[Fedora-directory-commits] adminutil/lib/libadminutil Makefile, 1.7, 1.8 admutil.c, 1.3, 1.4 admutil_pvt.h, 1.1.1.1, 1.2 psetc.c, 1.2, 1.3 uginfo.c, 1.2, 1.3
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Thu May 11 23:30:34 UTC 2006
Author: nhosoi
Update of /cvs/dirsec/adminutil/lib/libadminutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17686/lib/libadminutil
Modified Files:
Makefile admutil.c admutil_pvt.h psetc.c uginfo.c
Log Message:
[161099] admin passwd in clear text in adm.conf
1) sie password is no longer stored in adm.conf. Instead, get it from client
via PIPE.
2) added subordinate functions: admldapGetXXX to retrieve ldap handle,
directory URL, and userDN.
3) updated Makefiles to clean up the old files from the previous make.
4) increased the buffer size to read in the local cache files.
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/Makefile,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- Makefile 22 Feb 2006 21:45:32 -0000 1.7
+++ Makefile 11 May 2006 23:30:31 -0000 1.8
@@ -110,8 +110,8 @@
$(SO_LIB): $(OBJS)
rm -f $@
$(LINK_DLL) $(OBJS) $(DEPLIBS)
- cd $(OBJLIBDIR); ln -s $(SO_NAME)$(SO_EXT) $(SO_NAME)$(SO_COREEXT)
- cd $(OBJLIBDIR); ln -s $(SO_NAME)$(SO_EXT) $(SO_NAME)$(SO_COREEXT).$(ADMSDK_SO_MAJORVERSION)
+ cd $(OBJLIBDIR); rm -f $(SO_NAME)$(SO_COREEXT); ln -s $(SO_NAME)$(SO_EXT) $(SO_NAME)$(SO_COREEXT)
+ cd $(OBJLIBDIR); rm -f $(SO_NAME)$(SO_COREEXT).$(ADMSDK_SO_MAJORVERSION); ln -s $(SO_NAME)$(SO_EXT) $(SO_NAME)$(SO_COREEXT).$(ADMSDK_SO_MAJORVERSION)
endif
endif
Index: admutil.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/admutil.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- admutil.c 22 Mar 2006 23:47:14 -0000 1.3
+++ admutil.c 11 May 2006 23:30:31 -0000 1.4
@@ -854,7 +854,7 @@
void
treeExport(FILE *fstream, char* parentString, TreeNodePtr node)
{
- char *cptr, *sptr, valBuf[2048];
+ char *cptr, *sptr, valBuf[BUFSIZ];
ListNodePtr listPtr;
if (node->left) treeExport(fstream, parentString, node->left);
@@ -884,7 +884,7 @@
{
int status, lineno=1, valLen=0;
char linebuf[MAX_LEN], *name=NULL, *val=NULL;
- char valBuf[2048], *valptr = valBuf;
+ char valBuf[BUFSIZ], *valptr = valBuf;
int valBuf_len = sizeof(valBuf);
TreeNodePtr rootNode = NULL, tmpNode = NULL;
@@ -1178,8 +1178,8 @@
return NULL;
}
- siePasswd = treeFindValueAt(admInfo->configInfo, "siepid", 0);
-
+ /* returned value from ADM_Get... should NOT be freed */
+ ADM_GetCurrentPassword(errorcode, &siePasswd); /* via PIPE */
if (ldapInfo->lud_options & LDAP_URL_OPT_SECURE) {
*errorcode = ADMUTIL_NO_SSL_SUPPORT;
@@ -1191,6 +1191,7 @@
}
/* authenticate to LDAP server*/
+ /* return value from treeFindValueAt should be freed */
sieDN = treeFindValueAt(admInfo->configInfo, "sie", 0);
/*
@@ -1198,7 +1199,6 @@
* attempts as long as there is a new password available to use.
*/
{
-
int configPassword; /* Indicates password is in config file */
int retry; /* Indicates that a previous password failed */
@@ -1216,7 +1216,7 @@
} else {
siePasswd = cbk(retry);
if (siePasswd == NULL) {
- ldapError = LDAP_INVALID_CREDENTIALS;
+ ldapError = LDAP_INVALID_CREDENTIALS;
break;
}
}
@@ -1231,8 +1231,7 @@
}
}
-
- if ((ldapError != LDAP_SUCCESS ) && !(secureLDAP)){
+ if ((ldapError != LDAP_SUCCESS ) && !(secureLDAP)){
#ifdef LDAP_DEBUG
ldap_perror(admInfo->ldapHndl, "ldap_simple_bind_s");
#endif
@@ -1256,23 +1255,24 @@
admInfo->ldapHndl = NULL;
*errorcode = ADMUTIL_LDAP_ERR;
}
- }
-
+ }
- /* setup the referral */
- if (admInfo->ldapHndl)
- {
- admInfo->sieDN=PL_strdup(sieDN);
- ldap_set_rebind_proc(admInfo->ldapHndl, admin_ldap_rebind_proc,
+ /* setup the referral */
+ if (admInfo->ldapHndl)
+ {
+ ldap_set_rebind_proc(admInfo->ldapHndl, admin_ldap_rebind_proc,
(void *)admInfo);
- }
-
- if (siePasswd != NULL) {
- admInfo->passwd=PL_strdup(siePasswd);
- }
+ }
- if (sieDN) PR_Free(sieDN);
- if (siePasswd) PR_Free(siePasswd);
+ if (sieDN != NULL) {
+ admInfo->sieDN=PL_strdup(sieDN);
+ /* return value from treeFindValueAt should be freed */
+ PR_Free(sieDN);
+ }
+ if (siePasswd != NULL) {
+ /* returned value from ADM_Get... should NOT be freed */
+ admInfo->passwd=PL_strdup(siePasswd);
+ }
admInfo->ldapInfo = ldapInfo;
@@ -1307,11 +1307,6 @@
break;
case 1:
/* EOF */
- /*
- *errorcode = ADMUTIL_OP_FAIL;
- return NULL;
- break;
- */
default:
password = strchr(buf, ':');
*password++ = '\0';
@@ -1487,12 +1482,17 @@
char *password = NULL;
if(admInfo->passwd)
return PL_strdup(admInfo->passwd);
- else
- return NULL;
+ else {
+ admInfo->passwd = admGetCachedSIEPWD();
+ if(admInfo->passwd)
+ return PL_strdup(admInfo->passwd);
+ }
+ return NULL;
}
PR_IMPLEMENT(char*)
-admldapGetISIEDN(AdmldapInfo info) {
+admldapGetISIEDN(AdmldapInfo info)
+{
AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info;
char *ldapISIEDN = NULL;
@@ -1503,13 +1503,84 @@
}
PR_IMPLEMENT(void)
-admldapSetLDAPHndl(AdmldapInfo info, LDAP *ld) {
+admldapSetLDAPHndl(AdmldapInfo info, LDAP *ld)
+{
AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info;
if (admInfo->ldapHndl) ldap_unbind(admInfo->ldapHndl);
admInfo->ldapHndl = ld;
}
+LDAP *
+admldapGetLDAPHndl(AdmldapInfo info)
+{
+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info;
+
+ return admInfo->ldapHndl;
+}
+
+PR_IMPLEMENT(char *)
+admldapGetDirectoryURL(AdmldapInfo info)
+{
+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info;
+
+ return PL_strdup(admInfo->serverDirectoryURL);
+}
+
+PR_IMPLEMENT(char *)
+admldapGetUserDN(AdmldapInfo info, char *uid)
+{
+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info;
+ LDAP *ld = NULL;
+ char *userDN = NULL;
+ char *baseDN = NULL;
+ char *uidFilter = NULL;
+ int err;
+ LDAPMessage *result = NULL;
+
+ if (NULL != admInfo->userDN) {
+ userDN = admInfo->userDN;
+ goto done;
+ }
+ if (NULL != uid && NULL != strchr(uid, '=')) {
+ userDN = PL_strdup(uid);
+ goto done;
+ }
+ ld = admldapGetLDAPHndl(info);
+ if (NULL == ld) {
+ goto done;
+ }
+ baseDN = admldapGetBaseDN(info);
+ if (NULL == baseDN) {
+ goto done;
+ }
+ uidFilter = PR_smprintf("(uid=%s)", uid?uid:admInfo->localAdminName);
+ err = ldap_search_s(ld, baseDN, LDAP_SCOPE_SUBTREE, uidFilter,
+ NULL, 0, &result);
+ if (err != LDAP_SUCCESS || ldap_count_entries(ld, result) == 0) {
+ ldap_msgfree(result);
+ goto done;
+ } else {
+ LDAPMessage *entry = ldap_first_entry(ld, result);
+ userDN = ldap_get_dn(ld, entry);
+ ldap_msgfree(result);
+ }
+done:
+ PR_smprintf_free(uidFilter);
+ if (baseDN) PR_Free(baseDN);
+ if (userDN) {
+ admInfo->userDN = userDN;
+ } else {
+ userDN = treeFindValueAt(admInfo->configInfo, "userdn", 0);
+ if (userDN) {
+ admInfo->userDN = PL_strdup(userDN);
+ } else {
+ admInfo->userDN = NULL;
+ }
+ }
+ return admInfo->userDN;
+}
+
PR_IMPLEMENT(char*)
admGetLocalAdmin(char* configRoot, int *errorcode)
{
Index: admutil_pvt.h
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/admutil_pvt.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- admutil_pvt.h 20 Jul 2005 22:51:32 -0000 1.1.1.1
+++ admutil_pvt.h 11 May 2006 23:30:31 -0000 1.2
@@ -20,14 +20,11 @@
#ifndef __ADMUTIL_PVT_H__
#define __ADMUTIL_PVT_H__
-#include <ldap.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <ldap.h>
#include <libadminutil/admutil.h>
-
/*
* utility function for copy/free string array
*/
@@ -169,6 +166,7 @@
char *localAdminName;
char *localAdminPassword;
char *sieDN;
+ char *userDN;
char *passwd;
} AdmldapHdnl, *AdmldapHdnlPtr;
Index: psetc.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/psetc.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- psetc.c 15 Dec 2005 21:07:44 -0000 1.2
+++ psetc.c 11 May 2006 23:30:31 -0000 1.3
@@ -27,6 +27,7 @@
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
+#include <prio.h>
#include "psetc_pvt.h"
#include "libadminutil/admutil.h"
#include "dbtadmutil.h"
@@ -798,17 +799,19 @@
psetFileImportP(PsetPtr pset)
{
FILE *fstream;
- int errorCode = PSET_OP_OK, status, errorcode;
+ int errorCode = PSET_OP_OK, status;
int lineno = 0, nameLen = 0, valLen = 0;
#ifdef XP_UNIX
int fd;
struct flock flock_data;
#endif
char linebuf[1024];
- char *name, *val, namebuf[128], valBuf[2048];
- char *nodeName, *attrName, *valptr = valBuf;
- int valBuf_len = sizeof(valBuf);
+ char *name, *val, namebuf[128], *valBuf;
+ char *nodeName, *attrName, *valptr = NULL;
+ int valBuf_len = 0;
PsetNodePtr lastPsetNode = NULL, target;
+ PRStatus prst = 0;
+ PRFileInfo prinfo;
if (!pset->configFile) return PSET_LOCAL_OPEN_FAIL;
if (!(fstream = fopen(pset->configFile, "r")))
@@ -825,18 +828,32 @@
fstream = NULL;
return PSET_LOCAL_OPEN_FAIL;
}
+ prst = PR_GetFileInfo(pset->configFile, &prinfo);
+ if (PR_SUCCESS != prst) {
+ fclose(fstream);
+ fstream = NULL;
+ return PSET_LOCAL_OPEN_FAIL;
+ }
+ valptr = valBuf = (char *)PR_Malloc(prinfo.size + 1);
+ if (NULL == valBuf) {
+ fclose(fstream);
+ fstream = NULL;
+ return PSET_SYSTEM_ERR;
+ }
+ valBuf_len = prinfo.size;
#endif
namebuf[0] = '\0';
while(1) {
/* read line */
- switch(status = admutil_getline(fstream, MAX_LEN, lineno++, linebuf)) {
+ status = admutil_getline(fstream, sizeof(linebuf), lineno++, linebuf);
+ switch (status) {
case -1:
/* Error on reading, SET ERRORCODE */
- errorcode = PSET_SYSTEM_ERR;
if (pset->info->attrFile) treeRemoveTree(pset->info->attrFile);
pset->info->attrFile = NULL;
- return PSET_SYSTEM_ERR;
+ errorCode = PSET_SYSTEM_ERR;
+ goto bailout;
break;
case 1:
/* EOF, out of here */
@@ -846,7 +863,7 @@
/* Is the last node? -> strcasecmp node name */
target = lastPsetNode;
else /* No, Locate and build node -> psetnodeBuildNodes */
- target = psetNodeBuildNodes(pset->info, nodeName, &errorcode);
+ target = psetNodeBuildNodes(pset->info, nodeName, &errorCode);
/* psetNodeAddNameValue */
if (target) {
@@ -859,14 +876,20 @@
#endif
fclose(fstream);
fstream = NULL;
- if (errorCode) return errorCode;
+ if (errorCode) {
+ goto bailout;
+ }
namebuf[0] = '\0';
valptr = valBuf;
*valptr = '\0';
}
- if (pset->fileRW) return PSET_OP_OK;
- else return PSET_LOCAL_MODE;
+ if (pset->fileRW) {
+ errorCode = PSET_OP_OK;
+ } else {
+ errorCode = PSET_LOCAL_MODE;
+ }
+ goto bailout;
break;
default:
/* seperate node and attribute */
@@ -889,14 +912,16 @@
/* Is the last node? -> strcasecmp node name */
target = lastPsetNode;
else /* No, Locate and build node -> psetnodeBuildNodes */
- target = psetNodeBuildNodes(pset->info, nodeName, &errorcode);
+ target = psetNodeBuildNodes(pset->info, nodeName, &errorCode);
/* psetNodeAddNameValue */
if (target) {
errorCode = psetNodeAddNameValue(target, attrName, valBuf);
lastPsetNode = target;
}
- if (errorCode) return errorCode;
+ if (errorCode) {
+ goto bailout;
+ }
namebuf[0] = '\0';
valptr = valBuf;
*valptr = '\0';
@@ -933,6 +958,9 @@
}
}
}
+bailout:
+ PR_Free(valBuf);
+ return errorCode;
}
/* Export configuration to config file */
@@ -1210,22 +1238,23 @@
/*
PsetHndl
psetCreate(LDAPServerPtr srv, char* sieDN, char* userDN, char* passwd,
- char* configFile, int* errorcode) {
- */
-/* SIE, passwd is in <serverRoot>/<serverID>/config/adm.conf
+ char* configFile, int* errorcode)
+ */
+/* SIE is in <serverRoot>/<serverID>/config/adm.conf
Local cache is <serverRoot>/<serverID>/config/local.conf
LDAP is in <serverRoot>/admin-serv/config/ldap.conf
- */
-
+ */
PR_IMPLEMENT(PsetHndl)
-psetCreate(char* serverID, char* configRoot, char* userDN, char* passwd,
+psetCreate(char* serverID, char* configRoot, char* user, char* passwd,
int* errorcode)
{
PsetHndl pset;
AdmldapInfo ldapInfo= NULL, admLdapInfo=NULL;
char *serverRoot = getenv("NETSITE_ROOT");
- char path[PATH_MAX], *ldapHost=NULL, *sieDN, *bindPasswd = NULL;
+ char path[PATH_MAX], *ldapHost=NULL, *sieDN = NULL;
+ char *userDN = NULL;
+ char *bindPasswd = NULL;
int ldapPort = -1, dummy;
ldapInfo = admldapBuildInfo(configRoot, errorcode);
@@ -1254,13 +1283,21 @@
if (ldapPort < 0) ldapPort = 389;
/* Get SIE and password */
-
sieDN = admldapGetSIEDN(ldapInfo);
- if (!userDN) {
- userDN = sieDN;
+ if (!user) {
+ ADM_GetCurrentUsername(errorcode, &user);
+ }
+ /* if user is just attr val, get dn */
+ userDN = admldapGetUserDN(ldapInfo, user);
+ if (passwd) {
+ bindPasswd = passwd;
+ } else {
bindPasswd = admldapGetSIEPWD(ldapInfo);
+ if (!bindPasswd) {
+ passwd = bindPasswd; /* setting this not to free bindPasswd */
+ ADM_GetCurrentPassword(errorcode, &bindPasswd);
+ }
}
- else bindPasswd = passwd;
if (configRoot)
PR_snprintf(path, sizeof(path), "%s%clocal.conf", configRoot, FILE_PATHSEP);
@@ -1325,34 +1362,35 @@
return pseth;
}
- ld = ldap_init(ldapHost, ldapPort);
-
- /* authenticate to LDAP server*/
- if ((ldapError = ldap_simple_bind_s(ld, userDN, passwd))
- != LDAP_SUCCESS ) {
- switch (ldapError) {
- case LDAP_INAPPROPRIATE_AUTH:
- case LDAP_INVALID_CREDENTIALS:
- case LDAP_INSUFFICIENT_ACCESS:
- /* authenticate failed: Should not continue */
-#ifdef LDAP_DEBUG
- ldap_perror( ld, "ldap_simple_bind_s" );
-#endif
- *errorcode = PSET_AUTH_FAIL;
- return pset;
- case LDAP_NO_SUCH_OBJECT:
- case LDAP_ALIAS_PROBLEM:
- case LDAP_INVALID_DN_SYNTAX:
- /* Not a good DN */
- *errorcode = PSET_ENTRY_NOT_EXIST;
- return pset;
- default:
- ldap_unbind(ld);
- unbindF = 0;
- ld = NULL;
+ if (NULL != passwd) {
+ ld = ldap_init(ldapHost, ldapPort);
+ /* authenticate to LDAP server*/
+ if ((ldapError = ldap_simple_bind_s(ld, userDN, passwd))
+ != LDAP_SUCCESS ) {
+ switch (ldapError) {
+ case LDAP_INAPPROPRIATE_AUTH:
+ case LDAP_INVALID_CREDENTIALS:
+ case LDAP_INSUFFICIENT_ACCESS:
+ /* authenticate failed: Should not continue */
+ #ifdef LDAP_DEBUG
+ ldap_perror( ld, "ldap_simple_bind_s" );
+ #endif
+ *errorcode = PSET_AUTH_FAIL;
+ return pset;
+ case LDAP_NO_SUCH_OBJECT:
+ case LDAP_ALIAS_PROBLEM:
+ case LDAP_INVALID_DN_SYNTAX:
+ /* Not a good DN */
+ *errorcode = PSET_ENTRY_NOT_EXIST;
+ return pset;
+ default:
+ ldap_unbind(ld);
+ unbindF = 0;
+ ld = NULL;
+ }
}
+ else unbindF = 1;
}
- else unbindF = 1;
/* Connect to the LDAP server */
pset = psetFullLDAPImportRef(pseth,
@@ -1362,13 +1400,6 @@
filter,
unbindF,
errorcode, userDN, passwd);
-
- /*
- if (!(*errorcode)) {
- psetSetLDAPReferalInfo(pset, userDN, passwd);
- }
- */
-
return pset;
}
Index: uginfo.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadminutil/uginfo.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- uginfo.c 22 Mar 2006 23:47:14 -0000 1.2
+++ uginfo.c 11 May 2006 23:30:31 -0000 1.3
@@ -24,6 +24,7 @@
#include <ctype.h>
#include <ldap.h>
#include "admutil_pvt.h"
+#include "libadminutil/psetc.h"
#ifdef XP_WIN32
#define strcasecmp stricmp
@@ -41,7 +42,6 @@
AdmldapHdnlPtr hndl = (AdmldapHdnlPtr)info;
if (!hndl) { *error_code = UG_EMPTY_LDAPINFO; return NULL; }
- if (!(hndl->ldapHndl)) { *error_code = UG_NULL_LDAP; return NULL; }
*error_code = UG_OP_OK;
if (targetDN) resultDN = PL_strdup(targetDN);
More information about the Fedora-directory-commits
mailing list