From owner-p4-projects@FreeBSD.ORG Mon Jul 31 19:06:44 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EA41816A4E7; Mon, 31 Jul 2006 19:06:43 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABE6D16A4DE for ; Mon, 31 Jul 2006 19:06:43 +0000 (UTC) (envelope-from bushman@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 388C143D88 for ; Mon, 31 Jul 2006 19:06:28 +0000 (GMT) (envelope-from bushman@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k6VJ6SkF060129 for ; Mon, 31 Jul 2006 19:06:28 GMT (envelope-from bushman@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k6VJ6RZ8060126 for perforce@freebsd.org; Mon, 31 Jul 2006 19:06:27 GMT (envelope-from bushman@freebsd.org) Date: Mon, 31 Jul 2006 19:06:27 GMT Message-Id: <200607311906.k6VJ6RZ8060126@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bushman@freebsd.org using -f From: Michael Bushkov To: Perforce Change Reviews Cc: Subject: PERFORCE change 102872 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2006 19:06:44 -0000 http://perforce.freebsd.org/chv.cgi?CH=102872 Change 102872 by bushman@bushman_nss_ldap_cached on 2006/07/31 19:05:39 "passwd", "services" and "group" sources are fully implemented in terms of RFC2307 + several fixes Affected files ... .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#2 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#2 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#4 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#4 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#6 edit Differences ... ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#6 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#5 (text+ko) ==== @@ -65,14 +65,14 @@ rv = __nss_ldap_assign_attr_gid(sctx, _ATM(schema, GROUP, gidNumber), &grp->gr_gid); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) goto errfin; printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_rdn_str(sctx, _ATM(schema, GROUP, cn), &grp->gr_name, &len, buf, buflen); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) goto errfin; buflen -= len; buf += len; @@ -81,7 +81,7 @@ rv = __nss_ldap_assign_attr_password(sctx, _ATM(schema, GROUP, userPassword), &grp->gr_passwd, &len, buf, buflen); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) goto errfin; buflen -= len; buf += len; @@ -90,17 +90,15 @@ rv = __nss_ldap_assign_attr_multi_str(sctx, _ATM(schema, GROUP, memberUid), &grp->gr_mem, &memlen, &len, buf, buflen); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) goto errfin; buflen -= len; buf += len; printf("%s %d\n", __FILE__, __LINE__); -fin: - return (0); errfin: - return (-1); + return (rv); /* if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) @@ -271,7 +269,7 @@ return (NS_UNAVAIL); rv = __nss_ldap_getent(NSS_LDAP_MAP_GROUP, filter, (void *)grp, - buffer, bufsize, nss_ldap_parse_group); + buffer, bufsize, nss_ldap_parse_group, NULL); if (rv == NS_SUCCESS) *result = grp; ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#5 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#6 (text+ko) ==== @@ -52,6 +52,7 @@ char *buf; size_t buflen; size_t len; + time_t temp_time; int rv; assert(pctx != NULL); @@ -60,43 +61,45 @@ pwd = (struct passwd *)pctx->mdata; buf = pctx->buffer; buflen = pctx->bufsize; -/* >>>for debug only */ -// pwd = (struct passwd *)malloc(sizeof(struct passwd)); -// memset(pwd, 0, sizeof(struct passwd)); -// buf = malloc(1024); -// memset(buf, 0, 1024); -/* <<conf->schema; + + printf("here %s %d %p\n", __FILE__, __LINE__, (void *)sctx); + if ((__nss_ldap_check_oc(sctx, "shadowAccount") == NSS_LDAP_SUCCESS) + || (geteuid() != 0)) + rv = __nss_ldap_assign_str("*", &pwd->pw_dir, &len, buf, + buflen); + else + rv = __nss_ldap_assign_attr_password(sctx, + _ATM(schema, PASSWD, userPassword), + &pwd->pw_passwd, &len, buf, buflen); + + if (rv != NSS_LDAP_SUCCESS) + goto errfin; + buflen -= len; + buf += len; printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_str(sctx, _ATM(schema, PASSWD, uid), &pwd->pw_name, &len, buf, buflen); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) goto errfin; buflen -= len; buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); - rv = __nss_ldap_assign_attr_uid(sctx, - _AT(schema, uidNumber), - &pwd->pw_uid); - if (rv != 0) - goto errfin; - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_str(sctx, _AT(schema, gecos), &pwd->pw_gecos, &len, buf, buflen); - if (rv != 0) { + if (rv != NSS_LDAP_SUCCESS) { pwd->pw_gecos = NULL; rv = __nss_ldap_assign_attr_str(sctx, _ATM(schema, PASSWD, cn), &pwd->pw_gecos, &len, buf, buflen); } - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) goto errfin; buflen -= len; buf += len; @@ -105,10 +108,10 @@ rv = __nss_ldap_assign_attr_str(sctx, _AT(schema, homeDirectory), &pwd->pw_dir, &len, buf, buflen); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) rv = __nss_ldap_assign_str("", &pwd->pw_dir, &len, buf, buflen); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) goto errfin; buflen -= len; buf += len; @@ -117,19 +120,53 @@ rv = __nss_ldap_assign_attr_str(sctx, _AT(schema, loginShell), &pwd->pw_shell, &len, buf, buflen); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) rv = __nss_ldap_assign_str("", &pwd->pw_shell, &len, buf, buflen); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) goto errfin; buflen -= len; buf += len; -fin: - return (0); + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_uid(sctx, + _AT(schema, uidNumber), + &pwd->pw_uid); + if (rv != NSS_LDAP_SUCCESS) + goto errfin; + + rv = __nss_ldap_assign_attr_gid(sctx, + _ATM(schema, PASSWD, gidNumber), + &pwd->pw_gid); + if (rv != NSS_LDAP_SUCCESS) + goto errfin; + + rv = __nss_ldap_assign_attr_time(sctx, _AT(schema, shadowMax), + &pwd->pw_change); + if (rv == NSS_LDAP_SUCCESS) + pwd->pw_change *= 24*60*60; + else + pwd->pw_change = 0; + + if (pwd->pw_change > 0) { + rv = __nss_ldap_assign_attr_time(sctx, + _AT(schema, shadowLastChange), &temp_time); + if (rv == NSS_LDAP_SUCCESS) + pwd->pw_change += temp_time; + else + pwd->pw_change = 0; + } + + rv = __nss_ldap_assign_attr_time(sctx, _AT(schema, shadowExpire), + &pwd->pw_expire); + if (rv == NSS_LDAP_SUCCESS) + pwd->pw_expire *= 24*60*60; + else + pwd->pw_expire = 0; + rv = NS_SUCCESS; errfin: - return (-1); + return (rv); } int @@ -195,7 +232,7 @@ return (NS_UNAVAIL); rv = __nss_ldap_getent(NSS_LDAP_MAP_PASSWD, filter, (void *)pwd, - buffer, bufsize, nss_ldap_parse_passwd); + buffer, bufsize, nss_ldap_parse_passwd, NULL); if (rv == NS_SUCCESS) *result = pwd; ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#6 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#2 (text+ko) ==== @@ -40,13 +40,32 @@ #include "ldapconf.h" #include "nss_ldap.h" -static int +#define NSS_LDAP_SERVICES_BY_KEY 0 +#define NSS_LDAP_SERVICES_ALL 1 + +struct services_mdata +{ + struct servent *serv; + char const *proto; + int type; +}; + +struct services_mdata_ext +{ + ssize_t offset; + size_t count; +}; + +static int nss_ldap_parse_servent(struct nss_ldap_parse_context *pctx) { struct nss_ldap_schema *schema; struct nss_ldap_search_context *sctx; + struct services_mdata *serv_mdata; + struct services_mdata_ext *serv_mdata_ext; + struct servent *serv; - char *buf; + char *buf, **values; size_t buflen; size_t len, memlen; int rv; @@ -54,52 +73,110 @@ assert(pctx != NULL); sctx = pctx->sctx; - serv = (struct servent *)pctx->mdata; + serv_mdata = (struct services_mdata *)pctx->mdata; + serv_mdata_ext = (struct services_mdata_ext *)pctx->mdata_ext; + + serv = serv_mdata->serv; buf = pctx->buffer; buflen = pctx->bufsize; schema = &sctx->conf->schema; + + if (serv_mdata->type == NSS_LDAP_SERVICES_BY_KEY) { + if (serv_mdata->proto != NULL) { + rv = __nss_ldap_assign_str(serv_mdata->proto, + &serv->s_proto, &len, buf, buflen); + if (rv != NSS_LDAP_SUCCESS) + goto errfin; + buflen -= len; + buf += len; + } else { + rv = __nss_ldap_assign_attr_str(sctx, + _AT(schema, ipServiceProtocol), + &serv->s_proto, &len, buf, buflen); + if (rv != NSS_LDAP_SUCCESS) + goto errfin; + buflen -= len; + buf += len; + } + } else { + if (serv_mdata_ext == NULL) { + serv_mdata_ext = (struct services_mdata_ext *)malloc( + sizeof(struct services_mdata_ext)); + assert(serv_mdata_ext != NULL); + + serv_mdata_ext->offset = -1; + serv_mdata_ext->count = 0; + + pctx->mdata_ext = serv_mdata_ext; + } + + if (serv_mdata_ext->offset == -1) { + rv = __nss_ldap_assign_attr_indexed_str(sctx, + _AT(schema, ipServiceProtocol), + serv_mdata_ext->offset, &serv_mdata_ext->count, + &serv->s_proto, &len, buf, buflen); + if (rv != NSS_LDAP_SUCCESS) + goto errfin; + + serv_mdata_ext->offset = 0; + } + + if (serv_mdata_ext->offset < serv_mdata_ext->count) { + rv = __nss_ldap_assign_attr_indexed_str(sctx, + _AT(schema, ipServiceProtocol), + serv_mdata_ext->offset, NULL, + &serv->s_proto, &len, buf, buflen); -/* printf("==> %d %s\n", __LINE__, __FILE__); - rv = __nss_ldap_assign_attr_gid(sctx, - _ATM(schema, GROUP, gidNumber), - &grp->gr_gid); - if (rv != 0) - goto errfin; + if (++serv_mdata_ext->offset >= serv_mdata_ext->count) { + serv_mdata_ext->offset = -1; + serv_mdata_ext->count = 0; + pctx->need_no_more = 0; + } else + pctx->need_no_more = 1; + + buflen -= len; + buf += len; + } else { + /* this shouldn't happen, actually - that's why + * we're returning NSS_LDAP_GENERIC_ERROR instead + * of NSS_LDAP_PARSE_ERROR */ + rv = NSS_LDAP_GENERIC_ERROR; + goto errfin; + } + } - printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_rdn_str(sctx, - _ATM(schema, GROUP, cn), - &grp->gr_name, &len, buf, buflen); - if (rv != 0) + _ATM(schema, SERVICES, cn), + &serv->s_name, &len, buf, buflen); + if (rv != NSS_LDAP_SUCCESS) goto errfin; - buflen -= len; - buf += len; - printf("==> %d %s\n", __LINE__, __FILE__); - rv = __nss_ldap_assign_attr_password(sctx, - _ATM(schema, GROUP, userPassword), - &grp->gr_passwd, &len, buf, buflen); - if (rv != 0) - goto errfin; buflen -= len; buf += len; - - printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_multi_str(sctx, - _ATM(schema, GROUP, memberUid), - &grp->gr_mem, &memlen, &len, buf, buflen); - if (rv != 0) + _ATM(schema, SERVICES, cn), + &serv->s_aliases, &memlen, &len, buf, buflen); + if (rv != NSS_LDAP_SUCCESS) goto errfin; buflen -= len; buf += len; - printf("%s %d\n", __FILE__, __LINE__);*/ -fin: - return (0); + rv = __nss_ldap_assign_attr_int(sctx, + _AT(schema, ipServicePort), + &serv->s_port); errfin: - return (-1); + return (rv); +} + +static void +nss_ldap_destroy_servent(struct nss_ldap_parse_context *pctx) +{ + + assert(pctx != NULL); + free(pctx->mdata_ext); } int @@ -107,6 +184,7 @@ char *buffer, size_t bufsize, struct servent **result) { char filter[NSS_LDAP_FILTER_MAX_SIZE]; + struct services_mdata mdata; char const *fmt; int rv; @@ -121,9 +199,15 @@ else __nss_ldap_format_filter(fmt, NSS_LDAP_FILTER_ARGS_STR_ANY, filter, sizeof(filter), name); + + memset(&mdata, 0, sizeof(struct services_mdata)); + mdata.serv = serv; + mdata.proto = proto; + mdata.type = NSS_LDAP_SERVICES_BY_KEY; - rv = __nss_ldap_getby(NSS_LDAP_MAP_SERVICE, filter, (void *)serv, - buffer, bufsize, nss_ldap_parse_servent); + rv = __nss_ldap_getby(NSS_LDAP_MAP_SERVICES, filter, + (void *)&mdata, buffer, bufsize, + nss_ldap_parse_servent); if (rv == NS_SUCCESS) *result = serv; @@ -136,6 +220,7 @@ char *buffer, size_t bufsize, struct servent **result) { char filter[NSS_LDAP_FILTER_MAX_SIZE]; + struct services_mdata mdata; char const *fmt; int rv; @@ -151,8 +236,14 @@ __nss_ldap_format_filter(fmt, NSS_LDAP_FILTER_ARGS_INT_ANY, filter, sizeof(filter), port); - rv = __nss_ldap_getby(NSS_LDAP_MAP_SERVICE, filter, (void *)serv, - buffer, bufsize, nss_ldap_parse_servent); + memset(&mdata, 0, sizeof(struct services_mdata)); + mdata.serv = serv; + mdata.proto = proto; + mdata.type = NSS_LDAP_SERVICES_BY_KEY; + + rv = __nss_ldap_getby(NSS_LDAP_MAP_SERVICES, filter, + (void *)&mdata, buffer, bufsize, + nss_ldap_parse_servent); if (rv == NS_SUCCESS) *result = serv; @@ -164,6 +255,7 @@ ldap_getservent_r(struct servent *serv, char *buffer, size_t bufsize, struct servent **result) { + struct services_mdata mdata; char const *filter; int rv; @@ -172,8 +264,13 @@ if (filter == NULL) return (NS_UNAVAIL); - rv = __nss_ldap_getent(NSS_LDAP_MAP_SERVICE, filter, (void *)serv, - buffer, bufsize, nss_ldap_parse_servent); + memset(&mdata, 0, sizeof(struct services_mdata)); + mdata.serv = serv; + mdata.type = NSS_LDAP_SERVICES_ALL; + + rv = __nss_ldap_getent(NSS_LDAP_MAP_SERVICES, filter, (void *)&mdata, + buffer, bufsize, nss_ldap_parse_servent, + nss_ldap_destroy_servent); if (rv == NS_SUCCESS) *result = serv; @@ -185,7 +282,7 @@ ldap_setservent() { - __nss_ldap_setent(NSS_LDAP_MAP_SERVICE); + __nss_ldap_setent(NSS_LDAP_MAP_SERVICES); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#2 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#6 (text+ko) ==== @@ -39,6 +39,7 @@ #include "ldapsearch.h" #include "ldaptls.h" #include "ldapconf.h" +#include "nss_ldap.h" #define NSS_BASE_PREFIX ("nss_base_") #define NSS_BASE_PREFIX_SIZE (9) @@ -74,13 +75,13 @@ res = strtol(str, &end, 10); if (*end != '\0') - return (-1); + return (NSS_LDAP_PARSE_ERROR); else if (((res >= low) || (low == -1)) && ((res <= max) || (max == -1))) return (res); else - return (-2); + return (NSS_LDAP_PARSE_ERROR); } static int @@ -90,7 +91,7 @@ int rv; left_arg = left_arg + NSS_BASE_PREFIX_SIZE; - rv = -1; + rv = NSS_LDAP_ARGS_ERROR; if (strcmp(left_arg, "passwd") == 0) rv = __nss_ldap_set_schema_filter_base(&conf->schema, @@ -98,9 +99,9 @@ else if (strcmp(left_arg, "group") == 0) rv = __nss_ldap_set_schema_filter_base(&conf->schema, NSS_LDAP_MAP_GROUP, right_arg); - else if (strcmp(left_arg, "service") == 0) + else if (strcmp(left_arg, "services") == 0) rv = __nss_ldap_set_schema_filter_base(&conf->schema, - NSS_LDAP_MAP_SERVICE, right_arg); + NSS_LDAP_MAP_SERVICES, right_arg); return (rv); } @@ -118,12 +119,12 @@ assert(arg2 != NULL); rv = __nss_ldap_init_rule(&rule, arg1, arg2); - if (rv != 0) - return (-1); + if (rv != NSS_LDAP_SUCCESS) + return (rv); rules_coll = __nss_ldap_get_schema_rules(&conf->schema, rule_id); if (rules_coll == NULL) - return (-1); + return (NSS_LDAP_GENERIC_ERROR); rv = __nss_ldap_add_rule(rules_coll, &rule); return (rv); @@ -175,9 +176,9 @@ printf("fname: %s %d\n", fname, conf->proto_version); fin = fopen(fname, "r"); if (fin == NULL) - return (-1); + return (NSS_LDAP_GENERIC_ERROR); - res = 0; + res = NSS_LDAP_SUCCESS; line_num = 0; memset(buffer, 0, sizeof(buffer)); while ((res == 0) && (fgets(buffer, sizeof(buffer) - 1, fin) != NULL)) { @@ -238,7 +239,8 @@ * NSS_LDAP_PROTO_VERSION_3 constants here */ if (strcmp(fields[0], "ldap-version") == 0) { if ((field_count == 2) && - (value = get_number(fields[1], 2, 3) != -1)) { + (value = get_number(fields[1], 2, 3) == + NSS_LDAP_SUCCESS)) { conf->proto_version = value; continue; } @@ -250,35 +252,35 @@ NSS_BASE_PREFIX_SIZE) == 0) { if ((field_count == 2) && (set_base_map(conf, - fields[0], fields[1]) != -1)) + fields[0], fields[1]) == NSS_LDAP_SUCCESS)) continue; } else if (strcmp(fields[0], "nss_map_attribute") == 0) { if ((field_count == 3) && (set_schema_rule(conf, NSS_LDAP_SCHEMA_MAP_ATTRIBUTE_RULES, fields[1], - fields[2]) == 0)) + fields[2]) == NSS_LDAP_SUCCESS)) continue; } else if (strcmp(fields[0], "nss_map_objectclass") == 0) { if ((field_count == 3) && (set_schema_rule(conf, NSS_LDAP_SCHEMA_MAP_OBJECTCLASS_RULES, fields[1], - fields[2]) == 0)) + fields[2]) == NSS_LDAP_SUCCESS)) continue; } else if (strcmp(fields[0], "nss_default_attribute_value") == 0) { if ((field_count == 3) && (set_schema_rule(conf, NSS_LDAP_SCHEMA_DEFAULT_VALUE_RULES, fields[1], - fields[2]) == 0)) + fields[2]) == NSS_LDAP_SUCCESS)) continue; } else if (strcmp(fields[0], "nss_override_attribute_value") == 0) { if ((field_count == 3) && (set_schema_rule(conf, NSS_LDAP_SCHEMA_OVERRIDE_VALUE_RULES, fields[1], - fields[2]) == 0)) + fields[2]) == NSS_LDAP_SUCCESS)) continue; } break; @@ -286,7 +288,8 @@ printf("== %s, %d ==\n", __FILE__, __LINE__); if (strcmp(fields[0], "port") == 0) { if ((field_count == 2) && - (value = get_number(fields[1], 0, -1) != -1)) { + (value = get_number(fields[1], 0, -1) == + NSS_LDAP_SUCCESS)) { conf->port = value; continue; } @@ -324,7 +327,7 @@ break; } - res = -1; + res = NSS_LDAP_PARSE_ERROR; } fclose(fin); @@ -334,5 +337,13 @@ void __nss_ldap_destroy_config(struct nss_ldap_configuration *config) { + + assert(config != NULL); + free(config->host); + free(config->root_bind_dn); + free(config->bind_dn); + free(config->bind_pw); + + __nss_ldap_destroy_schema(&config->schema); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#6 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#6 (text+ko) ==== @@ -30,6 +30,7 @@ #include #include +#include #include #include #include @@ -39,6 +40,7 @@ #include "ldaputil.h" #include "ldapconn.h" #include "ldapconf.h" +#include "nss_ldap.h" struct nss_ldap_connection * __nss_ldap_connect(struct nss_ldap_connection_method *method, @@ -157,8 +159,10 @@ conn->ld = (LDAP *)ldap_init(conf->host, conf->port); if (conn->ld == NULL) { - printf("--> %s %d\n", __FILE__, __LINE__); - // TODO: error handling here + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_init() error: %s\n", strerror(errno) + ); + err->err_num = errno; free(conn); return (NULL); } @@ -179,14 +183,13 @@ rv = ldap_set_option(conn->ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version); if (rv != LDAP_SUCCESS) { - printf("--> %s %d %d %d %d\n", __FILE__, __LINE__, rv, LDAP_SUCCESS, ldap_version); - ldap_perror(conn->ld, "----->"); - // TODO: error checking + err->err_num = rv; + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_set_option() error: %s\n", ldap_err2string(rv)); ldap_unbind(conn->ld); free(conn); return (NULL); } - return (conn); } @@ -227,10 +230,11 @@ /* If the returned message ID is less than zero, an error occurred. */ if ( msgid < 0 ) { /* NOTE: can't use ldap_result2error here */ - err->err_num = msgid; - strlcpy(err->description, ldap_err2string(rc), - sizeof(err->description)); - return (-1); + err->err_num = ldap_result2error(conn->ld, res, 0); + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_simple_bind() error: %s\n", + ldap_err2string(err->err_num)); + return (NSS_LDAP_CONNECTION_ERROR); } /* Check to see if the bind operation completed. */ @@ -240,9 +244,10 @@ /* If ldap_result() returns -1, error occurred. */ case -1: err->err_num = ldap_result2error(conn->ld, res, 0); - strlcpy(err->description, ldap_err2string(rc), - sizeof(err->description)); - return (-1); + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_result() error: %s\n", + ldap_err2string(err->err_num)); + return (NSS_LDAP_CONNECTION_ERROR); /* If ldap_result() returns 0, the timeout (specified by the timeout argument) has been exceeded before the client received @@ -262,54 +267,52 @@ parse_rc = ldap_parse_result( conn->ld, res, &rc, &matched_msg, &error_msg, &referrals, &serverctrls, 1 ); + /* TODO: probably don't need this, check */ if ( parse_rc != LDAP_SUCCESS ) { err->err_num = parse_rc; - strlcpy(err->description, ldap_err2string(rc), - sizeof(err->description)); - return (-1); + snprintf(err->description, + NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_parse_result() error: %s\n", + ldap_err2string(parse_rc)); + return (NSS_LDAP_CONNECTION_ERROR); } /* Check the results of the operation. */ - if ( rc != LDAP_SUCCESS ) { - err->err_num = rc; - strlcpy(err->description, ldap_err2string(rc), - sizeof(err->description)); + if (rc != LDAP_SUCCESS) { + err->err_num = rc; + /* If an entry specified by a DN could not be + found, the server may also return the portion + of the DN that identifies an existing entry. + (See "Receiving the Portion of the DN Matching + an Entry" for an explanation.) */ + snprintf(err->description, + NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_parse_result() error: %s, " + "(server response: %s) " + "(matched msg: %s)\n", + ldap_err2string(rc), + (error_msg != NULL && *error_msg != '\0') ? + error_msg : "[unknown]", + (matched_msg != NULL && *matched_msg != '\0') ? + matched_msg : "[unknown]" + ); - /* If the server sent an additional error message, - print it out. */ - if ( error_msg != NULL && *error_msg != '\0' ) { - strlcat(err->description, ", ", - sizeof(err->description)); - strlcat(err->description, error_msg, - sizeof(err->description)); - } - - /* If an entry specified by a DN could not be found, - the server may also return the portion of the DN - that identifies an existing entry. - (See"Receiving the Portion of the DN Matching an Entry" - for an explanation.) */ - if ( matched_msg != NULL && *matched_msg != '\0' ) { - strlcat(err->description, - ", matched part:", - sizeof(err->description)); - strlcat(err->description, matched_msg, - sizeof(err->description)); - } - return (-1); + return (NSS_LDAP_CONNECTION_ERROR); } else - return (0); + return (NSS_LDAP_SUCCESS); break; - } + } } + + /* UNREACHABLE */ + return (NSS_LDAP_CONNECTION_ERROR); } int __nss_ldap_simple_disconnect(struct nss_ldap_connection *conn, struct nss_ldap_configuration *conf, struct nss_ldap_connection_error *err) -{ - +{ int rv; assert(conn != NULL); @@ -318,11 +321,14 @@ rv = ldap_unbind(conn->ld); if (rv != LDAP_SUCCESS) { - //TODO: error checking - return (-1); + err->err_num = rv; + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_result() error: %s\n", + ldap_err2string(err->err_num)); + return (NSS_LDAP_CONNECTION_ERROR); } - return (0); + return (NSS_LDAP_SUCCESS); } int @@ -336,7 +342,7 @@ method->auth_fn = __nss_ldap_simple_auth; method->disconnect_fn = __nss_ldap_simple_disconnect; - return (0); + return (NSS_LDAP_SUCCESS); } #endif @@ -345,7 +351,7 @@ __nss_ldap_init_ssl_auth_method(struct nss_ldap_connection_method *method) { - return (0); + return (NSS_LDAP_SUCCESS); } #endif @@ -363,7 +369,10 @@ rv = ldap_start_tls_s(conn->ld, NULL, NULL); if (rv != LDAP_SUCCESS) { - /* TODO: error checking */ + err->err_num = rv; + snprintf(err->description, NSS_LDAP_MAX_ERR_DESC_SIZE, + "ldap_start_tls_s() error: %s\n", + ldap_err2string(err->err_num)); __nss_ldap_simple_disconnect(conn, conf, err); return (NULL); } @@ -379,12 +388,12 @@ assert(method != NULL); rv = __nss_ldap_init_simple_auth_method(method); - if (rv != 0) + if (rv != NSS_LDAP_SUCCESS) return (rv); /* Replacing standard connect routine with start-tls specific */ method->connect_fn = __nss_ldap_start_tls_connect; - return (0); + return (NSS_LDAP_SUCCESS); } #endif ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#6 (text+ko) ==== ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#6 (text+ko) ==== @@ -28,10 +28,14 @@ #include __FBSDID("$FreeBSD$"); +#include #include +#include #include #include #include "ldapschema.h" +#include "ldapsearch.h" +#include "nss_ldap.h" static void init_schema_common(struct nss_ldap_schema *); @@ -129,21 +133,21 @@ snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVBYNAME], NSS_LDAP_FILTER_MAX_SIZE, "(&(objectclass=%s)(%s=%s)(%s=%s))", - _OC(schema, ipServices), _ATM(schema, SERVICES, cn), "%s", + _OC(schema, ipService), _ATM(schema, SERVICES, cn), "%s", _AT(schema, ipServiceProtocol), "%s"); snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVBYPORT], NSS_LDAP_FILTER_MAX_SIZE, "(&(objectclass=%s)(%s=%s)(%s=%s))", - _OC(schema, ipServices), _AT(schema, ipServicePort), "%d", + _OC(schema, ipService), _AT(schema, ipServicePort), "%d", _AT(schema, ipServiceProtocol), "%s"); snprintf(schema->filters[NSS_LDAP_FILTER_GETSERVENT], NSS_LDAP_FILTER_MAX_SIZE, "(objectclass=%s)", - _OC(schema, ipServices)); + _OC(schema, ipService)); } void -__nss_destroy_schema(struct nss_ldap_schema *schema) +__nss_ldap_destroy_schema(struct nss_ldap_schema *schema) { assert(schema != NULL); @@ -171,7 +175,7 @@ rule->right_arg = strdup(right_arg); assert(rule->right_arg != NULL); - return (0); + return (NSS_LDAP_SUCCESS); } void @@ -196,9 +200,9 @@ res = strlcpy(schema->filters[filter_id], filter_str, NSS_LDAP_FILTER_MAX_SIZE); if (res > NSS_LDAP_FILTER_MAX_SIZE - 1) - return (-1); + return (NSS_LDAP_BUFFER_ERROR); - return (0); + return (NSS_LDAP_SUCCESS); } char * @@ -224,9 +228,9 @@ res = strlcpy(schema->filter_bases[filter_base_id], filter_base_str, NSS_LDAP_FILTER_MAX_SIZE); if (res > NSS_LDAP_FILTER_MAX_SIZE - 1) - return (-1); + return (NSS_LDAP_BUFFER_ERROR); - return (0); + return (NSS_LDAP_SUCCESS); } char * @@ -255,7 +259,7 @@ assert(rules->rules != NULL); memset(rules, 0, sizeof(struct nss_ldap_schema_rule) * rules->rules_eff_size); - return (0); + return (NSS_LDAP_SUCCESS); } int @@ -287,7 +291,7 @@ memcpy(rules->rules + rules->rules_size, rule, sizeof(struct nss_ldap_schema_rule)); ++rules->rules_size; >>> TRUNCATED FOR MAIL (1000 lines) <<<