[PC-BSD Commits] r18026 - pcbsd/current/src-sh/pc-adctl/ldap

svn at pcbsd.org svn at pcbsd.org
Tue Jul 31 22:39:03 PDT 2012


Author: johnh
Date: 2012-08-01 05:39:03 +0000 (Wed, 01 Aug 2012)
New Revision: 18026

Modified:
   pcbsd/current/src-sh/pc-adctl/ldap/ldap-lexer.l
   pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y
   pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c
   pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h
Log:
Committing progress, more to come.



Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldap-lexer.l
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldap-lexer.l	2012-07-31 21:38:00 UTC (rev 18025)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldap-lexer.l	2012-08-01 05:39:03 UTC (rev 18026)
@@ -18,81 +18,189 @@
 %%
 
 
-URI								{ return (URI); }
-BASE							{ return (BASE); }
-BINDDN							{ return (BINDDN); }
-DEREF							{ return (DEREF); }
+[Uu][Rr][Ii] {
+	return (URI);
+}
+[Bb][Aa][Ss][Ee] {
+	return (BASE);
+}
+[Bb][Ii][Nn][Dd][Dd][Nn] {
+	return (BINDDN);
+}
+[Dd][Ee][Rr][Ee][Ff] {
+	return (DEREF);
+}
 
-never							{ return (NEVER); }
-searching						{ return (SEARCHING); }
-finding							{ return (FINDING); }
-always							{ return (ALWAYS); }
+[Nn][Ee][Vv][Ee][Rr] {
+	return (NEVER);
+}
+[Ss][Ee][Aa][Rr][Cc][Hh][Ii][Nn][Gg] {
+	return (SEARCHING);
+}
+[Ff][Ii][Nn][Dd][Ii][Nn][Gg] {
+	return (FINDING);
+}
+[Aa][Ll][Ww][Aa][Yy][Ss] {
+	return (ALWAYS);
+}
 
-HOST							{ return (HOST); }
-NETWORK_TIMEOUT					{ return (NETWORK_TIMEOUT); }
-PORT							{ return (PORT); }
-REFERRALS						{ return (REFERRALS); }
+[Hh][Oo][Ss][Tt] {
+	return (HOST);
+}
+[Nn][Ee][Tt][Ww][Oo][Rr][Kk]_[Tt][Ii][Mm][Ee][Oo][Uu][Tt] {
+	return (NETWORK_TIMEOUT);
+}
+[Pp][Oo][Rr][Tt] {
+	return (PORT);
+}
+[Rr][Ee][Ff][Ee][Rr][Rr][Aa][Ll][Ss] {
+	return (REFERRALS);
+}
 
-on								{ return (ON); }
-true							{ return (TRUE); }
-yes								{ return (YES); }
-off								{ return (OFF); }
-false							{ return (FALSE); }
-no								{ return (NO); }
+[Oo][Nn] {
+	return (ON);
+}
+[Tt][Rr][Uu][Ee] {
+	return (TRUE);
+}
+[Yy][Ee][Ss] {
+	return (YES);
+}
+[Oo][Ff][Ff] {
+	return (OFF);
+}
+[Ff][Aa][Ll][Ss][Ee] {
+	return (FALSE);
+}
+[Nn][Oo] {
+	return (NO);
+}
 
-SIZELIMIT						{ return (SIZELIMIT); }
-TIMELIMIT						{ return (TIMELIMIT); }
-TIMEOUT							{ return (TIMEOUT); }
+[Ss][Ii][Zz][Ee][Ll][Ii][Mm][Ii][Tt] {
+	return (SIZELIMIT);
+}
+[Tt][Ii][Mm][Ee][Ll][Ii][Mm][Ii][Tt] {
+	return (TIMELIMIT);
+}
+[Tt][Ii][Mm][Ee][Oo][Uu][Tt] {
+	return (TIMEOUT);
+}
 
-SASL_MECH						{ return (SASL_MECH); }
-SASL_REALM						{ return (SASL_REALM); }
-SASL_AUTHCID					{ return (SASL_AUTHCID); }
-SASL_AUTHZID					{ return (SASL_AUTHZID); }
-SASL_SECPROPS					{ return (SASL_SECPROPS); }
+[Ss][Aa][Ss][Ll]_[Mm][Ee][Cc][Hh] {
+	return (SASL_MECH);
+}
+[Ss][Aa][Ss][Ll]_[Rr][Ee][Aa][Ll][Mm] {
+	return (SASL_REALM);
+}
+[Ss][Aa][Ss][Ll]_[Aa][Uu][Tt][Hh][Cc][Ii][Dd] {
+	return (SASL_AUTHCID);
+}
+[Ss][Aa][Ss][Ll]_[Aa][Uu][Tt][Hh][Za][Ii][Dd] {
+	return (SASL_AUTHZID);
+}
+[Ss][Aa][Ss][Ll]_[Ss][Ee][Cc][Pp][Rr][Oo][Pp][Ss] {
+	return (SASL_SECPROPS);
+}
 
-none							{ return (NONE); }
-noplain							{ return (NOPLAIN); }
-noactive						{ return (NOACTIVE); }
-nodict							{ return (NODICT); }
-noanonymous						{ return (NOANONYMOUS); }
-forwardsec						{ return (FORWARDSEC); }
-passcred						{ return (PASSCRED); }
-minssf							{ return (MINSSF); }
-maxssf							{ return (MAXSSF); }
-maxbufsize						{ return (MAXBUFSIZE); }
+[Nn][Oo][Nn][Ee] {
+	return (NONE);
+}
+[Nn][Oo][Pp][Ll][Aa][Ii][Nn] {
+	return (NOPLAIN);
+}
+[Nn][Oo][Aa][Cc][Tt][Ii][Vv][Ee] {
+	return (NOACTIVE);
+}
+[Nn][Oo][Dd][Ii][Cc][Tt] {
+	return (NODICT);
+}
+[Nn][Oo][Aa][Nn][Oo][Nn][Yy][Mm][Oo][Uu][Ss] {
+	return (NOANONYMOUS);
+}
+[Ff][Oo][Rr][Ww][Aa][Rr][Dd][Ss][Ee][Cc] {
+	return (FORWARDSEC);
+}
+[Pp][Aa][Ss][Ss][Cc][Rr][Ee][Dd] {
+	return (PASSCRED);
+}
+[Mm][Ii][Nn][Ss][Ss][Ff] {
+	return (MINSSF);
+}
+[Mm][Aa][Xx][Ss][Ss][Ff] {
+	return (MAXSSF);
+}
+[Mm][Aa][Xx][Bb][Uu][Ff][Ss][Ii][Zz][Ee] {
+	return (MAXBUFSIZE);
+}
 
-GSSAPI_SIGN						{ return (GSSAPI_SIGN); }
-GSSAPI_ENCRYPT					{ return (GSSAPI_ENCRYPT); }
-GSSAPI_ALLOW_REMOTE_PRINCIPAL	{ return (GSSAPI_ALLOW_REMOTE_PRINCIPAL); }
+[Gg][Ss][Ss][Aa][Pp][Ii]_[Ss][Ii][Gg][Nn] {
+	return (GSSAPI_SIGN);
+}
+[Gg][Ss][Ss][Aa][Pp][Ii]_[Ee][Nn][Cc][Rr][Yy][Pp][Tt] {
+	return (GSSAPI_ENCRYPT);
+}
+[Gg][Ss][Ss][Aa][Pp][Ii]_[Aa][Ll][Ll][Oo][Ww]_[Rr][Ee][Mm][Oo][Tt][Ee]_[Pp][Rr][Ii][Nn][Cc][Ii][Pp][Aa][Ll]	{
+	return (GSSAPI_ALLOW_REMOTE_PRINCIPAL);
+}
 
-TLS_CACERT						{ return (TLS_CACERT); } 
-TLS_CACERTDIR					{ return (TLS_CACERTDIR); }
-TLS_CERT						{ return (TLS_CERT); }
-TLS_KEY							{ return (TLS_KEY); }
-TLS_CIPHER_SUITE				{ return (TLS_CIPHER_SUITE); }
-TLS_RANDFILE					{ return (TLS_RANDFILE); }
-TLS_REQCERT						{ return (TLS_REQCERT); }
+[Tt][Ll][Ss]_[Cc][Aa][Cc][Ee][Rr][Tt] {
+	return (TLS_CACERT);
+} 
+[Tt][Ll][Ss]_[Cc][Aa][Cc][Ee][Rr][Tt][Dd][Ii][Rr] {
+	return (TLS_CACERTDIR);
+}
+[Tt][Ll][Ss]_[Cc][Ee][Rr][Tt] {
+	return (TLS_CERT);
+}
+[Tt][Ll][Ss]_[Kk][Ee][Yy] {
+	return (TLS_KEY);
+}
+[Tt][Ll][Ss]_[Cc][Ii][Pp][Hh][Ee][Rr]_[Ss][Uu][Ii][Tt][Ee] {
+	return (TLS_CIPHER_SUITE);
+}
+[Tt][Ll][Ss]_[Rr][Aa][Nn][Dd][Ff][Ii][Ll][Ee] {
+	return (TLS_RANDFILE);
+}
+[Tt][Ll][Ss]_[Rr][Ee][Qq][Cc][Ee][Rr][Tt] {
+	return (TLS_REQCERT);
+}
 
-never							{ return (NEVER); }
-allow							{ return (ALLOW); }
-try								{ return (TRY); }
-demand							{ return (DEMAND); }
-hard							{ return (HARD); }
+[Aa][Ll][Ll][Oo][Ww] {
+	return (ALLOW);
+}
+[Tt][Rr][Yy] {
+	return (TRY);
+}
+[Dd][Ee][Mm][Aa][Nn][Dd] {
+	return (DEMAND);
+}
+[Hh][Aa][Rr][Dd] {
+	return (HARD);
+}
 
-TLS_CRLCHECK					{ return (TLS_CRLCHECK); }
+[Tt][Ll][Ss]_[Cc][Rr][Ll][Cc][Hh][Ee][Cc][Kk] {
+	return (TLS_CRLCHECK);
+}
 
-none							{ return (NONE); }
-peer							{ return (PEER); }
-all								{ return (ALL); }
+[Pp][Ee][Ee][Rr] {
+	return (PEER);
+}
+[Aa][Ll][Ll] {
+	return (ALL);
+}
 
-TLS_CRLFILE						{ return (TLS_CRLFILE); }
+[Tt][Ll][Ss]_[Cc][Rr][Ll][Ff][Ii][Ll][Ee] {
+	return (TLS_CRLFILE);
+}
 
-=								{ return (EQUAL); }
-,								{ return (COMMA); }
+=	{ return (EQUAL); }
+,	{ return (COMMA); }
+\n	{ return (NEWLINE); }
 
+[[:space:]\t]+$	{
+	return (EMPTY);
+}
 
-\n	{ return (NEWLINE); }
-
 ([ \t]+)?(;|#)(.+)?$	{
 	yylval.str = strdup(clean(yytext));
 	return (COMMENT);
@@ -103,7 +211,7 @@
 	return (INTEGER);
 }
 
-ldap([si])?:\/\/.+	{
+ldap([si])?:\/\/[^#[:space:]]+	{
 	yylval.str = strdup(clean(yytext));
 	return (LDAP_SERVER);
 }

Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y	2012-07-31 21:38:00 UTC (rev 18025)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y	2012-08-01 05:39:03 UTC (rev 18026)
@@ -14,6 +14,18 @@
 
 extern	struct ldap_entry_list ldapconf;
 
+static	void add_deref(unsigned long);
+static	void add_referrals(unsigned long);
+
+static	void add_sasl_secprops_property(unsigned long, unsigned long);
+
+static	void add_gssapi_sign(unsigned long);
+static	void add_gssapi_encrypt(unsigned long);
+static	void add_gssapi_allow_remote_principal(unsigned long);
+
+static	void add_tls_reqcert(unsigned long);
+static	void add_tls_crlcheck(unsigned long);
+
 %}
 
 %union {
@@ -161,7 +173,27 @@
 
 ldap_server:
 	LDAP_SERVER
+	{
+		struct ldap_uri *lu = xalloc(sizeof(*lu));
 
+		lu->uri = xstrdup(clean($1));
+		if (lul == NULL) {
+			struct ldap_entry *le = xalloc(sizeof(*le));
+
+			lul = xalloc(sizeof(*lul));
+			TAILQ_INIT(lul);
+
+			le->type = LDAP_ENTRY_URI_LIST;
+			le->entry = lul;
+
+			TAILQ_INSERT_TAIL(lul, lu, entries);
+			TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+
+		} else {
+			TAILQ_INSERT_TAIL(lul, lu, entries);
+		}
+	}
+
 ldap_servers:
 	ldap_servers ldap_server |
 	ldap_server
@@ -171,65 +203,206 @@
 
 base:
 	BASE WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct ldap_base *lb = xalloc(sizeof(*lb));
 
+		lb->base = xstrdup(clean($2));
+
+		le->type = BASE;
+		le->entry = lb;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 binddn:
 	BINDDN WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct ldap_binddn *lb = xalloc(sizeof(*lb));
 
+		lb->dn = xstrdup(clean($2));
+
+		le->type = BINDDN;
+		le->entry = lb;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 deref:
-	DEREF NEVER |
-	DEREF SEARCHING |
-	DEREF FINDING |
-	DEREF ALWAYS
+	DEREF NEVER 	{ add_deref(NEVER);		} |
+	DEREF SEARCHING { add_deref(SEARCHING);	} |
+	DEREF FINDING 	{ add_deref(FINDING);	} |
+	DEREF ALWAYS	{ add_deref(ALWAYS);	}
 
 host:
 	HOST WORD
+	{
+		struct ldap_host *lh = xalloc(sizeof(*lh));
 
+		lh->host = xstrdup(clean($2));
+		if (lhl == NULL) {
+			struct ldap_entry *le = xalloc(sizeof(*le));
+
+			lhl = xalloc(sizeof(*lhl));
+			TAILQ_INIT(lhl);
+
+			le->type = LDAP_ENTRY_HOST_LIST;
+			le->entry = lhl;
+
+			TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+			TAILQ_INSERT_TAIL(lhl, lh, entries);
+
+		} else {
+			TAILQ_INSERT_TAIL(lhl, lh, entries);
+		}
+	}
+
 network_timeout:
 	NETWORK_TIMEOUT INTEGER
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct ldap_network_timeout *lnt = xalloc(sizeof(*lnt));
 
+		lnt->timeout = $2;
+
+		le->type = NETWORK_TIMEOUT;
+		le->entry = lnt;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 port:
 	PORT INTEGER
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct ldap_port *lp = xalloc(sizeof(*lp));
 
+		lp->port = $2;
+
+		le->type = PORT;
+		le->entry = lp;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 referrals:
-	REFERRALS ON |
-	REFERRALS TRUE |
-	REFERRALS YES |
-	REFERRALS OFF |
-	REFERRALS FALSE |
-	REFERRALS NO
+	REFERRALS ON 	{ add_referrals(ON);	} |
+	REFERRALS TRUE	{ add_referrals(TRUE);	} |
+	REFERRALS YES 	{ add_referrals(YES);	} |
+	REFERRALS OFF 	{ add_referrals(OFF);	} |
+	REFERRALS FALSE	{ add_referrals(FALSE);	} |
+	REFERRALS NO	{ add_referrals(NO);	}
 
 sizelimit:
 	SIZELIMIT INTEGER
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct ldap_sizelimit *ls = xalloc(sizeof(*ls));
 
+		ls->sizelimit = $2;
+
+		le->type = SIZELIMIT;
+		le->entry = ls;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 timelimit:
 	TIMELIMIT INTEGER
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct ldap_timelimit *lt = xalloc(sizeof(*lt));
 
+		lt->timelimit = $2;
+
+		le->type = TIMELIMIT;
+		le->entry = lt;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 timeout:
 	TIMEOUT INTEGER
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct ldap_timeout *lt = xalloc(sizeof(*lt));
 
+		lt->timeout = $2;
+
+		le->type = TIMEOUT;
+		le->entry = lt;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 sasl_mech:
 	SASL_MECH WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct sasl_mech *sm = xalloc(sizeof(*sm));
 
+		sm->mechanism = xstrdup(clean($2));
+
+		le->type = SASL_MECH;
+		le->entry = sm;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 sasl_realm:
 	SASL_REALM WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct sasl_realm *sr = xalloc(sizeof(*sr));
 
+		sr->realm = xstrdup(clean($2));
+
+		le->type = SASL_REALM;
+		le->entry = sr;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 sasl_authcid:
 	SASL_AUTHCID WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct sasl_authcid *sa = xalloc(sizeof(*sa));
 
+		sa->authcid = xstrdup(clean($2));
+
+		le->type = SASL_AUTHCID;
+		le->entry = sa;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 sasl_authzid:
 	SASL_AUTHZID WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct sasl_authzid *sa = xalloc(sizeof(*sa));
 
+		sa->authzid = xstrdup(clean($2));
+
+		le->type = SASL_AUTHZID;
+		le->entry = sa;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 sasl_secprops_property:
-	NONE |
-	NOPLAIN |
-	NOACTIVE |
-	NODICT |
-	NOANONYMOUS |
-	FORWARDSEC |
-	PASSCRED |
-	MINSSF EQUAL INTEGER |
-	MAXSSF EQUAL INTEGER |
-	MAXBUFSIZE EQUAL INTEGER
+	NONE 						{ add_sasl_secprops_property(NONE, -1); } |
+	NOPLAIN 					{ add_sasl_secprops_property(NOPLAIN, -1); } |
+	NOACTIVE 					{ add_sasl_secprops_property(NOACTIVE, -1); } |
+	NODICT 						{ add_sasl_secprops_property(NODICT, -1); } |
+	NOANONYMOUS 				{ add_sasl_secprops_property(NOANONYMOUS, -1); } |
+	FORWARDSEC 					{ add_sasl_secprops_property(FORWARDSEC, -1); } |
+	PASSCRED 					{ add_sasl_secprops_property(PASSCRED, -1); } |
+	MINSSF EQUAL INTEGER 		{ add_sasl_secprops_property(MINSSF, $3); } |
+	MAXSSF EQUAL INTEGER 		{ add_sasl_secprops_property(MAXSSF, $3); } |
+	MAXBUFSIZE EQUAL INTEGER	{ add_sasl_secprops_property(MAXBUFSIZE, $3); }
 
 
 sasl_secprops_properties:
@@ -240,62 +413,139 @@
 	SASL_SECPROPS sasl_secprops_properties
 
 gssapi_sign:
-	GSSAPI_SIGN ON |
-	GSSAPI_SIGN TRUE |
-	GSSAPI_SIGN YES |
-	GSSAPI_SIGN OFF |
-	GSSAPI_SIGN FALSE |
-	GSSAPI_SIGN NO
+	GSSAPI_SIGN ON		{ add_gssapi_sign(ON);		} |
+	GSSAPI_SIGN TRUE	{ add_gssapi_sign(TRUE);	} |
+	GSSAPI_SIGN YES		{ add_gssapi_sign(YES);		} |
+	GSSAPI_SIGN OFF		{ add_gssapi_sign(OFF);		} |
+	GSSAPI_SIGN FALSE	{ add_gssapi_sign(FALSE);	} |
+	GSSAPI_SIGN NO		{ add_gssapi_sign(NO);		}
 
 gssapi_encrypt:
-	GSSAPI_ENCRYPT ON |
-	GSSAPI_ENCRYPT TRUE |
-	GSSAPI_ENCRYPT YES |
-	GSSAPI_ENCRYPT OFF |
-	GSSAPI_ENCRYPT FALSE |
-	GSSAPI_ENCRYPT NO
+	GSSAPI_ENCRYPT ON		{ add_gssapi_encrypt(ON);		} |
+	GSSAPI_ENCRYPT TRUE		{ add_gssapi_encrypt(TRUE);		} |
+	GSSAPI_ENCRYPT YES		{ add_gssapi_encrypt(YES);		} |
+	GSSAPI_ENCRYPT OFF 		{ add_gssapi_encrypt(OFF);		} |
+	GSSAPI_ENCRYPT FALSE 	{ add_gssapi_encrypt(FALSE);	} |
+	GSSAPI_ENCRYPT NO		{ add_gssapi_encrypt(NO);		}
 
 gssapi_allow_remote_principal:
-	GSSAPI_ALLOW_REMOTE_PRINCIPAL ON |
-	GSSAPI_ALLOW_REMOTE_PRINCIPAL TRUE |
-	GSSAPI_ALLOW_REMOTE_PRINCIPAL YES |
-	GSSAPI_ALLOW_REMOTE_PRINCIPAL OFF |
-	GSSAPI_ALLOW_REMOTE_PRINCIPAL FALSE |
-	GSSAPI_ALLOW_REMOTE_PRINCIPAL NO
+	GSSAPI_ALLOW_REMOTE_PRINCIPAL ON 	{ add_gssapi_allow_remote_principal(ON); } |
+	GSSAPI_ALLOW_REMOTE_PRINCIPAL TRUE 	{ add_gssapi_allow_remote_principal(TRUE); } |
+	GSSAPI_ALLOW_REMOTE_PRINCIPAL YES 	{ add_gssapi_allow_remote_principal(YES); } |
+	GSSAPI_ALLOW_REMOTE_PRINCIPAL OFF 	{ add_gssapi_allow_remote_principal(OFF); } |
+	GSSAPI_ALLOW_REMOTE_PRINCIPAL FALSE	{ add_gssapi_allow_remote_principal(FALSE); } |
+	GSSAPI_ALLOW_REMOTE_PRINCIPAL NO	{ add_gssapi_allow_remote_principal(NO); }
 
 tls_cacert:
 	TLS_CACERT WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct tls_cacert *tc = xalloc(sizeof(*tc));
 
+		tc->filename = xstrdup(clean($2));
+
+		le->type = TLS_CACERT;
+		le->entry = tc;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 tls_cacertdir:
 	TLS_CACERTDIR WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct tls_cacertdir *tc = xalloc(sizeof(*tc));
 
+		tc->path = xstrdup(clean($2));
+
+		le->type = TLS_CACERTDIR;
+		le->entry = tc;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 tls_cert:
 	TLS_CERT WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct tls_cert *tc = xalloc(sizeof(*tc));
 
+		tc->filename = xstrdup(clean($2));
+
+		le->type = TLS_CERT;
+		le->entry = tc;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 tls_key:
 	TLS_KEY WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct tls_key *tk = xalloc(sizeof(*tk));
 
+		tk->filename = xstrdup(clean($2));
+
+		le->type = TLS_KEY;
+		le->entry = tk;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 tls_cipher_suite:
 	TLS_CIPHER_SUITE WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct tls_cipher_suite *tcs = xalloc(sizeof(*tcs));
 
+		tcs->cipher_suite_spec = xstrdup(clean($2));
+
+		le->type = TLS_CIPHER_SUITE;
+		le->entry = tcs;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 tls_randfile:
 	TLS_RANDFILE WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct tls_randfile *tr = xalloc(sizeof(*tr));
 
+		tr->filename = xstrdup(clean($2));
+
+		le->type = TLS_RANDFILE;
+		le->entry = tr;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 tls_reqcert:
-	TLS_REQCERT NEVER |
-	TLS_REQCERT ALLOW |
-	TLS_REQCERT TRY |
-	TLS_REQCERT DEMAND |
-	TLS_REQCERT HARD
+	TLS_REQCERT NEVER 	{ add_tls_reqcert(NEVER);	} |
+	TLS_REQCERT ALLOW 	{ add_tls_reqcert(ALLOW);	} |
+	TLS_REQCERT TRY 	{ add_tls_reqcert(TRY);		} |
+	TLS_REQCERT DEMAND	{ add_tls_reqcert(DEMAND);	} |
+	TLS_REQCERT HARD	{ add_tls_reqcert(HARD);	} 
 
 tls_crlcheck:
-	TLS_CRLCHECK NONE |
-	TLS_CRLCHECK PEER |
-	TLS_CRLCHECK ALL
+	TLS_CRLCHECK NONE	{ add_tls_crlcheck(NONE);	} |
+	TLS_CRLCHECK PEER	{ add_tls_crlcheck(PEER);	} |
+	TLS_CRLCHECK ALL	{ add_tls_crlcheck(ALL);	}
 
 tls_crlfile:
 	TLS_CRLFILE WORD
+	{
+		struct ldap_entry *le = xalloc(sizeof(*le));
+		struct tls_crlfile *tc = xalloc(sizeof(*tc));
 
+		tc->filename = xstrdup(clean($2));
+
+		le->type = TLS_CRLFILE;
+		le->entry = tc;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+	}
+
 space:
 	SPACE
 
@@ -314,6 +564,135 @@
 
 unsigned int lineno = 0;
 
+static struct ldap_uri_list *lul = NULL;
+static struct ldap_host_list *lhl = NULL;
+static struct sasl_secprops_list *lsl = NULL;
+
+static void
+add_deref(unsigned long when)
+{
+	struct ldap_entry *le = xalloc(sizeof(*le));
+	struct ldap_deref *ld = xalloc(sizeof(*ld));
+
+	ld->when = when;
+
+	le->type = DEREF;
+	le->entry = ld;
+
+	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_referrals(unsigned long option)
+{
+	struct ldap_entry *le = xalloc(sizeof(*le));
+	struct ldap_referrals *lr = xalloc(sizeof(*lr));
+
+	lr->option = option;
+
+	le->type = REFERRALS;
+	le->entry = lr;
+
+	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_sasl_secprops_property(unsigned long property, unsigned long factor)
+{
+	struct sasl_secprops *ss = xalloc(sizeof(*ss));
+
+	ss->property = property;
+	if (factor > -1)
+		ss->factor = factor;
+
+	if (lsl == NULL) {
+		struct ldap_entry *le = xalloc(sizeof(*le));
+
+		lsl = xalloc(sizeof(*lsl));
+		TAILQ_INIT(lsl);
+
+		le->type = LDAP_ENTRY_SASL_SECPROPS_LIST;
+		le->entry = lsl;
+
+		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+		TAILQ_INSERT_TAIL(lsl, ss, entries);
+
+	} else {
+		TAILQ_INSERT_TAIL(lsl, ss, entries);
+	}
+}
+
+static void
+add_gssapi_sign(unsigned long option)
+{
+	struct ldap_entry *le = xalloc(sizeof(*le));
+	struct gssapi_sign *gs = xalloc(sizeof(*gs));
+
+	gs->option = option;
+
+	le->type = GSSAPI_SIGN;
+	le->entry = gs;
+
+	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+
+static void
+add_gssapi_encrypt(unsigned long option)
+{
+	struct ldap_entry *le = xalloc(sizeof(*le));
+	struct gssapi_encrypt *ge = xalloc(sizeof(*ge));
+
+	ge->option = option;
+
+	le->type = GSSAPI_ENCRYPT;
+	le->entry = ge;
+
+	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+} 
+
+static void
+add_gssapi_allow_remote_principal(unsigned long option)
+{
+	struct ldap_entry *le = xalloc(sizeof(*le));
+	struct gssapi_allow_remote_principal *garp = xalloc(sizeof(*garp));
+
+	garp->option = option;
+
+	le->type = GSSAPI_ALLOW_REMOTE_PRINCIPAL;
+	le->entry = garp;
+
+	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_tls_reqcert(unsigned long level)
+{
+	struct ldap_entry *le = xalloc(sizeof(*le));
+	struct tls_reqcert *tr = xalloc(sizeof(*tr));
+
+	tr->level = level;
+
+	le->type = TLS_REQCERT;
+	le->entry = tr;
+
+	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_tls_crlcheck(unsigned long level)
+{
+	struct ldap_entry *le = xalloc(sizeof(*le));
+	struct tls_crlcheck *tc = xalloc(sizeof(*tc));
+
+	tc->level = level;
+
+	le->type = TLS_CRLCHECK;
+	le->entry = tc;
+
+	TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+	
 void
 yyerror(const char *str)
 {

Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c	2012-07-31 21:38:00 UTC (rev 18025)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c	2012-08-01 05:39:03 UTC (rev 18026)
@@ -133,6 +133,7 @@
 static int
 ldap_op_add(struct ldap_modification *lm)
 {
+#if 0
 	int exists = 0;
 	struct ldap_entry *le;
 
@@ -156,6 +157,7 @@
 
 		TAILQ_INSERT_TAIL(&ldapconf, le, entries);
 	}
+#endif
 
 	return (0);
 }
@@ -163,6 +165,7 @@
 static int
 ldap_op_modify(struct ldap_modification *lm)
 {
+#if 0
 	int exists = 0;
 	struct ldap_entry *le, *letmp;
 
@@ -181,6 +184,7 @@
 
 	if (exists == 0 && lm->create > 0)
 		return (ldap_op_add(lm));
+#endif
 
 	return (0);
 }
@@ -188,6 +192,7 @@
 static int
 ldap_op_remove(struct ldap_modification *lm)
 {
+#if 0
 	struct ldap_entry *le, *letmp;
 
 	if (lm == NULL)
@@ -203,6 +208,7 @@
 			break;
 		}
 	}
+#endif
 
 	return (0);
 }
@@ -237,24 +243,260 @@
 	}
 }
 
+static const char *
+deref2str(unsigned long deref, const char *def)
+{
+	const char *str = def;
+
+	switch (deref) {
+		case NEVER:
+			str = "never";
+			break;
+
+		case SEARCHING:
+			str = "searching";
+			break;
+
+		case FINDING:
+			str = "finding";
+			break;
+
+		case ALWAYS:
+			str = "always";
+			break;
+	}
+
+	return (str);
+}
+
+static const char *
+bool2str(unsigned long b, const char *def)
+{
+	const char *str = def;
+
+	switch (b) {
+		case ON:
+			str = "on";
+			break;
+
+		case TRUE:
+			str = "true";
+			break;
+
+		case YES:
+			str = "yes";
+			break;
+
+		case OFF:
+			str = "off";
+			break;
+
+		case FALSE:
+			str = "false";
+			break;
+
+		case NO:
+			str = "no";
+			break;
+	}
+
+	return (str);
+}
+
+static const char *
+level2str(unsigned long level, const char *def)
+{
+	const char *str = def;
+
+	switch (level) {
+		case NEVER:
+			str = "never";
+			break;
+
+		case ALLOW:
+			str = "allow";
+			break;
+
+		case TRY:
+			str = "try";
+			break;
+
+		case DEMAND:
+			str = "demand";
+			break;
+
+		case HARD:
+			str = "hard";
+			break;
+
+
+		case NONE:
+			str = "none";
+			break;
+
+		case PEER:
+			str = "peer";
+			break;
+
+		case ALL:
+			str = "all";
+			break;
+	}
+
+	return (str);
+}
+
 static int
 write_ldap_conf(void)
 {
 	struct ldap_entry *le;
 
+	rewind(yyout);
 	TAILQ_FOREACH(le, &ldapconf, entries) {
 		switch (le->type) {
 			case LDAP_ENTRY_NULL:
+				break;
+
+			case LDAP_ENTRY_URI_LIST: {
+				struct ldap_uri *lu;
+				struct ldap_uri_list *lul = le->entry;
+
+				fprintf(yyout, "URI");
+				TAILQ_FOREACH(lu, lul, entries) {
+					fprintf(yyout, " %s", lu->uri);
+				}
 				fprintf(yyout, "\n");
 				break;
+			}
 
-			case LDAP_ENTRY_PAIR:
-				fprintf(yyout, "%s\t%s\n", le->lep_name, le->lep_value);
+			case LDAP_ENTRY_HOST_LIST: {
+				struct ldap_host *lh;
+				struct ldap_host_list *lhl = le->entry;
+
+				fprintf(yyout, "HOST");
+				TAILQ_FOREACH(lh, lhl, entries) {
+					fprintf(yyout, " %s", lh->host);
+				}
+				fprintf(yyout, "\n");
 				break;
+			}
 
+			case LDAP_ENTRY_SASL_SECPROPS_LIST:
+				break;
+
 			case LDAP_ENTRY_COMMENT:
-				fprintf(yyout, "%s\n", le->lec_text);
 				break;
+
+			case BASE: {
+				fprintf(yyout, "BASE %s\n",
+					((struct ldap_base *)le->entry)->base);
+				break;
+			}
+			case BINDDN:
+				fprintf(yyout, "BINDDN %s\n",
+					((struct ldap_binddn *)le->entry)->dn);
+				break;
+			case DEREF:
+				fprintf(yyout, "DEREF %s\n",
+					deref2str(((struct ldap_deref *)le->entry)->when, "always"));
+				break;
+
+			case NETWORK_TIMEOUT:
+				fprintf(yyout, "NETWORK_TIMEOUT %d\n",
+					((struct ldap_network_timeout *)le->entry)->timeout);
+				break;
+			case PORT:
+				fprintf(yyout, "PORT %d\n",
+					((struct ldap_port *)le->entry)->port);
+				break;
+			case REFERRALS:
+				fprintf(yyout, "REFERRALS %s\n",
+					bool2str(((struct ldap_referrals *)le->entry)->option, "on"));
+				break;
+
+			case SIZELIMIT:
+				fprintf(yyout, "SIZELIMIT %d\n",
+					((struct ldap_sizelimit *)le->entry)->sizelimit);
+				break;
+			case TIMELIMIT:
+				fprintf(yyout, "TIMELIMIT %d\n",
+					((struct ldap_timelimit *)le->entry)->timelimit);
+				break;
+			case TIMEOUT:
+				fprintf(yyout, "TIMEOUT %d\n",
+					((struct ldap_timeout *)le->entry)->timeout);
+				break;
+
+			case SASL_MECH:
+				fprintf(yyout, "SASL_MECH %s\n",
+					((struct sasl_mech *)le->entry)->mechanism);
+				break;
+			case SASL_REALM:
+				fprintf(yyout, "SASL_REALM %s\n",
+					((struct sasl_realm *)le->entry)->realm);
+				break;
+			case SASL_AUTHCID:
+				fprintf(yyout, "SASL_AUTHCID %s\n",
+					((struct sasl_authcid *)le->entry)->authcid);
+				break;
+			case SASL_AUTHZID:
+				fprintf(yyout, "SASL_AUTHZID %s\n",
+					((struct sasl_authzid *)le->entry)->authzid);
+				break;
+			case SASL_SECPROPS: {
+				/* XXX get back to this later XXX */
+				break;
+			}
+
+			case GSSAPI_SIGN:
+				fprintf(yyout, "GSSAPI_SIGN %s\n",
+					bool2str(((struct gssapi_sign *)le->entry)->option, "off"));
+				break;
+			case GSSAPI_ENCRYPT:
+				fprintf(yyout, "GSSAPI_ENCRYPT %s\n",
+					bool2str(((struct gssapi_encrypt *)le->entry)->option, "off"));
+				break;
+			case GSSAPI_ALLOW_REMOTE_PRINCIPAL:
+				fprintf(yyout, "GSSAPI_ALLOW_REMOTE_PRINCIPAL: %s\n",
+					bool2str(((struct gssapi_allow_remote_principal *)le->entry)->option, "off"));
+				break;
+
+			case TLS_CACERT:
+				fprintf(yyout, "TLS_CACERT %s\n",
+					((struct tls_cacert *)le->entry)->filename);
+				break;
+			case TLS_CACERTDIR:
+				fprintf(yyout, "TLS_CACERTDIR %s\n",
+					((struct tls_cacertdir *)le->entry)->path);
+				break;
+			case TLS_CERT:
+				fprintf(yyout, "TLS_CERT %s\n",
+					((struct tls_cert *)le->entry)->filename);
+				break;
+			case TLS_KEY:
+				fprintf(yyout, "TLS_KEY %s\n",
+					((struct tls_key *)le->entry)->filename);
+				break;
+			case TLS_CIPHER_SUITE:
+				fprintf(yyout, "TLS_CIPHER_SUITE %s\n",
+					((struct tls_cipher_suite *)le->entry)->cipher_suite_spec);
+				break;
+			case TLS_RANDFILE:
+				fprintf(yyout, "TLS_RANDFILE %s\n",
+					((struct tls_randfile *)le->entry)->filename);
+				break;
+			case TLS_REQCERT:
+				fprintf(yyout, "TLS_REQCERT %s\n",
+					level2str(((struct tls_reqcert *)le->entry)->level, "never"));
+				break;
+			case TLS_CRLCHECK:
+				fprintf(yyout, "TLS_CRLCHECK %s\n",
+					level2str(((struct tls_crlcheck *)le->entry)->level, "none"));
+				break;
+			case TLS_CRLFILE:
+				fprintf(yyout, "TLS_CRLFILE %s\n",
+					((struct tls_crlfile *)le->entry)->filename);
+				break;
 		}
 	}
 }
@@ -262,6 +504,7 @@
 static void
 ldap_conf_free(void)
 {
+#if 0
 	struct ldap_entry *le, *letmp;
 
 	TAILQ_FOREACH_SAFE(le, &ldapconf, entries, letmp) {
@@ -283,6 +526,7 @@
 
 		xfree(&le);
 	}
+#endif
 }
 
 static void
@@ -357,7 +601,9 @@
 
 /*
 	do_modifications();
+*/
 	write_ldap_conf();
+/*
 	ldap_conf_free();
 */
 

Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h	2012-07-31 21:38:00 UTC (rev 18025)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h	2012-08-01 05:39:03 UTC (rev 18026)
@@ -18,10 +18,123 @@
 #include <sysexits.h>
 #include <unistd.h>
 
-#define	LDAP_ENTRY_NULL		0x00
-#define	LDAP_ENTRY_PAIR		0x01
-#define	LDAP_ENTRY_COMMENT	0x02
+#define	LDAP_ENTRY_NULL					0x00
+#define	LDAP_ENTRY_URI_LIST				0x02
+#define	LDAP_ENTRY_HOST_LIST			0x04
+#define	LDAP_ENTRY_SASL_SECPROPS_LIST	0x08
+#define	LDAP_ENTRY_COMMENT				0x10
 
+/*
+ *	OPTIONS
+ */
+struct ldap_uri {
+	char *uri;
+	TAILQ_ENTRY(ldap_uri) entries;
+};
+TAILQ_HEAD(ldap_uri_list, ldap_uri);
+struct ldap_base {
+	char *base;
+};
+struct ldap_binddn {
+	char *dn;
+};
+struct ldap_deref {
+	unsigned long when;
+};
+struct ldap_host {
+	char *host;
+	TAILQ_ENTRY(ldap_host) entries;
+};
+TAILQ_HEAD(ldap_host_list, ldap_host);
+struct ldap_network_timeout {
+	unsigned long timeout;
+};
+struct ldap_port {
+	unsigned long port;
+};
+struct ldap_referrals {
+	unsigned long option;
+};
+struct ldap_sizelimit {
+	unsigned long sizelimit;
+};
+struct ldap_timelimit {
+	unsigned long timelimit;
+};
+struct ldap_timeout {
+	unsigned long timeout;
+};
+
+
+/*
+ *	SASL OPTIONS
+ */
+struct sasl_mech {
+	char *mechanism;
+};
+struct sasl_realm {
+	char *realm;
+};
+struct sasl_authcid {
+	char *authcid;
+};
+struct sasl_authzid {
+	char *authzid;
+};
+struct sasl_secprops {
+	unsigned long property;
+	unsigned long factor;
+	TAILQ_ENTRY(sasl_secprops) entries;
+};
+TAILQ_HEAD(sasl_secprops_list, sasl_secprops);
+
+
+/*
+ *	GSSAPI OPTIONS
+ */
+struct gssapi_sign {
+	unsigned long option;
+};
+struct gssapi_encrypt {
+	unsigned long option;
+};
+struct gssapi_allow_remote_principal {
+	unsigned long option;
+};
+
+
+/*
+ *	TLS OPTIONS
+ */
+struct tls_cacert {
+	char *filename;
+};
+struct tls_cacertdir {
+	char *path;
+};
+struct tls_cert {
+	char *filename;
+};
+struct tls_key {
+	char *filename;
+};
+struct tls_cipher_suite {
+	char *cipher_suite_spec;
+};
+struct tls_randfile {
+	char *filename;
+};
+struct tls_reqcert {
+	unsigned long level;
+};
+struct tls_crlcheck {
+	unsigned long level;
+};
+struct tls_crlfile {
+	char *filename;
+};
+
+
 struct ldap_comment {
 	char *text;
 };
@@ -33,19 +146,7 @@
 
 struct ldap_entry {
 	unsigned int type;
-	union {
-		struct ldap_pair le_pair;
-		struct ldap_comment le_comment;
-	} le;
-
-#define	lep	le.le_pair
-#define	lec	le.le_comment
-
-#define	lep_name	lep.name
-#define	lep_value	lep.value
-
-#define	lec_text	lec.text
-
+	void *entry;
 	TAILQ_ENTRY(ldap_entry) entries;
 };
 



More information about the Commits mailing list