diff options
Diffstat (limited to 'nslcd')
-rw-r--r-- | nslcd/alias.c | 70 | ||||
-rw-r--r-- | nslcd/attmap.c | 193 | ||||
-rw-r--r-- | nslcd/attmap.h | 11 | ||||
-rw-r--r-- | nslcd/cfg.c | 1255 | ||||
-rw-r--r-- | nslcd/cfg.h | 14 | ||||
-rw-r--r-- | nslcd/common.c | 187 | ||||
-rw-r--r-- | nslcd/common.h | 235 | ||||
-rw-r--r-- | nslcd/config.c | 18 | ||||
-rw-r--r-- | nslcd/ether.c | 120 | ||||
-rw-r--r-- | nslcd/group.c | 276 | ||||
-rw-r--r-- | nslcd/host.c | 120 | ||||
-rw-r--r-- | nslcd/log.c | 97 | ||||
-rw-r--r-- | nslcd/log.h | 8 | ||||
-rw-r--r-- | nslcd/myldap.c | 1477 | ||||
-rw-r--r-- | nslcd/myldap.h | 40 | ||||
-rw-r--r-- | nslcd/netgroup.c | 189 | ||||
-rw-r--r-- | nslcd/network.c | 114 | ||||
-rw-r--r-- | nslcd/nslcd.c | 649 | ||||
-rw-r--r-- | nslcd/nsswitch.c | 108 | ||||
-rw-r--r-- | nslcd/pam.c | 641 | ||||
-rw-r--r-- | nslcd/passwd.c | 432 | ||||
-rw-r--r-- | nslcd/protocol.c | 124 | ||||
-rw-r--r-- | nslcd/rpc.c | 130 | ||||
-rw-r--r-- | nslcd/service.c | 179 | ||||
-rw-r--r-- | nslcd/shadow.c | 315 |
25 files changed, 3547 insertions, 3455 deletions
diff --git a/nslcd/alias.c b/nslcd/alias.c index 80e8924..fc88034 100644 --- a/nslcd/alias.c +++ b/nslcd/alias.c @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong + Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -62,79 +62,77 @@ static const char *alias_attrs[3]; /* create a search filter for searching an alias by name, return -1 on errors */ static int mkfilter_alias_byname(const char *name, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if (myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - alias_filter, - attmap_alias_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + alias_filter, attmap_alias_cn, safename); } void alias_init(void) { int i; /* set up search bases */ - if (alias_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - alias_bases[i]=nslcd_cfg->ldc_bases[i]; + if (alias_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + alias_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (alias_scope==LDAP_SCOPE_DEFAULT) - alias_scope=nslcd_cfg->ldc_scope; + if (alias_scope == LDAP_SCOPE_DEFAULT) + alias_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - alias_attrs[0]=attmap_alias_cn; - alias_attrs[1]=attmap_alias_rfc822MailMember; - alias_attrs[2]=NULL; + alias_attrs[0] = attmap_alias_cn; + alias_attrs[1] = attmap_alias_rfc822MailMember; + alias_attrs[2] = NULL; } -static int write_alias(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqalias) +static int write_alias(TFILE *fp, MYLDAP_ENTRY *entry, const char *reqalias) { - int32_t tmpint32,tmp2int32,tmp3int32; - const char **names,**members; + int32_t tmpint32, tmp2int32, tmp3int32; + const char **names, **members; int i; /* get the name of the alias */ - names=myldap_get_values(entry,attmap_alias_cn); - if ((names==NULL)||(names[0]==NULL)) + names = myldap_get_values(entry, attmap_alias_cn); + if ((names == NULL) || (names[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_alias_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_alias_cn); return 0; } /* get the members of the alias */ - members=myldap_get_values(entry,attmap_alias_rfc822MailMember); + members = myldap_get_values(entry, attmap_alias_rfc822MailMember); /* for each name, write an entry */ - for (i=0;names[i]!=NULL;i++) + for (i = 0; names[i] != NULL; i++) { - if ((reqalias==NULL)||(strcasecmp(reqalias,names[i])==0)) + if ((reqalias == NULL) || (strcasecmp(reqalias, names[i]) == 0)) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,names[i]); - WRITE_STRINGLIST(fp,members); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, names[i]); + WRITE_STRINGLIST(fp, members); } } return 0; } NSLCD_HANDLE( - alias,byname, + alias, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("alias=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("alias=\"%s\"", name);, NSLCD_ACTION_ALIAS_BYNAME, - mkfilter_alias_byname(name,filter,sizeof(filter)), - write_alias(fp,entry,name) + mkfilter_alias_byname(name, filter, sizeof(filter)), + write_alias(fp, entry, name) ) NSLCD_HANDLE( - alias,all, + alias, all, const char *filter; log_setrequest("alias(all)");, NSLCD_ACTION_ALIAS_ALL, - (filter=alias_filter,0), - write_alias(fp,entry,NULL) + (filter = alias_filter, 0), + write_alias(fp, entry, NULL) ) diff --git a/nslcd/attmap.c b/nslcd/attmap.c index 6128ffb..2480096 100644 --- a/nslcd/attmap.c +++ b/nslcd/attmap.c @@ -2,7 +2,7 @@ attmap.c - attribute mapping values and functions This file is part of the nss-pam-ldapd library. - Copyright (C) 2007, 2008, 2009, 2010, 2011 Arthur de Jong + Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -128,168 +128,169 @@ const char **filter_get_var(enum ldap_map_selector map) } } -const char **attmap_get_var(enum ldap_map_selector map,const char *name) +const char **attmap_get_var(enum ldap_map_selector map, const char *name) { - if (map==LM_ALIASES) + if (map == LM_ALIASES) { - if (strcasecmp(name,"cn")==0) return &attmap_alias_cn; - if (strcasecmp(name,"rfc822MailMember")==0) return &attmap_alias_rfc822MailMember; + if (strcasecmp(name, "cn") == 0) return &attmap_alias_cn; + if (strcasecmp(name, "rfc822MailMember") == 0) return &attmap_alias_rfc822MailMember; } - else if (map==LM_ETHERS) + else if (map == LM_ETHERS) { - if (strcasecmp(name,"cn")==0) return &attmap_ether_cn; - if (strcasecmp(name,"macAddress")==0) return &attmap_ether_macAddress; + if (strcasecmp(name, "cn") == 0) return &attmap_ether_cn; + if (strcasecmp(name, "macAddress") == 0) return &attmap_ether_macAddress; } - else if (map==LM_GROUP) + else if (map == LM_GROUP) { - if (strcasecmp(name,"cn")==0) return &attmap_group_cn; - if (strcasecmp(name,"userPassword")==0) return &attmap_group_userPassword; - if (strcasecmp(name,"gidNumber")==0) return &attmap_group_gidNumber; - if (strcasecmp(name,"memberUid")==0) return &attmap_group_memberUid; - if (strcasecmp(name,"member")==0) return &attmap_group_member; + if (strcasecmp(name, "cn") == 0) return &attmap_group_cn; + if (strcasecmp(name, "userPassword") == 0) return &attmap_group_userPassword; + if (strcasecmp(name, "gidNumber") == 0) return &attmap_group_gidNumber; + if (strcasecmp(name, "memberUid") == 0) return &attmap_group_memberUid; + if (strcasecmp(name, "member") == 0) return &attmap_group_member; } - else if (map==LM_HOSTS) + else if (map == LM_HOSTS) { - if (strcasecmp(name,"cn")==0) return &attmap_host_cn; - if (strcasecmp(name,"ipHostNumber")==0) return &attmap_host_ipHostNumber; + if (strcasecmp(name, "cn") == 0) return &attmap_host_cn; + if (strcasecmp(name, "ipHostNumber") == 0) return &attmap_host_ipHostNumber; } - else if (map==LM_NETGROUP) + else if (map == LM_NETGROUP) { - if (strcasecmp(name,"cn")==0) return &attmap_netgroup_cn; - if (strcasecmp(name,"nisNetgroupTriple")==0) return &attmap_netgroup_nisNetgroupTriple; - if (strcasecmp(name,"memberNisNetgroup")==0) return &attmap_netgroup_memberNisNetgroup; + if (strcasecmp(name, "cn") == 0) return &attmap_netgroup_cn; + if (strcasecmp(name, "nisNetgroupTriple") == 0) return &attmap_netgroup_nisNetgroupTriple; + if (strcasecmp(name, "memberNisNetgroup") == 0) return &attmap_netgroup_memberNisNetgroup; } - else if (map==LM_NETWORKS) + else if (map == LM_NETWORKS) { - if (strcasecmp(name,"cn")==0) return &attmap_network_cn; - if (strcasecmp(name,"ipNetworkNumber")==0) return &attmap_network_ipNetworkNumber; + if (strcasecmp(name, "cn") == 0) return &attmap_network_cn; + if (strcasecmp(name, "ipNetworkNumber") == 0) return &attmap_network_ipNetworkNumber; } - else if (map==LM_PASSWD) + else if (map == LM_PASSWD) { - if (strcasecmp(name,"uid")==0) return &attmap_passwd_uid; - if (strcasecmp(name,"userPassword")==0) return &attmap_passwd_userPassword; - if (strcasecmp(name,"uidNumber")==0) return &attmap_passwd_uidNumber; - if (strcasecmp(name,"gidNumber")==0) return &attmap_passwd_gidNumber; - if (strcasecmp(name,"gecos")==0) return &attmap_passwd_gecos; - if (strcasecmp(name,"homeDirectory")==0) return &attmap_passwd_homeDirectory; - if (strcasecmp(name,"loginShell")==0) return &attmap_passwd_loginShell; + if (strcasecmp(name, "uid") == 0) return &attmap_passwd_uid; + if (strcasecmp(name, "userPassword") == 0) return &attmap_passwd_userPassword; + if (strcasecmp(name, "uidNumber") == 0) return &attmap_passwd_uidNumber; + if (strcasecmp(name, "gidNumber") == 0) return &attmap_passwd_gidNumber; + if (strcasecmp(name, "gecos") == 0) return &attmap_passwd_gecos; + if (strcasecmp(name, "homeDirectory") == 0) return &attmap_passwd_homeDirectory; + if (strcasecmp(name, "loginShell") == 0) return &attmap_passwd_loginShell; } - else if (map==LM_PROTOCOLS) + else if (map == LM_PROTOCOLS) { - if (strcasecmp(name,"cn")==0) return &attmap_protocol_cn; - if (strcasecmp(name,"ipProtocolNumber")==0) return &attmap_protocol_ipProtocolNumber; + if (strcasecmp(name, "cn") == 0) return &attmap_protocol_cn; + if (strcasecmp(name, "ipProtocolNumber") == 0) return &attmap_protocol_ipProtocolNumber; } - else if (map==LM_RPC) + else if (map == LM_RPC) { - if (strcasecmp(name,"cn")==0) return &attmap_rpc_cn; - if (strcasecmp(name,"oncRpcNumber")==0) return &attmap_rpc_oncRpcNumber; + if (strcasecmp(name, "cn") == 0) return &attmap_rpc_cn; + if (strcasecmp(name, "oncRpcNumber") == 0) return &attmap_rpc_oncRpcNumber; } - else if (map==LM_SERVICES) + else if (map == LM_SERVICES) { - if (strcasecmp(name,"cn")==0) return &attmap_service_cn; - if (strcasecmp(name,"ipServicePort")==0) return &attmap_service_ipServicePort; - if (strcasecmp(name,"ipServiceProtocol")==0) return &attmap_service_ipServiceProtocol; + if (strcasecmp(name, "cn") == 0) return &attmap_service_cn; + if (strcasecmp(name, "ipServicePort") == 0) return &attmap_service_ipServicePort; + if (strcasecmp(name, "ipServiceProtocol") == 0) return &attmap_service_ipServiceProtocol; } - else if (map==LM_SHADOW) + else if (map == LM_SHADOW) { - if (strcasecmp(name,"uid")==0) return &attmap_shadow_uid; - if (strcasecmp(name,"userPassword")==0) return &attmap_shadow_userPassword; - if (strcasecmp(name,"shadowLastChange")==0) return &attmap_shadow_shadowLastChange; - if (strcasecmp(name,"shadowMin")==0) return &attmap_shadow_shadowMin; - if (strcasecmp(name,"shadowMax")==0) return &attmap_shadow_shadowMax; - if (strcasecmp(name,"shadowWarning")==0) return &attmap_shadow_shadowWarning; - if (strcasecmp(name,"shadowInactive")==0) return &attmap_shadow_shadowInactive; - if (strcasecmp(name,"shadowExpire")==0) return &attmap_shadow_shadowExpire; - if (strcasecmp(name,"shadowFlag")==0) return &attmap_shadow_shadowFlag; + if (strcasecmp(name, "uid") == 0) return &attmap_shadow_uid; + if (strcasecmp(name, "userPassword") == 0) return &attmap_shadow_userPassword; + if (strcasecmp(name, "shadowLastChange") == 0) return &attmap_shadow_shadowLastChange; + if (strcasecmp(name, "shadowMin") == 0) return &attmap_shadow_shadowMin; + if (strcasecmp(name, "shadowMax") == 0) return &attmap_shadow_shadowMax; + if (strcasecmp(name, "shadowWarning") == 0) return &attmap_shadow_shadowWarning; + if (strcasecmp(name, "shadowInactive") == 0) return &attmap_shadow_shadowInactive; + if (strcasecmp(name, "shadowExpire") == 0) return &attmap_shadow_shadowExpire; + if (strcasecmp(name, "shadowFlag") == 0) return &attmap_shadow_shadowFlag; } return NULL; } -const char *attmap_set_mapping(const char **var,const char *value) +const char *attmap_set_mapping(const char **var, const char *value) { /* check if we are setting an expression */ - if (value[0]=='"') + if (value[0] == '"') { /* these attributes may contain an expression (note that this needs to match the functionality in the specific lookup module) */ - if ( (var!=&attmap_group_userPassword) && - (var!=&attmap_passwd_userPassword) && - (var!=&attmap_passwd_gidNumber) && - (var!=&attmap_passwd_gecos) && - (var!=&attmap_passwd_homeDirectory) && - (var!=&attmap_passwd_loginShell) && - (var!=&attmap_shadow_userPassword) && - (var!=&attmap_shadow_shadowLastChange) && - (var!=&attmap_shadow_shadowMin) && - (var!=&attmap_shadow_shadowMax) && - (var!=&attmap_shadow_shadowWarning) && - (var!=&attmap_shadow_shadowInactive) && - (var!=&attmap_shadow_shadowExpire) && - (var!=&attmap_shadow_shadowFlag) ) + if ((var != &attmap_group_userPassword) && + (var != &attmap_passwd_userPassword) && + (var != &attmap_passwd_gidNumber) && + (var != &attmap_passwd_gecos) && + (var != &attmap_passwd_homeDirectory) && + (var != &attmap_passwd_loginShell) && + (var != &attmap_shadow_userPassword) && + (var != &attmap_shadow_shadowLastChange) && + (var != &attmap_shadow_shadowMin) && + (var != &attmap_shadow_shadowMax) && + (var != &attmap_shadow_shadowWarning) && + (var != &attmap_shadow_shadowInactive) && + (var != &attmap_shadow_shadowExpire) && + (var != &attmap_shadow_shadowFlag)) return NULL; } /* check if the value will be changed */ - if ( (*var==NULL) || (strcmp(*var,value)!=0) ) - *var=strdup(value); + if ((*var == NULL) || (strcmp(*var, value) != 0)) + *var = strdup(value); return *var; } -static const char *entry_expand(const char *name,void *expander_attr) +static const char *entry_expand(const char *name, void *expander_attr) { - MYLDAP_ENTRY *entry=(MYLDAP_ENTRY *)expander_attr; + MYLDAP_ENTRY *entry = (MYLDAP_ENTRY *)expander_attr; const char **values; - if (strcasecmp(name,"dn")==0) + if (strcasecmp(name, "dn") == 0) return myldap_get_dn(entry); - values=myldap_get_values(entry,name); - if (values==NULL) + values = myldap_get_values(entry, name); + if (values == NULL) return ""; /* TODO: handle userPassword attribute specially */ - if ((values[0]!=NULL)&&(values[1]!=NULL)) + if ((values[0] != NULL) && (values[1] != NULL)) { - log_log(LOG_WARNING,"%s: %s: multiple values", - myldap_get_dn(entry),name); + log_log(LOG_WARNING, "%s: %s: multiple values", + myldap_get_dn(entry), name); } return values[0]; } -const char *attmap_get_value(MYLDAP_ENTRY *entry,const char *attr,char *buffer,size_t buflen) +const char *attmap_get_value(MYLDAP_ENTRY *entry, const char *attr, + char *buffer, size_t buflen) { const char **values; /* check and clear buffer */ - if ((buffer==NULL)||(buflen<=0)) + if ((buffer == NULL) || (buflen <= 0)) return NULL; - buffer[0]='\0'; + buffer[0] = '\0'; /* for simple values just return the attribute */ - if (attr[0]!='"') + if (attr[0] != '"') { - values=myldap_get_values(entry,attr); - if ((values==NULL)||(values[0]==NULL)) + values = myldap_get_values(entry, attr); + if ((values == NULL) || (values[0] == NULL)) return NULL; - strncpy(buffer,values[0],buflen); - buffer[buflen-1]='\0'; + strncpy(buffer, values[0], buflen); + buffer[buflen - 1] = '\0'; return buffer; /* TODO: maybe warn when multiple values are found */ } /* we have an expression, try to parse */ - if ( (attr[strlen(attr)-1]!='"') || - (expr_parse(attr+1,buffer,buflen,entry_expand,(void *)entry)==NULL) ) + if ((attr[strlen(attr) - 1] != '"') || + (expr_parse(attr + 1, buffer, buflen, entry_expand, (void *)entry) == NULL)) { - log_log(LOG_ERR,"attribute mapping %s is invalid",attr); - buffer[0]='\0'; + log_log(LOG_ERR, "attribute mapping %s is invalid", attr); + buffer[0] = '\0'; return NULL; } /* strip trailing " */ - if (buffer[strlen(buffer)-1]=='"') - buffer[strlen(buffer)-1]='\0'; + if (buffer[strlen(buffer) - 1] == '"') + buffer[strlen(buffer) - 1] = '\0'; return buffer; } -SET *attmap_add_attributes(SET *set,const char *attr) +SET *attmap_add_attributes(SET *set, const char *attr) { - if (attr[0]!='\"') - set_add(set,attr); + if (attr[0] != '\"') + set_add(set, attr); else - expr_vars(attr,set); + expr_vars(attr, set); return set; } diff --git a/nslcd/attmap.h b/nslcd/attmap.h index 83d3489..81859ab 100644 --- a/nslcd/attmap.h +++ b/nslcd/attmap.h @@ -2,7 +2,7 @@ attmap.h - attribute mapping variables This file is part of the nss-pam-ldapd library. - Copyright (C) 2007, 2008, 2009, 2010 Arthur de Jong + Copyright (C) 2007, 2008, 2009, 2010, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -80,19 +80,20 @@ const char **filter_get_var(enum ldap_map_selector map); /* return a reference to the attribute mapping variable for the specified name the name is the name after the attmap_... variables above with the underscode replaced by a dot (e.g passwd.homeDirectory) */ -const char **attmap_get_var(enum ldap_map_selector map,const char *name); +const char **attmap_get_var(enum ldap_map_selector map, const char *name); /* Set the attribute mapping of the variable to the value specified. Returns the new value on success. */ -MUST_USE const char *attmap_set_mapping(const char **var,const char *value); +MUST_USE const char *attmap_set_mapping(const char **var, const char *value); /* Return a value for the attribute, handling the case where attr is an expression. On error (e.g. problem parsing expression, attribute value not found) it returns NULL and the buffer is made empty. */ -const char *attmap_get_value(MYLDAP_ENTRY *entry,const char *attr,char *buffer,size_t buflen); +const char *attmap_get_value(MYLDAP_ENTRY *entry, const char *attr, + char *buffer, size_t buflen); /* Add the attributes from attr to the set. The attr argumenent can either be an attribute or an attribute expression. */ -SET *attmap_add_attributes(SET *set,const char *attr); +SET *attmap_add_attributes(SET *set, const char *attr); #endif /* not NSLCD__ATTMAP_H */ diff --git a/nslcd/cfg.c b/nslcd/cfg.c index ceab48c..9b1161d 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -59,7 +59,7 @@ #include "attmap.h" #include "common/expr.h" -struct ldap_config *nslcd_cfg=NULL; +struct ldap_config *nslcd_cfg = NULL; /* the maximum line length in the configuration file */ #define MAX_LINE_LENGTH 4096 @@ -68,210 +68,214 @@ struct ldap_config *nslcd_cfg=NULL; #define TOKEN_DELIM " \t\n\r" /* convenient wrapper macro for ldap_set_option() */ -#define LDAP_SET_OPTION(ld,option,invalue) \ - rc=ldap_set_option(ld,option,invalue); \ - if (rc!=LDAP_SUCCESS) \ - { \ - log_log(LOG_ERR,"ldap_set_option(" #option ") failed: %s",ldap_err2string(rc)); \ - exit(EXIT_FAILURE); \ +#define LDAP_SET_OPTION(ld, option, invalue) \ + rc = ldap_set_option(ld, option, invalue); \ + if (rc != LDAP_SUCCESS) \ + { \ + log_log(LOG_ERR, "ldap_set_option(" #option ") failed: %s", \ + ldap_err2string(rc)); \ + exit(EXIT_FAILURE); \ } /* prototype for parse_validnames_statement() because it is used in cfg_defaults() */ -static void parse_validnames_statement(const char *filename,int lnr, - const char *keyword,char *line,struct ldap_config *cfg); +static void parse_validnames_statement(const char *filename, int lnr, + const char *keyword, char *line, + struct ldap_config *cfg); /* set the configuration information to the defaults */ static void cfg_defaults(struct ldap_config *cfg) { int i; - memset(cfg,0,sizeof(struct ldap_config)); - cfg->ldc_threads=5; - cfg->ldc_uidname=NULL; - cfg->ldc_uid=NOUID; - cfg->ldc_gid=NOGID; - cfg->ldc_ignorecase=0; - for (i=0;i<(NSS_LDAP_CONFIG_URI_MAX+1);i++) + memset(cfg, 0, sizeof(struct ldap_config)); + cfg->ldc_threads = 5; + cfg->ldc_uidname = NULL; + cfg->ldc_uid = NOUID; + cfg->ldc_gid = NOGID; + cfg->ldc_ignorecase = 0; + for (i = 0; i < (NSS_LDAP_CONFIG_URI_MAX + 1); i++) { - cfg->ldc_uris[i].uri=NULL; - cfg->ldc_uris[i].firstfail=0; - cfg->ldc_uris[i].lastfail=0; + cfg->ldc_uris[i].uri = NULL; + cfg->ldc_uris[i].firstfail = 0; + cfg->ldc_uris[i].lastfail = 0; } #ifdef LDAP_VERSION3 - cfg->ldc_version=LDAP_VERSION3; + cfg->ldc_version = LDAP_VERSION3; #else /* LDAP_VERSION3 */ - cfg->ldc_version=LDAP_VERSION2; + cfg->ldc_version = LDAP_VERSION2; #endif /* not LDAP_VERSION3 */ - cfg->ldc_binddn=NULL; - cfg->ldc_bindpw=NULL; - cfg->ldc_rootpwmoddn=NULL; - cfg->ldc_rootpwmodpw=NULL; - cfg->ldc_sasl_mech=NULL; - cfg->ldc_sasl_realm=NULL; - cfg->ldc_sasl_authcid=NULL; - cfg->ldc_sasl_authzid=NULL; - cfg->ldc_sasl_secprops=NULL; + cfg->ldc_binddn = NULL; + cfg->ldc_bindpw = NULL; + cfg->ldc_rootpwmoddn = NULL; + cfg->ldc_rootpwmodpw = NULL; + cfg->ldc_sasl_mech = NULL; + cfg->ldc_sasl_realm = NULL; + cfg->ldc_sasl_authcid = NULL; + cfg->ldc_sasl_authzid = NULL; + cfg->ldc_sasl_secprops = NULL; #ifdef LDAP_OPT_X_SASL_NOCANON - cfg->ldc_sasl_canonicalize=-1; + cfg->ldc_sasl_canonicalize = -1; #endif /* LDAP_OPT_X_SASL_NOCANON */ - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - cfg->ldc_bases[i]=NULL; - cfg->ldc_scope=LDAP_SCOPE_SUBTREE; - cfg->ldc_deref=LDAP_DEREF_NEVER; - cfg->ldc_referrals=1; - cfg->ldc_bind_timelimit=10; - cfg->ldc_timelimit=LDAP_NO_LIMIT; - cfg->ldc_idle_timelimit=0; - cfg->ldc_reconnect_sleeptime=1; - cfg->ldc_reconnect_retrytime=10; + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + cfg->ldc_bases[i] = NULL; + cfg->ldc_scope = LDAP_SCOPE_SUBTREE; + cfg->ldc_deref = LDAP_DEREF_NEVER; + cfg->ldc_referrals = 1; + cfg->ldc_bind_timelimit = 10; + cfg->ldc_timelimit = LDAP_NO_LIMIT; + cfg->ldc_idle_timelimit = 0; + cfg->ldc_reconnect_sleeptime = 1; + cfg->ldc_reconnect_retrytime = 10; #ifdef LDAP_OPT_X_TLS - cfg->ldc_ssl_on=SSL_OFF; + cfg->ldc_ssl_on = SSL_OFF; #endif /* LDAP_OPT_X_TLS */ - cfg->ldc_restart=1; - cfg->ldc_pagesize=0; - cfg->ldc_nss_initgroups_ignoreusers=NULL; - for (i=0;i<NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES;i++) - cfg->ldc_pam_authz_search[i]=NULL; - cfg->ldc_nss_min_uid=0; - parse_validnames_statement(__FILE__,__LINE__,"", - "/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i",cfg); - cfg->pam_password_prohibit_message=NULL; + cfg->ldc_restart = 1; + cfg->ldc_pagesize = 0; + cfg->ldc_nss_initgroups_ignoreusers = NULL; + for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++) + cfg->ldc_pam_authz_search[i] = NULL; + cfg->ldc_nss_min_uid = 0; + parse_validnames_statement(__FILE__, __LINE__, "", + "/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i", + cfg); + cfg->pam_password_prohibit_message = NULL; } /* simple strdup wrapper */ static char *xstrdup(const char *s) { char *tmp; - if (s==NULL) + if (s == NULL) { - log_log(LOG_CRIT,"xstrdup() called with NULL"); + log_log(LOG_CRIT, "xstrdup() called with NULL"); exit(EXIT_FAILURE); } - tmp=strdup(s); - if (tmp==NULL) + tmp = strdup(s); + if (tmp == NULL) { - log_log(LOG_CRIT,"strdup() failed to allocate memory"); + log_log(LOG_CRIT, "strdup() failed to allocate memory"); exit(EXIT_FAILURE); } return tmp; } /* add a single URI to the list of URIs in the configuration */ -static void add_uri(const char *filename,int lnr, - struct ldap_config *cfg,const char *uri) +static void add_uri(const char *filename, int lnr, + struct ldap_config *cfg, const char *uri) { int i; - log_log(LOG_DEBUG,"add_uri(%s)",uri); + log_log(LOG_DEBUG, "add_uri(%s)", uri); /* find the place where to insert the URI */ - for (i=0;cfg->ldc_uris[i].uri!=NULL;i++) - ; + for (i = 0; cfg->ldc_uris[i].uri != NULL; i++) + /* nothing */ ; /* check for room */ - if (i>=NSS_LDAP_CONFIG_URI_MAX) + if (i >= NSS_LDAP_CONFIG_URI_MAX) { - log_log(LOG_ERR,"%s:%d: maximum number of URIs exceeded",filename,lnr); + log_log(LOG_ERR, "%s:%d: maximum number of URIs exceeded", + filename, lnr); exit(EXIT_FAILURE); } /* append URI to list */ - cfg->ldc_uris[i].uri=xstrdup(uri); + cfg->ldc_uris[i].uri = xstrdup(uri); } #ifdef HAVE_LDAP_DOMAIN2HOSTLIST /* return the domain name of the current host the returned string must be freed by caller */ -static const char *cfg_getdomainname(const char *filename,int lnr) +static const char *cfg_getdomainname(const char *filename, int lnr) { - const char *fqdn,*domain; - fqdn=getfqdn(); - if ((fqdn!=NULL)&&((domain=strchr(fqdn,'.'))!=NULL)&&(domain[1]!='\0')) - return domain+1; - log_log(LOG_ERR,"%s:%d: unable to determinate a domain name", - filename,lnr); + const char *fqdn, *domain; + fqdn = getfqdn(); + if ((fqdn != NULL) && ((domain = strchr(fqdn, '.')) != NULL) && (domain[1] != '\0')) + return domain + 1; + log_log(LOG_ERR, "%s:%d: unable to determinate a domain name", + filename, lnr); exit(EXIT_FAILURE); } /* add URIs by doing DNS queries for SRV records */ -static void add_uris_from_dns(const char *filename,int lnr, - struct ldap_config *cfg, - const char *domain) +static void add_uris_from_dns(const char *filename, int lnr, + struct ldap_config *cfg, const char *domain) { int rc; - char *hostlist=NULL,*nxt; - char buf[HOST_NAME_MAX+sizeof("ldap://")]; - log_log(LOG_DEBUG,"query %s for SRV records",domain); - rc=ldap_domain2hostlist(domain,&hostlist); - if (rc!=LDAP_SUCCESS) + char *hostlist = NULL, *nxt; + char buf[HOST_NAME_MAX + sizeof("ldap://")]; + log_log(LOG_DEBUG, "query %s for SRV records", domain); + rc = ldap_domain2hostlist(domain, &hostlist); + if (rc != LDAP_SUCCESS) { - log_log(LOG_ERR,"%s:%d: no servers found in DNS zone %s: %s", - filename,lnr,domain,ldap_err2string(rc)); + log_log(LOG_ERR, "%s:%d: no servers found in DNS zone %s: %s", + filename, lnr, domain, ldap_err2string(rc)); exit(EXIT_FAILURE); } - if ((hostlist==NULL)||(*hostlist=='\0')) + if ((hostlist == NULL) || (*hostlist == '\0')) { - log_log(LOG_ERR,"%s:%d: no servers found in DNS zone %s",filename,lnr,domain); + log_log(LOG_ERR, "%s:%d: no servers found in DNS zone %s", + filename, lnr, domain); exit(EXIT_FAILURE); } /* hostlist is a space-separated list of host names that we use to build URIs */ - while(hostlist!=NULL) + while (hostlist != NULL) { /* find the next space and split the string there */ - nxt=strchr(hostlist,' '); - if (nxt!=NULL) + nxt = strchr(hostlist, ' '); + if (nxt != NULL) { - *nxt='\0'; + *nxt = '\0'; nxt++; } /* if port is 636, use ldaps:// URI */ - if ((strlen(hostlist)>4)&&(strcmp(hostlist+strlen(hostlist)-4,":636")==0)) + if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4, ":636") == 0)) { - hostlist[strlen(hostlist)-4]='\0'; - mysnprintf(buf,sizeof(buf),"ldaps://%s",hostlist); + hostlist[strlen(hostlist) - 4] = '\0'; + mysnprintf(buf, sizeof(buf), "ldaps://%s", hostlist); } else { /* strip default port number */ - if ((strlen(hostlist)>4)&&(strcmp(hostlist+strlen(hostlist)-4,":389")==0)) - hostlist[strlen(hostlist)-4]='\0'; - mysnprintf(buf,sizeof(buf),"ldap://%s",hostlist); + if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4, ":389") == 0)) + hostlist[strlen(hostlist) - 4] = '\0'; + mysnprintf(buf, sizeof(buf), "ldap://%s", hostlist); } - log_log(LOG_DEBUG,"add_uris_from_dns(): found uri: %s",buf); - add_uri(filename,lnr,cfg,buf); + log_log(LOG_DEBUG, "add_uris_from_dns(): found uri: %s", buf); + add_uri(filename, lnr, cfg, buf); /* get next entry from list */ - hostlist=nxt; + hostlist = nxt; } } #endif /* HAVE_LDAP_DOMAIN2HOSTLIST */ -static int parse_boolean(const char *filename,int lnr,const char *value) +static int parse_boolean(const char *filename, int lnr, const char *value) { - if ( (strcasecmp(value,"on")==0) || - (strcasecmp(value,"yes")==0) || - (strcasecmp(value,"true")==0) || - (strcasecmp(value,"1")==0) ) + if ((strcasecmp(value, "on") == 0) || + (strcasecmp(value, "yes") == 0) || + (strcasecmp(value, "true") == 0) || (strcasecmp(value, "1") == 0)) return 1; - else if ( (strcasecmp(value,"off")==0) || - (strcasecmp(value,"no")==0) || - (strcasecmp(value,"false")==0) || - (strcasecmp(value,"0")==0) ) + else if ((strcasecmp(value, "off") == 0) || + (strcasecmp(value, "no") == 0) || + (strcasecmp(value, "false") == 0) || (strcasecmp(value, "0") == 0)) return 0; else { - log_log(LOG_ERR,"%s:%d: not a boolean argument: '%s'",filename,lnr,value); + log_log(LOG_ERR, "%s:%d: not a boolean argument: '%s'", + filename, lnr, value); exit(EXIT_FAILURE); } } -static int parse_scope(const char *filename,int lnr,const char *value) +static int parse_scope(const char *filename, int lnr, const char *value) { - if ( (strcasecmp(value,"sub")==0) || (strcasecmp(value,"subtree")==0) ) + if ((strcasecmp(value, "sub") == 0) || (strcasecmp(value, "subtree") == 0)) return LDAP_SCOPE_SUBTREE; - else if ( (strcasecmp(value,"one")==0) || (strcasecmp(value,"onelevel")==0) ) + else if ((strcasecmp(value, "one") == 0) || (strcasecmp(value, "onelevel") == 0)) return LDAP_SCOPE_ONELEVEL; - else if (strcasecmp(value,"base")==0) + else if (strcasecmp(value, "base") == 0) return LDAP_SCOPE_BASE; else { - log_log(LOG_ERR,"%s:%d: not a scope argument: '%s'",filename,lnr,value); + log_log(LOG_ERR, "%s:%d: not a scope argument: '%s'", + filename, lnr, value); exit(EXIT_FAILURE); } } @@ -281,56 +285,56 @@ static int parse_scope(const char *filename,int lnr,const char *value) is returned (this can be used to pass to the function on the next iteration). If no more tokens are found or the token will not fit in the buffer, NULL is returned. */ -static char *get_token(char **line,char *buf,size_t buflen) +static char *get_token(char **line, char *buf, size_t buflen) { size_t len; - if ((line==NULL)||(*line==NULL)||(**line=='\0')||(buf==NULL)) + if ((line == NULL) || (*line == NULL) || (**line == '\0') || (buf == NULL)) return NULL; /* find the beginning and length of the token */ - *line+=strspn(*line,TOKEN_DELIM); - len=strcspn(*line,TOKEN_DELIM); + *line += strspn(*line, TOKEN_DELIM); + len = strcspn(*line, TOKEN_DELIM); /* check if there is a token */ - if (len==0) + if (len == 0) { - *line=NULL; + *line = NULL; return NULL; } /* limit the token length */ - if (len>=buflen) - len=buflen-1; + if (len >= buflen) + len = buflen - 1; /* copy the token */ - strncpy(buf,*line,len); - buf[len]='\0'; + strncpy(buf, *line, len); + buf[len] = '\0'; /* skip to the next token */ - *line+=len; - *line+=strspn(*line,TOKEN_DELIM); + *line += len; + *line += strspn(*line, TOKEN_DELIM); /* return the token */ return buf; } static enum ldap_map_selector parse_map(const char *value) { - if ( (strcasecmp(value,"alias")==0) || (strcasecmp(value,"aliases")==0) ) + if ((strcasecmp(value, "alias") == 0) || (strcasecmp(value, "aliases") == 0)) return LM_ALIASES; - else if ( (strcasecmp(value,"ether")==0) || (strcasecmp(value,"ethers")==0) ) + else if ((strcasecmp(value, "ether") == 0) || (strcasecmp(value, "ethers") == 0)) return LM_ETHERS; - else if (strcasecmp(value,"group")==0) + else if (strcasecmp(value, "group") == 0) return LM_GROUP; - else if ( (strcasecmp(value,"host")==0) || (strcasecmp(value,"hosts")==0) ) + else if ((strcasecmp(value, "host") == 0) || (strcasecmp(value, "hosts") == 0)) return LM_HOSTS; - else if (strcasecmp(value,"netgroup")==0) + else if (strcasecmp(value, "netgroup") == 0) return LM_NETGROUP; - else if ( (strcasecmp(value,"network")==0) || (strcasecmp(value,"networks")==0) ) + else if ((strcasecmp(value, "network") == 0) || (strcasecmp(value, "networks") == 0)) return LM_NETWORKS; - else if (strcasecmp(value,"passwd")==0) + else if (strcasecmp(value, "passwd") == 0) return LM_PASSWD; - else if ( (strcasecmp(value,"protocol")==0) || (strcasecmp(value,"protocols")==0) ) + else if ((strcasecmp(value, "protocol") == 0) || (strcasecmp(value, "protocols") == 0)) return LM_PROTOCOLS; - else if (strcasecmp(value,"rpc")==0) + else if (strcasecmp(value, "rpc") == 0) return LM_RPC; - else if ( (strcasecmp(value,"service")==0) || (strcasecmp(value,"services")==0) ) + else if ((strcasecmp(value, "service") == 0) || (strcasecmp(value, "services") == 0)) return LM_SERVICES; - else if (strcasecmp(value,"shadow")==0) + else if (strcasecmp(value, "shadow") == 0) return LM_SHADOW; else return LM_NONE; @@ -343,201 +347,204 @@ static enum ldap_map_selector get_map(char **line) char *old; enum ldap_map_selector map; /* get the token */ - old=*line; - if (get_token(line,token,sizeof(token))==NULL) + old = *line; + if (get_token(line, token, sizeof(token)) == NULL) return LM_NONE; /* find the map if any */ - map=parse_map(token); + map = parse_map(token); /* unknown map, return to the previous state */ - if (map==LM_NONE) - *line=old; + if (map == LM_NONE) + *line = old; return map; } /* check that the condition is true and otherwise log an error and bail out */ -static inline void check_argumentcount(const char *filename,int lnr, - const char *keyword,int condition) +static inline void check_argumentcount(const char *filename, int lnr, + const char *keyword, int condition) { if (!condition) { - log_log(LOG_ERR,"%s:%d: %s: wrong number of arguments",filename,lnr,keyword); + log_log(LOG_ERR, "%s:%d: %s: wrong number of arguments", + filename, lnr, keyword); exit(EXIT_FAILURE); } } /* check that the file is not world readable */ -static void check_permissions(const char *filename,const char *keyword) +static void check_permissions(const char *filename, const char *keyword) { struct stat sb; /* get file status */ - if (stat(filename,&sb)) + if (stat(filename, &sb)) { - log_log(LOG_ERR,"cannot stat() %s: %s",filename,strerror(errno)); + log_log(LOG_ERR, "cannot stat() %s: %s", filename, strerror(errno)); exit(EXIT_FAILURE); } /* check permissions */ - if ((sb.st_mode&0007)!=0) + if ((sb.st_mode & 0007) != 0) { - if (keyword!=NULL) - log_log(LOG_ERR,"%s: file should not be world readable if %s is set", + if (keyword != NULL) + log_log(LOG_ERR, "%s: file should not be world readable if %s is set", filename, keyword); else - log_log(LOG_ERR,"%s: file should not be world readable",filename); + log_log(LOG_ERR, "%s: file should not be world readable", filename); exit(EXIT_FAILURE); } } -static void get_int(const char *filename,int lnr, - const char *keyword,char **line, - int *var) +static void get_int(const char *filename, int lnr, + const char *keyword, char **line, int *var) { /* TODO: refactor to have less overhead */ char token[32]; - check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); + check_argumentcount(filename, lnr, keyword, + get_token(line, token, sizeof(token)) != NULL); /* TODO: replace with correct numeric parse */ - *var=atoi(token); + *var = atoi(token); } -static void get_boolean(const char *filename,int lnr, - const char *keyword,char **line, - int *var) +static void get_boolean(const char *filename, int lnr, + const char *keyword, char **line, int *var) { /* TODO: refactor to have less overhead */ char token[32]; - check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); - *var=parse_boolean(filename,lnr,token); + check_argumentcount(filename, lnr, keyword, + get_token(line, token, sizeof(token)) != NULL); + *var = parse_boolean(filename, lnr, token); } -static void get_strdup(const char *filename,int lnr, - const char *keyword,char **line, - char **var) +static void get_strdup(const char *filename, int lnr, + const char *keyword, char **line, char **var) { /* TODO: refactor to have less overhead */ char token[64]; - check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); + check_argumentcount(filename, lnr, keyword, + get_token(line, token, sizeof(token)) != NULL); /* Note: we have a memory leak here if a single variable is changed - multiple times in one config (deemed not a problem) */ - *var=xstrdup(token); + multiple times in one config (deemed not a problem) */ + *var = xstrdup(token); } -static void get_restdup(const char *filename,int lnr, - const char *keyword,char **line, - char **var) +static void get_restdup(const char *filename, int lnr, + const char *keyword, char **line, char **var) { - check_argumentcount(filename,lnr,keyword,(*line!=NULL)&&(**line!='\0')); + check_argumentcount(filename, lnr, keyword, (*line != NULL) && (**line != '\0')); /* Note: we have a memory leak here if a single mapping is changed - multiple times in one config (deemed not a problem) */ - *var=xstrdup(*line); + multiple times in one config (deemed not a problem) */ + *var = xstrdup(*line); /* mark that we are at the end of the line */ - *line=NULL; + *line = NULL; } -static void get_eol(const char *filename,int lnr, - const char *keyword,char **line) +static void get_eol(const char *filename, int lnr, + const char *keyword, char **line) { - if ((line!=NULL)&&(*line!=NULL)&&(**line!='\0')) + if ((line != NULL) && (*line != NULL) && (**line != '\0')) { - log_log(LOG_ERR,"%s:%d: %s: too may arguments",filename,lnr,keyword); + log_log(LOG_ERR, "%s:%d: %s: too may arguments", filename, lnr, keyword); exit(EXIT_FAILURE); } } -static void get_uid(const char *filename,int lnr, - const char *keyword,char **line, - uid_t *var,gid_t *gid,char **str) +static void get_uid(const char *filename, int lnr, + const char *keyword, char **line, + uid_t *var, gid_t *gid, char **str) { /* TODO: refactor to have less overhead */ char token[32]; struct passwd *pwent; char *tmp; - check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); + check_argumentcount(filename, lnr, keyword, + get_token(line, token, sizeof(token)) != NULL); /* check if it is a valid numerical uid */ - errno=0; - *var=strtouid(token,&tmp,10); - if ((*token!='\0')&&(*tmp=='\0')&&(errno==0)&&(strchr(token,'-')==NULL)) + errno = 0; + *var = strtouid(token, &tmp, 10); + if ((*token != '\0') && (*tmp == '\0') && (errno == 0) && (strchr(token, '-') == NULL)) { /* get the name and gid from the passwd database */ - pwent=getpwuid(*var); - if ((gid!=NULL)&&(*gid!=NOGID)) - *gid=pwent->pw_gid; - if (str!=NULL) - *str=strdup(pwent->pw_name); + pwent = getpwuid(*var); + if ((gid != NULL) && (*gid != NOGID)) + *gid = pwent->pw_gid; + if (str != NULL) + *str = strdup(pwent->pw_name); return; } /* find by name */ - pwent=getpwnam(token); - if (pwent!=NULL) + pwent = getpwnam(token); + if (pwent != NULL) { - *var=pwent->pw_uid; - if ((gid!=NULL)&&(*gid!=NOGID)) - *gid=pwent->pw_gid; - if (str!=NULL) - *str=strdup(token); + *var = pwent->pw_uid; + if ((gid != NULL) && (*gid != NOGID)) + *gid = pwent->pw_gid; + if (str != NULL) + *str = strdup(token); return; } /* log an error */ - log_log(LOG_ERR,"%s:%d: %s: not a valid uid: '%s'",filename,lnr,keyword,token); + log_log(LOG_ERR, "%s:%d: %s: not a valid uid: '%s'", + filename, lnr, keyword, token); exit(EXIT_FAILURE); } -static void get_gid(const char *filename,int lnr, - const char *keyword,char **line, - gid_t *var) +static void get_gid(const char *filename, int lnr, + const char *keyword, char **line, gid_t *var) { /* TODO: refactor to have less overhead */ char token[32]; struct group *grent; char *tmp; - check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); + check_argumentcount(filename, lnr, keyword, + get_token(line, token, sizeof(token)) != NULL); /* check if it is a valid numerical gid */ - errno=0; - *var=strtogid(token,&tmp,10); - if ((*token!='\0')&&(*tmp=='\0')&&(errno==0)&&(strchr(token,'-')==NULL)) + errno = 0; + *var = strtogid(token, &tmp, 10); + if ((*token != '\0') && (*tmp == '\0') && (errno == 0) && (strchr(token, '-') == NULL)) return; /* find by name */ - grent=getgrnam(token); - if (grent!=NULL) + grent = getgrnam(token); + if (grent != NULL) { - *var=grent->gr_gid; + *var = grent->gr_gid; return; } /* log an error */ - log_log(LOG_ERR,"%s:%d: %s: not a valid gid: '%s'",filename,lnr,keyword,token); + log_log(LOG_ERR, "%s:%d: %s: not a valid gid: '%s'", + filename, lnr, keyword, token); exit(EXIT_FAILURE); } #ifdef LDAP_OPT_X_TLS -static void get_reqcert(const char *filename,int lnr, - const char *keyword,char **line, - int *var) +static void get_reqcert(const char *filename, int lnr, + const char *keyword, char **line, int *var) { char token[16]; /* get token */ - check_argumentcount(filename,lnr,keyword,get_token(line,token,sizeof(token))!=NULL); + check_argumentcount(filename, lnr, keyword, + get_token(line, token, sizeof(token)) != NULL); /* check if it is a valid value for tls_reqcert option */ - if ( (strcasecmp(token,"never")==0) || - (strcasecmp(token,"no")==0) ) - *var=LDAP_OPT_X_TLS_NEVER; - else if (strcasecmp(token,"allow")==0) - *var=LDAP_OPT_X_TLS_ALLOW; - else if (strcasecmp(token,"try")==0) - *var=LDAP_OPT_X_TLS_TRY; - else if ( (strcasecmp(token,"demand")==0) || - (strcasecmp(token,"yes")==0) ) - *var=LDAP_OPT_X_TLS_DEMAND; - else if (strcasecmp(token,"hard")==0) - *var=LDAP_OPT_X_TLS_HARD; + if ((strcasecmp(token, "never") == 0) || (strcasecmp(token, "no") == 0)) + *var = LDAP_OPT_X_TLS_NEVER; + else if (strcasecmp(token, "allow") == 0) + *var = LDAP_OPT_X_TLS_ALLOW; + else if (strcasecmp(token, "try") == 0) + *var = LDAP_OPT_X_TLS_TRY; + else if ((strcasecmp(token, "demand") == 0) || + (strcasecmp(token, "yes") == 0)) + *var = LDAP_OPT_X_TLS_DEMAND; + else if (strcasecmp(token, "hard") == 0) + *var = LDAP_OPT_X_TLS_HARD; else { - log_log(LOG_ERR,"%s:%d: %s: invalid argument: '%s'",filename,lnr,keyword,token); + log_log(LOG_ERR, "%s:%d: %s: invalid argument: '%s'", + filename, lnr, keyword, token); exit(EXIT_FAILURE); } } #endif /* LDAP_OPT_X_TLS */ -static void parse_krb5_ccname_statement(const char *filename,int lnr, - const char *keyword,char *line) +static void parse_krb5_ccname_statement(const char *filename, int lnr, + const char *keyword, char *line) { char token[80]; const char *ccname; @@ -546,302 +553,317 @@ static void parse_krb5_ccname_statement(const char *filename,int lnr, char *ccenv; #ifdef HAVE_GSS_KRB5_CCACHE_NAME OM_uint32 minor_status; -# endif /* HAVE_GSS_KRB5_CCACHE_NAME */ +#endif /* HAVE_GSS_KRB5_CCACHE_NAME */ /* get token */ - check_argumentcount(filename,lnr,keyword, - (get_token(&line,token,sizeof(token))!=NULL)&&(*line=='\0')); + check_argumentcount(filename, lnr, keyword, + (get_token(&line, token, sizeof(token)) != NULL) && + (*line == '\0')); /* set default kerberos ticket cache for SASL-GSSAPI */ - ccname=token; + ccname = token; /* check that cache exists and is readable if it is a file */ - if ( (strncasecmp(ccname,"FILE:",sizeof("FILE:")-1)==0) || - (strncasecmp(ccname,"WRFILE:",sizeof("WRFILE:")-1)==0)) + if ((strncasecmp(ccname, "FILE:", sizeof("FILE:") - 1) == 0) || + (strncasecmp(ccname, "WRFILE:", sizeof("WRFILE:") - 1) == 0)) { - ccfile=strchr(ccname,':')+1; - if (access(ccfile,R_OK)!=0) + ccfile = strchr(ccname, ':') + 1; + if (access(ccfile, R_OK) != 0) { - log_log(LOG_ERR,"%s:%d: error accessing %s: %s",filename,lnr,ccfile,strerror(errno)); + log_log(LOG_ERR, "%s:%d: error accessing %s: %s", + filename, lnr, ccfile, strerror(errno)); exit(EXIT_FAILURE); } } /* set the environment variable (we have a memory leak if this option is set multiple times) */ - ccenvlen=strlen(ccname)+sizeof("KRB5CCNAME="); - ccenv=(char *)malloc(ccenvlen); - if (ccenv==NULL) + ccenvlen = strlen(ccname) + sizeof("KRB5CCNAME="); + ccenv = (char *)malloc(ccenvlen); + if (ccenv == NULL) { - log_log(LOG_CRIT,"malloc() failed to allocate memory"); + log_log(LOG_CRIT, "malloc() failed to allocate memory"); exit(EXIT_FAILURE); } - mysnprintf(ccenv,ccenvlen,"KRB5CCNAME=%s",ccname); + mysnprintf(ccenv, ccenvlen, "KRB5CCNAME=%s", ccname); putenv(ccenv); #ifdef HAVE_GSS_KRB5_CCACHE_NAME /* set the name with gss_krb5_ccache_name() */ - if (gss_krb5_ccache_name(&minor_status,ccname,NULL)!=GSS_S_COMPLETE) + if (gss_krb5_ccache_name(&minor_status, ccname, NULL) != GSS_S_COMPLETE) { - log_log(LOG_ERR,"%s:%d: unable to set default credential cache: %s",filename,lnr,ccname); + log_log(LOG_ERR, "%s:%d: unable to set default credential cache: %s", + filename, lnr, ccname); exit(EXIT_FAILURE); } -# endif /* HAVE_GSS_KRB5_CCACHE_NAME */ +#endif /* HAVE_GSS_KRB5_CCACHE_NAME */ } /* assigns the base to the specified variable doing domain expansion and a simple check to avoid overwriting duplicate values */ -static void set_base(const char *filename,int lnr, - const char *value,const char **var) +static void set_base(const char *filename, int lnr, + const char *value, const char **var) { #ifdef HAVE_LDAP_DOMAIN2DN - const char *domain=NULL; - char *domaindn=NULL; + const char *domain = NULL; + char *domaindn = NULL; #endif /* HAVE_LDAP_DOMAIN2DN */ /* if the base is "DOMAIN" use the domain name */ - if (strcasecmp(value,"domain")==0) + if (strcasecmp(value, "domain") == 0) { #ifdef HAVE_LDAP_DOMAIN2DN - domain=cfg_getdomainname(filename,lnr); - ldap_domain2dn(domain,&domaindn); - log_log(LOG_DEBUG,"set_base(): setting base to %s from domain",domaindn); - value=domaindn; + domain = cfg_getdomainname(filename, lnr); + ldap_domain2dn(domain, &domaindn); + log_log(LOG_DEBUG, "set_base(): setting base to %s from domain", + domaindn); + value = domaindn; #else /* not HAVE_LDAP_DOMAIN2DN */ - log_log(LOG_ERR,"%s:%d: value %s not supported on platform",filename,lnr,value); + log_log(LOG_ERR, "%s:%d: value %s not supported on platform", + filename, lnr, value); exit(EXIT_FAILURE); #endif /* not HAVE_LDAP_DOMAIN2DN */ } /* set the new value */ - *var=xstrdup(value); + *var = xstrdup(value); } /* parse the validnames statement */ -static void parse_validnames_statement(const char *filename,int lnr, - const char *keyword,char *line,struct ldap_config *cfg) +static void parse_validnames_statement(const char *filename, int lnr, + const char *keyword, char *line, + struct ldap_config *cfg) { char *value; - int i,l; - int flags=REG_EXTENDED|REG_NOSUB; + int i, l; + int flags = REG_EXTENDED | REG_NOSUB; /* the rest of the line should be a regular expression */ - get_restdup(filename,lnr,keyword,&line,&value); + get_restdup(filename, lnr, keyword, &line, &value); /* check formatting and update flags */ - if (value[0]!='/') + if (value[0] != '/') { - log_log(LOG_ERR,"%s:%d: regular expression incorrectly delimited",filename,lnr); + log_log(LOG_ERR, "%s:%d: regular expression incorrectly delimited", + filename, lnr); exit(EXIT_FAILURE); } - l=strlen(value); - if (value[l-1]=='i') + l = strlen(value); + if (value[l - 1] == 'i') { - value[l-1]='\0'; + value[l - 1] = '\0'; l--; - flags|=REG_ICASE; + flags |= REG_ICASE; } - if (value[l-1]!='/') + if (value[l - 1] != '/') { - log_log(LOG_ERR,"%s:%d: regular expression incorrectly delimited",filename,lnr); + log_log(LOG_ERR, "%s:%d: regular expression incorrectly delimited", + filename, lnr); exit(EXIT_FAILURE); } - value[l-1]='\0'; + value[l - 1] = '\0'; /* compile the regular expression */ - if ((i=regcomp(&cfg->validnames,value+1,flags))!= 0) + if ((i = regcomp(&cfg->validnames, value + 1, flags)) != 0) { /* get the error message */ - l=regerror(i,&cfg->validnames,NULL,0); - value=malloc(l); - if (value==NULL) - log_log(LOG_ERR,"%s:%d: invalid regular expression",filename,lnr); + l = regerror(i, &cfg->validnames, NULL, 0); + value = malloc(l); + if (value == NULL) + log_log(LOG_ERR, "%s:%d: invalid regular expression", filename, lnr); else { - regerror(i,&cfg->validnames,value,l); - log_log(LOG_ERR,"%s:%d: invalid regular expression: %s",filename,lnr, - value); + regerror(i, &cfg->validnames, value, l); + log_log(LOG_ERR, "%s:%d: invalid regular expression: %s", + filename, lnr, value); } exit(EXIT_FAILURE); } } -static void parse_pam_password_prohibit_message_statement(const char *filename,int lnr, - const char *keyword,char *line,struct ldap_config *cfg) +static void parse_pam_password_prohibit_message_statement( + const char *filename, int lnr, const char *keyword, + char *line, struct ldap_config *cfg) { char *value; int l; /* the rest of the line should be a message */ - get_restdup(filename,lnr,keyword,&line,&value); + get_restdup(filename, lnr, keyword, &line, &value); /* strip quotes if they are present */ - l=strlen(value); - if ((value[0]=='\"')&&(value[l-1]=='\"')) + l = strlen(value); + if ((value[0] == '\"') && (value[l - 1] == '\"')) { - value[l-1]='\0'; + value[l - 1] = '\0'; value++; } - cfg->pam_password_prohibit_message=value; + cfg->pam_password_prohibit_message = value; } -static void parse_base_statement(const char *filename,int lnr, - const char *keyword,char *line, +static void parse_base_statement(const char *filename, int lnr, + const char *keyword, char *line, struct ldap_config *cfg) { const char **bases; int i; /* get the list of bases to update */ - bases=base_get_var(get_map(&line)); - if (bases==NULL) - bases=cfg->ldc_bases; + bases = base_get_var(get_map(&line)); + if (bases == NULL) + bases = cfg->ldc_bases; /* find the spot in the list of bases */ - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) { - if (bases[i]==NULL) + if (bases[i] == NULL) { - check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); - set_base(filename,lnr,line,&bases[i]); + check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); + set_base(filename, lnr, line, &bases[i]); return; } } /* no free spot found */ - log_log(LOG_ERR,"%s:%d: maximum number of base options per map (%d) exceeded", - filename,lnr,NSS_LDAP_CONFIG_MAX_BASES); + log_log(LOG_ERR, "%s:%d: maximum number of base options per map (%d) exceeded", + filename, lnr, NSS_LDAP_CONFIG_MAX_BASES); exit(EXIT_FAILURE); } -static void parse_scope_statement(const char *filename,int lnr, - const char *keyword,char *line, +static void parse_scope_statement(const char *filename, int lnr, + const char *keyword, char *line, struct ldap_config *cfg) { int *var; - var=scope_get_var(get_map(&line)); - if (var==NULL) - var=&cfg->ldc_scope; - check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); - *var=parse_scope(filename,lnr,line); + var = scope_get_var(get_map(&line)); + if (var == NULL) + var = &cfg->ldc_scope; + check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); + *var = parse_scope(filename, lnr, line); } -static void parse_filter_statement(const char *filename,int lnr, - const char *keyword,char *line) +static void parse_filter_statement(const char *filename, int lnr, + const char *keyword, char *line) { const char **var; - const char *map=line; - var=filter_get_var(get_map(&line)); - if (var==NULL) + const char *map = line; + var = filter_get_var(get_map(&line)); + if (var == NULL) { - log_log(LOG_ERR,"%s:%d: unknown map: '%s'",filename,lnr,map); + log_log(LOG_ERR, "%s:%d: unknown map: '%s'", filename, lnr, map); exit(EXIT_FAILURE); } - check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); + check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); /* check if the value will be changed */ - if (strcmp(*var,line)!=0) + if (strcmp(*var, line) != 0) { /* Note: we have a memory leak here if a single mapping is changed - multiple times in one config (deemed not a problem) */ - *var=xstrdup(line); + multiple times in one config (deemed not a problem) */ + *var = xstrdup(line); } } /* this function modifies the statement argument passed */ -static void parse_map_statement(const char *filename,int lnr, - const char *keyword,char *line) +static void parse_map_statement(const char *filename, int lnr, + const char *keyword, char *line) { enum ldap_map_selector map; const char **var; char oldatt[32], newatt[1024]; /* get the map */ - if ((map=get_map(&line))==LM_NONE) + if ((map = get_map(&line)) == LM_NONE) { - log_log(LOG_ERR,"%s:%d: unknown map: '%s'",filename,lnr,line); + log_log(LOG_ERR, "%s:%d: unknown map: '%s'", filename, lnr, line); exit(EXIT_FAILURE); } /* read the other tokens */ - check_argumentcount(filename,lnr,keyword, - (get_token(&line,oldatt,sizeof(oldatt))!=NULL)&& - (get_token(&line,newatt,sizeof(newatt))!=NULL)); + check_argumentcount(filename, lnr, keyword, + (get_token(&line, oldatt, sizeof(oldatt)) != NULL) && + (get_token(&line, newatt, sizeof(newatt)) != NULL)); /* check that there are no more tokens left on the line */ - get_eol(filename,lnr,keyword,&line); + get_eol(filename, lnr, keyword, &line); /* change attribute mapping */ - var=attmap_get_var(map,oldatt); - if (var==NULL) + var = attmap_get_var(map, oldatt); + if (var == NULL) { - log_log(LOG_ERR,"%s:%d: unknown attribute to map: '%s'",filename,lnr,oldatt); + log_log(LOG_ERR, "%s:%d: unknown attribute to map: '%s'", + filename, lnr, oldatt); exit(EXIT_FAILURE); } - if (attmap_set_mapping(var,newatt)==NULL) + if (attmap_set_mapping(var, newatt) == NULL) { - log_log(LOG_ERR,"%s:%d: attribute %s cannot be an expression",filename,lnr,oldatt); + log_log(LOG_ERR, "%s:%d: attribute %s cannot be an expression", + filename, lnr, oldatt); exit(EXIT_FAILURE); } } /* this function modifies the statement argument passed */ static void parse_nss_initgroups_ignoreusers_statement( - const char *filename,int lnr,const char *keyword, - char *line,struct ldap_config *cfg) + const char *filename, int lnr, const char *keyword, + char *line, struct ldap_config *cfg) { char token[MAX_LINE_LENGTH]; - char *username,*next; + char *username, *next; struct passwd *pwent; - check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); - if (cfg->ldc_nss_initgroups_ignoreusers==NULL) - cfg->ldc_nss_initgroups_ignoreusers=set_new(); - while (get_token(&line,token,sizeof(token))!=NULL) + check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); + if (cfg->ldc_nss_initgroups_ignoreusers == NULL) + cfg->ldc_nss_initgroups_ignoreusers = set_new(); + while (get_token(&line, token, sizeof(token)) != NULL) { - if (strcasecmp(token,"alllocal")==0) + if (strcasecmp(token, "alllocal") == 0) { /* go over all users (this will work because nslcd is not yet running) */ setpwent(); - while ((pwent=getpwent())!=NULL) - set_add(cfg->ldc_nss_initgroups_ignoreusers,pwent->pw_name); + while ((pwent = getpwent()) != NULL) + set_add(cfg->ldc_nss_initgroups_ignoreusers, pwent->pw_name); endpwent(); } else { - next=token; - while (*next!='\0') + next = token; + while (*next != '\0') { - username=next; + username = next; /* find the end of the current username */ - while ((*next!='\0')&&(*next!=',')) next++; - if (*next==',') + while ((*next != '\0') && (*next != ',')) + next++; + if (*next == ',') { - *next='\0'; + *next = '\0'; next++; } /* check if user exists (but add anyway) */ - pwent=getpwnam(username); - if (pwent==NULL) - log_log(LOG_ERR,"%s:%d: user '%s' does not exist",filename,lnr,username); - set_add(cfg->ldc_nss_initgroups_ignoreusers,username); + pwent = getpwnam(username); + if (pwent == NULL) + log_log(LOG_ERR, "%s:%d: user '%s' does not exist", + filename, lnr, username); + set_add(cfg->ldc_nss_initgroups_ignoreusers, username); } } } } static void parse_pam_authz_search_statement( - const char *filename,int lnr,const char *keyword, - char *line,struct ldap_config *cfg) + const char *filename, int lnr, const char *keyword, + char *line, struct ldap_config *cfg) { SET *set; const char **list; int i; - check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); + check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); /* find free spot for search filter */ - for (i=0;(i<NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES)&&(cfg->ldc_pam_authz_search[i]!=NULL);i++); - if (i>=NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) + for (i = 0; + (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->ldc_pam_authz_search[i] != NULL); + i++) + /* nothing */ ; + if (i >= NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) { - log_log(LOG_ERR,"%s:%d: maximum number of pam_authz_search options (%d) exceeded", - filename,lnr,NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES); + log_log(LOG_ERR, "%s:%d: maximum number of pam_authz_search options (%d) exceeded", + filename, lnr, NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES); exit(EXIT_FAILURE); } - cfg->ldc_pam_authz_search[i]=xstrdup(line); + cfg->ldc_pam_authz_search[i] = xstrdup(line); /* check the variables used in the expression */ - set=expr_vars(cfg->ldc_pam_authz_search[i],NULL); - list=set_tolist(set); - for (i=0;list[i]!=NULL;i++) + set = expr_vars(cfg->ldc_pam_authz_search[i], NULL); + list = set_tolist(set); + for (i = 0; list[i] != NULL; i++) { - if ((strcmp(list[i],"username")!=0)&& - (strcmp(list[i],"service")!=0)&& - (strcmp(list[i],"ruser")!=0)&& - (strcmp(list[i],"rhost")!=0)&& - (strcmp(list[i],"tty")!=0)&& - (strcmp(list[i],"hostname")!=0)&& - (strcmp(list[i],"fqdn")!=0)&& - (strcmp(list[i],"dn")!=0)&& - (strcmp(list[i],"uid")!=0)) + if ((strcmp(list[i], "username") != 0) && + (strcmp(list[i], "service") != 0) && + (strcmp(list[i], "ruser") != 0) && + (strcmp(list[i], "rhost") != 0) && + (strcmp(list[i], "tty") != 0) && + (strcmp(list[i], "hostname") != 0) && + (strcmp(list[i], "fqdn") != 0) && + (strcmp(list[i], "dn") != 0) && (strcmp(list[i], "uid") != 0)) { - log_log(LOG_ERR,"%s:%d: unknown variable $%s",filename,lnr,list[i]); + log_log(LOG_ERR, "%s:%d: unknown variable $%s", filename, lnr, list[i]); exit(EXIT_FAILURE); } } @@ -850,10 +872,10 @@ static void parse_pam_authz_search_statement( free(list); } -static void cfg_read(const char *filename,struct ldap_config *cfg) +static void cfg_read(const char *filename, struct ldap_config *cfg) { FILE *fp; - int lnr=0; + int lnr = 0; char linebuf[MAX_LINE_LENGTH]; char *line; char keyword[32]; @@ -864,343 +886,365 @@ static void cfg_read(const char *filename,struct ldap_config *cfg) char *value; #endif /* open config file */ - if ((fp=fopen(filename,"r"))==NULL) + if ((fp = fopen(filename, "r")) == NULL) { - log_log(LOG_ERR,"cannot open config file (%s): %s",filename,strerror(errno)); + log_log(LOG_ERR, "cannot open config file (%s): %s", + filename, strerror(errno)); exit(EXIT_FAILURE); } /* read file and parse lines */ - while (fgets(linebuf,sizeof(linebuf),fp)!=NULL) + while (fgets(linebuf, sizeof(linebuf), fp) != NULL) { lnr++; - line=linebuf; + line = linebuf; /* strip newline */ - i=(int)strlen(line); - if ((i<=0)||(line[i-1]!='\n')) + i = (int)strlen(line); + if ((i <= 0) || (line[i - 1] != '\n')) { - log_log(LOG_ERR,"%s:%d: line too long or last line missing newline",filename,lnr); + log_log(LOG_ERR, "%s:%d: line too long or last line missing newline", + filename, lnr); exit(EXIT_FAILURE); } - line[i-1]='\0'; + line[i - 1] = '\0'; /* ignore comment lines */ - if (line[0]=='#') + if (line[0] == '#') continue; /* strip trailing spaces */ - for (i--;(i>0)&&isspace(line[i-1]);i--) - line[i-1]='\0'; + for (i--; (i > 0) && isspace(line[i - 1]); i--) + line[i - 1] = '\0'; /* get keyword from line and ignore empty lines */ - if (get_token(&line,keyword,sizeof(keyword))==NULL) + if (get_token(&line, keyword, sizeof(keyword)) == NULL) continue; /* runtime options */ - if (strcasecmp(keyword,"threads")==0) + if (strcasecmp(keyword, "threads") == 0) { - get_int(filename,lnr,keyword,&line,&cfg->ldc_threads); - get_eol(filename,lnr,keyword,&line); + get_int(filename, lnr, keyword, &line, &cfg->ldc_threads); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"uid")==0) + else if (strcasecmp(keyword, "uid") == 0) { - get_uid(filename,lnr,keyword,&line,&cfg->ldc_uid,&cfg->ldc_gid,&cfg->ldc_uidname); - get_eol(filename,lnr,keyword,&line); + get_uid(filename, lnr, keyword, &line, &cfg->ldc_uid, &cfg->ldc_gid, + &cfg->ldc_uidname); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"gid")==0) + else if (strcasecmp(keyword, "gid") == 0) { - get_gid(filename,lnr,keyword,&line,&cfg->ldc_gid); - get_eol(filename,lnr,keyword,&line); + get_gid(filename, lnr, keyword, &line, &cfg->ldc_gid); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"ignorecase")==0) + else if (strcasecmp(keyword, "ignorecase") == 0) { - get_boolean(filename,lnr,keyword,&line,&cfg->ldc_ignorecase); - get_eol(filename,lnr,keyword,&line); + get_boolean(filename, lnr, keyword, &line, &cfg->ldc_ignorecase); + get_eol(filename, lnr, keyword, &line); } /* general connection options */ - else if (strcasecmp(keyword,"uri")==0) + else if (strcasecmp(keyword, "uri") == 0) { - check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0')); - while (get_token(&line,token,sizeof(token))!=NULL) + check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); + while (get_token(&line, token, sizeof(token)) != NULL) { - if (strcasecmp(token,"dns")==0) + if (strcasecmp(token, "dns") == 0) { #ifdef HAVE_LDAP_DOMAIN2HOSTLIST - add_uris_from_dns(filename,lnr,cfg,cfg_getdomainname(filename,lnr)); + add_uris_from_dns(filename, lnr, cfg, + cfg_getdomainname(filename, lnr)); #else /* not HAVE_LDAP_DOMAIN2HOSTLIST */ - log_log(LOG_ERR,"%s:%d: value %s not supported on platform",filename,lnr,token); + log_log(LOG_ERR, "%s:%d: value %s not supported on platform", + filename, lnr, token); exit(EXIT_FAILURE); #endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */ } - else if (strncasecmp(token,"dns:",4)==0) + else if (strncasecmp(token, "dns:", 4) == 0) { #ifdef HAVE_LDAP_DOMAIN2HOSTLIST - add_uris_from_dns(filename,lnr,cfg,strdup(token+sizeof("dns"))); + add_uris_from_dns(filename, lnr, cfg, + strdup(token + sizeof("dns"))); #else /* not HAVE_LDAP_DOMAIN2HOSTLIST */ - log_log(LOG_ERR,"%s:%d: value %s not supported on platform",filename,lnr,token); + log_log(LOG_ERR, "%s:%d: value %s not supported on platform", + filename, lnr, token); exit(EXIT_FAILURE); #endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */ } else - add_uri(filename,lnr,cfg,token); + add_uri(filename, lnr, cfg, token); } } - else if (strcasecmp(keyword,"ldap_version")==0) + else if (strcasecmp(keyword, "ldap_version") == 0) { - get_int(filename,lnr,keyword,&line,&cfg->ldc_version); - get_eol(filename,lnr,keyword,&line); + get_int(filename, lnr, keyword, &line, &cfg->ldc_version); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"binddn")==0) + else if (strcasecmp(keyword, "binddn") == 0) { - get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn); + get_restdup(filename, lnr, keyword, &line, &cfg->ldc_binddn); } - else if (strcasecmp(keyword,"bindpw")==0) + else if (strcasecmp(keyword, "bindpw") == 0) { - check_permissions(filename,keyword); - get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); + check_permissions(filename, keyword); + get_restdup(filename, lnr, keyword, &line, &cfg->ldc_bindpw); } - else if (strcasecmp(keyword,"rootpwmoddn")==0) + else if (strcasecmp(keyword, "rootpwmoddn") == 0) { - get_restdup(filename,lnr,keyword,&line,&cfg->ldc_rootpwmoddn); + get_restdup(filename, lnr, keyword, &line, &cfg->ldc_rootpwmoddn); } - else if (strcasecmp(keyword,"rootpwmodpw")==0) + else if (strcasecmp(keyword, "rootpwmodpw") == 0) { - check_permissions(filename,keyword); - get_restdup(filename,lnr,keyword,&line,&cfg->ldc_rootpwmodpw); + check_permissions(filename, keyword); + get_restdup(filename, lnr, keyword, &line, &cfg->ldc_rootpwmodpw); } /* SASL authentication options */ - else if (strcasecmp(keyword,"use_sasl")==0) + else if (strcasecmp(keyword, "use_sasl") == 0) { - log_log(LOG_WARNING,"%s:%d: option %s is deprecated (and will be removed in an upcoming release), use sasl_mech instead",filename,lnr,keyword); + log_log(LOG_WARNING, "%s:%d: option %s is deprecated (and will be removed in an upcoming release), use sasl_mech instead", + filename, lnr, keyword); } - else if (strcasecmp(keyword,"sasl_mech")==0) + else if (strcasecmp(keyword, "sasl_mech") == 0) { - get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_mech); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &cfg->ldc_sasl_mech); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"sasl_realm")==0) + else if (strcasecmp(keyword, "sasl_realm") == 0) { - get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_realm); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &cfg->ldc_sasl_realm); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"sasl_authcid")==0) + else if (strcasecmp(keyword, "sasl_authcid") == 0) { - get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_authcid); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &cfg->ldc_sasl_authcid); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"sasl_authzid")==0) + else if (strcasecmp(keyword, "sasl_authzid") == 0) { - get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_authzid); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &cfg->ldc_sasl_authzid); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"sasl_secprops")==0) + else if (strcasecmp(keyword, "sasl_secprops") == 0) { - get_strdup(filename,lnr,keyword,&line,&cfg->ldc_sasl_secprops); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &cfg->ldc_sasl_secprops); + get_eol(filename, lnr, keyword, &line); } #ifdef LDAP_OPT_X_SASL_NOCANON - else if ( (strcasecmp(keyword,"sasl_canonicalize")==0) || - (strcasecmp(keyword,"sasl_canonicalise")==0) || - (strcasecmp(keyword,"ldap_sasl_canonicalize")==0) || - (strcasecmp(keyword,"sasl_canon")==0) ) + else if ((strcasecmp(keyword, "sasl_canonicalize") == 0) || + (strcasecmp(keyword, "sasl_canonicalise") == 0) || + (strcasecmp(keyword, "ldap_sasl_canonicalize") == 0) || + (strcasecmp(keyword, "sasl_canon") == 0)) { - get_boolean(filename,lnr,keyword,&line,&cfg->ldc_sasl_canonicalize); - get_eol(filename,lnr,keyword,&line); + get_boolean(filename, lnr, keyword, &line, &cfg->ldc_sasl_canonicalize); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"sasl_nocanon")==0) + else if (strcasecmp(keyword, "sasl_nocanon") == 0) { - get_boolean(filename,lnr,keyword,&line,&cfg->ldc_sasl_canonicalize); - cfg->ldc_sasl_canonicalize=!cfg->ldc_sasl_canonicalize; - get_eol(filename,lnr,keyword,&line); + get_boolean(filename, lnr, keyword, &line, &cfg->ldc_sasl_canonicalize); + cfg->ldc_sasl_canonicalize = !cfg->ldc_sasl_canonicalize; + get_eol(filename, lnr, keyword, &line); } #endif /* LDAP_OPT_X_SASL_NOCANON */ /* Kerberos authentication options */ - else if (strcasecmp(keyword,"krb5_ccname")==0) + else if (strcasecmp(keyword, "krb5_ccname") == 0) { - parse_krb5_ccname_statement(filename,lnr,keyword,line); + parse_krb5_ccname_statement(filename, lnr, keyword, line); } /* search/mapping options */ - else if (strcasecmp(keyword,"base")==0) + else if (strcasecmp(keyword, "base") == 0) { - parse_base_statement(filename,lnr,keyword,line,cfg); + parse_base_statement(filename, lnr, keyword, line, cfg); } - else if (strcasecmp(keyword,"scope")==0) + else if (strcasecmp(keyword, "scope") == 0) { - parse_scope_statement(filename,lnr,keyword,line,cfg); + parse_scope_statement(filename, lnr, keyword, line, cfg); } - else if (strcasecmp(keyword,"deref")==0) + else if (strcasecmp(keyword, "deref") == 0) { - check_argumentcount(filename,lnr,keyword, - (get_token(&line,token,sizeof(token))!=NULL)); - if (strcasecmp(token,"never")==0) - cfg->ldc_deref=LDAP_DEREF_NEVER; - else if (strcasecmp(token,"searching")==0) - cfg->ldc_deref=LDAP_DEREF_SEARCHING; - else if (strcasecmp(token,"finding")==0) - cfg->ldc_deref=LDAP_DEREF_FINDING; - else if (strcasecmp(token,"always")==0) - cfg->ldc_deref=LDAP_DEREF_ALWAYS; + check_argumentcount(filename, lnr, keyword, + (get_token(&line, token, sizeof(token)) != NULL)); + if (strcasecmp(token, "never") == 0) + cfg->ldc_deref = LDAP_DEREF_NEVER; + else if (strcasecmp(token, "searching") == 0) + cfg->ldc_deref = LDAP_DEREF_SEARCHING; + else if (strcasecmp(token, "finding") == 0) + cfg->ldc_deref = LDAP_DEREF_FINDING; + else if (strcasecmp(token, "always") == 0) + cfg->ldc_deref = LDAP_DEREF_ALWAYS; else { - log_log(LOG_ERR,"%s:%d: wrong argument: '%s'",filename,lnr,token); + log_log(LOG_ERR, "%s:%d: wrong argument: '%s'", filename, lnr, token); exit(EXIT_FAILURE); } - get_eol(filename,lnr,keyword,&line); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"referrals")==0) + else if (strcasecmp(keyword, "referrals") == 0) { - get_boolean(filename,lnr,keyword,&line,&cfg->ldc_referrals); - get_eol(filename,lnr,keyword,&line); + get_boolean(filename, lnr, keyword, &line, &cfg->ldc_referrals); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"filter")==0) + else if (strcasecmp(keyword, "filter") == 0) { - parse_filter_statement(filename,lnr,keyword,line); + parse_filter_statement(filename, lnr, keyword, line); } - else if (strcasecmp(keyword,"map")==0) + else if (strcasecmp(keyword, "map") == 0) { - parse_map_statement(filename,lnr,keyword,line); + parse_map_statement(filename, lnr, keyword, line); } /* timing/reconnect options */ - else if (strcasecmp(keyword,"bind_timelimit")==0) + else if (strcasecmp(keyword, "bind_timelimit") == 0) { - get_int(filename,lnr,keyword,&line,&cfg->ldc_bind_timelimit); - get_eol(filename,lnr,keyword,&line); + get_int(filename, lnr, keyword, &line, &cfg->ldc_bind_timelimit); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"timelimit")==0) + else if (strcasecmp(keyword, "timelimit") == 0) { - get_int(filename,lnr,keyword,&line,&cfg->ldc_timelimit); - get_eol(filename,lnr,keyword,&line); + get_int(filename, lnr, keyword, &line, &cfg->ldc_timelimit); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"idle_timelimit")==0) + else if (strcasecmp(keyword, "idle_timelimit") == 0) { - get_int(filename,lnr,keyword,&line,&cfg->ldc_idle_timelimit); - get_eol(filename,lnr,keyword,&line); + get_int(filename, lnr, keyword, &line, &cfg->ldc_idle_timelimit); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"reconnect_tries")==0) - log_log(LOG_WARNING,"%s:%d: option %s has been removed and will be ignored",filename,lnr,keyword); - else if (!strcasecmp(keyword,"reconnect_sleeptime")) + else if (strcasecmp(keyword, "reconnect_tries") == 0) + log_log(LOG_WARNING, "%s:%d: option %s has been removed and will be ignored", + filename, lnr, keyword); + else if (!strcasecmp(keyword, "reconnect_sleeptime")) { - get_int(filename,lnr,keyword,&line,&cfg->ldc_reconnect_sleeptime); - get_eol(filename,lnr,keyword,&line); + get_int(filename, lnr, keyword, &line, &cfg->ldc_reconnect_sleeptime); + get_eol(filename, lnr, keyword, &line); } - else if ( (strcasecmp(keyword,"reconnect_retrytime")==0) || - (strcasecmp(keyword,"reconnect_maxsleeptime")==0) ) + else if ((strcasecmp(keyword, "reconnect_retrytime") == 0) || + (strcasecmp(keyword, "reconnect_maxsleeptime") == 0)) { - if (strcasecmp(keyword,"reconnect_maxsleeptime")==0) - log_log(LOG_WARNING,"%s:%d: option %s has been renamed to reconnect_retrytime",filename,lnr,keyword); - get_int(filename,lnr,keyword,&line,&cfg->ldc_reconnect_retrytime); - get_eol(filename,lnr,keyword,&line); + if (strcasecmp(keyword, "reconnect_maxsleeptime") == 0) + log_log(LOG_WARNING, "%s:%d: option %s has been renamed to reconnect_retrytime", + filename, lnr, keyword); + get_int(filename, lnr, keyword, &line, &cfg->ldc_reconnect_retrytime); + get_eol(filename, lnr, keyword, &line); } #ifdef LDAP_OPT_X_TLS /* SSL/TLS options */ - else if (strcasecmp(keyword,"ssl")==0) + else if (strcasecmp(keyword, "ssl") == 0) { - check_argumentcount(filename,lnr,keyword, - (get_token(&line,token,sizeof(token))!=NULL)); - if ( (strcasecmp(token,"start_tls")==0) || - (strcasecmp(token,"starttls")==0) ) - cfg->ldc_ssl_on=SSL_START_TLS; - else if (parse_boolean(filename,lnr,token)) - cfg->ldc_ssl_on=SSL_LDAPS; - get_eol(filename,lnr,keyword,&line); + check_argumentcount(filename, lnr, keyword, + (get_token(&line, token, sizeof(token)) != NULL)); + if ((strcasecmp(token, "start_tls") == 0) || + (strcasecmp(token, "starttls") == 0)) + cfg->ldc_ssl_on = SSL_START_TLS; + else if (parse_boolean(filename, lnr, token)) + cfg->ldc_ssl_on = SSL_LDAPS; + get_eol(filename, lnr, keyword, &line); } - else if ( (strcasecmp(keyword,"tls_reqcert")==0) || - (strcasecmp(keyword,"tls_checkpeer")==0) ) + else if ((strcasecmp(keyword, "tls_reqcert") == 0) || + (strcasecmp(keyword, "tls_checkpeer") == 0)) { - if (strcasecmp(keyword,"tls_checkpeer")==0) - log_log(LOG_WARNING,"%s:%d: option %s is deprecated (and will be removed in an upcoming release), use tls_reqcert instead",filename,lnr,keyword); - get_reqcert(filename,lnr,keyword,&line,&i); - get_eol(filename,lnr,keyword,&line); - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,%d)",i); - LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&i); + if (strcasecmp(keyword, "tls_checkpeer") == 0) + log_log(LOG_WARNING, "%s:%d: option %s is deprecated (and will be removed in an upcoming release), use tls_reqcert instead", + filename, lnr, keyword); + get_reqcert(filename, lnr, keyword, &line, &i); + get_eol(filename, lnr, keyword, &line); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,%d)", i); + LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i); } - else if (strcasecmp(keyword,"tls_cacertdir")==0) + else if (strcasecmp(keyword, "tls_cacertdir") == 0) { - get_strdup(filename,lnr,keyword,&line,&value); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &value); + get_eol(filename, lnr, keyword, &line); /* TODO: check that the path is valid */ - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR,\"%s\")",value); - LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_CACERTDIR,value); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR,\"%s\")", + value); + LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CACERTDIR, value); free(value); } - else if ( (strcasecmp(keyword,"tls_cacertfile")==0) || - (strcasecmp(keyword,"tls_cacert")==0) ) + else if ((strcasecmp(keyword, "tls_cacertfile") == 0) || + (strcasecmp(keyword, "tls_cacert") == 0)) { - get_strdup(filename,lnr,keyword,&line,&value); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &value); + get_eol(filename, lnr, keyword, &line); /* TODO: check that the path is valid */ - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,\"%s\")",value); - LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_CACERTFILE,value); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,\"%s\")", + value); + LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CACERTFILE, value); free(value); } - else if (strcasecmp(keyword,"tls_randfile")==0) + else if (strcasecmp(keyword, "tls_randfile") == 0) { - get_strdup(filename,lnr,keyword,&line,&value); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &value); + get_eol(filename, lnr, keyword, &line); /* TODO: check that the path is valid */ - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_RANDOM_FILE,\"%s\")",value); - LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_RANDOM_FILE,value); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_RANDOM_FILE,\"%s\")", + value); + LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_RANDOM_FILE, value); free(value); } - else if (strcasecmp(keyword,"tls_ciphers")==0) + else if (strcasecmp(keyword, "tls_ciphers") == 0) { - get_restdup(filename,lnr,keyword,&line,&value); - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_CIPHER_SUITE,\"%s\")",value); - LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_CIPHER_SUITE,value); + get_restdup(filename, lnr, keyword, &line, &value); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CIPHER_SUITE,\"%s\")", + value); + LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, value); free(value); } - else if (strcasecmp(keyword,"tls_cert")==0) + else if (strcasecmp(keyword, "tls_cert") == 0) { - get_strdup(filename,lnr,keyword,&line,&value); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &value); + get_eol(filename, lnr, keyword, &line); /* TODO: check that the path is valid */ - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_CERTFILE,\"%s\")",value); - LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_CERTFILE,value); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CERTFILE,\"%s\")", + value); + LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CERTFILE, value); free(value); } - else if (strcasecmp(keyword,"tls_key")==0) + else if (strcasecmp(keyword, "tls_key") == 0) { - get_strdup(filename,lnr,keyword,&line,&value); - get_eol(filename,lnr,keyword,&line); + get_strdup(filename, lnr, keyword, &line, &value); + get_eol(filename, lnr, keyword, &line); /* TODO: check that the path is valid */ - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,\"%s\")",value); - LDAP_SET_OPTION(NULL,LDAP_OPT_X_TLS_KEYFILE,value); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,\"%s\")", + value); + LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_KEYFILE, value); free(value); } #endif /* LDAP_OPT_X_TLS */ /* other options */ - else if (strcasecmp(keyword,"restart")==0) + else if (strcasecmp(keyword, "restart") == 0) { - log_log(LOG_WARNING,"%s:%d: option %s is currently untested (and may be removed in an upcoming release)",filename,lnr,keyword); - get_boolean(filename,lnr,keyword,&line,&cfg->ldc_restart); - get_eol(filename,lnr,keyword,&line); + log_log(LOG_WARNING, "%s:%d: option %s is currently untested (and may be removed in an upcoming release)", + filename, lnr, keyword); + get_boolean(filename, lnr, keyword, &line, &cfg->ldc_restart); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"pagesize")==0) + else if (strcasecmp(keyword, "pagesize") == 0) { - get_int(filename,lnr,keyword,&line,&cfg->ldc_pagesize); - get_eol(filename,lnr,keyword,&line); + get_int(filename, lnr, keyword, &line, &cfg->ldc_pagesize); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"nss_initgroups_ignoreusers")==0) + else if (strcasecmp(keyword, "nss_initgroups_ignoreusers") == 0) { - parse_nss_initgroups_ignoreusers_statement(filename,lnr,keyword,line,cfg); + parse_nss_initgroups_ignoreusers_statement(filename, lnr, keyword, line, + cfg); } - else if (strcasecmp(keyword,"pam_authz_search")==0) + else if (strcasecmp(keyword, "pam_authz_search") == 0) { - parse_pam_authz_search_statement(filename,lnr,keyword,line,cfg); + parse_pam_authz_search_statement(filename, lnr, keyword, line, cfg); } - else if (strcasecmp(keyword,"nss_min_uid")==0) + else if (strcasecmp(keyword, "nss_min_uid") == 0) { - get_uid(filename,lnr,keyword,&line,&cfg->ldc_nss_min_uid,NULL,NULL); - get_eol(filename,lnr,keyword,&line); + get_uid(filename, lnr, keyword, &line, &cfg->ldc_nss_min_uid, NULL, + NULL); + get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword,"validnames")==0) + else if (strcasecmp(keyword, "validnames") == 0) { - parse_validnames_statement(filename,lnr,keyword,line,cfg); + parse_validnames_statement(filename, lnr, keyword, line, cfg); } - else if (strcasecmp(keyword,"pam_password_prohibit_message")==0) + else if (strcasecmp(keyword, "pam_password_prohibit_message") == 0) { - parse_pam_password_prohibit_message_statement(filename,lnr,keyword,line,cfg); + parse_pam_password_prohibit_message_statement(filename, lnr, keyword, + line, cfg); } #ifdef ENABLE_CONFIGFILE_CHECKING /* fallthrough */ else { - log_log(LOG_ERR,"%s:%d: unknown keyword: '%s'",filename,lnr,keyword); + log_log(LOG_ERR, "%s:%d: unknown keyword: '%s'", + filename, lnr, keyword); exit(EXIT_FAILURE); } #endif @@ -1210,52 +1254,54 @@ static void cfg_read(const char *filename,struct ldap_config *cfg) } #ifdef NSLCD_BINDPW_PATH -static void bindpw_read(const char *filename,struct ldap_config *cfg) +static void bindpw_read(const char *filename, struct ldap_config *cfg) { FILE *fp; char linebuf[MAX_LINE_LENGTH]; int i; /* open config file */ - errno=0; - if ((fp=fopen(filename,"r"))==NULL) + errno = 0; + if ((fp = fopen(filename, "r")) == NULL) { - if (errno==ENOENT) + if (errno == ENOENT) { - log_log(LOG_DEBUG,"no bindpw file (%s)",filename); + log_log(LOG_DEBUG, "no bindpw file (%s)", filename); return; /* ignore */ } else { - log_log(LOG_ERR,"cannot open bindpw file (%s): %s",filename,strerror(errno)); + log_log(LOG_ERR, "cannot open bindpw file (%s): %s", + filename, strerror(errno)); exit(EXIT_FAILURE); } } /* check permissions */ - check_permissions(filename,NULL); + check_permissions(filename, NULL); /* read the first line */ - if (fgets(linebuf,sizeof(linebuf),fp)==NULL) + if (fgets(linebuf, sizeof(linebuf), fp) == NULL) { - log_log(LOG_ERR,"%s: error reading first line",filename); + log_log(LOG_ERR, "%s: error reading first line", filename); exit(EXIT_FAILURE); } /* chop the last char off and save the rest as bindpw */ - i=(int)strlen(linebuf); - if ((i<=0)||(linebuf[i-1]!='\n')) + i = (int)strlen(linebuf); + if ((i <= 0) || (linebuf[i - 1] != '\n')) { - log_log(LOG_ERR,"%s:1: line too long or missing newline",filename); + log_log(LOG_ERR, "%s:1: line too long or missing newline", filename); exit(EXIT_FAILURE); } - linebuf[i-1]='\0'; - if (strlen(linebuf)==0) + linebuf[i - 1] = '\0'; + if (strlen(linebuf) == 0) { - log_log(LOG_ERR,"%s:1: the password is empty",filename); + log_log(LOG_ERR, "%s:1: the password is empty", filename); exit(EXIT_FAILURE); } - cfg->ldc_bindpw=strdup(linebuf); + cfg->ldc_bindpw = strdup(linebuf); /* check if there is no more data in the file */ - if (fgets(linebuf,sizeof(linebuf),fp)!=NULL) + if (fgets(linebuf, sizeof(linebuf), fp) != NULL) { - log_log(LOG_ERR,"%s:2: there is more than one line in the bindpw file",filename); + log_log(LOG_ERR, "%s:2: there is more than one line in the bindpw file", + filename); exit(EXIT_FAILURE); } fclose(fp); @@ -1275,34 +1321,37 @@ static MUST_USE char *get_base_from_rootdse(void) int i; int rc; const char **values; - char *base=NULL; + char *base = NULL; /* initialize session */ - session=myldap_create_session(); - assert(session!=NULL); + session = myldap_create_session(); + assert(session != NULL); /* perform search */ - search=myldap_search(session,"",LDAP_SCOPE_BASE,"(objectClass=*)",attrs,NULL); - if (search==NULL) + search = myldap_search(session, "", LDAP_SCOPE_BASE, "(objectClass=*)", + attrs, NULL); + if (search == NULL) { myldap_session_close(session); return NULL; } /* go over results */ - for (i=0;(entry=myldap_get_entry(search,&rc))!=NULL;i++) + for (i = 0; (entry = myldap_get_entry(search, &rc)) != NULL; i++) { /* get defaultNamingContext */ - values=myldap_get_values(entry,"defaultNamingContext"); - if ((values!=NULL)&&(values[0]!=NULL)) + values = myldap_get_values(entry, "defaultNamingContext"); + if ((values != NULL) && (values[0] != NULL)) { - base=xstrdup(values[0]); - log_log(LOG_DEBUG,"get_basedn_from_rootdse(): found attribute defaultNamingContext with value %s",values[0]); + base = xstrdup(values[0]); + log_log(LOG_DEBUG, "get_basedn_from_rootdse(): found attribute defaultNamingContext with value %s", + values[0]); break; } /* get namingContexts */ - values=myldap_get_values(entry,"namingContexts"); - if ((values!=NULL)&&(values[0]!=NULL)) + values = myldap_get_values(entry, "namingContexts"); + if ((values != NULL) && (values[0] != NULL)) { - base=xstrdup(values[0]); - log_log(LOG_DEBUG,"get_basedn_from_rootdse(): found attribute namingContexts with value %s",values[0]); + base = xstrdup(values[0]); + log_log(LOG_DEBUG, "get_basedn_from_rootdse(): found attribute namingContexts with value %s", + values[0]); break; } } @@ -1317,52 +1366,52 @@ void cfg_init(const char *fname) int i; #endif /* LDAP_OPT_X_TLS */ /* check if we were called before */ - if (nslcd_cfg!=NULL) + if (nslcd_cfg != NULL) { - log_log(LOG_CRIT,"cfg_init() may only be called once"); + log_log(LOG_CRIT, "cfg_init() may only be called once"); exit(EXIT_FAILURE); } /* allocate the memory (this memory is not freed anywhere) */ - nslcd_cfg=(struct ldap_config *)malloc(sizeof(struct ldap_config)); - if (nslcd_cfg==NULL) + nslcd_cfg = (struct ldap_config *)malloc(sizeof(struct ldap_config)); + if (nslcd_cfg == NULL) { - log_log(LOG_CRIT,"malloc() failed to allocate memory"); + log_log(LOG_CRIT, "malloc() failed to allocate memory"); exit(EXIT_FAILURE); } /* clear configuration */ cfg_defaults(nslcd_cfg); /* read configfile */ - cfg_read(fname,nslcd_cfg); + cfg_read(fname, nslcd_cfg); #ifdef NSLCD_BINDPW_PATH - bindpw_read(NSLCD_BINDPW_PATH,nslcd_cfg); + bindpw_read(NSLCD_BINDPW_PATH, nslcd_cfg); #endif /* NSLCD_BINDPW_PATH */ /* do some sanity checks */ - if (nslcd_cfg->ldc_uris[0].uri==NULL) + if (nslcd_cfg->ldc_uris[0].uri == NULL) { - log_log(LOG_ERR,"no URIs defined in config"); + log_log(LOG_ERR, "no URIs defined in config"); exit(EXIT_FAILURE); } /* if ssl is on each URI should start with ldaps */ #ifdef LDAP_OPT_X_TLS - if (nslcd_cfg->ldc_ssl_on==SSL_LDAPS) + if (nslcd_cfg->ldc_ssl_on == SSL_LDAPS) { - for (i=0;nslcd_cfg->ldc_uris[i].uri!=NULL;i++) + for (i = 0; nslcd_cfg->ldc_uris[i].uri != NULL; i++) { - if (strncasecmp(nslcd_cfg->ldc_uris[i].uri,"ldaps://",8)!=0) - log_log(LOG_WARNING,"%s doesn't start with ldaps:// and \"ssl on\" is specified", - nslcd_cfg->ldc_uris[i].uri); + if (strncasecmp(nslcd_cfg->ldc_uris[i].uri, "ldaps://", 8) != 0) + log_log(LOG_WARNING, "%s doesn't start with ldaps:// and \"ssl on\" is specified", + nslcd_cfg->ldc_uris[i].uri); } } /* TODO: check that if some tls options are set the ssl option should be set to on (just warn) */ #endif /* LDAP_OPT_X_TLS */ /* if basedn is not yet set, get if from the rootDSE */ - if (nslcd_cfg->ldc_bases[0]==NULL) - nslcd_cfg->ldc_bases[0]=get_base_from_rootdse(); + if (nslcd_cfg->ldc_bases[0] == NULL) + nslcd_cfg->ldc_bases[0] = get_base_from_rootdse(); /* TODO: handle the case gracefully when no LDAP server is available yet */ /* see if we have a valid basedn */ - if ((nslcd_cfg->ldc_bases[0]==NULL)||(nslcd_cfg->ldc_bases[0][0]=='\0')) + if ((nslcd_cfg->ldc_bases[0] == NULL) || (nslcd_cfg->ldc_bases[0][0] == '\0')) { - log_log(LOG_ERR,"no base defined in config and couldn't get one from server"); + log_log(LOG_ERR, "no base defined in config and couldn't get one from server"); exit(EXIT_FAILURE); } /* initialise all database modules */ diff --git a/nslcd/cfg.h b/nslcd/cfg.h index ccbad37..4b10b28 100644 --- a/nslcd/cfg.h +++ b/nslcd/cfg.h @@ -48,16 +48,14 @@ /* maximum number of pam_authz_search options */ #define NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES 8 -enum ldap_ssl_options -{ +enum ldap_ssl_options { SSL_OFF, SSL_LDAPS, SSL_START_TLS }; /* selectors for different maps */ -enum ldap_map_selector -{ +enum ldap_map_selector { LM_PASSWD, LM_SHADOW, LM_GROUP, @@ -72,8 +70,7 @@ enum ldap_map_selector LM_NONE }; -struct myldap_uri -{ +struct myldap_uri { char *uri; /* time of first failed operation */ time_t firstfail; @@ -81,8 +78,7 @@ struct myldap_uri time_t lastfail; }; -struct ldap_config -{ +struct ldap_config { /* the number of threads to start */ int ldc_threads; /* the user name specified in the uid option */ @@ -94,7 +90,7 @@ struct ldap_config /* whether or not case should be ignored in lookups */ int ldc_ignorecase; /* NULL terminated list of URIs */ - struct myldap_uri ldc_uris[NSS_LDAP_CONFIG_URI_MAX+1]; + struct myldap_uri ldc_uris[NSS_LDAP_CONFIG_URI_MAX + 1]; /* protocol version */ int ldc_version; /* bind DN */ diff --git a/nslcd/common.c b/nslcd/common.c index 37542b9..2b67e6c 100644 --- a/nslcd/common.c +++ b/nslcd/common.c @@ -42,177 +42,178 @@ #include "attmap.h" #include "cfg.h" -/* simple wrapper around snptintf() to return non-0 in case +/* simple wrapper around snptintf() to return non-zero in case of any failure (but always keep string 0-terminated) */ -int mysnprintf(char *buffer,size_t buflen,const char *format, ...) +int mysnprintf(char *buffer, size_t buflen, const char *format, ...) { int res; va_list ap; /* do snprintf */ - va_start(ap,format); - res=vsnprintf(buffer,buflen,format,ap); + va_start(ap, format); + res = vsnprintf(buffer, buflen, format, ap); va_end(ap); /* NULL-terminate the string just to be on the safe side */ - buffer[buflen-1]='\0'; + buffer[buflen - 1] = '\0'; /* check if the string was completely written */ - return ((res<0)||(((size_t)res)>=buflen)); + return ((res < 0) || (((size_t)res) >= buflen)); } /* return the fully qualified domain name of the current host */ const char *getfqdn(void) { - static char *fqdn=NULL; - char hostname[HOST_NAME_MAX+1]; + static char *fqdn = NULL; + char hostname[HOST_NAME_MAX + 1]; int hostnamelen; int i; - struct hostent *host=NULL; + struct hostent *host = NULL; /* if we already have a fqdn return that */ - if (fqdn!=NULL) + if (fqdn != NULL) return fqdn; /* get system hostname */ - if (gethostname(hostname,sizeof(hostname))<0) + if (gethostname(hostname, sizeof(hostname)) < 0) { - log_log(LOG_ERR,"gethostname() failed: %s",strerror(errno)); + log_log(LOG_ERR, "gethostname() failed: %s", strerror(errno)); return NULL; } - hostnamelen=strlen(hostname); + hostnamelen = strlen(hostname); /* lookup hostent */ - host=gethostbyname(hostname); - if (host==NULL) + host = gethostbyname(hostname); + if (host == NULL) { - log_log(LOG_ERR,"gethostbyname(%s): %s",hostname,hstrerror(h_errno)); + log_log(LOG_ERR, "gethostbyname(%s): %s", hostname, hstrerror(h_errno)); /* fall back to hostname */ - fqdn=strdup(hostname); + fqdn = strdup(hostname); return fqdn; } /* check h_name for fqdn starting with our hostname */ - if ((strncasecmp(hostname,host->h_name,hostnamelen)==0)&& - (host->h_name[hostnamelen]=='.')&& - (host->h_name[hostnamelen+1]!='\0')) + if ((strncasecmp(hostname, host->h_name, hostnamelen) == 0) && + (host->h_name[hostnamelen] == '.') && + (host->h_name[hostnamelen + 1] != '\0')) { - fqdn=strdup(host->h_name); + fqdn = strdup(host->h_name); return fqdn; } /* also check h_aliases */ - for (i=0;host->h_aliases[i]!=NULL;i++) + for (i = 0; host->h_aliases[i] != NULL; i++) { - if ((strncasecmp(hostname,host->h_aliases[i],hostnamelen)==0)&& - (host->h_aliases[i][hostnamelen]=='.')&& - (host->h_aliases[i][hostnamelen+1]!='\0')) + if ((strncasecmp(hostname, host->h_aliases[i], hostnamelen) == 0) && + (host->h_aliases[i][hostnamelen] == '.') && + (host->h_aliases[i][hostnamelen + 1] != '\0')) { - fqdn=strdup(host->h_aliases[i]); + fqdn = strdup(host->h_aliases[i]); return fqdn; } } /* fall back to h_name if it has a dot in it */ - if (strchr(host->h_name,'.')!=NULL) + if (strchr(host->h_name, '.') != NULL) { - fqdn=strdup(host->h_name); + fqdn = strdup(host->h_name); return fqdn; } /* also check h_aliases */ - for (i=0;host->h_aliases[i]!=NULL;i++) + for (i = 0; host->h_aliases[i] != NULL; i++) { - if (strchr(host->h_aliases[i],'.')!=NULL) + if (strchr(host->h_aliases[i], '.') != NULL) { - fqdn=strdup(host->h_aliases[i]); + fqdn = strdup(host->h_aliases[i]); return fqdn; } } /* nothing found, fall back to hostname */ - fqdn=strdup(hostname); + fqdn = strdup(hostname); return fqdn; } -const char *get_userpassword(MYLDAP_ENTRY *entry,const char *attr,char *buffer,size_t buflen) +const char *get_userpassword(MYLDAP_ENTRY *entry, const char *attr, + char *buffer, size_t buflen) { const char *tmpvalue; /* get the value */ - tmpvalue=attmap_get_value(entry,attr,buffer,buflen); - if (tmpvalue==NULL) + tmpvalue = attmap_get_value(entry, attr, buffer, buflen); + if (tmpvalue == NULL) return NULL; /* go over the entries and return the remainder of the value if it starts with {crypt} or crypt$ */ - if (strncasecmp(tmpvalue,"{crypt}",7)==0) - return tmpvalue+7; - if (strncasecmp(tmpvalue,"crypt$",6)==0) - return tmpvalue+6; + if (strncasecmp(tmpvalue, "{crypt}", 7) == 0) + return tmpvalue + 7; + if (strncasecmp(tmpvalue, "crypt$", 6) == 0) + return tmpvalue + 6; /* just return the first value completely */ return tmpvalue; /* TODO: support more password formats e.g. SMD5 - (which is $1$ but in a different format) - (any code for this is more than welcome) */ + (which is $1$ but in a different format) + (any code for this is more than welcome) */ } /* Checks if the specified name seems to be a valid user or group name. */ int isvalidname(const char *name) { - return regexec(&nslcd_cfg->validnames,name,0,NULL,0)==0; + return regexec(&nslcd_cfg->validnames, name, 0, NULL, 0) == 0; } /* this writes a single address to the stream */ -int write_address(TFILE *fp,MYLDAP_ENTRY *entry,const char *attr, +int write_address(TFILE *fp, MYLDAP_ENTRY *entry, const char *attr, const char *addr) { int32_t tmpint32; struct in_addr ipv4addr; struct in6_addr ipv6addr; /* try to parse the address as IPv4 first, fall back to IPv6 */ - if (inet_pton(AF_INET,addr,&ipv4addr)>0) + if (inet_pton(AF_INET, addr, &ipv4addr) > 0) { /* write address type */ - WRITE_INT32(fp,AF_INET); + WRITE_INT32(fp, AF_INET); /* write the address length */ - WRITE_INT32(fp,sizeof(struct in_addr)); + WRITE_INT32(fp, sizeof(struct in_addr)); /* write the address itself (in network byte order) */ - WRITE(fp,&ipv4addr,sizeof(struct in_addr)); + WRITE(fp, &ipv4addr, sizeof(struct in_addr)); } - else if (inet_pton(AF_INET6,addr,&ipv6addr)>0) + else if (inet_pton(AF_INET6, addr, &ipv6addr) > 0) { /* write address type */ - WRITE_INT32(fp,AF_INET6); + WRITE_INT32(fp, AF_INET6); /* write the address length */ - WRITE_INT32(fp,sizeof(struct in6_addr)); + WRITE_INT32(fp, sizeof(struct in6_addr)); /* write the address itself (in network byte order) */ - WRITE(fp,&ipv6addr,sizeof(struct in6_addr)); + WRITE(fp, &ipv6addr, sizeof(struct in6_addr)); } else { /* failure, log but write simple invalid address (otherwise the address list is messed up) */ /* TODO: have error message in correct format */ - log_log(LOG_WARNING,"%s: %s: \"%s\" unparseble", - myldap_get_dn(entry),attmap_ether_cn,addr); + log_log(LOG_WARNING, "%s: %s: \"%s\" unparseble", + myldap_get_dn(entry), attmap_ether_cn, addr); /* write an illegal address type */ - WRITE_INT32(fp,-1); + WRITE_INT32(fp, -1); /* write an emtpy address */ - WRITE_INT32(fp,0); + WRITE_INT32(fp, 0); } /* we're done */ return 0; } -int read_address(TFILE *fp,char *addr,int *addrlen,int *af) +int read_address(TFILE *fp, char *addr, int *addrlen, int *af) { int32_t tmpint32; int len; /* read address family */ - READ_INT32(fp,*af); - if ((*af!=AF_INET)&&(*af!=AF_INET6)) + READ_INT32(fp, *af); + if ((*af != AF_INET) && (*af != AF_INET6)) { - log_log(LOG_WARNING,"incorrect address family specified: %d",*af); + log_log(LOG_WARNING, "incorrect address family specified: %d", *af); return -1; } /* read address length */ - READ_INT32(fp,len); - if ((len>*addrlen)||(len<=0)) + READ_INT32(fp, len); + if ((len > *addrlen) || (len <= 0)) { - log_log(LOG_WARNING,"address length incorrect: %d",len); + log_log(LOG_WARNING, "address length incorrect: %d", len); return -1; } - *addrlen=len; + *addrlen = len; /* read address */ - READ(fp,addr,len); + READ(fp, addr, len); /* we're done */ return 0; } @@ -222,43 +223,45 @@ int read_address(TFILE *fp,char *addr,int *addrlen,int *af) to a format that can be used to search the objectSid property with */ char *sid2search(const char *sid) { - const char *tmpsid=sid; - char *res,*tmp; - int i=0; + const char *tmpsid = sid; + char *res, *tmp; + int i = 0; long int l; /* check the beginning of the string */ - if (strncasecmp(sid,"S-",2)!=0) + if (strncasecmp(sid, "S-", 2) != 0) { - log_log(LOG_ERR,"error in SID %s",sid); + log_log(LOG_ERR, "error in SID %s", sid); exit(EXIT_FAILURE); } /* count the number of dashes in the sid */ - while (tmpsid!=NULL) + while (tmpsid != NULL) { i++; - tmpsid=strchr(tmpsid+1,'-'); + tmpsid = strchr(tmpsid + 1, '-'); } - i-=2; /* number of security ids plus one because we add the uid later */ + i -= 2; /* number of security ids plus one because we add the uid later */ /* allocate memory */ - res=malloc(3+3+6*3+i*4*3+1); - if (res==NULL) + res = malloc(3 + 3 + 6 * 3 + i * 4 * 3 + 1); + if (res == NULL) { - log_log(LOG_CRIT,"malloc() failed to allocate memory"); + log_log(LOG_CRIT, "malloc() failed to allocate memory"); exit(1); } /* build the first part */ - l=strtol(sid+2,&tmp,10); - sprintf(res,"\\%02x\\%02x",(int)l&0xff,(int)i); + l = strtol(sid + 2, &tmp, 10); + sprintf(res, "\\%02x\\%02x", (int)l & 0xff, (int)i); /* build authority part (we only handle 32 of the 48 bits) */ - l=strtol(tmp+1,&tmp,10); - sprintf(res+strlen(res),"\\00\\00\\%02x\\%02x\\%02x\\%02x", - (int)((l>>24)&0xff),(int)((l>>16)&0xff),(int)((l>>8)&0xff),(int)(l&0xff)); + l = strtol(tmp + 1, &tmp, 10); + sprintf(res + strlen(res), "\\00\\00\\%02x\\%02x\\%02x\\%02x", + (int)((l >> 24) & 0xff), (int)((l >> 16) & 0xff), + (int)((l >> 8) & 0xff), (int)(l & 0xff)); /* go over the rest of the bits */ - while (*tmp!='\0') + while (*tmp != '\0') { - l=strtol(tmp+1,&tmp,10); - sprintf(res+strlen(res),"\\%02x\\%02x\\%02x\\%02x", - (int)(l&0xff),(int)((l>>8)&0xff),(int)((l>>16)&0xff),(int)((l>>24)&0xff)); + l = strtol(tmp + 1, &tmp, 10); + sprintf(res + strlen(res), "\\%02x\\%02x\\%02x\\%02x", + (int)(l & 0xff), (int)((l >> 8) & 0xff), (int)((l >> 16) & 0xff), + (int)((l >> 24) & 0xff)); } return res; } @@ -268,21 +271,23 @@ long int binsid2id(const char *binsid) { int i; /* find the position of the last security id */ - i=2+6+((((int)binsid[1])&0xff)-1)*4; - return (((long int)binsid[i])&0xff)|((((long int)binsid[i+1])&0xff)<<8)| - ((((long int)binsid[i+2])&0xff)<<16)|((((long int)binsid[i+3])&0xff)<<24); + i = 2 + 6 + ((((int)binsid[1]) & 0xff) - 1) * 4; + return (((long int)binsid[i]) & 0xff) | + ((((long int)binsid[i + 1]) & 0xff) << 8) | + ((((long int)binsid[i + 2]) & 0xff) << 16) | + ((((long int)binsid[i + 3]) & 0xff) << 24); } #ifdef WANT_STRTOUI /* provide a strtoui() implementation, similar to strtoul() but returning an range-checked unsigned int instead */ -unsigned int strtoui(const char *nptr,char **endptr,int base) +unsigned int strtoui(const char *nptr, char **endptr, int base) { unsigned long val; - val=strtoul(nptr,endptr,base); - if (val>UINT_MAX) + val = strtoul(nptr, endptr, base); + if (val > UINT_MAX) { - errno=ERANGE; + errno = ERANGE; return UINT_MAX; } /* If errno was set by strtoul, we'll pass it back as-is */ diff --git a/nslcd/common.h b/nslcd/common.h index a7be8c5..5161466 100644 --- a/nslcd/common.h +++ b/nslcd/common.h @@ -42,22 +42,23 @@ the stream is not closed because the caller closes the stream */ -#define ERROR_OUT_WRITEERROR(fp) \ - log_log(LOG_WARNING,"error writing to client: %s",strerror(errno)); \ +#define ERROR_OUT_WRITEERROR(fp) \ + log_log(LOG_WARNING, "error writing to client: %s", strerror(errno)); \ return -1; -#define ERROR_OUT_READERROR(fp) \ - log_log(LOG_WARNING,"error reading from client: %s",strerror(errno)); \ +#define ERROR_OUT_READERROR(fp) \ + log_log(LOG_WARNING, "error reading from client: %s", strerror(errno)); \ return -1; -#define ERROR_OUT_BUFERROR(fp) \ - log_log(LOG_WARNING,"client supplied argument %d bytes too large",tmpint32); \ +#define ERROR_OUT_BUFERROR(fp) \ + log_log(LOG_WARNING, "client supplied argument %d bytes too large", \ + tmpint32); \ return -1; /* a simple wrapper around snprintf, returns 0 if ok, -1 on error */ -int mysnprintf(char *buffer,size_t buflen,const char *format, ...) - LIKE_PRINTF(3,4); +int mysnprintf(char *buffer, size_t buflen, const char *format, ...) + LIKE_PRINTF(3, 4); /* return the fully qualified domain name of the current host the returned value does not need to be freed but is re-used for every @@ -69,25 +70,25 @@ MUST_USE const char *getfqdn(void); /etc/group or /etc/shadow depending upon what is in the directory. This function will return NULL if no passwd is found and will return the literal value in the directory if conversion is not possible. */ -const char *get_userpassword(MYLDAP_ENTRY *entry,const char *attr, - char *buffer,size_t buflen); +const char *get_userpassword(MYLDAP_ENTRY *entry, const char *attr, + char *buffer, size_t buflen); /* write out an address, parsing the addr value */ -int write_address(TFILE *fp,MYLDAP_ENTRY *entry,const char *attr, +int write_address(TFILE *fp, MYLDAP_ENTRY *entry, const char *attr, const char *addr); /* a helper macro to write out addresses and bail out on errors */ -#define WRITE_ADDRESS(fp,entry,attr,addr) \ - if (write_address(fp,entry,attr,addr)) \ +#define WRITE_ADDRESS(fp, entry, attr, addr) \ + if (write_address(fp, entry, attr, addr)) \ return -1; /* read an address from the stream */ -int read_address(TFILE *fp,char *addr,int *addrlen,int *af); +int read_address(TFILE *fp, char *addr, int *addrlen, int *af); /* helper macro to read an address from the stream */ -#define READ_ADDRESS(fp,addr,len,af) \ - len=(int)sizeof(addr); \ - if (read_address(fp,addr,&(len),&(af))) \ +#define READ_ADDRESS(fp, addr, len, af) \ + len = (int)sizeof(addr); \ + if (read_address(fp, addr, &(len), &(af))) \ return -1; /* convert the provided string representation of a sid @@ -103,28 +104,33 @@ MUST_USE int isvalidname(const char *name); /* Perform an LDAP lookup to translate the DN into a uid. This function either returns NULL or a strdup()ed string. */ -MUST_USE char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp,char *buf,size_t buflen); +MUST_USE char *lookup_dn2uid(MYLDAP_SESSION *session, const char *dn, + int *rcp, char *buf, size_t buflen); /* transforms the DN info a uid doing an LDAP lookup if needed */ -MUST_USE char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen); +MUST_USE char *dn2uid(MYLDAP_SESSION *session, const char *dn, char *buf, + size_t buflen); /* use the user id to lookup an LDAP entry */ -MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp); +MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session, const char *uid, int *rcp); /* transforms the uid into a DN by doing an LDAP lookup */ -MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen); +MUST_USE char *uid2dn(MYLDAP_SESSION *session, const char *uid, char *buf, + size_t buflen); /* try to update the shadowLastChange attribute of the entry if possible */ -int update_lastchange(MYLDAP_SESSION *session,const char *userdn); +int update_lastchange(MYLDAP_SESSION *session, const char *userdn); /* use the user id to lookup an LDAP entry with the shadow attributes - requested*/ -MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session,const char *username,int *rcp); + requested */ +MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session, const char *username, + int *rcp); /* return shadown information */ -void get_shadow_properties(MYLDAP_ENTRY *entry,long *lastchangedate, - long *mindays,long *maxdays,long *warndays, - long *inactdays,long *expiredate,unsigned long *flag); +void get_shadow_properties(MYLDAP_ENTRY *entry, long *lastchangedate, + long *mindays, long *maxdays, long *warndays, + long *inactdays, long *expiredate, + unsigned long *flag); /* check whether the nsswitch file should be reloaded */ @@ -170,7 +176,7 @@ int nsswitch_shadow_uses_ldap(void); #ifdef WANT_STRTOUI /* provide a strtoui() if it is needed */ -unsigned int strtoui(const char *nptr,char **endptr,int base); +unsigned int strtoui(const char *nptr, char **endptr, int base); #endif /* WANT_STRTOUI */ /* these are the functions for initialising the database specific @@ -189,94 +195,97 @@ void shadow_init(void); /* these are the different functions that handle the database specific actions, see nslcd.h for the action descriptions */ -int nslcd_config_get(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_alias_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_alias_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_ether_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_ether_byether(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_ether_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_group_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_group_bygid(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_group_bymember(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_group_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_host_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_host_byaddr(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_host_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_netgroup_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_network_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_network_byaddr(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_network_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); -int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); -int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); -int nslcd_protocol_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_protocol_bynumber(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_protocol_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_rpc_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_rpc_bynumber(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_rpc_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_service_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_service_bynumber(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_service_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_shadow_byname(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_shadow_all(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); -int nslcd_pam_authz(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_pam_sess_o(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_pam_sess_c(TFILE *fp,MYLDAP_SESSION *session); -int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); +int nslcd_config_get(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_alias_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_alias_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_ether_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_ether_byether(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_ether_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_group_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_group_bygid(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_group_bymember(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_group_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_host_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_host_byaddr(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_host_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_netgroup_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_network_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_network_byaddr(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_network_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_passwd_byname(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid); +int nslcd_passwd_byuid(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid); +int nslcd_passwd_all(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid); +int nslcd_protocol_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_protocol_bynumber(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_protocol_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_rpc_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_rpc_bynumber(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_rpc_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_service_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_service_bynumber(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_service_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_shadow_byname(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_shadow_all(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_pam_authc(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid); +int nslcd_pam_authz(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_pam_sess_o(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_pam_sess_c(TFILE *fp, MYLDAP_SESSION *session); +int nslcd_pam_pwmod(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid); /* macros for generating service handling code */ -#define NSLCD_HANDLE(db,fn,readfn,action,mkfilter,writefn) \ - int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session) \ - NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) -#define NSLCD_HANDLE_UID(db,fn,readfn,action,mkfilter,writefn) \ - int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) \ - NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) -#define NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) \ - { \ - /* define common variables */ \ - int32_t tmpint32; \ - MYLDAP_SEARCH *search; \ - MYLDAP_ENTRY *entry; \ - const char *base; \ - int rc,i; \ - /* read request parameters */ \ - readfn; \ - /* write the response header */ \ - WRITE_INT32(fp,NSLCD_VERSION); \ - WRITE_INT32(fp,action); \ - /* prepare the search filter */ \ - if (mkfilter) \ - { \ - log_log(LOG_WARNING,"nslcd_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small"); \ - return -1; \ - } \ - /* perform a search for each search base */ \ - for (i=0; (base=db##_bases[i])!=NULL; i++) \ - { \ - /* do the LDAP search */ \ - if ((search=myldap_search(session,base,db##_scope,filter,db##_attrs,NULL))==NULL) \ - return -1; \ - /* go over results */ \ - while ((entry=myldap_get_entry(search,&rc))!=NULL) \ - { \ - if (writefn) \ - return -1; \ - } \ - } \ - /* write the final result code */ \ - if (rc==LDAP_SUCCESS) \ - { \ - WRITE_INT32(fp,NSLCD_RESULT_END); \ - } \ - return 0; \ +#define NSLCD_HANDLE(db, fn, readfn, action, mkfilter, writefn) \ + int nslcd_##db##_##fn(TFILE *fp, MYLDAP_SESSION *session) \ + NSLCD_HANDLE_BODY(db, fn, readfn, action, mkfilter, writefn) +#define NSLCD_HANDLE_UID(db, fn, readfn, action, mkfilter, writefn) \ + int nslcd_##db##_##fn(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid) \ + NSLCD_HANDLE_BODY(db, fn, readfn, action, mkfilter, writefn) +#define NSLCD_HANDLE_BODY(db, fn, readfn, action, mkfilter, writefn) \ + { \ + /* define common variables */ \ + int32_t tmpint32; \ + MYLDAP_SEARCH *search; \ + MYLDAP_ENTRY *entry; \ + const char *base; \ + int rc, i; \ + /* read request parameters */ \ + readfn; \ + /* write the response header */ \ + WRITE_INT32(fp, NSLCD_VERSION); \ + WRITE_INT32(fp, action); \ + /* prepare the search filter */ \ + if (mkfilter) \ + { \ + log_log(LOG_WARNING, "nslcd_" __STRING(db) "_" __STRING(fn) \ + "(): filter buffer too small"); \ + return -1; \ + } \ + /* perform a search for each search base */ \ + for (i = 0; (base = db##_bases[i]) != NULL; i++) \ + { \ + /* do the LDAP search */ \ + search = myldap_search(session, base, db##_scope, filter, \ + db##_attrs, NULL); \ + if (search == NULL) \ + return -1; \ + /* go over results */ \ + while ((entry = myldap_get_entry(search, &rc)) != NULL) \ + { \ + if (writefn) \ + return -1; \ + } \ + } \ + /* write the final result code */ \ + if (rc == LDAP_SUCCESS) \ + { \ + WRITE_INT32(fp, NSLCD_RESULT_END); \ + } \ + return 0; \ } -/* macro to compare strings - Use the ignorecase config option to determine whether or not to do a - case-sensitive match */ -#define STR_CMP(str1,str2) \ - (nslcd_cfg->ldc_ignorecase == 1 ? strcasecmp(str1,str2) : strcmp(str1,str2)) +/* macro to compare strings which uses the ignorecase config option to + determine whether or not to do a case-sensitive match */ +#define STR_CMP(str1, str2) \ + (nslcd_cfg->ldc_ignorecase == 1 ? \ + strcasecmp(str1, str2) : strcmp(str1, str2)) #endif /* not NSLCD__COMMON_H */ diff --git a/nslcd/config.c b/nslcd/config.c index 45bfa2b..36efede 100644 --- a/nslcd/config.c +++ b/nslcd/config.c @@ -33,29 +33,29 @@ #include "log.h" #include "cfg.h" -int nslcd_config_get(TFILE *fp,MYLDAP_SESSION *session) +int nslcd_config_get(TFILE *fp, MYLDAP_SESSION *session) { int32_t tmpint32; int32_t cfgopt; /* read request parameters */ - READ_INT32(fp,cfgopt); + READ_INT32(fp, cfgopt); /* log call */ - log_setrequest("config=%d",(int)cfgopt); - log_log(LOG_DEBUG,"nslcd_config_get(%d)",(int)cfgopt); + log_setrequest("config=%d", (int)cfgopt); + log_log(LOG_DEBUG, "nslcd_config_get(%d)", (int)cfgopt); /* write the response header */ - WRITE_INT32(fp,NSLCD_VERSION); - WRITE_INT32(fp,NSLCD_ACTION_CONFIG_GET); - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, NSLCD_VERSION); + WRITE_INT32(fp, NSLCD_ACTION_CONFIG_GET); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); /* validate request */ switch (cfgopt) { case NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE: - WRITE_STRING(fp,nslcd_cfg->pam_password_prohibit_message); + WRITE_STRING(fp, nslcd_cfg->pam_password_prohibit_message); break; default: /* all other config options are ignored */ break; } - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } diff --git a/nslcd/ether.c b/nslcd/ether.c index be243ba..bcefcda 100644 --- a/nslcd/ether.c +++ b/nslcd/ether.c @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong + Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -55,8 +55,8 @@ int ether_scope = LDAP_SCOPE_DEFAULT; const char *ether_filter = "(objectClass=ieee802Device)"; /* the attributes to request with searches */ -const char *attmap_ether_cn = "cn"; -const char *attmap_ether_macAddress = "macAddress"; +const char *attmap_ether_cn = "cn"; +const char *attmap_ether_macAddress = "macAddress"; /* the attribute list to request with searches */ static const char *ether_attrs[3]; @@ -64,129 +64,125 @@ static const char *ether_attrs[3]; /* create a search filter for searching an ethernet address by name, return -1 on errors */ static int mkfilter_ether_byname(const char *name, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if(myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - ether_filter, - attmap_ether_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + ether_filter, attmap_ether_cn, safename); } static int mkfilter_ether_byether(const char *addrstr, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { /* FIXME: this has a bug when the directory has 01:00:0e:... - and we're looking for 1:0:e:... (leading zeros) */ + and we're looking for 1:0:e:... (leading zeros) */ /* there should be no characters that need escaping */ /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - ether_filter, - attmap_ether_macAddress,addrstr); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + ether_filter, attmap_ether_macAddress, addrstr); } void ether_init(void) { int i; /* set up search bases */ - if (ether_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - ether_bases[i]=nslcd_cfg->ldc_bases[i]; + if (ether_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + ether_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (ether_scope==LDAP_SCOPE_DEFAULT) - ether_scope=nslcd_cfg->ldc_scope; + if (ether_scope == LDAP_SCOPE_DEFAULT) + ether_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - ether_attrs[0]=attmap_ether_cn; - ether_attrs[1]=attmap_ether_macAddress; - ether_attrs[2]=NULL; + ether_attrs[0] = attmap_ether_cn; + ether_attrs[1] = attmap_ether_macAddress; + ether_attrs[2] = NULL; } /* TODO: check for errors in aton() */ -#define WRITE_ETHER(fp,addr) \ - ether_aton_r(addr,&tmpaddr); \ - WRITE(fp,&tmpaddr,sizeof(uint8_t[6])); +#define WRITE_ETHER(fp, addr) \ + ether_aton_r(addr, &tmpaddr); \ + WRITE(fp, &tmpaddr, sizeof(uint8_t[6])); -static int write_ether(TFILE *fp,MYLDAP_ENTRY *entry, - const char *reqname,const char *reqether) +static int write_ether(TFILE *fp, MYLDAP_ENTRY *entry, + const char *reqname, const char *reqether) { int32_t tmpint32; struct ether_addr tmpaddr; const char *tmparr[2]; - const char **names,**ethers; - int i,j; + const char **names, **ethers; + int i, j; /* get the name of the ether entry */ - names=myldap_get_values(entry,attmap_ether_cn); - if ((names==NULL)||(names[0]==NULL)) + names = myldap_get_values(entry, attmap_ether_cn); + if ((names == NULL) || (names[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_ether_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_ether_cn); return 0; } /* get the addresses */ - if (reqether!=NULL) + if (reqether != NULL) { - ethers=tmparr; - ethers[0]=reqether; - ethers[1]=NULL; + ethers = tmparr; + ethers[0] = reqether; + ethers[1] = NULL; } else { - ethers=myldap_get_values(entry,attmap_ether_macAddress); - if ((ethers==NULL)||(ethers[0]==NULL)) + ethers = myldap_get_values(entry, attmap_ether_macAddress); + if ((ethers == NULL) || (ethers[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_ether_macAddress); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_ether_macAddress); return 0; } /* TODO: move parsing of addresses up here */ } /* write entries for all names and addresses */ - for (i=0;names[i]!=NULL;i++) - if ((reqname==NULL)||(strcasecmp(reqname,names[i])==0)) - for (j=0;ethers[j]!=NULL;j++) + for (i = 0; names[i] != NULL; i++) + if ((reqname == NULL) || (strcasecmp(reqname, names[i]) == 0)) + for (j = 0; ethers[j] != NULL; j++) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,names[i]); - WRITE_ETHER(fp,ethers[j]); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, names[i]); + WRITE_ETHER(fp, ethers[j]); } return 0; } NSLCD_HANDLE( - ether,byname, + ether, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("ether=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("ether=\"%s\"", name);, NSLCD_ACTION_ETHER_BYNAME, - mkfilter_ether_byname(name,filter,sizeof(filter)), - write_ether(fp,entry,name,NULL) + mkfilter_ether_byname(name, filter, sizeof(filter)), + write_ether(fp, entry, name, NULL) ) NSLCD_HANDLE( - ether,byether, + ether, byether, struct ether_addr addr; char addrstr[20]; char filter[4096]; - READ(fp,&addr,sizeof(uint8_t[6])); - if (ether_ntoa_r(&addr,addrstr)==NULL) + READ(fp, &addr, sizeof(uint8_t[6])); + if (ether_ntoa_r(&addr, addrstr) == NULL) return -1; - log_setrequest("ether=%s",addrstr);, + log_setrequest("ether=%s", addrstr);, NSLCD_ACTION_ETHER_BYETHER, - mkfilter_ether_byether(addrstr,filter,sizeof(filter)), - write_ether(fp,entry,NULL,addrstr) + mkfilter_ether_byether(addrstr, filter, sizeof(filter)), + write_ether(fp, entry, NULL, addrstr) ) NSLCD_HANDLE( - ether,all, + ether, all, const char *filter; log_setrequest("ether(all)");, NSLCD_ACTION_ETHER_ALL, - (filter=ether_filter,0), - write_ether(fp,entry,NULL,NULL) + (filter = ether_filter, 0), + write_ether(fp, entry, NULL, NULL) ) diff --git a/nslcd/group.c b/nslcd/group.c index 1dfc5f8..735b354 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -61,58 +61,51 @@ int group_scope = LDAP_SCOPE_DEFAULT; const char *group_filter = "(objectClass=posixGroup)"; /* the attributes to request with searches */ -const char *attmap_group_cn = "cn"; -const char *attmap_group_userPassword = "\"*\""; -const char *attmap_group_gidNumber = "gidNumber"; -const char *attmap_group_memberUid = "memberUid"; -const char *attmap_group_member = "member"; +const char *attmap_group_cn = "cn"; +const char *attmap_group_userPassword = "\"*\""; +const char *attmap_group_gidNumber = "gidNumber"; +const char *attmap_group_memberUid = "memberUid"; +const char *attmap_group_member = "member"; /* special property for objectSid-based searches (these are already LDAP-escaped strings) */ -static char *gidSid=NULL; +static char *gidSid = NULL; /* default values for attributes */ -static const char *default_group_userPassword = "*"; /* unmatchable */ +static const char *default_group_userPassword = "*"; /* unmatchable */ /* the attribute list to request with searches */ -static const char **group_attrs=NULL; +static const char **group_attrs = NULL; /* create a search filter for searching a group entry by name, return -1 on errors */ static int mkfilter_group_byname(const char *name, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if(myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - group_filter, - attmap_group_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + group_filter, attmap_group_cn, safename); } /* create a search filter for searching a group entry by gid, return -1 on errors */ -static int mkfilter_group_bygid(gid_t gid, - char *buffer,size_t buflen) +static int mkfilter_group_bygid(gid_t gid, char *buffer, size_t buflen) { - if (gidSid!=NULL) + if (gidSid != NULL) { - return mysnprintf(buffer,buflen, - "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))", - group_filter, - attmap_group_gidNumber,gidSid, - (int)(gid&0xff),(int)((gid>>8)&0xff), - (int)((gid>>16)&0xff),(int)((gid>>24)&0xff)); + return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))", + group_filter, attmap_group_gidNumber, gidSid, + (int)(gid & 0xff), (int)((gid >> 8) & 0xff), + (int)((gid >> 16) & 0xff), (int)((gid >> 24) & 0xff)); } else { - return mysnprintf(buffer,buflen, - "(&%s(%s=%d))", - group_filter, - attmap_group_gidNumber,(int)gid); + return mysnprintf(buffer, buflen, "(&%s(%s=%d))", + group_filter, attmap_group_gidNumber, (int)gid); } } @@ -120,29 +113,26 @@ static int mkfilter_group_bygid(gid_t gid, by member uid, return -1 on errors */ static int mkfilter_group_bymember(MYLDAP_SESSION *session, const char *uid, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char dn[256]; char safeuid[300]; char safedn[300]; /* escape attribute */ - if(myldap_escape(uid,safeuid,sizeof(safeuid))) + if (myldap_escape(uid, safeuid, sizeof(safeuid))) return -1; /* try to translate uid to DN */ - if (uid2dn(session,uid,dn,sizeof(dn))==NULL) - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - group_filter, - attmap_group_memberUid,safeuid); + if (uid2dn(session, uid, dn, sizeof(dn)) == NULL) + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + group_filter, attmap_group_memberUid, safeuid); /* escape DN */ - if(myldap_escape(dn,safedn,sizeof(safedn))) + if (myldap_escape(dn, safedn, sizeof(safedn))) return -1; /* also lookup using user DN */ - return mysnprintf(buffer,buflen, - "(&%s(|(%s=%s)(%s=%s)))", + return mysnprintf(buffer, buflen, "(&%s(|(%s=%s)(%s=%s)))", group_filter, - attmap_group_memberUid,safeuid, - attmap_group_member,safedn); + attmap_group_memberUid, safeuid, + attmap_group_member, safedn); } void group_init(void) @@ -150,52 +140,53 @@ void group_init(void) int i; SET *set; /* set up search bases */ - if (group_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - group_bases[i]=nslcd_cfg->ldc_bases[i]; + if (group_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + group_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (group_scope==LDAP_SCOPE_DEFAULT) - group_scope=nslcd_cfg->ldc_scope; + if (group_scope == LDAP_SCOPE_DEFAULT) + group_scope = nslcd_cfg->ldc_scope; /* special case when gidNumber references objectSid */ - if (strncasecmp(attmap_group_gidNumber,"objectSid:",10)==0) + if (strncasecmp(attmap_group_gidNumber, "objectSid:", 10) == 0) { - gidSid=sid2search(attmap_group_gidNumber+10); - attmap_group_gidNumber=strndup(attmap_group_gidNumber,9); + gidSid = sid2search(attmap_group_gidNumber + 10); + attmap_group_gidNumber = strndup(attmap_group_gidNumber, 9); } /* set up attribute list */ - set=set_new(); - attmap_add_attributes(set,attmap_group_cn); - attmap_add_attributes(set,attmap_group_userPassword); - attmap_add_attributes(set,attmap_group_memberUid); - attmap_add_attributes(set,attmap_group_gidNumber); - attmap_add_attributes(set,attmap_group_member); - group_attrs=set_tolist(set); + set = set_new(); + attmap_add_attributes(set, attmap_group_cn); + attmap_add_attributes(set, attmap_group_userPassword); + attmap_add_attributes(set, attmap_group_memberUid); + attmap_add_attributes(set, attmap_group_gidNumber); + attmap_add_attributes(set, attmap_group_member); + group_attrs = set_tolist(set); set_free(set); } -static int do_write_group( - TFILE *fp,MYLDAP_ENTRY *entry,const char **names,gid_t gids[],int numgids, - const char *passwd,const char **members,const char *reqname) +static int do_write_group(TFILE *fp, MYLDAP_ENTRY *entry, + const char **names, gid_t gids[], int numgids, + const char *passwd, const char **members, + const char *reqname) { - int32_t tmpint32,tmp2int32,tmp3int32; - int i,j; + int32_t tmpint32, tmp2int32, tmp3int32; + int i, j; /* write entries for all names and gids */ - for (i=0;names[i]!=NULL;i++) + for (i = 0; names[i] != NULL; i++) { if (!isvalidname(names[i])) { - log_log(LOG_WARNING,"%s: %s: denied by validnames option", - myldap_get_dn(entry),attmap_group_cn); + log_log(LOG_WARNING, "%s: %s: denied by validnames option", + myldap_get_dn(entry), attmap_group_cn); } - else if ((reqname==NULL)||(STR_CMP(reqname,names[i])==0)) + else if ((reqname == NULL) || (STR_CMP(reqname, names[i]) == 0)) { - for (j=0;j<numgids;j++) + for (j = 0; j < numgids; j++) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,names[i]); - WRITE_STRING(fp,passwd); - WRITE_INT32(fp,gids[j]); - WRITE_STRINGLIST(fp,members); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, names[i]); + WRITE_STRING(fp, passwd); + WRITE_INT32(fp, gids[j]); + WRITE_STRINGLIST(fp, members); } } } @@ -203,35 +194,35 @@ static int do_write_group( } /* return the list of members */ -static const char **getmembers(MYLDAP_ENTRY *entry,MYLDAP_SESSION *session) +static const char **getmembers(MYLDAP_ENTRY *entry, MYLDAP_SESSION *session) { char buf[256]; int i; const char **values; SET *set; - set=set_new(); - if (set==NULL) + set = set_new(); + if (set == NULL) return NULL; /* add the memberUid values */ - values=myldap_get_values(entry,attmap_group_memberUid); - if (values!=NULL) - for (i=0;values[i]!=NULL;i++) + values = myldap_get_values(entry, attmap_group_memberUid); + if (values != NULL) + for (i = 0; values[i] != NULL; i++) { /* only add valid usernames */ if (isvalidname(values[i])) - set_add(set,values[i]); + set_add(set, values[i]); } /* add the member values */ - values=myldap_get_values(entry,attmap_group_member); - if (values!=NULL) - for (i=0;values[i]!=NULL;i++) + values = myldap_get_values(entry, attmap_group_member); + if (values != NULL) + for (i = 0; values[i] != NULL; i++) { /* transform the DN into a uid (dn2uid() already checks validity) */ - if (dn2uid(session,values[i],buf,sizeof(buf))!=NULL) - set_add(set,buf); + if (dn2uid(session, values[i], buf, sizeof(buf)) != NULL) + set_add(set, buf); } /* return the members */ - values=set_tolist(set); + values = set_tolist(set); set_free(set); return values; } @@ -239,11 +230,11 @@ static const char **getmembers(MYLDAP_ENTRY *entry,MYLDAP_SESSION *session) /* the maximum number of gidNumber attributes per entry */ #define MAXGIDS_PER_ENTRY 5 -static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname, - const gid_t *reqgid,int wantmembers, +static int write_group(TFILE *fp, MYLDAP_ENTRY *entry, const char *reqname, + const gid_t *reqgid, int wantmembers, MYLDAP_SESSION *session) { - const char **names,**gidvalues; + const char **names, **gidvalues; const char *passwd; const char **members; gid_t gids[MAXGIDS_PER_ENTRY]; @@ -252,126 +243,129 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname, char passbuffer[64]; int rc; /* get group name (cn) */ - names=myldap_get_values(entry,attmap_group_cn); - if ((names==NULL)||(names[0]==NULL)) + names = myldap_get_values(entry, attmap_group_cn); + if ((names == NULL) || (names[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_group_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_group_cn); return 0; } /* get the group id(s) */ - if (reqgid!=NULL) + if (reqgid != NULL) { - gids[0]=*reqgid; - numgids=1; + gids[0] = *reqgid; + numgids = 1; } else { - gidvalues=myldap_get_values_len(entry,attmap_group_gidNumber); - if ((gidvalues==NULL)||(gidvalues[0]==NULL)) + gidvalues = myldap_get_values_len(entry, attmap_group_gidNumber); + if ((gidvalues == NULL) || (gidvalues[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_group_gidNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_group_gidNumber); return 0; } - for (numgids=0;(numgids<MAXGIDS_PER_ENTRY)&&(gidvalues[numgids]!=NULL);numgids++) + for (numgids = 0; (numgids < MAXGIDS_PER_ENTRY) && (gidvalues[numgids] != NULL); numgids++) { - if (gidSid!=NULL) - gids[numgids]=(gid_t)binsid2id(gidvalues[numgids]); + if (gidSid != NULL) + gids[numgids] = (gid_t)binsid2id(gidvalues[numgids]); else { - errno=0; - gids[numgids]=strtogid(gidvalues[numgids],&tmp,10); - if ((*(gidvalues[numgids])=='\0')||(*tmp!='\0')) + errno = 0; + gids[numgids] = strtogid(gidvalues[numgids], &tmp, 10); + if ((*(gidvalues[numgids]) == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric", - myldap_get_dn(entry),attmap_group_gidNumber); + log_log(LOG_WARNING, "%s: %s: non-numeric", + myldap_get_dn(entry), attmap_group_gidNumber); return 0; } - else if ((errno!=0)||(strchr(gidvalues[numgids],'-')!=NULL)) + else if ((errno != 0) || (strchr(gidvalues[numgids], '-') != NULL)) { - log_log(LOG_WARNING,"%s: %s: out of range", - myldap_get_dn(entry),attmap_group_gidNumber); + log_log(LOG_WARNING, "%s: %s: out of range", + myldap_get_dn(entry), attmap_group_gidNumber); return 0; } } } } /* get group passwd (userPassword) (use only first entry) */ - passwd=get_userpassword(entry,attmap_group_userPassword,passbuffer,sizeof(passbuffer)); - if (passwd==NULL) - passwd=default_group_userPassword; + passwd = get_userpassword(entry, attmap_group_userPassword, + passbuffer, sizeof(passbuffer)); + if (passwd == NULL) + passwd = default_group_userPassword; /* get group memebers (memberUid&member) */ if (wantmembers) - members=getmembers(entry,session); + members = getmembers(entry, session); else - members=NULL; + members = NULL; /* write entries (split to a separate function so we can ensure the call to free() below in case a write fails) */ - rc=do_write_group(fp,entry,names,gids,numgids,passwd,members,reqname); + rc = do_write_group(fp, entry, names, gids, numgids, passwd, members, + reqname); /* free and return */ - if (members!=NULL) + if (members != NULL) free(members); return rc; } NSLCD_HANDLE( - group,byname, + group, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("group=\"%s\"",name); - if (!isvalidname(name)) { - log_log(LOG_WARNING,"request denied by validnames option"); + READ_STRING(fp, name); + log_setrequest("group=\"%s\"", name); + if (!isvalidname(name)) + { + log_log(LOG_WARNING, "request denied by validnames option"); return -1; }, NSLCD_ACTION_GROUP_BYNAME, - mkfilter_group_byname(name,filter,sizeof(filter)), - write_group(fp,entry,name,NULL,1,session) + mkfilter_group_byname(name, filter, sizeof(filter)), + write_group(fp, entry, name, NULL, 1, session) ) NSLCD_HANDLE( - group,bygid, + group, bygid, gid_t gid; char filter[4096]; - READ_INT32(fp,gid); - log_setrequest("group=%lu",(unsigned long int)gid);, + READ_INT32(fp, gid); + log_setrequest("group=%lu", (unsigned long int)gid);, NSLCD_ACTION_GROUP_BYGID, - mkfilter_group_bygid(gid,filter,sizeof(filter)), - write_group(fp,entry,NULL,&gid,1,session) + mkfilter_group_bygid(gid, filter, sizeof(filter)), + write_group(fp, entry, NULL, &gid, 1, session) ) NSLCD_HANDLE( - group,bymember, + group, bymember, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("group/member=\"%s\"",name); + READ_STRING(fp, name); + log_setrequest("group/member=\"%s\"", name); if (!isvalidname(name)) { - log_log(LOG_WARNING,"request denied by validnames option"); + log_log(LOG_WARNING, "request denied by validnames option"); return -1; } - if ((nslcd_cfg->ldc_nss_initgroups_ignoreusers!=NULL)&& - set_contains(nslcd_cfg->ldc_nss_initgroups_ignoreusers,name)) + if ((nslcd_cfg->ldc_nss_initgroups_ignoreusers != NULL) && + set_contains(nslcd_cfg->ldc_nss_initgroups_ignoreusers, name)) { - log_log(LOG_DEBUG,"ignored group member"); + log_log(LOG_DEBUG, "ignored group member"); /* just end the request, returning no results */ - WRITE_INT32(fp,NSLCD_VERSION); - WRITE_INT32(fp,NSLCD_ACTION_GROUP_BYMEMBER); - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_VERSION); + WRITE_INT32(fp, NSLCD_ACTION_GROUP_BYMEMBER); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; }, NSLCD_ACTION_GROUP_BYMEMBER, - mkfilter_group_bymember(session,name,filter,sizeof(filter)), - write_group(fp,entry,NULL,NULL,0,session) + mkfilter_group_bymember(session, name, filter, sizeof(filter)), + write_group(fp, entry, NULL, NULL, 0, session) ) NSLCD_HANDLE( - group,all, + group, all, const char *filter; log_setrequest("group(all)");, NSLCD_ACTION_GROUP_ALL, - (filter=group_filter,0), - write_group(fp,entry,NULL,NULL,1,session) + (filter = group_filter, 0), + write_group(fp, entry, NULL, NULL, 1, session) ) diff --git a/nslcd/host.c b/nslcd/host.c index bc896c5..85a54b6 100644 --- a/nslcd/host.c +++ b/nslcd/host.c @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong + Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -56,137 +56,133 @@ int host_scope = LDAP_SCOPE_DEFAULT; const char *host_filter = "(objectClass=ipHost)"; /* the attributes to request with searches */ -const char *attmap_host_cn = "cn"; -const char *attmap_host_ipHostNumber = "ipHostNumber"; +const char *attmap_host_cn = "cn"; +const char *attmap_host_ipHostNumber = "ipHostNumber"; /* the attribute list to request with searches */ static const char *host_attrs[3]; /* create a search filter for searching a host entry by name, return -1 on errors */ -static int mkfilter_host_byname(const char *name, - char *buffer,size_t buflen) +static int mkfilter_host_byname(const char *name, char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if (myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - host_filter, - attmap_host_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + host_filter, attmap_host_cn, safename); } static int mkfilter_host_byaddr(const char *addrstr, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safeaddr[64]; /* escape attribute */ - if (myldap_escape(addrstr,safeaddr,sizeof(safeaddr))) + if (myldap_escape(addrstr, safeaddr, sizeof(safeaddr))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - host_filter, - attmap_host_ipHostNumber,safeaddr); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + host_filter, attmap_host_ipHostNumber, safeaddr); } void host_init(void) { int i; /* set up search bases */ - if (host_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - host_bases[i]=nslcd_cfg->ldc_bases[i]; + if (host_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + host_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (host_scope==LDAP_SCOPE_DEFAULT) - host_scope=nslcd_cfg->ldc_scope; + if (host_scope == LDAP_SCOPE_DEFAULT) + host_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - host_attrs[0]=attmap_host_cn; - host_attrs[1]=attmap_host_ipHostNumber; - host_attrs[2]=NULL; + host_attrs[0] = attmap_host_cn; + host_attrs[1] = attmap_host_ipHostNumber; + host_attrs[2] = NULL; } /* write a single host entry to the stream */ -static int write_host(TFILE *fp,MYLDAP_ENTRY *entry) +static int write_host(TFILE *fp, MYLDAP_ENTRY *entry) { - int32_t tmpint32,tmp2int32,tmp3int32; - int numaddr,i; + int32_t tmpint32, tmp2int32, tmp3int32; + int numaddr, i; const char *hostname; const char **hostnames; const char **addresses; /* get the most canonical name */ - hostname=myldap_get_rdn_value(entry,attmap_host_cn); + hostname = myldap_get_rdn_value(entry, attmap_host_cn); /* get the other names for the host */ - hostnames=myldap_get_values(entry,attmap_host_cn); - if ((hostnames==NULL)||(hostnames[0]==NULL)) + hostnames = myldap_get_values(entry, attmap_host_cn); + if ((hostnames == NULL) || (hostnames[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_host_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_host_cn); return 0; } /* if the hostname is not yet found, get the first entry from hostnames */ - if (hostname==NULL) - hostname=hostnames[0]; + if (hostname == NULL) + hostname = hostnames[0]; /* get the addresses */ - addresses=myldap_get_values(entry,attmap_host_ipHostNumber); - if ((addresses==NULL)||(addresses[0]==NULL)) + addresses = myldap_get_values(entry, attmap_host_ipHostNumber); + if ((addresses == NULL) || (addresses[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_host_ipHostNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_host_ipHostNumber); return 0; } /* write the entry */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,hostname); - WRITE_STRINGLIST_EXCEPT(fp,hostnames,hostname); - for (numaddr=0;addresses[numaddr]!=NULL;numaddr++) - /*noting*/ ; - WRITE_INT32(fp,numaddr); - for (i=0;i<numaddr;i++) + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, hostname); + WRITE_STRINGLIST_EXCEPT(fp, hostnames, hostname); + for (numaddr = 0; addresses[numaddr] != NULL; numaddr++) + /* noting */ ; + WRITE_INT32(fp, numaddr); + for (i = 0; i < numaddr; i++) { - WRITE_ADDRESS(fp,entry,attmap_host_ipHostNumber,addresses[i]); + WRITE_ADDRESS(fp, entry, attmap_host_ipHostNumber, addresses[i]); } return 0; } NSLCD_HANDLE( - host,byname, + host, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("host=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("host=\"%s\"", name);, NSLCD_ACTION_HOST_BYNAME, - mkfilter_host_byname(name,filter,sizeof(filter)), - write_host(fp,entry) + mkfilter_host_byname(name, filter, sizeof(filter)), + write_host(fp, entry) ) NSLCD_HANDLE( - host,byaddr, + host, byaddr, int af; char addr[64]; - int len=sizeof(addr); + int len = sizeof(addr); char addrstr[64]; char filter[4096]; - READ_ADDRESS(fp,addr,len,af); + READ_ADDRESS(fp, addr, len, af); /* translate the address to a string */ - if (inet_ntop(af,addr,addrstr,sizeof(addrstr))==NULL) + if (inet_ntop(af, addr, addrstr, sizeof(addrstr)) == NULL) { - log_log(LOG_WARNING,"unable to convert address to string"); + log_log(LOG_WARNING, "unable to convert address to string"); return -1; } - log_setrequest("host=%s",addrstr);, + log_setrequest("host=%s", addrstr);, NSLCD_ACTION_HOST_BYADDR, - mkfilter_host_byaddr(addrstr,filter,sizeof(filter)), - write_host(fp,entry) + mkfilter_host_byaddr(addrstr, filter, sizeof(filter)), + write_host(fp, entry) ) + NSLCD_HANDLE( - host,all, + host, all, const char *filter; log_setrequest("host(all)");, NSLCD_ACTION_HOST_ALL, - (filter=host_filter,0), - write_host(fp,entry) + (filter = host_filter, 0), + write_host(fp, entry) ) diff --git a/nslcd/log.c b/nslcd/log.c index 27402f7..3e70462 100644 --- a/nslcd/log.c +++ b/nslcd/log.c @@ -1,7 +1,7 @@ /* log.c - logging funtions - Copyright (C) 2002, 2003, 2008, 2010, 2011 Arthur de Jong + Copyright (C) 2002, 2003, 2008, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -38,30 +38,30 @@ #define PACKAGE "nslcd" /* default loglevel when no logging is configured */ -static int prelogging_loglevel=LOG_INFO; +static int prelogging_loglevel = LOG_INFO; /* loglevel to use before logging to syslog */ -static int loglevel=LOG_INFO; +static int loglevel = LOG_INFO; /* the session id that is set for this thread */ -static __thread char *sessionid=NULL; +static __thread char *sessionid = NULL; /* the request identifier that is set for this thread */ -static __thread char *requestid=NULL; +static __thread char *requestid = NULL; #define MAX_REQUESTID_LENGTH 40 /* set loglevel when no logging is configured */ void log_setdefaultloglevel(int pri) { - prelogging_loglevel=pri; + prelogging_loglevel = pri; } /* start the logging with the configured logging methods if no method is configured yet, logging is done to syslog */ void log_startlogging(void) { - openlog(PACKAGE,LOG_PID,LOG_DAEMON); - prelogging_loglevel=-1; + openlog(PACKAGE, LOG_PID, LOG_DAEMON); + prelogging_loglevel = -1; } /* indicate that we should clear any session identifiers set by @@ -69,11 +69,11 @@ void log_startlogging(void) void log_clearsession(void) { /* set the session id to empty */ - if (sessionid!=NULL) - sessionid[0]='\0'; + if (sessionid != NULL) + sessionid[0] = '\0'; /* set the request id to empty */ - if (requestid!=NULL) - requestid[0]='\0'; + if (requestid != NULL) + requestid[0] = '\0'; } /* indicate that a session id should be included in the output @@ -81,19 +81,19 @@ void log_clearsession(void) void log_newsession(void) { /* ensure that sessionid can hold a string */ - if (sessionid==NULL) + if (sessionid == NULL) { - sessionid=(char *)malloc(7); - if (sessionid==NULL) + sessionid = (char *)malloc(7); + if (sessionid == NULL) { - fprintf(stderr,"malloc() failed: %s",strerror(errno)); + fprintf(stderr, "malloc() failed: %s", strerror(errno)); return; /* silently fail */ } } - sprintf(sessionid,"%06x",(int)(rand()&0xffffff)); + sprintf(sessionid, "%06x", (int)(rand() & 0xffffff)); /* set the request id to empty */ - if (requestid!=NULL) - requestid[0]='\0'; + if (requestid != NULL) + requestid[0] = '\0'; } /* indicate that a request identifier should be included in the output @@ -102,64 +102,67 @@ void log_setrequest(const char *format, ...) { va_list ap; /* ensure that requestid can hold a string */ - if (requestid==NULL) + if (requestid == NULL) { - requestid=(char *)malloc(MAX_REQUESTID_LENGTH); - if (requestid==NULL) + requestid = (char *)malloc(MAX_REQUESTID_LENGTH); + if (requestid == NULL) { - fprintf(stderr,"malloc() failed: %s",strerror(errno)); + fprintf(stderr, "malloc() failed: %s", strerror(errno)); return; /* silently fail */ } } /* make the message */ - va_start(ap,format); - vsnprintf(requestid,MAX_REQUESTID_LENGTH,format,ap); - requestid[MAX_REQUESTID_LENGTH-1]='\0'; + va_start(ap, format); + vsnprintf(requestid, MAX_REQUESTID_LENGTH, format, ap); + requestid[MAX_REQUESTID_LENGTH - 1] = '\0'; va_end(ap); } /* log the given message using the configured logging method */ -void log_log(int pri,const char *format, ...) +void log_log(int pri, const char *format, ...) { int res; char buffer[200]; va_list ap; /* make the message */ - va_start(ap,format); - res=vsnprintf(buffer,sizeof(buffer),format,ap); - if ((res<0)||(res>=(int)sizeof(buffer))) + va_start(ap, format); + res = vsnprintf(buffer, sizeof(buffer), format, ap); + if ((res < 0) || (res >= (int)sizeof(buffer))) { /* truncate with "..." */ - buffer[sizeof(buffer)-2]='.'; - buffer[sizeof(buffer)-3]='.'; - buffer[sizeof(buffer)-4]='.'; + buffer[sizeof(buffer) - 2] = '.'; + buffer[sizeof(buffer) - 3] = '.'; + buffer[sizeof(buffer) - 4] = '.'; } - buffer[sizeof(buffer)-1]='\0'; + buffer[sizeof(buffer) - 1] = '\0'; va_end(ap); /* do the logging */ - if (prelogging_loglevel>=0) + if (prelogging_loglevel >= 0) { /* if logging is not yet defined, log to stderr */ - if (pri<=prelogging_loglevel) + if (pri <= prelogging_loglevel) { - if ((requestid!=NULL)&&(requestid[0]!='\0')) - fprintf(stderr,"%s: [%s] <%s> %s%s\n",PACKAGE,sessionid,requestid,pri==LOG_DEBUG?"DEBUG: ":"",buffer); - else if ((sessionid!=NULL)&&(sessionid[0]!='\0')) - fprintf(stderr,"%s: [%s] %s%s\n",PACKAGE,sessionid,pri==LOG_DEBUG?"DEBUG: ":"",buffer); + if ((requestid != NULL) && (requestid[0] != '\0')) + fprintf(stderr, "%s: [%s] <%s> %s%s\n", PACKAGE, sessionid, requestid, + pri == LOG_DEBUG ? "DEBUG: " : "", buffer); + else if ((sessionid != NULL) && (sessionid[0] != '\0')) + fprintf(stderr, "%s: [%s] %s%s\n", PACKAGE, sessionid, + pri == LOG_DEBUG ? "DEBUG: " : "", buffer); else - fprintf(stderr,"%s: %s%s\n",PACKAGE,pri==LOG_DEBUG?"DEBUG: ":"",buffer); + fprintf(stderr, "%s: %s%s\n", PACKAGE, + pri == LOG_DEBUG ? "DEBUG: " : "", buffer); } } else { - if (pri<=loglevel) + if (pri <= loglevel) { - if ((requestid!=NULL)&&(requestid[0]!='\0')) - syslog(pri,"[%s] <%s> %s",sessionid,requestid,buffer); - else if ((sessionid!=NULL)&&(sessionid[0]!='\0')) - syslog(pri,"[%s] %s",sessionid,buffer); + if ((requestid != NULL) && (requestid[0] != '\0')) + syslog(pri, "[%s] <%s> %s", sessionid, requestid, buffer); + else if ((sessionid != NULL) && (sessionid[0] != '\0')) + syslog(pri, "[%s] %s", sessionid, buffer); else - syslog(pri,"%s",buffer); + syslog(pri, "%s", buffer); } } } diff --git a/nslcd/log.h b/nslcd/log.h index 27003a6..c88613b 100644 --- a/nslcd/log.h +++ b/nslcd/log.h @@ -1,7 +1,7 @@ /* log.h - definitions of logging funtions - Copyright (C) 2002, 2003, 2007, 2008, 2010, 2011 Arthur de Jong + Copyright (C) 2002, 2003, 2007, 2008, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -44,10 +44,10 @@ void log_clearsession(void); /* indicate that a request identifier should be included in the output from this point on, until log_newsession() is called */ void log_setrequest(const char *format, ...) - LIKE_PRINTF(1,2); + LIKE_PRINTF(1, 2); /* log the given message using the configured logging method */ -void log_log(int pri,const char *format, ...) - LIKE_PRINTF(2,3); +void log_log(int pri, const char *format, ...) + LIKE_PRINTF(2, 3); #endif /* not NSLCD__LOG_H */ diff --git a/nslcd/myldap.c b/nslcd/myldap.c index 3cc9da5..8c90bf6 100644 --- a/nslcd/myldap.c +++ b/nslcd/myldap.c @@ -81,8 +81,7 @@ /* This refers to a current LDAP session that contains the connection information. */ -struct ldap_session -{ +struct ldap_session { /* the connection */ LDAP *ld; /* the username to bind with */ @@ -98,8 +97,7 @@ struct ldap_session }; /* A search description set as returned by myldap_search(). */ -struct myldap_search -{ +struct myldap_search { /* reference to the session */ MYLDAP_SESSION *session; /* indicator that the search is still valid */ @@ -134,8 +132,7 @@ struct myldap_search /* A single entry from the LDAP database as returned by myldap_get_entry(). */ -struct myldap_entry -{ +struct myldap_entry { /* reference to the search to be used to get parameters (e.g. LDAP connection) for other calls */ MYLDAP_SEARCH *search; @@ -149,37 +146,37 @@ struct myldap_entry char **rangedattributevalues[MAX_RANGED_ATTRIBUTES_PER_ENTRY]; }; -static void myldap_err(int pri,LDAP *ld,int rc,const char *format, ...) +static void myldap_err(int pri, LDAP *ld, int rc, const char *format, ...) { char message[200]; - char *msg_ldap=NULL; - char *msg_diag=NULL; - char *msg_errno=NULL; + char *msg_ldap = NULL; + char *msg_diag = NULL; + char *msg_errno = NULL; va_list ap; /* make the message */ - va_start(ap,format); - vsnprintf(message,sizeof(message),format,ap); - message[sizeof(message)-1]='\0'; + va_start(ap, format); + vsnprintf(message, sizeof(message), format, ap); + message[sizeof(message) - 1] = '\0'; va_end(ap); /* get the various error message */ - if (rc!=LDAP_SUCCESS) + if (rc != LDAP_SUCCESS) { - msg_ldap=ldap_err2string(rc); + msg_ldap = ldap_err2string(rc); /* get the diagnostic information */ #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE - if (ld!=NULL) - ldap_get_option(ld,LDAP_OPT_DIAGNOSTIC_MESSAGE,&msg_diag); + if (ld != NULL) + ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &msg_diag); #endif /* LDAP_OPT_DIAGNOSTIC_MESSAGE */ } - if (errno!=0) - msg_errno=strerror(errno); + if (errno != 0) + msg_errno = strerror(errno); /* log the message */ - log_log(pri,"%s%s%s%s%s%s%s",message, - (msg_ldap==NULL)?"":": ",(msg_ldap==NULL)?"":msg_ldap, - (msg_diag==NULL)?"":": ",(msg_diag==NULL)?"":msg_diag, - (msg_errno==NULL)?"":": ",(msg_errno==NULL)?"":msg_errno); + log_log(pri, "%s%s%s%s%s%s%s", message, + (msg_ldap == NULL) ? "" : ": ", (msg_ldap == NULL) ? "" : msg_ldap, + (msg_diag == NULL) ? "" : ": ", (msg_diag == NULL) ? "" : msg_diag, + (msg_errno == NULL) ? "" : ": ", (msg_errno == NULL) ? "" : msg_errno); /* free diagnostic message */ - if (msg_diag!=NULL) + if (msg_diag != NULL) ldap_memfree(msg_diag); } @@ -190,20 +187,20 @@ static MYLDAP_ENTRY *myldap_entry_new(MYLDAP_SEARCH *search) /* Note: as an alternative we could embed the myldap_entry into the myldap_search struct to save on malloc() and free() calls. */ /* allocate new entry */ - entry=(MYLDAP_ENTRY *)malloc(sizeof(struct myldap_entry)); - if (entry==NULL) + entry = (MYLDAP_ENTRY *)malloc(sizeof(struct myldap_entry)); + if (entry == NULL) { - log_log(LOG_CRIT,"myldap_entry_new(): malloc() failed to allocate memory"); + log_log(LOG_CRIT, "myldap_entry_new(): malloc() failed to allocate memory"); exit(EXIT_FAILURE); } /* fill in fields */ - entry->search=search; - entry->dn=NULL; - entry->exploded_rdn=NULL; - for (i=0;i<MAX_ATTRIBUTES_PER_ENTRY;i++) - entry->attributevalues[i]=NULL; - for (i=0;i<MAX_RANGED_ATTRIBUTES_PER_ENTRY;i++) - entry->rangedattributevalues[i]=NULL; + entry->search = search; + entry->dn = NULL; + entry->exploded_rdn = NULL; + for (i = 0; i < MAX_ATTRIBUTES_PER_ENTRY; i++) + entry->attributevalues[i] = NULL; + for (i = 0; i < MAX_RANGED_ATTRIBUTES_PER_ENTRY; i++) + entry->rangedattributevalues[i] = NULL; /* return the fresh entry */ return entry; } @@ -212,29 +209,30 @@ static void myldap_entry_free(MYLDAP_ENTRY *entry) { int i; /* free the DN */ - if (entry->dn!=NULL) + if (entry->dn != NULL) ldap_memfree((char *)entry->dn); /* free the exploded RDN */ - if (entry->exploded_rdn!=NULL) + if (entry->exploded_rdn != NULL) ldap_value_free(entry->exploded_rdn); /* free all attribute values */ - for (i=0;i<MAX_ATTRIBUTES_PER_ENTRY;i++) - if (entry->attributevalues[i]!=NULL) + for (i = 0; i < MAX_ATTRIBUTES_PER_ENTRY; i++) + if (entry->attributevalues[i] != NULL) ldap_value_free(entry->attributevalues[i]); /* free all ranged attribute values */ - for (i=0;i<MAX_RANGED_ATTRIBUTES_PER_ENTRY;i++) - if (entry->rangedattributevalues[i]!=NULL) + for (i = 0; i < MAX_RANGED_ATTRIBUTES_PER_ENTRY; i++) + if (entry->rangedattributevalues[i] != NULL) free(entry->rangedattributevalues[i]); /* we don't need the result anymore, ditch it. */ ldap_msgfree(entry->search->msg); - entry->search->msg=NULL; + entry->search->msg = NULL; /* free the actual memory for the struct */ free(entry); } -static MYLDAP_SEARCH *myldap_search_new( - MYLDAP_SESSION *session, - const char *base,int scope,const char *filter,const char **attrs) +static MYLDAP_SEARCH *myldap_search_new(MYLDAP_SESSION *session, + const char *base, int scope, + const char *filter, + const char **attrs) { char *buffer; MYLDAP_SEARCH *search; @@ -242,54 +240,54 @@ static MYLDAP_SEARCH *myldap_search_new( size_t sz; /* figure out size for new memory block to allocate this has the advantage that we can free the whole lot with one call */ - sz=sizeof(struct myldap_search); - sz+=strlen(base)+1+strlen(filter)+1; - for (i=0;attrs[i]!=NULL;i++) - sz+=strlen(attrs[i])+1; - sz+=(i+1)*sizeof(char *); + sz = sizeof(struct myldap_search); + sz += strlen(base) + 1 + strlen(filter) + 1; + for (i = 0; attrs[i] != NULL; i++) + sz += strlen(attrs[i]) + 1; + sz += (i + 1) * sizeof(char *); /* allocate new results memory region */ - buffer=(char *)malloc(sz); - if (buffer==NULL) + buffer = (char *)malloc(sz); + if (buffer == NULL) { - log_log(LOG_CRIT,"myldap_search_new(): malloc() failed to allocate memory"); + log_log(LOG_CRIT, "myldap_search_new(): malloc() failed to allocate memory"); exit(EXIT_FAILURE); } /* initialize struct */ - search=(MYLDAP_SEARCH *)(void *)(buffer); - buffer+=sizeof(struct myldap_search); + search = (MYLDAP_SEARCH *)(void *)(buffer); + buffer += sizeof(struct myldap_search); /* save pointer to session */ - search->session=session; + search->session = session; /* flag as valid search */ - search->valid=1; + search->valid = 1; /* initialize array of attributes */ - search->attrs=(char **)(void *)buffer; - buffer+=(i+1)*sizeof(char *); + search->attrs = (char **)(void *)buffer; + buffer += (i + 1) * sizeof(char *); /* copy base */ - strcpy(buffer,base); - search->base=buffer; - buffer+=strlen(base)+1; + strcpy(buffer, base); + search->base = buffer; + buffer += strlen(base) + 1; /* just plainly store scope */ - search->scope=scope; + search->scope = scope; /* copy filter */ - strcpy(buffer,filter); - search->filter=buffer; - buffer+=strlen(filter)+1; + strcpy(buffer, filter); + search->filter = buffer; + buffer += strlen(filter) + 1; /* copy attributes themselves */ - for (i=0;attrs[i]!=NULL;i++) + for (i = 0; attrs[i] != NULL; i++) { - strcpy(buffer,attrs[i]); - search->attrs[i]=buffer; - buffer+=strlen(attrs[i])+1; + strcpy(buffer, attrs[i]); + search->attrs[i] = buffer; + buffer += strlen(attrs[i]) + 1; } - search->attrs[i]=NULL; + search->attrs[i] = NULL; /* initialize context */ - search->cookie=NULL; - search->msg=NULL; - search->msgid=-1; - search->may_retry_search=1; + search->cookie = NULL; + search->msg = NULL; + search->msgid = -1; + search->may_retry_search = 1; /* clear result entry */ - search->entry=NULL; - search->count=0; + search->entry = NULL; + search->count = 0; /* return the new search struct */ return search; } @@ -299,94 +297,99 @@ static MYLDAP_SESSION *myldap_session_new(void) MYLDAP_SESSION *session; int i; /* allocate memory for the session storage */ - session=(struct ldap_session *)malloc(sizeof(struct ldap_session)); - if (session==NULL) + session = (struct ldap_session *)malloc(sizeof(struct ldap_session)); + if (session == NULL) { - log_log(LOG_CRIT,"myldap_session_new(): malloc() failed to allocate memory"); + log_log(LOG_CRIT, "myldap_session_new(): malloc() failed to allocate memory"); exit(EXIT_FAILURE); } /* initialize the session */ - session->ld=NULL; - session->binddn[0]='\0'; - session->bindpw[0]='\0'; - session->lastactivity=0; - session->current_uri=0; - for (i=0;i<MAX_SEARCHES_IN_SESSION;i++) - session->searches[i]=NULL; + session->ld = NULL; + session->binddn[0] = '\0'; + session->bindpw[0] = '\0'; + session->lastactivity = 0; + session->current_uri = 0; + for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++) + session->searches[i] = NULL; /* return the new session */ return session; } PURE static inline int is_valid_session(MYLDAP_SESSION *session) { - return (session!=NULL); + return (session != NULL); } PURE static inline int is_open_session(MYLDAP_SESSION *session) { - return is_valid_session(session)&&(session->ld!=NULL); + return is_valid_session(session) && (session->ld != NULL); } /* note that this does not check the valid flag of the search */ PURE static inline int is_valid_search(MYLDAP_SEARCH *search) { - return (search!=NULL)&&is_open_session(search->session); + return (search != NULL) && is_open_session(search->session); } PURE static inline int is_valid_entry(MYLDAP_ENTRY *entry) { - return (entry!=NULL)&&is_valid_search(entry->search)&&(entry->search->msg!=NULL); + return (entry != NULL) && is_valid_search(entry->search) && + (entry->search->msg != NULL); } #ifdef HAVE_SASL_INTERACT_T /* this is registered with ldap_sasl_interactive_bind_s() in do_bind() */ -static int do_sasl_interact(LDAP UNUSED(*ld),unsigned UNUSED(flags),void *defaults,void *_interact) +static int do_sasl_interact(LDAP UNUSED(*ld), unsigned UNUSED(flags), + void *defaults, void *_interact) { - struct ldap_config *cfg=defaults; - sasl_interact_t *interact=_interact; - while (interact->id!=SASL_CB_LIST_END) + struct ldap_config *cfg = defaults; + sasl_interact_t *interact = _interact; + while (interact->id != SASL_CB_LIST_END) { - switch(interact->id) + switch (interact->id) { case SASL_CB_GETREALM: if (cfg->ldc_sasl_realm) { - log_log(LOG_DEBUG,"do_sasl_interact(): returning sasl_realm \"%s\"",cfg->ldc_sasl_realm); - interact->result=cfg->ldc_sasl_realm; - interact->len=strlen(cfg->ldc_sasl_realm); + log_log(LOG_DEBUG, "do_sasl_interact(): returning sasl_realm \"%s\"", + cfg->ldc_sasl_realm); + interact->result = cfg->ldc_sasl_realm; + interact->len = strlen(cfg->ldc_sasl_realm); } else - log_log(LOG_DEBUG,"do_sasl_interact(): were asked for sasl_realm but we don't have any"); + log_log(LOG_DEBUG, "do_sasl_interact(): were asked for sasl_realm but we don't have any"); break; case SASL_CB_AUTHNAME: if (cfg->ldc_sasl_authcid) { - log_log(LOG_DEBUG,"do_sasl_interact(): returning sasl_authcid \"%s\"",cfg->ldc_sasl_authcid); - interact->result=cfg->ldc_sasl_authcid; - interact->len=strlen(cfg->ldc_sasl_authcid); + log_log(LOG_DEBUG, "do_sasl_interact(): returning sasl_authcid \"%s\"", + cfg->ldc_sasl_authcid); + interact->result = cfg->ldc_sasl_authcid; + interact->len = strlen(cfg->ldc_sasl_authcid); } else - log_log(LOG_DEBUG,"do_sasl_interact(): were asked for sasl_authcid but we don't have any"); + log_log(LOG_DEBUG, "do_sasl_interact(): were asked for sasl_authcid but we don't have any"); break; case SASL_CB_USER: if (cfg->ldc_sasl_authzid) { - log_log(LOG_DEBUG,"do_sasl_interact(): returning sasl_authzid \"%s\"",cfg->ldc_sasl_authzid); - interact->result=cfg->ldc_sasl_authzid; - interact->len=strlen(cfg->ldc_sasl_authzid); + log_log(LOG_DEBUG, "do_sasl_interact(): returning sasl_authzid \"%s\"", + cfg->ldc_sasl_authzid); + interact->result = cfg->ldc_sasl_authzid; + interact->len = strlen(cfg->ldc_sasl_authzid); } else - log_log(LOG_DEBUG,"do_sasl_interact(): were asked for sasl_authzid but we don't have any"); + log_log(LOG_DEBUG, "do_sasl_interact(): were asked for sasl_authzid but we don't have any"); break; case SASL_CB_PASS: if (cfg->ldc_bindpw) { - log_log(LOG_DEBUG,"do_sasl_interact(): returning bindpw \"***\""); - interact->result=cfg->ldc_bindpw; - interact->len=strlen(cfg->ldc_bindpw); + log_log(LOG_DEBUG, "do_sasl_interact(): returning bindpw \"***\""); + interact->result = cfg->ldc_bindpw; + interact->len = strlen(cfg->ldc_bindpw); } else - log_log(LOG_DEBUG,"do_sasl_interact(): were asked for bindpw but we don't have any"); + log_log(LOG_DEBUG, "do_sasl_interact(): were asked for bindpw but we don't have any"); break; default: /* just ignore */ @@ -398,19 +401,20 @@ static int do_sasl_interact(LDAP UNUSED(*ld),unsigned UNUSED(flags),void *defaul } #endif /* HAVE_SASL_INTERACT_T */ -#define LDAP_SET_OPTION(ld,option,invalue) \ - rc=ldap_set_option(ld,option,invalue); \ - if (rc!=LDAP_SUCCESS) \ - { \ - myldap_err(LOG_ERR,ld,rc,"ldap_set_option(" #option ") failed"); \ - return rc; \ +#define LDAP_SET_OPTION(ld, option, invalue) \ + rc = ldap_set_option(ld, option, invalue); \ + if (rc != LDAP_SUCCESS) \ + { \ + myldap_err(LOG_ERR, ld, rc, "ldap_set_option(" #option ") failed"); \ + return rc; \ } /* This function performs the authentication phase of opening a connection. The binddn and bindpw parameters may be used to override the authentication mechanism defined in the configuration. This returns an LDAP result code. */ -static int do_bind(LDAP *ld,const char *binddn,const char *bindpw,const char *uri) +static int do_bind(LDAP *ld, const char *binddn, const char *bindpw, + const char *uri) { int rc; #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S @@ -420,114 +424,119 @@ static int do_bind(LDAP *ld,const char *binddn,const char *bindpw,const char *ur #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ #ifdef LDAP_OPT_X_TLS /* check if StartTLS is requested */ - if (nslcd_cfg->ldc_ssl_on==SSL_START_TLS) + if (nslcd_cfg->ldc_ssl_on == SSL_START_TLS) { - log_log(LOG_DEBUG,"ldap_start_tls_s()"); - errno=0; - rc=ldap_start_tls_s(ld,NULL,NULL); - if (rc!=LDAP_SUCCESS) + log_log(LOG_DEBUG, "ldap_start_tls_s()"); + errno = 0; + rc = ldap_start_tls_s(ld, NULL, NULL); + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_WARNING,ld,rc,"ldap_start_tls_s() failed (uri=%s)",uri); + myldap_err(LOG_WARNING, ld, rc, "ldap_start_tls_s() failed (uri=%s)", + uri); return rc; } } #endif /* LDAP_OPT_X_TLS */ /* check if the binddn and bindpw are overwritten in the session */ - if ((binddn!=NULL)&&(binddn[0]!='\0')) + if ((binddn != NULL) && (binddn[0] != '\0')) { /* do a simple bind */ - log_log(LOG_DEBUG,"ldap_simple_bind_s(\"%s\",%s) (uri=\"%s\")",binddn, - ((bindpw!=NULL)&&(bindpw[0]!='\0'))?"\"***\"":"\"\"",uri); - return ldap_simple_bind_s(ld,binddn,bindpw); + log_log(LOG_DEBUG, "ldap_simple_bind_s(\"%s\",%s) (uri=\"%s\")", + binddn, ((bindpw != NULL) && (bindpw[0] != '\0')) ? "\"***\"" : "\"\"", uri); + return ldap_simple_bind_s(ld, binddn, bindpw); } /* perform SASL bind if requested and available on platform */ #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S /* TODO: store this information in the session */ - if (nslcd_cfg->ldc_sasl_mech!=NULL) + if (nslcd_cfg->ldc_sasl_mech != NULL) { /* do a SASL bind */ - if (nslcd_cfg->ldc_sasl_secprops!=NULL) + if (nslcd_cfg->ldc_sasl_secprops != NULL) { - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_SECPROPS,\"%s\")",nslcd_cfg->ldc_sasl_secprops); - LDAP_SET_OPTION(ld,LDAP_OPT_X_SASL_SECPROPS,(void *)nslcd_cfg->ldc_sasl_secprops); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_SASL_SECPROPS,\"%s\")", + nslcd_cfg->ldc_sasl_secprops); + LDAP_SET_OPTION(ld, LDAP_OPT_X_SASL_SECPROPS, (void *)nslcd_cfg->ldc_sasl_secprops); } #ifdef HAVE_SASL_INTERACT_T - if (nslcd_cfg->ldc_binddn!=NULL) - log_log(LOG_DEBUG,"ldap_sasl_interactive_bind_s(\"%s\",\"%s\") (uri=\"%s\")", - nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech,uri); + if (nslcd_cfg->ldc_binddn != NULL) + log_log(LOG_DEBUG, "ldap_sasl_interactive_bind_s(\"%s\",\"%s\") (uri=\"%s\")", + nslcd_cfg->ldc_binddn, nslcd_cfg->ldc_sasl_mech, uri); else - log_log(LOG_DEBUG,"ldap_sasl_interactive_bind_s(NULL,\"%s\") (uri=\"%s\")", - nslcd_cfg->ldc_sasl_mech,uri); - return ldap_sasl_interactive_bind_s(ld,nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech,NULL,NULL, - LDAP_SASL_QUIET, - do_sasl_interact,(void *)nslcd_cfg); + log_log(LOG_DEBUG, "ldap_sasl_interactive_bind_s(NULL,\"%s\") (uri=\"%s\")", + nslcd_cfg->ldc_sasl_mech, uri); + return ldap_sasl_interactive_bind_s(ld, nslcd_cfg->ldc_binddn, + nslcd_cfg->ldc_sasl_mech, NULL, NULL, + LDAP_SASL_QUIET, do_sasl_interact, + (void *)nslcd_cfg); #else /* HAVE_SASL_INTERACT_T */ - if (nslcd_cfg->ldc_bindpw!=NULL) + if (nslcd_cfg->ldc_bindpw != NULL) { - cred.bv_val=nslcd_cfg->ldc_bindpw; - cred.bv_len=strlen(nslcd_cfg->ldc_bindpw); + cred.bv_val = nslcd_cfg->ldc_bindpw; + cred.bv_len = strlen(nslcd_cfg->ldc_bindpw); } else { - cred.bv_val=""; - cred.bv_len=0; + cred.bv_val = ""; + cred.bv_len = 0; } - if (nslcd_cfg->ldc_binddn!=NULL) - log_log(LOG_DEBUG,"ldap_sasl_bind_s(\"%s\",\"%s\",%s) (uri=\"%s\")", - nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech, - nslcd_cfg->ldc_bindpw?"\"***\"":"NULL",uri); + if (nslcd_cfg->ldc_binddn != NULL) + log_log(LOG_DEBUG, "ldap_sasl_bind_s(\"%s\",\"%s\",%s) (uri=\"%s\")", + nslcd_cfg->ldc_binddn, nslcd_cfg->ldc_sasl_mech, + nslcd_cfg->ldc_bindpw ? "\"***\"" : "NULL", uri); else - log_log(LOG_DEBUG,"ldap_sasl_bind_s(NULL,\"%s\",%s) (uri=\"%s\")", - nslcd_cfg->ldc_sasl_mech, - nslcd_cfg->ldc_bindpw?"\"***\"":"NULL",uri); - return ldap_sasl_bind_s(ld,nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_sasl_mech,&cred,NULL,NULL,NULL); + log_log(LOG_DEBUG, "ldap_sasl_bind_s(NULL,\"%s\",%s) (uri=\"%s\")", + nslcd_cfg->ldc_sasl_mech, + nslcd_cfg->ldc_bindpw ? "\"***\"" : "NULL", uri); + return ldap_sasl_bind_s(ld, nslcd_cfg->ldc_binddn, + nslcd_cfg->ldc_sasl_mech, &cred, NULL, NULL, NULL); #endif /* not HAVE_SASL_INTERACT_T */ } #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ /* do a simple bind */ if (nslcd_cfg->ldc_binddn) - log_log(LOG_DEBUG,"ldap_simple_bind_s(\"%s\",%s) (uri=\"%s\")",nslcd_cfg->ldc_binddn, - nslcd_cfg->ldc_bindpw?"\"***\"":"NULL",uri); + log_log(LOG_DEBUG, "ldap_simple_bind_s(\"%s\",%s) (uri=\"%s\")", + nslcd_cfg->ldc_binddn, nslcd_cfg->ldc_bindpw ? "\"***\"" : "NULL", + uri); else - log_log(LOG_DEBUG,"ldap_simple_bind_s(NULL,%s) (uri=\"%s\")", - nslcd_cfg->ldc_bindpw?"\"***\"":"NULL",uri); - return ldap_simple_bind_s(ld,nslcd_cfg->ldc_binddn,nslcd_cfg->ldc_bindpw); + log_log(LOG_DEBUG, "ldap_simple_bind_s(NULL,%s) (uri=\"%s\")", + nslcd_cfg->ldc_bindpw ? "\"***\"" : "NULL", uri); + return ldap_simple_bind_s(ld, nslcd_cfg->ldc_binddn, nslcd_cfg->ldc_bindpw); } #ifdef HAVE_LDAP_SET_REBIND_PROC /* This function is called by the LDAP library when chasing referrals. It is configured with the ldap_set_rebind_proc() below. */ #if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000) -static int do_rebind(LDAP *ld,LDAP_CONST char *url, +static int do_rebind(LDAP *ld, LDAP_CONST char *url, ber_tag_t UNUSED(request), - ber_int_t UNUSED(msgid),void *arg) + ber_int_t UNUSED(msgid), void *arg) { - MYLDAP_SESSION *session=(MYLDAP_SESSION *)arg; - log_log(LOG_DEBUG,"rebinding to %s",url); - return do_bind(ld,session->binddn,session->bindpw,url); + MYLDAP_SESSION *session = (MYLDAP_SESSION *)arg; + log_log(LOG_DEBUG, "rebinding to %s", url); + return do_bind(ld, session->binddn, session->bindpw, url); } #else /* not recent OpenLDAP */ -static int do_rebind(LDAP *ld,char **dnp,char **passwdp,int *authmethodp, - int freeit,void *arg) +static int do_rebind(LDAP *ld, char **dnp, char **passwdp, int *authmethodp, + int freeit, void *arg) { - MYLDAP_SESSION *session=(MYLDAP_SESSION *)arg; + MYLDAP_SESSION *session = (MYLDAP_SESSION *)arg; if (freeit) { free(*dnp); - memset(*passwdp,0,strlen(*passwdp)); + memset(*passwdp, 0, strlen(*passwdp)); free(*passwdp); } else { - log_log(LOG_DEBUG,"rebinding"); - *dnp=strdup(session->binddn); - *passwdp=strdup(session->bindpw); - *authmethodp=LDAP_AUTH_SIMPLE; - if ((*dnp==NULL)||(*passwdp==NULL)) + log_log(LOG_DEBUG, "rebinding"); + *dnp = strdup(session->binddn); + *passwdp = strdup(session->bindpw); + *authmethodp = LDAP_AUTH_SIMPLE; + if ((*dnp == NULL) || (*passwdp == NULL)) { - if (*dnp!=NULL) + if (*dnp != NULL) free(*dnp); - log_log(LOG_CRIT,"do_rebind(): strdup() failed to allocate memory"); + log_log(LOG_CRIT, "do_rebind(): strdup() failed to allocate memory"); return LDAP_NO_MEMORY; } } @@ -537,34 +546,37 @@ static int do_rebind(LDAP *ld,char **dnp,char **passwdp,int *authmethodp, #endif /* HAVE_LDAP_SET_REBIND_PROC */ /* set a recieve and send timeout on a socket */ -static int set_socket_timeout(LDAP *ld,time_t sec,suseconds_t usec) +static int set_socket_timeout(LDAP *ld, time_t sec, suseconds_t usec) { struct timeval tv; - int rc=LDAP_SUCCESS; + int rc = LDAP_SUCCESS; int sd; - log_log(LOG_DEBUG,"set_socket_timeout(%lu,%lu)",(unsigned long)sec,(unsigned long)usec); + log_log(LOG_DEBUG, "set_socket_timeout(%lu,%lu)", + (unsigned long)sec, (unsigned long)usec); /* get the socket */ - if ((rc=ldap_get_option(ld,LDAP_OPT_DESC,&sd))!=LDAP_SUCCESS) + if ((rc = ldap_get_option(ld, LDAP_OPT_DESC, &sd)) != LDAP_SUCCESS) { - myldap_err(LOG_ERR,ld,rc,"ldap_get_option(LDAP_OPT_DESC) failed"); + myldap_err(LOG_ERR, ld, rc, "ldap_get_option(LDAP_OPT_DESC) failed"); return rc; } /* ignore invalid (probably closed) file descriptors */ - if (sd<=0) + if (sd <= 0) return LDAP_SUCCESS; /* set timeouts */ - memset(&tv,0,sizeof(tv)); - tv.tv_sec=sec; - tv.tv_usec=usec; - if (setsockopt(sd,SOL_SOCKET,SO_RCVTIMEO,(void *)&tv,sizeof(tv))) + memset(&tv, 0, sizeof(tv)); + tv.tv_sec = sec; + tv.tv_usec = usec; + if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (void *)&tv, sizeof(tv))) { - log_log(LOG_ERR,"setsockopt(%d,SO_RCVTIMEO) failed: %s",sd,strerror(errno)); - rc=LDAP_LOCAL_ERROR; + log_log(LOG_ERR, "setsockopt(%d,SO_RCVTIMEO) failed: %s", + sd, strerror(errno)); + rc = LDAP_LOCAL_ERROR; } - if (setsockopt(sd,SOL_SOCKET,SO_SNDTIMEO,(void *)&tv,sizeof(tv))) + if (setsockopt(sd, SOL_SOCKET, SO_SNDTIMEO, (void *)&tv, sizeof(tv))) { - log_log(LOG_ERR,"setsockopt(%d,SO_RCVTIMEO) failed: %s",sd,strerror(errno)); - rc=LDAP_LOCAL_ERROR; + log_log(LOG_ERR, "setsockopt(%d,SO_RCVTIMEO) failed: %s", + sd, strerror(errno)); + rc = LDAP_LOCAL_ERROR; } return rc; } @@ -573,20 +585,22 @@ static int set_socket_timeout(LDAP *ld,time_t sec,suseconds_t usec) /* This function is called by the LDAP library once a connection was made to the server. We set a timeout on the socket here, to catch netzwork timeouts during the ssl handshake phase. It is configured with LDAP_OPT_CONNECT_CB. */ -static int connect_cb(LDAP *ld,Sockbuf UNUSED(*sb),LDAPURLDesc UNUSED(*srv), - struct sockaddr UNUSED(*addr),struct ldap_conncb UNUSED(*ctx)) +static int connect_cb(LDAP *ld, Sockbuf UNUSED(*sb), + LDAPURLDesc UNUSED(*srv), struct sockaddr UNUSED(*addr), + struct ldap_conncb UNUSED(*ctx)) { /* set timeout options on socket to avoid hang in some cases (a little more than the normal timeout so this should only be triggered in cases where the library behaves incorrectly) */ if (nslcd_cfg->ldc_timelimit) - set_socket_timeout(ld,nslcd_cfg->ldc_timelimit,500000); + set_socket_timeout(ld, nslcd_cfg->ldc_timelimit, 500000); return LDAP_SUCCESS; } /* We have an empty disconnect callback because LDAP_OPT_CONNECT_CB expects both functions to be available. */ -static void disconnect_cb(LDAP UNUSED(*ld),Sockbuf UNUSED(*sb),struct ldap_conncb UNUSED(*ctx)) +static void disconnect_cb(LDAP UNUSED(*ld), Sockbuf UNUSED(*sb), + struct ldap_conncb UNUSED(*ctx)) { } #endif /* LDAP_OPT_CONNECT_CB */ @@ -611,67 +625,80 @@ static int do_set_options(MYLDAP_SESSION *session) http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/apis/ldap_set_rebind_proc.htm http://www.openldap.org/software/man.cgi?query=ldap_set_rebind_proc&manpath=OpenLDAP+2.4-Release */ /* TODO: probably only set this if we should chase referrals */ - log_log(LOG_DEBUG,"ldap_set_rebind_proc()"); + log_log(LOG_DEBUG, "ldap_set_rebind_proc()"); #ifndef LDAP_SET_REBIND_PROC_RETURNS_VOID /* it returns int */ - rc=ldap_set_rebind_proc(session->ld,do_rebind,session); - if (rc!=LDAP_SUCCESS) + rc = ldap_set_rebind_proc(session->ld, do_rebind, session); + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_ERR,session->ld,rc,"ldap_set_rebind_proc() failed"); + myldap_err(LOG_ERR, session->ld, rc, "ldap_set_rebind_proc() failed"); return rc; } #else /* ldap_set_rebind_proc() returns void */ - ldap_set_rebind_proc(session->ld,do_rebind,session); + ldap_set_rebind_proc(session->ld, do_rebind, session); #endif #endif /* HAVE_LDAP_SET_REBIND_PROC */ /* set the protocol version to use */ - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,%d)",nslcd_cfg->ldc_version); - LDAP_SET_OPTION(session->ld,LDAP_OPT_PROTOCOL_VERSION,&nslcd_cfg->ldc_version); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,%d)", + nslcd_cfg->ldc_version); + LDAP_SET_OPTION(session->ld, LDAP_OPT_PROTOCOL_VERSION, + &nslcd_cfg->ldc_version); /* set some other options */ - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_DEREF,%d)",nslcd_cfg->ldc_deref); - LDAP_SET_OPTION(session->ld,LDAP_OPT_DEREF,&nslcd_cfg->ldc_deref); - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_TIMELIMIT,%d)",nslcd_cfg->ldc_timelimit); - LDAP_SET_OPTION(session->ld,LDAP_OPT_TIMELIMIT,&nslcd_cfg->ldc_timelimit); - tv.tv_sec=nslcd_cfg->ldc_bind_timelimit; - tv.tv_usec=0; + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_DEREF,%d)", + nslcd_cfg->ldc_deref); + LDAP_SET_OPTION(session->ld, LDAP_OPT_DEREF, &nslcd_cfg->ldc_deref); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_TIMELIMIT,%d)", + nslcd_cfg->ldc_timelimit); + LDAP_SET_OPTION(session->ld, LDAP_OPT_TIMELIMIT, &nslcd_cfg->ldc_timelimit); + tv.tv_sec = nslcd_cfg->ldc_bind_timelimit; + tv.tv_usec = 0; #ifdef LDAP_OPT_TIMEOUT - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_TIMEOUT,%d)",nslcd_cfg->ldc_timelimit); - LDAP_SET_OPTION(session->ld,LDAP_OPT_TIMEOUT,&tv); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_TIMEOUT,%d)", + nslcd_cfg->ldc_timelimit); + LDAP_SET_OPTION(session->ld, LDAP_OPT_TIMEOUT, &tv); #endif /* LDAP_OPT_TIMEOUT */ #ifdef LDAP_OPT_NETWORK_TIMEOUT - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,%d)",nslcd_cfg->ldc_timelimit); - LDAP_SET_OPTION(session->ld,LDAP_OPT_NETWORK_TIMEOUT,&tv); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,%d)", + nslcd_cfg->ldc_timelimit); + LDAP_SET_OPTION(session->ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); #endif /* LDAP_OPT_NETWORK_TIMEOUT */ #ifdef LDAP_X_OPT_CONNECT_TIMEOUT - log_log(LOG_DEBUG,"ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%d)",nslcd_cfg->ldc_timelimit); - LDAP_SET_OPTION(session->ld,LDAP_X_OPT_CONNECT_TIMEOUT,&tv); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%d)", + nslcd_cfg->ldc_timelimit); + LDAP_SET_OPTION(session->ld, LDAP_X_OPT_CONNECT_TIMEOUT, &tv); #endif /* LDAP_X_OPT_CONNECT_TIMEOUT */ - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_REFERRALS,%s)",nslcd_cfg->ldc_referrals?"LDAP_OPT_ON":"LDAP_OPT_OFF"); - LDAP_SET_OPTION(session->ld,LDAP_OPT_REFERRALS,nslcd_cfg->ldc_referrals?LDAP_OPT_ON:LDAP_OPT_OFF); - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_RESTART,%s)",nslcd_cfg->ldc_restart?"LDAP_OPT_ON":"LDAP_OPT_OFF"); - LDAP_SET_OPTION(session->ld,LDAP_OPT_RESTART,nslcd_cfg->ldc_restart?LDAP_OPT_ON:LDAP_OPT_OFF); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_REFERRALS,%s)", + nslcd_cfg->ldc_referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF"); + LDAP_SET_OPTION(session->ld, LDAP_OPT_REFERRALS, + nslcd_cfg->ldc_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_RESTART,%s)", + nslcd_cfg->ldc_restart ? "LDAP_OPT_ON" : "LDAP_OPT_OFF"); + LDAP_SET_OPTION(session->ld, LDAP_OPT_RESTART, + nslcd_cfg->ldc_restart ? LDAP_OPT_ON : LDAP_OPT_OFF); #ifdef LDAP_OPT_CONNECT_CB /* register a connection callback */ - cb.lc_add=connect_cb; - cb.lc_del=disconnect_cb; - cb.lc_arg=NULL; - LDAP_SET_OPTION(session->ld,LDAP_OPT_CONNECT_CB,(void *)&cb); + cb.lc_add = connect_cb; + cb.lc_del = disconnect_cb; + cb.lc_arg = NULL; + LDAP_SET_OPTION(session->ld, LDAP_OPT_CONNECT_CB, (void *)&cb); #endif /* LDAP_OPT_CONNECT_CB */ #ifdef LDAP_OPT_X_TLS /* if SSL is desired, then enable it */ - if ( (nslcd_cfg->ldc_ssl_on==SSL_LDAPS) || - (strncasecmp(nslcd_cfg->ldc_uris[session->current_uri].uri,"ldaps://",8)==0) ) + if ((nslcd_cfg->ldc_ssl_on == SSL_LDAPS) || + (strncasecmp(nslcd_cfg->ldc_uris[session->current_uri].uri, "ldaps://", 8) == 0)) { /* use tls */ - i=LDAP_OPT_X_TLS_HARD; - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)"); - LDAP_SET_OPTION(session->ld,LDAP_OPT_X_TLS,&i); + i = LDAP_OPT_X_TLS_HARD; + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)"); + LDAP_SET_OPTION(session->ld, LDAP_OPT_X_TLS, &i); } #endif /* LDAP_OPT_X_TLS */ #ifdef LDAP_OPT_X_SASL_NOCANON - if (nslcd_cfg->ldc_sasl_canonicalize>=0) + if (nslcd_cfg->ldc_sasl_canonicalize >= 0) { - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)",nslcd_cfg->ldc_sasl_canonicalize?"LDAP_OPT_OFF":"LDAP_OPT_ON"); - LDAP_SET_OPTION(session->ld,LDAP_OPT_X_SASL_NOCANON,nslcd_cfg->ldc_sasl_canonicalize?LDAP_OPT_OFF:LDAP_OPT_ON); + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_SASL_NOCANON,%s)", + nslcd_cfg->ldc_sasl_canonicalize ? "LDAP_OPT_OFF" : "LDAP_OPT_ON"); + LDAP_SET_OPTION(session->ld, LDAP_OPT_X_SASL_NOCANON, + nslcd_cfg->ldc_sasl_canonicalize ? LDAP_OPT_OFF : LDAP_OPT_ON); } #endif /* LDAP_OPT_X_SASL_NOCANON */ /* if nothing above failed, everything should be fine */ @@ -685,50 +712,52 @@ static void do_close(MYLDAP_SESSION *session) int rc; time_t sec; /* if we had reachability problems with the server close the connection */ - if (session->ld!=NULL) + if (session->ld != NULL) { /* set timeout options on socket to avoid hang in some cases (we set a short timeout because we don't care too much about properly shutting down the connection) */ if (nslcd_cfg->ldc_timelimit) { - sec=nslcd_cfg->ldc_timelimit/2; - if (!sec) sec=1; - set_socket_timeout(session->ld,sec,0); + sec = nslcd_cfg->ldc_timelimit / 2; + if (!sec) + sec = 1; + set_socket_timeout(session->ld, sec, 0); } /* go over the other searches and partially close them */ - for (i=0;i<MAX_SEARCHES_IN_SESSION;i++) + for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++) { - if (session->searches[i]!=NULL) + if (session->searches[i] != NULL) { /* free any messages (because later ld is no longer valid) */ - if (session->searches[i]->msg!=NULL) + if (session->searches[i]->msg != NULL) { ldap_msgfree(session->searches[i]->msg); - session->searches[i]->msg=NULL; + session->searches[i]->msg = NULL; } /* abandon the search if there were more results to fetch */ - if (session->searches[i]->msgid!=-1) + if (session->searches[i]->msgid != -1) { - log_log(LOG_DEBUG,"ldap_abandon()"); - if (ldap_abandon(session->searches[i]->session->ld,session->searches[i]->msgid)) + log_log(LOG_DEBUG, "ldap_abandon()"); + if (ldap_abandon(session->searches[i]->session->ld, session->searches[i]->msgid)) { - if (ldap_get_option(session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - rc=LDAP_OTHER; - myldap_err(LOG_WARNING,session->ld,rc,"ldap_abandon() failed to abandon search"); + if (ldap_get_option(session->ld, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) + rc = LDAP_OTHER; + myldap_err(LOG_WARNING, session->ld, rc, + "ldap_abandon() failed to abandon search"); } - session->searches[i]->msgid=-1; + session->searches[i]->msgid = -1; } /* flag the search as invalid */ - session->searches[i]->valid=0; + session->searches[i]->valid = 0; } } /* close the connection to the server */ - log_log(LOG_DEBUG,"ldap_unbind()"); - rc=ldap_unbind(session->ld); - session->ld=NULL; - if (rc!=LDAP_SUCCESS) - myldap_err(LOG_WARNING,session->ld,rc,"ldap_unbind() failed"); + log_log(LOG_DEBUG, "ldap_unbind()"); + rc = ldap_unbind(session->ld); + session->ld = NULL; + if (rc != LDAP_SUCCESS) + myldap_err(LOG_WARNING, session->ld, rc, "ldap_unbind() failed"); } } @@ -739,22 +768,22 @@ void myldap_session_check(MYLDAP_SESSION *session) /* check parameters */ if (!is_valid_session(session)) { - log_log(LOG_ERR,"myldap_session_check(): invalid parameter passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_session_check(): invalid parameter passed"); + errno = EINVAL; return; } /* check if we should time out the connection */ - if ((session->ld!=NULL)&&(nslcd_cfg->ldc_idle_timelimit>0)) + if ((session->ld != NULL) && (nslcd_cfg->ldc_idle_timelimit > 0)) { /* if we have any running searches, don't time out */ - for (i=0;i<MAX_SEARCHES_IN_SESSION;i++) - if ((session->searches[i]!=NULL)&&(session->searches[i]->valid)) + for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++) + if ((session->searches[i] != NULL) && (session->searches[i]->valid)) return; /* consider timeout (there are no running searches) */ time(¤t_time); - if ((session->lastactivity+nslcd_cfg->ldc_idle_timelimit)<current_time) + if ((session->lastactivity + nslcd_cfg->ldc_idle_timelimit) < current_time) { - log_log(LOG_DEBUG,"myldap_session_check(): idle_timelimit reached"); + log_log(LOG_DEBUG, "myldap_session_check(): idle_timelimit reached"); do_close(session); } } @@ -767,44 +796,45 @@ static int do_open(MYLDAP_SESSION *session) int rc; /* if the connection is still there (ie. ldap_unbind() wasn't called) then we can return the cached connection */ - if (session->ld!=NULL) + if (session->ld != NULL) return LDAP_SUCCESS; /* we should build a new session now */ - session->ld=NULL; - session->lastactivity=0; + session->ld = NULL; + session->lastactivity = 0; /* open the connection */ - log_log(LOG_DEBUG,"ldap_initialize(%s)",nslcd_cfg->ldc_uris[session->current_uri].uri); - errno=0; - rc=ldap_initialize(&(session->ld),nslcd_cfg->ldc_uris[session->current_uri].uri); - if (rc!=LDAP_SUCCESS) + log_log(LOG_DEBUG, "ldap_initialize(%s)", + nslcd_cfg->ldc_uris[session->current_uri].uri); + errno = 0; + rc = ldap_initialize(&(session->ld), nslcd_cfg->ldc_uris[session->current_uri].uri); + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_WARNING,session->ld,rc,"ldap_initialize(%s) failed", + myldap_err(LOG_WARNING, session->ld, rc, "ldap_initialize(%s) failed", nslcd_cfg->ldc_uris[session->current_uri].uri); - if (session->ld!=NULL) + if (session->ld != NULL) do_close(session); return rc; } - else if (session->ld==NULL) + else if (session->ld == NULL) { - log_log(LOG_WARNING,"ldap_initialize() returned NULL"); + log_log(LOG_WARNING, "ldap_initialize() returned NULL"); return LDAP_LOCAL_ERROR; } /* set the options for the connection */ - rc=do_set_options(session); - if (rc!=LDAP_SUCCESS) + rc = do_set_options(session); + if (rc != LDAP_SUCCESS) { do_close(session); return rc; } /* bind to the server */ - errno=0; - rc=do_bind(session->ld,session->binddn,session->bindpw, - nslcd_cfg->ldc_uris[session->current_uri].uri); - if (rc!=LDAP_SUCCESS) + errno = 0; + rc = do_bind(session->ld, session->binddn, session->bindpw, + nslcd_cfg->ldc_uris[session->current_uri].uri); + if (rc != LDAP_SUCCESS) { /* log actual LDAP error code */ - myldap_err((session->binddn[0]=='\0')?LOG_WARNING:LOG_DEBUG, - session->ld,rc,"failed to bind to LDAP server %s", + myldap_err((session->binddn[0] == '\0') ? LOG_WARNING : LOG_DEBUG, + session->ld, rc, "failed to bind to LDAP server %s", nslcd_cfg->ldc_uris[session->current_uri].uri); do_close(session); return rc; @@ -815,14 +845,14 @@ static int do_open(MYLDAP_SESSION *session) } /* Set alternative credentials for the session. */ -void myldap_set_credentials(MYLDAP_SESSION *session,const char *dn, - const char *password) +void myldap_set_credentials(MYLDAP_SESSION *session, const char *dn, + const char *password) { /* copy dn and password into session */ - strncpy(session->binddn,dn,sizeof(session->binddn)); - session->binddn[sizeof(session->binddn)-1]='\0'; - strncpy(session->bindpw,password,sizeof(session->bindpw)); - session->bindpw[sizeof(session->bindpw)-1]='\0'; + strncpy(session->binddn, dn, sizeof(session->binddn)); + session->binddn[sizeof(session->binddn) - 1] = '\0'; + strncpy(session->bindpw, password, sizeof(session->bindpw)); + session->bindpw[sizeof(session->bindpw) - 1] = '\0'; } static int do_try_search(MYLDAP_SEARCH *search) @@ -832,52 +862,52 @@ static int do_try_search(MYLDAP_SEARCH *search) LDAPControl **pServerCtrls; int msgid; /* ensure that we have an open connection */ - rc=do_open(search->session); - if (rc!=LDAP_SUCCESS) + rc = do_open(search->session); + if (rc != LDAP_SUCCESS) return rc; /* if we're using paging, build a page control */ - if ((nslcd_cfg->ldc_pagesize>0)&&(search->scope!=LDAP_SCOPE_BASE)) + if ((nslcd_cfg->ldc_pagesize > 0) && (search->scope != LDAP_SCOPE_BASE)) { - rc=ldap_create_page_control(search->session->ld,nslcd_cfg->ldc_pagesize, - NULL,0,&serverCtrls[0]); - if (rc==LDAP_SUCCESS) + rc = ldap_create_page_control(search->session->ld, nslcd_cfg->ldc_pagesize, + NULL, 0, &serverCtrls[0]); + if (rc == LDAP_SUCCESS) { - serverCtrls[1]=NULL; - pServerCtrls=serverCtrls; + serverCtrls[1] = NULL; + pServerCtrls = serverCtrls; } else { - myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_create_page_control() failed"); + myldap_err(LOG_WARNING, search->session->ld, rc, + "ldap_create_page_control() failed"); /* clear error flag */ - rc=LDAP_SUCCESS; - if (ldap_set_option(search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - log_log(LOG_WARNING,"failed to clear the error flag"); - pServerCtrls=NULL; + rc = LDAP_SUCCESS; + if (ldap_set_option(search->session->ld, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) + log_log(LOG_WARNING, "failed to clear the error flag"); + pServerCtrls = NULL; } } else - pServerCtrls=NULL; + pServerCtrls = NULL; /* perform the search */ - rc=ldap_search_ext(search->session->ld,search->base,search->scope, - search->filter,(char **)(search->attrs), - 0,pServerCtrls,NULL,NULL, - LDAP_NO_LIMIT,&msgid); + rc = ldap_search_ext(search->session->ld, search->base, search->scope, + search->filter, (char **)(search->attrs), + 0, pServerCtrls, NULL, NULL, LDAP_NO_LIMIT, &msgid); /* free the controls if we had them */ - if (pServerCtrls!=NULL) + if (pServerCtrls != NULL) { ldap_control_free(serverCtrls[0]); - serverCtrls[0]=NULL; + serverCtrls[0] = NULL; } /* handle errors */ - if (rc!=LDAP_SUCCESS) + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_search_ext() failed"); + myldap_err(LOG_WARNING, search->session->ld, rc, "ldap_search_ext() failed"); return rc; } /* update the last activity on the connection */ time(&(search->session->lastactivity)); /* save msgid */ - search->msgid=msgid; + search->msgid = msgid; /* return the new search */ return LDAP_SUCCESS; } @@ -893,16 +923,16 @@ void myldap_session_cleanup(MYLDAP_SESSION *session) /* check parameter */ if (!is_valid_session(session)) { - log_log(LOG_ERR,"myldap_session_cleanup(): invalid session passed"); + log_log(LOG_ERR, "myldap_session_cleanup(): invalid session passed"); return; } /* go over all searches in the session and close them */ - for (i=0;i<MAX_SEARCHES_IN_SESSION;i++) + for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++) { - if (session->searches[i]!=NULL) + if (session->searches[i] != NULL) { myldap_search_close(session->searches[i]); - session->searches[i]=NULL; + session->searches[i] = NULL; } } } @@ -912,7 +942,7 @@ void myldap_session_close(MYLDAP_SESSION *session) /* check parameter */ if (!is_valid_session(session)) { - log_log(LOG_ERR,"myldap_session_cleanup(): invalid session passed"); + log_log(LOG_ERR, "myldap_session_cleanup(): invalid session passed"); return; } /* close pending searches */ @@ -928,376 +958,377 @@ pthread_mutex_t uris_mutex = PTHREAD_MUTEX_INITIALIZER; static int do_retry_search(MYLDAP_SEARCH *search) { - int sleeptime=0; + int sleeptime = 0; int start_uri; time_t endtime; time_t nexttry; time_t t; - int rc=LDAP_UNAVAILABLE; + int rc = LDAP_UNAVAILABLE; struct myldap_uri *current_uri; int dotry[NSS_LDAP_CONFIG_URI_MAX]; /* clear time stamps */ - for (start_uri=0;start_uri<NSS_LDAP_CONFIG_URI_MAX;start_uri++) - dotry[start_uri]=1; + for (start_uri = 0; start_uri < NSS_LDAP_CONFIG_URI_MAX; start_uri++) + dotry[start_uri] = 1; /* keep trying until we time out */ - endtime=time(NULL)+nslcd_cfg->ldc_reconnect_retrytime; + endtime = time(NULL) + nslcd_cfg->ldc_reconnect_retrytime; while (1) { - nexttry=endtime; + nexttry = endtime; /* try each configured URL once */ pthread_mutex_lock(&uris_mutex); - start_uri=search->session->current_uri; + start_uri = search->session->current_uri; do { - current_uri=&(nslcd_cfg->ldc_uris[search->session->current_uri]); + current_uri = &(nslcd_cfg->ldc_uris[search->session->current_uri]); /* only try this URI if we should */ if (!dotry[search->session->current_uri]) { /* skip this URI */ } - else if ( (current_uri->lastfail > (current_uri->firstfail+nslcd_cfg->ldc_reconnect_retrytime)) && - ((t=time(NULL)) < (current_uri->lastfail+nslcd_cfg->ldc_reconnect_retrytime)) ) + else if ((current_uri->lastfail > (current_uri->firstfail + nslcd_cfg->ldc_reconnect_retrytime)) && + ((t = time(NULL)) < (current_uri->lastfail + nslcd_cfg->ldc_reconnect_retrytime))) { /* we are in a hard fail state and have retried not long ago */ - log_log(LOG_DEBUG,"not retrying server %s which failed just %d second(s) ago and has been failing for %d seconds", - current_uri->uri,(int)(t-current_uri->lastfail), - (int)(t-current_uri->firstfail)); - dotry[search->session->current_uri]=0; + log_log(LOG_DEBUG, "not retrying server %s which failed just %d second(s) ago and has been failing for %d seconds", + current_uri->uri, (int)(t - current_uri->lastfail), + (int)(t - current_uri->firstfail)); + dotry[search->session->current_uri] = 0; } else { /* try to start the search */ pthread_mutex_unlock(&uris_mutex); - rc=do_try_search(search); - if (rc==LDAP_SUCCESS) + rc = do_try_search(search); + if (rc == LDAP_SUCCESS) { pthread_mutex_lock(&uris_mutex); /* check if we are coming back from an error */ - if ((current_uri->lastfail>0)||(search->session->current_uri!=start_uri)) - log_log(LOG_INFO,"connected to LDAP server %s",current_uri->uri); + if ((current_uri->lastfail > 0) || (search->session->current_uri != start_uri)) + log_log(LOG_INFO, "connected to LDAP server %s", current_uri->uri); /* update ok time */ - current_uri->firstfail=0; - current_uri->lastfail=0; + current_uri->firstfail = 0; + current_uri->lastfail = 0; pthread_mutex_unlock(&uris_mutex); /* flag the search as valid */ - search->valid=1; + search->valid = 1; return LDAP_SUCCESS; } /* close the current connection */ do_close(search->session); /* update time of failure and figure out when we should retry */ pthread_mutex_lock(&uris_mutex); - t=time(NULL); + t = time(NULL); /* update timestaps unless we are doing an authentication search */ - if (search->session->binddn[0]=='\0') + if (search->session->binddn[0] == '\0') { - if (current_uri->firstfail==0) - current_uri->firstfail=t; - current_uri->lastfail=t; + if (current_uri->firstfail == 0) + current_uri->firstfail = t; + current_uri->lastfail = t; } /* if it is one of these, retrying this URI is not going to help */ - if ((rc==LDAP_INVALID_CREDENTIALS)||(rc==LDAP_INSUFFICIENT_ACCESS)|| - (rc==LDAP_AUTH_METHOD_NOT_SUPPORTED)) - dotry[search->session->current_uri]=0; + if ((rc == LDAP_INVALID_CREDENTIALS) || (rc == LDAP_INSUFFICIENT_ACCESS) || + (rc == LDAP_AUTH_METHOD_NOT_SUPPORTED)) + dotry[search->session->current_uri] = 0; /* check when we should try this URI again */ - else if (t <= (current_uri->firstfail+nslcd_cfg->ldc_reconnect_retrytime)) + else if (t <= (current_uri->firstfail + nslcd_cfg->ldc_reconnect_retrytime)) { - t+=nslcd_cfg->ldc_reconnect_sleeptime; - if (t<nexttry) - nexttry=t; + t += nslcd_cfg->ldc_reconnect_sleeptime; + if (t < nexttry) + nexttry = t; } } /* try the next URI (with wrap-around) */ search->session->current_uri++; - if (nslcd_cfg->ldc_uris[search->session->current_uri].uri==NULL) - search->session->current_uri=0; + if (nslcd_cfg->ldc_uris[search->session->current_uri].uri == NULL) + search->session->current_uri = 0; } - while (search->session->current_uri!=start_uri); + while (search->session->current_uri != start_uri); pthread_mutex_unlock(&uris_mutex); /* see if it is any use sleeping */ - if (nexttry>=endtime) + if (nexttry >= endtime) { - if (search->session->binddn[0]=='\0') - myldap_err(LOG_ERR,search->session->ld,rc,"no available LDAP server found"); + if (search->session->binddn[0] == '\0') + myldap_err(LOG_ERR, search->session->ld, rc, "no available LDAP server found"); return rc; } /* sleep between tries */ - sleeptime=nexttry-time(NULL); - if (sleeptime>0) + sleeptime = nexttry - time(NULL); + if (sleeptime > 0) { - log_log(LOG_WARNING,"no available LDAP server found, sleeping %d seconds",sleeptime); + log_log(LOG_WARNING, "no available LDAP server found, sleeping %d seconds", + sleeptime); (void)sleep(sleeptime); } } } -MYLDAP_SEARCH *myldap_search( - MYLDAP_SESSION *session, - const char *base,int scope,const char *filter,const char **attrs, - int *rcp) +MYLDAP_SEARCH *myldap_search(MYLDAP_SESSION *session, + const char *base, int scope, const char *filter, + const char **attrs, int *rcp) { MYLDAP_SEARCH *search; int i; int rc; /* check parameters */ - if (!is_valid_session(session)||(base==NULL)||(filter==NULL)||(attrs==NULL)) + if (!is_valid_session(session) || (base == NULL) || (filter == NULL) || + (attrs == NULL)) { - log_log(LOG_ERR,"myldap_search(): invalid parameter passed"); - errno=EINVAL; - if (rcp!=NULL) - *rcp=LDAP_OPERATIONS_ERROR; + log_log(LOG_ERR, "myldap_search(): invalid parameter passed"); + errno = EINVAL; + if (rcp != NULL) + *rcp = LDAP_OPERATIONS_ERROR; return NULL; } /* log the call */ - log_log(LOG_DEBUG,"myldap_search(base=\"%s\", filter=\"%s\")", - base,filter); + log_log(LOG_DEBUG, "myldap_search(base=\"%s\", filter=\"%s\")", + base, filter); /* check if the idle time for the connection has expired */ myldap_session_check(session); /* allocate a new search entry */ - search=myldap_search_new(session,base,scope,filter,attrs); + search = myldap_search_new(session, base, scope, filter, attrs); /* find a place in the session where we can register our search */ - for (i=0;(session->searches[i]!=NULL)&&(i<MAX_SEARCHES_IN_SESSION);i++) - ; - if (i>=MAX_SEARCHES_IN_SESSION) + for (i = 0; (session->searches[i] != NULL) && (i < MAX_SEARCHES_IN_SESSION); i++) + /* nothing */ ; + if (i >= MAX_SEARCHES_IN_SESSION) { - log_log(LOG_ERR,"myldap_search(): too many searches registered with session (max %d)", - MAX_SEARCHES_IN_SESSION); + log_log(LOG_ERR, "myldap_search(): too many searches registered with session (max %d)", + MAX_SEARCHES_IN_SESSION); myldap_search_close(search); - if (rcp!=NULL) - *rcp=LDAP_OPERATIONS_ERROR; + if (rcp != NULL) + *rcp = LDAP_OPERATIONS_ERROR; return NULL; } /* regsiter search with the session so we can free it later on */ - session->searches[i]=search; + session->searches[i] = search; /* do the search with retries to all configured servers */ - rc=do_retry_search(search); - if (rc!=LDAP_SUCCESS) + rc = do_retry_search(search); + if (rc != LDAP_SUCCESS) { myldap_search_close(search); - if (rcp!=NULL) - *rcp=rc; + if (rcp != NULL) + *rcp = rc; return NULL; } - if (rcp!=NULL) - *rcp=LDAP_SUCCESS; + if (rcp != NULL) + *rcp = LDAP_SUCCESS; return search; } void myldap_search_close(MYLDAP_SEARCH *search) { int i; - if (search==NULL) + if (search == NULL) return; /* free any messages */ - if (search->msg!=NULL) + if (search->msg != NULL) { ldap_msgfree(search->msg); - search->msg=NULL; + search->msg = NULL; } /* abandon the search if there were more results to fetch */ - if ((search->session->ld!=NULL)&&(search->msgid!=-1)) + if ((search->session->ld != NULL) && (search->msgid != -1)) { - ldap_abandon(search->session->ld,search->msgid); - search->msgid=-1; + ldap_abandon(search->session->ld, search->msgid); + search->msgid = -1; } /* find the reference to this search in the session */ - for (i=0;i<MAX_SEARCHES_IN_SESSION;i++) + for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++) { - if (search->session->searches[i]==search) - search->session->searches[i]=NULL; + if (search->session->searches[i] == search) + search->session->searches[i] = NULL; } /* free any search entries */ - if (search->entry!=NULL) + if (search->entry != NULL) myldap_entry_free(search->entry); /* clean up cookie */ - if (search->cookie!=NULL) + if (search->cookie != NULL) ber_bvfree(search->cookie); /* free read messages */ - if (search->msg!=NULL) + if (search->msg != NULL) ldap_msgfree(search->msg); /* free the storage we allocated */ free(search); } -MYLDAP_ENTRY *myldap_get_entry(MYLDAP_SEARCH *search,int *rcp) +MYLDAP_ENTRY *myldap_get_entry(MYLDAP_SEARCH *search, int *rcp) { int rc; int parserc; int msgid; - struct timeval tv,*tvp; + struct timeval tv, *tvp; LDAPControl **resultcontrols; LDAPControl *serverctrls[2]; ber_int_t count; /* check parameters */ if (!is_valid_search(search)) { - log_log(LOG_ERR,"myldap_get_entry(): invalid search passed"); - errno=EINVAL; - if (rcp!=NULL) - *rcp=LDAP_OPERATIONS_ERROR; + log_log(LOG_ERR, "myldap_get_entry(): invalid search passed"); + errno = EINVAL; + if (rcp != NULL) + *rcp = LDAP_OPERATIONS_ERROR; return NULL; } /* check if the connection wasn't closed in another search */ if (!search->valid) { - log_log(LOG_WARNING,"myldap_get_entry(): connection was closed"); + log_log(LOG_WARNING, "myldap_get_entry(): connection was closed"); /* retry the search */ if (search->may_retry_search) { - log_log(LOG_DEBUG,"myldap_get_entry(): retry search"); - search->may_retry_search=0; - if (do_retry_search(search)==LDAP_SUCCESS) - return myldap_get_entry(search,rcp); + log_log(LOG_DEBUG, "myldap_get_entry(): retry search"); + search->may_retry_search = 0; + if (do_retry_search(search) == LDAP_SUCCESS) + return myldap_get_entry(search, rcp); } myldap_search_close(search); - if (rcp!=NULL) - *rcp=LDAP_SERVER_DOWN; + if (rcp != NULL) + *rcp = LDAP_SERVER_DOWN; return NULL; } /* set up a timelimit value for operations */ - if (nslcd_cfg->ldc_timelimit==LDAP_NO_LIMIT) - tvp=NULL; + if (nslcd_cfg->ldc_timelimit == LDAP_NO_LIMIT) + tvp = NULL; else { - tv.tv_sec=nslcd_cfg->ldc_timelimit; - tv.tv_usec=0; - tvp=&tv; + tv.tv_sec = nslcd_cfg->ldc_timelimit; + tv.tv_usec = 0; + tvp = &tv; } /* if we have an existing result entry, free it */ - if (search->entry!=NULL) + if (search->entry != NULL) { myldap_entry_free(search->entry); - search->entry=NULL; + search->entry = NULL; } /* try to parse results until we have a final error or ok */ while (1) { /* free the previous message if there was any */ - if (search->msg!=NULL) + if (search->msg != NULL) { ldap_msgfree(search->msg); - search->msg=NULL; + search->msg = NULL; } /* get the next result */ - rc=ldap_result(search->session->ld,search->msgid,LDAP_MSG_ONE,tvp,&(search->msg)); + rc = ldap_result(search->session->ld, search->msgid, LDAP_MSG_ONE, tvp, + &(search->msg)); /* handle result */ switch (rc) { case LDAP_RES_SEARCH_ENTRY: /* we have a normal search entry, update timestamp and return result */ time(&(search->session->lastactivity)); - search->entry=myldap_entry_new(search); - if (rcp!=NULL) - *rcp=LDAP_SUCCESS; + search->entry = myldap_entry_new(search); + if (rcp != NULL) + *rcp = LDAP_SUCCESS; /* log the first couple of dns in the result (but not all, to prevent swamping the log) */ - if (search->count<MAX_DEBUG_LOG_DNS) - log_log(LOG_DEBUG,"ldap_result(): %s",myldap_get_dn(search->entry)); + if (search->count < MAX_DEBUG_LOG_DNS) + log_log(LOG_DEBUG, "ldap_result(): %s", myldap_get_dn(search->entry)); search->count++; - search->may_retry_search=0; + search->may_retry_search = 0; return search->entry; case LDAP_RES_SEARCH_RESULT: /* we have a search result, parse it */ - resultcontrols=NULL; - if (search->cookie!=NULL) + resultcontrols = NULL; + if (search->cookie != NULL) { ber_bvfree(search->cookie); - search->cookie=NULL; + search->cookie = NULL; } /* NB: this frees search->msg */ - parserc=ldap_parse_result(search->session->ld,search->msg,&rc,NULL, - NULL,NULL,&resultcontrols,1); - search->msg=NULL; + parserc = ldap_parse_result(search->session->ld, search->msg, &rc, + NULL, NULL, NULL, &resultcontrols, 1); + search->msg = NULL; /* check for errors during parsing */ - if ((parserc!=LDAP_SUCCESS)&&(parserc!=LDAP_MORE_RESULTS_TO_RETURN)) + if ((parserc != LDAP_SUCCESS) && (parserc != LDAP_MORE_RESULTS_TO_RETURN)) { - if (resultcontrols!=NULL) + if (resultcontrols != NULL) ldap_controls_free(resultcontrols); - myldap_err(LOG_ERR,search->session->ld,parserc,"ldap_parse_result() failed"); + myldap_err(LOG_ERR, search->session->ld, parserc, "ldap_parse_result() failed"); myldap_search_close(search); - if (rcp!=NULL) - *rcp=parserc; + if (rcp != NULL) + *rcp = parserc; return NULL; } /* check for errors in message */ - if ((rc!=LDAP_SUCCESS)&&(rc!=LDAP_MORE_RESULTS_TO_RETURN)) + if ((rc != LDAP_SUCCESS) && (rc != LDAP_MORE_RESULTS_TO_RETURN)) { - if (resultcontrols!=NULL) + if (resultcontrols != NULL) ldap_controls_free(resultcontrols); - myldap_err(LOG_ERR,search->session->ld,rc,"ldap_result() failed"); + myldap_err(LOG_ERR, search->session->ld, rc, "ldap_result() failed"); /* close connection on connection problems */ - if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)) + if ((rc == LDAP_UNAVAILABLE) || (rc == LDAP_SERVER_DOWN)) do_close(search->session); myldap_search_close(search); - if (rcp!=NULL) - *rcp=rc; + if (rcp != NULL) + *rcp = rc; return NULL; } /* handle result controls */ - if (resultcontrols!=NULL) + if (resultcontrols != NULL) { /* see if there are any more pages to come */ - rc=ldap_parse_page_control(search->session->ld, - resultcontrols,&count, - &(search->cookie)); - if (rc!=LDAP_SUCCESS) + rc = ldap_parse_page_control(search->session->ld, resultcontrols, + &count, &(search->cookie)); + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_parse_page_control() failed"); + myldap_err(LOG_WARNING, search->session->ld, rc, "ldap_parse_page_control() failed"); /* clear error flag */ - rc=LDAP_SUCCESS; - if (ldap_set_option(search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - log_log(LOG_WARNING,"failed to clear the error flag"); + rc = LDAP_SUCCESS; + if (ldap_set_option(search->session->ld, LDAP_OPT_ERROR_NUMBER, + &rc) != LDAP_SUCCESS) + log_log(LOG_WARNING, "failed to clear the error flag"); } /* TODO: handle the above return code?? */ ldap_controls_free(resultcontrols); } - search->msgid=-1; + search->msgid = -1; /* check if there are more pages to come */ - if ((search->cookie==NULL)||(search->cookie->bv_len==0)) + if ((search->cookie == NULL) || (search->cookie->bv_len == 0)) { - if (search->count>MAX_DEBUG_LOG_DNS) - log_log(LOG_DEBUG,"ldap_result(): ... %d more results", - search->count-MAX_DEBUG_LOG_DNS); - log_log(LOG_DEBUG,"ldap_result(): end of results (%d total)", - search->count); + if (search->count > MAX_DEBUG_LOG_DNS) + log_log(LOG_DEBUG, "ldap_result(): ... %d more results", + search->count - MAX_DEBUG_LOG_DNS); + log_log(LOG_DEBUG, "ldap_result(): end of results (%d total)", + search->count); /* we are at the end of the search, no more results */ myldap_search_close(search); - if (rcp!=NULL) - *rcp=LDAP_SUCCESS; + if (rcp != NULL) + *rcp = LDAP_SUCCESS; return NULL; } /* try the next page */ - serverctrls[0]=NULL; - serverctrls[1]=NULL; - rc=ldap_create_page_control(search->session->ld, - nslcd_cfg->ldc_pagesize, - search->cookie,0,&serverctrls[0]); - if (rc!=LDAP_SUCCESS) + serverctrls[0] = NULL; + serverctrls[1] = NULL; + rc = ldap_create_page_control(search->session->ld, nslcd_cfg->ldc_pagesize, + search->cookie, 0, &serverctrls[0]); + if (rc != LDAP_SUCCESS) { - if (serverctrls[0]!=NULL) + if (serverctrls[0] != NULL) ldap_control_free(serverctrls[0]); - myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_create_page_control() failed"); + myldap_err(LOG_WARNING, search->session->ld, rc, "ldap_create_page_control() failed"); myldap_search_close(search); - if (rcp!=NULL) - *rcp=rc; + if (rcp != NULL) + *rcp = rc; return NULL; } /* set up a new search for the next page */ - rc=ldap_search_ext(search->session->ld, - search->base,search->scope,search->filter, - search->attrs,0,serverctrls,NULL,NULL, - LDAP_NO_LIMIT,&msgid); + rc = ldap_search_ext(search->session->ld, + search->base, search->scope, search->filter, + search->attrs, 0, serverctrls, NULL, NULL, + LDAP_NO_LIMIT, &msgid); ldap_control_free(serverctrls[0]); - if (rc!=LDAP_SUCCESS) + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_WARNING,search->session->ld,rc,"ldap_search_ext() failed"); + myldap_err(LOG_WARNING, search->session->ld, rc, "ldap_search_ext() failed"); /* close connection on connection problems */ - if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)) + if ((rc == LDAP_UNAVAILABLE) || (rc == LDAP_SERVER_DOWN)) do_close(search->session); myldap_search_close(search); - if (rcp!=NULL) - *rcp=rc; + if (rcp != NULL) + *rcp = rc; return NULL; } - search->msgid=msgid; + search->msgid = msgid; /* we continue with another pass */ break; case LDAP_RES_SEARCH_REFERENCE: @@ -1308,39 +1339,40 @@ MYLDAP_ENTRY *myldap_get_entry(MYLDAP_SEARCH *search,int *rcp) { case -1: /* try to get error code */ - if (ldap_get_option(search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - rc=LDAP_UNAVAILABLE; - myldap_err(LOG_ERR,search->session->ld,rc,"ldap_result() failed"); + if (ldap_get_option(search->session->ld, LDAP_OPT_ERROR_NUMBER, + &rc) != LDAP_SUCCESS) + rc = LDAP_UNAVAILABLE; + myldap_err(LOG_ERR, search->session->ld, rc, "ldap_result() failed"); break; case 0: /* the timeout expired */ - log_log(LOG_ERR,"ldap_result() timed out"); - rc=LDAP_TIMELIMIT_EXCEEDED; + log_log(LOG_ERR, "ldap_result() timed out"); + rc = LDAP_TIMELIMIT_EXCEEDED; break; default: /* unknown code */ - log_log(LOG_WARNING,"ldap_result() returned unexpected result type"); - rc=LDAP_PROTOCOL_ERROR; + log_log(LOG_WARNING, "ldap_result() returned unexpected result type"); + rc = LDAP_PROTOCOL_ERROR; } /* close connection on some connection problems */ - if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)||(rc==LDAP_SUCCESS)|| - (rc==LDAP_TIMELIMIT_EXCEEDED)||(rc==LDAP_OPERATIONS_ERROR)|| - (rc==LDAP_PROTOCOL_ERROR)) + if ((rc == LDAP_UNAVAILABLE) || (rc == LDAP_SERVER_DOWN) || + (rc == LDAP_SUCCESS) || (rc == LDAP_TIMELIMIT_EXCEEDED) || + (rc == LDAP_OPERATIONS_ERROR) || (rc == LDAP_PROTOCOL_ERROR)) { do_close(search->session); /* retry once if no data has been received yet */ if (search->may_retry_search) { - log_log(LOG_DEBUG,"myldap_get_entry(): retry search"); - search->may_retry_search=0; - if (do_retry_search(search)==LDAP_SUCCESS) - return myldap_get_entry(search,rcp); + log_log(LOG_DEBUG, "myldap_get_entry(): retry search"); + search->may_retry_search = 0; + if (do_retry_search(search) == LDAP_SUCCESS) + return myldap_get_entry(search, rcp); } } /* close search */ myldap_search_close(search); - if (rcp!=NULL) - *rcp=rc; + if (rcp != NULL) + *rcp = rc; return NULL; } } @@ -1355,133 +1387,134 @@ const char *myldap_get_dn(MYLDAP_ENTRY *entry) /* check parameters */ if (!is_valid_entry(entry)) { - log_log(LOG_ERR,"myldap_get_dn(): invalid result entry passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_get_dn(): invalid result entry passed"); + errno = EINVAL; return "unknown"; } /* if we don't have it yet, retreive it */ - if ((entry->dn==NULL)&&(entry->search->valid)) + if ((entry->dn == NULL) && (entry->search->valid)) { - entry->dn=ldap_get_dn(entry->search->session->ld,entry->search->msg); - if (entry->dn==NULL) + entry->dn = ldap_get_dn(entry->search->session->ld, entry->search->msg); + if (entry->dn == NULL) { - if (ldap_get_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - rc=LDAP_UNAVAILABLE; - myldap_err(LOG_WARNING,entry->search->session->ld,rc,"ldap_get_dn() returned NULL"); + if (ldap_get_option(entry->search->session->ld, LDAP_OPT_ERROR_NUMBER, + &rc) != LDAP_SUCCESS) + rc = LDAP_UNAVAILABLE; + myldap_err(LOG_WARNING, entry->search->session->ld, rc, "ldap_get_dn() returned NULL"); /* close connection on connection problems */ - if ((rc==LDAP_UNAVAILABLE)||(rc==LDAP_SERVER_DOWN)) + if ((rc == LDAP_UNAVAILABLE) || (rc == LDAP_SERVER_DOWN)) do_close(entry->search->session); } } /* if we still don't have it, return unknown */ - if (entry->dn==NULL) + if (entry->dn == NULL) return "unknown"; /* return it */ return entry->dn; } -char *myldap_cpy_dn(MYLDAP_ENTRY *entry,char *buf,size_t buflen) +char *myldap_cpy_dn(MYLDAP_ENTRY *entry, char *buf, size_t buflen) { const char *dn; /* get the dn */ - dn=myldap_get_dn(entry); + dn = myldap_get_dn(entry); /* copy into buffer */ - if (strlen(dn)<buflen) - strcpy(buf,dn); + if (strlen(dn) < buflen) + strcpy(buf, dn); else - buf=NULL; + buf = NULL; return buf; } /* Perform ranged retreival of attributes. http://msdn.microsoft.com/en-us/library/aa367017(vs.85).aspx http://www.tkk.fi/cc/docs/kerberos/draft-kashi-incremental-00.txt */ -static SET *myldap_get_ranged_values(MYLDAP_ENTRY *entry,const char *attr) +static SET *myldap_get_ranged_values(MYLDAP_ENTRY *entry, const char *attr) { char **values; char *attn; const char *attrs[2]; BerElement *ber; int i; - int startat=0,nxt=0; + int startat = 0, nxt = 0; char attbuf[80]; - const char *dn=myldap_get_dn(entry); - MYLDAP_SESSION *session=entry->search->session; - MYLDAP_SEARCH *search=NULL; - SET *set=NULL; + const char *dn = myldap_get_dn(entry); + MYLDAP_SESSION *session = entry->search->session; + MYLDAP_SEARCH *search = NULL; + SET *set = NULL; /* build the attribute name to find */ - if (mysnprintf(attbuf,sizeof(attbuf),"%s;range=0-*",attr)) + if (mysnprintf(attbuf, sizeof(attbuf), "%s;range=0-*", attr)) return NULL; /* keep doing lookups untul we can't get any more results */ while (1) { /* go over all attributes to find the ranged attribute */ - ber=NULL; - attn=ldap_first_attribute(entry->search->session->ld,entry->search->msg,&ber); - values=NULL; - while (attn!=NULL) + ber = NULL; + attn = ldap_first_attribute(entry->search->session->ld, entry->search->msg, &ber); + values = NULL; + while (attn != NULL) { - if (strncasecmp(attn,attbuf,strlen(attbuf)-1)==0) + if (strncasecmp(attn, attbuf, strlen(attbuf) - 1) == 0) { - log_log(LOG_DEBUG,"found ranged results %s",attn); - nxt=atoi(attn+strlen(attbuf)-1)+1; - values=ldap_get_values(entry->search->session->ld,entry->search->msg,attn); + log_log(LOG_DEBUG, "found ranged results %s", attn); + nxt = atoi(attn + strlen(attbuf) - 1) + 1; + values = ldap_get_values(entry->search->session->ld, entry->search->msg, attn); ldap_memfree(attn); break; } /* free old attribute name and get next one */ ldap_memfree(attn); - attn=ldap_next_attribute(entry->search->session->ld,entry->search->msg,ber); + attn = ldap_next_attribute(entry->search->session->ld, entry->search->msg, ber); } - ber_free(ber,0); + ber_free(ber, 0); /* see if we found any values */ - if ((values==NULL)||(*values==NULL)) + if ((values == NULL) || (*values == NULL)) break; /* allocate memory */ - if (set==NULL) + if (set == NULL) { - set=set_new(); - if (set==NULL) + set = set_new(); + if (set == NULL) { ldap_value_free(values); - log_log(LOG_CRIT,"myldap_get_ranged_values(): set_new() failed to allocate memory"); + log_log(LOG_CRIT, "myldap_get_ranged_values(): set_new() failed to allocate memory"); return NULL; } } /* add to the set */ - for (i=0;values[i]!=NULL;i++) - set_add(set,values[i]); + for (i = 0; values[i] != NULL; i++) + set_add(set, values[i]); /* free results */ ldap_value_free(values); /* check if we should start a new search */ - if (nxt<=startat) + if (nxt <= startat) break; - startat=nxt; + startat = nxt; /* build attributes for a new search */ - if (mysnprintf(attbuf,sizeof(attbuf),"%s;range=%d-*",attr,startat)) + if (mysnprintf(attbuf, sizeof(attbuf), "%s;range=%d-*", attr, startat)) break; - attrs[0]=attbuf; - attrs[1]=NULL; + attrs[0] = attbuf; + attrs[1] = NULL; /* close the previous search, if any */ - if (search!=NULL) + if (search != NULL) myldap_search_close(search); /* start the new search */ - search=myldap_search(session,dn,LDAP_SCOPE_BASE,"(objectClass=*)",attrs,NULL); - if (search==NULL) + search = myldap_search(session, dn, LDAP_SCOPE_BASE, "(objectClass=*)", attrs, NULL); + if (search == NULL) break; - entry=myldap_get_entry(search,NULL); - if (entry==NULL) + entry = myldap_get_entry(search, NULL); + if (entry == NULL) break; } /* close any started searches */ - if (search!=NULL) + if (search != NULL) myldap_search_close(search); /* return the contents of the set as a list */ return set; } /* Simple wrapper around ldap_get_values(). */ -const char **myldap_get_values(MYLDAP_ENTRY *entry,const char *attr) +const char **myldap_get_values(MYLDAP_ENTRY *entry, const char *attr) { char **values; int rc; @@ -1490,66 +1523,66 @@ const char **myldap_get_values(MYLDAP_ENTRY *entry,const char *attr) /* check parameters */ if (!is_valid_entry(entry)) { - log_log(LOG_ERR,"myldap_get_values(): invalid result entry passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_get_values(): invalid result entry passed"); + errno = EINVAL; return NULL; } - else if (attr==NULL) + else if (attr == NULL) { - log_log(LOG_ERR,"myldap_get_values(): invalid attribute name passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_get_values(): invalid attribute name passed"); + errno = EINVAL; return NULL; } if (!entry->search->valid) return NULL; /* search has been stopped */ /* get from LDAP */ - values=ldap_get_values(entry->search->session->ld,entry->search->msg,attr); - if (values==NULL) + values = ldap_get_values(entry->search->session->ld, entry->search->msg, attr); + if (values == NULL) { - if (ldap_get_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - rc=LDAP_UNAVAILABLE; + if (ldap_get_option(entry->search->session->ld, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) + rc = LDAP_UNAVAILABLE; /* ignore decoding errors as they are just nonexisting attribute values */ - if (rc==LDAP_DECODING_ERROR) + if (rc == LDAP_DECODING_ERROR) { - rc=LDAP_SUCCESS; - if (ldap_set_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - log_log(LOG_WARNING,"failed to clear the error flag"); + rc = LDAP_SUCCESS; + if (ldap_set_option(entry->search->session->ld, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) + log_log(LOG_WARNING, "failed to clear the error flag"); } - else if (rc==LDAP_SUCCESS) + else if (rc == LDAP_SUCCESS) { /* we have a success code but no values, let's try to get ranged values */ - set=myldap_get_ranged_values(entry,attr); - if (set==NULL) + set = myldap_get_ranged_values(entry, attr); + if (set == NULL) return NULL; /* store values entry so we can free it later on */ - for (i=0;i<MAX_RANGED_ATTRIBUTES_PER_ENTRY;i++) - if (entry->rangedattributevalues[i]==NULL) + for (i = 0; i < MAX_RANGED_ATTRIBUTES_PER_ENTRY; i++) + if (entry->rangedattributevalues[i] == NULL) { - entry->rangedattributevalues[i]=(char **)set_tolist(set); + entry->rangedattributevalues[i] = (char **)set_tolist(set); set_free(set); return (const char **)entry->rangedattributevalues[i]; } /* we found no room to store the values */ - log_log(LOG_ERR,"ldap_get_values() couldn't store results, increase MAX_RANGED_ATTRIBUTES_PER_ENTRY"); + log_log(LOG_ERR, "ldap_get_values() couldn't store results, increase MAX_RANGED_ATTRIBUTES_PER_ENTRY"); set_free(set); return NULL; } else - myldap_err(LOG_WARNING,entry->search->session->ld,rc, + myldap_err(LOG_WARNING, entry->search->session->ld, rc, "ldap_get_values() of attribute \"%s\" on entry \"%s\" returned NULL", - attr,myldap_get_dn(entry)); + attr, myldap_get_dn(entry)); return NULL; } /* store values entry so we can free it later on */ - for (i=0;i<MAX_ATTRIBUTES_PER_ENTRY;i++) - if (entry->attributevalues[i]==NULL) + for (i = 0; i < MAX_ATTRIBUTES_PER_ENTRY; i++) + if (entry->attributevalues[i] == NULL) { - entry->attributevalues[i]=values; + entry->attributevalues[i] = values; return (const char **)values; } /* we found no room to store the entry */ - log_log(LOG_ERR,"ldap_get_values() couldn't store results, increase MAX_ATTRIBUTES_PER_ENTRY"); + log_log(LOG_ERR, "ldap_get_values() couldn't store results, increase MAX_ATTRIBUTES_PER_ENTRY"); ldap_value_free(values); return NULL; } @@ -1564,34 +1597,34 @@ static const char **bervalues_to_values(struct berval **bvalues) char *buf; char **values; /* figure out how much memory to allocate */ - num_values=ldap_count_values_len(bvalues); - sz=(num_values+1)*sizeof(char *); - for (i=0;i<num_values;i++) - sz+=bvalues[i]->bv_len+1; + num_values = ldap_count_values_len(bvalues); + sz = (num_values + 1) * sizeof(char *); + for (i = 0; i < num_values; i++) + sz += bvalues[i]->bv_len + 1; /* allocate the needed memory */ - values=(char **)malloc(sz); - if (values==NULL) + values = (char **)malloc(sz); + if (values == NULL) { - log_log(LOG_CRIT,"myldap_get_values_len(): malloc() failed to allocate memory"); + log_log(LOG_CRIT, "myldap_get_values_len(): malloc() failed to allocate memory"); ldap_value_free_len(bvalues); return NULL; } - buf=(char *)values; - buf+=(num_values+1)*sizeof(char *); + buf = (char *)values; + buf += (num_values + 1) * sizeof(char *); /* copy from bvalues */ - for (i=0;i<num_values;i++) + for (i = 0; i < num_values; i++) { - values[i]=buf; - memcpy(values[i],bvalues[i]->bv_val,bvalues[i]->bv_len); - values[i][bvalues[i]->bv_len]='\0'; - buf+=bvalues[i]->bv_len+1; + values[i] = buf; + memcpy(values[i], bvalues[i]->bv_val, bvalues[i]->bv_len); + values[i][bvalues[i]->bv_len] = '\0'; + buf += bvalues[i]->bv_len + 1; } - values[i]=NULL; + values[i] = NULL; return (const char **)values; } /* Simple wrapper around ldap_get_values(). */ -const char **myldap_get_values_len(MYLDAP_ENTRY *entry,const char *attr) +const char **myldap_get_values_len(MYLDAP_ENTRY *entry, const char *attr) { const char **values; struct berval **bvalues; @@ -1601,63 +1634,63 @@ const char **myldap_get_values_len(MYLDAP_ENTRY *entry,const char *attr) /* check parameters */ if (!is_valid_entry(entry)) { - log_log(LOG_ERR,"myldap_get_values_len(): invalid result entry passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_get_values_len(): invalid result entry passed"); + errno = EINVAL; return NULL; } - else if (attr==NULL) + else if (attr == NULL) { - log_log(LOG_ERR,"myldap_get_values_len(): invalid attribute name passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_get_values_len(): invalid attribute name passed"); + errno = EINVAL; return NULL; } if (!entry->search->valid) return NULL; /* search has been stopped */ /* get from LDAP */ - bvalues=ldap_get_values_len(entry->search->session->ld,entry->search->msg,attr); - if (bvalues==NULL) + bvalues = ldap_get_values_len(entry->search->session->ld, entry->search->msg, attr); + if (bvalues == NULL) { - if (ldap_get_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - rc=LDAP_UNAVAILABLE; + if (ldap_get_option(entry->search->session->ld, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) + rc = LDAP_UNAVAILABLE; /* ignore decoding errors as they are just nonexisting attribute values */ - if (rc==LDAP_DECODING_ERROR) + if (rc == LDAP_DECODING_ERROR) { - rc=LDAP_SUCCESS; - if (ldap_set_option(entry->search->session->ld,LDAP_OPT_ERROR_NUMBER,&rc)!=LDAP_SUCCESS) - log_log(LOG_WARNING,"failed to clear the error flag"); + rc = LDAP_SUCCESS; + if (ldap_set_option(entry->search->session->ld, LDAP_OPT_ERROR_NUMBER, &rc) != LDAP_SUCCESS) + log_log(LOG_WARNING, "failed to clear the error flag"); return NULL; } - else if (rc==LDAP_SUCCESS) + else if (rc == LDAP_SUCCESS) { /* we have a success code but no values, let's try to get ranged values */ - set=myldap_get_ranged_values(entry,attr); - if (set==NULL) + set = myldap_get_ranged_values(entry, attr); + if (set == NULL) return NULL; - values=set_tolist(set); + values = set_tolist(set); } else { - myldap_err(LOG_WARNING,entry->search->session->ld,rc, + myldap_err(LOG_WARNING, entry->search->session->ld, rc, "myldap_get_values_len() of attribute \"%s\" on entry \"%s\" returned NULL", - attr,myldap_get_dn(entry)); + attr, myldap_get_dn(entry)); return NULL; } } else { - values=bervalues_to_values(bvalues); + values = bervalues_to_values(bvalues); ldap_value_free_len(bvalues); } /* store values entry so we can free it later on */ - for (i=0;i<MAX_RANGED_ATTRIBUTES_PER_ENTRY;i++) - if (entry->rangedattributevalues[i]==NULL) + for (i = 0; i < MAX_RANGED_ATTRIBUTES_PER_ENTRY; i++) + if (entry->rangedattributevalues[i] == NULL) { - entry->rangedattributevalues[i]=(char **)values; + entry->rangedattributevalues[i] = (char **)values; return values; } /* we found no room to store the values */ - log_log(LOG_ERR,"myldap_get_values_len() couldn't store results, increase MAX_RANGED_ATTRIBUTES_PER_ENTRY"); + log_log(LOG_ERR, "myldap_get_values_len() couldn't store results, increase MAX_RANGED_ATTRIBUTES_PER_ENTRY"); free(values); return NULL; } @@ -1665,33 +1698,35 @@ const char **myldap_get_values_len(MYLDAP_ENTRY *entry,const char *attr) /* Go over the entries in exploded_rdn and see if any start with the requested attribute. Return a reference to the value part of the DN (does not modify exploded_rdn). */ -static const char *find_rdn_value(char **exploded_rdn,const char *attr) +static const char *find_rdn_value(char **exploded_rdn, const char *attr) { - int i,j; + int i, j; int l; - if (exploded_rdn==NULL) + if (exploded_rdn == NULL) return NULL; /* go over all RDNs */ - l=strlen(attr); - for (i=0;exploded_rdn[i]!=NULL;i++) + l = strlen(attr); + for (i = 0; exploded_rdn[i] != NULL; i++) { /* check that RDN starts with attr */ - if (strncasecmp(exploded_rdn[i],attr,l)!=0) + if (strncasecmp(exploded_rdn[i], attr, l) != 0) continue; - j=l; + j = l; /* skip spaces */ - while (isspace(exploded_rdn[i][j])) j++; + while (isspace(exploded_rdn[i][j])) + j++; /* ensure that we found an equals sign now */ - if (exploded_rdn[i][j]!='=') + if (exploded_rdn[i][j] != '=') continue; j++; /* skip more spaces */ - while (isspace(exploded_rdn[i][j])) j++; + while (isspace(exploded_rdn[i][j])) + j++; /* ensure that we're not at the end of the string */ - if (exploded_rdn[i][j]=='\0') + if (exploded_rdn[i][j] == '\0') continue; /* we found our value */ - return exploded_rdn[i]+j; + return exploded_rdn[i] + j; } /* fail */ return NULL; @@ -1705,26 +1740,26 @@ static char **get_exploded_rdn(const char *dn) char **exploded_dn; char **exploded_rdn; /* check if we have a DN */ - if ((dn==NULL)||(strcasecmp(dn,"unknown")==0)) + if ((dn == NULL) || (strcasecmp(dn, "unknown") == 0)) return NULL; /* explode dn into { "uid=test", "ou=people", ..., NULL } */ - exploded_dn=ldap_explode_dn(dn,0); - if ((exploded_dn==NULL)||(exploded_dn[0]==NULL)) + exploded_dn = ldap_explode_dn(dn, 0); + if ((exploded_dn == NULL) || (exploded_dn[0] == NULL)) { - log_log(LOG_WARNING,"ldap_explode_dn(%s) returned NULL: %s", - dn,strerror(errno)); + log_log(LOG_WARNING, "ldap_explode_dn(%s) returned NULL: %s", + dn, strerror(errno)); return NULL; } /* explode rdn (first part of exploded_dn), - e.g. "cn=Test User+uid=testusr" into + e.g. "cn=Test User+uid=testusr" into { "cn=Test User", "uid=testusr", NULL } */ - errno=0; - exploded_rdn=ldap_explode_rdn(exploded_dn[0],0); - if ((exploded_rdn==NULL)||(exploded_rdn[0]==NULL)) + errno = 0; + exploded_rdn = ldap_explode_rdn(exploded_dn[0], 0); + if ((exploded_rdn == NULL) || (exploded_rdn[0] == NULL)) { - log_log(LOG_WARNING,"ldap_explode_rdn(%s) returned NULL: %s", - exploded_dn[0],strerror(errno)); - if (exploded_rdn!=NULL) + log_log(LOG_WARNING, "ldap_explode_rdn(%s) returned NULL: %s", + exploded_dn[0], strerror(errno)); + if (exploded_rdn != NULL) ldap_value_free(exploded_rdn); ldap_value_free(exploded_dn); return NULL; @@ -1733,111 +1768,111 @@ static char **get_exploded_rdn(const char *dn) return exploded_rdn; } -const char *myldap_get_rdn_value(MYLDAP_ENTRY *entry,const char *attr) +const char *myldap_get_rdn_value(MYLDAP_ENTRY *entry, const char *attr) { /* check parameters */ if (!is_valid_entry(entry)) { - log_log(LOG_ERR,"myldap_get_rdn_value(): invalid result entry passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_get_rdn_value(): invalid result entry passed"); + errno = EINVAL; return NULL; } - else if (attr==NULL) + else if (attr == NULL) { - log_log(LOG_ERR,"myldap_get_rdn_value(): invalid attribute name passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_get_rdn_value(): invalid attribute name passed"); + errno = EINVAL; return NULL; } /* check if entry contains exploded_rdn */ - if (entry->exploded_rdn==NULL) + if (entry->exploded_rdn == NULL) { - entry->exploded_rdn=get_exploded_rdn(myldap_get_dn(entry)); - if (entry->exploded_rdn==NULL) + entry->exploded_rdn = get_exploded_rdn(myldap_get_dn(entry)); + if (entry->exploded_rdn == NULL) return NULL; } /* find rnd value */ - return find_rdn_value(entry->exploded_rdn,attr); + return find_rdn_value(entry->exploded_rdn, attr); } -const char *myldap_cpy_rdn_value(const char *dn,const char *attr, - char *buf,size_t buflen) +const char *myldap_cpy_rdn_value(const char *dn, const char *attr, + char *buf, size_t buflen) { char **exploded_rdn; const char *value; /* explode dn into { "cn=Test", "uid=test", NULL } */ - exploded_rdn=get_exploded_rdn(dn); - if (exploded_rdn==NULL) + exploded_rdn = get_exploded_rdn(dn); + if (exploded_rdn == NULL) return NULL; /* see if we have a match */ - value=find_rdn_value(exploded_rdn,attr); + value = find_rdn_value(exploded_rdn, attr); /* if we have something store it in the buffer */ - if ((value!=NULL)&&(strlen(value)<buflen)) - strcpy(buf,value); + if ((value != NULL) && (strlen(value) < buflen)) + strcpy(buf, value); else - value=NULL; + value = NULL; /* free allocated stuff */ ldap_value_free(exploded_rdn); /* check if we have something to return */ - return (value!=NULL)?buf:NULL; + return (value != NULL) ? buf : NULL; } -int myldap_has_objectclass(MYLDAP_ENTRY *entry,const char *objectclass) +int myldap_has_objectclass(MYLDAP_ENTRY *entry, const char *objectclass) { const char **values; int i; - if ((!is_valid_entry(entry))||(objectclass==NULL)) + if ((!is_valid_entry(entry)) || (objectclass == NULL)) { - log_log(LOG_ERR,"myldap_has_objectclass(): invalid argument passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_has_objectclass(): invalid argument passed"); + errno = EINVAL; return 0; } - values=myldap_get_values(entry,"objectClass"); - if (values==NULL) + values = myldap_get_values(entry, "objectClass"); + if (values == NULL) return 0; - for (i=0;values[i]!=NULL;i++) + for (i = 0; values[i] != NULL; i++) { - if (strcasecmp(values[i],objectclass)==0) + if (strcasecmp(values[i], objectclass) == 0) return -1; } return 0; } -int myldap_escape(const char *src,char *buffer,size_t buflen) +int myldap_escape(const char *src, char *buffer, size_t buflen) { - size_t pos=0; + size_t pos = 0; /* go over all characters in source string */ - for (;*src!='\0';src++) + for (; *src != '\0'; src++) { /* check if char will fit */ - if ((pos+4)>=buflen) + if ((pos + 4) >= buflen) return -1; /* do escaping for some characters */ switch (*src) { case '*': - strcpy(buffer+pos,"\\2a"); - pos+=3; + strcpy(buffer + pos, "\\2a"); + pos += 3; break; case '(': - strcpy(buffer+pos,"\\28"); - pos+=3; + strcpy(buffer + pos, "\\28"); + pos += 3; break; case ')': - strcpy(buffer+pos,"\\29"); - pos+=3; + strcpy(buffer + pos, "\\29"); + pos += 3; break; case '\\': - strcpy(buffer+pos,"\\5c"); - pos+=3; + strcpy(buffer + pos, "\\5c"); + pos += 3; break; default: /* just copy character */ - buffer[pos++]=*src; + buffer[pos++] = *src; break; } } /* terminate destination string */ - buffer[pos]='\0'; + buffer[pos] = '\0'; return 0; } @@ -1846,37 +1881,37 @@ int myldap_set_debuglevel(int level) int i; int rc; /* turn on debugging */ - if (level>1) + if (level > 1) { #ifdef LBER_OPT_LOG_PRINT_FILE - log_log(LOG_DEBUG,"ber_set_option(LBER_OPT_LOG_PRINT_FILE)"); \ - rc=ber_set_option(NULL,LBER_OPT_LOG_PRINT_FILE,stderr); - if (rc!=LDAP_SUCCESS) + log_log(LOG_DEBUG, "ber_set_option(LBER_OPT_LOG_PRINT_FILE)"); + rc = ber_set_option(NULL, LBER_OPT_LOG_PRINT_FILE, stderr); + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_ERR,NULL,rc,"ber_set_option(LBER_OPT_LOG_PRINT_FILE) failed"); + myldap_err(LOG_ERR, NULL, rc, "ber_set_option(LBER_OPT_LOG_PRINT_FILE) failed"); return rc; } #endif /* LBER_OPT_LOG_PRINT_FILE */ #ifdef LBER_OPT_DEBUG_LEVEL - if (level>2) + if (level > 2) { - i=-1; - log_log(LOG_DEBUG,"ber_set_option(LBER_OPT_DEBUG_LEVEL,-1)"); - rc=ber_set_option(NULL,LBER_OPT_DEBUG_LEVEL,&i); - if (rc!=LDAP_SUCCESS) + i = -1; + log_log(LOG_DEBUG, "ber_set_option(LBER_OPT_DEBUG_LEVEL,-1)"); + rc = ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &i); + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_ERR,NULL,rc,"ber_set_option(LBER_OPT_DEBUG_LEVEL) failed"); + myldap_err(LOG_ERR, NULL, rc, "ber_set_option(LBER_OPT_DEBUG_LEVEL) failed"); return rc; } } #endif /* LBER_OPT_DEBUG_LEVEL */ #ifdef LDAP_OPT_DEBUG_LEVEL - i=-1; - log_log(LOG_DEBUG,"ldap_set_option(LDAP_OPT_DEBUG_LEVEL,-1)"); - rc=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&i); - if (rc!=LDAP_SUCCESS) + i = -1; + log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_DEBUG_LEVEL,-1)"); + rc = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &i); + if (rc != LDAP_SUCCESS) { - myldap_err(LOG_ERR,NULL,rc,"ldap_set_option(LDAP_OPT_DEBUG_LEVEL) failed"); + myldap_err(LOG_ERR, NULL, rc, "ldap_set_option(LDAP_OPT_DEBUG_LEVEL) failed"); return rc; } #endif /* LDAP_OPT_DEBUG_LEVEL */ @@ -1884,63 +1919,63 @@ int myldap_set_debuglevel(int level) return LDAP_SUCCESS; } -int myldap_passwd( - MYLDAP_SESSION *session, - const char *userdn,const char *oldpassword,const char *newpasswd) +int myldap_passwd(MYLDAP_SESSION *session, + const char *userdn, const char *oldpassword, + const char *newpasswd) { int rc; struct berval ber_userdn, ber_oldpassword, ber_newpassword, ber_retpassword; /* check parameters */ - if (!is_valid_session(session)||(userdn==NULL)||(newpasswd==NULL)) + if (!is_valid_session(session) || (userdn == NULL) || (newpasswd == NULL)) { - log_log(LOG_ERR,"myldap_passwd(): invalid parameter passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_passwd(): invalid parameter passed"); + errno = EINVAL; return LDAP_OTHER; } /* log the call */ - log_log(LOG_DEBUG,"myldap_passwd(userdn=\"%s\",oldpasswd=%s,newpasswd=\"***\")", - userdn,oldpassword?"\"***\"":"NULL"); + log_log(LOG_DEBUG, "myldap_passwd(userdn=\"%s\",oldpasswd=%s,newpasswd=\"***\")", + userdn, oldpassword ? "\"***\"" : "NULL"); /* translate to ber stuff */ - ber_userdn.bv_val=(char *)userdn; - ber_userdn.bv_len=strlen(userdn); - ber_newpassword.bv_val=(char *)newpasswd; - ber_newpassword.bv_len=strlen(newpasswd); - ber_retpassword.bv_val=NULL; - ber_retpassword.bv_len=0; + ber_userdn.bv_val = (char *)userdn; + ber_userdn.bv_len = strlen(userdn); + ber_newpassword.bv_val = (char *)newpasswd; + ber_newpassword.bv_len = strlen(newpasswd); + ber_retpassword.bv_val = NULL; + ber_retpassword.bv_len = 0; /* perform request */ - log_log(LOG_DEBUG,"myldap_passwd(): try ldap_passwd_s() without old password"); - rc=ldap_passwd_s(session->ld,&ber_userdn,NULL, - &ber_newpassword,&ber_retpassword,NULL,NULL); - if (rc!=LDAP_SUCCESS) - myldap_err(LOG_ERR,session->ld,rc,"ldap_passwd_s() without old password failed"); + log_log(LOG_DEBUG, "myldap_passwd(): try ldap_passwd_s() without old password"); + rc = ldap_passwd_s(session->ld, &ber_userdn, NULL, &ber_newpassword, + &ber_retpassword, NULL, NULL); + if (rc != LDAP_SUCCESS) + myldap_err(LOG_ERR, session->ld, rc, "ldap_passwd_s() without old password failed"); /* free returned data if needed */ - if (ber_retpassword.bv_val!=NULL) + if (ber_retpassword.bv_val != NULL) ldap_memfree(ber_retpassword.bv_val); - if ((rc!=LDAP_SUCCESS)&&(oldpassword!=NULL)) + if ((rc != LDAP_SUCCESS) && (oldpassword != NULL)) { /* retry with old password */ - log_log(LOG_DEBUG,"myldap_passwd(): try ldap_passwd_s() with old password"); - ber_oldpassword.bv_val=(char *)oldpassword; - ber_oldpassword.bv_len=strlen(oldpassword); + log_log(LOG_DEBUG, "myldap_passwd(): try ldap_passwd_s() with old password"); + ber_oldpassword.bv_val = (char *)oldpassword; + ber_oldpassword.bv_len = strlen(oldpassword); /* perform request */ - rc=ldap_passwd_s(session->ld,&ber_userdn,&ber_oldpassword, - &ber_newpassword,&ber_retpassword,NULL,NULL); - if (rc!=LDAP_SUCCESS) - myldap_err(LOG_ERR,session->ld,rc,"ldap_passwd_s() with old password failed"); + rc = ldap_passwd_s(session->ld, &ber_userdn, &ber_oldpassword, + &ber_newpassword, &ber_retpassword, NULL, NULL); + if (rc != LDAP_SUCCESS) + myldap_err(LOG_ERR, session->ld, rc, "ldap_passwd_s() with old password failed"); /* free returned data if needed */ - if (ber_retpassword.bv_val!=NULL) + if (ber_retpassword.bv_val != NULL) ldap_memfree(ber_retpassword.bv_val); } return rc; } -int myldap_modify(MYLDAP_SESSION *session,const char *dn,LDAPMod *mods[]) +int myldap_modify(MYLDAP_SESSION *session, const char *dn, LDAPMod * mods[]) { - if (!is_valid_session(session)||(dn==NULL)) + if (!is_valid_session(session) || (dn == NULL)) { - log_log(LOG_ERR,"myldap_passwd(): invalid parameter passed"); - errno=EINVAL; + log_log(LOG_ERR, "myldap_passwd(): invalid parameter passed"); + errno = EINVAL; return LDAP_OTHER; } - return ldap_modify_ext_s(session->ld,dn,mods,NULL,NULL); + return ldap_modify_ext_s(session->ld, dn, mods, NULL, NULL); } diff --git a/nslcd/myldap.h b/nslcd/myldap.h index f118f72..627b236 100644 --- a/nslcd/myldap.h +++ b/nslcd/myldap.h @@ -2,7 +2,7 @@ myldap.h - simple interface to do LDAP requests This file is part of the nss-pam-ldapd library. - Copyright (C) 2007, 2008, 2009, 2010, 2011 Arthur de Jong + Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -69,7 +69,7 @@ typedef struct myldap_entry MYLDAP_ENTRY; MUST_USE MYLDAP_SESSION *myldap_create_session(void); /* Set alternative credentials for the session. */ -void myldap_set_credentials(MYLDAP_SESSION *session,const char *dn, +void myldap_set_credentials(MYLDAP_SESSION *session, const char *dn, const char *password); /* Closes all pending searches and deallocates any memory that is allocated @@ -89,10 +89,10 @@ void myldap_session_close(MYLDAP_SESSION *session); error). This function uses paging, and does reconnects to the configured URLs transparently. The function returns an LDAP status code in the location pointed to by rcp if it is non-NULL. */ -MUST_USE MYLDAP_SEARCH *myldap_search( - MYLDAP_SESSION *session, - const char *base,int scope,const char *filter,const char **attrs, - int *rcp); +MUST_USE MYLDAP_SEARCH *myldap_search(MYLDAP_SESSION *session, + const char *base, int scope, + const char *filter, const char **attrs, + int *rcp); /* Close the specified search. This frees all the memory that was allocated for the search and its results. */ @@ -104,51 +104,51 @@ void myldap_search_close(MYLDAP_SEARCH *search); freed with this call. The search is autoamtically closed when no more results are available. The function returns an LDAP status code in the location pointed to by rcp if it is non-NULL. */ -MUST_USE MYLDAP_ENTRY *myldap_get_entry(MYLDAP_SEARCH *search,int *rcp); +MUST_USE MYLDAP_ENTRY *myldap_get_entry(MYLDAP_SEARCH *search, int *rcp); /* Get the DN from the entry. This function does not return NULL (on error "unknown" is returned). */ MUST_USE const char *myldap_get_dn(MYLDAP_ENTRY *entry); /* Just like myldap_get_dn() but copies the result into the buffer. */ -char *myldap_cpy_dn(MYLDAP_ENTRY *entry,char *buf,size_t buflen); +char *myldap_cpy_dn(MYLDAP_ENTRY *entry, char *buf, size_t buflen); /* Get the attribute values from a certain entry as a NULL terminated list. May return NULL or an empty array. */ -MUST_USE const char **myldap_get_values(MYLDAP_ENTRY *entry,const char *attr); +MUST_USE const char **myldap_get_values(MYLDAP_ENTRY *entry, const char *attr); /* Get the attribute values from a certain entry as a NULL terminated list. May return NULL or an empty array. */ -MUST_USE const char **myldap_get_values_len(MYLDAP_ENTRY *entry,const char *attr); +MUST_USE const char **myldap_get_values_len(MYLDAP_ENTRY *entry, const char *attr); /* Checks to see if the entry has the specified object class. */ -MUST_USE int myldap_has_objectclass(MYLDAP_ENTRY *entry,const char *objectclass); +MUST_USE int myldap_has_objectclass(MYLDAP_ENTRY *entry, const char *objectclass); /* Get the RDN's value: eg. if the DN was cn=lukeh, ou=People, dc=example, - dc=com getrdnvalue(entry,cn) would return lukeh. If the attribute was not + dc=com getrdnvalue(entry, cn) would return lukeh. If the attribute was not found in the DN or if some error occurs NULL is returned. This method may be used to get the "most authorative" value for an attribute. */ -MUST_USE const char *myldap_get_rdn_value(MYLDAP_ENTRY *entry,const char *attr); +MUST_USE const char *myldap_get_rdn_value(MYLDAP_ENTRY *entry, const char *attr); /* Just like myldap_get_rdn_value() but use the supplied character sequence and copies the result into the buffer. Returns a pointer to the start of the string on success and NULL on failure. */ -MUST_USE const char *myldap_cpy_rdn_value(const char *dn,const char *attr, - char *buf,size_t buflen); +MUST_USE const char *myldap_cpy_rdn_value(const char *dn, const char *attr, + char *buf, size_t buflen); /* Escapes characters in a string for use in a search filter. */ -MUST_USE int myldap_escape(const char *src,char *buffer,size_t buflen); +MUST_USE int myldap_escape(const char *src, char *buffer, size_t buflen); /* Set the debug level globally. Returns an LDAP status code. */ int myldap_set_debuglevel(int level); /* Perform an EXOP password modification call. Returns an LDAP status code. */ -int myldap_passwd( - MYLDAP_SESSION *session, - const char *userdn,const char *oldpassword,const char *newpasswd); +int myldap_passwd(MYLDAP_SESSION *session, + const char *userdn, const char *oldpassword, + const char *newpasswd); /* Perform an LDAP modification request. Returns an LDAP status code. */ -int myldap_modify(MYLDAP_SESSION *session,const char *dn,LDAPMod *mods[]); +int myldap_modify(MYLDAP_SESSION *session, const char *dn, LDAPMod * mods[]); #endif /* not NSLCD__MYLDAP_H */ diff --git a/nslcd/netgroup.c b/nslcd/netgroup.c index 535bc27..29cd91a 100644 --- a/nslcd/netgroup.c +++ b/nslcd/netgroup.c @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong + Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -63,149 +63,148 @@ const char *attmap_netgroup_memberNisNetgroup = "memberNisNetgroup"; static const char *netgroup_attrs[4]; static int mkfilter_netgroup_byname(const char *name, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if (myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - netgroup_filter, - attmap_netgroup_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + netgroup_filter, attmap_netgroup_cn, safename); } void netgroup_init(void) { int i; /* set up search bases */ - if (netgroup_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - netgroup_bases[i]=nslcd_cfg->ldc_bases[i]; + if (netgroup_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + netgroup_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (netgroup_scope==LDAP_SCOPE_DEFAULT) - netgroup_scope=nslcd_cfg->ldc_scope; + if (netgroup_scope == LDAP_SCOPE_DEFAULT) + netgroup_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - netgroup_attrs[0]=attmap_netgroup_cn; - netgroup_attrs[1]=attmap_netgroup_nisNetgroupTriple; - netgroup_attrs[2]=attmap_netgroup_memberNisNetgroup; - netgroup_attrs[3]=NULL; + netgroup_attrs[0] = attmap_netgroup_cn; + netgroup_attrs[1] = attmap_netgroup_nisNetgroupTriple; + netgroup_attrs[2] = attmap_netgroup_memberNisNetgroup; + netgroup_attrs[3] = NULL; } -static int write_string_stripspace_len(TFILE *fp,const char *str,int len) +static int write_string_stripspace_len(TFILE *fp, const char *str, int len) { int32_t tmpint32; - int i,j; - DEBUG_PRINT("WRITE_STRING: var="__STRING(str)" string=\"%s\"",str); - if (str==NULL) + int i, j; + DEBUG_PRINT("WRITE_STRING: var=" __STRING(str) " string=\"%s\"", str); + if (str == NULL) { - WRITE_INT32(fp,0); + WRITE_INT32(fp, 0); } else { /* skip leading spaces */ - for (i=0;(str[i]!='\0')&&(isspace(str[i]));i++) - /* nothing else to do */ ; + for (i = 0; (str[i] != '\0') && (isspace(str[i])); i++) + /* nothing */ ; /* skip trailing spaces */ - for (j=len;(j>i)&&(isspace(str[j-1]));j--) - /* nothing else to do */ ; + for (j = len; (j > i) && (isspace(str[j - 1])); j--) + /* nothing */ ; /* write length of string */ - WRITE_INT32(fp,j-i); + WRITE_INT32(fp, j - i); /* write string itself */ - if (j>i) + if (j > i) { - WRITE(fp,str+i,j-i); + WRITE(fp, str + i, j - i); } } /* we're done */ return 0; } -#define WRITE_STRING_STRIPSPACE_LEN(fp,str,len) \ - if (write_string_stripspace_len(fp,str,len)) \ +#define WRITE_STRING_STRIPSPACE_LEN(fp, str, len) \ + if (write_string_stripspace_len(fp, str, len)) \ return -1; -#define WRITE_STRING_STRIPSPACE(fp,str) \ - WRITE_STRING_STRIPSPACE_LEN(fp,str,strlen(str)) +#define WRITE_STRING_STRIPSPACE(fp, str) \ + WRITE_STRING_STRIPSPACE_LEN(fp, str, strlen(str)) -static int write_netgroup_triple(TFILE *fp,MYLDAP_ENTRY *entry,const char *triple) +static int write_netgroup_triple(TFILE *fp, MYLDAP_ENTRY *entry, + const char *triple) { int32_t tmpint32; int i; - int hostb,hoste,userb,usere,domainb,domaine; + int hostb, hoste, userb, usere, domainb, domaine; /* skip leading spaces */ - for (i=0;(triple[i]!='\0')&&(isspace(triple[i]));i++) - /* nothing else to do */ ; + for (i = 0; (triple[i] != '\0') && (isspace(triple[i])); i++) + /* nothing */ ; /* we should have a bracket now */ - if (triple[i]!='(') + if (triple[i] != '(') { - log_log(LOG_WARNING,"%s: %s: does not begin with '('", - myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); + log_log(LOG_WARNING, "%s: %s: does not begin with '('", + myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple); return 0; } i++; - hostb=i; + hostb = i; /* find comma (end of host string) */ - for (;(triple[i]!='\0')&&(triple[i]!=',');i++) - /* nothing else to do */ ; - if (triple[i]!=',') + for (; (triple[i] != '\0') && (triple[i] != ','); i++) + /* nothing */ ; + if (triple[i] != ',') { - log_log(LOG_WARNING,"%s: %s: missing ','", - myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); + log_log(LOG_WARNING, "%s: %s: missing ','", + myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple); return 0; } - hoste=i; + hoste = i; i++; - userb=i; + userb = i; /* find comma (end of user string) */ - for (;(triple[i]!='\0')&&(triple[i]!=',');i++) - /* nothing else to do */ ; - if (triple[i]!=',') + for (; (triple[i] != '\0') && (triple[i] != ','); i++) + /* nothing */ ; + if (triple[i] != ',') { - log_log(LOG_WARNING,"%s: %s: missing ','", - myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); + log_log(LOG_WARNING, "%s: %s: missing ','", + myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple); return 0; } - usere=i; + usere = i; i++; - domainb=i; + domainb = i; /* find closing bracket (end of domain string) */ - for (;(triple[i]!='\0')&&(triple[i]!=')');i++) - /* nothing else to do */ ; - if (triple[i]!=')') + for (; (triple[i] != '\0') && (triple[i] != ')'); i++) + /* nothing */ ; + if (triple[i] != ')') { - log_log(LOG_WARNING,"%s: %s: missing ')'", - myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); + log_log(LOG_WARNING, "%s: %s: missing ')'", + myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple); return 0; } - domaine=i; + domaine = i; i++; /* skip trailing spaces */ - for (;(triple[i]!='\0')&&(isspace(triple[i]));i++) - /* nothing else to do */ ; + for (; (triple[i] != '\0') && (isspace(triple[i])); i++) + /* nothing */ ; /* if anything is left in the string we have a problem */ - if (triple[i]!='\0') + if (triple[i] != '\0') { - log_log(LOG_WARNING,"%s: %s: contains trailing data", - myldap_get_dn(entry),attmap_netgroup_nisNetgroupTriple); + log_log(LOG_WARNING, "%s: %s: contains trailing data", + myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple); return 0; } /* write strings */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,NSLCD_NETGROUP_TYPE_TRIPLE); - WRITE_STRING_STRIPSPACE_LEN(fp,triple+hostb,hoste-hostb) - WRITE_STRING_STRIPSPACE_LEN(fp,triple+userb,usere-userb) - WRITE_STRING_STRIPSPACE_LEN(fp,triple+domainb,domaine-domainb) + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, NSLCD_NETGROUP_TYPE_TRIPLE); + WRITE_STRING_STRIPSPACE_LEN(fp, triple + hostb, hoste - hostb); + WRITE_STRING_STRIPSPACE_LEN(fp, triple + userb, usere - userb); + WRITE_STRING_STRIPSPACE_LEN(fp, triple + domainb, domaine - domainb); /* we're done */ return 0; } -#define WRITE_NETGROUP_TRIPLE(fp,entry,triple) \ - if (write_netgroup_triple(fp,entry,triple)) \ +#define WRITE_NETGROUP_TRIPLE(fp, entry, triple) \ + if (write_netgroup_triple(fp, entry, triple)) \ return -1; -static int write_netgroup(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) +static int write_netgroup(TFILE *fp, MYLDAP_ENTRY *entry, const char *reqname) { int32_t tmpint32; int i; @@ -213,48 +212,48 @@ static int write_netgroup(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) const char **triples; const char **members; /* get the netgroup name */ - names=myldap_get_values(entry,attmap_netgroup_cn); - if ((names==NULL)||(names[0]==NULL)) + names = myldap_get_values(entry, attmap_netgroup_cn); + if ((names == NULL) || (names[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_netgroup_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_netgroup_cn); return 0; } - for (i=0;(names[i]!=NULL)&&(STR_CMP(reqname,names[i])!=0);i++) - /* nothing here */ ; - if (names[i]==NULL) + for (i = 0; (names[i] != NULL) && (STR_CMP(reqname, names[i]) != 0); i++) + /* nothing */ ; + if (names[i] == NULL) return 0; /* the name was not found */ /* get the netgroup triples and member */ - triples=myldap_get_values(entry,attmap_netgroup_nisNetgroupTriple); - members=myldap_get_values(entry,attmap_netgroup_memberNisNetgroup); + triples = myldap_get_values(entry, attmap_netgroup_nisNetgroupTriple); + members = myldap_get_values(entry, attmap_netgroup_memberNisNetgroup); /* write the netgroup triples */ - if (triples!=NULL) - for (i=0;triples[i]!=NULL;i++) + if (triples != NULL) + for (i = 0; triples[i] != NULL; i++) { - WRITE_NETGROUP_TRIPLE(fp,entry,triples[i]); + WRITE_NETGROUP_TRIPLE(fp, entry, triples[i]); } /* write netgroup members */ - if (members!=NULL) - for (i=0;members[i]!=NULL;i++) + if (members != NULL) + for (i = 0; members[i] != NULL; i++) { /* write the result code */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); /* write triple indicator */ - WRITE_INT32(fp,NSLCD_NETGROUP_TYPE_NETGROUP); + WRITE_INT32(fp, NSLCD_NETGROUP_TYPE_NETGROUP); /* write netgroup name */ - WRITE_STRING_STRIPSPACE(fp,members[i]); + WRITE_STRING_STRIPSPACE(fp, members[i]); } /* we're done */ return 0; } NSLCD_HANDLE( - netgroup,byname, + netgroup, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("netgroup=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("netgroup=\"%s\"", name);, NSLCD_ACTION_NETGROUP_BYNAME, - mkfilter_netgroup_byname(name,filter,sizeof(filter)), - write_netgroup(fp,entry,name) + mkfilter_netgroup_byname(name, filter, sizeof(filter)), + write_netgroup(fp, entry, name) ) diff --git a/nslcd/network.c b/nslcd/network.c index 1197245..941de52 100644 --- a/nslcd/network.c +++ b/nslcd/network.c @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2009, 2010, 2011 Arthur de Jong + Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -63,128 +63,124 @@ static const char *network_attrs[3]; /* create a search filter for searching a network entry by name, return -1 on errors */ static int mkfilter_network_byname(const char *name, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if (myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - network_filter, - attmap_network_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + network_filter, attmap_network_cn, safename); } static int mkfilter_network_byaddr(const char *addrstr, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safeaddr[64]; /* escape attribute */ - if (myldap_escape(addrstr,safeaddr,sizeof(safeaddr))) + if (myldap_escape(addrstr, safeaddr, sizeof(safeaddr))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - network_filter, - attmap_network_ipNetworkNumber,safeaddr); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + network_filter, attmap_network_ipNetworkNumber, safeaddr); } void network_init(void) { int i; /* set up search bases */ - if (network_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - network_bases[i]=nslcd_cfg->ldc_bases[i]; + if (network_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + network_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (network_scope==LDAP_SCOPE_DEFAULT) - network_scope=nslcd_cfg->ldc_scope; + if (network_scope == LDAP_SCOPE_DEFAULT) + network_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - network_attrs[0]=attmap_network_cn; - network_attrs[1]=attmap_network_ipNetworkNumber; - network_attrs[2]=NULL; + network_attrs[0] = attmap_network_cn; + network_attrs[1] = attmap_network_ipNetworkNumber; + network_attrs[2] = NULL; } /* write a single network entry to the stream */ -static int write_network(TFILE *fp,MYLDAP_ENTRY *entry) +static int write_network(TFILE *fp, MYLDAP_ENTRY *entry) { - int32_t tmpint32,tmp2int32,tmp3int32; - int numaddr,i; + int32_t tmpint32, tmp2int32, tmp3int32; + int numaddr, i; const char *networkname; const char **networknames; const char **addresses; /* get the most canonical name */ - networkname=myldap_get_rdn_value(entry,attmap_network_cn); + networkname = myldap_get_rdn_value(entry, attmap_network_cn); /* get the other names for the network */ - networknames=myldap_get_values(entry,attmap_network_cn); - if ((networknames==NULL)||(networknames[0]==NULL)) + networknames = myldap_get_values(entry, attmap_network_cn); + if ((networknames == NULL) || (networknames[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_network_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_network_cn); return 0; } /* if the networkname is not yet found, get the first entry from networknames */ - if (networkname==NULL) - networkname=networknames[0]; + if (networkname == NULL) + networkname = networknames[0]; /* get the addresses */ - addresses=myldap_get_values(entry,attmap_network_ipNetworkNumber); - if ((addresses==NULL)||(addresses[0]==NULL)) + addresses = myldap_get_values(entry, attmap_network_ipNetworkNumber); + if ((addresses == NULL) || (addresses[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_network_ipNetworkNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_network_ipNetworkNumber); return 0; } /* write the entry */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,networkname); - WRITE_STRINGLIST_EXCEPT(fp,networknames,networkname); - for (numaddr=0;addresses[numaddr]!=NULL;numaddr++) - /*noting*/ ; - WRITE_INT32(fp,numaddr); - for (i=0;i<numaddr;i++) + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, networkname); + WRITE_STRINGLIST_EXCEPT(fp, networknames, networkname); + for (numaddr = 0; addresses[numaddr] != NULL; numaddr++) + /* noting */ ; + WRITE_INT32(fp, numaddr); + for (i = 0; i < numaddr; i++) { - WRITE_ADDRESS(fp,entry,attmap_network_ipNetworkNumber,addresses[i]); + WRITE_ADDRESS(fp, entry, attmap_network_ipNetworkNumber, addresses[i]); } return 0; } NSLCD_HANDLE( - network,byname, + network, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("network=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("network=\"%s\"", name);, NSLCD_ACTION_NETWORK_BYNAME, - mkfilter_network_byname(name,filter,sizeof(filter)), - write_network(fp,entry) + mkfilter_network_byname(name, filter, sizeof(filter)), + write_network(fp, entry) ) NSLCD_HANDLE( - network,byaddr, + network, byaddr, int af; char addr[64]; - int len=sizeof(addr); + int len = sizeof(addr); char addrstr[64]; char filter[4096]; - READ_ADDRESS(fp,addr,len,af); + READ_ADDRESS(fp, addr, len, af); /* translate the address to a string */ - if (inet_ntop(af,addr,addrstr,sizeof(addrstr))==NULL) + if (inet_ntop(af, addr, addrstr, sizeof(addrstr)) == NULL) { - log_log(LOG_WARNING,"unable to convert address to string"); + log_log(LOG_WARNING, "unable to convert address to string"); return -1; } - log_setrequest("network=%s",addrstr);, + log_setrequest("network=%s", addrstr);, NSLCD_ACTION_NETWORK_BYADDR, - mkfilter_network_byaddr(addrstr,filter,sizeof(filter)), - write_network(fp,entry) + mkfilter_network_byaddr(addrstr, filter, sizeof(filter)), + write_network(fp, entry) ) NSLCD_HANDLE( - network,all, + network, all, const char *filter; log_setrequest("network(all)");, NSLCD_ACTION_NETWORK_ALL, - (filter=network_filter,0), - write_network(fp,entry) + (filter = network_filter, 0), + write_network(fp, entry) ) diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c index 0ea7bb2..c6edb95 100644 --- a/nslcd/nslcd.c +++ b/nslcd/nslcd.c @@ -70,25 +70,25 @@ quickly, write timeout is 60 seconds because clients could be taking some time to process the results */ #define READ_TIMEOUT 500 -#define WRITE_TIMEOUT 60*1000 +#define WRITE_TIMEOUT 60 * 1000 /* buffer sizes for I/O */ #define READBUFFER_MINSIZE 32 #define READBUFFER_MAXSIZE 64 #define WRITEBUFFER_MINSIZE 64 -#define WRITEBUFFER_MAXSIZE 1*1024*1024 +#define WRITEBUFFER_MAXSIZE 1 * 1024 * 1024 /* flag to indicate if we are in debugging mode */ -static int nslcd_debugging=0; +static int nslcd_debugging = 0; /* flag to indicate user requested the --check option */ -static int nslcd_checkonly=0; +static int nslcd_checkonly = 0; /* the exit flag to indicate that a signal was received */ -static volatile int nslcd_exitsignal=0; +static volatile int nslcd_exitsignal = 0; /* the server socket used for communication */ -static int nslcd_serversocket=-1; +static int nslcd_serversocket = -1; /* thread ids of all running threads */ static pthread_t *nslcd_threads; @@ -112,73 +112,68 @@ static char *sane_environment[] = { /* display version information */ static void display_version(FILE *fp) { - fprintf(fp,"%s\n",PACKAGE_STRING); - fprintf(fp,"Written by Luke Howard and Arthur de Jong.\n\n"); - fprintf(fp,"Copyright (C) 1997-2012 Luke Howard, Arthur de Jong and West Consulting\n" - "This is free software; see the source for copying conditions. There is NO\n" - "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"); + fprintf(fp, "%s\n", PACKAGE_STRING); + fprintf(fp, "Written by Luke Howard and Arthur de Jong.\n\n"); + fprintf(fp, "Copyright (C) 1997-2012 Luke Howard, Arthur de Jong and West Consulting\n" + "This is free software; see the source for copying conditions. There is NO\n" + "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"); } /* display usage information */ -static void display_usage(FILE *fp,const char *program_name) +static void display_usage(FILE *fp, const char *program_name) { - fprintf(fp,"Usage: %s [OPTION]...\n",program_name); - fprintf(fp,"Name Service LDAP connection daemon.\n"); - fprintf(fp," -c, --check check if the daemon already is running\n"); - fprintf(fp," -d, --debug don't fork and print debugging to stderr\n"); - fprintf(fp," --help display this help and exit\n"); - fprintf(fp," --version output version information and exit\n"); - fprintf(fp,"\n" - "Report bugs to <%s>.\n",PACKAGE_BUGREPORT); + fprintf(fp, "Usage: %s [OPTION]...\n", program_name); + fprintf(fp, "Name Service LDAP connection daemon.\n"); + fprintf(fp, " -c, --check check if the daemon already is running\n"); + fprintf(fp, " -d, --debug don't fork and print debugging to stderr\n"); + fprintf(fp, " --help display this help and exit\n"); + fprintf(fp, " --version output version information and exit\n"); + fprintf(fp, "\n" "Report bugs to <%s>.\n", PACKAGE_BUGREPORT); } /* the definition of options for getopt(). see getopt(2) */ -static struct option const nslcd_options[] = -{ - { "check", no_argument, NULL, 'c' }, - { "debug", no_argument, NULL, 'd' }, - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, 'V' }, - { NULL, 0, NULL, 0 } +static struct option const nslcd_options[] = { + {"check", no_argument, NULL, 'c'}, + {"debug", no_argument, NULL, 'd'}, + {"help", no_argument, NULL, 'h'}, + {"version", no_argument, NULL, 'V'}, + {NULL, 0, NULL, 0} }; #define NSLCD_OPTIONSTRING "cdhV" /* parse command line options and save settings in struct */ -static void parse_cmdline(int argc,char *argv[]) +static void parse_cmdline(int argc, char *argv[]) { int optc; - while ((optc=getopt_long(argc,argv,NSLCD_OPTIONSTRING,nslcd_options,NULL))!=-1) + while ((optc = getopt_long(argc, argv, NSLCD_OPTIONSTRING, nslcd_options, NULL)) != -1) { switch (optc) { - case 'c': /* -c, --check check if the daemon already is running */ - nslcd_checkonly=1; - break; - case 'd': /* -d, --debug don't fork and print debugging to stderr */ - nslcd_debugging++; - log_setdefaultloglevel(LOG_DEBUG); - break; - case 'h': /* --help display this help and exit */ - display_usage(stdout,argv[0]); - exit(EXIT_SUCCESS); - case 'V': /* --version output version information and exit */ - display_version(stdout); - exit(EXIT_SUCCESS); - case ':': /* missing required parameter */ - case '?': /* unknown option character or extraneous parameter */ - default: - fprintf(stderr,"Try '%s --help' for more information.\n", - argv[0]); - exit(EXIT_FAILURE); + case 'c': /* -c, --check check if the daemon already is running */ + nslcd_checkonly = 1; + break; + case 'd': /* -d, --debug don't fork and print debugging to stderr */ + nslcd_debugging++; + log_setdefaultloglevel(LOG_DEBUG); + break; + case 'h': /* --help display this help and exit */ + display_usage(stdout, argv[0]); + exit(EXIT_SUCCESS); + case 'V': /* --version output version information and exit */ + display_version(stdout); + exit(EXIT_SUCCESS); + case ':': /* missing required parameter */ + case '?': /* unknown option character or extraneous parameter */ + default: + fprintf(stderr, "Try '%s --help' for more information.\n", argv[0]); + exit(EXIT_FAILURE); } } /* check for remaining arguments */ - if (optind<argc) + if (optind < argc) { - fprintf(stderr,"%s: unrecognized option '%s'\n", - argv[0],argv[optind]); - fprintf(stderr,"Try '%s --help' for more information.\n", - argv[0]); + fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[optind]); + fprintf(stderr, "Try '%s --help' for more information.\n", argv[0]); exit(EXIT_FAILURE); } } @@ -188,53 +183,53 @@ static const char *signame(int signum) { switch (signum) { - case SIGHUP: return "SIGHUP"; /* Hangup detected */ - case SIGINT: return "SIGINT"; /* Interrupt from keyboard */ - case SIGQUIT: return "SIGQUIT"; /* Quit from keyboard */ - case SIGILL: return "SIGILL"; /* Illegal Instruction */ - case SIGABRT: return "SIGABRT"; /* Abort signal from abort(3) */ - case SIGFPE: return "SIGFPE"; /* Floating point exception */ - case SIGKILL: return "SIGKILL"; /* Kill signal */ - case SIGSEGV: return "SIGSEGV"; /* Invalid memory reference */ - case SIGPIPE: return "SIGPIPE"; /* Broken pipe */ - case SIGALRM: return "SIGALRM"; /* Timer signal from alarm(2) */ - case SIGTERM: return "SIGTERM"; /* Termination signal */ - case SIGUSR1: return "SIGUSR1"; /* User-defined signal 1 */ - case SIGUSR2: return "SIGUSR2"; /* User-defined signal 2 */ - case SIGCHLD: return "SIGCHLD"; /* Child stopped or terminated */ - case SIGCONT: return "SIGCONT"; /* Continue if stopped */ - case SIGSTOP: return "SIGSTOP"; /* Stop process */ - case SIGTSTP: return "SIGTSTP"; /* Stop typed at tty */ - case SIGTTIN: return "SIGTTIN"; /* tty input for background process */ - case SIGTTOU: return "SIGTTOU"; /* tty output for background process */ + case SIGHUP: return "SIGHUP"; /* Hangup detected */ + case SIGINT: return "SIGINT"; /* Interrupt from keyboard */ + case SIGQUIT: return "SIGQUIT"; /* Quit from keyboard */ + case SIGILL: return "SIGILL"; /* Illegal Instruction */ + case SIGABRT: return "SIGABRT"; /* Abort signal from abort(3) */ + case SIGFPE: return "SIGFPE"; /* Floating point exception */ + case SIGKILL: return "SIGKILL"; /* Kill signal */ + case SIGSEGV: return "SIGSEGV"; /* Invalid memory reference */ + case SIGPIPE: return "SIGPIPE"; /* Broken pipe */ + case SIGALRM: return "SIGALRM"; /* Timer signal from alarm(2) */ + case SIGTERM: return "SIGTERM"; /* Termination signal */ + case SIGUSR1: return "SIGUSR1"; /* User-defined signal 1 */ + case SIGUSR2: return "SIGUSR2"; /* User-defined signal 2 */ + case SIGCHLD: return "SIGCHLD"; /* Child stopped or terminated */ + case SIGCONT: return "SIGCONT"; /* Continue if stopped */ + case SIGSTOP: return "SIGSTOP"; /* Stop process */ + case SIGTSTP: return "SIGTSTP"; /* Stop typed at tty */ + case SIGTTIN: return "SIGTTIN"; /* tty input for background process */ + case SIGTTOU: return "SIGTTOU"; /* tty output for background process */ #ifdef SIGBUS - case SIGBUS: return "SIGBUS"; /* Bus error */ + case SIGBUS: return "SIGBUS"; /* Bus error */ #endif #ifdef SIGPOLL - case SIGPOLL: return "SIGPOLL"; /* Pollable event */ + case SIGPOLL: return "SIGPOLL"; /* Pollable event */ #endif #ifdef SIGPROF - case SIGPROF: return "SIGPROF"; /* Profiling timer expired */ + case SIGPROF: return "SIGPROF"; /* Profiling timer expired */ #endif #ifdef SIGSYS - case SIGSYS: return "SIGSYS"; /* Bad argument to routine */ + case SIGSYS: return "SIGSYS"; /* Bad argument to routine */ #endif #ifdef SIGTRAP - case SIGTRAP: return "SIGTRAP"; /* Trace/breakpoint trap */ + case SIGTRAP: return "SIGTRAP"; /* Trace/breakpoint trap */ #endif #ifdef SIGURG - case SIGURG: return "SIGURG"; /* Urgent condition on socket */ + case SIGURG: return "SIGURG"; /* Urgent condition on socket */ #endif #ifdef SIGVTALRM - case SIGVTALRM: return "SIGVTALRM"; /* Virtual alarm clock */ + case SIGVTALRM: return "SIGVTALRM"; /* Virtual alarm clock */ #endif #ifdef SIGXCPU - case SIGXCPU: return "SIGXCPU"; /* CPU time limit exceeded */ + case SIGXCPU: return "SIGXCPU"; /* CPU time limit exceeded */ #endif #ifdef SIGXFSZ - case SIGXFSZ: return "SIGXFSZ"; /* File size limit exceeded */ + case SIGXFSZ: return "SIGXFSZ"; /* File size limit exceeded */ #endif - default: return "UNKNOWN"; + default: return "UNKNOWN"; } } @@ -242,7 +237,7 @@ static const char *signame(int signum) static void sigexit_handler(int signum) { /* just save the signal to indicate that we're stopping */ - nslcd_exitsignal=signum; + nslcd_exitsignal = signum; } /* do some cleaning up before terminating */ @@ -252,36 +247,39 @@ static void exithandler(void) if (nslcd_serversocket >= 0) { if (close(nslcd_serversocket)) - log_log(LOG_WARNING,"problem closing server socket (ignored): %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing server socket (ignored): %s", + strerror(errno)); } /* remove existing named socket */ - if (unlink(NSLCD_SOCKET)<0) + if (unlink(NSLCD_SOCKET) < 0) { - log_log(LOG_DEBUG,"unlink() of "NSLCD_SOCKET" failed (ignored): %s", + log_log(LOG_DEBUG, "unlink() of " NSLCD_SOCKET " failed (ignored): %s", strerror(errno)); } /* remove pidfile */ - if (unlink(NSLCD_PIDFILE)<0) + if (unlink(NSLCD_PIDFILE) < 0) { - log_log(LOG_DEBUG,"unlink() of "NSLCD_PIDFILE" failed (ignored): %s", + log_log(LOG_DEBUG, "unlink() of " NSLCD_PIDFILE " failed (ignored): %s", strerror(errno)); } /* log exit */ - log_log(LOG_INFO,"version %s bailing out",VERSION); + log_log(LOG_INFO, "version %s bailing out", VERSION); } /* create the directory for the specified file to reside in */ static void mkdirname(const char *filename) { - char *tmpname,*path; - tmpname=strdup(filename); - if (tmpname==NULL) return; - path=dirname(tmpname); - if (mkdir(path,(mode_t)0755)==0) + char *tmpname, *path; + tmpname = strdup(filename); + if (tmpname == NULL) + return; + path = dirname(tmpname); + if (mkdir(path, (mode_t)0755) == 0) { /* if directory was just created, set correct ownership */ - if (lchown(path,nslcd_cfg->ldc_uid,nslcd_cfg->ldc_gid)<0) - log_log(LOG_WARNING,"problem setting permissions for %s: %s",path,strerror(errno)); + if (lchown(path, nslcd_cfg->ldc_uid, nslcd_cfg->ldc_gid) < 0) + log_log(LOG_WARNING, "problem setting permissions for %s: %s", + path, strerror(errno)); } free(tmpname); } @@ -294,53 +292,54 @@ static int create_socket(const char *filename) int i; struct sockaddr_un addr; /* create a socket */ - if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 ) + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { - log_log(LOG_ERR,"cannot create socket: %s",strerror(errno)); + log_log(LOG_ERR, "cannot create socket: %s", strerror(errno)); exit(EXIT_FAILURE); } /* remove existing named socket */ - if (unlink(filename)<0) + if (unlink(filename) < 0) { - log_log(LOG_DEBUG,"unlink() of %s failed (ignored): %s", - filename,strerror(errno)); + log_log(LOG_DEBUG, "unlink() of %s failed (ignored): %s", + filename, strerror(errno)); } /* do not block on accept() */ - if ((i=fcntl(sock,F_GETFL,0))<0) + if ((i = fcntl(sock, F_GETFL, 0)) < 0) { - log_log(LOG_ERR,"fctnl(F_GETFL) failed: %s",strerror(errno)); + log_log(LOG_ERR, "fctnl(F_GETFL) failed: %s", strerror(errno)); if (close(sock)) - log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing socket: %s", strerror(errno)); exit(EXIT_FAILURE); } - if (fcntl(sock,F_SETFL,i|O_NONBLOCK)<0) + if (fcntl(sock, F_SETFL, i | O_NONBLOCK) < 0) { - log_log(LOG_ERR,"fctnl(F_SETFL,O_NONBLOCK) failed: %s",strerror(errno)); + log_log(LOG_ERR, "fctnl(F_SETFL,O_NONBLOCK) failed: %s", strerror(errno)); if (close(sock)) - log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing socket: %s", strerror(errno)); exit(EXIT_FAILURE); } /* create the directory if needed */ mkdirname(filename); /* create socket address structure */ - memset(&addr,0,sizeof(struct sockaddr_un)); - addr.sun_family=AF_UNIX; - strncpy(addr.sun_path,filename,sizeof(addr.sun_path)); - addr.sun_path[sizeof(addr.sun_path)-1]='\0'; + memset(&addr, 0, sizeof(struct sockaddr_un)); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, filename, sizeof(addr.sun_path)); + addr.sun_path[sizeof(addr.sun_path) - 1] = '\0'; /* bind to the named socket */ - if (bind(sock,(struct sockaddr *)&addr,SUN_LEN(&addr))) + if (bind(sock, (struct sockaddr *)&addr, SUN_LEN(&addr))) { - log_log(LOG_ERR,"bind() to %s failed: %s",filename,strerror(errno)); + log_log(LOG_ERR, "bind() to %s failed: %s", filename, strerror(errno)); if (close(sock)) - log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing socket: %s", strerror(errno)); exit(EXIT_FAILURE); } /* close the file descriptor on exit */ - if (fcntl(sock,F_SETFD,FD_CLOEXEC)<0) + if (fcntl(sock, F_SETFD, FD_CLOEXEC) < 0) { - log_log(LOG_ERR,"fctnl(F_SETFL,FD_CLOEXEC) on %s failed: %s",filename,strerror(errno)); + log_log(LOG_ERR, "fctnl(F_SETFL,FD_CLOEXEC) on %s failed: %s", + filename, strerror(errno)); if (close(sock)) - log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing socket: %s", strerror(errno)); exit(EXIT_FAILURE); } /* set permissions of socket so anybody can do requests */ @@ -348,19 +347,20 @@ static int create_socket(const char *filename) fchmod does not work on sockets http://www.opengroup.org/onlinepubs/009695399/functions/fchmod.html http://lkml.org/lkml/2005/5/16/11 */ - if (chmod(filename,(mode_t)0666)) + if (chmod(filename, (mode_t)0666)) { - log_log(LOG_ERR,"chmod(0666) of %s failed: %s",filename,strerror(errno)); + log_log(LOG_ERR, "chmod(0666) of %s failed: %s", + filename, strerror(errno)); if (close(sock)) - log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing socket: %s", strerror(errno)); exit(EXIT_FAILURE); } /* start listening for connections */ - if (listen(sock,SOMAXCONN)<0) + if (listen(sock, SOMAXCONN) < 0) { - log_log(LOG_ERR,"listen() failed: %s",strerror(errno)); + log_log(LOG_ERR, "listen() failed: %s", strerror(errno)); if (close(sock)) - log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing socket: %s", strerror(errno)); exit(EXIT_FAILURE); } /* we're done */ @@ -369,48 +369,49 @@ static int create_socket(const char *filename) /* read the version information and action from the stream this function returns the read action in location pointer to by action */ -static int read_header(TFILE *fp,int32_t *action) +static int read_header(TFILE *fp, int32_t *action) { int32_t tmpint32; int32_t protocol; /* read the protocol version */ - READ_INT32(fp,protocol); - if (protocol!=(int32_t)NSLCD_VERSION) + READ_INT32(fp, protocol); + if (protocol != (int32_t)NSLCD_VERSION) { - log_log(LOG_DEBUG,"invalid nslcd version id: 0x%08x",(unsigned int)protocol); + log_log(LOG_DEBUG, "invalid nslcd version id: 0x%08x", (unsigned int)protocol); return -1; } /* read the request type */ - READ_INT32(fp,*action); + READ_INT32(fp, *action); return 0; } /* read a request message, returns <0 in case of errors, this function closes the socket */ -static void handleconnection(int sock,MYLDAP_SESSION *session) +static void handleconnection(int sock, MYLDAP_SESSION *session) { TFILE *fp; int32_t action; - uid_t uid=(uid_t)-1; - gid_t gid=(gid_t)-1; - pid_t pid=(pid_t)-1; + uid_t uid = (uid_t)-1; + gid_t gid = (gid_t)-1; + pid_t pid = (pid_t)-1; /* log connection */ - if (getpeercred(sock,&uid,&gid,&pid)) - log_log(LOG_DEBUG,"connection from unknown client: %s",strerror(errno)); + if (getpeercred(sock, &uid, &gid, &pid)) + log_log(LOG_DEBUG, "connection from unknown client: %s", strerror(errno)); else - log_log(LOG_DEBUG,"connection from pid=%d uid=%d gid=%d", - (int)pid,(int)uid,(int)gid); + log_log(LOG_DEBUG, "connection from pid=%d uid=%d gid=%d", + (int)pid, (int)uid, (int)gid); /* create a stream object */ - if ((fp=tio_fdopen(sock,READ_TIMEOUT,WRITE_TIMEOUT, - READBUFFER_MINSIZE,READBUFFER_MAXSIZE, - WRITEBUFFER_MINSIZE,WRITEBUFFER_MAXSIZE))==NULL) + if ((fp = tio_fdopen(sock, READ_TIMEOUT, WRITE_TIMEOUT, + READBUFFER_MINSIZE, READBUFFER_MAXSIZE, + WRITEBUFFER_MINSIZE, WRITEBUFFER_MAXSIZE)) == NULL) { - log_log(LOG_WARNING,"cannot create stream for writing: %s",strerror(errno)); + log_log(LOG_WARNING, "cannot create stream for writing: %s", + strerror(errno)); (void)close(sock); return; } /* read request */ - if (read_header(fp,&action)) + if (read_header(fp, &action)) { (void)tio_close(fp); return; @@ -418,46 +419,46 @@ static void handleconnection(int sock,MYLDAP_SESSION *session) /* handle request */ switch (action) { - case NSLCD_ACTION_CONFIG_GET: (void)nslcd_config_get(fp,session); break; - case NSLCD_ACTION_ALIAS_BYNAME: (void)nslcd_alias_byname(fp,session); break; - case NSLCD_ACTION_ALIAS_ALL: (void)nslcd_alias_all(fp,session); break; - case NSLCD_ACTION_ETHER_BYNAME: (void)nslcd_ether_byname(fp,session); break; - case NSLCD_ACTION_ETHER_BYETHER: (void)nslcd_ether_byether(fp,session); break; - case NSLCD_ACTION_ETHER_ALL: (void)nslcd_ether_all(fp,session); break; - case NSLCD_ACTION_GROUP_BYNAME: (void)nslcd_group_byname(fp,session); break; - case NSLCD_ACTION_GROUP_BYGID: (void)nslcd_group_bygid(fp,session); break; - case NSLCD_ACTION_GROUP_BYMEMBER: (void)nslcd_group_bymember(fp,session); break; - case NSLCD_ACTION_GROUP_ALL: (void)nslcd_group_all(fp,session); break; - case NSLCD_ACTION_HOST_BYNAME: (void)nslcd_host_byname(fp,session); break; - case NSLCD_ACTION_HOST_BYADDR: (void)nslcd_host_byaddr(fp,session); break; - case NSLCD_ACTION_HOST_ALL: (void)nslcd_host_all(fp,session); break; - case NSLCD_ACTION_NETGROUP_BYNAME: (void)nslcd_netgroup_byname(fp,session); break; - case NSLCD_ACTION_NETWORK_BYNAME: (void)nslcd_network_byname(fp,session); break; - case NSLCD_ACTION_NETWORK_BYADDR: (void)nslcd_network_byaddr(fp,session); break; - case NSLCD_ACTION_NETWORK_ALL: (void)nslcd_network_all(fp,session); break; - case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp,session,uid); break; - case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp,session,uid); break; - case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp,session,uid); break; - case NSLCD_ACTION_PROTOCOL_BYNAME: (void)nslcd_protocol_byname(fp,session); break; - case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp,session); break; - case NSLCD_ACTION_PROTOCOL_ALL: (void)nslcd_protocol_all(fp,session); break; - case NSLCD_ACTION_RPC_BYNAME: (void)nslcd_rpc_byname(fp,session); break; - case NSLCD_ACTION_RPC_BYNUMBER: (void)nslcd_rpc_bynumber(fp,session); break; - case NSLCD_ACTION_RPC_ALL: (void)nslcd_rpc_all(fp,session); break; - case NSLCD_ACTION_SERVICE_BYNAME: (void)nslcd_service_byname(fp,session); break; - case NSLCD_ACTION_SERVICE_BYNUMBER: (void)nslcd_service_bynumber(fp,session); break; - case NSLCD_ACTION_SERVICE_ALL: (void)nslcd_service_all(fp,session); break; - case NSLCD_ACTION_SHADOW_BYNAME: if (uid==0) (void)nslcd_shadow_byname(fp,session); - else log_log(LOG_DEBUG,"denied shadow request by non-root user"); break; - case NSLCD_ACTION_SHADOW_ALL: if (uid==0) (void)nslcd_shadow_all(fp,session); - else log_log(LOG_DEBUG,"denied shadow request by non-root user"); break; - case NSLCD_ACTION_PAM_AUTHC: (void)nslcd_pam_authc(fp,session,uid); break; - case NSLCD_ACTION_PAM_AUTHZ: (void)nslcd_pam_authz(fp,session); break; - case NSLCD_ACTION_PAM_SESS_O: (void)nslcd_pam_sess_o(fp,session); break; - case NSLCD_ACTION_PAM_SESS_C: (void)nslcd_pam_sess_c(fp,session); break; - case NSLCD_ACTION_PAM_PWMOD: (void)nslcd_pam_pwmod(fp,session,uid); break; + case NSLCD_ACTION_CONFIG_GET: (void)nslcd_config_get(fp, session); break; + case NSLCD_ACTION_ALIAS_BYNAME: (void)nslcd_alias_byname(fp, session); break; + case NSLCD_ACTION_ALIAS_ALL: (void)nslcd_alias_all(fp, session); break; + case NSLCD_ACTION_ETHER_BYNAME: (void)nslcd_ether_byname(fp, session); break; + case NSLCD_ACTION_ETHER_BYETHER: (void)nslcd_ether_byether(fp, session); break; + case NSLCD_ACTION_ETHER_ALL: (void)nslcd_ether_all(fp, session); break; + case NSLCD_ACTION_GROUP_BYNAME: (void)nslcd_group_byname(fp, session); break; + case NSLCD_ACTION_GROUP_BYGID: (void)nslcd_group_bygid(fp, session); break; + case NSLCD_ACTION_GROUP_BYMEMBER: (void)nslcd_group_bymember(fp, session); break; + case NSLCD_ACTION_GROUP_ALL: (void)nslcd_group_all(fp, session); break; + case NSLCD_ACTION_HOST_BYNAME: (void)nslcd_host_byname(fp, session); break; + case NSLCD_ACTION_HOST_BYADDR: (void)nslcd_host_byaddr(fp, session); break; + case NSLCD_ACTION_HOST_ALL: (void)nslcd_host_all(fp, session); break; + case NSLCD_ACTION_NETGROUP_BYNAME: (void)nslcd_netgroup_byname(fp, session); break; + case NSLCD_ACTION_NETWORK_BYNAME: (void)nslcd_network_byname(fp, session); break; + case NSLCD_ACTION_NETWORK_BYADDR: (void)nslcd_network_byaddr(fp, session); break; + case NSLCD_ACTION_NETWORK_ALL: (void)nslcd_network_all(fp, session); break; + case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp, session, uid); break; + case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp, session, uid); break; + case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp, session, uid); break; + case NSLCD_ACTION_PROTOCOL_BYNAME: (void)nslcd_protocol_byname(fp, session); break; + case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp, session); break; + case NSLCD_ACTION_PROTOCOL_ALL: (void)nslcd_protocol_all(fp, session); break; + case NSLCD_ACTION_RPC_BYNAME: (void)nslcd_rpc_byname(fp, session); break; + case NSLCD_ACTION_RPC_BYNUMBER: (void)nslcd_rpc_bynumber(fp, session); break; + case NSLCD_ACTION_RPC_ALL: (void)nslcd_rpc_all(fp, session); break; + case NSLCD_ACTION_SERVICE_BYNAME: (void)nslcd_service_byname(fp, session); break; + case NSLCD_ACTION_SERVICE_BYNUMBER: (void)nslcd_service_bynumber(fp, session); break; + case NSLCD_ACTION_SERVICE_ALL: (void)nslcd_service_all(fp, session); break; + case NSLCD_ACTION_SHADOW_BYNAME: if (uid == 0) (void)nslcd_shadow_byname(fp, session); + else log_log(LOG_DEBUG, "denied shadow request by non-root user"); break; + case NSLCD_ACTION_SHADOW_ALL: if (uid == 0) (void)nslcd_shadow_all(fp, session); + else log_log(LOG_DEBUG, "denied shadow request by non-root user"); break; + case NSLCD_ACTION_PAM_AUTHC: (void)nslcd_pam_authc(fp, session, uid); break; + case NSLCD_ACTION_PAM_AUTHZ: (void)nslcd_pam_authz(fp, session); break; + case NSLCD_ACTION_PAM_SESS_O: (void)nslcd_pam_sess_o(fp, session); break; + case NSLCD_ACTION_PAM_SESS_C: (void)nslcd_pam_sess_c(fp, session); break; + case NSLCD_ACTION_PAM_PWMOD: (void)nslcd_pam_pwmod(fp, session, uid); break; default: - log_log(LOG_WARNING,"invalid request id: 0x%08x",(unsigned int)action); + log_log(LOG_WARNING, "invalid request id: 0x%08x", (unsigned int)action); break; } /* we're done with the request */ @@ -467,27 +468,27 @@ static void handleconnection(int sock,MYLDAP_SESSION *session) } /* test to see if we can lock the specified file */ -static int is_locked(const char* filename) +static int is_locked(const char *filename) { int fd; - if (filename!=NULL) + if (filename != NULL) { - errno=0; - if ((fd=open(filename,O_RDWR,0644))<0) + errno = 0; + if ((fd = open(filename, O_RDWR, 0644)) < 0) { - if (errno==ENOENT) + if (errno == ENOENT) return 0; /* if file doesn't exist it cannot be locked */ - log_log(LOG_ERR,"cannot open lock file (%s): %s",filename,strerror(errno)); + log_log(LOG_ERR, "cannot open lock file (%s): %s", filename, strerror(errno)); exit(EXIT_FAILURE); } - if (lockf(fd,F_TEST,0)<0) + if (lockf(fd, F_TEST, 0) < 0) { if (close(fd)) - log_log(LOG_WARNING,"problem closing fd: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing fd: %s", strerror(errno)); return -1; } if (close(fd)) - log_log(LOG_WARNING,"problem closing fd: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing fd: %s", strerror(errno)); } return 0; } @@ -497,28 +498,32 @@ static void create_pidfile(const char *filename) { int fd; char buffer[20]; - if (filename!=NULL) + if (filename != NULL) { mkdirname(filename); - if ((fd=open(filename,O_RDWR|O_CREAT,0644))<0) + if ((fd = open(filename, O_RDWR | O_CREAT, 0644)) < 0) { - log_log(LOG_ERR,"cannot create pid file (%s): %s",filename,strerror(errno)); + log_log(LOG_ERR, "cannot create pid file (%s): %s", + filename, strerror(errno)); exit(EXIT_FAILURE); } - if (lockf(fd,F_TLOCK,0)<0) + if (lockf(fd, F_TLOCK, 0) < 0) { - log_log(LOG_ERR,"cannot lock pid file (%s): %s",filename,strerror(errno)); + log_log(LOG_ERR, "cannot lock pid file (%s): %s", + filename, strerror(errno)); exit(EXIT_FAILURE); } - if (ftruncate(fd,0)<0) + if (ftruncate(fd, 0) < 0) { - log_log(LOG_ERR,"cannot truncate pid file (%s): %s",filename,strerror(errno)); + log_log(LOG_ERR, "cannot truncate pid file (%s): %s", + filename, strerror(errno)); exit(EXIT_FAILURE); } - mysnprintf(buffer,sizeof(buffer),"%d\n",(int)getpid()); - if (write(fd,buffer,strlen(buffer))!=(int)strlen(buffer)) + mysnprintf(buffer, sizeof(buffer), "%d\n", (int)getpid()); + if (write(fd, buffer, strlen(buffer)) != (int)strlen(buffer)) { - log_log(LOG_ERR,"error writing pid file (%s): %s",filename,strerror(errno)); + log_log(LOG_ERR, "error writing pid file (%s): %s", + filename, strerror(errno)); exit(EXIT_FAILURE); } /* we keep the pidfile open so the lock remains valid */ @@ -526,23 +531,24 @@ static void create_pidfile(const char *filename) } /* try to install signal handler and check result */ -static void install_sighandler(int signum,void (*handler) (int)) +static void install_sighandler(int signum, void (*handler) (int)) { struct sigaction act; - memset(&act,0,sizeof(struct sigaction)); - act.sa_handler=handler; + memset(&act, 0, sizeof(struct sigaction)); + act.sa_handler = handler; sigemptyset(&act.sa_mask); - act.sa_flags=SA_RESTART|SA_NOCLDSTOP; - if (sigaction(signum,&act,NULL)!=0) + act.sa_flags = SA_RESTART | SA_NOCLDSTOP; + if (sigaction(signum, &act, NULL) != 0) { - log_log(LOG_ERR,"error installing signal handler for '%s': %s",signame(signum),strerror(errno)); + log_log(LOG_ERR, "error installing signal handler for '%s': %s", + signame(signum), strerror(errno)); exit(EXIT_FAILURE); } } static void worker_cleanup(void *arg) { - MYLDAP_SESSION *session=(MYLDAP_SESSION *)arg; + MYLDAP_SESSION *session = (MYLDAP_SESSION *)arg; myldap_session_close(session); } @@ -556,9 +562,9 @@ static void *worker(void UNUSED(*arg)) fd_set fds; struct timeval tv; /* create a new LDAP session */ - session=myldap_create_session(); + session = myldap_create_session(); /* clean up the session if we're done */ - pthread_cleanup_push(worker_cleanup,session); + pthread_cleanup_push(worker_cleanup, session); /* start waiting for incoming connections */ while (1) { @@ -566,54 +572,55 @@ static void *worker(void UNUSED(*arg)) myldap_session_check(session); /* set up the set of fds to wait on */ FD_ZERO(&fds); - FD_SET(nslcd_serversocket,&fds); + FD_SET(nslcd_serversocket, &fds); /* set up our timeout value */ - tv.tv_sec=nslcd_cfg->ldc_idle_timelimit; - tv.tv_usec=0; + tv.tv_sec = nslcd_cfg->ldc_idle_timelimit; + tv.tv_usec = 0; /* wait for a new connection */ - j=select(nslcd_serversocket+1,&fds,NULL,NULL,nslcd_cfg->ldc_idle_timelimit>0?&tv:NULL); + j = select(nslcd_serversocket + 1, &fds, NULL, NULL, + nslcd_cfg->ldc_idle_timelimit > 0 ? &tv : NULL); /* check result of select() */ - if (j<0) + if (j < 0) { - if (errno==EINTR) - log_log(LOG_DEBUG,"select() failed (ignored): %s",strerror(errno)); + if (errno == EINTR) + log_log(LOG_DEBUG, "select() failed (ignored): %s", strerror(errno)); else - log_log(LOG_ERR,"select() failed: %s",strerror(errno)); + log_log(LOG_ERR, "select() failed: %s", strerror(errno)); continue; } /* see if our file descriptor is actually ready */ - if (!FD_ISSET(nslcd_serversocket,&fds)) + if (!FD_ISSET(nslcd_serversocket, &fds)) continue; /* wait for a new connection */ - alen=(socklen_t)sizeof(struct sockaddr_storage); - csock=accept(nslcd_serversocket,(struct sockaddr *)&addr,&alen); - if (csock<0) + alen = (socklen_t)sizeof(struct sockaddr_storage); + csock = accept(nslcd_serversocket, (struct sockaddr *)&addr, &alen); + if (csock < 0) { - if ((errno==EINTR)||(errno==EAGAIN)||(errno==EWOULDBLOCK)) - log_log(LOG_DEBUG,"accept() failed (ignored): %s",strerror(errno)); + if ((errno == EINTR) || (errno == EAGAIN) || (errno == EWOULDBLOCK)) + log_log(LOG_DEBUG, "accept() failed (ignored): %s", strerror(errno)); else - log_log(LOG_ERR,"accept() failed: %s",strerror(errno)); + log_log(LOG_ERR, "accept() failed: %s", strerror(errno)); continue; } /* make sure O_NONBLOCK is not inherited */ - if ((j=fcntl(csock,F_GETFL,0))<0) + if ((j = fcntl(csock, F_GETFL, 0)) < 0) { - log_log(LOG_ERR,"fctnl(F_GETFL) failed: %s",strerror(errno)); + log_log(LOG_ERR, "fctnl(F_GETFL) failed: %s", strerror(errno)); if (close(csock)) - log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing socket: %s", strerror(errno)); continue; } - if (fcntl(csock,F_SETFL,j&~O_NONBLOCK)<0) + if (fcntl(csock, F_SETFL, j & ~O_NONBLOCK) < 0) { - log_log(LOG_ERR,"fctnl(F_SETFL,~O_NONBLOCK) failed: %s",strerror(errno)); + log_log(LOG_ERR, "fctnl(F_SETFL,~O_NONBLOCK) failed: %s", strerror(errno)); if (close(csock)) - log_log(LOG_WARNING,"problem closing socket: %s",strerror(errno)); + log_log(LOG_WARNING, "problem closing socket: %s", strerror(errno)); continue; } /* indicate new connection to logging module (generates unique id) */ log_newsession(); /* handle the connection */ - handleconnection(csock,session); + handleconnection(csock, session); /* indicate end of session in log messages */ log_clearsession(); } @@ -630,33 +637,35 @@ static void disable_nss_ldap(void) int *enable_flag; /* try to load the NSS module */ #ifdef RTLD_NODELETE - handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY|RTLD_NODELETE); + handle = dlopen(NSS_LDAP_SONAME, RTLD_LAZY | RTLD_NODELETE); #else /* not RTLD_NODELETE */ - handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY); + handle = dlopen(NSS_LDAP_SONAME, RTLD_LAZY); #endif /* RTLD_NODELETE */ - if (handle==NULL) + if (handle == NULL) { - log_log(LOG_WARNING,"Warning: LDAP NSS module not loaded: %s",dlerror()); + log_log(LOG_WARNING, "Warning: LDAP NSS module not loaded: %s", dlerror()); return; } /* clear any existing errors */ dlerror(); /* try to look up the flag */ - enable_flag=(int *)dlsym(handle,"_nss_ldap_enablelookups"); - error=dlerror(); - if (error!=NULL) + enable_flag = (int *)dlsym(handle, "_nss_ldap_enablelookups"); + error = dlerror(); + if (error != NULL) { - log_log(LOG_WARNING,"Warning: %s (probably older NSS module loaded)",error); + log_log(LOG_WARNING, "Warning: %s (probably older NSS module loaded)", + error); /* fall back to changing the way host lookup is done */ #ifdef HAVE___NSS_CONFIGURE_LOOKUP - if (__nss_configure_lookup("hosts","files dns")) - log_log(LOG_ERR,"unable to override hosts lookup method: %s",strerror(errno)); + if (__nss_configure_lookup("hosts", "files dns")) + log_log(LOG_ERR, "unable to override hosts lookup method: %s", + strerror(errno)); #endif /* HAVE___NSS_CONFIGURE_LOOKUP */ dlclose(handle); return; } /* disable nss_ldap */ - *enable_flag=0; + *enable_flag = 0; #ifdef RTLD_NODELETE /* only close the handle if RTLD_NODELETE was used */ dlclose(handle); @@ -664,194 +673,198 @@ static void disable_nss_ldap(void) } /* the main program... */ -int main(int argc,char *argv[]) +int main(int argc, char *argv[]) { int i; - sigset_t signalmask,oldmask; + sigset_t signalmask, oldmask; #ifdef HAVE_PTHREAD_TIMEDJOIN_NP struct timespec ts; #endif /* HAVE_PTHREAD_TIMEDJOIN_NP */ /* parse the command line */ - parse_cmdline(argc,argv); + parse_cmdline(argc, argv); /* clean the environment */ #ifdef HAVE_CLEARENV - if ( clearenv() || - putenv("HOME=/") || - putenv("TMPDIR=/tmp") || - putenv("LDAPNOINIT=1") ) + if (clearenv() || putenv("HOME=/") || putenv("TMPDIR=/tmp") || + putenv("LDAPNOINIT=1")) { - log_log(LOG_ERR,"clearing environment failed"); + log_log(LOG_ERR, "clearing environment failed"); exit(EXIT_FAILURE); } #else /* not HAVE_CLEARENV */ /* this is a bit ugly */ - environ=sane_environment; + environ = sane_environment; #endif /* not HAVE_CLEARENV */ /* disable the nss_ldap module for this process */ disable_nss_ldap(); /* set LDAP log level */ - if (myldap_set_debuglevel(nslcd_debugging)!=LDAP_SUCCESS) + if (myldap_set_debuglevel(nslcd_debugging) != LDAP_SUCCESS) exit(EXIT_FAILURE); /* read configuration file */ cfg_init(NSLCD_CONF_PATH); /* set default mode for pidfile and socket */ (void)umask((mode_t)0022); /* see if someone already locked the pidfile - if --check option was given: - exit TRUE if daemon runs (pidfile locked), FALSE otherwise */ + if --check option was given exit TRUE if daemon runs + (pidfile locked), FALSE otherwise */ if (nslcd_checkonly) { if (is_locked(NSLCD_PIDFILE)) { - log_log(LOG_DEBUG,"pidfile (%s) is locked",NSLCD_PIDFILE); + log_log(LOG_DEBUG, "pidfile (%s) is locked", NSLCD_PIDFILE); exit(EXIT_SUCCESS); } else { - log_log(LOG_DEBUG,"pidfile (%s) is not locked",NSLCD_PIDFILE); + log_log(LOG_DEBUG, "pidfile (%s) is not locked", NSLCD_PIDFILE); exit(EXIT_FAILURE); } } /* normal check for pidfile locked */ if (is_locked(NSLCD_PIDFILE)) { - log_log(LOG_ERR,"daemon may already be active, cannot acquire lock (%s): %s",NSLCD_PIDFILE,strerror(errno)); + log_log(LOG_ERR, "daemon may already be active, cannot acquire lock (%s): %s", + NSLCD_PIDFILE, strerror(errno)); exit(EXIT_FAILURE); } /* close all file descriptors (except stdin/out/err) */ - i=sysconf(_SC_OPEN_MAX)-1; + i = sysconf(_SC_OPEN_MAX) - 1; /* if the system does not have OPEN_MAX just close the first 32 and hope we closed enough */ - if (i<0) - i=32; - for (;i>3;i--) + if (i < 0) + i = 32; + for (; i > 3; i--) close(i); /* daemonize */ - if ((!nslcd_debugging)&&(daemon(0,0)<0)) + if ((!nslcd_debugging) && (daemon(0, 0) < 0)) { - log_log(LOG_ERR,"unable to daemonize: %s",strerror(errno)); + log_log(LOG_ERR, "unable to daemonize: %s", strerror(errno)); exit(EXIT_FAILURE); } /* intilialize logging */ if (!nslcd_debugging) log_startlogging(); - log_log(LOG_INFO,"version %s starting",VERSION); + log_log(LOG_INFO, "version %s starting", VERSION); /* write pidfile */ create_pidfile(NSLCD_PIDFILE); /* install handler to close stuff off on exit and log notice */ if (atexit(exithandler)) { - log_log(LOG_ERR,"atexit() failed: %s",strerror(errno)); + log_log(LOG_ERR, "atexit() failed: %s", strerror(errno)); exit(EXIT_FAILURE); } /* create socket */ - nslcd_serversocket=create_socket(NSLCD_SOCKET); - if ((nslcd_cfg->ldc_gid!=NOGID)&&(nslcd_cfg->ldc_uidname!=NULL)) + nslcd_serversocket = create_socket(NSLCD_SOCKET); + if ((nslcd_cfg->ldc_gid != NOGID) && (nslcd_cfg->ldc_uidname != NULL)) { #ifdef HAVE_INITGROUPS /* load supplementary groups */ - if (initgroups(nslcd_cfg->ldc_uidname,nslcd_cfg->ldc_gid)<0) - log_log(LOG_WARNING,"cannot initgroups(\"%s\",%d) (ignored): %s", - nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid,strerror(errno)); + if (initgroups(nslcd_cfg->ldc_uidname, nslcd_cfg->ldc_gid) < 0) + log_log(LOG_WARNING, "cannot initgroups(\"%s\",%d) (ignored): %s", + nslcd_cfg->ldc_uidname, (int)nslcd_cfg->ldc_gid, strerror(errno)); else - log_log(LOG_DEBUG,"initgroups(\"%s\",%d) done", - nslcd_cfg->ldc_uidname,(int)nslcd_cfg->ldc_gid); + log_log(LOG_DEBUG, "initgroups(\"%s\",%d) done", + nslcd_cfg->ldc_uidname, (int)nslcd_cfg->ldc_gid); #else /* not HAVE_INITGROUPS */ #ifdef HAVE_SETGROUPS /* just drop all supplemental groups */ - if (setgroups(0,NULL)<0) - log_log(LOG_WARNING,"cannot setgroups(0,NULL) (ignored): %s",strerror(errno)); + if (setgroups(0, NULL) < 0) + log_log(LOG_WARNING, "cannot setgroups(0,NULL) (ignored): %s", + strerror(errno)); else - log_log(LOG_DEBUG,"setgroups(0,NULL) done"); + log_log(LOG_DEBUG, "setgroups(0,NULL) done"); #else /* not HAVE_SETGROUPS */ - log_log(LOG_DEBUG,"neither initgroups() or setgroups() available"); + log_log(LOG_DEBUG, "neither initgroups() or setgroups() available"); #endif /* not HAVE_SETGROUPS */ #endif /* not HAVE_INITGROUPS */ } /* change to nslcd gid */ - if (nslcd_cfg->ldc_gid!=NOGID) + if (nslcd_cfg->ldc_gid != NOGID) { - if (setgid(nslcd_cfg->ldc_gid)!=0) + if (setgid(nslcd_cfg->ldc_gid) != 0) { - log_log(LOG_ERR,"cannot setgid(%d): %s",(int)nslcd_cfg->ldc_gid,strerror(errno)); + log_log(LOG_ERR, "cannot setgid(%d): %s", + (int)nslcd_cfg->ldc_gid, strerror(errno)); exit(EXIT_FAILURE); } - log_log(LOG_DEBUG,"setgid(%d) done",(int)nslcd_cfg->ldc_gid); + log_log(LOG_DEBUG, "setgid(%d) done", (int)nslcd_cfg->ldc_gid); } /* change to nslcd uid */ - if (nslcd_cfg->ldc_uid!=NOUID) + if (nslcd_cfg->ldc_uid != NOUID) { - if (setuid(nslcd_cfg->ldc_uid)!=0) + if (setuid(nslcd_cfg->ldc_uid) != 0) { - log_log(LOG_ERR,"cannot setuid(%d): %s",(int)nslcd_cfg->ldc_uid,strerror(errno)); + log_log(LOG_ERR, "cannot setuid(%d): %s", + (int)nslcd_cfg->ldc_uid, strerror(errno)); exit(EXIT_FAILURE); } - log_log(LOG_DEBUG,"setuid(%d) done",(int)nslcd_cfg->ldc_uid); + log_log(LOG_DEBUG, "setuid(%d) done", (int)nslcd_cfg->ldc_uid); } /* block all these signals so our worker threads won't handle them */ sigemptyset(&signalmask); - sigaddset(&signalmask,SIGHUP); - sigaddset(&signalmask,SIGINT); - sigaddset(&signalmask,SIGQUIT); - sigaddset(&signalmask,SIGABRT); - sigaddset(&signalmask,SIGPIPE); - sigaddset(&signalmask,SIGTERM); - sigaddset(&signalmask,SIGUSR1); - sigaddset(&signalmask,SIGUSR2); - pthread_sigmask(SIG_BLOCK,&signalmask,&oldmask); + sigaddset(&signalmask, SIGHUP); + sigaddset(&signalmask, SIGINT); + sigaddset(&signalmask, SIGQUIT); + sigaddset(&signalmask, SIGABRT); + sigaddset(&signalmask, SIGPIPE); + sigaddset(&signalmask, SIGTERM); + sigaddset(&signalmask, SIGUSR1); + sigaddset(&signalmask, SIGUSR2); + pthread_sigmask(SIG_BLOCK, &signalmask, &oldmask); /* start worker threads */ - log_log(LOG_INFO,"accepting connections"); - nslcd_threads=(pthread_t *)malloc(nslcd_cfg->ldc_threads*sizeof(pthread_t)); - if (nslcd_threads==NULL) + log_log(LOG_INFO, "accepting connections"); + nslcd_threads = (pthread_t *)malloc(nslcd_cfg->ldc_threads * sizeof(pthread_t)); + if (nslcd_threads == NULL) { - log_log(LOG_CRIT,"main(): malloc() failed to allocate memory"); + log_log(LOG_CRIT, "main(): malloc() failed to allocate memory"); exit(EXIT_FAILURE); } - for (i=0;i<nslcd_cfg->ldc_threads;i++) + for (i = 0; i < nslcd_cfg->ldc_threads; i++) { - if (pthread_create(&nslcd_threads[i],NULL,worker,NULL)) + if (pthread_create(&nslcd_threads[i], NULL, worker, NULL)) { - log_log(LOG_ERR,"unable to start worker thread %d: %s",i,strerror(errno)); + log_log(LOG_ERR, "unable to start worker thread %d: %s", + i, strerror(errno)); exit(EXIT_FAILURE); } } - pthread_sigmask(SIG_SETMASK,&oldmask,NULL); + pthread_sigmask(SIG_SETMASK, &oldmask, NULL); /* install signalhandlers for some signals */ install_sighandler(SIGHUP, sigexit_handler); install_sighandler(SIGINT, sigexit_handler); - install_sighandler(SIGQUIT,sigexit_handler); - install_sighandler(SIGABRT,sigexit_handler); - install_sighandler(SIGPIPE,SIG_IGN); - install_sighandler(SIGTERM,sigexit_handler); - install_sighandler(SIGUSR1,sigexit_handler); - install_sighandler(SIGUSR2,sigexit_handler); + install_sighandler(SIGQUIT, sigexit_handler); + install_sighandler(SIGABRT, sigexit_handler); + install_sighandler(SIGPIPE, SIG_IGN); + install_sighandler(SIGTERM, sigexit_handler); + install_sighandler(SIGUSR1, sigexit_handler); + install_sighandler(SIGUSR2, sigexit_handler); /* wait until we received a signal */ - while (nslcd_exitsignal==0) + while (nslcd_exitsignal == 0) { sleep(INT_MAX); /* sleep as long as we can or until we receive a signal */ } /* print something about received signal */ - log_log(LOG_INFO,"caught signal %s (%d), shutting down", - signame(nslcd_exitsignal),nslcd_exitsignal); + log_log(LOG_INFO, "caught signal %s (%d), shutting down", + signame(nslcd_exitsignal), nslcd_exitsignal); /* cancel all running threads */ - for (i=0;i<nslcd_cfg->ldc_threads;i++) + for (i = 0; i < nslcd_cfg->ldc_threads; i++) if (pthread_cancel(nslcd_threads[i])) - log_log(LOG_WARNING,"failed to stop thread %d (ignored): %s",i,strerror(errno)); + log_log(LOG_WARNING, "failed to stop thread %d (ignored): %s", + i, strerror(errno)); /* close server socket to trigger failures in threads waiting on accept() */ close(nslcd_serversocket); - nslcd_serversocket=-1; + nslcd_serversocket = -1; /* if we can, wait a few seconds for the threads to finish */ #ifdef HAVE_PTHREAD_TIMEDJOIN_NP - ts.tv_sec=time(NULL)+3; - ts.tv_nsec=0; + ts.tv_sec = time(NULL) + 3; + ts.tv_nsec = 0; #endif /* HAVE_PTHREAD_TIMEDJOIN_NP */ - for (i=0;i<nslcd_cfg->ldc_threads;i++) + for (i = 0; i < nslcd_cfg->ldc_threads; i++) { #ifdef HAVE_PTHREAD_TIMEDJOIN_NP - pthread_timedjoin_np(nslcd_threads[i],NULL,&ts); + pthread_timedjoin_np(nslcd_threads[i], NULL, &ts); #endif /* HAVE_PTHREAD_TIMEDJOIN_NP */ - if (pthread_kill(nslcd_threads[i],0)==0) - log_log(LOG_ERR,"thread %d is still running, shutting down anyway",i); + if (pthread_kill(nslcd_threads[i], 0) == 0) + log_log(LOG_ERR, "thread %d is still running, shutting down anyway", i); } /* we're done */ return EXIT_FAILURE; diff --git a/nslcd/nsswitch.c b/nslcd/nsswitch.c index 1975a8f..ff9d9d5 100644 --- a/nslcd/nsswitch.c +++ b/nslcd/nsswitch.c @@ -1,7 +1,7 @@ /* nsswitch.c - functions for parsing /etc/nsswitch.conf - Copyright (C) 2011 Arthur de Jong + Copyright (C) 2011, 2012 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -35,10 +35,10 @@ /* the cached value of whether shadow lookups use LDAP in nsswitch.conf */ #define NSSWITCH_FILE "/etc/nsswitch.conf" #define CACHED_UNKNOWN 22 -static int cached_shadow_uses_ldap=CACHED_UNKNOWN; -static time_t cached_shadow_lastcheck=0; +static int cached_shadow_uses_ldap = CACHED_UNKNOWN; +static time_t cached_shadow_lastcheck = 0; #define CACHED_SHADOW_TIMEOUT (60) -static time_t nsswitch_mtime=0; +static time_t nsswitch_mtime = 0; /* the maximum line length supported of nsswitch.conf */ #define MAX_LINE_LENGTH 4096 @@ -49,71 +49,77 @@ void nsswitch_check_reload(void) { struct stat buf; time_t t; - if ((cached_shadow_uses_ldap!=CACHED_UNKNOWN)&& - ((t=time(NULL)) > (cached_shadow_lastcheck+CACHED_SHADOW_TIMEOUT))) + if ((cached_shadow_uses_ldap != CACHED_UNKNOWN) && + ((t = time(NULL)) > (cached_shadow_lastcheck + CACHED_SHADOW_TIMEOUT))) { - cached_shadow_lastcheck=t; - if (stat(NSSWITCH_FILE,&buf)) + cached_shadow_lastcheck = t; + if (stat(NSSWITCH_FILE, &buf)) { - log_log(LOG_ERR,"stat(%s) failed: %s",NSSWITCH_FILE,strerror(errno)); + log_log(LOG_ERR, "stat(%s) failed: %s", NSSWITCH_FILE, strerror(errno)); /* trigger a recheck anyway */ - cached_shadow_uses_ldap=CACHED_UNKNOWN; + cached_shadow_uses_ldap = CACHED_UNKNOWN; return; } /* trigger a recheck if file changed */ - if (buf.st_mtime!=nsswitch_mtime) + if (buf.st_mtime != nsswitch_mtime) { - nsswitch_mtime=buf.st_mtime; - cached_shadow_uses_ldap=CACHED_UNKNOWN; + nsswitch_mtime = buf.st_mtime; + cached_shadow_uses_ldap = CACHED_UNKNOWN; } } } /* see if the line is a service definition for db and return a pointer to the beginning of the services list if it is */ -static const char *find_db(const char *line,const char *db) +static const char *find_db(const char *line, const char *db) { int i; - i=strlen(db); + i = strlen(db); /* the line should begin with the db we're looking for */ - if (strncmp(line,db,i)!=0) + if (strncmp(line, db, i) != 0) return NULL; /* followed by a : */ - while (isspace(line[i])) i++; - if (line[i]!=':') + while (isspace(line[i])) + i++; + if (line[i] != ':') return NULL; i++; - while (isspace(line[i])) i++; - return line+i; + while (isspace(line[i])) + i++; + return line + i; } /* check to see if the list of services contains the specified service */ -static int has_service(const char *services,const char *service, - const char *filename,int lnr) +static int has_service(const char *services, const char *service, + const char *filename, int lnr) { - int i=0,l; - if (services==NULL) + int i = 0, l; + if (services == NULL) return 0; - l=strlen(service); - while (services[i]!='\0') + l = strlen(service); + while (services[i] != '\0') { /* skip spaces */ - while (isspace(services[i])) i++; + while (isspace(services[i])) + i++; /* check if this is the service */ - if ((strncmp(services+i,service,l)==0)&&(!isalnum(services[i+l]))) + if ((strncmp(services + i, service, l) == 0) && (!isalnum(services[i + l]))) return 1; /* skip service name and spaces */ i++; - while (isalnum(services[i])) i++; - while (isspace(services[i])) i++; + while (isalnum(services[i])) + i++; + while (isspace(services[i])) + i++; /* skip action mappings */ - if (services[i]=='[') + if (services[i] == '[') { i++; /* skip [ */ - while ((services[i]!=']')&&(services[i]!='\0')) i++; - if (services[i]!=']') + while ((services[i] != ']') && (services[i] != '\0')) + i++; + if (services[i] != ']') { - log_log(LOG_WARNING,"%s: error parsing line %d",filename,lnr); + log_log(LOG_WARNING, "%s: error parsing line %d", filename, lnr); return 0; /* parse error */ } i++; /* skip ] */ @@ -125,36 +131,36 @@ static int has_service(const char *services,const char *service, static int shadow_uses_ldap(void) { FILE *fp; - int lnr=0; + int lnr = 0; char linebuf[MAX_LINE_LENGTH]; const char *services; - int shadow_found=0; - int passwd_has_ldap=0; + int shadow_found = 0; + int passwd_has_ldap = 0; /* open config file */ - if ((fp=fopen(NSSWITCH_FILE,"r"))==NULL) + if ((fp = fopen(NSSWITCH_FILE, "r")) == NULL) { - log_log(LOG_ERR,"cannot open %s: %s",NSSWITCH_FILE,strerror(errno)); + log_log(LOG_ERR, "cannot open %s: %s", NSSWITCH_FILE, strerror(errno)); return 0; } /* read file and parse lines */ - while (fgets(linebuf,sizeof(linebuf),fp)!=NULL) + while (fgets(linebuf, sizeof(linebuf), fp) != NULL) { lnr++; /* see if we have a shadow line */ - services=find_db(linebuf,"shadow"); - if (services!=NULL) + services = find_db(linebuf, "shadow"); + if (services != NULL) { - shadow_found=1; - if (has_service(services,"ldap",NSSWITCH_FILE,lnr)) + shadow_found = 1; + if (has_service(services, "ldap", NSSWITCH_FILE, lnr)) { fclose(fp); return 1; } } /* see if we have a passwd line */ - services=find_db(linebuf,"passwd"); - if (services!=NULL) - passwd_has_ldap=has_service(services,"ldap",NSSWITCH_FILE,lnr); + services = find_db(linebuf, "passwd"); + if (services != NULL) + passwd_has_ldap = has_service(services, "ldap", NSSWITCH_FILE, lnr); } fclose(fp); if (shadow_found) @@ -165,11 +171,11 @@ static int shadow_uses_ldap(void) /* check whether shadow lookups are configured to use ldap */ int nsswitch_shadow_uses_ldap(void) { - if (cached_shadow_uses_ldap==CACHED_UNKNOWN) + if (cached_shadow_uses_ldap == CACHED_UNKNOWN) { - log_log(LOG_INFO,"(re)loading %s",NSSWITCH_FILE); - cached_shadow_uses_ldap=shadow_uses_ldap(); - cached_shadow_lastcheck=time(NULL); + log_log(LOG_INFO, "(re)loading %s", NSSWITCH_FILE); + cached_shadow_uses_ldap = shadow_uses_ldap(); + cached_shadow_lastcheck = time(NULL); } return cached_shadow_uses_ldap; } diff --git a/nslcd/pam.c b/nslcd/pam.c index e88282c..1750d4c 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -41,7 +41,7 @@ /* set up a connection and try to bind with the specified DN and password, returns an LDAP result code */ -static int try_bind(const char *userdn,const char *password) +static int try_bind(const char *userdn, const char *password) { MYLDAP_SESSION *session; MYLDAP_SEARCH *search; @@ -49,29 +49,30 @@ static int try_bind(const char *userdn,const char *password) static const char *attrs[2]; int rc; /* set up a new connection */ - session=myldap_create_session(); - if (session==NULL) + session = myldap_create_session(); + if (session == NULL) return LDAP_UNAVAILABLE; /* set up credentials for the session */ - myldap_set_credentials(session,userdn,password); + myldap_set_credentials(session, userdn, password); /* perform search for own object (just to do any kind of search) */ - attrs[0]="dn"; - attrs[1]=NULL; - search=myldap_search(session,userdn,LDAP_SCOPE_BASE,"(objectClass=*)",attrs,&rc); - if ((search==NULL)||(rc!=LDAP_SUCCESS)) + attrs[0] = "dn"; + attrs[1] = NULL; + search = myldap_search(session, userdn, LDAP_SCOPE_BASE, + "(objectClass=*)", attrs, &rc); + if ((search == NULL) || (rc != LDAP_SUCCESS)) { - if (rc==LDAP_SUCCESS) - rc=LDAP_LOCAL_ERROR; - log_log(LOG_WARNING,"%s: lookup failed: %s",userdn,ldap_err2string(rc)); + if (rc == LDAP_SUCCESS) + rc = LDAP_LOCAL_ERROR; + log_log(LOG_WARNING, "%s: lookup failed: %s", userdn, ldap_err2string(rc)); } else { - entry=myldap_get_entry(search,&rc); - if ((entry==NULL)||(rc!=LDAP_SUCCESS)) + entry = myldap_get_entry(search, &rc); + if ((entry == NULL) || (rc != LDAP_SUCCESS)) { - if (rc==LDAP_SUCCESS) - rc=LDAP_NO_RESULTS_RETURNED; - log_log(LOG_WARNING,"%s: lookup failed: %s",userdn,ldap_err2string(rc)); + if (rc == LDAP_SUCCESS) + rc = LDAP_NO_RESULTS_RETURNED; + log_log(LOG_WARNING, "%s: lookup failed: %s", userdn, ldap_err2string(rc)); } } /* close the session */ @@ -83,87 +84,90 @@ static int try_bind(const char *userdn,const char *password) /* ensure that both userdn and username are filled in from the entry, returns an LDAP result code */ static MYLDAP_ENTRY *validate_user(MYLDAP_SESSION *session, - char *username,int *rcp) + char *username, int *rcp) { int rc; - MYLDAP_ENTRY *entry=NULL; + MYLDAP_ENTRY *entry = NULL; /* check username for validity */ if (!isvalidname(username)) { - log_log(LOG_WARNING,"request denied by validnames option"); - *rcp=LDAP_NO_SUCH_OBJECT; + log_log(LOG_WARNING, "request denied by validnames option"); + *rcp = LDAP_NO_SUCH_OBJECT; return NULL; } /* get the user entry based on the username */ - entry=uid2entry(session,username,&rc); - if (entry==NULL) + entry = uid2entry(session, username, &rc); + if (entry == NULL) { - if (rc==LDAP_SUCCESS) - rc=LDAP_NO_SUCH_OBJECT; - log_log(LOG_DEBUG,"\"%s\": user not found: %s",username,ldap_err2string(rc)); - *rcp=rc; + if (rc == LDAP_SUCCESS) + rc = LDAP_NO_SUCH_OBJECT; + log_log(LOG_DEBUG, "\"%s\": user not found: %s", username, ldap_err2string(rc)); + *rcp = rc; } return entry; } /* update the username value from the entry if needed */ -static void update_username(MYLDAP_ENTRY *entry,char *username,size_t username_len) +static void update_username(MYLDAP_ENTRY *entry, char *username, + size_t username_len) { const char **values; const char *value; /* get the "real" username */ - value=myldap_get_rdn_value(entry,attmap_passwd_uid); - if (value==NULL) + value = myldap_get_rdn_value(entry, attmap_passwd_uid); + if (value == NULL) { /* get the username from the uid attribute */ - values=myldap_get_values(entry,attmap_passwd_uid); - if ((values==NULL)||(values[0]==NULL)) + values = myldap_get_values(entry, attmap_passwd_uid); + if ((values == NULL) || (values[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_passwd_uid); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_passwd_uid); return; } - value=values[0]; + value = values[0]; } /* check the username */ - if ((value==NULL)||!isvalidname(value)||strlen(value)>=username_len) + if ((value == NULL) || !isvalidname(value) || strlen(value) >= username_len) { - log_log(LOG_WARNING,"%s: %s: denied by validnames option", - myldap_get_dn(entry),attmap_passwd_uid); + log_log(LOG_WARNING, "%s: %s: denied by validnames option", + myldap_get_dn(entry), attmap_passwd_uid); return; } /* check if the username is different and update it if needed */ - if (strcmp(username,value)!=0) + if (strcmp(username, value) != 0) { - log_log(LOG_INFO,"username changed from \"%s\" to \"%s\"",username,value); - strcpy(username,value); + log_log(LOG_INFO, "username changed from \"%s\" to \"%s\"", + username, value); + strcpy(username, value); } } -static int check_shadow(MYLDAP_SESSION *session,const char *username, - char *authzmsg,size_t authzmsgsz, - int check_maxdays,int check_mindays) +static int check_shadow(MYLDAP_SESSION *session, const char *username, + char *authzmsg, size_t authzmsgsz, + int check_maxdays, int check_mindays) { - MYLDAP_ENTRY *entry=NULL; - long today,lastchangedate,mindays,maxdays,warndays,inactdays,expiredate; + MYLDAP_ENTRY *entry = NULL; + long today, lastchangedate, mindays, maxdays, warndays, inactdays, expiredate; unsigned long flag; - long daysleft,inactleft; + long daysleft, inactleft; /* get the shadow entry */ - entry=shadow_uid2entry(session,username,NULL); - if (entry==NULL) + entry = shadow_uid2entry(session, username, NULL); + if (entry == NULL) return NSLCD_PAM_SUCCESS; /* no shadow entry found, nothing to check */ /* get today's date */ - today=(long)(time(NULL)/(60*60*24)); + today = (long)(time(NULL) / (60 * 60 * 24)); /* get shadown information */ - get_shadow_properties(entry,&lastchangedate,&mindays,&maxdays,&warndays, - &inactdays,&expiredate,&flag); + get_shadow_properties(entry, &lastchangedate, &mindays, &maxdays, &warndays, + &inactdays, &expiredate, &flag); /* check account expiry date */ - if ((expiredate!=-1)&&(today>=expiredate)) + if ((expiredate != -1) && (today >= expiredate)) { - daysleft=today-expiredate; - mysnprintf(authzmsg,authzmsgsz-1,"account expired %ld days ago",daysleft); - log_log(LOG_WARNING,"%s: %s: %s", - myldap_get_dn(entry),attmap_shadow_shadowExpire,authzmsg); + daysleft = today - expiredate; + mysnprintf(authzmsg, authzmsgsz - 1, "account expired %ld days ago", + daysleft); + log_log(LOG_WARNING, "%s: %s: %s", + myldap_get_dn(entry), attmap_shadow_shadowExpire, authzmsg); return NSLCD_PAM_ACCT_EXPIRED; } /* password expiration isn't interesting at this point because the user @@ -172,67 +176,70 @@ static int check_shadow(MYLDAP_SESSION *session,const char *username, if (check_maxdays) { /* check lastchanged */ - if (lastchangedate==0) + if (lastchangedate == 0) { - mysnprintf(authzmsg,authzmsgsz-1,"need a new password"); - log_log(LOG_WARNING,"%s: %s: %s", - myldap_get_dn(entry),attmap_shadow_shadowLastChange,authzmsg); + mysnprintf(authzmsg, authzmsgsz - 1, "need a new password"); + log_log(LOG_WARNING, "%s: %s: %s", + myldap_get_dn(entry), attmap_shadow_shadowLastChange, authzmsg); return NSLCD_PAM_NEW_AUTHTOK_REQD; } - else if (today<lastchangedate) - log_log(LOG_WARNING,"%s: %s: password changed in the future", - myldap_get_dn(entry),attmap_shadow_shadowLastChange); - else if (maxdays!=-1) + else if (today < lastchangedate) + log_log(LOG_WARNING, "%s: %s: password changed in the future", + myldap_get_dn(entry), attmap_shadow_shadowLastChange); + else if (maxdays != -1) { /* check maxdays */ - daysleft=lastchangedate+maxdays-today; - if (daysleft==0) - mysnprintf(authzmsg,authzmsgsz-1,"password will expire today"); - else if (daysleft<0) - mysnprintf(authzmsg,authzmsgsz-1,"password expired %ld days ago",-daysleft); + daysleft = lastchangedate + maxdays - today; + if (daysleft == 0) + mysnprintf(authzmsg, authzmsgsz - 1, "password will expire today"); + else if (daysleft < 0) + mysnprintf(authzmsg, authzmsgsz - 1, "password expired %ld days ago", + -daysleft); /* check inactdays */ - if ((daysleft<=0)&&(inactdays!=-1)) + if ((daysleft <= 0) && (inactdays != -1)) { - inactleft=lastchangedate+maxdays+inactdays-today; - if (inactleft==0) - mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1, + inactleft = lastchangedate + maxdays + inactdays - today; + if (inactleft == 0) + mysnprintf(authzmsg + strlen(authzmsg), authzmsgsz - strlen(authzmsg) - 1, ", account will be locked today"); - else if (inactleft>0) - mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1, - ", account will be locked in %ld days",inactleft); + else if (inactleft > 0) + mysnprintf(authzmsg + strlen(authzmsg), authzmsgsz - strlen(authzmsg) - 1, + ", account will be locked in %ld days", inactleft); else { - mysnprintf(authzmsg+strlen(authzmsg),authzmsgsz-strlen(authzmsg)-1, - ", account locked %ld days ago",-inactleft); - log_log(LOG_WARNING,"%s: %s: %s", - myldap_get_dn(entry),attmap_shadow_shadowInactive,authzmsg); + mysnprintf(authzmsg + strlen(authzmsg), authzmsgsz - strlen(authzmsg) - 1, + ", account locked %ld days ago", -inactleft); + log_log(LOG_WARNING, "%s: %s: %s", myldap_get_dn(entry), + attmap_shadow_shadowInactive, authzmsg); return NSLCD_PAM_AUTHTOK_EXPIRED; } } - if (daysleft<=0) + if (daysleft <= 0) { /* log previously built message */ - log_log(LOG_WARNING,"%s: %s: %s", - myldap_get_dn(entry),attmap_shadow_shadowMax,authzmsg); + log_log(LOG_WARNING, "%s: %s: %s", + myldap_get_dn(entry), attmap_shadow_shadowMax, authzmsg); return NSLCD_PAM_NEW_AUTHTOK_REQD; } /* check warndays */ - if ((warndays>0)&&(daysleft<=warndays)) + if ((warndays > 0) && (daysleft <= warndays)) { - mysnprintf(authzmsg,authzmsgsz-1,"password will expire in %ld days",daysleft); - log_log(LOG_WARNING,"%s: %s: %s", - myldap_get_dn(entry),attmap_shadow_shadowWarning,authzmsg); + mysnprintf(authzmsg, authzmsgsz - 1, + "password will expire in %ld days", daysleft); + log_log(LOG_WARNING, "%s: %s: %s", + myldap_get_dn(entry), attmap_shadow_shadowWarning, authzmsg); } } } if (check_mindays) { - daysleft=lastchangedate+mindays-today; - if ((mindays!=-1)&&(daysleft>0)) + daysleft = lastchangedate + mindays - today; + if ((mindays != -1) && (daysleft > 0)) { - mysnprintf(authzmsg,authzmsgsz-1,"password cannot be changed for another %ld days",daysleft); - log_log(LOG_WARNING,"%s: %s: %s", - myldap_get_dn(entry),attmap_shadow_shadowMin,authzmsg); + mysnprintf(authzmsg, authzmsgsz - 1, + "password cannot be changed for another %ld days", daysleft); + log_log(LOG_WARNING, "%s: %s: %s", + myldap_get_dn(entry), attmap_shadow_shadowMin, authzmsg); return NSLCD_PAM_AUTHTOK_ERR; } } @@ -240,108 +247,109 @@ static int check_shadow(MYLDAP_SESSION *session,const char *username, } /* check authentication credentials of the user */ -int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) +int nslcd_pam_authc(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid) { int32_t tmpint32; int rc; - char username[256],service[64],ruser[256],rhost[HOST_NAME_MAX+1],tty[64]; + char username[256], service[64], ruser[256], rhost[HOST_NAME_MAX + 1], tty[64]; char password[64]; const char *userdn; MYLDAP_ENTRY *entry; - int authzrc=NSLCD_PAM_SUCCESS; + int authzrc = NSLCD_PAM_SUCCESS; char authzmsg[1024]; - authzmsg[0]='\0'; + authzmsg[0] = '\0'; /* read request parameters */ - READ_STRING(fp,username); - READ_STRING(fp,service); - READ_STRING(fp,ruser); - READ_STRING(fp,rhost); - READ_STRING(fp,tty); - READ_STRING(fp,password); + READ_STRING(fp, username); + READ_STRING(fp, service); + READ_STRING(fp, ruser); + READ_STRING(fp, rhost); + READ_STRING(fp, tty); + READ_STRING(fp, password); /* log call */ - log_setrequest("authc=\"%s\"",username); - log_log(LOG_DEBUG,"nslcd_pam_authc(\"%s\",\"%s\",\"%s\")", - username,service,*password?"***":""); + log_setrequest("authc=\"%s\"", username); + log_log(LOG_DEBUG, "nslcd_pam_authc(\"%s\",\"%s\",\"%s\")", + username, service, *password ? "***" : ""); /* write the response header */ - WRITE_INT32(fp,NSLCD_VERSION); - WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHC); + WRITE_INT32(fp, NSLCD_VERSION); + WRITE_INT32(fp, NSLCD_ACTION_PAM_AUTHC); /* if the username is blank and rootpwmoddn is configured, try to authenticate as administrator, otherwise validate request as usual */ - if ((*username=='\0')&&(nslcd_cfg->ldc_rootpwmoddn!=NULL)) + if ((*username == '\0') && (nslcd_cfg->ldc_rootpwmoddn != NULL)) { - userdn=nslcd_cfg->ldc_rootpwmoddn; + userdn = nslcd_cfg->ldc_rootpwmoddn; /* if the caller is root we will allow the use of the rootpwmodpw option */ - if ((*password=='\0')&&(calleruid==0)&&(nslcd_cfg->ldc_rootpwmodpw!=NULL)) + if ((*password == '\0') && (calleruid == 0) && (nslcd_cfg->ldc_rootpwmodpw != NULL)) { - if (strlen(nslcd_cfg->ldc_rootpwmodpw)>=sizeof(password)) + if (strlen(nslcd_cfg->ldc_rootpwmodpw) >= sizeof(password)) { - log_log(LOG_ERR,"nslcd_pam_authc(): rootpwmodpw will not fit in password"); + log_log(LOG_ERR, "nslcd_pam_authc(): rootpwmodpw will not fit in password"); return -1; } - strcpy(password,nslcd_cfg->ldc_rootpwmodpw); + strcpy(password, nslcd_cfg->ldc_rootpwmodpw); } } else { /* try normal authentication, lookup the user entry */ - entry=validate_user(session,username,&rc); - if (entry==NULL) + entry = validate_user(session, username, &rc); + if (entry == NULL) { /* for user not found we just say no result */ - if (rc==LDAP_NO_SUCH_OBJECT) + if (rc == LDAP_NO_SUCH_OBJECT) { - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_END); } return -1; } - userdn=myldap_get_dn(entry); - update_username(entry,username,sizeof(username)); + userdn = myldap_get_dn(entry); + update_username(entry, username, sizeof(username)); } /* try authentication */ - rc=try_bind(userdn,password); - if (rc==LDAP_SUCCESS) - log_log(LOG_DEBUG,"bind successful"); + rc = try_bind(userdn, password); + if (rc == LDAP_SUCCESS) + log_log(LOG_DEBUG, "bind successful"); /* map result code */ switch (rc) { - case LDAP_SUCCESS: rc=NSLCD_PAM_SUCCESS; break; - case LDAP_INVALID_CREDENTIALS: rc=NSLCD_PAM_AUTH_ERR; break; - default: rc=NSLCD_PAM_AUTH_ERR; + case LDAP_SUCCESS: rc = NSLCD_PAM_SUCCESS; break; + case LDAP_INVALID_CREDENTIALS: rc = NSLCD_PAM_AUTH_ERR; break; + default: rc = NSLCD_PAM_AUTH_ERR; } /* perform shadow attribute checks */ - if (*username!='\0') - authzrc=check_shadow(session,username,authzmsg,sizeof(authzmsg),1,0); + if (*username != '\0') + authzrc = check_shadow(session, username, authzmsg, sizeof(authzmsg), 1, 0); /* write response */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,rc); - WRITE_STRING(fp,username); - WRITE_INT32(fp,authzrc); - WRITE_STRING(fp,authzmsg); - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, rc); + WRITE_STRING(fp, username); + WRITE_INT32(fp, authzrc); + WRITE_STRING(fp, authzmsg); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } -static void autzsearch_var_add(DICT *dict,const char *name,const char *value) +static void autzsearch_var_add(DICT *dict, const char *name, + const char *value) { size_t sz; char *escaped_value; /* allocate memory for escaped string */ - sz=((strlen(value)+8)*120)/100; - escaped_value=(char *)malloc(sz); - if (escaped_value==NULL) + sz = ((strlen(value) + 8) * 120) / 100; + escaped_value = (char *)malloc(sz); + if (escaped_value == NULL) { - log_log(LOG_CRIT,"autzsearch_var_add(): malloc() failed to allocate memory"); + log_log(LOG_CRIT, "autzsearch_var_add(): malloc() failed to allocate memory"); return; } /* perform escaping of the value */ - if(myldap_escape(value,escaped_value,sz)) + if (myldap_escape(value, escaped_value, sz)) { - log_log(LOG_CRIT,"autzsearch_var_add(): myldap_escape() failed to fit in buffer"); + log_log(LOG_CRIT, "autzsearch_var_add(): myldap_escape() failed to fit in buffer"); free(escaped_value); return; } /* add to dict */ - dict_put(dict,name,escaped_value); + dict_put(dict, name, escaped_value); } static void autzsearch_vars_free(DICT *dict) @@ -352,10 +360,10 @@ static void autzsearch_vars_free(DICT *dict) /* go over all keys and free all the values (they were allocated in autzsearch_var_add) */ /* loop over dictionary contents */ - keys=dict_keys(dict); - for (i=0;keys[i]!=NULL;i++) + keys = dict_keys(dict); + for (i = 0; keys[i] != NULL; i++) { - value=dict_get(dict,keys[i]); + value = dict_get(dict, keys[i]); if (value) free(value); } @@ -363,22 +371,23 @@ static void autzsearch_vars_free(DICT *dict) /* after this values from the dict should obviously no longer be used */ } -static const char *autzsearch_var_get(const char *name,void *expander_attr) +static const char *autzsearch_var_get(const char *name, void *expander_attr) { - DICT *dict=(DICT *)expander_attr; - return (const char *)dict_get(dict,name); + DICT *dict = (DICT *)expander_attr; + return (const char *)dict_get(dict, name); /* TODO: if not set use entry to get attribute name (entry can be an element in the dict) */ } /* perform an authorisation search, returns an LDAP status code */ -static int try_autzsearch(MYLDAP_SESSION *session,const char *dn, - const char *username,const char *servicename, - const char *ruser,const char *rhost,const char *tty) +static int try_autzsearch(MYLDAP_SESSION *session, const char *dn, + const char *username, const char *servicename, + const char *ruser, const char *rhost, + const char *tty) { - char hostname[HOST_NAME_MAX+1]; + char hostname[HOST_NAME_MAX + 1]; const char *fqdn; - DICT *dict=NULL; + DICT *dict = NULL; char filter[4096]; MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; @@ -387,67 +396,68 @@ static int try_autzsearch(MYLDAP_SESSION *session,const char *dn, const char *res; int i; /* go over all pam_authz_search options */ - for (i=0;(i<NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES)&&(nslcd_cfg->ldc_pam_authz_search[i]!=NULL);i++) + for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (nslcd_cfg->ldc_pam_authz_search[i] != NULL); i++) { - if (dict==NULL) + if (dict == NULL) { /* build the dictionary with variables NOTE: any variables added here also need to be added to cfg.c:parse_pam_authz_search_statement() */ - dict=dict_new(); - autzsearch_var_add(dict,"username",username); - autzsearch_var_add(dict,"service",servicename); - autzsearch_var_add(dict,"ruser",ruser); - autzsearch_var_add(dict,"rhost",rhost); - autzsearch_var_add(dict,"tty",tty); - if (gethostname(hostname,sizeof(hostname))==0) - autzsearch_var_add(dict,"hostname",hostname); - if ((fqdn=getfqdn())!=NULL) - autzsearch_var_add(dict,"fqdn",fqdn); - autzsearch_var_add(dict,"dn",dn); - autzsearch_var_add(dict,"uid",username); + dict = dict_new(); + autzsearch_var_add(dict, "username", username); + autzsearch_var_add(dict, "service", servicename); + autzsearch_var_add(dict, "ruser", ruser); + autzsearch_var_add(dict, "rhost", rhost); + autzsearch_var_add(dict, "tty", tty); + if (gethostname(hostname, sizeof(hostname)) == 0) + autzsearch_var_add(dict, "hostname", hostname); + if ((fqdn = getfqdn()) != NULL) + autzsearch_var_add(dict, "fqdn", fqdn); + autzsearch_var_add(dict, "dn", dn); + autzsearch_var_add(dict, "uid", username); } /* build the search filter */ - res=expr_parse(nslcd_cfg->ldc_pam_authz_search[i], - filter,sizeof(filter), - autzsearch_var_get,(void *)dict); - if (res==NULL) + res = expr_parse(nslcd_cfg->ldc_pam_authz_search[i], + filter, sizeof(filter), + autzsearch_var_get, (void *)dict); + if (res == NULL) { autzsearch_vars_free(dict); dict_free(dict); - log_log(LOG_ERR,"invalid pam_authz_search \"%s\"",nslcd_cfg->ldc_pam_authz_search[i]); + log_log(LOG_ERR, "invalid pam_authz_search \"%s\"", + nslcd_cfg->ldc_pam_authz_search[i]); return LDAP_LOCAL_ERROR; } - log_log(LOG_DEBUG,"trying pam_authz_search \"%s\"",filter); + log_log(LOG_DEBUG, "trying pam_authz_search \"%s\"", filter); /* perform the search */ - attrs[0]="dn"; - attrs[1]=NULL; + attrs[0] = "dn"; + attrs[1] = NULL; /* FIXME: this only searches the first base */ - search=myldap_search(session,nslcd_cfg->ldc_bases[0],LDAP_SCOPE_SUBTREE, - filter,attrs,&rc); - if (search==NULL) + search = myldap_search(session, nslcd_cfg->ldc_bases[0], + LDAP_SCOPE_SUBTREE, filter, attrs, &rc); + if (search == NULL) { autzsearch_vars_free(dict); dict_free(dict); - log_log(LOG_ERR,"pam_authz_search \"%s\" failed: %s", - filter,ldap_err2string(rc)); + log_log(LOG_ERR, "pam_authz_search \"%s\" failed: %s", + filter, ldap_err2string(rc)); return rc; } /* try to get an entry */ - entry=myldap_get_entry(search,&rc); - if (entry==NULL) + entry = myldap_get_entry(search, &rc); + if (entry == NULL) { autzsearch_vars_free(dict); dict_free(dict); - log_log(LOG_ERR,"pam_authz_search \"%s\" found no matches",filter); - if (rc==LDAP_SUCCESS) - rc=LDAP_NO_SUCH_OBJECT; + log_log(LOG_ERR, "pam_authz_search \"%s\" found no matches", filter); + if (rc == LDAP_SUCCESS) + rc = LDAP_NO_SUCH_OBJECT; return rc; } - log_log(LOG_DEBUG,"pam_authz_search found \"%s\"",myldap_get_dn(entry)); + log_log(LOG_DEBUG, "pam_authz_search found \"%s\"", myldap_get_dn(entry)); } /* we went over all pam_authz_search entries */ - if (dict!=NULL) + if (dict != NULL) { autzsearch_vars_free(dict); dict_free(dict); @@ -456,141 +466,144 @@ static int try_autzsearch(MYLDAP_SESSION *session,const char *dn, } /* check authorisation of the user */ -int nslcd_pam_authz(TFILE *fp,MYLDAP_SESSION *session) +int nslcd_pam_authz(TFILE *fp, MYLDAP_SESSION *session) { int32_t tmpint32; int rc; - char username[256],service[64],ruser[256],rhost[HOST_NAME_MAX+1],tty[64]; + char username[256], service[64], ruser[256], rhost[HOST_NAME_MAX + 1], tty[64]; MYLDAP_ENTRY *entry; char authzmsg[1024]; - authzmsg[0]='\0'; + authzmsg[0] = '\0'; /* read request parameters */ - READ_STRING(fp,username); - READ_STRING(fp,service); - READ_STRING(fp,ruser); - READ_STRING(fp,rhost); - READ_STRING(fp,tty); + READ_STRING(fp, username); + READ_STRING(fp, service); + READ_STRING(fp, ruser); + READ_STRING(fp, rhost); + READ_STRING(fp, tty); /* log call */ - log_setrequest("authz=\"%s\"",username); - log_log(LOG_DEBUG,"nslcd_pam_authz(\"%s\",\"%s\",\"%s\",\"%s\",\"%s\")", - username,service,ruser,rhost,tty); + log_setrequest("authz=\"%s\"", username); + log_log(LOG_DEBUG, "nslcd_pam_authz(\"%s\",\"%s\",\"%s\",\"%s\",\"%s\")", + username, service, ruser, rhost, tty); /* write the response header */ - WRITE_INT32(fp,NSLCD_VERSION); - WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHZ); + WRITE_INT32(fp, NSLCD_VERSION); + WRITE_INT32(fp, NSLCD_ACTION_PAM_AUTHZ); /* validate request */ - entry=validate_user(session,username,&rc); - if (entry==NULL) + entry = validate_user(session, username, &rc); + if (entry == NULL) { /* for user not found we just say no result */ - if (rc==LDAP_NO_SUCH_OBJECT) + if (rc == LDAP_NO_SUCH_OBJECT) { - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_END); } return -1; } /* check authorisation search */ - rc=try_autzsearch(session,myldap_get_dn(entry),username,service,ruser,rhost,tty); - if (rc!=LDAP_SUCCESS) + rc = try_autzsearch(session, myldap_get_dn(entry), username, service, ruser, + rhost, tty); + if (rc != LDAP_SUCCESS) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,NSLCD_PAM_PERM_DENIED); - WRITE_STRING(fp,"LDAP authorisation check failed"); - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, NSLCD_PAM_PERM_DENIED); + WRITE_STRING(fp, "LDAP authorisation check failed"); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } /* perform shadow attribute checks */ - rc=check_shadow(session,username,authzmsg,sizeof(authzmsg),0,0); + rc = check_shadow(session, username, authzmsg, sizeof(authzmsg), 0, 0); /* write response */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,rc); - WRITE_STRING(fp,authzmsg); - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, rc); + WRITE_STRING(fp, authzmsg); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } -int nslcd_pam_sess_o(TFILE *fp,MYLDAP_SESSION *session) +int nslcd_pam_sess_o(TFILE *fp, MYLDAP_SESSION *session) { int32_t tmpint32; - char username[256],service[64],ruser[256],rhost[HOST_NAME_MAX+1],tty[64]; + char username[256], service[64], ruser[256], rhost[HOST_NAME_MAX + 1], tty[64]; char sessionid[25]; - static const char alphabet[]="ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "01234567890"; + static const char alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "01234567890"; int i; /* read request parameters */ - READ_STRING(fp,username); - READ_STRING(fp,service); - READ_STRING(fp,ruser); - READ_STRING(fp,rhost); - READ_STRING(fp,tty); + READ_STRING(fp, username); + READ_STRING(fp, service); + READ_STRING(fp, ruser); + READ_STRING(fp, rhost); + READ_STRING(fp, tty); /* generate pseudo-random session id */ - for (i=0;i<(sizeof(sessionid)-1);i++) - sessionid[i]=alphabet[rand()%(sizeof(alphabet)-1)]; - sessionid[i]='\0'; + for (i = 0; i < (sizeof(sessionid) - 1); i++) + sessionid[i] = alphabet[rand() % (sizeof(alphabet) - 1)]; + sessionid[i] = '\0'; /* log call */ - log_setrequest("sess_o=\"%s\"",username); - log_log(LOG_DEBUG,"nslcd_pam_sess_o(\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"): %s", - username,service,tty,rhost,ruser,sessionid); + log_setrequest("sess_o=\"%s\"", username); + log_log(LOG_DEBUG, "nslcd_pam_sess_o(\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"): %s", + username, service, tty, rhost, ruser, sessionid); /* write the response header */ - WRITE_INT32(fp,NSLCD_VERSION); - WRITE_INT32(fp,NSLCD_ACTION_PAM_SESS_O); + WRITE_INT32(fp, NSLCD_VERSION); + WRITE_INT32(fp, NSLCD_ACTION_PAM_SESS_O); /* write response */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,sessionid); - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, sessionid); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } -int nslcd_pam_sess_c(TFILE *fp,MYLDAP_SESSION *session) +int nslcd_pam_sess_c(TFILE *fp, MYLDAP_SESSION *session) { int32_t tmpint32; - char username[256],service[64],ruser[256],rhost[HOST_NAME_MAX+1],tty[64]; + char username[256], service[64], ruser[256], rhost[HOST_NAME_MAX + 1], tty[64]; char sessionid[64]; /* read request parameters */ - READ_STRING(fp,username); - READ_STRING(fp,service); - READ_STRING(fp,ruser); - READ_STRING(fp,rhost); - READ_STRING(fp,tty); - READ_STRING(fp,sessionid); + READ_STRING(fp, username); + READ_STRING(fp, service); + READ_STRING(fp, ruser); + READ_STRING(fp, rhost); + READ_STRING(fp, tty); + READ_STRING(fp, sessionid); /* log call */ - log_setrequest("sess_c=\"%s\"",username); - log_log(LOG_DEBUG,"nslcd_pam_sess_c(\"%s\",\"%s\",%s)", - username,service,sessionid); + log_setrequest("sess_c=\"%s\"", username); + log_log(LOG_DEBUG, "nslcd_pam_sess_c(\"%s\",\"%s\",%s)", + username, service, sessionid); /* write the response header */ - WRITE_INT32(fp,NSLCD_VERSION); - WRITE_INT32(fp,NSLCD_ACTION_PAM_SESS_C); + WRITE_INT32(fp, NSLCD_VERSION); + WRITE_INT32(fp, NSLCD_ACTION_PAM_SESS_C); /* write response */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } /* perform an LDAP password modification, returns an LDAP status code */ -static int try_pwmod(const char *binddn,const char *userdn, - const char *oldpassword,const char *newpassword) +static int try_pwmod(const char *binddn, const char *userdn, + const char *oldpassword, const char *newpassword) { MYLDAP_SESSION *session; char buffer[256]; int rc; /* set up a new connection */ - session=myldap_create_session(); - if (session==NULL) + session = myldap_create_session(); + if (session == NULL) return LDAP_UNAVAILABLE; /* set up credentials for the session */ - myldap_set_credentials(session,binddn,oldpassword); + myldap_set_credentials(session, binddn, oldpassword); /* perform search for own object (just to do any kind of search) */ - if ((lookup_dn2uid(session,userdn,&rc,buffer,sizeof(buffer))!=NULL)&&(rc==LDAP_SUCCESS)) + if ((lookup_dn2uid(session, userdn, &rc, buffer, sizeof(buffer)) != NULL) && + (rc == LDAP_SUCCESS)) { /* if doing password modification as admin, don't pass old password along */ - if ((nslcd_cfg->ldc_rootpwmoddn!=NULL)&&(strcmp(binddn,nslcd_cfg->ldc_rootpwmoddn)==0)) - oldpassword=NULL; + if ((nslcd_cfg->ldc_rootpwmoddn != NULL) && + (strcmp(binddn, nslcd_cfg->ldc_rootpwmoddn) == 0)) + oldpassword = NULL; /* perform password modification */ - rc=myldap_passwd(session,userdn,oldpassword,newpassword); - if (rc==LDAP_SUCCESS) + rc = myldap_passwd(session, userdn, oldpassword, newpassword); + if (rc == LDAP_SUCCESS) { /* try to update the shadowLastChange attribute */ - (void)update_lastchange(session,userdn); + (void)update_lastchange(session, userdn); } } /* close the session */ @@ -599,101 +612,103 @@ static int try_pwmod(const char *binddn,const char *userdn, return rc; } -int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) +int nslcd_pam_pwmod(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid) { int32_t tmpint32; int rc; - char username[256],service[64],ruser[256],rhost[HOST_NAME_MAX+1],tty[64]; + char username[256], service[64], ruser[256], rhost[HOST_NAME_MAX + 1], tty[64]; int asroot; char oldpassword[64]; char newpassword[64]; - const char *binddn=NULL; /* the user performing the modification */ + const char *binddn = NULL; /* the user performing the modification */ MYLDAP_ENTRY *entry; char authzmsg[1024]; - authzmsg[0]='\0'; + authzmsg[0] = '\0'; /* read request parameters */ - READ_STRING(fp,username); - READ_STRING(fp,service); - READ_STRING(fp,ruser); - READ_STRING(fp,rhost); - READ_STRING(fp,tty); - READ_INT32(fp,asroot); - READ_STRING(fp,oldpassword); - READ_STRING(fp,newpassword); + READ_STRING(fp, username); + READ_STRING(fp, service); + READ_STRING(fp, ruser); + READ_STRING(fp, rhost); + READ_STRING(fp, tty); + READ_INT32(fp, asroot); + READ_STRING(fp, oldpassword); + READ_STRING(fp, newpassword); /* log call */ - log_setrequest("pwmod=\"%s\"",username); - log_log(LOG_DEBUG,"nslcd_pam_pwmod(\"%s\",%s,\"%s\",\"%s\",\"%s\")", - username,asroot?"asroot":"asuser",service,*oldpassword?"***":"", - *newpassword?"***":""); + log_setrequest("pwmod=\"%s\"", username); + log_log(LOG_DEBUG, "nslcd_pam_pwmod(\"%s\",%s,\"%s\",\"%s\",\"%s\")", + username, asroot ? "asroot" : "asuser", service, + *oldpassword ? "***" : "", *newpassword ? "***" : ""); /* write the response header */ - WRITE_INT32(fp,NSLCD_VERSION); - WRITE_INT32(fp,NSLCD_ACTION_PAM_PWMOD); + WRITE_INT32(fp, NSLCD_VERSION); + WRITE_INT32(fp, NSLCD_ACTION_PAM_PWMOD); /* validate request */ - entry=validate_user(session,username,&rc); - if (entry==NULL) + entry = validate_user(session, username, &rc); + if (entry == NULL) { /* for user not found we just say no result */ - if (rc==LDAP_NO_SUCH_OBJECT) + if (rc == LDAP_NO_SUCH_OBJECT) { - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_END); } return -1; } /* check if pam_password_prohibit_message is set */ - if (nslcd_cfg->pam_password_prohibit_message!=NULL) + if (nslcd_cfg->pam_password_prohibit_message != NULL) { - log_log(LOG_NOTICE,"password change prohibited"); - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,NSLCD_PAM_PERM_DENIED); - WRITE_STRING(fp,nslcd_cfg->pam_password_prohibit_message); - WRITE_INT32(fp,NSLCD_RESULT_END); + log_log(LOG_NOTICE, "password change prohibited"); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, NSLCD_PAM_PERM_DENIED); + WRITE_STRING(fp, nslcd_cfg->pam_password_prohibit_message); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } /* check if the the user passed the rootpwmoddn */ if (asroot) { - binddn=nslcd_cfg->ldc_rootpwmoddn; + binddn = nslcd_cfg->ldc_rootpwmoddn; /* check if rootpwmodpw should be used */ - if ((*oldpassword=='\0')&&(calleruid==0)&&(nslcd_cfg->ldc_rootpwmodpw!=NULL)) + if ((*oldpassword == '\0') && (calleruid == 0) && + (nslcd_cfg->ldc_rootpwmodpw != NULL)) { - if (strlen(nslcd_cfg->ldc_rootpwmodpw)>=sizeof(oldpassword)) + if (strlen(nslcd_cfg->ldc_rootpwmodpw) >= sizeof(oldpassword)) { - log_log(LOG_ERR,"nslcd_pam_pwmod(): rootpwmodpw will not fit in oldpassword"); + log_log(LOG_ERR, "nslcd_pam_pwmod(): rootpwmodpw will not fit in oldpassword"); return -1; } - strcpy(oldpassword,nslcd_cfg->ldc_rootpwmodpw); + strcpy(oldpassword, nslcd_cfg->ldc_rootpwmodpw); } } else { - binddn=myldap_get_dn(entry); + binddn = myldap_get_dn(entry); /* check whether shadow properties allow password change */ - rc=check_shadow(session,username,authzmsg,sizeof(authzmsg),0,1); - if (rc!=NSLCD_PAM_SUCCESS) + rc = check_shadow(session, username, authzmsg, sizeof(authzmsg), 0, 1); + if (rc != NSLCD_PAM_SUCCESS) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,rc); - WRITE_STRING(fp,authzmsg); - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, rc); + WRITE_STRING(fp, authzmsg); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } } /* perform password modification */ - rc=try_pwmod(binddn,myldap_get_dn(entry),oldpassword,newpassword); - if (rc!=LDAP_SUCCESS) + rc = try_pwmod(binddn, myldap_get_dn(entry), oldpassword, newpassword); + if (rc != LDAP_SUCCESS) { - mysnprintf(authzmsg,sizeof(authzmsg)-1,"password change failed: %s",ldap_err2string(rc)); - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,NSLCD_PAM_PERM_DENIED); - WRITE_STRING(fp,authzmsg); - WRITE_INT32(fp,NSLCD_RESULT_END); + mysnprintf(authzmsg, sizeof(authzmsg) - 1, "password change failed: %s", + ldap_err2string(rc)); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, NSLCD_PAM_PERM_DENIED); + WRITE_STRING(fp, authzmsg); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } /* write response */ - log_log(LOG_NOTICE,"password changed for %s",myldap_get_dn(entry)); - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_INT32(fp,NSLCD_PAM_SUCCESS); - WRITE_STRING(fp,""); - WRITE_INT32(fp,NSLCD_RESULT_END); + log_log(LOG_NOTICE, "password changed for %s", myldap_get_dn(entry)); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_INT32(fp, NSLCD_PAM_SUCCESS); + WRITE_STRING(fp, ""); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } diff --git a/nslcd/passwd.c b/nslcd/passwd.c index 527b83c..a212138 100644 --- a/nslcd/passwd.c +++ b/nslcd/passwd.c @@ -66,11 +66,11 @@ const char *attmap_passwd_loginShell = "loginShell"; /* special properties for objectSid-based searches (these are already LDAP-escaped strings) */ -static char *uidSid=NULL; -static char *gidSid=NULL; +static char *uidSid = NULL; +static char *gidSid = NULL; /* default values for attributes */ -static const char *default_passwd_userPassword = "*"; /* unmatchable */ +static const char *default_passwd_userPassword = "*"; /* unmatchable */ /* Note that the resulting password value should be one of: <empty> - no password set, allow login without password @@ -80,44 +80,37 @@ static const char *default_passwd_userPassword = "*"; /* unmatchable */ other - encrypted password, usually in crypt(3) format */ /* the attribute list to request with searches */ -static const char **passwd_attrs=NULL; +static const char **passwd_attrs = NULL; /* create a search filter for searching a passwd entry by name, return -1 on errors */ static int mkfilter_passwd_byname(const char *name, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if(myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - passwd_filter, - attmap_passwd_uid,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + passwd_filter, attmap_passwd_uid, safename); } /* create a search filter for searching a passwd entry by uid, return -1 on errors */ -static int mkfilter_passwd_byuid(uid_t uid, - char *buffer,size_t buflen) +static int mkfilter_passwd_byuid(uid_t uid, char *buffer, size_t buflen) { - if (uidSid!=NULL) + if (uidSid != NULL) { - return mysnprintf(buffer,buflen, - "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))", - passwd_filter, - attmap_passwd_uidNumber,uidSid, - (int)(uid&0xff),(int)((uid>>8)&0xff), - (int)((uid>>16)&0xff),(int)((uid>>24)&0xff)); + return mysnprintf(buffer, buflen, "(&%s(%s=%s\\%02x\\%02x\\%02x\\%02x))", + passwd_filter, attmap_passwd_uidNumber, uidSid, + (int)(uid & 0xff), (int)((uid >> 8) & 0xff), + (int)((uid >> 16) & 0xff), (int)((uid >> 24) & 0xff)); } else { - return mysnprintf(buffer,buflen, - "(&%s(%s=%d))", - passwd_filter, - attmap_passwd_uidNumber,(int)uid); + return mysnprintf(buffer, buflen, "(&%s(%s=%d))", + passwd_filter, attmap_passwd_uidNumber, (int)uid); } } @@ -126,46 +119,45 @@ void passwd_init(void) int i; SET *set; /* set up search bases */ - if (passwd_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - passwd_bases[i]=nslcd_cfg->ldc_bases[i]; + if (passwd_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + passwd_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (passwd_scope==LDAP_SCOPE_DEFAULT) - passwd_scope=nslcd_cfg->ldc_scope; + if (passwd_scope == LDAP_SCOPE_DEFAULT) + passwd_scope = nslcd_cfg->ldc_scope; /* special case when uidNumber or gidNumber reference objectSid */ - if (strncasecmp(attmap_passwd_uidNumber,"objectSid:",10)==0) + if (strncasecmp(attmap_passwd_uidNumber, "objectSid:", 10) == 0) { - uidSid=sid2search(attmap_passwd_uidNumber+10); - attmap_passwd_uidNumber=strndup(attmap_passwd_uidNumber,9); + uidSid = sid2search(attmap_passwd_uidNumber + 10); + attmap_passwd_uidNumber = strndup(attmap_passwd_uidNumber, 9); } - if (strncasecmp(attmap_passwd_gidNumber,"objectSid:",10)==0) + if (strncasecmp(attmap_passwd_gidNumber, "objectSid:", 10) == 0) { - gidSid=sid2search(attmap_passwd_gidNumber+10); - attmap_passwd_gidNumber=strndup(attmap_passwd_gidNumber,9); + gidSid = sid2search(attmap_passwd_gidNumber + 10); + attmap_passwd_gidNumber = strndup(attmap_passwd_gidNumber, 9); } /* set up attribute list */ - set=set_new(); - attmap_add_attributes(set,"objectClass"); /* for testing shadowAccount */ - attmap_add_attributes(set,attmap_passwd_uid); - attmap_add_attributes(set,attmap_passwd_userPassword); - attmap_add_attributes(set,attmap_passwd_uidNumber); - attmap_add_attributes(set,attmap_passwd_gidNumber); - attmap_add_attributes(set,attmap_passwd_gecos); - attmap_add_attributes(set,attmap_passwd_homeDirectory); - attmap_add_attributes(set,attmap_passwd_loginShell); - passwd_attrs=set_tolist(set); + set = set_new(); + attmap_add_attributes(set, "objectClass"); /* for testing shadowAccount */ + attmap_add_attributes(set, attmap_passwd_uid); + attmap_add_attributes(set, attmap_passwd_userPassword); + attmap_add_attributes(set, attmap_passwd_uidNumber); + attmap_add_attributes(set, attmap_passwd_gidNumber); + attmap_add_attributes(set, attmap_passwd_gecos); + attmap_add_attributes(set, attmap_passwd_homeDirectory); + attmap_add_attributes(set, attmap_passwd_loginShell); + passwd_attrs = set_tolist(set); set_free(set); } /* the cache that is used in dn2uid() */ -static pthread_mutex_t dn2uid_cache_mutex=PTHREAD_MUTEX_INITIALIZER; -static DICT *dn2uid_cache=NULL; -struct dn2uid_cache_entry -{ +static pthread_mutex_t dn2uid_cache_mutex = PTHREAD_MUTEX_INITIALIZER; +static DICT *dn2uid_cache = NULL; +struct dn2uid_cache_entry { time_t timestamp; char *uid; }; -#define DN2UID_CACHE_TIMEOUT (15*60) +#define DN2UID_CACHE_TIMEOUT (15 * 60) /* checks whether the entry has a valid uidNumber attribute (>= nss_min_uid) */ @@ -176,39 +168,39 @@ static int entry_has_valid_uid(MYLDAP_ENTRY *entry) char *tmp; uid_t uid; /* if min_uid is not set any entry should do */ - if (nslcd_cfg->ldc_nss_min_uid==0) + if (nslcd_cfg->ldc_nss_min_uid == 0) return 1; /* get all uidNumber attributes */ - values=myldap_get_values_len(entry,attmap_passwd_uidNumber); - if ((values==NULL)||(values[0]==NULL)) + values = myldap_get_values_len(entry, attmap_passwd_uidNumber); + if ((values == NULL) || (values[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_passwd_uidNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_passwd_uidNumber); return 0; } /* check if there is a uidNumber attributes >= min_uid */ - for (i=0;values[i]!=NULL;i++) + for (i = 0; values[i] != NULL; i++) { - if (uidSid!=NULL) - uid=(uid_t)binsid2id(values[i]); + if (uidSid != NULL) + uid = (uid_t)binsid2id(values[i]); else { - errno=0; - uid=strtouid(values[i],&tmp,10); - if ((*(values[i])=='\0')||(*tmp!='\0')) + errno = 0; + uid = strtouid(values[i], &tmp, 10); + if ((*(values[i]) == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric", - myldap_get_dn(entry),attmap_passwd_uidNumber); + log_log(LOG_WARNING, "%s: %s: non-numeric", + myldap_get_dn(entry), attmap_passwd_uidNumber); continue; } - else if ((errno!=0)||(strchr(values[i],'-')!=NULL)) + else if ((errno != 0) || (strchr(values[i], '-') != NULL)) { - log_log(LOG_WARNING,"%s: %s: out of range", - myldap_get_dn(entry),attmap_passwd_uidNumber); + log_log(LOG_WARNING, "%s: %s: out of range", + myldap_get_dn(entry), attmap_passwd_uidNumber); continue; } } - if (uid>=nslcd_cfg->ldc_nss_min_uid) + if (uid >= nslcd_cfg->ldc_nss_min_uid) return 1; } /* nothing found */ @@ -217,43 +209,45 @@ static int entry_has_valid_uid(MYLDAP_ENTRY *entry) /* Perform an LDAP lookup to translate the DN into a uid. This function either returns NULL or a strdup()ed string. */ -char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp,char *buf,size_t buflen) +char *lookup_dn2uid(MYLDAP_SESSION *session, const char *dn, int *rcp, + char *buf, size_t buflen) { MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; static const char *attrs[3]; - int rc=LDAP_SUCCESS; + int rc = LDAP_SUCCESS; const char **values; - char *uid=NULL; - if (rcp==NULL) - rcp=&rc; + char *uid = NULL; + if (rcp == NULL) + rcp = &rc; /* we have to look up the entry */ - attrs[0]=attmap_passwd_uid; - attrs[1]=attmap_passwd_uidNumber; - attrs[2]=NULL; - search=myldap_search(session,dn,LDAP_SCOPE_BASE,passwd_filter,attrs,rcp); - if (search==NULL) + attrs[0] = attmap_passwd_uid; + attrs[1] = attmap_passwd_uidNumber; + attrs[2] = NULL; + search = myldap_search(session, dn, LDAP_SCOPE_BASE, passwd_filter, attrs, rcp); + if (search == NULL) { - log_log(LOG_WARNING,"%s: lookup error: %s",dn,ldap_err2string(*rcp)); + log_log(LOG_WARNING, "%s: lookup error: %s", dn, ldap_err2string(*rcp)); return NULL; } - entry=myldap_get_entry(search,rcp); - if (entry==NULL) + entry = myldap_get_entry(search, rcp); + if (entry == NULL) { - if (*rcp!=LDAP_SUCCESS) - log_log(LOG_WARNING,"%s: lookup error: %s",dn,ldap_err2string(*rcp)); + if (*rcp != LDAP_SUCCESS) + log_log(LOG_WARNING, "%s: lookup error: %s", dn, ldap_err2string(*rcp)); return NULL; } /* check the uidNumber attribute if min_uid is set */ if (entry_has_valid_uid(entry)) { /* get uid (just use first one) */ - values=myldap_get_values(entry,attmap_passwd_uid); + values = myldap_get_values(entry, attmap_passwd_uid); /* check the result for presence and validity */ - if ((values!=NULL)&&(values[0]!=NULL)&&isvalidname(values[0])&&(strlen(values[0])<buflen)) + if ((values != NULL) && (values[0] != NULL) && + isvalidname(values[0]) && (strlen(values[0]) < buflen)) { - strcpy(buf,values[0]); - uid=buf; + strcpy(buf, values[0]); + uid = buf; } } /* clean up and return */ @@ -265,15 +259,15 @@ char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp,char *buf,si at getting the user name, including looking in the DN for a uid attribute, looking in the cache and falling back to looking up a uid attribute in a LDAP query. */ -char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen) +char *dn2uid(MYLDAP_SESSION *session, const char *dn, char *buf, size_t buflen) { - struct dn2uid_cache_entry *cacheentry=NULL; + struct dn2uid_cache_entry *cacheentry = NULL; char *uid; /* check for empty string */ - if ((dn==NULL)||(*dn=='\0')) + if ((dn == NULL) || (*dn == '\0')) return NULL; /* try to look up uid within DN string */ - if (myldap_cpy_rdn_value(dn,attmap_passwd_uid,buf,buflen)!=NULL) + if (myldap_cpy_rdn_value(dn, attmap_passwd_uid, buf, buflen) != NULL) { /* check if it is valid */ if (!isvalidname(buf)) @@ -282,17 +276,17 @@ char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen) } /* see if we have a cached entry */ pthread_mutex_lock(&dn2uid_cache_mutex); - if (dn2uid_cache==NULL) - dn2uid_cache=dict_new(); - if ((dn2uid_cache!=NULL) && ((cacheentry=dict_get(dn2uid_cache,dn))!=NULL)) + if (dn2uid_cache == NULL) + dn2uid_cache = dict_new(); + if ((dn2uid_cache != NULL) && ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL)) { /* if the cached entry is still valid, return that */ - if (time(NULL) < (cacheentry->timestamp+DN2UID_CACHE_TIMEOUT)) + if (time(NULL) < (cacheentry->timestamp + DN2UID_CACHE_TIMEOUT)) { - if ((cacheentry->uid!=NULL)&&(strlen(cacheentry->uid)<buflen)) - strcpy(buf,cacheentry->uid); + if ((cacheentry->uid != NULL) && (strlen(cacheentry->uid) < buflen)) + strcpy(buf, cacheentry->uid); else - buf=NULL; + buf = NULL; pthread_mutex_unlock(&dn2uid_cache_mutex); return buf; } @@ -300,33 +294,33 @@ char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen) } pthread_mutex_unlock(&dn2uid_cache_mutex); /* look up the uid using an LDAP query */ - uid=lookup_dn2uid(session,dn,NULL,buf,buflen); + uid = lookup_dn2uid(session, dn, NULL, buf, buflen); /* store the result in the cache */ pthread_mutex_lock(&dn2uid_cache_mutex); /* try to get the entry from the cache here again because it could have changed in the meantime */ - cacheentry=dict_get(dn2uid_cache,dn); - if (cacheentry==NULL) + cacheentry = dict_get(dn2uid_cache, dn); + if (cacheentry == NULL) { /* allocate a new entry in the cache */ - cacheentry=(struct dn2uid_cache_entry *)malloc(sizeof(struct dn2uid_cache_entry)); - if (cacheentry!=NULL) + cacheentry = (struct dn2uid_cache_entry *)malloc(sizeof(struct dn2uid_cache_entry)); + if (cacheentry != NULL) { - cacheentry->uid=NULL; - dict_put(dn2uid_cache,dn,cacheentry); + cacheentry->uid = NULL; + dict_put(dn2uid_cache, dn, cacheentry); } } /* update the cache entry */ - if (cacheentry!=NULL) + if (cacheentry != NULL) { - cacheentry->timestamp=time(NULL); + cacheentry->timestamp = time(NULL); /* copy the uid if needed */ - if (cacheentry->uid==NULL) - cacheentry->uid=uid!=NULL?strdup(uid):NULL; - else if ((uid==NULL)||(strcmp(cacheentry->uid,uid)!=0)) + if (cacheentry->uid == NULL) + cacheentry->uid = uid != NULL ? strdup(uid) : NULL; + else if ((uid == NULL) || (strcmp(cacheentry->uid, uid) != 0)) { free(cacheentry->uid); - cacheentry->uid=uid!=NULL?strdup(uid):NULL; + cacheentry->uid = uid != NULL ? strdup(uid) : NULL; } } pthread_mutex_unlock(&dn2uid_cache_mutex); @@ -334,10 +328,10 @@ char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen) return uid; } -MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp) +MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session, const char *uid, int *rcp) { - MYLDAP_SEARCH *search=NULL; - MYLDAP_ENTRY *entry=NULL; + MYLDAP_SEARCH *search = NULL; + MYLDAP_ENTRY *entry = NULL; const char *base; int i; static const char *attrs[3]; @@ -345,43 +339,43 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp) /* if it isn't a valid username, just bail out now */ if (!isvalidname(uid)) { - if (rcp!=NULL) - *rcp=LDAP_INVALID_SYNTAX; + if (rcp != NULL) + *rcp = LDAP_INVALID_SYNTAX; return NULL; } /* set up attributes (we don't need much) */ - attrs[0]=attmap_passwd_uid; - attrs[1]=attmap_passwd_uidNumber; - attrs[2]=NULL; + attrs[0] = attmap_passwd_uid; + attrs[1] = attmap_passwd_uidNumber; + attrs[2] = NULL; /* we have to look up the entry */ - mkfilter_passwd_byname(uid,filter,sizeof(filter)); - for (i=0;(i<NSS_LDAP_CONFIG_MAX_BASES)&&((base=passwd_bases[i])!=NULL);i++) + mkfilter_passwd_byname(uid, filter, sizeof(filter)); + for (i = 0; (i < NSS_LDAP_CONFIG_MAX_BASES) && ((base = passwd_bases[i]) != NULL); i++) { - search=myldap_search(session,base,passwd_scope,filter,attrs,rcp); - if (search==NULL) + search = myldap_search(session, base, passwd_scope, filter, attrs, rcp); + if (search == NULL) { - if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS)) - *rcp=LDAP_NO_SUCH_OBJECT; + if ((rcp != NULL) && (*rcp == LDAP_SUCCESS)) + *rcp = LDAP_NO_SUCH_OBJECT; return NULL; } - entry=myldap_get_entry(search,rcp); - if ((entry!=NULL)&&(entry_has_valid_uid(entry))) + entry = myldap_get_entry(search, rcp); + if ((entry != NULL) && (entry_has_valid_uid(entry))) return entry; } - if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS)) - *rcp=LDAP_NO_SUCH_OBJECT; + if ((rcp != NULL) && (*rcp == LDAP_SUCCESS)) + *rcp = LDAP_NO_SUCH_OBJECT; return NULL; } -char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen) +char *uid2dn(MYLDAP_SESSION *session, const char *uid, char *buf, size_t buflen) { MYLDAP_ENTRY *entry; /* look up the entry */ - entry=uid2entry(session,uid,NULL); - if (entry==NULL) + entry = uid2entry(session, uid, NULL); + if (entry == NULL) return NULL; /* get DN */ - return myldap_cpy_dn(entry,buf,buflen); + return myldap_cpy_dn(entry, buf, buflen); } #ifndef NSS_FLAVOUR_GLIBC @@ -393,8 +387,8 @@ char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen) /* the maximum number of uidNumber attributes per entry */ #define MAXUIDS_PER_ENTRY 5 -static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, - const uid_t *requid,uid_t calleruid) +static int write_passwd(TFILE *fp, MYLDAP_ENTRY *entry, const char *requser, + const uid_t *requid, uid_t calleruid) { int32_t tmpint32; const char **tmpvalues; @@ -409,133 +403,134 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, char homedir[256]; char shell[64]; char passbuffer[64]; - int i,j; + int i, j; /* get the usernames for this entry */ - usernames=myldap_get_values(entry,attmap_passwd_uid); - if ((usernames==NULL)||(usernames[0]==NULL)) + usernames = myldap_get_values(entry, attmap_passwd_uid); + if ((usernames == NULL) || (usernames[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_passwd_uid); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_passwd_uid); return 0; } /* if we are using shadow maps and this entry looks like it would return shadow information, make the passwd entry indicate it */ - if (myldap_has_objectclass(entry,"shadowAccount")&&nsswitch_shadow_uses_ldap()) + if (myldap_has_objectclass(entry, "shadowAccount") && nsswitch_shadow_uses_ldap()) { - passwd="x"; + passwd = "x"; } else { - passwd=get_userpassword(entry,attmap_passwd_userPassword,passbuffer,sizeof(passbuffer)); - if ((passwd==NULL)||(calleruid!=0)) - passwd=default_passwd_userPassword; + passwd = get_userpassword(entry, attmap_passwd_userPassword, + passbuffer, sizeof(passbuffer)); + if ((passwd == NULL) || (calleruid != 0)) + passwd = default_passwd_userPassword; } /* get the uids for this entry */ - if (requid!=NULL) + if (requid != NULL) { - uids[0]=*requid; - numuids=1; + uids[0] = *requid; + numuids = 1; } else { - tmpvalues=myldap_get_values_len(entry,attmap_passwd_uidNumber); - if ((tmpvalues==NULL)||(tmpvalues[0]==NULL)) + tmpvalues = myldap_get_values_len(entry, attmap_passwd_uidNumber); + if ((tmpvalues == NULL) || (tmpvalues[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_passwd_uidNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_passwd_uidNumber); return 0; } - for (numuids=0;(numuids<MAXUIDS_PER_ENTRY)&&(tmpvalues[numuids]!=NULL);numuids++) + for (numuids = 0; (numuids < MAXUIDS_PER_ENTRY) && (tmpvalues[numuids] != NULL); numuids++) { - if (uidSid!=NULL) - uids[numuids]=(uid_t)binsid2id(tmpvalues[numuids]); + if (uidSid != NULL) + uids[numuids] = (uid_t)binsid2id(tmpvalues[numuids]); else { - errno=0; - uids[numuids]=strtouid(tmpvalues[numuids],&tmp,10); - if ((*(tmpvalues[numuids])=='\0')||(*tmp!='\0')) + errno = 0; + uids[numuids] = strtouid(tmpvalues[numuids], &tmp, 10); + if ((*(tmpvalues[numuids]) == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric", - myldap_get_dn(entry),attmap_passwd_uidNumber); + log_log(LOG_WARNING, "%s: %s: non-numeric", + myldap_get_dn(entry), attmap_passwd_uidNumber); return 0; } - else if ((errno!=0)||(strchr(tmpvalues[numuids],'-')!=NULL)) + else if ((errno != 0) || (strchr(tmpvalues[numuids], '-') != NULL)) { - log_log(LOG_WARNING,"%s: %s: out of range", - myldap_get_dn(entry),attmap_passwd_uidNumber); + log_log(LOG_WARNING, "%s: %s: out of range", + myldap_get_dn(entry), attmap_passwd_uidNumber); return 0; } } } } /* get the gid for this entry */ - if (gidSid!=NULL) + if (gidSid != NULL) { - tmpvalues=myldap_get_values_len(entry,attmap_passwd_gidNumber); - if ((tmpvalues==NULL)||(tmpvalues[0]==NULL)) + tmpvalues = myldap_get_values_len(entry, attmap_passwd_gidNumber); + if ((tmpvalues == NULL) || (tmpvalues[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_passwd_gidNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_passwd_gidNumber); return 0; } - gid=(gid_t)binsid2id(tmpvalues[0]); + gid = (gid_t)binsid2id(tmpvalues[0]); } else { - attmap_get_value(entry,attmap_passwd_gidNumber,gidbuf,sizeof(gidbuf)); - if (gidbuf[0]=='\0') + attmap_get_value(entry, attmap_passwd_gidNumber, gidbuf, sizeof(gidbuf)); + if (gidbuf[0] == '\0') { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_passwd_gidNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_passwd_gidNumber); return 0; } - errno=0; - gid=strtogid(gidbuf,&tmp,10); - if ((gidbuf[0]=='\0')||(*tmp!='\0')) + errno = 0; + gid = strtogid(gidbuf, &tmp, 10); + if ((gidbuf[0] == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric", - myldap_get_dn(entry),attmap_passwd_gidNumber); + log_log(LOG_WARNING, "%s: %s: non-numeric", + myldap_get_dn(entry), attmap_passwd_gidNumber); return 0; } - else if ((errno!=0)||(strchr(gidbuf,'-')!=NULL)) + else if ((errno != 0) || (strchr(gidbuf, '-') != NULL)) { - log_log(LOG_WARNING,"%s: %s: out of range", - myldap_get_dn(entry),attmap_passwd_gidNumber); + log_log(LOG_WARNING, "%s: %s: out of range", + myldap_get_dn(entry), attmap_passwd_gidNumber); return 0; } } /* get the gecos for this entry */ - attmap_get_value(entry,attmap_passwd_gecos,gecos,sizeof(gecos)); + attmap_get_value(entry, attmap_passwd_gecos, gecos, sizeof(gecos)); /* get the home directory for this entry */ - attmap_get_value(entry,attmap_passwd_homeDirectory,homedir,sizeof(homedir)); - if (homedir[0]=='\0') - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_passwd_homeDirectory); + attmap_get_value(entry, attmap_passwd_homeDirectory, homedir, sizeof(homedir)); + if (homedir[0] == '\0') + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_passwd_homeDirectory); /* get the shell for this entry */ - attmap_get_value(entry,attmap_passwd_loginShell,shell,sizeof(shell)); + attmap_get_value(entry, attmap_passwd_loginShell, shell, sizeof(shell)); /* write the entries */ - for (i=0;usernames[i]!=NULL;i++) - if ((requser==NULL)||(STR_CMP(requser,usernames[i])==0)) + for (i = 0; usernames[i] != NULL; i++) + if ((requser == NULL) || (STR_CMP(requser, usernames[i]) == 0)) { if (!isvalidname(usernames[i])) { - log_log(LOG_WARNING,"%s: %s: denied by validnames option", - myldap_get_dn(entry),attmap_passwd_uid); + log_log(LOG_WARNING, "%s: %s: denied by validnames option", + myldap_get_dn(entry), attmap_passwd_uid); } else { - for (j=0;j<numuids;j++) + for (j = 0; j < numuids; j++) { - if (uids[j]>=nslcd_cfg->ldc_nss_min_uid) + if (uids[j] >= nslcd_cfg->ldc_nss_min_uid) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,usernames[i]); - WRITE_STRING(fp,passwd); - WRITE_INT32(fp,uids[j]); - WRITE_INT32(fp,gid); - WRITE_STRING(fp,gecos); - WRITE_STRING(fp,homedir); - WRITE_STRING(fp,shell); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, usernames[i]); + WRITE_STRING(fp, passwd); + WRITE_INT32(fp, uids[j]); + WRITE_INT32(fp, gid); + WRITE_STRING(fp, gecos); + WRITE_STRING(fp, homedir); + WRITE_STRING(fp, shell); } } } @@ -544,47 +539,48 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, } NSLCD_HANDLE_UID( - passwd,byname, + passwd, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("passwd=\"%s\"",name); - if (!isvalidname(name)) { - log_log(LOG_WARNING,"request denied by validnames option"); + READ_STRING(fp, name); + log_setrequest("passwd=\"%s\"", name); + if (!isvalidname(name)) + { + log_log(LOG_WARNING, "request denied by validnames option"); return -1; } nsswitch_check_reload();, NSLCD_ACTION_PASSWD_BYNAME, - mkfilter_passwd_byname(name,filter,sizeof(filter)), - write_passwd(fp,entry,name,NULL,calleruid) + mkfilter_passwd_byname(name, filter, sizeof(filter)), + write_passwd(fp, entry, name, NULL, calleruid) ) NSLCD_HANDLE_UID( - passwd,byuid, + passwd, byuid, uid_t uid; char filter[4096]; - READ_INT32(fp,uid); - log_setrequest("passwd=%lu",(unsigned long int)uid); - if (uid<nslcd_cfg->ldc_nss_min_uid) + READ_INT32(fp, uid); + log_setrequest("passwd=%lu", (unsigned long int)uid); + if (uid < nslcd_cfg->ldc_nss_min_uid) { /* return an empty result */ - WRITE_INT32(fp,NSLCD_VERSION); - WRITE_INT32(fp,NSLCD_ACTION_PASSWD_BYUID); - WRITE_INT32(fp,NSLCD_RESULT_END); + WRITE_INT32(fp, NSLCD_VERSION); + WRITE_INT32(fp, NSLCD_ACTION_PASSWD_BYUID); + WRITE_INT32(fp, NSLCD_RESULT_END); return 0; } nsswitch_check_reload();, NSLCD_ACTION_PASSWD_BYUID, - mkfilter_passwd_byuid(uid,filter,sizeof(filter)), - write_passwd(fp,entry,NULL,&uid,calleruid) + mkfilter_passwd_byuid(uid, filter, sizeof(filter)), + write_passwd(fp, entry, NULL, &uid, calleruid) ) NSLCD_HANDLE_UID( - passwd,all, + passwd, all, const char *filter; log_setrequest("passwd(all)"); nsswitch_check_reload();, NSLCD_ACTION_PASSWD_ALL, - (filter=passwd_filter,0), - write_passwd(fp,entry,NULL,NULL,calleruid) + (filter = passwd_filter, 0), + write_passwd(fp, entry, NULL, NULL, calleruid) ) diff --git a/nslcd/protocol.c b/nslcd/protocol.c index 88813ad..317e9f1 100644 --- a/nslcd/protocol.c +++ b/nslcd/protocol.c @@ -63,49 +63,45 @@ const char *attmap_protocol_ipProtocolNumber = "ipProtocolNumber"; static const char *protocol_attrs[3]; static int mkfilter_protocol_byname(const char *name, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if (myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - protocol_filter, - attmap_protocol_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + protocol_filter, attmap_protocol_cn, safename); } /* create a search filter for searching a protocol entry by uid, return -1 on errors */ static int mkfilter_protocol_bynumber(int protocol, - char *buffer,size_t buflen) + char *buffer, size_t buflen) { - return mysnprintf(buffer,buflen, - "(&%s(%s=%d))", - protocol_filter, - attmap_protocol_ipProtocolNumber,protocol); + return mysnprintf(buffer, buflen, "(&%s(%s=%d))", + protocol_filter, attmap_protocol_ipProtocolNumber, protocol); } void protocol_init(void) { int i; /* set up search bases */ - if (protocol_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - protocol_bases[i]=nslcd_cfg->ldc_bases[i]; + if (protocol_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + protocol_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (protocol_scope==LDAP_SCOPE_DEFAULT) - protocol_scope=nslcd_cfg->ldc_scope; + if (protocol_scope == LDAP_SCOPE_DEFAULT) + protocol_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - protocol_attrs[0]=attmap_protocol_cn; - protocol_attrs[1]=attmap_protocol_ipProtocolNumber; - protocol_attrs[2]=NULL; + protocol_attrs[0] = attmap_protocol_cn; + protocol_attrs[1] = attmap_protocol_ipProtocolNumber; + protocol_attrs[2] = NULL; } -static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) +static int write_protocol(TFILE *fp, MYLDAP_ENTRY *entry, const char *reqname) { - int32_t tmpint32,tmp2int32,tmp3int32; + int32_t tmpint32, tmp2int32, tmp3int32; const char *name; const char **aliases; const char **protos; @@ -113,89 +109,89 @@ static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) long proto; int i; /* get the most canonical name */ - name=myldap_get_rdn_value(entry,attmap_protocol_cn); + name = myldap_get_rdn_value(entry, attmap_protocol_cn); /* get the other names for the protocol */ - aliases=myldap_get_values(entry,attmap_protocol_cn); - if ((aliases==NULL)||(aliases[0]==NULL)) + aliases = myldap_get_values(entry, attmap_protocol_cn); + if ((aliases == NULL) || (aliases[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_protocol_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_protocol_cn); return 0; } /* if the protocol name is not yet found, get the first entry */ - if (name==NULL) - name=aliases[0]; + if (name == NULL) + name = aliases[0]; /* check case of returned protocol entry */ - if ((reqname!=NULL)&&(STR_CMP(reqname,name)!=0)) + if ((reqname != NULL) && (STR_CMP(reqname, name) != 0)) { - for (i=0;(aliases[i]!=NULL)&&(STR_CMP(reqname,aliases[i])!=0);i++) - /* nothing here */ ; - if (aliases[i]==NULL) + for (i = 0; (aliases[i] != NULL) && (STR_CMP(reqname, aliases[i]) != 0); i++) + /* nothing */ ; + if (aliases[i] == NULL) return 0; /* neither the name nor any of the aliases matched */ } /* get the protocol number */ - protos=myldap_get_values(entry,attmap_protocol_ipProtocolNumber); - if ((protos==NULL)||(protos[0]==NULL)) + protos = myldap_get_values(entry, attmap_protocol_ipProtocolNumber); + if ((protos == NULL) || (protos[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_protocol_ipProtocolNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_protocol_ipProtocolNumber); return 0; } - else if (protos[1]!=NULL) + else if (protos[1] != NULL) { - log_log(LOG_WARNING,"%s: %s: multiple values", - myldap_get_dn(entry),attmap_protocol_ipProtocolNumber); + log_log(LOG_WARNING, "%s: %s: multiple values", + myldap_get_dn(entry), attmap_protocol_ipProtocolNumber); } - errno=0; - proto=strtol(protos[0],&tmp,10); - if ((*(protos[0])=='\0')||(*tmp!='\0')) + errno = 0; + proto = strtol(protos[0], &tmp, 10); + if ((*(protos[0]) == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric", - myldap_get_dn(entry),attmap_protocol_ipProtocolNumber); + log_log(LOG_WARNING, "%s: %s: non-numeric", + myldap_get_dn(entry), attmap_protocol_ipProtocolNumber); return 0; } - else if ((errno!=0)||(proto<0)||(proto>UINT8_MAX)) + else if ((errno != 0) || (proto < 0) || (proto > UINT8_MAX)) { - log_log(LOG_WARNING,"%s: %s: out of range", - myldap_get_dn(entry),attmap_protocol_ipProtocolNumber); + log_log(LOG_WARNING, "%s: %s: out of range", + myldap_get_dn(entry), attmap_protocol_ipProtocolNumber); return 0; } /* write entry */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,name); - WRITE_STRINGLIST_EXCEPT(fp,aliases,name); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, name); + WRITE_STRINGLIST_EXCEPT(fp, aliases, name); /* proto number is actually an 8-bit value but we write 32 bits anyway */ - WRITE_INT32(fp,proto); + WRITE_INT32(fp, proto); return 0; } NSLCD_HANDLE( - protocol,byname, + protocol, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("protocol=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("protocol=\"%s\"", name);, NSLCD_ACTION_PROTOCOL_BYNAME, - mkfilter_protocol_byname(name,filter,sizeof(filter)), - write_protocol(fp,entry,name) + mkfilter_protocol_byname(name, filter, sizeof(filter)), + write_protocol(fp, entry, name) ) NSLCD_HANDLE( - protocol,bynumber, + protocol, bynumber, int protocol; char filter[4096]; - READ_INT32(fp,protocol); - log_setrequest("protocol=%lu",(unsigned long int)protocol);, + READ_INT32(fp, protocol); + log_setrequest("protocol=%lu", (unsigned long int)protocol);, NSLCD_ACTION_PROTOCOL_BYNUMBER, - mkfilter_protocol_bynumber(protocol,filter,sizeof(filter)), - write_protocol(fp,entry,NULL) + mkfilter_protocol_bynumber(protocol, filter, sizeof(filter)), + write_protocol(fp, entry, NULL) ) NSLCD_HANDLE( - protocol,all, + protocol, all, const char *filter; log_setrequest("protocol(all)");, NSLCD_ACTION_PROTOCOL_ALL, - (filter=protocol_filter,0), - write_protocol(fp,entry,NULL) + (filter = protocol_filter, 0), + write_protocol(fp, entry, NULL) ) diff --git a/nslcd/rpc.c b/nslcd/rpc.c index 8bb98be..55e9ada 100644 --- a/nslcd/rpc.c +++ b/nslcd/rpc.c @@ -58,55 +58,49 @@ int rpc_scope = LDAP_SCOPE_DEFAULT; const char *rpc_filter = "(objectClass=oncRpc)"; /* the attributes to request with searches */ -const char *attmap_rpc_cn = "cn"; -const char *attmap_rpc_oncRpcNumber = "oncRpcNumber"; +const char *attmap_rpc_cn = "cn"; +const char *attmap_rpc_oncRpcNumber = "oncRpcNumber"; /* the attribute list to request with searches */ static const char *rpc_attrs[3]; -static int mkfilter_rpc_byname(const char *name, - char *buffer,size_t buflen) +static int mkfilter_rpc_byname(const char *name, char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if (myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - rpc_filter, - attmap_rpc_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + rpc_filter, attmap_rpc_cn, safename); } -static int mkfilter_rpc_bynumber(int number, - char *buffer,size_t buflen) +static int mkfilter_rpc_bynumber(int number, char *buffer, size_t buflen) { - return mysnprintf(buffer,buflen, - "(&%s(%s=%d))", - rpc_filter, - attmap_rpc_oncRpcNumber,number); + return mysnprintf(buffer, buflen, "(&%s(%s=%d))", + rpc_filter, attmap_rpc_oncRpcNumber, number); } void rpc_init(void) { int i; /* set up search bases */ - if (rpc_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - rpc_bases[i]=nslcd_cfg->ldc_bases[i]; + if (rpc_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + rpc_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (rpc_scope==LDAP_SCOPE_DEFAULT) - rpc_scope=nslcd_cfg->ldc_scope; + if (rpc_scope == LDAP_SCOPE_DEFAULT) + rpc_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - rpc_attrs[0]=attmap_rpc_cn; - rpc_attrs[1]=attmap_rpc_oncRpcNumber; - rpc_attrs[2]=NULL; + rpc_attrs[0] = attmap_rpc_cn; + rpc_attrs[1] = attmap_rpc_oncRpcNumber; + rpc_attrs[2] = NULL; } /* write a single rpc entry to the stream */ -static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) +static int write_rpc(TFILE *fp, MYLDAP_ENTRY *entry, const char *reqname) { - int32_t tmpint32,tmp2int32,tmp3int32; + int32_t tmpint32, tmp2int32, tmp3int32; const char *name; const char **aliases; const char **numbers; @@ -114,88 +108,88 @@ static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) long number; int i; /* get the most canonical name */ - name=myldap_get_rdn_value(entry,attmap_rpc_cn); + name = myldap_get_rdn_value(entry, attmap_rpc_cn); /* get the other names for the rpc entries */ - aliases=myldap_get_values(entry,attmap_rpc_cn); - if ((aliases==NULL)||(aliases[0]==NULL)) + aliases = myldap_get_values(entry, attmap_rpc_cn); + if ((aliases == NULL) || (aliases[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_rpc_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_rpc_cn); return 0; } /* if the rpc name is not yet found, get the first entry */ - if (name==NULL) - name=aliases[0]; + if (name == NULL) + name = aliases[0]; /* check case of returned rpc entry */ - if ((reqname!=NULL)&&(STR_CMP(reqname,name)!=0)) + if ((reqname != NULL) && (STR_CMP(reqname, name) != 0)) { - for (i=0;(aliases[i]!=NULL)&&(STR_CMP(reqname,aliases[i])!=0);i++) - /* nothing here */ ; - if (aliases[i]==NULL) + for (i = 0; (aliases[i] != NULL) && (STR_CMP(reqname, aliases[i]) != 0); i++) + /* nothing */ ; + if (aliases[i] == NULL) return 0; /* neither the name nor any of the aliases matched */ } /* get the rpc number */ - numbers=myldap_get_values(entry,attmap_rpc_oncRpcNumber); - if ((numbers==NULL)||(numbers[0]==NULL)) + numbers = myldap_get_values(entry, attmap_rpc_oncRpcNumber); + if ((numbers == NULL) || (numbers[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_rpc_oncRpcNumber); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_rpc_oncRpcNumber); return 0; } - else if (numbers[1]!=NULL) + else if (numbers[1] != NULL) { - log_log(LOG_WARNING,"%s: %s: multiple values", - myldap_get_dn(entry),attmap_rpc_oncRpcNumber); + log_log(LOG_WARNING, "%s: %s: multiple values", + myldap_get_dn(entry), attmap_rpc_oncRpcNumber); } - errno=0; - number=strtol(numbers[0],&tmp,10); - if ((*(numbers[0])=='\0')||(*tmp!='\0')) + errno = 0; + number = strtol(numbers[0], &tmp, 10); + if ((*(numbers[0]) == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric", - myldap_get_dn(entry),attmap_rpc_oncRpcNumber); + log_log(LOG_WARNING, "%s: %s: non-numeric", + myldap_get_dn(entry), attmap_rpc_oncRpcNumber); return 0; } - else if ((errno!=0)||(number>UINT32_MAX)) + else if ((errno != 0) || (number > UINT32_MAX)) { - log_log(LOG_WARNING,"%s: %s: out of range", - myldap_get_dn(entry),attmap_rpc_oncRpcNumber); + log_log(LOG_WARNING, "%s: %s: out of range", + myldap_get_dn(entry), attmap_rpc_oncRpcNumber); return 0; } /* write the entry */ - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,name); - WRITE_STRINGLIST_EXCEPT(fp,aliases,name); - WRITE_INT32(fp,number); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, name); + WRITE_STRINGLIST_EXCEPT(fp, aliases, name); + WRITE_INT32(fp, number); return 0; } NSLCD_HANDLE( - rpc,byname, + rpc, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("rpc=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("rpc=\"%s\"", name);, NSLCD_ACTION_RPC_BYNAME, - mkfilter_rpc_byname(name,filter,sizeof(filter)), - write_rpc(fp,entry,name) + mkfilter_rpc_byname(name, filter, sizeof(filter)), + write_rpc(fp, entry, name) ) NSLCD_HANDLE( - rpc,bynumber, + rpc, bynumber, int number; char filter[4096]; - READ_INT32(fp,number); - log_setrequest("rpc=%lu",(unsigned long int)number);, + READ_INT32(fp, number); + log_setrequest("rpc=%lu", (unsigned long int)number);, NSLCD_ACTION_RPC_BYNUMBER, - mkfilter_rpc_bynumber(number,filter,sizeof(filter)), - write_rpc(fp,entry,NULL) + mkfilter_rpc_bynumber(number, filter, sizeof(filter)), + write_rpc(fp, entry, NULL) ) NSLCD_HANDLE( - rpc,all, + rpc, all, const char *filter; log_setrequest("rpc(all)");, NSLCD_ACTION_RPC_ALL, - (filter=rpc_filter,0), - write_rpc(fp,entry,NULL) + (filter = rpc_filter, 0), + write_rpc(fp, entry, NULL) ) diff --git a/nslcd/service.c b/nslcd/service.c index 05203b0..fb5eeae 100644 --- a/nslcd/service.c +++ b/nslcd/service.c @@ -65,75 +65,65 @@ const char *attmap_service_ipServiceProtocol = "ipServiceProtocol"; /* the attribute list to request with searches */ static const char *service_attrs[4]; -static int mkfilter_service_byname(const char *name, - const char *protocol, - char *buffer,size_t buflen) +static int mkfilter_service_byname(const char *name, const char *protocol, + char *buffer, size_t buflen) { - char safename[300],safeprotocol[300]; + char safename[300], safeprotocol[300]; /* escape attributes */ - if (myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - if (*protocol!='\0') + if (*protocol != '\0') { - if (myldap_escape(protocol,safeprotocol,sizeof(safeprotocol))) + if (myldap_escape(protocol, safeprotocol, sizeof(safeprotocol))) return -1; - return mysnprintf(buffer,buflen, - "(&%s(%s=%s)(%s=%s))", - service_filter, - attmap_service_cn,safename, - attmap_service_ipServiceProtocol,safeprotocol); + return mysnprintf(buffer, buflen, "(&%s(%s=%s)(%s=%s))", + service_filter, attmap_service_cn, safename, + attmap_service_ipServiceProtocol, safeprotocol); } else - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - service_filter, - attmap_service_cn,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + service_filter, attmap_service_cn, safename); } -static int mkfilter_service_bynumber(int number, - const char *protocol, - char *buffer,size_t buflen) +static int mkfilter_service_bynumber(int number, const char *protocol, + char *buffer, size_t buflen) { char safeprotocol[300]; - if (*protocol!='\0') + if (*protocol != '\0') { - if (myldap_escape(protocol,safeprotocol,sizeof(safeprotocol))) + if (myldap_escape(protocol, safeprotocol, sizeof(safeprotocol))) return -1; - return mysnprintf(buffer,buflen, - "(&%s(%s=%d)(%s=%s))", - service_filter, - attmap_service_ipServicePort,number, - attmap_service_ipServiceProtocol,safeprotocol); + return mysnprintf(buffer, buflen, "(&%s(%s=%d)(%s=%s))", + service_filter, attmap_service_ipServicePort, number, + attmap_service_ipServiceProtocol, safeprotocol); } else - return mysnprintf(buffer,buflen, - "(&%s(%s=%d))", - service_filter, - attmap_service_ipServicePort,number); + return mysnprintf(buffer, buflen, "(&%s(%s=%d))", + service_filter, attmap_service_ipServicePort, number); } void service_init(void) { int i; /* set up search bases */ - if (service_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - service_bases[i]=nslcd_cfg->ldc_bases[i]; + if (service_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + service_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (service_scope==LDAP_SCOPE_DEFAULT) - service_scope=nslcd_cfg->ldc_scope; + if (service_scope == LDAP_SCOPE_DEFAULT) + service_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - service_attrs[0]=attmap_service_cn; - service_attrs[1]=attmap_service_ipServicePort; - service_attrs[2]=attmap_service_ipServiceProtocol; - service_attrs[3]=NULL; + service_attrs[0] = attmap_service_cn; + service_attrs[1] = attmap_service_ipServicePort; + service_attrs[2] = attmap_service_ipServiceProtocol; + service_attrs[3] = NULL; } -static int write_service(TFILE *fp,MYLDAP_ENTRY *entry, - const char *reqname,const char *reqprotocol) +static int write_service(TFILE *fp, MYLDAP_ENTRY *entry, + const char *reqname, const char *reqprotocol) { - int32_t tmpint32,tmp2int32,tmp3int32; + int32_t tmpint32, tmp2int32, tmp3int32; const char *name; const char **aliases; const char **ports; @@ -142,106 +132,107 @@ static int write_service(TFILE *fp,MYLDAP_ENTRY *entry, long port; int i; /* get the most canonical name */ - name=myldap_get_rdn_value(entry,attmap_service_cn); + name = myldap_get_rdn_value(entry, attmap_service_cn); /* get the other names for the service entries */ - aliases=myldap_get_values(entry,attmap_service_cn); - if ((aliases==NULL)||(aliases[0]==NULL)) + aliases = myldap_get_values(entry, attmap_service_cn); + if ((aliases == NULL) || (aliases[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_service_cn); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_service_cn); return 0; } /* if the service name is not yet found, get the first entry */ - if (name==NULL) - name=aliases[0]; + if (name == NULL) + name = aliases[0]; /* check case of returned servies entry */ - if ((reqname!=NULL)&&(STR_CMP(reqname,name)!=0)) + if ((reqname != NULL) && (STR_CMP(reqname, name) != 0)) { - for (i=0;(aliases[i]!=NULL)&&(STR_CMP(reqname,aliases[i])!=0);i++) - /* nothing here */ ; - if (aliases[i]==NULL) + for (i = 0; (aliases[i] != NULL) && (STR_CMP(reqname, aliases[i]) != 0); i++) + /* nothing */ ; + if (aliases[i] == NULL) return 0; /* neither the name nor any of the aliases matched */ } /* get the service number */ - ports=myldap_get_values(entry,attmap_service_ipServicePort); - if ((ports==NULL)||(ports[0]==NULL)) + ports = myldap_get_values(entry, attmap_service_ipServicePort); + if ((ports == NULL) || (ports[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_service_ipServicePort); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_service_ipServicePort); return 0; } - else if (ports[1]!=NULL) + else if (ports[1] != NULL) { - log_log(LOG_WARNING,"%s: %s: multiple values", - myldap_get_dn(entry),attmap_service_ipServicePort); + log_log(LOG_WARNING, "%s: %s: multiple values", + myldap_get_dn(entry), attmap_service_ipServicePort); } - errno=0; - port=strtol(ports[0],&tmp,10); - if ((*(ports[0])=='\0')||(*tmp!='\0')) + errno = 0; + port = strtol(ports[0], &tmp, 10); + if ((*(ports[0]) == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric value", - myldap_get_dn(entry),attmap_service_ipServicePort); + log_log(LOG_WARNING, "%s: %s: non-numeric value", + myldap_get_dn(entry), attmap_service_ipServicePort); return 0; } - else if ((errno!=0)||(port<=0)||(port>UINT16_MAX)) + else if ((errno != 0) || (port <= 0) || (port > UINT16_MAX)) { - log_log(LOG_WARNING,"%s: %s: out of range", - myldap_get_dn(entry),attmap_service_ipServicePort); + log_log(LOG_WARNING, "%s: %s: out of range", + myldap_get_dn(entry), attmap_service_ipServicePort); return 0; } /* get protocols */ - protocols=myldap_get_values(entry,attmap_service_ipServiceProtocol); - if ((protocols==NULL)||(protocols[0]==NULL)) + protocols = myldap_get_values(entry, attmap_service_ipServiceProtocol); + if ((protocols == NULL) || (protocols[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_service_ipServiceProtocol); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_service_ipServiceProtocol); return 0; } /* write the entries */ - for (i=0;protocols[i]!=NULL;i++) - if ((reqprotocol==NULL)||(*reqprotocol=='\0')||(STR_CMP(reqprotocol,protocols[i])==0)) + for (i = 0; protocols[i] != NULL; i++) + if ((reqprotocol == NULL) || (*reqprotocol == '\0') || + (STR_CMP(reqprotocol, protocols[i]) == 0)) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,name); - WRITE_STRINGLIST_EXCEPT(fp,aliases,name); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, name); + WRITE_STRINGLIST_EXCEPT(fp, aliases, name); /* port number is actually a 16-bit value but we write 32 bits anyway */ - WRITE_INT32(fp,port); - WRITE_STRING(fp,protocols[i]); + WRITE_INT32(fp, port); + WRITE_STRING(fp, protocols[i]); } return 0; } NSLCD_HANDLE( - service,byname, + service, byname, char name[256]; char protocol[256]; char filter[4096]; - READ_STRING(fp,name); - READ_STRING(fp,protocol); - log_setrequest("service=\"%s\"/%s",name,protocol);, + READ_STRING(fp, name); + READ_STRING(fp, protocol); + log_setrequest("service=\"%s\"/%s", name, protocol);, NSLCD_ACTION_SERVICE_BYNAME, - mkfilter_service_byname(name,protocol,filter,sizeof(filter)), - write_service(fp,entry,name,protocol) + mkfilter_service_byname(name, protocol, filter, sizeof(filter)), + write_service(fp, entry, name, protocol) ) NSLCD_HANDLE( - service,bynumber, + service, bynumber, int number; char protocol[256]; char filter[4096]; - READ_INT32(fp,number); - READ_STRING(fp,protocol); - log_setrequest("service=%lu/%s",(unsigned long int)number,protocol);, + READ_INT32(fp, number); + READ_STRING(fp, protocol); + log_setrequest("service=%lu/%s", (unsigned long int)number, protocol);, NSLCD_ACTION_SERVICE_BYNUMBER, - mkfilter_service_bynumber(number,protocol,filter,sizeof(filter)), - write_service(fp,entry,NULL,protocol) + mkfilter_service_bynumber(number, protocol, filter, sizeof(filter)), + write_service(fp, entry, NULL, protocol) ) NSLCD_HANDLE( - service,all, + service, all, const char *filter; log_setrequest("service(all)");, NSLCD_ACTION_SERVICE_ALL, - (filter=service_filter,0), - write_service(fp,entry,NULL,NULL) + (filter = service_filter, 0), + write_service(fp, entry, NULL, NULL) ) diff --git a/nslcd/shadow.c b/nslcd/shadow.c index 2cb920d..e88ec4b 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -65,23 +65,20 @@ const char *attmap_shadow_shadowExpire = "\"${shadowExpire:--1}\""; const char *attmap_shadow_shadowFlag = "\"${shadowFlag:-0}\""; /* default values for attributes */ -static const char *default_shadow_userPassword = "*"; /* unmatchable */ +static const char *default_shadow_userPassword = "*"; /* unmatchable */ /* the attribute list to request with searches */ -static const char **shadow_attrs=NULL; +static const char **shadow_attrs = NULL; -static int mkfilter_shadow_byname(const char *name, - char *buffer,size_t buflen) +static int mkfilter_shadow_byname(const char *name, char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if(myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - shadow_filter, - attmap_shadow_uid,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + shadow_filter, attmap_shadow_uid, safename); } void shadow_init(void) @@ -89,72 +86,72 @@ void shadow_init(void) int i; SET *set; /* set up search bases */ - if (shadow_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - shadow_bases[i]=nslcd_cfg->ldc_bases[i]; + if (shadow_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + shadow_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (shadow_scope==LDAP_SCOPE_DEFAULT) - shadow_scope=nslcd_cfg->ldc_scope; + if (shadow_scope == LDAP_SCOPE_DEFAULT) + shadow_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - set=set_new(); - attmap_add_attributes(set,attmap_shadow_uid); - attmap_add_attributes(set,attmap_shadow_userPassword); - attmap_add_attributes(set,attmap_shadow_shadowLastChange); - attmap_add_attributes(set,attmap_shadow_shadowMax); - attmap_add_attributes(set,attmap_shadow_shadowMin); - attmap_add_attributes(set,attmap_shadow_shadowWarning); - attmap_add_attributes(set,attmap_shadow_shadowInactive); - attmap_add_attributes(set,attmap_shadow_shadowExpire); - attmap_add_attributes(set,attmap_shadow_shadowFlag); - shadow_attrs=set_tolist(set); + set = set_new(); + attmap_add_attributes(set, attmap_shadow_uid); + attmap_add_attributes(set, attmap_shadow_userPassword); + attmap_add_attributes(set, attmap_shadow_shadowLastChange); + attmap_add_attributes(set, attmap_shadow_shadowMax); + attmap_add_attributes(set, attmap_shadow_shadowMin); + attmap_add_attributes(set, attmap_shadow_shadowWarning); + attmap_add_attributes(set, attmap_shadow_shadowInactive); + attmap_add_attributes(set, attmap_shadow_shadowExpire); + attmap_add_attributes(set, attmap_shadow_shadowFlag); + shadow_attrs = set_tolist(set); set_free(set); } -static long to_date(const char *dn,const char *date,const char *attr) +static long to_date(const char *dn, const char *date, const char *attr) { char buffer[32]; long value; char *tmp; size_t l; /* do some special handling for date values on AD */ - if (strcasecmp(attr,"pwdLastSet")==0) + if (strcasecmp(attr, "pwdLastSet") == 0) { /* we expect an AD 64-bit datetime value; we should do date=date/864000000000-134774 but that causes problems on 32-bit platforms, first we devide by 1000000000 by stripping the last 9 digits from the string and going from there */ - l=strlen(date)-9; - if (l>(sizeof(buffer)-1)) + l = strlen(date) - 9; + if (l > (sizeof(buffer) - 1)) return -1; /* error */ - strncpy(buffer,date,l); - buffer[l]='\0'; - errno=0; - value=strtol(date,&tmp,10); - if ((*date=='\0')||(*tmp!='\0')) + strncpy(buffer, date, l); + buffer[l] = '\0'; + errno = 0; + value = strtol(date, &tmp, 10); + if ((*date == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric",dn,attr); + log_log(LOG_WARNING, "%s: %s: non-numeric", dn, attr); return -1; } - else if (errno!=0) + else if (errno != 0) { - log_log(LOG_WARNING,"%s: %s: out of range",dn,attr); + log_log(LOG_WARNING, "%s: %s: out of range", dn, attr); return -1; } - return value/864-134774; + return value / 864 - 134774; /* note that AD does not have expiry dates but a lastchangeddate and some value that needs to be added */ } - errno=0; - value=strtol(date,&tmp,10); - if ((*date=='\0')||(*tmp!='\0')) + errno = 0; + value = strtol(date, &tmp, 10); + if ((*date == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric",dn,attr); + log_log(LOG_WARNING, "%s: %s: non-numeric", dn, attr); return -1; } - else if (errno!=0) + else if (errno != 0) { - log_log(LOG_WARNING,"%s: %s: out of range",dn,attr); + log_log(LOG_WARNING, "%s: %s: out of range", dn, attr); return -1; } return value; @@ -164,55 +161,58 @@ static long to_date(const char *dn,const char *date,const char *attr) #define UF_DONT_EXPIRE_PASSWD 0x10000 #endif -#define GET_OPTIONAL_LONG(var,att,fallback) \ - tmpvalue=attmap_get_value(entry,attmap_shadow_##att,buffer,sizeof(buffer)); \ - if (tmpvalue==NULL) \ - tmpvalue=""; \ - errno=0; \ - var=strtol(tmpvalue,&tmp,10); \ - if ((*(tmpvalue)=='\0')||(*tmp!='\0')) \ - { \ - log_log(LOG_WARNING,"%s: %s: non-numeric", \ - myldap_get_dn(entry),attmap_shadow_##att); \ - var=fallback; \ - } \ - else if (errno!=0) \ - { \ - log_log(LOG_WARNING,"%s: %s: out of range", \ - myldap_get_dn(entry),attmap_shadow_##att); \ - var=fallback; \ +#define GET_OPTIONAL_LONG(var, att, fallback) \ + tmpvalue = attmap_get_value(entry, attmap_shadow_##att, \ + buffer, sizeof(buffer)); \ + if (tmpvalue == NULL) \ + tmpvalue = ""; \ + errno = 0; \ + var = strtol(tmpvalue, &tmp, 10); \ + if ((*(tmpvalue) == '\0') || (*tmp != '\0')) \ + { \ + log_log(LOG_WARNING, "%s: %s: non-numeric", \ + myldap_get_dn(entry), attmap_shadow_##att); \ + var = fallback; \ + } \ + else if (errno != 0) \ + { \ + log_log(LOG_WARNING, "%s: %s: out of range", \ + myldap_get_dn(entry), attmap_shadow_##att); \ + var = fallback; \ } -void get_shadow_properties(MYLDAP_ENTRY *entry,long *lastchangedate, - long *mindays,long *maxdays,long *warndays, - long *inactdays,long *expiredate,unsigned long *flag) +void get_shadow_properties(MYLDAP_ENTRY *entry, long *lastchangedate, + long *mindays, long *maxdays, long *warndays, + long *inactdays, long *expiredate, + unsigned long *flag) { char buffer[64]; const char *tmpvalue; char *tmp; /* get lastchange date */ - tmpvalue=attmap_get_value(entry,attmap_shadow_shadowLastChange,buffer,sizeof(buffer)); - if (tmpvalue==NULL) - tmpvalue=""; - *lastchangedate=to_date(myldap_get_dn(entry),tmpvalue,attmap_shadow_shadowLastChange); + tmpvalue = attmap_get_value(entry, attmap_shadow_shadowLastChange, + buffer, sizeof(buffer)); + if (tmpvalue == NULL) + tmpvalue = ""; + *lastchangedate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowLastChange); /* get other shadow properties */ - GET_OPTIONAL_LONG(*mindays,shadowMin,-1); - GET_OPTIONAL_LONG(*maxdays,shadowMax,-1); - GET_OPTIONAL_LONG(*warndays,shadowWarning,-1); - GET_OPTIONAL_LONG(*inactdays,shadowInactive,-1); - GET_OPTIONAL_LONG(*expiredate,shadowExpire,-1); - GET_OPTIONAL_LONG(*flag,shadowFlag,0); + GET_OPTIONAL_LONG(*mindays, shadowMin, -1); + GET_OPTIONAL_LONG(*maxdays, shadowMax, -1); + GET_OPTIONAL_LONG(*warndays, shadowWarning, -1); + GET_OPTIONAL_LONG(*inactdays, shadowInactive, -1); + GET_OPTIONAL_LONG(*expiredate, shadowExpire, -1); + GET_OPTIONAL_LONG(*flag, shadowFlag, 0); /* if we're using AD handle the flag specially */ - if (strcasecmp(attmap_shadow_shadowLastChange,"pwdLastSet")==0) + if (strcasecmp(attmap_shadow_shadowLastChange, "pwdLastSet") == 0) { - if (*flag&UF_DONT_EXPIRE_PASSWD) - *maxdays=-1; - *flag=0; + if (*flag & UF_DONT_EXPIRE_PASSWD) + *maxdays = -1; + *flag = 0; } } /* try to update the shadowLastChange attribute of the entry if possible */ -int update_lastchange(MYLDAP_SESSION *session,const char *userdn) +int update_lastchange(MYLDAP_SESSION *session, const char *userdn) { MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; @@ -220,63 +220,64 @@ int update_lastchange(MYLDAP_SESSION *session,const char *userdn) const char *attr; int rc; const char **values; - LDAPMod mod,*mods[2]; - char buffer[64],*strvals[2]; + LDAPMod mod, *mods[2]; + char buffer[64], *strvals[2]; /* find the name of the attribute to use */ - if ( (attmap_shadow_shadowLastChange==NULL) || (attmap_shadow_shadowLastChange[0]=='\0') ) + if ((attmap_shadow_shadowLastChange == NULL) || (attmap_shadow_shadowLastChange[0] == '\0')) return LDAP_LOCAL_ERROR; /* attribute not mapped at all */ - else if (strcmp(attmap_shadow_shadowLastChange,"\"${shadowLastChange:--1}\"")==0) - attr="shadowLastChange"; - else if (attmap_shadow_shadowLastChange[0]=='\"') + else if (strcmp(attmap_shadow_shadowLastChange, "\"${shadowLastChange:--1}\"") == 0) + attr = "shadowLastChange"; + else if (attmap_shadow_shadowLastChange[0] == '\"') return LDAP_LOCAL_ERROR; /* other expressions not supported for now */ else - attr=attmap_shadow_shadowLastChange; + attr = attmap_shadow_shadowLastChange; /* set up the attributes we need */ - attrs[0]=attmap_shadow_uid; - attrs[1]=attr; - attrs[2]=NULL; + attrs[0] = attmap_shadow_uid; + attrs[1] = attr; + attrs[2] = NULL; /* find the entry to see if the attribute is present */ - search=myldap_search(session,userdn,LDAP_SCOPE_BASE,shadow_filter,attrs,&rc); - if (search==NULL) + search = myldap_search(session, userdn, LDAP_SCOPE_BASE, shadow_filter, attrs, &rc); + if (search == NULL) return rc; - entry=myldap_get_entry(search,&rc); - if (entry==NULL) + entry = myldap_get_entry(search, &rc); + if (entry == NULL) return rc; - values=myldap_get_values(entry,attr); - if ((values==NULL)||(values[0]==NULL)||(values[0][0]=='\0')) + values = myldap_get_values(entry, attr); + if ((values == NULL) || (values[0] == NULL) || (values[0][0] == '\0')) return LDAP_NO_SUCH_ATTRIBUTE; /* build the value for the new attribute */ - if (strcasecmp(attr,"pwdLastSet")==0) + if (strcasecmp(attr, "pwdLastSet") == 0) { /* for AD we use another timestamp */ - if(mysnprintf(buffer,sizeof(buffer),"%ld000000000",((long int)time(NULL)/100L+(134774L*864L)))) + if (mysnprintf(buffer, sizeof(buffer), "%ld000000000", + ((long int)time(NULL) / 100L + (134774L * 864L)))) return LDAP_LOCAL_ERROR; } else { /* time in days since Jan 1, 1970 */ - if(mysnprintf(buffer,sizeof(buffer),"%ld",((long int)(time(NULL)/(long int)(60*60*24))))) + if (mysnprintf(buffer, sizeof(buffer), "%ld", + ((long int)(time(NULL) / (long int)(60 * 60 * 24))))) return LDAP_LOCAL_ERROR; } /* update the shadowLastChange attribute */ - strvals[0]=buffer; - strvals[1]=NULL; - mod.mod_op=LDAP_MOD_REPLACE; - mod.mod_type=(char *)attr; - mod.mod_values=strvals; - mods[0]=&mod; - mods[1]=NULL; - rc=myldap_modify(session,userdn,mods); - if (rc!=LDAP_SUCCESS) - log_log(LOG_WARNING,"%s: %s: modification failed: %s", - userdn,attr,ldap_err2string(rc)); + strvals[0] = buffer; + strvals[1] = NULL; + mod.mod_op = LDAP_MOD_REPLACE; + mod.mod_type = (char *)attr; + mod.mod_values = strvals; + mods[0] = &mod; + mods[1] = NULL; + rc = myldap_modify(session, userdn, mods); + if (rc != LDAP_SUCCESS) + log_log(LOG_WARNING, "%s: %s: modification failed: %s", + userdn, attr, ldap_err2string(rc)); else - log_log(LOG_DEBUG,"%s: %s: modification succeeded", - userdn,attr); + log_log(LOG_DEBUG, "%s: %s: modification succeeded", userdn, attr); return rc; } -static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) +static int write_shadow(TFILE *fp, MYLDAP_ENTRY *entry, const char *requser) { int32_t tmpint32; const char **usernames; @@ -291,88 +292,90 @@ static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) int i; char passbuffer[64]; /* get username */ - usernames=myldap_get_values(entry,attmap_shadow_uid); - if ((usernames==NULL)||(usernames[0]==NULL)) + usernames = myldap_get_values(entry, attmap_shadow_uid); + if ((usernames == NULL) || (usernames[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_shadow_uid); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_shadow_uid); return 0; } /* get password */ - passwd=get_userpassword(entry,attmap_shadow_userPassword,passbuffer,sizeof(passbuffer)); - if (passwd==NULL) - passwd=default_shadow_userPassword; + passwd = get_userpassword(entry, attmap_shadow_userPassword, + passbuffer, sizeof(passbuffer)); + if (passwd == NULL) + passwd = default_shadow_userPassword; /* get expiry properties */ - get_shadow_properties(entry,&lastchangedate,&mindays,&maxdays,&warndays, - &inactdays,&expiredate,&flag); + get_shadow_properties(entry, &lastchangedate, &mindays, &maxdays, &warndays, + &inactdays, &expiredate, &flag); /* write the entries */ - for (i=0;usernames[i]!=NULL;i++) - if ((requser==NULL)||(STR_CMP(requser,usernames[i])==0)) + for (i = 0; usernames[i] != NULL; i++) + if ((requser == NULL) || (STR_CMP(requser, usernames[i]) == 0)) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,usernames[i]); - WRITE_STRING(fp,passwd); - WRITE_INT32(fp,lastchangedate); - WRITE_INT32(fp,mindays); - WRITE_INT32(fp,maxdays); - WRITE_INT32(fp,warndays); - WRITE_INT32(fp,inactdays); - WRITE_INT32(fp,expiredate); - WRITE_INT32(fp,flag); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, usernames[i]); + WRITE_STRING(fp, passwd); + WRITE_INT32(fp, lastchangedate); + WRITE_INT32(fp, mindays); + WRITE_INT32(fp, maxdays); + WRITE_INT32(fp, warndays); + WRITE_INT32(fp, inactdays); + WRITE_INT32(fp, expiredate); + WRITE_INT32(fp, flag); } return 0; } -MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session,const char *username,int *rcp) +MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session, const char *username, + int *rcp) { - MYLDAP_SEARCH *search=NULL; - MYLDAP_ENTRY *entry=NULL; + MYLDAP_SEARCH *search = NULL; + MYLDAP_ENTRY *entry = NULL; const char *base; char filter[4096]; int i; /* if it isn't a valid username, just bail out now */ if (!isvalidname(username)) { - if (rcp!=NULL) - *rcp=LDAP_INVALID_SYNTAX; + if (rcp != NULL) + *rcp = LDAP_INVALID_SYNTAX; return NULL; } /* we have to look up the entry */ - mkfilter_shadow_byname(username,filter,sizeof(filter)); - for (i=0;(i<NSS_LDAP_CONFIG_MAX_BASES)&&((base=shadow_bases[i])!=NULL);i++) + mkfilter_shadow_byname(username, filter, sizeof(filter)); + for (i = 0; (i < NSS_LDAP_CONFIG_MAX_BASES) && ((base = shadow_bases[i]) != NULL); i++) { - search=myldap_search(session,base,shadow_scope,filter,shadow_attrs,rcp); - if (search==NULL) + search = myldap_search(session, base, shadow_scope, filter, shadow_attrs, rcp); + if (search == NULL) { - if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS)) - *rcp=LDAP_NO_SUCH_OBJECT; + if ((rcp != NULL) && (*rcp == LDAP_SUCCESS)) + *rcp = LDAP_NO_SUCH_OBJECT; return NULL; } - entry=myldap_get_entry(search,rcp); - if (entry!=NULL) + entry = myldap_get_entry(search, rcp); + if (entry != NULL) return entry; } - if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS)) - *rcp=LDAP_NO_SUCH_OBJECT; + if ((rcp != NULL) && (*rcp == LDAP_SUCCESS)) + *rcp = LDAP_NO_SUCH_OBJECT; return NULL; } NSLCD_HANDLE( - shadow,byname, + shadow, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("shadow=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("shadow=\"%s\"", name);, NSLCD_ACTION_SHADOW_BYNAME, - mkfilter_shadow_byname(name,filter,sizeof(filter)), - write_shadow(fp,entry,name) + mkfilter_shadow_byname(name, filter, sizeof(filter)), + write_shadow(fp, entry, name) ) NSLCD_HANDLE( - shadow,all, + shadow, all, const char *filter; log_setrequest("shadow(all)");, NSLCD_ACTION_SHADOW_ALL, - (filter=shadow_filter,0), - write_shadow(fp,entry,NULL) + (filter = shadow_filter, 0), + write_shadow(fp, entry, NULL) ) |