Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 Jul 2006 19:06:27 GMT
From:      Michael Bushkov <bushman@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 102872 for review
Message-ID:  <200607311906.k6VJ6RZ8060126@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=102872

Change 102872 by bushman@bushman_nss_ldap_cached on 2006/07/31 19:05:39

	"passwd", "services" and "group" sources are fully implemented in terms of RFC2307
	+ several fixes

Affected files ...

.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#2 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#2 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#5 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#4 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#4 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#6 edit
.. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#6 edit

Differences ...

==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#6 (text+ko) ====


==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#5 (text+ko) ====

@@ -65,14 +65,14 @@
 	rv = __nss_ldap_assign_attr_gid(sctx,
 		_ATM(schema, GROUP, gidNumber),
 		&grp->gr_gid);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	
 	printf("==> %d %s\n", __LINE__, __FILE__);
 	rv = __nss_ldap_assign_rdn_str(sctx, 
 		_ATM(schema, GROUP, cn),
 		&grp->gr_name, &len, buf, buflen);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	buflen -= len;
 	buf += len;
@@ -81,7 +81,7 @@
 	rv = __nss_ldap_assign_attr_password(sctx,
 		_ATM(schema, GROUP, userPassword),
 		&grp->gr_passwd, &len, buf, buflen);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	buflen -= len;
 	buf += len;
@@ -90,17 +90,15 @@
 	rv = __nss_ldap_assign_attr_multi_str(sctx,
 		_ATM(schema, GROUP, memberUid),
 		&grp->gr_mem, &memlen, &len, buf, buflen);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	buflen -= len;
 	buf += len;
 	
 	printf("%s %d\n", __FILE__, __LINE__);
-fin:
-	return (0);
 	
 errfin:
-	return (-1);
+	return (rv);
 /*	
 	
   if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
@@ -271,7 +269,7 @@
 		return (NS_UNAVAIL);
 	
 	rv = __nss_ldap_getent(NSS_LDAP_MAP_GROUP, filter, (void *)grp, 
-		buffer, bufsize, nss_ldap_parse_group);
+		buffer, bufsize, nss_ldap_parse_group, NULL);
 	
 	if (rv == NS_SUCCESS)
 		*result = grp;

==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#5 (text+ko) ====


==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#6 (text+ko) ====

@@ -52,6 +52,7 @@
 	char *buf;
 	size_t buflen;
 	size_t len;
+	time_t temp_time;
 	int rv;
 	
 	assert(pctx != NULL);
@@ -60,43 +61,45 @@
 	pwd = (struct passwd *)pctx->mdata;
 	buf = pctx->buffer;
 	buflen = pctx->bufsize;
-/* >>>for debug only */
-//	pwd = (struct passwd *)malloc(sizeof(struct passwd));
-//	memset(pwd, 0, sizeof(struct passwd));
-//	buf = malloc(1024);
-//	memset(buf, 0, 1024);
-/* <<<for debug only */
 	
 	schema = &sctx->conf->schema;
+
+	printf("here %s %d %p\n", __FILE__, __LINE__, (void *)sctx);
+	if ((__nss_ldap_check_oc(sctx, "shadowAccount") == NSS_LDAP_SUCCESS) 
+		|| (geteuid() != 0))
+		rv = __nss_ldap_assign_str("*", &pwd->pw_dir, &len, buf,
+			buflen);
+	else
+		rv = __nss_ldap_assign_attr_password(sctx,
+			_ATM(schema, PASSWD, userPassword),
+			&pwd->pw_passwd, &len, buf, buflen);
+
+	if (rv != NSS_LDAP_SUCCESS)
+		goto errfin;			
+	buflen -= len;
+	buf += len;
 	
 	printf("==> %d %s\n", __LINE__, __FILE__);
 	rv = __nss_ldap_assign_attr_str(sctx,
 		_ATM(schema, PASSWD, uid),
 		&pwd->pw_name, &len, buf, buflen);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	buflen -= len;
 	buf += len;
 	
-	printf("==> %d %s\n", __LINE__, __FILE__);	
-	rv = __nss_ldap_assign_attr_uid(sctx,
-		_AT(schema, uidNumber),
-		&pwd->pw_uid);
-	if (rv != 0)
-		goto errfin;
-	
 	printf("==> %d %s\n", __LINE__, __FILE__);
 	rv = __nss_ldap_assign_attr_str(sctx,
 		_AT(schema, gecos),
 		&pwd->pw_gecos, &len, buf, buflen);
-	if (rv != 0) {
+	if (rv != NSS_LDAP_SUCCESS) {
 		pwd->pw_gecos = NULL;
 		rv = __nss_ldap_assign_attr_str(sctx,
 			_ATM(schema, PASSWD, cn),
 			&pwd->pw_gecos, &len, buf, buflen);
 	}
       
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	buflen -= len;
 	buf += len;
@@ -105,10 +108,10 @@
 	rv = __nss_ldap_assign_attr_str(sctx,
 		_AT(schema, homeDirectory),
 		&pwd->pw_dir, &len, buf, buflen);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		rv = __nss_ldap_assign_str("", &pwd->pw_dir, &len, buf,
 			buflen);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	buflen -= len;
 	buf += len;
@@ -117,19 +120,53 @@
 	rv = __nss_ldap_assign_attr_str(sctx,
 		_AT(schema, loginShell),
 		&pwd->pw_shell, &len, buf, buflen);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		rv = __nss_ldap_assign_str("", &pwd->pw_shell, &len, buf,
 			buflen);	
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	buflen -= len;
 	buf += len;
 	
-fin:
-	return (0);
+	printf("==> %d %s\n", __LINE__, __FILE__);	
+	rv = __nss_ldap_assign_attr_uid(sctx,
+		_AT(schema, uidNumber),
+		&pwd->pw_uid);
+	if (rv != NSS_LDAP_SUCCESS)
+		goto errfin;
+	
+	rv = __nss_ldap_assign_attr_gid(sctx,
+		_ATM(schema, PASSWD, gidNumber),
+		&pwd->pw_gid);
+	if (rv != NSS_LDAP_SUCCESS)
+		goto errfin;
+	
+	rv = __nss_ldap_assign_attr_time(sctx, _AT(schema, shadowMax), 
+		&pwd->pw_change);
+	if (rv == NSS_LDAP_SUCCESS)
+		pwd->pw_change *= 24*60*60;
+	else
+		pwd->pw_change = 0;
+	
+	if (pwd->pw_change > 0) {
+		rv = __nss_ldap_assign_attr_time(sctx, 
+			_AT(schema, shadowLastChange), &temp_time);
+		if (rv == NSS_LDAP_SUCCESS)
+			pwd->pw_change += temp_time;
+		else
+			pwd->pw_change = 0;
+	}
+		
+	rv = __nss_ldap_assign_attr_time(sctx, _AT(schema, shadowExpire),
+		&pwd->pw_expire);
+	if (rv == NSS_LDAP_SUCCESS)
+		pwd->pw_expire *= 24*60*60;
+	else
+		pwd->pw_expire = 0;
 	
+	rv = NS_SUCCESS;
 errfin:
-	return (-1);
+	return (rv);	
 }
 
 int 
@@ -195,7 +232,7 @@
 		return (NS_UNAVAIL);
 	
 	rv = __nss_ldap_getent(NSS_LDAP_MAP_PASSWD, filter, (void *)pwd, 
-		buffer, bufsize, nss_ldap_parse_passwd);
+		buffer, bufsize, nss_ldap_parse_passwd, NULL);
 	
 	if (rv == NS_SUCCESS)
 		*result = pwd;

==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#6 (text+ko) ====


==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#2 (text+ko) ====

@@ -40,13 +40,32 @@
 #include "ldapconf.h"
 #include "nss_ldap.h"
 
-static int 
+#define NSS_LDAP_SERVICES_BY_KEY 0
+#define NSS_LDAP_SERVICES_ALL 1
+
+struct services_mdata
+{
+	struct servent *serv;
+	char const *proto;	
+	int type;
+};
+
+struct services_mdata_ext
+{
+	ssize_t offset;
+	size_t count;
+};
+
+static int
 nss_ldap_parse_servent(struct nss_ldap_parse_context *pctx)
 {
 	struct nss_ldap_schema *schema;
 	struct nss_ldap_search_context *sctx;
+	struct services_mdata *serv_mdata;
+	struct services_mdata_ext *serv_mdata_ext;
+	
 	struct servent *serv;
-	char *buf;
+	char *buf, **values;
 	size_t buflen;
 	size_t len, memlen;
 	int rv;
@@ -54,52 +73,110 @@
 	assert(pctx != NULL);
 	
 	sctx = pctx->sctx;
-	serv = (struct servent *)pctx->mdata;
+	serv_mdata = (struct services_mdata *)pctx->mdata;
+	serv_mdata_ext = (struct services_mdata_ext *)pctx->mdata_ext;
+		
+	serv = serv_mdata->serv;
 	buf = pctx->buffer;
 	buflen = pctx->bufsize;
 	
 	schema = &sctx->conf->schema;
+	
+	if (serv_mdata->type == NSS_LDAP_SERVICES_BY_KEY) {
+		if (serv_mdata->proto != NULL) {
+			rv = __nss_ldap_assign_str(serv_mdata->proto,
+				&serv->s_proto, &len, buf, buflen);			
+			if (rv != NSS_LDAP_SUCCESS)
+				goto errfin;			
+			buflen -= len;
+			buf += len;
+		} else {
+			rv = __nss_ldap_assign_attr_str(sctx,
+				_AT(schema, ipServiceProtocol),
+				&serv->s_proto, &len, buf, buflen);
+			if (rv != NSS_LDAP_SUCCESS)
+				goto errfin;
+			buflen -= len;
+			buf += len;
+		}
+	} else {
+		if (serv_mdata_ext == NULL) {
+			serv_mdata_ext = (struct services_mdata_ext *)malloc(
+				sizeof(struct services_mdata_ext));
+			assert(serv_mdata_ext != NULL);
+			
+			serv_mdata_ext->offset = -1;
+			serv_mdata_ext->count = 0;
+				
+			pctx->mdata_ext = serv_mdata_ext;
+		}
+		
+		if (serv_mdata_ext->offset == -1) {
+			rv = __nss_ldap_assign_attr_indexed_str(sctx,
+				_AT(schema, ipServiceProtocol),
+				serv_mdata_ext->offset, &serv_mdata_ext->count,
+				&serv->s_proto, &len, buf, buflen);
+			if (rv != NSS_LDAP_SUCCESS)
+				goto errfin;
+			
+			serv_mdata_ext->offset = 0;
+		} 
+		
+		if (serv_mdata_ext->offset < serv_mdata_ext->count) {
+			rv = __nss_ldap_assign_attr_indexed_str(sctx,
+				_AT(schema, ipServiceProtocol),
+				serv_mdata_ext->offset, NULL,
+				&serv->s_proto, &len, buf, buflen);
 
-/*	printf("==> %d %s\n", __LINE__, __FILE__);
-	rv = __nss_ldap_assign_attr_gid(sctx,
-		_ATM(schema, GROUP, gidNumber),
-		&grp->gr_gid);
-	if (rv != 0)
-		goto errfin;
+			if (++serv_mdata_ext->offset >= serv_mdata_ext->count) {
+				serv_mdata_ext->offset = -1;
+				serv_mdata_ext->count = 0;
+				pctx->need_no_more = 0;
+			} else
+				pctx->need_no_more = 1;
+			
+			buflen -= len;
+			buf += len;			
+		} else {
+			/* this shouldn't happen, actually - that's why
+			 * we're returning NSS_LDAP_GENERIC_ERROR instead
+			 * of NSS_LDAP_PARSE_ERROR */
+			rv = NSS_LDAP_GENERIC_ERROR;
+			goto errfin;
+		}
+	}
 	
-	printf("==> %d %s\n", __LINE__, __FILE__);
 	rv = __nss_ldap_assign_rdn_str(sctx, 
-		_ATM(schema, GROUP, cn),
-		&grp->gr_name, &len, buf, buflen);
-	if (rv != 0)
+		_ATM(schema, SERVICES, cn),
+		&serv->s_name, &len, buf, buflen);
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
-	buflen -= len;
-	buf += len;
 	
-	printf("==> %d %s\n", __LINE__, __FILE__);
-	rv = __nss_ldap_assign_attr_password(sctx,
-		_ATM(schema, GROUP, userPassword),
-		&grp->gr_passwd, &len, buf, buflen);
-	if (rv != 0)
-		goto errfin;
 	buflen -= len;
 	buf += len;
-	
-	printf("==> %d %s\n", __LINE__, __FILE__);
+
 	rv = __nss_ldap_assign_attr_multi_str(sctx,
-		_ATM(schema, GROUP, memberUid),
-		&grp->gr_mem, &memlen, &len, buf, buflen);
-	if (rv != 0)
+		_ATM(schema, SERVICES, cn),
+		&serv->s_aliases, &memlen, &len, buf, buflen);
+	if (rv != NSS_LDAP_SUCCESS)
 		goto errfin;
 	buflen -= len;
 	buf += len;
 	
-	printf("%s %d\n", __FILE__, __LINE__);*/
-fin:
-	return (0);
+	rv = __nss_ldap_assign_attr_int(sctx,
+		_AT(schema, ipServicePort),
+		&serv->s_port);
 	
 errfin:
-	return (-1);
+	return (rv);	
+}
+
+static void
+nss_ldap_destroy_servent(struct nss_ldap_parse_context *pctx)
+{
+	
+	assert(pctx != NULL);
+	free(pctx->mdata_ext);
 }
 
 int 
@@ -107,6 +184,7 @@
 	char *buffer, size_t bufsize, struct servent **result)
 {
 	char filter[NSS_LDAP_FILTER_MAX_SIZE];
+	struct services_mdata mdata;
 	char const *fmt;
 	int rv;
 	
@@ -121,9 +199,15 @@
 	else
 	    __nss_ldap_format_filter(fmt, NSS_LDAP_FILTER_ARGS_STR_ANY, filter,
 		sizeof(filter), name);
+
+	memset(&mdata, 0, sizeof(struct services_mdata));
+	mdata.serv = serv;
+	mdata.proto = proto;
+	mdata.type = NSS_LDAP_SERVICES_BY_KEY;	
 	
-	rv = __nss_ldap_getby(NSS_LDAP_MAP_SERVICE, filter, (void *)serv, 
-		buffer, bufsize, nss_ldap_parse_servent);
+	rv = __nss_ldap_getby(NSS_LDAP_MAP_SERVICES, filter,
+		(void *)&mdata, buffer, bufsize, 
+		nss_ldap_parse_servent);
 	
 	if (rv == NS_SUCCESS)
 		*result = serv;
@@ -136,6 +220,7 @@
 	char *buffer, size_t bufsize, struct servent **result)
 {
 	char filter[NSS_LDAP_FILTER_MAX_SIZE];
+	struct services_mdata mdata;
 	char const *fmt;
 	int rv;
 	
@@ -151,8 +236,14 @@
 	    __nss_ldap_format_filter(fmt, NSS_LDAP_FILTER_ARGS_INT_ANY, filter,
 		sizeof(filter), port);
 	
-	rv = __nss_ldap_getby(NSS_LDAP_MAP_SERVICE, filter, (void *)serv, 
-		buffer, bufsize, nss_ldap_parse_servent);
+	memset(&mdata, 0, sizeof(struct services_mdata));
+	mdata.serv = serv;
+	mdata.proto = proto;
+	mdata.type = NSS_LDAP_SERVICES_BY_KEY;	
+	
+	rv = __nss_ldap_getby(NSS_LDAP_MAP_SERVICES, filter, 
+		(void *)&mdata, buffer, bufsize,
+		nss_ldap_parse_servent);
 	
 	if (rv == NS_SUCCESS)
 		*result = serv;
@@ -164,6 +255,7 @@
 ldap_getservent_r(struct servent *serv, char *buffer, size_t bufsize, 
 	struct servent **result)
 {
+	struct services_mdata mdata;
 	char const *filter;
 	int rv;
 	
@@ -172,8 +264,13 @@
 	if (filter == NULL)
 		return (NS_UNAVAIL);
 	
-	rv = __nss_ldap_getent(NSS_LDAP_MAP_SERVICE, filter, (void *)serv, 
-		buffer, bufsize, nss_ldap_parse_servent);
+	memset(&mdata, 0, sizeof(struct services_mdata));
+	mdata.serv = serv;
+	mdata.type = NSS_LDAP_SERVICES_ALL;
+
+	rv = __nss_ldap_getent(NSS_LDAP_MAP_SERVICES, filter, (void *)&mdata, 
+		buffer, bufsize, nss_ldap_parse_servent,
+		nss_ldap_destroy_servent);
 	
 	if (rv == NS_SUCCESS)
 		*result = serv;
@@ -185,7 +282,7 @@
 ldap_setservent()
 {
 
-	__nss_ldap_setent(NSS_LDAP_MAP_SERVICE);	
+	__nss_ldap_setent(NSS_LDAP_MAP_SERVICES);	
 }
 
 

==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#2 (text+ko) ====


==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#6 (text+ko) ====

@@ -39,6 +39,7 @@
 #include "ldapsearch.h"
 #include "ldaptls.h"
 #include "ldapconf.h"
+#include "nss_ldap.h"
 
 #define NSS_BASE_PREFIX ("nss_base_")
 #define NSS_BASE_PREFIX_SIZE (9)
@@ -74,13 +75,13 @@
 
 	res = strtol(str, &end, 10);
 	if (*end != '\0')
-		return (-1);
+		return (NSS_LDAP_PARSE_ERROR);
 	else
 		if (((res >= low) || (low == -1)) &&
 			((res <= max) || (max == -1)))
 			return (res);
 		else
-			return (-2);
+			return (NSS_LDAP_PARSE_ERROR);
 }
 
 static int
@@ -90,7 +91,7 @@
 	int rv;
 
 	left_arg = left_arg + NSS_BASE_PREFIX_SIZE;
-	rv = -1;
+	rv = NSS_LDAP_ARGS_ERROR;
 	
 	if (strcmp(left_arg, "passwd") == 0)
 		rv = __nss_ldap_set_schema_filter_base(&conf->schema,
@@ -98,9 +99,9 @@
 	else if (strcmp(left_arg, "group") == 0)
 		rv = __nss_ldap_set_schema_filter_base(&conf->schema,
 		NSS_LDAP_MAP_GROUP, right_arg);
-	else if (strcmp(left_arg, "service") == 0)
+	else if (strcmp(left_arg, "services") == 0)
 		rv = __nss_ldap_set_schema_filter_base(&conf->schema,
-		NSS_LDAP_MAP_SERVICE, right_arg);
+		NSS_LDAP_MAP_SERVICES, right_arg);
 	
 	return (rv);
 }
@@ -118,12 +119,12 @@
 	assert(arg2 != NULL);
 	
 	rv = __nss_ldap_init_rule(&rule, arg1, arg2);
-	if (rv != 0)
-		return (-1);
+	if (rv != NSS_LDAP_SUCCESS)
+		return (rv);
 	
 	rules_coll = __nss_ldap_get_schema_rules(&conf->schema, rule_id);
 	if (rules_coll == NULL)
-		return (-1);
+		return (NSS_LDAP_GENERIC_ERROR);
 	
 	rv = __nss_ldap_add_rule(rules_coll, &rule);
 	return (rv);
@@ -175,9 +176,9 @@
 	printf("fname: %s %d\n", fname, conf->proto_version);
 	fin = fopen(fname, "r");
 	if (fin == NULL)
-		return (-1);
+		return (NSS_LDAP_GENERIC_ERROR);
 
-	res = 0;
+	res = NSS_LDAP_SUCCESS;
 	line_num = 0;
 	memset(buffer, 0, sizeof(buffer));
 	while ((res == 0) && (fgets(buffer, sizeof(buffer) - 1, fin) != NULL)) {
@@ -238,7 +239,8 @@
 			 * NSS_LDAP_PROTO_VERSION_3 constants here */
 			if (strcmp(fields[0], "ldap-version") == 0) {
 			    if ((field_count == 2) && 
-				(value = get_number(fields[1], 2, 3) != -1)) {
+				(value = get_number(fields[1], 2, 3) == 
+			    	    NSS_LDAP_SUCCESS)) {
 				conf->proto_version = value;
 			    	continue;
 			    }
@@ -250,35 +252,35 @@
 				NSS_BASE_PREFIX_SIZE) == 0) {
 
 			    if ((field_count == 2) && (set_base_map(conf,
-				fields[0], fields[1]) != -1))
+				fields[0], fields[1]) == NSS_LDAP_SUCCESS))
 			    	continue;
 			} else if (strcmp(fields[0], "nss_map_attribute") == 0) {
 			    if ((field_count == 3) &&
 				(set_schema_rule(conf,
 				    NSS_LDAP_SCHEMA_MAP_ATTRIBUTE_RULES,
 			    	    fields[1],
-			    	    fields[2]) == 0))
+			    	    fields[2]) == NSS_LDAP_SUCCESS))
 			    	continue;
 			} else if (strcmp(fields[0], "nss_map_objectclass") == 0) {
 			    if ((field_count == 3) &&
 				(set_schema_rule(conf,
 				    NSS_LDAP_SCHEMA_MAP_OBJECTCLASS_RULES,
 			    	    fields[1],
-			    	    fields[2]) == 0))
+			    	    fields[2]) == NSS_LDAP_SUCCESS))
 			    	continue;
 			} else if (strcmp(fields[0], "nss_default_attribute_value") == 0) {
 			    if ((field_count == 3) &&
 				(set_schema_rule(conf,
 				    NSS_LDAP_SCHEMA_DEFAULT_VALUE_RULES,
 			    	    fields[1],
-			    	    fields[2]) == 0))
+			    	    fields[2]) == NSS_LDAP_SUCCESS))
 			    	continue;				
 			} else if (strcmp(fields[0], "nss_override_attribute_value") == 0) {
 			    if ((field_count == 3) &&
 				(set_schema_rule(conf,
 				    NSS_LDAP_SCHEMA_OVERRIDE_VALUE_RULES,
 			    	    fields[1],
-			    	    fields[2]) == 0))
+			    	    fields[2]) == NSS_LDAP_SUCCESS))
 			    	continue;				
 			}
 			break;
@@ -286,7 +288,8 @@
 			printf("== %s, %d ==\n", __FILE__, __LINE__);
 			if (strcmp(fields[0], "port") == 0) {
 			    if ((field_count == 2) && 
-				(value = get_number(fields[1], 0, -1) != -1)) {
+				(value = get_number(fields[1], 0, -1) == 
+			    	    NSS_LDAP_SUCCESS)) {
 				conf->port = value;
 			    	continue;
 			    }
@@ -324,7 +327,7 @@
 			break;
 		}
 
-		res = -1;
+		res = NSS_LDAP_PARSE_ERROR;
 	}
 	fclose(fin);
 
@@ -334,5 +337,13 @@
 void 
 __nss_ldap_destroy_config(struct nss_ldap_configuration *config)
 {
+
+	assert(config != NULL);
 	
+	free(config->host);
+	free(config->root_bind_dn);
+	free(config->bind_dn);
+	free(config->bind_pw);
+	
+	__nss_ldap_destroy_schema(&config->schema);
 }

==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#6 (text+ko) ====


==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#6 (text+ko) ====

@@ -30,6 +30,7 @@
 
 #include <sys/time.h>
 #include <assert.h>
+#include <errno.h>
 #include <ldap.h>
 #include <stdlib.h>
 #include <string.h>
@@ -39,6 +40,7 @@
 #include "ldaputil.h"
 #include "ldapconn.h"
 #include "ldapconf.h"
+#include "nss_ldap.h"
 
 struct nss_ldap_connection *
 __nss_ldap_connect(struct nss_ldap_connection_method *method,
@@ -157,8 +159,10 @@
 		
 	conn->ld = (LDAP *)ldap_init(conf->host, conf->port);
 	if (conn->ld == NULL) {
-		printf("--> %s %d\n", __FILE__, __LINE__);
-		// TODO: error handling here
+		snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
+			"ldap_init() error: %s\n", strerror(errno)
+			);
+		err->err_num = errno;
 		free(conn);
 		return (NULL);
 	}
@@ -179,14 +183,13 @@
 	rv = ldap_set_option(conn->ld, LDAP_OPT_PROTOCOL_VERSION, 
 		&ldap_version);
 	if (rv != LDAP_SUCCESS) {
-		printf("--> %s %d %d %d %d\n", __FILE__, __LINE__, rv, LDAP_SUCCESS, ldap_version);
-		ldap_perror(conn->ld, "----->");
-		// TODO: error checking
+		err->err_num = rv;
+		snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
+			"ldap_set_option() error: %s\n", ldap_err2string(rv));
 		ldap_unbind(conn->ld);
 		free(conn);
 		return (NULL);
 	}
-
 	
 	return (conn);
 }
@@ -227,10 +230,11 @@
 	/* If the returned message ID is less than zero, an error occurred. */
 	if ( msgid < 0  ) {
 		/* NOTE: can't use ldap_result2error here */
-		err->err_num = msgid;
-		strlcpy(err->description, ldap_err2string(rc),
-			sizeof(err->description));
-  		return (-1);
+		err->err_num = ldap_result2error(conn->ld, res, 0);
+		snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
+			"ldap_simple_bind() error: %s\n", 
+			ldap_err2string(err->err_num));
+  		return (NSS_LDAP_CONNECTION_ERROR);
 	}
 
 	/* Check to see if the bind operation completed. */
@@ -240,9 +244,10 @@
   		/* If ldap_result() returns -1, error occurred. */
   		case -1:
     			err->err_num = ldap_result2error(conn->ld, res, 0);
-			strlcpy(err->description, ldap_err2string(rc),
-				sizeof(err->description));
-    			return (-1);
+			snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
+				"ldap_result() error: %s\n",
+				ldap_err2string(err->err_num));
+    			return (NSS_LDAP_CONNECTION_ERROR);
 
 		/* If ldap_result() returns 0, the timeout (specified by the 
 		timeout argument) has been exceeded before the client received 
@@ -262,54 +267,52 @@
     			parse_rc = ldap_parse_result( conn->ld, res, &rc,
 				&matched_msg, &error_msg, &referrals, 
 				&serverctrls, 1 );
+			/* TODO: probably don't need this, check */
     			if ( parse_rc != LDAP_SUCCESS ) {
 				err->err_num = parse_rc;
-				strlcpy(err->description, ldap_err2string(rc),
-					sizeof(err->description));
-      				return (-1);
+				snprintf(err->description,
+					NSS_LDAP_MAX_ERR_DESC_SIZE,
+					"ldap_parse_result() error: %s\n",
+					ldap_err2string(parse_rc));
+      				return (NSS_LDAP_CONNECTION_ERROR);
     			}
     
 			/* Check the results of the operation. */
-    			if ( rc != LDAP_SUCCESS ) {
-				err->err_num = rc;
-				strlcpy(err->description, ldap_err2string(rc),
-					sizeof(err->description));
+    			if (rc != LDAP_SUCCESS) {
+				err->err_num = rc;				
+      				/* If an entry specified by a DN could not be 
+				found, the server may also return the portion 
+				of the DN that identifies an existing entry. 
+        			(See "Receiving the Portion of the DN Matching 
+				an Entry" for an explanation.) */
+				snprintf(err->description,
+				    NSS_LDAP_MAX_ERR_DESC_SIZE,
+				    "ldap_parse_result() error: %s, "
+				    "(server response: %s) "
+				    "(matched msg: %s)\n",
+				    ldap_err2string(rc),
+				    (error_msg != NULL && *error_msg != '\0') ?
+					error_msg : "[unknown]",
+				    (matched_msg != NULL && *matched_msg != '\0') ?
+					matched_msg : "[unknown]"
+				    );
 
-      				/* If the server sent an additional error message, 
-        			print it out. */
-      				if ( error_msg != NULL && *error_msg != '\0' ) {
-					strlcat(err->description, ", ", 
-						sizeof(err->description));
-					strlcat(err->description, error_msg,
-						sizeof(err->description));
-      				}
-
-      				/* If an entry specified by a DN could not be found, 
-        			the server may also return the portion of the DN 
-        			that identifies an existing entry. 
-        			(See"Receiving the Portion of the DN Matching an Entry"
-        			for an explanation.) */
-      				if ( matched_msg != NULL && *matched_msg != '\0' ) {
-					strlcat(err->description,
-						", matched part:", 
-						sizeof(err->description));
-					strlcat(err->description, matched_msg,
-						sizeof(err->description));
-      				}
-      				return (-1);
+      				return (NSS_LDAP_CONNECTION_ERROR);
     			} else
-				return (0);
+				return (NSS_LDAP_SUCCESS);
     		break;
-  		}  
+  		}
 	}
+	
+	/* UNREACHABLE */
+	return (NSS_LDAP_CONNECTION_ERROR);
 }
 	
 int 
 __nss_ldap_simple_disconnect(struct nss_ldap_connection *conn,
 	struct nss_ldap_configuration *conf,
 	struct nss_ldap_connection_error *err)
-{
-	
+{	
 	int rv;
 
 	assert(conn != NULL);	
@@ -318,11 +321,14 @@
 	
 	rv = ldap_unbind(conn->ld);	
 	if (rv != LDAP_SUCCESS) {
-		//TODO: error checking
-		return (-1);
+		err->err_num = rv;
+		snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
+			"ldap_result() error: %s\n",
+			ldap_err2string(err->err_num));
+		return (NSS_LDAP_CONNECTION_ERROR);
 	}		
 	
-	return (0);
+	return (NSS_LDAP_SUCCESS);
 }	
 
 int
@@ -336,7 +342,7 @@
 	method->auth_fn = __nss_ldap_simple_auth;
 	method->disconnect_fn = __nss_ldap_simple_disconnect;
 	
-	return (0);
+	return (NSS_LDAP_SUCCESS);
 }
 #endif
 	
@@ -345,7 +351,7 @@
 __nss_ldap_init_ssl_auth_method(struct nss_ldap_connection_method *method)
 {
 	
-	return (0);
+	return (NSS_LDAP_SUCCESS);
 }
 #endif
 	
@@ -363,7 +369,10 @@
 	
 	rv = ldap_start_tls_s(conn->ld, NULL, NULL);
 	if (rv != LDAP_SUCCESS) {
-		/* TODO: error checking */
+		err->err_num = rv;
+		snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE,
+			"ldap_start_tls_s() error: %s\n", 
+			ldap_err2string(err->err_num));
 		__nss_ldap_simple_disconnect(conn, conf, err);
 		return (NULL);
 	}
@@ -379,12 +388,12 @@
 	assert(method != NULL);
 	
 	rv = __nss_ldap_init_simple_auth_method(method);
-	if (rv != 0)
+	if (rv != NSS_LDAP_SUCCESS)
 		return (rv);
 	
 	/* Replacing standard connect routine with start-tls specific */
 	method->connect_fn = __nss_ldap_start_tls_connect;
 	
-	return (0);
+	return (NSS_LDAP_SUCCESS);
 }
 #endif

==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#6 (text+ko) ====


==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#6 (text+ko) ====

@@ -28,10 +28,14 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/types.h>
 #include <assert.h>
+#include <ldap.h>
 #include <stdlib.h>
 #include <string.h>
 #include "ldapschema.h"
+#include "ldapsearch.h"
+#include "nss_ldap.h"
 
 static void init_schema_common(struct nss_ldap_schema *);
 
@@ -129,21 +133,21 @@
 	snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVBYNAME],
 		NSS_LDAP_FILTER_MAX_SIZE,
 		"(&(objectclass=%s)(%s=%s)(%s=%s))",
-		_OC(schema, ipServices), _ATM(schema, SERVICES, cn), "%s",
+		_OC(schema, ipService), _ATM(schema, SERVICES, cn), "%s",
 		_AT(schema, ipServiceProtocol), "%s");
 	snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVBYPORT],
 		NSS_LDAP_FILTER_MAX_SIZE,
 		"(&(objectclass=%s)(%s=%s)(%s=%s))",
-		_OC(schema, ipServices), _AT(schema, ipServicePort), "%d",
+		_OC(schema, ipService), _AT(schema, ipServicePort), "%d",
 		_AT(schema, ipServiceProtocol), "%s");
 	snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVENT],
 		NSS_LDAP_FILTER_MAX_SIZE,
 		"(objectclass=%s)",
-		_OC(schema, ipServices));		
+		_OC(schema, ipService));		
 }
 
 void 
-__nss_destroy_schema(struct nss_ldap_schema *schema)
+__nss_ldap_destroy_schema(struct nss_ldap_schema *schema)
 {
 	
 	assert(schema != NULL);
@@ -171,7 +175,7 @@
 	rule->right_arg = strdup(right_arg);
 	assert(rule->right_arg != NULL);
 	
-	return (0);
+	return (NSS_LDAP_SUCCESS);
 }
 
 void 
@@ -196,9 +200,9 @@
 	res = strlcpy(schema->filters[filter_id], filter_str,
 		NSS_LDAP_FILTER_MAX_SIZE);
 	if (res > NSS_LDAP_FILTER_MAX_SIZE - 1)
-		return (-1);
+		return (NSS_LDAP_BUFFER_ERROR);
 	
-	return (0);
+	return (NSS_LDAP_SUCCESS);
 }
 
 char *
@@ -224,9 +228,9 @@
 	res = strlcpy(schema->filter_bases[filter_base_id], filter_base_str,
 		NSS_LDAP_FILTER_MAX_SIZE);
 	if (res > NSS_LDAP_FILTER_MAX_SIZE - 1)
-		return (-1);
+		return (NSS_LDAP_BUFFER_ERROR);
 	
-	return (0);
+	return (NSS_LDAP_SUCCESS);
 }
 
 char *
@@ -255,7 +259,7 @@
 	assert(rules->rules != NULL);
 	memset(rules, 0, sizeof(struct nss_ldap_schema_rule) *
 		rules->rules_eff_size);
-	return (0);
+	return (NSS_LDAP_SUCCESS);
 }
 
 int 
@@ -287,7 +291,7 @@
 	memcpy(rules->rules + rules->rules_size, rule,
 		sizeof(struct nss_ldap_schema_rule));
 	++rules->rules_size;

>>> TRUNCATED FOR MAIL (1000 lines) <<<



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607311906.k6VJ6RZ8060126>