usr/src/lib/print/libprint/common/nss_ldap.c

root/usr/src/lib/print/libprint/common/nss_ldap.c
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <string.h>
#include <stdarg.h>
#include <fcntl.h>
#include <syslog.h>
#include <errno.h>
#include <pwd.h>
#include <libintl.h>
#include <netdb.h>      /* for rcmd() */

#include <ns.h>
#include <list.h>

#define LDAP_REFERRALS
#include <lber.h>
#include <ldap.h>
#include <sys/systeminfo.h>


/*
 * This modules contains the code required to manipulate printer objects in
 * a LDAP directory for the Naming Service (NS) switch.
 * It can "add", "modify" and "delete" the objects on the given ldap server
 * and in the given NS domain DN, eg. "dc=mkg,dc=sun,dc=com".
 * Note: printers known to the naming service are contained in the RDN
 * "ou=printers" under the NS domain DN
 */

#define PCONTAINER      "ou=printers"

/* attribute keywords */
#define ATTR_DN         "dn"
#define ATTR_OCLASS     "objectClass"
#define ATTR_URI        "printer-uri"
#define ATTR_PNAME      "printer-name"
#define ATTR_XRISUP     "printer-xri-supported"
#define ATTR_BSDADDR    "sun-printer-bsdaddr"
#define ATTR_KVP        "sun-printer-kvp"

/* objectClass values */
#define OCV_TOP         "top"
#define OCV_PSERVICE    "printerService"
#define OCV_SUNPRT      "sunPrinter"
#define OCV_PABSTRACT   "printerAbstract"

/* xri-supported attribute value */
#define AV_UNKNOWN      "unknown"


/*
 * LDAP objectclass atributes that the user can explicity change
 */

static const char *nsl_attr_printerService[] = {
        "printer-uri",
        "printer-xri-supported",
        /* Not allowed "printer-name", */
        "printer-natural-language-configured",
        "printer-location",
        "printer-info",
        "printer-more-info",
        "printer-make-and-model",
        "printer-charset-configured",
        "printer-charset-supported",
        "printer-generated-natural-language-supported",
        "printer-document-format-supported",
        "printer-color-supported",
        "printer-compression-supported",
        "printer-pages-per-minute",
        "printer-pages-per-minute-color",
        "printer-finishings-supported",
        "printer-number-up-supported",
        "printer-sides-supported",
        "printer-media-supported",
        "printer-media-local-supported",
        "printer-resolution-supported",
        "printer-print-quality-supported",
        "printer-job-priority-supported",
        "printer-copies-supported",
        "printer-job-k-octets-supported",
        "printer-current-operator",
        "printer-service-person",
        "printer-delivery-orientation-supported",
        "printer-stacking-order-supported",
        "printer-output-features-supported",
        (char *)NULL
};


static const char *nsl_attr_printerIPP[] = {
        "printer-ipp-versions-supported",
        "printer-multiple-document-jobs-supported",
        (char *)NULL
};

static const char *nsl_attr_sunPrinter[] = {
        /* Not allowed "sun-printer-bsdaddr", */
        /* Not allowed "sun-printer-kvp", */
        (char *)NULL
};


/*
 * List of LDAP attributes that user is not allowed to explicitly change
 */
static const char *nsl_attr_notAllowed[] = {
        ATTR_DN,
        ATTR_OCLASS,            /* objectclass */
        ATTR_PNAME,             /* printer-name */
        ATTR_BSDADDR,
        ATTR_KVP,
        (char *)NULL
};


static NSL_RESULT _connectToLDAP(ns_cred_t *cred, LDAP **ld);
static uchar_t *_constructPrinterDN(uchar_t *printerName,
                                uchar_t *domainDN, char **attrList);
static NSL_RESULT _checkPrinterExists(LDAP *ld, uchar_t *printerName,
                        uchar_t *domainDN, uchar_t **printerDN);
static NSL_RESULT _checkPrinterDNExists(LDAP *ld, uchar_t *objectDN);
static NSL_RESULT _checkSunPrinter(LDAP *ld, uchar_t *printerDN);
static NSL_RESULT _addNewPrinterObject(LDAP *ld, uchar_t *printerName,
                                        uchar_t *domainDN, char **attrList);
static NSL_RESULT _modifyPrinterObject(LDAP *ld, uchar_t *printerDN,
                uchar_t *printerName, uchar_t *domainDN, char **attrList);
static NSL_RESULT _checkAttributes(char **list);
static NSL_RESULT _addLDAPmodValue(LDAPMod ***attrs, char *type, char *value);
static NSL_RESULT _modLDAPmodValue(LDAPMod ***attrs, char *type, char *value);
static NSL_RESULT _constructAddLDAPMod(uchar_t *printerName,
                                        char **attrList,  LDAPMod ***attrs);
static NSL_RESULT _constructModLDAPMod(uchar_t *printerName, int sunPrinter,
                        char **attrList, char ***oldKVPList, LDAPMod ***attrs);
static NSL_RESULT _compareURIinDNs(uchar_t *dn1, uchar_t *dn2);
static uchar_t *_getThisNSDomainDN(void);
static int _popen(char *cmd, char *results, int size);
static int _attrInList(char *attr, const char **list);
static int _attrInLDAPList(char *attr);
static NSL_RESULT _getCurrentKVPValues(LDAP *ld,
                                        uchar_t *objectDN, char ***list);
static void _freeList(char ***list);
static NSL_RESULT _modAttrKVP(char *value, char ***kvpList);
static NSL_RESULT _attrAddKVP(LDAPMod ***attrs, char **kvpList, int kvpExists);
static int _manageReferralCredentials(LDAP *ld, char **dn, char **credp,
        int *methodp, int freeit, void *);

/*
 * *****************************************************************************
 *
 * Function:    ldap_put_printer()
 *
 * Description: Action the request to change a printer object in the LDAP
 *              directory DIT. The object is either added, modified or deleted
 *              depending on the request's attribute list. A null list indicates
 *              the request is a delete.
 *              The object's DN is constructed from the supplied domain DN and
 *              a check is done to see if the object exists already, if it
 *              doesn't exist then this is a request to add a new object
 *              If a URI is given in the attribute list and it is different to
 *              the existing printing object's DN then the request will be
 *              rejected.
 *
 *
 * Parameters:
 * Input:       const ns_printer_t *printer
 *                - this structure contains the following :
 *                  char *printerName - name of the printer
 *                  ns_cred_t *cred - structure containing the ldap host and
 *                                port, user, password and NS domain DN for the
 *                                directory server to be updated.
 *                  char **attrList - pointer to a list of attribute key values
 *                                for the printer object. If the object does
 *                                not already exist then this list contains the
 *                                values for the new object, otherwise this list
 *                                is a list of attributes to modify. For modify
 *                                a null attribute value is a attribute delete
 *                                request. A NULL ptr = delete the object.
 * Output:      None
 *
 * Returns:     int - 0 = request actioned okay
 *                   !0 = error - see NSL_RESULT codes
 *
 * *****************************************************************************
 */

int
ldap_put_printer(const ns_printer_t *printer)

{
        NSL_RESULT result = NSL_OK;
        NSL_RESULT printerExists = NSL_ERR_UNKNOWN_PRINTER;
        LDAP *ld = NULL;
        uchar_t *printerDN = NULL;
        uchar_t *domainDN = NULL;
        char *printerName = NULL;
        ns_cred_t *cred = NULL;
        char **attrList = NULL;

        /* -------- */

        /*
         * Note: the "attributes" list should be null for ldap as the attribute
         * values are passed in the nsdata field
         */

        if ((printer != NULL) &&
            (printer->attributes == NULL) && (printer->name != NULL))
        {
                /* extract required pointer values from structure */

                printerName = printer->name;
                cred = printer->cred;
                if (printer->nsdata != NULL)
                {
                        attrList = ((NS_LDAPDATA *)(printer->nsdata))->attrList;
                }

                /* connect and bind to the ldap directory server */

                result = _connectToLDAP(cred, &ld);
                if ((result == NSL_OK) && (ld != NULL))
                {
                        /*
                         * check if the NS domain DN was given, if not use the
                         * current NS domain
                         */

                        if (cred->domainDN != NULL)
                        {
                                domainDN = (uchar_t *)
                                        strdup((char *)cred->domainDN);
                        }
                        else
                        {
                                /* get DN of current domain */
                                domainDN = _getThisNSDomainDN();
                        }

                        printerExists =
                                _checkPrinterExists(ld, (uchar_t *)printerName,
                                                        domainDN, &printerDN);
                        if (printerExists != LDAP_SUCCESS)
                        {
                                /*
                                 * could not find the printer by printer-name,
                                 * but there could be a non sunPrinter object
                                 * so if the printer-uri was given check if
                                 * an object for that exists
                                 */
                                printerDN =
                                    _constructPrinterDN(NULL,
                                                        domainDN, attrList);
                                if (printerDN != NULL)
                                {
                                        printerExists = _checkPrinterDNExists(
                                                                ld, printerDN);
                                }
                        }
#ifdef DEBUG
if (printerExists == NSL_OK)
{
printf("DN found = '%s' for '%s'\n", printerDN, printerName);
}
#endif

                        if (attrList == NULL)
                        {
                                /*
                                 * a null list indicates that this is a DELETE
                                 * object request, so if object exists delete
                                 * it, otherwise report an error.
                                 */
                                if (printerExists == LDAP_SUCCESS)
                                {
                                    result = ldap_delete_s(ld,
                                                (char *)printerDN);
                                    if (result != LDAP_SUCCESS)
                                    {
                                        result = NSL_ERR_DEL_FAILED;
#ifdef DEBUG
ldap_perror(ld, "ldap_delete_s failed");
#endif
                                    }
                                }
                                else
                                {
                                    result = NSL_ERR_UNKNOWN_PRINTER;
                                }
                        }
                        else
                        {
                                /*
                                 * if object exists then this is a
                                 * modify request otherwise is is an add request
                                 */

                                if (printerExists == LDAP_SUCCESS)
                                {
                                        /*
                                         * Modify the printer object to
                                         * give it the new attribute values
                                         * specified by the user
                                         */
                                        result =
                                        _modifyPrinterObject(ld, printerDN,
                                                (uchar_t *)printerName,
                                                domainDN, attrList);
                                }
                                else
                                {
                                        /*
                                         * add new printer object into the
                                         * ldap directory with the user
                                         * specified attribute values
                                         */
                                        result =
                                            _addNewPrinterObject(ld,
                                                (uchar_t *)printerName,
                                                domainDN, attrList);
                                }
                        }

                        if (printerDN != NULL)
                        {
                                free(printerDN);
                        }
                        if (domainDN != NULL)
                        {
                                free(domainDN);
                        }

                        /* disconnect from LDAP server */

                        (void) ldap_unbind(ld);
                }
        }

        else
        {
                /* no printerName given */
                result = NSL_ERR_INTERNAL;
        }

        return ((int)result);
} /* ldap_put_printer */




/*
 * *****************************************************************************
 *
 * Function:    _connectToLDAP()
 *
 * Description: Setup the connection and bind to the LDAP directory server.
 *              The function returns the ldap connection descriptor
 *
 * Note:        Currently the native ldap functions do not support secure
 *              passwords, when this is supported this function will require
 *              updating to allow the type passed in cred->passwdType to
 *              be used with the ldap_simple_bind()
 *
 * Parameters:
 * Input:       ns_cred_t *cred - structure containing the credentials (host,
 *                                port, user and password) required to bind
 *                                to the directory server to be updated.
 *              char *printerName - printer name used only for error messages
 * Output:      LDAP** - ldap connection descriptor pointer. NULL = failed
 *
 * Returns:     NSL_RESULT - NSL_OK = connected okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_connectToLDAP(ns_cred_t *cred, LDAP **ld)

{
        NSL_RESULT result = NSL_OK;
        int lresult = 0;
        int ldapPort = LDAP_PORT;       /* default LDAP port number */
        int protoVersion = LDAP_VERSION3;
        int derefOption = LDAP_DEREF_NEVER;
        int referrals = 1;
        char hostname[MAXHOSTNAMELEN];
        int tmpMethod = LDAP_AUTH_SIMPLE; /* temp - until its passed in */

        /* -------- */

        if ((ld == NULL) || (cred == NULL) ||
                ((cred->passwd == NULL) || (cred->binddn == NULL)))
        {
                result = NSL_ERR_CREDENTIALS;
        }

        else
        {
                *ld = NULL;

                /* if host was not given then bind to local host */

                if (cred->host != NULL)
                {
                        (void) strlcpy(hostname, cred->host, sizeof (hostname));
                }
                else
                {
                        (void) sysinfo(SI_HOSTNAME,
                                        hostname, sizeof (hostname));
                }

                /* initialise the connection to the ldap server */

                if (cred->port != 0)
                {
                        ldapPort = cred->port;
                }
                *ld = ldap_init(hostname, ldapPort);
                if (*ld == NULL)
                {
                        /* connection setup failed */
                        result = NSL_ERR_CONNECT;
#ifdef DEBUG
(void) perror("ldap_init");
#endif
                }
                else
                {
                        /* set ldap options */

                        (void) ldap_set_option(*ld, LDAP_OPT_DEREF,
                                                &derefOption);
                        (void) ldap_set_option(*ld, LDAP_OPT_PROTOCOL_VERSION,
                                                &protoVersion);
                        (void) ldap_set_option(*ld, LDAP_OPT_REFERRALS,
                                                &referrals);

                        /* bind to the user DN in the directory */

                        /* cred->passwdType is currently not supported */

                        lresult = ldap_simple_bind_s(*ld,
                                                cred->binddn, cred->passwd);

                        /*
                         * before doing anything else, set up the function to
                         * call to get authentication details if the
                         * ldap update function calls (eg. ldap_add_s()) get a
                         * "referral" (to another ldap server) from the
                         * original ldap server, eg. if we are trying to do
                         * a update on a LDAP replica server.
                         */
                        (void) _manageReferralCredentials(*ld,
                                        &(cred->binddn), &(cred->passwd),
                                        &tmpMethod, -1, NULL);
                        ldap_set_rebind_proc(*ld,
                                _manageReferralCredentials, NULL);

                        if (lresult != LDAP_SUCCESS)
                        {
                                result = NSL_ERR_BIND;
                                *ld = NULL;
#ifdef DEBUG
(void) ldap_perror(*ld, "ldap_simple_bind_s");
#endif
                        }
                }
        }

        return (result);
} /* _connectToLDAP */





/*
 * *****************************************************************************
 *
 * Function:    _constructPrinterDN()
 *
 * Description: Construct the DN for the printer object from its name and NS
 *              domain DN. If the printer-uri is given in the attrList then
 *              that is used instead of the printerName.
 *
 * Parameters:
 * Input:       uchar_t *printerName
 *              uchar_t *domainDN
 *              char **attrList - this list is searched for printer-uri
 * Output:      None
 *
 * Returns:     uchar_t* - pointer to the DN, this memory is malloced so
 *                         must be freed using free() when finished with.
 *
 * *****************************************************************************
 */

static uchar_t *
_constructPrinterDN(uchar_t *printerName, uchar_t *domainDN, char **attrList)

{
        uchar_t *dn = NULL;
        uchar_t *uri = NULL;
        char **p = NULL;
        int len = 0;

        /* ------- */

        /* first search for printer-uri in the attribute list */

        for (p = attrList; (p != NULL) && (*p != NULL) && (uri == NULL); p++)
        {
                /* get length of this key word */

                for (len = 0; ((*p)[len] != '=') && ((*p)[len] != '\0'); len++);

                if ((strncasecmp(*p, ATTR_URI, len) == 0) &&
                    (strlen(*p) > len+1))
                {
                        uri = (uchar_t *)&((*p)[len+1]);
                }
        }


        if (domainDN != NULL) {
                size_t size;

                /* malloc memory for the DN and then construct it */

                if ((uri == NULL) && (printerName != NULL))
                {
                        /* use the printerName for the RDN */

                        size = strlen(ATTR_URI) +
                            strlen((char *)printerName) +
                            strlen((char *)domainDN) +
                            strlen(PCONTAINER) +
                            10; /* plus a few extra */

                        if ((dn = malloc(size)) != NULL)
                                (void) snprintf((char *)dn, size, "%s=%s,%s,%s",
                                ATTR_URI, printerName, PCONTAINER, domainDN);
                }
                else
                if (uri != NULL)
                {
                        /* use the URI for the RDN */

                        size = strlen(ATTR_URI) +
                            strlen((char *)uri) +
                            strlen((char *)domainDN) +
                            strlen(PCONTAINER) +
                            10; /* plus a few extra */

                        if ((dn = malloc(size)) != NULL)
                                (void) snprintf((char *)dn, size, "%s=%s,%s,%s",
                                ATTR_URI, uri, PCONTAINER, domainDN);
                }

                /*
                 * else
                 * {
                 *    printName not given so return null
                 * }
                 */

        }

        return (dn);    /* caller must free this memory */
} /* _constructPrinterDN */



/*
 * *****************************************************************************
 *
 * Function:    _checkPrinterExists()
 *
 * Description: Check that the printer object for the printerName exists in the
 *              directory DIT and then extract the object's DN
 *              The function uses an exiting ldap connection and does a
 *              search for the printerName in the supplied domain DN.
 *
 * Parameters:
 * Input:       LDAP *ld             - existing ldap connection descriptor
 *              uchar_t *printerName - printer name
 *              uchar_t *domainDN    - DN of domain to search in
 * Output:      uchar_t **printerDN  - DN of the printer - the caller should
 *                                     free this memory using free()
 *
 * Result:      NSL_RESULT - NSL_OK = object exists
 *
 * *****************************************************************************
 */

static NSL_RESULT
_checkPrinterExists(LDAP *ld, uchar_t *printerName, uchar_t *domainDN,
                        uchar_t **printerDN)

{
        NSL_RESULT result = NSL_ERR_UNKNOWN_PRINTER;
        int sresult = LDAP_NO_SUCH_OBJECT;
        LDAPMessage *ldapMsg = NULL;
        char *requiredAttrs[2] = { ATTR_PNAME, NULL };
        LDAPMessage *ldapEntry = NULL;
        uchar_t *filter = NULL;
        uchar_t *baseDN = NULL;

        /* ---------- */

        if ((printerName != NULL) && (domainDN != NULL) && (printerDN != NULL))
        {
                size_t size;

                if (printerDN != NULL)
                {
                        *printerDN = NULL;
                }

                /* search for this Printer in the directory */

                size = (3 + strlen((char *)printerName) + strlen(ATTR_PNAME) +
                        2);

                if ((filter = malloc(size)) != NULL)
                        (void) snprintf((char *)filter, size, "(%s=%s)",
                            ATTR_PNAME, (char *)printerName);

                size = (strlen((char *)domainDN) + strlen(PCONTAINER) + 5);

                if ((baseDN = malloc(size)) != NULL)
                        (void) snprintf((char *)baseDN, size, "%s,%s",
                            PCONTAINER, (char *)domainDN);

                sresult = ldap_search_s(ld, (char *)baseDN, LDAP_SCOPE_SUBTREE,
                                (char *)filter, requiredAttrs, 0, &ldapMsg);
                if (sresult == LDAP_SUCCESS)
                {
                        /* check that the object exists and extract its DN */

                        ldapEntry = ldap_first_entry(ld, ldapMsg);
                        if (ldapEntry != NULL)
                        {
                                /* object found - there should only be one */
                                result = NSL_OK;

                                if (printerDN != NULL)
                                {
                                        *printerDN = (uchar_t *)
                                                ldap_get_dn(ld, ldapEntry);
                                }
                        }

                        (void) ldap_msgfree(ldapMsg);
                }
        }

        else
        {
                result = NSL_ERR_INTERNAL;
        }

        return (result);
} /* _checkPrinterExists */




/*
 * *****************************************************************************
 *
 * Function:    _checkPrinterDNExists()
 *
 * Description: Check that the printer object for the DN exists in the
 *              directory DIT.
 *              The function uses an exiting ldap connection and does a
 *              search for the DN supplied.
 *
 * Parameters:  LDAP *ld       - existing ldap connection descriptor
 *              char *objectDN - DN to search for
 *
 * Result:      NSL_RESULT - NSL_OK = object exists
 *
 * *****************************************************************************
 */

static NSL_RESULT
_checkPrinterDNExists(LDAP *ld, uchar_t *objectDN)

{
        NSL_RESULT result = NSL_ERR_UNKNOWN_PRINTER;
        int sresult = LDAP_NO_SUCH_OBJECT;
        LDAPMessage *ldapMsg;
        char *requiredAttrs[2] = { ATTR_PNAME, NULL };
        LDAPMessage *ldapEntry;

        /* ---------- */

        if ((ld != NULL) && (objectDN != NULL))
        {
                /* search for this Printer in the directory */

                sresult = ldap_search_s(ld, (char *)objectDN, LDAP_SCOPE_BASE,
                                "(objectclass=*)", requiredAttrs, 0, &ldapMsg);
                if (sresult == LDAP_SUCCESS)
                {
                        /* check that the object exists */
                        ldapEntry = ldap_first_entry(ld, ldapMsg);
                        if (ldapEntry != NULL)
                        {
                                /* object found */
                                result = NSL_OK;
                        }

                        (void) ldap_msgfree(ldapMsg);
                }
        }

        else
        {
                result = NSL_ERR_INTERNAL;
        }

        return (result);
} /* _checkPrinterDNExists */





/*
 * *****************************************************************************
 *
 * Function:    _checkSunPrinter()
 *
 * Description: Check that the printer object for the printerDN is a sunPrinter
 *              ie. it has the required objectclass attribute value.
 *
 * Parameters:
 * Input:       LDAP *ld            - existing ldap connection descriptor
 * Output:      uchar_t *printerDN  - DN of the printer
 *
 * Result:      NSL_RESULT - NSL_OK = object exists and is a sunPrinter
 *
 * *****************************************************************************
 */

static NSL_RESULT
_checkSunPrinter(LDAP *ld, uchar_t *printerDN)

{
        NSL_RESULT result = NSL_ERR_UNKNOWN_PRINTER;
        int sresult = LDAP_NO_SUCH_OBJECT;
        char *requiredAttrs[2] = { ATTR_PNAME, NULL };
        LDAPMessage *ldapMsg = NULL;
        LDAPMessage *ldapEntry = NULL;
        char *filter = NULL;

        /* ---------- */

        if ((ld != NULL) && (printerDN != NULL))
        {
                size_t size;

                /* search for this Printer in the directory */

                size = (3 + strlen(OCV_SUNPRT) + strlen(ATTR_OCLASS) + 2);
                if ((filter = malloc(size)) != NULL)
                        (void) snprintf(filter, size, "(%s=%s)",
                                        ATTR_OCLASS, OCV_SUNPRT);

                sresult = ldap_search_s(ld, (char *)printerDN,
                                                LDAP_SCOPE_SUBTREE, filter,
                                                requiredAttrs, 0, &ldapMsg);
                if (sresult == LDAP_SUCCESS)
                {
                        /* check that the printer object exists */

                        ldapEntry = ldap_first_entry(ld, ldapMsg);
                        if (ldapEntry != NULL)
                        {
                                /* object is a sunPrinter */
                                result = NSL_OK;
                        }

                        (void) ldap_msgfree(ldapMsg);
                }
        }

        else
        {
                result = NSL_ERR_INTERNAL;
        }

        return (result);
} /* _checkSunPrinter */





/*
 * *****************************************************************************
 *
 * Function:    _addNewPrinterObject()
 *
 * Description: For the given printerName add a printer object into the
 *              LDAP directory NS domain. The object is created with the
 *              supplied attribute values. Note: if the printer's uri is
 *              given that is used as the RDN otherwise the printer's
 *              name is used as the RDN
 *
 * Parameters:
 * Input:       LDAP    *ld        - existing ldap connection descriptor
 *              uchar_t *printerName - Name of printer to be added
 *              uchar_t *domainDN    - DN of the domain to add the printer
 *              char    **attrList - user specified attribute values list
 * Output:      None
 *
 * Returns:     NSL_RESULT - NSL_OK  = request actioned okay
 *                           !NSL_OK = error
 *
 * *****************************************************************************
 */

static NSL_RESULT
_addNewPrinterObject(LDAP *ld, uchar_t *printerName,
                        uchar_t *domainDN, char **attrList)

{
        NSL_RESULT result = NSL_ERR_ADD_FAILED;
        int lresult = 0;
        uchar_t *printerDN = NULL;
        LDAPMod **attrs = NULL;

        /* ---------- */

        if ((ld != NULL) && (printerName != NULL) && (domainDN != NULL) &&
                (attrList != NULL) && (attrList[0] != NULL))
        {
                result = _checkAttributes(attrList);

                if (result == NSL_OK)
                {
                        /*
                         * construct a DN for the printer from the
                         * printerName and printer-uri if given.
                         */
                        printerDN = _constructPrinterDN(printerName,
                                                domainDN, attrList);
                        if (printerDN != NULL)
                        {
                                /*
                                 * setup attribute values in an LDAPMod
                                 * structure and then add the object
                                 */
                                result = _constructAddLDAPMod(printerName,
                                                        attrList, &attrs);
                                if (result == NSL_OK)
                                {
                                        lresult = ldap_add_s(ld,
                                                    (char *)printerDN, attrs);
                                        if (lresult == LDAP_SUCCESS)
                                        {
                                                result = NSL_OK;
                                        }
                                        else
                                        {
                                                result = NSL_ERR_ADD_FAILED;
#ifdef DEBUG
(void) ldap_perror(ld, "ldap_add_s");
#endif
                                        }

                                        (void) ldap_mods_free(attrs, 1);
                                }
                                free(printerDN);
                        }

                        else
                        {
                                result = NSL_ERR_INTERNAL;
                        }
                }
        }

        else
        {
                result = NSL_ERR_INTERNAL;
        }

        return (result);
} /* _addNewPrinterObject */






/*
 * *****************************************************************************
 *
 * Function:    _modifyPrinterObject()
 *
 * Description: Modify the given LDAP printer object to set the new attributes
 *              in the attribute list. If the printer's URI (specified in the
 *              attrList) changes the URI of the object the request is rejected.
 *
 * Parameters:
 * Input:       LDAP    *ld        - existing ldap connection descriptor
 *              uchar_t *printerDN - DN of printer object to modify
 *              uchar_t *printerName - Name of printer to be modified
 *              uchar_t *domainDN    - DN of the domain the printer is in
 *              char    **attrList - user specified attribute values list
 * Output:      None
 *
 * Returns:     NSL_RESULT - NSL_OK = object modified okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_modifyPrinterObject(LDAP *ld, uchar_t *printerDN,
                uchar_t *printerName, uchar_t *domainDN, char **attrList)

{
        NSL_RESULT result = NSL_ERR_INTERNAL;
        int lresult = 0;
        int sunPrinter = 0;
        uchar_t *uriDN = NULL;
        LDAPMod **attrs = NULL;
        char **kvpList = NULL;

        /* ---------- */

        if ((ld != NULL) && (printerDN != NULL) && (printerName != NULL) &&
            (domainDN != NULL) && (attrList != NULL) && (attrList[0] != NULL))
        {
                result = _checkAttributes(attrList);

                if (result == NSL_OK)
                {
                        /*
                         * The user may have requested that the printer object
                         * be given a new URI RDN, so construct a DN for the
                         * printer from the printerName or the printer-uri (if
                         * given).
                         */
                        uriDN = _constructPrinterDN(NULL, domainDN, attrList);

                        /*
                         * compare the 2 DNs to see if the URI has changed,
                         * if uriDN is null then the DN hasn't changed
                         */
                        if ((uriDN == NULL) || ((uriDN != NULL) &&
                            (_compareURIinDNs(printerDN, uriDN) == NSL_OK)))
                        {
                                /*
                                 * setup the modify object LDAPMod
                                 * structure and then do the modify
                                 */

                                if (_checkSunPrinter(ld, printerDN) == NSL_OK)
                                {
                                        sunPrinter = 1;
                                }

                                (void) _getCurrentKVPValues(ld,
                                                        printerDN, &kvpList);

                                result = _constructModLDAPMod(printerName,
                                                        sunPrinter, attrList,
                                                        &kvpList, &attrs);
                                _freeList(&kvpList);

                                if ((result == NSL_OK) && (attrs != NULL))
                                {
                                        lresult = ldap_modify_s(
                                                ld, (char *)printerDN, attrs);
                                        if (lresult == LDAP_SUCCESS)
                                        {
                                                result = NSL_OK;
                                        }
                                        else
                                        {
                                                result = NSL_ERR_MOD_FAILED;
#ifdef DEBUG
(void) ldap_perror(ld, "ldap_modify_s");
#endif
                                        }

                                        (void) ldap_mods_free(attrs, 1);
                                }
                        }
                        else
                        {
                                /*
                                 * printer-uri name change has been requested
                                 * this is NOT allowed as it requires that
                                 * a new printer object is created
                                 */
                                result = NSL_ERR_RENAME;  /* NOT ALLOWED */
                        }

                        if (uriDN != NULL)
                        {
                                free(uriDN);
                        }
                }
        }

        return (result);
} /* _modifyPrinterObject */




/*
 * *****************************************************************************
 *
 * Function:    _checkAttributes()
 *
 * Description: Check that the given attribute lists does not contain any
 *              key words that are not allowed.
 *
 * Parameters:
 * Input:       char **list - attribute list to check
 * Output:      None
 *
 * Returns:     NSL_RESULT - NSL_OK = checked okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_checkAttributes(char **list)

{
        NSL_RESULT result = NSL_OK;
        int len = 0;
        char *attr = NULL;
        char **p = NULL;

        /* ------ */

        for (p = list; (p != NULL) && (*p != NULL) && (result == NSL_OK); p++)
        {
                /* get length of this key word */

                for (len = 0; ((*p)[len] != '=') && ((*p)[len] != '\0'); len++);

                /* check if the key word is allowed */

                if (strncasecmp(*p, ATTR_KVP, len) == 0)
                {
                        /* not supported through this interface */
                        result = NSL_ERR_KVP;
                }
                else
                if (strncasecmp(*p, ATTR_BSDADDR, len) == 0)
                {
                        /* not supported through this interface */
                        result = NSL_ERR_BSDADDR;
                }
                else
                if (strncasecmp(*p, ATTR_PNAME, len) == 0)
                {
                        /* not supported through this interface */
                        result = NSL_ERR_PNAME;
                }
                else
                {
                        /* check for any others */

                        attr = strdup(*p);
                        attr[len] = '\0'; /* terminate the key */

                        if (_attrInList(attr, nsl_attr_notAllowed))
                        {
                                result = NSL_ERR_NOTALLOWED;
                        }
                }

        }

        return (result);
} /* _checkAttributes */




/*
 * *****************************************************************************
 *
 * Function:    _addLDAPmodValue()
 *
 * Description: Add the given attribute and its value to the LDAPMod array.
 *              If this is the first entry in the array then create it.
 *
 * Parameters:
 * Input:       LDAPMod ***attrs  - array to update
 *              char *type        - attribute to add into array
 *              char *value       - attribute value
 * Output:      None
 *
 * Returns:     NSL_RESULT - NSL_OK = added okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_addLDAPmodValue(LDAPMod ***attrs, char *type, char *value)

{
        int i = 0;
        int j = 0;
        NSL_RESULT result = NSL_OK;

        /* ---------- */

        if ((attrs != NULL) && (type != NULL) && (value != NULL))
        {
#ifdef DEBUG
printf("_addLDAPmodValue() type='%s', value='%s'\n", type, value);
#endif
                /* search the existing LDAPMod array for the attribute */

                for (i = 0; *attrs != NULL && (*attrs)[i] != NULL; i++)
                {
                        if (strcasecmp((*attrs)[i]->mod_type, type) == 0)
                        {
                                break;
                        }
                }

                if (*attrs == NULL)
                {
                        /* array empty so create it */

                        *attrs = (LDAPMod **)calloc(1, 2 * sizeof (LDAPMod *));
                        if (*attrs != NULL)
                        {
                                i = 0;
                        }
                        else
                        {
                                result = NSL_ERR_MEMORY;
                        }

                }
                else
                if ((*attrs)[i] == NULL)
                {
                        *attrs = (LDAPMod **)
                                realloc(*attrs, (i+2) * sizeof (LDAPMod *));
                        if (*attrs == NULL)
                        {
                                result = NSL_ERR_MEMORY;
                        }
                }
        }
        else
        {
                result = NSL_ERR_INTERNAL;
        }

        if (result == NSL_OK)
        {
                if ((*attrs)[i] == NULL)
                {
                        /* We've got a new slot. Create the new mod. */

                        (*attrs)[i] = (LDAPMod *) malloc(sizeof (LDAPMod));
                        if ((*attrs)[i] != NULL)
                        {
                                (*attrs)[i]->mod_op = LDAP_MOD_ADD;
                                (*attrs)[i]->mod_type = strdup(type);
                                (*attrs)[i]->mod_values = (char **)
                                                malloc(2 * sizeof (char *));
                                if ((*attrs)[i]->mod_values  != NULL)
                                {
                                        (*attrs)[i]->mod_values[0] =
                                                                strdup(value);
                                        (*attrs)[i]->mod_values[1] = NULL;
                                        (*attrs)[i+1] = NULL;
                                }
                                else
                                {
                                        result = NSL_ERR_MEMORY;
                                }
                        }
                        else
                        {
                                result = NSL_ERR_MEMORY;
                        }
                }

                else
                {
                        /* Found an existing entry so add value to it */

                        for (j = 0; (*attrs)[i]->mod_values[j] != NULL; j++);

                        (*attrs)[i]->mod_values =
                                (char **)realloc((*attrs)[i]->mod_values,
                                                (j + 2) * sizeof (char *));
                        if ((*attrs)[i]->mod_values != NULL)
                        {
                                (*attrs)[i]->mod_values[j] = strdup(value);
                                (*attrs)[i]->mod_values[j+1] = NULL;
                        }
                        else
                        {
                                result = NSL_ERR_MEMORY;
                        }
                }
        }

        return (result);
} /* _addLDAPmodValue */




/*
 * *****************************************************************************
 *
 * Function:    _modLDAPmodValue()
 *
 * Description: Add the given attribute modify operation and its value into
 *              the LDAPMod array. This will either be a "replace" or a
 *              "delete"; value = null implies a "delete".
 *              If this is the first entry in the array then create it.
 *
 * Parameters:
 * Input:       LDAPMod ***attrs  - array to update
 *              char *type        - attribute to modify
 *              char *value       - attribute value, null implies "delete"
 * Output:      None
 *
 * Returns:     NSL_RESULT - NSL_OK = added okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_modLDAPmodValue(LDAPMod ***attrs, char *type, char *value)

{
        int i = 0;
        int j = 0;
        NSL_RESULT result = NSL_OK;

        /* ---------- */

        if ((attrs != NULL) && (type != NULL))
        {
#ifdef DEBUG
if (value != NULL)
printf("_modLDAPmodValue() REPLACE type='%s', value='%s'\n", type, value);
else
printf("_modLDAPmodValue() DELETE type='%s'\n", type);
#endif
                /* search the existing LDAPMod array for the attribute */

                for (i = 0; *attrs != NULL && (*attrs)[i] != NULL; i++)
                {
                        if (strcasecmp((*attrs)[i]->mod_type, type) == 0)
                        {
                                break;
                        }
                }

                if (*attrs == NULL)
                {
                        /* array empty so create it */

                        *attrs = (LDAPMod **)calloc(1, 2 * sizeof (LDAPMod *));
                        if (*attrs != NULL)
                        {
                                i = 0;
                        }
                        else
                        {
                                result = NSL_ERR_MEMORY;
                        }

                }
                else
                if ((*attrs)[i] == NULL)
                {
                        /* attribute not found in array so add slot for it */

                        *attrs = (LDAPMod **)
                                realloc(*attrs, (i+2) * sizeof (LDAPMod *));
                        if (*attrs == NULL)
                        {
                                result = NSL_ERR_MEMORY;
                        }
                }
        }
        else
        {
                result = NSL_ERR_INTERNAL;
        }

        if (result == NSL_OK)
        {
                if ((*attrs)[i] == NULL)
                {
                        /* We've got a new slot. Create the new mod entry */

                        (*attrs)[i] = (LDAPMod *) malloc(sizeof (LDAPMod));
                        if (((*attrs)[i] != NULL) && (value != NULL))
                        {
                                /* Do an attribute replace */

                                (*attrs)[i]->mod_op = LDAP_MOD_REPLACE;
                                (*attrs)[i]->mod_type = strdup(type);
                                (*attrs)[i]->mod_values = (char **)
                                                malloc(2 * sizeof (char *));
                                if ((*attrs)[i]->mod_values  != NULL)
                                {
                                        (*attrs)[i]->mod_values[0] =
                                                                strdup(value);
                                        (*attrs)[i]->mod_values[1] = NULL;
                                        (*attrs)[i+1] = NULL;
                                }
                                else
                                {
                                        result = NSL_ERR_MEMORY;
                                }
                        }
                        else
                        if ((*attrs)[i] != NULL)
                        {
                                /* value is null so do an attribute delete */

                                (*attrs)[i]->mod_op = LDAP_MOD_DELETE;
                                (*attrs)[i]->mod_type = strdup(type);
                                (*attrs)[i]->mod_values = NULL;
                                (*attrs)[i+1] = NULL;
                        }
                        else
                        {
                                result = NSL_ERR_MEMORY; /* malloc failed */
                        }
                }

                else
                {
                        /* Found an existing entry so add value to it */

                        if (value != NULL)
                        {
                            /* add value to attribute's replace list */

                            if ((*attrs)[i]->mod_op == LDAP_MOD_REPLACE)
                            {
                                for (j = 0;
                                    (*attrs)[i]->mod_values[j] != NULL; j++);

                                (*attrs)[i]->mod_values =
                                (char **)realloc((*attrs)[i]->mod_values,
                                                (j + 2) * sizeof (char *));
                                if ((*attrs)[i]->mod_values != NULL)
                                {
                                        (*attrs)[i]->mod_values[j] =
                                                                strdup(value);
                                        (*attrs)[i]->mod_values[j+1] = NULL;
                                }
                                else
                                {
                                        result = NSL_ERR_MEMORY;
                                }
                            }
                            else
                            {
                                /* Delete and replace not allowed */
                                result = NSL_ERR_MULTIOP;
                            }
                        }

                        else
                        {
                                /*
                                 * attribute delete - so free any existing
                                 * entries in the value array
                                 */

                                (*attrs)[i]->mod_op = LDAP_MOD_DELETE;

                                if ((*attrs)[i]->mod_values != NULL)
                                {
                                        for (j = 0;
                                            (*attrs)[i]->mod_values[j] != NULL;
                                            j++)
                                        {
                                            free((*attrs)[i]->mod_values[j]);
                                        }

                                        free((*attrs)[i]->mod_values);
                                        (*attrs)[i]->mod_values = NULL;
                                }
                        }
                }
        }

        return (result);
} /* _modLDAPmodValue */





/*
 * *****************************************************************************
 *
 * Function:    _constructAddLDAPMod()
 *
 * Description: For the given attribute list construct an
 *              LDAPMod array for the printer object to be added. Default
 *              attribute values are included.
 *
 * Parameters:
 * Input:
 *              uchar_t *printerName - Name of printer to be added
 *              char    **attrList - user specified attribute values list
 * Output:      LDAPMod ***attrs  - pointer to the constructed array
 *
 * Returns:     NSL_RESULT - NSL_OK = constructed okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_constructAddLDAPMod(uchar_t *printerName, char **attrList,  LDAPMod ***attrs)

{
        NSL_RESULT result = NSL_ERROR;
        int len = 0;
        char **p = NULL;
        char *value = NULL;
        char *attr = NULL;

        /* ---------- */

        if ((printerName != NULL) &&
            ((attrList != NULL) && (attrList[0] != NULL)) && (attrs != NULL))
        {
                *attrs = NULL;

                /*
                 * setup printer object attribute values in an LDAPMod structure
                 */
                result = _addLDAPmodValue(attrs, ATTR_OCLASS, OCV_TOP);
                if (result == NSL_OK)
                {
                        /* Structural Objectclass */
                        result =
                            _addLDAPmodValue(attrs, ATTR_OCLASS, OCV_PSERVICE);
                }
                if (result == NSL_OK)
                {
                        result = _addLDAPmodValue(attrs,
                                                ATTR_OCLASS, OCV_PABSTRACT);
                }
                if (result == NSL_OK)
                {
                        result = _addLDAPmodValue(attrs,
                                                ATTR_OCLASS, OCV_SUNPRT);
                }
                if (result == NSL_OK)
                {
                        result = _addLDAPmodValue(attrs,
                                        ATTR_PNAME, (char *)printerName);
                }

                /*
                 * Now work through the user supplied attribute
                 * values list and add them into the LDAPMod array
                 */

                for (p = attrList;
                        (p != NULL) && (*p != NULL) && (result == NSL_OK); p++)
                {
                        /* get length of this key word */

                        for (len = 0;
                            ((*p)[len] != '=') && ((*p)[len] != '\0'); len++);

                        if ((strlen(*p) > len+1))
                        {
                                attr = strdup(*p);
                                attr[len] = '\0';
                                value = strdup(&attr[len+1]);

                                /* handle specific Key Value Pairs (KVP) */

                                if (strcasecmp(attr, NS_KEY_BSDADDR) == 0)
                                {
                                        /* use LDAP attribute name */
                                        free(attr);
                                        attr = strdup(ATTR_BSDADDR);
                                }
                                else
                                if (_attrInLDAPList(attr) == 0)
                                {
                                        /*
                                         * Non-LDAP attribute so use LDAP
                                         * KVP attribute and the given KVP
                                         * as the value, ie.
                                         * sun-printer-kvp=description=printer
                                         */
                                        free(attr);
                                        attr = strdup(ATTR_KVP);
                                        value = strdup(*p);
                                }

                                /* add it into the LDAPMod array */

                                result = _addLDAPmodValue(attrs, attr, value);

                                free(attr);
                                free(value);
                        }
                } /* for */

                if ((result != NSL_OK) && (*attrs != NULL))
                {
                        (void) ldap_mods_free(*attrs, 1);
                        attrs = NULL;
                }
        }
        else
        {
                result = NSL_ERR_INTERNAL;
        }

        return (result);
} /* _constructAddLDAPMod */







/*
 * *****************************************************************************
 *
 * Function:    _constructModLDAPMod()
 *
 * Description: For the given modify attribute list, construct an
 *              LDAPMod array for the printer object to be modified
 *
 * Parameters:
 * Input:       uchar_t *printerName - name of printer to be modified
 *              int     sunPrinter - Boolean; object is a sunPrinter
 *              char    **attrList - user specified attribute values list
 *              char    ***oldKVPList - current list of KVP values on object
 * Output:      LDAPMod ***attrs  - pointer to the constructed array
 *
 * Returns:     NSL_RESULT - NSL_OK = constructed okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_constructModLDAPMod(uchar_t *printerName, int sunPrinter, char **attrList,
                        char ***oldKVPList, LDAPMod ***attrs)

{
        NSL_RESULT result = NSL_OK;
        int len = 0;
        int kvpUpdated = 0;
        int kvpExists = 0;
        char **p = NULL;
        char *value = NULL;
        char *attr = NULL;

        /* ---------- */

        if ((printerName != NULL) &&
            ((attrList != NULL) && (attrList[0] != NULL)) && (attrs != NULL))
        {
                *attrs = NULL;

                if ((oldKVPList != NULL) && (*oldKVPList != NULL))
                {
                        kvpExists = 1;
                }

                if (!sunPrinter)
                {
                        /*
                         * The object was previously not a sunPrinter, so
                         * add the required objectclass attribute value, and
                         * ensure it has the printername attribute.
                         */
                        result = _addLDAPmodValue(attrs,
                                                ATTR_OCLASS, OCV_SUNPRT);
                        if (result == NSL_OK)
                        {
                                result = _modLDAPmodValue(attrs,
                                            ATTR_PNAME, (char *)printerName);
                        }
                }

                /*
                 * work through the user supplied attribute
                 * values list and add them into the LDAPMod array depending
                 * on if they are a replace or delete attribute operation,
                 * a "null value" means delete.
                 */

                for (p = attrList;
                        (p != NULL) && (*p != NULL) && (result == NSL_OK); p++)
                {
                        /* get length of this key word */

                        for (len = 0;
                            ((*p)[len] != '=') && ((*p)[len] != '\0'); len++);

                        if ((strlen(*p) > len+1))
                        {
                                attr = strdup(*p);
                                attr[len] = '\0';
                                value = strdup(&attr[len+1]);

                                /* handle specific Key Value Pairs (KVP) */

                                if ((_attrInLDAPList(attr) == 0) &&
                                        (strcasecmp(attr, NS_KEY_BSDADDR) != 0))
                                {
                                        /*
                                         * Non-LDAP attribute so use LDAP
                                         * KVP attribute and the given KVP as
                                         * the value, ie.
                                         * sun-printer-kvp=description=printer
                                         */
                                        result = _modAttrKVP(*p, oldKVPList);
                                        kvpUpdated = 1;
                                }

                                else
                                {
                                        if (strcasecmp(attr, NS_KEY_BSDADDR) ==
                                                                        0)
                                        {
                                                /*
                                                 * use LDAP bsdaddr attribute
                                                 * name
                                                 */
                                                free(attr);
                                                attr = strdup(ATTR_BSDADDR);
                                        }

                                        /*
                                         * else
                                         *   use the supplied attribute name
                                         */

                                        /* add it into the LDAPMod array */

                                        result = _modLDAPmodValue(attrs,
                                                                attr, value);
                                }

                                free(attr);
                                free(value);
                        }

                        else
                        if (strlen(*p) >= 1)
                        {
                                /* handle attribute DELETE request */

                                attr = strdup(*p);
                                if (attr[len] == '=')
                                {
                                        /* terminate "attribute=" */
                                        attr[len] = '\0';
                                }

                                /* handle specific Key Value Pairs (KVP) */

                                if (strcasecmp(attr, NS_KEY_BSDADDR) == 0)
                                {
                                        /* use LDAP bsdaddr attribute name */
                                        result = _modLDAPmodValue(attrs,
                                                        ATTR_BSDADDR, NULL);
                                }
                                else
                                if (_attrInLDAPList(attr) == 0)
                                {
                                        /*
                                         * Non-LDAP kvp, so sort items
                                         * in the kvp list
                                         */
                                        result = _modAttrKVP(*p, oldKVPList);
                                        kvpUpdated = 1;
                                }
                                else
                                {
                                        result = _modLDAPmodValue(attrs,
                                                        attr, NULL);
                                }

                                free(attr);
                        }
                } /* for */

                if ((result == NSL_OK) && (kvpUpdated))
                {
                        result = _attrAddKVP(attrs, *oldKVPList, kvpExists);
                }

                if ((result != NSL_OK) && (*attrs != NULL))
                {
                        (void) ldap_mods_free(*attrs, 1);
                        *attrs = NULL;
                }
        }
        else
        {
                result = NSL_ERR_INTERNAL;
        }

        return (result);
} /* _constructModLDAPMod */






/*
 * *****************************************************************************
 *
 * Function:    _compareURIinDNs()
 *
 * Description: For the 2 given printer object DNs compare the naming part
 *              part of the DN (printer-uri) to see if they are the same.
 *
 * Note:        This function only returns "compare failed" if their URI don't
 *              compare. Problems with the dn etc., return a good compare
 *              because I don't want us to create a new object for these
 *
 * Parameters:
 * Input:       uchar_t *dn1
 *              uchar_t *dn2
 * Output:      None
 *
 * Returns:     NSL_RESULT - NSL_OK = URIs are the same
 *
 * *****************************************************************************
 */

static NSL_RESULT
_compareURIinDNs(uchar_t *dn1, uchar_t *dn2)

{
        NSL_RESULT result = NSL_OK;
        uchar_t *DN1 = NULL;
        uchar_t *DN2 = NULL;
        char *p1 = NULL;
        char *p2 = NULL;

        /* --------- */

        if ((dn1 != NULL) && (dn2 != NULL))
        {
                DN1 = (uchar_t *)strdup((char *)dn1);
                DN2 = (uchar_t *)strdup((char *)dn2);

                /* terminate each string after the printer-uri */

                p1 = strstr((char *)DN1, PCONTAINER);
                /* move back to the comma */
                while ((p1 != NULL) && (*p1 != ',') && (p1 >= (char *)DN1))
                {
                        p1--;
                }

                p2 = strstr((char *)DN2, PCONTAINER);
                /* move back to the comma */
                while ((p2 != NULL) && (*p2 != ',') && (p2 >= (char *)DN2))
                {
                        p2--;
                }

                if ((*p1 == ',') && (*p2 == ','))
                {
                        *p1 = '\0';     /* re-terminate it */
                        *p2 = '\0';     /* re-terminate it */

                        /* do the compare */

                        /*
                         * Note: SHOULD really normalise the 2 DNs before
                         * doing the compare
                         */
#ifdef DEBUG
printf("_compareURIinDNs() @1 (%s) (%s)\n", DN1, DN2);
#endif
                        if (strcasecmp((char *)DN1, (char *)DN2) != 0)
                        {
                                result = NSL_ERROR;
                        }

                }

                free(DN1);
                free(DN2);
        }

        return (result);
} /* _compareURIinDNs */







/*
 * *****************************************************************************
 *
 * Function:    _getThisNSDomainDN()
 *
 * Description: Get the current Name Service Domain DN
 *              This is extracted from the result of executing ldaplist.
 *
 * Note:        Do it this way until the NS LDAP library interface is
 *              made public.
 *
 * Parameters:
 * Input:       None
 * Output:      None
 *
 * Returns:     uchar_t*  - pointer to NS Domain DN (The caller should free this
 *                          returned memory).
 *
 * *****************************************************************************
 */

#define LDAPLIST_D      "/usr/bin/ldaplist -d 2>&1"
#define DNID            "dn: "

static uchar_t *
_getThisNSDomainDN(void)

{
        uchar_t *domainDN = NULL;
        char *cp = NULL;
        char buf[BUFSIZ] = "";

        /* --------- */

        if (_popen(LDAPLIST_D, buf, sizeof (buf)) == 0)
        {
                if ((cp = strstr(buf, DNID)) != NULL)
                {
                        cp += strlen(DNID);  /* increment past "dn: " label */
                        domainDN = (uchar_t *)strdup(cp);

                        if ((cp = strchr((char *)domainDN, '\n')) != NULL)
                        {
                                *cp = '\0'; /* terminate it */
                        }
                }
        }

        return (domainDN);
} /* _getThisNSDomainDN */





/*
 * *****************************************************************************
 *
 * Function:    _popen()
 *
 * Description: General popen function. The caller should always use a full
 *              path cmd.
 *
 * Parameters:
 * Input:       char *cmd - command line to execute
 *              char *buffer - ptr to buffer to put result in
 *              int  size - size of result buffer
 * Output:      None
 *
 * Returns:     int - 0 = opened okay
 *
 * *****************************************************************************
 */

static int
_popen(char *cmd, char *buffer, int size)

{
        int result = -1;
        int rsize = 0;
        FILE *fptr;
        char safe_cmd[BUFSIZ];
        char linebuf[BUFSIZ];

        /* -------- */

        if ((cmd != NULL) && (buffer != NULL) && (size != 0))
        {
                (void) strcpy(buffer, "");
                (void) strcpy(linebuf, "");
                (void) snprintf(safe_cmd, BUFSIZ, "IFS=' \t'; %s", cmd);

                if ((fptr = popen(safe_cmd, "r")) != NULL)
                {
                        while ((fgets(linebuf, BUFSIZ, fptr) != NULL) &&
                                                        (rsize  < size))
                        {
                                rsize = strlcat(buffer, linebuf, size);
                                if (rsize >= size)
                                {
                                        /* result is too long */
                                        (void) memset(buffer, '\0', size);
                                }
                        }

                        if (strlen(buffer) > 0)
                        {
                                result = 0;
                        }

                        (void) pclose(fptr);
                }
        }

        return (result);
} /* popen */


/*
 * *****************************************************************************
 *
 * Function:    _attrInList()
 *
 * Description: For the given list check if the attribute is it
 *
 * Parameters:
 * Input:       char *attr   - attribute to check
 *              char **list  - list of attributes to check against
 * Output:      None
 *
 * Returns:     int - TRUE = attr found in list
 *
 * *****************************************************************************
 */

static int
_attrInList(char *attr, const char **list)

{
        int result = 0;
        int j;

        /* ------- */

        if ((attr != NULL) && (list != NULL))
        {
                for (j = 0; (list[j] != NULL) && (result != 1); j++)
                {
                        if (strcasecmp(list[j], attr) == 0)
                        {
                                result = 1; /* found */
                        }
                }
        }

        return (result);
} /* _attrInList */




/*
 * *****************************************************************************
 *
 * Function:    _attrInLDAPList()
 *
 * Description: Checks to see if the given attribute is an LDAP printing
 *              attribute, ie. is either in an IPP objectclass or the
 *              sun printer objectclass. Note: some attributes are handled
 *              specifically outside this function, so are excluded from
 *              the lists that are checked.
 *
 * Parameters:
 * Input:       char *attr    - attribute to check
 * Output:      None
 *
 * Returns:     int - TRUE = attr found in list
 *
 * *****************************************************************************
 */

static int
_attrInLDAPList(char *attr)

{
        int result = 0;

        /* ------- */

        if (_attrInList(attr, nsl_attr_printerService))
        {
                result = 1;     /* in list */
        }
        else
        if (_attrInList(attr, nsl_attr_printerIPP))
        {
                result = 1;     /* in list */
        }
        else
        if (_attrInList(attr, nsl_attr_sunPrinter))
        {
                result = 1;     /* in list */
        }

        return (result);
} /* _attrInLDAPList */




/*
 * *****************************************************************************
 *
 * Function:    _getCurrentKVPValues()
 *
 * Description: For the given printer object read the current set of values
 *              the object has for the sun-printer-kvp (Key Value pair)
 *
 * Parameters:
 * Input:       LDAP *ld       - existing ldap connection descriptor
 *              char *objectDN - DN to search for
 * Output:      char ***list   - returned set of kvp values
 *
 * Result:      NSL_RESULT - NSL_OK = object exists
 *
 * *****************************************************************************
 */

static NSL_RESULT
_getCurrentKVPValues(LDAP *ld, uchar_t *objectDN, char ***list)

{
        NSL_RESULT result = NSL_ERR_UNKNOWN_PRINTER;
        int sresult = LDAP_NO_SUCH_OBJECT;
        int i = 0;
        LDAPMessage *ldapMsg;
        char *requiredAttrs[2] = { ATTR_KVP, NULL };
        LDAPMessage *ldapEntry = NULL;
        char *entryAttrib = NULL;
        char **attribValues = NULL;
        BerElement *berElement = NULL;

        /* ---------- */

        if ((list != NULL) && (ld != NULL) && (objectDN != NULL))
        {
                /* search for this Printer in the directory */

                sresult = ldap_search_s(ld, (char *)objectDN, LDAP_SCOPE_BASE,
                                "(objectclass=*)", requiredAttrs, 0, &ldapMsg);
                if (sresult == LDAP_SUCCESS)
                {
                        /*
                         * check that the object exists and extract its
                         * KVP attribute values
                         */
                        ldapEntry = ldap_first_entry(ld, ldapMsg);
                        if (ldapEntry != NULL)
                        {
                                entryAttrib = ldap_first_attribute(ld,
                                                        ldapEntry, &berElement);
                                if ((entryAttrib != NULL) &&
                                    (strcasecmp(entryAttrib, ATTR_KVP) == 0))

                                {
#ifdef DEBUG
printf("Attribute: %s, its values are:\n", entryAttrib);
#endif
                                        /*
                                         * add each KVP value to the list
                                         * that we will return
                                         */
                                        attribValues = ldap_get_values(
                                                ld, ldapEntry, entryAttrib);
                                        for (i = 0;
                                                attribValues[i] != NULL; i++)
                                        {
                                            *list = (char **)
                                                list_append((void **)*list,
                                                    strdup(attribValues[i]));
#ifdef DEBUG
printf("\t%s\n", attribValues[i]);
#endif
                                        }
                                        (void) ldap_value_free(attribValues);
                                }

                                if ((entryAttrib != NULL) &&
                                    (berElement != NULL))
                                {
                                        ber_free(berElement, 0);
                                }


                                /* object found */
                                result = NSL_OK;
                        }

                        (void) ldap_msgfree(ldapMsg);
                }
        }

        else
        {
                result = NSL_ERR_INTERNAL;
        }

        return (result);
} /* _getCurrentKVPValues */



/*
 * *****************************************************************************
 *
 * Function:    _freeList()
 *
 * Description: Free the list created by list_append() where the items in
 *              the list have been strdup'ed.
 *
 * Parameters:
 * Input:       char ***list   - returned set of kvp values
 *
 * Result:      void
 *
 * *****************************************************************************
 */

static void
_freeList(char ***list)

{
        int i = 0;

        /* ------ */

        if (list != NULL)
        {
                if (*list != NULL)
                {
                        for (i = 0; (*list)[i] != NULL; i++)
                        {
                                free((*list)[i]);
                        }
                        free(*list);
                }

                *list = NULL;
        }
} /* _freeList */



/*
 * *****************************************************************************
 *
 * Function:    _modAttrKVP()
 *
 * Description: Sort out the KVP attribute value list, such that this new
 *              value takes precidence over any existing value in the list.
 *              The current list is updated to remove this key, and the new
 *              key "value" is added to the list, eg. for
 *                  value: bbb=ddddd
 *                  and kvpList:
 *                         aaa=yyyy
 *                         bbb=zzzz
 *                         ccc=xxxx
 *                  the resulting kvpList is:
 *                         aaa=yyyy
 *                         ccc=xxxx
 *                         bbb=ddddd
 *
 * Note:        When all new values have been handled the function _attrAddKVP()
 *              must be called to add the "new list" values into the
 *              LDAPMod array.
 *
 * Parameters:
 * Input:       char *value       - Key Value Pair to process,
 *                                  eg. aaaaa=hhhhh, where aaaaa is the key
 *              char ***kvpList   - list of current KVP values
 * Output:      char ***kvpList   - updated list of KVP values
 *
 * Returns:     NSL_RESULT - NSL_OK = done okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_modAttrKVP(char *value, char ***kvpList)

{
        NSL_RESULT result = NSL_ERR_INTERNAL;
        int i = 0;
        int inList = 0;
        int keyDelete = 0;
        char *key = NULL;
        char **p = NULL;
        char **newList = NULL;

        /* ------- */

        if ((value != NULL) && (kvpList != NULL))
        {
                result = NSL_OK;

                /* extract "key" from value */

                key = strdup(value);

                for (i = 0; ((key)[i] != '=') && ((key)[i] != '\0'); i++);
                key[i] = '\0'; /* terminate the key */

                /* Is this a request to delete a "key" value */

                if ((value[i] == '\0') || (value[i+1] == '\0'))
                {
                        /* this is a request to delete the key */
                        keyDelete = 1;
                }

                if ((*kvpList != NULL) && (**kvpList != NULL))
                {
                        /*
                         * for each item in the list remove it if the keys match
                         */
                        for (p = *kvpList; *p != NULL; p++)
                        {
                                for (i = 0;
                                    ((*p)[i] != '=') && ((*p)[i] != '\0'); i++);

                                if ((strlen(key) == i) &&
                                        (strncasecmp(*p, key, i) == 0))
                                {
                                        inList = 1;
                                }
                                else
                                {
                                        /* no match so add value to new list */
                                        newList = (char **)list_append(
                                                        (void **)newList,
                                                        strdup(*p));
                                }
                        }
                }

                /*
                 * if it was not a DELETE request add the new key value into
                 * the newList, otherwise we have already removed the key
                 */

                if (!keyDelete)
                {
                        newList = (char **)list_append((void **)newList,
                                                        strdup(value));
                }

                if ((newList != NULL) || (inList))
                {
                        /* replace old list with the newList */
                        _freeList(kvpList);
                        *kvpList = newList;
                }

                free(key);
        }

        return (result);
} /* modAttrKVP */




/*
 * *****************************************************************************
 *
 * Function:    _attrAddKVP()
 *
 * Description: Process KVP items in the kvpList adding them to the
 *              LDAPMod modify array. If the list is empty but there were
 *              previously LDAP KVP values delete them.
 *
 * Note:        This function should only be called when all the new KVP
 *              items have been processed by _modAttrKVP()
 *
 * Parameters:
 * Input:       LDAPMod ***attrs - array to update
 *              char **kvpList   - list KVP values
 *              int  kvpExists   - object currently has LDAP KVP values
 * Output:      None
 *
 * Returns:     NSL_RESULT - NSL_OK = done okay
 *
 * *****************************************************************************
 */

static NSL_RESULT
_attrAddKVP(LDAPMod ***attrs, char **kvpList, int kvpExists)

{
        NSL_RESULT result = NSL_OK;

        /* ------- */

        if (attrs != NULL)
        {
                if (kvpList != NULL)
                {
                        while ((kvpList != NULL) && (*kvpList != NULL))
                        {
                                /* add item to LDAPMod array */

                                result =
                                    _modLDAPmodValue(attrs, ATTR_KVP, *kvpList);

                                kvpList++;
                        }
                }
                else
                if (kvpExists)
                {
                        /*
                         * We now have no LDAP KVP values but there were
                         * some previously, so delete them
                         */
                        result = _modLDAPmodValue(attrs, ATTR_KVP, NULL);
                }
        }

        else
        {
                result = NSL_ERR_INTERNAL;
        }

        return (result);
} /* _attrAddKVP */




/*
 * *****************************************************************************
 *
 * Function:    _manageReferralCredentials()
 *
 * Description: This function is called if a referral request is returned by
 *              the origonal LDAP server during the ldap update request call,
 *              eg. ldap_add_s(), ldap_modify_s() or ldap_delete_s().
 * Parameters:
 * Input:       LDAP *ld      - LDAP descriptor
 *              int freeit    - 0 = first call to get details
 *                            - 1 = second call to free details
 *                            - -1 = initial store of authentication details
 * Input/Output: char **dn    - returns DN to bind to on master
 *               char **credp - returns password for DN
 *               int *methodp - returns authentication type, eg. simple
 *
 * Returns:     int - 0 = okay
 *
 * *****************************************************************************
 */
static int _manageReferralCredentials(LDAP *ld, char **dn, char **credp,
    int *methodp, int freeit, void *arg __unused)
{
        int result = 0;
        static char *sDN = NULL;
        static char *sPasswd = NULL;
        static int  sMethod = LDAP_AUTH_SIMPLE;

        /* -------- */

        if (freeit == 1)
        {
                /* second call - free memory */

                if ((dn != NULL) && (*dn != NULL))
                {
                        free(*dn);
                }

                if ((credp != NULL) && (*credp != NULL))
                {
                        free(*credp);
                }
        }

        else
        if ((ld != NULL) &&
            (dn != NULL) && (credp != NULL) && (methodp != NULL))
        {
                if ((freeit == 0) && (sDN != NULL) && (sPasswd != NULL))
                {
                        /* first call - get the saved bind credentials */

                        *dn = strdup(sDN);
                        *credp = strdup(sPasswd);
                        *methodp = sMethod;
                }
                else
                if (freeit == -1)
                {
                        /* initial call - save the saved bind credentials */

                        sDN = *dn;
                        sPasswd = *credp;
                        sMethod = *methodp;
                }
                else
                {
                        result = 1;     /* error */
                }
        }
        else
        {
                result = 1;     /* error */
        }

        return (result);
} /* _manageReferralCredentials */
Illumos
