Main Page | Modules | Data Structures | File List | Data Fields | Globals | Related Pages

lcmaps_ldap.c

Go to the documentation of this file.
00001 /*                                                                                                            
00002  * Copyright (c) Members of the EGEE Collaboration. 2004.
00003  * See http://eu-egee.org/partners/ for details on the copyright holders.
00004  * For license conditions see the license file or
00005  * http://eu-egee.org/license.html
00006  */
00007 
00008 /* For license conditions see http://www.eu-datagrid.org/license.html
00009  *
00010  * Copyright (c) 2001, 2002 by
00011  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00012  *     David Groep <davidg@nikhef.nl>,
00013  *     Wim Som de Cerff <sdecerff@knmi.nl>
00014  *     NIKHEF Amsterdam, the Netherlands
00015  */
00016 
00092 /*****************************************************************************
00093                             Include header files
00094 ******************************************************************************/
00095 #include <stdio.h>
00096 #include <stdlib.h>
00097 #include <string.h>
00098 #include <pwd.h>
00099 #include <grp.h>
00100 #include <ctype.h>
00101 #include <errno.h>
00102 #include <sys/stat.h>
00103 #include <sys/types.h>
00104 #include <unistd.h>
00105 
00106 #include "lcmaps_config.h"
00107 #include "lcmaps_modules.h"
00108 #include "lcmaps_arguments.h"
00109 #include "lcmaps_cred_data.h"
00110 
00111 #include "ldap.h"
00112 /******************************************************************************
00113                                 Definitions
00114 ******************************************************************************/
00115 
00116 #define MAX_UNDEFINED -1
00117 
00118 #ifndef NGROUPS
00119     #ifdef NGROUPS_MAX
00120         #define NGROUPS NGROUPS_MAX
00121     #else
00122         #define NGROUPS 32
00123     #endif
00124 #endif
00125 
00126 /*
00127  * MAX_NGROUPS has also been used. I couldn't see in the source if it was
00128  * a self made define in the code or that it was OS specific.
00129  */
00130 
00131 #define MAXGROUPNUM ((int)(999999999))
00132 
00133 
00134 #ifndef MAX_LOG_BUFFER_SIZE
00135     #define MAX_LOG_BUFFER_SIZE 2048 
00137 #endif
00138 
00139 #define WHITESPACE_CHARS " \t\n"
00140 
00141 /******************************************************************************
00142                           Module specific prototypes
00143 ******************************************************************************/
00144 
00145 static int log_cred(
00146         char * type,
00147         char * add_log
00148 );
00149 static int lcmaps_get_ldap_pw(
00150         const char * path,
00151         char ** ldap_passwd
00152 );
00153 static int lcmaps_set_pgid(
00154         const char * username,
00155         const char * pgroupname,
00156         gid_t        pgroupnumber,
00157         LDAP       * ld_handle,
00158         const char * searchBase
00159 );
00160 static int lcmaps_add_username_to_ldapgroup(
00161         const char * username,
00162         const char * groupname,
00163         gid_t        groupnumber,
00164         LDAP       * ld_handle,
00165         const char * searchBase
00166 );
00167 
00168 /******************************************************************************
00169                        Define module specific variables
00170 ******************************************************************************/
00171 
00172 static int            maxuid  = MAX_UNDEFINED;
00173 static int            maxpgid = MAX_UNDEFINED;
00174 static int            maxsgid = MAX_UNDEFINED;
00175 static int            require_all_groups = 1;
00176 static char *         hostname = NULL;
00177 static int            port = -1;
00178 static char *         dn_manager = NULL;
00179 static char *         ldap_pw = NULL;
00180 static char *         sb_groups = NULL;
00181 static char *         sb_user = NULL;
00182 static char *         ldap_dn = NULL;
00183 static char *         ldap_cred_log      = NULL;
00184 static char *         ldap_cred_log_uid  = NULL;
00185 static char *         ldap_cred_log_pgid = NULL;
00186 static char *         ldap_cred_log_sgid = NULL;
00187 static struct timeval timeout =
00188 {
00189     (time_t) 0,
00190     (suseconds_t) 0
00191 };
00192 
00193 
00194 
00195 /******************************************************************************
00196 Function:   log_cred
00197 Description:
00198     Makes a log of the Enforceable credential data
00199 Parameters:
00200     *secGid    : list of secondary gid_t
00201     cntSecGid  : amount of secondary gids (0 to (NGROUPS || 32))
00202 
00203 Returns:
00204     0: success
00205     1: failure
00206 ******************************************************************************/
00207 static int log_cred (char * type, char * add_log)
00208 {
00209     char * logstr = "\tlcmaps_plugin_ldap-log_cred()";
00210     char * tmp = NULL;
00211 
00212     if (strcmp(type, "UID") == 0)
00213     {
00214         if (ldap_cred_log_uid == NULL)
00215         {
00216             ldap_cred_log_uid  = (char *) malloc(MAX_LOG_BUFFER_SIZE * sizeof(char));
00217 
00218             strcpy(ldap_cred_log_uid, "uid=");
00219             strcat (ldap_cred_log_uid, add_log);
00220         }
00221         else
00222         {
00223             tmp = (char *) malloc(3 * sizeof(char));
00224             strcpy (tmp, ",");
00225             strcat (ldap_cred_log_uid, tmp);
00226             strcat (ldap_cred_log_uid, add_log);
00227         }
00228 
00229         lcmaps_log_debug(4,"%s: ldap_cred_log_uid: %s\n", logstr, ldap_cred_log_uid);
00230 
00231     }
00232     else if (strcmp(type, "PGID") == 0)
00233     {
00234         if (ldap_cred_log_pgid == NULL)
00235         {
00236             ldap_cred_log_pgid  = (char *) malloc(MAX_LOG_BUFFER_SIZE * sizeof(char));
00237 
00238             strcpy(ldap_cred_log_pgid, "pgid=");
00239             strcat (ldap_cred_log_pgid, add_log);
00240         }
00241         else
00242         {
00243             tmp = (char *) malloc(3 * sizeof(char));
00244             strcpy (tmp, ",");
00245             strcat (ldap_cred_log_pgid, tmp);
00246             strcat (ldap_cred_log_pgid, add_log);
00247         }
00248 
00249         lcmaps_log_debug(4,"%s: ldap_cred_log_pgid: %s\n", logstr, ldap_cred_log_pgid);
00250     }
00251     else if (strcmp(type, "SGID") == 0)
00252     {
00253         if (ldap_cred_log_sgid == NULL)
00254         {
00255             ldap_cred_log_sgid  = (char *) malloc(MAX_LOG_BUFFER_SIZE * sizeof(char));
00256 
00257             strcpy(ldap_cred_log_sgid, "sgid=");
00258             strcat (ldap_cred_log_sgid, add_log);
00259         }
00260         else
00261         {
00262             tmp = (char *) malloc(3 * sizeof(char));
00263             strcpy (tmp, ",");
00264             strcat (ldap_cred_log_sgid, tmp);
00265             strcat (ldap_cred_log_sgid, add_log);
00266         }
00267 
00268         lcmaps_log_debug(4,"%s: ldap_cred_log_sgid: %s\n", logstr, ldap_cred_log_sgid);
00269     }
00270     else if (strcmp(type, "LOG") == 0)
00271     {
00272         tmp = strdup (":");
00273 
00274 
00275         if (ldap_cred_log == NULL)
00276             ldap_cred_log = (char *) malloc (MAX_LOG_BUFFER_SIZE * sizeof(char));
00277 
00278         if (ldap_cred_log_uid != NULL)
00279             strcpy(ldap_cred_log, ldap_cred_log_uid);
00280 
00281         if (ldap_cred_log_pgid != NULL)
00282         {
00283             strcat(ldap_cred_log, tmp);
00284             strcat(ldap_cred_log, ldap_cred_log_pgid);
00285         }
00286 
00287         if (ldap_cred_log_sgid != NULL)
00288         {
00289             strcat(ldap_cred_log, tmp);
00290             strcat(ldap_cred_log, ldap_cred_log_sgid);
00291         }
00292 
00293         lcmaps_log_time(0, "%s: %s\n", logstr, ldap_cred_log);
00294     }
00295     return 0;
00296 }
00297 
00298 
00299 
00300 /******************************************************************************
00301 Function:   plugin_initialize
00302 Description:
00303     Initialize plugin
00304 Parameters:
00305     argc, argv
00306     argv[0]: the name of the plugin
00307 Returns:
00308     LCMAPS_MOD_SUCCESS : succes
00309     LCMAPS_MOD_FAIL    : failure
00310     LCMAPS_MOD_NOFILE  : db file not found (will halt LCMAPS initialization)
00311 ******************************************************************************/
00312 int plugin_initialize(
00313         int argc,
00314         char ** argv
00315 )
00316 {
00317     char *  logstr = "\tlcmaps_plugin_ldap_enf-plugin_initialize()";
00318     int i, j;
00319 
00320     lcmaps_log_debug(1,"%s: passed arguments:\n", logstr);
00321     for (i=0; i < argc; i++)
00322     {
00323        lcmaps_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
00324     }
00325 
00326     /*
00327      * Parse arguments, argv[0] = name of plugin, so start with i = 1
00328      */
00329     for (i = 1; i < argc; i++)
00330     {
00331         // setting maxuid parameter from init plugin arguments
00332         if ( (((strcmp(argv[i], "-maxuid") == 0) ||
00333              (strcmp(argv[i], "-MAXUID") == 0)) &&
00334              (maxuid == MAX_UNDEFINED))
00335              && (i + 1 < argc) )
00336         {
00337             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00338             {
00339                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-maxuid\" is a number\n", logstr);
00340                  for (j = 0; j < strlen(argv[i + 1]); j++)
00341                  {
00342                      if (!isdigit((argv[i + 1])[j]))
00343                      {
00344                          lcmaps_log(0,"%s: Error, maybe found some digits, but there is at least one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00345                          maxuid = -1;
00346                          goto fail_ldap;
00347                      }
00348                  }
00349                  maxuid = atoi(argv[i + 1]);
00350             }
00351             else
00352             {
00353                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00354                 goto fail_ldap;
00355             }
00356             i++;
00357         }
00358 
00359         // setting maxpgid parameter from init plugin arguments
00360         else if ( (((strcmp(argv[i], "-maxpgid") == 0) ||
00361              (strcmp(argv[i], "-MAXPGID") == 0)) &&
00362              (maxpgid == MAX_UNDEFINED))
00363              && (i + 1 < argc) )
00364         {
00365             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00366             {
00367                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-maxpgid\" is a number\n", logstr);
00368                  for (j = 0; j < strlen(argv[i + 1]); j++)
00369                  {
00370                      if (!isdigit((argv[i + 1])[j]))
00371                      {
00372                          lcmaps_log(0,"%s: Error, maybe found some digits, but there is at least one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00373                          maxpgid = -1;
00374                          goto fail_ldap;
00375                      }
00376                  }
00377                  maxpgid = atoi(argv[i + 1]);
00378             }
00379             else
00380             {
00381                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00382                 goto fail_ldap;
00383             }
00384             i++;
00385         }
00386 
00387         // setting maxsgid parameter from init plugin arguments
00388         else if  ( (((strcmp(argv[i], "-maxsgid") == 0) ||
00389              (strcmp(argv[i], "-MAXSGID") == 0)) &&
00390              (maxsgid == MAX_UNDEFINED))
00391              && (i + 1 < argc) )
00392         {
00393             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00394             {
00395                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-maxsgid\" is a number\n", logstr);
00396                  for (j = 0; j < strlen(argv[i + 1]); j++)
00397                  {
00398                      if (!isdigit((argv[i + 1])[j]))
00399                      {
00400                          lcmaps_log(0,"%s: Error, maybe found some digits, but there is atleast one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00401                          maxsgid = -1;
00402                          goto fail_ldap;
00403                      }
00404                  }
00405                  maxsgid = atoi(argv[i + 1]);
00406             }
00407             else
00408             {
00409                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00410                 goto fail_ldap;
00411             }
00412             i++;
00413         }
00414         /* settings for LDAP: */
00415         else if  ( ((strcmp(argv[i], "-port") == 0) ||
00416              (strcmp(argv[i], "-PORT") == 0))
00417              && (i + 1 < argc) )
00418         {
00419             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00420             {
00421                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-port\" is a number\n", logstr);
00422                  for (j = 0; j < strlen(argv[i + 1]); j++)
00423                  {
00424                      if (!isdigit((argv[i + 1])[j]))
00425                      {
00426                          lcmaps_log(0,"%s: Error maybe found some digits, but there is atleast one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00427                          port = -1;
00428                          goto fail_ldap;
00429                      }
00430                  }
00431                  port = atoi(argv[i + 1]);
00432             }
00433             else
00434             {
00435                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00436                 goto fail_ldap;
00437             }
00438             i++;
00439         }
00440         else if  ( ((strcmp(argv[i], "-hostname") == 0) ||
00441              (strcmp(argv[i], "-HOSTNAME") == 0))
00442              && (i + 1 < argc) )
00443         {
00444             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00445             {
00446                  hostname = strdup(argv[i+1]);
00447             }
00448             else
00449             {
00450                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00451                 goto fail_ldap;
00452             }
00453             i++;
00454         }
00455         else if  ( (strcmp(argv[i], "-require_all_groups") == 0)
00456              && (i + 1 < argc) )
00457         {
00458             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00459             {
00460                  if (strcmp(argv[i+1],"yes") == 0)
00461                  {
00462                      require_all_groups = 1;
00463                  }
00464                  else if (strcmp(argv[i+1],"no") == 0)
00465                  {
00466                      require_all_groups = 0;
00467                  }
00468                  else
00469                  {
00470                      lcmaps_log(0,"%s: use \"yes\" or \"no\" for option %s\n", logstr, argv[i]);
00471                      goto fail_ldap;
00472                  }
00473             }
00474             else
00475             {
00476                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00477                 goto fail_ldap;
00478             }
00479             i++;
00480         }
00481         else if  ( (strcmp(argv[i], "-dn_manager") == 0)
00482              && (i + 1 < argc) )
00483         {
00484             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00485             {
00486                  dn_manager = strdup(argv[i+1]);
00487             }
00488             else
00489             {
00490                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00491                 goto fail_ldap;
00492             }
00493             i++;
00494         }
00495         else if  ( (strcmp(argv[i], "-ldap_pw") == 0)
00496              && (i + 1 < argc) )
00497         {
00498             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00499             {
00500                  lcmaps_get_ldap_pw(argv[i+1], &ldap_pw);
00501             }
00502             else
00503             {
00504                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00505                 goto fail_ldap;
00506             }
00507             i++;
00508         }
00509         else if  ( (strcmp(argv[i], "-sb_groups") == 0)
00510              && (i + 1 < argc) )
00511         {
00512             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00513             {
00514                  sb_groups = strdup(argv[i+1]);
00515             }
00516             else
00517             {
00518                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00519                 goto fail_ldap;
00520             }
00521             i++;
00522         }
00523         else if  ( (strcmp(argv[i], "-sb_user") == 0)
00524              && (i + 1 < argc) )
00525         {
00526             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00527             {
00528                sb_user = strdup(argv[i+1]);
00529             }
00530             else
00531             {
00532                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00533                 goto fail_ldap;
00534             }
00535             i++;
00536         }
00537         // setting timeout value parameter (in seconds) from init plugin arguments
00538         else if ( (strcmp(argv[i], "-timeout") == 0)
00539              && (i + 1 < argc) )
00540         {
00541             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00542             {
00543                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-timeout\" is a number\n", logstr);
00544                  for (j = 0; j < strlen(argv[i + 1]); j++)
00545                  {
00546                      if (!isdigit((argv[i + 1])[j]))
00547                      {
00548                          lcmaps_log(0,"%s: Error, maybe found some digits, but there is at least one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00549                          maxpgid = -1;
00550                          goto fail_ldap;
00551                      }
00552                  }
00553                  timeout.tv_sec = (time_t) atoi(argv[i + 1]);
00554                  timeout.tv_usec = (suseconds_t) 0;
00555             }
00556             else
00557             {
00558                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00559                 goto fail_ldap;
00560             }
00561             i++;
00562         }
00563         else
00564         {
00565             lcmaps_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr, argv[i]);
00566             goto fail_ldap;
00567         }
00568     }
00569 
00570     if (maxsgid > NGROUPS)
00571     {
00572         lcmaps_log(0,"%s: Error, the prefered set maximum of %d Secondary Gid's exceeds the system maximum of NGROUPS witch is set to %d on this system\n", logstr,  maxsgid, NGROUPS);
00573         goto fail_ldap;
00574     }
00575     else if (maxsgid == MAX_UNDEFINED)
00576     {
00577         lcmaps_log(0,"%s: Auto set maximum Secondary Gid's to system maximum of NGROUPS witch is set to %d on this system\n", logstr, NGROUPS);
00578     }
00579     if (hostname == NULL)
00580     {
00581         lcmaps_log(0, "%s: Invalid hostname, use option \"-hostname <hostname>\"\n", logstr);
00582         goto fail_ldap;
00583     }
00584     if (port == -1)
00585     {
00586         lcmaps_log(0, "%s: Port not set, use option \"-port <port>\"\n", logstr);
00587         goto fail_ldap;
00588     }
00589     if (dn_manager == NULL)
00590     {
00591         lcmaps_log(0, "%s: Invalid dn ldap manager, use option \"-dn_manager <dn manager>\"\n", logstr);
00592         goto fail_ldap;
00593     }
00594     if (ldap_pw == NULL)
00595     {
00596         lcmaps_log(0, "%s: No ldap password found in password file, file might be in wrong mode , use option \"-ldap_pw <path/filename>\"\n", logstr);
00597         goto fail_ldap;
00598     }
00599     if (sb_groups == NULL)
00600     {
00601         lcmaps_log(0, "%s: Invalid search base for groups, use option \"-sb_groups <search base>\"\n", logstr);
00602         goto fail_ldap;
00603     }
00604     if (sb_user == NULL)
00605     {
00606         lcmaps_log(0, "%s: Invalid seach base for user, use option \"-sb_user <search base>\"\n", logstr);
00607         goto fail_ldap;
00608     }
00609 
00610     lcmaps_log_debug(2,"%s: Summary init maxuid       : %d\n", logstr, maxuid);
00611     lcmaps_log_debug(2,"%s: Summary init maxpgid      : %d\n", logstr, maxpgid);
00612     lcmaps_log_debug(2,"%s: Summary init maxsgid      : %d\n", logstr, maxsgid);
00613     lcmaps_log_debug(2,"%s: Summary init hostname     : %s\n", logstr, hostname);
00614     lcmaps_log_debug(2,"%s: Summary init port         : %d\n", logstr, port);
00615     lcmaps_log_debug(2,"%s: Summary require_all_groups: %d\n", logstr, require_all_groups);
00616     lcmaps_log_debug(2,"%s: Summary init dn_manager   : %s\n", logstr, dn_manager);
00617     lcmaps_log_debug(2,"%s: Summary init ldap_pw      : %s\n", logstr, ldap_pw);
00618     lcmaps_log_debug(2,"%s: Summary init sb_groups    : %s\n", logstr, sb_groups);
00619     lcmaps_log_debug(2,"%s: Summary init sb_user      : %s\n", logstr, sb_user);
00620     lcmaps_log_debug(2,"%s: Summary init timeout      : %d seconds and %d microseconds\n", logstr,
00621     (int) timeout.tv_sec, (int) timeout.tv_usec);
00622 
00623     return LCMAPS_MOD_SUCCESS;
00624 
00625  fail_ldap:
00626     return LCMAPS_MOD_FAIL;
00627 }
00628 
00629 /******************************************************************************
00630 Function:   plugin_introspect
00631 Description:
00632     return list of required arguments
00633 Parameters:
00634 
00635 Returns:
00636     LCMAPS_MOD_SUCCESS : succes
00637     LCMAPS_MOD_FAIL    : failure
00638 ******************************************************************************/
00639 int plugin_introspect(
00640         int * argc,
00641         lcmaps_argument_t ** argv
00642 )
00643 {
00644     char *                   logstr    = "\tlcmaps_plugin_ldap_enf-plugin_introspect()";
00645     static lcmaps_argument_t argList[] = {
00646         {NULL           ,       NULL            , -1,   NULL}
00647     };
00648 
00649     lcmaps_log_debug(1,"%s: introspecting\n", logstr);
00650 
00651     *argv = argList;
00652     *argc = lcmaps_cntArgs(argList);
00653     lcmaps_log_debug(1,"%s: address first argument: 0x%x\n", logstr, argList);
00654 
00655     return LCMAPS_MOD_SUCCESS;
00656 }
00657 
00658 
00659 /******************************************************************************
00660 Function:   plugin_run
00661 Description:
00662     Gather credentials for LCMAPS
00663 Parameters:
00664     argc: number of arguments
00665     argv: list of arguments
00666 Returns:
00667     LCMAPS_MOD_SUCCESS: authorization succeeded
00668     LCMAPS_MOD_FAIL   : authorization failed
00669 ******************************************************************************/
00670 int plugin_run(
00671         int argc,
00672         lcmaps_argument_t * argv
00673 )
00674 {
00675     char *           logstr = "\tlcmaps_plugin_ldap_enf-plugin_run()";
00676     struct passwd  * user_info   = NULL;
00677     int              i;
00678     gid_t          * list        = NULL;
00679 
00680     uid_t          * uid;
00681     int              cntUid;
00682     gid_t          * priGid;
00683     int              cntPriGid;
00684     gid_t          * secGid;
00685     int              cntSecGid;
00686     struct passwd  * root_info   = NULL;
00687     LDAP           * ld_handle   = NULL;
00688     int              rc;
00689     int              ldap_mess_id;
00690     LDAPMessage    * ldap_bind_msg = NULL;
00691     struct group   * grgid       = NULL;
00692 
00693     char           * tmplog      = NULL;
00694 
00695 
00696     /*
00697      * The beginning
00698      */
00699     lcmaps_log_debug(1,"%s\n", logstr);
00700 
00701     uid    = getCredentialData(UID,     &cntUid);
00702     priGid = getCredentialData(PRI_GID, &cntPriGid);
00703     secGid = getCredentialData(SEC_GID, &cntSecGid);
00704     lcmaps_log_debug(2, "%s: number of uids: %d, priGids: %d, secGids: %d\n", logstr, cntUid, cntPriGid, cntSecGid);
00705 
00706 
00707     // Check amount of uid's, pri-gid's and sec-gid's with the set maximum
00708     lcmaps_log_debug(2, "%s: maxuid = %d, MAX_UNDEFINED = %d\n", logstr, maxuid, MAX_UNDEFINED);
00709     if (maxuid != MAX_UNDEFINED)
00710     {
00711         lcmaps_log_debug(2, "%s: max number of uids: %d\n", logstr, maxuid);
00712         if (cntUid > maxuid)
00713         {
00714             lcmaps_log(0, "%s: Error, the set amount of uid's gathered exceeds the maximum of %d uid('s) by %d\n", logstr, maxuid, (cntUid - maxuid));
00715             goto fail_ldap;
00716         }
00717     }
00718     if (maxpgid != MAX_UNDEFINED)
00719     {
00720         lcmaps_log_debug(2, "%s: max number of primary gid('s): %d\n", logstr, maxpgid);
00721         if (cntPriGid > maxpgid)
00722         {
00723             lcmaps_log(0, "%s: Error, The set amount of primary gid's gathered exceeds the maximum of %d primary gid('s) by %d\n", logstr, maxpgid, (cntPriGid - maxpgid));
00724             goto fail_ldap;
00725         }
00726     }
00727     if (maxsgid != MAX_UNDEFINED)
00728     {
00729         lcmaps_log_debug(2, "%s: max number of secondary gid's: %d\n", logstr, maxsgid);
00730         if (cntSecGid > maxsgid)
00731         {
00732             lcmaps_log(0, "%s: Error, The set amount of secondary gid's gathered exceeds the maximum of %d secondary gid's by %d\n", logstr, maxsgid, (cntSecGid - maxsgid));
00733             goto fail_ldap;
00734         }
00735     }
00736 
00737 
00738     // You must be ROOT
00739     if (getuid() != 0)
00740     {
00741         lcmaps_log(0, "%s: You are not ROOT!  -> %d\n", logstr, getuid());
00742         goto fail_ldap;
00743     }
00744 
00745     // Only done to get name of root (normally "root")
00746     if ((root_info=getpwuid(0)) == NULL)
00747     {
00748         lcmaps_log(0, "%s: cannot get passwd info for root\n", logstr);
00749         if (errno==ENOMEM)
00750             lcmaps_log(0, "%s: %s\n", logstr, strerror(errno));
00751         goto fail_ldap;
00752     }
00753 
00754     /* Get a handle to an LDAP connection. */
00755     if ( (ld_handle = ldap_init( hostname, port)) == NULL )
00756     {
00757       lcmaps_log(0, "%s: no handle to LDAP server on %s using port %s -> %s\n", logstr, hostname, port, strerror(errno));
00758       goto fail_ldap;
00759     }
00760     lcmaps_log_debug(3, "%s: handle to LDAP server successfull\n", logstr);
00761 
00762     /* Bind to the LDAP server. check if timeout is specified, if not, do ldap_simple_bind_s() (blocking)*/
00763     lcmaps_log_debug(3, "%s: dn_manager: %s\n", logstr, dn_manager);
00764     lcmaps_log_debug(5,"%s: ldap_pw is--->%s<---\n", logstr, ldap_pw);
00765     if ((timeout.tv_sec == (time_t) 0) && (timeout.tv_usec == (suseconds_t) 0))
00766     {
00767       rc = ldap_simple_bind_s( ld_handle, dn_manager, ldap_pw);
00768       if ( rc != LDAP_SUCCESS )
00769       {
00770         lcmaps_log(0,"%s: Error binding to ldap server with ldap_simple_bind_s() -> %s\n", logstr, ldap_err2string(rc));
00771         goto fail_ldap;
00772       }
00773       lcmaps_log_debug(3, "%s: bind to LDAP server successfull\n", logstr);
00774     }
00775     else
00776     {
00777       /* First get ldap message id for the asynchronous bind ldap_simple_bind()*/
00778       ldap_mess_id = ldap_simple_bind( ld_handle, dn_manager, ldap_pw);
00779       lcmaps_log_debug(5,"%s: ldap_simple_bind() returned this message id: %d\n", logstr, ldap_mess_id);
00780       if (ldap_mess_id == -1)
00781       {
00782         lcmaps_log(0,"%s: Error binding to ldap server with ldap_simple_bind() ->\n", logstr);
00783         ldap_perror(ld_handle, " ");
00784         goto fail_ldap;
00785       }
00786 
00787       /*
00788        * Then get the result with timeout (rc contains the message type (should be LDAP_RES_BIND),
00789        * 0 if timeout reached ot -1 in case of error
00790        */
00791       rc = ldap_result(ld_handle, ldap_mess_id, 0, &timeout, &ldap_bind_msg);
00792       lcmaps_log_debug(5,"%s: ldap_result() returned this message id  : %d\n", logstr, ldap_msgid(ldap_bind_msg));
00793       lcmaps_log_debug(5,"%s: ldap_result() returned this message type: 0x%x\n", logstr, ldap_msgtype(ldap_bind_msg));
00794       if ( rc == LDAP_RES_BIND )
00795       {
00796         lcmaps_log_debug(3, "%s: bind to LDAP server successfull\n", logstr);
00797       }
00798       else if ( rc == 0 )
00799       {
00800         lcmaps_log(0,"%s: Error, time out occurred in binding to ldap server -> (timeout = %d s)\n", logstr, 0);
00801         goto fail_ldap;
00802       }
00803       else
00804       {
00805         lcmaps_log(0,"%s: Error getting handle to ldap server  -> %s (rc = %d)\n", logstr, rc);
00806         goto fail_ldap;
00807       }
00808       lcmaps_log_debug(5,"%s: freeing ldap msg\n", logstr);
00809       if (ldap_bind_msg)
00810       {
00811         ldap_msgfree(ldap_bind_msg);
00812         ldap_bind_msg = NULL;
00813       }
00814     }
00815 
00816     /* get username */
00817     if (cntUid < 1)
00818     {
00819         lcmaps_log(0,"%s: Error, found no userid in credential data repository (failure)\n", logstr);
00820         goto fail_ldap;
00821     }
00822     lcmaps_log_debug(3, "%s: uid = %d\n", logstr, (int) *uid );
00823     user_info = getpwuid( *uid);
00824     if (user_info == NULL)
00825     {
00826         lcmaps_log(0, "%s: Error, no pw_name associated with uid: %d\n", logstr, uid);
00827         goto fail_ldap;
00828     }
00829     lcmaps_log_debug(3, "%s: uidname = %s\n", logstr, user_info->pw_name );
00830 
00831     /* get the primary gid */
00832     if (cntPriGid >= 1)
00833     {
00834         grgid = getgrgid((gid_t) priGid[0]);
00835         if (grgid != NULL)
00836         {
00837             lcmaps_log_debug(3, "%s: priGidName = %s\n", logstr, grgid->gr_name);
00838             /* set the pgid */
00839              if ( lcmaps_set_pgid(user_info->pw_name, grgid->gr_name, (gid_t)(int) grgid->gr_gid, ld_handle, sb_user) != 0 )
00840              {
00841                  lcmaps_log(0, "%s: lcmaps_set_pgid failed for user=%s, pri group=%s, pri gid=%d\n", logstr,
00842                             user_info->pw_name, grgid->gr_name, (int) grgid->gr_gid);
00843                  goto fail_ldap;
00844              }
00845              // Add to log if succesfull
00846              else
00847              {
00848                   // Log User ID with it's Username
00849                   tmplog = (char *) malloc (MAX_LOG_BUFFER_SIZE * sizeof(char));
00850                   snprintf(tmplog, MAX_LOG_BUFFER_SIZE-1, "%d(%s)", user_info->pw_uid, user_info->pw_name);
00851                   log_cred("UID", tmplog);
00852                   if (tmplog) free(tmplog); tmplog = NULL;
00853 
00854                   // Primary Group ID and Group Name
00855                   tmplog = (char *) malloc (MAX_LOG_BUFFER_SIZE * sizeof(char));
00856                   snprintf(tmplog, MAX_LOG_BUFFER_SIZE-1, "%d(%s)", grgid->gr_gid, grgid->gr_name);
00857                   log_cred("PGID", tmplog);
00858                   if (tmplog) free(tmplog); tmplog = NULL;
00859              }
00860         }
00861         else
00862         {
00863             lcmaps_log(0, "%s: Error, No grgid name associated with primary gid number: %d\n", logstr, (int) priGid[0]);
00864             goto fail_ldap;
00865         }
00866     }
00867 
00868     /* loop over secondary gids */
00869     i=0;
00870     while (i < cntSecGid)
00871     {
00872         lcmaps_log_debug(3, "%s: secGid = %d\n", logstr, (int) secGid[i]);
00873         grgid = getgrgid((gid_t) secGid[i]);
00874         if (grgid != NULL)
00875         {
00876             lcmaps_log_debug(3, "%s: secGidName = %s\n", logstr, grgid->gr_name);
00877 
00878             if ( lcmaps_add_username_to_ldapgroup(user_info->pw_name, grgid->gr_name, (gid_t)(int) grgid->gr_gid, ld_handle, sb_groups) != 0 )
00879             {
00880                 if (require_all_groups == 1)
00881                 {
00882                     lcmaps_log(0, "%s: failure for user=%s, group=%s, gid=%d\n", logstr,
00883                            user_info->pw_name, grgid->gr_name, (int) grgid->gr_gid);
00884                     lcmaps_log(0, "%s: (failure)\n", logstr);
00885                     goto fail_ldap;
00886                 }
00887                 else
00888                 {
00889                     lcmaps_log_debug(1, "%s: failure for user=%s, group=%s, gid=%d\n", logstr,
00890                            user_info->pw_name, grgid->gr_name, (int) grgid->gr_gid);
00891                 }
00892             }
00893             else
00894             {
00895                 // Add the secondary group IDs & names
00896                 tmplog = (char *) malloc (MAX_LOG_BUFFER_SIZE * sizeof(char));
00897                 snprintf(tmplog, MAX_LOG_BUFFER_SIZE-1, "%d(%s)", grgid->gr_gid, grgid->gr_name);
00898                 log_cred("SGID", tmplog);
00899                 if (tmplog) free(tmplog); tmplog = NULL;
00900             }
00901         }
00902         else
00903         {
00904             lcmaps_log(0, "%s: Error, No grgid name associated with gid number: %d\n", logstr, (int) secGid[i]);
00905         }
00906         i++;
00907     }
00908 
00909 
00910     // Log Enforced Credential Data
00911     log_cred("LOG", "");
00912 
00913 
00914     /* succes */
00915  success_ldap:
00916     if (ld_handle) ldap_unbind_s(ld_handle);
00917     lcmaps_log_time(0,"%s: ldap_enf plugin succeeded\n", logstr);
00918     return LCMAPS_MOD_SUCCESS;
00919 
00920  fail_ldap:
00921     // added:
00922     if (ldap_bind_msg)
00923     {
00924       ldap_msgfree(ldap_bind_msg);
00925       ldap_bind_msg = NULL;
00926     }
00927     if (ld_handle) ldap_unbind_s(ld_handle);
00928     if (list) free(list);
00929     lcmaps_log_time(0,"%s: ldap_enf plugin failed\n", logstr);
00930     return LCMAPS_MOD_FAIL;
00931 }
00932 
00933 /******************************************************************************
00934 Function:   plugin_terminate
00935 Description:
00936     Terminate plugin
00937 Parameters:
00938 
00939 Returns:
00940     LCMAPS_MOD_SUCCESS : succes
00941     LCMAPS_MOD_FAIL    : failure
00942 ******************************************************************************/
00943 int plugin_terminate()
00944 {
00945     char *              logstr = "\tlcmaps_plugin_ldap_enf-plugin_terminate()";
00946 
00947     lcmaps_log_debug(1,"%s: terminating\n", logstr);
00948 
00949     if (sb_user)
00950     {
00951         free(sb_user);
00952         sb_user = NULL;
00953     }
00954     if (sb_groups)
00955     {
00956         free(sb_groups);
00957         sb_groups = NULL;
00958     }
00959     if (ldap_pw)
00960     {
00961         free(ldap_pw);
00962         ldap_pw= NULL;
00963     }
00964     if (dn_manager)
00965     {
00966         free(dn_manager);
00967         dn_manager = NULL;
00968     }
00969     if (hostname)
00970     {
00971         free(hostname);
00972         hostname = NULL;
00973     }
00974     if (ldap_dn)
00975     {
00976         free(ldap_dn);
00977         ldap_dn = NULL;
00978     }
00979 
00980     return LCMAPS_MOD_SUCCESS;
00981 }
00982 
00983 /******************************************************************************
00984 Function:   lcmaps_add_username_to_ldapgroup()
00985 
00986 Description:
00987     Adds the username to the appropriate (LDAP) group.
00988 
00989 Parameters:
00990     username:    the name of the user
00991     groupname:   the name of the group
00992     groupnumber: group id number
00993     ld_handle:   handle to LDAP
00994     searchBase:  dn search base
00995 
00996 Returns:
00997     0 on success.
00998    -1 on ldap failure
00999     1 on failure
01000 ******************************************************************************/
01026 static int lcmaps_add_username_to_ldapgroup(
01027         const char * username,
01028         const char * groupname,
01029         gid_t        groupnumber,
01030         LDAP       * ld_handle,
01031         const char * searchBase
01032     )
01033 {
01034     char *         logstr = "\tlcmaps_plugin_ldap_enf-lcmaps_add_username_to_ldapgroup()";
01035     int            i = 0;
01036     int            filtersize;
01037     char         * filterprefix = "(&(objectClass=posixGroup)(gidNumber=";
01038     char         * filter = NULL;
01039     char         * filtersuffix = "))";
01040     char         * memberUidfilter = ")(memberUid=";
01041     char         * memberfilter;
01042     LDAPMessage  * searchResult, *entry;
01043     char         * attribute, **values;
01044     struct timeval timeOut = {10,0};
01045     char           groupstr[10];
01046     char         * dn = NULL;
01047     BerElement   * ber;
01048     int            rc, entryCount, dnsize, membersize;
01049     char         * dnprefix = "cn=";
01050     LDAPMod        modGID;
01051     LDAPMod      * modify[2];
01052     char         * modifyDN;
01053     char         * GIDValue[2];
01054 
01055     if (! ld_handle)
01056     {
01057         lcmaps_log(0,"%s: empty ldap handle\n", logstr);
01058         return -1;
01059     }
01060     if (groupnumber > MAXGROUPNUM)
01061     {
01062         lcmaps_log(0,"%s: groupid (%d) too large, max = %d\n", logstr,
01063         groupnumber,MAXGROUPNUM);
01064         return 1;
01065     }
01066 
01067     snprintf(groupstr,(size_t)10,"%d",groupnumber);
01068     filtersize = strlen(filterprefix)+strlen(groupstr)+strlen(filtersuffix)+1;
01069     filter = (char *) malloc(filtersize*sizeof(char));
01070 
01071     snprintf(filter,(size_t)filtersize,"%s%s%s",filterprefix, groupstr, filtersuffix);
01072 
01073     lcmaps_log_debug(3,"%s: groupstr = %s\n", logstr,groupstr);
01074     lcmaps_log_debug(3,"%s: filter: %s, filtersize = %d\n", logstr,filter, filtersize);
01075     lcmaps_log_debug(3,"%s: username: %s, groupnumber = %d, ld_handle = %p, searchBase = %s\n", logstr,
01076                      username, groupnumber, ld_handle, searchBase);
01077 
01078     membersize = strlen(filterprefix) + strlen(groupstr) + strlen(memberUidfilter) + strlen(username) + strlen(filtersuffix) +1;
01079     memberfilter = (char *) malloc(membersize*sizeof(char));
01080     snprintf(memberfilter,(size_t)memberfilter,"%s%s%s%s%s",filterprefix, groupstr,memberUidfilter,username ,filtersuffix);
01081     lcmaps_log_debug(3,"%s: memberefilter: %s, membersize = %d\n", logstr,memberfilter, membersize);
01082 
01083     dnsize = strlen(dnprefix) + strlen(groupname)  + strlen(searchBase) +2;  // '/0' and ','
01084     modifyDN = (char *) malloc(dnsize*sizeof(char));
01085     snprintf(modifyDN,(size_t)dnsize,"%s%s,%s",dnprefix,groupname,searchBase );
01086     lcmaps_log_debug(3,"%s: modifyDN = %s\n", logstr,modifyDN);
01087     //modifyDN = "cn=tbadmin,ou=LocalGroups,dc=foobar,dc=ough";
01088 
01089 
01090     modGID.mod_op     = LDAP_MOD_ADD;
01091     modGID.mod_type   = "memberUid";
01092     GIDValue[0]       = strdup(username);
01093     GIDValue[1]       = NULL;
01094     modGID.mod_values = GIDValue;
01095 
01096     modify[0] = &modGID;
01097     modify[1] = NULL;
01098 
01099 
01100    /* Search the directory  to test if entry exists */
01101     rc = ldap_search_ext_s(
01102                     ld_handle,             /* LDAP session handle */
01103                     searchBase,            /* container to search */
01104                     LDAP_SCOPE_SUBTREE,
01105                     memberfilter,
01106                     NULL,                  /* return all attributes */
01107                     0,                     /* return attributes and values */
01108                     NULL,                  /* server controls */
01109                     NULL,                  /* client controls */
01110                     &timeOut,              /* search timeout */
01111                     LDAP_NO_LIMIT,         /* no size limit */
01112                     &searchResult );       /* returned results */
01113 
01114     if ( rc != LDAP_SUCCESS )
01115     {
01116         lcmaps_log(0,"%s: ldap_search_ext_s error: %s\n", logstr, ldap_err2string( rc ));
01117         free(GIDValue[0]);
01118         free(filter);
01119         free(modifyDN);
01120         free(memberfilter);
01121         return -1;
01122     }
01123 
01124     entryCount = ldap_count_entries( ld_handle, searchResult );
01125     lcmaps_log_debug(3,"%s: Search completed successfully. Entries returned: %d\n", logstr, entryCount);
01126 
01127     if ( entryCount != 0)
01128     {
01129         lcmaps_log_debug(3,"%s: No add, allready exists:  modifyDN = %s\n", logstr,modifyDN);
01130         free(GIDValue[0]);
01131         free(filter);
01132         free(modifyDN);
01133         free(memberfilter);
01134         ldap_msgfree( searchResult );
01135         return 0;
01136     }
01137 
01138     /* if not exists, add the entry  */
01139     rc= ldap_modify_ext_s( ld_handle,  /* LDAP session handle */
01140                            modifyDN,   /* the object to modify */
01141                            modify,     /* array of LDAPMod structures */
01142                            NULL,       /* server controls */
01143                            NULL);      /* client controls */
01144 
01145     if ( rc != LDAP_SUCCESS )
01146     {
01147         lcmaps_log(0,"%s: ldap_modify_ext_s failed for group %s(%d): %s\n", logstr, groupname, groupnumber, ldap_err2string( rc ));
01148         free(GIDValue[0]);
01149         free(filter);
01150         free(modifyDN);
01151         free(memberfilter);
01152         return -1;
01153     }
01154     lcmaps_log_debug(3,"%s: %s modified successfully.\n", logstr, modifyDN);
01155 
01156 
01157    /* Search the directory */
01158    /* this is an extra test, could be removed */
01159     rc = ldap_search_ext_s(
01160                     ld_handle,             /* LDAP session handle */
01161                     searchBase,            /* container to search */
01162                     LDAP_SCOPE_SUBTREE,
01163                     filter,
01164 //                    &attrstr,              /* return all attributes */
01165                     NULL,                  /* return all attributes */
01166                     0,                     /* return attributes and values */
01167                     NULL,                  /* server controls */
01168                     NULL,                  /* client controls */
01169                     &timeOut,              /* search timeout */
01170                     LDAP_NO_LIMIT,         /* no size limit */
01171                     &searchResult );       /* returned results */
01172 
01173     if ( rc != LDAP_SUCCESS )
01174     {
01175         lcmaps_log(0,"%s: ldap_search_ext_s error: %s\n", logstr, ldap_err2string( rc ));
01176         free(GIDValue[0]);
01177         free(filter);
01178         free(modifyDN);
01179         free(memberfilter);
01180         ldap_msgfree( searchResult );
01181         return -1;
01182     }
01183 
01184     /* Go through the search results by checking entries */
01185     for (   entry   =   ldap_first_entry( ld_handle, searchResult );
01186             entry   !=  NULL;
01187             entry   =   ldap_next_entry( ld_handle, entry ) )
01188     {
01189         if (( dn = ldap_get_dn( ld_handle, entry )) != NULL )
01190         {
01191             lcmaps_log_debug(3,"%s: -->  dn: %s\n", logstr, dn);
01192             ldap_memfree( dn );
01193         }
01194        for (   attribute = ldap_first_attribute( ld_handle, entry, &ber );
01195                 attribute != NULL;
01196                 attribute = ldap_next_attribute( ld_handle, entry, ber ) )
01197         {
01198             /* Get values and print.  Assumes all values are strings. */
01199             if (( values = ldap_get_values( ld_handle, entry, attribute)) != NULL )
01200             {
01201                 for ( i = 0; values[i] != NULL; i++ )
01202                     lcmaps_log_debug(3,"%s:        %s: %s\n", logstr, attribute, values[i]);
01203                 ldap_value_free( values );
01204             }
01205             ldap_memfree( attribute );
01206         }
01207 
01208         ber_free(ber, 0);
01209     }
01210 
01211     entryCount = ldap_count_entries( ld_handle, searchResult );
01212     lcmaps_log_debug(3,"%s: Search completed successfully. Entries returned: %d\n", logstr, entryCount);
01213 
01214     ldap_msgfree( searchResult );
01215     free(GIDValue[0]);
01216     free(filter);
01217     free(modifyDN);
01218     free(memberfilter);
01219 
01220 
01221     return 0;
01222 }
01223 
01224 /******************************************************************************
01225 Function:   lcmaps_set_pgid()
01226 
01227 Description:
01228     Sets the primary group ID
01229 
01230 Parameters:
01231     username:     the name of the user
01232     pgroupname:   the name of the primary group
01233     pgroupnumber: primary group id number
01234     ld_handle:    handle to LDAP
01235     searchBase:   dn search base
01236 
01237 Returns:
01238     0 on success.
01239    -1 on ldap failure
01240     1 on failure
01241 ******************************************************************************/
01265 static int lcmaps_set_pgid(
01266         const char * username,
01267         const char * pgroupname,
01268         gid_t        pgroupnumber,
01269         LDAP       * ld_handle,
01270         const char * searchBase
01271     )
01272 {
01273     char *         logstr = "\tlcmaps_plugin_ldap_enf-lcmaps_set_pgid()";
01274     int            rc, dnsize;
01275     char           prigroupstr[10];
01276     LDAPMod        modGID;
01277     LDAPMod      * modify[2];
01278     char         * modifyDN = NULL;
01279     char         * GIDValue[2];
01280     char         * dnprefix = "uid=";
01281 
01282 
01283     /* print incoming vars: */
01284     lcmaps_log_debug(1, "%s: parameters: user=%s, pri group=%s, pri gid=%d\n", logstr,
01285                username, pgroupname, (int) pgroupnumber);
01286 
01287     if (! ld_handle)
01288     {
01289         lcmaps_log(0,"%s: empty ldap handle\n", logstr);
01290         return -1;
01291     }
01292     if (pgroupnumber > MAXGROUPNUM)
01293     {
01294         lcmaps_log(0,"%s: pgroupid (%d) too large, max = %d\n", logstr,
01295         pgroupnumber,MAXGROUPNUM);
01296         return 1;
01297     }
01298 
01299     snprintf(prigroupstr,(size_t)10,"%d", pgroupnumber);
01300 
01301     /* modifyDN    the object to modify */
01302     dnsize = strlen(dnprefix) + strlen(username)  + strlen(searchBase) +3;  // '/0' and ','
01303     modifyDN = (char *) malloc(dnsize*sizeof(char));
01304     snprintf(modifyDN,(size_t)dnsize,"%s%s, %s",dnprefix,username,searchBase );
01305     lcmaps_log_debug(3,"%s: modifyDN = %s\n", logstr,modifyDN);
01306 
01307 
01308     modGID.mod_op     = LDAP_MOD_REPLACE;
01309     modGID.mod_type   = "gidNumber";
01310     GIDValue[0]       = prigroupstr;
01311     GIDValue[1]       = NULL;
01312     modGID.mod_values = GIDValue;
01313 
01314     modify[0] = &modGID;
01315     modify[1] = NULL;
01316 
01317 
01318     /* modify the entry  */
01319     rc= ldap_modify_ext_s( ld_handle,  /* LDAP session handle */
01320                            modifyDN,   /* the object to modify */
01321                            modify,     /* array of LDAPMod structures */
01322                            NULL,       /* server controls */
01323                            NULL);      /* client controls */
01324 
01325     if ( rc != LDAP_SUCCESS )
01326     {
01327         lcmaps_log(0,"%s: ldap_modify_ext_s failed: %s\n", logstr, ldap_err2string( rc ));
01328         /* free mem */
01329         free(modifyDN);
01330         return -1;
01331     }
01332     lcmaps_log_debug(3,"%s: %s modified successfully.\n", logstr, modifyDN);
01333 
01334     /* free mem */
01335     free(modifyDN);
01336 
01337     return 0;
01338 }
01339 
01340 
01341 /******************************************************************************
01342 Function:   lcmaps_get_ldap_pw()
01343 
01344 Description:
01345     Get the LDAP password from file
01346 
01347 Parameters:
01348     path:   path to the ldap_pw file containing the password
01349     ldap_passwd : variable to set the password in
01350 
01351 Returns:
01352     0 on success.
01353     1 on failure
01354 ******************************************************************************/
01373 static int lcmaps_get_ldap_pw(
01374         const char * path,
01375         char       ** ldap_passwd
01376     )
01377 {
01378     char *        logstr = "\tlcmaps_plugin_ldap_enf-lcmaps_get_ldap_pw()";
01379     FILE        * fp = NULL;
01380     struct stat   buf;
01381     int           c;
01382     int           count = 0;
01383     char        * temppwd = NULL;
01384 
01385     lcmaps_log_debug(3,"%s: path: %s \n", logstr, path);
01386 
01387     /* get the stats of the file */
01388     if ((stat(path, &buf)) == -1)
01389     {
01390         lcmaps_log(0, "%s: unable to get stat of ldap_pw file: %s\n", logstr, path);
01391         return 1;
01392     }
01393 
01394     /* test if it's a file */
01395     if ( !(S_ISREG(buf.st_mode)))
01396     {
01397         lcmaps_log(0, "%s: ldap_pw file is not a file: %s\n", logstr, path);
01398         return 1;
01399     }
01400     /* test if root is owner */
01401     if (buf.st_uid != 0) {
01402         lcmaps_log(0, "%s: ldap_pw file is not owned by root (readonly for root) : %s\n", logstr, path);
01403         return 1;
01404     }
01405 
01406     /* test if file has the access bits set correctly */
01407     if ((0000777  & (buf.st_mode) ) != S_IRUSR )
01408     {
01409         lcmaps_log(0, "%s: ldap_pw file has incorrect accessibility (readonly for root) : %s\n", logstr, path);
01410         return 1;
01411     }
01412 
01413     /* try to open the file */
01414     if ((fp = fopen(path, "r")) == NULL)
01415     {
01416         lcmaps_log(0, "%s: unable to open ldap_pw file: %s\n", logstr, path);
01417         return 1;
01418     }
01419 
01420     /* read the passwd from the file */
01421     /* I thought tabs and spaces were not allowed in the passwd, but they are, so
01422      * restore original line
01423      */
01424 //    while ((c = getc(fp)) != EOF && (strchr(WHITESPACE_CHARS, c) == NULL)) count++;
01425     while ((c = getc(fp)) != EOF && (c != '\n')) count++;
01426     temppwd = (char *) malloc(count * sizeof(char) + 2);
01427 
01428     if ((fseek(fp, 0L, SEEK_SET)) != 0)
01429     {
01430         lcmaps_log(0, "%s: unable to reset the fp\n", logstr);
01431         fclose(fp);
01432         return 1;
01433     }
01434 
01435     if ((fgets(temppwd, count+1, fp)) == NULL )
01436     {
01437         lcmaps_log(0, "%s: unable to read the password: fgets failed\n", logstr);
01438         fclose(fp);
01439         return 1;
01440     }
01441 
01442     fclose(fp);
01443     lcmaps_log_debug(3,"%s: password: %s\n", logstr, temppwd);
01444 //    *ldap_passwd = strdup(" s t\ts   ");
01445     *ldap_passwd = strdup(temppwd);
01446 
01447     /* free mem */
01448     if (temppwd) free(temppwd);
01449 
01450     return 0;
01451 }
01452 /******************************************************************************
01453 CVS Information:
01454     $Source: /cvs/jra1mw/org.glite.security.lcmaps-plugins-basic/src/ldap_enf/lcmaps_ldap.c,v $
01455     $Date: 2005/02/27 01:30:41 $
01456     $Revision: 1.4 $
01457     $Author: msteenba $
01458 ******************************************************************************/
Generated on Sun May 29 21:22:10 2005 for lcmaps by doxygen 1.3.5