/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ /* * DESCRIPTION: Contains top level functions to read/write to the DIT. These * are the API between the shim and the mapping system. * Things calling these should have no knowledge of LDAP. Things * called by them should have no knowledge of NIS. * * Error handling here may appear to be limited but, because the * NIS protocol cannot carry meaningful information about why a * N2L operation failed, functions that don't work log * an error and then just return FAILURE. * */ /* * Includes. WE WANT TO USE REAL DBM FUNCTIONS SO DO NOT INCLUDE SHIM_HOOKS.H. */ #include #include #include #include #include #include #include #include #include "ypsym.h" #include "ypdefs.h" #include "shim.h" #include "../ldap_structs.h" #include "../ldap_parse.h" #include "../nisdb_ldap.h" #include "../ldap_util.h" #include "../ldap_op.h" #include "../ldap_attr.h" #include "../nis_parse_ldap_conf.h" #include "../nisdb_mt.h" #include "yptol.h" #include "dit_access_utils.h" #include "stdio.h" extern bool delete_map(char *name); extern bool rename_map(char *from, char *to, bool_t secure_map); /* Enable standard YP code features defined in ypdefs.h */ USE_YP_MASTER_NAME USE_YP_DOMAIN_NAME USE_YP_SECURE USE_YP_INTERDOMAIN /* * Decs */ suc_code add_special_entries(DBM *, map_ctrl *, bool_t *); void free_null_terminated_list(char **list); /* * FUNCTION: is_yptol_mode(); * * DESCRIPTION: Determines if we should run in N2L or traditional mode based * on the presence of the N2L mapping file. If there are problems * with the file, e.g. unreadable, this will be picked up latter. * * INPUTS: Nothing * * OUTPUTS: TRUE = Run in N2L mode * FALSE = Run in traditional mode. */ bool_t is_yptol_mode() { struct stat filestat; if (stat(YP_DEFAULTCONFFILE, &filestat) != -1) return (TRUE); return (FALSE); } /* * FUNCTION: read_from_dit(); * * DESCRIPTION: Read (i.e. get and map) a single NIS entry from the LDAP DIT. * Also handles retry attempts, on failure, and interpretation of * internal error codes. * * INPUTS: Map name (unqualified) * Domain name * Entry key * Pointer to return location * * OUTPUTS: If successful DBM datum containing result. * On error DBM datum pointing to NULL and, if the cached value * is not to be used, an error code. */ int read_from_dit(char *map, char *domain, datum *key, datum *value) { int count; int res; __nisdb_retry_t *retrieveRetry; /* Initialize tsd */ __nisdb_get_tsd()->domainContext = 0; __nisdb_get_tsd()->escapeFlag = '\0'; for (count = 0; count < ypDomains.numDomains; count++) { if (0 == ypDomains.domainLabels[count]) continue; if (0 == strcasecmp(domain, ypDomains.domainLabels[count])) { __nisdb_get_tsd()->domainContext = ypDomains.domains[count]; break; } } retrieveRetry = &ldapDBTableMapping.retrieveErrorRetry; /* Loop 'attempts' times of forever if -1 */ for (count = retrieveRetry->attempts; (0 <= count) || (-1 == retrieveRetry->attempts); count --) { if (TRUE == singleReadFromDIT(map, domain, key, value, &res)) /* It worked, return value irrelevant */ return (0); if (LDAP_TIMEOUT == res) { /* Exceeded search timeout */ value->dptr = NULL; return (0); } if (is_fatal_error(res)) break; /* * Didn't work. If not the special case where no repeats are * done sleep. */ if (0 != retrieveRetry->attempts) (void) poll(NULL, 0, retrieveRetry->timeout*1000); } /* Make sure returned pointer is NULL */ value->dptr = NULL; /* If we get here access failed work out what to return */ if (ldapDBTableMapping.retrieveError == use_cached) return (0); return (res); } /* * FUNCTION: write_to_dit(); * * DESCRIPTION: Maps and writes a NIS entry to the LDAP DIT. * Also handles retry attempts, on failure, and interpretation of * internal error codes. * * INPUTS: Pointer to (unqualified) map name * Pointer to domain name * The entries key * What to write * Replace flag indicating * TRUE = Replace (overwrite) any existing entries * FALSE = Return error if there are existing entries * Flag indicating if we should tolerate mapping errors. * * OUTPUTS: SUCCESS = Write was successful * FAILURE = Write failed * */ suc_code write_to_dit(char *map, char *domain, datum key, datum value, bool_t replace, bool_t ignore_map_errs) { int count; int res; __nisdb_retry_t *storeRetry = &ldapDBTableMapping.storeErrorRetry; /* Initialize tsd */ __nisdb_get_tsd()->domainContext = 0; __nisdb_get_tsd()->escapeFlag = '\0'; for (count = 0; count < ypDomains.numDomains; count++) { if (0 == ypDomains.domainLabels[count]) continue; if (0 == strcasecmp(domain, ypDomains.domainLabels[count])) { __nisdb_get_tsd()->domainContext = ypDomains.domains[count]; break; } } storeRetry = &ldapDBTableMapping.storeErrorRetry; /* Loop 'attempts' times of forever if -1 */ for (count = storeRetry->attempts; (0 <= count) || (-1 == storeRetry->attempts); count --) { res = singleWriteToDIT(map, domain, &key, &value, replace); if (LDAP_SUCCESS == res) return (SUCCESS); if (is_fatal_error(res)) { /* * The mapping failed and will fail again if it is * retried. However there are some cases where an * actual mapping fault (rather than a LDAP problem) * may be ignored. */ if (ignore_map_errs) { switch (res) { case LDAP_INVALID_DN_SYNTAX: case LDAP_OBJECT_CLASS_VIOLATION: case LDAP_NOT_ALLOWED_ON_RDN: case MAP_NAMEFIELD_MATCH_ERROR: case MAP_NO_DN: return (SUCCESS); default: break; } } return (FAILURE); } if (ldapDBTableMapping.storeError != sto_retry) return (FAILURE); /* * Didn't work. If not the special case where no repeats are * done sleep. */ if (0 != storeRetry->attempts) (void) poll(NULL, 0, storeRetry->timeout*1000); } return (FAILURE); } /* * FUNCTION : get_ttl_value() * * DESCRIPTION: Get the TTL value, derived from mapping file or DIT, for a * entry. * * GIVEN : Pointer to map * A flag indication if TTL should be max, min or random * * RETURNS : TTL value in seconds. * -1 on failure */ int get_ttl_value(map_ctrl *map, TTL_TYPE type) { __nis_table_mapping_t *table_map; int interval, res; char *myself = "get_ttl_value"; /* Get the mapping structure corresponding to `map.domain' */ table_map = mappingFromMap(map->map_name, map->domain, &res); if (0 == table_map) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "Get TTL request could not access map %s in domain %s " "(error %d)", map->map_name, map->domain, res); return (-1); } switch (type) { case TTL_MAX: return (table_map->initTtlHi); case TTL_MIN: return (table_map->initTtlLo); default: logmsg(MSG_NOTIMECHECK, LOG_INFO, "%s passed illegal TTL type (%d)", myself, type); /* If unknown TTL type drop through to TTL_RAND */ /* FALLTHROUGH */ case TTL_RAND: interval = table_map->initTtlHi - table_map->initTtlLo; if (0 >= interval) return (table_map->initTtlLo); /* * Must get a random value. We assume srand48() got * called at initialization. */ return (lrand48() % interval); case TTL_RUNNING: return (table_map->ttl); } } /* * FUNCTION : get_mapping_domain_list() * * DESCRIPTION: Gets a list of domain names specified, by nisLDAPdomainContext * attributes, in the mapping file. This is used only for initial * DIT setup. Once the DIT has been set up get_domain_list() is * used instead. * * GIVEN : Pointer returned array. * * RETURNS : Number of element in returned array. * Array of elements this is in static memory * and must not be freed by the caller. */ int get_mapping_domain_list(char ***ptr) { *ptr = ypDomains.domainLabels; return (ypDomains.numDomains); } /* * FUNCTION : get_mapping_yppasswdd_domain_list() * * DESCRIPTION: Gets a list of domain names specified, by the * nisLDAPyppasswddDomains attribute, in the mapping file. This * is the list of domains for which passwords should be changed. * * GIVEN : Pointer returned array * * RETURNS : Number of element in returned array. * 0 if no nisLDAPyppasswddDomains attribute is present. * Array of elements this is in static memory * and must not be freed by the caller. */ int get_mapping_yppasswdd_domain_list(char ***ptr) { *ptr = ypDomains.yppasswddDomainLabels; return (ypDomains.numYppasswdd); } /* * FUNCTION : free_map_list() * * DESCRIPTION: Frees a map list. * * GIVEN : Pointer to the map list. * * RETURNS : Nothing */ void free_map_list(char **map_list) { free_null_terminated_list(map_list); } /* * FUNCTION : get_passwd_list() * * DESCRIPTION: Gets a list of either passwd or passwd.adjunct map files * defined in the mapping file. These are the files which have * 'magic' nisLDAPdatabaseIdMapping entries aliasing them to * passwd or passwd.adjunct. This function is required so that * yppasswdd can work out which maps to synchronize with any * password changes. * * This information is not currently stored by the parser but * we can recover it from the hash table. This makes hard work but * passwords should not be changed very frequently * * GIVEN : Flag indicating if a list is required for passwd or * passwd.adjunct * Domain to return the list for. * * RETURNS : Null terminated list of map names in malloced memory. To be * freed by caller. (Possibly empty if no passwd maps found) * NULL on error */ char ** get_passwd_list(bool_t adjunct, char *domain) { char *myself = "get_passwd_list"; __nis_hash_item_mt *it; int i, size; char *end_ptr; char *target; /* What we are looking for */ int target_len; int domain_len; char **res; /* Result array */ char **res_old; /* Old value of res during realloc */ int array_size; /* Current malloced size */ int res_count = 0; /* Current result count */ /* * Always need an array even if just for terminator. Normally one * chunk will be enough. */ res = am(myself, ARRAY_CHUNK * sizeof (char *)); if (NULL == res) return (NULL); array_size = ARRAY_CHUNK; /* Set up target */ if (adjunct) target = PASSWD_ADJUNCT_PREFIX; else target = PASSWD_PREFIX; target_len = strlen(target); domain_len = strlen(domain); /* Work out hash table length */ size = sizeof (ldapMappingList.keys) / sizeof (ldapMappingList.keys[0]); /* For all hash table entries */ for (i = 0; i < size; i++) { /* Walk linked list for this hash table entry */ for (it = ldapMappingList.keys[i]; NULL != it; it = it->next) { /* Check right map */ if ((target_len + domain_len + 1) > strlen(it->name)) continue; if (0 != strncmp(it->name, target, target_len)) continue; /* Check right domain (minus trailing dot) */ if (strlen(domain) >= strlen(it->name)) continue; end_ptr = it->name + strlen(it->name) - strlen(domain) - 1; if (',' != *(end_ptr - 1)) continue; if (0 != strncmp(end_ptr, domain, strlen(domain))) continue; /* Check if we need to enlarge array */ if ((res_count + 1) >= array_size) { array_size += ARRAY_CHUNK; res_old = res; res = realloc(res, array_size * sizeof (char *)); if (NULL == res) { res_old[res_count] = NULL; free_passwd_list(res_old); return (NULL); } } /* What we really need is strndup() */ res[res_count] = am(myself, end_ptr - it->name + 1); if (NULL == res[res_count]) { free_passwd_list(res); return (NULL); } /* Copy from start to end_ptr */ (void) memcpy(res[res_count], it->name, end_ptr-it->name - 1); res_count ++; } } /* Terminate array */ res[res_count] = NULL; return (res); } /* * FUNCTION : free_passwd_list() * * DESCRIPTION: Frees a password list obtained with get_passwd_list() * * INPUTS : Address of list to free. * * OUTPUTS : Nothing */ void free_passwd_list(char **list) { free_null_terminated_list(list); } /* * FUNCTION : free_null_terminated_list() * * DESCRIPTION: Frees a generic null terminated list. * * INPUTS : Address of list to free. * * OUTPUTS : Nothing */ void free_null_terminated_list(char **list) { int index; /* Free all the strings */ for (index = 0; NULL != list[index]; index ++) sfree(list[index]); /* Free the array */ sfree(list); } /* * FUNCTION : add_special_entries() * * DESCRIPTION: Adds the special (YP_*) entries to a map. * * Part of dit_access because requires access to the mapping * file in order to work out if secure and interdomain entries * should be created. * * GIVEN : Pointer to an open, temporary, DBM file * Pointer to map information (do not use DBM fields). * Pointer to a location in which to return security flag * * RETURNS : SUCCESS = All entries created * FAILURE = Some entries not created */ suc_code add_special_entries(DBM *db, map_ctrl *map, bool_t *secure_flag) { char local_host[MAX_MASTER_NAME]; __nis_table_mapping_t *table_map; int res; /* Last modified time is now */ update_timestamp(db); /* Add domain name */ addpair(db, yp_domain_name, map->domain); /* For N2L mode local machine is always the master */ sysinfo(SI_HOSTNAME, local_host, sizeof (local_host)); addpair(db, yp_master_name, local_host); /* Get the mapping structure corresponding to `map.domain' */ table_map = mappingFromMap(map->map_name, map->domain, &res); if (0 == table_map) return (FAILURE); /* Add secure and interdomain flags if required */ if (table_map->securemap_flag) { addpair(db, yp_secure, ""); *secure_flag = TRUE; } else { *secure_flag = FALSE; } if (table_map->usedns_flag) addpair(db, yp_interdomain, ""); return (SUCCESS); } /* * FUNCTION: update_map_from_dit() * * DESCRIPTION: Core code called to update an entire map. * Information is recovered from LDAP and used to build a duplicate * copy of the live maps. When this is complete the maps are * locked and then overwritten by the new copy. * * INPUTS: map_ctrl containing lots of information about the map and a * pointer to it's lock which will be required. * Flag indicating if progress logging is required. * * OUTPUTS: SUCCESS = Map updated * FAILURE = Map not updated */ suc_code update_map_from_dit(map_ctrl *map, bool_t log_flag) { __nis_table_mapping_t *t; __nis_rule_value_t *rv; __nis_ldap_search_t *ls; __nis_object_dn_t *objectDN = NULL; datum *datval, *datkey; int nr = 0, i, j, nv, numDNs; int statP = SUCCESS, flag; char *objname, **dn; /* Name of temporary entries DBM file */ char *temp_entries; /* Name of temporary TTL DBM file */ char *temp_ttl; /* Temporary DBM handles */ DBM *temp_entries_db; DBM *temp_ttl_db; map_ctrl temp_map; datum key; char *myself = "update_map_from_dit"; bool_t secure_flag; int entry_count = 1; int next_print = PRINT_FREQ; int search_flag = SUCCESS; int m; /* list of maps whose keys will be transliterated to lowercase */ char *xlate_to_lcase_maps[] = { "hosts.byname", "ipnodes.byname", NULL }; bool_t xlate_to_lcase = FALSE; if (!map || !map->map_name || !map->domain) { return (FAILURE); } __nisdb_get_tsd()->escapeFlag = '\0'; /* * netgroup.byxxx maps are a special case. They are regenerated from * the netgroup map, not the DIT, so handle special case. */ if ((0 == strcmp(map->map_name, NETGROUP_BYHOST)) || 0 == (strcmp(map->map_name, NETGROUP_BYUSER))) { return (update_netgroup_byxxx(map)); } /* Get the mapping information for the map */ if ((t = mappingFromMap(map->map_name, map->domain, &statP)) == 0) { if (statP == MAP_NO_MAPPING_EXISTS) logmsg(MSG_NOTIMECHECK, LOG_WARNING, "%s: No mapping information available for %s,%s", myself, map->map_name, map->domain); return (FAILURE); } /* Allocate and set up names */ if (SUCCESS != alloc_temp_names(map->map_path, &temp_entries, &temp_ttl)) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Unable to create map names for %s", myself, map->map_path); return (FAILURE); } /* Create temp entry and TTL file */ if ((temp_entries_db = dbm_open(temp_entries, O_RDWR | O_CREAT, 0644)) == NULL) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not open %s", myself, temp_entries); sfree(temp_entries); sfree(temp_ttl); return (FAILURE); } if ((temp_ttl_db = dbm_open(temp_ttl, O_RDWR | O_CREAT, 0644)) == NULL) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not open %s", myself, temp_ttl); dbm_close(temp_entries_db); delete_map(temp_entries); sfree(temp_entries); sfree(temp_ttl); return (FAILURE); } /* Initialize domainContext tsd */ __nisdb_get_tsd()->domainContext = 0; for (i = 0; i < ypDomains.numDomains; i++) { if (0 == ypDomains.domainLabels[i]) continue; if (0 == strcasecmp(map->domain, ypDomains.domainLabels[i])) { __nisdb_get_tsd()->domainContext = ypDomains.domains[i]; break; } } if (!(objname = getFullMapName(map->map_name, map->domain))) { if (temp_entries_db) dbm_close(temp_entries_db); if (temp_ttl_db) dbm_close(temp_ttl_db); delete_map(temp_entries); sfree(temp_entries); delete_map(temp_ttl); sfree(temp_ttl); return (FAILURE); } /* * set xlate_to_lcase to TRUE if map_name is found in * xlate_to_lcase_maps[] */ m = 0; while (xlate_to_lcase_maps[m] != NULL) { if (strncmp(map->map_name, xlate_to_lcase_maps[m], strlen(xlate_to_lcase_maps[m])) == 0) { xlate_to_lcase = TRUE; break; } ++m; } /* Try each mapping for the map */ for (flag = 0; t != 0 && search_flag != FAILURE; t = t->next) { /* Check if the mapping is the correct one */ if (strcmp(objname, t->objName) != 0) { continue; } /* Check if rulesFromLDAP are provided */ if (t->numRulesFromLDAP == 0) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: No rulesFromLDAP available for %s (%s)", myself, t->dbId, map->map_name); continue; } /* Set flag to indicate update is enabled */ flag = 1; /* Create ldap request for enumeration */ for (objectDN = t->objectDN; objectDN && objectDN->read.base; objectDN = objectDN->next) { if ((ls = createLdapRequest(t, 0, 0, 1, NULL, objectDN)) == 0) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Failed to create " "ldapSearch request for " "%s (%s) for base %s", myself, t->dbId, map->map_name, objectDN->read.base); statP = FAILURE; search_flag = FAILURE; break; } if (log_flag) { printf("Waiting for LDAP search results.\n"); } /* Query LDAP */ nr = (ls->isDN)?0:-1; rv = ldapSearch(ls, &nr, 0, &statP); freeLdapSearch(ls); if (rv == 0) { if (statP == LDAP_NO_SUCH_OBJECT) { /* * No Entry exists in the ldap server. Not * a problem. Maybe there are just no entries * in this map. */ continue; } logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: ldapSearch error %d " "(%s) for %s (%s) for base %s", myself, statP, ldap_err2string(statP), t->dbId, map->map_name, objectDN->read.base); statP = FAILURE; search_flag = FAILURE; break; } if (log_flag) { printf("Processing search results.\n"); } /* Obtain list of DNs for logging */ if ((dn = findDNs(myself, rv, nr, 0, &numDNs)) == 0) { statP = FAILURE; search_flag = FAILURE; break; } /* For each entry in the result do the following */ for (i = 0; i < nr; i++) { /* Convert LDAP data to NIS equivalents */ statP = buildNISRuleValue(t, &rv[i], map->domain); if (statP == MAP_INDEXLIST_ERROR) continue; if (statP != SUCCESS) { logmsg(MSG_NOTIMECHECK, LOG_WARNING, "%s: Conversion error %d (LDAP to " "name=value pairs) " "for (dn: %s) for " "%s (%s) for base %s", myself, statP, NIL(dn[i]), t->dbId, map->map_name, objectDN->read.base); continue; } /* Obtain the datum for value */ datval = ruleValueToDatum(t, &rv[i], &statP); if (datval == 0) { logmsg(MSG_NOTIMECHECK, LOG_WARNING, "%s: Conversion error %d " "(name=value pairs to NIS)" " for (dn: %s) for " "%s (%s) for base %s", myself, statP, NIL(dn[i]), t->dbId, map->map_name, objectDN->read.base); continue; } /* Obtain the datum for key */ datkey = getKeyFromRuleValue(t, &rv[i], &nv, &statP, xlate_to_lcase); if (datkey == 0) { logmsg(MSG_NOTIMECHECK, LOG_WARNING, "%s: Unable to obtain NIS " "key from LDAP data (dn:%s) " "for %s (%s) for base %s", myself, NIL(dn[i]), t->dbId, map->map_name, objectDN->read.base); sfree(datval->dptr); sfree(datval); continue; } /* Write to the temporary map */ for (j = 0; j < nv; j++, entry_count ++) { if (datkey[j].dsize == 0) continue; errno = 0; /* DBM_INSERT to match */ /* singleReadFromDIT */ if (dbm_store(temp_entries_db, datkey[j], *datval, DBM_INSERT) < 0) { /* * For some cases errno may * still be 0 but dbm_error * isn't informative at all. */ logmsg(MSG_NOTIMECHECK, LOG_WARNING, "%s: dbm store error " "(errno=%d) " "for (key=%s, value=%s) " "for %s (%s) for base %s", myself, errno, datkey[j].dptr, datval->dptr, t->dbId, map->map_name, objectDN->read.base); /* clear the error */ dbm_clearerr(temp_entries_db); } sfree(datkey[j].dptr); if (log_flag && (entry_count >= next_print)) { printf("%d entries processed\n", entry_count); next_print *= 2; } } sfree(datkey); sfree(datval->dptr); sfree(datval); } freeRuleValue(rv, nr); freeDNs(dn, numDNs); } /* End of for over objectDN */ } sfree(objname); if (t != 0 || flag == 0 || search_flag == FAILURE) { if (temp_entries_db) dbm_close(temp_entries_db); if (temp_ttl_db) dbm_close(temp_ttl_db); delete_map(temp_entries); sfree(temp_entries); delete_map(temp_ttl); sfree(temp_ttl); return (statP); } /* Set up enough of map_ctrl to call update_entry_ttl */ temp_map.map_name = map->map_name; temp_map.domain = map->domain; temp_map.ttl = temp_ttl_db; /* Generate new TTL file */ key = dbm_firstkey(temp_entries_db); while (key.dptr != 0) { if (!is_special_key(&key)) /* * We don't want all the entries to time out at the * same time so create random TTLs. */ if (FAILURE == update_entry_ttl(&temp_map, &key, TTL_RAND)) logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not update TTL for " "(key=%s) for map %s,%s", myself, NIL(key.dptr), map->map_name, map->domain); key = dbm_nextkey(temp_entries_db); } /* Update map TTL */ if (SUCCESS != update_map_ttl(&temp_map)) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not update map TTL " "for %s,%s", myself, map->map_name, map->domain); } /* Set up 'special' nis entries */ add_special_entries(temp_entries_db, map, &secure_flag); /* Close temp DBM files */ dbm_close(temp_entries_db); dbm_close(temp_ttl_db); /* Lock access to the map for copy */ lock_map_ctrl(map); /* Move temp maps to real ones */ rename_map(temp_entries, map->map_path, secure_flag); rename_map(temp_ttl, map->ttl_path, secure_flag); /* Free file names */ sfree(temp_entries); sfree(temp_ttl); /* Unlock map */ unlock_map_ctrl(map); return (SUCCESS); } /* * FUNCTION : get_mapping_map_list() * * DESCRIPTION: Gets a list of nis maps for a given domain specified in the * mapping file. This information is not saved so have to go * through the entire hash table. At least this is only done at * initialization time. * * GIVEN : Domain name * * RETURNS : List of map names in malloced memory. MUST BE FREED BY CALLER. */ char ** get_mapping_map_list(char *domain) { char *myself = "get_mapping_map_list"; __nis_hash_item_mt *it; int i, j, size; char *end_ptr; char **res; /* Result array */ char **res_old; /* Old value of res during realloc */ int array_size; /* Current malloced size */ int res_count = 0; /* Current result count */ /* * Always need an array even if just for terminator. Normally one * chunk will be enough. */ res = am(myself, ARRAY_CHUNK * sizeof (char *)); if (NULL == res) return (NULL); array_size = ARRAY_CHUNK; /* Work out hash table length */ size = sizeof (ldapMappingList.keys) / sizeof (ldapMappingList.keys[0]); /* For all hash table entries */ for (i = 0; i < size; i++) { /* Walk linked list for this hash table entry */ for (it = ldapMappingList.keys[i]; NULL != it; it = it->next) { /* Check it's not a split field entry */ if (0 != ((__nis_table_mapping_t *)it)->numSplits) continue; /* Check right domain (minus trailing dot) */ if (strlen(domain) >= strlen(it->name)) continue; end_ptr = it->name + strlen(it->name) - strlen(domain) - 1; if (',' != *(end_ptr - 1)) continue; if (0 != strncmp(end_ptr, domain, strlen(domain))) continue; /* Check if we need to enlarge array */ if ((res_count + 1) >= array_size) { array_size += ARRAY_CHUNK; res_old = res; res = realloc(res, array_size * sizeof (char *)); if (NULL == res) { res_old[res_count] = NULL; free_passwd_list(res_old); return (NULL); } } /* * We will need the sequence number when we come to * sort the entries so for now store a pointer to * the __nis_hash_item_mt. */ res[res_count] = (char *)it; res_count ++; } } /* Terminate array */ res[res_count] = NULL; /* Bubble sort entries into the same order as mapping file */ for (i = res_count - 2; 0 <= i; i--) { for (j = 0; j <= i; j++) { if (((__nis_table_mapping_t *)res[j + 1])->seq_num < ((__nis_table_mapping_t *)res[j])->seq_num) { end_ptr = res[j]; res[j] = res[j+1]; res[j + 1] = end_ptr; } } } /* Finally copy the real strings in to each entry */ for (i = 0; NULL != res[i]; i ++) { /* Get hash table entry back */ it = (__nis_hash_item_mt *)res[i]; end_ptr = it->name + strlen(it->name) - strlen(domain) - 1; /* What we really need is strndup() */ res[i] = am(myself, end_ptr - it->name + 1); if (NULL == res[i]) { free_map_list(res); return (NULL); } /* Copy from start to end_ptr */ (void) memcpy(res[i], it->name, end_ptr-it->name - 1); } return (res); } /* * FUNCTION : make_nis_container() * * DESCRIPTION: Sets up container for map_name in the DIT. * * GIVEN : Map name * The domain name. * Flag indicating if container should be created. * * RETURNS : SUCCESS = It worked * FAILURE = There was a problem. */ suc_code make_nis_container(char *map_name, char *domain, bool_t init_containers) { int i, rc, statP = SUCCESS; __nis_table_mapping_t *t; char *dn; char *myself = "make_nis_container"; if (!map_name || !domain) return (FAILURE); if (FALSE == init_containers) { /* * If we are not creating containers it is debatable what we * should do . Maybe we should check for a pre- * existing container and return failure if it does not exist. * * For now we assume the user will not have called us in this * mode unless they know what they are doing. So return * success. If they have got it wrong then latter writes will * fail. */ return (SUCCESS); } /* Get the mapping information for the map */ if ((t = mappingFromMap(map_name, domain, &statP)) == 0) { if (statP == MAP_NO_MAPPING_EXISTS) logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: No mapping information available for %s,%s", myself, NIL(map_name), NIL(domain)); return (FAILURE); } /* Two times. One for readDN and other for writeDN */ for (i = 0; i < 2; i++) { if (i == 0) dn = t->objectDN->read.base; else { if (t->objectDN->write.base == 0) { logmsg(MSG_NOTIMECHECK, LOG_INFO, "%s: No baseDN in writespec. Write " "disabled for %s,%s", myself, map_name, domain); break; } if (!strcasecmp(dn, t->objectDN->write.base)) break; dn = t->objectDN->write.base; } if ((rc = makeNISObject(0, dn)) == FAILURE) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Unable to create ldap container (dn: %s) " "for %s,%s", myself, dn, map_name, domain); return (FAILURE); } } return (SUCCESS); } /* * FUNCTION : make_nis_domain() * * DESCRIPTION: Sets up a nisDomainObject in the DIT * * GIVEN: Name of the domain * Flag indicating if domain should be create or possibly just * checked for. */ suc_code make_nis_domain(char *domain, bool_t init_containers) { if (FALSE == init_containers) { /* * If we are not creating containers it is debatable what we * should do with domains. Maybe we should check for a pre- * existing domain and return failure if it does not exist. * * For now we assume the user will not have called us in this * mode unless they know what they are doing. So return * success. If they have got it wrong then latter writes will * fail. */ return (SUCCESS); } /* Create the domain */ return (makeNISObject(domain, 0)); } /* * FUNCTION: update_netgroup_byxxx() * * DESCRIPTION: Updates the netgroup.byxxx series of maps based on the current * netgroup file. We invoke revnetgroup so that if any changes * are made to this utility the same changes are made here. * * INPUTS: map_ctrl containing lots of information about the map and a * pointer to it's lock which will be required. * * OUTPUTS: SUCCESS = Map updated * FAILURE = Map not updated */ suc_code update_netgroup_byxxx(map_ctrl *map) { /* Name of temporary entries DBM file */ char *temp_entries; /* Name of temporary TTL DBM file */ char *temp_ttl; /* Temporary DBM handles */ DBM *temp_entries_db; DBM *temp_ttl_db; map_ctrl temp_map; char *myself = "update_netgroup_byxxx"; char *cmdbuf; int cmd_length; datum key; map_ctrl *netgroupmap; int res; /* Temporary revnetgroup files */ const char *byhost = NETGROUP_BYHOST "_REV" TEMP_POSTFIX; const char *byuser = NETGROUP_BYUSER "_REV" TEMP_POSTFIX; const char *temp_file_name; /* * We need to use two different temporary files: one for netgroup.byhost * and other for netgroup.byuser, since these two maps can be updated * simultaneously. These temporary files will hold the output of * revnetgroup [-h|-u] command. They are then used to generate the * corresponding dbm files and thereafter deleted. */ if (0 == strcmp(map->map_name, NETGROUP_BYHOST)) temp_file_name = byhost; else temp_file_name = byuser; /* Alloc enough cmd buf for revnet cmd */ cmd_length = strlen("/usr/sbin/makedbm -u ") + (strlen(map->map_path) - strlen(map->map_name)) + strlen(NETGROUP_MAP) + strlen(" | /usr/sbin/revnetgroup -h > ") + (strlen(map->map_path) - strlen(map->map_name)) + strlen(temp_file_name) + 1; cmdbuf = am(myself, cmd_length); if (NULL == cmdbuf) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not alloc cmdbuf.", myself); return (FAILURE); } /* * If necessary update (and wait for) netgroups map. This is a lot of * work but if the netgroup map itself is not being accessed it may * contain information that is not up to date with the DIT. * * We use the cmdbuf to store the qualified netgroup map name there will * be enough space for this but we are not yet creating the cmd. */ strlcpy(cmdbuf, map->map_path, strlen(map->map_path) - strlen(map->map_name) + 1); strcat(cmdbuf, NETGROUP_MAP); netgroupmap = (map_ctrl *)shim_dbm_open(cmdbuf, O_RDWR | O_CREAT, 0644); if (NULL == netgroupmap) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not update %s.", myself, cmdbuf); sfree(cmdbuf); return (FAILURE); } if (has_map_expired(netgroupmap)) { lock_map_ctrl(netgroupmap); update_map_if_required(netgroupmap, TRUE); unlock_map_ctrl(netgroupmap); } shim_dbm_close((DBM *)netgroupmap); /* Dump netgroup file through revnetgroup to a temp file */ strcpy(cmdbuf, "/usr/sbin/makedbm -u "); /* Unmake the netgroup file in same domain as map */ strncat(cmdbuf, map->map_path, strlen(map->map_path) - strlen(map->map_name)); strcat(cmdbuf, NETGROUP_MAP); if (0 == strcmp(map->map_name, NETGROUP_BYHOST)) { strcat(cmdbuf, " | /usr/sbin/revnetgroup -h > "); } else { strcat(cmdbuf, " | /usr/sbin/revnetgroup -u > "); } /* Create temp file file in same domain as map */ strncat(cmdbuf, map->map_path, strlen(map->map_path) - strlen(map->map_name)); strcat(cmdbuf, temp_file_name); if (0 > system(cmdbuf)) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not run \"%s\" " "(errno=%d)", myself, cmdbuf, errno); sfree(cmdbuf); return (FAILURE); } sfree(cmdbuf); /* Allocate and set up names */ if (SUCCESS != alloc_temp_names(map->map_path, &temp_entries, &temp_ttl)) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Unable to create map names for %s", myself, map->map_path); return (FAILURE); } /* Make the temporary DBM file */ cmdbuf = am(myself, strlen("/usr/sbin/makedbm") + (strlen(map->map_path) - strlen(map->map_name)) + strlen(temp_file_name) + strlen(temp_entries) + 3); if (NULL == cmdbuf) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not allocate cmdbuf.", myself); sfree(temp_entries); sfree(temp_ttl); return (FAILURE); } strcpy(cmdbuf, "/usr/sbin/makedbm "); strncat(cmdbuf, map->map_path, strlen(map->map_path) - strlen(map->map_name)); strcat(cmdbuf, temp_file_name); strcat(cmdbuf, " "); strcat(cmdbuf, temp_entries); if (0 > system(cmdbuf)) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not run \"%s\" " "(errno=%d)", myself, cmdbuf, errno); sfree(cmdbuf); sfree(temp_entries); sfree(temp_ttl); return (FAILURE); } /* Already have enough command buffer to rm temporary file */ strlcpy(cmdbuf, map->map_path, strlen(map->map_path) - strlen(map->map_name) + 1); strcat(cmdbuf, temp_file_name); res = unlink(cmdbuf); /* If the temp file did not exist no problem. Probably had no entries */ if ((0 != res) && (ENOENT != errno)) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not delete \"%s\" " "(errno=%d)", myself, cmdbuf, errno); sfree(temp_entries); sfree(temp_ttl); sfree(cmdbuf); return (FAILURE); } sfree(cmdbuf); if ((temp_entries_db = dbm_open(temp_entries, O_RDWR | O_CREAT, 0644)) == NULL) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not open %s", myself, temp_entries); sfree(temp_entries); sfree(temp_ttl); return (FAILURE); } if ((temp_ttl_db = dbm_open(temp_ttl, O_RDWR | O_CREAT, 0644)) == NULL) { logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not open %s", myself, temp_ttl); dbm_close(temp_entries_db); sfree(temp_entries); sfree(temp_ttl); return (FAILURE); } /* * Set up enough of map_ctrl to call update_entry_ttl. Since there is * no mapping, and thus not TTL, defined for these maps use the TTL * values for netgroup map */ temp_map.map_name = NETGROUP_MAP; temp_map.domain = map->domain; temp_map.ttl = temp_ttl_db; /* * Generate new TTL file. Since these maps work only on the whole map * expiry these will not actually be used but there presence makes it * easier to handle these maps in the same way as other maps. */ key = dbm_firstkey(temp_entries_db); while (key.dptr != 0) { if (!is_special_key(&key)) /* * For these maps want all timouts to be maximum */ if (FAILURE == update_entry_ttl(&temp_map, &key, TTL_MAX)) logmsg(MSG_NOTIMECHECK, LOG_ERR, "%s: Could not update TTL for " "(key=%s) for map %s,%s", myself, NIL(key.dptr), map->map_name, map->domain); key = dbm_nextkey(temp_entries_db); } /* Update map TTL */ update_map_ttl(&temp_map); /* Close temp DBM files */ dbm_close(temp_entries_db); dbm_close(temp_ttl_db); /* Lock access to the map for copy */ lock_map_ctrl(map); /* Move temp maps to real ones */ rename_map(temp_entries, map->map_path, FALSE); rename_map(temp_ttl, map->ttl_path, FALSE); /* Free file names */ sfree(temp_entries); sfree(temp_ttl); /* Unlock map */ unlock_map_ctrl(map); return (SUCCESS); }