"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nslcd/cfg.c" between
nss-pam-ldapd-0.9.11.tar.gz and nss-pam-ldapd-0.9.12.tar.gz

About: nss-pam-ldapd is a Name Service Switch (NSS) module and Pluggable Authentication Module (PAM) that allows your LDAP server to provide user account, group, host name, alias, netgroup, and basically any other information that you would normally get from /etc flat files or NIS. It also allows you to do authentication to an LDAP server.

[ To the main nss-pam-ldapd source changes report ]

cfg.c  (nss-pam-ldapd-0.9.11):cfg.c  (nss-pam-ldapd-0.9.12)
/* /*
cfg.c - functions for configuration information cfg.c - functions for configuration information
This file contains parts that were part of the nss_ldap This file contains parts that were part of the nss_ldap
library which has been forked into the nss-pam-ldapd library. library which has been forked into the nss-pam-ldapd library.
Copyright (C) 1997-2005 Luke Howard Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2007 West Consulting Copyright (C) 2007 West Consulting
Copyright (C) 2007-2018 Arthur de Jong Copyright (C) 2007-2021 Arthur de Jong
This library is free software; you can redistribute it and/or This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version. version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details. Lesser General Public License for more details.
skipping to change at line 424 skipping to change at line 424
fqdn = getfqdn(); fqdn = getfqdn();
if ((fqdn != NULL) && ((domain = strchr(fqdn, '.')) != NULL) && (domain[1] != '\0')) if ((fqdn != NULL) && ((domain = strchr(fqdn, '.')) != NULL) && (domain[1] != '\0'))
return domain + 1; return domain + 1;
log_log(LOG_ERR, "%s:%d: unable to determinate a domain name", log_log(LOG_ERR, "%s:%d: unable to determinate a domain name",
filename, lnr); filename, lnr);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* add URIs by doing DNS queries for SRV records */ /* add URIs by doing DNS queries for SRV records */
static void add_uris_from_dns(const char *filename, int lnr, static void add_uris_from_dns(const char *filename, int lnr,
struct ldap_config *cfg, const char *domain) struct ldap_config *cfg, const char *domain,
int force_ldaps)
{ {
int rc; int rc;
char *hostlist = NULL, *nxt; char *hostlist = NULL, *nxt;
char buf[BUFLEN_HOSTNAME + sizeof("ldap://")]; char buf[BUFLEN_HOSTNAME + sizeof("ldaps://")];
log_log(LOG_DEBUG, "query %s for SRV records", domain); log_log(LOG_DEBUG, "query %s for SRV records", domain);
rc = ldap_domain2hostlist(domain, &hostlist); rc = ldap_domain2hostlist(domain, &hostlist);
if (rc != LDAP_SUCCESS) if (rc != LDAP_SUCCESS)
{ {
log_log(LOG_ERR, "%s:%d: no servers found in DNS zone %s: %s", log_log(LOG_ERR, "%s:%d: no servers found in DNS zone %s: %s",
filename, lnr, domain, ldap_err2string(rc)); filename, lnr, domain, ldap_err2string(rc));
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if ((hostlist == NULL) || (*hostlist == '\0')) if ((hostlist == NULL) || (*hostlist == '\0'))
{ {
skipping to change at line 470 skipping to change at line 471
log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%lu require d)", log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%lu require d)",
(unsigned long) strlen(hostlist) + 8); (unsigned long) strlen(hostlist) + 8);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} }
else else
{ {
/* strip default port number */ /* strip default port number */
if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4, ":3 89") == 0)) if ((strlen(hostlist) > 4) && (strcmp(hostlist + strlen(hostlist) - 4, ":3 89") == 0))
hostlist[strlen(hostlist) - 4] = '\0'; hostlist[strlen(hostlist) - 4] = '\0';
if (mysnprintf(buf, sizeof(buf), "ldap://%s", hostlist)) if (mysnprintf(buf, sizeof(buf), "ldap%s://%s", force_ldaps ? "s" : "", ho stlist))
{ {
log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%lu require d)", log_log(LOG_ERR, "add_uris_from_dns(): buf buffer too small (%lu require d)",
(unsigned long) strlen(hostlist) + 7); (unsigned long) strlen(hostlist) + 7);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} }
log_log(LOG_DEBUG, "add_uris_from_dns(): found uri: %s", buf); log_log(LOG_DEBUG, "add_uris_from_dns(): found uri: %s", buf);
add_uri(filename, lnr, cfg, buf); add_uri(filename, lnr, cfg, buf);
/* get next entry from list */ /* get next entry from list */
hostlist = nxt; hostlist = nxt;
skipping to change at line 686 skipping to change at line 687
ldap_domain2dn(domain, &domaindn); ldap_domain2dn(domain, &domaindn);
log_log(LOG_DEBUG, "set_base(): setting base to %s from domain", log_log(LOG_DEBUG, "set_base(): setting base to %s from domain",
domaindn); domaindn);
value = xstrdup(domaindn); value = xstrdup(domaindn);
#else /* not HAVE_LDAP_DOMAIN2DN */ #else /* not HAVE_LDAP_DOMAIN2DN */
log_log(LOG_ERR, "%s:%d: value %s not supported on platform", log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
filename, lnr, value); filename, lnr, value);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
#endif /* not HAVE_LDAP_DOMAIN2DN */ #endif /* not HAVE_LDAP_DOMAIN2DN */
} }
if (strcasecmp(value, "\"\"") == 0)
value = "";
/* find the spot in the list of bases */ /* find the spot in the list of bases */
for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
if (bases[i] == NULL) if (bases[i] == NULL)
{ {
bases[i] = value; bases[i] = value;
return; return;
} }
/* no free spot found */ /* no free spot found */
log_log(LOG_ERR, "%s:%d: maximum number of base options per map (%d) exceeded" , log_log(LOG_ERR, "%s:%d: maximum number of base options per map (%d) exceeded" ,
filename, lnr, NSS_LDAP_CONFIG_MAX_BASES); filename, lnr, NSS_LDAP_CONFIG_MAX_BASES);
skipping to change at line 845 skipping to change at line 848
{ {
switch (ssl) switch (ssl)
{ {
case SSL_OFF: return "off"; case SSL_OFF: return "off";
case SSL_START_TLS: return "start_tls"; case SSL_START_TLS: return "start_tls";
case SSL_LDAPS: return "on"; case SSL_LDAPS: return "on";
default: return "???"; default: return "???";
} }
} }
static void handle_tls_reqcert(const char *filename, int lnr, static int get_tls_reqcert(const char *filename, int lnr,
const char *keyword, char *line) const char *keyword, char **line)
{ {
char token[16]; char token[16];
int value, rc;
/* get token */
check_argumentcount(filename, lnr, keyword, check_argumentcount(filename, lnr, keyword,
get_token(&line, token, sizeof(token)) != NULL); get_token(line, token, sizeof(token)) != NULL);
get_eol(filename, lnr, keyword, &line);
/* check if it is a valid value for tls_reqcert option */ /* check if it is a valid value for tls_reqcert option */
if ((strcasecmp(token, "never") == 0) || (strcasecmp(token, "no") == 0)) if ((strcasecmp(token, "never") == 0) || (strcasecmp(token, "no") == 0))
value = LDAP_OPT_X_TLS_NEVER; return LDAP_OPT_X_TLS_NEVER;
else if (strcasecmp(token, "allow") == 0) else if (strcasecmp(token, "allow") == 0)
value = LDAP_OPT_X_TLS_ALLOW; return LDAP_OPT_X_TLS_ALLOW;
else if (strcasecmp(token, "try") == 0) else if (strcasecmp(token, "try") == 0)
value = LDAP_OPT_X_TLS_TRY; return LDAP_OPT_X_TLS_TRY;
else if ((strcasecmp(token, "demand") == 0) || else if ((strcasecmp(token, "demand") == 0) ||
(strcasecmp(token, "yes") == 0)) (strcasecmp(token, "yes") == 0))
value = LDAP_OPT_X_TLS_DEMAND; return LDAP_OPT_X_TLS_DEMAND;
else if (strcasecmp(token, "hard") == 0) else if (strcasecmp(token, "hard") == 0)
value = LDAP_OPT_X_TLS_HARD; return LDAP_OPT_X_TLS_HARD;
else else
{ {
log_log(LOG_ERR, "%s:%d: %s: invalid argument: '%s'", log_log(LOG_ERR, "%s:%d: %s: invalid argument: '%s'",
filename, lnr, keyword, token); filename, lnr, keyword, token);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,%s)", token);
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &value);
} }
static const char *print_tls_reqcert(int value) static const char *print_tls_reqcert(int value)
{ {
switch (value) switch (value)
{ {
case LDAP_OPT_X_TLS_NEVER: return "never"; case LDAP_OPT_X_TLS_NEVER: return "never";
case LDAP_OPT_X_TLS_ALLOW: return "allow"; case LDAP_OPT_X_TLS_ALLOW: return "allow";
case LDAP_OPT_X_TLS_TRY: return "try"; case LDAP_OPT_X_TLS_TRY: return "try";
case LDAP_OPT_X_TLS_DEMAND: return "demand"; case LDAP_OPT_X_TLS_DEMAND: return "demand";
case LDAP_OPT_X_TLS_HARD: return "hard"; case LDAP_OPT_X_TLS_HARD: return "hard";
default: return "???"; default: return "???";
} }
} }
static void handle_tls_reqcert(const char *filename, int lnr,
const char *keyword, char *line)
{
int value, rc;
value = get_tls_reqcert(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line);
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,%s)",
print_tls_reqcert(value));
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &value);
}
#ifdef LDAP_OPT_X_TLS_REQUIRE_SAN
static void handle_tls_reqsan(const char *filename, int lnr,
const char *keyword, char *line)
{
int value, rc;
value = get_tls_reqcert(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line);
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_SAN,%s)",
print_tls_reqcert(value));
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_REQUIRE_SAN, &value);
}
#endif /* LDAP_OPT_X_TLS_REQUIRE_SAN */
#ifdef LDAP_OPT_X_TLS_CRLCHECK
static void handle_tls_crlcheck(const char *filename, int lnr,
const char *keyword, char *line)
{
char token[16];
int value, rc;
/* get token */
check_argumentcount(filename, lnr, keyword,
get_token(&line, token, sizeof(token)) != NULL);
get_eol(filename, lnr, keyword, &line);
/* check if it is a valid value for tls_crlcheck option */
if (strcasecmp(token, "none") == 0)
value = LDAP_OPT_X_TLS_CRL_NONE;
else if (strcasecmp(token, "peer") == 0)
value = LDAP_OPT_X_TLS_CRL_PEER;
else if (strcasecmp(token, "all") == 0)
value = LDAP_OPT_X_TLS_CRL_ALL;
else
{
log_log(LOG_ERR, "%s:%d: %s: invalid argument: '%s'",
filename, lnr, keyword, token);
exit(EXIT_FAILURE);
}
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CRLCHECK,%s)", token);
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CRLCHECK, &value);
}
static const char *print_tls_crlcheck(int value)
{
switch (value)
{
case LDAP_OPT_X_TLS_CRL_NONE: return "none";
case LDAP_OPT_X_TLS_CRL_PEER: return "peer";
case LDAP_OPT_X_TLS_CRL_ALL: return "all";
default: return "???";
}
}
#endif /* LDAP_OPT_X_TLS_CRLCHECK */
#endif /* LDAP_OPT_X_TLS */ #endif /* LDAP_OPT_X_TLS */
/* this function modifies the line argument passed */ /* this function modifies the line argument passed */
static void handle_nss_initgroups_ignoreusers( static void handle_nss_initgroups_ignoreusers(
const char *filename, int lnr, const char *filename, int lnr,
const char *keyword, char *line, struct ldap_config *cfg) const char *keyword, char *line, struct ldap_config *cfg)
{ {
char token[MAX_LINE_LENGTH]; char token[MAX_LINE_LENGTH];
char *username, *next; char *username, *next;
struct passwd *pwent; struct passwd *pwent;
skipping to change at line 1332 skipping to change at line 1393
} }
/* general connection options */ /* general connection options */
else if (strcasecmp(keyword, "uri") == 0) else if (strcasecmp(keyword, "uri") == 0)
{ {
check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\ 0')); check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\ 0'));
while (get_token(&line, token, sizeof(token)) != NULL) while (get_token(&line, token, sizeof(token)) != NULL)
{ {
if (strcasecmp(token, "dns") == 0) if (strcasecmp(token, "dns") == 0)
{ {
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST #ifdef HAVE_LDAP_DOMAIN2HOSTLIST
add_uris_from_dns(filename, lnr, cfg, add_uris_from_dns(filename, lnr, cfg, cfg_getdomainname(filename, lnr)
cfg_getdomainname(filename, lnr)); , 0);
#else /* not HAVE_LDAP_DOMAIN2HOSTLIST */ #else /* not HAVE_LDAP_DOMAIN2HOSTLIST */
log_log(LOG_ERR, "%s:%d: value %s not supported on platform", log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
filename, lnr, token); filename, lnr, token);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
#endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */ #endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */
} }
else if (strncasecmp(token, "dns:", 4) == 0) else if (strncasecmp(token, "dns:", 4) == 0)
{ {
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST #ifdef HAVE_LDAP_DOMAIN2HOSTLIST
add_uris_from_dns(filename, lnr, cfg, strdup(token + 4)); add_uris_from_dns(filename, lnr, cfg, strdup(token + 4), 0);
#else /* not HAVE_LDAP_DOMAIN2HOSTLIST */
log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
filename, lnr, token);
exit(EXIT_FAILURE);
#endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */
}
else if (strcasecmp(token, "dnsldaps") == 0)
{
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST
add_uris_from_dns(filename, lnr, cfg, cfg_getdomainname(filename, lnr)
, 1);
#else /* not HAVE_LDAP_DOMAIN2HOSTLIST */
log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
filename, lnr, token);
exit(EXIT_FAILURE);
#endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */
}
else if (strncasecmp(token, "dnsldaps:", 9) == 0)
{
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST
add_uris_from_dns(filename, lnr, cfg, strdup(token + 9), 1);
#else /* not HAVE_LDAP_DOMAIN2HOSTLIST */ #else /* not HAVE_LDAP_DOMAIN2HOSTLIST */
log_log(LOG_ERR, "%s:%d: value %s not supported on platform", log_log(LOG_ERR, "%s:%d: value %s not supported on platform",
filename, lnr, token); filename, lnr, token);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
#endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */ #endif /* not HAVE_LDAP_DOMAIN2HOSTLIST */
} }
else else
add_uri(filename, lnr, cfg, token); add_uri(filename, lnr, cfg, token);
} }
} }
skipping to change at line 1563 skipping to change at line 1643
else if (strcasecmp(keyword, "tls_key") == 0) else if (strcasecmp(keyword, "tls_key") == 0)
{ {
value = get_strdup(filename, lnr, keyword, &line); value = get_strdup(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line); get_eol(filename, lnr, keyword, &line);
check_readable(filename, lnr, keyword, value); check_readable(filename, lnr, keyword, value);
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,\"%s\")", log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,\"%s\")",
value); value);
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_KEYFILE, value); LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_KEYFILE, value);
free(value); free(value);
} }
else if (strcasecmp(keyword, "tls_reqsan") == 0)
{
#ifdef LDAP_OPT_X_TLS_REQUIRE_SAN
handle_tls_reqsan(filename, lnr, keyword, line);
#else /* not LDAP_OPT_X_TLS_REQUIRE_SAN */
log_log(LOG_ERR, "%s:%d: option %s not supported on platform",
filename, lnr, keyword);
exit(EXIT_FAILURE);
#endif /* LDAP_OPT_X_TLS_REQUIRE_SAN */
}
else if (strcasecmp(keyword, "tls_crlcheck") == 0)
{
#ifdef LDAP_OPT_X_TLS_CRLCHECK
handle_tls_crlcheck(filename, lnr, keyword, line);
#else /* not LDAP_OPT_X_TLS_CRLCHECK */
log_log(LOG_ERR, "%s:%d: option %s not supported on platform",
filename, lnr, keyword);
exit(EXIT_FAILURE);
#endif /* LDAP_OPT_X_TLS_CRLCHECK */
}
else if (strcasecmp(keyword, "tls_crlfile") == 0)
{
#ifdef LDAP_OPT_X_TLS_CRLFILE
value = get_strdup(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line);
check_readable(filename, lnr, keyword, value);
log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_X_TLS_CRLFILE,\"%s\")",
value);
LDAP_SET_OPTION(NULL, LDAP_OPT_X_TLS_CRLFILE, value);
free(value);
#else /* not LDAP_OPT_X_TLS_CRLFILE */
log_log(LOG_ERR, "%s:%d: option %s not supported on platform",
filename, lnr, keyword);
exit(EXIT_FAILURE);
#endif /* LDAP_OPT_X_TLS_CRLFILE */
}
#endif /* LDAP_OPT_X_TLS */ #endif /* LDAP_OPT_X_TLS */
/* other options */ /* other options */
else if (strcasecmp(keyword, "pagesize") == 0) else if (strcasecmp(keyword, "pagesize") == 0)
{ {
cfg->pagesize = get_int(filename, lnr, keyword, &line); cfg->pagesize = get_int(filename, lnr, keyword, &line);
get_eol(filename, lnr, keyword, &line); get_eol(filename, lnr, keyword, &line);
} }
else if (strcasecmp(keyword, "nss_initgroups_ignoreusers") == 0) else if (strcasecmp(keyword, "nss_initgroups_ignoreusers") == 0)
{ {
handle_nss_initgroups_ignoreusers(filename, lnr, keyword, line, handle_nss_initgroups_ignoreusers(filename, lnr, keyword, line,
skipping to change at line 1757 skipping to change at line 1873
log_log(LOG_DEBUG, "CFG: sasl_secprops %s", nslcd_cfg->sasl_secprops); log_log(LOG_DEBUG, "CFG: sasl_secprops %s", nslcd_cfg->sasl_secprops);
#ifdef LDAP_OPT_X_SASL_NOCANON #ifdef LDAP_OPT_X_SASL_NOCANON
if (nslcd_cfg->sasl_canonicalize >= 0) if (nslcd_cfg->sasl_canonicalize >= 0)
log_log(LOG_DEBUG, "CFG: sasl_canonicalize %s", print_boolean(nslcd_cfg->sas l_canonicalize)); log_log(LOG_DEBUG, "CFG: sasl_canonicalize %s", print_boolean(nslcd_cfg->sas l_canonicalize));
#endif /* LDAP_OPT_X_SASL_NOCANON */ #endif /* LDAP_OPT_X_SASL_NOCANON */
str = getenv("KRB5CCNAME"); str = getenv("KRB5CCNAME");
if (str != NULL) if (str != NULL)
log_log(LOG_DEBUG, "CFG: krb5_ccname %s", str); log_log(LOG_DEBUG, "CFG: krb5_ccname %s", str);
for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
if (nslcd_cfg->bases[i] != NULL) if (nslcd_cfg->bases[i] != NULL)
log_log(LOG_DEBUG, "CFG: base %s", nslcd_cfg->bases[i]); log_log(LOG_DEBUG, "CFG: base %s", nslcd_cfg->bases[i][0] == '\0' ? "\"\"" : nslcd_cfg->bases[i]);
for (map = LM_ALIASES; map < LM_NONE; map++) for (map = LM_ALIASES; map < LM_NONE; map++)
{ {
strp = base_get_var(map); strp = base_get_var(map);
if (strp != NULL) if (strp != NULL)
for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++) for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
if (strp[i] != NULL) if (strp[i] != NULL)
log_log(LOG_DEBUG, "CFG: base %s %s", print_map(map), strp[i]); log_log(LOG_DEBUG, "CFG: base %s %s", print_map(map), strp[i][0] == '\ 0' ? "\"\"" : strp[i]);
} }
log_log(LOG_DEBUG, "CFG: scope %s", print_scope(nslcd_cfg->scope)); log_log(LOG_DEBUG, "CFG: scope %s", print_scope(nslcd_cfg->scope));
for (map = LM_ALIASES; map < LM_NONE; map++) for (map = LM_ALIASES; map < LM_NONE; map++)
{ {
scopep = scope_get_var(map); scopep = scope_get_var(map);
if ((scopep != NULL) && (*scopep != LDAP_SCOPE_DEFAULT)) if ((scopep != NULL) && (*scopep != LDAP_SCOPE_DEFAULT))
log_log(LOG_DEBUG, "CFG: scope %s %s", print_map(map), print_scope(*scopep )); log_log(LOG_DEBUG, "CFG: scope %s %s", print_map(map), print_scope(*scopep ));
} }
log_log(LOG_DEBUG, "CFG: deref %s", print_deref(nslcd_cfg->deref)); log_log(LOG_DEBUG, "CFG: deref %s", print_deref(nslcd_cfg->deref));
log_log(LOG_DEBUG, "CFG: referrals %s", print_boolean(nslcd_cfg->referrals)); log_log(LOG_DEBUG, "CFG: referrals %s", print_boolean(nslcd_cfg->referrals));
skipping to change at line 1854 skipping to change at line 1970
else if ((str != NULL) && (*str != '\0')) \ else if ((str != NULL) && (*str != '\0')) \
log_log(LOG_DEBUG, "CFG: %s %s", cfg, str); \ log_log(LOG_DEBUG, "CFG: %s %s", cfg, str); \
if (str != NULL) \ if (str != NULL) \
ldap_memfree(str); ldap_memfree(str);
LOG_LDAP_OPT_STRING("tls_cacertdir", LDAP_OPT_X_TLS_CACERTDIR); LOG_LDAP_OPT_STRING("tls_cacertdir", LDAP_OPT_X_TLS_CACERTDIR);
LOG_LDAP_OPT_STRING("tls_cacertfile", LDAP_OPT_X_TLS_CACERTFILE); LOG_LDAP_OPT_STRING("tls_cacertfile", LDAP_OPT_X_TLS_CACERTFILE);
LOG_LDAP_OPT_STRING("tls_randfile", LDAP_OPT_X_TLS_RANDOM_FILE); LOG_LDAP_OPT_STRING("tls_randfile", LDAP_OPT_X_TLS_RANDOM_FILE);
LOG_LDAP_OPT_STRING("tls_ciphers", LDAP_OPT_X_TLS_CIPHER_SUITE); LOG_LDAP_OPT_STRING("tls_ciphers", LDAP_OPT_X_TLS_CIPHER_SUITE);
LOG_LDAP_OPT_STRING("tls_cert", LDAP_OPT_X_TLS_CERTFILE); LOG_LDAP_OPT_STRING("tls_cert", LDAP_OPT_X_TLS_CERTFILE);
LOG_LDAP_OPT_STRING("tls_key", LDAP_OPT_X_TLS_KEYFILE); LOG_LDAP_OPT_STRING("tls_key", LDAP_OPT_X_TLS_KEYFILE);
#ifdef LDAP_OPT_X_TLS_REQUIRE_SAN
rc = ldap_get_option(NULL, LDAP_OPT_X_TLS_REQUIRE_SAN, &i);
if (rc != LDAP_SUCCESS)
log_log(LOG_DEBUG, "CFG: # tls_reqsan ERROR: %s", ldap_err2string(rc));
else
log_log(LOG_DEBUG, "CFG: tls_reqsan %s", print_tls_reqcert(i));
#endif /* LDAP_OPT_X_TLS_REQUIRE_SAN */
#ifdef LDAP_OPT_X_TLS_CRLCHECK
rc = ldap_get_option(NULL, LDAP_OPT_X_TLS_CRLCHECK, &i);
if (rc != LDAP_SUCCESS)
log_log(LOG_DEBUG, "CFG: # tls_crlcheck ERROR: %s", ldap_err2string(rc));
else
log_log(LOG_DEBUG, "CFG: tls_crlcheck %s", print_tls_crlcheck(i));
#endif /* LDAP_OPT_X_TLS_CRLCHECK */
#endif /* LDAP_OPT_X_TLS */ #endif /* LDAP_OPT_X_TLS */
log_log(LOG_DEBUG, "CFG: pagesize %d", nslcd_cfg->pagesize); log_log(LOG_DEBUG, "CFG: pagesize %d", nslcd_cfg->pagesize);
if (nslcd_cfg->nss_initgroups_ignoreusers != NULL) if (nslcd_cfg->nss_initgroups_ignoreusers != NULL)
{ {
/* allocate memory for a comma-separated list */ /* allocate memory for a comma-separated list */
strp = set_tolist(nslcd_cfg->nss_initgroups_ignoreusers); strp = set_tolist(nslcd_cfg->nss_initgroups_ignoreusers);
if (strp == NULL) if (strp == NULL)
{ {
log_log(LOG_CRIT, "malloc() failed to allocate memory"); log_log(LOG_CRIT, "malloc() failed to allocate memory");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
skipping to change at line 1956 skipping to change at line 2086
log_log(LOG_WARNING, "%s doesn't start with ldaps:// and \"ssl on\" is s pecified", log_log(LOG_WARNING, "%s doesn't start with ldaps:// and \"ssl on\" is s pecified",
nslcd_cfg->uris[i].uri); nslcd_cfg->uris[i].uri);
} }
} }
/* TODO: check that if some tls options are set the ssl option should be set t o on (just warn) */ /* TODO: check that if some tls options are set the ssl option should be set t o on (just warn) */
#endif /* LDAP_OPT_X_TLS */ #endif /* LDAP_OPT_X_TLS */
/* if basedn is not yet set, get if from the rootDSE */ /* if basedn is not yet set, get if from the rootDSE */
if (nslcd_cfg->bases[0] == NULL) if (nslcd_cfg->bases[0] == NULL)
nslcd_cfg->bases[0] = get_base_from_rootdse(); nslcd_cfg->bases[0] = get_base_from_rootdse();
/* TODO: handle the case gracefully when no LDAP server is available yet */ /* TODO: handle the case gracefully when no LDAP server is available yet */
/* see if we have a valid basedn */
if ((nslcd_cfg->bases[0] == NULL) || (nslcd_cfg->bases[0][0] == '\0'))
{
log_log(LOG_ERR, "no base defined in config and couldn't get one from server
");
exit(EXIT_FAILURE);
}
/* dump configuration */ /* dump configuration */
cfg_dump(); cfg_dump();
/* initialise all database modules */ /* initialise all database modules */
alias_init(); alias_init();
ether_init(); ether_init();
group_init(); group_init();
host_init(); host_init();
netgroup_init(); netgroup_init();
network_init(); network_init();
passwd_init(); passwd_init();
 End of changes. 22 change blocks. 
29 lines changed or deleted 154 lines changed or added
To the C Programs section of the nss-pam-ldapd source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)