view usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c @ 0:c9caec207d52 b86

Initial porting based on b86
author Koji Uno <koji.uno@sun.com>
date Tue, 02 Jun 2009 18:56:50 +0900
parents
children 1a15d5aaf794
line wrap: on
line source

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident	"@(#)ldapaddrbac.c	1.4	06/06/19 SMI"

/*
 * ldapaddrbac.c
 *
 * Routines to add RBAC /etc files into LDAP.
 * Can also be used to dump entries from a ldap container in /etc format.
 */

#include <stdio.h>
#include <stdlib.h>
#include <libintl.h>
#include <strings.h>
#include <sys/param.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <locale.h>
#include <syslog.h>
#include "ldapaddent.h"

#undef opaque
#undef	GROUP
#include <bsm/libbsm.h>

extern	char	*_strtok_escape(char *, char *, char **); /* from libnsl */

#include <user_attr.h>
#include <prof_attr.h>
#include <exec_attr.h>
#include <auth_attr.h>

/*
 * The parsing routines for RBAC and audit_user databases
 */

/*
 * genent_attr:
 *   Generic function for generating entries for all of the *_attr databases.
 */
int
genent_attr(
	char	*line,		/* entry to parse */
	int	ncol,		/* number of columns in the database */
	entry_col	**ecolret)	/* return entry array */
{
	int		i;
	char		(*buf)[BUFSIZ + 1];
	char		*s;
	char		*sep = KV_TOKEN_DELIMIT;
	char		*lasts;
	entry_col	*ecol;

	/*
	 * check input length
	 */
	if (strlen(line) >= sizeof (*buf)) {
		(void) strcpy(parse_err_msg, "line too long");
		return (GENENT_PARSEERR);
	}

	/*
	 * setup and clear column data
	 */
	if ((ecol = (entry_col *)malloc(ncol * sizeof (entry_col) +
	    sizeof (*buf))) == NULL)
		return (GENENT_ERR);
	(void) memset((char *)ecol, 0, ncol * sizeof (ecol));

	/* don't scribble over input */
	buf = (char (*)[sizeof (*buf)]) (ecol + ncol);
	(void) strncpy((char *)buf, line, sizeof (*buf));

	/* Split up columns */
	for (i = 0; i < ncol; i++, buf = NULL) {
		s = _strtok_escape((char *)buf, sep, &lasts);
		if (s == NULL) {
			ecol[i].ec_value.ec_value_val = "";
			ecol[i].ec_value.ec_value_len = 0;
		} else {
			ecol[i].ec_value.ec_value_val = s;
			ecol[i].ec_value.ec_value_len = strlen(s)+1;
		}
	}

	*ecolret = ecol;
	return (GENENT_OK);
}

int
genent_user_attr(char *line, int (*cback)())
{
	entry_col	*ecol;
	userstr_t	data;
	int		res, retval;

	/*
	 * parse entry into columns
	 */
	res = genent_attr(line, USERATTR_DB_NCOL, &ecol);
	if (res != GENENT_OK)
		return (res);

	data.name = ecol[0].ec_value.ec_value_val;
	data.qualifier = ecol[1].ec_value.ec_value_val;
	data.res1 = NULL;
	data.res2 = NULL;
	data.attr = ecol[4].ec_value.ec_value_val;

	if (flags & F_VERBOSE)
		(void) fprintf(stdout,
		    gettext("Adding entry : %s\n"), data.name);

	retval = (*cback)(&data, 1);
	if (retval != NS_LDAP_SUCCESS) {
		if (retval == LDAP_NO_SUCH_OBJECT)
			(void) fprintf(stdout,
			gettext("Cannot add user_attr entry (%s), "
			"add passwd entry first\n"), data.name);
		if (continue_onerror == 0) res = GENENT_CBERR;
	}

	free(ecol);

	return (res);
}

void
dump_user_attr(ns_ldap_result_t *res)
{
	char	**value = NULL;

	value = __ns_ldap_getAttr(res->entry, "uid");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	else
		return;

	(void) fprintf(stdout, "::::");
	value = __ns_ldap_getAttr(res->entry, "SolarisAttrKeyValue");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, "\n");
}

int
genent_prof_attr(char *line, int (*cback)())
{
	entry_col	*ecol;
	profstr_t	data;
	int		res, retval;

	/*
	 * parse entry into columns
	 */
	res = genent_attr(line, PROFATTR_DB_NCOL, &ecol);
	if (res != GENENT_OK)
		return (res);

	data.name = ecol[0].ec_value.ec_value_val;
	data.res1 = NULL;
	data.res2 = NULL;
	data.desc = ecol[3].ec_value.ec_value_val;
	data.attr = ecol[4].ec_value.ec_value_val;

	if (flags & F_VERBOSE)
		(void) fprintf(stdout,
		    gettext("Adding entry : %s\n"), data.name);

	retval = (*cback)(&data, 0);
	if (retval == LDAP_ALREADY_EXISTS) {
		if (continue_onerror)
			(void) fprintf(stderr,
			    gettext("Entry: %s - already Exists,"
			    " skipping it.\n"),
			    data.name);
		else {
			res = GENENT_CBERR;
			(void) fprintf(stderr,
			    gettext("Entry: %s - already Exists\n"),
			    data.name);
		}
	} else if (retval)
		res = GENENT_CBERR;

	free(ecol);

	return (res);
}

void
dump_prof_attr(ns_ldap_result_t *res)
{
	char	**value = NULL;

	value = __ns_ldap_getAttr(res->entry, "cn");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	else
		return;

	(void) fprintf(stdout, ":::");
	value = __ns_ldap_getAttr(res->entry, "SolarisAttrLongDesc");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, ":");
	value = __ns_ldap_getAttr(res->entry, "SolarisAttrKeyValue");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, "\n");
}

int
genent_exec_attr(char *line, int (*cback)())
{
	entry_col	*ecol;
	execstr_t	data;
	int		res, retval;

	/*
	 * parse entry into columns
	 */
	res = genent_attr(line, EXECATTR_DB_NCOL, &ecol);
	if (res != GENENT_OK)
		return (res);

	data.name = ecol[0].ec_value.ec_value_val;
	data.policy = ecol[1].ec_value.ec_value_val;
	data.type = ecol[2].ec_value.ec_value_val;
	data.res1 = NULL;
	data.res2 = NULL;
	data.id = ecol[5].ec_value.ec_value_val;
	data.attr = ecol[6].ec_value.ec_value_val;
	data.next = NULL;

	if (flags & F_VERBOSE)
		(void) fprintf(stdout,
		    gettext("Adding entry : %s+%s+%s+%s\n"),
		    data.name, data.policy, data.type, data.id);

	retval = (*cback)(&data, 0);
	if (retval == LDAP_ALREADY_EXISTS) {
		if (continue_onerror)
			(void) fprintf(stderr,
			    gettext("Entry: %s+%s+%s+%s - already Exists,"
			    " skipping it.\n"),
			    data.name, data.policy, data.type, data.id);
		else {
			res = GENENT_CBERR;
			(void) fprintf(stderr,
			    gettext("Entry: %s+%s+%s+%s - already Exists\n"),
			    data.name, data.policy, data.type, data.id);
		}
	} else if (retval)
		res = GENENT_CBERR;

	free(ecol);

	return (res);
}

void
dump_exec_attr(ns_ldap_result_t *res)
{
	char	**profile;
	char	**policy;
	char	**type;
	char	**id;
	char	**value;

	profile = __ns_ldap_getAttr(res->entry, "cn");
	policy = __ns_ldap_getAttr(res->entry, "SolarisKernelSecurityPolicy");
	type = __ns_ldap_getAttr(res->entry, "SolarisProfileType");
	id = __ns_ldap_getAttr(res->entry, "SolarisProfileId");

	if (profile == NULL || profile[0] == NULL ||
	    policy == NULL || policy[0] == NULL ||
	    type == NULL || type[0] == NULL ||
	    id == NULL || id[0] == NULL)
		return;

	(void) fprintf(stdout, "%s", profile[0]);
	(void) fprintf(stdout, ":");
	(void) fprintf(stdout, "%s", policy[0]);
	(void) fprintf(stdout, ":");
	(void) fprintf(stdout, "%s", type[0]);
	(void) fprintf(stdout, ":::");
	(void) fprintf(stdout, "%s", id[0]);
	(void) fprintf(stdout, ":");
	value = __ns_ldap_getAttr(res->entry, "SolarisAttrKeyValue");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, "\n");
}

int
genent_auth_attr(char *line, int (*cback)())
{
	entry_col	*ecol;
	authstr_t	data;
	int		res, retval;

	/*
	 * parse entry into columns
	 */
	res = genent_attr(line, AUTHATTR_DB_NCOL, &ecol);
	if (res != GENENT_OK)
		return (res);

	data.name = ecol[0].ec_value.ec_value_val;
	data.res1 = NULL;
	data.res2 = NULL;
	data.short_desc = ecol[3].ec_value.ec_value_val;
	data.long_desc = ecol[4].ec_value.ec_value_val;
	data.attr = ecol[5].ec_value.ec_value_val;

	if (flags & F_VERBOSE)
		(void) fprintf(stdout,
		    gettext("Adding entry : %s\n"), data.name);

	retval = (*cback)(&data, 0);
	if (retval == LDAP_ALREADY_EXISTS) {
		if (continue_onerror)
			(void) fprintf(stderr,
			    gettext("Entry: %s - already Exists,"
			    " skipping it.\n"), data.name);
		else {
			res = GENENT_CBERR;
			(void) fprintf(stderr,
			    gettext("Entry: %s - already Exists\n"),
			    data.name);
		}
	} else if (retval)
		res = GENENT_CBERR;

	free(ecol);

	return (res);
}

void
dump_auth_attr(ns_ldap_result_t *res)
{
	char	**value = NULL;

	value = __ns_ldap_getAttr(res->entry, "cn");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	else
		return;

	(void) fprintf(stdout, ":::");
	value = __ns_ldap_getAttr(res->entry, "SolarisAttrShortDesc");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, ":");
	value = __ns_ldap_getAttr(res->entry, "SolarisAttrLongDesc");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, ":");
	value = __ns_ldap_getAttr(res->entry, "SolarisAttrKeyValue");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, "\n");
}

int
genent_audit_user(char *line, int (*cback)())
{
	entry_col	*ecol;
	au_user_str_t	data;
	int		res, retval;

	/*
	 * parse entry into columns
	 */
	res = genent_attr(line, AUDITUSER_DB_NCOL, &ecol);
	if (res != GENENT_OK)
		return (res);

	data.au_name = strdup(ecol[0].ec_value.ec_value_val);
	data.au_always = strdup(ecol[1].ec_value.ec_value_val);
	data.au_never = strdup(ecol[2].ec_value.ec_value_val);

	if (flags & F_VERBOSE)
		(void) fprintf(stdout,
		    gettext("Adding entry : %s\n"), data.au_name);

	retval = (*cback)(&data, 1);
	if (retval != NS_LDAP_SUCCESS) {
		if (retval == LDAP_NO_SUCH_OBJECT)
			(void) fprintf(stdout,
			gettext("Cannot add audit_user entry (%s), "
			"add passwd entry first\n"), data.au_name);
		if (continue_onerror == 0) res = GENENT_CBERR;
	}

	free(ecol);

	return (res);
}

void
dump_audit_user(ns_ldap_result_t *res)
{
	char	**value = NULL;

	value = __ns_ldap_getAttr(res->entry, "uid");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	else
		return;

	(void) fprintf(stdout, ":");
	value = __ns_ldap_getAttr(res->entry, "SolarisAuditAlways");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, ":");
	value = __ns_ldap_getAttr(res->entry, "SolarisAuditNever");
	if (value && value[0])
		(void) fprintf(stdout, "%s", value[0]);
	(void) fprintf(stdout, "\n");
}