PSARC 2005/133 Sparks: Name Service Switch 2

4406529 artificial limit of 10 threads per backend 4516075 LDAP connections could be reused more 4696964 LDAP naming services should support Kerberos authentication 4740951 Need host based authentication options in Native LDAP 4952533 Some backends of gethostby* do not set h_errno correctly 4979596 getXbyY calls should have better buffer mechanism 5028908 /usr/bin/logins accesses free memory deep in nss_getent_u(). 5046881 nscd: old-data-ok parameter is not useful, should go away 6225323 NSS/nscd Enhancements (Sparks Project) --HG-- rename : usr/src/cmd/nscd/attrstr.c => deleted_files/usr/src/cmd/nscd/attrstr.c rename : usr/src/cmd/nscd/hash.c => deleted_files/usr/src/cmd/nscd/hash.c rename : usr/src/cmd/nscd/nscd_parse.c => deleted_files/usr/src/cmd/nscd/nscd_parse.c rename : usr/src/cmd/nscd/nscd.h => usr/src/cmd/nscd/cache.h
author: djl <none@none> 2006-09-29 06:00:17 -0700
committer: djl <none@none> 2006-09-29 06:00:17 -0700
commit: cb5caa98562cf06753163f558cbcfe30b8f4673a (patch)
tree: 7a24623821583899295e29553207e69701b471ff /usr/src/lib/nsswitch/ldap/common/getspent.c
parent: 350f572a3fa518fc3690d53066c2c54fd03b5a08 (diff)
download: illumos-gate-cb5caa98562cf06753163f558cbcfe30b8f4673a.tar.gz
1 files changed, 82 insertions, 173 deletions
diff --git a/usr/src/lib/nsswitch/ldap/common/getspent.c b/usr/src/lib/nsswitch/ldap/common/getspent.c
index cf5ea84652..dc93c5d9ca 100644
--- a/usr/src/lib/nsswitch/ldap/common/getspent.c
+++ b/usr/src/lib/nsswitch/ldap/common/getspent.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -31,7 +30,6 @@
 #include "ldap_common.h"
 
 /* shadow attributes filters */
-#define	_S_CN			"cn"
 #define	_S_UID			"uid"
 #define	_S_USERPASSWORD		"userpassword"
 #define	_S_FLAG			"shadowflag"
@@ -46,185 +44,105 @@ static const char *sp_attrs[] = {
 	(char *)NULL
 };
 
-
-extern ns_ldap_attr_t *getattr(ns_ldap_result_t *result, int i);
-
 /*
- * _nss_ldap_shadow2ent is the data marshaling method for the passwd getXbyY
+ * _nss_ldap_shadow2str is the data marshaling method for the shadow getXbyY
  * (e.g., getspnam(), getspent()) backend processes. This method is called after
  * a successful ldap search has been performed. This method will parse the
- * ldap search values into struct spwd = argp->buf.buffer which the frontend
- * process expects. Three error conditions are expected and returned to
- * nsswitch.
+ * ldap search values into the file format.
+ * e.g.
+ *
+ * myname:gaBXNJuz4JDmA:6445::::::
+ *
  */
 
 static int
-_nss_ldap_shadow2ent(ldap_backend_ptr be, nss_XbyY_args_t *argp)
+_nss_ldap_shadow2str(ldap_backend_ptr be, nss_XbyY_args_t *argp)
 {
-	int		i = 0;
 	int		nss_result;
-	int		buflen = (int)0;
+	int		buflen = 0;
 	unsigned long	len = 0L;
-	char		*buffer = (char *)NULL;
-	char		*ceiling = (char *)NULL;
-	char		*pw_passwd = (char *)NULL;
-	char		*nullstring = (char *)NULL;
+	char		*tmp, *buffer = NULL;
+	char		*pw_passwd = NULL;
 	char		np[] = "*NP*";
 	ns_ldap_result_t	*result = be->result;
-	ns_ldap_attr_t	*attrptr;
-	long		ltmp = (long)0L;
-	struct spwd	*spd = (struct spwd *)NULL;
-
-#ifdef DEBUG
-	(void) fprintf(stdout, "\n[getspent.c: _nss_ldap_shadow2ent]\n");
-#endif /* DEBUG */
+	char		**uid, **passwd, **flag, *flag_str;
 
-	buffer = argp->buf.buffer;
-	buflen = (size_t)argp->buf.buflen;
-	if (!argp->buf.result) {
-		nss_result = (int)NSS_STR_PARSE_ERANGE;
-		goto result_spd2ent;
-	}
-	spd = (struct spwd *)argp->buf.result;
-	ceiling = buffer + buflen;
-	nullstring = (buffer + (buflen - 1));
-
-	/* Default values */
-	spd->sp_lstchg = -1;	spd->sp_min    = -1;
-	spd->sp_max    = -1;	spd->sp_warn   = -1;
-	spd->sp_inact  = -1;	spd->sp_expire = -1;
-	spd->sp_flag   = 0;	spd->sp_pwdp = NULL;
+	if (result == NULL)
+		return (NSS_STR_PARSE_PARSE);
+	buflen = argp->buf.buflen;
 
-	nss_result = (int)NSS_STR_PARSE_SUCCESS;
-	(void) memset(buffer, 0, buflen);
+	nss_result = NSS_STR_PARSE_SUCCESS;
+	(void) memset(argp->buf.buffer, 0, buflen);
 
-	attrptr = getattr(result, 0);
-	if (attrptr == NULL) {
-		nss_result = (int)NSS_STR_PARSE_PARSE;
-		goto result_spd2ent;
+	uid = __ns_ldap_getAttr(result->entry, _S_UID);
+	if (uid == NULL || uid[0] == NULL || (strlen(uid[0]) < 1)) {
+		nss_result = NSS_STR_PARSE_PARSE;
+		goto result_spd2str;
 	}
-
-	for (i = 0; i < result->entry->attr_count; i++) {
-		attrptr = getattr(result, i);
-		if (strcasecmp(attrptr->attrname, _S_UID) == 0) {
-			if ((attrptr->attrvalue[0] == NULL) ||
-			    (len = strlen(attrptr->attrvalue[0])) < 1) {
-				nss_result = (int)NSS_STR_PARSE_PARSE;
-				goto result_spd2ent;
-			}
-			spd->sp_namp = buffer;
-			buffer += len + 1;
-			if (buffer >= ceiling) {
-				nss_result = (int)NSS_STR_PARSE_ERANGE;
-				goto result_spd2ent;
-			}
-			(void) strcpy(spd->sp_namp, attrptr->attrvalue[0]);
-			continue;
-		}
-		if (strcasecmp(attrptr->attrname, _S_USERPASSWORD) == 0) {
-			if (attrptr->attrvalue[0] == '\0') {
-				spd->sp_pwdp = nullstring;
-				nss_result = (int)NSS_STR_PARSE_PARSE;
-				goto result_spd2ent;
-			}
-			pw_passwd = attrptr->attrvalue[0];
-			if (pw_passwd) {
-				char	*tmp;
-
-				if ((tmp = strstr(pw_passwd, "{crypt}"))
-					!= NULL) {
-					if (tmp != pw_passwd)
-						pw_passwd = np;
-					else
-						pw_passwd += 7;
-				} else if ((tmp = strstr(pw_passwd, "{CRYPT}"))
-					!= NULL) {
-					if (tmp != pw_passwd)
-						pw_passwd = np;
-					else
-						pw_passwd += 7;
-				} else {
-					pw_passwd = np;
-				}
-			}
-			len = (unsigned long)strlen(pw_passwd);
-			if (len < 1) {
-				spd->sp_pwdp = nullstring;
-			} else {
-				spd->sp_pwdp = buffer;
-				buffer += len + 1;
-				if (buffer >= ceiling) {
-					nss_result = (int)NSS_STR_PARSE_ERANGE;
-					goto result_spd2ent;
-				}
-			}
-			(void) strcpy(spd->sp_pwdp, pw_passwd);
-		}
-
-		/*
-		 * Ignore the following password aging related attributes:
-		 * -- shadowlastchange
-		 * -- shadowmin
-		 * -- shadowmax
-		 * -- shadowwarning
-		 * -- shadowinactive
-		 * -- shadowexpire
-		 * This is because the LDAP naming service does not
-		 * really support the password aging fields defined
-		 * in the shadow structure. These fields, sp_lstchg,
-		 * sp_min, sp_max, sp_warn, sp_inact, and sp_expire,
-		 * have been set to -1.
-		 */
-
-		if (strcasecmp(attrptr->attrname, _S_FLAG) == 0) {
-			if (attrptr->attrvalue[0] == '\0') {
-				nss_result = (int)NSS_STR_PARSE_PARSE;
-				goto result_spd2ent;
-			}
-			errno = 0;
-			ltmp = strtol(attrptr->attrvalue[0], (char **)NULL, 10);
-			if (errno != 0) {
-				nss_result = (int)NSS_STR_PARSE_PARSE;
-				goto result_spd2ent;
-			}
-			spd->sp_flag = (int)ltmp;
-			continue;
+	len += strlen(uid[0]);
+
+	passwd = __ns_ldap_getAttr(result->entry, _S_USERPASSWORD);
+	if (passwd == NULL || passwd[0] == NULL || strlen(passwd[0]) < 1) {
+		pw_passwd = _NO_VALUE;
+	} else {
+		if ((tmp = strstr(passwd[0], "{crypt}")) != NULL ||
+			(tmp = strstr(passwd[0], "{CRYPT}")) != NULL) {
+			if (tmp != passwd[0])
+				pw_passwd = np;
+			else
+				pw_passwd = tmp + strlen("{crypt}");
+		} else {
+		/* Replace it with *NP* */
+			pw_passwd = np;
 		}
 	}
-
-	/* we will not allow for an empty password to be */
-	/* returned to the front end as this is not a supported */
-	/* configuration.  Since we got to this point without */
-	/* the password being set, we assume that no password was */
-	/* set on the server which is consider a misconfiguration. */
-	/* We will proceed and set the password to *NP* as no password */
-	/* is not supported */
-
-	if (spd->sp_pwdp == NULL) {
-		spd->sp_pwdp = buffer;
-		buffer += strlen(np) + 1;
-		if (buffer >= ceiling) {
-			nss_result = (int)NSS_STR_PARSE_ERANGE;
-			goto result_spd2ent;
-		}
-		strcpy(spd->sp_pwdp, np);
+	len += strlen(pw_passwd);
+
+	/*
+	 * Ignore the following password aging related attributes:
+	 * -- shadowlastchange
+	 * -- shadowmin
+	 * -- shadowmax
+	 * -- shadowwarning
+	 * -- shadowinactive
+	 * -- shadowexpire
+	 * This is because the LDAP naming service does not
+	 * really support the password aging fields defined
+	 * in the shadow structure. These fields, sp_lstchg,
+	 * sp_min, sp_max, sp_warn, sp_inact, and sp_expire,
+	 * will be set to -1 by the front end marshaller.
+	 */
+	flag = __ns_ldap_getAttr(result->entry, _S_FLAG);
+	if (flag == NULL || flag[0] == NULL)
+		flag_str = _NO_VALUE;
+	else
+		flag_str = flag[0];
+
+	/* 9 = 8 ':' + 1 '\0' */
+	len += strlen(flag_str) + 9;
+
+	if (len > buflen) {
+		nss_result = NSS_STR_PARSE_ERANGE;
+		goto result_spd2str;
 	}
 
+	if (argp->buf.result != NULL) {
+		be->buffer = calloc(1, len);
+		if (be->buffer == NULL) {
+			nss_result = NSS_STR_PARSE_PARSE;
+			goto result_spd2str;
+		}
+		buffer = be->buffer;
+	} else
+		buffer = argp->buf.buffer;
 
-#ifdef DEBUG
-	(void) fprintf(stdout, "\n[getspent.c: _nss_ldap_shadow2ent]\n");
-	(void) fprintf(stdout, "       sp_namp: [%s]\n", spd->sp_namp);
-	(void) fprintf(stdout, "       sp_pwdp: [%s]\n", spd->sp_pwdp);
-	(void) fprintf(stdout, "     sp_latchg: [%d]\n", spd->sp_lstchg);
-	(void) fprintf(stdout, "        sp_min: [%d]\n", spd->sp_min);
-	(void) fprintf(stdout, "        sp_max: [%d]\n", spd->sp_max);
-	(void) fprintf(stdout, "       sp_warn: [%d]\n", spd->sp_warn);
-	(void) fprintf(stdout, "      sp_inact: [%d]\n", spd->sp_inact);
-	(void) fprintf(stdout, "     sp_expire: [%d]\n", spd->sp_expire);
-	(void) fprintf(stdout, "       sp_flag: [%d]\n", spd->sp_flag);
-#endif /* DEBUG */
+	(void) snprintf(buffer, len, "%s:%s:::::::%s",
+			uid[0], pw_passwd, flag_str);
 
-result_spd2ent:
+	/* The front end marhsaller doesn't need the trailing null */
+	if (argp->buf.result != NULL)
+		be->buflen = strlen(be->buffer);
+result_spd2str:
 
 	(void) __ns_ldap_freeResult(&be->result);
 	return ((int)nss_result);
@@ -245,13 +163,8 @@ getbynam(ldap_backend_ptr be, void *a)
 	char		searchfilter[SEARCHFILTERLEN];
 	char		userdata[SEARCHFILTERLEN];
 	char		name[SEARCHFILTERLEN + 1];
-	int		len;
 	int		ret;
 
-#ifdef DEBUG
-	(void) fprintf(stdout, "\n[getspent.c: getbynam]\n");
-#endif /* DEBUG */
-
 	if (_ldap_filter_name(name, argp->key.name, sizeof (name)) != 0)
 		return ((nss_status_t)NSS_NOTFOUND);
 
@@ -288,11 +201,7 @@ _nss_ldap_shadow_constr(const char *dummy1, const char *dummy2,
 			const char *dummy3)
 {
 
-#ifdef DEBUG
-	(void) fprintf(stdout, "\n[getspent.c: _nss_ldap_shadow_constr]\n");
-#endif /* DEBUG */
-
 	return ((nss_backend_t *)_nss_ldap_constr(sp_ops,
 		sizeof (sp_ops)/sizeof (sp_ops[0]),
-		_SHADOW, sp_attrs, _nss_ldap_shadow2ent));
+		_SHADOW, sp_attrs, _nss_ldap_shadow2str));
 }
author	djl <none@none>	2006-09-29 06:00:17 -0700
committer	djl <none@none>	2006-09-29 06:00:17 -0700
commit	cb5caa98562cf06753163f558cbcfe30b8f4673a (patch)
tree	7a24623821583899295e29553207e69701b471ff /usr/src/lib/nsswitch/ldap/common/getspent.c
parent	350f572a3fa518fc3690d53066c2c54fd03b5a08 (diff)
download	illumos-gate-cb5caa98562cf06753163f558cbcfe30b8f4673a.tar.gz