[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
back_shell anomaly with distribution example deploy
- To: openldap-technical@openldap.org
- Subject: back_shell anomaly with distribution example deploy
- From: Marco Pizzoli <marco.pizzoli@gmail.com>
- Date: Mon, 7 Mar 2011 22:31:15 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:from:date:message-id:subject:to :content-type; bh=GRDIM4I8q7nW6cNTsGec1orLOWRTJa0NzAhNtG9yLZM=; b=tFAAo3+32oRAFjzUdoWLTMyTCeS33uj1XhBoc/IFR9jLKHu0+eWVw4G9gMcEW0Uvad 6j1PAnLe8EtEUDlrPSWHjMZJWRRMh4jFG/cu8xg7ZMJeLjZh26Uz1wz2ZnqjvS4VL4ti 4wXKG4UNNbgL2EzOO5ZFFvB+RJuer319S0I58=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=WJ9fArEyqvl5pHus7myInaCLWsNHzIfGxxtSS7TjzgbeR8MsGOxV0ElVquAU36bCVu xSFI1jiThgf9tObIEt9AIif4fLsDDDrthhVUwxfKNxaXQ08oBaKv8hfoNEkhEvAg68qy e8+qO4In+9QXtUpY1tSmTfa++8C7ECiVnakY8=
Hi list,
I'm having a problem in using the example back_shell example of OL distribution.
I'm using OL 2.4.21 as released in Ubuntu10.04 distribution.
This is my database definition:
database shell
suffix "dc=pippo,dc=it"
search /tmp/slapd_search.sh
This is the example script found in the OL distribution. Im my test this is /tmp/slapd_search.sh
#!/bin/bash
# $OpenLDAP: /servers/slapd/back-shell/searchexample.sh,v 1.9.2.6 2011/01/04 23:50:44 kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2011 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (c) 1995 Regents of the University of Michigan.
## All rights reserved.
##
## Redistribution and use in source and binary forms are permitted
## provided that this notice is preserved and that due credit is given
## to the University of Michigan at Ann Arbor. The name of the University
## may not be used to endorse or promote products derived from this
## software without specific prior written permission. This software
## is provided ``as is'' without express or implied warranty.
while [ 1 ]; do
read TAG VALUE
#echo "TAG: $TAG" >>/tmp/temp1.txt
#echo "VALUE: $VALUE" >>/tmp/temp1.txt
if [ $? -ne 0 ]; then
break
fi
case "$TAG" in
base:)
BASE=$VALUE
;;
filter:)
FILTER=$VALUE
;;
# include other parameters here
esac
done
LOGIN=`echo $FILTER | sed -e 's/.*=\(.*\))/\1/'`
PWLINE=`grep -i "^$LOGIN" /etc/passwd`
#sleep 60
# if we found an entry that matches
if [ $? = 0 ]; then
echo $PWLINE | awk -F: '{
printf("dn: cn=%s,%s\n", $1, base);
printf("objectclass: top\n");
printf("objectclass: person\n");
printf("cn: %s\n", $1);
printf("cn: %s\n", $5);
printf("sn: %s\n", $1);
printf("uid: %s\n", $1);
}' base="$BASE"
echo ""
fi
# result
echo "RESULT"
echo "code: 0"
exit 0
This is the result. I cannot see my user listed
root@LTSP-vanilla:/etc/ldap/slapd.conf.d# ldapsearch -v -x -s sub -b "dc=pippo,dc=it" "(cn=marco)"
ldap_initialize( <DEFAULT> )
filter: (cn=marco)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <dc=pippo,dc=it> with scope subtree
# filter: (cn=marco)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
By using strace I can see full execution appering.
This is the final excerpt of my output:
Process 3914 detached
[pid 3915] <... read resumed> "", 4096) = 0
[pid 3915] write(1, "dn: cn=marco,dc=pippo,dc=it\nobjectclass: top\nobjectclass: person\ncn: marco\ncn: marco,,,\nsn: marco\nuid: marco\n", 109) = 109
[pid 3915] exit_group(0) = ?
Process 3915 detached
[pid 3909] <... waitpid resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 3914
[pid 3909] waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 3915
[pid 3909] rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0
[pid 3909] rt_sigaction(SIGINT, {SIG_DFL, [], 0}, {0x8086b90, [], 0}, 8) = 0
[pid 3909] close(4) = -1 EBADF (Bad file descriptor)
[pid 3909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 3909] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid 3909] waitpid(-1, 0xbfda677c, WNOHANG) = -1 ECHILD (No child processes)
[pid 3909] sigreturn() = ? (mask now [])
[pid 3909] write(1, "\n", 1) = 1
[pid 3909] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 3909] read(255, "\n# result\necho \"RESULT\"\necho \"code: 0\"\n\nexit 0\n\n", 1835) = 48
[pid 3909] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 3909] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 3909] write(1, "RESULT\n", 7) = 7
[pid 3909] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 3909] write(1, "code: 0\n", 8) = 8
[pid 3909] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 3909] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 3909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 3909] exit_group(0) = ?
Process 3909 detached
[pid 3767] <... read resumed> "dn: cn=marco,dc=pippo,dc=it\nobjectclass: top\nobjectclass: person\ncn: marco\ncn: marco,,,\nsn: marco\nuid: marco\n", 4096) = 109
[pid 3767] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid 3767] waitpid(-1, NULL, WNOHANG) = 3909
[pid 3767] waitpid(-1, NULL, WNOHANG) = -1 ECHILD (No child processes)
[pid 3767] sigreturn() = ? (mask now [])
[pid 3767] read(19, "\nRESULT\ncode: 0\n", 4096) = 16
[pid 3767] read(19, "", 4096) = 0
[pid 3767] time(NULL) = 1299531296
[pid 3767] send(4, "<167>Mar 7 21:54:56 slapd[3765]: shell: fgets failed: Success (0)\n", 67, MSG_NOSIGNAL) = 67
[pid 3767] write(16, "0\f\2\1\2e\7\n\1\0\4\0\4\0", 14) = 14
[pid 3767] time(NULL) = 1299531296
[pid 3767] send(4, "<167>Mar 7 21:54:56 slapd[3765]: conn=1003 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=\n", 94, MSG_NOSIGNAL) = 94
[pid 3767] close(19) = 0
[pid 3767] munmap(0xb777f000, 4096) = 0
[pid 3767] futex(0x212fc060, FUTEX_WAIT_PRIVATE, 32, NULL <unfinished ...>
[pid 3766] <... epoll_wait resumed> {{EPOLLIN, {u32=556622232, u64=556622232}}}, 1024, 450000) = 1
[pid 3766] epoll_ctl(7, EPOLL_CTL_MOD, 16, {0, {u32=556622232, u64=556622232}}) = 0
[pid 3766] futex(0x212fc060, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x212fc05c, {FUTEX_OP_SET, 0, FUTEX_OP_CMP_GT, 1} <unfinished ...>
[pid 3789] <... futex resumed> ) = 0
[pid 3789] futex(0x212fc044, FUTEX_WAIT_PRIVATE, 2, NULL <unfinished ...>
[pid 3766] <... futex resumed> ) = 1
[pid 3766] futex(0x212fc044, FUTEX_WAKE_PRIVATE, 1 <unfinished ...>
[pid 3789] <... futex resumed> ) = 0
[pid 3789] futex(0x212fc044, FUTEX_WAKE_PRIVATE, 1) = 0
[pid 3789] time(NULL) = 1299531296
[pid 3789] read(16, "0\5\2\1\3B\0", 8) = 7
[pid 3789] time(NULL) = 1299531296
[pid 3789] read(16, "", 8) = 0
[pid 3789] write(6, "0", 1) = 1
[pid 3789] time(NULL) = 1299531296
[pid 3789] send(4, "<167>Mar 7 21:54:56 slapd[3765]: conn=1003 op=2 UNBIND\n", 56, MSG_NOSIGNAL) = 56
[pid 3789] epoll_ctl(7, EPOLL_CTL_DEL, 16, {0, {u32=556622232, u64=556622232}}) = 0
[pid 3789] shutdown(16, 2 /* send and receive */) = 0
[pid 3789] close(16) = 0
[pid 3789] time(NULL) = 1299531296
[pid 3789] send(4, "<167>Mar 7 21:54:56 slapd[3765]: conn=1003 fd=16 closed\n", 57, MSG_NOSIGNAL) = 57
[pid 3789] futex(0x212fc060, FUTEX_WAIT_PRIVATE, 34, NULL <unfinished ...>
[pid 3766] <... futex resumed> ) = 1
[pid 3766] time(NULL) = 1299531296
[pid 3766] epoll_wait(7, {{EPOLLIN, {u32=556622188, u64=556622188}}}, 1024, 1283000) = 1
[pid 3766] read(5, "0", 8192) = 1
[pid 3766] time(NULL) = 1299531296
[pid 3766] epoll_wait(7, <unfinished ...>
[pid 3765] <... futex resumed> ) = ? ERESTARTSYS (To be restarted)
[pid 3765] futex(0xb7609bd8, FUTEX_WAIT, 3766, NULL^C <unfinished ...>
Process 3765 detached
Process 3766 detached
Process 3767 detached
Process 3789 detached
As you can see with bold font, I obtain a strange behaviour "fgets failed". But user "marco" exists in /etc/passwd.
Someone could tell me what is wrong?
Thanks in advance
Marco
--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison