1 files changed, 0 insertions, 158 deletions
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 6a9811a..d9a800f 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -339,24 +339,6 @@ static enum ldap_map_selector parse_map(const char *value)
   return LM_NONE;
 }
 
-/* check to see if the line begins with a named map */
-static enum ldap_map_selector get_map(char **line)
-{
-  char token[32];
-  char *old;
-  enum ldap_map_selector map;
-  /* get the token */
-  old = *line;
-  if (get_token(line, token, sizeof(token)) == NULL)
-    return LM_NONE;
-  /* see if we found a map */
-  map = parse_map(token);
-  /* unknown map, return to the previous state */
-  if (map == LM_NONE)
-    *line = old;
-  return map;
-}
-
 static const char *print_map(enum ldap_map_selector map)
 {
   switch (map)
@@ -479,53 +461,6 @@ static void handle_validnames(const char *filename, int lnr,
   free(value);
 }
 
-static void handle_pam_authz_search(
-                const char *filename, int lnr,
-                const char *keyword, char *line, struct ldap_config *cfg)
-{
-  SET *set;
-  const char **list;
-  int i;
-  check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0'));
-  /* find free spot for search filter */
-  for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->pam_authz_searches[i] != NULL);
-       i++)
-    /* nothing */ ;
-  if (i >= NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES)
-  {
-    log_log(LOG_ERR, "%s:%d: maximum number of pam_authz_search options (%d) exceeded",
-            filename, lnr, NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES);
-    exit(EXIT_FAILURE);
-  }
-  cfg->pam_authz_searches[i] = xstrdup(line);
-  /* check the variables used in the expression */
-  set = expr_vars(cfg->pam_authz_searches[i], NULL);
-  list = set_tolist(set);
-  if (list == NULL)
-  {
-    log_log(LOG_CRIT, "malloc() failed to allocate memory");
-    exit(EXIT_FAILURE);
-  }
-  for (i = 0; list[i] != NULL; i++)
-  {
-    if ((strcmp(list[i], "username") != 0) &&
-        (strcmp(list[i], "service") != 0) &&
-        (strcmp(list[i], "ruser") != 0) &&
-        (strcmp(list[i], "rhost") != 0) &&
-        (strcmp(list[i], "tty") != 0) &&
-        (strcmp(list[i], "hostname") != 0) &&
-        (strcmp(list[i], "fqdn") != 0) &&
-        (strcmp(list[i], "dn") != 0) && (strcmp(list[i], "uid") != 0))
-    {
-      log_log(LOG_ERR, "%s:%d: unknown variable $%s", filename, lnr, list[i]);
-      exit(EXIT_FAILURE);
-    }
-  }
-  /* free memory */
-  set_free(set);
-  free(list);
-}
-
 static void handle_pam_password_prohibit_message(
                 const char *filename, int lnr,
                 const char *keyword, char *line, struct ldap_config *cfg)
@@ -578,28 +513,6 @@ static void handle_reconnect_invalidate(
   }
 }
 
-/* check that the file is not world readable */
-static void check_permissions(const char *filename, const char *keyword)
-{
-  struct stat sb;
-  /* get file status */
-  if (stat(filename, &sb))
-  {
-    log_log(LOG_ERR, "cannot stat() %s: %s", filename, strerror(errno));
-    exit(EXIT_FAILURE);
-  }
-  /* check permissions */
-  if ((sb.st_mode & 0007) != 0)
-  {
-    if (keyword != NULL)
-      log_log(LOG_ERR, "%s: file should not be world readable if %s is set",
-              filename, keyword);
-    else
-      log_log(LOG_ERR, "%s: file should not be world readable", filename);
-    exit(EXIT_FAILURE);
-  }
-}
-
 /* set the configuration information to the defaults */
 static void cfg_defaults(struct ldap_config *cfg)
 {
@@ -618,8 +531,6 @@ static void cfg_defaults(struct ldap_config *cfg)
                     "/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i",
                     cfg);
   cfg->ignorecase = 0;
-  for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++)
-    cfg->pam_authz_searches[i] = NULL;
   cfg->pam_password_prohibit_message = NULL;
   for (i = 0; i < LM_NONE; i++)
     cfg->reconnect_invalidate[i] = 0;
@@ -632,7 +543,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg)
   char linebuf[MAX_LINE_LENGTH];
   char *line;
   char keyword[32];
-  char token[64];
   int i;
   /* open config file */
   if ((fp = fopen(filename, "r")) == NULL)
@@ -712,10 +622,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg)
       cfg->ignorecase = get_boolean(filename, lnr, keyword, &line);
       get_eol(filename, lnr, keyword, &line);
     }
-    else if (strcasecmp(keyword, "pam_authz_search") == 0)
-    {
-      handle_pam_authz_search(filename, lnr, keyword, line, cfg);
-    }
     else if (strcasecmp(keyword, "pam_password_prohibit_message") == 0)
     {
       handle_pam_password_prohibit_message(filename, lnr, keyword, line, cfg);
@@ -737,73 +643,12 @@ static void cfg_read(const char *filename, struct ldap_config *cfg)
   fclose(fp);
 }
 
-#ifdef NSLCD_BINDPW_PATH
-static void bindpw_read(const char *filename, struct ldap_config *cfg)
-{
-  FILE *fp;
-  char linebuf[MAX_LINE_LENGTH];
-  int i;
-  /* open config file */
-  errno = 0;
-  if ((fp = fopen(filename, "r")) == NULL)
-  {
-    if (errno == ENOENT)
-    {
-      log_log(LOG_DEBUG, "no bindpw file (%s)", filename);
-      return; /* ignore */
-    }
-    else
-    {
-      log_log(LOG_ERR, "cannot open bindpw file (%s): %s",
-              filename, strerror(errno));
-      exit(EXIT_FAILURE);
-    }
-  }
-  /* check permissions */
-  check_permissions(filename, NULL);
-  /* read the first line */
-  if (fgets(linebuf, sizeof(linebuf), fp) == NULL)
-  {
-    log_log(LOG_ERR, "%s: error reading first line", filename);
-    exit(EXIT_FAILURE);
-  }
-  /* chop the last char off and save the rest as bindpw */
-  i = (int)strlen(linebuf);
-  if ((i <= 0) || (linebuf[i - 1] != '\n'))
-  {
-    log_log(LOG_ERR, "%s:1: line too long or missing newline", filename);
-    exit(EXIT_FAILURE);
-  }
-  linebuf[i - 1] = '\0';
-  if (strlen(linebuf) == 0)
-  {
-    log_log(LOG_ERR, "%s:1: the password is empty", filename);
-    exit(EXIT_FAILURE);
-  }
-  cfg->bindpw = strdup(linebuf);
-  /* check if there is no more data in the file */
-  if (fgets(linebuf, sizeof(linebuf), fp) != NULL)
-  {
-    log_log(LOG_ERR, "%s:2: there is more than one line in the bindpw file",
-            filename);
-    exit(EXIT_FAILURE);
-  }
-  fclose(fp);
-}
-#endif /* NSLCD_BINDPW_PATH */
-
 /* dump configuration */
 static void cfg_dump(void)
 {
   int i;
-#ifdef LDAP_OPT_X_TLS
-  int rc;
-#endif /* LDAP_OPT_X_TLS */
-  enum ldap_map_selector map;
-  char *str;
   const char **strp;
   char buffer[1024];
-  int *scopep;
   log_log(LOG_DEBUG, "CFG: threads %d", nslcd_cfg->threads);
   if (nslcd_cfg->uidname != NULL)
     log_log(LOG_DEBUG, "CFG: uid %s", nslcd_cfg->uidname);
@@ -844,9 +689,6 @@ static void cfg_dump(void)
   log_log(LOG_DEBUG, "CFG: nss_nested_groups %s", print_boolean(nslcd_cfg->nss_nested_groups));
   log_log(LOG_DEBUG, "CFG: validnames %s", nslcd_cfg->validnames_str);
   log_log(LOG_DEBUG, "CFG: ignorecase %s", print_boolean(nslcd_cfg->ignorecase));
-  for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++)
-    if (nslcd_cfg->pam_authz_searches[i] != NULL)
-      log_log(LOG_DEBUG, "CFG: pam_authz_search %s", nslcd_cfg->pam_authz_searches[i]);
   if (nslcd_cfg->pam_password_prohibit_message != NULL)
     log_log(LOG_DEBUG, "CFG: pam_password_prohibit_message \"%s\"", nslcd_cfg->pam_password_prohibit_message);
   /* build a comma-separated list */