diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2009-06-06 20:46:33 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2009-06-06 20:46:33 +0000 |
| commit | 285930cbcc3e2074ed7fe78a47aec55e49749953 (patch) | |
| tree | 923db25377f59fcd0369eb1251fbd391140898a2 | |
| parent | 6a0fbfe59622f76a2546e089d896a4c5ff3eea9b (diff) | |
implement case-sensitive filtering for group, netgroup, passwd, protocols, rpc, services and shadow lookups
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@934 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | README | 28 | ||||
| -rw-r--r-- | nslcd/alias.c | 29 | ||||
| -rw-r--r-- | nslcd/ether.c | 32 | ||||
| -rw-r--r-- | nslcd/group.c | 26 | ||||
| -rw-r--r-- | nslcd/netgroup.c | 11 | ||||
| -rw-r--r-- | nslcd/passwd.c | 55 | ||||
| -rw-r--r-- | nslcd/protocol.c | 17 | ||||
| -rw-r--r-- | nslcd/rpc.c | 17 | ||||
| -rw-r--r-- | nslcd/service.c | 52 | ||||
| -rw-r--r-- | nslcd/shadow.c | 45 | ||||
| -rwxr-xr-x | tests/test_nsscmds.sh | 60 |
11 files changed, 211 insertions, 161 deletions
@@ -313,8 +313,8 @@ the uid attribute. If the DN value already contains a uid value (e.g. uid=arthur, dc=example, dc=com) the lookup is skipped and the value from the DN is used. A cache is -maintained that holds on to DN to uid translations for 15 minutes -(see DN2UID_CACHE_TIMEOUT in nslcd/passwd.c). +maintained that holds on to DN to uid translations for 15 minutes (see +DN2UID_CACHE_TIMEOUT in nslcd/passwd.c). In all cases, users that are specified as member multiple times are returned only once. @@ -323,15 +323,25 @@ Currently, having nested groups by uniqueMember values pointing to other groups, as well as the memberOf attribute in posixAccount entries are unsupported. - -MISC NOTES -========== +case sensitivity +---------------- Most values in the NSS databases are considered case-sensitive (e.g. the user -"Foo" is a different user from "foo"). Values in an LDAP database are however -case-insensitive. This may cause problems in some corner cases, especially -when nscd is used for caching. For example, when doing a lookup for the user -"Foo" the user "foo" will be returned if it exists in the database. +"Foo" is a different user from the user "foo"). Values in an LDAP database are +however cosidered case-insensitive. nss-ldapd tries to solve this problem by +adding an extra filtering layer and ensure that e.g. when looking for the user +"foo" it will not return a user "Foo" that is found in LDAP. + +For the group, netgroup, passwd, protocols, rpc, services and shadow maps the +matches will be checked case-sensitively and for aliases, ethers, hosts and +networks matches will be case-insensitive (this seems to be what Glibc is +doing currently with flat files). Only searching for groups by member the +username matching is done case-insensitive. Note that in all cases the +case-use in the LDAP directory is returned. + +Note however that having entries that only differ in case is a bad idea and +will likely get you in trouble. One example of such a problem is that the DN +uid=test,dc=example,dc=com is the same as uid=TEST,dc=example,dc=com. REPORTING BUGS diff --git a/nslcd/alias.c b/nslcd/alias.c index bcdd48a..ed744f1 100644 --- a/nslcd/alias.c +++ b/nslcd/alias.c @@ -94,34 +94,27 @@ void alias_init(void) static int write_alias(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqalias) { int32_t tmpint32,tmp2int32,tmp3int32; - const char *tmparr[2]; const char **names,**members; int i; /* get the name of the alias */ - if (reqalias!=NULL) + names=myldap_get_values(entry,attmap_alias_cn); + if ((names==NULL)||(names[0]==NULL)) { - names=tmparr; - names[0]=reqalias; - names[1]=NULL; - } - else - { - names=myldap_get_values(entry,attmap_alias_cn); - if ((names==NULL)||(names[0]==NULL)) - { - log_log(LOG_WARNING,"alias entry %s does not contain %s value", - myldap_get_dn(entry),attmap_alias_cn); - return 0; - } + log_log(LOG_WARNING,"alias entry %s does not contain %s value", + myldap_get_dn(entry),attmap_alias_cn); + return 0; } /* get the members of the alias */ members=myldap_get_values(entry,attmap_alias_rfc822MailMember); /* for each name, write an entry */ for (i=0;names[i]!=NULL;i++) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,names[i]); - WRITE_STRINGLIST(fp,members); + if ((reqalias==NULL)||(strcasecmp(reqalias,names[i])==0)) + { + WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_STRING(fp,names[i]); + WRITE_STRINGLIST(fp,members); + } } return 0; } diff --git a/nslcd/ether.c b/nslcd/ether.c index 1bfa200..4a1d6a0 100644 --- a/nslcd/ether.c +++ b/nslcd/ether.c @@ -124,21 +124,12 @@ static int write_ether(TFILE *fp,MYLDAP_ENTRY *entry, const char **names,**ethers; int i,j; /* get the name of the ether entry */ - if (reqname!=NULL) + names=myldap_get_values(entry,attmap_ether_cn); + if ((names==NULL)||(names[0]==NULL)) { - names=tmparr; - names[0]=reqname; - names[1]=NULL; - } - else - { - names=myldap_get_values(entry,attmap_ether_cn); - if ((names==NULL)||(names[0]==NULL)) - { - log_log(LOG_WARNING,"ether entry %s does not contain %s value", - myldap_get_dn(entry),attmap_ether_cn); - return 0; - } + log_log(LOG_WARNING,"ether entry %s does not contain %s value", + myldap_get_dn(entry),attmap_ether_cn); + return 0; } /* get the addresses */ if (reqether!=NULL) @@ -160,12 +151,13 @@ static int write_ether(TFILE *fp,MYLDAP_ENTRY *entry, } /* write entries for all names and addresses */ for (i=0;names[i]!=NULL;i++) - for (j=0;ethers[j]!=NULL;j++) - { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,names[i]); - WRITE_ETHER(fp,ethers[j]); - } + if ((reqname==NULL)||(strcasecmp(reqname,names[i])==0)) + for (j=0;ethers[j]!=NULL;j++) + { + WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_STRING(fp,names[i]); + WRITE_ETHER(fp,ethers[j]); + } return 0; } diff --git a/nslcd/group.c b/nslcd/group.c index 6bb7e8c..1926a33 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -145,7 +145,7 @@ void group_init(void) static int do_write_group( TFILE *fp,MYLDAP_ENTRY *entry,const char **names,gid_t gids[],int numgids, - const char *passwd,SET *members) + const char *passwd,SET *members,const char *reqname) { int32_t tmpint32; int i,j; @@ -167,7 +167,7 @@ static int do_write_group( log_log(LOG_WARNING,"group entry %s contains invalid group name: \"%s\"", myldap_get_dn(entry),names[i]); } - else + else if ((reqname==NULL)||(strcmp(reqname,names[i])==0)) { for (j=0;j<numgids;j++) { @@ -229,7 +229,6 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname, const gid_t *reqgid,int wantmembers, MYLDAP_SESSION *session) { - const char *tmparr[2]; const char **names,**gidvalues; const char *passwd; SET *members; @@ -238,21 +237,12 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname, char *tmp; int rc; /* get group name (cn) */ - if (reqname!=NULL) + names=myldap_get_values(entry,attmap_group_cn); + if ((names==NULL)||(names[0]==NULL)) { - names=tmparr; - names[0]=reqname; - names[1]=NULL; - } - else - { - names=myldap_get_values(entry,attmap_group_cn); - if ((names==NULL)||(names[0]==NULL)) - { - log_log(LOG_WARNING,"group entry %s does not contain %s value", - myldap_get_dn(entry),attmap_group_cn); - return 0; - } + log_log(LOG_WARNING,"group entry %s does not contain %s value", + myldap_get_dn(entry),attmap_group_cn); + return 0; } /* get the group id(s) */ if (reqgid!=NULL) @@ -291,7 +281,7 @@ static int write_group(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname, members=NULL; /* write entries (split to a separate function so we can ensure the call to free() below in case a write fails) */ - rc=do_write_group(fp,entry,names,gids,numgids,passwd,members); + rc=do_write_group(fp,entry,names,gids,numgids,passwd,members,reqname); /* free and return */ if (members!=NULL) set_free(members); diff --git a/nslcd/netgroup.c b/nslcd/netgroup.c index 6c38216..58078f8 100644 --- a/nslcd/netgroup.c +++ b/nslcd/netgroup.c @@ -200,12 +200,19 @@ static int write_netgroup_triple(TFILE *fp,const char *triple) if (write_netgroup_triple(fp,triple)) \ return -1; -static int write_netgroup(TFILE *fp,MYLDAP_ENTRY *entry) +static int write_netgroup(TFILE *fp,MYLDAP_ENTRY *entry, const char *reqname) { int32_t tmpint32; int i; + const char **names; const char **triples; const char **members; + /* get the netgroup name */ + names=myldap_get_values(entry,attmap_netgroup_cn); + for (i=0;(names[i]!=NULL)&&(strcmp(reqname,names[i])!=0);i++) + /* nothing here */ ; + if (names[i]==NULL) + return 0; /* the name was not found */ /* get the netgroup triples and member */ triples=myldap_get_values(entry,attmap_netgroup_nisNetgroupTriple); members=myldap_get_values(entry,attmap_netgroup_memberNisNetgroup); @@ -238,5 +245,5 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_netgroup_byname(%s)",name);, NSLCD_ACTION_NETGROUP_BYNAME, mkfilter_netgroup_byname(name,filter,sizeof(filter)), - write_netgroup(fp,entry) + write_netgroup(fp,entry,name) ) diff --git a/nslcd/passwd.c b/nslcd/passwd.c index 58bc8f3..3896aea 100644 --- a/nslcd/passwd.c +++ b/nslcd/passwd.c @@ -295,7 +295,6 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, const uid_t *requid) { int32_t tmpint32; - const char *tmparr[2]; const char **tmpvalues; char *tmp; const char **usernames; @@ -308,21 +307,12 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, const char *shell; int i,j; /* get the usernames for this entry */ - if (requser!=NULL) + usernames=myldap_get_values(entry,attmap_passwd_uid); + if ((usernames==NULL)||(usernames[0]==NULL)) { - usernames=tmparr; - usernames[0]=requser; - usernames[1]=NULL; - } - else - { - usernames=myldap_get_values(entry,attmap_passwd_uid); - if ((usernames==NULL)||(usernames[0]==NULL)) - { - log_log(LOG_WARNING,"passwd entry %s does not contain %s value", - myldap_get_dn(entry),attmap_passwd_uid); - return 0; - } + log_log(LOG_WARNING,"passwd entry %s does not contain %s value", + myldap_get_dn(entry),attmap_passwd_uid); + return 0; } /* get the password for this entry */ if (myldap_has_objectclass(entry,"shadowAccount")) @@ -436,27 +426,28 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, } /* write the entries */ for (i=0;usernames[i]!=NULL;i++) - { - if (!isvalidname(usernames[i])) - { - log_log(LOG_WARNING,"passwd entry %s contains invalid user name: \"%s\"", - myldap_get_dn(entry),usernames[i]); - } - else + if ((requser==NULL)||(strcmp(requser,usernames[i])==0)) { - for (j=0;j<numuids;j++) + if (!isvalidname(usernames[i])) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,usernames[i]); - WRITE_STRING(fp,passwd); - WRITE_TYPE(fp,uids[j],uid_t); - WRITE_TYPE(fp,gid,gid_t); - WRITE_STRING(fp,gecos); - WRITE_STRING(fp,homedir); - WRITE_STRING(fp,shell); + log_log(LOG_WARNING,"passwd entry %s contains invalid user name: \"%s\"", + myldap_get_dn(entry),usernames[i]); + } + else + { + for (j=0;j<numuids;j++) + { + WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_STRING(fp,usernames[i]); + WRITE_STRING(fp,passwd); + WRITE_TYPE(fp,uids[j],uid_t); + WRITE_TYPE(fp,gid,gid_t); + WRITE_STRING(fp,gecos); + WRITE_STRING(fp,homedir); + WRITE_STRING(fp,shell); + } } } - } return 0; } diff --git a/nslcd/protocol.c b/nslcd/protocol.c index 595427b..fadb66f 100644 --- a/nslcd/protocol.c +++ b/nslcd/protocol.c @@ -100,7 +100,7 @@ void protocol_init(void) protocol_attrs[2]=NULL; } -static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry) +static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) { int32_t tmpint32,tmp2int32,tmp3int32; const char *name; @@ -108,6 +108,7 @@ static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry) const char **protos; char *tmp; int proto; + int i; /* get the most canonical name */ name=myldap_get_rdn_value(entry,attmap_protocol_cn); /* get the other names for the protocol */ @@ -121,6 +122,14 @@ static int write_protocol(TFILE *fp,MYLDAP_ENTRY *entry) /* if the protocol name is not yet found, get the first entry */ if (name==NULL) name=aliases[0]; + /* check case of returned protocol entry */ + if ((reqname!=NULL)&&(strcmp(reqname,name)!=0)) + { + for (i=0;(aliases[i]!=NULL)&&(strcmp(reqname,aliases[i])!=0);i++) + /* nothing here */ ; + if (aliases[i]==NULL) + return 0; /* neither the name nor any of the aliases matched */ + } /* get the protocol number */ protos=myldap_get_values(entry,attmap_protocol_ipProtocolNumber); if ((protos==NULL)||(protos[0]==NULL)) @@ -157,7 +166,7 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_protocol_byname(%s)",name);, NSLCD_ACTION_PROTOCOL_BYNAME, mkfilter_protocol_byname(name,filter,sizeof(filter)), - write_protocol(fp,entry) + write_protocol(fp,entry,name) ) NSLCD_HANDLE( @@ -168,7 +177,7 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_protocol_bynumber(%d)",protocol);, NSLCD_ACTION_PROTOCOL_BYNUMBER, mkfilter_protocol_bynumber(protocol,filter,sizeof(filter)), - write_protocol(fp,entry) + write_protocol(fp,entry,NULL) ) NSLCD_HANDLE( @@ -178,5 +187,5 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_protocol_all()");, NSLCD_ACTION_PROTOCOL_ALL, (filter=protocol_filter,0), - write_protocol(fp,entry) + write_protocol(fp,entry,NULL) ) diff --git a/nslcd/rpc.c b/nslcd/rpc.c index 7480b4f..9958d48 100644 --- a/nslcd/rpc.c +++ b/nslcd/rpc.c @@ -101,7 +101,7 @@ void rpc_init(void) } /* write a single rpc entry to the stream */ -static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry) +static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqname) { int32_t tmpint32,tmp2int32,tmp3int32; const char *name; @@ -109,6 +109,7 @@ static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry) const char **numbers; char *tmp; int number; + int i; /* get the most canonical name */ name=myldap_get_rdn_value(entry,attmap_rpc_cn); /* get the other names for the rpc entries */ @@ -122,6 +123,14 @@ static int write_rpc(TFILE *fp,MYLDAP_ENTRY *entry) /* if the rpc name is not yet found, get the first entry */ if (name==NULL) name=aliases[0]; + /* check case of returned rpc entry */ + if ((reqname!=NULL)&&(strcmp(reqname,name)!=0)) + { + for (i=0;(aliases[i]!=NULL)&&(strcmp(reqname,aliases[i])!=0);i++) + /* nothing here */ ; + if (aliases[i]==NULL) + return 0; /* neither the name nor any of the aliases matched */ + } /* get the rpc number */ numbers=myldap_get_values(entry,attmap_rpc_oncRpcNumber); if ((numbers==NULL)||(numbers[0]==NULL)) @@ -158,7 +167,7 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_rpc_byname(%s)",name);, NSLCD_ACTION_RPC_BYNAME, mkfilter_rpc_byname(name,filter,sizeof(filter)), - write_rpc(fp,entry) + write_rpc(fp,entry,name) ) NSLCD_HANDLE( @@ -169,7 +178,7 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_rpc_bynumber(%d)",number);, NSLCD_ACTION_RPC_BYNUMBER, mkfilter_rpc_bynumber(number,filter,sizeof(filter)), - write_rpc(fp,entry) + write_rpc(fp,entry,NULL) ) NSLCD_HANDLE( @@ -179,5 +188,5 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_rpc_all()");, NSLCD_ACTION_RPC_ALL, (filter=rpc_filter,0), - write_rpc(fp,entry) + write_rpc(fp,entry,NULL) ) diff --git a/nslcd/service.c b/nslcd/service.c index 64129ca..cb9cf4f 100644 --- a/nslcd/service.c +++ b/nslcd/service.c @@ -127,14 +127,14 @@ void service_init(void) service_attrs[3]=NULL; } -static int write_service(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqprotocol) +static int write_service(TFILE *fp,MYLDAP_ENTRY *entry, + const char *reqname,const char *reqprotocol) { int32_t tmpint32,tmp2int32,tmp3int32; const char *name; const char **aliases; const char **ports; const char **protocols; - const char *tmparr[2]; char *tmp; int port; int i; @@ -151,6 +151,14 @@ static int write_service(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqprotocol) /* if the service name is not yet found, get the first entry */ if (name==NULL) name=aliases[0]; + /* check case of returned servies entry */ + if ((reqname!=NULL)&&(strcmp(reqname,name)!=0)) + { + for (i=0;(aliases[i]!=NULL)&&(strcmp(reqname,aliases[i])!=0);i++) + /* nothing here */ ; + if (aliases[i]==NULL) + return 0; /* neither the name nor any of the aliases matched */ + } /* get the service number */ ports=myldap_get_values(entry,attmap_service_ipServicePort); if ((ports==NULL)||(ports[0]==NULL)) @@ -172,31 +180,23 @@ static int write_service(TFILE *fp,MYLDAP_ENTRY *entry,const char *reqprotocol) return 0; } /* get protocols */ - if ((reqprotocol!=NULL)&&(*reqprotocol!='\0')) + protocols=myldap_get_values(entry,attmap_service_ipServiceProtocol); + if ((protocols==NULL)||(protocols[0]==NULL)) { - protocols=tmparr; - protocols[0]=reqprotocol; - protocols[1]=NULL; - } - else - { - protocols=myldap_get_values(entry,attmap_service_ipServiceProtocol); - if ((protocols==NULL)||(protocols[0]==NULL)) - { - log_log(LOG_WARNING,"service entry %s does not contain %s value", - myldap_get_dn(entry),attmap_service_ipServiceProtocol); - return 0; - } + log_log(LOG_WARNING,"service entry %s does not contain %s value", + myldap_get_dn(entry),attmap_service_ipServiceProtocol); + return 0; } /* write the entries */ for (i=0;protocols[i]!=NULL;i++) - { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,name); - WRITE_STRINGLIST_EXCEPT(fp,aliases,name); - WRITE_INT32(fp,port); - WRITE_STRING(fp,protocols[i]); - } + if ((reqprotocol==NULL)||(*reqprotocol=='\0')||(strcmp(reqprotocol,protocols[i])==0)) + { + WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_STRING(fp,name); + WRITE_STRINGLIST_EXCEPT(fp,aliases,name); + WRITE_INT32(fp,port); + WRITE_STRING(fp,protocols[i]); + } return 0; } @@ -210,7 +210,7 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_service_byname(%s,%s)",name,protocol);, NSLCD_ACTION_SERVICE_BYNAME, mkfilter_service_byname(name,protocol,filter,sizeof(filter)), - write_service(fp,entry,protocol) + write_service(fp,entry,name,protocol) ) NSLCD_HANDLE( @@ -223,7 +223,7 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_service_bynumber(%d,%s)",number,protocol);, NSLCD_ACTION_SERVICE_BYNUMBER, mkfilter_service_bynumber(number,protocol,filter,sizeof(filter)), - write_service(fp,entry,protocol) + write_service(fp,entry,NULL,protocol) ) NSLCD_HANDLE( @@ -233,5 +233,5 @@ NSLCD_HANDLE( log_log(LOG_DEBUG,"nslcd_service_all()");, NSLCD_ACTION_SERVICE_ALL, (filter=service_filter,0), - write_service(fp,entry,NULL) + write_service(fp,entry,NULL,NULL) ) diff --git a/nslcd/shadow.c b/nslcd/shadow.c index ff46355..44c63db 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -192,7 +192,6 @@ static long to_date(const char *date,const char *attr) static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) { int32_t tmpint32; - const char *tmparr[2]; const char **tmpvalues; char *tmp; const char **usernames; @@ -206,21 +205,12 @@ static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) unsigned long flag; int i; /* get username */ - if (requser!=NULL) + usernames=myldap_get_values(entry,attmap_shadow_uid); + if ((usernames==NULL)||(usernames[0]==NULL)) { - usernames=tmparr; - usernames[0]=requser; - usernames[1]=NULL; - } - else - { - usernames=myldap_get_values(entry,attmap_shadow_uid); - if ((usernames==NULL)||(usernames[0]==NULL)) - { - log_log(LOG_WARNING,"passwd entry %s does not contain %s value", - myldap_get_dn(entry),attmap_shadow_uid); - return 0; - } + log_log(LOG_WARNING,"passwd entry %s does not contain %s value", + myldap_get_dn(entry),attmap_shadow_uid); + return 0; } /* get password */ passwd=get_userpassword(entry,attmap_shadow_userPassword); @@ -249,18 +239,19 @@ static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) } /* write the entries */ for (i=0;usernames[i]!=NULL;i++) - { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,usernames[i]); - WRITE_STRING(fp,passwd); - WRITE_INT32(fp,lastchangedate); - WRITE_INT32(fp,mindays); - WRITE_INT32(fp,maxdays); - WRITE_INT32(fp,warndays); - WRITE_INT32(fp,inactdays); - WRITE_INT32(fp,expiredate); - WRITE_INT32(fp,flag); - } + if ((requser==NULL)||(strcmp(requser,usernames[i])==0)) + { + WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_STRING(fp,usernames[i]); + WRITE_STRING(fp,passwd); + WRITE_INT32(fp,lastchangedate); + WRITE_INT32(fp,mindays); + WRITE_INT32(fp,maxdays); + WRITE_INT32(fp,warndays); + WRITE_INT32(fp,inactdays); + WRITE_INT32(fp,expiredate); + WRITE_INT32(fp,flag); + } return 0; } diff --git a/tests/test_nsscmds.sh b/tests/test_nsscmds.sh index ed14afd..2469a97 100755 --- a/tests/test_nsscmds.sh +++ b/tests/test_nsscmds.sh @@ -2,7 +2,7 @@ # test.sh - simple test script to check output of name lookup commands # -# Copyright (C) 2007, 2008 Arthur de Jong +# Copyright (C) 2007, 2008, 2009 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -104,6 +104,11 @@ check "getent aliases bar2" << EOM bar2: foobar@example.com EOM +# get alias by different case +check "getent aliases FOO" << EOM +foo: bar@example.com +EOM + ########################################################################### echo "test_nsscmds.sh: testing ether..." @@ -118,6 +123,11 @@ check "getent ethers testhostalias" << EOM 0:18:8a:54:1a:8e testhostalias EOM +# get an entry by hostname with different case +check "getent ethers TESTHOST" << EOM +0:18:8a:54:1a:8e testhost +EOM + # get an entry by ethernet address check "getent ethers 0:18:8a:54:1a:8b" << EOM 0:18:8a:54:1a:8b testhost2 @@ -148,6 +158,10 @@ EOM #users:*:100:arthur,test #EOM +# group with different case should not be found +check "getent group TESTGROUP" << EOM +EOM + check "getent group 6100" << EOM testgroup:*:6100:arthur,test EOM @@ -194,6 +208,11 @@ check "getent hosts testhostalias" << EOM 10.0.0.1 testhost testhostalias EOM +# check hostname with different case +check "getent hosts TESTHOST" << EOM +10.0.0.1 testhost testhostalias +EOM + check "getent hosts 10.0.0.1" << EOM 10.0.0.1 testhost testhostalias EOM @@ -218,6 +237,12 @@ check "getent netgroup tstnetgroup" << EOM tstnetgroup ( , arthur, ) (noot, , ) EOM +# check netgroup lookup with different case +# Note: this should return nothing at all (this is a bug) +check "getent netgroup TSTNETGROUP" << EOM +TSTNETGROUP +EOM + ########################################################################### echo "test_nsscmds.sh: testing networks..." @@ -226,6 +251,11 @@ check "getent networks testnet" << EOM testnet 10.0.0.0 EOM +# check network name with different case +check "getent networks TESTNET" << EOM +testnet 10.0.0.0 +EOM + check "getent networks 10.0.0.0" << EOM testnet 10.0.0.0 EOM @@ -246,6 +276,10 @@ check "getent passwd arthur" << EOM arthur:x:1000:100:Arthur de Jong:/home/arthur:/bin/bash EOM +# check username with different case +check "getent passwd ARTHUR" << EOM +EOM + check "getent passwd 4089" << EOM jguzzetta:x:4089:1000:Josephine Guzzetta:/home/jguzzetta:/bin/bash EOM @@ -267,6 +301,14 @@ check "getent protocols protfooalias" << EOM protfoo 140 protfooalias EOM +# check protocol with different case +check "getent protocols PROTFOO" << EOM +EOM + +# test protocol alias with different case +check "getent protocols PROTFOOALIAS" << EOM +EOM + check "getent protocols 140" << EOM protfoo 140 protfooalias EOM @@ -291,6 +333,10 @@ check "getent rpc rpcfooalias" << EOM rpcfoo 160002 rpcfooalias EOM +# test rpc name with different case +check "getent rpc RPCFOO" << EOM +EOM + check "getent rpc 160002" << EOM rpcfoo 160002 rpcfooalias EOM @@ -314,6 +360,14 @@ EOM check "getent services foosrv/udp" << EOM EOM +# check with different case +check "getent services FOOSRV" << EOM +EOM + +# check protocol name case sensitivity (TCP is commonly an alias) +check "getent services foosrv/tCp" << EOM +EOM + check "getent services 15349/tcp" << EOM foosrv 15349/tcp EOM @@ -365,6 +419,10 @@ check "getent shadow arthur" << EOM arthur:*::100:200:7:2::0 EOM +# check case-sensitivity +check "getent shadow ARTHUR" << EOM +EOM + # check if the number of passwd entries matches the number of shadow entries check "getent shadow | wc -l" << EOM `getent passwd | wc -l` |