~ubuntu-branches/ubuntu/wily/nss-pam-ldapd/wily-proposed

« back to all changes in this revision

Viewing changes to nslcd/passwd.c

Committer: Package Import Robot
Author(s): Arthur de Jong
Date: 2011-09-04 21:00:00 UTC
mfrom: (14.1.4 experimental)
Revision ID: package-import@ubuntu.com-20110904210000-pe3u91iga88vtr16

Tags: 0.8.4

http://bugs.debian.org/638872

http://bugs.debian.org/637132

http://bugs.debian.org/637863

http://bugs.debian.org/640185

http://bugs.debian.org/637751

http://bugs.debian.org/637756

http://bugs.debian.org/637759

http://bugs.debian.org/638195

http://bugs.debian.org/639026

http://bugs.debian.org/639107

http://bugs.debian.org/639236

* Upload to unstable
* switch to using the member attribute by default instead of
  uniqueMember (backwards incompatible change)
* only return "x" as a password hash when the object has the shadowAccount
  objectClass and nsswitch.conf is configured to do shadow lookups using
  LDAP (this avoids some problems with pam_unix)
* fix problem with partial attribute name matches in DN (thanks Timothy
  White)
* fix a problem with objectSid mappings with recent versions of OpenLDAP
  (patch by Wesley Mason)
* set the socket timeout in a connection callback to avoid timeout
  issues during the SSL handshake (patch by Stefan Völkel)
* check for unknown variables in pam_authz_search
* only check password expiration when authenticating, only check account
  expiration when doing authorisation
* make buffer sizes consistent and grow all buffers holding string
  representations of numbers to be able to hold 64-bit numbers
* update AX_PTHREAD from autoconf-archive
* support querying DNS SRV records from a different domain than the current
  one (based on a patch by James M. Leddy)
* fix a problem with uninitialised memory while parsing the tls_ciphers
  option (closes: #638872) (but doesn't work yet due to #640384)
* implement bounds checking of numeric values read from LDAP (patch by
  Jakub Hrozek)
* correctly support large uid and gid values from LDAP (patch by Jakub
  Hrozek)
* improvements to the configure script (patch by Jakub Hrozek)
* switch to dh for debian/rules and bump debhelper compatibility to 8
* build Debian packages with multiarch support
* ship shlibs (but still no symbol files) for libnss-ldapd since that was
  the easiest way to support multiarch
* fix output in init script when restarting nslcd (closes: #637132)
* correctly handle leading and trailing spaces in preseeded debconf uri
  option (patch by Andreas B. Mundt) (closes: #637863)
* support spaces around database names in /etc/nsswitch.conf while
  configuring package (closes: #640185)
* updated Russian debconf translation by Yuri Kozlov (closes: #637751)
* updated French debconf translation by Christian Perrier (closes: #637756)
* added Slovak debconf translation by Slavko (closes: #637759)
* updated Danish debconf translation by Joe Hansen (closes :#637763)
* updated Brazilian Portuguese debconf translation by Denis Doria
* updated Portuguese debconf translation by Américo Monteiro
* updated Japanese debconf translation by Kenshi Muto (closes: #638195)
* updated Czech debconf translation by Miroslav Kure (closes: #639026)
* updated German debconf translation by Chris Leick (closes: #639107)
* updated Spanish debconf translation by Francisco Javier Cuadrado
  (closes: #639236)
* updated Dutch debconf translation by Arthur de Jong with help from Paul
  Gevers and Jeroen Schot

files added:
ChangeLog-2009

ChangeLog-2010

compat/strndup.c

compat/strndup.h

debian/pam-configs

debian/pam-configs/ldap

debian/po/sk.po

debian/source/lintian-overrides

nslcd/nsswitch.c

nss/bsdnss.c

nss/exports.freebsd

nss/exports.glibc

nss/exports.solaris

nss/solnss.c

py-compile

pynslcd

pynslcd/Makefile.am

pynslcd/Makefile.in

pynslcd/alias.py

pynslcd/cfg.py

pynslcd/common.py

pynslcd/config.py.in

pynslcd/ether.py

pynslcd/group.py

pynslcd/host.py

pynslcd/mypidfile.py

pynslcd/netgroup.py

pynslcd/network.py

pynslcd/pam.py

pynslcd/passwd.py

pynslcd/pynslcd.py

pynslcd/shadow.py

pynslcd/tio.py

tests/common.h

tests/in_testenv.sh

tests/test_pamcmds.expect

tests/test_pamcmds.sh

files removed:
debian/libpam-ldapd.pam-auth-update

nss/nss_ldap.map

tests/test_aliases.c

tests/test_ethers.c

tests/test_group.c

tests/test_hosts.c

tests/test_netgroup.c

tests/test_networks.c

tests/test_nslcd_group.c

tests/test_passwd.c

tests/test_protocols.c

tests/test_rpc.c

tests/test_services.c

tests/test_shadow.c

files modified:
AUTHORS

ChangeLog

HACKING

Makefile.am

Makefile.in

NEWS

README

TODO

aclocal.m4

common/Makefile.in

common/dict.c

common/dict.h

common/expr.c

common/expr.h

common/nslcd-prot.c

common/set.c

common/set.h

common/tio.c

compat/Makefile.am

compat/Makefile.in

compat/daemon.h

compat/ether.c

compat/ether.h

compat/getpeercred.c

compat/ldap_compat.h

compat/ldap_passwd_s.c

compat/nss_compat.h

compat/pam_compat.h

compat/pam_get_authtok.c

config.guess

config.h.in

config.sub

configure

configure.ac

debian/changelog

debian/compat

debian/control

debian/copyright

debian/libnss-ldapd.config

debian/libnss-ldapd.install

debian/libnss-ldapd.lintian-overrides

debian/libnss-ldapd.postinst

debian/libnss-ldapd.postrm

debian/libpam-ldapd.install

debian/libpam-ldapd.postinst

debian/nslcd.config

debian/nslcd.init

debian/nslcd.install

debian/nslcd.postinst

debian/nslcd.templates

debian/po/ca.po

debian/po/cs.po

debian/po/da.po

debian/po/de.po

debian/po/es.po

debian/po/fi.po

debian/po/fr.po

debian/po/gl.po

debian/po/it.po

debian/po/ja.po

debian/po/nb.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/ru.po

debian/po/sv.po

debian/po/templates.pot

debian/po/vi.po

debian/po/zh_CN.po

debian/rules

m4/ax_pthread.m4

man/Makefile.am

man/Makefile.in

man/nslcd.8

man/nslcd.8.xml

man/nslcd.conf.5

man/nslcd.conf.5.xml

man/pam_ldap.8

man/pam_ldap.8.xml

nslcd.conf

nslcd.h

nslcd/Makefile.am

nslcd/Makefile.in

nslcd/alias.c

nslcd/attmap.c

nslcd/attmap.h

nslcd/cfg.c

nslcd/cfg.h

nslcd/common.c

nslcd/common.h

nslcd/ether.c

nslcd/group.c

nslcd/host.c

nslcd/log.c

nslcd/log.h

nslcd/myldap.c

nslcd/myldap.h

nslcd/netgroup.c

nslcd/network.c

nslcd/nslcd.c

nslcd/pam.c

nslcd/passwd.c

nslcd/protocol.c

nslcd/rpc.c

nslcd/service.c

nslcd/shadow.c

nss/Makefile.am

nss/Makefile.in

nss/aliases.c

nss/common.h

nss/ethers.c

nss/group.c

nss/hosts.c

nss/netgroup.c

nss/networks.c

nss/passwd.c

nss/protocols.c

nss/prototypes.h

nss/rpc.c

nss/services.c

nss/shadow.c

pam/Makefile.am

pam/Makefile.in

pam/common.h

pam/pam.c

tests/Makefile.am

tests/Makefile.in

tests/README

tests/nslcd-test.conf

tests/test_cfg.c

tests/test_common.c

tests/test_dict.c

tests/test_expr.c

tests/test_getpeercred.c

tests/test_myldap.c

tests/test_nsscmds.sh

tests/test_set.c

tests/test_tio.c

Show diffs side-by-side

added added

removed removed

nslcd/passwd.c

This library is free software; you can redistribute it and/or

modify it under the terms of the GNU Lesser General Public

#include <stdio.h>

#include <stdlib.h>

#include <sys/types.h>

#include <sys/stat.h>

#include <unistd.h>

#include <sys/types.h>

#include <string.h>

#include <pthread.h>

#include "cfg.h"

#include "attmap.h"

#include "common/dict.h"

#include "compat/strndup.h"

/* ( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY

* DESC 'Abstraction of an account with POSIX attributes'

/* the attributes used in searches */

const char *attmap_passwd_uid = "uid";

const char *attmap_passwd_userPassword = "userPassword";

const char *attmap_passwd_userPassword = "\"*\"";

const char *attmap_passwd_uidNumber = "uidNumber";

const char *attmap_passwd_gidNumber = "gidNumber";

const char *attmap_passwd_gecos = "\"${gecos:-$cn}\"";

const char *attmap_passwd_homeDirectory = "homeDirectory";

const char *attmap_passwd_loginShell = "loginShell";

/* special properties for objectSid-based searches

(these are already LDAP-escaped strings) */

static char *uidSid=NULL;

static char *gidSid=NULL;

/* default values for attributes */

static const char *default_passwd_userPassword = "*"; /* unmatchable */

104

static int mkfilter_passwd_byuid(uid_t uid,

105

char *buffer,size_t buflen)

106

{

100

return mysnprintf(buffer,buflen,

101

"(&%s(%s=%d))",

102

passwd_filter,

103

attmap_passwd_uidNumber,(int)uid);

107

if (uidSid!=NULL)

108

{

109

return mysnprintf(buffer,buflen,

110

"(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))",

111

passwd_filter,

112

attmap_passwd_uidNumber,uidSid,

113

(int)(uid&0xff),(int)((uid>>8)&0xff),

114

(int)((uid>>16)&0xff),(int)((uid>>24)&0xff));

115

}

116

else

117

{

118

return mysnprintf(buffer,buflen,

119

"(&%s(%s=%d))",

120

passwd_filter,

121

attmap_passwd_uidNumber,(int)uid);

122

}

104

123

}

105

124

106

125

void passwd_init(void)

114

133

/* set up scope */

115

134

if (passwd_scope==LDAP_SCOPE_DEFAULT)

116

135

passwd_scope=nslcd_cfg->ldc_scope;

136

/* special case when uidNumber or gidNumber reference objectSid */

137

if (strncasecmp(attmap_passwd_uidNumber,"objectSid:",10)==0)

138

{

139

uidSid=sid2search(attmap_passwd_uidNumber+10);

140

attmap_passwd_uidNumber=strndup(attmap_passwd_uidNumber,9);

141

}

142

if (strncasecmp(attmap_passwd_gidNumber,"objectSid:",10)==0)

143

{

144

gidSid=sid2search(attmap_passwd_gidNumber+10);

145

attmap_passwd_gidNumber=strndup(attmap_passwd_gidNumber,9);

146

}

117

147

/* set up attribute list */

118

148

set=set_new();

119

149

attmap_add_attributes(set,"objectClass"); /* for testing shadowAccount */

138

168

};

139

169

#define DN2UID_CACHE_TIMEOUT (15*60)

140

170

171

/* checks whether the entry has a valid uidNumber attribute

172

(>= nss_min_uid) */

173

static int entry_has_valid_uid(MYLDAP_ENTRY *entry)

174

{

175

int i;

176

const char **values;

177

char *tmp;

178

uid_t uid;

179

/* if min_uid is not set any entry should do */

180

if (nslcd_cfg->ldc_nss_min_uid==0)

181

return 1;

182

/* get all uidNumber attributes */

183

values=myldap_get_values_len(entry,attmap_passwd_uidNumber);

184

if ((values==NULL)||(values[0]==NULL))

185

{

186

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

187

myldap_get_dn(entry),attmap_passwd_uidNumber);

188

return 0;

189

}

190

/* check if there is a uidNumber attributes >= min_uid */

191

for (i=0;values[i]!=NULL;i++)

192

{

193

if (uidSid!=NULL)

194

uid=(uid_t)binsid2id(values[i]);

195

else

196

{

197

errno=0;

198

uid=strtouid(values[i],&tmp,0);

199

if ((*(values[i])=='\0')||(*tmp!='\0'))

200

{

201

log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",

202

myldap_get_dn(entry),attmap_passwd_uidNumber);

203

continue;

204

}

205

else if (errno!=0)

206

{

207

log_log(LOG_WARNING,"passwd entry %s contains too large %s value",

208

myldap_get_dn(entry),attmap_passwd_uidNumber);

209

continue;

210

}

211

}

212

if (uid>=nslcd_cfg->ldc_nss_min_uid)

213

return 1;

214

}

215

/* nothing found */

216

return 0;

217

}

218

141

219

/* Perform an LDAP lookup to translate the DN into a uid.

142

220

This function either returns NULL or a strdup()ed string. */

143

char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp)

221

char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp,char *buf,size_t buflen)

144

222

{

145

223

MYLDAP_SEARCH *search;

146

224

MYLDAP_ENTRY *entry;

147

static const char *attrs[2];

225

static const char *attrs[3];

148

226

int rc=LDAP_SUCCESS;

149

227

const char **values;

150

char *uid;

228

char *uid=NULL;

151

229

if (rcp==NULL)

152

230

rcp=&rc;

153

231

/* we have to look up the entry */

154

232

attrs[0]=attmap_passwd_uid;

155

attrs[1]=NULL;

233

attrs[1]=attmap_passwd_uidNumber;

234

attrs[2]=NULL;

156

235

search=myldap_search(session,dn,LDAP_SCOPE_BASE,passwd_filter,attrs,rcp);

157

236

if (search==NULL)

158

237

{

166

245

log_log(LOG_WARNING,"lookup of user %s failed: %s",dn,ldap_err2string(*rcp));

167

246

return NULL;

168

247

}

169

/* get uid (just use first one) */

170

values=myldap_get_values(entry,attmap_passwd_uid);

171

/* check the result for presence and validity */

172

if ((values!=NULL)&&(values[0]!=NULL)&&isvalidname(values[0]))

173

uid=strdup(values[0]);

174

else

175

uid=NULL;

248

/* check the uidNumber attribute if min_uid is set */

249

if (entry_has_valid_uid(entry))

250

{

251

/* get uid (just use first one) */

252

values=myldap_get_values(entry,attmap_passwd_uid);

253

/* check the result for presence and validity */

254

if ((values!=NULL)&&(values[0]!=NULL)&&isvalidname(values[0])&&(strlen(values[0])<buflen))

255

{

256

strcpy(buf,values[0]);

257

uid=buf;

258

}

259

}

260

/* clean up and return */

176

261

myldap_search_close(search);

177

262

return uid;

178

263

}

216

301

}

217

302

pthread_mutex_unlock(&dn2uid_cache_mutex);

218

303

/* look up the uid using an LDAP query */

219

uid=lookup_dn2uid(session,dn,NULL);

304

uid=lookup_dn2uid(session,dn,NULL,buf,buflen);

220

305

/* store the result in the cache */

221

306

pthread_mutex_lock(&dn2uid_cache_mutex);

307

/* try to get the entry from the cache here again because it could have

308

changed in the meantime */

309

cacheentry=dict_get(dn2uid_cache,dn);

222

310

if (cacheentry==NULL)

223

311

{

224

312

/* allocate a new entry in the cache */

225

313

cacheentry=(struct dn2uid_cache_entry *)malloc(sizeof(struct dn2uid_cache_entry));

226

314

if (cacheentry!=NULL)

315

{

316

cacheentry->uid=NULL;

227

317

dict_put(dn2uid_cache,dn,cacheentry);

318

}

228

319

}

229

else if (cacheentry->uid!=NULL)

230

free(cacheentry->uid);

231

320

/* update the cache entry */

232

321

if (cacheentry!=NULL)

233

322

{

234

323

cacheentry->timestamp=time(NULL);

235

cacheentry->uid=uid;

324

/* copy the uid if needed */

325

if (cacheentry->uid==NULL)

326

cacheentry->uid=uid!=NULL?strdup(uid):NULL;

327

else if (strcmp(cacheentry->uid,uid)!=0)

328

{

329

free(cacheentry->uid);

330

cacheentry->uid=uid!=NULL?strdup(uid):NULL;

331

}

236

332

}

237

333

pthread_mutex_unlock(&dn2uid_cache_mutex);

238

334

/* copy the result into the buffer */

239

if ((uid!=NULL)&&(strlen(uid)<buflen))

240

strcpy(buf,uid);

241

else

242

buf=NULL;

243

return buf;

335

return uid;

244

336

}

245

337

246

MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid)

338

MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp)

247

339

{

248

340

MYLDAP_SEARCH *search=NULL;

249

341

MYLDAP_ENTRY *entry=NULL;

250

342

const char *base;

251

343

int i;

252

static const char *attrs[2];

344

static const char *attrs[3];

253

345

char filter[1024];

254

346

/* if it isn't a valid username, just bail out now */

255

347

if (!isvalidname(uid))

348

{

349

if (rcp!=NULL)

350

*rcp=LDAP_INVALID_SYNTAX;

256

351

return NULL;

352

}

257

353

/* set up attributes (we don't need much) */

258

354

attrs[0]=attmap_passwd_uid;

259

attrs[1]=NULL;

355

attrs[1]=attmap_passwd_uidNumber;

356

attrs[2]=NULL;

260

357

/* we have to look up the entry */

261

358

mkfilter_passwd_byname(uid,filter,sizeof(filter));

262

359

for (i=0;(i<NSS_LDAP_CONFIG_MAX_BASES)&&((base=passwd_bases[i])!=NULL);i++)

263

360

{

264

search=myldap_search(session,base,passwd_scope,filter,attrs,NULL);

361

search=myldap_search(session,base,passwd_scope,filter,attrs,rcp);

265

362

if (search==NULL)

363

{

364

if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS))

365

*rcp=LDAP_NO_SUCH_OBJECT;

266

366

return NULL;

267

entry=myldap_get_entry(search,NULL);

268

if (entry!=NULL)

367

}

368

entry=myldap_get_entry(search,rcp);

369

if ((entry!=NULL)&&(entry_has_valid_uid(entry)))

269

370

return entry;

270

371

}

372

if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS))

373

*rcp=LDAP_NO_SUCH_OBJECT;

271

374

return NULL;

272

375

}

273

376

275

378

{

276

379

MYLDAP_ENTRY *entry;

277

380

/* look up the entry */

278

entry=uid2entry(session,uid);

381

entry=uid2entry(session,uid,NULL);

279

382

if (entry==NULL)

280

383

return NULL;

281

384

/* get DN */

282

385

return myldap_cpy_dn(entry,buf,buflen);

283

386

}

284

387

388

/* the cached value of whether shadow lookups use LDAP in nsswitch.conf */

389

#define NSSWITCH_FILE "/etc/nsswitch.conf"

390

#define CACHED_UNKNOWN 22

391

static int cached_shadow_uses_ldap=CACHED_UNKNOWN;

392

static time_t cached_shadow_lastcheck=0;

393

#define CACHED_SHADOW_TIMEOUT (60)

394

static time_t nsswitch_mtime=0;

395

396

/* check whether /etc/nsswitch.conf should be related to update

397

cached_shadow_uses_ldap */

398

static inline void check_nsswitch_reload(void)

399

{

400

struct stat buf;

401

time_t t;

402

if ((cached_shadow_uses_ldap!=CACHED_UNKNOWN)&&

403

((t=time(NULL)) > (cached_shadow_lastcheck+CACHED_SHADOW_TIMEOUT)))

404

{

405

cached_shadow_lastcheck=t;

406

if (stat(NSSWITCH_FILE,&buf))

407

{

408

log_log(LOG_ERR,"stat(%s) failed: %s",NSSWITCH_FILE,strerror(errno));

409

/* trigger a recheck anyway */

410

cached_shadow_uses_ldap=CACHED_UNKNOWN;

411

return;

412

}

413

/* trigger a recheck if file changed */

414

if (buf.st_mtime!=nsswitch_mtime)

415

{

416

nsswitch_mtime=buf.st_mtime;

417

cached_shadow_uses_ldap=CACHED_UNKNOWN;

418

}

419

}

420

}

421

422

/* check whether shadow lookups are configured to use ldap */

423

static inline int shadow_uses_ldap(void)

424

{

425

if (cached_shadow_uses_ldap==CACHED_UNKNOWN)

426

cached_shadow_uses_ldap=nsswitch_db_uses_ldap(NSSWITCH_FILE,"shadow");

427

return cached_shadow_uses_ldap;

428

}

429

285

430

/* the maximum number of uidNumber attributes per entry */

286

431

#define MAXUIDS_PER_ENTRY 5

287

432

295

440

const char *passwd;

296

441

uid_t uids[MAXUIDS_PER_ENTRY];

297

442

int numuids;

298

char gidbuf[10];

443

char gidbuf[32];

299

444

gid_t gid;

300

445

char gecos[100];

301

446

char homedir[100];

302

447

char shell[100];

448

char passbuffer[64];

303

449

int i,j;

304

450

/* get the usernames for this entry */

305

451

usernames=myldap_get_values(entry,attmap_passwd_uid);

309

455

myldap_get_dn(entry),attmap_passwd_uid);

310

456

return 0;

311

457

}

312

/* get the password for this entry */

313

if (myldap_has_objectclass(entry,"shadowAccount"))

458

/* if we are using shadow maps and this entry looks like it would return

459

shadow information, make the passwd entry indicate it */

460

if (myldap_has_objectclass(entry,"shadowAccount")&&shadow_uses_ldap())

314

461

{

315

/* if the entry has a shadowAccount entry, point to that instead */

316

462

passwd="x";

317

463

}

318

464

else

319

465

{

320

passwd=get_userpassword(entry,attmap_passwd_userPassword);

466

passwd=get_userpassword(entry,attmap_passwd_userPassword,passbuffer,sizeof(passbuffer));

321

467

if ((passwd==NULL)||(calleruid!=0))

322

468

passwd=default_passwd_userPassword;

323

469

}

329

475

}

330

476

else

331

477

{

332

tmpvalues=myldap_get_values(entry,attmap_passwd_uidNumber);

478

tmpvalues=myldap_get_values_len(entry,attmap_passwd_uidNumber);

333

479

if ((tmpvalues==NULL)||(tmpvalues[0]==NULL))

334

480

{

335

481

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

338

484

}

339

485

for (numuids=0;(numuids<MAXUIDS_PER_ENTRY)&&(tmpvalues[numuids]!=NULL);numuids++)

340

486

{

341

uids[numuids]=(uid_t)strtol(tmpvalues[numuids],&tmp,0);

342

if ((*(tmpvalues[numuids])=='\0')||(*tmp!='\0'))

487

if (uidSid!=NULL)

488

uids[numuids]=(uid_t)binsid2id(tmpvalues[numuids]);

489

else

343

490

{

344

log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",

345

myldap_get_dn(entry),attmap_passwd_uidNumber);

346

return 0;

491

errno=0;

492

uids[numuids]=strtouid(tmpvalues[numuids],&tmp,0);

493

if ((*(tmpvalues[numuids])=='\0')||(*tmp!='\0'))

494

{

495

log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",

496

myldap_get_dn(entry),attmap_passwd_uidNumber);

497

return 0;

498

}

499

else if (errno!=0)

500

{

501

log_log(LOG_WARNING,"passwd entry %s contains too large %s value",

502

myldap_get_dn(entry),attmap_passwd_uidNumber);

503

return 0;

504

}

347

505

}

348

506

}

349

507

}

350

508

/* get the gid for this entry */

351

attmap_get_value(entry,attmap_passwd_gidNumber,gidbuf,sizeof(gidbuf));

352

if (gidbuf[0]=='\0')

509

if (gidSid!=NULL)

353

510

{

354

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

355

myldap_get_dn(entry),attmap_passwd_gidNumber);

356

return 0;

511

tmpvalues=myldap_get_values_len(entry,attmap_passwd_gidNumber);

512

if ((tmpvalues==NULL)||(tmpvalues[0]==NULL))

513

{

514

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

515

myldap_get_dn(entry),attmap_passwd_gidNumber);

516

return 0;

517

}

518

gid=(gid_t)binsid2id(tmpvalues[0]);

357

519

}

358

gid=(gid_t)strtol(gidbuf,&tmp,0);

359

if ((gidbuf[0]=='\0')||(*tmp!='\0'))

520

else

360

521

{

361

log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",

362

myldap_get_dn(entry),attmap_passwd_gidNumber);

363

return 0;

522

attmap_get_value(entry,attmap_passwd_gidNumber,gidbuf,sizeof(gidbuf));

523

if (gidbuf[0]=='\0')

524

{

525

log_log(LOG_WARNING,"passwd entry %s does not contain %s value",

526

myldap_get_dn(entry),attmap_passwd_gidNumber);

527

return 0;

528

}

529

errno=0;

530

gid=strtogid(gidbuf,&tmp,0);

531

if ((gidbuf[0]=='\0')||(*tmp!='\0'))

532

{

533

log_log(LOG_WARNING,"passwd entry %s contains non-numeric %s value",

534

myldap_get_dn(entry),attmap_passwd_gidNumber);

535

return 0;

536

}

537

else if (errno!=0)

538

{

539

log_log(LOG_WARNING,"passwd entry %s contains too large %s value",

540

myldap_get_dn(entry),attmap_passwd_gidNumber);

541

return 0;

542

}

364

543

}

365

544

/* get the gecos for this entry */

366

545

attmap_get_value(entry,attmap_passwd_gecos,gecos,sizeof(gecos));

377

556

{

378

557

if (!isvalidname(usernames[i]))

379

558

{

380

log_log(LOG_WARNING,"passwd entry %s contains invalid user name: \"%s\"",

559

log_log(LOG_WARNING,"passwd entry %s denied by validnames option: \"%s\"",

381

560

myldap_get_dn(entry),usernames[i]);

382

561

}

383

562

else

384

563

{

385

564

for (j=0;j<numuids;j++)

386

565

{

387

WRITE_INT32(fp,NSLCD_RESULT_BEGIN);

388

WRITE_STRING(fp,usernames[i]);

389

WRITE_STRING(fp,passwd);

390

WRITE_TYPE(fp,uids[j],uid_t);

391

WRITE_TYPE(fp,gid,gid_t);

392

WRITE_STRING(fp,gecos);

393

WRITE_STRING(fp,homedir);

394

WRITE_STRING(fp,shell);

566

if (uids[j]>=nslcd_cfg->ldc_nss_min_uid)

567

{

568

WRITE_INT32(fp,NSLCD_RESULT_BEGIN);

569

WRITE_STRING(fp,usernames[i]);

570

WRITE_STRING(fp,passwd);

571

WRITE_TYPE(fp,uids[j],uid_t);

572

WRITE_TYPE(fp,gid,gid_t);

573

WRITE_STRING(fp,gecos);

574

WRITE_STRING(fp,homedir);

575

WRITE_STRING(fp,shell);

576

}

395

577

}

396

578

}

397

579

}

403

585

char name[256];

404

586

char filter[1024];

405

587

READ_STRING(fp,name);

588

log_setrequest("passwd=\"%s\"",name);

406

589

if (!isvalidname(name)) {

407

log_log(LOG_WARNING,"nslcd_passwd_byname(%s): invalid user name",name);

590

log_log(LOG_WARNING,"\"%s\": name denied by validnames option",name);

408

591

return -1;

409

410

log_log(LOG_DEBUG,"nslcd_passwd_byname(%s)",name);,

592

}

593

check_nsswitch_reload();,

411

594

NSLCD_ACTION_PASSWD_BYNAME,

412

595

mkfilter_passwd_byname(name,filter,sizeof(filter)),

413

596

write_passwd(fp,entry,name,NULL,calleruid)

417

600

passwd,byuid,

418

601

uid_t uid;

419

602

char filter[1024];

420

READ_TYPE(fp,uid,uid_t);,

421

log_log(LOG_DEBUG,"nslcd_passwd_byuid(%d)",(int)uid);,

603

READ_TYPE(fp,uid,uid_t);

604

log_setrequest("passwd=%d",(int)uid);

605

if (uid<nslcd_cfg->ldc_nss_min_uid)

606

{

607

/* return an empty result */

608

WRITE_INT32(fp,NSLCD_VERSION);

609

WRITE_INT32(fp,NSLCD_ACTION_PASSWD_BYUID);

610

WRITE_INT32(fp,NSLCD_RESULT_END);

611

}

612

check_nsswitch_reload();,

422

613

NSLCD_ACTION_PASSWD_BYUID,

423

614

mkfilter_passwd_byuid(uid,filter,sizeof(filter)),

424

615

write_passwd(fp,entry,NULL,&uid,calleruid)

427

618

NSLCD_HANDLE_UID(

428

619

passwd,all,

429

620

const char *filter;

430

/* no parameters to read */,

431

log_log(LOG_DEBUG,"nslcd_passwd_all()");,

621

log_setrequest("passwd(all)");

622

check_nsswitch_reload();,

432

623

NSLCD_ACTION_PASSWD_ALL,

433

624

(filter=passwd_filter,0),

434

625

write_passwd(fp,entry,NULL,NULL,calleruid)

Older »