diff options
| author | Luke Shumaker <lukeshu@sbcglobal.net> | 2014-12-04 01:08:26 -0500 |
|---|---|---|
| committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2014-12-04 01:08:26 -0500 |
| commit | 03ebf05e4f7646d4574acbc952b23976e4f8a175 (patch) | |
| tree | b6dee89777ebfe3658bc091e4fd74682c042a5f9 | |
| parent | 4477953aae80e03f881042d476ecc95d6b24ab5d (diff) | |
get strict (-Wall -Werror -Wextra), clean up
| -rw-r--r-- | common/nslcd-prot.h | 299 | ||||
| -rw-r--r-- | nslcd/Makefile.am | 2 | ||||
| -rw-r--r-- | nslcd/cfg.c | 158 | ||||
| -rw-r--r-- | nslcd/cfg.h | 10 | ||||
| -rw-r--r-- | nslcd/common.c | 66 | ||||
| -rw-r--r-- | nslcd/common.h | 41 | ||||
| -rw-r--r-- | nslcd/db_config.c | 1 | ||||
| -rw-r--r-- | nslcd/db_pam.c | 26 | ||||
| -rw-r--r-- | nslcd/db_passwd.c | 7 | ||||
| -rw-r--r-- | nslcd/db_shadow.c | 6 | ||||
| -rw-r--r-- | nslcd/hackers_parse.c | 5 | ||||
| -rw-r--r-- | nslcd/hackers_watch.c | 1 | ||||
| -rw-r--r-- | nslcd/nslcd.c | 1 |
13 files changed, 212 insertions, 411 deletions
diff --git a/common/nslcd-prot.h b/common/nslcd-prot.h index acc42f6..5355bfa 100644 --- a/common/nslcd-prot.h +++ b/common/nslcd-prot.h @@ -41,16 +41,22 @@ pass -DDEBUG_PROT to do overall protocol debugging, and -DDEBUG_PROT_DUMP to dump the actual bytestream. */ +#if GCC_VERSION(3, 0) +static void removedcall() __attribute__((unused)); +#endif +static void removedcall() {} + + #ifdef DEBUG_PROT /* define a debugging macro to output logging */ #include <string.h> #include <errno.h> #define DEBUG_PRINT(fmt, arg) \ - fprintf(stderr, "%s:%d:%s: " fmt "\n", __FILE__, __LINE__, \ - __PRETTY_FUNCTION__, arg); + fprintf(stderr, "%s:%d:%s: " fmt "\n", \ + __FILE__, __LINE__, __PRETTY_FUNCTION__, arg) #else /* DEBUG_PROT */ /* define an empty debug macro to disable logging */ -#define DEBUG_PRINT(fmt, arg) +#define DEBUG_PRINT(fmt, arg) removedcall() #endif /* not DEBUG_PROT */ #ifdef DEBUG_PROT_DUMP @@ -66,11 +72,13 @@ static void debug_dump(const void *ptr, size_t size) fprintf(stderr, "\n"); } #define DEBUG_DUMP(ptr, size) \ - fprintf(stderr, "%s:%d:%s:", __FILE__, __LINE__, __PRETTY_FUNCTION__); \ - debug_dump(ptr, size); + do { \ + fprintf(stderr, "%s:%d:%s:", __FILE__, __LINE__, __PRETTY_FUNCTION__); \ + debug_dump(ptr, size); \ + } while(0) #else /* DEBUG_PROT_DUMP */ /* define an empty debug macro to disable logging */ -#define DEBUG_DUMP(ptr, size) +#define DEBUG_DUMP(ptr, size) removedcall() #endif /* not DEBUG_PROT_DUMP */ @@ -78,39 +86,45 @@ static void debug_dump(const void *ptr, size_t size) call the ERROR_OUT_WRITEERROR macro these macros may require the availability of the following variables: - int32_t tmpint32; - temporary variable */ #define WRITE(fp, ptr, size) \ - DEBUG_PRINT("WRITE : var="__STRING(ptr)" size=%d", (int)size); \ - DEBUG_DUMP(ptr, size); \ - if (tio_write(fp, ptr, (size_t)size)) \ - { \ - DEBUG_PRINT("WRITE : var="__STRING(ptr)" error: %s", \ - strerror(errno)); \ - ERROR_OUT_WRITEERROR(fp); \ - } + do { \ + DEBUG_PRINT("WRITE : var="__STRING(ptr)" size=%d", (int)size); \ + DEBUG_DUMP(ptr, size); \ + if (tio_write(fp, ptr, (size_t)size)) \ + { \ + DEBUG_PRINT("WRITE : var="__STRING(ptr)" error: %s", \ + strerror(errno)); \ + ERROR_OUT_WRITEERROR(fp); \ + } \ + } while(0) #define WRITE_INT32(fp, i) \ - DEBUG_PRINT("WRITE_INT32 : var="__STRING(i)" int32=%08x", (int)i); \ - tmpint32 = htonl((int32_t)(i)); \ - WRITE(fp, &tmpint32, sizeof(int32_t)) + ({ \ + DEBUG_PRINT("WRITE_INT32 : var="__STRING(i)" int32=%08x", (int)i); \ + int32_t tmpint32 = htonl((int32_t)(i)); \ + WRITE(fp, &tmpint32, sizeof(int32_t)); \ + tmpint32; \ + }) #define WRITE_STRING(fp, str) \ - DEBUG_PRINT("WRITE_STRING: var="__STRING(str)" string=\"%s\"", (str)); \ - if ((str) == NULL) \ - { \ - WRITE_INT32(fp, 0); \ - } \ - else \ - { \ - WRITE_INT32(fp, strlen(str)); \ - tmpint32 = ntohl(tmpint32); \ - if (tmpint32 > 0) \ + ({ \ + DEBUG_PRINT("WRITE_STRING: var="__STRING(str)" string=\"%s\"", (str)); \ + if ((str) == NULL) \ { \ - WRITE(fp, (str), tmpint32); \ + WRITE_INT32(fp, 0); \ } \ - } + else \ + { \ + int32_t tmpint32 = WRITE_INT32(fp, strlen(str)); \ + tmpint32 = ntohl(tmpint32); \ + if (tmpint32 > 0) \ + { \ + WRITE(fp, (str), tmpint32); \ + } \ + } \ + }) #define WRITE_STRINGLIST(fp, arr) \ if ((arr) == NULL) \ @@ -155,52 +169,57 @@ static void debug_dump(const void *ptr, size_t size) call the ERROR_OUT_READERROR or ERROR_OUT_BUFERROR macro these macros may require the availability of the following variables: - int32_t tmpint32; - temporary variable */ #define READ(fp, ptr, size) \ - if (tio_read(fp, ptr, (size_t)size)) \ - { \ - DEBUG_PRINT("READ : var="__STRING(ptr)" error: %s", \ - strerror(errno)); \ - ERROR_OUT_READERROR(fp); \ - } \ - DEBUG_PRINT("READ : var="__STRING(ptr)" size=%d", (int)(size)); \ - DEBUG_DUMP(ptr, size); + do { \ + if (tio_read(fp, ptr, (size_t)size)) \ + { \ + DEBUG_PRINT("READ : var="__STRING(ptr)" error: %s", \ + strerror(errno)); \ + ERROR_OUT_READERROR(fp); \ + } \ + DEBUG_PRINT("READ : var="__STRING(ptr)" size=%d", (int)(size)); \ + DEBUG_DUMP(ptr, size); \ + } while(0) #define READ_INT32(fp, i) \ - READ(fp, &tmpint32, sizeof(int32_t)); \ - (i) = (int32_t)ntohl(tmpint32); \ - DEBUG_PRINT("READ_INT32 : var="__STRING(i)" int32==%08x", (int)(i)); + ({ \ + int32_t tmpint32; \ + READ(fp, &tmpint32, sizeof(int32_t)); \ + (i) = (int32_t)ntohl(tmpint32); \ + DEBUG_PRINT("READ_INT32 : var="__STRING(i)" int32==%08x", (int)(i)); \ + }) /* read a string in a fixed-size "normal" buffer */ #define READ_STRING(fp, buffer) \ - /* read the size of the string */ \ - READ(fp, &tmpint32, sizeof(int32_t)); \ - tmpint32 = ntohl(tmpint32); \ - DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" strlen=%d", tmpint32); \ - /* check if read would fit */ \ - if (((size_t)tmpint32) >= sizeof(buffer)) \ - { \ - /* will not fit */ \ - tmpint32 = (tmpint32 - sizeof(buffer)) + 1; \ - DEBUG_PRINT("READ : buffer %d bytes too small", tmpint32); \ - ERROR_OUT_BUFERROR(fp); \ - } \ - /* read string from the stream */ \ - if (tmpint32 > 0) \ - { \ - READ(fp, buffer, (size_t)tmpint32); \ - } \ - /* null-terminate string in buffer */ \ - buffer[tmpint32] = '\0'; \ - DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" string=\"%s\"", buffer); - + ({ \ + /* read the size of the string */ \ + int32_t tmpint32; \ + READ(fp, &tmpint32, sizeof(int32_t)); \ + tmpint32 = ntohl(tmpint32); \ + DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" strlen=%d", tmpint32); \ + /* check if read would fit */ \ + if (((size_t)tmpint32) >= sizeof(buffer)) \ + { \ + /* will not fit */ \ + tmpint32 = (tmpint32 - sizeof(buffer)) + 1; \ + DEBUG_PRINT("READ : buffer %d bytes too small", tmpint32); \ + ERROR_OUT_BUFERROR(fp); \ + } \ + /* read string from the stream */ \ + if (tmpint32 > 0) \ + { \ + READ(fp, buffer, (size_t)tmpint32); \ + } \ + /* null-terminate string in buffer */ \ + buffer[tmpint32] = '\0'; \ + DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" string=\"%s\"", buffer); \ + }) /* READ BUF macros that read data into a pre-allocated buffer. these macros may require the availability of the following variables: - int32_t tmpint32; - temporary variable char *buffer; - pointer to a buffer for reading strings size_t buflen; - the size of the buffer size_t bufptr; - the current position in the buffer @@ -212,17 +231,19 @@ static void debug_dump(const void *ptr, size_t size) /* check that the buffer has sz bytes left in it */ #define BUF_CHECK(fp, sz) \ - if ((bufptr + (size_t)(sz)) > buflen) \ - { \ - /* will not fit */ \ - tmpint32 = bufptr + (sz) - (buflen); \ - DEBUG_PRINT("READ : buffer %d bytes too small", tmpint32); \ - ERROR_OUT_BUFERROR(fp); \ - } + ({ \ + if ((bufptr + (size_t)(sz)) > buflen) \ + { \ + /* will not fit */ \ + int32_t tmpint32 = bufptr + (sz) - (buflen); \ + DEBUG_PRINT("READ : buffer %d bytes too small", tmpint32); \ + ERROR_OUT_BUFERROR(fp); \ + } \ + }) /* move the buffer pointer */ #define BUF_SKIP(sz) \ - bufptr += (size_t)(sz); + bufptr += (size_t)(sz) /* move BUF_CUR foreward so that it is aligned to the specified type width */ @@ -257,74 +278,87 @@ static void debug_dump(const void *ptr, size_t size) /* read string in the buffer (using buffer, buflen and bufptr) and store the actual location of the string in field */ #define READ_BUF_STRING(fp, field) \ - /* read the size of the string */ \ - READ(fp, &tmpint32, sizeof(int32_t)); \ - tmpint32 = ntohl(tmpint32); \ - DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" strlen=%d", tmpint32); \ - /* check if read would fit */ \ - BUF_CHECK(fp, tmpint32 + 1); \ - /* read string from the stream */ \ - if (tmpint32 > 0) \ - { \ - READ(fp, BUF_CUR, (size_t)tmpint32); \ - } \ - /* null-terminate string in buffer */ \ - BUF_CUR[tmpint32] = '\0'; \ - DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" string=\"%s\"", BUF_CUR); \ - /* prepare result */ \ - (field) = BUF_CUR; \ - BUF_SKIP(tmpint32 + 1); + ({ \ + int32 tmpint32; \ + /* read the size of the string */ \ + READ(fp, &tmpint32, sizeof(int32_t)); \ + tmpint32 = ntohl(tmpint32); \ + DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" strlen=%d", tmpint32); \ + /* check if read would fit */ \ + BUF_CHECK(fp, tmpint32 + 1); \ + /* read string from the stream */ \ + if (tmpint32 > 0) \ + { \ + READ(fp, BUF_CUR, (size_t)tmpint32); \ + } \ + /* null-terminate string in buffer */ \ + BUF_CUR[tmpint32] = '\0'; \ + DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" string=\"%s\"", BUF_CUR); \ + /* prepare result */ \ + (field) = BUF_CUR; \ + BUF_SKIP(tmpint32 + 1); \ + }) /* read an array from a stram and store it as a null-terminated array list (size for the array is allocated) */ #define READ_BUF_STRINGLIST(fp, arr) \ - /* read the number of entries */ \ - READ(fp, &tmp3int32, sizeof(int32_t)); \ - tmp3int32 = ntohl(tmp3int32); \ - DEBUG_PRINT("READ_STRLST: var="__STRING(arr)" num=%d", (int)tmp3int32); \ - /* allocate room for *char[num + 1] */ \ - BUF_ALLOC(fp, arr, char *, tmp3int32 + 1); \ - /* read all entries */ \ - for (tmp2int32 = 0; tmp2int32 < tmp3int32; tmp2int32++) \ - { \ - READ_BUF_STRING(fp, (arr)[tmp2int32]); \ - } \ - /* set last entry to NULL */ \ - (arr)[tmp2int32] = NULL; - + ({ \ + int32 tmpint32; \ + /* read the number of entries */ \ + READ(fp, &tmp3int32, sizeof(int32_t)); \ + tmp3int32 = ntohl(tmp3int32); \ + DEBUG_PRINT("READ_STRLST: var="__STRING(arr)" num=%d", (int)tmp3int32); \ + /* allocate room for *char[num + 1] */ \ + BUF_ALLOC(fp, arr, char *, tmp3int32 + 1); \ + /* read all entries */ \ + for (tmp2int32 = 0; tmp2int32 < tmp3int32; tmp2int32++) \ + { \ + READ_BUF_STRING(fp, (arr)[tmp2int32]); \ + } \ + /* set last entry to NULL */ \ + (arr)[tmp2int32] = NULL; \ + }) /* SKIP macros for skipping over certain parts of the protocol stream. */ /* skip a number of bytes foreward */ #define SKIP(fp, sz) \ - DEBUG_PRINT("READ : skip %d bytes", (int)(sz)); \ - /* read (skip) the specified number of bytes */ \ - if (tio_skip(fp, sz)) \ - { \ - DEBUG_PRINT("READ : skip error: %s", strerror(errno)); \ - ERROR_OUT_READERROR(fp); \ - } + do { \ + DEBUG_PRINT("READ : skip %d bytes", (int)(sz)); \ + /* read (skip) the specified number of bytes */ \ + if (tio_skip(fp, sz)) \ + { \ + DEBUG_PRINT("READ : skip error: %s", strerror(errno)); \ + ERROR_OUT_READERROR(fp); \ + } \ + } while(0) /* read a string from the stream but don't do anything with the result */ #define SKIP_STRING(fp) \ - /* read the size of the string */ \ - READ(fp, &tmpint32, sizeof(int32_t)); \ - tmpint32 = ntohl(tmpint32); \ - DEBUG_PRINT("READ_STRING: skip %d bytes", (int)tmpint32); \ - /* read (skip) the specified number of bytes */ \ - SKIP(fp, tmpint32); + ({ \ + int32_t tmpint32; \ + /* read the size of the string */ \ + READ(fp, &tmpint32, sizeof(int32_t)); \ + tmpint32 = ntohl(tmpint32); \ + DEBUG_PRINT("READ_STRING: skip %d bytes", (int)tmpint32); \ + /* read (skip) the specified number of bytes */ \ + SKIP(fp, tmpint32); \ + }) /* skip a list of strings */ #define SKIP_STRINGLIST(fp) \ - /* read the number of entries */ \ - READ(fp, &tmp3int32, sizeof(int32_t)); \ - tmp3int32 = ntohl(tmp3int32); \ - DEBUG_PRINT("READ_STRLST: skip %d strings", (int)tmp3int32); \ - /* read all entries */ \ - for (tmp2int32 = 0; tmp2int32 < tmp3int32; tmp2int32++) \ - { \ - SKIP_STRING(fp); \ - } + ({ \ + int32_t tmpint32; \ + /* read the number of entries */ \ + READ(fp, &tmp3int32, sizeof(int32_t)); \ + tmp3int32 = ntohl(tmp3int32); \ + DEBUG_PRINT("READ_STRLST: skip %d strings", (int)tmp3int32); \ + /* read all entries */ \ + for (tmp2int32 = 0; tmp2int32 < tmp3int32; tmp2int32++) \ + { \ + SKIP_STRING(fp); \ + } \ + }) /* These are functions and macors for performing common operations in @@ -333,11 +367,14 @@ static void debug_dump(const void *ptr, size_t size) /* Read the response code (the result code of the query) from the stream. */ #define READ_RESPONSE_CODE(fp) \ - READ(fp, &tmpint32, sizeof(int32_t)); \ - tmpint32 = ntohl(tmpint32); \ - if (tmpint32 != (int32_t)NSLCD_RESULT_BEGIN) \ - { \ - ERROR_OUT_NOSUCCESS(fp); \ - } + ({ \ + int32_t tmpint32; \ + READ(fp, &tmpint32, sizeof(int32_t)); \ + tmpint32 = ntohl(tmpint32); \ + if (tmpint32 != (int32_t)NSLCD_RESULT_BEGIN) \ + { \ + ERROR_OUT_NOSUCCESS(fp); \ + } \ + }) #endif /* not COMMON__NSLCD_PROT_H */ diff --git a/nslcd/Makefile.am b/nslcd/Makefile.am index 8983778..d5f908c 100644 --- a/nslcd/Makefile.am +++ b/nslcd/Makefile.am @@ -21,7 +21,7 @@ sbin_PROGRAMS = nslcd AM_CPPFLAGS=-I$(top_srcdir) -AM_CFLAGS = -std=c99 $(PTHREAD_CFLAGS) +AM_CFLAGS = -std=c99 $(PTHREAD_CFLAGS) -Wall -Werror -Wextra -Wno-unused-parameter nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \ ../common/inotify_helpers.h \ diff --git a/nslcd/cfg.c b/nslcd/cfg.c index 6a9811a..d9a800f 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -339,24 +339,6 @@ static enum ldap_map_selector parse_map(const char *value) return LM_NONE; } -/* check to see if the line begins with a named map */ -static enum ldap_map_selector get_map(char **line) -{ - char token[32]; - char *old; - enum ldap_map_selector map; - /* get the token */ - old = *line; - if (get_token(line, token, sizeof(token)) == NULL) - return LM_NONE; - /* see if we found a map */ - map = parse_map(token); - /* unknown map, return to the previous state */ - if (map == LM_NONE) - *line = old; - return map; -} - static const char *print_map(enum ldap_map_selector map) { switch (map) @@ -479,53 +461,6 @@ static void handle_validnames(const char *filename, int lnr, free(value); } -static void handle_pam_authz_search( - const char *filename, int lnr, - const char *keyword, char *line, struct ldap_config *cfg) -{ - SET *set; - const char **list; - int i; - check_argumentcount(filename, lnr, keyword, (line != NULL) && (*line != '\0')); - /* find free spot for search filter */ - for (i = 0; (i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) && (cfg->pam_authz_searches[i] != NULL); - i++) - /* nothing */ ; - if (i >= NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES) - { - log_log(LOG_ERR, "%s:%d: maximum number of pam_authz_search options (%d) exceeded", - filename, lnr, NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES); - exit(EXIT_FAILURE); - } - cfg->pam_authz_searches[i] = xstrdup(line); - /* check the variables used in the expression */ - set = expr_vars(cfg->pam_authz_searches[i], NULL); - list = set_tolist(set); - if (list == NULL) - { - log_log(LOG_CRIT, "malloc() failed to allocate memory"); - exit(EXIT_FAILURE); - } - for (i = 0; list[i] != NULL; i++) - { - if ((strcmp(list[i], "username") != 0) && - (strcmp(list[i], "service") != 0) && - (strcmp(list[i], "ruser") != 0) && - (strcmp(list[i], "rhost") != 0) && - (strcmp(list[i], "tty") != 0) && - (strcmp(list[i], "hostname") != 0) && - (strcmp(list[i], "fqdn") != 0) && - (strcmp(list[i], "dn") != 0) && (strcmp(list[i], "uid") != 0)) - { - log_log(LOG_ERR, "%s:%d: unknown variable $%s", filename, lnr, list[i]); - exit(EXIT_FAILURE); - } - } - /* free memory */ - set_free(set); - free(list); -} - static void handle_pam_password_prohibit_message( const char *filename, int lnr, const char *keyword, char *line, struct ldap_config *cfg) @@ -578,28 +513,6 @@ static void handle_reconnect_invalidate( } } -/* check that the file is not world readable */ -static void check_permissions(const char *filename, const char *keyword) -{ - struct stat sb; - /* get file status */ - if (stat(filename, &sb)) - { - log_log(LOG_ERR, "cannot stat() %s: %s", filename, strerror(errno)); - exit(EXIT_FAILURE); - } - /* check permissions */ - if ((sb.st_mode & 0007) != 0) - { - if (keyword != NULL) - log_log(LOG_ERR, "%s: file should not be world readable if %s is set", - filename, keyword); - else - log_log(LOG_ERR, "%s: file should not be world readable", filename); - exit(EXIT_FAILURE); - } -} - /* set the configuration information to the defaults */ static void cfg_defaults(struct ldap_config *cfg) { @@ -618,8 +531,6 @@ static void cfg_defaults(struct ldap_config *cfg) "/^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i", cfg); cfg->ignorecase = 0; - for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++) - cfg->pam_authz_searches[i] = NULL; cfg->pam_password_prohibit_message = NULL; for (i = 0; i < LM_NONE; i++) cfg->reconnect_invalidate[i] = 0; @@ -632,7 +543,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) char linebuf[MAX_LINE_LENGTH]; char *line; char keyword[32]; - char token[64]; int i; /* open config file */ if ((fp = fopen(filename, "r")) == NULL) @@ -712,10 +622,6 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) cfg->ignorecase = get_boolean(filename, lnr, keyword, &line); get_eol(filename, lnr, keyword, &line); } - else if (strcasecmp(keyword, "pam_authz_search") == 0) - { - handle_pam_authz_search(filename, lnr, keyword, line, cfg); - } else if (strcasecmp(keyword, "pam_password_prohibit_message") == 0) { handle_pam_password_prohibit_message(filename, lnr, keyword, line, cfg); @@ -737,73 +643,12 @@ static void cfg_read(const char *filename, struct ldap_config *cfg) fclose(fp); } -#ifdef NSLCD_BINDPW_PATH -static void bindpw_read(const char *filename, struct ldap_config *cfg) -{ - FILE *fp; - char linebuf[MAX_LINE_LENGTH]; - int i; - /* open config file */ - errno = 0; - if ((fp = fopen(filename, "r")) == NULL) - { - if (errno == ENOENT) - { - log_log(LOG_DEBUG, "no bindpw file (%s)", filename); - return; /* ignore */ - } - else - { - log_log(LOG_ERR, "cannot open bindpw file (%s): %s", - filename, strerror(errno)); - exit(EXIT_FAILURE); - } - } - /* check permissions */ - check_permissions(filename, NULL); - /* read the first line */ - if (fgets(linebuf, sizeof(linebuf), fp) == NULL) - { - log_log(LOG_ERR, "%s: error reading first line", filename); - exit(EXIT_FAILURE); - } - /* chop the last char off and save the rest as bindpw */ - i = (int)strlen(linebuf); - if ((i <= 0) || (linebuf[i - 1] != '\n')) - { - log_log(LOG_ERR, "%s:1: line too long or missing newline", filename); - exit(EXIT_FAILURE); - } - linebuf[i - 1] = '\0'; - if (strlen(linebuf) == 0) - { - log_log(LOG_ERR, "%s:1: the password is empty", filename); - exit(EXIT_FAILURE); - } - cfg->bindpw = strdup(linebuf); - /* check if there is no more data in the file */ - if (fgets(linebuf, sizeof(linebuf), fp) != NULL) - { - log_log(LOG_ERR, "%s:2: there is more than one line in the bindpw file", - filename); - exit(EXIT_FAILURE); - } - fclose(fp); -} -#endif /* NSLCD_BINDPW_PATH */ - /* dump configuration */ static void cfg_dump(void) { int i; -#ifdef LDAP_OPT_X_TLS - int rc; -#endif /* LDAP_OPT_X_TLS */ - enum ldap_map_selector map; - char *str; const char **strp; char buffer[1024]; - int *scopep; log_log(LOG_DEBUG, "CFG: threads %d", nslcd_cfg->threads); if (nslcd_cfg->uidname != NULL) log_log(LOG_DEBUG, "CFG: uid %s", nslcd_cfg->uidname); @@ -844,9 +689,6 @@ static void cfg_dump(void) log_log(LOG_DEBUG, "CFG: nss_nested_groups %s", print_boolean(nslcd_cfg->nss_nested_groups)); log_log(LOG_DEBUG, "CFG: validnames %s", nslcd_cfg->validnames_str); log_log(LOG_DEBUG, "CFG: ignorecase %s", print_boolean(nslcd_cfg->ignorecase)); - for (i = 0; i < NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES; i++) - if (nslcd_cfg->pam_authz_searches[i] != NULL) - log_log(LOG_DEBUG, "CFG: pam_authz_search %s", nslcd_cfg->pam_authz_searches[i]); if (nslcd_cfg->pam_password_prohibit_message != NULL) log_log(LOG_DEBUG, "CFG: pam_password_prohibit_message \"%s\"", nslcd_cfg->pam_password_prohibit_message); /* build a comma-separated list */ diff --git a/nslcd/cfg.h b/nslcd/cfg.h index 5fc3147..890974c 100644 --- a/nslcd/cfg.h +++ b/nslcd/cfg.h @@ -35,15 +35,6 @@ #define NOUID ((gid_t)-1) #define NOGID ((gid_t)-1) -/* maximum number of URIs */ -#define NSS_LDAP_CONFIG_MAX_URIS 31 - -/* maximum number of search bases */ -#define NSS_LDAP_CONFIG_MAX_BASES 31 - -/* maximum number of pam_authz_search options */ -#define NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES 8 - /* selectors for different maps */ enum ldap_map_selector { LM_ALIASES, @@ -74,7 +65,6 @@ struct ldap_config { regex_t validnames; /* the regular expression to determine valid names */ char *validnames_str; /* string version of validnames regexp */ int ignorecase; /* whether or not case should be ignored in lookups */ - char *pam_authz_searches[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; /* the searches that should be performed to do autorisation checks */ char *pam_password_prohibit_message; /* whether password changing should be denied and user prompted with this message */ char reconnect_invalidate[LM_NONE]; /* set to 1 if the corresponding map should be invalidated */ }; diff --git a/nslcd/common.c b/nslcd/common.c index 3c82d71..da508f6 100644 --- a/nslcd/common.c +++ b/nslcd/common.c @@ -113,72 +113,6 @@ const char *signame(int signum) } } -/* return the fully qualified domain name of the current host */ -const char *getfqdn(void) -{ - static char *fqdn = NULL; - char hostname[BUFLEN_HOSTNAME]; - int hostnamelen; - int i; - struct hostent *host = NULL; - /* if we already have a fqdn return that */ - if (fqdn != NULL) - return fqdn; - /* get system hostname */ - if (gethostname(hostname, sizeof(hostname)) < 0) - { - log_log(LOG_ERR, "gethostname() failed: %s", strerror(errno)); - return NULL; - } - hostnamelen = strlen(hostname); - /* lookup hostent */ - host = gethostbyname(hostname); - if (host == NULL) - { - log_log(LOG_ERR, "gethostbyname(%s): %s", hostname, hstrerror(h_errno)); - /* fall back to hostname */ - fqdn = strdup(hostname); - return fqdn; - } - /* check h_name for fqdn starting with our hostname */ - if ((strncasecmp(hostname, host->h_name, hostnamelen) == 0) && - (host->h_name[hostnamelen] == '.') && - (host->h_name[hostnamelen + 1] != '\0')) - { - fqdn = strdup(host->h_name); - return fqdn; - } - /* also check h_aliases */ - for (i = 0; host->h_aliases[i] != NULL; i++) - { - if ((strncasecmp(hostname, host->h_aliases[i], hostnamelen) == 0) && - (host->h_aliases[i][hostnamelen] == '.') && - (host->h_aliases[i][hostnamelen + 1] != '\0')) - { - fqdn = strdup(host->h_aliases[i]); - return fqdn; - } - } - /* fall back to h_name if it has a dot in it */ - if (strchr(host->h_name, '.') != NULL) - { - fqdn = strdup(host->h_name); - return fqdn; - } - /* also check h_aliases */ - for (i = 0; host->h_aliases[i] != NULL; i++) - { - if (strchr(host->h_aliases[i], '.') != NULL) - { - fqdn = strdup(host->h_aliases[i]); - return fqdn; - } - } - /* nothing found, fall back to hostname */ - fqdn = strdup(hostname); - return fqdn; -} - /* Checks if the specified name seems to be a valid user or group name. */ int isvalidname(const char *name) { diff --git a/nslcd/common.h b/nslcd/common.h index 89022b8..7951588 100644 --- a/nslcd/common.h +++ b/nslcd/common.h @@ -26,6 +26,7 @@ #include <errno.h> #include <limits.h> +#include <string.h> #ifdef HAVE_STDINT_H #include <stdint.h> #endif /* HAVE_STDINT_H */ @@ -47,20 +48,26 @@ stream */ #define ERROR_OUT_WRITEERROR(fp) \ - if (errno == EPIPE) \ - log_log(LOG_DEBUG, "error writing to client: %s", strerror(errno)); \ - else \ - log_log(LOG_WARNING, "error writing to client: %s", strerror(errno)); \ - return -1; + do { \ + if (errno == EPIPE) \ + log_log(LOG_DEBUG, "error writing to client: %s", strerror(errno)); \ + else \ + log_log(LOG_WARNING, "error writing to client: %s", strerror(errno)); \ + return -1; \ + } while(0) #define ERROR_OUT_READERROR(fp) \ - log_log(LOG_WARNING, "error reading from client: %s", strerror(errno)); \ - return -1; + do { \ + log_log(LOG_WARNING, "error reading from client: %s", strerror(errno)); \ + return -1; \ + } while(0) #define ERROR_OUT_BUFERROR(fp) \ - log_log(LOG_ERR, "client supplied argument %d bytes too large", \ - tmpint32); \ - return -1; + do { \ + log_log(LOG_ERR, "client supplied argument %d bytes too large", \ + tmpint32); \ + return -1; \ + } while(0) /* a simple wrapper around snprintf, returns 0 if ok, -1 on error */ @@ -70,11 +77,6 @@ int mysnprintf(char *buffer, size_t buflen, const char *format, ...) /* get a name of a signal with a given signal number */ const char *signame(int signum); -/* return the fully qualified domain name of the current host - the returned value does not need to be freed but is re-used for every - call */ -MUST_USE const char *getfqdn(void); - /* This tries to get the user password attribute from the entry. It will try to return an encrypted password as it is used in /etc/passwd, /etc/group or /etc/shadow depending upon what is in the directory. @@ -213,11 +215,12 @@ void shadow_init(void); #define NSLCD_HANDLE_BODY(db, fn, fndecls, fnread, fncheck, tentry, fnsearch, fnwrite, fnclean) \ { \ /* define common variables */ \ - int32_t tmpint32; \ tentry *entry = NULL; \ int rc = 1; \ fndecls \ tentry *search(int *rcp) { fnsearch } \ + int write(TFILE *fp, tentry *entry) { fnwrite } \ + void clean() { fnclean } \ /* read request parameters */ \ fnread \ /* validate request parameters */ \ @@ -228,8 +231,8 @@ void shadow_init(void); /* go over results */ \ while ((entry = search(&rc)) != NULL) \ { \ - if ( ({ fnwrite }) ) { \ - fnclean \ + if ( write(fp, entry) ) { \ + clean(); \ return -1; \ } \ } \ @@ -238,7 +241,7 @@ void shadow_init(void); { \ WRITE_INT32(fp, NSLCD_RESULT_END); \ } \ - fnclean \ + clean(); \ return 0; \ } diff --git a/nslcd/db_config.c b/nslcd/db_config.c index 75c9ec1..ed94bf5 100644 --- a/nslcd/db_config.c +++ b/nslcd/db_config.c @@ -35,7 +35,6 @@ int nslcd_config_get(TFILE *fp, MYLDAP_SESSION UNUSED(*session)) { - int32_t tmpint32; int32_t cfgopt; /* read request parameters */ READ_INT32(fp, cfgopt); diff --git a/nslcd/db_pam.c b/nslcd/db_pam.c index 0b101aa..08a9a4a 100644 --- a/nslcd/db_pam.c +++ b/nslcd/db_pam.c @@ -114,10 +114,9 @@ NSLCD_HANDLE_UID(PAM, AUTHC entry->authz_msg[0] = '\0'; /* try authentication */ - /* TODO */ - /*entry->authc_rc = check_password(password, hash) + entry->authc_rc = check_password(password, NULL /* TODO */) ? NSLCD_PAM_SUCCESS - : NSLCD_PAM_AUTH_ERR; */ + : NSLCD_PAM_AUTH_ERR; entry->authz_rc = entry->authc_rc; /*myldap_get_policy_response(session, &(entry->authz_rc), &(entry->authz_msg))*/ @@ -132,7 +131,7 @@ NSLCD_HANDLE_UID(PAM, AUTHC WRITE_STRING(fp, username); WRITE_INT32( fp, entry->authz_rc); WRITE_STRING(fp, entry->authz_msg); - 0; + return 0; ,/* cleanup */ memset(password, 0, sizeof(password)); ) @@ -159,11 +158,10 @@ NSLCD_HANDLE(PAM, AUTHZ ,/* check */ ,/* search(int *rcp) */ struct authz, - static size_t i = 0; struct passwd *user = NULL; struct authz *entry = &_entry; - for (; i < session->cnt; i++) + for (size_t i = 0; i < session->cnt; i++) { if (strcmp(username, session->users[i].pw_name)==0) { *rcp = 0; @@ -182,17 +180,19 @@ NSLCD_HANDLE(PAM, AUTHZ { entry->authz_rc = NSLCD_PAM_PERM_DENIED; strcpy(entry->authz_msg, "LDAP authorisation check failed"); - return entry; + } else { + /* perform shadow attribute checks */ + entry->authz_rc = check_password_age(session, username, + entry->authz_msg, sizeof(entry->authz_msg), + 0, 0); } - /* perform shadow attribute checks */ - entry->authz_rc = check_password_age(session, username, entry->authz_msg, sizeof(entry->authz_msg), 0, 0); - + return entry; ,/* write response */ WRITE_INT32(fp, NSLCD_RESULT_BEGIN); WRITE_INT32( fp, entry->authz_rc); WRITE_STRING(fp, entry->authz_msg); - 0; + return 0; ,/* cleanup */ ) @@ -237,7 +237,7 @@ NSLCD_HANDLE(PAM, SESS_O ,/* write */ WRITE_INT32(fp, NSLCD_RESULT_BEGIN); WRITE_STRING(fp, sessionid); - 0; + return 0; ,/* cleanup */ ) @@ -273,6 +273,6 @@ NSLCD_HANDLE(PAM, SESS_C } ,/* write */ WRITE_INT32(fp, NSLCD_RESULT_BEGIN); - 0; + return 0; ,/* cleanup */ ) diff --git a/nslcd/db_passwd.c b/nslcd/db_passwd.c index 4bdc17f..af6dc4c 100644 --- a/nslcd/db_passwd.c +++ b/nslcd/db_passwd.c @@ -54,7 +54,6 @@ static int write_passwd(TFILE *fp, struct passwd *entry, uid_t calleruid) { - int32_t tmpint32; const char *passwd; /* if we are using shadow maps and this entry looks like it would return shadow information, make the passwd entry indicate it */ @@ -109,7 +108,7 @@ NSLCD_HANDLE_UID(PASSWD, BYNAME } return NULL; ,/* write */ - write_passwd(fp, entry, calleruid); + return write_passwd(fp, entry, calleruid); ,/* cleanup */ ) @@ -142,7 +141,7 @@ NSLCD_HANDLE_UID(PASSWD, BYUID } return NULL; ,/* write */ - write_passwd(fp, entry, calleruid); + return write_passwd(fp, entry, calleruid); ,/* cleanup */ ) @@ -164,6 +163,6 @@ NSLCD_HANDLE_UID(PASSWD, ALL } return NULL; ,/* write */ - write_passwd(fp, entry, calleruid); + return write_passwd(fp, entry, calleruid); ,/* cleanup */ ) diff --git a/nslcd/db_shadow.c b/nslcd/db_shadow.c index 06c4312..cfc7cb8 100644 --- a/nslcd/db_shadow.c +++ b/nslcd/db_shadow.c @@ -56,8 +56,6 @@ static void passwd2shadow(struct passwd *p, struct shadow *s) static int write_shadow(TFILE *fp, struct shadow *entry, uid_t calleruid) { - int32_t tmpint32; - if (calleruid == 0) { WRITE_INT32(fp, NSLCD_RESULT_BEGIN); @@ -103,7 +101,7 @@ NSLCD_HANDLE_UID(SHADOW, BYNAME } return NULL; ,/* write */ - write_shadow(fp, entry, calleruid); + return write_shadow(fp, entry, calleruid); ,/* cleanup */ ) @@ -126,6 +124,6 @@ NSLCD_HANDLE_UID(SHADOW, ALL } return NULL; ,/* write */ - write_shadow(fp, entry, calleruid); + return write_shadow(fp, entry, calleruid); ,/* cleanup */ ) diff --git a/nslcd/hackers_parse.c b/nslcd/hackers_parse.c index 0146197..bdcb6a5 100644 --- a/nslcd/hackers_parse.c +++ b/nslcd/hackers_parse.c @@ -143,7 +143,7 @@ load_user_yaml(const char *filename, struct passwd *user) { PASSWD_FREE(*user); - FILE *yaml_file; + FILE *yaml_file = NULL; yaml_parser_t yaml_parser; ZERO(yaml_parser); yaml_document_t yaml_document; ZERO(yaml_document); @@ -209,6 +209,7 @@ load_user_yaml(const char *filename, struct passwd *user) { end: yaml_document_delete(&yaml_document); yaml_parser_delete(&yaml_parser); - fclose(yaml_file); + if (yaml_file != NULL) + fclose(yaml_file); return ret; } diff --git a/nslcd/hackers_watch.c b/nslcd/hackers_watch.c index b6295a9..ee26e4d 100644 --- a/nslcd/hackers_watch.c +++ b/nslcd/hackers_watch.c @@ -139,7 +139,6 @@ worker_handle_del_yaml(struct session *sess, uid_t uid) { int hackers_worker(struct session *sess) { chdir(sess->yamldir); - struct inotify_event *event; for (INOTIFY_ITERATOR(sess->in_fd, event)) { if (event->wd == sess->in_wd_yaml) { /* handle updates to yaml files */ diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c index bc763eb..3c61bfb 100644 --- a/nslcd/nslcd.c +++ b/nslcd/nslcd.c @@ -210,7 +210,6 @@ static int get_socket() this function returns the read action in location pointer to by action */ static int read_header(TFILE *fp, int32_t *action) { - int32_t tmpint32; int32_t protocol; /* read the protocol version */ READ_INT32(fp, protocol); |