diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2007-09-07 11:10:45 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2007-09-07 11:10:45 +0000 |
| commit | 7ded202fd6128c9e4586a63df1bf8a36c8835f11 (patch) | |
| tree | 4f5160caeb214648aa4cb5b23691dce0127762d9 /nslcd | |
| parent | 916f4afca2d7a655e7179f350d09362a18661bb5 (diff) | |
also pass search filter for the *_all() functions from the database module instead of doing it in ldap-nss.c
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@377 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'nslcd')
| -rw-r--r-- | nslcd/alias.c | 7 | ||||
| -rw-r--r-- | nslcd/ether.c | 7 | ||||
| -rw-r--r-- | nslcd/group.c | 120 | ||||
| -rw-r--r-- | nslcd/host.c | 10 | ||||
| -rw-r--r-- | nslcd/ldap-nss.c | 509 | ||||
| -rw-r--r-- | nslcd/ldap-nss.h | 26 | ||||
| -rw-r--r-- | nslcd/ldap-schema.c | 1 | ||||
| -rw-r--r-- | nslcd/netgroup.c | 3 | ||||
| -rw-r--r-- | nslcd/network.c | 7 | ||||
| -rw-r--r-- | nslcd/passwd.c | 15 | ||||
| -rw-r--r-- | nslcd/protocol.c | 7 | ||||
| -rw-r--r-- | nslcd/rpc.c | 7 | ||||
| -rw-r--r-- | nslcd/service.c | 7 | ||||
| -rw-r--r-- | nslcd/shadow.c | 7 |
14 files changed, 233 insertions, 500 deletions
diff --git a/nslcd/alias.c b/nslcd/alias.c index b3a6c0d..9cba228 100644 --- a/nslcd/alias.c +++ b/nslcd/alias.c @@ -142,7 +142,8 @@ int nslcd_alias_byname(TFILE *fp) int nslcd_alias_all(TFILE *fp) { int32_t tmpint32,tmp2int32; - static struct ent_context *alias_context; + struct ent_context *alias_context; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct aliasent result; char buffer[1024]; @@ -157,8 +158,10 @@ int nslcd_alias_all(TFILE *fp) if (_nss_ldap_ent_context_init(&alias_context)==NULL) return -1; /* loop over all results */ + mkfilter_alias_all(filter,sizeof(filter)); alias_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&alias_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getaliasent,LM_ALIASES,alias_attrs,_nss_ldap_parse_alias)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(&alias_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,alias_attrs,LM_ALIASES,_nss_ldap_parse_alias))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/ether.c b/nslcd/ether.c index 9898880..25ce24a 100644 --- a/nslcd/ether.c +++ b/nslcd/ether.c @@ -225,7 +225,8 @@ int nslcd_ether_byether(TFILE *fp) int nslcd_ether_all(TFILE *fp) { int32_t tmpint32; - static struct ent_context *ether_context; + char filter[1024]; + struct ent_context *ether_context; /* these are here for now until we rewrite the LDAP code */ struct ether result; char buffer[1024]; @@ -240,8 +241,10 @@ int nslcd_ether_all(TFILE *fp) if (_nss_ldap_ent_context_init(ðer_context)==NULL) return -1; /* loop over all results */ + mkfilter_ether_all(filter,sizeof(filter)); ether_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(ðer_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getetherent,LM_ETHERS,ether_attrs,_nss_ldap_parse_ether)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(ðer_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,ether_attrs,LM_ETHERS,_nss_ldap_parse_ether))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/group.c b/nslcd/group.c index 3f7c2d7..687790a 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -142,6 +142,15 @@ static int mkfilter_group_bygid(gid_t gid, attmap_group_cn,gid); } +static int mkfilter_getgroupsbydn(const char *dn, + char *buffer,size_t buflen) +{ + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_group_objectClass, + attmap_group_uniqueMember,dn); +} + static char *user2dn(const char *user) { /* TODO: move this to passwd.c once we are sure we would be able to lock there */ @@ -162,25 +171,35 @@ static char *user2dn(const char *user) return userdn; } -/* create a search filter for searching a group entry - by name, return -1 on errors */ -static int mkfilter_group_bymember(const char *name, - char *buffer,size_t buflen) +static int mkfilter_group_bymember(const char *user, + char *buffer,size_t buflen) { char buf2[1024]; - char *buf3; + const char *userdn; + char buf3[1024]; /* escape attribute */ - if(myldap_escape(name,buf2,sizeof(buf2))) + if(myldap_escape(user,buf2,sizeof(buf2))) return -1; - /* DN format */ - /* TODO: look up user DN and store it in buf3 */ - buf3=buf2; - /* build filter */ - return mysnprintf(buffer,buflen, - "(&(%s=%s)(|(%s=%s)(%s=%s)))", - attmap_objectClass,attmap_group_objectClass, - attmap_group_memberUid,buf2, - attmap_group_uniqueMember,buf3); + /* lookup the user's DN */ + if (_nss_ldap_test_config_flag(NSS_LDAP_FLAGS_RFC2307BIS)) + userdn=user2dn(user); + if (userdn==NULL) + return mysnprintf(buffer,buflen, + "(&(%s=%s)(%s=%s))", + attmap_objectClass,attmap_group_objectClass, + attmap_group_memberUid,user); + else + { + /* escape DN */ + if(myldap_escape(userdn,buf3,sizeof(buf3))) + return -1; + ldap_memfree(userdn); + return mysnprintf(buffer,buflen, + "(&(%s=%s)(|(%s=%s)(%s=%s)))", + attmap_objectClass, attmap_group_objectClass, + attmap_group_memberUid, user, + attmap_group_uniqueMember, userdn); + } } /* create a search filter for searching a group entry @@ -962,7 +981,7 @@ do_parse_initgroups_nested (LDAPMessage * e, static enum nss_status ng_chase(const char *dn, ldap_initgroups_args_t * lia) { - struct ldap_args a; + char filter[1024]; enum nss_status stat; struct ent_context *ctx=NULL; const char *gidnumber_attrs[2]; @@ -977,19 +996,14 @@ static enum nss_status ng_chase(const char *dn, ldap_initgroups_args_t * lia) gidnumber_attrs[0]=attmap_group_gidNumber; gidnumber_attrs[1]=NULL; - LA_INIT(a); - LA_STRING(a)=dn; - LA_TYPE(a)=LA_TYPE_STRING; - if (_nss_ldap_ent_context_init_locked(&ctx)==NULL) { return NSS_STATUS_UNAVAIL; } - - stat=_nss_ldap_getent_ex(&a, &ctx, lia, NULL, 0, - &erange, _nss_ldap_filt_getgroupsbydn, - LM_GROUP, gidnumber_attrs, - do_parse_initgroups_nested); + mkfilter_getgroupsbydn(dn,filter,sizeof(filter)); + stat=_nss_ldap_getent_ex(&ctx,lia,NULL,0,&erange, + NULL,filter,gidnumber_attrs, + LM_GROUP,do_parse_initgroups_nested); if (stat==NSS_STATUS_SUCCESS) { @@ -1059,10 +1073,9 @@ static enum nss_status ng_chase_backlink(const char ** membersOf, ldap_initgroup return NSS_STATUS_UNAVAIL; } - stat = _nss_ldap_getent_ex (&a, &ctx, lia, NULL, 0, - &erange, "(distinguishedName=%s)", - LM_GROUP, gidnumber_attrs, - do_parse_initgroups_nested); + stat=_nss_ldap_getent_ex(&ctx,lia,NULL,0,&erange, + NULL,"(distinguishedName=%s)",gidnumber_attrs, + LM_GROUP,do_parse_initgroups_nested); if (stat == NSS_STATUS_SUCCESS) { @@ -1092,17 +1105,13 @@ static int group_bymember(const char *user, long int *start, int *errnop) { ldap_initgroups_args_t lia; - int erange = 0; - char *userdn=NULL; - struct ldap_args a; - const char *flt; + char filter[1024]; enum nss_status stat; struct ent_context *ctx=NULL; const char *gidnumber_attrs[3]; - enum ldap_map_selector map = LM_GROUP; log_log(LOG_DEBUG,"==> group_bymember (user=%s)",user); lia.depth = 0; - lia.known_groups = NULL; + lia.known_groups=NULL; _nss_ldap_enter(); /* initialize schema */ stat=_nss_ldap_init(); @@ -1112,56 +1121,28 @@ static int group_bymember(const char *user, long int *start, _nss_ldap_leave(); return -1; } - if (_nss_ldap_test_config_flag(NSS_LDAP_FLAGS_RFC2307BIS)) - { - /* lookup the user's DN. */ - userdn=user2dn(user); - } - - if (userdn != NULL) - { - LA_STRING2 (a) = userdn; - LA_TYPE (a) = LA_TYPE_STRING_AND_STRING; - flt = _nss_ldap_filt_getgroupsbymemberanddn; - } - else - { - flt = _nss_ldap_filt_getgroupsbymember; - } - + mkfilter_group_bymember(user,filter,sizeof(filter)); gidnumber_attrs[0] = attmap_group_gidNumber; gidnumber_attrs[1] = NULL; - if (_nss_ldap_ent_context_init_locked(&ctx)==NULL) { log_log(LOG_DEBUG,"<== group_bymember (ent_context_init failed)"); _nss_ldap_leave (); return -1; } - - stat=_nss_ldap_getent_ex(&a,&ctx,(void *)&lia,NULL,0, - errnop, - flt, - map, - gidnumber_attrs, - do_parse_initgroups_nested); - - if (userdn!=NULL) - ldap_memfree(userdn); - + stat=_nss_ldap_getent_ex(&ctx,(void *)&lia,NULL,0,errnop, + NULL,filter,gidnumber_attrs, + LM_GROUP,do_parse_initgroups_nested); _nss_ldap_namelist_destroy(&lia.known_groups); _nss_ldap_ent_context_release(ctx); free(ctx); _nss_ldap_leave(); - if ((stat!=NSS_STATUS_SUCCESS)&&(stat!=NSS_STATUS_NOTFOUND)) { log_log(LOG_DEBUG,"<== group_bymember (not found)"); return -1; } - log_log(LOG_DEBUG,"<== group_bymember (success)"); - return 0; } @@ -1310,6 +1291,7 @@ int nslcd_group_all(TFILE *fp) { int32_t tmpint32,tmp2int32,tmp3int32; struct ent_context *gr_context=NULL; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct group result; char buffer[1024]; @@ -1324,8 +1306,10 @@ int nslcd_group_all(TFILE *fp) if (_nss_ldap_ent_context_init(&gr_context)==NULL) return -1; /* loop over all results */ + mkfilter_group_all(filter,sizeof(filter)); group_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&gr_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getgrent,LM_GROUP,group_attrs,_nss_ldap_parse_gr)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(&gr_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,group_attrs,LM_GROUP,_nss_ldap_parse_gr))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/host.c b/nslcd/host.c index dc74f02..9d1cc15 100644 --- a/nslcd/host.c +++ b/nslcd/host.c @@ -388,7 +388,8 @@ int nslcd_host_byaddr(TFILE *fp) int nslcd_host_all(TFILE *fp) { int32_t tmpint32; - static struct ent_context *host_context; + struct ent_context *host_context; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct hostent result; char buffer[1024]; @@ -403,15 +404,16 @@ int nslcd_host_all(TFILE *fp) if (_nss_ldap_ent_context_init(&host_context)==NULL) return -1; /* loop over all results */ + mkfilter_host_all(filter,sizeof(filter)); host_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&host_context,&result,buffer,1024,&errnop,_nss_ldap_filt_gethostent,LM_HOSTS, - host_attrs, + while ((retv=_nss_ldap_getent(&host_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,host_attrs,LM_HOSTS, #ifdef INET6 (_res.options&RES_USE_INET6)?_nss_ldap_parse_hostv6:_nss_ldap_parse_hostv4 #else _nss_ldap_parse_hostv4 #endif - )))==NSLCD_RESULT_SUCCESS) + ))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/ldap-nss.c b/nslcd/ldap-nss.c index 2393567..7f56429 100644 --- a/nslcd/ldap-nss.c +++ b/nslcd/ldap-nss.c @@ -1380,212 +1380,6 @@ _nss_ldap_ent_context_release (struct ent_context * ctx) } /* - * AND or OR a set of filters. - */ -static enum nss_status -do_aggregate_filter (const char **values, - const char *filterprot, char *bufptr, size_t buflen) -{ - const char **valueP; - - assert (buflen > sizeof ("(|)")); - - bufptr[0] = '('; - bufptr[1] = '|'; - - bufptr += 2; - buflen -= 2; - - for (valueP = values; *valueP != NULL; valueP++) - { - size_t len; - char filter[LDAP_FILT_MAXSIZ], escapedBuf[LDAP_FILT_MAXSIZ]; - - if (_nss_ldap_escape_string (*valueP, escapedBuf, sizeof (escapedBuf))) - return NSS_STATUS_TRYAGAIN; - - snprintf (filter, sizeof (filter), filterprot, escapedBuf); - len = strlen (filter); - - if (buflen < len + 1 /* ')' */ ) - return NSS_STATUS_TRYAGAIN; - - memcpy (bufptr, filter, len); - bufptr[len] = '\0'; - bufptr += len; - buflen -= len; - } - - if (buflen < 2) - return NSS_STATUS_TRYAGAIN; - - *bufptr++ = ')'; - *bufptr++ = '\0'; - - buflen -= 2; - - return NSS_STATUS_SUCCESS; -} - -/* - * Do the necessary formatting to create a string filter. - */ -static enum nss_status -do_filter (const struct ldap_args *args, const char *filterprot, - struct ldap_service_search_descriptor *sd, char *userBuf, - size_t userBufSiz, char **dynamicUserBuf, const char **retFilter) -{ - - /* sd is the map-specific search descriptor as specified in the config */ - - char buf1[LDAP_FILT_MAXSIZ], buf2[LDAP_FILT_MAXSIZ]; - char *filterBufP, filterBuf[LDAP_FILT_MAXSIZ]; - size_t filterSiz; - enum nss_status stat = NSS_STATUS_SUCCESS; - - log_log(LOG_DEBUG,"==> do_filter"); - - *dynamicUserBuf = NULL; - - if (args != NULL) - { - /* choose what to use for temporary storage */ - - if (sd!=NULL&&sd->lsd_filter!=NULL) - { - filterBufP=filterBuf; - filterSiz=sizeof(filterBuf); - } - else - { - filterBufP=userBuf; - filterSiz=userBufSiz; - } - - switch (args->la_type) - { - case LA_TYPE_STRING: - if (_nss_ldap_escape_string(args->la_arg1.la_string,buf1,sizeof(buf1))) - { - stat=NSS_STATUS_TRYAGAIN; - break; - } - snprintf (filterBufP, filterSiz, filterprot, buf1); - break; - case LA_TYPE_NUMBER: - snprintf (filterBufP, filterSiz, filterprot, - args->la_arg1.la_number); - break; - case LA_TYPE_STRING_AND_STRING: - if (_nss_ldap_escape_string(args->la_arg1.la_string,buf1,sizeof(buf1))) - { - stat=NSS_STATUS_TRYAGAIN; - break; - } - if (_nss_ldap_escape_string(args->la_arg2.la_string,buf2,sizeof(buf2))) - { - stat=NSS_STATUS_TRYAGAIN; - break; - } - snprintf (filterBufP, filterSiz, filterprot, buf1, buf2); - break; - case LA_TYPE_NUMBER_AND_STRING: - if (_nss_ldap_escape_string(args->la_arg2.la_string,buf1,sizeof(buf1))) - { - stat=NSS_STATUS_TRYAGAIN; - break; - } - snprintf (filterBufP, filterSiz, filterprot, - args->la_arg1.la_number, buf1); - break; - case LA_TYPE_STRING_LIST_OR: - do - { - stat = do_aggregate_filter (args->la_arg1.la_string_list, - filterprot, filterBufP, filterSiz); - if (stat == NSS_STATUS_TRYAGAIN) - { - filterBufP = *dynamicUserBuf = realloc (*dynamicUserBuf, - 2 * filterSiz); - if (filterBufP == NULL) - return NSS_STATUS_UNAVAIL; - filterSiz *= 2; - } - } - while (stat == NSS_STATUS_TRYAGAIN); - break; - default: - return NSS_STATUS_UNAVAIL; - break; - } - - if (stat != NSS_STATUS_SUCCESS) - return stat; - - /* - * This code really needs to be cleaned up. - */ - if ((sd!=NULL) && (sd->lsd_filter!=NULL)) - { - size_t filterBufPLen = strlen (filterBufP); - - /* remove trailing bracket */ - if (filterBufP[filterBufPLen - 1] == ')') - filterBufP[filterBufPLen - 1] = '\0'; - - if (*dynamicUserBuf != NULL) - { - char *oldDynamicUserBuf = *dynamicUserBuf; - size_t dynamicUserBufSiz; - - dynamicUserBufSiz = filterBufPLen + strlen(sd->lsd_filter) + - sizeof ("())"); - *dynamicUserBuf = malloc (dynamicUserBufSiz); - if (*dynamicUserBuf == NULL) - { - free (oldDynamicUserBuf); - return NSS_STATUS_UNAVAIL; - } - - snprintf (*dynamicUserBuf, dynamicUserBufSiz, "%s(%s))", - filterBufP, sd->lsd_filter); - free (oldDynamicUserBuf); - } - else - { - snprintf (userBuf, userBufSiz, "%s(%s))", - filterBufP, sd->lsd_filter); - } - } - - if (*dynamicUserBuf != NULL) - *retFilter = *dynamicUserBuf; - else - *retFilter = userBuf; - } - else - { - /* no arguments, probably an enumeration filter */ - if ((sd!=NULL) && (sd->lsd_filter!=NULL)) - { - snprintf (userBuf, userBufSiz, "(&%s(%s))", - filterprot, sd->lsd_filter); - *retFilter = userBuf; - } - else - { - *retFilter = filterprot; - } - } - - log_log(LOG_DEBUG,":== do_filter: %s", *retFilter); - - log_log(LOG_DEBUG,"<== do_filter"); - - return NSS_STATUS_SUCCESS; -} - -/* * Function to call either do_search() or do_search_s() with * reconnection logic. */ @@ -2125,156 +1919,96 @@ next: * Assumes caller holds lock. */ static enum nss_status -_nss_ldap_search (const struct ldap_args * args, - const char *filterprot, enum ldap_map_selector sel, - const char **attrs, int sizelimit, int *msgid, - struct ldap_service_search_descriptor ** csd) +_nss_ldap_search (const char *base,const char *filter,const char **attrs, + enum ldap_map_selector sel, + int sizelimit, int *msgid, + struct ldap_service_search_descriptor **csd) { - const char *base = NULL; - char filterBuf[LDAP_FILT_MAXSIZ], *dynamicFilterBuf = NULL; - const char *filter; int scope; enum nss_status stat; - struct ldap_service_search_descriptor *sd = NULL; - + struct ldap_service_search_descriptor *sd=NULL; log_log(LOG_DEBUG,"==> _nss_ldap_search"); - *msgid = -1; - - stat = do_init (); - if (stat != NSS_STATUS_SUCCESS) - { - log_log(LOG_DEBUG,"<== _nss_ldap_search"); - return stat; - } - + stat=do_init(); + if (stat!=NSS_STATUS_SUCCESS) + { + log_log(LOG_DEBUG,"<== _nss_ldap_search"); + return stat; + } /* Set some reasonable defaults. */ - base = nslcd_cfg->ldc_base; - scope = nslcd_cfg->ldc_scope; - - if (args != NULL && args->la_base != NULL) + if (base==NULL) + base=nslcd_cfg->ldc_base; + scope=nslcd_cfg->ldc_scope; + if (sel<LM_NONE || *csd!=NULL) + { + /* + * If we were chasing multiple descriptors and there are none left, + * just quit with NSS_STATUS_NOTFOUND. + */ + if (*csd != NULL) { - sel = LM_NONE; - base = args->la_base; + sd = (*csd)->lsd_next; + if (sd == NULL) + return NSS_STATUS_NOTFOUND; } - - if (sel < LM_NONE || *csd != NULL) + else + sd = nslcd_cfg->ldc_sds[sel]; + *csd = sd; + if (sd != NULL) { - /* - * If we were chasing multiple descriptors and there are none left, - * just quit with NSS_STATUS_NOTFOUND. - */ - if (*csd != NULL) - { - sd = (*csd)->lsd_next; - if (sd == NULL) - return NSS_STATUS_NOTFOUND; - } - else - { - sd = nslcd_cfg->ldc_sds[sel]; - } - - *csd = sd; - - if (sd != NULL) - { - if (sd->lsd_base!=NULL) - base=sd->lsd_base; - if (sd->lsd_scope!=-1) - scope=sd->lsd_scope; - } + if (sd->lsd_base!=NULL) + base=sd->lsd_base; + if (sd->lsd_scope!=-1) + scope=sd->lsd_scope; } - - stat = - do_filter (args, filterprot, sd, filterBuf, sizeof (filterBuf), - &dynamicFilterBuf, &filter); - if (stat != NSS_STATUS_SUCCESS) - return stat; - - stat = do_with_reconnect (base, scope, filter, attrs, - sizelimit, msgid, (search_func_t) do_search); - - if (dynamicFilterBuf != NULL) - free (dynamicFilterBuf); - + } + stat=do_with_reconnect(base,scope,filter,attrs, + sizelimit,msgid,(search_func_t)do_search); log_log(LOG_DEBUG,"<== _nss_ldap_search"); - return stat; } -#ifdef HAVE_LDAP_SEARCH_EXT static enum nss_status -do_next_page (const struct ldap_args * args, - const char *filterprot, enum ldap_map_selector sel, - const char **attrs, int sizelimit, int *msgid, +do_next_page (const char *base,const char *filter,const char **attrs, + enum ldap_map_selector sel, + int sizelimit, int *msgid, struct berval *pCookie) { - const char *base = NULL; - char filterBuf[LDAP_FILT_MAXSIZ], *dynamicFilterBuf = NULL; - const char *filter; - int scope; + int scope=-1; enum nss_status stat; - struct ldap_service_search_descriptor *sd = NULL; - LDAPControl *serverctrls[2] = { - NULL, NULL - }; - - /* Set some reasonable defaults. */ - base = nslcd_cfg->ldc_base; - scope = nslcd_cfg->ldc_scope; - - if (args != NULL && args->la_base != NULL) - { - sel = LM_NONE; - base = args->la_base; - } - + struct ldap_service_search_descriptor *sd=NULL; + LDAPControl *serverctrls[2]={ NULL, NULL }; if (sel<LM_NONE) { sd=nslcd_cfg->ldc_sds[sel]; if (sd!=NULL) { - if (sd->lsd_base!=NULL) + if ((sd->lsd_base!=NULL)&&(base=NULL)) base=sd->lsd_base; if (sd->lsd_scope!=-1) scope=sd->lsd_scope; } } - - stat = - do_filter (args, filterprot, sd, filterBuf, sizeof (filterBuf), - &dynamicFilterBuf, &filter); - if (stat != NSS_STATUS_SUCCESS) - { - return stat; - } - - stat = - ldap_create_page_control (__session.ls_conn, - nslcd_cfg->ldc_pagesize, - pCookie, 0, &serverctrls[0]); + /* set some reasonable defaults */ + if (base==NULL) + base=nslcd_cfg->ldc_base; + if (scope==-1) + scope=nslcd_cfg->ldc_scope; + stat=ldap_create_page_control(__session.ls_conn, + nslcd_cfg->ldc_pagesize, + pCookie,0,&serverctrls[0]); if (stat != LDAP_SUCCESS) - { - if (dynamicFilterBuf != NULL) - free (dynamicFilterBuf); - return NSS_STATUS_UNAVAIL; - } - - stat = - ldap_search_ext (__session.ls_conn, base, - nslcd_cfg->ldc_scope, - filter, - (char **) attrs, 0, serverctrls, NULL, LDAP_NO_LIMIT, - sizelimit, msgid); - - ldap_control_free (serverctrls[0]); - if (dynamicFilterBuf != NULL) - free (dynamicFilterBuf); - - return (*msgid < 0) ? NSS_STATUS_UNAVAIL : NSS_STATUS_SUCCESS; + { + return NSS_STATUS_UNAVAIL; + } + stat=ldap_search_ext(__session.ls_conn,base, + nslcd_cfg->ldc_scope, + filter, + (char **)attrs,0,serverctrls,NULL,LDAP_NO_LIMIT, + sizelimit,msgid); + ldap_control_free(serverctrls[0]); + return (*msgid<0)?NSS_STATUS_UNAVAIL:NSS_STATUS_SUCCESS; } -#endif /* HAVE_LDAP_SEARCH_EXT */ /* * General entry point for enumeration routines. @@ -2283,26 +2017,23 @@ do_next_page (const struct ldap_args * args, * enumeration is not completed. * Locks mutex. */ -enum nss_status -_nss_ldap_getent (struct ent_context ** ctx, - void *result, char *buffer, size_t buflen, - int *errnop, const char *filterprot, - enum ldap_map_selector sel, const char **attrs, parser_t parser) +int +_nss_ldap_getent(struct ent_context **ctx, + void *result,char *buffer,size_t buflen,int *errnop, + const char *base,const char *filter, + const char **attrs, enum ldap_map_selector sel, parser_t parser) { - enum nss_status status; - + int status; /* * we need to lock here as the context may not be thread-specific * data (under glibc, for example). Maybe we should make the lock part * of the context. */ - - _nss_ldap_enter (); - status = _nss_ldap_getent_ex (NULL, ctx, result, - buffer, buflen, - errnop, filterprot, sel, attrs, parser); - _nss_ldap_leave (); - + _nss_ldap_enter(); + status=nss2nslcd(_nss_ldap_getent_ex(ctx,result, + buffer,buflen, + errnop,base,filter,attrs,sel,parser)); + _nss_ldap_leave(); return status; } @@ -2311,81 +2042,73 @@ _nss_ldap_getent (struct ent_context ** ctx, * Caller holds global mutex */ enum nss_status -_nss_ldap_getent_ex (struct ldap_args * args, - struct ent_context ** ctx, void *result, - char *buffer, size_t buflen, int *errnop, - const char *filterprot, - enum ldap_map_selector sel, - const char **attrs, parser_t parser) +_nss_ldap_getent_ex(struct ent_context **ctx, + void *result,char *buffer,size_t buflen,int *errnop, + const char *base,const char *filter, + const char **attrs, + enum ldap_map_selector sel,parser_t parser) { enum nss_status stat = NSS_STATUS_SUCCESS; - log_log(LOG_DEBUG,"==> _nss_ldap_getent_ex"); + log_log(LOG_DEBUG,"==> _nss_ldap_getent_ex (base=\"%s\", filter=\"%s\")",base,filter); if (*ctx == NULL || (*ctx)->ec_msgid < 0) + { + /* + * implicitly call setent() if this is the first time + * or there is no active search + */ + if (_nss_ldap_ent_context_init_locked (ctx) == NULL) { - /* - * implicitly call setent() if this is the first time - * or there is no active search - */ - if (_nss_ldap_ent_context_init_locked (ctx) == NULL) - { - log_log(LOG_DEBUG,"<== _nss_ldap_getent_ex"); - return NSS_STATUS_UNAVAIL; - } + log_log(LOG_DEBUG,"<== _nss_ldap_getent_ex"); + return NSS_STATUS_UNAVAIL; } + } next: /* * If ctx->ec_msgid < 0, then we haven't searched yet. Let's do it! */ if ((*ctx)->ec_msgid < 0) - { - int msgid; - - stat = _nss_ldap_search (args, filterprot, sel, attrs, - LDAP_NO_LIMIT, &msgid, &(*ctx)->ec_sd); - if (stat != NSS_STATUS_SUCCESS) - { - log_log(LOG_DEBUG,"<== _nss_ldap_getent_ex"); - return stat; - } + { + int msgid; - (*ctx)->ec_msgid = msgid; + stat=_nss_ldap_search(base,filter,attrs,sel, + LDAP_NO_LIMIT,&msgid,&(*ctx)->ec_sd); + if (stat != NSS_STATUS_SUCCESS) + { + log_log(LOG_DEBUG,"<== _nss_ldap_getent_ex"); + return stat; } - stat = do_parse (*ctx, result, buffer, buflen, errnop, parser); + (*ctx)->ec_msgid = msgid; + } + + stat = do_parse(*ctx, result, buffer, buflen, errnop, parser); -#ifdef HAVE_LDAP_SEARCH_EXT if (stat == NSS_STATUS_NOTFOUND) + { + /* Is there another page of results? */ + if ((*ctx)->ec_cookie != NULL && (*ctx)->ec_cookie->bv_len != 0) { - /* Is there another page of results? */ - if ((*ctx)->ec_cookie != NULL && (*ctx)->ec_cookie->bv_len != 0) - { - int msgid; - - stat = - do_next_page (NULL, filterprot, sel, attrs, LDAP_NO_LIMIT, &msgid, - (*ctx)->ec_cookie); - if (stat != NSS_STATUS_SUCCESS) - { - log_log(LOG_DEBUG,"<== _nss_ldap_getent_ex"); - return stat; - } - (*ctx)->ec_msgid = msgid; - stat = do_parse (*ctx, result, buffer, buflen, errnop, parser); - } + int msgid; + stat=do_next_page(base,filter,attrs,sel,LDAP_NO_LIMIT,&msgid, + (*ctx)->ec_cookie); + if (stat!=NSS_STATUS_SUCCESS) + { + log_log(LOG_DEBUG,"<== _nss_ldap_getent_ex"); + return stat; + } + (*ctx)->ec_msgid=msgid; + stat=do_parse(*ctx,result,buffer,buflen,errnop,parser); } -#endif /* HAVE_LDAP_SEARCH_EXT */ - + } if (stat == NSS_STATUS_NOTFOUND && (*ctx)->ec_sd != NULL) - { - (*ctx)->ec_msgid = -1; - goto next; - } - + { + (*ctx)->ec_msgid = -1; + goto next; + } log_log(LOG_DEBUG,"<== _nss_ldap_getent_ex"); - return stat; } diff --git a/nslcd/ldap-nss.h b/nslcd/ldap-nss.h index 85f1b59..5b5152c 100644 --- a/nslcd/ldap-nss.h +++ b/nslcd/ldap-nss.h @@ -253,30 +253,32 @@ enum nss_status _nss_ldap_read (const char *dn, /* IN */ * extended enumeration routine; uses asynchronous API. * Caller must have acquired the global mutex */ -enum nss_status _nss_ldap_getent_ex (struct ldap_args * args, /* IN */ +enum nss_status _nss_ldap_getent_ex ( struct ent_context ** ctx, /* IN/OUT */ void *result, /* IN/OUT */ char *buffer, /* IN */ size_t buflen, /* IN */ int *errnop, /* OUT */ - const char *filterprot, /* IN */ - enum ldap_map_selector sel, /* IN */ + const char *base, /* IN */ + const char *filter, /* IN */ const char **attrs, /* IN */ + enum ldap_map_selector sel, /* IN */ parser_t parser /* IN */ ); /* * common enumeration routine; uses asynchronous API. * Acquires the global mutex */ -enum nss_status _nss_ldap_getent (struct ent_context ** ctx, /* IN/OUT */ - void *result, /* IN/OUT */ - char *buffer, /* IN */ - size_t buflen, /* IN */ - int *errnop, /* OUT */ - const char *filterprot, /* IN */ - enum ldap_map_selector sel, /* IN */ - const char **attrs, /* IN */ - parser_t parser /* IN */ ); +int _nss_ldap_getent(struct ent_context ** ctx, /* IN/OUT */ + void *result, /* IN/OUT */ + char *buffer, /* IN */ + size_t buflen, /* IN */ + int *errnop, /* OUT */ + const char *base, /* IN */ + const char *filter, /* IN */ + const char **attrs, /* IN */ + enum ldap_map_selector sel, /* IN */ + parser_t parser /* IN */ ); /* * common lookup routine; uses synchronous API. diff --git a/nslcd/ldap-schema.c b/nslcd/ldap-schema.c index b2ff8c1..8177656 100644 --- a/nslcd/ldap-schema.c +++ b/nslcd/ldap-schema.c @@ -144,4 +144,3 @@ _nss_ldap_init_filters () "(%s=%s)", attmap_objectClass, attmap_shadow_objectClass); } - diff --git a/nslcd/netgroup.c b/nslcd/netgroup.c index b829659..a1ef35e 100644 --- a/nslcd/netgroup.c +++ b/nslcd/netgroup.c @@ -312,9 +312,8 @@ out: int nslcd_netgroup_byname(TFILE *fp) { - int32_t tmpint32; - static struct ent_context *netgroup_context=NULL; + struct ent_context *netgroup_context=NULL; char name[256]; char filter[1024]; /* these are here for now until we rewrite the LDAP code */ diff --git a/nslcd/network.c b/nslcd/network.c index 2c9e000..b7b9b2b 100644 --- a/nslcd/network.c +++ b/nslcd/network.c @@ -256,7 +256,8 @@ int nslcd_network_byaddr(TFILE *fp) int nslcd_network_all(TFILE *fp) { int32_t tmpint32; - static struct ent_context *net_context; + struct ent_context *net_context; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct netent result; char buffer[1024]; @@ -271,8 +272,10 @@ int nslcd_network_all(TFILE *fp) if (_nss_ldap_ent_context_init(&net_context)==NULL) return -1; /* loop over all results */ + mkfilter_network_all(filter,sizeof(filter)); network_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&net_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getnetent,LM_NETWORKS,network_attrs,_nss_ldap_parse_net)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(&net_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,network_attrs,LM_NETWORKS,_nss_ldap_parse_net))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); diff --git a/nslcd/passwd.c b/nslcd/passwd.c index d02e881..17d3ca7 100644 --- a/nslcd/passwd.c +++ b/nslcd/passwd.c @@ -296,8 +296,9 @@ int nslcd_passwd_byuid(TFILE *fp) int nslcd_passwd_all(TFILE *fp) { int32_t tmpint32; + struct ent_context *passwd_context = NULL; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ - struct ent_context *pw_context = NULL; struct passwd result; char buffer[1024]; int errnop; @@ -308,11 +309,13 @@ int nslcd_passwd_all(TFILE *fp) WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PASSWD_ALL); /* initialize context */ - if (_nss_ldap_ent_context_init(&pw_context)==NULL) + if (_nss_ldap_ent_context_init(&passwd_context)==NULL) return -1; /* go over results */ + mkfilter_passwd_all(filter,sizeof(filter)); passwd_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&pw_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getpwent,LM_PASSWD,passwd_attrs,_nss_ldap_parse_pw)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(&passwd_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,passwd_attrs,LM_PASSWD,_nss_ldap_parse_pw))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); @@ -322,9 +325,9 @@ int nslcd_passwd_all(TFILE *fp) WRITE_INT32(fp,retv); WRITE_FLUSH(fp); /* FIXME: if some statement returns what happens to the context? */ - _nss_ldap_enter(); \ - _nss_ldap_ent_context_release(pw_context); \ - _nss_ldap_leave(); \ + _nss_ldap_enter(); + _nss_ldap_ent_context_release(passwd_context); + _nss_ldap_leave(); /* we're done */ return 0; } diff --git a/nslcd/protocol.c b/nslcd/protocol.c index d502a08..278241f 100644 --- a/nslcd/protocol.c +++ b/nslcd/protocol.c @@ -208,7 +208,8 @@ int nslcd_protocol_bynumber(TFILE *fp) int nslcd_protocol_all(TFILE *fp) { int32_t tmpint32,tmp2int32,tmp3int32; - static struct ent_context *protocol_context; + struct ent_context *protocol_context; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct protoent result; char buffer[1024]; @@ -223,8 +224,10 @@ int nslcd_protocol_all(TFILE *fp) if (_nss_ldap_ent_context_init(&protocol_context)==NULL) return -1; /* loop over all results */ + mkfilter_protocol_all(filter,sizeof(filter)); protocol_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&protocol_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getprotoent,LM_PROTOCOLS,protocol_attrs,_nss_ldap_parse_proto)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(&protocol_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,protocol_attrs,LM_PROTOCOLS,_nss_ldap_parse_proto))==NSLCD_RESULT_SUCCESS) { /* write the result code */ WRITE_INT32(fp,retv); diff --git a/nslcd/rpc.c b/nslcd/rpc.c index de25b5a..8b9c4f5 100644 --- a/nslcd/rpc.c +++ b/nslcd/rpc.c @@ -213,7 +213,8 @@ int nslcd_rpc_bynumber(TFILE *fp) int nslcd_rpc_all(TFILE *fp) { int32_t tmpint32; - static struct ent_context *rpc_context; + struct ent_context *rpc_context; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct rpcent result; char buffer[1024]; @@ -228,8 +229,10 @@ int nslcd_rpc_all(TFILE *fp) if (_nss_ldap_ent_context_init(&rpc_context)==NULL) return -1; /* loop over all results */ + mkfilter_rpc_all(filter,sizeof(filter)); rpc_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&rpc_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getrpcent,LM_RPC,rpc_attrs,_nss_ldap_parse_rpc)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(&rpc_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,rpc_attrs,LM_RPC,_nss_ldap_parse_rpc))==NSLCD_RESULT_SUCCESS) { /* write the result code */ WRITE_INT32(fp,retv); diff --git a/nslcd/service.c b/nslcd/service.c index d794ba4..cbfab55 100644 --- a/nslcd/service.c +++ b/nslcd/service.c @@ -325,7 +325,8 @@ int nslcd_service_bynumber(TFILE *fp) int nslcd_service_all(TFILE *fp) { int32_t tmpint32; - static struct ent_context *serv_context; + struct ent_context *serv_context; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct servent result; char buffer[1024]; @@ -340,8 +341,10 @@ int nslcd_service_all(TFILE *fp) if (_nss_ldap_ent_context_init(&serv_context)==NULL) return -1; /* loop over all results */ + mkfilter_service_all(filter,sizeof(filter)); service_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&serv_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getservent,LM_SERVICES,service_attrs,_nss_ldap_parse_serv)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(&serv_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,service_attrs,LM_SERVICES,_nss_ldap_parse_serv))==NSLCD_RESULT_SUCCESS) { /* write the result code */ WRITE_INT32(fp,retv); diff --git a/nslcd/shadow.c b/nslcd/shadow.c index eaafdec..f569de7 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -228,7 +228,8 @@ int nslcd_shadow_byname(TFILE *fp) int nslcd_shadow_all(TFILE *fp) { int32_t tmpint32; - static struct ent_context *shadow_context; + struct ent_context *shadow_context; + char filter[1024]; /* these are here for now until we rewrite the LDAP code */ struct spwd result; char buffer[1024]; @@ -243,8 +244,10 @@ int nslcd_shadow_all(TFILE *fp) if (_nss_ldap_ent_context_init(&shadow_context)==NULL) return -1; /* loop over all results */ + mkfilter_shadow_all(filter,sizeof(filter)); shadow_attrs_init(); - while ((retv=nss2nslcd(_nss_ldap_getent(&shadow_context,&result,buffer,1024,&errnop,_nss_ldap_filt_getspent,LM_SHADOW,shadow_attrs,_nss_ldap_parse_sp)))==NSLCD_RESULT_SUCCESS) + while ((retv=_nss_ldap_getent(&shadow_context,&result,buffer,sizeof(buffer),&errnop, + NULL,filter,shadow_attrs,LM_SHADOW,_nss_ldap_parse_sp))==NSLCD_RESULT_SUCCESS) { /* write the result */ WRITE_INT32(fp,retv); |