diff options
Diffstat (limited to 'nslcd/cfg.c')
| -rw-r--r-- | nslcd/cfg.c | 329 |
1 files changed, 0 insertions, 329 deletions
diff --git a/nslcd/cfg.c b/nslcd/cfg.c index d62cf80..6a9811a 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -66,16 +66,6 @@ struct ldap_config *nslcd_cfg = NULL; /* the delimiters of tokens */ #define TOKEN_DELIM " \t\n\r" -/* convenient wrapper macro for ldap_set_option() */ -#define LDAP_SET_OPTION(ld, option, invalue) \ - rc = ldap_set_option(ld, option, invalue); \ - if (rc != LDAP_SUCCESS) \ - { \ - log_log(LOG_ERR, "ldap_set_option(" #option ") failed: %s", \ - ldap_err2string(rc)); \ - exit(EXIT_FAILURE); \ - } - /* simple strdup wrapper */ static char *xstrdup(const char *s) { @@ -139,15 +129,6 @@ static char *get_token(char **line, char *buf, size_t buflen) return buf; } -static char *get_strdup(const char *filename, int lnr, - const char *keyword, char **line) -{ - char token[64]; - check_argumentcount(filename, lnr, keyword, - get_token(line, token, sizeof(token)) != NULL); - return xstrdup(token); -} - static char *get_linedup(const char *filename, int lnr, const char *keyword, char **line) { @@ -212,63 +193,6 @@ static const char *print_boolean(int bool) else return "no"; } -#define TIME_MINUTES 60 -#define TIME_HOURS (60 * 60) -#define TIME_DAYS (60 * 60 * 24) - -static time_t parse_time(const char *filename, int lnr, const char *value) -{ - time_t t; - char *tmp = NULL; - if (strcasecmp(value, "off") == 0) - return 0; - errno = 0; - t = strtol(value, &tmp, 10); - if (errno != 0) - { - log_log(LOG_ERR, "%s:%d: value out of range: '%s'", - filename, lnr, value); - exit(EXIT_FAILURE); - } - if ((strcasecmp(tmp, "") == 0) || (strcasecmp(tmp, "s") == 0)) - return t; - else if (strcasecmp(tmp, "m") == 0) - return t * TIME_MINUTES; - else if (strcasecmp(tmp, "h") == 0) - return t * TIME_HOURS; - else if (strcasecmp(tmp, "d") == 0) - return t * TIME_DAYS; - else - { - log_log(LOG_ERR, "%s:%d: invalid time value: '%s'", - filename, lnr, value); - exit(EXIT_FAILURE); - } -} - -static time_t get_time(const char *filename, int lnr, - const char *keyword, char **line) -{ - char token[32]; - check_argumentcount(filename, lnr, keyword, - get_token(line, token, sizeof(token)) != NULL); - return parse_time(filename, lnr, token); -} - -static void print_time(time_t t, char *buffer, size_t buflen) -{ - if (t == 0) - mysnprintf(buffer, buflen, "off"); - else if ((t % TIME_DAYS) == 0) - mysnprintf(buffer, buflen, "%ldd", (long)(t / TIME_DAYS)); - else if ((t % TIME_HOURS) == 0) - mysnprintf(buffer, buflen, "%ldh", (long)(t / TIME_HOURS)); - else if ((t % TIME_MINUTES) == 0) - mysnprintf(buffer, buflen, "%ldm", (long)(t / TIME_MINUTES)); - else - mysnprintf(buffer, buflen, "%lds", (long)t); -} - static void handle_uid(const char *filename, int lnr, const char *keyword, char *line, struct ldap_config *cfg) @@ -385,153 +309,6 @@ static void handle_log(const char *filename, int lnr, } } -/* add a single URI to the list of URIs in the configuration */ -static void add_uri(const char *filename, int lnr, - struct ldap_config *cfg, const char *uri) -{ - int i; - /* find the place where to insert the URI */ - for (i = 0; cfg->uris[i].uri != NULL; i++) - /* nothing */ ; - /* check for room */ - if (i >= NSS_LDAP_CONFIG_MAX_URIS) - { - log_log(LOG_ERR, "%s:%d: maximum number of URIs exceeded", - filename, lnr); - exit(EXIT_FAILURE); - } - /* append URI to list */ - cfg->uris[i].uri = xstrdup(uri); -} - -#ifdef HAVE_LDAP_DOMAIN2HOSTLIST -/* return the domain name of the current host - the returned string must be freed by caller */ -static const char *cfg_getdomainname(const char *filename, int lnr) -{ - const char *fqdn, *domain; - fqdn = getfqdn(); - if ((fqdn != NULL) && ((domain = strchr(fqdn, '.')) != NULL) && (domain[1] != '\0')) - return domain + 1; - log_log(LOG_ERR, "%s:%d: unable to determinate a domain name", - filename, lnr); - exit(EXIT_FAILURE); -} - -/* add URIs by doing DNS queries for SRV records */ -static void add_uris_from_dns(const char *filename, int lnr, - struct ldap_config *cfg, const char *domain) -{ - int rc; - char *hostlist = NULL, *nxt; - char buf[HOST_NAME_MAX + sizeof("ldap://")]; - log_log(LOG_DEBUG, "query %s for SRV records", domain); - rc = ldap_domain2hostlist(domain, &hostlist); - if (rc != LDAP_SUCCESS) - { - log_log(LOG_ERR, "%s:%d: no servers found in DNS zone %s: %s", - filename, lnr, domain, ldap_err2string(rc)); - exit(EXIT_FAILURE); - } - if ((hostlist == NULL) || (*hostlist == '\0')) - { - log_log(LOG_ERR, "%s:%d: no servers found in DNS zone %s", - filename, lnr, domain); - exit(EXIT_FAILURE); - } - /* hostlist is a space-separated list of host names that we use to build - URIs */ - while (hostlist != NULL) - { - /* find the next space and split the string there */ - nxt = strchr(hostlist, ' '); - if (nxt != NULL) - { - *nxt = '\0'; - nxt++; - } - /* if port is 636, use ldaps:// URI */ - if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4, ":636") == 0)) - { - hostlist[strlen(hostlist) - 4] = '\0'; - if (mysnprintf(buf, sizeof(buf), "ldaps://%s", hostlist)) - { - log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%d required)", - strlen(hostlist) + 8); - exit(EXIT_FAILURE); - } - } - else - { - /* strip default port number */ - if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4, ":389") == 0)) - hostlist[strlen(hostlist) - 4] = '\0'; - if (mysnprintf(buf, sizeof(buf), "ldap://%s", hostlist)) - { - log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%d required)", - strlen(hostlist) + 7); - exit(EXIT_FAILURE); - } - } - log_log(LOG_DEBUG, "add_uris_from_dns(): found uri: %s", buf); - add_uri(filename, lnr, cfg, buf); - /* get next entry from list */ - hostlist = nxt; - } -} -#endif /* HAVE_LDAP_DOMAIN2HOSTLIST */ - -static void handle_krb5_ccname(const char *filename, int lnr, - const char *keyword, char *line) -{ - char token[80]; - const char *ccname; - const char *ccfile; - size_t ccenvlen; - char *ccenv; -#ifdef HAVE_GSS_KRB5_CCACHE_NAME - OM_uint32 minor_status; -#endif /* HAVE_GSS_KRB5_CCACHE_NAME */ - /* get token */ - check_argumentcount(filename, lnr, keyword, - (get_token(&line, token, sizeof(token)) != NULL)); - get_eol(filename, lnr, keyword, &line); - /* set default kerberos ticket cache for SASL-GSSAPI */ - ccname = token; - /* check that cache exists and is readable if it is a file */ - if ((strncasecmp(ccname, "FILE:", sizeof("FILE:") - 1) == 0) || - (strncasecmp(ccname, "WRFILE:", sizeof("WRFILE:") - 1) == 0)) - { - ccfile = strchr(ccname, ':') + 1; - if (access(ccfile, R_OK) != 0) - { - log_log(LOG_ERR, "%s:%d: error accessing %s: %s", - filename, lnr, ccfile, strerror(errno)); - exit(EXIT_FAILURE); - } - } - /* set the environment variable (we have a memory leak if this option - is set multiple times) */ - ccenvlen = strlen(ccname) + sizeof("KRB5CCNAME="); - ccenv = (char *)malloc(ccenvlen); - if (ccenv == NULL) - { - log_log(LOG_CRIT, "malloc() failed to allocate memory"); - exit(EXIT_FAILURE); - } - mysnprintf(ccenv, ccenvlen, "KRB5CCNAME=%s", ccname); - putenv(ccenv); -#ifdef HAVE_GSS_KRB5_CCACHE_NAME - /* set the name with gss_krb5_ccache_name() */ - if (gss_krb5_ccache_name(&minor_status, ccname, NULL) != GSS_S_COMPLETE) - { - log_log(LOG_ERR, "%s:%d: unable to set default credential cache: %s", - filename, lnr, ccname); - exit(EXIT_FAILURE); - } -#endif /* HAVE_GSS_KRB5_CCACHE_NAME */ -} - static enum ldap_map_selector parse_map(const char *value) { if ((strcasecmp(value, "alias") == 0) || (strcasecmp(value, "aliases") == 0)) @@ -801,34 +578,6 @@ static void handle_reconnect_invalidate( } } -static void handle_cache(const char *filename, int lnr, - const char *keyword, char *line, - struct ldap_config *cfg) -{ - char cache[16]; - time_t value1, value2; - /* get cache map and values */ - check_argumentcount(filename, lnr, keyword, - get_token(&line, cache, sizeof(cache)) != NULL); - value1 = get_time(filename, lnr, keyword, &line); - if ((line != NULL) && (*line != '\0')) - value2 = get_time(filename, lnr, keyword, &line); - else - value2 = value1; - get_eol(filename, lnr, keyword, &line); - /* check the cache */ - if (strcasecmp(cache, "dn2uid") == 0) - { - cfg->cache_dn2uid_positive = value1; - cfg->cache_dn2uid_negative = value2; - } - else - { - log_log(LOG_ERR, "%s:%d: unknown cache: '%s'", filename, lnr, cache); - exit(EXIT_FAILURE); - } -} - /* check that the file is not world readable */ static void check_permissions(const char *filename, const char *keyword) { @@ -860,42 +609,6 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->uidname = NULL; cfg->uid = NOUID; cfg->gid = NOGID; - for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++) - { - cfg->uris[i].uri = NULL; - cfg->uris[i].firstfail = 0; - cfg->uris[i].lastfail = 0; - } -#ifdef LDAP_VERSION3 - cfg->ldap_version = LDAP_VERSION3; -#else /* LDAP_VERSION3 */ - cfg->ldap_version = LDAP_VERSION2; -#endif /* not LDAP_VERSION3 */ - cfg->binddn = NULL; - cfg->bindpw = NULL; - cfg->rootpwmoddn = NULL; - cfg->rootpwmodpw = NULL; - cfg->sasl_mech = NULL; - cfg->sasl_realm = NULL; - cfg->sasl_authcid = NULL; - cfg->sasl_authzid = NULL; - cfg->sasl_secprops = NULL; -#ifdef LDAP_OPT_X_SASL_NOCANON - cfg->sasl_canonicalize = -1; -#endif /* LDAP_OPT_X_SASL_NOCANON */ - for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) - cfg->bases[i] = NULL; - cfg->scope = LDAP_SCOPE_SUBTREE; - cfg->deref = LDAP_DEREF_NEVER; - cfg->referrals = 1; - cfg->bind_timelimit = 10; - cfg->timelimit = LDAP_NO_LIMIT; - cfg->idle_timelimit = 0; - cfg->reconnect_sleeptime = 1; - cfg->reconnect_retrytime = 10; -#ifdef LDAP_OPT_X_TLS - cfg->ssl = SSL_OFF; -#endif /* LDAP_OPT_X_TLS */ cfg->pagesize = 0; cfg->nss_initgroups_ignoreusers = NULL; cfg->nss_min_uid = 0; @@ -910,8 +623,6 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->pam_password_prohibit_message = NULL; for (i = 0; i < LM_NONE; i++) cfg->reconnect_invalidate[i] = 0; - cfg->cache_dn2uid_positive = 15 * TIME_MINUTES; - cfg->cache_dn2uid_negative = 15 * TIME_MINUTES; } static void cfg_read(const char *filename, struct ldap_config *cfg) @@ -923,10 +634,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) char keyword[32]; char token[64]; int i; -#ifdef LDAP_OPT_X_TLS - int rc; - char *value; -#endif /* open config file */ if ((fp = fopen(filename, "r")) == NULL) { @@ -1017,10 +724,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) { handle_reconnect_invalidate(filename, lnr, keyword, line, cfg); } - else if (strcasecmp(keyword, "cache") == 0) - { - handle_cache(filename, lnr, keyword, line, cfg); - } #ifdef ENABLE_CONFIGFILE_CHECKING /* fallthrough */ else @@ -1157,16 +860,10 @@ static void cfg_dump(void) } if (buffer[0] != '\0') log_log(LOG_DEBUG, "CFG: reconnect_invalidate %s", buffer); - print_time(nslcd_cfg->cache_dn2uid_positive, buffer, sizeof(buffer) / 2); - print_time(nslcd_cfg->cache_dn2uid_positive, buffer + (sizeof(buffer) / 2), sizeof(buffer) / 2); - log_log(LOG_DEBUG, "CFG: cache dn2uid %s %s", buffer, buffer + (sizeof(buffer) / 2)); } void cfg_init(const char *fname) { -#ifdef LDAP_OPT_X_TLS - int i; -#endif /* LDAP_OPT_X_TLS */ /* check if we were called before */ if (nslcd_cfg != NULL) { @@ -1187,32 +884,6 @@ void cfg_init(const char *fname) #ifdef NSLCD_BINDPW_PATH bindpw_read(NSLCD_BINDPW_PATH, nslcd_cfg); #endif /* NSLCD_BINDPW_PATH */ - /* do some sanity checks */ - if (nslcd_cfg->uris[0].uri == NULL) - { - log_log(LOG_ERR, "no URIs defined in config"); - exit(EXIT_FAILURE); - } - /* if ssl is on each URI should start with ldaps */ -#ifdef LDAP_OPT_X_TLS - if (nslcd_cfg->ssl == SSL_LDAPS) - { - for (i = 0; nslcd_cfg->uris[i].uri != NULL; i++) - { - if (strncasecmp(nslcd_cfg->uris[i].uri, "ldaps://", 8) != 0) - log_log(LOG_WARNING, "%s doesn't start with ldaps:// and \"ssl on\" is specified", - nslcd_cfg->uris[i].uri); - } - } - /* TODO: check that if some tls options are set the ssl option should be set to on (just warn) */ -#endif /* LDAP_OPT_X_TLS */ - /* TODO: handle the case gracefully when no LDAP server is available yet */ - /* see if we have a valid basedn */ - if ((nslcd_cfg->bases[0] == NULL) || (nslcd_cfg->bases[0][0] == '\0')) - { - log_log(LOG_ERR, "no base defined in config and couldn't get one from server"); - exit(EXIT_FAILURE); - } /* dump configuration */ cfg_dump(); } |