summaryrefslogtreecommitdiffstats
path: root/ldap/clients/dsgw/domodify.c
diff options
context:
space:
mode:
Diffstat (limited to 'ldap/clients/dsgw/domodify.c')
-rw-r--r--ldap/clients/dsgw/domodify.c1254
1 files changed, 1254 insertions, 0 deletions
diff --git a/ldap/clients/dsgw/domodify.c b/ldap/clients/dsgw/domodify.c
new file mode 100644
index 00000000..5535311e
--- /dev/null
+++ b/ldap/clients/dsgw/domodify.c
@@ -0,0 +1,1254 @@
+/**
+ * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to
+ * license terms. Copyright © 2001 Sun Microsystems, Inc.
+ * Some preexisting portions Copyright © 2001 Netscape Communications Corp.
+ * All rights reserved.
+ */
+/*
+ * domodify.c -- LDAP modify CGI handler -- HTTP gateway
+ *
+ * Copyright (c) 1996 Netscape Communications Corp.
+ * All rights reserved.
+ */
+
+#include "dsgw.h"
+#include "dbtdsgw.h"
+
+#define DSGW_CHANGETYPE_UNKNOWN 0
+#define DSGW_CHANGETYPE_MODIFY 1
+#define DSGW_CHANGETYPE_ADD 2
+#define DSGW_CHANGETYPE_DELETE 3
+#define DSGW_CHANGETYPE_MODRDN 4
+
+static void post_request();
+static int entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp );
+static int entry_delete( LDAP *ld, char *dn );
+static int entry_modrdn( LDAP *ld, char *dn, char *newrdn, int deleteoldrdn );
+static int gather_passwd_changes( char *dn, LDAPMod ***pmodsp,
+ int adding_entry, int *pwdchangedp );
+static void modify_error( int lderr, char *lderrtxt );
+static void addmodifyop( LDAPMod ***pmodsp, int modop, char *attr,
+ char *value, int vlen );
+static void remove_modifyops( LDAPMod **pmods, char *attr );
+static int starts_with( char *s, char *startswith );
+static char **post2multilinevals( char *postedval );
+static char **post2vals( char *postedval );
+static int require_oldpasswd( char *modifydn );
+static char *dsgw_processdomainid( LDAP *ld, char *dn, char *attr, char *val, int len);
+static int value_is_unique( LDAP *ld, char *dn, char *attr, char *value );
+static LDAPDomainIdStatus
+dsgw_checkdomain_uniqueness( LDAP *ld, char *attr, char *val, int len);
+static int verbose = 0;
+static int quiet = 0;
+static int display_results_inline = 0;
+
+
+int main( argc, argv, env )
+ int argc;
+ char *argv[];
+#ifdef DSGW_DEBUG
+ char *env[];
+#endif
+{
+
+ (void)dsgw_init( argc, argv, DSGW_METHOD_POST );
+ dsgw_send_header();
+
+#ifdef DSGW_DEBUG
+ dsgw_logstringarray( "env", env );
+#endif
+
+ post_request();
+
+ exit( 0 );
+}
+
+
+static void
+post_request()
+{
+ LDAP *ld;
+ int rc, changetype, dnlen, i, passwd_changed, discard_authcreds;
+ char *s, *encodeddn, *dn, *newrdn, *changedesc, **rdns, **oldrdns,
+ *jscomp, *entry_name, *new_name, *success_msg;
+ char *old_dn;
+ char buf[ 256 ];
+#if 0
+ FILE *genfp;
+#endif
+
+ passwd_changed = discard_authcreds = 0;
+ s = dsgw_get_cgi_var( "changetype", DSGW_CGIVAR_REQUIRED );
+ changedesc = XP_GetClientStr(DBT_Editing_);
+
+ if ( strcasecmp( s, "modify" ) == 0 ) {
+ changetype = DSGW_CHANGETYPE_MODIFY;
+ } else if ( strcasecmp( s, "add" ) == 0 ) {
+ changetype = DSGW_CHANGETYPE_ADD;
+ changedesc = XP_GetClientStr(DBT_Adding_);
+ } else if ( strcasecmp( s, "delete" ) == 0 ) {
+ changetype = DSGW_CHANGETYPE_DELETE;
+ changedesc = XP_GetClientStr(DBT_Deleting_);
+ } else if ( strcasecmp( s, "modrdn" ) == 0 ) {
+ changetype = DSGW_CHANGETYPE_MODRDN;
+ changedesc = XP_GetClientStr(DBT_Renaming_);
+ } else {
+ changetype = DSGW_CHANGETYPE_UNKNOWN;
+ }
+
+ encodeddn = dsgw_get_cgi_var( "dn", DSGW_CGIVAR_REQUIRED );
+
+ /* undo extra level of escaping on DN */
+ dn = dsgw_ch_strdup( encodeddn );
+ dsgw_form_unescape( dn );
+ old_dn = dn;
+
+ quiet = dsgw_get_boolean_var( "quiet", DSGW_CGIVAR_OPTIONAL, 0 );
+
+#if 0
+ /*
+ * If the "genscreen" form variable is set, it is the name of a
+ * genscreen-compatible HTML template to display the domodify results
+ * within. We replace the "DS_LAST_OP_INFO" directive with our own
+ * "domodify" output. Presence of "genscreen" also turns on quiet mode.
+ */
+ if (( s = dsgw_get_cgi_var( "genscreen", DSGW_CGIVAR_OPTIONAL )) != NULL &&
+ dsgw_genscreen_begin( s, &genfp, DRCT_DS_LAST_OP_INFO, 0 ) == 0 ) {
+ quiet = display_results_inline = 1;
+ }
+#endif
+
+ verbose = dsgw_get_boolean_var( "verbose", DSGW_CGIVAR_OPTIONAL, 0 );
+ if ( verbose ) {
+ quiet = 0; /* verbose overrides quiet */
+ }
+
+ if ( dsgw_init_ldap( &ld, NULL, 0, 0) != DSGW_BOUND_ASUSER ) {
+ dsgw_emitf( XP_GetClientStr(DBT_warningNoAuthenticationContinuin_) );
+ }
+
+ if ( !quiet ) {
+ PR_snprintf( buf, 256,
+ XP_GetClientStr(DBT_SDirectoryEntry_), changedesc );
+ dsgw_html_begin( buf, 1 );
+ } else {
+ dsgw_html_begin( NULL, 0 );
+ }
+
+ dsgw_emits( "\n<FONT SIZE=+1>\n" );
+
+ rdns = ldap_explode_dn( dn, 1 );
+ if ( rdns == NULL || rdns[ 0 ] == NULL ) {
+ entry_name = dn;
+ } else {
+ entry_name = dsgw_ch_strdup( rdns[ 0 ] );
+ }
+ new_name = success_msg = "";
+ dsgw_emitf( "%s <B>%s</B>...\n</FONT>\n\n", changedesc, entry_name );
+ if ( rdns != NULL ) {
+ ldap_value_free( rdns );
+ }
+
+ if ( verbose ) {
+ dsgw_emitf( XP_GetClientStr(DBT_PreEntryDnSPrePN_), dn );
+ }
+
+ /*
+ * For end-user CGIs under admin server, if we're talking to a local DB,
+ * then there's no access control, and therefore we need to disallow
+ * people from changing entries other than their own. Do that check right
+ * here.
+ */
+ if ( gc->gc_enduser && gc->gc_localdbconf != NULL ) {
+ char *bdn;
+ (void)dsgw_get_adm_identity( ld, NULL, &bdn, NULL, DSGW_ERROPT_EXIT );
+ /* Make sure DN we're bound as matches the DN being modified */
+ if ( dsgw_dn_cmp( dn, bdn ) == 0 ) {
+ /* Not the same - generate an error and bail out */
+ dsgw_error( DSGW_ERR_LOCALDB_PERMISSION_DENIED, NULL,
+ DSGW_ERROPT_EXIT, 0, NULL );
+ }
+ }
+
+ rc = LDAP_SUCCESS;
+ switch( changetype ) {
+ case DSGW_CHANGETYPE_MODIFY:
+ if ( dsgw_get_boolean_var( "changed_DN", DSGW_CGIVAR_OPTIONAL, 0 )) {
+ /* Collect all the inputs named "replace_DN_attr", where
+ attr is an LDAP attribute type. Construct an AVA from
+ each such input, and combine the AVAs to form newrdn.
+ */
+ auto int i = 0;
+ auto char *varname, *val;
+ auto size_t newrdn_len;
+ newrdn = NULL;
+ while ( (varname = dsgw_next_cgi_var( &i, &val )) != NULL) {
+ if ( starts_with( varname, "replace_" )) {
+ auto char* attr = varname;
+ auto int is_rdn = 0;
+ {
+ auto char* p;
+ while (( p = strchr( attr, '_' )) != NULL ) {
+ attr = p + 1;
+ if ( starts_with( attr, "DN_" )) {
+ is_rdn = 1;
+ } /* ignore any other prefixes */
+ }
+ }
+ if (is_rdn && strlen(val) > 0) {
+ auto const size_t attrlen = strlen (attr);
+ auto const size_t val_len = strlen (val);
+ auto const size_t ava_len = attrlen + 1 + val_len;
+ auto char* ava;
+ if (newrdn == NULL) {
+ ava = newrdn = dsgw_ch_malloc (ava_len + 1);
+ newrdn_len = ava_len;
+ } else {
+ newrdn = dsgw_ch_realloc (newrdn, newrdn_len + ava_len + 2);
+ memcpy (newrdn + newrdn_len, "+", 1);
+ ava = newrdn + newrdn_len + 1;
+ newrdn_len += (ava_len + 1);
+ }
+ memcpy (ava, attr, attrlen);
+ memcpy (ava + attrlen, "=", 1);
+ memcpy (ava + attrlen + 1, val, val_len + 1);
+ }
+ }
+ free (varname);
+ }
+ if (newrdn) goto continue_modrdn;
+ /* else failed to compute newrdn */
+ }
+ break;
+ case DSGW_CHANGETYPE_MODRDN:
+ newrdn = dsgw_get_cgi_var( "newrdn", DSGW_CGIVAR_REQUIRED );
+ continue_modrdn:
+ dsgw_remove_leading_and_trailing_spaces( &newrdn );
+ rc = entry_modrdn( ld, dn, newrdn, dsgw_get_boolean_var( "deleteoldrdn",
+ DSGW_CGIVAR_OPTIONAL, 0 ));
+
+ if ( rc == LDAP_SUCCESS ) {
+
+ /* construct the new DN so we can insert correct "edit" link */
+ if (( oldrdns = ldap_explode_dn( dn, 0 )) == NULL ) {
+ dsgw_error( DSGW_ERR_NOMEMORY, NULL, DSGW_ERROPT_EXIT,
+ 0, NULL );
+ }
+
+ dnlen = strlen( newrdn ) + 1; /* room for "," */
+ for ( i = 1; oldrdns[ i ] != NULL; ++i ) {
+ dnlen += ( 1 + strlen( oldrdns[ i ] ));
+ }
+ dn = dsgw_ch_malloc( dnlen + 1 );
+ *dn = '\0';
+ strcat( dn, newrdn );
+ for ( i = 1; oldrdns[ i ] != NULL; ++i ) {
+ strcat( dn, "," );
+ strcat( dn, oldrdns[ i ] );
+ }
+ ldap_value_free( oldrdns );
+ free( encodeddn );
+ encodeddn = dsgw_strdup_escaped( dn );
+
+ success_msg = XP_GetClientStr(DBT_renamedBSBToBSB_);
+ if (( rdns = ldap_explode_rdn( newrdn, 1 )) == NULL
+ || rdns[ 0 ] == NULL ) {
+ new_name = newrdn;
+ } else {
+ new_name = dsgw_ch_strdup (rdns[ 0 ]);
+ ldap_value_free( rdns );
+ }
+ }
+ break;
+ default:
+ break;
+ }
+
+ switch( changetype ) {
+ case DSGW_CHANGETYPE_MODIFY:
+ if (rc != LDAP_SUCCESS) break;
+ case DSGW_CHANGETYPE_ADD:
+ rc = entry_modify_or_add( ld, dn, changetype == DSGW_CHANGETYPE_ADD,
+ &passwd_changed );
+ if ( changetype == DSGW_CHANGETYPE_MODIFY ) {
+ success_msg = XP_GetClientStr(DBT_changesToBSBHaveBeenSaved_);
+ } else {
+ success_msg = XP_GetClientStr(DBT_BSBHasBeenAdded_);
+ }
+ break;
+ case DSGW_CHANGETYPE_DELETE:
+ rc = entry_delete( ld, dn );
+ success_msg = XP_GetClientStr(DBT_BSBHasBeenDeleted_);
+ break;
+ case DSGW_CHANGETYPE_MODRDN:
+ break;
+ default:
+ rc = LDAP_PARAM_ERROR;
+ }
+
+ /*
+ * If we are not running under the admin. server AND the operation
+ * succeeded and the user is bound as the entry they just changed,
+ * AND one of these conditions is true:
+ * 1. we changed the password
+ * 2. we did a modrdn
+ * 3. we deleted the entry
+ * then the auth. credentials should be discarded. If we do discard, we
+ * print an informative message for the user.
+ */
+ if ( !gc->gc_admserv && rc == LDAP_SUCCESS &&
+ ( changetype == DSGW_CHANGETYPE_DELETE || dn != old_dn ||
+ ( changetype == DSGW_CHANGETYPE_MODIFY && passwd_changed )) &&
+ dsgw_bound_as_dn( old_dn, 0 )) {
+ char *authck;
+
+ /* first, remove the cookie from the cookie database (ignore errors) */
+ if (( authck = dsgw_get_auth_cookie()) != NULL ) {
+ (void)dsgw_delcookie( authck );
+ }
+
+ /* output JavaScript to clear the cookie in the user's browser */
+ dsgw_emits( "<SCRIPT LANGUAGE=\"JavaScript\">\n" );
+ dsgw_emits( "<!-- Hide from non-JavaScript browsers\n" );
+ dsgw_emitf( "document.cookie = '%s=%s; path=/'\n",
+ DSGW_AUTHCKNAME, DSGW_UNAUTHSTR );
+ dsgw_emits( "// End Hiding -->\n</SCRIPT>\n" );
+ dsgw_emitf( XP_GetClientStr(DBT_PBNoteBBecauseYouSTheEntryYouWer_),
+ ( changetype == DSGW_CHANGETYPE_DELETE ) ? XP_GetClientStr(DBT_deleted_) :
+ ( dn != old_dn ) ? XP_GetClientStr(DBT_renamed_) :
+ XP_GetClientStr(DBT_changedThePasswordOf_) );
+ }
+
+ if ( rc == LDAP_SUCCESS ) {
+ /*
+ * check for "completion_javascript" form var and
+ * execute it if present.
+ */
+ jscomp = dsgw_get_cgi_var( "completion_javascript",
+ DSGW_CGIVAR_OPTIONAL );
+ if ( jscomp != NULL ) {
+ char *entry_name_js;
+ char *new_name_js;
+
+ entry_name_js = dsgw_escape_quotes( entry_name );
+ new_name_js = dsgw_escape_quotes( new_name );
+ dsgw_emits( "<SCRIPT LANGUAGE=\"JavaScript\">\n" );
+ dsgw_emits( "dsmodify_info = '" );
+ dsgw_emitf( success_msg, entry_name_js, new_name_js );
+ dsgw_emits( "';\n" );
+ dsgw_emitf( "dsmodify_dn = '%s';\n",
+ ( changetype == DSGW_CHANGETYPE_DELETE ) ? "":
+ encodeddn );
+ dsgw_emitf( "eval('%s');\n", jscomp );
+ dsgw_emits( "</SCRIPT>\n" );
+ }
+ } else {
+ jscomp = NULL;
+ }
+
+ if (( jscomp == NULL || changetype == DSGW_CHANGETYPE_DELETE )
+ && !gc->gc_admserv ) {
+ dsgw_form_begin( NULL, NULL );
+ dsgw_emits( "\n<CENTER><TABLE border=2 width=\"100%\"><TR>\n" );
+ /*
+ * Show framed button. If the modify succeeded, it is "Close".
+ * If the modify failed, it is "Go Back."
+ */
+ dsgw_emits( "<TD WIDTH=\"100%\" ALIGN=\"center\">\n" );
+ if ( rc == LDAP_SUCCESS ) {
+ dsgw_emitf( "<INPUT TYPE=\"button\" VALUE=\"%s\" "
+ "onClick=\"parent.close()\">\n",
+ XP_GetClientStr(DBT_closeWindow_) );
+ } else {
+ dsgw_emitf( "<INPUT TYPE=\"button\" VALUE=\"%s\" "
+ "onClick=\"history.back()\">\n",
+ XP_GetClientStr(DBT_goBack_) );
+ }
+ dsgw_emits( "\n</TABLE></CENTER></FORM>\n" );
+ }
+
+#if 0
+ if ( display_results_inline && genfp != NULL ) {
+ dsgw_emits( "<HR>\n" );
+ dsgw_genscreen_continue( &genfp, NULL, 0 );
+ } else if ( !quiet ) {
+ dsgw_html_end();
+ }
+#else
+ if ( !quiet ) {
+ dsgw_html_end();
+ }
+#endif
+ ldap_unbind( ld );
+ if (old_dn != dn) free ( old_dn );
+ free( dn );
+}
+
+static int
+entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp )
+{
+ int lderr, i, j, opoffset, modop, mls, unique, unchanged_count;
+ char *varname, *varvalue, *retval, *attr, *p, **vals, **unchanged_attrs;
+ char *userid = NULL, *oc_ntuser = NULL;
+ char userdomainid[512];
+
+ char *groupname = NULL;
+ char groupdomainid[512];
+
+ LDAPMod **pmods;
+
+ int msgid;
+ LDAPMessage *res = NULL;
+ char *errmsg = NULL;
+
+ memset( userdomainid, 0, sizeof( userdomainid ));
+ memset( groupdomainid, 0, sizeof( groupdomainid ));
+
+ pmods = NULL;
+ unchanged_attrs = NULL;
+ unchanged_count = 0;
+
+ /*
+ * Gather up password changes (if present in CGI POST)
+ */
+ if (( lderr = gather_passwd_changes( dn, &pmods, add, pwdchangedp ))
+ != LDAP_SUCCESS ) {
+ return( lderr );
+ }
+
+ if ( verbose ) {
+ dsgw_emitf( "<PRE>\n" );
+ }
+
+ /*
+ * Gather up other changes: each attribute value is POSTed in a variable
+ * named:
+ * add_[unique_]ATTR
+ * replace_[unique_][DN_]ATTR
+ * or delete_[unique_]ATTR
+ *
+ * where ATTR is the LDAP attribute name and "unique_" is optional (if
+ * present, we check to make sure the value is not in use before accepting
+ * a replace or add).
+ *
+ * Additionally, if a variable name changed_ATTR is POSTed and its value
+ * is not "true", it is assumed that no values have changed for that
+ * ATTRibute. If no "changed_ATTR" variable is POSTed, we assume that
+ * ATTR has in fact changed.
+ */
+ i = 0;
+ while (( varname = dsgw_next_cgi_var( &i, &varvalue )) != NULL ) {
+ if ( varvalue != NULL && *varvalue == '\0' ) {
+ varvalue = NULL;
+ } else {
+ dsgw_remove_leading_and_trailing_spaces( &varvalue );
+ }
+
+ opoffset = -1;
+ if ( starts_with( varname, "add_" )) {
+ modop = LDAP_MOD_ADD;
+ opoffset = 4;
+ } else if ( starts_with( varname, "replace_" )) {
+ modop = LDAP_MOD_REPLACE;
+ opoffset = 8;
+ attr = varname + opoffset;
+ if( strcasecmp( DSGW_ATTRTYPE_NTUSERDOMAINID, attr) == 0) {
+ if( varvalue) {
+ if( !userid )
+ userid = strdup( varvalue );
+ else
+ strcpy( userdomainid, varvalue );
+ }
+ }
+ if( strcasecmp( DSGW_ATTRTYPE_NTGROUPDOMAINID, attr) == 0) {
+ if( varvalue) {
+ if( !groupname )
+ groupname = strdup( varvalue );
+ else
+ strcpy( groupdomainid, varvalue );
+ }
+ }
+ } else if ( starts_with( varname, "delete_" )) {
+ modop = LDAP_MOD_DELETE;
+ opoffset = 7;
+ } else if ( !strcmp( varname, "changed_DN" )) {
+ /* ignore it */
+ } else if ( starts_with( varname, "changed_" )) {
+ attr = varname + 8;
+ if ( verbose && strcasecmp( varvalue, "true" ) == 0 ) {
+ dsgw_emitf( XP_GetClientStr(DBT_attributeSWasChangedBrN_), attr );
+ }
+ if ( varvalue != NULL && strcasecmp( varvalue, "true" ) != 0 ) {
+ unchanged_attrs = (char **)dsgw_ch_realloc( unchanged_attrs,
+ ( 2 + unchanged_count ) * sizeof( char * ));
+ unchanged_attrs[ unchanged_count++ ] = dsgw_ch_strdup( attr );
+ unchanged_attrs[ unchanged_count ] = NULL;
+
+ if ( pmods != NULL ) {
+ remove_modifyops( pmods, attr );
+ }
+ }
+ } else if ( starts_with( varname, "replace_" )) {
+ modop = LDAP_MOD_REPLACE;
+ opoffset = 8;
+ attr = varname + opoffset;
+ if( strcasecmp( DSGW_ATTRTYPE_USERID, attr) == 0)
+ if( varvalue)
+ userid = strdup( varvalue );
+ if( strcasecmp( DSGW_ATTRTYPE_NTUSERDOMAINID, attr) == 0)
+ if( varvalue)
+ strcpy( userdomainid, varvalue );
+ if( strcasecmp( DSGW_ATTRTYPE_NTGROUPNAME, attr) == 0)
+ if( varvalue)
+ groupname = strdup( varvalue );
+ if( strcasecmp( DSGW_ATTRTYPE_NTGROUPDOMAINID, attr) == 0)
+ if( varvalue)
+ strcpy( groupdomainid, varvalue );
+ }
+
+ if ( opoffset >= 0 ) {
+ attr = varname + opoffset;
+ mls = 0;
+ unique = 0;
+ while (( p = strchr( attr, '_' )) != NULL ) {
+ if ( starts_with( attr, "mls_" )) {
+ mls = 1;
+ } else if ( starts_with( attr, "unique_" )) {
+ unique = 1;
+ } /* ignore any other prefixes */
+ attr = p + 1;
+ }
+
+ for ( j = 0; j < unchanged_count; ++j ) {
+ if ( strcasecmp( unchanged_attrs[ j ], attr ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( j >= unchanged_count ) {
+ if ( varvalue == NULL || *varvalue == '\0' ) {
+ vals = NULL;
+ varvalue = NULL;
+ } else {
+ varvalue = dsgw_ch_strdup( varvalue );
+ if ( mls ) {
+ vals = post2multilinevals( varvalue );
+ } else {
+ vals = post2vals( varvalue );
+ }
+ }
+ if ( vals == NULL ) {
+ if ( modop != LDAP_MOD_ADD ) {
+ addmodifyop( &pmods, modop, attr, NULL, 0 );
+ }
+ } else {
+ for ( j = 0; vals[ j ] != NULL; ++j ) {
+ if ( unique && modop != LDAP_MOD_DELETE && ( lderr =
+ value_is_unique( ld, dn, attr, vals[ j ] )) !=
+ LDAP_SUCCESS ) {
+ return( lderr );
+ }
+ if( strcasecmp( DSGW_OC_NTUSER, varvalue) == 0 &&
+ modop == LDAP_MOD_ADD ) {
+ oc_ntuser = strdup( vals[ j ] );
+ }
+
+ if( strcasecmp( DSGW_ATTRTYPE_NTUSERDOMAINID, attr) == 0) {
+ if( modop == LDAP_MOD_ADD ) {
+ if( userid == NULL ) {
+ userid = strdup( vals[ j ] );
+ break;
+ } else {
+ memset( userdomainid, 0, sizeof( userdomainid ));
+ PR_snprintf( userdomainid, 512, "%s%c%s",
+ vals[ j ], DSGW_NTDOMAINID_SEP, userid );
+ if( dsgw_checkdomain_uniqueness( ld, attr,
+ userdomainid, strlen( userdomainid ) ) !=
+ LDAPDomainIdStatus_Unique) {
+ dsgw_error( DSGW_ERR_DOMAINID_NOTUNIQUE,
+ NULL, 0, 0, NULL );
+ return(LDAP_PARAM_ERROR);
+ } else {
+ /* don't free here because this is freed elsewhere */
+ /*
+ free( vals[ j ] );
+ */
+ vals[ j ] = strdup( userdomainid );
+ }
+ }
+ } else {
+ if(( retval = dsgw_processdomainid( ld, dn, attr,
+ vals[ j ], strlen( vals[ j ] ))) != 0) {
+ vals[ j ] = retval;
+ }
+ }
+ }
+
+ if( strcasecmp( DSGW_ATTRTYPE_NTGROUPDOMAINID, attr) == 0) {
+ if( modop == LDAP_MOD_ADD ) {
+ if( groupname == NULL ) {
+ groupname = strdup( vals[ j ] );
+ break;
+ } else {
+ memset( groupdomainid, 0, sizeof( groupdomainid ));
+ PR_snprintf( groupdomainid, 512, "%s%c%s",
+ vals[ j ], DSGW_NTDOMAINID_SEP, groupname );
+ if( dsgw_checkdomain_uniqueness( ld, attr,
+ groupdomainid, strlen( groupdomainid ) ) !=
+ LDAPDomainIdStatus_Unique) {
+ dsgw_error( DSGW_ERR_DOMAINID_NOTUNIQUE,
+ NULL, 0, 0, NULL );
+ return(LDAP_PARAM_ERROR);
+ } else {
+ /* don't free here because this is freed elsewhere */
+ /*
+ free( vals[ j ] );
+ */
+ vals[ j ] = strdup( groupdomainid );
+ }
+ }
+ } else {
+ if(( retval = dsgw_processdomainid( ld, dn, attr,
+ vals[ j ], strlen( vals[ j ] ))) != 0) {
+ vals[ j ] = retval;
+ }
+ }
+ }
+ addmodifyop( &pmods, modop, attr, vals[ j ],
+ strlen( vals[ j ] ));
+ }
+ free( vals );
+ }
+ if ( varvalue != NULL ) {
+ free( varvalue );
+ }
+ }
+ }
+
+ free( varname );
+ }
+
+ if( oc_ntuser != NULL &&
+ ((strlen( userdomainid ) == 0) || userid == NULL )) {
+ dsgw_error( DSGW_ERR_USERID_DOMAINID_REQUIRED, NULL, 0, 0, NULL );
+ return(LDAP_PARAM_ERROR);
+ }
+
+ if( strlen( userdomainid ) > 0 && userid == NULL ) {
+ dsgw_error( DSGW_ERR_USERID_REQUIRED, NULL, 0, 0, NULL );
+ return(LDAP_PARAM_ERROR);
+ }
+
+ if( strlen( userdomainid ) > 0 && userid &&
+ strlen( userid ) > MAX_NTUSERID_LEN) {
+ dsgw_error( DSGW_ERR_USERID_MAXLEN_EXCEEDED, NULL, 0, 0, NULL );
+ return(LDAP_PARAM_ERROR);
+ }
+
+ if ( verbose && pmods != NULL ) {
+ int j, notascii;
+ unsigned long k;
+ struct berval *bvp;
+
+ for ( i = 0; pmods[ i ] != NULL; ++i ) {
+ modop = pmods[ i ]->mod_op & ~LDAP_MOD_BVALUES;
+ dsgw_emitf( "%s %s:\n", modop == LDAP_MOD_REPLACE ?
+ "replace" : modop == LDAP_MOD_ADD ?
+ "add" : "delete", pmods[ i ]->mod_type );
+ if ( pmods[ i ]->mod_bvalues != NULL ) {
+ for ( j = 0; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) {
+ bvp = pmods[ i ]->mod_bvalues[ j ];
+ notascii = 0;
+ for ( k = 0; k < bvp->bv_len; ++k ) {
+ if ( !isascii( bvp->bv_val[ k ] )) {
+ notascii = 1;
+ break;
+ }
+ }
+ if ( notascii ) {
+ dsgw_emitf( XP_GetClientStr(DBT_TnotAsciiLdBytesN_), bvp->bv_len );
+ } else {
+ dsgw_emitf( "\t\"%s\"\n", bvp->bv_val );
+ }
+ }
+ }
+ }
+ }
+
+ if ( verbose ) {
+ dsgw_emitf( "</PRE>\n" );
+ fflush( stdout );
+ }
+
+ dsgw_emitf( "<FONT SIZE=+1>\n" );
+
+ /*
+ * apply the changes using LDAP
+ */
+ if ( pmods == NULL ) {
+ if ( add ) {
+ dsgw_emits( XP_GetClientStr(DBT_noValuesWereEnteredPleaseTryAgai_) );
+ lderr = LDAP_PARAM_ERROR;
+ } else { /* no changes -- just report success */
+ lderr = LDAP_SUCCESS;
+ if ( !quiet ) {
+ dsgw_emitf( XP_GetClientStr(DBT_PSuccessfullyEditedEntryYourChan_) );
+ }
+ }
+ } else {
+ if ( !quiet ) {
+ dsgw_emitf( XP_GetClientStr(DBT_PSendingSToTheDirectoryServerN_),
+ add ? XP_GetClientStr(DBT_information_) : XP_GetClientStr(DBT_changes_));
+ fflush( stdout );
+ }
+
+ if ( add ) {
+ lderr = ldap_add_ext( ld, dn, pmods, NULL, NULL, &msgid );
+ } else {
+ lderr = ldap_modify_ext( ld, dn, pmods, NULL, NULL, &msgid );
+ }
+
+ if( lderr == LDAP_SUCCESS ) {
+ if(( lderr = ldap_result( ld, msgid, 1, (struct timeval *)NULL, &res )) == -1 ) {
+ lderr = ldap_get_lderrno( ld, NULL, &errmsg );
+ modify_error( lderr, errmsg );
+ } else {
+ lderr = ldap_result2error( ld, res, 1 );
+ if ( lderr == LDAP_SUCCESS ) {
+ if ( !quiet ) {
+ if ( add ) {
+ dsgw_emitf( XP_GetClientStr(DBT_PSuccessfullyAddedEntryN_) );
+ } else {
+ dsgw_emitf( XP_GetClientStr(DBT_PSuccessfullyEditedEntryYourChan_) );
+ }
+ }
+ } else {
+ (void)ldap_get_lderrno( ld, NULL, &errmsg );
+ modify_error( lderr, errmsg );
+
+ /* Do some checks for password policy infractions. */
+ if( lderr == LDAP_CONSTRAINT_VIOLATION ) {
+ if( errmsg && strstr( errmsg, "invalid password syntax" ) )
+ dsgw_emitf( "<BR>(%s)", XP_GetClientStr(DBT_InvalidPasswordSyntax_) );
+ else if( errmsg && strstr( errmsg, "password in history" ) )
+ dsgw_emitf( "<BR>(%s)", XP_GetClientStr(DBT_PasswordInHistory_) );
+ }
+ }
+ }
+ } else {
+ (void)ldap_get_lderrno( ld, NULL, &errmsg );
+ modify_error( lderr, errmsg );
+ }
+
+ ldap_mods_free( pmods, 1 );
+ }
+
+ dsgw_emitf( "</FONT>\n" );
+ return( lderr );
+}
+
+
+static int
+entry_delete( LDAP *ld, char *dn )
+{
+ int lderr;
+ char *errmsg = NULL;
+
+ dsgw_emitf( "<FONT SIZE=+1>\n" );
+ if (( lderr = ldap_delete_s( ld, dn )) == LDAP_SUCCESS ) {
+ if ( !quiet ) {
+ dsgw_emitf( XP_GetClientStr(DBT_PSuccessfullyDeletedEntryN_) );
+ }
+ } else {
+ (void)ldap_get_lderrno( ld, NULL, &errmsg );
+ modify_error( lderr, errmsg );
+ }
+
+ dsgw_emitf( "</FONT>\n" );
+ return( lderr );
+}
+
+
+static int
+entry_modrdn( LDAP *ld, char *dn, char *newrdn, int deleteoldrdn )
+{
+ int lderr;
+ char *errmsg = NULL;
+
+ if ( verbose ) {
+ dsgw_emitf( XP_GetClientStr(DBT_PreTheNewNameForTheEntryIsSNPreH_),
+ newrdn );
+ }
+
+ dsgw_emitf( "<FONT SIZE=+1>\n" );
+ if (( lderr = ldap_modrdn2_s( ld, dn, newrdn, deleteoldrdn ))
+ == LDAP_SUCCESS ) {
+ if ( !quiet ) {
+ dsgw_emitf( XP_GetClientStr(DBT_PSuccessfullyRenamedEntryN_) );
+ }
+ } else {
+ (void)ldap_get_lderrno( ld, NULL, &errmsg );
+ modify_error( lderr, errmsg );
+ }
+
+ dsgw_emitf( "</FONT>\n" );
+ return( lderr );
+}
+
+
+static int
+gather_passwd_changes( char *dn, LDAPMod ***pmodsp, int adding_entry,
+ int *pwdchangedp )
+{
+ int lderr, lockpasswd;
+ char *bindpasswd, *newpasswd, *newpasswdconfirm, *errstring;
+
+ lockpasswd = dsgw_get_boolean_var( "lockpasswd", 0, 0 );
+ if ( lockpasswd ) {
+ /*
+ * the userPassword attribute to a special value that no password
+ * submitted by a user can ever match.
+ */
+ time_t curtime;
+ struct tm *gmtp;
+ char *tstr;
+
+ /* get string representation of current GMT time */
+ curtime = time( NULL );
+ gmtp = gmtime( &curtime );
+ tstr = asctime( gmtp );
+
+ /* remove trailing newline */
+ tstr[ strlen( tstr ) - 1 ] = '\0';
+
+ /* allocate room for "{crypt}LOCKED [" + tstr + " GMT]" + zero byte */
+ newpasswd = dsgw_ch_malloc( 15 + strlen( tstr ) + 5 + 1 );
+ sprintf( newpasswd, XP_GetClientStr(DBT_CryptLockedSGmt_), tstr );
+
+ } else if (( newpasswd = dsgw_get_cgi_var( "newpasswd",
+ DSGW_CGIVAR_OPTIONAL )) == NULL ) {
+ return( LDAP_SUCCESS ); /* not setting password -- nothing to do */
+ }
+
+ lderr = LDAP_PARAM_ERROR; /* pessimistic */
+
+ if ( !adding_entry && ( bindpasswd = dsgw_get_cgi_var( "passwd",
+ DSGW_CGIVAR_OPTIONAL )) == NULL && require_oldpasswd( dn )) {
+ errstring = XP_GetClientStr(DBT_youMustProvideTheOldPassword_);
+ } else if ( !lockpasswd &&
+ (( newpasswdconfirm = dsgw_get_cgi_var( "newpasswdconfirm",
+ DSGW_CGIVAR_OPTIONAL )) == NULL || strcmp( newpasswd,
+ newpasswdconfirm ) != 0 )) {
+ errstring = XP_GetClientStr(DBT_theNewAndConfirmingPasswordsDoNo_);
+ } else {
+ addmodifyop( pmodsp, adding_entry ? LDAP_MOD_ADD : LDAP_MOD_REPLACE,
+ DSGW_ATTRTYPE_USERPASSWORD, newpasswd, strlen( newpasswd ));
+ *pwdchangedp = 1;
+ lderr = LDAP_SUCCESS;
+ }
+
+ if ( lderr != LDAP_SUCCESS ) {
+ dsgw_emitf( "<FONT SIZE=+1>\n%s\n</FONT>\n", errstring );
+ }
+
+ return( lderr );
+}
+
+
+static void
+modify_error( int lderr, char *lderrtxt )
+{
+ dsgw_error( DSGW_ERR_LDAPGENERAL, dsgw_ldaperr2string( lderr ),
+ ( display_results_inline ? DSGW_ERROPT_INLINE : 0 ),
+ lderr, lderrtxt );
+}
+
+
+/*
+ * this "addmodifyop" routine is lifted with minor changes from
+ * ldap/tools/ldapmodify.c
+ */
+static void
+addmodifyop( LDAPMod ***pmodsp, int modop, char *attr, char *value, int vlen )
+{
+ LDAPMod **pmods;
+ int i, j;
+ struct berval *bvp;
+
+ if ( attr == NULL || *attr == '\0' ) {
+ return;
+ }
+
+ pmods = *pmodsp;
+ modop |= LDAP_MOD_BVALUES;
+
+ i = 0;
+ if ( pmods != NULL ) {
+ for ( ; pmods[ i ] != NULL && pmods[ i ]->mod_type != NULL; ++i ) {
+ if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 &&
+ pmods[ i ]->mod_op == modop ) {
+ break;
+ }
+ }
+ }
+
+ if ( pmods == NULL || pmods[ i ] == NULL ) {
+ pmods = (LDAPMod **)dsgw_ch_realloc( pmods, (i + 2) *
+ sizeof( LDAPMod * ));
+ *pmodsp = pmods;
+ pmods[ i + 1 ] = NULL;
+ pmods[ i ] = (LDAPMod *)dsgw_ch_malloc( sizeof( LDAPMod ));
+ memset( pmods[ i ], 0, sizeof( LDAPMod ));
+ pmods[ i ]->mod_op = modop;
+ pmods[ i ]->mod_type = dsgw_ch_strdup( attr );
+ }
+
+ if ( value != NULL ) {
+ j = 0;
+ if ( pmods[ i ]->mod_bvalues != NULL ) {
+ for ( ; pmods[ i ]->mod_bvalues[ j ] != NULL; ++j ) {
+ ;
+ }
+ }
+ pmods[ i ]->mod_bvalues =
+ (struct berval **)dsgw_ch_realloc( pmods[ i ]->mod_bvalues,
+ (j + 2) * sizeof( struct berval * ));
+ pmods[ i ]->mod_bvalues[ j + 1 ] = NULL;
+ bvp = (struct berval *)dsgw_ch_malloc( sizeof( struct berval ));
+ pmods[ i ]->mod_bvalues[ j ] = bvp;
+
+ bvp->bv_len = vlen;
+ bvp->bv_val = (char *)dsgw_ch_malloc( vlen + 1 );
+ memcpy( bvp->bv_val, value, vlen );
+ bvp->bv_val[ vlen ] = '\0';
+ }
+}
+
+
+/* remove all modify ops that refer to "attr" */
+static void
+remove_modifyops( LDAPMod **pmods, char *attr )
+{
+ int i, found_attr;
+
+ if ( pmods == NULL ) {
+ return;
+ }
+
+ do {
+ found_attr = 0;
+ for ( i = 0 ; pmods[ i ] != NULL; ++i ) {
+ if ( strcasecmp( pmods[ i ]->mod_type, attr ) == 0 ) {
+ found_attr = 1;
+ break;
+ }
+ }
+
+ if ( found_attr ) {
+ if ( pmods[ i ]->mod_bvalues != NULL ) {
+ ber_bvecfree( pmods[ i ]->mod_bvalues );
+ }
+ free( pmods[ i ] );
+
+ for ( ; pmods[ i + 1 ] != NULL; ++i ) {
+ pmods[ i ] = pmods[ i + 1 ];
+ }
+ pmods[ i ] = NULL;
+ }
+
+ } while ( found_attr );
+}
+
+
+static int
+starts_with( char *s, char *startswith )
+{
+ int len;
+
+ len = strlen( startswith );
+ return ( strlen( s ) > len && strncmp( s, startswith, len ) == 0 );
+}
+
+
+/*
+ * there is one value in "postedval" but newlines must be changed to "$",
+ * '$' characters must be changed to \24, and '\' chars. changed to \5C
+ */
+static char **
+post2multilinevals( char *postedval )
+{
+ int specials;
+ char *p, *r, **vals;
+
+ vals = dsgw_ch_malloc( 2 * sizeof( char * ));
+ vals[ 1 ] = NULL;
+
+ specials = 0;
+ for ( p = postedval; *p != '\0'; ++p ) {
+ if ( *p == '$' || *p == '\\' || *p == '\n' || *p == '\r') {
+ ++specials;
+ }
+ }
+
+ /* allocate enough room to handle any necessary escaping */
+ r = vals[ 0 ] = dsgw_ch_malloc( 2 * specials + strlen( postedval ) + 1 );
+
+ /* copy and escape as appropriate */
+ for ( p = postedval; *p != '\0'; ++p ) {
+ if ( *p == '\n' || *p == '\r' ) { /* change to "$" */
+ *r++ = '$';
+ if ( *(p+1) != '\0' && *(p+1) != *p &&
+ ( *(p+1) == '\n' || *(p+1) == '\r' )) {
+ ++p; /* skip next char. if sequence is "\r\n" or "\n\r" */
+ }
+ } else if ( *p == '$' ) { /* change to "\24" */
+ *r++ = '\\';
+ *r++ = '2';
+ *r++ = '4';
+ } else {
+ *r++ = *p;
+ if ( *p == '\\' ) { /* change to "\5C" */
+ *r++ = '5';
+ *r++ = 'C';
+ }
+ }
+ }
+
+ *r = '\0';
+
+ return( vals );
+}
+
+
+/* values are delimited by newlines, preceded by optional carriage returns */
+static char **
+post2vals( char *postedval )
+{
+ int count, len;
+ char *p, *q, **vals;
+
+ vals = NULL;
+
+ count = 0;
+ for ( p = postedval; p != NULL && *p != '\0'; p = q ) {
+ /* skip any leading CRs or NLs */
+ while (( *p == '\n' || *p == '\r' ) && *p != '\0' ) {
+ ++p;
+ }
+ if ( *p == '\0' ) {
+ break;
+ }
+
+ /* find end of this line */
+ if (( q = strchr( p, '\n' )) != NULL ) {
+ *q++ = '\0';
+ }
+
+ /* remove CR, if any */
+ len = strlen( p ) - 1;
+ if ( p[ len ] == '\r' ) {
+ p[ len ] = '\0';
+ }
+
+ /* add to values array */
+ vals = dsgw_ch_realloc( vals, ( count + 2 ) * sizeof( char * ));
+ vals[ count++ ] = p;
+ }
+ vals[ count ] = NULL;
+
+ return( vals );
+}
+
+
+/*
+ * Determine if we should insist that the old password for the entry
+ * we are modifying (modifydn) be POSTed. The rule we use is simply
+ * this: if the binddn and modifydn are the same, require the old
+ * password. This allows directory admins. to reset passwords while
+ * preventing normal users from having their password changed if they
+ * just happen to walk away from their computer for a while when they
+ * are authenticated to the gateway.
+ */
+static int
+require_oldpasswd( char *modifydn )
+{
+ return( dsgw_bound_as_dn( modifydn, 1 ));
+}
+
+
+/*
+ * search directory to find out if an attribute value is unique. If the
+ * value doesn't already exist or if it exists only in the same entry we
+ * are changing, we return LDAP_SUCCESS. If it does exist, we return
+ * LDAP_TYPE_OR_VALUE_EXISTS. If some other error occurs, we return another
+ * LDAP error code.
+ */
+static int
+value_is_unique( LDAP *ld, char *dn, char *attr, char *value )
+{
+ int rc, count;
+ char *attrs[2], *buf, *tmpdn, *attrdesc, *errmsg = NULL;
+ LDAPMessage *res, *e;
+
+ /* allocate room for "(attr=value)" filter */
+ buf = dsgw_ch_malloc( strlen( attr ) + strlen( value ) + 4 );
+ sprintf( buf, "(%s=%s)", attr, value );
+
+ attrs[ 0 ] = attr;
+ attrs[ 1 ] = NULL;
+
+ rc = ldap_search_s( ld, gc->gc_ldapsearchbase, LDAP_SCOPE_SUBTREE,
+ buf, attrs, 1, &res );
+ free( buf );
+
+ if ( rc != LDAP_SUCCESS || res == NULL ) {
+ (void)ldap_get_lderrno( ld, NULL, &errmsg );
+ modify_error( rc, errmsg );
+ return( rc );
+ }
+
+ if (( count = ldap_count_entries( ld, res )) == 0 ) {
+ rc = LDAP_SUCCESS;
+ } else if ( count > 1 ) {
+ rc = LDAP_TYPE_OR_VALUE_EXISTS;
+ } else { /* found one entry: see if it is the entry we are modifying */
+ if (( e = ldap_first_entry( ld, res )) == NULL ||
+ ( tmpdn = ldap_get_dn( ld, e )) == NULL ) {
+ rc = ldap_get_lderrno( ld, NULL, NULL );
+ } else if ( dsgw_dn_cmp( dn, tmpdn ) != 0 ) {
+ rc = LDAP_SUCCESS; /* same entry */
+ } else {
+ rc = LDAP_TYPE_OR_VALUE_EXISTS;
+ }
+ }
+
+ ldap_msgfree( res );
+
+ if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
+ buf = dsgw_ch_malloc( strlen( attr ) + 6 ); /* room for "desc_" */
+ sprintf( buf, "desc_%s", attr );
+ if (( attrdesc = dsgw_get_cgi_var( buf, DSGW_CGIVAR_OPTIONAL ))
+ == NULL ) {
+ attrdesc = attr;
+ }
+ free( buf );
+
+ dsgw_emits( "\n<FONT SIZE=+1>\n" );
+ dsgw_emitf( XP_GetClientStr(DBT_BrTheSBSBIsAlreadyInUsePleaseCho_), attrdesc, value );
+ dsgw_emits( "\n</FONT>\n" );
+ }
+
+ return( rc );
+}
+
+
+/*
+ * Check that the domain:userid is unique in the directory.
+ */
+static LDAPDomainIdStatus
+dsgw_checkdomain_uniqueness( LDAP *ld, char *attr, char *val, int len)
+{
+ int rc, count;
+ LDAPMessage *msgp = NULL;
+ char filter[256];
+
+ if( val == NULL )
+ return LDAPDomainIdStatus_NullId;
+
+ if( strcasecmp( attr, DSGW_ATTRTYPE_NTUSERDOMAINID ) == 0 ) {
+ PR_snprintf( filter, 256, "%s=%s", DSGW_ATTRTYPE_NTUSERDOMAINID, val );
+ } else if ( strcasecmp( attr, DSGW_ATTRTYPE_NTGROUPDOMAINID ) == 0 ) {
+ PR_snprintf( filter, 256, "%s=%s", DSGW_ATTRTYPE_NTGROUPDOMAINID, val );
+ } else {
+ return LDAPDomainIdStatus_NullAttr;
+ }
+
+ if (( rc = ldap_search_s( ld, gc->gc_ldapsearchbase, LDAP_SCOPE_SUBTREE,
+ filter, NULL, 0, &msgp )) == LDAP_SUCCESS) {
+ count = (msgp == NULL) ? 0 : ldap_count_entries( ld, msgp );
+ if ( count > 0 ) {
+ return LDAPDomainIdStatus_Nonunique;
+ } else {
+ return LDAPDomainIdStatus_Unique;
+ }
+ } else {
+ return LDAPDomainIdStatus_Nonunique;
+ }
+}
+
+
+/*
+ * Add the current value of uid in the entry to the ntdomain id before
+ * further processing of the domain id.
+ */
+static char *
+dsgw_processdomainid( LDAP *ld, char *dn, char *attr, char *val, int len)
+{
+ int rc, count;
+ LDAPMessage *msgp = NULL;
+ LDAPMessage *entry;
+ char **attrlist, *attrs[ 2 ];
+ char *value, *newval;
+ char *pch, **vals;
+
+ if( strcasecmp( attr, DSGW_ATTRTYPE_NTUSERDOMAINID ) != 0 &&
+ strcasecmp( attr, DSGW_ATTRTYPE_NTGROUPDOMAINID ) != 0 )
+ return( NULL );
+
+ attrs[ 0 ] = NULL;
+ attrs[ 1 ] = NULL;
+ attrlist = attrs;
+
+ if(( rc = ldap_search_s( ld, dn, LDAP_SCOPE_BASE, "(objectclass=*)", attrlist,
+ 0, &msgp )) != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT)
+ {
+ return( NULL );
+ }
+
+ count = (msgp == NULL) ? 0 : ldap_count_entries( ld, msgp );
+
+ if( count > 0 )
+ {
+ entry = ldap_first_entry( ld, msgp );
+ if( entry )
+ {
+
+ if(( vals = ldap_get_values( ld, entry,
+ strcasecmp( attr, DSGW_ATTRTYPE_NTUSERDOMAINID )?
+ DSGW_ATTRTYPE_NTGROUPDOMAINID :
+ DSGW_ATTRTYPE_NTUSERDOMAINID )) != NULL)
+ {
+ if( vals[0] != NULL )
+ {
+ value = dsgw_ch_strdup( vals[0] );
+ newval = dsgw_ch_malloc( len + strlen( value ) +1 );
+ strcpy( newval, val );
+ pch = strchr( value, DSGW_NTDOMAINID_SEP );
+ if( pch )
+ {
+ strcat( newval, pch );
+ return( newval );
+ }
+ }
+ }
+ }
+ }
+ return NULL;
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
generated by cgit (git 2.34.1) at 2025-07-09 21:10:33 +0000