diff options
Diffstat (limited to 'usr/src/lib/libadutils/common/adutils.c')
-rw-r--r-- | usr/src/lib/libadutils/common/adutils.c | 156 |
1 files changed, 25 insertions, 131 deletions
diff --git a/usr/src/lib/libadutils/common/adutils.c b/usr/src/lib/libadutils/common/adutils.c index d914f109d2..086e5338e4 100644 --- a/usr/src/lib/libadutils/common/adutils.c +++ b/usr/src/lib/libadutils/common/adutils.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -35,6 +35,7 @@ #include <errno.h> #include <assert.h> #include <limits.h> +#include <syslog.h> #include <sys/u8_textprep.h> #include <sys/varargs.h> #include "libadutils.h" @@ -67,12 +68,13 @@ static binary_attrs_t binattrs[] = { }; +adutils_logger logger = syslog; + + void -adutils_set_log(int pri, bool_t syslog, bool_t degraded) +adutils_set_logger(adutils_logger funct) { - idmap_log_stderr(pri); - idmap_log_syslog(syslog); - idmap_log_degraded(degraded); + logger = funct; } @@ -83,8 +85,9 @@ static char * adutils_dns2dn(const char *dns) { - int nameparts; - return (ldap_dns_to_dn((char *)dns, &nameparts)); + int num_parts; + + return (ldap_dns_to_dn((char *)dns, &num_parts)); } @@ -95,122 +98,15 @@ adutils_dns2dn(const char *dns) char * adutils_dn2dns(const char *dn) { - char **rdns = NULL; - char **attrs = NULL; - char **labels = NULL; - char *dns = NULL; - char **rdn, **attr, **label; - int maxlabels = 5; - int nlabels = 0; - int dnslen; - - /* - * There is no reverse of ldap_dns_to_dn() in our libldap, so we - * have to do the hard work here for now. - */ - - /* - * This code is much too liberal: it looks for "dc" attributes - * in all RDNs of the DN. In theory this could cause problems - * if people were to use "dc" in nodes other than the root of - * the tree, but in practice noone, least of all Active - * Directory, does that. - * - * On the other hand, this code is much too conservative: it - * does not make assumptions about ldap_explode_dn(), and _that_ - * is the true for looking at every attr of every RDN. - * - * Since we only ever look at dc and those must be DNS labels, - * at least until we get around to supporting IDN here we - * shouldn't see escaped labels from AD nor from libldap, though - * the spec (RFC2253) does allow libldap to escape things that - * don't need escaping -- if that should ever happen then - * libldap will need a spanking, and we can take care of that. - */ - - /* Explode a DN into RDNs */ - if ((rdns = ldap_explode_dn(dn, 0)) == NULL) - return (NULL); - - labels = calloc(maxlabels + 1, sizeof (char *)); - label = labels; - - for (rdn = rdns; *rdn != NULL; rdn++) { - if (attrs != NULL) - ldap_value_free(attrs); - - /* Explode each RDN, look for DC attr, save val as DNS label */ - if ((attrs = ldap_explode_rdn(rdn[0], 0)) == NULL) - goto done; - - for (attr = attrs; *attr != NULL; attr++) { - if (strncasecmp(*attr, "dc=", 3) != 0) - continue; - - /* Found a DNS label */ - labels[nlabels++] = strdup((*attr) + 3); - - if (nlabels == maxlabels) { - char **tmp; - tmp = realloc(labels, - sizeof (char *) * (maxlabels + 1)); - - if (tmp == NULL) - goto done; - - labels = tmp; - labels[nlabels] = NULL; - } - - /* There should be just one DC= attr per-RDN */ - break; - } - } - - /* - * Got all the labels, now join with '.' - * - * We need room for nlabels - 1 periods ('.'), one nul - * terminator, and the strlen() of each label. - */ - dnslen = nlabels; - for (label = labels; *label != NULL; label++) - dnslen += strlen(*label); - - if ((dns = malloc(dnslen)) == NULL) - goto done; - - *dns = '\0'; - - for (label = labels; *label != NULL; label++) { - (void) strlcat(dns, *label, dnslen); - /* - * NOTE: the last '.' won't be appended -- there's no room - * for it! - */ - (void) strlcat(dns, ".", dnslen); - } - -done: - if (labels != NULL) { - for (label = labels; *label != NULL; label++) - free(*label); - free(labels); - } - if (attrs != NULL) - ldap_value_free(attrs); - if (rdns != NULL) - ldap_value_free(rdns); - - return (dns); + return (DN_to_DNS(dn)); } + /* * Convert a binary SID in a BerValue to a adutils_sid_t */ -static int -getsid(BerValue *bval, adutils_sid_t *sidp) +adutils_getsid(BerValue *bval, adutils_sid_t *sidp) { int i, j; uchar_t *v; @@ -258,9 +154,8 @@ getsid(BerValue *bval, adutils_sid_t *sidp) /* * Convert a adutils_sid_t to S-1-... */ -static char * -sid2txt(adutils_sid_t *sidp) +adutils_sid2txt(adutils_sid_t *sidp) { int rlen, i, len; char *str, *cp; @@ -462,7 +357,7 @@ convert_bval2sid(BerValue *bval, uint32_t *rid) { adutils_sid_t sid; - if (getsid(bval, &sid) < 0) + if (adutils_getsid(bval, &sid) < 0) return (NULL); /* @@ -472,7 +367,7 @@ convert_bval2sid(BerValue *bval, uint32_t *rid) */ if (rid != NULL && sid.authority == 5 && sid.sub_authority_count == 5) *rid = sid.sub_authorities[--sid.sub_authority_count]; - return (sid2txt(&sid)); + return (adutils_sid2txt(&sid)); } @@ -517,7 +412,6 @@ adutils_bv_name2str(BerValue *bval) } /*ARGSUSED*/ -static int saslcallback(LDAP *ld, unsigned flags, void *defaults, void *prompts) { @@ -671,7 +565,7 @@ open_conn(adutils_host_t *adh, int timeoutsecs) /* Open and bind an LDAP connection */ adh->ld = ldap_init(adh->host, adh->port); if (adh->ld == NULL) { - idmapdlog(LOG_INFO, "ldap_init() to server " + logger(LOG_INFO, "ldap_init() to server " "%s port %d failed. (%s)", adh->host, adh->port, strerror(errno)); goto out; @@ -690,12 +584,12 @@ open_conn(adutils_host_t *adh, int timeoutsecs) if (rc != LDAP_SUCCESS) { (void) ldap_unbind(adh->ld); adh->ld = NULL; - idmapdlog(LOG_INFO, "ldap_sasl_interactive_bind_s() to server " + logger(LOG_INFO, "ldap_sasl_interactive_bind_s() to server " "%s port %d failed. (%s)", adh->host, adh->port, ldap_err2string(rc)); } - idmapdlog(LOG_DEBUG, "Using global catalog server %s:%d", + logger(LOG_DEBUG, "Using global catalog server %s:%d", adh->host, adh->port); out: @@ -789,7 +683,7 @@ retry: goto retry; out: - idmapdlog(LOG_NOTICE, "Couldn't open an LDAP connection to any global " + logger(LOG_NOTICE, "Couldn't open an LDAP connection to any global " "catalog server!"); return (NULL); } @@ -1420,7 +1314,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout) if (adh->dead) { num = adh->num_requests; (void) pthread_mutex_unlock(&adh->lock); - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "AD ldap_result error - %d queued requests", num); return (-1); } @@ -1458,7 +1352,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout) } else { num = adh->num_requests; (void) pthread_mutex_unlock(&adh->lock); - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "AD cannot find message ID (%d) " "- %d queued requests", msgid, num); @@ -1489,7 +1383,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout) rc = add_entry(adh, que, res); (void) pthread_mutex_unlock(&adh->lock); if (rc < 0) { - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "Failed to queue entry by " "message ID (%d) " "- %d queued requests", @@ -1500,7 +1394,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout) } else { num = adh->num_requests; (void) pthread_mutex_unlock(&adh->lock); - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "AD cannot find message ID (%d) " "- %d queued requests", msgid, num); @@ -1736,7 +1630,7 @@ adutils_lookup_batch_add(adutils_query_state_t *state, if (dead) { if (lrc != LDAP_SUCCESS) - idmapdlog(LOG_DEBUG, + logger(LOG_DEBUG, "AD ldap_search_ext error (%s) " "- %d queued requests", ldap_err2string(lrc), num); |