PERFORCE change 103352 for review
Michael Bushkov
bushman at FreeBSD.org
Sun Aug 6 18:18:02 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=103352
Change 103352 by bushman at bushman_nss_ldap_cached on 2006/08/06 18:17:25
Testing of the SSL features made, after-fork-problems testing made, SASL testing made (not full yet)
A lot of minor bugs fixed during testing.
Thraded stress test is yet to go.
Affected files ...
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#4 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#4 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#7 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#8 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#8 edit
Differences ...
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#8 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#7 (text+ko) ====
@@ -192,7 +192,10 @@
int
__ldap_setgrent(void *retval, void *mdata, va_list ap)
{
-
+
+ if (__nss_ldap_configure() != NSS_LDAP_SUCCESS)
+ return (NS_UNAVAIL);
+
ldap_setgrent();
return (NS_UNAVAIL);
}
@@ -212,6 +215,9 @@
assert(mdata != NULL);
+ if (__nss_ldap_configure() != NSS_LDAP_SUCCESS)
+ return (NS_UNAVAIL);
+
switch ((enum nss_lookup_type)mdata) {
case nss_lt_name:
printf("GGG %s %d\n", __FILE__, __LINE__);
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#7 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#8 (text+ko) ====
@@ -270,7 +270,9 @@
int
__ldap_setpwent(void *retval, void *mdata, va_list ap)
{
-
+ if (__nss_ldap_configure() != NSS_LDAP_SUCCESS)
+ return (NS_UNAVAIL);
+
ldap_setpwent();
return (NS_UNAVAIL);
}
@@ -290,6 +292,9 @@
assert(mdata != NULL);
+ if (__nss_ldap_configure() != NSS_LDAP_SUCCESS)
+ return (NS_UNAVAIL);
+
switch ((enum nss_lookup_type)mdata) {
case nss_lt_name:
name = va_arg(ap, char *);
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#8 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#4 (text+ko) ====
@@ -301,6 +301,8 @@
int
__ldap_setservent(void *retval, void *mdata, va_list ap)
{
+ if (__nss_ldap_configure() != NSS_LDAP_SUCCESS)
+ return (NS_UNAVAIL);
ldap_setservent();
return (NS_UNAVAIL);
@@ -320,6 +322,9 @@
assert(mdata != NULL);
+ if (__nss_ldap_configure() != NSS_LDAP_SUCCESS)
+ return (NS_UNAVAIL);
+
switch ((enum nss_lookup_type)mdata) {
case nss_lt_name:
name = va_arg(ap, char *);
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#4 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#8 (text+ko) ====
@@ -85,6 +85,7 @@
static int
get_yesno(const char *str, int *value)
{
+ printf("getyes_no %s\n", str);
if (strcmp(str, "yes") == 0) {
*value = NSS_LDAP_OPTION_YES;
return (NSS_LDAP_SUCCESS);
@@ -157,7 +158,7 @@
conf->idle_timelimit = 0;
conf->search_timelimit = 0;
conf->reconnect_sleeptime = 4;
- conf->max_reconnect_sleeptime = 64;
+ conf->max_reconnect_sleeptime = 8;
conf->max_conntries = 5;
conf->max_reconnect_conntries = 2;
conf->deref = NSS_LDAP_DEREF_NEVER;
@@ -167,12 +168,11 @@
conf->restart = 0;
conf->debug = 0;
- conf->root_bind_dn = conf->bind_dn = strdup("");
- assert(conf->bind_dn != NULL);
- conf->root_bind_pw = conf->bind_pw = strdup("");
- assert(conf->bind_pw != NULL);
- conf->root_sasl_authid = conf->sasl_authid = strdup("");
- assert(conf->sasl_authid != NULL);
+ conf->bind_dn = NULL;
+ conf->bind_pw = NULL;
+ conf->sasl_authid = NULL;
+
+ conf->tls_checkpeer = NSS_LDAP_OPTION_DEFAULT;
//__nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method);
__nss_ldap_init_simple_auth_method(&conf->connection_method);
@@ -437,19 +437,25 @@
}
} else if (strcmp(fields[0], "restart") == 0) {
if ((field_count == 2) &&
- (get_yesno(fields[2], &value) ==
- NSS_LDAP_SUCCESS))
+ (get_yesno(fields[1], &value) ==
+ NSS_LDAP_SUCCESS)) {
conf->restart = value;
+ continue;
+ }
} else if (strcmp(fields[0], "referrals") == 0) {
if ((field_count == 2) &&
- (get_yesno(fields[2], &value) ==
- NSS_LDAP_SUCCESS))
+ (get_yesno(fields[1], &value) ==
+ NSS_LDAP_SUCCESS)) {
conf->referrals = value;
+ continue;
+ }
} else if (strcmp(fields[0], "rootuse_sasl") == 0) {
if ((field_count == 2) &&
- (get_yesno(fields[2], &value) ==
- NSS_LDAP_SUCCESS))
+ (get_yesno(fields[1], &value) ==
+ NSS_LDAP_SUCCESS)) {
conf->root_use_sasl = value;
+ continue;
+ }
} else if (strcmp(fields[0], "rootsasl_auth_id") == 0) {
if (field_count == 2) {
free(conf->root_sasl_authid);
@@ -480,6 +486,7 @@
conf->ssl_mode = NSS_LDAP_SSL_OFF;
continue;
} else if (strcmp(fields[1], "on") == 0) {
+ printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__);
conf->ssl_mode = NSS_LDAP_SSL_ON;
continue;
} else if (strcmp(fields[1], "start_tls") == 0) {
@@ -512,10 +519,13 @@
continue;
}
} else if (strcmp(fields[0], "tls_checkpeer") == 0) {
+ printf("field_count %d\n", field_count);
if ((field_count == 2) &&
- (get_yesno(fields[2], &value) ==
- NSS_LDAP_SUCCESS))
+ (get_yesno(fields[1], &value) ==
+ NSS_LDAP_SUCCESS)) {
conf->tls_checkpeer = value;
+ continue;
+ }
} else if (strcmp(fields[0], "tls_cacertdir") == 0) {
if (field_count == 2) {
free(conf->tls_cacertdir);
@@ -523,7 +533,8 @@
assert(conf->tls_cacertdir != NULL);
continue;
}
- } else if (strcmp(fields[0], "tls_cacertfile") == 0) {
+ } else if ((strcmp(fields[0], "tls_cacertfile") == 0) ||
+ (strcmp(fields[0], "tls_cacert") == 0)) {
if (field_count == 2) {
free(conf->tls_cacert);
conf->tls_cacert = strdup(fields[1]);
@@ -544,6 +555,13 @@
assert(conf->tls_ciphers);
continue;
}
+ } else if (strcmp(fields[0], "tls_cert") == 0) {
+ if (field_count == 2) {
+ free(conf->tls_cert);
+ conf->tls_cert = strdup(fields[1]);
+ assert(conf->tls_cert);
+ continue;
+ }
} else if (strcmp(fields[0], "tls_key") == 0) {
if (field_count == 2) {
free(conf->tls_key);
@@ -562,7 +580,7 @@
conf->uris = sl_init();
assert(conf->uris != NULL);
- for (i = 1; i <= field_count; ++i) {
+ for (i = 1; i < field_count; ++i) {
str = strdup(fields[i]);
assert(str != NULL);
rv = sl_add(conf->uris, str);
@@ -570,6 +588,7 @@
/* TODO: write to logs */
}
}
+ continue;
}
}
break;
@@ -580,6 +599,68 @@
res = NSS_LDAP_PARSE_ERROR;
}
fclose(fin);
+
+ if (res == NSS_LDAP_SUCCESS) {
+ printf("%d -- conf->port\n", conf->port);
+ if ((conf->root_bind_dn == NULL) &&
+ (conf->bind_dn != NULL)) {
+ conf->root_bind_dn = strdup(conf->bind_dn);
+ assert(conf->root_bind_dn != NULL);
+ }
+
+ if ((conf->root_bind_pw == NULL) &&
+ (conf->bind_pw != NULL)) {
+ conf->root_bind_pw = strdup(conf->bind_pw);
+ assert(conf->root_bind_pw != NULL);
+ }
+
+ if ((conf->root_sasl_authid == NULL) &&
+ (conf->sasl_authid != NULL)) {
+ conf->root_sasl_authid = strdup(conf->sasl_authid);
+ assert(conf->root_sasl_authid != NULL);
+ }
+
+ printf("BBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCc %p\n", (void *)conf->sasl_authid);
+#ifdef NSS_LDAP_SASL_AUTH_ENABLED
+ if (conf->sasl_authid == NULL) {
+#endif
+ switch (conf->ssl_mode) {
+ case NSS_LDAP_SSL_OFF:
+ __nss_ldap_init_simple_auth_method(
+ &conf->connection_method);
+ break;
+ case NSS_LDAP_SSL_ON:
+ printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__);
+ __nss_ldap_init_ssl_simple_auth_method(
+ &conf->connection_method);
+ break;
+ case NSS_LDAP_SSL_START_TLS:
+ __nss_ldap_init_start_tls_simple_auth_method(
+ &conf->connection_method);
+ break;
+ default:
+ break;
+ }
+#ifdef NSS_LDAP_SASL_AUTH_ENABLED
+ } else {
+ switch (conf->ssl_mode) {
+ case NSS_LDAP_SSL_OFF:
+ __nss_ldap_init_sasl_auth_method(
+ &conf->connection_method);
+ break;
+ case NSS_LDAP_SSL_ON:
+ __nss_ldap_init_ssl_sasl_auth_method(
+ &conf->connection_method);
+ break;
+ case NSS_LDAP_SSL_START_TLS:
+ __nss_ldap_init_start_tls_sasl_auth_method(
+ &conf->connection_method);
+ break;
+ }
+ }
+#endif
+ } else
+ printf("CONFIG FAILED!\n");
return (res);
}
@@ -595,16 +676,13 @@
if (conf->uris != NULL)
sl_free(conf->uris, 1);
free(conf->base);
- if (conf->root_bind_dn != conf->bind_dn)
- free(conf->root_bind_dn);
+ free(conf->root_bind_dn);
free(conf->bind_dn);
- if (conf->root_bind_pw != conf->bind_pw)
- free(conf->root_bind_pw);
+ free(conf->root_bind_pw);
free(conf->bind_pw);
free(conf->logdir);
- if (conf->root_sasl_authid != conf->sasl_authid)
- free(conf->root_sasl_authid);
+ free(conf->root_sasl_authid);
free(conf->sasl_authid);
free(conf->sasl_secprops);
free(conf->krb5_ccname);
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#8 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#8 (text+ko) ====
@@ -47,13 +47,8 @@
static int compare_sockaddr(struct sockaddr *, struct sockaddr *);
static int check_connection_socket(struct nss_ldap_connection *);
-static int child_fork(struct nss_ldap_connection *,
+static int check_close_connection(struct nss_ldap_connection *,
struct nss_ldap_configuration *, struct nss_ldap_connection_error *);
-static int parent_fork(struct nss_ldap_connection *,
- struct nss_ldap_configuration *, struct nss_ldap_connection_error *);
-static int prepare_fork(struct nss_ldap_connection *,
- struct nss_ldap_configuration *, struct nss_ldap_connection_error *);
-
static int set_ssl_options(struct nss_ldap_connection *,
struct nss_ldap_configuration *);
@@ -74,6 +69,11 @@
socklen_t socknamelen;
socklen_t peernamelen;
int rv;
+
+ if (conn->sock_fd == -1) {
+ printf("check_connection_socket: %d\n", conn->sock_fd);
+ return (NSS_LDAP_SUCCESS);
+ }
socknamelen = sizeof(conn->sockname);
peernamelen = sizeof(conn->peername);
@@ -86,10 +86,12 @@
if (rv == -1)
return (-1);
- return (((compare_sockaddr((struct sockaddr *)conn->sockname,
+ rv = ((compare_sockaddr((struct sockaddr *)conn->sockname,
(struct sockaddr *)sockname) == 0) &&
(compare_sockaddr((struct sockaddr *)conn->peername,
- (struct sockaddr *)peername) == 0)) ? 0 : -1);
+ (struct sockaddr *)peername) == 0)) ? 0 : -1;
+ printf("check_connection_socket %d\n", rv);
+ return (rv);
}
static int
@@ -98,8 +100,9 @@
struct nss_ldap_connection_error conn_err;
int dummy_fd, backup_fd, rv;
+ printf("close_lost_connection: sock_fd: %d\n", conn->sock_fd);
if (conn->sock_fd == -1)
- return (-1);
+ return (NSS_LDAP_CONNECTION_ERROR);
backup_fd = -1;
dummy_fd = socket(PF_LOCAL, SOCK_STREAM, 0);
@@ -108,8 +111,10 @@
goto fin;
}
+ printf("close_lost_connection: dummy_fd: %d\n", dummy_fd);
if (dummy_fd != conn->sock_fd) {
backup_fd = dup(conn->sock_fd);
+ printf("close_lost_connection: backup_fd: %d\n", backup_fd);
dup2(dummy_fd, conn->sock_fd);
close (conn->sock_fd);
@@ -120,6 +125,7 @@
if (dummy_fd != conn->sock_fd)
dup2(backup_fd, conn->sock_fd);
+ printf("close_lost_connection: sock_fd: %d\n", conn->sock_fd);
fin:
if (dummy_fd != -1)
close(dummy_fd);
@@ -128,55 +134,21 @@
return (rv);
}
-static int
-child_fork(struct nss_ldap_connection *conn,
- struct nss_ldap_configuration *conf,
- struct nss_ldap_connection_error *conn_err)
-{
-}
-
static int
-parent_fork(struct nss_ldap_connection *conn,
+check_close_connection(struct nss_ldap_connection *conn,
struct nss_ldap_configuration *conf,
struct nss_ldap_connection_error *conn_err)
{
+ int rv;
+ printf("nss_ldap: checking connection\n");
- if (check_connection_socket(conn) != 0)
- return (close_lost_connection(conn));
- else
- return (__nss_ldap_disconnect(
- &__nss_ldap_conf->connection_method,
- conn, conf, conn_err));
+ if (check_connection_socket(conn) != 0) {
+ rv = close_lost_connection(conn);
+ return (NSS_LDAP_CONNECTION_ERROR);
+ } else
+ return (NSS_LDAP_SUCCESS);
}
-static int
-prepare_fork(struct nss_ldap_connection *conn,
- struct nss_ldap_configuration *conf,
- struct nss_ldap_connection_error *conn_err)
-{
- socklen_t socknamelen;
- socklen_t peernamelen;
- int off;
-
- if (conn->sock_fd == -1)
- return (NSS_LDAP_GENERIC_ERROR);
-
- off = 0;
- (void)setsockopt(conn->sock_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&off,
- sizeof(off));
- (void)fcntl(conn->sock_fd, F_SETFD, FD_CLOEXEC);
-
- socknamelen = sizeof(conn->sockname);
- peernamelen = sizeof(conn->peername);
- (void)getsockname(conn->sock_fd, (struct sockaddr *)&conn->sockname,
- &socknamelen);
- (void)getpeername(conn->sock_fd, (struct sockaddr *)&conn->peername,
- &peernamelen);
-
- /* TODO: we should probably play with return codes a bit */
- return (NSS_LDAP_SUCCESS);
-}
-
static int
set_ssl_options(struct nss_ldap_connection *conn,
struct nss_ldap_configuration *conf)
@@ -184,7 +156,9 @@
int rv;
rv = LDAP_SUCCESS;
+ printf("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa%s %d\n", __FILE__, __LINE__);
if (conf->tls_rand != NULL) {
+ printf("%s %d\n", __FILE__, __LINE__);
rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE,
conf->tls_rand);
if (rv != LDAP_SUCCESS)
@@ -192,6 +166,7 @@
}
if (conf->tls_cacert != NULL) {
+ printf("%s %d %s\n", __FILE__, __LINE__, conf->tls_cacert);
rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
conf->tls_cacert);
if (rv != LDAP_SUCCESS)
@@ -199,6 +174,7 @@
}
if (conf->tls_cacertdir != NULL) {
+ printf("%s %d\n", __FILE__, __LINE__);
rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR,
conf->tls_cacertdir);
if (rv != LDAP_SUCCESS)
@@ -206,6 +182,7 @@
}
if (conf->tls_cert != NULL) {
+ printf("%s %d\n", __FILE__, __LINE__);
rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE,
conf->tls_cert);
if (rv != LDAP_SUCCESS)
@@ -213,6 +190,7 @@
}
if (conf->tls_ciphers != NULL) {
+ printf("%s %d\n", __FILE__, __LINE__);
rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
conf->tls_ciphers);
if (rv != LDAP_SUCCESS)
@@ -220,6 +198,7 @@
}
if (conf->tls_key != NULL) {
+ printf("%s %d\n", __FILE__, __LINE__);
rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE,
conf->tls_key);
if (rv != LDAP_SUCCESS)
@@ -227,12 +206,14 @@
}
if (conf->tls_checkpeer != NSS_LDAP_OPTION_DEFAULT) {
+ printf("%s %d\n", __FILE__, __LINE__);
rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
&conf->tls_checkpeer);
if (rv != LDAP_SUCCESS)
goto fin;
}
+ printf("BBBBBBBBBBBBBBBBBBBBFFFFFFFFFFFFFFFF%s %d\n", __FILE__, __LINE__);
fin:
return (rv);
}
@@ -261,7 +242,8 @@
assert(conn != NULL);
assert(conf != NULL);
assert(err != NULL);
-
+
+ printf("%p\n", (void *)conf);
return (method->auth_fn(conn, conf, err));
}
@@ -278,49 +260,20 @@
return (method->disconnect_fn(conn, conf, err));
}
-
-int
-__nss_ldap_prepare_fork(struct nss_ldap_connection_method *method,
- struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf,
- struct nss_ldap_connection_error *err)
-{
-
- assert(method != NULL);
- assert(conn != NULL);
- assert(conf != NULL);
- assert(err != NULL);
-
- return (method->prepare_fork_fn(conn, conf, err));
-}
int
-__nss_ldap_parent_fork(struct nss_ldap_connection_method *method,
+__nss_ldap_check_close_connection(struct nss_ldap_connection_method *method,
struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf,
struct nss_ldap_connection_error *err)
{
-
assert(method != NULL);
assert(conn != NULL);
assert(conf != NULL);
assert(err != NULL);
- return (method->parent_fork_fn(conn, conf, err));
+ return (method->check_close_fn(conn, conf, err));
}
-
-int
-__nss_ldap_child_fork(struct nss_ldap_connection_method *method,
- struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf,
- struct nss_ldap_connection_error *err)
-{
-
- assert(method != NULL);
- assert(conn != NULL);
- assert(conf != NULL);
- assert(err != NULL);
-
- return (method->child_fork_fn(conn, conf, err));
-}
-
+
int
__nss_ldap_attach_connection(struct nss_ldap_connection *conn, LDAP *ld)
{
@@ -370,10 +323,11 @@
struct nss_ldap_configuration *conf,
struct nss_ldap_connection_error *err)
{
+ LDAPURLDesc url;
struct nss_ldap_connection *conn;
+ char *ldapuri;
int opt, rv;
- assert(conn != NULL);
assert(conf != NULL);
assert(err != NULL);
@@ -381,13 +335,35 @@
struct nss_ldap_connection));
assert(conn != NULL);
memset(conn, 0, sizeof(struct nss_ldap_connection));
-
- conn->ld = (LDAP *)ldap_init(request->host, request->port);
- if (conn->ld == NULL) {
+
+ printf("aiosfuoasf %s %d\n", __FILE__, __LINE__);
+ if (request->uri == NULL) {
+ memset( &url, 0, sizeof(url));
+ url.lud_scheme = request->scheme;
+ url.lud_host = request->host;
+ url.lud_port = request->port;
+ url.lud_scope = LDAP_SCOPE_DEFAULT;
+ ldapuri = ldap_url_desc2str(&url);
+
+ if (ldapuri == NULL) {
+ snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
+ "cannot format the ldap URI");
+ free(conn);
+ return (NULL);
+ }
+
+ rv = ldap_initialize(&conn->ld, ldapuri);
+ free(ldapuri);
+ } else {
+ printf("aiosfuoasf %s %d %s\n", __FILE__, __LINE__,
+ request->uri);
+ rv = ldap_initialize(&conn->ld, request->uri);
+ }
+
+ if (rv != NSS_LDAP_SUCCESS) {
snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
- "ldap_init() error: %s\n", strerror(errno)
- );
- err->err_num = errno;
+ "ldap_init() error: %s\n", ldap_err2string(rv));
+ err->err_num = rv;
free(conn);
return (NULL);
}
@@ -467,11 +443,13 @@
/* TODO: write smth to logs */
}
+ conn->sock_fd = -2;
rv = ldap_get_option(conn->ld, LDAP_OPT_DESC, &conn->sock_fd);
if (rv != LDAP_SUCCESS) {
conn->sock_fd = -1;
/* TODO: write smth to logs */
}
+ printf("conn->sockfd %d %p\n", conn->sock_fd, (void *)conn->ld);
rv = LDAP_SUCCESS;
fin:
@@ -479,6 +457,7 @@
err->err_num = rv;
snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
"ldap_set_option() error: %s\n", ldap_err2string(rv));
+ printf("err->description %s\n", err->description);
ldap_unbind(conn->ld);
free(conn);
conn = NULL;
@@ -497,11 +476,14 @@
char *matched_msg = NULL, *error_msg = NULL;
char **referrals;
LDAPControl **serverctrls;
+ char *err_str;
struct timeval zerotime;
char *bind_dn;
char *bind_pw;
+ printf("%p\n", (void *)conf);
+
assert(conn != NULL);
assert(conf != NULL);
assert(err != NULL);
@@ -523,10 +505,18 @@
/* If the returned message ID is less than zero, an error occurred. */
if ( msgid < 0 ) {
/* NOTE: can't use ldap_result2error here */
- err->err_num = ldap_result2error(conn->ld, res, 0);
+ printf("aa%p\n", (void *)conf);
+ ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER,
+ (void *)&err->err_num);
+ printf("aa%p\n", (void *)conf);
+ if (ldap_get_option(conn->ld, LDAP_OPT_ERROR_STRING,
+ (void *)&err_str) != LDAP_SUCCESS)
+ err_str = NULL;
snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
- "ldap_simple_bind() error: %s\n",
- ldap_err2string(err->err_num));
+ "ldap_simple_bind() error: %s; %s\n",
+ ldap_err2string(err->err_num),
+ err_str == NULL ? "" : err_str);
+ printf("aa%p %s\n", (void *)conf, err->description);
return (NSS_LDAP_CONNECTION_ERROR);
}
@@ -536,10 +526,16 @@
switch ( rc ) {
/* If ldap_result() returns -1, error occurred. */
case -1:
- err->err_num = ldap_result2error(conn->ld, res, 0);
+ ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER,
+ (void *)&err->err_num);
+ if (ldap_get_option(conn->ld, LDAP_OPT_ERROR_STRING,
+ (void *)&err_str) != LDAP_SUCCESS)
+ err_str = NULL;
snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
- "ldap_result() error: %s\n",
- ldap_err2string(err->err_num));
+ "ldap_result() error: %s; %s\n",
+ ldap_err2string(err->err_num),
+ err_str == NULL ? "" : err_str);
+ printf("---------------->> %s\n", err->description);
return (NSS_LDAP_CONNECTION_ERROR);
/* If ldap_result() returns 0, the timeout (specified by the
@@ -634,6 +630,7 @@
method->connect_fn = __nss_ldap_simple_connect;
method->auth_fn = __nss_ldap_simple_auth;
method->disconnect_fn = __nss_ldap_simple_disconnect;
+ method->check_close_fn = check_close_connection;
return (NSS_LDAP_SUCCESS);
}
@@ -653,11 +650,13 @@
if (conn == NULL)
return (NULL);
+ printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__);
opt = LDAP_OPT_X_TLS_HARD;
rv = ldap_set_option(conn->ld, LDAP_OPT_X_TLS, &opt);
if (rv != LDAP_SUCCESS)
goto fin;
+ printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__);
rv = set_ssl_options(conn, conf);
if (rv != LDAP_SUCCESS)
goto fin;
@@ -676,11 +675,41 @@
}
int
-__nss_ldap_init_ssl_method(struct nss_ldap_connection_method *method)
+__nss_ldap_init_ssl_simple_auth_method(
+ struct nss_ldap_connection_method *method)
+{
+ int rv;
+ assert(method != NULL);
+
+ rv = __nss_ldap_init_simple_auth_method(method);
+ if (rv != NSS_LDAP_SUCCESS)
+ return (rv);
+
+ /* Replacing standard connect routine with ssl-specific */
+ method->connect_fn = __nss_ldap_ssl_connect;
+
+ return (NSS_LDAP_SUCCESS);
+}
+
+#ifdef NSS_LDAP_SASL_AUTH_ENABLED
+int
+__nss_ldap_init_ssl_sasl_auth_method(
+ struct nss_ldap_connection_method *method)
{
+ int rv;
+ assert(method != NULL);
+ rv = __nss_ldap_init_sasl_auth_method(method);
+ if (rv != NSS_LDAP_SUCCESS)
+ return (rv);
+
+ /* Replacing standard connect routine with start-tls specific */
+ method->connect_fn = __nss_ldap_ssl_connect;
+
return (NSS_LDAP_SUCCESS);
}
+#endif /* NSS_LDAP_SASL_AUTH_ENABLED */
+
#endif
#if defined(NSS_LDAP_START_TLS_ENABLED) && defined(NSS_LDAP_SIMPLE_AUTH_ENABLED)
@@ -783,6 +812,26 @@
return (NSS_LDAP_SUCCESS);
}
+
+#ifdef NSS_LDAP_SASL_AUTH_ENABLED
+int
+__nss_ldap_init_start_tls_sasl_auth_method(
+ struct nss_ldap_connection_method *method)
+{
+ int rv;
+ assert(method != NULL);
+
+ rv = __nss_ldap_init_sasl_auth_method(method);
+ if (rv != NSS_LDAP_SUCCESS)
+ return (rv);
+
+ /* Replacing standard connect routine with start-tls specific */
+ method->connect_fn = __nss_ldap_start_tls_connect;
+
+ return (NSS_LDAP_SUCCESS);
+}
+#endif /* NSS_LDAP_SASL_AUTH_ENABLED */
+
#endif
#ifdef NSS_LDAP_SASL_AUTH_ENABLED
@@ -816,6 +865,7 @@
if (interact_iter->result == NULL)
return (LDAP_NO_MEMORY);
#endif /* SASL_VERSION_MAJOR < 2 */
+ interact_iter++;
}
return (LDAP_SUCCESS);
@@ -827,7 +877,7 @@
struct nss_ldap_configuration *conf,
struct nss_ldap_connection_error *err)
{
- char *pw, *dn;
+ char *pw, *dn, *err_str;
int rv;
/* Falling back to simple authentication if the config says so */
@@ -846,11 +896,37 @@
rv = ldap_sasl_interactive_bind_s(conn->ld, dn, "GSSAPI", NULL, NULL,
LDAP_SASL_QUIET, nss_ldap_sasl_interact, pw);
- if (rv != LDAP_SUCCESS)
+ if (rv != LDAP_SUCCESS) {
+ err->err_num = rv;
+ if (ldap_get_option(conn->ld, LDAP_OPT_ERROR_STRING,
+ (void *)&err_str) != LDAP_SUCCESS)
+ err_str = NULL;
+ snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
+ "ldap_sasl_interactive_bind_s() error: %s; %s\n",
+ ldap_err2string(err->err_num),
+ err_str == NULL ? "" : err_str);
+ printf("---------------->> %s\n", err->description);
return (NSS_LDAP_CONNECTION_ERROR);
+ }
/* TODO: implement support for krb5-ccname config option */
return (NSS_LDAP_SUCCESS);
}
+
+int
+__nss_ldap_init_sasl_auth_method(struct nss_ldap_connection_method *method)
+{
+ int rv;
+ assert(method != NULL);
+
+ rv = __nss_ldap_init_simple_auth_method(method);
+ if (rv != NSS_LDAP_SUCCESS)
+ return (rv);
+
+ /* Replacing standard auth routine with SASL-specific */
+ method->auth_fn = __nss_ldap_sasl_auth;
+
+ return (NSS_LDAP_SUCCESS);
+}
#endif
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#8 (text+ko) ====
@@ -45,19 +45,19 @@
struct nss_ldap_connection_request
{
+ char *uri; /* if it is NULL, other fields are used */
+
+ char *scheme;
char *host;
- int port;
+ int port;
};
struct nss_ldap_connection {
LDAP *ld;
- int conn_type;
char sockname[NSS_LDAP_SOCK_NAME_SIZE];
char peername[NSS_LDAP_SOCK_NAME_SIZE];
int sock_fd;
-
- void *mdata;
};
struct nss_ldap_connection_error
@@ -75,18 +75,12 @@
typedef int (*nss_ldap_conn_op_fn)(struct nss_ldap_connection *,
struct nss_ldap_configuration *, struct nss_ldap_connection_error *);
-typedef int (*nss_ldap_conn_fork_fn)(struct nss_ldap_connection *,
- struct nss_ldap_configuration *, struct nss_ldap_connection_error *);
-
struct nss_ldap_connection_method
{
nss_ldap_conn_fn connect_fn;
nss_ldap_conn_op_fn auth_fn;
nss_ldap_conn_op_fn disconnect_fn;
-
- nss_ldap_conn_fork_fn prepare_fork_fn;
- nss_ldap_conn_fork_fn parent_fork_fn;
- nss_ldap_conn_fork_fn child_fork_fn;
+ nss_ldap_conn_op_fn check_close_fn;
};
extern struct nss_ldap_connection *__nss_ldap_connect(
@@ -102,14 +96,8 @@
struct nss_ldap_connection *,
struct nss_ldap_configuration *,
struct nss_ldap_connection_error *);
-
-extern int __nss_ldap_prepare_fork(struct nss_ldap_connection_method *,
- struct nss_ldap_connection *, struct nss_ldap_configuration *,
- struct nss_ldap_connection_error *);
-extern int __nss_ldap_parent_fork(struct nss_ldap_connection_method *,
- struct nss_ldap_connection *, struct nss_ldap_configuration *,
- struct nss_ldap_connection_error *);
-extern int __nss_ldap_child_fork(struct nss_ldap_connection_method *,
+extern int __nss_ldap_check_close_connection(
+ struct nss_ldap_connection_method *,
struct nss_ldap_connection *, struct nss_ldap_configuration *,
struct nss_ldap_connection_error *);
@@ -130,11 +118,24 @@
struct nss_ldap_connection_method *);
#endif
+#ifdef NSS_LDAP_SASL_AUTH_ENABLED
+extern int __nss_ldap_sasl_auth(struct nss_ldap_connection *,
+ struct nss_ldap_configuration *, struct nss_ldap_connection_error *);
+extern int __nss_ldap_init_sasl_auth_method(
+ struct nss_ldap_connection_method *);
+#endif
+
#ifdef NSS_LDAP_SSL_ENABLED
extern struct nss_ldap_connection *__nss_ldap_ssl_connect(
struct nss_ldap_connection_request *, struct nss_ldap_configuration *,
struct nss_ldap_connection_error *);
-#endif
+extern int __nss_ldap_init_ssl_simple_auth_method(
+ struct nss_ldap_connection_method *s);
+#ifdef NSS_LDAP_SASL_AUTH_ENABLED
+extern int __nss_ldap_init_ssl_sasl_auth_method(
+ struct nss_ldap_connection_method *s);
+#endif /* NSS_LDAP_SASL_AUTH_ENABLED */
+#endif /* NSS_LDAP_SSL_ENABLED */
#if defined(NSS_LDAP_START_TLS_ENABLED) && defined(NSS_LDAP_SIMPLE_AUTH_ENABLED)
extern struct nss_ldap_connection *__nss_ldap_start_tls_connect(
@@ -143,11 +144,10 @@
extern int __nss_ldap_init_start_tls_simple_auth_method(
struct nss_ldap_connection_method *);
-#endif
+#ifdef NSS_LDAP_SASL_AUTH_ENABLED
+extern int __nss_ldap_init_start_tls_sasl_auth_method(
+ struct nss_ldap_connection_method *);
+#endif /* NSS_LDAP_SASL_AUTH_ENABLED */
+#endif /* NSS_LDAP_START_TLS_ENABLED && NSS_LDAP_SIMPLE_AUTH_ENABLED */
-#ifdef NSS_LDAP_SASL_AUTH_ENABLED
-extern int __nss_ldap_sasl_auth(struct nss_ldap_connection *,
- struct nss_ldap_configuration *, struct nss_ldap_connection_error *);
-#endif
-
#endif /* _LDAPCONN_H_ */
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#8 (text+ko) ====
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list