search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move /var/svc/log to /var/log/svc
[unleashed/lotheac.git] / usr / src / cmd / ldap / ns_ldap / ldapaddrbac.c
blob98b16f7aacc4a3d3245bc588a42cc09c7181c33d
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 /*
26 * ldapaddrbac.c
27 *
28 * Routines to add RBAC /etc files into LDAP.
29 * Can also be used to dump entries from a ldap container in /etc format.
30 */
31
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <libintl.h>
35 #include <strings.h>
36 #include <sys/param.h>
37 #include <ctype.h>
38 #include <sys/types.h>
39 #include <sys/socket.h>
40 #include <netinet/in.h>
41 #include <arpa/inet.h>
42 #include <locale.h>
43 #include <syslog.h>
44 #include "ldapaddent.h"
45
46 #undef opaque
47 #undef GROUP
48
49 extern char *_strtok_escape(char *, char *, char **); /* from libnsl */
50
51 #include <user_attr.h>
52 #include <prof_attr.h>
53 #include <exec_attr.h>
54 #include <auth_attr.h>
55
56 /*
57 * The parsing routines for RBAC databases
58 */
59
60 /*
61 * genent_attr:
62 * Generic function for generating entries for all of the *_attr databases.
63 */
64 int
65 genent_attr(
66 char *line, /* entry to parse */
67 int ncol, /* number of columns in the database */
68 entry_col **ecolret) /* return entry array */
69 {
70 int i;
71 char (*buf)[BUFSIZ + 1];
72 char *s;
73 char *sep = KV_TOKEN_DELIMIT;
74 char *lasts;
75 entry_col *ecol;
76
77 /*
78 * check input length
79 */
80 if (strlen(line) >= sizeof (*buf)) {
81 (void) strcpy(parse_err_msg, "line too long");
82 return (GENENT_PARSEERR);
83 }
84
85 /*
86 * setup and clear column data
87 */
88 if ((ecol = (entry_col *)malloc(ncol * sizeof (entry_col) +
89 sizeof (*buf))) == NULL)
90 return (GENENT_ERR);
91 (void) memset((char *)ecol, 0, ncol * sizeof (ecol));
92
93 /* don't scribble over input */
94 buf = (char (*)[sizeof (*buf)]) (ecol + ncol);
95 (void) strncpy((char *)buf, line, sizeof (*buf));
96
97 /* Split up columns */
98 for (i = 0; i < ncol; i++, buf = NULL) {
99 s = _strtok_escape((char *)buf, sep, &lasts);
100 if (s == NULL) {
101 ecol[i].ec_value.ec_value_val = "";
102 ecol[i].ec_value.ec_value_len = 0;
103 } else {
104 ecol[i].ec_value.ec_value_val = s;
105 ecol[i].ec_value.ec_value_len = strlen(s)+1;
106 }
107 }
108
109 *ecolret = ecol;
110 return (GENENT_OK);
111 }
112
113 int
114 genent_user_attr(char *line, int (*cback)())
115 {
116 entry_col *ecol;
117 userstr_t data;
118 int res, retval;
119
120 /*
121 * parse entry into columns
122 */
123 res = genent_attr(line, USERATTR_DB_NCOL, &ecol);
124 if (res != GENENT_OK)
125 return (res);
126
127 data.name = ecol[0].ec_value.ec_value_val;
128 data.qualifier = ecol[1].ec_value.ec_value_val;
129 data.res1 = NULL;
130 data.res2 = NULL;
131 data.attr = ecol[4].ec_value.ec_value_val;
132
133 if (flags & F_VERBOSE)
134 (void) fprintf(stdout,
135 gettext("Adding entry : %s\n"), data.name);
136
137 retval = (*cback)(&data, 1);
138 if (retval != NS_LDAP_SUCCESS) {
139 if (retval == LDAP_NO_SUCH_OBJECT)
140 (void) fprintf(stdout,
141 gettext("Cannot add user_attr entry (%s), "
142 "add passwd entry first\n"), data.name);
143 if (continue_onerror == 0) res = GENENT_CBERR;
144 }
145
146 free(ecol);
147
148 return (res);
149 }
150
151 void
152 dump_user_attr(ns_ldap_result_t *res)
153 {
154 char **value = NULL;
155
156 value = __ns_ldap_getAttr(res->entry, "uid");
157 if (value && value[0])
158 (void) fprintf(stdout, "%s", value[0]);
159 else
160 return;
161
162 (void) fprintf(stdout, "::::");
163 value = __ns_ldap_getAttr(res->entry, "SolarisAttrKeyValue");
164 if (value && value[0])
165 (void) fprintf(stdout, "%s", value[0]);
166 (void) fprintf(stdout, "\n");
167 }
168
169 int
170 genent_prof_attr(char *line, int (*cback)())
171 {
172 entry_col *ecol;
173 profstr_t data;
174 int res, retval;
175
176 /*
177 * parse entry into columns
178 */
179 res = genent_attr(line, PROFATTR_DB_NCOL, &ecol);
180 if (res != GENENT_OK)
181 return (res);
182
183 data.name = ecol[0].ec_value.ec_value_val;
184 data.res1 = NULL;
185 data.res2 = NULL;
186 data.desc = ecol[3].ec_value.ec_value_val;
187 data.attr = ecol[4].ec_value.ec_value_val;
188
189 if (flags & F_VERBOSE)
190 (void) fprintf(stdout,
191 gettext("Adding entry : %s\n"), data.name);
192
193 retval = (*cback)(&data, 0);
194 if (retval == LDAP_ALREADY_EXISTS) {
195 if (continue_onerror)
196 (void) fprintf(stderr,
197 gettext("Entry: %s - already Exists,"
198 " skipping it.\n"),
199 data.name);
200 else {
201 res = GENENT_CBERR;
202 (void) fprintf(stderr,
203 gettext("Entry: %s - already Exists\n"),
204 data.name);
205 }
206 } else if (retval)
207 res = GENENT_CBERR;
208
209 free(ecol);
210
211 return (res);
212 }
213
214 void
215 dump_prof_attr(ns_ldap_result_t *res)
216 {
217 char **value = NULL;
218
219 value = __ns_ldap_getAttr(res->entry, "cn");
220 if (value && value[0])
221 (void) fprintf(stdout, "%s", value[0]);
222 else
223 return;
224
225 (void) fprintf(stdout, ":::");
226 value = __ns_ldap_getAttr(res->entry, "SolarisAttrLongDesc");
227 if (value && value[0])
228 (void) fprintf(stdout, "%s", value[0]);
229 (void) fprintf(stdout, ":");
230 value = __ns_ldap_getAttr(res->entry, "SolarisAttrKeyValue");
231 if (value && value[0])
232 (void) fprintf(stdout, "%s", value[0]);
233 (void) fprintf(stdout, "\n");
234 }
235
236 int
237 genent_exec_attr(char *line, int (*cback)())
238 {
239 entry_col *ecol;
240 execstr_t data;
241 int res, retval;
242
243 /*
244 * parse entry into columns
245 */
246 res = genent_attr(line, EXECATTR_DB_NCOL, &ecol);
247 if (res != GENENT_OK)
248 return (res);
249
250 data.name = ecol[0].ec_value.ec_value_val;
251 data.policy = ecol[1].ec_value.ec_value_val;
252 data.type = ecol[2].ec_value.ec_value_val;
253 data.res1 = NULL;
254 data.res2 = NULL;
255 data.id = ecol[5].ec_value.ec_value_val;
256 data.attr = ecol[6].ec_value.ec_value_val;
257 data.next = NULL;
258
259 if (flags & F_VERBOSE)
260 (void) fprintf(stdout,
261 gettext("Adding entry : %s+%s+%s+%s\n"),
262 data.name, data.policy, data.type, data.id);
263
264 retval = (*cback)(&data, 0);
265 if (retval == LDAP_ALREADY_EXISTS) {
266 if (continue_onerror)
267 (void) fprintf(stderr,
268 gettext("Entry: %s+%s+%s+%s - already Exists,"
269 " skipping it.\n"),
270 data.name, data.policy, data.type, data.id);
271 else {
272 res = GENENT_CBERR;
273 (void) fprintf(stderr,
274 gettext("Entry: %s+%s+%s+%s - already Exists\n"),
275 data.name, data.policy, data.type, data.id);
276 }
277 } else if (retval)
278 res = GENENT_CBERR;
279
280 free(ecol);
281
282 return (res);
283 }
284
285 void
286 dump_exec_attr(ns_ldap_result_t *res)
287 {
288 char **profile;
289 char **policy;
290 char **type;
291 char **id;
292 char **value;
293
294 profile = __ns_ldap_getAttr(res->entry, "cn");
295 policy = __ns_ldap_getAttr(res->entry, "SolarisKernelSecurityPolicy");
296 type = __ns_ldap_getAttr(res->entry, "SolarisProfileType");
297 id = __ns_ldap_getAttr(res->entry, "SolarisProfileId");
298
299 if (profile == NULL || profile[0] == NULL ||
300 policy == NULL || policy[0] == NULL ||
301 type == NULL || type[0] == NULL ||
302 id == NULL || id[0] == NULL)
303 return;
304
305 (void) fprintf(stdout, "%s", profile[0]);
306 (void) fprintf(stdout, ":");
307 (void) fprintf(stdout, "%s", policy[0]);
308 (void) fprintf(stdout, ":");
309 (void) fprintf(stdout, "%s", type[0]);
310 (void) fprintf(stdout, ":::");
311 (void) fprintf(stdout, "%s", id[0]);
312 (void) fprintf(stdout, ":");
313 value = __ns_ldap_getAttr(res->entry, "SolarisAttrKeyValue");
314 if (value && value[0])
315 (void) fprintf(stdout, "%s", value[0]);
316 (void) fprintf(stdout, "\n");
317 }
318
319 int
320 genent_auth_attr(char *line, int (*cback)())
321 {
322 entry_col *ecol;
323 authstr_t data;
324 int res, retval;
325
326 /*
327 * parse entry into columns
328 */
329 res = genent_attr(line, AUTHATTR_DB_NCOL, &ecol);
330 if (res != GENENT_OK)
331 return (res);
332
333 data.name = ecol[0].ec_value.ec_value_val;
334 data.res1 = NULL;
335 data.res2 = NULL;
336 data.short_desc = ecol[3].ec_value.ec_value_val;
337 data.long_desc = ecol[4].ec_value.ec_value_val;
338 data.attr = ecol[5].ec_value.ec_value_val;
339
340 if (flags & F_VERBOSE)
341 (void) fprintf(stdout,
342 gettext("Adding entry : %s\n"), data.name);
343
344 retval = (*cback)(&data, 0);
345 if (retval == LDAP_ALREADY_EXISTS) {
346 if (continue_onerror)
347 (void) fprintf(stderr,
348 gettext("Entry: %s - already Exists,"
349 " skipping it.\n"), data.name);
350 else {
351 res = GENENT_CBERR;
352 (void) fprintf(stderr,
353 gettext("Entry: %s - already Exists\n"),
354 data.name);
355 }
356 } else if (retval)
357 res = GENENT_CBERR;
358
359 free(ecol);
360
361 return (res);
362 }
363
364 void
365 dump_auth_attr(ns_ldap_result_t *res)
366 {
367 char **value = NULL;
368
369 value = __ns_ldap_getAttr(res->entry, "cn");
370 if (value && value[0])
371 (void) fprintf(stdout, "%s", value[0]);
372 else
373 return;
374
375 (void) fprintf(stdout, ":::");
376 value = __ns_ldap_getAttr(res->entry, "SolarisAttrShortDesc");
377 if (value && value[0])
378 (void) fprintf(stdout, "%s", value[0]);
379 (void) fprintf(stdout, ":");
380 value = __ns_ldap_getAttr(res->entry, "SolarisAttrLongDesc");
381 if (value && value[0])
382 (void) fprintf(stdout, "%s", value[0]);
383 (void) fprintf(stdout, ":");
384 value = __ns_ldap_getAttr(res->entry, "SolarisAttrKeyValue");
385 if (value && value[0])
386 (void) fprintf(stdout, "%s", value[0]);
387 (void) fprintf(stdout, "\n");
388 }