Back to index

openldap  2.4.31
Classes | Defines | Typedefs | Enumerations | Functions | Variables
nssov.h File Reference
#include <stdio.h>
#include "nslcd.h"
#include "nslcd-prot.h"
#include "tio.h"
#include "attrs.h"
#include "portable.h"
#include "slap.h"
#include <ac/string.h>
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  nssov_mapinfo
struct  nssov_info

Defines

#define NSLCD_PATH   "/var/run/nslcd"
#define NSLCD_SOCKET   NSLCD_PATH "/socket"
#define NI_PAM_USERHOST   1 /* old style host checking */
#define NI_PAM_USERSVC   2 /* old style service checking */
#define NI_PAM_USERGRP   4 /* old style group checking */
#define NI_PAM_HOSTSVC   8 /* new style authz checking */
#define NI_PAM_SASL2DN   0x10 /* use sasl2dn */
#define NI_PAM_UID2DN   0x20 /* use uid2dn */
#define NI_PAM_OLD   (NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP)
#define NI_PAM_NEW   NI_PAM_HOSTSVC
#define ERROR_OUT_WRITEERROR(fp)
#define ERROR_OUT_READERROR(fp)
#define ERROR_OUT_BUFERROR(fp)
#define WRITE_BERVAL(fp, bv)
#define WRITE_BVARRAY(fp, arr)
#define WRITE_ADDRESS(fp, addr)
#define READ_ADDRESS(fp, addr, len, af)
#define NSSOV_INIT(db)
#define NSSOV_CBPRIV(db, parms)
#define NSSOV_CB(db)
#define NSSOV_HANDLE(db, fn, readfn, logcall, action, mkfilter)

Typedefs

typedef struct nssov_mapinfo nssov_mapinfo
typedef struct nssov_info nssov_info

Enumerations

enum  nssov_map_selector {
  NM_alias, NM_ether, NM_group, NM_host,
  NM_netgroup, NM_network, NM_passwd, NM_protocol,
  NM_rpc, NM_service, NM_shadow, NM_NONE
}

Functions

void nssov_cfg_init (nssov_info *ni, const char *fname)
void get_userpassword (struct berval *attr, struct berval *pw)
int write_address (TFILE *fp, struct berval *addr)
int read_address (TFILE *fp, char *addr, int *addrlen, int *af)
int isvalidusername (struct berval *name)
int nssov_dn2uid (Operation *op, nssov_info *ni, struct berval *dn, struct berval *uid)
int nssov_uid2dn (Operation *op, nssov_info *ni, struct berval *uid, struct berval *dn)
int nssov_name2dn_cb (Operation *op, SlapReply *rs)
int nssov_escape (struct berval *src, struct berval *dst)
int nssov_filter_byname (nssov_mapinfo *mi, int key, struct berval *name, struct berval *buf)
int nssov_filter_byid (nssov_mapinfo *mi, int key, struct berval *id, struct berval *buf)
void nssov_alias_init (nssov_info *ni)
void nssov_ether_init (nssov_info *ni)
void nssov_group_init (nssov_info *ni)
void nssov_host_init (nssov_info *ni)
void nssov_netgroup_init (nssov_info *ni)
void nssov_network_init (nssov_info *ni)
void nssov_passwd_init (nssov_info *ni)
void nssov_protocol_init (nssov_info *ni)
void nssov_rpc_init (nssov_info *ni)
void nssov_service_init (nssov_info *ni)
void nssov_shadow_init (nssov_info *ni)
int nssov_pam_init (void)
int nssov_alias_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_alias_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_ether_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_ether_byether (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_ether_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_group_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_group_bygid (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_group_bymember (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_group_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_host_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_host_byaddr (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_host_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_netgroup_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_network_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_network_byaddr (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_network_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_passwd_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_passwd_byuid (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_passwd_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_protocol_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_protocol_bynumber (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_protocol_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_rpc_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_rpc_bynumber (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_rpc_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_service_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_service_bynumber (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_service_all (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_shadow_byname (nssov_info *ni, TFILE *fp, Operation *op)
int nssov_shadow_all (nssov_info *ni, TFILE *fp, Operation *op)
int pam_authc (nssov_info *ni, TFILE *fp, Operation *op)
int pam_authz (nssov_info *ni, TFILE *fp, Operation *op)
int pam_sess_o (nssov_info *ni, TFILE *fp, Operation *op)
int pam_sess_c (nssov_info *ni, TFILE *fp, Operation *op)
int pam_pwmod (nssov_info *ni, TFILE *fp, Operation *op)

Variables

AttributeDescriptionnssov_pam_host_ad
AttributeDescriptionnssov_pam_svc_ad

Class Documentation

struct nssov_mapinfo

Definition at line 63 of file nssov.h.

Collaboration diagram for nssov_mapinfo:
Class Members
struct berval * mi_attrkeys
AttributeName * mi_attrs
int mi_scope
struct nssov_info

Definition at line 72 of file nssov.h.

Collaboration diagram for nssov_info:
Class Members
Connection * ni_conn
BackendDB * ni_db
AttributeDescription * ni_pam_group_ad
int ni_pam_max_uid
int ni_pam_min_uid
slap_mask_t ni_pam_opts
struct berval * ni_pam_sessions
AttributeDescription * ni_pam_template_ad
int ni_socket
int ni_timelimit

Define Documentation

#define ERROR_OUT_BUFERROR (   fp)
Value:
Debug(LDAP_DEBUG_ANY,"nssov: client supplied argument too large\n",0,0,0); \
  return -1;

Definition at line 122 of file nssov.h.

#define ERROR_OUT_READERROR (   fp)
Value:
Debug(LDAP_DEBUG_ANY,"nssov: error reading from client\n",0,0,0); \
  return -1;

Definition at line 118 of file nssov.h.

#define ERROR_OUT_WRITEERROR (   fp)
Value:
Debug(LDAP_DEBUG_ANY,"nssov: error writing to client\n",0,0,0); \
  return -1;

Definition at line 114 of file nssov.h.

#define NI_PAM_HOSTSVC   8 /* new style authz checking */

Definition at line 96 of file nssov.h.

#define NI_PAM_NEW   NI_PAM_HOSTSVC

Definition at line 101 of file nssov.h.

Definition at line 100 of file nssov.h.

#define NI_PAM_SASL2DN   0x10 /* use sasl2dn */

Definition at line 97 of file nssov.h.

#define NI_PAM_UID2DN   0x20 /* use uid2dn */

Definition at line 98 of file nssov.h.

#define NI_PAM_USERGRP   4 /* old style group checking */

Definition at line 95 of file nssov.h.

#define NI_PAM_USERHOST   1 /* old style host checking */

Definition at line 93 of file nssov.h.

#define NI_PAM_USERSVC   2 /* old style service checking */

Definition at line 94 of file nssov.h.

#define NSLCD_PATH   "/var/run/nslcd"

Definition at line 22 of file nssov.h.

#define NSLCD_SOCKET   NSLCD_PATH "/socket"

Definition at line 26 of file nssov.h.

#define NSSOV_CB (   db)
Value:
static int nssov_##db##_cb(Operation *op, SlapReply *rs) \
  { \
    if ( rs->sr_type == REP_SEARCH ) { \
    nssov_##db##_cbp *cbp = op->o_callback->sc_private; \
       if (write_##db(cbp,rs->sr_entry)) return LDAP_OTHER; \
  } \
  return LDAP_SUCCESS; \
  } \

Definition at line 275 of file nssov.h.

#define NSSOV_CBPRIV (   db,
  parms 
)
Value:
typedef struct nssov_##db##_cbp { \
  	nssov_mapinfo *mi; \
       TFILE *fp; \
	Operation *op; \
       parms \
  } nssov_##db##_cbp

Definition at line 266 of file nssov.h.

#define NSSOV_HANDLE (   db,
  fn,
  readfn,
  logcall,
  action,
  mkfilter 
)

Definition at line 286 of file nssov.h.

#define NSSOV_INIT (   db)
Value:
void nssov_##db##_init(nssov_info *ni) \
 { \
	nssov_mapinfo *mi = &ni->ni_maps[NM_##db]; \
       int i; \
       for (i=0;!BER_BVISNULL(&db##_keys[i]);i++); \
       i++; \
       mi->mi_attrs = ch_malloc( i*sizeof(AttributeName)); \
       for (i=0;!BER_BVISNULL(&db##_keys[i]);i++) { \
              mi->mi_attrs[i].an_name = db##_keys[i]; \
              mi->mi_attrs[i].an_desc = NULL; \
       } \
       mi->mi_scope = LDAP_SCOPE_DEFAULT; \
       mi->mi_filter0 = db##_filter; \
       ber_dupbv( &mi->mi_filter, &mi->mi_filter0 ); \
       mi->mi_filter = db##_filter; \
       mi->mi_attrkeys = db##_keys; \
       BER_BVZERO(&mi->mi_base); \
 }

Definition at line 245 of file nssov.h.

#define READ_ADDRESS (   fp,
  addr,
  len,
  af 
)
Value:
len=(int)sizeof(addr); \
  if (read_address(fp,addr,&(len),&(af))) \
    return -1;

Definition at line 171 of file nssov.h.

#define WRITE_ADDRESS (   fp,
  addr 
)
Value:
if (write_address(fp,addr)) \
    return -1;

Definition at line 163 of file nssov.h.

#define WRITE_BERVAL (   fp,
  bv 
)
Value:
DEBUG_PRINT("WRITE_STRING: var="__STRING(bv)" string=\"%s\"",(bv)->bv_val); \
  if ((bv)==NULL) \
  { \
    WRITE_INT32(fp,0); \
  } \
  else \
  { \
    WRITE_INT32(fp,(bv)->bv_len); \
    if (tmpint32>0) \
      { WRITE(fp,(bv)->bv_val,tmpint32); } \
  }

Definition at line 126 of file nssov.h.

#define WRITE_BVARRAY (   fp,
  arr 
)
Value:
/* first determine length of array */ \
  for (tmp3int32=0;(arr)[tmp3int32].bv_val!=NULL;tmp3int32++) \
    /*nothing*/ ; \
  /* write number of strings */ \
  DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d",(int)tmp3int32); \
  WRITE_TYPE(fp,tmp3int32,int32_t); \
  /* write strings */ \
  for (tmp2int32=0;tmp2int32<tmp3int32;tmp2int32++) \
  { \
    WRITE_BERVAL(fp,&(arr)[tmp2int32]); \
  }

Definition at line 139 of file nssov.h.


Typedef Documentation

typedef struct nssov_info nssov_info
typedef struct nssov_mapinfo nssov_mapinfo

Enumeration Type Documentation

Enumerator:
NM_alias 
NM_ether 
NM_group 
NM_host 
NM_netgroup 
NM_network 
NM_passwd 
NM_protocol 
NM_rpc 
NM_service 
NM_shadow 
NM_NONE 

Definition at line 47 of file nssov.h.


Function Documentation

void get_userpassword ( struct berval attr,
struct berval pw 
)

Definition at line 105 of file nssov.c.

{
       int i;
       /* go over the entries and return the remainder of the value if it
               starts with {crypt} or crypt$ */
       for (i=0;!BER_BVISNULL(&attr[i]);i++)
       {
              if (strncasecmp(attr[i].bv_val,"{crypt}",7)==0) {
                     pw->bv_val = attr[i].bv_val + 7;
                     pw->bv_len = attr[i].bv_len - 7;
                     return;
              }
              if (strncasecmp(attr[i].bv_val,"crypt$",6)==0) {
                     pw->bv_val = attr[i].bv_val + 6;
                     pw->bv_len = attr[i].bv_len - 6;
                     return;
              }
       }
       /* just return the first value completely */
       *pw = *attr;
       /* TODO: support more password formats e.g. SMD5
              (which is $1$ but in a different format)
              (any code for this is more than welcome) */
}

Here is the call graph for this function:

Here is the caller graph for this function:

int isvalidusername ( struct berval name)

Definition at line 79 of file passwd.c.

{
       int i;
       char *name = bv->bv_val;
       if ((name==NULL)||(name[0]=='\0'))
              return 0;
       /* check first character */
       if ( ! ( (name[0]>='A' && name[0] <= 'Z') ||
                                    (name[0]>='a' && name[0] <= 'z') ||
                                    (name[0]>='0' && name[0] <= '9') ||
                                    name[0]=='.' || name[0]=='_' ) )
              return 0;
       /* check other characters */
       for (i=1;i<bv->bv_len;i++)
       {
              if ( name[i]=='$' )
              {
                     /* if the char is $ we require it to be the last char */
                     if (name[i+1]!='\0')
                            return 0;
              }
              else if ( ! ( (name[i]>='A' && name[i] <= 'Z') ||
                                                               (name[i]>='a' && name[i] <= 'z') ||
                                                               (name[i]>='0' && name[i] <= '9') ||
                                                               name[i]=='.' || name[i]=='_'       || name[i]=='-') )
                     return 0;
       }
       /* no test failed so it must be good */
       return -1;
}

Here is the caller graph for this function:

int nssov_alias_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_alias_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

void nssov_cfg_init ( nssov_info ni,
const char *  fname 
)
int nssov_dn2uid ( Operation op,
nssov_info ni,
struct berval dn,
struct berval uid 
)

Definition at line 111 of file passwd.c.

{
       nssov_mapinfo *mi = &ni->ni_maps[NM_passwd];
       AttributeDescription *ad = mi->mi_attrs[UID_KEY].an_desc;
       Entry *e;

       /* check for empty string */
       if (!dn->bv_len)
              return 0;
       /* try to look up uid within DN string */
       if (!strncmp(dn->bv_val,ad->ad_cname.bv_val,ad->ad_cname.bv_len) &&
              dn->bv_val[ad->ad_cname.bv_len] == '=')
       {
              struct berval bv, rdn;
              dnRdn(dn, &rdn);
              /* check if it is valid */
              bv.bv_val = dn->bv_val + ad->ad_cname.bv_len + 1;
              bv.bv_len = rdn.bv_len - ad->ad_cname.bv_len - 1;
              if (!isvalidusername(&bv))
                     return 0;
              ber_dupbv_x( uid, &bv, op->o_tmpmemctx );
              return 1;
       }
       /* look up the uid from the entry itself */
       if (be_entry_get_rw( op, dn, NULL, ad, 0, &e) == LDAP_SUCCESS)
       {
              Attribute *a = attr_find(e->e_attrs, ad);
              if (a) {
                     ber_dupbv_x(uid, &a->a_vals[0], op->o_tmpmemctx);
              }
              be_entry_release_r(op, e);
              if (a)
                     return 1;
       }
       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int nssov_escape ( struct berval src,
struct berval dst 
)

Definition at line 195 of file nssov.c.

{
       size_t pos=0;
       int i;
       /* go over all characters in source string */
       for (i=0;i<src->bv_len;i++)
       {
              /* check if char will fit */
              if (pos>=(dst->bv_len-4))
                     return -1;
              /* do escaping for some characters */
              switch (src->bv_val[i])
              {
                     case '*':
                            strcpy(dst->bv_val+pos,"\\2a");
                            pos+=3;
                            break;
                     case '(':
                            strcpy(dst->bv_val+pos,"\\28");
                            pos+=3;
                            break;
                     case ')':
                            strcpy(dst->bv_val+pos,"\\29");
                            pos+=3;
                            break;
                     case '\\':
                            strcpy(dst->bv_val+pos,"\\5c");
                            pos+=3;
                            break;
                     default:
                            /* just copy character */
                            dst->bv_val[pos++]=src->bv_val[i];
                            break;
              }
       }
       /* terminate destination string */
       dst->bv_val[pos]='\0';
       dst->bv_len = pos;
       return 0;
}

Here is the caller graph for this function:

int nssov_ether_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_ether_byether ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_ether_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_filter_byid ( nssov_mapinfo mi,
int  key,
struct berval id,
struct berval buf 
)

Definition at line 93 of file nssov.c.

{
       /* build filter */
       if (id->bv_len + mi->mi_filter.bv_len + mi->mi_attrs[key].an_desc->ad_cname.bv_len + 6 >
              buf->bv_len )
              return -1;
       buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s))",
              mi->mi_filter.bv_val, mi->mi_attrs[key].an_desc->ad_cname.bv_val,
              id->bv_val );
       return 0;
}
int nssov_filter_byname ( nssov_mapinfo mi,
int  key,
struct berval name,
struct berval buf 
)

Definition at line 74 of file nssov.c.

{
       char buf2[1024];
       struct berval bv2 = {sizeof(buf2),buf2};

       /* escape attribute */
       if (nssov_escape(name,&bv2))
              return -1;
       /* build filter */
       if (bv2.bv_len + mi->mi_filter.bv_len + mi->mi_attrs[key].an_desc->ad_cname.bv_len + 6 >
              buf->bv_len )
              return -1;
       buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s))",
              mi->mi_filter.bv_val, mi->mi_attrs[key].an_desc->ad_cname.bv_val,
              bv2.bv_val );
       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int nssov_group_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_group_bygid ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_group_bymember ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_group_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_host_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_host_byaddr ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_host_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_name2dn_cb ( Operation op,
SlapReply rs 
)

Definition at line 148 of file passwd.c.

{
       if ( rs->sr_type == REP_SEARCH )
       {
              struct berval *bv = op->o_callback->sc_private;
              if ( !BER_BVISNULL(bv)) {
                     op->o_tmpfree( bv->bv_val, op->o_tmpmemctx );
                     BER_BVZERO(bv);
                     return LDAP_ALREADY_EXISTS;
              }
              ber_dupbv_x(bv, &rs->sr_entry->e_name, op->o_tmpmemctx);
       }
       return LDAP_SUCCESS;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int nssov_netgroup_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_network_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_network_byaddr ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_network_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

Definition at line 676 of file pam.c.

{
       int code = 0;
       const char *text;
       if (!ad_loginStatus)
              code = slap_str2ad("loginStatus", &ad_loginStatus, &text);

       return code;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int nssov_passwd_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_passwd_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_passwd_byuid ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_protocol_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_protocol_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_protocol_bynumber ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_rpc_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_rpc_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_rpc_bynumber ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_service_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_service_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_service_bynumber ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_shadow_all ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

int nssov_shadow_byname ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Here is the caller graph for this function:

Here is the caller graph for this function:

int nssov_uid2dn ( Operation op,
nssov_info ni,
struct berval uid,
struct berval dn 
)

Definition at line 163 of file passwd.c.

{
       nssov_mapinfo *mi = &ni->ni_maps[NM_passwd];
       char fbuf[1024];
       struct berval filter = {sizeof(fbuf),fbuf};
       slap_callback cb = {0};
       SlapReply rs = {REP_RESULT};
       Operation op2;
       int rc;

       /* if it isn't a valid username, just bail out now */
       if (!isvalidusername(uid))
              return 0;
       /* we have to look up the entry */
       nssov_filter_byid(mi,UID_KEY,uid,&filter);
       BER_BVZERO(dn);
       cb.sc_private = dn;
       cb.sc_response = nssov_name2dn_cb;
       op2 = *op;
       op2.o_callback = &cb;
       op2.o_req_dn = mi->mi_base;
       op2.o_req_ndn = mi->mi_base;
       op2.ors_scope = mi->mi_scope;
       op2.ors_filterstr = filter;
       op2.ors_filter = str2filter_x( op, filter.bv_val );
       op2.ors_attrs = slap_anlist_no_attrs;
       op2.ors_tlimit = SLAP_NO_LIMIT;
       op2.ors_slimit = SLAP_NO_LIMIT;
       rc = op2.o_bd->be_search( &op2, &rs );
       filter_free_x( op, op2.ors_filter, 1 );
       return rc == LDAP_SUCCESS && !BER_BVISNULL(dn);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int pam_authc ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Definition at line 204 of file pam.c.

{
       int32_t tmpint32;
       int rc;
       slap_callback cb = {0};
       char dnc[1024];
       char uidc[32];
       char svcc[256];
       char pwdc[256];
       struct berval sdn, dn;
       struct paminfo pi;


       READ_STRING(fp,uidc);
       pi.uid.bv_val = uidc;
       pi.uid.bv_len = tmpint32;
       READ_STRING(fp,dnc);
       pi.dn.bv_val = dnc;
       pi.dn.bv_len = tmpint32;
       READ_STRING(fp,svcc);
       pi.svc.bv_val = svcc;
       pi.svc.bv_len = tmpint32;
       READ_STRING(fp,pwdc);
       pi.pwd.bv_val = pwdc;
       pi.pwd.bv_len = tmpint32;

       Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(%s)\n",pi.uid.bv_val,0,0);

       rc = pam_do_bind(ni, fp, op, &pi);

finish:
       WRITE_INT32(fp,NSLCD_VERSION);
       WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHC);
       WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
       WRITE_BERVAL(fp,&pi.uid);
       WRITE_BERVAL(fp,&pi.dn);
       WRITE_INT32(fp,rc);
       WRITE_INT32(fp,pi.authz);   /* authz */
       WRITE_BERVAL(fp,&pi.msg);   /* authzmsg */
       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int pam_authz ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Definition at line 262 of file pam.c.

{
       struct berval dn, uid, svc, ruser, rhost, tty;
       struct berval authzmsg = BER_BVNULL;
       int32_t tmpint32;
       char dnc[1024];
       char uidc[32];
       char svcc[256];
       char ruserc[32];
       char rhostc[256];
       char ttyc[256];
       int rc;
       Entry *e = NULL;
       Attribute *a;
       slap_callback cb = {0};

       READ_STRING(fp,uidc);
       uid.bv_val = uidc;
       uid.bv_len = tmpint32;
       READ_STRING(fp,dnc);
       dn.bv_val = dnc;
       dn.bv_len = tmpint32;
       READ_STRING(fp,svcc);
       svc.bv_val = svcc;
       svc.bv_len = tmpint32;
       READ_STRING(fp,ruserc);
       ruser.bv_val = ruserc;
       ruser.bv_len = tmpint32;
       READ_STRING(fp,rhostc);
       rhost.bv_val = rhostc;
       rhost.bv_len = tmpint32;
       READ_STRING(fp,ttyc);
       tty.bv_val = ttyc;
       tty.bv_len = tmpint32;

       Debug(LDAP_DEBUG_TRACE,"nssov_pam_authz(%s)\n",dn.bv_val,0,0);

       /* If we didn't do authc, we don't have a DN yet */
       if (BER_BVISEMPTY(&dn)) {
              struct paminfo pi;
              pi.uid = uid;
              pi.svc = svc;

              rc = pam_uid2dn(ni, op, &pi);
              if (rc) goto finish;
              dn = pi.dn;
       }

       /* See if they have access to the host and service */
       if ((ni->ni_pam_opts & NI_PAM_HOSTSVC) && nssov_pam_svc_ad) {
              AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
              struct berval hostdn = BER_BVNULL;
              struct berval odn = op->o_ndn;
              SlapReply rs = {REP_RESULT};
              op->o_dn = dn;
              op->o_ndn = dn;
              {
                     nssov_mapinfo *mi = &ni->ni_maps[NM_host];
                     char fbuf[1024];
                     struct berval filter = {sizeof(fbuf),fbuf};
                     SlapReply rs2 = {REP_RESULT};

                     /* Lookup the host entry */
                     nssov_filter_byname(mi,0,&global_host_bv,&filter);
                     cb.sc_private = &hostdn;
                     cb.sc_response = nssov_name2dn_cb;
                     op->o_callback = &cb;
                     op->o_req_dn = mi->mi_base;
                     op->o_req_ndn = mi->mi_base;
                     op->ors_scope = mi->mi_scope;
                     op->ors_filterstr = filter;
                     op->ors_filter = str2filter_x(op, filter.bv_val);
                     op->ors_attrs = slap_anlist_no_attrs;
                     op->ors_tlimit = SLAP_NO_LIMIT;
                     op->ors_slimit = 2;
                     rc = op->o_bd->be_search(op, &rs2);
                     filter_free_x(op, op->ors_filter, 1);

                     if (BER_BVISEMPTY(&hostdn) &&
                            !BER_BVISEMPTY(&ni->ni_pam_defhost)) {
                            filter.bv_len = sizeof(fbuf);
                            filter.bv_val = fbuf;
                            rs_reinit(&rs2, REP_RESULT);
                            nssov_filter_byname(mi,0,&ni->ni_pam_defhost,&filter);
                            op->ors_filterstr = filter;
                            op->ors_filter = str2filter_x(op, filter.bv_val);
                            rc = op->o_bd->be_search(op, &rs2);
                            filter_free_x(op, op->ors_filter, 1);
                     }

                     /* no host entry, no default host -> deny */
                     if (BER_BVISEMPTY(&hostdn)) {
                            rc = NSLCD_PAM_PERM_DENIED;
                            authzmsg = hostmsg;
                            goto finish;
                     }
              }

              cb.sc_response = pam_compare_cb;
              cb.sc_private = NULL;
              op->o_tag = LDAP_REQ_COMPARE;
              op->o_req_dn = hostdn;
              op->o_req_ndn = hostdn;
              ava.aa_desc = nssov_pam_svc_ad;
              ava.aa_value = svc;
              op->orc_ava = &ava;
              rc = op->o_bd->be_compare( op, &rs );
              if ( cb.sc_private == NULL ) {
                     authzmsg = svcmsg;
                     rc = NSLCD_PAM_PERM_DENIED;
                     goto finish;
              }
              op->o_dn = odn;
              op->o_ndn = odn;
       }

       /* See if they're a member of the group */
       if ((ni->ni_pam_opts & NI_PAM_USERGRP) &&
              !BER_BVISEMPTY(&ni->ni_pam_group_dn) &&
              ni->ni_pam_group_ad) {
              AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
              SlapReply rs = {REP_RESULT};
              op->o_callback = &cb;
              cb.sc_response = slap_null_cb;
              op->o_tag = LDAP_REQ_COMPARE;
              op->o_req_dn = ni->ni_pam_group_dn;
              op->o_req_ndn = ni->ni_pam_group_dn;
              ava.aa_desc = ni->ni_pam_group_ad;
              ava.aa_value = dn;
              op->orc_ava = &ava;
              rc = op->o_bd->be_compare( op, &rs );
              if ( rs.sr_err != LDAP_COMPARE_TRUE ) {
                     authzmsg = grpmsg;
                     rc = NSLCD_PAM_PERM_DENIED;
                     goto finish;
              }
       }

       /* We need to check the user's entry for these bits */
       if ((ni->ni_pam_opts & (NI_PAM_USERHOST|NI_PAM_USERSVC)) ||
              ni->ni_pam_template_ad ||
              ni->ni_pam_min_uid || ni->ni_pam_max_uid ) {
              rc = be_entry_get_rw( op, &dn, NULL, NULL, 0, &e );
              if (rc != LDAP_SUCCESS) {
                     rc = NSLCD_PAM_USER_UNKNOWN;
                     goto finish;
              }
       }
       if ((ni->ni_pam_opts & NI_PAM_USERHOST) && nssov_pam_host_ad) {
              a = attr_find(e->e_attrs, nssov_pam_host_ad);
              if (!a || attr_valfind( a,
                     SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
                     SLAP_MR_VALUE_OF_SYNTAX,
                     &global_host_bv, NULL, op->o_tmpmemctx )) {
                     rc = NSLCD_PAM_PERM_DENIED;
                     authzmsg = hostmsg;
                     goto finish;
              }
       }
       if ((ni->ni_pam_opts & NI_PAM_USERSVC) && nssov_pam_svc_ad) {
              a = attr_find(e->e_attrs, nssov_pam_svc_ad);
              if (!a || attr_valfind( a,
                     SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
                     SLAP_MR_VALUE_OF_SYNTAX,
                     &svc, NULL, op->o_tmpmemctx )) {
                     rc = NSLCD_PAM_PERM_DENIED;
                     authzmsg = svcmsg;
                     goto finish;
              }
       }

/* from passwd.c */
#define UIDN_KEY     2

       if (ni->ni_pam_min_uid || ni->ni_pam_max_uid) {
              int id;
              char *tmp;
              nssov_mapinfo *mi = &ni->ni_maps[NM_passwd];
              a = attr_find(e->e_attrs, mi->mi_attrs[UIDN_KEY].an_desc);
              if (!a) {
                     rc = NSLCD_PAM_PERM_DENIED;
                     authzmsg = uidmsg;
                     goto finish;
              }
              id = (int)strtol(a->a_vals[0].bv_val,&tmp,0);
              if (a->a_vals[0].bv_val[0] == '\0' || *tmp != '\0') {
                     rc = NSLCD_PAM_PERM_DENIED;
                     authzmsg = uidmsg;
                     goto finish;
              }
              if ((ni->ni_pam_min_uid && id < ni->ni_pam_min_uid) ||
                     (ni->ni_pam_max_uid && id > ni->ni_pam_max_uid)) {
                     rc = NSLCD_PAM_PERM_DENIED;
                     authzmsg = uidmsg;
                     goto finish;
              }
       }

       if (ni->ni_pam_template_ad) {
              a = attr_find(e->e_attrs, ni->ni_pam_template_ad);
              if (a)
                     uid = a->a_vals[0];
              else if (!BER_BVISEMPTY(&ni->ni_pam_template))
                     uid = ni->ni_pam_template;
       }
       rc = NSLCD_PAM_SUCCESS;

finish:
       WRITE_INT32(fp,NSLCD_VERSION);
       WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHZ);
       WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
       WRITE_BERVAL(fp,&uid);
       WRITE_BERVAL(fp,&dn);
       WRITE_INT32(fp,rc);
       WRITE_BERVAL(fp,&authzmsg);
       if (e) {
              be_entry_release_r(op, e);
       }
       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int pam_pwmod ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Definition at line 594 of file pam.c.

{
       struct berval npw;
       int32_t tmpint32;
       char dnc[1024];
       char uidc[32];
       char opwc[256];
       char npwc[256];
       char svcc[256];
       struct paminfo pi;
       int rc;

       READ_STRING(fp,uidc);
       pi.uid.bv_val = uidc;
       pi.uid.bv_len = tmpint32;
       READ_STRING(fp,dnc);
       pi.dn.bv_val = dnc;
       pi.dn.bv_len = tmpint32;
       READ_STRING(fp,svcc);
       pi.svc.bv_val = svcc;
       pi.svc.bv_len = tmpint32;
       READ_STRING(fp,opwc);
       pi.pwd.bv_val = opwc;
       pi.pwd.bv_len = tmpint32;
       READ_STRING(fp,npwc);
       npw.bv_val = npwc;
       npw.bv_len = tmpint32;

       Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(%s), %s\n",
              pi.dn.bv_val,pi.uid.bv_val,0);

       BER_BVZERO(&pi.msg);

       /* This is a prelim check */
       if (BER_BVISEMPTY(&pi.dn)) {
              rc = pam_do_bind(ni,fp,op,&pi);
              if (rc == NSLCD_PAM_IGNORE)
                     rc = NSLCD_PAM_SUCCESS;
       } else {
              BerElementBuffer berbuf;
              BerElement *ber = (BerElement *)&berbuf;
              struct berval bv;
              SlapReply rs = {REP_RESULT};
              slap_callback cb = {0};

              ber_init_w_nullc(ber, LBER_USE_DER);
              ber_printf(ber, "{");
              if (!BER_BVISEMPTY(&pi.pwd))
                     ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,
                            &pi.pwd);
              if (!BER_BVISEMPTY(&npw))
                     ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
                            &npw);
              ber_printf(ber, "N}");
              ber_flatten2(ber, &bv, 0);
              op->o_tag = LDAP_REQ_EXTENDED;
              op->ore_reqoid = slap_EXOP_MODIFY_PASSWD;
              op->ore_reqdata = &bv;
              op->o_dn = pi.dn;
              op->o_ndn = pi.dn;
              op->o_callback = &cb;
              op->o_conn->c_authz_backend = op->o_bd;
              cb.sc_response = slap_null_cb;
              op->o_bd = frontendDB;
              rc = op->o_bd->be_extended(op, &rs);
              if (rs.sr_text)
                     ber_str2bv(rs.sr_text, 0, 0, &pi.msg);
              if (rc == LDAP_SUCCESS)
                     rc = NSLCD_PAM_SUCCESS;
              else
                     rc = NSLCD_PAM_PERM_DENIED;
       }
       WRITE_INT32(fp,NSLCD_VERSION);
       WRITE_INT32(fp,NSLCD_ACTION_PAM_PWMOD);
       WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
       WRITE_BERVAL(fp,&pi.uid);
       WRITE_BERVAL(fp,&pi.dn);
       WRITE_INT32(fp,rc);
       WRITE_BERVAL(fp,&pi.msg);
       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int pam_sess_c ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Definition at line 589 of file pam.c.

{
       return pam_sess(ni,fp,op,NSLCD_ACTION_PAM_SESS_C);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int pam_sess_o ( nssov_info ni,
TFILE *  fp,
Operation op 
)

Definition at line 584 of file pam.c.

{
       return pam_sess(ni,fp,op,NSLCD_ACTION_PAM_SESS_O);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int read_address ( TFILE *  fp,
char *  addr,
int addrlen,
int af 
)

Definition at line 170 of file nssov.c.

{
       int32_t tmpint32;
       int len;
       /* read address family */
       READ_INT32(fp,*af);
       if ((*af!=AF_INET)&&(*af!=AF_INET6))
       {
              Debug(LDAP_DEBUG_ANY,"nssov: incorrect address family specified: %d\n",*af,0,0);
              return -1;
       }
       /* read address length */
       READ_INT32(fp,len);
       if ((len>*addrlen)||(len<=0))
       {
              Debug(LDAP_DEBUG_ANY,"nssov: address length incorrect: %d\n",len,0,0);
              return -1;
       }
       *addrlen=len;
       /* read address */
       READ(fp,addr,len);
       /* we're done */
       return 0;
}
int write_address ( TFILE *  fp,
struct berval addr 
)

Definition at line 131 of file nssov.c.

{
       int32_t tmpint32;
       struct in_addr ipv4addr;
       struct in6_addr ipv6addr;
       /* try to parse the address as IPv4 first, fall back to IPv6 */
       if (inet_pton(AF_INET,addr->bv_val,&ipv4addr)>0)
       {
              /* write address type */
              WRITE_INT32(fp,AF_INET);
              /* write the address length */
              WRITE_INT32(fp,sizeof(struct in_addr));
              /* write the address itself (in network byte order) */
              WRITE_TYPE(fp,ipv4addr,struct in_addr);
       }
       else if (inet_pton(AF_INET6,addr->bv_val,&ipv6addr)>0)
       {
              /* write address type */
              WRITE_INT32(fp,AF_INET6);
              /* write the address length */
              WRITE_INT32(fp,sizeof(struct in6_addr));
              /* write the address itself (in network byte order) */
              WRITE_TYPE(fp,ipv6addr,struct in6_addr);
       }
       else
       {
              /* failure, log but write simple invalid address
                      (otherwise the address list is messed up) */
              /* TODO: have error message in correct format */
              Debug(LDAP_DEBUG_ANY,"nssov: unparseable address: %s\n",addr->bv_val,0,0);
              /* write an illegal address type */
              WRITE_INT32(fp,-1);
              /* write an empty address */
              WRITE_INT32(fp,0);
       }
       /* we're done */
       return 0;
}

Variable Documentation

Definition at line 38 of file nssov.c.

Definition at line 39 of file nssov.c.