diff options
Diffstat (limited to 'nslcd/shadow.c')
| -rw-r--r-- | nslcd/shadow.c | 315 |
1 files changed, 159 insertions, 156 deletions
diff --git a/nslcd/shadow.c b/nslcd/shadow.c index 2cb920d..e88ec4b 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -65,23 +65,20 @@ const char *attmap_shadow_shadowExpire = "\"${shadowExpire:--1}\""; const char *attmap_shadow_shadowFlag = "\"${shadowFlag:-0}\""; /* default values for attributes */ -static const char *default_shadow_userPassword = "*"; /* unmatchable */ +static const char *default_shadow_userPassword = "*"; /* unmatchable */ /* the attribute list to request with searches */ -static const char **shadow_attrs=NULL; +static const char **shadow_attrs = NULL; -static int mkfilter_shadow_byname(const char *name, - char *buffer,size_t buflen) +static int mkfilter_shadow_byname(const char *name, char *buffer, size_t buflen) { char safename[300]; /* escape attribute */ - if(myldap_escape(name,safename,sizeof(safename))) + if (myldap_escape(name, safename, sizeof(safename))) return -1; /* build filter */ - return mysnprintf(buffer,buflen, - "(&%s(%s=%s))", - shadow_filter, - attmap_shadow_uid,safename); + return mysnprintf(buffer, buflen, "(&%s(%s=%s))", + shadow_filter, attmap_shadow_uid, safename); } void shadow_init(void) @@ -89,72 +86,72 @@ void shadow_init(void) int i; SET *set; /* set up search bases */ - if (shadow_bases[0]==NULL) - for (i=0;i<NSS_LDAP_CONFIG_MAX_BASES;i++) - shadow_bases[i]=nslcd_cfg->ldc_bases[i]; + if (shadow_bases[0] == NULL) + for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) + shadow_bases[i] = nslcd_cfg->ldc_bases[i]; /* set up scope */ - if (shadow_scope==LDAP_SCOPE_DEFAULT) - shadow_scope=nslcd_cfg->ldc_scope; + if (shadow_scope == LDAP_SCOPE_DEFAULT) + shadow_scope = nslcd_cfg->ldc_scope; /* set up attribute list */ - set=set_new(); - attmap_add_attributes(set,attmap_shadow_uid); - attmap_add_attributes(set,attmap_shadow_userPassword); - attmap_add_attributes(set,attmap_shadow_shadowLastChange); - attmap_add_attributes(set,attmap_shadow_shadowMax); - attmap_add_attributes(set,attmap_shadow_shadowMin); - attmap_add_attributes(set,attmap_shadow_shadowWarning); - attmap_add_attributes(set,attmap_shadow_shadowInactive); - attmap_add_attributes(set,attmap_shadow_shadowExpire); - attmap_add_attributes(set,attmap_shadow_shadowFlag); - shadow_attrs=set_tolist(set); + set = set_new(); + attmap_add_attributes(set, attmap_shadow_uid); + attmap_add_attributes(set, attmap_shadow_userPassword); + attmap_add_attributes(set, attmap_shadow_shadowLastChange); + attmap_add_attributes(set, attmap_shadow_shadowMax); + attmap_add_attributes(set, attmap_shadow_shadowMin); + attmap_add_attributes(set, attmap_shadow_shadowWarning); + attmap_add_attributes(set, attmap_shadow_shadowInactive); + attmap_add_attributes(set, attmap_shadow_shadowExpire); + attmap_add_attributes(set, attmap_shadow_shadowFlag); + shadow_attrs = set_tolist(set); set_free(set); } -static long to_date(const char *dn,const char *date,const char *attr) +static long to_date(const char *dn, const char *date, const char *attr) { char buffer[32]; long value; char *tmp; size_t l; /* do some special handling for date values on AD */ - if (strcasecmp(attr,"pwdLastSet")==0) + if (strcasecmp(attr, "pwdLastSet") == 0) { /* we expect an AD 64-bit datetime value; we should do date=date/864000000000-134774 but that causes problems on 32-bit platforms, first we devide by 1000000000 by stripping the last 9 digits from the string and going from there */ - l=strlen(date)-9; - if (l>(sizeof(buffer)-1)) + l = strlen(date) - 9; + if (l > (sizeof(buffer) - 1)) return -1; /* error */ - strncpy(buffer,date,l); - buffer[l]='\0'; - errno=0; - value=strtol(date,&tmp,10); - if ((*date=='\0')||(*tmp!='\0')) + strncpy(buffer, date, l); + buffer[l] = '\0'; + errno = 0; + value = strtol(date, &tmp, 10); + if ((*date == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric",dn,attr); + log_log(LOG_WARNING, "%s: %s: non-numeric", dn, attr); return -1; } - else if (errno!=0) + else if (errno != 0) { - log_log(LOG_WARNING,"%s: %s: out of range",dn,attr); + log_log(LOG_WARNING, "%s: %s: out of range", dn, attr); return -1; } - return value/864-134774; + return value / 864 - 134774; /* note that AD does not have expiry dates but a lastchangeddate and some value that needs to be added */ } - errno=0; - value=strtol(date,&tmp,10); - if ((*date=='\0')||(*tmp!='\0')) + errno = 0; + value = strtol(date, &tmp, 10); + if ((*date == '\0') || (*tmp != '\0')) { - log_log(LOG_WARNING,"%s: %s: non-numeric",dn,attr); + log_log(LOG_WARNING, "%s: %s: non-numeric", dn, attr); return -1; } - else if (errno!=0) + else if (errno != 0) { - log_log(LOG_WARNING,"%s: %s: out of range",dn,attr); + log_log(LOG_WARNING, "%s: %s: out of range", dn, attr); return -1; } return value; @@ -164,55 +161,58 @@ static long to_date(const char *dn,const char *date,const char *attr) #define UF_DONT_EXPIRE_PASSWD 0x10000 #endif -#define GET_OPTIONAL_LONG(var,att,fallback) \ - tmpvalue=attmap_get_value(entry,attmap_shadow_##att,buffer,sizeof(buffer)); \ - if (tmpvalue==NULL) \ - tmpvalue=""; \ - errno=0; \ - var=strtol(tmpvalue,&tmp,10); \ - if ((*(tmpvalue)=='\0')||(*tmp!='\0')) \ - { \ - log_log(LOG_WARNING,"%s: %s: non-numeric", \ - myldap_get_dn(entry),attmap_shadow_##att); \ - var=fallback; \ - } \ - else if (errno!=0) \ - { \ - log_log(LOG_WARNING,"%s: %s: out of range", \ - myldap_get_dn(entry),attmap_shadow_##att); \ - var=fallback; \ +#define GET_OPTIONAL_LONG(var, att, fallback) \ + tmpvalue = attmap_get_value(entry, attmap_shadow_##att, \ + buffer, sizeof(buffer)); \ + if (tmpvalue == NULL) \ + tmpvalue = ""; \ + errno = 0; \ + var = strtol(tmpvalue, &tmp, 10); \ + if ((*(tmpvalue) == '\0') || (*tmp != '\0')) \ + { \ + log_log(LOG_WARNING, "%s: %s: non-numeric", \ + myldap_get_dn(entry), attmap_shadow_##att); \ + var = fallback; \ + } \ + else if (errno != 0) \ + { \ + log_log(LOG_WARNING, "%s: %s: out of range", \ + myldap_get_dn(entry), attmap_shadow_##att); \ + var = fallback; \ } -void get_shadow_properties(MYLDAP_ENTRY *entry,long *lastchangedate, - long *mindays,long *maxdays,long *warndays, - long *inactdays,long *expiredate,unsigned long *flag) +void get_shadow_properties(MYLDAP_ENTRY *entry, long *lastchangedate, + long *mindays, long *maxdays, long *warndays, + long *inactdays, long *expiredate, + unsigned long *flag) { char buffer[64]; const char *tmpvalue; char *tmp; /* get lastchange date */ - tmpvalue=attmap_get_value(entry,attmap_shadow_shadowLastChange,buffer,sizeof(buffer)); - if (tmpvalue==NULL) - tmpvalue=""; - *lastchangedate=to_date(myldap_get_dn(entry),tmpvalue,attmap_shadow_shadowLastChange); + tmpvalue = attmap_get_value(entry, attmap_shadow_shadowLastChange, + buffer, sizeof(buffer)); + if (tmpvalue == NULL) + tmpvalue = ""; + *lastchangedate = to_date(myldap_get_dn(entry), tmpvalue, attmap_shadow_shadowLastChange); /* get other shadow properties */ - GET_OPTIONAL_LONG(*mindays,shadowMin,-1); - GET_OPTIONAL_LONG(*maxdays,shadowMax,-1); - GET_OPTIONAL_LONG(*warndays,shadowWarning,-1); - GET_OPTIONAL_LONG(*inactdays,shadowInactive,-1); - GET_OPTIONAL_LONG(*expiredate,shadowExpire,-1); - GET_OPTIONAL_LONG(*flag,shadowFlag,0); + GET_OPTIONAL_LONG(*mindays, shadowMin, -1); + GET_OPTIONAL_LONG(*maxdays, shadowMax, -1); + GET_OPTIONAL_LONG(*warndays, shadowWarning, -1); + GET_OPTIONAL_LONG(*inactdays, shadowInactive, -1); + GET_OPTIONAL_LONG(*expiredate, shadowExpire, -1); + GET_OPTIONAL_LONG(*flag, shadowFlag, 0); /* if we're using AD handle the flag specially */ - if (strcasecmp(attmap_shadow_shadowLastChange,"pwdLastSet")==0) + if (strcasecmp(attmap_shadow_shadowLastChange, "pwdLastSet") == 0) { - if (*flag&UF_DONT_EXPIRE_PASSWD) - *maxdays=-1; - *flag=0; + if (*flag & UF_DONT_EXPIRE_PASSWD) + *maxdays = -1; + *flag = 0; } } /* try to update the shadowLastChange attribute of the entry if possible */ -int update_lastchange(MYLDAP_SESSION *session,const char *userdn) +int update_lastchange(MYLDAP_SESSION *session, const char *userdn) { MYLDAP_SEARCH *search; MYLDAP_ENTRY *entry; @@ -220,63 +220,64 @@ int update_lastchange(MYLDAP_SESSION *session,const char *userdn) const char *attr; int rc; const char **values; - LDAPMod mod,*mods[2]; - char buffer[64],*strvals[2]; + LDAPMod mod, *mods[2]; + char buffer[64], *strvals[2]; /* find the name of the attribute to use */ - if ( (attmap_shadow_shadowLastChange==NULL) || (attmap_shadow_shadowLastChange[0]=='\0') ) + if ((attmap_shadow_shadowLastChange == NULL) || (attmap_shadow_shadowLastChange[0] == '\0')) return LDAP_LOCAL_ERROR; /* attribute not mapped at all */ - else if (strcmp(attmap_shadow_shadowLastChange,"\"${shadowLastChange:--1}\"")==0) - attr="shadowLastChange"; - else if (attmap_shadow_shadowLastChange[0]=='\"') + else if (strcmp(attmap_shadow_shadowLastChange, "\"${shadowLastChange:--1}\"") == 0) + attr = "shadowLastChange"; + else if (attmap_shadow_shadowLastChange[0] == '\"') return LDAP_LOCAL_ERROR; /* other expressions not supported for now */ else - attr=attmap_shadow_shadowLastChange; + attr = attmap_shadow_shadowLastChange; /* set up the attributes we need */ - attrs[0]=attmap_shadow_uid; - attrs[1]=attr; - attrs[2]=NULL; + attrs[0] = attmap_shadow_uid; + attrs[1] = attr; + attrs[2] = NULL; /* find the entry to see if the attribute is present */ - search=myldap_search(session,userdn,LDAP_SCOPE_BASE,shadow_filter,attrs,&rc); - if (search==NULL) + search = myldap_search(session, userdn, LDAP_SCOPE_BASE, shadow_filter, attrs, &rc); + if (search == NULL) return rc; - entry=myldap_get_entry(search,&rc); - if (entry==NULL) + entry = myldap_get_entry(search, &rc); + if (entry == NULL) return rc; - values=myldap_get_values(entry,attr); - if ((values==NULL)||(values[0]==NULL)||(values[0][0]=='\0')) + values = myldap_get_values(entry, attr); + if ((values == NULL) || (values[0] == NULL) || (values[0][0] == '\0')) return LDAP_NO_SUCH_ATTRIBUTE; /* build the value for the new attribute */ - if (strcasecmp(attr,"pwdLastSet")==0) + if (strcasecmp(attr, "pwdLastSet") == 0) { /* for AD we use another timestamp */ - if(mysnprintf(buffer,sizeof(buffer),"%ld000000000",((long int)time(NULL)/100L+(134774L*864L)))) + if (mysnprintf(buffer, sizeof(buffer), "%ld000000000", + ((long int)time(NULL) / 100L + (134774L * 864L)))) return LDAP_LOCAL_ERROR; } else { /* time in days since Jan 1, 1970 */ - if(mysnprintf(buffer,sizeof(buffer),"%ld",((long int)(time(NULL)/(long int)(60*60*24))))) + if (mysnprintf(buffer, sizeof(buffer), "%ld", + ((long int)(time(NULL) / (long int)(60 * 60 * 24))))) return LDAP_LOCAL_ERROR; } /* update the shadowLastChange attribute */ - strvals[0]=buffer; - strvals[1]=NULL; - mod.mod_op=LDAP_MOD_REPLACE; - mod.mod_type=(char *)attr; - mod.mod_values=strvals; - mods[0]=&mod; - mods[1]=NULL; - rc=myldap_modify(session,userdn,mods); - if (rc!=LDAP_SUCCESS) - log_log(LOG_WARNING,"%s: %s: modification failed: %s", - userdn,attr,ldap_err2string(rc)); + strvals[0] = buffer; + strvals[1] = NULL; + mod.mod_op = LDAP_MOD_REPLACE; + mod.mod_type = (char *)attr; + mod.mod_values = strvals; + mods[0] = &mod; + mods[1] = NULL; + rc = myldap_modify(session, userdn, mods); + if (rc != LDAP_SUCCESS) + log_log(LOG_WARNING, "%s: %s: modification failed: %s", + userdn, attr, ldap_err2string(rc)); else - log_log(LOG_DEBUG,"%s: %s: modification succeeded", - userdn,attr); + log_log(LOG_DEBUG, "%s: %s: modification succeeded", userdn, attr); return rc; } -static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) +static int write_shadow(TFILE *fp, MYLDAP_ENTRY *entry, const char *requser) { int32_t tmpint32; const char **usernames; @@ -291,88 +292,90 @@ static int write_shadow(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser) int i; char passbuffer[64]; /* get username */ - usernames=myldap_get_values(entry,attmap_shadow_uid); - if ((usernames==NULL)||(usernames[0]==NULL)) + usernames = myldap_get_values(entry, attmap_shadow_uid); + if ((usernames == NULL) || (usernames[0] == NULL)) { - log_log(LOG_WARNING,"%s: %s: missing", - myldap_get_dn(entry),attmap_shadow_uid); + log_log(LOG_WARNING, "%s: %s: missing", + myldap_get_dn(entry), attmap_shadow_uid); return 0; } /* get password */ - passwd=get_userpassword(entry,attmap_shadow_userPassword,passbuffer,sizeof(passbuffer)); - if (passwd==NULL) - passwd=default_shadow_userPassword; + passwd = get_userpassword(entry, attmap_shadow_userPassword, + passbuffer, sizeof(passbuffer)); + if (passwd == NULL) + passwd = default_shadow_userPassword; /* get expiry properties */ - get_shadow_properties(entry,&lastchangedate,&mindays,&maxdays,&warndays, - &inactdays,&expiredate,&flag); + get_shadow_properties(entry, &lastchangedate, &mindays, &maxdays, &warndays, + &inactdays, &expiredate, &flag); /* write the entries */ - for (i=0;usernames[i]!=NULL;i++) - if ((requser==NULL)||(STR_CMP(requser,usernames[i])==0)) + for (i = 0; usernames[i] != NULL; i++) + if ((requser == NULL) || (STR_CMP(requser, usernames[i]) == 0)) { - WRITE_INT32(fp,NSLCD_RESULT_BEGIN); - WRITE_STRING(fp,usernames[i]); - WRITE_STRING(fp,passwd); - WRITE_INT32(fp,lastchangedate); - WRITE_INT32(fp,mindays); - WRITE_INT32(fp,maxdays); - WRITE_INT32(fp,warndays); - WRITE_INT32(fp,inactdays); - WRITE_INT32(fp,expiredate); - WRITE_INT32(fp,flag); + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, usernames[i]); + WRITE_STRING(fp, passwd); + WRITE_INT32(fp, lastchangedate); + WRITE_INT32(fp, mindays); + WRITE_INT32(fp, maxdays); + WRITE_INT32(fp, warndays); + WRITE_INT32(fp, inactdays); + WRITE_INT32(fp, expiredate); + WRITE_INT32(fp, flag); } return 0; } -MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session,const char *username,int *rcp) +MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session, const char *username, + int *rcp) { - MYLDAP_SEARCH *search=NULL; - MYLDAP_ENTRY *entry=NULL; + MYLDAP_SEARCH *search = NULL; + MYLDAP_ENTRY *entry = NULL; const char *base; char filter[4096]; int i; /* if it isn't a valid username, just bail out now */ if (!isvalidname(username)) { - if (rcp!=NULL) - *rcp=LDAP_INVALID_SYNTAX; + if (rcp != NULL) + *rcp = LDAP_INVALID_SYNTAX; return NULL; } /* we have to look up the entry */ - mkfilter_shadow_byname(username,filter,sizeof(filter)); - for (i=0;(i<NSS_LDAP_CONFIG_MAX_BASES)&&((base=shadow_bases[i])!=NULL);i++) + mkfilter_shadow_byname(username, filter, sizeof(filter)); + for (i = 0; (i < NSS_LDAP_CONFIG_MAX_BASES) && ((base = shadow_bases[i]) != NULL); i++) { - search=myldap_search(session,base,shadow_scope,filter,shadow_attrs,rcp); - if (search==NULL) + search = myldap_search(session, base, shadow_scope, filter, shadow_attrs, rcp); + if (search == NULL) { - if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS)) - *rcp=LDAP_NO_SUCH_OBJECT; + if ((rcp != NULL) && (*rcp == LDAP_SUCCESS)) + *rcp = LDAP_NO_SUCH_OBJECT; return NULL; } - entry=myldap_get_entry(search,rcp); - if (entry!=NULL) + entry = myldap_get_entry(search, rcp); + if (entry != NULL) return entry; } - if ((rcp!=NULL)&&(*rcp==LDAP_SUCCESS)) - *rcp=LDAP_NO_SUCH_OBJECT; + if ((rcp != NULL) && (*rcp == LDAP_SUCCESS)) + *rcp = LDAP_NO_SUCH_OBJECT; return NULL; } NSLCD_HANDLE( - shadow,byname, + shadow, byname, char name[256]; char filter[4096]; - READ_STRING(fp,name); - log_setrequest("shadow=\"%s\"",name);, + READ_STRING(fp, name); + log_setrequest("shadow=\"%s\"", name);, NSLCD_ACTION_SHADOW_BYNAME, - mkfilter_shadow_byname(name,filter,sizeof(filter)), - write_shadow(fp,entry,name) + mkfilter_shadow_byname(name, filter, sizeof(filter)), + write_shadow(fp, entry, name) ) NSLCD_HANDLE( - shadow,all, + shadow, all, const char *filter; log_setrequest("shadow(all)");, NSLCD_ACTION_SHADOW_ALL, - (filter=shadow_filter,0), - write_shadow(fp,entry,NULL) + (filter = shadow_filter, 0), + write_shadow(fp, entry, NULL) ) |