diff options
| author | iz202018 <none@none> | 2007-09-11 07:29:32 -0700 |
|---|---|---|
| committer | iz202018 <none@none> | 2007-09-11 07:29:32 -0700 |
| commit | 7ddae043d774fb34a5d9f3b11a0e7bcaba3e85ae (patch) | |
| tree | 6393350b06d83fa8bed3b07079ce2d184ce87961 | |
| parent | c6dcf396ea102523a81be30efbcef107c6393cf1 (diff) | |
| download | illumos-joyent-7ddae043d774fb34a5d9f3b11a0e7bcaba3e85ae.tar.gz | |
6557371 ldap_cachemgr daemon crashes in getldap_lookup(), if many servideSearchDescriptors are defined
| -rw-r--r-- | usr/src/cmd/ldapcachemgr/cachemgr.c | 569 | ||||
| -rw-r--r-- | usr/src/cmd/ldapcachemgr/cachemgr.h | 18 | ||||
| -rw-r--r-- | usr/src/cmd/ldapcachemgr/cachemgr_getldap.c | 132 | ||||
| -rw-r--r-- | usr/src/lib/libsldap/common/ns_config.c | 605 |
4 files changed, 754 insertions, 570 deletions
diff --git a/usr/src/cmd/ldapcachemgr/cachemgr.c b/usr/src/cmd/ldapcachemgr/cachemgr.c index 2fd9f5bbc0..19ee698924 100644 --- a/usr/src/cmd/ldapcachemgr/cachemgr.c +++ b/usr/src/cmd/ldapcachemgr/cachemgr.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -35,6 +35,7 @@ #include <door.h> #include <time.h> #include <string.h> +#include <strings.h> #include <libintl.h> #include <sys/stat.h> #include <sys/time.h> @@ -51,6 +52,10 @@ #include <sys/types.h> #include <syslog.h> #include <locale.h> /* LC_ALL */ + +#include <alloca.h> +#include <ucontext.h> + #include "cachemgr.h" static void detachfromtty(); @@ -62,8 +67,7 @@ static void switcher(void *cookie, char *argp, size_t arg_size, static void usage(char *s); static int cachemgr_set_lf(admin_t *ptr, char *logfile); static int client_getadmin(admin_t *ptr); -static int getadmin(ldap_return_t *out); -static int setadmin(ldap_return_t *out, ldap_call_t *ptr); +static int setadmin(ldap_call_t *ptr); static int client_setadmin(admin_t *ptr); static int client_showstats(admin_t *ptr); @@ -106,9 +110,9 @@ sig_ok_to_exit(int signo) exit(0); } else { logit("sig_ok_to_exit(): invalid signal(%d) received.\n", - signo); + signo); syslog(LOG_ERR, gettext("ldap_cachemgr: " - "invalid signal(%d) received."), signo); + "invalid signal(%d) received."), signo); exit(1); } } @@ -234,7 +238,7 @@ server_create(door_info_t *dip) } (void) mutex_unlock(&create_lock); (void) thr_create(NULL, 0, server_tsd_bind, NULL, - THR_BOUND|THR_DETACHED, NULL); + THR_BOUND|THR_DETACHED, NULL); } /* @@ -273,7 +277,7 @@ main(int argc, char ** argv) if (chdir(NSLDAPDIRECTORY) < 0) { (void) fprintf(stderr, gettext("chdir(\"%s\") failed: %s\n"), - NSLDAPDIRECTORY, strerror(errno)); + NSLDAPDIRECTORY, strerror(errno)); exit(1); } @@ -299,8 +303,8 @@ main(int argc, char ** argv) if ((__ns_ldap_cache_ping() != SUCCESS) || (client_getadmin(¤t_admin) != 0)) { (void) fprintf(stderr, - gettext("%s doesn't appear to be running.\n"), - argv[0]); + gettext("%s doesn't appear to be running.\n"), + argv[0]); exit(1); } (void) client_showstats(¤t_admin); @@ -329,7 +333,7 @@ main(int argc, char ** argv) } else { if (client_getadmin(¤t_admin)) { (void) fprintf(stderr, gettext("Cannot contact %s " - "properly(?)\n"), argv[0]); + "properly(?)\n"), argv[0]); exit(1); } } @@ -364,7 +368,7 @@ main(int argc, char ** argv) case 'l': doset++; (void) strlcpy(current_admin.logfile, - optarg, sizeof (current_admin.logfile)); + optarg, sizeof (current_admin.logfile)); break; case 'd': doset++; @@ -382,15 +386,15 @@ main(int argc, char ** argv) } if (errflg) - usage(argv[0]); + usage(argv[0]); /* * will not show statistics if no daemon running */ if (will_become_server && showstats) { (void) fprintf(stderr, - gettext("%s doesn't appear to be running.\n"), - argv[0]); + gettext("%s doesn't appear to be running.\n"), + argv[0]); exit(1); } @@ -402,14 +406,14 @@ main(int argc, char ** argv) current_admin.debug_level = debug_level; if (client_setadmin(¤t_admin) < 0) { (void) fprintf(stderr, - gettext("Error during admin call\n")); + gettext("Error during admin call\n")); exit(1); } } if (!showstats && !doset) { (void) fprintf(stderr, gettext("%s already running....use '%s " - "-K' to stop\n"), argv[0], argv[0]); + "-K' to stop\n"), argv[0], argv[0]); } exit(0); } @@ -429,7 +433,7 @@ main(int argc, char ** argv) (void) strcpy(current_admin.logfile, LOGFILE); else (void) cachemgr_set_lf(¤t_admin, - current_admin.logfile); + current_admin.logfile); /* * validate the range of debug level number * and set the number to current_admin.debug_level @@ -443,14 +447,14 @@ main(int argc, char ** argv) (void) fprintf(stderr, gettext("Incorrect Debug Level: %d\n" "It should be between %d and %d\n"), - debug_level, DBG_OFF, MAXDEBUG); + debug_level, DBG_OFF, MAXDEBUG); exit(-1); } } else { if (strlen(current_admin.logfile) == 0) (void) strcpy(current_admin.logfile, "/dev/null"); (void) cachemgr_set_lf(¤t_admin, - current_admin.logfile); + current_admin.logfile); } if (dofg == 0) @@ -473,7 +477,7 @@ main(int argc, char ** argv) if (thr_keycreate(&server_key, server_destroy) != 0) { logit("thr_keycreate() call failed\n"); syslog(LOG_ERR, - gettext("ldap_cachemgr: thr_keycreate() call failed")); + gettext("ldap_cachemgr: thr_keycreate() call failed")); perror("thr_keycreate"); exit(-1); } @@ -486,7 +490,7 @@ main(int argc, char ** argv) DOOR_UNREF | DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) < 0) { logit("door_create() call failed\n"); syslog(LOG_ERR, gettext( - "ldap_cachemgr: door_create() call failed")); + "ldap_cachemgr: door_create() call failed")); perror("door_create"); exit(-1); } @@ -500,8 +504,8 @@ main(int argc, char ** argv) if ((newfd = creat(LDAP_CACHE_DOOR, 0444)) < 0) { logit("Cannot create %s:%s\n", - LDAP_CACHE_DOOR, - strerror(errno)); + LDAP_CACHE_DOOR, + strerror(errno)); exit(1); } (void) close(newfd); @@ -513,7 +517,7 @@ main(int argc, char ** argv) (fattach(did, LDAP_CACHE_DOOR) < 0)) { logit("fattach() call failed\n"); syslog(LOG_ERR, gettext( - "ldap_cachemgr: fattach() call failed")); + "ldap_cachemgr: fattach() call failed")); perror("fattach"); exit(2); } @@ -529,7 +533,7 @@ main(int argc, char ** argv) if (sigaction(SIGHUP, &sighupaction, NULL) < 0) { logit("sigaction() call failed\n"); syslog(LOG_ERR, - gettext("ldap_cachemgr: sigaction() call failed")); + gettext("ldap_cachemgr: sigaction() call failed")); perror("sigaction"); exit(1); } @@ -537,7 +541,7 @@ main(int argc, char ** argv) if (thr_sigsetmask(SIG_BLOCK, &myset, NULL) < 0) { logit("thr_sigsetmask() call failed\n"); syslog(LOG_ERR, - gettext("ldap_cachemgr: thr_sigsetmask() call failed")); + gettext("ldap_cachemgr: thr_sigsetmask() call failed")); perror("thr_sigsetmask"); exit(1); } @@ -547,10 +551,10 @@ main(int argc, char ** argv) */ if (thr_create(NULL, NULL, (void *(*)(void*))getldap_refresh, - 0, 0, NULL) != 0) { + 0, 0, NULL) != 0) { logit("thr_create() call failed\n"); syslog(LOG_ERR, - gettext("ldap_cachemgr: thr_create() call failed")); + gettext("ldap_cachemgr: thr_create() call failed")); perror("thr_create"); exit(1); } @@ -560,10 +564,10 @@ main(int argc, char ** argv) */ if (thr_create(NULL, NULL, (void *(*)(void*))getldap_serverInfo_refresh, - 0, 0, NULL) != 0) { + 0, 0, NULL) != 0) { logit("thr_create() call failed\n"); syslog(LOG_ERR, - gettext("ldap_cachemgr: thr_create() call failed")); + gettext("ldap_cachemgr: thr_create() call failed")); perror("thr_create"); exit(1); } @@ -572,10 +576,10 @@ main(int argc, char ** argv) if (use_slp) { /* kick off SLP discovery thread */ if (thr_create(NULL, NULL, (void *(*)(void *))discover, - (void *)&refresh, 0, NULL) != 0) { + (void *)&refresh, 0, NULL) != 0) { logit("thr_create() call failed\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: thr_create() " - "call failed")); + "call failed")); perror("thr_create"); exit(1); } @@ -585,7 +589,7 @@ main(int argc, char ** argv) if (thr_sigsetmask(SIG_UNBLOCK, &myset, NULL) < 0) { logit("thr_sigsetmask() call failed\n"); syslog(LOG_ERR, - gettext("ldap_cachemgr: the_sigsetmask() call failed")); + gettext("ldap_cachemgr: the_sigsetmask() call failed")); perror("thr_sigsetmask"); exit(1); } @@ -599,19 +603,84 @@ main(int argc, char ** argv) } +/* + * Before calling the alloca() function we have to be sure that we won't get + * beyond the stack. Since we don't know the precise layout of the stack, + * the address of an automatic of the function gives us a rough idea, plus/minus + * a bit. We also need a bit more of stackspace after the call to be able + * to call further functions. Even something as simple as making a system call + * from within this function can take ~100 Bytes of stackspace. + */ +#define SAFETY_BUFFER 32 * 1024 /* 32KB */ + +static +size_t +get_data_size(LineBuf *config_info, int *err_code) +{ + size_t configSize = sizeof (ldap_return_t); + dataunion *buf = NULL; /* For the 'sizeof' purpose */ + + if (config_info->str != NULL && + config_info->len >= sizeof (buf->data.ldap_ret.ldap_u.config)) { + configSize = sizeof (buf->space) + + config_info->len - + sizeof (buf->data.ldap_ret.ldap_u.config); + + if (!stack_inbounds((char *)&buf - + (configSize + SAFETY_BUFFER))) { + /* + * We do not have enough space on the stack + * to accomodate the whole DUAProfile + */ + logit("The DUAProfile is too big. There is not enough " + "space to process it. Ignoring it.\n"); + syslog(LOG_ERR, gettext("ldap_cachemgr: The DUAProfile " + "is too big. There is not enough space " + "to process it. Ignoring it.")); + + *err_code = SERVERERROR; + + free(config_info->str); + config_info->str = NULL; + config_info->len = 0; + configSize = sizeof (ldap_return_t); + } + } + + return (configSize); +} + /*ARGSUSED*/ static void switcher(void *cookie, char *argp, size_t arg_size, door_desc_t *dp, uint_t n_desc) { - dataunion u; +#define GETSIZE 1000 +#define ALLOCATE 1001 +#define PREPARE 1002 + ldap_call_t *ptr = (ldap_call_t *)argp; door_cred_t dc; + LineBuf configInfo; + dataunion *buf = NULL; + /* + * By default the size of a buffer to be passed down to a client + * is equal to the size of the ldap_return_t structure. We need + * a bigger buffer in a few cases. + */ + size_t configSize = sizeof (ldap_return_t); + int ldapErrno = 0, state, leave = 0; + struct { + void *begin; + size_t size; + uint8_t destroy; + } dataSource; + if (argp == DOOR_UNREF_DATA) { logit("Door Slam... invalid door param\n"); syslog(LOG_ERR, gettext("ldap_cachemgr: Door Slam... " - "invalid door param")); + "invalid door param")); (void) printf(gettext("Door Slam... invalid door param\n")); exit(0); } @@ -620,77 +689,248 @@ switcher(void *cookie, char *argp, size_t arg_size, (void) door_return(NULL, 0, 0, 0); /* return the favor */ } - switch (ptr->ldap_callnumber) { - case NULLCALL: - u.data.ldap_ret.ldap_return_code = SUCCESS; - u.data.ldap_ret.ldap_bufferbytesused = sizeof (ldap_return_t); - break; - case GETLDAPCONFIG: - getldap_lookup(&u.data.ldap_ret, ptr); - current_admin.ldap_stat.ldap_numbercalls++; - break; - case GETADMIN: - (void) getadmin(&u.data.ldap_ret); - break; - case SETADMIN: - case KILLSERVER: - if (door_cred(&dc) < 0) { - logit("door_cred() call failed\n"); - syslog(LOG_ERR, gettext("ldap_cachemgr: door_cred() " - "call failed")); - perror("door_cred"); + bzero(&dataSource, sizeof (dataSource)); + + /* + * We presume that sizeof (ldap_return_t) bytes are always available + * on the stack + */ + state = ptr->ldap_callnumber; + + /* + * The common behavior of the state machine below is as follows: + * + * Each incoming request is processed in several steps. + * + * First stage is specific for a particular request. It can be + * an error check or gathering data or empty. See the actual comments + * for the requests. For the GETLDAPCONFIG, GETLDAPSERVER, GETCACHESTAT, + * and GETCACHE there is an additional substage calculating the size of + * the data being passed to a door client. + * The next step is obligatory. It allocates a buffer which will be + * passed down to the door_return() routine. + * The last (also obligatory) step sets the return code and, if a data + * is available for the transfer and no errors have occurred, copies + * the data to the buffer. + * + * After the state machine has finished, the door_return() function + * is called unconditionally + */ + while (!leave) { + switch (state) { + case NULLCALL: + /* + * Just a 'ping'. Use the default size + * of the buffer and set the + * 'OK' error code. + */ + state = ALLOCATE; break; - } - if (dc.dc_euid != 0 && ptr->ldap_callnumber == SETADMIN) { - logit("SETADMIN call failed (cred): caller " - "pid %ld, uid %ld, euid %ld\n", - dc.dc_pid, dc.dc_ruid, dc.dc_euid); - u.data.ldap_ret.ldap_return_code = NOTFOUND; + case GETLDAPCONFIG: + /* + * Get the current LDAP configuration. + * Since this is dynamic data and its size can exceed + * the size of ldap_return_t, the next step will + * calculate who much space exactly is required. + */ + getldap_lookup(&configInfo, ptr); + + state = GETSIZE; + break; + case GETLDAPSERVER: + /* + * Get the root DSE for a next server in the list. + * Since this is dynamic data and its size can exceed + * the size of ldap_return_t, the next step will + * calculate who much space exactly is required. + */ + getldap_getserver(&configInfo, ptr); + + state = GETSIZE; + break; + case GETCACHESTAT: + /* + * Get the cache stattistics. + * Since this is dynamic data and its size can exceed + * the size of ldap_return_t, the next step will + * calculate how much space exactly is required. + */ + getldap_get_cacheStat(&configInfo); + + state = GETSIZE; + break; + case GETADMIN: + /* + * Get current configuration and statistics. + * The size of the statistics structure is less then + * sizeof (ldap_return_t). So specify the source + * where to take the info and proceed with the memory + * allocation. + */ + state = ALLOCATE; + + if (ldapErrno == 0) { + dataSource.begin = ¤t_admin; + dataSource.size = sizeof (current_admin); + dataSource.destroy = 0; + } + + break; + case SETADMIN: + case KILLSERVER: + /* + * Process the request and proceed with the default + * buffer allocation. + */ + if (door_cred(&dc) == 0) { + switch (ptr->ldap_callnumber) { + case KILLSERVER: + logit("ldap_cachemgr received " + "KILLSERVER cmd from pid %ld, " + "uid %ld, euid %ld\n", + dc.dc_pid, dc.dc_ruid, dc.dc_euid); + exit(0); + break; + case SETADMIN: + if (dc.dc_euid != 0) { + logit("SETADMIN call failed " + "(cred): " + "caller pid %ld, uid %ld, " + "euid %ld\n", + dc.dc_pid, + dc.dc_ruid, + dc.dc_euid); + ldapErrno = -1; + break; + } + /* Yes, if a client's effective uid */ + /* is noty defined, continue */ + /* with setadmin() */ + default: + ldapErrno = setadmin(ptr); + break; + } + } else { + logit("door_cred() call failed\n"); + syslog(LOG_ERR, gettext("ldap_cachemgr: " + "door_cred() call failed")); + perror("door_cred"); + ldapErrno = -1; + } + + state = ALLOCATE; + break; + case GETCACHE: + /* + * Get the cache stattistics. + * Since this is dynamic data and its size can exceed + * the size of ldap_return_t, the next step will + * calculate how much space exactly is required. + */ + getldap_get_cacheData(&configInfo, ptr); + + state = GETSIZE; + break; + case SETCACHE: + /* + * Process the request and proceed with the default + * buffer allocation. + */ + ldapErrno = getldap_set_cacheData(ptr); + + current_admin.ldap_stat.ldap_numbercalls++; + + state = ALLOCATE; + break; + default: + /* + * This means an unknown request type. Proceed with + * the default buffer allocation. + */ + logit("Unknown ldap service door call op %d\n", + ptr->ldap_callnumber); + ldapErrno = -99; + + state = ALLOCATE; + break; + case GETSIZE: + /* + * This stage calculates how much data will be + * passed down to the client, checks if there is + * enough space on the stack to accommodate the data, + * increases the value of the configSize variable + * if necessary and specifies the data source. + * In case of any error occurred ldapErrno will be set + * appropriately. + */ + if (configInfo.str == NULL) { + ldapErrno = -1; + } + + configSize = get_data_size(&configInfo, &ldapErrno); + + if (ldapErrno == 0) { + dataSource.begin = configInfo.str; + dataSource.size = configInfo.len; + dataSource.destroy = 1; + } + + current_admin.ldap_stat.ldap_numbercalls++; + + state = ALLOCATE; + break; + case ALLOCATE: + /* + * Allocate a buffer of the calculated (or default) size + * and proceed with populating it with data. + */ + buf = (dataunion *) alloca(configSize); + + state = PREPARE; + break; + case PREPARE: + /* + * Set a return code and, if a data source is specified, + * copy data from the source to the buffer. + */ + buf->data.ldap_ret.ldap_errno = ldapErrno; + buf->data.ldap_ret.ldap_return_code = ldapErrno; + buf->data.ldap_ret.ldap_bufferbytesused = configSize; + + if (dataSource.begin != NULL) { + (void) memcpy(buf->data.ldap_ret.ldap_u.config, + dataSource.begin, + dataSource.size); + if (dataSource.destroy) { + free(dataSource.begin); + } + } + + /* + * Leave the state machine and send the data + * to the client. + */ + leave = 1; break; } - if (ptr->ldap_callnumber == KILLSERVER) { - logit("ldap_cachemgr received KILLSERVER cmd from " - "pid %ld, uid %ld, euid %ld\n", - dc.dc_pid, dc.dc_ruid, dc.dc_euid); - exit(0); - } else { - (void) setadmin(&u.data.ldap_ret, ptr); - } - break; - case GETLDAPSERVER: - getldap_getserver(&u.data.ldap_ret, ptr); - current_admin.ldap_stat.ldap_numbercalls++; - break; - case GETCACHE: - getldap_get_cacheData(&u.data.ldap_ret, ptr); - current_admin.ldap_stat.ldap_numbercalls++; - break; - case SETCACHE: - getldap_set_cacheData(&u.data.ldap_ret, ptr); - current_admin.ldap_stat.ldap_numbercalls++; - break; - case GETCACHESTAT: - getldap_get_cacheStat(&u.data.ldap_ret); - current_admin.ldap_stat.ldap_numbercalls++; - break; - default: - logit("Unknown ldap service door call op %d\n", - ptr->ldap_callnumber); - u.data.ldap_ret.ldap_return_code = -99; - u.data.ldap_ret.ldap_bufferbytesused = sizeof (ldap_return_t); - break; } - (void) door_return((char *)&u.data, - u.data.ldap_ret.ldap_bufferbytesused, NULL, 0); + + (void) door_return((char *)&buf->data, + buf->data.ldap_ret.ldap_bufferbytesused, + NULL, + 0); +#undef GETSIZE +#undef ALLOCATE +#undef PREPARE } static void usage(char *s) { (void) fprintf(stderr, - gettext("Usage: %s [-d debug_level] [-l logfilename]\n"), s); + gettext("Usage: %s [-d debug_level] [-l logfilename]\n"), s); (void) fprintf(stderr, gettext(" [-K] " - "[-r revalidate_interval] ")); + "[-r revalidate_interval] ")); #ifndef SLP (void) fprintf(stderr, gettext(" [-g]\n")); #else @@ -720,7 +960,7 @@ cachemgr_set_lf(admin_t *ptr, char *logfile) logfd = -1; } else { if ((newlogfd = - open(logfile, O_EXCL|O_WRONLY|O_CREAT, 0644)) < 0) { + open(logfile, O_EXCL|O_WRONLY|O_CREAT, 0644)) < 0) { /* * File already exists... now we need to get cute * since opening a file in a world-writeable directory @@ -732,7 +972,7 @@ cachemgr_set_lf(admin_t *ptr, char *logfile) if (lstat(logfile, &before) < 0) { logit("Cannot open new logfile \"%s\": %sn", - logfile, strerror(errno)); + logfile, strerror(errno)); return (-1); } if (S_ISREG(before.st_mode) && /* no symbolic links */ @@ -742,8 +982,8 @@ cachemgr_set_lf(admin_t *ptr, char *logfile) open(logfile, O_APPEND|O_WRONLY, 0644)) < 0) { logit("Cannot open new logfile " - "\"%s\": %s\n", - logfile, strerror(errno)); + "\"%s\": %s\n", + logfile, strerror(errno)); return (-1); } } else { @@ -778,7 +1018,7 @@ logit(char *format, ...) (void) gettimeofday(&tv, NULL); (void) ctime_r(&tv.tv_sec, buffer, BUFSIZ); (void) snprintf(buffer+19, BUFSIZE, ".%.4ld ", - tv.tv_usec/100); + tv.tv_usec/100); safechars = sizeof (buffer) - 30; if (vsnprintf(buffer+25, safechars, format, ap) > safechars) (void) strcat(buffer, "...\n"); @@ -790,24 +1030,6 @@ logit(char *format, ...) } -void -do_update(ldap_call_t *in) -{ - dataunion u; - - switch (in->ldap_callnumber) { - case GETLDAPCONFIG: - getldap_lookup(&u.data.ldap_ret, in); - break; - default: - assert(0); - break; - } - - free(in); -} - - static int client_getadmin(admin_t *ptr) { @@ -829,24 +1051,12 @@ client_getadmin(admin_t *ptr) return (0); } -static int -getadmin(ldap_return_t *out) -{ - out->ldap_return_code = SUCCESS; - out->ldap_bufferbytesused = sizeof (current_admin); - (void) memcpy(out->ldap_u.buff, ¤t_admin, sizeof (current_admin)); - - return (0); -} - static int -setadmin(ldap_return_t *out, ldap_call_t *ptr) +setadmin(ldap_call_t *ptr) { admin_t *new; - out->ldap_return_code = SUCCESS; - out->ldap_bufferbytesused = sizeof (ldap_return_t); new = (admin_t *)ptr->ldap_u.domainname; /* @@ -855,17 +1065,14 @@ setadmin(ldap_return_t *out, ldap_call_t *ptr) if ((cachemgr_set_lf(¤t_admin, new->logfile) < 0) || cachemgr_set_dl(¤t_admin, new->debug_level) < 0) { - out->ldap_return_code = NOTFOUND; return (-1); } if (cachemgr_set_ttl(¤t_admin.ldap_stat, - "ldap", - new->ldap_stat.ldap_ttl) < 0) { - out->ldap_return_code = NOTFOUND; + "ldap", + new->ldap_stat.ldap_ttl) < 0) { return (-1); } - out->ldap_return_code = SUCCESS; return (0); } @@ -925,7 +1132,7 @@ client_showstats(admin_t *ptr) (void) printf(gettext("server debug level %10d\n"), ptr->debug_level); (void) printf(gettext("server log file\t\"%s\"\n"), ptr->logfile); (void) printf(gettext("number of calls to ldapcachemgr %10d\n"), - ptr->ldap_stat.ldap_numbercalls); + ptr->ldap_stat.ldap_numbercalls); /* * get cache data statistics @@ -937,7 +1144,7 @@ client_showstats(admin_t *ptr) if (__ns_ldap_trydoorcall(&dptr, &ndata, &adata) != SUCCESS) { (void) printf( - gettext("\nCache data statistics not available!\n")); + gettext("\nCache data statistics not available!\n")); return (0); } @@ -986,10 +1193,10 @@ detachfromtty(char *pgm) case (pid_t)-1: logit("detachfromtty(): fork1() call failed\n"); (void) fprintf(stderr, - gettext("%s: fork1() call failed.\n"), - pgm); + gettext("%s: fork1() call failed.\n"), + pgm); syslog(LOG_ERR, - gettext("ldap_cachemgr: fork1() call failed.")); + gettext("ldap_cachemgr: fork1() call failed.")); exit(1); break; case 0: @@ -1010,14 +1217,14 @@ detachfromtty(char *pgm) */ if (signal(SIGUSR1, sig_ok_to_exit) == SIG_ERR) { logit("detachfromtty(): " - "can't set up signal handler to " - " catch SIGUSR1.\n"); + "can't set up signal handler to " + " catch SIGUSR1.\n"); (void) fprintf(stderr, - gettext("%s: signal() call failed.\n"), - pgm); + gettext("%s: signal() call failed.\n"), + pgm); syslog(LOG_ERR, gettext("ldap_cachemgr: " - "can't set up signal handler to " - " catch SIGUSR1.")); + "can't set up signal handler to " + " catch SIGUSR1.")); exit(1); } @@ -1031,29 +1238,29 @@ detachfromtty(char *pgm) if (wret == -1) { logit("detachfromtty(): " - "waitpid() call failed\n"); + "waitpid() call failed\n"); (void) fprintf(stderr, - gettext("%s: waitpid() call failed.\n"), - pgm); + gettext("%s: waitpid() call failed.\n"), + pgm); syslog(LOG_ERR, - gettext("ldap_cachemgr: waitpid() " - "call failed.")); + gettext("ldap_cachemgr: waitpid() " + "call failed.")); exit(1); } if (wret != pid) { logit("detachfromtty(): " - "waitpid() returned %ld when " - "child pid was %ld\n", - wret, pid); + "waitpid() returned %ld when " + "child pid was %ld\n", + wret, pid); (void) fprintf(stderr, - gettext( - "%s: waitpid() returned %ld when " - "child pid was %ld.\n"), - pgm, wret, pid); + gettext( + "%s: waitpid() returned %ld when " + "child pid was %ld.\n"), + pgm, wret, pid); syslog(LOG_ERR, - gettext("ldap_cachemgr: waitpid() " - "returned different " - "child pid.")); + gettext("ldap_cachemgr: waitpid() " + "returned different " + "child pid.")); exit(1); } @@ -1063,35 +1270,35 @@ detachfromtty(char *pgm) exit(0); } logit("detachfromtty(): " - "child failed (rc = %d).\n", - WEXITSTATUS(status)); + "child failed (rc = %d).\n", + WEXITSTATUS(status)); (void) fprintf(stderr, - gettext("%s: failed. Please see " - "syslog for details.\n"), - pgm); + gettext("%s: failed. Please see " + "syslog for details.\n"), + pgm); syslog(LOG_ERR, - gettext("ldap_cachemgr: failed " - "(rc = %d)."), - WEXITSTATUS(status)); + gettext("ldap_cachemgr: failed " + "(rc = %d)."), + WEXITSTATUS(status)); } else if (WIFSIGNALED(status)) { logit("detachfromtty(): " - "child terminated by signal %d.\n", - WTERMSIG(status)); + "child terminated by signal %d.\n", + WTERMSIG(status)); (void) fprintf(stderr, gettext("%s: terminated by signal %d.\n"), - pgm, WTERMSIG(status)); + pgm, WTERMSIG(status)); syslog(LOG_ERR, - gettext("ldap_cachemgr: terminated by " - "signal %d.\n"), - WTERMSIG(status)); + gettext("ldap_cachemgr: terminated by " + "signal %d.\n"), + WTERMSIG(status)); } else if (WCOREDUMP(status)) { logit("detachfromtty(): child core dumped.\n"), - (void) fprintf(stderr, - gettext("%s: core dumped.\n"), - pgm); + (void) fprintf(stderr, + gettext("%s: core dumped.\n"), + pgm); syslog(LOG_ERR, - gettext("ldap_cachemgr: " - "core dumped.\n")); + gettext("ldap_cachemgr: " + "core dumped.\n")); } exit(1); diff --git a/usr/src/cmd/ldapcachemgr/cachemgr.h b/usr/src/cmd/ldapcachemgr/cachemgr.h index 532517ab38..d36ed2136d 100644 --- a/usr/src/cmd/ldapcachemgr/cachemgr.h +++ b/usr/src/cmd/ldapcachemgr/cachemgr.h @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -51,13 +50,12 @@ typedef union { extern char *getcacheopt(char *s); extern void logit(char *format, ...); -extern void do_update(ldap_call_t *in); extern int load_admin_defaults(admin_t *ptr, int will_become_server); extern int getldap_init(void); extern void getldap_revalidate(void); extern int getldap_uidkeepalive(int keep, int interval); extern int getldap_invalidate(void); -extern void getldap_lookup(ldap_return_t *out, ldap_call_t *in); +extern void getldap_lookup(LineBuf *config_info, ldap_call_t *in); extern void getldap_refresh(void); extern int cachemgr_set_dl(admin_t *ptr, int value); extern int cachemgr_set_ttl(ldap_stat_t *cache, char *name, int value); @@ -67,10 +65,10 @@ extern int release_clearance(int callnumber); extern void discover(); #endif /* SLP */ extern void getldap_serverInfo_refresh(void); -extern void getldap_getserver(ldap_return_t *out, ldap_call_t *in); -extern void getldap_get_cacheData(ldap_return_t *out, ldap_call_t *in); -extern void getldap_set_cacheData(ldap_return_t *out, ldap_call_t *in); -extern void getldap_get_cacheStat(ldap_return_t *out); +extern void getldap_getserver(LineBuf *config_info, ldap_call_t *in); +extern void getldap_get_cacheData(LineBuf *config_info, ldap_call_t *in); +extern int getldap_set_cacheData(ldap_call_t *in); +extern void getldap_get_cacheStat(LineBuf *stat_info); #ifdef __cplusplus } #endif diff --git a/usr/src/cmd/ldapcachemgr/cachemgr_getldap.c b/usr/src/cmd/ldapcachemgr/cachemgr_getldap.c index 530a5b28c7..e5fd3b56d0 100644 --- a/usr/src/cmd/ldapcachemgr/cachemgr_getldap.c +++ b/usr/src/cmd/ldapcachemgr/cachemgr_getldap.c @@ -2212,19 +2212,15 @@ getldap_serverInfo_refresh() } void -getldap_getserver(ldap_return_t *out, ldap_call_t *in) +getldap_getserver(LineBuf *config_info, ldap_call_t *in) { - char *outstr = NULL; char req[] = "0"; if (current_admin.debug_level >= DBG_ALL) { logit("getldap_getserver()...\n"); } - /* assume no server found */ - out->ldap_errno = -1; - out->ldap_return_code = NOTFOUND; - out->ldap_bufferbytesused = sizeof (*out); + config_info->len = 0; /* make sure the request is valid */ req[0] = (in->ldap_u.servername)[0]; @@ -2237,45 +2233,42 @@ getldap_getserver(ldap_return_t *out, ldap_call_t *in) } (void) getldap_serverInfo_op(INFO_OP_GETSERVER, - in->ldap_u.domainname, &outstr); + in->ldap_u.domainname, &config_info->str); - if (outstr == NULL) + if (config_info->str == NULL) return; - out->ldap_bufferbytesused = sizeof (ldap_return_t); - (void) strncpy(out->ldap_u.config, outstr, strlen(outstr)+1); + config_info->len = strlen(config_info->str) + 1; if (current_admin.debug_level >= DBG_PROFILE_REFRESH) { /* Log server IP */ - char *ptr; - ptr = strstr(outstr, DOORLINESEP); + char *ptr, + separator; + ptr = strstr(config_info->str, DOORLINESEP); if (ptr) { + separator = *ptr; *ptr = '\0'; - logit("getldap_getserver: got server %s\n", outstr); + logit("getldap_getserver: got server %s\n", + config_info->str); + *ptr = separator; } else logit("getldap_getserver: Missing %s." " Internal error\n", DOORLINESEP); } - free(outstr); - out->ldap_return_code = SUCCESS; - out->ldap_errno = 0; - } void -getldap_get_cacheData(ldap_return_t *out, ldap_call_t *in) +getldap_get_cacheData(LineBuf *config_info, ldap_call_t *in) { - char *outstr = NULL, *instr = NULL; + char *instr = NULL; int datatype = CACHE_MAP_UNKNOWN; if (current_admin.debug_level >= DBG_ALL) { logit("getldap_get_cacheData()...\n"); } - /* assume no cache data found */ - out->ldap_errno = -1; - out->ldap_return_code = NOTFOUND; - out->ldap_bufferbytesused = sizeof (*out); + config_info->len = 0; + config_info->str = NULL; /* make sure the request is valid */ if (strncmp(in->ldap_u.servername, @@ -2293,20 +2286,15 @@ getldap_get_cacheData(ldap_return_t *out, ldap_call_t *in) return; (void) getldap_cache_op(CACHE_OP_FIND, datatype, - instr, &outstr); - - if (outstr == NULL) - return; + instr, &config_info->str); - out->ldap_bufferbytesused = sizeof (ldap_return_t); - (void) strncpy(out->ldap_u.config, outstr, strlen(outstr)+1); - free(outstr); - out->ldap_return_code = SUCCESS; - out->ldap_errno = 0; + if (config_info->str != NULL) { + config_info->len = strlen(config_info->str) + 1; + } } -void -getldap_set_cacheData(ldap_return_t *out, ldap_call_t *in) +int +getldap_set_cacheData(ldap_call_t *in) { char *instr1 = NULL; char *instr2 = NULL; @@ -2317,59 +2305,51 @@ getldap_set_cacheData(ldap_return_t *out, ldap_call_t *in) logit("getldap_set_cacheData()...\n"); } - /* assume error */ - out->ldap_errno = -1; - out->ldap_return_code = NOTFOUND; - out->ldap_bufferbytesused = sizeof (*out); - /* make sure the request is valid */ if (strncmp(in->ldap_u.servername, NS_CACHE_DN2DOMAIN, strlen(NS_CACHE_DN2DOMAIN)) == 0) datatype = CACHE_MAP_DN2DOMAIN; if (datatype == CACHE_MAP_UNKNOWN) - return; + return (-1); instr1 = strstr(in->ldap_u.servername, DOORLINESEP); if (instr1 == NULL) - return; + return (-1); *instr1 = '\0'; instr1 += strlen(DOORLINESEP); if (*instr1 == '\0') - return; + return (-1); instr2 = strstr(instr1, DOORLINESEP); if (instr2 == NULL) - return; + return (-1); *instr2 = '\0'; instr2 += strlen(DOORLINESEP); if (*instr2 == '\0') - return; + return (-1); rc = getldap_cache_op(CACHE_OP_ADD, datatype, instr1, &instr2); if (rc != NS_LDAP_SUCCESS) - return; + return (-1); - out->ldap_bufferbytesused = sizeof (ldap_return_t); - out->ldap_return_code = SUCCESS; - out->ldap_errno = 0; + return (0); } void -getldap_get_cacheStat(ldap_return_t *out) +getldap_get_cacheStat(LineBuf *stat_info) { char *foutstr = NULL; char *soutstr = NULL; char *coutstr = NULL; + int infoSize; if (current_admin.debug_level >= DBG_ALL) { logit("getldap_get_cacheStat()...\n"); } - /* setup for error return */ - out->ldap_errno = -1; - out->ldap_return_code = NOTFOUND; - out->ldap_bufferbytesused = sizeof (*out); + stat_info->str = NULL; + stat_info->len = 0; /* get refersh statisitcs */ (void) getldap_get_refresh_stat(&foutstr); @@ -2390,17 +2370,24 @@ getldap_get_cacheStat(ldap_return_t *out) return; } - out->ldap_bufferbytesused = sizeof (ldap_return_t); - (void) strncpy(out->ldap_u.config, foutstr, strlen(foutstr) + 1); - (void) strncat(out->ldap_u.config, soutstr, strlen(soutstr) + 1); - (void) strncat(out->ldap_u.config, coutstr, strlen(coutstr) + 1); + infoSize = strlen(foutstr) + strlen(soutstr) + strlen(coutstr) + 3; + stat_info->str = calloc(infoSize, sizeof (char)); + if (stat_info->str != NULL) { + (void) strncpy(stat_info->str, + foutstr, + strlen(foutstr) + 1); + (void) strncat(stat_info->str, + soutstr, + strlen(soutstr) + 1); + (void) strncat(stat_info->str, + coutstr, + strlen(coutstr) + 1); + stat_info->len = infoSize; + } free(foutstr); free(soutstr); free(coutstr); - - out->ldap_return_code = SUCCESS; - out->ldap_errno = 0; } static int @@ -2864,9 +2851,8 @@ getldap_revalidate() } void -getldap_lookup(ldap_return_t *out, ldap_call_t *in) +getldap_lookup(LineBuf *config_info, ldap_call_t *in) { - LineBuf configinfo; ns_ldap_error_t *error; if (current_admin.debug_level >= DBG_ALL) { @@ -2874,28 +2860,14 @@ getldap_lookup(ldap_return_t *out, ldap_call_t *in) } (void) rw_rdlock(&ldap_lock); - if ((error = __ns_ldap_LoadDoorInfo(&configinfo, in->ldap_u.domainname)) - != NULL) { + if ((error = __ns_ldap_LoadDoorInfo(config_info, + in->ldap_u.domainname)) != NULL) { if (error != NULL && error->message != NULL) logit("Error: ldap_lookup: %s\n", error->message); (void) __ns_ldap_freeError(&error); - out->ldap_errno = -1; - out->ldap_return_code = NOTFOUND; - out->ldap_bufferbytesused = sizeof (*out); - } else { - out->ldap_bufferbytesused = sizeof (ldap_return_t); - (void) strncpy(out->ldap_u.config, - configinfo.str, configinfo.len); - out->ldap_return_code = SUCCESS; - out->ldap_errno = 0; - } - - if (configinfo.str != NULL) { - free(configinfo.str); - configinfo.str = NULL; - configinfo.alloc = 0; - configinfo.len = 0; + config_info->str = NULL; + config_info->len = 0; } (void) rw_unlock(&ldap_lock); diff --git a/usr/src/lib/libsldap/common/ns_config.c b/usr/src/lib/libsldap/common/ns_config.c index fb24f7721b..e87ce9a72f 100644 --- a/usr/src/lib/libsldap/common/ns_config.c +++ b/usr/src/lib/libsldap/common/ns_config.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -567,7 +567,8 @@ __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i) pstart++; /* skip trailing spaces */ pend = pstart + strlen(pstart) - 1; - for (; pend >= pstart && *pend == SPACETOK; pend--); + for (; pend >= pstart && *pend == SPACETOK; pend--) + ; len = pend - pstart + 1; if (len == 0) return (-1); @@ -614,7 +615,7 @@ __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i) for (; mapp->name != NULL; mapp++) { if (strncasecmp(pstart, mapp->name, len) == 0 && - (strlen(mapp->name) == len)) { + (strlen(mapp->name) == len)) { return (mapp->value); } } @@ -949,7 +950,8 @@ stripdup(const char *instr) pstart++; /* remove trailing spaces */ pend = pstart + strlen(pstart) - 1; - for (; pend >= pstart && *pend == SPACETOK; pend--); + for (; pend >= pstart && *pend == SPACETOK; pend--) + ; len = pend - pstart + 1; if ((ret = malloc(len + 1)) == NULL) return (NULL); @@ -1015,92 +1017,92 @@ __s_api_crosscheck(ns_config_t *ptr, char *errstr, int check_dn) if (ptr->paramList[NS_LDAP_SERVERS_P].ns_ppc == NULL) { if (ptr->version == NS_LDAP_V1) { str = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_SERVERS_P)); + NS_LDAP_SERVERS_P)); (void) snprintf(errstr, MAXERROR, - gettext("Configuration Error: No entry for " - "'%s' found"), str); + gettext("Configuration Error: No entry for " + "'%s' found"), str); return (NS_PARSE_ERR); } else if (ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc == - NULL) { + NULL) { str = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_SERVERS_P)); + NS_LDAP_SERVERS_P)); str1 = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_SERVER_PREF_P)); + NS_LDAP_SERVER_PREF_P)); (void) snprintf(errstr, MAXERROR, - gettext("Configuration Error: " - "Neither '%s' nor '%s' is defined"), str, str1); + gettext("Configuration Error: " + "Neither '%s' nor '%s' is defined"), str, str1); return (NS_PARSE_ERR); } } if (ptr->paramList[NS_LDAP_CERT_PASS_P].ns_pc != NULL && - ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc == NULL) { + ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc == NULL) { str = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_CERT_PASS_P)); + NS_LDAP_CERT_PASS_P)); str1 = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_CERT_PATH_P)); + NS_LDAP_CERT_PATH_P)); (void) snprintf(errstr, MAXERROR, gettext("Configuration Error: %s specified " - "but no value for '%s' found"), str, str1); + "but no value for '%s' found"), str, str1); return (NS_PARSE_ERR); } if (ptr->paramList[NS_LDAP_CERT_PASS_P].ns_pc == NULL && - ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc != NULL) { + ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc != NULL) { str = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_CERT_PATH_P)); + NS_LDAP_CERT_PATH_P)); str1 = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_CERT_PASS_P)); + NS_LDAP_CERT_PASS_P)); (void) snprintf(errstr, MAXERROR, gettext("Configuration Error: %s specified " - "but no value for '%s' found"), str, str1); + "but no value for '%s' found"), str, str1); return (NS_PARSE_ERR); } /* check if search basedn has been specified */ if (ptr->paramList[NS_LDAP_SEARCH_BASEDN_P].ns_ppc == NULL) { str = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_SEARCH_BASEDN_P)); + NS_LDAP_SEARCH_BASEDN_P)); (void) snprintf(errstr, MAXERROR, - gettext("Configuration Error: No entry for " - "'%s' found"), str); + gettext("Configuration Error: No entry for " + "'%s' found"), str); return (NS_PARSE_ERR); } if (check_dn) { /* check for auth value....passwd/bindn if necessary */ - for (j = 0; ptr->paramList[NS_LDAP_AUTH_P].ns_pi != NULL && + for (j = 0; ptr->paramList[NS_LDAP_AUTH_P].ns_pi != NULL && ptr->paramList[NS_LDAP_AUTH_P].ns_pi[j] != NULL; j++) { value = ptr->paramList[NS_LDAP_AUTH_P].ns_pi[j]; switch (value) { - case NS_LDAP_EA_SIMPLE: - case NS_LDAP_EA_SASL_CRAM_MD5: - case NS_LDAP_EA_SASL_DIGEST_MD5: - case NS_LDAP_EA_SASL_DIGEST_MD5_INT: - case NS_LDAP_EA_SASL_DIGEST_MD5_CONF: - case NS_LDAP_EA_TLS_SIMPLE: - case NS_LDAP_EA_TLS_SASL_CRAM_MD5: - case NS_LDAP_EA_TLS_SASL_DIGEST_MD5: - case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT: - case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF: + case NS_LDAP_EA_SIMPLE: + case NS_LDAP_EA_SASL_CRAM_MD5: + case NS_LDAP_EA_SASL_DIGEST_MD5: + case NS_LDAP_EA_SASL_DIGEST_MD5_INT: + case NS_LDAP_EA_SASL_DIGEST_MD5_CONF: + case NS_LDAP_EA_TLS_SIMPLE: + case NS_LDAP_EA_TLS_SASL_CRAM_MD5: + case NS_LDAP_EA_TLS_SASL_DIGEST_MD5: + case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT: + case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF: if (ptr->paramList[NS_LDAP_BINDDN_P].ns_ppc == NULL) { str = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_BINDDN_P)); + NS_LDAP_BINDDN_P)); (void) snprintf(errstr, MAXERROR, gettext("Configuration Error: No entry for " "'%s' found"), str); return (NS_PARSE_ERR); } if (ptr->paramList[NS_LDAP_BINDPASSWD_P].ns_ppc - == NULL) { + == NULL) { str = NULL_OR_STR(__s_api_get_configname( - NS_LDAP_BINDPASSWD_P)); + NS_LDAP_BINDPASSWD_P)); (void) snprintf(errstr, MAXERROR, gettext("Configuration Error: No entry for " - "'%s' found"), str); + "'%s' found"), str); return (NS_PARSE_ERR); } break; } - } + } } /* @@ -1110,16 +1112,16 @@ __s_api_crosscheck(ns_config_t *ptr, char *errstr, int check_dn) pi = ptr->paramList[NS_LDAP_AUTH_P].ns_pi; if (pi != NULL) { - cnt = ptr->paramList[NS_LDAP_AUTH_P].ns_acnt; - for (j = 0; j < cnt && !has_tls; j++) { - has_tls = (pi[j] == NS_LDAP_EA_TLS_NONE) || - (pi[j] == NS_LDAP_EA_TLS_SIMPLE) || - (pi[j] == NS_LDAP_EA_TLS_SASL_CRAM_MD5) || - (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5) || - (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT) || - (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF) || - (pi[j] == NS_LDAP_EA_TLS_SASL_EXTERNAL); - } + cnt = ptr->paramList[NS_LDAP_AUTH_P].ns_acnt; + for (j = 0; j < cnt && !has_tls; j++) { + has_tls = (pi[j] == NS_LDAP_EA_TLS_NONE) || + (pi[j] == NS_LDAP_EA_TLS_SIMPLE) || + (pi[j] == NS_LDAP_EA_TLS_SASL_CRAM_MD5) || + (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5) || + (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT) || + (pi[j] == NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF) || + (pi[j] == NS_LDAP_EA_TLS_SASL_EXTERNAL); + } } ppc = ptr->paramList[NS_LDAP_SERVICE_AUTH_METHOD_P].ns_ppc; @@ -1131,27 +1133,29 @@ __s_api_crosscheck(ns_config_t *ptr, char *errstr, int check_dn) if (begin != NULL) begin = strchr(begin, ':'); if (!has_tls && begin != NULL) { - len = strlen(begin) - 3; - for (i = 0; i < len; i++) - if (strncasecmp(begin + i, "tls:", 4) == 0) - break; - has_tls = i < len; + len = strlen(begin) - 3; + for (i = 0; i < len; i++) + if (strncasecmp(begin + i, + "tls:", 4) == 0) + break; + has_tls = i < len; } } } if (has_tls) { - is_ok = !has_port(ptr->paramList[NS_LDAP_SERVERS_P].ns_ppc, - ptr->paramList[NS_LDAP_SERVERS_P].ns_acnt); - ppc = ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc; - if (is_ok) - is_ok = !has_port(ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc, - ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_acnt); + is_ok = !has_port(ptr->paramList[NS_LDAP_SERVERS_P].ns_ppc, + ptr->paramList[NS_LDAP_SERVERS_P].ns_acnt); + ppc = ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc; + if (is_ok) + is_ok = !has_port( + ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc, + ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_acnt); } if (!is_ok) { (void) snprintf(errstr, MAXERROR, - gettext("Configuration Error: " - "Cannot specify LDAP port with tls")); + gettext("Configuration Error: " + "Cannot specify LDAP port with tls")); return (NS_PARSE_ERR); } @@ -1164,7 +1168,7 @@ __s_api_crosscheck(ns_config_t *ptr, char *errstr, int check_dn) */ if (ptr->paramList[NS_LDAP_CACHETTL_P].ns_pc == NULL) { tm = conv_time( - defconfig[NS_LDAP_CACHETTL_P].defval.ns_pc); + defconfig[NS_LDAP_CACHETTL_P].defval.ns_pc); ptr->paramList[NS_LDAP_EXP_P].ns_ptype = TIMET; if (tm != 0) { tm += time(NULL); @@ -1179,28 +1183,28 @@ __s_api_crosscheck(ns_config_t *ptr, char *errstr, int check_dn) cnt = ptr->paramList[NS_LDAP_CREDENTIAL_LEVEL_P].ns_acnt; for (i = 0; i < cnt; i++) { if (ptr->paramList[NS_LDAP_CREDENTIAL_LEVEL_P].ns_pi[i] == - NS_LDAP_CRED_SELF) + NS_LDAP_CRED_SELF) self++; } gssapi = 0; cnt = ptr->paramList[NS_LDAP_AUTH_P].ns_acnt; for (i = 0; i < cnt; i++) { if (ptr->paramList[NS_LDAP_AUTH_P].ns_pi[i] == - NS_LDAP_EA_SASL_GSSAPI) + NS_LDAP_EA_SASL_GSSAPI) gssapi++; } if (gssapi == 0 && self > 0) { (void) snprintf(errstr, MAXERROR, - gettext("Configuration Error: " - "Credential level self requires " - "authentication method sasl/GSSAPI")); + gettext("Configuration Error: " + "Credential level self requires " + "authentication method sasl/GSSAPI")); return (NS_PARSE_ERR); } if (gssapi > 0 && self == 0) { (void) snprintf(errstr, MAXERROR, - gettext("Configuration Error: " - "Authentication method sasl/GSSAPI " - "requires credential level self")); + gettext("Configuration Error: " + "Authentication method sasl/GSSAPI " + "requires credential level self")); return (NS_PARSE_ERR); } return (NS_SUCCESS); @@ -1328,18 +1332,18 @@ set_default_value(ns_config_t *configptr, char *name, if (__s_api_get_type(name, &i) < 0) { (void) snprintf(errstr, sizeof (errstr), gettext( - "Illegal type name (%s).\n"), name); + "Illegal type name (%s).\n"), name); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), - NULL); + NULL); return (NS_LDAP_CONFIG); } if (i != NS_LDAP_SERVERS_P && - i != NS_LDAP_SERVICE_AUTH_METHOD_P && - i != NS_LDAP_SERVICE_CRED_LEVEL_P && - i != NS_LDAP_SERVICE_SEARCH_DESC_P && - i != NS_LDAP_SERVER_PREF_P && - i != NS_LDAP_SEARCH_DN_P) { + i != NS_LDAP_SERVICE_AUTH_METHOD_P && + i != NS_LDAP_SERVICE_CRED_LEVEL_P && + i != NS_LDAP_SERVICE_SEARCH_DESC_P && + i != NS_LDAP_SERVER_PREF_P && + i != NS_LDAP_SEARCH_DN_P) { if (configptr->paramList[i].ns_ptype != NS_UNKNOWN) { destroy_param(configptr, i); } @@ -1418,7 +1422,7 @@ verify_value(ns_config_t *cfg, char *name, char *value, char *errstr) if (__s_api_get_type(name, &index) != 0) { (void) snprintf(errstr, MAXERROR, - gettext("Unknown keyword encountered '%s'."), name); + gettext("Unknown keyword encountered '%s'."), name); return (NS_PARSE_ERR); } @@ -1466,14 +1470,14 @@ verify_value(ns_config_t *cfg, char *name, char *value, char *errstr) break; case NS_LDAP_FILE_VERSION_P: if (value != NULL && - strcasecmp(value, NS_LDAP_VERSION_1) != 0 && - strcasecmp(value, NS_LDAP_VERSION_2) != 0) { + strcasecmp(value, NS_LDAP_VERSION_1) != 0 && + strcasecmp(value, NS_LDAP_VERSION_2) != 0) { (void) snprintf(errstr, MAXERROR, - gettext("Version mismatch, expected " - "cache version '%s' or '%s' but " - "encountered version '%s'."), - NS_LDAP_VERSION_1, - NS_LDAP_VERSION_2, value); + gettext("Version mismatch, expected " + "cache version '%s' or '%s' but " + "encountered version '%s'."), + NS_LDAP_VERSION_1, + NS_LDAP_VERSION_2, value); return (NS_PARSE_ERR); } break; @@ -1499,7 +1503,7 @@ verify_value(ns_config_t *cfg, char *name, char *value, char *errstr) default: found = 0; j = 0; while (def->allowed != NULL && - def->allowed[j].name != NULL && j < DEFMAX) { + def->allowed[j].name != NULL && j < DEFMAX) { if (strcmp(def->allowed[j].name, value) == 0) { found = 1; @@ -1508,7 +1512,7 @@ verify_value(ns_config_t *cfg, char *name, char *value, char *errstr) j++; } if (!found) { - (void) snprintf(errstr, MAXERROR, + (void) snprintf(errstr, MAXERROR, gettext("Invalid option specified for " "'%s' keyword. '%s' is not a recognized " "keyword value."), name, value); @@ -1566,10 +1570,10 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, def = get_defconfig(ptr, type); if (def == NULL) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid ParamIndexType (%d)"), type); + gettext("Unable to set value: " + "invalid ParamIndexType (%d)"), type); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), - NULL); + NULL); return (NS_LDAP_CONFIG); } @@ -1610,11 +1614,11 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, i = __s_get_enum_value(ptr, cp, def->index); if (i < 0) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid %s (%d)"), def->name, - def->index); + gettext("Unable to set value: " + "invalid %s (%d)"), def->name, + def->index); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); if (tcp != NULL) free(tcp); return (NS_LDAP_CONFIG); @@ -1632,11 +1636,11 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, continue; (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid %s (%d)"), def->name, - def->index); + gettext("Unable to set value: " + "invalid %s (%d)"), def->name, + def->index); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); if (tcp != NULL) free(tcp); return (NS_LDAP_CONFIG); @@ -1661,11 +1665,11 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, /* first check to see if colon (:) is there */ if ((strchr(cp, COLONTOK)) == NULL) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid serviceAuthenticationMethod (%s)"), - cp); + gettext("Unable to set value: " + "invalid serviceAuthenticationMethod (%s)"), + cp); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); if (tcp != NULL) free(tcp); return (NS_LDAP_CONFIG); @@ -1703,25 +1707,25 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, fnd = 0; for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { dpend = strchr(ptr->paramList[type].ns_ppc[j], - COLONTOK); + COLONTOK); if (dpend == NULL) continue; i = dpend - ptr->paramList[type].ns_ppc[j]; if (i != len) continue; if (strncmp(ptr->paramList[type].ns_ppc[j], - dp, len) == 0) { + dp, len) == 0) { conf.ns_acnt = - ptr->paramList[type].ns_acnt; + ptr->paramList[type].ns_acnt; conf.ns_ppc = - ptr->paramList[type].ns_ppc; + ptr->paramList[type].ns_ppc; ptr->paramList[type].ns_ppc = NULL; free(conf.ns_ppc[j]); conf.ns_ppc[j] = (char *)strdup(cp); if (conf.ns_ppc[j] == NULL) { free(dp); __s_api_free2dArray - (conf.ns_ppc); + (conf.ns_ppc); if (tcp != NULL) free(tcp); return (NS_LDAP_MEMORY); @@ -1747,7 +1751,7 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, } else p = NULL; conf.ns_ppc = - (char **)realloc(p, (len+1) * sizeof (char *)); + (char **)realloc(p, (len+1) * sizeof (char *)); if (conf.ns_ppc == NULL) { __s_api_free2dArray(p); if (tcp != NULL) @@ -1769,11 +1773,11 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, /* first check to see if colon (:) is there */ if ((strchr(cp, COLONTOK)) == NULL) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid serviceCredentialLevel (%s)"), - cp); + gettext("Unable to set value: " + "invalid serviceCredentialLevel (%s)"), + cp); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); if (tcp != NULL) free(tcp); return (NS_LDAP_CONFIG); @@ -1811,25 +1815,25 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, fnd = 0; for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { dpend = strchr(ptr->paramList[type].ns_ppc[j], - COLONTOK); + COLONTOK); if (dpend == NULL) continue; i = dpend - ptr->paramList[type].ns_ppc[j]; if (i != len) continue; if (strncmp(ptr->paramList[type].ns_ppc[j], - dp, len) == 0) { + dp, len) == 0) { conf.ns_acnt = - ptr->paramList[type].ns_acnt; + ptr->paramList[type].ns_acnt; conf.ns_ppc = - ptr->paramList[type].ns_ppc; + ptr->paramList[type].ns_ppc; ptr->paramList[type].ns_ppc = NULL; free(conf.ns_ppc[j]); conf.ns_ppc[j] = (char *)strdup(cp); if (conf.ns_ppc[j] == NULL) { free(dp); __s_api_free2dArray - (conf.ns_ppc); + (conf.ns_ppc); if (tcp != NULL) free(tcp); return (NS_LDAP_MEMORY); @@ -1855,7 +1859,7 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, } else p = NULL; conf.ns_ppc = - (char **)realloc(p, (len+1) * sizeof (char *)); + (char **)realloc(p, (len+1) * sizeof (char *)); if (conf.ns_ppc == NULL) { __s_api_free2dArray(p); if (tcp != NULL) @@ -1881,11 +1885,11 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, */ if ((strchr(cp, COLONTOK)) == NULL || *cp == COLONTOK) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid serviceSearchDescriptor (%s)"), - cp); + gettext("Unable to set value: " + "invalid serviceSearchDescriptor (%s)"), + cp); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); if (tcp != NULL) free(tcp); return (NS_LDAP_CONFIG); @@ -1923,25 +1927,25 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, fnd = 0; for (j = 0; j < ptr->paramList[type].ns_acnt; j++) { dpend = strchr(ptr->paramList[type].ns_ppc[j], - COLONTOK); + COLONTOK); if (dpend == NULL) continue; i = dpend - ptr->paramList[type].ns_ppc[j]; if (i != len) continue; if (strncmp(ptr->paramList[type].ns_ppc[j], - dp, len) == 0) { + dp, len) == 0) { conf.ns_acnt = - ptr->paramList[type].ns_acnt; + ptr->paramList[type].ns_acnt; conf.ns_ppc = - ptr->paramList[type].ns_ppc; + ptr->paramList[type].ns_ppc; ptr->paramList[type].ns_ppc = NULL; free(conf.ns_ppc[j]); conf.ns_ppc[j] = (char *)strdup(cp); if (conf.ns_ppc[j] == NULL) { free(dp); __s_api_free2dArray - (conf.ns_ppc); + (conf.ns_ppc); if (tcp != NULL) free(tcp); return (NS_LDAP_MEMORY); @@ -1967,7 +1971,7 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, } else p = NULL; conf.ns_ppc = - (char **)realloc(p, (len+1) * sizeof (char *)); + (char **)realloc(p, (len+1) * sizeof (char *)); if (conf.ns_ppc == NULL) { __s_api_free2dArray(p); if (tcp != NULL) @@ -2040,7 +2044,7 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, if (*cp2 == SPACETOK || *cp2 == COMMATOK) { len++; for (; *(cp2 + 1) == SPACETOK || - *(cp2 +1) == COMMATOK; cp2++) + *(cp2 +1) == COMMATOK; cp2++) ; } } @@ -2117,17 +2121,18 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, } else { (void) strlcpy(tbuf, cp, j); j = __s_get_enum_value(ptr, tbuf, - def->index); + def->index); ptbuf = tbuf; } if (j < 0) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid authenticationMethod (%s)"), - ptbuf); + gettext("Unable to set value: " + "invalid " + "authenticationMethod (%s)"), + ptbuf); MKERROR(LOG_ERR, *error, - NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + NS_CONFIG_SYNTAX, + strdup(errstr), NULL); free(conf.ns_pi); if (tcp != NULL) free(tcp); @@ -2149,10 +2154,10 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, } if (j < 0) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid authenticationMethod (%s)"), ptbuf); + gettext("Unable to set value: " + "invalid authenticationMethod (%s)"), ptbuf); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); if (tcp != NULL) free(tcp); return (NS_LDAP_CONFIG); @@ -2189,17 +2194,17 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, } else { (void) strlcpy(tbuf, cp, j); j = __s_get_enum_value(ptr, tbuf, - def->index); + def->index); ptbuf = tbuf; } if (j < 0) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid credentialLevel (%s)"), - ptbuf); + gettext("Unable to set value: " + "invalid credentialLevel (%s)"), + ptbuf); MKERROR(LOG_ERR, *error, - NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + NS_CONFIG_SYNTAX, + strdup(errstr), NULL); free(conf.ns_pi); if (tcp != NULL) free(tcp); @@ -2221,10 +2226,10 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, } if (j < 0) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: " - "invalid credentialLevel (%s)"), ptbuf); + gettext("Unable to set value: " + "invalid credentialLevel (%s)"), ptbuf); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); if (tcp != NULL) free(tcp); return (NS_LDAP_CONFIG); @@ -2243,7 +2248,7 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, "invalid schema mapping (%s)"), cp); exitrc = NS_LDAP_CONFIG; MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); } if (tcp) free(tcp); @@ -2260,17 +2265,17 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, exitrc = NS_LDAP_MEMORY; rmap = (ns_mapping_t *)calloc(1, - sizeof (ns_mapping_t)); + sizeof (ns_mapping_t)); if (rmap) { rmap->service = strdup(sid); if (rmap->service) { rmap->orig = strdup(*attr); if (rmap->orig) { rmap->map = (char **)calloc(2, - sizeof (char *)); + sizeof (char *)); if (rmap->map) { (rmap->map)[0] = - strdup(origA); + strdup(origA); if ((rmap->map)[0]) free_memory = 0; } @@ -2282,11 +2287,11 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, if (def->data_type == ATTRMAP) { rmap->type = NS_ATTR_MAP; i = __s_api_add_map2hash(ptr, - NS_HASH_RAMAP, rmap); + NS_HASH_RAMAP, rmap); } else { rmap->type = NS_OBJ_MAP; i = __s_api_add_map2hash(ptr, - NS_HASH_ROMAP, rmap); + NS_HASH_ROMAP, rmap); } if (i != NS_HASH_RC_SUCCESS) { @@ -2294,31 +2299,31 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, case NS_HASH_RC_CONFIG_ERROR: exitrc = NS_LDAP_INTERNAL; (void) snprintf(errstr, - sizeof (errstr), - gettext( - "Unable to set value: " - "no configuration info " - "for schema map " - "update (%s)"), cp); + sizeof (errstr), + gettext( + "Unable to set value: " + "no configuration info " + "for schema map " + "update (%s)"), cp); MKERROR(LOG_ERR, *error, - NS_LDAP_INTERNAL, - strdup(errstr), - NULL); + NS_LDAP_INTERNAL, + strdup(errstr), + NULL); break; case NS_HASH_RC_EXISTED: exitrc = NS_LDAP_CONFIG; (void) snprintf(errstr, - sizeof (errstr), - gettext( - "Unable to set value: " - "schema map " - "already existed for " - "(%s, %s)."), - *attr, origA); + sizeof (errstr), + gettext( + "Unable to set value: " + "schema map " + "already existed for " + "(%s, %s)."), + *attr, origA); MKERROR(LOG_ERR, *error, - NS_CONFIG_SYNTAX, - strdup(errstr), - NULL); + NS_CONFIG_SYNTAX, + strdup(errstr), + NULL); break; case NS_HASH_RC_NO_MEMORY: exitrc = NS_LDAP_MEMORY; @@ -2363,18 +2368,18 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, exitrc = NS_LDAP_MEMORY; map = (ns_mapping_t *)calloc(1, - sizeof (ns_mapping_t)); + sizeof (ns_mapping_t)); if (map) { map->service = strdup(sid); if (map->service) { map->orig = strdup( - NS_HASH_SCHEMA_MAPPING_EXISTED); + NS_HASH_SCHEMA_MAPPING_EXISTED); if (map->orig) { map->map = (char **)calloc(2, - sizeof (char *)); + sizeof (char *)); if (map->map) { (map->map)[0] = - strdup(sid); + strdup(sid); if ((map->map)[0]) free_memory = 0; } @@ -2390,7 +2395,7 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, * would not show it */ i = __s_api_add_map2hash(ptr, - NS_HASH_RAMAP, map); + NS_HASH_RAMAP, map); /* * ignore "map already existed" error, @@ -2399,21 +2404,21 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, * for map. */ if (i != NS_HASH_RC_SUCCESS && - i != NS_HASH_RC_EXISTED) { + i != NS_HASH_RC_EXISTED) { switch (i) { case NS_HASH_RC_CONFIG_ERROR: exitrc = NS_LDAP_INTERNAL; (void) snprintf(errstr, - sizeof (errstr), - gettext( - "Unable to set value: " - "no configuration info " - "for schema map " - "update (%s)"), cp); + sizeof (errstr), + gettext( + "Unable to set value: " + "no configuration info " + "for schema map " + "update (%s)"), cp); MKERROR(LOG_ERR, *error, - NS_LDAP_INTERNAL, - strdup(errstr), - NULL); + NS_LDAP_INTERNAL, + strdup(errstr), + NULL); break; case NS_HASH_RC_NO_MEMORY: exitrc = NS_LDAP_MEMORY; @@ -2470,11 +2475,11 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, if (def->data_type == ATTRMAP) { map->type = NS_ATTR_MAP; i = __s_api_add_map2hash(ptr, - NS_HASH_AMAP, map); + NS_HASH_AMAP, map); } else { map->type = NS_OBJ_MAP; i = __s_api_add_map2hash(ptr, - NS_HASH_OMAP, map); + NS_HASH_OMAP, map); } if (i != NS_HASH_RC_SUCCESS) { @@ -2482,30 +2487,30 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, case NS_HASH_RC_CONFIG_ERROR: exitrc = NS_LDAP_INTERNAL; (void) snprintf(errstr, - sizeof (errstr), - gettext( - "Unable to set value: " - "no configuration info " - "for schema map " - "update (%s)"), cp); + sizeof (errstr), + gettext( + "Unable to set value: " + "no configuration info " + "for schema map " + "update (%s)"), cp); MKERROR(LOG_ERR, *error, - NS_LDAP_INTERNAL, - strdup(errstr), - NULL); + NS_LDAP_INTERNAL, + strdup(errstr), + NULL); break; case NS_HASH_RC_EXISTED: exitrc = NS_LDAP_CONFIG; (void) snprintf(errstr, - sizeof (errstr), - gettext( - "Unable to set value: " - "schema map " - "already existed for " - "'%s'."), origA); + sizeof (errstr), + gettext( + "Unable to set value: " + "schema map " + "already existed for " + "'%s'."), origA); MKERROR(LOG_ERR, *error, - NS_CONFIG_SYNTAX, - strdup(errstr), - NULL); + NS_CONFIG_SYNTAX, + strdup(errstr), + NULL); break; case NS_HASH_RC_NO_MEMORY: exitrc = NS_LDAP_MEMORY; @@ -2531,10 +2536,10 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, default: /* This should never happen. */ (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set value: invalid configuration " - "type (%d)"), def->data_type); + gettext("Unable to set value: invalid configuration " + "type (%d)"), def->data_type); MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr), - NULL); + NULL); if (tcp != NULL) free(tcp); return (NS_LDAP_CONFIG); @@ -2550,9 +2555,9 @@ __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type, ns_param_t sav_conf; (void) snprintf(errstr, sizeof (errstr), - gettext("%s"), errstr); + gettext("%s"), errstr); MKERROR(LOG_WARNING, *error, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); sav_conf = ptr->paramList[type]; ptr->paramList[type] = conf; @@ -2623,14 +2628,14 @@ __ns_ldap_setParam(const ParamIndexType type, cfg = __s_api_get_default_config(); if (cache_server == TRUE) { - if (cfg == NULL) { - __ns_ldap_default_config(); - cfg = __s_api_get_default_config(); if (cfg == NULL) { - (void) mutex_unlock(&ns_loadrefresh_lock); - return (NS_LDAP_MEMORY); + __ns_ldap_default_config(); + cfg = __s_api_get_default_config(); + if (cfg == NULL) { + (void) mutex_unlock(&ns_loadrefresh_lock); + return (NS_LDAP_MEMORY); + } } - } } else { /* * This code always return error here on client side, @@ -2638,10 +2643,10 @@ __ns_ldap_setParam(const ParamIndexType type, * applications that need to set parameters. */ (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to set parameter from a client in " - "__ns_ldap_setParam()")); + gettext("Unable to set parameter from a client in " + "__ns_ldap_setParam()")); MKERROR(LOG_WARNING, *error, NS_CONFIG_SYNTAX, strdup(errstr), - NULL); + NULL); if (cfg != NULL) __s_api_release_config(cfg); (void) mutex_unlock(&ns_loadrefresh_lock); @@ -2654,12 +2659,12 @@ __ns_ldap_setParam(const ParamIndexType type, __s_api_release_config(cfg); if (new_cfg == NULL) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to load configuration '%s' " - "('%s')."), NSCONFIGFILE, - errorp != NULL && errorp->message != NULL ? - errorp->message : ""); + gettext("Unable to load configuration '%s' " + "('%s')."), NSCONFIGFILE, + errorp != NULL && errorp->message != NULL ? + errorp->message : ""); MKERROR(LOG_WARNING, *error, NS_CONFIG_NOTLOADED, - strdup(errstr), NULL); + strdup(errstr), NULL); if (errorp != NULL) (void) __ns_ldap_freeError(&errorp); (void) mutex_unlock(&ns_loadrefresh_lock); @@ -2719,7 +2724,7 @@ dupParam(ns_param_t *ptr) case ARRAYAUTH: for (i = 0; i < count; i++) { ap = __s_api_AuthEnumtoStruct( - (EnumAuthType_t)ptr->ns_pi[i]); + (EnumAuthType_t)ptr->ns_pi[i]); if (ap == NULL) { free(dupdata); return (NULL); @@ -2838,13 +2843,13 @@ __ns_ldap_getParam(const ParamIndexType Param, __s_api_release_config(cfg); if (new_cfg == NULL) { (void) snprintf(errstr, sizeof (errstr), - gettext("Unable to load configuration " - "'%s' ('%s')."), - NSCONFIGFILE, - errorp != NULL && errorp->message != NULL ? - errorp->message : ""); + gettext("Unable to load configuration " + "'%s' ('%s')."), + NSCONFIGFILE, + errorp != NULL && errorp->message != NULL ? + errorp->message : ""); MKERROR(LOG_WARNING, *error, NS_CONFIG_NOTLOADED, - strdup(errstr), NULL); + strdup(errstr), NULL); if (errorp != NULL) (void) __ns_ldap_freeError(&errorp); (void) mutex_unlock(&ns_loadrefresh_lock); @@ -2859,7 +2864,7 @@ __ns_ldap_getParam(const ParamIndexType Param, (void) snprintf(errstr, sizeof (errstr), gettext("No configuration information available.")); MKERROR(LOG_ERR, *error, NS_CONFIG_NOTLOADED, - strdup(errstr), NULL); + strdup(errstr), NULL); return (NS_LDAP_CONFIG); } @@ -2963,7 +2968,7 @@ __s_api_strValue(ns_config_t *cfg, char *str, sz = 0; for (i = 0; i < count; i++) { sz += strlen(__s_get_auth_name(cfg, - (AuthType_t)(ptr->ns_pi[i]))) + seplen; + (AuthType_t)(ptr->ns_pi[i]))) + seplen; } sz = sz + alen + 1; if (sz <= bufsz) { @@ -2976,8 +2981,8 @@ __s_api_strValue(ns_config_t *cfg, char *str, } for (i = 0; i < count; i++) { (void) strcat(buf, - __s_get_auth_name(cfg, - (AuthType_t)(ptr->ns_pi[i]))); + __s_get_auth_name(cfg, + (AuthType_t)(ptr->ns_pi[i]))); if (i != count-1) { if (cfg->version == NS_LDAP_V1) (void) strcat(buf, COMMASEP); @@ -2991,7 +2996,7 @@ __s_api_strValue(ns_config_t *cfg, char *str, sz = 0; for (i = 0; i < count; i++) { sz += strlen(__s_get_credlvl_name(cfg, - (CredLevel_t)ptr->ns_pi[i])) + seplen; + (CredLevel_t)ptr->ns_pi[i])) + seplen; } sz = sz + alen + 1; if (sz <= bufsz) { @@ -3004,8 +3009,8 @@ __s_api_strValue(ns_config_t *cfg, char *str, } for (i = 0; i < count; i++) { (void) strcat(buf, - __s_get_credlvl_name(cfg, - (CredLevel_t)ptr->ns_pi[i])); + __s_get_credlvl_name(cfg, + (CredLevel_t)ptr->ns_pi[i])); if (i != count-1) { (void) strcat(buf, SPACESEP); } @@ -3029,15 +3034,15 @@ __s_api_strValue(ns_config_t *cfg, char *str, switch (fmt) { case NS_LDIF_FMT: sz += count * (strlen(def->profile_name) - + strlen(COLSPSEP) + strlen("\n")); + + strlen(COLSPSEP) + strlen("\n")); break; case NS_FILE_FMT: sz += count * (strlen(def->name) - + strlen(EQUALSEP) + strlen("\n")); + + strlen(EQUALSEP) + strlen("\n")); break; case NS_DOOR_FMT: sz += count * (strlen(def->name) - + strlen(EQUALSEP) + strlen(DOORLINESEP)); + + strlen(EQUALSEP) + strlen(DOORLINESEP)); break; } if (sz <= bufsz) { @@ -3135,21 +3140,21 @@ __s_api_strValue(ns_config_t *cfg, char *str, switch (def->index) { case NS_LDAP_PREF_ONLY_P: (void) strcat(buf, - __s_get_pref_name((PrefOnly_t)ptr->ns_i)); + __s_get_pref_name((PrefOnly_t)ptr->ns_i)); break; case NS_LDAP_SEARCH_REF_P: (void) strcat(buf, - __s_get_searchref_name(cfg, - (SearchRef_t)ptr->ns_i)); + __s_get_searchref_name(cfg, + (SearchRef_t)ptr->ns_i)); break; case NS_LDAP_SEARCH_SCOPE_P: (void) strcat(buf, - __s_get_scope_name(cfg, - (ScopeType_t)ptr->ns_i)); + __s_get_scope_name(cfg, + (ScopeType_t)ptr->ns_i)); break; default: (void) snprintf(ibuf, sizeof (ibuf), - "%d", ptr->ns_i); + "%d", ptr->ns_i); (void) strcat(buf, ibuf); break; } @@ -3219,24 +3224,27 @@ __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error) ldap_data_t s_d; char s_b[DOORBUFFERSIZE]; } space_t; - space_t *space; + space_t *space; - ldap_data_t *sptr; - int ndata; - int adata; - char errstr[MAXERROR]; - char *domainname; + ldap_data_t *sptr; + int ndata; + int adata; + char errstr[MAXERROR]; + char *domainname; + ns_ldap_return_code retCode; + + *error = NULL; domainname = __getdomainname(); if (domainname == NULL || buffer == NULL || buflen == NULL || (strlen(domainname) >= (sizeof (space_t) - - sizeof (space->s_d.ldap_call.ldap_callnumber)))) { + - sizeof (space->s_d.ldap_call.ldap_callnumber)))) { return (NS_LDAP_OP_FAILED); } space = (space_t *)calloc(1, sizeof (space_t)); if (space == NULL) - return (NS_LDAP_OP_FAILED); + return (NS_LDAP_MEMORY); adata = (sizeof (ldap_call_t) + strlen(domainname) +1); ndata = sizeof (space_t); @@ -3251,11 +3259,11 @@ __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error) break; case NOTFOUND: (void) snprintf(errstr, sizeof (errstr), - gettext("Door call to " - "ldap_cachemgr failed - error: %d."), - space->s_d.ldap_ret.ldap_errno); + gettext("Door call to " + "ldap_cachemgr failed - error: %d."), + space->s_d.ldap_ret.ldap_errno); MKERROR(LOG_WARNING, *error, NS_CONFIG_CACHEMGR, - strdup(errstr), NULL); + strdup(errstr), NULL); free(space); return (NS_LDAP_OP_FAILED); default: @@ -3263,24 +3271,23 @@ __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error) return (NS_LDAP_OP_FAILED); } + retCode = NS_LDAP_SUCCESS; + /* copy info from door call to buffer here */ - *buflen = strlen(space->s_d.ldap_ret.ldap_u.config) + 1; + *buflen = strlen(sptr->ldap_ret.ldap_u.config) + 1; *buffer = calloc(*buflen, sizeof (char)); if (*buffer == NULL) { - free(space); - return (NS_LDAP_MEMORY); + retCode = NS_LDAP_MEMORY; + } else { + (void) strcpy(*buffer, sptr->ldap_ret.ldap_u.config); } - (void) strcpy(*buffer, space->s_d.ldap_ret.ldap_u.config); if (sptr != &space->s_d) { (void) munmap((char *)sptr, ndata); - } else { - free(space); - space = NULL; } - *error = NULL; + free(space); - return (NS_LDAP_SUCCESS); + return (retCode); } /* @@ -3321,26 +3328,26 @@ SetDoorInfo(char *buffer, ns_ldap_error_t **errorp) /* Use get_versiontype and check for V1 vs V2 prototypes */ if (__s_api_get_versiontype(ptr, name, &i) < 0) { (void) snprintf(errstr, sizeof (errstr), - "%s (%s)\n", - gettext("Illegal profile entry " - "line in configuration."), - name); + "%s (%s)\n", + gettext("Illegal profile entry " + "line in configuration."), + name); errfnd++; /* Write verify routines and get rid of verify_value here */ } else if (verify_value(ptr, name, - value, errbuf) != NS_SUCCESS) { + value, errbuf) != NS_SUCCESS) { (void) snprintf(errstr, sizeof (errstr), - gettext("%s\n"), errbuf); + gettext("%s\n"), errbuf); errfnd++; } else if (!first && i == NS_LDAP_FILE_VERSION_P) { (void) snprintf(errstr, sizeof (errstr), - gettext("Illegal NS_LDAP_FILE_VERSION " - "line in configuration.\n")); + gettext("Illegal NS_LDAP_FILE_VERSION " + "line in configuration.\n")); errfnd++; } if (errfnd) { MKERROR(LOG_ERR, *errorp, NS_CONFIG_SYNTAX, - strdup(errstr), NULL); + strdup(errstr), NULL); } else { ret = set_default_value(ptr, name, value, errorp); } @@ -3356,7 +3363,7 @@ SetDoorInfo(char *buffer, ns_ldap_error_t **errorp) if (__s_api_crosscheck(ptr, errstr, B_TRUE) != NS_SUCCESS) { __s_api_destroy_config(ptr); MKERROR(LOG_WARNING, *errorp, NS_CONFIG_SYNTAX, strdup(errstr), - NULL); + NULL); return (NULL); } @@ -3488,7 +3495,7 @@ __s_api_AuthEnumtoStruct(const EnumAuthType_t i) ap->type = NS_LDAP_AUTH_SASL; ap->saslmech = NS_LDAP_SASL_GSSAPI; ap->saslopt = NS_LDAP_SASLOPT_INT | - NS_LDAP_SASLOPT_PRIV; + NS_LDAP_SASLOPT_PRIV; break; case NS_LDAP_EA_TLS_NONE: ap->type = NS_LDAP_AUTH_TLS; @@ -3572,7 +3579,7 @@ __s_val_postime(ParamIndexType i, ns_default_config *def, return (NS_SUCCESS); } (void) snprintf(errbuf, MAXERROR, - gettext("Illegal time value in %s"), def->name); + gettext("Illegal time value in %s"), def->name); return (NS_PARSE_ERR); } @@ -3587,15 +3594,15 @@ __s_val_basedn(ParamIndexType i, ns_default_config *def, { if (param && param->ns_ptype == CHARPTR && i == NS_LDAP_SEARCH_BASEDN_P && - ((param->ns_pc == NULL) || /* empty */ - (*(param->ns_pc) == '\0') || /* empty */ - (strchr(param->ns_pc, '=') != NULL))) /* '=' */ + ((param->ns_pc == NULL) || /* empty */ + (*(param->ns_pc) == '\0') || /* empty */ + (strchr(param->ns_pc, '=') != NULL))) /* '=' */ { return (NS_SUCCESS); } (void) snprintf(errbuf, MAXERROR, - gettext("Non-existent or invalid DN in %s"), - def->name); + gettext("Non-existent or invalid DN in %s"), + def->name); return (NS_PARSE_ERR); } @@ -3610,14 +3617,14 @@ __s_val_serverList(ParamIndexType i, ns_default_config *def, { for (i = 0; i < param->ns_acnt; i++) { if ((__s_api_isipv4(param->ns_ppc[i])) || - (__s_api_isipv6(param->ns_ppc[i])) || - (__s_api_ishost(param->ns_ppc[i]))) { + (__s_api_isipv6(param->ns_ppc[i])) || + (__s_api_ishost(param->ns_ppc[i]))) { continue; } /* err */ (void) snprintf(errbuf, MAXERROR, - gettext("Invalid server (%s) in %s"), - param->ns_ppc[i], def->name); + gettext("Invalid server (%s) in %s"), + param->ns_ppc[i], def->name); return (NS_PARSE_ERR); } @@ -3635,13 +3642,13 @@ __s_val_binddn(ParamIndexType i, ns_default_config *def, { if (param && param->ns_ptype == CHARPTR && i == NS_LDAP_BINDDN_P && - ((param->ns_pc == NULL) || - ((*(param->ns_pc) != '\0') && - (strchr(param->ns_pc, '=') != NULL)))) { + ((param->ns_pc == NULL) || + ((*(param->ns_pc) != '\0') && + (strchr(param->ns_pc, '=') != NULL)))) { return (NS_SUCCESS); } (void) snprintf(errbuf, MAXERROR, - gettext("NULL or invalid proxy bind DN")); + gettext("NULL or invalid proxy bind DN")); return (NS_PARSE_ERR); } @@ -3656,12 +3663,12 @@ __s_val_bindpw(ParamIndexType i, ns_default_config *def, { if (param && param->ns_ptype == CHARPTR && i == NS_LDAP_BINDPASSWD_P && - ((param->ns_pc == NULL) || - (*(param->ns_pc) != '\0'))) { + ((param->ns_pc == NULL) || + (*(param->ns_pc) != '\0'))) { return (NS_SUCCESS); } (void) snprintf(errbuf, MAXERROR, - gettext("NULL proxy bind password")); + gettext("NULL proxy bind password")); return (NS_PARSE_ERR); } |