usr/src/lib/libnisdb/ldap_parse.c

root/usr/src/lib/libnisdb/ldap_parse.c
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */


#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <errno.h>
#include <string.h>
#include <strings.h>
#include <ctype.h>
#include <malloc.h>
#include <stdlib.h>
#include <deflt.h>
#include <limits.h>

#include "ldap_parse.h"
#include "ldap_glob.h"
#include "ldap_attr.h"
#include "ldap_util.h"
#include "ldap_map.h"
#include "ldap_ruleval.h"
#include "nis_parse_ldap_conf.h"

int yp2ldap = 0;
/*
 * List of mapping structures in original (i.e., as in config file) order.
 * Lined on the 'seqNext' field.
 */
__nis_table_mapping_t   *ldapMappingSeq = 0;

/*
 * Call the parser for the config file 'ldapConfFile', and command line
 * attribute settings per 'ldapCLA'.
 *
 * Returns
 *      0       Success
 *      -1      Config file stat/open or parse error
 *      1       No mapping should be used.
 */
int
parseConfig(char **ldapCLA, char *ldapConfFile) {
        int             ret;

        /*
         * Establish defaults for ldapDBTableMapping, so that we have
         * valid values even if there's no mapping config to parse.
         */
        ldapDBTableMapping.initTtlLo = (3600-1800);
        ldapDBTableMapping.initTtlHi = (3600+1800);
        ldapDBTableMapping.ttl = 3600;
        ldapDBTableMapping.enumExpire = 0;
        ldapDBTableMapping.fromLDAP = FALSE;
        ldapDBTableMapping.toLDAP = FALSE;
        ldapDBTableMapping.expire = 0;

        ret = parse_ldap_migration((const char **)ldapCLA, ldapConfFile);

        return (ret);
}

/*
 * Convert the linked list of __nis_table_mapping_t's (produced by the
 * attribute parser) to the 'ldapMappingList', keyed on the objPath.
 *
 * Once this function has returned, the 'tlist' is invalid, and must
 * not be used in any way.
 */
int
linked2hash(__nis_table_mapping_t *tlist) {
        __nis_hash_table_mt     dbids;
        __nis_table_mapping_t   *t, *told, *x, **seqNext;
        __nis_object_dn_t       *o, *to;
        char                    *myself = "linked2hash";
#ifdef  NISDB_LDAP_DEBUG
        char                    *selectDbid = getenv("NISLDAPSELECTDBID");
        char                    **sdi, *s;
        int                     i, nsdi;
#endif  /* NISDB_LDAP_DEBUG */


        if (tlist == 0)
                return (0);

        /* proxyInfo.default_nis_domain must end in a dot */
        {
                int     len = slen(proxyInfo.default_nis_domain);

                if (len > 0 && proxyInfo.default_nis_domain[len-1] != '.') {
                        char    *domain = am(myself, len+2);

                        (void) memcpy(domain, proxyInfo.default_nis_domain,
                                        len);
                        domain[len] = '.';
                        domain[len+1] = '\0';
                        sfree(proxyInfo.default_nis_domain);
                        proxyInfo.default_nis_domain = domain;
                }
        }

#ifdef  NISDB_LDAP_DEBUG
        for (nsdi = 0, s = selectDbid; s != 0 && *s != '\0'; s++) {
                if (*s != ' ') {
                        nsdi++;
                        while (*s != ' ' && *s != '\0')
                                s++;
                        if (*s == '\0')
                                break;
                }
        }
        if (nsdi > 0) {
                sdi = am(myself, nsdi * sizeof (sdi[0]));
                if (sdi == 0)
                        logmsg(MSG_NOTIMECHECK, LOG_WARNING,
                                "%s: Memory alloc failure for dbId selection",
                                myself);
                else {
                        for (i = 0, s = selectDbid; *s != '\0'; s++) {
                                if (*s != ' ') {
                                        sdi[i++] = selectDbid;
                                        while (*s != ' ' && *s != '\0')
                                                s++;
                                        if (*s != '\0') {
                                                *s = '\0';
                                                s++;
                                        } else
                                                break;
                                        selectDbid = s;
                                }
                        }
                }
        }
#endif  /* NISDB_LDAP_DEBUG */

        __nis_init_hash_table(&dbids, 0);

        seqNext = &ldapMappingSeq;
        for (t = tlist; t != 0; t = told) {
                int     len;

#ifdef  NISDB_LDAP_DEBUG
                /*
                 * If the dbId doesn't match 'selectDbid', skip this
                 * mapping. Re-insert on 'tlist', in order to keep memory
                 * leak checking happy. Note that 'tlist' may end up pointing
                 * into the real mapping list, so it shouldn't be used once
                 * this routine has been called.
                 */
                if (nsdi > 0) {
                        for (i = 0; i < nsdi; i++) {
                                if (strcmp(sdi[i], t->dbId) == 0)
                                        break;
                        }
                        if (i >= nsdi) {
                                told = t->next;
                                if (tlist != t)
                                        t->next = tlist;
                                else
                                        t->next = 0;
                                tlist = t;
                                continue;
                        }
                }
#endif  /* NISDB_LDAP_DEBUG */

                told = t->next;
                t->next = 0;

                /* Make sure t->item.name is set correctly */
                if (t->item.name == 0)
                        t->item.name = t->dbId;

                /* Remove leading dot in object name, if any */
                len = slen(t->objName);
                while (len > 0 && t->objName[0] == '.') {
                        (void) memmove(t->objName, &t->objName[1], len);
                        len -= 1;
                }

                /*
                 * Initialize the object path, which is what we'll
                 * rehash on.
                 */
                if (yp2ldap) {
                        t->objPath = internal_table_name(t->objName,
                                t->objPath);
                        if (!t->objPath) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                        "%s: Failed to obtain internal table name for \"%s\"",
                                        myself, t->objName);
                                return (-1);
                        }
                } else {
                        t->objPath = am(myself, len + MAXPATHLEN + 1);
                        if (t->objPath == 0)
                                return (-1);
                        if (internal_table_name(t->objName,
                                t->objPath) == 0) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                        "%s: Failed to obtain internal table name for \"%s\"",
                                        myself, t->objName);
                                return (-1);
                        }
                }

                /*
                 * Initialize the column name array.
                 */
                if (!yp2ldap) {
                        if (setColumnsDuringConfig && setColumnNames(t)) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                                "%s: Unable to find column names for \"%s\"",
                                        myself, NIL(t->objName));
                                return (-1);
                        }
                }

                /*
                 * If there are multiple mapping target containers, make
                 * each one into it's own mapping structure. They can all
                 * be minimal copies (i.e., share pointers to sub-structures
                 * other than the objectDN).
                 *
                 * If objectDN is NULL, we will never use this structure.
                 * In order to allow the rest of the mapping code to assume
                 * objectDN != NULL, skip the mapping (even if x == t).
                 */
                for (o = to = t->objectDN; o != 0; o = o->next) {
                        __nis_table_mapping_t   *p;

                        if (o == to) {
                                x = t;
                                /*
                                 * Only insert the first mapping for an
                                 * object on the sequential list.
                                 */
                                *seqNext = t;
                                t->seqNext = 0;
                                seqNext = (__nis_table_mapping_t **)&t->seqNext;
                        } else {
                                x = am(myself, sizeof (*x));
                                if (x == 0) {
                                        /*
                                         * This happens during rpc.nisd
                                         * initialization, and it's an
                                         * unrecoverable disaster, so don't
                                         * bother cleaning up.
                                         */
                                        return (-1);
                                }
                                memcpy(x, t, sizeof (*x));
                                x->objectDN = o;
                                x->next = 0;
                        }

                        /*
                         * If x->objectDN->write.base is NULL, clone it from
                         * x->objectDN->read.base.
                         */
                        if (x->objectDN->write.scope != LDAP_SCOPE_UNKNOWN) {
                                if (x->objectDN->write.base == 0 &&
                                                x->objectDN->read.base != 0) {
                                        x->objectDN->write.base =
                                                sdup(myself, T,
                                                x->objectDN->read.base);
                                        if (x->objectDN->write.base == 0)
                                                return (-1);
                                }
                                if (x->objectDN->write.attrs == 0 &&
                                                x->objectDN->read.attrs != 0) {
                                        x->objectDN->write.attrs =
                                                sdup(myself, T,
                                                x->objectDN->read.attrs);
                                        if (x->objectDN->write.attrs == 0)
                                                return (-1);
                                }
                        }

                        if (o != to) {
                                /* Insert last on the 't->next' list */
                                for (p = t; p->next != 0; p = p->next);
                                p->next = x;
                        }
                }

                /* Insert on dbid hash list */
                if (t->objectDN != 0 && !__nis_insert_item_mt(t, &dbids, 0)) {
                        logmsg(MSG_NOTIMECHECK, LOG_ERR,
                        "%s: Error inserting mapping for \"%s\" on hash list",
                                myself, NIL(t->objName));
#ifdef  NISDB_LDAP_DEBUG
                        abort();
#endif  /* NISDB_LDAP_DEBUG */
                        return (-1);
                }
        }

        /*
         * dbids2objs() will remove the entries on 'dbids', so no need
         * to clean up that list from this function.
         */
        return (dbids2objs(&dbids, &ldapMappingList));
}

int
dbids2objs(__nis_hash_table_mt *dbids, __nis_hash_table_mt *objs) {
        __nis_table_mapping_t   *t, *o;
        char                    *myself = "dbids2objs";


        while ((t = __nis_pop_item_mt(dbids)) != 0) {
                /* Previous entry for this object ? */
                o = __nis_find_item_mt(t->objPath, objs, -1, 0);
                if (o != 0) {
                        __nis_table_mapping_t   *p = o;
                        /*
                         * Mapping already exists, so this is an alternate.
                         * Find the end of the list of any previous alt's,
                         * and insert there.
                         */
                        while (p->next != 0) {
                                p = p->next;
                        }
                        p->next = t;
                        if (!__nis_release_item(o, objs, -1)) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                                        "%s: __nis_release_item error",
                                        myself);
                                return (-1);
                        }
                } else {
                        t->item.name = t->objPath;
                        if (!__nis_insert_item_mt(t, objs, 0)) {
                                logmsg(MSG_NOTIMECHECK, LOG_ERR,
                                        "%s: __nis_insert_item error",
                                        myself);
                                return (-1);
                        }
                }
        }

        return (0);
}

/*
 * internal_table_name()
 *
 * Removes the local domain part from a fully qualified name
 * to create the internal table name for an object. These tables are
 * stored in /var/nis/<hostname>
 *
 * Imported from rpc.nisd/nisdb.c.
 */
char *
internal_table_name(nis_name name, char *res)
{
        char            *s, *t;
        int             i, j;

        if (yp2ldap) {
                if (name == NULL)
                        return (NULL);
                res = s_strndup(name, strlen(name));
                if (res == NULL)
                        return (NULL);
                return (res);
        }

        if (res == NULL)
                return (NULL);
        /* pointer at the first character of the table name */
        s = relative_name(name);

        /*
         * If s == NULL then either this is a request for a lookup
         * in our parents namespace (ILLEGAL), or we're the root
         * server and this is a lookup in our namespace.
         */
        if (s) {
                return (NULL);
        }

        t = strrchr(res, '/');
        if (t)
                t++; /* Point past the slash */
        /* Strip off the quotes if they were used here. */
        if (t[0] == '"') {
                /* Check for simply a quoted quote. */
                if (t[1] != '"') {
                        j = strlen(t);
                        /* shift string left by one */
                        for (i = 0; i < j; i++)
                                t[i] = t[i+1];
                        t[j-2] = '\0'; /* Trounce trailing dquote */
                }
        }
        /*
         * OK so now we have the unique name for the table.
         * At this point we can fix it up to match local
         * file system conventions if we so desire. Since it
         * is only used in this form by _this_ server we can
         * mangle it any way we want, as long as we are consistent
         * about it. :-)
         */
        __make_legal(res);
        return (res);
}

/*
 * SYSTEM DEPENDENT
 *
 * This function makes the table name "legal" for the underlying file system.
 *
 * Imported from rpc.nisd/nisdb.c.
 */
void
__make_legal(char *s)
{
        while (*s) {
                if (isupper(*s))
                        *s = tolower(*s);
                s++;
        }
}

/*
 * relative_name()
 * This internal function will remove from the NIS name, the domain
 * name of the current server, this will leave the unique part in
 * the name this becomes the "internal" version of the name. If this
 * function returns NULL then the name we were given to resolve is
 * bad somehow.
 *
 * A dynamically-allocated string is returned.
 *
 * Imported from rpc.nisd/nis_log_common.c
 */

nis_name
relative_name(s)
        char    *s;     /* string with the name in it. */
{
        char                    *d;
        char                    *buf;
        int                     dl, sl;
        name_pos                p;

        if (s == NULL)
                return (NULL);

        d = __nis_rpc_domain();
        if (d == NULL)
                return (NULL);
        dl = strlen(d);         /* _always dot terminated_   */

        buf = strdup(s);
        if (buf == NULL)
                return (NULL);
        strcpy(buf, s);         /* Make a private copy of 's'   */
        sl = strlen(buf);

        if (dl == 1) {                  /* We're the '.' directory   */
                buf[sl-1] = '\0';       /* Lose the 'dot'         */
                return (buf);
        }

        p = nis_dir_cmp(buf, d);

        /* 's' is above 'd' in the tree */
        if ((p == HIGHER_NAME) || (p == NOT_SEQUENTIAL) || (p == SAME_NAME)) {
                free(buf);
                return (NULL);
        }

        /* Insert a NUL where the domain name starts in the string */
        buf[(sl - dl) - 1] = '\0';

        /* Don't return a zero length name */
        if (buf[0] == '\0') {
                free((void *)buf);
                return (NULL);
        }

        return (buf);
}

/*
 * Wrapper for internal_table_name() that allocates a large enough
 * buffer for the internal name. Return value must be freed by caller.
 * If the input 'name' is NULL, the name of the root directory table
 * is returned.
 */
char *
internalTableName(char *name) {
        char    *buf, *res;
        char    *myself = "internalTableName";

        buf = (char *)am(myself, MAXPATHLEN + NIS_MAXNAMELEN + 1);
        if (buf == 0)
                return (0);

        if (name == 0) {
                (void) memcpy(buf, ROOTDIRFILE, slen(ROOTDIRFILE));
                return (buf);
        }

        res = internal_table_name(name, buf);
        if (res != buf) {
                sfree(buf);
                buf = 0;
        }

        return (buf);
}

/*
 * Return the object mapping for the object indicated either by the
 * internal DB name ('intNameArg'; preferred), or the FQ object name
 * 'name'. If 'asObj' is non-zero, the caller is interested in the
 * object mapping proper, not a mapping of table entries. Optionally,
 * also indicate if the object is mapped from (read) or to (write) LDAP.
 *
 * Note that there may be more than one mapping of the appropriate type.
 * Use the selectTableMapping() function in ldap_map.c to get all
 * alternatives. However, the function below works as a short-cut if:
 *
 *      You only want an indication that _a_ mapping of the desired
 *      type exists, or
 *
 *      You want the non-objectDN information for an object-mapping
 *      proper (i.e., _not_ the mapping for entries in a table).
 */
__nis_table_mapping_t *
getObjMapping(char *name, char *intNameArg, int asObj,
                int *doRead, int *doWrite) {
        __nis_table_mapping_t   *t, *x;
        char                    *intName;
        int                     freeIntName = 0, rd, wr;

        if (doRead != 0)
                *doRead = 0;
        if (doWrite != 0)
                *doWrite = 0;

        if (intNameArg == 0) {
                if (name == 0)
                        return (0);
                intName = internalTableName(name);
                if (intName == 0)
                        return (0);
                freeIntName = 1;
        } else {
                intName = intNameArg;
        }

        t = __nis_find_item_mt(intName, &ldapMappingList, 0, 0);
        if (t == 0) {
                if (freeIntName)
                        sfree(intName);
                return (0);
        }

        rd = wr = 0;
        for (x = t; x != 0; x = x->next) {
                /*
                 * If we're looking for an object mapping, and this
                 * one's for entries in a table, skip it.
                 */
                if (asObj && x->objType == NIS_TABLE_OBJ &&
                                x->numColumns > 0)
                        continue;
                /* Check if we should read/write */
                if (x->objectDN->read.scope != LDAP_SCOPE_UNKNOWN)
                        rd++;
                if (x->objectDN->write.scope != LDAP_SCOPE_UNKNOWN)
                        wr++;
        }

        if (doRead != 0)
                *doRead = (rd > 0) ? 1 : 0;
        if (doWrite != 0)
                *doWrite = (wr > 0) ? 1 : 0;

        if (freeIntName)
                sfree(intName);

        return (x);
}
Illumos
