PERFORCE change 103180 for review
Michael Bushkov
bushman at FreeBSD.org
Fri Aug 4 17:13:57 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=103180
Change 103180 by bushman at bushman_nss_ldap_cached on 2006/08/04 17:13:37
Support for SASL authentication added
+ Most of the configuration options are now supported
+ A lot of minor enhancements.
Affected files ...
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#3 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#3 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#7 edit
Differences ...
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#7 (text+ko) ====
@@ -2,11 +2,10 @@
.include <bsd.own.mk>
-PROG= nss_ldap
-#LIB= nss_ldap
-#SHLIB_MAJOR= 1
-#SHLIB_NAME= nss_ldap.so.${SHLIB_MAJOR}
-#SHLIBDIR?= /lib
+LIB= nss_ldap
+SHLIB_MAJOR= 1
+SHLIB_NAME= nss_ldap.so.${SHLIB_MAJOR}
+SHLIBDIR?= /lib
SRCS= nss_ldap.c ldap_group.c ldap_passwd.c ldap_serv.c ldapconn.c\
ldapconf.c ldapschema.c ldapsearch.c ldaptls.c ldaputil.c
@@ -14,11 +13,10 @@
CFLAGS+=-DINET6
CFLAGS+=-g
-LDADD+= -lnssutil -lldap
+LDADD+= -lnssutil -lldap -lsasl2
LDFLAGS+= -L${.OBJDIR}/../libnssutil -L/usr/local/lib
-INCS=
+INCS=
MAN=
-#.include <bsd.lib.mk>
-.include <bsd.prog.mk>
+.include <bsd.lib.mk>
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#6 (text+ko) ====
@@ -30,6 +30,7 @@
__FBSDID("$FreeBSD$");
#include <assert.h>
+#include <errno.h>
#include <nsswitch.h>
#include <ldap.h>
#include <grp.h>
@@ -41,7 +42,16 @@
#include "ldapconf.h"
#include "nss_ldap.h"
-static int
+static int nss_ldap_parse_group(struct nss_ldap_parse_context *);
+
+static int ldap_getgrnam_r(const char *, struct group *, char *, size_t,
+ struct group **);
+static int ldap_getgrgid_r(gid_t, struct group *, char *, size_t,
+ struct group **);
+static int ldap_getgrent_r(struct group *, char *, size_t, struct group **);
+static void ldap_setgrent();
+
+static int
nss_ldap_parse_group(struct nss_ldap_parse_context *pctx)
{
struct nss_ldap_schema *schema;
@@ -99,114 +109,9 @@
errfin:
return (rv);
-/*
-
- if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
- {
- groupMembers = groupMembersBuffer;
- groupMembersCount = 0;
- groupMembersBufferSize = sizeof (groupMembers);
- groupMembersBufferIsMalloced = 0;
- depth = 0;
-
- stat = do_parse_group_members (e, &groupMembers, &groupMembersCount,
- &groupMembersBufferSize,
- &groupMembersBufferIsMalloced, &buffer,
- &buflen, &depth, &knownGroups);
- if (stat != NSS_SUCCESS)
- {
- if (groupMembersBufferIsMalloced)
- free (groupMembers);
- _nss_ldap_namelist_destroy (&knownGroups);
- return stat;
- }
-
- stat = do_fix_group_members_buffer (groupMembers, groupMembersCount,
- &gr->gr_mem, &buffer, &buflen);
-
- if (groupMembersBufferIsMalloced)
- free (groupMembers);
- _nss_ldap_namelist_destroy (&knownGroups);
- }
- else
- {
- stat =
- _nss_ldap_assign_attrvals (e, ATM (LM_GROUP, memberUid), NULL,
- &gr->gr_mem, &buffer, &buflen, NULL);
- }
-
- return stat;*/
-
-/* sctx = pctx->sctx;
- pwd = (struct passwd *)pctx->mdata;
- buf = pctx->buffer;
- buflen = pctx->bufsize;
-
- schema = &sctx->conf->schema;
-
- printf("==> %d %s\n", __LINE__, __FILE__);
- rv = __nss_ldap_assign_attr_str(sctx,
- _ATM(schema, PASSWD, uid),
- &pwd->pw_name, &len, buf, buflen);
- if (rv != 0)
- goto errfin;
- buflen -= len;
- buf += len;
-
- printf("==> %d %s\n", __LINE__, __FILE__);
- rv = __nss_ldap_assign_attr_uid(sctx,
- _AT(schema, uidNumber),
- &pwd->pw_uid);
- if (rv != 0)
- goto errfin;
-
- printf("==> %d %s\n", __LINE__, __FILE__);
- rv = __nss_ldap_assign_attr_str(sctx,
- _AT(schema, gecos),
- &pwd->pw_gecos, &len, buf, buflen);
- if (rv != 0) {
- pwd->pw_gecos = NULL;
- rv = __nss_ldap_assign_attr_str(sctx,
- _ATM(schema, PASSWD, cn),
- &pwd->pw_gecos, &len, buf, buflen);
- }
-
- if (rv != 0)
- goto errfin;
- buflen -= len;
- buf += len;
-
- printf("==> %d %s\n", __LINE__, __FILE__);
- rv = __nss_ldap_assign_attr_str(sctx,
- _AT(schema, homeDirectory),
- &pwd->pw_dir, &len, buf, buflen);
- if (rv != 0)
- rv = __nss_ldap_assign_str("", &pwd->pw_dir, &len, buf,
- buflen);
- if (rv != 0)
- goto errfin;
- buflen -= len;
- buf += len;
-
- printf("==> %d %s\n", __LINE__, __FILE__);
- rv = __nss_ldap_assign_attr_str(sctx,
- _AT(schema, loginShell),
- &pwd->pw_shell, &len, buf, buflen);
- if (rv != 0)
- rv = __nss_ldap_assign_str("", &pwd->pw_shell, &len, buf,
- buflen);
- if (rv != 0)
- goto errfin;
- buflen -= len;
- buf += len;
-
-fin:
- return (0);
-
-errfin:*/
}
-int
+static int
ldap_getgrnam_r(const char *name, struct group *grp,
char *buffer, size_t bufsize, struct group **result)
{
@@ -231,7 +136,7 @@
return (rv);
}
-int
+static int
ldap_getgrgid_r(gid_t gid, struct group *grp,
char *buffer, size_t bufsize, struct group **result)
{
@@ -256,7 +161,7 @@
return (rv);
}
-int
+static int
ldap_getgrent_r(struct group *grp, char *buffer, size_t bufsize,
struct group **result)
{
@@ -277,22 +182,77 @@
return (rv);
}
-void
+static void
ldap_setgrent()
{
__nss_ldap_setent(NSS_LDAP_MAP_GROUP);
}
-
int
-__ldap_setgrpent(void *retval, void *mdata, va_list ap)
+__ldap_setgrent(void *retval, void *mdata, va_list ap)
{
+
+ ldap_setgrent();
return (NS_UNAVAIL);
}
int
__ldap_group(void *retval, void *mdata, va_list ap)
{
- return (NS_UNAVAIL);
+ struct group *grp, *result;
+ char *buffer;
+ size_t bufsize;
+ int *errnop;
+
+ char *name;
+ gid_t gid;
+
+ int rv;
+
+ assert(mdata != NULL);
+
+ switch ((enum nss_lookup_type)mdata) {
+ case nss_lt_name:
+ printf("GGG %s %d\n", __FILE__, __LINE__);
+ name = va_arg(ap, char *);
+ break;
+ case nss_lt_id:
+ printf("GGG %s %d\n", __FILE__, __LINE__);
+ gid = va_arg(ap, gid_t);
+ break;
+ case nss_lt_all:
+ printf("GGG %s %d\n", __FILE__, __LINE__);
+ break;
+ default:
+ /* CONSIDERED UNREACHABLE */
+ return (NS_UNAVAIL);
+ }
+
+ grp = va_arg(ap, struct group *);
+ buffer = va_arg(ap, char *);
+ bufsize = va_arg(ap, size_t);
+ errnop = va_arg(ap, int *);
+
+ switch ((enum nss_lookup_type)mdata) {
+ case nss_lt_name:
+ rv = ldap_getgrnam_r(name, grp, buffer, bufsize, &result);
+ break;
+ case nss_lt_id:
+ rv = ldap_getgrgid_r(gid, grp, buffer, bufsize, &result);
+ break;
+ case nss_lt_all:
+ rv = ldap_getgrent_r(grp, buffer, bufsize, &result);
+ break;
+ default:
+ break;
+ }
+
+ if ((rv == NS_SUCCESS) && (retval != NULL))
+ *(struct group **)retval = result;
+
+ if ((rv != NS_SUCCESS) && (rv != NS_NOTFOUND))
+ *errnop = errno;
+
+ return (rv);
}
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#6 (text+ko) ====
@@ -29,18 +29,6 @@
#ifndef _LDAP_GROUP_H_
#define _LDAP_GROUP_H_
-int
-ldap_getgrnam_r(const char *name, struct group *grp,
- char *buffer, size_t bufsize, struct group **result);
-int
-ldap_getgrgid_r(gid_t gid, struct group *grp,
- char *buffer, size_t bufsize, struct group **result);
-int
-ldap_getgrent_r(struct group *grp, char *buffer, size_t bufsize,
- struct group **result);
-void
-ldap_setgrent();
-
extern int __ldap_setgrent(void *, void *, va_list);
extern int __ldap_group(void *, void *, va_list);
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#7 (text+ko) ====
@@ -25,11 +25,11 @@
*
*/
-
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <assert.h>
+#include <errno.h>
#include <nsswitch.h>
#include <ldap.h>
#include <pwd.h>
@@ -41,8 +41,15 @@
#include "ldapconf.h"
#include "nss_ldap.h"
-//static int nss_ldap_parse_passwd(struct nss_ldap_parse_context *,
-// struct nss_ldap_search_context *);
+static int nss_ldap_parse_passwd(struct nss_ldap_parse_context *);
+
+static int ldap_getpwnam_r(const char *, struct passwd *, char *, size_t,
+ struct passwd **);
+static int ldap_getpwuid_r(uid_t, struct passwd *, char *, size_t,
+ struct passwd **);
+static int ldap_getpwent_r(struct passwd *, char *, size_t, struct passwd **);
+static void ldap_setpwent();
+
static int
nss_ldap_parse_passwd(struct nss_ldap_parse_context *pctx)
{
@@ -128,6 +135,18 @@
buflen -= len;
buf += len;
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_str(sctx,
+ _AT(schema, loginClass),
+ &pwd->pw_class, &len, buf, buflen);
+ if (rv != NSS_LDAP_SUCCESS)
+ rv = __nss_ldap_assign_str("", &pwd->pw_class, &len, buf,
+ buflen);
+ if (rv != NSS_LDAP_SUCCESS)
+ goto errfin;
+ buflen -= len;
+ buf += len;
+
printf("==> %d %s\n", __LINE__, __FILE__);
rv = __nss_ldap_assign_attr_uid(sctx,
_AT(schema, uidNumber),
@@ -164,12 +183,12 @@
else
pwd->pw_expire = 0;
- rv = NS_SUCCESS;
+ rv = NSS_LDAP_SUCCESS;
errfin:
return (rv);
}
-int
+static int
ldap_getpwnam_r(const char *name, struct passwd *pwd,
char *buffer, size_t bufsize, struct passwd **result)
{
@@ -194,7 +213,7 @@
return (rv);
}
-int
+static int
ldap_getpwuid_r(uid_t uid, struct passwd *pwd,
char *buffer, size_t bufsize, struct passwd **result)
{
@@ -219,7 +238,7 @@
return (rv);
}
-int
+static int
ldap_getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
struct passwd **result)
{
@@ -240,7 +259,7 @@
return (rv);
}
-void
+static void
ldap_setpwent()
{
@@ -251,11 +270,64 @@
int
__ldap_setpwent(void *retval, void *mdata, va_list ap)
{
+
+ ldap_setpwent();
return (NS_UNAVAIL);
}
int
__ldap_passwd(void *retval, void *mdata, va_list ap)
{
- return (NS_UNAVAIL);
+ struct passwd *pwd, *result;
+ char *buffer;
+ size_t bufsize;
+ int *errnop;
+
+ char *name;
+ uid_t uid;
+
+ int rv;
+
+ assert(mdata != NULL);
+
+ switch ((enum nss_lookup_type)mdata) {
+ case nss_lt_name:
+ name = va_arg(ap, char *);
+ break;
+ case nss_lt_id:
+ uid = va_arg(ap, uid_t);
+ break;
+ case nss_lt_all:
+ break;
+ default:
+ /* CONSIDERED UNREACHABLE */
+ return (NS_UNAVAIL);
+ }
+
+ pwd = va_arg(ap, struct passwd *);
+ buffer = va_arg(ap, char *);
+ bufsize = va_arg(ap, size_t);
+ errnop = va_arg(ap, int *);
+
+ switch ((enum nss_lookup_type)mdata) {
+ case nss_lt_name:
+ rv = ldap_getpwnam_r(name, pwd, buffer, bufsize, &result);
+ break;
+ case nss_lt_id:
+ rv = ldap_getpwuid_r(uid, pwd, buffer, bufsize, &result);
+ break;
+ case nss_lt_all:
+ rv = ldap_getpwent_r(pwd, buffer, bufsize, &result);
+ break;
+ default:
+ break;
+ }
+
+ if ((rv == NS_SUCCESS) && (retval != NULL))
+ *(struct passwd **)retval = result;
+
+ if ((rv != NS_SUCCESS) && (rv != NS_NOTFOUND))
+ *errnop = errno;
+
+ return (rv);
}
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#7 (text+ko) ====
@@ -29,18 +29,6 @@
#ifndef _LDAP_PASSWD_H_
#define _LDAP_PASSWD_H_
-int
-ldap_getpwnam_r(const char *name, struct passwd *pwd,
- char *buffer, size_t bufsize, struct passwd **result);
-int
-ldap_getpwuid_r(uid_t uid, struct passwd *pwd,
- char *buffer, size_t bufsize, struct passwd **result);
-int
-ldap_getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
- struct passwd **result);
-void
-ldap_setpwent();
-
extern int __ldap_setpwent(void *, void *, va_list);
extern int __ldap_passwd(void *, void *, va_list);
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#3 (text+ko) ====
@@ -29,6 +29,7 @@
__FBSDID("$FreeBSD$");
#include <assert.h>
+#include <errno.h>
#include <nsswitch.h>
#include <ldap.h>
#include <netdb.h>
@@ -56,6 +57,17 @@
size_t count;
};
+static int nss_ldap_parse_servent(struct nss_ldap_parse_context *);
+static void nss_ldap_destroy_servent(struct nss_ldap_parse_context *);
+
+static int ldap_getservbyname_r(const char *, const char *, struct servent *,
+ char *, size_t, struct servent **);
+static int ldap_getservbyport_r(int, const char *, struct servent *,
+ char *, size_t, struct servent **);
+static int ldap_getservent_r(struct servent *, char *, size_t,
+ struct servent **);
+static void ldap_setservent();
+
static int
nss_ldap_parse_servent(struct nss_ldap_parse_context *pctx)
{
@@ -175,11 +187,12 @@
nss_ldap_destroy_servent(struct nss_ldap_parse_context *pctx)
{
+ printf("here - %s %d\n", __FILE__, __LINE__);
assert(pctx != NULL);
free(pctx->mdata_ext);
}
-int
+static int
ldap_getservbyname_r(const char *name, const char *proto, struct servent *serv,
char *buffer, size_t bufsize, struct servent **result)
{
@@ -215,7 +228,7 @@
return (rv);
}
-int
+static int
ldap_getservbyport_r(int port, const char *proto, struct servent *serv,
char *buffer, size_t bufsize, struct servent **result)
{
@@ -251,7 +264,7 @@
return (rv);
}
-int
+static int
ldap_getservent_r(struct servent *serv, char *buffer, size_t bufsize,
struct servent **result)
{
@@ -278,22 +291,77 @@
return (rv);
}
-void
+static void
ldap_setservent()
{
__nss_ldap_setent(NSS_LDAP_MAP_SERVICES);
}
-
int
__ldap_setservent(void *retval, void *mdata, va_list ap)
{
+
+ ldap_setservent();
return (NS_UNAVAIL);
}
int
__ldap_servent(void *retval, void *mdata, va_list ap)
{
- return (NS_UNAVAIL);
+ struct servent *serv, *result;
+ char *buffer;
+ size_t bufsize;
+ int *errnop;
+
+ char *name, *proto;
+ int port;
+ int rv;
+
+ assert(mdata != NULL);
+
+ switch ((enum nss_lookup_type)mdata) {
+ case nss_lt_name:
+ name = va_arg(ap, char *);
+ proto = va_arg(ap, char *);
+ break;
+ case nss_lt_id:
+ port = va_arg(ap, int);
+ proto = va_arg(ap, char *);
+ break;
+ case nss_lt_all:
+ break;
+ default:
+ /* CONSIDERED UNREACHABLE */
+ return (NS_UNAVAIL);
+ }
+
+ serv = va_arg(ap, struct servent *);
+ buffer = va_arg(ap, char *);
+ bufsize = va_arg(ap, size_t);
+ errnop = va_arg(ap, int *);
+
+ switch ((enum nss_lookup_type)mdata) {
+ case nss_lt_name:
+ rv = ldap_getservbyname_r(name, proto, serv, buffer, bufsize,
+ &result);
+ break;
+ case nss_lt_id:
+ rv = ldap_getservbyport_r(port, proto, serv, buffer, bufsize,
+ &result);
+ break;
+ case nss_lt_all:
+ rv = ldap_getservent_r(serv, buffer, bufsize, &result);
+ break;
+ default:
+ break;
+ }
+
+ if ((rv == NS_SUCCESS) && (retval != NULL))
+ *(struct servent **)retval = result;
+
+ if ((rv != NS_SUCCESS) && (rv != NS_NOTFOUND))
+ *errnop = errno;
+
+ return (rv);
}
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#3 (text+ko) ====
@@ -29,18 +29,6 @@
#ifndef _LDAP_SERV_H_
#define _LDAP_SERV_H_
-int
-ldap_getservbyname_r(const char *name, const char *proto, struct servent *serv,
- char *buffer, size_t bufsize, struct servent **result);
-int
-ldap_getservbyport_r(int port, const char *proto, struct servent *serv,
- char *buffer, size_t bufsize, struct servent **result);
-int
-ldap_getservent_r(struct servent *serv, char *buffer, size_t bufsize,
- struct servent **result);
-void
-ldap_setservent();
-
extern int __ldap_setservent(void *, void *, va_list);
extern int __ldap_servent(void *, void *, va_list);
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#7 (text+ko) ====
@@ -64,27 +64,39 @@
}
static int
-get_number(const char *str, int low, int max)
+get_number(const char *str, int low, int max, int *res)
{
-
char *end = NULL;
- int res = 0;
if (str[0] == '\0')
return (-1);
- res = strtol(str, &end, 10);
+ *res = strtol(str, &end, 10);
if (*end != '\0')
return (NSS_LDAP_PARSE_ERROR);
else
- if (((res >= low) || (low == -1)) &&
- ((res <= max) || (max == -1)))
- return (res);
+ if (((*res >= low) || (low == -1)) &&
+ ((*res <= max) || (max == -1)))
+ return (NSS_LDAP_SUCCESS);
else
return (NSS_LDAP_PARSE_ERROR);
}
static int
+get_yesno(const char *str, int *value)
+{
+ if (strcmp(str, "yes") == 0) {
+ *value = NSS_LDAP_OPTION_YES;
+ return (NSS_LDAP_SUCCESS);
+ } else if (strcmp(str, "no") == 0) {
+ *value = NSS_LDAP_OPTION_NO;
+ return (NSS_LDAP_SUCCESS);
+ }
+
+ return (NSS_LDAP_PARSE_ERROR);
+}
+
+static int
set_base_map(struct nss_ldap_configuration *conf,
char const *left_arg, char const *right_arg)
{
@@ -137,23 +149,31 @@
assert(conf != NULL);
memset(conf, 0, sizeof(struct nss_ldap_configuration));
- conf->host = strdup("ident2.r61.net ident1.r61.net");
- assert(conf->host != NULL);
-
conf->port = LDAP_PORT;
conf->proto_version = NSS_LDAP_PROTO_VERSION_3;
conf->ssl_mode = NSS_LDAP_SSL_OFF;//NSS_LDAP_SSL_START_TLS;
+ conf->search_limit = 0;
+ conf->bind_timelimit = 30;
+ conf->idle_timelimit = 0;
+ conf->search_timelimit = 0;
+ conf->reconnect_sleeptime = 4;
+ conf->max_reconnect_sleeptime = 64;
+ conf->max_conntries = 5;
+ conf->max_reconnect_conntries = 2;
+ conf->deref = NSS_LDAP_DEREF_NEVER;
+ conf->scope = NSS_LDAP_SCOPE_SUB;
+ conf->bind_policy = NSS_LDAP_BIND_POLICY_HARD_OPEN;
+ conf->connect_policy = NSS_LDAP_CONNECT_POLICY_PERSIST_PERTHREAD;
+ conf->restart = 0;
+ conf->debug = 0;
- conf->bind_dn = strdup(
- "uid=nssproxy,ou=Users,ou=LDAPAccess,ou=Domains,dc=r61,dc=net");
+ conf->root_bind_dn = conf->bind_dn = strdup("");
assert(conf->bind_dn != NULL);
-
- conf->root_bind_dn = strdup(conf->bind_dn);
- assert(conf->root_bind_dn != NULL);
-
- conf->bind_pw = strdup("[passwd]");
+ conf->root_bind_pw = conf->bind_pw = strdup("");
assert(conf->bind_pw != NULL);
-
+ conf->root_sasl_authid = conf->sasl_authid = strdup("");
+ assert(conf->sasl_authid != NULL);
+
//__nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method);
__nss_ldap_init_simple_auth_method(&conf->connection_method);
__nss_ldap_init_default_search_method(&conf->search_method);
@@ -166,9 +186,9 @@
{
FILE *fin;
char buffer[1024];
- char *fields[16];
+ char *fields[16], *str;
int field_count, line_num, value;
- int i, res;
+ int i, res, rv;
assert(conf != NULL);
assert(fname != NULL);
@@ -195,18 +215,6 @@
case '\0':
printf("== %s, %d ==\n", __FILE__, __LINE__);
continue;
- case 'h':
- printf("== %s, %d ==\n", __FILE__, __LINE__);
- if (strcmp(fields[0], "host") == 0) {
- /* TODO: add support for multiple hosts */
- if (field_count >= 2) {
- free(conf->host);
- conf->host = strdup(fields[1]);
- assert(conf->host != NULL);
- continue;
- }
- }
- break;
case 'b':
printf("== %s, %d ==\n", __FILE__, __LINE__);
if (strcmp(fields[0], "base") == 0) {
@@ -230,8 +238,100 @@
assert(conf->bind_pw != NULL);
continue;
}
+ } else if (strcmp(fields[0], "bind_timelimit") == 0) {
+ if ((field_count == 2) &&
+ (get_number(fields[1], 0, -1, &value) ==
+ NSS_LDAP_SUCCESS)) {
+ conf->bind_timelimit = value;
+ continue;
+ }
+ } else if (strcmp(fields[0], "bind_policy") == 0) {
+ if (field_count == 2) {
+ if (strcmp(fields[1], "hard_open") == 0) {
+ conf->bind_policy =
+ NSS_LDAP_BIND_POLICY_HARD_OPEN;
+ continue;
+ } else if (strcmp(fields[1], "hard_init") == 0) {
+ conf->bind_policy =
+ NSS_LDAP_BIND_POLICY_HARD_INIT;
+ continue;
+ } else if (strcmp(fields[1], "soft") == 0) {
+ conf->bind_policy =
+ NSS_LDAP_BIND_POLICY_SOFT;
+ continue;
+ }
+ }
}
break;
+ case 'd':
+ if (strcmp(fields[0], "deref") == 0) {
+ if (field_count == 2) {
+ if (strcmp(fields[1], "never") == 0) {
+ conf->deref = NSS_LDAP_DEREF_NEVER;
+ continue;
+ } else if (strcmp(fields[1],
+ "searching") == 0) {
+ conf->deref = NSS_LDAP_DEREF_SEARCHING;
+ continue;
+ } else if (strcmp(fields[1], "finding") == 0) {
+ conf->deref = NSS_LDAP_DEREF_FINDING;
+ continue;
+ } else if (strcmp(fields[1], "always") == 0) {
+ conf->deref = NSS_LDAP_DEREF_ALWAYS;
+ continue;
+ }
+ }
+ } else if (strcmp(fields[0], "debug") == 0) {
+ if ((field_count == 2) &&
+ (get_number(fields[1], 0, -1, &value) ==
+ NSS_LDAP_SUCCESS)) {
+ conf->debug = value;
+ continue;
+ }
+ }
+ break;
+ case 'h':
+ printf("== %s, %d ==\n", __FILE__, __LINE__);
+ if (strcmp(fields[0], "host") == 0) {
+ if (field_count >= 2) {
+ if (conf->hosts != NULL)
+ sl_free(conf->hosts, 1);
+
+ conf->hosts = sl_init();
+ assert(conf->hosts != NULL);
+
+ for (i = 1; i < field_count; ++i) {
+ str = strdup(fields[i]);
+ assert(str != NULL);
+ rv = sl_add(conf->hosts, str);
+ if (rv != 0) {
+ /* TODO: write to logs */
+ }
+ }
+ continue;
+ }
+ }
+ break;
+ case 'i':
+ if (strcmp(fields[0], "idle_timelimit") == 0) {
+ if ((field_count == 2) &&
+ (get_number(fields[1], 0, -1, &value) ==
+ NSS_LDAP_SUCCESS)) {
+ conf->idle_timelimit = value;
+ continue;
+ }
+ }
+ break;
+ case 'k':
+ if (strcmp(fields[0], "krb5_ccname") == 0) {
+ if (field_count == 2) {
+ free(conf->krb5_ccname);
+ conf->krb5_ccname = strdup(fields[1]);
+ assert(conf->krb5_ccname != NULL);
+ continue;
+ }
+ }
+ break;
case 'l':
printf("== %s, %d ==\n", __FILE__, __LINE__);
/* NOTE: we'd probably better use
@@ -239,11 +339,18 @@
* NSS_LDAP_PROTO_VERSION_3 constants here */
if (strcmp(fields[0], "ldap-version") == 0) {
if ((field_count == 2) &&
- (value = get_number(fields[1], 2, 3) ==
+ (get_number(fields[1], 2, 3, &value) ==
NSS_LDAP_SUCCESS)) {
conf->proto_version = value;
continue;
}
+ } else if (strcmp(fields[0], "logdir") == 0) {
+ if (field_count == 2) {
+ free(conf->logdir);
+ conf->logdir = strdup(fields[1]);
+ assert(conf->logdir);
+ continue;
+ }
}
break;
case 'n':
@@ -282,13 +389,30 @@
fields[1],
fields[2]) == NSS_LDAP_SUCCESS))
continue;
+ } else if (strcmp(fields[0], "nss_connect_policy") == 0) {
+ if (field_count == 2) {
+ if ((strcmp(fields[1], "persist") == 0) ||
+ (strcmp(fields[1], "persist_per_thread") == 0)) {
+ conf->connect_policy =
+ NSS_LDAP_CONNECT_POLICY_PERSIST_PERTHREAD;
+ continue;
+ } else if (strcmp(fields[1], "persist_per_process") == 0) {
+ conf->connect_policy =
+ NSS_LDAP_CONNECT_POLICY_PERSIST_PERPROCESS;
+ continue;
+ } else if (strcmp(fields[1], "oneshot") == 0) {
+ conf->connect_policy =
+ NSS_LDAP_CONNECT_POLICY_ONESHOT;
+ continue;
+ }
+ }
}
break;
case 'p':
printf("== %s, %d ==\n", __FILE__, __LINE__);
if (strcmp(fields[0], "port") == 0) {
if ((field_count == 2) &&
- (value = get_number(fields[1], 0, -1) ==
+ (get_number(fields[1], 0, -1, &value) ==
NSS_LDAP_SUCCESS)) {
conf->port = value;
continue;
@@ -304,11 +428,53 @@
assert(conf->root_bind_dn != NULL);
continue;
}
- }
+ } else if (strcmp(fields[0], "rootbindpw") == 0) {
+ if (field_count == 2) {
+ free(conf->root_bind_pw);
+ conf->root_bind_pw = strdup(fields[1]);
+ assert(conf->root_bind_pw != NULL);
+ continue;
+ }
+ } else if (strcmp(fields[0], "restart") == 0) {
+ if ((field_count == 2) &&
+ (get_yesno(fields[2], &value) ==
+ NSS_LDAP_SUCCESS))
+ conf->restart = value;
+ } else if (strcmp(fields[0], "referrals") == 0) {
+ if ((field_count == 2) &&
+ (get_yesno(fields[2], &value) ==
+ NSS_LDAP_SUCCESS))
+ conf->referrals = value;
+ } else if (strcmp(fields[0], "rootuse_sasl") == 0) {
+ if ((field_count == 2) &&
+ (get_yesno(fields[2], &value) ==
+ NSS_LDAP_SUCCESS))
+ conf->root_use_sasl = value;
+ } else if (strcmp(fields[0], "rootsasl_auth_id") == 0) {
+ if (field_count == 2) {
+ free(conf->root_sasl_authid);
+ conf->root_sasl_authid = strdup(fields[1]);
+ assert(conf->root_sasl_authid != NULL);
+ continue;
+ }
+ }
break;
case 's':
printf("== %s, %d ==\n", __FILE__, __LINE__);
- if (strcmp(fields[0], "ssl") == 0) {
+ if (strcmp(fields[0], "scope") == 0) {
+ if (field_count == 2) {
+ if (strcmp(fields[1], "sub") == 0) {
+ conf->scope = NSS_LDAP_SCOPE_SUB;
+ continue;
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list