1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
|
/* $OpenBSD: ypldap.h,v 1.8 2009/01/06 21:52:55 jasper Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#define YPLDAP_USER "_ypldap"
#define YPLDAP_CONF_FILE "/etc/ypldap.conf"
#define DEFAULT_INTERVAL 600
#define LINE_WIDTH 1024
#define FILTER_WIDTH 128
#define ATTR_WIDTH 32
#define MAX_SERVERS_DNS 8
/* buffer */
struct buf {
TAILQ_ENTRY(buf) entry;
u_char *buf;
size_t size;
size_t max;
size_t wpos;
size_t rpos;
int fd;
};
struct msgbuf {
TAILQ_HEAD(, buf) bufs;
u_int32_t queued;
int fd;
};
#define IMSG_HEADER_SIZE sizeof(struct imsg_hdr)
#define MAX_IMSGSIZE 8192
struct buf_read {
u_char buf[MAX_IMSGSIZE];
u_char *rptr;
size_t wpos;
};
struct imsg_fd {
TAILQ_ENTRY(imsg_fd) entry;
int fd;
};
struct imsgbuf {
TAILQ_HEAD(, imsg_fd) fds;
struct buf_read r;
struct msgbuf w;
struct event ev;
void (*handler)(int, short, void *);
int fd;
pid_t pid;
short events;
void *data;
};
enum imsg_type {
IMSG_NONE,
IMSG_CONF_START,
IMSG_CONF_IDM,
IMSG_CONF_END,
IMSG_START_UPDATE,
IMSG_END_UPDATE,
IMSG_TRASH_UPDATE,
IMSG_PW_ENTRY,
IMSG_GRP_ENTRY,
IMSG_HOST_DNS
};
struct ypldap_addr {
struct ypldap_addr *next;
struct sockaddr_storage ss;
};
struct imsg_hdr {
u_int16_t type;
u_int16_t len;
u_int32_t peerid;
pid_t pid;
};
struct imsg {
struct imsg_hdr hdr;
void *data;
};
enum {
PROC_MAIN,
PROC_CLIENT
} ypldap_process;
struct userent {
RB_ENTRY(userent) ue_name_node;
RB_ENTRY(userent) ue_uid_node;
uid_t ue_uid;
char *ue_line;
};
struct groupent {
RB_ENTRY(groupent) ge_name_node;
RB_ENTRY(groupent) ge_gid_node;
gid_t ge_gid;
char *ge_line;
};
enum client_state {
STATE_NONE,
STATE_DNS_INPROGRESS,
STATE_DNS_TEMPFAIL,
STATE_DNS_DONE,
STATE_LDAP_FAIL,
STATE_LDAP_DONE
};
/*
* beck, djm, dlg: pay attention to the struct name
*/
struct idm {
TAILQ_ENTRY(idm) idm_entry;
u_int32_t idm_id;
char idm_name[MAXHOSTNAMELEN];
#define F_SSL 0x00100000
#define F_CONFIGURING 0x00200000
#define F_NEEDAUTH 0x00400000
#define F_FIXED_ATTR(n) (1<<n)
#define F_LIST(n) (1<<n)
enum client_state idm_state;
u_int32_t idm_flags; /* lower 20 reserved */
u_int32_t idm_list;
struct ypldap_addr *idm_addr;
in_port_t idm_port;
char idm_binddn[LINE_WIDTH];
char idm_bindcred[LINE_WIDTH];
char idm_basedn[LINE_WIDTH];
#define FILTER_USER 1
#define FILTER_GROUP 0
char idm_filters[2][FILTER_WIDTH];
#define ATTR_NAME 0
#define ATTR_PASSWD 1
#define ATTR_UID 2
#define ATTR_GID 3
#define ATTR_CLASS 4
#define ATTR_CHANGE 5
#define ATTR_EXPIRE 6
#define ATTR_GECOS 7
#define ATTR_DIR 8
#define ATTR_SHELL 9
#define ATTR_GR_NAME 10
#define ATTR_GR_PASSWD 11
#define ATTR_GR_GID 12
#define ATTR_GR_MEMBERS 13
#define ATTR_MAX 10
#define ATTR_GR_MIN 10
#define ATTR_GR_MAX 14
char idm_attrs[14][ATTR_WIDTH];
struct env *idm_env;
struct event idm_ev;
#ifdef SSL
struct ssl *idm_ssl;
#endif
};
struct idm_req {
union {
uid_t ik_uid;
uid_t ik_gid;
} ir_key;
char ir_line[LINE_WIDTH];
};
struct env {
#define YPLDAP_OPT_VERBOSE 0x01
#define YPLDAP_OPT_NOACTION 0x02
u_int8_t sc_opts;
#define YPMAP_PASSWD_BYNAME 0x00000001
#define YPMAP_PASSWD_BYUID 0x00000002
#define YPMAP_MASTER_PASSWD_BYNAME 0x00000004
#define YPMAP_MASTER_PASSWD_BYUID 0x00000008
#define YPMAP_GROUP_BYNAME 0x00000010
#define YPMAP_GROUP_BYGID 0x00000020
u_int32_t sc_flags;
u_int32_t sc_maxid;
char sc_domainname[MAXHOSTNAMELEN];
struct timeval sc_conf_tv;
struct event sc_conf_ev;
TAILQ_HEAD(idm_list, idm) sc_idms;
struct imsgbuf *sc_ibuf;
struct imsgbuf *sc_ibuf_dns;
RB_HEAD(user_name_tree,userent) *sc_user_names;
RB_HEAD(user_uid_tree,userent) sc_user_uids;
RB_HEAD(group_name_tree,groupent)*sc_group_names;
RB_HEAD(group_gid_tree,groupent) sc_group_gids;
struct user_name_tree *sc_user_names_t;
struct group_name_tree *sc_group_names_t;
size_t sc_user_line_len;
size_t sc_group_line_len;
char *sc_user_lines;
char *sc_group_lines;
struct yp_data *sc_yp;
};
/* buffer.c */
struct buf *buf_open(size_t);
struct buf *buf_dynamic(size_t, size_t);
int buf_add(struct buf *, void *, size_t);
void *buf_reserve(struct buf *, size_t);
int buf_close(struct msgbuf *, struct buf *);
void buf_free(struct buf *);
void msgbuf_init(struct msgbuf *);
void msgbuf_clear(struct msgbuf *);
int msgbuf_write(struct msgbuf *);
/* imsg.c */
void imsg_init(struct imsgbuf *, int, void (*)(int, short, void *));
ssize_t imsg_read(struct imsgbuf *);
ssize_t imsg_get(struct imsgbuf *, struct imsg *);
int imsg_compose(struct imsgbuf *, enum imsg_type, u_int32_t, pid_t,
void *, u_int16_t);
struct buf *imsg_create(struct imsgbuf *, enum imsg_type, u_int32_t, pid_t,
u_int16_t);
int imsg_add(struct buf *, void *, u_int16_t);
int imsg_close(struct imsgbuf *, struct buf *);
void imsg_free(struct imsg *);
void imsg_event_add(struct imsgbuf *); /* needs to be provided externally */
void imsg_clear(struct imsgbuf *);
/* log.c */
void log_init(int);
void log_warn(const char *, ...);
void log_warnx(const char *, ...);
void log_info(const char *, ...);
void log_debug(const char *, ...);
__dead void fatal(const char *);
__dead void fatalx(const char *);
/* parse.y */
int parse_config(struct env *, const char *, int);
int cmdline_symset(char *);
/* listener.c */
void listener_setup(struct env *);
void listener_init(struct env *);
/* ldapclient.c */
pid_t ldapclient(int []);
/* ypldap.c */
void purge_config(struct env *);
/* entries.c */
void flatten_entries(struct env *);
int userent_name_cmp(struct userent *, struct userent *);
int userent_uid_cmp(struct userent *, struct userent *);
int groupent_name_cmp(struct groupent *, struct groupent *);
int groupent_gid_cmp(struct groupent *, struct groupent *);
RB_PROTOTYPE( user_name_tree, userent, ue_name_node, userent_name_cmp);
RB_PROTOTYPE( user_uid_tree, userent, ue_uid_node, userent_uid_cmp);
RB_PROTOTYPE( group_name_tree, groupent, ge_name_node, groupent_name_cmp);
RB_PROTOTYPE( group_gid_tree, groupent, ge_gid_node, groupent_gid_cmp);
/* yp.c */
void yp_init(struct env *);
void yp_enable_events(void);
/* ypldap_dns.c */
pid_t ypldap_dns(int[2], struct passwd *);
|