diff options
| -rw-r--r-- | nslcd/alias.c | 40 | ||||
| -rw-r--r-- | nslcd/common.c | 20 | ||||
| -rw-r--r-- | nslcd/common.h | 7 | ||||
| -rw-r--r-- | nslcd/ether.c | 62 | ||||
| -rw-r--r-- | nslcd/group.c | 287 | ||||
| -rw-r--r-- | nslcd/host.c | 63 | ||||
| -rw-r--r-- | nslcd/ldap-nss.c | 100 | ||||
| -rw-r--r-- | nslcd/ldap-nss.h | 29 | ||||
| -rw-r--r-- | nslcd/ldap-schema.c | 96 | ||||
| -rw-r--r-- | nslcd/ldap-schema.h | 26 | ||||
| -rw-r--r-- | nslcd/netgroup.c | 26 | ||||
| -rw-r--r-- | nslcd/network.c | 56 | ||||
| -rw-r--r-- | nslcd/passwd.c | 54 | ||||
| -rw-r--r-- | nslcd/protocol.c | 52 | ||||
| -rw-r--r-- | nslcd/rpc.c | 49 | ||||
| -rw-r--r-- | nslcd/service.c | 79 | ||||
| -rw-r--r-- | nslcd/shadow.c | 30 | ||||
| -rw-r--r-- | nslcd/util.h | 3 |
18 files changed, 653 insertions, 426 deletions
diff --git a/nslcd/alias.c b/nslcd/alias.c index 2c830bd..eec46ba 100644 --- a/nslcd/alias.c +++ b/nslcd/alias.c @@ -48,11 +48,37 @@ /* the attributes to request with searches */ static const char *alias_attlst[3]; +/* create a search filter for searching an alias by name, + return -1 on errors */ +static int mkfilter_alias_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_alias_objectClass, + attmap_alias_cn,buf2); +} + +/* create a search filter for enumerating all aliases, + return -1 on errors */ +static int mkfilter_alias_all(char *buffer,size_t buflen) +{ + /* build filter */ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_alias_objectClass); +} + static void alias_attlst_init(void) { - attlst[0]=attmap_alias_cn; - attlst[1]=attmap_alias_rfc822MailMember; - attlst[2]=NULL; + alias_attlst[0]=attmap_alias_cn; + alias_attlst[1]=attmap_alias_rfc822MailMember; + alias_attlst[2]=NULL; } static enum nss_status _nss_ldap_parse_alias( @@ -96,7 +122,7 @@ int nslcd_alias_byname(TFILE *fp) { int32_t tmpint32; char name[256]; - struct ldap_args a; + char filter[1024]; /* read request parameters */ READ_STRING_BUF2(fp,name,sizeof(name)); /* log call */ @@ -105,11 +131,9 @@ int nslcd_alias_byname(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_ALIAS_BYNAME); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_alias_byname(name,filter,sizeof(filter)); alias_attlst_init(); - _nss_ldap_searchbyname(&a,_nss_ldap_filt_getaliasbyname,LM_ALIASES,alias_attlst,fp,write_alias); + _nss_ldap_searchbyname(NULL,filter,LM_ALIASES,alias_attlst,fp,write_alias); WRITE_FLUSH(fp); /* we're done */ return 0; diff --git a/nslcd/common.c b/nslcd/common.c index d71b5b1..d2400a4 100644 --- a/nslcd/common.c +++ b/nslcd/common.c @@ -3,7 +3,7 @@ This file is part of the nss-ldapd library. Copyright (C) 2006 West Consulting - Copyright (C) 2006 Arthur de Jong + Copyright (C) 2006, 2007 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -23,9 +23,27 @@ #include "config.h" +#include <stdio.h> +#include <stdarg.h> + #include "nslcd.h" #include "common.h" +/* simple wrapper around snptintf() to return non-0 in case + of any failure (but always keep string 0-terminated) */ +int mysnprintf(char *buffer,size_t buflen,const char *format, ...) +{ + int res; + va_list ap; + /* do snprintf */ + va_start(ap,format); + res=vsnprintf(buffer,buflen,format,ap); + /* NULL-terminate the string just to be on the safe side */ + buffer[buflen-1]='\0'; + /* check if the string was completely written */ + return ((res<0)||(((size_t)res)>=buflen)); +} + /* translates a nslcd return code (as defined in nslcd.h) to a nss code (as defined in nss.h) */ /* FIXME: this is a temporary hack, get rid of it */ diff --git a/nslcd/common.h b/nslcd/common.h index ccb77be..318c4ef 100644 --- a/nslcd/common.h +++ b/nslcd/common.h @@ -54,6 +54,10 @@ int nss2nslcd(enum nss_status code) log_log(LOG_WARNING,"client supplied argument too large"); \ return -1; +/* a simple wrapper around snprintf, + returns 0 if ok, -1 on error */ +int mysnprintf(char *buffer,size_t buflen,const char *format, ...) + LIKE_PRINTF(3,4); /* these are the different functions that handle the database specific actions, see nslcd.h for the action descriptions */ @@ -88,4 +92,7 @@ int nslcd_service_all(TFILE *fp); int nslcd_shadow_byname(TFILE *fp); int nslcd_shadow_all(TFILE *fp); +int mkfilter_passwd_byname(const char *name, + char *buffer,size_t buflen); + #endif /* not _SERVER_COMMON_H */ diff --git a/nslcd/ether.c b/nslcd/ether.c index bf17bb9..8b0083a 100644 --- a/nslcd/ether.c +++ b/nslcd/ether.c @@ -29,7 +29,6 @@ #include <stdlib.h> #include <string.h> #include <netdb.h> -#include <errno.h> #include <sys/types.h> #include <sys/socket.h> #include <net/if.h> @@ -77,6 +76,47 @@ struct ether /* the attributes to request with searches */ static const char *ether_attlst[3]; +/* create a search filter for searching an ethernet address + by name, return -1 on errors */ +static int mkfilter_ether_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if(myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_ether_objectClass, + attmap_ether_cn,buf2); +} + +static int mkfilter_ether_byether(const struct ether_addr *addr, + char *buffer,size_t buflen) +{ + char buf2[20]; + /* transform into string */ + if (ether_ntoa_r(addr,buf2)==NULL) + return -1; + /* FIXME: this has a bug when the directory has 01:00:0e:... + and we're looking for 1:0:e:... (leading zeros) */ + /* there should be no characters that need escaping */ + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_ether_objectClass, + attmap_ether_macAddress,buf2); +} + +static int mkfilter_ether_all(char *buffer,size_t buflen) +{ + /* build filter */ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_ether_objectClass); +} + static void ether_attlst_init(void) { ether_attlst[0]=attmap_ether_cn; @@ -120,7 +160,7 @@ int nslcd_ether_byname(TFILE *fp) { int32_t tmpint32; char name[256]; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct ether result; char buffer[1024]; @@ -134,11 +174,10 @@ int nslcd_ether_byname(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_ETHER_BYNAME); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_ether_byname(name,filter,sizeof(filter)); ether_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_gethostton,LM_ETHERS,ether_attlst,_nss_ldap_parse_ether)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_ETHERS, + NULL,filter,ether_attlst,_nss_ldap_parse_ether); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) @@ -154,7 +193,7 @@ int nslcd_ether_byether(TFILE *fp) { int32_t tmpint32; struct ether_addr addr; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct ether result; char buffer[1024]; @@ -168,13 +207,10 @@ int nslcd_ether_byether(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_ETHER_BYETHER); /* do the LDAP request */ - LA_INIT(a); - /* FIXME: this has a bug when the directory has 01:00:0e:... - and we're looking for 1:0:e:... (leading zeros) */ - LA_STRING(a)=ether_ntoa(&addr); - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_ether_byether(&addr,filter,sizeof(filter)); ether_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getntohost,LM_ETHERS,ether_attlst,_nss_ldap_parse_ether)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_ETHERS, + NULL,filter,ether_attlst,_nss_ldap_parse_ether); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) diff --git a/nslcd/group.c b/nslcd/group.c index 7a93dd8..55d9c6e 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -108,13 +108,90 @@ ldap_initgroups_args_t; #define GID_NOBODY UID_NOBODY #endif -static enum nss_status ng_chase (const char *dn, ldap_initgroups_args_t * lia); +static enum nss_status ng_chase(const char *dn,ldap_initgroups_args_t *lia); -static enum nss_status ng_chase_backlink (const char ** membersOf, ldap_initgroups_args_t * lia); +static enum nss_status ng_chase_backlink(const char **membersOf,ldap_initgroups_args_t *lia); /* the attributes to request with searches */ static const char *group_attlst[6]; +/* create a search filter for searching a group entry + by name, return -1 on errors */ +static int mkfilter_group_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if(myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_group_objectClass, + attmap_group_cn,buf2); +} + +/* create a search filter for searching a group entry + by gid, return -1 on errors */ +static int mkfilter_group_bygid(gid_t gid, + char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%d))", + attmap_objectClass,attmap_group_objectClass, + attmap_group_cn,gid); +} + +static char *user2dn(const char *user) +{ + /* TODO: move this to passwd.c once we are sure we would be able to lock there */ + char *userdn=NULL; + static const char *no_attrs[]={ NULL }; + char filter[1024]; + LDAPMessage *res, *e; + mkfilter_passwd_byname(user,filter,sizeof(filter)); + if (_nss_ldap_search_s(NULL,filter,LM_PASSWD,no_attrs,1,&res)==NSS_STATUS_SUCCESS) + { + e=_nss_ldap_first_entry(res); + if (e!=NULL) + { + userdn=_nss_ldap_get_dn(e); + } + ldap_msgfree(res); + } + return userdn; +} + +/* create a search filter for searching a group entry + by name, return -1 on errors */ +static int mkfilter_group_bymember(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + char *buf3; + /* escape attribute */ + if(myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* DN format */ + /* TODO: look up user DN and store it in buf3 */ + buf3=buf2; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(|(%s=%s)(%s=%s)))", + attmap_objectClass,attmap_group_objectClass, + attmap_group_memberUid,buf2, + attmap_group_uniqueMember,buf3); +} + +/* create a search filter for searching a group entry + by name, return -1 on errors */ +static int mkfilter_group_all(char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_group_objectClass); +} + static void group_attlst_init(void) { group_attlst[0]=attmap_group_cn; @@ -837,14 +914,10 @@ do_parse_initgroups_nested (LDAPMessage * e, status = do_parse_initgroups (e, pvt, result, buffer, buflen); if (status != NSS_STATUS_NOTFOUND) - { - return status; - } + return status; if (!_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) - { - return NSS_STATUS_NOTFOUND; - } + return NSS_STATUS_NOTFOUND; if (lia->backlink != 0) { @@ -856,7 +929,7 @@ do_parse_initgroups_nested (LDAPMessage * e, if (values != NULL) { lia->depth++; - status = ng_chase_backlink ((const char **)values, lia); + status=ng_chase_backlink((const char **)values,lia); lia->depth--; ldap_value_free (values); @@ -874,12 +947,12 @@ do_parse_initgroups_nested (LDAPMessage * e, { /* Note: there was a problem here with stat in the orriginal code */ lia->depth++; - status = ng_chase (groupdn, lia); + status=ng_chase(groupdn,lia); lia->depth--; #ifdef HAVE_LDAP_MEMFREE - ldap_memfree (groupdn); + ldap_memfree(groupdn); #else - free (groupdn); + free(groupdn); #endif } } @@ -895,36 +968,36 @@ static enum nss_status ng_chase(const char *dn, ldap_initgroups_args_t * lia) const char *gidnumber_attrs[2]; int erange; - if (lia->depth > LDAP_NSS_MAXGR_DEPTH) + if (lia->depth>LDAP_NSS_MAXGR_DEPTH) return NSS_STATUS_NOTFOUND; - if (_nss_ldap_namelist_find (lia->known_groups, dn)) + if (_nss_ldap_namelist_find(lia->known_groups,dn)) return NSS_STATUS_NOTFOUND; - gidnumber_attrs[0] = attmap_group_gidNumber; - gidnumber_attrs[1] = NULL; + gidnumber_attrs[0]=attmap_group_gidNumber; + gidnumber_attrs[1]=NULL; - LA_INIT (a); - LA_STRING (a) = dn; - LA_TYPE (a) = LA_TYPE_STRING; + LA_INIT(a); + LA_STRING(a)=dn; + LA_TYPE(a)=LA_TYPE_STRING; - if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) - { - return NSS_STATUS_UNAVAIL; - } + if (_nss_ldap_ent_context_init_locked(&ctx)==NULL) + { + return NSS_STATUS_UNAVAIL; + } - stat = _nss_ldap_getent_ex (&a, &ctx, lia, NULL, 0, - &erange, _nss_ldap_filt_getgroupsbydn, - LM_GROUP, gidnumber_attrs, - do_parse_initgroups_nested); + stat=_nss_ldap_getent_ex(&a, &ctx, lia, NULL, 0, + &erange, _nss_ldap_filt_getgroupsbydn, + LM_GROUP, gidnumber_attrs, + do_parse_initgroups_nested); - if (stat == NSS_STATUS_SUCCESS) - { - stat = _nss_ldap_namelist_push (&lia->known_groups, dn); - } + if (stat==NSS_STATUS_SUCCESS) + { + stat=_nss_ldap_namelist_push(&lia->known_groups,dn); + } - _nss_ldap_ent_context_release (ctx); - free (ctx); + _nss_ldap_ent_context_release(ctx); + free(ctx); return stat; } @@ -1014,114 +1087,82 @@ static enum nss_status ng_chase_backlink(const char ** membersOf, ldap_initgroup return stat; } -static enum nss_status group_bymember(const char *user, long int *start, +static int group_bymember(const char *user, long int *start, long int *size, long int limit, int *errnop) { ldap_initgroups_args_t lia; int erange = 0; - char *userdn = NULL; - LDAPMessage *res, *e; - static const char *no_attrs[] = { NULL }; - const char *filter; + char *userdn=NULL; struct ldap_args a; + const char *flt; enum nss_status stat; struct ent_context *ctx=NULL; const char *gidnumber_attrs[3]; enum ldap_map_selector map = LM_GROUP; - - LA_INIT (a); - LA_STRING (a) = user; - LA_TYPE (a) = LA_TYPE_STRING; - - log_log(LOG_DEBUG,"==> group_bymember (user=%s)", LA_STRING (a) ); - + log_log(LOG_DEBUG,"==> group_bymember (user=%s)",user); lia.depth = 0; lia.known_groups = NULL; - - _nss_ldap_enter (); - + _nss_ldap_enter(); /* initialize schema */ - stat = _nss_ldap_init (); - if (stat != NSS_STATUS_SUCCESS) - { - log_log(LOG_DEBUG,"<== group_bymember (init failed)"); - _nss_ldap_leave (); - return stat; - } - - if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) - { - /* lookup the user's DN. */ - stat = _nss_ldap_search_s (&a, _nss_ldap_filt_getpwnam, LM_PASSWD, - no_attrs, 1, &res); - if (stat == NSS_STATUS_SUCCESS) - { - e = _nss_ldap_first_entry (res); - if (e != NULL) - { - userdn = _nss_ldap_get_dn (e); - } - ldap_msgfree (res); - } - } - else - { - userdn = NULL; - } + stat=_nss_ldap_init(); + if (stat!=NSS_STATUS_SUCCESS) + { + log_log(LOG_DEBUG,"<== group_bymember (init failed)"); + _nss_ldap_leave(); + return -1; + } + if (_nss_ldap_test_config_flag(NSS_LDAP_FLAGS_RFC2307BIS)) + { + /* lookup the user's DN. */ + userdn=user2dn(user); + } if (userdn != NULL) - { - LA_STRING2 (a) = userdn; - LA_TYPE (a) = LA_TYPE_STRING_AND_STRING; - filter = _nss_ldap_filt_getgroupsbymemberanddn; - } + { + LA_STRING2 (a) = userdn; + LA_TYPE (a) = LA_TYPE_STRING_AND_STRING; + flt = _nss_ldap_filt_getgroupsbymemberanddn; + } else - { - filter = _nss_ldap_filt_getgroupsbymember; - } + { + flt = _nss_ldap_filt_getgroupsbymember; + } gidnumber_attrs[0] = attmap_group_gidNumber; gidnumber_attrs[1] = NULL; if (_nss_ldap_ent_context_init_locked(&ctx)==NULL) - { - log_log(LOG_DEBUG,"<== group_bymember (ent_context_init failed)"); - _nss_ldap_leave (); - return NSS_STATUS_UNAVAIL; - } + { + log_log(LOG_DEBUG,"<== group_bymember (ent_context_init failed)"); + _nss_ldap_leave (); + return -1; + } - stat = _nss_ldap_getent_ex (&a, &ctx, (void *) &lia, NULL, 0, - errnop, - filter, - map, - gidnumber_attrs, - do_parse_initgroups_nested); + stat=_nss_ldap_getent_ex(&a,&ctx,(void *)&lia,NULL,0, + errnop, + flt, + map, + gidnumber_attrs, + do_parse_initgroups_nested); - if (userdn != NULL) - ldap_memfree (userdn); + if (userdn!=NULL) + ldap_memfree(userdn); - _nss_ldap_namelist_destroy (&lia.known_groups); - _nss_ldap_ent_context_release (ctx); - free (ctx); - _nss_ldap_leave (); + _nss_ldap_namelist_destroy(&lia.known_groups); + _nss_ldap_ent_context_release(ctx); + free(ctx); + _nss_ldap_leave(); - /* - * We return NSS_STATUS_NOTFOUND to force the parser to be called - * for as many entries (i.e. groups) as exist, for all - * search descriptors. So confusingly this means "success". - */ - if (stat != NSS_STATUS_SUCCESS && stat != NSS_STATUS_NOTFOUND) - { - log_log(LOG_DEBUG,"<== group_bymember (not found)"); - if (erange) - errno = ERANGE; - return stat; - } + if ((stat!=NSS_STATUS_SUCCESS)&&(stat!=NSS_STATUS_NOTFOUND)) + { + log_log(LOG_DEBUG,"<== group_bymember (not found)"); + return -1; + } log_log(LOG_DEBUG,"<== group_bymember (success)"); - return NSS_STATUS_SUCCESS; + return 0; } /* macros for expanding the NSLCD_GROUP macro */ @@ -1137,7 +1178,7 @@ int nslcd_group_byname(TFILE *fp) { int32_t tmpint32,tmp2int32,tmp3int32; char name[256]; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct group result; char buffer[1024]; @@ -1154,11 +1195,10 @@ int nslcd_group_byname(TFILE *fp) exit(EXIT_FAILURE); } /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_group_byname(name,filter,sizeof(filter)); group_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getgrnam,LM_GROUP,group_attlst,_nss_ldap_parse_gr)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_GROUP, + NULL,filter,group_attlst,_nss_ldap_parse_gr); /* write the response */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_GROUP_BYNAME); @@ -1176,7 +1216,7 @@ int nslcd_group_bygid(TFILE *fp) { int32_t tmpint32,tmp2int32,tmp3int32; gid_t gid; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct group result; char buffer[1024]; @@ -1193,11 +1233,10 @@ int nslcd_group_bygid(TFILE *fp) exit(EXIT_FAILURE); } /* do the LDAP request */ - LA_INIT(a); - LA_NUMBER(a)=gid; - LA_TYPE(a)=LA_TYPE_NUMBER; + mkfilter_group_bygid(gid,filter,sizeof(filter)); group_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getgrgid,LM_GROUP,group_attlst,_nss_ldap_parse_gr)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_GROUP, + NULL,filter,group_attlst,_nss_ldap_parse_gr); /* write the response */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_GROUP_BYGID); @@ -1228,7 +1267,7 @@ int nslcd_group_bymember(TFILE *fp) /* do the LDAP request */ retv=NSLCD_RESULT_NOTFOUND; /* - retv=nss2nslcd(group_bymember(name,&start,&size,size,&errnop)); + retv=group_bymember(name,&start,&size,size,&errnop); */ /* Note: we write some garbadge here to ensure protocol error as this function currently returns incorrect data */ diff --git a/nslcd/host.c b/nslcd/host.c index 78b5b43..3c9a15c 100644 --- a/nslcd/host.c +++ b/nslcd/host.c @@ -63,6 +63,43 @@ /* the attributes to request with searches */ static const char *host_attlst[3]; +/* create a search filter for searching a host entry + by name, return -1 on errors */ +static int mkfilter_host_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_host_objectClass, + attmap_host_cn,buf2); +} + +static int mkfilter_host_byaddr(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_host_objectClass, + attmap_host_ipHostNumber,buf2); +} + +static int mkfilter_host_all(char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_host_objectClass); +} + static void host_attlst_init(void) { host_attlst[0]=attmap_host_cn; @@ -260,7 +297,7 @@ int nslcd_host_byname(TFILE *fp) { int32_t tmpint32; char name[256]; - struct ldap_args a; + char filter[1024]; int retv; struct hostent result; char buffer[1024]; @@ -273,15 +310,14 @@ int nslcd_host_byname(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_HOST_BYNAME); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_host_byname(name,filter,sizeof(filter)); host_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_gethostbyname,LM_HOSTS,host_attlst, + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_HOSTS, + NULL,filter,host_attlst, #ifdef INET6 - (af == AF_INET6)?_nss_ldap_parse_hostv6:_nss_ldap_parse_hostv4)); + (af == AF_INET6)?_nss_ldap_parse_hostv6:_nss_ldap_parse_hostv4); #else - _nss_ldap_parse_hostv4)); + _nss_ldap_parse_hostv4); #endif /* write the response */ WRITE_INT32(fp,retv); @@ -298,7 +334,7 @@ int nslcd_host_byaddr(TFILE *fp) int af; int len; char addr[64],name[1024]; - struct ldap_args a; + char filter[1024]; int retv; struct hostent result; char buffer[1024]; @@ -331,15 +367,14 @@ int nslcd_host_byaddr(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_HOST_BYADDR); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_host_byaddr(name,filter,sizeof(filter)); host_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_gethostbyaddr,LM_HOSTS,host_attlst, + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_HOSTS, + NULL,filter,host_attlst, #ifdef INET6 - (af == AF_INET6)?_nss_ldap_parse_hostv6:_nss_ldap_parse_hostv4)); + (af == AF_INET6)?_nss_ldap_parse_hostv6:_nss_ldap_parse_hostv4); #else - _nss_ldap_parse_hostv4)); + _nss_ldap_parse_hostv4); #endif /* write the response */ WRITE_INT32(fp,retv); diff --git a/nslcd/ldap-nss.c b/nslcd/ldap-nss.c index 3a8a3eb..2393567 100644 --- a/nslcd/ldap-nss.c +++ b/nslcd/ldap-nss.c @@ -1435,6 +1435,9 @@ do_filter (const struct ldap_args *args, const char *filterprot, struct ldap_service_search_descriptor *sd, char *userBuf, size_t userBufSiz, char **dynamicUserBuf, const char **retFilter) { + + /* sd is the map-specific search descriptor as specified in the config */ + char buf1[LDAP_FILT_MAXSIZ], buf2[LDAP_FILT_MAXSIZ]; char *filterBufP, filterBuf[LDAP_FILT_MAXSIZ]; size_t filterSiz; @@ -1596,7 +1599,7 @@ do_with_reconnect (const char *base, int scope, enum nss_status stat = NSS_STATUS_UNAVAIL; int maxtries; - log_log(LOG_DEBUG,"==> do_with_reconnect"); + log_log(LOG_DEBUG,"==> do_with_reconnect (base=\"%s\", scope=%d, filter=\"%s\")",base,scope,filter); /* caller must successfully call do_init() first */ assert (nslcd_cfg != NULL); @@ -2061,33 +2064,29 @@ _nss_ldap_next_attribute (LDAPMessage * entry, BerElement * ber) * Assumes caller holds lock. */ enum nss_status _nss_ldap_search_s( - const struct ldap_args *args, - const char *filterprot,enum ldap_map_selector sel, + const char *base,const char *filter, + enum ldap_map_selector sel, const char **attrs,int sizelimit,LDAPMessage **res) { - char sdBase[LDAP_FILT_MAXSIZ]; - const char *base=NULL; - char filterBuf[LDAP_FILT_MAXSIZ],*dynamicFilterBuf=NULL; - const char *filter; int scope; enum nss_status stat; struct ldap_service_search_descriptor *sd=NULL; - log_log(LOG_DEBUG,"==> _nss_ldap_search_s"); + log_log(LOG_DEBUG,"==> _nss_ldap_search_s (base=\"%s\", filter=\"%s\")",base,filter); /* initilize session */ if ((stat=do_init())!=NSS_STATUS_SUCCESS) { log_log(LOG_DEBUG,"<== _nss_ldap_search_s"); return stat; } - /* Set some reasonable defaults. */ - base=nslcd_cfg->ldc_base; - scope=nslcd_cfg->ldc_scope; /* if args includes a base, use that */ - if (args!=NULL&&args->la_base!=NULL) + if (base!=NULL) { sel=LM_NONE; - base=args->la_base; } + /* Set some reasonable defaults. */ + if (base==NULL) + base=nslcd_cfg->ldc_base; + scope=nslcd_cfg->ldc_scope; if (sel<LM_NONE) { /* get search descriptor */ @@ -2101,18 +2100,12 @@ next: scope=sd->lsd_scope; } } - /* this may allocate dynamicFilterBuf */ - stat=do_filter(args,filterprot,sd,filterBuf,sizeof(filterBuf),&dynamicFilterBuf,&filter); - if (stat!=NSS_STATUS_SUCCESS) - return stat; + + stat=do_with_reconnect( base,scope,filter,attrs, sizelimit,res,(search_func_t)do_search_s); - if (dynamicFilterBuf!=NULL) - { - free(dynamicFilterBuf); - dynamicFilterBuf=NULL; - } + /* If no entry was returned, try the next search descriptor. */ if (sd != NULL && sd->lsd_next != NULL) { @@ -2137,7 +2130,6 @@ _nss_ldap_search (const struct ldap_args * args, const char **attrs, int sizelimit, int *msgid, struct ldap_service_search_descriptor ** csd) { - char sdBase[LDAP_FILT_MAXSIZ]; const char *base = NULL; char filterBuf[LDAP_FILT_MAXSIZ], *dynamicFilterBuf = NULL; const char *filter; @@ -2218,7 +2210,6 @@ do_next_page (const struct ldap_args * args, const char **attrs, int sizelimit, int *msgid, struct berval *pCookie) { - char sdBase[LDAP_FILT_MAXSIZ]; const char *base = NULL; char filterBuf[LDAP_FILT_MAXSIZ], *dynamicFilterBuf = NULL; const char *filter; @@ -2402,30 +2393,30 @@ next: * General match function. * Locks mutex. */ -enum nss_status -_nss_ldap_getbyname (struct ldap_args * args, - void *result, char *buffer, size_t buflen, int - *errnop, const char *filterprot, - enum ldap_map_selector sel, const char **attrs, - parser_t parser) +int _nss_ldap_getbyname(void *result, char *buffer, size_t buflen, + int *errnop, enum ldap_map_selector sel, + const char *base, const char *filter, + const char **attrs, + parser_t parser) { + enum nss_status stat = NSS_STATUS_NOTFOUND; struct ent_context ctx; - _nss_ldap_enter (); + _nss_ldap_enter(); - log_log(LOG_DEBUG,"==> _nss_ldap_getbyname"); + log_log(LOG_DEBUG,"==> _nss_ldap_getbyname (base=\"%s\", filter=\"%s\"",base,filter); - ctx.ec_msgid = -1; - ctx.ec_cookie = NULL; + ctx.ec_msgid=-1; + ctx.ec_cookie=NULL; - stat = _nss_ldap_search_s (args, filterprot, sel, attrs, 1, &ctx.ec_res); - if (stat != NSS_STATUS_SUCCESS) - { - _nss_ldap_leave (); - log_log(LOG_DEBUG,"<== _nss_ldap_getbyname"); - return stat; - } + stat=_nss_ldap_search_s(base,filter,sel,attrs,1,&ctx.ec_res); + if (stat!=NSS_STATUS_SUCCESS) + { + _nss_ldap_leave (); + log_log(LOG_DEBUG,"<== _nss_ldap_getbyname"); + return nss2nslcd(stat); + } /* * we pass this along for the benefit of the services parser, @@ -2433,20 +2424,20 @@ _nss_ldap_getbyname (struct ldap_args * args, * we only pass the second argument along, as that's what we need * in services. */ - LS_INIT (ctx.ec_state); - ctx.ec_state.ls_type = LS_TYPE_KEY; - ctx.ec_state.ls_info.ls_key = args->la_arg2.la_string; + LS_INIT(ctx.ec_state); + ctx.ec_state.ls_type=LS_TYPE_KEY; + ctx.ec_state.ls_info.ls_key=NULL /*was: args->la_arg2.la_string*/; - stat = do_parse_s (&ctx, result, buffer, buflen, errnop, parser); + stat=do_parse_s(&ctx,result,buffer,buflen,errnop,parser); - _nss_ldap_ent_context_release (&ctx); + _nss_ldap_ent_context_release(&ctx); log_log(LOG_DEBUG,"<== _nss_ldap_getbyname"); /* moved unlock here to avoid race condition bug #49 */ - _nss_ldap_leave (); + _nss_ldap_leave(); - return stat; + return nss2nslcd(stat); } static int NEW_do_parse_s(struct ent_context *ctx,TFILE *fp,NEWparser_t parser) @@ -2496,7 +2487,7 @@ static int NEW_do_parse_s(struct ent_context *ctx,TFILE *fp,NEWparser_t parser) int _nss_ldap_searchbyname( - struct ldap_args *args,const char *filterprot, + const char *base,const char *filter, enum ldap_map_selector sel,const char **attrs,TFILE *fp,NEWparser_t parser) { int stat; @@ -2508,7 +2499,7 @@ int _nss_ldap_searchbyname( ctx.ec_msgid=-1; ctx.ec_cookie=NULL; - stat=nss2nslcd(_nss_ldap_search_s(args,filterprot,sel,attrs,1,&ctx.ec_res)); + stat=nss2nslcd(_nss_ldap_search_s(base,filter,sel,attrs,1,&ctx.ec_res)); /* write the result code */ WRITE_INT32(fp,stat); /* bail on nothing found */ @@ -2517,15 +2508,6 @@ int _nss_ldap_searchbyname( _nss_ldap_leave(); return 1; } - /* - * we pass this along for the benefit of the services parser, - * which uses it to figure out which protocol we really wanted. - * we only pass the second argument along, as that's what we need - * in services. - */ - LS_INIT(ctx.ec_state); - ctx.ec_state.ls_type=LS_TYPE_KEY; - ctx.ec_state.ls_info.ls_key=args->la_arg2.la_string; /* call the parser for the result */ stat=NEW_do_parse_s(&ctx,fp,parser); diff --git a/nslcd/ldap-nss.h b/nslcd/ldap-nss.h index d318062..85f1b59 100644 --- a/nslcd/ldap-nss.h +++ b/nslcd/ldap-nss.h @@ -233,19 +233,15 @@ char *_nss_ldap_next_attribute (LDAPMessage * entry, BerElement *ber); /* * Synchronous search cover (caller acquires lock). */ -enum nss_status _nss_ldap_search_s (const struct ldap_args * args, /* IN */ - const char *filterprot, /* IN */ - enum ldap_map_selector sel, /* IN */ - const char **attrs, /* IN */ - int sizelimit, /* IN */ - LDAPMessage ** res /* OUT */ ); - +enum nss_status _nss_ldap_search_s( + const char *base,const char *filter, + enum ldap_map_selector sel, + const char **attrs,int sizelimit,LDAPMessage **res); int _nss_ldap_searchbyname( - struct ldap_args *args,const char *filterprot, + const char *base,const char *filter, enum ldap_map_selector sel,const char **attrs,TFILE *fp,NEWparser_t parser); - /* * Emulate X.500 read operation. */ @@ -285,16 +281,11 @@ enum nss_status _nss_ldap_getent (struct ent_context ** ctx, /* IN/OUT */ /* * common lookup routine; uses synchronous API. */ -enum nss_status _nss_ldap_getbyname (struct ldap_args * args, /* IN/OUT */ - void *result, /* IN/OUT */ - char *buffer, /* IN */ - size_t buflen, /* IN */ - int *errnop, /* OUT */ - const char *filterprot, /* IN */ - enum ldap_map_selector sel, /* IN */ - const char **attrs, /* IN */ - parser_t parser /* IN */ ); - +int _nss_ldap_getbyname(void *result, char *buffer, size_t buflen, + int *errnop, enum ldap_map_selector sel, + const char *base, const char *filter, + const char **attrs, + parser_t parser); /* parsing utility functions */ enum nss_status _nss_ldap_assign_attrvals (LDAPMessage * e, /* IN */ diff --git a/nslcd/ldap-schema.c b/nslcd/ldap-schema.c index 5d316fa..b2ff8c1 100644 --- a/nslcd/ldap-schema.c +++ b/nslcd/ldap-schema.c @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting - Copyright (C) 2006 Arthur de Jong + Copyright (C) 2006, 2007 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -56,63 +56,38 @@ */ /* rfc822 mail aliases */ -char _nss_ldap_filt_getaliasbyname[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getaliasent[LDAP_FILT_MAXSIZ]; /* MAC address mappings */ -char _nss_ldap_filt_gethostton[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getntohost[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getetherent[LDAP_FILT_MAXSIZ]; /* groups */ -char _nss_ldap_filt_getgrnam[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getgrgid[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getgrent[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getgroupsbymemberanddn[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getgroupsbydn[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getpwnam_groupsbymember[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getgroupsbymember[LDAP_FILT_MAXSIZ]; /* IP hosts */ -char _nss_ldap_filt_gethostbyname[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_gethostbyaddr[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_gethostent[LDAP_FILT_MAXSIZ]; /* IP networks */ -char _nss_ldap_filt_getnetbyname[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getnetbyaddr[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getnetent[LDAP_FILT_MAXSIZ]; /* IP protocols */ -char _nss_ldap_filt_getprotobyname[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getprotobynumber[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getprotoent[LDAP_FILT_MAXSIZ]; /* users */ -char _nss_ldap_filt_getpwnam[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getpwuid[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getpwent[LDAP_FILT_MAXSIZ]; /* RPCs */ -char _nss_ldap_filt_getrpcbyname[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getrpcbynumber[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getrpcent[LDAP_FILT_MAXSIZ]; /* IP services */ -char _nss_ldap_filt_getservbyname[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getservbynameproto[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getservbyport[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_getservbyportproto[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getservent[LDAP_FILT_MAXSIZ]; /* shadow users */ -char _nss_ldap_filt_getspnam[LDAP_FILT_MAXSIZ]; char _nss_ldap_filt_getspent[LDAP_FILT_MAXSIZ]; -/* netgroups */ -char _nss_ldap_filt_getnetgrent[LDAP_FILT_MAXSIZ]; -char _nss_ldap_filt_innetgr[LDAP_FILT_MAXSIZ]; - /** * lookup filter initialization */ @@ -120,29 +95,14 @@ void _nss_ldap_init_filters () { /* rfc822 mail aliases */ - snprintf (_nss_ldap_filt_getaliasbyname, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_alias_objectClass, - attmap_alias_cn, "%s"); snprintf (_nss_ldap_filt_getaliasent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_alias_objectClass); /* MAC address mappings */ - snprintf (_nss_ldap_filt_gethostton, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_ether_objectClass, - attmap_ether_cn, "%s"); - snprintf (_nss_ldap_filt_getntohost, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_ether_objectClass, attmap_ether_macAddress, - "%s"); snprintf (_nss_ldap_filt_getetherent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_ether_objectClass); /* groups */ - snprintf (_nss_ldap_filt_getgrnam, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_group_objectClass, - attmap_group_cn, "%s"); - snprintf (_nss_ldap_filt_getgrgid, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_group_objectClass, - attmap_group_gidNumber, "%d"); snprintf (_nss_ldap_filt_getgrent, LDAP_FILT_MAXSIZ, "(&(%s=%s))", attmap_objectClass, attmap_group_objectClass); snprintf (_nss_ldap_filt_getgroupsbymemberanddn, LDAP_FILT_MAXSIZ, @@ -151,91 +111,37 @@ _nss_ldap_init_filters () snprintf (_nss_ldap_filt_getgroupsbydn, LDAP_FILT_MAXSIZ, "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_group_objectClass, attmap_group_uniqueMember, "%s"); - snprintf (_nss_ldap_filt_getpwnam_groupsbymember, LDAP_FILT_MAXSIZ, - "(|(&(%s=%s)(%s=%s))(&(%s=%s)(%s=%s)))", - attmap_objectClass, attmap_group_objectClass, attmap_group_memberUid, "%s", - attmap_objectClass, attmap_passwd_objectClass, attmap_passwd_uid, "%s"); snprintf (_nss_ldap_filt_getgroupsbymember, LDAP_FILT_MAXSIZ, "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_group_objectClass, attmap_group_memberUid, "%s"); /* IP hosts */ - snprintf (_nss_ldap_filt_gethostbyname, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_host_objectClass, attmap_host_cn, - "%s"); - snprintf (_nss_ldap_filt_gethostbyaddr, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_host_objectClass, attmap_host_ipHostNumber, - "%s"); snprintf (_nss_ldap_filt_gethostent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_host_objectClass); /* IP networks */ - snprintf (_nss_ldap_filt_getnetbyname, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_network_objectClass, - attmap_network_cn, "%s"); - snprintf (_nss_ldap_filt_getnetbyaddr, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_network_objectClass, - attmap_network_ipNetworkNumber, "%s"); snprintf (_nss_ldap_filt_getnetent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_network_objectClass); /* IP protocols */ - snprintf (_nss_ldap_filt_getprotobyname, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_protocol_objectClass, - attmap_protocol_cn, "%s"); - snprintf (_nss_ldap_filt_getprotobynumber, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_protocol_objectClass, - attmap_protocol_ipProtocolNumber, "%d"); snprintf (_nss_ldap_filt_getprotoent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_protocol_objectClass); /* users */ - snprintf (_nss_ldap_filt_getpwnam, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_passwd_objectClass, - attmap_passwd_uid, "%s"); - snprintf (_nss_ldap_filt_getpwuid, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", - attmap_objectClass, attmap_passwd_objectClass, attmap_passwd_uidNumber, "%d"); snprintf (_nss_ldap_filt_getpwent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_passwd_objectClass); /* RPCs */ - snprintf (_nss_ldap_filt_getrpcbyname, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_rpc_objectClass, attmap_rpc_cn, "%s"); - snprintf (_nss_ldap_filt_getrpcbynumber, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_rpc_objectClass, attmap_rpc_oncRpcNumber, - "%d"); snprintf (_nss_ldap_filt_getrpcent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_rpc_objectClass); /* IP services */ - snprintf (_nss_ldap_filt_getservbyname, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_service_objectClass, attmap_service_cn, - "%s"); - snprintf (_nss_ldap_filt_getservbynameproto, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s)(%s=%s))", - attmap_objectClass, attmap_service_objectClass, attmap_service_cn, "%s", attmap_service_ipServiceProtocol, - "%s"); - snprintf (_nss_ldap_filt_getservbyport, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_service_objectClass, attmap_service_ipServicePort, - "%d"); - snprintf (_nss_ldap_filt_getservbyportproto, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s)(%s=%s))", attmap_objectClass, attmap_service_objectClass, - attmap_service_ipServicePort, "%d", attmap_service_ipServiceProtocol, "%s"); snprintf (_nss_ldap_filt_getservent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_service_objectClass); /* shadow users */ - snprintf (_nss_ldap_filt_getspnam, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_shadow_objectClass, - attmap_shadow_uid, "%s"); snprintf (_nss_ldap_filt_getspent, LDAP_FILT_MAXSIZ, "(%s=%s)", attmap_objectClass, attmap_shadow_objectClass); - /* netgroups */ - snprintf (_nss_ldap_filt_getnetgrent, LDAP_FILT_MAXSIZ, - "(&(%s=%s)(%s=%s))", attmap_objectClass, attmap_netgroup_objectClass, - attmap_netgroup_cn, "%s"); - } diff --git a/nslcd/ldap-schema.h b/nslcd/ldap-schema.h index 391c883..68d5eac 100644 --- a/nslcd/ldap-schema.h +++ b/nslcd/ldap-schema.h @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting - Copyright (C) 2006 Arthur de Jong + Copyright (C) 2006, 2007 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -36,60 +36,36 @@ void _nss_ldap_init_filters(void); */ /* rfc822 mail aliases */ -extern char _nss_ldap_filt_getaliasbyname[]; extern char _nss_ldap_filt_getaliasent[]; /* MAC address mappings */ -extern char _nss_ldap_filt_gethostton[]; -extern char _nss_ldap_filt_getntohost[]; extern char _nss_ldap_filt_getetherent[]; /* groups */ -extern char _nss_ldap_filt_getgrnam[]; -extern char _nss_ldap_filt_getgrgid[]; extern char _nss_ldap_filt_getgrent[]; extern char _nss_ldap_filt_getgroupsbymemberanddn[]; extern char _nss_ldap_filt_getgroupsbydn[]; -extern char _nss_ldap_filt_getpwnam_groupsbymember[]; extern char _nss_ldap_filt_getgroupsbymember[]; /* IP hosts */ -extern char _nss_ldap_filt_gethostbyname[]; -extern char _nss_ldap_filt_gethostbyaddr[]; extern char _nss_ldap_filt_gethostent[]; /* IP networks */ -extern char _nss_ldap_filt_getnetbyname[]; -extern char _nss_ldap_filt_getnetbyaddr[]; extern char _nss_ldap_filt_getnetent[]; /* IP protocols */ -extern char _nss_ldap_filt_getprotobyname[]; -extern char _nss_ldap_filt_getprotobynumber[]; extern char _nss_ldap_filt_getprotoent[]; /* users */ -extern char _nss_ldap_filt_getpwnam[]; -extern char _nss_ldap_filt_getpwuid[]; extern char _nss_ldap_filt_getpwent[]; /* RPCs */ -extern char _nss_ldap_filt_getrpcbyname[]; -extern char _nss_ldap_filt_getrpcbynumber[]; extern char _nss_ldap_filt_getrpcent[]; /* IP services */ -extern char _nss_ldap_filt_getservbyname[]; -extern char _nss_ldap_filt_getservbynameproto[]; -extern char _nss_ldap_filt_getservbyport[]; -extern char _nss_ldap_filt_getservbyportproto[]; extern char _nss_ldap_filt_getservent[]; /* shadow users */ -extern char _nss_ldap_filt_getspnam[]; extern char _nss_ldap_filt_getspent[]; -/* netgroups */ -extern char _nss_ldap_filt_getnetgrent[]; - #endif /* _LDAP_NSS_LDAP_LDAP_SCHEMA_H */ diff --git a/nslcd/netgroup.c b/nslcd/netgroup.c index f926377..0df3b2b 100644 --- a/nslcd/netgroup.c +++ b/nslcd/netgroup.c @@ -117,6 +117,20 @@ struct mynetgrent /* the attributes to request with searches */ static const char *netgroup_attlst[4]; +static int mkfilter_netgroup_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_netgroup_objectClass, + attmap_netgroup_cn,buf2); +} + static void netgroup_attlst_init(void) { netgroup_attlst[0]=attmap_netgroup_cn; @@ -302,11 +316,11 @@ int nslcd_netgroup_byname(TFILE *fp) int32_t tmpint32; static struct ent_context *netgroup_context=NULL; char name[256]; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct mynetgrent result; char buffer[1024]; int errnop; - struct ldap_args a; enum nss_status stat=NSS_STATUS_SUCCESS; /* read request parameters */ READ_STRING_BUF2(fp,name,sizeof(name)); @@ -319,13 +333,13 @@ int nslcd_netgroup_byname(TFILE *fp) result.data=result.cursor=NULL; result.data_size = 0; /* do initial ldap request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_netgroup_byname(name,filter,sizeof(filter)); netgroup_attlst_init(); - stat=_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getnetgrent,LM_NETGROUP,netgroup_attlst,_nss_ldap_load_netgr); + if (_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_NETGROUP, + NULL,filter,netgroup_attlst,_nss_ldap_load_netgr)) + return -1; if (_nss_ldap_ent_context_init(&netgroup_context)==NULL) - return -1; + return -1; /* loop over all results */ while ((stat=_nss_ldap_parse_netgr(&result,buffer,1024))==NSS_STATUS_SUCCESS) { diff --git a/nslcd/network.c b/nslcd/network.c index 21ee082..bfd3384 100644 --- a/nslcd/network.c +++ b/nslcd/network.c @@ -61,6 +61,43 @@ /* the attributes to request with searches */ static const char *network_attlst[3]; +/* create a search filter for searching a network entry + by name, return -1 on errors */ +static int mkfilter_network_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_network_objectClass, + attmap_network_cn,buf2); +} + +static int mkfilter_network_byaddr(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_network_objectClass, + attmap_network_ipNetworkNumber,buf2); +} + +static int mkfilter_network_all(char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_network_objectClass); +} + static void network_attlst_init(void) { network_attlst[0]=attmap_network_cn; @@ -124,7 +161,7 @@ int nslcd_network_byname(TFILE *fp) { int32_t tmpint32; char name[256]; - struct ldap_args a; + char filter[1024]; int retv; struct netent result; char buffer[1024]; @@ -137,11 +174,10 @@ int nslcd_network_byname(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_NETWORK_BYNAME); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_network_byname(name,filter,sizeof(filter)); network_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getnetbyname,LM_NETWORKS,network_attlst,_nss_ldap_parse_net)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_NETWORKS, + NULL,filter,network_attlst,_nss_ldap_parse_net); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) @@ -157,7 +193,7 @@ int nslcd_network_byaddr(TFILE *fp) int af; int len; char addr[64],name[1024]; - struct ldap_args a; + char filter[1024]; int retv=456; struct netent result; char buffer[1024]; @@ -189,17 +225,15 @@ int nslcd_network_byaddr(TFILE *fp) /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_NETWORK_BYADDR); - /* prepare the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; /* do requests until we find a result */ /* TODO: probably do more sofisticated queries */ while (retv==456) { /* do the request */ + mkfilter_network_byaddr(name,filter,sizeof(filter)); network_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getnetbyaddr,LM_NETWORKS,network_attlst,_nss_ldap_parse_net)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_NETWORKS, + NULL,filter,network_attlst,_nss_ldap_parse_net); /* if no entry was found, retry with .0 stripped from the end */ if ((retv==NSLCD_RESULT_NOTFOUND) && (strlen(name)>2) && diff --git a/nslcd/passwd.c b/nslcd/passwd.c index da35854..4d25f0c 100644 --- a/nslcd/passwd.c +++ b/nslcd/passwd.c @@ -62,6 +62,42 @@ /* the attributes to request with searches */ static const char *passwd_attlst[10]; +/* create a search filter for searching a passwd entry + by name, return -1 on errors */ +int mkfilter_passwd_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if(myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_passwd_objectClass, + attmap_passwd_uid,buf2); +} + +/* create a search filter for searching a passwd entry + by uid, return -1 on errors */ +static int mkfilter_passwd_byuid(uid_t uid, + char *buffer,size_t buflen) +{ + return snprintf(buffer,buflen, + "(&(%s=%s)(%s=%d))", + attmap_objectClass,attmap_passwd_objectClass, + attmap_passwd_uidNumber,uid); +} + +/* create a search filter for enumerating all passwd + entries, return -1 on errors */ +static int mkfilter_passwd_all(char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_passwd_objectClass); +} + static void passwd_attlst_init(void) { passwd_attlst[0]=attmap_passwd_uid; @@ -197,22 +233,21 @@ int nslcd_passwd_byname(TFILE *fp) { int32_t tmpint32; char name[256]; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct passwd result; char buffer[1024]; int errnop; int retv; - struct ldap_args a; /* read request parameters */ READ_STRING_BUF2(fp,name,sizeof(name)); /* log call */ log_log(LOG_DEBUG,"nslcd_passwd_byname(%s)",name); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_passwd_byname(name,filter,sizeof(filter)); passwd_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getpwnam,LM_PASSWD,passwd_attlst,_nss_ldap_parse_pw)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_PASSWD, + NULL,filter,passwd_attlst,_nss_ldap_parse_pw); /* write the response */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PASSWD_BYNAME); @@ -233,19 +268,18 @@ int nslcd_passwd_byuid(TFILE *fp) /* these are here for now until we rewrite the LDAP code */ struct passwd result; char buffer[1024]; + char filter[1024]; int errnop; int retv; - struct ldap_args a; /* read request parameters */ READ_TYPE(fp,uid,uid_t); /* log call */ log_log(LOG_DEBUG,"nslcd_passwd_byuid(%d)",(int)uid); /* do the LDAP request */ - LA_INIT(a); - LA_NUMBER(a)=uid; - LA_TYPE(a)=LA_TYPE_NUMBER; + mkfilter_passwd_byuid(uid,filter,sizeof(filter)); passwd_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getpwuid,LM_PASSWD,passwd_attlst,_nss_ldap_parse_pw)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_PASSWD, + NULL,filter,passwd_attlst,_nss_ldap_parse_pw); /* write the response */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PASSWD_BYUID); diff --git a/nslcd/protocol.c b/nslcd/protocol.c index aacf37b..29cc50a 100644 --- a/nslcd/protocol.c +++ b/nslcd/protocol.c @@ -58,6 +58,40 @@ /* the attributes to request with searches */ static const char *protocol_attlst[3]; +static int mkfilter_protocol_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_protocol_objectClass, + attmap_protocol_cn,buf2); +} + +/* create a search filter for searching a protocol entry + by uid, return -1 on errors */ +static int mkfilter_protocol_bynumber(int protocol, + char *buffer,size_t buflen) +{ + return snprintf(buffer,buflen, + "(&(%s=%s)(%s=%d))", + attmap_objectClass,attmap_protocol_objectClass, + attmap_protocol_ipProtocolNumber,protocol); +} + +/* create a search filter for enumerating all protocol + entries, return -1 on errors */ +static int mkfilter_protocol_all(char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_protocol_objectClass); +} + static void protocol_attlst_init(void) { protocol_attlst[0]=attmap_protocol_cn; @@ -109,7 +143,7 @@ int nslcd_protocol_byname(TFILE *fp) { int32_t tmpint32,tmp2int32,tmp3int32; char name[256]; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct protoent result; char buffer[1024]; @@ -123,11 +157,10 @@ int nslcd_protocol_byname(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PROTOCOL_BYNAME); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_protocol_byname(name,filter,sizeof(filter)); protocol_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getprotobyname,LM_PROTOCOLS,protocol_attlst,_nss_ldap_parse_proto)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_PROTOCOLS, + NULL,filter,protocol_attlst,_nss_ldap_parse_proto); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) @@ -143,7 +176,7 @@ int nslcd_protocol_bynumber(TFILE *fp) { int32_t tmpint32,tmp2int32,tmp3int32; int protocol; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct protoent result; char buffer[1024]; @@ -157,11 +190,10 @@ int nslcd_protocol_bynumber(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PROTOCOL_BYNUMBER); /* do the LDAP request */ - LA_INIT(a); - LA_NUMBER(a)=protocol; - LA_TYPE(a)=LA_TYPE_NUMBER; + mkfilter_protocol_bynumber(protocol,filter,sizeof(filter)); protocol_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getprotobynumber,LM_PROTOCOLS,protocol_attlst,_nss_ldap_parse_proto)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_PROTOCOLS, + NULL,filter,protocol_attlst,_nss_ldap_parse_proto); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) diff --git a/nslcd/rpc.c b/nslcd/rpc.c index f1c912b..b91040e 100644 --- a/nslcd/rpc.c +++ b/nslcd/rpc.c @@ -70,6 +70,37 @@ /* the attributes to request with searches */ static const char *rpc_attlst[3]; +static int mkfilter_rpc_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_rpc_objectClass, + attmap_rpc_cn,buf2); +} + +static int mkfilter_rpc_bynumber(int number, + char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%d))", + attmap_objectClass,attmap_rpc_objectClass, + attmap_rpc_oncRpcNumber,number); +} + +static int mkfilter_rpc_all(char *buffer,size_t buflen) +{ + /* build filter */ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_rpc_objectClass); +} + static void rpc_attlst_init(void) { rpc_attlst[0]=attmap_rpc_cn; @@ -121,7 +152,7 @@ int nslcd_rpc_byname(TFILE *fp) { int32_t tmpint32; char name[256]; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct rpcent result; char buffer[1024]; @@ -135,11 +166,10 @@ int nslcd_rpc_byname(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_RPC_BYNAME); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_rpc_byname(name,filter,sizeof(filter)); rpc_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getrpcbyname,LM_RPC,rpc_attlst,_nss_ldap_parse_rpc)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_RPC, + NULL,filter,rpc_attlst,_nss_ldap_parse_rpc); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) @@ -153,7 +183,7 @@ int nslcd_rpc_bynumber(TFILE *fp) { int32_t tmpint32; int number; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct rpcent result; char buffer[1024]; @@ -167,11 +197,10 @@ int nslcd_rpc_bynumber(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_RPC_BYNUMBER); /* do the LDAP request */ - LA_INIT(a); - LA_NUMBER(a)=number; - LA_TYPE(a)=LA_TYPE_NUMBER; + mkfilter_rpc_bynumber(number,filter,sizeof(filter)); rpc_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getrpcbynumber,LM_RPC,rpc_attlst,_nss_ldap_parse_rpc)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_RPC, + NULL,filter,rpc_attlst,_nss_ldap_parse_rpc); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) diff --git a/nslcd/service.c b/nslcd/service.c index 8c3722e..54775df 100644 --- a/nslcd/service.c +++ b/nslcd/service.c @@ -71,6 +71,61 @@ /* the attributes to request with searches */ static const char *service_attlst[4]; +static int mkfilter_service_byname(const char *name, + const char *protocol, + char *buffer,size_t buflen) +{ + char buf2[1024],buf3[1024]; + /* escape attributes */ + if (myldap_escape(name,buf2,sizeof(buf2))) + return -1; + if (*protocol!='\0') + if (myldap_escape(protocol,buf3,sizeof(buf3))) + return -1; + /* build filter */ + if (*protocol!='\0') + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s)(%s=%s))", + attmap_objectClass,attmap_service_objectClass, + attmap_service_cn,buf2, + attmap_service_ipServiceProtocol,buf3); + else + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_service_objectClass, + attmap_service_cn,buf2); +} + +static int mkfilter_service_bynumber(int number, + const char *protocol, + char *buffer,size_t buflen) +{ + char buf3[1024]; + /* escape attribute */ + if (*protocol!='\0') + if (myldap_escape(protocol,buf3,sizeof(buf3))) + return -1; + /* build filter */ + if (*protocol!='\0') + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%d)(%s=%s))", + attmap_objectClass,attmap_service_objectClass, + attmap_service_ipServicePort,number, + attmap_service_ipServiceProtocol,buf3); + else + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%d))", + attmap_objectClass,attmap_service_objectClass, + attmap_service_ipServicePort,number); +} + +static int mkfilter_service_all(char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_service_objectClass); +} + static void service_attlst_init(void) { service_attlst[0]=attmap_service_cn; @@ -206,7 +261,7 @@ int nslcd_service_byname(TFILE *fp) { int32_t tmpint32; char name[256],protocol[256]; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct servent result; char buffer[1024]; @@ -221,14 +276,10 @@ int nslcd_service_byname(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_SERVICE_BYNAME); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=(strlen(protocol)==0)?LA_TYPE_STRING:LA_TYPE_STRING_AND_STRING; - LA_STRING2(a)=protocol; + mkfilter_service_byname(name,protocol,filter,sizeof(filter)); service_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop, - ((strlen(protocol)==0)?_nss_ldap_filt_getservbyname:_nss_ldap_filt_getservbynameproto), - LM_SERVICES,service_attlst,_nss_ldap_parse_serv)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_SERVICES, + NULL,filter,service_attlst,_nss_ldap_parse_serv); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) @@ -243,7 +294,7 @@ int nslcd_service_bynumber(TFILE *fp) int32_t tmpint32; int number; char protocol[256]; - struct ldap_args a; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct servent result; char buffer[1024]; @@ -258,14 +309,10 @@ int nslcd_service_bynumber(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_SERVICE_BYNUMBER); /* do the LDAP request */ - LA_INIT(a); - LA_NUMBER(a)=number; - LA_TYPE(a)=(strlen(protocol)==0)?LA_TYPE_NUMBER:LA_TYPE_NUMBER_AND_STRING; - LA_STRING2(a)=protocol; + mkfilter_service_bynumber(number,protocol,filter,sizeof(filter)); service_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop, - ((strlen(protocol)==0)?_nss_ldap_filt_getservbyport:_nss_ldap_filt_getservbyportproto), - LM_SERVICES,service_attlst,_nss_ldap_parse_serv)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_SERVICES, + NULL,filter,service_attlst,_nss_ldap_parse_serv); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) diff --git a/nslcd/shadow.c b/nslcd/shadow.c index a971b7a..d52bebf 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -55,6 +55,27 @@ /* the attributes to request with searches */ static const char *shadow_attlst[10]; +static int mkfilter_shadow_byname(const char *name, + char *buffer,size_t buflen) +{ + char buf2[1024]; + /* escape attribute */ + if(myldap_escape(name,buf2,sizeof(buf2))) + return -1; + /* build filter */ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_shadow_objectClass, + attmap_shadow_uid,buf2); +} + +static int mkfilter_shadow_all(char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(%s=%s)", + attmap_objectClass,attmap_shadow_objectClass); +} + static void shadow_attlst_init(void) { shadow_attlst[0]=attmap_shadow_uid; @@ -176,7 +197,7 @@ int nslcd_shadow_byname(TFILE *fp) { int32_t tmpint32; char name[256]; - struct ldap_args a; + char filter[1024]; int retv; struct spwd result; char buffer[1024]; @@ -189,11 +210,10 @@ int nslcd_shadow_byname(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_SHADOW_BYNAME); /* do the LDAP request */ - LA_INIT(a); - LA_STRING(a)=name; - LA_TYPE(a)=LA_TYPE_STRING; + mkfilter_shadow_byname(name,filter,sizeof(filter)); shadow_attlst_init(); - retv=nss2nslcd(_nss_ldap_getbyname(&a,&result,buffer,1024,&errnop,_nss_ldap_filt_getspnam,LM_SHADOW,shadow_attlst,_nss_ldap_parse_sp)); + retv=_nss_ldap_getbyname(&result,buffer,1024,&errnop,LM_SHADOW, + NULL,filter,shadow_attlst,_nss_ldap_parse_sp); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) diff --git a/nslcd/util.h b/nslcd/util.h index 6a27538..d51309c 100644 --- a/nslcd/util.h +++ b/nslcd/util.h @@ -51,4 +51,7 @@ enum nss_status _nss_ldap_dn2uid (const char *dn, int _nss_ldap_escape_string(const char *src,char *buffer,size_t buflen); +/* foreward compatibility hack */ +#define myldap_escape _nss_ldap_escape_string + #endif /* _LDAP_NSS_LDAP_UTIL_H */ |