Compare commits
18 Commits
libpam-csc
...
master
Author | SHA1 | Date |
---|---|---|
Zachary Seguin | bef72d94b1 | |
Elana Hashman | acb9056f2a | |
Elana Hashman | cad70a69ab | |
Sean Hunt | e344a9b7b7 | |
Luqman Aden | d49335c1e1 | |
Jeremy Roman | f977ba592d | |
Jeremy Roman | 146946c36c | |
Owen Smith | 0ae69c11b0 | |
Peter Barfuss | 7d9c83f483 | |
Jeremy Roman | c67071af30 | |
Jeremy Roman | 5d2c863008 | |
Jeremy Roman | 3e145e942c | |
Michael Spang | 80007d3ca1 | |
Michael Spang | d8beeaa83f | |
David Bartley | 9861c1c504 | |
David Bartley | 909d745fb1 | |
David Bartley | 7f7add3837 | |
David Bartley | 2511c63ec5 |
6
Makefile
6
Makefile
|
@ -1,11 +1,11 @@
|
|||
CC=gcc
|
||||
CFLAGS=-g -O2 -fPIC -Wall
|
||||
LDFLAGS=-g -shared -lpam -lldap
|
||||
CFLAGS=-std=c99 -g -O2 -fPIC -Wall -DLDAP_DEPRECATED
|
||||
LDFLAGS=-g -shared
|
||||
|
||||
all: pam_csc.so
|
||||
|
||||
pam_csc.so: pam_csc.o
|
||||
$(CC) -o $@ $(LDFLAGS) $<
|
||||
$(CC) -o $@ $(LDFLAGS) $< -lpam -lldap
|
||||
|
||||
clean:
|
||||
rm -f pam_csc.so pam_csc.o
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
libpam-csc for Debian
|
||||
---------------------
|
||||
|
||||
<possible notes regarding this package - if none, delete this file>
|
||||
|
||||
-- David Bartley <dtbartle@csclub.uwaterloo.ca> Sun, 24 Jun 2007 23:18:22 -0400
|
|
@ -1,3 +1,83 @@
|
|||
libpam-csc (1.11~buster0) buster; urgency=medium
|
||||
|
||||
* Package for buster
|
||||
|
||||
-- Zachary Seguin <ztseguin@csclub.uwaterloo.ca> Sun, 15 Apr 2018 14:09:15 -0400
|
||||
|
||||
libpam-csc (1.11~stretch0) stretch; urgency=medium
|
||||
|
||||
* Re-package for stretch
|
||||
|
||||
-- Zachary Seguin <ztseguin@csclub.uwaterloo.ca> Tue, 06 Mar 2018 21:36:01 -0500
|
||||
|
||||
libpam-csc (1.11ubuntu16.04) xenial; urgency=low
|
||||
|
||||
* Non-maintainer upload.
|
||||
|
||||
-- Elana Hashman <ehashman@csclub.uwaterloo.ca> Tue, 25 Apr 2017 22:37:29 -0400
|
||||
|
||||
libpam-csc (1.11debian9) stretch; urgency=medium
|
||||
|
||||
* Packaging updates; we are targeting 7-year old policy.
|
||||
* Release for stretch.
|
||||
|
||||
-- Elana Hashman <ehashman@csclub.uwaterloo.ca> Tue, 25 Apr 2017 22:13:54 -0400
|
||||
|
||||
libpam-csc (1.10ubuntu5) saucy; urgency=low
|
||||
|
||||
* Packaging for saucy.
|
||||
|
||||
-- Sean Hunt <scshunt@csclub.uwaterloo.ca> Thu, 05 Dec 2013 15:54:05 -0500
|
||||
|
||||
libpam-csc (1.10jessie0) jessie; urgency=low
|
||||
|
||||
* Packaging for jessie.
|
||||
|
||||
-- Luqman Aden <laden@csclub.uwaterloo.ca> Thu, 10 Oct 2013 22:08:48 -0400
|
||||
|
||||
libpam-csc (1.10) stable; urgency=low
|
||||
|
||||
* Make pbarfuss' syscom change not deref a null pointer if syscom isn't present
|
||||
* Package for wheezy.
|
||||
|
||||
-- Jeremy Roman <jbroman@csclub.uwaterloo.ca> Sat, 07 Sep 2013 14:07:57 -0400
|
||||
|
||||
libpam-csc (1.9ubuntu4) quantal; urgency=low
|
||||
|
||||
* Packaging for quantal.
|
||||
|
||||
-- Owen Michael Smith <omsmith@csclub.uwaterloo.ca> Sat, 25 May 2013 19:37:24 -0400
|
||||
|
||||
libpam-csc (1.9ubuntu3) precise; urgency=low
|
||||
|
||||
* Build for precise.
|
||||
|
||||
-- Jeremy Roman <jbroman@csclub.uwaterloo.ca> Fri, 16 Mar 2012 18:04:21 -0400
|
||||
|
||||
libpam-csc (1.9ubuntu2) oneiric; urgency=low
|
||||
|
||||
* Build for oneiric.
|
||||
|
||||
-- Jeremy Roman <jbroman@csclub.uwaterloo.ca> Wed, 18 Jan 2012 17:32:15 -0500
|
||||
|
||||
libpam-csc (1.9ubuntu1) maverick; urgency=low
|
||||
|
||||
* Build for maverick.
|
||||
|
||||
-- Michael Spang <mspang@csclub.uwaterloo.ca> Fri, 22 Oct 2010 10:08:19 -0400
|
||||
|
||||
libpam-csc (1.9) stable; urgency=low
|
||||
|
||||
* Update package for squeeze.
|
||||
|
||||
-- Michael Spang <mspang@csclub.uwaterloo.ca> Wed, 13 Oct 2010 13:48:27 -0400
|
||||
|
||||
libpam-csc (1.8) stable testing; urgency=low
|
||||
|
||||
* Build fixes
|
||||
|
||||
-- David Bartley <dtbartle@csclub.uwaterloo.ca> Tue, 15 Apr 2008 09:00:57 -0400
|
||||
|
||||
libpam-csc (1.7) stable testing; urgency=low
|
||||
|
||||
* Allocate less memory
|
||||
|
|
|
@ -1 +1 @@
|
|||
5
|
||||
10
|
||||
|
|
|
@ -1,12 +1,17 @@
|
|||
Source: libpam-csc
|
||||
Section: net
|
||||
Priority: optional
|
||||
Maintainer: David Bartley <dtbartle@csclub.uwaterloo.ca>
|
||||
Build-Depends: debhelper (>= 4.0.0), libldap2-dev, libpam0g-dev, libsasl2-dev
|
||||
Standards-Version: 3.7.2
|
||||
Maintainer: Systems Commmittee <syscom@csclub.uwaterloo.ca>
|
||||
Uploaders:
|
||||
David Bartley <dtbartle@csclub.uwaterloo.ca>,
|
||||
Michael Spang <mspang@csclub.uwaterloo.ca>,
|
||||
Jeremy Roman <jbroman@csclub.uwaterloo.ca>,
|
||||
Elana Hashman <ehashman@csclub.uwaterloo.ca>
|
||||
Build-Depends: debhelper (>= 10), libldap2-dev, libpam0g-dev, libsasl2-dev
|
||||
Standards-Version: 3.9.8
|
||||
|
||||
Package: libpam-csc
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||
Description: CSC PAM module to handle account expiration.
|
||||
CSC PAM module to handle account expiration.
|
||||
This module disallows login by expired accounts.
|
||||
|
|
|
@ -4,7 +4,7 @@ on Sun, 24 Jun 2007 23:18:22 -0400.
|
|||
The original source can always be found at:
|
||||
ftp://ftp.debian.org/dists/unstable/main/source/
|
||||
|
||||
Copyright Holder: David Bartley
|
||||
Copyright 2007-2010 David Bartley
|
||||
|
||||
License:
|
||||
|
||||
|
|
|
@ -1,16 +1,4 @@
|
|||
#!/usr/bin/make -f
|
||||
# -*- makefile -*-
|
||||
# Sample debian/rules that uses debhelper.
|
||||
# This file was originally written by Joey Hess and Craig Small.
|
||||
# As a special exception, when this file is copied by dh-make into a
|
||||
# dh-make output file, you may use that output file without restriction.
|
||||
# This special exception was added by Craig Small in version 0.37 of dh-make.
|
||||
|
||||
# Uncomment this to turn on verbose mode.
|
||||
#export DH_VERBOSE=1
|
||||
|
||||
|
||||
|
||||
|
||||
CFLAGS = -Wall -g
|
||||
|
||||
|
@ -23,14 +11,13 @@ endif
|
|||
configure: configure-stamp
|
||||
configure-stamp:
|
||||
dh_testdir
|
||||
# Add here commands to configure the package.
|
||||
|
||||
touch configure-stamp
|
||||
|
||||
|
||||
build: build-stamp
|
||||
|
||||
build-stamp: configure-stamp
|
||||
build: build-arch build-indep
|
||||
build-arch: build-stamp
|
||||
build-indep: build-stamp
|
||||
build-stamp: configure-stamp
|
||||
dh_testdir
|
||||
|
||||
$(MAKE)
|
||||
|
@ -43,13 +30,12 @@ clean:
|
|||
rm -f build-stamp configure-stamp
|
||||
|
||||
$(MAKE) clean
|
||||
|
||||
dh_clean
|
||||
dh_clean
|
||||
|
||||
install: build-stamp
|
||||
dh_testdir
|
||||
dh_testroot
|
||||
dh_clean -k
|
||||
dh_prep
|
||||
dh_installdirs
|
||||
install -m 644 pam_csc.so $(CURDIR)/debian/libpam-csc/lib/security
|
||||
|
||||
|
@ -62,27 +48,14 @@ binary-indep: build install
|
|||
binary-arch: build install
|
||||
dh_testdir
|
||||
dh_testroot
|
||||
dh_installchangelogs
|
||||
dh_installchangelogs
|
||||
dh_installdocs
|
||||
dh_installexamples
|
||||
# dh_install
|
||||
# dh_installmenu
|
||||
# dh_installdebconf
|
||||
# dh_installlogrotate
|
||||
# dh_installemacsen
|
||||
# dh_installpam
|
||||
# dh_installmime
|
||||
# dh_python
|
||||
# dh_installinit
|
||||
# dh_installcron
|
||||
# dh_installinfo
|
||||
dh_installman
|
||||
dh_link
|
||||
dh_strip
|
||||
dh_compress
|
||||
dh_fixperms
|
||||
# dh_perl
|
||||
# dh_makeshlibs
|
||||
dh_installdeb
|
||||
dh_shlibdeps
|
||||
dh_gencontrol
|
||||
|
|
138
pam_csc.c
138
pam_csc.c
|
@ -1,4 +1,5 @@
|
|||
#define PAM_SM_ACCOUNT
|
||||
#define LDAP_DEPRECATED 1
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
|
@ -7,24 +8,27 @@
|
|||
#include <stdlib.h>
|
||||
#include <stdbool.h>
|
||||
#include <string.h>
|
||||
#include <security/pam_modules.h>
|
||||
#include <security/pam_appl.h>
|
||||
#include <security/pam_modules.h>
|
||||
#include <ldap.h>
|
||||
#include <sasl/sasl.h>
|
||||
#include <syslog.h>
|
||||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
|
||||
#ifndef LDAP_SASL_QUIET
|
||||
# define LDAP_SASL_QUIET 0
|
||||
#endif
|
||||
|
||||
#ifndef LOG_AUTHPRIV
|
||||
# define LOG_AUTHPRIV LOG_AUTH
|
||||
#endif
|
||||
|
||||
#ifndef PAM_EXTERN
|
||||
# define PAM_EXTERN extern
|
||||
#endif
|
||||
|
||||
#define PAM_CSC_CSC_BASE_DN "ou=People,dc=csclub,dc=uwaterloo,dc=ca"
|
||||
#define PAM_CSC_CSCF_URI \
|
||||
"ldaps://eponina.student.cs.uwaterloo.ca" \
|
||||
"ldaps://canadenis.student.cs.uwaterloo.ca"
|
||||
#define PAM_CSC_CSCF_BASE_DN "dc=student,dc=cs,dc=uwateloo,dc=ca"
|
||||
#define PAM_CSC_CSCF_BIND_DN \
|
||||
"uid=TODO,dc=student,dc=cs,dc=uwaterloo,dc=ca"
|
||||
#define PAM_CSC_CSCF_SASL_USER \
|
||||
"dn:uid=TODO,cn=STUDENT.CS.UWATERLOO.CA,cn=DIGEST-MD5,cn=auth"
|
||||
#define PAM_CSC_CSCF_PASSWORD_FILE "/etc/security/pam_csc_cscf_password"
|
||||
#define PAM_CSC_CSCF_SASL_REALM "STUDENT.CS.UWATERLOO.CA"
|
||||
#define PAM_CSC_LDAP_TIMEOUT 5
|
||||
#define PAM_CSC_ALLOWED_USERNAMES {"nobody"}
|
||||
#define PAM_CSC_EXPIRED_MSG \
|
||||
|
@ -33,17 +37,13 @@
|
|||
"* Your account has expired - please contact the Computer Science Club *\n" \
|
||||
"* *\n" \
|
||||
"*****************************************************************************\n"
|
||||
#define PAM_CSC_CSCF_DISALLOWED_MSG \
|
||||
"You are not registered as a CS student - login denied."
|
||||
|
||||
#define PAM_CSC_SYSLOG_EXPIRED_WARNING \
|
||||
#define PAM_CSC_SYSLOG_EXPIRED_NO_TERMS \
|
||||
"(pam_csc): %s was not registered for current term or previous term - denying login\n"
|
||||
#define PAM_CSC_SYSLOG_EXPIRED_ERROR \
|
||||
#define PAM_CSC_SYSLOG_EXPIRED_LAST_TERM \
|
||||
"(pam_csc): %s was not registered for current term but was registered for previous term - permitting login\n"
|
||||
#define PAM_CSC_SYSLOG_NOT_A_MEMBER \
|
||||
"(pam_csc): %s is not a member account - permitting login\n"
|
||||
#define PAM_CSC_SYSLOG_CSCF_DISALLOWED \
|
||||
"(pam_csc): %s is using a CSCF machine but is not enrolled in CS - denying login\n"
|
||||
#define PAM_CSC_SYSLOG_SASL_UNRECOGNIZED_CALLBACK \
|
||||
"(pam_csc): %ld is not a recognized SASL callback option\n"
|
||||
|
||||
|
@ -148,7 +148,7 @@ int pam_csc_print_message(pam_handle_t* pamh, char* msg, int style)
|
|||
messages[0] = &message;
|
||||
message.msg_style = style;
|
||||
message.msg = msg;
|
||||
WARN_PAM( conv->conv(1, (const struct pam_message**)messages,
|
||||
WARN_PAM( conv->conv(1, (const struct pam_message**)messages,
|
||||
&response, conv->appdata_ptr) )
|
||||
|
||||
cleanup:
|
||||
|
@ -161,24 +161,22 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
int retval = PAM_SUCCESS;
|
||||
const char* username;
|
||||
struct passwd* pwd;
|
||||
struct group *grp;
|
||||
const char* allowed_usernames[] = PAM_CSC_ALLOWED_USERNAMES;
|
||||
int i;
|
||||
unsigned int i;
|
||||
time_t cur_time;
|
||||
struct tm* local_time;
|
||||
int long_term, term_month;
|
||||
static const char term_chars[] = {'w', 's', 'f'};
|
||||
char cur_term[6], prev_term[6];
|
||||
LDAP *ld_csc = NULL, *ld_cscf = NULL;
|
||||
bool cscf;
|
||||
FILE* pass_file = NULL;
|
||||
LDAP *ld_csc = NULL;
|
||||
char* username_escaped = NULL;
|
||||
char *filter_csc = NULL, *filter_cscf = NULL;
|
||||
char *attrs_csc[] = {"objectClass", "term", "nonMemberTerm", NULL},
|
||||
*attrs_cscf[] = {"objectClass", NULL};
|
||||
bool expired;
|
||||
char *filter_csc = NULL;
|
||||
char *attrs_csc[] = {"objectClass", "term", "nonMemberTerm", NULL};
|
||||
bool expired, syscom = 0;
|
||||
const char* pam_rhost;
|
||||
int msg_csc, msg_cscf;
|
||||
LDAPMessage *res_csc = NULL, *res_cscf = NULL;
|
||||
int msg_csc;
|
||||
LDAPMessage *res_csc = NULL;
|
||||
struct timeval timeout = {PAM_CSC_LDAP_TIMEOUT, 0};
|
||||
LDAPMessage* entry = NULL;
|
||||
char **values = NULL, **nmvalues = NULL, **values_iter = NULL;
|
||||
|
@ -200,6 +198,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
}
|
||||
}
|
||||
|
||||
/* check to see if user is in group syscom, if yes, still print message but allow login even if user expired */
|
||||
grp = getgrnam("syscom");
|
||||
for(i = 0; grp && grp->gr_mem[i]; i++) {
|
||||
if(!strcmp(grp->gr_mem[i], username)) {
|
||||
syscom = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* check username */
|
||||
for(i = 0; i < sizeof(allowed_usernames) / sizeof(char*); i++)
|
||||
{
|
||||
|
@ -226,55 +233,19 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
WARN_NEG1( ldap_simple_bind(ld_csc, NULL, NULL) )
|
||||
|
||||
/* check if we are logging in from a CSCF teaching thin client */
|
||||
cscf = false;
|
||||
if(pam_get_item(pamh, PAM_RHOST, (const void**)&pam_rhost) && pam_rhost)
|
||||
{
|
||||
/* TODO: check if pam_rhost is tcNNN.student.cs */
|
||||
}
|
||||
|
||||
if(cscf)
|
||||
{
|
||||
pam_csc_sasl_interact_param_t interact_param = {
|
||||
PAM_CSC_CSCF_SASL_REALM,
|
||||
PAM_CSC_CSCF_SASL_USER
|
||||
};
|
||||
int ret;
|
||||
|
||||
/* read password file */
|
||||
WARN_ZERO( pass_file = fopen(PAM_CSC_CSCF_PASSWORD_FILE, "r") )
|
||||
ret = fread(interact_param.pass, sizeof(char),
|
||||
sizeof(interact_param.pass) - 1, pass_file);
|
||||
interact_param.pass[ret] = '\0';
|
||||
if(ret && interact_param.pass[ret - 1] == '\n')
|
||||
interact_param.pass[ret - 1] = '\0';
|
||||
fclose(pass_file); pass_file = NULL;
|
||||
|
||||
/* connect to CSCF */
|
||||
WARN_LDAP( ldap_initialize(&ld_cscf, PAM_CSC_CSCF_URI) )
|
||||
WARN_NEG1( ldap_sasl_interactive_bind_s(ld_cscf, PAM_CSC_CSCF_BIND_DN,
|
||||
"DIGEST-MD5", NULL, NULL, LDAP_SASL_INTERACTIVE | LDAP_SASL_QUIET,
|
||||
pam_csc_sasl_interact, &interact_param) )
|
||||
}
|
||||
|
||||
/* create CSC request string */
|
||||
WARN_ZERO( filter_csc = malloc(140 + strlen(username_escaped)) )
|
||||
sprintf(filter_csc, "(&(uid=%s)(|(&(objectClass=member)(|(term=%s)(term=%s)(nonMemberTerm=%s)(nonMemberTerm=%s)))(!(objectClass=member))))", username_escaped, cur_term, prev_term, cur_term, prev_term);
|
||||
|
||||
/* issue CSC request */
|
||||
WARN_NEG1( msg_csc = ldap_search(ld_csc, PAM_CSC_CSC_BASE_DN,
|
||||
WARN_NEG1( msg_csc = ldap_search(ld_csc, PAM_CSC_CSC_BASE_DN,
|
||||
LDAP_SCOPE_SUBTREE, filter_csc, attrs_csc, 0) )
|
||||
|
||||
if(cscf)
|
||||
{
|
||||
/* create CSCF request string */
|
||||
WARN_ZERO( filter_cscf = malloc(100 + strlen(username_escaped)) )
|
||||
sprintf(filter_csc, "TODO %s", username_escaped);
|
||||
|
||||
/* issue CSCF request */
|
||||
WARN_NEG1( msg_cscf = ldap_search(ld_cscf, PAM_CSC_CSCF_BASE_DN,
|
||||
LDAP_SCOPE_SUBTREE, filter_cscf, attrs_cscf, 1) )
|
||||
}
|
||||
|
||||
/* wait for CSC response */
|
||||
WARN_NEG1( ldap_result(ld_csc, msg_csc, 1, &timeout, &res_csc) )
|
||||
|
||||
|
@ -283,9 +254,9 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
{
|
||||
/* show notice and disallow login */
|
||||
pam_csc_print_message(pamh, PAM_CSC_EXPIRED_MSG, PAM_ERROR_MSG);
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_EXPIRED_WARNING,
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_EXPIRED_NO_TERMS,
|
||||
username);
|
||||
retval = PAM_AUTH_ERR;
|
||||
retval = (syscom ? PAM_SUCCESS : PAM_AUTH_ERR);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
@ -296,7 +267,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
|
||||
if(!values && !nmvalues)
|
||||
{
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_NOT_A_MEMBER,
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_NOT_A_MEMBER,
|
||||
username);
|
||||
retval = PAM_SUCCESS;
|
||||
goto cleanup;
|
||||
|
@ -336,49 +307,26 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
|
|||
{
|
||||
/* show notice and continue */
|
||||
pam_csc_print_message(pamh, PAM_CSC_EXPIRED_MSG, PAM_TEXT_INFO);
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_EXPIRED_ERROR,
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_EXPIRED_LAST_TERM,
|
||||
username);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* show notice and disallow login */
|
||||
pam_csc_print_message(pamh, PAM_CSC_EXPIRED_MSG, PAM_ERROR_MSG);
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_EXPIRED_WARNING,
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_EXPIRED_NO_TERMS,
|
||||
username);
|
||||
retval = PAM_AUTH_ERR;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
if(cscf)
|
||||
{
|
||||
/* wait for CSCF response */
|
||||
WARN_NEG1( ldap_result(ld_cscf, msg_cscf, 1, &timeout, &res_cscf) )
|
||||
|
||||
/* check if we got an entry back from CSCF */
|
||||
if(ldap_count_entries(ld_cscf, res_cscf) == 0)
|
||||
{
|
||||
/* output CSCF disallowed message */
|
||||
pam_csc_print_message(pamh, PAM_CSC_CSCF_DISALLOWED_MSG,
|
||||
PAM_ERROR_MSG);
|
||||
syslog(LOG_AUTHPRIV | LOG_NOTICE, PAM_CSC_SYSLOG_CSCF_DISALLOWED,
|
||||
username);
|
||||
retval = PAM_AUTH_ERR;
|
||||
goto cleanup;
|
||||
retval = (syscom ? PAM_SUCCESS : PAM_AUTH_ERR);
|
||||
}
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
||||
if(values) ldap_value_free(values);
|
||||
if(nmvalues) ldap_value_free(nmvalues);
|
||||
if(res_csc) ldap_msgfree(res_csc);
|
||||
if(res_cscf) ldap_msgfree(res_cscf);
|
||||
if(ld_csc) ldap_unbind(ld_csc);
|
||||
if(ld_cscf) ldap_unbind(ld_cscf);
|
||||
if(filter_csc) free(filter_csc);
|
||||
if(filter_cscf) free(filter_cscf);
|
||||
if(username_escaped) free(username_escaped);
|
||||
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue