diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2007-09-08 15:19:07 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2007-09-08 15:19:07 +0000 |
| commit | 4b539318232ffc077eaa882963b9788d686610cb (patch) | |
| tree | ee200bf041a84ff883270309064e6284d6f421be | |
| parent | 30423d96ecd243663906a3a1c13f1f0e90ac6330 (diff) | |
move filters definitions to the database modules themselves (and already define base and scope but don't use them yet)
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@383 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | nslcd/alias.c | 38 | ||||
| -rw-r--r-- | nslcd/attmap.c | 177 | ||||
| -rw-r--r-- | nslcd/attmap.h | 29 | ||||
| -rw-r--r-- | nslcd/cfg.c | 35 | ||||
| -rw-r--r-- | nslcd/cfg.h | 4 | ||||
| -rw-r--r-- | nslcd/ether.c | 39 | ||||
| -rw-r--r-- | nslcd/group.c | 58 | ||||
| -rw-r--r-- | nslcd/host.c | 40 | ||||
| -rw-r--r-- | nslcd/ldap-nss.c | 18 | ||||
| -rw-r--r-- | nslcd/netgroup.c | 24 | ||||
| -rw-r--r-- | nslcd/network.c | 40 | ||||
| -rw-r--r-- | nslcd/passwd.c | 47 | ||||
| -rw-r--r-- | nslcd/protocol.c | 43 | ||||
| -rw-r--r-- | nslcd/rpc.c | 44 | ||||
| -rw-r--r-- | nslcd/service.c | 51 | ||||
| -rw-r--r-- | nslcd/shadow.c | 43 | ||||
| -rw-r--r-- | nslcd/util.c | 4 |
17 files changed, 370 insertions, 364 deletions
diff --git a/nslcd/alias.c b/nslcd/alias.c index 28c5f03..6933a2b 100644 --- a/nslcd/alias.c +++ b/nslcd/alias.c @@ -44,7 +44,27 @@ #include "log.h" #include "attmap.h" +/* Vendor-specific attributes and object classes. + * (Mainly from Sun.) + * ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP top STRUCTURAL + * DESC 'NIS mail alias' + * MUST cn + * MAY rfc822MailMember ) + */ + +/* the search base for searches */ +const char *alias_base = NULL; + +/* the search scope for searches */ +int alias_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *alias_filter = "(objectClass=nisMailAlias)"; + /* the attributes to request with searches */ +const char *attmap_alias_cn = "cn"; +const char *attmap_alias_rfc822MailMember = "rfc822MailMember"; +/* the attribute list to request with searches */ static const char *alias_attrs[3]; /* create a search filter for searching an alias by name, @@ -58,21 +78,11 @@ static int mkfilter_alias_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_alias_objectClass, + "(&%s(%s=%s))", + alias_filter, attmap_alias_cn,buf2); } -/* create a search filter for enumerating all aliases, - return -1 on errors */ -static int mkfilter_alias_all(char *buffer,size_t buflen) -{ - /* build filter */ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_alias_objectClass); -} - static void alias_attrs_init(void) { alias_attrs[0]=attmap_alias_cn; @@ -142,7 +152,6 @@ int nslcd_alias_all(TFILE *fp) { int32_t tmpint32,tmp2int32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct aliasent result; char buffer[1024]; @@ -156,10 +165,9 @@ int nslcd_alias_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_alias_all(filter,sizeof(filter)); alias_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,alias_attrs,LM_ALIASES,_nss_ldap_parse_alias))==NSLCD_RESULT_SUCCESS) + NULL,alias_filter,alias_attrs,LM_ALIASES,_nss_ldap_parse_alias))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/attmap.c b/nslcd/attmap.c index bec4a51..f3cd025 100644 --- a/nslcd/attmap.c +++ b/nslcd/attmap.c @@ -27,173 +27,42 @@ #include "attmap.h" - const char *attmap_objectClass = "objectClass"; - -/** - * Vendor-specific attributes and object classes. - * (Mainly from Sun.) - * ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP top STRUCTURAL - * DESC 'NIS mail alias' - * MUST cn - * MAY rfc822MailMember ) - */ -const char *attmap_alias_objectClass = "nisMailAlias"; -const char *attmap_alias_cn = "cn"; -const char *attmap_alias_rfc822MailMember = "rfc822MailMember"; - -/* - * ( nisSchema.2.11 NAME 'ieee802Device' SUP top AUXILIARY - * DESC 'A device with a MAC address; device SHOULD be - * used as a structural class' - * MAY macAddress ) - */ -const char *attmap_ether_objectClass = "ieee802Device"; -const char *attmap_ether_cn = "cn"; -const char *attmap_ether_macAddress = "macAddress"; - -/* - * ( nisSchema.2.2 NAME 'posixGroup' SUP top STRUCTURAL - * DESC 'Abstraction of a group of accounts' - * MUST ( cn $ gidNumber ) - * MAY ( userPassword $ uidMember $ description ) ) - */ -const char *attmap_group_objectClass = "posixGroup"; -const char *attmap_group_cn = "cn"; -const char *attmap_group_userPassword = "userPassword"; -const char *attmap_group_gidNumber = "gidNumber"; -const char *attmap_group_memberUid = "memberUid"; -const char *attmap_group_uniqueMember = "uniqueMember"; -const char *attmap_group_memberOf = "memberOf"; - -/* - * ( nisSchema.2.6 NAME 'ipHost' SUP top AUXILIARY - * DESC 'Abstraction of a host, an IP device. The distinguished - * value of the cn attribute denotes the host's canonical - * name. Device SHOULD be used as a structural class' - * MUST ( cn $ ipHostNumber ) - * MAY ( l $ description $ manager ) ) - */ -const char *attmap_host_objectClass = "ipHost"; -const char *attmap_host_cn = "cn"; -const char *attmap_host_ipHostNumber = "ipHostNumber"; - -/* - * ( nisSchema.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL - * DESC 'Abstraction of a netgroup. May refer to other netgroups' - * MUST cn - * MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) - */ -const char *attmap_netgroup_objectClass = "nisNetgroup"; -const char *attmap_netgroup_cn = "cn"; -const char *attmap_netgroup_nisNetgroupTriple = "nisNetgroupTriple"; -const char *attmap_netgroup_memberNisNetgroup = "memberNisNetgroup"; - -/* - * ( nisSchema.2.7 NAME 'ipNetwork' SUP top STRUCTURAL - * DESC 'Abstraction of a network. The distinguished value of - * MUST ( cn $ ipNetworkNumber ) - * MAY ( ipNetmaskNumber $ l $ description $ manager ) ) - */ -const char *attmap_network_objectClass = "ipNetwork"; -const char *attmap_network_cn = "cn"; -const char *attmap_network_ipNetworkNumber = "ipNetworkNumber"; -/*const char *attmap_network_ipNetmaskNumber = "ipNetmaskNumber"; */ - -/* - * ( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY - * DESC 'Abstraction of an account with POSIX attributes' - * MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) - * MAY ( userPassword $ loginShell $ gecos $ description ) ) - */ -const char *attmap_passwd_objectClass = "posixAccount"; -const char *attmap_passwd_uid = "uid"; -const char *attmap_passwd_userPassword = "userPassword"; -const char *attmap_passwd_uidNumber = "uidNumber"; -const char *attmap_passwd_gidNumber = "gidNumber"; -const char *attmap_passwd_gecos = "gecos"; -const char *attmap_passwd_cn = "cn"; -const char *attmap_passwd_homeDirectory = "homeDirectory"; -const char *attmap_passwd_loginShell = "loginShell"; - -/* - * ( nisSchema.2.4 NAME 'ipProtocol' SUP top STRUCTURAL - * DESC 'Abstraction of an IP protocol. Maps a protocol number - * to one or more names. The distinguished value of the cn - * attribute denotes the protocol's canonical name' - * MUST ( cn $ ipProtocolNumber ) - * MAY description ) - */ -const char *attmap_protocol_objectClass = "ipProtocol"; -const char *attmap_protocol_cn = "cn"; -const char *attmap_protocol_ipProtocolNumber = "ipProtocolNumber"; - -/* - * ( nisSchema.2.5 NAME 'oncRpc' SUP top STRUCTURAL - * DESC 'Abstraction of an Open Network Computing (ONC) - * [RFC1057] Remote Procedure Call (RPC) binding. - * This class maps an ONC RPC number to a name. - * The distinguished value of the cn attribute denotes - * the RPC service's canonical name' - * MUST ( cn $ oncRpcNumber ) - * MAY description ) - */ -const char *attmap_rpc_objectClass = "oncRpc"; -const char *attmap_rpc_cn = "cn"; -const char *attmap_rpc_oncRpcNumber = "oncRpcNumber"; - -/* - * ( nisSchema.2.3 NAME 'ipService' SUP top STRUCTURAL - * DESC 'Abstraction an Internet Protocol service. - * Maps an IP port and protocol (such as tcp or udp) - * to one or more names; the distinguished value of - * the cn attribute denotes the service's canonical - * name' - * MUST ( cn $ ipServicePort $ ipServiceProtocol ) - * MAY ( description ) ) - */ -const char *attmap_service_objectClass = "ipService"; -const char *attmap_service_cn = "cn"; -const char *attmap_service_ipServicePort = "ipServicePort"; -const char *attmap_service_ipServiceProtocol = "ipServiceProtocol"; - -/* - * ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY - * DESC 'Additional attributes for shadow passwords' - * MUST uid - * MAY ( userPassword $ shadowLastChange $ shadowMin - * shadowMax $ shadowWarning $ shadowInactive $ - * shadowExpire $ shadowFlag $ description ) ) - */ -const char *attmap_shadow_objectClass = "shadowAccount"; -const char *attmap_shadow_uid = "uid"; -const char *attmap_shadow_userPassword = "userPassword"; -const char *attmap_shadow_shadowLastChange = "shadowLastChange"; -const char *attmap_shadow_shadowMin = "shadowMin"; -const char *attmap_shadow_shadowMax = "shadowMax"; -const char *attmap_shadow_shadowWarning = "shadowWarning"; -const char *attmap_shadow_shadowInactive = "shadowInactive"; -const char *attmap_shadow_shadowExpire = "shadowExpire"; -const char *attmap_shadow_shadowFlag = "shadowFlag"; +const char **filter_get_var(enum ldap_map_selector map) +{ + switch (map) + { + case LM_ALIASES: return &alias_filter; + case LM_ETHERS: return ðer_filter; + case LM_GROUP: return &group_filter; + case LM_HOSTS: return &host_filter; + case LM_NETGROUP: return &netgroup_filter; + case LM_NETWORKS: return &network_filter; + case LM_PASSWD: return &passwd_filter; + case LM_PROTOCOLS: return &protocol_filter; + case LM_RPC: return &rpc_filter; + case LM_SERVICES: return &service_filter; + case LM_SHADOW: return &shadow_filter; + case LM_NONE: + default: return NULL; + } +} const char **attmap_get_var(enum ldap_map_selector map,const char *name) { if (map==LM_ALIASES) { - if (strcasecmp(name,"objectClass")==0) return &attmap_alias_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_alias_cn; if (strcasecmp(name,"rfc822MailMember")==0) return &attmap_alias_rfc822MailMember; } else if (map==LM_ETHERS) { - if (strcasecmp(name,"objectClass")==0) return &attmap_ether_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_ether_cn; if (strcasecmp(name,"macAddress")==0) return &attmap_ether_macAddress; } else if (map==LM_GROUP) { - if (strcasecmp(name,"objectClass")==0) return &attmap_group_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_group_cn; if (strcasecmp(name,"userPassword")==0) return &attmap_group_userPassword; if (strcasecmp(name,"gidNumber")==0) return &attmap_group_gidNumber; @@ -203,26 +72,22 @@ const char **attmap_get_var(enum ldap_map_selector map,const char *name) } else if (map==LM_HOSTS) { - if (strcasecmp(name,"objectClass")==0) return &attmap_host_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_host_cn; if (strcasecmp(name,"ipHostNumber")==0) return &attmap_host_ipHostNumber; } else if (map==LM_NETGROUP) { - if (strcasecmp(name,"objectClass")==0) return &attmap_netgroup_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_netgroup_cn; if (strcasecmp(name,"nisNetgroupTriple")==0) return &attmap_netgroup_nisNetgroupTriple; if (strcasecmp(name,"memberNisNetgroup")==0) return &attmap_netgroup_memberNisNetgroup; } else if (map==LM_NETWORKS) { - if (strcasecmp(name,"objectClass")==0) return &attmap_network_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_network_cn; if (strcasecmp(name,"ipNetworkNumber")==0) return &attmap_network_ipNetworkNumber; } else if (map==LM_PASSWD) { - if (strcasecmp(name,"objectClass")==0) return &attmap_passwd_objectClass; if (strcasecmp(name,"uid")==0) return &attmap_passwd_uid; if (strcasecmp(name,"userPassword")==0) return &attmap_passwd_userPassword; if (strcasecmp(name,"uidNumber")==0) return &attmap_passwd_uidNumber; @@ -234,26 +99,22 @@ const char **attmap_get_var(enum ldap_map_selector map,const char *name) } else if (map==LM_PROTOCOLS) { - if (strcasecmp(name,"objectClass")==0) return &attmap_protocol_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_protocol_cn; if (strcasecmp(name,"ipProtocolNumber")==0) return &attmap_protocol_ipProtocolNumber; } else if (map==LM_RPC) { - if (strcasecmp(name,"objectClass")==0) return &attmap_rpc_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_rpc_cn; if (strcasecmp(name,"oncRpcNumber")==0) return &attmap_rpc_oncRpcNumber; } else if (map==LM_SERVICES) { - if (strcasecmp(name,"objectClass")==0) return &attmap_service_objectClass; if (strcasecmp(name,"cn")==0) return &attmap_service_cn; if (strcasecmp(name,"ipServicePort")==0) return &attmap_service_ipServicePort; if (strcasecmp(name,"ipServiceProtocol")==0) return &attmap_service_ipServiceProtocol; } else if (map==LM_SHADOW) { - if (strcasecmp(name,"objectClass")==0) return &attmap_shadow_objectClass; if (strcasecmp(name,"uid")==0) return &attmap_shadow_uid; if (strcasecmp(name,"userPassword")==0) return &attmap_shadow_userPassword; if (strcasecmp(name,"shadowLastChange")==0) return &attmap_shadow_shadowLastChange; diff --git a/nslcd/attmap.h b/nslcd/attmap.h index abb1287..3b3bc84 100644 --- a/nslcd/attmap.h +++ b/nslcd/attmap.h @@ -25,6 +25,21 @@ #include "ldap-nss.h" +/* These are the filters that are defined per database. */ + +/* TODO: move these to a per-database header file */ +extern const char *alias_filter; +extern const char *ether_filter; +extern const char *group_filter; +extern const char *host_filter; +extern const char *netgroup_filter; +extern const char *network_filter; +extern const char *passwd_filter; +extern const char *protocol_filter; +extern const char *rpc_filter; +extern const char *service_filter; +extern const char *shadow_filter; + /* What follows is a list of attribute names per database. */ /* TODO: replace the objectClass name mapping with filter definitions */ @@ -39,7 +54,6 @@ extern const char *attmap_objectClass; * MUST cn * MAY rfc822MailMember ) */ -extern const char *attmap_alias_objectClass; extern const char *attmap_alias_cn; extern const char *attmap_alias_rfc822MailMember; @@ -49,7 +63,6 @@ extern const char *attmap_alias_rfc822MailMember; * used as a structural class' * MAY macAddress ) */ -extern const char *attmap_ether_objectClass; extern const char *attmap_ether_cn; extern const char *attmap_ether_macAddress; @@ -59,7 +72,6 @@ extern const char *attmap_ether_macAddress; * MUST ( cn $ gidNumber ) * MAY ( userPassword $ uidMember $ description ) ) */ -extern const char *attmap_group_objectClass; extern const char *attmap_group_cn; extern const char *attmap_group_userPassword; extern const char *attmap_group_gidNumber; @@ -75,7 +87,6 @@ extern const char *attmap_group_memberOf; * MUST ( cn $ ipHostNumber ) * MAY ( l $ description $ manager ) ) */ -extern const char *attmap_host_objectClass; extern const char *attmap_host_cn; extern const char *attmap_host_ipHostNumber; @@ -85,7 +96,6 @@ extern const char *attmap_host_ipHostNumber; * MUST cn * MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) */ -extern const char *attmap_netgroup_objectClass; extern const char *attmap_netgroup_cn; extern const char *attmap_netgroup_nisNetgroupTriple; extern const char *attmap_netgroup_memberNisNetgroup; @@ -96,7 +106,6 @@ extern const char *attmap_netgroup_memberNisNetgroup; * MUST ( cn $ ipNetworkNumber ) * MAY ( ipNetmaskNumber $ l $ description $ manager ) ) */ -extern const char *attmap_network_objectClass; extern const char *attmap_network_cn; extern const char *attmap_network_ipNetworkNumber; /*extern const char *attmap_network_ipNetmaskNumber; */ @@ -107,7 +116,6 @@ extern const char *attmap_network_ipNetworkNumber; * MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) * MAY ( userPassword $ loginShell $ gecos $ description ) ) */ -extern const char *attmap_passwd_objectClass; extern const char *attmap_passwd_uid; extern const char *attmap_passwd_userPassword; extern const char *attmap_passwd_uidNumber; @@ -125,7 +133,6 @@ extern const char *attmap_passwd_loginShell; * MUST ( cn $ ipProtocolNumber ) * MAY description ) */ -extern const char *attmap_protocol_objectClass; extern const char *attmap_protocol_cn; extern const char *attmap_protocol_ipProtocolNumber; @@ -139,7 +146,6 @@ extern const char *attmap_protocol_ipProtocolNumber; * MUST ( cn $ oncRpcNumber ) * MAY description ) */ -extern const char *attmap_rpc_objectClass; extern const char *attmap_rpc_cn; extern const char *attmap_rpc_oncRpcNumber; @@ -153,7 +159,6 @@ extern const char *attmap_rpc_oncRpcNumber; * MUST ( cn $ ipServicePort $ ipServiceProtocol ) * MAY ( description ) ) */ -extern const char *attmap_service_objectClass; extern const char *attmap_service_cn; extern const char *attmap_service_ipServicePort; extern const char *attmap_service_ipServiceProtocol; @@ -166,7 +171,6 @@ extern const char *attmap_service_ipServiceProtocol; * shadowMax $ shadowWarning $ shadowInactive $ * shadowExpire $ shadowFlag $ description ) ) */ -extern const char *attmap_shadow_objectClass; extern const char *attmap_shadow_uid; extern const char *attmap_shadow_userPassword; extern const char *attmap_shadow_shadowLastChange; @@ -177,6 +181,9 @@ extern const char *attmap_shadow_shadowInactive; extern const char *attmap_shadow_shadowExpire; extern const char *attmap_shadow_shadowFlag; +/* return a reference to the map specific filter variable */ +const char **filter_get_var(enum ldap_map_selector map); + /* return a reference to the attribute mapping variable for the specified name the name is the name after the attmap_... variables above with the underscode replaced by a dot (e.g passwd.homeDirectory) */ diff --git a/nslcd/cfg.c b/nslcd/cfg.c index 7865254..30548ac 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -194,7 +194,6 @@ static int parse_scope(const char *filename,int lnr,const char *value) static enum ldap_map_selector parse_map(const char *filename,int lnr,const char *value) { - /* TODO: merge this code with attmap_get_var() */ if ( (strcasecmp(value,"alias")==0) || (strcasecmp(value,"aliases")==0) ) return LM_ALIASES; else if ( (strcasecmp(value,"ether")==0) || (strcasecmp(value,"ethers")==0) ) @@ -250,6 +249,7 @@ static void parse_map_statement(const char *filename,int lnr, else if (strcasecmp(opts[3],"pwdLastSet")==0) cfg->ldc_shadow_type=LS_AD_SHADOW; } + /* get the attribute variable to set */ var=attmap_get_var(map,opts[2]); if (var==NULL) { @@ -265,6 +265,29 @@ static void parse_map_statement(const char *filename,int lnr, } } +static void parse_filter_statement(const char *filename,int lnr, + const char **opts) +{ + enum ldap_map_selector map; + const char **var; + /* get the map */ + map=parse_map(filename,lnr,opts[1]); + /* get the filter variable to set */ + var=filter_get_var(map); + if (var==NULL) + { + log_log(LOG_ERR,"%s:%d: unknown map: '%s'",filename,lnr,opts[1]); + exit(EXIT_FAILURE); + } + /* check if the value will be changed */ + if (strcmp(*var,opts[2])!=0) + { + /* Note: we have a memory leak here if a single mapping is changed + multiple times in one config (deemed not a problem) */ + *var=xstrdup(opts[2]); + } +} + static void alloc_lsd(struct ldap_service_search_descriptor **lsd) { if (*lsd!=NULL) @@ -278,8 +301,6 @@ static void alloc_lsd(struct ldap_service_search_descriptor **lsd) /* initialize fields */ (*lsd)->lsd_base=NULL; (*lsd)->lsd_scope=-1; - (*lsd)->lsd_filter=NULL; - (*lsd)->lsd_next=NULL; } static void do_setbase(struct ldap_service_search_descriptor **lsd,const char *base) @@ -294,12 +315,6 @@ static void do_setscope(struct ldap_service_search_descriptor **lsd,int scope) (*lsd)->lsd_scope=scope; } -static void do_setfilter(struct ldap_service_search_descriptor **lsd,const char *filter) -{ - alloc_lsd(lsd); - (*lsd)->lsd_filter=xstrdup(filter);; -} - /* split a line from the configuration file note that this code is not thread safe! the line value will be rewritten! */ @@ -503,7 +518,7 @@ static void cfg_read(const char *filename,struct ldap_config *cfg) else if (strcasecmp(opts[0],"filter")==0) { check_argumentcount(filename,lnr,opts[0],nopts==3); - do_setfilter(&(cfg->ldc_sds[parse_map(filename,lnr,opts[1])]),opts[2]); + parse_filter_statement(filename,lnr,opts); } else if (strcasecmp(opts[0],"map")==0) { diff --git a/nslcd/cfg.h b/nslcd/cfg.h index abf2bae..6a2ed8c 100644 --- a/nslcd/cfg.h +++ b/nslcd/cfg.h @@ -82,10 +82,6 @@ struct ldap_service_search_descriptor char *lsd_base; /* scope */ int lsd_scope; - /* filter */ - char *lsd_filter; - /* next */ - struct ldap_service_search_descriptor *lsd_next; }; struct ldap_config diff --git a/nslcd/ether.c b/nslcd/ether.c index 39c7b9f..a45a64e 100644 --- a/nslcd/ether.c +++ b/nslcd/ether.c @@ -72,7 +72,26 @@ struct ether struct ether_addr e_addr; }; +/* ( nisSchema.2.11 NAME 'ieee802Device' SUP top AUXILIARY + * DESC 'A device with a MAC address; device SHOULD be + * used as a structural class' + * MAY macAddress ) + */ + +/* the search base for searches */ +const char *ether_base = NULL; + +/* the search scope for searches */ +int ether_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *ether_filter = "(objectClass=ieee802Device)"; + /* the attributes to request with searches */ +const char *attmap_ether_cn = "cn"; +const char *attmap_ether_macAddress = "macAddress"; + +/* the attribute list to request with searches */ static const char *ether_attrs[3]; /* create a search filter for searching an ethernet address @@ -86,8 +105,8 @@ static int mkfilter_ether_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_ether_objectClass, + "(&%s(%s=%s))", + ether_filter, attmap_ether_cn,buf2); } @@ -103,19 +122,11 @@ static int mkfilter_ether_byether(const struct ether_addr *addr, /* there should be no characters that need escaping */ /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_ether_objectClass, + "(&%s(%s=%s))", + ether_filter, attmap_ether_macAddress,buf2); } -static int mkfilter_ether_all(char *buffer,size_t buflen) -{ - /* build filter */ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_ether_objectClass); -} - static void ether_attrs_init(void) { ether_attrs[0]=attmap_ether_cn; @@ -224,7 +235,6 @@ int nslcd_ether_byether(TFILE *fp) int nslcd_ether_all(TFILE *fp) { int32_t tmpint32; - char filter[1024]; struct ent_context context; /* these are here for now until we rewrite the LDAP code */ struct ether result; @@ -239,10 +249,9 @@ int nslcd_ether_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_ether_all(filter,sizeof(filter)); ether_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,ether_attrs,LM_ETHERS,_nss_ldap_parse_ether))==NSLCD_RESULT_SUCCESS) + NULL,ether_filter,ether_attrs,LM_ETHERS,_nss_ldap_parse_ether))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/group.c b/nslcd/group.c index 2cb55c0..b4fb1c8 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -111,7 +111,30 @@ static enum nss_status ng_chase(const char *dn,ldap_initgroups_args_t *lia); static enum nss_status ng_chase_backlink(const char **membersOf,ldap_initgroups_args_t *lia); +/* ( nisSchema.2.2 NAME 'posixGroup' SUP top STRUCTURAL + * DESC 'Abstraction of a group of accounts' + * MUST ( cn $ gidNumber ) + * MAY ( userPassword $ uidMember $ description ) ) + */ + +/* the search base for searches */ +const char *group_base = NULL; + +/* the search scope for searches */ +int group_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *group_filter = "(objectClass=posixGroup)"; + /* the attributes to request with searches */ +const char *attmap_group_cn = "cn"; +const char *attmap_group_userPassword = "userPassword"; +const char *attmap_group_gidNumber = "gidNumber"; +const char *attmap_group_memberUid = "memberUid"; +const char *attmap_group_uniqueMember = "uniqueMember"; +const char *attmap_group_memberOf = "memberOf"; + +/* the attribute list to request with searches */ static const char *group_attrs[6]; /* create a search filter for searching a group entry @@ -125,8 +148,8 @@ static int mkfilter_group_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_group_objectClass, + "(&%s(%s=%s))", + group_filter, attmap_group_cn,buf2); } @@ -136,17 +159,17 @@ static int mkfilter_group_bygid(gid_t gid, char *buffer,size_t buflen) { return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%d))", - attmap_objectClass,attmap_group_objectClass, - attmap_group_cn,gid); + "(&%s(%s=%d))", + group_filter, + attmap_group_gidNumber,gid); } static int mkfilter_getgroupsbydn(const char *dn, char *buffer,size_t buflen) { return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_group_objectClass, + "(&%s(%s=%s))", + group_filter, attmap_group_uniqueMember,dn); } @@ -184,8 +207,8 @@ static int mkfilter_group_bymember(const char *user, userdn=user2dn(user); if (userdn==NULL) return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_group_objectClass, + "(&%s(%s=%s))", + group_filter, attmap_group_memberUid,user); else { @@ -194,22 +217,13 @@ static int mkfilter_group_bymember(const char *user, return -1; ldap_memfree(userdn); return mysnprintf(buffer,buflen, - "(&(%s=%s)(|(%s=%s)(%s=%s)))", - attmap_objectClass, attmap_group_objectClass, + "(&%s(|(%s=%s)(%s=%s)))", + group_filter, attmap_group_memberUid, user, attmap_group_uniqueMember, userdn); } } -/* create a search filter for searching a group entry - by name, return -1 on errors */ -static int mkfilter_group_all(char *buffer,size_t buflen) -{ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_group_objectClass); -} - static void group_attrs_init(void) { group_attrs[0]=attmap_group_cn; @@ -1269,7 +1283,6 @@ int nslcd_group_all(TFILE *fp) { int32_t tmpint32,tmp2int32,tmp3int32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct group result; char buffer[1024]; @@ -1283,10 +1296,9 @@ int nslcd_group_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_group_all(filter,sizeof(filter)); group_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,group_attrs,LM_GROUP,_nss_ldap_parse_gr))==NSLCD_RESULT_SUCCESS) + NULL,group_filter,group_attrs,LM_GROUP,_nss_ldap_parse_gr))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/host.c b/nslcd/host.c index c006577..535b0e6 100644 --- a/nslcd/host.c +++ b/nslcd/host.c @@ -59,7 +59,28 @@ #define MAXALIASES 35 #endif +/* ( nisSchema.2.6 NAME 'ipHost' SUP top AUXILIARY + * DESC 'Abstraction of a host, an IP device. The distinguished + * value of the cn attribute denotes the host's canonical + * name. Device SHOULD be used as a structural class' + * MUST ( cn $ ipHostNumber ) + * MAY ( l $ description $ manager ) ) + */ + +/* the search base for searches */ +const char *host_base = NULL; + +/* the search scope for searches */ +int host_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *host_filter = "(objectClass=ipHost)"; + /* the attributes to request with searches */ +const char *attmap_host_cn = "cn"; +const char *attmap_host_ipHostNumber = "ipHostNumber"; + +/* the attribute list to request with searches */ static const char *host_attrs[3]; /* create a search filter for searching a host entry @@ -73,8 +94,8 @@ static int mkfilter_host_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_host_objectClass, + "(&%s(%s=%s))", + host_filter, attmap_host_cn,buf2); } @@ -87,18 +108,11 @@ static int mkfilter_host_byaddr(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_host_objectClass, + "(&%s(%s=%s))", + host_filter, attmap_host_ipHostNumber,buf2); } -static int mkfilter_host_all(char *buffer,size_t buflen) -{ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_host_objectClass); -} - static void host_attrs_init(void) { host_attrs[0]=attmap_host_cn; @@ -388,7 +402,6 @@ int nslcd_host_all(TFILE *fp) { int32_t tmpint32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct hostent result; char buffer[1024]; @@ -402,10 +415,9 @@ int nslcd_host_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_host_all(filter,sizeof(filter)); host_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,host_attrs,LM_HOSTS, + NULL,host_filter,host_attrs,LM_HOSTS, #ifdef INET6 (_res.options&RES_USE_INET6)?_nss_ldap_parse_hostv6:_nss_ldap_parse_hostv4 #else diff --git a/nslcd/ldap-nss.c b/nslcd/ldap-nss.c index b9b05ec..e28cd23 100644 --- a/nslcd/ldap-nss.c +++ b/nslcd/ldap-nss.c @@ -1818,7 +1818,6 @@ enum nss_status _nss_ldap_search_s( { /* get search descriptor */ sd=nslcd_cfg->ldc_sds[sel]; -next: if (sd!=NULL) { if (sd->lsd_base!=NULL) @@ -1833,17 +1832,6 @@ next: base,scope,filter,attrs, sizelimit,res,(search_func_t)do_search_s); - /* If no entry was returned, try the next search descriptor. */ - if (sd != NULL && sd->lsd_next != NULL) - { - if (stat==NSS_STATUS_NOTFOUND || - (stat==NSS_STATUS_SUCCESS && - ldap_first_entry(__session.ls_conn,*res)==NULL)) - { - sd=sd->lsd_next; - goto next; - } - } return stat; } @@ -1879,11 +1867,7 @@ _nss_ldap_search (const char *base,const char *filter,const char **attrs, * just quit with NSS_STATUS_NOTFOUND. */ if (*csd != NULL) - { - sd = (*csd)->lsd_next; - if (sd == NULL) - return NSS_STATUS_NOTFOUND; - } + return NSS_STATUS_NOTFOUND; else sd = nslcd_cfg->ldc_sds[sel]; *csd = sd; diff --git a/nslcd/netgroup.c b/nslcd/netgroup.c index b7a3d36..623dbaa 100644 --- a/nslcd/netgroup.c +++ b/nslcd/netgroup.c @@ -113,7 +113,27 @@ struct mynetgrent } \ while (0) +/* ( nisSchema.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL + * DESC 'Abstraction of a netgroup. May refer to other netgroups' + * MUST cn + * MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) + */ + +/* the search base for searches */ +const char *netgroup_base = NULL; + +/* the search scope for searches */ +int netgroup_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *netgroup_filter = "(objectClass=nisNetgroup)"; + /* the attributes to request with searches */ +const char *attmap_netgroup_cn = "cn"; +const char *attmap_netgroup_nisNetgroupTriple = "nisNetgroupTriple"; +const char *attmap_netgroup_memberNisNetgroup = "memberNisNetgroup"; + +/* the attribute list to request with searches */ static const char *netgroup_attrs[4]; static int mkfilter_netgroup_byname(const char *name, @@ -125,8 +145,8 @@ static int mkfilter_netgroup_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_netgroup_objectClass, + "(&%s(%s=%s))", + netgroup_filter, attmap_netgroup_cn,buf2); } diff --git a/nslcd/network.c b/nslcd/network.c index 69049f5..2d6c4fe 100644 --- a/nslcd/network.c +++ b/nslcd/network.c @@ -57,7 +57,26 @@ #define MAXADDRSIZE 4 #endif /* HAVE_USERSEC_H */ -/* the attributes to request with searches */ +/* the search base for searches */ +const char *network_base = NULL; + +/* the search scope for searches */ +int network_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *network_filter = "(objectClass=ipNetwork)"; + +/* the attributes used in searches + * ( nisSchema.2.7 NAME 'ipNetwork' SUP top STRUCTURAL + * DESC 'Abstraction of a network. The distinguished value of + * MUST ( cn $ ipNetworkNumber ) + * MAY ( ipNetmaskNumber $ l $ description $ manager ) ) + */ +const char *attmap_network_cn = "cn"; +const char *attmap_network_ipNetworkNumber = "ipNetworkNumber"; +/*const char *attmap_network_ipNetmaskNumber = "ipNetmaskNumber"; */ + +/* the attribute list to request with searches */ static const char *network_attrs[3]; /* create a search filter for searching a network entry @@ -71,8 +90,8 @@ static int mkfilter_network_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_network_objectClass, + "(&%s(%s=%s))", + network_filter, attmap_network_cn,buf2); } @@ -85,18 +104,11 @@ static int mkfilter_network_byaddr(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_network_objectClass, + "(&%s(%s=%s))", + network_filter, attmap_network_ipNetworkNumber,buf2); } -static int mkfilter_network_all(char *buffer,size_t buflen) -{ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_network_objectClass); -} - static void network_attrs_init(void) { network_attrs[0]=attmap_network_cn; @@ -256,7 +268,6 @@ int nslcd_network_all(TFILE *fp) { int32_t tmpint32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct netent result; char buffer[1024]; @@ -270,10 +281,9 @@ int nslcd_network_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_network_all(filter,sizeof(filter)); network_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,network_attrs,LM_NETWORKS,_nss_ldap_parse_net))==NSLCD_RESULT_SUCCESS) + NULL,network_filter,network_attrs,LM_NETWORKS,_nss_ldap_parse_net))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/passwd.c b/nslcd/passwd.c index 90f001f..6a39cb5 100644 --- a/nslcd/passwd.c +++ b/nslcd/passwd.c @@ -58,7 +58,31 @@ #define GID_NOBODY UID_NOBODY #endif -/* the attributes to request with searches */ +/* the search base for searches */ +const char *passwd_base = NULL; + +/* the search scope for searches */ +int passwd_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *passwd_filter = "(objectClass=posixAccount)"; + +/* the attributes used in searches + * ( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY + * DESC 'Abstraction of an account with POSIX attributes' + * MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) + * MAY ( userPassword $ loginShell $ gecos $ description ) ) + */ +const char *attmap_passwd_uid = "uid"; +const char *attmap_passwd_userPassword = "userPassword"; +const char *attmap_passwd_uidNumber = "uidNumber"; +const char *attmap_passwd_gidNumber = "gidNumber"; +const char *attmap_passwd_gecos = "gecos"; +const char *attmap_passwd_cn = "cn"; +const char *attmap_passwd_homeDirectory = "homeDirectory"; +const char *attmap_passwd_loginShell = "loginShell"; + +/* the attribute list to request with searches */ static const char *passwd_attrs[10]; /* create a search filter for searching a passwd entry @@ -72,8 +96,8 @@ int mkfilter_passwd_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_passwd_objectClass, + "(&%s(%s=%s))", + passwd_filter, attmap_passwd_uid,buf2); } @@ -83,20 +107,11 @@ static int mkfilter_passwd_byuid(uid_t uid, char *buffer,size_t buflen) { return snprintf(buffer,buflen, - "(&(%s=%s)(%s=%d))", - attmap_objectClass,attmap_passwd_objectClass, + "(&%s(%s=%d))", + passwd_filter, attmap_passwd_uidNumber,uid); } -/* create a search filter for enumerating all passwd - entries, return -1 on errors */ -static int mkfilter_passwd_all(char *buffer,size_t buflen) -{ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_passwd_objectClass); -} - static void passwd_attrs_init(void) { passwd_attrs[0]=attmap_passwd_uid; @@ -296,7 +311,6 @@ int nslcd_passwd_all(TFILE *fp) { int32_t tmpint32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct passwd result; char buffer[1024]; @@ -310,10 +324,9 @@ int nslcd_passwd_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* go over results */ - mkfilter_passwd_all(filter,sizeof(filter)); passwd_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,passwd_attrs,LM_PASSWD,_nss_ldap_parse_pw))==NSLCD_RESULT_SUCCESS) + NULL,passwd_filter,passwd_attrs,LM_PASSWD,_nss_ldap_parse_pw))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/protocol.c b/nslcd/protocol.c index fe9cc81..65d2c84 100644 --- a/nslcd/protocol.c +++ b/nslcd/protocol.c @@ -54,7 +54,27 @@ #include "log.h" #include "attmap.h" -/* the attributes to request with searches */ +/* the search base for searches */ +const char *protocol_base = NULL; + +/* the search scope for searches */ +int protocol_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *protocol_filter = "(objectClass=ipProtocol)"; + +/* the attributes used in searches + * ( nisSchema.2.4 NAME 'ipProtocol' SUP top STRUCTURAL + * DESC 'Abstraction of an IP protocol. Maps a protocol number + * to one or more names. The distinguished value of the cn + * attribute denotes the protocol's canonical name' + * MUST ( cn $ ipProtocolNumber ) + * MAY description ) + */ +const char *attmap_protocol_cn = "cn"; +const char *attmap_protocol_ipProtocolNumber = "ipProtocolNumber"; + +/* the attribute list to request with searches */ static const char *protocol_attrs[3]; static int mkfilter_protocol_byname(const char *name, @@ -66,8 +86,8 @@ static int mkfilter_protocol_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_protocol_objectClass, + "(&%s(%s=%s))", + protocol_filter, attmap_protocol_cn,buf2); } @@ -77,20 +97,11 @@ static int mkfilter_protocol_bynumber(int protocol, char *buffer,size_t buflen) { return snprintf(buffer,buflen, - "(&(%s=%s)(%s=%d))", - attmap_objectClass,attmap_protocol_objectClass, + "(&%s(%s=%d))", + protocol_filter, attmap_protocol_ipProtocolNumber,protocol); } -/* create a search filter for enumerating all protocol - entries, return -1 on errors */ -static int mkfilter_protocol_all(char *buffer,size_t buflen) -{ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_protocol_objectClass); -} - static void protocol_attrs_init(void) { protocol_attrs[0]=attmap_protocol_cn; @@ -208,7 +219,6 @@ int nslcd_protocol_all(TFILE *fp) { int32_t tmpint32,tmp2int32,tmp3int32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct protoent result; char buffer[1024]; @@ -222,10 +232,9 @@ int nslcd_protocol_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_protocol_all(filter,sizeof(filter)); protocol_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,protocol_attrs,LM_PROTOCOLS,_nss_ldap_parse_proto))==NSLCD_RESULT_SUCCESS) + NULL,protocol_filter,protocol_attrs,LM_PROTOCOLS,_nss_ldap_parse_proto))==NSLCD_RESULT_SUCCESS) { /* write the result code */ WRITE_INT32(fp,retv); diff --git a/nslcd/rpc.c b/nslcd/rpc.c index 5393a93..24ea77b 100644 --- a/nslcd/rpc.c +++ b/nslcd/rpc.c @@ -66,7 +66,31 @@ #define RPC_ALIASES result->r_aliases #define RPC_NUMBER result->r_number +/* ( nisSchema.2.5 NAME 'oncRpc' SUP top STRUCTURAL + * DESC 'Abstraction of an Open Network Computing (ONC) + * [RFC1057] Remote Procedure Call (RPC) binding. + * This class maps an ONC RPC number to a name. + * The distinguished value of the cn attribute denotes + * the RPC service's canonical name' + * MUST ( cn $ oncRpcNumber ) + * MAY description ) + */ + +/* the search base for searches */ +const char *rpc_base = NULL; + +/* the search scope for searches */ +int rpc_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *rpc_filter = "(objectClass=ipService)"; + /* the attributes to request with searches */ +const char *attmap_rpc_objectClass = "oncRpc"; +const char *attmap_rpc_cn = "cn"; +const char *attmap_rpc_oncRpcNumber = "oncRpcNumber"; + +/* the attribute list to request with searches */ static const char *rpc_attrs[3]; static int mkfilter_rpc_byname(const char *name, @@ -78,8 +102,8 @@ static int mkfilter_rpc_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_rpc_objectClass, + "(&%s(%s=%s))", + rpc_filter, attmap_rpc_cn,buf2); } @@ -87,19 +111,11 @@ static int mkfilter_rpc_bynumber(int number, char *buffer,size_t buflen) { return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%d))", - attmap_objectClass,attmap_rpc_objectClass, + "(&%s(%s=%d))", + rpc_filter, attmap_rpc_oncRpcNumber,number); } -static int mkfilter_rpc_all(char *buffer,size_t buflen) -{ - /* build filter */ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_rpc_objectClass); -} - static void rpc_attrs_init(void) { rpc_attrs[0]=attmap_rpc_cn; @@ -213,7 +229,6 @@ int nslcd_rpc_all(TFILE *fp) { int32_t tmpint32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct rpcent result; char buffer[1024]; @@ -227,10 +242,9 @@ int nslcd_rpc_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_rpc_all(filter,sizeof(filter)); rpc_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,rpc_attrs,LM_RPC,_nss_ldap_parse_rpc))==NSLCD_RESULT_SUCCESS) + NULL,rpc_filter,rpc_attrs,LM_RPC,_nss_ldap_parse_rpc))==NSLCD_RESULT_SUCCESS) { /* write the result code */ WRITE_INT32(fp,retv); diff --git a/nslcd/service.c b/nslcd/service.c index 35799cc..3dde1bc 100644 --- a/nslcd/service.c +++ b/nslcd/service.c @@ -67,7 +67,31 @@ #define SERVICE_NUMBER htons(result->s_port) #define SERVICE_PROTOCOL result->s_proto +/* ( nisSchema.2.3 NAME 'ipService' SUP top STRUCTURAL + * DESC 'Abstraction an Internet Protocol service. + * Maps an IP port and protocol (such as tcp or udp) + * to one or more names; the distinguished value of + * the cn attribute denotes the service's canonical + * name' + * MUST ( cn $ ipServicePort $ ipServiceProtocol ) + * MAY ( description ) ) + */ + +/* the search base for searches */ +const char *service_base = NULL; + +/* the search scope for searches */ +int service_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *service_filter = "(objectClass=ipService)"; + /* the attributes to request with searches */ +const char *attmap_service_cn = "cn"; +const char *attmap_service_ipServicePort = "ipServicePort"; +const char *attmap_service_ipServiceProtocol = "ipServiceProtocol"; + +/* the attribute list to request with searches */ static const char *service_attrs[4]; static int mkfilter_service_byname(const char *name, @@ -84,14 +108,14 @@ static int mkfilter_service_byname(const char *name, /* build filter */ if (*protocol!='\0') return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s)(%s=%s))", - attmap_objectClass,attmap_service_objectClass, + "(&%s(%s=%s)(%s=%s))", + service_filter, attmap_service_cn,buf2, attmap_service_ipServiceProtocol,buf3); else return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_service_objectClass, + "(&%s(%s=%s))", + service_filter, attmap_service_cn,buf2); } @@ -107,24 +131,17 @@ static int mkfilter_service_bynumber(int number, /* build filter */ if (*protocol!='\0') return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%d)(%s=%s))", - attmap_objectClass,attmap_service_objectClass, + "(&%s(%s=%d)(%s=%s))", + service_filter, attmap_service_ipServicePort,number, attmap_service_ipServiceProtocol,buf3); else return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%d))", - attmap_objectClass,attmap_service_objectClass, + "(&%s(%s=%d))", + service_filter, attmap_service_ipServicePort,number); } -static int mkfilter_service_all(char *buffer,size_t buflen) -{ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_service_objectClass); -} - static void service_attrs_init(void) { service_attrs[0]=attmap_service_cn; @@ -325,7 +342,6 @@ int nslcd_service_all(TFILE *fp) { int32_t tmpint32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct servent result; char buffer[1024]; @@ -339,10 +355,9 @@ int nslcd_service_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_service_all(filter,sizeof(filter)); service_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,service_attrs,LM_SERVICES,_nss_ldap_parse_serv))==NSLCD_RESULT_SUCCESS) + NULL,service_filter,service_attrs,LM_SERVICES,_nss_ldap_parse_serv))==NSLCD_RESULT_SUCCESS) { /* write the result code */ WRITE_INT32(fp,retv); diff --git a/nslcd/shadow.c b/nslcd/shadow.c index c8493af..bc7c0d5 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -51,7 +51,35 @@ #include "attmap.h" #include "cfg.h" +/* ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY + * DESC 'Additional attributes for shadow passwords' + * MUST uid + * MAY ( userPassword $ shadowLastChange $ shadowMin + * shadowMax $ shadowWarning $ shadowInactive $ + * shadowExpire $ shadowFlag $ description ) ) + */ + +/* the search base for searches */ +const char *shadow_base = NULL; + +/* the search scope for searches */ +int shadow_scope = LDAP_SCOPE_DEFAULT; + +/* the basic search filter for searches */ +const char *shadow_filter = "(objectClass=shadowAccount)"; + /* the attributes to request with searches */ +const char *attmap_shadow_uid = "uid"; +const char *attmap_shadow_userPassword = "userPassword"; +const char *attmap_shadow_shadowLastChange = "shadowLastChange"; +const char *attmap_shadow_shadowMin = "shadowMin"; +const char *attmap_shadow_shadowMax = "shadowMax"; +const char *attmap_shadow_shadowWarning = "shadowWarning"; +const char *attmap_shadow_shadowInactive = "shadowInactive"; +const char *attmap_shadow_shadowExpire = "shadowExpire"; +const char *attmap_shadow_shadowFlag = "shadowFlag"; + +/* the attribute list to request with searches */ static const char *shadow_attrs[10]; static int mkfilter_shadow_byname(const char *name, @@ -63,18 +91,11 @@ static int mkfilter_shadow_byname(const char *name, return -1; /* build filter */ return mysnprintf(buffer,buflen, - "(&(%s=%s)(%s=%s))", - attmap_objectClass,attmap_shadow_objectClass, + "(&%s(%s=%s))", + shadow_filter, attmap_shadow_uid,buf2); } -static int mkfilter_shadow_all(char *buffer,size_t buflen) -{ - return mysnprintf(buffer,buflen, - "(%s=%s)", - attmap_objectClass,attmap_shadow_objectClass); -} - static void shadow_attrs_init(void) { shadow_attrs[0]=attmap_shadow_uid; @@ -228,7 +249,6 @@ int nslcd_shadow_all(TFILE *fp) { int32_t tmpint32; struct ent_context context; - char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct spwd result; char buffer[1024]; @@ -242,10 +262,9 @@ int nslcd_shadow_all(TFILE *fp) /* initialize context */ _nss_ldap_ent_context_init(&context); /* loop over all results */ - mkfilter_shadow_all(filter,sizeof(filter)); shadow_attrs_init(); while ((retv=_nss_ldap_getent(&context,&result,buffer,sizeof(buffer),&errnop, - NULL,filter,shadow_attrs,LM_SHADOW,_nss_ldap_parse_sp))==NSLCD_RESULT_SUCCESS) + NULL,shadow_filter,shadow_attrs,LM_SHADOW,_nss_ldap_parse_sp))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/util.c b/nslcd/util.c index 368d78c..96fa256 100644 --- a/nslcd/util.c +++ b/nslcd/util.c @@ -282,6 +282,7 @@ dn2uid_cache_get (const char *dn, char **uid, char **buffer, size_t * buflen) return NSS_STATUS_SUCCESS; } +/* TODO: move to group.c */ enum nss_status _nss_ldap_dn2uid(const char *dn,char **uid,char **buffer, size_t * buflen,int *pIsNestedGroup, LDAPMessage **pRes) @@ -308,7 +309,8 @@ enum nss_status _nss_ldap_dn2uid(const char *dn,char **uid,char **buffer, LDAPMessage *e = _nss_ldap_first_entry (res); if (e != NULL) { - if (has_objectclass(e,attmap_group_objectClass)) + /* FIXME: somehow replace this with the dynamic stuff in group.c */ + if (has_objectclass(e,"posixGroup")) { *pIsNestedGroup = 1; *pRes = res; |