Date: Tue, 8 Aug 2006 19:19:02 GMT From: Michael Bushkov <bushman@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 103459 for review Message-ID: <200608081919.k78JJ2ea031858@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=103459 Change 103459 by bushman@bushman_nss_ldap_cached on 2006/08/08 19:18:12 Proper error logging implemented. All memory allocation errors are now properly handled (no more asserts there). Some other TODOs were fixed. Sources cleaned. The only stuff that is really untested to the moment is referrals. Affected files ... .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#9 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#9 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#9 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#9 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#8 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#10 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#10 edit Differences ... ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#10 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#9 (text+ko) ==== @@ -71,14 +71,12 @@ schema = &sctx->conf->schema; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_gid(sctx, _ATM(schema, GROUP, gidNumber), &grp->gr_gid); if (rv != NSS_LDAP_SUCCESS) goto errfin; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_rdn_str(sctx, _ATM(schema, GROUP, cn), &grp->gr_name, &len, buf, buflen); @@ -87,7 +85,6 @@ buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_password(sctx, _ATM(schema, GROUP, userPassword), &grp->gr_passwd, &len, buf, buflen); @@ -96,7 +93,6 @@ buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_multi_str(sctx, _ATM(schema, GROUP, memberUid), &grp->gr_mem, &memlen, &len, buf, buflen); @@ -105,8 +101,6 @@ buflen -= len; buf += len; - printf("%s %d\n", __FILE__, __LINE__); - errfin: return (rv); } @@ -220,15 +214,12 @@ switch ((enum nss_lookup_type)mdata) { case nss_lt_name: - printf("GGG %s %d\n", __FILE__, __LINE__); name = va_arg(ap, char *); break; case nss_lt_id: - printf("GGG %s %d\n", __FILE__, __LINE__); gid = va_arg(ap, gid_t); break; case nss_lt_all: - printf("GGG %s %d\n", __FILE__, __LINE__); break; default: /* CONSIDERED UNREACHABLE */ ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#9 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#10 (text+ko) ==== @@ -71,7 +71,6 @@ schema = &sctx->conf->schema; - printf("here %s %d %p\n", __FILE__, __LINE__, (void *)sctx); if ((__nss_ldap_check_oc(sctx, "shadowAccount") == NSS_LDAP_SUCCESS) || (geteuid() != 0)) rv = __nss_ldap_assign_str("*", &pwd->pw_dir, &len, buf, @@ -86,7 +85,6 @@ buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_str(sctx, _ATM(schema, PASSWD, uid), &pwd->pw_name, &len, buf, buflen); @@ -95,7 +93,6 @@ buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_str(sctx, _AT(schema, gecos), &pwd->pw_gecos, &len, buf, buflen); @@ -111,7 +108,6 @@ buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_str(sctx, _AT(schema, homeDirectory), &pwd->pw_dir, &len, buf, buflen); @@ -123,7 +119,6 @@ buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_str(sctx, _AT(schema, loginShell), &pwd->pw_shell, &len, buf, buflen); @@ -135,7 +130,6 @@ buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_str(sctx, _AT(schema, loginClass), &pwd->pw_class, &len, buf, buflen); @@ -147,7 +141,6 @@ buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_uid(sctx, _AT(schema, uidNumber), &pwd->pw_uid); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#10 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#6 (text+ko) ==== @@ -115,7 +115,10 @@ if (serv_mdata_ext == NULL) { serv_mdata_ext = (struct services_mdata_ext *)malloc( sizeof(struct services_mdata_ext)); - assert(serv_mdata_ext != NULL); + if (serv_mdata_ext == NULL) { + rv = NSS_LDAP_MEMORY_ERROR; + goto errfin; + } serv_mdata_ext->offset = -1; serv_mdata_ext->count = 0; @@ -187,7 +190,6 @@ nss_ldap_destroy_servent(struct nss_ldap_parse_context *pctx) { - printf("SAFDASPIFO UASFIOOASUIFIOAS FUOAISFUI OAUSFIOASUF!!!!!!!!!here - %s %d\n", __FILE__, __LINE__); assert(pctx != NULL); free(pctx->mdata_ext); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#6 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#10 (text+ko) ==== @@ -30,6 +30,7 @@ #include <sys/types.h> #include <assert.h> +#include <errno.h> #include <ldap.h> #include <stdio.h> #include <stdlib.h> @@ -85,11 +86,10 @@ static int get_yesno(const char *str, int *value) { - printf("getyes_no %s\n", str); - if (strcmp(str, "yes") == 0) { + if ((strcmp(str, "yes") == 0) || (strcmp(str, "true") == 0)) { *value = NSS_LDAP_OPTION_YES; return (NSS_LDAP_SUCCESS); - } else if (strcmp(str, "no") == 0) { + } else if ((strcmp(str, "no") == 0) || (strcmp(str, "false") == 0)) { *value = NSS_LDAP_OPTION_NO; return (NSS_LDAP_SUCCESS); } @@ -152,7 +152,7 @@ conf->port = LDAP_PORT; conf->proto_version = NSS_LDAP_PROTO_VERSION_3; - conf->ssl_mode = NSS_LDAP_SSL_OFF;//NSS_LDAP_SSL_START_TLS; + conf->ssl_mode = NSS_LDAP_SSL_OFF; conf->search_limit = 0; conf->bind_timelimit = 30; conf->idle_timelimit = 0; @@ -168,13 +168,8 @@ conf->restart = 0; conf->debug = 0; - conf->bind_dn = NULL; - conf->bind_pw = NULL; - conf->sasl_authid = NULL; - conf->tls_checkpeer = NSS_LDAP_OPTION_DEFAULT; - //__nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method); __nss_ldap_init_simple_auth_method(&conf->connection_method); __nss_ldap_init_default_search_method(&conf->search_method); __nss_ldap_init_default_tls_method(&conf->tls_method); @@ -193,50 +188,50 @@ assert(conf != NULL); assert(fname != NULL); - printf("fname: %s %d\n", fname, conf->proto_version); fin = fopen(fname, "r"); - if (fin == NULL) + if (fin == NULL) { + snprintf(err->buffer, sizeof(err->buffer), "can't open " + "configuration file '%s': %s", fname, strerror(errno)); + err->line = -1; return (NSS_LDAP_GENERIC_ERROR); + } res = NSS_LDAP_SUCCESS; line_num = 0; memset(buffer, 0, sizeof(buffer)); - while ((res == 0) && (fgets(buffer, sizeof(buffer) - 1, fin) != NULL)) { - printf("buffer: %s\n", buffer); + while ((res == NSS_LDAP_SUCCESS) && + (fgets(buffer, sizeof(buffer) - 1, fin) != NULL)) { field_count = strbreak(buffer, fields, sizeof(fields)); - ++line_num; - + ++line_num; if (field_count == 0) continue; switch (fields[0][0]) { case '#': - case '\0': - printf("== %s, %d ==\n", __FILE__, __LINE__); + case '\0': continue; - case 'b': - printf("== %s, %d ==\n", __FILE__, __LINE__); + case 'b': if (strcmp(fields[0], "base") == 0) { if (field_count == 2) { free(conf->base); conf->base = strdup(fields[1]); - assert(conf->base != NULL); - continue; + if (conf->base != NULL) + continue; } } else if (strcmp(fields[0], "binddn") == 0) { if (field_count == 2) { free(conf->bind_dn); conf->bind_dn = strdup(fields[1]); - assert(conf->bind_dn != NULL); - continue; + if (conf->bind_dn != NULL) + continue; } } else if (strcmp(fields[0], "bindpw") == 0) { if (field_count == 2) { free(conf->bind_pw); conf->bind_pw = strdup(fields[1]); - assert(conf->bind_pw != NULL); - continue; + if (conf->bind_pw != NULL) + continue; } } else if (strcmp(fields[0], "bind_timelimit") == 0) { if ((field_count == 2) && @@ -290,25 +285,28 @@ } } break; - case 'h': - printf("== %s, %d ==\n", __FILE__, __LINE__); + case 'h': if (strcmp(fields[0], "host") == 0) { if (field_count >= 2) { if (conf->hosts != NULL) sl_free(conf->hosts, 1); conf->hosts = sl_init(); - assert(conf->hosts != NULL); - - for (i = 1; i < field_count; ++i) { - str = strdup(fields[i]); - assert(str != NULL); - rv = sl_add(conf->hosts, str); - if (rv != 0) { - /* TODO: write to logs */ + if (conf->hosts != NULL) { + rv = 0; + for (i = 1; i < field_count; ++i) { + str = strdup(fields[i]); + if (str == NULL) { + rv = -1; + break; + } + rv = sl_add(conf->hosts, str); + if (rv != 0) + break; } + if (rv == 0); + continue; } - continue; } } break; @@ -327,13 +325,12 @@ if (field_count == 2) { free(conf->krb5_ccname); conf->krb5_ccname = strdup(fields[1]); - assert(conf->krb5_ccname != NULL); - continue; + if (conf->krb5_ccname != NULL) + continue; } } break; - case 'l': - printf("== %s, %d ==\n", __FILE__, __LINE__); + case 'l': /* NOTE: we'd probably better use * NSS_LDAP_PROTO_VERSION_2 and * NSS_LDAP_PROTO_VERSION_3 constants here */ @@ -348,13 +345,12 @@ if (field_count == 2) { free(conf->logdir); conf->logdir = strdup(fields[1]); - assert(conf->logdir); - continue; + if (conf->logdir != NULL) + continue; } } break; - case 'n': - printf("== %s, %d ==\n", __FILE__, __LINE__); + case 'n': if (strncmp(fields[0], NSS_BASE_PREFIX, NSS_BASE_PREFIX_SIZE) == 0) { @@ -408,8 +404,7 @@ } } break; - case 'p': - printf("== %s, %d ==\n", __FILE__, __LINE__); + case 'p': if (strcmp(fields[0], "port") == 0) { if ((field_count == 2) && (get_number(fields[1], 0, -1, &value) == @@ -419,21 +414,20 @@ } } break; - case 'r': - printf("== %s, %d ==\n", __FILE__, __LINE__); + case 'r': if (strcmp(fields[0], "rootbinddn") == 0) { if (field_count == 2) { free(conf->root_bind_dn); conf->root_bind_dn = strdup(fields[1]); - assert(conf->root_bind_dn != NULL); - continue; + if (conf->root_bind_dn != NULL) + continue; } } else if (strcmp(fields[0], "rootbindpw") == 0) { if (field_count == 2) { free(conf->root_bind_pw); conf->root_bind_pw = strdup(fields[1]); - assert(conf->root_bind_pw != NULL); - continue; + if (conf->root_bind_pw != NULL) + continue; } } else if (strcmp(fields[0], "restart") == 0) { if ((field_count == 2) && @@ -460,13 +454,12 @@ if (field_count == 2) { free(conf->root_sasl_authid); conf->root_sasl_authid = strdup(fields[1]); - assert(conf->root_sasl_authid != NULL); - continue; + if (conf->root_sasl_authid != NULL) + continue; } } break; - case 's': - printf("== %s, %d ==\n", __FILE__, __LINE__); + case 's': if (strcmp(fields[0], "scope") == 0) { if (field_count == 2) { if (strcmp(fields[1], "sub") == 0) { @@ -485,8 +478,7 @@ if (strcmp(fields[1], "off") == 0) { conf->ssl_mode = NSS_LDAP_SSL_OFF; continue; - } else if (strcmp(fields[1], "on") == 0) { - printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__); + } else if (strcmp(fields[1], "on") == 0) { conf->ssl_mode = NSS_LDAP_SSL_ON; continue; } else if (strcmp(fields[1], "start_tls") == 0) { @@ -498,15 +490,15 @@ if (field_count == 2) { free(conf->sasl_authid); conf->sasl_authid = strdup(fields[1]); - assert(conf->sasl_authid != NULL); - continue; + if (conf->sasl_authid != NULL) + continue; } } else if (strcmp(fields[0], "sasl_secprops") == 0) { if (field_count == 2) { free(conf->sasl_secprops); conf->sasl_secprops = strdup(fields[1]); - assert(conf->sasl_secprops != NULL); - continue; + if (conf->sasl_secprops != NULL) + continue; } } break; @@ -518,8 +510,7 @@ conf->search_timelimit = value; continue; } - } else if (strcmp(fields[0], "tls_checkpeer") == 0) { - printf("field_count %d\n", field_count); + } else if (strcmp(fields[0], "tls_checkpeer") == 0) { if ((field_count == 2) && (get_yesno(fields[1], &value) == NSS_LDAP_SUCCESS)) { @@ -530,65 +521,70 @@ if (field_count == 2) { free(conf->tls_cacertdir); conf->tls_cacertdir = strdup(fields[1]); - assert(conf->tls_cacertdir != NULL); - continue; + if (conf->tls_cacertdir != NULL) + continue; } } else if ((strcmp(fields[0], "tls_cacertfile") == 0) || (strcmp(fields[0], "tls_cacert") == 0)) { if (field_count == 2) { free(conf->tls_cacert); conf->tls_cacert = strdup(fields[1]); - assert(conf->tls_cacert != NULL); - continue; + if (conf->tls_cacert != NULL) + continue; } } else if (strcmp(fields[0], "tls_randfile") == 0) { if (field_count == 2) { free(conf->tls_rand); conf->tls_rand = strdup(fields[1]); - assert(conf->tls_rand); - continue; + if (conf->tls_rand != NULL) + continue; } } else if (strcmp(fields[0], "tls_ciphers") == 0) { if (field_count == 2) { free(conf->tls_ciphers); conf->tls_ciphers = strdup(fields[1]); - assert(conf->tls_ciphers); - continue; + if (conf->tls_ciphers != NULL) + continue; } } else if (strcmp(fields[0], "tls_cert") == 0) { if (field_count == 2) { free(conf->tls_cert); conf->tls_cert = strdup(fields[1]); - assert(conf->tls_cert); - continue; + if (conf->tls_cert != NULL) + continue; } } else if (strcmp(fields[0], "tls_key") == 0) { if (field_count == 2) { free(conf->tls_key); conf->tls_key = strdup(fields[1]); - assert(conf->tls_key); - continue; + if (conf->tls_key != NULL) + continue; } } break; case 'u': if (strcmp(fields[0], "uri") == 0) { if (field_count >= 2) { - if (conf->uris != NULL) - sl_free(conf->uris, 1); + if (conf->uris != NULL) + sl_free(conf->uris, 1); - conf->uris = sl_init(); - assert(conf->uris != NULL); - + conf->uris = sl_init(); + if (conf->uris != NULL) { + rv = 0; for (i = 1; i < field_count; ++i) { str = strdup(fields[i]); - assert(str != NULL); + if (str == NULL) { + rv = -1; + break; + } rv = sl_add(conf->uris, str); - if (rv != 0) { - /* TODO: write to logs */ - } + if (rv != 0) + break; } - continue; + + if (rv == 0) + continue; + } } } else if (strcmp(fields[0], "use_sasl") == 0) { if ((field_count == 2) && @@ -607,27 +603,28 @@ } fclose(fin); - if (res == NSS_LDAP_SUCCESS) { - printf("%d -- conf->port\n", conf->port); + if (res == NSS_LDAP_SUCCESS) { if ((conf->root_bind_dn == NULL) && (conf->bind_dn != NULL)) { conf->root_bind_dn = strdup(conf->bind_dn); - assert(conf->root_bind_dn != NULL); + if (conf->root_bind_dn == NULL) + res = NSS_LDAP_MEMORY_ERROR; } if ((conf->root_bind_pw == NULL) && (conf->bind_pw != NULL)) { conf->root_bind_pw = strdup(conf->bind_pw); - assert(conf->root_bind_pw != NULL); + if (conf->root_bind_pw == NULL) + res = NSS_LDAP_MEMORY_ERROR; } if ((conf->root_sasl_authid == NULL) && (conf->sasl_authid != NULL)) { conf->root_sasl_authid = strdup(conf->sasl_authid); - assert(conf->root_sasl_authid != NULL); + if (conf->root_sasl_authid == NULL) + res = NSS_LDAP_MEMORY_ERROR; } - - printf("BBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCc %p\n", (void *)conf->sasl_authid); + #ifdef NSS_LDAP_SASL_AUTH_ENABLED if (conf->use_sasl == 0) { #endif @@ -636,8 +633,7 @@ __nss_ldap_init_simple_auth_method( &conf->connection_method); break; - case NSS_LDAP_SSL_ON: - printf("BBBBBBBBBBBBBBBBBBBB%s %d\n", __FILE__, __LINE__); + case NSS_LDAP_SSL_ON: __nss_ldap_init_ssl_simple_auth_method( &conf->connection_method); break; @@ -663,11 +659,16 @@ __nss_ldap_init_start_tls_sasl_auth_method( &conf->connection_method); break; + default: + break; } } #endif - } else - printf("CONFIG FAILED!\n"); + } else { + snprintf(err->buffer, sizeof(err->buffer), "parse error in " + "configuration file '%s'", fname, line_num); + err->line = line_num; + } return (res); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#10 (text+ko) ==== @@ -31,9 +31,9 @@ #include <stringlist.h> -#define NSS_LDAP_SCOPE_SUB 0 -#define NSS_LDAP_SCOPE_ONE 1 -#define NSS_LDAP_SCOPE_BASE 2 +#define NSS_LDAP_SCOPE_SUB LDAP_SCOPE_SUB +#define NSS_LDAP_SCOPE_ONE LDAP_SCOPE_ONE +#define NSS_LDAP_SCOPE_BASE LDAP_SCOPE_BASE #define NSS_LDAP_DEREF_NEVER 0 #define NSS_LDAP_DEREF_FINDING 1 ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#10 (text+ko) ==== @@ -70,10 +70,8 @@ socklen_t peernamelen; int rv; - if (conn->sock_fd == -1) { - printf("check_connection_socket: %d\n", conn->sock_fd); + if (conn->sock_fd == -1) return (NSS_LDAP_SUCCESS); - } socknamelen = sizeof(conn->sockname); peernamelen = sizeof(conn->peername); @@ -90,7 +88,7 @@ (struct sockaddr *)sockname) == 0) && (compare_sockaddr((struct sockaddr *)conn->peername, (struct sockaddr *)peername) == 0)) ? 0 : -1; - printf("check_connection_socket %d\n", rv); + return (rv); } @@ -100,7 +98,6 @@ struct nss_ldap_connection_error conn_err; int dummy_fd, backup_fd, rv; - printf("close_lost_connection: sock_fd: %d\n", conn->sock_fd); if (conn->sock_fd == -1) return (NSS_LDAP_CONNECTION_ERROR); @@ -111,12 +108,9 @@ goto fin; } - printf("close_lost_connection: dummy_fd: %d\n", dummy_fd); if (dummy_fd != conn->sock_fd) { backup_fd = dup(conn->sock_fd); - printf("close_lost_connection: backup_fd: %d\n", backup_fd); - dup2(dummy_fd, conn->sock_fd); - + dup2(dummy_fd, conn->sock_fd); close (conn->sock_fd); } memset(&conn_err, 0, sizeof(struct nss_ldap_connection_error)); @@ -125,7 +119,6 @@ if (dummy_fd != conn->sock_fd) dup2(backup_fd, conn->sock_fd); - printf("close_lost_connection: sock_fd: %d\n", conn->sock_fd); fin: if (dummy_fd != -1) close(dummy_fd); @@ -140,7 +133,6 @@ struct nss_ldap_connection_error *conn_err) { int rv; - printf("nss_ldap: checking connection\n"); if (check_connection_socket(conn) != 0) { rv = close_lost_connection(conn); @@ -156,64 +148,83 @@ int rv; rv = LDAP_SUCCESS; - printf("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa%s %d\n", __FILE__, __LINE__); if (conf->tls_rand != NULL) { - printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE, conf->tls_rand); - if (rv != LDAP_SUCCESS) + if (rv != LDAP_SUCCESS) { + __nss_ldap_log(NSS_LDAP_LL_WARN, + "set_ssl_options failed: LDAP_OPT_X_TLS_RANDOM_FILE" + " can't be set"); goto fin; + } } if (conf->tls_cacert != NULL) { - printf("%s %d %s\n", __FILE__, __LINE__, conf->tls_cacert); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, conf->tls_cacert); - if (rv != LDAP_SUCCESS) + if (rv != LDAP_SUCCESS) { + __nss_ldap_log(NSS_LDAP_LL_WARN, + "set_ssl_options failed: LDAP_OPT_X_TLS_CACERTFILE" + " can't be set"); goto fin; + } } if (conf->tls_cacertdir != NULL) { - printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, conf->tls_cacertdir); - if (rv != LDAP_SUCCESS) + if (rv != LDAP_SUCCESS) { + __nss_ldap_log(NSS_LDAP_LL_WARN, + "set_ssl_options failed: LDAP_OPT_X_TLS_CACERTDIR" + " can't be set"); goto fin; + } } if (conf->tls_cert != NULL) { - printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, conf->tls_cert); - if (rv != LDAP_SUCCESS) + if (rv != LDAP_SUCCESS) { + __nss_ldap_log(NSS_LDAP_LL_WARN, + "set_ssl_options failed: LDAP_OPT_X_TLS_CERTFILE" + " can't be set"); goto fin; + } } if (conf->tls_ciphers != NULL) { - printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, conf->tls_ciphers); - if (rv != LDAP_SUCCESS) + if (rv != LDAP_SUCCESS) { + __nss_ldap_log(NSS_LDAP_LL_WARN, + "set_ssl_options failed: " + "LDAP_OPT_X_TLS_CIPHER_SUITE can't be set"); goto fin; + } } if (conf->tls_key != NULL) { - printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, conf->tls_key); - if (rv != LDAP_SUCCESS) + if (rv != LDAP_SUCCESS) { + __nss_ldap_log(NSS_LDAP_LL_WARN, + "set_ssl_options failed: LDAP_OPT_X_TLS_KEYFILE" + " can't be set"); goto fin; + } } if (conf->tls_checkpeer != NSS_LDAP_OPTION_DEFAULT) { - printf("%s %d\n", __FILE__, __LINE__); rv = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &conf->tls_checkpeer); - if (rv != LDAP_SUCCESS) + if (rv != LDAP_SUCCESS) { + __nss_ldap_log(NSS_LDAP_LL_WARN, + "set_ssl_options failed: " + "LDAP_OPT_X_TLS_REQUIRE_CERT can't be set"); goto fin; + } } - printf("BBBBBBBBBBBBBBBBBBBBFFFFFFFFFFFFFFFF%s %d\n", __FILE__, __LINE__); fin: return (rv); } @@ -243,7 +254,6 @@ assert(conf != NULL); assert(err != NULL); - printf("%p\n", (void *)conf); return (method->auth_fn(conn, conf, err)); } @@ -305,17 +315,23 @@ struct nss_ldap_connection_error conn_err; int rv; - __nss_ldap_attach_connection(&tmp_conn, ld); + __nss_ldap_log(NSS_LDAP_LL_DEBUG_INT, + "ldap_simple_rebind_proc called"); + __nss_ldap_attach_connection(&tmp_conn, ld); memset(&conn_err, 0, sizeof(struct nss_ldap_connection_error)); rv = __nss_ldap_auth(&__nss_ldap_conf->connection_method, &tmp_conn, __nss_ldap_conf, &conn_err); + __nss_ldap_detach_connection(&tmp_conn); if (rv == NSS_LDAP_SUCCESS) return (LDAP_SUCCESS); - else + else { + __nss_ldap_log(NSS_LDAP_LL_DEBUG_INT, + "ldap_simple_rebind_proc failed"); return (LDAP_AUTH_UNKNOWN); + } } struct nss_ldap_connection * @@ -333,10 +349,14 @@ conn = (struct nss_ldap_connection *)malloc(sizeof( struct nss_ldap_connection)); - assert(conn != NULL); + if (conn == NULL) { + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "malloc() error: %s\n", ldap_err2string(rv)); + err->err_num = errno; + return (NULL); + } memset(conn, 0, sizeof(struct nss_ldap_connection)); - printf("aiosfuoasf %s %d\n", __FILE__, __LINE__); if (request->uri == NULL) { memset( &url, 0, sizeof(url)); url.lud_scheme = request->scheme; @@ -348,18 +368,14 @@ if (ldapuri == NULL) { snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, "cannot format the ldap URI"); - printf("911 %s\n", err->description); free(conn); return (NULL); } rv = ldap_initialize(&conn->ld, ldapuri); free(ldapuri); - } else { - printf("aiosfuoasf %s %d %s\n", __FILE__, __LINE__, - request->uri); + } else rv = ldap_initialize(&conn->ld, request->uri); - } if (rv != NSS_LDAP_SUCCESS) { snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, @@ -381,7 +397,6 @@ break; } - printf("ldap_version: %d\n", conf->proto_version); rv = ldap_set_option(conn->ld, LDAP_OPT_PROTOCOL_VERSION, &opt); if (rv != LDAP_SUCCESS) @@ -422,35 +437,43 @@ rv = ldap_set_option(conn->ld, LDAP_OPT_RESTART, &conf->restart); if (rv != LDAP_SUCCESS) { - /* TODO: write smth to logs */ + __nss_ldap_log(NSS_LDAP_LL_WARN, + "__nss_ldap_simple_connect: LDAP_OPT_RESTART" + " can't be set"); } } opt = conf->bind_timelimit == 0 ? LDAP_NO_LIMIT : conf->bind_timelimit; rv = ldap_set_option(conn->ld, LDAP_OPT_NETWORK_TIMEOUT, &opt); if (rv != LDAP_SUCCESS) { - /* TODO: write smth to logs */ + __nss_ldap_log(NSS_LDAP_LL_WARN, + "__nss_ldap_simple_connect: LDAP_OPT_NETWORK_TIMEOUT" + " can't be set"); } opt = conf->search_timelimit == 0 ? LDAP_NO_LIMIT : conf->search_timelimit; rv = ldap_set_option(conn->ld, LDAP_OPT_TIMELIMIT, &opt); if (rv != LDAP_SUCCESS) { - /* TODO: write smth to logs */ + __nss_ldap_log(NSS_LDAP_LL_WARN, + "__nss_ldap_simple_connect: LDAP_OPT_TIMELIMIT" + " can't be set"); } rv = ldap_set_rebind_proc(conn->ld, ldap_simple_rebind_proc, NULL); if (rv != LDAP_SUCCESS) { - /* TODO: write smth to logs */ + __nss_ldap_log(NSS_LDAP_LL_WARN, + "__nss_ldap_simple_connect: ldap_set_rebind_proc failed"); } conn->sock_fd = -2; rv = ldap_get_option(conn->ld, LDAP_OPT_DESC, &conn->sock_fd); if (rv != LDAP_SUCCESS) { conn->sock_fd = -1; - /* TODO: write smth to logs */ + __nss_ldap_log(NSS_LDAP_LL_DEBUG_INT, + "__nss_ldap_simple_connect: LDAP_OPT_DESC" + " can't be retrieved"); } - printf("conn->sockfd %d %p\n", conn->sock_fd, (void *)conn->ld); rv = LDAP_SUCCESS; fin: @@ -458,10 +481,12 @@ err->err_num = rv; snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, "ldap_set_option() error: %s\n", ldap_err2string(rv)); - printf("err->description %s\n", err->description); ldap_unbind(conn->ld); free(conn); conn = NULL; + + __nss_ldap_log(NSS_LDAP_LL_ERR_INT, + "__nss_ldap_simple_connect failed"); } return (conn); @@ -483,8 +508,6 @@ char *bind_dn; char *bind_pw; - printf("%p\n", (void *)conf); - assert(conn != NULL); assert(conf != NULL); assert(err != NULL); @@ -494,22 +517,18 @@ else bind_dn = conf->root_bind_dn; - /* TODO: maybe we should have root_bind_pw? */ - bind_pw = conf->bind_pw; - - printf("bind_dn: %s, bind_pw: %s\n", bind_dn, bind_pw); - + if (geteuid() != 0) + bind_pw = conf->bind_pw; + else + bind_pw = conf->root_bind_pw; /* Send an LDAP bind request to the server. */ msgid = ldap_simple_bind(conn->ld, bind_dn, bind_pw); /* If the returned message ID is less than zero, an error occurred. */ if ( msgid < 0 ) { - /* NOTE: can't use ldap_result2error here */ - printf("aa%p\n", (void *)conf); ldap_get_option(conn->ld, LDAP_OPT_ERROR_NUMBER, (void *)&err->err_num); - printf("aa%p\n", (void *)conf); if (ldap_get_option(conn->ld, LDAP_OPT_ERROR_STRING, (void *)&err_str) != LDAP_SUCCESS) err_str = NULL; @@ -517,14 +536,14 @@ "ldap_simple_bind() error: %s; %s\n", ldap_err2string(err->err_num), err_str == NULL ? "" : err_str); - printf("aa%p %s\n", (void *)conf, err->description); + __nss_ldap_log(NSS_LDAP_LL_ERR_INT, + "__nss_ldap_simple_auth failed on ldap_simple_bind"); return (NSS_LDAP_CONNECTION_ERROR); } /* Check to see if the bind operation completed. */ memset(&zerotime, 0, sizeof(zerotime)); while ( !finished ) { - printf("FIININISHED %d %d %d %p\n", finished, rc, msgid, (void *)conn->ld); res = NULL; rc = ldap_result( conn->ld, msgid, 1, &zerotime, &res ); switch ( rc ) { @@ -539,7 +558,8 @@ "ldap_result() error: %s; %s\n", ldap_err2string(err->err_num), >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608081919.k78JJ2ea031858>