[PC-BSD Commits] r18026 - pcbsd/current/src-sh/pc-adctl/ldap
svn at pcbsd.org
svn at pcbsd.org
Tue Jul 31 22:39:03 PDT 2012
Author: johnh
Date: 2012-08-01 05:39:03 +0000 (Wed, 01 Aug 2012)
New Revision: 18026
Modified:
pcbsd/current/src-sh/pc-adctl/ldap/ldap-lexer.l
pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y
pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c
pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h
Log:
Committing progress, more to come.
Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldap-lexer.l
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldap-lexer.l 2012-07-31 21:38:00 UTC (rev 18025)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldap-lexer.l 2012-08-01 05:39:03 UTC (rev 18026)
@@ -18,81 +18,189 @@
%%
-URI { return (URI); }
-BASE { return (BASE); }
-BINDDN { return (BINDDN); }
-DEREF { return (DEREF); }
+[Uu][Rr][Ii] {
+ return (URI);
+}
+[Bb][Aa][Ss][Ee] {
+ return (BASE);
+}
+[Bb][Ii][Nn][Dd][Dd][Nn] {
+ return (BINDDN);
+}
+[Dd][Ee][Rr][Ee][Ff] {
+ return (DEREF);
+}
-never { return (NEVER); }
-searching { return (SEARCHING); }
-finding { return (FINDING); }
-always { return (ALWAYS); }
+[Nn][Ee][Vv][Ee][Rr] {
+ return (NEVER);
+}
+[Ss][Ee][Aa][Rr][Cc][Hh][Ii][Nn][Gg] {
+ return (SEARCHING);
+}
+[Ff][Ii][Nn][Dd][Ii][Nn][Gg] {
+ return (FINDING);
+}
+[Aa][Ll][Ww][Aa][Yy][Ss] {
+ return (ALWAYS);
+}
-HOST { return (HOST); }
-NETWORK_TIMEOUT { return (NETWORK_TIMEOUT); }
-PORT { return (PORT); }
-REFERRALS { return (REFERRALS); }
+[Hh][Oo][Ss][Tt] {
+ return (HOST);
+}
+[Nn][Ee][Tt][Ww][Oo][Rr][Kk]_[Tt][Ii][Mm][Ee][Oo][Uu][Tt] {
+ return (NETWORK_TIMEOUT);
+}
+[Pp][Oo][Rr][Tt] {
+ return (PORT);
+}
+[Rr][Ee][Ff][Ee][Rr][Rr][Aa][Ll][Ss] {
+ return (REFERRALS);
+}
-on { return (ON); }
-true { return (TRUE); }
-yes { return (YES); }
-off { return (OFF); }
-false { return (FALSE); }
-no { return (NO); }
+[Oo][Nn] {
+ return (ON);
+}
+[Tt][Rr][Uu][Ee] {
+ return (TRUE);
+}
+[Yy][Ee][Ss] {
+ return (YES);
+}
+[Oo][Ff][Ff] {
+ return (OFF);
+}
+[Ff][Aa][Ll][Ss][Ee] {
+ return (FALSE);
+}
+[Nn][Oo] {
+ return (NO);
+}
-SIZELIMIT { return (SIZELIMIT); }
-TIMELIMIT { return (TIMELIMIT); }
-TIMEOUT { return (TIMEOUT); }
+[Ss][Ii][Zz][Ee][Ll][Ii][Mm][Ii][Tt] {
+ return (SIZELIMIT);
+}
+[Tt][Ii][Mm][Ee][Ll][Ii][Mm][Ii][Tt] {
+ return (TIMELIMIT);
+}
+[Tt][Ii][Mm][Ee][Oo][Uu][Tt] {
+ return (TIMEOUT);
+}
-SASL_MECH { return (SASL_MECH); }
-SASL_REALM { return (SASL_REALM); }
-SASL_AUTHCID { return (SASL_AUTHCID); }
-SASL_AUTHZID { return (SASL_AUTHZID); }
-SASL_SECPROPS { return (SASL_SECPROPS); }
+[Ss][Aa][Ss][Ll]_[Mm][Ee][Cc][Hh] {
+ return (SASL_MECH);
+}
+[Ss][Aa][Ss][Ll]_[Rr][Ee][Aa][Ll][Mm] {
+ return (SASL_REALM);
+}
+[Ss][Aa][Ss][Ll]_[Aa][Uu][Tt][Hh][Cc][Ii][Dd] {
+ return (SASL_AUTHCID);
+}
+[Ss][Aa][Ss][Ll]_[Aa][Uu][Tt][Hh][Za][Ii][Dd] {
+ return (SASL_AUTHZID);
+}
+[Ss][Aa][Ss][Ll]_[Ss][Ee][Cc][Pp][Rr][Oo][Pp][Ss] {
+ return (SASL_SECPROPS);
+}
-none { return (NONE); }
-noplain { return (NOPLAIN); }
-noactive { return (NOACTIVE); }
-nodict { return (NODICT); }
-noanonymous { return (NOANONYMOUS); }
-forwardsec { return (FORWARDSEC); }
-passcred { return (PASSCRED); }
-minssf { return (MINSSF); }
-maxssf { return (MAXSSF); }
-maxbufsize { return (MAXBUFSIZE); }
+[Nn][Oo][Nn][Ee] {
+ return (NONE);
+}
+[Nn][Oo][Pp][Ll][Aa][Ii][Nn] {
+ return (NOPLAIN);
+}
+[Nn][Oo][Aa][Cc][Tt][Ii][Vv][Ee] {
+ return (NOACTIVE);
+}
+[Nn][Oo][Dd][Ii][Cc][Tt] {
+ return (NODICT);
+}
+[Nn][Oo][Aa][Nn][Oo][Nn][Yy][Mm][Oo][Uu][Ss] {
+ return (NOANONYMOUS);
+}
+[Ff][Oo][Rr][Ww][Aa][Rr][Dd][Ss][Ee][Cc] {
+ return (FORWARDSEC);
+}
+[Pp][Aa][Ss][Ss][Cc][Rr][Ee][Dd] {
+ return (PASSCRED);
+}
+[Mm][Ii][Nn][Ss][Ss][Ff] {
+ return (MINSSF);
+}
+[Mm][Aa][Xx][Ss][Ss][Ff] {
+ return (MAXSSF);
+}
+[Mm][Aa][Xx][Bb][Uu][Ff][Ss][Ii][Zz][Ee] {
+ return (MAXBUFSIZE);
+}
-GSSAPI_SIGN { return (GSSAPI_SIGN); }
-GSSAPI_ENCRYPT { return (GSSAPI_ENCRYPT); }
-GSSAPI_ALLOW_REMOTE_PRINCIPAL { return (GSSAPI_ALLOW_REMOTE_PRINCIPAL); }
+[Gg][Ss][Ss][Aa][Pp][Ii]_[Ss][Ii][Gg][Nn] {
+ return (GSSAPI_SIGN);
+}
+[Gg][Ss][Ss][Aa][Pp][Ii]_[Ee][Nn][Cc][Rr][Yy][Pp][Tt] {
+ return (GSSAPI_ENCRYPT);
+}
+[Gg][Ss][Ss][Aa][Pp][Ii]_[Aa][Ll][Ll][Oo][Ww]_[Rr][Ee][Mm][Oo][Tt][Ee]_[Pp][Rr][Ii][Nn][Cc][Ii][Pp][Aa][Ll] {
+ return (GSSAPI_ALLOW_REMOTE_PRINCIPAL);
+}
-TLS_CACERT { return (TLS_CACERT); }
-TLS_CACERTDIR { return (TLS_CACERTDIR); }
-TLS_CERT { return (TLS_CERT); }
-TLS_KEY { return (TLS_KEY); }
-TLS_CIPHER_SUITE { return (TLS_CIPHER_SUITE); }
-TLS_RANDFILE { return (TLS_RANDFILE); }
-TLS_REQCERT { return (TLS_REQCERT); }
+[Tt][Ll][Ss]_[Cc][Aa][Cc][Ee][Rr][Tt] {
+ return (TLS_CACERT);
+}
+[Tt][Ll][Ss]_[Cc][Aa][Cc][Ee][Rr][Tt][Dd][Ii][Rr] {
+ return (TLS_CACERTDIR);
+}
+[Tt][Ll][Ss]_[Cc][Ee][Rr][Tt] {
+ return (TLS_CERT);
+}
+[Tt][Ll][Ss]_[Kk][Ee][Yy] {
+ return (TLS_KEY);
+}
+[Tt][Ll][Ss]_[Cc][Ii][Pp][Hh][Ee][Rr]_[Ss][Uu][Ii][Tt][Ee] {
+ return (TLS_CIPHER_SUITE);
+}
+[Tt][Ll][Ss]_[Rr][Aa][Nn][Dd][Ff][Ii][Ll][Ee] {
+ return (TLS_RANDFILE);
+}
+[Tt][Ll][Ss]_[Rr][Ee][Qq][Cc][Ee][Rr][Tt] {
+ return (TLS_REQCERT);
+}
-never { return (NEVER); }
-allow { return (ALLOW); }
-try { return (TRY); }
-demand { return (DEMAND); }
-hard { return (HARD); }
+[Aa][Ll][Ll][Oo][Ww] {
+ return (ALLOW);
+}
+[Tt][Rr][Yy] {
+ return (TRY);
+}
+[Dd][Ee][Mm][Aa][Nn][Dd] {
+ return (DEMAND);
+}
+[Hh][Aa][Rr][Dd] {
+ return (HARD);
+}
-TLS_CRLCHECK { return (TLS_CRLCHECK); }
+[Tt][Ll][Ss]_[Cc][Rr][Ll][Cc][Hh][Ee][Cc][Kk] {
+ return (TLS_CRLCHECK);
+}
-none { return (NONE); }
-peer { return (PEER); }
-all { return (ALL); }
+[Pp][Ee][Ee][Rr] {
+ return (PEER);
+}
+[Aa][Ll][Ll] {
+ return (ALL);
+}
-TLS_CRLFILE { return (TLS_CRLFILE); }
+[Tt][Ll][Ss]_[Cc][Rr][Ll][Ff][Ii][Ll][Ee] {
+ return (TLS_CRLFILE);
+}
-= { return (EQUAL); }
-, { return (COMMA); }
+= { return (EQUAL); }
+, { return (COMMA); }
+\n { return (NEWLINE); }
+[[:space:]\t]+$ {
+ return (EMPTY);
+}
-\n { return (NEWLINE); }
-
([ \t]+)?(;|#)(.+)?$ {
yylval.str = strdup(clean(yytext));
return (COMMENT);
@@ -103,7 +211,7 @@
return (INTEGER);
}
-ldap([si])?:\/\/.+ {
+ldap([si])?:\/\/[^#[:space:]]+ {
yylval.str = strdup(clean(yytext));
return (LDAP_SERVER);
}
Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y 2012-07-31 21:38:00 UTC (rev 18025)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldap-parser.y 2012-08-01 05:39:03 UTC (rev 18026)
@@ -14,6 +14,18 @@
extern struct ldap_entry_list ldapconf;
+static void add_deref(unsigned long);
+static void add_referrals(unsigned long);
+
+static void add_sasl_secprops_property(unsigned long, unsigned long);
+
+static void add_gssapi_sign(unsigned long);
+static void add_gssapi_encrypt(unsigned long);
+static void add_gssapi_allow_remote_principal(unsigned long);
+
+static void add_tls_reqcert(unsigned long);
+static void add_tls_crlcheck(unsigned long);
+
%}
%union {
@@ -161,7 +173,27 @@
ldap_server:
LDAP_SERVER
+ {
+ struct ldap_uri *lu = xalloc(sizeof(*lu));
+ lu->uri = xstrdup(clean($1));
+ if (lul == NULL) {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+
+ lul = xalloc(sizeof(*lul));
+ TAILQ_INIT(lul);
+
+ le->type = LDAP_ENTRY_URI_LIST;
+ le->entry = lul;
+
+ TAILQ_INSERT_TAIL(lul, lu, entries);
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+
+ } else {
+ TAILQ_INSERT_TAIL(lul, lu, entries);
+ }
+ }
+
ldap_servers:
ldap_servers ldap_server |
ldap_server
@@ -171,65 +203,206 @@
base:
BASE WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_base *lb = xalloc(sizeof(*lb));
+ lb->base = xstrdup(clean($2));
+
+ le->type = BASE;
+ le->entry = lb;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
binddn:
BINDDN WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_binddn *lb = xalloc(sizeof(*lb));
+ lb->dn = xstrdup(clean($2));
+
+ le->type = BINDDN;
+ le->entry = lb;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
deref:
- DEREF NEVER |
- DEREF SEARCHING |
- DEREF FINDING |
- DEREF ALWAYS
+ DEREF NEVER { add_deref(NEVER); } |
+ DEREF SEARCHING { add_deref(SEARCHING); } |
+ DEREF FINDING { add_deref(FINDING); } |
+ DEREF ALWAYS { add_deref(ALWAYS); }
host:
HOST WORD
+ {
+ struct ldap_host *lh = xalloc(sizeof(*lh));
+ lh->host = xstrdup(clean($2));
+ if (lhl == NULL) {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+
+ lhl = xalloc(sizeof(*lhl));
+ TAILQ_INIT(lhl);
+
+ le->type = LDAP_ENTRY_HOST_LIST;
+ le->entry = lhl;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ TAILQ_INSERT_TAIL(lhl, lh, entries);
+
+ } else {
+ TAILQ_INSERT_TAIL(lhl, lh, entries);
+ }
+ }
+
network_timeout:
NETWORK_TIMEOUT INTEGER
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_network_timeout *lnt = xalloc(sizeof(*lnt));
+ lnt->timeout = $2;
+
+ le->type = NETWORK_TIMEOUT;
+ le->entry = lnt;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
port:
PORT INTEGER
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_port *lp = xalloc(sizeof(*lp));
+ lp->port = $2;
+
+ le->type = PORT;
+ le->entry = lp;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
referrals:
- REFERRALS ON |
- REFERRALS TRUE |
- REFERRALS YES |
- REFERRALS OFF |
- REFERRALS FALSE |
- REFERRALS NO
+ REFERRALS ON { add_referrals(ON); } |
+ REFERRALS TRUE { add_referrals(TRUE); } |
+ REFERRALS YES { add_referrals(YES); } |
+ REFERRALS OFF { add_referrals(OFF); } |
+ REFERRALS FALSE { add_referrals(FALSE); } |
+ REFERRALS NO { add_referrals(NO); }
sizelimit:
SIZELIMIT INTEGER
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_sizelimit *ls = xalloc(sizeof(*ls));
+ ls->sizelimit = $2;
+
+ le->type = SIZELIMIT;
+ le->entry = ls;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
timelimit:
TIMELIMIT INTEGER
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_timelimit *lt = xalloc(sizeof(*lt));
+ lt->timelimit = $2;
+
+ le->type = TIMELIMIT;
+ le->entry = lt;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
timeout:
TIMEOUT INTEGER
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_timeout *lt = xalloc(sizeof(*lt));
+ lt->timeout = $2;
+
+ le->type = TIMEOUT;
+ le->entry = lt;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
sasl_mech:
SASL_MECH WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct sasl_mech *sm = xalloc(sizeof(*sm));
+ sm->mechanism = xstrdup(clean($2));
+
+ le->type = SASL_MECH;
+ le->entry = sm;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
sasl_realm:
SASL_REALM WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct sasl_realm *sr = xalloc(sizeof(*sr));
+ sr->realm = xstrdup(clean($2));
+
+ le->type = SASL_REALM;
+ le->entry = sr;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
sasl_authcid:
SASL_AUTHCID WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct sasl_authcid *sa = xalloc(sizeof(*sa));
+ sa->authcid = xstrdup(clean($2));
+
+ le->type = SASL_AUTHCID;
+ le->entry = sa;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
sasl_authzid:
SASL_AUTHZID WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct sasl_authzid *sa = xalloc(sizeof(*sa));
+ sa->authzid = xstrdup(clean($2));
+
+ le->type = SASL_AUTHZID;
+ le->entry = sa;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
sasl_secprops_property:
- NONE |
- NOPLAIN |
- NOACTIVE |
- NODICT |
- NOANONYMOUS |
- FORWARDSEC |
- PASSCRED |
- MINSSF EQUAL INTEGER |
- MAXSSF EQUAL INTEGER |
- MAXBUFSIZE EQUAL INTEGER
+ NONE { add_sasl_secprops_property(NONE, -1); } |
+ NOPLAIN { add_sasl_secprops_property(NOPLAIN, -1); } |
+ NOACTIVE { add_sasl_secprops_property(NOACTIVE, -1); } |
+ NODICT { add_sasl_secprops_property(NODICT, -1); } |
+ NOANONYMOUS { add_sasl_secprops_property(NOANONYMOUS, -1); } |
+ FORWARDSEC { add_sasl_secprops_property(FORWARDSEC, -1); } |
+ PASSCRED { add_sasl_secprops_property(PASSCRED, -1); } |
+ MINSSF EQUAL INTEGER { add_sasl_secprops_property(MINSSF, $3); } |
+ MAXSSF EQUAL INTEGER { add_sasl_secprops_property(MAXSSF, $3); } |
+ MAXBUFSIZE EQUAL INTEGER { add_sasl_secprops_property(MAXBUFSIZE, $3); }
sasl_secprops_properties:
@@ -240,62 +413,139 @@
SASL_SECPROPS sasl_secprops_properties
gssapi_sign:
- GSSAPI_SIGN ON |
- GSSAPI_SIGN TRUE |
- GSSAPI_SIGN YES |
- GSSAPI_SIGN OFF |
- GSSAPI_SIGN FALSE |
- GSSAPI_SIGN NO
+ GSSAPI_SIGN ON { add_gssapi_sign(ON); } |
+ GSSAPI_SIGN TRUE { add_gssapi_sign(TRUE); } |
+ GSSAPI_SIGN YES { add_gssapi_sign(YES); } |
+ GSSAPI_SIGN OFF { add_gssapi_sign(OFF); } |
+ GSSAPI_SIGN FALSE { add_gssapi_sign(FALSE); } |
+ GSSAPI_SIGN NO { add_gssapi_sign(NO); }
gssapi_encrypt:
- GSSAPI_ENCRYPT ON |
- GSSAPI_ENCRYPT TRUE |
- GSSAPI_ENCRYPT YES |
- GSSAPI_ENCRYPT OFF |
- GSSAPI_ENCRYPT FALSE |
- GSSAPI_ENCRYPT NO
+ GSSAPI_ENCRYPT ON { add_gssapi_encrypt(ON); } |
+ GSSAPI_ENCRYPT TRUE { add_gssapi_encrypt(TRUE); } |
+ GSSAPI_ENCRYPT YES { add_gssapi_encrypt(YES); } |
+ GSSAPI_ENCRYPT OFF { add_gssapi_encrypt(OFF); } |
+ GSSAPI_ENCRYPT FALSE { add_gssapi_encrypt(FALSE); } |
+ GSSAPI_ENCRYPT NO { add_gssapi_encrypt(NO); }
gssapi_allow_remote_principal:
- GSSAPI_ALLOW_REMOTE_PRINCIPAL ON |
- GSSAPI_ALLOW_REMOTE_PRINCIPAL TRUE |
- GSSAPI_ALLOW_REMOTE_PRINCIPAL YES |
- GSSAPI_ALLOW_REMOTE_PRINCIPAL OFF |
- GSSAPI_ALLOW_REMOTE_PRINCIPAL FALSE |
- GSSAPI_ALLOW_REMOTE_PRINCIPAL NO
+ GSSAPI_ALLOW_REMOTE_PRINCIPAL ON { add_gssapi_allow_remote_principal(ON); } |
+ GSSAPI_ALLOW_REMOTE_PRINCIPAL TRUE { add_gssapi_allow_remote_principal(TRUE); } |
+ GSSAPI_ALLOW_REMOTE_PRINCIPAL YES { add_gssapi_allow_remote_principal(YES); } |
+ GSSAPI_ALLOW_REMOTE_PRINCIPAL OFF { add_gssapi_allow_remote_principal(OFF); } |
+ GSSAPI_ALLOW_REMOTE_PRINCIPAL FALSE { add_gssapi_allow_remote_principal(FALSE); } |
+ GSSAPI_ALLOW_REMOTE_PRINCIPAL NO { add_gssapi_allow_remote_principal(NO); }
tls_cacert:
TLS_CACERT WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_cacert *tc = xalloc(sizeof(*tc));
+ tc->filename = xstrdup(clean($2));
+
+ le->type = TLS_CACERT;
+ le->entry = tc;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
tls_cacertdir:
TLS_CACERTDIR WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_cacertdir *tc = xalloc(sizeof(*tc));
+ tc->path = xstrdup(clean($2));
+
+ le->type = TLS_CACERTDIR;
+ le->entry = tc;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
tls_cert:
TLS_CERT WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_cert *tc = xalloc(sizeof(*tc));
+ tc->filename = xstrdup(clean($2));
+
+ le->type = TLS_CERT;
+ le->entry = tc;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
tls_key:
TLS_KEY WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_key *tk = xalloc(sizeof(*tk));
+ tk->filename = xstrdup(clean($2));
+
+ le->type = TLS_KEY;
+ le->entry = tk;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
tls_cipher_suite:
TLS_CIPHER_SUITE WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_cipher_suite *tcs = xalloc(sizeof(*tcs));
+ tcs->cipher_suite_spec = xstrdup(clean($2));
+
+ le->type = TLS_CIPHER_SUITE;
+ le->entry = tcs;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
tls_randfile:
TLS_RANDFILE WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_randfile *tr = xalloc(sizeof(*tr));
+ tr->filename = xstrdup(clean($2));
+
+ le->type = TLS_RANDFILE;
+ le->entry = tr;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
tls_reqcert:
- TLS_REQCERT NEVER |
- TLS_REQCERT ALLOW |
- TLS_REQCERT TRY |
- TLS_REQCERT DEMAND |
- TLS_REQCERT HARD
+ TLS_REQCERT NEVER { add_tls_reqcert(NEVER); } |
+ TLS_REQCERT ALLOW { add_tls_reqcert(ALLOW); } |
+ TLS_REQCERT TRY { add_tls_reqcert(TRY); } |
+ TLS_REQCERT DEMAND { add_tls_reqcert(DEMAND); } |
+ TLS_REQCERT HARD { add_tls_reqcert(HARD); }
tls_crlcheck:
- TLS_CRLCHECK NONE |
- TLS_CRLCHECK PEER |
- TLS_CRLCHECK ALL
+ TLS_CRLCHECK NONE { add_tls_crlcheck(NONE); } |
+ TLS_CRLCHECK PEER { add_tls_crlcheck(PEER); } |
+ TLS_CRLCHECK ALL { add_tls_crlcheck(ALL); }
tls_crlfile:
TLS_CRLFILE WORD
+ {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_crlfile *tc = xalloc(sizeof(*tc));
+ tc->filename = xstrdup(clean($2));
+
+ le->type = TLS_CRLFILE;
+ le->entry = tc;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ }
+
space:
SPACE
@@ -314,6 +564,135 @@
unsigned int lineno = 0;
+static struct ldap_uri_list *lul = NULL;
+static struct ldap_host_list *lhl = NULL;
+static struct sasl_secprops_list *lsl = NULL;
+
+static void
+add_deref(unsigned long when)
+{
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_deref *ld = xalloc(sizeof(*ld));
+
+ ld->when = when;
+
+ le->type = DEREF;
+ le->entry = ld;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_referrals(unsigned long option)
+{
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct ldap_referrals *lr = xalloc(sizeof(*lr));
+
+ lr->option = option;
+
+ le->type = REFERRALS;
+ le->entry = lr;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_sasl_secprops_property(unsigned long property, unsigned long factor)
+{
+ struct sasl_secprops *ss = xalloc(sizeof(*ss));
+
+ ss->property = property;
+ if (factor > -1)
+ ss->factor = factor;
+
+ if (lsl == NULL) {
+ struct ldap_entry *le = xalloc(sizeof(*le));
+
+ lsl = xalloc(sizeof(*lsl));
+ TAILQ_INIT(lsl);
+
+ le->type = LDAP_ENTRY_SASL_SECPROPS_LIST;
+ le->entry = lsl;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+ TAILQ_INSERT_TAIL(lsl, ss, entries);
+
+ } else {
+ TAILQ_INSERT_TAIL(lsl, ss, entries);
+ }
+}
+
+static void
+add_gssapi_sign(unsigned long option)
+{
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct gssapi_sign *gs = xalloc(sizeof(*gs));
+
+ gs->option = option;
+
+ le->type = GSSAPI_SIGN;
+ le->entry = gs;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+
+static void
+add_gssapi_encrypt(unsigned long option)
+{
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct gssapi_encrypt *ge = xalloc(sizeof(*ge));
+
+ ge->option = option;
+
+ le->type = GSSAPI_ENCRYPT;
+ le->entry = ge;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_gssapi_allow_remote_principal(unsigned long option)
+{
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct gssapi_allow_remote_principal *garp = xalloc(sizeof(*garp));
+
+ garp->option = option;
+
+ le->type = GSSAPI_ALLOW_REMOTE_PRINCIPAL;
+ le->entry = garp;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_tls_reqcert(unsigned long level)
+{
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_reqcert *tr = xalloc(sizeof(*tr));
+
+ tr->level = level;
+
+ le->type = TLS_REQCERT;
+ le->entry = tr;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
+static void
+add_tls_crlcheck(unsigned long level)
+{
+ struct ldap_entry *le = xalloc(sizeof(*le));
+ struct tls_crlcheck *tc = xalloc(sizeof(*tc));
+
+ tc->level = level;
+
+ le->type = TLS_CRLCHECK;
+ le->entry = tc;
+
+ TAILQ_INSERT_TAIL(&ldapconf, le, entries);
+}
+
void
yyerror(const char *str)
{
Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c 2012-07-31 21:38:00 UTC (rev 18025)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.c 2012-08-01 05:39:03 UTC (rev 18026)
@@ -133,6 +133,7 @@
static int
ldap_op_add(struct ldap_modification *lm)
{
+#if 0
int exists = 0;
struct ldap_entry *le;
@@ -156,6 +157,7 @@
TAILQ_INSERT_TAIL(&ldapconf, le, entries);
}
+#endif
return (0);
}
@@ -163,6 +165,7 @@
static int
ldap_op_modify(struct ldap_modification *lm)
{
+#if 0
int exists = 0;
struct ldap_entry *le, *letmp;
@@ -181,6 +184,7 @@
if (exists == 0 && lm->create > 0)
return (ldap_op_add(lm));
+#endif
return (0);
}
@@ -188,6 +192,7 @@
static int
ldap_op_remove(struct ldap_modification *lm)
{
+#if 0
struct ldap_entry *le, *letmp;
if (lm == NULL)
@@ -203,6 +208,7 @@
break;
}
}
+#endif
return (0);
}
@@ -237,24 +243,260 @@
}
}
+static const char *
+deref2str(unsigned long deref, const char *def)
+{
+ const char *str = def;
+
+ switch (deref) {
+ case NEVER:
+ str = "never";
+ break;
+
+ case SEARCHING:
+ str = "searching";
+ break;
+
+ case FINDING:
+ str = "finding";
+ break;
+
+ case ALWAYS:
+ str = "always";
+ break;
+ }
+
+ return (str);
+}
+
+static const char *
+bool2str(unsigned long b, const char *def)
+{
+ const char *str = def;
+
+ switch (b) {
+ case ON:
+ str = "on";
+ break;
+
+ case TRUE:
+ str = "true";
+ break;
+
+ case YES:
+ str = "yes";
+ break;
+
+ case OFF:
+ str = "off";
+ break;
+
+ case FALSE:
+ str = "false";
+ break;
+
+ case NO:
+ str = "no";
+ break;
+ }
+
+ return (str);
+}
+
+static const char *
+level2str(unsigned long level, const char *def)
+{
+ const char *str = def;
+
+ switch (level) {
+ case NEVER:
+ str = "never";
+ break;
+
+ case ALLOW:
+ str = "allow";
+ break;
+
+ case TRY:
+ str = "try";
+ break;
+
+ case DEMAND:
+ str = "demand";
+ break;
+
+ case HARD:
+ str = "hard";
+ break;
+
+
+ case NONE:
+ str = "none";
+ break;
+
+ case PEER:
+ str = "peer";
+ break;
+
+ case ALL:
+ str = "all";
+ break;
+ }
+
+ return (str);
+}
+
static int
write_ldap_conf(void)
{
struct ldap_entry *le;
+ rewind(yyout);
TAILQ_FOREACH(le, &ldapconf, entries) {
switch (le->type) {
case LDAP_ENTRY_NULL:
+ break;
+
+ case LDAP_ENTRY_URI_LIST: {
+ struct ldap_uri *lu;
+ struct ldap_uri_list *lul = le->entry;
+
+ fprintf(yyout, "URI");
+ TAILQ_FOREACH(lu, lul, entries) {
+ fprintf(yyout, " %s", lu->uri);
+ }
fprintf(yyout, "\n");
break;
+ }
- case LDAP_ENTRY_PAIR:
- fprintf(yyout, "%s\t%s\n", le->lep_name, le->lep_value);
+ case LDAP_ENTRY_HOST_LIST: {
+ struct ldap_host *lh;
+ struct ldap_host_list *lhl = le->entry;
+
+ fprintf(yyout, "HOST");
+ TAILQ_FOREACH(lh, lhl, entries) {
+ fprintf(yyout, " %s", lh->host);
+ }
+ fprintf(yyout, "\n");
break;
+ }
+ case LDAP_ENTRY_SASL_SECPROPS_LIST:
+ break;
+
case LDAP_ENTRY_COMMENT:
- fprintf(yyout, "%s\n", le->lec_text);
break;
+
+ case BASE: {
+ fprintf(yyout, "BASE %s\n",
+ ((struct ldap_base *)le->entry)->base);
+ break;
+ }
+ case BINDDN:
+ fprintf(yyout, "BINDDN %s\n",
+ ((struct ldap_binddn *)le->entry)->dn);
+ break;
+ case DEREF:
+ fprintf(yyout, "DEREF %s\n",
+ deref2str(((struct ldap_deref *)le->entry)->when, "always"));
+ break;
+
+ case NETWORK_TIMEOUT:
+ fprintf(yyout, "NETWORK_TIMEOUT %d\n",
+ ((struct ldap_network_timeout *)le->entry)->timeout);
+ break;
+ case PORT:
+ fprintf(yyout, "PORT %d\n",
+ ((struct ldap_port *)le->entry)->port);
+ break;
+ case REFERRALS:
+ fprintf(yyout, "REFERRALS %s\n",
+ bool2str(((struct ldap_referrals *)le->entry)->option, "on"));
+ break;
+
+ case SIZELIMIT:
+ fprintf(yyout, "SIZELIMIT %d\n",
+ ((struct ldap_sizelimit *)le->entry)->sizelimit);
+ break;
+ case TIMELIMIT:
+ fprintf(yyout, "TIMELIMIT %d\n",
+ ((struct ldap_timelimit *)le->entry)->timelimit);
+ break;
+ case TIMEOUT:
+ fprintf(yyout, "TIMEOUT %d\n",
+ ((struct ldap_timeout *)le->entry)->timeout);
+ break;
+
+ case SASL_MECH:
+ fprintf(yyout, "SASL_MECH %s\n",
+ ((struct sasl_mech *)le->entry)->mechanism);
+ break;
+ case SASL_REALM:
+ fprintf(yyout, "SASL_REALM %s\n",
+ ((struct sasl_realm *)le->entry)->realm);
+ break;
+ case SASL_AUTHCID:
+ fprintf(yyout, "SASL_AUTHCID %s\n",
+ ((struct sasl_authcid *)le->entry)->authcid);
+ break;
+ case SASL_AUTHZID:
+ fprintf(yyout, "SASL_AUTHZID %s\n",
+ ((struct sasl_authzid *)le->entry)->authzid);
+ break;
+ case SASL_SECPROPS: {
+ /* XXX get back to this later XXX */
+ break;
+ }
+
+ case GSSAPI_SIGN:
+ fprintf(yyout, "GSSAPI_SIGN %s\n",
+ bool2str(((struct gssapi_sign *)le->entry)->option, "off"));
+ break;
+ case GSSAPI_ENCRYPT:
+ fprintf(yyout, "GSSAPI_ENCRYPT %s\n",
+ bool2str(((struct gssapi_encrypt *)le->entry)->option, "off"));
+ break;
+ case GSSAPI_ALLOW_REMOTE_PRINCIPAL:
+ fprintf(yyout, "GSSAPI_ALLOW_REMOTE_PRINCIPAL: %s\n",
+ bool2str(((struct gssapi_allow_remote_principal *)le->entry)->option, "off"));
+ break;
+
+ case TLS_CACERT:
+ fprintf(yyout, "TLS_CACERT %s\n",
+ ((struct tls_cacert *)le->entry)->filename);
+ break;
+ case TLS_CACERTDIR:
+ fprintf(yyout, "TLS_CACERTDIR %s\n",
+ ((struct tls_cacertdir *)le->entry)->path);
+ break;
+ case TLS_CERT:
+ fprintf(yyout, "TLS_CERT %s\n",
+ ((struct tls_cert *)le->entry)->filename);
+ break;
+ case TLS_KEY:
+ fprintf(yyout, "TLS_KEY %s\n",
+ ((struct tls_key *)le->entry)->filename);
+ break;
+ case TLS_CIPHER_SUITE:
+ fprintf(yyout, "TLS_CIPHER_SUITE %s\n",
+ ((struct tls_cipher_suite *)le->entry)->cipher_suite_spec);
+ break;
+ case TLS_RANDFILE:
+ fprintf(yyout, "TLS_RANDFILE %s\n",
+ ((struct tls_randfile *)le->entry)->filename);
+ break;
+ case TLS_REQCERT:
+ fprintf(yyout, "TLS_REQCERT %s\n",
+ level2str(((struct tls_reqcert *)le->entry)->level, "never"));
+ break;
+ case TLS_CRLCHECK:
+ fprintf(yyout, "TLS_CRLCHECK %s\n",
+ level2str(((struct tls_crlcheck *)le->entry)->level, "none"));
+ break;
+ case TLS_CRLFILE:
+ fprintf(yyout, "TLS_CRLFILE %s\n",
+ ((struct tls_crlfile *)le->entry)->filename);
+ break;
}
}
}
@@ -262,6 +504,7 @@
static void
ldap_conf_free(void)
{
+#if 0
struct ldap_entry *le, *letmp;
TAILQ_FOREACH_SAFE(le, &ldapconf, entries, letmp) {
@@ -283,6 +526,7 @@
xfree(&le);
}
+#endif
}
static void
@@ -357,7 +601,9 @@
/*
do_modifications();
+*/
write_ldap_conf();
+/*
ldap_conf_free();
*/
Modified: pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h
===================================================================
--- pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h 2012-07-31 21:38:00 UTC (rev 18025)
+++ pcbsd/current/src-sh/pc-adctl/ldap/ldapconf.h 2012-08-01 05:39:03 UTC (rev 18026)
@@ -18,10 +18,123 @@
#include <sysexits.h>
#include <unistd.h>
-#define LDAP_ENTRY_NULL 0x00
-#define LDAP_ENTRY_PAIR 0x01
-#define LDAP_ENTRY_COMMENT 0x02
+#define LDAP_ENTRY_NULL 0x00
+#define LDAP_ENTRY_URI_LIST 0x02
+#define LDAP_ENTRY_HOST_LIST 0x04
+#define LDAP_ENTRY_SASL_SECPROPS_LIST 0x08
+#define LDAP_ENTRY_COMMENT 0x10
+/*
+ * OPTIONS
+ */
+struct ldap_uri {
+ char *uri;
+ TAILQ_ENTRY(ldap_uri) entries;
+};
+TAILQ_HEAD(ldap_uri_list, ldap_uri);
+struct ldap_base {
+ char *base;
+};
+struct ldap_binddn {
+ char *dn;
+};
+struct ldap_deref {
+ unsigned long when;
+};
+struct ldap_host {
+ char *host;
+ TAILQ_ENTRY(ldap_host) entries;
+};
+TAILQ_HEAD(ldap_host_list, ldap_host);
+struct ldap_network_timeout {
+ unsigned long timeout;
+};
+struct ldap_port {
+ unsigned long port;
+};
+struct ldap_referrals {
+ unsigned long option;
+};
+struct ldap_sizelimit {
+ unsigned long sizelimit;
+};
+struct ldap_timelimit {
+ unsigned long timelimit;
+};
+struct ldap_timeout {
+ unsigned long timeout;
+};
+
+
+/*
+ * SASL OPTIONS
+ */
+struct sasl_mech {
+ char *mechanism;
+};
+struct sasl_realm {
+ char *realm;
+};
+struct sasl_authcid {
+ char *authcid;
+};
+struct sasl_authzid {
+ char *authzid;
+};
+struct sasl_secprops {
+ unsigned long property;
+ unsigned long factor;
+ TAILQ_ENTRY(sasl_secprops) entries;
+};
+TAILQ_HEAD(sasl_secprops_list, sasl_secprops);
+
+
+/*
+ * GSSAPI OPTIONS
+ */
+struct gssapi_sign {
+ unsigned long option;
+};
+struct gssapi_encrypt {
+ unsigned long option;
+};
+struct gssapi_allow_remote_principal {
+ unsigned long option;
+};
+
+
+/*
+ * TLS OPTIONS
+ */
+struct tls_cacert {
+ char *filename;
+};
+struct tls_cacertdir {
+ char *path;
+};
+struct tls_cert {
+ char *filename;
+};
+struct tls_key {
+ char *filename;
+};
+struct tls_cipher_suite {
+ char *cipher_suite_spec;
+};
+struct tls_randfile {
+ char *filename;
+};
+struct tls_reqcert {
+ unsigned long level;
+};
+struct tls_crlcheck {
+ unsigned long level;
+};
+struct tls_crlfile {
+ char *filename;
+};
+
+
struct ldap_comment {
char *text;
};
@@ -33,19 +146,7 @@
struct ldap_entry {
unsigned int type;
- union {
- struct ldap_pair le_pair;
- struct ldap_comment le_comment;
- } le;
-
-#define lep le.le_pair
-#define lec le.le_comment
-
-#define lep_name lep.name
-#define lep_value lep.value
-
-#define lec_text lec.text
-
+ void *entry;
TAILQ_ENTRY(ldap_entry) entries;
};
More information about the Commits
mailing list