/* perform a simple search */
static void *worker(void *arg)
{
MYLDAP_SESSION *session;
MYLDAP_SEARCH *search;
MYLDAP_ENTRY *entry;
const char *attrs[] = { "uid", "cn", "gid", NULL };
struct worker_args *args=(struct worker_args *)arg;
int i;
int rc;
/* initialize session */
session=myldap_create_session();
assert(session!=NULL);
/* perform search */
search=myldap_search(session,nslcd_cfg->ldc_bases[0],
LDAP_SCOPE_SUBTREE,
"(objectclass=posixAccount)",
attrs,NULL);
assert(search!=NULL);
/* go over results */
for (i=0;(entry=myldap_get_entry(search,&rc))!=NULL;i++)
{
if (i<MAXRESULTS)
printf("test_myldap: test_threads(): [worker %d] [%d] DN %s\n",args->id,i,myldap_get_dn(entry));
else if (i==MAXRESULTS)
printf("test_myldap: test_threads(): [worker %d] ...\n",args->id);
}
printf("test_myldap: test_threads(): [worker %d] DONE: %s\n",args->id,ldap_err2string(rc));
assert(rc==LDAP_SUCCESS);
/* clean up */
myldap_session_close(session);
return 0;
}
static MYLDAP_SESSION *get_session(const char *binddn, const char *userdn,
const char *password, int *rcp)
{
MYLDAP_SESSION *session;
char buffer[BUFLEN_DN];
/* set up a new connection */
session = myldap_create_session();
if (session == NULL)
{
*rcp = LDAP_UNAVAILABLE;
return NULL;
}
/* set up credentials for the session */
if (myldap_set_credentials(session, binddn, password))
return NULL;
/* perform search for own object (just to do any kind of search to set
up the connection with fail-over) */
if ((lookup_dn2uid(session, userdn, rcp, buffer, sizeof(buffer)) == NULL) ||
(*rcp != LDAP_SUCCESS))
{
myldap_session_close(session);
return NULL;
}
return session;
}
static void test_get_rdnvalues(void)
{
MYLDAP_SESSION *session;
MYLDAP_SEARCH *search;
MYLDAP_ENTRY *entry;
const char *attrs[] = { "cn", "uid", NULL };
int rc;
char buf[80];
/* initialize session */
printf("test_myldap: test_get_rdnvalues(): getting session...\n");
session=myldap_create_session();
assert(session!=NULL);
/* perform search */
printf("test_myldap: test_get_rdnvalues(): doing search...\n");
search=myldap_search(session,"cn=Aka Ashbach+uid=aashbach,ou=lotsofpeople,dc=test,dc=tld",
LDAP_SCOPE_BASE,
"(objectClass=*)",
attrs,NULL);
assert(search!=NULL);
/* get one entry */
entry=myldap_get_entry(search,&rc);
assert(entry!=NULL);
printf("test_myldap: test_get_rdnvalues(): got DN %s\n",myldap_get_dn(entry));
/* get some values from DN */
printf("test_myldap: test_get_rdnvalues(): DN.uid=%s\n",myldap_get_rdn_value(entry,"uid"));
printf("test_myldap: test_get_rdnvalues(): DN.cn=%s\n",myldap_get_rdn_value(entry,"cn"));
printf("test_myldap: test_get_rdnvalues(): DN.uidNumber=%s\n",myldap_get_rdn_value(entry,"uidNumber"));
/* clean up */
myldap_session_close(session);
/* some tests */
printf("test_myldap: test_get_rdnvalues(): DN.uid=%s\n",myldap_cpy_rdn_value("cn=Aka Ashbach+uid=aashbach,ou=lotsofpeople,dc=test,dc=tld","uid",buf,sizeof(buf)));
printf("test_myldap: test_get_rdnvalues(): DN.cn=%s\n",myldap_cpy_rdn_value("cn=Aka Ashbach+uid=aashbach,ou=lotsofpeople,dc=test,dc=tld","cn",buf,sizeof(buf)));
printf("test_myldap: test_get_rdnvalues(): DN.uidNumber=%s\n",myldap_cpy_rdn_value("cn=Aka Ashbach+uid=aashbach,ou=lotsofpeople,dc=test,dc=tld","uidNumber",buf,sizeof(buf)));
}
/* this method tests to see if we can perform two searches within
one session */
static void test_two_searches(void)
{
MYLDAP_SESSION *session;
MYLDAP_SEARCH *search1,*search2;
MYLDAP_ENTRY *entry;
const char *attrs[] = { "uidNumber", "cn", "gidNumber", "uid", "objectClass", NULL };
const char **vals;
/* initialize session */
printf("test_myldap: test_two_searches(): getting session...\n");
session=myldap_create_session();
assert(session!=NULL);
/* perform search1 */
search1=myldap_search(session,nslcd_cfg->ldc_bases[0],
LDAP_SCOPE_SUBTREE,
"(&(objectClass=posixAccount)(uid=*))",
attrs,NULL);
assert(search1!=NULL);
/* get a result from search1 */
entry=myldap_get_entry(search1,NULL);
assert(entry!=NULL);
printf("test_myldap: test_two_searches(): [search1] DN %s\n",myldap_get_dn(entry));
vals=myldap_get_values(entry,"cn");
assert((vals!=NULL)&&(vals[0]!=NULL));
printf("test_myldap: test_two_searches(): [search1] cn=%s\n",vals[0]);
/* start a second search */
search2=myldap_search(session,nslcd_cfg->ldc_bases[0],
LDAP_SCOPE_SUBTREE,
"(&(objectclass=posixGroup)(gidNumber=*))",
attrs,NULL);
assert(search2!=NULL);
/* get a result from search2 */
entry=myldap_get_entry(search2,NULL);
assert(entry!=NULL);
printf("test_myldap: test_two_searches(): [search2] DN %s\n",myldap_get_dn(entry));
vals=myldap_get_values(entry,"cn");
assert((vals!=NULL)&&(vals[0]!=NULL));
printf("test_myldap: test_two_searches(): [search2] cn=%s\n",vals[0]);
/* get another result from search1 */
entry=myldap_get_entry(search1,NULL);
assert(entry!=NULL);
printf("test_myldap: test_two_searches(): [search1] DN %s\n",myldap_get_dn(entry));
vals=myldap_get_values(entry,"cn");
assert((vals!=NULL)&&(vals[0]!=NULL));
printf("test_myldap: test_two_searches(): [search1] cn=%s\n",vals[0]);
/* stop search1 */
myldap_search_close(search1);
/* get another result from search2 */
entry=myldap_get_entry(search2,NULL);
assert(entry!=NULL);
printf("test_myldap: test_two_searches(): [search2] DN %s\n",myldap_get_dn(entry));
vals=myldap_get_values(entry,"cn");
assert((vals!=NULL)&&(vals[0]!=NULL));
printf("test_myldap: test_two_searches(): [search2] cn=%s\n",vals[0]);
/* clean up */
myldap_session_close(session);
}
/* This search prints a number of attributes from a search */
static void test_get_values(void)
{
MYLDAP_SESSION *session;
MYLDAP_SEARCH *search;
MYLDAP_ENTRY *entry;
const char *attrs[] = { "uidNumber", "cn", "gidNumber", "uid", "objectClass", NULL };
const char **vals;
const char *rdnval;
int i;
/* initialize session */
printf("test_myldap: test_get_values(): getting session...\n");
session=myldap_create_session();
assert(session!=NULL);
/* perform search */
search=myldap_search(session,nslcd_cfg->ldc_bases[0],
LDAP_SCOPE_SUBTREE,
"(&(objectClass=posixAccount)(uid=*))",
attrs,NULL);
assert(search!=NULL);
/* go over results */
for (i=0;(entry=myldap_get_entry(search,NULL))!=NULL;i++)
{
if (i<MAXRESULTS)
printf("test_myldap: test_get_values(): [%d] DN %s\n",i,myldap_get_dn(entry));
else if (i==MAXRESULTS)
printf("test_myldap: test_get_values(): ...\n");
/* try to get uid from attribute */
vals=myldap_get_values(entry,"uidNumber");
assert((vals!=NULL)&&(vals[0]!=NULL));
if (i<MAXRESULTS)
printf("test_myldap: test_get_values(): [%d] uidNumber=%s\n",i,vals[0]);
/* try to get gid from attribute */
vals=myldap_get_values(entry,"gidNumber");
assert((vals!=NULL)&&(vals[0]!=NULL));
if (i<MAXRESULTS)
printf("test_myldap: test_get_values(): [%d] gidNumber=%s\n",i,vals[0]);
/* write LDF_STRING(PASSWD_NAME) */
vals=myldap_get_values(entry,"uid");
assert((vals!=NULL)&&(vals[0]!=NULL));
if (i<MAXRESULTS)
printf("test_myldap: test_get_values(): [%d] uid=%s\n",i,vals[0]);
/* get rdn values */
rdnval=myldap_get_rdn_value(entry,"cn");
if (i<MAXRESULTS)
printf("test_myldap: test_get_values(): [%d] cdrdn=%s\n",i,rdnval==NULL?"NULL":rdnval);
rdnval=myldap_get_rdn_value(entry,"uid");
if (i<MAXRESULTS)
printf("test_myldap: test_get_values(): [%d] uidrdn=%s\n",i,rdnval==NULL?"NULL":rdnval);
/* check objectclass */
assert(myldap_has_objectclass(entry,"posixAccount"));
}
/* clean up */
myldap_session_close(session);
}
/* This is a very basic search test, it performs a test to get certain
entries from the database. It currently just prints out the DNs for
the entries. */
static void test_search(void)
{
MYLDAP_SESSION *session;
MYLDAP_SEARCH *search;
MYLDAP_ENTRY *entry;
const char *attrs[] = { "uid", "cn", "gid", NULL };
int i;
int rc;
/* initialize session */
printf("test_myldap: test_search(): getting session...\n");
session=myldap_create_session();
assert(session!=NULL);
/* perform search */
printf("test_myldap: test_search(): doing search...\n");
search=myldap_search(session,nslcd_cfg->ldc_bases[0],
LDAP_SCOPE_SUBTREE,
"(objectclass=posixAccount)",
attrs,NULL);
assert(search!=NULL);
/* go over results */
printf("test_myldap: test_search(): get results...\n");
for (i=0;(entry=myldap_get_entry(search,&rc))!=NULL;i++)
{
if (i<MAXRESULTS)
printf("test_myldap: test_search(): [%d] DN %s\n",i,myldap_get_dn(entry));
else if (i==MAXRESULTS)
printf("test_myldap: test_search(): ...\n");
}
printf("test_myldap: test_search(): %d entries returned: %s\n",i,ldap_err2string(rc));
assert(rc==LDAP_SUCCESS);
/* perform another search */
printf("test_myldap: test_search(): doing search...\n");
search=myldap_search(session,nslcd_cfg->ldc_bases[0],
LDAP_SCOPE_SUBTREE,
"(objectclass=posixGroup)",
attrs,NULL);
assert(search!=NULL);
/* go over results */
printf("test_myldap: test_search(): get results...\n");
for (i=0;(entry=myldap_get_entry(search,&rc))!=NULL;i++)
{
if (i<MAXRESULTS)
printf("test_myldap: test_search(): [%d] DN %s\n",i,myldap_get_dn(entry));
else if (i==MAXRESULTS)
printf("test_myldap: test_search(): ...\n");
}
printf("test_myldap: test_search(): %d entries returned: %s\n",i,ldap_err2string(rc));
assert(rc==LDAP_SUCCESS);
/* clean up */
myldap_session_close(session);
}
static void test_get(void)
{
MYLDAP_SESSION *session;
MYLDAP_SEARCH *search1,*search2;
MYLDAP_ENTRY *entry;
const char *attrs1[] = { "cn", "userPassword", "memberUid", "gidNumber", "member", NULL };
const char *attrs2[] = { "uid", NULL };
int rc;
/* initialize session */
printf("test_myldap: test_get(): getting session...\n");
session=myldap_create_session();
assert(session!=NULL);
/* perform search */
printf("test_myldap: test_get(): doing search...\n");
search1=myldap_search(session,nslcd_cfg->ldc_bases[0],
LDAP_SCOPE_SUBTREE,
"(&(|(objectClass=posixGroup)(objectClass=groupOfNames))(cn=testgroup2))",
attrs1,NULL);
assert(search1!=NULL);
/* get one entry */
entry=myldap_get_entry(search1,&rc);
assert(entry!=NULL);
printf("test_myldap: test_get(): got DN %s\n",myldap_get_dn(entry));
/* get some attribute values */
(void)myldap_get_values(entry,"gidNumber");
(void)myldap_get_values(entry,"userPassword");
(void)myldap_get_values(entry,"memberUid");
(void)myldap_get_values(entry,"member");
/* perform another search */
printf("test_myldap: test_get(): doing get...\n");
search2=myldap_search(session,"cn=Test User2,ou=people,dc=test,dc=tld",
LDAP_SCOPE_BASE,
"(objectclass=posixAccount)",
attrs2,NULL);
assert(search2!=NULL);
/* get one entry */
entry=myldap_get_entry(search2,&rc);
assert(entry!=NULL);
printf("test_myldap: test_get(): got DN %s\n",myldap_get_dn(entry));
/* test if searches are ok */
assert(myldap_get_entry(search1,&rc)==NULL);
assert(myldap_get_entry(search2,&rc)==NULL);
/* clean up */
myldap_session_close(session);
}
static void test_connections(void)
{
MYLDAP_SESSION *session;
MYLDAP_SEARCH *search;
const char *attrs[] = { "uid", "cn", "gid", NULL };
char *old_uris[NSS_LDAP_CONFIG_URI_MAX+1];
int i;
/* save the old URIs */
for (i=0;i<(NSS_LDAP_CONFIG_URI_MAX+1);i++)
{
old_uris[i]=nslcd_cfg->ldc_uris[i].uri;
nslcd_cfg->ldc_uris[i].uri=NULL;
}
/* set new URIs */
i=0;
nslcd_cfg->ldc_uris[i++].uri="ldapi://%2fdev%2fnull/";
nslcd_cfg->ldc_uris[i++].uri="ldap://10.10.10.10/";
nslcd_cfg->ldc_uris[i++].uri="ldapi://%2fdev%2fnonexistent/";
nslcd_cfg->ldc_uris[i++].uri="ldap://nosuchhost/";
nslcd_cfg->ldc_uris[i++].uri=NULL;
/* initialize session */
printf("test_myldap: test_connections(): getting session...\n");
session=myldap_create_session();
assert(session!=NULL);
/* perform search */
printf("test_myldap: test_connections(): doing search...\n");
search=myldap_search(session,nslcd_cfg->ldc_bases[0],
LDAP_SCOPE_SUBTREE,
"(objectclass=posixAccount)",
attrs,NULL);
assert(search==NULL);
/* clean up */
myldap_session_close(session);
/* restore the old URIs */
for (i=0;i<(NSS_LDAP_CONFIG_URI_MAX+1);i++)
nslcd_cfg->ldc_uris[i].uri=old_uris[i];
}
int nslcd_usermod(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid)
{
int32_t tmpint32;
int rc = LDAP_SUCCESS;
char username[BUFLEN_NAME];
int asroot, isroot;
char password[BUFLEN_PASSWORD];
int32_t param;
char buffer[4096];
size_t buflen = sizeof(buffer);
size_t bufptr = 0;
const char *value = NULL;
const char *fullname = NULL, *roomnumber = NULL, *workphone = NULL;
const char *homephone = NULL, *other = NULL, *homedir = NULL;
const char *shell = NULL;
const char *binddn = NULL; /* the user performing the modification */
MYLDAP_ENTRY *entry;
MYLDAP_SESSION *newsession;
char errmsg[BUFLEN_MESSAGE];
/* read request parameters */
READ_STRING(fp, username);
READ_INT32(fp, asroot);
READ_STRING(fp, password);
/* read the usermod parameters */
while (1)
{
READ_INT32(fp, param);
if (param == NSLCD_USERMOD_END)
break;
READ_BUF_STRING(fp, value);
switch (param)
{
case NSLCD_USERMOD_FULLNAME: fullname = value; break;
case NSLCD_USERMOD_ROOMNUMBER: roomnumber = value; break;
case NSLCD_USERMOD_WORKPHONE: workphone = value; break;
case NSLCD_USERMOD_HOMEPHONE: homephone = value; break;
case NSLCD_USERMOD_OTHER: other = value; break;
case NSLCD_USERMOD_HOMEDIR: homedir = value; break;
case NSLCD_USERMOD_SHELL: shell = value; break;
default: /* other parameters are silently ignored */ break;
}
}
/* log call */
log_setrequest("usermod=\"%s\"", username);
log_log(LOG_DEBUG, "nslcd_usermod(\"%s\",%s,\"%s\")",
username, asroot ? "asroot" : "asuser", *password ? "***" : "");
if (fullname != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(fullname=\"%s\")", fullname);
if (roomnumber != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(roomnumber=\"%s\")", roomnumber);
if (workphone != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(workphone=\"%s\")", workphone);
if (homephone != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(homephone=\"%s\")", homephone);
if (other != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(other=\"%s\")", other);
if (homedir != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(homedir=\"%s\")", homedir);
if (shell != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(shell=\"%s\")", shell);
/* write the response header */
WRITE_INT32(fp, NSLCD_VERSION);
WRITE_INT32(fp, NSLCD_ACTION_USERMOD);
/* validate request */
entry = validate_user(session, username, &rc);
if (entry == NULL)
{
/* for user not found we just say no result, otherwise break the protocol */
if (rc == LDAP_NO_SUCH_OBJECT)
{
WRITE_INT32(fp, NSLCD_RESULT_END);
}
return -1;
}
/* check if it is a modification as root */
isroot = (calleruid == 0) && asroot;
if (asroot)
{
if (nslcd_cfg->rootpwmoddn == NULL)
{
log_log(LOG_NOTICE, "rootpwmoddn not configured");
/* we break the protocol */
return -1;
}
binddn = nslcd_cfg->rootpwmoddn;
/* check if rootpwmodpw should be used */
if ((*password == '\0') && isroot && (nslcd_cfg->rootpwmodpw != NULL))
{
if (strlen(nslcd_cfg->rootpwmodpw) >= sizeof(password))
{
log_log(LOG_ERR, "nslcd_pam_pwmod(): rootpwmodpw will not fit in password");
return -1;
}
strcpy(password, nslcd_cfg->rootpwmodpw);
}
}
else
binddn = myldap_get_dn(entry);
WRITE_INT32(fp, NSLCD_RESULT_BEGIN);
/* home directory change requires either root or valid directory */
if ((homedir != NULL) && (!isroot) && !is_valid_homedir(homedir))
{
log_log(LOG_NOTICE, "invalid directory: %s", homedir);
WRITE_INT32(fp, NSLCD_USERMOD_HOMEDIR);
WRITE_STRING(fp, "invalid directory");
homedir = NULL;
}
/* shell change requires either root or a valid shell */
if ((shell != NULL) && (!isroot) && !is_valid_shell(shell))
{
log_log(LOG_NOTICE, "invalid shell: %s", shell);
WRITE_INT32(fp, NSLCD_USERMOD_SHELL);
WRITE_STRING(fp, "invalid shell");
shell = NULL;
}
/* perform requested changes */
newsession = get_session(binddn, myldap_get_dn(entry), password, &rc);
if (newsession != NULL)
{
rc = change(newsession, myldap_get_dn(entry), homedir, shell);
myldap_session_close(newsession);
}
/* return response to caller */
if (rc != LDAP_SUCCESS)
{
log_log(LOG_WARNING, "%s: modification failed: %s",
myldap_get_dn(entry), ldap_err2string(rc));
mysnprintf(errmsg, sizeof(errmsg) - 1, "change failed: %s", ldap_err2string(rc));
WRITE_INT32(fp, NSLCD_USERMOD_RESULT);
WRITE_STRING(fp, errmsg);
WRITE_INT32(fp, NSLCD_USERMOD_END);
WRITE_INT32(fp, NSLCD_RESULT_END);
return 0;
}
log_log(LOG_NOTICE, "changed information for %s", myldap_get_dn(entry));
WRITE_INT32(fp, NSLCD_USERMOD_END);
WRITE_INT32(fp, NSLCD_RESULT_END);
return 0;
}
static void worker_cleanup(void *arg)
{
MYLDAP_SESSION *session = (MYLDAP_SESSION *)arg;
myldap_session_close(session);
}
