478bd9Sstevel@tonic-gate } 4967c478bd9Sstevel@tonic-gate 4977c478bd9Sstevel@tonic-gate /* 4987c478bd9Sstevel@tonic-gate ** SM_LDAP_RESULTS -- return results from an LDAP lookup in result 4997c478bd9Sstevel@tonic-gate ** 5007c478bd9Sstevel@tonic-gate ** Parameters: 5017c478bd9Sstevel@tonic-gate ** lmap -- pointer to SM_LDAP_STRUCT in use 5027c478bd9Sstevel@tonic-gate ** msgid -- msgid returned by sm_ldap_search() 5037c478bd9Sstevel@tonic-gate ** flags -- flags for the lookup 5047c478bd9Sstevel@tonic-gate ** delim -- delimiter for result concatenation 5057c478bd9Sstevel@tonic-gate ** rpool -- memory pool for storage 5067c478bd9Sstevel@tonic-gate ** result -- return string 5077c478bd9Sstevel@tonic-gate ** recurse -- recursion list 5087c478bd9Sstevel@tonic-gate ** 5097c478bd9Sstevel@tonic-gate ** Returns: 5107c478bd9Sstevel@tonic-gate ** status (sysexit) 5117c478bd9Sstevel@tonic-gate */ 5127c478bd9Sstevel@tonic-gate 5137c478bd9Sstevel@tonic-gate # define SM_LDAP_ERROR_CLEANUP() \ 5147c478bd9Sstevel@tonic-gate { \ 5157c478bd9Sstevel@tonic-gate if (lmap->ldap_res != NULL) \ 5167c478bd9Sstevel@tonic-gate { \ 5177c478bd9Sstevel@tonic-gate ldap_msgfree(lmap->ldap_res); \ 5187c478bd9Sstevel@tonic-gate lmap->ldap_res = NULL; \ 5197c478bd9Sstevel@tonic-gate } \ 5207c478bd9Sstevel@tonic-gate (void) ldap_abandon(lmap->ldap_ld, msgid); \ 5217c478bd9Sstevel@tonic-gate } 5227c478bd9Sstevel@tonic-gate 5237c478bd9Sstevel@tonic-gate static SM_LDAP_RECURSE_ENTRY * 5247c478bd9Sstevel@tonic-gate sm_ldap_add_recurse(top, item, type, rpool) 5257c478bd9Sstevel@tonic-gate SM_LDAP_RECURSE_LIST **top; 5267c478bd9Sstevel@tonic-gate char *item; 5277c478bd9Sstevel@tonic-gate int type; 5287c478bd9Sstevel@tonic-gate SM_RPOOL_T *rpool; 5297c478bd9Sstevel@tonic-gate { 5307c478bd9Sstevel@tonic-gate int n; 5317c478bd9Sstevel@tonic-gate int m; 5327c478bd9Sstevel@tonic-gate int p; 5337c478bd9Sstevel@tonic-gate int insertat; 5347c478bd9Sstevel@tonic-gate int moveb; 5357c478bd9Sstevel@tonic-gate int oldsizeb; 5367c478bd9Sstevel@tonic-gate int rc; 5377c478bd9Sstevel@tonic-gate SM_LDAP_RECURSE_ENTRY *newe; 5387c478bd9Sstevel@tonic-gate SM_LDAP_RECURSE_ENTRY **olddata; 5397c478bd9Sstevel@tonic-gate 5407c478bd9Sstevel@tonic-gate /* 5417c478bd9Sstevel@tonic-gate ** This code will maintain a list of 5427c478bd9Sstevel@tonic-gate ** SM_LDAP_RECURSE_ENTRY structures 5437c478bd9Sstevel@tonic-gate ** in ascending order. 5447c478bd9Sstevel@tonic-gate */ 5457c478bd9Sstevel@tonic-gate 5467c478bd9Sstevel@tonic-gate if (*top == NULL) 5477c478bd9Sstevel@tonic-gate { 5487c478bd9Sstevel@tonic-gate /* Allocate an initial SM_LDAP_RECURSE_LIST struct */ 5497c478bd9Sstevel@tonic-gate *top = sm_rpool_malloc_x(rpool, sizeof **top); 550058561cbSjbeck (*top)->lrl_cnt = 0; 551058561cbSjbeck (*top)->lrl_size = 0; 552058561cbSjbeck (*top)->lrl_data = NULL; 5537c478bd9Sstevel@tonic-gate } 5547c478bd9Sstevel@tonic-gate 555058561cbSjbeck if ((*top)->lrl_cnt >= (*top)->lrl_size) 5567c478bd9Sstevel@tonic-gate { 5577c478bd9Sstevel@tonic-gate /* Grow the list of SM_LDAP_RECURSE_ENTRY ptrs */ 558058561cbSjbeck olddata = (*top)->lrl_data; 559058561cbSjbeck if ((*top)->lrl_size == 0) 5607c478bd9Sstevel@tonic-gate { 5617c478bd9Sstevel@tonic-gate oldsizeb = 0; 562058561cbSjbeck (*top)->lrl_size = 256; 5637c478bd9Sstevel@tonic-gate } 5647c478bd9Sstevel@tonic-gate else 5657c478bd9Sstevel@tonic-gate { 566058561cbSjbeck oldsizeb = (*top)->lrl_size * sizeof *((*top)->lrl_data); 567058561cbSjbeck (*top)->lrl_size *= 2; 5687c478bd9Sstevel@tonic-gate } 569058561cbSjbeck (*top)->lrl_data = sm_rpool_malloc_x(rpool, 570058561cbSjbeck (*top)->lrl_size * sizeof *((*top)->lrl_data)); 5717c478bd9Sstevel@tonic-gate if (oldsizeb > 0) 572058561cbSjbeck memcpy((*top)->lrl_data, olddata, oldsizeb); 5737c478bd9Sstevel@tonic-gate } 5747c478bd9Sstevel@tonic-gate 5757c478bd9Sstevel@tonic-gate /* 5767c478bd9Sstevel@tonic-gate ** Binary search/insert item:type into list. 5777c478bd9Sstevel@tonic-gate ** Return current entry pointer if already exists. 5787c478bd9Sstevel@tonic-gate */ 5797c478bd9Sstevel@tonic-gate 5807c478bd9Sstevel@tonic-gate n = 0; 581058561cbSjbeck m = (*top)->lrl_cnt - 1; 5827c478bd9Sstevel@tonic-gate if (m < 0) 5837c478bd9Sstevel@tonic-gate insertat = 0; 5847c478bd9Sstevel@tonic-gate else 5857c478bd9Sstevel@tonic-gate insertat = -1; 5867c478bd9Sstevel@tonic-gate 5877c478bd9Sstevel@tonic-gate while (insertat == -1) 5887c478bd9Sstevel@tonic-gate { 5897c478bd9Sstevel@tonic-gate p = (m + n) / 2; 5907c478bd9Sstevel@tonic-gate 591058561cbSjbeck rc = sm_strcasecmp(item, (*top)->lrl_data[p]->lr_search); 5927c478bd9Sstevel@tonic-gate if (rc == 0) 593058561cbSjbeck rc = type - (*top)->lrl_data[p]->lr_type; 5947c478bd9Sstevel@tonic-gate 5957c478bd9Sstevel@tonic-gate if (rc < 0) 5967c478bd9Sstevel@tonic-gate m = p - 1; 5977c478bd9Sstevel@tonic-gate else if (rc > 0) 5987c478bd9Sstevel@tonic-gate n = p + 1; 5997c478bd9Sstevel@tonic-gate else 600058561cbSjbeck return (*top)->lrl_data[p]; 6017c478bd9Sstevel@tonic-gate 6027c478bd9Sstevel@tonic-gate if (m == -1) 6037c478bd9Sstevel@tonic-gate insertat = 0; 604058561cbSjbeck else if (n >= (*top)->lrl_cnt) 605058561cbSjbeck insertat = (*top)->lrl_cnt; 6067c478bd9Sstevel@tonic-gate else if (m < n) 6077c478bd9Sstevel@tonic-gate insertat = m + 1; 6087c478bd9Sstevel@tonic-gate } 6097c478bd9Sstevel@tonic-gate 6107c478bd9Sstevel@tonic-gate /* 6117c478bd9Sstevel@tonic-gate ** Not found in list, make room 6127c478bd9Sstevel@tonic-gate ** at insert point and add it. 6137c478bd9Sstevel@tonic-gate */ 6147c478bd9Sstevel@tonic-gate 6157c478bd9Sstevel@tonic-gate newe = sm_rpool_malloc_x(rpool, sizeof *newe); 6167c478bd9Sstevel@tonic-gate if (newe != NULL) 6177c478bd9Sstevel@tonic-gate { 618058561cbSjbeck moveb = ((*top)->lrl_cnt - insertat) * sizeof *((*top)->lrl_data); 6197c478bd9Sstevel@tonic-gate if (moveb > 0) 620058561cbSjbeck memmove(&((*top)->lrl_data[insertat + 1]), 621058561cbSjbeck &((*top)->lrl_data[insertat]), 6227c478bd9Sstevel@tonic-gate moveb); 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate newe->lr_search = sm_rpool_strdup_x(rpool, item); 6257c478bd9Sstevel@tonic-gate newe->lr_type = type; 6267c478bd9Sstevel@tonic-gate newe->lr_ludp = NULL; 6277c478bd9Sstevel@tonic-gate newe->lr_attrs = NULL; 6287c478bd9Sstevel@tonic-gate newe->lr_done = false; 6297c478bd9Sstevel@tonic-gate 630058561cbSjbeck ((*top)->lrl_data)[insertat] = newe; 631058561cbSjbeck (*top)->lrl_cnt++; 6327c478bd9Sstevel@tonic-gate } 6337c478bd9Sstevel@tonic-gate return newe; 6347c478bd9Sstevel@tonic-gate } 6357c478bd9Sstevel@tonic-gate 6367c478bd9Sstevel@tonic-gate int 6377c478bd9Sstevel@tonic-gate sm_ldap_results(lmap, msgid, flags, delim, rpool, result, 6387c478bd9Sstevel@tonic-gate resultln, resultsz, recurse) 6397c478bd9Sstevel@tonic-gate SM_LDAP_STRUCT *lmap; 6407c478bd9Sstevel@tonic-gate int msgid; 6417c478bd9Sstevel@tonic-gate int flags; 6427c478bd9Sstevel@tonic-gate int delim; 6437c478bd9Sstevel@tonic-gate SM_RPOOL_T *rpool; 6447c478bd9Sstevel@tonic-gate char **result; 6457c478bd9Sstevel@tonic-gate int *resultln; 6467c478bd9Sstevel@tonic-gate int *resultsz; 6477c478bd9Sstevel@tonic-gate SM_LDAP_RECURSE_LIST *recurse; 6487c478bd9Sstevel@tonic-gate { 6497c478bd9Sstevel@tonic-gate bool toplevel; 6507c478bd9Sstevel@tonic-gate int i; 6517c478bd9Sstevel@tonic-gate int statp; 6527c478bd9Sstevel@tonic-gate int vsize; 6537c478bd9Sstevel@tonic-gate int ret; 6547c478bd9Sstevel@tonic-gate int save_errno; 6557c478bd9Sstevel@tonic-gate char *p; 6567c478bd9Sstevel@tonic-gate SM_LDAP_RECURSE_ENTRY *rl; 6577c478bd9Sstevel@tonic-gate 6587c478bd9Sstevel@tonic-gate /* Are we the top top level of the search? */ 6597c478bd9Sstevel@tonic-gate toplevel = (recurse == NULL); 6607c478bd9Sstevel@tonic-gate 6617c478bd9Sstevel@tonic-gate /* Get results */ 6627c478bd9Sstevel@tonic-gate statp = EX_NOTFOUND; 6637c478bd9Sstevel@tonic-gate while ((ret = ldap_result(lmap->ldap_ld, msgid, 0, 6647c478bd9Sstevel@tonic-gate (lmap->ldap_timeout.tv_sec == 0 ? NULL : 6657c478bd9Sstevel@tonic-gate &(lmap->ldap_timeout)), 6667c478bd9Sstevel@tonic-gate &(lmap->ldap_res))) == LDAP_RES_SEARCH_ENTRY) 6677c478bd9Sstevel@tonic-gate { 6687c478bd9Sstevel@tonic-gate LDAPMessage *entry; 6697c478bd9Sstevel@tonic-gate 6707c478bd9Sstevel@tonic-gate /* If we don't want multiple values and we have one, break */ 6717c478bd9Sstevel@tonic-gate if ((char) delim == '\0' && 6727c478bd9Sstevel@tonic-gate !bitset(SM_LDAP_SINGLEMATCH, flags) && 6737c478bd9Sstevel@tonic-gate *result != NULL) 6747c478bd9Sstevel@tonic-gate break; 6757c478bd9Sstevel@tonic-gate 6767c478bd9Sstevel@tonic-gate /* Cycle through all entries */ 6777c478bd9Sstevel@tonic-gate for (entry = ldap_first_entry(lmap->ldap_ld, lmap->ldap_res); 6787c478bd9Sstevel@tonic-gate entry != NULL; 6797c478bd9Sstevel@tonic-gate entry = ldap_next_entry(lmap->ldap_ld, lmap->ldap_res)) 6807c478bd9Sstevel@tonic-gate { 6817c478bd9Sstevel@tonic-gate BerElement *ber; 6827c478bd9Sstevel@tonic-gate char *attr; 6837c478bd9Sstevel@tonic-gate char **vals = NULL; 6847c478bd9Sstevel@tonic-gate char *dn; 6857c478bd9Sstevel@tonic-gate 6867c478bd9Sstevel@tonic-gate /* 6877c478bd9Sstevel@tonic-gate ** If matching only and found an entry, 6887c478bd9Sstevel@tonic-gate ** no need to spin through attributes 6897c478bd9Sstevel@tonic-gate */ 6907c478bd9Sstevel@tonic-gate 6917c478bd9Sstevel@tonic-gate if (bitset(SM_LDAP_MATCHONLY, flags)) 6927c478bd9Sstevel@tonic-gate { 6937c478bd9Sstevel@tonic-gate statp = EX_OK; 6947c478bd9Sstevel@tonic-gate continue; 6957c478bd9Sstevel@tonic-gate } 6967c478bd9Sstevel@tonic-gate 69749218d4fSjbeck #if _FFR_LDAP_SINGLEDN 69849218d4fSjbeck if (bitset(SM_LDAP_SINGLEDN, flags) && *result != NULL) 69949218d4fSjbeck { 70049218d4fSjbeck /* only wanted one match */ 70149218d4fSjbeck SM_LDAP_ERROR_CLEANUP(); 70249218d4fSjbeck errno = ENOENT; 70349218d4fSjbeck return EX_NOTFOUND; 70449218d4fSjbeck } 70549218d4fSjbeck #endif /* _FFR_LDAP_SINGLEDN */ 70649218d4fSjbeck 7077c478bd9Sstevel@tonic-gate /* record completed DN's to prevent loops */ 7087c478bd9Sstevel@tonic-gate dn = ldap_get_dn(lmap->ldap_ld, entry); 7097c478bd9Sstevel@tonic-gate if (dn == NULL) 7107c478bd9Sstevel@tonic-gate { 7117c478bd9Sstevel@tonic-gate save_errno = sm_ldap_geterrno(lmap->ldap_ld); 7127c478bd9Sstevel@tonic-gate save_errno += E_LDAPBASE; 7137c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 7147c478bd9Sstevel@tonic-gate errno = save_errno; 7157c478bd9Sstevel@tonic-gate return EX_TEMPFAIL; 7167c478bd9Sstevel@tonic-gate } 7177c478bd9Sstevel@tonic-gate 7187c478bd9Sstevel@tonic-gate rl = sm_ldap_add_recurse(&recurse, dn, 7197c478bd9Sstevel@tonic-gate SM_LDAP_ATTR_DN, 7207c478bd9Sstevel@tonic-gate rpool); 7217c478bd9Sstevel@tonic-gate 7227c478bd9Sstevel@tonic-gate if (rl == NULL) 7237c478bd9Sstevel@tonic-gate { 7247c478bd9Sstevel@tonic-gate ldap_memfree(dn); 7257c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 7267c478bd9Sstevel@tonic-gate errno = ENOMEM; 7277c478bd9Sstevel@tonic-gate return EX_OSERR; 7287c478bd9Sstevel@tonic-gate } 7297c478bd9Sstevel@tonic-gate else if (rl->lr_done) 7307c478bd9Sstevel@tonic-gate { 7317c478bd9Sstevel@tonic-gate /* already on list, skip it */ 7327c478bd9Sstevel@tonic-gate ldap_memfree(dn); 7337c478bd9Sstevel@tonic-gate continue; 7347c478bd9Sstevel@tonic-gate } 7357c478bd9Sstevel@tonic-gate ldap_memfree(dn); 7367c478bd9Sstevel@tonic-gate 7377c478bd9Sstevel@tonic-gate # if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT) 7387c478bd9Sstevel@tonic-gate /* 7397c478bd9Sstevel@tonic-gate ** Reset value to prevent lingering 7407c478bd9Sstevel@tonic-gate ** LDAP_DECODING_ERROR due to 7417c478bd9Sstevel@tonic-gate ** OpenLDAP 1.X's hack (see below) 7427c478bd9Sstevel@tonic-gate */ 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate lmap->ldap_ld->ld_errno = LDAP_SUCCESS; 7457c478bd9Sstevel@tonic-gate # endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */ 7467c478bd9Sstevel@tonic-gate 7477c478bd9Sstevel@tonic-gate for (attr = ldap_first_attribute(lmap->ldap_ld, entry, 7487c478bd9Sstevel@tonic-gate &ber); 7497c478bd9Sstevel@tonic-gate attr != NULL; 7507c478bd9Sstevel@tonic-gate attr = ldap_next_attribute(lmap->ldap_ld, entry, 7517c478bd9Sstevel@tonic-gate ber)) 7527c478bd9Sstevel@tonic-gate { 7537c478bd9Sstevel@tonic-gate char *tmp, *vp_tmp; 7547c478bd9Sstevel@tonic-gate int type; 7557c478bd9Sstevel@tonic-gate char *needobjclass = NULL; 7567c478bd9Sstevel@tonic-gate 7577c478bd9Sstevel@tonic-gate type = SM_LDAP_ATTR_NONE; 7587c478bd9Sstevel@tonic-gate for (i = 0; lmap->ldap_attr[i] != NULL; i++) 7597c478bd9Sstevel@tonic-gate { 7607c478bd9Sstevel@tonic-gate if (sm_strcasecmp(lmap->ldap_attr[i], 7617c478bd9Sstevel@tonic-gate attr) == 0) 7627c478bd9Sstevel@tonic-gate { 7637c478bd9Sstevel@tonic-gate type = lmap->ldap_attr_type[i]; 7647c478bd9Sstevel@tonic-gate needobjclass = lmap->ldap_attr_needobjclass[i]; 7657c478bd9Sstevel@tonic-gate break; 7667c478bd9Sstevel@tonic-gate } 7677c478bd9Sstevel@tonic-gate } 7687c478bd9Sstevel@tonic-gate 7697c478bd9Sstevel@tonic-gate if (bitset(SM_LDAP_USE_ALLATTR, flags) && 7707c478bd9Sstevel@tonic-gate type == SM_LDAP_ATTR_NONE) 7717c478bd9Sstevel@tonic-gate { 7727c478bd9Sstevel@tonic-gate /* URL lookups specify attrs to use */ 7737c478bd9Sstevel@tonic-gate type = SM_LDAP_ATTR_NORMAL; 7747c478bd9Sstevel@tonic-gate needobjclass = NULL; 7757c478bd9Sstevel@tonic-gate } 7767c478bd9Sstevel@tonic-gate 7777c478bd9Sstevel@tonic-gate if (type == SM_LDAP_ATTR_NONE) 7787c478bd9Sstevel@tonic-gate { 7797c478bd9Sstevel@tonic-gate /* attribute not requested */ 7807c478bd9Sstevel@tonic-gate ldap_memfree(attr); 7817c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 7827c478bd9Sstevel@tonic-gate errno = EFAULT; 7837c478bd9Sstevel@tonic-gate return EX_SOFTWARE; 7847c478bd9Sstevel@tonic-gate } 7857c478bd9Sstevel@tonic-gate 7867c478bd9Sstevel@tonic-gate /* 7877c478bd9Sstevel@tonic-gate ** For recursion on a particular attribute, 7887c478bd9Sstevel@tonic-gate ** we may need to see if this entry is 7897c478bd9Sstevel@tonic-gate ** part of a particular objectclass. 7907c478bd9Sstevel@tonic-gate ** Also, ignore objectClass attribute. 7917c478bd9Sstevel@tonic-gate ** Otherwise we just ignore this attribute. 7927c478bd9Sstevel@tonic-gate */ 7937c478bd9Sstevel@tonic-gate 7947c478bd9Sstevel@tonic-gate if (type == SM_LDAP_ATTR_OBJCLASS || 7957c478bd9Sstevel@tonic-gate (needobjclass != NULL && 7967c478bd9Sstevel@tonic-gate !sm_ldap_has_objectclass(lmap, entry, 7977c478bd9Sstevel@tonic-gate needobjclass))) 7987c478bd9Sstevel@tonic-gate { 7997c478bd9Sstevel@tonic-gate ldap_memfree(attr); 8007c478bd9Sstevel@tonic-gate continue; 8017c478bd9Sstevel@tonic-gate } 8027c478bd9Sstevel@tonic-gate 8037c478bd9Sstevel@tonic-gate if (lmap->ldap_attrsonly == LDAPMAP_FALSE) 8047c478bd9Sstevel@tonic-gate { 8057c478bd9Sstevel@tonic-gate vals = ldap_get_values(lmap->ldap_ld, 8067c478bd9Sstevel@tonic-gate entry, 8077c478bd9Sstevel@tonic-gate attr); 8087c478bd9Sstevel@tonic-gate if (vals == NULL) 8097c478bd9Sstevel@tonic-gate { 8107c478bd9Sstevel@tonic-gate save_errno = sm_ldap_geterrno(lmap->ldap_ld); 8117c478bd9Sstevel@tonic-gate if (save_errno == LDAP_SUCCESS) 8127c478bd9Sstevel@tonic-gate { 8137c478bd9Sstevel@tonic-gate ldap_memfree(attr); 8147c478bd9Sstevel@tonic-gate continue; 8157c478bd9Sstevel@tonic-gate } 8167c478bd9Sstevel@tonic-gate 8177c478bd9Sstevel@tonic-gate /* Must be an error */ 8187c478bd9Sstevel@tonic-gate save_errno += E_LDAPBASE; 8197c478bd9Sstevel@tonic-gate ldap_memfree(attr); 8207c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 8217c478bd9Sstevel@tonic-gate errno = save_errno; 8227c478bd9Sstevel@tonic-gate return EX_TEMPFAIL; 8237c478bd9Sstevel@tonic-gate } 8247c478bd9Sstevel@tonic-gate } 8257c478bd9Sstevel@tonic-gate 8267c478bd9Sstevel@tonic-gate statp = EX_OK; 8277c478bd9Sstevel@tonic-gate 8287c478bd9Sstevel@tonic-gate # if !defined(LDAP_VERSION_MAX) && !defined(LDAP_OPT_SIZELIMIT) 8297c478bd9Sstevel@tonic-gate /* 8307c478bd9Sstevel@tonic-gate ** Reset value to prevent lingering 8317c478bd9Sstevel@tonic-gate ** LDAP_DECODING_ERROR due to 8327c478bd9Sstevel@tonic-gate ** OpenLDAP 1.X's hack (see below) 8337c478bd9Sstevel@tonic-gate */ 8347c478bd9Sstevel@tonic-gate 8357c478bd9Sstevel@tonic-gate lmap->ldap_ld->ld_errno = LDAP_SUCCESS; 8367c478bd9Sstevel@tonic-gate # endif /* !defined(LDAP_VERSION_MAX) !defined(LDAP_OPT_SIZELIMIT) */ 8377c478bd9Sstevel@tonic-gate 8387c478bd9Sstevel@tonic-gate /* 8397c478bd9Sstevel@tonic-gate ** If matching only, 8407c478bd9Sstevel@tonic-gate ** no need to spin through entries 8417c478bd9Sstevel@tonic-gate */ 8427c478bd9Sstevel@tonic-gate 8437c478bd9Sstevel@tonic-gate if (bitset(SM_LDAP_MATCHONLY, flags)) 8447c478bd9Sstevel@tonic-gate { 8457c478bd9Sstevel@tonic-gate if (lmap->ldap_attrsonly == LDAPMAP_FALSE) 8467c478bd9Sstevel@tonic-gate ldap_value_free(vals); 8477c478bd9Sstevel@tonic-gate ldap_memfree(attr); 8487c478bd9Sstevel@tonic-gate continue; 8497c478bd9Sstevel@tonic-gate } 8507c478bd9Sstevel@tonic-gate 8517c478bd9Sstevel@tonic-gate /* 8527c478bd9Sstevel@tonic-gate ** If we don't want multiple values, 8537c478bd9Sstevel@tonic-gate ** return first found. 8547c478bd9Sstevel@tonic-gate */ 8557c478bd9Sstevel@tonic-gate 8567c478bd9Sstevel@tonic-gate if ((char) delim == '\0') 8577c478bd9Sstevel@tonic-gate { 8587c478bd9Sstevel@tonic-gate if (*result != NULL) 8597c478bd9Sstevel@tonic-gate { 8607c478bd9Sstevel@tonic-gate /* already have a value */ 8617c478bd9Sstevel@tonic-gate if (bitset(SM_LDAP_SINGLEMATCH, 8627c478bd9Sstevel@tonic-gate flags)) 8637c478bd9Sstevel@tonic-gate { 8647c478bd9Sstevel@tonic-gate /* only wanted one match */ 8657c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 8667c478bd9Sstevel@tonic-gate errno = ENOENT; 8677c478bd9Sstevel@tonic-gate return EX_NOTFOUND; 8687c478bd9Sstevel@tonic-gate } 8697c478bd9Sstevel@tonic-gate break; 8707c478bd9Sstevel@tonic-gate } 8717c478bd9Sstevel@tonic-gate 8727c478bd9Sstevel@tonic-gate if (lmap->ldap_attrsonly == LDAPMAP_TRUE) 8737c478bd9Sstevel@tonic-gate { 8747c478bd9Sstevel@tonic-gate *result = sm_rpool_strdup_x(rpool, 8757c478bd9Sstevel@tonic-gate attr); 8767c478bd9Sstevel@tonic-gate ldap_memfree(attr); 8777c478bd9Sstevel@tonic-gate break; 8787c478bd9Sstevel@tonic-gate } 8797c478bd9Sstevel@tonic-gate 8807c478bd9Sstevel@tonic-gate if (vals[0] == NULL) 8817c478bd9Sstevel@tonic-gate { 8827c478bd9Sstevel@tonic-gate ldap_value_free(vals); 8837c478bd9Sstevel@tonic-gate ldap_memfree(attr); 8847c478bd9Sstevel@tonic-gate continue; 8857c478bd9Sstevel@tonic-gate } 8867c478bd9Sstevel@tonic-gate 8877c478bd9Sstevel@tonic-gate vsize = strlen(vals[0]) + 1; 8887c478bd9Sstevel@tonic-gate if (lmap->ldap_attrsep != '\0') 8897c478bd9Sstevel@tonic-gate vsize += strlen(attr) + 1; 8907c478bd9Sstevel@tonic-gate *result = sm_rpool_malloc_x(rpool, 8917c478bd9Sstevel@tonic-gate vsize); 8927c478bd9Sstevel@tonic-gate if (lmap->ldap_attrsep != '\0') 8937c478bd9Sstevel@tonic-gate sm_snprintf(*result, vsize, 8947c478bd9Sstevel@tonic-gate "%s%c%s", 8957c478bd9Sstevel@tonic-gate attr, 8967c478bd9Sstevel@tonic-gate lmap->ldap_attrsep, 8977c478bd9Sstevel@tonic-gate vals[0]); 8987c478bd9Sstevel@tonic-gate else 8997c478bd9Sstevel@tonic-gate sm_strlcpy(*result, vals[0], 9007c478bd9Sstevel@tonic-gate vsize); 9017c478bd9Sstevel@tonic-gate ldap_value_free(vals); 9027c478bd9Sstevel@tonic-gate ldap_memfree(attr); 9037c478bd9Sstevel@tonic-gate break; 9047c478bd9Sstevel@tonic-gate } 9057c478bd9Sstevel@tonic-gate 9067c478bd9Sstevel@tonic-gate /* attributes only */ 9077c478bd9Sstevel@tonic-gate if (lmap->ldap_attrsonly == LDAPMAP_TRUE) 9087c478bd9Sstevel@tonic-gate { 9097c478bd9Sstevel@tonic-gate if (*result == NULL) 9107c478bd9Sstevel@tonic-gate *result = sm_rpool_strdup_x(rpool, 9117c478bd9Sstevel@tonic-gate attr); 9127c478bd9Sstevel@tonic-gate else 9137c478bd9Sstevel@tonic-gate { 9147c478bd9Sstevel@tonic-gate if (bitset(SM_LDAP_SINGLEMATCH, 9157c478bd9Sstevel@tonic-gate flags) && 9167c478bd9Sstevel@tonic-gate *result != NULL) 9177c478bd9Sstevel@tonic-gate { 9187c478bd9Sstevel@tonic-gate /* only wanted one match */ 9197c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 9207c478bd9Sstevel@tonic-gate errno = ENOENT; 9217c478bd9Sstevel@tonic-gate return EX_NOTFOUND; 9227c478bd9Sstevel@tonic-gate } 9237c478bd9Sstevel@tonic-gate 9247c478bd9Sstevel@tonic-gate vsize = strlen(*result) + 9257c478bd9Sstevel@tonic-gate strlen(attr) + 2; 9267c478bd9Sstevel@tonic-gate tmp = sm_rpool_malloc_x(rpool, 9277c478bd9Sstevel@tonic-gate vsize); 9287c478bd9Sstevel@tonic-gate (void) sm_snprintf(tmp, 9297c478bd9Sstevel@tonic-gate vsize, "%s%c%s", 9307c478bd9Sstevel@tonic-gate *result, (char) delim, 9317c478bd9Sstevel@tonic-gate attr); 9327c478bd9Sstevel@tonic-gate *result = tmp; 9337c478bd9Sstevel@tonic-gate } 9347c478bd9Sstevel@tonic-gate ldap_memfree(attr); 9357c478bd9Sstevel@tonic-gate continue; 9367c478bd9Sstevel@tonic-gate } 9377c478bd9Sstevel@tonic-gate 9387c478bd9Sstevel@tonic-gate /* 9397c478bd9Sstevel@tonic-gate ** If there is more than one, munge then 9407c478bd9Sstevel@tonic-gate ** into a map_coldelim separated string. 9417c478bd9Sstevel@tonic-gate ** If we are recursing we may have an entry 9427c478bd9Sstevel@tonic-gate ** with no 'normal' values to put in the 9437c478bd9Sstevel@tonic-gate ** string. 9447c478bd9Sstevel@tonic-gate ** This is not an error. 9457c478bd9Sstevel@tonic-gate */ 9467c478bd9Sstevel@tonic-gate 9477c478bd9Sstevel@tonic-gate if (type == SM_LDAP_ATTR_NORMAL && 9487c478bd9Sstevel@tonic-gate bitset(SM_LDAP_SINGLEMATCH, flags) && 9497c478bd9Sstevel@tonic-gate *result != NULL) 9507c478bd9Sstevel@tonic-gate { 9517c478bd9Sstevel@tonic-gate /* only wanted one match */ 9527c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 9537c478bd9Sstevel@tonic-gate errno = ENOENT; 9547c478bd9Sstevel@tonic-gate return EX_NOTFOUND; 9557c478bd9Sstevel@tonic-gate } 9567c478bd9Sstevel@tonic-gate 9577c478bd9Sstevel@tonic-gate vsize = 0; 9587c478bd9Sstevel@tonic-gate for (i = 0; vals[i] != NULL; i++) 9597c478bd9Sstevel@tonic-gate { 9607c478bd9Sstevel@tonic-gate if (type == SM_LDAP_ATTR_DN || 9617c478bd9Sstevel@tonic-gate type == SM_LDAP_ATTR_FILTER || 9627c478bd9Sstevel@tonic-gate type == SM_LDAP_ATTR_URL) 9637c478bd9Sstevel@tonic-gate { 9647c478bd9Sstevel@tonic-gate /* add to recursion */ 9657c478bd9Sstevel@tonic-gate if (sm_ldap_add_recurse(&recurse, 9667c478bd9Sstevel@tonic-gate vals[i], 9677c478bd9Sstevel@tonic-gate type, 9687c478bd9Sstevel@tonic-gate rpool) == NULL) 9697c478bd9Sstevel@tonic-gate { 9707c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 9717c478bd9Sstevel@tonic-gate errno = ENOMEM; 9727c478bd9Sstevel@tonic-gate return EX_OSERR; 9737c478bd9Sstevel@tonic-gate } 9747c478bd9Sstevel@tonic-gate continue; 9757c478bd9Sstevel@tonic-gate } 9767c478bd9Sstevel@tonic-gate 9777c478bd9Sstevel@tonic-gate vsize += strlen(vals[i]) + 1; 9787c478bd9Sstevel@tonic-gate if (lmap->ldap_attrsep != '\0') 9797c478bd9Sstevel@tonic-gate vsize += strlen(attr) + 1; 9807c478bd9Sstevel@tonic-gate } 9817c478bd9Sstevel@tonic-gate 9827c478bd9Sstevel@tonic-gate /* 9837c478bd9Sstevel@tonic-gate ** Create/Append to string any normal 9847c478bd9Sstevel@tonic-gate ** attribute values. Otherwise, just free 9857c478bd9Sstevel@tonic-gate ** memory and move on to the next 9867c478bd9Sstevel@tonic-gate ** attribute in this entry. 9877c478bd9Sstevel@tonic-gate */ 9887c478bd9Sstevel@tonic-gate 9897c478bd9Sstevel@tonic-gate if (type == SM_LDAP_ATTR_NORMAL && vsize > 0) 9907c478bd9Sstevel@tonic-gate { 9917c478bd9Sstevel@tonic-gate char *pe; 9927c478bd9Sstevel@tonic-gate 9937c478bd9Sstevel@tonic-gate /* Grow result string if needed */ 9947c478bd9Sstevel@tonic-gate if ((*resultln + vsize) >= *resultsz) 9957c478bd9Sstevel@tonic-gate { 9967c478bd9Sstevel@tonic-gate while ((*resultln + vsize) >= *resultsz) 9977c478bd9Sstevel@tonic-gate { 9987c478bd9Sstevel@tonic-gate if (*resultsz == 0) 9997c478bd9Sstevel@tonic-gate *resultsz = 1024; 10007c478bd9Sstevel@tonic-gate else 10017c478bd9Sstevel@tonic-gate *resultsz *= 2; 10027c478bd9Sstevel@tonic-gate } 10037c478bd9Sstevel@tonic-gate 10047c478bd9Sstevel@tonic-gate vp_tmp = sm_rpool_malloc_x(rpool, *resultsz); 10057c478bd9Sstevel@tonic-gate *vp_tmp = '\0'; 10067c478bd9Sstevel@tonic-gate 10077c478bd9Sstevel@tonic-gate if (*result != NULL) 10087c478bd9Sstevel@tonic-gate sm_strlcpy(vp_tmp, 10097c478bd9Sstevel@tonic-gate *result, 10107c478bd9Sstevel@tonic-gate *resultsz); 10117c478bd9Sstevel@tonic-gate *result = vp_tmp; 10127c478bd9Sstevel@tonic-gate } 10137c478bd9Sstevel@tonic-gate 10147c478bd9Sstevel@tonic-gate p = *result + *resultln; 10157c478bd9Sstevel@tonic-gate pe = *result + *resultsz; 10167c478bd9Sstevel@tonic-gate 10177c478bd9Sstevel@tonic-gate for (i = 0; vals[i] != NULL; i++) 10187c478bd9Sstevel@tonic-gate { 10197c478bd9Sstevel@tonic-gate if (*resultln > 0 && 10207c478bd9Sstevel@tonic-gate p < pe) 10217c478bd9Sstevel@tonic-gate *p++ = (char) delim; 10227c478bd9Sstevel@tonic-gate 10237c478bd9Sstevel@tonic-gate if (lmap->ldap_attrsep != '\0') 10247c478bd9Sstevel@tonic-gate { 10257c478bd9Sstevel@tonic-gate p += sm_strlcpy(p, attr, 10267c478bd9Sstevel@tonic-gate pe - p); 10277c478bd9Sstevel@tonic-gate if (p < pe) 10287c478bd9Sstevel@tonic-gate *p++ = lmap->ldap_attrsep; 10297c478bd9Sstevel@tonic-gate } 10307c478bd9Sstevel@tonic-gate 10317c478bd9Sstevel@tonic-gate p += sm_strlcpy(p, vals[i], 10327c478bd9Sstevel@tonic-gate pe - p); 10337c478bd9Sstevel@tonic-gate *resultln = p - (*result); 10347c478bd9Sstevel@tonic-gate if (p >= pe) 10357c478bd9Sstevel@tonic-gate { 10367c478bd9Sstevel@tonic-gate /* Internal error: buffer too small for LDAP values */ 10377c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 10387c478bd9Sstevel@tonic-gate errno = ENOMEM; 10397c478bd9Sstevel@tonic-gate return EX_OSERR; 10407c478bd9Sstevel@tonic-gate } 10417c478bd9Sstevel@tonic-gate } 10427c478bd9Sstevel@tonic-gate } 10437c478bd9Sstevel@tonic-gate 10447c478bd9Sstevel@tonic-gate ldap_value_free(vals); 10457c478bd9Sstevel@tonic-gate ldap_memfree(attr); 10467c478bd9Sstevel@tonic-gate } 10477c478bd9Sstevel@tonic-gate save_errno = sm_ldap_geterrno(lmap->ldap_ld); 10487c478bd9Sstevel@tonic-gate 10497c478bd9Sstevel@tonic-gate /* 10507c478bd9Sstevel@tonic-gate ** We check save_errno != LDAP_DECODING_ERROR since 10517c478bd9Sstevel@tonic-gate ** OpenLDAP 1.X has a very ugly *undocumented* 10527c478bd9Sstevel@tonic-gate ** hack of returning this error code from 10537c478bd9Sstevel@tonic-gate ** ldap_next_attribute() if the library freed the 10547c478bd9Sstevel@tonic-gate ** ber attribute. See: 10557c478bd9Sstevel@tonic-gate ** http://www.openldap.org/lists/openldap-devel/9901/msg00064.html 10567c478bd9Sstevel@tonic-gate */ 10577c478bd9Sstevel@tonic-gate 10587c478bd9Sstevel@tonic-gate if (save_errno != LDAP_SUCCESS && 10597c478bd9Sstevel@tonic-gate save_errno != LDAP_DECODING_ERROR) 10607c478bd9Sstevel@tonic-gate { 10617c478bd9Sstevel@tonic-gate /* Must be an error */ 10627c478bd9Sstevel@tonic-gate save_errno += E_LDAPBASE; 10637c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 10647c478bd9Sstevel@tonic-gate errno = save_errno; 10657c478bd9Sstevel@tonic-gate return EX_TEMPFAIL; 10667c478bd9Sstevel@tonic-gate } 10677c478bd9Sstevel@tonic-gate 10687c478bd9Sstevel@tonic-gate /* mark this DN as done */ 10697c478bd9Sstevel@tonic-gate rl->lr_done = true; 10707c478bd9Sstevel@tonic-gate if (rl->lr_ludp != NULL) 10717c478bd9Sstevel@tonic-gate { 10727c478bd9Sstevel@tonic-gate ldap_free_urldesc(rl->lr_ludp); 10737c478bd9Sstevel@tonic-gate rl->lr_ludp = NULL; 10747c478bd9Sstevel@tonic-gate } 10757c478bd9Sstevel@tonic-gate if (rl->lr_attrs != NULL) 10767c478bd9Sstevel@tonic-gate { 10777c478bd9Sstevel@tonic-gate free(rl->lr_attrs); 10787c478bd9Sstevel@tonic-gate rl->lr_attrs = NULL; 10797c478bd9Sstevel@tonic-gate } 10807c478bd9Sstevel@tonic-gate 10817c478bd9Sstevel@tonic-gate /* We don't want multiple values and we have one */ 10827c478bd9Sstevel@tonic-gate if ((char) delim == '\0' && 10837c478bd9Sstevel@tonic-gate !bitset(SM_LDAP_SINGLEMATCH, flags) && 10847c478bd9Sstevel@tonic-gate *result != NULL) 10857c478bd9Sstevel@tonic-gate break; 10867c478bd9Sstevel@tonic-gate } 10877c478bd9Sstevel@tonic-gate save_errno = sm_ldap_geterrno(lmap->ldap_ld); 10887c478bd9Sstevel@tonic-gate if (save_errno != LDAP_SUCCESS && 10897c478bd9Sstevel@tonic-gate save_errno != LDAP_DECODING_ERROR) 10907c478bd9Sstevel@tonic-gate { 10917c478bd9Sstevel@tonic-gate /* Must be an error */ 10927c478bd9Sstevel@tonic-gate save_errno += E_LDAPBASE; 10937c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 10947c478bd9Sstevel@tonic-gate errno = save_errno; 10957c478bd9Sstevel@tonic-gate return EX_TEMPFAIL; 10967c478bd9Sstevel@tonic-gate } 10977c478bd9Sstevel@tonic-gate ldap_msgfree(lmap->ldap_res); 10987c478bd9Sstevel@tonic-gate lmap->ldap_res = NULL; 10997c478bd9Sstevel@tonic-gate } 11007c478bd9Sstevel@tonic-gate 11017c478bd9Sstevel@tonic-gate if (ret == 0) 11027c478bd9Sstevel@tonic-gate save_errno = ETIMEDOUT; 11037c478bd9Sstevel@tonic-gate else 11047c478bd9Sstevel@tonic-gate save_errno = sm_ldap_geterrno(lmap->ldap_ld); 11057c478bd9Sstevel@tonic-gate if (save_errno != LDAP_SUCCESS) 11067c478bd9Sstevel@tonic-gate { 11077c478bd9Sstevel@tonic-gate statp = EX_TEMPFAIL; 11087c478bd9Sstevel@tonic-gate switch (save_errno) 11097c478bd9Sstevel@tonic-gate { 11107c478bd9Sstevel@tonic-gate #ifdef LDAP_SERVER_DOWN 11117c478bd9Sstevel@tonic-gate case LDAP_SERVER_DOWN: 11127c478bd9Sstevel@tonic-gate #endif /* LDAP_SERVER_DOWN */ 11137c478bd9Sstevel@tonic-gate case LDAP_TIMEOUT: 1114*7800901eSjbeck case ETIMEDOUT: 11157c478bd9Sstevel@tonic-gate case LDAP_UNAVAILABLE: 11167c478bd9Sstevel@tonic-gate 11177c478bd9Sstevel@tonic-gate /* 11187c478bd9Sstevel@tonic-gate ** server disappeared, 11197c478bd9Sstevel@tonic-gate ** try reopen on next search 11207c478bd9Sstevel@tonic-gate */ 11217c478bd9Sstevel@tonic-gate 11227c478bd9Sstevel@tonic-gate statp = EX_RESTART; 11237c478bd9Sstevel@tonic-gate break; 11247c478bd9Sstevel@tonic-gate } 1125*7800901eSjbeck if (ret != 0) 11267c478bd9Sstevel@tonic-gate save_errno += E_LDAPBASE; 11277c478bd9Sstevel@tonic-gate SM_LDAP_ERROR_CLEANUP(); 11287c478bd9Sstevel@tonic-gate errno = save_errno; 11297c478bd9Sstevel@tonic-gate return statp; 11307c478bd9Sstevel@tonic-gate } 11317c478bd9Sstevel@tonic-gate 11327c478bd9Sstevel@tonic-gate if (lmap->ldap_res != NULL) 11337c478bd9Sstevel@tonic-gate { 11347c478bd9Sstevel@tonic-gate ldap_msgfree(lmap->ldap_res); 11357c478bd9Sstevel@tonic-gate lmap->ldap_res = NULL; 11367c478bd9Sstevel@tonic-gate } 11377c478bd9Sstevel@tonic-gate 11387c478bd9Sstevel@tonic-gate if (toplevel) 11397c478bd9Sstevel@tonic-gate { 11407c478bd9Sstevel@tonic-gate int rlidx; 11417c478bd9Sstevel@tonic-gate 11427c478bd9Sstevel@tonic-gate /* 11437c478bd9Sstevel@tonic-gate ** Spin through the built-up recurse list at the top 11447c478bd9Sstevel@tonic-gate ** of the recursion. Since new items are added at the 11457c478bd9Sstevel@tonic-gate ** end of the shared list, we actually only ever get 11467c478bd9Sstevel@tonic-gate ** one level of recursion before things pop back to the 11477c478bd9Sstevel@tonic-gate ** top. Any items added to the list during that recursion 11487c478bd9Sstevel@tonic-gate ** will be expanded by the top level. 11497c478bd9Sstevel@tonic-gate */ 11507c478bd9Sstevel@tonic-gate 1151058561cbSjbeck for (rlidx = 0; recurse != NULL && rlidx < recurse->lrl_cnt; 1152058561cbSjbeck rlidx++) 11537c478bd9Sstevel@tonic-gate { 11547c478bd9Sstevel@tonic-gate int newflags; 11557c478bd9Sstevel@tonic-gate int sid; 11567c478bd9Sstevel@tonic-gate int status; 11577c478bd9Sstevel@tonic-gate 1158058561cbSjbeck rl = recurse->lrl_data[rlidx]; 11597c478bd9Sstevel@tonic-gate 11607c478bd9Sstevel@tonic-gate newflags = flags; 11617c478bd9Sstevel@tonic-gate if (rl->lr_done) 11627c478bd9Sstevel@tonic-gate { 11637c478bd9Sstevel@tonic-gate /* already expanded */ 11647c478bd9Sstevel@tonic-gate continue; 11657c478bd9Sstevel@tonic-gate } 11667c478bd9Sstevel@tonic-gate 11677c478bd9Sstevel@tonic-gate if (rl->lr_type == SM_LDAP_ATTR_DN) 11687c478bd9Sstevel@tonic-gate { 11697c478bd9Sstevel@tonic-gate /* do DN search */ 11707c478bd9Sstevel@tonic-gate sid = ldap_search(lmap->ldap_ld, 11717c478bd9Sstevel@tonic-gate rl->lr_search, 11727c478bd9Sstevel@tonic-gate lmap->ldap_scope, 11737c478bd9Sstevel@tonic-gate "(objectClass=*)", 11747c478bd9Sstevel@tonic-gate (lmap->ldap_attr[0] == NULL ? 11757c478bd9Sstevel@tonic-gate NULL : lmap->ldap_attr), 11767c478bd9Sstevel@tonic-gate lmap->ldap_attrsonly); 11777c478bd9Sstevel@tonic-gate } 11787c478bd9Sstevel@tonic-gate else if (rl->lr_type == SM_LDAP_ATTR_FILTER) 11797c478bd9Sstevel@tonic-gate { 11807c478bd9Sstevel@tonic-gate /* do new search */ 11817c478bd9Sstevel@tonic-gate sid = ldap_search(lmap->ldap_ld, 11827c478bd9Sstevel@tonic-gate lmap->ldap_base, 11837c478bd9Sstevel@tonic-gate lmap->ldap_scope, 11847c478bd9Sstevel@tonic-gate rl->lr_search, 11857c478bd9Sstevel@tonic-gate (lmap->ldap_attr[0] == NULL ? 11867c478bd9Sstevel@tonic-gate NULL : lmap->ldap_attr), 11877c478bd9Sstevel@tonic-gate lmap->ldap_attrsonly); 11887c478bd9Sstevel@tonic-gate } 11897c478bd9Sstevel@tonic-gate else if (rl->lr_type == SM_LDAP_ATTR_URL) 11907c478bd9Sstevel@tonic-gate { 11917c478bd9Sstevel@tonic-gate /* Parse URL */ 11927c478bd9Sstevel@tonic-gate sid = ldap_url_parse(rl->lr_search, 11937c478bd9Sstevel@tonic-gate &rl->lr_ludp); 11947c478bd9Sstevel@tonic-gate 11957c478bd9Sstevel@tonic-gate if (sid != 0) 11967c478bd9Sstevel@tonic-gate { 11977c478bd9Sstevel@tonic-gate errno = sid + E_LDAPURLBASE; 11987c478bd9Sstevel@tonic-gate return EX_TEMPFAIL; 11997c478bd9Sstevel@tonic-gate } 12007c478bd9Sstevel@tonic-gate 12017c478bd9Sstevel@tonic-gate /* We need to add objectClass */ 12027c478bd9Sstevel@tonic-gate if (rl->lr_ludp->lud_attrs != NULL) 12037c478bd9Sstevel@tonic-gate { 12047c478bd9Sstevel@tonic-gate int attrnum = 0; 12057c478bd9Sstevel@tonic-gate 12067c478bd9Sstevel@tonic-gate while (rl->lr_ludp->lud_attrs[attrnum] != NULL) 12077c478bd9Sstevel@tonic-gate { 12087c478bd9Sstevel@tonic-gate if (strcasecmp(rl->lr_ludp->lud_attrs[attrnum], 12097c478bd9Sstevel@tonic-gate "objectClass") == 0) 12107c478bd9Sstevel@tonic-gate { 12117c478bd9Sstevel@tonic-gate /* already requested */ 12127c478bd9Sstevel@tonic-gate attrnum = -1; 12137c478bd9Sstevel@tonic-gate break; 12147c478bd9Sstevel@tonic-gate } 12157c478bd9Sstevel@tonic-gate attrnum++; 12167c478bd9Sstevel@tonic-gate } 12177c478bd9Sstevel@tonic-gate 12187c478bd9Sstevel@tonic-gate if (attrnum >= 0) 12197c478bd9Sstevel@tonic-gate { 12207c478bd9Sstevel@tonic-gate int i; 12217c478bd9Sstevel@tonic-gate 12227c478bd9Sstevel@tonic-gate rl->lr_attrs = (char **)malloc(sizeof(char *) * (attrnum + 2)); 12237c478bd9Sstevel@tonic-gate if (rl->lr_attrs == NULL) 12247c478bd9Sstevel@tonic-gate { 12257c478bd9Sstevel@tonic-gate save_errno = errno; 12267c478bd9Sstevel@tonic-gate ldap_free_urldesc(rl->lr_ludp); 12277c478bd9Sstevel@tonic-gate errno = save_errno; 12287c478bd9Sstevel@tonic-gate return EX_TEMPFAIL; 12297c478bd9Sstevel@tonic-gate } 12307c478bd9Sstevel@tonic-gate for (i = 0 ; i < attrnum; i++) 12317c478bd9Sstevel@tonic-gate { 12327c478bd9Sstevel@tonic-gate rl->lr_attrs[i] = rl->lr_ludp->lud_attrs[i]; 12337c478bd9Sstevel@tonic-gate } 12347c478bd9Sstevel@tonic-gate rl->lr_attrs[i++] = "objectClass"; 12357c478bd9Sstevel@tonic-gate rl->lr_attrs[i++] = NULL; 12367c478bd9Sstevel@tonic-gate } 12377c478bd9Sstevel@tonic-gate } 12387c478bd9Sstevel@tonic-gate 12397c478bd9Sstevel@tonic-gate /* 12407c478bd9Sstevel@tonic-gate ** Use the existing connection 12417c478bd9Sstevel@tonic-gate ** for this search. It really 12427c478bd9Sstevel@tonic-gate ** should use lud_scheme://lud_host:lud_port/ 12437c478bd9Sstevel@tonic-gate ** instead but that would require 12447c478bd9Sstevel@tonic-gate ** opening a new connection. 12457c478bd9Sstevel@tonic-gate ** This should be fixed ASAP. 12467c478bd9Sstevel@tonic-gate */ 12477c478bd9Sstevel@tonic-gate 12487c478bd9Sstevel@tonic-gate sid = ldap_search(lmap->ldap_ld, 12497c478bd9Sstevel@tonic-gate rl->lr_ludp->lud_dn, 12507c478bd9Sstevel@tonic-gate rl->lr_ludp->lud_scope, 12517c478bd9Sstevel@tonic-gate rl->lr_ludp->lud_filter, 12527c478bd9Sstevel@tonic-gate rl->lr_attrs, 12537c478bd9Sstevel@tonic-gate lmap->ldap_attrsonly); 12547c478bd9Sstevel@tonic-gate 12557c478bd9Sstevel@tonic-gate /* Use the attributes specified by URL */ 12567c478bd9Sstevel@tonic-gate newflags |= SM_LDAP_USE_ALLATTR; 12577c478bd9Sstevel@tonic-gate } 12587c478bd9Sstevel@tonic-gate else 12597c478bd9Sstevel@tonic-gate { 12607c478bd9Sstevel@tonic-gate /* unknown or illegal attribute type */ 12617c478bd9Sstevel@tonic-gate errno = EFAULT; 12627c478bd9Sstevel@tonic-gate return EX_SOFTWARE; 12637c478bd9Sstevel@tonic-gate } 12647c478bd9Sstevel@tonic-gate 12657c478bd9Sstevel@tonic-gate /* Collect results */ 12667c478bd9Sstevel@tonic-gate if (sid == -1) 12677c478bd9Sstevel@tonic-gate { 12687c478bd9Sstevel@tonic-gate save_errno = sm_ldap_geterrno(lmap->ldap_ld); 12697c478bd9Sstevel@tonic-gate statp = EX_TEMPFAIL; 12707c478bd9Sstevel@tonic-gate switch (save_errno) 12717c478bd9Sstevel@tonic-gate { 12727c478bd9Sstevel@tonic-gate #ifdef LDAP_SERVER_DOWN 12737c478bd9Sstevel@tonic-gate case LDAP_SERVER_DOWN: 12747c478bd9Sstevel@tonic-gate #endif /* LDAP_SERVER_DOWN */ 12757c478bd9Sstevel@tonic-gate case LDAP_TIMEOUT: 1276*7800901eSjbeck case ETIMEDOUT: 12777c478bd9Sstevel@tonic-gate case LDAP_UNAVAILABLE: 12787c478bd9Sstevel@tonic-gate 12797c478bd9Sstevel@tonic-gate /* 12807c478bd9Sstevel@tonic-gate ** server disappeared, 12817c478bd9Sstevel@tonic-gate ** try reopen on next search 12827c478bd9Sstevel@tonic-gate */ 12837c478bd9Sstevel@tonic-gate 12847c478bd9Sstevel@tonic-gate statp = EX_RESTART; 12857c478bd9Sstevel@tonic-gate break; 12867c478bd9Sstevel@tonic-gate } 12877c478bd9Sstevel@tonic-gate errno = save_errno + E_LDAPBASE; 12887c478bd9Sstevel@tonic-gate return statp; 12897c478bd9Sstevel@tonic-gate } 12907c478bd9Sstevel@tonic-gate 12917c478bd9Sstevel@tonic-gate status = sm_ldap_results(lmap, sid, newflags, delim, 12927c478bd9Sstevel@tonic-gate rpool, result, resultln, 12937c478bd9Sstevel@tonic-gate resultsz, recurse); 12947c478bd9Sstevel@tonic-gate save_errno = errno; 12957c478bd9Sstevel@tonic-gate if (status != EX_OK && status != EX_NOTFOUND) 12967c478bd9Sstevel@tonic-gate { 12977c478bd9Sstevel@tonic-gate errno = save_errno; 12987c478bd9Sstevel@tonic-gate return status; 12997c478bd9Sstevel@tonic-gate } 13007c478bd9Sstevel@tonic-gate 13017c478bd9Sstevel@tonic-gate /* Mark as done */ 13027c478bd9Sstevel@tonic-gate rl->lr_done = true; 13037c478bd9Sstevel@tonic-gate if (rl->lr_ludp != NULL) 13047c478bd9Sstevel@tonic-gate { 13057c478bd9Sstevel@tonic-gate ldap_free_urldesc(rl->lr_ludp); 13067c478bd9Sstevel@tonic-gate rl->lr_ludp = NULL; 13077c478bd9Sstevel@tonic-gate } 13087c478bd9Sstevel@tonic-gate if (rl->lr_attrs != NULL) 13097c478bd9Sstevel@tonic-gate { 13107c478bd9Sstevel@tonic-gate free(rl->lr_attrs); 13117c478bd9Sstevel@tonic-gate rl->lr_attrs = NULL; 13127c478bd9Sstevel@tonic-gate } 13137c478bd9Sstevel@tonic-gate 13147c478bd9Sstevel@tonic-gate /* Reset rlidx as new items may have been added */ 13157c478bd9Sstevel@tonic-gate rlidx = -1; 13167c478bd9Sstevel@tonic-gate } 13177c478bd9Sstevel@tonic-gate } 13187c478bd9Sstevel@tonic-gate return statp; 13197c478bd9Sstevel@tonic-gate } 13207c478bd9Sstevel@tonic-gate 13217c478bd9Sstevel@tonic-gate /* 13227c478bd9Sstevel@tonic-gate ** SM_LDAP_CLOSE -- close LDAP connection 13237c478bd9Sstevel@tonic-gate ** 13247c478bd9Sstevel@tonic-gate ** Parameters: 13257c478bd9Sstevel@tonic-gate ** lmap -- LDAP map information 13267c478bd9Sstevel@tonic-gate ** 13277c478bd9Sstevel@tonic-gate ** Returns: 13287c478bd9Sstevel@tonic-gate ** None. 13297c478bd9Sstevel@tonic-gate ** 13307c478bd9Sstevel@tonic-gate */ 13317c478bd9Sstevel@tonic-gate 13327c478bd9Sstevel@tonic-gate void 13337c478bd9Sstevel@tonic-gate sm_ldap_close(lmap) 13347c478bd9Sstevel@tonic-gate SM_LDAP_STRUCT *lmap; 13357c478bd9Sstevel@tonic-gate { 13367c478bd9Sstevel@tonic-gate if (lmap->ldap_ld == NULL) 13377c478bd9Sstevel@tonic-gate return; 13387c478bd9Sstevel@tonic-gate 13397c478bd9Sstevel@tonic-gate if (lmap->ldap_pid == getpid()) 13407c478bd9Sstevel@tonic-gate ldap_unbind(lmap->ldap_ld); 13417c478bd9Sstevel@tonic-gate lmap->ldap_ld = NULL; 13427c478bd9Sstevel@tonic-gate lmap->ldap_pid = 0; 13437c478bd9Sstevel@tonic-gate } 13447c478bd9Sstevel@tonic-gate 13457c478bd9Sstevel@tonic-gate /* 13467c478bd9Sstevel@tonic-gate ** SM_LDAP_SETOPTS -- set LDAP options 13477c478bd9Sstevel@tonic-gate ** 13487c478bd9Sstevel@tonic-gate ** Parameters: 13497c478bd9Sstevel@tonic-gate ** ld -- LDAP session handle 13507c478bd9Sstevel@tonic-gate ** lmap -- LDAP map information 13517c478bd9Sstevel@tonic-gate ** 13527c478bd9Sstevel@tonic-gate ** Returns: 13537c478bd9Sstevel@tonic-gate ** None. 13547c478bd9Sstevel@tonic-gate ** 13557c478bd9Sstevel@tonic-gate */ 13567c478bd9Sstevel@tonic-gate 13577c478bd9Sstevel@tonic-gate void 13587c478bd9Sstevel@tonic-gate sm_ldap_setopts(ld, lmap) 13597c478bd9Sstevel@tonic-gate LDAP *ld; 13607c478bd9Sstevel@tonic-gate SM_LDAP_STRUCT *lmap; 13617c478bd9Sstevel@tonic-gate { 13627c478bd9Sstevel@tonic-gate # if USE_LDAP_SET_OPTION 13637c478bd9Sstevel@tonic-gate if (lmap->ldap_version != 0) 13647c478bd9Sstevel@tonic-gate { 13657c478bd9Sstevel@tonic-gate ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, 13667c478bd9Sstevel@tonic-gate &lmap->ldap_version); 13677c478bd9Sstevel@tonic-gate } 13687c478bd9Sstevel@tonic-gate ldap_set_option(ld, LDAP_OPT_DEREF, &lmap->ldap_deref); 13697c478bd9Sstevel@tonic-gate if (bitset(LDAP_OPT_REFERRALS, lmap->ldap_options)) 13707c478bd9Sstevel@tonic-gate ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON); 13717c478bd9Sstevel@tonic-gate else 13727c478bd9Sstevel@tonic-gate ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); 13737c478bd9Sstevel@tonic-gate ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &lmap->ldap_sizelimit); 13747c478bd9Sstevel@tonic-gate ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &lmap->ldap_timelimit); 1375*7800901eSjbeck # if _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) 1376*7800901eSjbeck ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &lmap->ldap_networktmo); 1377*7800901eSjbeck # endif /* _FFR_LDAP_NETWORK_TIMEOUT && defined(LDAP_OPT_NETWORK_TIMEOUT) */ 13787c478bd9Sstevel@tonic-gate # ifdef LDAP_OPT_RESTART 13797c478bd9Sstevel@tonic-gate ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON); 13807c478bd9Sstevel@tonic-gate # endif /* LDAP_OPT_RESTART */ 13817c478bd9Sstevel@tonic-gate # else /* USE_LDAP_SET_OPTION */ 13827c478bd9Sstevel@tonic-gate /* From here on in we can use ldap internal timelimits */ 13837c478bd9Sstevel@tonic-gate ld->ld_deref = lmap->ldap_deref; 13847c478bd9Sstevel@tonic-gate ld->ld_options = lmap->ldap_options; 13857c478bd9Sstevel@tonic-gate ld->ld_sizelimit = lmap->ldap_sizelimit; 13867c478bd9Sstevel@tonic-gate ld->ld_timelimit = lmap->ldap_timelimit; 13877c478bd9Sstevel@tonic-gate # endif /* USE_LDAP_SET_OPTION */ 13887c478bd9Sstevel@tonic-gate } 13897c478bd9Sstevel@tonic-gate 13907c478bd9Sstevel@tonic-gate /* 13917c478bd9Sstevel@tonic-gate ** SM_LDAP_GETERRNO -- get ldap errno value 13927c478bd9Sstevel@tonic-gate ** 13937c478bd9Sstevel@tonic-gate ** Parameters: 13947c478bd9Sstevel@tonic-gate ** ld -- LDAP session handle 13957c478bd9Sstevel@tonic-gate ** 13967c478bd9Sstevel@tonic-gate ** Returns: 13977c478bd9Sstevel@tonic-gate ** LDAP errno. 13987c478bd9Sstevel@tonic-gate ** 13997c478bd9Sstevel@tonic-gate */ 14007c478bd9Sstevel@tonic-gate 14017c478bd9Sstevel@tonic-gate int 14027c478bd9Sstevel@tonic-gate sm_ldap_geterrno(ld) 14037c478bd9Sstevel@tonic-gate LDAP *ld; 14047c478bd9Sstevel@tonic-gate { 14057c478bd9Sstevel@tonic-gate int err = LDAP_SUCCESS; 14067c478bd9Sstevel@tonic-gate 14077c478bd9Sstevel@tonic-gate # if defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 14087c478bd9Sstevel@tonic-gate (void) ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &err); 14097c478bd9Sstevel@tonic-gate # else /* defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 */ 14107c478bd9Sstevel@tonic-gate # ifdef LDAP_OPT_SIZELIMIT 14117c478bd9Sstevel@tonic-gate err = ldap_get_lderrno(ld, NULL, NULL); 14127c478bd9Sstevel@tonic-gate # else /* LDAP_OPT_SIZELIMIT */ 14137c478bd9Sstevel@tonic-gate err = ld->ld_errno; 14147c478bd9Sstevel@tonic-gate 14157c478bd9Sstevel@tonic-gate /* 14167c478bd9Sstevel@tonic-gate ** Reset value to prevent lingering LDAP_DECODING_ERROR due to 14177c478bd9Sstevel@tonic-gate ** OpenLDAP 1.X's hack (see above) 14187c478bd9Sstevel@tonic-gate */ 14197c478bd9Sstevel@tonic-gate 14207c478bd9Sstevel@tonic-gate ld->ld_errno = LDAP_SUCCESS; 14217c478bd9Sstevel@tonic-gate # endif /* LDAP_OPT_SIZELIMIT */ 14227c478bd9Sstevel@tonic-gate # endif /* defined(LDAP_VERSION_MAX) && LDAP_VERSION_MAX >= 3 */ 14237c478bd9Sstevel@tonic-gate return err; 14247c478bd9Sstevel@tonic-gate } 14257c478bd9Sstevel@tonic-gate # endif /* LDAPMAP */ 1426