From b5155616d79c27928e07c6596750dff6d7726564 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sun, 30 Dec 2012 14:13:35 +0000 Subject: reorganise and rename configuration options to be in line with manual page git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1888 ef36b2f9-881f-0410-afb5-c4e39611909c --- nslcd/cfg.c | 53 ++++++++++++----------- nslcd/cfg.h | 118 ++++++++++++++++++++-------------------------------- nslcd/myldap.c | 12 +++--- nslcd/pam.c | 6 +-- tests/test_cfg.c | 2 +- tests/test_myldap.c | 6 +-- 6 files changed, 84 insertions(+), 113 deletions(-) diff --git a/nslcd/cfg.c b/nslcd/cfg.c index 27816ca..31ec1fb 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -92,17 +92,16 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->uidname = NULL; cfg->uid = NOUID; cfg->gid = NOGID; - cfg->ignorecase = 0; - for (i = 0; i < (NSS_LDAP_CONFIG_URI_MAX + 1); i++) + for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++) { cfg->uris[i].uri = NULL; cfg->uris[i].firstfail = 0; cfg->uris[i].lastfail = 0; } #ifdef LDAP_VERSION3 - cfg->version = LDAP_VERSION3; + cfg->ldap_version = LDAP_VERSION3; #else /* LDAP_VERSION3 */ - cfg->version = LDAP_VERSION2; + cfg->ldap_version = LDAP_VERSION2; #endif /* not LDAP_VERSION3 */ cfg->binddn = NULL; cfg->bindpw = NULL; @@ -127,18 +126,19 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->reconnect_sleeptime = 1; cfg->reconnect_retrytime = 10; #ifdef LDAP_OPT_X_TLS - cfg->ssl_on = SSL_OFF; + cfg->ssl = SSL_OFF; #endif /* LDAP_OPT_X_TLS */ - cfg->restart = 1; cfg->pagesize = 0; cfg->nss_initgroups_ignoreusers = NULL; - for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++) - cfg->pam_authz_search[i] = NULL; cfg->nss_min_uid = 0; parse_validnames_statement(__FILE__, __LINE__, "", "/^[a-z0-9._@$][a-z0-9._@$ \\~-]*[a-z0-9._@$~-]$/i", cfg); + cfg->ignorecase = 0; + for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++) + cfg->pam_authz_searches[i] = NULL; cfg->pam_password_prohibit_message = NULL; + cfg->restart = 1; } /* simple strdup wrapper */ @@ -169,7 +169,7 @@ static void add_uri(const char *filename, int lnr, for (i = 0; cfg->uris[i].uri != NULL; i++) /* nothing */ ; /* check for room */ - if (i >= NSS_LDAP_CONFIG_URI_MAX) + if (i >= NSS_LDAP_CONFIG_MAX_URIS) { log_log(LOG_ERR, "%s:%d: maximum number of URIs exceeded", filename, lnr); @@ -839,7 +839,7 @@ static void parse_pam_authz_search_statement( check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); /* find free spot for search filter */ for (i = 0; - (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->pam_authz_search[i] != NULL); + (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->pam_authz_searches[i] != NULL); i++) /* nothing */ ; if (i >= NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) @@ -848,9 +848,9 @@ static void parse_pam_authz_search_statement( filename, lnr, NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES); exit(EXIT_FAILURE); } - cfg->pam_authz_search[i] = xstrdup(line); + cfg->pam_authz_searches[i] = xstrdup(line); /* check the variables used in the expression */ - set = expr_vars(cfg->pam_authz_search[i], NULL); + set = expr_vars(cfg->pam_authz_searches[i], NULL); list = set_tolist(set); for (i = 0; list[i] != NULL; i++) { @@ -931,11 +931,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) get_gid(filename, lnr, keyword, &line, &cfg->gid); get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword, "ignorecase") == 0) - { - get_boolean(filename, lnr, keyword, &line, &cfg->ignorecase); - get_eol(filename, lnr, keyword, &line); - } /* general connection options */ else if (strcasecmp(keyword, "uri") == 0) { @@ -970,7 +965,7 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) } else if (strcasecmp(keyword, "ldap_version") == 0) { - get_int(filename, lnr, keyword, &line, &cfg->version); + get_int(filename, lnr, keyword, &line, &cfg->ldap_version); get_eol(filename, lnr, keyword, &line); } else if (strcasecmp(keyword, "binddn") == 0) @@ -1125,9 +1120,9 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) (get_token(&line, token, sizeof(token)) != NULL)); if ((strcasecmp(token, "start_tls") == 0) || (strcasecmp(token, "starttls") == 0)) - cfg->ssl_on = SSL_START_TLS; + cfg->ssl = SSL_START_TLS; else if (parse_boolean(filename, lnr, token)) - cfg->ssl_on = SSL_LDAPS; + cfg->ssl = SSL_LDAPS; get_eol(filename, lnr, keyword, &line); } else if ((strcasecmp(keyword, "tls_reqcert") == 0) || @@ -1219,10 +1214,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) parse_nss_initgroups_ignoreusers_statement(filename, lnr, keyword, line, cfg); } - else if (strcasecmp(keyword, "pam_authz_search") == 0) - { - parse_pam_authz_search_statement(filename, lnr, keyword, line, cfg); - } else if (strcasecmp(keyword, "nss_min_uid") == 0) { get_uid(filename, lnr, keyword, &line, &cfg->nss_min_uid, NULL, NULL); @@ -1232,6 +1223,15 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) { parse_validnames_statement(filename, lnr, keyword, line, cfg); } + else if (strcasecmp(keyword, "ignorecase") == 0) + { + get_boolean(filename, lnr, keyword, &line, &cfg->ignorecase); + get_eol(filename, lnr, keyword, &line); + } + else if (strcasecmp(keyword, "pam_authz_search") == 0) + { + parse_pam_authz_search_statement(filename, lnr, keyword, line, cfg); + } else if (strcasecmp(keyword, "pam_password_prohibit_message") == 0) { parse_pam_password_prohibit_message_statement(filename, lnr, keyword, @@ -1241,8 +1241,7 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) /* fallthrough */ else { - log_log(LOG_ERR, "%s:%d: unknown keyword: '%s'", - filename, lnr, keyword); + log_log(LOG_ERR, "%s:%d: unknown keyword: '%s'", filename, lnr, keyword); exit(EXIT_FAILURE); } #endif @@ -1391,7 +1390,7 @@ void cfg_init(const char *fname) } /* if ssl is on each URI should start with ldaps */ #ifdef LDAP_OPT_X_TLS - if (nslcd_cfg->ssl_on == SSL_LDAPS) + if (nslcd_cfg->ssl == SSL_LDAPS) { for (i = 0; nslcd_cfg->uris[i].uri != NULL; i++) { diff --git a/nslcd/cfg.h b/nslcd/cfg.h index b0531e1..17edd87 100644 --- a/nslcd/cfg.h +++ b/nslcd/cfg.h @@ -40,7 +40,7 @@ #define NOGID ((gid_t)-1) /* maximum number of URIs */ -#define NSS_LDAP_CONFIG_URI_MAX 31 +#define NSS_LDAP_CONFIG_MAX_URIS 31 /* maximum number of search bases */ #define NSS_LDAP_CONFIG_MAX_BASES 7 @@ -79,88 +79,60 @@ struct myldap_uri { }; struct ldap_config { - /* the number of threads to start */ - int threads; - /* the user name specified in the uid option */ - char *uidname; - /* the user id nslcd should be run as */ - uid_t uid; - /* the group id nslcd should be run as */ - gid_t gid; - /* whether or not case should be ignored in lookups */ - int ignorecase; - /* NULL terminated list of URIs */ - struct myldap_uri uris[NSS_LDAP_CONFIG_URI_MAX + 1]; - /* protocol version */ - int version; - /* bind DN */ - char *binddn; - /* bind cred */ - char *bindpw; - /* bind DN for password modification by administrator */ - char *rootpwmoddn; - /* bind password for password modification by root */ - char *rootpwmodpw; - /* sasl mech */ - char *sasl_mech; - /* sasl realm */ - char *sasl_realm; - /* sasl authentication id */ - char *sasl_authcid; - /* sasl authorization id */ - char *sasl_authzid; - /* sasl security */ - char *sasl_secprops; + int threads; /* the number of threads to start */ + char *uidname; /* the user name specified in the uid option */ + uid_t uid; /* the user id nslcd should be run as */ + gid_t gid; /* the group id nslcd should be run as */ + + struct myldap_uri uris[NSS_LDAP_CONFIG_MAX_URIS + 1]; /* NULL terminated list of URIs */ + int ldap_version; /* LDAP protocol version */ + char *binddn; /* bind DN */ + char *bindpw; /* bind cred */ + char *rootpwmoddn; /* bind DN for password modification by root */ + char *rootpwmodpw; /* bind password for password modification by root */ + + char *sasl_mech; /* SASL mechanism */ + char *sasl_realm; /* SASL realm */ + char *sasl_authcid; /* SASL authentication identity */ + char *sasl_authzid; /* SASL authorization identity */ + char *sasl_secprops; /* SASL security properties */ #ifdef LDAP_OPT_X_SASL_NOCANON - /* whether host name should be canonicalised */ - int sasl_canonicalize; + int sasl_canonicalize; /* whether host name should be canonicalised */ #endif /* LDAP_OPT_X_SASL_NOCANON */ - /* base DN, eg. dc=gnu,dc=org */ - const char *bases[NSS_LDAP_CONFIG_MAX_BASES]; - /* scope for searches */ - int scope; - /* dereference aliases/links */ - int deref; - /* chase referrals */ - int referrals; - /* bind timelimit */ - int bind_timelimit; - /* search timelimit */ - int timelimit; - /* idle timeout */ - int idle_timelimit; - /* seconds to sleep; doubled until max */ - int reconnect_sleeptime; - /* maximum seconds to sleep */ - int reconnect_retrytime; + + const char *bases[NSS_LDAP_CONFIG_MAX_BASES]; /* search bases */ + int scope; /* scope for searches */ + int deref; /* dereference aliases/links */ + int referrals; /* chase referrals */ + + int bind_timelimit; /* bind timelimit */ + int timelimit; /* search timelimit */ + int idle_timelimit; /* idle timeout */ + int reconnect_sleeptime; /* seconds to sleep; doubled until max */ + int reconnect_retrytime; /* maximum seconds to sleep */ + #ifdef LDAP_OPT_X_TLS /* SSL enabled */ - enum ldap_ssl_options ssl_on; + enum ldap_ssl_options ssl; #endif /* LDAP_OPT_X_TLS */ - /* whether the LDAP library should restart the select(2) system call when interrupted */ - int restart; - /* set to a greater than 0 to enable handling of paged results with the specified size */ - int pagesize; - /* the users for which no initgroups() searches should be done */ - SET *nss_initgroups_ignoreusers; - /* the searches that should be performed to do autorisation checks */ - char *pam_authz_search[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; - /* minimum uid for users retreived from LDAP */ - uid_t nss_min_uid; - /* the regular expression to determine valid names */ - regex_t validnames; - /* whether password changing should be denied and user prompted with - this message */ - char *pam_password_prohibit_message; + + int pagesize; /* set to a greater than 0 to enable handling of paged results with the specified size */ + SET *nss_initgroups_ignoreusers; /* the users for which no initgroups() searches should be done */ + uid_t nss_min_uid; /* minimum uid for users retreived from LDAP */ + regex_t validnames; /* the regular expression to determine valid names */ + int ignorecase; /* whether or not case should be ignored in lookups */ + char *pam_authz_searches[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; /* the searches that should be performed to do autorisation checks */ + char *pam_password_prohibit_message; /* whether password changing should be denied and user prompted with this message */ + + int restart; /* whether the LDAP library should restart the select(2) system call when interrupted */ }; /* this is a pointer to the global configuration, it should be available - once cfg_init() was called */ + and populated after cfg_init() is called */ extern struct ldap_config *nslcd_cfg; -/* Initialize the configuration in nslcd_cfg. This method - will read the default configuration file and call exit() - if an error occurs. */ +/* Initialize the configuration in nslcd_cfg. This method will read the + default configuration file and call exit() if an error occurs. */ void cfg_init(const char *fname); #endif /* NSLCD__CFG_H */ diff --git a/nslcd/myldap.c b/nslcd/myldap.c index 367629d..c6ce0dc 100644 --- a/nslcd/myldap.c +++ b/nslcd/myldap.c @@ -424,7 +424,7 @@ static int do_bind(LDAP *ld, const char *binddn, const char *bindpw, #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ #ifdef LDAP_OPT_X_TLS /* check if StartTLS is requested */ - if (nslcd_cfg->ssl_on == SSL_START_TLS) + if (nslcd_cfg->ssl == SSL_START_TLS) { log_log(LOG_DEBUG, "ldap_start_tls_s()"); errno = 0; @@ -639,9 +639,9 @@ static int do_set_options(MYLDAP_SESSION *session) #endif /* HAVE_LDAP_SET_REBIND_PROC */ /* set the protocol version to use */ log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,%d)", - nslcd_cfg->version); + nslcd_cfg->ldap_version); LDAP_SET_OPTION(session->ld, LDAP_OPT_PROTOCOL_VERSION, - &nslcd_cfg->version); + &nslcd_cfg->ldap_version); /* set some other options */ log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_DEREF,%d)", nslcd_cfg->deref); @@ -683,7 +683,7 @@ static int do_set_options(MYLDAP_SESSION *session) #endif /* LDAP_OPT_CONNECT_CB */ #ifdef LDAP_OPT_X_TLS /* if SSL is desired, then enable it */ - if ((nslcd_cfg->ssl_on == SSL_LDAPS) || + if ((nslcd_cfg->ssl == SSL_LDAPS) || (strncasecmp(nslcd_cfg->uris[session->current_uri].uri, "ldaps://", 8) == 0)) { /* use tls */ @@ -965,9 +965,9 @@ static int do_retry_search(MYLDAP_SEARCH *search) time_t t; int rc = LDAP_UNAVAILABLE; struct myldap_uri *current_uri; - int dotry[NSS_LDAP_CONFIG_URI_MAX]; + int dotry[NSS_LDAP_CONFIG_MAX_URIS]; /* clear time stamps */ - for (start_uri = 0; start_uri < NSS_LDAP_CONFIG_URI_MAX; start_uri++) + for (start_uri = 0; start_uri < NSS_LDAP_CONFIG_MAX_URIS; start_uri++) dotry[start_uri] = 1; /* keep trying until we time out */ endtime = time(NULL) + nslcd_cfg->reconnect_retrytime; diff --git a/nslcd/pam.c b/nslcd/pam.c index c9254f5..c6f7fc6 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -396,7 +396,7 @@ static int try_autzsearch(MYLDAP_SESSION *session, const char *dn, const char *res; int i; /* go over all pam_authz_search options */ - for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (nslcd_cfg->pam_authz_search[i] != NULL); i++) + for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (nslcd_cfg->pam_authz_searches[i] != NULL); i++) { if (dict == NULL) { @@ -417,7 +417,7 @@ static int try_autzsearch(MYLDAP_SESSION *session, const char *dn, autzsearch_var_add(dict, "uid", username); } /* build the search filter */ - res = expr_parse(nslcd_cfg->pam_authz_search[i], + res = expr_parse(nslcd_cfg->pam_authz_searches[i], filter, sizeof(filter), autzsearch_var_get, (void *)dict); if (res == NULL) @@ -425,7 +425,7 @@ static int try_autzsearch(MYLDAP_SESSION *session, const char *dn, autzsearch_vars_free(dict); dict_free(dict); log_log(LOG_ERR, "invalid pam_authz_search \"%s\"", - nslcd_cfg->pam_authz_search[i]); + nslcd_cfg->pam_authz_searches[i]); return LDAP_LOCAL_ERROR; } log_log(LOG_DEBUG, "trying pam_authz_search \"%s\"", filter); diff --git a/tests/test_cfg.c b/tests/test_cfg.c index 41fad50..4dbe66e 100644 --- a/tests/test_cfg.c +++ b/tests/test_cfg.c @@ -58,7 +58,7 @@ static void test_add_uris(void) assert(cfg.uris[0].uri != NULL); assert(cfg.uris[1].uri == NULL); /* add some more uris */ - for (i = 1; i < NSS_LDAP_CONFIG_URI_MAX; i++) + for (i = 1; i < NSS_LDAP_CONFIG_MAX_URIS; i++) { add_uri(__FILE__, __LINE__, &cfg, "ldap://localhost"); assert(cfg.uris[i].uri != NULL); diff --git a/tests/test_myldap.c b/tests/test_myldap.c index 69bc2c5..4239082 100644 --- a/tests/test_myldap.c +++ b/tests/test_myldap.c @@ -364,10 +364,10 @@ static void test_connections(void) MYLDAP_SESSION *session; MYLDAP_SEARCH *search; const char *attrs[] = { "uid", "cn", "gid", NULL }; - char *old_uris[NSS_LDAP_CONFIG_URI_MAX + 1]; + char *old_uris[NSS_LDAP_CONFIG_MAX_URIS + 1]; int i; /* save the old URIs */ - for (i = 0; i < (NSS_LDAP_CONFIG_URI_MAX + 1); i++) + for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++) { old_uris[i] = nslcd_cfg->uris[i].uri; nslcd_cfg->uris[i].uri = NULL; @@ -391,7 +391,7 @@ static void test_connections(void) /* clean up */ myldap_session_close(session); /* restore the old URIs */ - for (i = 0; i < (NSS_LDAP_CONFIG_URI_MAX + 1); i++) + for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++) nslcd_cfg->uris[i].uri = old_uris[i]; } -- cgit v1.2.3