1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * CDDL HEADER START 3*0Sstevel@tonic-gate * 4*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*0Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*0Sstevel@tonic-gate * with the License. 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*0Sstevel@tonic-gate * See the License for the specific language governing permissions 12*0Sstevel@tonic-gate * and limitations under the License. 13*0Sstevel@tonic-gate * 14*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*0Sstevel@tonic-gate * 20*0Sstevel@tonic-gate * CDDL HEADER END 21*0Sstevel@tonic-gate */ 22*0Sstevel@tonic-gate /* 23*0Sstevel@tonic-gate * Copyright 2001-2003 Sun Microsystems, Inc. All rights reserved. 24*0Sstevel@tonic-gate * Use is subject to license terms. 25*0Sstevel@tonic-gate */ 26*0Sstevel@tonic-gate 27*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*0Sstevel@tonic-gate 29*0Sstevel@tonic-gate #ifndef _LDAP_PARSE_H 30*0Sstevel@tonic-gate #define _LDAP_PARSE_H 31*0Sstevel@tonic-gate 32*0Sstevel@tonic-gate #include <lber.h> 33*0Sstevel@tonic-gate #include <ldap.h> 34*0Sstevel@tonic-gate #include <rpcsvc/nis.h> 35*0Sstevel@tonic-gate 36*0Sstevel@tonic-gate #include "nis_hashitem.h" 37*0Sstevel@tonic-gate 38*0Sstevel@tonic-gate /* Pick up N2L file names */ 39*0Sstevel@tonic-gate #include <ndbm.h> 40*0Sstevel@tonic-gate #include "yptol/shim.h" 41*0Sstevel@tonic-gate #include "yptol/yptol.h" 42*0Sstevel@tonic-gate 43*0Sstevel@tonic-gate #ifdef __cplusplus 44*0Sstevel@tonic-gate extern "C" { 45*0Sstevel@tonic-gate #endif 46*0Sstevel@tonic-gate 47*0Sstevel@tonic-gate /* 48*0Sstevel@tonic-gate * New <ldap.h> doesn't define LDAP_SCOPE_UNKNOWN, but we still need it. 49*0Sstevel@tonic-gate */ 50*0Sstevel@tonic-gate #ifndef LDAP_SCOPE_UNKNOWN 51*0Sstevel@tonic-gate #define LDAP_SCOPE_UNKNOWN 0xFF 52*0Sstevel@tonic-gate #endif 53*0Sstevel@tonic-gate 54*0Sstevel@tonic-gate /* Attribute/value hash list element */ 55*0Sstevel@tonic-gate typedef struct { 56*0Sstevel@tonic-gate __nis_hash_item_mt item; /* item.name is the attr name */ 57*0Sstevel@tonic-gate int numValues; 58*0Sstevel@tonic-gate char **value; /* Array of values */ 59*0Sstevel@tonic-gate bool_t isDefault; /* True if value is a default */ 60*0Sstevel@tonic-gate } __nis_ldap_attribute_t; 61*0Sstevel@tonic-gate 62*0Sstevel@tonic-gate /* YP Domains structure */ 63*0Sstevel@tonic-gate typedef struct { 64*0Sstevel@tonic-gate int numDomains; /* number of domains listed in mapping file */ 65*0Sstevel@tonic-gate char **domainLabels; /* the labels for particular domain names */ 66*0Sstevel@tonic-gate char **domains; /* Array of LDAP domains */ 67*0Sstevel@tonic-gate int numYppasswdd; /* Number of yppasswddDomainLabels */ 68*0Sstevel@tonic-gate char **yppasswddDomainLabels; /* yppasswdd domain labels */ 69*0Sstevel@tonic-gate } __yp_domain_context_t; 70*0Sstevel@tonic-gate 71*0Sstevel@tonic-gate /* 72*0Sstevel@tonic-gate * Begin object mappings 73*0Sstevel@tonic-gate * 74*0Sstevel@tonic-gate * Note that the definitions, where necessary, proceed from the bottom 75*0Sstevel@tonic-gate * (i.e., the "atomic" components) up. 76*0Sstevel@tonic-gate */ 77*0Sstevel@tonic-gate 78*0Sstevel@tonic-gate /* 79*0Sstevel@tonic-gate * String match/print descriptor 80*0Sstevel@tonic-gate * 81*0Sstevel@tonic-gate * Intended for use together with a __nis_mapping_match_type_t, which will 82*0Sstevel@tonic-gate * determine which field of the union is valid. 83*0Sstevel@tonic-gate * 84*0Sstevel@tonic-gate * string Pointer to a NUL-terminated string 85*0Sstevel@tonic-gate * single Represents a single-character match such as '[a-bTe-w]', 86*0Sstevel@tonic-gate * which would become 87*0Sstevel@tonic-gate * { 88*0Sstevel@tonic-gate * 3, numRange 89*0Sstevel@tonic-gate * {'a', 'T', 'e'}, lo 90*0Sstevel@tonic-gate * {'b', 'T', 'w'} hi 91*0Sstevel@tonic-gate * } 92*0Sstevel@tonic-gate * Each pair lo[i]/hi[i] (0 <= i < numRange) defines the 93*0Sstevel@tonic-gate * range of the wild-card match. 94*0Sstevel@tonic-gate * limit No use currrently defined; will probably be removed 95*0Sstevel@tonic-gate * berString Pointer to a string containing a single formatting 96*0Sstevel@tonic-gate * character as defined by ber_printf(3LDAP). Example: "i" 97*0Sstevel@tonic-gate * for a binary integer. 98*0Sstevel@tonic-gate */ 99*0Sstevel@tonic-gate typedef union { 100*0Sstevel@tonic-gate char *string; 101*0Sstevel@tonic-gate struct { 102*0Sstevel@tonic-gate int numRange; 103*0Sstevel@tonic-gate unsigned char *lo; /* Array of numRange elements */ 104*0Sstevel@tonic-gate unsigned char *hi; /* Array of numRange elements */ 105*0Sstevel@tonic-gate } single; 106*0Sstevel@tonic-gate enum { 107*0Sstevel@tonic-gate bos, 108*0Sstevel@tonic-gate eos 109*0Sstevel@tonic-gate } limit; 110*0Sstevel@tonic-gate char *berString; 111*0Sstevel@tonic-gate } __nis_mapping_match_t; 112*0Sstevel@tonic-gate 113*0Sstevel@tonic-gate /* 114*0Sstevel@tonic-gate * String match/print types and descriptor 115*0Sstevel@tonic-gate * 116*0Sstevel@tonic-gate * Used to describe print or match conversions. The 'match' field has 117*0Sstevel@tonic-gate * the following interpretation: 118*0Sstevel@tonic-gate * 119*0Sstevel@tonic-gate * Type __nis_mapping_match_t Comment 120*0Sstevel@tonic-gate * 121*0Sstevel@tonic-gate * mmt_item <unused> Value as indicated by corresponding 122*0Sstevel@tonic-gate * element in __nis_mapping_item_t or 123*0Sstevel@tonic-gate * __nis_mapping_sub_element_t array 124*0Sstevel@tonic-gate * mmt_string string 125*0Sstevel@tonic-gate * mmt_single single 126*0Sstevel@tonic-gate * mmt_limit limit Probably not needed 127*0Sstevel@tonic-gate * mmt_any <unused> Match any number of any character 128*0Sstevel@tonic-gate * mmt_berstring berString 129*0Sstevel@tonic-gate * mmt_begin <unused> Indicates beginning of format; optional 130*0Sstevel@tonic-gate * mmt_end <unused> Indicates end of format; REQUIRED to 131*0Sstevel@tonic-gate * mark the end of an array of 132*0Sstevel@tonic-gate * __nis_mapping_format_t's 133*0Sstevel@tonic-gate */ 134*0Sstevel@tonic-gate typedef enum {mmt_item, mmt_string, mmt_single, mmt_limit, mmt_any, 135*0Sstevel@tonic-gate mmt_berstring, mmt_begin, mmt_end} 136*0Sstevel@tonic-gate __nis_mapping_match_type_t; 137*0Sstevel@tonic-gate 138*0Sstevel@tonic-gate typedef struct { 139*0Sstevel@tonic-gate __nis_mapping_match_type_t type; 140*0Sstevel@tonic-gate __nis_mapping_match_t match; 141*0Sstevel@tonic-gate } __nis_mapping_format_t; 142*0Sstevel@tonic-gate 143*0Sstevel@tonic-gate /* Forward */ 144*0Sstevel@tonic-gate struct __nis_mapping_element_struct; 145*0Sstevel@tonic-gate struct __nis_mapping_item_struct; 146*0Sstevel@tonic-gate 147*0Sstevel@tonic-gate /* 148*0Sstevel@tonic-gate * LDAP search triple 149*0Sstevel@tonic-gate * 150*0Sstevel@tonic-gate * Used to represent a search triple like 151*0Sstevel@tonic-gate * ou=Group,?one?cn=staff 152*0Sstevel@tonic-gate * or 153*0Sstevel@tonic-gate * ou=Group,?one?(&(cn=staff)(gidNumber=10)) 154*0Sstevel@tonic-gate * or 155*0Sstevel@tonic-gate * ou=Hosts,?one?("cn=%s", (cname, "%s.*")) 156*0Sstevel@tonic-gate * 157*0Sstevel@tonic-gate * base The base DN; defaultSearchBase appended if 'base' ends with 158*0Sstevel@tonic-gate * a comma. 159*0Sstevel@tonic-gate * scope One of LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, or 160*0Sstevel@tonic-gate * LDAP_SCOPE_SUBTREE; LDAP_SCOPE_UNKNOWN means that this 161*0Sstevel@tonic-gate * __nis_search_triple_t is inactive 162*0Sstevel@tonic-gate * attrs Either a filter, or a list of attribute/value pairs, depending 163*0Sstevel@tonic-gate * on context. 164*0Sstevel@tonic-gate * element Pointer to a value element. If 'element' is non-NULL, the 165*0Sstevel@tonic-gate * 'attrs' value is derived by evaluating 'element'. 166*0Sstevel@tonic-gate */ 167*0Sstevel@tonic-gate typedef struct { 168*0Sstevel@tonic-gate char *base; 169*0Sstevel@tonic-gate int scope; 170*0Sstevel@tonic-gate char *attrs; 171*0Sstevel@tonic-gate struct __nis_mapping_element_struct *element; 172*0Sstevel@tonic-gate } __nis_search_triple_t; 173*0Sstevel@tonic-gate 174*0Sstevel@tonic-gate /* 175*0Sstevel@tonic-gate * NIS+ index spec 176*0Sstevel@tonic-gate * 177*0Sstevel@tonic-gate * Represents a NIS+ index list, such as 178*0Sstevel@tonic-gate * name=staff,gid=10 179*0Sstevel@tonic-gate * 180*0Sstevel@tonic-gate * numIndexes The number of entries in the 'name'/'value' arrays 181*0Sstevel@tonic-gate * name Array of column names 182*0Sstevel@tonic-gate * value Array of column values; uses __nis_mapping_format_t so that 183*0Sstevel@tonic-gate * wild-cards can be represented 184*0Sstevel@tonic-gate * 185*0Sstevel@tonic-gate * Example 186*0Sstevel@tonic-gate * name=staff,gid=10 187*0Sstevel@tonic-gate * 2, numIndexes 188*0Sstevel@tonic-gate * { name 189*0Sstevel@tonic-gate * "name", 190*0Sstevel@tonic-gate * "gid" 191*0Sstevel@tonic-gate * }, 192*0Sstevel@tonic-gate * { value 193*0Sstevel@tonic-gate * { 194*0Sstevel@tonic-gate * {mmt_begin}, 195*0Sstevel@tonic-gate * {mmt_string, "staff"}, 196*0Sstevel@tonic-gate * {mmt_end} 197*0Sstevel@tonic-gate * }, 198*0Sstevel@tonic-gate * { 199*0Sstevel@tonic-gate * {mmt_begin}, 200*0Sstevel@tonic-gate * {mmt_string, "gid"}, 201*0Sstevel@tonic-gate * {mmt_end} 202*0Sstevel@tonic-gate * } 203*0Sstevel@tonic-gate * } 204*0Sstevel@tonic-gate */ 205*0Sstevel@tonic-gate typedef struct { 206*0Sstevel@tonic-gate int numIndexes; 207*0Sstevel@tonic-gate char **name; 208*0Sstevel@tonic-gate __nis_mapping_format_t **value; 209*0Sstevel@tonic-gate } __nis_index_t; 210*0Sstevel@tonic-gate 211*0Sstevel@tonic-gate /* What to do with the LDAP data when a NIS+ entry is deleted */ 212*0Sstevel@tonic-gate typedef enum {dd_always, dd_perDbId, dd_never} __nis_delete_disp_t; 213*0Sstevel@tonic-gate 214*0Sstevel@tonic-gate /* Type of an element in a mapping rule */ 215*0Sstevel@tonic-gate typedef enum {me_item, me_print, me_split, me_match, me_extract} 216*0Sstevel@tonic-gate __nis_mapping_element_type_t; 217*0Sstevel@tonic-gate 218*0Sstevel@tonic-gate /* Type of an item in a mapping rule */ 219*0Sstevel@tonic-gate typedef enum {mit_any, mit_nisplus, mit_ldap} __nis_mapping_item_type_t; 220*0Sstevel@tonic-gate 221*0Sstevel@tonic-gate /* 222*0Sstevel@tonic-gate * NIS+ object name, with index 223*0Sstevel@tonic-gate * 224*0Sstevel@tonic-gate * Used to represent a name like 225*0Sstevel@tonic-gate * [name = staff, gid = 10]group.org_dir 226*0Sstevel@tonic-gate * (Note: spaces around "=" and after "," to make cstyle happy; such spaces 227*0Sstevel@tonic-gate * are not usually part of the syntax, but they are allowed.) 228*0Sstevel@tonic-gate * 229*0Sstevel@tonic-gate * index The index part of the name. numIndexes == 0 means there is 230*0Sstevel@tonic-gate * no index. 231*0Sstevel@tonic-gate * name The object name proper. If it doesn't end in a dot, the 232*0Sstevel@tonic-gate * nisplusLDAPbaseDomain is appended. 233*0Sstevel@tonic-gate */ 234*0Sstevel@tonic-gate typedef struct { 235*0Sstevel@tonic-gate __nis_index_t index; 236*0Sstevel@tonic-gate char *name; 237*0Sstevel@tonic-gate } __nis_obj_spec_t; 238*0Sstevel@tonic-gate 239*0Sstevel@tonic-gate /* 240*0Sstevel@tonic-gate * Complete representation of a subset of either the DIT or a NIS+ object. 241*0Sstevel@tonic-gate * Intended for use in a __nis_mapping_item_t, where the 'type' field 242*0Sstevel@tonic-gate * determines which field of the __nis_triple_or_obj_t is active. 243*0Sstevel@tonic-gate */ 244*0Sstevel@tonic-gate typedef union { 245*0Sstevel@tonic-gate __nis_search_triple_t triple; 246*0Sstevel@tonic-gate __nis_obj_spec_t obj; 247*0Sstevel@tonic-gate } __nis_triple_or_obj_t; 248*0Sstevel@tonic-gate 249*0Sstevel@tonic-gate /* 250*0Sstevel@tonic-gate * Mapping item 251*0Sstevel@tonic-gate * 252*0Sstevel@tonic-gate * The mapping item is a single LDAP attribute, or a NIS+ table column, such as 253*0Sstevel@tonic-gate * ldap:gidNumber:ou=Group, ?one?cn=staff 254*0Sstevel@tonic-gate * or 255*0Sstevel@tonic-gate * nisplus:gid[name = staff]group.org_dir 256*0Sstevel@tonic-gate * (Note: spaces around "=" and after "," to make cstyle happy; such spaces 257*0Sstevel@tonic-gate * are not usually part of the syntax, but they are allowed.) 258*0Sstevel@tonic-gate * 259*0Sstevel@tonic-gate * type mit_ldap or mit_nisplus 260*0Sstevel@tonic-gate * name Attribute/column name 261*0Sstevel@tonic-gate * searchSpec LDAP search triple, or NIS+ indexed object name 262*0Sstevel@tonic-gate * repeat True if item should be repeated if necessary. This is used 263*0Sstevel@tonic-gate * to represent implied lists, such as '(memberUid)', which 264*0Sstevel@tonic-gate * denotes all values of the 'memberUid' attribute. 265*0Sstevel@tonic-gate * exItem forward mapping item for supporting removespec syntax. 266*0Sstevel@tonic-gate * 267*0Sstevel@tonic-gate */ 268*0Sstevel@tonic-gate typedef struct __nis_mapping_item_struct { 269*0Sstevel@tonic-gate __nis_mapping_item_type_t type; 270*0Sstevel@tonic-gate char *name; 271*0Sstevel@tonic-gate __nis_triple_or_obj_t searchSpec; 272*0Sstevel@tonic-gate bool_t repeat; 273*0Sstevel@tonic-gate struct __nis_mapping_item_struct *exItem; 274*0Sstevel@tonic-gate } __nis_mapping_item_t; 275*0Sstevel@tonic-gate 276*0Sstevel@tonic-gate /* 277*0Sstevel@tonic-gate * Sub-element of a mapping rule element 278*0Sstevel@tonic-gate * 279*0Sstevel@tonic-gate * Each element/sub-element represents the value(s) derived according to 280*0Sstevel@tonic-gate * the semantics of the element. Although not explicitly represented here, 281*0Sstevel@tonic-gate * values are either strings or BER byte sequences. 282*0Sstevel@tonic-gate * 283*0Sstevel@tonic-gate * type Type of the 'element' union 284*0Sstevel@tonic-gate * element.item A single item 285*0Sstevel@tonic-gate * element.print printf(3C)-style value 286*0Sstevel@tonic-gate * fmt Array of formatting elements, terminated by 'mmt_end' 287*0Sstevel@tonic-gate * numItems Number of items in the 'item' array 288*0Sstevel@tonic-gate * item Array of 'numItems' items 289*0Sstevel@tonic-gate * doElide Should the last character of the (string) value be 290*0Sstevel@tonic-gate * removed ? 291*0Sstevel@tonic-gate * elide Character to be removed 292*0Sstevel@tonic-gate * element.split Item value string split into multiple values 293*0Sstevel@tonic-gate * item A single item 294*0Sstevel@tonic-gate * delim The separator character for the split 295*0Sstevel@tonic-gate * element.extract Extraction of a sub-string from an item value 296*0Sstevel@tonic-gate * fmt Array of formatting elements, terminated by 'mmt_end' 297*0Sstevel@tonic-gate * item A single item 298*0Sstevel@tonic-gate * 299*0Sstevel@tonic-gate * Examples (see __nis_mapping_element_t below for examples using the 'item' 300*0Sstevel@tonic-gate * field of __nis_mapping_sub_element_t). For notational convenience, 301*0Sstevel@tonic-gate * __nis_mapping_item_t's are shortened to just the item name. 302*0Sstevel@tonic-gate * 303*0Sstevel@tonic-gate * (1) String value consisting of the string "{crypt}" followed by the 304*0Sstevel@tonic-gate * value of the 'passwd' column. The NIS+LDAPmapping(4) representation 305*0Sstevel@tonic-gate * is 306*0Sstevel@tonic-gate * ("{crypt}%s", passwd) 307*0Sstevel@tonic-gate * and the element.print contains 308*0Sstevel@tonic-gate * { fmt 309*0Sstevel@tonic-gate * {mmt_begin}, 310*0Sstevel@tonic-gate * {mmt_string, "{crypt}"}, 311*0Sstevel@tonic-gate * {mmt_item}, 312*0Sstevel@tonic-gate * {mmt_end} 313*0Sstevel@tonic-gate * }, 314*0Sstevel@tonic-gate * 1, numItems 315*0Sstevel@tonic-gate * { item 316*0Sstevel@tonic-gate * {"passwd"} 317*0Sstevel@tonic-gate * } 318*0Sstevel@tonic-gate * FALSE, doElide 319*0Sstevel@tonic-gate * '\0' elide (unused) 320*0Sstevel@tonic-gate * 321*0Sstevel@tonic-gate * (2) Split a value such as "member1,member2,member3" into multiple 322*0Sstevel@tonic-gate * (three, here) values using ',' as the separator. 323*0Sstevel@tonic-gate * (members, ",") 324*0Sstevel@tonic-gate * element.split 325*0Sstevel@tonic-gate * {"members"}, item 326*0Sstevel@tonic-gate * ',' delim 327*0Sstevel@tonic-gate * 328*0Sstevel@tonic-gate * (3) Given a 'cname' column with the value "some.dom.ain.", extract 329*0Sstevel@tonic-gate * "some", which becomes the value of the expression. 330*0Sstevel@tonic-gate * (cname, "%s.*") 331*0Sstevel@tonic-gate * element.extract 332*0Sstevel@tonic-gate * { fmt 333*0Sstevel@tonic-gate * {mmt_begin}, 334*0Sstevel@tonic-gate * {mmt_item}, 335*0Sstevel@tonic-gate * {mmt_string, "."}, 336*0Sstevel@tonic-gate * {mmt_any}, 337*0Sstevel@tonic-gate * {mmt_end} 338*0Sstevel@tonic-gate * }, 339*0Sstevel@tonic-gate * {"cname"} item 340*0Sstevel@tonic-gate */ 341*0Sstevel@tonic-gate typedef struct { 342*0Sstevel@tonic-gate __nis_mapping_element_type_t type; 343*0Sstevel@tonic-gate union { 344*0Sstevel@tonic-gate __nis_mapping_item_t item; 345*0Sstevel@tonic-gate struct { 346*0Sstevel@tonic-gate __nis_mapping_format_t *fmt; 347*0Sstevel@tonic-gate int numItems; 348*0Sstevel@tonic-gate __nis_mapping_item_t *item; 349*0Sstevel@tonic-gate bool_t doElide; 350*0Sstevel@tonic-gate unsigned char elide; 351*0Sstevel@tonic-gate } print; 352*0Sstevel@tonic-gate struct { 353*0Sstevel@tonic-gate __nis_mapping_item_t item; 354*0Sstevel@tonic-gate unsigned char delim; 355*0Sstevel@tonic-gate } split; 356*0Sstevel@tonic-gate struct { 357*0Sstevel@tonic-gate __nis_mapping_format_t *fmt; 358*0Sstevel@tonic-gate __nis_mapping_item_t item; 359*0Sstevel@tonic-gate } extract; 360*0Sstevel@tonic-gate } element; 361*0Sstevel@tonic-gate } __nis_mapping_sub_element_t; 362*0Sstevel@tonic-gate 363*0Sstevel@tonic-gate /* 364*0Sstevel@tonic-gate * Mapping rule element 365*0Sstevel@tonic-gate * 366*0Sstevel@tonic-gate * Each element/sub-element represents the value(s) derived according to 367*0Sstevel@tonic-gate * the semantics of the element. Although not explicitly represented here, 368*0Sstevel@tonic-gate * values are either strings or BER byte sequences. 369*0Sstevel@tonic-gate * 370*0Sstevel@tonic-gate * type Type of the 'element' union 371*0Sstevel@tonic-gate * element.item A single item 372*0Sstevel@tonic-gate * element.print printf(3C)-style value 373*0Sstevel@tonic-gate * fmt Array of formatting elements, terminated by 'mmt_end' 374*0Sstevel@tonic-gate * numSubElements Number of sub-elements in the 'subElement' array 375*0Sstevel@tonic-gate * subElement Array of 'numSubElements' sub-elements 376*0Sstevel@tonic-gate * doElide Should the last character of the (string) value(s) be 377*0Sstevel@tonic-gate * removed ? 378*0Sstevel@tonic-gate * elide Character to be removed 379*0Sstevel@tonic-gate * element.split Item value string split into multiple values 380*0Sstevel@tonic-gate * item A single item 381*0Sstevel@tonic-gate * delim The separator character for the split 382*0Sstevel@tonic-gate * element.match Assignment of item values by matching to a format 383*0Sstevel@tonic-gate * fmt Array of formatting elements, terminated by 'mmt_end' 384*0Sstevel@tonic-gate * numItems Number of items in the 'item' array 385*0Sstevel@tonic-gate * item Array of 'numItems' items 386*0Sstevel@tonic-gate * element.extract Extraction of a sub-string from an item value 387*0Sstevel@tonic-gate * fmt Array of formatting elements, terminated by 'mmt_end' 388*0Sstevel@tonic-gate * item A single item 389*0Sstevel@tonic-gate * 390*0Sstevel@tonic-gate * Examples; items represented by just the item name. 391*0Sstevel@tonic-gate * 392*0Sstevel@tonic-gate * (1) The value of the 'name' column. 393*0Sstevel@tonic-gate * name 394*0Sstevel@tonic-gate * element.item 395*0Sstevel@tonic-gate * {"name"} item 396*0Sstevel@tonic-gate * 397*0Sstevel@tonic-gate * (2) Example (1) for a sub-element showed how to construct a value from 398*0Sstevel@tonic-gate * a printf(3C)-style format string and one or more item values. 399*0Sstevel@tonic-gate * However that example is only valid when used as a sub-expression 400*0Sstevel@tonic-gate * (in place of an item in a 'print' list, for example). If 401*0Sstevel@tonic-gate * ("{crypt}%s", passwd) 402*0Sstevel@tonic-gate * was part of a rule like 403*0Sstevel@tonic-gate * userPassword=("{crypt}%s", passwd) 404*0Sstevel@tonic-gate * the representation would use a __nis_mapping_element_t as follows. 405*0Sstevel@tonic-gate * element.print 406*0Sstevel@tonic-gate * { fmt 407*0Sstevel@tonic-gate * {mmt_begin}, 408*0Sstevel@tonic-gate * {mmt_string, "{crypt}"}, 409*0Sstevel@tonic-gate * {mmt_item}, 410*0Sstevel@tonic-gate * {mmt_end} 411*0Sstevel@tonic-gate * }, 412*0Sstevel@tonic-gate * 1, numSubElements 413*0Sstevel@tonic-gate * { subElement 414*0Sstevel@tonic-gate * me_item, type 415*0Sstevel@tonic-gate * {"passwd"} item 416*0Sstevel@tonic-gate * }, 417*0Sstevel@tonic-gate * FALSE, doElide 418*0Sstevel@tonic-gate * '\0' elide (unused) 419*0Sstevel@tonic-gate * 420*0Sstevel@tonic-gate * (3) Match a value such as "{dh-1024}abcdef000234" to a template format 421*0Sstevel@tonic-gate * "{%s}%s", assign "dh-1024" to the 'auth_type' column, and 422*0Sstevel@tonic-gate * "abcdef000234" to the 'public_data' column. 423*0Sstevel@tonic-gate * ("{%s}%s", auth_type, public_data) 424*0Sstevel@tonic-gate * element.match 425*0Sstevel@tonic-gate * { fmt 426*0Sstevel@tonic-gate * {mmt_begin}, 427*0Sstevel@tonic-gate * {mmt_string, "{"}, 428*0Sstevel@tonic-gate * {mmt_item}, 429*0Sstevel@tonic-gate * {mmt_string, "}"}, 430*0Sstevel@tonic-gate * {mmt_item}, 431*0Sstevel@tonic-gate * {mmt_end} 432*0Sstevel@tonic-gate * } 433*0Sstevel@tonic-gate * 2, numItems 434*0Sstevel@tonic-gate * { item 435*0Sstevel@tonic-gate * {"auth_type"}, 436*0Sstevel@tonic-gate * {"public_data"} 437*0Sstevel@tonic-gate * } 438*0Sstevel@tonic-gate */ 439*0Sstevel@tonic-gate typedef struct __nis_mapping_element_struct { 440*0Sstevel@tonic-gate __nis_mapping_element_type_t type; 441*0Sstevel@tonic-gate union { 442*0Sstevel@tonic-gate __nis_mapping_item_t item; 443*0Sstevel@tonic-gate struct { 444*0Sstevel@tonic-gate __nis_mapping_format_t *fmt; 445*0Sstevel@tonic-gate int numSubElements; 446*0Sstevel@tonic-gate __nis_mapping_sub_element_t *subElement; 447*0Sstevel@tonic-gate bool_t doElide; 448*0Sstevel@tonic-gate unsigned char elide; 449*0Sstevel@tonic-gate } print; 450*0Sstevel@tonic-gate struct { 451*0Sstevel@tonic-gate __nis_mapping_item_t item; 452*0Sstevel@tonic-gate unsigned char delim; 453*0Sstevel@tonic-gate } split; 454*0Sstevel@tonic-gate struct { 455*0Sstevel@tonic-gate __nis_mapping_format_t *fmt; 456*0Sstevel@tonic-gate int numItems; 457*0Sstevel@tonic-gate __nis_mapping_item_t *item; 458*0Sstevel@tonic-gate } match; 459*0Sstevel@tonic-gate struct { 460*0Sstevel@tonic-gate __nis_mapping_format_t *fmt; 461*0Sstevel@tonic-gate __nis_mapping_item_t item; 462*0Sstevel@tonic-gate } extract; 463*0Sstevel@tonic-gate } element; 464*0Sstevel@tonic-gate } __nis_mapping_element_t; 465*0Sstevel@tonic-gate 466*0Sstevel@tonic-gate /* 467*0Sstevel@tonic-gate * One side (left or right) of a mapping rule 468*0Sstevel@tonic-gate * 469*0Sstevel@tonic-gate * Example 470*0Sstevel@tonic-gate * The rule 471*0Sstevel@tonic-gate * userPassword=("{crypt}%s", passwd) 472*0Sstevel@tonic-gate * would be reprsented by a __nis_mapping_rule_t as follows 473*0Sstevel@tonic-gate * { lhs 474*0Sstevel@tonic-gate * 1, numElements 475*0Sstevel@tonic-gate * { element 476*0Sstevel@tonic-gate * me_item, 477*0Sstevel@tonic-gate * {"userPassword"} 478*0Sstevel@tonic-gate * } 479*0Sstevel@tonic-gate * }, 480*0Sstevel@tonic-gate * { rhs 481*0Sstevel@tonic-gate * 1, numElements 482*0Sstevel@tonic-gate * { element 483*0Sstevel@tonic-gate * me_print, 484*0Sstevel@tonic-gate * { 485*0Sstevel@tonic-gate * See example (2) under 486*0Sstevel@tonic-gate * __nis_mapping_element_t 487*0Sstevel@tonic-gate * above 488*0Sstevel@tonic-gate * } 489*0Sstevel@tonic-gate * } 490*0Sstevel@tonic-gate * } 491*0Sstevel@tonic-gate */ 492*0Sstevel@tonic-gate typedef struct { 493*0Sstevel@tonic-gate int numElements; 494*0Sstevel@tonic-gate __nis_mapping_element_t *element; 495*0Sstevel@tonic-gate } __nis_mapping_rlhs_t; 496*0Sstevel@tonic-gate 497*0Sstevel@tonic-gate /* A single mapping rule: attribute -> column or column -> attribute */ 498*0Sstevel@tonic-gate typedef struct { 499*0Sstevel@tonic-gate __nis_mapping_rlhs_t lhs; 500*0Sstevel@tonic-gate __nis_mapping_rlhs_t rhs; 501*0Sstevel@tonic-gate } __nis_mapping_rule_t; 502*0Sstevel@tonic-gate 503*0Sstevel@tonic-gate /* 504*0Sstevel@tonic-gate * Map (sub-set of) NIS+ object to location(s) in the LDAP DB 505*0Sstevel@tonic-gate * 506*0Sstevel@tonic-gate * read base/scope/filter triple used to read data from LDAP; 507*0Sstevel@tonic-gate * LDAP_SCOPE_UNKNOWN indicates that 'read' is unused 508*0Sstevel@tonic-gate * write base/scope/attrlist triple used to write data to LDAP; 509*0Sstevel@tonic-gate * LDAP_SCOPE_UNKNOWN indicates that 'write' is unused 510*0Sstevel@tonic-gate * delDisp What should happen to the LDAP entry when the corresponding 511*0Sstevel@tonic-gate * NIS+ data is deleted. 512*0Sstevel@tonic-gate * dbIdName The dbId for the delete rule set (if any) 513*0Sstevel@tonic-gate * numDbIds The number of rules in the 'dbId' rule set 514*0Sstevel@tonic-gate * dbId The delete rule set; this field must point to a valid 515*0Sstevel@tonic-gate * rule set if 'delDisp' is 'dd_perDbId'; ignored otherwise 516*0Sstevel@tonic-gate * next Pointer to the next __nis_object_dn_t structure for this 517*0Sstevel@tonic-gate * NIS+ object. 518*0Sstevel@tonic-gate * 519*0Sstevel@tonic-gate * Example 520*0Sstevel@tonic-gate * The "group.org_dir.x.y.z." NIS+ table should be read from and 521*0Sstevel@tonic-gate * written to the "ou=Group" container at "dc=x,dc=y,dc=z". Upon 522*0Sstevel@tonic-gate * NIS+ entry deletion, we should always attempt to delete the 523*0Sstevel@tonic-gate * corresponding LDAP attributes. 524*0Sstevel@tonic-gate * 525*0Sstevel@tonic-gate * { read 526*0Sstevel@tonic-gate * "ou=Group,dc=x,dc=y,dc=z", 527*0Sstevel@tonic-gate * LDAP_SCOPE_ONELEVEL, 528*0Sstevel@tonic-gate * "objectClass=posixGroup" 529*0Sstevel@tonic-gate * }, 530*0Sstevel@tonic-gate * { write 531*0Sstevel@tonic-gate * "ou=Group,dc=x,dc=y,dc=z", 532*0Sstevel@tonic-gate * LDAP_SCOPE_ONELEVEL, 533*0Sstevel@tonic-gate * "objectClass=posixGroup" 534*0Sstevel@tonic-gate * }, 535*0Sstevel@tonic-gate * dd_always, delDisp 536*0Sstevel@tonic-gate * NULL, dbIdName 537*0Sstevel@tonic-gate * 0, 538*0Sstevel@tonic-gate * NULL, dbId 539*0Sstevel@tonic-gate * NULL next 540*0Sstevel@tonic-gate */ 541*0Sstevel@tonic-gate typedef struct { 542*0Sstevel@tonic-gate __nis_search_triple_t read; 543*0Sstevel@tonic-gate __nis_search_triple_t write; 544*0Sstevel@tonic-gate __nis_delete_disp_t delDisp; 545*0Sstevel@tonic-gate char *dbIdName; 546*0Sstevel@tonic-gate int numDbIds; 547*0Sstevel@tonic-gate __nis_mapping_rule_t **dbId; /* Delete rule set */ 548*0Sstevel@tonic-gate void *next; 549*0Sstevel@tonic-gate } __nis_object_dn_t; 550*0Sstevel@tonic-gate 551*0Sstevel@tonic-gate /* 552*0Sstevel@tonic-gate * Per-dbId or -object mapping 553*0Sstevel@tonic-gate * 554*0Sstevel@tonic-gate * Initially collected per-dbId (so that item.name=dbId), the 555*0Sstevel@tonic-gate * __nis_table_mapping_t's are later stored per-object (whereupon 556*0Sstevel@tonic-gate * item.name=objName). 557*0Sstevel@tonic-gate * 558*0Sstevel@tonic-gate * item Structure used by the hash_item functions 559*0Sstevel@tonic-gate * dbId The dbId associated with the __nis_table_mapping_t 560*0Sstevel@tonic-gate * structure 561*0Sstevel@tonic-gate * index Object sub-set specification; only defined for 562*0Sstevel@tonic-gate * tables; index.numIndexes equal to zero means that 563*0Sstevel@tonic-gate * the 'index' is unused. 564*0Sstevel@tonic-gate * next Pointer to next table sub-set, if any 565*0Sstevel@tonic-gate * numColumns Number of columns if the object is a table 566*0Sstevel@tonic-gate * column Column names 567*0Sstevel@tonic-gate * initTtlLo Lower limit on the initial TTL 568*0Sstevel@tonic-gate * initTtlHi Upper limit on the initial TTL 569*0Sstevel@tonic-gate * ttl TTL set after refresh 570*0Sstevel@tonic-gate * commentChar NIS map comment character 571*0Sstevel@tonic-gate * objectDN Location in the LDAP DB 572*0Sstevel@tonic-gate * numSplits number of split fields 573*0Sstevel@tonic-gate * separatorStr separator string to break up NIS split field attributes 574*0Sstevel@tonic-gate * usedns_flag indicates if the -b option to makedbm is used for a map. 575*0Sstevel@tonic-gate * securemap_flag indicates if the -s option to makedbm is used for a map. 576*0Sstevel@tonic-gate * __nis_mapping_element_t Parsed format strings and name fields storage 577*0Sstevel@tonic-gate * numRulesFromLDAP Number of rules (and hence elements in the 578*0Sstevel@tonic-gate * 'ruleFromLDAP' array) for mapping LDAP entries 579*0Sstevel@tonic-gate * to NIS+ objects 580*0Sstevel@tonic-gate * ruleFromLDAP 581*0Sstevel@tonic-gate * numRulesToLDAP Number of rules (and hence elements in the 582*0Sstevel@tonic-gate * 'ruleToLDAP' array) for mapping NIS+ objects to 583*0Sstevel@tonic-gate * LDAP entries 584*0Sstevel@tonic-gate * ruleToLDAP 585*0Sstevel@tonic-gate * objType The NIS+ object type; NIS_BOGUS_OBJ used to indicate 586*0Sstevel@tonic-gate * not set (in which case the other object data fields 587*0Sstevel@tonic-gate * should be assumed to be invalid) 588*0Sstevel@tonic-gate * objName The fully qualified name of the NIS+ object 589*0Sstevel@tonic-gate * objPath The name used internally by libnisdb (which 590*0Sstevel@tonic-gate * is path to the data file for the table/directory 591*0Sstevel@tonic-gate * containing the object) 592*0Sstevel@tonic-gate * obj A copy of the object itself 593*0Sstevel@tonic-gate * isMaster Set if this machine is the master for the object 594*0Sstevel@tonic-gate * (actually for the directory containing it) 595*0Sstevel@tonic-gate * seq_num A sequence number representing the order of the maps 596*0Sstevel@tonic-gate * as listed in the NISLDAPmapping.template file. 597*0Sstevel@tonic-gate * 598*0Sstevel@tonic-gate * Example 599*0Sstevel@tonic-gate * Map the subset of the NIS+ 'group.org_dir.x.y.z.' table for which 600*0Sstevel@tonic-gate * is true that the 'name' starts with 'a' or 'o' to location per 601*0Sstevel@tonic-gate * the __nis_object_dn_t example above. No translation rules. 602*0Sstevel@tonic-gate * 603*0Sstevel@tonic-gate * { item 604*0Sstevel@tonic-gate * "group.org_dir.x.y.z." name 605*0Sstevel@tonic-gate * <omitted> 606*0Sstevel@tonic-gate * }, 607*0Sstevel@tonic-gate * "group_subset", dbId 608*0Sstevel@tonic-gate * 1, numIndexes 609*0Sstevel@tonic-gate * { index 610*0Sstevel@tonic-gate * 1, 611*0Sstevel@tonic-gate * {"name"}, 612*0Sstevel@tonic-gate * { 613*0Sstevel@tonic-gate * {mmt_begin}, 614*0Sstevel@tonic-gate * { 615*0Sstevel@tonic-gate * mmt_single, 616*0Sstevel@tonic-gate * 2, 617*0Sstevel@tonic-gate * {'a', 'o'}, 618*0Sstevel@tonic-gate * {'a', 'o'}, 619*0Sstevel@tonic-gate * } 620*0Sstevel@tonic-gate * {mmt_any}, 621*0Sstevel@tonic-gate * {mmt_end} 622*0Sstevel@tonic-gate * } 623*0Sstevel@tonic-gate * } 624*0Sstevel@tonic-gate * NULL, next 625*0Sstevel@tonic-gate * 4, numColumns 626*0Sstevel@tonic-gate * { column 627*0Sstevel@tonic-gate * "name", 628*0Sstevel@tonic-gate * "passwd", 629*0Sstevel@tonic-gate * "gid", 630*0Sstevel@tonic-gate * "members" 631*0Sstevel@tonic-gate * }, 632*0Sstevel@tonic-gate * 1800, initTtlLo 633*0Sstevel@tonic-gate * 5400, initTtlHi 634*0Sstevel@tonic-gate * 3600, ttl 635*0Sstevel@tonic-gate * '#', commentChar 636*0Sstevel@tonic-gate * <see __nis_object_dn_t example>, objectDN 637*0Sstevel@tonic-gate * 0, numSplits 638*0Sstevel@tonic-gate * NULL, separatorStr 639*0Sstevel@tonic-gate * 0, usedns_flag 640*0Sstevel@tonic-gate * 0, securemap_flag 641*0Sstevel@tonic-gate * <see __nis_mapping_element_t example>, e 642*0Sstevel@tonic-gate * 0, numRulesFromLDAP 643*0Sstevel@tonic-gate * NULL, ruleFromLDAP 644*0Sstevel@tonic-gate * 0, numRulesToLDAP 645*0Sstevel@tonic-gate * NULL ruleToLDAP 646*0Sstevel@tonic-gate * NIS_TABLE_OBJ, objType 647*0Sstevel@tonic-gate * "group.org_dir.x.y.z.", objName 648*0Sstevel@tonic-gate * "/var/nis/data/group.org_dir" objPath 649*0Sstevel@tonic-gate * <pointer to NIS+ object> obj 650*0Sstevel@tonic-gate * 1 isMaster 651*0Sstevel@tonic-gate */ 652*0Sstevel@tonic-gate typedef struct { 653*0Sstevel@tonic-gate __nis_hash_item_mt item; /* item.name=dbId||objName */ 654*0Sstevel@tonic-gate char *dbId; /* Used during initializaton */ 655*0Sstevel@tonic-gate __nis_index_t index; 656*0Sstevel@tonic-gate void *next; /* Next sub-set spec */ 657*0Sstevel@tonic-gate void *seqNext; /* Next in config sequence */ 658*0Sstevel@tonic-gate int numColumns; 659*0Sstevel@tonic-gate char **column; 660*0Sstevel@tonic-gate time_t initTtlLo; 661*0Sstevel@tonic-gate time_t initTtlHi; 662*0Sstevel@tonic-gate time_t ttl; 663*0Sstevel@tonic-gate char commentChar; 664*0Sstevel@tonic-gate __nis_object_dn_t *objectDN; 665*0Sstevel@tonic-gate int numSplits; 666*0Sstevel@tonic-gate char *separatorStr; 667*0Sstevel@tonic-gate int usedns_flag; 668*0Sstevel@tonic-gate int securemap_flag; 669*0Sstevel@tonic-gate __nis_mapping_element_t *e; 670*0Sstevel@tonic-gate int numRulesFromLDAP; 671*0Sstevel@tonic-gate __nis_mapping_rule_t **ruleFromLDAP; 672*0Sstevel@tonic-gate int numRulesToLDAP; 673*0Sstevel@tonic-gate __nis_mapping_rule_t **ruleToLDAP; 674*0Sstevel@tonic-gate /* 675*0Sstevel@tonic-gate * The following fields contain information about the mapped object. 676*0Sstevel@tonic-gate */ 677*0Sstevel@tonic-gate zotypes objType; 678*0Sstevel@tonic-gate char *objName; /* FQ object name */ 679*0Sstevel@tonic-gate char *objPath; /* nisdb's internal name */ 680*0Sstevel@tonic-gate nis_object *obj; /* NIS+ object */ 681*0Sstevel@tonic-gate int isMaster; /* Master for this object ? */ 682*0Sstevel@tonic-gate int seq_num; 683*0Sstevel@tonic-gate } __nis_table_mapping_t; 684*0Sstevel@tonic-gate 685*0Sstevel@tonic-gate /* End object mappings */ 686*0Sstevel@tonic-gate 687*0Sstevel@tonic-gate /* Default config file paths */ 688*0Sstevel@tonic-gate #define DEFAULTCONFFILE "/var/nis/NIS+LDAPmapping" 689*0Sstevel@tonic-gate #define ETCCONFFILE "/etc/default/rpc.nisd" 690*0Sstevel@tonic-gate #define YP_DEFAULTCONFFILE NTOL_MAP_FILE 691*0Sstevel@tonic-gate #define YP_ETCCONFFILE NTOL_CONFIG_FILE 692*0Sstevel@tonic-gate 693*0Sstevel@tonic-gate /* Path to the root object dir file */ 694*0Sstevel@tonic-gate #define ROOTDIRFILE "/var/nis/data/root_dir" 695*0Sstevel@tonic-gate /* Path to the root object file */ 696*0Sstevel@tonic-gate #define ROOTOBJFILE "/var/nis/data/root.object" 697*0Sstevel@tonic-gate 698*0Sstevel@tonic-gate extern __nis_table_mapping_t *ldapMappingSeq; 699*0Sstevel@tonic-gate extern int yp2ldap; 700*0Sstevel@tonic-gate 701*0Sstevel@tonic-gate /* Exported functions */ 702*0Sstevel@tonic-gate int parseConfig(char **ldapCLA, char *ldapConfFile); 703*0Sstevel@tonic-gate int linked2hash(__nis_table_mapping_t *tlist); 704*0Sstevel@tonic-gate int dbids2objs(__nis_hash_table_mt *objs, 705*0Sstevel@tonic-gate __nis_hash_table_mt *dbids); 706*0Sstevel@tonic-gate void __make_legal(char *s); 707*0Sstevel@tonic-gate char *internal_table_name(nis_name name, char *res); 708*0Sstevel@tonic-gate nis_name relative_name(char *s); 709*0Sstevel@tonic-gate char *internalTableName(char *name); 710*0Sstevel@tonic-gate __nis_table_mapping_t *getObjMapping(char *name, char *intNameArg, 711*0Sstevel@tonic-gate int asObj, 712*0Sstevel@tonic-gate int *doRead, int *doWrite); 713*0Sstevel@tonic-gate 714*0Sstevel@tonic-gate #ifdef __cplusplus 715*0Sstevel@tonic-gate } 716*0Sstevel@tonic-gate #endif /* __cplusplus */ 717*0Sstevel@tonic-gate 718*0Sstevel@tonic-gate #endif /* _LDAP_PARSE_H */ 719