nss-pam-ldapd commit: r1888 - in nss-pam-ldapd: nslcd tests
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd commit: r1888 - in nss-pam-ldapd: nslcd tests
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd commit: r1888 - in nss-pam-ldapd: nslcd tests
- Date: Sun, 30 Dec 2012 15:13:35 +0100 (CET)
Author: arthur
Date: Sun Dec 30 15:13:35 2012
New Revision: 1888
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1888&view=revision
Log:
reorganise and rename configuration options to be in line with manual page
Modified:
nss-pam-ldapd/nslcd/cfg.c
nss-pam-ldapd/nslcd/cfg.h
nss-pam-ldapd/nslcd/myldap.c
nss-pam-ldapd/nslcd/pam.c
nss-pam-ldapd/tests/test_cfg.c
nss-pam-ldapd/tests/test_myldap.c
Modified: nss-pam-ldapd/nslcd/cfg.c
==============================================================================
--- nss-pam-ldapd/nslcd/cfg.c Sun Dec 30 15:12:09 2012 (r1887)
+++ nss-pam-ldapd/nslcd/cfg.c Sun Dec 30 15:13:35 2012 (r1888)
@@ -92,17 +92,16 @@
cfg->uidname = NULL;
cfg->uid = NOUID;
cfg->gid = NOGID;
- cfg->ignorecase = 0;
- for (i = 0; i < (NSS_LDAP_CONFIG_URI_MAX + 1); i++)
+ for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++)
{
cfg->uris[i].uri = NULL;
cfg->uris[i].firstfail = 0;
cfg->uris[i].lastfail = 0;
}
#ifdef LDAP_VERSION3
- cfg->version = LDAP_VERSION3;
+ cfg->ldap_version = LDAP_VERSION3;
#else /* LDAP_VERSION3 */
- cfg->version = LDAP_VERSION2;
+ cfg->ldap_version = LDAP_VERSION2;
#endif /* not LDAP_VERSION3 */
cfg->binddn = NULL;
cfg->bindpw = NULL;
@@ -127,18 +126,19 @@
cfg->reconnect_sleeptime = 1;
cfg->reconnect_retrytime = 10;
#ifdef LDAP_OPT_X_TLS
- cfg->ssl_on = SSL_OFF;
+ cfg->ssl = SSL_OFF;
#endif /* LDAP_OPT_X_TLS */
- cfg->restart = 1;
cfg->pagesize = 0;
cfg->nss_initgroups_ignoreusers = NULL;
- for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++)
- cfg->pam_authz_search[i] = NULL;
cfg->nss_min_uid = 0;
parse_validnames_statement(__FILE__, __LINE__, "",
"/^[a-z0-9._@$][a-z0-9._@$
\\~-]*[a-z0-9._@$~-]$/i",
cfg);
+ cfg->ignorecase = 0;
+ for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++)
+ cfg->pam_authz_searches[i] = NULL;
cfg->pam_password_prohibit_message = NULL;
+ cfg->restart = 1;
}
/* simple strdup wrapper */
@@ -169,7 +169,7 @@
for (i = 0; cfg->uris[i].uri != NULL; i++)
/* nothing */ ;
/* check for room */
- if (i >= NSS_LDAP_CONFIG_URI_MAX)
+ if (i >= NSS_LDAP_CONFIG_MAX_URIS)
{
log_log(LOG_ERR, "%s:%d: maximum number of URIs exceeded",
filename, lnr);
@@ -839,7 +839,7 @@
check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line !=
'\0'));
/* find free spot for search filter */
for (i = 0;
- (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->pam_authz_search[i]
!= NULL);
+ (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->pam_authz_searches[i]
!= NULL);
i++)
/* nothing */ ;
if (i >= NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES)
@@ -848,9 +848,9 @@
filename, lnr, NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES);
exit(EXIT_FAILURE);
}
- cfg->pam_authz_search[i] = xstrdup(line);
+ cfg->pam_authz_searches[i] = xstrdup(line);
/* check the variables used in the expression */
- set = expr_vars(cfg->pam_authz_search[i], NULL);
+ set = expr_vars(cfg->pam_authz_searches[i], NULL);
list = set_tolist(set);
for (i = 0; list[i] != NULL; i++)
{
@@ -931,11 +931,6 @@
get_gid(filename, lnr, keyword, &line, &cfg->gid);
get_eol(filename, lnr, keyword, &line);
}
- else if (strcasecmp(keyword, "ignorecase") == 0)
- {
- get_boolean(filename, lnr, keyword, &line, &cfg->ignorecase);
- get_eol(filename, lnr, keyword, &line);
- }
/* general connection options */
else if (strcasecmp(keyword, "uri") == 0)
{
@@ -970,7 +965,7 @@
}
else if (strcasecmp(keyword, "ldap_version") == 0)
{
- get_int(filename, lnr, keyword, &line, &cfg->version);
+ get_int(filename, lnr, keyword, &line, &cfg->ldap_version);
get_eol(filename, lnr, keyword, &line);
}
else if (strcasecmp(keyword, "binddn") == 0)
@@ -1125,9 +1120,9 @@
(get_token(&line, token, sizeof(token)) != NULL));
if ((strcasecmp(token, "start_tls") == 0) ||
(strcasecmp(token, "starttls") == 0))
- cfg->ssl_on = SSL_START_TLS;
+ cfg->ssl = SSL_START_TLS;
else if (parse_boolean(filename, lnr, token))
- cfg->ssl_on = SSL_LDAPS;
+ cfg->ssl = SSL_LDAPS;
get_eol(filename, lnr, keyword, &line);
}
else if ((strcasecmp(keyword, "tls_reqcert") == 0) ||
@@ -1219,10 +1214,6 @@
parse_nss_initgroups_ignoreusers_statement(filename, lnr, keyword, line,
cfg);
}
- else if (strcasecmp(keyword, "pam_authz_search") == 0)
- {
- parse_pam_authz_search_statement(filename, lnr, keyword, line, cfg);
- }
else if (strcasecmp(keyword, "nss_min_uid") == 0)
{
get_uid(filename, lnr, keyword, &line, &cfg->nss_min_uid, NULL, NULL);
@@ -1232,6 +1223,15 @@
{
parse_validnames_statement(filename, lnr, keyword, line, cfg);
}
+ else if (strcasecmp(keyword, "ignorecase") == 0)
+ {
+ get_boolean(filename, lnr, keyword, &line, &cfg->ignorecase);
+ get_eol(filename, lnr, keyword, &line);
+ }
+ else if (strcasecmp(keyword, "pam_authz_search") == 0)
+ {
+ parse_pam_authz_search_statement(filename, lnr, keyword, line, cfg);
+ }
else if (strcasecmp(keyword, "pam_password_prohibit_message") == 0)
{
parse_pam_password_prohibit_message_statement(filename, lnr, keyword,
@@ -1241,8 +1241,7 @@
/* fallthrough */
else
{
- log_log(LOG_ERR, "%s:%d: unknown keyword: '%s'",
- filename, lnr, keyword);
+ log_log(LOG_ERR, "%s:%d: unknown keyword: '%s'", filename, lnr, keyword);
exit(EXIT_FAILURE);
}
#endif
@@ -1391,7 +1390,7 @@
}
/* if ssl is on each URI should start with ldaps */
#ifdef LDAP_OPT_X_TLS
- if (nslcd_cfg->ssl_on == SSL_LDAPS)
+ if (nslcd_cfg->ssl == SSL_LDAPS)
{
for (i = 0; nslcd_cfg->uris[i].uri != NULL; i++)
{
Modified: nss-pam-ldapd/nslcd/cfg.h
==============================================================================
--- nss-pam-ldapd/nslcd/cfg.h Sun Dec 30 15:12:09 2012 (r1887)
+++ nss-pam-ldapd/nslcd/cfg.h Sun Dec 30 15:13:35 2012 (r1888)
@@ -40,7 +40,7 @@
#define NOGID ((gid_t)-1)
/* maximum number of URIs */
-#define NSS_LDAP_CONFIG_URI_MAX 31
+#define NSS_LDAP_CONFIG_MAX_URIS 31
/* maximum number of search bases */
#define NSS_LDAP_CONFIG_MAX_BASES 7
@@ -79,88 +79,60 @@
};
struct ldap_config {
- /* the number of threads to start */
- int threads;
- /* the user name specified in the uid option */
- char *uidname;
- /* the user id nslcd should be run as */
- uid_t uid;
- /* the group id nslcd should be run as */
- gid_t gid;
- /* whether or not case should be ignored in lookups */
- int ignorecase;
- /* NULL terminated list of URIs */
- struct myldap_uri uris[NSS_LDAP_CONFIG_URI_MAX + 1];
- /* protocol version */
- int version;
- /* bind DN */
- char *binddn;
- /* bind cred */
- char *bindpw;
- /* bind DN for password modification by administrator */
- char *rootpwmoddn;
- /* bind password for password modification by root */
- char *rootpwmodpw;
- /* sasl mech */
- char *sasl_mech;
- /* sasl realm */
- char *sasl_realm;
- /* sasl authentication id */
- char *sasl_authcid;
- /* sasl authorization id */
- char *sasl_authzid;
- /* sasl security */
- char *sasl_secprops;
+ int threads; /* the number of threads to start */
+ char *uidname; /* the user name specified in the uid option */
+ uid_t uid; /* the user id nslcd should be run as */
+ gid_t gid; /* the group id nslcd should be run as */
+
+ struct myldap_uri uris[NSS_LDAP_CONFIG_MAX_URIS + 1]; /* NULL terminated
list of URIs */
+ int ldap_version; /* LDAP protocol version */
+ char *binddn; /* bind DN */
+ char *bindpw; /* bind cred */
+ char *rootpwmoddn; /* bind DN for password modification by root */
+ char *rootpwmodpw; /* bind password for password modification by root */
+
+ char *sasl_mech; /* SASL mechanism */
+ char *sasl_realm; /* SASL realm */
+ char *sasl_authcid; /* SASL authentication identity */
+ char *sasl_authzid; /* SASL authorization identity */
+ char *sasl_secprops; /* SASL security properties */
#ifdef LDAP_OPT_X_SASL_NOCANON
- /* whether host name should be canonicalised */
- int sasl_canonicalize;
+ int sasl_canonicalize; /* whether host name should be canonicalised */
#endif /* LDAP_OPT_X_SASL_NOCANON */
- /* base DN, eg. dc=gnu,dc=org */
- const char *bases[NSS_LDAP_CONFIG_MAX_BASES];
- /* scope for searches */
- int scope;
- /* dereference aliases/links */
- int deref;
- /* chase referrals */
- int referrals;
- /* bind timelimit */
- int bind_timelimit;
- /* search timelimit */
- int timelimit;
- /* idle timeout */
- int idle_timelimit;
- /* seconds to sleep; doubled until max */
- int reconnect_sleeptime;
- /* maximum seconds to sleep */
- int reconnect_retrytime;
+
+ const char *bases[NSS_LDAP_CONFIG_MAX_BASES]; /* search bases */
+ int scope; /* scope for searches */
+ int deref; /* dereference aliases/links */
+ int referrals; /* chase referrals */
+
+ int bind_timelimit; /* bind timelimit */
+ int timelimit; /* search timelimit */
+ int idle_timelimit; /* idle timeout */
+ int reconnect_sleeptime; /* seconds to sleep; doubled until max */
+ int reconnect_retrytime; /* maximum seconds to sleep */
+
#ifdef LDAP_OPT_X_TLS
/* SSL enabled */
- enum ldap_ssl_options ssl_on;
+ enum ldap_ssl_options ssl;
#endif /* LDAP_OPT_X_TLS */
- /* whether the LDAP library should restart the select(2) system call when
interrupted */
- int restart;
- /* set to a greater than 0 to enable handling of paged results with the
specified size */
- int pagesize;
- /* the users for which no initgroups() searches should be done */
- SET *nss_initgroups_ignoreusers;
- /* the searches that should be performed to do autorisation checks */
- char *pam_authz_search[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES];
- /* minimum uid for users retreived from LDAP */
- uid_t nss_min_uid;
- /* the regular expression to determine valid names */
- regex_t validnames;
- /* whether password changing should be denied and user prompted with
- this message */
- char *pam_password_prohibit_message;
+
+ int pagesize; /* set to a greater than 0 to enable handling of paged results
with the specified size */
+ SET *nss_initgroups_ignoreusers; /* the users for which no initgroups()
searches should be done */
+ uid_t nss_min_uid; /* minimum uid for users retreived from LDAP */
+ regex_t validnames; /* the regular expression to determine valid names */
+ int ignorecase; /* whether or not case should be ignored in lookups */
+ char *pam_authz_searches[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; /* the
searches that should be performed to do autorisation checks */
+ char *pam_password_prohibit_message; /* whether password changing should
be denied and user prompted with this message */
+
+ int restart; /* whether the LDAP library should restart the select(2)
system call when interrupted */
};
/* this is a pointer to the global configuration, it should be available
- once cfg_init() was called */
+ and populated after cfg_init() is called */
extern struct ldap_config *nslcd_cfg;
-/* Initialize the configuration in nslcd_cfg. This method
- will read the default configuration file and call exit()
- if an error occurs. */
+/* Initialize the configuration in nslcd_cfg. This method will read the
+ default configuration file and call exit() if an error occurs. */
void cfg_init(const char *fname);
#endif /* NSLCD__CFG_H */
Modified: nss-pam-ldapd/nslcd/myldap.c
==============================================================================
--- nss-pam-ldapd/nslcd/myldap.c Sun Dec 30 15:12:09 2012 (r1887)
+++ nss-pam-ldapd/nslcd/myldap.c Sun Dec 30 15:13:35 2012 (r1888)
@@ -424,7 +424,7 @@
#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
#ifdef LDAP_OPT_X_TLS
/* check if StartTLS is requested */
- if (nslcd_cfg->ssl_on == SSL_START_TLS)
+ if (nslcd_cfg->ssl == SSL_START_TLS)
{
log_log(LOG_DEBUG, "ldap_start_tls_s()");
errno = 0;
@@ -639,9 +639,9 @@
#endif /* HAVE_LDAP_SET_REBIND_PROC */
/* set the protocol version to use */
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,%d)",
- nslcd_cfg->version);
+ nslcd_cfg->ldap_version);
LDAP_SET_OPTION(session->ld, LDAP_OPT_PROTOCOL_VERSION,
- &nslcd_cfg->version);
+ &nslcd_cfg->ldap_version);
/* set some other options */
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_DEREF,%d)",
nslcd_cfg->deref);
@@ -683,7 +683,7 @@
#endif /* LDAP_OPT_CONNECT_CB */
#ifdef LDAP_OPT_X_TLS
/* if SSL is desired, then enable it */
- if ((nslcd_cfg->ssl_on == SSL_LDAPS) ||
+ if ((nslcd_cfg->ssl == SSL_LDAPS) ||
(strncasecmp(nslcd_cfg->uris[session->current_uri].uri, "ldaps://", 8)
== 0))
{
/* use tls */
@@ -965,9 +965,9 @@
time_t t;
int rc = LDAP_UNAVAILABLE;
struct myldap_uri *current_uri;
- int dotry[NSS_LDAP_CONFIG_URI_MAX];
+ int dotry[NSS_LDAP_CONFIG_MAX_URIS];
/* clear time stamps */
- for (start_uri = 0; start_uri < NSS_LDAP_CONFIG_URI_MAX; start_uri++)
+ for (start_uri = 0; start_uri < NSS_LDAP_CONFIG_MAX_URIS; start_uri++)
dotry[start_uri] = 1;
/* keep trying until we time out */
endtime = time(NULL) + nslcd_cfg->reconnect_retrytime;
Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c Sun Dec 30 15:12:09 2012 (r1887)
+++ nss-pam-ldapd/nslcd/pam.c Sun Dec 30 15:13:35 2012 (r1888)
@@ -396,7 +396,7 @@
const char *res;
int i;
/* go over all pam_authz_search options */
- for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) &&
(nslcd_cfg->pam_authz_search[i] != NULL); i++)
+ for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) &&
(nslcd_cfg->pam_authz_searches[i] != NULL); i++)
{
if (dict == NULL)
{
@@ -417,7 +417,7 @@
autzsearch_var_add(dict, "uid", username);
}
/* build the search filter */
- res = expr_parse(nslcd_cfg->pam_authz_search[i],
+ res = expr_parse(nslcd_cfg->pam_authz_searches[i],
filter, sizeof(filter),
autzsearch_var_get, (void *)dict);
if (res == NULL)
@@ -425,7 +425,7 @@
autzsearch_vars_free(dict);
dict_free(dict);
log_log(LOG_ERR, "invalid pam_authz_search \"%s\"",
- nslcd_cfg->pam_authz_search[i]);
+ nslcd_cfg->pam_authz_searches[i]);
return LDAP_LOCAL_ERROR;
}
log_log(LOG_DEBUG, "trying pam_authz_search \"%s\"", filter);
Modified: nss-pam-ldapd/tests/test_cfg.c
==============================================================================
--- nss-pam-ldapd/tests/test_cfg.c Sun Dec 30 15:12:09 2012 (r1887)
+++ nss-pam-ldapd/tests/test_cfg.c Sun Dec 30 15:13:35 2012 (r1888)
@@ -58,7 +58,7 @@
assert(cfg.uris[0].uri != NULL);
assert(cfg.uris[1].uri == NULL);
/* add some more uris */
- for (i = 1; i < NSS_LDAP_CONFIG_URI_MAX; i++)
+ for (i = 1; i < NSS_LDAP_CONFIG_MAX_URIS; i++)
{
add_uri(__FILE__, __LINE__, &cfg, "ldap://localhost";);
assert(cfg.uris[i].uri != NULL);
Modified: nss-pam-ldapd/tests/test_myldap.c
==============================================================================
--- nss-pam-ldapd/tests/test_myldap.c Sun Dec 30 15:12:09 2012 (r1887)
+++ nss-pam-ldapd/tests/test_myldap.c Sun Dec 30 15:13:35 2012 (r1888)
@@ -364,10 +364,10 @@
MYLDAP_SESSION *session;
MYLDAP_SEARCH *search;
const char *attrs[] = { "uid", "cn", "gid", NULL };
- char *old_uris[NSS_LDAP_CONFIG_URI_MAX + 1];
+ char *old_uris[NSS_LDAP_CONFIG_MAX_URIS + 1];
int i;
/* save the old URIs */
- for (i = 0; i < (NSS_LDAP_CONFIG_URI_MAX + 1); i++)
+ for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++)
{
old_uris[i] = nslcd_cfg->uris[i].uri;
nslcd_cfg->uris[i].uri = NULL;
@@ -391,7 +391,7 @@
/* clean up */
myldap_session_close(session);
/* restore the old URIs */
- for (i = 0; i < (NSS_LDAP_CONFIG_URI_MAX + 1); i++)
+ for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++)
nslcd_cfg->uris[i].uri = old_uris[i];
}
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/
- nss-pam-ldapd commit: r1888 - in nss-pam-ldapd: nslcd tests,
Commits of the nss-pam-ldapd project
