4790539 ldapaddent should verify data before trying to add it to LDAP

3 files changed, 75 insertions, 17 deletions

diff --git a/usr/src/cmd/ldap/ns_ldap/ldapaddent.c b/usr/src/cmd/ldap/ns_ldap/ldapaddent.c
index ee41ac1d23..3eca357323 100644
--- a/usr/src/cmd/ldap/ns_ldap/ldapaddent.c
+++ b/usr/src/cmd/ldap/ns_ldap/ldapaddent.c
@@ -436,7 +436,8 @@ addentry(void *entry, int mod)
 		break;
 
 	case NS_LDAP_INTERNAL:
-		if (eres->status == LDAP_ALREADY_EXISTS)
+		if (eres->status == LDAP_ALREADY_EXISTS ||
+			eres->status == LDAP_NO_SUCH_OBJECT)
 			rc = eres->status;
 		else {
 			rc = 1;
@@ -2245,15 +2246,27 @@ genent_publickey(char *line, int (*cback)())
 	data.privkey = tmpprivkey;
 
 	retval = (*cback)(&data, 1);
-
-	if ((retval != NS_LDAP_SUCCESS) && (continue_onerror == 0))
-		return (GENENT_CBERR);
-	else {
-		free(data.name);
-		free(data.pubkey);
-		free(data.privkey);
-		return (GENENT_OK);
+	if (retval != NS_LDAP_SUCCESS) {
+		if (retval == LDAP_NO_SUCH_OBJECT) {
+			if (data.hostcred == NS_HOSTCRED_TRUE)
+				(void) fprintf(stdout,
+				gettext("Cannot add publickey entry (%s), "
+					"add host entry first\n"),
+					tmpbuf);
+			else
+				(void) fprintf(stdout,
+				gettext("Cannot add publickey entry (%s), "
+					"add passwd entry first\n"),
+					data.name);
+		}
+		if (continue_onerror == 0)
+			return (GENENT_CBERR);
 	}
+
+	free(data.name);
+	free(data.pubkey);
+	free(data.privkey);
+	return (GENENT_OK);
 }
 
 static void
@@ -2316,6 +2329,7 @@ genent_netmasks(char *line, int (*cback)())
 	char buf[BUFSIZ+1];
 	char *t;
 	entry_col ecol[3];
+	int retval;
 
 	struct _ns_netmasks data;
 
@@ -2375,8 +2389,15 @@ genent_netmasks(char *line, int (*cback)())
 		(void) fprintf(stdout,
 		    gettext("Adding entry : %s\n"), data.netnumber);
 
-	if ((*cback)(&data, 1) && continue_onerror == 0)
-		return (GENENT_CBERR);
+	retval = (*cback)(&data, 1);
+	if (retval != NS_LDAP_SUCCESS) {
+		if (retval == LDAP_NO_SUCH_OBJECT)
+			(void) fprintf(stdout,
+			gettext("Cannot add netmask entry (%s), "
+				"add network entry first\n"), data.netnumber);
+		if (continue_onerror == 0)
+			return (GENENT_CBERR);
+	}
 
 	return (GENENT_OK);
 }
@@ -2985,6 +3006,7 @@ genent_shadow(char *line, int (*cback)())
 
 	struct spwd	data;
 	int spflag;
+	int retval;
 
 
 	/*
@@ -3222,8 +3244,15 @@ genent_shadow(char *line, int (*cback)())
 		(void) fprintf(stdout,
 		    gettext("Adding entry : %s\n"), data.sp_namp);
 
-	if ((*cback)(&data, 1) && (continue_onerror == 0))
-		return (GENENT_CBERR);
+	retval = (*cback)(&data, 1);
+	if (retval != NS_LDAP_SUCCESS) {
+		if (retval == LDAP_NO_SUCH_OBJECT)
+			(void) fprintf(stdout,
+			gettext("Cannot add shadow entry (%s), "
+				"add passwd entry first\n"), data.sp_namp);
+		if (continue_onerror == 0)
+			return (GENENT_CBERR);
+	}
 
 	free(data.sp_namp);
 	free(data.sp_pwdp);
diff --git a/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c b/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c
index 63c065ea7d..81596bbdac 100644
--- a/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c
+++ b/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c
@@ -139,8 +139,13 @@ genent_user_attr(char *line, int (*cback)())
 		    gettext("Adding entry : %s\n"), data.name);
 
 	retval = (*cback)(&data, 1);
-	if (retval)
-		res = GENENT_CBERR;
+	if (retval != NS_LDAP_SUCCESS) {
+		if (retval == LDAP_NO_SUCH_OBJECT)
+			(void) fprintf(stdout,
+			gettext("Cannot add user_attr entry (%s), "
+			"add passwd entry first\n"), data.name);
+		if (continue_onerror == 0) res = GENENT_CBERR;
+	}
 
 	free(ecol);
 
@@ -409,8 +414,13 @@ genent_audit_user(char *line, int (*cback)())
 		    gettext("Adding entry : %s\n"), data.au_name);
 
 	retval = (*cback)(&data, 1);
-	if (retval)
-		res = GENENT_CBERR;
+	if (retval != NS_LDAP_SUCCESS) {
+		if (retval == LDAP_NO_SUCH_OBJECT)
+			(void) fprintf(stdout,
+			gettext("Cannot add audit_user entry (%s), "
+			"add passwd entry first\n"), data.au_name);
+		if (continue_onerror == 0) res = GENENT_CBERR;
+	}
 
 	free(ecol);
 
diff --git a/usr/src/lib/libsldap/common/ns_writes.c b/usr/src/lib/libsldap/common/ns_writes.c
index 217586e340..8b02e68262 100644
--- a/usr/src/lib/libsldap/common/ns_writes.c
+++ b/usr/src/lib/libsldap/common/ns_writes.c
@@ -3546,6 +3546,21 @@ int  __ns_ldap_addTypedEntry(
 
 	if (create != 1) {
 		/* Modify the entry */
+		/*
+		 * To add a shadow-like entry, the addTypedEntry function
+		 * would call __ns_ldap_repAttr first, and if server says
+		 * LDAP_NO_SUCH_OBJECT, then it tries __ns_ldap_addEntry.
+		 * This is to allow a netmask entry to be added even if the
+		 * base network entry is not in the directory. It would work
+		 * because the difference between the schema for the network
+		 * and netmask data contains only MAY attributes.
+		 *
+		 * But for shadow data, the attributes do not have MUST
+		 * attributes the base entry needs, so if the __ns_ldap_addEntry
+		 * is executed, it would fail. The real reason, however, is that
+		 * the base entry did not exist. So returning
+		 * LDAP_OBJECT_CLASS_VIOLATION would just confused.
+		 */
 		if ((__s_cvtlist[s].flags & AE) != 0)
 			rc = __ns_ldap_addAttr(service, fulldn, modattrlist,
 			    cred, flags, errorp);
@@ -3557,6 +3572,10 @@ int  __ns_ldap_addTypedEntry(
 				(void) __ns_ldap_freeError(errorp);
 				rc = __ns_ldap_addEntry(service, fulldn,
 				    entry, cred, flags, errorp);
+				if (rc == NS_LDAP_INTERNAL && *errorp &&
+				(*errorp)->status ==
+					LDAP_OBJECT_CLASS_VIOLATION)
+					(*errorp)->status = LDAP_NO_SUCH_OBJECT;
 			}
 		}
 	} else {