From 9b65ad7e014d3198ab0995572fc2f7adf9b35a0f Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Mon, 14 Jun 2010 21:17:05 +0000
Subject: implement a global symbol inside the NSS module to allow applications
 to disable NSS lookups over LDAP and use it in nslcd to avoid deadlocks

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1141 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 nss/Makefile.am   |  4 ++--
 nss/common.c      | 22 ++++++++++++++++++++++
 nss/common.h      | 10 +++++++++-
 nss/exports.linux |  3 +++
 nss/netgroup.c    |  2 ++
 nss/prototypes.h  |  6 +++++-
 6 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 nss/common.c

(limited to 'nss')

diff --git a/nss/Makefile.am b/nss/Makefile.am
index 72d53f3..89d9a4e 100644
--- a/nss/Makefile.am
+++ b/nss/Makefile.am
@@ -2,7 +2,7 @@
 #
 # Copyright (C) 2006 Luke Howard
 # Copyright (C) 2006 West Consulting
-# Copyright (C) 2006, 2007, 2009 Arthur de Jong
+# Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -28,7 +28,7 @@ AM_CFLAGS = -fPIC
 NSS_VERS = 2
 NSS_LDAP_NSS_VERSIONED = libnss_ldap.so.$(NSS_VERS)
 
-nss_ldap_so_SOURCES = common.h prototypes.h \
+nss_ldap_so_SOURCES = common.c common.h prototypes.h \
                       ../nslcd.h ../common/nslcd-prot.h \
                       ../compat/attrs.h \
                       aliases.c ethers.c group.c hosts.c netgroup.c \
diff --git a/nss/common.c b/nss/common.c
new file mode 100644
index 0000000..20a3136
--- /dev/null
+++ b/nss/common.c
@@ -0,0 +1,22 @@
+/*
+   common.c - common definitions
+
+   Copyright (C) 2010 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+int _nss_ldap_enablelookups=1;
diff --git a/nss/common.h b/nss/common.h
index bf7d67d..bf03e9b 100644
--- a/nss/common.h
+++ b/nss/common.h
@@ -2,7 +2,7 @@
    common.h - common functions for NSS lookups
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2008, 2009 Arthur de Jong
+   Copyright (C) 2006, 2007, 2008, 2009, 2010 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -83,6 +83,8 @@
   TFILE *fp; \
   int32_t tmpint32; \
   enum nss_status retv; \
+  if (!_nss_ldap_enablelookups) \
+    return NSS_STATUS_UNAVAIL; \
   /* check that we have a valid buffer */ \
   if ((buffer==NULL)||(buflen<=0)) \
   { \
@@ -117,6 +119,8 @@
 /* This macro generates a simple setent() function body. This closes any
    open streams so that NSS_GETENT() can open a new file. */
 #define NSS_SETENT(fp) \
+  if (!_nss_ldap_enablelookups) \
+    return NSS_STATUS_UNAVAIL; \
   if (fp!=NULL) \
   { \
     (void)tio_close(fp); \
@@ -130,6 +134,8 @@
 #define NSS_GETENT(fp,action,readfn) \
   int32_t tmpint32; \
   enum nss_status retv; \
+  if (!_nss_ldap_enablelookups) \
+    return NSS_STATUS_UNAVAIL; \
   /* check that we have a valid buffer */ \
   if ((buffer==NULL)||(buflen<=0)) \
   { \
@@ -174,6 +180,8 @@
 /* This macro generates a endent() function body. This just closes
    the stream. */
 #define NSS_ENDENT(fp) \
+  if (!_nss_ldap_enablelookups) \
+    return NSS_STATUS_UNAVAIL; \
   if (fp!=NULL) \
   { \
     (void)tio_close(fp); \
diff --git a/nss/exports.linux b/nss/exports.linux
index 62c0313..0ed5ea2 100644
--- a/nss/exports.linux
+++ b/nss/exports.linux
@@ -3,6 +3,9 @@ EXPORTED {
   # published NSS service functions
   global:
 
+    # flag to enable or disable lookups
+    _nss_ldap_enablelookups;
+
     # aliases - mail aliases
     _nss_ldap_getaliasbyname_r;
     _nss_ldap_setaliasent;
diff --git a/nss/netgroup.c b/nss/netgroup.c
index d052c84..93fc923 100644
--- a/nss/netgroup.c
+++ b/nss/netgroup.c
@@ -96,6 +96,8 @@ enum nss_status _nss_ldap_setnetgrent(const char *group,struct __netgrent UNUSED
   int32_t tmpint32;
   int errnocp;
   int *errnop;
+  if (!_nss_ldap_enablelookups)
+    return NSS_STATUS_UNAVAIL;
   errnop=&errnocp;
   /* check parameter */
   if ((group==NULL)||(group[0]=='\0'))
diff --git a/nss/prototypes.h b/nss/prototypes.h
index 7b82c27..c611883 100644
--- a/nss/prototypes.h
+++ b/nss/prototypes.h
@@ -2,7 +2,7 @@
    prototypes.h - all functions exported by the NSS library
 
    Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2008 Arthur de Jong
+   Copyright (C) 2006, 2008, 2010 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -97,6 +97,10 @@ struct __netgrent
    http://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html
 */
 
+/* flag to gloabally disable lookups (all _nss_ldap_*() functions will return
+   NSS_STATUS_UNAVAIL */
+extern int _nss_ldap_enablelookups;
+
 /* aliases - mail aliases */
 enum nss_status _nss_ldap_getaliasbyname_r(const char *name,struct aliasent *result,char *buffer,size_t buflen,int *errnop);
 enum nss_status _nss_ldap_setaliasent(void);
-- 
cgit v1.2.3