Date: Sun, 6 Aug 2006 18:17:37 GMT From: Michael Bushkov <bushman@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 103352 for review Message-ID: <200608061817.k76IHb1n005047@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=103352 Change 103352 by bushman@bushman_nss_ldap_cached on 2006/08/06 18:17:25 Testing of the SSL features made, after-fork-problems testing made, SASL testing made (not full yet) A lot of minor bugs fixed during testing. Thraded stress test is yet to go. Affected files ... .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#4 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#4 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#8 edit Differences ... ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#8 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#7 (text+ko) ==== @@ -192,7 +192,10 @@ int __ldap_setgrent(void *retval, void *mdata, va_list ap) { - + + if (__nss_ldap_configure() != NSS_LDAP_SUCCESS) + return (NS_UNAVAIL); + ldap_setgrent(); return (NS_UNAVAIL); } @@ -212,6 +215,9 @@ assert(mdata != NULL); + if (__nss_ldap_configure() != NSS_LDAP_SUCCESS) + return (NS_UNAVAIL); + switch ((enum nss_lookup_type)mdata) { case nss_lt_name: printf("GGG %s %d\n", __FILE__, __LINE__); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#7 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#8 (text+ko) ==== @@ -270,7 +270,9 @@ int __ldap_setpwent(void *retval, void *mdata, va_list ap) { - + if (__nss_ldap_configure() != NSS_LDAP_SUCCESS) + return (NS_UNAVAIL); + ldap_setpwent(); return (NS_UNAVAIL); } @@ -290,6 +292,9 @@ assert(mdata != NULL); + if (__nss_ldap_configure() != NSS_LDAP_SUCCESS) + return (NS_UNAVAIL); + switch ((enum nss_lookup_type)mdata) { case nss_lt_name: name = va_arg(ap, char *); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#8 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#4 (text+ko) ==== @@ -301,6 +301,8 @@ int __ldap_setservent(void *retval, void *mdata, va_list ap) { + if (__nss_ldap_configure() != NSS_LDAP_SUCCESS) + return (NS_UNAVAIL); ldap_setservent(); return (NS_UNAVAIL); @@ -320,6 +322,9 @@ assert(mdata != NULL); + if (__nss_ldap_configure() != NSS_LDAP_SUCCESS) + return (NS_UNAVAIL); + switch ((enum nss_lookup_type)mdata) { case nss_lt_name: name = va_arg(ap, char *); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#4 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#8 (text+ko) ==== @@ -85,6 +85,7 @@ static int get_yesno(const char *str, int *value) { + printf("getyes_no %s\n", str); if (strcmp(str, "yes") == 0) { *value = NSS_LDAP_OPTION_YES; return (NSS_LDAP_SUCCESS); @@ -157,7 +158,7 @@ conf->idle_timelimit = 0; conf->search_timelimit = 0; conf->reconnect_sleeptime = 4; - conf->max_reconnect_sleeptime = 64; + conf->max_reconnect_sleeptime = 8; conf->max_conntries = 5; conf->max_reconnect_conntries = 2; conf->deref = NSS_LDAP_DEREF_NEVER; @@ -167,12 +168,11 @@ conf->restart = 0; conf->debug = 0; - conf->root_bind_dn = conf->bind_dn = strdup(""); - assert(conf->bind_dn != NULL); - conf->root_bind_pw = conf->bind_pw = strdup(""); - assert(conf->bind_pw != NULL); - conf->root_sasl_authid = conf->sasl_authid = strdup(""); - assert(conf->sasl_authid != NULL); + conf->bind_dn = NULL; + conf->bind_pw = NULL; + conf->sasl_authid = NULL; + + conf->tls_checkpeer = NSS_LDAP_OPTION_DEFAULT; //__nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method); __nss_ldap_init_simple_auth_method(&conf->connection_method); @@ -437,19 +437,25 @@ } } else if (strcmp(fields[0], "restart") == 0) { if ((field_count == 2) && - (get_yesno(fields[2], &value) == - NSS_LDAP_SUCCESS)) + (get_yesno(fields[1], &value) == + NSS_LDAP_SUCCESS)) { conf->restart = value; + continue; + } } else if (strcmp(fields[0], "referrals") == 0) { if ((field_count == 2) && - (get_yesno(fields[2], &value) == - NSS_LDAP_SUCCESS)) + (get_yesno(fields[1], &value) == + NSS_LDAP_SUCCESS)) { conf->referrals = value; + continue; + } } else if (strcmp(fields[0], "rootuse_sasl") == 0) { if ((field_count == 2) && - (get_yesno(fields[2], &value) == - NSS_LDAP_SUCCESS)) + (get_yesno(fields[1], &value) == + NSS_LDAP_SUCCESS)) { conf->root_use_sasl = value; + continue; + } } else if (strcmp(fields[0], "rootsasl_auth_id") == 0) { if (field_count == 2) { free(conf->root_sasl_authid); @@ -480,6 +486,7 @@ conf->ssl_mode = NSS_LDAP_SSL_OFF; continue; } else if (strcmp(fields[1], "on") == 0) { + printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__); conf->ssl_mode = NSS_LDAP_SSL_ON; continue; } else if (strcmp(fields[1], "start_tls") == 0) { @@ -512,10 +519,13 @@ continue; } } else if (strcmp(fields[0], "tls_checkpeer") == 0) { + printf("field_count %d\n", field_count); if ((field_count == 2) && - (get_yesno(fields[2], &value) == - NSS_LDAP_SUCCESS)) + (get_yesno(fields[1], &value) == + NSS_LDAP_SUCCESS)) { conf->tls_checkpeer = value; + continue; + } } else if (strcmp(fields[0], "tls_cacertdir") == 0) { if (field_count == 2) { free(conf->tls_cacertdir); @@ -523,7 +533,8 @@ assert(conf->tls_cacertdir != NULL); continue; } - } else if (strcmp(fields[0], "tls_cacertfile") == 0) { + } else if ((strcmp(fields[0], "tls_cacertfile") == 0) || + (strcmp(fields[0], "tls_cacert") == 0)) { if (field_count == 2) { free(conf->tls_cacert); conf->tls_cacert = strdup(fields[1]); @@ -544,6 +555,13 @@ assert(conf->tls_ciphers); continue; } + } else if (strcmp(fields[0], "tls_cert") == 0) { + if (field_count == 2) { + free(conf->tls_cert); + conf->tls_cert = strdup(fields[1]); + assert(conf->tls_cert); + continue; + } } else if (strcmp(fields[0], "tls_key") == 0) { if (field_count == 2) { free(conf->tls_key); @@ -562,7 +580,7 @@ conf->uris = sl_init(); assert(conf->uris != NULL); - for (i = 1; i <= field_count; ++i) { + for (i = 1; i < field_count; ++i) { str = strdup(fields[i]); assert(str != NULL); rv = sl_add(conf->uris, str); @@ -570,6 +588,7 @@ /* TODO: write to logs */ } } + continue; } } break; @@ -580,6 +599,68 @@ res = NSS_LDAP_PARSE_ERROR; } fclose(fin); + + if (res == NSS_LDAP_SUCCESS) { + printf("%d -- conf->port\n", conf->port); + if ((conf->root_bind_dn == NULL) && + (conf->bind_dn != NULL)) { + conf->root_bind_dn = strdup(conf->bind_dn); + assert(conf->root_bind_dn != NULL); + } + + if ((conf->root_bind_pw == NULL) && + (conf->bind_pw != NULL)) { + conf->root_bind_pw = strdup(conf->bind_pw); + assert(conf->root_bind_pw != NULL); + } + + if ((conf->root_sasl_authid == NULL) && + (conf->sasl_authid != NULL)) { + conf->root_sasl_authid = strdup(conf->sasl_authid); + assert(conf->root_sasl_authid != NULL); + } + + printf("BBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCc %p\n", (void *)conf->sasl_authid); +#ifdef NSS_LDAP_SASL_AUTH_ENABLED + if (conf->sasl_authid == NULL) { +#endif + switch (conf->ssl_mode) { + case NSS_LDAP_SSL_OFF: + __nss_ldap_init_simple_auth_method( + &conf->connection_method); + break; + case NSS_LDAP_SSL_ON: + printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__); + __nss_ldap_init_ssl_simple_auth_method( + &conf->connection_method); + break; + case NSS_LDAP_SSL_START_TLS: + __nss_ldap_init_start_tls_simple_auth_method( + &conf->connection_method); + break; + default: + break; + } +#ifdef NSS_LDAP_SASL_AUTH_ENABLED + } else { + switch (conf->ssl_mode) { + case NSS_LDAP_SSL_OFF: + __nss_ldap_init_sasl_auth_method( + &conf->connection_method); + break; + case NSS_LDAP_SSL_ON: + __nss_ldap_init_ssl_sasl_auth_method( + &conf->connection_method); + break; + case NSS_LDAP_SSL_START_TLS: + __nss_ldap_init_start_tls_sasl_auth_method( + &conf->connection_method); + break; + } + } +#endif + } else + printf("CONFIG FAILED!\n"); return (res); } @@ -595,16 +676,13 @@ if (conf->uris != NULL) sl_free(conf->uris, 1); free(conf->base); - if (conf->root_bind_dn != conf->bind_dn) - free(conf->root_bind_dn); + free(conf->root_bind_dn); free(conf->bind_dn); - if (conf->root_bind_pw != conf->bind_pw) - free(conf->root_bind_pw); + free(conf->root_bind_pw); free(conf->bind_pw); free(conf->logdir); - if (conf->root_sasl_authid != conf->sasl_authid) - free(conf->root_sasl_authid); + free(conf->root_sasl_authid); free(conf->sasl_authid); free(conf->sasl_secprops); free(conf->krb5_ccname); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#8 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#8 (text+ko) ==== @@ -47,13 +47,8 @@ static int compare_sockaddr(struct sockaddr *, struct sockaddr *); static int check_connection_socket(struct nss_ldap_connection *); -static int child_fork(struct nss_ldap_connection *, +static int check_close_connection(struct nss_ldap_connection *, struct nss_ldap_configuration *, struct nss_ldap_connection_error *); -static int parent_fork(struct nss_ldap_connection *, - struct nss_ldap_configuration *, struct nss_ldap_connection_error *); -static int prepare_fork(struct nss_ldap_connection *, - struct nss_ldap_configuration *, struct nss_ldap_connection_error *); - static int set_ssl_options(struct nss_ldap_connection *, struct nss_ldap_configuration *); @@ -74,6 +69,11 @@ socklen_t socknamelen; socklen_t peernamelen; int rv; + + if (conn->sock_fd == -1) { + printf("check_connection_socket: %d\n", conn->sock_fd); + return (NSS_LDAP_SUCCESS); + } socknamelen = sizeof(conn->sockname); peernamelen = sizeof(conn->peername); @@ -86,10 +86,12 @@ if (rv == -1) return (-1); - return (((compare_sockaddr((struct sockaddr *)conn->sockname, + rv = ((compare_sockaddr((struct sockaddr *)conn->sockname, (struct sockaddr *)sockname) == 0) && (compare_sockaddr((struct sockaddr *)conn->peername, - (struct sockaddr *)peername) == 0)) ? 0 : -1); + (struct sockaddr *)peername) == 0)) ? 0 : -1; + printf("check_connection_socket %d\n", rv); + return (rv); } static int @@ -98,8 +100,9 @@ struct nss_ldap_connection_error conn_err; int dummy_fd, backup_fd, rv; + printf("close_lost_connection: sock_fd: %d\n", conn->sock_fd); if (conn->sock_fd == -1) - return (-1); + return (NSS_LDAP_CONNECTION_ERROR); backup_fd = -1; dummy_fd = socket(PF_LOCAL, SOCK_STREAM, 0); @@ -108,8 +111,10 @@ goto fin; } + printf("close_lost_connection: dummy_fd: %d\n", dummy_fd); if (dummy_fd != conn->sock_fd) { backup_fd = dup(conn->sock_fd); + printf("close_lost_connection: backup_fd: %d\n", backup_fd); dup2(dummy_fd, conn->sock_fd); close (conn->sock_fd); @@ -120,6 +125,7 @@ if (dummy_fd != conn->sock_fd) dup2(backup_fd, conn->sock_fd); + printf("close_lost_connection: sock_fd: %d\n", conn->sock_fd); fin: if (dummy_fd != -1) close(dummy_fd); @@ -128,55 +134,21 @@ return (rv); } -static int -child_fork(struct nss_ldap_connection *conn, - struct nss_ldap_configuration *conf, - struct nss_ldap_connection_error *conn_err) -{ -} - static int -parent_fork(struct nss_ldap_connection *conn, +check_close_connection(struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf, struct nss_ldap_connection_error *conn_err) { + int rv; + printf("nss_ldap: checking connection\n"); - if (check_connection_socket(conn) != 0) - return (close_lost_connection(conn)); - else - return (__nss_ldap_disconnect( - &__nss_ldap_conf->connection_method, - conn, conf, conn_err)); + if (check_connection_socket(conn) != 0) { + rv = close_lost_connection(conn); + return (NSS_LDAP_CONNECTION_ERROR); + } else + return (NSS_LDAP_SUCCESS); } -static int -prepare_fork(struct nss_ldap_connection *conn, - struct nss_ldap_configuration *conf, - struct nss_ldap_connection_error *conn_err) -{ - socklen_t socknamelen; - socklen_t peernamelen; - int off; - - if (conn->sock_fd == -1) - return (NSS_LDAP_GENERIC_ERROR); - - off = 0; - (void)setsockopt(conn->sock_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&off, - sizeof(off)); - (void)fcntl(conn->sock_fd, F_SETFD, FD_CLOEXEC); - - socknamelen = sizeof(conn->sockname); - peernamelen = sizeof(conn->peername); - (void)getsockname(conn->sock_fd, (struct sockaddr *)&conn->sockname, - &socknamelen); - (void)getpeername(conn->sock_fd, (struct sockaddr *)&conn->peername, - &peernamelen); - - /* TODO: we should probably play with return codes a bit */ - return (NSS_LDAP_SUCCESS); -} - static int set_ssl_options(struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf) @@ -184,7 +156,9 @@ int rv; rv = LDAP_SUCCESS; + printf("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa%s %d\n", __FILE__, __LINE__); if (conf->tls_rand != NULL) { + printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE, conf->tls_rand); if (rv != LDAP_SUCCESS) @@ -192,6 +166,7 @@ } if (conf->tls_cacert != NULL) { + printf("%s %d %s\n", __FILE__, __LINE__, conf->tls_cacert); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, conf->tls_cacert); if (rv != LDAP_SUCCESS) @@ -199,6 +174,7 @@ } if (conf->tls_cacertdir != NULL) { + printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, conf->tls_cacertdir); if (rv != LDAP_SUCCESS) @@ -206,6 +182,7 @@ } if (conf->tls_cert != NULL) { + printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, conf->tls_cert); if (rv != LDAP_SUCCESS) @@ -213,6 +190,7 @@ } if (conf->tls_ciphers != NULL) { + printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, conf->tls_ciphers); if (rv != LDAP_SUCCESS) @@ -220,6 +198,7 @@ } if (conf->tls_key != NULL) { + printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, conf->tls_key); if (rv != LDAP_SUCCESS) @@ -227,12 +206,14 @@ } if (conf->tls_checkpeer != NSS_LDAP_OPTION_DEFAULT) { + printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &conf->tls_checkpeer); if (rv != LDAP_SUCCESS) goto fin; } + printf("BBBBBBBBBBBBBBBBBBBBFFFFFFFFFFFFFFFF%s %d\n", __FILE__, __LINE__); fin: return (rv); } @@ -261,7 +242,8 @@ assert(conn != NULL); assert(conf != NULL); assert(err != NULL); - + + printf("%p\n", (void *)conf); return (method->auth_fn(conn, conf, err)); } @@ -278,49 +260,20 @@ return (method->disconnect_fn(conn, conf, err)); } - -int -__nss_ldap_prepare_fork(struct nss_ldap_connection_method *method, - struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf, - struct nss_ldap_connection_error *err) -{ - - assert(method != NULL); - assert(conn != NULL); - assert(conf != NULL); - assert(err != NULL); - - return (method->prepare_fork_fn(conn, conf, err)); -} int -__nss_ldap_parent_fork(struct nss_ldap_connection_method *method, +__nss_ldap_check_close_connection(struct nss_ldap_connection_method *method, struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf, struct nss_ldap_connection_error *err) { - assert(method != NULL); assert(conn != NULL); assert(conf != NULL); assert(err != NULL); - return (method->parent_fork_fn(conn, conf, err)); + return (method->check_close_fn(conn, conf, err)); } - -int -__nss_ldap_child_fork(struct nss_ldap_connection_method *method, - struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf, - struct nss_ldap_connection_error *err) -{ - - assert(method != NULL); - assert(conn != NULL); - assert(conf != NULL); - assert(err != NULL); - - return (method->child_fork_fn(conn, conf, err)); -} - + int __nss_ldap_attach_connection(struct nss_ldap_connection *conn, LDAP *ld) { @@ -370,10 +323,11 @@ struct nss_ldap_configuration *conf, struct nss_ldap_connection_error *err) { + LDAPURLDesc url; struct nss_ldap_connection *conn; + char *ldapuri; int opt, rv; - assert(conn != NULL); assert(conf != NULL); assert(err != NULL); @@ -381,13 +335,35 @@ struct nss_ldap_connection)); assert(conn != NULL); memset(conn, 0, sizeof(struct nss_ldap_connection)); - - conn->ld = (LDAP *)ldap_init(request->host, request->port); - if (conn->ld == NULL) { + + printf("aiosfuoasf %s %d\n", __FILE__, __LINE__); + if (request->uri == NULL) { + memset( &url, 0, sizeof(url)); + url.lud_scheme = request->scheme; + url.lud_host = request->host; + url.lud_port = request->port; + url.lud_scope = LDAP_SCOPE_DEFAULT; + ldapuri = ldap_url_desc2str(&url); + + if (ldapuri == NULL) { + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "cannot format the ldap URI"); + free(conn); + return (NULL); + } + + rv = ldap_initialize(&conn->ld, ldapuri); + free(ldapuri); + } else { + printf("aiosfuoasf %s %d %s\n", __FILE__, __LINE__, + request->uri); + rv = ldap_initialize(&conn->ld, request->uri); + } + + if (rv != NSS_LDAP_SUCCESS) { snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, - "ldap_init() error: %s\n", strerror(errno) - ); - err->err_num = errno; + "ldap_init() error: %s\n", ldap_err2string(rv)); + err->err_num = rv; free(conn); return (NULL); } @@ -467,11 +443,13 @@ /* TODO: write smth to logs */ } + conn->sock_fd = -2; rv = ldap_get_option(conn->ld, LDAP_OPT_DESC, &conn->sock_fd); if (rv != LDAP_SUCCESS) { conn->sock_fd = -1; /* TODO: write smth to logs */ } + printf("conn->sockfd %d %p\n", conn->sock_fd, (void *)conn->ld); rv = LDAP_SUCCESS; fin: @@ -479,6 +457,7 @@ err->err_num = rv; snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, "ldap_set_option() error: %s\n", ldap_err2string(rv)); + printf("err->description %s\n", err->description); ldap_unbind(conn->ld); free(conn); conn = NULL; @@ -497,11 +476,14 @@ char *matched_msg = NULL, *error_msg = NULL; char **referrals; LDAPControl **serverctrls; + char *err_str; struct timeval zerotime; char *bind_dn; char *bind_pw; + printf("%p\n", (void *)conf); + assert(conn != NULL); assert(conf != NULL); assert(err != NULL); @@ -523,10 +505,18 @@ /* If the returned message ID is less than zero, an error occurred. */ if ( msgid < 0 ) { /* NOTE: can't use ldap_result2error here */ - err->err_num = ldap_result2error(conn->ld, res, 0); + printf("aa%p\n", (void *)conf); + ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, + (void *)&err->err_num); + printf("aa%p\n", (void *)conf); + if (ldap_get_option(conn->ld, LDAP_OPT_ERROR_STRING, + (void *)&err_str) != LDAP_SUCCESS) + err_str = NULL; snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, - "ldap_simple_bind() error: %s\n", - ldap_err2string(err->err_num)); + "ldap_simple_bind() error: %s; %s\n", + ldap_err2string(err->err_num), + err_str == NULL ? "" : err_str); + printf("aa%p %s\n", (void *)conf, err->description); return (NSS_LDAP_CONNECTION_ERROR); } @@ -536,10 +526,16 @@ switch ( rc ) { /* If ldap_result() returns -1, error occurred. */ case -1: - err->err_num = ldap_result2error(conn->ld, res, 0); + ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, + (void *)&err->err_num); + if (ldap_get_option(conn->ld, LDAP_OPT_ERROR_STRING, + (void *)&err_str) != LDAP_SUCCESS) + err_str = NULL; snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, - "ldap_result() error: %s\n", - ldap_err2string(err->err_num)); + "ldap_result() error: %s; %s\n", + ldap_err2string(err->err_num), + err_str == NULL ? "" : err_str); + printf("---------------->> %s\n", err->description); return (NSS_LDAP_CONNECTION_ERROR); /* If ldap_result() returns 0, the timeout (specified by the @@ -634,6 +630,7 @@ method->connect_fn = __nss_ldap_simple_connect; method->auth_fn = __nss_ldap_simple_auth; method->disconnect_fn = __nss_ldap_simple_disconnect; + method->check_close_fn = check_close_connection; return (NSS_LDAP_SUCCESS); } @@ -653,11 +650,13 @@ if (conn == NULL) return (NULL); + printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__); opt = LDAP_OPT_X_TLS_HARD; rv = ldap_set_option(conn->ld, LDAP_OPT_X_TLS, &opt); if (rv != LDAP_SUCCESS) goto fin; + printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__); rv = set_ssl_options(conn, conf); if (rv != LDAP_SUCCESS) goto fin; @@ -676,11 +675,41 @@ } int -__nss_ldap_init_ssl_method(struct nss_ldap_connection_method *method) +__nss_ldap_init_ssl_simple_auth_method( + struct nss_ldap_connection_method *method) +{ + int rv; + assert(method != NULL); + + rv = __nss_ldap_init_simple_auth_method(method); + if (rv != NSS_LDAP_SUCCESS) + return (rv); + + /* Replacing standard connect routine with ssl-specific */ + method->connect_fn = __nss_ldap_ssl_connect; + + return (NSS_LDAP_SUCCESS); +} + +#ifdef NSS_LDAP_SASL_AUTH_ENABLED +int +__nss_ldap_init_ssl_sasl_auth_method( + struct nss_ldap_connection_method *method) { + int rv; + assert(method != NULL); + rv = __nss_ldap_init_sasl_auth_method(method); + if (rv != NSS_LDAP_SUCCESS) + return (rv); + + /* Replacing standard connect routine with start-tls specific */ + method->connect_fn = __nss_ldap_ssl_connect; + return (NSS_LDAP_SUCCESS); } +#endif /* NSS_LDAP_SASL_AUTH_ENABLED */ + #endif #if defined(NSS_LDAP_START_TLS_ENABLED) && defined(NSS_LDAP_SIMPLE_AUTH_ENABLED) @@ -783,6 +812,26 @@ return (NSS_LDAP_SUCCESS); } + +#ifdef NSS_LDAP_SASL_AUTH_ENABLED +int +__nss_ldap_init_start_tls_sasl_auth_method( + struct nss_ldap_connection_method *method) +{ + int rv; + assert(method != NULL); + + rv = __nss_ldap_init_sasl_auth_method(method); + if (rv != NSS_LDAP_SUCCESS) + return (rv); + + /* Replacing standard connect routine with start-tls specific */ + method->connect_fn = __nss_ldap_start_tls_connect; + + return (NSS_LDAP_SUCCESS); +} +#endif /* NSS_LDAP_SASL_AUTH_ENABLED */ + #endif #ifdef NSS_LDAP_SASL_AUTH_ENABLED @@ -816,6 +865,7 @@ if (interact_iter->result == NULL) return (LDAP_NO_MEMORY); #endif /* SASL_VERSION_MAJOR < 2 */ + interact_iter++; } return (LDAP_SUCCESS); @@ -827,7 +877,7 @@ struct nss_ldap_configuration *conf, struct nss_ldap_connection_error *err) { - char *pw, *dn; + char *pw, *dn, *err_str; int rv; /* Falling back to simple authentication if the config says so */ @@ -846,11 +896,37 @@ rv = ldap_sasl_interactive_bind_s(conn->ld, dn, "GSSAPI", NULL, NULL, LDAP_SASL_QUIET, nss_ldap_sasl_interact, pw); - if (rv != LDAP_SUCCESS) + if (rv != LDAP_SUCCESS) { + err->err_num = rv; + if (ldap_get_option(conn->ld, LDAP_OPT_ERROR_STRING, + (void *)&err_str) != LDAP_SUCCESS) + err_str = NULL; + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_sasl_interactive_bind_s() error: %s; %s\n", + ldap_err2string(err->err_num), + err_str == NULL ? "" : err_str); + printf("---------------->> %s\n", err->description); return (NSS_LDAP_CONNECTION_ERROR); + } /* TODO: implement support for krb5-ccname config option */ return (NSS_LDAP_SUCCESS); } + +int +__nss_ldap_init_sasl_auth_method(struct nss_ldap_connection_method *method) +{ + int rv; + assert(method != NULL); + + rv = __nss_ldap_init_simple_auth_method(method); + if (rv != NSS_LDAP_SUCCESS) + return (rv); + + /* Replacing standard auth routine with SASL-specific */ + method->auth_fn = __nss_ldap_sasl_auth; + + return (NSS_LDAP_SUCCESS); +} #endif ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#8 (text+ko) ==== @@ -45,19 +45,19 @@ struct nss_ldap_connection_request { + char *uri; /* if it is NULL, other fields are used */ + + char *scheme; char *host; - int port; + int port; }; struct nss_ldap_connection { LDAP *ld; - int conn_type; char sockname[NSS_LDAP_SOCK_NAME_SIZE]; char peername[NSS_LDAP_SOCK_NAME_SIZE]; int sock_fd; - - void *mdata; }; struct nss_ldap_connection_error @@ -75,18 +75,12 @@ typedef int (*nss_ldap_conn_op_fn)(struct nss_ldap_connection *, struct nss_ldap_configuration *, struct nss_ldap_connection_error *); -typedef int (*nss_ldap_conn_fork_fn)(struct nss_ldap_connection *, - struct nss_ldap_configuration *, struct nss_ldap_connection_error *); - struct nss_ldap_connection_method { nss_ldap_conn_fn connect_fn; nss_ldap_conn_op_fn auth_fn; nss_ldap_conn_op_fn disconnect_fn; - - nss_ldap_conn_fork_fn prepare_fork_fn; - nss_ldap_conn_fork_fn parent_fork_fn; - nss_ldap_conn_fork_fn child_fork_fn; + nss_ldap_conn_op_fn check_close_fn; }; extern struct nss_ldap_connection *__nss_ldap_connect( @@ -102,14 +96,8 @@ struct nss_ldap_connection *, struct nss_ldap_configuration *, struct nss_ldap_connection_error *); - -extern int __nss_ldap_prepare_fork(struct nss_ldap_connection_method *, - struct nss_ldap_connection *, struct nss_ldap_configuration *, - struct nss_ldap_connection_error *); -extern int __nss_ldap_parent_fork(struct nss_ldap_connection_method *, - struct nss_ldap_connection *, struct nss_ldap_configuration *, - struct nss_ldap_connection_error *); -extern int __nss_ldap_child_fork(struct nss_ldap_connection_method *, +extern int __nss_ldap_check_close_connection( + struct nss_ldap_connection_method *, struct nss_ldap_connection *, struct nss_ldap_configuration *, struct nss_ldap_connection_error *); @@ -130,11 +118,24 @@ struct nss_ldap_connection_method *); #endif +#ifdef NSS_LDAP_SASL_AUTH_ENABLED +extern int __nss_ldap_sasl_auth(struct nss_ldap_connection *, + struct nss_ldap_configuration *, struct nss_ldap_connection_error *); +extern int __nss_ldap_init_sasl_auth_method( + struct nss_ldap_connection_method *); +#endif + #ifdef NSS_LDAP_SSL_ENABLED extern struct nss_ldap_connection *__nss_ldap_ssl_connect( struct nss_ldap_connection_request *, struct nss_ldap_configuration *, struct nss_ldap_connection_error *); -#endif +extern int __nss_ldap_init_ssl_simple_auth_method( + struct nss_ldap_connection_method *s); +#ifdef NSS_LDAP_SASL_AUTH_ENABLED +extern int __nss_ldap_init_ssl_sasl_auth_method( + struct nss_ldap_connection_method *s); +#endif /* NSS_LDAP_SASL_AUTH_ENABLED */ +#endif /* NSS_LDAP_SSL_ENABLED */ #if defined(NSS_LDAP_START_TLS_ENABLED) && defined(NSS_LDAP_SIMPLE_AUTH_ENABLED) extern struct nss_ldap_connection *__nss_ldap_start_tls_connect( @@ -143,11 +144,10 @@ extern int __nss_ldap_init_start_tls_simple_auth_method( struct nss_ldap_connection_method *); -#endif +#ifdef NSS_LDAP_SASL_AUTH_ENABLED +extern int __nss_ldap_init_start_tls_sasl_auth_method( + struct nss_ldap_connection_method *); +#endif /* NSS_LDAP_SASL_AUTH_ENABLED */ +#endif /* NSS_LDAP_START_TLS_ENABLED && NSS_LDAP_SIMPLE_AUTH_ENABLED */ -#ifdef NSS_LDAP_SASL_AUTH_ENABLED -extern int __nss_ldap_sasl_auth(struct nss_ldap_connection *, - struct nss_ldap_configuration *, struct nss_ldap_connection_error *); -#endif - #endif /* _LDAPCONN_H_ */ ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#8 (text+ko) ==== >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608061817.k76IHb1n005047>