/* read a passwd entry from the stream */
static nss_status_t read_passwd(
TFILE *fp,struct passwd *result,
char *buffer,size_t buflen,int *errnop)
{
int32_t tmpint32;
size_t bufptr=0;
READ_BUF_STRING(fp,result->pw_name);
READ_BUF_STRING(fp,result->pw_passwd);
READ_TYPE(fp,result->pw_uid,uid_t);
READ_TYPE(fp,result->pw_gid,gid_t);
READ_BUF_STRING(fp,result->pw_gecos);
READ_BUF_STRING(fp,result->pw_dir);
READ_BUF_STRING(fp,result->pw_shell);
return NSS_STATUS_SUCCESS;
}
/* read a single services result entry from the stream */
static nss_status_t read_servent(
TFILE *fp,struct servent *result,
char *buffer,size_t buflen,int *errnop)
{
int32_t tmpint32,tmp2int32,tmp3int32;
size_t bufptr=0;
READ_BUF_STRING(fp,result->s_name);
READ_BUF_STRINGLIST(fp,result->s_aliases);
/* store port number in network byte order */
READ_TYPE(fp,tmpint32,int32_t);
result->s_port=htons((uint16_t)tmpint32);
READ_BUF_STRING(fp,result->s_proto);
/* we're done */
return NSS_STATUS_SUCCESS;
}
/* read a passwd entry from the stream */
static nss_status_t read_passwd(TFILE *fp, struct passwd *result,
char *buffer, size_t buflen, int *errnop)
{
int32_t tmpint32;
size_t bufptr = 0;
memset(result, 0, sizeof(struct passwd));
READ_BUF_STRING(fp, result->pw_name);
READ_BUF_STRING(fp, result->pw_passwd);
READ_INT32(fp, result->pw_uid);
READ_INT32(fp, result->pw_gid);
READ_BUF_STRING(fp, result->pw_gecos);
READ_BUF_STRING(fp, result->pw_dir);
READ_BUF_STRING(fp, result->pw_shell);
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
/* set the user access class to an empty string */
result->pw_class = result->pw_name + strlen(result->pw_name);
#endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
return NSS_STATUS_SUCCESS;
}
/* read an alias entry from the stream */
static nss_status_t read_aliasent(
TFILE *fp,struct aliasent *result,
char *buffer,size_t buflen,int *errnop)
{
int32_t tmpint32,tmp2int32,tmp3int32;
size_t bufptr=0;
/* read the name of the alias */
READ_BUF_STRING(fp,result->alias_name);
/* read the members */
READ_BUF_STRINGLIST(fp,result->alias_members);
/* tmp3int32 holds the number of entries read */
result->alias_members_len=tmp3int32;
/* fill in remaining gaps in struct */
result->alias_local=0;
/* we're done */
return NSS_STATUS_SUCCESS;
}
/* read a single host entry from the stream, filtering on the
specified address family, result is stored in result
it will an empty entry if no addresses in the address family
were available */
static nss_status_t read_hostent(
TFILE *fp,int af,struct hostent *result,
char *buffer,size_t buflen,int *errnop,int *h_errnop)
{
int32_t tmpint32,tmp2int32,tmp3int32;
int32_t numaddr;
int i;
int readaf;
size_t bufptr=0;
/* read the host entry */
READ_BUF_STRING(fp,result->h_name);
READ_BUF_STRINGLIST(fp,result->h_aliases);
result->h_addrtype=af;
result->h_length=0;
/* read number of addresses to follow */
READ_INT32(fp,numaddr);
/* allocate memory for array */
/* Note: this may allocate too much memory (e.g. also for
address records of other address families) but
this is a simple way to do it */
BUF_ALLOC(fp,result->h_addr_list,char *,numaddr+1);
/* go through the address list and filter on af */
i=0;
while (--numaddr>=0)
{
/* read address family and size */
READ_INT32(fp,readaf);
READ_INT32(fp,tmp2int32);
if (readaf==af)
{
/* read the address */
result->h_length=tmp2int32;
READ_BUF(fp,result->h_addr_list[i++],tmp2int32);
}
else
{
SKIP(fp,tmpint32);
}
}
/* null-terminate address list */
result->h_addr_list[i]=NULL;
return NSS_STATUS_SUCCESS;
}
int nslcd_usermod(TFILE *fp, MYLDAP_SESSION *session, uid_t calleruid)
{
int32_t tmpint32;
int rc = LDAP_SUCCESS;
char username[BUFLEN_NAME];
int asroot, isroot;
char password[BUFLEN_PASSWORD];
int32_t param;
char buffer[4096];
size_t buflen = sizeof(buffer);
size_t bufptr = 0;
const char *value = NULL;
const char *fullname = NULL, *roomnumber = NULL, *workphone = NULL;
const char *homephone = NULL, *other = NULL, *homedir = NULL;
const char *shell = NULL;
const char *binddn = NULL; /* the user performing the modification */
MYLDAP_ENTRY *entry;
MYLDAP_SESSION *newsession;
char errmsg[BUFLEN_MESSAGE];
/* read request parameters */
READ_STRING(fp, username);
READ_INT32(fp, asroot);
READ_STRING(fp, password);
/* read the usermod parameters */
while (1)
{
READ_INT32(fp, param);
if (param == NSLCD_USERMOD_END)
break;
READ_BUF_STRING(fp, value);
switch (param)
{
case NSLCD_USERMOD_FULLNAME: fullname = value; break;
case NSLCD_USERMOD_ROOMNUMBER: roomnumber = value; break;
case NSLCD_USERMOD_WORKPHONE: workphone = value; break;
case NSLCD_USERMOD_HOMEPHONE: homephone = value; break;
case NSLCD_USERMOD_OTHER: other = value; break;
case NSLCD_USERMOD_HOMEDIR: homedir = value; break;
case NSLCD_USERMOD_SHELL: shell = value; break;
default: /* other parameters are silently ignored */ break;
}
}
/* log call */
log_setrequest("usermod=\"%s\"", username);
log_log(LOG_DEBUG, "nslcd_usermod(\"%s\",%s,\"%s\")",
username, asroot ? "asroot" : "asuser", *password ? "***" : "");
if (fullname != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(fullname=\"%s\")", fullname);
if (roomnumber != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(roomnumber=\"%s\")", roomnumber);
if (workphone != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(workphone=\"%s\")", workphone);
if (homephone != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(homephone=\"%s\")", homephone);
if (other != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(other=\"%s\")", other);
if (homedir != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(homedir=\"%s\")", homedir);
if (shell != NULL)
log_log(LOG_DEBUG, "nslcd_usermod(shell=\"%s\")", shell);
/* write the response header */
WRITE_INT32(fp, NSLCD_VERSION);
WRITE_INT32(fp, NSLCD_ACTION_USERMOD);
/* validate request */
entry = validate_user(session, username, &rc);
if (entry == NULL)
{
/* for user not found we just say no result, otherwise break the protocol */
if (rc == LDAP_NO_SUCH_OBJECT)
{
WRITE_INT32(fp, NSLCD_RESULT_END);
}
return -1;
}
/* check if it is a modification as root */
isroot = (calleruid == 0) && asroot;
if (asroot)
{
if (nslcd_cfg->rootpwmoddn == NULL)
{
log_log(LOG_NOTICE, "rootpwmoddn not configured");
/* we break the protocol */
return -1;
}
binddn = nslcd_cfg->rootpwmoddn;
/* check if rootpwmodpw should be used */
if ((*password == '\0') && isroot && (nslcd_cfg->rootpwmodpw != NULL))
{
if (strlen(nslcd_cfg->rootpwmodpw) >= sizeof(password))
{
log_log(LOG_ERR, "nslcd_pam_pwmod(): rootpwmodpw will not fit in password");
return -1;
}
strcpy(password, nslcd_cfg->rootpwmodpw);
}
}
else
binddn = myldap_get_dn(entry);
WRITE_INT32(fp, NSLCD_RESULT_BEGIN);
/* home directory change requires either root or valid directory */
if ((homedir != NULL) && (!isroot) && !is_valid_homedir(homedir))
{
log_log(LOG_NOTICE, "invalid directory: %s", homedir);
WRITE_INT32(fp, NSLCD_USERMOD_HOMEDIR);
WRITE_STRING(fp, "invalid directory");
homedir = NULL;
}
/* shell change requires either root or a valid shell */
if ((shell != NULL) && (!isroot) && !is_valid_shell(shell))
{
log_log(LOG_NOTICE, "invalid shell: %s", shell);
WRITE_INT32(fp, NSLCD_USERMOD_SHELL);
WRITE_STRING(fp, "invalid shell");
shell = NULL;
}
/* perform requested changes */
newsession = get_session(binddn, myldap_get_dn(entry), password, &rc);
if (newsession != NULL)
{
rc = change(newsession, myldap_get_dn(entry), homedir, shell);
myldap_session_close(newsession);
}
/* return response to caller */
if (rc != LDAP_SUCCESS)
{
log_log(LOG_WARNING, "%s: modification failed: %s",
myldap_get_dn(entry), ldap_err2string(rc));
mysnprintf(errmsg, sizeof(errmsg) - 1, "change failed: %s", ldap_err2string(rc));
WRITE_INT32(fp, NSLCD_USERMOD_RESULT);
WRITE_STRING(fp, errmsg);
WRITE_INT32(fp, NSLCD_USERMOD_END);
WRITE_INT32(fp, NSLCD_RESULT_END);
return 0;
}
log_log(LOG_NOTICE, "changed information for %s", myldap_get_dn(entry));
WRITE_INT32(fp, NSLCD_USERMOD_END);
WRITE_INT32(fp, NSLCD_RESULT_END);
return 0;
}
