![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ds_read.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / quipu|
Return to ds_read.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / quipu |
1.1 ! root 1: /* ds_read.c - */ ! 2: ! 3: #ifndef lint ! 4: static char *rcsid = "$Header: /f/osi/quipu/RCS/ds_read.c,v 7.1 90/07/09 14:45:48 mrose Exp $"; ! 5: #endif ! 6: ! 7: /* ! 8: * $Header: /f/osi/quipu/RCS/ds_read.c,v 7.1 90/07/09 14:45:48 mrose Exp $ ! 9: * ! 10: * ! 11: * $Log: ds_read.c,v $ ! 12: * Revision 7.1 90/07/09 14:45:48 mrose ! 13: * sync ! 14: * ! 15: * Revision 7.0 89/11/23 22:17:14 mrose ! 16: * Release 6.0 ! 17: * ! 18: */ ! 19: ! 20: /* ! 21: * NOTICE ! 22: * ! 23: * Acquisition, use, and distribution of this module and related ! 24: * materials are subject to the restrictions of a license agreement. ! 25: * Consult the Preface in the User's Manual for the full terms of ! 26: * this agreement. ! 27: * ! 28: */ ! 29: ! 30: ! 31: #include "quipu/util.h" ! 32: #include "quipu/entry.h" ! 33: #include "quipu/read.h" ! 34: ! 35: extern LLog * log_dsap; ! 36: ! 37: extern int encode_DAS_ReadArgumentData(); ! 38: Attr_Sequence eis_select (); ! 39: static cant_use_cache(); ! 40: static attribute_not_cached (); ! 41: extern AttributeType at_control; ! 42: ! 43: do_ds_read (arg, error, result, binddn, target, di_p, dsp, quipu_ctx) ! 44: struct ds_read_arg *arg; ! 45: struct ds_read_result *result; ! 46: struct DSError *error; ! 47: DN binddn; ! 48: DN target; ! 49: struct di_block **di_p; ! 50: char dsp; ! 51: char quipu_ctx; ! 52: { ! 53: Entry entryptr; ! 54: int retval; ! 55: DN realtarget; ! 56: ! 57: DLOG (log_dsap,LLOG_TRACE,("ds_read")); ! 58: ! 59: if (!dsp) ! 60: target = arg->rda_object; ! 61: ! 62: if (!dsp && dsa_read_control(arg,result)) ! 63: return (DS_OK); ! 64: ! 65: if (target == NULLDN) { ! 66: /* can't read from the root */ ! 67: error->dse_type = DSE_NAMEERROR; ! 68: error->ERR_NAME.DSE_na_problem = DSE_NA_NOSUCHOBJECT; ! 69: error->ERR_NAME.DSE_na_matched = NULLDN; ! 70: return (DS_ERROR_REMOTE); ! 71: } ! 72: ! 73: switch(find_entry(target,&(arg->rda_common),binddn,NULLDNSEQ,FALSE,&(entryptr), error, di_p)) ! 74: { ! 75: case DS_OK: ! 76: /* Filled out entryptr - carry on */ ! 77: break; ! 78: case DS_CONTINUE: ! 79: /* Filled out di_p - what do we do with it ?? */ ! 80: return(DS_CONTINUE); ! 81: ! 82: case DS_X500_ERROR: ! 83: /* Filled out error - what do we do with it ?? */ ! 84: return(DS_X500_ERROR); ! 85: default: ! 86: /* SCREAM */ ! 87: LLOG(log_dsap, LLOG_EXCEPTIONS, ("do_ds_read() - find_entry failed")); ! 88: return(DS_ERROR_LOCAL); ! 89: } ! 90: ! 91: realtarget = get_copy_dn (entryptr); ! 92: ! 93: /* entry has got a full list of attributes, eventually ! 94: select one required */ ! 95: if (check_acl (dsp ? NULLDN : binddn,ACL_READ,entryptr->e_acl->ac_entry, realtarget) == NOTOK) { ! 96: if (dsp && (check_acl (binddn,ACL_READ,entryptr->e_acl->ac_entry, realtarget) == OK)) { ! 97: error->dse_type = DSE_SECURITYERROR; ! 98: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION; ! 99: dn_free (realtarget); ! 100: return (DS_ERROR_REMOTE); ! 101: } else { ! 102: error->dse_type = DSE_SECURITYERROR; ! 103: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS; ! 104: dn_free (realtarget); ! 105: return (DS_ERROR_REMOTE); ! 106: } ! 107: } ! 108: ! 109: /* Strong authentication */ ! 110: if ((retval = check_security_parms((caddr_t) arg, ! 111: encode_DAS_ReadArgumentData, ! 112: arg->rda_common.ca_security, ! 113: arg->rda_common.ca_sig, &binddn)) != 0) ! 114: { ! 115: error->dse_type = DSE_SECURITYERROR; ! 116: error->ERR_SECURITY.DSE_sc_problem = retval; ! 117: dn_free (realtarget); ! 118: return (DS_ERROR_REMOTE); ! 119: } ! 120: ! 121: if (cant_use_cache (entryptr,binddn,arg->rda_eis,realtarget)) { ! 122: int res = referral_dsa_info(realtarget,NULLDNSEQ,FALSE,entryptr,error,di_p, ! 123: arg->rda_common.ca_servicecontrol.svc_options & SVC_OPT_PREFERCHAIN); ! 124: dn_free (realtarget); ! 125: return res; ! 126: } ! 127: dn_free (realtarget); ! 128: ! 129: if (dsp && (eis_check (arg->rda_eis,entryptr, binddn) != OK)) { ! 130: /* Can only send public things over DSP - but user is entitled to more */ ! 131: error->dse_type = DSE_SECURITYERROR; ! 132: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION; ! 133: return (DS_ERROR_REMOTE); ! 134: } ! 135: ! 136: if ((result->rdr_entry.ent_attr = eis_select (arg->rda_eis,entryptr, dsp ? NULLDN : binddn, quipu_ctx)) == NULLATTR) ! 137: if (! arg->rda_eis.eis_allattributes) { ! 138: error->dse_type = DSE_ATTRIBUTEERROR; ! 139: error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn (entryptr); ! 140: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what =DSE_AT_NOSUCHATTRIBUTE; ! 141: if (arg->rda_eis.eis_select != NULLATTR) ! 142: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(arg->rda_eis.eis_select->attr_type); ! 143: else ! 144: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = NULLAttrT; ! 145: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV; ! 146: error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM; ! 147: return (DS_ERROR_REMOTE); ! 148: } ! 149: ! 150: result->rdr_entry.ent_dn = get_copy_dn (entryptr); ! 151: ! 152: result->rdr_entry.ent_iscopy = entryptr->e_data; ! 153: result->rdr_entry.ent_age = (time_t) 0; ! 154: result->rdr_entry.ent_next = NULLENTRYINFO; ! 155: result->rdr_common.cr_requestor = NULLDN; ! 156: /* if no error and NOT SVC_OPT_DONTDEREFERENCEALIASES then */ ! 157: /* the alias will have been derefeferenced -signified by */ ! 158: /* NO_ERROR !!! */ ! 159: result->rdr_common.cr_aliasdereferenced = (error->dse_type == DSE_NOERROR) ? FALSE : TRUE; ! 160: return (DS_OK); ! 161: ! 162: } ! 163: ! 164: static cant_use_cache (ptr,dn,eis,target) ! 165: Entry ptr; ! 166: DN dn; ! 167: EntryInfoSelection eis; ! 168: DN target; ! 169: { ! 170: register Attr_Sequence as; ! 171: char dfltacl = FALSE; ! 172: ! 173: if (dn == NULLDN) ! 174: return FALSE; ! 175: ! 176: if ((ptr->e_data == E_DATA_MASTER) || (ptr->e_data == E_TYPE_SLAVE)) ! 177: return FALSE; ! 178: ! 179: /* see if more than cached data is required */ ! 180: ! 181: if (eis.eis_allattributes) { ! 182: struct acl_attr * aa; ! 183: struct oid_seq * oidptr; ! 184: /* look for attr acl */ ! 185: /* see if any attributes use can see */ ! 186: ! 187: if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK) ! 188: if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == OK) ! 189: return TRUE; ! 190: ! 191: if (ptr->e_acl->ac_attributes == NULLACL_ATTR) ! 192: return FALSE; ! 193: ! 194: for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next) ! 195: for ( oidptr=aa->aa_types;oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next) ! 196: /* The attribute is in the attribute ACL list */ ! 197: /* Would a referral help the DUA ? */ ! 198: if (check_acl (NULLDN,ACL_READ,aa->aa_acl,target) == NOTOK) ! 199: if (check_acl (dn,ACL_READ,aa->aa_acl,target) == OK) ! 200: return TRUE; ! 201: ! 202: } else { ! 203: /* for each attribute in eis.eis_select, see is user ! 204: entitled to it. */ ! 205: ! 206: if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK) ! 207: if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == OK) ! 208: dfltacl = TRUE; ! 209: ! 210: for(as=eis.eis_select; as != NULLATTR; as=as->attr_link) { ! 211: if (as_find_type (ptr->e_attributes, as->attr_type) == NULLATTR) ! 212: if (attribute_not_cached (ptr,dn,grab_oid(as->attr_type),target,ACL_READ,dfltacl)) ! 213: return TRUE; ! 214: ! 215: } ! 216: } ! 217: return FALSE; ! 218: } ! 219: ! 220: static attribute_not_cached (ptr,dn,at,target,level,dfltacl) ! 221: Entry ptr; ! 222: DN dn; ! 223: OID at; ! 224: DN target; ! 225: int level; ! 226: char dfltacl; ! 227: { ! 228: register struct acl_attr * aa; ! 229: register struct oid_seq * oidptr; ! 230: ! 231: /* see if more than cached data is required */ ! 232: if (ptr->e_acl->ac_attributes == NULLACL_ATTR) ! 233: return (dfltacl); ! 234: ! 235: for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next) ! 236: for ( oidptr=aa->aa_types;oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next) ! 237: if (oid_cmp (oidptr->oid_oid,at) == 0) { ! 238: /* The attribute is in the attribute ACL list */ ! 239: /* Would a referral help the DUA ? */ ! 240: if (check_acl (NULLDN,level,aa->aa_acl,target) == NOTOK) ! 241: if (check_acl (dn,level,aa->aa_acl,target) == OK) ! 242: return TRUE; ! 243: return FALSE; ! 244: } ! 245: return (dfltacl); ! 246: ! 247: } ! 248: ! 249: ! 250: static Attr_Sequence dsa_control_info() ! 251: { ! 252: extern int slave_edbs; ! 253: extern int master_edbs; ! 254: extern int local_master_size; ! 255: extern int local_slave_size; ! 256: extern int local_cache_size; ! 257: char buffer [LINESIZE]; ! 258: Attr_Sequence as; ! 259: ! 260: (void) sprintf (buffer,"%d Master entries (in %d EDBs), %d Slave entries (in %d EDBs), %d Cached entries", ! 261: local_master_size,master_edbs,local_slave_size,slave_edbs,local_cache_size); ! 262: ! 263: as=as_comp_alloc(); ! 264: as->attr_acl = NULLACL_INFO; ! 265: as->attr_type = at_control; ! 266: as->attr_link = NULLATTR; ! 267: if ((as->attr_value = str2avs (buffer,as->attr_type)) == NULLAV) { ! 268: as_free (as); ! 269: return (NULLATTR); ! 270: } ! 271: ! 272: return (as); ! 273: } ! 274: ! 275: dsa_read_control (arg,result) ! 276: struct ds_read_arg *arg; ! 277: struct ds_read_result *result; ! 278: { ! 279: extern DN mydsadn; ! 280: ! 281: if ((arg->rda_eis.eis_allattributes) || ! 282: (arg->rda_eis.eis_infotypes == EIS_ATTRIBUTETYPESONLY)) ! 283: return FALSE; ! 284: ! 285: if ((arg->rda_eis.eis_select == NULLATTR) ! 286: || (arg->rda_eis.eis_select->attr_link != NULLATTR)) ! 287: return FALSE; ! 288: ! 289: if (AttrT_cmp (at_control,arg->rda_eis.eis_select->attr_type) != 0) ! 290: return FALSE; ! 291: ! 292: if ((result->rdr_entry.ent_attr = dsa_control_info()) == NULLATTR) ! 293: return FALSE; ! 294: ! 295: /* Fiddle DN - for DUA caching !!! */ ! 296: result->rdr_entry.ent_dn = dn_cpy (mydsadn); ! 297: ! 298: result->rdr_entry.ent_iscopy = FALSE; ! 299: result->rdr_entry.ent_age = (time_t) 0; ! 300: result->rdr_entry.ent_next = NULLENTRYINFO; ! 301: result->rdr_common.cr_requestor = NULLDN; ! 302: result->rdr_common.cr_aliasdereferenced = FALSE; ! 303: ! 304: return TRUE; ! 305: } ! 306:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.