[OpenAFS-devel] ptsldap code
Brett Trotter
blt@iastate.edu
Tue, 26 Apr 2005 17:41:24 -0500 (CDT)
------=_20050426174124_41180
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
OK, this is what i've got of the ptsldap code- it's really basic, but it
works.
>From what I understand, since its a derivitive of the OpenAFS source, it
must then be under the IBM license.
Currently there are references/linking to the OpenLDAP API, but no direct
code blocks. Whether this constitutes a licensing problem is unknown to
me.
Also, for now there is some direct code copy from NSS LDAP to manage
reading the /etc/ldap.conf and eventually do some of the connection
procedures based on that config file. NSS LDAP is under LGPL. The code
that is copied from there can be removed and/or recoded.
This code is not necessarily a submission to the OpenAFS tree for right
now, but I'm making it available for review/laughter for anyone
interested.
Again, it's super duper basic, but it's the start of something with
potential.
All that said, here it is in patch from, applied to the openafs 1.3.80
source after a configure has already been done (it adds some lines to the
makefile to enable make ptsldap)
------=_20050426174124_41180
Content-Type: text/plain; name="ptsldap.patch"
Content-Disposition: attachment; filename="ptsldap.patch"
Content-Transfer-Encoding: quoted-printable
diff -cNr openafs-1.3.80/src/ptserver/Makefile openafs-1.3.80-2/src/ptser=
ver/Makefile
*** openafs-1.3.80/src/ptserver/Makefile 2005-04-26 11:52:54.000000000 -0=
500
--- openafs-1.3.80-2/src/ptserver/Makefile 2005-04-26 11:51:10.000000000 =
-0500
***************
*** 61,68 ****
--- 61,77 ----
ptserver: ptserver.o ptutils.o ptprocs.o ptint.ss.o ptint.xdr.o utils.o=
$(LIBS) ${TOP_LIBDIR}/libaudit.a map.o
$(CC) ${CFLAGS} -o ptserver ptserver.o ptutils.o ptprocs.o ptint.ss.o =
ptint.xdr.o utils.o map.o $(LIBS) ${XLIBS} ${TOP_LIBDIR}/libaudit.a
=20
+ ptsldap: ptsldap.o ptsldapprocs.o ptsldap-confparser.o ptint.ss.o ptint=
.xdr.o ptutils.o utils.o $(LIBS) ${TOP_LIBDIR}/libaudit.a map.o
+ $(CC) ${CFLAGS} -lldap -ldb -o ptsldap ptsldap.o ptsldapprocs.o ptslda=
p-confparser.o ptint.ss.o ptint.xdr.o ptutils.o utils.o map.o $(LIBS) ${X=
LIBS} ${TOP_LIBDIR}/libaudit.a
+=20
ptserver.o: ptserver.c ${INCLS} AFS_component_version_number.c
=20
+ ptsldap.o: ptsldap.c ${INCLS} AFS_component_version_number.c
+=20
+ ptsldapprocs.o: ptsldapprocs.c ${INCLS}=20
+=20
+ ptsldap-confparser.o: ptsldap-confparser.c ${INCLS}=20
+=20
ptutils.o: ptutils.c ${INCLS}
=20
ptprocs.o: ptprocs.c ${INCLS}
***************
*** 223,229 ****
# Misc. targets
#
clean:
! $(RM) -f *.a *.o ptserver ptint.cs.c ptint.ss.c ptclient ptint.xdr.c p=
tint.h \
libprot.a pts readgroup readpwd db_verify testpt pt_util pterror.h pte=
rror.c \
core AFS_component_version_number.c Kptint.cs.c Kptint.h Kptint.xdr.c
=20
--- 232,238 ----
# Misc. targets
#
clean:
! $(RM) -f *.a *.o ptsldap ptserver ptint.cs.c ptint.ss.c ptclient ptint=
.xdr.c ptint.h \
libprot.a pts readgroup readpwd db_verify testpt pt_util pterror.h pte=
rror.c \
core AFS_component_version_number.c Kptint.cs.c Kptint.h Kptint.xdr.c
=20
diff -cNr openafs-1.3.80/src/ptserver/nssconfig.h openafs-1.3.80-2/src/pt=
server/nssconfig.h
*** openafs-1.3.80/src/ptserver/nssconfig.h 1969-12-31 18:00:00.000000000=
-0600
--- openafs-1.3.80-2/src/ptserver/nssconfig.h 2005-04-25 13:41:18.0000000=
00 -0500
***************
*** 0 ****
--- 1,284 ----
+ /*
+ This file was generated by configure from nss_ldap-207 and renamed for=
this distribution. A couple of tokens were removed.
+ */
+=20
+ /* config.h. Generated by configure. */
+ /* config.h.in. Generated from configure.in by autoheader. */
+ /* Define to the number of arguments to ldap_set_rebindproc */
+ #define LDAP_SET_REBIND_PROC_ARGS 2
+=20
+ /* define to the number of args to gethostbyname_r */
+ #define GETHOSTBYNAME_R_ARGS 6
+=20
+ /* define to set RFC2307BIS support */
+ /* #undef RFC2307BIS */
+=20
+ /* define to enable debug code */
+ /* #undef DEBUG */
+=20
+ /* define to enable attribute/objectclass mapping */
+ #define AT_OC_MAP 1
+=20
+ /* define to enable proxy authentication for AIX */
+ /* #undef PROXY_AUTH */
+=20
+ /* define to enable paged results control */
+ /* #undef PAGE_RESULTS */
+=20
+ /* define to enable XAD-specific behaviour */
+ /* #undef XAD */
+=20
+ /* define to enable struct ether_addr definition */
+ #define HAVE_STRUCT_ETHER_ADDR 1
+=20
+ /* path to LDAP configuration file */
+ #define NSS_LDAP_PATH_CONF "/etc/ldap.conf"
+=20
+ /* path to LDAP root secret file */
+ #define NSS_LDAP_PATH_ROOTPASSWD "/etc/ldap.secret"
+=20
+=20
+ /* Define to 1 if you have the <aliases.h> header file. */
+ #define HAVE_ALIASES_H 1
+=20
+ /* Define to 1 if you have the <alignof.h> header file. */
+ /* #undef HAVE_ALIGNOF_H */
+=20
+ /* Define to 1 if you have the <bits/libc-lock.h> header file. */
+ #define HAVE_BITS_LIBC_LOCK_H 1
+=20
+ /* Define to 1 if you have the <ctype.h> header file. */
+ #define HAVE_CTYPE_H 1
+=20
+ /* Define to 1 if you have the <db1/db.h> header file. */
+ /* #undef HAVE_DB1_DB_H */
+=20
+ /* Define to 1 if you have the <db3/db_185.h> header file. */
+ /* #undef HAVE_DB3_DB_185_H */
+=20
+ /* Define to 1 if you have the <db_185.h> header file. */
+ #define HAVE_DB_185_H 1
+=20
+ /* Define to 1 if you have the <db.h> header file. */
+ #define HAVE_DB_H 1
+=20
+ /* Define to 1 if you have the `dn_expand' function. */
+ #define HAVE_DN_EXPAND 1
+=20
+ /* Define to 1 if you have the `ether_aton' function. */
+ #define HAVE_ETHER_ATON 1
+=20
+ /* Define to 1 if you have the `ether_ntoa' function. */
+ #define HAVE_ETHER_NTOA 1
+=20
+ /* Define to 1 if you have the `gethostbyname' function. */
+ #define HAVE_GETHOSTBYNAME 1
+=20
+ /* Define to 1 if you have the `gethostbyname_r' function. */
+ #define HAVE_GETHOSTBYNAME_R 1
+=20
+ /* Define to 1 if you have the <gssldap.h> header file. */
+ /* #undef HAVE_GSSLDAP_H */
+=20
+ /* Define to 1 if you have the <gsssasl.h> header file. */
+ /* #undef HAVE_GSSSASL_H */
+=20
+ /* Define to 1 if you have the <inttypes.h> header file. */
+ #define HAVE_INTTYPES_H 1
+=20
+ /* Define to 1 if you have the <irs.h> header file. */
+ /* #undef HAVE_IRS_H */
+=20
+ /* Define to 1 if you have the <lber.h> header file. */
+ #define HAVE_LBER_H 1
+=20
+ /* Define to 1 if you have the `ldapssl_client_init' function. */
+ /* #undef HAVE_LDAPSSL_CLIENT_INIT */
+=20
+ /* Define to 1 if you have the `ldap_controls_free' function. */
+ #define HAVE_LDAP_CONTROLS_FREE 1
+=20
+ /* Define to 1 if you have the `ldap_create_control' function. */
+ #define HAVE_LDAP_CREATE_CONTROL 1
+=20
+ /* Define to 1 if you have the `ldap_create_page_control' function. */
+ /* #undef HAVE_LDAP_CREATE_PAGE_CONTROL */
+=20
+ /* Define to 1 if you have the `ldap_explode_rdn' function. */
+ #define HAVE_LDAP_EXPLODE_RDN 1
+=20
+ /* Define to 1 if you have the `ldap_get_lderrno' function. */
+ /* #undef HAVE_LDAP_GET_LDERRNO */
+=20
+ /* Define to 1 if you have the `ldap_get_option' function. */
+ #define HAVE_LDAP_GET_OPTION 1
+=20
+ /* Define to 1 if you have the <ldap.h> header file. */
+ #define HAVE_LDAP_H 1
+=20
+ /* Define to 1 if you have the `ldap_init' function. */
+ #define HAVE_LDAP_INIT 1
+=20
+ /* Define to 1 if you have the `ldap_initialize' function. */
+ #define HAVE_LDAP_INITIALIZE 1
+=20
+ /* Define to 1 if you have the `ldap_ld_free' function. */
+ #define HAVE_LDAP_LD_FREE 1
+=20
+ /* Define to 1 if you have the `ldap_memfree' function. */
+ #define HAVE_LDAP_MEMFREE 1
+=20
+ /* Define to 1 if you have the `ldap_parse_page_control' function. */
+ /* #undef HAVE_LDAP_PARSE_PAGE_CONTROL */
+=20
+ /* Define to 1 if you have the `ldap_parse_result' function. */
+ #define HAVE_LDAP_PARSE_RESULT 1
+=20
+ /* Define to 1 if you have the `ldap_pvt_tls_set_option' function. */
+ #define HAVE_LDAP_PVT_TLS_SET_OPTION 1
+=20
+ /* Define to 1 if you have the `ldap_sasl_interactive_bind_s' function.=
*/
+ #define HAVE_LDAP_SASL_INTERACTIVE_BIND_S 1
+=20
+ /* Define to 1 if you have the `ldap_set_option' function. */
+ #define HAVE_LDAP_SET_OPTION 1
+=20
+ /* Define to 1 if you have the `ldap_set_rebind_proc' function. */
+ #define HAVE_LDAP_SET_REBIND_PROC 1
+=20
+ /* Define to 1 if you have the <ldap_ssl.h> header file. */
+ /* #undef HAVE_LDAP_SSL_H */
+=20
+ /* Define to 1 if you have the `ldap_start_tls_s' function. */
+ #define HAVE_LDAP_START_TLS_S 1
+=20
+ /* Define to 1 if you have the <libc-lock.h> header file. */
+ /* #undef HAVE_LIBC_LOCK_H */
+=20
+ /* Define to 1 if you have the `lber' library (-llber). */
+ #define HAVE_LIBLBER 1
+=20
+ /* Define to 1 if you have the `nsl' library (-lnsl). */
+ #define HAVE_LIBNSL 1
+=20
+ /* Define to 1 if you have the `pthread' library (-lpthread). */
+ /* #undef HAVE_LIBPTHREAD */
+=20
+ /* Define to 1 if you have the `resolv' library (-lresolv). */
+ #define HAVE_LIBRESOLV 1
+=20
+ /* Define to 1 if you have the <malloc.h> header file. */
+ #define HAVE_MALLOC_H 1
+=20
+ /* Define to 1 if you have the <memory.h> header file. */
+ #define HAVE_MEMORY_H 1
+=20
+ /* Define to 1 if you have the <netinet/ether.h> header file. */
+ #define HAVE_NETINET_ETHER_H 1
+=20
+ /* Define to 1 if you have the <netinet/if_ether.h> header file. */
+ #define HAVE_NETINET_IF_ETHER_H 1
+=20
+ /* Define to 1 if you have the <net/route.h> header file. */
+ #define HAVE_NET_ROUTE_H 1
+=20
+ /* Define to 1 if you have the `nsdispatch' function. */
+ /* #undef HAVE_NSDISPATCH */
+=20
+ /* Define to 1 if you have the <nsswitch.h> header file. */
+ /* #undef HAVE_NSSWITCH_H */
+=20
+ /* Define to 1 if you have the <nss.h> header file. */
+ #define HAVE_NSS_H 1
+=20
+ /* Define to 1 if you have the <port_after.h> header file. */
+ /* #undef HAVE_PORT_AFTER_H */
+=20
+ /* Define to 1 if you have the <port_before.h> header file. */
+ /* #undef HAVE_PORT_BEFORE_H */
+=20
+ /* Define to 1 if you have the <prot.h> header file. */
+ /* #undef HAVE_PROT_H */
+=20
+ /* Define to 1 if you have the `pthread_atfork' function. */
+ /* #undef HAVE_PTHREAD_ATFORK */
+=20
+ /* Define to 1 if you have the <pthread.h> header file. */
+ #define HAVE_PTHREAD_H 1
+=20
+ /* Define to 1 if you have the `res_search' function. */
+ #define HAVE_RES_SEARCH 1
+=20
+ /* Define to 1 if you have the <rpc/rpcent.h> header file. */
+ /* #undef HAVE_RPC_RPCENT_H */
+=20
+ /* Define to 1 if you have the <sasl.h> header file. */
+ #define HAVE_SASL_H 1
+=20
+ /* Define to 1 if you have the <shadow.h> header file. */
+ #define HAVE_SHADOW_H 1
+=20
+ /* Define to 1 if you have the `sigprocmask' function. */
+ #define HAVE_SIGPROCMASK 1
+=20
+ /* Define to 1 if you have the `sigset' function. */
+ #define HAVE_SIGSET 1
+=20
+ /* Define to 1 if you have the `snprintf' function. */
+ #define HAVE_SNPRINTF 1
+=20
+ /* Define to 1 if you have the <stdint.h> header file. */
+ #define HAVE_STDINT_H 1
+=20
+ /* Define to 1 if you have the <stdlib.h> header file. */
+ #define HAVE_STDLIB_H 1
+=20
+ /* Define to 1 if you have the <strings.h> header file. */
+ #define HAVE_STRINGS_H 1
+=20
+ /* Define to 1 if you have the <string.h> header file. */
+ #define HAVE_STRING_H 1
+=20
+ /* Define to 1 if you have the `strtok_r' function. */
+ #define HAVE_STRTOK_R 1
+=20
+ /* Define to 1 if you have the <synch.h> header file. */
+ /* #undef HAVE_SYNCH_H */
+=20
+ /* Define to 1 if you have the <sys/byteorder.h> header file. */
+ /* #undef HAVE_SYS_BYTEORDER_H */
+=20
+ /* Define to 1 if you have the <sys/stat.h> header file. */
+ #define HAVE_SYS_STAT_H 1
+=20
+ /* Define to 1 if you have the <sys/types.h> header file. */
+ #define HAVE_SYS_TYPES_H 1
+=20
+ /* Define to 1 if you have the <sys/un.h> header file. */
+ #define HAVE_SYS_UN_H 1
+=20
+ /* Define to 1 if you have the <thread.h> header file. */
+ /* #undef HAVE_THREAD_H */
+=20
+ /* Define to 1 if you have the <unistd.h> header file. */
+ #define HAVE_UNISTD_H 1
+=20
+=20
+ /* Define to the address where bug reports for this package should be s=
ent. */
+ #define PACKAGE_BUGREPORT ""
+=20
+ /* Define to the full name of this package. */
+ #define PACKAGE_NAME ""
+=20
+ /* Define to the full name and version of this package. */
+ #define PACKAGE_STRING ""
+=20
+ /* Define to the one symbol short name of this package. */
+ #define PACKAGE_TARNAME ""
+=20
+ /* Define to the version of this package. */
+ #define PACKAGE_VERSION ""
+=20
+ /* Define to 1 if you have the ANSI C header files. */
+ #define STDC_HEADERS 1
+=20
diff -cNr openafs-1.3.80/src/ptserver/nssldap.h openafs-1.3.80-2/src/ptse=
rver/nssldap.h
*** openafs-1.3.80/src/ptserver/nssldap.h 1969-12-31 18:00:00.000000000 -=
0600
--- openafs-1.3.80-2/src/ptserver/nssldap.h 2005-04-25 13:45:23.000000000=
-0500
***************
*** 0 ****
--- 1,695 ----
+ /*=20
+ This file is more or less an exact copy of nss-ldap.h from nss_ldap-20=
7
+ */
+=20
+ /* Copyright (C) 1997-2003 Luke Howard.
+ This file is part of the nss_ldap library.
+ Contributed by Luke Howard, <lukeh@padl.com>, 1997.
+=20
+ The nss_ldap library is free software; you can redistribute it and/o=
r
+ modify it under the terms of the GNU Library General Public License =
as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+=20
+ The nss_ldap library is distributed in the hope that it will be usef=
ul,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+=20
+ You should have received a copy of the GNU Library General Public
+ License along with the nss_ldap library; see the file COPYING.LIB. =
If not,
+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite=
330,
+ Boston, MA 02111-1307, USA.
+=20
+ $Id: ldap-nss.h,v 2.82 2003/02/02 23:14:40 lukeh Exp $
+ */
+=20
+ #ifndef _LDAP_NSS_LDAP_LDAP_NSS_H
+ #define _LDAP_NSS_LDAP_LDAP_NSS_H
+=20
+ #ifdef HAVE_MALLOC_H
+ #include <malloc.h>
+ #endif
+=20
+ /* for glibc, use weak aliases to pthreads functions */
+ #ifdef HAVE_LIBC_LOCK_H
+ #include <libc-lock.h>
+ #elif defined(HAVE_BITS_LIBC_LOCK_H)
+ #include <bits/libc-lock.h>
+ #endif
+=20
+ #include <errno.h>
+ #include <time.h>
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+=20
+ #ifndef __P
+ # if defined(__STDC__) || defined(__GNUC__)
+ # define __P(x) x
+ # else
+ # define __P(x) ()
+ # endif
+ #endif
+=20
+ #include <netdb.h>
+ #include <netinet/in.h>
+ #include <syslog.h>
+=20
+ #ifdef HAVE_NSSWITCH_H
+ #include <nss_common.h>
+ #include <nss_dbdefs.h>
+ #include <nsswitch.h>
+ #elif defined(HAVE_NSS_H)
+ #include <nss.h>
+ #elif defined(HAVE_IRS_H)
+ #include "irs-nss.h"
+ #endif
+=20
+ #include "nssschema.h"
+=20
+ /*
+ * Timeouts for reconnecting code. Similar to rebind
+ * logic in Darwin NetInfo. Some may find sleeping
+ * unacceptable, in which case you may wish to adjust
+ * the constants below.
+ */
+ #define LDAP_NSS_TRIES 5 /* number of sleeping reconnect atte=
mpts */
+ #define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until m=
ax */
+ #define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */
+ #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleepin=
g */
+=20
+ #ifdef PAGE_RESULTS
+ #define LDAP_PAGESIZE 1000
+ #endif /* PAGE_RESULTS */
+=20
+ #ifndef LDAP_FILT_MAXSIZ
+ #define LDAP_FILT_MAXSIZ 1024
+ #endif /* !LDAP_FILT_MAXSIZE */
+=20
+ #ifdef DEBUG
+ #ifdef DEBUG_SYSLOG
+ #ifdef HAVE_NSSWITCH_H
+ #define debug(fmt, args...) syslog(LOG_DEBUG, "nss_ldap: thread %u - " =
fmt, thr_self() , ## args)
+ #else
+ #define debug(fmt, args...) syslog(LOG_DEBUG, "nss_ldap: thread %u - " =
fmt, pthread_self() , ## args)
+ #endif /* HAVE_NSSWITCH_H */
+ #else
+ #ifndef __GNUC__
+ #include <stdarg.h>
+ #include <stdio.h>
+ static void
+ debug (char *fmt, ...)
+ {
+ va_list ap;
+=20
+ va_start (ap, fmt);
+ fprintf (stderr, "nss_ldap: ");
+ vfprintf (stderr, fmt, ap);
+ va_end (ap);
+ fprintf (stderr, "\n");
+ }
+ #else
+ #define debug(fmt, args...) fprintf(stderr, "nss_ldap: " fmt "\n" , ## =
args)
+ #endif /* __GNUC__ */
+ #endif /* DEBUG_SYSLOG */
+ #else
+ #ifndef __GNUC__
+ static void
+ debug (char *fmt, ...)
+ {
+ }
+ #else
+ #define debug(fmt, args...)
+ #endif /* __GNUC__ */
+ #endif /* DEBUG */
+=20
+ #ifdef __GNUC__
+ #define alignof(ptr) __alignof__(ptr)
+ #define INLINE inline
+ #elif defined(HAVE_ALIGNOF_H)
+ #include <alignof.h>
+ #define INLINE
+ #else
+ #define alignof(ptr) (sizeof(char *))
+ #define INLINE
+ #endif /* __GNUC__ */
+=20
+ #define align(ptr, blen, TYPE) do { \
+ char *qtr =3D ptr; \
+ ptr +=3D alignof(TYPE) - 1; \
+ ptr -=3D ((ptr - (char *)NULL) % alignof(TYPE)); \
+ blen -=3D (ptr - qtr); \
+ } while (0)
+=20
+ /* worst case */
+ #define bytesleft(ptr, blen, TYPE) (blen - alignof(TYPE) + 1)
+=20
+ /* selectors for different maps */
+ enum ldap_map_selector
+ {
+ LM_PASSWD,
+ LM_SHADOW,
+ LM_GROUP,
+ LM_HOSTS,
+ LM_SERVICES,
+ LM_NETWORKS,
+ LM_PROTOCOLS,
+ LM_RPC,
+ LM_ETHERS,
+ LM_NETMASKS,
+ LM_BOOTPARAMS,
+ LM_ALIASES,
+ LM_NETGROUP,
+ LM_NONE
+ };
+=20
+ typedef enum ldap_map_selector ldap_map_selector_t;
+=20
+ #ifdef AT_OC_MAP
+ enum ldap_userpassword_selector
+ {
+ LU_RFC2307_USERPASSWORD,
+ LU_RFC3112_AUTHPASSWORD,
+ LU_OTHER_PASSWORD
+ };
+=20
+ typedef enum ldap_userpassword_selector ldap_userpassword_selector_t;
+ #endif /* AT_OC_MAP */
+=20
+ enum ldap_ssl_options
+ {
+ SSL_OFF,
+ SSL_LDAPS,
+ SSL_START_TLS
+ };
+=20
+ typedef enum ldap_ssl_options ldap_ssl_options_t;
+=20
+ enum ldap_reconnect_policy
+ {
+ LP_RECONNECT_HARD,
+ LP_RECONNECT_SOFT
+ };
+=20
+ typedef enum ldap_reconnect_policy ldap_reconnect_policy_t;
+=20
+ /*
+ * POSIX profile information (not used yet)
+ * see draft-joslin-config-schema-00.txt
+ */
+ struct ldap_service_search_descriptor
+ {
+ /* search base, qualified */
+ char *lsd_base;
+ /* scope */
+ int lsd_scope;
+ /* filter */
+ char *lsd_filter;
+ /* next */
+ struct ldap_service_search_descriptor *lsd_next;
+ };
+=20
+ typedef struct ldap_service_search_descriptor
+ ldap_service_search_descriptor_t;
+=20
+ /*
+ * linked list of configurations pointing to LDAP servers. The first
+ * which has a successful ldap_open() is used. Conceivably the rest
+ * could be used after a failed or exhausted search.
+ */
+ struct ldap_config
+ {
+ /* URI for a single server */
+ char *ldc_uri;
+ /* space delimited list of servers */
+ char *ldc_host;
+ /* port, expected to be common to all servers */
+ int ldc_port;
+ /* base DN, eg. dc=3Dgnu,dc=3Dorg */
+ char *ldc_base;
+ /* scope for searches */
+ int ldc_scope;
+ /* dereference aliases/links */
+ int ldc_deref;
+ /* bind DN */
+ char *ldc_binddn;
+ /* bind cred */
+ char *ldc_bindpw;
+ /* sasl auth id */
+ char *ldc_saslid;
+ /* do we use sasl when binding? */
+ int ldc_usesasl;
+ /* shadow bind DN */
+ char *ldc_rootbinddn;
+ /* shadow bind cred */
+ char *ldc_rootbindpw;
+ /* shadow sasl auth id */
+ char *ldc_rootsaslid;
+ /* do we use sasl for root? */
+ int ldc_rootusesasl;
+ /* protocol version */
+ int ldc_version;
+ /* search timelimit */
+ int ldc_timelimit;
+ /* bind timelimit */
+ int ldc_bind_timelimit;
+ /* SSL enabled */
+ ldap_ssl_options_t ldc_ssl_on;
+ /* SSL certificate path */
+ char *ldc_sslpath;
+ /* Chase referrals */
+ int ldc_referrals;
+ int ldc_restart;
+ /* naming contexts */
+ ldap_service_search_descriptor_t *ldc_sds[LM_NONE];
+ /* tls check peer */
+ int ldc_tls_checkpeer;
+ /* tls ca certificate file */
+ char *ldc_tls_cacertfile;
+ /* tls ca certificate dir */
+ char *ldc_tls_cacertdir;
+ /* tls ciphersuite */
+ char *ldc_tls_ciphers;
+ /* tls certificate */
+ char *ldc_tls_cert;
+ /* tls key */
+ char *ldc_tls_key;
+ /* tls randfile */
+ char *ldc_tls_randfile;
+ /* idle timeout */
+ time_t ldc_idle_timelimit;
+ /* reconnect policy */
+ ldap_reconnect_policy_t ldc_reconnect_pol;
+=20
+ #ifdef AT_OC_MAP
+ /*
+ * attribute/objectclass maps relative to this config
+ */
+ void *ldc_at_map;
+ void *ldc_oc_map;
+=20
+ /*
+ * is userPassword "userPassword" or not?=20
+ * ie. do we need {crypt} to be stripped
+ */
+ ldap_userpassword_selector_t ldc_password_type;
+ #endif /* AT_OC_MAP */
+=20
+ /*=20
+ * attribute table for ldap search requensts
+ */
+ const char **ldc_attrtab[LM_NONE + 1];
+=20
+ char *ldc_template_homedir;
+ char *ldc_template_loginshell;
+=20
+ /* next configuration. loops back onto itself for last entry */
+ struct ldap_config *ldc_next;
+ };
+=20
+ typedef struct ldap_config ldap_config_t;
+=20
+ /*
+ * convenient wrapper around pointer into global config list, and a
+ * connection to an LDAP server.
+ */
+ struct ldap_session
+ {
+ /* the connection */
+ LDAP *ls_conn;
+ /* pointer into config table */
+ ldap_config_t *ls_config;
+ /* timestamp of last activity */
+ time_t ls_timestamp;
+ /* keep track of the LDAP sockets */
+ struct sockaddr ls_sockname;
+ struct sockaddr ls_peername;
+ };
+=20
+ typedef struct ldap_session ldap_session_t;
+=20
+ #ifndef HAVE_NSSWITCH_H
+ #ifndef UID_NOBODY
+ #define UID_NOBODY (-2)
+ #endif
+ #endif
+=20
+ #ifndef GID_NOBODY
+ #define GID_NOBODY UID_NOBODY
+ #endif
+=20
+ enum ldap_args_types
+ {
+ LA_TYPE_STRING,
+ LA_TYPE_NUMBER,
+ LA_TYPE_STRING_AND_STRING,
+ LA_TYPE_NUMBER_AND_STRING
+ };
+=20
+ typedef enum ldap_args_types ldap_args_types_t;
+=20
+ struct ldap_args
+ {
+ ldap_args_types_t la_type;
+ union
+ {
+ const char *la_string;
+ long la_number;
+ }
+ la_arg1;
+ union
+ {
+ const char *la_string;
+ }
+ la_arg2;
+ };
+=20
+ typedef struct ldap_args ldap_args_t;
+=20
+ #define LA_INIT(q) do { \
+ q.la_type =3D LA_TYPE_STRING; \
+ q.la_arg1.la_string =3D NULL; \
+ q.la_arg2.la_string =3D NULL; \
+ } while (0)
+ #define LA_TYPE(q) (q.la_type)
+ #define LA_STRING(q) (q.la_arg1.la_string)
+ #define LA_NUMBER(q) (q.la_arg1.la_number)
+ #define LA_STRING2(q) (q.la_arg2.la_string)
+=20
+ #include "nssparse.h"
+=20
+ /*
+ * the state consists of the desired attribute value or an offset into =
a list of
+ * values for the desired attribute. This is necessary to support servi=
ces.
+ *
+ * Be aware of the arbitary distinction between state and context. Cont=
ext is
+ * the enumeration state of a lookup subsystem (which may be per-subsys=
tem,
+ * or per-subsystem/per-thread, depending on the OS). State is the stat=
e
+ * of a particular lookup, and is only concerned with resolving and enu=
merating
+ * services. State is represented as instances of ldap_state_t; context=
as
+ * instances of ent_context_t. The latter contains the former.
+ */
+ struct ldap_state
+ {
+ int ls_type;
+ int ls_retry;
+ #define LS_TYPE_KEY (0)
+ #define LS_TYPE_INDEX (1)
+ union
+ {
+ /* ls_key is the requested attribute value.
+ ls_index is the desired offset into the value list.
+ */
+ const char *ls_key;
+ int ls_index;
+ }
+ ls_info;
+ };
+=20
+ typedef struct ldap_state ldap_state_t;
+ /*
+ * LS_INIT only used for enumeration contexts
+ */
+ #define LS_INIT(state) do { state.ls_type =3D LS_TYPE_INDEX; state.ls_r=
etry =3D 0; state.ls_info.ls_index =3D -1; } while (0)
+=20
+ /*
+ * thread specific context: result chain, and state data
+ */
+ struct ent_context
+ {
+ ldap_state_t ec_state; /* eg. for services */
+ int ec_msgid; /* message ID */
+ LDAPMessage *ec_res; /* result chain */
+ ldap_service_search_descriptor_t *ec_sd; /* current sd */
+ #ifdef PAGE_RESULTS
+ struct berval *ec_cookie; /* cookie for paged searches */
+ #endif /* PAGE_RESULTS */
+ };
+=20
+ typedef struct ent_context ent_context_t;
+=20
+ #ifdef HAVE_NSSWITCH_H
+=20
+ struct nss_ldap_backend
+ {
+ nss_backend_op_t *ops;
+ int n_ops;
+ ent_context_t *state;
+ };
+=20
+ typedef struct nss_ldap_backend nss_ldap_backend_t;
+=20
+ typedef nss_status_t NSS_STATUS;
+=20
+ #define NSS_RETURN NSS_UNAVAIL
+=20
+ #elif defined(HAVE_IRS_H)
+=20
+ typedef enum
+ {
+ NSS_TRYAGAIN =3D -2,
+ NSS_UNAVAIL,
+ NSS_NOTFOUND,
+ NSS_SUCCESS,
+ NSS_RETURN
+ }
+ NSS_STATUS;
+ /* #define HAVE_NSS_H */
+=20
+ #elif defined(HAVE_NSS_H)
+=20
+ typedef enum nss_status NSS_STATUS;
+=20
+ #define NSS_SUCCESS NSS_STATUS_SUCCESS
+ #define NSS_NOTFOUND NSS_STATUS_NOTFOUND
+ #define NSS_UNAVAIL NSS_STATUS_UNAVAIL
+ #define NSS_TRYAGAIN NSS_STATUS_TRYAGAIN
+ #define NSS_RETURN NSS_STATUS_RETURN
+=20
+ /* to let us index a lookup table on NSS_STATUSes */
+=20
+ #define _NSS_LOOKUP_OFFSET NSS_STATUS_TRYAGAIN
+=20
+ #endif /* HAVE_NSSWITCH_H */
+=20
+ #ifndef _NSS_LOOKUP_OFFSET
+ #define _NSS_LOOKUP_OFFSET (0)
+ #endif
+=20
+ typedef NSS_STATUS (*parser_t) (LDAP *, LDAPMessage *, ldap_state_t *, =
void *,
+ char *, size_t);
+=20
+ #ifdef HPUX
+ extern int __thread_mutex_lock(pthread_mutex_t *);
+ extern int __thread_mutex_unlock(pthread_mutex_t *);
+ #endif /* HPUX */
+=20
+ /*
+ * Portable locking macro.
+ */
+ #ifdef HAVE_THREAD_H
+ #define NSS_LDAP_LOCK(m) mutex_lock(&m)
+ #define NSS_LDAP_UNLOCK(m) mutex_unlock(&m)
+ #define NSS_LDAP_DEFINE_LOCK(m) static mutex_t m =3D DEFAULTMUTEX
+ #elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
+ #define NSS_LDAP_LOCK(m) __libc_lock_lock(m)
+ #define NSS_LDAP_UNLOCK(m) __libc_lock_unlock(m)
+ #define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m =3D PTHREAD_M=
UTEX_INITIALIZER
+ #elif defined(HAVE_PTHREAD_H)
+ #ifdef HPUX
+ # define NSS_LDAP_LOCK(m) __thread_mutex_lock(&m)
+ # define NSS_LDAP_UNLOCK(m) __thread_mutex_unlock(&m)
+ # define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m =3D PTHREAD_=
MUTEX_INITIALIZER
+ #else
+ # define NSS_LDAP_LOCK(m) pthread_mutex_lock(&m)
+ # define NSS_LDAP_UNLOCK(m) pthread_mutex_unlock(&m)
+ # define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m =3D PTHREAD_=
MUTEX_INITIALIZER
+ #endif /* HPUX */
+ #else
+ #define NSS_LDAP_LOCK(m)
+ #define NSS_LDAP_UNLOCK(m)
+ #define NSS_LDAP_DEFINE_LOCK(m)
+ #endif
+=20
+ /*
+ * Acquire global nss_ldap lock and blocks SIGPIPE.
+ * Generally this should only be done within ldap-nss.c.
+ */
+ void _nss_ldap_enter (void);
+=20
+ /*
+ * Release global nss_ldap lock and blocks SIGPIPE.
+ * Generally this should only be done within ldap-nss.c.
+ */
+ void _nss_ldap_leave (void);
+=20
+ #ifdef LDAP_OPT_THREAD_FN_PTRS
+ /*
+ * Netscape's libldap is threadsafe, but we use a
+ * lock before it is initialized=20
+ */
+=20
+ struct ldap_error
+ {
+ int le_errno;
+ char *le_matched;
+ char *le_errmsg;
+ };
+=20
+ typedef struct ldap_error ldap_error_t;
+=20
+ #endif /* LDAP_OPT_THREAD_FN_PTRS */
+=20
+ #ifdef HAVE_NSSWITCH_H
+ NSS_STATUS _nss_ldap_default_destr (nss_backend_t *, void *);
+ #endif
+=20
+ /*
+ * context management routines.
+ * _nss_ldap_default_constr() is called once in the constructor
+ */
+ #ifdef HAVE_NSSWITCH_H
+ NSS_STATUS _nss_ldap_default_constr (nss_ldap_backend_t * be);
+ #endif
+=20
+ /*=20
+ * do_ent_context_init() is called for each getXXent() call
+ * do_ent_context_release() is used to manually free a context
+ */
+ ent_context_t *_nss_ldap_ent_context_init (ent_context_t **);
+ void _nss_ldap_ent_context_release (ent_context_t *);
+=20
+ /*
+ * these are helper functions for ldap-grp.c only on Solaris
+ */
+ char **_nss_ldap_get_values (LDAPMessage * e, const char *attr);
+ char *_nss_ldap_get_dn (LDAPMessage * e);
+ LDAPMessage *_nss_ldap_first_entry (LDAPMessage * res);
+ LDAPMessage *_nss_ldap_next_entry (LDAPMessage * res);
+=20
+ /*
+ * Synchronous search cover (caller acquires lock).
+ */
+ NSS_STATUS _nss_ldap_search_s (const ldap_args_t * args, /* IN */
+ const char *filterprot, /* IN */
+ ldap_map_selector_t sel, /* IN */
+ int sizelimit, /* IN */
+ LDAPMessage ** pRes /* OUT */ );
+=20
+ /*
+ * Asynchronous search cover (caller acquires lock).
+ */
+ NSS_STATUS _nss_ldap_search (const ldap_args_t * args, /* IN */
+ const char *filterprot, /* IN */
+ ldap_map_selector_t sel, /* IN */
+ int sizelimit, /* IN */
+ int *pMsgid, /* OUT */
+ ldap_service_search_descriptor_t **s /*IN/OUT*/ );
+=20
+ /*
+ * Retrieve next result.
+ */
+ NSS_STATUS _nss_ldap_result (ent_context_t * ctx);
+=20
+ /*
+ * Emulate X.500 read operation.
+ */
+ NSS_STATUS _nss_ldap_read (const char *dn, /* IN */
+ const char **attributes, /* IN */
+ LDAPMessage ** pRes /* OUT */ );
+=20
+ /*
+ * common enumeration routine; uses asynchronous API.
+ */
+ NSS_STATUS _nss_ldap_getent (ent_context_t ** key, /* IN/OUT */
+ void *result, /* IN/OUT */
+ char *buffer, /* IN */
+ size_t buflen, /* IN */
+ int *errnop, /* OUT */
+ const char *filterprot, /* IN */
+ ldap_map_selector_t sel, /* IN */
+ parser_t parser /* IN */ );
+=20
+ /*
+ * common lookup routine; uses synchronous API.
+ */
+ NSS_STATUS _nss_ldap_getbyname (ldap_args_t * args, /* IN/OUT */
+ void *result, /* IN/OUT */
+ char *buffer, /* IN */
+ size_t buflen, /* IN */
+ int *errnop, /* OUT */
+ const char *filterprot, /* IN */
+ ldap_map_selector_t sel, /* IN */
+ parser_t parser /* IN */ );
+=20
+ /* parsing utility functions */
+ NSS_STATUS _nss_ldap_assign_attrvals (LDAP * ld, /* IN */
+ LDAPMessage * e, /* IN */
+ const char *attr, /* IN */
+ const char *omitvalue, /* IN */
+ char ***valptr, /* OUT */
+ char **buffer, /* IN/OUT */
+ size_t * buflen, /* IN/OUT */
+ size_t * pvalcount /* OUT */ );
+=20
+ NSS_STATUS _nss_ldap_assign_attrval (LDAP * ld, /* IN */
+ LDAPMessage * e, /* IN */
+ const char *attr, /* IN */
+ char **valptr, /* OUT */
+ char **buffer, /* IN/OUT */
+ size_t * buflen /* IN/OUT */ );
+=20
+=20
+ NSS_STATUS _nss_ldap_assign_userpassword (LDAP * ld, /* IN */
+ LDAPMessage * e, /* IN */
+ const char *attr, /* IN */
+ char **valptr, /* OUT */
+ char **buffer, /* IN/OUT */
+ size_t * buflen); /* IN/OUT */
+=20
+ NSS_STATUS _nss_ldap_oc_check (LDAP * ld, LDAPMessage * e, const char *=
oc);
+=20
+ #ifdef AT_OC_MAP
+ /**
+ * Functions for mapping attributes and objectclasses
+ * relative to an ldap_config as proposed by Luke Howard
+ * in his eMail from Nov 15 2000
+ */
+ NSS_STATUS _nss_ldap_atmap_put (ldap_config_t * config,
+ const char *rfc2307attribute,
+ const char *attribute);
+=20
+ NSS_STATUS _nss_ldap_ocmap_put (ldap_config_t * config,
+ const char *rfc2307objectclass,
+ const char *objectclass);
+=20
+ NSS_STATUS _nss_ldap_atmap_get (ldap_config_t * config,
+ const char *rfc2307attribute,
+ const char **attribute);
+=20
+ NSS_STATUS _nss_ldap_ocmap_get (ldap_config_t * config,
+ const char *rfc2307objectclass,
+ const char **objectclass);
+=20
+ const char *_nss_ldap_map_at (const char *pChar);
+ const char *_nss_ldap_map_oc (const char *pChar);
+ #endif /* AT_OC_MAP */
+=20
+ /*
+ * Proxy bind support for AIX.
+ */
+ struct ldap_proxy_bind_args
+ {
+ char *binddn;
+ const char *bindpw;
+ };
+=20
+ typedef struct ldap_proxy_bind_args ldap_proxy_bind_args_t;
+=20
+ NSS_STATUS _nss_ldap_proxy_bind (const char *user, const char *password=
);
+=20
+ NSS_STATUS _nss_ldap_init (void);
+=20
+ void * _nss_hash_open(void);
+=20
+ #endif /* _LDAP_NSS_LDAP_LDAP_NSS_H */
diff -cNr openafs-1.3.80/src/ptserver/nssparse.h openafs-1.3.80-2/src/pts=
erver/nssparse.h
*** openafs-1.3.80/src/ptserver/nssparse.h 1969-12-31 18:00:00.000000000 =
-0600
--- openafs-1.3.80-2/src/ptserver/nssparse.h 2005-04-25 13:45:12.00000000=
0 -0500
***************
*** 0 ****
--- 1,182 ----
+ /*
+ This is an exact copy of ldap-parse.h from nss_ldap-207
+ */
+=20
+ /* Copyright (C) 1997-2003 Luke Howard.
+ This file is part of the nss_ldap library.
+ Contributed by Luke Howard, <lukeh@padl.com>, 1997.
+=20
+ The nss_ldap library is free software; you can redistribute it and/o=
r
+ modify it under the terms of the GNU Library General Public License =
as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+=20
+ The nss_ldap library is distributed in the hope that it will be usef=
ul,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+=20
+ You should have received a copy of the GNU Library General Public
+ License along with the nss_ldap library; see the file COPYING.LIB. =
If not,
+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite=
330,
+ Boston, MA 02111-1307, USA.
+=20
+ $Id: ldap-parse.h,v 2.18 2003/01/30 10:06:46 lukeh Exp $
+ */
+=20
+=20
+ #ifndef _LDAP_NSS_LDAP_LDAP_PARSE_H
+ #define _LDAP_NSS_LDAP_LDAP_PARSE_H
+=20
+ #if defined(HAVE_NSSWITCH_H)
+ #define NSS_ARGS(args) ((nss_XbyY_args_t *)args)
+=20
+ #define LOOKUP_NAME(args, filter, selector, parser) \
+ ldap_args_t a; \
+ NSS_STATUS s; \
+ LA_INIT(a); \
+ LA_STRING(a) =3D NSS_ARGS(args)->key.name; \
+ LA_TYPE(a) =3D LA_TYPE_STRING; \
+ s =3D _nss_ldap_getbyname(&a, \
+ NSS_ARGS(args)->buf.result, \
+ NSS_ARGS(args)->buf.buffer, \
+ NSS_ARGS(args)->buf.buflen, \
+ &NSS_ARGS(args)->erange, \
+ filter, \
+ selector, \
+ parser); \
+ if (s =3D=3D NSS_SUCCESS) { \
+ NSS_ARGS(args)->returnval =3D NSS_ARGS(args)->buf.result; \
+ } \
+ return s
+ #define LOOKUP_NUMBER(args, field, filter, selector, parser) \
+ ldap_args_t a; \
+ NSS_STATUS s; \
+ LA_INIT(a); \
+ LA_NUMBER(a) =3D NSS_ARGS(args)->field; \
+ LA_TYPE(a) =3D LA_TYPE_NUMBER; \
+ s =3D _nss_ldap_getbyname(&a, \
+ NSS_ARGS(args)->buf.result, \
+ NSS_ARGS(args)->buf.buffer, \
+ NSS_ARGS(args)->buf.buflen, \
+ &NSS_ARGS(args)->erange, \
+ filter, \
+ selector, \
+ parser); \
+ if (s =3D=3D NSS_SUCCESS) { \
+ NSS_ARGS(args)->returnval =3D NSS_ARGS(args)->buf.result; \
+ } \
+ return s
+ #define LOOKUP_GETENT(args, be, filter, selector, parser) \
+ NSS_STATUS s; \
+ s =3D _nss_ldap_getent(&((nss_ldap_backend_t *)be)->state, \
+ NSS_ARGS(args)->buf.result, \
+ NSS_ARGS(args)->buf.buffer, \
+ NSS_ARGS(args)->buf.buflen, \
+ &NSS_ARGS(args)->erange, \
+ filter, \
+ selector, \
+ parser); \
+ if (s =3D=3D NSS_SUCCESS) { \
+ NSS_ARGS(args)->returnval =3D NSS_ARGS(args)->buf.result; \
+ } \
+ return s
+=20
+ #elif defined(HAVE_NSS_H)
+=20
+ #define LOOKUP_NAME(name, result, buffer, buflen, errnop, filter, selec=
tor, parser) \
+ ldap_args_t a; \
+ LA_INIT(a); \
+ LA_STRING(a) =3D name; \
+ LA_TYPE(a) =3D LA_TYPE_STRING; \
+ return _nss_ldap_getbyname(&a, result, buffer, buflen, errnop, filter,=
selector, parser);
+ #define LOOKUP_NUMBER(number, result, buffer, buflen, errnop, filter, s=
elector, parser) \
+ ldap_args_t a; \
+ LA_INIT(a); \
+ LA_NUMBER(a) =3D number; \
+ LA_TYPE(a) =3D LA_TYPE_NUMBER; \
+ return _nss_ldap_getbyname(&a, result, buffer, buflen, errnop, filter,=
selector, parser)
+ #define LOOKUP_GETENT(key, result, buffer, buflen, errnop, filter, sele=
ctor, parser) \
+ return _nss_ldap_getent(&key, result, buffer, buflen, errnop, filter, =
selector, parser)
+=20
+ #elif defined(HAVE_IRS_H)
+=20
+ #define LOOKUP_NAME(name, this, filter, selector, parser) \
+ ldap_args_t a; \
+ struct pvt *pvt =3D (struct pvt *)this->private; \
+ NSS_STATUS s; \
+ LA_INIT(a); \
+ LA_STRING(a) =3D name; \
+ LA_TYPE(a) =3D LA_TYPE_STRING; \
+ s =3D _nss_ldap_getbyname(&a, &pvt->result, pvt->buffer, sizeof(pvt->b=
uffer), &errno, filter, \
+ selector, parser); \
+ if (s !=3D NSS_SUCCESS) { \
+ MAP_ERRNO(s, errno); \
+ return NULL; \
+ } \
+ return &pvt->result;
+ #define LOOKUP_NUMBER(number, this, filter, selector, parser) \
+ ldap_args_t a; \
+ struct pvt *pvt =3D (struct pvt *)this->private; \
+ NSS_STATUS s; \
+ LA_INIT(a); \
+ LA_NUMBER(a) =3D number; \
+ LA_TYPE(a) =3D LA_TYPE_NUMBER; \
+ s =3D _nss_ldap_getbyname(&a, &pvt->result, pvt->buffer, sizeof(pvt->b=
uffer), &errno, filter, \
+ selector, parser); \
+ if (s !=3D NSS_SUCCESS) { \
+ MAP_ERRNO(s, errno); \
+ return NULL; \
+ } \
+ return &pvt->result;
+ #define LOOKUP_GETENT(this, filter, selector, parser) \
+ struct pvt *pvt =3D (struct pvt *)this->private; \
+ NSS_STATUS s; \
+ s =3D _nss_ldap_getent(&pvt->state, &pvt->result, pvt->buffer, \
+ sizeof(pvt->buffer), &errno, filter, \
+ selector, parser); \
+ if (s !=3D NSS_SUCCESS) { \
+ MAP_ERRNO(s, errno); \
+ return NULL; \
+ } \
+ return &pvt->result;
+ #endif /* HAVE_NSSWITCH_H */
+=20
+ #if defined(HAVE_NSSWITCH_H)
+=20
+ #define LOOKUP_SETENT(key) \
+ if (_nss_ldap_ent_context_init(&((nss_ldap_backend_t *)key)->state) =3D=
=3D NULL) \
+ return NSS_UNAVAIL; \
+ return NSS_SUCCESS
+ #define LOOKUP_ENDENT(key) \
+ _nss_ldap_enter(); \
+ _nss_ldap_ent_context_release(((nss_ldap_backend_t *)key)->state); \
+ _nss_ldap_leave(); \
+ return NSS_SUCCESS
+=20
+ #elif defined(HAVE_NSS_H)
+=20
+ #define LOOKUP_SETENT(key) \
+ if (_nss_ldap_ent_context_init(&key) =3D=3D NULL) \
+ return NSS_UNAVAIL; \
+ return NSS_SUCCESS
+ #define LOOKUP_ENDENT(key) \
+ _nss_ldap_enter(); \
+ _nss_ldap_ent_context_release(key); \
+ _nss_ldap_leave(); \
+ return NSS_SUCCESS
+=20
+ #elif defined(HAVE_IRS_H)
+=20
+ #define LOOKUP_SETENT(this) \
+ struct pvt *pvt =3D (struct pvt *)this->private; \
+ (void) _nss_ldap_ent_context_init(&pvt->state)
+ #define LOOKUP_ENDENT(this) \
+ struct pvt *pvt =3D (struct pvt *)this->private; \
+ _nss_ldap_enter(); \
+ _nss_ldap_ent_context_release(pvt->state); \
+ _nss_ldap_leave();
+=20
+ #endif /* HAVE_NSSWITCH_H */
+=20
+ #endif /* _LDAP_NSS_LDAP_LDAP_PARSE_H */
diff -cNr openafs-1.3.80/src/ptserver/nssschema.h openafs-1.3.80-2/src/pt=
server/nssschema.h
*** openafs-1.3.80/src/ptserver/nssschema.h 1969-12-31 18:00:00.000000000=
-0600
--- openafs-1.3.80-2/src/ptserver/nssschema.h 2005-04-25 13:43:35.0000000=
00 -0500
***************
*** 0 ****
--- 1,295 ----
+ /*
+ This is an exact copy of ldap-schema.h from nss_ldap-207
+ */
+=20
+ /* Copyright (C) 1997-2003 Luke Howard.
+ This file is part of the nss_ldap library.
+ Contributed by Luke Howard, <lukeh@padl.com>, 1999.
+=20
+ The nss_ldap library is free software; you can redistribute it and/o=
r
+ modify it under the terms of the GNU Library General Public License =
as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+=20
+ The nss_ldap library is distributed in the hope that it will be usef=
ul,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+=20
+ You should have received a copy of the GNU Library General Public
+ License along with the nss_ldap library; see the file COPYING.LIB. =
If not,
+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite=
330,
+ Boston, MA 02111-1307, USA.
+=20
+ $Id: ldap-schema.h,v 1.21 2003/01/30 10:06:46 lukeh Exp $
+ */
+=20
+ #ifndef _LDAP_NSS_LDAP_LDAP_SCHEMA_H
+ #define _LDAP_NSS_LDAP_LDAP_SCHEMA_H
+=20
+ #ifdef AT_OC_MAP
+ /* max number of attributes per object class */
+ #define ATTRTAB_SIZE 15
+ #endif /* AT_OC_MAP */
+=20
+ /**
+ * function to initialize global lookup filters.
+ */
+ void _nss_ldap_init_filters ();
+ void _nss_ldap_init_attributes (const char ***attrtab);
+=20
+ /**
+ * make filters formerly declared in ldap-*.h globally available.
+ */
+=20
+ /* rfc822 mail aliases */
+ extern char _nss_ldap_filt_getaliasbyname[];
+ extern char _nss_ldap_filt_getaliasent[];
+=20
+ /* boot parameters */
+ extern char _nss_ldap_filt_getbootparamsbyname[];
+=20
+ /* MAC address mappings */
+ extern char _nss_ldap_filt_gethostton[];
+ extern char _nss_ldap_filt_getntohost[];
+ extern char _nss_ldap_filt_getetherent[];
+=20
+ /* groups */
+ extern char _nss_ldap_filt_getgrnam[];
+ extern char _nss_ldap_filt_getgrgid[];
+ extern char _nss_ldap_filt_getgrent[];
+ #ifdef RFC2307BIS
+ extern char _nss_ldap_filt_getgroupsbymemberanddn[];
+ #endif /* RFC2307BIS */
+ extern char _nss_ldap_filt_getgroupsbymember[];
+=20
+ /* IP hosts */
+ extern char _nss_ldap_filt_gethostbyname[];
+ extern char _nss_ldap_filt_gethostbyaddr[];
+ extern char _nss_ldap_filt_gethostent[];
+=20
+ /* IP networks */
+ extern char _nss_ldap_filt_getnetbyname[];
+ extern char _nss_ldap_filt_getnetbyaddr[];
+ extern char _nss_ldap_filt_getnetent[];
+=20
+ /* IP protocols */
+ extern char _nss_ldap_filt_getprotobyname[];
+ extern char _nss_ldap_filt_getprotobynumber[];
+ extern char _nss_ldap_filt_getprotoent[];
+=20
+ /* users */
+ extern char _nss_ldap_filt_getpwnam[];
+ extern char _nss_ldap_filt_getpwuid[];
+ extern char _nss_ldap_filt_getpwent[];
+=20
+ /* RPCs */
+ extern char _nss_ldap_filt_getrpcbyname[];
+ extern char _nss_ldap_filt_getrpcbynumber[];
+ extern char _nss_ldap_filt_getrpcent[];
+=20
+ /* IP services */
+ extern char _nss_ldap_filt_getservbyname[];
+ extern char _nss_ldap_filt_getservbynameproto[];
+ extern char _nss_ldap_filt_getservbyport[];
+ extern char _nss_ldap_filt_getservbyportproto[];
+ extern char _nss_ldap_filt_getservent[];
+=20
+ /* shadow users */
+ extern char _nss_ldap_filt_getspnam[];
+ extern char _nss_ldap_filt_getspent[];
+=20
+ /* netgroups */
+ extern char _nss_ldap_filt_getnetgrent[];
+=20
+ #ifdef AT_OC_MAP
+ /**
+ * Initialize attribute vector table indexed by map
+ * selector (eg. LM_PASSWD) relative to an "ldap_config"
+ */
+=20
+ /**
+ * Lookup (potentially mapped)
+ * objectclass/attribute.
+ */
+ #define OC(oc) _nss_ldap_map_oc(OC##_##oc)
+ #define AT(at) _nss_ldap_map_at(AT##_##at)
+=20
+ #else /* AT_OC_MAP */
+=20
+ #define OC(oc) OC##_##oc
+ #define AT(at) AT##_##at
+=20
+ #endif /* AT_OC_MAP */
+=20
+ /**
+ * Common attributes, not from RFC 2307.
+ */
+ #define AT_objectClass "objectClass"
+ #define AT_cn "cn"
+ #define AT_description "description"
+ #define AT_l "l"
+ #define AT_manager "manager"
+=20
+ /**
+ * Vendor-specific attributes and object classes.
+ * (Mainly from Sun.)
+ */
+ #define OC_nisMailAlias "nisMailAlias"
+ #define AT_rfc822MailMember "rfc822MailMember"
+=20
+ /**
+ * RFC 2307 attributes and object classes.
+ */
+=20
+ /*
+ * ( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY
+ * DESC 'Abstraction of an account with POSIX attributes'
+ * MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ * MAY ( userPassword $ loginShell $ gecos $ description ) )
+ */
+ #define OC_posixAccount "posixAccount"
+ #define AT_uid "uid"
+ #define AT_userPassword "userPassword"
+ #define AT_uidNumber "uidNumber"
+ #define AT_gidNumber "gidNumber"
+ #define AT_loginShell "loginShell"
+ #define AT_gecos "gecos"
+ #define AT_homeDirectory "homeDirectory"
+=20
+ /*
+ * ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+ * DESC 'Additional attributes for shadow passwords' =20
+ * MUST uid
+ * MAY ( userPassword $ shadowLastChange $ shadowMin
+ * shadowMax $ shadowWarning $ shadowInactive $
+ * shadowExpire $ shadowFlag $ description ) )
+ */
+ #define OC_shadowAccount "shadowAccount"
+ #define AT_shadowLastChange "shadowLastChange"
+ #define AT_shadowMin "shadowMin"
+ #define AT_shadowMax "shadowMax"
+ #define AT_shadowWarning "shadowWarning"
+ #define AT_shadowInactive "shadowInactive"
+ #define AT_shadowExpire "shadowExpire"
+ #define AT_shadowFlag "shadowFlag"
+=20
+ /*
+ * ( nisSchema.2.2 NAME 'posixGroup' SUP top STRUCTURAL =20
+ * DESC 'Abstraction of a group of accounts'
+ * MUST ( cn $ gidNumber )
+ * MAY ( userPassword $ uidMember $ description ) )
+ */
+ #define OC_posixGroup "posixGroup"
+ #define AT_gidNumber "gidNumber"
+ #define AT_memberUid "memberUid"
+ #define AT_uniqueMember "uniqueMember"
+=20
+ /*
+ * ( nisSchema.2.3 NAME 'ipService' SUP top STRUCTURAL
+ * DESC 'Abstraction an Internet Protocol service.
+ * Maps an IP port and protocol (such as tcp or udp)
+ * to one or more names; the distinguished value of
+ * the cn attribute denotes the service's canonical
+ * name'
+ * MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ * MAY ( description ) )
+ */
+ #define OC_ipService "ipService"
+ #define AT_ipServicePort "ipServicePort"
+ #define AT_ipServiceProtocol "ipServiceProtocol"
+=20
+ /*
+ * ( nisSchema.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
+ * DESC 'Abstraction of an IP protocol. Maps a protocol number
+ * to one or more names. The distinguished value of the cn
+ * attribute denotes the protocol's canonical name'
+ * MUST ( cn $ ipProtocolNumber )
+ * MAY description )
+ */
+ #define OC_ipProtocol "ipProtocol"
+ #define AT_ipProtocolNumber "ipProtocolNumber"
+=20
+ /*
+ * ( nisSchema.2.5 NAME 'oncRpc' SUP top STRUCTURAL
+ * DESC 'Abstraction of an Open Network Computing (ONC)
+ * [RFC1057] Remote Procedure Call (RPC) binding.
+ * This class maps an ONC RPC number to a name.
+ * The distinguished value of the cn attribute denotes
+ * the RPC service's canonical name'
+ * MUST ( cn $ oncRpcNumber )
+ * MAY description )
+ */
+ #define OC_oncRpc "oncRpc"
+ #define AT_oncRpcNumber "oncRpcNumber"
+=20
+ /*
+ * ( nisSchema.2.6 NAME 'ipHost' SUP top AUXILIARY
+ * DESC 'Abstraction of a host, an IP device. The distinguished
+ * value of the cn attribute denotes the host's canonical
+ * name. Device SHOULD be used as a structural class'
+ * MUST ( cn $ ipHostNumber )
+ * MAY ( l $ description $ manager ) )=20
+ */
+ #define OC_ipHost "ipHost"
+ #define AT_ipHostNumber "ipHostNumber"
+=20
+ /*
+ * ( nisSchema.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
+ * DESC 'Abstraction of a network. The distinguished value of
+ * MUST ( cn $ ipNetworkNumber )
+ * MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+ */
+ #define OC_ipNetwork "ipNetwork"
+ #define AT_ipNetworkNumber "ipNetworkNumber"
+ #define AT_ipNetmaskNumber "ipNetmaskNumber"
+=20
+ /*
+ * ( nisSchema.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
+ * DESC 'Abstraction of a netgroup. May refer to other netgroups'
+ * MUST cn
+ * MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+ */
+ #define OC_nisNetgroup "nisNetgroup"
+ #define AT_nisNetgroupTriple "nisNetgroupTriple"
+ #define AT_memberNisNetgroup "memberNisNetgroup"
+=20
+ /*
+ * ( nisSchema.2.09 NAME 'nisMap' SUP top STRUCTURAL
+ * DESC 'A generic abstraction of a NIS map'
+ * MUST nisMapName
+ * MAY description )
+ */
+ #define OC_nisMap "nisMap"
+ #define AT_nisMapName "nisNapName"
+=20
+ /*
+ * ( nisSchema.2.10 NAME 'nisObject' SUP top STRUCTURAL
+ * DESC 'An entry in a NIS map'
+ * MUST ( cn $ nisMapEntry $ nisMapName )
+ * MAY description )
+ */
+ #define OC_nisObject "nisObject"
+ #define AT_nisMapEntry "nisMapEntry"
+=20
+ /*
+ * ( nisSchema.2.11 NAME 'ieee802Device' SUP top AUXILIARY
+ * DESC 'A device with a MAC address; device SHOULD be
+ * used as a structural class'
+ * MAY macAddress )
+ */
+ #define OC_ieee802Device "ieee802Device"
+ #define AT_macAddress "macAddress"
+=20
+ /*
+ * ( nisSchema.2.12 NAME 'bootableDevice' SUP top AUXILIARY
+ * DESC 'A device with boot parameters; device SHOULD be
+ * used as a structural class'
+ * MAY ( bootFile $ bootParameter ) )
+ */
+ #define OC_bootableDevice "bootableDevice"
+ #define AT_bootFile "bootFile"
+ #define AT_bootParameter "bootParameter"
+=20
+=20
+ #endif /* _LDAP_NSS_LDAP_LDAP_SCHEMA_H */
diff -cNr openafs-1.3.80/src/ptserver/nssutil.h openafs-1.3.80-2/src/ptse=
rver/nssutil.h
*** openafs-1.3.80/src/ptserver/nssutil.h 1969-12-31 18:00:00.000000000 -=
0600
--- openafs-1.3.80-2/src/ptserver/nssutil.h 2005-04-25 13:42:40.000000000=
-0500
***************
*** 0 ****
--- 1,156 ----
+ /*
+ This file is more or less an exact copy of util.h from nss_ldap-207
+ */
+=20
+ /* Copyright (C) 1997-2003 Luke Howard.
+ This file is part of the nss_ldap library.
+ Contributed by Luke Howard, <lukeh@padl.com>, 1997.
+ (The author maintains a non-exclusive licence to distribute this fil=
e
+ under their own conditions.)
+=20
+ The nss_ldap library is free software; you can redistribute it and/o=
r
+ modify it under the terms of the GNU Library General Public License =
as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+=20
+ The nss_ldap library is distributed in the hope that it will be usef=
ul,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+=20
+ You should have received a copy of the GNU Library General Public
+ License along with the nss_ldap library; see the file COPYING.LIB. =
If not,
+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite=
330,
+ Boston, MA 02111-1307, USA.
+ */
+=20
+ #ifndef _LDAP_NSS_LDAP_UTIL_H
+ #define _LDAP_NSS_LDAP_UTIL_H
+=20
+ /* utility routines. */
+=20
+ #define CN_ATTR "CN"
+=20
+ #define DC_ATTR "DC"
+ #define DC_ATTR_AVA DC_ATTR"=3D"
+ #define DC_ATTR_AVA_LEN (sizeof(DC_ATTR_AVA) - 1)
+=20
+ /*
+ * get the RDN's value: eg. if the RDN was cn=3Dlukeh, getrdnvalue(entr=
y)
+ * would return lukeh.
+ */
+ NSS_STATUS _nss_ldap_getrdnvalue (LDAP * ld,
+ LDAPMessage * entry,
+ const char *rdntype,
+ char **rval, char **buf, size_t * len);
+=20
+ #ifdef RFC2307BIS
+ /*
+ * map a distinguished name to a login naem.
+ */
+ NSS_STATUS _nss_ldap_dn2uid (LDAP * ld,
+ const char *dn,
+ char **uid, char **buf, size_t * len);
+ #endif /* RFC2307BIS */
+=20
+ #ifdef AT_OC_MAP
+ #define NSS_LDAP_KEY_MAP_ATTRIBUTE "nss_map_attribute"
+ #define NSS_LDAP_KEY_MAP_OBJECTCLASS "nss_map_objectclass"
+ #endif /* AT_OC_MAP */
+=20
+ #define NSS_LDAP_CONFIG_BUFSIZ 4096
+ #define NSS_LDAP_KEY_HOST "host"
+ #define NSS_LDAP_KEY_SCOPE "scope"
+ #define NSS_LDAP_KEY_BASE "base"
+ #define NSS_LDAP_KEY_PORT "port"
+ #define NSS_LDAP_KEY_BINDDN "binddn"
+ #define NSS_LDAP_KEY_BINDPW "bindpw"
+ #define NSS_LDAP_KEY_USESASL "use_sasl"
+ #define NSS_LDAP_KEY_SASLID "sasl_auth_id"
+ #define NSS_LDAP_KEY_DEREF "deref"
+ #define NSS_LDAP_KEY_ROOTBINDDN "rootbinddn"
+ #define NSS_LDAP_KEY_ROOTUSESASL "rootuse_sasl"
+ #define NSS_LDAP_KEY_ROOTSASLID "rootsasl_auth_id"
+ #define NSS_LDAP_KEY_LDAP_VERSION "ldap_version"
+ #define NSS_LDAP_KEY_TIMELIMIT "timelimit"
+ #define NSS_LDAP_KEY_BIND_TIMELIMIT "bind_timelimit"
+ #define NSS_LDAP_KEY_SSL "ssl"
+ #define NSS_LDAP_KEY_SSLPATH "sslpath"
+ #define NSS_LDAP_KEY_REFERRALS "referrals"
+ #define NSS_LDAP_KEY_RESTART "restart"
+ #define NSS_LDAP_KEY_URI "uri"
+ #define NSS_LDAP_KEY_IDLE_TIMELIMIT "idle_timelimit"
+ #define NSS_LDAP_KEY_RECONNECT_POLICY "bind_policy"
+=20
+ /*
+ * support separate naming contexts for each map=20
+ * eventually this will support the syntax defined in
+ * the DUAConfigProfile searchDescriptor attribute
+ */
+ #define NSS_LDAP_KEY_NSS_BASE_PASSWD "nss_base_passwd"
+ #define NSS_LDAP_KEY_NSS_BASE_SHADOW "nss_base_shadow"
+ #define NSS_LDAP_KEY_NSS_BASE_GROUP "nss_base_group"
+ #define NSS_LDAP_KEY_NSS_BASE_HOSTS "nss_base_hosts"
+ #define NSS_LDAP_KEY_NSS_BASE_SERVICES "nss_base_services"
+ #define NSS_LDAP_KEY_NSS_BASE_NETWORKS "nss_base_networks"
+ #define NSS_LDAP_KEY_NSS_BASE_PROTOCOLS "nss_base_protocols"
+ #define NSS_LDAP_KEY_NSS_BASE_RPC "nss_base_rpc"
+ #define NSS_LDAP_KEY_NSS_BASE_ETHERS "nss_base_ethers"
+ #define NSS_LDAP_KEY_NSS_BASE_NETMASKS "nss_base_netmasks"
+ #define NSS_LDAP_KEY_NSS_BASE_BOOTPARAMS "nss_base_bootparams"
+ #define NSS_LDAP_KEY_NSS_BASE_ALIASES "nss_base_aliases"
+ #define NSS_LDAP_KEY_NSS_BASE_NETGROUP "nss_base_netgroup"
+=20
+ /*
+ * There are a number of means of obtaining configuration information.
+ *
+ * (a) DHCP (Cf draft-hedstrom-dhc-ldap-00.txt)
+ * (b) a configuration file (/etc/ldap.conf) **
+ * (c) a coldstart file & subsequent referrals from the LDAP server
+ * (d) a custom LDAP bind protocol
+ * (e) DNS **
+ *
+ * This should be opaque to the rest of the library.
+ * ** implemented
+ */
+=20
+ void ldap_init_config (ldap_config_t *);
+=20
+ NSS_STATUS ldap_readconfig (ldap_config_t ** result,
+ char *buf, size_t buflen);
+ #ifdef AT_OC_MAP
+ enum ldap_map_type
+ {
+ MAP_ATTRIBUTE,
+ MAP_OBJECTCLASS
+ };
+=20
+ typedef enum ldap_map_type ldap_map_type_t;
+=20
+ static NSS_STATUS do_parse_map_statement (ldap_config_t * cfg,
+ const char *statement,
+ ldap_map_type_t type);
+ #endif /* AT_OC_MAP */
+=20
+ /*
+ * Escape '*' in a string for use as a filter
+ */
+=20
+ NSS_STATUS _nss_ldap_escape_string (const char *str,
+ char *buf, size_t buflen);
+=20
+ #define MAP_H_ERRNO(nss_status, herr) do { \
+ if ((unsigned int) (nss_status - _NSS_LOOKUP_OFFSET) > _nss_ldap_herrn=
o2nssstat_tab_count) \
+ herr =3D NO_RECOVERY; \
+ herr =3D _nss_ldap_herrno2nssstat_tab[nss_status - _NSS_LOOKUP_OFFSET]=
; \
+ } while (0)
+=20
+ #ifdef HAVE_IRS_H
+ #define MAP_ERRNO(nss_status, herr) do { \
+ if ((unsigned int) nss_status > _nss_ldap_errno2nssstat_tab_count) \
+ errno =3D EPERM; \
+ errno =3D _nss_ldap_errno2nssstat_tab[nss_status]; \
+ } while (0)
+ #endif /* HAVE_IRS_H */
+=20
+ #endif /* _LDAP_NSS_LDAP_UTIL_H */
diff -cNr openafs-1.3.80/src/ptserver/ptsldap.c openafs-1.3.80-2/src/ptse=
rver/ptsldap.c
*** openafs-1.3.80/src/ptserver/ptsldap.c 1969-12-31 18:00:00.000000000 -=
0600
--- openafs-1.3.80-2/src/ptserver/ptsldap.c 2005-04-25 12:48:49.000000000=
-0500
***************
*** 0 ****
--- 1,305 ----
+ #include <afsconfig.h>
+ #include <afs/param.h>
+=20
+ RCSID
+ ("$Header: /cvs/openafs/src/ptserver/ptserver.c,v 1.21 2004/06/23 1=
4:27:42 shadow Exp $");
+=20
+ #include <afs/stds.h>
+ #ifdef AFS_AIX32_ENV
+ #include <signal.h>
+ #endif
+ #include <sys/types.h>
+ #include <stdio.h>
+ #ifdef AFS_NT40_ENV
+ #include <winsock2.h>
+ #include <WINNT/afsevent.h>
+ #else
+ #include <netdb.h>
+ #include <netinet/in.h>
+ #endif
+ #ifdef HAVE_STRING_H
+ #include <string.h>
+ #else
+ #ifdef HAVE_STRINGS_H
+ #include <strings.h>
+ #endif
+ #endif
+ #include <rx/xdr.h>
+ #include <rx/rx.h>
+ #include <rx/rx_globals.h>
+ #include <lock.h>
+ #include <ubik.h>
+ #include <afs/cellconfig.h>
+ #include <afs/auth.h>
+ #include <afs/keys.h>
+ #include "ptserver.h"
+ #include "error_macros.h"
+ #include "afs/audit.h"
+ #include <afs/afsutil.h>
+=20
+ #include "AFS_component_version_number.c"
+=20
+ #include <ldap.h>
+ #include "nssconfig.h"
+ #include "nssldap.h"
+ #include "nssutil.h"
+=20
+ /* make all of these into a structure if you want */
+ struct prheader cheader;
+ struct ubik_dbase *dbase;
+ struct afsconf_dir *prdir;
+=20
+ extern afs_int32 ubik_lastYesTime;
+ extern afs_int32 ubik_nBuffers;
+=20
+ extern int afsconf_ServerAuth();
+ extern int afsconf_CheckAuth();
+=20
+ int pr_realmNameLen;
+ char *pr_realmName;
+=20
+ extern NSS_STATUS _ldap_readconfig (ldap_config_t ** presult, char *buf=
fer, size_t buflen );
+ void initLDAP();
+ int shutdownLDAP();
+ LDAP* ldapConnection;
+ char __configbuf[NSS_LDAP_CONFIG_BUFSIZ];
+ ldap_config_t *__config =3D NULL;
+=20
+ //#define LDAP_SERVER "w2kdc3.eng.iastate.edu"
+ //#define LDAP_USER "ldapquery@ENGR.IASTATE.EDU"
+ //#define LDAP_PASSWORD "1dapqu34y"
+ //#define LDAP_BASEDN "dc=3Dengr,dc=3Diastate,dc=3Dedu"
+=20
+=20
+=20
+ /* check whether caller is authorized to manage RX statistics */
+ int pr_rxstat_userok(call)
+ struct rx_call *call;
+ {
+ return afsconf_SuperUser(prdir, call, (char *)0);
+ }
+=20
+ int main (argc, argv)
+ int argc;
+ char **argv;
+ {
+ register afs_int32 code;
+ afs_int32 myHost;
+ register struct hostent *th;
+ char hostname[64];
+ struct rx_service *tservice;
+ struct rx_securityClass *sc[3];
+ //extern struct rx_securityClass *rxnull_NewServerSecurityObject();
+ extern struct rx_securityClass *rxkad_NewServerSecurityObject(rxkad=
_level level, char *get_key_rock, int (*get_key) (char *get_key_rock, int=
kvno, struct ktc_encryptionKey * serverKey), int (*user_ok) (char *name,=
char *instance, char *cell, afs_int32 kvno));
+ extern struct rx_securityClass *rxkad_NewServerSecurityObject();
+ extern int RXSTATS_ExecuteRequest();
+ extern int PR_ExecuteRequest();
+ #if 0
+ struct ktc_encryptionKey tkey;
+ #endif
+ static struct afsconf_cell info;
+ int kerberosKeys; /* set if found some keys */
+ int lwps =3D 3;
+ char clones[MAXHOSTSPERCELL];
+=20
+ const char *pr_dbaseName;
+ char *whoami =3D "ptsldap";
+=20
+ int a;
+ char arg[100];
+=20
+ #ifdef AFS_AIX32_ENV
+ /*
+ * The following signal action for AIX is necessary so that in case=
of a=20
+ * crash (i.e. core is generated) we can include the user's data se=
ction=20
+ * in the core dump. Unfortunately, by default, only a partial core=
is
+ * generated which, in many cases, isn't too useful.
+ */
+ struct sigaction nsa;
+ =20
+ ldapConnection =3D NULL; // make way for ldap
+ initLDAP();
+ =20
+ sigemptyset(&nsa.sa_mask);
+ nsa.sa_handler =3D SIG_DFL;
+ nsa.sa_flags =3D SA_FULLDUMP;
+ sigaction(SIGABRT, &nsa, NULL);
+ sigaction(SIGSEGV, &nsa, NULL);
+ #endif
+ osi_audit (PTS_StartEvent, 0, AUD_END);
+=20
+ /* Initialize dirpaths */
+ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
+ #ifdef AFS_NT40_ENV
+ ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0],0);
+ #endif
+ fprintf(stderr,"%s: Unable to obtain AFS server directory.\n", argv[0]=
);
+ exit(2);
+ }
+=20
+ pr_dbaseName =3D AFSDIR_SERVER_PRDB_FILEPATH;
+=20
+ if (argc !=3D 1) {
+ printf("Usage: ptlocal\n");
+ fflush(stdout);
+ PT_EXIT(1);
+ }
+=20
+ OpenLog(AFSDIR_SERVER_PTLOG_FILEPATH); /* set up logging */
+ SetupLogSignals();
+ =20
+ prdir =3D afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH);
+ if (!prdir) {
+ fprintf (stderr, "ptlocal: can't open configuration directory.\n");
+ PT_EXIT(1);
+ }
+ if (afsconf_GetNoAuthFlag(prdir))
+ printf ("ptlocal: running unauthenticated\n");
+=20
+ #ifdef AFS_NT40_ENV=20
+ /* initialize winsock */
+ if (afs_winsockInit()<0) {
+ ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0,
+ argv[0],0);
+ =20
+ fprintf(stderr, "ptlocal: couldn't initialize winsock. \n");
+ PT_EXIT(1);
+ }
+ #endif
+ /* get this host */
+ gethostname(hostname,sizeof(hostname));
+ th =3D gethostbyname(hostname);
+ if (!th) {
+ fprintf (stderr, "ptlocal: couldn't get address of this host.\n");
+ PT_EXIT(1);
+ }
+ memcpy(&myHost, th->h_addr, sizeof(afs_int32));
+ =20
+ /* get list of servers */
+ code =3D afsconf_GetExtendedCellInfo(prdir,0,"afsprot", &info, &clo=
nes);
+ if (code) {
+ com_err (whoami, code, "Couldn't get server list");
+ PT_EXIT(2);
+ }
+ pr_realmName =3D info.name;
+ pr_realmNameLen =3D strlen (pr_realmName);
+ #if 0
+ /* get keys */
+ code =3D afsconf_GetKey(prdir,999,&tkey);
+ if (code) {
+ com_err (whoami, code, "couldn't get bcrypt keys from key file, ignori=
ng.");
+ }
+ #endif
+ { afs_int32 kvno; /* see if there is a KeyFile here */
+ struct ktc_encryptionKey key;
+ code =3D afsconf_GetLatestKey (prdir, &kvno, &key);
+ kerberosKeys =3D (code =3D=3D 0);
+ if (!kerberosKeys)
+ printf ("ptlocal: can't find any Kerberos keys, code =3D %d, ignor=
ing\n", code);
+ }
+ if (kerberosKeys) {
+ /* initialize ubik */
+ ubik_CRXSecurityProc =3D afsconf_ClientAuth;
+ ubik_CRXSecurityRock =3D (char *)prdir;
+ ubik_SRXSecurityProc =3D afsconf_ServerAuth;
+ ubik_SRXSecurityRock =3D (char *)prdir;
+ ubik_CheckRXSecurityProc =3D afsconf_CheckAuth;
+ ubik_CheckRXSecurityRock =3D (char *)prdir;
+ }
+ /* The max needed is when deleting an entry. A full CoEntry deleti=
on
+ * required removal from 39 entries. Each of which may refers to t=
he entry
+ * being deleted in one of its CoEntries. If a CoEntry is freed it=
s
+ * predecessor CoEntry will be modified as well. Any freed blocks =
also
+ * modifies the database header. Counting the entry being deleted =
and its
+ * CoEntry this adds up to as much as 1+1+39*3 =3D 119. If all the=
se entries
+ * and the header are in separate Ubik buffers then 120 buffers may=
be
+ * required. */
+ ubik_nBuffers =3D 120 + /*fudge*/40;
+ code =3D ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &in=
fo,
+ &clones, pr_dbaseName, &dbase);
+ if (code) {
+ com_err (whoami, code, "Ubik init failed");
+ PT_EXIT(2);
+ }
+ sc[0] =3D rxnull_NewServerSecurityObject();
+ sc[1] =3D 0;
+ if (kerberosKeys) {
+ sc[2] =3D rxkad_NewServerSecurityObject
+ (0, prdir, afsconf_GetKey, (char *)0);
+ }
+ else sc[2] =3D sc[0];
+=20
+ /* Disable jumbograms */
+ rx_SetNoJumbo();
+=20
+ tservice =3D rx_NewService(0,PRSRV,"Protection Server",sc,3,PR_Exec=
uteRequest);
+ if (tservice =3D=3D (struct rx_service *)0) {
+ fprintf (stderr, "ptlocal: Could not create new rx service.\n");
+ PT_EXIT(3);
+ }
+ rx_SetMinProcs(tservice,2);
+ rx_SetMaxProcs(tservice,lwps);
+=20
+ tservice =3D rx_NewService(0,RX_STATS_SERVICE_ID,"rpcstats",sc,3,RX=
STATS_ExecuteRequest);
+ if (tservice =3D=3D (struct rx_service *)0) {
+ fprintf (stderr, "ptlocal: Could not create new rx service.\n");
+ PT_EXIT(3);
+ }
+ rx_SetMinProcs(tservice,2);
+ rx_SetMaxProcs(tservice,4);
+=20
+ /* allow super users to manage RX statistics */
+ rx_SetRxStatUserOk(pr_rxstat_userok);
+=20
+ rx_StartServer(1);
+ osi_audit (PTS_FinishEvent, -1, AUD_END);
+ shutdownLDAP();
+ return 0;
+ }
+=20
+ void initLDAP() {
+ if (__config =3D=3D NULL) {
+ NSS_STATUS stat =3D _ldap_readconfig(&__config, __configbuf, sizeof (=
__configbuf));
+ }
+ if (__config =3D=3D NULL) PT_EXIT(3); // get out if we don't have the =
config file
+=20
+ if (ldapConnection !=3D NULL) return;
+=20
+ LDAPMessage* ld_err;
+=20
+ int version =3D __config->ldc_version;
+ int sizelimit =3D 2000;
+ int result;
+=20
+ ldapConnection =3D ldap_init(__config->ldc_host, __config->ldc_=
port);
+ if (ldapConnection =3D=3D NULL) {
+ fprintf(stderr, "ptlocal: Could not initialize ldap connection\n");
+ PT_EXIT(3);
+ }
+=20
+ result =3D ldap_set_option(ldapConnection, LDAP_OPT_PROTOCOL_VE=
RSION, &version);
+ if (result !=3D LDAP_SUCCESS) {
+ fprintf(stderr, "ptlocal: Could not set LDAP connection option LDAP_O=
PT_PROTOCOL_VERSION (%s)\n", ldap_err2string(result));
+ PT_EXIT(3);
+ }
+=20
+ result =3D ldap_set_option(ldapConnection, LDAP_OPT_SIZELIMIT, =
&sizelimit);
+ if (result !=3D LDAP_SUCCESS) {
+ fprintf(stderr, "ptlocal: Could not set LDAP connection option LDAP_O=
PT_SIZELIMIT (%s)\n", ldap_err2string(result));
+ PT_EXIT(3);
+ }
+=20
+ result =3D ldap_simple_bind_s(ldapConnection, __config->ldc_bin=
ddn, __config->ldc_bindpw);
+ if (result !=3D LDAP_SUCCESS) {
+ fprintf(stderr, "ptlocal: Could not bind LDAP connection (%s)\n", lda=
p_err2string(result));
+ PT_EXIT(3);
+ }
+=20
+ }
+=20
+ int shutdownLDAP() {
+ int result;
+ if (ldapConnection =3D=3D NULL) return;
+ result =3D ldap_unbind(ldapConnection);
+ if (result =3D=3D LDAP_SUCCESS) ldapConnection=3DNULL;
+ }
diff -cNr openafs-1.3.80/src/ptserver/ptsldap-confparser.c openafs-1.3.80=
-2/src/ptserver/ptsldap-confparser.c
*** openafs-1.3.80/src/ptserver/ptsldap-confparser.c 1969-12-31 18:00:00.=
000000000 -0600
--- openafs-1.3.80-2/src/ptserver/ptsldap-confparser.c 2005-04-25 13:39:5=
4.000000000 -0500
***************
*** 0 ****
--- 1,695 ----
+ #include "ptsldap-confparser.h"
+=20
+ #if defined(RFC2307BIS) || defined(AT_OC_MAP)
+ #include <db.h>
+ #define DN2UID_CACHE
+=20
+ /* Used for both DN2UID and AT_OC mapping */
+ void *
+ _nss_hash_open()
+ {
+ DB *db =3D NULL;
+ #if DB_VERSION_MAJOR > 2
+ int rc;
+=20
+ rc =3D db_create(&db, NULL, 0);
+ if (rc !=3D 0) {
+ return NULL;
+ }
+=20
+ #if (DB_VERSION_MAJOR > 3) && (DB_VERSION_MINOR > 0)
+ rc =3D db->open(db, NULL, NULL, NULL, DB_HASH, DB_CREATE, 0600);
+ #else
+ rc =3D db->open(db, NULL, NULL, DB_HASH, DB_CREATE, 0600);
+ #endif
+=20
+ if (rc !=3D 0) {
+ db->close(db, 0);
+ return NULL;
+ }
+ #else
+ db =3D dbopen(NULL, O_RDWR, 0600, DB_HASH, NULL);
+ #endif /* DB_VERSION_MAJOR */
+=20
+ return db;
+ }
+=20
+=20
+ NSS_STATUS do_parse_map_statement (ldap_config_t * cfg, const char *sta=
tement, ldap_map_type_t type)
+ {
+ /**
+ * statement has already been prepared in _nss_ldap_readconfig
+ * =3D> only a split dumping white space inbetween is necessary!
+ */
+ NSS_STATUS stat;
+ char *key, *val;
+=20
+ key =3D (char *) statement;
+ val =3D key;
+ while (*val !=3D ' ' && *val !=3D '\t')
+ val++;
+ *(val++) =3D '\0';
+=20
+ while (*val =3D=3D ' ' || *val =3D=3D '\t')
+ val++;
+=20
+ if (type =3D=3D MAP_ATTRIBUTE)
+ stat =3D _ldap_atmap_put (cfg, key, val);
+ else /* type =3D=3D MAP_OBJECTCLASS */
+ stat =3D _ldap_ocmap_put (cfg, key, val);
+=20
+ return stat;
+ }
+=20
+ NSS_STATUS _ldap_ocmap_put (ldap_config_t * config, const char *rfc2307=
objectclass, const char *objectclass)
+ {
+ DBT key, val;
+ int rc;
+ char *ocdup;
+=20
+ if (config->ldc_oc_map =3D=3D NULL)
+ {
+ config->ldc_oc_map =3D _nss_hash_open();
+ if (config->ldc_oc_map =3D=3D NULL)
+ {
+ return NSS_TRYAGAIN;
+ }
+ }
+=20
+ ocdup =3D (char*) strdup(objectclass);
+ if (ocdup =3D=3D NULL)
+ return NSS_TRYAGAIN;
+=20
+ memset(&key, 0, sizeof(key));
+ key.data =3D (void *) rfc2307objectclass;
+ key.size =3D strlen (rfc2307objectclass);
+ memset(&val, 0, sizeof(key));
+ val.data =3D (void *) &ocdup;
+ val.size =3D sizeof (ocdup);
+ rc =3D
+ (((DB *) (config->ldc_oc_map))->put) ((DB *) config->ldc_oc_map,
+ #if DB_VERSION_MAJOR > 2
+ NULL, /* DB_TXN */
+ #endif /* DB_VERSION_MAJOR */
+ &key, &val, 0);
+=20
+ return (rc !=3D 0) ? NSS_TRYAGAIN : NSS_SUCCESS;
+ }
+=20
+ NSS_STATUS _ldap_ocmap_get (ldap_config_t * config, const char *rfc2307=
objectclass, const char **objectclass)
+ {
+ DBT key, val;
+=20
+ if (config =3D=3D NULL || config->ldc_oc_map =3D=3D NULL)
+ {
+ *objectclass =3D rfc2307objectclass;
+ return NSS_NOTFOUND;
+ }
+=20
+ memset(&key, 0, sizeof(key));
+ key.data =3D (void *) rfc2307objectclass;
+ key.size =3D strlen (rfc2307objectclass);
+=20
+ memset(&val, 0, sizeof(val));
+=20
+ if ((((DB *) config->ldc_oc_map)->get)
+ ((DB *) config->ldc_oc_map,
+ #if DB_VERSION_MAJOR > 2
+ NULL,
+ #endif
+ &key, &val, 0) !=3D 0)
+ {
+ *objectclass =3D rfc2307objectclass;
+ return NSS_NOTFOUND;
+ }
+=20
+ *objectclass =3D *((char **) val.data);
+=20
+ return NSS_SUCCESS;
+ }
+=20
+ NSS_STATUS _ldap_atmap_put (ldap_config_t * config, const char *rfc2307=
attribute, const char *attribute)
+ {
+ DBT key, val;
+ int rc;
+ char *attrdup;
+=20
+ if (config->ldc_at_map =3D=3D NULL)
+ {
+ config->ldc_at_map =3D _nss_hash_open();
+ if (config->ldc_at_map =3D=3D NULL)
+ {
+ return NSS_TRYAGAIN;
+ }
+ }
+=20
+ attrdup =3D (char*) strdup(attribute);
+ if (attrdup =3D=3D NULL)
+ return NSS_TRYAGAIN;
+=20
+ if (strcmp (rfc2307attribute, "userPassword") =3D=3D 0)
+ {
+ if (strcasecmp (attribute, "userPassword") =3D=3D 0)
+ config->ldc_password_type =3D LU_RFC2307_USERPASSWORD;
+ else if (strcasecmp (attribute, "authPassword") =3D=3D 0)
+ config->ldc_password_type =3D LU_RFC3112_AUTHPASSWORD;
+ else
+ config->ldc_password_type =3D LU_OTHER_PASSWORD;
+ }
+=20
+ memset(&key, 0, sizeof(key));
+ key.data =3D (void *) rfc2307attribute;
+ key.size =3D strlen (rfc2307attribute);
+=20
+ memset(&val, 0, sizeof(val));
+ val.data =3D (void *) &attrdup;
+ val.size =3D sizeof (attrdup);
+=20
+ rc =3D
+ (((DB *) (config->ldc_at_map))->put) ((DB *) config->ldc_at_map,
+ #if DB_VERSION_MAJOR > 2
+ NULL, /* DB_TXN */
+ #endif /* DB_VERSION_MAJOR */
+ &key, &val, 0);
+=20
+ return (rc !=3D 0) ? NSS_TRYAGAIN : NSS_SUCCESS;
+ }
+=20
+ NSS_STATUS _nss_ldap_atmap_get (ldap_config_t * config, const char *rfc=
2307attribute, const char **attribute)
+ {
+ DBT key, val;
+=20
+ if (config =3D=3D NULL || config->ldc_at_map =3D=3D NULL)
+ {
+ *attribute =3D rfc2307attribute;
+ return NSS_NOTFOUND;
+ }
+=20
+ memset(&key, 0, sizeof(key));
+ key.data =3D (void *) rfc2307attribute;
+ key.size =3D strlen (rfc2307attribute);
+=20
+ memset(&val, 0, sizeof(val));
+=20
+ if ((((DB *) config->ldc_at_map)->get)
+ ((DB *) config->ldc_at_map,
+ #if DB_VERSION_MAJOR > 2
+ NULL,
+ #endif
+ &key, &val, 0) !=3D 0)
+ {
+ *attribute =3D rfc2307attribute;
+ return NSS_NOTFOUND;
+ }
+=20
+ *attribute =3D *((char **) val.data);
+ return NSS_SUCCESS;
+ }
+ #endif /* AT_OC_MAP */
+=20
+ NSS_STATUS
+ do_searchdescriptorconfig (const char *key, const char *value, size_t l=
en,
+ ldap_service_search_descriptor_t ** result,
+ char **buffer, size_t * buflen)
+ {
+ ldap_service_search_descriptor_t **t, *cur;
+ char *base;
+ char *filter, *s;
+ int scope;
+=20
+ t =3D NULL;
+ filter =3D NULL;
+ scope =3D -1;
+=20
+ if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_PASSWD))
+ t =3D &result[LM_PASSWD];
+ if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_SHADOW))
+ t =3D &result[LM_SHADOW];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_GROUP))
+ t =3D &result[LM_GROUP];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_HOSTS))
+ t =3D &result[LM_HOSTS];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_SERVICES))
+ t =3D &result[LM_SERVICES];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_NETWORKS))
+ t =3D &result[LM_NETWORKS];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_PROTOCOLS))
+ t =3D &result[LM_PROTOCOLS];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_RPC))
+ t =3D &result[LM_RPC];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_ETHERS))
+ t =3D &result[LM_ETHERS];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_NETMASKS))
+ t =3D &result[LM_NETMASKS];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_BOOTPARAMS))
+ t =3D &result[LM_BOOTPARAMS];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_ALIASES))
+ t =3D &result[LM_ALIASES];
+ else if (!strcasecmp (key, NSS_LDAP_KEY_NSS_BASE_NETGROUP))
+ t =3D &result[LM_NETGROUP];
+=20
+ if (t =3D=3D NULL)
+ return NSS_SUCCESS;
+=20
+ /* we have already checked for room for the value */
+ /* len is set to the length of value */
+ base =3D *buffer;
+ strncpy (base, value, len);
+ base[len] =3D '\0';
+=20
+ *buffer +=3D len + 1;
+ *buflen -=3D len + 1;
+=20
+ /* probably is some funky escaping needed here. later... */
+ s =3D strchr (base, '?');
+ if (s !=3D NULL)
+ {
+ *s =3D '\0';
+ s++;
+ if (!strcasecmp (s, "sub"))
+ scope =3D LDAP_SCOPE_SUBTREE;
+ else if (!strcasecmp (s, "one"))
+ scope =3D LDAP_SCOPE_ONELEVEL;
+ else if (!strcasecmp (s, "base"))
+ scope =3D LDAP_SCOPE_BASE;
+ filter =3D strchr (s, '?');
+ if (filter !=3D NULL)
+ {
+ *filter =3D '\0';
+ filter++;
+ }
+ }
+=20
+ if (bytesleft (*buffer, *buflen, ldap_service_search_descriptor_t) <
+ sizeof (ldap_service_search_descriptor_t))
+ return NSS_UNAVAIL;
+=20
+ align (*buffer, *buflen, ldap_service_search_descriptor_t);
+=20
+ for (cur =3D *t; cur && cur->lsd_next; cur=3Dcur->lsd_next);
+ if (!cur)
+ {
+ *t =3D (ldap_service_search_descriptor_t *) * buffer;
+ cur =3D *t;
+ }
+ else
+ {
+ cur->lsd_next =3D (ldap_service_search_descriptor_t *) * buffer;
+ cur =3D cur->lsd_next;
+ }
+=20
+ cur->lsd_base =3D base;
+ cur->lsd_scope =3D scope;
+ cur->lsd_filter =3D filter;
+ cur->lsd_next =3D NULL;
+=20
+ *buffer +=3D sizeof (ldap_service_search_descriptor_t);
+ *buflen -=3D sizeof (ldap_service_search_descriptor_t);
+=20
+ return NSS_SUCCESS;
+ }
+=20
+ void _ldap_init_config (ldap_config_t * result)
+ {
+ memset (result, 0, sizeof(*result));
+=20
+ result->ldc_scope =3D LDAP_SCOPE_SUBTREE;
+ result->ldc_deref =3D LDAP_DEREF_NEVER;
+ result->ldc_host =3D NULL;
+ result->ldc_base =3D NULL;
+ result->ldc_port =3D 389;
+ result->ldc_binddn =3D NULL;
+ result->ldc_bindpw =3D NULL;
+ result->ldc_saslid =3D NULL;
+ result->ldc_usesasl =3D 0;
+ result->ldc_rootbinddn =3D NULL;
+ result->ldc_rootbindpw =3D NULL;
+ result->ldc_rootsaslid =3D NULL;
+ result->ldc_rootusesasl =3D 0;
+ #ifdef LDAP_VERSION3
+ result->ldc_version =3D LDAP_VERSION3;
+ #else
+ result->ldc_version =3D LDAP_VERSION2;
+ #endif /* LDAP_VERSION3 */
+ result->ldc_timelimit =3D LDAP_NO_LIMIT;
+ result->ldc_bind_timelimit =3D 30;
+ result->ldc_ssl_on =3D SSL_OFF;
+ result->ldc_sslpath =3D NULL;
+ result->ldc_referrals =3D 1;
+ result->ldc_restart =3D 1;
+ result->ldc_uri =3D NULL;
+ result->ldc_tls_checkpeer =3D 0;
+ result->ldc_tls_cacertfile =3D NULL;
+ result->ldc_tls_cacertdir =3D NULL;
+ result->ldc_tls_ciphers =3D NULL;
+ result->ldc_tls_cert =3D NULL;
+ result->ldc_tls_key =3D NULL;
+ result->ldc_tls_randfile =3D NULL;
+ result->ldc_idle_timelimit =3D 0;
+ result->ldc_reconnect_pol =3D LP_RECONNECT_HARD;
+ #ifdef AT_OC_MAP
+ result->ldc_at_map =3D NULL;
+ result->ldc_oc_map =3D NULL;
+ result->ldc_password_type =3D LU_RFC2307_USERPASSWORD;
+ #endif /* AT_OC_MAP */
+ }
+=20
+ NSS_STATUS _ldap_readconfig (ldap_config_t ** presult, char *buffer, si=
ze_t buflen )
+ {
+ FILE *fp;
+ char b[1024];
+ NSS_STATUS stat =3D NSS_SUCCESS;
+ ldap_config_t *result;
+=20
+ if (bytesleft (buffer, buflen, ldap_config_t *) < sizeof (ldap_config=
_t))
+ {
+ return NSS_TRYAGAIN;
+ }
+ align (buffer, buflen, ldap_config_t *);
+ result =3D *presult =3D (ldap_config_t *) buffer;
+ buffer +=3D sizeof (ldap_config_t);
+ buflen -=3D sizeof (ldap_config_t);
+=20
+ _ldap_init_config (result);
+=20
+ fp =3D fopen (NSS_LDAP_PATH_CONF, "r");
+ if (fp =3D=3D NULL)
+ {
+ return -1;
+ }
+=20
+ while (fgets (b, sizeof (b), fp) !=3D NULL)
+ {
+ char *k, *v;
+ int len;
+ char **t =3D NULL;
+=20
+ if (*b =3D=3D '\n' || *b =3D=3D '#')
+ continue;
+=20
+ k =3D b;
+ v =3D k;
+=20
+ /* skip past all characters in keyword */
+ while (*v !=3D '\0' && *v !=3D ' ' && *v !=3D '\t')
+ v++;
+=20
+ if (*v =3D=3D '\0')
+ continue;
+=20
+ /* terminate keyword */
+ *(v++) =3D '\0';
+=20
+ /* skip all whitespaces between keyword and value */
+ /* Lars Oergel <lars.oergel@innominate.de>, 05.10.2000 */
+ while (*v =3D=3D ' ' || *v =3D=3D '\t')
+ v++;
+=20
+ /* kick off all whitespaces and newline at the end of value */
+ /* Bob Guo <bob@mail.ied.ac.cn>, 08.10.2001 */
+ len =3D strlen (v) - 1;
+ while (v[len] =3D=3D ' ' || v[len] =3D=3D '\t' || v[len] =3D=3D '=
\n')
+ --len;
+ v[++len] =3D '\0';
+=20
+ if (buflen < (size_t) (len + 1))
+ {
+ stat =3D NSS_TRYAGAIN;
+ break;
+ }
+=20
+ if (!strcasecmp (k, NSS_LDAP_KEY_HOST))
+ {
+ t =3D &result->ldc_host;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_URI))
+ {
+ t =3D &result->ldc_uri;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_BASE))
+ {
+ t =3D &result->ldc_base;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_BINDDN))
+ {
+ t =3D &result->ldc_binddn;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_BINDPW))
+ {
+ t =3D &result->ldc_bindpw;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_USESASL))
+ {
+ result->ldc_usesasl =3D (!strcasecmp (v, "on")
+ || !strcasecmp (v, "yes")
+ || !strcasecmp (v, "true"));
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_SASLID))
+ {
+ t =3D &result->ldc_saslid;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_ROOTBINDDN))
+ {
+ t =3D &result->ldc_rootbinddn;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_ROOTUSESASL))
+ {
+ result->ldc_rootusesasl =3D (!strcasecmp (v, "on")
+ || !strcasecmp (v, "yes")
+ || !strcasecmp (v, "true"));
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_ROOTSASLID))
+ {
+ t =3D &result->ldc_rootsaslid;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_SSLPATH))
+ {
+ t =3D &result->ldc_sslpath;
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_SCOPE))
+ {
+ if (!strcasecmp (v, "sub"))
+ {
+ result->ldc_scope =3D LDAP_SCOPE_SUBTREE;
+ }
+ else if (!strcasecmp (v, "one"))
+ {
+ result->ldc_scope =3D LDAP_SCOPE_ONELEVEL;
+ }
+ else if (!strcasecmp (v, "base"))
+ {
+ result->ldc_scope =3D LDAP_SCOPE_BASE;
+ }
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_DEREF))
+ {
+ if (!strcasecmp (v, "never"))
+ {
+ result->ldc_deref =3D LDAP_DEREF_NEVER;
+ }
+ else if (!strcasecmp (v, "searching"))
+ {
+ result->ldc_deref =3D LDAP_DEREF_SEARCHING;
+ }
+ else if (!strcasecmp (v, "finding"))
+ {
+ result->ldc_deref =3D LDAP_DEREF_FINDING;
+ }
+ else if (!strcasecmp (v, "always"))
+ {
+ result->ldc_deref =3D LDAP_DEREF_ALWAYS;
+ }
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_PORT))
+ {
+ result->ldc_port =3D atoi (v);
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_SSL))
+ {
+ if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
+ || !strcasecmp (v, "true"))
+ {
+ result->ldc_ssl_on =3D SSL_LDAPS;
+ }
+ else if (!strcasecmp (v, "start_tls"))
+ {
+ result->ldc_ssl_on =3D SSL_START_TLS;
+ }
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_REFERRALS))
+ {
+ result->ldc_referrals =3D (!strcasecmp (v, "on")
+ || !strcasecmp (v, "yes")
+ || !strcasecmp (v, "true"));
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_RESTART))
+ {
+ result->ldc_restart =3D (!strcasecmp (v, "on")
+ || !strcasecmp (v, "yes")
+ || !strcasecmp (v, "true"));
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_LDAP_VERSION))
+ {
+ result->ldc_version =3D atoi (v);
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_TIMELIMIT))
+ {
+ result->ldc_timelimit =3D atoi (v);
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_BIND_TIMELIMIT))
+ {
+ result->ldc_bind_timelimit =3D atoi (v);
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_IDLE_TIMELIMIT))
+ {
+ result->ldc_idle_timelimit =3D atoi (v);
+ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_RECONNECT_POLICY))
+ {
+ if (!strcasecmp (v, "hard"))
+ {
+ result->ldc_reconnect_pol =3D LP_RECONNECT_HARD;
+ }
+ else if (!strcasecmp (v, "soft"))
+ {
+ result->ldc_reconnect_pol =3D LP_RECONNECT_SOFT;
+ }
+ }
+ else if (!strcasecmp (k, "tls_checkpeer"))
+ {
+ if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
+ || !strcasecmp (v, "true"))
+ {
+ result->ldc_tls_checkpeer =3D 1;
+ }
+ else if (!strcasecmp (v, "off") || !strcasecmp (v, "no")
+ || !strcasecmp (v, "false"))
+ {
+ result->ldc_tls_checkpeer =3D 0;
+ }
+ }
+ else if (!strcasecmp (k, "tls_cacertfile"))
+ {
+ t =3D &result->ldc_tls_cacertfile;
+ }
+ else if (!strcasecmp (k, "tls_cacertdir"))
+ {
+ t =3D &result->ldc_tls_cacertdir;
+ }
+ else if (!strcasecmp (k, "tls_ciphers"))
+ {
+ t =3D &result->ldc_tls_ciphers;
+ }
+ else if (!strcasecmp (k, "tls_cert"))
+ {
+ t =3D &result->ldc_tls_cert;
+ }
+ else if (!strcasecmp (k, "tls_key"))
+ {
+ t =3D &result->ldc_tls_key;
+ }
+ else if (!strcasecmp (k, "tls_randfile"))
+ {
+ t =3D &result->ldc_tls_randfile;
+ }
+ #ifdef AT_OC_MAP
+ else if (!strncasecmp (k, NSS_LDAP_KEY_MAP_ATTRIBUTE,
+ strlen (NSS_LDAP_KEY_MAP_ATTRIBUTE)))
+ {
+ do_parse_map_statement (result, v, MAP_ATTRIBUTE);
+ }
+ else if (!strncasecmp (k, NSS_LDAP_KEY_MAP_OBJECTCLASS,
+ strlen (NSS_LDAP_KEY_MAP_OBJECTCLASS)))
+ {
+ do_parse_map_statement (result, v, MAP_OBJECTCLASS);
+ }
+ #endif /* AT_OC_MAP */
+ else
+ {
+ /*
+ * check whether the key is a naming context key
+ * if yes, parse; otherwise just return NSS_SUCCESS
+ * so we can ignore keys we don't understand.
+ */
+ stat =3D
+ do_searchdescriptorconfig (k, v, len, result->ldc_sds, &buffer,
+ &buflen);
+ if (stat =3D=3D NSS_UNAVAIL)
+ {
+ break;
+ }
+ }
+=20
+ if (t !=3D NULL)
+ {
+ strncpy (buffer, v, len);
+ buffer[len] =3D '\0';
+ *t =3D buffer;
+ buffer +=3D len + 1;
+ buflen -=3D len + 1;
+ }
+ }
+=20
+ fclose (fp);
+=20
+ if (stat !=3D NSS_SUCCESS)
+ {
+ return stat;
+ }
+=20
+ if (result->ldc_rootbinddn !=3D NULL)
+ {
+ fp =3D fopen (NSS_LDAP_PATH_ROOTPASSWD, "r");
+ if (fp)
+ {
+ if (fgets (b, sizeof (b), fp) !=3D NULL)
+ {
+ int len;
+=20
+ len =3D strlen (b);
+ if (len > 0)
+ len--;
+=20
+ if (buflen < (size_t) (len + 1))
+ {
+ return NSS_UNAVAIL;
+ }
+=20
+ strncpy (buffer, b, len);
+ buffer[len] =3D '\0';
+ result->ldc_rootbindpw =3D buffer;
+ buffer +=3D len + 1;
+ buflen -=3D len + 1;
+ }
+ fclose (fp);
+ }
+ else if (!result->ldc_rootusesasl)
+ {
+ result->ldc_rootbinddn =3D NULL;
+ }
+ }
+=20
+ if (result->ldc_host =3D=3D NULL
+ #ifdef HAVE_LDAP_INITIALIZE
+ && result->ldc_uri =3D=3D NULL
+ #endif
+ )
+ {
+ return NSS_NOTFOUND;
+ }
+=20
+ if (result->ldc_port =3D=3D 0)
+ {
+ #ifdef LDAPS_PORT
+ if (result->ldc_ssl_on =3D=3D SSL_LDAPS)
+ {
+ result->ldc_port =3D LDAPS_PORT;
+ }
+ else
+ #endif /* SSL */
+ result->ldc_port =3D LDAP_PORT;
+ }
+=20
+ return stat;
+ }
+=20
diff -cNr openafs-1.3.80/src/ptserver/ptsldap-confparser.h openafs-1.3.80=
-2/src/ptserver/ptsldap-confparser.h
*** openafs-1.3.80/src/ptserver/ptsldap-confparser.h 1969-12-31 18:00:00.=
000000000 -0600
--- openafs-1.3.80-2/src/ptserver/ptsldap-confparser.h 2005-04-25 13:28:1=
5.000000000 -0500
***************
*** 0 ****
--- 1,19 ----
+ #include <ldap.h>
+ #include <stdio.h>
+=20
+ #include "nssconfig.h"
+ #include "nssldap.h"
+ #include "nssutil.h"
+=20
+ NSS_STATUS _ldap_readconfig (ldap_config_t ** presult, char *buffer, si=
ze_t buflen );
+ NSS_STATUS do_parse_map_statement (ldap_config_t * cfg, const char *sta=
tement, ldap_map_type_t type);
+ NSS_STATUS _ldap_ocmap_put (ldap_config_t * config, const char *rfc2307=
objectclass, const char *objectclass);
+ NSS_STATUS _ldap_atmap_put (ldap_config_t * config, const char *rfc2307=
attribute, const char *attribute);
+ void _nss_ldap_init_config (ldap_config_t *);
+ /*
+ NSS_STATUS _nss_ldap_init (void);
+ NSS_STATUS do_searchdescriptorconfig (const char *key, const char *valu=
e, size_t len, ldap_service_search_descriptor_t ** result, char **buffer,=
size_t * buflen);
+ static NSS_STATUS do_open (void);
+ static int do_ssl_options (ldap_config_t * cfg);
+ static int do_bind (LDAP * ld, int timelimit, const char *dn, const cha=
r *pw, int with_sasl);
+ */
diff -cNr openafs-1.3.80/src/ptserver/ptsldapprocs.c openafs-1.3.80-2/src=
/ptserver/ptsldapprocs.c
*** openafs-1.3.80/src/ptserver/ptsldapprocs.c 1969-12-31 18:00:00.000000=
000 -0600
--- openafs-1.3.80-2/src/ptserver/ptsldapprocs.c 2005-04-25 12:49:20.0000=
00000 -0500
***************
*** 0 ****
--- 1,1477 ----
+ /*
+ * Copyright 2000, International Business Machines Corporation and othe=
rs.
+ * All Rights Reserved.
+ *=20
+ * This software has been released under the terms of the IBM Public
+ * License. For details, see the LICENSE file in the top-level source
+ * directory or online at http://www.openafs.org/dl/license10.html
+ */
+=20
+ #include <afsconfig.h>
+ #include <afs/param.h>
+=20
+=20
+ #include <afs/stds.h>
+ #include <ctype.h>
+ #include <stdio.h>
+ #include <lock.h>
+ #include <afs/afsutil.h>
+ #include <ubik.h>
+ #include <rx/xdr.h>
+ #include <rx/rx.h>
+ #include <rx/rxkad.h>
+ #include <afs/auth.h>
+ #ifdef AFS_NT40_ENV=20
+ #include <winsock2.h>
+ #else
+ #include <netinet/in.h>
+ #endif
+ #ifdef HAVE_STRING_H
+ #include <string.h>
+ #else
+ #ifdef HAVE_STRINGS_H
+ #include <strings.h>
+ #endif
+ #endif
+ #include "ptserver.h"
+ #include "pterror.h"
+ #include "afs/audit.h"
+=20
+ #ifdef AFS_ATHENA_STDENV
+ #include <krb.h>
+ #endif
+=20
+ #include <syslog.h>
+ #include <sys/types.h>
+=20
+ #include <ldap.h>
+ #include "nssconfig.h"
+ #include "nssldap.h"
+ #include "nssutil.h"
+=20
+ extern LDAP* ldapConnection;
+ extern ldap_config_t* __config;
+ extern void initLDAP();
+=20
+=20
+ #define IP_WILDCARDS 1 /* XXX Should be defined outside of here XXX */
+=20
+ extern struct ubik_dbase *dbase;
+ extern afs_int32 Initdb();
+ int pr_noAuth;
+ afs_int32 initd;
+ afs_int32 iNewEntry(), newEntry(), whereIsIt(), dumpEntry(), addToGroup=
(), nameToID(), Delete(), removeFromGroup();
+ afs_int32 getCPS(), getCPS2(), getHostCPS(), listMax(), setMax(), listE=
ntry();
+ afs_int32 listEntries(), changeEntry(), setFieldsEntry(), put_prentries=
();
+ afs_int32 listElements(), listOwned(), isAMemberOf(), idToName();
+ extern void initLDAP();
+=20
+ static stolower();
+ extern int IDCmp();
+=20
+ /* When abort, reset initd so that the header is read in on next call.
+ * Abort the transarction and return the code.
+ */
+ #define ABORT_WITH(tt,code) return(initd=3D0,ubik_AbortTrans(tt),code)
+=20
+=20
+ static afs_int32 PTL_ADUserObject_to_uid(char* const objectString) {
+ afs_int32 retval;
+ char* attrs[] =3D { "uidNumber", NULL };
+ int result,i;
+ int foundName =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+ char newStr[PR_MAXNAMELEN];
+ memset(newStr, 0, PR_MAXNAMELEN);
+=20
+ for (i=3D0;(objectString[i] !=3D '\0' && (i < PR_MAXNAMELEN)); i++) {
+ if ((objectString[i] =3D=3D ',') && (objectString[(i-1)] !=3D '\\')) =
{
+ newStr[i] =3D '\0';
+ break;
+ } else {
+ newStr[i] =3D objectString[i];
+ }
+ }
+=20
+ initLDAP(); // init if not done
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, newStr, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return -1;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return -1;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return -1;
+=20
+ attr =3D ldap_first_attribute(ldapConnection, entry, &b=
er);
+ if (attr =3D=3D NULL) return -1;
+=20
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL)=
{
+ if (vals[0] !=3D NULL) {
+ retval =3D atol(vals[0]);
+ ldap_value_free(vals);
+ foundName =3D 1;
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ if (foundName =3D=3D 0) return -1;
+ return retval;
+ }
+=20
+ static afs_int32 PTL_ADGroupObject_to_gid(char* const objectString) {
+ afs_int32 retval;
+ char* attrs[] =3D { "gidNumber", NULL };
+ int result,i;
+ int foundName =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+ char newStr[PR_MAXNAMELEN];
+ memset(newStr, 0, PR_MAXNAMELEN);
+=20
+ for (i=3D0;(objectString[i] !=3D '\0' && (i < PR_MAXNAMELEN)); i++) {
+ if ((objectString[i] =3D=3D ',') && (objectString[(i-1)] !=3D '\\')) =
{
+ newStr[i] =3D '\0';
+ break;
+ } else {
+ newStr[i] =3D objectString[i];
+ }
+ }
+ =09
+=20
+ initLDAP(); // init if not done
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, newStr, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return -1;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if (result < 1) return -1;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return -1;
+=20
+ attr =3D ldap_first_attribute(ldapConnection, entry, &b=
er);
+ if (attr =3D=3D NULL) return -1;
+=20
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL)=
{
+ if (vals[0] !=3D NULL) {
+ retval =3D atol(vals[0]);
+ ldap_value_free(vals);
+ foundName =3D 1;
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ if (foundName =3D=3D 0) return -1;
+ return retval;
+ }
+=20
+ static afs_int32 PTL_uid_to_name(afs_int32 uid, char* const name) {
+ char uidstring[30];
+ char* attrs[] =3D { "sAMAccountName", NULL };
+ int result;
+ int foundName =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+ memset(name, 0, PR_MAXNAMELEN);
+=20
+ initLDAP(); // init if not done
+ sprintf(uidstring, "uidNumber=3D%d", uid);
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, uidstring, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return -1;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return PRPERM;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return PRPERM;
+=20
+ attr =3D ldap_first_attribute(ldapConnection, entry, &b=
er);
+ if (attr =3D=3D NULL) return PRPERM;
+=20
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL)=
{
+ if (vals[0] !=3D NULL) {
+ strncpy(name, vals[0], (PR_MAXNAMELEN-1));
+ ldap_value_free(vals);
+ foundName =3D 1;
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ if (foundName =3D=3D 0) return PRPERM;
+ return PRSUCCESS;
+ }
+=20
+ static afs_int32 PTL_gid_to_name(afs_int32 gid, char* const name) {
+ char gidstring[30];
+ char* attrs[] =3D { "sAMAccountName", NULL };
+ int result;
+ int foundName =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+ memset(name, 0, PR_MAXNAMELEN);
+=20
+ initLDAP(); // init if not done
+ sprintf(gidstring, "gidNumber=3D%d", gid);
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, gidstring, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return -1;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return PRPERM;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return PRPERM;
+=20
+ attr =3D ldap_first_attribute(ldapConnection, entry, &b=
er);
+ if (attr =3D=3D NULL) return PRPERM;
+=20
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL)=
{
+ if (vals[0] !=3D NULL) {
+ strncpy(name, vals[0], (PR_MAXNAMELEN-1));
+ ldap_value_free(vals);
+ foundName =3D 1;
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ if (foundName =3D=3D 0) return PRPERM;
+ return PRSUCCESS;
+ }
+=20
+ static afs_int32 PTL_name_to_uid(prname name) {
+ afs_int32 retval;
+ char unamestr[PR_MAXNAMELEN];
+ char* attrs[] =3D { "uidNumber", "objectClass", NULL };
+ int result;
+ int foundUid =3D 0;
+ int isUser =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+=20
+ memset(unamestr, 0, PR_MAXNAMELEN);
+=20
+ initLDAP(); // init if not done
+ sprintf(unamestr, "sAMAccountName=3D%s", name);
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, unamestr, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return -1;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return -1;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return -1;
+=20
+ for (attr =3D ldap_first_attribute(ldapConnection, entry, &ber); attr=
!=3D NULL; attr =3D ldap_next_attribute(ldapConnection, entry, ber)) {
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL=
) {
+ if (strncmp(attr, "uidNumber", 9) =3D=3D 0) {
+ if (vals[0] !=3D NULL) {
+ retval =3D (afs_int32) atol(vals[0]);
+ ldap_value_free(vals);
+ foundUid =3D 1;
+ }
+ } else if (strncmp(attr, "objectClass", 11) =3D=3D 0) {
+ int i;
+ for(i=3D0; vals[i] !=3D NULL; i++) {
+ if (strcmp("user", vals[i]) =3D=3D 0) {
+ isUser =3D 1;
+ break;
+ }
+ }
+ }
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ if ((foundUid =3D=3D 0) || (isUser =3D=3D 0)) return -1;
+ return retval;
+ }
+=20
+ static afs_int32 PTL_name_to_gid(prname name) {
+ afs_int32 retval;
+ char gnamestr[PR_MAXNAMELEN];
+ char* attrs[] =3D { "gidNumber", "objectClass", NULL };
+ int result;
+ int foundGid =3D 0;
+ int isGroup =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+=20
+ memset(gnamestr, 0, PR_MAXNAMELEN);
+=20
+ initLDAP(); // init if not done
+ sprintf(gnamestr, "sAMAccountName=3D%s", name);
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, gnamestr, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return -1;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return -1;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return -1;
+=20
+ for (attr =3D ldap_first_attribute(ldapConnection, entry, &ber); attr=
!=3D NULL; attr =3D ldap_next_attribute(ldapConnection, entry, ber)) {
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL=
) {
+ if (strncmp(attr, "gidNumber", 9) =3D=3D 0) {
+ if (vals[0] !=3D NULL) {
+ retval =3D (afs_int32) atol(vals[0]);
+ ldap_value_free(vals);
+ foundGid =3D 1;
+ }
+ } else if (strncmp(attr, "objectClass", 11) =3D=3D 0) {
+ int i;
+ for(i=3D0; vals[i] !=3D NULL; i++) {
+ if (strcmp("group", vals[i]) =3D=3D 0) {
+ isGroup =3D 1;
+ break;
+ }
+ }
+ }
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ if ((foundGid =3D=3D 0) || (isGroup =3D=3D 0)) return -1;
+ return retval;
+ }
+=20
+ static afs_int32 PTL_NameToID(prname name)
+ {
+ afs_int32 retval;
+ /*
+ SYSVIEWERID -203 system:ptsviewers
+ SYSADMINID -204 system:administrators
+ SYSBACKUPID -205 system:backup
+ ANYUSERID -101 system:anyuser
+ AUTHUSERID -102 system:authuser
+ ANONYMOUSID 32766 anonymous
+ */
+=20
+ if (name =3D=3D NULL) return ANONYMOUSID;
+ if (strcmp(name, "") =3D=3D 0) return ANONYMOUSID;
+=20
+ /* AFS has system:_____________ hard coded in places... */
+ if (strcmp(name, "system:administrators") =3D=3D 0) return SYSADMINID;
+ if (strcmp(name, "system:authuser") =3D=3D 0) return AUTHUSERID;
+ if (strcmp(name, "system:anyuser") =3D=3D 0) return ANYUSERID;
+ if (strcmp(name, "system:backup") =3D=3D 0) return SYSBACKUPID;
+ if (strcmp(name, "system:ptsviewers") =3D=3D 0) return SYSVIEWERID;
+ if (strcmp(name, "anonymous") =3D=3D 0) return ANONYMOUSID;
+=20
+ retval =3D PTL_name_to_gid(name);
+ if (retval =3D=3D -1) {
+ retval =3D PTL_name_to_uid(name);
+ if (retval =3D=3D -1) {
+ return ANONYMOUSID;
+ } else {
+ return retval;
+ }
+ } else {
+ return (-retval); // gid's are negative
+ }
+ =09
+ /* just in case */
+ return ANONYMOUSID;
+ }
+=20
+ static afs_int32 PTL_IDToName(afs_int32 id, prname name)
+ {
+ afs_int32 result =3D PRPERM;
+ char tmpname[PR_MAXNAMELEN];
+=20
+ memset(tmpname, 0, PR_MAXNAMELEN);
+ memset(name, 0, PR_MAXNAMELEN);
+=20
+ if (id =3D=3D SYSADMINID) {
+ strncpy(tmpname, "system:administrators", (PR_MAXNAMELEN-1));
+ } else if (id =3D=3D AUTHUSERID) {
+ strncpy(tmpname, "system:authuser", (PR_MAXNAMELEN-1));
+ } else if (id =3D=3D ANYUSERID) {
+ strncpy(tmpname, "system:anyuser", (PR_MAXNAMELEN-1));
+ } else if (id =3D=3D SYSBACKUPID) {
+ strncpy(tmpname, "system:backup", (PR_MAXNAMELEN-1));
+ } else if (id =3D=3D SYSVIEWERID) {
+ strncpy(tmpname, "system:ptsviewers", (PR_MAXNAMELEN-1));
+ } else if (id =3D=3D ANONYMOUSID) {
+ strncpy(tmpname, "anonymous", (PR_MAXNAMELEN-1));
+ } else if (id < 0) {
+ result =3D PTL_gid_to_name((-id), tmpname); // negate the name
+ if (result =3D=3D -1) {
+ snprintf(name, PR_MAXNAMELEN-1, "%d", (int)id);
+ return PRPERM;
+ }
+ } else {
+ result =3D PTL_uid_to_name(id, tmpname);
+ if (result =3D=3D -1) {
+ snprintf(name, PR_MAXNAMELEN-1, "%d", (int)id);
+ return PRPERM;
+ }
+ }
+=20
+ if (strlen(tmpname) >=3D PR_MAXNAMELEN) {
+ snprintf(name, PR_MAXNAMELEN-1, "nametoolong:%d", (int)id);
+ return PRPERM;
+ }
+ snprintf(name, PR_MAXNAMELEN-1, "%s", tmpname);
+ return PRSUCCESS;
+ }=09
+=20
+ afs_int32 PTL_is_a_member_bygid(afs_int32 uid, afs_int32 gid) {
+ char gidstring[30];
+ char* attrs[] =3D { "member", NULL };
+ int result, i, j;
+ int foundName =3D 0;
+ afs_int32 tmpval =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+ initLDAP(); // init if not done
+ sprintf(gidstring, "gidNumber=3D%d", gid);
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, gidstring, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return 0;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return 0;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return 0;
+=20
+ attr =3D ldap_first_attribute(ldapConnection, entry, &b=
er);
+ if (attr =3D=3D NULL) return 0;
+=20
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL)=
{
+ for(i=3D0; vals[i] !=3D NULL; i++) {
+ // vals are CN=3DUser\, Name,CN=3DUsers,DC=3Dengr,DC=3Diastate,DC=3D=
edu
+ tmpval =3D PTL_ADUserObject_to_uid(vals[i]);
+ if (tmpval =3D=3D uid) { foundName=3D1; break; } // yay we're a mem=
ber
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+ return foundName;
+ }
+=20
+ afs_int32 PTL_is_a_member_byuid(afs_int32 uid, afs_int32 gid) {
+ char uidstring[30];
+ char* attrs[] =3D { "memberOf", NULL };
+ int result, i, j;
+ int foundName =3D 0;
+ afs_int32 tmpval =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+ initLDAP(); // init if not done
+ sprintf(uidstring, "uidNumber=3D%d", uid);
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, uidstring, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return 0;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return 0;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return 0;
+=20
+ attr =3D ldap_first_attribute(ldapConnection, entry, &b=
er);
+ if (attr =3D=3D NULL) return 0;
+=20
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL)=
{
+ for(i=3D0; vals[i] !=3D NULL; i++) {
+ // vals are CN=3DUser\, Name,CN=3DUsers,DC=3Dengr,DC=3Diastate,DC=3D=
edu
+ tmpval =3D PTL_ADGroupObject_to_gid(vals[i]);
+ if (tmpval =3D=3D gid) { foundName=3D1; break; } // yay we're a mem=
ber
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ return foundName;
+ }
+=20
+ afs_int32 PTL_membership_count(afs_int32 id) {
+ char idstring[30];
+ char* attrs[] =3D { "memberOf", "member", NULL };
+ int result, i;
+ int retval =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+ initLDAP(); // init if not done
+=20
+ if (id < 0) {
+ sprintf(idstring, "gidNumber=3D%d", -id);
+ } else {
+ sprintf(idstring, "uidNumber=3D%d", id);
+ }
+=20
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, idstring, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return 0;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return 0;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return 0;
+=20
+ for (attr =3D ldap_first_attribute(ldapConnection, entr=
y, &ber); attr !=3D NULL; attr =3D ldap_next_attribute(ldapConnection, en=
try, ber)) {
+ if (((id < 0) && (strcmp(attr, "member") =3D=3D 0)) || ((id >=3D 0) =
&& (strcmp(attr, "memberOf") =3D=3D 0))) {
+ // count values if group and attr is member or if user and attr is =
memberOf
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NUL=
L) {
+ for(i=3D0; vals[i] !=3D NULL; i++) retval++;
+ }
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ return retval;
+ }
+=20
+ afs_int32 WhoIsThis (acall, at, aid)
+ struct rx_call *acall;
+ struct ubik_trans *at;
+ afs_int32 *aid;
+ {
+ int foreign =3D 0;
+ /* aid is set to the identity of the caller, if known, else ANONYMO=
USID */
+ /* returns -1 and sets aid to ANONYMOUSID on any failure */
+ register struct rx_connection *tconn;
+ register afs_int32 code;
+ char tcell[MAXKTCREALMLEN];
+ char name[MAXKTCNAMELEN];
+ char inst[MAXKTCNAMELEN];
+ int ilen;
+ char vname[256];
+=20
+ *aid =3D ANONYMOUSID;
+ tconn =3D rx_ConnectionOf(acall);
+ code =3D rx_SecurityClassOf(tconn);
+ if (code =3D=3D 0) return 0;
+ else if (code =3D=3D 1) { /* vab class */
+ goto done; /* no longer supported */
+ }
+ else if (code =3D=3D 2) { /* kad class */
+ if ((code =3D rxkad_GetServerInfo
+ (acall->conn, 0, 0/*was &exp*/,
+ name, inst, tcell, (afs_int32 *) 0)))
+ goto done;
+ #if 0
+ /* This test is unnecessary, since rxkad_GetServerInfo already check.
+ * In addition, this is wrong since exp must be unsigned. */
+ if (exp < FT_ApproxTime()) goto done;
+ #endif
+ if (strlen (tcell)) {
+ extern char *pr_realmName;
+ #if defined(AFS_ATHENA_STDENV) || defined(AFS_KERBREALM_ENV)
+ static char local_realm[AFS_REALM_SZ] =3D "";
+ if (!local_realm[0]) {
+ if (afs_krb_get_lrealm(local_realm, 0) !=3D 0/*KSUCCESS*/)
+ strncpy(local_realm, pr_realmName, AFS_REALM_SZ);
+ }
+ #endif
+ if (
+ #if defined(AFS_ATHENA_STDENV) || defined(AFS_KERBREALM_ENV)
+ strcasecmp (local_realm, tcell) &&
+ #endif
+ strcasecmp (pr_realmName, tcell))
+ foreign =3D 1;
+ }
+ strncpy (vname, name, sizeof(vname));
+ if (ilen =3D strlen (inst)) {
+ if (strlen(vname) + 1 + ilen >=3D sizeof(vname)) goto done;
+ strcat (vname, ".");
+ strcat (vname, inst);
+ }
+ if (foreign) {
+ if (strlen(vname) + strlen(tcell) + 1 >=3D sizeof(vname)) goto don=
e;
+ strcat (vname, "@");
+ strcat (vname, tcell);
+ }
+ if (strcmp (AUTH_SUPERUSER, vname) =3D=3D 0)
+ *aid =3D SYSADMINID; /* special case for the fileserver */
+ else {
+ lcstring(vname, vname, sizeof(vname));
+ *aid =3D PTL_NameToID(vname);
+ code =3D PRSUCCESS;
+ //code =3D PTL_NameToID(at,vname,aid);
+ }
+ }
+ done:
+ if (code && !pr_noAuth) return -1;
+ return 0;
+ }
+=20
+ afs_int32 SPR_INewEntry (call,aname,aid,oid)
+ struct rx_call *call;
+ char aname[PR_MAXNAMELEN];
+ afs_int32 aid;
+ afs_int32 oid;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_NewEntry (call, aname, flag, oid, aid)
+ struct rx_call *call;
+ char aname[PR_MAXNAMELEN];
+ afs_int32 flag;
+ afs_int32 oid;
+ afs_int32 *aid;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_WhereIsIt (call,aid,apos)
+ struct rx_call *call;
+ afs_int32 aid;
+ afs_int32 *apos;
+ {
+ return PRNOENT;
+ }
+=20
+=20
+ afs_int32 SPR_DumpEntry (call,apos, aentry)
+ struct rx_call *call;
+ afs_int32 apos;
+ struct prdebugentry *aentry;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_AddToGroup (call,aid,gid)
+ struct rx_call *call;
+ afs_int32 aid;
+ afs_int32 gid;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_NameToID (call, aname, aid)
+ struct rx_call *call;
+ namelist *aname;
+ idlist *aid;
+ {
+ afs_int32 code;
+=20
+ code =3D nameToID (call, aname, aid);
+ osi_auditU (call, PTS_NmToIdEvent, code, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 nameToID (call, aname, aid)
+ struct rx_call *call;
+ namelist *aname;
+ idlist *aid;
+ {
+ register afs_int32 code;
+ struct ubik_trans *tt;
+ afs_int32 i;
+ int size;
+ int count =3D 0;
+=20
+ /* Initialize return struct */
+ aid->idlist_len =3D 0;
+ aid->idlist_val =3D (afs_int32 *)0;
+ =20
+ size =3D aname->namelist_len;
+ if (size =3D=3D 0) return 0;
+ if (size < 0) return PRTOOMANY;
+=20
+ aid->idlist_val =3D (afs_int32 *)malloc(size*sizeof(afs_int32));
+ if (!aid->idlist_val) return PRNOMEM;
+=20
+=20
+ for (i=3D0;i<aname->namelist_len;i++) {
+ aid->idlist_val[i] =3D PTL_NameToID(aname->namelist_val[i]);
+ code =3D PRSUCCESS;
+ /* code =3D NameToID(tt,aname->namelist_val[i],&aid->idlist_val[i]);
+ if (code !=3D PRSUCCESS) aid->idlist_val[i] =3D ANONYMOUSID; */
+ if (count++ > 50) IOMGR_Poll(), count =3D 0;
+ }
+ aid->idlist_len =3D aname->namelist_len;
+=20
+ if (code) return code;
+ return PRSUCCESS;
+ }
+=20
+ /*
+ * SPR_IDToName
+ * Given an array of ids, find the name for each of them.
+ * The array of ids and names is unlimited.
+ */
+ afs_int32 SPR_IDToName (call, aid, aname)
+ struct rx_call *call;
+ idlist *aid;
+ namelist *aname;
+ {
+ afs_int32 code;
+=20
+ code =3D idToName (call, aid, aname);
+ osi_auditU (call, PTS_IdToNmEvent, code, AUD_LONG, aid, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 idToName (call, aid, aname)
+ struct rx_call *call;
+ idlist *aid;
+ namelist *aname;
+ {
+ register afs_int32 code;
+ struct ubik_trans *tt;
+ afs_int32 i;
+ int size;
+ int count =3D 0;
+=20
+ /* leave this first for rpc stub */
+ size =3D aid->idlist_len;
+ if (size =3D=3D 0) return 0;
+ if (size < 0) return PRTOOMANY;
+ aname->namelist_val =3D (prname *)malloc(size*PR_MAXNAMELEN);
+ aname->namelist_len =3D 0;
+ if (aname->namelist_val =3D=3D 0) return PRNOMEM;
+ if (aid->idlist_len =3D=3D 0) return 0;
+ if (size =3D=3D 0) return PRTOOMANY; /* rxgen will probably handle =
this */
+ for (i=3D0;i<aid->idlist_len;i++) {
+ code =3D PTL_IDToName(aid->idlist_val[i], aname->namelist_val[i]);
+ /* code =3D IDToName(tt,aid->idlist_val[i],aname->namelist_val[i]); */
+ if (code !=3D PRSUCCESS)
+ sprintf(aname->namelist_val[i],"%d",aid->idlist_val[i]);
+ if (count++ > 50) IOMGR_Poll(), count =3D 0;
+ }
+ aname->namelist_len =3D aid->idlist_len;
+=20
+ if (code) return code;
+ return PRSUCCESS;
+ }
+=20
+ afs_int32 SPR_Delete (call, aid)
+ struct rx_call *call;
+ afs_int32 aid;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_UpdateEntry (call, aid, name, uentry)
+ struct rx_call *call;
+ afs_int32 aid;
+ char *name;
+ struct PrUpdateEntry *uentry;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_RemoveFromGroup (call,aid,gid)
+ struct rx_call *call;
+ afs_int32 aid;
+ afs_int32 gid;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_GetCPS (call, aid, alist, over)
+ struct rx_call *call;
+ afs_int32 aid;
+ prlist *alist;
+ afs_int32 *over;
+ {
+ afs_int32 code;
+=20
+ code =3D getCPS (call, aid, alist, over);
+ osi_auditU (call, PTS_GetCPSEvent, code, AUD_LONG, aid, AUD_END);
+ return code;
+ }
+=20
+=20
+ /* Helper function for sorting in GetCPS */
+=20
+ static int compare_ids(const void *x, const void *y)
+ {
+ afs_int32 *a =3D (afs_int32 *)x;
+ afs_int32 *b =3D (afs_int32 *)y;
+=20
+ if (*a > *b) return 1;
+ if (*a < *b) return -1;
+ return 0;
+ }
+=20
+ afs_int32 getCPS (call, id, elist, over)
+ struct rx_call *call;
+ afs_int32 id;
+ prlist *elist;
+ afs_int32 *over;
+ {
+ register afs_int32 code;
+ struct ubik_trans *tt;
+ int curPos =3D 0;
+ afs_int32 temp;
+ afs_int32 cid;
+ struct prentry tentry;
+ FILE* tmp;
+=20
+ afs_int32 result;
+ afs_int32 retval;
+=20
+ char uidstring[30];
+ char* attrs[] =3D { "memberOf", NULL };
+ int i;
+ afs_int32 tmpval =3D 0;
+=20
+ LDAPMessage* ld_err;
+ LDAPMessage* entry;
+ BerElement* ber;
+=20
+ char *attr;
+ char **vals;
+=20
+ *over =3D 0;
+=20
+ if ((id =3D=3D ANYUSERID) || (id =3D=3D ANONYMOUSID)) {
+ elist->prlist_len =3D 1;
+ if (id =3D=3D ANONYMOUSID) elist->prlist_len =3D 2;
+ elist->prlist_val =3D malloc(elist->prlist_len * sizeof(afs_int32));
+ if (elist->prlist_val =3D=3D NULL) {
+ return PRNOMEM;
+ }
+ elist->prlist_val[0] =3D ANYUSERID;
+ /* also include -101, ANYUSERID if ANONYMOUSID */
+ if (id =3D=3D ANONYMOUSID) elist->prlist_val[1] =3D ANONYMOUSID;
+=20
+ return PRSUCCESS;
+ }
+=20
+ elist->prlist_len =3D 3;
+ elist->prlist_val =3D malloc(elist->prlist_len*sizeof(afs_int32));
+=20
+ if (elist->prlist_val =3D=3D NULL) {
+ return PRNOMEM;
+ }
+=20
+ elist->prlist_val[curPos++] =3D AUTHUSERID;
+ elist->prlist_val[curPos++] =3D ANYUSERID;
+ elist->prlist_val[curPos++] =3D id;
+=20
+ retval =3D PRSUCCESS;
+=20
+ initLDAP(); // init if not done
+=20
+ sprintf(uidstring, "uidNumber=3D%d", id);
+ result =3D ldap_search_s(ldapConnection, __config->ldc_base, __config-=
>ldc_scope, uidstring, attrs, 0 , &ld_err);
+ if (result !=3D LDAP_SUCCESS) {
+ return PRNOENT;
+ } else {
+ result =3D ldap_count_entries(ldapConnection, ld_err);
+=20
+ if ((result < 1) || (result > 1)) return PRNOENT;
+=20
+ entry =3D ldap_first_entry(ldapConnection, ld_err);
+ if (entry =3D=3D NULL) return PRNOENT;
+=20
+ attr =3D ldap_first_attribute(ldapConnection, entry, &b=
er);
+ if (attr =3D=3D NULL) return PRNOENT;
+=20
+ if((vals =3D ldap_get_values(ldapConnection, entry, attr)) !=3D NULL)=
{
+ for(i=3D0; vals[i] !=3D NULL; i++) {
+ // vals are CN=3DUser\, Name,CN=3DUsers,DC=3Dengr,DC=3Diastate,DC=3D=
edu
+ tmpval =3D PTL_ADGroupObject_to_gid(vals[i]); // tmpval has gid or =
-1
+ if (((-tmpval) !=3D ANONYMOUSID) && (tmpval > -1)) {
+ elist->prlist_len +=3D 1;
+ elist->prlist_val =3D realloc(elist->prlist_val, elist->prlist_len=
* sizeof(afs_int32));
+=20
+ if (elist->prlist_val =3D=3D NULL) {
+ retval =3D PRNOMEM;
+ break;
+ }
+=20
+ elist->prlist_val[curPos++] =3D (-tmpval);
+ }
+ }
+ }
+ ldap_memfree(attr);
+ if (ber !=3D NULL) ber_free(ber, 0);
+ }
+ ldap_msgfree(ld_err);
+=20
+ if (retval =3D=3D PRSUCCESS) {
+ qsort(elist->prlist_val, elist->prlist_len, sizeof(afs_int32), compar=
e_ids);
+ }
+ return retval;
+ }
+=20
+ #ifdef IP_WILDCARDS
+ int inCPS (CPS,id)
+ prlist CPS;
+ afs_int32 id;
+ {
+ int i;
+ =20
+ for (i =3D (CPS.prlist_len-1) ; i >=3D 0; i--) {
+ if (CPS.prlist_val[i] =3D=3D id)=20
+ return(1);
+ }
+ return(0);
+ }
+ #endif /* IP_WILDCARDS */
+=20
+=20
+ afs_int32 SPR_GetCPS2 (call, aid, ahost, alist, over)
+ struct rx_call *call;
+ afs_int32 aid;
+ afs_int32 ahost;
+ prlist *alist;
+ afs_int32 *over;
+ {
+ afs_int32 code;
+=20
+ code =3D getCPS2 (call, aid, ahost, alist, over);
+ osi_auditU (call, PTS_GetCPS2Event, code, AUD_LONG, aid, AUD_HOST, ah=
ost, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 getCPS2 (call, aid, ahost, alist, over)
+ struct rx_call *call;
+ afs_int32 aid;
+ afs_int32 ahost;
+ prlist *alist;
+ afs_int32 *over;
+ {
+ return PRPERM;
+ }
+=20
+=20
+ afs_int32 SPR_GetHostCPS (call, ahost, alist, over)
+ struct rx_call *call;
+ afs_int32 ahost;
+ prlist *alist;
+ afs_int32 *over;
+ {
+ afs_int32 code;
+=20
+ code =3D getHostCPS (call, ahost, alist, over);
+ osi_auditU (call, PTS_GetHCPSEvent, code, AUD_HOST, ahost, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 getHostCPS (call, ahost, alist, over)
+ struct rx_call *call;
+ afs_int32 ahost;
+ prlist *alist;
+ afs_int32 *over;
+ {
+ return PRPERM;
+ }
+=20
+=20
+ afs_int32 SPR_ListMax (call,uid,gid)
+ struct rx_call *call;
+ afs_int32 *uid;
+ afs_int32 *gid;
+ {
+ afs_int32 code;
+=20
+ code =3D listMax(call,uid,gid);
+ osi_auditU (call, PTS_LstMaxEvent, code, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 listMax (call,uid,gid)
+ struct rx_call *call;
+ afs_int32 *uid;
+ afs_int32 *gid;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_SetMax (call,aid,gflag)
+ struct rx_call *call;
+ afs_int32 aid;
+ afs_int32 gflag;
+ {
+ afs_int32 code;
+=20
+ code =3D setMax (call,aid,gflag);
+ osi_auditU (call, PTS_SetMaxEvent, code, AUD_LONG, aid, AUD_LONG, gfl=
ag, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 setMax (call,aid,gflag)
+ struct rx_call *call;
+ afs_int32 aid;
+ afs_int32 gflag;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_IsAMemberOf (call,uid,gid,flag)
+ struct rx_call *call;
+ afs_int32 uid;
+ afs_int32 gid;
+ afs_int32 *flag;
+ {
+ afs_int32 code;
+=20
+ code =3D isAMemberOf (call,uid,gid,flag);
+ osi_auditU (call, PTS_IsMemOfEvent, code, AUD_LONG, uid, AUD_LONG, gi=
d, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 isAMemberOf (call,uid,gid,flag)
+ struct rx_call *call;
+ afs_int32 uid;
+ afs_int32 gid;
+ afs_int32 *flag;
+ {
+ *flag =3D 0;
+ *flag =3D PTL_is_a_member_bygid(uid, (-gid));
+ return PRSUCCESS;
+ }
+=20
+=20
+ afs_int32 SPR_ListEntry (call,aid,aentry)
+ struct rx_call *call;
+ afs_int32 aid;
+ struct prcheckentry *aentry;
+ {
+ afs_int32 code;
+=20
+ code =3D listEntry (call,aid,aentry);
+ osi_auditU (call, PTS_LstEntEvent, code, AUD_LONG, aid, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 SPR_ListEntries(call, flag, startindex, bulkentries, nextstar=
tindex)
+ struct rx_call *call;
+ afs_int32 flag;
+ afs_int32 startindex;
+ prentries *bulkentries;
+ afs_int32 *nextstartindex;
+ {
+ afs_int32 code;
+=20
+ code =3D listEntries(call, flag, startindex, bulkentries, nextstartin=
dex);
+ osi_auditU (call, PTS_LstEntsEvent, code, AUD_LONG, flag, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 listEntries(call, flag, startindex, bulkentries, nextstartind=
ex)
+ struct rx_call *call;
+ afs_int32 flag;
+ afs_int32 startindex;
+ prentries *bulkentries;
+ afs_int32 *nextstartindex;
+ {
+ return PRPERM;
+ }
+=20
+ #define PR_MAXENTRIES 500
+=20
+ afs_int32 SPR_ChangeEntry (call,aid,name,oid,newid)
+ struct rx_call *call;
+ afs_int32 aid;
+ char *name;
+ afs_int32 oid;
+ afs_int32 newid;
+ {
+ afs_int32 code;
+=20
+ code =3D changeEntry (call,aid,name,oid,newid);
+ osi_auditU (call, PTS_ChgEntEvent, code, AUD_LONG, aid, AUD_STR, nam=
e,=20
+ AUD_LONG, oid,=20
+ AUD_LONG, newid, AUD=
_END);
+ return code;
+ }
+=20
+ afs_int32 changeEntry (call,aid,name,oid,newid)
+ struct rx_call *call;
+ afs_int32 aid;
+ char *name;
+ afs_int32 oid;
+ afs_int32 newid;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_SetFieldsEntry (call, id, mask, flags, ngroups, nusers, s=
pare1, spare2)
+ struct rx_call *call;
+ afs_int32 id;
+ afs_int32 mask; /* specify which fields to update */
+ afs_int32 flags, ngroups, nusers;
+ afs_int32 spare1, spare2;
+ {
+ afs_int32 code;
+=20
+ code =3D setFieldsEntry (call, id, mask, flags, ngroups, nusers, spar=
e1, spare2);
+ osi_auditU (call, PTS_SetFldEntEvent, code, AUD_LONG, id, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 setFieldsEntry (call, id, mask, flags, ngroups, nusers, spare=
1, spare2)
+ struct rx_call *call;
+ afs_int32 id;
+ afs_int32 mask; /* specify which fields to update */
+ afs_int32 flags, ngroups, nusers;
+ afs_int32 spare1, spare2;
+ {
+ return PRPERM;
+ }
+=20
+ afs_int32 SPR_ListElements (call, aid, alist, over)
+ struct rx_call *call;
+ afs_int32 aid;
+ prlist *alist;
+ afs_int32 *over;
+ {
+ afs_int32 code;
+=20
+ code =3D listElements (call, aid, alist, over);
+ osi_auditU (call, PTS_LstEleEvent, code, AUD_LONG, aid, AUD_END);
+ return code;
+ }
+=20
+=20
+ /*=20
+ * SPR_ListOwned
+ * List the entries owned by this id. If the id is zero,
+ * return the orphans list. This will return up to PR_MAXGROUPS
+ * at a time with the lastP available to get the rest. The
+ * maximum value is enforced in GetOwnedChain().
+ */
+ afs_int32 SPR_ListOwned (call, aid, alist, lastP)
+ struct rx_call *call;
+ afs_int32 aid;
+ prlist *alist;
+ afs_int32 *lastP;
+ {
+ afs_int32 code;
+=20
+ code =3D listOwned (call, aid, alist, lastP);
+ osi_auditU (call, PTS_LstOwnEvent, code, AUD_LONG, aid, AUD_END);
+ return code;
+ }
+=20
+ afs_int32 listOwned (call, aid, alist, lastP)
+ struct rx_call *call;
+ afs_int32 aid;
+ prlist *alist;
+ afs_int32 *lastP;
+ {
+ return PRPERM;
+ }
+=20
+ static stolower(s)
+ register char *s;
+ {
+ register int tc;
+ while ((tc =3D *s)) {
+ if (isupper(tc)) *s =3D tolower(tc);
+ s++;
+ }
+ }
+=20
+=20
+ afs_int32 WhoIsThisWithName(acall, at, aid, aname)
+ struct rx_call *acall;
+ struct ubik_trans *at;
+ afs_int32 *aid;
+ char *aname;
+ {
+ /* aid is set to the identity of the caller, if known, else ANONYMO=
USID */
+ /* returns -1 and sets aid to ANONYMOUSID on any failure */
+ register struct rx_connection *tconn;
+ register afs_int32 code;
+ char tcell[MAXKTCREALMLEN];
+ char name[MAXKTCNAMELEN];
+ char inst[MAXKTCNAMELEN];
+ int ilen;
+ char vname[256];
+=20
+ *aid =3D ANONYMOUSID;
+ tconn =3D rx_ConnectionOf(acall);
+ code =3D rx_SecurityClassOf(tconn);
+ if (code =3D=3D 0) return 0;
+ else if (code =3D=3D 1) { /* vab class */
+ goto done; /* no longer supported */
+ }
+ else if (code =3D=3D 2) { /* kad class */
+=20
+ int clen;
+ extern char *pr_realmName;
+=20
+ if ((code =3D rxkad_GetServerInfo
+ (acall->conn, 0, 0/*was &exp*/,
+ name, inst, tcell, (afs_int32 *) 0)))
+ goto done;
+ strncpy (vname, name, sizeof(vname));
+ if ((ilen =3D strlen(inst))) {
+ if (strlen(vname) + 1 + ilen >=3D sizeof(vname)) goto done;
+ strcat (vname, ".");
+ strcat (vname, inst);
+ }
+ if ( (clen =3D strlen(tcell))) {
+=20
+ #if defined(AFS_ATHENA_STDENV) || defined(AFS_KERBREALM_ENV)
+ static char local_realm[AFS_REALM_SZ] =3D "";
+ if (!local_realm[0]) {
+ if (afs_krb_get_lrealm(local_realm, 0) !=3D 0/*KSUCCESS*/)
+ strncpy(local_realm, pr_realmName, AFS_REALM_SZ);
+ }
+ #endif
+ if (
+ #if defined(AFS_ATHENA_STDENV) || defined(AFS_KERBREALM_ENV)
+ strcasecmp (local_realm, tcell) &&
+ #endif
+ strcasecmp (pr_realmName, tcell))
+ {
+ if (strlen(vname) + 1 + clen >=3D sizeof(vname)) goto done;
+ strcat(vname,"@");
+ strcat(vname,tcell);
+ lcstring(vname, vname, sizeof(vname));
+ *aid =3D PTL_NameToID(vname);
+ code =3D PRSUCCESS;
+ strcpy(aname,vname);
+ return 2;
+ }
+ }
+=20
+ if (strcmp (AUTH_SUPERUSER, vname) =3D=3D 0)
+ *aid =3D SYSADMINID; /* special case for the fileserver */
+ else {
+ lcstring(vname, vname, sizeof(vname));
+ *aid =3D PTL_NameToID(vname);
+ code =3D PRSUCCESS;
+ }
+ }
+ done:
+ if (code && !pr_noAuth) return -1;
+ return 0;
+ }
+=20
+ //int AccessOK (ut, cid, tentry, mem, any)
+ // struct ubik_trans *ut;
+ // afs_int32 cid; /* caller id */
+ // struct prentry *tentry; /* object being accessed */
+ // int mem; /* check membership in aid, if group */
+ // int any; /* if set return true */
+ //{ afs_int32 flags;
+ // afs_int32 oid;
+ // afs_int32 aid;
+ //
+ // if (pr_noAuth) return 1;
+ // if (cid =3D=3D SYSADMINID) return 1; /* special case fileserver *=
/
+ // if (cid =3D=3D ANONYMOUSID) return 0; /* anonymous has no power=
here */
+ // if (tentry) {
+ // flags =3D tentry->flags;
+ // oid =3D tentry->owner;
+ // aid =3D tentry->id;
+ // } else {
+ // flags =3D oid =3D aid =3D 0;
+ // }
+ // if (!(flags & PRACCESS)) { /* provide default access */
+ // if (flags & PRGRP)
+ // flags |=3D PRP_GROUP_DEFAULT;
+ // else
+ // flags |=3D PRP_USER_DEFAULT;
+ // }
+ //
+ // if (flags & any) return 1;
+ // if (oid) {
+ // if ((cid =3D=3D oid) || PTL_is_a_member_bygid(cid, (-SYSADMINID)) ) =
return 1;
+ // }
+ // if (aid > 0) { /* checking on a user */
+ // if (aid =3D=3D cid) return 1; // allow user to lookup themselves
+ // } else if (aid < 0) { /* checking on group */
+ // if ((flags & mem) && PTL_is_a_member_bygid(cid, (-aid))) return 1; /=
/ allow members of a group to look up the group
+ // }
+ // /* Allow members of SYSVIEWERID to get membership and status only=
*/
+ // if (((mem =3D=3D PRP_STATUS_MEM)||(mem =3D=3D PRP_MEMBER_MEM))&&(=
PTL_is_a_member_bygid(cid, (-SYSVIEWERID)))) return 1;
+ // if (PTL_is_a_member_bygid(cid, (-SYSADMINID))) return 1; // allow=
caller to view if sysadmin
+ // return 0; /* no access */
+ //}
+=20
+ afs_int32 listEntry (call,aid,aentry)
+ struct rx_call *call;
+ afs_int32 aid;
+ struct prcheckentry *aentry;
+ {
+ register afs_int32 code;
+ struct ubik_trans *tt;
+ afs_int32 cid;
+ afs_int32 temp;
+ struct prentry tentry;
+=20
+ code =3D WhoIsThis(call,tt,&cid);
+ if (code) ABORT_WITH(tt,PRPERM);
+ if (!AccessOK (tt, cid, NULL, PRP_STATUS_MEM, PRP_STATUS_ANY)) {
+ ABORT_WITH(tt,PRPERM);
+ }
+=20
+ afs_int32 *tmpflag;
+ SPR_IsAMemberOf(call, aid, SYSADMINID, tmpflag);
+ if (*tmpflag =3D=3D 1) {
+ aentry->flags =3D 0x80;
+ }
+ //aentry->flags =3D 0x80;
+=20
+ aentry->owner =3D SYSADMINID;
+ aentry->id =3D aid;
+ PTL_IDToName(aid, aentry->name);
+ aentry->creator =3D SYSADMINID;
+ aentry->ngroups =3D 0;
+ aentry->nusers =3D 0;
+ aentry->count =3D PTL_membership_count(aid);
+ memset(aentry->reserved, 0, sizeof(aentry->reserved));
+ if (code) return code;
+ return PRSUCCESS;
+ }
+=20
+ afs_int32 listElements (call, aid, alist, over)
+ struct rx_call *call;
+ afs_int32 aid;
+ prlist *alist;
+ afs_int32 *over;
+ {
+ return PRPERM;
+ register afs_int32 code;
+ struct ubik_trans *tt;
+ afs_int32 cid;
+ afs_int32 temp;
+ struct prentry tentry;
+=20
+ *over =3D 0;
+ alist->prlist_len =3D 0;
+ alist->prlist_val =3D (afs_int32 *) 0;
+=20
+ code =3D WhoIsThis(call,tt,&cid);
+ if (code) ABORT_WITH(tt,PRPERM);
+=20
+ if (!AccessOK (tt, cid, NULL, PRP_MEMBER_MEM, PRP_MEMBER_ANY))
+ ABORT_WITH(tt,PRPERM);
+ =09
+ if (code !=3D PRSUCCESS) ABORT_WITH(tt,code);
+=20
+ return code;
+ }
+=20
+ /*
+ afs_int32 AddToPRList (alist, sizeP, id)
+ prlist *alist;
+ int *sizeP;
+ afs_int32 id;
+ {
+ char *tmp;
+ int count;
+=20
+ if (alist->prlist_len >=3D *sizeP) {
+ count =3D alist->prlist_len + 100;
+ if (alist->prlist_val) {
+ tmp =3D (char *) realloc(alist->prlist_val, count*sizeof(afs_int32)=
);
+ } else {
+ tmp =3D (char *) malloc(count*sizeof(afs_int32));
+ }
+ if (!tmp) return(PRNOMEM);
+ alist->prlist_val =3D (afs_int32 *)tmp;
+ *sizeP =3D count;
+ }
+ alist->prlist_val[alist->prlist_len++] =3D id;
+ return 0;
+ }
+ */
+=20
+ afs_int32
+ SPR_ListSuperGroups(call, aid, alist, over)
+ struct rx_call *call;
+ afs_int32 aid;
+ prlist *alist;
+ afs_int32 *over;
+ {
+ return RXGEN_OPCODE;
+ }
diff -cNr openafs-1.3.80/src/ptserver/ptsldaputils.c openafs-1.3.80-2/src=
/ptserver/ptsldaputils.c
*** openafs-1.3.80/src/ptserver/ptsldaputils.c 1969-12-31 18:00:00.000000=
000 -0600
--- openafs-1.3.80-2/src/ptserver/ptsldaputils.c 2005-04-25 08:40:45.0000=
00000 -0500
***************
*** 0 ****
--- 1,11 ----
+ #define LDAP_CONF_FILE /etc/ldap.conf
+=20
+ typedef struct struct_ldap_config {
+ char** servers;
+ char* binddn;
+ char* bindpw;
+ char* base;
+ int version;
+ int port;
+ int scope;
+ } ldap_config;
------=_20050426174124_41180--