public
/
libpam-csc
12
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add nonMemberTerm support

This commit is contained in:
Michael Spang 2007-12-20 17:37:08 -05:00
parent 0986989791
commit 00f183800f
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
libpam-csc (1.6) stable testing; urgency=low
* Allow login if nonMemberTerm has a valid term.
-- Michael Spang <mspang@uwaterloo.ca> Thu, 20 Dec 2007 17:38:32 -0500
libpam-csc (1.5) stable testing; urgency=low libpam-csc (1.5) stable testing; urgency=low
* Check for correct uid range * Check for correct uid range

21
pam_csc.c
View File

@ -173,7 +173,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
FILE* pass_file = NULL; FILE* pass_file = NULL;
char* username_escaped = NULL; char* username_escaped = NULL;
char *filter_csc = NULL, *filter_cscf = NULL; char *filter_csc = NULL, *filter_cscf = NULL;
char *attrs_csc[] = {"objectClass", "term", NULL}, char *attrs_csc[] = {"objectClass", "term", "nonMemberTerm", NULL},
*attrs_cscf[] = {"objectClass", NULL}; *attrs_cscf[] = {"objectClass", NULL};
bool expired; bool expired;
const char* pam_rhost; const char* pam_rhost;
@ -181,7 +181,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
LDAPMessage *res_csc = NULL, *res_cscf = NULL; LDAPMessage *res_csc = NULL, *res_cscf = NULL;
struct timeval timeout = {PAM_CSC_LDAP_TIMEOUT, 0}; struct timeval timeout = {PAM_CSC_LDAP_TIMEOUT, 0};
LDAPMessage* entry = NULL; LDAPMessage* entry = NULL;
char **values = NULL, **values_iter = NULL; char **values = NULL, **nmvalues = NULL, **values_iter = NULL;
/* determine username */ /* determine username */
if((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) if((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username)
@ -256,8 +256,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
} }
/* create CSC request string */ /* create CSC request string */
WARN_ZERO( filter_csc = malloc(100 + strlen(username_escaped)) ) WARN_ZERO( filter_csc = malloc(1000 + strlen(username_escaped)) )
sprintf(filter_csc, "(&(uid=%s)(|(&(objectClass=member)(|(term=%s)(term=%s)))(!(objectClass=member))))", username_escaped, cur_term, prev_term); sprintf(filter_csc, "(&(uid=%s)(|(&(objectClass=member)(|(term=%s)(term=%s)(nonMemberTerm=%s)(nonMemberTerm=%s)))(!(objectClass=member))))", username_escaped, cur_term, prev_term, cur_term, prev_term);
/* issue CSC request */ /* issue CSC request */
WARN_NEG1( msg_csc = ldap_search(ld_csc, PAM_CSC_CSC_BASE_DN, WARN_NEG1( msg_csc = ldap_search(ld_csc, PAM_CSC_CSC_BASE_DN,
@ -299,6 +299,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
goto cleanup; goto cleanup;
} }
nmvalues = ldap_get_values(ld_csc, entry, "nonMemberTerm");
/* iterate through term attributes */ /* iterate through term attributes */
expired = true; expired = true;
values_iter = values; values_iter = values;
@ -312,6 +314,16 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
} }
values_iter++; values_iter++;
} }
if (nmvalues) {
values_iter = nmvalues;
while (*values_iter) {
if (strcmp(*values_iter, cur_term) == 0) {
expired = false;
break;
}
values_iter++;
}
}
/* check if account is expired */ /* check if account is expired */
if(expired) if(expired)
@ -343,6 +355,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
cleanup: cleanup:
if(values) ldap_value_free(values); if(values) ldap_value_free(values);
if(nmvalues) ldap_value_free(nmvalues);
if(res_csc) ldap_msgfree(res_csc); if(res_csc) ldap_msgfree(res_csc);
if(res_cscf) ldap_msgfree(res_cscf); if(res_cscf) ldap_msgfree(res_cscf);
if(ld_csc) ldap_unbind(ld_csc); if(ld_csc) ldap_unbind(ld_csc);