17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5b446700bSjanga * Common Development and Distribution License (the "License").
6b446700bSjanga * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
2145916cd2Sjpk
227c478bd9Sstevel@tonic-gate /*
23*07925104Sgww * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate #include <ctype.h>
277c478bd9Sstevel@tonic-gate #include <libintl.h>
287c478bd9Sstevel@tonic-gate #include <strings.h>
297c478bd9Sstevel@tonic-gate #include <stdio.h>
3045916cd2Sjpk #include <tsol/label.h>
317c478bd9Sstevel@tonic-gate #include "../../../lib/libsldap/common/ns_sldap.h"
327c478bd9Sstevel@tonic-gate
337c478bd9Sstevel@tonic-gate
347c478bd9Sstevel@tonic-gate #define SAME 0
357c478bd9Sstevel@tonic-gate
367c478bd9Sstevel@tonic-gate struct mapping {
377c478bd9Sstevel@tonic-gate char *database;
387c478bd9Sstevel@tonic-gate char *def_type;
397c478bd9Sstevel@tonic-gate char *objectclass;
407c478bd9Sstevel@tonic-gate char *actual_db;
417c478bd9Sstevel@tonic-gate };
427c478bd9Sstevel@tonic-gate
437c478bd9Sstevel@tonic-gate #define PUBLICKEY 0
447c478bd9Sstevel@tonic-gate
457c478bd9Sstevel@tonic-gate static struct mapping maplist[] = {
467c478bd9Sstevel@tonic-gate {"publickey", "uidnumber", "niskeyobject", "passwd"},
477c478bd9Sstevel@tonic-gate {"publickey", "cn", "niskeyobject", "host"},
487c478bd9Sstevel@tonic-gate {"bootparams", "cn", "bootableDevice", NULL},
497c478bd9Sstevel@tonic-gate {"ethers", "cn", "ieee802Device", NULL},
507c478bd9Sstevel@tonic-gate {"group", "cn", "posixgroup", NULL},
517c478bd9Sstevel@tonic-gate {"hosts", "cn", "iphost", NULL},
527c478bd9Sstevel@tonic-gate {"ipnodes", "cn", "iphost", NULL},
537c478bd9Sstevel@tonic-gate {"netgroup", "cn", "nisnetgroup", NULL},
547c478bd9Sstevel@tonic-gate {"netmasks", "ipnetworknumber", "ipnetwork", NULL},
557c478bd9Sstevel@tonic-gate {"networks", "ipnetworknumber", "ipnetwork", NULL},
567c478bd9Sstevel@tonic-gate {"passwd", "uid", "posixaccount", NULL},
577c478bd9Sstevel@tonic-gate {"protocols", "cn", "ipprotocol", NULL},
587c478bd9Sstevel@tonic-gate {"rpc", "cn", "oncrpc", NULL},
597c478bd9Sstevel@tonic-gate {"services", "cn", "ipservice", NULL},
607c478bd9Sstevel@tonic-gate {"aliases", "cn", "mailGroup", NULL},
617c478bd9Sstevel@tonic-gate {"project", "SolarisProjectID", "SolarisProject", NULL},
627c478bd9Sstevel@tonic-gate {"printers", "printer-uri", "sunPrinter", NULL},
637c478bd9Sstevel@tonic-gate {"shadow", "uid", "shadowaccount", NULL},
647c478bd9Sstevel@tonic-gate {"auth_attr", "cn", "SolarisAuthAttr", NULL},
657c478bd9Sstevel@tonic-gate {"prof_attr", "cn", "SolarisProfAttr", NULL},
667c478bd9Sstevel@tonic-gate {"exec_attr", "cn", "SolarisExecAttr", NULL},
677c478bd9Sstevel@tonic-gate {"user_attr", "uid", "SolarisUserAttr", NULL},
6845916cd2Sjpk {"tnrhtp", "ipTnetTemplateName", "ipTnetTemplate", NULL},
6945916cd2Sjpk {"tnrhdb", "ipTnetNumber", "ipTnetHost", NULL},
707c478bd9Sstevel@tonic-gate {NULL, NULL, NULL, NULL}
717c478bd9Sstevel@tonic-gate };
727c478bd9Sstevel@tonic-gate
73cb5caa98Sdjl #define PROF_ATTR_FILTER \
74cb5caa98Sdjl "(&(objectclass=SolarisProfAttr)(!(SolarisKernelSecurityPolicy=*))%s)"
75cb5caa98Sdjl #define TNRHTP_FILTER \
76cb5caa98Sdjl "(&(objectclass=ipTnetTemplate)(!(objectclass=ipTnetHost))%s)"
77cb5caa98Sdjl #define OC_FILTER "objectclass=%s"
78cb5caa98Sdjl #define OC_FLEN 15
79cb5caa98Sdjl #define OC_FILTER2 "(&(objectclass=%s)%s)"
80cb5caa98Sdjl #define OC_FLEN2 22
81cb5caa98Sdjl
82b446700bSjanga /* Malloc and print error message in case of failure */
83b446700bSjanga #define MALLOC(ptr, len) \
84b446700bSjanga if ((ptr = (char *)malloc(len)) == NULL) { \
85b446700bSjanga (void) fprintf(stderr, gettext("out of memory\n")); \
86b446700bSjanga }
87b446700bSjanga
88b446700bSjanga /*
89b446700bSjanga * Allocate memory for filter and user data. Set
90b446700bSjanga * error to 1 if either of the mallocs fail.
91b446700bSjanga * In addition, free the memory allocated for filter,
92b446700bSjanga * if memory allocation for user data fails.
93b446700bSjanga */
94b446700bSjanga #define MALLOC_FILTER_UDATA(ptr1, len1, ptr2, len2, error) \
95b446700bSjanga error = 0; \
96b446700bSjanga MALLOC(ptr1, len1); \
97b446700bSjanga if (!ptr1) { \
98b446700bSjanga error = 1; \
99b446700bSjanga } \
100b446700bSjanga else { \
101b446700bSjanga MALLOC(ptr2, len2); \
102b446700bSjanga if (!ptr2) { \
103b446700bSjanga error = 1; \
104b446700bSjanga free(ptr1); \
105b446700bSjanga } \
106b446700bSjanga }
1077c478bd9Sstevel@tonic-gate
1087c478bd9Sstevel@tonic-gate void
printMapping()1097c478bd9Sstevel@tonic-gate printMapping()
1107c478bd9Sstevel@tonic-gate {
1117c478bd9Sstevel@tonic-gate int i;
1127c478bd9Sstevel@tonic-gate
113b446700bSjanga (void) fprintf(stdout,
114*07925104Sgww gettext("database default type objectclass\n"));
115b446700bSjanga (void) fprintf(stdout,
116*07925104Sgww gettext("============= ================= =============\n"));
1177c478bd9Sstevel@tonic-gate /* first dump auto_* and automount which are not in maplist[] */
118b446700bSjanga (void) fprintf(stdout, "%-15s%-20s%s\n", "auto_*", "automountKey",
119*07925104Sgww "automount");
120b446700bSjanga (void) fprintf(stdout, "%-15s%-20s%s\n", "automount",
121*07925104Sgww "automountMapName", "automountMap");
1227c478bd9Sstevel@tonic-gate for (i = 0; maplist[i].database != NULL; i++) {
12345916cd2Sjpk /* skip printing shadow */
12445916cd2Sjpk if (strcasecmp(maplist[i].database, "shadow") == 0)
12545916cd2Sjpk continue;
12645916cd2Sjpk if (!is_system_labeled()) {
12745916cd2Sjpk /*
12845916cd2Sjpk * do not print tnrhdb and tnrhtp if system is
12945916cd2Sjpk * not configured with Trusted Extensions
13045916cd2Sjpk */
13145916cd2Sjpk if ((strcasecmp(maplist[i].database, "tnrhdb") == 0) ||
13245916cd2Sjpk (strcasecmp(maplist[i].database, "tnrhtp") == 0))
13345916cd2Sjpk continue;
13445916cd2Sjpk }
135b446700bSjanga (void) fprintf(stdout, "%-15s%-20s%s\n", maplist[i].database,
13645916cd2Sjpk maplist[i].def_type, maplist[i].objectclass);
1377c478bd9Sstevel@tonic-gate }
1387c478bd9Sstevel@tonic-gate }
1397c478bd9Sstevel@tonic-gate
140b446700bSjanga /*
141b446700bSjanga * set_key routine to handle user specified keys.
142b446700bSjanga * A key can be of the form: attribute=value or value.
143b446700bSjanga * A filter is constructed from a set of keys specified in
144b446700bSjanga * the form (|(key1)(key2)...(keyn))
145b446700bSjanga * It returns: NULL if no keys are defined or
146b446700bSjanga * the keyfilter as constructed above.
147b446700bSjanga */
1487c478bd9Sstevel@tonic-gate
1497c478bd9Sstevel@tonic-gate char *
set_keys(char ** key,char * attrtype)1507c478bd9Sstevel@tonic-gate set_keys(char **key, char *attrtype)
1517c478bd9Sstevel@tonic-gate {
1527c478bd9Sstevel@tonic-gate char *keyeq = NULL;
153b446700bSjanga char *keyfilter = NULL;
154b446700bSjanga int len, totlen = 1; /* Terminating NULL byte */
1557c478bd9Sstevel@tonic-gate char *k, **karray;
156b446700bSjanga char *tmpptr;
1577c478bd9Sstevel@tonic-gate
1587c478bd9Sstevel@tonic-gate if (!key || !key[0]) /* should never contain NULL string */
1597c478bd9Sstevel@tonic-gate return (NULL);
1607c478bd9Sstevel@tonic-gate
161b446700bSjanga if (key[1]) {
162b446700bSjanga totlen += 3;
163b446700bSjanga /* Allocate memory for '(|)' */
164b446700bSjanga MALLOC(keyfilter, totlen);
165b446700bSjanga if (!keyfilter)
166b446700bSjanga exit(2);
167b446700bSjanga (void) snprintf(keyfilter, totlen, "(|");
1687c478bd9Sstevel@tonic-gate }
1697c478bd9Sstevel@tonic-gate
1707c478bd9Sstevel@tonic-gate karray = key;
171b446700bSjanga while ((k = *karray) != 0) {
1727c478bd9Sstevel@tonic-gate keyeq = strchr(k, '=');
173b446700bSjanga if (keyeq) {
174b446700bSjanga /* make enough room for (%s) */
175b446700bSjanga totlen += strlen(k) + 2;
176b446700bSjanga } else {
177b446700bSjanga /* make enough room for (%s=%s) */
178b446700bSjanga totlen += strlen(attrtype) + strlen(k) + 3;
179b446700bSjanga }
180b446700bSjanga
181b446700bSjanga len = keyfilter ? strlen(keyfilter) : 0;
182b446700bSjanga
183b446700bSjanga if (!(tmpptr = (char *)realloc(keyfilter, totlen))) {
184b446700bSjanga if (keyfilter)
185b446700bSjanga free(keyfilter);
186b446700bSjanga (void) fprintf(stderr, gettext("out of memory\n"));
1877c478bd9Sstevel@tonic-gate exit(2);
1887c478bd9Sstevel@tonic-gate }
189b446700bSjanga keyfilter = tmpptr;
190b446700bSjanga
191b446700bSjanga if (keyeq) {
192b446700bSjanga (void) snprintf(keyfilter + len, totlen - len,
193*07925104Sgww "(%s)", k);
194b446700bSjanga } else {
195b446700bSjanga (void) snprintf(keyfilter + len, totlen - len,
196*07925104Sgww "(%s=%s)", attrtype, k);
197b446700bSjanga }
1987c478bd9Sstevel@tonic-gate karray++;
1997c478bd9Sstevel@tonic-gate }
200b446700bSjanga
201b446700bSjanga if (key[1]) {
202b446700bSjanga /* We allocated memory for this earlier */
203b446700bSjanga (void) strlcat(keyfilter, ")", totlen);
204b446700bSjanga }
205b446700bSjanga
2067c478bd9Sstevel@tonic-gate return (keyfilter);
2077c478bd9Sstevel@tonic-gate }
2087c478bd9Sstevel@tonic-gate
2097c478bd9Sstevel@tonic-gate
2107c478bd9Sstevel@tonic-gate /*
2117c478bd9Sstevel@tonic-gate * A special set_key routine for to handle public keys.
2127c478bd9Sstevel@tonic-gate * If the key starts with a digiti, view it as a user id.
2137c478bd9Sstevel@tonic-gate * Otherwise, view it as a hostname.
2147c478bd9Sstevel@tonic-gate * It returns: -1 no keys defined, 0 key defined but none for type
2157c478bd9Sstevel@tonic-gate * specified, n>0 number of matches found.
2167c478bd9Sstevel@tonic-gate */
2177c478bd9Sstevel@tonic-gate int
set_keys_publickey(char ** key,char * attrtype,int type,char ** ret)2187c478bd9Sstevel@tonic-gate set_keys_publickey(char **key, char *attrtype, int type, char **ret)
2197c478bd9Sstevel@tonic-gate {
2207c478bd9Sstevel@tonic-gate char *keyeq = NULL;
221b446700bSjanga char *keyfilter = NULL;
222b446700bSjanga char *pre_filter = NULL;
2237c478bd9Sstevel@tonic-gate char *k, **karray;
2247c478bd9Sstevel@tonic-gate int count = 0;
225b446700bSjanga int len, totlen = 1; /* Terminating NULL byte */
226b446700bSjanga char *tmpptr;
2277c478bd9Sstevel@tonic-gate
2287c478bd9Sstevel@tonic-gate if (!key || !key[0]) { /* should never contain NULL string */
2297c478bd9Sstevel@tonic-gate *ret = NULL;
2307c478bd9Sstevel@tonic-gate return (-1);
2317c478bd9Sstevel@tonic-gate }
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate karray = key;
234b446700bSjanga while ((k = *karray) != 0) {
2357c478bd9Sstevel@tonic-gate keyeq = strchr(k, '=');
236b446700bSjanga if (keyeq) {
237b446700bSjanga /* make enough room for (%s) */
238b446700bSjanga totlen += strlen(k) + 2;
239b446700bSjanga } else {
240b446700bSjanga if ((type == 0 && isdigit(*k)) ||
2417c478bd9Sstevel@tonic-gate /* user type keys */
242b446700bSjanga (type == 1 && (!isdigit(*k)))) {
2437c478bd9Sstevel@tonic-gate /* hosts type keys */
244b446700bSjanga /* make enough room for (%s=%s) */
245b446700bSjanga totlen += strlen(k) + strlen(attrtype) + 3;
2467c478bd9Sstevel@tonic-gate } else {
2477c478bd9Sstevel@tonic-gate karray++;
2487c478bd9Sstevel@tonic-gate continue;
2497c478bd9Sstevel@tonic-gate }
2507c478bd9Sstevel@tonic-gate }
251b446700bSjanga
252b446700bSjanga len = pre_filter ? strlen(pre_filter) : 0;
253b446700bSjanga
254b446700bSjanga if (!(tmpptr = (char *)realloc(pre_filter, totlen))) {
255b446700bSjanga if (pre_filter)
256b446700bSjanga free(pre_filter);
257b446700bSjanga (void) fprintf(stderr, gettext("out of memory\n"));
2587c478bd9Sstevel@tonic-gate exit(2);
2597c478bd9Sstevel@tonic-gate }
260b446700bSjanga pre_filter = tmpptr;
261b446700bSjanga
262b446700bSjanga if (keyeq) {
263b446700bSjanga (void) snprintf(pre_filter + len, totlen - len,
264*07925104Sgww "(%s)", k);
265b446700bSjanga } else {
266b446700bSjanga (void) snprintf(pre_filter + len, totlen - len,
267*07925104Sgww "(%s=%s)", attrtype, k);
268b446700bSjanga }
2697c478bd9Sstevel@tonic-gate karray++;
2707c478bd9Sstevel@tonic-gate count++;
2717c478bd9Sstevel@tonic-gate }
2727c478bd9Sstevel@tonic-gate if (count > 1) {
273b446700bSjanga len = strlen(pre_filter) + 4;
274b446700bSjanga if (!(keyfilter = (char *)malloc(len))) {
275b446700bSjanga (void) fprintf(stderr, gettext("out of memory\n"));
276b446700bSjanga free(pre_filter);
2777c478bd9Sstevel@tonic-gate exit(2);
2787c478bd9Sstevel@tonic-gate }
279b446700bSjanga (void) snprintf(keyfilter, len, "(|%s)", pre_filter);
280b446700bSjanga free(pre_filter);
2817c478bd9Sstevel@tonic-gate *ret = keyfilter;
2827c478bd9Sstevel@tonic-gate } else
2837c478bd9Sstevel@tonic-gate *ret = pre_filter;
2847c478bd9Sstevel@tonic-gate return (count);
2857c478bd9Sstevel@tonic-gate }
2867c478bd9Sstevel@tonic-gate
2877c478bd9Sstevel@tonic-gate /*
2887c478bd9Sstevel@tonic-gate * publickey specific set_filter
2897c478bd9Sstevel@tonic-gate * type 0 -> check for user publickeys
2907c478bd9Sstevel@tonic-gate * type 1 -> check for hosts publickeys
2917c478bd9Sstevel@tonic-gate */
2927c478bd9Sstevel@tonic-gate char *
set_filter_publickey(char ** key,char * database,int type,char ** udata)2937c478bd9Sstevel@tonic-gate set_filter_publickey(char **key, char *database, int type, char **udata)
2947c478bd9Sstevel@tonic-gate {
295b446700bSjanga char *filter = NULL;
2967c478bd9Sstevel@tonic-gate char *userdata;
297b446700bSjanga char *keyfilter = NULL;
2987c478bd9Sstevel@tonic-gate int rc;
299b446700bSjanga int filterlen, udatalen;
300b446700bSjanga short nomem = 0;
3017c478bd9Sstevel@tonic-gate
302b446700bSjanga if (!database || !udata) {
3037c478bd9Sstevel@tonic-gate return (NULL);
3047c478bd9Sstevel@tonic-gate }
3057c478bd9Sstevel@tonic-gate
3067c478bd9Sstevel@tonic-gate if (strcasecmp(database, maplist[PUBLICKEY].database) == SAME) {
3077c478bd9Sstevel@tonic-gate rc = set_keys_publickey(key,
308*07925104Sgww maplist[PUBLICKEY + type].def_type, type, &keyfilter);
3097c478bd9Sstevel@tonic-gate switch (rc) {
3107c478bd9Sstevel@tonic-gate case -1:
311b446700bSjanga filterlen = strlen(maplist[PUBLICKEY].objectclass) + 13;
312b446700bSjanga udatalen = 3;
313b446700bSjanga MALLOC_FILTER_UDATA(filter, filterlen, userdata,
314*07925104Sgww udatalen, nomem);
315b446700bSjanga if (!nomem) {
316b446700bSjanga (void) snprintf(filter, filterlen,
317*07925104Sgww "objectclass=%s",
318*07925104Sgww maplist[PUBLICKEY].objectclass);
319b446700bSjanga (void) snprintf(userdata, udatalen, "%%s");
320b446700bSjanga }
3217c478bd9Sstevel@tonic-gate break;
3227c478bd9Sstevel@tonic-gate case 0:
3237c478bd9Sstevel@tonic-gate return (NULL);
3247c478bd9Sstevel@tonic-gate default:
325b446700bSjanga filterlen = strlen(maplist[PUBLICKEY].objectclass) +
326*07925104Sgww strlen(keyfilter) + 18;
327b446700bSjanga udatalen = strlen(keyfilter) + 8;
328b446700bSjanga MALLOC_FILTER_UDATA(filter, filterlen, userdata,
329*07925104Sgww udatalen, nomem);
330b446700bSjanga if (!nomem) {
331*07925104Sgww (void) snprintf(filter, filterlen,
332*07925104Sgww "(&(objectclass=%s)%s)",
333*07925104Sgww maplist[PUBLICKEY].objectclass, keyfilter);
334*07925104Sgww (void) snprintf(userdata, udatalen,
335*07925104Sgww "(&(%%s)%s)", keyfilter);
336b446700bSjanga }
3377c478bd9Sstevel@tonic-gate }
3387c478bd9Sstevel@tonic-gate } else {
3397c478bd9Sstevel@tonic-gate if ((keyfilter = set_keys(key, "cn")) == NULL) {
340b446700bSjanga filterlen = 14;
341b446700bSjanga udatalen = 3;
342b446700bSjanga MALLOC_FILTER_UDATA(filter, filterlen, userdata,
343*07925104Sgww udatalen, nomem);
344b446700bSjanga if (!nomem) {
345b446700bSjanga (void) snprintf(filter, filterlen,
346*07925104Sgww "objectclass=*");
347b446700bSjanga (void) snprintf(userdata, udatalen, "%%s");
348b446700bSjanga }
3497c478bd9Sstevel@tonic-gate } else {
350b446700bSjanga filterlen = strlen(keyfilter) + 1;
351b446700bSjanga udatalen = strlen(keyfilter) + 8;
352b446700bSjanga MALLOC_FILTER_UDATA(filter, filterlen, userdata,
353*07925104Sgww udatalen, nomem);
354b446700bSjanga if (!nomem) {
355b446700bSjanga (void) snprintf(filter, filterlen, "%s",
356*07925104Sgww keyfilter);
357b446700bSjanga (void) snprintf(userdata, udatalen,
358*07925104Sgww "(&(%%s)%s)", keyfilter);
359b446700bSjanga }
3607c478bd9Sstevel@tonic-gate }
3617c478bd9Sstevel@tonic-gate }
3627c478bd9Sstevel@tonic-gate #ifdef DEBUG
363b446700bSjanga (void) fprintf(stdout, "set_filter: filter=\"%s\"\n", filter);
364b446700bSjanga (void) fprintf(stdout, "set_filter: userdata=\"%s\"\n", userdata);
3657c478bd9Sstevel@tonic-gate #endif /* DEBUG */
366b446700bSjanga if (keyfilter)
367b446700bSjanga free(keyfilter);
368b446700bSjanga if (nomem)
369b446700bSjanga exit(2);
370b446700bSjanga *udata = userdata;
3717c478bd9Sstevel@tonic-gate return (filter);
3727c478bd9Sstevel@tonic-gate }
3737c478bd9Sstevel@tonic-gate
3747c478bd9Sstevel@tonic-gate
3757c478bd9Sstevel@tonic-gate /* generic set_filter, this function is not thread safe */
3767c478bd9Sstevel@tonic-gate char *
set_filter(char ** key,char * database,char ** udata)3777c478bd9Sstevel@tonic-gate set_filter(char **key, char *database, char **udata)
3787c478bd9Sstevel@tonic-gate {
379b446700bSjanga char *filter = NULL;
380b446700bSjanga char *userdata = NULL;
3817c478bd9Sstevel@tonic-gate char *keyfilter;
382b446700bSjanga int i, filterlen, udatalen;
3837c478bd9Sstevel@tonic-gate int rc, v2 = 1;
384cb5caa98Sdjl int dbpf, dbtp;
3857c478bd9Sstevel@tonic-gate void **paramVal = NULL;
3867c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp = NULL;
387b446700bSjanga short nomem;
3887c478bd9Sstevel@tonic-gate
389b446700bSjanga if (!database || !udata) {
3907c478bd9Sstevel@tonic-gate return (NULL);
3917c478bd9Sstevel@tonic-gate }
3927c478bd9Sstevel@tonic-gate
3937c478bd9Sstevel@tonic-gate
3947c478bd9Sstevel@tonic-gate /*
3957c478bd9Sstevel@tonic-gate * Check for version of the profile the client is using
3967c478bd9Sstevel@tonic-gate *
3977c478bd9Sstevel@tonic-gate * For version 1 profiles we do use nisMap and nisObject schema
3987c478bd9Sstevel@tonic-gate * for backward compatibility with Solaris 8 clients.
3997c478bd9Sstevel@tonic-gate *
4007c478bd9Sstevel@tonic-gate * For version 2 profiles we use automountMap and automount as
4017c478bd9Sstevel@tonic-gate * default attributes (which can then be overridden in libsldap
4027c478bd9Sstevel@tonic-gate * if schema mapping is configured in the profile).
4037c478bd9Sstevel@tonic-gate *
4047c478bd9Sstevel@tonic-gate * If profile version is not available, use version 2 as default.
4057c478bd9Sstevel@tonic-gate */
4067c478bd9Sstevel@tonic-gate rc = __ns_ldap_getParam(NS_LDAP_FILE_VERSION_P, ¶mVal, &errorp);
4077c478bd9Sstevel@tonic-gate if (rc != NS_LDAP_SUCCESS || !paramVal || !*paramVal) {
4087c478bd9Sstevel@tonic-gate /* should print a message here: using v2 defaults */
4097c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp);
4107c478bd9Sstevel@tonic-gate } else {
4117c478bd9Sstevel@tonic-gate if (strcasecmp(*paramVal, NS_LDAP_VERSION_1) == 0)
4127c478bd9Sstevel@tonic-gate v2 = 0;
4137c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeParam(¶mVal);
4147c478bd9Sstevel@tonic-gate }
4157c478bd9Sstevel@tonic-gate
4167c478bd9Sstevel@tonic-gate /*
4177c478bd9Sstevel@tonic-gate * starts at 2 to skip over publickey databases.
4187c478bd9Sstevel@tonic-gate * These databases are handled separately.
4197c478bd9Sstevel@tonic-gate */
4207c478bd9Sstevel@tonic-gate for (i = 2; maplist[i].database != NULL; i++) {
4217c478bd9Sstevel@tonic-gate if (strcasecmp(database, maplist[i].database) == SAME) {
422cb5caa98Sdjl dbpf = 0, dbtp = 0;
423cb5caa98Sdjl if (strcasecmp(database, "prof_attr") == 0)
424cb5caa98Sdjl dbpf = 1;
425cb5caa98Sdjl else if (strcasecmp(database, "tnrhtp") == 0)
426cb5caa98Sdjl dbtp = 1;
4277c478bd9Sstevel@tonic-gate if ((keyfilter = set_keys(key, maplist[i].def_type))
428*07925104Sgww == NULL) {
429cb5caa98Sdjl filterlen = strlen(maplist[i].objectclass);
430b446700bSjanga udatalen = 3;
431cb5caa98Sdjl if (dbpf)
432cb5caa98Sdjl filterlen += strlen(PROF_ATTR_FILTER)
433*07925104Sgww + 1;
434cb5caa98Sdjl else if (dbtp)
435cb5caa98Sdjl filterlen += strlen(TNRHTP_FILTER) + 1;
436cb5caa98Sdjl else
437cb5caa98Sdjl filterlen += OC_FLEN;
438cb5caa98Sdjl
439b446700bSjanga MALLOC_FILTER_UDATA(filter, filterlen, userdata,
440*07925104Sgww udatalen, nomem);
441cb5caa98Sdjl if (nomem)
442cb5caa98Sdjl goto done;
443cb5caa98Sdjl if (dbpf)
444cb5caa98Sdjl (void) snprintf(filter, filterlen,
445*07925104Sgww PROF_ATTR_FILTER, "");
446cb5caa98Sdjl else if (dbtp)
447cb5caa98Sdjl (void) snprintf(filter, filterlen,
448*07925104Sgww TNRHTP_FILTER, "");
449cb5caa98Sdjl else
450b446700bSjanga (void) snprintf(filter, filterlen,
451*07925104Sgww OC_FILTER,
452*07925104Sgww maplist[i].objectclass);
453cb5caa98Sdjl
454cb5caa98Sdjl (void) snprintf(userdata, udatalen, "%%s");
4557c478bd9Sstevel@tonic-gate } else {
456b446700bSjanga filterlen = strlen(maplist[i].objectclass) +
457*07925104Sgww strlen(keyfilter);
458cb5caa98Sdjl if (dbpf)
459cb5caa98Sdjl filterlen += strlen(PROF_ATTR_FILTER)
460*07925104Sgww + 1;
461cb5caa98Sdjl else if (dbtp)
462cb5caa98Sdjl filterlen += strlen(TNRHTP_FILTER) + 1;
463cb5caa98Sdjl else
464cb5caa98Sdjl filterlen += OC_FLEN2;
465cb5caa98Sdjl
466b446700bSjanga udatalen = strlen(keyfilter) + 8;
467b446700bSjanga MALLOC_FILTER_UDATA(filter, filterlen, userdata,
468*07925104Sgww udatalen, nomem);
469cb5caa98Sdjl if (nomem)
470cb5caa98Sdjl goto done;
471cb5caa98Sdjl if (dbpf)
472b446700bSjanga (void) snprintf(filter, filterlen,
473*07925104Sgww PROF_ATTR_FILTER, keyfilter);
474cb5caa98Sdjl else if (dbtp)
475cb5caa98Sdjl (void) snprintf(filter, filterlen,
476*07925104Sgww TNRHTP_FILTER, keyfilter);
477cb5caa98Sdjl else
478cb5caa98Sdjl (void) snprintf(filter, filterlen,
479*07925104Sgww OC_FILTER2,
480*07925104Sgww maplist[i].objectclass, keyfilter);
481cb5caa98Sdjl
482cb5caa98Sdjl (void) snprintf(userdata, udatalen,
483*07925104Sgww "(&(%%s)%s)", keyfilter);
4847c478bd9Sstevel@tonic-gate }
485b446700bSjanga goto done;
4867c478bd9Sstevel@tonic-gate }
4877c478bd9Sstevel@tonic-gate }
4887c478bd9Sstevel@tonic-gate
4897c478bd9Sstevel@tonic-gate /* special cases for automounter and other services */
4907c478bd9Sstevel@tonic-gate
4917c478bd9Sstevel@tonic-gate /* auto_* services */
4927c478bd9Sstevel@tonic-gate if (strncasecmp(database, "auto_", 5) == SAME) {
493*07925104Sgww if (v2) {
494*07925104Sgww if ((keyfilter = set_keys(key, "automountKey"))
495*07925104Sgww != NULL) {
496*07925104Sgww filterlen = strlen(keyfilter) + 27;
497*07925104Sgww udatalen = strlen(keyfilter) + 8;
498*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen,
499*07925104Sgww userdata, udatalen, nomem);
500*07925104Sgww if (!nomem) {
501*07925104Sgww (void) snprintf(filter, filterlen,
502*07925104Sgww "(&(objectclass=automount)%s)",
503*07925104Sgww keyfilter);
504*07925104Sgww (void) snprintf(userdata, udatalen,
505*07925104Sgww "(&(%%s)%s)", keyfilter);
506*07925104Sgww }
507*07925104Sgww } else {
508*07925104Sgww filterlen = 22;
509*07925104Sgww udatalen = 3;
510*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen,
511*07925104Sgww userdata, udatalen, nomem);
512*07925104Sgww if (!nomem) {
513*07925104Sgww (void) strlcpy(filter,
514*07925104Sgww "objectclass=automount", filterlen);
515*07925104Sgww (void) strlcpy(userdata, "%s",
516*07925104Sgww udatalen);
517*07925104Sgww }
518b446700bSjanga }
5197c478bd9Sstevel@tonic-gate } else {
520*07925104Sgww if ((keyfilter = set_keys(key, "cn")) != NULL) {
521*07925104Sgww filterlen = strlen(keyfilter) + 27;
522*07925104Sgww udatalen = strlen(keyfilter) + 8;
523*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen,
524*07925104Sgww userdata, udatalen, nomem);
525*07925104Sgww if (!nomem) {
526*07925104Sgww (void) snprintf(filter, filterlen,
527*07925104Sgww "(&(objectclass=nisObject)%s)",
528*07925104Sgww keyfilter);
529*07925104Sgww (void) snprintf(userdata, udatalen,
530*07925104Sgww "(&(%%s)%s)", keyfilter);
531*07925104Sgww }
532*07925104Sgww } else {
533*07925104Sgww filterlen = 22;
534*07925104Sgww udatalen = 3;
535*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen,
536*07925104Sgww userdata, udatalen, nomem);
537*07925104Sgww if (!nomem) {
538*07925104Sgww (void) strlcpy(filter,
539*07925104Sgww "objectclass=nisObject", filterlen);
540*07925104Sgww (void) strlcpy(userdata, "%s",
541*07925104Sgww udatalen);
542*07925104Sgww }
543b446700bSjanga }
5447c478bd9Sstevel@tonic-gate }
545*07925104Sgww goto done;
5467c478bd9Sstevel@tonic-gate }
5477c478bd9Sstevel@tonic-gate
5487c478bd9Sstevel@tonic-gate /* automount service */
5497c478bd9Sstevel@tonic-gate if (strcasecmp(database, "automount") == SAME) {
550*07925104Sgww if (v2) {
551*07925104Sgww if ((keyfilter = set_keys(key, "automountMapName"))
552*07925104Sgww != NULL) {
553*07925104Sgww filterlen = strlen(keyfilter) + 30;
554*07925104Sgww udatalen = strlen(keyfilter) + 8;
555*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen,
556*07925104Sgww userdata, udatalen, nomem);
557*07925104Sgww if (!nomem) {
558*07925104Sgww (void) snprintf(filter, filterlen,
559*07925104Sgww "(&(objectclass=automountMap)%s)",
560*07925104Sgww keyfilter);
561*07925104Sgww (void) snprintf(userdata, udatalen,
562*07925104Sgww "(&(%%s)%s)", keyfilter);
563*07925104Sgww }
564*07925104Sgww } else {
565*07925104Sgww filterlen = 25;
566*07925104Sgww udatalen = 3;
567*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen,
568*07925104Sgww userdata, udatalen, nomem);
569*07925104Sgww if (!nomem) {
570*07925104Sgww (void) strlcpy(filter,
571*07925104Sgww "objectclass=automountMap",
572*07925104Sgww filterlen);
573*07925104Sgww (void) strlcpy(userdata, "%s",
574*07925104Sgww udatalen);
575*07925104Sgww }
576b446700bSjanga }
5777c478bd9Sstevel@tonic-gate } else {
578*07925104Sgww if ((keyfilter = set_keys(key, "nisMapName"))
579*07925104Sgww != NULL) {
580*07925104Sgww filterlen = strlen(keyfilter) + 24;
581*07925104Sgww udatalen = strlen(keyfilter) + 8;
582*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen,
583*07925104Sgww userdata, udatalen, nomem);
584*07925104Sgww if (!nomem) {
585*07925104Sgww (void) snprintf(filter, filterlen,
586*07925104Sgww "(&(objectclass=nisMap)%s)",
587*07925104Sgww keyfilter);
588*07925104Sgww (void) snprintf(userdata, udatalen,
589*07925104Sgww "(&(%%s)%s)", keyfilter);
590*07925104Sgww }
591*07925104Sgww } else {
592*07925104Sgww filterlen = 19;
593*07925104Sgww udatalen = 3;
594*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen,
595*07925104Sgww userdata, udatalen, nomem);
596*07925104Sgww if (!nomem) {
597*07925104Sgww (void) strlcpy(filter,
598*07925104Sgww "objectclass=nisMap", filterlen);
599*07925104Sgww (void) strlcpy(userdata, "%s",
600*07925104Sgww udatalen);
601*07925104Sgww }
602b446700bSjanga }
6037c478bd9Sstevel@tonic-gate }
604*07925104Sgww goto done;
6057c478bd9Sstevel@tonic-gate }
6067c478bd9Sstevel@tonic-gate
6077c478bd9Sstevel@tonic-gate /* other services (catch all) */
6087c478bd9Sstevel@tonic-gate if ((keyfilter = set_keys(key, "cn")) == NULL) {
609b446700bSjanga filterlen = 14;
610b446700bSjanga udatalen = 3;
611*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen, userdata, udatalen,
612*07925104Sgww nomem);
613b446700bSjanga if (!nomem) {
614b446700bSjanga (void) snprintf(filter, filterlen, "objectclass=*");
615b446700bSjanga (void) strlcpy(userdata, "%s", udatalen);
616b446700bSjanga }
6177c478bd9Sstevel@tonic-gate } else {
618b446700bSjanga filterlen = strlen(keyfilter) + 1;
619b446700bSjanga udatalen = strlen(keyfilter) + 8;
620*07925104Sgww MALLOC_FILTER_UDATA(filter, filterlen, userdata, udatalen,
621*07925104Sgww nomem);
622b446700bSjanga if (!nomem) {
623b446700bSjanga (void) snprintf(filter, filterlen, "%s", keyfilter);
624b446700bSjanga (void) snprintf(userdata, udatalen, "(&(%%s)%s)",
625*07925104Sgww keyfilter);
626b446700bSjanga }
6277c478bd9Sstevel@tonic-gate }
6287c478bd9Sstevel@tonic-gate
6297c478bd9Sstevel@tonic-gate done:
6307c478bd9Sstevel@tonic-gate #ifdef DEBUG
631b446700bSjanga (void) fprintf(stdout, "set_filter: filter=\"%s\"\n", filter);
632b446700bSjanga (void) fprintf(stdout, "set_filter: userdata=\"%s\"\n", userdata);
6337c478bd9Sstevel@tonic-gate #endif /* DEBUG */
634b446700bSjanga if (keyfilter)
635b446700bSjanga free(keyfilter);
636b446700bSjanga if (nomem)
637b446700bSjanga exit(2);
638b446700bSjanga *udata = userdata;
6397c478bd9Sstevel@tonic-gate return (filter);
6407c478bd9Sstevel@tonic-gate }
641