From 54fa8908ca0eb97e5437371c5f33d1b58524889d Mon Sep 17 00:00:00 2001 From: janw Date: Fri, 8 Feb 2008 07:19:53 +0000 Subject: [PATCH] Added sanity check to beware of broken ldap config on client. Will not write config if ldap_base is empty. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8773 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-si/client/events/corefunctions.pm | 264 +++++++++++++------------ gosa-si/gosa-si-server | 52 ++--- 2 files changed, 162 insertions(+), 154 deletions(-) diff --git a/gosa-si/client/events/corefunctions.pm b/gosa-si/client/events/corefunctions.pm index 888fc8c79..de0539aa8 100644 --- a/gosa-si/client/events/corefunctions.pm +++ b/gosa-si/client/events/corefunctions.pm @@ -164,147 +164,153 @@ sub server_leaving { sub new_ldap_config { - my ($msg, $msg_hash) = @_ ; - - if( $ldap_enabled != 1 ) { - return; - } + my ($msg, $msg_hash) = @_ ; - my $element; - my @ldap_uris; - my $ldap_base; - my @ldap_options; - my @pam_options; - my @nss_options; - my $goto_admin; - my $goto_secret; - my $admin_base= ""; - my $department= ""; - my $unit_tag; - - # Transform input into array - while ( my ($key, $value) = each(%$msg_hash) ) { - if ($key =~ /^(source|target|header)$/) { - next; + if( $ldap_enabled != 1 ) { + return; } - foreach $element (@$value) { - if ($key =~ /^ldap_uri$/) { - push (@ldap_uris, $element); - next; - } - if ($key =~ /^ldap_base$/) { - $ldap_base= $element; - next; - } - if ($key =~ /^goto_admin$/) { - $goto_admin= $element; - next; - } - if ($key =~ /^goto_secret$/) { - $goto_secret= $element; - next; - } - if ($key =~ /^ldap_cfg$/) { - push (@ldap_options, "$element"); - next; - } - if ($key =~ /^pam_cfg$/) { - push (@pam_options, "$element"); + my $element; + my @ldap_uris; + my $ldap_base; + my @ldap_options; + my @pam_options; + my @nss_options; + my $goto_admin; + my $goto_secret; + my $admin_base= ""; + my $department= ""; + my $unit_tag; + + # Transform input into array + while ( my ($key, $value) = each(%$msg_hash) ) { + if ($key =~ /^(source|target|header)$/) { next; } - if ($key =~ /^nss_cfg$/) { - push (@nss_options, "$element"); - next; - } - if ($key =~ /^admin_base$/) { - $admin_base= $element; - next; - } - if ($key =~ /^department$/) { - $department= $element; - next; - } - if ($key =~ /^unit_tag$/) { - $unit_tag= $element; - next; + + foreach $element (@$value) { + if ($key =~ /^ldap_uri$/) { + push (@ldap_uris, $element); + next; + } + if ($key =~ /^ldap_base$/) { + $ldap_base= $element; + next; + } + if ($key =~ /^goto_admin$/) { + $goto_admin= $element; + next; + } + if ($key =~ /^goto_secret$/) { + $goto_secret= $element; + next; + } + if ($key =~ /^ldap_cfg$/) { + push (@ldap_options, "$element"); + next; + } + if ($key =~ /^pam_cfg$/) { + push (@pam_options, "$element"); + next; + } + if ($key =~ /^nss_cfg$/) { + push (@nss_options, "$element"); + next; + } + if ($key =~ /^admin_base$/) { + $admin_base= $element; + next; + } + if ($key =~ /^department$/) { + $department= $element; + next; + } + if ($key =~ /^unit_tag$/) { + $unit_tag= $element; + next; + } } } - } - # Unit tagging enabled? - if (defined $unit_tag){ - push (@pam_options, "pam_filter gosaUnitTag=$unit_tag"); - push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag"); - push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag"); - } + # Unit tagging enabled? + if (defined $unit_tag){ + push (@pam_options, "pam_filter gosaUnitTag=$unit_tag"); + push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag"); + push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag"); + } - # Setup ldap.conf - my $file1; - my $file2; - open(file1, "> $ldap_config"); - print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file1 "URI"; - foreach $element (@ldap_uris) { - print file1 " $element"; - } - print file1 "\nBASE $ldap_base\n"; - foreach $element (@ldap_options) { - print file1 "$element\n"; - } - close (file1); - daemon_log("wrote $ldap_config", 5); - - # Setup pam_ldap.conf / libnss_ldap.conf - open(file1, "> $pam_config"); - open(file2, "> $nss_config"); - print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n"; - print file1 "uri"; - print file2 "uri"; - foreach $element (@ldap_uris) { - print file1 " $element"; - print file2 " $element"; - } - print file1 "\nbase $ldap_base\n"; - print file2 "\nbase $ldap_base\n"; - foreach $element (@pam_options) { - print file1 "$element\n"; - } - foreach $element (@nss_options) { - print file2 "$element\n"; - } - close (file2); - daemon_log("wrote $nss_config", 5); - close (file1); - daemon_log("wrote $pam_config", 5); - - # Create goto.secrets if told so - for compatibility reasons - if (defined $goto_admin){ - open(file1, "> /etc/goto/secret"); - close(file1); - chown(0,0, "/etc/goto/secret"); - chmod(0600, "/etc/goto/secret"); - open(file1, "> /etc/goto/secret"); - print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n"; - close(file1); - daemon_log("wrote /etc/goto/secret", 5); - } + # Sanity check + if(! ref($ldap_base) eq '') { + daemon_log("Received empty LDAP config. Don't write anything.", 1); + return; + } - + # Setup ldap.conf + my $file1; + my $file2; + open(file1, "> $ldap_config"); + print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; + print file1 "URI"; + foreach $element (@ldap_uris) { + print file1 " $element"; + } + print file1 "\nBASE $ldap_base\n"; + foreach $element (@ldap_options) { + print file1 "$element\n"; + } + close (file1); + daemon_log("wrote $ldap_config", 5); + + # Setup pam_ldap.conf / libnss_ldap.conf + open(file1, "> $pam_config"); + open(file2, "> $nss_config"); + print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n"; + print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n"; + print file1 "uri"; + print file2 "uri"; + foreach $element (@ldap_uris) { + print file1 " $element"; + print file2 " $element"; + } + print file1 "\nbase $ldap_base\n"; + print file2 "\nbase $ldap_base\n"; + foreach $element (@pam_options) { + print file1 "$element\n"; + } + foreach $element (@nss_options) { + print file2 "$element\n"; + } + close (file2); + daemon_log("wrote $nss_config", 5); + close (file1); + daemon_log("wrote $pam_config", 5); + + # Create goto.secrets if told so - for compatibility reasons + if (defined $goto_admin){ + open(file1, "> /etc/goto/secret"); + close(file1); + chown(0,0, "/etc/goto/secret"); + chmod(0600, "/etc/goto/secret"); + open(file1, "> /etc/goto/secret"); + print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n"; + close(file1); + daemon_log("wrote /etc/goto/secret", 5); + } - # Write shell based config - my $cfg_name= dirname($ldap_config)."/ldap-shell.conf"; - open(file1, "> $cfg_name"); - print file1 "LDAP_BASE=\"$ldap_base\"\n"; - print file1 "ADMIN_BASE=\"$admin_base\"\n"; - print file1 "DEPARTMENT=\"$department\"\n"; - print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n"; - print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n"; - close(file1); - daemon_log("wrote $cfg_name", 5); - return; + + # Write shell based config + my $cfg_name= dirname($ldap_config)."/ldap-shell.conf"; + open(file1, "> $cfg_name"); + print file1 "LDAP_BASE=\"$ldap_base\"\n"; + print file1 "ADMIN_BASE=\"$admin_base\"\n"; + print file1 "DEPARTMENT=\"$department\"\n"; + print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n"; + print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n"; + close(file1); + daemon_log("wrote $cfg_name", 5); + + return; } diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server index 195ec65e1..3dbb629bb 100755 --- a/gosa-si/gosa-si-server +++ b/gosa-si/gosa-si-server @@ -744,31 +744,33 @@ sub client_input { # for each answer in answer list foreach my $answer ( @{$answer_l} ) { - my $error = 0; - # check answer if gosa-si envelope conform - my $answer_hash = $xml->XMLin($answer, ForceArray=>1); - $answer_header = @{$answer_hash->{'header'}}[0]; - @answer_target_l = @{$answer_hash->{'target'}}; - $answer_source = @{$answer_hash->{'source'}}[0]; - if( !$answer_header ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no header', 1); - daemon_log("\n$answer", 8); - $error++; - } - if( 0 == length @answer_target_l ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no targets', 1); - daemon_log("\n$answer", 8); - $error++; - } - if( !$answer_source ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no source', 1); - daemon_log("\n$answer", 8); - $error++; - } - - if( $error != 0 ) { - next; - } + my $error = 0; + # check answer if gosa-si envelope conform + if(defined($answer)) { + my $answer_hash = $xml->XMLin($answer, ForceArray=>1); + $answer_header = @{$answer_hash->{'header'}}[0]; + @answer_target_l = @{$answer_hash->{'target'}}; + $answer_source = @{$answer_hash->{'source'}}[0]; + if( !$answer_header ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no header', 1); + daemon_log("\n$answer", 8); + $error++; + } + if( 0 == length @answer_target_l ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no targets', 1); + daemon_log("\n$answer", 8); + $error++; + } + if( !$answer_source ) { + daemon_log('ERROR: module answer is not gosa-si envelope conform: no source', 1); + daemon_log("\n$answer", 8); + $error++; + } + + if( $error != 0 ) { + next; + } + } # deliver msg to all targets foreach my $answer_target ( @answer_target_l ) { -- 2.30.2