Date: Sat, 22 Jul 2006 19:26:41 GMT From: Michael Bushkov <bushman@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 102159 for review Message-ID: <200607221926.k6MJQfeZ078073@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=102159 Change 102159 by bushman@bushman_nss_ldap_cached on 2006/07/22 19:26:38 Support for "groups" database added (RFC2307 only). Stubs for "services" added. Some minor changes made. Affected files ... .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#4 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#4 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#1 add .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#1 add .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#4 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#4 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#3 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#3 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#5 edit Differences ... ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#5 (text+ko) ==== @@ -8,8 +8,8 @@ #SHLIB_NAME= nss_ldap.so.${SHLIB_MAJOR} #SHLIBDIR?= /lib -SRCS= nss_ldap.c ldap_passwd.c ldapconn.c ldapconf.c ldapschema.c \ - ldapsearch.c ldaptls.c ldaputil.c +SRCS= nss_ldap.c ldap_group.c ldap_passwd.c ldap_serv.c ldapconn.c\ + ldapconf.c ldapschema.c ldapsearch.c ldaptls.c ldaputil.c CFLAGS+=-I${.CURDIR}/../libnssutil -I/usr/local/include CFLAGS+=-DINET6 CFLAGS+=-g ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#4 (text+ko) ==== @@ -1,0 +1,300 @@ +/*- + * Copyright (c) 2006 Michael Bushkov <bushman@freebsd.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <assert.h> +#include <nsswitch.h> +#include <ldap.h> +#include <grp.h> +#include "ldapconn.h" +#include "ldapschema.h" +#include "ldapsearch.h" +#include "ldaptls.h" +#include "ldaputil.h" +#include "ldapconf.h" +#include "nss_ldap.h" + +static int +nss_ldap_parse_group(struct nss_ldap_parse_context *pctx) +{ + struct nss_ldap_schema *schema; + struct nss_ldap_search_context *sctx; + struct group *grp; + char *buf; + size_t buflen; + size_t len, memlen; + int rv; + + assert(pctx != NULL); + + sctx = pctx->sctx; + grp = (struct group *)pctx->mdata; + buf = pctx->buffer; + buflen = pctx->bufsize; + + schema = &sctx->conf->schema; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_gid(sctx, + _ATM(schema, GROUP, gidNumber), + &grp->gr_gid); + if (rv != 0) + goto errfin; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_rdn_str(sctx, + _ATM(schema, GROUP, cn), + &grp->gr_name, &len, buf, buflen); + if (rv != 0) + goto errfin; + buflen -= len; + buf += len; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_password(sctx, + _ATM(schema, GROUP, userPassword), + &grp->gr_passwd, &len, buf, buflen); + if (rv != 0) + goto errfin; + buflen -= len; + buf += len; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_multi_str(sctx, + _ATM(schema, GROUP, memberUid), + &grp->gr_mem, &memlen, &len, buf, buflen); + if (rv != 0) + goto errfin; + buflen -= len; + buf += len; + + printf("%s %d\n", __FILE__, __LINE__); +fin: + return (0); + +errfin: + return (-1); +/* + + if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) + { + groupMembers = groupMembersBuffer; + groupMembersCount = 0; + groupMembersBufferSize = sizeof (groupMembers); + groupMembersBufferIsMalloced = 0; + depth = 0; + + stat = do_parse_group_members (e, &groupMembers, &groupMembersCount, + &groupMembersBufferSize, + &groupMembersBufferIsMalloced, &buffer, + &buflen, &depth, &knownGroups); + if (stat != NSS_SUCCESS) + { + if (groupMembersBufferIsMalloced) + free (groupMembers); + _nss_ldap_namelist_destroy (&knownGroups); + return stat; + } + + stat = do_fix_group_members_buffer (groupMembers, groupMembersCount, + &gr->gr_mem, &buffer, &buflen); + + if (groupMembersBufferIsMalloced) + free (groupMembers); + _nss_ldap_namelist_destroy (&knownGroups); + } + else + { + stat = + _nss_ldap_assign_attrvals (e, ATM (LM_GROUP, memberUid), NULL, + &gr->gr_mem, &buffer, &buflen, NULL); + } + + return stat;*/ + +/* sctx = pctx->sctx; + pwd = (struct passwd *)pctx->mdata; + buf = pctx->buffer; + buflen = pctx->bufsize; + + schema = &sctx->conf->schema; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_str(sctx, + _ATM(schema, PASSWD, uid), + &pwd->pw_name, &len, buf, buflen); + if (rv != 0) + goto errfin; + buflen -= len; + buf += len; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_uid(sctx, + _AT(schema, uidNumber), + &pwd->pw_uid); + if (rv != 0) + goto errfin; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_str(sctx, + _AT(schema, gecos), + &pwd->pw_gecos, &len, buf, buflen); + if (rv != 0) { + pwd->pw_gecos = NULL; + rv = __nss_ldap_assign_attr_str(sctx, + _ATM(schema, PASSWD, cn), + &pwd->pw_gecos, &len, buf, buflen); + } + + if (rv != 0) + goto errfin; + buflen -= len; + buf += len; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_str(sctx, + _AT(schema, homeDirectory), + &pwd->pw_dir, &len, buf, buflen); + if (rv != 0) + rv = __nss_ldap_assign_str("", &pwd->pw_dir, &len, buf, + buflen); + if (rv != 0) + goto errfin; + buflen -= len; + buf += len; + + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_str(sctx, + _AT(schema, loginShell), + &pwd->pw_shell, &len, buf, buflen); + if (rv != 0) + rv = __nss_ldap_assign_str("", &pwd->pw_shell, &len, buf, + buflen); + if (rv != 0) + goto errfin; + buflen -= len; + buf += len; + +fin: + return (0); + +errfin:*/ +} + +int +ldap_getgrnam_r(const char *name, struct group *grp, + char *buffer, size_t bufsize, struct group **result) +{ + char filter[NSS_LDAP_FILTER_MAX_SIZE]; + char const *fmt; + int rv; + + fmt = __nss_ldap_get_schema_filter(&__nss_ldap_conf->schema, + NSS_LDAP_FILTER_GETGRNAM); + if (fmt == NULL) + return (NS_UNAVAIL); + + __nss_ldap_format_filter(fmt, NSS_LDAP_FILTER_ARGS_STR, filter, + sizeof(filter), name); + + rv = __nss_ldap_getby(NSS_LDAP_MAP_GROUP, filter, (void *)grp, + buffer, bufsize, nss_ldap_parse_group); + + if (rv == NS_SUCCESS) + *result = grp; + + return (rv); +} + +int +ldap_getgrgid_r(gid_t gid, struct group *grp, + char *buffer, size_t bufsize, struct group **result) +{ + char filter[NSS_LDAP_FILTER_MAX_SIZE]; + char const *fmt; + int rv; + + fmt = __nss_ldap_get_schema_filter(&__nss_ldap_conf->schema, + NSS_LDAP_FILTER_GETGRGID); + if (fmt == NULL) + return (NS_UNAVAIL); + + __nss_ldap_format_filter(fmt, NSS_LDAP_FILTER_ARGS_GID, filter, + sizeof(filter), gid); + + rv = __nss_ldap_getby(NSS_LDAP_MAP_GROUP, filter, (void *)grp, + buffer, bufsize, nss_ldap_parse_group); + + if (rv == NS_SUCCESS) + *result = grp; + + return (rv); +} + +int +ldap_getgrent_r(struct group *grp, char *buffer, size_t bufsize, + struct group **result) +{ + char const *filter; + int rv; + + filter = __nss_ldap_get_schema_filter(&__nss_ldap_conf->schema, + NSS_LDAP_FILTER_GETGRENT); + if (filter == NULL) + return (NS_UNAVAIL); + + rv = __nss_ldap_getent(NSS_LDAP_MAP_GROUP, filter, (void *)grp, + buffer, bufsize, nss_ldap_parse_group); + + if (rv == NS_SUCCESS) + *result = grp; + + return (rv); +} + +void +ldap_setgrent() +{ + + __nss_ldap_setent(NSS_LDAP_MAP_GROUP); +} + + +int +__ldap_setgrpent(void *retval, void *mdata, va_list ap) +{ + return (NS_UNAVAIL); +} + +int +__ldap_group(void *retval, void *mdata, va_list ap) +{ + return (NS_UNAVAIL); +} ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#4 (text+ko) ==== @@ -1,0 +1,47 @@ +/*- + * Copyright (c) 2006 Michael Bushkov <bushman@freebsd.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _LDAP_GROUP_H_ +#define _LDAP_GROUP_H_ + +int +ldap_getgrnam_r(const char *name, struct group *grp, + char *buffer, size_t bufsize, struct group **result); +int +ldap_getgrgid_r(gid_t gid, struct group *grp, + char *buffer, size_t bufsize, struct group **result); +int +ldap_getgrent_r(struct group *grp, char *buffer, size_t bufsize, + struct group **result); +void +ldap_setgrent(); + +extern int __ldap_setgrent(void *, void *, va_list); +extern int __ldap_group(void *, void *, va_list); + +#endif ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#5 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#5 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#5 (text+ko) ==== @@ -98,6 +98,9 @@ else if (strcmp(left_arg, "group") == 0) rv = __nss_ldap_set_schema_filter_base(&conf->schema, NSS_LDAP_MAP_GROUP, right_arg); + else if (strcmp(left_arg, "service") == 0) + rv = __nss_ldap_set_schema_filter_base(&conf->schema, + NSS_LDAP_MAP_SERVICE, right_arg); return (rv); } @@ -138,7 +141,7 @@ conf->port = LDAP_PORT; conf->proto_version = NSS_LDAP_PROTO_VERSION_3; - conf->ssl_mode = NSS_LDAP_SSL_START_TLS; + conf->ssl_mode = NSS_LDAP_SSL_OFF;//NSS_LDAP_SSL_START_TLS; conf->bind_dn = strdup( "uid=nssproxy,ou=Users,ou=LDAPAccess,ou=Domains,dc=r61,dc=net"); @@ -150,7 +153,8 @@ conf->bind_pw = strdup("[passwd]"); assert(conf->bind_pw != NULL); - __nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method); + //__nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method); + __nss_ldap_init_simple_auth_method(&conf->connection_method); __nss_ldap_init_default_search_method(&conf->search_method); __nss_ldap_init_default_tls_method(&conf->tls_method); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#5 (text+ko) ==== @@ -61,7 +61,7 @@ char *root_bind_dn; char *bind_dn; - char *bind_pw; + char *bind_pw; struct nss_ldap_schema schema; ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#5 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#5 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#5 (text+ko) ==== @@ -125,6 +125,21 @@ NSS_LDAP_FILTER_MAX_SIZE, "(&(objectclass=%s))", _OC(schema, posixGroup)); + + snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVBYNAME], + NSS_LDAP_FILTER_MAX_SIZE, + "(&(objectclass=%s)(%s=%s)(%s=%s))", + _OC(schema, ipServices), _ATM(schema, SERVICES, cn), "%s", + _AT(schema, ipServiceProtocol), "%s"); + snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVBYPORT], + NSS_LDAP_FILTER_MAX_SIZE, + "(&(objectclass=%s)(%s=%s)(%s=%s))", + _OC(schema, ipServices), _AT(schema, ipServicePort), "%d", + _AT(schema, ipServiceProtocol), "%s"); + snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVENT], + NSS_LDAP_FILTER_MAX_SIZE, + "(objectclass=%s)", + _OC(schema, ipServices)); } void ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#5 (text+ko) ==== @@ -40,7 +40,8 @@ #define NSS_LDAP_MAP_NONE 0 #define NSS_LDAP_MAP_PASSWD 1 #define NSS_LDAP_MAP_GROUP 2 -#define NSS_LDAP_MAP_MAX 3 +#define NSS_LDAP_MAP_SERVICE 3 +#define NSS_LDAP_MAP_MAX 4 #define NSS_LDAP_FILTER_GETPWNAM 0 #define NSS_LDAP_FILTER_GETPWUID 1 @@ -48,7 +49,10 @@ #define NSS_LDAP_FILTER_GETGRNAM 3 #define NSS_LDAP_FILTER_GETGRGID 4 #define NSS_LDAP_FILTER_GETGRENT 5 -#define NSS_LDAP_FILTER_MAX_ID 6 +#define NSS_LDAP_FILTER_GETSERVBYNAME 6 +#define NSS_LDAP_FILTER_GETSERVBYPORT 7 +#define NSS_LDAP_FILTER_GETSERVENT 8 +#define NSS_LDAP_FILTER_MAX_ID 9 #define _AT(schema, at)\ (__nss_ldap_get_attribute(schema, NSS_LDAP_MAP_NONE, #at)) ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#4 (text+ko) ==== @@ -123,6 +123,7 @@ assert(ctx != NULL); + printf("%s %d\n", __FILE__, __LINE__); if (ctx->msgid == -1) { ctx->msg = NULL; return (0); @@ -134,6 +135,7 @@ rv = ldap_result( ctx->conn->ld, ctx->msgid, LDAP_MSG_ONE, &zerotime, &ctx->msg); + printf("%s %d %d %d\n", __FILE__, __LINE__, rv, LDAP_RES_SEARCH_ENTRY); switch (rv) { case -1: return (-1); @@ -310,6 +312,43 @@ } int +__nss_ldap_assign_rdn_str(struct nss_ldap_search_context *sctx, + char const *type, char **str, size_t *len, char *buf, size_t bufsize) +{ + char **values, **viter, *res, *rdn; + size_t type_len; + int rv; + + assert(rdn != NULL); + assert(type != NULL); + assert(str != NULL); + assert(len != NULL); + assert(buf != NULL); + + rdn = ldap_get_dn(sctx->conn->ld, sctx->msg); + if (rdn == NULL) + return (-1); + + rv = -1; + values = ldap_explode_rdn(rdn, 0); + if (values != NULL) { + type_len = strlen(type); + for (viter = values; *viter; ++viter) + if ((strncmp(*viter, type, type_len) == 0) && + (*(*viter + type_len) != '\0')) { + res = *viter + type_len + 1; + rv = __nss_ldap_assign_str(res, str, len, buf, + bufsize); + break; + } + + ldap_value_free(values); + } + + return (rv); +} + +int __nss_ldap_assign_attr_str(struct nss_ldap_search_context *ctx, char const *attr, char **str, size_t *len, char *buf, size_t bufsize) { @@ -360,7 +399,7 @@ char const *attr, char ***str_array, size_t *str_array_size, size_t *len, char *buf, size_t bufsize) { - char **values, **viter; + char **values, **viter, **siter; size_t size, valsize; int rv; @@ -372,38 +411,44 @@ assert(buf != NULL); values = (char **)ldap_get_values(ctx->conn->ld, ctx->msg, attr); - if (values == NULL) { - /* TODO: proper error handling */ - return (-1); - } + valsize = values == NULL ? 0 : ldap_count_values(values); + + siter = (char **)ALIGN(buf); + + *str_array = siter; + *str_array_size = valsize + 1; + *len = sizeof(char *) * (*str_array_size); - valsize = ldap_count_values(values); - - *str_array = (char **)ALIGN(buf); - *len = sizeof(char *) * valsize; - if ((char *)(*str_array) + *len > buf + bufsize) { + if ((char *)siter + *len > buf + bufsize) { /* TODO: proper error handling */ ldap_value_free(values); return (-1); } - buf = (char *)(*str_array) + (*len); - bufsize -= (*len); - - for (viter = values; *viter; ++viter, ++(*str_array)) { - rv = __nss_ldap_assign_str(*viter, *str_array, &size, - buf, bufsize); - if (rv == -1) { - /* TODO: proper error handling */ - ldap_value_free(values); - return (-1); + printf("== %s %d\n", __FILE__, __LINE__); + buf = (char *)siter + *len; + bufsize -= *len; + + printf("== %s %d\n", __FILE__, __LINE__); + if (values != NULL) { + for (viter = values; *viter; ++viter, ++siter) { + rv = __nss_ldap_assign_str(*viter, siter, &size, + buf, bufsize); + if (rv == -1) { + /* TODO: proper error handling */ + ldap_value_free(values); + return (-1); + } + + buf += size; + *len += size; + bufsize -= size; } - buf += size; - bufsize -= size; + ldap_value_free(values); } - - ldap_value_free(values); + + *siter = NULL; return (0); } @@ -496,38 +541,40 @@ char *pass; int rv; + pass = NULL; values = (char **)ldap_get_values(ctx->conn->ld, ctx->msg, attr); - if (values == NULL) - return (-1); - pass = NULL; - - /* NOTE: actually, we can insert a hook in the configuration file - * parser to avoid using strcmp() every time. But the approach - * below seems to be a bit cleaner */ - if (strcmp(attr, "userPassword") == 0) { - for (viter = values; *viter; ++viter) { - if (strncmp(*viter, "{CRYPT}", sizeof("{CRYPT}") - 1) == 0) { - pass = *viter + sizeof("{CRYPT}") - 1; - break; + if (values != NULL) { + /* NOTE: actually, we can insert a hook in the configuration file + * parser to avoid using strcmp() every time. But the approach + * below seems to be a bit cleaner */ + if (strcmp(attr, "userPassword") == 0) { + for (viter = values; *viter; ++viter) { + if (strncmp(*viter, "{CRYPT}", + sizeof("{CRYPT}") - 1) == 0) { + pass = *viter + sizeof("{CRYPT}") - 1; + break; + } } - } - } else if (strcmp(attr, "authPassword") == 0) { - for (viter = values; *viter; ++viter) { - if (strncmp(*viter, "CRYPT$", sizeof("CRYPT$") - 1) == 0) { - pass = *viter + sizeof("CRYPT$") - 1; - break; + } else if (strcmp(attr, "authPassword") == 0) { + for (viter = values; *viter; ++viter) { + if (strncmp(*viter, "CRYPT$", + sizeof("CRYPT$") - 1) == 0) { + pass = *viter + sizeof("CRYPT$") - 1; + break; + } } - } - } else - pass = *values; + } else + pass = *values; + } if (pass == NULL) - rv = -1; - else - rv = __nss_ldap_assign_str(pass, str, len, buf, bufsize); + pass = "*"; + + rv = __nss_ldap_assign_str(pass, str, len, buf, bufsize); - ldap_value_free(*values); + if (values != NULL) + ldap_value_free(values); return (rv); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#4 (text+ko) ==== @@ -63,7 +63,9 @@ void *mdata; char *buffer; - size_t bufsize; + size_t bufsize; + + int need_more; }; typedef struct nss_ldap_search_context *(*nss_ldap_start_search_fn)( @@ -109,6 +111,8 @@ extern int __nss_ldap_assign_str(char const *, char **, size_t *, char *, size_t); +extern int __nss_ldap_assign_rdn_str(struct nss_ldap_search_context *, + char const *, char **, size_t *, char *, size_t); extern int __nss_ldap_assign_attr_str(struct nss_ldap_search_context *, char const *, char **, size_t *, char *, size_t); extern int __nss_ldap_assign_attr_multi_str(struct nss_ldap_search_context *, ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#3 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#3 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#5 (text+ko) ==== @@ -105,16 +105,24 @@ switch (type) { case NSS_LDAP_FILTER_ARGS_STR: + case NSS_LDAP_FILTER_ARGS_STR_ANY: s = va_arg(ap, char *); rv = __nss_ldap_escape_string(s, str, sizeof(str)); if (rv == 0) { - rv = snprintf(buffer, bufsize, fmt, str); + if (type == NSS_LDAP_FILTER_ARGS_STR) + rv = snprintf(buffer, bufsize, fmt, str); + else + rv = snprintf(buffer, bufsize, fmt, str, "*"); rv = (rv >= bufsize) ? -1 : 0; } break; case NSS_LDAP_FILTER_ARGS_INT: - num = va_arg(ap, int); - rv = snprintf(buffer, bufsize, fmt, num); + case NSS_LDAP_FITLER_ARGS_INT_ANY: + num = va_arg(ap, int); + if (type == NSS_LDAP_FILTER_ARGS_INT) + rv = snprintf(buffer, bufsize, fmt, num); + else + rv = snprintf(buffer, bufsize, fmt, num, "*"); rv = (rv >= bufsize) ? -1 : 0; break; case NSS_LDAP_FILTER_ARGS_UID: @@ -127,9 +135,27 @@ rv = snprintf(buffer, bufsize, fmt, gid); rv = (rv >= bufsize) ? -1 : 0; break; - case NSS_LDAP_FILTER_ARGS_STR_INT: + case + case NSS_LDAP_FILTER_ARGS_INT_STR: + num = va_arg(ap, int); + s = va_arg(ap, char *); + rv = __nss_ldap_escape_string(s, str, sizeof(str)); + if (rv == 0) { + rv = snprintf(buffer, bufsize, fmt, num, str); + rv = (rv >= bufsize) ? -1 : 0; + } break; case NSS_LDAP_FILTER_ARGS_STR_STR: + s = va_arg(ap, char *); + rv = __nss_ldap_escape_string(s, str, sizeof(str)); + if (rv == 0) { + s = va_arg(ap, char *); + rv = __nss_ldap_escape_string(s, str2, sizeof(str2)); + if (rv == 0) { + rv = snprintf(buffer, bufsize, fmt, str, str2); + rv = (rv >= bufsize) ? -1 : 0; + } + } break; default: break; ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#5 (text+ko) ==== @@ -33,8 +33,10 @@ #define NSS_LDAP_FILTER_ARGS_INT 1 #define NSS_LDAP_FILTER_ARGS_UID 2 #define NSS_LDAP_FILTER_ARGS_GID 3 -#define NSS_LDAP_FILTER_ARGS_STR_INT 4 +#define NSS_LDAP_FILTER_ARGS_INT_STR 4 #define NSS_LDAP_FILTER_ARGS_STR_STR 5 +#define NSS_LDAP_FILTER_ARGS_STR_ANY 6 +#define NSS_LDAP_FILTER_ARGS_INT_ANY 7 extern int __nss_ldap_escape_string(char const *, char *, size_t); extern int __nss_ldap_format_filter(char const *, int, char *, size_t, ...); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#5 (text+ko) ==== @@ -31,8 +31,10 @@ #include <sys/types.h> #include <sys/stat.h> #include <assert.h> +#include <grp.h> +#include <ldap.h> +#include <netdb.h> #include <nsswitch.h> -#include <ldap.h> #include <pthread.h> #include <pwd.h> #include <stdio.h> @@ -46,6 +48,8 @@ #include "nss_ldap.h" #include "ldap_passwd.h" +#include "ldap_group.h" +#include "ldap_serv.h" #define NSS_LDAP_CONF_PATH "/etc/nss_ldap.conf" @@ -61,6 +65,18 @@ {NSDB_PASSWD_COMPAT, "getpwent_r", __ldap_passwd, (void *)nss_lt_all}, {NSDB_PASSWD_COMPAT, "endpwent", __ldap_setpwent, (void *)nss_end_ent}, {NSDB_PASSWD_COMPAT, "setpwent", __ldap_setpwent, (void *)nss_set_ent} +/* + {NSDB_GROUP, "getpwnam_r", __ldap_group, (void *)nss_lt_name}, + {NSDB_GROUP, "getpwuid_r", __ldap_group, (void *)nss_lt_id}, + {NSDB_GROUP, "getpwent_r", __ldap_group, (void *)nss_lt_all}, + {NSDB_GROUP, "endpwent", __ldap_setgrent, (void *)nss_end_ent}, + {NSDB_GROUP, "setpwent", __ldap_setgrent, (void *)nss_set_ent}, + + {NSDB_GROUP_COMPAT, "getpwnam_r", __ldap_group, (void *)nss_lt_name}, + {NSDB_GROUP_COMPAT, "getpwuid_r", __ldap_group, (void *)nss_lt_id}, + {NSDB_GROUP_COMPAT, "getpwent_r", __ldap_group, (void *)nss_lt_all}, + {NSDB_GROUP_COMPAT, "endpwent", __ldap_setgrent, (void *)nss_end_ent}, + {NSDB_GROUP_COMPAT, "setpwent", __ldap_setgrent, (void *)nss_set_ent},*/ }; static pthread_rwlock_t nss_ldap_lock = PTHREAD_RWLOCK_INITIALIZER; @@ -271,12 +287,24 @@ goto fin; } - rv = __nss_ldap_parse_next(search_method, pctx); - if (rv != 0) { - /* TODO: proper error handling */ - rv = NS_NOTFOUND; - goto fin; - } + do { + pctx->need_more = 0; + rv = __nss_ldap_parse_next(search_method, pctx); + if (rv != 0) { + /* TODO: proper error handling */ + rv = NS_NOTFOUND; + goto fin; + } + + if (pctx->need_more != 0) { + rv = __nss_ldap_search_next(search_method, sctx); + if (rv != 0) { + /* TODO: proper error handling */ + rv = NS_NOTFOUND; + goto fin; + } + } + } while (pctx->need_more != 0); rv = NS_SUCCESS; @@ -490,6 +518,8 @@ char buffer[1024]; struct passwd pwd, *res; + struct group grp, *g_res; + struct servent serv, *s_res; printf("making request with getpwnam\n"); rv = ldap_getpwnam_r("os", &pwd, buffer, sizeof(buffer), &res); if (rv != NS_SUCCESS) @@ -523,6 +553,69 @@ res->pw_shell, res->pw_uid); } } + + printf("iterating through groups\n"); + rv = NS_SUCCESS; + while (rv == NS_SUCCESS) { + rv = ldap_getgrent_r(&grp, buffer, sizeof(buffer), &g_res); + if (rv != NS_SUCCESS) + printf("failed\n"); + else { + printf("%s %s %d:\n\t", g_res->gr_name, + g_res->gr_passwd, g_res->gr_gid); + + char **cp; + for (cp = g_res->gr_mem; *cp; ++cp) + printf("%s ", *cp); + printf("\n"); + } + } + + printf("\n\niterating through groups (2nd try)\n"); + ldap_setgrent(); + rv = NS_SUCCESS; + while (rv == NS_SUCCESS) { + rv = ldap_getgrent_r(&grp, buffer, sizeof(buffer), &g_res); + if (rv != NS_SUCCESS) + printf("failed\n"); + else { + printf("%s %s %d:\n\t", g_res->gr_name, + g_res->gr_passwd, g_res->gr_gid); + + char **cp; + for (cp = g_res->gr_mem; *cp; ++cp) + printf("%s ", *cp); + printf("\n"); + } + } + + printf("\n\nmaking request with getgrnam\n"); + rv = ldap_getgrnam_r("domadmins", &grp, buffer, sizeof(buffer), &g_res); + if (rv != NS_SUCCESS) + printf("failed\n"); + else { + printf("%s %s %d:\n\t", g_res->gr_name, + g_res->gr_passwd, g_res->gr_gid); + + char **cp; + for (cp = g_res->gr_mem; *cp; ++cp) + printf("%s ", *cp); + printf("\n"); + } + + printf("\n\nmaking request with getservbyname\n"); + rv = ldap_getservbyname_r("ssh", &serv, buffer, sizeof(buffer), &s_res); + if (rv != NS_SUCCESS) + printf("failed\n"); + else { + printf("%s %s %d:\n\t", s_res->s_name, + s_res->s_proto, s_res->s_port); + + char **cp; + for (cp = s_res->s_aliases; *cp; ++cp) + printf("%s ", *cp); + printf("\n"); + } /* char buf[14]; struct nss_ldap_connection_method method; ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#5 (text+ko) ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607221926.k6MJQfeZ078073>