Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nslcd/dnsconfig.c2
-rw-r--r--nslcd/group.c4
-rw-r--r--nslcd/ldap-nss.c244
-rw-r--r--nslcd/ldap-nss.h18
-rw-r--r--nslcd/passwd.c2
-rw-r--r--nslcd/util.c76
-rw-r--r--nslcd/util.h3
7 files changed, 152 insertions, 197 deletions
diff --git a/nslcd/dnsconfig.c b/nslcd/dnsconfig.c
index 12b0997..a2f8b4e 100644
--- a/nslcd/dnsconfig.c
+++ b/nslcd/dnsconfig.c
@@ -135,7 +135,7 @@ _nss_ldap_mergeconfigfromdns (struct ldap_config * result,
struct resource_record *rr;
char domain[MAXHOSTNAMELEN + 1];
char *pDomain;
- char uribuf[NSS_BUFSIZ];
+ char uribuf[1024];
if ((_res.options & RES_INIT) == 0 && res_init () == -1)
{
diff --git a/nslcd/group.c b/nslcd/group.c
index e537e96..faf7007 100644
--- a/nslcd/group.c
+++ b/nslcd/group.c
@@ -77,9 +77,9 @@ ldap_initgroups_args_t;
#define LDAP_NSS_MAXGR_DEPTH 16 /* maximum depth of group nesting for getgrent()/initgroups() */
#if LDAP_NSS_NGROUPS > 64
-#define LDAP_NSS_BUFLEN_GROUP (NSS_BUFSIZ + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX)))
+#define LDAP_NSS_BUFLEN_GROUP (1024 + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX)))
#else
-#define LDAP_NSS_BUFLEN_GROUP NSS_BUFSIZ
+#define LDAP_NSS_BUFLEN_GROUP 1024
#endif /* LDAP_NSS_NGROUPS > 64 */
#ifndef LOGNAME_MAX
diff --git a/nslcd/ldap-nss.c b/nslcd/ldap-nss.c
index f442037..021bc1e 100644
--- a/nslcd/ldap-nss.c
+++ b/nslcd/ldap-nss.c
@@ -1048,7 +1048,7 @@ do_init_session (LDAP ** ld, const char *uri, int defport)
{
int rc;
int ldaps;
- char uribuf[NSS_BUFSIZ];
+ char uribuf[1024];
char *p;
enum nss_status stat;
@@ -1931,7 +1931,7 @@ do_result (struct ent_context * ctx, int all)
* delay it until the setXXent() function is called.
*/
struct ent_context *
-_nss_ldap_ent_context_init_locked (struct ent_context ** pctx)
+_nss_ldap_ent_context_init_locked(struct ent_context **pctx)
{
struct ent_context *ctx;
@@ -1940,15 +1940,15 @@ _nss_ldap_ent_context_init_locked (struct ent_context ** pctx)
ctx = *pctx;
if (ctx == NULL)
+ {
+ ctx=(struct ent_context *)malloc(sizeof(struct ent_context));
+ if (ctx == NULL)
{
- ctx = (struct ent_context *) malloc (sizeof (*ctx));
- if (ctx == NULL)
- {
- debug ("<== _nss_ldap_ent_context_init_locked");
- return NULL;
- }
- *pctx = ctx;
+ debug ("<== _nss_ldap_ent_context_init_locked");
+ return NULL;
}
+ *pctx = ctx;
+ }
else
{
if (ctx->ec_res != NULL)
@@ -2051,10 +2051,8 @@ do_aggregate_filter (const char **values,
size_t len;
char filter[LDAP_FILT_MAXSIZ], escapedBuf[LDAP_FILT_MAXSIZ];
- stat =
- _nss_ldap_escape_string (*valueP, escapedBuf, sizeof (escapedBuf));
- if (stat != NSS_STATUS_SUCCESS)
- return stat;
+ if (_nss_ldap_escape_string (*valueP, escapedBuf, sizeof (escapedBuf)))
+ return NSS_STATUS_TRYAGAIN;
snprintf (filter, sizeof (filter), filterprot, escapedBuf);
len = strlen (filter);
@@ -2083,8 +2081,8 @@ do_aggregate_filter (const char **values,
* Do the necessary formatting to create a string filter.
*/
static enum nss_status
-do_filter (const struct ldap_args * args, const char *filterprot,
- struct ldap_service_search_descriptor * sd, char *userBuf,
+do_filter (const struct ldap_args *args, const char *filterprot,
+ struct ldap_service_search_descriptor *sd, char *userBuf,
size_t userBufSiz, char **dynamicUserBuf, const char **retFilter)
{
char buf1[LDAP_FILT_MAXSIZ], buf2[LDAP_FILT_MAXSIZ];
@@ -2114,11 +2112,11 @@ do_filter (const struct ldap_args * args, const char *filterprot,
switch (args->la_type)
{
case LA_TYPE_STRING:
- stat = _nss_ldap_escape_string (args->la_arg1.la_string, buf1,
- sizeof (buf1));
- if (stat != NSS_STATUS_SUCCESS)
+ if (_nss_ldap_escape_string(args->la_arg1.la_string,buf1,sizeof(buf1)))
+ {
+ stat=NSS_STATUS_TRYAGAIN;
break;
-
+ }
snprintf (filterBufP, filterSiz, filterprot, buf1);
break;
case LA_TYPE_NUMBER:
@@ -2126,24 +2124,24 @@ do_filter (const struct ldap_args * args, const char *filterprot,
args->la_arg1.la_number);
break;
case LA_TYPE_STRING_AND_STRING:
- stat = _nss_ldap_escape_string (args->la_arg1.la_string, buf1,
- sizeof (buf1));
- if (stat != NSS_STATUS_SUCCESS)
+ if (_nss_ldap_escape_string(args->la_arg1.la_string,buf1,sizeof(buf1)))
+ {
+ stat=NSS_STATUS_TRYAGAIN;
break;
-
- stat = _nss_ldap_escape_string (args->la_arg2.la_string, buf2,
- sizeof (buf2));
- if (stat != NSS_STATUS_SUCCESS)
+ }
+ if (_nss_ldap_escape_string(args->la_arg2.la_string,buf2,sizeof(buf2)))
+ {
+ stat=NSS_STATUS_TRYAGAIN;
break;
-
+ }
snprintf (filterBufP, filterSiz, filterprot, buf1, buf2);
break;
case LA_TYPE_NUMBER_AND_STRING:
- stat = _nss_ldap_escape_string (args->la_arg2.la_string, buf1,
- sizeof (buf1));
- if (stat != NSS_STATUS_SUCCESS)
+ if (_nss_ldap_escape_string(args->la_arg2.la_string,buf1,sizeof(buf1)))
+ {
+ stat=NSS_STATUS_TRYAGAIN;
break;
-
+ }
snprintf (filterBufP, filterSiz, filterprot,
args->la_arg1.la_number, buf1);
break;
@@ -2730,97 +2728,82 @@ _nss_ldap_next_attribute (LDAPMessage * entry, BerElement * ber)
* The generic synchronous lookup cover function.
* Assumes caller holds lock.
*/
-enum nss_status
-_nss_ldap_search_s (const struct ldap_args * args,
- const char *filterprot, enum ldap_map_selector sel, const
- char **user_attrs, int sizelimit, LDAPMessage ** res)
+enum nss_status _nss_ldap_search_s(
+ const struct ldap_args *args,
+ const char *filterprot,enum ldap_map_selector sel,
+ const char **user_attrs,int sizelimit,LDAPMessage **res)
{
char sdBase[LDAP_FILT_MAXSIZ];
- const char *base = NULL;
- char filterBuf[LDAP_FILT_MAXSIZ], *dynamicFilterBuf = NULL;
- const char **attrs, *filter;
+ const char *base=NULL;
+ char filterBuf[LDAP_FILT_MAXSIZ],*dynamicFilterBuf=NULL;
+ const char **attrs,*filter;
int scope;
enum nss_status stat;
- struct ldap_service_search_descriptor *sd = NULL;
-
+ struct ldap_service_search_descriptor *sd=NULL;
debug ("==> _nss_ldap_search_s");
-
- stat = do_init ();
- if (stat != NSS_STATUS_SUCCESS)
+ /* initilize session */
+ if ((stat=do_init())!=NSS_STATUS_SUCCESS)
{
debug ("<== _nss_ldap_search_s");
return stat;
}
-
/* Set some reasonable defaults. */
- base = __session.ls_config->ldc_base;
- scope = __session.ls_config->ldc_scope;
- attrs = NULL;
-
- if (args != NULL && args->la_base != NULL)
- {
- sel = LM_NONE;
- base = args->la_base;
- }
-
- if (sel < LM_NONE)
+ base=__session.ls_config->ldc_base;
+ scope=__session.ls_config->ldc_scope;
+ attrs=NULL;
+ /* if args includes a base, use that */
+ if (args!=NULL&&args->la_base!=NULL)
+ {
+ sel=LM_NONE;
+ base=args->la_base;
+ }
+ if (sel<LM_NONE)
+ {
+ /* get search descriptor */
+ sd=__session.ls_config->ldc_sds[sel];
+next:
+ if (sd!=NULL)
{
- sd = __session.ls_config->ldc_sds[sel];
- next:
- if (sd != NULL)
- {
- size_t len = strlen (sd->lsd_base);
- if (sd->lsd_base[len - 1] == ',')
- {
- /* is relative */
- snprintf (sdBase, sizeof (sdBase),
- "%s%s", sd->lsd_base,
- __session.ls_config->ldc_base);
- base = sdBase;
- }
- else
- {
- base = sd->lsd_base;
- }
-
- if (sd->lsd_scope != -1)
- {
- scope = sd->lsd_scope;
- }
- }
- attrs = __session.ls_config->ldc_attrtab[sel];
+ if (sd->lsd_base[strlen(sd->lsd_base)-1]==',')
+ {
+ /* is relative */
+ snprintf(sdBase,sizeof(sdBase),"%s%s", sd->lsd_base,__session.ls_config->ldc_base);
+ base=sdBase;
+ }
+ else
+ {
+ base=sd->lsd_base;
+ }
+ if (sd->lsd_scope!=-1)
+ {
+ scope=sd->lsd_scope;
+ }
}
-
- stat =
- do_filter (args, filterprot, sd, filterBuf, sizeof (filterBuf),
- &dynamicFilterBuf, &filter);
- if (stat != NSS_STATUS_SUCCESS)
+ attrs=__session.ls_config->ldc_attrtab[sel];
+ }
+ /* this may allocate dynamicFilterBuf */
+ stat=do_filter(args,filterprot,sd,filterBuf,sizeof(filterBuf),&dynamicFilterBuf,&filter);
+ if (stat!=NSS_STATUS_SUCCESS)
return stat;
-
- stat = do_with_reconnect (base, scope, filter,
- (user_attrs != NULL) ? user_attrs : attrs,
- sizelimit, res, (search_func_t) do_search_s);
-
- if (dynamicFilterBuf != NULL)
- {
- free (dynamicFilterBuf);
- dynamicFilterBuf = NULL;
- }
-
+ stat=do_with_reconnect(
+ base,scope,filter,(user_attrs!=NULL)?user_attrs:attrs,
+ sizelimit,res,(search_func_t)do_search_s);
+ if (dynamicFilterBuf!=NULL)
+ {
+ free(dynamicFilterBuf);
+ dynamicFilterBuf=NULL;
+ }
/* If no entry was returned, try the next search descriptor. */
if (sd != NULL && sd->lsd_next != NULL)
+ {
+ if (stat==NSS_STATUS_NOTFOUND ||
+ (stat==NSS_STATUS_SUCCESS &&
+ ldap_first_entry(__session.ls_conn,*res)==NULL))
{
- if (stat == NSS_STATUS_NOTFOUND ||
- (stat == NSS_STATUS_SUCCESS &&
- ldap_first_entry (__session.ls_conn, *res) == NULL))
- {
- sd = sd->lsd_next;
- goto next;
- }
+ sd=sd->lsd_next;
+ goto next;
}
-
- debug ("<== _nss_ldap_search_s");
-
+ }
return stat;
}
@@ -3538,10 +3521,10 @@ _nss_ldap_assign_userpassword (LDAPMessage * e,
return NSS_STATUS_UNAVAIL;
}
- vals = ldap_get_values (__session.ls_conn, e, (char *) attr);
- pwd = _nss_ldap_locate_userpassword (vals);
+ vals=ldap_get_values(__session.ls_conn,e,(char *)attr);
+ pwd=_nss_ldap_locate_userpassword(vals);
- vallen = strlen (pwd);
+ vallen=strlen(pwd);
if (*buflen < (size_t) (vallen + 1))
{
@@ -3571,36 +3554,27 @@ _nss_ldap_assign_userpassword (LDAPMessage * e,
return NSS_STATUS_SUCCESS;
}
-enum nss_status
-_nss_ldap_oc_check (LDAPMessage * e, const char *oc)
+int has_objectclass(LDAPMessage *entry,const char *objectclass)
{
- char **vals, **valiter;
- enum nss_status ret = NSS_STATUS_NOTFOUND;
-
- if (__session.ls_conn == NULL)
- {
- return NSS_STATUS_UNAVAIL;
- }
-
- vals = ldap_get_values (__session.ls_conn, e, AT (objectClass));
- if (vals != NULL)
- {
- for (valiter = vals; *valiter != NULL; valiter++)
- {
- if (strcasecmp (*valiter, oc) == 0)
- {
- ret = NSS_STATUS_SUCCESS;
- break;
- }
- }
- }
-
- if (vals != NULL)
+ char **vals;
+ int i;
+ LDAP *ld;
+ ld=__session.ls_conn;
+ if (ld==NULL)
+ return 0;
+ vals=ldap_get_values(ld,entry,AT(objectClass));
+ if (vals==NULL)
+ return 0;
+ for (i=0;vals[i]!=NULL;i++)
+ {
+ if (strcasecmp(vals[i],objectclass)==0)
{
- ldap_value_free (vals);
+ ldap_value_free(vals);
+ return -1;
}
-
- return ret;
+ }
+ ldap_value_free(vals);
+ return 0;
}
#ifdef HAVE_SHADOW_H
diff --git a/nslcd/ldap-nss.h b/nslcd/ldap-nss.h
index b59d774..337de91 100644
--- a/nslcd/ldap-nss.h
+++ b/nslcd/ldap-nss.h
@@ -48,14 +48,6 @@
#include "ldap-schema.h"
-#ifndef NSS_BUFSIZ
-#define NSS_BUFSIZ 1024
-#endif
-
-#ifndef NSS_BUFLEN_GROUP
-#define NSS_BUFLEN_GROUP LDAP_NSS_BUFLEN_GROUP
-#endif
-
#ifndef LDAP_FILT_MAXSIZ
#define LDAP_FILT_MAXSIZ 1024
#endif /* not LDAP_FILT_MAXSIZ */
@@ -544,11 +536,6 @@ enum nss_status _nss_ldap_getbyname (struct ldap_args * args, /* IN/OUT *
enum ldap_map_selector sel, /* IN */
parser_t parser /* IN */ );
-int _nss_ldap_searchbyname(struct ldap_args *args, /* IN/OUT */
- const char *filterprot, /* IN */
- enum ldap_map_selector sel, /* IN */
- FILE *fp,NEWparser_t parser /* IN */ );
-
/* parsing utility functions */
enum nss_status _nss_ldap_assign_attrvals (LDAPMessage * e, /* IN */
@@ -559,7 +546,6 @@ enum nss_status _nss_ldap_assign_attrvals (LDAPMessage * e, /* IN */
size_t * buflen, /* IN/OUT */
size_t * pvalcount /* OUT */ );
-int _nss_ldap_write_attrvals(FILE *fp,LDAPMessage *e,const char *attr);
enum nss_status _nss_ldap_assign_attrval (LDAPMessage * e, /* IN */
const char *attr, /* IN */
@@ -576,7 +562,9 @@ enum nss_status _nss_ldap_assign_userpassword (LDAPMessage * e, /* IN */
char **buffer, /* IN/OUT */
size_t * buflen); /* IN/OUT */
-enum nss_status _nss_ldap_oc_check (LDAPMessage * e, const char *oc);
+/* check that the entry has the specified objectclass
+ return 0 for false, not-0 for true */
+int has_objectclass(LDAPMessage *entry,const char *objectclass);
int _nss_ldap_shadow_date(const char *val);
void _nss_ldap_shadow_handle_flag(struct spwd *sp);
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index abdb104..eeca355 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -87,7 +87,7 @@ static enum nss_status _nss_ldap_parse_pw (LDAPMessage * e,
tmpbuf[ sizeof(tmpbuf) - 1 ] = '\0';
- if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_STATUS_SUCCESS)
+ if (has_objectclass(e,"shadowAccount"))
{
/* don't include password for shadowAccount */
if (buflen < 3)
diff --git a/nslcd/util.c b/nslcd/util.c
index 57d6a10..4dbdaca 100644
--- a/nslcd/util.c
+++ b/nslcd/util.c
@@ -237,7 +237,7 @@ _nss_ldap_dn2uid (const char *dn, char **uid, char **buffer, size_t * buflen,
LDAPMessage *e = _nss_ldap_first_entry (res);
if (e != NULL)
{
- if (_nss_ldap_oc_check (e, OC (posixGroup)) == NSS_STATUS_SUCCESS)
+ if (has_objectclass(e,OC(posixGroup)))
{
*pIsNestedGroup = 1;
*pRes = res;
@@ -1347,49 +1347,43 @@ _nss_ldap_readconfig (struct ldap_config ** presult, char **buffer, size_t *bufl
return status;
}
-enum nss_status
-_nss_ldap_escape_string (const char *str, char *buf, size_t buflen)
+int _nss_ldap_escape_string(const char *src,char *buffer,size_t buflen)
{
- int ret = NSS_STATUS_TRYAGAIN;
- char *p = buf;
- char *limit = p + buflen - 3;
- const char *s = str;
-
- while (p < limit && *s)
- {
- switch (*s)
- {
- case '*':
- strcpy (p, "\\2a");
- p += 3;
- break;
- case '(':
- strcpy (p, "\\28");
- p += 3;
- break;
- case ')':
- strcpy (p, "\\29");
- p += 3;
- break;
- case '\\':
- strcpy (p, "\\5c");
- p += 3;
- break;
- default:
- *p++ = *s;
- break;
- }
- s++;
- }
-
- if (*s == '\0')
+ int pos=0;
+ /* go over all characters in source string */
+ for (;*src!='\0';src++)
+ {
+ /* check if char will fit */
+ if (pos>=(buflen+4))
+ return -1;
+ /* do escaping for some characters */
+ switch (*src)
{
- /* got to end */
- *p = '\0';
- ret = NSS_STATUS_SUCCESS;
+ case '*':
+ strcpy(buffer+pos,"\\2a");
+ pos+=3;
+ break;
+ case '(':
+ strcpy(buffer+pos,"\\28");
+ pos+=3;
+ break;
+ case ')':
+ strcpy(buffer+pos,"\\29");
+ pos+=3;
+ break;
+ case '\\':
+ strcpy(buffer+pos,"\\5c");
+ pos+=3;
+ break;
+ default:
+ /* just copy character */
+ buffer[pos++]=*src;
+ break;
}
-
- return ret;
+ }
+ /* terminate destination string */
+ buffer[pos]='\0';
+ return 0;
}
/* XXX just a linked list for now */
diff --git a/nslcd/util.h b/nslcd/util.h
index f193916..25006ff 100644
--- a/nslcd/util.h
+++ b/nslcd/util.h
@@ -82,8 +82,7 @@ enum nss_status _nss_ldap_validateconfig (struct ldap_config *config);
* Escape '*' in a string for use as a filter
*/
-enum nss_status _nss_ldap_escape_string (const char *str,
- char *buf, size_t buflen);
+int _nss_ldap_escape_string(const char *str,char *buf,size_t buflen);
struct ldap_datum
{