Date: Fri, 4 Aug 2006 17:13:55 GMT From: Michael Bushkov <bushman@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 103180 for review Message-ID: <200608041713.k74HDtTQ017865@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=103180 Change 103180 by bushman@bushman_nss_ldap_cached on 2006/08/04 17:13:37 Support for SASL authentication added + Most of the configuration options are now supported + A lot of minor enhancements. Affected files ... .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#3 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#3 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.h#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.c#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconn.h#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.c#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapschema.h#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.c#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapsearch.h#6 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.c#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaptls.h#5 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.c#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldaputil.h#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.c#7 edit .. //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/nss_ldap.h#7 edit Differences ... ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/Makefile#7 (text+ko) ==== @@ -2,11 +2,10 @@ .include <bsd.own.mk> -PROG= nss_ldap -#LIB= nss_ldap -#SHLIB_MAJOR= 1 -#SHLIB_NAME= nss_ldap.so.${SHLIB_MAJOR} -#SHLIBDIR?= /lib +LIB= nss_ldap +SHLIB_MAJOR= 1 +SHLIB_NAME= nss_ldap.so.${SHLIB_MAJOR} +SHLIBDIR?= /lib SRCS= nss_ldap.c ldap_group.c ldap_passwd.c ldap_serv.c ldapconn.c\ ldapconf.c ldapschema.c ldapsearch.c ldaptls.c ldaputil.c @@ -14,11 +13,10 @@ CFLAGS+=-DINET6 CFLAGS+=-g -LDADD+= -lnssutil -lldap +LDADD+= -lnssutil -lldap -lsasl2 LDFLAGS+= -L${.OBJDIR}/../libnssutil -L/usr/local/lib -INCS= +INCS= MAN= -#.include <bsd.lib.mk> -.include <bsd.prog.mk> +.include <bsd.lib.mk> ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.c#6 (text+ko) ==== @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include <assert.h> +#include <errno.h> #include <nsswitch.h> #include <ldap.h> #include <grp.h> @@ -41,7 +42,16 @@ #include "ldapconf.h" #include "nss_ldap.h" -static int +static int nss_ldap_parse_group(struct nss_ldap_parse_context *); + +static int ldap_getgrnam_r(const char *, struct group *, char *, size_t, + struct group **); +static int ldap_getgrgid_r(gid_t, struct group *, char *, size_t, + struct group **); +static int ldap_getgrent_r(struct group *, char *, size_t, struct group **); +static void ldap_setgrent(); + +static int nss_ldap_parse_group(struct nss_ldap_parse_context *pctx) { struct nss_ldap_schema *schema; @@ -99,114 +109,9 @@ errfin: return (rv); -/* - - if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) - { - groupMembers = groupMembersBuffer; - groupMembersCount = 0; - groupMembersBufferSize = sizeof (groupMembers); - groupMembersBufferIsMalloced = 0; - depth = 0; - - stat = do_parse_group_members (e, &groupMembers, &groupMembersCount, - &groupMembersBufferSize, - &groupMembersBufferIsMalloced, &buffer, - &buflen, &depth, &knownGroups); - if (stat != NSS_SUCCESS) - { - if (groupMembersBufferIsMalloced) - free (groupMembers); - _nss_ldap_namelist_destroy (&knownGroups); - return stat; - } - - stat = do_fix_group_members_buffer (groupMembers, groupMembersCount, - &gr->gr_mem, &buffer, &buflen); - - if (groupMembersBufferIsMalloced) - free (groupMembers); - _nss_ldap_namelist_destroy (&knownGroups); - } - else - { - stat = - _nss_ldap_assign_attrvals (e, ATM (LM_GROUP, memberUid), NULL, - &gr->gr_mem, &buffer, &buflen, NULL); - } - - return stat;*/ - -/* sctx = pctx->sctx; - pwd = (struct passwd *)pctx->mdata; - buf = pctx->buffer; - buflen = pctx->bufsize; - - schema = &sctx->conf->schema; - - printf("==> %d %s\n", __LINE__, __FILE__); - rv = __nss_ldap_assign_attr_str(sctx, - _ATM(schema, PASSWD, uid), - &pwd->pw_name, &len, buf, buflen); - if (rv != 0) - goto errfin; - buflen -= len; - buf += len; - - printf("==> %d %s\n", __LINE__, __FILE__); - rv = __nss_ldap_assign_attr_uid(sctx, - _AT(schema, uidNumber), - &pwd->pw_uid); - if (rv != 0) - goto errfin; - - printf("==> %d %s\n", __LINE__, __FILE__); - rv = __nss_ldap_assign_attr_str(sctx, - _AT(schema, gecos), - &pwd->pw_gecos, &len, buf, buflen); - if (rv != 0) { - pwd->pw_gecos = NULL; - rv = __nss_ldap_assign_attr_str(sctx, - _ATM(schema, PASSWD, cn), - &pwd->pw_gecos, &len, buf, buflen); - } - - if (rv != 0) - goto errfin; - buflen -= len; - buf += len; - - printf("==> %d %s\n", __LINE__, __FILE__); - rv = __nss_ldap_assign_attr_str(sctx, - _AT(schema, homeDirectory), - &pwd->pw_dir, &len, buf, buflen); - if (rv != 0) - rv = __nss_ldap_assign_str("", &pwd->pw_dir, &len, buf, - buflen); - if (rv != 0) - goto errfin; - buflen -= len; - buf += len; - - printf("==> %d %s\n", __LINE__, __FILE__); - rv = __nss_ldap_assign_attr_str(sctx, - _AT(schema, loginShell), - &pwd->pw_shell, &len, buf, buflen); - if (rv != 0) - rv = __nss_ldap_assign_str("", &pwd->pw_shell, &len, buf, - buflen); - if (rv != 0) - goto errfin; - buflen -= len; - buf += len; - -fin: - return (0); - -errfin:*/ } -int +static int ldap_getgrnam_r(const char *name, struct group *grp, char *buffer, size_t bufsize, struct group **result) { @@ -231,7 +136,7 @@ return (rv); } -int +static int ldap_getgrgid_r(gid_t gid, struct group *grp, char *buffer, size_t bufsize, struct group **result) { @@ -256,7 +161,7 @@ return (rv); } -int +static int ldap_getgrent_r(struct group *grp, char *buffer, size_t bufsize, struct group **result) { @@ -277,22 +182,77 @@ return (rv); } -void +static void ldap_setgrent() { __nss_ldap_setent(NSS_LDAP_MAP_GROUP); } - int -__ldap_setgrpent(void *retval, void *mdata, va_list ap) +__ldap_setgrent(void *retval, void *mdata, va_list ap) { + + ldap_setgrent(); return (NS_UNAVAIL); } int __ldap_group(void *retval, void *mdata, va_list ap) { - return (NS_UNAVAIL); + struct group *grp, *result; + char *buffer; + size_t bufsize; + int *errnop; + + char *name; + gid_t gid; + + int rv; + + assert(mdata != NULL); + + switch ((enum nss_lookup_type)mdata) { + case nss_lt_name: + printf("GGG %s %d\n", __FILE__, __LINE__); + name = va_arg(ap, char *); + break; + case nss_lt_id: + printf("GGG %s %d\n", __FILE__, __LINE__); + gid = va_arg(ap, gid_t); + break; + case nss_lt_all: + printf("GGG %s %d\n", __FILE__, __LINE__); + break; + default: + /* CONSIDERED UNREACHABLE */ + return (NS_UNAVAIL); + } + + grp = va_arg(ap, struct group *); + buffer = va_arg(ap, char *); + bufsize = va_arg(ap, size_t); + errnop = va_arg(ap, int *); + + switch ((enum nss_lookup_type)mdata) { + case nss_lt_name: + rv = ldap_getgrnam_r(name, grp, buffer, bufsize, &result); + break; + case nss_lt_id: + rv = ldap_getgrgid_r(gid, grp, buffer, bufsize, &result); + break; + case nss_lt_all: + rv = ldap_getgrent_r(grp, buffer, bufsize, &result); + break; + default: + break; + } + + if ((rv == NS_SUCCESS) && (retval != NULL)) + *(struct group **)retval = result; + + if ((rv != NS_SUCCESS) && (rv != NS_NOTFOUND)) + *errnop = errno; + + return (rv); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_group.h#6 (text+ko) ==== @@ -29,18 +29,6 @@ #ifndef _LDAP_GROUP_H_ #define _LDAP_GROUP_H_ -int -ldap_getgrnam_r(const char *name, struct group *grp, - char *buffer, size_t bufsize, struct group **result); -int -ldap_getgrgid_r(gid_t gid, struct group *grp, - char *buffer, size_t bufsize, struct group **result); -int -ldap_getgrent_r(struct group *grp, char *buffer, size_t bufsize, - struct group **result); -void -ldap_setgrent(); - extern int __ldap_setgrent(void *, void *, va_list); extern int __ldap_group(void *, void *, va_list); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.c#7 (text+ko) ==== @@ -25,11 +25,11 @@ * */ - #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); #include <assert.h> +#include <errno.h> #include <nsswitch.h> #include <ldap.h> #include <pwd.h> @@ -41,8 +41,15 @@ #include "ldapconf.h" #include "nss_ldap.h" -//static int nss_ldap_parse_passwd(struct nss_ldap_parse_context *, -// struct nss_ldap_search_context *); +static int nss_ldap_parse_passwd(struct nss_ldap_parse_context *); + +static int ldap_getpwnam_r(const char *, struct passwd *, char *, size_t, + struct passwd **); +static int ldap_getpwuid_r(uid_t, struct passwd *, char *, size_t, + struct passwd **); +static int ldap_getpwent_r(struct passwd *, char *, size_t, struct passwd **); +static void ldap_setpwent(); + static int nss_ldap_parse_passwd(struct nss_ldap_parse_context *pctx) { @@ -128,6 +135,18 @@ buflen -= len; buf += len; + printf("==> %d %s\n", __LINE__, __FILE__); + rv = __nss_ldap_assign_attr_str(sctx, + _AT(schema, loginClass), + &pwd->pw_class, &len, buf, buflen); + if (rv != NSS_LDAP_SUCCESS) + rv = __nss_ldap_assign_str("", &pwd->pw_class, &len, buf, + buflen); + if (rv != NSS_LDAP_SUCCESS) + goto errfin; + buflen -= len; + buf += len; + printf("==> %d %s\n", __LINE__, __FILE__); rv = __nss_ldap_assign_attr_uid(sctx, _AT(schema, uidNumber), @@ -164,12 +183,12 @@ else pwd->pw_expire = 0; - rv = NS_SUCCESS; + rv = NSS_LDAP_SUCCESS; errfin: return (rv); } -int +static int ldap_getpwnam_r(const char *name, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) { @@ -194,7 +213,7 @@ return (rv); } -int +static int ldap_getpwuid_r(uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) { @@ -219,7 +238,7 @@ return (rv); } -int +static int ldap_getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize, struct passwd **result) { @@ -240,7 +259,7 @@ return (rv); } -void +static void ldap_setpwent() { @@ -251,11 +270,64 @@ int __ldap_setpwent(void *retval, void *mdata, va_list ap) { + + ldap_setpwent(); return (NS_UNAVAIL); } int __ldap_passwd(void *retval, void *mdata, va_list ap) { - return (NS_UNAVAIL); + struct passwd *pwd, *result; + char *buffer; + size_t bufsize; + int *errnop; + + char *name; + uid_t uid; + + int rv; + + assert(mdata != NULL); + + switch ((enum nss_lookup_type)mdata) { + case nss_lt_name: + name = va_arg(ap, char *); + break; + case nss_lt_id: + uid = va_arg(ap, uid_t); + break; + case nss_lt_all: + break; + default: + /* CONSIDERED UNREACHABLE */ + return (NS_UNAVAIL); + } + + pwd = va_arg(ap, struct passwd *); + buffer = va_arg(ap, char *); + bufsize = va_arg(ap, size_t); + errnop = va_arg(ap, int *); + + switch ((enum nss_lookup_type)mdata) { + case nss_lt_name: + rv = ldap_getpwnam_r(name, pwd, buffer, bufsize, &result); + break; + case nss_lt_id: + rv = ldap_getpwuid_r(uid, pwd, buffer, bufsize, &result); + break; + case nss_lt_all: + rv = ldap_getpwent_r(pwd, buffer, bufsize, &result); + break; + default: + break; + } + + if ((rv == NS_SUCCESS) && (retval != NULL)) + *(struct passwd **)retval = result; + + if ((rv != NS_SUCCESS) && (rv != NS_NOTFOUND)) + *errnop = errno; + + return (rv); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_passwd.h#7 (text+ko) ==== @@ -29,18 +29,6 @@ #ifndef _LDAP_PASSWD_H_ #define _LDAP_PASSWD_H_ -int -ldap_getpwnam_r(const char *name, struct passwd *pwd, - char *buffer, size_t bufsize, struct passwd **result); -int -ldap_getpwuid_r(uid_t uid, struct passwd *pwd, - char *buffer, size_t bufsize, struct passwd **result); -int -ldap_getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize, - struct passwd **result); -void -ldap_setpwent(); - extern int __ldap_setpwent(void *, void *, va_list); extern int __ldap_passwd(void *, void *, va_list); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.c#3 (text+ko) ==== @@ -29,6 +29,7 @@ __FBSDID("$FreeBSD$"); #include <assert.h> +#include <errno.h> #include <nsswitch.h> #include <ldap.h> #include <netdb.h> @@ -56,6 +57,17 @@ size_t count; }; +static int nss_ldap_parse_servent(struct nss_ldap_parse_context *); +static void nss_ldap_destroy_servent(struct nss_ldap_parse_context *); + +static int ldap_getservbyname_r(const char *, const char *, struct servent *, + char *, size_t, struct servent **); +static int ldap_getservbyport_r(int, const char *, struct servent *, + char *, size_t, struct servent **); +static int ldap_getservent_r(struct servent *, char *, size_t, + struct servent **); +static void ldap_setservent(); + static int nss_ldap_parse_servent(struct nss_ldap_parse_context *pctx) { @@ -175,11 +187,12 @@ nss_ldap_destroy_servent(struct nss_ldap_parse_context *pctx) { + printf("here - %s %d\n", __FILE__, __LINE__); assert(pctx != NULL); free(pctx->mdata_ext); } -int +static int ldap_getservbyname_r(const char *name, const char *proto, struct servent *serv, char *buffer, size_t bufsize, struct servent **result) { @@ -215,7 +228,7 @@ return (rv); } -int +static int ldap_getservbyport_r(int port, const char *proto, struct servent *serv, char *buffer, size_t bufsize, struct servent **result) { @@ -251,7 +264,7 @@ return (rv); } -int +static int ldap_getservent_r(struct servent *serv, char *buffer, size_t bufsize, struct servent **result) { @@ -278,22 +291,77 @@ return (rv); } -void +static void ldap_setservent() { __nss_ldap_setent(NSS_LDAP_MAP_SERVICES); } - int __ldap_setservent(void *retval, void *mdata, va_list ap) { + + ldap_setservent(); return (NS_UNAVAIL); } int __ldap_servent(void *retval, void *mdata, va_list ap) { - return (NS_UNAVAIL); + struct servent *serv, *result; + char *buffer; + size_t bufsize; + int *errnop; + + char *name, *proto; + int port; + int rv; + + assert(mdata != NULL); + + switch ((enum nss_lookup_type)mdata) { + case nss_lt_name: + name = va_arg(ap, char *); + proto = va_arg(ap, char *); + break; + case nss_lt_id: + port = va_arg(ap, int); + proto = va_arg(ap, char *); + break; + case nss_lt_all: + break; + default: + /* CONSIDERED UNREACHABLE */ + return (NS_UNAVAIL); + } + + serv = va_arg(ap, struct servent *); + buffer = va_arg(ap, char *); + bufsize = va_arg(ap, size_t); + errnop = va_arg(ap, int *); + + switch ((enum nss_lookup_type)mdata) { + case nss_lt_name: + rv = ldap_getservbyname_r(name, proto, serv, buffer, bufsize, + &result); + break; + case nss_lt_id: + rv = ldap_getservbyport_r(port, proto, serv, buffer, bufsize, + &result); + break; + case nss_lt_all: + rv = ldap_getservent_r(serv, buffer, bufsize, &result); + break; + default: + break; + } + + if ((rv == NS_SUCCESS) && (retval != NULL)) + *(struct servent **)retval = result; + + if ((rv != NS_SUCCESS) && (rv != NS_NOTFOUND)) + *errnop = errno; + + return (rv); } ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldap_serv.h#3 (text+ko) ==== @@ -29,18 +29,6 @@ #ifndef _LDAP_SERV_H_ #define _LDAP_SERV_H_ -int -ldap_getservbyname_r(const char *name, const char *proto, struct servent *serv, - char *buffer, size_t bufsize, struct servent **result); -int -ldap_getservbyport_r(int port, const char *proto, struct servent *serv, - char *buffer, size_t bufsize, struct servent **result); -int -ldap_getservent_r(struct servent *serv, char *buffer, size_t bufsize, - struct servent **result); -void -ldap_setservent(); - extern int __ldap_setservent(void *, void *, va_list); extern int __ldap_servent(void *, void *, va_list); ==== //depot/projects/soc2006/nss_ldap_cached/src/lib/nss_ldap/ldapconf.c#7 (text+ko) ==== @@ -64,27 +64,39 @@ } static int -get_number(const char *str, int low, int max) +get_number(const char *str, int low, int max, int *res) { - char *end = NULL; - int res = 0; if (str[0] == '\0') return (-1); - res = strtol(str, &end, 10); + *res = strtol(str, &end, 10); if (*end != '\0') return (NSS_LDAP_PARSE_ERROR); else - if (((res >= low) || (low == -1)) && - ((res <= max) || (max == -1))) - return (res); + if (((*res >= low) || (low == -1)) && + ((*res <= max) || (max == -1))) + return (NSS_LDAP_SUCCESS); else return (NSS_LDAP_PARSE_ERROR); } static int +get_yesno(const char *str, int *value) +{ + if (strcmp(str, "yes") == 0) { + *value = NSS_LDAP_OPTION_YES; + return (NSS_LDAP_SUCCESS); + } else if (strcmp(str, "no") == 0) { + *value = NSS_LDAP_OPTION_NO; + return (NSS_LDAP_SUCCESS); + } + + return (NSS_LDAP_PARSE_ERROR); +} + +static int set_base_map(struct nss_ldap_configuration *conf, char const *left_arg, char const *right_arg) { @@ -137,23 +149,31 @@ assert(conf != NULL); memset(conf, 0, sizeof(struct nss_ldap_configuration)); - conf->host = strdup("ident2.r61.net ident1.r61.net"); - assert(conf->host != NULL); - conf->port = LDAP_PORT; conf->proto_version = NSS_LDAP_PROTO_VERSION_3; conf->ssl_mode = NSS_LDAP_SSL_OFF;//NSS_LDAP_SSL_START_TLS; + conf->search_limit = 0; + conf->bind_timelimit = 30; + conf->idle_timelimit = 0; + conf->search_timelimit = 0; + conf->reconnect_sleeptime = 4; + conf->max_reconnect_sleeptime = 64; + conf->max_conntries = 5; + conf->max_reconnect_conntries = 2; + conf->deref = NSS_LDAP_DEREF_NEVER; + conf->scope = NSS_LDAP_SCOPE_SUB; + conf->bind_policy = NSS_LDAP_BIND_POLICY_HARD_OPEN; + conf->connect_policy = NSS_LDAP_CONNECT_POLICY_PERSIST_PERTHREAD; + conf->restart = 0; + conf->debug = 0; - conf->bind_dn = strdup( - "uid=nssproxy,ou=Users,ou=LDAPAccess,ou=Domains,dc=r61,dc=net"); + conf->root_bind_dn = conf->bind_dn = strdup(""); assert(conf->bind_dn != NULL); - - conf->root_bind_dn = strdup(conf->bind_dn); - assert(conf->root_bind_dn != NULL); - - conf->bind_pw = strdup("[passwd]"); + conf->root_bind_pw = conf->bind_pw = strdup(""); assert(conf->bind_pw != NULL); - + conf->root_sasl_authid = conf->sasl_authid = strdup(""); + assert(conf->sasl_authid != NULL); + //__nss_ldap_init_start_tls_simple_auth_method(&conf->connection_method); __nss_ldap_init_simple_auth_method(&conf->connection_method); __nss_ldap_init_default_search_method(&conf->search_method); @@ -166,9 +186,9 @@ { FILE *fin; char buffer[1024]; - char *fields[16]; + char *fields[16], *str; int field_count, line_num, value; - int i, res; + int i, res, rv; assert(conf != NULL); assert(fname != NULL); @@ -195,18 +215,6 @@ case '\0': printf("== %s, %d ==\n", __FILE__, __LINE__); continue; - case 'h': - printf("== %s, %d ==\n", __FILE__, __LINE__); - if (strcmp(fields[0], "host") == 0) { - /* TODO: add support for multiple hosts */ - if (field_count >= 2) { - free(conf->host); - conf->host = strdup(fields[1]); - assert(conf->host != NULL); - continue; - } - } - break; case 'b': printf("== %s, %d ==\n", __FILE__, __LINE__); if (strcmp(fields[0], "base") == 0) { @@ -230,8 +238,100 @@ assert(conf->bind_pw != NULL); continue; } + } else if (strcmp(fields[0], "bind_timelimit") == 0) { + if ((field_count == 2) && + (get_number(fields[1], 0, -1, &value) == + NSS_LDAP_SUCCESS)) { + conf->bind_timelimit = value; + continue; + } + } else if (strcmp(fields[0], "bind_policy") == 0) { + if (field_count == 2) { + if (strcmp(fields[1], "hard_open") == 0) { + conf->bind_policy = + NSS_LDAP_BIND_POLICY_HARD_OPEN; + continue; + } else if (strcmp(fields[1], "hard_init") == 0) { + conf->bind_policy = + NSS_LDAP_BIND_POLICY_HARD_INIT; + continue; + } else if (strcmp(fields[1], "soft") == 0) { + conf->bind_policy = + NSS_LDAP_BIND_POLICY_SOFT; + continue; + } + } } break; + case 'd': + if (strcmp(fields[0], "deref") == 0) { + if (field_count == 2) { + if (strcmp(fields[1], "never") == 0) { + conf->deref = NSS_LDAP_DEREF_NEVER; + continue; + } else if (strcmp(fields[1], + "searching") == 0) { + conf->deref = NSS_LDAP_DEREF_SEARCHING; + continue; + } else if (strcmp(fields[1], "finding") == 0) { + conf->deref = NSS_LDAP_DEREF_FINDING; + continue; + } else if (strcmp(fields[1], "always") == 0) { + conf->deref = NSS_LDAP_DEREF_ALWAYS; + continue; + } + } + } else if (strcmp(fields[0], "debug") == 0) { + if ((field_count == 2) && + (get_number(fields[1], 0, -1, &value) == + NSS_LDAP_SUCCESS)) { + conf->debug = value; + continue; + } + } + break; + case 'h': + printf("== %s, %d ==\n", __FILE__, __LINE__); + if (strcmp(fields[0], "host") == 0) { + if (field_count >= 2) { + if (conf->hosts != NULL) + sl_free(conf->hosts, 1); + + conf->hosts = sl_init(); + assert(conf->hosts != NULL); + + for (i = 1; i < field_count; ++i) { + str = strdup(fields[i]); + assert(str != NULL); + rv = sl_add(conf->hosts, str); + if (rv != 0) { + /* TODO: write to logs */ + } + } + continue; + } + } + break; + case 'i': + if (strcmp(fields[0], "idle_timelimit") == 0) { + if ((field_count == 2) && + (get_number(fields[1], 0, -1, &value) == + NSS_LDAP_SUCCESS)) { + conf->idle_timelimit = value; + continue; + } + } + break; + case 'k': + if (strcmp(fields[0], "krb5_ccname") == 0) { + if (field_count == 2) { + free(conf->krb5_ccname); + conf->krb5_ccname = strdup(fields[1]); + assert(conf->krb5_ccname != NULL); + continue; + } + } + break; case 'l': printf("== %s, %d ==\n", __FILE__, __LINE__); /* NOTE: we'd probably better use @@ -239,11 +339,18 @@ * NSS_LDAP_PROTO_VERSION_3 constants here */ if (strcmp(fields[0], "ldap-version") == 0) { if ((field_count == 2) && - (value = get_number(fields[1], 2, 3) == + (get_number(fields[1], 2, 3, &value) == NSS_LDAP_SUCCESS)) { conf->proto_version = value; continue; } + } else if (strcmp(fields[0], "logdir") == 0) { + if (field_count == 2) { + free(conf->logdir); + conf->logdir = strdup(fields[1]); + assert(conf->logdir); + continue; + } } break; case 'n': @@ -282,13 +389,30 @@ fields[1], fields[2]) == NSS_LDAP_SUCCESS)) continue; + } else if (strcmp(fields[0], "nss_connect_policy") == 0) { + if (field_count == 2) { + if ((strcmp(fields[1], "persist") == 0) || + (strcmp(fields[1], "persist_per_thread") == 0)) { + conf->connect_policy = + NSS_LDAP_CONNECT_POLICY_PERSIST_PERTHREAD; + continue; + } else if (strcmp(fields[1], "persist_per_process") == 0) { + conf->connect_policy = + NSS_LDAP_CONNECT_POLICY_PERSIST_PERPROCESS; + continue; + } else if (strcmp(fields[1], "oneshot") == 0) { + conf->connect_policy = + NSS_LDAP_CONNECT_POLICY_ONESHOT; + continue; + } + } } break; case 'p': printf("== %s, %d ==\n", __FILE__, __LINE__); if (strcmp(fields[0], "port") == 0) { if ((field_count == 2) && - (value = get_number(fields[1], 0, -1) == + (get_number(fields[1], 0, -1, &value) == NSS_LDAP_SUCCESS)) { conf->port = value; continue; @@ -304,11 +428,53 @@ assert(conf->root_bind_dn != NULL); continue; } - } + } else if (strcmp(fields[0], "rootbindpw") == 0) { + if (field_count == 2) { + free(conf->root_bind_pw); + conf->root_bind_pw = strdup(fields[1]); + assert(conf->root_bind_pw != NULL); + continue; + } + } else if (strcmp(fields[0], "restart") == 0) { + if ((field_count == 2) && + (get_yesno(fields[2], &value) == + NSS_LDAP_SUCCESS)) + conf->restart = value; + } else if (strcmp(fields[0], "referrals") == 0) { + if ((field_count == 2) && + (get_yesno(fields[2], &value) == + NSS_LDAP_SUCCESS)) + conf->referrals = value; + } else if (strcmp(fields[0], "rootuse_sasl") == 0) { + if ((field_count == 2) && + (get_yesno(fields[2], &value) == + NSS_LDAP_SUCCESS)) + conf->root_use_sasl = value; + } else if (strcmp(fields[0], "rootsasl_auth_id") == 0) { + if (field_count == 2) { + free(conf->root_sasl_authid); + conf->root_sasl_authid = strdup(fields[1]); + assert(conf->root_sasl_authid != NULL); + continue; + } + } break; case 's': printf("== %s, %d ==\n", __FILE__, __LINE__); - if (strcmp(fields[0], "ssl") == 0) { + if (strcmp(fields[0], "scope") == 0) { + if (field_count == 2) { + if (strcmp(fields[1], "sub") == 0) { + conf->scope = NSS_LDAP_SCOPE_SUB; + continue; >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608041713.k74HDtTQ017865>