1 files changed, 198 insertions, 0 deletions

diff --git a/contrib/slapd-modules/rbac/jts.c b/contrib/slapd-modules/rbac/jts.c
new file mode 100644
index 0000000..c7c072b
--- /dev/null
+++ b/contrib/slapd-modules/rbac/jts.c
@@ -0,0 +1,198 @@
+/* jts.c - RBAC JTS initialization */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+struct slap_rbac_tenant_schema slap_rbac_jts_schema;
+
+/* to replace all JTS schema initialization */
+rbac_ad_t ft_ads[] = {
+	{ RBAC_ROLE_ASSIGNMENT,
+		BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role },
+	{ RBAC_ROLE_CONSTRAINTS,
+		BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint },
+	{ RBAC_USER_CONSTRAINTS,
+		BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint },
+	{ RBAC_UID,
+		BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid },
+	{ RBAC_USERS,
+		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
+	{ RBAC_ROLES,
+		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
+	{ RBAC_OBJ_NAME,
+		BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname },
+	{ RBAC_OP_NAME,
+		BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+rbac_ad_t ft_user_ads[] = {
+	{ RBAC_ROLE_ASSIGNMENT,
+		BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role },
+	{ RBAC_ROLE_CONSTRAINTS,
+		BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint },
+	{ RBAC_USER_CONSTRAINTS,
+		BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint },
+	{ RBAC_UID,
+		BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+rbac_ad_t ft_perm_ads[] = {
+	{ RBAC_USERS,
+		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
+	{ RBAC_ROLES,
+		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+rbac_ad_t ft_session_perm_ads[] = {
+	{ RBAC_USERS,
+		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
+	{ RBAC_ROLES,
+		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
+	{ RBAC_OBJ_NAME,
+		BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname },
+	{ RBAC_OP_NAME,
+		BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+static int
+initialize_jts_session_permission_ads()
+{
+	int i, nattrs, rc = LDAP_SUCCESS;
+
+	for ( nattrs = 0; !BER_BVISNULL( &ft_session_perm_ads[nattrs].attr );
+			nattrs++ )
+		; /* count the number of attrs */
+
+	slap_rbac_jts_schema.session_perm_attrs =
+			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
+
+	for ( i = 0; !BER_BVISNULL( &ft_session_perm_ads[i].attr ); i++ ) {
+		slap_rbac_jts_schema.session_perm_attrs[i].an_name =
+				ft_session_perm_ads[i].attr;
+		slap_rbac_jts_schema.session_perm_attrs[i].an_desc =
+				*ft_session_perm_ads[i].ad;
+	}
+
+	BER_BVZERO( &slap_rbac_jts_schema.session_perm_attrs[nattrs].an_name );
+
+	slap_rbac_jts_schema.session_permissions_ads = ft_session_perm_ads;
+
+	return rc;
+}
+
+static int
+initialize_jts_permission_ads()
+{
+	int i, nattrs, rc = LDAP_SUCCESS;
+
+	/* jts permissions configuration */
+
+	for ( nattrs = 0; !BER_BVISNULL( &ft_perm_ads[nattrs].attr ); nattrs++ )
+		; /* count the number of attrs */
+
+	slap_rbac_jts_schema.perm_attrs =
+			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
+
+	for ( i = 0; !BER_BVISNULL( &ft_perm_ads[i].attr ); i++ ) {
+		slap_rbac_jts_schema.perm_attrs[i].an_name = ft_perm_ads[i].attr;
+		slap_rbac_jts_schema.perm_attrs[i].an_desc = *ft_perm_ads[i].ad;
+	}
+
+	BER_BVZERO( &slap_rbac_jts_schema.perm_attrs[nattrs].an_name );
+
+	slap_rbac_jts_schema.permission_ads = ft_perm_ads;
+
+	return rc;
+}
+
+static int
+initialize_jts_user_ads()
+{
+	int i, nattrs, rc = LDAP_SUCCESS;
+
+	/* jts user attribute descriptions */
+
+	/* jts user attributes */
+	for ( nattrs = 0; !BER_BVISNULL( &ft_user_ads[nattrs].attr ); nattrs++ )
+		; /* count the number of attrs */
+
+	slap_rbac_jts_schema.user_attrs =
+			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
+
+	for ( i = 0; !BER_BVISNULL( &ft_user_ads[i].attr ); i++ ) {
+		slap_rbac_jts_schema.user_attrs[i].an_name = ft_user_ads[i].attr;
+		slap_rbac_jts_schema.user_attrs[i].an_desc = *ft_user_ads[i].ad;
+	}
+
+	BER_BVZERO( &slap_rbac_jts_schema.user_attrs[nattrs].an_name );
+
+	slap_rbac_jts_schema.user_ads = ft_user_ads;
+
+	return rc;
+}
+
+int
+initialize_jts()
+{
+	int i, rc;
+	const char *text;
+
+	/* jts attributes */
+	for ( i = 0; !BER_BVISNULL( &ft_ads[i].attr ); i++ ) {
+		rc = slap_bv2ad( &ft_ads[i].attr, ft_ads[i].ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+	}
+
+	rc = initialize_jts_user_ads();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	rc = initialize_jts_permission_ads();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	rc = initialize_jts_session_permission_ads();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+done:;
+	return rc;
+}