/* nssov.h - NSS overlay header file */ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * * Copyright 2008-2009 The OpenLDAP Foundation. * Portions Copyright 2008 Howard Chu. */ #ifndef NSSOV_H #define NSSOV_H #ifndef NSLCD_SOCKET #define NSLCD_SOCKET "/var/run/nslcd/socket" #endif #include #include "nslcd.h" #include "nslcd-common.h" #include "common/tio.h" #include "compat/attrs.h" #undef PACKAGE_BUGREPORT #undef PACKAGE_NAME #undef PACKAGE_STRING #undef PACKAGE_TARNAME #undef PACKAGE_VERSION #include "portable.h" #include "slap.h" #include /* selectors for different maps */ enum nssov_map_selector { NM_alias, NM_ether, NM_group, NM_host, NM_netgroup, NM_network, NM_passwd, NM_protocol, NM_rpc, NM_service, NM_shadow, NM_NONE }; typedef struct nssov_mapinfo { struct berval mi_base; int mi_scope; struct berval mi_filter0; struct berval mi_filter; struct berval *mi_attrkeys; AttributeName *mi_attrs; } nssov_mapinfo; typedef struct nssov_info { /* search timelimit */ int ni_timelimit; struct nssov_mapinfo ni_maps[NM_NONE]; int ni_socket; Connection *ni_conn; BackendDB *ni_db; /* PAM authz support... */ slap_mask_t ni_pam_opts; struct berval ni_pam_group_dn; AttributeDescription *ni_pam_group_ad; int ni_pam_min_uid; int ni_pam_max_uid; AttributeDescription *ni_pam_template_ad; struct berval ni_pam_template; struct berval ni_pam_defhost; } nssov_info; #define NI_PAM_USERHOST 1 /* old style host checking */ #define NI_PAM_USERSVC 2 /* old style service checking */ #define NI_PAM_USERGRP 4 /* old style group checking */ #define NI_PAM_HOSTSVC 8 /* new style authz checking */ #define NI_PAM_SASL2DN 0x10 /* use sasl2dn */ #define NI_PAM_UID2DN 0x20 /* use uid2dn */ #define NI_PAM_OLD (NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP) #define NI_PAM_NEW NI_PAM_HOSTSVC extern AttributeDescription *nssov_pam_host_ad; extern AttributeDescription *nssov_pam_svc_ad; /* Read the default configuration file. */ void nssov_cfg_init(nssov_info *ni,const char *fname); /* macros for basic read and write operations, the following ERROR_OUT* marcos define the action taken on errors the stream is not closed because the caller closes the stream */ #define ERROR_OUT_WRITEERROR(fp) \ Debug(LDAP_DEBUG_ANY,"nssov: error writing to client\n",0,0,0); \ return -1; #define ERROR_OUT_READERROR(fp) \ Debug(LDAP_DEBUG_ANY,"nssov: error reading from client\n",0,0,0); \ return -1; #define ERROR_OUT_BUFERROR(fp) \ Debug(LDAP_DEBUG_ANY,"nssov: client supplied argument too large\n",0,0,0); \ return -1; #define WRITE_BERVAL(fp,bv) \ DEBUG_PRINT("WRITE_STRING: var="__STRING(bv)" string=\"%s\"",(bv)->bv_val); \ if ((bv)==NULL) \ { \ WRITE_INT32(fp,0); \ } \ else \ { \ WRITE_INT32(fp,(bv)->bv_len); \ if (tmpint32>0) \ { WRITE(fp,(bv)->bv_val,tmpint32); } \ } #define WRITE_BVARRAY(fp,arr) \ /* first determine length of array */ \ for (tmp3int32=0;(arr)[tmp3int32].bv_val!=NULL;tmp3int32++) \ /*nothing*/ ; \ /* write number of strings */ \ DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d",(int)tmp3int32); \ WRITE_TYPE(fp,tmp3int32,int32_t); \ /* write strings */ \ for (tmp2int32=0;tmp2int32ni_maps[NM_##db]; \ int i; \ for (i=0;!BER_BVISNULL(&db##_keys[i]);i++); \ i++; \ mi->mi_attrs = ch_malloc( i*sizeof(AttributeName)); \ for (i=0;!BER_BVISNULL(&db##_keys[i]);i++) { \ mi->mi_attrs[i].an_name = db##_keys[i]; \ mi->mi_attrs[i].an_desc = NULL; \ } \ mi->mi_scope = LDAP_SCOPE_DEFAULT; \ mi->mi_filter0 = db##_filter; \ ber_dupbv( &mi->mi_filter, &mi->mi_filter0 ); \ mi->mi_filter = db##_filter; \ mi->mi_attrkeys = db##_keys; \ BER_BVZERO(&mi->mi_base); \ } /* param structure for search callback */ #define NSSOV_CBPRIV(db,parms) \ typedef struct nssov_##db##_cbp { \ nssov_mapinfo *mi; \ TFILE *fp; \ Operation *op; \ parms \ } nssov_##db##_cbp /* callback for writing search results */ #define NSSOV_CB(db) \ static int nssov_##db##_cb(Operation *op, SlapReply *rs) \ { \ if ( rs->sr_type == REP_SEARCH ) { \ nssov_##db##_cbp *cbp = op->o_callback->sc_private; \ if (write_##db(cbp,rs->sr_entry)) return LDAP_OTHER; \ } \ return LDAP_SUCCESS; \ } \ /* macro for generating service handling code */ #define NSSOV_HANDLE(db,fn,readfn,logcall,action,mkfilter) \ int nssov_##db##_##fn(nssov_info *ni,TFILE *fp,Operation *op) \ { \ /* define common variables */ \ int32_t tmpint32; \ int rc; \ nssov_##db##_cbp cbp; \ slap_callback cb = {0}; \ SlapReply rs = {REP_RESULT}; \ cbp.mi = &ni->ni_maps[NM_##db]; \ cbp.fp = fp; \ cbp.op = op; \ /* read request parameters */ \ readfn; \ /* log call */ \ logcall; \ /* write the response header */ \ WRITE_INT32(fp,NSLCD_VERSION); \ WRITE_INT32(fp,action); \ /* prepare the search filter */ \ if (mkfilter) \ { \ Debug(LDAP_DEBUG_ANY,"nssov_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small",0,0,0); \ return -1; \ } \ cb.sc_private = &cbp; \ op->o_callback = &cb; \ cb.sc_response = nssov_##db##_cb; \ slap_op_time( &op->o_time, &op->o_tincr ); \ op->o_req_dn = cbp.mi->mi_base; \ op->o_req_ndn = cbp.mi->mi_base; \ op->ors_scope = cbp.mi->mi_scope; \ op->ors_filterstr = filter; \ op->ors_filter = str2filter_x( op, filter.bv_val ); \ op->ors_attrs = cbp.mi->mi_attrs; \ op->ors_tlimit = SLAP_NO_LIMIT; \ op->ors_slimit = SLAP_NO_LIMIT; \ /* do the internal search */ \ op->o_bd->be_search( op, &rs ); \ filter_free_x( op, op->ors_filter, 1 ); \ return 0; \ } #endif /* NSSOV_H */