diff options
Diffstat (limited to 'nslcd/cfg.c')
-rw-r--r-- | nslcd/cfg.c | 158 |
1 files changed, 0 insertions, 158 deletions
diff --git a/nslcd/cfg.c b/nslcd/cfg.c index 6a9811a..d9a800f 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -339,24 +339,6 @@ static enum ldap_map_selector parse_map(const char *value) return LM_NONE; } -/* check to see if the line begins with a named map */ -static enum ldap_map_selector get_map(char **line) -{ - char token[32]; - char *old; - enum ldap_map_selector map; - /* get the token */ - old = *line; - if (get_token(line, token, sizeof(token)) == NULL) - return LM_NONE; - /* see if we found a map */ - map = parse_map(token); - /* unknown map, return to the previous state */ - if (map == LM_NONE) - *line = old; - return map; -} - static const char *print_map(enum ldap_map_selector map) { switch (map) @@ -479,53 +461,6 @@ static void handle_validnames(const char *filename, int lnr, free(value); } -static void handle_pam_authz_search( - const char *filename, int lnr, - const char *keyword, char *line, struct ldap_config *cfg) -{ - SET *set; - const char **list; - int i; - check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); - /* find free spot for search filter */ - for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->pam_authz_searches[i] != NULL); - i++) - /* nothing */ ; - if (i >= NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) - { - log_log(LOG_ERR, "%s:%d: maximum number of pam_authz_search options (%d) exceeded", - filename, lnr, NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES); - exit(EXIT_FAILURE); - } - cfg->pam_authz_searches[i] = xstrdup(line); - /* check the variables used in the expression */ - set = expr_vars(cfg->pam_authz_searches[i], NULL); - list = set_tolist(set); - if (list == NULL) - { - log_log(LOG_CRIT, "malloc() failed to allocate memory"); - exit(EXIT_FAILURE); - } - for (i = 0; list[i] != NULL; i++) - { - if ((strcmp(list[i], "username") != 0) && - (strcmp(list[i], "service") != 0) && - (strcmp(list[i], "ruser") != 0) && - (strcmp(list[i], "rhost") != 0) && - (strcmp(list[i], "tty") != 0) && - (strcmp(list[i], "hostname") != 0) && - (strcmp(list[i], "fqdn") != 0) && - (strcmp(list[i], "dn") != 0) && (strcmp(list[i], "uid") != 0)) - { - log_log(LOG_ERR, "%s:%d: unknown variable $%s", filename, lnr, list[i]); - exit(EXIT_FAILURE); - } - } - /* free memory */ - set_free(set); - free(list); -} - static void handle_pam_password_prohibit_message( const char *filename, int lnr, const char *keyword, char *line, struct ldap_config *cfg) @@ -578,28 +513,6 @@ static void handle_reconnect_invalidate( } } -/* check that the file is not world readable */ -static void check_permissions(const char *filename, const char *keyword) -{ - struct stat sb; - /* get file status */ - if (stat(filename, &sb)) - { - log_log(LOG_ERR, "cannot stat() %s: %s", filename, strerror(errno)); - exit(EXIT_FAILURE); - } - /* check permissions */ - if ((sb.st_mode & 0007) != 0) - { - if (keyword != NULL) - log_log(LOG_ERR, "%s: file should not be world readable if %s is set", - filename, keyword); - else - log_log(LOG_ERR, "%s: file should not be world readable", filename); - exit(EXIT_FAILURE); - } -} - /* set the configuration information to the defaults */ static void cfg_defaults(struct ldap_config *cfg) { @@ -618,8 +531,6 @@ static void cfg_defaults(struct ldap_config *cfg) "/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i", cfg); cfg->ignorecase = 0; - for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++) - cfg->pam_authz_searches[i] = NULL; cfg->pam_password_prohibit_message = NULL; for (i = 0; i < LM_NONE; i++) cfg->reconnect_invalidate[i] = 0; @@ -632,7 +543,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) char linebuf[MAX_LINE_LENGTH]; char *line; char keyword[32]; - char token[64]; int i; /* open config file */ if ((fp = fopen(filename, "r")) == NULL) @@ -712,10 +622,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) cfg->ignorecase = get_boolean(filename, lnr, keyword, &line); get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword, "pam_authz_search") == 0) - { - handle_pam_authz_search(filename, lnr, keyword, line, cfg); - } else if (strcasecmp(keyword, "pam_password_prohibit_message") == 0) { handle_pam_password_prohibit_message(filename, lnr, keyword, line, cfg); @@ -737,73 +643,12 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) fclose(fp); } -#ifdef NSLCD_BINDPW_PATH -static void bindpw_read(const char *filename, struct ldap_config *cfg) -{ - FILE *fp; - char linebuf[MAX_LINE_LENGTH]; - int i; - /* open config file */ - errno = 0; - if ((fp = fopen(filename, "r")) == NULL) - { - if (errno == ENOENT) - { - log_log(LOG_DEBUG, "no bindpw file (%s)", filename); - return; /* ignore */ - } - else - { - log_log(LOG_ERR, "cannot open bindpw file (%s): %s", - filename, strerror(errno)); - exit(EXIT_FAILURE); - } - } - /* check permissions */ - check_permissions(filename, NULL); - /* read the first line */ - if (fgets(linebuf, sizeof(linebuf), fp) == NULL) - { - log_log(LOG_ERR, "%s: error reading first line", filename); - exit(EXIT_FAILURE); - } - /* chop the last char off and save the rest as bindpw */ - i = (int)strlen(linebuf); - if ((i <= 0) || (linebuf[i - 1] != '\n')) - { - log_log(LOG_ERR, "%s:1: line too long or missing newline", filename); - exit(EXIT_FAILURE); - } - linebuf[i - 1] = '\0'; - if (strlen(linebuf) == 0) - { - log_log(LOG_ERR, "%s:1: the password is empty", filename); - exit(EXIT_FAILURE); - } - cfg->bindpw = strdup(linebuf); - /* check if there is no more data in the file */ - if (fgets(linebuf, sizeof(linebuf), fp) != NULL) - { - log_log(LOG_ERR, "%s:2: there is more than one line in the bindpw file", - filename); - exit(EXIT_FAILURE); - } - fclose(fp); -} -#endif /* NSLCD_BINDPW_PATH */ - /* dump configuration */ static void cfg_dump(void) { int i; -#ifdef LDAP_OPT_X_TLS - int rc; -#endif /* LDAP_OPT_X_TLS */ - enum ldap_map_selector map; - char *str; const char **strp; char buffer[1024]; - int *scopep; log_log(LOG_DEBUG, "CFG: threads %d", nslcd_cfg->threads); if (nslcd_cfg->uidname != NULL) log_log(LOG_DEBUG, "CFG: uid %s", nslcd_cfg->uidname); @@ -844,9 +689,6 @@ static void cfg_dump(void) log_log(LOG_DEBUG, "CFG: nss_nested_groups %s", print_boolean(nslcd_cfg->nss_nested_groups)); log_log(LOG_DEBUG, "CFG: validnames %s", nslcd_cfg->validnames_str); log_log(LOG_DEBUG, "CFG: ignorecase %s", print_boolean(nslcd_cfg->ignorecase)); - for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++) - if (nslcd_cfg->pam_authz_searches[i] != NULL) - log_log(LOG_DEBUG, "CFG: pam_authz_search %s", nslcd_cfg->pam_authz_searches[i]); if (nslcd_cfg->pam_password_prohibit_message != NULL) log_log(LOG_DEBUG, "CFG: pam_password_prohibit_message \"%s\"", nslcd_cfg->pam_password_prohibit_message); /* build a comma-separated list */ |