![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ds_read.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / quipu|
Return to ds_read.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / quipu |
1.1 root 1: /* ds_read.c - */
2:
3: #ifndef lint
4: static char *rcsid = "$Header: /f/osi/quipu/RCS/ds_read.c,v 7.1 90/07/09 14:45:48 mrose Exp $";
5: #endif
6:
7: /*
8: * $Header: /f/osi/quipu/RCS/ds_read.c,v 7.1 90/07/09 14:45:48 mrose Exp $
9: *
10: *
11: * $Log: ds_read.c,v $
12: * Revision 7.1 90/07/09 14:45:48 mrose
13: * sync
14: *
15: * Revision 7.0 89/11/23 22:17:14 mrose
16: * Release 6.0
17: *
18: */
19:
20: /*
21: * NOTICE
22: *
23: * Acquisition, use, and distribution of this module and related
24: * materials are subject to the restrictions of a license agreement.
25: * Consult the Preface in the User's Manual for the full terms of
26: * this agreement.
27: *
28: */
29:
30:
31: #include "quipu/util.h"
32: #include "quipu/entry.h"
33: #include "quipu/read.h"
34:
35: extern LLog * log_dsap;
36:
37: extern int encode_DAS_ReadArgumentData();
38: Attr_Sequence eis_select ();
39: static cant_use_cache();
40: static attribute_not_cached ();
41: extern AttributeType at_control;
42:
43: do_ds_read (arg, error, result, binddn, target, di_p, dsp, quipu_ctx)
44: struct ds_read_arg *arg;
45: struct ds_read_result *result;
46: struct DSError *error;
47: DN binddn;
48: DN target;
49: struct di_block **di_p;
50: char dsp;
51: char quipu_ctx;
52: {
53: Entry entryptr;
54: int retval;
55: DN realtarget;
56:
57: DLOG (log_dsap,LLOG_TRACE,("ds_read"));
58:
59: if (!dsp)
60: target = arg->rda_object;
61:
62: if (!dsp && dsa_read_control(arg,result))
63: return (DS_OK);
64:
65: if (target == NULLDN) {
66: /* can't read from the root */
67: error->dse_type = DSE_NAMEERROR;
68: error->ERR_NAME.DSE_na_problem = DSE_NA_NOSUCHOBJECT;
69: error->ERR_NAME.DSE_na_matched = NULLDN;
70: return (DS_ERROR_REMOTE);
71: }
72:
73: switch(find_entry(target,&(arg->rda_common),binddn,NULLDNSEQ,FALSE,&(entryptr), error, di_p))
74: {
75: case DS_OK:
76: /* Filled out entryptr - carry on */
77: break;
78: case DS_CONTINUE:
79: /* Filled out di_p - what do we do with it ?? */
80: return(DS_CONTINUE);
81:
82: case DS_X500_ERROR:
83: /* Filled out error - what do we do with it ?? */
84: return(DS_X500_ERROR);
85: default:
86: /* SCREAM */
87: LLOG(log_dsap, LLOG_EXCEPTIONS, ("do_ds_read() - find_entry failed"));
88: return(DS_ERROR_LOCAL);
89: }
90:
91: realtarget = get_copy_dn (entryptr);
92:
93: /* entry has got a full list of attributes, eventually
94: select one required */
95: if (check_acl (dsp ? NULLDN : binddn,ACL_READ,entryptr->e_acl->ac_entry, realtarget) == NOTOK) {
96: if (dsp && (check_acl (binddn,ACL_READ,entryptr->e_acl->ac_entry, realtarget) == OK)) {
97: error->dse_type = DSE_SECURITYERROR;
98: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION;
99: dn_free (realtarget);
100: return (DS_ERROR_REMOTE);
101: } else {
102: error->dse_type = DSE_SECURITYERROR;
103: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_ACCESSRIGHTS;
104: dn_free (realtarget);
105: return (DS_ERROR_REMOTE);
106: }
107: }
108:
109: /* Strong authentication */
110: if ((retval = check_security_parms((caddr_t) arg,
111: encode_DAS_ReadArgumentData,
112: arg->rda_common.ca_security,
113: arg->rda_common.ca_sig, &binddn)) != 0)
114: {
115: error->dse_type = DSE_SECURITYERROR;
116: error->ERR_SECURITY.DSE_sc_problem = retval;
117: dn_free (realtarget);
118: return (DS_ERROR_REMOTE);
119: }
120:
121: if (cant_use_cache (entryptr,binddn,arg->rda_eis,realtarget)) {
122: int res = referral_dsa_info(realtarget,NULLDNSEQ,FALSE,entryptr,error,di_p,
123: arg->rda_common.ca_servicecontrol.svc_options & SVC_OPT_PREFERCHAIN);
124: dn_free (realtarget);
125: return res;
126: }
127: dn_free (realtarget);
128:
129: if (dsp && (eis_check (arg->rda_eis,entryptr, binddn) != OK)) {
130: /* Can only send public things over DSP - but user is entitled to more */
131: error->dse_type = DSE_SECURITYERROR;
132: error->ERR_SECURITY.DSE_sc_problem = DSE_SC_AUTHENTICATION;
133: return (DS_ERROR_REMOTE);
134: }
135:
136: if ((result->rdr_entry.ent_attr = eis_select (arg->rda_eis,entryptr, dsp ? NULLDN : binddn, quipu_ctx)) == NULLATTR)
137: if (! arg->rda_eis.eis_allattributes) {
138: error->dse_type = DSE_ATTRIBUTEERROR;
139: error->ERR_ATTRIBUTE.DSE_at_name = get_copy_dn (entryptr);
140: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_what =DSE_AT_NOSUCHATTRIBUTE;
141: if (arg->rda_eis.eis_select != NULLATTR)
142: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = AttrT_cpy(arg->rda_eis.eis_select->attr_type);
143: else
144: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_type = NULLAttrT;
145: error->ERR_ATTRIBUTE.DSE_at_plist.DSE_at_value = NULLAttrV;
146: error->ERR_ATTRIBUTE.DSE_at_plist.dse_at_next = DSE_AT_NOPROBLEM;
147: return (DS_ERROR_REMOTE);
148: }
149:
150: result->rdr_entry.ent_dn = get_copy_dn (entryptr);
151:
152: result->rdr_entry.ent_iscopy = entryptr->e_data;
153: result->rdr_entry.ent_age = (time_t) 0;
154: result->rdr_entry.ent_next = NULLENTRYINFO;
155: result->rdr_common.cr_requestor = NULLDN;
156: /* if no error and NOT SVC_OPT_DONTDEREFERENCEALIASES then */
157: /* the alias will have been derefeferenced -signified by */
158: /* NO_ERROR !!! */
159: result->rdr_common.cr_aliasdereferenced = (error->dse_type == DSE_NOERROR) ? FALSE : TRUE;
160: return (DS_OK);
161:
162: }
163:
164: static cant_use_cache (ptr,dn,eis,target)
165: Entry ptr;
166: DN dn;
167: EntryInfoSelection eis;
168: DN target;
169: {
170: register Attr_Sequence as;
171: char dfltacl = FALSE;
172:
173: if (dn == NULLDN)
174: return FALSE;
175:
176: if ((ptr->e_data == E_DATA_MASTER) || (ptr->e_data == E_TYPE_SLAVE))
177: return FALSE;
178:
179: /* see if more than cached data is required */
180:
181: if (eis.eis_allattributes) {
182: struct acl_attr * aa;
183: struct oid_seq * oidptr;
184: /* look for attr acl */
185: /* see if any attributes use can see */
186:
187: if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK)
188: if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == OK)
189: return TRUE;
190:
191: if (ptr->e_acl->ac_attributes == NULLACL_ATTR)
192: return FALSE;
193:
194: for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next)
195: for ( oidptr=aa->aa_types;oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next)
196: /* The attribute is in the attribute ACL list */
197: /* Would a referral help the DUA ? */
198: if (check_acl (NULLDN,ACL_READ,aa->aa_acl,target) == NOTOK)
199: if (check_acl (dn,ACL_READ,aa->aa_acl,target) == OK)
200: return TRUE;
201:
202: } else {
203: /* for each attribute in eis.eis_select, see is user
204: entitled to it. */
205:
206: if (check_acl (NULLDN,ACL_READ,ptr->e_acl->ac_default,target) == NOTOK)
207: if (check_acl (dn,ACL_READ,ptr->e_acl->ac_default,target) == OK)
208: dfltacl = TRUE;
209:
210: for(as=eis.eis_select; as != NULLATTR; as=as->attr_link) {
211: if (as_find_type (ptr->e_attributes, as->attr_type) == NULLATTR)
212: if (attribute_not_cached (ptr,dn,grab_oid(as->attr_type),target,ACL_READ,dfltacl))
213: return TRUE;
214:
215: }
216: }
217: return FALSE;
218: }
219:
220: static attribute_not_cached (ptr,dn,at,target,level,dfltacl)
221: Entry ptr;
222: DN dn;
223: OID at;
224: DN target;
225: int level;
226: char dfltacl;
227: {
228: register struct acl_attr * aa;
229: register struct oid_seq * oidptr;
230:
231: /* see if more than cached data is required */
232: if (ptr->e_acl->ac_attributes == NULLACL_ATTR)
233: return (dfltacl);
234:
235: for ( aa = ptr->e_acl->ac_attributes; aa!=NULLACL_ATTR; aa=aa->aa_next)
236: for ( oidptr=aa->aa_types;oidptr != NULLOIDSEQ; oidptr=oidptr->oid_next)
237: if (oid_cmp (oidptr->oid_oid,at) == 0) {
238: /* The attribute is in the attribute ACL list */
239: /* Would a referral help the DUA ? */
240: if (check_acl (NULLDN,level,aa->aa_acl,target) == NOTOK)
241: if (check_acl (dn,level,aa->aa_acl,target) == OK)
242: return TRUE;
243: return FALSE;
244: }
245: return (dfltacl);
246:
247: }
248:
249:
250: static Attr_Sequence dsa_control_info()
251: {
252: extern int slave_edbs;
253: extern int master_edbs;
254: extern int local_master_size;
255: extern int local_slave_size;
256: extern int local_cache_size;
257: char buffer [LINESIZE];
258: Attr_Sequence as;
259:
260: (void) sprintf (buffer,"%d Master entries (in %d EDBs), %d Slave entries (in %d EDBs), %d Cached entries",
261: local_master_size,master_edbs,local_slave_size,slave_edbs,local_cache_size);
262:
263: as=as_comp_alloc();
264: as->attr_acl = NULLACL_INFO;
265: as->attr_type = at_control;
266: as->attr_link = NULLATTR;
267: if ((as->attr_value = str2avs (buffer,as->attr_type)) == NULLAV) {
268: as_free (as);
269: return (NULLATTR);
270: }
271:
272: return (as);
273: }
274:
275: dsa_read_control (arg,result)
276: struct ds_read_arg *arg;
277: struct ds_read_result *result;
278: {
279: extern DN mydsadn;
280:
281: if ((arg->rda_eis.eis_allattributes) ||
282: (arg->rda_eis.eis_infotypes == EIS_ATTRIBUTETYPESONLY))
283: return FALSE;
284:
285: if ((arg->rda_eis.eis_select == NULLATTR)
286: || (arg->rda_eis.eis_select->attr_link != NULLATTR))
287: return FALSE;
288:
289: if (AttrT_cmp (at_control,arg->rda_eis.eis_select->attr_type) != 0)
290: return FALSE;
291:
292: if ((result->rdr_entry.ent_attr = dsa_control_info()) == NULLATTR)
293: return FALSE;
294:
295: /* Fiddle DN - for DUA caching !!! */
296: result->rdr_entry.ent_dn = dn_cpy (mydsadn);
297:
298: result->rdr_entry.ent_iscopy = FALSE;
299: result->rdr_entry.ent_age = (time_t) 0;
300: result->rdr_entry.ent_next = NULLENTRYINFO;
301: result->rdr_common.cr_requestor = NULLDN;
302: result->rdr_common.cr_aliasdereferenced = FALSE;
303:
304: return TRUE;
305: }
306:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.