17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5004388ebScasper * Common Development and Distribution License (the "License"). 6004388ebScasper * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22dd1104fbSMichen Chang * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate /* libsldap - cachemgr side configuration components */ 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #include <stdio.h> 297c478bd9Sstevel@tonic-gate #include <sys/types.h> 307c478bd9Sstevel@tonic-gate #include <stdlib.h> 317c478bd9Sstevel@tonic-gate #include <libintl.h> 327c478bd9Sstevel@tonic-gate #include <string.h> 337c478bd9Sstevel@tonic-gate #include <ctype.h> 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gate #include <sys/stat.h> 367c478bd9Sstevel@tonic-gate #include <fcntl.h> 377c478bd9Sstevel@tonic-gate #include <unistd.h> 387c478bd9Sstevel@tonic-gate #include <syslog.h> 397c478bd9Sstevel@tonic-gate #include <locale.h> 407c478bd9Sstevel@tonic-gate #include <errno.h> 417c478bd9Sstevel@tonic-gate #include <sys/time.h> 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate #include "ns_sldap.h" 447c478bd9Sstevel@tonic-gate #include "ns_internal.h" 457c478bd9Sstevel@tonic-gate #include "ns_cache_door.h" 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate #define ALWAYS 1 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate 507c478bd9Sstevel@tonic-gate /* 517c478bd9Sstevel@tonic-gate * ************************************************************** 527c478bd9Sstevel@tonic-gate * Configuration File Routines 537c478bd9Sstevel@tonic-gate * ************************************************************** 547c478bd9Sstevel@tonic-gate */ 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate /* Size of the errstr buffer needs to be MAXERROR */ 587c478bd9Sstevel@tonic-gate static int 597c478bd9Sstevel@tonic-gate read_line(FILE *fp, char *buffer, int buflen, char *errstr) 607c478bd9Sstevel@tonic-gate { 617c478bd9Sstevel@tonic-gate int linelen; 627c478bd9Sstevel@tonic-gate char c; 637c478bd9Sstevel@tonic-gate 647c478bd9Sstevel@tonic-gate *errstr = '\0'; 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate for (linelen = 0; linelen < buflen; ) { 677c478bd9Sstevel@tonic-gate c = getc(fp); 687c478bd9Sstevel@tonic-gate if (c == EOF) 697c478bd9Sstevel@tonic-gate break; 707c478bd9Sstevel@tonic-gate switch (c) { 717c478bd9Sstevel@tonic-gate case '\n': 727c478bd9Sstevel@tonic-gate if (linelen > 0 && buffer[linelen - 1] == '\\') { 737c478bd9Sstevel@tonic-gate /* Continuation line found */ 747c478bd9Sstevel@tonic-gate --linelen; 757c478bd9Sstevel@tonic-gate } else { 767c478bd9Sstevel@tonic-gate /* end of line found */ 777c478bd9Sstevel@tonic-gate buffer[linelen] = '\0'; 787c478bd9Sstevel@tonic-gate return (linelen); 797c478bd9Sstevel@tonic-gate } 807c478bd9Sstevel@tonic-gate break; 817c478bd9Sstevel@tonic-gate default: 827c478bd9Sstevel@tonic-gate buffer[linelen++] = c; 837c478bd9Sstevel@tonic-gate } 847c478bd9Sstevel@tonic-gate } 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate if (linelen >= buflen) { 877c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 887c478bd9Sstevel@tonic-gate gettext("Buffer overflow, line too long.")); 897c478bd9Sstevel@tonic-gate return (-2); 907c478bd9Sstevel@tonic-gate } else if (linelen > 0 && buffer[linelen - 1] == '\\') { 917c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 927c478bd9Sstevel@tonic-gate gettext("Unterminated continuation line.")); 937c478bd9Sstevel@tonic-gate return (-2); 947c478bd9Sstevel@tonic-gate } else { 957c478bd9Sstevel@tonic-gate /* end of file */ 967c478bd9Sstevel@tonic-gate buffer[linelen] = '\0'; 977c478bd9Sstevel@tonic-gate } 987c478bd9Sstevel@tonic-gate return (linelen > 0 ? linelen : -1); 997c478bd9Sstevel@tonic-gate } 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate static ns_parse_status 1037c478bd9Sstevel@tonic-gate read_file(ns_config_t *ptr, int cred_file, ns_ldap_error_t **error) 1047c478bd9Sstevel@tonic-gate { 1057c478bd9Sstevel@tonic-gate ParamIndexType i = 0; 1067c478bd9Sstevel@tonic-gate char errstr[MAXERROR]; 1077c478bd9Sstevel@tonic-gate char buffer[BUFSIZE], *name, *value; 1087c478bd9Sstevel@tonic-gate int emptyfile, lineno; 1097c478bd9Sstevel@tonic-gate FILE *fp; 1107c478bd9Sstevel@tonic-gate int ret; 1117c478bd9Sstevel@tonic-gate int linelen; 1127c478bd9Sstevel@tonic-gate char *file; 1137c478bd9Sstevel@tonic-gate int first = 1; 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate 1167c478bd9Sstevel@tonic-gate if (cred_file) { 1177c478bd9Sstevel@tonic-gate file = NSCREDFILE; 1187c478bd9Sstevel@tonic-gate } else { 1197c478bd9Sstevel@tonic-gate file = NSCONFIGFILE; 1207c478bd9Sstevel@tonic-gate } 121004388ebScasper fp = fopen(file, "rF"); 1227c478bd9Sstevel@tonic-gate if (fp == NULL) { 1237c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1247c478bd9Sstevel@tonic-gate gettext("Unable to open filename '%s' " 1257c478bd9Sstevel@tonic-gate "for reading (errno=%d)."), file, errno); 1267c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_FILE, strdup(errstr), NULL); 1277c478bd9Sstevel@tonic-gate return (NS_NOTFOUND); 1287c478bd9Sstevel@tonic-gate } 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate emptyfile = 1; 1317c478bd9Sstevel@tonic-gate lineno = 0; 1327c478bd9Sstevel@tonic-gate for (; ; ) { 1337c478bd9Sstevel@tonic-gate if ((linelen = read_line(fp, buffer, sizeof (buffer), 1347c478bd9Sstevel@tonic-gate errstr)) < 0) 1357c478bd9Sstevel@tonic-gate /* End of file */ 1367c478bd9Sstevel@tonic-gate break; 1377c478bd9Sstevel@tonic-gate lineno++; 1387c478bd9Sstevel@tonic-gate if (linelen == 0) 1397c478bd9Sstevel@tonic-gate continue; 1407c478bd9Sstevel@tonic-gate /* get rid of comment lines */ 1417c478bd9Sstevel@tonic-gate if (buffer[0] == '#') 1427c478bd9Sstevel@tonic-gate continue; 1437c478bd9Sstevel@tonic-gate emptyfile = 0; 1447c478bd9Sstevel@tonic-gate name = NULL; 1457c478bd9Sstevel@tonic-gate value = NULL; 1467c478bd9Sstevel@tonic-gate __s_api_split_key_value(buffer, &name, &value); 1477c478bd9Sstevel@tonic-gate if (name == NULL || value == NULL) { 1487c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1497c478bd9Sstevel@tonic-gate gettext("Missing Name or Value on line %d."), 1507c478bd9Sstevel@tonic-gate lineno); 1517c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1527c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 1537c478bd9Sstevel@tonic-gate (void) fclose(fp); 1547c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 1557c478bd9Sstevel@tonic-gate } 1567c478bd9Sstevel@tonic-gate if (__s_api_get_versiontype(ptr, name, &i) != 0) { 1577c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1587c478bd9Sstevel@tonic-gate gettext("Illegal profile type on line %d."), 1597c478bd9Sstevel@tonic-gate lineno); 1607c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1617c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 1627c478bd9Sstevel@tonic-gate (void) fclose(fp); 1637c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 1647c478bd9Sstevel@tonic-gate } 1657c478bd9Sstevel@tonic-gate if (!first && i == NS_LDAP_FILE_VERSION_P) { 1667c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1677c478bd9Sstevel@tonic-gate gettext("Illegal NS_LDAP_FILE_VERSION " 1687c478bd9Sstevel@tonic-gate "on line %d."), lineno); 1697c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1707c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 1717c478bd9Sstevel@tonic-gate (void) fclose(fp); 1727c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 1737c478bd9Sstevel@tonic-gate } 1747c478bd9Sstevel@tonic-gate first = 0; 1757c478bd9Sstevel@tonic-gate switch (__s_api_get_configtype(i)) { 1767c478bd9Sstevel@tonic-gate case SERVERCONFIG: 1777c478bd9Sstevel@tonic-gate case CLIENTCONFIG: 1787c478bd9Sstevel@tonic-gate if (cred_file == 0) { 1797c478bd9Sstevel@tonic-gate ret = __ns_ldap_setParamValue(ptr, i, value, 1807c478bd9Sstevel@tonic-gate error); 1817c478bd9Sstevel@tonic-gate if (ret != NS_SUCCESS) { 1827c478bd9Sstevel@tonic-gate (void) fclose(fp); 1837c478bd9Sstevel@tonic-gate return (ret); 1847c478bd9Sstevel@tonic-gate } 1857c478bd9Sstevel@tonic-gate } else if (i != NS_LDAP_FILE_VERSION_P) { 1867c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1877c478bd9Sstevel@tonic-gate gettext("Illegal entry in '%s' on " 1887c478bd9Sstevel@tonic-gate "line %d"), file, lineno); 1897c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1907c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 1917c478bd9Sstevel@tonic-gate (void) fclose(fp); 1927c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 1937c478bd9Sstevel@tonic-gate } 1947c478bd9Sstevel@tonic-gate break; 1957c478bd9Sstevel@tonic-gate case CREDCONFIG: 1967c478bd9Sstevel@tonic-gate if (i == NS_LDAP_FILE_VERSION_P) 1977c478bd9Sstevel@tonic-gate break; 1987c478bd9Sstevel@tonic-gate if (cred_file) { 1997c478bd9Sstevel@tonic-gate ret = __ns_ldap_setParamValue(ptr, i, value, 2007c478bd9Sstevel@tonic-gate error); 2017c478bd9Sstevel@tonic-gate if (ret != NS_SUCCESS) { 2027c478bd9Sstevel@tonic-gate (void) fclose(fp); 2037c478bd9Sstevel@tonic-gate return (ret); 2047c478bd9Sstevel@tonic-gate } 2057c478bd9Sstevel@tonic-gate } else { 2067c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2077c478bd9Sstevel@tonic-gate gettext("Illegal entry in '%s' on " 2087c478bd9Sstevel@tonic-gate "line %d"), file, lineno); 2097c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 2107c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 2117c478bd9Sstevel@tonic-gate (void) fclose(fp); 2127c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 2137c478bd9Sstevel@tonic-gate } 2147c478bd9Sstevel@tonic-gate } 2157c478bd9Sstevel@tonic-gate } 2167c478bd9Sstevel@tonic-gate (void) fclose(fp); 2177c478bd9Sstevel@tonic-gate if (!cred_file && emptyfile) { 2187c478bd9Sstevel@tonic-gate /* Error in read_line */ 2197c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2207c478bd9Sstevel@tonic-gate gettext("Empty config file: '%s'"), file); 2217c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), 2227c478bd9Sstevel@tonic-gate NULL); 2237c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 2247c478bd9Sstevel@tonic-gate } 2257c478bd9Sstevel@tonic-gate if (linelen == -2) { 2267c478bd9Sstevel@tonic-gate /* Error in read_line */ 2277c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2287c478bd9Sstevel@tonic-gate gettext("Line too long in '%s'"), file); 2297c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), 2307c478bd9Sstevel@tonic-gate NULL); 2317c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 2327c478bd9Sstevel@tonic-gate } 2337c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 2347c478bd9Sstevel@tonic-gate } 2357c478bd9Sstevel@tonic-gate 2367c478bd9Sstevel@tonic-gate 237e1dd0a2fSth160488 static 238e1dd0a2fSth160488 ns_ldap_return_code 239e1dd0a2fSth160488 set_attr(ns_config_t *config_struct, 240e1dd0a2fSth160488 char *attr_name, 241e1dd0a2fSth160488 char *attr_val, 242e1dd0a2fSth160488 ns_ldap_error_t **errorp) 243e1dd0a2fSth160488 { 244e1dd0a2fSth160488 ParamIndexType idx; 245e1dd0a2fSth160488 char errmsg[MAXERROR]; 246e1dd0a2fSth160488 247e1dd0a2fSth160488 if (errorp == NULL) { 248e1dd0a2fSth160488 return (NS_LDAP_INVALID_PARAM); 249e1dd0a2fSth160488 } 250e1dd0a2fSth160488 251e1dd0a2fSth160488 *errorp = NULL; 252e1dd0a2fSth160488 253e1dd0a2fSth160488 /* 254e1dd0a2fSth160488 * This double call is made due to the presence of 255e1dd0a2fSth160488 * two sets of LDAP config. attribute names. 256e1dd0a2fSth160488 * An LDAP configuration can be obtained either from a server 257e1dd0a2fSth160488 * or from SMF. The former sends a DUA with attributes' names 258e1dd0a2fSth160488 * styled like "preferredServerList". But local configurations 259e1dd0a2fSth160488 * will have names inherited from the /var/ldap/ldap* files such as 260e1dd0a2fSth160488 * "NS_LDAP_SERVER_PREF". 261e1dd0a2fSth160488 * So, the standalone bits are able to process both sets of 262e1dd0a2fSth160488 * attributes' names. 263e1dd0a2fSth160488 */ 264e1dd0a2fSth160488 if (__s_api_get_profiletype(attr_name, &idx) < 0 && 265e1dd0a2fSth160488 __s_api_get_versiontype(config_struct, attr_name, &idx) < 0) { 266e1dd0a2fSth160488 (void) snprintf(errmsg, sizeof (errmsg), 267e1dd0a2fSth160488 gettext("Illegal DUAProfile property: <%s>."), attr_name); 268e1dd0a2fSth160488 MKERROR(LOG_ERR, *errorp, NS_LDAP_CONFIG, strdup(errmsg), NULL); 269e1dd0a2fSth160488 return (NS_LDAP_CONFIG); 270e1dd0a2fSth160488 } 271e1dd0a2fSth160488 272e1dd0a2fSth160488 return (__ns_ldap_setParamValue(config_struct, idx, attr_val, errorp)); 273e1dd0a2fSth160488 } 274e1dd0a2fSth160488 275e1dd0a2fSth160488 276e1dd0a2fSth160488 /* 277e1dd0a2fSth160488 * This function creates a configuration which will be used 278e1dd0a2fSth160488 * for all LDAP requests in the Standalone mode. 279e1dd0a2fSth160488 * 280e1dd0a2fSth160488 * INPUT: 281e1dd0a2fSth160488 * config - a buffer returned by __ns_ldap_getConnectionInfo()'s 282e1dd0a2fSth160488 * dua_profile parameter. 283e1dd0a2fSth160488 * 284e1dd0a2fSth160488 */ 285e1dd0a2fSth160488 ns_config_t * 286e1dd0a2fSth160488 __s_api_create_config_door_str(char *config, ns_ldap_error_t **errorp) 287e1dd0a2fSth160488 { 288e1dd0a2fSth160488 char *attr, *attrName, *attrVal, *rest; 289e1dd0a2fSth160488 ns_config_t *configStruct = NULL; 290e1dd0a2fSth160488 char errmsg[MAXERROR]; 291e1dd0a2fSth160488 292e1dd0a2fSth160488 if (config == NULL || errorp == NULL) 293e1dd0a2fSth160488 return (NULL); 294e1dd0a2fSth160488 295e1dd0a2fSth160488 if ((configStruct = __s_api_create_config()) == NULL) { 296e1dd0a2fSth160488 return (NULL); 297e1dd0a2fSth160488 } 298e1dd0a2fSth160488 299e1dd0a2fSth160488 *errorp = NULL; 300e1dd0a2fSth160488 301e1dd0a2fSth160488 attr = strtok_r(config, DOORLINESEP, &rest); 302e1dd0a2fSth160488 if (!attr) { 303e1dd0a2fSth160488 __s_api_destroy_config(configStruct); 304e1dd0a2fSth160488 (void) snprintf(errmsg, sizeof (errmsg), 305e1dd0a2fSth160488 gettext("DUAProfile received from the server" 306e1dd0a2fSth160488 " has bad format")); 307e1dd0a2fSth160488 MKERROR(LOG_ERR, *errorp, NS_LDAP_CONFIG, strdup(errmsg), NULL); 308e1dd0a2fSth160488 return (NULL); 309e1dd0a2fSth160488 } 310e1dd0a2fSth160488 311e1dd0a2fSth160488 do { 312e1dd0a2fSth160488 __s_api_split_key_value(attr, &attrName, &attrVal); 313e1dd0a2fSth160488 314e1dd0a2fSth160488 if (attrName == NULL || attrVal == NULL) { 315e1dd0a2fSth160488 __s_api_destroy_config(configStruct); 316e1dd0a2fSth160488 (void) snprintf(errmsg, sizeof (errmsg), 317e1dd0a2fSth160488 gettext("Attribute %s is not valid"), attr); 318e1dd0a2fSth160488 MKERROR(LOG_ERR, *errorp, NS_LDAP_CONFIG, 319e1dd0a2fSth160488 strdup(errmsg), NULL); 320e1dd0a2fSth160488 return (NULL); 321e1dd0a2fSth160488 } 322e1dd0a2fSth160488 323e1dd0a2fSth160488 /* Get the version of the profile. */ 324e1dd0a2fSth160488 if (strcasecmp(attrName, "objectclass") == 0) { 325e1dd0a2fSth160488 if (strcasecmp(attrVal, _PROFILE2_OBJECTCLASS) == 0) { 326e1dd0a2fSth160488 if (__ns_ldap_setParamValue(configStruct, 327e1dd0a2fSth160488 NS_LDAP_FILE_VERSION_P, 328e1dd0a2fSth160488 NS_LDAP_VERSION_2, 329e1dd0a2fSth160488 errorp) != NS_LDAP_SUCCESS) { 330e1dd0a2fSth160488 __s_api_destroy_config(configStruct); 331e1dd0a2fSth160488 return (NULL); 332e1dd0a2fSth160488 } 333dd1104fbSMichen Chang } else if (strcasecmp(attrVal, 334dd1104fbSMichen Chang _PROFILE1_OBJECTCLASS) == 0) { 335dd1104fbSMichen Chang if (__ns_ldap_setParamValue(configStruct, 336dd1104fbSMichen Chang NS_LDAP_FILE_VERSION_P, 337dd1104fbSMichen Chang NS_LDAP_VERSION_1, 338dd1104fbSMichen Chang errorp) != NS_LDAP_SUCCESS) { 339dd1104fbSMichen Chang __s_api_destroy_config(configStruct); 340dd1104fbSMichen Chang return (NULL); 341dd1104fbSMichen Chang } 342e1dd0a2fSth160488 } 343e1dd0a2fSth160488 continue; 344e1dd0a2fSth160488 } 345e1dd0a2fSth160488 346e1dd0a2fSth160488 if (set_attr(configStruct, attrName, attrVal, errorp) != 347e1dd0a2fSth160488 NS_LDAP_SUCCESS) { 348e1dd0a2fSth160488 __s_api_destroy_config(configStruct); 349e1dd0a2fSth160488 return (NULL); 350e1dd0a2fSth160488 } 351e1dd0a2fSth160488 } while (attr = strtok_r(NULL, DOORLINESEP, &rest)); 352e1dd0a2fSth160488 353e1dd0a2fSth160488 if (__s_api_crosscheck(configStruct, errmsg, B_FALSE) != NS_SUCCESS) { 354e1dd0a2fSth160488 MKERROR(LOG_ERR, *errorp, NS_LDAP_CONFIG, strdup(errmsg), NULL); 355e1dd0a2fSth160488 __s_api_destroy_config(configStruct); 356e1dd0a2fSth160488 return (NULL); 357e1dd0a2fSth160488 } 358e1dd0a2fSth160488 359e1dd0a2fSth160488 return (configStruct); 360e1dd0a2fSth160488 } 361e1dd0a2fSth160488 362e1dd0a2fSth160488 3637c478bd9Sstevel@tonic-gate /* 3647c478bd9Sstevel@tonic-gate * Cache Manager side of configuration file loading 3657c478bd9Sstevel@tonic-gate */ 3667c478bd9Sstevel@tonic-gate 3677c478bd9Sstevel@tonic-gate ns_ldap_error_t * 3687c478bd9Sstevel@tonic-gate __ns_ldap_LoadConfiguration() 3697c478bd9Sstevel@tonic-gate { 3707c478bd9Sstevel@tonic-gate ns_ldap_error_t *error = NULL; 3717c478bd9Sstevel@tonic-gate ns_config_t *ptr = NULL; 3727c478bd9Sstevel@tonic-gate char errstr[MAXERROR]; 3737c478bd9Sstevel@tonic-gate ns_parse_status ret; 3747c478bd9Sstevel@tonic-gate 3757c478bd9Sstevel@tonic-gate 3767c478bd9Sstevel@tonic-gate ptr = __s_api_create_config(); 3777c478bd9Sstevel@tonic-gate if (ptr == NULL) { 3787c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 37982c6b8c6Smj162486 gettext("__ns_ldap_LoadConfiguration: Out of memory.")); 3807c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, error, NS_CONFIG_NOTLOADED, 3817c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 3827c478bd9Sstevel@tonic-gate return (error); 3837c478bd9Sstevel@tonic-gate } 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gate /* Load in Configuration file */ 3867c478bd9Sstevel@tonic-gate ret = read_file(ptr, 0, &error); 3877c478bd9Sstevel@tonic-gate if (ret != NS_SUCCESS) { 3887c478bd9Sstevel@tonic-gate __s_api_destroy_config(ptr); 3897c478bd9Sstevel@tonic-gate return (error); 3907c478bd9Sstevel@tonic-gate } 3917c478bd9Sstevel@tonic-gate 3927c478bd9Sstevel@tonic-gate /* Load in Credential file */ 3937c478bd9Sstevel@tonic-gate ret = read_file(ptr, 1, &error); 3947c478bd9Sstevel@tonic-gate if (ret != NS_SUCCESS) { 3957c478bd9Sstevel@tonic-gate __s_api_destroy_config(ptr); 3967c478bd9Sstevel@tonic-gate return (error); 3977c478bd9Sstevel@tonic-gate } 3987c478bd9Sstevel@tonic-gate 3997c478bd9Sstevel@tonic-gate if (__s_api_crosscheck(ptr, errstr, B_TRUE) != NS_SUCCESS) { 4007c478bd9Sstevel@tonic-gate __s_api_destroy_config(ptr); 4017c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, error, NS_CONFIG_SYNTAX, strdup(errstr), NULL); 4027c478bd9Sstevel@tonic-gate return (error); 4037c478bd9Sstevel@tonic-gate } 4047c478bd9Sstevel@tonic-gate 4057c478bd9Sstevel@tonic-gate __s_api_init_config(ptr); 4067c478bd9Sstevel@tonic-gate return (NULL); 4077c478bd9Sstevel@tonic-gate } 4087c478bd9Sstevel@tonic-gate 4097c478bd9Sstevel@tonic-gate 410*434c5a06SMilan Jurik int 411*434c5a06SMilan Jurik __print2buf(LineBuf *line, const char *toprint, char *sep) 4127c478bd9Sstevel@tonic-gate { 4137c478bd9Sstevel@tonic-gate int newsz = 0; 4147c478bd9Sstevel@tonic-gate int newmax = 0; 4157c478bd9Sstevel@tonic-gate char *str; 4167c478bd9Sstevel@tonic-gate 4177c478bd9Sstevel@tonic-gate if (line == NULL) 4187c478bd9Sstevel@tonic-gate return (-1); 4197c478bd9Sstevel@tonic-gate 4207c478bd9Sstevel@tonic-gate newsz = strlen(toprint) + line->len + 1; 421*434c5a06SMilan Jurik if (sep != NULL) { 422*434c5a06SMilan Jurik newsz += strlen(sep); 4237c478bd9Sstevel@tonic-gate } 4247c478bd9Sstevel@tonic-gate if (line->alloc == 0 || newsz > line->alloc) { 4257c478bd9Sstevel@tonic-gate /* Round up to next buffer and add 1 */ 4267c478bd9Sstevel@tonic-gate newmax = (((newsz+(BUFSIZ-1))/BUFSIZ)+1) * BUFSIZ; 4277c478bd9Sstevel@tonic-gate if (line->alloc == 0) 4287c478bd9Sstevel@tonic-gate line->str = (char *)calloc(newmax, 1); 4297c478bd9Sstevel@tonic-gate else { 4307c478bd9Sstevel@tonic-gate /* 4317c478bd9Sstevel@tonic-gate * if realloc() returns NULL, 4327c478bd9Sstevel@tonic-gate * the original buffer is untouched. 4337c478bd9Sstevel@tonic-gate * It needs to be freed. 4347c478bd9Sstevel@tonic-gate */ 4357c478bd9Sstevel@tonic-gate str = (char *)realloc(line->str, newmax); 4367c478bd9Sstevel@tonic-gate if (str == NULL) { 4377c478bd9Sstevel@tonic-gate free(line->str); 4387c478bd9Sstevel@tonic-gate line->str = NULL; 4397c478bd9Sstevel@tonic-gate } 4407c478bd9Sstevel@tonic-gate else 4417c478bd9Sstevel@tonic-gate line->str = str; 4427c478bd9Sstevel@tonic-gate } 4437c478bd9Sstevel@tonic-gate line->alloc = newmax; 4447c478bd9Sstevel@tonic-gate if (line->str == NULL) { 4457c478bd9Sstevel@tonic-gate line->alloc = 0; 4467c478bd9Sstevel@tonic-gate line->len = 0; 4477c478bd9Sstevel@tonic-gate return (-1); 4487c478bd9Sstevel@tonic-gate } 4497c478bd9Sstevel@tonic-gate } 4507c478bd9Sstevel@tonic-gate /* now add new 'toprint' data to buffer */ 4517c478bd9Sstevel@tonic-gate (void) strlcat(line->str, toprint, line->alloc); 452*434c5a06SMilan Jurik if (sep != NULL) { 453*434c5a06SMilan Jurik (void) strlcat(line->str, sep, line->alloc); 4547c478bd9Sstevel@tonic-gate } 4557c478bd9Sstevel@tonic-gate line->len = newsz; 4567c478bd9Sstevel@tonic-gate return (0); 4577c478bd9Sstevel@tonic-gate } 4587c478bd9Sstevel@tonic-gate 4597c478bd9Sstevel@tonic-gate 4607c478bd9Sstevel@tonic-gate /* 4617c478bd9Sstevel@tonic-gate * __ns_ldap_LoadDoorInfo is a routine used by the ldapcachemgr 4627c478bd9Sstevel@tonic-gate * to create a configuration buffer to transmit back to a client 4637c478bd9Sstevel@tonic-gate * domainname is transmitted to ldapcachemgr and ldapcachemgr uses 4647c478bd9Sstevel@tonic-gate * it to select a configuration to transmit back. Otherwise it 4657c478bd9Sstevel@tonic-gate * is essentially unused in sldap. 466b57459abSJulian Pullen * If cred_only is not 0, then only the credentials for shadow 467b57459abSJulian Pullen * update are taken care of. 4687c478bd9Sstevel@tonic-gate */ 4697c478bd9Sstevel@tonic-gate 4707c478bd9Sstevel@tonic-gate ns_ldap_error_t * 471b57459abSJulian Pullen __ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname, 472b57459abSJulian Pullen ns_config_t *new, int cred_only) 4737c478bd9Sstevel@tonic-gate { 4747c478bd9Sstevel@tonic-gate ns_config_t *ptr; 4757c478bd9Sstevel@tonic-gate char errstr[MAXERROR]; 4767c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 4777c478bd9Sstevel@tonic-gate char *str; 4787c478bd9Sstevel@tonic-gate ParamIndexType i = 0; 479e1dd0a2fSth160488 int len; 480e1dd0a2fSth160488 ldap_config_out_t *cout; 4817c478bd9Sstevel@tonic-gate 482e1dd0a2fSth160488 /* 483e1dd0a2fSth160488 * If new is NULL, it outputs the flatten data of current default 484e1dd0a2fSth160488 * config, if it's non-NULL, it outputs the flatten data of a temporary 485e1dd0a2fSth160488 * config. It's used to compare the new config data with the current 486e1dd0a2fSth160488 * default config data. 487e1dd0a2fSth160488 */ 488e1dd0a2fSth160488 if (new == NULL) 4897c478bd9Sstevel@tonic-gate ptr = __s_api_get_default_config(); 490e1dd0a2fSth160488 else 491e1dd0a2fSth160488 ptr = new; 4927c478bd9Sstevel@tonic-gate if (ptr == NULL) { 4937c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 4947c478bd9Sstevel@tonic-gate gettext("No configuration information available for %s."), 4957c478bd9Sstevel@tonic-gate domainname == NULL ? "<no domain specified>" : domainname); 4967c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, errorp, NS_CONFIG_NOTLOADED, 4977c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 4987c478bd9Sstevel@tonic-gate return (errorp); 4997c478bd9Sstevel@tonic-gate } 5007c478bd9Sstevel@tonic-gate (void) memset((char *)configinfo, 0, sizeof (LineBuf)); 5017c478bd9Sstevel@tonic-gate for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) { 502b57459abSJulian Pullen if (cred_only) { 503b57459abSJulian Pullen /* only exposed credential for shadow update */ 504b57459abSJulian Pullen if (i != NS_LDAP_ADMIN_BINDDN_P && 505b57459abSJulian Pullen i != NS_LDAP_ADMIN_BINDPASSWD_P) 506b57459abSJulian Pullen continue; 507b57459abSJulian Pullen } else { 508b57459abSJulian Pullen /* credential for shadow update is not to be exposed */ 509dd1104fbSMichen Chang if (i == NS_LDAP_ADMIN_BINDDN_P || 510dd1104fbSMichen Chang i == NS_LDAP_ADMIN_BINDPASSWD_P) 511dd1104fbSMichen Chang continue; 512b57459abSJulian Pullen } 513*434c5a06SMilan Jurik str = __s_api_strValue(ptr, i, NS_DOOR_FMT); 5147c478bd9Sstevel@tonic-gate if (str == NULL) 5157c478bd9Sstevel@tonic-gate continue; 516*434c5a06SMilan Jurik if (__print2buf(configinfo, str, DOORLINESEP)) { 5177c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 518*434c5a06SMilan Jurik gettext("__print2buf: Out of memory.")); 5197c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, errorp, NS_CONFIG_NOTLOADED, 5207c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 5217c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 5227c478bd9Sstevel@tonic-gate free(str); 5237c478bd9Sstevel@tonic-gate return (errorp); 5247c478bd9Sstevel@tonic-gate } 5257c478bd9Sstevel@tonic-gate free(str); 5267c478bd9Sstevel@tonic-gate } 527e1dd0a2fSth160488 if (new == NULL) 5287c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 529e1dd0a2fSth160488 530e1dd0a2fSth160488 /* 531e1dd0a2fSth160488 * The new interface of the configuration between ldap_cachemgr 532e1dd0a2fSth160488 * & libsldap contains a header structure ldap_config_out_t. 533e1dd0a2fSth160488 * The flatten configuration data configinfo->str is cloned 534e1dd0a2fSth160488 * to cout->config_str, configinfo->len is saved in 535e1dd0a2fSth160488 * cout->data_size and cout->cookie is set later after this function 536e1dd0a2fSth160488 * is returned in ldap_cachemgr. 537e1dd0a2fSth160488 * configinfo->str & configinfo->len are reused to save info of 538e1dd0a2fSth160488 * header + data. 539e1dd0a2fSth160488 * The format: 540e1dd0a2fSth160488 * [cookie|data_size|config_str .............] 541e1dd0a2fSth160488 */ 542e1dd0a2fSth160488 543e1dd0a2fSth160488 if (configinfo->str) { 544e1dd0a2fSth160488 len = sizeof (ldap_config_out_t) - sizeof (int) + 545e1dd0a2fSth160488 configinfo->len; 546e1dd0a2fSth160488 if ((cout = calloc(1, len)) == NULL) { 547e1dd0a2fSth160488 free(configinfo->str); 548e1dd0a2fSth160488 configinfo->str = NULL; 549e1dd0a2fSth160488 configinfo->len = 0; 550e1dd0a2fSth160488 (void) snprintf(errstr, sizeof (errstr), 551e1dd0a2fSth160488 gettext("calloc: Out of memory.")); 552e1dd0a2fSth160488 MKERROR(LOG_WARNING, errorp, NS_CONFIG_NOTLOADED, 553e1dd0a2fSth160488 strdup(errstr), NULL); 554e1dd0a2fSth160488 return (errorp); 555e1dd0a2fSth160488 } 556e1dd0a2fSth160488 /* 557e1dd0a2fSth160488 * cout->cookie is set by the caller, 558e1dd0a2fSth160488 * which is in ldap_cachemgr. 559e1dd0a2fSth160488 */ 560e1dd0a2fSth160488 cout->data_size = configinfo->len; 561e1dd0a2fSth160488 (void) memcpy(cout->config_str, configinfo->str, 562e1dd0a2fSth160488 configinfo->len); 563e1dd0a2fSth160488 free(configinfo->str); 564e1dd0a2fSth160488 configinfo->str = (char *)cout; 565e1dd0a2fSth160488 configinfo->len = len; 566e1dd0a2fSth160488 } 5677c478bd9Sstevel@tonic-gate return (NULL); 5687c478bd9Sstevel@tonic-gate } 5697c478bd9Sstevel@tonic-gate 5707c478bd9Sstevel@tonic-gate 5717c478bd9Sstevel@tonic-gate ns_ldap_error_t * 5727c478bd9Sstevel@tonic-gate __ns_ldap_DumpLdif(char *filename) 5737c478bd9Sstevel@tonic-gate { 5747c478bd9Sstevel@tonic-gate ns_config_t *ptr; 5757c478bd9Sstevel@tonic-gate char errstr[MAXERROR]; 5767c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 5777c478bd9Sstevel@tonic-gate char *str; 5787c478bd9Sstevel@tonic-gate FILE *fp; 5797c478bd9Sstevel@tonic-gate ParamIndexType i = 0; 5807c478bd9Sstevel@tonic-gate char *profile, *container, *base; 5817c478bd9Sstevel@tonic-gate 5827c478bd9Sstevel@tonic-gate ptr = __s_api_get_default_config(); 5837c478bd9Sstevel@tonic-gate if (ptr == NULL) { 5847c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 5857c478bd9Sstevel@tonic-gate gettext("No configuration information available.")); 5867c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, errorp, NS_CONFIG_NOTLOADED, strdup(errstr), 5877c478bd9Sstevel@tonic-gate NULL); 5887c478bd9Sstevel@tonic-gate return (errorp); 5897c478bd9Sstevel@tonic-gate } 5907c478bd9Sstevel@tonic-gate 5917c478bd9Sstevel@tonic-gate if (filename == NULL) { 5927c478bd9Sstevel@tonic-gate fp = stdout; 5937c478bd9Sstevel@tonic-gate } else { 594004388ebScasper fp = fopen(filename, "wF"); 5957c478bd9Sstevel@tonic-gate if (fp == NULL) { 5967c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 5977c478bd9Sstevel@tonic-gate gettext("Unable to open filename %s for ldif " 5987c478bd9Sstevel@tonic-gate "dump (errno=%d)."), filename, errno); 5997c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, errorp, NS_CONFIG_FILE, 6007c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 6017c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 6027c478bd9Sstevel@tonic-gate return (errorp); 6037c478bd9Sstevel@tonic-gate } 6047c478bd9Sstevel@tonic-gate (void) fchmod(fileno(fp), 0444); 6057c478bd9Sstevel@tonic-gate } 6067c478bd9Sstevel@tonic-gate 6077c478bd9Sstevel@tonic-gate if (ptr->paramList[NS_LDAP_SEARCH_BASEDN_P].ns_ptype != CHARPTR || 6087c478bd9Sstevel@tonic-gate ptr->paramList[NS_LDAP_PROFILE_P].ns_ptype != CHARPTR) { 6097c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 6107c478bd9Sstevel@tonic-gate gettext("Required BaseDN and/or Profile name " 6117c478bd9Sstevel@tonic-gate "ldif fields not present")); 6127c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, errorp, NS_CONFIG_FILE, strdup(errstr), 6137c478bd9Sstevel@tonic-gate NULL); 6147c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 6157c478bd9Sstevel@tonic-gate return (errorp); 6167c478bd9Sstevel@tonic-gate } 6177c478bd9Sstevel@tonic-gate 6187c478bd9Sstevel@tonic-gate profile = ptr->paramList[NS_LDAP_PROFILE_P].ns_pc; 6197c478bd9Sstevel@tonic-gate base = ptr->paramList[NS_LDAP_SEARCH_BASEDN_P].ns_pc; 6207c478bd9Sstevel@tonic-gate container = _PROFILE_CONTAINER; 6217c478bd9Sstevel@tonic-gate 6227c478bd9Sstevel@tonic-gate /* 6237c478bd9Sstevel@tonic-gate * Construct DN, but since this is the profile, there is no need 6247c478bd9Sstevel@tonic-gate * to worry about mapping. The profile itself can not be mapped 6257c478bd9Sstevel@tonic-gate */ 6267c478bd9Sstevel@tonic-gate (void) fprintf(fp, "dn: cn=%s,ou=%s,%s\n", profile, container, base); 6277c478bd9Sstevel@tonic-gate 6287c478bd9Sstevel@tonic-gate /* dump objectclass names */ 6297c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) { 63082c6b8c6Smj162486 (void) fprintf(fp, "ObjectClass: top\nObjectClass: %s\n", 6317c478bd9Sstevel@tonic-gate _PROFILE1_OBJECTCLASS); 6327c478bd9Sstevel@tonic-gate } else { 63382c6b8c6Smj162486 (void) fprintf(fp, "ObjectClass: top\nObjectClass: %s\n", 6347c478bd9Sstevel@tonic-gate _PROFILE2_OBJECTCLASS); 6357c478bd9Sstevel@tonic-gate } 6367c478bd9Sstevel@tonic-gate 6377c478bd9Sstevel@tonic-gate /* For each parameter - construct value */ 6387c478bd9Sstevel@tonic-gate for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) { 639*434c5a06SMilan Jurik str = __s_api_strValue(ptr, i, NS_LDIF_FMT); 6407c478bd9Sstevel@tonic-gate if (str == NULL) 6417c478bd9Sstevel@tonic-gate continue; 6427c478bd9Sstevel@tonic-gate /* 643dd1104fbSMichen Chang * don't dump binddn, bind password, admin binddn, admin 644dd1104fbSMichen Chang * bind password, enableShadowUpdate flag, or cert path 645dd1104fbSMichen Chang * as they are not part of version 2 profiles 6467c478bd9Sstevel@tonic-gate */ 647dd1104fbSMichen Chang if ((i != NS_LDAP_BINDDN_P) && 648dd1104fbSMichen Chang (i != NS_LDAP_BINDPASSWD_P) && 649dd1104fbSMichen Chang (i != NS_LDAP_ADMIN_BINDDN_P) && 650dd1104fbSMichen Chang (i != NS_LDAP_ADMIN_BINDPASSWD_P) && 651dd1104fbSMichen Chang (i != NS_LDAP_ENABLE_SHADOW_UPDATE_P) && 6527c478bd9Sstevel@tonic-gate (i != NS_LDAP_HOST_CERTPATH_P)) 6537c478bd9Sstevel@tonic-gate (void) fprintf(fp, "%s\n", str); 6547c478bd9Sstevel@tonic-gate free(str); 6557c478bd9Sstevel@tonic-gate } 6567c478bd9Sstevel@tonic-gate 6577c478bd9Sstevel@tonic-gate if (filename != NULL) 6587c478bd9Sstevel@tonic-gate (void) fclose(fp); 6597c478bd9Sstevel@tonic-gate 6607c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 6617c478bd9Sstevel@tonic-gate return (NULL); 6627c478bd9Sstevel@tonic-gate } 6637c478bd9Sstevel@tonic-gate 6647c478bd9Sstevel@tonic-gate /* 6657c478bd9Sstevel@tonic-gate * This routine can process the configuration and/or 6667c478bd9Sstevel@tonic-gate * the credential files at the same time. 6677c478bd9Sstevel@tonic-gate * files is char *[3] = { "config", "cred", NULL }; 6687c478bd9Sstevel@tonic-gate */ 6697c478bd9Sstevel@tonic-gate 6707c478bd9Sstevel@tonic-gate static 6717c478bd9Sstevel@tonic-gate ns_ldap_error_t * 6727c478bd9Sstevel@tonic-gate __ns_ldap_DumpConfigFiles(char **files) 6737c478bd9Sstevel@tonic-gate { 6747c478bd9Sstevel@tonic-gate char *filename; 6757c478bd9Sstevel@tonic-gate int fi; 6767c478bd9Sstevel@tonic-gate int docred; 6777c478bd9Sstevel@tonic-gate ns_config_t *ptr; 6787c478bd9Sstevel@tonic-gate char *str; 6797c478bd9Sstevel@tonic-gate char errstr[MAXERROR]; 6807c478bd9Sstevel@tonic-gate ParamIndexType i = 0; 6817c478bd9Sstevel@tonic-gate FILE *fp; 6827c478bd9Sstevel@tonic-gate int rc; 68382c6b8c6Smj162486 ns_ldap_error_t *errorp = NULL; 6847c478bd9Sstevel@tonic-gate struct stat buf; 6857c478bd9Sstevel@tonic-gate int cfgtype; 68682c6b8c6Smj162486 boolean_t file_export_error = B_FALSE; 6877c478bd9Sstevel@tonic-gate 6887c478bd9Sstevel@tonic-gate ptr = __s_api_get_default_config(); 6897c478bd9Sstevel@tonic-gate if (ptr == NULL) { 6907c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 6917c478bd9Sstevel@tonic-gate gettext("No configuration information available.")); 6927c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, errorp, NS_CONFIG_NOTLOADED, strdup(errstr), 6937c478bd9Sstevel@tonic-gate NULL); 6947c478bd9Sstevel@tonic-gate return (errorp); 6957c478bd9Sstevel@tonic-gate } 6967c478bd9Sstevel@tonic-gate 6977c478bd9Sstevel@tonic-gate for (fi = 0; fi < 2; fi++) { 6987c478bd9Sstevel@tonic-gate docred = 0; 6997c478bd9Sstevel@tonic-gate filename = files[fi]; 7007c478bd9Sstevel@tonic-gate if (filename == NULL) 7017c478bd9Sstevel@tonic-gate continue; 7027c478bd9Sstevel@tonic-gate if (fi == 1) 7037c478bd9Sstevel@tonic-gate docred++; 7047c478bd9Sstevel@tonic-gate rc = stat(filename, &buf); 705004388ebScasper fp = fopen(filename, "wF"); 7067c478bd9Sstevel@tonic-gate if (fp == NULL) { 7077c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 7087c478bd9Sstevel@tonic-gate gettext("Unable to open filename %s" 70982c6b8c6Smj162486 " for configuration dump (%s)."), 71082c6b8c6Smj162486 filename, strerror(errno)); 71182c6b8c6Smj162486 MKERROR(LOG_ERR, errorp, NS_CONFIG_FILE, 7127c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 7137c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 7147c478bd9Sstevel@tonic-gate return (errorp); 7157c478bd9Sstevel@tonic-gate } 71682c6b8c6Smj162486 if (rc == 0) { 71782c6b8c6Smj162486 if (fchmod(fileno(fp), buf.st_mode) != 0) { 71882c6b8c6Smj162486 (void) snprintf(errstr, sizeof (errstr), 71982c6b8c6Smj162486 gettext("Unable to set permissions for file" 72082c6b8c6Smj162486 " %s for configuration dump (%s)."), 72182c6b8c6Smj162486 filename, strerror(errno)); 72282c6b8c6Smj162486 (void) fclose(fp); 72382c6b8c6Smj162486 file_export_error = B_TRUE; 72482c6b8c6Smj162486 break; 72582c6b8c6Smj162486 } 72682c6b8c6Smj162486 } else { 72782c6b8c6Smj162486 if (fchmod(fileno(fp), 0400) != 0) { 72882c6b8c6Smj162486 (void) snprintf(errstr, sizeof (errstr), 72982c6b8c6Smj162486 gettext("Unable to set permissions for file" 73082c6b8c6Smj162486 " %s for configuration dump (%s)."), 73182c6b8c6Smj162486 filename, strerror(errno)); 73282c6b8c6Smj162486 (void) fclose(fp); 73382c6b8c6Smj162486 file_export_error = B_TRUE; 73482c6b8c6Smj162486 break; 73582c6b8c6Smj162486 } 73682c6b8c6Smj162486 } 73782c6b8c6Smj162486 if (fprintf(fp, "#\n# %s\n#\n", DONOTEDIT) < 0) { 73882c6b8c6Smj162486 (void) snprintf(errstr, sizeof (errstr), gettext( 73982c6b8c6Smj162486 "Writing to file %s for configuration dump failed " 74082c6b8c6Smj162486 "(%s)."), filename, strerror(errno)); 74182c6b8c6Smj162486 file_export_error = B_TRUE; 74282c6b8c6Smj162486 } 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate /* assume VERSION is set and it outputs first */ 7457c478bd9Sstevel@tonic-gate 7467c478bd9Sstevel@tonic-gate /* For each parameter - construct value */ 74782c6b8c6Smj162486 for (i = 0; !file_export_error && (i <= NS_LDAP_MAX_PIT_P); 74882c6b8c6Smj162486 i++) { 7497c478bd9Sstevel@tonic-gate cfgtype = __s_api_get_configtype(i); 7507c478bd9Sstevel@tonic-gate if ((docred == 0 && cfgtype == CREDCONFIG) || 7517c478bd9Sstevel@tonic-gate (docred == 1 && cfgtype != CREDCONFIG)) 7527c478bd9Sstevel@tonic-gate continue; 7537c478bd9Sstevel@tonic-gate 754*434c5a06SMilan Jurik str = __s_api_strValue(ptr, i, NS_FILE_FMT); 7557c478bd9Sstevel@tonic-gate if (str == NULL) 7567c478bd9Sstevel@tonic-gate continue; 75782c6b8c6Smj162486 if (fprintf(fp, "%s\n", str) < 0) { 75882c6b8c6Smj162486 (void) snprintf(errstr, sizeof (errstr), 75982c6b8c6Smj162486 gettext("Writing to file %s for" 76082c6b8c6Smj162486 "configuration dump failed (%s)."), 76182c6b8c6Smj162486 filename, strerror(errno)); 76282c6b8c6Smj162486 file_export_error = B_TRUE; 76382c6b8c6Smj162486 } 76482c6b8c6Smj162486 7657c478bd9Sstevel@tonic-gate free(str); 7667c478bd9Sstevel@tonic-gate } 76782c6b8c6Smj162486 if (fclose(fp) != 0) { 76882c6b8c6Smj162486 /* Break if error already hit */ 76982c6b8c6Smj162486 if (file_export_error) 77082c6b8c6Smj162486 break; 77182c6b8c6Smj162486 77282c6b8c6Smj162486 (void) snprintf(errstr, sizeof (errstr), gettext( 77382c6b8c6Smj162486 "Writing to file %s for configuration dump failed " 77482c6b8c6Smj162486 "during file close (%s)."), filename, 77582c6b8c6Smj162486 strerror(errno)); 77682c6b8c6Smj162486 file_export_error = B_TRUE; 77782c6b8c6Smj162486 break; 77882c6b8c6Smj162486 } 77982c6b8c6Smj162486 78082c6b8c6Smj162486 } 78182c6b8c6Smj162486 78282c6b8c6Smj162486 if (file_export_error) { 78382c6b8c6Smj162486 MKERROR(LOG_ERR, errorp, NS_CONFIG_FILE, 78482c6b8c6Smj162486 strdup(errstr), NULL); 78582c6b8c6Smj162486 (void) unlink(filename); 7867c478bd9Sstevel@tonic-gate } 7877c478bd9Sstevel@tonic-gate 7887c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 78982c6b8c6Smj162486 return (errorp); 7907c478bd9Sstevel@tonic-gate } 7917c478bd9Sstevel@tonic-gate 7927c478bd9Sstevel@tonic-gate ns_ldap_error_t * 7937c478bd9Sstevel@tonic-gate __ns_ldap_DumpConfiguration(char *file) 7947c478bd9Sstevel@tonic-gate { 7957c478bd9Sstevel@tonic-gate ns_ldap_error_t *ret; 7967c478bd9Sstevel@tonic-gate char *files[3]; 7977c478bd9Sstevel@tonic-gate 7987c478bd9Sstevel@tonic-gate files[0] = NULL; 7997c478bd9Sstevel@tonic-gate files[1] = NULL; 8007c478bd9Sstevel@tonic-gate files[2] = NULL; 8017c478bd9Sstevel@tonic-gate if (strcmp(file, NSCONFIGFILE) == 0) { 8027c478bd9Sstevel@tonic-gate files[0] = file; 8037c478bd9Sstevel@tonic-gate } else if (strcmp(file, NSCONFIGREFRESH) == 0) { 8047c478bd9Sstevel@tonic-gate files[0] = file; 8057c478bd9Sstevel@tonic-gate } else if (strcmp(file, NSCREDFILE) == 0) { 8067c478bd9Sstevel@tonic-gate files[1] = file; 8077c478bd9Sstevel@tonic-gate } else if (strcmp(file, NSCREDREFRESH) == 0) { 8087c478bd9Sstevel@tonic-gate files[1] = file; 8097c478bd9Sstevel@tonic-gate } 8107c478bd9Sstevel@tonic-gate ret = __ns_ldap_DumpConfigFiles(files); 8117c478bd9Sstevel@tonic-gate return (ret); 8127c478bd9Sstevel@tonic-gate } 8137c478bd9Sstevel@tonic-gate 8147c478bd9Sstevel@tonic-gate /* 8157c478bd9Sstevel@tonic-gate * ************************************************************** 8167c478bd9Sstevel@tonic-gate * Misc Routines 8177c478bd9Sstevel@tonic-gate * ************************************************************** 8187c478bd9Sstevel@tonic-gate */ 8197c478bd9Sstevel@tonic-gate 8207c478bd9Sstevel@tonic-gate ns_config_t * 8217c478bd9Sstevel@tonic-gate __ns_ldap_make_config(ns_ldap_result_t *result) 8227c478bd9Sstevel@tonic-gate { 823382f99a9Smj162486 int l, m; 824*434c5a06SMilan Jurik char val[BUFSIZE]; 8257c478bd9Sstevel@tonic-gate char *attrname; 8267c478bd9Sstevel@tonic-gate ns_ldap_entry_t *entry; 8277c478bd9Sstevel@tonic-gate ns_ldap_attr_t *attr; 8287c478bd9Sstevel@tonic-gate char **attrval; 8297c478bd9Sstevel@tonic-gate ParamIndexType index; 8307c478bd9Sstevel@tonic-gate ns_config_t *ptr; 8317c478bd9Sstevel@tonic-gate ns_ldap_error_t *error = NULL; 8327c478bd9Sstevel@tonic-gate int prof_ver; 8337c478bd9Sstevel@tonic-gate ns_config_t *curr_ptr = NULL; 834382f99a9Smj162486 char errstr[MAXERROR]; 835382f99a9Smj162486 ns_ldap_error_t *errorp; 836*434c5a06SMilan Jurik LineBuf buffer; 837*434c5a06SMilan Jurik char *sepstr; 8387c478bd9Sstevel@tonic-gate 8397c478bd9Sstevel@tonic-gate if (result == NULL) 8407c478bd9Sstevel@tonic-gate return (NULL); 8417c478bd9Sstevel@tonic-gate 842382f99a9Smj162486 if (result->entries_count > 1) { 843382f99a9Smj162486 (void) snprintf(errstr, MAXERROR, 84482c6b8c6Smj162486 gettext("Configuration Error: More than one profile " 84582c6b8c6Smj162486 "found")); 846382f99a9Smj162486 MKERROR(LOG_ERR, errorp, NS_PARSE_ERR, strdup(errstr), NULL); 847382f99a9Smj162486 (void) __ns_ldap_freeError(&errorp); 848382f99a9Smj162486 return (NULL); 849382f99a9Smj162486 } 850382f99a9Smj162486 8517c478bd9Sstevel@tonic-gate ptr = __s_api_create_config(); 8527c478bd9Sstevel@tonic-gate if (ptr == NULL) 8537c478bd9Sstevel@tonic-gate return (NULL); 8547c478bd9Sstevel@tonic-gate 8557c478bd9Sstevel@tonic-gate curr_ptr = __s_api_get_default_config(); 8567c478bd9Sstevel@tonic-gate if (curr_ptr == NULL) { 8577c478bd9Sstevel@tonic-gate __s_api_destroy_config(ptr); 8587c478bd9Sstevel@tonic-gate return (NULL); 8597c478bd9Sstevel@tonic-gate } 8607c478bd9Sstevel@tonic-gate 8617c478bd9Sstevel@tonic-gate /* Check to see if the profile is version 1 or version 2 */ 8627c478bd9Sstevel@tonic-gate prof_ver = 1; 8637c478bd9Sstevel@tonic-gate entry = result->entry; 8647c478bd9Sstevel@tonic-gate for (l = 0; l < entry->attr_count; l++) { 8657c478bd9Sstevel@tonic-gate attr = entry->attr_pair[l]; 8667c478bd9Sstevel@tonic-gate 8677c478bd9Sstevel@tonic-gate attrname = attr->attrname; 8687c478bd9Sstevel@tonic-gate if (attrname == NULL) 8697c478bd9Sstevel@tonic-gate continue; 8707c478bd9Sstevel@tonic-gate if (strcasecmp(attrname, "objectclass") == 0) { 8717c478bd9Sstevel@tonic-gate for (m = 0; m < attr->value_count; m++) { 8727c478bd9Sstevel@tonic-gate if (strcasecmp(_PROFILE2_OBJECTCLASS, 8737c478bd9Sstevel@tonic-gate attr->attrvalue[m]) == 0) { 8747c478bd9Sstevel@tonic-gate prof_ver = 2; 8757c478bd9Sstevel@tonic-gate break; 8767c478bd9Sstevel@tonic-gate } 8777c478bd9Sstevel@tonic-gate } 8787c478bd9Sstevel@tonic-gate } 8797c478bd9Sstevel@tonic-gate } 8807c478bd9Sstevel@tonic-gate /* update the configuration to accept v1 or v2 attributes */ 8817c478bd9Sstevel@tonic-gate if (prof_ver == 1) { 8827c478bd9Sstevel@tonic-gate (void) strcpy(val, NS_LDAP_VERSION_1); 88382c6b8c6Smj162486 (void) __ns_ldap_setParamValue(ptr, NS_LDAP_FILE_VERSION_P, 88482c6b8c6Smj162486 val, &error); 8857c478bd9Sstevel@tonic-gate } else { 8867c478bd9Sstevel@tonic-gate (void) strcpy(val, NS_LDAP_VERSION_2); 88782c6b8c6Smj162486 (void) __ns_ldap_setParamValue(ptr, NS_LDAP_FILE_VERSION_P, 88882c6b8c6Smj162486 val, &error); 8897c478bd9Sstevel@tonic-gate } 8907c478bd9Sstevel@tonic-gate 8917c478bd9Sstevel@tonic-gate for (l = 0; l < entry->attr_count; l++) { 8927c478bd9Sstevel@tonic-gate attr = entry->attr_pair[l]; 8937c478bd9Sstevel@tonic-gate 8947c478bd9Sstevel@tonic-gate attrname = attr->attrname; 8957c478bd9Sstevel@tonic-gate if (attrname == NULL) 8967c478bd9Sstevel@tonic-gate continue; 8977c478bd9Sstevel@tonic-gate if (__s_api_get_profiletype(attrname, &index) != 0) 8987c478bd9Sstevel@tonic-gate continue; 8997c478bd9Sstevel@tonic-gate 9007c478bd9Sstevel@tonic-gate attrval = attr->attrvalue; 9017c478bd9Sstevel@tonic-gate switch (index) { 9027c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_DN_P: 9037c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_SEARCH_DESC_P: 9047c478bd9Sstevel@tonic-gate case NS_LDAP_ATTRIBUTEMAP_P: 9057c478bd9Sstevel@tonic-gate case NS_LDAP_OBJECTCLASSMAP_P: 9067c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_CRED_LEVEL_P: 9077c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_AUTH_METHOD_P: 9087c478bd9Sstevel@tonic-gate /* Multiple Value - insert 1 at a time */ 9097c478bd9Sstevel@tonic-gate for (m = 0; m < attr->value_count; m++) { 910382f99a9Smj162486 (void) __ns_ldap_setParamValue(ptr, index, 911382f99a9Smj162486 attrval[m], &error); 9127c478bd9Sstevel@tonic-gate } 9137c478bd9Sstevel@tonic-gate break; 9147c478bd9Sstevel@tonic-gate default: 915*434c5a06SMilan Jurik (void) memset((void *)&buffer, 0, sizeof (LineBuf)); 91682c6b8c6Smj162486 917*434c5a06SMilan Jurik /* Single or Multiple Value */ 918*434c5a06SMilan Jurik for (m = 0; m < attr->value_count; m++) { 919*434c5a06SMilan Jurik sepstr = NULL; 920*434c5a06SMilan Jurik if (m != attr->value_count - 1) { 921*434c5a06SMilan Jurik sepstr = SPACESEP; 922*434c5a06SMilan Jurik } 923*434c5a06SMilan Jurik if (__print2buf(&buffer, attrval[m], sepstr)) 924*434c5a06SMilan Jurik goto makeconfigerror; 925*434c5a06SMilan Jurik } 926*434c5a06SMilan Jurik (void) __ns_ldap_setParamValue(ptr, index, buffer.str, 927*434c5a06SMilan Jurik &error); 928*434c5a06SMilan Jurik if (buffer.len > 0) { 929*434c5a06SMilan Jurik free(buffer.str); 930*434c5a06SMilan Jurik buffer.len = 0; 931*434c5a06SMilan Jurik } 9327c478bd9Sstevel@tonic-gate break; 9337c478bd9Sstevel@tonic-gate } 9347c478bd9Sstevel@tonic-gate } 9357c478bd9Sstevel@tonic-gate if (ptr->version != NS_LDAP_V1) { 936dd1104fbSMichen Chang ParamIndexType i; 9377c478bd9Sstevel@tonic-gate if (curr_ptr->paramList[NS_LDAP_BINDDN_P].ns_ptype == CHARPTR) { 9387c478bd9Sstevel@tonic-gate (void) __ns_ldap_setParamValue(ptr, NS_LDAP_BINDDN_P, 93982c6b8c6Smj162486 curr_ptr->paramList[NS_LDAP_BINDDN_P].ns_pc, 94082c6b8c6Smj162486 &error); 9417c478bd9Sstevel@tonic-gate } 94282c6b8c6Smj162486 if (curr_ptr->paramList[NS_LDAP_BINDPASSWD_P].ns_ptype == 94382c6b8c6Smj162486 CHARPTR) { 94482c6b8c6Smj162486 (void) __ns_ldap_setParamValue(ptr, 94582c6b8c6Smj162486 NS_LDAP_BINDPASSWD_P, 9467c478bd9Sstevel@tonic-gate curr_ptr->paramList[NS_LDAP_BINDPASSWD_P].ns_pc, 9477c478bd9Sstevel@tonic-gate &error); 9487c478bd9Sstevel@tonic-gate } 949dd1104fbSMichen Chang i = NS_LDAP_ENABLE_SHADOW_UPDATE_P; 950dd1104fbSMichen Chang if (curr_ptr->paramList[i].ns_ptype == INT) { 951*434c5a06SMilan Jurik char *valt; 952*434c5a06SMilan Jurik valt = __s_get_shadowupdate_name( 953dd1104fbSMichen Chang curr_ptr->paramList[i].ns_i); 954*434c5a06SMilan Jurik (void) __ns_ldap_setParamValue(ptr, i, valt, &error); 955dd1104fbSMichen Chang } 956dd1104fbSMichen Chang if (curr_ptr->paramList[NS_LDAP_ADMIN_BINDDN_P].ns_ptype == 957dd1104fbSMichen Chang CHARPTR) { 958dd1104fbSMichen Chang (void) __ns_ldap_setParamValue(ptr, 959dd1104fbSMichen Chang NS_LDAP_ADMIN_BINDDN_P, 960dd1104fbSMichen Chang curr_ptr->paramList[NS_LDAP_ADMIN_BINDDN_P].ns_pc, 961dd1104fbSMichen Chang &error); 962dd1104fbSMichen Chang } 963dd1104fbSMichen Chang if (curr_ptr->paramList[NS_LDAP_ADMIN_BINDPASSWD_P].ns_ptype == 964dd1104fbSMichen Chang CHARPTR) { 965dd1104fbSMichen Chang (void) __ns_ldap_setParamValue(ptr, 966dd1104fbSMichen Chang NS_LDAP_ADMIN_BINDPASSWD_P, 967dd1104fbSMichen Chang curr_ptr-> 968dd1104fbSMichen Chang paramList[NS_LDAP_ADMIN_BINDPASSWD_P].ns_pc, 969dd1104fbSMichen Chang &error); 970dd1104fbSMichen Chang } 9717c478bd9Sstevel@tonic-gate if (curr_ptr->paramList[NS_LDAP_HOST_CERTPATH_P].ns_ptype == 9727c478bd9Sstevel@tonic-gate CHARPTR) { 97382c6b8c6Smj162486 (void) __ns_ldap_setParamValue(ptr, 97482c6b8c6Smj162486 NS_LDAP_HOST_CERTPATH_P, 9757c478bd9Sstevel@tonic-gate curr_ptr->paramList[NS_LDAP_HOST_CERTPATH_P].ns_pc, 9767c478bd9Sstevel@tonic-gate &error); 9777c478bd9Sstevel@tonic-gate } 9787c478bd9Sstevel@tonic-gate } 9797c478bd9Sstevel@tonic-gate __s_api_release_config(curr_ptr); 9807c478bd9Sstevel@tonic-gate return (ptr); 981*434c5a06SMilan Jurik 982*434c5a06SMilan Jurik makeconfigerror: 983*434c5a06SMilan Jurik if (buffer.len > 0) 984*434c5a06SMilan Jurik free(buffer.str); 985*434c5a06SMilan Jurik 986*434c5a06SMilan Jurik __s_api_debug_pause(LOG_ERR, NS_PARSE_ERR, 987*434c5a06SMilan Jurik "__ns_ldap_make_config: Not enough memory"); 988*434c5a06SMilan Jurik return (NULL); 9897c478bd9Sstevel@tonic-gate } 9907c478bd9Sstevel@tonic-gate 9917c478bd9Sstevel@tonic-gate /* 9927c478bd9Sstevel@tonic-gate * Download a profile into our internal structure. The calling application 9937c478bd9Sstevel@tonic-gate * needs to DumpConfig() to save the information to NSCONFIGFILE and NSCREDFILE 9947c478bd9Sstevel@tonic-gate * if desired. 9957c478bd9Sstevel@tonic-gate */ 9967c478bd9Sstevel@tonic-gate int 9977c478bd9Sstevel@tonic-gate __ns_ldap_download(const char *profile, char *addr, char *baseDN, 9987c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp) 9997c478bd9Sstevel@tonic-gate { 1000*434c5a06SMilan Jurik char filter[BUFSIZE]; 10017c478bd9Sstevel@tonic-gate int rc; 10027c478bd9Sstevel@tonic-gate ns_ldap_result_t *result = NULL; 10037c478bd9Sstevel@tonic-gate ns_config_t *ptr = NULL; 10047c478bd9Sstevel@tonic-gate ns_config_t *new_ptr = NULL; 10057c478bd9Sstevel@tonic-gate char errstr[MAXERROR]; 10067c478bd9Sstevel@tonic-gate 10077c478bd9Sstevel@tonic-gate *errorp = NULL; 10087c478bd9Sstevel@tonic-gate if (baseDN == NULL) 10097c478bd9Sstevel@tonic-gate return (NS_LDAP_INVALID_PARAM); 10107c478bd9Sstevel@tonic-gate 10117c478bd9Sstevel@tonic-gate ptr = __s_api_get_default_config(); 10127c478bd9Sstevel@tonic-gate if (ptr == NULL) { 10137c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 10147c478bd9Sstevel@tonic-gate gettext("No configuration information available.")); 10157c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *errorp, NS_CONFIG_NOTLOADED, strdup(errstr), 10167c478bd9Sstevel@tonic-gate NULL); 10177c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 10187c478bd9Sstevel@tonic-gate } 10197c478bd9Sstevel@tonic-gate 102082c6b8c6Smj162486 rc = __ns_ldap_setParamValue(ptr, NS_LDAP_SEARCH_BASEDN_P, baseDN, 102182c6b8c6Smj162486 errorp); 10227c478bd9Sstevel@tonic-gate if (rc != NS_LDAP_SUCCESS) { 10237c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 10247c478bd9Sstevel@tonic-gate return (rc); 10257c478bd9Sstevel@tonic-gate } 10267c478bd9Sstevel@tonic-gate 10277c478bd9Sstevel@tonic-gate rc = __ns_ldap_setParamValue(ptr, NS_LDAP_SERVERS_P, addr, errorp); 10287c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 10297c478bd9Sstevel@tonic-gate if (rc != NS_LDAP_SUCCESS) 10307c478bd9Sstevel@tonic-gate return (rc); 10317c478bd9Sstevel@tonic-gate 10327c478bd9Sstevel@tonic-gate (void) snprintf(filter, sizeof (filter), _PROFILE_FILTER, 103382c6b8c6Smj162486 _PROFILE1_OBJECTCLASS, _PROFILE2_OBJECTCLASS, profile); 10347c478bd9Sstevel@tonic-gate rc = __ns_ldap_list(_PROFILE_CONTAINER, (const char *)filter, 10357c478bd9Sstevel@tonic-gate NULL, NULL, NULL, 0, &result, errorp, NULL, NULL); 10367c478bd9Sstevel@tonic-gate 10377c478bd9Sstevel@tonic-gate if (rc != NS_LDAP_SUCCESS) 10387c478bd9Sstevel@tonic-gate return (rc); 10397c478bd9Sstevel@tonic-gate 10407c478bd9Sstevel@tonic-gate new_ptr = __ns_ldap_make_config(result); 10417c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeResult(&result); 10427c478bd9Sstevel@tonic-gate 1043382f99a9Smj162486 if (new_ptr == NULL) 1044382f99a9Smj162486 return (NS_LDAP_OP_FAILED); 1045382f99a9Smj162486 10467c478bd9Sstevel@tonic-gate rc = __s_api_crosscheck(new_ptr, errstr, B_FALSE); 10477c478bd9Sstevel@tonic-gate if (rc != NS_LDAP_SUCCESS) { 10487c478bd9Sstevel@tonic-gate __s_api_destroy_config(new_ptr); 10497c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *errorp, NS_CONFIG_NOTLOADED, strdup(errstr), 10507c478bd9Sstevel@tonic-gate NULL); 10517c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 10527c478bd9Sstevel@tonic-gate } 10537c478bd9Sstevel@tonic-gate 10547c478bd9Sstevel@tonic-gate __s_api_init_config(new_ptr); 10557c478bd9Sstevel@tonic-gate return (rc); 10567c478bd9Sstevel@tonic-gate } 10577c478bd9Sstevel@tonic-gate 10587c478bd9Sstevel@tonic-gate /* 10597c478bd9Sstevel@tonic-gate * ************************************************************** 10607c478bd9Sstevel@tonic-gate * Configuration Printing Routines 10617c478bd9Sstevel@tonic-gate * ************************************************************** 10627c478bd9Sstevel@tonic-gate */ 10637c478bd9Sstevel@tonic-gate 10647c478bd9Sstevel@tonic-gate /* 10657c478bd9Sstevel@tonic-gate * Yes the use of stdio is okay here because all we are doing is sending 10667c478bd9Sstevel@tonic-gate * output to stdout. This would not be necessary if we could get to the 10677c478bd9Sstevel@tonic-gate * configuration pointer outside this file. 10687c478bd9Sstevel@tonic-gate */ 10697c478bd9Sstevel@tonic-gate ns_ldap_error_t * 10707c478bd9Sstevel@tonic-gate __ns_ldap_print_config(int verbose) 10717c478bd9Sstevel@tonic-gate { 10727c478bd9Sstevel@tonic-gate ns_config_t *ptr; 10737c478bd9Sstevel@tonic-gate char errstr[MAXERROR]; 10747c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 10757c478bd9Sstevel@tonic-gate char *str; 10767c478bd9Sstevel@tonic-gate int i; 10777c478bd9Sstevel@tonic-gate 10787c478bd9Sstevel@tonic-gate ptr = __s_api_get_default_config(); 10797c478bd9Sstevel@tonic-gate if (ptr == NULL) { 10807c478bd9Sstevel@tonic-gate errorp = __ns_ldap_LoadConfiguration(); 10817c478bd9Sstevel@tonic-gate if (errorp != NULL) 10827c478bd9Sstevel@tonic-gate return (errorp); 10837c478bd9Sstevel@tonic-gate ptr = __s_api_get_default_config(); 10847c478bd9Sstevel@tonic-gate if (ptr == NULL) { 10857c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 10867c478bd9Sstevel@tonic-gate gettext("No configuration information.")); 10877c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, errorp, NS_CONFIG_NOTLOADED, 10887c478bd9Sstevel@tonic-gate strdup(errstr), NULL); 10897c478bd9Sstevel@tonic-gate return (errorp); 10907c478bd9Sstevel@tonic-gate } 10917c478bd9Sstevel@tonic-gate } 10927c478bd9Sstevel@tonic-gate 10937c478bd9Sstevel@tonic-gate if (verbose && (ptr->domainName != NULL)) { 10947c478bd9Sstevel@tonic-gate (void) fputs("ptr->domainName ", stdout); 10957c478bd9Sstevel@tonic-gate (void) fputs(ptr->domainName, stdout); 10967c478bd9Sstevel@tonic-gate (void) putchar('\n'); 10977c478bd9Sstevel@tonic-gate } 10987c478bd9Sstevel@tonic-gate /* For each parameter - construct value */ 10997c478bd9Sstevel@tonic-gate for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) { 11007c478bd9Sstevel@tonic-gate /* 11017c478bd9Sstevel@tonic-gate * Version 1 skipped this entry because: 11027c478bd9Sstevel@tonic-gate * 11037c478bd9Sstevel@tonic-gate * don't print default cache TTL for now since 11047c478bd9Sstevel@tonic-gate * we don't store it in the ldap_client_file. 11057c478bd9Sstevel@tonic-gate */ 11067c478bd9Sstevel@tonic-gate if ((i == NS_LDAP_CACHETTL_P) && (ptr->version == NS_LDAP_V1)) 11077c478bd9Sstevel@tonic-gate continue; 11087c478bd9Sstevel@tonic-gate 1109dd1104fbSMichen Chang /* the credential for shadow update is not to be exposed */ 1110dd1104fbSMichen Chang if (i == NS_LDAP_ADMIN_BINDDN_P || 1111dd1104fbSMichen Chang i == NS_LDAP_ADMIN_BINDPASSWD_P) 1112dd1104fbSMichen Chang continue; 1113dd1104fbSMichen Chang 1114*434c5a06SMilan Jurik str = __s_api_strValue(ptr, i, NS_FILE_FMT); 11157c478bd9Sstevel@tonic-gate if (str == NULL) 11167c478bd9Sstevel@tonic-gate continue; 11177c478bd9Sstevel@tonic-gate if (verbose) 11187c478bd9Sstevel@tonic-gate (void) putchar('\t'); 11197c478bd9Sstevel@tonic-gate (void) fprintf(stdout, "%s\n", str); 11207c478bd9Sstevel@tonic-gate free(str); 11217c478bd9Sstevel@tonic-gate } 11227c478bd9Sstevel@tonic-gate 11237c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 11247c478bd9Sstevel@tonic-gate return (NULL); 11257c478bd9Sstevel@tonic-gate } 1126