/* nssov.h - NSS overlay header file */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 2008-2009 The OpenLDAP Foundation.
* Portions Copyright 2008 Howard Chu.
*/
#ifndef NSSOV_H
#define NSSOV_H
#ifndef NSLCD_SOCKET
#define NSLCD_SOCKET "/var/run/nslcd/socket"
#endif
#include
#include "nslcd.h"
#include "nslcd-common.h"
#include "common/tio.h"
#include "compat/attrs.h"
#undef PACKAGE_BUGREPORT
#undef PACKAGE_NAME
#undef PACKAGE_STRING
#undef PACKAGE_TARNAME
#undef PACKAGE_VERSION
#include "portable.h"
#include "slap.h"
#include
/* selectors for different maps */
enum nssov_map_selector
{
NM_alias,
NM_ether,
NM_group,
NM_host,
NM_netgroup,
NM_network,
NM_passwd,
NM_protocol,
NM_rpc,
NM_service,
NM_shadow,
NM_NONE
};
typedef struct nssov_mapinfo {
struct berval mi_base;
int mi_scope;
struct berval mi_filter0;
struct berval mi_filter;
struct berval *mi_attrkeys;
AttributeName *mi_attrs;
} nssov_mapinfo;
typedef struct nssov_info
{
/* search timelimit */
int ni_timelimit;
struct nssov_mapinfo ni_maps[NM_NONE];
int ni_socket;
Connection *ni_conn;
BackendDB *ni_db;
/* PAM authz support... */
slap_mask_t ni_pam_opts;
struct berval ni_pam_group_dn;
AttributeDescription *ni_pam_group_ad;
int ni_pam_min_uid;
int ni_pam_max_uid;
AttributeDescription *ni_pam_template_ad;
struct berval ni_pam_template;
struct berval ni_pam_defhost;
struct berval *ni_pam_sessions;
} nssov_info;
#define NI_PAM_USERHOST 1 /* old style host checking */
#define NI_PAM_USERSVC 2 /* old style service checking */
#define NI_PAM_USERGRP 4 /* old style group checking */
#define NI_PAM_HOSTSVC 8 /* new style authz checking */
#define NI_PAM_SASL2DN 0x10 /* use sasl2dn */
#define NI_PAM_UID2DN 0x20 /* use uid2dn */
#define NI_PAM_OLD (NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP)
#define NI_PAM_NEW NI_PAM_HOSTSVC
extern AttributeDescription *nssov_pam_host_ad;
extern AttributeDescription *nssov_pam_svc_ad;
/* Read the default configuration file. */
void nssov_cfg_init(nssov_info *ni,const char *fname);
/* macros for basic read and write operations, the following
ERROR_OUT* marcos define the action taken on errors
the stream is not closed because the caller closes the
stream */
#define ERROR_OUT_WRITEERROR(fp) \
Debug(LDAP_DEBUG_ANY,"nssov: error writing to client\n",0,0,0); \
return -1;
#define ERROR_OUT_READERROR(fp) \
Debug(LDAP_DEBUG_ANY,"nssov: error reading from client\n",0,0,0); \
return -1;
#define ERROR_OUT_BUFERROR(fp) \
Debug(LDAP_DEBUG_ANY,"nssov: client supplied argument too large\n",0,0,0); \
return -1;
#define WRITE_BERVAL(fp,bv) \
DEBUG_PRINT("WRITE_STRING: var="__STRING(bv)" string=\"%s\"",(bv)->bv_val); \
if ((bv)==NULL) \
{ \
WRITE_INT32(fp,0); \
} \
else \
{ \
WRITE_INT32(fp,(bv)->bv_len); \
if (tmpint32>0) \
{ WRITE(fp,(bv)->bv_val,tmpint32); } \
}
#define WRITE_BVARRAY(fp,arr) \
/* first determine length of array */ \
for (tmp3int32=0;(arr)[tmp3int32].bv_val!=NULL;tmp3int32++) \
/*nothing*/ ; \
/* write number of strings */ \
DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d",(int)tmp3int32); \
WRITE_TYPE(fp,tmp3int32,int32_t); \
/* write strings */ \
for (tmp2int32=0;tmp2int32ni_maps[NM_##db]; \
int i; \
for (i=0;!BER_BVISNULL(&db##_keys[i]);i++); \
i++; \
mi->mi_attrs = ch_malloc( i*sizeof(AttributeName)); \
for (i=0;!BER_BVISNULL(&db##_keys[i]);i++) { \
mi->mi_attrs[i].an_name = db##_keys[i]; \
mi->mi_attrs[i].an_desc = NULL; \
} \
mi->mi_scope = LDAP_SCOPE_DEFAULT; \
mi->mi_filter0 = db##_filter; \
ber_dupbv( &mi->mi_filter, &mi->mi_filter0 ); \
mi->mi_filter = db##_filter; \
mi->mi_attrkeys = db##_keys; \
BER_BVZERO(&mi->mi_base); \
}
/* param structure for search callback */
#define NSSOV_CBPRIV(db,parms) \
typedef struct nssov_##db##_cbp { \
nssov_mapinfo *mi; \
TFILE *fp; \
Operation *op; \
parms \
} nssov_##db##_cbp
/* callback for writing search results */
#define NSSOV_CB(db) \
static int nssov_##db##_cb(Operation *op, SlapReply *rs) \
{ \
if ( rs->sr_type == REP_SEARCH ) { \
nssov_##db##_cbp *cbp = op->o_callback->sc_private; \
if (write_##db(cbp,rs->sr_entry)) return LDAP_OTHER; \
} \
return LDAP_SUCCESS; \
} \
/* macro for generating service handling code */
#define NSSOV_HANDLE(db,fn,readfn,logcall,action,mkfilter) \
int nssov_##db##_##fn(nssov_info *ni,TFILE *fp,Operation *op) \
{ \
/* define common variables */ \
int32_t tmpint32; \
int rc; \
nssov_##db##_cbp cbp; \
slap_callback cb = {0}; \
SlapReply rs = {REP_RESULT}; \
cbp.mi = &ni->ni_maps[NM_##db]; \
cbp.fp = fp; \
cbp.op = op; \
/* read request parameters */ \
readfn; \
/* log call */ \
logcall; \
/* write the response header */ \
WRITE_INT32(fp,NSLCD_VERSION); \
WRITE_INT32(fp,action); \
/* prepare the search filter */ \
if (mkfilter) \
{ \
Debug(LDAP_DEBUG_ANY,"nssov_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small",0,0,0); \
return -1; \
} \
cb.sc_private = &cbp; \
op->o_callback = &cb; \
cb.sc_response = nssov_##db##_cb; \
slap_op_time( &op->o_time, &op->o_tincr ); \
op->o_req_dn = cbp.mi->mi_base; \
op->o_req_ndn = cbp.mi->mi_base; \
op->ors_scope = cbp.mi->mi_scope; \
op->ors_filterstr = filter; \
op->ors_filter = str2filter_x( op, filter.bv_val ); \
op->ors_attrs = cbp.mi->mi_attrs; \
op->ors_tlimit = SLAP_NO_LIMIT; \
op->ors_slimit = SLAP_NO_LIMIT; \
/* do the internal search */ \
op->o_bd->be_search( op, &rs ); \
filter_free_x( op, op->ors_filter, 1 ); \
return 0; \
}
#endif /* NSSOV_H */