From 30cba8deb2dec2cccae7c19838d4219b0b2b7975 Mon Sep 17 00:00:00 2001
From: nalin
Table of Contents
Table of Contents
In many applications, particularly those which perform some sort of administrative task, it becomes useful to separate the presentation (which needn't have any special privileges, and frequently shouldn't) @@ -61,7 +61,7 @@ potentially large number of clients.
The oddjob package implements such a server. -
The server provided by oddjob, oddjobd, provides services which appear to be indistinguishable from other services provided through @@ -100,7 +100,7 @@ implemented on web servers using scripting engines and applications which are implemented using the Common Gateway Interface (CGI). -
Take for example, a service which is provided by the well-known address "com.example.system_manager". This management service controls multiple systems, each of which is represented as a different @@ -120,7 +120,7 @@ Using oddjobd, the entire implementation can be synthesized by providing the proper configuration files and shell scripts. -
+
The D-BUS system bus enforces restrictions on which applications can reserve well-known bus addresses. It bases this restriction on the UID under which a client @@ -163,7 +163,7 @@ </policy> </busconfig>
-
The oddjobd configuration is normally read from
/etc/oddjobd.conf
, but in most deployments it
will direct the daemon to read all of the configuration files from
diff --git a/oddjob.spec b/oddjob.spec
index f7b3835..a6381af 100644
--- a/oddjob.spec
+++ b/oddjob.spec
@@ -1,14 +1,15 @@
-%define build_sample 1
+%define build_sample 0
Name: oddjob
-Version: 0.16
+Version: 0.17
Release: 0
-Source: oddjob-%{version}-0.tar.gz
-Summary: A D-BUS service which runs odd jobs.
+Source: http://people.redhat.com/nalin/oddjob/oddjob-%{version}-0.tar.gz
+Summary: A D-BUS service which runs odd jobs on behalf of client applications
License: BSD
Group: System Environment/Daemons
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
-BuildPrereq: dbus-devel >= 0.22, libselinux-devel, pam-devel, python-devel
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildPrereq: dbus-devel >= 0.22, libselinux-devel, libxml2-devel
+BuildPrereq: pam-devel, python-devel
Prereq: /sbin/chkconfig
%description
@@ -17,11 +18,13 @@ connect to it and issue requests using the system-wide message bus.
%package devel
Group: Development/Libraries
-Summary: Files for developing oddjob clients.
+Summary: Files for developing oddjob clients
+Requires: %{name} = %{version}-%{release}
%description devel
This package contains header files and static libraries which aid in the
-development of simple oddjob client applications.
+development of simple oddjob client applications. More complex clients
+can of course use D-BUS APIs directly.
%package sample
Group: System Environment/Daemons
@@ -35,41 +38,47 @@ This package contains a trivial sample oddjob service.
%setup -q -n %{name}-%{version}-0
%build
-%configure --without-selinux-acls --without-selinux-labels --without-python
-make all distclean
sample_flag=
%if %{build_sample}
sample_flag=--enable-sample
%endif
-%configure --with-selinux-acls=default --with-selinux-labels --with-python $sample_flag
-make
+%configure \
+ --disable-static \
+ --with-selinux-acls=default \
+ --with-selinux-labels \
+ --with-python \
+ --libexecdir=%{_libdir} \
+ $sample_flag
+make %{_smp_mflags}
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -fr "$RPM_BUILD_ROOT"
make install DESTDIR="$RPM_BUILD_ROOT"
-rm "$RPM_BUILD_ROOT"/%{_libdir}/security/*.la
-rm "$RPM_BUILD_ROOT"/%{_libdir}/security/*.a
+rm -f "$RPM_BUILD_ROOT"/%{_libdir}/security/*.la
+rm -f "$RPM_BUILD_ROOT"/%{_libdir}/security/*.a
if ! test -d "$RPM_BUILD_ROOT"/%{_lib}/security ; then
mkdir -p "$RPM_BUILD_ROOT"/%{_lib}/security
mv "$RPM_BUILD_ROOT"/%{_libdir}/security/*.so "$RPM_BUILD_ROOT"/%{_lib}/security/
fi
+# Recommended, though I disagree.
+rm -f "$RPM_BUILD_ROOT"/%{_libdir}/*.la
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -fr "$RPM_BUILD_ROOT"
%files
%defattr(-,root,root)
-%doc *.dtd COPYING python/sample.py doc/oddjob.html
-%config %{_initrddir}/oddjobd
+%doc *.dtd COPYING QUICKSTART python/sample.py doc/oddjob.html
+%config(noreplace) %{_initrddir}/oddjobd
%{_bindir}/*
%{_sbindir}/*
-%config %{_sysconfdir}/dbus-*/system.d/oddjob.conf
-%config %{_sysconfdir}/oddjobd.conf
+%config(noreplace) %{_sysconfdir}/dbus-*/system.d/oddjob.conf
+%config(noreplace) %{_sysconfdir}/oddjobd.conf
%dir %{_sysconfdir}/oddjobd.conf.d
%dir %{_sysconfdir}/%{name}
/%{_lib}/security/*.so
-%{_libexecdir}/%{name}/mkhomedir
-%{_libexecdir}/%{name}/sanity.sh
+%{_libdir}/%{name}/mkhomedir
+%{_libdir}/%{name}/sanity.sh
%{_mandir}/*/*.*
%{_libdir}/liboddjob.so.*
%{_libdir}/python*/site-packages/*
@@ -78,14 +87,12 @@ fi
%defattr(-,root,root)
%{_includedir}/*
%{_libdir}/pkgconfig/oddjob.pc
-%{_libdir}/liboddjob.la
%{_libdir}/liboddjob.so
-%{_libdir}/liboddjob.a
%if %{build_sample}
%files sample
%defattr(-,root,root)
-%{_libexecdir}/%{name}/oddjob-sample.sh
+%{_libdir}/%{name}/oddjob-sample.sh
%config %{_sysconfdir}/dbus-*/system.d/oddjob-sample.conf
%config %{_sysconfdir}/oddjobd.conf.d/oddjobd-sample.conf
%endif
@@ -99,5 +106,4 @@ if [ $1 -eq 0 ] ; then
/sbin/chkconfig --del oddjobd
fi
-%postun
-/sbin/ldconfig
+%postun -p /sbin/ldconfig
diff --git a/src/lookup/Makefile.am b/src/lookup/Makefile.am
index 7d34fb5..b255d55 100644
--- a/src/lookup/Makefile.am
+++ b/src/lookup/Makefile.am
@@ -1,3 +1,5 @@
+if ENABLE_EXPERIMENTAL
+
AM_CFLAGS = @KRB5_CFLAGS@
LDADD = liblookup.la ../liboddcommon.la @LDAP_LIBS@ @SASL_LIBS@ @KRB5_LIBS@
@@ -11,3 +13,5 @@ liblookup_la_SOURCES = \
plain.c plain.h \
gssapi.c gssapi.h
lookup_SOURCES = lookup.c
+
+endif
diff --git a/src/lookup/README b/src/lookup/README
new file mode 100644
index 0000000..a14c385
--- /dev/null
+++ b/src/lookup/README
@@ -0,0 +1,2 @@
+This code is mainly here while it's being developed. After that it'll probably
+be spun off into a different package.
diff --git a/src/lookup/ads.c b/src/lookup/ads.c
index 3404a79..8d22e89 100644
--- a/src/lookup/ads.c
+++ b/src/lookup/ads.c
@@ -77,6 +77,7 @@ lookup_ads_init(const char *detail)
int i;
krb5_principal princ;
krb5_creds creds;
+ char principal[sizeof(globals.machine_name) + sizeof(globals.realm) + 2];
putenv("KRB5CCNAME=MEMORY:_krb5_cc_lookup_ads");
@@ -91,8 +92,8 @@ lookup_ads_init(const char *detail)
return i;
}
princ = NULL;
- if ((i = krb5_parse_name(globals.ctx, globals.machine_name,
- &princ)) != 0) {
+ sprintf(principal, "%s@%s", globals.machine_name, globals.realm);
+ if ((i = krb5_parse_name(globals.ctx, principal, &princ)) != 0) {
lookup_ads_cleanup();
return i;
}
@@ -203,7 +204,7 @@ lookup_ads_search_free(char **values)
char *
lookup_ads_lookup(const char *user, const char *attribute)
{
- int i, j, version, referrals_set;
+ int i, j, version, referrals_set, attempt;
LDAPControl *serverControls, *clientControls;
char **namingcontexts, **values, *ret, *hostname, host[LINE_MAX];
void *referrals_requested;
@@ -238,15 +239,26 @@ lookup_ads_lookup(const char *user, const char *attribute)
}
}
}
- if (ldap_get_option(globals.ld,
- LDAP_OPT_HOST_NAME,
- &hostname) == 0) {
- snprintf(host, sizeof(host), "%s", hostname);
+ values = lookup_ads_search_text(globals.ld,
+ "",
+ LDAP_SCOPE_BASE,
+ "dnsHostName",
+ NULL);
+ if ((values != NULL) && (values[0] != NULL)) {
+ snprintf(host, sizeof(host), "%s", values[0]);
} else {
- snprintf(host, sizeof(host), "%s", globals.domain_controller);
+ if (ldap_get_option(globals.ld,
+ LDAP_OPT_HOST_NAME,
+ &hostname) == 0) {
+ snprintf(host, sizeof(host), "%s", hostname);
+ } else {
+ snprintf(host, sizeof(host), "%s",
+ globals.domain_controller);
+ }
+ }
+ if (values != NULL) {
+ lookup_ads_search_free(values);
}
- i = strcspn(host, ".");
- host[i] = '\0';
#if 0
if ((i = bind_cyrus_sasl(globals.ld, host)) != 0) {
ldap_unbind(globals.ld);
@@ -254,7 +266,8 @@ lookup_ads_lookup(const char *user, const char *attribute)
return NULL;
}
#elif 1
- if ((i = bind_gssapi(globals.ld, globals.machine_name, host)) != 0) {
+ if ((i = bind_gssapi(globals.ld, globals.machine_name,
+ host)) != 0) {
ldap_unbind(globals.ld);
globals.ld = NULL;
return NULL;
diff --git a/src/lookup/common.h b/src/lookup/common.h
index be7878c..f0b3c5c 100644
--- a/src/lookup/common.h
+++ b/src/lookup/common.h
@@ -37,6 +37,7 @@ struct globals {
LDAP *ld;
char domain_controller[HOST_NAME_MAX + 1];
char workgroup[HOST_NAME_MAX + 1];
+ char realm[HOST_NAME_MAX + 1];
char machine_name[HOST_NAME_MAX + 1];
char machine_password[HOST_NAME_MAX + 1];
};
diff --git a/src/lookup/gssapi.c b/src/lookup/gssapi.c
index 70a78b0..b16f54c 100644
--- a/src/lookup/gssapi.c
+++ b/src/lookup/gssapi.c
@@ -78,12 +78,13 @@ bind_gssapi(LDAP *ld, const char *myname, const char *servername)
major = gss_import_name(&minor, &input_name, GSS_C_NT_HOSTBASED_SERVICE,
&server_name);
if (major != GSS_S_COMPLETE) {
- printf("import_name(1): %x\n", major);
+ printf("import_name(ldap@%s,1): %x\n", servername, major);
return -1;
}
+ printf("import_name(ldap@%s,1): %x\n", servername, major);
free(input_name.value);
-#if 0
+#if 1
/* Figure out who we are. */
input_name.length = strlen(myname);
input_name.value = malloc(input_name.length + 1);
@@ -118,7 +119,8 @@ bind_gssapi(LDAP *ld, const char *myname, const char *servername)
supported_oids, GSS_C_INITIATE,
&creds, &mech_oids, &time_rec);
if (major != GSS_S_COMPLETE) {
- printf("acquire_cred: %x/%x: %s\n", major, minor, error_message(minor));
+ printf("acquire_cred: %x/%x: %s\n", major, minor,
+ error_message(minor));
return -1;
}
@@ -224,6 +226,8 @@ bind_gssapi(LDAP *ld, const char *myname, const char *servername)
break;
}
+ printf("%d\n", __LINE__);
+
/* If we need another round trip, process whatever we
* received and prepare data to be transmitted back. */
if (((init_major & GSS_S_CONTINUE_NEEDED) != 0) &&
diff --git a/src/lookup/lookup.c b/src/lookup/lookup.c
index cd8e251..1a1d35b 100644
--- a/src/lookup/lookup.c
+++ b/src/lookup/lookup.c
@@ -54,6 +54,8 @@ main(int argc, char **argv)
sizeof(globals.domain_controller),
"global/workgroup", &globals.workgroup[0],
sizeof(globals.workgroup),
+ "global/realm", &globals.realm[0],
+ sizeof(globals.realm),
"global/netbios name", &globals.machine_name[0],
sizeof(globals.machine_name),
NULL);
@@ -63,7 +65,11 @@ main(int argc, char **argv)
key, &globals.machine_password[0],
sizeof(globals.machine_password),
NULL);
-
+ printf("domain_controller: %s\n", globals.domain_controller);
+ printf("workgroup: %s\n", globals.workgroup);
+ printf("realm: %s\n", globals.realm);
+ printf("my name: %s\n", globals.machine_name);
+ printf("my password: %s\n", globals.machine_password);
i = lookup_ads_init(NULL);
if (i != 0) {
printf("error initializing lookup, continuing anyway\n");
diff --git a/src/lookup/scrape.c b/src/lookup/scrape.c
index fcc73ce..cd521ab 100644
--- a/src/lookup/scrape.c
+++ b/src/lookup/scrape.c
@@ -76,6 +76,7 @@ scrape_smbconf(const char *directive, ...)
va_end(args);
n_args = n;
+ scrape_args = NULL;
oddjob_resize_array((void **)&scrape_args, sizeof(scrape_args[0]),
0, n_args);
@@ -257,6 +258,7 @@ scrape_tdb(const char *path, ...)
va_end(args);
n_args = n;
+ scrape_args = NULL;
oddjob_resize_array((void **)&scrape_args, sizeof(scrape_args[0]),
0, n_args);
@@ -301,18 +303,30 @@ scrape_tdb(const char *path, ...)
thiskey = thisdata = NULL;
while (getline(&line, &n, fp) != -1) {
p = line + strspn(line, WHITESPACE);
- if ((strcspn(p, WHITESPACE "=") == 3) &&
+ if ((strcspn(p, WHITESPACE "=") >= 3) &&
(strncmp(p, "key", 3) == 0)) {
p += 3;
+ if (*p == '(') {
+ p += strcspn(p, ")");
+ if (*p == ')') {
+ p++;
+ }
+ }
p += strspn(p, WHITESPACE "=\"");
free(thiskey);
thiskey = strdup(p);
q = thiskey + strcspn(thiskey, "\"");
*q = '\0';
} else
- if ((strcspn(p, WHITESPACE "=") == 4) &&
+ if ((strcspn(p, WHITESPACE "=") >= 4) &&
(strncmp(p, "data", 4) == 0)) {
p += 4;
+ if (*p == '(') {
+ p += strcspn(p, ")");
+ if (*p == ')') {
+ p++;
+ }
+ }
p += strspn(p, WHITESPACE "=\"");
free(thisdata);
thisdata = strdup(p);
diff --git a/src/oddjob_dbus.c b/src/oddjob_dbus.c
index 9c3cf1a..863d33d 100644
--- a/src/oddjob_dbus.c
+++ b/src/oddjob_dbus.c
@@ -86,8 +86,7 @@ static int
oddjob_dbus_bind(DBusConnection *conn, const char *service_name)
{
#if DBUS_CHECK_VERSION(0,60)
- return dbus_bus_request_name(conn, service_name,
- 0, NULL);
+ return dbus_bus_request_name(conn, service_name, 0, NULL);
#elif DBUS_CHECK_VERSION(0,30)
return dbus_bus_request_name(conn, service_name,
DBUS_NAME_FLAG_PROHIBIT_REPLACEMENT, NULL);