Add nonMemberTerm support
This commit is contained in:
parent
0986989791
commit
00f183800f
|
@ -1,3 +1,9 @@
|
|||
libpam-csc (1.6) stable testing; urgency=low
|
||||
|
||||
* Allow login if nonMemberTerm has a valid term.
|
||||
|
||||
-- Michael Spang <mspang@uwaterloo.ca> Thu, 20 Dec 2007 17:38:32 -0500
|
||||
|
||||
libpam-csc (1.5) stable testing; urgency=low
|
||||
|
||||
* Check for correct uid range
|
||||
|
|
21
pam_csc.c
21
pam_csc.c
|
@ -173,7 +173,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
FILE* pass_file = NULL;
|
||||
char* username_escaped = NULL;
|
||||
char *filter_csc = NULL, *filter_cscf = NULL;
|
||||
char *attrs_csc[] = {"objectClass", "term", NULL},
|
||||
char *attrs_csc[] = {"objectClass", "term", "nonMemberTerm", NULL},
|
||||
*attrs_cscf[] = {"objectClass", NULL};
|
||||
bool expired;
|
||||
const char* pam_rhost;
|
||||
|
@ -181,7 +181,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
LDAPMessage *res_csc = NULL, *res_cscf = NULL;
|
||||
struct timeval timeout = {PAM_CSC_LDAP_TIMEOUT, 0};
|
||||
LDAPMessage* entry = NULL;
|
||||
char **values = NULL, **values_iter = NULL;
|
||||
char **values = NULL, **nmvalues = NULL, **values_iter = NULL;
|
||||
|
||||
/* determine username */
|
||||
if((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username)
|
||||
|
@ -256,8 +256,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
}
|
||||
|
||||
/* create CSC request string */
|
||||
WARN_ZERO( filter_csc = malloc(100 + strlen(username_escaped)) )
|
||||
sprintf(filter_csc, "(&(uid=%s)(|(&(objectClass=member)(|(term=%s)(term=%s)))(!(objectClass=member))))", username_escaped, cur_term, prev_term);
|
||||
WARN_ZERO( filter_csc = malloc(1000 + strlen(username_escaped)) )
|
||||
sprintf(filter_csc, "(&(uid=%s)(|(&(objectClass=member)(|(term=%s)(term=%s)(nonMemberTerm=%s)(nonMemberTerm=%s)))(!(objectClass=member))))", username_escaped, cur_term, prev_term, cur_term, prev_term);
|
||||
|
||||
/* issue CSC request */
|
||||
WARN_NEG1( msg_csc = ldap_search(ld_csc, PAM_CSC_CSC_BASE_DN,
|
||||
|
@ -299,6 +299,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
nmvalues = ldap_get_values(ld_csc, entry, "nonMemberTerm");
|
||||
|
||||
/* iterate through term attributes */
|
||||
expired = true;
|
||||
values_iter = values;
|
||||
|
@ -312,6 +314,16 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
}
|
||||
values_iter++;
|
||||
}
|
||||
if (nmvalues) {
|
||||
values_iter = nmvalues;
|
||||
while (*values_iter) {
|
||||
if (strcmp(*values_iter, cur_term) == 0) {
|
||||
expired = false;
|
||||
break;
|
||||
}
|
||||
values_iter++;
|
||||
}
|
||||
}
|
||||
|
||||
/* check if account is expired */
|
||||
if(expired)
|
||||
|
@ -343,6 +355,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
cleanup:
|
||||
|
||||
if(values) ldap_value_free(values);
|
||||
if(nmvalues) ldap_value_free(nmvalues);
|
||||
if(res_csc) ldap_msgfree(res_csc);
|
||||
if(res_cscf) ldap_msgfree(res_cscf);
|
||||
if(ld_csc) ldap_unbind(ld_csc);
|
||||
|
|
Loading…
Reference in New Issue