- make yp_maplist omit maps with "nis-secure: yes" if the client isn't "secure"

1 files changed, 37 insertions, 27 deletions

diff --git a/src/nis.c b/src/nis.c
index 5dc1855..7426f6c 100644
--- a/src/nis.c
+++ b/src/nis.c
@@ -111,7 +111,7 @@ nis_match(struct plugin_state *state,
 			      &reply_val->valdat.valdat_len,
 			      (const char **) &reply_val->valdat.valdat_val,
 			      &entry_id, NULL) &&
-		    (map_secure ? client_secure : TRUE)) {
+		    (client_secure || !map_secure)) {
 			/* Success! */
 			reply_val->status = YP_TRUE;
 			slapi_log_error(SLAPI_LOG_PLUGIN,
@@ -164,7 +164,7 @@ nis_first(struct plugin_state *state,
 			      &reply_key_val->valdat.valdat_len,
 			      &reply_key_val->valdat.valdat_val,
 			      &entry_id, &entry_key_index) &&
-		    (map_secure ? client_secure : TRUE)) {
+		    (client_secure || !map_secure)) {
 			/* Success! */
 			reply_key_val->status = YP_TRUE;
 			slapi_log_error(SLAPI_LOG_PLUGIN,
@@ -214,7 +214,7 @@ nis_next(struct plugin_state *state,
 			     &reply_key_val->keydat.keydat_val,
 			     &reply_key_val->valdat.valdat_len,
 			     &reply_key_val->valdat.valdat_val) &&
-		    (map_secure ? client_secure : TRUE)) {
+		    (client_secure || !map_secure)) {
 			/* Success! */
 			reply_key_val->status = YP_TRUE;
 			slapi_log_error(SLAPI_LOG_PLUGIN,
@@ -237,7 +237,7 @@ nis_next(struct plugin_state *state,
 				      &reply_key_val->valdat.valdat_len,
 				      (const char **) &reply_key_val->valdat.valdat_val,
 				      &entry_id, NULL) &&
-			    (map_secure ? client_secure : TRUE)) {
+			    (client_secure || !map_secure)) {
 				/* Have data for this key, but not the next. */
 				reply_key_val->status = YP_NOMORE;
 			} else {
@@ -346,7 +346,7 @@ nis_order(struct plugin_state *state,
 		reply_order->status = YP_TRUE;
 		if (map_order(state, req_nokey.domain, req_nokey.map,
 			      &map_secure, &reply_order->ordernum) &&
-			      (map_secure ? client_secure : TRUE)) {
+			      (client_secure || !map_secure)) {
 			reply_order->status = YP_TRUE;
 			slapi_log_error(SLAPI_LOG_PLUGIN,
 					state->plugin_desc->spd_id,
@@ -370,55 +370,65 @@ nis_order(struct plugin_state *state,
 }
 
 /* Return the list of maps. */
+struct nis_maplist_cbdata {
+	struct ypmaplist *list;
+	bool_t client_secure;
+};
 static bool_t
 nis_maplist_cb(const char *domain, const char *mapname, bool_t secure,
-	       void *backend_data, void *cbdata)
+	       void *backend_data, void *cb_data)
 {
 	struct ypmaplist **list, *next;
-	list = cbdata;
-	next = malloc(sizeof(*next));
-	if (next != NULL) {
-		memset(next, 0, sizeof(*next));
-		next->map = strdup(mapname);
-		if (next->map == NULL) {
-			free(next);
-			return TRUE;
+	struct nis_maplist_cbdata *cbdata;
+	cbdata = cb_data;
+	if (cbdata->client_secure || !secure) {
+		next = malloc(sizeof(*next));
+		if (next != NULL) {
+			memset(next, 0, sizeof(*next));
+			next->map = strdup(mapname);
+			if (next->map == NULL) {
+				free(next);
+				return TRUE;
+			}
+			next->next = cbdata->list;
+			cbdata->list = next;
 		}
-		next->next = *list;
-		*list = next;
 	}
 	return TRUE;
 }
 static void
-nis_free_maplist_cb_result(struct ypmaplist **list)
+nis_free_maplist_cb_result(struct nis_maplist_cbdata *cbdata)
 {
 	struct ypmaplist *node, *next;
-	node = *list;
+	node = cbdata->list;
 	while (node != NULL) {
 		next = node->next;
 		free(node->map);
 		free(node);
 		node = next;
 	}
+	cbdata->list = NULL;
 }
 static void
 nis_maplist(struct plugin_state *state,
 	    dispatch_reply_fragment *reply_fragment_fn,
 	    dispatch_reply *reply_fn,
 	    struct dispatch_client_data *cdata,
-	    XDR *request_xdrs,
+	    XDR *request_xdrs, bool_t client_secure,
 	    struct rpc_msg *reply, XDR *reply_xdrs,
 	    struct ypresp_maplist *reply_maplist)
 {
 	char *domain = NULL;
 	struct ypmaplist *list;
+	struct nis_maplist_cbdata cbdata;
 	memset(reply_maplist, 0, sizeof(*reply_maplist));
 	if (xdr_string(request_xdrs, &domain, YPMAXDOMAIN)) {
 		map_rdlock();
-		list = NULL;
-		map_data_foreach_map(state, domain, nis_maplist_cb, &list);
+		cbdata.list = NULL;
+		cbdata.client_secure = client_secure;
+		map_data_foreach_map(state, domain, nis_maplist_cb, &cbdata);
 		reply_maplist->status = YP_TRUE;
-		reply_maplist->list = list;
+		reply_maplist->list = cbdata.list;
 		if (reply_maplist->list == NULL) {
 			slapi_log_error(SLAPI_LOG_PLUGIN,
 					state->plugin_desc->spd_id,
@@ -435,7 +445,7 @@ nis_maplist(struct plugin_state *state,
 			}
 		}
 		(*reply_fn)(state, cdata, reply, reply_xdrs);
-		nis_free_maplist_cb_result(&list);
+		nis_free_maplist_cb_result(&cbdata);
 		map_unlock();
 	} else {
 		/* XXX */
@@ -591,7 +601,7 @@ nis_all(struct plugin_state *state,
 						  &reply_val->valdat_val,
 						  &entry_id,
 						  &entry_key_index) &&
-					(map_secure ? client_secure : TRUE);
+				        (client_secure || !map_secure);
 				if (found) {
 					/* Next time grab the entry after this
 					 * one. */
@@ -654,7 +664,7 @@ nis_all(struct plugin_state *state,
 						    &reply_val->valdat_val,
 						    &entry_id,
 						    &entry_key_index) &&
-					(map_secure ? client_secure : TRUE);
+				        (client_secure || !map_secure);
 				if (found) {
 					slapi_log_error(SLAPI_LOG_PLUGIN,
 							state->plugin_desc->spd_id,
@@ -719,7 +729,7 @@ nis_all(struct plugin_state *state,
 						     &reply_val->valdat_len,
 						     (const char **) &reply_val->valdat_val,
 						     &entry_id, NULL) &&
-					(map_secure ? client_secure : TRUE);
+				        (client_secure || !map_secure);
 				entry_key_index = cookie->key_index;
 				if (found) {
 					/* Next time grab the entry after this
@@ -1131,7 +1141,7 @@ nis_process_request(struct plugin_state *state,
 		accepted->ar_results.proc = (xdrproc_t) xdr_ypresp_maplist;
 		/* Call the real function. */
 		nis_maplist(state, reply_fragment_fn, reply_fn,
-			    cdata, &request_xdrs,
+			    cdata, &request_xdrs, client_secure,
 			    &reply, &reply_xdrs, &reply_maplist);
 		goto sent_reply;
 		break;