#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <locale.h>
#include <sys/stat.h>
#include <lber.h>
#include <ldap.h>
#include <deflt.h>
#include "ldap_map.h"
#include "ldap_parse.h"
#include "ldap_glob.h"
#include "nis_parse_ldap_conf.h"
__nis_ldap_proxy_info proxyInfo =
{NULL, (auth_method_t)NO_VALUE_SET, (tls_method_t)NO_VALUE_SET, NULL,
NULL, NULL, NULL, NULL, (follow_referral_t)NO_VALUE_SET};
__nisdb_table_mapping_t ldapDBTableMapping;
__nis_table_mapping_t *ldapTableMapping = NULL;
__yp_domain_context_t ypDomains;
parse_error p_error = no_parse_error;
int cur_line_num = 0;
int start_line_num = 0;
int seq_num = 0;
const char *warn_file = NULL;
char _key_val[38];
const char *command_line_source = NULL;
const char *file_source = NULL;
const char *ldap_source = NULL;
static
const char *const *cmdline_config = NULL;
static bool_t got_config_data = FALSE;
static int parse_ldap_cmd_line(const char *const *cmdline_options,
__nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info);
static int parse_ldap_default_conf(__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config, __nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info);
static int parse_ldap_config_file(const char *config_file,
__nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info);
static int parse_ldap_config_dn_attrs(__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config, __nis_table_mapping_t **table_mapping,
__nis_config_info_t *config_info, __nisdb_table_mapping_t *table_info);
static int yp_parse_ldap_default_conf(__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config, __nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info);
int yp_parse_ldap_config_file(const char *, __nis_ldap_proxy_info *,
__nis_config_t *, __nis_table_mapping_t **, __nis_config_info_t *,
__nisdb_table_mapping_t *, __yp_domain_context_t *);
static config_key get_attrib_num_cmdline(const char *s,
const char **begin_s, const char **end_s);
static config_key get_file_attr_val(int fd, char **attr_val);
static void get_attribute_list(
const __nis_ldap_proxy_info *proxy_info,
const __nis_config_t *nis_config,
const __nis_config_info_t *config_info,
const __nisdb_table_mapping_t *table_info,
char **ldap_config_attributes);
int
parse_ldap_migration(
const char *const *cmdline_options,
const char *config_file)
{
int rc = 0;
__nis_config_info_t config_info
= {NULL, NULL, (auth_method_t)NO_VALUE_SET,
(tls_method_t)NO_VALUE_SET, NULL,
NULL, NULL};
struct stat buf;
p_error = no_parse_error;
if (verbose)
report_info("Getting LDAP configuration", NULL);
initialize_parse_structs(&proxyInfo, &ldapConfig, &ldapDBTableMapping);
if (yp2ldap)
initialize_yp_parse_structs(&ypDomains);
if (cmdline_options != NULL) {
got_config_data = TRUE;
if (!yp2ldap)
rc = parse_ldap_cmd_line(cmdline_options, &proxyInfo,
&ldapConfig, &ldapTableMapping, &config_info,
&ldapDBTableMapping);
else
rc = 0;
}
if (rc == 0) {
if (yp2ldap)
rc = yp_parse_ldap_default_conf(&proxyInfo, &ldapConfig,
&config_info, &ldapDBTableMapping);
else
rc = parse_ldap_default_conf(&proxyInfo, &ldapConfig,
&config_info, &ldapDBTableMapping);
}
if (config_file == NULL) {
if (yp2ldap) {
if (stat(YP_DEFAULT_MAPPING_FILE, &buf) == 0)
config_file = YP_DEFAULT_MAPPING_FILE;
} else {
if (stat(DEFAULT_MAPPING_FILE, &buf) == 0)
config_file = DEFAULT_MAPPING_FILE;
}
}
if (rc == 0 && config_file != NULL) {
got_config_data = TRUE;
warn_file = config_file;
cmdline_config = cmdline_options;
if (yp2ldap)
rc = yp_parse_ldap_config_file(config_file, &proxyInfo,
&ldapConfig, &ldapTableMapping, &config_info,
&ldapDBTableMapping, &ypDomains);
else
rc = parse_ldap_config_file(config_file, &proxyInfo,
&ldapConfig, &ldapTableMapping, &config_info,
&ldapDBTableMapping);
warn_file = NULL;
cmdline_config = NULL;
}
if (rc == 0 && (config_info.config_dn != NULL) &&
(config_info.config_dn[0] != '\0')) {
rc = parse_ldap_config_dn_attrs(&proxyInfo,
&ldapConfig, &ldapTableMapping, &config_info,
&ldapDBTableMapping);
}
free_config_info(&config_info);
if (rc == 0 && got_config_data == FALSE)
rc = 1;
set_default_values(&proxyInfo, &ldapConfig, &ldapDBTableMapping);
if (yp2ldap == 1 && rc == 0) {
rc = second_parser_pass(&ldapTableMapping);
if (rc == 0)
rc = final_parser_pass(&ldapTableMapping, &ypDomains);
if (rc == -2)
return (-1);
}
if (rc == 0)
rc = finish_parse(&proxyInfo, &ldapTableMapping);
if (rc == 0)
rc = linked2hash(ldapTableMapping);
if ((rc == 0) && yptol_mode)
rc = map_id_list_init();
if (rc != 0) {
free_parse_structs();
} else if (verbose)
report_info("LDAP configuration complete", NULL);
return (rc);
}
static int
parse_ldap_cmd_line(
const char *const *cmdline_options,
__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping,
__nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info)
{
int rc = 0;
config_key attrib_num;
const char *begin_s;
const char *end_s;
if (verbose)
report_info("Command line values: ", NULL);
while (*cmdline_options != NULL) {
if (verbose)
report_info("\t", *cmdline_options);
attrib_num = get_attrib_num_cmdline(
*cmdline_options, &begin_s, &end_s);
if (attrib_num == key_bad) {
command_line_source = "command line";
report_error(*cmdline_options, NULL);
command_line_source = NULL;
rc = -1;
break;
} else if (IS_CONFIG_KEYWORD(attrib_num)) {
rc = add_config_attribute(attrib_num,
begin_s, end_s - begin_s, config_info);
} else if (IS_BIND_INFO(attrib_num)) {
rc = add_bind_attribute(attrib_num,
begin_s, end_s - begin_s, proxy_info);
} else if (IS_OPER_INFO(attrib_num)) {
rc = add_operation_attribute(attrib_num,
begin_s, end_s - begin_s, nis_config,
table_info);
} else {
rc = add_mapping_attribute(attrib_num,
begin_s, end_s - begin_s, table_mapping);
}
if (rc < 0) {
command_line_source = "command line";
report_error(begin_s, _key_val);
command_line_source = NULL;
break;
}
cmdline_options++;
}
return (rc);
}
static int
parse_ldap_default_conf(
__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config,
__nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info)
{
int rc = 0;
char *ldap_config_attributes[n_config_keys];
char attr_buf[128];
char *attr;
char *attr_val;
int defflags;
config_key attrib_num;
int i;
int len;
int attr_len;
void *defp;
if ((defp = defopen_r(ETCCONFFILE)) != NULL) {
file_source = ETCCONFFILE;
if (verbose)
report_info("default configuration values: ", NULL);
defflags = defcntl_r(DC_GETFLAGS, 0, defp);
TURNOFF(defflags, DC_CASE);
(void) defcntl_r(DC_SETFLAGS, defflags, defp);
get_attribute_list(proxy_info, nis_config, config_info,
table_info, ldap_config_attributes);
i = 0;
while ((attr = ldap_config_attributes[i++]) != NULL) {
(void) strlcpy(attr_buf, attr, sizeof (attr_buf));
if (strcmp(attr, UPDATE_BATCHING) == 0) {
attr_len = strlen(attr);
attr_buf[attr_len] = '=';
attr_buf[attr_len + 1] = '\0';
attr_val = defread_r(attr_buf, defp);
if (attr_val == 0) {
attr_buf[attr_len] = ' ';
attr_val = defread_r(attr_buf, defp);
}
if (attr_val == 0) {
attr_buf[attr_len] = '\t';
attr_val = defread_r(attr_buf, defp);
}
if (attr_val == 0) {
attr_buf[attr_len] = '\n';
attr_val = defread_r(attr_buf, defp);
}
} else {
attr_val = defread_r(attr_buf, defp);
}
if (attr_val == NULL)
continue;
got_config_data = TRUE;
attrib_num = get_attrib_num(attr, strlen(attr));
if (attrib_num == key_bad) {
report_error(attr, NULL);
rc = -1;
break;
}
while (is_whitespace(*attr_val))
attr_val++;
if (*attr_val == '=')
attr_val++;
while (is_whitespace(*attr_val))
attr_val++;
len = strlen(attr_val);
while (len > 0 && is_whitespace(attr_val[len - 1]))
len--;
if (verbose) {
report_info("\t", attr);
report_info("\t\t", attr_val);
}
if (IS_BIND_INFO(attrib_num)) {
rc = add_bind_attribute(attrib_num,
attr_val, len, proxy_info);
} else if (IS_OPER_INFO(attrib_num)) {
rc = add_operation_attribute(attrib_num,
attr_val, len, nis_config,
table_info);
}
if (p_error != no_parse_error) {
report_error(attr_val, attr);
rc = -1;
break;
}
}
file_source = NULL;
defclose_r(defp);
}
return (rc);
}
static int
yp_parse_ldap_default_conf(
__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config,
__nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info)
{
int rc = 0;
char *ldap_config_attributes[n_config_keys];
char attr_buf[128];
char *attr;
char *attr_val;
int defflags;
config_key attrib_num;
int i, len;
void *defp;
if ((defp = defopen_r(YP_ETCCONFFILE)) != NULL) {
file_source = YP_ETCCONFFILE;
if (verbose)
report_info("default configuration values: ", NULL);
defflags = defcntl_r(DC_GETFLAGS, 0, defp);
TURNOFF(defflags, DC_CASE);
(void) defcntl_r(DC_SETFLAGS, defflags, defp);
get_attribute_list(proxy_info, nis_config, config_info,
table_info, ldap_config_attributes);
i = 0;
while ((attr = ldap_config_attributes[i++]) != NULL) {
if ((strlcpy(attr_buf, attr, sizeof (attr_buf))) >=
sizeof (attr_buf)) {
report_error(
"Static buffer attr_buf overflow", NULL);
defclose_r(defp);
return (-1);
}
if ((attr_val = defread_r(attr_buf, defp)) == NULL)
continue;
got_config_data = TRUE;
attrib_num = get_attrib_num(attr, strlen(attr));
if (attrib_num == key_bad) {
report_error(attr, NULL);
rc = -1;
break;
}
while (is_whitespace(*attr_val))
attr_val++;
if (*attr_val == '=')
attr_val++;
while (is_whitespace(*attr_val))
attr_val++;
len = strlen(attr_val);
while (len > 0 && is_whitespace(attr_val[len - 1]))
len--;
if (verbose) {
report_info("\t", attr);
report_info("\t\t", attr_val);
}
if (IS_YP_BIND_INFO(attrib_num)) {
rc = add_bind_attribute(attrib_num,
attr_val, len, proxy_info);
} else if (IS_YP_OPER_INFO(attrib_num)) {
rc = add_operation_attribute(attrib_num,
attr_val, len, nis_config,
table_info);
}
if (p_error != no_parse_error) {
report_error(attr_val, attr);
rc = -1;
break;
}
}
file_source = NULL;
defclose_r(defp);
}
return (rc);
}
static config_key
get_attrib_num_cmdline(const char *s, const char **begin_s, const char **end_s)
{
const char *s_end = s + strlen(s);
const char *equal_s;
const char *s1;
config_key attrib_num;
while (s < s_end && is_whitespace(*s))
s++;
for (equal_s = s; equal_s < s_end; equal_s++)
if (*equal_s == EQUAL_CHAR)
break;
if (equal_s == s_end) {
p_error = parse_bad_command_line_attribute_format;
return (key_bad);
}
for (s1 = equal_s; s1 > s && is_whitespace(s1[-1]); s1--)
;
if (s1 == s) {
p_error = parse_bad_command_line_attribute_format;
return (key_bad);
}
attrib_num = get_attrib_num(s, s1 - s);
if (attrib_num != key_bad) {
s1 = equal_s + 1;
while (s1 < s_end && is_whitespace(*s1))
s1++;
*begin_s = s1;
while (s_end > s1 && is_whitespace(s_end[-1]))
s_end--;
*end_s = s_end;
}
return (attrib_num);
}
static int
parse_ldap_config_file(const char *config_file,
__nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info)
{
int rc = 0;
config_key attrib_num;
int fd;
char *attr_val;
int len;
if ((fd = open(config_file, O_RDONLY)) == -1) {
p_error = parse_open_file_error;
report_error(config_file, NULL);
return (-1);
}
start_line_num = 1;
cur_line_num = 1;
if (verbose)
report_info("Reading configuration from ", config_file);
file_source = config_file;
while ((attrib_num = get_file_attr_val(fd, &attr_val)) > 0) {
len = attr_val == NULL ? 0 : strlen(attr_val);
if (IS_CONFIG_KEYWORD(attrib_num)) {
rc = add_config_attribute(attrib_num,
attr_val, len, config_info);
} else if (IS_BIND_INFO(attrib_num)) {
rc = add_bind_attribute(attrib_num,
attr_val, len, proxy_info);
} else if (IS_OPER_INFO(attrib_num)) {
rc = add_operation_attribute(attrib_num,
attr_val, len, nis_config, table_info);
} else {
rc = add_mapping_attribute(attrib_num,
attr_val, len, table_mapping);
}
if (rc < 0) {
report_error(attr_val == NULL ?
"<no attribute>" : attr_val, _key_val);
if (attr_val)
free(attr_val);
break;
}
if (attr_val)
free(attr_val);
}
(void) close(fd);
if (attrib_num == key_bad) {
report_error(_key_val, NULL);
rc = -1;
}
start_line_num = 0;
file_source = NULL;
return (rc);
}
int
yp_parse_ldap_config_file(
const char *config_file,
__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping,
__nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info,
__yp_domain_context_t *ypDomains)
{
int rc = 0;
config_key attrib_num;
int fd;
char *attr_val = NULL;
int len;
if ((fd = open(config_file, O_RDONLY)) == -1) {
p_error = parse_open_file_error;
report_error(config_file, NULL);
return (-1);
}
start_line_num = 1;
cur_line_num = 1;
if (verbose)
report_info("Reading configuration from ", config_file);
file_source = config_file;
while ((attrib_num = get_file_attr_val(fd, &attr_val)) > 0) {
len = attr_val == NULL ? 0 : strlen(attr_val);
if (IS_YP_CONFIG_KEYWORD(attrib_num)) {
rc = add_config_attribute(attrib_num,
attr_val, len, config_info);
} else if (IS_YP_BIND_INFO(attrib_num)) {
rc = add_bind_attribute(attrib_num,
attr_val, len, proxy_info);
} else if (IS_YP_OPER_INFO(attrib_num)) {
rc = add_operation_attribute(attrib_num,
attr_val, len, nis_config, table_info);
} else if (IS_YP_DOMAIN_INFO(attrib_num)) {
rc = add_ypdomains_attribute(attrib_num,
attr_val, len, ypDomains);
} else if (IS_YP_MAP_ATTR(attrib_num)) {
rc = add_mapping_attribute(attrib_num,
attr_val, len, table_mapping);
} else {
rc = -1;
p_error = parse_unsupported_format;
}
if (rc < 0) {
report_error(attr_val == NULL ?
"<no attribute>" : attr_val, _key_val);
if (attr_val)
free(attr_val);
break;
}
if (attr_val) {
free(attr_val);
attr_val = NULL;
}
}
(void) close(fd);
if (attrib_num == key_bad) {
report_error(_key_val, NULL);
rc = -1;
}
start_line_num = 0;
file_source = NULL;
return (rc);
}
static config_key
get_file_attr_val(int fd, char **attr_val)
{
char buf[BUFSIZE];
char *start_tag;
char *start_val;
char *end_val;
char *cut_here;
char *s;
char *a;
char *attribute_value;
int ret;
config_key attrib_num = no_more_keys;
*attr_val = NULL;
if ((ret = read_line(fd, buf, sizeof (buf))) > 0) {
for (s = buf; is_whitespace(*s); s++)
;
start_tag = s;
while (*s != '\0' && !is_whitespace(*s))
s++;
if (verbose)
report_info("\t", start_tag);
attrib_num = get_attrib_num(start_tag, s - start_tag);
if (attrib_num == key_bad)
return (key_bad);
while (is_whitespace(*s))
s++;
if (*s == '\0')
return (attrib_num);
start_val = s;
for (; *s != '\0'; s++) {
if (*s == ESCAPE_CHAR)
s++;
}
while (s > start_val && is_whitespace(s[-1]))
s--;
attribute_value =
calloc(1, (size_t)(s - start_val) + 1);
if (attribute_value == NULL) {
p_error = parse_no_mem_error;
return (key_bad);
}
attr_val[0] = attribute_value;
a = *attr_val;
end_val = s;
cut_here = 0;
for (s = start_val; s < end_val; s++) {
if (*s == POUND_SIGN) {
cut_here = s;
while (s < end_val) {
if (*s == DOUBLE_QUOTE_CHAR ||
*s == SINGLE_QUOTE_CHAR) {
cut_here = 0;
break;
}
s++;
}
}
}
if (cut_here != 0)
end_val = cut_here;
for (s = start_val; s < end_val; s++)
*a++ = *s;
*a++ = '\0';
}
if (ret == -1)
return (key_bad);
return (attrib_num);
}
static LDAP *
connect_to_ldap_config_server(
char *sever_name,
int server_port,
__nis_config_info_t *config_info)
{
LDAP *ld = NULL;
int ldapVersion = LDAP_VERSION3;
int derefOption = LDAP_DEREF_ALWAYS;
int timelimit = LDAP_NO_LIMIT;
int sizelimit = LDAP_NO_LIMIT;
int errnum;
bool_t retrying = FALSE;
int sleep_seconds = 1;
struct berval cred;
if (config_info->tls_method == no_tls) {
ld = ldap_init(sever_name, server_port);
if (ld == NULL) {
p_error = parse_ldap_init_error;
report_error(strerror(errno), NULL);
return (NULL);
}
} else {
if ((errnum = ldapssl_client_init(
config_info->tls_cert_db, NULL)) < 0) {
p_error = parse_ldapssl_client_init_error;
report_error(ldapssl_err2string(errnum), NULL);
return (NULL);
}
ld = ldapssl_init(sever_name, server_port, 1);
if (ld == NULL) {
p_error = parse_ldapssl_init_error;
report_error(strerror(errno), NULL);
return (NULL);
}
}
(void) ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
&ldapVersion);
(void) ldap_set_option(ld, LDAP_OPT_DEREF, &derefOption);
(void) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
(void) ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
(void) ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &sizelimit);
if (verbose)
report_info("Connecting to ", sever_name);
for (;;) {
if (config_info->auth_method == simple) {
errnum = ldap_simple_bind_s(ld, config_info->proxy_dn,
config_info->proxy_passwd);
} else if (config_info->auth_method == cram_md5) {
cred.bv_len = strlen(config_info->proxy_passwd);
cred.bv_val = config_info->proxy_passwd;
errnum = ldap_sasl_cram_md5_bind_s(ld,
config_info->proxy_dn, &cred, NULL, NULL);
} else if (config_info->auth_method == digest_md5) {
cred.bv_len = strlen(config_info->proxy_passwd);
cred.bv_val = config_info->proxy_passwd;
errnum = ldap_x_sasl_digest_md5_bind_s(ld,
config_info->proxy_dn, &cred, NULL, NULL);
} else {
errnum = ldap_simple_bind_s(ld, NULL, NULL);
}
if (errnum == LDAP_SUCCESS)
break;
if (errnum == LDAP_CONNECT_ERROR ||
errnum == LDAP_SERVER_DOWN) {
if (!retrying) {
if (verbose)
report_info(
"LDAP server unavailable. Retrying...",
NULL);
retrying = TRUE;
}
(void) sleep(sleep_seconds);
sleep_seconds *= 2;
if (sleep_seconds > MAX_LDAP_CONFIG_RETRY_TIME)
sleep_seconds = MAX_LDAP_CONFIG_RETRY_TIME;
p_error = no_parse_error;
continue;
}
p_error = parse_ldap_bind_error;
report_error2(config_info->proxy_dn, ldap_err2string(errnum));
(void) ldap_unbind(ld);
return (NULL);
}
if (verbose)
report_info("Reading values from ", config_info->config_dn);
return (ld);
}
static int
process_ldap_config_result(
LDAP *ld,
LDAPMessage *resultMsg,
__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping,
__nisdb_table_mapping_t *table_info)
{
LDAPMessage *e;
int errnum;
char *attr;
BerElement *ber = NULL;
config_key attrib_num;
char **vals;
int n;
int i;
char *attr_val;
int len;
int rc = 0;
bool_t error_reported = FALSE;
e = ldap_first_entry(ld, resultMsg);
if (e != NULL) {
for (attr = ldap_first_attribute(ld, e, &ber); attr != NULL;
attr = ldap_next_attribute(ld, e, ber)) {
if (verbose)
report_info("\t", attr);
attrib_num = get_attrib_num(attr, strlen(attr));
if (attrib_num == key_bad) {
report_error(attr, NULL);
break;
}
if ((vals = ldap_get_values(ld, e, attr)) != NULL) {
n = ldap_count_values(vals);
for (i = 0; i < n; i++) {
attr_val = vals[i];
while (is_whitespace(*attr_val))
attr_val++;
if (verbose)
report_info("\t\t", attr_val);
len = strlen(attr_val);
while (len > 0 &&
is_whitespace(attr_val[len - 1]))
len--;
if (yp2ldap) {
if (IS_YP_BIND_INFO(attrib_num)) {
rc = add_bind_attribute(attrib_num, attr_val,
len, proxy_info);
} else if (IS_YP_OPER_INFO(attrib_num)) {
rc = add_operation_attribute(attrib_num,
attr_val, len, nis_config, table_info);
} else if (IS_YP_MAP_ATTR(attrib_num)) {
rc = add_mapping_attribute(attrib_num, attr_val,
len, table_mapping);
} else {
p_error = parse_unsupported_format;
}
} else {
if (IS_BIND_INFO(attrib_num)) {
rc = add_bind_attribute(attrib_num, attr_val,
len, proxy_info);
} else if (IS_OPER_INFO(attrib_num)) {
rc = add_operation_attribute(attrib_num,
attr_val, len, nis_config, table_info);
} else {
rc = add_mapping_attribute(attrib_num, attr_val,
len, table_mapping);
}
}
if (p_error != no_parse_error) {
report_error(attr_val, attr);
error_reported = TRUE;
break;
}
}
ldap_value_free(vals);
} else {
(void) ldap_get_option(ld,
LDAP_OPT_ERROR_NUMBER, &errnum);
if (errnum != LDAP_SUCCESS)
p_error = parse_ldap_get_values_error;
}
ldap_memfree(attr);
if (p_error != no_parse_error)
break;
}
} else {
errnum = ldap_result2error(ld, resultMsg, FALSE);
if (errnum != LDAP_SUCCESS)
p_error = parse_ldap_search_error;
}
if (ber != NULL)
ber_free(ber, 0);
if (!error_reported && p_error != no_parse_error) {
report_error(ldap_err2string(errnum), 0);
}
if (p_error != no_parse_error)
rc = -1;
return (rc);
}
static int
process_ldap_referral(
char *url,
char **attrs,
__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping,
__nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info)
{
LDAPURLDesc *ludpp = NULL;
int rc;
LDAP *ld = NULL;
int errnum;
LDAPMessage *resultMsg = NULL;
if ((rc = ldap_url_parse(url, &ludpp)) != LDAP_SUCCESS)
return (1);
#ifdef LDAP_URL_OPT_SECURE
if (ludpp->lud_options & LDAP_URL_OPT_SECURE) {
if (config_info->tls_method != ssl_tls) {
ldap_free_urldesc(ludpp);
return (1);
}
} else {
if (config_info->tls_method != no_tls) {
ldap_free_urldesc(ludpp);
return (1);
}
}
#endif
if ((ld = connect_to_ldap_config_server(ludpp->lud_host,
ludpp->lud_port, config_info)) == NULL) {
ldap_free_urldesc(ludpp);
return (-1);
}
errnum = ldap_search_s(ld, config_info->config_dn, LDAP_SCOPE_BASE,
"objectclass=nisplusLDAPconfig", attrs, 0, &resultMsg);
ldap_source = config_info->config_dn;
if (errnum != LDAP_SUCCESS) {
p_error = parse_ldap_search_error;
report_error(ldap_err2string(errnum), 0);
rc = -1;
} else {
rc = process_ldap_config_result(ld, resultMsg, proxy_info,
nis_config, table_mapping, table_info);
}
ldap_source = NULL;
(void) ldap_unbind(ld);
if (resultMsg != NULL)
(void) ldap_msgfree(resultMsg);
return (rc);
}
static int
process_ldap_referral_msg(
LDAP *ld,
LDAPMessage *resultMsg,
char **attrs,
__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping,
__nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info)
{
int errCode;
char **referralsp = NULL;
int i;
int rc;
rc = ldap_parse_result(ld, resultMsg, &errCode, NULL, NULL, &referralsp,
NULL, 0);
if (rc != LDAP_SUCCESS || errCode != LDAP_REFERRAL) {
p_error = parse_ldap_get_values_error;
report_error(ldap_err2string(errCode), 0);
rc = -1;
} else {
for (i = 0; referralsp[i] != NULL; i++) {
rc = process_ldap_referral(referralsp[i], attrs,
proxy_info, nis_config, table_mapping,
config_info, table_info);
if (rc <= 0)
break;
else
report_info("Cannot use referral \n",
referralsp[i]);
}
if (rc > 0) {
p_error = parse_no_available_referrals_error;
report_error(0, 0);
}
}
if (referralsp)
ldap_value_free(referralsp);
return (rc);
}
static int
parse_ldap_config_dn_attrs(
__nis_ldap_proxy_info *proxy_info,
__nis_config_t *nis_config,
__nis_table_mapping_t **table_mapping,
__nis_config_info_t *config_info,
__nisdb_table_mapping_t *table_info)
{
int rc = 0;
LDAP *ld = NULL;
int errnum;
char *ldap_config_attributes[n_config_keys];
LDAPMessage *resultMsg = NULL;
if (config_info->auth_method == simple &&
config_info->proxy_dn == NULL)
p_error = parse_no_proxy_dn_error;
else if (config_info->auth_method ==
(auth_method_t)NO_VALUE_SET)
p_error = parse_no_config_auth_error;
else if ((config_info->default_servers == NULL) ||
(config_info->default_servers[0] == '\0'))
p_error = parse_no_config_server_addr;
if (p_error != no_parse_error) {
report_error(NULL, NULL);
return (-1);
}
if (config_info->tls_method == (tls_method_t)NO_VALUE_SET)
config_info->tls_method = no_tls;
else if (config_info->tls_method == ssl_tls &&
(config_info->tls_cert_db == NULL ||
*config_info->tls_cert_db == '\0')) {
p_error = parse_no_config_cert_db;
report_error(NULL, NULL);
return (-1);
}
if (verbose)
report_info(
"Getting configuration from LDAP server(s): ",
config_info->default_servers);
get_attribute_list(proxy_info, nis_config, NULL, table_info,
ldap_config_attributes);
if ((ld = connect_to_ldap_config_server(config_info->default_servers, 0,
config_info)) == NULL)
return (-1);
errnum = ldap_search_s(ld, config_info->config_dn, LDAP_SCOPE_BASE,
"objectclass=nisplusLDAPconfig",
ldap_config_attributes, 0, &resultMsg);
ldap_source = config_info->config_dn;
if (errnum == LDAP_REFERRAL) {
rc = process_ldap_referral_msg(ld, resultMsg,
ldap_config_attributes, proxy_info, nis_config,
table_mapping, config_info, table_info);
} else if (errnum != LDAP_SUCCESS) {
p_error = parse_ldap_search_error;
report_error(ldap_err2string(errnum), 0);
rc = -1;
} else {
rc = process_ldap_config_result(ld, resultMsg, proxy_info,
nis_config, table_mapping, table_info);
}
ldap_source = NULL;
(void) ldap_unbind(ld);
if (resultMsg != NULL)
(void) ldap_msgfree(resultMsg);
return (rc);
}
bool_t
is_cmd_line_option(config_key a_num)
{
const char *const *cmdline_options = cmdline_config;
config_key attrib_num;
const char *begin_s;
const char *end_s;
if (cmdline_options == NULL)
return (FALSE);
while (*cmdline_options != NULL) {
attrib_num = get_attrib_num_cmdline(
*cmdline_options, &begin_s, &end_s);
if (attrib_num == a_num)
break;
cmdline_options++;
}
return (*cmdline_options != NULL);
}
static void
get_attribute_list(
const __nis_ldap_proxy_info *proxy_info,
const __nis_config_t *nis_config,
const __nis_config_info_t *config_info,
const __nisdb_table_mapping_t *table_info,
char **attributes)
{
int n_attrs;
n_attrs = 0;
if (config_info != NULL) {
if (yp2ldap) {
if (config_info->config_dn == NULL)
attributes[n_attrs++] = YP_CONFIG_DN;
if (config_info->default_servers == NULL)
attributes[n_attrs++] = YP_CONFIG_SERVER_LIST;
if (config_info->auth_method ==
(auth_method_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_CONFIG_AUTH_METHOD;
if (config_info->tls_method ==
(tls_method_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_CONFIG_TLS_OPTION;
if (config_info->proxy_dn == NULL)
attributes[n_attrs++] = YP_CONFIG_PROXY_USER;
if (config_info->proxy_passwd == NULL)
attributes[n_attrs++] = YP_CONFIG_PROXY_PASSWD;
if (config_info->tls_cert_db == NULL)
attributes[n_attrs++] = YP_CONFIG_TLS_CERT_DB;
} else {
if (config_info->config_dn == NULL)
attributes[n_attrs++] = CONFIG_DN;
if (config_info->default_servers == NULL)
attributes[n_attrs++] = CONFIG_SERVER_LIST;
if (config_info->auth_method ==
(auth_method_t)NO_VALUE_SET)
attributes[n_attrs++] = CONFIG_AUTH_METHOD;
if (config_info->tls_method ==
(tls_method_t)NO_VALUE_SET)
attributes[n_attrs++] = CONFIG_TLS_OPTION;
if (config_info->proxy_dn == NULL)
attributes[n_attrs++] = CONFIG_PROXY_USER;
if (config_info->proxy_passwd == NULL)
attributes[n_attrs++] = CONFIG_PROXY_PASSWD;
if (config_info->tls_cert_db == NULL)
attributes[n_attrs++] = CONFIG_TLS_CERT_DB;
}
} else {
if (yp2ldap) {
attributes[n_attrs++] = YP_DOMAIN_CONTEXT;
attributes[n_attrs++] = YPPASSWDD_DOMAINS;
attributes[n_attrs++] = YP_DB_ID_MAP;
attributes[n_attrs++] = YP_COMMENT_CHAR;
attributes[n_attrs++] = YP_MAP_FLAGS;
attributes[n_attrs++] = YP_ENTRY_TTL;
attributes[n_attrs++] = YP_NAME_FIELDS;
attributes[n_attrs++] = YP_SPLIT_FIELD;
attributes[n_attrs++] = YP_REPEATED_FIELD_SEPARATORS;
attributes[n_attrs++] = YP_LDAP_OBJECT_DN;
attributes[n_attrs++] = NIS_TO_LDAP_MAP;
attributes[n_attrs++] = LDAP_TO_NIS_MAP;
} else {
attributes[n_attrs++] = DB_ID_MAP;
attributes[n_attrs++] = ENTRY_TTL;
attributes[n_attrs++] = LDAP_OBJECT_DN;
attributes[n_attrs++] = NISPLUS_TO_LDAP_MAP;
attributes[n_attrs++] = LDAP_TO_NISPLUS_MAP;
}
}
if (yp2ldap) {
if (proxy_info->default_servers == NULL)
attributes[n_attrs++] = PREFERRED_SERVERS;
if (proxy_info->auth_method == (auth_method_t)NO_VALUE_SET)
attributes[n_attrs++] = AUTH_METHOD;
if (proxy_info->tls_method == (tls_method_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_TLS_OPTION;
if (proxy_info->tls_cert_db == NULL)
attributes[n_attrs++] = YP_TLS_CERT_DB;
if (proxy_info->default_search_base == NULL)
attributes[n_attrs++] = SEARCH_BASE;
if (proxy_info->proxy_dn == NULL)
attributes[n_attrs++] = YP_PROXY_USER;
if (proxy_info->proxy_passwd == NULL)
attributes[n_attrs++] = YP_PROXY_PASSWD;
if (proxy_info->default_nis_domain == NULL)
attributes[n_attrs++] = YP_LDAP_BASE_DOMAIN;
if (proxy_info->bind_timeout.tv_sec ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_BIND_TIMEOUT;
if (proxy_info->search_timeout.tv_sec ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_SEARCH_TIMEOUT;
if (proxy_info->modify_timeout.tv_sec ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_MODIFY_TIMEOUT;
if (proxy_info->add_timeout.tv_sec == (time_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_ADD_TIMEOUT;
if (proxy_info->delete_timeout.tv_sec ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_DELETE_TIMEOUT;
if (proxy_info->search_time_limit == (int)NO_VALUE_SET)
attributes[n_attrs++] = YP_SEARCH_TIME_LIMIT;
if (proxy_info->search_size_limit == (int)NO_VALUE_SET)
attributes[n_attrs++] = YP_SEARCH_SIZE_LIMIT;
if (proxy_info->follow_referral ==
(follow_referral_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_FOLLOW_REFERRAL;
if (table_info->retrieveError ==
(__nis_retrieve_error_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_RETRIEVE_ERROR_ACTION;
if (table_info->retrieveErrorRetry.attempts == NO_VALUE_SET)
attributes[n_attrs++] = YP_RETREIVE_ERROR_ATTEMPTS;
if (table_info->retrieveErrorRetry.timeout ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_RETREIVE_ERROR_TIMEOUT;
if (table_info->storeError ==
(__nis_store_error_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_STORE_ERROR_ACTION;
if (table_info->storeErrorRetry.attempts == NO_VALUE_SET)
attributes[n_attrs++] = YP_STORE_ERROR_ATTEMPTS;
if (table_info->storeErrorRetry.timeout ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_STORE_ERROR_TIMEOUT;
if (table_info->refreshError ==
(__nis_refresh_error_t)NO_VALUE_SET)
attributes[n_attrs++] = REFRESH_ERROR_ACTION;
if (table_info->refreshErrorRetry.attempts == NO_VALUE_SET)
attributes[n_attrs++] = REFRESH_ERROR_ATTEMPTS;
if (table_info->refreshErrorRetry.timeout ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = REFRESH_ERROR_TIMEOUT;
if (table_info->matchFetch ==
(__nis_match_fetch_t)NO_VALUE_SET)
attributes[n_attrs++] = YP_MATCH_FETCH;
} else {
if (proxy_info->default_servers == NULL)
attributes[n_attrs++] = PREFERRED_SERVERS;
if (proxy_info->auth_method == (auth_method_t)NO_VALUE_SET)
attributes[n_attrs++] = AUTH_METHOD;
if (proxy_info->tls_method == (tls_method_t)NO_VALUE_SET)
attributes[n_attrs++] = TLS_OPTION;
if (proxy_info->tls_cert_db == NULL)
attributes[n_attrs++] = TLS_CERT_DB;
if (proxy_info->default_search_base == NULL)
attributes[n_attrs++] = SEARCH_BASE;
if (proxy_info->proxy_dn == NULL)
attributes[n_attrs++] = PROXY_USER;
if (proxy_info->proxy_passwd == NULL)
attributes[n_attrs++] = PROXY_PASSWD;
if (proxy_info->default_nis_domain == NULL)
attributes[n_attrs++] = LDAP_BASE_DOMAIN;
if (proxy_info->bind_timeout.tv_sec ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = BIND_TIMEOUT;
if (proxy_info->search_timeout.tv_sec ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = SEARCH_TIMEOUT;
if (proxy_info->modify_timeout.tv_sec ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = MODIFY_TIMEOUT;
if (proxy_info->add_timeout.tv_sec == (time_t)NO_VALUE_SET)
attributes[n_attrs++] = ADD_TIMEOUT;
if (proxy_info->delete_timeout.tv_sec ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = DELETE_TIMEOUT;
if (proxy_info->search_time_limit == (int)NO_VALUE_SET)
attributes[n_attrs++] = SEARCH_TIME_LIMIT;
if (proxy_info->search_size_limit == (int)NO_VALUE_SET)
attributes[n_attrs++] = SEARCH_SIZE_LIMIT;
if (proxy_info->follow_referral ==
(follow_referral_t)NO_VALUE_SET)
attributes[n_attrs++] = FOLLOW_REFERRAL;
if (table_info->retrieveError ==
(__nis_retrieve_error_t)NO_VALUE_SET)
attributes[n_attrs++] = RETRIEVE_ERROR_ACTION;
if (table_info->retrieveErrorRetry.attempts == NO_VALUE_SET)
attributes[n_attrs++] = RETREIVE_ERROR_ATTEMPTS;
if (table_info->retrieveErrorRetry.timeout ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = RETREIVE_ERROR_TIMEOUT;
if (table_info->storeError ==
(__nis_store_error_t)NO_VALUE_SET)
attributes[n_attrs++] = STORE_ERROR_ACTION;
if (table_info->storeErrorRetry.attempts == NO_VALUE_SET)
attributes[n_attrs++] = STORE_ERROR_ATTEMPTS;
if (table_info->storeErrorRetry.timeout ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = STORE_ERROR_TIMEOUT;
if (table_info->refreshError ==
(__nis_refresh_error_t)NO_VALUE_SET)
attributes[n_attrs++] = REFRESH_ERROR_ACTION;
if (table_info->refreshErrorRetry.attempts == NO_VALUE_SET)
attributes[n_attrs++] = REFRESH_ERROR_ATTEMPTS;
if (table_info->refreshErrorRetry.timeout ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = REFRESH_ERROR_TIMEOUT;
if (table_info->matchFetch ==
(__nis_match_fetch_t)NO_VALUE_SET)
attributes[n_attrs++] = MATCH_FETCH;
}
switch (nis_config->initialUpdate) {
case (__nis_initial_update_t)NO_VALUE_SET:
attributes[n_attrs++] = INITIAL_UPDATE_ACTION;
attributes[n_attrs++] = INITIAL_UPDATE_ONLY;
break;
case (__nis_initial_update_t)INITIAL_UPDATE_NO_ACTION:
case (__nis_initial_update_t)NO_INITIAL_UPDATE_NO_ACTION:
attributes[n_attrs++] = INITIAL_UPDATE_ACTION;
break;
case (__nis_initial_update_t)FROM_NO_INITIAL_UPDATE:
case (__nis_initial_update_t)TO_NO_INITIAL_UPDATE:
attributes[n_attrs++] = INITIAL_UPDATE_ONLY;
break;
}
if (nis_config->threadCreationError ==
(__nis_thread_creation_error_t)NO_VALUE_SET)
attributes[n_attrs++] = THREAD_CREATE_ERROR_ACTION;
if (nis_config->threadCreationErrorTimeout.attempts == NO_VALUE_SET)
attributes[n_attrs++] = THREAD_CREATE_ERROR_ATTEMPTS;
if (nis_config->threadCreationErrorTimeout.timeout ==
(time_t)NO_VALUE_SET)
attributes[n_attrs++] = THREAD_CREATE_ERROR_TIMEOUT;
if (nis_config->dumpError == (__nis_dump_error_t)NO_VALUE_SET)
attributes[n_attrs++] = DUMP_ERROR_ACTION;
if (nis_config->dumpErrorTimeout.attempts == NO_VALUE_SET)
attributes[n_attrs++] = DUMP_ERROR_ATTEMPTS;
if (nis_config->dumpErrorTimeout.timeout == (time_t)NO_VALUE_SET)
attributes[n_attrs++] = DUMP_ERROR_TIMEOUT;
if (nis_config->resyncService == (__nis_resync_service_t)NO_VALUE_SET)
attributes[n_attrs++] = RESYNC;
if (nis_config->updateBatching ==
(__nis_update_batching_t)NO_VALUE_SET)
attributes[n_attrs++] = UPDATE_BATCHING;
if (nis_config->updateBatchingTimeout.timeout == (time_t)NO_VALUE_SET)
attributes[n_attrs++] = UPDATE_BATCHING_TIMEOUT;
if (nis_config->numberOfServiceThreads == (int)NO_VALUE_SET)
attributes[n_attrs++] = NUMBER_THEADS;
if (nis_config->emulate_yp == (int)NO_VALUE_SET)
attributes[n_attrs++] = YP_EMULATION;
if (nis_config->maxRPCRecordSize == (int)NO_VALUE_SET)
attributes[n_attrs++] = MAX_RPC_RECSIZE;
attributes[n_attrs++] = NULL;
}
