17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5cb5caa98Sdjl * Common Development and Distribution License (the "License"). 6cb5caa98Sdjl * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*7ddae043Siz * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate /* 297c478bd9Sstevel@tonic-gate * libsldap - library side configuration components 307c478bd9Sstevel@tonic-gate * Routines to manage the config structure 317c478bd9Sstevel@tonic-gate */ 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate #include <stdio.h> 347c478bd9Sstevel@tonic-gate #include <stdlib.h> 357c478bd9Sstevel@tonic-gate #include <string.h> 367c478bd9Sstevel@tonic-gate #include <strings.h> 377c478bd9Sstevel@tonic-gate #include <libintl.h> 387c478bd9Sstevel@tonic-gate #include <locale.h> 397c478bd9Sstevel@tonic-gate #include <thread.h> 407c478bd9Sstevel@tonic-gate #include <synch.h> 417c478bd9Sstevel@tonic-gate #include <errno.h> 427c478bd9Sstevel@tonic-gate #include <unistd.h> 437c478bd9Sstevel@tonic-gate #include <fcntl.h> 447c478bd9Sstevel@tonic-gate #include <ctype.h> 457c478bd9Sstevel@tonic-gate #include <crypt.h> 467c478bd9Sstevel@tonic-gate #include <arpa/inet.h> 477c478bd9Sstevel@tonic-gate #include <sys/types.h> 487c478bd9Sstevel@tonic-gate #include <sys/stat.h> 497c478bd9Sstevel@tonic-gate #include <syslog.h> 507c478bd9Sstevel@tonic-gate #include <netdb.h> 517c478bd9Sstevel@tonic-gate #include <sys/systeminfo.h> 527c478bd9Sstevel@tonic-gate #include <sys/mman.h> 537c478bd9Sstevel@tonic-gate #include <sys/time.h> 547c478bd9Sstevel@tonic-gate #include <limits.h> 557c478bd9Sstevel@tonic-gate #include "ns_sldap.h" 567c478bd9Sstevel@tonic-gate #include "ns_internal.h" 577c478bd9Sstevel@tonic-gate #include "ns_cache_door.h" 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gate #pragma fini(_free_config) 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate static mutex_t ns_parse_lock = DEFAULTMUTEX; 627c478bd9Sstevel@tonic-gate static mutex_t ns_loadrefresh_lock = DEFAULTMUTEX; 637c478bd9Sstevel@tonic-gate static ns_config_t *current_config = NULL; 647c478bd9Sstevel@tonic-gate 657c478bd9Sstevel@tonic-gate static int cache_server = FALSE; 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate /* 687c478bd9Sstevel@tonic-gate * Parameter Index Type validation routines 697c478bd9Sstevel@tonic-gate */ 707c478bd9Sstevel@tonic-gate static int 717c478bd9Sstevel@tonic-gate __s_val_postime(ParamIndexType i, ns_default_config *def, 727c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf); 737c478bd9Sstevel@tonic-gate static int 747c478bd9Sstevel@tonic-gate __s_val_basedn(ParamIndexType i, ns_default_config *def, 757c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf); 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate static int 787c478bd9Sstevel@tonic-gate __s_val_binddn(ParamIndexType i, ns_default_config *def, 797c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf); 807c478bd9Sstevel@tonic-gate 817c478bd9Sstevel@tonic-gate static int 827c478bd9Sstevel@tonic-gate __s_val_bindpw(ParamIndexType i, ns_default_config *def, 837c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf); 847c478bd9Sstevel@tonic-gate 857c478bd9Sstevel@tonic-gate static int 867c478bd9Sstevel@tonic-gate __s_val_serverList(ParamIndexType i, ns_default_config *def, 877c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf); 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate /* 907c478bd9Sstevel@tonic-gate * Forward declarations 917c478bd9Sstevel@tonic-gate */ 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate static ns_parse_status 947c478bd9Sstevel@tonic-gate verify_value(ns_config_t *cfg, char *name, char *value, char *errstr); 957c478bd9Sstevel@tonic-gate 967c478bd9Sstevel@tonic-gate static int 977c478bd9Sstevel@tonic-gate set_default_value(ns_config_t *configptr, char *name, char *value, 987c478bd9Sstevel@tonic-gate ns_ldap_error_t **error); 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate static void 1017c478bd9Sstevel@tonic-gate set_curr_config(ns_config_t *ptr); 1027c478bd9Sstevel@tonic-gate 1037c478bd9Sstevel@tonic-gate static int 1047c478bd9Sstevel@tonic-gate __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error); 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate static ns_config_t * 1077c478bd9Sstevel@tonic-gate SetDoorInfo(char *buffer, ns_ldap_error_t **errorp); 1087c478bd9Sstevel@tonic-gate 1097c478bd9Sstevel@tonic-gate static boolean_t 1107c478bd9Sstevel@tonic-gate timetorefresh(ns_config_t *cfg); 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate static ns_config_t * 1137c478bd9Sstevel@tonic-gate LoadCacheConfiguration(ns_ldap_error_t **error); 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate static void ** 1167c478bd9Sstevel@tonic-gate dupParam(ns_param_t *ptr); 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate static time_t 1197c478bd9Sstevel@tonic-gate conv_time(char *s); 1207c478bd9Sstevel@tonic-gate 1217c478bd9Sstevel@tonic-gate /* 1227c478bd9Sstevel@tonic-gate * Structures used in enum <-> string mapping routines 1237c478bd9Sstevel@tonic-gate */ 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate static ns_enum_map ns_auth_enum_v1[] = { 1267c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_NONE), "NS_LDAP_AUTH_NONE" }, 1277c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_SIMPLE), "NS_LDAP_AUTH_SIMPLE" }, 1287c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_SASL_CRAM_MD5), "NS_LDAP_AUTH_SASL_CRAM_MD5" }, 1297c478bd9Sstevel@tonic-gate { -1, NULL }, 1307c478bd9Sstevel@tonic-gate }; 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate static ns_enum_map ns_auth_enum_v2[] = { 1337c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_NONE), "none" }, 1347c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_SIMPLE), "simple" }, 1357c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_SASL_CRAM_MD5), "sasl/CRAM-MD5" }, 1367c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5), "sasl/DIGEST-MD5" }, 1377c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5_INT), 1387c478bd9Sstevel@tonic-gate "sasl/DIGEST-MD5:auth-int" }, 1397c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5_CONF), 1407c478bd9Sstevel@tonic-gate "sasl/DIGEST-MD5:auth-conf" }, 1417c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_SASL_EXTERNAL), "sasl/EXTERNAL" }, 142cb5caa98Sdjl { ENUM2INT(NS_LDAP_EA_SASL_GSSAPI), "sasl/GSSAPI" }, 1437c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_TLS_NONE), "tls:none" }, 1447c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_TLS_SIMPLE), "tls:simple" }, 1457c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_TLS_SASL_CRAM_MD5), "tls:sasl/CRAM-MD5" }, 1467c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5), "tls:sasl/DIGEST-MD5" }, 1477c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT), 1487c478bd9Sstevel@tonic-gate "tls:sasl/DIGEST-MD5:auth-int" }, 1497c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF), 1507c478bd9Sstevel@tonic-gate "tls:sasl/DIGEST-MD5:auth-conf" }, 1517c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_EA_TLS_SASL_EXTERNAL), "tls:sasl/EXTERNAL" }, 1527c478bd9Sstevel@tonic-gate { -1, NULL }, 1537c478bd9Sstevel@tonic-gate }; 1547c478bd9Sstevel@tonic-gate 1557c478bd9Sstevel@tonic-gate /* V1 ONLY */ 1567c478bd9Sstevel@tonic-gate static ns_enum_map ns_sec_enum_v1[] = { 1577c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_TLS_NONE), "NS_LDAP_SEC_NONE" }, 1587c478bd9Sstevel@tonic-gate { -1, NULL }, 1597c478bd9Sstevel@tonic-gate }; 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate /* V2 ONLY */ 1627c478bd9Sstevel@tonic-gate static ns_enum_map ns_cred_enum_v2[] = { 1637c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_CRED_ANON), "anonymous" }, 1647c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_CRED_PROXY), "proxy" }, 1657c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_CRED_SELF), "self" }, 1667c478bd9Sstevel@tonic-gate { -1, NULL }, 1677c478bd9Sstevel@tonic-gate }; 1687c478bd9Sstevel@tonic-gate 1697c478bd9Sstevel@tonic-gate static ns_enum_map ns_ref_enum_v1[] = { 1707c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_FOLLOWREF), "NS_LDAP_FOLLOWREF" }, 1717c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_NOREF), "NS_LDAP_NOREF" }, 1727c478bd9Sstevel@tonic-gate { -1, NULL }, 1737c478bd9Sstevel@tonic-gate }; 1747c478bd9Sstevel@tonic-gate 1757c478bd9Sstevel@tonic-gate static ns_enum_map ns_ref_enum_v2[] = { 1767c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_FOLLOWREF), "TRUE" }, 1777c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_NOREF), "FALSE" }, 1787c478bd9Sstevel@tonic-gate { -1, NULL }, 1797c478bd9Sstevel@tonic-gate }; 1807c478bd9Sstevel@tonic-gate 1817c478bd9Sstevel@tonic-gate static ns_enum_map ns_scope_enum_v1[] = { 1827c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_SCOPE_BASE), "NS_LDAP_SCOPE_BASE" }, 1837c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_SCOPE_ONELEVEL), "NS_LDAP_SCOPE_ONELEVEL" }, 1847c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_SCOPE_SUBTREE), "NS_LDAP_SCOPE_SUBTREE" }, 1857c478bd9Sstevel@tonic-gate { -1, NULL }, 1867c478bd9Sstevel@tonic-gate }; 1877c478bd9Sstevel@tonic-gate 1887c478bd9Sstevel@tonic-gate static ns_enum_map ns_scope_enum_v2[] = { 1897c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_SCOPE_BASE), "base" }, 1907c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_SCOPE_ONELEVEL), "one" }, 1917c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_SCOPE_SUBTREE), "sub" }, 1927c478bd9Sstevel@tonic-gate { -1, NULL }, 1937c478bd9Sstevel@tonic-gate }; 1947c478bd9Sstevel@tonic-gate 1957c478bd9Sstevel@tonic-gate static ns_enum_map ns_pref_enum[] = { 1967c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_PREF_FALSE), "NS_LDAP_FALSE" }, 1977c478bd9Sstevel@tonic-gate { ENUM2INT(NS_LDAP_PREF_TRUE), "NS_LDAP_TRUE" }, 1987c478bd9Sstevel@tonic-gate { -1, NULL }, 1997c478bd9Sstevel@tonic-gate }; 2007c478bd9Sstevel@tonic-gate 2017c478bd9Sstevel@tonic-gate static int ns_def_auth_v1[] = { 2027c478bd9Sstevel@tonic-gate ENUM2INT(NS_LDAP_EA_NONE), 2037c478bd9Sstevel@tonic-gate 0 2047c478bd9Sstevel@tonic-gate }; 2057c478bd9Sstevel@tonic-gate 2067c478bd9Sstevel@tonic-gate static int ns_def_auth_v2[] = { 2077c478bd9Sstevel@tonic-gate ENUM2INT(NS_LDAP_EA_NONE), 2087c478bd9Sstevel@tonic-gate 0 2097c478bd9Sstevel@tonic-gate }; 2107c478bd9Sstevel@tonic-gate 2117c478bd9Sstevel@tonic-gate static int ns_def_cred_v1[] = { 2127c478bd9Sstevel@tonic-gate ENUM2INT(NS_LDAP_CRED_PROXY), 2137c478bd9Sstevel@tonic-gate 0 2147c478bd9Sstevel@tonic-gate }; 2157c478bd9Sstevel@tonic-gate 2167c478bd9Sstevel@tonic-gate static int ns_def_cred_v2[] = { 2177c478bd9Sstevel@tonic-gate ENUM2INT(NS_LDAP_CRED_ANON), 2187c478bd9Sstevel@tonic-gate 0 2197c478bd9Sstevel@tonic-gate }; 2207c478bd9Sstevel@tonic-gate 2217c478bd9Sstevel@tonic-gate /* 2227c478bd9Sstevel@tonic-gate * The next macro places an integer in the first sizeof(int) bytes of a 2237c478bd9Sstevel@tonic-gate * void pointer location. For 32-bit, it is the same as "(void *) i". It 2247c478bd9Sstevel@tonic-gate * is used to solve a problem found during 64-bit testing. The problem 2257c478bd9Sstevel@tonic-gate * was that for a configuration parameter such as NS_LDAP_SEARCH_REF_P, 2267c478bd9Sstevel@tonic-gate * which is of type INT and has defined default value, an int 2277c478bd9Sstevel@tonic-gate * variable(ns_param.ns_pu.i) defined inside an union(ns_pu) structure, is 2287c478bd9Sstevel@tonic-gate * used to access the defined default value. This requires the default 2297c478bd9Sstevel@tonic-gate * value to be in the first sizeof(int) bytes of the union element. If 2307c478bd9Sstevel@tonic-gate * just using "(void *) intval" to declare the default value in the 2317c478bd9Sstevel@tonic-gate * following defconfig[] structure, the intval data will be placed is the 2327c478bd9Sstevel@tonic-gate * last sizeof(int) bytes. In which case, when accessing via ns_pu_i in 2337c478bd9Sstevel@tonic-gate * a 64-bit system, ZERO will be returned as the default value, not the 2347c478bd9Sstevel@tonic-gate * defined one. 2357c478bd9Sstevel@tonic-gate * 2367c478bd9Sstevel@tonic-gate * Note since amd64 is little-endian, the problem is not an issue. 2377c478bd9Sstevel@tonic-gate * INT2VOIDPTR will just leave the data (i) unchanged. 2387c478bd9Sstevel@tonic-gate */ 2397c478bd9Sstevel@tonic-gate #if defined(__amd64) 2407c478bd9Sstevel@tonic-gate #define INT2VOIDPTR(i) (void *)i 2417c478bd9Sstevel@tonic-gate #else 2427c478bd9Sstevel@tonic-gate #define INT2VOIDPTR(i) \ 2437c478bd9Sstevel@tonic-gate (void *)(((long)(i))<<(8*(sizeof (void *) - sizeof (int)))) 2447c478bd9Sstevel@tonic-gate #endif 2457c478bd9Sstevel@tonic-gate /* 2467c478bd9Sstevel@tonic-gate * The default configuration table 2477c478bd9Sstevel@tonic-gate * Version 1 entries are first, V2 entries follow. 2487c478bd9Sstevel@tonic-gate */ 2497c478bd9Sstevel@tonic-gate static ns_default_config defconfig[] = { 2507c478bd9Sstevel@tonic-gate /* optional V1 profile */ 2517c478bd9Sstevel@tonic-gate {"NS_LDAP_FILE_VERSION", NS_LDAP_FILE_VERSION_P, 2527c478bd9Sstevel@tonic-gate CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 2537c478bd9Sstevel@tonic-gate NULL, /* No version number defined in V1 */ 2547c478bd9Sstevel@tonic-gate { CHARPTR, 0, (void *)NS_LDAP_VERSION_1 }, 2557c478bd9Sstevel@tonic-gate NULL, NULL }, 2567c478bd9Sstevel@tonic-gate 2577c478bd9Sstevel@tonic-gate /* ---------- V1 profile ---------- */ 2587c478bd9Sstevel@tonic-gate {"NS_LDAP_BINDDN", NS_LDAP_BINDDN_P, 2597c478bd9Sstevel@tonic-gate CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 2607c478bd9Sstevel@tonic-gate _P1_BINDDN, 2617c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 2627c478bd9Sstevel@tonic-gate __s_val_binddn, NULL }, 2637c478bd9Sstevel@tonic-gate 2647c478bd9Sstevel@tonic-gate {"NS_LDAP_BINDPASSWD", NS_LDAP_BINDPASSWD_P, 2657c478bd9Sstevel@tonic-gate CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 2667c478bd9Sstevel@tonic-gate _P1_BINDPASSWORD, 2677c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 2687c478bd9Sstevel@tonic-gate __s_val_bindpw, NULL }, 2697c478bd9Sstevel@tonic-gate 2707c478bd9Sstevel@tonic-gate {"NS_LDAP_SERVERS", NS_LDAP_SERVERS_P, 2717c478bd9Sstevel@tonic-gate SERVERCONFIG, ARRAYCP, FALSE, NS_LDAP_V1, 2727c478bd9Sstevel@tonic-gate _P1_SERVERS, 2737c478bd9Sstevel@tonic-gate { ARRAYCP, 0, NULL }, 2747c478bd9Sstevel@tonic-gate __s_val_serverList, NULL }, 2757c478bd9Sstevel@tonic-gate 2767c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_BASEDN", NS_LDAP_SEARCH_BASEDN_P, 2777c478bd9Sstevel@tonic-gate SERVERCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 2787c478bd9Sstevel@tonic-gate _P1_SEARCHBASEDN, 2797c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 2807c478bd9Sstevel@tonic-gate __s_val_basedn, NULL }, 2817c478bd9Sstevel@tonic-gate 2827c478bd9Sstevel@tonic-gate {"NS_LDAP_AUTH", NS_LDAP_AUTH_P, 2837c478bd9Sstevel@tonic-gate CLIENTCONFIG, ARRAYAUTH, FALSE, NS_LDAP_V1, 2847c478bd9Sstevel@tonic-gate _P1_AUTHMETHOD, 2857c478bd9Sstevel@tonic-gate { ARRAYAUTH, 1, (void *)&ns_def_auth_v1[0] }, 2867c478bd9Sstevel@tonic-gate NULL, ns_auth_enum_v1 }, 2877c478bd9Sstevel@tonic-gate 2887c478bd9Sstevel@tonic-gate {"NS_LDAP_TRANSPORT_SEC", NS_LDAP_TRANSPORT_SEC_P, 2897c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 2907c478bd9Sstevel@tonic-gate _P1_TRANSPORTSECURITY, 2917c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_LDAP_TLS_NONE) }, 2927c478bd9Sstevel@tonic-gate NULL, ns_sec_enum_v1 }, 2937c478bd9Sstevel@tonic-gate 2947c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_REF", NS_LDAP_SEARCH_REF_P, 2957c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 2967c478bd9Sstevel@tonic-gate _P1_SEARCHREFERRAL, 2977c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_LDAP_FOLLOWREF) }, 2987c478bd9Sstevel@tonic-gate NULL, ns_ref_enum_v1 }, 2997c478bd9Sstevel@tonic-gate 3007c478bd9Sstevel@tonic-gate {"NS_LDAP_DOMAIN", NS_LDAP_DOMAIN_P, 3017c478bd9Sstevel@tonic-gate CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 3027c478bd9Sstevel@tonic-gate NULL, /* not defined in the Profile */ 3037c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 3047c478bd9Sstevel@tonic-gate NULL, NULL }, 3057c478bd9Sstevel@tonic-gate 3067c478bd9Sstevel@tonic-gate {"NS_LDAP_EXP", NS_LDAP_EXP_P, 3077c478bd9Sstevel@tonic-gate SERVERCONFIG, TIMET, TRUE, NS_LDAP_V1, 3087c478bd9Sstevel@tonic-gate NULL, /* initialized by code to time+NS_LDAP_CACHETTL */ 3097c478bd9Sstevel@tonic-gate { INT, 0, 0 }, 3107c478bd9Sstevel@tonic-gate NULL, NULL }, 3117c478bd9Sstevel@tonic-gate 3127c478bd9Sstevel@tonic-gate {"NS_LDAP_CERT_PATH", NS_LDAP_CERT_PATH_P, 3137c478bd9Sstevel@tonic-gate CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 3147c478bd9Sstevel@tonic-gate _P1_CERTIFICATEPATH, 3157c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 3167c478bd9Sstevel@tonic-gate NULL, NULL }, 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate {"NS_LDAP_CERT_PASS", NS_LDAP_CERT_PASS_P, 3197c478bd9Sstevel@tonic-gate CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 3207c478bd9Sstevel@tonic-gate _P1_CERTIFICATEPASSWORD, 3217c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 3227c478bd9Sstevel@tonic-gate NULL, NULL }, 3237c478bd9Sstevel@tonic-gate 3247c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_DN", NS_LDAP_SEARCH_DN_P, 3257c478bd9Sstevel@tonic-gate CLIENTCONFIG, SSDLIST, FALSE, NS_LDAP_V1, 3267c478bd9Sstevel@tonic-gate _P1_DATASEARCHDN, 3277c478bd9Sstevel@tonic-gate { SSDLIST, 0, NULL }, 3287c478bd9Sstevel@tonic-gate NULL, NULL }, 3297c478bd9Sstevel@tonic-gate 3307c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_SCOPE", NS_LDAP_SEARCH_SCOPE_P, 3317c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 3327c478bd9Sstevel@tonic-gate _P1_SEARCHSCOPE, 3337c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_LDAP_SCOPE_ONELEVEL) }, 3347c478bd9Sstevel@tonic-gate NULL, ns_scope_enum_v1 }, 3357c478bd9Sstevel@tonic-gate 3367c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_TIME", NS_LDAP_SEARCH_TIME_P, 3377c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 3387c478bd9Sstevel@tonic-gate _P1_SEARCHTIMELIMIT, 3397c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_DEFAULT_SEARCH_TIMEOUT) }, 3407c478bd9Sstevel@tonic-gate NULL, NULL }, 3417c478bd9Sstevel@tonic-gate 3427c478bd9Sstevel@tonic-gate {"NS_LDAP_SERVER_PREF", NS_LDAP_SERVER_PREF_P, 3437c478bd9Sstevel@tonic-gate CLIENTCONFIG, ARRAYCP, FALSE, NS_LDAP_V1, 3447c478bd9Sstevel@tonic-gate _P1_PREFERREDSERVER, 3457c478bd9Sstevel@tonic-gate { ARRAYCP, 0, NULL }, 3467c478bd9Sstevel@tonic-gate __s_val_serverList, NULL }, 3477c478bd9Sstevel@tonic-gate 3487c478bd9Sstevel@tonic-gate {"NS_LDAP_PREF_ONLY", NS_LDAP_PREF_ONLY_P, 3497c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 3507c478bd9Sstevel@tonic-gate _P1_PREFERREDSERVERONLY, 3517c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_LDAP_PREF_FALSE) }, 3527c478bd9Sstevel@tonic-gate NULL, ns_pref_enum }, 3537c478bd9Sstevel@tonic-gate 3547c478bd9Sstevel@tonic-gate {"NS_LDAP_CACHETTL", NS_LDAP_CACHETTL_P, 3557c478bd9Sstevel@tonic-gate CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 3567c478bd9Sstevel@tonic-gate _P1_CACHETTL, 3577c478bd9Sstevel@tonic-gate { CHARPTR, 0, (void *)EXP_DEFAULT_TTL }, 3587c478bd9Sstevel@tonic-gate __s_val_postime, NULL }, 3597c478bd9Sstevel@tonic-gate 3607c478bd9Sstevel@tonic-gate {"NS_LDAP_PROFILE", NS_LDAP_PROFILE_P, 3617c478bd9Sstevel@tonic-gate CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V1, 3627c478bd9Sstevel@tonic-gate _P_CN, 3637c478bd9Sstevel@tonic-gate { CHARPTR, 0, (void *)DEFAULTCONFIGNAME }, 3647c478bd9Sstevel@tonic-gate NULL, NULL }, 3657c478bd9Sstevel@tonic-gate 3667c478bd9Sstevel@tonic-gate {"NS_LDAP_BIND_TIME", NS_LDAP_BIND_TIME_P, 3677c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V1, 3687c478bd9Sstevel@tonic-gate _P1_BINDTIMELIMIT, 3697c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_DEFAULT_BIND_TIMEOUT) }, 3707c478bd9Sstevel@tonic-gate NULL, NULL }, 3717c478bd9Sstevel@tonic-gate 3727c478bd9Sstevel@tonic-gate /* This configuration option is not visible in V1 */ 3737c478bd9Sstevel@tonic-gate {"NS_LDAP_CREDENTIAL_LEVEL", NS_LDAP_CREDENTIAL_LEVEL_P, 3747c478bd9Sstevel@tonic-gate CLIENTCONFIG, ARRAYCRED, TRUE, NS_LDAP_V1, 3757c478bd9Sstevel@tonic-gate NULL, /* No version defined in V1 */ 3767c478bd9Sstevel@tonic-gate { ARRAYCRED, 0, (void *)&ns_def_cred_v1[0] }, 3777c478bd9Sstevel@tonic-gate NULL, NULL }, 3787c478bd9Sstevel@tonic-gate 3797c478bd9Sstevel@tonic-gate /* ---------- V2 profile ---------- */ 3807c478bd9Sstevel@tonic-gate {"NS_LDAP_FILE_VERSION", NS_LDAP_FILE_VERSION_P, 3817c478bd9Sstevel@tonic-gate CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 3827c478bd9Sstevel@tonic-gate NULL, /* No version number defined in V1 */ 3837c478bd9Sstevel@tonic-gate { CHARPTR, 0, (void *)NS_LDAP_VERSION_2 }, 3847c478bd9Sstevel@tonic-gate NULL, NULL }, 3857c478bd9Sstevel@tonic-gate 3867c478bd9Sstevel@tonic-gate {"NS_LDAP_BINDDN", NS_LDAP_BINDDN_P, 3877c478bd9Sstevel@tonic-gate CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 3887c478bd9Sstevel@tonic-gate NULL, /* not defined in the Profile */ 3897c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 3907c478bd9Sstevel@tonic-gate __s_val_binddn, NULL }, 3917c478bd9Sstevel@tonic-gate {"NS_LDAP_BINDPASSWD", NS_LDAP_BINDPASSWD_P, 3927c478bd9Sstevel@tonic-gate CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 3937c478bd9Sstevel@tonic-gate NULL, /* not defined in the Profile */ 3947c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 3957c478bd9Sstevel@tonic-gate __s_val_bindpw, NULL }, 3967c478bd9Sstevel@tonic-gate {"NS_LDAP_EXP", NS_LDAP_EXP_P, 3977c478bd9Sstevel@tonic-gate SERVERCONFIG, TIMET, TRUE, NS_LDAP_V2, 3987c478bd9Sstevel@tonic-gate NULL, /* initialized by code to time+NS_LDAP_CACHETTL */ 3997c478bd9Sstevel@tonic-gate { INT, 0, 0 }, 4007c478bd9Sstevel@tonic-gate NULL, NULL }, 4017c478bd9Sstevel@tonic-gate 4027c478bd9Sstevel@tonic-gate {"NS_LDAP_SERVER_PREF", NS_LDAP_SERVER_PREF_P, 4037c478bd9Sstevel@tonic-gate CLIENTCONFIG, SERVLIST, FALSE, NS_LDAP_V2, 4047c478bd9Sstevel@tonic-gate _P2_PREFERREDSERVER, 4057c478bd9Sstevel@tonic-gate { SERVLIST, 0, NULL }, 4067c478bd9Sstevel@tonic-gate __s_val_serverList, NULL }, 4077c478bd9Sstevel@tonic-gate 4087c478bd9Sstevel@tonic-gate {"NS_LDAP_SERVERS", NS_LDAP_SERVERS_P, 4097c478bd9Sstevel@tonic-gate SERVERCONFIG, SERVLIST, FALSE, NS_LDAP_V2, 4107c478bd9Sstevel@tonic-gate _P2_DEFAULTSERVER, 4117c478bd9Sstevel@tonic-gate { SERVLIST, 0, NULL }, 4127c478bd9Sstevel@tonic-gate __s_val_serverList, NULL }, 4137c478bd9Sstevel@tonic-gate 4147c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_BASEDN", NS_LDAP_SEARCH_BASEDN_P, 4157c478bd9Sstevel@tonic-gate SERVERCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 4167c478bd9Sstevel@tonic-gate _P2_SEARCHBASEDN, 4177c478bd9Sstevel@tonic-gate { CHARPTR, 0, NULL }, 4187c478bd9Sstevel@tonic-gate __s_val_basedn, NULL }, 4197c478bd9Sstevel@tonic-gate 4207c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_SCOPE", NS_LDAP_SEARCH_SCOPE_P, 4217c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V2, 4227c478bd9Sstevel@tonic-gate _P2_SEARCHSCOPE, 4237c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_LDAP_SCOPE_ONELEVEL) }, 4247c478bd9Sstevel@tonic-gate NULL, ns_scope_enum_v2 }, 4257c478bd9Sstevel@tonic-gate 4267c478bd9Sstevel@tonic-gate {"NS_LDAP_AUTH", NS_LDAP_AUTH_P, 4277c478bd9Sstevel@tonic-gate CLIENTCONFIG, ARRAYAUTH, FALSE, NS_LDAP_V2, 4287c478bd9Sstevel@tonic-gate _P2_AUTHMETHOD, 4297c478bd9Sstevel@tonic-gate { ARRAYAUTH, 2, (void *)&ns_def_auth_v2[0] }, 4307c478bd9Sstevel@tonic-gate NULL, ns_auth_enum_v2 }, 4317c478bd9Sstevel@tonic-gate 4327c478bd9Sstevel@tonic-gate {"NS_LDAP_CREDENTIAL_LEVEL", NS_LDAP_CREDENTIAL_LEVEL_P, 4337c478bd9Sstevel@tonic-gate CLIENTCONFIG, ARRAYCRED, FALSE, NS_LDAP_V2, 4347c478bd9Sstevel@tonic-gate _P2_CREDENTIALLEVEL, 4357c478bd9Sstevel@tonic-gate { ARRAYCRED, 0, (void *)&ns_def_cred_v2[0] }, 4367c478bd9Sstevel@tonic-gate NULL, ns_cred_enum_v2 }, 4377c478bd9Sstevel@tonic-gate 4387c478bd9Sstevel@tonic-gate {"NS_LDAP_SERVICE_SEARCH_DESC", NS_LDAP_SERVICE_SEARCH_DESC_P, 4397c478bd9Sstevel@tonic-gate CLIENTCONFIG, SSDLIST, FALSE, NS_LDAP_V2, 4407c478bd9Sstevel@tonic-gate _P2_SERVICESEARCHDESC, 4417c478bd9Sstevel@tonic-gate { SSDLIST, 0, NULL }, 4427c478bd9Sstevel@tonic-gate NULL, NULL }, 4437c478bd9Sstevel@tonic-gate 4447c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_TIME", NS_LDAP_SEARCH_TIME_P, 4457c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V2, 4467c478bd9Sstevel@tonic-gate _P2_SEARCHTIMELIMIT, 4477c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_DEFAULT_SEARCH_TIMEOUT) }, 4487c478bd9Sstevel@tonic-gate NULL, NULL }, 4497c478bd9Sstevel@tonic-gate 4507c478bd9Sstevel@tonic-gate {"NS_LDAP_BIND_TIME", NS_LDAP_BIND_TIME_P, 4517c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V2, 4527c478bd9Sstevel@tonic-gate _P2_BINDTIMELIMIT, 4537c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_DEFAULT_BIND_TIMEOUT) }, 4547c478bd9Sstevel@tonic-gate NULL, NULL }, 4557c478bd9Sstevel@tonic-gate 4567c478bd9Sstevel@tonic-gate {"NS_LDAP_SEARCH_REF", NS_LDAP_SEARCH_REF_P, 4577c478bd9Sstevel@tonic-gate CLIENTCONFIG, INT, TRUE, NS_LDAP_V2, 4587c478bd9Sstevel@tonic-gate _P2_FOLLOWREFERRALS, 4597c478bd9Sstevel@tonic-gate { INT, 0, INT2VOIDPTR(NS_LDAP_FOLLOWREF) }, 4607c478bd9Sstevel@tonic-gate NULL, ns_ref_enum_v2 }, 4617c478bd9Sstevel@tonic-gate 4627c478bd9Sstevel@tonic-gate {"NS_LDAP_CACHETTL", NS_LDAP_CACHETTL_P, 4637c478bd9Sstevel@tonic-gate CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 4647c478bd9Sstevel@tonic-gate _P2_PROFILETTL, 4657c478bd9Sstevel@tonic-gate { CHARPTR, 0, (void *)EXP_DEFAULT_TTL }, 4667c478bd9Sstevel@tonic-gate __s_val_postime, NULL }, 4677c478bd9Sstevel@tonic-gate 4687c478bd9Sstevel@tonic-gate {"NS_LDAP_ATTRIBUTEMAP", NS_LDAP_ATTRIBUTEMAP_P, 4697c478bd9Sstevel@tonic-gate CLIENTCONFIG, ATTRMAP, FALSE, NS_LDAP_V2, 4707c478bd9Sstevel@tonic-gate _P2_ATTRIBUTEMAP, 4717c478bd9Sstevel@tonic-gate { ATTRMAP, 0, NULL }, 4727c478bd9Sstevel@tonic-gate NULL, NULL }, 4737c478bd9Sstevel@tonic-gate 4747c478bd9Sstevel@tonic-gate {"NS_LDAP_OBJECTCLASSMAP", NS_LDAP_OBJECTCLASSMAP_P, 4757c478bd9Sstevel@tonic-gate CLIENTCONFIG, OBJMAP, FALSE, NS_LDAP_V2, 4767c478bd9Sstevel@tonic-gate _P2_OBJECTCLASSMAP, 4777c478bd9Sstevel@tonic-gate { OBJMAP, 0, NULL }, 4787c478bd9Sstevel@tonic-gate NULL, NULL }, 4797c478bd9Sstevel@tonic-gate 4807c478bd9Sstevel@tonic-gate {"NS_LDAP_PROFILE", NS_LDAP_PROFILE_P, 4817c478bd9Sstevel@tonic-gate CLIENTCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 4827c478bd9Sstevel@tonic-gate _P_CN, 4837c478bd9Sstevel@tonic-gate { CHARPTR, 0, (void *)DEFAULTCONFIGNAME }, 4847c478bd9Sstevel@tonic-gate NULL, NULL }, 4857c478bd9Sstevel@tonic-gate 4867c478bd9Sstevel@tonic-gate {"NS_LDAP_SERVICE_AUTH_METHOD", NS_LDAP_SERVICE_AUTH_METHOD_P, 4877c478bd9Sstevel@tonic-gate CLIENTCONFIG, SAMLIST, FALSE, NS_LDAP_V2, 4887c478bd9Sstevel@tonic-gate _P2_SERVICEAUTHMETHOD, 4897c478bd9Sstevel@tonic-gate { SAMLIST, 0, NULL }, 4907c478bd9Sstevel@tonic-gate NULL, NULL }, 4917c478bd9Sstevel@tonic-gate 4927c478bd9Sstevel@tonic-gate {"NS_LDAP_SERVICE_CRED_LEVEL", NS_LDAP_SERVICE_CRED_LEVEL_P, 4937c478bd9Sstevel@tonic-gate CLIENTCONFIG, SCLLIST, FALSE, NS_LDAP_V2, 4947c478bd9Sstevel@tonic-gate _P2_SERVICECREDLEVEL, 4957c478bd9Sstevel@tonic-gate { SCLLIST, 0, NULL }, 4967c478bd9Sstevel@tonic-gate NULL, NULL }, 4977c478bd9Sstevel@tonic-gate 4987c478bd9Sstevel@tonic-gate {"NS_LDAP_HOST_CERTPATH", NS_LDAP_HOST_CERTPATH_P, 4997c478bd9Sstevel@tonic-gate CREDCONFIG, CHARPTR, TRUE, NS_LDAP_V2, 5007c478bd9Sstevel@tonic-gate NULL, /* not defined in the Profile */ 5017c478bd9Sstevel@tonic-gate { CHARPTR, 0, (void *)NSLDAPDIRECTORY }, 5027c478bd9Sstevel@tonic-gate NULL, NULL }, 5037c478bd9Sstevel@tonic-gate 5047c478bd9Sstevel@tonic-gate /* array terminator [not an entry] */ 5057c478bd9Sstevel@tonic-gate {NULL, NS_LDAP_FILE_VERSION_P, 5067c478bd9Sstevel@tonic-gate CLIENTCONFIG, NS_UNKNOWN, TRUE, NULL, 5077c478bd9Sstevel@tonic-gate NULL, 5087c478bd9Sstevel@tonic-gate { NS_UNKNOWN, 0, NULL }, 5097c478bd9Sstevel@tonic-gate NULL, NULL }, 5107c478bd9Sstevel@tonic-gate }; 5117c478bd9Sstevel@tonic-gate 5127c478bd9Sstevel@tonic-gate static char * 5137c478bd9Sstevel@tonic-gate __getdomainname() 5147c478bd9Sstevel@tonic-gate { 5157c478bd9Sstevel@tonic-gate /* 5167c478bd9Sstevel@tonic-gate * The sysinfo man page recommends using a buffer size 5177c478bd9Sstevel@tonic-gate * of 257 bytes. MAXHOSTNAMELEN is 256. So add 1 here. 5187c478bd9Sstevel@tonic-gate */ 5197c478bd9Sstevel@tonic-gate char buf[MAXHOSTNAMELEN + 1]; 5207c478bd9Sstevel@tonic-gate int status; 5217c478bd9Sstevel@tonic-gate 5227c478bd9Sstevel@tonic-gate status = sysinfo(SI_SRPC_DOMAIN, buf, MAXHOSTNAMELEN); 5237c478bd9Sstevel@tonic-gate if (status < 0) 5247c478bd9Sstevel@tonic-gate return (NULL); 5257c478bd9Sstevel@tonic-gate /* error: not enough space to hold returned value */ 5267c478bd9Sstevel@tonic-gate if (status > sizeof (buf)) 5277c478bd9Sstevel@tonic-gate return (NULL); 5287c478bd9Sstevel@tonic-gate return (strdup(buf)); 5297c478bd9Sstevel@tonic-gate } 5307c478bd9Sstevel@tonic-gate 5317c478bd9Sstevel@tonic-gate void 5327c478bd9Sstevel@tonic-gate __ns_ldap_setServer(int set) 5337c478bd9Sstevel@tonic-gate { 5347c478bd9Sstevel@tonic-gate cache_server = set; 5357c478bd9Sstevel@tonic-gate } 5367c478bd9Sstevel@tonic-gate 5377c478bd9Sstevel@tonic-gate static boolean_t 5387c478bd9Sstevel@tonic-gate timetorefresh(ns_config_t *cfg) 5397c478bd9Sstevel@tonic-gate { 5407c478bd9Sstevel@tonic-gate struct timeval tp; 5417c478bd9Sstevel@tonic-gate static time_t expire = 0; 5427c478bd9Sstevel@tonic-gate 5437c478bd9Sstevel@tonic-gate if (cfg == NULL || gettimeofday(&tp, NULL) == -1) 5447c478bd9Sstevel@tonic-gate return (B_TRUE); 5457c478bd9Sstevel@tonic-gate 5467c478bd9Sstevel@tonic-gate if (cfg->paramList[NS_LDAP_EXP_P].ns_ptype == TIMET) 5477c478bd9Sstevel@tonic-gate expire = cfg->paramList[NS_LDAP_EXP_P].ns_tm; 5487c478bd9Sstevel@tonic-gate else 5497c478bd9Sstevel@tonic-gate return (B_TRUE); 5507c478bd9Sstevel@tonic-gate 5517c478bd9Sstevel@tonic-gate return (expire != 0 && tp.tv_sec > expire); 5527c478bd9Sstevel@tonic-gate } 5537c478bd9Sstevel@tonic-gate 5547c478bd9Sstevel@tonic-gate int 5557c478bd9Sstevel@tonic-gate __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i) 5567c478bd9Sstevel@tonic-gate { 5577c478bd9Sstevel@tonic-gate register ns_enum_map *mapp; 5587c478bd9Sstevel@tonic-gate char *pstart = value; 5597c478bd9Sstevel@tonic-gate char *pend; 5607c478bd9Sstevel@tonic-gate int len; 5617c478bd9Sstevel@tonic-gate 5627c478bd9Sstevel@tonic-gate if (pstart == NULL) 5637c478bd9Sstevel@tonic-gate return (-1); 5647c478bd9Sstevel@tonic-gate 5657c478bd9Sstevel@tonic-gate /* skip leading spaces */ 5667c478bd9Sstevel@tonic-gate while (*pstart == SPACETOK) 5677c478bd9Sstevel@tonic-gate pstart++; 5687c478bd9Sstevel@tonic-gate /* skip trailing spaces */ 5697c478bd9Sstevel@tonic-gate pend = pstart + strlen(pstart) - 1; 570*7ddae043Siz for (; pend >= pstart && *pend == SPACETOK; pend--) 571*7ddae043Siz ; 5727c478bd9Sstevel@tonic-gate len = pend - pstart + 1; 5737c478bd9Sstevel@tonic-gate if (len == 0) 5747c478bd9Sstevel@tonic-gate return (-1); 5757c478bd9Sstevel@tonic-gate 5767c478bd9Sstevel@tonic-gate switch (i) { 5777c478bd9Sstevel@tonic-gate case NS_LDAP_AUTH_P: 5787c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) 5797c478bd9Sstevel@tonic-gate mapp = &ns_auth_enum_v1[0]; 5807c478bd9Sstevel@tonic-gate else 5817c478bd9Sstevel@tonic-gate mapp = &ns_auth_enum_v2[0]; 5827c478bd9Sstevel@tonic-gate break; 5837c478bd9Sstevel@tonic-gate case NS_LDAP_TRANSPORT_SEC_P: 5847c478bd9Sstevel@tonic-gate return (-1); 5857c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_SCOPE_P: 5867c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) 5877c478bd9Sstevel@tonic-gate mapp = &ns_scope_enum_v1[0]; 5887c478bd9Sstevel@tonic-gate else 5897c478bd9Sstevel@tonic-gate mapp = &ns_scope_enum_v2[0]; 5907c478bd9Sstevel@tonic-gate break; 5917c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_REF_P: 5927c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) 5937c478bd9Sstevel@tonic-gate mapp = &ns_ref_enum_v1[0]; 5947c478bd9Sstevel@tonic-gate else 5957c478bd9Sstevel@tonic-gate mapp = &ns_ref_enum_v2[0]; 5967c478bd9Sstevel@tonic-gate break; 5977c478bd9Sstevel@tonic-gate case NS_LDAP_PREF_ONLY_P: 5987c478bd9Sstevel@tonic-gate mapp = &ns_pref_enum[0]; 5997c478bd9Sstevel@tonic-gate break; 6007c478bd9Sstevel@tonic-gate case NS_LDAP_CREDENTIAL_LEVEL_P: 6017c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) 6027c478bd9Sstevel@tonic-gate return (-1); 6037c478bd9Sstevel@tonic-gate else 6047c478bd9Sstevel@tonic-gate mapp = &ns_cred_enum_v2[0]; 6057c478bd9Sstevel@tonic-gate break; 6067c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_AUTH_METHOD_P: 6077c478bd9Sstevel@tonic-gate mapp = &ns_auth_enum_v2[0]; 6087c478bd9Sstevel@tonic-gate break; 6097c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_CRED_LEVEL_P: 6107c478bd9Sstevel@tonic-gate mapp = &ns_cred_enum_v2[0]; 6117c478bd9Sstevel@tonic-gate break; 6127c478bd9Sstevel@tonic-gate default: 6137c478bd9Sstevel@tonic-gate return (-1); 6147c478bd9Sstevel@tonic-gate } 6157c478bd9Sstevel@tonic-gate 6167c478bd9Sstevel@tonic-gate for (; mapp->name != NULL; mapp++) { 6177c478bd9Sstevel@tonic-gate if (strncasecmp(pstart, mapp->name, len) == 0 && 618*7ddae043Siz (strlen(mapp->name) == len)) { 6197c478bd9Sstevel@tonic-gate return (mapp->value); 6207c478bd9Sstevel@tonic-gate } 6217c478bd9Sstevel@tonic-gate } 6227c478bd9Sstevel@tonic-gate return (-1); 6237c478bd9Sstevel@tonic-gate } 6247c478bd9Sstevel@tonic-gate 6257c478bd9Sstevel@tonic-gate char * 6267c478bd9Sstevel@tonic-gate __s_get_auth_name(ns_config_t *ptr, AuthType_t type) 6277c478bd9Sstevel@tonic-gate { 6287c478bd9Sstevel@tonic-gate register ns_enum_map *mapp; 6297c478bd9Sstevel@tonic-gate 6307c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) 6317c478bd9Sstevel@tonic-gate mapp = &ns_auth_enum_v1[0]; 6327c478bd9Sstevel@tonic-gate else 6337c478bd9Sstevel@tonic-gate mapp = &ns_auth_enum_v2[0]; 6347c478bd9Sstevel@tonic-gate 6357c478bd9Sstevel@tonic-gate for (; mapp->name != NULL; mapp++) { 6367c478bd9Sstevel@tonic-gate if (type == INT2AUTHENUM(mapp->value)) { 6377c478bd9Sstevel@tonic-gate return (mapp->name); 6387c478bd9Sstevel@tonic-gate } 6397c478bd9Sstevel@tonic-gate } 6407c478bd9Sstevel@tonic-gate return ("Unknown AuthType_t type specified"); 6417c478bd9Sstevel@tonic-gate } 6427c478bd9Sstevel@tonic-gate 6437c478bd9Sstevel@tonic-gate 6447c478bd9Sstevel@tonic-gate char * 6457c478bd9Sstevel@tonic-gate __s_get_security_name(ns_config_t *ptr, TlsType_t type) 6467c478bd9Sstevel@tonic-gate { 6477c478bd9Sstevel@tonic-gate register ns_enum_map *mapp; 6487c478bd9Sstevel@tonic-gate 6497c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) { 6507c478bd9Sstevel@tonic-gate mapp = &ns_sec_enum_v1[0]; 6517c478bd9Sstevel@tonic-gate 6527c478bd9Sstevel@tonic-gate for (; mapp->name != NULL; mapp++) { 6537c478bd9Sstevel@tonic-gate if (type == INT2SECENUM(mapp->value)) { 6547c478bd9Sstevel@tonic-gate return (mapp->name); 6557c478bd9Sstevel@tonic-gate } 6567c478bd9Sstevel@tonic-gate } 6577c478bd9Sstevel@tonic-gate } 6587c478bd9Sstevel@tonic-gate return ("Unknown TlsType_t type specified"); 6597c478bd9Sstevel@tonic-gate } 6607c478bd9Sstevel@tonic-gate 6617c478bd9Sstevel@tonic-gate 6627c478bd9Sstevel@tonic-gate char * 6637c478bd9Sstevel@tonic-gate __s_get_scope_name(ns_config_t *ptr, ScopeType_t type) 6647c478bd9Sstevel@tonic-gate { 6657c478bd9Sstevel@tonic-gate register ns_enum_map *mapp; 6667c478bd9Sstevel@tonic-gate 6677c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) 6687c478bd9Sstevel@tonic-gate mapp = &ns_scope_enum_v1[0]; 6697c478bd9Sstevel@tonic-gate else 6707c478bd9Sstevel@tonic-gate mapp = &ns_scope_enum_v2[0]; 6717c478bd9Sstevel@tonic-gate 6727c478bd9Sstevel@tonic-gate for (; mapp->name != NULL; mapp++) { 6737c478bd9Sstevel@tonic-gate if (type == INT2SCOPEENUM(mapp->value)) { 6747c478bd9Sstevel@tonic-gate return (mapp->name); 6757c478bd9Sstevel@tonic-gate } 6767c478bd9Sstevel@tonic-gate } 6777c478bd9Sstevel@tonic-gate return ("Unknown ScopeType_t type specified"); 6787c478bd9Sstevel@tonic-gate } 6797c478bd9Sstevel@tonic-gate 6807c478bd9Sstevel@tonic-gate 6817c478bd9Sstevel@tonic-gate char * 6827c478bd9Sstevel@tonic-gate __s_get_pref_name(PrefOnly_t type) 6837c478bd9Sstevel@tonic-gate { 6847c478bd9Sstevel@tonic-gate register ns_enum_map *mapp = &ns_pref_enum[0]; 6857c478bd9Sstevel@tonic-gate 6867c478bd9Sstevel@tonic-gate for (; mapp->name != NULL; mapp++) { 6877c478bd9Sstevel@tonic-gate if (type == INT2PREFONLYENUM(mapp->value)) { 6887c478bd9Sstevel@tonic-gate return (mapp->name); 6897c478bd9Sstevel@tonic-gate } 6907c478bd9Sstevel@tonic-gate } 6917c478bd9Sstevel@tonic-gate return ("Unknown PrefOnly_t type specified"); 6927c478bd9Sstevel@tonic-gate } 6937c478bd9Sstevel@tonic-gate 6947c478bd9Sstevel@tonic-gate char * 6957c478bd9Sstevel@tonic-gate __s_get_searchref_name(ns_config_t *ptr, SearchRef_t type) 6967c478bd9Sstevel@tonic-gate { 6977c478bd9Sstevel@tonic-gate register ns_enum_map *mapp; 6987c478bd9Sstevel@tonic-gate 6997c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) 7007c478bd9Sstevel@tonic-gate mapp = &ns_ref_enum_v1[0]; 7017c478bd9Sstevel@tonic-gate else 7027c478bd9Sstevel@tonic-gate mapp = &ns_ref_enum_v2[0]; 7037c478bd9Sstevel@tonic-gate 7047c478bd9Sstevel@tonic-gate for (; mapp->name != NULL; mapp++) { 7057c478bd9Sstevel@tonic-gate if (type == INT2SEARCHREFENUM(mapp->value)) { 7067c478bd9Sstevel@tonic-gate return (mapp->name); 7077c478bd9Sstevel@tonic-gate } 7087c478bd9Sstevel@tonic-gate } 7097c478bd9Sstevel@tonic-gate return ("Unknown SearchRef_t type specified"); 7107c478bd9Sstevel@tonic-gate } 7117c478bd9Sstevel@tonic-gate 7127c478bd9Sstevel@tonic-gate static char * 7137c478bd9Sstevel@tonic-gate __s_get_credlvl_name(ns_config_t *ptr, CredLevel_t type) 7147c478bd9Sstevel@tonic-gate { 7157c478bd9Sstevel@tonic-gate register ns_enum_map *mapp; 7167c478bd9Sstevel@tonic-gate 7177c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V2) { 7187c478bd9Sstevel@tonic-gate mapp = &ns_cred_enum_v2[0]; 7197c478bd9Sstevel@tonic-gate for (; mapp->name != NULL; mapp++) { 7207c478bd9Sstevel@tonic-gate if (type == INT2CREDLEVELENUM(mapp->value)) { 7217c478bd9Sstevel@tonic-gate return (mapp->name); 7227c478bd9Sstevel@tonic-gate } 7237c478bd9Sstevel@tonic-gate } 7247c478bd9Sstevel@tonic-gate } 7257c478bd9Sstevel@tonic-gate return ("Unknown CredLevel_t type specified"); 7267c478bd9Sstevel@tonic-gate } 7277c478bd9Sstevel@tonic-gate 7287c478bd9Sstevel@tonic-gate static void 7297c478bd9Sstevel@tonic-gate destroy_param(ns_config_t *ptr, ParamIndexType type) 7307c478bd9Sstevel@tonic-gate { 7317c478bd9Sstevel@tonic-gate int i, j; 7327c478bd9Sstevel@tonic-gate char **ppc; 7337c478bd9Sstevel@tonic-gate 7347c478bd9Sstevel@tonic-gate if (ptr == NULL) 7357c478bd9Sstevel@tonic-gate return; 7367c478bd9Sstevel@tonic-gate 7377c478bd9Sstevel@tonic-gate /* 7387c478bd9Sstevel@tonic-gate * This routine is not lock protected because 7397c478bd9Sstevel@tonic-gate * the config param it may be destroying is not 7407c478bd9Sstevel@tonic-gate * necessarily THE config. Mutex protect elsewhere. 7417c478bd9Sstevel@tonic-gate */ 7427c478bd9Sstevel@tonic-gate switch (ptr->paramList[type].ns_ptype) { 7437c478bd9Sstevel@tonic-gate case CHARPTR: 7447c478bd9Sstevel@tonic-gate if (ptr->paramList[type].ns_pc) { 7457c478bd9Sstevel@tonic-gate free(ptr->paramList[type].ns_pc); 7467c478bd9Sstevel@tonic-gate ptr->paramList[type].ns_pc = NULL; 7477c478bd9Sstevel@tonic-gate } 7487c478bd9Sstevel@tonic-gate break; 7497c478bd9Sstevel@tonic-gate case SAMLIST: 7507c478bd9Sstevel@tonic-gate case SCLLIST: 7517c478bd9Sstevel@tonic-gate case SSDLIST: 7527c478bd9Sstevel@tonic-gate case ARRAYCP: 7537c478bd9Sstevel@tonic-gate case SERVLIST: 7547c478bd9Sstevel@tonic-gate if (ptr->paramList[type].ns_ppc) { 7557c478bd9Sstevel@tonic-gate ppc = ptr->paramList[type].ns_ppc; 7567c478bd9Sstevel@tonic-gate j = ptr->paramList[type].ns_acnt; 7577c478bd9Sstevel@tonic-gate for (i = 0; i < j && ppc[i] != NULL; i++) { 7587c478bd9Sstevel@tonic-gate free((void *)ppc[i]); 7597c478bd9Sstevel@tonic-gate } 7607c478bd9Sstevel@tonic-gate free((void *)ppc); 7617c478bd9Sstevel@tonic-gate ptr->paramList[type].ns_ppc = NULL; 7627c478bd9Sstevel@tonic-gate } 7637c478bd9Sstevel@tonic-gate break; 7647c478bd9Sstevel@tonic-gate case ARRAYAUTH: 7657c478bd9Sstevel@tonic-gate case ARRAYCRED: 7667c478bd9Sstevel@tonic-gate if (ptr->paramList[type].ns_pi) { 7677c478bd9Sstevel@tonic-gate free(ptr->paramList[type].ns_pi); 7687c478bd9Sstevel@tonic-gate ptr->paramList[type].ns_pi = NULL; 7697c478bd9Sstevel@tonic-gate } 7707c478bd9Sstevel@tonic-gate break; 7717c478bd9Sstevel@tonic-gate case INT: 7727c478bd9Sstevel@tonic-gate ptr->paramList[type].ns_i = 0; 7737c478bd9Sstevel@tonic-gate break; 7747c478bd9Sstevel@tonic-gate case ATTRMAP: 7757c478bd9Sstevel@tonic-gate break; 7767c478bd9Sstevel@tonic-gate case OBJMAP: 7777c478bd9Sstevel@tonic-gate break; 7787c478bd9Sstevel@tonic-gate default: 7797c478bd9Sstevel@tonic-gate break; 7807c478bd9Sstevel@tonic-gate } 7817c478bd9Sstevel@tonic-gate ptr->paramList[type].ns_ptype = NS_UNKNOWN; 7827c478bd9Sstevel@tonic-gate } 7837c478bd9Sstevel@tonic-gate 7847c478bd9Sstevel@tonic-gate static void 7857c478bd9Sstevel@tonic-gate destroy_config(ns_config_t *ptr) 7867c478bd9Sstevel@tonic-gate { 7877c478bd9Sstevel@tonic-gate ParamIndexType i; 7887c478bd9Sstevel@tonic-gate 7897c478bd9Sstevel@tonic-gate if (ptr != NULL) { 7907c478bd9Sstevel@tonic-gate if (ptr->domainName != NULL) 7917c478bd9Sstevel@tonic-gate free(ptr->domainName); 7927c478bd9Sstevel@tonic-gate ptr->domainName = NULL; 7937c478bd9Sstevel@tonic-gate for (i = 0; i <= LAST_VALUE; i++) { 7947c478bd9Sstevel@tonic-gate destroy_param(ptr, i); 7957c478bd9Sstevel@tonic-gate } 7967c478bd9Sstevel@tonic-gate __s_api_destroy_hash(ptr); 7977c478bd9Sstevel@tonic-gate free(ptr); 7987c478bd9Sstevel@tonic-gate } 7997c478bd9Sstevel@tonic-gate } 8007c478bd9Sstevel@tonic-gate 8017c478bd9Sstevel@tonic-gate /* 8027c478bd9Sstevel@tonic-gate * Marks the ns_config_t to be deleted and then releases it. (If no other 8037c478bd9Sstevel@tonic-gate * caller is using, then __s_api_release_config will destroy it.) 8047c478bd9Sstevel@tonic-gate * 8057c478bd9Sstevel@tonic-gate * Note that __s_api_destroy_config should only be called if the caller has 8067c478bd9Sstevel@tonic-gate * created the ns_config_t with __s_api_create_config (with the exception 8077c478bd9Sstevel@tonic-gate * of set_curr_config). The ns_config_t should be private to the caller. 8087c478bd9Sstevel@tonic-gate * 8097c478bd9Sstevel@tonic-gate * This function should not be called with the current_config except by 8107c478bd9Sstevel@tonic-gate * set_curr_config which locks ns_parse_lock to ensure that no thread 8117c478bd9Sstevel@tonic-gate * will be waiting on current_config->config_mutex. This ensures that 8127c478bd9Sstevel@tonic-gate * no caller with be waiting on cfg->config_mutex while it is being 8137c478bd9Sstevel@tonic-gate * destroyed by __s_api_release_config. 8147c478bd9Sstevel@tonic-gate */ 8157c478bd9Sstevel@tonic-gate 8167c478bd9Sstevel@tonic-gate void 8177c478bd9Sstevel@tonic-gate __s_api_destroy_config(ns_config_t *cfg) 8187c478bd9Sstevel@tonic-gate { 8197c478bd9Sstevel@tonic-gate if (cfg != NULL) { 8207c478bd9Sstevel@tonic-gate (void) mutex_lock(&cfg->config_mutex); 8217c478bd9Sstevel@tonic-gate cfg->delete = TRUE; 8227c478bd9Sstevel@tonic-gate (void) mutex_unlock(&cfg->config_mutex); 8237c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 8247c478bd9Sstevel@tonic-gate } 8257c478bd9Sstevel@tonic-gate } 8267c478bd9Sstevel@tonic-gate 8277c478bd9Sstevel@tonic-gate 8287c478bd9Sstevel@tonic-gate /* 8297c478bd9Sstevel@tonic-gate * Increment the configuration use count by one - assumes ns_parse_lock has 8307c478bd9Sstevel@tonic-gate * been obtained 8317c478bd9Sstevel@tonic-gate */ 8327c478bd9Sstevel@tonic-gate 8337c478bd9Sstevel@tonic-gate static ns_config_t * 8347c478bd9Sstevel@tonic-gate get_curr_config_unlocked() 8357c478bd9Sstevel@tonic-gate { 8367c478bd9Sstevel@tonic-gate ns_config_t *cfg; 8377c478bd9Sstevel@tonic-gate ns_config_t *ret; 8387c478bd9Sstevel@tonic-gate 8397c478bd9Sstevel@tonic-gate cfg = current_config; 8407c478bd9Sstevel@tonic-gate ret = cfg; 8417c478bd9Sstevel@tonic-gate if (cfg != NULL) { 8427c478bd9Sstevel@tonic-gate (void) mutex_lock(&cfg->config_mutex); 8437c478bd9Sstevel@tonic-gate if (cfg->delete) 8447c478bd9Sstevel@tonic-gate ret = NULL; 8457c478bd9Sstevel@tonic-gate else 8467c478bd9Sstevel@tonic-gate cfg->nUse++; 8477c478bd9Sstevel@tonic-gate (void) mutex_unlock(&cfg->config_mutex); 8487c478bd9Sstevel@tonic-gate } 8497c478bd9Sstevel@tonic-gate return (ret); 8507c478bd9Sstevel@tonic-gate } 8517c478bd9Sstevel@tonic-gate 8527c478bd9Sstevel@tonic-gate /* 8537c478bd9Sstevel@tonic-gate * set_curr_config sets the current config to 8547c478bd9Sstevel@tonic-gate * the specified ns_config_t. Note that this function 8557c478bd9Sstevel@tonic-gate * is similar to the project private function __s_api_init_config 8567c478bd9Sstevel@tonic-gate * except that it does not release the new ns_config_t 8577c478bd9Sstevel@tonic-gate */ 8587c478bd9Sstevel@tonic-gate 8597c478bd9Sstevel@tonic-gate static void 8607c478bd9Sstevel@tonic-gate set_curr_config(ns_config_t *ptr) 8617c478bd9Sstevel@tonic-gate { 8627c478bd9Sstevel@tonic-gate ns_config_t *cfg; 8637c478bd9Sstevel@tonic-gate 8647c478bd9Sstevel@tonic-gate (void) mutex_lock(&ns_parse_lock); 8657c478bd9Sstevel@tonic-gate cfg = get_curr_config_unlocked(); 8667c478bd9Sstevel@tonic-gate if (cfg != ptr) { 8677c478bd9Sstevel@tonic-gate __s_api_destroy_config(cfg); 8687c478bd9Sstevel@tonic-gate current_config = ptr; 8697c478bd9Sstevel@tonic-gate } 8707c478bd9Sstevel@tonic-gate (void) mutex_unlock(&ns_parse_lock); 8717c478bd9Sstevel@tonic-gate } 8727c478bd9Sstevel@tonic-gate 8737c478bd9Sstevel@tonic-gate /* 8747c478bd9Sstevel@tonic-gate * Decrements the ns_config_t usage count by one. Delete if delete flag 8757c478bd9Sstevel@tonic-gate * is set and no other callers are using. 8767c478bd9Sstevel@tonic-gate */ 8777c478bd9Sstevel@tonic-gate 8787c478bd9Sstevel@tonic-gate void 8797c478bd9Sstevel@tonic-gate __s_api_release_config(ns_config_t *cfg) 8807c478bd9Sstevel@tonic-gate { 8817c478bd9Sstevel@tonic-gate if (cfg != NULL) { 8827c478bd9Sstevel@tonic-gate (void) mutex_lock(&cfg->config_mutex); 8837c478bd9Sstevel@tonic-gate cfg->nUse--; 8847c478bd9Sstevel@tonic-gate if (cfg->nUse == 0 && cfg->delete) { 8857c478bd9Sstevel@tonic-gate destroy_config(cfg); 8867c478bd9Sstevel@tonic-gate } else 8877c478bd9Sstevel@tonic-gate (void) mutex_unlock(&cfg->config_mutex); 8887c478bd9Sstevel@tonic-gate } 8897c478bd9Sstevel@tonic-gate } 8907c478bd9Sstevel@tonic-gate 8917c478bd9Sstevel@tonic-gate /* 8927c478bd9Sstevel@tonic-gate * __s_api_init_config function destroys the previous configuration 8937c478bd9Sstevel@tonic-gate * sets the new configuration and then releases it 8947c478bd9Sstevel@tonic-gate */ 8957c478bd9Sstevel@tonic-gate void 8967c478bd9Sstevel@tonic-gate __s_api_init_config(ns_config_t *ptr) 8977c478bd9Sstevel@tonic-gate { 8987c478bd9Sstevel@tonic-gate set_curr_config(ptr); 8997c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 9007c478bd9Sstevel@tonic-gate } 9017c478bd9Sstevel@tonic-gate 9027c478bd9Sstevel@tonic-gate 9037c478bd9Sstevel@tonic-gate /* 9047c478bd9Sstevel@tonic-gate * Create an ns_config_t, set the usage count to one 9057c478bd9Sstevel@tonic-gate */ 9067c478bd9Sstevel@tonic-gate 9077c478bd9Sstevel@tonic-gate ns_config_t * 9087c478bd9Sstevel@tonic-gate __s_api_create_config(void) 9097c478bd9Sstevel@tonic-gate { 9107c478bd9Sstevel@tonic-gate ns_config_t *ret; 9117c478bd9Sstevel@tonic-gate ret = (ns_config_t *)calloc(1, sizeof (ns_config_t)); 9127c478bd9Sstevel@tonic-gate if (ret == NULL) 9137c478bd9Sstevel@tonic-gate return (NULL); 9147c478bd9Sstevel@tonic-gate 9157c478bd9Sstevel@tonic-gate ret->domainName = __getdomainname(); 9167c478bd9Sstevel@tonic-gate if (ret->domainName == NULL) { 9177c478bd9Sstevel@tonic-gate free(ret); 9187c478bd9Sstevel@tonic-gate return (NULL); 9197c478bd9Sstevel@tonic-gate } 9207c478bd9Sstevel@tonic-gate ret->version = NS_LDAP_V1; 9217c478bd9Sstevel@tonic-gate (void) mutex_init(&ret->config_mutex, USYNC_THREAD, NULL); 9227c478bd9Sstevel@tonic-gate ret->nUse = 1; 9237c478bd9Sstevel@tonic-gate ret->delete = B_FALSE; 9247c478bd9Sstevel@tonic-gate return (ret); 9257c478bd9Sstevel@tonic-gate } 9267c478bd9Sstevel@tonic-gate 9277c478bd9Sstevel@tonic-gate ns_config_t * 9287c478bd9Sstevel@tonic-gate __s_api_get_default_config(void) 9297c478bd9Sstevel@tonic-gate { 9307c478bd9Sstevel@tonic-gate ns_config_t *cfg; 9317c478bd9Sstevel@tonic-gate 9327c478bd9Sstevel@tonic-gate (void) mutex_lock(&ns_parse_lock); 9337c478bd9Sstevel@tonic-gate cfg = get_curr_config_unlocked(); 9347c478bd9Sstevel@tonic-gate (void) mutex_unlock(&ns_parse_lock); 9357c478bd9Sstevel@tonic-gate 9367c478bd9Sstevel@tonic-gate return (cfg); 9377c478bd9Sstevel@tonic-gate } 9387c478bd9Sstevel@tonic-gate 9397c478bd9Sstevel@tonic-gate static char * 9407c478bd9Sstevel@tonic-gate stripdup(const char *instr) 9417c478bd9Sstevel@tonic-gate { 9427c478bd9Sstevel@tonic-gate char *pstart = (char *)instr; 9437c478bd9Sstevel@tonic-gate char *pend, *ret; 9447c478bd9Sstevel@tonic-gate int len; 9457c478bd9Sstevel@tonic-gate 9467c478bd9Sstevel@tonic-gate if (pstart == NULL) 9477c478bd9Sstevel@tonic-gate return (NULL); 9487c478bd9Sstevel@tonic-gate /* remove leading spaces */ 9497c478bd9Sstevel@tonic-gate while (*pstart == SPACETOK) 9507c478bd9Sstevel@tonic-gate pstart++; 9517c478bd9Sstevel@tonic-gate /* remove trailing spaces */ 9527c478bd9Sstevel@tonic-gate pend = pstart + strlen(pstart) - 1; 953*7ddae043Siz for (; pend >= pstart && *pend == SPACETOK; pend--) 954*7ddae043Siz ; 9557c478bd9Sstevel@tonic-gate len = pend - pstart + 1; 9567c478bd9Sstevel@tonic-gate if ((ret = malloc(len + 1)) == NULL) 9577c478bd9Sstevel@tonic-gate return (NULL); 9587c478bd9Sstevel@tonic-gate if (len != 0) { 9597c478bd9Sstevel@tonic-gate (void) strncpy(ret, pstart, len); 9607c478bd9Sstevel@tonic-gate } 9617c478bd9Sstevel@tonic-gate ret[len] = '\0'; 9627c478bd9Sstevel@tonic-gate return (ret); 9637c478bd9Sstevel@tonic-gate } 9647c478bd9Sstevel@tonic-gate 9657c478bd9Sstevel@tonic-gate static boolean_t 9667c478bd9Sstevel@tonic-gate has_port(char **ppc, int cnt) 9677c478bd9Sstevel@tonic-gate { 9687c478bd9Sstevel@tonic-gate int j; 9697c478bd9Sstevel@tonic-gate const char *s; 9707c478bd9Sstevel@tonic-gate const char *begin; 9717c478bd9Sstevel@tonic-gate 9727c478bd9Sstevel@tonic-gate /* 9737c478bd9Sstevel@tonic-gate * Don't check that address is legal - only determine 9747c478bd9Sstevel@tonic-gate * if there is a port specified 9757c478bd9Sstevel@tonic-gate */ 9767c478bd9Sstevel@tonic-gate if (ppc != NULL) { 9777c478bd9Sstevel@tonic-gate for (j = 0; j < cnt; j++) { 9787c478bd9Sstevel@tonic-gate begin = ppc[j]; 9797c478bd9Sstevel@tonic-gate s = begin + strlen(begin); 9807c478bd9Sstevel@tonic-gate while (s >= begin) { 9817c478bd9Sstevel@tonic-gate if (*s == ']') 9827c478bd9Sstevel@tonic-gate break; 9837c478bd9Sstevel@tonic-gate else if (*s == COLONTOK) 9847c478bd9Sstevel@tonic-gate return (B_TRUE); 9857c478bd9Sstevel@tonic-gate s--; 9867c478bd9Sstevel@tonic-gate } 9877c478bd9Sstevel@tonic-gate } 9887c478bd9Sstevel@tonic-gate } 9897c478bd9Sstevel@tonic-gate return (B_FALSE); 9907c478bd9Sstevel@tonic-gate } 9917c478bd9Sstevel@tonic-gate 9927c478bd9Sstevel@tonic-gate /* 9937c478bd9Sstevel@tonic-gate * Note that __s_api_crosscheck is assumed to be called with an ns_config_t 9947c478bd9Sstevel@tonic-gate * that is properly protected - so that it will not change during the 9957c478bd9Sstevel@tonic-gate * duration of the call 9967c478bd9Sstevel@tonic-gate */ 9977c478bd9Sstevel@tonic-gate 9987c478bd9Sstevel@tonic-gate /* Size of errstr needs to be MAXERROR */ 9997c478bd9Sstevel@tonic-gate ns_parse_status 10007c478bd9Sstevel@tonic-gate __s_api_crosscheck(ns_config_t *ptr, char *errstr, int check_dn) 10017c478bd9Sstevel@tonic-gate { 10027c478bd9Sstevel@tonic-gate int value, j; 10037c478bd9Sstevel@tonic-gate time_t tm; 10047c478bd9Sstevel@tonic-gate const char *str, *str1; 10057c478bd9Sstevel@tonic-gate boolean_t has_tls = B_FALSE; 10067c478bd9Sstevel@tonic-gate boolean_t is_ok = B_TRUE; 10077c478bd9Sstevel@tonic-gate int i, len, cnt; 10087c478bd9Sstevel@tonic-gate const char *begin; 10097c478bd9Sstevel@tonic-gate char **ppc; 1010cb5caa98Sdjl int *pi, self, gssapi; 10117c478bd9Sstevel@tonic-gate 10127c478bd9Sstevel@tonic-gate 10137c478bd9Sstevel@tonic-gate if (ptr == NULL) 10147c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 10157c478bd9Sstevel@tonic-gate 10167c478bd9Sstevel@tonic-gate /* check for no server specified */ 10177c478bd9Sstevel@tonic-gate if (ptr->paramList[NS_LDAP_SERVERS_P].ns_ppc == NULL) { 10187c478bd9Sstevel@tonic-gate if (ptr->version == NS_LDAP_V1) { 10197c478bd9Sstevel@tonic-gate str = NULL_OR_STR(__s_api_get_configname( 1020*7ddae043Siz NS_LDAP_SERVERS_P)); 10217c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 1022*7ddae043Siz gettext("Configuration Error: No entry for " 1023*7ddae043Siz "'%s' found"), str); 10247c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 10257c478bd9Sstevel@tonic-gate } else if (ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc == 1026*7ddae043Siz NULL) { 10277c478bd9Sstevel@tonic-gate str = NULL_OR_STR(__s_api_get_configname( 1028*7ddae043Siz NS_LDAP_SERVERS_P)); 10297c478bd9Sstevel@tonic-gate str1 = NULL_OR_STR(__s_api_get_configname( 1030*7ddae043Siz NS_LDAP_SERVER_PREF_P)); 10317c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 1032*7ddae043Siz gettext("Configuration Error: " 1033*7ddae043Siz "Neither '%s' nor '%s' is defined"), str, str1); 10347c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 10357c478bd9Sstevel@tonic-gate } 10367c478bd9Sstevel@tonic-gate } 10377c478bd9Sstevel@tonic-gate if (ptr->paramList[NS_LDAP_CERT_PASS_P].ns_pc != NULL && 1038*7ddae043Siz ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc == NULL) { 10397c478bd9Sstevel@tonic-gate str = NULL_OR_STR(__s_api_get_configname( 1040*7ddae043Siz NS_LDAP_CERT_PASS_P)); 10417c478bd9Sstevel@tonic-gate str1 = NULL_OR_STR(__s_api_get_configname( 1042*7ddae043Siz NS_LDAP_CERT_PATH_P)); 10437c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 10447c478bd9Sstevel@tonic-gate gettext("Configuration Error: %s specified " 1045*7ddae043Siz "but no value for '%s' found"), str, str1); 10467c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 10477c478bd9Sstevel@tonic-gate } 10487c478bd9Sstevel@tonic-gate if (ptr->paramList[NS_LDAP_CERT_PASS_P].ns_pc == NULL && 1049*7ddae043Siz ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc != NULL) { 10507c478bd9Sstevel@tonic-gate str = NULL_OR_STR(__s_api_get_configname( 1051*7ddae043Siz NS_LDAP_CERT_PATH_P)); 10527c478bd9Sstevel@tonic-gate str1 = NULL_OR_STR(__s_api_get_configname( 1053*7ddae043Siz NS_LDAP_CERT_PASS_P)); 10547c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 10557c478bd9Sstevel@tonic-gate gettext("Configuration Error: %s specified " 1056*7ddae043Siz "but no value for '%s' found"), str, str1); 10577c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 10587c478bd9Sstevel@tonic-gate } 10597c478bd9Sstevel@tonic-gate /* check if search basedn has been specified */ 10607c478bd9Sstevel@tonic-gate if (ptr->paramList[NS_LDAP_SEARCH_BASEDN_P].ns_ppc == NULL) { 10617c478bd9Sstevel@tonic-gate str = NULL_OR_STR(__s_api_get_configname( 1062*7ddae043Siz NS_LDAP_SEARCH_BASEDN_P)); 10637c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 1064*7ddae043Siz gettext("Configuration Error: No entry for " 1065*7ddae043Siz "'%s' found"), str); 10667c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 10677c478bd9Sstevel@tonic-gate } 10687c478bd9Sstevel@tonic-gate 10697c478bd9Sstevel@tonic-gate if (check_dn) { 10707c478bd9Sstevel@tonic-gate /* check for auth value....passwd/bindn if necessary */ 10717c478bd9Sstevel@tonic-gate 1072*7ddae043Siz for (j = 0; ptr->paramList[NS_LDAP_AUTH_P].ns_pi != NULL && 10737c478bd9Sstevel@tonic-gate ptr->paramList[NS_LDAP_AUTH_P].ns_pi[j] != NULL; j++) { 10747c478bd9Sstevel@tonic-gate value = ptr->paramList[NS_LDAP_AUTH_P].ns_pi[j]; 10757c478bd9Sstevel@tonic-gate switch (value) { 1076*7ddae043Siz case NS_LDAP_EA_SIMPLE: 1077*7ddae043Siz case NS_LDAP_EA_SASL_CRAM_MD5: 1078*7ddae043Siz case NS_LDAP_EA_SASL_DIGEST_MD5: 1079*7ddae043Siz case NS_LDAP_EA_SASL_DIGEST_MD5_INT: 1080*7ddae043Siz case NS_LDAP_EA_SASL_DIGEST_MD5_CONF: 1081*7ddae043Siz case NS_LDAP_EA_TLS_SIMPLE: 1082*7ddae043Siz case NS_LDAP_EA_TLS_SASL_CRAM_MD5: 1083*7ddae043Siz case NS_LDAP_EA_TLS_SASL_DIGEST_MD5: 1084*7ddae043Siz case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT: 1085*7ddae043Siz case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF: 10867c478bd9Sstevel@tonic-gate if (ptr->paramList[NS_LDAP_BINDDN_P].ns_ppc == NULL) { 10877c478bd9Sstevel@tonic-gate str = NULL_OR_STR(__s_api_get_configname( 1088*7ddae043Siz NS_LDAP_BINDDN_P)); 10897c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 10907c478bd9Sstevel@tonic-gate gettext("Configuration Error: No entry for " 10917c478bd9Sstevel@tonic-gate "'%s' found"), str); 10927c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 10937c478bd9Sstevel@tonic-gate } 10947c478bd9Sstevel@tonic-gate if (ptr->paramList[NS_LDAP_BINDPASSWD_P].ns_ppc 1095*7ddae043Siz == NULL) { 10967c478bd9Sstevel@tonic-gate str = NULL_OR_STR(__s_api_get_configname( 1097*7ddae043Siz NS_LDAP_BINDPASSWD_P)); 10987c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 10997c478bd9Sstevel@tonic-gate gettext("Configuration Error: No entry for " 1100*7ddae043Siz "'%s' found"), str); 11017c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 11027c478bd9Sstevel@tonic-gate } 11037c478bd9Sstevel@tonic-gate break; 11047c478bd9Sstevel@tonic-gate } 1105*7ddae043Siz } 11067c478bd9Sstevel@tonic-gate } 11077c478bd9Sstevel@tonic-gate 11087c478bd9Sstevel@tonic-gate /* 11097c478bd9Sstevel@tonic-gate * Check to see if port and tls are both configured. This is not 11107c478bd9Sstevel@tonic-gate * supported until starttls is supported. 11117c478bd9Sstevel@tonic-gate */ 11127c478bd9Sstevel@tonic-gate 11137c478bd9Sstevel@tonic-gate pi = ptr->paramList[NS_LDAP_AUTH_P].ns_pi; 11147c478bd9Sstevel@tonic-gate if (pi != NULL) { 1115*7ddae043Siz cnt = ptr->paramList[NS_LDAP_AUTH_P].ns_acnt; 1116*7ddae043Siz for (j = 0; j < cnt && !has_tls; j++) { 1117*7ddae043Siz has_tls = (pi[j] == NS_LDAP_EA_TLS_NONE) || 1118*7ddae043Siz (pi[j] == NS_LDAP_EA_TLS_SIMPLE) || 1119*7ddae043Siz (pi[j] == NS_LDAP_EA_TLS_SASL_CRAM_MD5) || 1120*7ddae043Siz (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5) || 1121*7ddae043Siz (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT) || 1122*7ddae043Siz (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF) || 1123*7ddae043Siz (pi[j] == NS_LDAP_EA_TLS_SASL_EXTERNAL); 1124*7ddae043Siz } 11257c478bd9Sstevel@tonic-gate } 11267c478bd9Sstevel@tonic-gate 11277c478bd9Sstevel@tonic-gate ppc = ptr->paramList[NS_LDAP_SERVICE_AUTH_METHOD_P].ns_ppc; 11287c478bd9Sstevel@tonic-gate if (!has_tls && ppc != NULL) { 11297c478bd9Sstevel@tonic-gate cnt = ptr->paramList[NS_LDAP_SERVICE_AUTH_METHOD_P].ns_acnt; 11307c478bd9Sstevel@tonic-gate for (j = 0; j < cnt && !has_tls; j++) { 11317c478bd9Sstevel@tonic-gate begin = ppc[j]; 11327c478bd9Sstevel@tonic-gate /* skip over service tag */ 11337c478bd9Sstevel@tonic-gate if (begin != NULL) 11347c478bd9Sstevel@tonic-gate begin = strchr(begin, ':'); 11357c478bd9Sstevel@tonic-gate if (!has_tls && begin != NULL) { 1136*7ddae043Siz len = strlen(begin) - 3; 1137*7ddae043Siz for (i = 0; i < len; i++) 1138*7ddae043Siz if (strncasecmp(begin + i, 1139*7ddae043Siz "tls:", 4) == 0) 1140*7ddae043Siz break; 1141*7ddae043Siz has_tls = i < len; 11427c478bd9Sstevel@tonic-gate } 11437c478bd9Sstevel@tonic-gate } 11447c478bd9Sstevel@tonic-gate } 11457c478bd9Sstevel@tonic-gate 11467c478bd9Sstevel@tonic-gate if (has_tls) { 1147*7ddae043Siz is_ok = !has_port(ptr->paramList[NS_LDAP_SERVERS_P].ns_ppc, 1148*7ddae043Siz ptr->paramList[NS_LDAP_SERVERS_P].ns_acnt); 1149*7ddae043Siz ppc = ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc; 1150*7ddae043Siz if (is_ok) 1151*7ddae043Siz is_ok = !has_port( 1152*7ddae043Siz ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc, 1153*7ddae043Siz ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_acnt); 11547c478bd9Sstevel@tonic-gate } 11557c478bd9Sstevel@tonic-gate if (!is_ok) { 11567c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 1157*7ddae043Siz gettext("Configuration Error: " 1158*7ddae043Siz "Cannot specify LDAP port with tls")); 11597c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 11607c478bd9Sstevel@tonic-gate } 11617c478bd9Sstevel@tonic-gate 11627c478bd9Sstevel@tonic-gate /* 11637c478bd9Sstevel@tonic-gate * If NS_LDAP_CACHETTL is not specified, 11647c478bd9Sstevel@tonic-gate * init NS_LDAP_EXP_P here. Otherwise, 11657c478bd9Sstevel@tonic-gate * ldap_cachemgr will never refresh the profile. 11667c478bd9Sstevel@tonic-gate * Set it to current time + default 11677c478bd9Sstevel@tonic-gate * NS_LDAP_CACHETTL 11687c478bd9Sstevel@tonic-gate */ 11697c478bd9Sstevel@tonic-gate if (ptr->paramList[NS_LDAP_CACHETTL_P].ns_pc == NULL) { 11707c478bd9Sstevel@tonic-gate tm = conv_time( 1171*7ddae043Siz defconfig[NS_LDAP_CACHETTL_P].defval.ns_pc); 11727c478bd9Sstevel@tonic-gate ptr->paramList[NS_LDAP_EXP_P].ns_ptype = TIMET; 11737c478bd9Sstevel@tonic-gate if (tm != 0) { 11747c478bd9Sstevel@tonic-gate tm += time(NULL); 11757c478bd9Sstevel@tonic-gate } 11767c478bd9Sstevel@tonic-gate ptr->paramList[NS_LDAP_EXP_P].ns_tm = tm; 11777c478bd9Sstevel@tonic-gate } 1178cb5caa98Sdjl /* 1179cb5caa98Sdjl * If credential level self is defined, there should be 1180cb5caa98Sdjl * at least an auth method sasl/GSSAPI and vice versa. 1181cb5caa98Sdjl */ 1182cb5caa98Sdjl self = 0; 1183cb5caa98Sdjl cnt = ptr->paramList[NS_LDAP_CREDENTIAL_LEVEL_P].ns_acnt; 1184cb5caa98Sdjl for (i = 0; i < cnt; i++) { 1185cb5caa98Sdjl if (ptr->paramList[NS_LDAP_CREDENTIAL_LEVEL_P].ns_pi[i] == 1186*7ddae043Siz NS_LDAP_CRED_SELF) 1187cb5caa98Sdjl self++; 1188cb5caa98Sdjl } 1189cb5caa98Sdjl gssapi = 0; 1190cb5caa98Sdjl cnt = ptr->paramList[NS_LDAP_AUTH_P].ns_acnt; 1191cb5caa98Sdjl for (i = 0; i < cnt; i++) { 1192cb5caa98Sdjl if (ptr->paramList[NS_LDAP_AUTH_P].ns_pi[i] == 1193*7ddae043Siz NS_LDAP_EA_SASL_GSSAPI) 1194cb5caa98Sdjl gssapi++; 1195cb5caa98Sdjl } 1196cb5caa98Sdjl if (gssapi == 0 && self > 0) { 1197cb5caa98Sdjl (void) snprintf(errstr, MAXERROR, 1198*7ddae043Siz gettext("Configuration Error: " 1199*7ddae043Siz "Credential level self requires " 1200*7ddae043Siz "authentication method sasl/GSSAPI")); 1201cb5caa98Sdjl return (NS_PARSE_ERR); 1202cb5caa98Sdjl } 1203cb5caa98Sdjl if (gssapi > 0 && self == 0) { 1204cb5caa98Sdjl (void) snprintf(errstr, MAXERROR, 1205*7ddae043Siz gettext("Configuration Error: " 1206*7ddae043Siz "Authentication method sasl/GSSAPI " 1207*7ddae043Siz "requires credential level self")); 1208cb5caa98Sdjl return (NS_PARSE_ERR); 1209cb5caa98Sdjl } 12107c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 12117c478bd9Sstevel@tonic-gate } 12127c478bd9Sstevel@tonic-gate 12137c478bd9Sstevel@tonic-gate 12147c478bd9Sstevel@tonic-gate int 12157c478bd9Sstevel@tonic-gate __s_api_get_type(const char *value, ParamIndexType *type) 12167c478bd9Sstevel@tonic-gate { 12177c478bd9Sstevel@tonic-gate int i; 12187c478bd9Sstevel@tonic-gate 12197c478bd9Sstevel@tonic-gate for (i = 0; defconfig[i].name != NULL; i++) { 12207c478bd9Sstevel@tonic-gate if (strcasecmp(defconfig[i].name, value) == 0) { 12217c478bd9Sstevel@tonic-gate *type = defconfig[i].index; 12227c478bd9Sstevel@tonic-gate return (0); 12237c478bd9Sstevel@tonic-gate } 12247c478bd9Sstevel@tonic-gate } 12257c478bd9Sstevel@tonic-gate return (-1); 12267c478bd9Sstevel@tonic-gate } 12277c478bd9Sstevel@tonic-gate 12287c478bd9Sstevel@tonic-gate /* 12297c478bd9Sstevel@tonic-gate * Externally defined version of get_type. 12307c478bd9Sstevel@tonic-gate * Includes extra error checking 12317c478bd9Sstevel@tonic-gate */ 12327c478bd9Sstevel@tonic-gate 12337c478bd9Sstevel@tonic-gate int 12347c478bd9Sstevel@tonic-gate __ns_ldap_getParamType(const char *value, ParamIndexType *type) 12357c478bd9Sstevel@tonic-gate { 12367c478bd9Sstevel@tonic-gate if (value == NULL || type == NULL) 12377c478bd9Sstevel@tonic-gate return (-1); 12387c478bd9Sstevel@tonic-gate return (__s_api_get_type(value, type)); 12397c478bd9Sstevel@tonic-gate } 12407c478bd9Sstevel@tonic-gate 12417c478bd9Sstevel@tonic-gate int 12427c478bd9Sstevel@tonic-gate __s_api_get_versiontype(ns_config_t *ptr, char *value, ParamIndexType *type) 12437c478bd9Sstevel@tonic-gate { 12447c478bd9Sstevel@tonic-gate ns_version_t ver; 12457c478bd9Sstevel@tonic-gate int i; 12467c478bd9Sstevel@tonic-gate 12477c478bd9Sstevel@tonic-gate if (ptr == NULL) 12487c478bd9Sstevel@tonic-gate return (-1); 12497c478bd9Sstevel@tonic-gate 12507c478bd9Sstevel@tonic-gate ver = ptr->version; 12517c478bd9Sstevel@tonic-gate 12527c478bd9Sstevel@tonic-gate for (i = 0; defconfig[i].name != NULL; i++) { 12537c478bd9Sstevel@tonic-gate if (strcasecmp(defconfig[i].name, value) == 0) { 12547c478bd9Sstevel@tonic-gate if (defconfig[i].version == ver) { 12557c478bd9Sstevel@tonic-gate *type = defconfig[i].index; 12567c478bd9Sstevel@tonic-gate return (0); 12577c478bd9Sstevel@tonic-gate } 12587c478bd9Sstevel@tonic-gate } 12597c478bd9Sstevel@tonic-gate } 12607c478bd9Sstevel@tonic-gate return (-1); 12617c478bd9Sstevel@tonic-gate } 12627c478bd9Sstevel@tonic-gate 12637c478bd9Sstevel@tonic-gate int 12647c478bd9Sstevel@tonic-gate __s_api_get_profiletype(char *value, ParamIndexType *type) 12657c478bd9Sstevel@tonic-gate { 12667c478bd9Sstevel@tonic-gate int i; 12677c478bd9Sstevel@tonic-gate 12687c478bd9Sstevel@tonic-gate for (i = 0; defconfig[i].name != NULL; i++) { 12697c478bd9Sstevel@tonic-gate if (defconfig[i].profile_name == NULL) 12707c478bd9Sstevel@tonic-gate continue; 12717c478bd9Sstevel@tonic-gate if (strcasecmp(defconfig[i].profile_name, value) == 0) { 12727c478bd9Sstevel@tonic-gate *type = defconfig[i].index; 12737c478bd9Sstevel@tonic-gate return (0); 12747c478bd9Sstevel@tonic-gate } 12757c478bd9Sstevel@tonic-gate } 12767c478bd9Sstevel@tonic-gate return (-1); 12777c478bd9Sstevel@tonic-gate } 12787c478bd9Sstevel@tonic-gate 12797c478bd9Sstevel@tonic-gate int 12807c478bd9Sstevel@tonic-gate __s_api_get_configtype(ParamIndexType type) 12817c478bd9Sstevel@tonic-gate { 12827c478bd9Sstevel@tonic-gate int i; 12837c478bd9Sstevel@tonic-gate 12847c478bd9Sstevel@tonic-gate for (i = 0; defconfig[i].name != NULL; i++) { 12857c478bd9Sstevel@tonic-gate if (defconfig[i].index == type) { 12867c478bd9Sstevel@tonic-gate return (defconfig[i].config_type); 12877c478bd9Sstevel@tonic-gate } 12887c478bd9Sstevel@tonic-gate } 12897c478bd9Sstevel@tonic-gate return (-1); 12907c478bd9Sstevel@tonic-gate } 12917c478bd9Sstevel@tonic-gate 12927c478bd9Sstevel@tonic-gate const char * 12937c478bd9Sstevel@tonic-gate __s_api_get_configname(ParamIndexType type) 12947c478bd9Sstevel@tonic-gate { 12957c478bd9Sstevel@tonic-gate int i; 12967c478bd9Sstevel@tonic-gate 12977c478bd9Sstevel@tonic-gate for (i = 0; defconfig[i].name != NULL; i++) { 12987c478bd9Sstevel@tonic-gate if (defconfig[i].index == type) { 12997c478bd9Sstevel@tonic-gate if (defconfig[i].name[0] == '\0') 13007c478bd9Sstevel@tonic-gate return (NULL); 13017c478bd9Sstevel@tonic-gate else 13027c478bd9Sstevel@tonic-gate return (defconfig[i].name); 13037c478bd9Sstevel@tonic-gate } 13047c478bd9Sstevel@tonic-gate } 13057c478bd9Sstevel@tonic-gate return (NULL); 13067c478bd9Sstevel@tonic-gate } 13077c478bd9Sstevel@tonic-gate 13087c478bd9Sstevel@tonic-gate static ns_default_config * 13097c478bd9Sstevel@tonic-gate get_defconfig(ns_config_t *ptr, ParamIndexType type) 13107c478bd9Sstevel@tonic-gate { 13117c478bd9Sstevel@tonic-gate ns_version_t ver; 13127c478bd9Sstevel@tonic-gate int i; 13137c478bd9Sstevel@tonic-gate 13147c478bd9Sstevel@tonic-gate ver = ptr->version; 13157c478bd9Sstevel@tonic-gate 13167c478bd9Sstevel@tonic-gate for (i = 0; defconfig[i].name != NULL; i++) { 13177c478bd9Sstevel@tonic-gate if (defconfig[i].index == type && 13187c478bd9Sstevel@tonic-gate defconfig[i].version == ver) { 13197c478bd9Sstevel@tonic-gate return (&defconfig[i]); 13207c478bd9Sstevel@tonic-gate } 13217c478bd9Sstevel@tonic-gate } 13227c478bd9Sstevel@tonic-gate return (NULL); 13237c478bd9Sstevel@tonic-gate } 13247c478bd9Sstevel@tonic-gate 13257c478bd9Sstevel@tonic-gate static int 13267c478bd9Sstevel@tonic-gate set_default_value(ns_config_t *configptr, char *name, 13277c478bd9Sstevel@tonic-gate char *value, ns_ldap_error_t **error) 13287c478bd9Sstevel@tonic-gate { 13297c478bd9Sstevel@tonic-gate ParamIndexType i; 13307c478bd9Sstevel@tonic-gate int ret; 13317c478bd9Sstevel@tonic-gate char errstr[MAXERROR]; 13327c478bd9Sstevel@tonic-gate 13337c478bd9Sstevel@tonic-gate if (__s_api_get_type(name, &i) < 0) { 13347c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), gettext( 1335*7ddae043Siz "Illegal type name (%s).\n"), name); 13367c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), 1337*7ddae043Siz NULL); 13387c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 13397c478bd9Sstevel@tonic-gate } 13407c478bd9Sstevel@tonic-gate 13417c478bd9Sstevel@tonic-gate if (i != NS_LDAP_SERVERS_P && 1342*7ddae043Siz i != NS_LDAP_SERVICE_AUTH_METHOD_P && 1343*7ddae043Siz i != NS_LDAP_SERVICE_CRED_LEVEL_P && 1344*7ddae043Siz i != NS_LDAP_SERVICE_SEARCH_DESC_P && 1345*7ddae043Siz i != NS_LDAP_SERVER_PREF_P && 1346*7ddae043Siz i != NS_LDAP_SEARCH_DN_P) { 13477c478bd9Sstevel@tonic-gate if (configptr->paramList[i].ns_ptype != NS_UNKNOWN) { 13487c478bd9Sstevel@tonic-gate destroy_param(configptr, i); 13497c478bd9Sstevel@tonic-gate } 13507c478bd9Sstevel@tonic-gate } 13517c478bd9Sstevel@tonic-gate 13527c478bd9Sstevel@tonic-gate ret = __ns_ldap_setParamValue(configptr, i, value, error); 13537c478bd9Sstevel@tonic-gate return (ret); 13547c478bd9Sstevel@tonic-gate } 13557c478bd9Sstevel@tonic-gate 13567c478bd9Sstevel@tonic-gate 13577c478bd9Sstevel@tonic-gate /* 13587c478bd9Sstevel@tonic-gate * Initialize config to a default state 13597c478bd9Sstevel@tonic-gate * By default leave configuration empty 13607c478bd9Sstevel@tonic-gate * getParam will automatically get the 13617c478bd9Sstevel@tonic-gate * appropriate default value if none exists 13627c478bd9Sstevel@tonic-gate */ 13637c478bd9Sstevel@tonic-gate 13647c478bd9Sstevel@tonic-gate void 13657c478bd9Sstevel@tonic-gate __ns_ldap_default_config() 13667c478bd9Sstevel@tonic-gate { 13677c478bd9Sstevel@tonic-gate ns_config_t *ptr; 13687c478bd9Sstevel@tonic-gate 13697c478bd9Sstevel@tonic-gate ptr = __s_api_create_config(); 13707c478bd9Sstevel@tonic-gate if (ptr == NULL) 13717c478bd9Sstevel@tonic-gate return; 13727c478bd9Sstevel@tonic-gate 13737c478bd9Sstevel@tonic-gate set_curr_config(ptr); 13747c478bd9Sstevel@tonic-gate __s_api_release_config(ptr); 13757c478bd9Sstevel@tonic-gate } 13767c478bd9Sstevel@tonic-gate 13777c478bd9Sstevel@tonic-gate /* 13787c478bd9Sstevel@tonic-gate * Get the current configuration pointer and return it. 13797c478bd9Sstevel@tonic-gate * If necessary initialize or refresh the current 13807c478bd9Sstevel@tonic-gate * configuration as applicable. 13817c478bd9Sstevel@tonic-gate */ 13827c478bd9Sstevel@tonic-gate 13837c478bd9Sstevel@tonic-gate ns_config_t * 13847c478bd9Sstevel@tonic-gate __s_api_loadrefresh_config() 13857c478bd9Sstevel@tonic-gate { 13867c478bd9Sstevel@tonic-gate ns_config_t *cfg; 13877c478bd9Sstevel@tonic-gate ns_config_t *new_cfg; 13887c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 13897c478bd9Sstevel@tonic-gate 13907c478bd9Sstevel@tonic-gate /* We want to refresh only one configuration at a time */ 13917c478bd9Sstevel@tonic-gate (void) mutex_lock(&ns_loadrefresh_lock); 13927c478bd9Sstevel@tonic-gate cfg = __s_api_get_default_config(); 13937c478bd9Sstevel@tonic-gate 13947c478bd9Sstevel@tonic-gate /* (re)initialize configuration if necessary */ 13957c478bd9Sstevel@tonic-gate if (timetorefresh(cfg)) { 13967c478bd9Sstevel@tonic-gate new_cfg = LoadCacheConfiguration(&errorp); 13977c478bd9Sstevel@tonic-gate if (new_cfg != NULL) { 13987c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 13997c478bd9Sstevel@tonic-gate set_curr_config(new_cfg); 14007c478bd9Sstevel@tonic-gate cfg = new_cfg; 14017c478bd9Sstevel@tonic-gate } 14027c478bd9Sstevel@tonic-gate if (errorp != NULL) 14037c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 14047c478bd9Sstevel@tonic-gate } 14057c478bd9Sstevel@tonic-gate (void) mutex_unlock(&ns_loadrefresh_lock); 14067c478bd9Sstevel@tonic-gate return (cfg); 14077c478bd9Sstevel@tonic-gate } 14087c478bd9Sstevel@tonic-gate 14097c478bd9Sstevel@tonic-gate /* 14107c478bd9Sstevel@tonic-gate * In general this routine is not very usefull. Individual routines can be 14117c478bd9Sstevel@tonic-gate * created to do this job. Once that is done, this function can be removed. 14127c478bd9Sstevel@tonic-gate * Size of errstr buffer needs to be MAXERROR. 14137c478bd9Sstevel@tonic-gate */ 14147c478bd9Sstevel@tonic-gate static ns_parse_status 14157c478bd9Sstevel@tonic-gate verify_value(ns_config_t *cfg, char *name, char *value, char *errstr) 14167c478bd9Sstevel@tonic-gate { 14177c478bd9Sstevel@tonic-gate ParamIndexType index = 0; 14187c478bd9Sstevel@tonic-gate int found = 0, j; 14197c478bd9Sstevel@tonic-gate char *ptr = NULL, *strptr = NULL, buffer[BUFSIZE]; 14207c478bd9Sstevel@tonic-gate char *rest; 14217c478bd9Sstevel@tonic-gate ns_default_config *def = NULL; 14227c478bd9Sstevel@tonic-gate 14237c478bd9Sstevel@tonic-gate if (__s_api_get_type(name, &index) != 0) { 14247c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 1425*7ddae043Siz gettext("Unknown keyword encountered '%s'."), name); 14267c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 14277c478bd9Sstevel@tonic-gate } 14287c478bd9Sstevel@tonic-gate 14297c478bd9Sstevel@tonic-gate def = get_defconfig(cfg, index); 14307c478bd9Sstevel@tonic-gate 14317c478bd9Sstevel@tonic-gate /* eat up beginning quote, if any */ 14327c478bd9Sstevel@tonic-gate while (value != NULL && (*value == QUOTETOK || *value == SPACETOK)) 14337c478bd9Sstevel@tonic-gate value++; 14347c478bd9Sstevel@tonic-gate 14357c478bd9Sstevel@tonic-gate /* eat up space/quote at end of value */ 14367c478bd9Sstevel@tonic-gate if (strlen(value) > 0) 14377c478bd9Sstevel@tonic-gate ptr = value + strlen(value) - 1; 14387c478bd9Sstevel@tonic-gate else 14397c478bd9Sstevel@tonic-gate ptr = value; 14407c478bd9Sstevel@tonic-gate for (; ptr != value && (*ptr == SPACETOK || *ptr == QUOTETOK); ptr--) { 14417c478bd9Sstevel@tonic-gate *ptr = '\0'; 14427c478bd9Sstevel@tonic-gate } 14437c478bd9Sstevel@tonic-gate 14447c478bd9Sstevel@tonic-gate switch (index) { 14457c478bd9Sstevel@tonic-gate case NS_LDAP_EXP_P: 14467c478bd9Sstevel@tonic-gate case NS_LDAP_CACHETTL_P: 14477c478bd9Sstevel@tonic-gate case NS_LDAP_CERT_PATH_P: 14487c478bd9Sstevel@tonic-gate case NS_LDAP_CERT_PASS_P: 14497c478bd9Sstevel@tonic-gate case NS_LDAP_CERT_NICKNAME_P: 14507c478bd9Sstevel@tonic-gate case NS_LDAP_BINDDN_P: 14517c478bd9Sstevel@tonic-gate case NS_LDAP_BINDPASSWD_P: 14527c478bd9Sstevel@tonic-gate case NS_LDAP_DOMAIN_P: 14537c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_BASEDN_P: 14547c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_TIME_P: 14557c478bd9Sstevel@tonic-gate case NS_LDAP_PROFILE_P: 14567c478bd9Sstevel@tonic-gate case NS_LDAP_AUTH_P: 14577c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_SCOPE_P: 14587c478bd9Sstevel@tonic-gate case NS_LDAP_CREDENTIAL_LEVEL_P: 14597c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_SEARCH_DESC_P: 14607c478bd9Sstevel@tonic-gate case NS_LDAP_BIND_TIME_P: 14617c478bd9Sstevel@tonic-gate case NS_LDAP_ATTRIBUTEMAP_P: 14627c478bd9Sstevel@tonic-gate case NS_LDAP_OBJECTCLASSMAP_P: 14637c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_AUTH_METHOD_P: 14647c478bd9Sstevel@tonic-gate case NS_LDAP_SERVICE_CRED_LEVEL_P: 14657c478bd9Sstevel@tonic-gate case NS_LDAP_HOST_CERTPATH_P: 14667c478bd9Sstevel@tonic-gate break; 14677c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_DN_P: 14687c478bd9Sstevel@tonic-gate /* depreciated because of service descriptors */ 14697c478bd9Sstevel@tonic-gate /* Parse as appropriate at descriptor create time */ 14707c478bd9Sstevel@tonic-gate break; 14717c478bd9Sstevel@tonic-gate case NS_LDAP_FILE_VERSION_P: 14727c478bd9Sstevel@tonic-gate if (value != NULL && 1473*7ddae043Siz strcasecmp(value, NS_LDAP_VERSION_1) != 0 && 1474*7ddae043Siz strcasecmp(value, NS_LDAP_VERSION_2) != 0) { 14757c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 1476*7ddae043Siz gettext("Version mismatch, expected " 1477*7ddae043Siz "cache version '%s' or '%s' but " 1478*7ddae043Siz "encountered version '%s'."), 1479*7ddae043Siz NS_LDAP_VERSION_1, 1480*7ddae043Siz NS_LDAP_VERSION_2, value); 14817c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 14827c478bd9Sstevel@tonic-gate } 14837c478bd9Sstevel@tonic-gate break; 14847c478bd9Sstevel@tonic-gate case NS_LDAP_SERVERS_P: 14857c478bd9Sstevel@tonic-gate case NS_LDAP_SERVER_PREF_P: 14867c478bd9Sstevel@tonic-gate (void) strcpy(buffer, value); 14877c478bd9Sstevel@tonic-gate strptr = strtok_r(buffer, ",", &rest); 14887c478bd9Sstevel@tonic-gate while (strptr != NULL) { 14897c478bd9Sstevel@tonic-gate char *tmp = NULL; 14907c478bd9Sstevel@tonic-gate tmp = stripdup(strptr); 14917c478bd9Sstevel@tonic-gate if (tmp == NULL || (strchr(tmp, ' ') != NULL)) { 14927c478bd9Sstevel@tonic-gate (void) snprintf(errstr, MAXERROR, 14937c478bd9Sstevel@tonic-gate gettext("Invalid parameter values " 14947c478bd9Sstevel@tonic-gate "'%s' specified for keyword '%s'."), 14957c478bd9Sstevel@tonic-gate tmp, name); 14967c478bd9Sstevel@tonic-gate free(tmp); 14977c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 14987c478bd9Sstevel@tonic-gate } 14997c478bd9Sstevel@tonic-gate free(tmp); 15007c478bd9Sstevel@tonic-gate strptr = strtok_r(NULL, ",", &rest); 15017c478bd9Sstevel@tonic-gate } 15027c478bd9Sstevel@tonic-gate break; 15037c478bd9Sstevel@tonic-gate default: 15047c478bd9Sstevel@tonic-gate found = 0; j = 0; 15057c478bd9Sstevel@tonic-gate while (def->allowed != NULL && 1506*7ddae043Siz def->allowed[j].name != NULL && j < DEFMAX) { 15077c478bd9Sstevel@tonic-gate if (strcmp(def->allowed[j].name, 15087c478bd9Sstevel@tonic-gate value) == 0) { 15097c478bd9Sstevel@tonic-gate found = 1; 15107c478bd9Sstevel@tonic-gate break; 15117c478bd9Sstevel@tonic-gate } 15127c478bd9Sstevel@tonic-gate j++; 15137c478bd9Sstevel@tonic-gate } 15147c478bd9Sstevel@tonic-gate if (!found) { 1515*7ddae043Siz (void) snprintf(errstr, MAXERROR, 15167c478bd9Sstevel@tonic-gate gettext("Invalid option specified for " 15177c478bd9Sstevel@tonic-gate "'%s' keyword. '%s' is not a recognized " 15187c478bd9Sstevel@tonic-gate "keyword value."), name, value); 15197c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 15207c478bd9Sstevel@tonic-gate } 15217c478bd9Sstevel@tonic-gate } 15227c478bd9Sstevel@tonic-gate 15237c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 15247c478bd9Sstevel@tonic-gate } 15257c478bd9Sstevel@tonic-gate 15267c478bd9Sstevel@tonic-gate void 15277c478bd9Sstevel@tonic-gate __s_api_split_key_value(char *buffer, char **name, char **value) 15287c478bd9Sstevel@tonic-gate { 15297c478bd9Sstevel@tonic-gate char *ptr; 15307c478bd9Sstevel@tonic-gate 15317c478bd9Sstevel@tonic-gate *name = buffer; 15327c478bd9Sstevel@tonic-gate /* split into name value pair */ 15337c478bd9Sstevel@tonic-gate if ((ptr = strchr(buffer, TOKENSEPARATOR)) != NULL) { 15347c478bd9Sstevel@tonic-gate *ptr = '\0'; 15357c478bd9Sstevel@tonic-gate ptr++; 15367c478bd9Sstevel@tonic-gate /* trim whitespace */ 15377c478bd9Sstevel@tonic-gate while (*ptr == SPACETOK) 15387c478bd9Sstevel@tonic-gate ptr++; 15397c478bd9Sstevel@tonic-gate *value = ptr; 15407c478bd9Sstevel@tonic-gate } 15417c478bd9Sstevel@tonic-gate } 15427c478bd9Sstevel@tonic-gate 15437c478bd9Sstevel@tonic-gate /* 15447c478bd9Sstevel@tonic-gate * Set a parameter value in a generic configuration structure 15457c478bd9Sstevel@tonic-gate * Assume any necessary locks are in place. This routine would 15467c478bd9Sstevel@tonic-gate * be better named: __ns_ldap_translateString2Param 15477c478bd9Sstevel@tonic-gate * 15487c478bd9Sstevel@tonic-gate * This routine translates external string format into internal 15497c478bd9Sstevel@tonic-gate * param format and saves the result in the param table. 15507c478bd9Sstevel@tonic-gate */ 15517c478bd9Sstevel@tonic-gate int 15527c478bd9Sstevel@tonic-gate __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, 15537c478bd9Sstevel@tonic-gate const void *data, ns_ldap_error_t **error) 15547c478bd9Sstevel@tonic-gate { 15557c478bd9Sstevel@tonic-gate ns_default_config *def = NULL; 15567c478bd9Sstevel@tonic-gate ns_param_t conf; 15577c478bd9Sstevel@tonic-gate ns_mapping_t *map, *rmap; 15587c478bd9Sstevel@tonic-gate int i, j, len; 15597c478bd9Sstevel@tonic-gate char *cp, *cp2, *end; 15607c478bd9Sstevel@tonic-gate char *tcp = NULL; 15617c478bd9Sstevel@tonic-gate char errstr[2 * MAXERROR]; 15627c478bd9Sstevel@tonic-gate char tbuf[100], *ptbuf; 15637c478bd9Sstevel@tonic-gate char *sid, *origA, **mapA; 15647c478bd9Sstevel@tonic-gate char **attr; 15657c478bd9Sstevel@tonic-gate time_t tm; 15667c478bd9Sstevel@tonic-gate int free_memory, exitrc; 15677c478bd9Sstevel@tonic-gate char **p; 15687c478bd9Sstevel@tonic-gate 15697c478bd9Sstevel@tonic-gate /* Find ParamIndexType default configuration data */ 15707c478bd9Sstevel@tonic-gate def = get_defconfig(ptr, type); 15717c478bd9Sstevel@tonic-gate if (def == NULL) { 15727c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1573*7ddae043Siz gettext("Unable to set value: " 1574*7ddae043Siz "invalid ParamIndexType (%d)"), type); 15757c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), 1576*7ddae043Siz NULL); 15777c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 15787c478bd9Sstevel@tonic-gate } 15797c478bd9Sstevel@tonic-gate 15807c478bd9Sstevel@tonic-gate (void) memset(&conf, 0, sizeof (conf)); 15817c478bd9Sstevel@tonic-gate 15827c478bd9Sstevel@tonic-gate /* data is actually const char */ 15837c478bd9Sstevel@tonic-gate cp = (char *)data; 15847c478bd9Sstevel@tonic-gate 15857c478bd9Sstevel@tonic-gate /* eat up beginning quote, if any */ 15867c478bd9Sstevel@tonic-gate while (cp && (*cp == QUOTETOK || *cp == SPACETOK)) 15877c478bd9Sstevel@tonic-gate cp++; 15887c478bd9Sstevel@tonic-gate 15897c478bd9Sstevel@tonic-gate /* eat up space/quote at end of value */ 15907c478bd9Sstevel@tonic-gate end = cp2 = cp + strlen(cp) - 1; 15917c478bd9Sstevel@tonic-gate for (; cp2 > cp && (*cp2 == SPACETOK || *cp2 == QUOTETOK); cp2--) 15927c478bd9Sstevel@tonic-gate ; 15937c478bd9Sstevel@tonic-gate /* data is const, must duplicate */ 15947c478bd9Sstevel@tonic-gate if (cp2 != end) { 15957c478bd9Sstevel@tonic-gate tcp = (char *)calloc((int)(cp2 - cp + 2), sizeof (char)); 15967c478bd9Sstevel@tonic-gate if (tcp == NULL) 15977c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 15987c478bd9Sstevel@tonic-gate end = cp2; 15997c478bd9Sstevel@tonic-gate cp2 = tcp; 16007c478bd9Sstevel@tonic-gate while (cp <= end) { 16017c478bd9Sstevel@tonic-gate *cp2++ = *cp++; 16027c478bd9Sstevel@tonic-gate } 16037c478bd9Sstevel@tonic-gate *cp2 = '\0'; 16047c478bd9Sstevel@tonic-gate cp = tcp; 16057c478bd9Sstevel@tonic-gate } 16067c478bd9Sstevel@tonic-gate 16077c478bd9Sstevel@tonic-gate /* Parse data according to type */ 16087c478bd9Sstevel@tonic-gate switch (def->data_type) { 16097c478bd9Sstevel@tonic-gate case INT: 16107c478bd9Sstevel@tonic-gate switch (def->index) { 16117c478bd9Sstevel@tonic-gate case NS_LDAP_PREF_ONLY_P: 16127c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_REF_P: 16137c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_SCOPE_P: 16147c478bd9Sstevel@tonic-gate i = __s_get_enum_value(ptr, cp, def->index); 16157c478bd9Sstevel@tonic-gate if (i < 0) { 16167c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1617*7ddae043Siz gettext("Unable to set value: " 1618*7ddae043Siz "invalid %s (%d)"), def->name, 1619*7ddae043Siz def->index); 16207c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1621*7ddae043Siz strdup(errstr), NULL); 16227c478bd9Sstevel@tonic-gate if (tcp != NULL) 16237c478bd9Sstevel@tonic-gate free(tcp); 16247c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 16257c478bd9Sstevel@tonic-gate } 16267c478bd9Sstevel@tonic-gate conf.ns_i = i; 16277c478bd9Sstevel@tonic-gate break; 16287c478bd9Sstevel@tonic-gate case NS_LDAP_TRANSPORT_SEC_P: /* ignore TRANSPORT_SEC */ 16297c478bd9Sstevel@tonic-gate break; 16307c478bd9Sstevel@tonic-gate default: 16317c478bd9Sstevel@tonic-gate cp2 = cp; 16327c478bd9Sstevel@tonic-gate if ((*cp2 == '+') || (*cp2 == '-')) 16337c478bd9Sstevel@tonic-gate cp2++; 16347c478bd9Sstevel@tonic-gate for (/* empty */; *cp2; cp2++) { 16357c478bd9Sstevel@tonic-gate if (isdigit(*cp2)) 16367c478bd9Sstevel@tonic-gate continue; 16377c478bd9Sstevel@tonic-gate 16387c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1639*7ddae043Siz gettext("Unable to set value: " 1640*7ddae043Siz "invalid %s (%d)"), def->name, 1641*7ddae043Siz def->index); 16427c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1643*7ddae043Siz strdup(errstr), NULL); 16447c478bd9Sstevel@tonic-gate if (tcp != NULL) 16457c478bd9Sstevel@tonic-gate free(tcp); 16467c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 16477c478bd9Sstevel@tonic-gate } 16487c478bd9Sstevel@tonic-gate i = atoi(cp); 16497c478bd9Sstevel@tonic-gate conf.ns_i = i; 16507c478bd9Sstevel@tonic-gate break; 16517c478bd9Sstevel@tonic-gate } 16527c478bd9Sstevel@tonic-gate break; 16537c478bd9Sstevel@tonic-gate case TIMET: 16547c478bd9Sstevel@tonic-gate /* Do nothing with a TIMET. Initialize it below */ 16557c478bd9Sstevel@tonic-gate break; 16567c478bd9Sstevel@tonic-gate case CHARPTR: 16577c478bd9Sstevel@tonic-gate conf.ns_pc = (char *)strdup(cp); 16587c478bd9Sstevel@tonic-gate if (conf.ns_pc == NULL) { 16597c478bd9Sstevel@tonic-gate if (tcp != NULL) 16607c478bd9Sstevel@tonic-gate free(tcp); 16617c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 16627c478bd9Sstevel@tonic-gate } 16637c478bd9Sstevel@tonic-gate break; 16647c478bd9Sstevel@tonic-gate case SAMLIST: 16657c478bd9Sstevel@tonic-gate /* first check to see if colon (:) is there */ 16667c478bd9Sstevel@tonic-gate if ((strchr(cp, COLONTOK)) == NULL) { 16677c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1668*7ddae043Siz gettext("Unable to set value: " 1669*7ddae043Siz "invalid serviceAuthenticationMethod (%s)"), 1670*7ddae043Siz cp); 16717c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1672*7ddae043Siz strdup(errstr), NULL); 16737c478bd9Sstevel@tonic-gate if (tcp != NULL) 16747c478bd9Sstevel@tonic-gate free(tcp); 16757c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 16767c478bd9Sstevel@tonic-gate } 16777c478bd9Sstevel@tonic-gate /* Appends an entry to the existing list */ 16787c478bd9Sstevel@tonic-gate if (ptr->paramList[type].ns_ptype != SAMLIST) { 16797c478bd9Sstevel@tonic-gate conf.ns_ppc = (char **)calloc(2, sizeof (char *)); 16807c478bd9Sstevel@tonic-gate if (conf.ns_ppc == NULL) { 16817c478bd9Sstevel@tonic-gate if (tcp != NULL) 16827c478bd9Sstevel@tonic-gate free(tcp); 16837c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 16847c478bd9Sstevel@tonic-gate } 16857c478bd9Sstevel@tonic-gate conf.ns_acnt = 1; 16867c478bd9Sstevel@tonic-gate conf.ns_ppc[0] = (char *)strdup(cp); 16877c478bd9Sstevel@tonic-gate if (conf.ns_ppc[0] == NULL) { 16887c478bd9Sstevel@tonic-gate free(conf.ns_ppc); 16897c478bd9Sstevel@tonic-gate if (tcp != NULL) 16907c478bd9Sstevel@tonic-gate free(tcp); 16917c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 16927c478bd9Sstevel@tonic-gate } 16937c478bd9Sstevel@tonic-gate } else { 16947c478bd9Sstevel@tonic-gate char *dp, *dpend; 16957c478bd9Sstevel@tonic-gate int fnd = 0; 16967c478bd9Sstevel@tonic-gate 16977c478bd9Sstevel@tonic-gate /* Attempt to replace if possible */ 16987c478bd9Sstevel@tonic-gate dpend = strchr(cp, COLONTOK); 16997c478bd9Sstevel@tonic-gate len = dpend - cp; 17007c478bd9Sstevel@tonic-gate dp = (char *)malloc(len+1); 17017c478bd9Sstevel@tonic-gate if (dp == NULL) { 17027c478bd9Sstevel@tonic-gate if (tcp != NULL) 17037c478bd9Sstevel@tonic-gate free(tcp); 17047c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 17057c478bd9Sstevel@tonic-gate } 17067c478bd9Sstevel@tonic-gate (void) strlcpy(dp, cp, len+1); 17077c478bd9Sstevel@tonic-gate fnd = 0; 17087c478bd9Sstevel@tonic-gate for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { 17097c478bd9Sstevel@tonic-gate dpend = strchr(ptr->paramList[type].ns_ppc[j], 1710*7ddae043Siz COLONTOK); 17117c478bd9Sstevel@tonic-gate if (dpend == NULL) 17127c478bd9Sstevel@tonic-gate continue; 17137c478bd9Sstevel@tonic-gate i = dpend - ptr->paramList[type].ns_ppc[j]; 17147c478bd9Sstevel@tonic-gate if (i != len) 17157c478bd9Sstevel@tonic-gate continue; 17167c478bd9Sstevel@tonic-gate if (strncmp(ptr->paramList[type].ns_ppc[j], 1717*7ddae043Siz dp, len) == 0) { 17187c478bd9Sstevel@tonic-gate conf.ns_acnt = 1719*7ddae043Siz ptr->paramList[type].ns_acnt; 17207c478bd9Sstevel@tonic-gate conf.ns_ppc = 1721*7ddae043Siz ptr->paramList[type].ns_ppc; 17227c478bd9Sstevel@tonic-gate ptr->paramList[type].ns_ppc = NULL; 17237c478bd9Sstevel@tonic-gate free(conf.ns_ppc[j]); 17247c478bd9Sstevel@tonic-gate conf.ns_ppc[j] = (char *)strdup(cp); 17257c478bd9Sstevel@tonic-gate if (conf.ns_ppc[j] == NULL) { 17267c478bd9Sstevel@tonic-gate free(dp); 17277c478bd9Sstevel@tonic-gate __s_api_free2dArray 1728*7ddae043Siz (conf.ns_ppc); 17297c478bd9Sstevel@tonic-gate if (tcp != NULL) 17307c478bd9Sstevel@tonic-gate free(tcp); 17317c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 17327c478bd9Sstevel@tonic-gate } 17337c478bd9Sstevel@tonic-gate fnd = 1; 17347c478bd9Sstevel@tonic-gate break; 17357c478bd9Sstevel@tonic-gate } 17367c478bd9Sstevel@tonic-gate } 17377c478bd9Sstevel@tonic-gate free(dp); 17387c478bd9Sstevel@tonic-gate 17397c478bd9Sstevel@tonic-gate if (fnd) 17407c478bd9Sstevel@tonic-gate break; /* Replaced completed */ 17417c478bd9Sstevel@tonic-gate 17427c478bd9Sstevel@tonic-gate /* Append */ 17437c478bd9Sstevel@tonic-gate len = ptr->paramList[type].ns_acnt + 1; 17447c478bd9Sstevel@tonic-gate if (len > 1) { 17457c478bd9Sstevel@tonic-gate p = (char **)dupParam(&ptr->paramList[type]); 17467c478bd9Sstevel@tonic-gate if (p == NULL) { 17477c478bd9Sstevel@tonic-gate if (tcp != NULL) 17487c478bd9Sstevel@tonic-gate free(tcp); 17497c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 17507c478bd9Sstevel@tonic-gate } 17517c478bd9Sstevel@tonic-gate } else 17527c478bd9Sstevel@tonic-gate p = NULL; 17537c478bd9Sstevel@tonic-gate conf.ns_ppc = 1754*7ddae043Siz (char **)realloc(p, (len+1) * sizeof (char *)); 17557c478bd9Sstevel@tonic-gate if (conf.ns_ppc == NULL) { 17567c478bd9Sstevel@tonic-gate __s_api_free2dArray(p); 17577c478bd9Sstevel@tonic-gate if (tcp != NULL) 17587c478bd9Sstevel@tonic-gate free(tcp); 17597c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 17607c478bd9Sstevel@tonic-gate } 17617c478bd9Sstevel@tonic-gate conf.ns_acnt = len; 17627c478bd9Sstevel@tonic-gate conf.ns_ppc[len-1] = (char *)strdup(cp); 17637c478bd9Sstevel@tonic-gate if (conf.ns_ppc[len-1] == NULL) { 17647c478bd9Sstevel@tonic-gate __s_api_free2dArray(conf.ns_ppc); 17657c478bd9Sstevel@tonic-gate if (tcp != NULL) 17667c478bd9Sstevel@tonic-gate free(tcp); 17677c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 17687c478bd9Sstevel@tonic-gate } 17697c478bd9Sstevel@tonic-gate conf.ns_ppc[len] = NULL; 17707c478bd9Sstevel@tonic-gate } 17717c478bd9Sstevel@tonic-gate break; 17727c478bd9Sstevel@tonic-gate case SCLLIST: 17737c478bd9Sstevel@tonic-gate /* first check to see if colon (:) is there */ 17747c478bd9Sstevel@tonic-gate if ((strchr(cp, COLONTOK)) == NULL) { 17757c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1776*7ddae043Siz gettext("Unable to set value: " 1777*7ddae043Siz "invalid serviceCredentialLevel (%s)"), 1778*7ddae043Siz cp); 17797c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1780*7ddae043Siz strdup(errstr), NULL); 17817c478bd9Sstevel@tonic-gate if (tcp != NULL) 17827c478bd9Sstevel@tonic-gate free(tcp); 17837c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 17847c478bd9Sstevel@tonic-gate } 17857c478bd9Sstevel@tonic-gate /* Appends an entry to the existing list */ 17867c478bd9Sstevel@tonic-gate if (ptr->paramList[type].ns_ptype != SCLLIST) { 17877c478bd9Sstevel@tonic-gate conf.ns_ppc = (char **)calloc(2, sizeof (char *)); 17887c478bd9Sstevel@tonic-gate if (conf.ns_ppc == NULL) { 17897c478bd9Sstevel@tonic-gate if (tcp != NULL) 17907c478bd9Sstevel@tonic-gate free(tcp); 17917c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 17927c478bd9Sstevel@tonic-gate } 17937c478bd9Sstevel@tonic-gate conf.ns_acnt = 1; 17947c478bd9Sstevel@tonic-gate conf.ns_ppc[0] = (char *)strdup(cp); 17957c478bd9Sstevel@tonic-gate if (conf.ns_ppc[0] == NULL) { 17967c478bd9Sstevel@tonic-gate free(conf.ns_ppc); 17977c478bd9Sstevel@tonic-gate if (tcp != NULL) 17987c478bd9Sstevel@tonic-gate free(tcp); 17997c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 18007c478bd9Sstevel@tonic-gate } 18017c478bd9Sstevel@tonic-gate } else { 18027c478bd9Sstevel@tonic-gate char *dp, *dpend; 18037c478bd9Sstevel@tonic-gate int fnd = 0; 18047c478bd9Sstevel@tonic-gate 18057c478bd9Sstevel@tonic-gate /* Attempt to replace if possible */ 18067c478bd9Sstevel@tonic-gate dpend = strchr(cp, COLONTOK); 18077c478bd9Sstevel@tonic-gate len = dpend - cp; 18087c478bd9Sstevel@tonic-gate dp = (char *)malloc(len+1); 18097c478bd9Sstevel@tonic-gate if (dp == NULL) { 18107c478bd9Sstevel@tonic-gate if (tcp != NULL) 18117c478bd9Sstevel@tonic-gate free(tcp); 18127c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 18137c478bd9Sstevel@tonic-gate } 18147c478bd9Sstevel@tonic-gate (void) strlcpy(dp, cp, len+1); 18157c478bd9Sstevel@tonic-gate fnd = 0; 18167c478bd9Sstevel@tonic-gate for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { 18177c478bd9Sstevel@tonic-gate dpend = strchr(ptr->paramList[type].ns_ppc[j], 1818*7ddae043Siz COLONTOK); 18197c478bd9Sstevel@tonic-gate if (dpend == NULL) 18207c478bd9Sstevel@tonic-gate continue; 18217c478bd9Sstevel@tonic-gate i = dpend - ptr->paramList[type].ns_ppc[j]; 18227c478bd9Sstevel@tonic-gate if (i != len) 18237c478bd9Sstevel@tonic-gate continue; 18247c478bd9Sstevel@tonic-gate if (strncmp(ptr->paramList[type].ns_ppc[j], 1825*7ddae043Siz dp, len) == 0) { 18267c478bd9Sstevel@tonic-gate conf.ns_acnt = 1827*7ddae043Siz ptr->paramList[type].ns_acnt; 18287c478bd9Sstevel@tonic-gate conf.ns_ppc = 1829*7ddae043Siz ptr->paramList[type].ns_ppc; 18307c478bd9Sstevel@tonic-gate ptr->paramList[type].ns_ppc = NULL; 18317c478bd9Sstevel@tonic-gate free(conf.ns_ppc[j]); 18327c478bd9Sstevel@tonic-gate conf.ns_ppc[j] = (char *)strdup(cp); 18337c478bd9Sstevel@tonic-gate if (conf.ns_ppc[j] == NULL) { 18347c478bd9Sstevel@tonic-gate free(dp); 18357c478bd9Sstevel@tonic-gate __s_api_free2dArray 1836*7ddae043Siz (conf.ns_ppc); 18377c478bd9Sstevel@tonic-gate if (tcp != NULL) 18387c478bd9Sstevel@tonic-gate free(tcp); 18397c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 18407c478bd9Sstevel@tonic-gate } 18417c478bd9Sstevel@tonic-gate fnd = 1; 18427c478bd9Sstevel@tonic-gate break; 18437c478bd9Sstevel@tonic-gate } 18447c478bd9Sstevel@tonic-gate } 18457c478bd9Sstevel@tonic-gate free(dp); 18467c478bd9Sstevel@tonic-gate 18477c478bd9Sstevel@tonic-gate if (fnd) 18487c478bd9Sstevel@tonic-gate break; /* Replaced completed */ 18497c478bd9Sstevel@tonic-gate 18507c478bd9Sstevel@tonic-gate /* Append */ 18517c478bd9Sstevel@tonic-gate len = ptr->paramList[type].ns_acnt + 1; 18527c478bd9Sstevel@tonic-gate if (len > 1) { 18537c478bd9Sstevel@tonic-gate p = (char **)dupParam(&ptr->paramList[type]); 18547c478bd9Sstevel@tonic-gate if (p == NULL) { 18557c478bd9Sstevel@tonic-gate if (tcp != NULL) 18567c478bd9Sstevel@tonic-gate free(tcp); 18577c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 18587c478bd9Sstevel@tonic-gate } 18597c478bd9Sstevel@tonic-gate } else 18607c478bd9Sstevel@tonic-gate p = NULL; 18617c478bd9Sstevel@tonic-gate conf.ns_ppc = 1862*7ddae043Siz (char **)realloc(p, (len+1) * sizeof (char *)); 18637c478bd9Sstevel@tonic-gate if (conf.ns_ppc == NULL) { 18647c478bd9Sstevel@tonic-gate __s_api_free2dArray(p); 18657c478bd9Sstevel@tonic-gate if (tcp != NULL) 18667c478bd9Sstevel@tonic-gate free(tcp); 18677c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 18687c478bd9Sstevel@tonic-gate } 18697c478bd9Sstevel@tonic-gate conf.ns_acnt = len; 18707c478bd9Sstevel@tonic-gate conf.ns_ppc[len-1] = (char *)strdup(cp); 18717c478bd9Sstevel@tonic-gate if (conf.ns_ppc[len-1] == NULL) { 18727c478bd9Sstevel@tonic-gate __s_api_free2dArray(conf.ns_ppc); 18737c478bd9Sstevel@tonic-gate if (tcp != NULL) 18747c478bd9Sstevel@tonic-gate free(tcp); 18757c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 18767c478bd9Sstevel@tonic-gate } 18777c478bd9Sstevel@tonic-gate conf.ns_ppc[len] = NULL; 18787c478bd9Sstevel@tonic-gate } 18797c478bd9Sstevel@tonic-gate break; 18807c478bd9Sstevel@tonic-gate case SSDLIST: 18817c478bd9Sstevel@tonic-gate /* 18827c478bd9Sstevel@tonic-gate * first check to see if colon (:) is there, 18837c478bd9Sstevel@tonic-gate * if so, make sure the serviceId is specified, 18847c478bd9Sstevel@tonic-gate * i.e., colon is not the first character 18857c478bd9Sstevel@tonic-gate */ 18867c478bd9Sstevel@tonic-gate if ((strchr(cp, COLONTOK)) == NULL || *cp == COLONTOK) { 18877c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 1888*7ddae043Siz gettext("Unable to set value: " 1889*7ddae043Siz "invalid serviceSearchDescriptor (%s)"), 1890*7ddae043Siz cp); 18917c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 1892*7ddae043Siz strdup(errstr), NULL); 18937c478bd9Sstevel@tonic-gate if (tcp != NULL) 18947c478bd9Sstevel@tonic-gate free(tcp); 18957c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 18967c478bd9Sstevel@tonic-gate } 18977c478bd9Sstevel@tonic-gate /* Appends an entry to the existing list */ 18987c478bd9Sstevel@tonic-gate if (ptr->paramList[type].ns_ptype != SSDLIST) { 18997c478bd9Sstevel@tonic-gate conf.ns_ppc = (char **)calloc(2, sizeof (char *)); 19007c478bd9Sstevel@tonic-gate if (conf.ns_ppc == NULL) { 19017c478bd9Sstevel@tonic-gate if (tcp != NULL) 19027c478bd9Sstevel@tonic-gate free(tcp); 19037c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 19047c478bd9Sstevel@tonic-gate } 19057c478bd9Sstevel@tonic-gate conf.ns_acnt = 1; 19067c478bd9Sstevel@tonic-gate conf.ns_ppc[0] = (char *)strdup(cp); 19077c478bd9Sstevel@tonic-gate if (conf.ns_ppc[0] == NULL) { 19087c478bd9Sstevel@tonic-gate free(conf.ns_ppc); 19097c478bd9Sstevel@tonic-gate if (tcp != NULL) 19107c478bd9Sstevel@tonic-gate free(tcp); 19117c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 19127c478bd9Sstevel@tonic-gate } 19137c478bd9Sstevel@tonic-gate } else { 19147c478bd9Sstevel@tonic-gate char *dp, *dpend; 19157c478bd9Sstevel@tonic-gate int fnd = 0; 19167c478bd9Sstevel@tonic-gate 19177c478bd9Sstevel@tonic-gate /* Attempt to replace if possible */ 19187c478bd9Sstevel@tonic-gate dpend = strchr(cp, COLONTOK); 19197c478bd9Sstevel@tonic-gate len = dpend - cp; 19207c478bd9Sstevel@tonic-gate dp = (char *)malloc(len+1); 19217c478bd9Sstevel@tonic-gate if (dp == NULL) { 19227c478bd9Sstevel@tonic-gate if (tcp != NULL) 19237c478bd9Sstevel@tonic-gate free(tcp); 19247c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 19257c478bd9Sstevel@tonic-gate } 19267c478bd9Sstevel@tonic-gate (void) strlcpy(dp, cp, len+1); 19277c478bd9Sstevel@tonic-gate fnd = 0; 19287c478bd9Sstevel@tonic-gate for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { 19297c478bd9Sstevel@tonic-gate dpend = strchr(ptr->paramList[type].ns_ppc[j], 1930*7ddae043Siz COLONTOK); 19317c478bd9Sstevel@tonic-gate if (dpend == NULL) 19327c478bd9Sstevel@tonic-gate continue; 19337c478bd9Sstevel@tonic-gate i = dpend - ptr->paramList[type].ns_ppc[j]; 19347c478bd9Sstevel@tonic-gate if (i != len) 19357c478bd9Sstevel@tonic-gate continue; 19367c478bd9Sstevel@tonic-gate if (strncmp(ptr->paramList[type].ns_ppc[j], 1937*7ddae043Siz dp, len) == 0) { 19387c478bd9Sstevel@tonic-gate conf.ns_acnt = 1939*7ddae043Siz ptr->paramList[type].ns_acnt; 19407c478bd9Sstevel@tonic-gate conf.ns_ppc = 1941*7ddae043Siz ptr->paramList[type].ns_ppc; 19427c478bd9Sstevel@tonic-gate ptr->paramList[type].ns_ppc = NULL; 19437c478bd9Sstevel@tonic-gate free(conf.ns_ppc[j]); 19447c478bd9Sstevel@tonic-gate conf.ns_ppc[j] = (char *)strdup(cp); 19457c478bd9Sstevel@tonic-gate if (conf.ns_ppc[j] == NULL) { 19467c478bd9Sstevel@tonic-gate free(dp); 19477c478bd9Sstevel@tonic-gate __s_api_free2dArray 1948*7ddae043Siz (conf.ns_ppc); 19497c478bd9Sstevel@tonic-gate if (tcp != NULL) 19507c478bd9Sstevel@tonic-gate free(tcp); 19517c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 19527c478bd9Sstevel@tonic-gate } 19537c478bd9Sstevel@tonic-gate fnd = 1; 19547c478bd9Sstevel@tonic-gate break; 19557c478bd9Sstevel@tonic-gate } 19567c478bd9Sstevel@tonic-gate } 19577c478bd9Sstevel@tonic-gate free(dp); 19587c478bd9Sstevel@tonic-gate 19597c478bd9Sstevel@tonic-gate if (fnd) 19607c478bd9Sstevel@tonic-gate break; /* Replaced completed */ 19617c478bd9Sstevel@tonic-gate 19627c478bd9Sstevel@tonic-gate /* Append */ 19637c478bd9Sstevel@tonic-gate len = ptr->paramList[type].ns_acnt + 1; 19647c478bd9Sstevel@tonic-gate if (len > 1) { 19657c478bd9Sstevel@tonic-gate p = (char **)dupParam(&ptr->paramList[type]); 19667c478bd9Sstevel@tonic-gate if (p == NULL) { 19677c478bd9Sstevel@tonic-gate if (tcp != NULL) 19687c478bd9Sstevel@tonic-gate free(tcp); 19697c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 19707c478bd9Sstevel@tonic-gate } 19717c478bd9Sstevel@tonic-gate } else 19727c478bd9Sstevel@tonic-gate p = NULL; 19737c478bd9Sstevel@tonic-gate conf.ns_ppc = 1974*7ddae043Siz (char **)realloc(p, (len+1) * sizeof (char *)); 19757c478bd9Sstevel@tonic-gate if (conf.ns_ppc == NULL) { 19767c478bd9Sstevel@tonic-gate __s_api_free2dArray(p); 19777c478bd9Sstevel@tonic-gate if (tcp != NULL) 19787c478bd9Sstevel@tonic-gate free(tcp); 19797c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 19807c478bd9Sstevel@tonic-gate } 19817c478bd9Sstevel@tonic-gate conf.ns_acnt = len; 19827c478bd9Sstevel@tonic-gate conf.ns_ppc[len-1] = (char *)strdup(cp); 19837c478bd9Sstevel@tonic-gate if (conf.ns_ppc[len-1] == NULL) { 19847c478bd9Sstevel@tonic-gate __s_api_free2dArray(conf.ns_ppc); 19857c478bd9Sstevel@tonic-gate if (tcp != NULL) 19867c478bd9Sstevel@tonic-gate free(tcp); 19877c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 19887c478bd9Sstevel@tonic-gate } 19897c478bd9Sstevel@tonic-gate conf.ns_ppc[len] = NULL; 19907c478bd9Sstevel@tonic-gate } 19917c478bd9Sstevel@tonic-gate break; 19927c478bd9Sstevel@tonic-gate case ARRAYCP: 19937c478bd9Sstevel@tonic-gate len = 0; 19947c478bd9Sstevel@tonic-gate for (cp2 = cp; *cp2; cp2++) { 19957c478bd9Sstevel@tonic-gate if (*cp2 == COMMATOK) 19967c478bd9Sstevel@tonic-gate len++; 19977c478bd9Sstevel@tonic-gate } 19987c478bd9Sstevel@tonic-gate if (cp != cp2) 19997c478bd9Sstevel@tonic-gate len++; 20007c478bd9Sstevel@tonic-gate if (len == 0) { 20017c478bd9Sstevel@tonic-gate conf.ns_ppc = (char **)NULL; 20027c478bd9Sstevel@tonic-gate conf.ns_acnt = 0; 20037c478bd9Sstevel@tonic-gate break; 20047c478bd9Sstevel@tonic-gate } 20057c478bd9Sstevel@tonic-gate conf.ns_ppc = (char **)calloc(len + 1, sizeof (char *)); 20067c478bd9Sstevel@tonic-gate if (conf.ns_ppc == NULL) { 20077c478bd9Sstevel@tonic-gate if (tcp != NULL) 20087c478bd9Sstevel@tonic-gate free(tcp); 20097c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 20107c478bd9Sstevel@tonic-gate } 20117c478bd9Sstevel@tonic-gate conf.ns_acnt = len; 20127c478bd9Sstevel@tonic-gate i = 0; 20137c478bd9Sstevel@tonic-gate for (cp2 = cp; *cp2; cp2++) { 20147c478bd9Sstevel@tonic-gate if (*cp2 == COMMATOK) { 20157c478bd9Sstevel@tonic-gate j = cp2 - cp + 1; 20167c478bd9Sstevel@tonic-gate conf.ns_ppc[i] = (char *)malloc(j + 1); 20177c478bd9Sstevel@tonic-gate if (conf.ns_ppc[i] == NULL) { 20187c478bd9Sstevel@tonic-gate __s_api_free2dArray(conf.ns_ppc); 20197c478bd9Sstevel@tonic-gate if (tcp != NULL) 20207c478bd9Sstevel@tonic-gate free(tcp); 20217c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 20227c478bd9Sstevel@tonic-gate } 20237c478bd9Sstevel@tonic-gate (void) strlcpy(conf.ns_ppc[i], cp, j); 20247c478bd9Sstevel@tonic-gate cp = cp2+1; 20257c478bd9Sstevel@tonic-gate while (*cp == SPACETOK || *cp == COMMATOK) 20267c478bd9Sstevel@tonic-gate cp++; 20277c478bd9Sstevel@tonic-gate cp2 = cp - 1; 20287c478bd9Sstevel@tonic-gate i++; 20297c478bd9Sstevel@tonic-gate } 20307c478bd9Sstevel@tonic-gate } 20317c478bd9Sstevel@tonic-gate j = cp2 - cp + 1; 20327c478bd9Sstevel@tonic-gate conf.ns_ppc[i] = (char *)malloc(j + 1); 20337c478bd9Sstevel@tonic-gate if (conf.ns_ppc[i] == NULL) { 20347c478bd9Sstevel@tonic-gate __s_api_free2dArray(conf.ns_ppc); 20357c478bd9Sstevel@tonic-gate if (tcp != NULL) 20367c478bd9Sstevel@tonic-gate free(tcp); 20377c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 20387c478bd9Sstevel@tonic-gate } 20397c478bd9Sstevel@tonic-gate (void) strlcpy(conf.ns_ppc[i], cp, j); 20407c478bd9Sstevel@tonic-gate break; 20417c478bd9Sstevel@tonic-gate case SERVLIST: 20427c478bd9Sstevel@tonic-gate len = 0; 20437c478bd9Sstevel@tonic-gate for (cp2 = cp; *cp2; cp2++) { 20447c478bd9Sstevel@tonic-gate if (*cp2 == SPACETOK || *cp2 == COMMATOK) { 20457c478bd9Sstevel@tonic-gate len++; 20467c478bd9Sstevel@tonic-gate for (; *(cp2 + 1) == SPACETOK || 2047*7ddae043Siz *(cp2 +1) == COMMATOK; cp2++) 20487c478bd9Sstevel@tonic-gate ; 20497c478bd9Sstevel@tonic-gate } 20507c478bd9Sstevel@tonic-gate } 20517c478bd9Sstevel@tonic-gate if (cp != cp2) 20527c478bd9Sstevel@tonic-gate len++; 20537c478bd9Sstevel@tonic-gate if (len == 0) { 20547c478bd9Sstevel@tonic-gate conf.ns_ppc = (char **)NULL; 20557c478bd9Sstevel@tonic-gate conf.ns_acnt = 0; 20567c478bd9Sstevel@tonic-gate break; 20577c478bd9Sstevel@tonic-gate } 20587c478bd9Sstevel@tonic-gate conf.ns_ppc = (char **)calloc(len + 1, sizeof (char *)); 20597c478bd9Sstevel@tonic-gate if (conf.ns_ppc == NULL) { 20607c478bd9Sstevel@tonic-gate if (tcp != NULL) 20617c478bd9Sstevel@tonic-gate free(tcp); 20627c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 20637c478bd9Sstevel@tonic-gate } 20647c478bd9Sstevel@tonic-gate conf.ns_acnt = len; 20657c478bd9Sstevel@tonic-gate i = 0; 20667c478bd9Sstevel@tonic-gate for (cp2 = cp; *cp2; cp2++) { 20677c478bd9Sstevel@tonic-gate if (*cp2 == SPACETOK || *cp2 == COMMATOK) { 20687c478bd9Sstevel@tonic-gate j = cp2 - cp + 1; 20697c478bd9Sstevel@tonic-gate conf.ns_ppc[i] = (char *)malloc(j + 1); 20707c478bd9Sstevel@tonic-gate if (conf.ns_ppc[i] == NULL) { 20717c478bd9Sstevel@tonic-gate __s_api_free2dArray(conf.ns_ppc); 20727c478bd9Sstevel@tonic-gate if (tcp != NULL) 20737c478bd9Sstevel@tonic-gate free(tcp); 20747c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 20757c478bd9Sstevel@tonic-gate } 20767c478bd9Sstevel@tonic-gate (void) strlcpy(conf.ns_ppc[i], cp, j); 20777c478bd9Sstevel@tonic-gate cp = cp2+1; 20787c478bd9Sstevel@tonic-gate while (*cp == SPACETOK || *cp == COMMATOK) 20797c478bd9Sstevel@tonic-gate cp++; 20807c478bd9Sstevel@tonic-gate cp2 = cp - 1; 20817c478bd9Sstevel@tonic-gate i++; 20827c478bd9Sstevel@tonic-gate } 20837c478bd9Sstevel@tonic-gate } 20847c478bd9Sstevel@tonic-gate j = cp2 - cp + 1; 20857c478bd9Sstevel@tonic-gate conf.ns_ppc[i] = (char *)malloc(j + 1); 20867c478bd9Sstevel@tonic-gate if (conf.ns_ppc[i] == NULL) { 20877c478bd9Sstevel@tonic-gate __s_api_free2dArray(conf.ns_ppc); 20887c478bd9Sstevel@tonic-gate if (tcp != NULL) 20897c478bd9Sstevel@tonic-gate free(tcp); 20907c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 20917c478bd9Sstevel@tonic-gate } 20927c478bd9Sstevel@tonic-gate (void) strlcpy(conf.ns_ppc[i], cp, j); 20937c478bd9Sstevel@tonic-gate break; 20947c478bd9Sstevel@tonic-gate case ARRAYAUTH: 20957c478bd9Sstevel@tonic-gate len = 0; 20967c478bd9Sstevel@tonic-gate for (cp2 = cp; *cp2; cp2++) { 20977c478bd9Sstevel@tonic-gate if (*cp2 == SEMITOK || *cp2 == COMMATOK) 20987c478bd9Sstevel@tonic-gate len++; 20997c478bd9Sstevel@tonic-gate } 21007c478bd9Sstevel@tonic-gate if (cp != cp2) 21017c478bd9Sstevel@tonic-gate len++; 21027c478bd9Sstevel@tonic-gate if (len == 0) { 21037c478bd9Sstevel@tonic-gate conf.ns_pi = (int *)NULL; 21047c478bd9Sstevel@tonic-gate conf.ns_acnt = 0; 21057c478bd9Sstevel@tonic-gate break; 21067c478bd9Sstevel@tonic-gate } 21077c478bd9Sstevel@tonic-gate conf.ns_pi = (int *)calloc(len + 1, sizeof (int)); 21087c478bd9Sstevel@tonic-gate if (conf.ns_pi == NULL) { 21097c478bd9Sstevel@tonic-gate if (tcp != NULL) 21107c478bd9Sstevel@tonic-gate free(tcp); 21117c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 21127c478bd9Sstevel@tonic-gate } 21137c478bd9Sstevel@tonic-gate conf.ns_acnt = len; 21147c478bd9Sstevel@tonic-gate i = 0; 21157c478bd9Sstevel@tonic-gate for (cp2 = cp; *cp2; cp2++) { 21167c478bd9Sstevel@tonic-gate if (*cp2 == SEMITOK || *cp2 == COMMATOK) { 21177c478bd9Sstevel@tonic-gate j = cp2 - cp + 1; 21187c478bd9Sstevel@tonic-gate if (j > sizeof (tbuf)) { 21197c478bd9Sstevel@tonic-gate j = -1; 21207c478bd9Sstevel@tonic-gate ptbuf = cp; 21217c478bd9Sstevel@tonic-gate } else { 21227c478bd9Sstevel@tonic-gate (void) strlcpy(tbuf, cp, j); 21237c478bd9Sstevel@tonic-gate j = __s_get_enum_value(ptr, tbuf, 2124*7ddae043Siz def->index); 21257c478bd9Sstevel@tonic-gate ptbuf = tbuf; 21267c478bd9Sstevel@tonic-gate } 21277c478bd9Sstevel@tonic-gate if (j < 0) { 21287c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2129*7ddae043Siz gettext("Unable to set value: " 2130*7ddae043Siz "invalid " 2131*7ddae043Siz "authenticationMethod (%s)"), 2132*7ddae043Siz ptbuf); 21337c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, 2134*7ddae043Siz NS_CONFIG_SYNTAX, 2135*7ddae043Siz strdup(errstr), NULL); 21367c478bd9Sstevel@tonic-gate free(conf.ns_pi); 21377c478bd9Sstevel@tonic-gate if (tcp != NULL) 21387c478bd9Sstevel@tonic-gate free(tcp); 21397c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 21407c478bd9Sstevel@tonic-gate } 21417c478bd9Sstevel@tonic-gate conf.ns_pi[i] = j; 21427c478bd9Sstevel@tonic-gate cp = cp2+1; 21437c478bd9Sstevel@tonic-gate i++; 21447c478bd9Sstevel@tonic-gate } 21457c478bd9Sstevel@tonic-gate } 21467c478bd9Sstevel@tonic-gate j = cp2 - cp + 1; 21477c478bd9Sstevel@tonic-gate if (j > sizeof (tbuf)) { 21487c478bd9Sstevel@tonic-gate j = -1; 21497c478bd9Sstevel@tonic-gate ptbuf = cp; 21507c478bd9Sstevel@tonic-gate } else { 21517c478bd9Sstevel@tonic-gate (void) strlcpy(tbuf, cp, j); 21527c478bd9Sstevel@tonic-gate j = __s_get_enum_value(ptr, tbuf, def->index); 21537c478bd9Sstevel@tonic-gate ptbuf = tbuf; 21547c478bd9Sstevel@tonic-gate } 21557c478bd9Sstevel@tonic-gate if (j < 0) { 21567c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2157*7ddae043Siz gettext("Unable to set value: " 2158*7ddae043Siz "invalid authenticationMethod (%s)"), ptbuf); 21597c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 2160*7ddae043Siz strdup(errstr), NULL); 21617c478bd9Sstevel@tonic-gate if (tcp != NULL) 21627c478bd9Sstevel@tonic-gate free(tcp); 21637c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 21647c478bd9Sstevel@tonic-gate } 21657c478bd9Sstevel@tonic-gate conf.ns_pi[i] = j; 21667c478bd9Sstevel@tonic-gate break; 21677c478bd9Sstevel@tonic-gate case ARRAYCRED: 21687c478bd9Sstevel@tonic-gate len = 0; 21697c478bd9Sstevel@tonic-gate for (cp2 = cp; *cp2; cp2++) { 21707c478bd9Sstevel@tonic-gate if (*cp2 == SPACETOK) 21717c478bd9Sstevel@tonic-gate len++; 21727c478bd9Sstevel@tonic-gate } 21737c478bd9Sstevel@tonic-gate if (cp != cp2) 21747c478bd9Sstevel@tonic-gate len++; 21757c478bd9Sstevel@tonic-gate if (len == 0) { 21767c478bd9Sstevel@tonic-gate conf.ns_pi = (int *)NULL; 21777c478bd9Sstevel@tonic-gate conf.ns_acnt = 0; 21787c478bd9Sstevel@tonic-gate break; 21797c478bd9Sstevel@tonic-gate } 21807c478bd9Sstevel@tonic-gate conf.ns_pi = (int *)calloc(len + 1, sizeof (int)); 21817c478bd9Sstevel@tonic-gate if (conf.ns_pi == NULL) { 21827c478bd9Sstevel@tonic-gate if (tcp != NULL) 21837c478bd9Sstevel@tonic-gate free(tcp); 21847c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 21857c478bd9Sstevel@tonic-gate } 21867c478bd9Sstevel@tonic-gate conf.ns_acnt = len; 21877c478bd9Sstevel@tonic-gate i = 0; 21887c478bd9Sstevel@tonic-gate for (cp2 = cp; *cp2; cp2++) { 21897c478bd9Sstevel@tonic-gate if (*cp2 == SPACETOK) { 21907c478bd9Sstevel@tonic-gate j = cp2 - cp + 1; 21917c478bd9Sstevel@tonic-gate if (j > sizeof (tbuf)) { 21927c478bd9Sstevel@tonic-gate j = -1; 21937c478bd9Sstevel@tonic-gate ptbuf = cp; 21947c478bd9Sstevel@tonic-gate } else { 21957c478bd9Sstevel@tonic-gate (void) strlcpy(tbuf, cp, j); 21967c478bd9Sstevel@tonic-gate j = __s_get_enum_value(ptr, tbuf, 2197*7ddae043Siz def->index); 21987c478bd9Sstevel@tonic-gate ptbuf = tbuf; 21997c478bd9Sstevel@tonic-gate } 22007c478bd9Sstevel@tonic-gate if (j < 0) { 22017c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2202*7ddae043Siz gettext("Unable to set value: " 2203*7ddae043Siz "invalid credentialLevel (%s)"), 2204*7ddae043Siz ptbuf); 22057c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, 2206*7ddae043Siz NS_CONFIG_SYNTAX, 2207*7ddae043Siz strdup(errstr), NULL); 22087c478bd9Sstevel@tonic-gate free(conf.ns_pi); 22097c478bd9Sstevel@tonic-gate if (tcp != NULL) 22107c478bd9Sstevel@tonic-gate free(tcp); 22117c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 22127c478bd9Sstevel@tonic-gate } 22137c478bd9Sstevel@tonic-gate conf.ns_pi[i] = j; 22147c478bd9Sstevel@tonic-gate cp = cp2+1; 22157c478bd9Sstevel@tonic-gate i++; 22167c478bd9Sstevel@tonic-gate } 22177c478bd9Sstevel@tonic-gate } 22187c478bd9Sstevel@tonic-gate j = cp2 - cp + 1; 22197c478bd9Sstevel@tonic-gate if (j > sizeof (tbuf)) { 22207c478bd9Sstevel@tonic-gate j = -1; 22217c478bd9Sstevel@tonic-gate ptbuf = cp; 22227c478bd9Sstevel@tonic-gate } else { 22237c478bd9Sstevel@tonic-gate (void) strlcpy(tbuf, cp, j); 22247c478bd9Sstevel@tonic-gate j = __s_get_enum_value(ptr, tbuf, def->index); 22257c478bd9Sstevel@tonic-gate ptbuf = tbuf; 22267c478bd9Sstevel@tonic-gate } 22277c478bd9Sstevel@tonic-gate if (j < 0) { 22287c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2229*7ddae043Siz gettext("Unable to set value: " 2230*7ddae043Siz "invalid credentialLevel (%s)"), ptbuf); 22317c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 2232*7ddae043Siz strdup(errstr), NULL); 22337c478bd9Sstevel@tonic-gate if (tcp != NULL) 22347c478bd9Sstevel@tonic-gate free(tcp); 22357c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 22367c478bd9Sstevel@tonic-gate } 22377c478bd9Sstevel@tonic-gate conf.ns_pi[i] = j; 22387c478bd9Sstevel@tonic-gate break; 22397c478bd9Sstevel@tonic-gate case ATTRMAP: 22407c478bd9Sstevel@tonic-gate case OBJMAP: 22417c478bd9Sstevel@tonic-gate i = __s_api_parse_map(cp, &sid, &origA, &mapA); 22427c478bd9Sstevel@tonic-gate if (i != NS_HASH_RC_SUCCESS) { 22437c478bd9Sstevel@tonic-gate if (i == NS_HASH_RC_NO_MEMORY) { 22447c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_MEMORY; 22457c478bd9Sstevel@tonic-gate } else { 22467c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 22477c478bd9Sstevel@tonic-gate gettext("Unable to set value: " 22487c478bd9Sstevel@tonic-gate "invalid schema mapping (%s)"), cp); 22497c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_CONFIG; 22507c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, 2251*7ddae043Siz strdup(errstr), NULL); 22527c478bd9Sstevel@tonic-gate } 22537c478bd9Sstevel@tonic-gate if (tcp) 22547c478bd9Sstevel@tonic-gate free(tcp); 22557c478bd9Sstevel@tonic-gate return (exitrc); 22567c478bd9Sstevel@tonic-gate } 22577c478bd9Sstevel@tonic-gate 22587c478bd9Sstevel@tonic-gate /* 22597c478bd9Sstevel@tonic-gate * Add reverse map first. 22607c478bd9Sstevel@tonic-gate * There could be more than one. 22617c478bd9Sstevel@tonic-gate */ 22627c478bd9Sstevel@tonic-gate for (attr = mapA; *attr; attr++) { 22637c478bd9Sstevel@tonic-gate 22647c478bd9Sstevel@tonic-gate free_memory = 1; 22657c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_MEMORY; 22667c478bd9Sstevel@tonic-gate 22677c478bd9Sstevel@tonic-gate rmap = (ns_mapping_t *)calloc(1, 2268*7ddae043Siz sizeof (ns_mapping_t)); 22697c478bd9Sstevel@tonic-gate if (rmap) { 22707c478bd9Sstevel@tonic-gate rmap->service = strdup(sid); 22717c478bd9Sstevel@tonic-gate if (rmap->service) { 22727c478bd9Sstevel@tonic-gate rmap->orig = strdup(*attr); 22737c478bd9Sstevel@tonic-gate if (rmap->orig) { 22747c478bd9Sstevel@tonic-gate rmap->map = (char **)calloc(2, 2275*7ddae043Siz sizeof (char *)); 22767c478bd9Sstevel@tonic-gate if (rmap->map) { 22777c478bd9Sstevel@tonic-gate (rmap->map)[0] = 2278*7ddae043Siz strdup(origA); 22797c478bd9Sstevel@tonic-gate if ((rmap->map)[0]) 22807c478bd9Sstevel@tonic-gate free_memory = 0; 22817c478bd9Sstevel@tonic-gate } 22827c478bd9Sstevel@tonic-gate } 22837c478bd9Sstevel@tonic-gate } 22847c478bd9Sstevel@tonic-gate } 22857c478bd9Sstevel@tonic-gate 22867c478bd9Sstevel@tonic-gate if (free_memory == 0) { 22877c478bd9Sstevel@tonic-gate if (def->data_type == ATTRMAP) { 22887c478bd9Sstevel@tonic-gate rmap->type = NS_ATTR_MAP; 22897c478bd9Sstevel@tonic-gate i = __s_api_add_map2hash(ptr, 2290*7ddae043Siz NS_HASH_RAMAP, rmap); 22917c478bd9Sstevel@tonic-gate } else { 22927c478bd9Sstevel@tonic-gate rmap->type = NS_OBJ_MAP; 22937c478bd9Sstevel@tonic-gate i = __s_api_add_map2hash(ptr, 2294*7ddae043Siz NS_HASH_ROMAP, rmap); 22957c478bd9Sstevel@tonic-gate } 22967c478bd9Sstevel@tonic-gate 22977c478bd9Sstevel@tonic-gate if (i != NS_HASH_RC_SUCCESS) { 22987c478bd9Sstevel@tonic-gate switch (i) { 22997c478bd9Sstevel@tonic-gate case NS_HASH_RC_CONFIG_ERROR: 23007c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_INTERNAL; 23017c478bd9Sstevel@tonic-gate (void) snprintf(errstr, 2302*7ddae043Siz sizeof (errstr), 2303*7ddae043Siz gettext( 2304*7ddae043Siz "Unable to set value: " 2305*7ddae043Siz "no configuration info " 2306*7ddae043Siz "for schema map " 2307*7ddae043Siz "update (%s)"), cp); 23087c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, 2309*7ddae043Siz NS_LDAP_INTERNAL, 2310*7ddae043Siz strdup(errstr), 2311*7ddae043Siz NULL); 23127c478bd9Sstevel@tonic-gate break; 23137c478bd9Sstevel@tonic-gate case NS_HASH_RC_EXISTED: 23147c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_CONFIG; 23157c478bd9Sstevel@tonic-gate (void) snprintf(errstr, 2316*7ddae043Siz sizeof (errstr), 2317*7ddae043Siz gettext( 2318*7ddae043Siz "Unable to set value: " 2319*7ddae043Siz "schema map " 2320*7ddae043Siz "already existed for " 2321*7ddae043Siz "(%s, %s)."), 2322*7ddae043Siz *attr, origA); 23237c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, 2324*7ddae043Siz NS_CONFIG_SYNTAX, 2325*7ddae043Siz strdup(errstr), 2326*7ddae043Siz NULL); 23277c478bd9Sstevel@tonic-gate break; 23287c478bd9Sstevel@tonic-gate case NS_HASH_RC_NO_MEMORY: 23297c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_MEMORY; 23307c478bd9Sstevel@tonic-gate break; 23317c478bd9Sstevel@tonic-gate } 23327c478bd9Sstevel@tonic-gate free_memory = 1; 23337c478bd9Sstevel@tonic-gate } 23347c478bd9Sstevel@tonic-gate } 23357c478bd9Sstevel@tonic-gate 23367c478bd9Sstevel@tonic-gate if (free_memory) { 23377c478bd9Sstevel@tonic-gate if (tcp) 23387c478bd9Sstevel@tonic-gate free(tcp); 23397c478bd9Sstevel@tonic-gate free(sid); 23407c478bd9Sstevel@tonic-gate free(origA); 23417c478bd9Sstevel@tonic-gate __s_api_free2dArray(mapA); 23427c478bd9Sstevel@tonic-gate if (rmap) { 23437c478bd9Sstevel@tonic-gate if (rmap->service) 23447c478bd9Sstevel@tonic-gate free(rmap->service); 23457c478bd9Sstevel@tonic-gate if (rmap->orig) 23467c478bd9Sstevel@tonic-gate free(rmap->orig); 23477c478bd9Sstevel@tonic-gate if (rmap->map) { 23487c478bd9Sstevel@tonic-gate if ((rmap->map)[0]) 23497c478bd9Sstevel@tonic-gate free((rmap->map)[0]); 23507c478bd9Sstevel@tonic-gate free(rmap->map); 23517c478bd9Sstevel@tonic-gate } 23527c478bd9Sstevel@tonic-gate free(rmap); 23537c478bd9Sstevel@tonic-gate } 23547c478bd9Sstevel@tonic-gate return (exitrc); 23557c478bd9Sstevel@tonic-gate } 23567c478bd9Sstevel@tonic-gate } 23577c478bd9Sstevel@tonic-gate 23587c478bd9Sstevel@tonic-gate /* 23597c478bd9Sstevel@tonic-gate * For performance gain, 23607c478bd9Sstevel@tonic-gate * add a "schema mapping existed" indicator 23617c478bd9Sstevel@tonic-gate * for the given service if not already added. 23627c478bd9Sstevel@tonic-gate * This dummy map needs not be removed, if 23637c478bd9Sstevel@tonic-gate * the next real map add operation fails. 23647c478bd9Sstevel@tonic-gate * since the caller, e.g. ldap_cachemgr. 23657c478bd9Sstevel@tonic-gate * should exit anyway. 23667c478bd9Sstevel@tonic-gate */ 23677c478bd9Sstevel@tonic-gate free_memory = 1; 23687c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_MEMORY; 23697c478bd9Sstevel@tonic-gate 23707c478bd9Sstevel@tonic-gate map = (ns_mapping_t *)calloc(1, 2371*7ddae043Siz sizeof (ns_mapping_t)); 23727c478bd9Sstevel@tonic-gate if (map) { 23737c478bd9Sstevel@tonic-gate map->service = strdup(sid); 23747c478bd9Sstevel@tonic-gate if (map->service) { 23757c478bd9Sstevel@tonic-gate map->orig = strdup( 2376*7ddae043Siz NS_HASH_SCHEMA_MAPPING_EXISTED); 23777c478bd9Sstevel@tonic-gate if (map->orig) { 23787c478bd9Sstevel@tonic-gate map->map = (char **)calloc(2, 2379*7ddae043Siz sizeof (char *)); 23807c478bd9Sstevel@tonic-gate if (map->map) { 23817c478bd9Sstevel@tonic-gate (map->map)[0] = 2382*7ddae043Siz strdup(sid); 23837c478bd9Sstevel@tonic-gate if ((map->map)[0]) 23847c478bd9Sstevel@tonic-gate free_memory = 0; 23857c478bd9Sstevel@tonic-gate } 23867c478bd9Sstevel@tonic-gate } 23877c478bd9Sstevel@tonic-gate } 23887c478bd9Sstevel@tonic-gate } 23897c478bd9Sstevel@tonic-gate 23907c478bd9Sstevel@tonic-gate if (free_memory == 0) { 23917c478bd9Sstevel@tonic-gate map->type = NS_ATTR_MAP; 23927c478bd9Sstevel@tonic-gate /* 23937c478bd9Sstevel@tonic-gate * add to reverse map, 23947c478bd9Sstevel@tonic-gate * so that "ldapclient list" 23957c478bd9Sstevel@tonic-gate * would not show it 23967c478bd9Sstevel@tonic-gate */ 23977c478bd9Sstevel@tonic-gate i = __s_api_add_map2hash(ptr, 2398*7ddae043Siz NS_HASH_RAMAP, map); 23997c478bd9Sstevel@tonic-gate 24007c478bd9Sstevel@tonic-gate /* 24017c478bd9Sstevel@tonic-gate * ignore "map already existed" error, 24027c478bd9Sstevel@tonic-gate * just need one per service. 24037c478bd9Sstevel@tonic-gate * Need however to free memory allocated 24047c478bd9Sstevel@tonic-gate * for map. 24057c478bd9Sstevel@tonic-gate */ 24067c478bd9Sstevel@tonic-gate if (i != NS_HASH_RC_SUCCESS && 2407*7ddae043Siz i != NS_HASH_RC_EXISTED) { 24087c478bd9Sstevel@tonic-gate switch (i) { 24097c478bd9Sstevel@tonic-gate case NS_HASH_RC_CONFIG_ERROR: 24107c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_INTERNAL; 24117c478bd9Sstevel@tonic-gate (void) snprintf(errstr, 2412*7ddae043Siz sizeof (errstr), 2413*7ddae043Siz gettext( 2414*7ddae043Siz "Unable to set value: " 2415*7ddae043Siz "no configuration info " 2416*7ddae043Siz "for schema map " 2417*7ddae043Siz "update (%s)"), cp); 24187c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, 2419*7ddae043Siz NS_LDAP_INTERNAL, 2420*7ddae043Siz strdup(errstr), 2421*7ddae043Siz NULL); 24227c478bd9Sstevel@tonic-gate break; 24237c478bd9Sstevel@tonic-gate case NS_HASH_RC_NO_MEMORY: 24247c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_MEMORY; 24257c478bd9Sstevel@tonic-gate break; 24267c478bd9Sstevel@tonic-gate } 24277c478bd9Sstevel@tonic-gate free_memory = 1; 24287c478bd9Sstevel@tonic-gate } else if (i == NS_HASH_RC_EXISTED) { 24297c478bd9Sstevel@tonic-gate if (map->service) 24307c478bd9Sstevel@tonic-gate free(map->service); 24317c478bd9Sstevel@tonic-gate if (map->orig) 24327c478bd9Sstevel@tonic-gate free(map->orig); 24337c478bd9Sstevel@tonic-gate if (map->map) { 24347c478bd9Sstevel@tonic-gate if ((map->map)[0]) 24357c478bd9Sstevel@tonic-gate free((map->map)[0]); 24367c478bd9Sstevel@tonic-gate free(map->map); 24377c478bd9Sstevel@tonic-gate } 24387c478bd9Sstevel@tonic-gate free(map); 24397c478bd9Sstevel@tonic-gate map = NULL; 24407c478bd9Sstevel@tonic-gate } 24417c478bd9Sstevel@tonic-gate } 24427c478bd9Sstevel@tonic-gate 24437c478bd9Sstevel@tonic-gate if (free_memory) { 24447c478bd9Sstevel@tonic-gate if (tcp) 24457c478bd9Sstevel@tonic-gate free(tcp); 24467c478bd9Sstevel@tonic-gate free(sid); 24477c478bd9Sstevel@tonic-gate free(origA); 24487c478bd9Sstevel@tonic-gate __s_api_free2dArray(mapA); 24497c478bd9Sstevel@tonic-gate if (map) { 24507c478bd9Sstevel@tonic-gate if (map->service) 24517c478bd9Sstevel@tonic-gate free(map->service); 24527c478bd9Sstevel@tonic-gate if (map->orig) 24537c478bd9Sstevel@tonic-gate free(map->orig); 24547c478bd9Sstevel@tonic-gate if (map->map) { 24557c478bd9Sstevel@tonic-gate if ((map->map)[0]) 24567c478bd9Sstevel@tonic-gate free((map->map)[0]); 24577c478bd9Sstevel@tonic-gate free(map->map); 24587c478bd9Sstevel@tonic-gate } 24597c478bd9Sstevel@tonic-gate free(map); 24607c478bd9Sstevel@tonic-gate } 24617c478bd9Sstevel@tonic-gate return (exitrc); 24627c478bd9Sstevel@tonic-gate } 24637c478bd9Sstevel@tonic-gate 24647c478bd9Sstevel@tonic-gate /* 24657c478bd9Sstevel@tonic-gate * add the real schema map 24667c478bd9Sstevel@tonic-gate */ 24677c478bd9Sstevel@tonic-gate free_memory = 1; 24687c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_MEMORY; 24697c478bd9Sstevel@tonic-gate map = (ns_mapping_t *)calloc(1, sizeof (ns_mapping_t)); 24707c478bd9Sstevel@tonic-gate if (map) { 24717c478bd9Sstevel@tonic-gate map->service = sid; 24727c478bd9Sstevel@tonic-gate map->orig = origA; 24737c478bd9Sstevel@tonic-gate map->map = mapA; 24747c478bd9Sstevel@tonic-gate 24757c478bd9Sstevel@tonic-gate if (def->data_type == ATTRMAP) { 24767c478bd9Sstevel@tonic-gate map->type = NS_ATTR_MAP; 24777c478bd9Sstevel@tonic-gate i = __s_api_add_map2hash(ptr, 2478*7ddae043Siz NS_HASH_AMAP, map); 24797c478bd9Sstevel@tonic-gate } else { 24807c478bd9Sstevel@tonic-gate map->type = NS_OBJ_MAP; 24817c478bd9Sstevel@tonic-gate i = __s_api_add_map2hash(ptr, 2482*7ddae043Siz NS_HASH_OMAP, map); 24837c478bd9Sstevel@tonic-gate } 24847c478bd9Sstevel@tonic-gate 24857c478bd9Sstevel@tonic-gate if (i != NS_HASH_RC_SUCCESS) { 24867c478bd9Sstevel@tonic-gate switch (i) { 24877c478bd9Sstevel@tonic-gate case NS_HASH_RC_CONFIG_ERROR: 24887c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_INTERNAL; 24897c478bd9Sstevel@tonic-gate (void) snprintf(errstr, 2490*7ddae043Siz sizeof (errstr), 2491*7ddae043Siz gettext( 2492*7ddae043Siz "Unable to set value: " 2493*7ddae043Siz "no configuration info " 2494*7ddae043Siz "for schema map " 2495*7ddae043Siz "update (%s)"), cp); 24967c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, 2497*7ddae043Siz NS_LDAP_INTERNAL, 2498*7ddae043Siz strdup(errstr), 2499*7ddae043Siz NULL); 25007c478bd9Sstevel@tonic-gate break; 25017c478bd9Sstevel@tonic-gate case NS_HASH_RC_EXISTED: 25027c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_CONFIG; 25037c478bd9Sstevel@tonic-gate (void) snprintf(errstr, 2504*7ddae043Siz sizeof (errstr), 2505*7ddae043Siz gettext( 2506*7ddae043Siz "Unable to set value: " 2507*7ddae043Siz "schema map " 2508*7ddae043Siz "already existed for " 2509*7ddae043Siz "'%s'."), origA); 25107c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, 2511*7ddae043Siz NS_CONFIG_SYNTAX, 2512*7ddae043Siz strdup(errstr), 2513*7ddae043Siz NULL); 25147c478bd9Sstevel@tonic-gate break; 25157c478bd9Sstevel@tonic-gate case NS_HASH_RC_NO_MEMORY: 25167c478bd9Sstevel@tonic-gate exitrc = NS_LDAP_MEMORY; 25177c478bd9Sstevel@tonic-gate break; 25187c478bd9Sstevel@tonic-gate } 25197c478bd9Sstevel@tonic-gate free_memory = 1; 25207c478bd9Sstevel@tonic-gate } else 25217c478bd9Sstevel@tonic-gate free_memory = 0; 25227c478bd9Sstevel@tonic-gate } 25237c478bd9Sstevel@tonic-gate 25247c478bd9Sstevel@tonic-gate if (free_memory) { 25257c478bd9Sstevel@tonic-gate if (tcp) 25267c478bd9Sstevel@tonic-gate free(tcp); 25277c478bd9Sstevel@tonic-gate free(sid); 25287c478bd9Sstevel@tonic-gate free(origA); 25297c478bd9Sstevel@tonic-gate __s_api_free2dArray(mapA); 25307c478bd9Sstevel@tonic-gate if (map) 25317c478bd9Sstevel@tonic-gate free(map); 25327c478bd9Sstevel@tonic-gate return (exitrc); 25337c478bd9Sstevel@tonic-gate } 25347c478bd9Sstevel@tonic-gate 25357c478bd9Sstevel@tonic-gate break; 25367c478bd9Sstevel@tonic-gate default: 25377c478bd9Sstevel@tonic-gate /* This should never happen. */ 25387c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2539*7ddae043Siz gettext("Unable to set value: invalid configuration " 2540*7ddae043Siz "type (%d)"), def->data_type); 25417c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), 2542*7ddae043Siz NULL); 25437c478bd9Sstevel@tonic-gate if (tcp != NULL) 25447c478bd9Sstevel@tonic-gate free(tcp); 25457c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 25467c478bd9Sstevel@tonic-gate } 25477c478bd9Sstevel@tonic-gate conf.ns_ptype = def->data_type; 25487c478bd9Sstevel@tonic-gate if (tcp != NULL) 25497c478bd9Sstevel@tonic-gate free(tcp); 25507c478bd9Sstevel@tonic-gate 25517c478bd9Sstevel@tonic-gate /* Individually written verify routines here can replace */ 25527c478bd9Sstevel@tonic-gate /* verify_value. Verify conf (data) as appropriate here */ 25537c478bd9Sstevel@tonic-gate if (def->ns_verify != NULL) { 25547c478bd9Sstevel@tonic-gate if ((*def->ns_verify)(type, def, &conf, errstr) != NS_SUCCESS) { 25557c478bd9Sstevel@tonic-gate ns_param_t sav_conf; 25567c478bd9Sstevel@tonic-gate 25577c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2558*7ddae043Siz gettext("%s"), errstr); 25597c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, *error, NS_CONFIG_SYNTAX, 2560*7ddae043Siz strdup(errstr), NULL); 25617c478bd9Sstevel@tonic-gate 25627c478bd9Sstevel@tonic-gate sav_conf = ptr->paramList[type]; 25637c478bd9Sstevel@tonic-gate ptr->paramList[type] = conf; 25647c478bd9Sstevel@tonic-gate destroy_param(ptr, type); 25657c478bd9Sstevel@tonic-gate ptr->paramList[type] = sav_conf; 25667c478bd9Sstevel@tonic-gate 25677c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 25687c478bd9Sstevel@tonic-gate } 25697c478bd9Sstevel@tonic-gate } 25707c478bd9Sstevel@tonic-gate 25717c478bd9Sstevel@tonic-gate /* post evaluate the data */ 25727c478bd9Sstevel@tonic-gate 25737c478bd9Sstevel@tonic-gate /* 25747c478bd9Sstevel@tonic-gate * if this is for setting a password, 25757c478bd9Sstevel@tonic-gate * encrypt the password first. 25767c478bd9Sstevel@tonic-gate * NOTE evalue() is smart and will just return 25777c478bd9Sstevel@tonic-gate * the value passed if it is already encrypted. 25787c478bd9Sstevel@tonic-gate * 25797c478bd9Sstevel@tonic-gate * Init NS_LDAP_EXP_P here when CACHETTL is updated 25807c478bd9Sstevel@tonic-gate */ 25817c478bd9Sstevel@tonic-gate if (type == NS_LDAP_BINDPASSWD_P) { 25827c478bd9Sstevel@tonic-gate cp = conf.ns_pc; 25837c478bd9Sstevel@tonic-gate cp2 = evalue((char *)cp); 25847c478bd9Sstevel@tonic-gate conf.ns_pc = cp2; 25857c478bd9Sstevel@tonic-gate free(cp); 25867c478bd9Sstevel@tonic-gate cp = NULL; 25877c478bd9Sstevel@tonic-gate } else if (type == NS_LDAP_FILE_VERSION_P) { 25887c478bd9Sstevel@tonic-gate ptr->version = NS_LDAP_V1; 25897c478bd9Sstevel@tonic-gate if (strcasecmp(conf.ns_pc, NS_LDAP_VERSION_2) == 0) { 25907c478bd9Sstevel@tonic-gate ptr->version = NS_LDAP_V2; 25917c478bd9Sstevel@tonic-gate } 25927c478bd9Sstevel@tonic-gate } else if (type == NS_LDAP_CACHETTL_P) { 25937c478bd9Sstevel@tonic-gate cp = conf.ns_pc; 25947c478bd9Sstevel@tonic-gate tm = conv_time(cp); 25957c478bd9Sstevel@tonic-gate ptr->paramList[NS_LDAP_EXP_P].ns_ptype = TIMET; 25967c478bd9Sstevel@tonic-gate if (tm != 0) { 25977c478bd9Sstevel@tonic-gate tm += time(NULL); 25987c478bd9Sstevel@tonic-gate } 25997c478bd9Sstevel@tonic-gate ptr->paramList[NS_LDAP_EXP_P].ns_tm = tm; 26007c478bd9Sstevel@tonic-gate } 26017c478bd9Sstevel@tonic-gate 26027c478bd9Sstevel@tonic-gate /* Everything checks out move new values into param */ 26037c478bd9Sstevel@tonic-gate destroy_param(ptr, type); 26047c478bd9Sstevel@tonic-gate /* Assign new/updated value into paramList */ 26057c478bd9Sstevel@tonic-gate ptr->paramList[type] = conf; 26067c478bd9Sstevel@tonic-gate 26077c478bd9Sstevel@tonic-gate return (NS_LDAP_SUCCESS); 26087c478bd9Sstevel@tonic-gate } 26097c478bd9Sstevel@tonic-gate 26107c478bd9Sstevel@tonic-gate 26117c478bd9Sstevel@tonic-gate /* 26127c478bd9Sstevel@tonic-gate * Set a parameter value in the 'config' configuration structure 26137c478bd9Sstevel@tonic-gate * Lock as appropriate 26147c478bd9Sstevel@tonic-gate */ 26157c478bd9Sstevel@tonic-gate 26167c478bd9Sstevel@tonic-gate int 26177c478bd9Sstevel@tonic-gate __ns_ldap_setParam(const ParamIndexType type, 26187c478bd9Sstevel@tonic-gate const void *data, ns_ldap_error_t **error) 26197c478bd9Sstevel@tonic-gate { 26207c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 26217c478bd9Sstevel@tonic-gate int ret; 26227c478bd9Sstevel@tonic-gate char errstr[2 * MAXERROR]; 26237c478bd9Sstevel@tonic-gate ns_config_t *cfg; 26247c478bd9Sstevel@tonic-gate ns_config_t *new_cfg; 26257c478bd9Sstevel@tonic-gate 26267c478bd9Sstevel@tonic-gate /* We want to refresh only one configuration at a time */ 26277c478bd9Sstevel@tonic-gate (void) mutex_lock(&ns_loadrefresh_lock); 26287c478bd9Sstevel@tonic-gate cfg = __s_api_get_default_config(); 26297c478bd9Sstevel@tonic-gate 26307c478bd9Sstevel@tonic-gate if (cache_server == TRUE) { 26317c478bd9Sstevel@tonic-gate if (cfg == NULL) { 2632*7ddae043Siz __ns_ldap_default_config(); 2633*7ddae043Siz cfg = __s_api_get_default_config(); 2634*7ddae043Siz if (cfg == NULL) { 2635*7ddae043Siz (void) mutex_unlock(&ns_loadrefresh_lock); 2636*7ddae043Siz return (NS_LDAP_MEMORY); 2637*7ddae043Siz } 26387c478bd9Sstevel@tonic-gate } 26397c478bd9Sstevel@tonic-gate } else { 26407c478bd9Sstevel@tonic-gate /* 26417c478bd9Sstevel@tonic-gate * This code always return error here on client side, 26427c478bd9Sstevel@tonic-gate * this needs to change once libsldap is used by more 26437c478bd9Sstevel@tonic-gate * applications that need to set parameters. 26447c478bd9Sstevel@tonic-gate */ 26457c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2646*7ddae043Siz gettext("Unable to set parameter from a client in " 2647*7ddae043Siz "__ns_ldap_setParam()")); 26487c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, *error, NS_CONFIG_SYNTAX, strdup(errstr), 2649*7ddae043Siz NULL); 26507c478bd9Sstevel@tonic-gate if (cfg != NULL) 26517c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 26527c478bd9Sstevel@tonic-gate (void) mutex_unlock(&ns_loadrefresh_lock); 26537c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 26547c478bd9Sstevel@tonic-gate } 26557c478bd9Sstevel@tonic-gate 26567c478bd9Sstevel@tonic-gate /* (re)initialize configuration if necessary */ 26577c478bd9Sstevel@tonic-gate if (cache_server == FALSE && timetorefresh(cfg)) { 26587c478bd9Sstevel@tonic-gate new_cfg = LoadCacheConfiguration(&errorp); 26597c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 26607c478bd9Sstevel@tonic-gate if (new_cfg == NULL) { 26617c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2662*7ddae043Siz gettext("Unable to load configuration '%s' " 2663*7ddae043Siz "('%s')."), NSCONFIGFILE, 2664*7ddae043Siz errorp != NULL && errorp->message != NULL ? 2665*7ddae043Siz errorp->message : ""); 26667c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, *error, NS_CONFIG_NOTLOADED, 2667*7ddae043Siz strdup(errstr), NULL); 26687c478bd9Sstevel@tonic-gate if (errorp != NULL) 26697c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 26707c478bd9Sstevel@tonic-gate (void) mutex_unlock(&ns_loadrefresh_lock); 26717c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 26727c478bd9Sstevel@tonic-gate } 26737c478bd9Sstevel@tonic-gate set_curr_config(new_cfg); 26747c478bd9Sstevel@tonic-gate cfg = new_cfg; 26757c478bd9Sstevel@tonic-gate } 26767c478bd9Sstevel@tonic-gate (void) mutex_unlock(&ns_loadrefresh_lock); 26777c478bd9Sstevel@tonic-gate 26787c478bd9Sstevel@tonic-gate /* translate input and save in the parameter list */ 26797c478bd9Sstevel@tonic-gate ret = __ns_ldap_setParamValue(cfg, type, data, error); 26807c478bd9Sstevel@tonic-gate 26817c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 26827c478bd9Sstevel@tonic-gate 26837c478bd9Sstevel@tonic-gate return (ret); 26847c478bd9Sstevel@tonic-gate } 26857c478bd9Sstevel@tonic-gate 26867c478bd9Sstevel@tonic-gate 26877c478bd9Sstevel@tonic-gate /* 26887c478bd9Sstevel@tonic-gate * Make a copy of a parameter entry 26897c478bd9Sstevel@tonic-gate */ 26907c478bd9Sstevel@tonic-gate 26917c478bd9Sstevel@tonic-gate static void ** 26927c478bd9Sstevel@tonic-gate dupParam(ns_param_t *ptr) 26937c478bd9Sstevel@tonic-gate { 26947c478bd9Sstevel@tonic-gate int count, i; 26957c478bd9Sstevel@tonic-gate void **dupdata, *ret; 26967c478bd9Sstevel@tonic-gate int *intptr; 26977c478bd9Sstevel@tonic-gate char *cp, tmbuf[32]; 26987c478bd9Sstevel@tonic-gate static time_t expire = 0; 26997c478bd9Sstevel@tonic-gate ns_auth_t *ap; 27007c478bd9Sstevel@tonic-gate 27017c478bd9Sstevel@tonic-gate switch (ptr->ns_ptype) { 27027c478bd9Sstevel@tonic-gate case ARRAYAUTH: 27037c478bd9Sstevel@tonic-gate case ARRAYCRED: 27047c478bd9Sstevel@tonic-gate case SAMLIST: 27057c478bd9Sstevel@tonic-gate case SCLLIST: 27067c478bd9Sstevel@tonic-gate case SSDLIST: 27077c478bd9Sstevel@tonic-gate case SERVLIST: 27087c478bd9Sstevel@tonic-gate case ARRAYCP: 27097c478bd9Sstevel@tonic-gate count = ptr->ns_acnt; 27107c478bd9Sstevel@tonic-gate if (count == 0) 27117c478bd9Sstevel@tonic-gate return (NULL); 27127c478bd9Sstevel@tonic-gate break; 27137c478bd9Sstevel@tonic-gate case CHARPTR: 27147c478bd9Sstevel@tonic-gate case INT: 27157c478bd9Sstevel@tonic-gate case TIMET: 27167c478bd9Sstevel@tonic-gate count = 1; 27177c478bd9Sstevel@tonic-gate } 27187c478bd9Sstevel@tonic-gate 27197c478bd9Sstevel@tonic-gate dupdata = (void **)calloc((count + 1), sizeof (void *)); 27207c478bd9Sstevel@tonic-gate if (dupdata == NULL) 27217c478bd9Sstevel@tonic-gate return (NULL); 27227c478bd9Sstevel@tonic-gate 27237c478bd9Sstevel@tonic-gate switch (ptr->ns_ptype) { 27247c478bd9Sstevel@tonic-gate case ARRAYAUTH: 27257c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 27267c478bd9Sstevel@tonic-gate ap = __s_api_AuthEnumtoStruct( 2727*7ddae043Siz (EnumAuthType_t)ptr->ns_pi[i]); 27287c478bd9Sstevel@tonic-gate if (ap == NULL) { 27297c478bd9Sstevel@tonic-gate free(dupdata); 27307c478bd9Sstevel@tonic-gate return (NULL); 27317c478bd9Sstevel@tonic-gate } 27327c478bd9Sstevel@tonic-gate dupdata[i] = ap; 27337c478bd9Sstevel@tonic-gate } 27347c478bd9Sstevel@tonic-gate break; 27357c478bd9Sstevel@tonic-gate case ARRAYCRED: 27367c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 27377c478bd9Sstevel@tonic-gate intptr = (int *)malloc(sizeof (int)); 27387c478bd9Sstevel@tonic-gate if (intptr == NULL) { 27397c478bd9Sstevel@tonic-gate free(dupdata); 27407c478bd9Sstevel@tonic-gate return (NULL); 27417c478bd9Sstevel@tonic-gate } 27427c478bd9Sstevel@tonic-gate dupdata[i] = (void *)intptr; 27437c478bd9Sstevel@tonic-gate *intptr = ptr->ns_pi[i]; 27447c478bd9Sstevel@tonic-gate } 27457c478bd9Sstevel@tonic-gate break; 27467c478bd9Sstevel@tonic-gate case SAMLIST: 27477c478bd9Sstevel@tonic-gate case SCLLIST: 27487c478bd9Sstevel@tonic-gate case SSDLIST: 27497c478bd9Sstevel@tonic-gate case SERVLIST: 27507c478bd9Sstevel@tonic-gate case ARRAYCP: 27517c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 27527c478bd9Sstevel@tonic-gate ret = (void *)strdup(ptr->ns_ppc[i]); 27537c478bd9Sstevel@tonic-gate if (ret == NULL) { 27547c478bd9Sstevel@tonic-gate free(dupdata); 27557c478bd9Sstevel@tonic-gate return (NULL); 27567c478bd9Sstevel@tonic-gate } 27577c478bd9Sstevel@tonic-gate dupdata[i] = ret; 27587c478bd9Sstevel@tonic-gate } 27597c478bd9Sstevel@tonic-gate break; 27607c478bd9Sstevel@tonic-gate case CHARPTR: 27617c478bd9Sstevel@tonic-gate if (ptr->ns_pc == NULL) { 27627c478bd9Sstevel@tonic-gate free(dupdata); 27637c478bd9Sstevel@tonic-gate return (NULL); 27647c478bd9Sstevel@tonic-gate } 27657c478bd9Sstevel@tonic-gate ret = (void *)strdup(ptr->ns_pc); 27667c478bd9Sstevel@tonic-gate if (ret == NULL) { 27677c478bd9Sstevel@tonic-gate free(dupdata); 27687c478bd9Sstevel@tonic-gate return (NULL); 27697c478bd9Sstevel@tonic-gate } 27707c478bd9Sstevel@tonic-gate dupdata[0] = ret; 27717c478bd9Sstevel@tonic-gate break; 27727c478bd9Sstevel@tonic-gate case INT: 27737c478bd9Sstevel@tonic-gate intptr = (int *)malloc(sizeof (int)); 27747c478bd9Sstevel@tonic-gate if (intptr == NULL) { 27757c478bd9Sstevel@tonic-gate free(dupdata); 27767c478bd9Sstevel@tonic-gate return (NULL); 27777c478bd9Sstevel@tonic-gate } 27787c478bd9Sstevel@tonic-gate *intptr = ptr->ns_i; 27797c478bd9Sstevel@tonic-gate dupdata[0] = (void *)intptr; 27807c478bd9Sstevel@tonic-gate break; 27817c478bd9Sstevel@tonic-gate case TIMET: 27827c478bd9Sstevel@tonic-gate expire = ptr->ns_tm; 27837c478bd9Sstevel@tonic-gate tmbuf[31] = '\0'; 27847c478bd9Sstevel@tonic-gate cp = lltostr((long)expire, &tmbuf[31]); 27857c478bd9Sstevel@tonic-gate ret = (void *)strdup(cp); 27867c478bd9Sstevel@tonic-gate if (ret == NULL) { 27877c478bd9Sstevel@tonic-gate free(dupdata); 27887c478bd9Sstevel@tonic-gate return (NULL); 27897c478bd9Sstevel@tonic-gate } 27907c478bd9Sstevel@tonic-gate dupdata[0] = ret; 27917c478bd9Sstevel@tonic-gate break; 27927c478bd9Sstevel@tonic-gate } 27937c478bd9Sstevel@tonic-gate return (dupdata); 27947c478bd9Sstevel@tonic-gate } 27957c478bd9Sstevel@tonic-gate 27967c478bd9Sstevel@tonic-gate int 27977c478bd9Sstevel@tonic-gate __ns_ldap_freeParam(void ***data) 27987c478bd9Sstevel@tonic-gate { 27997c478bd9Sstevel@tonic-gate void **tmp; 28007c478bd9Sstevel@tonic-gate int i = 0; 28017c478bd9Sstevel@tonic-gate 28027c478bd9Sstevel@tonic-gate if (*data == NULL) 28037c478bd9Sstevel@tonic-gate return (NS_LDAP_SUCCESS); 28047c478bd9Sstevel@tonic-gate 28057c478bd9Sstevel@tonic-gate for (i = 0, tmp = *data; tmp[i] != NULL; i++) 28067c478bd9Sstevel@tonic-gate free(tmp[i]); 28077c478bd9Sstevel@tonic-gate 28087c478bd9Sstevel@tonic-gate free(*data); 28097c478bd9Sstevel@tonic-gate 28107c478bd9Sstevel@tonic-gate *data = NULL; 28117c478bd9Sstevel@tonic-gate 28127c478bd9Sstevel@tonic-gate return (NS_LDAP_SUCCESS); 28137c478bd9Sstevel@tonic-gate } 28147c478bd9Sstevel@tonic-gate 28157c478bd9Sstevel@tonic-gate /* 28167c478bd9Sstevel@tonic-gate * Get the internal format for a parameter value. This 28177c478bd9Sstevel@tonic-gate * routine makes a copy of an internal param value from 28187c478bd9Sstevel@tonic-gate * the currently active parameter list and returns it. 28197c478bd9Sstevel@tonic-gate */ 28207c478bd9Sstevel@tonic-gate 28217c478bd9Sstevel@tonic-gate int 28227c478bd9Sstevel@tonic-gate __ns_ldap_getParam(const ParamIndexType Param, 28237c478bd9Sstevel@tonic-gate void ***data, ns_ldap_error_t **error) 28247c478bd9Sstevel@tonic-gate { 28257c478bd9Sstevel@tonic-gate char errstr[2 * MAXERROR]; 28267c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 28277c478bd9Sstevel@tonic-gate ns_default_config *def; 28287c478bd9Sstevel@tonic-gate ns_config_t *cfg; 28297c478bd9Sstevel@tonic-gate ns_config_t *new_cfg; 28307c478bd9Sstevel@tonic-gate 28317c478bd9Sstevel@tonic-gate if (data == NULL) 28327c478bd9Sstevel@tonic-gate return (NS_LDAP_INVALID_PARAM); 28337c478bd9Sstevel@tonic-gate 28347c478bd9Sstevel@tonic-gate *data = NULL; 28357c478bd9Sstevel@tonic-gate 28367c478bd9Sstevel@tonic-gate /* We want to refresh only one configuration at a time */ 28377c478bd9Sstevel@tonic-gate (void) mutex_lock(&ns_loadrefresh_lock); 28387c478bd9Sstevel@tonic-gate cfg = __s_api_get_default_config(); 28397c478bd9Sstevel@tonic-gate 28407c478bd9Sstevel@tonic-gate /* (re)initialize configuration if necessary */ 28417c478bd9Sstevel@tonic-gate if (cache_server == FALSE && timetorefresh(cfg)) { 28427c478bd9Sstevel@tonic-gate new_cfg = LoadCacheConfiguration(&errorp); 28437c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 28447c478bd9Sstevel@tonic-gate if (new_cfg == NULL) { 28457c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 2846*7ddae043Siz gettext("Unable to load configuration " 2847*7ddae043Siz "'%s' ('%s')."), 2848*7ddae043Siz NSCONFIGFILE, 2849*7ddae043Siz errorp != NULL && errorp->message != NULL ? 2850*7ddae043Siz errorp->message : ""); 28517c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, *error, NS_CONFIG_NOTLOADED, 2852*7ddae043Siz strdup(errstr), NULL); 28537c478bd9Sstevel@tonic-gate if (errorp != NULL) 28547c478bd9Sstevel@tonic-gate (void) __ns_ldap_freeError(&errorp); 28557c478bd9Sstevel@tonic-gate (void) mutex_unlock(&ns_loadrefresh_lock); 28567c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 28577c478bd9Sstevel@tonic-gate } 28587c478bd9Sstevel@tonic-gate set_curr_config(new_cfg); 28597c478bd9Sstevel@tonic-gate cfg = new_cfg; 28607c478bd9Sstevel@tonic-gate } 28617c478bd9Sstevel@tonic-gate (void) mutex_unlock(&ns_loadrefresh_lock); 28627c478bd9Sstevel@tonic-gate 28637c478bd9Sstevel@tonic-gate if (cfg == NULL) { 28647c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 28657c478bd9Sstevel@tonic-gate gettext("No configuration information available.")); 28667c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *error, NS_CONFIG_NOTLOADED, 2867*7ddae043Siz strdup(errstr), NULL); 28687c478bd9Sstevel@tonic-gate return (NS_LDAP_CONFIG); 28697c478bd9Sstevel@tonic-gate } 28707c478bd9Sstevel@tonic-gate 28717c478bd9Sstevel@tonic-gate if (Param == NS_LDAP_DOMAIN_P) { 28727c478bd9Sstevel@tonic-gate *data = (void **)calloc(2, sizeof (void *)); 28737c478bd9Sstevel@tonic-gate if (*data == NULL) { 28747c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 28757c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 28767c478bd9Sstevel@tonic-gate } 28777c478bd9Sstevel@tonic-gate (*data)[0] = (void *)strdup(cfg->domainName); 28787c478bd9Sstevel@tonic-gate if ((*data)[0] == NULL) { 28797c478bd9Sstevel@tonic-gate free(*data); 28807c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 28817c478bd9Sstevel@tonic-gate return (NS_LDAP_MEMORY); 28827c478bd9Sstevel@tonic-gate } 28837c478bd9Sstevel@tonic-gate } else if (cfg->paramList[Param].ns_ptype == NS_UNKNOWN) { 28847c478bd9Sstevel@tonic-gate /* get default */ 28857c478bd9Sstevel@tonic-gate def = get_defconfig(cfg, Param); 28867c478bd9Sstevel@tonic-gate if (def != NULL) 28877c478bd9Sstevel@tonic-gate *data = dupParam(&def->defval); 28887c478bd9Sstevel@tonic-gate } else { 28897c478bd9Sstevel@tonic-gate *data = dupParam(&(cfg->paramList[Param])); 28907c478bd9Sstevel@tonic-gate } 28917c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 28927c478bd9Sstevel@tonic-gate 28937c478bd9Sstevel@tonic-gate return (NS_LDAP_SUCCESS); 28947c478bd9Sstevel@tonic-gate } 28957c478bd9Sstevel@tonic-gate 28967c478bd9Sstevel@tonic-gate /* 28977c478bd9Sstevel@tonic-gate * This routine takes a parameter in internal format and 28987c478bd9Sstevel@tonic-gate * translates it into a variety of string formats for various 28997c478bd9Sstevel@tonic-gate * outputs (doors/file/ldif). This routine would be better 29007c478bd9Sstevel@tonic-gate * named: __ns_ldap_translateParam2String 29017c478bd9Sstevel@tonic-gate */ 29027c478bd9Sstevel@tonic-gate 29037c478bd9Sstevel@tonic-gate char * 29047c478bd9Sstevel@tonic-gate __s_api_strValue(ns_config_t *cfg, char *str, 29057c478bd9Sstevel@tonic-gate int bufsz, ParamIndexType index, 29067c478bd9Sstevel@tonic-gate ns_strfmt_t fmt) 29077c478bd9Sstevel@tonic-gate { 29087c478bd9Sstevel@tonic-gate ns_default_config *def = NULL; 29097c478bd9Sstevel@tonic-gate ns_param_t *ptr; 29107c478bd9Sstevel@tonic-gate ns_hash_t *hptr; 29117c478bd9Sstevel@tonic-gate ns_mapping_t *mptr; 29127c478bd9Sstevel@tonic-gate char ibuf[14], *buf; 29137c478bd9Sstevel@tonic-gate char abuf[64], **cpp; 29147c478bd9Sstevel@tonic-gate int alen, count, i, sz; 29157c478bd9Sstevel@tonic-gate int seplen = strlen(COMMASEP) + strlen(DOORLINESEP); 29167c478bd9Sstevel@tonic-gate int first; 29177c478bd9Sstevel@tonic-gate 29187c478bd9Sstevel@tonic-gate if (cfg == NULL || str == NULL) 29197c478bd9Sstevel@tonic-gate return (NULL); 29207c478bd9Sstevel@tonic-gate 29217c478bd9Sstevel@tonic-gate /* NS_LDAP_EXP and TRANSPORT_SEC are not exported externally */ 29227c478bd9Sstevel@tonic-gate if (index == NS_LDAP_EXP_P || index == NS_LDAP_TRANSPORT_SEC_P) 29237c478bd9Sstevel@tonic-gate return (NULL); 29247c478bd9Sstevel@tonic-gate 29257c478bd9Sstevel@tonic-gate /* Return nothing if the value is the default */ 29267c478bd9Sstevel@tonic-gate if (cfg->paramList[index].ns_ptype == NS_UNKNOWN) 29277c478bd9Sstevel@tonic-gate return (NULL); 29287c478bd9Sstevel@tonic-gate 29297c478bd9Sstevel@tonic-gate ptr = &(cfg->paramList[index]); 29307c478bd9Sstevel@tonic-gate 29317c478bd9Sstevel@tonic-gate abuf[0] = '\0'; 29327c478bd9Sstevel@tonic-gate alen = 0; 29337c478bd9Sstevel@tonic-gate 29347c478bd9Sstevel@tonic-gate /* get default */ 29357c478bd9Sstevel@tonic-gate def = get_defconfig(cfg, index); 29367c478bd9Sstevel@tonic-gate if (def == NULL) 29377c478bd9Sstevel@tonic-gate return (NULL); 29387c478bd9Sstevel@tonic-gate 29397c478bd9Sstevel@tonic-gate switch (fmt) { 29407c478bd9Sstevel@tonic-gate case NS_DOOR_FMT: 29417c478bd9Sstevel@tonic-gate (void) strlcpy(abuf, def->name, sizeof (abuf)); 29427c478bd9Sstevel@tonic-gate (void) strlcat(abuf, EQUALSEP, sizeof (abuf)); 29437c478bd9Sstevel@tonic-gate break; 29447c478bd9Sstevel@tonic-gate case NS_FILE_FMT: 29457c478bd9Sstevel@tonic-gate (void) strlcpy(abuf, def->name, sizeof (abuf)); 29467c478bd9Sstevel@tonic-gate (void) strlcat(abuf, EQUSPSEP, sizeof (abuf)); 29477c478bd9Sstevel@tonic-gate break; 29487c478bd9Sstevel@tonic-gate case NS_LDIF_FMT: 29497c478bd9Sstevel@tonic-gate /* If no LDIF attr exists ignore the entry */ 29507c478bd9Sstevel@tonic-gate if (def->profile_name == NULL) 29517c478bd9Sstevel@tonic-gate return (NULL); 29527c478bd9Sstevel@tonic-gate (void) strlcpy(abuf, def->profile_name, sizeof (abuf)); 29537c478bd9Sstevel@tonic-gate (void) strlcat(abuf, COLSPSEP, sizeof (abuf)); 29547c478bd9Sstevel@tonic-gate break; 29557c478bd9Sstevel@tonic-gate default: 29567c478bd9Sstevel@tonic-gate break; 29577c478bd9Sstevel@tonic-gate } 29587c478bd9Sstevel@tonic-gate alen = strlen(abuf); 29597c478bd9Sstevel@tonic-gate if (alen > bufsz) 29607c478bd9Sstevel@tonic-gate return (NULL); 29617c478bd9Sstevel@tonic-gate 29627c478bd9Sstevel@tonic-gate buf = str; 29637c478bd9Sstevel@tonic-gate (void) strlcpy(buf, abuf, bufsz); 29647c478bd9Sstevel@tonic-gate 29657c478bd9Sstevel@tonic-gate switch (ptr->ns_ptype) { 29667c478bd9Sstevel@tonic-gate case ARRAYAUTH: 29677c478bd9Sstevel@tonic-gate count = ptr->ns_acnt; 29687c478bd9Sstevel@tonic-gate sz = 0; 29697c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 29707c478bd9Sstevel@tonic-gate sz += strlen(__s_get_auth_name(cfg, 2971*7ddae043Siz (AuthType_t)(ptr->ns_pi[i]))) + seplen; 29727c478bd9Sstevel@tonic-gate } 29737c478bd9Sstevel@tonic-gate sz = sz + alen + 1; 29747c478bd9Sstevel@tonic-gate if (sz <= bufsz) { 29757c478bd9Sstevel@tonic-gate buf = str; 29767c478bd9Sstevel@tonic-gate } else { 29777c478bd9Sstevel@tonic-gate buf = (char *)calloc(sz, sizeof (char)); 29787c478bd9Sstevel@tonic-gate if (buf == NULL) 29797c478bd9Sstevel@tonic-gate return (NULL); 29807c478bd9Sstevel@tonic-gate (void) strcpy(buf, abuf); 29817c478bd9Sstevel@tonic-gate } 29827c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 29837c478bd9Sstevel@tonic-gate (void) strcat(buf, 2984*7ddae043Siz __s_get_auth_name(cfg, 2985*7ddae043Siz (AuthType_t)(ptr->ns_pi[i]))); 29867c478bd9Sstevel@tonic-gate if (i != count-1) { 29877c478bd9Sstevel@tonic-gate if (cfg->version == NS_LDAP_V1) 29887c478bd9Sstevel@tonic-gate (void) strcat(buf, COMMASEP); 29897c478bd9Sstevel@tonic-gate else 29907c478bd9Sstevel@tonic-gate (void) strcat(buf, SEMISEP); 29917c478bd9Sstevel@tonic-gate } 29927c478bd9Sstevel@tonic-gate } 29937c478bd9Sstevel@tonic-gate break; 29947c478bd9Sstevel@tonic-gate case ARRAYCRED: 29957c478bd9Sstevel@tonic-gate count = ptr->ns_acnt; 29967c478bd9Sstevel@tonic-gate sz = 0; 29977c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 29987c478bd9Sstevel@tonic-gate sz += strlen(__s_get_credlvl_name(cfg, 2999*7ddae043Siz (CredLevel_t)ptr->ns_pi[i])) + seplen; 30007c478bd9Sstevel@tonic-gate } 30017c478bd9Sstevel@tonic-gate sz = sz + alen + 1; 30027c478bd9Sstevel@tonic-gate if (sz <= bufsz) { 30037c478bd9Sstevel@tonic-gate buf = str; 30047c478bd9Sstevel@tonic-gate } else { 30057c478bd9Sstevel@tonic-gate buf = (char *)calloc(sz, sizeof (char)); 30067c478bd9Sstevel@tonic-gate if (buf == NULL) 30077c478bd9Sstevel@tonic-gate return (NULL); 30087c478bd9Sstevel@tonic-gate (void) strcpy(buf, abuf); 30097c478bd9Sstevel@tonic-gate } 30107c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 30117c478bd9Sstevel@tonic-gate (void) strcat(buf, 3012*7ddae043Siz __s_get_credlvl_name(cfg, 3013*7ddae043Siz (CredLevel_t)ptr->ns_pi[i])); 30147c478bd9Sstevel@tonic-gate if (i != count-1) { 30157c478bd9Sstevel@tonic-gate (void) strcat(buf, SPACESEP); 30167c478bd9Sstevel@tonic-gate } 30177c478bd9Sstevel@tonic-gate } 30187c478bd9Sstevel@tonic-gate break; 30197c478bd9Sstevel@tonic-gate case SAMLIST: 30207c478bd9Sstevel@tonic-gate case SCLLIST: 30217c478bd9Sstevel@tonic-gate case SSDLIST: 30227c478bd9Sstevel@tonic-gate count = ptr->ns_acnt; 30237c478bd9Sstevel@tonic-gate sz = 0; 30247c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 30257c478bd9Sstevel@tonic-gate sz += strlen(ptr->ns_ppc[i]) + seplen; 30267c478bd9Sstevel@tonic-gate } 30277c478bd9Sstevel@tonic-gate sz = sz + alen + 1; 30287c478bd9Sstevel@tonic-gate /* 30297c478bd9Sstevel@tonic-gate * We need to allocate buffer depending on the 'fmt' and 30307c478bd9Sstevel@tonic-gate * on the number of ns_ptype's present(count) as we add 30317c478bd9Sstevel@tonic-gate * name' or 'profile_name' and DOORLINESEP or new line 30327c478bd9Sstevel@tonic-gate * char to the buffer - see below. 30337c478bd9Sstevel@tonic-gate */ 30347c478bd9Sstevel@tonic-gate switch (fmt) { 30357c478bd9Sstevel@tonic-gate case NS_LDIF_FMT: 30367c478bd9Sstevel@tonic-gate sz += count * (strlen(def->profile_name) 3037*7ddae043Siz + strlen(COLSPSEP) + strlen("\n")); 30387c478bd9Sstevel@tonic-gate break; 30397c478bd9Sstevel@tonic-gate case NS_FILE_FMT: 30407c478bd9Sstevel@tonic-gate sz += count * (strlen(def->name) 3041*7ddae043Siz + strlen(EQUALSEP) + strlen("\n")); 30427c478bd9Sstevel@tonic-gate break; 30437c478bd9Sstevel@tonic-gate case NS_DOOR_FMT: 30447c478bd9Sstevel@tonic-gate sz += count * (strlen(def->name) 3045*7ddae043Siz + strlen(EQUALSEP) + strlen(DOORLINESEP)); 30467c478bd9Sstevel@tonic-gate break; 30477c478bd9Sstevel@tonic-gate } 30487c478bd9Sstevel@tonic-gate if (sz <= bufsz) { 30497c478bd9Sstevel@tonic-gate buf = str; 30507c478bd9Sstevel@tonic-gate } else { 30517c478bd9Sstevel@tonic-gate buf = (char *)calloc(sz, sizeof (char)); 30527c478bd9Sstevel@tonic-gate if (buf == NULL) 30537c478bd9Sstevel@tonic-gate return (NULL); 30547c478bd9Sstevel@tonic-gate (void) strcpy(buf, abuf); 30557c478bd9Sstevel@tonic-gate } 30567c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 30577c478bd9Sstevel@tonic-gate (void) strcat(buf, ptr->ns_ppc[i]); 30587c478bd9Sstevel@tonic-gate if (i != count-1) { 30597c478bd9Sstevel@tonic-gate /* Separate items */ 30607c478bd9Sstevel@tonic-gate switch (fmt) { 30617c478bd9Sstevel@tonic-gate case NS_DOOR_FMT: 30627c478bd9Sstevel@tonic-gate (void) strcat(buf, DOORLINESEP); 30637c478bd9Sstevel@tonic-gate (void) strcat(buf, def->name); 30647c478bd9Sstevel@tonic-gate (void) strcat(buf, EQUALSEP); 30657c478bd9Sstevel@tonic-gate break; 30667c478bd9Sstevel@tonic-gate case NS_FILE_FMT: 30677c478bd9Sstevel@tonic-gate (void) strcat(buf, "\n"); 30687c478bd9Sstevel@tonic-gate (void) strcat(buf, def->name); 30697c478bd9Sstevel@tonic-gate (void) strcat(buf, EQUSPSEP); 30707c478bd9Sstevel@tonic-gate break; 30717c478bd9Sstevel@tonic-gate case NS_LDIF_FMT: 30727c478bd9Sstevel@tonic-gate (void) strcat(buf, "\n"); 30737c478bd9Sstevel@tonic-gate (void) strcat(buf, def->profile_name); 30747c478bd9Sstevel@tonic-gate (void) strcat(buf, COLSPSEP); 30757c478bd9Sstevel@tonic-gate break; 30767c478bd9Sstevel@tonic-gate } 30777c478bd9Sstevel@tonic-gate } 30787c478bd9Sstevel@tonic-gate } 30797c478bd9Sstevel@tonic-gate break; 30807c478bd9Sstevel@tonic-gate case ARRAYCP: 30817c478bd9Sstevel@tonic-gate count = ptr->ns_acnt; 30827c478bd9Sstevel@tonic-gate sz = 0; 30837c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 30847c478bd9Sstevel@tonic-gate sz += strlen(ptr->ns_ppc[i]) + seplen; 30857c478bd9Sstevel@tonic-gate } 30867c478bd9Sstevel@tonic-gate sz = sz + alen + 1; 30877c478bd9Sstevel@tonic-gate if (sz <= bufsz) { 30887c478bd9Sstevel@tonic-gate buf = str; 30897c478bd9Sstevel@tonic-gate } else { 30907c478bd9Sstevel@tonic-gate buf = (char *)calloc(sz, sizeof (char)); 30917c478bd9Sstevel@tonic-gate if (buf == NULL) 30927c478bd9Sstevel@tonic-gate return (NULL); 30937c478bd9Sstevel@tonic-gate (void) strcpy(buf, abuf); 30947c478bd9Sstevel@tonic-gate } 30957c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 30967c478bd9Sstevel@tonic-gate (void) strcat(buf, ptr->ns_ppc[i]); 30977c478bd9Sstevel@tonic-gate if (i != count-1) { 30987c478bd9Sstevel@tonic-gate (void) strcat(buf, COMMASEP); 30997c478bd9Sstevel@tonic-gate } 31007c478bd9Sstevel@tonic-gate } 31017c478bd9Sstevel@tonic-gate break; 31027c478bd9Sstevel@tonic-gate case SERVLIST: 31037c478bd9Sstevel@tonic-gate count = ptr->ns_acnt; 31047c478bd9Sstevel@tonic-gate sz = 0; 31057c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 31067c478bd9Sstevel@tonic-gate sz += strlen(ptr->ns_ppc[i]) + seplen; 31077c478bd9Sstevel@tonic-gate } 31087c478bd9Sstevel@tonic-gate sz = sz + alen + 1; 31097c478bd9Sstevel@tonic-gate if (sz <= bufsz) { 31107c478bd9Sstevel@tonic-gate buf = str; 31117c478bd9Sstevel@tonic-gate } else { 31127c478bd9Sstevel@tonic-gate buf = (char *)calloc(sz, sizeof (char)); 31137c478bd9Sstevel@tonic-gate if (buf == NULL) 31147c478bd9Sstevel@tonic-gate return (NULL); 31157c478bd9Sstevel@tonic-gate (void) strcpy(buf, abuf); 31167c478bd9Sstevel@tonic-gate } 31177c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 31187c478bd9Sstevel@tonic-gate (void) strcat(buf, ptr->ns_ppc[i]); 31197c478bd9Sstevel@tonic-gate if (i != count-1) { 31207c478bd9Sstevel@tonic-gate if (fmt == NS_LDIF_FMT) 31217c478bd9Sstevel@tonic-gate (void) strcat(buf, SPACESEP); 31227c478bd9Sstevel@tonic-gate else 31237c478bd9Sstevel@tonic-gate (void) strcat(buf, COMMASEP); 31247c478bd9Sstevel@tonic-gate } 31257c478bd9Sstevel@tonic-gate } 31267c478bd9Sstevel@tonic-gate break; 31277c478bd9Sstevel@tonic-gate case CHARPTR: 31287c478bd9Sstevel@tonic-gate if (ptr->ns_pc == NULL) 31297c478bd9Sstevel@tonic-gate break; 31307c478bd9Sstevel@tonic-gate sz = strlen(ptr->ns_pc) + alen + 1; 31317c478bd9Sstevel@tonic-gate if (sz > bufsz) { 31327c478bd9Sstevel@tonic-gate buf = (char *)calloc(sz, sizeof (char)); 31337c478bd9Sstevel@tonic-gate if (buf == NULL) 31347c478bd9Sstevel@tonic-gate return (NULL); 31357c478bd9Sstevel@tonic-gate (void) strcpy(buf, abuf); 31367c478bd9Sstevel@tonic-gate } 31377c478bd9Sstevel@tonic-gate (void) strcat(buf, ptr->ns_pc); 31387c478bd9Sstevel@tonic-gate break; 31397c478bd9Sstevel@tonic-gate case INT: 31407c478bd9Sstevel@tonic-gate switch (def->index) { 31417c478bd9Sstevel@tonic-gate case NS_LDAP_PREF_ONLY_P: 31427c478bd9Sstevel@tonic-gate (void) strcat(buf, 3143*7ddae043Siz __s_get_pref_name((PrefOnly_t)ptr->ns_i)); 31447c478bd9Sstevel@tonic-gate break; 31457c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_REF_P: 31467c478bd9Sstevel@tonic-gate (void) strcat(buf, 3147*7ddae043Siz __s_get_searchref_name(cfg, 3148*7ddae043Siz (SearchRef_t)ptr->ns_i)); 31497c478bd9Sstevel@tonic-gate break; 31507c478bd9Sstevel@tonic-gate case NS_LDAP_SEARCH_SCOPE_P: 31517c478bd9Sstevel@tonic-gate (void) strcat(buf, 3152*7ddae043Siz __s_get_scope_name(cfg, 3153*7ddae043Siz (ScopeType_t)ptr->ns_i)); 31547c478bd9Sstevel@tonic-gate break; 31557c478bd9Sstevel@tonic-gate default: 31567c478bd9Sstevel@tonic-gate (void) snprintf(ibuf, sizeof (ibuf), 3157*7ddae043Siz "%d", ptr->ns_i); 31587c478bd9Sstevel@tonic-gate (void) strcat(buf, ibuf); 31597c478bd9Sstevel@tonic-gate break; 31607c478bd9Sstevel@tonic-gate } 31617c478bd9Sstevel@tonic-gate break; 31627c478bd9Sstevel@tonic-gate case ATTRMAP: 31637c478bd9Sstevel@tonic-gate buf[0] = '\0'; 31647c478bd9Sstevel@tonic-gate first = 1; 31657c478bd9Sstevel@tonic-gate for (hptr = cfg->llHead; hptr; hptr = hptr->h_llnext) { 31667c478bd9Sstevel@tonic-gate if (hptr->h_type != NS_HASH_AMAP) { 31677c478bd9Sstevel@tonic-gate continue; 31687c478bd9Sstevel@tonic-gate } 31697c478bd9Sstevel@tonic-gate if (!first) { 31707c478bd9Sstevel@tonic-gate if (fmt == NS_DOOR_FMT) 31717c478bd9Sstevel@tonic-gate (void) strcat(buf, DOORLINESEP); 31727c478bd9Sstevel@tonic-gate else 31737c478bd9Sstevel@tonic-gate (void) strcat(buf, "\n"); 31747c478bd9Sstevel@tonic-gate } 31757c478bd9Sstevel@tonic-gate mptr = hptr->h_map; 31767c478bd9Sstevel@tonic-gate (void) strcat(buf, abuf); 31777c478bd9Sstevel@tonic-gate (void) strcat(buf, mptr->service); 31787c478bd9Sstevel@tonic-gate (void) strcat(buf, COLONSEP); 31797c478bd9Sstevel@tonic-gate (void) strcat(buf, mptr->orig); 31807c478bd9Sstevel@tonic-gate (void) strcat(buf, EQUALSEP); 31817c478bd9Sstevel@tonic-gate for (cpp = mptr->map; cpp && *cpp; cpp++) { 31827c478bd9Sstevel@tonic-gate if (cpp != mptr->map) 31837c478bd9Sstevel@tonic-gate (void) strcat(buf, SPACESEP); 31847c478bd9Sstevel@tonic-gate (void) strcat(buf, *cpp); 31857c478bd9Sstevel@tonic-gate } 31867c478bd9Sstevel@tonic-gate first = 0; 31877c478bd9Sstevel@tonic-gate } 31887c478bd9Sstevel@tonic-gate break; 31897c478bd9Sstevel@tonic-gate case OBJMAP: 31907c478bd9Sstevel@tonic-gate buf[0] = '\0'; 31917c478bd9Sstevel@tonic-gate first = 1; 31927c478bd9Sstevel@tonic-gate for (hptr = cfg->llHead; hptr; hptr = hptr->h_llnext) { 31937c478bd9Sstevel@tonic-gate if (hptr->h_type != NS_HASH_OMAP) { 31947c478bd9Sstevel@tonic-gate continue; 31957c478bd9Sstevel@tonic-gate } 31967c478bd9Sstevel@tonic-gate if (!first) { 31977c478bd9Sstevel@tonic-gate if (fmt == NS_DOOR_FMT) 31987c478bd9Sstevel@tonic-gate (void) strcat(buf, DOORLINESEP); 31997c478bd9Sstevel@tonic-gate else 32007c478bd9Sstevel@tonic-gate (void) strcat(buf, "\n"); 32017c478bd9Sstevel@tonic-gate } 32027c478bd9Sstevel@tonic-gate mptr = hptr->h_map; 32037c478bd9Sstevel@tonic-gate (void) strcat(buf, abuf); 32047c478bd9Sstevel@tonic-gate (void) strcat(buf, mptr->service); 32057c478bd9Sstevel@tonic-gate (void) strcat(buf, COLONSEP); 32067c478bd9Sstevel@tonic-gate (void) strcat(buf, mptr->orig); 32077c478bd9Sstevel@tonic-gate (void) strcat(buf, EQUALSEP); 32087c478bd9Sstevel@tonic-gate for (cpp = mptr->map; cpp && *cpp; cpp++) { 32097c478bd9Sstevel@tonic-gate if (cpp != mptr->map) 32107c478bd9Sstevel@tonic-gate (void) strcat(buf, SPACESEP); 32117c478bd9Sstevel@tonic-gate (void) strcat(buf, *cpp); 32127c478bd9Sstevel@tonic-gate } 32137c478bd9Sstevel@tonic-gate first = 0; 32147c478bd9Sstevel@tonic-gate } 32157c478bd9Sstevel@tonic-gate break; 32167c478bd9Sstevel@tonic-gate } 32177c478bd9Sstevel@tonic-gate return (buf); 32187c478bd9Sstevel@tonic-gate } 32197c478bd9Sstevel@tonic-gate 32207c478bd9Sstevel@tonic-gate static int 32217c478bd9Sstevel@tonic-gate __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error) 32227c478bd9Sstevel@tonic-gate { 32237c478bd9Sstevel@tonic-gate typedef union { 32247c478bd9Sstevel@tonic-gate ldap_data_t s_d; 32257c478bd9Sstevel@tonic-gate char s_b[DOORBUFFERSIZE]; 32267c478bd9Sstevel@tonic-gate } space_t; 3227*7ddae043Siz space_t *space; 32287c478bd9Sstevel@tonic-gate 3229*7ddae043Siz ldap_data_t *sptr; 3230*7ddae043Siz int ndata; 3231*7ddae043Siz int adata; 3232*7ddae043Siz char errstr[MAXERROR]; 3233*7ddae043Siz char *domainname; 3234*7ddae043Siz ns_ldap_return_code retCode; 3235*7ddae043Siz 3236*7ddae043Siz *error = NULL; 32377c478bd9Sstevel@tonic-gate 32387c478bd9Sstevel@tonic-gate domainname = __getdomainname(); 32397c478bd9Sstevel@tonic-gate if (domainname == NULL || buffer == NULL || buflen == NULL || 32407c478bd9Sstevel@tonic-gate (strlen(domainname) >= (sizeof (space_t) 3241*7ddae043Siz - sizeof (space->s_d.ldap_call.ldap_callnumber)))) { 32427c478bd9Sstevel@tonic-gate return (NS_LDAP_OP_FAILED); 32437c478bd9Sstevel@tonic-gate } 32447c478bd9Sstevel@tonic-gate 32457c478bd9Sstevel@tonic-gate space = (space_t *)calloc(1, sizeof (space_t)); 32467c478bd9Sstevel@tonic-gate if (space == NULL) 3247*7ddae043Siz return (NS_LDAP_MEMORY); 32487c478bd9Sstevel@tonic-gate 32497c478bd9Sstevel@tonic-gate adata = (sizeof (ldap_call_t) + strlen(domainname) +1); 32507c478bd9Sstevel@tonic-gate ndata = sizeof (space_t); 32517c478bd9Sstevel@tonic-gate space->s_d.ldap_call.ldap_callnumber = GETLDAPCONFIGV1; 32527c478bd9Sstevel@tonic-gate (void) strcpy(space->s_d.ldap_call.ldap_u.domainname, domainname); 32537c478bd9Sstevel@tonic-gate free(domainname); 32547c478bd9Sstevel@tonic-gate domainname = NULL; 32557c478bd9Sstevel@tonic-gate sptr = &space->s_d; 32567c478bd9Sstevel@tonic-gate 32577c478bd9Sstevel@tonic-gate switch (__ns_ldap_trydoorcall(&sptr, &ndata, &adata)) { 32587c478bd9Sstevel@tonic-gate case SUCCESS: 32597c478bd9Sstevel@tonic-gate break; 32607c478bd9Sstevel@tonic-gate case NOTFOUND: 32617c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 3262*7ddae043Siz gettext("Door call to " 3263*7ddae043Siz "ldap_cachemgr failed - error: %d."), 3264*7ddae043Siz space->s_d.ldap_ret.ldap_errno); 32657c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, *error, NS_CONFIG_CACHEMGR, 3266*7ddae043Siz strdup(errstr), NULL); 32677c478bd9Sstevel@tonic-gate free(space); 32687c478bd9Sstevel@tonic-gate return (NS_LDAP_OP_FAILED); 32697c478bd9Sstevel@tonic-gate default: 32707c478bd9Sstevel@tonic-gate free(space); 32717c478bd9Sstevel@tonic-gate return (NS_LDAP_OP_FAILED); 32727c478bd9Sstevel@tonic-gate } 32737c478bd9Sstevel@tonic-gate 3274*7ddae043Siz retCode = NS_LDAP_SUCCESS; 3275*7ddae043Siz 32767c478bd9Sstevel@tonic-gate /* copy info from door call to buffer here */ 3277*7ddae043Siz *buflen = strlen(sptr->ldap_ret.ldap_u.config) + 1; 32787c478bd9Sstevel@tonic-gate *buffer = calloc(*buflen, sizeof (char)); 32797c478bd9Sstevel@tonic-gate if (*buffer == NULL) { 3280*7ddae043Siz retCode = NS_LDAP_MEMORY; 3281*7ddae043Siz } else { 3282*7ddae043Siz (void) strcpy(*buffer, sptr->ldap_ret.ldap_u.config); 32837c478bd9Sstevel@tonic-gate } 32847c478bd9Sstevel@tonic-gate 32857c478bd9Sstevel@tonic-gate if (sptr != &space->s_d) { 32867c478bd9Sstevel@tonic-gate (void) munmap((char *)sptr, ndata); 32877c478bd9Sstevel@tonic-gate } 3288*7ddae043Siz free(space); 32897c478bd9Sstevel@tonic-gate 3290*7ddae043Siz return (retCode); 32917c478bd9Sstevel@tonic-gate } 32927c478bd9Sstevel@tonic-gate 32937c478bd9Sstevel@tonic-gate /* 32947c478bd9Sstevel@tonic-gate * SetDoorInfo parses ldapcachemgr configuration information 32957c478bd9Sstevel@tonic-gate * and verifies that the profile is version 1 or version 2 based. 32967c478bd9Sstevel@tonic-gate * version 2 profiles must have a version number as the first profile 32977c478bd9Sstevel@tonic-gate * attribute in the configuration. 32987c478bd9Sstevel@tonic-gate */ 32997c478bd9Sstevel@tonic-gate static ns_config_t * 33007c478bd9Sstevel@tonic-gate SetDoorInfo(char *buffer, ns_ldap_error_t **errorp) 33017c478bd9Sstevel@tonic-gate { 33027c478bd9Sstevel@tonic-gate ns_config_t *ptr; 33037c478bd9Sstevel@tonic-gate char errstr[MAXERROR], errbuf[MAXERROR]; 33047c478bd9Sstevel@tonic-gate char *name, *value, valbuf[BUFSIZE]; 33057c478bd9Sstevel@tonic-gate char *strptr; 33067c478bd9Sstevel@tonic-gate char *rest; 33077c478bd9Sstevel@tonic-gate char *bufptr = buffer; 33087c478bd9Sstevel@tonic-gate ParamIndexType i; 33097c478bd9Sstevel@tonic-gate int ret; 33107c478bd9Sstevel@tonic-gate int first = 1; 33117c478bd9Sstevel@tonic-gate int errfnd = 0; 33127c478bd9Sstevel@tonic-gate 33137c478bd9Sstevel@tonic-gate if (errorp == NULL) 33147c478bd9Sstevel@tonic-gate return (NULL); 33157c478bd9Sstevel@tonic-gate *errorp = NULL; 33167c478bd9Sstevel@tonic-gate 33177c478bd9Sstevel@tonic-gate ptr = __s_api_create_config(); 33187c478bd9Sstevel@tonic-gate if (ptr == NULL) { 33197c478bd9Sstevel@tonic-gate return (NULL); 33207c478bd9Sstevel@tonic-gate } 33217c478bd9Sstevel@tonic-gate 33227c478bd9Sstevel@tonic-gate strptr = (char *)strtok_r(bufptr, DOORLINESEP, &rest); 33237c478bd9Sstevel@tonic-gate for (; ; ) { 33247c478bd9Sstevel@tonic-gate if (strptr == NULL) 33257c478bd9Sstevel@tonic-gate break; 33267c478bd9Sstevel@tonic-gate (void) strlcpy(valbuf, strptr, sizeof (valbuf)); 33277c478bd9Sstevel@tonic-gate __s_api_split_key_value(valbuf, &name, &value); 33287c478bd9Sstevel@tonic-gate /* Use get_versiontype and check for V1 vs V2 prototypes */ 33297c478bd9Sstevel@tonic-gate if (__s_api_get_versiontype(ptr, name, &i) < 0) { 33307c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 3331*7ddae043Siz "%s (%s)\n", 3332*7ddae043Siz gettext("Illegal profile entry " 3333*7ddae043Siz "line in configuration."), 3334*7ddae043Siz name); 33357c478bd9Sstevel@tonic-gate errfnd++; 33367c478bd9Sstevel@tonic-gate /* Write verify routines and get rid of verify_value here */ 33377c478bd9Sstevel@tonic-gate } else if (verify_value(ptr, name, 3338*7ddae043Siz value, errbuf) != NS_SUCCESS) { 33397c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 3340*7ddae043Siz gettext("%s\n"), errbuf); 33417c478bd9Sstevel@tonic-gate errfnd++; 33427c478bd9Sstevel@tonic-gate } else if (!first && i == NS_LDAP_FILE_VERSION_P) { 33437c478bd9Sstevel@tonic-gate (void) snprintf(errstr, sizeof (errstr), 3344*7ddae043Siz gettext("Illegal NS_LDAP_FILE_VERSION " 3345*7ddae043Siz "line in configuration.\n")); 33467c478bd9Sstevel@tonic-gate errfnd++; 33477c478bd9Sstevel@tonic-gate } 33487c478bd9Sstevel@tonic-gate if (errfnd) { 33497c478bd9Sstevel@tonic-gate MKERROR(LOG_ERR, *errorp, NS_CONFIG_SYNTAX, 3350*7ddae043Siz strdup(errstr), NULL); 33517c478bd9Sstevel@tonic-gate } else { 33527c478bd9Sstevel@tonic-gate ret = set_default_value(ptr, name, value, errorp); 33537c478bd9Sstevel@tonic-gate } 33547c478bd9Sstevel@tonic-gate if (errfnd || ret != NS_SUCCESS) { 33557c478bd9Sstevel@tonic-gate __s_api_destroy_config(ptr); 33567c478bd9Sstevel@tonic-gate return (NULL); 33577c478bd9Sstevel@tonic-gate } 33587c478bd9Sstevel@tonic-gate first = 0; 33597c478bd9Sstevel@tonic-gate 33607c478bd9Sstevel@tonic-gate strptr = (char *)strtok_r(NULL, DOORLINESEP, &rest); 33617c478bd9Sstevel@tonic-gate } 33627c478bd9Sstevel@tonic-gate 33637c478bd9Sstevel@tonic-gate if (__s_api_crosscheck(ptr, errstr, B_TRUE) != NS_SUCCESS) { 33647c478bd9Sstevel@tonic-gate __s_api_destroy_config(ptr); 33657c478bd9Sstevel@tonic-gate MKERROR(LOG_WARNING, *errorp, NS_CONFIG_SYNTAX, strdup(errstr), 3366*7ddae043Siz NULL); 33677c478bd9Sstevel@tonic-gate return (NULL); 33687c478bd9Sstevel@tonic-gate } 33697c478bd9Sstevel@tonic-gate 33707c478bd9Sstevel@tonic-gate return (ptr); 33717c478bd9Sstevel@tonic-gate } 33727c478bd9Sstevel@tonic-gate 33737c478bd9Sstevel@tonic-gate static ns_config_t * 33747c478bd9Sstevel@tonic-gate LoadCacheConfiguration(ns_ldap_error_t **error) 33757c478bd9Sstevel@tonic-gate { 33767c478bd9Sstevel@tonic-gate char *buffer = NULL; 33777c478bd9Sstevel@tonic-gate int buflen = 0; 33787c478bd9Sstevel@tonic-gate int ret; 33797c478bd9Sstevel@tonic-gate ns_config_t *cfg; 33807c478bd9Sstevel@tonic-gate 33817c478bd9Sstevel@tonic-gate *error = NULL; 33827c478bd9Sstevel@tonic-gate ret = __door_getldapconfig(&buffer, &buflen, error); 33837c478bd9Sstevel@tonic-gate 33847c478bd9Sstevel@tonic-gate if (ret != NS_LDAP_SUCCESS) { 33857c478bd9Sstevel@tonic-gate if (*error != NULL && (*error)->message != NULL) 33867c478bd9Sstevel@tonic-gate syslog(LOG_WARNING, "libsldap: %s", (*error)->message); 33877c478bd9Sstevel@tonic-gate return (NULL); 33887c478bd9Sstevel@tonic-gate } 33897c478bd9Sstevel@tonic-gate 33907c478bd9Sstevel@tonic-gate /* now convert from door format */ 33917c478bd9Sstevel@tonic-gate cfg = SetDoorInfo(buffer, error); 33927c478bd9Sstevel@tonic-gate free(buffer); 33937c478bd9Sstevel@tonic-gate 33947c478bd9Sstevel@tonic-gate if (cfg == NULL && *error != NULL && (*error)->message != NULL) 33957c478bd9Sstevel@tonic-gate syslog(LOG_WARNING, "libsldap: %s", (*error)->message); 33967c478bd9Sstevel@tonic-gate return (cfg); 33977c478bd9Sstevel@tonic-gate } 33987c478bd9Sstevel@tonic-gate 33997c478bd9Sstevel@tonic-gate /* 34007c478bd9Sstevel@tonic-gate * converts the time string into seconds. The time string can be specified 34017c478bd9Sstevel@tonic-gate * using one of the following time units: 34027c478bd9Sstevel@tonic-gate * #s (# of seconds) 34037c478bd9Sstevel@tonic-gate * #m (# of minutes) 34047c478bd9Sstevel@tonic-gate * #h (# of hours) 34057c478bd9Sstevel@tonic-gate * #d (# of days) 34067c478bd9Sstevel@tonic-gate * #w (# of weeks) 34077c478bd9Sstevel@tonic-gate * NOTE: you can only specify one the above. No combination of the above 34087c478bd9Sstevel@tonic-gate * units is allowed. If no unit specified, it will default to "seconds". 34097c478bd9Sstevel@tonic-gate */ 34107c478bd9Sstevel@tonic-gate static time_t 34117c478bd9Sstevel@tonic-gate conv_time(char *s) 34127c478bd9Sstevel@tonic-gate { 34137c478bd9Sstevel@tonic-gate time_t t; 34147c478bd9Sstevel@tonic-gate char c; 34157c478bd9Sstevel@tonic-gate int l, m; 34167c478bd9Sstevel@tonic-gate long tot; 34177c478bd9Sstevel@tonic-gate 34187c478bd9Sstevel@tonic-gate l = strlen(s); 34197c478bd9Sstevel@tonic-gate if (l == 0) 34207c478bd9Sstevel@tonic-gate return (0); 34217c478bd9Sstevel@tonic-gate c = s[--l]; 34227c478bd9Sstevel@tonic-gate m = 0; 34237c478bd9Sstevel@tonic-gate switch (c) { 34247c478bd9Sstevel@tonic-gate case 'w': /* weeks */ 34257c478bd9Sstevel@tonic-gate m = 604800; 34267c478bd9Sstevel@tonic-gate break; 34277c478bd9Sstevel@tonic-gate case 'd': /* days */ 34287c478bd9Sstevel@tonic-gate m = 86400; 34297c478bd9Sstevel@tonic-gate break; 34307c478bd9Sstevel@tonic-gate case 'h': /* hours */ 34317c478bd9Sstevel@tonic-gate m = 3600; 34327c478bd9Sstevel@tonic-gate break; 34337c478bd9Sstevel@tonic-gate case 'm': /* minutes */ 34347c478bd9Sstevel@tonic-gate m = 60; 34357c478bd9Sstevel@tonic-gate break; 34367c478bd9Sstevel@tonic-gate case 's': /* seconds */ 34377c478bd9Sstevel@tonic-gate m = 1; 34387c478bd9Sstevel@tonic-gate break; 34397c478bd9Sstevel@tonic-gate /* the default case is set to "second" */ 34407c478bd9Sstevel@tonic-gate } 34417c478bd9Sstevel@tonic-gate if (m != 0) 34427c478bd9Sstevel@tonic-gate s[l] = '\0'; 34437c478bd9Sstevel@tonic-gate else 34447c478bd9Sstevel@tonic-gate m = 1; 34457c478bd9Sstevel@tonic-gate errno = 0; 34467c478bd9Sstevel@tonic-gate tot = atol(s); 34477c478bd9Sstevel@tonic-gate if ((0 == tot) && (EINVAL == errno)) 34487c478bd9Sstevel@tonic-gate return (0); 34497c478bd9Sstevel@tonic-gate if (((LONG_MAX == tot) || (LONG_MIN == tot)) && (EINVAL == errno)) 34507c478bd9Sstevel@tonic-gate return (0); 34517c478bd9Sstevel@tonic-gate 34527c478bd9Sstevel@tonic-gate tot = tot * m; 34537c478bd9Sstevel@tonic-gate t = (time_t)tot; 34547c478bd9Sstevel@tonic-gate return (t); 34557c478bd9Sstevel@tonic-gate } 34567c478bd9Sstevel@tonic-gate 34577c478bd9Sstevel@tonic-gate 34587c478bd9Sstevel@tonic-gate ns_auth_t * 34597c478bd9Sstevel@tonic-gate __s_api_AuthEnumtoStruct(const EnumAuthType_t i) 34607c478bd9Sstevel@tonic-gate { 34617c478bd9Sstevel@tonic-gate ns_auth_t *ap; 34627c478bd9Sstevel@tonic-gate 34637c478bd9Sstevel@tonic-gate ap = (ns_auth_t *)calloc(1, sizeof (ns_auth_t)); 34647c478bd9Sstevel@tonic-gate if (ap == NULL) 34657c478bd9Sstevel@tonic-gate return (NULL); 34667c478bd9Sstevel@tonic-gate switch (i) { 34677c478bd9Sstevel@tonic-gate case NS_LDAP_EA_NONE: 34687c478bd9Sstevel@tonic-gate break; 34697c478bd9Sstevel@tonic-gate case NS_LDAP_EA_SIMPLE: 34707c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_SIMPLE; 34717c478bd9Sstevel@tonic-gate break; 34727c478bd9Sstevel@tonic-gate case NS_LDAP_EA_SASL_CRAM_MD5: 34737c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_SASL; 34747c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_CRAM_MD5; 34757c478bd9Sstevel@tonic-gate break; 34767c478bd9Sstevel@tonic-gate case NS_LDAP_EA_SASL_DIGEST_MD5: 34777c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_SASL; 34787c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 34797c478bd9Sstevel@tonic-gate break; 34807c478bd9Sstevel@tonic-gate case NS_LDAP_EA_SASL_DIGEST_MD5_INT: 34817c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_SASL; 34827c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 34837c478bd9Sstevel@tonic-gate ap->saslopt = NS_LDAP_SASLOPT_INT; 34847c478bd9Sstevel@tonic-gate break; 34857c478bd9Sstevel@tonic-gate case NS_LDAP_EA_SASL_DIGEST_MD5_CONF: 34867c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_SASL; 34877c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 34887c478bd9Sstevel@tonic-gate ap->saslopt = NS_LDAP_SASLOPT_PRIV; 34897c478bd9Sstevel@tonic-gate break; 34907c478bd9Sstevel@tonic-gate case NS_LDAP_EA_SASL_EXTERNAL: 34917c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_SASL; 34927c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_EXTERNAL; 34937c478bd9Sstevel@tonic-gate break; 3494cb5caa98Sdjl case NS_LDAP_EA_SASL_GSSAPI: 3495cb5caa98Sdjl ap->type = NS_LDAP_AUTH_SASL; 3496cb5caa98Sdjl ap->saslmech = NS_LDAP_SASL_GSSAPI; 3497cb5caa98Sdjl ap->saslopt = NS_LDAP_SASLOPT_INT | 3498*7ddae043Siz NS_LDAP_SASLOPT_PRIV; 3499cb5caa98Sdjl break; 35007c478bd9Sstevel@tonic-gate case NS_LDAP_EA_TLS_NONE: 35017c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_TLS; 35027c478bd9Sstevel@tonic-gate ap->tlstype = NS_LDAP_TLS_NONE; 35037c478bd9Sstevel@tonic-gate break; 35047c478bd9Sstevel@tonic-gate case NS_LDAP_EA_TLS_SIMPLE: 35057c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_TLS; 35067c478bd9Sstevel@tonic-gate ap->tlstype = NS_LDAP_TLS_SIMPLE; 35077c478bd9Sstevel@tonic-gate break; 35087c478bd9Sstevel@tonic-gate case NS_LDAP_EA_TLS_SASL_CRAM_MD5: 35097c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_TLS; 35107c478bd9Sstevel@tonic-gate ap->tlstype = NS_LDAP_TLS_SASL; 35117c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_CRAM_MD5; 35127c478bd9Sstevel@tonic-gate break; 35137c478bd9Sstevel@tonic-gate case NS_LDAP_EA_TLS_SASL_DIGEST_MD5: 35147c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_TLS; 35157c478bd9Sstevel@tonic-gate ap->tlstype = NS_LDAP_TLS_SASL; 35167c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 35177c478bd9Sstevel@tonic-gate break; 35187c478bd9Sstevel@tonic-gate case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT: 35197c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_TLS; 35207c478bd9Sstevel@tonic-gate ap->tlstype = NS_LDAP_TLS_SASL; 35217c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 35227c478bd9Sstevel@tonic-gate ap->saslopt = NS_LDAP_SASLOPT_INT; 35237c478bd9Sstevel@tonic-gate break; 35247c478bd9Sstevel@tonic-gate case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF: 35257c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_TLS; 35267c478bd9Sstevel@tonic-gate ap->tlstype = NS_LDAP_TLS_SASL; 35277c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_DIGEST_MD5; 35287c478bd9Sstevel@tonic-gate ap->saslopt = NS_LDAP_SASLOPT_PRIV; 35297c478bd9Sstevel@tonic-gate break; 35307c478bd9Sstevel@tonic-gate case NS_LDAP_EA_TLS_SASL_EXTERNAL: 35317c478bd9Sstevel@tonic-gate ap->type = NS_LDAP_AUTH_TLS; 35327c478bd9Sstevel@tonic-gate ap->tlstype = NS_LDAP_TLS_SASL; 35337c478bd9Sstevel@tonic-gate ap->saslmech = NS_LDAP_SASL_EXTERNAL; 35347c478bd9Sstevel@tonic-gate break; 35357c478bd9Sstevel@tonic-gate default: 35367c478bd9Sstevel@tonic-gate /* should never get here */ 35377c478bd9Sstevel@tonic-gate free(ap); 35387c478bd9Sstevel@tonic-gate return (NULL); 35397c478bd9Sstevel@tonic-gate } 35407c478bd9Sstevel@tonic-gate return (ap); 35417c478bd9Sstevel@tonic-gate } 35427c478bd9Sstevel@tonic-gate 35437c478bd9Sstevel@tonic-gate 35447c478bd9Sstevel@tonic-gate /* 35457c478bd9Sstevel@tonic-gate * Parameter Index Type validation routines 35467c478bd9Sstevel@tonic-gate */ 35477c478bd9Sstevel@tonic-gate 35487c478bd9Sstevel@tonic-gate /* Validate a positive integer */ 35497c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */ 35507c478bd9Sstevel@tonic-gate /* ARGSUSED */ 35517c478bd9Sstevel@tonic-gate static int 35527c478bd9Sstevel@tonic-gate __s_val_postime(ParamIndexType i, ns_default_config *def, 35537c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf) 35547c478bd9Sstevel@tonic-gate { 35557c478bd9Sstevel@tonic-gate char *cp; 35567c478bd9Sstevel@tonic-gate long tot; 35577c478bd9Sstevel@tonic-gate 35587c478bd9Sstevel@tonic-gate if (param && param->ns_ptype == CHARPTR && param->ns_pc) { 35597c478bd9Sstevel@tonic-gate for (cp = param->ns_pc; cp && *cp; cp++) { 35607c478bd9Sstevel@tonic-gate if (*cp >= '0' && *cp <= '9') 35617c478bd9Sstevel@tonic-gate continue; 35627c478bd9Sstevel@tonic-gate switch (*cp) { 35637c478bd9Sstevel@tonic-gate case 'w': /* weeks */ 35647c478bd9Sstevel@tonic-gate case 'd': /* days */ 35657c478bd9Sstevel@tonic-gate case 'h': /* hours */ 35667c478bd9Sstevel@tonic-gate case 'm': /* minutes */ 35677c478bd9Sstevel@tonic-gate case 's': /* seconds */ 35687c478bd9Sstevel@tonic-gate if (*(cp+1) == '\0') { 35697c478bd9Sstevel@tonic-gate break; 35707c478bd9Sstevel@tonic-gate } 35717c478bd9Sstevel@tonic-gate default: 35727c478bd9Sstevel@tonic-gate (void) strcpy(errbuf, "Illegal time value"); 35737c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 35747c478bd9Sstevel@tonic-gate } 35757c478bd9Sstevel@tonic-gate } 35767c478bd9Sstevel@tonic-gate /* Valid form: [0-9][0-9]*[wdhms]* */ 35777c478bd9Sstevel@tonic-gate tot = atol(param->ns_pc); /* check overflow */ 35787c478bd9Sstevel@tonic-gate if (tot >= 0) 35797c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 35807c478bd9Sstevel@tonic-gate } 35817c478bd9Sstevel@tonic-gate (void) snprintf(errbuf, MAXERROR, 3582*7ddae043Siz gettext("Illegal time value in %s"), def->name); 35837c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 35847c478bd9Sstevel@tonic-gate } 35857c478bd9Sstevel@tonic-gate 35867c478bd9Sstevel@tonic-gate 35877c478bd9Sstevel@tonic-gate /* Validate the Base DN */ 35887c478bd9Sstevel@tonic-gate /* It can be empty (RootDSE request) or needs to have an '=' */ 35897c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */ 35907c478bd9Sstevel@tonic-gate /* ARGSUSED */ 35917c478bd9Sstevel@tonic-gate static int 35927c478bd9Sstevel@tonic-gate __s_val_basedn(ParamIndexType i, ns_default_config *def, 35937c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf) 35947c478bd9Sstevel@tonic-gate { 35957c478bd9Sstevel@tonic-gate if (param && param->ns_ptype == CHARPTR && 35967c478bd9Sstevel@tonic-gate i == NS_LDAP_SEARCH_BASEDN_P && 3597*7ddae043Siz ((param->ns_pc == NULL) || /* empty */ 3598*7ddae043Siz (*(param->ns_pc) == '\0') || /* empty */ 3599*7ddae043Siz (strchr(param->ns_pc, '=') != NULL))) /* '=' */ 36007c478bd9Sstevel@tonic-gate { 36017c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 36027c478bd9Sstevel@tonic-gate } 36037c478bd9Sstevel@tonic-gate (void) snprintf(errbuf, MAXERROR, 3604*7ddae043Siz gettext("Non-existent or invalid DN in %s"), 3605*7ddae043Siz def->name); 36067c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 36077c478bd9Sstevel@tonic-gate } 36087c478bd9Sstevel@tonic-gate 36097c478bd9Sstevel@tonic-gate 36107c478bd9Sstevel@tonic-gate /* Validate the serverList */ 36117c478bd9Sstevel@tonic-gate /* For each server in list, check if valid IP or hostname */ 36127c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */ 36137c478bd9Sstevel@tonic-gate /* ARGSUSED */ 36147c478bd9Sstevel@tonic-gate static int 36157c478bd9Sstevel@tonic-gate __s_val_serverList(ParamIndexType i, ns_default_config *def, 36167c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf) 36177c478bd9Sstevel@tonic-gate { 36187c478bd9Sstevel@tonic-gate for (i = 0; i < param->ns_acnt; i++) { 36197c478bd9Sstevel@tonic-gate if ((__s_api_isipv4(param->ns_ppc[i])) || 3620*7ddae043Siz (__s_api_isipv6(param->ns_ppc[i])) || 3621*7ddae043Siz (__s_api_ishost(param->ns_ppc[i]))) { 36227c478bd9Sstevel@tonic-gate continue; 36237c478bd9Sstevel@tonic-gate } 36247c478bd9Sstevel@tonic-gate /* err */ 36257c478bd9Sstevel@tonic-gate (void) snprintf(errbuf, MAXERROR, 3626*7ddae043Siz gettext("Invalid server (%s) in %s"), 3627*7ddae043Siz param->ns_ppc[i], def->name); 36287c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 36297c478bd9Sstevel@tonic-gate } 36307c478bd9Sstevel@tonic-gate 36317c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 36327c478bd9Sstevel@tonic-gate } 36337c478bd9Sstevel@tonic-gate 36347c478bd9Sstevel@tonic-gate 36357c478bd9Sstevel@tonic-gate /* Check for a BINDDN */ 36367c478bd9Sstevel@tonic-gate /* It can not be empty and needs to have an '=' */ 36377c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */ 36387c478bd9Sstevel@tonic-gate /* ARGSUSED */ 36397c478bd9Sstevel@tonic-gate static int 36407c478bd9Sstevel@tonic-gate __s_val_binddn(ParamIndexType i, ns_default_config *def, 36417c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf) 36427c478bd9Sstevel@tonic-gate { 36437c478bd9Sstevel@tonic-gate if (param && param->ns_ptype == CHARPTR && 36447c478bd9Sstevel@tonic-gate i == NS_LDAP_BINDDN_P && 3645*7ddae043Siz ((param->ns_pc == NULL) || 3646*7ddae043Siz ((*(param->ns_pc) != '\0') && 3647*7ddae043Siz (strchr(param->ns_pc, '=') != NULL)))) { 36487c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 36497c478bd9Sstevel@tonic-gate } 36507c478bd9Sstevel@tonic-gate (void) snprintf(errbuf, MAXERROR, 3651*7ddae043Siz gettext("NULL or invalid proxy bind DN")); 36527c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 36537c478bd9Sstevel@tonic-gate } 36547c478bd9Sstevel@tonic-gate 36557c478bd9Sstevel@tonic-gate 36567c478bd9Sstevel@tonic-gate /* Check for a BINDPASSWD */ 36577c478bd9Sstevel@tonic-gate /* The string can not be NULL or empty */ 36587c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */ 36597c478bd9Sstevel@tonic-gate /* ARGSUSED */ 36607c478bd9Sstevel@tonic-gate static int 36617c478bd9Sstevel@tonic-gate __s_val_bindpw(ParamIndexType i, ns_default_config *def, 36627c478bd9Sstevel@tonic-gate ns_param_t *param, char *errbuf) 36637c478bd9Sstevel@tonic-gate { 36647c478bd9Sstevel@tonic-gate if (param && param->ns_ptype == CHARPTR && 36657c478bd9Sstevel@tonic-gate i == NS_LDAP_BINDPASSWD_P && 3666*7ddae043Siz ((param->ns_pc == NULL) || 3667*7ddae043Siz (*(param->ns_pc) != '\0'))) { 36687c478bd9Sstevel@tonic-gate return (NS_SUCCESS); 36697c478bd9Sstevel@tonic-gate } 36707c478bd9Sstevel@tonic-gate (void) snprintf(errbuf, MAXERROR, 3671*7ddae043Siz gettext("NULL proxy bind password")); 36727c478bd9Sstevel@tonic-gate return (NS_PARSE_ERR); 36737c478bd9Sstevel@tonic-gate } 36747c478bd9Sstevel@tonic-gate 36757c478bd9Sstevel@tonic-gate /* 36767c478bd9Sstevel@tonic-gate * __s_get_hostcertpath returns either the configured host certificate path 36777c478bd9Sstevel@tonic-gate * or, if none, the default host certificate path (/var/ldap). Note that this 36787c478bd9Sstevel@tonic-gate * does not use __ns_ldap_getParam because it may be called during connection 36797c478bd9Sstevel@tonic-gate * setup. This can fail due to insufficient memory. 36807c478bd9Sstevel@tonic-gate */ 36817c478bd9Sstevel@tonic-gate 36827c478bd9Sstevel@tonic-gate char * 36837c478bd9Sstevel@tonic-gate __s_get_hostcertpath(void) 36847c478bd9Sstevel@tonic-gate { 36857c478bd9Sstevel@tonic-gate ns_config_t *cfg; 36867c478bd9Sstevel@tonic-gate ns_param_t *param; 36877c478bd9Sstevel@tonic-gate char *ret = NULL; 36887c478bd9Sstevel@tonic-gate 36897c478bd9Sstevel@tonic-gate cfg = __s_api_get_default_config(); 36907c478bd9Sstevel@tonic-gate if (cfg != NULL) { 36917c478bd9Sstevel@tonic-gate param = &cfg->paramList[NS_LDAP_HOST_CERTPATH_P]; 36927c478bd9Sstevel@tonic-gate if (param->ns_ptype == CHARPTR) 36937c478bd9Sstevel@tonic-gate ret = strdup(param->ns_pc); 36947c478bd9Sstevel@tonic-gate __s_api_release_config(cfg); 36957c478bd9Sstevel@tonic-gate } 36967c478bd9Sstevel@tonic-gate if (ret == NULL) 36977c478bd9Sstevel@tonic-gate ret = strdup(NSLDAPDIRECTORY); 36987c478bd9Sstevel@tonic-gate return (ret); 36997c478bd9Sstevel@tonic-gate } 37007c478bd9Sstevel@tonic-gate 37017c478bd9Sstevel@tonic-gate static void 37027c478bd9Sstevel@tonic-gate _free_config() 37037c478bd9Sstevel@tonic-gate { 37047c478bd9Sstevel@tonic-gate if (current_config != NULL) 37057c478bd9Sstevel@tonic-gate destroy_config(current_config); 37067c478bd9Sstevel@tonic-gate 37077c478bd9Sstevel@tonic-gate current_config = NULL; 37087c478bd9Sstevel@tonic-gate } 3709