1/* $NetBSD: jts.c,v 1.2 2021/08/14 16:14:53 christos Exp $ */ 2 3/* jts.c - RBAC JTS initialization */ 4/* $OpenLDAP$ */ 5/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in the file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18/* ACKNOWLEDGEMENTS: 19 */ 20 21#include <sys/cdefs.h> 22__RCSID("$NetBSD: jts.c,v 1.2 2021/08/14 16:14:53 christos Exp $"); 23 24#include "portable.h" 25 26#include <stdio.h> 27 28#include <ac/string.h> 29 30#include "slap.h" 31#include "slap-config.h" 32#include "lutil.h" 33 34#include "rbac.h" 35 36struct slap_rbac_tenant_schema slap_rbac_jts_schema; 37 38/* to replace all JTS schema initialization */ 39rbac_ad_t ft_ads[] = { 40 { RBAC_ROLE_ASSIGNMENT, 41 BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role }, 42 { RBAC_ROLE_CONSTRAINTS, 43 BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint }, 44 { RBAC_USER_CONSTRAINTS, 45 BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint }, 46 { RBAC_UID, 47 BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid }, 48 { RBAC_USERS, 49 BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users }, 50 { RBAC_ROLES, 51 BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles }, 52 { RBAC_OBJ_NAME, 53 BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname }, 54 { RBAC_OP_NAME, 55 BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname }, 56 57 { RBAC_NONE, BER_BVNULL, NULL } 58}; 59 60rbac_ad_t ft_user_ads[] = { 61 { RBAC_ROLE_ASSIGNMENT, 62 BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role }, 63 { RBAC_ROLE_CONSTRAINTS, 64 BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint }, 65 { RBAC_USER_CONSTRAINTS, 66 BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint }, 67 { RBAC_UID, 68 BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid }, 69 70 { RBAC_NONE, BER_BVNULL, NULL } 71}; 72 73rbac_ad_t ft_perm_ads[] = { 74 { RBAC_USERS, 75 BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users }, 76 { RBAC_ROLES, 77 BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles }, 78 79 { RBAC_NONE, BER_BVNULL, NULL } 80}; 81 82rbac_ad_t ft_session_perm_ads[] = { 83 { RBAC_USERS, 84 BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users }, 85 { RBAC_ROLES, 86 BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles }, 87 { RBAC_OBJ_NAME, 88 BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname }, 89 { RBAC_OP_NAME, 90 BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname }, 91 92 { RBAC_NONE, BER_BVNULL, NULL } 93}; 94 95static int 96initialize_jts_session_permission_ads() 97{ 98 int i, nattrs, rc = LDAP_SUCCESS; 99 100 for ( nattrs = 0; !BER_BVISNULL( &ft_session_perm_ads[nattrs].attr ); 101 nattrs++ ) 102 ; /* count the number of attrs */ 103 104 slap_rbac_jts_schema.session_perm_attrs = 105 slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL ); 106 107 for ( i = 0; !BER_BVISNULL( &ft_session_perm_ads[i].attr ); i++ ) { 108 slap_rbac_jts_schema.session_perm_attrs[i].an_name = 109 ft_session_perm_ads[i].attr; 110 slap_rbac_jts_schema.session_perm_attrs[i].an_desc = 111 *ft_session_perm_ads[i].ad; 112 } 113 114 BER_BVZERO( &slap_rbac_jts_schema.session_perm_attrs[nattrs].an_name ); 115 116 slap_rbac_jts_schema.session_permissions_ads = ft_session_perm_ads; 117 118 return rc; 119} 120 121static int 122initialize_jts_permission_ads() 123{ 124 int i, nattrs, rc = LDAP_SUCCESS; 125 126 /* jts permissions configuration */ 127 128 for ( nattrs = 0; !BER_BVISNULL( &ft_perm_ads[nattrs].attr ); nattrs++ ) 129 ; /* count the number of attrs */ 130 131 slap_rbac_jts_schema.perm_attrs = 132 slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL ); 133 134 for ( i = 0; !BER_BVISNULL( &ft_perm_ads[i].attr ); i++ ) { 135 slap_rbac_jts_schema.perm_attrs[i].an_name = ft_perm_ads[i].attr; 136 slap_rbac_jts_schema.perm_attrs[i].an_desc = *ft_perm_ads[i].ad; 137 } 138 139 BER_BVZERO( &slap_rbac_jts_schema.perm_attrs[nattrs].an_name ); 140 141 slap_rbac_jts_schema.permission_ads = ft_perm_ads; 142 143 return rc; 144} 145 146static int 147initialize_jts_user_ads() 148{ 149 int i, nattrs, rc = LDAP_SUCCESS; 150 151 /* jts user attribute descriptions */ 152 153 /* jts user attributes */ 154 for ( nattrs = 0; !BER_BVISNULL( &ft_user_ads[nattrs].attr ); nattrs++ ) 155 ; /* count the number of attrs */ 156 157 slap_rbac_jts_schema.user_attrs = 158 slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL ); 159 160 for ( i = 0; !BER_BVISNULL( &ft_user_ads[i].attr ); i++ ) { 161 slap_rbac_jts_schema.user_attrs[i].an_name = ft_user_ads[i].attr; 162 slap_rbac_jts_schema.user_attrs[i].an_desc = *ft_user_ads[i].ad; 163 } 164 165 BER_BVZERO( &slap_rbac_jts_schema.user_attrs[nattrs].an_name ); 166 167 slap_rbac_jts_schema.user_ads = ft_user_ads; 168 169 return rc; 170} 171 172int 173initialize_jts() 174{ 175 int i, rc; 176 const char *text; 177 178 /* jts attributes */ 179 for ( i = 0; !BER_BVISNULL( &ft_ads[i].attr ); i++ ) { 180 rc = slap_bv2ad( &ft_ads[i].attr, ft_ads[i].ad, &text ); 181 if ( rc != LDAP_SUCCESS ) { 182 goto done; 183 } 184 } 185 186 rc = initialize_jts_user_ads(); 187 if ( rc != LDAP_SUCCESS ) { 188 return rc; 189 } 190 191 rc = initialize_jts_permission_ads(); 192 if ( rc != LDAP_SUCCESS ) { 193 return rc; 194 } 195 196 rc = initialize_jts_session_permission_ads(); 197 if ( rc != LDAP_SUCCESS ) { 198 return rc; 199 } 200 201done:; 202 return rc; 203} 204