Main Page   Modules   Data Structures   File List   Data Fields   Globals   Related Pages  

lcmaps_ldap.c

Go to the documentation of this file.
00001 /* For license conditions see http://www.eu-datagrid.org/license.html
00002  *
00003  * Copyright (c) 2001, 2002 by
00004  *     Martijn Steenbakkers <martijn@nikhef.nl>,
00005  *     David Groep <davidg@nikhef.nl>,
00006  *     Wim Som de Cerff <sdecerff@knmi.nl>
00007  *     NIKHEF Amsterdam, the Netherlands
00008  */
00009 
00083 /*****************************************************************************
00084                             Include header files
00085 ******************************************************************************/
00086 #include <stdio.h>
00087 #include <stdlib.h>
00088 #include <string.h>
00089 #include <pwd.h>
00090 #include <grp.h>
00091 #include <ctype.h>
00092 #include <errno.h>
00093 
00094 #include "globus_gss_assist.h"
00095 
00096 #include "lcmaps_config.h"
00097 #include "lcmaps_modules.h"
00098 #include "lcmaps_arguments.h"
00099 #include "lcmaps_cred_data.h"
00100 
00101 #include "ldap.h"
00102 /******************************************************************************
00103                                 Definitions
00104 ******************************************************************************/
00105 
00106 #define MAX_UNDEFINED -1
00107 
00108 #ifndef NGROUPS
00109     #ifdef NGROUPS_MAX
00110         #define NGROUPS NGROUPS_MAX
00111     #else
00112         #define NGROUPS 32
00113     #endif
00114 #endif
00115 
00116 /*
00117  * MAX_NGROUPS has also been used. I couldn't see in the source if it was
00118  * a self made define in the code or that it was OS specific.
00119  */
00120 
00121 #define MAXGROUPNUM ((int)(999999999))
00122 
00123 
00124 #ifndef MAX_LOG_BUFFER_SIZE
00125     #define MAX_LOG_BUFFER_SIZE 2048 
00127 #endif
00128 
00129 #define WHITESPACE_CHARS " \t\n"
00130 
00131 /******************************************************************************
00132                           Module specific prototypes
00133 ******************************************************************************/
00134 
00135 static int log_cred(
00136         char * type,
00137         char * add_log
00138 );
00139 static int lcmaps_get_ldap_pw(
00140         const char * path,
00141         char ** ldap_passwd
00142 );
00143 static int lcmaps_set_pgid(
00144         const char * username,
00145         const char * pgroupname,
00146         gid_t        pgroupnumber,
00147         LDAP       * ld_handle,
00148         const char * searchBase
00149 );
00150 static int lcmaps_add_username_to_ldapgroup(
00151         const char * username,
00152         const char * groupname,
00153         gid_t        groupnumber,
00154         LDAP       * ld_handle,
00155         const char * searchBase
00156 );
00157 
00158 /******************************************************************************
00159                        Define module specific variables
00160 ******************************************************************************/
00161 
00162 static int            maxuid  = MAX_UNDEFINED;
00163 static int            maxpgid = MAX_UNDEFINED;
00164 static int            maxsgid = MAX_UNDEFINED;
00165 static int            require_all_groups = 1;
00166 static char *         hostname = NULL;
00167 static int            port = -1;
00168 static char *         dn_manager = NULL;
00169 static char *         ldap_pw = NULL;
00170 static char *         sb_groups = NULL;
00171 static char *         sb_user = NULL;
00172 static char *         ldap_dn = NULL;
00173 static char *         ldap_cred_log      = NULL;
00174 static char *         ldap_cred_log_uid  = NULL;
00175 static char *         ldap_cred_log_pgid = NULL;
00176 static char *         ldap_cred_log_sgid = NULL;
00177 static struct timeval timeout =
00178 {
00179     (time_t) 0,
00180     (suseconds_t) 0
00181 };
00182 
00183 
00184 
00185 /******************************************************************************
00186 Function:   log_cred
00187 Description:
00188     Makes a log of the Enforceable credential data
00189 Parameters:
00190     *secGid    : list of secondary gid_t
00191     cntSecGid  : amount of secondary gids (0 to (NGROUPS || 32))
00192 
00193 Returns:
00194     0: success
00195     1: failure
00196 ******************************************************************************/
00197 static int log_cred (char * type, char * add_log)
00198 {
00199     char * logstr = "\tlcmaps_plugin_ldap-log_cred()";
00200     char * tmp = NULL;
00201 
00202     if (strcmp(type, "UID") == 0)
00203     {
00204         if (ldap_cred_log_uid == NULL)
00205         {
00206             ldap_cred_log_uid  = (char *) malloc(MAX_LOG_BUFFER_SIZE * sizeof(char));
00207 
00208             strcpy(ldap_cred_log_uid, "uid=");
00209             strcat (ldap_cred_log_uid, add_log);
00210         }
00211         else
00212         {
00213             tmp = (char *) malloc(3 * sizeof(char));
00214             strcpy (tmp, ",");
00215             strcat (ldap_cred_log_uid, tmp);
00216             strcat (ldap_cred_log_uid, add_log);
00217         }
00218 
00219         lcmaps_log_debug(4,"%s: ldap_cred_log_uid: %s\n", logstr, ldap_cred_log_uid);
00220 
00221     }
00222     else if (strcmp(type, "PGID") == 0)
00223     {
00224         if (ldap_cred_log_pgid == NULL)
00225         {
00226             ldap_cred_log_pgid  = (char *) malloc(MAX_LOG_BUFFER_SIZE * sizeof(char));
00227 
00228             strcpy(ldap_cred_log_pgid, "pgid=");
00229             strcat (ldap_cred_log_pgid, add_log);
00230         }
00231         else
00232         {
00233             tmp = (char *) malloc(3 * sizeof(char));
00234             strcpy (tmp, ",");
00235             strcat (ldap_cred_log_pgid, tmp);
00236             strcat (ldap_cred_log_pgid, add_log);
00237         }
00238 
00239         lcmaps_log_debug(4,"%s: ldap_cred_log_pgid: %s\n", logstr, ldap_cred_log_pgid);
00240     }
00241     else if (strcmp(type, "SGID") == 0)
00242     {
00243         if (ldap_cred_log_sgid == NULL)
00244         {
00245             ldap_cred_log_sgid  = (char *) malloc(MAX_LOG_BUFFER_SIZE * sizeof(char));
00246 
00247             strcpy(ldap_cred_log_sgid, "sgid=");
00248             strcat (ldap_cred_log_sgid, add_log);
00249         }
00250         else
00251         {
00252             tmp = (char *) malloc(3 * sizeof(char));
00253             strcpy (tmp, ",");
00254             strcat (ldap_cred_log_sgid, tmp);
00255             strcat (ldap_cred_log_sgid, add_log);
00256         }
00257 
00258         lcmaps_log_debug(4,"%s: ldap_cred_log_sgid: %s\n", logstr, ldap_cred_log_sgid);
00259     }
00260     else if (strcmp(type, "LOG") == 0)
00261     {
00262         tmp = strdup (":");
00263 
00264 
00265         if (ldap_cred_log == NULL)
00266             ldap_cred_log = (char *) malloc (MAX_LOG_BUFFER_SIZE * sizeof(char));
00267 
00268         if (ldap_cred_log_uid != NULL)
00269             strcpy(ldap_cred_log, ldap_cred_log_uid);
00270 
00271         if (ldap_cred_log_pgid != NULL)
00272         {
00273             strcat(ldap_cred_log, tmp);
00274             strcat(ldap_cred_log, ldap_cred_log_pgid);
00275         }
00276 
00277         if (ldap_cred_log_sgid != NULL)
00278         {
00279             strcat(ldap_cred_log, tmp);
00280             strcat(ldap_cred_log, ldap_cred_log_sgid);
00281         }
00282 
00283         lcmaps_log_time(0, "%s: %s\n", logstr, ldap_cred_log);
00284     }
00285     return 0;
00286 }
00287 
00288 
00289 
00290 /******************************************************************************
00291 Function:   plugin_initialize
00292 Description:
00293     Initialize plugin
00294 Parameters:
00295     argc, argv
00296     argv[0]: the name of the plugin
00297 Returns:
00298     LCMAPS_MOD_SUCCESS : succes
00299     LCMAPS_MOD_FAIL    : failure
00300     LCMAPS_MOD_NOFILE  : db file not found (will halt LCMAPS initialization)
00301 ******************************************************************************/
00302 int plugin_initialize(
00303         int argc,
00304         char ** argv
00305 )
00306 {
00307     char *  logstr = "\tlcmaps_plugin_ldap_enf-plugin_initialize()";
00308     int i, j;
00309 
00310     lcmaps_log_debug(1,"%s: passed arguments:\n", logstr);
00311     for (i=0; i < argc; i++)
00312     {
00313        lcmaps_log_debug(2,"%s: arg %d is %s\n", logstr, i, argv[i]);
00314     }
00315 
00316     /*
00317      * Parse arguments, argv[0] = name of plugin, so start with i = 1
00318      */
00319     for (i = 1; i < argc; i++)
00320     {
00321         // setting maxuid parameter from init plugin arguments
00322         if ( (((strcmp(argv[i], "-maxuid") == 0) ||
00323              (strcmp(argv[i], "-MAXUID") == 0)) &&
00324              (maxuid == MAX_UNDEFINED))
00325              && (i + 1 < argc) )
00326         {
00327             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00328             {
00329                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-maxuid\" is a number\n", logstr);
00330                  for (j = 0; j < strlen(argv[i + 1]); j++)
00331                  {
00332                      if (!isdigit((argv[i + 1])[j]))
00333                      {
00334                          lcmaps_log(0,"%s: Error, maybe found some digits, but there is at least one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00335                          maxuid = -1;
00336                          goto fail_ldap;
00337                      }
00338                  }
00339                  maxuid = atoi(argv[i + 1]);
00340             }
00341             else
00342             {
00343                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00344                 goto fail_ldap;
00345             }
00346             i++;
00347         }
00348 
00349         // setting maxpgid parameter from init plugin arguments
00350         else if ( (((strcmp(argv[i], "-maxpgid") == 0) ||
00351              (strcmp(argv[i], "-MAXPGID") == 0)) &&
00352              (maxpgid == MAX_UNDEFINED))
00353              && (i + 1 < argc) )
00354         {
00355             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00356             {
00357                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-maxpgid\" is a number\n", logstr);
00358                  for (j = 0; j < strlen(argv[i + 1]); j++)
00359                  {
00360                      if (!isdigit((argv[i + 1])[j]))
00361                      {
00362                          lcmaps_log(0,"%s: Error, maybe found some digits, but there is at least one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00363                          maxpgid = -1;
00364                          goto fail_ldap;
00365                      }
00366                  }
00367                  maxpgid = atoi(argv[i + 1]);
00368             }
00369             else
00370             {
00371                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00372                 goto fail_ldap;
00373             }
00374             i++;
00375         }
00376 
00377         // setting maxsgid parameter from init plugin arguments
00378         else if  ( (((strcmp(argv[i], "-maxsgid") == 0) ||
00379              (strcmp(argv[i], "-MAXSGID") == 0)) &&
00380              (maxsgid == MAX_UNDEFINED))
00381              && (i + 1 < argc) )
00382         {
00383             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00384             {
00385                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-maxsgid\" is a number\n", logstr);
00386                  for (j = 0; j < strlen(argv[i + 1]); j++)
00387                  {
00388                      if (!isdigit((argv[i + 1])[j]))
00389                      {
00390                          lcmaps_log(0,"%s: Error, maybe found some digits, but there is atleast one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00391                          maxsgid = -1;
00392                          goto fail_ldap;
00393                      }
00394                  }
00395                  maxsgid = atoi(argv[i + 1]);
00396             }
00397             else
00398             {
00399                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00400                 goto fail_ldap;
00401             }
00402             i++;
00403         }
00404         /* settings for LDAP: */
00405         else if  ( ((strcmp(argv[i], "-port") == 0) ||
00406              (strcmp(argv[i], "-PORT") == 0))
00407              && (i + 1 < argc) )
00408         {
00409             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00410             {
00411                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-port\" is a number\n", logstr);
00412                  for (j = 0; j < strlen(argv[i + 1]); j++)
00413                  {
00414                      if (!isdigit((argv[i + 1])[j]))
00415                      {
00416                          lcmaps_log(0,"%s: Error maybe found some digits, but there is atleast one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00417                          port = -1;
00418                          goto fail_ldap;
00419                      }
00420                  }
00421                  port = atoi(argv[i + 1]);
00422             }
00423             else
00424             {
00425                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00426                 goto fail_ldap;
00427             }
00428             i++;
00429         }
00430         else if  ( ((strcmp(argv[i], "-hostname") == 0) ||
00431              (strcmp(argv[i], "-HOSTNAME") == 0))
00432              && (i + 1 < argc) )
00433         {
00434             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00435             {
00436                  hostname = strdup(argv[i+1]);
00437             }
00438             else
00439             {
00440                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00441                 goto fail_ldap;
00442             }
00443             i++;
00444         }
00445         else if  ( (strcmp(argv[i], "-require_all_groups") == 0)
00446              && (i + 1 < argc) )
00447         {
00448             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00449             {
00450                  if (strcmp(argv[i+1],"yes") == 0)
00451                  {
00452                      require_all_groups = 1;
00453                  }
00454                  else if (strcmp(argv[i+1],"no") == 0)
00455                  {
00456                      require_all_groups = 0;
00457                  }
00458                  else
00459                  {
00460                      lcmaps_log(0,"%s: use \"yes\" or \"no\" for option %s\n", logstr, argv[i]);
00461                      goto fail_ldap;
00462                  }
00463             }
00464             else
00465             {
00466                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00467                 goto fail_ldap;
00468             }
00469             i++;
00470         }
00471         else if  ( (strcmp(argv[i], "-dn_manager") == 0)
00472              && (i + 1 < argc) )
00473         {
00474             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00475             {
00476                  dn_manager = strdup(argv[i+1]);
00477             }
00478             else
00479             {
00480                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00481                 goto fail_ldap;
00482             }
00483             i++;
00484         }
00485         else if  ( (strcmp(argv[i], "-ldap_pw") == 0)
00486              && (i + 1 < argc) )
00487         {
00488             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00489             {
00490                  lcmaps_get_ldap_pw(argv[i+1], &ldap_pw);
00491             }
00492             else
00493             {
00494                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00495                 goto fail_ldap;
00496             }
00497             i++;
00498         }
00499         else if  ( (strcmp(argv[i], "-sb_groups") == 0)
00500              && (i + 1 < argc) )
00501         {
00502             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00503             {
00504                  sb_groups = strdup(argv[i+1]);
00505             }
00506             else
00507             {
00508                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00509                 goto fail_ldap;
00510             }
00511             i++;
00512         }
00513         else if  ( (strcmp(argv[i], "-sb_user") == 0)
00514              && (i + 1 < argc) )
00515         {
00516             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00517             {
00518                sb_user = strdup(argv[i+1]);
00519             }
00520             else
00521             {
00522                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00523                 goto fail_ldap;
00524             }
00525             i++;
00526         }
00527         // setting timeout value parameter (in seconds) from init plugin arguments
00528         else if ( (strcmp(argv[i], "-timeout") == 0)
00529              && (i + 1 < argc) )
00530         {
00531             if ((argv[i + 1] != NULL) && (strlen(argv[i + 1]) > 0))
00532             {
00533                  lcmaps_log_debug(2,"%s: Checking if argument behind \"-timeout\" is a number\n", logstr);
00534                  for (j = 0; j < strlen(argv[i + 1]); j++)
00535                  {
00536                      if (!isdigit((argv[i + 1])[j]))
00537                      {
00538                          lcmaps_log(0,"%s: Error, maybe found some digits, but there is at least one char corrupting this parameter: %s\n", logstr, argv[i + 1]);
00539                          maxpgid = -1;
00540                          goto fail_ldap;
00541                      }
00542                  }
00543                  timeout.tv_sec = (time_t) atoi(argv[i + 1]);
00544                  timeout.tv_usec = (suseconds_t) 0;
00545             }
00546             else
00547             {
00548                 lcmaps_log(0,"%s: no argument found for %s (failure)\n", logstr, argv[i]);
00549                 goto fail_ldap;
00550             }
00551             i++;
00552         }
00553         else
00554         {
00555             lcmaps_log(0,"%s: Error in initialization parameter: %s (failure)\n", logstr, argv[i]);
00556             goto fail_ldap;
00557         }
00558     }
00559 
00560     if (maxsgid > NGROUPS)
00561     {
00562         lcmaps_log(0,"%s: Error, the prefered set maximum of %d Secondary Gid's exceeds the system maximum of NGROUPS witch is set to %d on this system\n", logstr,  maxsgid, NGROUPS);
00563         goto fail_ldap;
00564     }
00565     else if (maxsgid == MAX_UNDEFINED)
00566     {
00567         lcmaps_log(0,"%s: Auto set maximum Secondary Gid's to system maximum of NGROUPS witch is set to %d on this system\n", logstr, NGROUPS);
00568     }
00569     if (hostname == NULL)
00570     {
00571         lcmaps_log(0, "%s: Invalid hostname, use option \"-hostname <hostname>\"\n", logstr);
00572         goto fail_ldap;
00573     }
00574     if (port == -1)
00575     {
00576         lcmaps_log(0, "%s: Port not set, use option \"-port <port>\"\n", logstr);
00577         goto fail_ldap;
00578     }
00579     if (dn_manager == NULL)
00580     {
00581         lcmaps_log(0, "%s: Invalid dn ldap manager, use option \"-dn_manager <dn manager>\"\n", logstr);
00582         goto fail_ldap;
00583     }
00584     if (ldap_pw == NULL)
00585     {
00586         lcmaps_log(0, "%s: No ldap password found in password file, file might be in wrong mode , use option \"-ldap_pw <path/filename>\"\n", logstr);
00587         goto fail_ldap;
00588     }
00589     if (sb_groups == NULL)
00590     {
00591         lcmaps_log(0, "%s: Invalid search base for groups, use option \"-sb_groups <search base>\"\n", logstr);
00592         goto fail_ldap;
00593     }
00594     if (sb_user == NULL)
00595     {
00596         lcmaps_log(0, "%s: Invalid seach base for user, use option \"-sb_user <search base>\"\n", logstr);
00597         goto fail_ldap;
00598     }
00599 
00600     lcmaps_log_debug(2,"%s: Summary init maxuid       : %d\n", logstr, maxuid);
00601     lcmaps_log_debug(2,"%s: Summary init maxpgid      : %d\n", logstr, maxpgid);
00602     lcmaps_log_debug(2,"%s: Summary init maxsgid      : %d\n", logstr, maxsgid);
00603     lcmaps_log_debug(2,"%s: Summary init hostname     : %s\n", logstr, hostname);
00604     lcmaps_log_debug(2,"%s: Summary init port         : %d\n", logstr, port);
00605     lcmaps_log_debug(2,"%s: Summary require_all_groups: %d\n", logstr, require_all_groups);
00606     lcmaps_log_debug(2,"%s: Summary init dn_manager   : %s\n", logstr, dn_manager);
00607     lcmaps_log_debug(2,"%s: Summary init ldap_pw      : %s\n", logstr, ldap_pw);
00608     lcmaps_log_debug(2,"%s: Summary init sb_groups    : %s\n", logstr, sb_groups);
00609     lcmaps_log_debug(2,"%s: Summary init sb_user      : %s\n", logstr, sb_user);
00610     lcmaps_log_debug(2,"%s: Summary init timeout      : %d seconds and %d microseconds\n", logstr,
00611     (int) timeout.tv_sec, (int) timeout.tv_usec);
00612 
00613     return LCMAPS_MOD_SUCCESS;
00614 
00615  fail_ldap:
00616     return LCMAPS_MOD_FAIL;
00617 }
00618 
00619 /******************************************************************************
00620 Function:   plugin_introspect
00621 Description:
00622     return list of required arguments
00623 Parameters:
00624 
00625 Returns:
00626     LCMAPS_MOD_SUCCESS : succes
00627     LCMAPS_MOD_FAIL    : failure
00628 ******************************************************************************/
00629 int plugin_introspect(
00630         int * argc,
00631         lcmaps_argument_t ** argv
00632 )
00633 {
00634     char *                   logstr    = "\tlcmaps_plugin_ldap_enf-plugin_introspect()";
00635     static lcmaps_argument_t argList[] = {
00636         {NULL           ,       NULL            , -1,   NULL}
00637     };
00638 
00639     lcmaps_log_debug(1,"%s: introspecting\n", logstr);
00640 
00641     *argv = argList;
00642     *argc = lcmaps_cntArgs(argList);
00643     lcmaps_log_debug(1,"%s: address first argument: 0x%x\n", logstr, argList);
00644 
00645     return LCMAPS_MOD_SUCCESS;
00646 }
00647 
00648 
00649 /******************************************************************************
00650 Function:   plugin_run
00651 Description:
00652     Gather credentials for LCMAPS
00653 Parameters:
00654     argc: number of arguments
00655     argv: list of arguments
00656 Returns:
00657     LCMAPS_MOD_SUCCESS: authorization succeeded
00658     LCMAPS_MOD_FAIL   : authorization failed
00659 ******************************************************************************/
00660 int plugin_run(
00661         int argc,
00662         lcmaps_argument_t * argv
00663 )
00664 {
00665     char *           logstr = "\tlcmaps_plugin_ldap_enf-plugin_run()";
00666     struct passwd  * user_info   = NULL;
00667     int              i;
00668     gid_t          * list        = NULL;
00669 
00670     uid_t          * uid;
00671     int              cntUid;
00672     gid_t          * priGid;
00673     int              cntPriGid;
00674     gid_t          * secGid;
00675     int              cntSecGid;
00676     struct passwd  * root_info   = NULL;
00677     LDAP           * ld_handle   = NULL;
00678     int              rc;
00679     int              ldap_mess_id;
00680     LDAPMessage    * ldap_bind_msg = NULL;
00681     struct group   * grgid       = NULL;
00682 
00683     char           * tmplog      = NULL;
00684 
00685 
00686     /*
00687      * The beginning
00688      */
00689     lcmaps_log_debug(1,"%s\n", logstr);
00690 
00691     uid    = getCredentialData(UID,     &cntUid);
00692     priGid = getCredentialData(PRI_GID, &cntPriGid);
00693     secGid = getCredentialData(SEC_GID, &cntSecGid);
00694     lcmaps_log_debug(2, "%s: number of uids: %d, priGids: %d, secGids: %d\n", logstr, cntUid, cntPriGid, cntSecGid);
00695 
00696 
00697     // Check amount of uid's, pri-gid's and sec-gid's with the set maximum
00698     lcmaps_log_debug(2, "%s: maxuid = %d, MAX_UNDEFINED = %d\n", logstr, maxuid, MAX_UNDEFINED);
00699     if (maxuid != MAX_UNDEFINED)
00700     {
00701         lcmaps_log_debug(2, "%s: max number of uids: %d\n", logstr, maxuid);
00702         if (cntUid > maxuid)
00703         {
00704             lcmaps_log(0, "%s: Error, the set amount of uid's gathered exceeds the maximum of %d uid('s) by %d\n", logstr, maxuid, (cntUid - maxuid));
00705             goto fail_ldap;
00706         }
00707     }
00708     if (maxpgid != MAX_UNDEFINED)
00709     {
00710         lcmaps_log_debug(2, "%s: max number of primary gid('s): %d\n", logstr, maxpgid);
00711         if (cntPriGid > maxpgid)
00712         {
00713             lcmaps_log(0, "%s: Error, The set amount of primary gid's gathered exceeds the maximum of %d primary gid('s) by %d\n", logstr, maxpgid, (cntPriGid - maxpgid));
00714             goto fail_ldap;
00715         }
00716     }
00717     if (maxsgid != MAX_UNDEFINED)
00718     {
00719         lcmaps_log_debug(2, "%s: max number of secondary gid's: %d\n", logstr, maxsgid);
00720         if (cntSecGid > maxsgid)
00721         {
00722             lcmaps_log(0, "%s: Error, The set amount of secondary gid's gathered exceeds the maximum of %d secondary gid's by %d\n", logstr, maxsgid, (cntSecGid - maxsgid));
00723             goto fail_ldap;
00724         }
00725     }
00726 
00727 
00728     // You must be ROOT
00729     if (getuid() != 0)
00730     {
00731         lcmaps_log(0, "%s: You are not ROOT!  -> %d\n", logstr, getuid());
00732         goto fail_ldap;
00733     }
00734 
00735     // Only done to get name of root (normally "root")
00736     if ((root_info=getpwuid(0)) == NULL)
00737     {
00738         lcmaps_log(0, "%s: cannot get passwd info for root\n", logstr);
00739         if (errno==ENOMEM)
00740             lcmaps_log(0, "%s: %s\n", logstr, strerror(errno));
00741         goto fail_ldap;
00742     }
00743 
00744     /* Get a handle to an LDAP connection. */
00745     if ( (ld_handle = ldap_init( hostname, port)) == NULL )
00746     {
00747       lcmaps_log(0, "%s: no handle to LDAP server on %s using port %s -> %s\n", logstr, hostname, port, strerror(errno));
00748       goto fail_ldap;
00749     }
00750     lcmaps_log_debug(3, "%s: handle to LDAP server successfull\n", logstr);
00751 
00752     /* Bind to the LDAP server. check if timeout is specified, if not, do ldap_simple_bind_s() (blocking)*/
00753     lcmaps_log_debug(3, "%s: dn_manager: %s\n", logstr, dn_manager);
00754     lcmaps_log_debug(5,"%s: ldap_pw is--->%s<---\n", logstr, ldap_pw);
00755     if ((timeout.tv_sec == (time_t) 0) && (timeout.tv_usec == (suseconds_t) 0))
00756     {
00757       rc = ldap_simple_bind_s( ld_handle, dn_manager, ldap_pw);
00758       if ( rc != LDAP_SUCCESS )
00759       {
00760         lcmaps_log(0,"%s: Error binding to ldap server with ldap_simple_bind_s() -> %s\n", logstr, ldap_err2string(rc));
00761         goto fail_ldap;
00762       }
00763       lcmaps_log_debug(3, "%s: bind to LDAP server successfull\n", logstr);
00764     }
00765     else
00766     {
00767       /* First get ldap message id for the asynchronous bind ldap_simple_bind()*/
00768       ldap_mess_id = ldap_simple_bind( ld_handle, dn_manager, ldap_pw);
00769       lcmaps_log_debug(5,"%s: ldap_simple_bind() returned this message id: %d\n", logstr, ldap_mess_id);
00770       if (ldap_mess_id == -1)
00771       {
00772         lcmaps_log(0,"%s: Error binding to ldap server with ldap_simple_bind() ->", logstr);
00773         ldap_perror(ld_handle, " ");
00774         goto fail_ldap;
00775       }
00776 
00777       /*
00778        * Then get the result with timeout (rc contains the message type (should be LDAP_RES_BIND),
00779        * 0 if timeout reached ot -1 in case of error
00780        */
00781       rc = ldap_result(ld_handle, ldap_mess_id, 0, &timeout, &ldap_bind_msg);
00782       lcmaps_log_debug(5,"%s: ldap_result() returned this message id  : %d\n", logstr, ldap_msgid(ldap_bind_msg));
00783       lcmaps_log_debug(5,"%s: ldap_result() returned this message type: 0x%x\n", logstr, ldap_msgtype(ldap_bind_msg));
00784       if ( rc == LDAP_RES_BIND )
00785       {
00786         lcmaps_log_debug(3, "%s: bind to LDAP server successfull\n", logstr);
00787       }
00788       else if ( rc == 0 )
00789       {
00790         lcmaps_log(0,"%s: Error, time out occurred in binding to ldap server -> (timeout = %d s)\n", logstr, 0);
00791         goto fail_ldap;
00792       }
00793       else
00794       {
00795         lcmaps_log(0,"%s: Error getting handle to ldap server  -> %s (rc = %d)\n", logstr, rc);
00796         goto fail_ldap;
00797       }
00798       lcmaps_log_debug(5,"%s: freeing ldap msg\n", logstr);
00799       if (ldap_bind_msg)
00800       {
00801         ldap_msgfree(ldap_bind_msg);
00802         ldap_bind_msg = NULL;
00803       }
00804     }
00805 
00806     /* get username */
00807     if (cntUid < 1)
00808     {
00809         lcmaps_log(0,"%s: Error, found no userid in credential data repository (failure)\n", logstr);
00810         goto fail_ldap;
00811     }
00812     lcmaps_log_debug(3, "%s: uid = %d\n", logstr, (int) *uid );
00813     user_info = getpwuid( *uid);
00814     if (user_info == NULL)
00815     {
00816         lcmaps_log(0, "%s: Error, no pw_name associated with uid: %d\n", logstr, uid);
00817         goto fail_ldap;
00818     }
00819     lcmaps_log_debug(3, "%s: uidname = %s\n", logstr, user_info->pw_name );
00820 
00821     /* get the primary gid */
00822     if (cntPriGid >= 1)
00823     {
00824         grgid = getgrgid((gid_t) priGid[0]);
00825         if (grgid != NULL)
00826         {
00827             lcmaps_log_debug(3, "%s: priGidName = %s\n", logstr, grgid->gr_name);
00828             /* set the pgid */
00829              if ( lcmaps_set_pgid(user_info->pw_name, grgid->gr_name, (gid_t)(int) grgid->gr_gid, ld_handle, sb_user) != 0 )
00830              {
00831                  lcmaps_log(0, "%s: lcmaps_set_pgid failed for user=%s, pri group=%s, pri gid=%d\n", logstr,
00832                             user_info->pw_name, grgid->gr_name, (int) grgid->gr_gid);
00833                  goto fail_ldap;
00834              }
00835              // Add to log if succesfull
00836              else
00837              {
00838                   // Log User ID with it's Username
00839                   tmplog = (char *) malloc (MAX_LOG_BUFFER_SIZE * sizeof(char));
00840                   snprintf(tmplog, MAX_LOG_BUFFER_SIZE-1, "%d(%s)", user_info->pw_uid, user_info->pw_name);
00841                   log_cred("UID", tmplog);
00842                   if (tmplog) free(tmplog); tmplog = NULL;
00843 
00844                   // Primary Group ID and Group Name
00845                   tmplog = (char *) malloc (MAX_LOG_BUFFER_SIZE * sizeof(char));
00846                   snprintf(tmplog, MAX_LOG_BUFFER_SIZE-1, "%d(%s)", grgid->gr_gid, grgid->gr_name);
00847                   log_cred("PGID", tmplog);
00848                   if (tmplog) free(tmplog); tmplog = NULL;
00849              }
00850         }
00851         else
00852         {
00853             lcmaps_log(0, "%s: Error, No grgid name associated with primary gid number: %d\n", logstr, (int) priGid[0]);
00854             goto fail_ldap;
00855         }
00856     }
00857 
00858     /* loop over secondary gids */
00859     i=0;
00860     while (i < cntSecGid)
00861     {
00862         lcmaps_log_debug(3, "%s: secGid = %d\n", logstr, (int) secGid[i]);
00863         grgid = getgrgid((gid_t) secGid[i]);
00864         if (grgid != NULL)
00865         {
00866             lcmaps_log_debug(3, "%s: secGidName = %s\n", logstr, grgid->gr_name);
00867 
00868             if ( lcmaps_add_username_to_ldapgroup(user_info->pw_name, grgid->gr_name, (gid_t)(int) grgid->gr_gid, ld_handle, sb_groups) != 0 )
00869             {
00870                 if (require_all_groups == 1)
00871                 {
00872                     lcmaps_log(0, "%s: failure for user=%s, group=%s, gid=%d\n", logstr,
00873                            user_info->pw_name, grgid->gr_name, (int) grgid->gr_gid);
00874                     lcmaps_log(0, "%s: (failure)\n", logstr);
00875                     goto fail_ldap;
00876                 }
00877                 else
00878                 {
00879                     lcmaps_log_debug(1, "%s: failure for user=%s, group=%s, gid=%d\n", logstr,
00880                            user_info->pw_name, grgid->gr_name, (int) grgid->gr_gid);
00881                 }
00882             }
00883             else
00884             {
00885                 // Add the secondary group IDs & names
00886                 tmplog = (char *) malloc (MAX_LOG_BUFFER_SIZE * sizeof(char));
00887                 snprintf(tmplog, MAX_LOG_BUFFER_SIZE-1, "%d(%s)", grgid->gr_gid, grgid->gr_name);
00888                 log_cred("SGID", tmplog);
00889                 if (tmplog) free(tmplog); tmplog = NULL;
00890             }
00891         }
00892         else
00893         {
00894             lcmaps_log(0, "%s: Error, No grgid name associated with gid number: %d\n", logstr, (int) secGid[i]);
00895         }
00896         i++;
00897     }
00898 
00899 
00900     // Log Enforced Credential Data
00901     log_cred("LOG", "");
00902 
00903 
00904     /* succes */
00905  success_ldap:
00906     if (ld_handle) ldap_unbind_s(ld_handle);
00907     lcmaps_log_time(0,"%s: ldap_enf plugin succeeded\n", logstr);
00908     return LCMAPS_MOD_SUCCESS;
00909 
00910  fail_ldap:
00911     // added:
00912     if (ldap_bind_msg)
00913     {
00914       ldap_msgfree(ldap_bind_msg);
00915       ldap_bind_msg = NULL;
00916     }
00917     if (ld_handle) ldap_unbind_s(ld_handle);
00918     if (list) free(list);
00919     lcmaps_log_time(0,"%s: ldap_enf plugin failed\n", logstr);
00920     return LCMAPS_MOD_FAIL;
00921 }
00922 
00923 /******************************************************************************
00924 Function:   plugin_terminate
00925 Description:
00926     Terminate plugin
00927 Parameters:
00928 
00929 Returns:
00930     LCMAPS_MOD_SUCCESS : succes
00931     LCMAPS_MOD_FAIL    : failure
00932 ******************************************************************************/
00933 int plugin_terminate()
00934 {
00935     char *              logstr = "\tlcmaps_plugin_ldap_enf-plugin_terminate()";
00936 
00937     lcmaps_log_debug(1,"%s: terminating\n", logstr);
00938 
00939     if (sb_user)
00940     {
00941         free(sb_user);
00942         sb_user = NULL;
00943     }
00944     if (sb_groups)
00945     {
00946         free(sb_groups);
00947         sb_groups = NULL;
00948     }
00949     if (ldap_pw)
00950     {
00951         free(ldap_pw);
00952         ldap_pw= NULL;
00953     }
00954     if (dn_manager)
00955     {
00956         free(dn_manager);
00957         dn_manager = NULL;
00958     }
00959     if (hostname)
00960     {
00961         free(hostname);
00962         hostname = NULL;
00963     }
00964     if (ldap_dn)
00965     {
00966         free(ldap_dn);
00967         ldap_dn = NULL;
00968     }
00969 
00970     return LCMAPS_MOD_SUCCESS;
00971 }
00972 
00973 /******************************************************************************
00974 Function:   lcmaps_add_username_to_ldapgroup()
00975 
00976 Description:
00977     Adds the username to the appropriate (LDAP) group.
00978 
00979 Parameters:
00980     username:    the name of the user
00981     groupname:   the name of the group
00982     groupnumber: group id number
00983     ld_handle:   handle to LDAP
00984     searchBase:  dn search base
00985 
00986 Returns:
00987     0 on success.
00988    -1 on ldap failure
00989     1 on failure
00990 ******************************************************************************/
01016 static int lcmaps_add_username_to_ldapgroup(
01017         const char * username,
01018         const char * groupname,
01019         gid_t        groupnumber,
01020         LDAP       * ld_handle,
01021         const char * searchBase
01022     )
01023 {
01024     char *         logstr = "\tlcmaps_plugin_ldap_enf-lcmaps_add_username_to_ldapgroup()";
01025     int            i = 0;
01026     int            filtersize;
01027     char         * filterprefix = "(&(objectClass=posixGroup)(gidNumber=";
01028     char         * filter = NULL;
01029     char         * filtersuffix = "))";
01030     char         * memberUidfilter = ")(memberUid=";
01031     char         * memberfilter;
01032     LDAPMessage  * searchResult, *entry;
01033     char         * attribute, **values;
01034     struct timeval timeOut = {10,0};
01035     char           groupstr[10];
01036     char         * dn = NULL;
01037     BerElement   * ber;
01038     int            rc, entryCount, dnsize, membersize;
01039     char         * dnprefix = "cn=";
01040     LDAPMod        modGID;
01041     LDAPMod      * modify[2];
01042     char         * modifyDN;
01043     char         * GIDValue[2];
01044 
01045     if (! ld_handle)
01046     {
01047         lcmaps_log(0,"%s: empty ldap handle\n", logstr);
01048         return -1;
01049     }
01050     if (groupnumber > MAXGROUPNUM)
01051     {
01052         lcmaps_log(0,"%s: groupid (%d) too large, max = %d\n", logstr,
01053         groupnumber,MAXGROUPNUM);
01054         return 1;
01055     }
01056 
01057     snprintf(groupstr,(size_t)10,"%d",groupnumber);
01058     filtersize = strlen(filterprefix)+strlen(groupstr)+strlen(filtersuffix)+1;
01059     filter = (char *) malloc(filtersize*sizeof(char));
01060 
01061     snprintf(filter,(size_t)filtersize,"%s%s%s",filterprefix, groupstr, filtersuffix);
01062 
01063     lcmaps_log_debug(3,"%s: groupstr = %s\n", logstr,groupstr);
01064     lcmaps_log_debug(3,"%s: filter: %s, filtersize = %d\n", logstr,filter, filtersize);
01065     lcmaps_log_debug(3,"%s: username: %s, groupnumber = %d, ld_handle = %p, searchBase = %s\n", logstr,
01066                      username, groupnumber, ld_handle, searchBase);
01067 
01068     membersize = strlen(filterprefix) + strlen(groupstr) + strlen(memberUidfilter) + strlen(username) + strlen(filtersuffix) +1;
01069     memberfilter = (char *) malloc(membersize*sizeof(char));
01070     snprintf(memberfilter,(size_t)memberfilter,"%s%s%s%s%s",filterprefix, groupstr,memberUidfilter,username ,filtersuffix);
01071     lcmaps_log_debug(3,"%s: memberefilter: %s, membersize = %d\n", logstr,memberfilter, membersize);
01072 
01073     dnsize = strlen(dnprefix) + strlen(groupname)  + strlen(searchBase) +2;  // '/0' and ','
01074     modifyDN = (char *) malloc(dnsize*sizeof(char));
01075     snprintf(modifyDN,(size_t)dnsize,"%s%s,%s",dnprefix,groupname,searchBase );
01076     lcmaps_log_debug(3,"%s: modifyDN = %s\n", logstr,modifyDN);
01077     //modifyDN = "cn=tbadmin,ou=LocalGroups,dc=foobar,dc=ough";
01078 
01079 
01080     modGID.mod_op     = LDAP_MOD_ADD;
01081     modGID.mod_type   = "memberUid";
01082     GIDValue[0]       = strdup(username);
01083     GIDValue[1]       = NULL;
01084     modGID.mod_values = GIDValue;
01085 
01086     modify[0] = &modGID;
01087     modify[1] = NULL;
01088 
01089 
01090    /* Search the directory  to test if entry exists */
01091     rc = ldap_search_ext_s(
01092                     ld_handle,             /* LDAP session handle */
01093                     searchBase,            /* container to search */
01094                     LDAP_SCOPE_SUBTREE,
01095                     memberfilter,
01096                     NULL,                  /* return all attributes */
01097                     0,                     /* return attributes and values */
01098                     NULL,                  /* server controls */
01099                     NULL,                  /* client controls */
01100                     &timeOut,              /* search timeout */
01101                     LDAP_NO_LIMIT,         /* no size limit */
01102                     &searchResult );       /* returned results */
01103 
01104     if ( rc != LDAP_SUCCESS )
01105     {
01106         lcmaps_log(0,"%s: ldap_search_ext_s error: %s\n", logstr, ldap_err2string( rc ));
01107         free(GIDValue[0]);
01108         free(filter);
01109         free(modifyDN);
01110         free(memberfilter);
01111         return -1;
01112     }
01113 
01114     entryCount = ldap_count_entries( ld_handle, searchResult );
01115     lcmaps_log_debug(3,"%s: Search completed successfully. Entries returned: %d\n", logstr, entryCount);
01116 
01117     if ( entryCount != 0)
01118     {
01119         lcmaps_log_debug(3,"%s: No add, allready exists:  modifyDN = %s\n", logstr,modifyDN);
01120         free(GIDValue[0]);
01121         free(filter);
01122         free(modifyDN);
01123         free(memberfilter);
01124         ldap_msgfree( searchResult );
01125         return 0;
01126     }
01127 
01128     /* if not exists, add the entry  */
01129     rc= ldap_modify_ext_s( ld_handle,  /* LDAP session handle */
01130                            modifyDN,   /* the object to modify */
01131                            modify,     /* array of LDAPMod structures */
01132                            NULL,       /* server controls */
01133                            NULL);      /* client controls */
01134 
01135     if ( rc != LDAP_SUCCESS )
01136     {
01137         lcmaps_log(0,"%s: ldap_modify_ext_s failed for group %s(%d): %s\n", logstr, groupname, groupnumber, ldap_err2string( rc ));
01138         free(GIDValue[0]);
01139         free(filter);
01140         free(modifyDN);
01141         free(memberfilter);
01142         return -1;
01143     }
01144     lcmaps_log_debug(3,"%s: %s modified successfully.\n", logstr, modifyDN);
01145 
01146 
01147    /* Search the directory */
01148    /* this is an extra test, could be removed */
01149     rc = ldap_search_ext_s(
01150                     ld_handle,             /* LDAP session handle */
01151                     searchBase,            /* container to search */
01152                     LDAP_SCOPE_SUBTREE,
01153                     filter,
01154 //                    &attrstr,              /* return all attributes */
01155                     NULL,                  /* return all attributes */
01156                     0,                     /* return attributes and values */
01157                     NULL,                  /* server controls */
01158                     NULL,                  /* client controls */
01159                     &timeOut,              /* search timeout */
01160                     LDAP_NO_LIMIT,         /* no size limit */
01161                     &searchResult );       /* returned results */
01162 
01163     if ( rc != LDAP_SUCCESS )
01164     {
01165         lcmaps_log(0,"%s: ldap_search_ext_s error: %s\n", logstr, ldap_err2string( rc ));
01166         free(GIDValue[0]);
01167         free(filter);
01168         free(modifyDN);
01169         free(memberfilter);
01170         ldap_msgfree( searchResult );
01171         return -1;
01172     }
01173 
01174     /* Go through the search results by checking entries */
01175     for (   entry   =   ldap_first_entry( ld_handle, searchResult );
01176             entry   !=  NULL;
01177             entry   =   ldap_next_entry( ld_handle, entry ) )
01178     {
01179         if (( dn = ldap_get_dn( ld_handle, entry )) != NULL )
01180         {
01181             lcmaps_log_debug(3,"%s: -->  dn: %s\n", logstr, dn);
01182             ldap_memfree( dn );
01183         }
01184        for (   attribute = ldap_first_attribute( ld_handle, entry, &ber );
01185                 attribute != NULL;
01186                 attribute = ldap_next_attribute( ld_handle, entry, ber ) )
01187         {
01188             /* Get values and print.  Assumes all values are strings. */
01189             if (( values = ldap_get_values( ld_handle, entry, attribute)) != NULL )
01190             {
01191                 for ( i = 0; values[i] != NULL; i++ )
01192                     lcmaps_log_debug(3,"%s:        %s: %s\n", logstr, attribute, values[i]);
01193                 ldap_value_free( values );
01194             }
01195             ldap_memfree( attribute );
01196         }
01197 
01198         ber_free(ber, 0);
01199     }
01200 
01201     entryCount = ldap_count_entries( ld_handle, searchResult );
01202     lcmaps_log_debug(3,"%s: Search completed successfully. Entries returned: %d\n", logstr, entryCount);
01203 
01204     ldap_msgfree( searchResult );
01205     free(GIDValue[0]);
01206     free(filter);
01207     free(modifyDN);
01208     free(memberfilter);
01209 
01210 
01211     return 0;
01212 }
01213 
01214 /******************************************************************************
01215 Function:   lcmaps_set_pgid()
01216 
01217 Description:
01218     Sets the primary group ID
01219 
01220 Parameters:
01221     username:     the name of the user
01222     pgroupname:   the name of the primary group
01223     pgroupnumber: primary group id number
01224     ld_handle:    handle to LDAP
01225     searchBase:   dn search base
01226 
01227 Returns:
01228     0 on success.
01229    -1 on ldap failure
01230     1 on failure
01231 ******************************************************************************/
01255 static int lcmaps_set_pgid(
01256         const char * username,
01257         const char * pgroupname,
01258         gid_t        pgroupnumber,
01259         LDAP       * ld_handle,
01260         const char * searchBase
01261     )
01262 {
01263     char *         logstr = "\tlcmaps_plugin_ldap_enf-lcmaps_set_pgid()";
01264     int            rc, dnsize;
01265     char           prigroupstr[10];
01266     LDAPMod        modGID;
01267     LDAPMod      * modify[2];
01268     char         * modifyDN = NULL;
01269     char         * GIDValue[2];
01270     char         * dnprefix = "uid=";
01271 
01272 
01273     /* print incoming vars: */
01274     lcmaps_log_debug(1, "%s: parameters: user=%s, pri group=%s, pri gid=%d\n", logstr,
01275                username, pgroupname, (int) pgroupnumber);
01276 
01277     if (! ld_handle)
01278     {
01279         lcmaps_log(0,"%s: empty ldap handle\n", logstr);
01280         return -1;
01281     }
01282     if (pgroupnumber > MAXGROUPNUM)
01283     {
01284         lcmaps_log(0,"%s: pgroupid (%d) too large, max = %d\n", logstr,
01285         pgroupnumber,MAXGROUPNUM);
01286         return 1;
01287     }
01288 
01289     snprintf(prigroupstr,(size_t)10,"%d", pgroupnumber);
01290 
01291     /* modifyDN    the object to modify */
01292     dnsize = strlen(dnprefix) + strlen(username)  + strlen(searchBase) +3;  // '/0' and ','
01293     modifyDN = (char *) malloc(dnsize*sizeof(char));
01294     snprintf(modifyDN,(size_t)dnsize,"%s%s, %s",dnprefix,username,searchBase );
01295     lcmaps_log_debug(3,"%s: modifyDN = %s\n", logstr,modifyDN);
01296 
01297 
01298     modGID.mod_op     = LDAP_MOD_REPLACE;
01299     modGID.mod_type   = "gidNumber";
01300     GIDValue[0]       = prigroupstr;
01301     GIDValue[1]       = NULL;
01302     modGID.mod_values = GIDValue;
01303 
01304     modify[0] = &modGID;
01305     modify[1] = NULL;
01306 
01307 
01308     /* modify the entry  */
01309     rc= ldap_modify_ext_s( ld_handle,  /* LDAP session handle */
01310                            modifyDN,   /* the object to modify */
01311                            modify,     /* array of LDAPMod structures */
01312                            NULL,       /* server controls */
01313                            NULL);      /* client controls */
01314 
01315     if ( rc != LDAP_SUCCESS )
01316     {
01317         lcmaps_log(0,"%s: ldap_modify_ext_s failed: %s\n", logstr, ldap_err2string( rc ));
01318         /* free mem */
01319         free(modifyDN);
01320         return -1;
01321     }
01322     lcmaps_log_debug(3,"%s: %s modified successfully.\n", logstr, modifyDN);
01323 
01324     /* free mem */
01325     free(modifyDN);
01326 
01327     return 0;
01328 }
01329 
01330 
01331 /******************************************************************************
01332 Function:   lcmaps_get_ldap_pw()
01333 
01334 Description:
01335     Get the LDAP password from file
01336 
01337 Parameters:
01338     path:   path to the ldap_pw file containing the password
01339     ldap_passwd : variable to set the password in
01340 
01341 Returns:
01342     0 on success.
01343     1 on failure
01344 ******************************************************************************/
01363 static int lcmaps_get_ldap_pw(
01364         const char * path,
01365         char       ** ldap_passwd
01366     )
01367 {
01368     char *        logstr = "\tlcmaps_plugin_ldap_enf-lcmaps_get_ldap_pw()";
01369     FILE        * fp = NULL;
01370     struct stat   buf;
01371     int           c;
01372     int           count = 0;
01373     char        * temppwd = NULL;
01374 
01375     lcmaps_log_debug(3,"%s: path: %s \n", logstr, path);
01376 
01377     /* get the stats of the file */
01378     if ((stat(path, &buf)) == -1)
01379     {
01380         lcmaps_log(0, "%s: unable to get stat of ldap_pw file: %s\n", logstr, path);
01381         return 1;
01382     }
01383 
01384     /* test if it's a file */
01385     if ( !(S_ISREG(buf.st_mode)))
01386     {
01387         lcmaps_log(0, "%s: ldap_pw file is not a file: %s\n", logstr, path);
01388         return 1;
01389     }
01390     /* test if root is owner */
01391     if (buf.st_uid != 0) {
01392         lcmaps_log(0, "%s: ldap_pw file is not owned by root (readonly for root) : %s\n", logstr, path);
01393         return 1;
01394     }
01395 
01396     /* test if file has the access bits set correctly */
01397     if ((0000777  & (buf.st_mode) ) != S_IRUSR )
01398     {
01399         lcmaps_log(0, "%s: ldap_pw file has incorrect accessibility (readonly for root) : %s\n", logstr, path);
01400         return 1;
01401     }
01402 
01403     /* try to open the file */
01404     if ((fp = fopen(path, "r")) == NULL)
01405     {
01406         lcmaps_log(0, "%s: unable to open ldap_pw file: %s\n", logstr, path);
01407         return 1;
01408     }
01409 
01410     /* read the passwd from the file */
01411     /* I thought tabs and spaces were not allowed in the passwd, but they are, so
01412      * restore original line
01413      */
01414 //    while ((c = getc(fp)) != EOF && (strchr(WHITESPACE_CHARS, c) == NULL)) count++;
01415     while ((c = getc(fp)) != EOF && (c != '\n')) count++;
01416     temppwd = (char *) malloc(count * sizeof(char) + 2);
01417 
01418     if ((fseek(fp, 0L, SEEK_SET)) != 0)
01419     {
01420         lcmaps_log(0, "%s: unable to reset the fp\n", logstr);
01421         fclose(fp);
01422         return 1;
01423     }
01424 
01425     if ((fgets(temppwd, count+1, fp)) == NULL )
01426     {
01427         lcmaps_log(0, "%s: unable to read the password: fgets failed\n", logstr);
01428         fclose(fp);
01429         return 1;
01430     }
01431 
01432     fclose(fp);
01433     lcmaps_log_debug(3,"%s: password: %s\n", logstr, temppwd);
01434 //    *ldap_passwd = strdup(" s t\ts   ");
01435     *ldap_passwd = strdup(temppwd);
01436 
01437     /* free mem */
01438     if (temppwd) free(temppwd);
01439 
01440     return 0;
01441 }
01442 /******************************************************************************
01443 CVS Information:
01444     $Source: /cvs/fabric_mgt/gridification/lcmaps/modules/ldap_enf/lcmaps_ldap.c,v $
01445     $Date: 2004/02/27 15:41:06 $
01446     $Revision: 1.34 $
01447     $Author: martijn $
01448 ******************************************************************************/
Generated at Thu Mar 4 17:39:03 2004 for edg-lcmaps by doxygen1.2.8.1 written by Dimitri van Heesch, © 1997-2001