« back to all changes in this revision
Viewing changes to util.c
- browse files at revision 11
- compare with another revision
- download diff
- download tarball
- view history from revision 11
- Committer: Bazaar Package Importer
- Author(s): Richard A Nelson (Rick)
- Date: 2007-05-14 19:40:00 UTC
- mfrom: (1.1.4 upstream)
- Revision ID: james.westby@ubuntu.com-20070514194000-40u9ndh540lgliqe
Tags: 255-1
Survived i386 and amd64, let it loose
- files added:
- debian/patches
- files removed:
- ANNOUNCE
- doc
- tests
- files modified:
- debian/changelog
added
removed
util.c
1
/* Copyright (C) 1997-2005 Luke Howard.
2
This file is part of the nss_ldap library.
3
Contributed by Luke Howard, <lukeh@padl.com>, 1997.
4
(The author maintains a non-exclusive licence to distribute this file
5
under their own conditions.)
6
7
The nss_ldap library is free software; you can redistribute it and/or
8
modify it under the terms of the GNU Library General Public License as
9
published by the Free Software Foundation; either version 2 of the
10
License, or (at your option) any later version.
11
12
The nss_ldap library is distributed in the hope that it will be useful,
13
but WITHOUT ANY WARRANTY; without even the implied warranty of
14
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15
Library General Public License for more details.
16
17
You should have received a copy of the GNU Library General Public
18
License along with the nss_ldap library; see the file COPYING.LIB. If not,
19
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
20
Boston, MA 02111-1307, USA.
21
*/
22
23
#include "config.h"
24
25
#if defined(HAVE_THREAD_H) && !defined(_AIX)
26
#include <thread.h>
27
#elif defined(HAVE_PTHREAD_H)
28
#include <pthread.h>
29
#endif
30
31
#include <stdio.h>
32
#include <string.h>
33
#ifdef HAVE_STRINGS_H
34
#include <strings.h>
35
#endif
36
#include <stdlib.h>
37
38
#include <sys/param.h>
39
#include <sys/stat.h>
40
41
#include <netdb.h>
42
#include <syslog.h>
43
#include <string.h>
44
#include <fcntl.h>
45
#include <assert.h>
46
47
#ifdef HAVE_LBER_H
48
#include <lber.h>
49
#endif
50
#ifdef HAVE_LDAP_H
51
#include <ldap.h>
52
#endif
53
54
#ifndef HAVE_SNPRINTF
55
#include "snprintf.h"
56
#endif
57
58
#include "ldap-nss.h"
59
#include "util.h"
60
61
static char rcsId[] = "$Id: util.c,v 2.132 2006/01/25 20:30:27 lukeh Exp $";
62
63
static NSS_STATUS do_getrdnvalue (const char *dn,
64
const char *rdntype,
65
char **rval, char **buffer,
66
size_t * buflen);
67
68
69
static NSS_STATUS do_parse_map_statement (ldap_config_t * cfg,
70
const char *statement,
71
ldap_map_type_t type);
72
73
static NSS_STATUS do_searchdescriptorconfig (const char *key,
74
const char *value,
75
size_t valueLength,
76
ldap_service_search_descriptor_t
77
** result, char **buffer,
78
size_t * buflen);
79
80
#include <fcntl.h>
81
static void *__cache = NULL;
82
83
NSS_LDAP_DEFINE_LOCK (__cache_lock);
84
85
#define cache_lock() NSS_LDAP_LOCK(__cache_lock)
86
#define cache_unlock() NSS_LDAP_UNLOCK(__cache_lock)
87
88
static NSS_STATUS
89
dn2uid_cache_put (const char *dn, const char *uid)
90
{
91
NSS_STATUS stat;
92
ldap_datum_t key, val;
93
94
cache_lock ();
95
96
if (__cache == NULL)
97
{
98
__cache = _nss_ldap_db_open ();
99
if (__cache == NULL)
100
{
101
cache_unlock ();
102
return NSS_TRYAGAIN;
103
}
104
}
105
106
key.data = (void *) dn;
107
key.size = strlen (dn);
108
val.data = (void *) uid;
109
val.size = strlen (uid);
110
111
stat = _nss_ldap_db_put (__cache, 0, &key, &val);
112
113
cache_unlock ();
114
115
return stat;
116
}
117
118
static NSS_STATUS
119
dn2uid_cache_get (const char *dn, char **uid, char **buffer, size_t * buflen)
120
{
121
ldap_datum_t key, val;
122
NSS_STATUS stat;
123
124
cache_lock ();
125
126
if (__cache == NULL)
127
{
128
cache_unlock ();
129
return NSS_NOTFOUND;
130
}
131
132
key.data = (void *) dn;
133
key.size = strlen (dn);
134
135
stat = _nss_ldap_db_get (__cache, 0, &key, &val);
136
if (stat != NSS_SUCCESS)
137
{
138
cache_unlock ();
139
return stat;
140
}
141
142
if (*buflen <= val.size)
143
{
144
cache_unlock ();
145
return NSS_TRYAGAIN;
146
}
147
148
*uid = *buffer;
149
memcpy (*uid, (char *) val.data, val.size);
150
(*uid)[val.size] = '\0';
151
*buffer += val.size + 1;
152
*buflen -= val.size + 1;
153
154
cache_unlock ();
155
return NSS_SUCCESS;
156
}
157
158
#ifdef HPUX
159
static int lock_inited = 0;
160
#endif
161
162
NSS_STATUS
163
_nss_ldap_dn2uid (const char *dn, char **uid, char **buffer, size_t * buflen,
164
int *pIsNestedGroup, LDAPMessage ** pRes)
165
{
166
NSS_STATUS stat;
167
168
debug ("==> _nss_ldap_dn2uid");
169
170
*pIsNestedGroup = 0;
171
172
#ifdef HPUX
173
/* XXX this is not thread-safe */
174
if (!lock_inited)
175
{
176
__thread_mutex_init (&__cache_lock, NULL);
177
lock_inited = 1;
178
}
179
#endif
180
181
stat = dn2uid_cache_get (dn, uid, buffer, buflen);
182
if (stat == NSS_NOTFOUND)
183
{
184
const char *attrs[4];
185
LDAPMessage *res;
186
187
attrs[0] = ATM (LM_PASSWD, uid);
188
attrs[1] = ATM (LM_GROUP, uniqueMember);
189
attrs[2] = AT (objectClass);
190
attrs[3] = NULL;
191
192
if (_nss_ldap_read (dn, attrs, &res) == NSS_SUCCESS)
193
{
194
LDAPMessage *e = _nss_ldap_first_entry (res);
195
if (e != NULL)
196
{
197
if (_nss_ldap_oc_check (e, OC (posixGroup)) == NSS_SUCCESS)
198
{
199
*pIsNestedGroup = 1;
200
*pRes = res;
201
debug ("<== _nss_ldap_dn2uid (nested group)");
202
return NSS_SUCCESS;
203
}
204
205
stat =
206
_nss_ldap_assign_attrval (e, ATM (LM_PASSWD, uid), uid,
207
buffer, buflen);
208
if (stat == NSS_SUCCESS)
209
dn2uid_cache_put (dn, *uid);
210
}
211
}
212
ldap_msgfree (res);
213
}
214
215
debug ("<== _nss_ldap_dn2uid");
216
217
return stat;
218
}
219
220
NSS_STATUS
221
_nss_ldap_getrdnvalue (LDAPMessage * entry,
222
const char *rdntype,
223
char **rval, char **buffer, size_t * buflen)
224
{
225
char *dn;
226
NSS_STATUS status;
227
228
dn = _nss_ldap_get_dn (entry);
229
if (dn == NULL)
230
{
231
return NSS_NOTFOUND;
232
}
233
234
status = do_getrdnvalue (dn, rdntype, rval, buffer, buflen);
235
#ifdef HAVE_LDAP_MEMFREE
236
ldap_memfree (dn);
237
#else
238
free (dn);
239
#endif /* HAVE_LDAP_MEMFREE */
240
241
/*
242
* If examining the DN failed, then pick the nominal first
243
* value of cn as the canonical name (recall that attributes
244
* are sets, not sequences)
245
*/
246
if (status == NSS_NOTFOUND)
247
{
248
char **vals;
249
250
vals = _nss_ldap_get_values (entry, rdntype);
251
252
if (vals != NULL)
253
{
254
int rdnlen = strlen (*vals);
255
if (*buflen > rdnlen)
256
{
257
char *rdnvalue = *buffer;
258
strncpy (rdnvalue, *vals, rdnlen);
259
rdnvalue[rdnlen] = '\0';
260
*buffer += rdnlen + 1;
261
*buflen -= rdnlen + 1;
262
*rval = rdnvalue;
263
status = NSS_SUCCESS;
264
}
265
else
266
{
267
status = NSS_TRYAGAIN;
268
}
269
ldap_value_free (vals);
270
}
271
}
272
273
return status;
274
}
275
276
static NSS_STATUS
277
do_getrdnvalue (const char *dn,
278
const char *rdntype,
279
char **rval, char **buffer, size_t * buflen)
280
{
281
char **exploded_dn;
282
char *rdnvalue = NULL;
283
char rdnava[64];
284
int rdnlen = 0, rdnavalen;
285
286
snprintf (rdnava, sizeof rdnava, "%s=", rdntype);
287
rdnavalen = strlen (rdnava);
288
289
exploded_dn = ldap_explode_dn (dn, 0);
290
291
if (exploded_dn != NULL)
292
{
293
/*
294
* attempt to get the naming attribute's principal
295
* value by parsing the RDN. We need to support
296
* multivalued RDNs (as they're essentially mandated
297
* for services)
298
*/
299
#ifdef HAVE_LDAP_EXPLODE_RDN
300
/*
301
* use ldap_explode_rdn() API, as it's cleaner than
302
* strtok(). This code has not been tested!
303
*/
304
char **p, **exploded_rdn;
305
306
exploded_rdn = ldap_explode_rdn (*exploded_dn, 0);
307
if (exploded_rdn != NULL)
308
{
309
for (p = exploded_rdn; *p != NULL; p++)
310
{
311
if (strncasecmp (*p, rdnava, rdnavalen) == 0)
312
{
313
char *r = *p + rdnavalen;
314
315
rdnlen = strlen (r);
316
if (*buflen <= rdnlen)
317
{
318
ldap_value_free (exploded_rdn);
319
ldap_value_free (exploded_dn);
320
return NSS_TRYAGAIN;
321
}
322
rdnvalue = *buffer;
323
strncpy (rdnvalue, r, rdnlen);
324
break;
325
}
326
}
327
ldap_value_free (exploded_rdn);
328
}
329
#else
330
/*
331
* we don't have Netscape's ldap_explode_rdn() API,
332
* so we fudge it with strtok(). Note that this will
333
* not handle escaping properly.
334
*/
335
char *p, *r = *exploded_dn;
336
#ifdef HAVE_STRTOK_R
337
char *st = NULL;
338
#endif
339
340
#ifndef HAVE_STRTOK_R
341
for (p = strtok (r, "+");
342
#else
343
for (p = strtok_r (r, "+", &st);
344
#endif
345
p != NULL;
346
#ifndef HAVE_STRTOK_R
347
p = strtok (NULL, "+"))
348
#else
349
p = strtok_r (NULL, "+", &st))
350
#endif
351
{
352
if (strncasecmp (p, rdnava, rdnavalen) == 0)
353
{
354
p += rdnavalen;
355
rdnlen = strlen (p);
356
if (*buflen <= rdnlen)
357
{
358
ldap_value_free (exploded_dn);
359
return NSS_TRYAGAIN;
360
}
361
rdnvalue = *buffer;
362
strncpy (rdnvalue, p, rdnlen);
363
break;
364
}
365
if (r != NULL)
366
r = NULL;
367
}
368
#endif /* HAVE_LDAP_EXPLODE_RDN */
369
}
370
371
if (exploded_dn != NULL)
372
{
373
ldap_value_free (exploded_dn);
374
}
375
376
if (rdnvalue != NULL)
377
{
378
rdnvalue[rdnlen] = '\0';
379
*buffer += rdnlen + 1;
380
*buflen -= rdnlen + 1;
381
*rval = rdnvalue;
382
return NSS_SUCCESS;
383
}
384
385
return NSS_NOTFOUND;
386
}
387
388
static NSS_STATUS
389
do_parse_map_statement (ldap_config_t * cfg,
390
const char *statement, ldap_map_type_t type)
391
{
392
char *key, *val;
393
ldap_map_selector_t sel = LM_NONE;
394
395
key = (char *) statement;
396
val = key;
397
while (*val != ' ' && *val != '\t')
398
val++;
399
*(val++) = '\0';
400
401
while (*val == ' ' || *val == '\t')
402
val++;
403
404
{
405
char *p = strchr (key, ':');
406
407
if (p != NULL)
408
{
409
*p = '\0';
410
sel = _nss_ldap_str2selector (key);
411
key = ++p;
412
}
413
}
414
415
return _nss_ldap_map_put (cfg, sel, type, key, val);
416
}
417
418
/* parse a comma-separated list */
419
static NSS_STATUS
420
do_parse_list (char *values, char ***valptr,
421
char **pbuffer, size_t *pbuflen)
422
{
423
char *s, **p;
424
#ifdef HAVE_STRTOK_R
425
char *tok_r;
426
#endif
427
int valcount;
428
429
int buflen = *pbuflen;
430
char *buffer = *pbuffer;
431
432
/* comma separated list of values to ignore on initgroups() */
433
for (valcount = 1, s = values; *s != '\0'; s++)
434
{
435
if (*s == ',')
436
valcount++;
437
}
438
439
if (bytesleft (buffer, buflen, char *) < (valcount + 1) * sizeof (char *))
440
{
441
return NSS_UNAVAIL;
442
}
443
444
align (buffer, buflen, char *);
445
p = *valptr = (char **) buffer;
446
447
buffer += (valcount + 1) * sizeof (char *);
448
buflen -= (valcount + 1) * sizeof (char *);
449
450
#ifdef HAVE_STRTOK_R
451
for (s = strtok_r(values, ",", &tok_r); s != NULL;
452
s = strtok_r(NULL, ",", &tok_r))
453
#else
454
for (s = strtok(values, ","); s != NULL; s = strtok(NULL, ","))
455
#endif
456
{
457
int vallen;
458
char *elt = NULL;
459
460
vallen = strlen (s);
461
if (buflen < (size_t) (vallen + 1))
462
{
463
return NSS_UNAVAIL;
464
}
465
466
/* copy this value into the next block of buffer space */
467
elt = buffer;
468
buffer += vallen + 1;
469
buflen -= vallen + 1;
470
471
strncpy (elt, s, vallen);
472
elt[vallen] = '\0';
473
*p++ = elt;
474
}
475
476
*p = NULL;
477
*pbuffer = buffer;
478
*pbuflen = buflen;
479
480
return NSS_SUCCESS;
481
}
482
483
ldap_map_selector_t
484
_nss_ldap_str2selector (const char *key)
485
{
486
ldap_map_selector_t sel;
487
488
if (!strcasecmp (key, MP_passwd))
489
sel = LM_PASSWD;
490
else if (!strcasecmp (key, MP_shadow))
491
sel = LM_SHADOW;
492
else if (!strcasecmp (key, MP_group))
493
sel = LM_GROUP;
494
else if (!strcasecmp (key, MP_hosts))
495
sel = LM_HOSTS;
496
else if (!strcasecmp (key, MP_services))
497
sel = LM_SERVICES;
498
else if (!strcasecmp (key, MP_networks))
499
sel = LM_NETWORKS;
500
else if (!strcasecmp (key, MP_protocols))
501
sel = LM_PROTOCOLS;
502
else if (!strcasecmp (key, MP_rpc))
503
sel = LM_RPC;
504
else if (!strcasecmp (key, MP_ethers))
505
sel = LM_ETHERS;
506
else if (!strcasecmp (key, MP_netmasks))
507
sel = LM_NETMASKS;
508
else if (!strcasecmp (key, MP_bootparams))
509
sel = LM_BOOTPARAMS;
510
else if (!strcasecmp (key, MP_aliases))
511
sel = LM_ALIASES;
512
else if (!strcasecmp (key, MP_netgroup))
513
sel = LM_NETGROUP;
514
else if (!strcasecmp (key, MP_automount))
515
sel = LM_AUTOMOUNT;
516
else
517
sel = LM_NONE;
518
519
return sel;
520
}
521
522
static NSS_STATUS
523
do_searchdescriptorconfig (const char *key, const char *value, size_t len,
524
ldap_service_search_descriptor_t ** result,
525
char **buffer, size_t * buflen)
526
{
527
ldap_service_search_descriptor_t **t, *cur;
528
char *base;
529
char *filter, *s;
530
int scope;
531
ldap_map_selector_t sel;
532
533
t = NULL;
534
filter = NULL;
535
scope = -1;
536
537
if (strncasecmp (key, NSS_LDAP_KEY_NSS_BASE_PREFIX,
538
NSS_LDAP_KEY_NSS_BASE_PREFIX_LEN) != 0)
539
return NSS_SUCCESS;
540
541
sel = _nss_ldap_str2selector (&key[NSS_LDAP_KEY_NSS_BASE_PREFIX_LEN]);
542
t = (sel < LM_NONE) ? &result[sel] : NULL;
543
544
if (t == NULL)
545
return NSS_SUCCESS;
546
547
/* we have already checked for room for the value */
548
/* len is set to the length of value */
549
base = *buffer;
550
strncpy (base, value, len);
551
base[len] = '\0';
552
553
*buffer += len + 1;
554
*buflen -= len + 1;
555
556
/* probably is some funky escaping needed here. later... */
557
s = strchr (base, '?');
558
if (s != NULL)
559
{
560
*s = '\0';
561
s++;
562
if (!strcasecmp (s, "sub"))
563
scope = LDAP_SCOPE_SUBTREE;
564
else if (!strcasecmp (s, "one"))
565
scope = LDAP_SCOPE_ONELEVEL;
566
else if (!strcasecmp (s, "base"))
567
scope = LDAP_SCOPE_BASE;
568
filter = strchr (s, '?');
569
if (filter != NULL)
570
{
571
*filter = '\0';
572
filter++;
573
}
574
}
575
576
if (bytesleft (*buffer, *buflen, ldap_service_search_descriptor_t) <
577
sizeof (ldap_service_search_descriptor_t))
578
return NSS_UNAVAIL;
579
580
align (*buffer, *buflen, ldap_service_search_descriptor_t);
581
582
for (cur = *t; cur && cur->lsd_next; cur = cur->lsd_next)
583
;
584
if (!cur)
585
{
586
*t = (ldap_service_search_descriptor_t *) * buffer;
587
cur = *t;
588
}
589
else
590
{
591
cur->lsd_next = (ldap_service_search_descriptor_t *) * buffer;
592
cur = cur->lsd_next;
593
}
594
595
cur->lsd_base = base;
596
cur->lsd_scope = scope;
597
cur->lsd_filter = filter;
598
cur->lsd_next = NULL;
599
600
*buffer += sizeof (ldap_service_search_descriptor_t);
601
*buflen -= sizeof (ldap_service_search_descriptor_t);
602
603
return NSS_SUCCESS;
604
}
605
606
NSS_STATUS _nss_ldap_init_config (ldap_config_t * result)
607
{
608
int i, j;
609
610
memset (result, 0, sizeof (*result));
611
612
result->ldc_scope = LDAP_SCOPE_SUBTREE;
613
result->ldc_deref = LDAP_DEREF_NEVER;
614
result->ldc_base = NULL;
615
result->ldc_binddn = NULL;
616
result->ldc_bindpw = NULL;
617
result->ldc_saslid = NULL;
618
result->ldc_usesasl = 0;
619
result->ldc_rootbinddn = NULL;
620
result->ldc_rootbindpw = NULL;
621
result->ldc_rootsaslid = NULL;
622
result->ldc_rootusesasl = 0;
623
#ifdef LDAP_VERSION3
624
result->ldc_version = LDAP_VERSION3;
625
#else
626
result->ldc_version = LDAP_VERSION2;
627
#endif /* LDAP_VERSION3 */
628
result->ldc_timelimit = LDAP_NO_LIMIT;
629
result->ldc_bind_timelimit = 30;
630
result->ldc_ssl_on = SSL_OFF;
631
result->ldc_sslpath = NULL;
632
result->ldc_referrals = 1;
633
result->ldc_restart = 1;
634
result->ldc_tls_checkpeer = -1;
635
result->ldc_tls_cacertfile = NULL;
636
result->ldc_tls_cacertdir = NULL;
637
result->ldc_tls_ciphers = NULL;
638
result->ldc_tls_cert = NULL;
639
result->ldc_tls_key = NULL;
640
result->ldc_tls_randfile = NULL;
641
result->ldc_idle_timelimit = 0;
642
result->ldc_reconnect_pol = LP_RECONNECT_HARD_OPEN;
643
result->ldc_sasl_secprops = NULL;
644
result->ldc_srv_domain = NULL;
645
result->ldc_logdir = NULL;
646
result->ldc_debug = 0;
647
result->ldc_pagesize = LDAP_PAGESIZE;
648
#ifdef CONFIGURE_KRB5_CCNAME
649
result->ldc_krb5_ccname = NULL;
650
#endif /* CONFIGURE_KRB5_CCNAME */
651
result->ldc_flags = 0;
652
#ifdef RFC2307BIS
653
result->ldc_flags |= NSS_LDAP_FLAGS_RFC2307BIS;
654
#endif
655
#ifdef PAGE_RESULTS
656
result->ldc_flags |= NSS_LDAP_FLAGS_PAGED_RESULTS;
657
#endif
658
result->ldc_reconnect_tries = LDAP_NSS_TRIES;
659
result->ldc_reconnect_sleeptime = LDAP_NSS_SLEEPTIME;
660
result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME;
661
result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES;
662
result->ldc_initgroups_ignoreusers = NULL;
663
664
for (i = 0; i <= LM_NONE; i++)
665
{
666
for (j = 0; j <= MAP_MAX; j++)
667
{
668
result->ldc_maps[i][j] = _nss_ldap_db_open ();
669
if (result->ldc_maps[i][j] == NULL)
670
return NSS_UNAVAIL;
671
}
672
}
673
674
return NSS_SUCCESS;
675
}
676
677
NSS_STATUS
678
_nss_ldap_add_uri (ldap_config_t *result, const char *uri,
679
char **buffer, size_t *buflen)
680
{
681
/* add a single URI to the list of URIs in the configuration */
682
int i;
683
size_t uri_len;
684
685
debug ("==> _nss_ldap_add_uri");
686
687
for (i = 0; result->ldc_uris[i] != NULL; i++)
688
;
689
690
if (i == NSS_LDAP_CONFIG_URI_MAX)
691
{
692
debug ("<== _nss_ldap_add_uri: maximum number of URIs exceeded");
693
return NSS_UNAVAIL;
694
}
695
696
assert (i < NSS_LDAP_CONFIG_URI_MAX);
697
698
uri_len = strlen (uri);
699
700
if (*buflen < uri_len + 1)
701
return NSS_TRYAGAIN;
702
703
memcpy (*buffer, uri, uri_len + 1);
704
705
result->ldc_uris[i] = *buffer;
706
result->ldc_uris[i + 1] = NULL;
707
708
*buffer += uri_len + 1;
709
*buflen -= uri_len + 1;
710
711
debug ("<== _nss_ldap_add_uri: added URI %s", uri);
712
713
return NSS_SUCCESS;
714
}
715
716
static NSS_STATUS
717
do_add_uris (ldap_config_t *result, char *uris,
718
char **buffer, size_t *buflen)
719
{
720
/* Add a space separated list of URIs */
721
char *p;
722
NSS_STATUS stat = NSS_SUCCESS;
723
724
for (p = uris; p != NULL; )
725
{
726
char *q = strchr (p, ' ');
727
if (q != NULL)
728
*q = '\0';
729
730
stat = _nss_ldap_add_uri (result, p, buffer, buflen);
731
732
p = (q != NULL) ? ++q : NULL;
733
734
if (stat != NSS_SUCCESS)
735
break;
736
}
737
738
return stat;
739
}
740
741
static NSS_STATUS
742
do_add_hosts (ldap_config_t *result, char *hosts,
743
char **buffer, size_t *buflen)
744
{
745
/* Add a space separated list of hosts */
746
char *p;
747
NSS_STATUS stat = NSS_SUCCESS;
748
749
for (p = hosts; p != NULL; )
750
{
751
char b[NSS_LDAP_CONFIG_BUFSIZ];
752
char *q = strchr (p, ' ');
753
754
if (q != NULL)
755
*q = '\0';
756
757
snprintf (b, sizeof(b), "ldap://%s", p);
758
759
stat = _nss_ldap_add_uri (result, b, buffer, buflen);
760
761
p = (q != NULL) ? ++q : NULL;
762
763
if (stat != NSS_SUCCESS)
764
break;
765
}
766
767
return stat;
768
}
769
770
NSS_STATUS
771
_nss_ldap_readconfig (ldap_config_t ** presult, char **buffer, size_t *buflen)
772
{
773
FILE *fp;
774
char b[NSS_LDAP_CONFIG_BUFSIZ];
775
NSS_STATUS stat = NSS_SUCCESS;
776
ldap_config_t *result;
777
struct stat statbuf;
778
779
if (bytesleft (*buffer, *buflen, ldap_config_t *) < sizeof (ldap_config_t))
780
{
781
return NSS_TRYAGAIN;
782
}
783
align (*buffer, *buflen, ldap_config_t *);
784
result = *presult = (ldap_config_t *) *buffer;
785
*buffer += sizeof (ldap_config_t);
786
*buflen -= sizeof (ldap_config_t);
787
788
stat = _nss_ldap_init_config (result);
789
if (stat != NSS_SUCCESS)
790
{
791
return NSS_SUCCESS;
792
}
793
794
fp = fopen (NSS_LDAP_PATH_CONF, "r");
795
if (fp == NULL)
796
{
797
return NSS_UNAVAIL;
798
}
799
800
if (fstat (fileno (fp), &statbuf) == 0)
801
result->ldc_mtime = statbuf.st_mtime;
802
else
803
result->ldc_mtime = 0;
804
805
while (fgets (b, sizeof (b), fp) != NULL)
806
{
807
char *k, *v;
808
int len;
809
char **t = NULL;
810
811
if (*b == '\n' || *b == '\r' || *b == '#')
812
continue;
813
814
k = b;
815
v = k;
816
817
/* skip past all characters in keyword */
818
while (*v != '\0' && *v != ' ' && *v != '\t')
819
v++;
820
821
if (*v == '\0')
822
continue;
823
824
/* terminate keyword */
825
*(v++) = '\0';
826
827
/* skip empty lines with more than 3 spaces at the start of the line */
828
/* rds.oliver@samera.com.py 01-set-2004 */
829
if (*v == '\n')
830
continue;
831
832
/* skip all whitespaces between keyword and value */
833
/* Lars Oergel <lars.oergel@innominate.de>, 05.10.2000 */
834
while (*v == ' ' || *v == '\t')
835
v++;
836
837
/* kick off all whitespaces and newline at the end of value */
838
/* Bob Guo <bob@mail.ied.ac.cn>, 08.10.2001 */
839
840
/* Also remove \r (CR) to be able to handle files in DOS format (lines
841
* terminated in CR LF). Alejandro Forero Cuervo
842
* <azul@freaks-unidos.net>, 10-may-2005 */
843
844
len = strlen (v) - 1;
845
while (v[len] == ' ' || v[len] == '\t' || v[len] == '\n' || v[len] == '\r')
846
--len;
847
v[++len] = '\0';
848
849
if (*buflen < (size_t) (len + 1))
850
{
851
stat = NSS_TRYAGAIN;
852
break;
853
}
854
855
if (!strcasecmp (k, NSS_LDAP_KEY_HOST))
856
{
857
stat = do_add_hosts (result, v, buffer, buflen);
858
if (stat != NSS_SUCCESS)
859
break;
860
}
861
else if (!strcasecmp (k, NSS_LDAP_KEY_URI))
862
{
863
stat = do_add_uris (result, v, buffer, buflen);
864
if (stat != NSS_SUCCESS)
865
break;
866
}
867
else if (!strcasecmp (k, NSS_LDAP_KEY_BASE))
868
{
869
t = &result->ldc_base;
870
}
871
else if (!strcasecmp (k, NSS_LDAP_KEY_BINDDN))
872
{
873
t = &result->ldc_binddn;
874
}
875
else if (!strcasecmp (k, NSS_LDAP_KEY_BINDPW))
876
{
877
t = &result->ldc_bindpw;
878
}
879
else if (!strcasecmp (k, NSS_LDAP_KEY_USESASL))
880
{
881
result->ldc_usesasl = (!strcasecmp (v, "on")
882
|| !strcasecmp (v, "yes")
883
|| !strcasecmp (v, "true"));
884
}
885
else if (!strcasecmp (k, NSS_LDAP_KEY_SASLID))
886
{
887
t = &result->ldc_saslid;
888
}
889
else if (!strcasecmp (k, NSS_LDAP_KEY_ROOTBINDDN))
890
{
891
t = &result->ldc_rootbinddn;
892
}
893
else if (!strcasecmp (k, NSS_LDAP_KEY_ROOTUSESASL))
894
{
895
result->ldc_rootusesasl = (!strcasecmp (v, "on")
896
|| !strcasecmp (v, "yes")
897
|| !strcasecmp (v, "true"));
898
}
899
else if (!strcasecmp (k, NSS_LDAP_KEY_ROOTSASLID))
900
{
901
t = &result->ldc_rootsaslid;
902
}
903
else if (!strcasecmp (k, NSS_LDAP_KEY_SSLPATH))
904
{
905
t = &result->ldc_sslpath;
906
}
907
else if (!strcasecmp (k, NSS_LDAP_KEY_SCOPE))
908
{
909
if (!strcasecmp (v, "sub"))
910
{
911
result->ldc_scope = LDAP_SCOPE_SUBTREE;
912
}
913
else if (!strcasecmp (v, "one"))
914
{
915
result->ldc_scope = LDAP_SCOPE_ONELEVEL;
916
}
917
else if (!strcasecmp (v, "base"))
918
{
919
result->ldc_scope = LDAP_SCOPE_BASE;
920
}
921
}
922
else if (!strcasecmp (k, NSS_LDAP_KEY_DEREF))
923
{
924
if (!strcasecmp (v, "never"))
925
{
926
result->ldc_deref = LDAP_DEREF_NEVER;
927
}
928
else if (!strcasecmp (v, "searching"))
929
{
930
result->ldc_deref = LDAP_DEREF_SEARCHING;
931
}
932
else if (!strcasecmp (v, "finding"))
933
{
934
result->ldc_deref = LDAP_DEREF_FINDING;
935
}
936
else if (!strcasecmp (v, "always"))
937
{
938
result->ldc_deref = LDAP_DEREF_ALWAYS;
939
}
940
}
941
else if (!strcasecmp (k, NSS_LDAP_KEY_PORT))
942
{
943
result->ldc_port = atoi (v);
944
}
945
else if (!strcasecmp (k, NSS_LDAP_KEY_SSL))
946
{
947
if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
948
|| !strcasecmp (v, "true"))
949
{
950
result->ldc_ssl_on = SSL_LDAPS;
951
}
952
else if (!strcasecmp (v, "start_tls"))
953
{
954
result->ldc_ssl_on = SSL_START_TLS;
955
}
956
}
957
else if (!strcasecmp (k, NSS_LDAP_KEY_REFERRALS))
958
{
959
result->ldc_referrals = (!strcasecmp (v, "on")
960
|| !strcasecmp (v, "yes")
961
|| !strcasecmp (v, "true"));
962
}
963
else if (!strcasecmp (k, NSS_LDAP_KEY_RESTART))
964
{
965
result->ldc_restart = (!strcasecmp (v, "on")
966
|| !strcasecmp (v, "yes")
967
|| !strcasecmp (v, "true"));
968
}
969
else if (!strcasecmp (k, NSS_LDAP_KEY_LDAP_VERSION))
970
{
971
result->ldc_version = atoi (v);
972
}
973
else if (!strcasecmp (k, NSS_LDAP_KEY_TIMELIMIT))
974
{
975
result->ldc_timelimit = atoi (v);
976
}
977
else if (!strcasecmp (k, NSS_LDAP_KEY_BIND_TIMELIMIT))
978
{
979
result->ldc_bind_timelimit = atoi (v);
980
}
981
else if (!strcasecmp (k, NSS_LDAP_KEY_IDLE_TIMELIMIT))
982
{
983
result->ldc_idle_timelimit = atoi (v);
984
}
985
else if (!strcasecmp (k, NSS_LDAP_KEY_RECONNECT_POLICY))
986
{
987
if (!strcasecmp (v, "hard") ||
988
!strcasecmp (v, "hard_open"))
989
{
990
result->ldc_reconnect_pol = LP_RECONNECT_HARD_OPEN;
991
}
992
else if (!strcasecmp (v, "hard_init"))
993
{
994
result->ldc_reconnect_pol = LP_RECONNECT_HARD_INIT;
995
}
996
else if (!strcasecmp (v, "soft"))
997
{
998
result->ldc_reconnect_pol = LP_RECONNECT_SOFT;
999
}
1000
}
1001
else if (!strcasecmp (k, NSS_LDAP_KEY_RECONNECT_TRIES))
1002
{
1003
result->ldc_reconnect_tries = atoi (v);
1004
}
1005
else if (!strcasecmp (k, NSS_LDAP_KEY_RECONNECT_SLEEPTIME))
1006
{
1007
result->ldc_reconnect_sleeptime = atoi (v);
1008
}
1009
else if (!strcasecmp (k, NSS_LDAP_KEY_RECONNECT_MAXSLEEPTIME))
1010
{
1011
result->ldc_reconnect_maxsleeptime = atoi (v);
1012
}
1013
else if (!strcasecmp (k, NSS_LDAP_KEY_RECONNECT_MAXCONNTRIES))
1014
{
1015
result->ldc_reconnect_maxconntries = atoi (v);
1016
}
1017
else if (!strcasecmp (k, NSS_LDAP_KEY_SASL_SECPROPS))
1018
{
1019
t = &result->ldc_sasl_secprops;
1020
}
1021
else if (!strcasecmp (k, NSS_LDAP_KEY_LOGDIR))
1022
{
1023
t = &result->ldc_logdir;
1024
}
1025
else if (!strcasecmp (k, NSS_LDAP_KEY_DEBUG))
1026
{
1027
result->ldc_debug = atoi (v);
1028
}
1029
else if (!strcasecmp (k, NSS_LDAP_KEY_PAGESIZE))
1030
{
1031
result->ldc_pagesize = atoi (v);
1032
}
1033
#ifdef CONFIGURE_KRB5_CCNAME
1034
else if (!strcasecmp (k, NSS_LDAP_KEY_KRB5_CCNAME))
1035
{
1036
t = &result->ldc_krb5_ccname;
1037
}
1038
#endif /* CONFIGURE_KRB5_CCNAME */
1039
else if (!strcasecmp (k, "tls_checkpeer"))
1040
{
1041
if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
1042
|| !strcasecmp (v, "true"))
1043
{
1044
result->ldc_tls_checkpeer = 1;
1045
}
1046
else if (!strcasecmp (v, "off") || !strcasecmp (v, "no")
1047
|| !strcasecmp (v, "false"))
1048
{
1049
result->ldc_tls_checkpeer = 0;
1050
}
1051
}
1052
else if (!strcasecmp (k, "tls_cacertfile"))
1053
{
1054
t = &result->ldc_tls_cacertfile;
1055
}
1056
else if (!strcasecmp (k, "tls_cacertdir"))
1057
{
1058
t = &result->ldc_tls_cacertdir;
1059
}
1060
else if (!strcasecmp (k, "tls_ciphers"))
1061
{
1062
t = &result->ldc_tls_ciphers;
1063
}
1064
else if (!strcasecmp (k, "tls_cert"))
1065
{
1066
t = &result->ldc_tls_cert;
1067
}
1068
else if (!strcasecmp (k, "tls_key"))
1069
{
1070
t = &result->ldc_tls_key;
1071
}
1072
else if (!strcasecmp (k, "tls_randfile"))
1073
{
1074
t = &result->ldc_tls_randfile;
1075
}
1076
else if (!strncasecmp (k, NSS_LDAP_KEY_MAP_ATTRIBUTE,
1077
strlen (NSS_LDAP_KEY_MAP_ATTRIBUTE)))
1078
{
1079
do_parse_map_statement (result, v, MAP_ATTRIBUTE);
1080
}
1081
else if (!strncasecmp (k, NSS_LDAP_KEY_MAP_OBJECTCLASS,
1082
strlen (NSS_LDAP_KEY_MAP_OBJECTCLASS)))
1083
{
1084
do_parse_map_statement (result, v, MAP_OBJECTCLASS);
1085
}
1086
else if (!strncasecmp (k, NSS_LDAP_KEY_SET_OVERRIDE,
1087
strlen (NSS_LDAP_KEY_SET_OVERRIDE)))
1088
{
1089
do_parse_map_statement (result, v, MAP_OVERRIDE);
1090
}
1091
else if (!strncasecmp (k, NSS_LDAP_KEY_SET_DEFAULT,
1092
strlen (NSS_LDAP_KEY_SET_DEFAULT)))
1093
{
1094
do_parse_map_statement (result, v, MAP_DEFAULT);
1095
}
1096
else if (!strcasecmp (k, NSS_LDAP_KEY_INITGROUPS))
1097
{
1098
if (!strcasecmp (v, "backlink"))
1099
{
1100
result->ldc_flags |= NSS_LDAP_FLAGS_INITGROUPS_BACKLINK;
1101
}
1102
else
1103
{
1104
result->ldc_flags &= ~(NSS_LDAP_FLAGS_INITGROUPS_BACKLINK);
1105
}
1106
}
1107
else if (!strcasecmp (k, NSS_LDAP_KEY_SCHEMA))
1108
{
1109
if (!strcasecmp (v, "rfc2307bis"))
1110
{
1111
result->ldc_flags |= NSS_LDAP_FLAGS_RFC2307BIS;
1112
}
1113
else if (!strcasecmp (v, "rfc2307"))
1114
{
1115
result->ldc_flags &= ~(NSS_LDAP_FLAGS_RFC2307BIS);
1116
}
1117
}
1118
else if (!strcasecmp (k, NSS_LDAP_KEY_PAGED_RESULTS))
1119
{
1120
if (!strcasecmp (v, "on")
1121
|| !strcasecmp (v, "yes")
1122
|| !strcasecmp (v, "true"))
1123
{
1124
result->ldc_flags |= NSS_LDAP_FLAGS_PAGED_RESULTS;
1125
}
1126
else
1127
{
1128
result->ldc_flags &= ~(NSS_LDAP_FLAGS_PAGED_RESULTS);
1129
}
1130
}
1131
else if (!strcasecmp (k, NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS))
1132
{
1133
stat = do_parse_list (v, &result->ldc_initgroups_ignoreusers,
1134
buffer, buflen);
1135
if (stat == NSS_UNAVAIL)
1136
{
1137
break;
1138
}
1139
}
1140
else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY))
1141
{
1142
if (!strcasecmp (v, "oneshot"))
1143
{
1144
result->ldc_flags |= NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT;
1145
}
1146
else if (!strcasecmp (v, "persist"))
1147
{
1148
result->ldc_flags &= ~(NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT);
1149
}
1150
}
1151
else if (!strcasecmp (k, NSS_LDAP_KEY_SRV_DOMAIN))
1152
{
1153
t = &result->ldc_srv_domain;
1154
}
1155
else
1156
{
1157
/*
1158
* check whether the key is a naming context key
1159
* if yes, parse; otherwise just return NSS_SUCCESS
1160
* so we can ignore keys we don't understand.
1161
*/
1162
stat =
1163
do_searchdescriptorconfig (k, v, len, result->ldc_sds,
1164
buffer, buflen);
1165
if (stat == NSS_UNAVAIL)
1166
{
1167
break;
1168
}
1169
}
1170
1171
if (t != NULL)
1172
{
1173
strncpy (*buffer, v, len);
1174
(*buffer)[len] = '\0';
1175
*t = *buffer;
1176
*buffer += len + 1;
1177
*buflen -= len + 1;
1178
}
1179
}
1180
1181
fclose (fp);
1182
1183
if (stat != NSS_SUCCESS)
1184
{
1185
return stat;
1186
}
1187
1188
if (result->ldc_rootbinddn != NULL)
1189
{
1190
fp = fopen (NSS_LDAP_PATH_ROOTPASSWD, "r");
1191
if (fp)
1192
{
1193
if (fgets (b, sizeof (b), fp) != NULL)
1194
{
1195
int len;
1196
1197
len = strlen (b);
1198
/* BUG#138: check for newline before removing */
1199
if (len > 0 && b[len - 1] == '\n')
1200
len--;
1201
1202
if (*buflen < (size_t) (len + 1))
1203
{
1204
return NSS_UNAVAIL;
1205
}
1206
1207
strncpy (*buffer, b, len);
1208
(*buffer)[len] = '\0';
1209
result->ldc_rootbindpw = *buffer;
1210
*buffer += len + 1;
1211
*buflen -= len + 1;
1212
}
1213
fclose (fp);
1214
}
1215
else if (!result->ldc_rootusesasl)
1216
{
1217
result->ldc_rootbinddn = NULL;
1218
}
1219
}
1220
1221
if (result->ldc_port == 0)
1222
{
1223
if (result->ldc_ssl_on == SSL_LDAPS)
1224
{
1225
result->ldc_port = LDAPS_PORT;
1226
}
1227
else
1228
{
1229
result->ldc_port = LDAP_PORT;
1230
}
1231
}
1232
1233
if (result->ldc_uris[0] == NULL)
1234
{
1235
stat = NSS_NOTFOUND;
1236
}
1237
1238
return stat;
1239
}
1240
1241
NSS_STATUS
1242
_nss_ldap_escape_string (const char *str, char *buf, size_t buflen)
1243
{
1244
int ret = NSS_TRYAGAIN;
1245
char *p = buf;
1246
char *limit = p + buflen - 3;
1247
const char *s = str;
1248
1249
while (p < limit && *s)
1250
{
1251
switch (*s)
1252
{
1253
case '*':
1254
strcpy (p, "\\2a");
1255
p += 3;
1256
break;
1257
case '(':
1258
strcpy (p, "\\28");
1259
p += 3;
1260
break;
1261
case ')':
1262
strcpy (p, "\\29");
1263
p += 3;
1264
break;
1265
case '\\':
1266
strcpy (p, "\\5c");
1267
p += 3;
1268
break;
1269
default:
1270
*p++ = *s;
1271
break;
1272
}
1273
s++;
1274
}
1275
1276
if (*s == '\0')
1277
{
1278
/* got to end */
1279
*p = '\0';
1280
ret = NSS_SUCCESS;
1281
}
1282
1283
return ret;
1284
}
1285
1286
/* XXX just a linked list for now */
1287
1288
struct ldap_dictionary
1289
{
1290
ldap_datum_t key;
1291
ldap_datum_t value;
1292
struct ldap_dictionary *next;
1293
};
1294
1295
static struct ldap_dictionary *
1296
do_alloc_dictionary (void)
1297
{
1298
struct ldap_dictionary *dict;
1299
1300
dict = malloc (sizeof (*dict));
1301
if (dict == NULL)
1302
{
1303
return NULL;
1304
}
1305
NSS_LDAP_DATUM_ZERO (&dict->key);
1306
NSS_LDAP_DATUM_ZERO (&dict->value);
1307
dict->next = NULL;
1308
1309
return dict;
1310
}
1311
1312
static void
1313
do_free_datum (ldap_datum_t * datum)
1314
{
1315
if (datum->data != NULL)
1316
{
1317
free (datum->data);
1318
datum->data = NULL;
1319
}
1320
datum->size = 0;
1321
}
1322
1323
static struct ldap_dictionary *
1324
do_find_last (struct ldap_dictionary *dict)
1325
{
1326
struct ldap_dictionary *p;
1327
1328
for (p = dict; p->next != NULL; p = p->next)
1329
;
1330
1331
return p;
1332
}
1333
1334
static void
1335
do_free_dictionary (struct ldap_dictionary *dict)
1336
{
1337
do_free_datum (&dict->key);
1338
do_free_datum (&dict->value);
1339
free (dict);
1340
}
1341
1342
static NSS_STATUS
1343
do_dup_datum (unsigned flags, ldap_datum_t * dst, const ldap_datum_t * src)
1344
{
1345
dst->data = malloc (src->size);
1346
if (dst->data == NULL)
1347
return NSS_TRYAGAIN;
1348
1349
memcpy (dst->data, src->data, src->size);
1350
dst->size = src->size;
1351
1352
return NSS_SUCCESS;
1353
}
1354
1355
void *
1356
_nss_ldap_db_open (void)
1357
{
1358
return (void *) do_alloc_dictionary ();
1359
}
1360
1361
void
1362
_nss_ldap_db_close (void *db)
1363
{
1364
struct ldap_dictionary *dict;
1365
1366
dict = (struct ldap_dictionary *) db;
1367
1368
while (dict != NULL)
1369
{
1370
struct ldap_dictionary *next = dict->next;
1371
1372
do_free_dictionary (dict);
1373
1374
dict = next;
1375
}
1376
}
1377
1378
NSS_STATUS
1379
_nss_ldap_db_get (void *db,
1380
unsigned flags,
1381
const ldap_datum_t * key,
1382
ldap_datum_t * value)
1383
{
1384
struct ldap_dictionary *dict = (struct ldap_dictionary *) db;
1385
struct ldap_dictionary *p;
1386
1387
for (p = dict; p != NULL; p = p->next)
1388
{
1389
int cmp;
1390
1391
if (p->key.size != key->size)
1392
continue;
1393
1394
if (flags & NSS_LDAP_DB_NORMALIZE_CASE)
1395
cmp = strncasecmp ((char *)p->key.data, (char *)key->data, key->size);
1396
else
1397
cmp = memcmp (p->key.data, key->data, key->size);
1398
1399
if (cmp == 0)
1400
{
1401
value->data = p->value.data;
1402
value->size = p->value.size;
1403
1404
return NSS_SUCCESS;
1405
}
1406
}
1407
1408
return NSS_NOTFOUND;
1409
}
1410
1411
NSS_STATUS
1412
_nss_ldap_db_put (void *db,
1413
unsigned flags,
1414
const ldap_datum_t * key,
1415
const ldap_datum_t * value)
1416
{
1417
struct ldap_dictionary *dict = (struct ldap_dictionary *) db;
1418
struct ldap_dictionary *p, *q;
1419
1420
assert (key != NULL);
1421
assert (key->data != NULL);
1422
1423
if (dict->key.data == NULL)
1424
{
1425
/* uninitialized */
1426
q = dict;
1427
p = NULL;
1428
}
1429
else
1430
{
1431
p = do_find_last (dict);
1432
assert (p != NULL);
1433
assert (p->next == NULL);
1434
q = do_alloc_dictionary ();
1435
if (q == NULL)
1436
return NSS_TRYAGAIN;
1437
}
1438
1439
if (do_dup_datum (flags, &q->key, key) != NSS_SUCCESS)
1440
{
1441
do_free_dictionary (q);
1442
return NSS_TRYAGAIN;
1443
}
1444
1445
if (do_dup_datum (flags, &q->value, value) != NSS_SUCCESS)
1446
{
1447
do_free_dictionary (q);
1448
return NSS_TRYAGAIN;
1449
}
1450
1451
if (p != NULL)
1452
p->next = q;
1453
1454
return NSS_SUCCESS;
1455
}
1456
1457
/*
1458
* Add a nested netgroup or group to the namelist
1459
*/
1460
NSS_STATUS
1461
_nss_ldap_namelist_push (struct name_list **head, const char *name)
1462
{
1463
struct name_list *nl;
1464
1465
debug ("==> _nss_ldap_namelist_push (%s)", name);
1466
1467
nl = (struct name_list *) malloc (sizeof (*nl));
1468
if (nl == NULL)
1469
{
1470
debug ("<== _nss_ldap_namelist_push");
1471
return NSS_TRYAGAIN;
1472
}
1473
1474
nl->name = strdup (name);
1475
if (nl->name == NULL)
1476
{
1477
debug ("<== _nss_ldap_namelist_push");
1478
free (nl);
1479
return NSS_TRYAGAIN;
1480
}
1481
1482
nl->next = *head;
1483
1484
*head = nl;
1485
1486
debug ("<== _nss_ldap_namelist_push");
1487
1488
return NSS_SUCCESS;
1489
}
1490
1491
/*
1492
* Remove last nested netgroup or group from the namelist
1493
*/
1494
void
1495
_nss_ldap_namelist_pop (struct name_list **head)
1496
{
1497
struct name_list *nl;
1498
1499
debug ("==> _nss_ldap_namelist_pop");
1500
1501
assert (*head != NULL);
1502
nl = *head;
1503
1504
*head = nl->next;
1505
1506
assert (nl->name != NULL);
1507
free (nl->name);
1508
free (nl);
1509
1510
debug ("<== _nss_ldap_namelist_pop");
1511
}
1512
1513
/*
1514
* Cleanup nested netgroup or group namelist.
1515
*/
1516
void
1517
_nss_ldap_namelist_destroy (struct name_list **head)
1518
{
1519
struct name_list *p, *next;
1520
1521
debug ("==> _nss_ldap_namelist_destroy");
1522
1523
for (p = *head; p != NULL; p = next)
1524
{
1525
next = p->next;
1526
1527
if (p->name != NULL)
1528
free (p->name);
1529
free (p);
1530
}
1531
1532
*head = NULL;
1533
1534
debug ("<== _nss_ldap_namelist_destroy");
1535
}
1536
1537
/*
1538
* Check whether we have already seen a netgroup or group,
1539
* to avoid loops in nested netgroup traversal
1540
*/
1541
int
1542
_nss_ldap_namelist_find (struct name_list *head, const char *netgroup)
1543
{
1544
struct name_list *p;
1545
int found = 0;
1546
1547
debug ("==> _nss_ldap_namelist_find");
1548
1549
for (p = head; p != NULL; p = p->next)
1550
{
1551
if (strcasecmp (p->name, netgroup) == 0)
1552
{
1553
found++;
1554
break;
1555
}
1556
}
1557
1558
debug ("<== _nss_ldap_namelist_find");
1559
1560
return found;
1561
}
1562
1563
NSS_STATUS _nss_ldap_validateconfig (ldap_config_t *config)
1564
{
1565
struct stat statbuf;
1566
1567
if (config == NULL)
1568
{
1569
return NSS_UNAVAIL;
1570
}
1571
1572
if (config->ldc_mtime == 0)
1573
{
1574
return NSS_SUCCESS;
1575
}
1576
1577
if (stat (NSS_LDAP_PATH_CONF, &statbuf) == 0)
1578
{
1579
return (statbuf.st_mtime > config->ldc_mtime) ? NSS_TRYAGAIN : NSS_SUCCESS;
1580
}
1581
1582
return NSS_SUCCESS;
1583
}
1584
Loggerhead is a web-based interface for Breezy
Version: 2.0.1