1/*	$NetBSD: jts.c,v 1.2 2021/08/14 16:14:53 christos Exp $	*/
2
3/* jts.c - RBAC JTS initialization */
4/* $OpenLDAP$ */
5/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 *
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
12 * Public License.
13 *
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
17 */
18/* ACKNOWLEDGEMENTS:
19 */
20
21#include <sys/cdefs.h>
22__RCSID("$NetBSD: jts.c,v 1.2 2021/08/14 16:14:53 christos Exp $");
23
24#include "portable.h"
25
26#include <stdio.h>
27
28#include <ac/string.h>
29
30#include "slap.h"
31#include "slap-config.h"
32#include "lutil.h"
33
34#include "rbac.h"
35
36struct slap_rbac_tenant_schema slap_rbac_jts_schema;
37
38/* to replace all JTS schema initialization */
39rbac_ad_t ft_ads[] = {
40	{ RBAC_ROLE_ASSIGNMENT,
41		BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role },
42	{ RBAC_ROLE_CONSTRAINTS,
43		BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint },
44	{ RBAC_USER_CONSTRAINTS,
45		BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint },
46	{ RBAC_UID,
47		BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid },
48	{ RBAC_USERS,
49		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
50	{ RBAC_ROLES,
51		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
52	{ RBAC_OBJ_NAME,
53		BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname },
54	{ RBAC_OP_NAME,
55		BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname },
56
57	{ RBAC_NONE, BER_BVNULL, NULL }
58};
59
60rbac_ad_t ft_user_ads[] = {
61	{ RBAC_ROLE_ASSIGNMENT,
62		BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role },
63	{ RBAC_ROLE_CONSTRAINTS,
64		BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint },
65	{ RBAC_USER_CONSTRAINTS,
66		BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint },
67	{ RBAC_UID,
68		BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid },
69
70	{ RBAC_NONE, BER_BVNULL, NULL }
71};
72
73rbac_ad_t ft_perm_ads[] = {
74	{ RBAC_USERS,
75		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
76	{ RBAC_ROLES,
77		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
78
79	{ RBAC_NONE, BER_BVNULL, NULL }
80};
81
82rbac_ad_t ft_session_perm_ads[] = {
83	{ RBAC_USERS,
84		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
85	{ RBAC_ROLES,
86		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
87	{ RBAC_OBJ_NAME,
88		BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname },
89	{ RBAC_OP_NAME,
90		BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname },
91
92	{ RBAC_NONE, BER_BVNULL, NULL }
93};
94
95static int
96initialize_jts_session_permission_ads()
97{
98	int i, nattrs, rc = LDAP_SUCCESS;
99
100	for ( nattrs = 0; !BER_BVISNULL( &ft_session_perm_ads[nattrs].attr );
101			nattrs++ )
102		; /* count the number of attrs */
103
104	slap_rbac_jts_schema.session_perm_attrs =
105			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
106
107	for ( i = 0; !BER_BVISNULL( &ft_session_perm_ads[i].attr ); i++ ) {
108		slap_rbac_jts_schema.session_perm_attrs[i].an_name =
109				ft_session_perm_ads[i].attr;
110		slap_rbac_jts_schema.session_perm_attrs[i].an_desc =
111				*ft_session_perm_ads[i].ad;
112	}
113
114	BER_BVZERO( &slap_rbac_jts_schema.session_perm_attrs[nattrs].an_name );
115
116	slap_rbac_jts_schema.session_permissions_ads = ft_session_perm_ads;
117
118	return rc;
119}
120
121static int
122initialize_jts_permission_ads()
123{
124	int i, nattrs, rc = LDAP_SUCCESS;
125
126	/* jts permissions configuration */
127
128	for ( nattrs = 0; !BER_BVISNULL( &ft_perm_ads[nattrs].attr ); nattrs++ )
129		; /* count the number of attrs */
130
131	slap_rbac_jts_schema.perm_attrs =
132			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
133
134	for ( i = 0; !BER_BVISNULL( &ft_perm_ads[i].attr ); i++ ) {
135		slap_rbac_jts_schema.perm_attrs[i].an_name = ft_perm_ads[i].attr;
136		slap_rbac_jts_schema.perm_attrs[i].an_desc = *ft_perm_ads[i].ad;
137	}
138
139	BER_BVZERO( &slap_rbac_jts_schema.perm_attrs[nattrs].an_name );
140
141	slap_rbac_jts_schema.permission_ads = ft_perm_ads;
142
143	return rc;
144}
145
146static int
147initialize_jts_user_ads()
148{
149	int i, nattrs, rc = LDAP_SUCCESS;
150
151	/* jts user attribute descriptions */
152
153	/* jts user attributes */
154	for ( nattrs = 0; !BER_BVISNULL( &ft_user_ads[nattrs].attr ); nattrs++ )
155		; /* count the number of attrs */
156
157	slap_rbac_jts_schema.user_attrs =
158			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
159
160	for ( i = 0; !BER_BVISNULL( &ft_user_ads[i].attr ); i++ ) {
161		slap_rbac_jts_schema.user_attrs[i].an_name = ft_user_ads[i].attr;
162		slap_rbac_jts_schema.user_attrs[i].an_desc = *ft_user_ads[i].ad;
163	}
164
165	BER_BVZERO( &slap_rbac_jts_schema.user_attrs[nattrs].an_name );
166
167	slap_rbac_jts_schema.user_ads = ft_user_ads;
168
169	return rc;
170}
171
172int
173initialize_jts()
174{
175	int i, rc;
176	const char *text;
177
178	/* jts attributes */
179	for ( i = 0; !BER_BVISNULL( &ft_ads[i].attr ); i++ ) {
180		rc = slap_bv2ad( &ft_ads[i].attr, ft_ads[i].ad, &text );
181		if ( rc != LDAP_SUCCESS ) {
182			goto done;
183		}
184	}
185
186	rc = initialize_jts_user_ads();
187	if ( rc != LDAP_SUCCESS ) {
188		return rc;
189	}
190
191	rc = initialize_jts_permission_ads();
192	if ( rc != LDAP_SUCCESS ) {
193		return rc;
194	}
195
196	rc = initialize_jts_session_permission_ads();
197	if ( rc != LDAP_SUCCESS ) {
198		return rc;
199	}
200
201done:;
202	return rc;
203}
204