[PC-BSD Commits] r18080 - pcbsd/current/src-sh/pc-adctl/ldap
svn at pcbsd.org
svn at pcbsd.org
Wed Aug 1 15:35:42 PDT 2012
Author: johnh
Date: 2012-08-01 22:35:42 +0000 (Wed, 01 Aug 2012)
New Revision: 18080
Modified:
pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y
pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c
pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h
Log:
all options are now supported, forward to adding add/modify/remove
logic.
Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y 2012-08-01 19:41:12 UTC (rev 18079)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y 2012-08-01 22:35:42 UTC (rev 18080)
@@ -17,7 +17,7 @@
static void add_deref(unsigned long);
static void add_referrals(unsigned long);
-static void add_sasl_secprops_property(unsigned long, unsigned long);
+static void sasl_secprops_parse(const char *);
static void add_gssapi_sign(unsigned long);
static void add_gssapi_encrypt(unsigned long);
@@ -133,7 +133,7 @@
options |
sasl_options |
gssapi_options |
- tls_options
+ tls_options
options:
uri |
@@ -392,25 +392,11 @@
TAILQ_INSERT_TAIL(&ldapconf, le, entries);
}
-sasl_secprops_property:
- NONE { add_sasl_secprops_property(NONE, -1); } |
- NOPLAIN { add_sasl_secprops_property(NOPLAIN, -1); } |
- NOACTIVE { add_sasl_secprops_property(NOACTIVE, -1); } |
- NODICT { add_sasl_secprops_property(NODICT, -1); } |
- NOANONYMOUS { add_sasl_secprops_property(NOANONYMOUS, -1); } |
- FORWARDSEC { add_sasl_secprops_property(FORWARDSEC, -1); } |
- PASSCRED { add_sasl_secprops_property(PASSCRED, -1); } |
- MINSSF EQUAL INTEGER { add_sasl_secprops_property(MINSSF, $3); } |
- MAXSSF EQUAL INTEGER { add_sasl_secprops_property(MAXSSF, $3); } |
- MAXBUFSIZE EQUAL INTEGER { add_sasl_secprops_property(MAXBUFSIZE, $3); }
-
-
-sasl_secprops_properties:
- sasl_secprops_properties COMMA sasl_secprops_property |
- sasl_secprops_property
-
sasl_secprops:
- SASL_SECPROPS sasl_secprops_properties
+ SASL_SECPROPS WORD
+ {
+ sasl_secprops_parse($2);
+ }
gssapi_sign:
GSSAPI_SIGN ON { add_gssapi_sign(ON); } |
@@ -550,8 +536,15 @@
SPACE
empty:
- EMPTY
+ EMPTY {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ le->type = LDAP_ENTRY_NULL;
+ le->entry = NULL;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
newline:
NEWLINE {
lineno++;
@@ -559,7 +552,18 @@
comment:
COMMENT
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_comment *lc = xalloc(sizeof(*lc));
+ lc->text = xstrdup($1);
+
+ le->type = LDAP_ENTRY_COMMENT;
+ le->entry = lc;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
%%
unsigned int lineno = 0;
@@ -597,14 +601,10 @@
}
static void
-add_sasl_secprops_property(unsigned long property, unsigned long factor)
+sasl_secprops_parse(const char *word)
{
- struct sasl_secprops *ss = xalloc(sizeof(*ss));
+ char *ptr, *str, *tmp, *save;
- ss->property = property;
- if (factor > -1)
- ss->factor = factor;
-
if (lsl == NULL) {
struct ldap_entry *le = xalloc(sizeof(*le));
@@ -615,11 +615,29 @@
le->entry = lsl;
TAILQ_INSERT_TAIL(&ldapconf, le, entries);
- TAILQ_INSERT_TAIL(lsl, ss, entries);
+ }
- } else {
+ ptr = xstrdup(word);
+ save = ptr;
+
+ while ((tmp = strsep(&ptr, ",")) != NULL) {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct sasl_secprops *ss = xalloc(sizeof(*ss));
+
+ str = strsep(&tmp, "=");
+ ss->properties = str2properties(str, NONE);
+ ss->factor = -1;
+
+ if (tmp != NULL)
+ ss->factor = strtol(tmp, 0, 10);
+
+ le->type = SASL_SECPROPS;
+ le->entry = ss;
+
TAILQ_INSERT_TAIL(lsl, ss, entries);
}
+
+ xfree(&save);
}
static void
@@ -636,7 +654,6 @@
TAILQ_INSERT_TAIL(&ldapconf, le, entries);
}
-
static void
add_gssapi_encrypt(unsigned long option)
{
@@ -692,7 +709,7 @@
TAILQ_INSERT_TAIL(&ldapconf, le, entries);
}
-
+
void
yyerror(const char *str)
{
Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c 2012-08-01 19:41:12 UTC (rev 18079)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c 2012-08-01 22:35:42 UTC (rev 18080)
@@ -243,7 +243,7 @@
}
}
-static const char *
+const char *
deref2str(unsigned long deref, const char *def)
{
const char *str = def;
@@ -269,7 +269,31 @@
return (str);
}
-static const char *
+unsigned long
+str2deref(const char *str, unsigned long def)
+{
+ unsigned long deref = def;
+
+ if (str == NULL || str[0] == 0)
+ return (def);
+
+ if (strcasecmp(str, "never") == 0) {
+ deref = NEVER;
+
+ } else if (strcasecmp(str, "searching") == 0) {
+ deref = SEARCHING;
+
+ } else if (strcasecmp(str, "finding") == 0) {
+ deref = FINDING;
+
+ } else if (strcasecmp(str, "always") == 0) {
+ deref = ALWAYS;
+ }
+
+ return (deref);
+}
+
+const char *
bool2str(unsigned long b, const char *def)
{
const char *str = def;
@@ -303,7 +327,38 @@
return (str);
}
-static const char *
+unsigned long
+str2bool(const char *str, unsigned long def)
+{
+ unsigned long b = def;
+
+ if (str == NULL || str[0] == 0)
+ return (def);
+
+ if (strcasecmp(str, "on") == 0) {
+ b = ON;
+
+ } else if (strcasecmp(str, "true") == 0) {
+ b = TRUE;
+
+ } else if (strcasecmp(str, "yes") == 0) {
+ b = YES;
+
+ } else if (strcasecmp(str, "off") == 0) {
+ b = OFF;
+
+ } else if (strcasecmp(str, "false") == 0) {
+ b = FALSE;
+
+ } else if (strcasecmp(str, "no") == 0) {
+ b = NO;
+ }
+
+ return (b);
+}
+
+
+const char *
level2str(unsigned long level, const char *def)
{
const char *str = def;
@@ -346,6 +401,135 @@
return (str);
}
+unsigned long
+str2level(const char *str, unsigned long def)
+{
+ unsigned long level = def;
+
+ if (str == NULL || str[0] == 0)
+ return (def);
+
+ if (strcasecmp(str, "never") == 0) {
+ level = NEVER;
+
+ } else if (strcasecmp(str, "allow") == 0) {
+ level = ALLOW;
+
+ } else if (strcasecmp(str, "try") == 0) {
+ level = TRY;
+
+ } else if (strcasecmp(str, "demand") == 0) {
+ level = DEMAND;
+
+ } else if (strcasecmp(str, "hard") == 0) {
+ level = HARD;
+
+ } else if (strcasecmp(str, "none") == 0) {
+ level = NONE;
+
+ } else if (strcasecmp(str, "peer") == 0) {
+ level = PEER;
+
+ } else if (strcasecmp(str, "all") == 0) {
+ level = ALL;
+ }
+
+ return (level);
+}
+
+const char *
+properties2str(unsigned long properties, const char *def)
+{
+ const char *str = def;
+
+ switch (properties) {
+ case NONE:
+ str = "none";
+ break;
+
+ case NOPLAIN:
+ str = "noplain";
+ break;
+
+ case NOACTIVE:
+ str = "noactive";
+ break;
+
+ case NODICT:
+ str = "nodict";
+ break;
+
+ case NOANONYMOUS:
+ str = "noanonymous";
+ break;
+
+ case FORWARDSEC:
+ str = "forwardsec";
+ break;
+
+ case PASSCRED:
+ str = "passcred";
+ break;
+
+ case MINSSF:
+ str = "minssf";
+ break;
+
+ case MAXSSF:
+ str = "maxssf";
+ break;
+
+ case MAXBUFSIZE:
+ str = "maxbufsize";
+ break;
+ }
+
+ return (str);
+}
+
+unsigned long
+str2properties(const char *str, unsigned long def)
+{
+ unsigned long properties = def;
+
+ if (str == NULL || str[0] == 0)
+ return (def);
+
+ if (strcasecmp(str, "none") == 0) {
+ properties = NONE;
+
+ } else if (strcasecmp(str, "noplain") == 0) {
+ properties = NOPLAIN;
+
+ } else if (strcasecmp(str, "noactive") == 0) {
+ properties = NOACTIVE;
+
+ } else if (strcasecmp(str, "nodict") == 0) {
+ properties = NODICT;
+
+ } else if (strcasecmp(str, "noanonymous") == 0) {
+ properties = NOANONYMOUS;
+
+ } else if (strcasecmp(str, "forwardsec") == 0) {
+ properties = FORWARDSEC;
+
+ } else if (strcasecmp(str, "passcred") == 0) {
+ properties = PASSCRED;
+
+ } else if (strcasecmp(str, "minssf") == 0) {
+ properties = MINSSF;
+
+ } else if (strcasecmp(str, "maxssf") == 0) {
+ properties = MAXSSF;
+
+ } else if (strcasecmp(str, "maxbufsize") == 0) {
+ properties = MAXBUFSIZE;
+ }
+
+ return (properties);
+}
+
+
static int
write_ldap_conf(void)
{
@@ -355,6 +539,7 @@
TAILQ_FOREACH(le, &ldapconf, entries) {
switch (le->type) {
case LDAP_ENTRY_NULL:
+ fprintf(yyout, "\n");
break;
case LDAP_ENTRY_URI_LIST: {
@@ -363,7 +548,7 @@
fprintf(yyout, "URI");
TAILQ_FOREACH(lu, lul, entries) {
- fprintf(yyout, " %s", lu->uri);
+ fprintf(yyout, "\t%s", lu->uri);
}
fprintf(yyout, "\n");
break;
@@ -375,72 +560,93 @@
fprintf(yyout, "HOST");
TAILQ_FOREACH(lh, lhl, entries) {
- fprintf(yyout, " %s", lh->host);
+ fprintf(yyout, "\t%s", lh->host);
}
fprintf(yyout, "\n");
break;
}
- case LDAP_ENTRY_SASL_SECPROPS_LIST:
+ case LDAP_ENTRY_SASL_SECPROPS_LIST: {
+ struct sasl_secprops *ss;
+ struct sasl_secprops_list *lsl = le->entry;
+ char buf[1024], *ptr;
+
+ ptr = &buf[0];
+ bzero(&buf, sizeof(buf));
+ TAILQ_FOREACH(ss, lsl, entries) {
+ ptr += snprintf(ptr, sizeof(buf) - (ptr - buf),
+ "%s", properties2str(ss->properties, "none"));
+ if (ss->factor > -1)
+ ptr += snprintf(ptr, sizeof(buf) - (ptr - buf), "=%d", ss->factor);
+
+ *ptr++ = ',';
+ *ptr = 0;
+ }
+ if (*(ptr - 1) == ',')
+ *(ptr - 1) = 0;
+
+ fprintf(yyout, "SASL_SECPROPS\t%s\n", buf);
break;
+ }
case LDAP_ENTRY_COMMENT:
+ fprintf(yyout, "%s\n", ((struct ldap_comment *)le->entry)->text);
break;
case BASE: {
- fprintf(yyout, "BASE %s\n",
+ fprintf(yyout, "BASE\t%s\n",
((struct ldap_base *)le->entry)->base);
break;
}
case BINDDN:
- fprintf(yyout, "BINDDN %s\n",
+ fprintf(yyout, "BINDDN\t%s\n",
((struct ldap_binddn *)le->entry)->dn);
break;
case DEREF:
- fprintf(yyout, "DEREF %s\n",
+ fprintf(yyout, "DEREF\t%s\n",
deref2str(((struct ldap_deref *)le->entry)->when, "always"));
break;
case NETWORK_TIMEOUT:
- fprintf(yyout, "NETWORK_TIMEOUT %d\n",
+ fprintf(yyout, "NETWORK_TIMEOUT\t%d\n",
((struct ldap_network_timeout *)le->entry)->timeout);
break;
case PORT:
- fprintf(yyout, "PORT %d\n",
+ fprintf(yyout, "PORT\t%d\n",
((struct ldap_port *)le->entry)->port);
break;
case REFERRALS:
- fprintf(yyout, "REFERRALS %s\n",
+ fprintf(yyout, "REFERRALS\t%s\n",
bool2str(((struct ldap_referrals *)le->entry)->option, "on"));
break;
case SIZELIMIT:
- fprintf(yyout, "SIZELIMIT %d\n",
+ fprintf(yyout, "SIZELIMIT\t%d\n",
((struct ldap_sizelimit *)le->entry)->sizelimit);
break;
case TIMELIMIT:
- fprintf(yyout, "TIMELIMIT %d\n",
+ fprintf(yyout, "TIMELIMIT\t%d\n",
((struct ldap_timelimit *)le->entry)->timelimit);
break;
case TIMEOUT:
- fprintf(yyout, "TIMEOUT %d\n",
+ fprintf(yyout, "TIMEOUT\t%d\n",
((struct ldap_timeout *)le->entry)->timeout);
break;
case SASL_MECH:
- fprintf(yyout, "SASL_MECH %s\n",
+ fprintf(yyout, "SASL_MECH\t%s\n",
((struct sasl_mech *)le->entry)->mechanism);
break;
case SASL_REALM:
- fprintf(yyout, "SASL_REALM %s\n",
+ fprintf(yyout, "SASL_REALM\t%s\n",
((struct sasl_realm *)le->entry)->realm);
break;
case SASL_AUTHCID:
- fprintf(yyout, "SASL_AUTHCID %s\n",
+ fprintf(yyout, "SASL_AUTHCID\t%s\n",
((struct sasl_authcid *)le->entry)->authcid);
break;
case SASL_AUTHZID:
- fprintf(yyout, "SASL_AUTHZID %s\n",
+ fprintf(yyout, "SASL_AUTHZID\t%s\n",
((struct sasl_authzid *)le->entry)->authzid);
break;
case SASL_SECPROPS: {
@@ -449,52 +655,52 @@
}
case GSSAPI_SIGN:
- fprintf(yyout, "GSSAPI_SIGN %s\n",
+ fprintf(yyout, "GSSAPI_SIGN\t%s\n",
bool2str(((struct gssapi_sign *)le->entry)->option, "off"));
break;
case GSSAPI_ENCRYPT:
- fprintf(yyout, "GSSAPI_ENCRYPT %s\n",
+ fprintf(yyout, "GSSAPI_ENCRYPT\t%s\n",
bool2str(((struct gssapi_encrypt *)le->entry)->option, "off"));
break;
case GSSAPI_ALLOW_REMOTE_PRINCIPAL:
- fprintf(yyout, "GSSAPI_ALLOW_REMOTE_PRINCIPAL: %s\n",
+ fprintf(yyout, "GSSAPI_ALLOW_REMOTE_PRINCIPAL\t%s\n",
bool2str(((struct gssapi_allow_remote_principal *)le->entry)->option, "off"));
break;
case TLS_CACERT:
- fprintf(yyout, "TLS_CACERT %s\n",
+ fprintf(yyout, "TLS_CACERT\t%s\n",
((struct tls_cacert *)le->entry)->filename);
break;
case TLS_CACERTDIR:
- fprintf(yyout, "TLS_CACERTDIR %s\n",
+ fprintf(yyout, "TLS_CACERTDIR\t%s\n",
((struct tls_cacertdir *)le->entry)->path);
break;
case TLS_CERT:
- fprintf(yyout, "TLS_CERT %s\n",
+ fprintf(yyout, "TLS_CERT\t%s\n",
((struct tls_cert *)le->entry)->filename);
break;
case TLS_KEY:
- fprintf(yyout, "TLS_KEY %s\n",
+ fprintf(yyout, "TLS_KEY\t%s\n",
((struct tls_key *)le->entry)->filename);
break;
case TLS_CIPHER_SUITE:
- fprintf(yyout, "TLS_CIPHER_SUITE %s\n",
+ fprintf(yyout, "TLS_CIPHER_SUITE\t%s\n",
((struct tls_cipher_suite *)le->entry)->cipher_suite_spec);
break;
case TLS_RANDFILE:
- fprintf(yyout, "TLS_RANDFILE %s\n",
+ fprintf(yyout, "TLS_RANDFILE\t%s\n",
((struct tls_randfile *)le->entry)->filename);
break;
case TLS_REQCERT:
- fprintf(yyout, "TLS_REQCERT %s\n",
+ fprintf(yyout, "TLS_REQCERT\t%s\n",
level2str(((struct tls_reqcert *)le->entry)->level, "never"));
break;
case TLS_CRLCHECK:
- fprintf(yyout, "TLS_CRLCHECK %s\n",
+ fprintf(yyout, "TLS_CRLCHECK\t%s\n",
level2str(((struct tls_crlcheck *)le->entry)->level, "none"));
break;
case TLS_CRLFILE:
- fprintf(yyout, "TLS_CRLFILE %s\n",
+ fprintf(yyout, "TLS_CRLFILE\t%s\n",
((struct tls_crlfile *)le->entry)->filename);
break;
}
@@ -537,10 +743,20 @@
break;
}
- case LDAP_ENTRY_SASL_SECPROPS_LIST:
+ case LDAP_ENTRY_SASL_SECPROPS_LIST: {
+ struct sasl_secprops *ss, *sstmp;
+ struct sasl_secprops_list *lsl = le->entry;
+
+ TAILQ_FOREACH_SAFE(ss, lsl, entries, sstmp) {
+ TAILQ_REMOVE(lsl, ss, entries);
+ xfree(&ss);
+ }
+
break;
+ }
case LDAP_ENTRY_COMMENT:
+ xfree(&((struct ldap_comment *)le->entry)->text);
break;
case BASE:
Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h 2012-08-01 19:41:12 UTC (rev 18079)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h 2012-08-01 22:35:42 UTC (rev 18080)
@@ -82,8 +82,8 @@
char *authzid;
};
struct sasl_secprops {
- unsigned long property;
- unsigned long factor;
+ unsigned long properties;
+ long factor;
TAILQ_ENTRY(sasl_secprops) entries;
};
TAILQ_HEAD(sasl_secprops_list, sasl_secprops);
@@ -160,4 +160,16 @@
extern char *clean(char *);
+extern const char *deref2str(unsigned long, const char *);
+extern unsigned long str2deref(const char *, unsigned long);
+
+extern const char *bool2str(unsigned long, const char *);
+extern unsigned long str2bool(const char *, unsigned long);
+
+extern const char *level2str(unsigned long, const char *);
+extern unsigned long str2level(const char *, unsigned long);
+
+extern const char *properties2str(unsigned long, const char *);
+extern unsigned long str2properties(const char *, unsigned long);
+
#endif /* __LDAPCONF_H */
More information about the Commits
mailing list