summaryrefslogtreecommitdiff
path: root/usr/src/lib/libadutils/common/adutils.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/lib/libadutils/common/adutils.c')
-rw-r--r--usr/src/lib/libadutils/common/adutils.c156
1 files changed, 25 insertions, 131 deletions
diff --git a/usr/src/lib/libadutils/common/adutils.c b/usr/src/lib/libadutils/common/adutils.c
index d914f109d2..086e5338e4 100644
--- a/usr/src/lib/libadutils/common/adutils.c
+++ b/usr/src/lib/libadutils/common/adutils.c
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -35,6 +35,7 @@
#include <errno.h>
#include <assert.h>
#include <limits.h>
+#include <syslog.h>
#include <sys/u8_textprep.h>
#include <sys/varargs.h>
#include "libadutils.h"
@@ -67,12 +68,13 @@ static binary_attrs_t binattrs[] = {
};
+adutils_logger logger = syslog;
+
+
void
-adutils_set_log(int pri, bool_t syslog, bool_t degraded)
+adutils_set_logger(adutils_logger funct)
{
- idmap_log_stderr(pri);
- idmap_log_syslog(syslog);
- idmap_log_degraded(degraded);
+ logger = funct;
}
@@ -83,8 +85,9 @@ static
char *
adutils_dns2dn(const char *dns)
{
- int nameparts;
- return (ldap_dns_to_dn((char *)dns, &nameparts));
+ int num_parts;
+
+ return (ldap_dns_to_dn((char *)dns, &num_parts));
}
@@ -95,122 +98,15 @@ adutils_dns2dn(const char *dns)
char *
adutils_dn2dns(const char *dn)
{
- char **rdns = NULL;
- char **attrs = NULL;
- char **labels = NULL;
- char *dns = NULL;
- char **rdn, **attr, **label;
- int maxlabels = 5;
- int nlabels = 0;
- int dnslen;
-
- /*
- * There is no reverse of ldap_dns_to_dn() in our libldap, so we
- * have to do the hard work here for now.
- */
-
- /*
- * This code is much too liberal: it looks for "dc" attributes
- * in all RDNs of the DN. In theory this could cause problems
- * if people were to use "dc" in nodes other than the root of
- * the tree, but in practice noone, least of all Active
- * Directory, does that.
- *
- * On the other hand, this code is much too conservative: it
- * does not make assumptions about ldap_explode_dn(), and _that_
- * is the true for looking at every attr of every RDN.
- *
- * Since we only ever look at dc and those must be DNS labels,
- * at least until we get around to supporting IDN here we
- * shouldn't see escaped labels from AD nor from libldap, though
- * the spec (RFC2253) does allow libldap to escape things that
- * don't need escaping -- if that should ever happen then
- * libldap will need a spanking, and we can take care of that.
- */
-
- /* Explode a DN into RDNs */
- if ((rdns = ldap_explode_dn(dn, 0)) == NULL)
- return (NULL);
-
- labels = calloc(maxlabels + 1, sizeof (char *));
- label = labels;
-
- for (rdn = rdns; *rdn != NULL; rdn++) {
- if (attrs != NULL)
- ldap_value_free(attrs);
-
- /* Explode each RDN, look for DC attr, save val as DNS label */
- if ((attrs = ldap_explode_rdn(rdn[0], 0)) == NULL)
- goto done;
-
- for (attr = attrs; *attr != NULL; attr++) {
- if (strncasecmp(*attr, "dc=", 3) != 0)
- continue;
-
- /* Found a DNS label */
- labels[nlabels++] = strdup((*attr) + 3);
-
- if (nlabels == maxlabels) {
- char **tmp;
- tmp = realloc(labels,
- sizeof (char *) * (maxlabels + 1));
-
- if (tmp == NULL)
- goto done;
-
- labels = tmp;
- labels[nlabels] = NULL;
- }
-
- /* There should be just one DC= attr per-RDN */
- break;
- }
- }
-
- /*
- * Got all the labels, now join with '.'
- *
- * We need room for nlabels - 1 periods ('.'), one nul
- * terminator, and the strlen() of each label.
- */
- dnslen = nlabels;
- for (label = labels; *label != NULL; label++)
- dnslen += strlen(*label);
-
- if ((dns = malloc(dnslen)) == NULL)
- goto done;
-
- *dns = '\0';
-
- for (label = labels; *label != NULL; label++) {
- (void) strlcat(dns, *label, dnslen);
- /*
- * NOTE: the last '.' won't be appended -- there's no room
- * for it!
- */
- (void) strlcat(dns, ".", dnslen);
- }
-
-done:
- if (labels != NULL) {
- for (label = labels; *label != NULL; label++)
- free(*label);
- free(labels);
- }
- if (attrs != NULL)
- ldap_value_free(attrs);
- if (rdns != NULL)
- ldap_value_free(rdns);
-
- return (dns);
+ return (DN_to_DNS(dn));
}
+
/*
* Convert a binary SID in a BerValue to a adutils_sid_t
*/
-static
int
-getsid(BerValue *bval, adutils_sid_t *sidp)
+adutils_getsid(BerValue *bval, adutils_sid_t *sidp)
{
int i, j;
uchar_t *v;
@@ -258,9 +154,8 @@ getsid(BerValue *bval, adutils_sid_t *sidp)
/*
* Convert a adutils_sid_t to S-1-...
*/
-static
char *
-sid2txt(adutils_sid_t *sidp)
+adutils_sid2txt(adutils_sid_t *sidp)
{
int rlen, i, len;
char *str, *cp;
@@ -462,7 +357,7 @@ convert_bval2sid(BerValue *bval, uint32_t *rid)
{
adutils_sid_t sid;
- if (getsid(bval, &sid) < 0)
+ if (adutils_getsid(bval, &sid) < 0)
return (NULL);
/*
@@ -472,7 +367,7 @@ convert_bval2sid(BerValue *bval, uint32_t *rid)
*/
if (rid != NULL && sid.authority == 5 && sid.sub_authority_count == 5)
*rid = sid.sub_authorities[--sid.sub_authority_count];
- return (sid2txt(&sid));
+ return (adutils_sid2txt(&sid));
}
@@ -517,7 +412,6 @@ adutils_bv_name2str(BerValue *bval)
}
/*ARGSUSED*/
-static
int
saslcallback(LDAP *ld, unsigned flags, void *defaults, void *prompts)
{
@@ -671,7 +565,7 @@ open_conn(adutils_host_t *adh, int timeoutsecs)
/* Open and bind an LDAP connection */
adh->ld = ldap_init(adh->host, adh->port);
if (adh->ld == NULL) {
- idmapdlog(LOG_INFO, "ldap_init() to server "
+ logger(LOG_INFO, "ldap_init() to server "
"%s port %d failed. (%s)", adh->host,
adh->port, strerror(errno));
goto out;
@@ -690,12 +584,12 @@ open_conn(adutils_host_t *adh, int timeoutsecs)
if (rc != LDAP_SUCCESS) {
(void) ldap_unbind(adh->ld);
adh->ld = NULL;
- idmapdlog(LOG_INFO, "ldap_sasl_interactive_bind_s() to server "
+ logger(LOG_INFO, "ldap_sasl_interactive_bind_s() to server "
"%s port %d failed. (%s)", adh->host, adh->port,
ldap_err2string(rc));
}
- idmapdlog(LOG_DEBUG, "Using global catalog server %s:%d",
+ logger(LOG_DEBUG, "Using global catalog server %s:%d",
adh->host, adh->port);
out:
@@ -789,7 +683,7 @@ retry:
goto retry;
out:
- idmapdlog(LOG_NOTICE, "Couldn't open an LDAP connection to any global "
+ logger(LOG_NOTICE, "Couldn't open an LDAP connection to any global "
"catalog server!");
return (NULL);
}
@@ -1420,7 +1314,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout)
if (adh->dead) {
num = adh->num_requests;
(void) pthread_mutex_unlock(&adh->lock);
- idmapdlog(LOG_DEBUG,
+ logger(LOG_DEBUG,
"AD ldap_result error - %d queued requests", num);
return (-1);
}
@@ -1458,7 +1352,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout)
} else {
num = adh->num_requests;
(void) pthread_mutex_unlock(&adh->lock);
- idmapdlog(LOG_DEBUG,
+ logger(LOG_DEBUG,
"AD cannot find message ID (%d) "
"- %d queued requests",
msgid, num);
@@ -1489,7 +1383,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout)
rc = add_entry(adh, que, res);
(void) pthread_mutex_unlock(&adh->lock);
if (rc < 0) {
- idmapdlog(LOG_DEBUG,
+ logger(LOG_DEBUG,
"Failed to queue entry by "
"message ID (%d) "
"- %d queued requests",
@@ -1500,7 +1394,7 @@ get_adobject_batch(adutils_host_t *adh, struct timeval *timeout)
} else {
num = adh->num_requests;
(void) pthread_mutex_unlock(&adh->lock);
- idmapdlog(LOG_DEBUG,
+ logger(LOG_DEBUG,
"AD cannot find message ID (%d) "
"- %d queued requests",
msgid, num);
@@ -1736,7 +1630,7 @@ adutils_lookup_batch_add(adutils_query_state_t *state,
if (dead) {
if (lrc != LDAP_SUCCESS)
- idmapdlog(LOG_DEBUG,
+ logger(LOG_DEBUG,
"AD ldap_search_ext error (%s) "
"- %d queued requests",
ldap_err2string(lrc), num);