diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2010-06-14 23:17:05 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2010-06-14 23:17:05 +0200 |
| commit | 9b65ad7e014d3198ab0995572fc2f7adf9b35a0f (patch) | |
| tree | 503583403c003b9dc52e9a830e0f9d6cc5a95ba9 /nss | |
| parent | 2c40043c434b883a0bfce7d777a028ae0da6d25f (diff) | |
implement a global symbol inside the NSS module to allow applications to disable NSS lookups over LDAP and use it in nslcd to avoid deadlocks
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1141 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'nss')
| -rw-r--r-- | nss/Makefile.am | 4 | ||||
| -rw-r--r-- | nss/common.c | 22 | ||||
| -rw-r--r-- | nss/common.h | 10 | ||||
| -rw-r--r-- | nss/exports.linux | 3 | ||||
| -rw-r--r-- | nss/netgroup.c | 2 | ||||
| -rw-r--r-- | nss/prototypes.h | 6 |
6 files changed, 43 insertions, 4 deletions
diff --git a/nss/Makefile.am b/nss/Makefile.am index 72d53f3..89d9a4e 100644 --- a/nss/Makefile.am +++ b/nss/Makefile.am @@ -2,7 +2,7 @@ # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting -# Copyright (C) 2006, 2007, 2009 Arthur de Jong +# Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -28,7 +28,7 @@ AM_CFLAGS = -fPIC NSS_VERS = 2 NSS_LDAP_NSS_VERSIONED = libnss_ldap.so.$(NSS_VERS) -nss_ldap_so_SOURCES = common.h prototypes.h \ +nss_ldap_so_SOURCES = common.c common.h prototypes.h \ ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h \ aliases.c ethers.c group.c hosts.c netgroup.c \ diff --git a/nss/common.c b/nss/common.c new file mode 100644 index 0000000..20a3136 --- /dev/null +++ b/nss/common.c @@ -0,0 +1,22 @@ +/* + common.c - common definitions + + Copyright (C) 2010 Arthur de Jong + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA +*/ + +int _nss_ldap_enablelookups=1; diff --git a/nss/common.h b/nss/common.h index bf7d67d..bf03e9b 100644 --- a/nss/common.h +++ b/nss/common.h @@ -2,7 +2,7 @@ common.h - common functions for NSS lookups Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2008, 2009 Arthur de Jong + Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -83,6 +83,8 @@ TFILE *fp; \ int32_t tmpint32; \ enum nss_status retv; \ + if (!_nss_ldap_enablelookups) \ + return NSS_STATUS_UNAVAIL; \ /* check that we have a valid buffer */ \ if ((buffer==NULL)||(buflen<=0)) \ { \ @@ -117,6 +119,8 @@ /* This macro generates a simple setent() function body. This closes any open streams so that NSS_GETENT() can open a new file. */ #define NSS_SETENT(fp) \ + if (!_nss_ldap_enablelookups) \ + return NSS_STATUS_UNAVAIL; \ if (fp!=NULL) \ { \ (void)tio_close(fp); \ @@ -130,6 +134,8 @@ #define NSS_GETENT(fp,action,readfn) \ int32_t tmpint32; \ enum nss_status retv; \ + if (!_nss_ldap_enablelookups) \ + return NSS_STATUS_UNAVAIL; \ /* check that we have a valid buffer */ \ if ((buffer==NULL)||(buflen<=0)) \ { \ @@ -174,6 +180,8 @@ /* This macro generates a endent() function body. This just closes the stream. */ #define NSS_ENDENT(fp) \ + if (!_nss_ldap_enablelookups) \ + return NSS_STATUS_UNAVAIL; \ if (fp!=NULL) \ { \ (void)tio_close(fp); \ diff --git a/nss/exports.linux b/nss/exports.linux index 62c0313..0ed5ea2 100644 --- a/nss/exports.linux +++ b/nss/exports.linux @@ -3,6 +3,9 @@ EXPORTED { # published NSS service functions global: + # flag to enable or disable lookups + _nss_ldap_enablelookups; + # aliases - mail aliases _nss_ldap_getaliasbyname_r; _nss_ldap_setaliasent; diff --git a/nss/netgroup.c b/nss/netgroup.c index d052c84..93fc923 100644 --- a/nss/netgroup.c +++ b/nss/netgroup.c @@ -96,6 +96,8 @@ enum nss_status _nss_ldap_setnetgrent(const char *group,struct __netgrent UNUSED int32_t tmpint32; int errnocp; int *errnop; + if (!_nss_ldap_enablelookups) + return NSS_STATUS_UNAVAIL; errnop=&errnocp; /* check parameter */ if ((group==NULL)||(group[0]=='\0')) diff --git a/nss/prototypes.h b/nss/prototypes.h index 7b82c27..c611883 100644 --- a/nss/prototypes.h +++ b/nss/prototypes.h @@ -2,7 +2,7 @@ prototypes.h - all functions exported by the NSS library Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2008 Arthur de Jong + Copyright (C) 2006, 2008, 2010 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -97,6 +97,10 @@ struct __netgrent http://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html */ +/* flag to gloabally disable lookups (all _nss_ldap_*() functions will return + NSS_STATUS_UNAVAIL */ +extern int _nss_ldap_enablelookups; + /* aliases - mail aliases */ enum nss_status _nss_ldap_getaliasbyname_r(const char *name,struct aliasent *result,char *buffer,size_t buflen,int *errnop); enum nss_status _nss_ldap_setaliasent(void); |