PERFORCE change 102159 for review
Michael Bushkov
bushman at FreeBSD.org
Sat Jul 22 19:26:43 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=102159
Change 102159 by bushman at bushman_nss_ldap_cached on 2006/07/22 19:26:38
Support for "groups" database added (RFC2307 only). Stubs for "services" added. Some minor changes made.
Affected files ...
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#4 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#4 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#1 add
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#1 add
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#4 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#4 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#3 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#3 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#5 edit
Differences ...
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#5 (text+ko) ====
@@ -8,8 +8,8 @@
#SHLIB_NAME= nss_ldap.so.${SHLIB_MAJOR}
#SHLIBDIR?= /lib
-SRCS= nss_ldap.c ldap_passwd.c ldapconn.c ldapconf.c ldapschema.c \
- ldapsearch.c ldaptls.c ldaputil.c
+SRCS= nss_ldap.c ldap_group.c ldap_passwd.c ldap_serv.c ldapconn.c\
+ ldapconf.c ldapschema.c ldapsearch.c ldaptls.c ldaputil.c
CFLAGS+=-I${.CURDIR}/../libnssutil -I/usr/local/include
CFLAGS+=-DINET6
CFLAGS+=-g
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#4 (text+ko) ====
@@ -1,0 +1,300 @@
+/*-
+ * Copyright (c) 2006 Michael Bushkov <bushman at freebsd.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <assert.h>
+#include <nsswitch.h>
+#include <ldap.h>
+#include <grp.h>
+#include "ldapconn.h"
+#include "ldapschema.h"
+#include "ldapsearch.h"
+#include "ldaptls.h"
+#include "ldaputil.h"
+#include "ldapconf.h"
+#include "nss_ldap.h"
+
+static int
+nss_ldap_parse_group(struct nss_ldap_parse_context *pctx)
+{
+ struct nss_ldap_schema *schema;
+ struct nss_ldap_search_context *sctx;
+ struct group *grp;
+ char *buf;
+ size_t buflen;
+ size_t len, memlen;
+ int rv;
+
+ assert(pctx != NULL);
+
+ sctx = pctx->sctx;
+ grp = (struct group *)pctx->mdata;
+ buf = pctx->buffer;
+ buflen = pctx->bufsize;
+
+ schema = &sctx->conf->schema;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_gid(sctx,
+ _ATM(schema, GROUP, gidNumber),
+ &grp->gr_gid);
+ if (rv != 0)
+ goto errfin;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_rdn_str(sctx,
+ _ATM(schema, GROUP, cn),
+ &grp->gr_name, &len, buf, buflen);
+ if (rv != 0)
+ goto errfin;
+ buflen -= len;
+ buf += len;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_password(sctx,
+ _ATM(schema, GROUP, userPassword),
+ &grp->gr_passwd, &len, buf, buflen);
+ if (rv != 0)
+ goto errfin;
+ buflen -= len;
+ buf += len;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_multi_str(sctx,
+ _ATM(schema, GROUP, memberUid),
+ &grp->gr_mem, &memlen, &len, buf, buflen);
+ if (rv != 0)
+ goto errfin;
+ buflen -= len;
+ buf += len;
+
+ printf("%s %d\n", __FILE__, __LINE__);
+fin:
+ return (0);
+
+errfin:
+ return (-1);
+/*
+
+ if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
+ {
+ groupMembers = groupMembersBuffer;
+ groupMembersCount = 0;
+ groupMembersBufferSize = sizeof (groupMembers);
+ groupMembersBufferIsMalloced = 0;
+ depth = 0;
+
+ stat = do_parse_group_members (e, &groupMembers, &groupMembersCount,
+ &groupMembersBufferSize,
+ &groupMembersBufferIsMalloced, &buffer,
+ &buflen, &depth, &knownGroups);
+ if (stat != NSS_SUCCESS)
+ {
+ if (groupMembersBufferIsMalloced)
+ free (groupMembers);
+ _nss_ldap_namelist_destroy (&knownGroups);
+ return stat;
+ }
+
+ stat = do_fix_group_members_buffer (groupMembers, groupMembersCount,
+ &gr->gr_mem, &buffer, &buflen);
+
+ if (groupMembersBufferIsMalloced)
+ free (groupMembers);
+ _nss_ldap_namelist_destroy (&knownGroups);
+ }
+ else
+ {
+ stat =
+ _nss_ldap_assign_attrvals (e, ATM (LM_GROUP, memberUid), NULL,
+ &gr->gr_mem, &buffer, &buflen, NULL);
+ }
+
+ return stat;*/
+
+/* sctx = pctx->sctx;
+ pwd = (struct passwd *)pctx->mdata;
+ buf = pctx->buffer;
+ buflen = pctx->bufsize;
+
+ schema = &sctx->conf->schema;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_str(sctx,
+ _ATM(schema, PASSWD, uid),
+ &pwd->pw_name, &len, buf, buflen);
+ if (rv != 0)
+ goto errfin;
+ buflen -= len;
+ buf += len;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_uid(sctx,
+ _AT(schema, uidNumber),
+ &pwd->pw_uid);
+ if (rv != 0)
+ goto errfin;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_str(sctx,
+ _AT(schema, gecos),
+ &pwd->pw_gecos, &len, buf, buflen);
+ if (rv != 0) {
+ pwd->pw_gecos = NULL;
+ rv = __nss_ldap_assign_attr_str(sctx,
+ _ATM(schema, PASSWD, cn),
+ &pwd->pw_gecos, &len, buf, buflen);
+ }
+
+ if (rv != 0)
+ goto errfin;
+ buflen -= len;
+ buf += len;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_str(sctx,
+ _AT(schema, homeDirectory),
+ &pwd->pw_dir, &len, buf, buflen);
+ if (rv != 0)
+ rv = __nss_ldap_assign_str("", &pwd->pw_dir, &len, buf,
+ buflen);
+ if (rv != 0)
+ goto errfin;
+ buflen -= len;
+ buf += len;
+
+ printf("==> %d %s\n", __LINE__, __FILE__);
+ rv = __nss_ldap_assign_attr_str(sctx,
+ _AT(schema, loginShell),
+ &pwd->pw_shell, &len, buf, buflen);
+ if (rv != 0)
+ rv = __nss_ldap_assign_str("", &pwd->pw_shell, &len, buf,
+ buflen);
+ if (rv != 0)
+ goto errfin;
+ buflen -= len;
+ buf += len;
+
+fin:
+ return (0);
+
+errfin:*/
+}
+
+int
+ldap_getgrnam_r(const char *name, struct group *grp,
+ char *buffer, size_t bufsize, struct group **result)
+{
+ char filter[NSS_LDAP_FILTER_MAX_SIZE];
+ char const *fmt;
+ int rv;
+
+ fmt = __nss_ldap_get_schema_filter(&__nss_ldap_conf->schema,
+ NSS_LDAP_FILTER_GETGRNAM);
+ if (fmt == NULL)
+ return (NS_UNAVAIL);
+
+ __nss_ldap_format_filter(fmt, NSS_LDAP_FILTER_ARGS_STR, filter,
+ sizeof(filter), name);
+
+ rv = __nss_ldap_getby(NSS_LDAP_MAP_GROUP, filter, (void *)grp,
+ buffer, bufsize, nss_ldap_parse_group);
+
+ if (rv == NS_SUCCESS)
+ *result = grp;
+
+ return (rv);
+}
+
+int
+ldap_getgrgid_r(gid_t gid, struct group *grp,
+ char *buffer, size_t bufsize, struct group **result)
+{
+ char filter[NSS_LDAP_FILTER_MAX_SIZE];
+ char const *fmt;
+ int rv;
+
+ fmt = __nss_ldap_get_schema_filter(&__nss_ldap_conf->schema,
+ NSS_LDAP_FILTER_GETGRGID);
+ if (fmt == NULL)
+ return (NS_UNAVAIL);
+
+ __nss_ldap_format_filter(fmt, NSS_LDAP_FILTER_ARGS_GID, filter,
+ sizeof(filter), gid);
+
+ rv = __nss_ldap_getby(NSS_LDAP_MAP_GROUP, filter, (void *)grp,
+ buffer, bufsize, nss_ldap_parse_group);
+
+ if (rv == NS_SUCCESS)
+ *result = grp;
+
+ return (rv);
+}
+
+int
+ldap_getgrent_r(struct group *grp, char *buffer, size_t bufsize,
+ struct group **result)
+{
+ char const *filter;
+ int rv;
+
+ filter = __nss_ldap_get_schema_filter(&__nss_ldap_conf->schema,
+ NSS_LDAP_FILTER_GETGRENT);
+ if (filter == NULL)
+ return (NS_UNAVAIL);
+
+ rv = __nss_ldap_getent(NSS_LDAP_MAP_GROUP, filter, (void *)grp,
+ buffer, bufsize, nss_ldap_parse_group);
+
+ if (rv == NS_SUCCESS)
+ *result = grp;
+
+ return (rv);
+}
+
+void
+ldap_setgrent()
+{
+
+ __nss_ldap_setent(NSS_LDAP_MAP_GROUP);
+}
+
+
+int
+__ldap_setgrpent(void *retval, void *mdata, va_list ap)
+{
+ return (NS_UNAVAIL);
+}
+
+int
+__ldap_group(void *retval, void *mdata, va_list ap)
+{
+ return (NS_UNAVAIL);
+}
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#4 (text+ko) ====
@@ -1,0 +1,47 @@
+/*-
+ * Copyright (c) 2006 Michael Bushkov <bushman at freebsd.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LDAP_GROUP_H_
+#define _LDAP_GROUP_H_
+
+int
+ldap_getgrnam_r(const char *name, struct group *grp,
+ char *buffer, size_t bufsize, struct group **result);
+int
+ldap_getgrgid_r(gid_t gid, struct group *grp,
+ char *buffer, size_t bufsize, struct group **result);
+int
+ldap_getgrent_r(struct group *grp, char *buffer, size_t bufsize,
+ struct group **result);
+void
+ldap_setgrent();
+
+extern int __ldap_setgrent(void *, void *, va_list);
+extern int __ldap_group(void *, void *, va_list);
+
+#endif
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#5 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#5 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#5 (text+ko) ====
@@ -98,6 +98,9 @@
else if (strcmp(left_arg, "group") == 0)
rv = __nss_ldap_set_schema_filter_base(&conf->schema,
NSS_LDAP_MAP_GROUP, right_arg);
+ else if (strcmp(left_arg, "service") == 0)
+ rv = __nss_ldap_set_schema_filter_base(&conf->schema,
+ NSS_LDAP_MAP_SERVICE, right_arg);
return (rv);
}
@@ -138,7 +141,7 @@
conf->port = LDAP_PORT;
conf->proto_version = NSS_LDAP_PROTO_VERSION_3;
- conf->ssl_mode = NSS_LDAP_SSL_START_TLS;
+ conf->ssl_mode = NSS_LDAP_SSL_OFF;//NSS_LDAP_SSL_START_TLS;
conf->bind_dn = strdup(
"uid=nssproxy,ou=Users,ou=LDAPAccess,ou=Domains,dc=r61,dc=net");
@@ -150,7 +153,8 @@
conf->bind_pw = strdup("[passwd]");
assert(conf->bind_pw != NULL);
- __nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method);
+ //__nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method);
+ __nss_ldap_init_simple_auth_method(&conf->connection_method);
__nss_ldap_init_default_search_method(&conf->search_method);
__nss_ldap_init_default_tls_method(&conf->tls_method);
}
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#5 (text+ko) ====
@@ -61,7 +61,7 @@
char *root_bind_dn;
char *bind_dn;
- char *bind_pw;
+ char *bind_pw;
struct nss_ldap_schema schema;
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#5 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#5 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#5 (text+ko) ====
@@ -125,6 +125,21 @@
NSS_LDAP_FILTER_MAX_SIZE,
"(&(objectclass=%s))",
_OC(schema, posixGroup));
+
+ snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVBYNAME],
+ NSS_LDAP_FILTER_MAX_SIZE,
+ "(&(objectclass=%s)(%s=%s)(%s=%s))",
+ _OC(schema, ipServices), _ATM(schema, SERVICES, cn), "%s",
+ _AT(schema, ipServiceProtocol), "%s");
+ snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVBYPORT],
+ NSS_LDAP_FILTER_MAX_SIZE,
+ "(&(objectclass=%s)(%s=%s)(%s=%s))",
+ _OC(schema, ipServices), _AT(schema, ipServicePort), "%d",
+ _AT(schema, ipServiceProtocol), "%s");
+ snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVENT],
+ NSS_LDAP_FILTER_MAX_SIZE,
+ "(objectclass=%s)",
+ _OC(schema, ipServices));
}
void
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#5 (text+ko) ====
@@ -40,7 +40,8 @@
#define NSS_LDAP_MAP_NONE 0
#define NSS_LDAP_MAP_PASSWD 1
#define NSS_LDAP_MAP_GROUP 2
-#define NSS_LDAP_MAP_MAX 3
+#define NSS_LDAP_MAP_SERVICE 3
+#define NSS_LDAP_MAP_MAX 4
#define NSS_LDAP_FILTER_GETPWNAM 0
#define NSS_LDAP_FILTER_GETPWUID 1
@@ -48,7 +49,10 @@
#define NSS_LDAP_FILTER_GETGRNAM 3
#define NSS_LDAP_FILTER_GETGRGID 4
#define NSS_LDAP_FILTER_GETGRENT 5
-#define NSS_LDAP_FILTER_MAX_ID 6
+#define NSS_LDAP_FILTER_GETSERVBYNAME 6
+#define NSS_LDAP_FILTER_GETSERVBYPORT 7
+#define NSS_LDAP_FILTER_GETSERVENT 8
+#define NSS_LDAP_FILTER_MAX_ID 9
#define _AT(schema, at)\
(__nss_ldap_get_attribute(schema, NSS_LDAP_MAP_NONE, #at))
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#4 (text+ko) ====
@@ -123,6 +123,7 @@
assert(ctx != NULL);
+ printf("%s %d\n", __FILE__, __LINE__);
if (ctx->msgid == -1) {
ctx->msg = NULL;
return (0);
@@ -134,6 +135,7 @@
rv = ldap_result( ctx->conn->ld, ctx->msgid, LDAP_MSG_ONE,
&zerotime, &ctx->msg);
+ printf("%s %d %d %d\n", __FILE__, __LINE__, rv, LDAP_RES_SEARCH_ENTRY);
switch (rv) {
case -1:
return (-1);
@@ -310,6 +312,43 @@
}
int
+__nss_ldap_assign_rdn_str(struct nss_ldap_search_context *sctx,
+ char const *type, char **str, size_t *len, char *buf, size_t bufsize)
+{
+ char **values, **viter, *res, *rdn;
+ size_t type_len;
+ int rv;
+
+ assert(rdn != NULL);
+ assert(type != NULL);
+ assert(str != NULL);
+ assert(len != NULL);
+ assert(buf != NULL);
+
+ rdn = ldap_get_dn(sctx->conn->ld, sctx->msg);
+ if (rdn == NULL)
+ return (-1);
+
+ rv = -1;
+ values = ldap_explode_rdn(rdn, 0);
+ if (values != NULL) {
+ type_len = strlen(type);
+ for (viter = values; *viter; ++viter)
+ if ((strncmp(*viter, type, type_len) == 0) &&
+ (*(*viter + type_len) != '\0')) {
+ res = *viter + type_len + 1;
+ rv = __nss_ldap_assign_str(res, str, len, buf,
+ bufsize);
+ break;
+ }
+
+ ldap_value_free(values);
+ }
+
+ return (rv);
+}
+
+int
__nss_ldap_assign_attr_str(struct nss_ldap_search_context *ctx,
char const *attr, char **str, size_t *len, char *buf, size_t bufsize)
{
@@ -360,7 +399,7 @@
char const *attr, char ***str_array, size_t *str_array_size,
size_t *len, char *buf, size_t bufsize)
{
- char **values, **viter;
+ char **values, **viter, **siter;
size_t size, valsize;
int rv;
@@ -372,38 +411,44 @@
assert(buf != NULL);
values = (char **)ldap_get_values(ctx->conn->ld, ctx->msg, attr);
- if (values == NULL) {
- /* TODO: proper error handling */
- return (-1);
- }
+ valsize = values == NULL ? 0 : ldap_count_values(values);
+
+ siter = (char **)ALIGN(buf);
+
+ *str_array = siter;
+ *str_array_size = valsize + 1;
+ *len = sizeof(char *) * (*str_array_size);
- valsize = ldap_count_values(values);
-
- *str_array = (char **)ALIGN(buf);
- *len = sizeof(char *) * valsize;
- if ((char *)(*str_array) + *len > buf + bufsize) {
+ if ((char *)siter + *len > buf + bufsize) {
/* TODO: proper error handling */
ldap_value_free(values);
return (-1);
}
- buf = (char *)(*str_array) + (*len);
- bufsize -= (*len);
-
- for (viter = values; *viter; ++viter, ++(*str_array)) {
- rv = __nss_ldap_assign_str(*viter, *str_array, &size,
- buf, bufsize);
- if (rv == -1) {
- /* TODO: proper error handling */
- ldap_value_free(values);
- return (-1);
+ printf("== %s %d\n", __FILE__, __LINE__);
+ buf = (char *)siter + *len;
+ bufsize -= *len;
+
+ printf("== %s %d\n", __FILE__, __LINE__);
+ if (values != NULL) {
+ for (viter = values; *viter; ++viter, ++siter) {
+ rv = __nss_ldap_assign_str(*viter, siter, &size,
+ buf, bufsize);
+ if (rv == -1) {
+ /* TODO: proper error handling */
+ ldap_value_free(values);
+ return (-1);
+ }
+
+ buf += size;
+ *len += size;
+ bufsize -= size;
}
- buf += size;
- bufsize -= size;
+ ldap_value_free(values);
}
-
- ldap_value_free(values);
+
+ *siter = NULL;
return (0);
}
@@ -496,38 +541,40 @@
char *pass;
int rv;
+ pass = NULL;
values = (char **)ldap_get_values(ctx->conn->ld, ctx->msg, attr);
- if (values == NULL)
- return (-1);
- pass = NULL;
-
- /* NOTE: actually, we can insert a hook in the configuration file
- * parser to avoid using strcmp() every time. But the approach
- * below seems to be a bit cleaner */
- if (strcmp(attr, "userPassword") == 0) {
- for (viter = values; *viter; ++viter) {
- if (strncmp(*viter, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0) {
- pass = *viter + sizeof("{CRYPT}") - 1;
- break;
+ if (values != NULL) {
+ /* NOTE: actually, we can insert a hook in the configuration file
+ * parser to avoid using strcmp() every time. But the approach
+ * below seems to be a bit cleaner */
+ if (strcmp(attr, "userPassword") == 0) {
+ for (viter = values; *viter; ++viter) {
+ if (strncmp(*viter, "{CRYPT}",
+ sizeof("{CRYPT}") - 1) == 0) {
+ pass = *viter + sizeof("{CRYPT}") - 1;
+ break;
+ }
}
- }
- } else if (strcmp(attr, "authPassword") == 0) {
- for (viter = values; *viter; ++viter) {
- if (strncmp(*viter, "CRYPT$", sizeof("CRYPT$") - 1) == 0) {
- pass = *viter + sizeof("CRYPT$") - 1;
- break;
+ } else if (strcmp(attr, "authPassword") == 0) {
+ for (viter = values; *viter; ++viter) {
+ if (strncmp(*viter, "CRYPT$",
+ sizeof("CRYPT$") - 1) == 0) {
+ pass = *viter + sizeof("CRYPT$") - 1;
+ break;
+ }
}
- }
- } else
- pass = *values;
+ } else
+ pass = *values;
+ }
if (pass == NULL)
- rv = -1;
- else
- rv = __nss_ldap_assign_str(pass, str, len, buf, bufsize);
+ pass = "*";
+
+ rv = __nss_ldap_assign_str(pass, str, len, buf, bufsize);
- ldap_value_free(*values);
+ if (values != NULL)
+ ldap_value_free(values);
return (rv);
}
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#4 (text+ko) ====
@@ -63,7 +63,9 @@
void *mdata;
char *buffer;
- size_t bufsize;
+ size_t bufsize;
+
+ int need_more;
};
typedef struct nss_ldap_search_context *(*nss_ldap_start_search_fn)(
@@ -109,6 +111,8 @@
extern int __nss_ldap_assign_str(char const *, char **, size_t *, char *,
size_t);
+extern int __nss_ldap_assign_rdn_str(struct nss_ldap_search_context *,
+ char const *, char **, size_t *, char *, size_t);
extern int __nss_ldap_assign_attr_str(struct nss_ldap_search_context *,
char const *, char **, size_t *, char *, size_t);
extern int __nss_ldap_assign_attr_multi_str(struct nss_ldap_search_context *,
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#3 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#3 (text+ko) ====
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#5 (text+ko) ====
@@ -105,16 +105,24 @@
switch (type) {
case NSS_LDAP_FILTER_ARGS_STR:
+ case NSS_LDAP_FILTER_ARGS_STR_ANY:
s = va_arg(ap, char *);
rv = __nss_ldap_escape_string(s, str, sizeof(str));
if (rv == 0) {
- rv = snprintf(buffer, bufsize, fmt, str);
+ if (type == NSS_LDAP_FILTER_ARGS_STR)
+ rv = snprintf(buffer, bufsize, fmt, str);
+ else
+ rv = snprintf(buffer, bufsize, fmt, str, "*");
rv = (rv >= bufsize) ? -1 : 0;
}
break;
case NSS_LDAP_FILTER_ARGS_INT:
- num = va_arg(ap, int);
- rv = snprintf(buffer, bufsize, fmt, num);
+ case NSS_LDAP_FITLER_ARGS_INT_ANY:
+ num = va_arg(ap, int);
+ if (type == NSS_LDAP_FILTER_ARGS_INT)
+ rv = snprintf(buffer, bufsize, fmt, num);
+ else
+ rv = snprintf(buffer, bufsize, fmt, num, "*");
rv = (rv >= bufsize) ? -1 : 0;
break;
case NSS_LDAP_FILTER_ARGS_UID:
@@ -127,9 +135,27 @@
rv = snprintf(buffer, bufsize, fmt, gid);
rv = (rv >= bufsize) ? -1 : 0;
break;
- case NSS_LDAP_FILTER_ARGS_STR_INT:
+ case
+ case NSS_LDAP_FILTER_ARGS_INT_STR:
+ num = va_arg(ap, int);
+ s = va_arg(ap, char *);
+ rv = __nss_ldap_escape_string(s, str, sizeof(str));
+ if (rv == 0) {
+ rv = snprintf(buffer, bufsize, fmt, num, str);
+ rv = (rv >= bufsize) ? -1 : 0;
+ }
break;
case NSS_LDAP_FILTER_ARGS_STR_STR:
+ s = va_arg(ap, char *);
+ rv = __nss_ldap_escape_string(s, str, sizeof(str));
+ if (rv == 0) {
+ s = va_arg(ap, char *);
+ rv = __nss_ldap_escape_string(s, str2, sizeof(str2));
+ if (rv == 0) {
+ rv = snprintf(buffer, bufsize, fmt, str, str2);
+ rv = (rv >= bufsize) ? -1 : 0;
+ }
+ }
break;
default:
break;
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#5 (text+ko) ====
@@ -33,8 +33,10 @@
#define NSS_LDAP_FILTER_ARGS_INT 1
#define NSS_LDAP_FILTER_ARGS_UID 2
#define NSS_LDAP_FILTER_ARGS_GID 3
-#define NSS_LDAP_FILTER_ARGS_STR_INT 4
+#define NSS_LDAP_FILTER_ARGS_INT_STR 4
#define NSS_LDAP_FILTER_ARGS_STR_STR 5
+#define NSS_LDAP_FILTER_ARGS_STR_ANY 6
+#define NSS_LDAP_FILTER_ARGS_INT_ANY 7
extern int __nss_ldap_escape_string(char const *, char *, size_t);
extern int __nss_ldap_format_filter(char const *, int, char *, size_t, ...);
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#5 (text+ko) ====
@@ -31,8 +31,10 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <assert.h>
+#include <grp.h>
+#include <ldap.h>
+#include <netdb.h>
#include <nsswitch.h>
-#include <ldap.h>
#include <pthread.h>
#include <pwd.h>
#include <stdio.h>
@@ -46,6 +48,8 @@
#include "nss_ldap.h"
#include "ldap_passwd.h"
+#include "ldap_group.h"
+#include "ldap_serv.h"
#define NSS_LDAP_CONF_PATH "/etc/nss_ldap.conf"
@@ -61,6 +65,18 @@
{NSDB_PASSWD_COMPAT, "getpwent_r", __ldap_passwd, (void *)nss_lt_all},
{NSDB_PASSWD_COMPAT, "endpwent", __ldap_setpwent, (void *)nss_end_ent},
{NSDB_PASSWD_COMPAT, "setpwent", __ldap_setpwent, (void *)nss_set_ent}
+/*
+ {NSDB_GROUP, "getpwnam_r", __ldap_group, (void *)nss_lt_name},
+ {NSDB_GROUP, "getpwuid_r", __ldap_group, (void *)nss_lt_id},
+ {NSDB_GROUP, "getpwent_r", __ldap_group, (void *)nss_lt_all},
+ {NSDB_GROUP, "endpwent", __ldap_setgrent, (void *)nss_end_ent},
+ {NSDB_GROUP, "setpwent", __ldap_setgrent, (void *)nss_set_ent},
+
+ {NSDB_GROUP_COMPAT, "getpwnam_r", __ldap_group, (void *)nss_lt_name},
+ {NSDB_GROUP_COMPAT, "getpwuid_r", __ldap_group, (void *)nss_lt_id},
+ {NSDB_GROUP_COMPAT, "getpwent_r", __ldap_group, (void *)nss_lt_all},
+ {NSDB_GROUP_COMPAT, "endpwent", __ldap_setgrent, (void *)nss_end_ent},
+ {NSDB_GROUP_COMPAT, "setpwent", __ldap_setgrent, (void *)nss_set_ent},*/
};
static pthread_rwlock_t nss_ldap_lock = PTHREAD_RWLOCK_INITIALIZER;
@@ -271,12 +287,24 @@
goto fin;
}
- rv = __nss_ldap_parse_next(search_method, pctx);
- if (rv != 0) {
- /* TODO: proper error handling */
- rv = NS_NOTFOUND;
- goto fin;
- }
+ do {
+ pctx->need_more = 0;
+ rv = __nss_ldap_parse_next(search_method, pctx);
+ if (rv != 0) {
+ /* TODO: proper error handling */
+ rv = NS_NOTFOUND;
+ goto fin;
+ }
+
+ if (pctx->need_more != 0) {
+ rv = __nss_ldap_search_next(search_method, sctx);
+ if (rv != 0) {
+ /* TODO: proper error handling */
+ rv = NS_NOTFOUND;
+ goto fin;
+ }
+ }
+ } while (pctx->need_more != 0);
rv = NS_SUCCESS;
@@ -490,6 +518,8 @@
char buffer[1024];
struct passwd pwd, *res;
+ struct group grp, *g_res;
+ struct servent serv, *s_res;
printf("making request with getpwnam\n");
rv = ldap_getpwnam_r("os", &pwd, buffer, sizeof(buffer), &res);
if (rv != NS_SUCCESS)
@@ -523,6 +553,69 @@
res->pw_shell, res->pw_uid);
}
}
+
+ printf("iterating through groups\n");
+ rv = NS_SUCCESS;
+ while (rv == NS_SUCCESS) {
+ rv = ldap_getgrent_r(&grp, buffer, sizeof(buffer), &g_res);
+ if (rv != NS_SUCCESS)
+ printf("failed\n");
+ else {
+ printf("%s %s %d:\n\t", g_res->gr_name,
+ g_res->gr_passwd, g_res->gr_gid);
+
+ char **cp;
+ for (cp = g_res->gr_mem; *cp; ++cp)
+ printf("%s ", *cp);
+ printf("\n");
+ }
+ }
+
+ printf("\n\niterating through groups (2nd try)\n");
+ ldap_setgrent();
+ rv = NS_SUCCESS;
+ while (rv == NS_SUCCESS) {
+ rv = ldap_getgrent_r(&grp, buffer, sizeof(buffer), &g_res);
+ if (rv != NS_SUCCESS)
+ printf("failed\n");
+ else {
+ printf("%s %s %d:\n\t", g_res->gr_name,
+ g_res->gr_passwd, g_res->gr_gid);
+
+ char **cp;
+ for (cp = g_res->gr_mem; *cp; ++cp)
+ printf("%s ", *cp);
+ printf("\n");
+ }
+ }
+
+ printf("\n\nmaking request with getgrnam\n");
+ rv = ldap_getgrnam_r("domadmins", &grp, buffer, sizeof(buffer), &g_res);
+ if (rv != NS_SUCCESS)
+ printf("failed\n");
+ else {
+ printf("%s %s %d:\n\t", g_res->gr_name,
+ g_res->gr_passwd, g_res->gr_gid);
+
+ char **cp;
+ for (cp = g_res->gr_mem; *cp; ++cp)
+ printf("%s ", *cp);
+ printf("\n");
+ }
+
+ printf("\n\nmaking request with getservbyname\n");
+ rv = ldap_getservbyname_r("ssh", &serv, buffer, sizeof(buffer), &s_res);
+ if (rv != NS_SUCCESS)
+ printf("failed\n");
+ else {
+ printf("%s %s %d:\n\t", s_res->s_name,
+ s_res->s_proto, s_res->s_port);
+
+ char **cp;
+ for (cp = s_res->s_aliases; *cp; ++cp)
+ printf("%s ", *cp);
+ printf("\n");
+ }
/* char buf[14];
struct nss_ldap_connection_method method;
==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#5 (text+ko) ====
More information about the p4-projects
mailing list