|
Packit |
6bd9ab |
/*
|
|
Packit |
6bd9ab |
cfg.c - functions for configuration information
|
|
Packit |
6bd9ab |
This file contains parts that were part of the nss_ldap
|
|
Packit |
6bd9ab |
library which has been forked into the nss-pam-ldapd library.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
Copyright (C) 1997-2005 Luke Howard
|
|
Packit |
6bd9ab |
Copyright (C) 2007 West Consulting
|
|
Packit |
6bd9ab |
Copyright (C) 2007-2018 Arthur de Jong
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
02110-1301 USA
|
|
Packit |
6bd9ab |
*/
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include "config.h"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include <stdio.h>
|
|
Packit |
6bd9ab |
#include <stdlib.h>
|
|
Packit |
6bd9ab |
#include <string.h>
|
|
Packit |
6bd9ab |
#include <strings.h>
|
|
Packit |
6bd9ab |
#include <ctype.h>
|
|
Packit |
6bd9ab |
#include <assert.h>
|
|
Packit |
6bd9ab |
#include <sys/types.h>
|
|
Packit |
6bd9ab |
#include <sys/stat.h>
|
|
Packit |
6bd9ab |
#include <unistd.h>
|
|
Packit |
6bd9ab |
#include <errno.h>
|
|
Packit |
6bd9ab |
#include <netdb.h>
|
|
Packit |
6bd9ab |
#include <sys/socket.h>
|
|
Packit |
6bd9ab |
#ifdef HAVE_GSSAPI_H
|
|
Packit |
6bd9ab |
#include <gssapi.h>
|
|
Packit |
6bd9ab |
#endif /* HAVE_GSSAPI_H */
|
|
Packit |
6bd9ab |
#ifdef HAVE_GSSAPI_GSSAPI_H
|
|
Packit |
6bd9ab |
#include <gssapi/gssapi.h>
|
|
Packit |
6bd9ab |
#endif /* HAVE_GSSAPI_GSSAPI_H */
|
|
Packit |
6bd9ab |
#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
|
|
Packit |
6bd9ab |
#include <gssapi/gssapi_krb5.h>
|
|
Packit |
6bd9ab |
#endif /* HAVE_GSSAPI_GSSAPI_KRB5_H */
|
|
Packit |
6bd9ab |
#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
|
|
Packit |
6bd9ab |
#include <gssapi/gssapi_generic.h>
|
|
Packit |
6bd9ab |
#endif /* HAVE_GSSAPI_GSSAPI_GENERIC_H */
|
|
Packit |
6bd9ab |
#include <sys/types.h>
|
|
Packit |
6bd9ab |
#include <pwd.h>
|
|
Packit |
6bd9ab |
#include <grp.h>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include "common.h"
|
|
Packit |
6bd9ab |
#include "log.h"
|
|
Packit |
6bd9ab |
#include "cfg.h"
|
|
Packit |
6bd9ab |
#include "attmap.h"
|
|
Packit |
6bd9ab |
#include "common/expr.h"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
struct ldap_config *nslcd_cfg = NULL;
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* the maximum line length in the configuration file */
|
|
Packit |
6bd9ab |
#define MAX_LINE_LENGTH 4096
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* the delimiters of tokens */
|
|
Packit |
6bd9ab |
#define TOKEN_DELIM " \t\n\r"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* convenient wrapper macro for ldap_set_option() */
|
|
Packit |
6bd9ab |
#define LDAP_SET_OPTION(ld, option, invalue) \
|
|
Packit |
6bd9ab |
rc = ldap_set_option(ld, option, invalue); \
|
|
Packit |
6bd9ab |
if (rc != LDAP_SUCCESS) \
|
|
Packit |
6bd9ab |
{ \
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "ldap_set_option(" #option ") failed: %s", \
|
|
Packit |
6bd9ab |
ldap_err2string(rc)); \
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE); \
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* simple strdup wrapper */
|
|
Packit |
6bd9ab |
static char *xstrdup(const char *s)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char *tmp;
|
|
Packit |
6bd9ab |
if (s == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_CRIT, "xstrdup() called with NULL");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
tmp = strdup(s);
|
|
Packit |
6bd9ab |
if (tmp == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_CRIT, "strdup() failed to allocate memory");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
return tmp;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* check that the condition is true and otherwise log an error
|
|
Packit |
6bd9ab |
and bail out */
|
|
Packit |
6bd9ab |
static inline void check_argumentcount(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, int condition)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (!condition)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: wrong number of arguments",
|
|
Packit |
6bd9ab |
filename, lnr, keyword);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* This function works like strtok() except that the original string is
|
|
Packit |
6bd9ab |
not modified and a pointer within str to where the next token begins
|
|
Packit |
6bd9ab |
is returned (this can be used to pass to the function on the next
|
|
Packit |
6bd9ab |
iteration). If no more tokens are found or the token will not fit in
|
|
Packit |
6bd9ab |
the buffer, NULL is returned. */
|
|
Packit |
6bd9ab |
static char *get_token(char **line, char *buf, size_t buflen)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
size_t len;
|
|
Packit |
6bd9ab |
if ((line == NULL) || (*line == NULL) || (**line == '\0') || (buf == NULL))
|
|
Packit |
6bd9ab |
return NULL;
|
|
Packit |
6bd9ab |
/* find the beginning and length of the token */
|
|
Packit |
6bd9ab |
*line += strspn(*line, TOKEN_DELIM);
|
|
Packit |
6bd9ab |
len = strcspn(*line, TOKEN_DELIM);
|
|
Packit |
6bd9ab |
/* check if there is a token */
|
|
Packit |
6bd9ab |
if (len == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
*line = NULL;
|
|
Packit |
6bd9ab |
return NULL;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* limit the token length */
|
|
Packit |
6bd9ab |
if (len >= buflen)
|
|
Packit |
6bd9ab |
len = buflen - 1;
|
|
Packit |
6bd9ab |
/* copy the token */
|
|
Packit |
6bd9ab |
strncpy(buf, *line, len);
|
|
Packit |
6bd9ab |
buf[len] = '\0';
|
|
Packit |
6bd9ab |
/* skip to the next token */
|
|
Packit |
6bd9ab |
*line += len;
|
|
Packit |
6bd9ab |
*line += strspn(*line, TOKEN_DELIM);
|
|
Packit |
6bd9ab |
/* return the token */
|
|
Packit |
6bd9ab |
return buf;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static char *get_strdup(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char **line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[MAX_LINE_LENGTH];
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
return xstrdup(token);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static char *get_linedup(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char **line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char *var;
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword, (*line != NULL) && (**line != '\0'));
|
|
Packit |
6bd9ab |
var = xstrdup(*line);
|
|
Packit |
6bd9ab |
/* mark that we are at the end of the line */
|
|
Packit |
6bd9ab |
*line = NULL;
|
|
Packit |
6bd9ab |
return var;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void get_eol(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char **line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if ((line != NULL) && (*line != NULL) && (**line != '\0'))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: too many arguments", filename, lnr, keyword);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static int get_int(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char **line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[32];
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
/* TODO: replace with correct numeric parse */
|
|
Packit |
6bd9ab |
return atoi(token);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static int parse_boolean(const char *filename, int lnr, const char *value)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if ((strcasecmp(value, "on") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(value, "yes") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(value, "true") == 0) || (strcasecmp(value, "1") == 0))
|
|
Packit |
6bd9ab |
return 1;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(value, "off") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(value, "no") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(value, "false") == 0) || (strcasecmp(value, "0") == 0))
|
|
Packit |
6bd9ab |
return 0;
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: not a boolean argument: '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, value);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static int get_boolean(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char **line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[32];
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
return parse_boolean(filename, lnr, token);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static const char *print_boolean(int bool)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (bool) return "yes";
|
|
Packit |
6bd9ab |
else return "no";
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#define TIME_MINUTES 60
|
|
Packit |
6bd9ab |
#define TIME_HOURS (60 * 60)
|
|
Packit |
6bd9ab |
#define TIME_DAYS (60 * 60 * 24)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static time_t parse_time(const char *filename, int lnr, const char *value)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
time_t t;
|
|
Packit |
6bd9ab |
char *tmp = NULL;
|
|
Packit |
6bd9ab |
if (strcasecmp(value, "off") == 0)
|
|
Packit |
6bd9ab |
return 0;
|
|
Packit |
6bd9ab |
errno = 0;
|
|
Packit |
6bd9ab |
t = strtol(value, &tmp, 10);
|
|
Packit |
6bd9ab |
if (errno != 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: value out of range: '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, value);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
if ((strcasecmp(tmp, "") == 0) || (strcasecmp(tmp, "s") == 0))
|
|
Packit |
6bd9ab |
return t;
|
|
Packit |
6bd9ab |
else if (strcasecmp(tmp, "m") == 0)
|
|
Packit |
6bd9ab |
return t * TIME_MINUTES;
|
|
Packit |
6bd9ab |
else if (strcasecmp(tmp, "h") == 0)
|
|
Packit |
6bd9ab |
return t * TIME_HOURS;
|
|
Packit |
6bd9ab |
else if (strcasecmp(tmp, "d") == 0)
|
|
Packit |
6bd9ab |
return t * TIME_DAYS;
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: invalid time value: '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, value);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static time_t get_time(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char **line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[32];
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
return parse_time(filename, lnr, token);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void print_time(time_t t, char *buffer, size_t buflen)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (t == 0)
|
|
Packit |
6bd9ab |
mysnprintf(buffer, buflen, "off");
|
|
Packit |
6bd9ab |
else if ((t % TIME_DAYS) == 0)
|
|
Packit |
6bd9ab |
mysnprintf(buffer, buflen, "%ldd", (long)(t / TIME_DAYS));
|
|
Packit |
6bd9ab |
else if ((t % TIME_HOURS) == 0)
|
|
Packit |
6bd9ab |
mysnprintf(buffer, buflen, "%ldh", (long)(t / TIME_HOURS));
|
|
Packit |
6bd9ab |
else if ((t % TIME_MINUTES) == 0)
|
|
Packit |
6bd9ab |
mysnprintf(buffer, buflen, "%ldm", (long)(t / TIME_MINUTES));
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
mysnprintf(buffer, buflen, "%lds", (long)t);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_uid(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line,
|
|
Packit |
6bd9ab |
struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[32];
|
|
Packit |
6bd9ab |
struct passwd *pwent;
|
|
Packit |
6bd9ab |
char *tmp;
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(&line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
/* check if it is a valid numerical uid */
|
|
Packit |
6bd9ab |
errno = 0;
|
|
Packit |
6bd9ab |
cfg->uid = strtouid(token, &tmp, 10);
|
|
Packit |
6bd9ab |
if ((*token != '\0') && (*tmp == '\0') && (errno == 0) && (strchr(token, '-') == NULL))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
/* get the name and gid from the passwd database */
|
|
Packit |
6bd9ab |
pwent = getpwuid(cfg->uid);
|
|
Packit |
6bd9ab |
if (pwent != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (cfg->gid == NOGID)
|
|
Packit |
6bd9ab |
cfg->gid = pwent->pw_gid;
|
|
Packit |
6bd9ab |
cfg->uidname = strdup(pwent->pw_name);
|
|
Packit |
6bd9ab |
return;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* find by name */
|
|
Packit |
6bd9ab |
pwent = getpwnam(token);
|
|
Packit |
6bd9ab |
if (pwent != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->uid = pwent->pw_uid;
|
|
Packit |
6bd9ab |
if (cfg->gid == NOGID)
|
|
Packit |
6bd9ab |
cfg->gid = pwent->pw_gid;
|
|
Packit |
6bd9ab |
cfg->uidname = strdup(token);
|
|
Packit |
6bd9ab |
return;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* log an error */
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: not a valid uid: '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, keyword, token);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_gid(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line,
|
|
Packit |
6bd9ab |
gid_t *gid)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[32];
|
|
Packit |
6bd9ab |
struct group *grent;
|
|
Packit |
6bd9ab |
char *tmp;
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(&line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
/* check if it is a valid numerical gid */
|
|
Packit |
6bd9ab |
errno = 0;
|
|
Packit |
6bd9ab |
*gid = strtogid(token, &tmp, 10);
|
|
Packit |
6bd9ab |
if ((*token != '\0') && (*tmp == '\0') && (errno == 0) && (strchr(token, '-') == NULL))
|
|
Packit |
6bd9ab |
return;
|
|
Packit |
6bd9ab |
/* find by name */
|
|
Packit |
6bd9ab |
grent = getgrnam(token);
|
|
Packit |
6bd9ab |
if (grent != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
*gid = grent->gr_gid;
|
|
Packit |
6bd9ab |
return;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* log an error */
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: not a valid gid: '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, keyword, token);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static int parse_loglevel(const char *filename, int lnr, const char *value)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (strcasecmp(value, "crit") == 0)
|
|
Packit |
6bd9ab |
return LOG_CRIT;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(value, "error") == 0) || (strcasecmp(value, "err") == 0))
|
|
Packit |
6bd9ab |
return LOG_ERR;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "warning")==0)
|
|
Packit |
6bd9ab |
return LOG_WARNING;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "notice")==0)
|
|
Packit |
6bd9ab |
return LOG_NOTICE;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "info")==0)
|
|
Packit |
6bd9ab |
return LOG_INFO;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "debug")==0)
|
|
Packit |
6bd9ab |
return LOG_DEBUG;
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: not a log level '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, value);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_log(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
int level = LOG_INFO;
|
|
Packit |
6bd9ab |
char scheme[64];
|
|
Packit |
6bd9ab |
char loglevel[32];
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(&line, scheme, sizeof(scheme)) != NULL);
|
|
Packit |
6bd9ab |
if (get_token(&line, loglevel, sizeof(loglevel)) != NULL)
|
|
Packit |
6bd9ab |
level = parse_loglevel(filename, lnr, loglevel);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
if (strcasecmp(scheme, "none") == 0)
|
|
Packit |
6bd9ab |
log_addlogging_none();
|
|
Packit |
6bd9ab |
else if (strcasecmp(scheme, "syslog") == 0)
|
|
Packit |
6bd9ab |
log_addlogging_syslog(level);
|
|
Packit |
6bd9ab |
else if (scheme[0] == '/')
|
|
Packit |
6bd9ab |
log_addlogging_file(level, scheme);
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: invalid argument '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, keyword, scheme);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* add a single URI to the list of URIs in the configuration */
|
|
Packit |
6bd9ab |
static void add_uri(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
struct ldap_config *cfg, const char *uri)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
/* find the place where to insert the URI */
|
|
Packit |
6bd9ab |
for (i = 0; cfg->uris[i].uri != NULL; i++)
|
|
Packit |
6bd9ab |
/* nothing */ ;
|
|
Packit |
6bd9ab |
/* check for room */
|
|
Packit |
6bd9ab |
if (i >= NSS_LDAP_CONFIG_MAX_URIS)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: maximum number of URIs exceeded",
|
|
Packit |
6bd9ab |
filename, lnr);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* append URI to list */
|
|
Packit |
6bd9ab |
cfg->uris[i].uri = xstrdup(uri);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST
|
|
Packit |
6bd9ab |
/* return the domain name of the current host
|
|
Packit |
6bd9ab |
the returned string must be freed by caller */
|
|
Packit |
6bd9ab |
static const char *cfg_getdomainname(const char *filename, int lnr)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
const char *fqdn, *domain;
|
|
Packit |
6bd9ab |
fqdn = getfqdn();
|
|
Packit |
6bd9ab |
if ((fqdn != NULL) && ((domain = strchr(fqdn, '.')) != NULL) && (domain[1] != '\0'))
|
|
Packit |
6bd9ab |
return domain + 1;
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unable to determinate a domain name",
|
|
Packit |
6bd9ab |
filename, lnr);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* add URIs by doing DNS queries for SRV records */
|
|
Packit |
6bd9ab |
static void add_uris_from_dns(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
struct ldap_config *cfg, const char *domain)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
int rc;
|
|
Packit |
6bd9ab |
char *hostlist = NULL, *nxt;
|
|
Packit |
6bd9ab |
char buf[BUFLEN_HOSTNAME + sizeof("ldap://")];
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "query %s for SRV records", domain);
|
|
Packit |
6bd9ab |
rc = ldap_domain2hostlist(domain, &hostlist);
|
|
Packit |
6bd9ab |
if (rc != LDAP_SUCCESS)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: no servers found in DNS zone %s: %s",
|
|
Packit |
6bd9ab |
filename, lnr, domain, ldap_err2string(rc));
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
if ((hostlist == NULL) || (*hostlist == '\0'))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: no servers found in DNS zone %s",
|
|
Packit |
6bd9ab |
filename, lnr, domain);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* hostlist is a space-separated list of host names that we use to build
|
|
Packit |
6bd9ab |
URIs */
|
|
Packit |
6bd9ab |
while (hostlist != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
/* find the next space and split the string there */
|
|
Packit |
6bd9ab |
nxt = strchr(hostlist, ' ');
|
|
Packit |
6bd9ab |
if (nxt != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
*nxt = '\0';
|
|
Packit |
6bd9ab |
nxt++;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* if port is 636, use ldaps:// URI */
|
|
Packit |
6bd9ab |
if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4, ":636") == 0))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
hostlist[strlen(hostlist) - 4] = '\0';
|
|
Packit |
6bd9ab |
if (mysnprintf(buf, sizeof(buf), "ldaps://%s", hostlist))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%lu required)",
|
|
Packit |
6bd9ab |
(unsigned long) strlen(hostlist) + 8);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
/* strip default port number */
|
|
Packit |
6bd9ab |
if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4, ":389") == 0))
|
|
Packit |
6bd9ab |
hostlist[strlen(hostlist) - 4] = '\0';
|
|
Packit |
6bd9ab |
if (mysnprintf(buf, sizeof(buf), "ldap://%s", hostlist))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%lu required)",
|
|
Packit |
6bd9ab |
(unsigned long) strlen(hostlist) + 7);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "add_uris_from_dns(): found uri: %s", buf);
|
|
Packit |
6bd9ab |
add_uri(filename, lnr, cfg, buf);
|
|
Packit |
6bd9ab |
/* get next entry from list */
|
|
Packit |
6bd9ab |
hostlist = nxt;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#endif /* HAVE_LDAP_DOMAIN2HOSTLIST */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* check that the file is not world readable */
|
|
Packit |
6bd9ab |
static void check_permissions(const char *filename, const char *keyword)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
struct stat sb;
|
|
Packit |
6bd9ab |
/* get file status */
|
|
Packit |
6bd9ab |
if (stat(filename, &sb))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "cannot stat() %s: %s", filename, strerror(errno));
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* check permissions */
|
|
Packit |
6bd9ab |
if ((sb.st_mode & 0007) != 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (keyword != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s: file should not be world readable if %s is set",
|
|
Packit |
6bd9ab |
filename, keyword);
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s: file should not be world readable", filename);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* check whether the specified path is readable */
|
|
Packit |
6bd9ab |
static void check_readable(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, const char *path)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (access(path, R_OK) != 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: error accessing %s: %s",
|
|
Packit |
6bd9ab |
filename, lnr, keyword, path, strerror(errno));
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* check whether the specified path is a directory */
|
|
Packit |
6bd9ab |
static void check_dir(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, const char *path)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
struct stat sb;
|
|
Packit |
6bd9ab |
if (stat(path, &sb))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: cannot stat() %s: %s",
|
|
Packit |
6bd9ab |
filename, lnr, keyword, path, strerror(errno));
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
if (!S_ISDIR(sb.st_mode))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: %s is not a directory",
|
|
Packit |
6bd9ab |
filename, lnr, keyword, path);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_krb5_ccname(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[80];
|
|
Packit |
6bd9ab |
const char *ccname;
|
|
Packit |
6bd9ab |
const char *ccfile;
|
|
Packit |
6bd9ab |
size_t ccenvlen;
|
|
Packit |
6bd9ab |
char *ccenv;
|
|
Packit |
6bd9ab |
#ifdef HAVE_GSS_KRB5_CCACHE_NAME
|
|
Packit |
6bd9ab |
OM_uint32 minor_status;
|
|
Packit |
6bd9ab |
#endif /* HAVE_GSS_KRB5_CCACHE_NAME */
|
|
Packit |
6bd9ab |
/* get token */
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
(get_token(&line, token, sizeof(token)) != NULL));
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
/* set default kerberos ticket cache for SASL-GSSAPI */
|
|
Packit |
6bd9ab |
ccname = token;
|
|
Packit |
6bd9ab |
/* check that cache exists and is readable if it is a file */
|
|
Packit |
6bd9ab |
if ((strncasecmp(ccname, "FILE:", sizeof("FILE:") - 1) == 0) ||
|
|
Packit |
6bd9ab |
(strncasecmp(ccname, "WRFILE:", sizeof("WRFILE:") - 1) == 0))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
ccfile = strchr(ccname, ':') + 1;
|
|
Packit |
6bd9ab |
check_readable(filename, lnr, keyword, ccfile);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* set the environment variable (we have a memory leak if this option
|
|
Packit |
6bd9ab |
is set multiple times) */
|
|
Packit |
6bd9ab |
ccenvlen = strlen(ccname) + sizeof("KRB5CCNAME=");
|
|
Packit |
6bd9ab |
ccenv = (char *)malloc(ccenvlen);
|
|
Packit |
6bd9ab |
if (ccenv == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_CRIT, "malloc() failed to allocate memory");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
mysnprintf(ccenv, ccenvlen, "KRB5CCNAME=%s", ccname);
|
|
Packit |
6bd9ab |
putenv(ccenv);
|
|
Packit |
6bd9ab |
#ifdef HAVE_GSS_KRB5_CCACHE_NAME
|
|
Packit |
6bd9ab |
/* set the name with gss_krb5_ccache_name() */
|
|
Packit |
6bd9ab |
if (gss_krb5_ccache_name(&minor_status, ccname, NULL) != GSS_S_COMPLETE)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unable to set default credential cache: %s",
|
|
Packit |
6bd9ab |
filename, lnr, ccname);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#endif /* HAVE_GSS_KRB5_CCACHE_NAME */
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static enum ldap_map_selector parse_map(const char *value)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if ((strcasecmp(value, "alias") == 0) || (strcasecmp(value, "aliases") == 0))
|
|
Packit |
6bd9ab |
return LM_ALIASES;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(value, "ether") == 0) || (strcasecmp(value, "ethers") == 0))
|
|
Packit |
6bd9ab |
return LM_ETHERS;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "group") == 0)
|
|
Packit |
6bd9ab |
return LM_GROUP;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(value, "host") == 0) || (strcasecmp(value, "hosts") == 0))
|
|
Packit |
6bd9ab |
return LM_HOSTS;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "netgroup") == 0)
|
|
Packit |
6bd9ab |
return LM_NETGROUP;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(value, "network") == 0) || (strcasecmp(value, "networks") == 0))
|
|
Packit |
6bd9ab |
return LM_NETWORKS;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "passwd") == 0)
|
|
Packit |
6bd9ab |
return LM_PASSWD;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(value, "protocol") == 0) || (strcasecmp(value, "protocols") == 0))
|
|
Packit |
6bd9ab |
return LM_PROTOCOLS;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "rpc") == 0)
|
|
Packit |
6bd9ab |
return LM_RPC;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(value, "service") == 0) || (strcasecmp(value, "services") == 0))
|
|
Packit |
6bd9ab |
return LM_SERVICES;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "shadow") == 0)
|
|
Packit |
6bd9ab |
return LM_SHADOW;
|
|
Packit |
6bd9ab |
else if (strcasecmp(value, "nfsidmap") == 0)
|
|
Packit |
6bd9ab |
return LM_NFSIDMAP;
|
|
Packit |
6bd9ab |
/* unknown map */
|
|
Packit |
6bd9ab |
return LM_NONE;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* check to see if the line begins with a named map */
|
|
Packit |
6bd9ab |
static enum ldap_map_selector get_map(char **line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[32];
|
|
Packit |
6bd9ab |
char *old;
|
|
Packit |
6bd9ab |
enum ldap_map_selector map;
|
|
Packit |
6bd9ab |
/* get the token */
|
|
Packit |
6bd9ab |
old = *line;
|
|
Packit |
6bd9ab |
if (get_token(line, token, sizeof(token)) == NULL)
|
|
Packit |
6bd9ab |
return LM_NONE;
|
|
Packit |
6bd9ab |
/* see if we found a map */
|
|
Packit |
6bd9ab |
map = parse_map(token);
|
|
Packit |
6bd9ab |
/* unknown map, return to the previous state */
|
|
Packit |
6bd9ab |
if (map == LM_NONE)
|
|
Packit |
6bd9ab |
*line = old;
|
|
Packit |
6bd9ab |
return map;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static const char *print_map(enum ldap_map_selector map)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
switch (map)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
case LM_ALIASES: return "aliases";
|
|
Packit |
6bd9ab |
case LM_ETHERS: return "ethers";
|
|
Packit |
6bd9ab |
case LM_GROUP: return "group";
|
|
Packit |
6bd9ab |
case LM_HOSTS: return "hosts";
|
|
Packit |
6bd9ab |
case LM_NETGROUP: return "netgroup";
|
|
Packit |
6bd9ab |
case LM_NETWORKS: return "networks";
|
|
Packit |
6bd9ab |
case LM_PASSWD: return "passwd";
|
|
Packit |
6bd9ab |
case LM_PROTOCOLS: return "protocols";
|
|
Packit |
6bd9ab |
case LM_RPC: return "rpc";
|
|
Packit |
6bd9ab |
case LM_SERVICES: return "services";
|
|
Packit |
6bd9ab |
case LM_SHADOW: return "shadow";
|
|
Packit |
6bd9ab |
case LM_NFSIDMAP: return "nfsidmap";
|
|
Packit |
6bd9ab |
case LM_NONE:
|
|
Packit |
6bd9ab |
default: return "???";
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_base(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line,
|
|
Packit |
6bd9ab |
struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
const char **bases;
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
char *value;
|
|
Packit |
6bd9ab |
#ifdef HAVE_LDAP_DOMAIN2DN
|
|
Packit |
6bd9ab |
const char *domain = NULL;
|
|
Packit |
6bd9ab |
char *domaindn = NULL;
|
|
Packit |
6bd9ab |
#endif /* HAVE_LDAP_DOMAIN2DN */
|
|
Packit |
6bd9ab |
/* get the list of bases to update */
|
|
Packit |
6bd9ab |
bases = base_get_var(get_map(&line));
|
|
Packit |
6bd9ab |
if (bases == NULL)
|
|
Packit |
6bd9ab |
bases = cfg->bases;
|
|
Packit |
6bd9ab |
/* rest of the line is the value */
|
|
Packit |
6bd9ab |
value = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
/* if the base is "DOMAIN" use the domain name */
|
|
Packit |
6bd9ab |
if (strcasecmp(value, "domain") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
#ifdef HAVE_LDAP_DOMAIN2DN
|
|
Packit |
6bd9ab |
free(value);
|
|
Packit |
6bd9ab |
domain = cfg_getdomainname(filename, lnr);
|
|
Packit |
6bd9ab |
ldap_domain2dn(domain, &domaindn);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "set_base(): setting base to %s from domain",
|
|
Packit |
6bd9ab |
domaindn);
|
|
Packit |
6bd9ab |
value = xstrdup(domaindn);
|
|
Packit |
6bd9ab |
#else /* not HAVE_LDAP_DOMAIN2DN */
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
|
|
Packit |
6bd9ab |
filename, lnr, value);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
#endif /* not HAVE_LDAP_DOMAIN2DN */
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* find the spot in the list of bases */
|
|
Packit |
6bd9ab |
for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
|
|
Packit |
6bd9ab |
if (bases[i] == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
bases[i] = value;
|
|
Packit |
6bd9ab |
return;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* no free spot found */
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: maximum number of base options per map (%d) exceeded",
|
|
Packit |
6bd9ab |
filename, lnr, NSS_LDAP_CONFIG_MAX_BASES);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_scope(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line,
|
|
Packit |
6bd9ab |
struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[32];
|
|
Packit |
6bd9ab |
int *var;
|
|
Packit |
6bd9ab |
var = scope_get_var(get_map(&line));
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(&line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
if (var == NULL)
|
|
Packit |
6bd9ab |
var = &cfg->scope;
|
|
Packit |
6bd9ab |
if ((strcasecmp(token, "sub") == 0) || (strcasecmp(token, "subtree") == 0))
|
|
Packit |
6bd9ab |
*var = LDAP_SCOPE_SUBTREE;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(token, "one") == 0) || (strcasecmp(token, "onelevel") == 0))
|
|
Packit |
6bd9ab |
*var = LDAP_SCOPE_ONELEVEL;
|
|
Packit |
6bd9ab |
else if (strcasecmp(token, "base") == 0)
|
|
Packit |
6bd9ab |
*var = LDAP_SCOPE_BASE;
|
|
Packit |
6bd9ab |
#ifdef LDAP_SCOPE_CHILDREN
|
|
Packit |
6bd9ab |
else if (strcasecmp(token, "children") == 0)
|
|
Packit |
6bd9ab |
*var = LDAP_SCOPE_CHILDREN;
|
|
Packit |
6bd9ab |
#endif /* LDAP_SCOPE_CHILDREN */
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: not a scope argument: '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, token);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static const char *print_scope(int scope)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
switch (scope)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
case LDAP_SCOPE_SUBTREE: return "sub";
|
|
Packit |
6bd9ab |
case LDAP_SCOPE_ONELEVEL: return "one";
|
|
Packit |
6bd9ab |
case LDAP_SCOPE_BASE: return "base";
|
|
Packit |
6bd9ab |
#ifdef LDAP_SCOPE_CHILDREN
|
|
Packit |
6bd9ab |
case LDAP_SCOPE_CHILDREN: return "children";
|
|
Packit |
6bd9ab |
#endif /* LDAP_SCOPE_CHILDREN */
|
|
Packit |
6bd9ab |
default: return "???";
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_deref(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line,
|
|
Packit |
6bd9ab |
struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[32];
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(&line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
if (strcasecmp(token, "never") == 0)
|
|
Packit |
6bd9ab |
cfg->deref = LDAP_DEREF_NEVER;
|
|
Packit |
6bd9ab |
else if (strcasecmp(token, "searching") == 0)
|
|
Packit |
6bd9ab |
cfg->deref = LDAP_DEREF_SEARCHING;
|
|
Packit |
6bd9ab |
else if (strcasecmp(token, "finding") == 0)
|
|
Packit |
6bd9ab |
cfg->deref = LDAP_DEREF_FINDING;
|
|
Packit |
6bd9ab |
else if (strcasecmp(token, "always") == 0)
|
|
Packit |
6bd9ab |
cfg->deref = LDAP_DEREF_ALWAYS;
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: wrong argument: '%s'", filename, lnr, token);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static const char *print_deref(int deref)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
switch (deref)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
case LDAP_DEREF_NEVER: return "never";
|
|
Packit |
6bd9ab |
case LDAP_DEREF_SEARCHING: return "searching";
|
|
Packit |
6bd9ab |
case LDAP_DEREF_FINDING: return "finding";
|
|
Packit |
6bd9ab |
case LDAP_DEREF_ALWAYS: return "always";
|
|
Packit |
6bd9ab |
default: return "???";
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_filter(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
const char **var;
|
|
Packit |
6bd9ab |
const char *map = line;
|
|
Packit |
6bd9ab |
var = filter_get_var(get_map(&line));
|
|
Packit |
6bd9ab |
if (var == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unknown map: '%s'", filename, lnr, map);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0'));
|
|
Packit |
6bd9ab |
/* check if the value will be changed */
|
|
Packit |
6bd9ab |
if (strcmp(*var, line) != 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
/* Note: we have a memory leak here if a single mapping is changed
|
|
Packit |
6bd9ab |
multiple times in one config (deemed not a problem) */
|
|
Packit |
6bd9ab |
*var = xstrdup(line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* this function modifies the statement argument passed */
|
|
Packit |
6bd9ab |
static void handle_map(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
enum ldap_map_selector map;
|
|
Packit |
6bd9ab |
const char **var;
|
|
Packit |
6bd9ab |
char oldatt[32], *newatt;
|
|
Packit |
6bd9ab |
/* get the map */
|
|
Packit |
6bd9ab |
if ((map = get_map(&line)) == LM_NONE)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unknown map: '%s'", filename, lnr, line);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* read the other tokens */
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
(get_token(&line, oldatt, sizeof(oldatt)) != NULL));
|
|
Packit |
6bd9ab |
newatt = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
/* change attribute mapping */
|
|
Packit |
6bd9ab |
var = attmap_get_var(map, oldatt);
|
|
Packit |
6bd9ab |
if (var == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unknown attribute to map: '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, oldatt);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
if (attmap_set_mapping(var, newatt) == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: attribute %s cannot be an expression",
|
|
Packit |
6bd9ab |
filename, lnr, oldatt);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
free(newatt);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
static const char *print_ssl(int ssl)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
switch (ssl)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
case SSL_OFF: return "off";
|
|
Packit |
6bd9ab |
case SSL_START_TLS: return "start_tls";
|
|
Packit |
6bd9ab |
case SSL_LDAPS: return "on";
|
|
Packit |
6bd9ab |
default: return "???";
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_tls_reqcert(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[16];
|
|
Packit |
6bd9ab |
int value, rc;
|
|
Packit |
6bd9ab |
/* get token */
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(&line, token, sizeof(token)) != NULL);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
/* check if it is a valid value for tls_reqcert option */
|
|
Packit |
6bd9ab |
if ((strcasecmp(token, "never") == 0) || (strcasecmp(token, "no") == 0))
|
|
Packit |
6bd9ab |
value = LDAP_OPT_X_TLS_NEVER;
|
|
Packit |
6bd9ab |
else if (strcasecmp(token, "allow") == 0)
|
|
Packit |
6bd9ab |
value = LDAP_OPT_X_TLS_ALLOW;
|
|
Packit |
6bd9ab |
else if (strcasecmp(token, "try") == 0)
|
|
Packit |
6bd9ab |
value = LDAP_OPT_X_TLS_TRY;
|
|
Packit |
6bd9ab |
else if ((strcasecmp(token, "demand") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(token, "yes") == 0))
|
|
Packit |
6bd9ab |
value = LDAP_OPT_X_TLS_DEMAND;
|
|
Packit |
6bd9ab |
else if (strcasecmp(token, "hard") == 0)
|
|
Packit |
6bd9ab |
value = LDAP_OPT_X_TLS_HARD;
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: %s: invalid argument: '%s'",
|
|
Packit |
6bd9ab |
filename, lnr, keyword, token);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,%s)", token);
|
|
Packit |
6bd9ab |
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static const char *print_tls_reqcert(int value)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
switch (value)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
case LDAP_OPT_X_TLS_NEVER: return "never";
|
|
Packit |
6bd9ab |
case LDAP_OPT_X_TLS_ALLOW: return "allow";
|
|
Packit |
6bd9ab |
case LDAP_OPT_X_TLS_TRY: return "try";
|
|
Packit |
6bd9ab |
case LDAP_OPT_X_TLS_DEMAND: return "demand";
|
|
Packit |
6bd9ab |
case LDAP_OPT_X_TLS_HARD: return "hard";
|
|
Packit |
6bd9ab |
default: return "???";
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_TLS */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* this function modifies the line argument passed */
|
|
Packit |
6bd9ab |
static void handle_nss_initgroups_ignoreusers(
|
|
Packit |
6bd9ab |
const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line, struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[MAX_LINE_LENGTH];
|
|
Packit |
6bd9ab |
char *username, *next;
|
|
Packit |
6bd9ab |
struct passwd *pwent;
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0'));
|
|
Packit |
6bd9ab |
if (cfg->nss_initgroups_ignoreusers == NULL)
|
|
Packit |
6bd9ab |
cfg->nss_initgroups_ignoreusers = set_new();
|
|
Packit |
6bd9ab |
while (get_token(&line, token, sizeof(token)) != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (strcasecmp(token, "alllocal") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
/* go over all users (this will work because nslcd is not yet running) */
|
|
Packit |
6bd9ab |
setpwent();
|
|
Packit |
6bd9ab |
while ((pwent = getpwent()) != NULL)
|
|
Packit |
6bd9ab |
set_add(cfg->nss_initgroups_ignoreusers, pwent->pw_name);
|
|
Packit |
6bd9ab |
endpwent();
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
next = token;
|
|
Packit |
6bd9ab |
while (*next != '\0')
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
username = next;
|
|
Packit |
6bd9ab |
/* find the end of the current username */
|
|
Packit |
6bd9ab |
while ((*next != '\0') && (*next != ','))
|
|
Packit |
6bd9ab |
next++;
|
|
Packit |
6bd9ab |
if (*next == ',')
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
*next = '\0';
|
|
Packit |
6bd9ab |
next++;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* check if user exists (but add anyway) */
|
|
Packit |
6bd9ab |
pwent = getpwnam(username);
|
|
Packit |
6bd9ab |
if (pwent == NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: user '%s' does not exist",
|
|
Packit |
6bd9ab |
filename, lnr, username);
|
|
Packit |
6bd9ab |
set_add(cfg->nss_initgroups_ignoreusers, username);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_validnames(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line,
|
|
Packit |
6bd9ab |
struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char *value;
|
|
Packit |
6bd9ab |
int i, l;
|
|
Packit |
6bd9ab |
int flags = REG_EXTENDED | REG_NOSUB;
|
|
Packit |
6bd9ab |
/* the rest of the line should be a regular expression */
|
|
Packit |
6bd9ab |
value = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
if (cfg->validnames_str != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
free(cfg->validnames_str);
|
|
Packit |
6bd9ab |
regfree(&cfg->validnames);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
cfg->validnames_str = strdup(value);
|
|
Packit |
6bd9ab |
/* check formatting and update flags */
|
|
Packit |
6bd9ab |
if (value[0] != '/')
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: regular expression incorrectly delimited",
|
|
Packit |
6bd9ab |
filename, lnr);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
l = strlen(value);
|
|
Packit |
6bd9ab |
if (value[l - 1] == 'i')
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
value[l - 1] = '\0';
|
|
Packit |
6bd9ab |
l--;
|
|
Packit |
6bd9ab |
flags |= REG_ICASE;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
if (value[l - 1] != '/')
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: regular expression incorrectly delimited",
|
|
Packit |
6bd9ab |
filename, lnr);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
value[l - 1] = '\0';
|
|
Packit |
6bd9ab |
/* compile the regular expression */
|
|
Packit |
6bd9ab |
if ((i = regcomp(&cfg->validnames, value + 1, flags)) != 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
/* get the error message */
|
|
Packit |
6bd9ab |
l = regerror(i, &cfg->validnames, NULL, 0);
|
|
Packit |
6bd9ab |
value = malloc(l);
|
|
Packit |
6bd9ab |
if (value == NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: invalid regular expression", filename, lnr);
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
regerror(i, &cfg->validnames, value, l);
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: invalid regular expression: %s",
|
|
Packit |
6bd9ab |
filename, lnr, value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
free(value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void check_search_variables(
|
|
Packit |
6bd9ab |
const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *expression)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
SET *set;
|
|
Packit |
6bd9ab |
const char **list;
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
set = expr_vars(expression, NULL);
|
|
Packit |
6bd9ab |
list = set_tolist(set);
|
|
Packit |
6bd9ab |
if (list == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_CRIT,
|
|
Packit |
6bd9ab |
"check_search_variables(): malloc() failed to allocate memory");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
for (i = 0; list[i] != NULL; i++)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if ((strcmp(list[i], "username") != 0) &&
|
|
Packit |
6bd9ab |
(strcmp(list[i], "service") != 0) &&
|
|
Packit |
6bd9ab |
(strcmp(list[i], "ruser") != 0) &&
|
|
Packit |
6bd9ab |
(strcmp(list[i], "rhost") != 0) &&
|
|
Packit |
6bd9ab |
(strcmp(list[i], "tty") != 0) &&
|
|
Packit |
6bd9ab |
(strcmp(list[i], "hostname") != 0) &&
|
|
Packit |
6bd9ab |
(strcmp(list[i], "fqdn") != 0) &&
|
|
Packit |
6bd9ab |
(strcmp(list[i], "dn") != 0) &&
|
|
Packit |
6bd9ab |
(strcmp(list[i], "uid") != 0))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unknown variable $%s", filename, lnr, list[i]);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* free memory */
|
|
Packit |
6bd9ab |
set_free(set);
|
|
Packit |
6bd9ab |
free(list);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_pam_authc_search(
|
|
Packit |
6bd9ab |
const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line, struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0'));
|
|
Packit |
6bd9ab |
cfg->pam_authc_search = xstrdup(line);
|
|
Packit |
6bd9ab |
/* check the variables used in the expression */
|
|
Packit |
6bd9ab |
check_search_variables(filename, lnr, cfg->pam_authc_search);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_pam_authz_search(
|
|
Packit |
6bd9ab |
const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line, struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0'));
|
|
Packit |
6bd9ab |
/* find free spot for search filter */
|
|
Packit |
6bd9ab |
for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->pam_authz_searches[i] != NULL);
|
|
Packit |
6bd9ab |
i++)
|
|
Packit |
6bd9ab |
/* nothing */ ;
|
|
Packit |
6bd9ab |
if (i >= NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: maximum number of pam_authz_search options (%d) exceeded",
|
|
Packit |
6bd9ab |
filename, lnr, NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
cfg->pam_authz_searches[i] = xstrdup(line);
|
|
Packit |
6bd9ab |
/* check the variables used in the expression */
|
|
Packit |
6bd9ab |
check_search_variables(filename, lnr, cfg->pam_authz_searches[i]);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_pam_password_prohibit_message(
|
|
Packit |
6bd9ab |
const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line, struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char *value;
|
|
Packit |
6bd9ab |
int l;
|
|
Packit |
6bd9ab |
/* the rest of the line should be a message */
|
|
Packit |
6bd9ab |
value = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
/* strip quotes if they are present */
|
|
Packit |
6bd9ab |
l = strlen(value);
|
|
Packit |
6bd9ab |
if ((value[0] == '\"') && (value[l - 1] == '\"'))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
value[l - 1] = '\0';
|
|
Packit |
6bd9ab |
value++;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
cfg->pam_password_prohibit_message = value;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_reconnect_invalidate(
|
|
Packit |
6bd9ab |
const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line, struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char token[MAX_LINE_LENGTH];
|
|
Packit |
6bd9ab |
char *name, *next;
|
|
Packit |
6bd9ab |
enum ldap_map_selector map;
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0'));
|
|
Packit |
6bd9ab |
while (get_token(&line, token, sizeof(token)) != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
next = token;
|
|
Packit |
6bd9ab |
while (*next != '\0')
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
name = next;
|
|
Packit |
6bd9ab |
/* find the end of the current map name */
|
|
Packit |
6bd9ab |
while ((*next != '\0') && (*next != ','))
|
|
Packit |
6bd9ab |
next++;
|
|
Packit |
6bd9ab |
if (*next == ',')
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
*next = '\0';
|
|
Packit |
6bd9ab |
next++;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* check if map name exists */
|
|
Packit |
6bd9ab |
map = parse_map(name);
|
|
Packit |
6bd9ab |
if (map == LM_NONE)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unknown map: '%s'", filename, lnr, name);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
cfg->reconnect_invalidate[map] = 1;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void handle_cache(const char *filename, int lnr,
|
|
Packit |
6bd9ab |
const char *keyword, char *line,
|
|
Packit |
6bd9ab |
struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
char cache[16];
|
|
Packit |
6bd9ab |
time_t value1, value2;
|
|
Packit |
6bd9ab |
/* get cache map and values */
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
get_token(&line, cache, sizeof(cache)) != NULL);
|
|
Packit |
6bd9ab |
value1 = get_time(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
if ((line != NULL) && (*line != '\0'))
|
|
Packit |
6bd9ab |
value2 = get_time(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
value2 = value1;
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
/* check the cache */
|
|
Packit |
6bd9ab |
if (strcasecmp(cache, "dn2uid") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->cache_dn2uid_positive = value1;
|
|
Packit |
6bd9ab |
cfg->cache_dn2uid_negative = value2;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unknown cache: '%s'", filename, lnr, cache);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* This function tries to get the LDAP search base from the LDAP server.
|
|
Packit |
6bd9ab |
Note that this returns a string that has been allocated with strdup().
|
|
Packit |
6bd9ab |
For this to work the myldap module needs enough configuration information
|
|
Packit |
6bd9ab |
to make an LDAP connection. */
|
|
Packit |
6bd9ab |
static MUST_USE char *get_base_from_rootdse(void)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
MYLDAP_SESSION *session;
|
|
Packit |
6bd9ab |
MYLDAP_SEARCH *search;
|
|
Packit |
6bd9ab |
MYLDAP_ENTRY *entry;
|
|
Packit |
6bd9ab |
const char *attrs[] = { "+", NULL };
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
int rc;
|
|
Packit |
6bd9ab |
const char **values;
|
|
Packit |
6bd9ab |
char *base = NULL;
|
|
Packit |
6bd9ab |
/* initialize session */
|
|
Packit |
6bd9ab |
session = myldap_create_session();
|
|
Packit |
6bd9ab |
assert(session != NULL);
|
|
Packit |
6bd9ab |
/* perform search */
|
|
Packit |
6bd9ab |
search = myldap_search(session, "", LDAP_SCOPE_BASE, "(objectClass=*)",
|
|
Packit |
6bd9ab |
attrs, NULL);
|
|
Packit |
6bd9ab |
if (search == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
myldap_session_close(session);
|
|
Packit |
6bd9ab |
return NULL;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* go over results */
|
|
Packit |
6bd9ab |
for (i = 0; (entry = myldap_get_entry(search, &rc)) != NULL; i++)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
/* get defaultNamingContext */
|
|
Packit |
6bd9ab |
values = myldap_get_values(entry, "defaultNamingContext");
|
|
Packit |
6bd9ab |
if ((values != NULL) && (values[0] != NULL))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
base = xstrdup(values[0]);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "get_basedn_from_rootdse(): found attribute defaultNamingContext with value %s",
|
|
Packit |
6bd9ab |
values[0]);
|
|
Packit |
6bd9ab |
break;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* get namingContexts */
|
|
Packit |
6bd9ab |
values = myldap_get_values(entry, "namingContexts");
|
|
Packit |
6bd9ab |
if ((values != NULL) && (values[0] != NULL))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
base = xstrdup(values[0]);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "get_basedn_from_rootdse(): found attribute namingContexts with value %s",
|
|
Packit |
6bd9ab |
values[0]);
|
|
Packit |
6bd9ab |
break;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* clean up */
|
|
Packit |
6bd9ab |
myldap_session_close(session);
|
|
Packit |
6bd9ab |
return base;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* set the configuration information to the defaults */
|
|
Packit |
6bd9ab |
static void cfg_defaults(struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
memset(cfg, 0, sizeof(struct ldap_config));
|
|
Packit |
6bd9ab |
cfg->threads = 5;
|
|
Packit |
6bd9ab |
cfg->uidname = NULL;
|
|
Packit |
6bd9ab |
cfg->uid = NOUID;
|
|
Packit |
6bd9ab |
cfg->gid = NOGID;
|
|
Packit |
6bd9ab |
for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->uris[i].uri = NULL;
|
|
Packit |
6bd9ab |
cfg->uris[i].firstfail = 0;
|
|
Packit |
6bd9ab |
cfg->uris[i].lastfail = 0;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#ifdef LDAP_VERSION3
|
|
Packit |
6bd9ab |
cfg->ldap_version = LDAP_VERSION3;
|
|
Packit |
6bd9ab |
#else /* LDAP_VERSION3 */
|
|
Packit |
6bd9ab |
cfg->ldap_version = LDAP_VERSION2;
|
|
Packit |
6bd9ab |
#endif /* not LDAP_VERSION3 */
|
|
Packit |
6bd9ab |
cfg->binddn = NULL;
|
|
Packit |
6bd9ab |
cfg->bindpw = NULL;
|
|
Packit |
6bd9ab |
cfg->rootpwmoddn = NULL;
|
|
Packit |
6bd9ab |
cfg->rootpwmodpw = NULL;
|
|
Packit |
6bd9ab |
cfg->sasl_mech = NULL;
|
|
Packit |
6bd9ab |
cfg->sasl_realm = NULL;
|
|
Packit |
6bd9ab |
cfg->sasl_authcid = NULL;
|
|
Packit |
6bd9ab |
cfg->sasl_authzid = NULL;
|
|
Packit |
6bd9ab |
cfg->sasl_secprops = NULL;
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_SASL_NOCANON
|
|
Packit |
6bd9ab |
cfg->sasl_canonicalize = -1;
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_SASL_NOCANON */
|
|
Packit |
6bd9ab |
for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
|
|
Packit |
6bd9ab |
cfg->bases[i] = NULL;
|
|
Packit |
6bd9ab |
cfg->scope = LDAP_SCOPE_SUBTREE;
|
|
Packit |
6bd9ab |
cfg->deref = LDAP_DEREF_NEVER;
|
|
Packit |
6bd9ab |
cfg->referrals = 1;
|
|
Packit |
6bd9ab |
#if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
|
|
Packit |
6bd9ab |
cfg->pam_authc_ppolicy = 1;
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
cfg->bind_timelimit = 10;
|
|
Packit |
6bd9ab |
cfg->timelimit = LDAP_NO_LIMIT;
|
|
Packit |
6bd9ab |
cfg->idle_timelimit = 0;
|
|
Packit |
6bd9ab |
cfg->reconnect_sleeptime = 1;
|
|
Packit |
6bd9ab |
cfg->reconnect_retrytime = 10;
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
cfg->ssl = SSL_OFF;
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_TLS */
|
|
Packit |
6bd9ab |
cfg->pagesize = 0;
|
|
Packit |
6bd9ab |
cfg->nss_initgroups_ignoreusers = NULL;
|
|
Packit |
6bd9ab |
cfg->nss_min_uid = 0;
|
|
Packit |
6bd9ab |
cfg->nss_uid_offset = 0;
|
|
Packit |
6bd9ab |
cfg->nss_gid_offset = 0;
|
|
Packit |
6bd9ab |
cfg->nss_nested_groups = 0;
|
|
Packit |
6bd9ab |
cfg->nss_getgrent_skipmembers = 0;
|
|
Packit |
6bd9ab |
cfg->nss_disable_enumeration = 0;
|
|
Packit |
6bd9ab |
cfg->validnames_str = NULL;
|
|
Packit |
6bd9ab |
handle_validnames(__FILE__, __LINE__, "",
|
|
Packit |
6bd9ab |
"/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i",
|
|
Packit |
6bd9ab |
cfg);
|
|
Packit |
6bd9ab |
cfg->ignorecase = 0;
|
|
Packit |
6bd9ab |
cfg->pam_authc_search = "BASE";
|
|
Packit |
6bd9ab |
for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++)
|
|
Packit |
6bd9ab |
cfg->pam_authz_searches[i] = NULL;
|
|
Packit |
6bd9ab |
cfg->pam_password_prohibit_message = NULL;
|
|
Packit |
6bd9ab |
for (i = 0; i < LM_NONE; i++)
|
|
Packit |
6bd9ab |
cfg->reconnect_invalidate[i] = 0;
|
|
Packit |
6bd9ab |
cfg->cache_dn2uid_positive = 15 * TIME_MINUTES;
|
|
Packit |
6bd9ab |
cfg->cache_dn2uid_negative = 15 * TIME_MINUTES;
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
static void cfg_read(const char *filename, struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
FILE *fp;
|
|
Packit |
6bd9ab |
int lnr = 0;
|
|
Packit |
6bd9ab |
char linebuf[MAX_LINE_LENGTH];
|
|
Packit |
6bd9ab |
char *line;
|
|
Packit |
6bd9ab |
char keyword[32];
|
|
Packit |
6bd9ab |
char token[256];
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
int rc;
|
|
Packit |
6bd9ab |
char *value;
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
/* open config file */
|
|
Packit |
6bd9ab |
if ((fp = fopen(filename, "r")) == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "cannot open config file (%s): %s",
|
|
Packit |
6bd9ab |
filename, strerror(errno));
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* read file and parse lines */
|
|
Packit |
6bd9ab |
while (fgets(linebuf, sizeof(linebuf), fp) != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
lnr++;
|
|
Packit |
6bd9ab |
line = linebuf;
|
|
Packit |
6bd9ab |
/* strip newline */
|
|
Packit |
6bd9ab |
i = (int)strlen(line);
|
|
Packit |
6bd9ab |
if ((i <= 0) || (line[i - 1] != '\n'))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: line too long or last line missing newline",
|
|
Packit |
6bd9ab |
filename, lnr);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
line[i - 1] = '\0';
|
|
Packit |
6bd9ab |
/* ignore comment lines */
|
|
Packit |
6bd9ab |
if (line[0] == '#')
|
|
Packit |
6bd9ab |
continue;
|
|
Packit |
6bd9ab |
/* strip trailing spaces */
|
|
Packit |
6bd9ab |
for (i--; (i > 0) && isspace(line[i - 1]); i--)
|
|
Packit |
6bd9ab |
line[i - 1] = '\0';
|
|
Packit |
6bd9ab |
/* get keyword from line and ignore empty lines */
|
|
Packit |
6bd9ab |
if (get_token(&line, keyword, sizeof(keyword)) == NULL)
|
|
Packit |
6bd9ab |
continue;
|
|
Packit |
6bd9ab |
/* runtime options */
|
|
Packit |
6bd9ab |
if (strcasecmp(keyword, "threads") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->threads = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "uid") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_uid(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "gid") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_gid(filename, lnr, keyword, line, &cfg->gid);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "log") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_log(filename, lnr, keyword, line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* general connection options */
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "uri") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0'));
|
|
Packit |
6bd9ab |
while (get_token(&line, token, sizeof(token)) != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (strcasecmp(token, "dns") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST
|
|
Packit |
6bd9ab |
add_uris_from_dns(filename, lnr, cfg,
|
|
Packit |
6bd9ab |
cfg_getdomainname(filename, lnr));
|
|
Packit |
6bd9ab |
#else /* not HAVE_LDAP_DOMAIN2HOSTLIST */
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
|
|
Packit |
6bd9ab |
filename, lnr, token);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
#endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strncasecmp(token, "dns:", 4) == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST
|
|
Packit |
6bd9ab |
add_uris_from_dns(filename, lnr, cfg, strdup(token + 4));
|
|
Packit |
6bd9ab |
#else /* not HAVE_LDAP_DOMAIN2HOSTLIST */
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
|
|
Packit |
6bd9ab |
filename, lnr, token);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
#endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
add_uri(filename, lnr, cfg, token);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "ldap_version") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->ldap_version = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "binddn") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->binddn = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "bindpw") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
check_permissions(filename, keyword);
|
|
Packit |
6bd9ab |
cfg->bindpw = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "rootpwmoddn") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->rootpwmoddn = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "rootpwmodpw") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
check_permissions(filename, keyword);
|
|
Packit |
6bd9ab |
cfg->rootpwmodpw = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* SASL authentication options */
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "sasl_mech") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->sasl_mech = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "sasl_realm") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->sasl_realm = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "sasl_authcid") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->sasl_authcid = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "sasl_authzid") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->sasl_authzid = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "sasl_secprops") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->sasl_secprops = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_SASL_NOCANON
|
|
Packit |
6bd9ab |
else if ((strcasecmp(keyword, "sasl_canonicalize") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(keyword, "sasl_canonicalise") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(keyword, "ldap_sasl_canonicalize") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(keyword, "sasl_canon") == 0))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->sasl_canonicalize = get_boolean(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "sasl_nocanon") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->sasl_canonicalize = get_boolean(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
cfg->sasl_canonicalize = !cfg->sasl_canonicalize;
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_SASL_NOCANON */
|
|
Packit |
6bd9ab |
/* Kerberos authentication options */
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "krb5_ccname") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_krb5_ccname(filename, lnr, keyword, line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* search/mapping options */
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "base") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_base(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "scope") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_scope(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "deref") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_deref(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "referrals") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->referrals = get_boolean(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "filter") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_filter(filename, lnr, keyword, line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "map") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_map(filename, lnr, keyword, line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "pam_authc_ppolicy") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
#if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
|
|
Packit |
6bd9ab |
cfg->pam_authc_ppolicy = get_boolean(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
#else
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
|
|
Packit |
6bd9ab |
filename, lnr, value);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* timing/reconnect options */
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "bind_timelimit") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->bind_timelimit = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "timelimit") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->timelimit = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "idle_timelimit") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->idle_timelimit = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (!strcasecmp(keyword, "reconnect_sleeptime"))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->reconnect_sleeptime = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "reconnect_retrytime") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->reconnect_retrytime = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
/* SSL/TLS options */
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "ssl") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
check_argumentcount(filename, lnr, keyword,
|
|
Packit |
6bd9ab |
(get_token(&line, token, sizeof(token)) != NULL));
|
|
Packit |
6bd9ab |
if ((strcasecmp(token, "start_tls") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(token, "starttls") == 0))
|
|
Packit |
6bd9ab |
cfg->ssl = SSL_START_TLS;
|
|
Packit |
6bd9ab |
else if (parse_boolean(filename, lnr, token))
|
|
Packit |
6bd9ab |
cfg->ssl = SSL_LDAPS;
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "tls_reqcert") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_tls_reqcert(filename, lnr, keyword, line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "tls_cacertdir") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
value = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
check_dir(filename, lnr, token, value);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR,\"%s\")",
|
|
Packit |
6bd9ab |
value);
|
|
Packit |
6bd9ab |
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CACERTDIR, value);
|
|
Packit |
6bd9ab |
free(value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if ((strcasecmp(keyword, "tls_cacertfile") == 0) ||
|
|
Packit |
6bd9ab |
(strcasecmp(keyword, "tls_cacert") == 0))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
value = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
check_readable(filename, lnr, keyword, value);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,\"%s\")",
|
|
Packit |
6bd9ab |
value);
|
|
Packit |
6bd9ab |
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CACERTFILE, value);
|
|
Packit |
6bd9ab |
free(value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "tls_randfile") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
value = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
check_readable(filename, lnr, keyword, value);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_RANDOM_FILE,\"%s\")",
|
|
Packit |
6bd9ab |
value);
|
|
Packit |
6bd9ab |
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_RANDOM_FILE, value);
|
|
Packit |
6bd9ab |
free(value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "tls_ciphers") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
value = get_linedup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CIPHER_SUITE,\"%s\")",
|
|
Packit |
6bd9ab |
value);
|
|
Packit |
6bd9ab |
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, value);
|
|
Packit |
6bd9ab |
free(value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "tls_cert") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
value = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
check_readable(filename, lnr, keyword, value);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CERTFILE,\"%s\")",
|
|
Packit |
6bd9ab |
value);
|
|
Packit |
6bd9ab |
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CERTFILE, value);
|
|
Packit |
6bd9ab |
free(value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "tls_key") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
value = get_strdup(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
check_readable(filename, lnr, keyword, value);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,\"%s\")",
|
|
Packit |
6bd9ab |
value);
|
|
Packit |
6bd9ab |
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_KEYFILE, value);
|
|
Packit |
6bd9ab |
free(value);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_TLS */
|
|
Packit |
6bd9ab |
/* other options */
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "pagesize") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->pagesize = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "nss_initgroups_ignoreusers") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_nss_initgroups_ignoreusers(filename, lnr, keyword, line,
|
|
Packit |
6bd9ab |
cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "nss_min_uid") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->nss_min_uid = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "nss_uid_offset") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->nss_uid_offset = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "nss_gid_offset") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->nss_gid_offset = get_int(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "nss_nested_groups") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->nss_nested_groups = get_boolean(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "nss_getgrent_skipmembers") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->nss_getgrent_skipmembers = get_boolean(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "nss_disable_enumeration") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->nss_disable_enumeration = get_boolean(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "validnames") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_validnames(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "ignorecase") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
cfg->ignorecase = get_boolean(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
get_eol(filename, lnr, keyword, &line);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "pam_authc_search") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_pam_authc_search(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "pam_authz_search") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_pam_authz_search(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "pam_password_prohibit_message") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_pam_password_prohibit_message(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "reconnect_invalidate") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_reconnect_invalidate(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else if (strcasecmp(keyword, "cache") == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
handle_cache(filename, lnr, keyword, line, cfg);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#ifdef ENABLE_CONFIGFILE_CHECKING
|
|
Packit |
6bd9ab |
/* fallthrough */
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:%d: unknown keyword: '%s'", filename, lnr, keyword);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* we're done reading file, close */
|
|
Packit |
6bd9ab |
fclose(fp);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifdef NSLCD_BINDPW_PATH
|
|
Packit |
6bd9ab |
static void bindpw_read(const char *filename, struct ldap_config *cfg)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
FILE *fp;
|
|
Packit |
6bd9ab |
char linebuf[MAX_LINE_LENGTH];
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
/* open config file */
|
|
Packit |
6bd9ab |
errno = 0;
|
|
Packit |
6bd9ab |
if ((fp = fopen(filename, "r")) == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (errno == ENOENT)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "no bindpw file (%s)", filename);
|
|
Packit |
6bd9ab |
return; /* ignore */
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "cannot open bindpw file (%s): %s",
|
|
Packit |
6bd9ab |
filename, strerror(errno));
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* check permissions */
|
|
Packit |
6bd9ab |
check_permissions(filename, NULL);
|
|
Packit |
6bd9ab |
/* read the first line */
|
|
Packit |
6bd9ab |
if (fgets(linebuf, sizeof(linebuf), fp) == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s: error reading first line", filename);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* chop the last char off and save the rest as bindpw */
|
|
Packit |
6bd9ab |
i = (int)strlen(linebuf);
|
|
Packit |
6bd9ab |
if ((i <= 0) || (linebuf[i - 1] != '\n'))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:1: line too long or missing newline", filename);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
linebuf[i - 1] = '\0';
|
|
Packit |
6bd9ab |
if (strlen(linebuf) == 0)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:1: the password is empty", filename);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
cfg->bindpw = strdup(linebuf);
|
|
Packit |
6bd9ab |
/* check if there is no more data in the file */
|
|
Packit |
6bd9ab |
if (fgets(linebuf, sizeof(linebuf), fp) != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "%s:2: there is more than one line in the bindpw file",
|
|
Packit |
6bd9ab |
filename);
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
fclose(fp);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#endif /* NSLCD_BINDPW_PATH */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* dump configuration */
|
|
Packit |
6bd9ab |
static void cfg_dump(void)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
int rc;
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_TLS */
|
|
Packit |
6bd9ab |
enum ldap_map_selector map;
|
|
Packit |
6bd9ab |
char *str;
|
|
Packit |
6bd9ab |
const char **strp;
|
|
Packit |
6bd9ab |
char buffer[1024];
|
|
Packit |
6bd9ab |
int *scopep;
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: threads %d", nslcd_cfg->threads);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->uidname != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: uid %s", nslcd_cfg->uidname);
|
|
Packit |
6bd9ab |
else if (nslcd_cfg->uid != NOUID)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: uid %lu", (unsigned long int)nslcd_cfg->uid);
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: # uid not set");
|
|
Packit |
6bd9ab |
if (nslcd_cfg->gid != NOGID)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: gid %lu", (unsigned long int)nslcd_cfg->gid);
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: # gid not set");
|
|
Packit |
6bd9ab |
log_log_config();
|
|
Packit |
6bd9ab |
for (i = 0; i < (NSS_LDAP_CONFIG_MAX_URIS + 1); i++)
|
|
Packit |
6bd9ab |
if (nslcd_cfg->uris[i].uri != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: uri %s", nslcd_cfg->uris[i].uri);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: ldap_version %d", nslcd_cfg->ldap_version);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->binddn != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: binddn %s", nslcd_cfg->binddn);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->bindpw != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: bindpw ***");
|
|
Packit |
6bd9ab |
if (nslcd_cfg->rootpwmoddn != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: rootpwmoddn %s", nslcd_cfg->rootpwmoddn);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->rootpwmodpw != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: rootpwmodpw ***");
|
|
Packit |
6bd9ab |
if (nslcd_cfg->sasl_mech != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: sasl_mech %s", nslcd_cfg->sasl_mech);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->sasl_realm != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: sasl_realm %s", nslcd_cfg->sasl_realm);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->sasl_authcid != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: sasl_authcid %s", nslcd_cfg->sasl_authcid);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->sasl_authzid != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: sasl_authzid %s", nslcd_cfg->sasl_authzid);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->sasl_secprops != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: sasl_secprops %s", nslcd_cfg->sasl_secprops);
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_SASL_NOCANON
|
|
Packit |
6bd9ab |
if (nslcd_cfg->sasl_canonicalize >= 0)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: sasl_canonicalize %s", print_boolean(nslcd_cfg->sasl_canonicalize));
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_SASL_NOCANON */
|
|
Packit |
6bd9ab |
str = getenv("KRB5CCNAME");
|
|
Packit |
6bd9ab |
if (str != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: krb5_ccname %s", str);
|
|
Packit |
6bd9ab |
for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
|
|
Packit |
6bd9ab |
if (nslcd_cfg->bases[i] != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: base %s", nslcd_cfg->bases[i]);
|
|
Packit |
6bd9ab |
for (map = LM_ALIASES; map < LM_NONE; map++)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
strp = base_get_var(map);
|
|
Packit |
6bd9ab |
if (strp != NULL)
|
|
Packit |
6bd9ab |
for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
|
|
Packit |
6bd9ab |
if (strp[i] != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: base %s %s", print_map(map), strp[i]);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: scope %s", print_scope(nslcd_cfg->scope));
|
|
Packit |
6bd9ab |
for (map = LM_ALIASES; map < LM_NONE; map++)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
scopep = scope_get_var(map);
|
|
Packit |
6bd9ab |
if ((scopep != NULL) && (*scopep != LDAP_SCOPE_DEFAULT))
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: scope %s %s", print_map(map), print_scope(*scopep));
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: deref %s", print_deref(nslcd_cfg->deref));
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: referrals %s", print_boolean(nslcd_cfg->referrals));
|
|
Packit |
6bd9ab |
for (map = LM_ALIASES; map < LM_NONE; map++)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
strp = filter_get_var(map);
|
|
Packit |
6bd9ab |
if ((strp != NULL) && (*strp != NULL))
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: filter %s %s", print_map(map), *strp);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
#define LOG_ATTMAP(map, mapl, att) \
|
|
Packit |
6bd9ab |
if (strcmp(attmap_##mapl##_##att, __STRING(att)) != 0) \
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: map %s %s %s", \
|
|
Packit |
6bd9ab |
print_map(map), __STRING(att), attmap_##mapl##_##att);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_ALIASES, alias, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_ALIASES, alias, rfc822MailMember);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_ETHERS, ether, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_ETHERS, ether, macAddress);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_GROUP, group, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_GROUP, group, userPassword);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_GROUP, group, gidNumber);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_GROUP, group, memberUid);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_GROUP, group, member);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_HOSTS, host, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_HOSTS, host, ipHostNumber);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_NETGROUP, netgroup, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_NETGROUP, netgroup, nisNetgroupTriple);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_NETGROUP, netgroup, memberNisNetgroup);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_NETWORKS, network, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_NETWORKS, network, ipNetworkNumber);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PASSWD, passwd, uid);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PASSWD, passwd, userPassword);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PASSWD, passwd, uidNumber);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PASSWD, passwd, gidNumber);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PASSWD, passwd, gecos);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PASSWD, passwd, homeDirectory);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PASSWD, passwd, loginShell);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PROTOCOLS, protocol, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_PROTOCOLS, protocol, ipProtocolNumber);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_RPC, rpc, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_RPC, rpc, oncRpcNumber);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SERVICES, service, cn);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SERVICES, service, ipServicePort);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SERVICES, service, ipServiceProtocol);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, uid);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, userPassword);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, shadowLastChange);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, shadowMin);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, shadowMax);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, shadowWarning);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, shadowInactive);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, shadowExpire);
|
|
Packit |
6bd9ab |
LOG_ATTMAP(LM_SHADOW, shadow, shadowFlag);
|
|
Packit |
6bd9ab |
#if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: pam_authc_ppolicy %s", print_boolean(nslcd_cfg->pam_authc_ppolicy));
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: bind_timelimit %d", nslcd_cfg->bind_timelimit);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: timelimit %d", nslcd_cfg->timelimit);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: idle_timelimit %d", nslcd_cfg->idle_timelimit);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: reconnect_sleeptime %d", nslcd_cfg->reconnect_sleeptime);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: reconnect_retrytime %d", nslcd_cfg->reconnect_retrytime);
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: ssl %s", print_ssl(nslcd_cfg->ssl));
|
|
Packit |
6bd9ab |
rc = ldap_get_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
|
|
Packit |
6bd9ab |
if (rc != LDAP_SUCCESS)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: # tls_reqcert ERROR: %s", ldap_err2string(rc));
|
|
Packit |
6bd9ab |
else
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: tls_reqcert %s", print_tls_reqcert(i));
|
|
Packit |
6bd9ab |
#define LOG_LDAP_OPT_STRING(cfg, option) \
|
|
Packit |
6bd9ab |
str = NULL; \
|
|
Packit |
6bd9ab |
rc = ldap_get_option(NULL, option, &str); \
|
|
Packit |
6bd9ab |
if (rc != LDAP_SUCCESS) \
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: # %s ERROR: %s", cfg, ldap_err2string(rc)); \
|
|
Packit |
6bd9ab |
else if ((str != NULL) && (*str != '\0')) \
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: %s %s", cfg, str); \
|
|
Packit |
6bd9ab |
if (str != NULL) \
|
|
Packit |
6bd9ab |
ldap_memfree(str);
|
|
Packit |
6bd9ab |
LOG_LDAP_OPT_STRING("tls_cacertdir", LDAP_OPT_X_TLS_CACERTDIR);
|
|
Packit |
6bd9ab |
LOG_LDAP_OPT_STRING("tls_cacertfile", LDAP_OPT_X_TLS_CACERTFILE);
|
|
Packit |
6bd9ab |
LOG_LDAP_OPT_STRING("tls_randfile", LDAP_OPT_X_TLS_RANDOM_FILE);
|
|
Packit |
6bd9ab |
LOG_LDAP_OPT_STRING("tls_ciphers", LDAP_OPT_X_TLS_CIPHER_SUITE);
|
|
Packit |
6bd9ab |
LOG_LDAP_OPT_STRING("tls_cert", LDAP_OPT_X_TLS_CERTFILE);
|
|
Packit |
6bd9ab |
LOG_LDAP_OPT_STRING("tls_key", LDAP_OPT_X_TLS_KEYFILE);
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_TLS */
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: pagesize %d", nslcd_cfg->pagesize);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->nss_initgroups_ignoreusers != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
/* allocate memory for a comma-separated list */
|
|
Packit |
6bd9ab |
strp = set_tolist(nslcd_cfg->nss_initgroups_ignoreusers);
|
|
Packit |
6bd9ab |
if (strp == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_CRIT, "malloc() failed to allocate memory");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* turn the set into a comma-separated list */
|
|
Packit |
6bd9ab |
buffer[0] = '\0';
|
|
Packit |
6bd9ab |
for (i = 0; strp[i] != NULL; i++)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (i > 0)
|
|
Packit |
6bd9ab |
strncat(buffer, ",", sizeof(buffer) - 1 - strlen(buffer));
|
|
Packit |
6bd9ab |
strncat(buffer, strp[i], sizeof(buffer) - 1 - strlen(buffer));
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
free(strp);
|
|
Packit |
6bd9ab |
if (strlen(buffer) >= (sizeof(buffer) - 4))
|
|
Packit |
6bd9ab |
strcpy(buffer + sizeof(buffer) - 4, "...");
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: nss_initgroups_ignoreusers %s", buffer);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: nss_min_uid %lu", (unsigned long int)nslcd_cfg->nss_min_uid);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: nss_uid_offset %lu", (unsigned long int)nslcd_cfg->nss_uid_offset);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: nss_gid_offset %lu", (unsigned long int)nslcd_cfg->nss_gid_offset);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: nss_nested_groups %s", print_boolean(nslcd_cfg->nss_nested_groups));
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: nss_getgrent_skipmembers %s", print_boolean(nslcd_cfg->nss_getgrent_skipmembers));
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: nss_disable_enumeration %s", print_boolean(nslcd_cfg->nss_disable_enumeration));
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: validnames %s", nslcd_cfg->validnames_str);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: ignorecase %s", print_boolean(nslcd_cfg->ignorecase));
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: pam_authc_search %s", nslcd_cfg->pam_authc_search);
|
|
Packit |
6bd9ab |
for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++)
|
|
Packit |
6bd9ab |
if (nslcd_cfg->pam_authz_searches[i] != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: pam_authz_search %s", nslcd_cfg->pam_authz_searches[i]);
|
|
Packit |
6bd9ab |
if (nslcd_cfg->pam_password_prohibit_message != NULL)
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: pam_password_prohibit_message \"%s\"", nslcd_cfg->pam_password_prohibit_message);
|
|
Packit |
6bd9ab |
/* build a comma-separated list */
|
|
Packit |
6bd9ab |
buffer[0] = '\0';
|
|
Packit |
6bd9ab |
for (i = 0; i < LM_NONE ; i++)
|
|
Packit |
6bd9ab |
if (nslcd_cfg->reconnect_invalidate[i])
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (buffer[0] != '\0')
|
|
Packit |
6bd9ab |
strncat(buffer, ",", sizeof(buffer) - 1 - strlen(buffer));
|
|
Packit |
6bd9ab |
strncat(buffer, print_map(i), sizeof(buffer) - 1 - strlen(buffer));
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
if (buffer[0] != '\0')
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: reconnect_invalidate %s", buffer);
|
|
Packit |
6bd9ab |
print_time(nslcd_cfg->cache_dn2uid_positive, buffer, sizeof(buffer) / 2);
|
|
Packit |
6bd9ab |
print_time(nslcd_cfg->cache_dn2uid_positive, buffer + (sizeof(buffer) / 2), sizeof(buffer) / 2);
|
|
Packit |
6bd9ab |
log_log(LOG_DEBUG, "CFG: cache dn2uid %s %s", buffer, buffer + (sizeof(buffer) / 2));
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
void cfg_init(const char *fname)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
int i;
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_TLS */
|
|
Packit |
6bd9ab |
/* check if we were called before */
|
|
Packit |
6bd9ab |
if (nslcd_cfg != NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_CRIT, "cfg_init() may only be called once");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* allocate the memory (this memory is not freed anywhere) */
|
|
Packit |
6bd9ab |
nslcd_cfg = (struct ldap_config *)malloc(sizeof(struct ldap_config));
|
|
Packit |
6bd9ab |
if (nslcd_cfg == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_CRIT, "malloc() failed to allocate memory");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* clear configuration */
|
|
Packit |
6bd9ab |
cfg_defaults(nslcd_cfg);
|
|
Packit |
6bd9ab |
/* read configfile */
|
|
Packit |
6bd9ab |
cfg_read(fname, nslcd_cfg);
|
|
Packit |
6bd9ab |
#ifdef NSLCD_BINDPW_PATH
|
|
Packit |
6bd9ab |
bindpw_read(NSLCD_BINDPW_PATH, nslcd_cfg);
|
|
Packit |
6bd9ab |
#endif /* NSLCD_BINDPW_PATH */
|
|
Packit |
6bd9ab |
/* do some sanity checks */
|
|
Packit |
6bd9ab |
if (nslcd_cfg->uris[0].uri == NULL)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "no URIs defined in config");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* if ssl is on each URI should start with ldaps */
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
if (nslcd_cfg->ssl == SSL_LDAPS)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
for (i = 0; nslcd_cfg->uris[i].uri != NULL; i++)
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
if (strncasecmp(nslcd_cfg->uris[i].uri, "ldaps://", 8) != 0)
|
|
Packit |
6bd9ab |
log_log(LOG_WARNING, "%s doesn't start with ldaps:// and \"ssl on\" is specified",
|
|
Packit |
6bd9ab |
nslcd_cfg->uris[i].uri);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* TODO: check that if some tls options are set the ssl option should be set to on (just warn) */
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_TLS */
|
|
Packit |
6bd9ab |
/* if basedn is not yet set, get if from the rootDSE */
|
|
Packit |
6bd9ab |
if (nslcd_cfg->bases[0] == NULL)
|
|
Packit |
6bd9ab |
nslcd_cfg->bases[0] = get_base_from_rootdse();
|
|
Packit |
6bd9ab |
/* TODO: handle the case gracefully when no LDAP server is available yet */
|
|
Packit |
6bd9ab |
/* see if we have a valid basedn */
|
|
Packit |
6bd9ab |
if ((nslcd_cfg->bases[0] == NULL) || (nslcd_cfg->bases[0][0] == '\0'))
|
|
Packit |
6bd9ab |
{
|
|
Packit |
6bd9ab |
log_log(LOG_ERR, "no base defined in config and couldn't get one from server");
|
|
Packit |
6bd9ab |
exit(EXIT_FAILURE);
|
|
Packit |
6bd9ab |
}
|
|
Packit |
6bd9ab |
/* dump configuration */
|
|
Packit |
6bd9ab |
cfg_dump();
|
|
Packit |
6bd9ab |
/* initialise all database modules */
|
|
Packit |
6bd9ab |
alias_init();
|
|
Packit |
6bd9ab |
ether_init();
|
|
Packit |
6bd9ab |
group_init();
|
|
Packit |
6bd9ab |
host_init();
|
|
Packit |
6bd9ab |
netgroup_init();
|
|
Packit |
6bd9ab |
network_init();
|
|
Packit |
6bd9ab |
passwd_init();
|
|
Packit |
6bd9ab |
protocol_init();
|
|
Packit |
6bd9ab |
rpc_init();
|
|
Packit |
6bd9ab |
service_init();
|
|
Packit |
6bd9ab |
shadow_init();
|
|
Packit |
6bd9ab |
}
|