Add nonMemberTerm support
authorMichael Spang <mspang@csclub.uwaterloo.ca>
Thu, 20 Dec 2007 22:37:08 +0000 (17:37 -0500)
committerMichael Spang <mspang@csclub.uwaterloo.ca>
Thu, 20 Dec 2007 22:43:39 +0000 (17:43 -0500)
debian/changelog
pam_csc.c

index bea0be1..923c1f9 100644 (file)
@@ -1,3 +1,9 @@
+libpam-csc (1.6) stable testing; urgency=low
+
+  * Allow login if nonMemberTerm has a valid term.
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Thu, 20 Dec 2007 17:38:32 -0500
+
 libpam-csc (1.5) stable testing; urgency=low
 
   * Check for correct uid range
index bbfbb23..045db28 100644 (file)
--- a/pam_csc.c
+++ b/pam_csc.c
@@ -173,7 +173,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
     FILE* pass_file = NULL;
     char* username_escaped = NULL;
     char *filter_csc = NULL, *filter_cscf = NULL;
-    char *attrs_csc[] = {"objectClass", "term", NULL}, 
+    char *attrs_csc[] = {"objectClass", "term", "nonMemberTerm", NULL},
         *attrs_cscf[] = {"objectClass", NULL};
     bool expired;
     const char* pam_rhost;
@@ -181,7 +181,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
     LDAPMessage *res_csc = NULL, *res_cscf = NULL;
     struct timeval timeout = {PAM_CSC_LDAP_TIMEOUT, 0};
     LDAPMessage* entry = NULL;
-    char **values = NULL, **values_iter = NULL;
+    char **values = NULL, **nmvalues = NULL, **values_iter = NULL;
 
     /* determine username */
     if((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username)
@@ -256,8 +256,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
     }
 
     /* create CSC request string */
-    WARN_ZERO( filter_csc = malloc(100 + strlen(username_escaped)) )
-    sprintf(filter_csc, "(&(uid=%s)(|(&(objectClass=member)(|(term=%s)(term=%s)))(!(objectClass=member))))", username_escaped, cur_term, prev_term);
+    WARN_ZERO( filter_csc = malloc(1000 + strlen(username_escaped)) )
+    sprintf(filter_csc, "(&(uid=%s)(|(&(objectClass=member)(|(term=%s)(term=%s)(nonMemberTerm=%s)(nonMemberTerm=%s)))(!(objectClass=member))))", username_escaped, cur_term, prev_term, cur_term, prev_term);
 
     /* issue CSC request */
     WARN_NEG1( msg_csc = ldap_search(ld_csc, PAM_CSC_CSC_BASE_DN, 
@@ -299,6 +299,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
         goto cleanup;
     }
 
+    nmvalues = ldap_get_values(ld_csc, entry, "nonMemberTerm");
+
     /* iterate through term attributes */
     expired = true;
     values_iter = values;
@@ -312,6 +314,16 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
         }
         values_iter++;
     }
+    if (nmvalues) {
+        values_iter = nmvalues;
+        while (*values_iter) {
+            if (strcmp(*values_iter, cur_term) == 0) {
+                expired = false;
+                break;
+            }
+            values_iter++;
+        }
+    }
 
     /* check if account is expired */
     if(expired)
@@ -343,6 +355,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
 cleanup:
 
     if(values) ldap_value_free(values);
+    if(nmvalues) ldap_value_free(nmvalues);
     if(res_csc) ldap_msgfree(res_csc);
     if(res_cscf) ldap_msgfree(res_cscf);
     if(ld_csc) ldap_unbind(ld_csc);