From 30cba8deb2dec2cccae7c19838d4219b0b2b7975 Mon Sep 17 00:00:00 2001 From: nalin Date: Dec 20 2005 22:08:34 +0000 Subject: * oddjob.spec: modify to conform more closely to the Fedora Packaging Guidelines * TODO: add note about needing to gracefully handle message bus restarts * configure.ac: add an ENABLE_EXPERIMENTAL conditional. * src/Makefile.am: make the entire "lookup" subdirectory experimental --- diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..7783494 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,6 @@ +2005-12-20 nalin + * oddjob.spec: modify to conform more closely to the Fedora Packaging + Guidelines + * TODO: add note about needing to gracefully handle message bus restarts + * configure.ac: add an ENABLE_EXPERIMENTAL conditional. + * src/Makefile.am: make the entire "lookup" subdirectory experimental diff --git a/TODO b/TODO index 934a071..b2839e0 100644 --- a/TODO +++ b/TODO @@ -1,2 +1,3 @@ - Make oddjobd's services introspectable. http://dbus.freedesktop.org/doc/dbus-specification.html#introspection-format +- Handle bus restarts. diff --git a/autogen.maint b/autogen.maint index 45a527f..a15c9d8 100755 --- a/autogen.maint +++ b/autogen.maint @@ -1,3 +1,3 @@ #!/bin/bash autoreconf -i -CFLAGS=`rpm --eval '%{optflags}'`" -O0 -g3" ./configure --prefix=/usr --sysconfdir=/etc --enable-maintainer-mode --enable-xml-docs +CFLAGS=`rpm --eval '%{optflags}'`" -O0 -g3" ./configure --prefix=/usr --sysconfdir=/etc --enable-maintainer-mode --enable-xml-docs --enable-experimental diff --git a/configure.ac b/configure.ac index d57911b..ac31452 100644 --- a/configure.ac +++ b/configure.ac @@ -37,6 +37,12 @@ sample=$withval, sample=no) AM_CONDITIONAL(INSTALL_SAMPLE,test x$sample = xyes) +AC_ARG_ENABLE(experimental, +AS_HELP_STRING(--enable-experimental,[Build experimental helpers.]), +experimental=$withval, +experimental=no) +AM_CONDITIONAL(ENABLE_EXPERIMENTAL,test x$experimental = xyes) + selinux_labels=default AC_ARG_WITH(selinux-labels, AS_HELP_STRING(--with-selinux-labels,[Apply SELinux labels to files created by helpers.]), diff --git a/doc/oddjob.html b/doc/oddjob.html index 707f87d..3f678ca 100644 --- a/doc/oddjob.html +++ b/doc/oddjob.html @@ -8,7 +8,7 @@ unprivileged applications to invoke and take limited control of privileged applications by issuing requests using the D-BUS system message bus. -

Table of Contents

Background
oddjob
An Example
D-BUS Configuration
oddjobd Configuration
Configuring oddjobd

Background

+

Table of Contents

Background
oddjob
An Example
D-BUS Configuration
oddjobd Configuration
Configuring oddjobd

Background

In many applications, particularly those which perform some sort of administrative task, it becomes useful to separate the presentation (which needn't have any special privileges, and frequently shouldn't) @@ -61,7 +61,7 @@ potentially large number of clients.

The oddjob package implements such a server. -

oddjob

+

oddjob

The server provided by oddjob, oddjobd, provides services which appear to be indistinguishable from other services provided through @@ -100,7 +100,7 @@ implemented on web servers using scripting engines and applications which are implemented using the Common Gateway Interface (CGI). -

An Example

+

An Example

Take for example, a service which is provided by the well-known address "com.example.system_manager". This management service controls multiple systems, each of which is represented as a different @@ -120,7 +120,7 @@ Using oddjobd, the entire implementation can be synthesized by providing the proper configuration files and shell scripts. -

D-BUS Configuration

+

D-BUS Configuration

The D-BUS system bus enforces restrictions on which applications can reserve well-known bus addresses. It bases this restriction on the UID under which a client @@ -163,7 +163,7 @@ </policy> </busconfig>

-

oddjobd Configuration

+

oddjobd Configuration

The oddjobd daemon provides services which are implemented by external helper applications. The helpers are executed with superuser privileges, and receive their @@ -203,7 +203,7 @@ </object> </service> </oddjobconfig>

-

Configuring oddjobd

+

Configuring oddjobd

The oddjobd configuration is normally read from /etc/oddjobd.conf, but in most deployments it will direct the daemon to read all of the configuration files from diff --git a/oddjob.spec b/oddjob.spec index f7b3835..a6381af 100644 --- a/oddjob.spec +++ b/oddjob.spec @@ -1,14 +1,15 @@ -%define build_sample 1 +%define build_sample 0 Name: oddjob -Version: 0.16 +Version: 0.17 Release: 0 -Source: oddjob-%{version}-0.tar.gz -Summary: A D-BUS service which runs odd jobs. +Source: http://people.redhat.com/nalin/oddjob/oddjob-%{version}-0.tar.gz +Summary: A D-BUS service which runs odd jobs on behalf of client applications License: BSD Group: System Environment/Daemons -BuildRoot: %{_tmppath}/%{name}-%{version}-root -BuildPrereq: dbus-devel >= 0.22, libselinux-devel, pam-devel, python-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildPrereq: dbus-devel >= 0.22, libselinux-devel, libxml2-devel +BuildPrereq: pam-devel, python-devel Prereq: /sbin/chkconfig %description @@ -17,11 +18,13 @@ connect to it and issue requests using the system-wide message bus. %package devel Group: Development/Libraries -Summary: Files for developing oddjob clients. +Summary: Files for developing oddjob clients +Requires: %{name} = %{version}-%{release} %description devel This package contains header files and static libraries which aid in the -development of simple oddjob client applications. +development of simple oddjob client applications. More complex clients +can of course use D-BUS APIs directly. %package sample Group: System Environment/Daemons @@ -35,41 +38,47 @@ This package contains a trivial sample oddjob service. %setup -q -n %{name}-%{version}-0 %build -%configure --without-selinux-acls --without-selinux-labels --without-python -make all distclean sample_flag= %if %{build_sample} sample_flag=--enable-sample %endif -%configure --with-selinux-acls=default --with-selinux-labels --with-python $sample_flag -make +%configure \ + --disable-static \ + --with-selinux-acls=default \ + --with-selinux-labels \ + --with-python \ + --libexecdir=%{_libdir} \ + $sample_flag +make %{_smp_mflags} %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -fr "$RPM_BUILD_ROOT" make install DESTDIR="$RPM_BUILD_ROOT" -rm "$RPM_BUILD_ROOT"/%{_libdir}/security/*.la -rm "$RPM_BUILD_ROOT"/%{_libdir}/security/*.a +rm -f "$RPM_BUILD_ROOT"/%{_libdir}/security/*.la +rm -f "$RPM_BUILD_ROOT"/%{_libdir}/security/*.a if ! test -d "$RPM_BUILD_ROOT"/%{_lib}/security ; then mkdir -p "$RPM_BUILD_ROOT"/%{_lib}/security mv "$RPM_BUILD_ROOT"/%{_libdir}/security/*.so "$RPM_BUILD_ROOT"/%{_lib}/security/ fi +# Recommended, though I disagree. +rm -f "$RPM_BUILD_ROOT"/%{_libdir}/*.la %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -fr "$RPM_BUILD_ROOT" %files %defattr(-,root,root) -%doc *.dtd COPYING python/sample.py doc/oddjob.html -%config %{_initrddir}/oddjobd +%doc *.dtd COPYING QUICKSTART python/sample.py doc/oddjob.html +%config(noreplace) %{_initrddir}/oddjobd %{_bindir}/* %{_sbindir}/* -%config %{_sysconfdir}/dbus-*/system.d/oddjob.conf -%config %{_sysconfdir}/oddjobd.conf +%config(noreplace) %{_sysconfdir}/dbus-*/system.d/oddjob.conf +%config(noreplace) %{_sysconfdir}/oddjobd.conf %dir %{_sysconfdir}/oddjobd.conf.d %dir %{_sysconfdir}/%{name} /%{_lib}/security/*.so -%{_libexecdir}/%{name}/mkhomedir -%{_libexecdir}/%{name}/sanity.sh +%{_libdir}/%{name}/mkhomedir +%{_libdir}/%{name}/sanity.sh %{_mandir}/*/*.* %{_libdir}/liboddjob.so.* %{_libdir}/python*/site-packages/* @@ -78,14 +87,12 @@ fi %defattr(-,root,root) %{_includedir}/* %{_libdir}/pkgconfig/oddjob.pc -%{_libdir}/liboddjob.la %{_libdir}/liboddjob.so -%{_libdir}/liboddjob.a %if %{build_sample} %files sample %defattr(-,root,root) -%{_libexecdir}/%{name}/oddjob-sample.sh +%{_libdir}/%{name}/oddjob-sample.sh %config %{_sysconfdir}/dbus-*/system.d/oddjob-sample.conf %config %{_sysconfdir}/oddjobd.conf.d/oddjobd-sample.conf %endif @@ -99,5 +106,4 @@ if [ $1 -eq 0 ] ; then /sbin/chkconfig --del oddjobd fi -%postun -/sbin/ldconfig +%postun -p /sbin/ldconfig diff --git a/src/lookup/Makefile.am b/src/lookup/Makefile.am index 7d34fb5..b255d55 100644 --- a/src/lookup/Makefile.am +++ b/src/lookup/Makefile.am @@ -1,3 +1,5 @@ +if ENABLE_EXPERIMENTAL + AM_CFLAGS = @KRB5_CFLAGS@ LDADD = liblookup.la ../liboddcommon.la @LDAP_LIBS@ @SASL_LIBS@ @KRB5_LIBS@ @@ -11,3 +13,5 @@ liblookup_la_SOURCES = \ plain.c plain.h \ gssapi.c gssapi.h lookup_SOURCES = lookup.c + +endif diff --git a/src/lookup/README b/src/lookup/README new file mode 100644 index 0000000..a14c385 --- /dev/null +++ b/src/lookup/README @@ -0,0 +1,2 @@ +This code is mainly here while it's being developed. After that it'll probably +be spun off into a different package. diff --git a/src/lookup/ads.c b/src/lookup/ads.c index 3404a79..8d22e89 100644 --- a/src/lookup/ads.c +++ b/src/lookup/ads.c @@ -77,6 +77,7 @@ lookup_ads_init(const char *detail) int i; krb5_principal princ; krb5_creds creds; + char principal[sizeof(globals.machine_name) + sizeof(globals.realm) + 2]; putenv("KRB5CCNAME=MEMORY:_krb5_cc_lookup_ads"); @@ -91,8 +92,8 @@ lookup_ads_init(const char *detail) return i; } princ = NULL; - if ((i = krb5_parse_name(globals.ctx, globals.machine_name, - &princ)) != 0) { + sprintf(principal, "%s@%s", globals.machine_name, globals.realm); + if ((i = krb5_parse_name(globals.ctx, principal, &princ)) != 0) { lookup_ads_cleanup(); return i; } @@ -203,7 +204,7 @@ lookup_ads_search_free(char **values) char * lookup_ads_lookup(const char *user, const char *attribute) { - int i, j, version, referrals_set; + int i, j, version, referrals_set, attempt; LDAPControl *serverControls, *clientControls; char **namingcontexts, **values, *ret, *hostname, host[LINE_MAX]; void *referrals_requested; @@ -238,15 +239,26 @@ lookup_ads_lookup(const char *user, const char *attribute) } } } - if (ldap_get_option(globals.ld, - LDAP_OPT_HOST_NAME, - &hostname) == 0) { - snprintf(host, sizeof(host), "%s", hostname); + values = lookup_ads_search_text(globals.ld, + "", + LDAP_SCOPE_BASE, + "dnsHostName", + NULL); + if ((values != NULL) && (values[0] != NULL)) { + snprintf(host, sizeof(host), "%s", values[0]); } else { - snprintf(host, sizeof(host), "%s", globals.domain_controller); + if (ldap_get_option(globals.ld, + LDAP_OPT_HOST_NAME, + &hostname) == 0) { + snprintf(host, sizeof(host), "%s", hostname); + } else { + snprintf(host, sizeof(host), "%s", + globals.domain_controller); + } + } + if (values != NULL) { + lookup_ads_search_free(values); } - i = strcspn(host, "."); - host[i] = '\0'; #if 0 if ((i = bind_cyrus_sasl(globals.ld, host)) != 0) { ldap_unbind(globals.ld); @@ -254,7 +266,8 @@ lookup_ads_lookup(const char *user, const char *attribute) return NULL; } #elif 1 - if ((i = bind_gssapi(globals.ld, globals.machine_name, host)) != 0) { + if ((i = bind_gssapi(globals.ld, globals.machine_name, + host)) != 0) { ldap_unbind(globals.ld); globals.ld = NULL; return NULL; diff --git a/src/lookup/common.h b/src/lookup/common.h index be7878c..f0b3c5c 100644 --- a/src/lookup/common.h +++ b/src/lookup/common.h @@ -37,6 +37,7 @@ struct globals { LDAP *ld; char domain_controller[HOST_NAME_MAX + 1]; char workgroup[HOST_NAME_MAX + 1]; + char realm[HOST_NAME_MAX + 1]; char machine_name[HOST_NAME_MAX + 1]; char machine_password[HOST_NAME_MAX + 1]; }; diff --git a/src/lookup/gssapi.c b/src/lookup/gssapi.c index 70a78b0..b16f54c 100644 --- a/src/lookup/gssapi.c +++ b/src/lookup/gssapi.c @@ -78,12 +78,13 @@ bind_gssapi(LDAP *ld, const char *myname, const char *servername) major = gss_import_name(&minor, &input_name, GSS_C_NT_HOSTBASED_SERVICE, &server_name); if (major != GSS_S_COMPLETE) { - printf("import_name(1): %x\n", major); + printf("import_name(ldap@%s,1): %x\n", servername, major); return -1; } + printf("import_name(ldap@%s,1): %x\n", servername, major); free(input_name.value); -#if 0 +#if 1 /* Figure out who we are. */ input_name.length = strlen(myname); input_name.value = malloc(input_name.length + 1); @@ -118,7 +119,8 @@ bind_gssapi(LDAP *ld, const char *myname, const char *servername) supported_oids, GSS_C_INITIATE, &creds, &mech_oids, &time_rec); if (major != GSS_S_COMPLETE) { - printf("acquire_cred: %x/%x: %s\n", major, minor, error_message(minor)); + printf("acquire_cred: %x/%x: %s\n", major, minor, + error_message(minor)); return -1; } @@ -224,6 +226,8 @@ bind_gssapi(LDAP *ld, const char *myname, const char *servername) break; } + printf("%d\n", __LINE__); + /* If we need another round trip, process whatever we * received and prepare data to be transmitted back. */ if (((init_major & GSS_S_CONTINUE_NEEDED) != 0) && diff --git a/src/lookup/lookup.c b/src/lookup/lookup.c index cd8e251..1a1d35b 100644 --- a/src/lookup/lookup.c +++ b/src/lookup/lookup.c @@ -54,6 +54,8 @@ main(int argc, char **argv) sizeof(globals.domain_controller), "global/workgroup", &globals.workgroup[0], sizeof(globals.workgroup), + "global/realm", &globals.realm[0], + sizeof(globals.realm), "global/netbios name", &globals.machine_name[0], sizeof(globals.machine_name), NULL); @@ -63,7 +65,11 @@ main(int argc, char **argv) key, &globals.machine_password[0], sizeof(globals.machine_password), NULL); - + printf("domain_controller: %s\n", globals.domain_controller); + printf("workgroup: %s\n", globals.workgroup); + printf("realm: %s\n", globals.realm); + printf("my name: %s\n", globals.machine_name); + printf("my password: %s\n", globals.machine_password); i = lookup_ads_init(NULL); if (i != 0) { printf("error initializing lookup, continuing anyway\n"); diff --git a/src/lookup/scrape.c b/src/lookup/scrape.c index fcc73ce..cd521ab 100644 --- a/src/lookup/scrape.c +++ b/src/lookup/scrape.c @@ -76,6 +76,7 @@ scrape_smbconf(const char *directive, ...) va_end(args); n_args = n; + scrape_args = NULL; oddjob_resize_array((void **)&scrape_args, sizeof(scrape_args[0]), 0, n_args); @@ -257,6 +258,7 @@ scrape_tdb(const char *path, ...) va_end(args); n_args = n; + scrape_args = NULL; oddjob_resize_array((void **)&scrape_args, sizeof(scrape_args[0]), 0, n_args); @@ -301,18 +303,30 @@ scrape_tdb(const char *path, ...) thiskey = thisdata = NULL; while (getline(&line, &n, fp) != -1) { p = line + strspn(line, WHITESPACE); - if ((strcspn(p, WHITESPACE "=") == 3) && + if ((strcspn(p, WHITESPACE "=") >= 3) && (strncmp(p, "key", 3) == 0)) { p += 3; + if (*p == '(') { + p += strcspn(p, ")"); + if (*p == ')') { + p++; + } + } p += strspn(p, WHITESPACE "=\""); free(thiskey); thiskey = strdup(p); q = thiskey + strcspn(thiskey, "\""); *q = '\0'; } else - if ((strcspn(p, WHITESPACE "=") == 4) && + if ((strcspn(p, WHITESPACE "=") >= 4) && (strncmp(p, "data", 4) == 0)) { p += 4; + if (*p == '(') { + p += strcspn(p, ")"); + if (*p == ')') { + p++; + } + } p += strspn(p, WHITESPACE "=\""); free(thisdata); thisdata = strdup(p); diff --git a/src/oddjob_dbus.c b/src/oddjob_dbus.c index 9c3cf1a..863d33d 100644 --- a/src/oddjob_dbus.c +++ b/src/oddjob_dbus.c @@ -86,8 +86,7 @@ static int oddjob_dbus_bind(DBusConnection *conn, const char *service_name) { #if DBUS_CHECK_VERSION(0,60) - return dbus_bus_request_name(conn, service_name, - 0, NULL); + return dbus_bus_request_name(conn, service_name, 0, NULL); #elif DBUS_CHECK_VERSION(0,30) return dbus_bus_request_name(conn, service_name, DBUS_NAME_FLAG_PROHIBIT_REPLACEMENT, NULL);