1 /* $NetBSD: jts.c,v 1.2 2021/08/14 16:14:53 christos Exp $ */
2
3 /* jts.c - RBAC JTS initialization */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 *
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
12 * Public License.
13 *
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
17 */
18 /* ACKNOWLEDGEMENTS:
19 */
20
21 #include <sys/cdefs.h>
22 __RCSID("$NetBSD: jts.c,v 1.2 2021/08/14 16:14:53 christos Exp $");
23
24 #include "portable.h"
25
26 #include <stdio.h>
27
28 #include <ac/string.h>
29
30 #include "slap.h"
31 #include "slap-config.h"
32 #include "lutil.h"
33
34 #include "rbac.h"
35
36 struct slap_rbac_tenant_schema slap_rbac_jts_schema;
37
38 /* to replace all JTS schema initialization */
39 rbac_ad_t ft_ads[] = {
40 { RBAC_ROLE_ASSIGNMENT,
41 BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role },
42 { RBAC_ROLE_CONSTRAINTS,
43 BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint },
44 { RBAC_USER_CONSTRAINTS,
45 BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint },
46 { RBAC_UID,
47 BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid },
48 { RBAC_USERS,
49 BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
50 { RBAC_ROLES,
51 BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
52 { RBAC_OBJ_NAME,
53 BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname },
54 { RBAC_OP_NAME,
55 BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname },
56
57 { RBAC_NONE, BER_BVNULL, NULL }
58 };
59
60 rbac_ad_t ft_user_ads[] = {
61 { RBAC_ROLE_ASSIGNMENT,
62 BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role },
63 { RBAC_ROLE_CONSTRAINTS,
64 BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint },
65 { RBAC_USER_CONSTRAINTS,
66 BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint },
67 { RBAC_UID,
68 BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid },
69
70 { RBAC_NONE, BER_BVNULL, NULL }
71 };
72
73 rbac_ad_t ft_perm_ads[] = {
74 { RBAC_USERS,
75 BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
76 { RBAC_ROLES,
77 BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
78
79 { RBAC_NONE, BER_BVNULL, NULL }
80 };
81
82 rbac_ad_t ft_session_perm_ads[] = {
83 { RBAC_USERS,
84 BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
85 { RBAC_ROLES,
86 BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
87 { RBAC_OBJ_NAME,
88 BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname },
89 { RBAC_OP_NAME,
90 BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname },
91
92 { RBAC_NONE, BER_BVNULL, NULL }
93 };
94
95 static int
initialize_jts_session_permission_ads()96 initialize_jts_session_permission_ads()
97 {
98 int i, nattrs, rc = LDAP_SUCCESS;
99
100 for ( nattrs = 0; !BER_BVISNULL( &ft_session_perm_ads[nattrs].attr );
101 nattrs++ )
102 ; /* count the number of attrs */
103
104 slap_rbac_jts_schema.session_perm_attrs =
105 slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
106
107 for ( i = 0; !BER_BVISNULL( &ft_session_perm_ads[i].attr ); i++ ) {
108 slap_rbac_jts_schema.session_perm_attrs[i].an_name =
109 ft_session_perm_ads[i].attr;
110 slap_rbac_jts_schema.session_perm_attrs[i].an_desc =
111 *ft_session_perm_ads[i].ad;
112 }
113
114 BER_BVZERO( &slap_rbac_jts_schema.session_perm_attrs[nattrs].an_name );
115
116 slap_rbac_jts_schema.session_permissions_ads = ft_session_perm_ads;
117
118 return rc;
119 }
120
121 static int
initialize_jts_permission_ads()122 initialize_jts_permission_ads()
123 {
124 int i, nattrs, rc = LDAP_SUCCESS;
125
126 /* jts permissions configuration */
127
128 for ( nattrs = 0; !BER_BVISNULL( &ft_perm_ads[nattrs].attr ); nattrs++ )
129 ; /* count the number of attrs */
130
131 slap_rbac_jts_schema.perm_attrs =
132 slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
133
134 for ( i = 0; !BER_BVISNULL( &ft_perm_ads[i].attr ); i++ ) {
135 slap_rbac_jts_schema.perm_attrs[i].an_name = ft_perm_ads[i].attr;
136 slap_rbac_jts_schema.perm_attrs[i].an_desc = *ft_perm_ads[i].ad;
137 }
138
139 BER_BVZERO( &slap_rbac_jts_schema.perm_attrs[nattrs].an_name );
140
141 slap_rbac_jts_schema.permission_ads = ft_perm_ads;
142
143 return rc;
144 }
145
146 static int
initialize_jts_user_ads()147 initialize_jts_user_ads()
148 {
149 int i, nattrs, rc = LDAP_SUCCESS;
150
151 /* jts user attribute descriptions */
152
153 /* jts user attributes */
154 for ( nattrs = 0; !BER_BVISNULL( &ft_user_ads[nattrs].attr ); nattrs++ )
155 ; /* count the number of attrs */
156
157 slap_rbac_jts_schema.user_attrs =
158 slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
159
160 for ( i = 0; !BER_BVISNULL( &ft_user_ads[i].attr ); i++ ) {
161 slap_rbac_jts_schema.user_attrs[i].an_name = ft_user_ads[i].attr;
162 slap_rbac_jts_schema.user_attrs[i].an_desc = *ft_user_ads[i].ad;
163 }
164
165 BER_BVZERO( &slap_rbac_jts_schema.user_attrs[nattrs].an_name );
166
167 slap_rbac_jts_schema.user_ads = ft_user_ads;
168
169 return rc;
170 }
171
172 int
initialize_jts()173 initialize_jts()
174 {
175 int i, rc;
176 const char *text;
177
178 /* jts attributes */
179 for ( i = 0; !BER_BVISNULL( &ft_ads[i].attr ); i++ ) {
180 rc = slap_bv2ad( &ft_ads[i].attr, ft_ads[i].ad, &text );
181 if ( rc != LDAP_SUCCESS ) {
182 goto done;
183 }
184 }
185
186 rc = initialize_jts_user_ads();
187 if ( rc != LDAP_SUCCESS ) {
188 return rc;
189 }
190
191 rc = initialize_jts_permission_ads();
192 if ( rc != LDAP_SUCCESS ) {
193 return rc;
194 }
195
196 rc = initialize_jts_session_permission_ads();
197 if ( rc != LDAP_SUCCESS ) {
198 return rc;
199 }
200
201 done:;
202 return rc;
203 }
204