/*
* Handle the case in which we have the directory object but not its table.
* It is called when we try to lookup an item and get back a NIS_NOSUCHTABLE.
* On master, table should always exist; missing due to a mkdir failure
* master: create table & return (item) not found
* master & readonly: return system error
* On replica: indicates we have not seen directory's update yet.
* replica: add to pinglist and return NIS_NOT_ME
* replica & readonly: return NIS_NOT_ME
*/
nis_error
recover_from_no_table(nis_object* d_obj, nis_name dirname)
{
if (we_serve(&(d_obj->DI_data), MASTER_ONLY)) {
if (readonly)
return (NIS_TRYAGAIN);
else {
/* create table */
nis_error status;
if ((status = db_create(dirname, &tbl_prototype)) !=
NIS_SUCCESS) {
syslog(LOG_ERR,
"Unable to create table %s: %s.",
dirname, nis_sperrno(status));
return (status);
} else
return (NIS_SUCCESS);
}
} else {
/* replica */
if (!readonly) /* force update */
add_pingitem(d_obj, time(0), &upd_list);
return (NIS_NOT_ME);
}
}
char *
nis_sperror_r (const nis_error status, const char *label,
char *buffer, size_t buflen)
{
if (snprintf (buffer, buflen, "%s: %s", label, nis_sperrno (status))
>= buflen)
{
__set_errno (ERANGE);
return NULL;
}
return buffer;
}
void
__nis_print_result(nis_result *res)
{
(void) fprintf(__nis_debug_file,
"status=%s, %d object%s, [z=%d, d=%d, a=%d, c=%d]\n",
nis_sperrno(res->status),
res->objects.objects_len,
res->objects.objects_len == 1 ? "" : "s",
res->zticks,
res->dticks,
res->aticks,
res->cticks);
}
int
nisplus_reload(mnt_map *m, char *map, void (*fn) ())
{
int error = 0;
struct nis_callback_data data;
nis_result *result;
char *org; /* if map does not have ".org_dir" then append it */
nis_name map_name;
size_t l;
org = strstr(map, NISPLUS_ORGDIR);
if (org == NULL)
org = NISPLUS_ORGDIR;
else
org = "";
/* make some room for the NIS map_name */
l = strlen(map) + sizeof(NISPLUS_ORGDIR);
map_name = xmalloc(l);
if (map_name == NULL) {
plog(XLOG_ERROR, "Unable to create map_name %s: %s",
map, strerror(ENOMEM));
return ENOMEM;
}
xsnprintf(map_name, l, "%s%s", map, org);
data.ncd_m = m;
data.ncd_map = map_name;
data.ncd_fn = fn;
dlog("NISplus reload for %s", map);
result = nis_list(map_name,
EXPAND_NAME | FOLLOW_LINKS | FOLLOW_PATH,
(int (*)()) nisplus_callback,
&data);
/* free off the NIS map_name */
XFREE(map_name);
if (result->status != NIS_SUCCESS && result->status != NIS_CBRESULTS)
error = 1;
if (error)
plog(XLOG_ERROR, "error grabbing nisplus map of %s: %s",
map,
nis_sperrno(result->status));
nis_freeresult(result);
return error;
}
void
nis_print_result (const nis_result *res)
{
unsigned int i;
printf (_("Status : %s\n"), nis_sperrno (NIS_RES_STATUS (res)));
printf (_("Number of objects : %u\n"), res->objects.objects_len);
for (i = 0; i < res->objects.objects_len; i++)
{
printf (_("Object #%d:\n"), i);
nis_print_object (&res->objects.objects_val[i]);
}
}
/* Check that someone else don't have the same auth information already */
static
nis_error
auth_exists(char *princname, char *auth_name, char *auth_type, char *domain)
{
char sname[NIS_MAXNAMELEN+MAXHOSTNAMELEN+64];
nis_result *res;
nis_error status;
char *foundprinc;
(void) sprintf(sname, "[auth_name=%s,auth_type=%s],%s.%s",
auth_name, auth_type, CRED_TABLE, domain);
if (sname[strlen(sname)-1] != '.')
strcat(sname, ".");
/* Don't want FOLLOW_PATH here */
res = nis_list(sname,
MASTER_ONLY+USE_DGRAM+NO_AUTHINFO+FOLLOW_LINKS,
NULL, NULL);
status = res->status;
switch (res->status) {
case NIS_NOTFOUND:
break;
case NIS_TRYAGAIN :
(void) fprintf(stderr,
"%s: NIS+ server busy, try again later.\n",
program_name);
exit(1);
case NIS_PERMISSION :
(void) fprintf(stderr,
"%s: insufficient permission to look up old credentials.\n",
program_name);
exit(1);
case NIS_SUCCESS:
foundprinc = ENTRY_VAL(res->objects.objects_val, 0);
if (nis_dir_cmp(foundprinc, princname) != SAME_NAME) {
(void) fprintf(stderr,
"%s: %s credentials with auth_name '%s' already belong to '%s'.\n",
program_name, auth_type, auth_name, foundprinc);
exit(1);
}
break;
default:
(void) fprintf(stderr,
"%s: error looking at cred table, NIS+ error: %s\n",
program_name, nis_sperrno(res->status));
exit(1);
}
nis_freeresult(res);
return (status);
}
int
nisplus_init(mnt_map *m, char *map, time_t *tp)
{
nis_result *result;
char *org; /* if map does not have ".org_dir" then append it */
nis_name map_name;
int error = 0;
size_t l;
org = strstr(map, NISPLUS_ORGDIR);
if (org == NULL)
org = NISPLUS_ORGDIR;
else
org = "";
/* make some room for the NIS map_name */
l = strlen(map) + sizeof(NISPLUS_ORGDIR);
map_name = xmalloc(l);
if (map_name == NULL) {
plog(XLOG_ERROR,
"Unable to create map_name %s: %s",
map,
strerror(ENOMEM));
return ENOMEM;
}
xsnprintf(map_name, l, "%s%s", map, org);
result = nis_lookup(map_name, (EXPAND_NAME | FOLLOW_LINKS | FOLLOW_PATH));
/* free off the NIS map_name */
XFREE(map_name);
if (result == NULL) {
plog(XLOG_ERROR, "NISplus init <%s>: %s", map, strerror(ENOMEM));
return ENOMEM;
}
if (result->status != NIS_SUCCESS) {
dlog("NISplus init <%s>: %s (%d)",
map, nis_sperrno(result->status), result->status);
error = ENOENT;
}
*tp = 0; /* no time */
nis_freeresult(result);
return error;
}
int lookup_mount(const char *root, const char *name, int name_len, void *context)
{
struct lookup_context *ctxt = (struct lookup_context *) context;
char tablename[strlen(name) + strlen(ctxt->mapname) +
strlen(ctxt->domainname) + 20];
nis_result *result;
int rv;
debug(MODPREFIX "looking up %s", name);
sprintf(tablename, "[key=%s],%s.org_dir.%s", name, ctxt->mapname,
ctxt->domainname);
result = nis_list(tablename, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
if (result->status != NIS_SUCCESS && result->status != NIS_S_SUCCESS) {
/* Try to get the "*" entry if there is one - note that we *don't*
modify "name" so & -> the name we used, not "*" */
sprintf(tablename, "[key=*],%s.org_dir.%s", ctxt->mapname,
ctxt->domainname);
result = nis_list(tablename, FOLLOW_PATH | FOLLOW_LINKS, NULL, NULL);
}
if (result->status != NIS_SUCCESS && result->status != NIS_S_SUCCESS) {
crit(MODPREFIX "lookup for %s failed: %s", name,
nis_sperrno(result->status));
return 1;
}
debug(MODPREFIX "%s -> %s", name,
NIS_RES_OBJECT(result)->EN_data.en_cols.en_cols_val[1].ec_value.
ec_value_val);
rv = ctxt->parse->parse_mount(root, name, name_len,
NIS_RES_OBJECT(result)->EN_data.en_cols.
en_cols_val[1].ec_value.ec_value_val,
ctxt->parse->context);
return rv;
}
/*
* Try to locate a key using NIS+.
*/
int
nisplus_search(mnt_map *m, char *map, char *key, char **val, time_t *tp)
{
nis_result *result;
int error = 0;
struct nisplus_search_callback_data data;
nis_name index;
char *org; /* if map does not have ".org_dir" then append it */
size_t l;
org = strstr(map, NISPLUS_ORGDIR);
if (org == NULL)
org = NISPLUS_ORGDIR;
else
org = "";
/* make some room for the NIS index */
l = sizeof('[') /* for opening selection criteria */
+ sizeof(NISPLUS_KEY)
+ strlen(key)
+ sizeof(']') /* for closing selection criteria */
+ sizeof(',') /* + 1 for , separator */
+ strlen(map)
+ sizeof(NISPLUS_ORGDIR);
index = xmalloc(l);
if (index == NULL) {
plog(XLOG_ERROR,
"Unable to create index %s: %s",
map,
strerror(ENOMEM));
return ENOMEM;
}
xsnprintf(index, l, "[%s%s],%s%s", NISPLUS_KEY, key, map, org);
data.key = key;
data.value = NULL;
dlog("NISplus search for %s", index);
result = nis_list(index,
EXPAND_NAME | FOLLOW_LINKS | FOLLOW_PATH,
(int (*)()) nisplus_search_callback,
&data);
/* free off the NIS index */
XFREE(index);
if (result == NULL) {
plog(XLOG_ERROR, "nisplus_search: %s: %s", map, strerror(ENOMEM));
return ENOMEM;
}
/*
* Do something interesting with the return code
*/
switch (result->status) {
case NIS_SUCCESS:
case NIS_CBRESULTS:
if (data.value == NULL) {
nis_object *value = result->objects.objects_val;
dlog("NISplus search found <nothing>");
dlog("NISplus search for %s: %s(%d)",
map, nis_sperrno(result->status), result->status);
if (value != NULL)
data.value = strnsave(ENTRY_VAL(value, 1), ENTRY_LEN(value, 1));
}
if (m->cfm && (m->cfm->cfm_flags & CFM_SUN_MAP_SYNTAX)) {
*val = sun_entry2amd(key, data.value);
XFREE(data.value); /* strnsave malloc'ed it above */
} else
*val = data.value;
if (*val) {
error = 0;
dlog("NISplus search found %s", *val);
} else {
error = ENOENT;
dlog("NISplus search found nothing");
}
*tp = 0;
break;
case NIS_NOSUCHNAME:
dlog("NISplus search returned %d", result->status);
error = ENOENT;
break;
default:
plog(XLOG_ERROR, "nisplus_search: %s: %s", map, nis_sperrno(result->status));
error = EIO;
break;
}
nis_freeresult(result);
return error;
}
static int
nisplus_find(void *handle, uschar *filename, uschar *query, int length,
uschar **result, uschar **errmsg, uint *do_cache)
{
int i;
int ssize = 0;
int offset = 0;
int error_error = FAIL;
uschar *field_name = NULL;
nis_result *nrt = NULL;
nis_result *nre = NULL;
nis_object *tno, *eno;
struct entry_obj *eo;
struct table_obj *ta;
uschar *p = query + length;
uschar *yield = NULL;
do_cache = do_cache; /* Placate picky compilers */
/* Search backwards for a colon to see if a result field name
has been given. */
while (p > query && p[-1] != ':') p--;
if (p > query)
{
field_name = p;
p[-1] = 0;
}
else p = query + length;
/* Now search backwards to find the comma that starts the
table name. */
while (p > query && p[-1] != ',') p--;
if (p <= query)
{
*errmsg = US"NIS+ query malformed";
error_error = DEFER;
goto NISPLUS_EXIT;
}
/* Look up the data for the table, in order to get the field names,
check that we got back a table, and set up pointers so the field
names can be scanned. */
nrt = nis_lookup(CS p, EXPAND_NAME | NO_CACHE);
if (nrt->status != NIS_SUCCESS)
{
*errmsg = string_sprintf("NIS+ error accessing %s table: %s", p,
nis_sperrno(nrt->status));
if (nrt->status != NIS_NOTFOUND && nrt->status != NIS_NOSUCHTABLE)
error_error = DEFER;
goto NISPLUS_EXIT;
}
tno = nrt->objects.objects_val;
if (tno->zo_data.zo_type != TABLE_OBJ)
{
*errmsg = string_sprintf("NIS+ error: %s is not a table", p);
goto NISPLUS_EXIT;
}
ta = &(tno->zo_data.objdata_u.ta_data);
/* Now look up the entry in the table, check that we got precisely one
object and that it is a table entry. */
nre = nis_list(CS query, EXPAND_NAME, NULL, NULL);
if (nre->status != NIS_SUCCESS)
{
*errmsg = string_sprintf("NIS+ error accessing entry %s: %s",
query, nis_sperrno(nre->status));
goto NISPLUS_EXIT;
}
if (nre->objects.objects_len > 1)
{
*errmsg = string_sprintf("NIS+ returned more than one object for %s",
query);
goto NISPLUS_EXIT;
}
else if (nre->objects.objects_len < 1)
{
*errmsg = string_sprintf("NIS+ returned no data for %s", query);
goto NISPLUS_EXIT;
}
eno = nre->objects.objects_val;
if (eno->zo_data.zo_type != ENTRY_OBJ)
{
*errmsg = string_sprintf("NIS+ error: %s is not an entry", query);
goto NISPLUS_EXIT;
}
/* Scan the columns in the entry and in the table. If a result field
was given, look for that field; otherwise concatenate all the fields
with their names. */
eo = &(eno->zo_data.objdata_u.en_data);
for (i = 0; i < eo->en_cols.en_cols_len; i++)
{
table_col *tc = ta->ta_cols.ta_cols_val + i;
entry_col *ec = eo->en_cols.en_cols_val + i;
int len = ec->ec_value.ec_value_len;
uschar *value = US ec->ec_value.ec_value_val;
/* The value may be NULL for a zero-length field. Turn this into an
empty string for consistency. Remove trailing whitespace and zero
bytes. */
if (value == NULL) value = US""; else
while (len > 0 && (value[len-1] == 0 || isspace(value[len-1])))
len--;
/* Concatenate all fields if no specific one selected */
if (field_name == NULL)
{
yield = string_cat(yield, &ssize, &offset,US tc->tc_name,
Ustrlen(tc->tc_name));
yield = string_cat(yield, &ssize, &offset, US"=", 1);
/* Quote the value if it contains spaces or is empty */
if (value[0] == 0 || Ustrchr(value, ' ') != NULL)
{
int j;
yield = string_cat(yield, &ssize, &offset, US"\"", 1);
for (j = 0; j < len; j++)
{
if (value[j] == '\"' || value[j] == '\\')
yield = string_cat(yield, &ssize, &offset, US"\\", 1);
yield = string_cat(yield, &ssize, &offset, value+j, 1);
}
yield = string_cat(yield, &ssize, &offset, US"\"", 1);
}
else yield = string_cat(yield, &ssize, &offset, value, len);
yield = string_cat(yield, &ssize, &offset, US" ", 1);
}
/* When the specified field is found, grab its data and finish */
else if (Ustrcmp(field_name, tc->tc_name) == 0)
{
yield = string_copyn(value, len);
goto NISPLUS_EXIT;
}
}
/* Error if a field name was specified and we didn't find it; if no
field name, ensure the concatenated data is zero-terminated. */
if (field_name != NULL)
*errmsg = string_sprintf("NIS+ field %s not found for %s", field_name,
query);
else
{
yield[offset] = 0;
store_reset(yield + offset + 1);
}
/* Restore the colon in the query, and free result store before
finishing. */
NISPLUS_EXIT:
if (field_name != NULL) field_name[-1] = ':';
if (nrt != NULL) nis_freeresult(nrt);
if (nre != NULL) nis_freeresult(nre);
if (yield != NULL)
{
*result = yield;
return OK;
}
return error_error; /* FAIL or DEFER */
}
void
nis_lerror (const nis_error status, const char *label)
{
syslog (LOG_ERR, "%s: %s", label, nis_sperrno (status));
}
void
nis_perror (const nis_error status, const char *label)
{
fprintf (stderr, "%s: %s\n", label, nis_sperrno (status));
}