nss_status_t nss_ldap_destructor(nss_backend_t *be, void UNUSED(*args))
{
struct nss_ldap_backend *ldapbe = (struct nss_ldap_backend *)be;
if (ldapbe->fp != NULL)
(void)tio_close(ldapbe->fp);
free(ldapbe);
return NSS_STATUS_SUCCESS;
}
/* this is a wrapper around read_hostent() that does error handling
if the read address list does not contain any addresses for the
specified address familiy */
static nss_status_t read_hostent_erronempty(
TFILE *fp,int af,struct hostent *result,
char *buffer,size_t buflen,int *errnop,int *h_errnop)
{
nss_status_t retv;
retv=read_hostent(fp,af,result,buffer,buflen,errnop,h_errnop);
/* check result */
if (retv!=NSS_STATUS_SUCCESS)
return retv;
/* check empty address list
(note that we cannot do this in the read_hostent() function as closing
the socket there will cause problems with the {set,get,end}ent() functions
below)
*/
if (result->h_addr_list[0]==NULL)
{
*errnop=ENOENT;
*h_errnop=NO_ADDRESS;
(void)tio_close(fp);
return NSS_STATUS_NOTFOUND;
}
return NSS_STATUS_SUCCESS;
}
/* read a request message, returns <0 in case of errors,
this function closes the socket */
static void handleconnection(int sock, MYLDAP_SESSION *session)
{
TFILE *fp;
int32_t action;
uid_t uid = (uid_t)-1;
gid_t gid = (gid_t)-1;
pid_t pid = (pid_t)-1;
/* log connection */
if (getpeercred(sock, &uid, &gid, &pid))
log_log(LOG_DEBUG, "connection from unknown client: %s", strerror(errno));
else
log_log(LOG_DEBUG, "connection from pid=%d uid=%d gid=%d",
(int)pid, (int)uid, (int)gid);
/* create a stream object */
if ((fp = tio_fdopen(sock, READ_TIMEOUT, WRITE_TIMEOUT,
READBUFFER_MINSIZE, READBUFFER_MAXSIZE,
WRITEBUFFER_MINSIZE, WRITEBUFFER_MAXSIZE)) == NULL)
{
log_log(LOG_WARNING, "cannot create stream for writing: %s",
strerror(errno));
(void)close(sock);
return;
}
/* read request */
if (read_header(fp, &action))
{
(void)tio_close(fp);
return;
}
/* handle request */
switch (action)
{
case NSLCD_ACTION_CONFIG_GET: (void)nslcd_config_get(fp, session); break;
case NSLCD_ACTION_ALIAS_BYNAME: (void)nslcd_alias_byname(fp, session); break;
case NSLCD_ACTION_ALIAS_ALL: (void)nslcd_alias_all(fp, session); break;
case NSLCD_ACTION_ETHER_BYNAME: (void)nslcd_ether_byname(fp, session); break;
case NSLCD_ACTION_ETHER_BYETHER: (void)nslcd_ether_byether(fp, session); break;
case NSLCD_ACTION_ETHER_ALL: (void)nslcd_ether_all(fp, session); break;
case NSLCD_ACTION_GROUP_BYNAME: (void)nslcd_group_byname(fp, session); break;
case NSLCD_ACTION_GROUP_BYGID: (void)nslcd_group_bygid(fp, session); break;
case NSLCD_ACTION_GROUP_BYMEMBER: (void)nslcd_group_bymember(fp, session); break;
case NSLCD_ACTION_GROUP_ALL: (void)nslcd_group_all(fp, session); break;
case NSLCD_ACTION_HOST_BYNAME: (void)nslcd_host_byname(fp, session); break;
case NSLCD_ACTION_HOST_BYADDR: (void)nslcd_host_byaddr(fp, session); break;
case NSLCD_ACTION_HOST_ALL: (void)nslcd_host_all(fp, session); break;
case NSLCD_ACTION_NETGROUP_BYNAME: (void)nslcd_netgroup_byname(fp, session); break;
case NSLCD_ACTION_NETGROUP_ALL: (void)nslcd_netgroup_all(fp, session); break;
case NSLCD_ACTION_NETWORK_BYNAME: (void)nslcd_network_byname(fp, session); break;
case NSLCD_ACTION_NETWORK_BYADDR: (void)nslcd_network_byaddr(fp, session); break;
case NSLCD_ACTION_NETWORK_ALL: (void)nslcd_network_all(fp, session); break;
case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp, session, uid); break;
case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp, session, uid); break;
case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp, session, uid); break;
case NSLCD_ACTION_PROTOCOL_BYNAME: (void)nslcd_protocol_byname(fp, session); break;
case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp, session); break;
case NSLCD_ACTION_PROTOCOL_ALL: (void)nslcd_protocol_all(fp, session); break;
case NSLCD_ACTION_RPC_BYNAME: (void)nslcd_rpc_byname(fp, session); break;
case NSLCD_ACTION_RPC_BYNUMBER: (void)nslcd_rpc_bynumber(fp, session); break;
case NSLCD_ACTION_RPC_ALL: (void)nslcd_rpc_all(fp, session); break;
case NSLCD_ACTION_SERVICE_BYNAME: (void)nslcd_service_byname(fp, session); break;
case NSLCD_ACTION_SERVICE_BYNUMBER: (void)nslcd_service_bynumber(fp, session); break;
case NSLCD_ACTION_SERVICE_ALL: (void)nslcd_service_all(fp, session); break;
case NSLCD_ACTION_SHADOW_BYNAME: (void)nslcd_shadow_byname(fp, session, uid); break;
case NSLCD_ACTION_SHADOW_ALL: (void)nslcd_shadow_all(fp, session, uid); break;
case NSLCD_ACTION_PAM_AUTHC: (void)nslcd_pam_authc(fp, session, uid); break;
case NSLCD_ACTION_PAM_AUTHZ: (void)nslcd_pam_authz(fp, session); break;
case NSLCD_ACTION_PAM_SESS_O: (void)nslcd_pam_sess_o(fp, session); break;
case NSLCD_ACTION_PAM_SESS_C: (void)nslcd_pam_sess_c(fp, session); break;
case NSLCD_ACTION_PAM_PWMOD: (void)nslcd_pam_pwmod(fp, session, uid); break;
case NSLCD_ACTION_USERMOD: (void)nslcd_usermod(fp, session, uid); break;
default:
log_log(LOG_WARNING, "invalid request id: 0x%08x", (unsigned int)action);
break;
}
/* we're done with the request */
myldap_session_cleanup(session);
(void)tio_close(fp);
return;
}
/* read a request message, returns <0 in case of errors,
this function closes the socket */
static void handleconnection(nssov_info *ni,int sock,Operation *op)
{
TFILE *fp;
int32_t action;
struct timeval readtimeout,writetimeout;
uid_t uid;
gid_t gid;
char authid[sizeof("gidNumber=4294967295+uidNumber=424967295,cn=peercred,cn=external,cn=auth")];
/* log connection */
if (lutil_getpeereid(sock,&uid,&gid))
Debug( LDAP_DEBUG_TRACE,"nssov: connection from unknown client: %s\n",strerror(errno),0,0);
else
Debug( LDAP_DEBUG_TRACE,"nssov: connection from uid=%d gid=%d\n",
(int)uid,(int)gid,0);
/* Should do authid mapping too */
op->o_dn.bv_len = sprintf(authid,"gidNumber=%d+uidNumber=%d,cn=peercred,cn=external,cn=auth",
(int)uid, (int)gid );
op->o_dn.bv_val = authid;
op->o_ndn = op->o_dn;
/* set the timeouts */
readtimeout.tv_sec=0; /* clients should send their request quickly */
readtimeout.tv_usec=500000;
writetimeout.tv_sec=5; /* clients could be taking some time to process the results */
writetimeout.tv_usec=0;
/* create a stream object */
if ((fp=tio_fdopen(sock,&readtimeout,&writetimeout,
READBUFFER_MINSIZE,READBUFFER_MAXSIZE,
WRITEBUFFER_MINSIZE,WRITEBUFFER_MAXSIZE))==NULL)
{
Debug( LDAP_DEBUG_ANY,"nssov: cannot create stream for writing: %s",strerror(errno),0,0);
(void)close(sock);
return;
}
/* read request */
if (read_header(fp,&action))
{
(void)tio_close(fp);
return;
}
/* handle request */
switch (action)
{
case NSLCD_ACTION_ALIAS_BYNAME: (void)nssov_alias_byname(ni,fp,op); break;
case NSLCD_ACTION_ALIAS_ALL: (void)nssov_alias_all(ni,fp,op); break;
case NSLCD_ACTION_ETHER_BYNAME: (void)nssov_ether_byname(ni,fp,op); break;
case NSLCD_ACTION_ETHER_BYETHER: (void)nssov_ether_byether(ni,fp,op); break;
case NSLCD_ACTION_ETHER_ALL: (void)nssov_ether_all(ni,fp,op); break;
case NSLCD_ACTION_GROUP_BYNAME: (void)nssov_group_byname(ni,fp,op); break;
case NSLCD_ACTION_GROUP_BYGID: (void)nssov_group_bygid(ni,fp,op); break;
case NSLCD_ACTION_GROUP_BYMEMBER: (void)nssov_group_bymember(ni,fp,op); break;
case NSLCD_ACTION_GROUP_ALL: (void)nssov_group_all(ni,fp,op); break;
case NSLCD_ACTION_HOST_BYNAME: (void)nssov_host_byname(ni,fp,op); break;
case NSLCD_ACTION_HOST_BYADDR: (void)nssov_host_byaddr(ni,fp,op); break;
case NSLCD_ACTION_HOST_ALL: (void)nssov_host_all(ni,fp,op); break;
case NSLCD_ACTION_NETGROUP_BYNAME: (void)nssov_netgroup_byname(ni,fp,op); break;
case NSLCD_ACTION_NETWORK_BYNAME: (void)nssov_network_byname(ni,fp,op); break;
case NSLCD_ACTION_NETWORK_BYADDR: (void)nssov_network_byaddr(ni,fp,op); break;
case NSLCD_ACTION_NETWORK_ALL: (void)nssov_network_all(ni,fp,op); break;
case NSLCD_ACTION_PASSWD_BYNAME: (void)nssov_passwd_byname(ni,fp,op); break;
case NSLCD_ACTION_PASSWD_BYUID: (void)nssov_passwd_byuid(ni,fp,op); break;
case NSLCD_ACTION_PASSWD_ALL: (void)nssov_passwd_all(ni,fp,op); break;
case NSLCD_ACTION_PROTOCOL_BYNAME: (void)nssov_protocol_byname(ni,fp,op); break;
case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nssov_protocol_bynumber(ni,fp,op); break;
case NSLCD_ACTION_PROTOCOL_ALL: (void)nssov_protocol_all(ni,fp,op); break;
case NSLCD_ACTION_RPC_BYNAME: (void)nssov_rpc_byname(ni,fp,op); break;
case NSLCD_ACTION_RPC_BYNUMBER: (void)nssov_rpc_bynumber(ni,fp,op); break;
case NSLCD_ACTION_RPC_ALL: (void)nssov_rpc_all(ni,fp,op); break;
case NSLCD_ACTION_SERVICE_BYNAME: (void)nssov_service_byname(ni,fp,op); break;
case NSLCD_ACTION_SERVICE_BYNUMBER: (void)nssov_service_bynumber(ni,fp,op); break;
case NSLCD_ACTION_SERVICE_ALL: (void)nssov_service_all(ni,fp,op); break;
case NSLCD_ACTION_SHADOW_BYNAME: if (uid==0) (void)nssov_shadow_byname(ni,fp,op); break;
case NSLCD_ACTION_SHADOW_ALL: if (uid==0) (void)nssov_shadow_all(ni,fp,op); break;
case NSLCD_ACTION_PAM_AUTHC: (void)pam_authc(ni,fp,op); break;
case NSLCD_ACTION_PAM_AUTHZ: (void)pam_authz(ni,fp,op); break;
case NSLCD_ACTION_PAM_SESS_O: if (uid==0) (void)pam_sess_o(ni,fp,op); break;
case NSLCD_ACTION_PAM_SESS_C: if (uid==0) (void)pam_sess_c(ni,fp,op); break;
case NSLCD_ACTION_PAM_PWMOD: (void)pam_pwmod(ni,fp,op); break;
default:
Debug( LDAP_DEBUG_ANY,"nssov: invalid request id: %d",(int)action,0,0);
break;
}
/* we're done with the request */
(void)tio_close(fp);
return;
}
