51
57
return ((res<0)||(((size_t)res)>=buflen));
54
const char *get_userpassword(MYLDAP_ENTRY *entry,const char *attr)
60
/* return the fully qualified domain name of the current host */
61
const char *getfqdn(void)
63
static char *fqdn=NULL;
64
char hostname[HOST_NAME_MAX+1];
59
values=myldap_get_values(entry,attr);
60
if ((values==NULL)||(values[0]==NULL))
67
struct hostent *host=NULL;
68
/* if we already have a fqdn return that */
71
/* get system hostname */
72
if (gethostname(hostname,sizeof(hostname))<0)
74
log_log(LOG_ERR,"gethostname() failed: %s",strerror(errno));
77
hostnamelen=strlen(hostname);
79
host=gethostbyname(hostname);
82
log_log(LOG_ERR,"gethostbyname(%s): %s",hostname,hstrerror(h_errno));
83
/* fall back to hostname */
84
fqdn=strdup(hostname);
87
/* check h_name for fqdn starting with our hostname */
88
if ((strncasecmp(hostname,host->h_name,hostnamelen)==0)&&
89
(host->h_name[hostnamelen]=='.')&&
90
(host->h_name[hostnamelen+1]!='\0'))
92
fqdn=strdup(host->h_name);
95
/* also check h_aliases */
96
for (i=0;host->h_aliases[i]!=NULL;i++)
98
if ((strncasecmp(hostname,host->h_aliases[i],hostnamelen)==0)&&
99
(host->h_aliases[i][hostnamelen]=='.')&&
100
(host->h_aliases[i][hostnamelen+1]!='\0'))
102
fqdn=strdup(host->h_aliases[i]);
106
/* fall back to h_name if it has a dot in it */
107
if (strchr(host->h_name,'.')!=NULL)
109
fqdn=strdup(host->h_name);
112
/* also check h_aliases */
113
for (i=0;host->h_aliases[i]!=NULL;i++)
115
if (strchr(host->h_aliases[i],'.')!=NULL)
117
fqdn=strdup(host->h_aliases[i]);
121
/* nothing found, fall back to hostname */
122
fqdn=strdup(hostname);
126
const char *get_userpassword(MYLDAP_ENTRY *entry,const char *attr,char *buffer,size_t buflen)
128
const char *tmpvalue;
130
tmpvalue=attmap_get_value(entry,attr,buffer,buflen);
62
133
/* go over the entries and return the remainder of the value if it
63
134
starts with {crypt} or crypt$ */
64
for (i=0;values[i]!=NULL;i++)
66
if (strncasecmp(values[i],"{crypt}",7)==0)
68
if (strncasecmp(values[i],"crypt$",6)==0)
135
if (strncasecmp(tmpvalue,"{crypt}",7)==0)
137
if (strncasecmp(tmpvalue,"crypt$",6)==0)
71
139
/* just return the first value completely */
73
141
/* TODO: support more password formats e.g. SMD5
74
142
(which is $1$ but in a different format)
75
143
(any code for this is more than welcome) */
79
Checks to see if the specified name seems to be a valid user or group name.
81
This test is based on the definition from POSIX (IEEE Std 1003.1, 2004,
82
3.426 User Name, 3.189 Group Name and 3.276 Portable Filename Character Set):
83
http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_426
84
http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_189
85
http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_276
87
The standard defines user names valid if they contain characters from
88
the set [A-Za-z0-9._-] where the hyphen should not be used as first
89
character. As an extension this test allows some more characters.
146
/* Checks if the specified name seems to be a valid user or group name. */
91
147
int isvalidname(const char *name)
94
if ((name==NULL)||(name[0]=='\0'))
96
/* check characters */
97
for (i=0;name[i]!='\0';i++)
100
if (i>=LOGIN_NAME_MAX)
102
#endif /* LOGIN_NAME_MAX */
103
if ( ! ( ( (i!=0) && (name[i]=='-') ) ||
104
( (i!=0) && (name[i]=='\\') && name[i+1]!='\0' ) ||
105
(name[i]>='@' && name[i] <= 'Z') ||
106
(name[i]>='a' && name[i] <= 'z') ||
107
(name[i]>='0' && name[i] <= '9') ||
108
name[i]=='.' || name[i]=='_' || name[i]=='$' || name[i]==' ') )
111
/* no test failed so it must be good */
149
return regexec(&nslcd_cfg->validnames,name,0,NULL,0)==0;
115
152
/* this writes a single address to the stream */
217
/* convert the provided string representation of a sid
218
(e.g. S-1-5-21-1936905831-823966427-12391542-23578)
219
to a format that can be used to search the objectSid property with */
220
char *sid2search(const char *sid)
222
const char *tmpsid=sid;
226
/* check the beginning of the string */
227
if (strncasecmp(sid,"S-",2)!=0)
229
log_log(LOG_ERR,"error in SID %s",sid);
232
/* count the number of dashes in the sid */
236
tmpsid=strchr(tmpsid+1,'-');
238
i-=2; /* number of security ids plus one because we add the uid later */
239
/* allocate memory */
240
res=malloc(3+3+6*3+i*4*3+1);
243
log_log(LOG_CRIT,"malloc() failed to allocate memory");
246
/* build the first part */
247
l=strtol(sid+2,&tmp,10);
248
sprintf(res,"\\%02x\\%02x",(int)l&0xff,(int)i);
249
/* build authority part (we only handle 32 of the 48 bits) */
250
l=strtol(tmp+1,&tmp,10);
251
sprintf(res+strlen(res),"\\00\\00\\%02x\\%02x\\%02x\\%02x",
252
(int)((l>>24)&0xff),(int)((l>>16)&0xff),(int)((l>>8)&0xff),(int)(l&0xff));
253
/* go over the rest of the bits */
256
l=strtol(tmp+1,&tmp,10);
257
sprintf(res+strlen(res),"\\%02x\\%02x\\%02x\\%02x",
258
(int)(l&0xff),(int)((l>>8)&0xff),(int)((l>>16)&0xff),(int)((l>>24)&0xff));
263
/* return the last security identifier of the binary sid */
264
long int binsid2id(const char *binsid)
267
/* find the position of the last security id */
268
i=2+6+((((int)binsid[1])&0xff)-1)*4;
269
return (((long int)binsid[i])&0xff)|((((long int)binsid[i+1])&0xff)<<8)|
270
((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24);
274
/* provide a strtoui() implementation, similar to strtoul() but returning
275
an range-checked unsigned int instead */
276
unsigned int strtoui(const char *nptr,char **endptr,int base)
279
val=strtoul(nptr,endptr,base);
285
/* If errno was set by strtoull, we'll pass it back as-is */
286
return (unsigned int)val;
288
#endif /* WANT_STRTOUI */