[PC-BSD Commits] r18080 - pcbsd/current/src-sh/pc-adctl/ldap

svn at pcbsd.org svn at pcbsd.org
Wed Aug 1 15:35:42 PDT 2012


Author: johnh
Date: 2012-08-01 22:35:42 +0000 (Wed, 01 Aug 2012)
New Revision: 18080

Modified:
   pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y
   pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c
   pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h
Log:
all options are now supported, forward to adding add/modify/remove
logic.



Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y	2012-08-01 19:41:12 UTC (rev 18079)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y	2012-08-01 22:35:42 UTC (rev 18080)
@@ -17,7 +17,7 @@
 static	void add_deref(unsigned long);
 static	void add_referrals(unsigned long);
 
-static	void add_sasl_secprops_property(unsigned long, unsigned long);
+static	void sasl_secprops_parse(const char *);
 
 static	void add_gssapi_sign(unsigned long);
 static	void add_gssapi_encrypt(unsigned long);
@@ -133,7 +133,7 @@
 	options |
 	sasl_options |
 	gssapi_options |
-	tls_options
+	tls_options 
 
 options:
 	uri |
@@ -392,25 +392,11 @@
 		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
 	}
 
-sasl_secprops_property:
-	NONE 						{ add_sasl_secprops_property(NONE, -1); } |
-	NOPLAIN 					{ add_sasl_secprops_property(NOPLAIN, -1); } |
-	NOACTIVE 					{ add_sasl_secprops_property(NOACTIVE, -1); } |
-	NODICT 						{ add_sasl_secprops_property(NODICT, -1); } |
-	NOANONYMOUS 				{ add_sasl_secprops_property(NOANONYMOUS, -1); } |
-	FORWARDSEC 					{ add_sasl_secprops_property(FORWARDSEC, -1); } |
-	PASSCRED 					{ add_sasl_secprops_property(PASSCRED, -1); } |
-	MINSSF EQUAL INTEGER 		{ add_sasl_secprops_property(MINSSF, $3); } |
-	MAXSSF EQUAL INTEGER 		{ add_sasl_secprops_property(MAXSSF, $3); } |
-	MAXBUFSIZE EQUAL INTEGER	{ add_sasl_secprops_property(MAXBUFSIZE, $3); }
-
-
-sasl_secprops_properties:
-	sasl_secprops_properties COMMA sasl_secprops_property |
-	sasl_secprops_property
-
 sasl_secprops:
-	SASL_SECPROPS sasl_secprops_properties
+	SASL_SECPROPS WORD
+	{
+		sasl_secprops_parse($2);
+	}
 
 gssapi_sign:
 	GSSAPI_SIGN ON		{ add_gssapi_sign(ON);		} |
@@ -550,8 +536,15 @@
 	SPACE
 
 empty:
-	EMPTY
+	EMPTY {
+		struct ldap_entry *le = xalloc(sizeof(*le));
 
+		le->type = LDAP_ENTRY_NULL;
+		le->entry = NULL;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 newline:
 	NEWLINE {
 		lineno++;
@@ -559,7 +552,18 @@
 
 comment:
 	COMMENT
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct ldap_comment *lc = xalloc(sizeof(*lc));
 
+		lc->text = xstrdup($1);
+
+		le->type = LDAP_ENTRY_COMMENT;
+		le->entry = lc;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 %%
 
 unsigned int lineno = 0;
@@ -597,14 +601,10 @@
 }
 
 static void
-add_sasl_secprops_property(unsigned long property, unsigned long factor)
+sasl_secprops_parse(const char *word)
 {
-	struct sasl_secprops *ss = xalloc(sizeof(*ss));
+	char *ptr, *str, *tmp, *save;
 
-	ss->property = property;
-	if (factor > -1)
-		ss->factor = factor;
-
 	if (lsl == NULL) {
 		struct ldap_entry *le = xalloc(sizeof(*le));
 
@@ -615,11 +615,29 @@
 		le->entry = lsl;
 
 		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
-		TAILQ_INSERT_TAIL(lsl, ss, entries);
+	}
 
-	} else {
+	ptr = xstrdup(word);
+	save = ptr;
+
+	while ((tmp = strsep(&ptr, ",")) != NULL) {
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct sasl_secprops *ss = xalloc(sizeof(*ss));
+
+		str = strsep(&tmp, "=");
+		ss->properties = str2properties(str, NONE);
+		ss->factor = -1;
+
+		if (tmp != NULL)
+			ss->factor = strtol(tmp, 0, 10);
+
+		le->type = SASL_SECPROPS;
+		le->entry = ss;
+
 		TAILQ_INSERT_TAIL(lsl, ss, entries);
 	}
+
+	xfree(&save);
 }
 
 static void
@@ -636,7 +654,6 @@
 	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
 }
 
-
 static void
 add_gssapi_encrypt(unsigned long option)
 {
@@ -692,7 +709,7 @@
 
 	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
 }
-	
+
 void
 yyerror(const char *str)
 {

Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c	2012-08-01 19:41:12 UTC (rev 18079)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c	2012-08-01 22:35:42 UTC (rev 18080)
@@ -243,7 +243,7 @@
 	}
 }
 
-static const char *
+const char *
 deref2str(unsigned long deref, const char *def)
 {
 	const char *str = def;
@@ -269,7 +269,31 @@
 	return (str);
 }
 
-static const char *
+unsigned long
+str2deref(const char *str, unsigned long def)
+{
+	unsigned long deref = def;
+
+	if (str == NULL || str[0] == 0)
+		return (def);
+
+	if (strcasecmp(str, "never") == 0) {
+		deref = NEVER;
+
+	} else if (strcasecmp(str, "searching") == 0) {
+		deref = SEARCHING;
+
+	} else if (strcasecmp(str, "finding") == 0) {
+		deref = FINDING;
+
+	} else if (strcasecmp(str, "always") == 0) {
+		deref = ALWAYS;
+	}
+
+	return (deref);
+}
+
+const char *
 bool2str(unsigned long b, const char *def)
 {
 	const char *str = def;
@@ -303,7 +327,38 @@
 	return (str);
 }
 
-static const char *
+unsigned long
+str2bool(const char *str, unsigned long def)
+{
+	unsigned long b = def;
+
+	if (str == NULL || str[0] == 0)
+		return (def);
+
+	if (strcasecmp(str, "on") == 0) {
+		b = ON;
+
+	} else if (strcasecmp(str, "true") == 0) {
+		b = TRUE;
+
+	} else if (strcasecmp(str, "yes") == 0) {
+		b = YES;
+
+	} else if (strcasecmp(str, "off") == 0) {
+		b = OFF;
+
+	} else if (strcasecmp(str, "false") == 0) {
+		b = FALSE;
+
+	} else if (strcasecmp(str, "no") == 0) {
+		b = NO;
+	}
+
+	return (b);
+}
+
+
+const char *
 level2str(unsigned long level, const char *def)
 {
 	const char *str = def;
@@ -346,6 +401,135 @@
 	return (str);
 }
 
+unsigned long
+str2level(const char *str, unsigned long def)
+{
+	unsigned long level = def;
+
+	if (str == NULL || str[0] == 0)
+		return (def);
+
+	if (strcasecmp(str, "never") == 0) {
+		level = NEVER;
+
+	} else if (strcasecmp(str, "allow") == 0) {
+		level = ALLOW;
+
+	} else if (strcasecmp(str, "try") == 0) {
+		level = TRY;
+
+	} else if (strcasecmp(str, "demand") == 0) {
+		level = DEMAND;
+
+	} else if (strcasecmp(str, "hard") == 0) {
+		level = HARD;
+
+	} else if (strcasecmp(str, "none") == 0) {
+		level = NONE;
+
+	} else if (strcasecmp(str, "peer") == 0) {
+		level = PEER;
+
+	} else if (strcasecmp(str, "all") == 0) {
+		level = ALL;
+	}
+
+	return (level);
+}
+
+const char *
+properties2str(unsigned long properties, const char *def)
+{
+	const char *str = def;
+
+	switch (properties) {
+		case NONE:
+			str = "none";
+			break;
+
+		case NOPLAIN:
+			str = "noplain";
+			break;
+
+		case NOACTIVE:
+			str = "noactive";
+			break;
+
+		case NODICT:
+			str = "nodict";
+			break;
+
+		case NOANONYMOUS:
+			str = "noanonymous";
+			break;
+
+		case FORWARDSEC:
+			str = "forwardsec";
+			break;
+
+		case PASSCRED:
+			str = "passcred";
+			break;
+
+		case MINSSF:
+			str = "minssf";
+			break;
+
+		case MAXSSF:
+			str = "maxssf";
+			break;
+
+		case MAXBUFSIZE:
+			str = "maxbufsize";
+			break;
+	}
+
+	return (str);
+}
+
+unsigned long
+str2properties(const char *str, unsigned long def)
+{
+	unsigned long properties = def;
+
+	if (str == NULL || str[0] == 0)
+		return (def);
+
+	if (strcasecmp(str, "none") == 0) {
+		properties = NONE;
+
+	} else if (strcasecmp(str, "noplain") == 0) {
+		properties = NOPLAIN;
+
+	} else if (strcasecmp(str, "noactive") == 0) {
+		properties = NOACTIVE;
+
+	} else if (strcasecmp(str, "nodict") == 0) {
+		properties = NODICT;
+
+	} else if (strcasecmp(str, "noanonymous") == 0) {
+		properties = NOANONYMOUS;
+
+	} else if (strcasecmp(str, "forwardsec") == 0) {
+		properties = FORWARDSEC;
+
+	} else if (strcasecmp(str, "passcred") == 0) {
+		properties = PASSCRED;
+
+	} else if (strcasecmp(str, "minssf") == 0) {
+		properties = MINSSF;
+
+	} else if (strcasecmp(str, "maxssf") == 0) {
+		properties = MAXSSF;
+
+	} else if (strcasecmp(str, "maxbufsize") == 0) {
+		properties = MAXBUFSIZE;
+	}
+
+	return (properties);
+}
+
+
 static int
 write_ldap_conf(void)
 {
@@ -355,6 +539,7 @@
 	TAILQ_FOREACH(le, &ldapconf, entries) {
 		switch (le->type) {
 			case LDAP_ENTRY_NULL:
+				fprintf(yyout, "\n");
 				break;
 
 			case LDAP_ENTRY_URI_LIST: {
@@ -363,7 +548,7 @@
 
 				fprintf(yyout, "URI");
 				TAILQ_FOREACH(lu, lul, entries) {
-					fprintf(yyout, " %s", lu->uri);
+					fprintf(yyout, "\t%s", lu->uri);
 				}
 				fprintf(yyout, "\n");
 				break;
@@ -375,72 +560,93 @@
 
 				fprintf(yyout, "HOST");
 				TAILQ_FOREACH(lh, lhl, entries) {
-					fprintf(yyout, " %s", lh->host);
+					fprintf(yyout, "\t%s", lh->host);
 				}
 				fprintf(yyout, "\n");
 				break;
 			}
 
-			case LDAP_ENTRY_SASL_SECPROPS_LIST:
+			case LDAP_ENTRY_SASL_SECPROPS_LIST: {
+				struct sasl_secprops *ss;
+				struct sasl_secprops_list *lsl = le->entry;
+				char buf[1024], *ptr;
+
+				ptr = &buf[0];
+				bzero(&buf, sizeof(buf));
+				TAILQ_FOREACH(ss, lsl, entries) {
+					ptr += snprintf(ptr, sizeof(buf) - (ptr - buf),
+						"%s", properties2str(ss->properties, "none"));
+					if (ss->factor > -1)
+						ptr += snprintf(ptr, sizeof(buf) - (ptr - buf), "=%d", ss->factor);
+
+					*ptr++ = ',';
+					*ptr = 0;
+				}
+				if (*(ptr - 1) == ',')
+					*(ptr - 1) = 0;
+
+				fprintf(yyout, "SASL_SECPROPS\t%s\n", buf);
 				break;
+			}
 
 			case LDAP_ENTRY_COMMENT:
+				fprintf(yyout, "%s\n", ((struct ldap_comment *)le->entry)->text);
 				break;
 
 			case BASE: {
-				fprintf(yyout, "BASE %s\n",
+				fprintf(yyout, "BASE\t%s\n",
 					((struct ldap_base *)le->entry)->base);
 				break;
 			}
 			case BINDDN:
-				fprintf(yyout, "BINDDN %s\n",
+				fprintf(yyout, "BINDDN\t%s\n",
 					((struct ldap_binddn *)le->entry)->dn);
 				break;
 			case DEREF:
-				fprintf(yyout, "DEREF %s\n",
+				fprintf(yyout, "DEREF\t%s\n",
 					deref2str(((struct ldap_deref *)le->entry)->when, "always"));
 				break;
 
 			case NETWORK_TIMEOUT:
-				fprintf(yyout, "NETWORK_TIMEOUT %d\n",
+				fprintf(yyout, "NETWORK_TIMEOUT\t%d\n",
 					((struct ldap_network_timeout *)le->entry)->timeout);
 				break;
 			case PORT:
-				fprintf(yyout, "PORT %d\n",
+				fprintf(yyout, "PORT\t%d\n",
 					((struct ldap_port *)le->entry)->port);
 				break;
 			case REFERRALS:
-				fprintf(yyout, "REFERRALS %s\n",
+				fprintf(yyout, "REFERRALS\t%s\n",
 					bool2str(((struct ldap_referrals *)le->entry)->option, "on"));
 				break;
 
 			case SIZELIMIT:
-				fprintf(yyout, "SIZELIMIT %d\n",
+				fprintf(yyout, "SIZELIMIT\t%d\n",
 					((struct ldap_sizelimit *)le->entry)->sizelimit);
 				break;
 			case TIMELIMIT:
-				fprintf(yyout, "TIMELIMIT %d\n",
+				fprintf(yyout, "TIMELIMIT\t%d\n",
 					((struct ldap_timelimit *)le->entry)->timelimit);
 				break;
 			case TIMEOUT:
-				fprintf(yyout, "TIMEOUT %d\n",
+				fprintf(yyout, "TIMEOUT\t%d\n",
 					((struct ldap_timeout *)le->entry)->timeout);
 				break;
 
 			case SASL_MECH:
-				fprintf(yyout, "SASL_MECH %s\n",
+				fprintf(yyout, "SASL_MECH\t%s\n",
 					((struct sasl_mech *)le->entry)->mechanism);
 				break;
 			case SASL_REALM:
-				fprintf(yyout, "SASL_REALM %s\n",
+				fprintf(yyout, "SASL_REALM\t%s\n",
 					((struct sasl_realm *)le->entry)->realm);
 				break;
 			case SASL_AUTHCID:
-				fprintf(yyout, "SASL_AUTHCID %s\n",
+				fprintf(yyout, "SASL_AUTHCID\t%s\n",
 					((struct sasl_authcid *)le->entry)->authcid);
 				break;
 			case SASL_AUTHZID:
-				fprintf(yyout, "SASL_AUTHZID %s\n",
+				fprintf(yyout, "SASL_AUTHZID\t%s\n",
 					((struct sasl_authzid *)le->entry)->authzid);
 				break;
 			case SASL_SECPROPS: {
@@ -449,52 +655,52 @@
 			}
 
 			case GSSAPI_SIGN:
-				fprintf(yyout, "GSSAPI_SIGN %s\n",
+				fprintf(yyout, "GSSAPI_SIGN\t%s\n",
 					bool2str(((struct gssapi_sign *)le->entry)->option, "off"));
 				break;
 			case GSSAPI_ENCRYPT:
-				fprintf(yyout, "GSSAPI_ENCRYPT %s\n",
+				fprintf(yyout, "GSSAPI_ENCRYPT\t%s\n",
 					bool2str(((struct gssapi_encrypt *)le->entry)->option, "off"));
 				break;
 			case GSSAPI_ALLOW_REMOTE_PRINCIPAL:
-				fprintf(yyout, "GSSAPI_ALLOW_REMOTE_PRINCIPAL: %s\n",
+				fprintf(yyout, "GSSAPI_ALLOW_REMOTE_PRINCIPAL\t%s\n",
 					bool2str(((struct gssapi_allow_remote_principal *)le->entry)->option, "off"));
 				break;
 
 			case TLS_CACERT:
-				fprintf(yyout, "TLS_CACERT %s\n",
+				fprintf(yyout, "TLS_CACERT\t%s\n",
 					((struct tls_cacert *)le->entry)->filename);
 				break;
 			case TLS_CACERTDIR:
-				fprintf(yyout, "TLS_CACERTDIR %s\n",
+				fprintf(yyout, "TLS_CACERTDIR\t%s\n",
 					((struct tls_cacertdir *)le->entry)->path);
 				break;
 			case TLS_CERT:
-				fprintf(yyout, "TLS_CERT %s\n",
+				fprintf(yyout, "TLS_CERT\t%s\n",
 					((struct tls_cert *)le->entry)->filename);
 				break;
 			case TLS_KEY:
-				fprintf(yyout, "TLS_KEY %s\n",
+				fprintf(yyout, "TLS_KEY\t%s\n",
 					((struct tls_key *)le->entry)->filename);
 				break;
 			case TLS_CIPHER_SUITE:
-				fprintf(yyout, "TLS_CIPHER_SUITE %s\n",
+				fprintf(yyout, "TLS_CIPHER_SUITE\t%s\n",
 					((struct tls_cipher_suite *)le->entry)->cipher_suite_spec);
 				break;
 			case TLS_RANDFILE:
-				fprintf(yyout, "TLS_RANDFILE %s\n",
+				fprintf(yyout, "TLS_RANDFILE\t%s\n",
 					((struct tls_randfile *)le->entry)->filename);
 				break;
 			case TLS_REQCERT:
-				fprintf(yyout, "TLS_REQCERT %s\n",
+				fprintf(yyout, "TLS_REQCERT\t%s\n",
 					level2str(((struct tls_reqcert *)le->entry)->level, "never"));
 				break;
 			case TLS_CRLCHECK:
-				fprintf(yyout, "TLS_CRLCHECK %s\n",
+				fprintf(yyout, "TLS_CRLCHECK\t%s\n",
 					level2str(((struct tls_crlcheck *)le->entry)->level, "none"));
 				break;
 			case TLS_CRLFILE:
-				fprintf(yyout, "TLS_CRLFILE %s\n",
+				fprintf(yyout, "TLS_CRLFILE\t%s\n",
 					((struct tls_crlfile *)le->entry)->filename);
 				break;
 		}
@@ -537,10 +743,20 @@
 				break;
 			}
 
-			case LDAP_ENTRY_SASL_SECPROPS_LIST:
+			case LDAP_ENTRY_SASL_SECPROPS_LIST: {
+				struct sasl_secprops *ss, *sstmp;
+				struct sasl_secprops_list *lsl = le->entry;
+
+				TAILQ_FOREACH_SAFE(ss, lsl, entries, sstmp) {
+					TAILQ_REMOVE(lsl, ss, entries);
+					xfree(&ss);
+				}
+
 				break;
+			}
 
 			case LDAP_ENTRY_COMMENT:
+				xfree(&((struct ldap_comment *)le->entry)->text);
 				break;
 
 			case BASE:

Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h	2012-08-01 19:41:12 UTC (rev 18079)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h	2012-08-01 22:35:42 UTC (rev 18080)
@@ -82,8 +82,8 @@
 	char *authzid;
 };
 struct sasl_secprops {
-	unsigned long property;
-	unsigned long factor;
+	unsigned long properties;
+	long factor;
 	TAILQ_ENTRY(sasl_secprops) entries;
 };
 TAILQ_HEAD(sasl_secprops_list, sasl_secprops);
@@ -160,4 +160,16 @@
 
 extern	char *clean(char *);
 
+extern	const char *deref2str(unsigned long, const char *);
+extern	unsigned long str2deref(const char *, unsigned long);
+
+extern	const char *bool2str(unsigned long, const char *);
+extern	unsigned long str2bool(const char *, unsigned long);
+
+extern	const char *level2str(unsigned long, const char *);
+extern	unsigned long str2level(const char *, unsigned long);
+
+extern	const char *properties2str(unsigned long, const char *);
+extern	unsigned long str2properties(const char *, unsigned long);
+
 #endif	/* __LDAPCONF_H */



More information about the Commits mailing list