[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
execve problem with back-shell
Hello all. I'm working with openLDAP again, after some years'
hiatus, and very glad of it.
I'm having a problem which I hope somebody's seen before. I'm trying to
use back-shell (to avoid relearning Perl) for a quick-and dirty
solution to a problem too tedious to describe here.
Here's the relevant bits of slapd.conf:
--------------
moduleload back_shell.la
backend shell
database shell
suffix "dc=foo,dc=bar,dc=com"
rootdn "cn=admin,dc=foo,dc=bar,dc=com"
rootpw secretissimum-secretissimorum
add /usr/local/bin/backshell.sh
bind /usr/local/bin/backshell.sh
compare /usr/local/bin/backshell.sh
delete /usr/local/bin/backshell.sh
modify /usr/local/bin/backshell.sh
modrdn /usr/local/bin/backshell.sh
search /usr/local/bin/backshell.sh
unbind /usr/local/bin/backshell.sh
syncrepl rid=123
provider=ldap://127.0.0.1
type=refreshOnly
interval=00:00:00:05
searchbase="dc=foo,dc=bar,dc=com"
scope=sub
bindmethod=simple
binddn="uid=mik,ou=Managers,dc=foo,dc=bar,dc=com"
credentials="M0$tsecret"
-------------
backshell.sh is moronically simple at the moment:
----------------
#!/bin/bash
while read LINE
do
/bin/echo $LINE >>/var/lib/ldap2/replog.txt
done
echo RESULT
----------------
Commands to execute slapd:
~$ sudo su
# /usr/sbin/slapd -d 0x4400 -f /etc/ldap/slapd2.conf -h "ldap://127.0.0.1:3889"; -u openldap -g openldap
---------------
Varia:
~$ which bash
/bin/bash
~$ ls -ld /var/lib/ldap2
drwxr-xr-x 2 openldap openldap 4096 2011-03-04 13:10 /var/lib/ldap2
Debug output from slapd:
@(#) $OpenLDAP: slapd 2.4.9 (Jul 30 2010 00:42:11) $
buildd@vernadsky:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
WARNING: No dynamic config support for database shell.
slapd starting
syncrepl_entry: rid=123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
syncrepl_entry: rid=123 inserted UUID f25a0996-d888-102f-9c2e-559808098a6b
execv failed
shell: fgets failed: Success (0)
str2result () expecting "RESULT"
---------------------
... over and over again.
strace says:
[pid 19068] execve("/usr/local/bin/backshell.sh", ["/usr/local/bin/backshell.sh"], ["SHELL=/bin/bash", "TERM=xterm", "USER=root", "LS_COLORS=no=00:fi=00:di=01;34:l"..., "SUDO_USER=mike", "SUDO_UID=1001", "USERNAME=root", "PATH=/usr/local/sbin:/usr/local/"..., "MAIL=/var/mail/root", "PWD=/home/mike", "LANG=en_US.UTF-8", "SHLVL=1", "SUDO_COMMAND=/bin/su", "HOME=/root", "LOGNAME=root", "LESSOPEN=| /usr/bin/lesspipe %s", "SUDO_GID=1001", "LESSCLOSE=/usr/bin/lesspipe %s %"..., "_=/usr/sbin/slapd"]) = -1 EACCES (Permission denied)
-------------
Doesn't look like it's even able to execute my little program, right?
So this may be more a question about the subtleties of execve (and possibly
its interactions with sudo?) than about openldap, but if some kind soul
can set me on the right path, I'd be most grateful. I've manpaged and googled
everything I could think of, and drawn a blank.
--
--
Michael J. Smith
mjs@smithbowen.net