From a299f2039f68b311e1b75b22fad63a8ddee9e286 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Mon, 15 Dec 2014 00:16:56 -0500 Subject: clean up NSS module code --- nslcd/common.h | 10 ++++++---- nslcd/db_config.c | 2 +- nslcd/db_pam.c | 2 +- nslcd/nslcd.c | 39 +++++++++++++++++---------------------- nslcd/nsswitch.c | 29 +++++++++++++++-------------- 5 files changed, 40 insertions(+), 42 deletions(-) diff --git a/nslcd/common.h b/nslcd/common.h index 0896937..5658fa7 100644 --- a/nslcd/common.h +++ b/nslcd/common.h @@ -39,8 +39,10 @@ #include "cfg.h" #include "hackers_watch.h" -#define MYLDAP_SESSION struct session -#define MYLDAP_ENTRY void +#define NSS_MODULE_SONAME NSS_LDAP_SONAME +#define NSS_MODULE_NAME "ldap" +#define NSS_MODULE_ID_VERSION "_nss_ldap_version" +#define NSS_MODULE_ID_ENABLELOOKUPS "_nss_ldap_enablelookups" /* macros for basic read and write operations, the following ERROR_OUT* marcos define the action taken on errors @@ -104,10 +106,10 @@ void invalidator_do(enum nss_map_selector map); /* macros for generating service handling code */ #define NSLCD_HANDLE(db, fn, fndecls, fnread, fncheck, tentry, fnsearch, fnwrite, fnclean) \ - int nslcd_##db##_##fn(TFILE *fp, MYLDAP_SESSION *session) \ + int nslcd_##db##_##fn(TFILE *fp, struct session *session) \ NSLCD_HANDLE_BODY(db, fn, fndecls, fnread, fncheck, tentry, fnsearch, fnwrite, fnclean) #define NSLCD_HANDLE_UID(db, fn, fndecls, fnread, fncheck, tentry, fnsearch, fnwrite, fnclean) \ - int nslcd_##db##_##fn(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid) \ + int nslcd_##db##_##fn(TFILE *fp, struct session *session, uid_t calleruid) \ NSLCD_HANDLE_BODY(db, fn, fndecls, fnread, fncheck, tentry, fnsearch, fnwrite, fnclean) #define NSLCD_HANDLE_BODY(db, fn, fndecls, fnread, fncheck, tentry, fnsearch, fnwrite, fnclean) \ { \ diff --git a/nslcd/db_config.c b/nslcd/db_config.c index ed94bf5..06b9118 100644 --- a/nslcd/db_config.c +++ b/nslcd/db_config.c @@ -33,7 +33,7 @@ #include "log.h" #include "cfg.h" -int nslcd_config_get(TFILE *fp, MYLDAP_SESSION UNUSED(*session)) +int nslcd_config_get(TFILE *fp, struct session UNUSED(*session)) { int32_t cfgopt; /* read request parameters */ diff --git a/nslcd/db_pam.c b/nslcd/db_pam.c index 045962c..99edf40 100644 --- a/nslcd/db_pam.c +++ b/nslcd/db_pam.c @@ -60,7 +60,7 @@ static int check_password(const char *password, const char *hash) return ret; } -static int check_password_age(MYLDAP_SESSION *session, const char *username, +static int check_password_age(struct session *session, const char *username, char *authzmsg, size_t authzmsgsz, int check_maxdays, int check_mindays) { diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c index f402e01..62d67d5 100644 --- a/nslcd/nslcd.c +++ b/nslcd/nslcd.c @@ -225,7 +225,7 @@ static int read_header(TFILE *fp, int32_t *action) /* read a request message, returns <0 in case of errors, this function closes the socket */ -static void handleconnection(int sock, MYLDAP_SESSION *session) +static void handleconnection(int sock, struct session *session) { TFILE *fp; int32_t action; @@ -280,19 +280,18 @@ static void install_sighandler(int signum, void (*handler) (int)) static void worker_cleanup(void *arg) { - MYLDAP_SESSION *session = (MYLDAP_SESSION *)arg; + struct session *session = (struct session *)arg; myldap_session_close(session); } static void *worker(void UNUSED(*arg)) { - MYLDAP_SESSION *session; + struct session *session; int csock; int j; struct sockaddr_storage addr; socklen_t alen; fd_set fds; - struct timeval tv; /* create a new LDAP session */ session = myldap_create_session(); /* clean up the session if we're done */ @@ -305,12 +304,8 @@ static void *worker(void UNUSED(*arg)) /* set up the set of fds to wait on */ FD_ZERO(&fds); FD_SET(nslcd_serversocket, &fds); - /* set up our timeout value */ - tv.tv_sec = nslcd_cfg->idle_timelimit; - tv.tv_usec = 0; /* wait for a new connection */ - j = select(nslcd_serversocket + 1, &fds, NULL, NULL, - nslcd_cfg->idle_timelimit > 0 ? &tv : NULL); + j = select(nslcd_serversocket + 1, &fds, NULL, NULL, NULL); /* check result of select() */ if (j < 0) { @@ -360,9 +355,9 @@ static void *worker(void UNUSED(*arg)) return NULL; } -/* function to disable lookups through the nss_ldap module to avoid lookup - loops */ -static void disable_nss_nslcd(void) +/* function to disable lookups through the associated NSS module to + avoid lookup loops */ +static void disable_nss_module(void) { void *handle; char *error; @@ -370,28 +365,28 @@ static void disable_nss_nslcd(void) int *enable_flag; /* try to load the NSS module */ #ifdef RTLD_NODELETE - handle = dlopen(NSS_LDAP_SONAME, RTLD_LAZY | RTLD_NODELETE); + handle = dlopen(NSS_MODULE_SONAME, RTLD_LAZY | RTLD_NODELETE); #else /* not RTLD_NODELETE */ - handle = dlopen(NSS_LDAP_SONAME, RTLD_LAZY); + handle = dlopen(NSS_MODULE_SONAME, RTLD_LAZY); #endif /* RTLD_NODELETE */ if (handle == NULL) { - log_log(LOG_WARNING, "Warning: NSS_LDAP module not loaded: %s", dlerror()); + log_log(LOG_WARNING, "Warning: NSS " NSS_MODULE_NAME " module not loaded: %s", dlerror()); return; } /* clear any existing errors */ dlerror(); /* lookup the NSS version if possible */ - version_info = (char **)dlsym(handle, "_nss_ldap_version"); + version_info = (char **)dlsym(handle, NSS_MODULE_ID_VERSION); error = dlerror(); if ((version_info != NULL) && (error == NULL)) - log_log(LOG_DEBUG, "NSS_LDAP %s %s", version_info[0], version_info[1]); + log_log(LOG_DEBUG, "NSS " NSS_MODULE_NAME " %s %s", version_info[0], version_info[1]); else - log_log(LOG_WARNING, "Warning: NSS_LDAP version missing: %s", error); + log_log(LOG_WARNING, "Warning: " NSS_MODULE_NAME " version missing: %s", error); /* clear any existing errors */ dlerror(); /* try to look up the flag */ - enable_flag = (int *)dlsym(handle, "_nss_ldap_enablelookups"); + enable_flag = (int *)dlsym(handle, NSS_MODULE_ID_ENABLELOOKUPS); error = dlerror(); if ((enable_flag == NULL) || (error != NULL)) { @@ -406,7 +401,7 @@ static void disable_nss_nslcd(void) dlclose(handle); return; } - /* disable nss_ldap */ + /* disable the module */ *enable_flag = 0; #ifdef RTLD_NODELETE /* only close the handle if RTLD_NODELETE was used */ @@ -423,8 +418,8 @@ int main(int argc, char *argv[]) /* parse the command line */ parse_cmdline(argc, argv); - /* disable the nss_ldap module for this process */ - disable_nss_nslcd(); + /* disable the associated NSS module for this process */ + disable_nss_module(); /* read configuration file */ cfg_init(NSLCD_CONF_PATH); diff --git a/nslcd/nsswitch.c b/nslcd/nsswitch.c index 2a5f124..56cb21b 100644 --- a/nslcd/nsswitch.c +++ b/nslcd/nsswitch.c @@ -32,10 +32,11 @@ #include "common.h" #include "log.h" -/* the cached value of whether shadow lookups use LDAP in nsswitch.conf */ +/* the cached value of whether shadow lookups use our associated + module in nsswitch.conf */ #define NSSWITCH_FILE "/etc/nsswitch.conf" #define CACHED_UNKNOWN 22 -static int cached_shadow_uses_nslcd = CACHED_UNKNOWN; +static int cached_shadow_uses_module = CACHED_UNKNOWN; static time_t cached_shadow_lastcheck = 0; #define CACHED_SHADOW_TIMEOUT (60) static time_t nsswitch_mtime = 0; @@ -44,12 +45,12 @@ static time_t nsswitch_mtime = 0; #define MAX_LINE_LENGTH 4096 /* check whether /etc/nsswitch.conf should be reloaded to update - cached_shadow_uses_nslcd */ + cached_shadow_uses_module */ void nsswitch_check_reload(void) { struct stat buf; time_t t; - if ((cached_shadow_uses_nslcd != CACHED_UNKNOWN) && + if ((cached_shadow_uses_module != CACHED_UNKNOWN) && ((t = time(NULL)) > (cached_shadow_lastcheck + CACHED_SHADOW_TIMEOUT))) { cached_shadow_lastcheck = t; @@ -57,14 +58,14 @@ void nsswitch_check_reload(void) { log_log(LOG_ERR, "stat(%s) failed: %s", NSSWITCH_FILE, strerror(errno)); /* trigger a recheck anyway */ - cached_shadow_uses_nslcd = CACHED_UNKNOWN; + cached_shadow_uses_module = CACHED_UNKNOWN; return; } /* trigger a recheck if file changed */ if (buf.st_mtime != nsswitch_mtime) { nsswitch_mtime = buf.st_mtime; - cached_shadow_uses_nslcd = CACHED_UNKNOWN; + cached_shadow_uses_module = CACHED_UNKNOWN; } } } @@ -128,14 +129,14 @@ static int has_service(const char *services, const char *service, return 0; } -static int shadow_uses_nslcd(void) +static int shadow_uses_module(const char *module_name) { FILE *fp; int lnr = 0; char linebuf[MAX_LINE_LENGTH]; const char *services; int shadow_found = 0; - int passwd_has_nslcd = 0; + int passwd_has_module = 0; /* open config file */ if ((fp = fopen(NSSWITCH_FILE, "r")) == NULL) { @@ -151,7 +152,7 @@ static int shadow_uses_nslcd(void) if (services != NULL) { shadow_found = 1; - if (has_service(services, "ldap", NSSWITCH_FILE, lnr)) + if (has_service(services, NSS_MODULE_NAME, NSSWITCH_FILE, lnr)) { fclose(fp); return 1; @@ -160,22 +161,22 @@ static int shadow_uses_nslcd(void) /* see if we have a passwd line */ services = find_db(linebuf, "passwd"); if (services != NULL) - passwd_has_nslcd = has_service(services, "ldap", NSSWITCH_FILE, lnr); + passwd_has_module = has_service(services, NSS_MODULE_NAME, NSSWITCH_FILE, lnr); } fclose(fp); if (shadow_found) return 0; - return passwd_has_nslcd; + return passwd_has_module; } /* check whether shadow lookups are configured to use nslcd */ int nsswitch_shadow_uses_nslcd(void) { - if (cached_shadow_uses_nslcd == CACHED_UNKNOWN) + if (cached_shadow_uses_module == CACHED_UNKNOWN) { log_log(LOG_INFO, "(re)loading %s", NSSWITCH_FILE); - cached_shadow_uses_nslcd = shadow_uses_nslcd(); + cached_shadow_uses_module = shadow_uses_module(NSS_MODULE_NAME); cached_shadow_lastcheck = time(NULL); } - return cached_shadow_uses_nslcd; + return cached_shadow_uses_module; } -- cgit v1.2.3