summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Shumaker <lukeshu@sbcglobal.net>2014-12-15 02:21:32 -0500
committerLuke Shumaker <lukeshu@sbcglobal.net>2014-12-15 02:21:32 -0500
commit7cf822201abf30c1603334e0b7e664050e2e38a2 (patch)
treec150f5d6991b09b1df57e2040367160aa4a56ef5
parenta299f2039f68b311e1b75b22fad63a8ddee9e286 (diff)
it builds!
-rw-r--r--nslcd/Makefile.am19
-rw-r--r--nslcd/cfg.h2
-rw-r--r--nslcd/common.h10
-rw-r--r--nslcd/db_pam.c25
-rw-r--r--nslcd/hackers.c42
-rw-r--r--nslcd/hackers.h27
-rw-r--r--nslcd/hackers_watch.c3
-rw-r--r--nslcd/hackers_watch.h17
-rw-r--r--nslcd/nslcd.c29
9 files changed, 117 insertions, 57 deletions
diff --git a/nslcd/Makefile.am b/nslcd/Makefile.am
index 0cdb313..acc7250 100644
--- a/nslcd/Makefile.am
+++ b/nslcd/Makefile.am
@@ -20,7 +20,7 @@
sbin_PROGRAMS = nslcd
-AM_CPPFLAGS=-I$(top_srcdir)
+AM_CPPFLAGS=-I$(top_srcdir) -D_XOPEN_SOURCE=500 # for pthread_rwlock
AM_CFLAGS = -std=c99 $(PTHREAD_CFLAGS) -Wall -Werror -Wextra -Wno-unused-parameter
nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \
@@ -31,10 +31,13 @@ nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \
dispatch.c dispatch.h \
cfg.c cfg.h \
nsswitch.c invalidator.c \
- db_config.c db_pam.c db_passwd.c db_shadow.c
+ db_config.c db_pam.c db_passwd.c db_shadow.c \
+ hackers.c hackers_watch.c hackers_parse.c \
+ hackers.h hackers_watch.h hackers_parse.h
nslcd_LDADD = ../common/libtio.a ../common/libdict.a \
- ../common/libexpr.a ../compat/libcompat.a \
- @nslcd_LIBS@ @PTHREAD_LIBS@
+ ../common/libexpr.a ../common/libinotify_helpers.a \
+ ../compat/libcompat.a \
+ -lcrypt -lyaml @nslcd_LIBS@ @PTHREAD_LIBS@
$(patsubst %.c,%.o,$(shell grep -lF common.h *.c)): dispatch.h
@@ -46,7 +49,7 @@ dispatch.c: $(filter db_%.c,$(nslcd_SOURCES)) $(filter-out .deps/%,$(MAKEFILE_LI
{ \
echo '#define NSLCD_HANDLE(db, fn) case NSLCD_ACTION_##db##_##fn: (void)nslcd_##db##_##fn(fp, session); break;' && \
echo '#define NSLCD_HANDLE_UID(db, fn) case NSLCD_ACTION_##db##_##fn: (void)nslcd_##db##_##fn(fp, session, uid); break;' && \
- echo 'void dispatch(TFILE *fp, int32_t action, MYLDAP_SESSION *session, uid_t uid) {' && \
+ echo 'void dispatch(TFILE *fp, int32_t action, struct session *session, uid_t uid) {' && \
echo ' switch (action) {' && \
sed -n 's/^NSLCD_HANDLE.*/ &)/p' $(filter %.c,$^) && \
echo ' default:' && \
@@ -58,8 +61,8 @@ dispatch.c: $(filter db_%.c,$(nslcd_SOURCES)) $(filter-out .deps/%,$(MAKEFILE_LI
dispatch.h: $(filter db_%.c,$(nslcd_SOURCES)) $(filter-out .deps/%,$(MAKEFILE_LIST))
{ \
- echo '#define NSLCD_HANDLE(db, fn) int nslcd_##db##_##fn(TFILE *fp, MYLDAP_SESSION *);' && \
- echo '#define NSLCD_HANDLE_UID(db, fn) int nslcd_##db##_##fn(TFILE *fp, MYLDAP_SESSION *, uid_t);' && \
- echo 'void dispatch(TFILE *fp, int32_t action, MYLDAP_SESSION *session, uid_t uid);' && \
+ echo '#define NSLCD_HANDLE(db, fn) int nslcd_##db##_##fn(TFILE *fp, struct session *);' && \
+ echo '#define NSLCD_HANDLE_UID(db, fn) int nslcd_##db##_##fn(TFILE *fp, struct session *, uid_t);' && \
+ echo 'void dispatch(TFILE *fp, int32_t action, struct session *session, uid_t uid);' && \
sed -n 's/^NSLCD_HANDLE.*/&)/p' $(filter %.c,$^); \
} | cpp | sed '/^#/d' > $@
diff --git a/nslcd/cfg.h b/nslcd/cfg.h
index 73f9139..b7b833c 100644
--- a/nslcd/cfg.h
+++ b/nslcd/cfg.h
@@ -53,7 +53,7 @@ struct nslcd_config {
int pagesize; /* set to a greater than 0 to enable handling of paged results with the specified size */
SET *nss_initgroups_ignoreusers; /* the users for which no initgroups() searches should be done */
- uid_t nss_min_uid; /* minimum uid for users retrieved from LDAP */
+ uid_t nss_min_uid; /* minimum uid for users retrieved */
int nss_nested_groups; /* whether to expand nested groups */
regex_t validnames; /* the regular expression to determine valid names */
char *validnames_str; /* string version of validnames regexp */
diff --git a/nslcd/common.h b/nslcd/common.h
index 5658fa7..558b978 100644
--- a/nslcd/common.h
+++ b/nslcd/common.h
@@ -37,12 +37,12 @@
#include "common/tio.h"
#include "compat/attrs.h"
#include "cfg.h"
-#include "hackers_watch.h"
+#include "hackers.h"
-#define NSS_MODULE_SONAME NSS_LDAP_SONAME
-#define NSS_MODULE_NAME "ldap"
-#define NSS_MODULE_ID_VERSION "_nss_ldap_version"
-#define NSS_MODULE_ID_ENABLELOOKUPS "_nss_ldap_enablelookups"
+#define NSS_MODULE_SONAME NSS_LDAP_SONAME
+#define NSS_MODULE_NAME "ldap"
+#define NSS_MODULE_SYM_VERSION "_nss_ldap_version"
+#define NSS_MODULE_SYM_ENABLELOOKUPS "_nss_ldap_enablelookups"
/* macros for basic read and write operations, the following
ERROR_OUT* marcos define the action taken on errors
diff --git a/nslcd/db_pam.c b/nslcd/db_pam.c
index 99edf40..e93a04d 100644
--- a/nslcd/db_pam.c
+++ b/nslcd/db_pam.c
@@ -32,6 +32,7 @@
#include <stdint.h>
#endif /* HAVE_STDINT_H */
#include <time.h>
+#include <stdbool.h>
#include "common.h"
#include "log.h"
@@ -62,7 +63,7 @@ static int check_password(const char *password, const char *hash)
static int check_password_age(struct session *session, const char *username,
char *authzmsg, size_t authzmsgsz,
- int check_maxdays, int check_mindays)
+ bool check_maxdays, bool check_mindays)
{
/* hackers.git doesn't use aging features */
return NSLCD_PAM_SUCCESS;
@@ -118,11 +119,13 @@ NSLCD_HANDLE_UID(PAM, AUTHC
? NSLCD_PAM_SUCCESS
: NSLCD_PAM_AUTH_ERR;
entry->authz_rc = entry->authc_rc;
- /*myldap_get_policy_response(session, &(entry->authz_rc), &(entry->authz_msg))*/
- /* perform shadow attribute checks */
- if (entry->authz_rc == NSLCD_PAM_SUCCESS)
- entry->authz_rc = check_password_age(session, username, entry->authz_msg, sizeof(entry->authz_msg), 1, 0);
+ if (entry->authz_rc == NSLCD_PAM_SUCCESS) {
+ /* perform shadow attribute checks */
+ entry->authz_rc = check_password_age(session, username,
+ entry->authz_msg, sizeof(entry->authz_msg),
+ true, false);
+ }
return entry;
,/* write */
@@ -172,19 +175,17 @@ NSLCD_HANDLE(PAM, AUTHZ
if (user == NULL)
return NULL;
- /* check authorisation search */
- /* TODO */
- /*int rc = LDAP_SUCCESS;
- if (rc != LDAP_SUCCESS)*/
+ /* Parabola doesn't have any weird reasons for authorization to
+ suddenly fail */
if (0)
{
entry->authz_rc = NSLCD_PAM_PERM_DENIED;
- strcpy(entry->authz_msg, "LDAP authorisation check failed");
+ strcpy(entry->authz_msg, "hackers.git authorization check failed");
} else {
/* perform shadow attribute checks */
entry->authz_rc = check_password_age(session, username,
- entry->authz_msg, sizeof(entry->authz_msg),
- 0, 0);
+ entry->authz_msg, sizeof(entry->authz_msg),
+ false, false);
}
return entry;
diff --git a/nslcd/hackers.c b/nslcd/hackers.c
new file mode 100644
index 0000000..57d4f97
--- /dev/null
+++ b/nslcd/hackers.c
@@ -0,0 +1,42 @@
+#include <stdbool.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <pthread.h>
+#include "hackers_watch.h"
+#include "log.h"
+
+void *hackers_session_worker(void *sess) {
+ hackers_worker(sess);
+ return NULL;
+}
+
+struct session *hackers_session_create(pthread_t *thread) {
+ struct session *session = malloc(sizeof(struct session));
+ if (session == NULL) {
+ log_log(LOG_CRIT, "hackers_session_create(): malloc() failed to allocate memory");
+ exit(EXIT_FAILURE);
+ }
+ if (pthread_create(thread, NULL, hackers_session_worker, (void*)session)) {
+ log_log(LOG_ERR, "unable to start hackers worker thread: %s",
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ return session;
+}
+
+void hackers_session_check(struct session *sess) {
+ /* do nothing */
+}
+
+void hackers_session_close(struct session *sess) {
+ /* do nothing */
+}
+
+void hackers_session_messup(struct session *sess) {
+ pthread_rwlock_rdlock(&(sess->lock));
+}
+
+void hackers_session_cleanup(struct session *sess) {
+ pthread_rwlock_unlock(&(sess->lock));
+}
diff --git a/nslcd/hackers.h b/nslcd/hackers.h
new file mode 100644
index 0000000..e784ec5
--- /dev/null
+++ b/nslcd/hackers.h
@@ -0,0 +1,27 @@
+#ifndef _HACKERS_H
+#define _HACKERS_H
+
+#include <pthread.h>
+#include <pwd.h>
+
+struct session {
+ pthread_rwlock_t lock;
+ size_t cnt;
+ struct passwd *users;
+ /* The following are only for writers */
+ char *yamldir;
+ int *in_user_wds;
+ int in_fd;
+ int in_wd_home;
+ int in_wd_yaml;
+};
+
+/*struct session *hackers_session_create(void);*/ /* create */
+struct session *hackers_session_create(pthread_t *);
+void hackers_session_check(struct session *); /* maintain */
+void hackers_session_close(struct session *); /* destroy */
+
+void hackers_session_messup(struct session *); /* before dispatch */
+void hackers_session_cleanup(struct session *); /* after dispatch */
+
+#endif
diff --git a/nslcd/hackers_watch.c b/nslcd/hackers_watch.c
index ee26e4d..31e7e3b 100644
--- a/nslcd/hackers_watch.c
+++ b/nslcd/hackers_watch.c
@@ -136,7 +136,7 @@ worker_handle_del_yaml(struct session *sess, uid_t uid) {
pthread_rwlock_unlock(&(sess->lock));
}
-int
+void
hackers_worker(struct session *sess) {
chdir(sess->yamldir);
for (INOTIFY_ITERATOR(sess->in_fd, event)) {
@@ -183,5 +183,4 @@ hackers_worker(struct session *sess) {
}
}
}
- return -1;
}
diff --git a/nslcd/hackers_watch.h b/nslcd/hackers_watch.h
index 09ff036..dd2f372 100644
--- a/nslcd/hackers_watch.h
+++ b/nslcd/hackers_watch.h
@@ -1,22 +1,9 @@
#ifndef _HACKERS_WATCH_H
#define _HACKERS_WATCH_H
-#include <pthread.h>
-#include <pwd.h>
-
-struct session {
- pthread_rwlock_t lock;
- size_t cnt;
- struct passwd *users;
- /* The following are only for writers */
- char *yamldir;
- int *in_user_wds;
- int in_fd;
- int in_wd_home;
- int in_wd_yaml;
-};
+#include "hackers.h"
int hackers_init(const char *yamldir, struct session *session);
-int hackers_worker(struct session *session);
+void hackers_worker(struct session *session);
#endif
diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c
index 62d67d5..77df86c 100644
--- a/nslcd/nslcd.c
+++ b/nslcd/nslcd.c
@@ -255,9 +255,10 @@ static void handleconnection(int sock, struct session *session)
return;
}
/* handle request */
+ hackers_session_messup(session);
dispatch(fp, action, session, uid);
- /* we're done with the request */
- myldap_session_cleanup(session);
+ hackers_session_cleanup(session);
+
(void)tio_close(fp);
return;
}
@@ -281,26 +282,26 @@ static void install_sighandler(int signum, void (*handler) (int))
static void worker_cleanup(void *arg)
{
struct session *session = (struct session *)arg;
- myldap_session_close(session);
+ hackers_session_close(session);
}
-static void *worker(void UNUSED(*arg))
+static void *worker(void *_sess)
{
- struct session *session;
+ struct session *session = _sess;
int csock;
int j;
struct sockaddr_storage addr;
socklen_t alen;
fd_set fds;
- /* create a new LDAP session */
- session = myldap_create_session();
+ /* create a new session */
+ /*session = hackers_session_create();*/
/* clean up the session if we're done */
pthread_cleanup_push(worker_cleanup, session);
/* start waiting for incoming connections */
while (1)
{
- /* time out connection to LDAP server if needed */
- myldap_session_check(session);
+ /* perform any maintenance on the session */
+ hackers_session_check(session);
/* set up the set of fds to wait on */
FD_ZERO(&fds);
FD_SET(nslcd_serversocket, &fds);
@@ -377,7 +378,7 @@ static void disable_nss_module(void)
/* clear any existing errors */
dlerror();
/* lookup the NSS version if possible */
- version_info = (char **)dlsym(handle, NSS_MODULE_ID_VERSION);
+ version_info = (char **)dlsym(handle, NSS_MODULE_SYM_VERSION);
error = dlerror();
if ((version_info != NULL) && (error == NULL))
log_log(LOG_DEBUG, "NSS " NSS_MODULE_NAME " %s %s", version_info[0], version_info[1]);
@@ -386,7 +387,7 @@ static void disable_nss_module(void)
/* clear any existing errors */
dlerror();
/* try to look up the flag */
- enable_flag = (int *)dlsym(handle, NSS_MODULE_ID_ENABLELOOKUPS);
+ enable_flag = (int *)dlsym(handle, NSS_MODULE_SYM_ENABLELOOKUPS);
error = dlerror();
if ((enable_flag == NULL) || (error != NULL))
{
@@ -465,9 +466,10 @@ int main(int argc, char *argv[])
log_log(LOG_CRIT, "main(): malloc() failed to allocate memory");
exit(EXIT_FAILURE);
}
- for (i = 0; i < nslcd_cfg->threads; i++)
+ struct session *session = hackers_session_create(&nslcd_threads[0]);
+ for (i = 1; i < nslcd_cfg->threads; i++)
{
- if (pthread_create(&nslcd_threads[i], NULL, worker, NULL))
+ if (pthread_create(&nslcd_threads[i], NULL, worker, (void*)session))
{
log_log(LOG_ERR, "unable to start worker thread %d: %s",
i, strerror(errno));
@@ -493,7 +495,6 @@ int main(int argc, char *argv[])
{
log_log(LOG_INFO, "caught signal %s (%d), refresh retries",
signame(nslcd_receivedsignal), nslcd_receivedsignal);
- myldap_immediate_reconnect();
nslcd_receivedsignal = 0;
}
}