source-git / nss-pam-ldapd

Clone
Source Code
GIT

Blame nslcd/netgroup.c

c8 master
  1.   8e28f46f6d6b171e1df0331996cf8c8b48f18c13
  2.   nslcd
  3.   netgroup.c
Blob History Raw
Packit 6bd9ab 
/*
Packit 6bd9ab 
   netgroup.c - netgroup lookup routines
Packit 6bd9ab 
   Parts of this file were part of the nss_ldap library (as ldap-netgrp.c)
Packit 6bd9ab 
   which has been forked into the nss-pam-ldapd library.
Packit 6bd9ab
Packit 6bd9ab 
   Copyright (C) 1997-2005 Luke Howard
Packit 6bd9ab 
   Copyright (C) 2006 West Consulting
Packit 6bd9ab 
   Copyright (C) 2006-2014 Arthur de Jong
Packit 6bd9ab
Packit 6bd9ab 
   This library is free software; you can redistribute it and/or
Packit 6bd9ab 
   modify it under the terms of the GNU Lesser General Public
Packit 6bd9ab 
   License as published by the Free Software Foundation; either
Packit 6bd9ab 
   version 2.1 of the License, or (at your option) any later version.
Packit 6bd9ab
Packit 6bd9ab 
   This library is distributed in the hope that it will be useful,
Packit 6bd9ab 
   but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit 6bd9ab 
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit 6bd9ab 
   Lesser General Public License for more details.
Packit 6bd9ab
Packit 6bd9ab 
   You should have received a copy of the GNU Lesser General Public
Packit 6bd9ab 
   License along with this library; if not, write to the Free Software
Packit 6bd9ab 
   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
Packit 6bd9ab 
   02110-1301 USA
Packit 6bd9ab 
*/
Packit 6bd9ab
Packit 6bd9ab 
#include "config.h"
Packit 6bd9ab
Packit 6bd9ab 
#include <stdio.h>
Packit 6bd9ab 
#include <stdlib.h>
Packit 6bd9ab 
#include <stdarg.h>
Packit 6bd9ab 
#include <ctype.h>
Packit 6bd9ab 
#include <sys/types.h>
Packit 6bd9ab 
#include <sys/param.h>
Packit 6bd9ab 
#include <string.h>
Packit 6bd9ab
Packit 6bd9ab 
#include "common.h"
Packit 6bd9ab 
#include "log.h"
Packit 6bd9ab 
#include "myldap.h"
Packit 6bd9ab 
#include "cfg.h"
Packit 6bd9ab 
#include "attmap.h"
Packit 6bd9ab
Packit 6bd9ab 
/* ( nisSchema.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
Packit 6bd9ab 
 *   DESC 'Abstraction of a netgroup. May refer to other netgroups'
Packit 6bd9ab 
 *   MUST cn
Packit 6bd9ab 
 *   MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
Packit 6bd9ab 
 */
Packit 6bd9ab
Packit 6bd9ab 
/* the search base for searches */
Packit 6bd9ab 
const char *netgroup_bases[NSS_LDAP_CONFIG_MAX_BASES] = { NULL };
Packit 6bd9ab
Packit 6bd9ab 
/* the search scope for searches */
Packit 6bd9ab 
int netgroup_scope = LDAP_SCOPE_DEFAULT;
Packit 6bd9ab
Packit 6bd9ab 
/* the basic search filter for searches */
Packit 6bd9ab 
const char *netgroup_filter = "(objectClass=nisNetgroup)";
Packit 6bd9ab
Packit 6bd9ab 
/* the attributes to request with searches */
Packit 6bd9ab 
const char *attmap_netgroup_cn                = "cn";
Packit 6bd9ab 
const char *attmap_netgroup_nisNetgroupTriple = "nisNetgroupTriple";
Packit 6bd9ab 
const char *attmap_netgroup_memberNisNetgroup = "memberNisNetgroup";
Packit 6bd9ab
Packit 6bd9ab 
/* the attribute list to request with searches */
Packit 6bd9ab 
static const char *netgroup_attrs[4];
Packit 6bd9ab
Packit 6bd9ab 
static int mkfilter_netgroup_byname(const char *name,
Packit 6bd9ab 
                                    char *buffer, size_t buflen)
Packit 6bd9ab 
{
Packit 6bd9ab 
  char safename[BUFLEN_SAFENAME];
Packit 6bd9ab 
  /* escape attribute */
Packit 6bd9ab 
  if (myldap_escape(name, safename, sizeof(safename)))
Packit 6bd9ab 
  {
Packit 6bd9ab 
    log_log(LOG_ERR, "mkfilter_netgroup_byname(): safename buffer too small");
Packit 6bd9ab 
    return -1;
Packit 6bd9ab 
  }
Packit 6bd9ab 
  /* build filter */
Packit 6bd9ab 
  return mysnprintf(buffer, buflen, "(&%s(%s=%s))",
Packit 6bd9ab 
                    netgroup_filter, attmap_netgroup_cn, safename);
Packit 6bd9ab 
}
Packit 6bd9ab
Packit 6bd9ab 
void netgroup_init(void)
Packit 6bd9ab 
{
Packit 6bd9ab 
  int i;
Packit 6bd9ab 
  /* set up search bases */
Packit 6bd9ab 
  if (netgroup_bases[0] == NULL)
Packit 6bd9ab 
    for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
Packit 6bd9ab 
      netgroup_bases[i] = nslcd_cfg->bases[i];
Packit 6bd9ab 
  /* set up scope */
Packit 6bd9ab 
  if (netgroup_scope == LDAP_SCOPE_DEFAULT)
Packit 6bd9ab 
    netgroup_scope = nslcd_cfg->scope;
Packit 6bd9ab 
  /* set up attribute list */
Packit 6bd9ab 
  netgroup_attrs[0] = attmap_netgroup_cn;
Packit 6bd9ab 
  netgroup_attrs[1] = attmap_netgroup_nisNetgroupTriple;
Packit 6bd9ab 
  netgroup_attrs[2] = attmap_netgroup_memberNisNetgroup;
Packit 6bd9ab 
  netgroup_attrs[3] = NULL;
Packit 6bd9ab 
}
Packit 6bd9ab
Packit 6bd9ab 
static int write_string_stripspace_len(TFILE *fp, const char *str, int len)
Packit 6bd9ab 
{
Packit 6bd9ab 
  int32_t tmpint32;
Packit 6bd9ab 
  int i, j;
Packit 6bd9ab 
  DEBUG_PRINT("WRITE_STRING: var=" __STRING(str) " string=\"%s\"", str);
Packit 6bd9ab 
  /* skip leading spaces */
Packit 6bd9ab 
  for (i = 0; (str[i] != '\0') && (isspace(str[i])); i++)
Packit 6bd9ab 
    /* nothing */ ;
Packit 6bd9ab 
  /* skip trailing spaces */
Packit 6bd9ab 
  for (j = len; (j > i) && (isspace(str[j - 1])); j--)
Packit 6bd9ab 
    /* nothing */ ;
Packit 6bd9ab 
  /* write length of string */
Packit 6bd9ab 
  WRITE_INT32(fp, j - i);
Packit 6bd9ab 
  /* write string itself */
Packit 6bd9ab 
  if (j > i)
Packit 6bd9ab 
  {
Packit 6bd9ab 
    WRITE(fp, str + i, j - i);
Packit 6bd9ab 
  }
Packit 6bd9ab 
  /* we're done */
Packit 6bd9ab 
  return 0;
Packit 6bd9ab 
}
Packit 6bd9ab
Packit 6bd9ab 
#define WRITE_STRING_STRIPSPACE_LEN(fp, str, len)                           \
Packit 6bd9ab 
  if (write_string_stripspace_len(fp, str, len))                            \
Packit 6bd9ab 
    return -1;
Packit 6bd9ab
Packit 6bd9ab 
#define WRITE_STRING_STRIPSPACE(fp, str)                                    \
Packit 6bd9ab 
  WRITE_STRING_STRIPSPACE_LEN(fp, str, strlen(str))
Packit 6bd9ab
Packit 6bd9ab 
static int write_netgroup_triple(TFILE *fp, MYLDAP_ENTRY *entry,
Packit 6bd9ab 
                                 const char *triple)
Packit 6bd9ab 
{
Packit 6bd9ab 
  int32_t tmpint32;
Packit 6bd9ab 
  int i;
Packit 6bd9ab 
  int hostb, hoste, userb, usere, domainb, domaine;
Packit 6bd9ab 
  /* skip leading spaces */
Packit 6bd9ab 
  for (i = 0; (triple[i] != '\0') && (isspace(triple[i])); i++)
Packit 6bd9ab 
    /* nothing */ ;
Packit 6bd9ab 
  /* we should have a bracket now */
Packit 6bd9ab 
  if (triple[i] != '(')
Packit 6bd9ab 
  {
Packit 6bd9ab 
    log_log(LOG_WARNING, "%s: %s: does not begin with '('",
Packit 6bd9ab 
            myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple);
Packit 6bd9ab 
    return 0;
Packit 6bd9ab 
  }
Packit 6bd9ab 
  i++;
Packit 6bd9ab 
  hostb = i;
Packit 6bd9ab 
  /* find comma (end of host string) */
Packit 6bd9ab 
  for (; (triple[i] != '\0') && (triple[i] != ','); i++)
Packit 6bd9ab 
    /* nothing */ ;
Packit 6bd9ab 
  hoste = i;
Packit 6bd9ab 
  if (triple[i++] != ',')
Packit 6bd9ab 
  {
Packit 6bd9ab 
    log_log(LOG_WARNING, "%s: %s: missing ','",
Packit 6bd9ab 
            myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple);
Packit 6bd9ab 
    return 0;
Packit 6bd9ab 
  }
Packit 6bd9ab 
  userb = i;
Packit 6bd9ab 
  /* find comma (end of user string) */
Packit 6bd9ab 
  for (; (triple[i] != '\0') && (triple[i] != ','); i++)
Packit 6bd9ab 
    /* nothing */ ;
Packit 6bd9ab 
  usere = i;
Packit 6bd9ab 
  if (triple[i++] != ',')
Packit 6bd9ab 
  {
Packit 6bd9ab 
    log_log(LOG_WARNING, "%s: %s: missing ','",
Packit 6bd9ab 
            myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple);
Packit 6bd9ab 
    return 0;
Packit 6bd9ab 
  }
Packit 6bd9ab 
  domainb = i;
Packit 6bd9ab 
  /* find closing bracket (end of domain string) */
Packit 6bd9ab 
  for (; (triple[i] != '\0') && (triple[i] != ')'); i++)
Packit 6bd9ab 
    /* nothing */ ;
Packit 6bd9ab 
  domaine=i;
Packit 6bd9ab 
  if (triple[i++] != ')')
Packit 6bd9ab 
  {
Packit 6bd9ab 
    log_log(LOG_WARNING, "%s: %s: missing ')'",
Packit 6bd9ab 
            myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple);
Packit 6bd9ab 
    return 0;
Packit 6bd9ab 
  }
Packit 6bd9ab 
  /* skip trailing spaces */
Packit 6bd9ab 
  for (; (triple[i] != '\0') && (isspace(triple[i])); i++)
Packit 6bd9ab 
    /* nothing */ ;
Packit 6bd9ab 
  /* if anything is left in the string we have a problem */
Packit 6bd9ab 
  if (triple[i] != '\0')
Packit 6bd9ab 
  {
Packit 6bd9ab 
    log_log(LOG_WARNING, "%s: %s: contains trailing data",
Packit 6bd9ab 
            myldap_get_dn(entry), attmap_netgroup_nisNetgroupTriple);
Packit 6bd9ab 
    return 0;
Packit 6bd9ab 
  }
Packit 6bd9ab 
  /* write strings */
Packit 6bd9ab 
  WRITE_INT32(fp, NSLCD_NETGROUP_TYPE_TRIPLE);
Packit 6bd9ab 
  WRITE_STRING_STRIPSPACE_LEN(fp, triple + hostb, hoste - hostb)
Packit 6bd9ab 
  WRITE_STRING_STRIPSPACE_LEN(fp, triple + userb, usere - userb)
Packit 6bd9ab 
  WRITE_STRING_STRIPSPACE_LEN(fp, triple + domainb, domaine - domainb)
Packit 6bd9ab 
  /* we're done */
Packit 6bd9ab 
  return 0;
Packit 6bd9ab 
}
Packit 6bd9ab
Packit 6bd9ab 
static int write_netgroup(TFILE *fp, MYLDAP_ENTRY *entry, const char *reqname)
Packit 6bd9ab 
{
Packit 6bd9ab 
  int32_t tmpint32;
Packit 6bd9ab 
  int i, j;
Packit 6bd9ab 
  const char **names;
Packit 6bd9ab 
  const char **triples;
Packit 6bd9ab 
  const char **members;
Packit 6bd9ab 
  /* get the netgroup name */
Packit 6bd9ab 
  names = myldap_get_values(entry, attmap_netgroup_cn);
Packit 6bd9ab 
  if ((names == NULL) || (names[0] == NULL))
Packit 6bd9ab 
  {
Packit 6bd9ab 
    log_log(LOG_WARNING, "%s: %s: missing",
Packit 6bd9ab 
            myldap_get_dn(entry), attmap_netgroup_cn);
Packit 6bd9ab 
    return 0;
Packit 6bd9ab 
  }
Packit 6bd9ab 
  /* get the netgroup triples and member */
Packit 6bd9ab 
  triples = myldap_get_values(entry, attmap_netgroup_nisNetgroupTriple);
Packit 6bd9ab 
  members = myldap_get_values(entry, attmap_netgroup_memberNisNetgroup);
Packit 6bd9ab 
  /* write the entries */
Packit 6bd9ab 
  for (i = 0; names[i] != NULL; i++)
Packit 6bd9ab 
    if ((reqname == NULL) || (STR_CMP(reqname, names[i]) == 0))
Packit 6bd9ab 
    {
Packit 6bd9ab 
      /* write first part of result */
Packit 6bd9ab 
      WRITE_INT32(fp, NSLCD_RESULT_BEGIN);
Packit 6bd9ab 
      WRITE_STRING(fp, names[i]);
Packit 6bd9ab 
      /* write the netgroup triples */
Packit 6bd9ab 
      if (triples != NULL)
Packit 6bd9ab 
        for (j = 0; triples[j] != NULL; j++)
Packit 6bd9ab 
          if (write_netgroup_triple(fp, entry, triples[j]))
Packit 6bd9ab 
            return -1;
Packit 6bd9ab 
      /* write netgroup members */
Packit 6bd9ab 
      if (members != NULL)
Packit 6bd9ab 
        for (j = 0; members[j] != NULL; j++)
Packit 6bd9ab 
        {
Packit 6bd9ab 
          /* write triple indicator */
Packit 6bd9ab 
          WRITE_INT32(fp, NSLCD_NETGROUP_TYPE_NETGROUP);
Packit 6bd9ab 
          /* write netgroup name */
Packit 6bd9ab 
          WRITE_STRING_STRIPSPACE(fp, members[j]);
Packit 6bd9ab 
        }
Packit 6bd9ab 
      /* write end of result marker */
Packit 6bd9ab 
      WRITE_INT32(fp, NSLCD_NETGROUP_TYPE_END);
Packit 6bd9ab 
    }
Packit 6bd9ab 
  /* we're done */
Packit 6bd9ab 
  return 0;
Packit 6bd9ab 
}
Packit 6bd9ab
Packit 6bd9ab 
NSLCD_HANDLE(
Packit 6bd9ab 
  netgroup, byname, NSLCD_ACTION_NETGROUP_BYNAME,
Packit 6bd9ab 
  char name[BUFLEN_NAME];
Packit 6bd9ab 
  char filter[BUFLEN_FILTER];
Packit 6bd9ab 
  READ_STRING(fp, name);
Packit 6bd9ab 
  log_setrequest("netgroup=\"%s\"", name);,
Packit 6bd9ab 
  mkfilter_netgroup_byname(name, filter, sizeof(filter)),
Packit 6bd9ab 
  write_netgroup(fp, entry, name)
Packit 6bd9ab 
)
Packit 6bd9ab
Packit 6bd9ab 
NSLCD_HANDLE(
Packit 6bd9ab 
  netgroup, all, NSLCD_ACTION_NETGROUP_ALL,
Packit 6bd9ab 
  const char *filter;
Packit 6bd9ab 
  log_setrequest("netgroup(all)");,
Packit 6bd9ab 
  (filter = netgroup_filter, 0),
Packit 6bd9ab 
  write_netgroup(fp, entry, NULL)
Packit 6bd9ab 
)

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation