diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2009-05-29 21:22:58 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2009-05-29 21:22:58 +0000 |
| commit | f91b33e7b87b0447029e9b7593b796c3b9d0d0b0 (patch) | |
| tree | cb66705231e6c4480c62c3b690867c426cf2763b | |
| parent | 7c32d0121c95bbb05ab064b29bf7ec2ba5defc00 (diff) | |
refactor protocol reading and writing macros to the common directory, use more logical names and in the PAM module no longer use NSS status codes (import of r887 from nss-pam-ldapd)
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@904 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | common/Makefile.am | 6 | ||||
| -rw-r--r-- | common/nslcd-prot.c (renamed from nss/common.c) | 6 | ||||
| -rw-r--r-- | common/nslcd-prot.h (renamed from nslcd-common.h) | 175 | ||||
| -rw-r--r-- | nslcd/Makefile.am | 2 | ||||
| -rw-r--r-- | nslcd/alias.c | 2 | ||||
| -rw-r--r-- | nslcd/common.h | 2 | ||||
| -rw-r--r-- | nslcd/ether.c | 2 | ||||
| -rw-r--r-- | nslcd/group.c | 4 | ||||
| -rw-r--r-- | nslcd/host.c | 2 | ||||
| -rw-r--r-- | nslcd/netgroup.c | 2 | ||||
| -rw-r--r-- | nslcd/network.c | 2 | ||||
| -rw-r--r-- | nslcd/passwd.c | 2 | ||||
| -rw-r--r-- | nslcd/protocol.c | 2 | ||||
| -rw-r--r-- | nslcd/rpc.c | 2 | ||||
| -rw-r--r-- | nslcd/service.c | 6 | ||||
| -rw-r--r-- | nslcd/shadow.c | 2 | ||||
| -rw-r--r-- | nss/Makefile.am | 8 | ||||
| -rw-r--r-- | nss/aliases.c | 11 | ||||
| -rw-r--r-- | nss/common.h | 75 | ||||
| -rw-r--r-- | nss/ethers.c | 2 | ||||
| -rw-r--r-- | nss/group.c | 6 | ||||
| -rw-r--r-- | nss/hosts.c | 4 | ||||
| -rw-r--r-- | nss/netgroup.c | 17 | ||||
| -rw-r--r-- | nss/networks.c | 4 | ||||
| -rw-r--r-- | nss/passwd.c | 10 | ||||
| -rw-r--r-- | nss/protocols.c | 4 | ||||
| -rw-r--r-- | nss/rpc.c | 4 | ||||
| -rw-r--r-- | nss/services.c | 6 | ||||
| -rw-r--r-- | nss/shadow.c | 4 | ||||
| -rw-r--r-- | pam/Makefile.am | 6 | ||||
| -rw-r--r-- | pam/common.h | 84 | ||||
| -rw-r--r-- | pam/pam.c | 136 | ||||
| -rw-r--r-- | tests/Makefile.am | 2 |
34 files changed, 339 insertions, 265 deletions
diff --git a/Makefile.am b/Makefile.am index 3677726..915b1aa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -44,7 +44,7 @@ DEBIAN_FILES = debian/changelog debian/compat debian/control \ $(wildcard debian/po/*.po) debian/po/templates.pot \ debian/po/POTFILES.in -EXTRA_DIST = nss-ldapd.conf nslcd.h nslcd-common.h \ +EXTRA_DIST = nss-ldapd.conf nslcd.h \ $(wildcard m4/*.m4) HACKING $(DEBIAN_FILES) DISTCHECK_CONFIGURE_FLAGS = --enable-warnings --enable-pam diff --git a/common/Makefile.am b/common/Makefile.am index a813da5..3a3b6d3 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -17,12 +17,16 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA -noinst_LIBRARIES = libtio.a libdict.a +noinst_LIBRARIES = libtio.a libprot.a libdict.a AM_CPPFLAGS=-I$(top_srcdir) AM_CFLAGS = -fPIC +EXTRA_DIST = nslcd-prot.h + libtio_a_SOURCES = tio.c tio.h +libprot_a_SOURCES = nslcd-prot.c nslcd-prot.h + libdict_a_SOURCES = dict.c dict.h \ set.c set.h diff --git a/nss/common.c b/common/nslcd-prot.c index 6428bc2..102a6df 100644 --- a/nss/common.c +++ b/common/nslcd-prot.c @@ -1,5 +1,5 @@ /* - common.c - common functions for NSS lookups + nslcd-prot.c - common functions for NSLCD lookups Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2008 Arthur de Jong @@ -32,12 +32,10 @@ #include <sys/types.h> #include <sys/stat.h> #include <errno.h> -#include <nss.h> #include <string.h> #include "nslcd.h" -#include "common.h" -#include "common/tio.h" +#include "nslcd-prot.h" /* buffer sizes for I/O */ #define READBUFFER_MINSIZE 1024 diff --git a/nslcd-common.h b/common/nslcd-prot.h index 2d21a85..bab5596 100644 --- a/nslcd-common.h +++ b/common/nslcd-prot.h @@ -1,6 +1,5 @@ /* - nslcd-common.h - helper macros for reading and writing in - protocol streams + nslcd-prot.h - helper macros for reading and writing in protocol streams Copyright (C) 2006 West Consulting Copyright (C) 2006, 2007, 2009 Arthur de Jong @@ -21,10 +20,23 @@ 02110-1301 USA */ -#ifndef _NSLCD_COMMON_H -#define _NSLCD_COMMON_H 1 +#ifndef _NSLCD_PROT_H +#define _NSLCD_PROT_H 1 -#include <stdio.h> +#include "tio.h" + +/* If you use these macros you should define the following macros to + handle error conditions (these marcos should clean up and return from the + function): + ERROR_OUT_WRITEERROR(fp) + ERROR_OUT_READERROR(fp) + ERROR_OUT_BUFERROR(fp) + ERROR_OUT_NOSUCCESS(fp) */ + + +/* Debugging marcos that can be used to enable detailed protocol logging, + pass -DDEBUG_PROT to do overall protocol debugging, and -DDEBUG_PROT_DUMP + to dump the actual bytestream. */ #ifdef DEBUG_PROT /* define a debugging macro to output logging */ @@ -57,6 +69,7 @@ static void debug_dump(const void *ptr,size_t size) #define DEBUG_DUMP(ptr,size) #endif /* not DEBUG_PROT_DUMP */ + /* WRITE marcos, used for writing data, on write error they will call the ERROR_OUT_WRITEERROR macro these macros may require the availability of the following @@ -94,13 +107,6 @@ static void debug_dump(const void *ptr,size_t size) { WRITE(fp,str,tmpint32); } \ } -#define WRITE_FLUSH(fp) \ - if (tio_flush(fp)<0) \ - { \ - DEBUG_PRINT("WRITE_FLUSH : error: %s",strerror(errno)); \ - ERROR_OUT_WRITEERROR(fp); \ - } - #define WRITE_STRINGLIST(fp,arr) \ /* first determin length of array */ \ for (tmp3int32=0;(arr)[tmp3int32]!=NULL;tmp3int32++) \ @@ -132,14 +138,12 @@ static void debug_dump(const void *ptr,size_t size) } \ } + /* READ macros, used for reading data, on read error they will call the ERROR_OUT_READERROR or ERROR_OUT_BUFERROR macro these macros may require the availability of the following variables: int32_t tmpint32; - temporary variable - char *buffer; - pointer to a buffer for reading strings - size_t buflen; - the size of the buffer - size_t bufptr; - the current position in the buffer */ #define READ(fp,ptr,size) \ @@ -159,6 +163,35 @@ static void debug_dump(const void *ptr,size_t size) i=tmpint32; \ DEBUG_PRINT("READ_INT32 : var="__STRING(i)" int32=%d",(int)i); +/* read a string in a fixed-size "normal" buffer */ +#define READ_STRING(fp,buffer) \ + /* read the size of the string */ \ + READ_TYPE(fp,tmpint32,int32_t); \ + DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" strlen=%d",tmpint32); \ + /* check if read would fit */ \ + if (((size_t)tmpint32)>=sizeof(buffer)) \ + { \ + /* will not fit */ \ + DEBUG_PRINT("READ : buffer error: %d bytes too large",(tmpint32-sizeof(buffer))+1); \ + ERROR_OUT_BUFERROR(fp); \ + } \ + /* read string from the stream */ \ + if (tmpint32>0) \ + { READ(fp,buffer,(size_t)tmpint32); } \ + /* null-terminate string in buffer */ \ + buffer[tmpint32]='\0'; \ + DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" string=\"%s\"",buffer); + + +/* READ BUF macros that read data into a pre-allocated buffer. + these macros may require the availability of the following + variables: + int32_t tmpint32; - temporary variable + char *buffer; - pointer to a buffer for reading strings + size_t buflen; - the size of the buffer + size_t bufptr; - the current position in the buffer + */ + /* current position in the buffer */ #define BUF_CUR \ (buffer+bufptr) @@ -196,12 +229,21 @@ static void debug_dump(const void *ptr,size_t size) /* reserve the space */ \ BUF_SKIP((size_t)(num)*sizeof(type)); +/* read a binary blob into the buffer */ +#define READ_BUF(fp,ptr,sz) \ + /* check that there is enough room and read */ \ + BUF_CHECK(fp,sz); \ + READ(fp,BUF_CUR,(size_t)sz); \ + /* store pointer and skip */ \ + (ptr)=BUF_CUR; \ + BUF_SKIP(sz); + /* read string in the buffer (using buffer, buflen and bufptr) and store the actual location of the string in field */ -#define READ_STRING_BUF(fp,field) \ +#define READ_BUF_STRING(fp,field) \ /* read the size of the string */ \ READ_TYPE(fp,tmpint32,int32_t); \ - DEBUG_PRINT("READ_STRING: var="__STRING(field)" strlen=%d",tmpint32); \ + DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" strlen=%d",tmpint32); \ /* check if read would fit */ \ BUF_CHECK(fp,tmpint32+1); \ /* read string from the stream */ \ @@ -209,56 +251,14 @@ static void debug_dump(const void *ptr,size_t size) { READ(fp,BUF_CUR,(size_t)tmpint32); } \ /* null-terminate string in buffer */ \ BUF_CUR[tmpint32]='\0'; \ - DEBUG_PRINT("READ_STRING: var="__STRING(field)" string=\"%s\"",BUF_CUR); \ + DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" string=\"%s\"",BUF_CUR); \ /* prepare result */ \ (field)=BUF_CUR; \ BUF_SKIP(tmpint32+1); -/* read a string in a fixed-size "normal" buffer */ -#define READ_STRING_BUF2(fp,buffer,buflen) \ - /* read the size of the string */ \ - READ_TYPE(fp,tmpint32,int32_t); \ - DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" strlen=%d",tmpint32); \ - /* check if read would fit */ \ - if (((size_t)tmpint32)>=(buflen)) \ - { \ - /* will not fit */ \ - DEBUG_PRINT("READ : buffer error: %d bytes too large",(tmpint32-(buflen))+1); \ - ERROR_OUT_BUFERROR(fp); \ - } \ - /* read string from the stream */ \ - if (tmpint32>0) \ - { READ(fp,buffer,(size_t)tmpint32); } \ - /* null-terminate string in buffer */ \ - buffer[tmpint32]='\0'; \ - DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" string=\"%s\"",buffer); - -/* read a binary blob into the buffer */ -#define READ_BUF(fp,ptr,sz) \ - /* check that there is enough room and read */ \ - BUF_CHECK(fp,sz); \ - READ(fp,BUF_CUR,(size_t)sz); \ - /* store pointer and skip */ \ - (ptr)=BUF_CUR; \ - BUF_SKIP(sz); - -/* read an array from a stram and store the length of the - array in num (size for the array is allocated) */ -#define READ_STRINGLIST_NUM(fp,arr,num) \ - /* read the number of entries */ \ - READ_INT32(fp,(num)); \ - DEBUG_PRINT("READ_STRLST: var="__STRING(arr)" num=%d",(int)(num)); \ - /* allocate room for *char[num] */ \ - BUF_ALLOC(fp,arr,char *,tmpint32); \ - /* read all the strings */ \ - for (tmp2int32=0;tmp2int32<(int32_t)(num);tmp2int32++) \ - { \ - READ_STRING_BUF(fp,(arr)[tmp2int32]); \ - } - /* read an array from a stram and store it as a null-terminated array list (size for the array is allocated) */ -#define READ_STRINGLIST_NULLTERM(fp,arr) \ +#define READ_BUF_STRINGLIST(fp,arr) \ /* read the number of entries */ \ READ_TYPE(fp,tmp3int32,int32_t); \ DEBUG_PRINT("READ_STRLST: var="__STRING(arr)" num=%d",(int)tmp3int32); \ @@ -267,13 +267,15 @@ static void debug_dump(const void *ptr,size_t size) /* read all entries */ \ for (tmp2int32=0;tmp2int32<tmp3int32;tmp2int32++) \ { \ - READ_STRING_BUF(fp,(arr)[tmp2int32]); \ + READ_BUF_STRING(fp,(arr)[tmp2int32]); \ } \ /* set last entry to NULL */ \ (arr)[tmp2int32]=NULL; -/* skip a number of bytes foreward - Note that this macro modifies the sz variable */ + +/* SKIP macros for skipping over certain parts of the protocol stream. */ + +/* skip a number of bytes foreward */ #define SKIP(fp,sz) \ DEBUG_PRINT("READ : skip %d bytes",(int)(sz)); \ /* read (skip) the specified number of bytes */ \ @@ -291,7 +293,7 @@ static void debug_dump(const void *ptr,size_t size) /* read (skip) the specified number of bytes */ \ SKIP(fp,tmpint32); -/* skip a loop of strings */ +/* skip a list of strings */ #define SKIP_STRINGLIST(fp) \ /* read the number of entries */ \ READ_TYPE(fp,tmp3int32,int32_t); \ @@ -302,4 +304,45 @@ static void debug_dump(const void *ptr,size_t size) SKIP_STRING(fp); \ } -#endif /* not _NSLCD_COMMON_H */ + +/* These are functions and macors for performing common operations in + the nslcd request/response protocol. */ + +/* returns a socket to the server or NULL on error (see errno), + socket should be closed with tio_close() */ +TFILE *nslcd_client_open(void) + MUST_USE; + +/* generic request code */ +#define NSLCD_REQUEST(fp,action,writefn) \ + /* open a client socket */ \ + if ((fp=nslcd_client_open())==NULL) \ + { ERROR_OUT_OPENERROR } \ + /* write a request header with a request code */ \ + WRITE_INT32(fp,(int32_t)NSLCD_VERSION) \ + WRITE_INT32(fp,(int32_t)action) \ + /* write the request parameters (if any) */ \ + writefn; \ + /* flush the stream */ \ + if (tio_flush(fp)<0) \ + { \ + DEBUG_PRINT("WRITE_FLUSH : error: %s",strerror(errno)); \ + ERROR_OUT_WRITEERROR(fp); \ + } \ + /* read and check response version number */ \ + READ_TYPE(fp,tmpint32,int32_t); \ + if (tmpint32!=(int32_t)NSLCD_VERSION) \ + { ERROR_OUT_READERROR(fp) } \ + /* read and check response request number */ \ + READ_TYPE(fp,tmpint32,int32_t); \ + if (tmpint32!=(int32_t)(action)) \ + { ERROR_OUT_READERROR(fp) } + +/* Read the response code (the result code of the query) from + the stream. */ +#define READ_RESPONSE_CODE(fp) \ + READ_TYPE(fp,tmpint32,int32_t); \ + if (tmpint32!=(int32_t)NSLCD_RESULT_BEGIN) \ + { ERROR_OUT_NOSUCCESS(fp) } + +#endif /* not _NSLCD_PROT_H */ diff --git a/nslcd/Makefile.am b/nslcd/Makefile.am index 217d369..d36d0fb 100644 --- a/nslcd/Makefile.am +++ b/nslcd/Makefile.am @@ -23,7 +23,7 @@ sbin_PROGRAMS = nslcd AM_CPPFLAGS=-I$(top_srcdir) AM_CFLAGS = $(PTHREAD_CFLAGS) -nslcd_SOURCES = nslcd.c ../nslcd.h ../nslcd-common.h \ +nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h \ log.c log.h \ common.c common.h \ diff --git a/nslcd/alias.c b/nslcd/alias.c index 42a880c..bcdd48a 100644 --- a/nslcd/alias.c +++ b/nslcd/alias.c @@ -130,7 +130,7 @@ NSLCD_HANDLE( alias,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name));, + READ_STRING(fp,name);, log_log(LOG_DEBUG,"nslcd_alias_byname(%s)",name);, NSLCD_ACTION_ALIAS_BYNAME, mkfilter_alias_byname(name,filter,sizeof(filter)), diff --git a/nslcd/common.h b/nslcd/common.h index cf49625..9fc56fa 100644 --- a/nslcd/common.h +++ b/nslcd/common.h @@ -25,7 +25,7 @@ #define _SERVER_COMMON_H 1 #include "nslcd.h" -#include "nslcd-common.h" +#include "common/nslcd-prot.h" #include "common/tio.h" #include "compat/attrs.h" #include "myldap.h" diff --git a/nslcd/ether.c b/nslcd/ether.c index 0f8ca94..1bfa200 100644 --- a/nslcd/ether.c +++ b/nslcd/ether.c @@ -173,7 +173,7 @@ NSLCD_HANDLE( ether,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name));, + READ_STRING(fp,name);, log_log(LOG_DEBUG,"nslcd_ether_byname(%s)",name);, NSLCD_ACTION_ETHER_BYNAME, mkfilter_ether_byname(name,filter,sizeof(filter)), diff --git a/nslcd/group.c b/nslcd/group.c index fa83de4..6bb7e8c 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -302,7 +302,7 @@ NSLCD_HANDLE( group,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name)); + READ_STRING(fp,name); if (!isvalidname(name)) { log_log(LOG_WARNING,"nslcd_group_byname(%s): invalid group name",name); return -1; @@ -328,7 +328,7 @@ NSLCD_HANDLE( group,bymember, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name)); + READ_STRING(fp,name); if (!isvalidname(name)) { log_log(LOG_WARNING,"nslcd_group_bymember(%s): invalid user name",name); return -1; diff --git a/nslcd/host.c b/nslcd/host.c index db27fa4..63826d5 100644 --- a/nslcd/host.c +++ b/nslcd/host.c @@ -155,7 +155,7 @@ NSLCD_HANDLE( host,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name));, + READ_STRING(fp,name);, log_log(LOG_DEBUG,"nslcd_host_byname(%s)",name);, NSLCD_ACTION_HOST_BYNAME, mkfilter_host_byname(name,filter,sizeof(filter)), diff --git a/nslcd/netgroup.c b/nslcd/netgroup.c index 6ba4e11..6c38216 100644 --- a/nslcd/netgroup.c +++ b/nslcd/netgroup.c @@ -234,7 +234,7 @@ NSLCD_HANDLE( netgroup,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name));, + READ_STRING(fp,name);, log_log(LOG_DEBUG,"nslcd_netgroup_byname(%s)",name);, NSLCD_ACTION_NETGROUP_BYNAME, mkfilter_netgroup_byname(name,filter,sizeof(filter)), diff --git a/nslcd/network.c b/nslcd/network.c index a7a49d2..c2bcce2 100644 --- a/nslcd/network.c +++ b/nslcd/network.c @@ -154,7 +154,7 @@ NSLCD_HANDLE( network,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name));, + READ_STRING(fp,name);, log_log(LOG_DEBUG,"nslcd_network_byname(%s)",name);, NSLCD_ACTION_NETWORK_BYNAME, mkfilter_network_byname(name,filter,sizeof(filter)), diff --git a/nslcd/passwd.c b/nslcd/passwd.c index 2b105d6..d140de3 100644 --- a/nslcd/passwd.c +++ b/nslcd/passwd.c @@ -462,7 +462,7 @@ NSLCD_HANDLE( passwd,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name)); + READ_STRING(fp,name); if (!isvalidname(name)) { log_log(LOG_WARNING,"nslcd_passwd_byname(%s): invalid user name",name); return -1; diff --git a/nslcd/protocol.c b/nslcd/protocol.c index 5162bfd..595427b 100644 --- a/nslcd/protocol.c +++ b/nslcd/protocol.c @@ -153,7 +153,7 @@ NSLCD_HANDLE( protocol,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name));, + READ_STRING(fp,name);, log_log(LOG_DEBUG,"nslcd_protocol_byname(%s)",name);, NSLCD_ACTION_PROTOCOL_BYNAME, mkfilter_protocol_byname(name,filter,sizeof(filter)), diff --git a/nslcd/rpc.c b/nslcd/rpc.c index 0a2c6e4..7480b4f 100644 --- a/nslcd/rpc.c +++ b/nslcd/rpc.c @@ -154,7 +154,7 @@ NSLCD_HANDLE( rpc,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name));, + READ_STRING(fp,name);, log_log(LOG_DEBUG,"nslcd_rpc_byname(%s)",name);, NSLCD_ACTION_RPC_BYNAME, mkfilter_rpc_byname(name,filter,sizeof(filter)), diff --git a/nslcd/service.c b/nslcd/service.c index b6888e7..64129ca 100644 --- a/nslcd/service.c +++ b/nslcd/service.c @@ -205,8 +205,8 @@ NSLCD_HANDLE( char name[256]; char protocol[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name)); - READ_STRING_BUF2(fp,protocol,sizeof(protocol));, + READ_STRING(fp,name); + READ_STRING(fp,protocol);, log_log(LOG_DEBUG,"nslcd_service_byname(%s,%s)",name,protocol);, NSLCD_ACTION_SERVICE_BYNAME, mkfilter_service_byname(name,protocol,filter,sizeof(filter)), @@ -219,7 +219,7 @@ NSLCD_HANDLE( char protocol[256]; char filter[1024]; READ_INT32(fp,number); - READ_STRING_BUF2(fp,protocol,sizeof(protocol));, + READ_STRING(fp,protocol);, log_log(LOG_DEBUG,"nslcd_service_bynumber(%d,%s)",number,protocol);, NSLCD_ACTION_SERVICE_BYNUMBER, mkfilter_service_bynumber(number,protocol,filter,sizeof(filter)), diff --git a/nslcd/shadow.c b/nslcd/shadow.c index 0da00cd..ff46355 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -268,7 +268,7 @@ NSLCD_HANDLE( shadow,byname, char name[256]; char filter[1024]; - READ_STRING_BUF2(fp,name,sizeof(name));, + READ_STRING(fp,name);, log_log(LOG_DEBUG,"nslcd_shadow_byname(%s)",name);, NSLCD_ACTION_SHADOW_BYNAME, mkfilter_shadow_byname(name,filter,sizeof(filter)), diff --git a/nss/Makefile.am b/nss/Makefile.am index 0167d20..c283b41 100644 --- a/nss/Makefile.am +++ b/nss/Makefile.am @@ -2,7 +2,7 @@ # # Copyright (C) 2006 Luke Howard # Copyright (C) 2006 West Consulting -# Copyright (C) 2006, 2007 Arthur de Jong +# Copyright (C) 2006, 2007, 2009 Arthur de Jong # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -28,15 +28,15 @@ AM_CFLAGS = -fPIC NSS_VERS = 2 NSS_LDAP_NSS_VERSIONED = libnss_ldap.so.$(NSS_VERS) -nss_ldap_so_SOURCES = common.c common.h prototypes.h \ - ../nslcd.h ../nslcd-common.h \ +nss_ldap_so_SOURCES = common.h prototypes.h \ + ../nslcd.h ../common/nslcd-prot.h \ ../compat/attrs.h \ aliases.c ethers.c group.c hosts.c netgroup.c \ networks.c passwd.c protocols.c rpc.c services.c \ shadow.c nss_ldap_so_LDFLAGS = -shared -Wl,-soname,$(NSS_LDAP_NSS_VERSIONED) \ -Wl,--version-script,\$(srcdir)/exports.linux -nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a +nss_ldap_so_LDADD = @nss_ldap_so_LIBS@ ../common/libtio.a ../common/libprot.a EXTRA_DIST = exports.linux diff --git a/nss/aliases.c b/nss/aliases.c index 10d5576..dd27ede 100644 --- a/nss/aliases.c +++ b/nss/aliases.c @@ -33,11 +33,14 @@ static enum nss_status read_aliasent( TFILE *fp,struct aliasent *result, char *buffer,size_t buflen,int *errnop) { - int32_t tmpint32,tmp2int32; + int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; - /* auto-genereted read code */ - READ_STRING_BUF(fp,result->alias_name); - READ_STRINGLIST_NUM(fp,result->alias_members,result->alias_members_len); + /* read the name of the alias */ + READ_BUF_STRING(fp,result->alias_name); + /* read the members */ + READ_BUF_STRINGLIST(fp,result->alias_members); + /* tmp3int32 holds the number of entries read */ + result->alias_members_len=tmp3int32; /* fill in remaining gaps in struct */ result->alias_local=0; /* we're done */ diff --git a/nss/common.h b/nss/common.h index 01fce97..b0f2983 100644 --- a/nss/common.h +++ b/nss/common.h @@ -27,45 +27,8 @@ #include <nss.h> #include "nslcd.h" -#include "nslcd-common.h" +#include "common/nslcd-prot.h" #include "compat/attrs.h" -#include "common/tio.h" - -/* returns a socket to the server or NULL on error (see errno), - socket should be closed with tio_close() */ -TFILE *nslcd_client_open(void) - MUST_USE; - -/* These are macors for performing common operations in the nslcd - request/response protocol, they are an extension for client - applications to the macros defined in nslcd-common.h. */ - -/* Open a client socket. */ -#define OPEN_SOCK(fp) \ - if ((fp=nslcd_client_open())==NULL) \ - { ERROR_OUT_OPENERROR } - -/* Write a request header with a request code. */ -#define WRITE_REQUEST(fp,req) \ - WRITE_INT32(fp,(int32_t)NSLCD_VERSION) \ - WRITE_INT32(fp,(int32_t)req) - -/* Read a response header and check that the returned request - code equals the expected code. */ -#define READ_RESPONSEHEADER(fp,req) \ - READ_TYPE(fp,tmpint32,int32_t); \ - if (tmpint32!=(int32_t)NSLCD_VERSION) \ - { ERROR_OUT_READERROR(fp) } \ - READ_TYPE(fp,tmpint32,int32_t); \ - if (tmpint32!=(int32_t)(req)) \ - { ERROR_OUT_READERROR(fp) } - -/* Read the response code (the result code of the query) from - the stream. */ -#define READ_RESPONSE_CODE(fp) \ - READ_TYPE(fp,tmpint32,int32_t); \ - if (tmpint32!=(int32_t)NSLCD_RESULT_BEGIN) \ - { ERROR_OUT_NOSUCCESS(fp,tmpint32) } /* These are macros for handling read and write problems, they are NSS specific due to the return code so are defined here. They @@ -98,7 +61,7 @@ TFILE *nslcd_client_open(void) /* This macro is called if the read status code is not NSLCD_RESULT_BEGIN. */ -#define ERROR_OUT_NOSUCCESS(fp,retv) \ +#define ERROR_OUT_NOSUCCESS(fp) \ (void)tio_close(fp); \ fp=NULL; \ return NSS_STATUS_NOTFOUND; @@ -108,20 +71,9 @@ TFILE *nslcd_client_open(void) bodies. These functions have very common code so this can easily be reused. */ -#ifndef SKIP_BUFCHECK -#define NSS_BUFCHECK \ - if ((buffer==NULL)||(buflen<=0)) \ - { \ - *errnop=EINVAL; \ - return NSS_STATUS_UNAVAIL; \ - } -#else /* SKIP_BUFCHECK */ -#define NSS_BUFCHECK /* empty */ -#endif /* SKIP_BUFCHECK */ - /* This is a generic get..by..() generation macro. The action - parameter is the NSLCD_ACTION_.. action, the param is the - operation for writing the parameter and readfn is the function + parameter is the NSLCD_ACTION_.. action, the writefn is the + operation for writing the parameters and readfn is the function name for reading a single result entry. The function is assumed to have result, buffer, buflen and errnop parameters that define the result structure, the user buffer with length and the @@ -132,14 +84,13 @@ TFILE *nslcd_client_open(void) int32_t tmpint32; \ enum nss_status retv; \ /* check that we have a valid buffer */ \ - NSS_BUFCHECK \ + if ((buffer==NULL)||(buflen<=0)) \ + { \ + *errnop=EINVAL; \ + return NSS_STATUS_UNAVAIL; \ + } \ /* open socket and write request */ \ - OPEN_SOCK(fp); \ - WRITE_REQUEST(fp,action); \ - writefn; \ - WRITE_FLUSH(fp); \ - /* read response header */ \ - READ_RESPONSEHEADER(fp,action); \ + NSLCD_REQUEST(fp,action,writefn); \ /* read response */ \ READ_RESPONSE_CODE(fp); \ retv=readfn; \ @@ -196,11 +147,7 @@ TFILE *nslcd_client_open(void) if (fp==NULL) \ { \ /* open a new stream and write the request */ \ - OPEN_SOCK(fp); \ - WRITE_REQUEST(fp,action); \ - WRITE_FLUSH(fp); \ - /* read response header */ \ - READ_RESPONSEHEADER(fp,action); \ + NSLCD_REQUEST(fp,action,/* no writefn */); \ } \ /* prepare for buffer errors */ \ tio_mark(fp); \ diff --git a/nss/ethers.c b/nss/ethers.c index bf9ebb8..d059e31 100644 --- a/nss/ethers.c +++ b/nss/ethers.c @@ -36,7 +36,7 @@ static enum nss_status read_etherent( { int32_t tmpint32; size_t bufptr=0; - READ_STRING_BUF(fp,result->e_name); + READ_BUF_STRING(fp,result->e_name); READ_TYPE(fp,result->e_addr,uint8_t[6]); return NSS_STATUS_SUCCESS; } diff --git a/nss/group.c b/nss/group.c index 4fe0123..ea5e819 100644 --- a/nss/group.c +++ b/nss/group.c @@ -37,10 +37,10 @@ static enum nss_status read_group( { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; - READ_STRING_BUF(fp,result->gr_name); - READ_STRING_BUF(fp,result->gr_passwd); + READ_BUF_STRING(fp,result->gr_name); + READ_BUF_STRING(fp,result->gr_passwd); READ_TYPE(fp,result->gr_gid,gid_t); - READ_STRINGLIST_NULLTERM(fp,result->gr_mem); + READ_BUF_STRINGLIST(fp,result->gr_mem); return NSS_STATUS_SUCCESS; } diff --git a/nss/hosts.c b/nss/hosts.c index a73b83b..166792d 100644 --- a/nss/hosts.c +++ b/nss/hosts.c @@ -72,8 +72,8 @@ static enum nss_status read_hostent( int readaf; size_t bufptr=0; /* read the host entry */ - READ_STRING_BUF(fp,result->h_name); - READ_STRINGLIST_NULLTERM(fp,result->h_aliases); + READ_BUF_STRING(fp,result->h_name); + READ_BUF_STRINGLIST(fp,result->h_aliases); result->h_addrtype=af; result->h_length=0; /* read number of addresses to follow */ diff --git a/nss/netgroup.c b/nss/netgroup.c index 57299ea..63e0b97 100644 --- a/nss/netgroup.c +++ b/nss/netgroup.c @@ -34,7 +34,7 @@ /* we redefine this here because we need to return NSS_STATUS_RETURN instead of NSS_STATUS_NOTFOUND */ #undef ERROR_OUT_NOSUCCESS -#define ERROR_OUT_NOSUCCESS(fp,retv) \ +#define ERROR_OUT_NOSUCCESS(fp) \ (void)tio_close(fp); \ fp=NULL; \ return NSS_STATUS_RETURN; @@ -53,28 +53,28 @@ static enum nss_status read_netgrent( { /* the response is a reference to another netgroup */ result->type=group_val; - READ_STRING_BUF(fp,result->val.group); + READ_BUF_STRING(fp,result->val.group); } else if (type==NSLCD_NETGROUP_TYPE_TRIPLE) { /* the response is a host/user/domain triple */ result->type=triple_val; /* read host and revert to NULL on empty string */ - READ_STRING_BUF(fp,result->val.triple.host); + READ_BUF_STRING(fp,result->val.triple.host); if (result->val.triple.host[0]=='\0') { result->val.triple.host=NULL; bufptr--; /* free unused space */ } /* read user and revert to NULL on empty string */ - READ_STRING_BUF(fp,result->val.triple.user); + READ_BUF_STRING(fp,result->val.triple.user); if (result->val.triple.user[0]=='\0') { result->val.triple.user=NULL; bufptr--; /* free unused space */ } /* read domain and revert to NULL on empty string */ - READ_STRING_BUF(fp,result->val.triple.domain); + READ_BUF_STRING(fp,result->val.triple.domain); if (result->val.triple.domain[0]=='\0') { result->val.triple.domain=NULL; @@ -102,12 +102,7 @@ enum nss_status _nss_ldap_setnetgrent(const char *group,struct __netgrent UNUSED if ((group==NULL)||(group[0]=='\0')) return NSS_STATUS_UNAVAIL; /* open a new stream and write the request */ - OPEN_SOCK(netgrentfp); - WRITE_REQUEST(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME); - WRITE_STRING(netgrentfp,group); - WRITE_FLUSH(netgrentfp); - /* read response header */ - READ_RESPONSEHEADER(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME); + NSLCD_REQUEST(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME,WRITE_STRING(netgrentfp,group)); return NSS_STATUS_SUCCESS; } diff --git a/nss/networks.c b/nss/networks.c index 6b3dcd1..7e1cf11 100644 --- a/nss/networks.c +++ b/nss/networks.c @@ -70,8 +70,8 @@ static enum nss_status read_netent( size_t bufptr=0; enum nss_status retv=NSS_STATUS_NOTFOUND; /* read the network entry */ - READ_STRING_BUF(fp,result->n_name); - READ_STRINGLIST_NULLTERM(fp,result->n_aliases); + READ_BUF_STRING(fp,result->n_name); + READ_BUF_STRINGLIST(fp,result->n_aliases); result->n_addrtype=AF_INET; /* read number of addresses to follow */ READ_TYPE(fp,numaddr,int32_t); diff --git a/nss/passwd.c b/nss/passwd.c index 29d70fc..eb5e71b 100644 --- a/nss/passwd.c +++ b/nss/passwd.c @@ -36,13 +36,13 @@ static enum nss_status read_passwd( { int32_t tmpint32; size_t bufptr=0; - READ_STRING_BUF(fp,result->pw_name); - READ_STRING_BUF(fp,result->pw_passwd); + READ_BUF_STRING(fp,result->pw_name); + READ_BUF_STRING(fp,result->pw_passwd); READ_TYPE(fp,result->pw_uid,uid_t); READ_TYPE(fp,result->pw_gid,gid_t); - READ_STRING_BUF(fp,result->pw_gecos); - READ_STRING_BUF(fp,result->pw_dir); - READ_STRING_BUF(fp,result->pw_shell); + READ_BUF_STRING(fp,result->pw_gecos); + READ_BUF_STRING(fp,result->pw_dir); + READ_BUF_STRING(fp,result->pw_shell); return NSS_STATUS_SUCCESS; } diff --git a/nss/protocols.c b/nss/protocols.c index 855c4ad..9a36b15 100644 --- a/nss/protocols.c +++ b/nss/protocols.c @@ -36,8 +36,8 @@ static enum nss_status read_protoent( { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; - READ_STRING_BUF(fp,result->p_name); - READ_STRINGLIST_NULLTERM(fp,result->p_aliases); + READ_BUF_STRING(fp,result->p_name); + READ_BUF_STRINGLIST(fp,result->p_aliases); READ_INT32(fp,result->p_proto); return NSS_STATUS_SUCCESS; } @@ -36,8 +36,8 @@ static enum nss_status read_rpcent( { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; - READ_STRING_BUF(fp,result->r_name); - READ_STRINGLIST_NULLTERM(fp,result->r_aliases); + READ_BUF_STRING(fp,result->r_name); + READ_BUF_STRINGLIST(fp,result->r_aliases); READ_INT32(fp,result->r_number); return NSS_STATUS_SUCCESS; } diff --git a/nss/services.c b/nss/services.c index 27625e6..6399ac6 100644 --- a/nss/services.c +++ b/nss/services.c @@ -36,12 +36,12 @@ static enum nss_status read_servent( { int32_t tmpint32,tmp2int32,tmp3int32; size_t bufptr=0; - READ_STRING_BUF(fp,result->s_name); - READ_STRINGLIST_NULLTERM(fp,result->s_aliases); + READ_BUF_STRING(fp,result->s_name); + READ_BUF_STRINGLIST(fp,result->s_aliases); /* store port number in network byte order */ READ_TYPE(fp,tmpint32,int32_t); result->s_port=ntohs((uint16_t)tmpint32); - READ_STRING_BUF(fp,result->s_proto); + READ_BUF_STRING(fp,result->s_proto); /* we're done */ return NSS_STATUS_SUCCESS; } diff --git a/nss/shadow.c b/nss/shadow.c index 195489a..3d6d82c 100644 --- a/nss/shadow.c +++ b/nss/shadow.c @@ -36,8 +36,8 @@ static enum nss_status read_spwd( { int32_t tmpint32; size_t bufptr=0; - READ_STRING_BUF(fp,result->sp_namp); - READ_STRING_BUF(fp,result->sp_pwdp); + READ_BUF_STRING(fp,result->sp_namp); + READ_BUF_STRING(fp,result->sp_pwdp); READ_INT32(fp,result->sp_lstchg); READ_INT32(fp,result->sp_min); READ_INT32(fp,result->sp_max); diff --git a/pam/Makefile.am b/pam/Makefile.am index c816ffd..765776c 100644 --- a/pam/Makefile.am +++ b/pam/Makefile.am @@ -22,10 +22,10 @@ noinst_PROGRAMS = pam_ldap.so AM_CPPFLAGS=-I$(top_srcdir) AM_CFLAGS = -fPIC -pam_ldap_so_SOURCES = ../nslcd.h ../nslcd-common.h \ - ../compat/attrs.h pam.c +pam_ldap_so_SOURCES = ../nslcd.h ../common/nslcd-prot.h \ + ../compat/attrs.h pam.c common.h pam_ldap_so_LDFLAGS = -shared -Wl,--version-script,\$(srcdir)/exports.linux -pam_ldap_so_LDADD = ../common/libtio.a ../nss/common.o -lpam +pam_ldap_so_LDADD = ../common/libtio.a ../common/libprot.a -lpam EXTRA_DIST = exports.linux diff --git a/pam/common.h b/pam/common.h new file mode 100644 index 0000000..32c6d88 --- /dev/null +++ b/pam/common.h @@ -0,0 +1,84 @@ +/* + common.h - common functions for PAM lookups + + Copyright (C) 2009 Arthur de Jong + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA +*/ + +#ifndef _PAM_COMMON_H +#define _PAM_COMMON_H 1 + +#include <stdio.h> + +#include "nslcd.h" +#include "common/nslcd-prot.h" +#include "compat/attrs.h" + +/* These are macros for handling read and write problems, they are + PAM specific due to the return code so are defined here. They + genrally close the open file, set an error code and return with + an error status. */ + +/* Macro is called to handle errors in opening a client connection. */ +#define ERROR_OUT_OPENERROR \ + return PAM_AUTHINFO_UNAVAIL; + +/* Macro is called to handle errors on read operations. */ +#define ERROR_OUT_READERROR(fp) \ + (void)tio_close(fp); \ + fp=NULL; \ + return PAM_AUTHINFO_UNAVAIL; + +/* Macro is called to handle problems with too small a buffer. */ +#define ERROR_OUT_BUFERROR(fp) \ + return PAM_SYSTEM_ERR; + +/* This macro is called if there was a problem with a write + operation. */ +#define ERROR_OUT_WRITEERROR(fp) \ + ERROR_OUT_READERROR(fp) + +/* This macro is called if the read status code is not + NSLCD_RESULT_BEGIN. */ +#define ERROR_OUT_NOSUCCESS(fp) \ + (void)tio_close(fp); \ + fp=NULL; \ + return PAM_USER_UNKNOWN; + +/* This is a generic PAM request generation macro. The action + parameter is the NSLCD_ACTION_.. action, the writefn is the + operation for writing the parameter and readfn is the function + name for reading a single result entry. The function is assumed + to have result, buffer, buflen and errnop parameters that define + the result structure, the user buffer with length and the + errno to return. This macro should be called through some of + the customized ones below. */ +#define PAM_REQUEST(action,writefn,readfn) \ + TFILE *fp; \ + int32_t tmpint32; \ + int retv; \ + /* open socket and write request */ \ + NSLCD_REQUEST(fp,action,writefn); \ + /* read response */ \ + READ_RESPONSE_CODE(fp); \ + retv=readfn; \ + /* close socket and we're done */ \ + if (retv==PAM_SUCCESS) \ + (void)tio_close(fp); \ + return retv; + +#endif /* not _PAM_COMMON_H */ @@ -32,10 +32,7 @@ #include <errno.h> #include <syslog.h> -/* really ugly workaround */ -#define SKIP_BUFCHECK 1 - -#include "nss/common.h" +#include "common.h" #include "compat/attrs.h" /* these are defined (before including pam_modules.h) for staticly linking */ @@ -57,20 +54,6 @@ #define PLD_CTX "PAM_LDAPD_CTX" -#define NSS2PAM_RC(rc,ignore,ok) \ - switch(rc) { \ - case NSS_STATUS_SUCCESS: \ - rc = ok; break; \ - case NSS_STATUS_UNAVAIL: \ - rc = (ignore & IGNORE_UNAVAIL) ? PAM_IGNORE : PAM_AUTHINFO_UNAVAIL; \ - break; \ - case NSS_STATUS_NOTFOUND: \ - rc = (ignore & IGNORE_UNKNOWN) ? PAM_IGNORE: PAM_USER_UNKNOWN; \ - break; \ - default: \ - rc = PAM_SYSTEM_ERR; break; \ - } - typedef struct pld_ctx { char *user; char *dn; @@ -224,33 +207,33 @@ static int pam_get_authtok( return rc; } -static enum nss_status pam_read_authc( - TFILE *fp,pld_ctx *ctx,int *errnop) +static int pam_read_authc( + TFILE *fp,pld_ctx *ctx) { char *buffer = ctx->buf; size_t buflen = sizeof(ctx->buf); size_t bufptr = 0; int32_t tmpint32; - READ_STRING_BUF(fp,ctx->tmpluser); - READ_STRING_BUF(fp,ctx->dn); + READ_BUF_STRING(fp,ctx->tmpluser); + READ_BUF_STRING(fp,ctx->dn); READ_INT32(fp,ctx->authok); READ_INT32(fp,ctx->authz); - READ_STRING_BUF(fp,ctx->authzmsg); + READ_BUF_STRING(fp,ctx->authzmsg); ctx->authok = nslcd2pam_rc(ctx->authok); ctx->authz = nslcd2pam_rc(ctx->authz); - return NSS_STATUS_SUCCESS; + return PAM_SUCCESS; } -static enum nss_status pam_do_authc( - pld_ctx *ctx, const char *user, const char *svc,const char *pwd,int *errnop) +static int pam_do_authc( + pld_ctx *ctx, const char *user, const char *svc,const char *pwd) { - NSS_BYGEN(NSLCD_ACTION_PAM_AUTHC, + PAM_REQUEST(NSLCD_ACTION_PAM_AUTHC, WRITE_STRING(fp,user); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc); WRITE_STRING(fp,pwd), - pam_read_authc(fp,ctx,errnop)); + pam_read_authc(fp,ctx)); } #define USE_FIRST 1 @@ -260,7 +243,7 @@ static enum nss_status pam_do_authc( int pam_sm_authenticate( pam_handle_t *pamh, int flags, int argc, const char **argv) { - int err, rc; + int rc; const char *username, *svc; char *p = NULL; int first_pass = 0, ignore_flags = 0; @@ -311,8 +294,13 @@ int pam_sm_authenticate( } rc = pam_get_item (pamh, PAM_AUTHTOK, (CONST_ARG void **) &p); if (rc == PAM_SUCCESS) { - rc = pam_do_authc(ctx, username, svc, p, &err); - NSS2PAM_RC(rc, ignore_flags, ctx->authok); + rc = pam_do_authc(ctx, username, svc, p); + if (rc==PAM_SUCCESS) + rc=ctx->authok; + if ((rc==PAM_AUTHINFO_UNAVAIL)&&(ignore_flags&IGNORE_UNAVAIL)) + rc=PAM_IGNORE; + else if ((rc==PAM_USER_UNKNOWN)&&(ignore_flags&IGNORE_UNKNOWN)) + rc=PAM_IGNORE; } if (rc == PAM_SUCCESS || (first_pass & USE_FIRST)) { break; @@ -362,36 +350,36 @@ pam_warn( &resp, aconv->appdata_ptr); } -static enum nss_status pam_read_authz( - TFILE *fp,pld_ctx *ctx,int *errnop) +static int pam_read_authz( + TFILE *fp,pld_ctx *ctx) { char *buffer = ctx->buf; size_t buflen = sizeof(ctx->buf); size_t bufptr = 0; int32_t tmpint32; - READ_STRING_BUF(fp,ctx->tmpluser); - READ_STRING_BUF(fp,ctx->dn); + READ_BUF_STRING(fp,ctx->tmpluser); + READ_BUF_STRING(fp,ctx->dn); READ_INT32(fp,ctx->authz); - READ_STRING_BUF(fp,ctx->authzmsg); + READ_BUF_STRING(fp,ctx->authzmsg); ctx->authz = nslcd2pam_rc(ctx->authz); - return NSS_STATUS_SUCCESS; + return PAM_SUCCESS; } -static enum nss_status pam_do_authz( - pld_ctx *ctx,const char *username,const char *svc,int *errnop) +static int pam_do_authz( + pld_ctx *ctx,const char *username,const char *svc) { - NSS_BYGEN(NSLCD_ACTION_PAM_AUTHZ, + PAM_REQUEST(NSLCD_ACTION_PAM_AUTHZ, WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc), - pam_read_authz(fp,ctx,errnop)); + pam_read_authz(fp,ctx)); } int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, int argc, const char **argv) { - int rc, err; + int rc; const char *username, *svc; int no_warn = 0, ignore_flags = 0; int i; @@ -440,8 +428,11 @@ int pam_sm_acct_mgmt( ctx2.dn = ctx->dn; ctx2.user = ctx->user; - rc = pam_do_authz(&ctx2, username, svc, &err); - NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); + rc = pam_do_authz(&ctx2, username, svc); + if ((rc==PAM_AUTHINFO_UNAVAIL)&&(ignore_flags&IGNORE_UNAVAIL)) + rc=PAM_IGNORE; + else if ((rc==PAM_USER_UNKNOWN)&&(ignore_flags&IGNORE_UNKNOWN)) + rc=PAM_IGNORE; if (rc != PAM_SUCCESS) { if (rc != PAM_IGNORE) pam_warn(appconv, "LDAP authorization failed", PAM_ERROR_MSG, no_warn); @@ -463,16 +454,16 @@ int pam_sm_acct_mgmt( return rc; } -static enum nss_status pam_read_sess( - TFILE *fp,pld_ctx *ctx,int *errnop) +static int pam_read_sess( + TFILE *fp,pld_ctx *ctx) { int tmpint32; READ_INT32(fp,ctx->sessid); - return NSS_STATUS_SUCCESS; + return PAM_SUCCESS; } -static enum nss_status pam_do_sess( - pam_handle_t *pamh,pld_ctx *ctx,int action,int *errnop) +static int pam_do_sess( + pam_handle_t *pamh,pld_ctx *ctx,int action) { const char *svc = NULL, *tty = NULL, *rhost = NULL, *ruser = NULL; @@ -482,7 +473,7 @@ static enum nss_status pam_do_sess( pam_get_item (pamh, PAM_RUSER, (CONST_ARG void **) &ruser); { - NSS_BYGEN(action, + PAM_REQUEST(action, WRITE_STRING(fp,ctx->user); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc); @@ -490,7 +481,7 @@ static enum nss_status pam_do_sess( WRITE_STRING(fp,rhost); WRITE_STRING(fp,ruser); WRITE_INT32(fp,ctx->sessid), - pam_read_sess(fp,ctx,errnop)); + pam_read_sess(fp,ctx)); } } @@ -536,8 +527,11 @@ static int pam_sm_session( if (rc != PAM_SUCCESS) return rc; - rc = pam_do_sess(pamh, ctx, action, &err); - NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); + rc = pam_do_sess(pamh, ctx, action); + if ((rc==PAM_AUTHINFO_UNAVAIL)&&(ignore_flags&IGNORE_UNAVAIL)) + rc=PAM_IGNORE; + else if ((rc==PAM_USER_UNKNOWN)&&(ignore_flags&IGNORE_UNKNOWN)) + rc=PAM_IGNORE; return rc; } @@ -573,39 +567,39 @@ int pam_sm_close_session( return rc; } -static enum nss_status pam_read_pwmod( - TFILE *fp,pld_ctx *ctx,int *errnop) +static int pam_read_pwmod( + TFILE *fp,pld_ctx *ctx) { char *buffer = ctx->buf, *user; size_t buflen = sizeof(ctx->buf); size_t bufptr = 0; int32_t tmpint32; - READ_STRING_BUF(fp,ctx->tmpluser); - READ_STRING_BUF(fp,ctx->dn); + READ_BUF_STRING(fp,ctx->tmpluser); + READ_BUF_STRING(fp,ctx->dn); READ_INT32(fp,ctx->authz); - READ_STRING_BUF(fp,ctx->authzmsg); + READ_BUF_STRING(fp,ctx->authzmsg); ctx->authz = nslcd2pam_rc(ctx->authz); - return NSS_STATUS_SUCCESS; + return PAM_SUCCESS; } -static enum nss_status pam_do_pwmod( +static int pam_do_pwmod( pld_ctx *ctx, const char *user, const char *svc, - const char *oldpw, const char *newpw, int *errnop) + const char *oldpw, const char *newpw) { - NSS_BYGEN(NSLCD_ACTION_PAM_PWMOD, + PAM_REQUEST(NSLCD_ACTION_PAM_PWMOD, WRITE_STRING(fp,user); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc); WRITE_STRING(fp,oldpw); WRITE_STRING(fp,newpw), - pam_read_pwmod(fp,ctx,errnop)); + pam_read_pwmod(fp,ctx)); } int pam_sm_chauthtok( pam_handle_t *pamh, int flags, int argc, const char **argv) { - int rc, err; + int rc; const char *username, *p = NULL, *q = NULL, *svc; int first_pass = 0, no_warn = 0, ignore_flags = 0; int i, success = PAM_SUCCESS; @@ -671,8 +665,11 @@ int pam_sm_chauthtok( rc = PAM_SUCCESS; } if (!ctx->dn) { - rc = pam_do_pwmod(ctx, username, svc, p, NULL, &err); - NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); + rc = pam_do_pwmod(ctx, username, svc, p, NULL); + if ((rc==PAM_AUTHINFO_UNAVAIL)&&(ignore_flags&IGNORE_UNAVAIL)) + rc=PAM_IGNORE; + else if ((rc==PAM_USER_UNKNOWN)&&(ignore_flags&IGNORE_UNKNOWN)) + rc=PAM_IGNORE; } return rc; } @@ -703,9 +700,12 @@ int pam_sm_chauthtok( if (rc != PAM_SUCCESS) return rc; } - rc = pam_do_pwmod(ctx, username, svc, p, q, &err); + rc = pam_do_pwmod(ctx, username, svc, p, q); + if ((rc==PAM_AUTHINFO_UNAVAIL)&&(ignore_flags&IGNORE_UNAVAIL)) + rc=PAM_IGNORE; + else if ((rc==PAM_USER_UNKNOWN)&&(ignore_flags&IGNORE_UNKNOWN)) + rc=PAM_IGNORE; p = NULL; q = NULL; - NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); if (rc == PAM_SUCCESS) { rc = ctx->authz; if (rc != PAM_SUCCESS) diff --git a/tests/Makefile.am b/tests/Makefile.am index 600004b..359146d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -82,7 +82,7 @@ test_common_LDADD = ../nslcd/log.o ../nslcd/common.o ../nslcd/cfg.o \ ../nslcd/myldap.o @nslcd_LIBS@ ../common/libtio.a \ ../common/libdict.a ../compat/libcompat.a -common_SOURCES = ../nss/common.c ../nslcd.h ../nss/prototypes.h \ +common_SOURCES = ../common/nslcd-prot.c ../nslcd.h ../nss/prototypes.h \ ../common/tio.c ../common/tio.h test_aliases_SOURCES = test_aliases.c ../nss/aliases.c $(common_SOURCES) |