Added allowed usernames check
Ignore entries without the objectClass=member attribute
This commit is contained in:
parent
d6c554d5de
commit
89463b4460
|
|
@ -1,3 +1,10 @@
|
|||
libpam-csc (1.3) stable testing; urgency=low
|
||||
|
||||
* Added allowed usernames check
|
||||
* Ignore entries without the objectClass=member attribute
|
||||
|
||||
-- David Bartley <dtbartle@csclub.uwaterloo.ca> Thu, 09 Aug 2007 04:03:37 -0400
|
||||
|
||||
libpam-csc (1.2) stable testing; urgency=low
|
||||
|
||||
* Optimized querying by using single query and using asynch functions
|
||||
|
|
|
|||
23
pam_csc.c
23
pam_csc.c
|
|
@ -36,6 +36,7 @@
|
|||
#define PAM_CSC_CSCF_SASL_REALM "STUDENT.CS.UWATERLOO.CA"
|
||||
#define PAM_CSC_LDAP_TIMEOUT 5
|
||||
#define PAM_CSC_MINIMUM_UID 1000
|
||||
#define PAM_CSC_ALLOWED_USERNAMES {"nobody"}
|
||||
#define PAM_CSC_EXPIRED_MSG \
|
||||
"*****************************************************************************\n" \
|
||||
"* *\n" \
|
||||
|
|
@ -49,6 +50,8 @@
|
|||
"(pam_csc): %s was not registered for current term or previous term - denying login\n"
|
||||
#define PAM_CSC_SYSLOG_EXPIRED_ERROR \
|
||||
"(pam_csc): %s was not registered for current term but was registered for previous term - permitting login\n"
|
||||
#define PAM_CSC_SYSLOG_NOT_A_MEMBER \
|
||||
"(pam_csc): %s is not a member account - permitting login\n"
|
||||
#define PAM_CSC_SYSLOG_CSCF_DISALLOWED \
|
||||
"(pam_csc): %s is using a CSCF machine but is not enrolled in CS - denying login\n"
|
||||
#define PAM_CSC_SYSLOG_SASL_UNRECOGNIZED_CALLBACK \
|
||||
|
|
@ -162,6 +165,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
int retval = PAM_SUCCESS;
|
||||
const char* username;
|
||||
struct passwd* pwd;
|
||||
const char* allowed_usernames[] = PAM_CSC_ALLOWED_USERNAMES;
|
||||
int i;
|
||||
time_t cur_time;
|
||||
struct tm* local_time;
|
||||
int long_term;
|
||||
|
|
@ -194,6 +199,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
return PAM_SUCCESS;
|
||||
}
|
||||
|
||||
/* check username */
|
||||
for(i = 0; i < sizeof(allowed_usernames) / sizeof(char*); i++)
|
||||
{
|
||||
if(strcmp(allowed_usernames[i], username) == 0)
|
||||
{
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
/* escape username */
|
||||
WARN_ZERO( username_escaped = pam_csc_escape_ldap_string(username) );
|
||||
|
||||
|
|
@ -270,7 +284,14 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
|
||||
/* get CSC entry */
|
||||
WARN_ZERO( entry = ldap_first_entry(ld_csc, res_csc) )
|
||||
WARN_ZERO( values = ldap_get_values(ld_csc, entry, "term") )
|
||||
values = ldap_get_values(ld_csc, entry, "term");
|
||||
if(!values)
|
||||
{
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_NOT_A_MEMBER,
|
||||
username);
|
||||
retval = PAM_SUCCESS;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* iterate through term attributes */
|
||||
expired = true;
|
||||
|
|
|
|||
Loading…
Reference in New Issue