/* shadow.c - service entry lookup routines This file was part of the nss_ldap library (as ldap-spwd.c) which has been forked into the nss-ldapd library. Copyright (C) 1997-2005 Luke Howard Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #ifdef HAVE_PROT_H #define _PROT_INCLUDED #endif #ifdef HAVE_LBER_H #include #endif #ifdef HAVE_LDAP_H #include #endif #if defined(HAVE_THREAD_H) #include #elif defined(HAVE_PTHREAD_H) #include #endif #include "ldap-nss.h" #include "common.h" #include "log.h" #include "attmap.h" #include "cfg.h" /* ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY * DESC 'Additional attributes for shadow passwords' * MUST uid * MAY ( userPassword $ shadowLastChange $ shadowMin * shadowMax $ shadowWarning $ shadowInactive $ * shadowExpire $ shadowFlag $ description ) ) */ /* the search base for searches */ const char *shadow_base = NULL; /* the search scope for searches */ int shadow_scope = LDAP_SCOPE_DEFAULT; /* the basic search filter for searches */ const char *shadow_filter = "(objectClass=shadowAccount)"; /* the attributes to request with searches */ const char *attmap_shadow_uid = "uid"; const char *attmap_shadow_userPassword = "userPassword"; const char *attmap_shadow_shadowLastChange = "shadowLastChange"; const char *attmap_shadow_shadowMin = "shadowMin"; const char *attmap_shadow_shadowMax = "shadowMax"; const char *attmap_shadow_shadowWarning = "shadowWarning"; const char *attmap_shadow_shadowInactive = "shadowInactive"; const char *attmap_shadow_shadowExpire = "shadowExpire"; const char *attmap_shadow_shadowFlag = "shadowFlag"; /* the attribute list to request with searches */ static const char *shadow_attrs[10]; static int mkfilter_shadow_byname(const char *name, char *buffer,size_t buflen) { char buf2[1024]; /* escape attribute */ if(myldap_escape(name,buf2,sizeof(buf2))) return -1; /* build filter */ return mysnprintf(buffer,buflen, "(&%s(%s=%s))", shadow_filter, attmap_shadow_uid,buf2); } static void shadow_init(void) { /* set up base */ if (shadow_base==NULL) shadow_base=nslcd_cfg->ldc_base; /* set up scope */ if (shadow_scope==LDAP_SCOPE_DEFAULT) shadow_scope=nslcd_cfg->ldc_scope; /* set up attribute list */ shadow_attrs[0]=attmap_shadow_uid; shadow_attrs[1]=attmap_shadow_userPassword; shadow_attrs[2]=attmap_shadow_shadowLastChange; shadow_attrs[3]=attmap_shadow_shadowMax; shadow_attrs[4]=attmap_shadow_shadowMin; shadow_attrs[5]=attmap_shadow_shadowWarning; shadow_attrs[6]=attmap_shadow_shadowInactive; shadow_attrs[7]=attmap_shadow_shadowExpire; shadow_attrs[8]=attmap_shadow_shadowFlag; shadow_attrs[9]=NULL; } /* macros for expanding the NSLCD_SHADOW macro */ #define NSLCD_STRING(field) WRITE_STRING(fp,field) #define NSLCD_INT32(field) WRITE_INT32(fp,field) #define SHADOW_NAME result->sp_namp #define SHADOW_PASSWD result->sp_pwdp #define SHADOW_LASTCHANGE result->sp_lstchg #define SHADOW_MINDAYS result->sp_min #define SHADOW_MAXDAYS result->sp_max #define SHADOW_WARN result->sp_warn #define SHADOW_INACT result->sp_inact #define SHADOW_EXPIRE result->sp_expire #define SHADOW_FLAG result->sp_flag static int write_spwd(TFILE *fp,struct spwd *result) { int32_t tmpint32; NSLCD_SHADOW; return 0; } static int _nss_ldap_shadow_date (const char *val) { int date; if (nslcd_cfg->ldc_shadow_type == LS_AD_SHADOW) { date = atoll (val) / 864000000000LL - 134774LL; date = (date > 99999) ? 99999 : date; } else { date = atol (val); } return date; } #ifndef UF_DONT_EXPIRE_PASSWD #define UF_DONT_EXPIRE_PASSWD 0x10000 #endif static void _nss_ldap_shadow_handle_flag (struct spwd *sp) { if (nslcd_cfg->ldc_shadow_type == LS_AD_SHADOW) { if (sp->sp_flag & UF_DONT_EXPIRE_PASSWD) sp->sp_max = 99999; sp->sp_flag = 0; } } static enum nss_status _nss_ldap_parse_sp( MYLDAP_SESSION *session,LDAPMessage *e,struct ldap_state UNUSED(*state), void *result,char *buffer,size_t buflen) { struct spwd *sp = (struct spwd *) result; enum nss_status stat; char *tmp = NULL; stat=_nss_ldap_assign_userpassword(session,e,attmap_shadow_userPassword,&sp->sp_pwdp,&buffer,&buflen); if (stat != NSS_STATUS_SUCCESS) return stat; stat=_nss_ldap_assign_attrval(session,e,attmap_shadow_uid,&sp->sp_namp,&buffer,&buflen); if (stat != NSS_STATUS_SUCCESS) return stat; stat=_nss_ldap_assign_attrval(session,e,attmap_shadow_shadowLastChange,&tmp,&buffer,&buflen); sp->sp_lstchg = (stat == NSS_STATUS_SUCCESS) ? _nss_ldap_shadow_date (tmp) : -1; stat=_nss_ldap_assign_attrval(session,e,attmap_shadow_shadowMax,&tmp,&buffer,&buflen); sp->sp_max = (stat == NSS_STATUS_SUCCESS) ? atol (tmp) : -1; stat=_nss_ldap_assign_attrval(session,e,attmap_shadow_shadowMin,&tmp,&buffer,&buflen); sp->sp_min = (stat == NSS_STATUS_SUCCESS) ? atol (tmp) : -1; stat=_nss_ldap_assign_attrval(session,e,attmap_shadow_shadowWarning,&tmp,&buffer,&buflen); sp->sp_warn = (stat == NSS_STATUS_SUCCESS) ? atol (tmp) : -1; stat=_nss_ldap_assign_attrval(session,e,attmap_shadow_shadowInactive,&tmp,&buffer,&buflen); sp->sp_inact = (stat == NSS_STATUS_SUCCESS) ? atol (tmp) : -1; stat=_nss_ldap_assign_attrval(session,e,attmap_shadow_shadowExpire,&tmp,&buffer,&buflen); sp->sp_expire = (stat == NSS_STATUS_SUCCESS) ? _nss_ldap_shadow_date (tmp) : -1; stat=_nss_ldap_assign_attrval(session,e,attmap_shadow_shadowFlag,&tmp,&buffer,&buflen); sp->sp_flag = (stat == NSS_STATUS_SUCCESS) ? atol (tmp) : 0; _nss_ldap_shadow_handle_flag(sp); return NSS_STATUS_SUCCESS; } int nslcd_shadow_byname(TFILE *fp,MYLDAP_SESSION *session) { int32_t tmpint32; char name[256]; char filter[1024]; int retv; struct spwd result; char buffer[1024]; /* read request parameters */ READ_STRING_BUF2(fp,name,sizeof(name)); /* log call */ log_log(LOG_DEBUG,"nslcd_shadow_byname(%s)",name); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_SHADOW_BYNAME); /* do the LDAP request */ mkfilter_shadow_byname(name,filter,sizeof(filter)); shadow_init(); retv=_nss_ldap_getbyname(session,&result,buffer,1024, shadow_base,shadow_scope,filter,shadow_attrs, _nss_ldap_parse_sp); /* write the response */ WRITE_INT32(fp,retv); if (retv==NSLCD_RESULT_SUCCESS) if (write_spwd(fp,&result)) return -1; /* we're done */ return 0; } int nslcd_shadow_all(TFILE *fp,MYLDAP_SESSION *session) { int32_t tmpint32; struct ent_context context; /* these are here for now until we rewrite the LDAP code */ struct spwd result; char buffer[1024]; int retv; /* log call */ log_log(LOG_DEBUG,"nslcd_shadow_all()"); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_SHADOW_ALL); /* initialize context */ _nss_ldap_ent_context_init(&context,session); /* loop over all results */ shadow_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer), shadow_base,shadow_scope,shadow_filter,shadow_attrs, _nss_ldap_parse_sp))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); if (write_spwd(fp,&result)) return -1; } /* write the final result code */ WRITE_INT32(fp,retv); /* FIXME: if a previous call returns what happens to the context? */ _nss_ldap_ent_context_cleanup(&context); /* we're done */ return 0; }