don't return password hashes at all for non-root users, based on a patch by Alexander V. Chernikov <melifaro@ipfw.ru>

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@969 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2009-08-12 21:41:10 +0000
committer: Arthur de Jong <arthur@arthurdejong.org> 2009-08-12 21:41:10 +0000
commit: 8974d0b9bf3326e3e4fae7719df0091231c8132f (patch)
tree: 0584c6d3580c4b9b6a6e8e1be7be0d6e08cb3503
parent: 6c9a27d1bfed99845b22d0784ffcf3cf24978489 (diff)
3 files changed, 21 insertions, 16 deletions
diff --git a/nslcd/common.h b/nslcd/common.h
index 37ddc9a..48674c9 100644
--- a/nslcd/common.h
+++ b/nslcd/common.h
@@ -124,9 +124,9 @@ int nslcd_netgroup_byname(TFILE *fp,MYLDAP_SESSION *session);
 int nslcd_network_byname(TFILE *fp,MYLDAP_SESSION *session);
 int nslcd_network_byaddr(TFILE *fp,MYLDAP_SESSION *session);
 int nslcd_network_all(TFILE *fp,MYLDAP_SESSION *session);
-int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session);
-int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session);
-int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session);
+int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid);
+int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid);
+int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid);
 int nslcd_protocol_byname(TFILE *fp,MYLDAP_SESSION *session);
 int nslcd_protocol_bynumber(TFILE *fp,MYLDAP_SESSION *session);
 int nslcd_protocol_all(TFILE *fp,MYLDAP_SESSION *session);
@@ -144,9 +144,14 @@ int nslcd_pam_sess_o(TFILE *fp,MYLDAP_SESSION *session);
 int nslcd_pam_sess_c(TFILE *fp,MYLDAP_SESSION *session);
 int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session);
 
-/* macro for generating service handling code */
+/* macros for generating service handling code */
 #define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn) \
-  int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session) \
+  NSLCD_HANDLE_PARAMS(db,fn,,readfn,logcall,action,mkfilter,writefn)
+#define COMMA ,
+#define NSLCD_HANDLE_UID(db,fn,readfn,logcall,action,mkfilter,writefn) \
+  NSLCD_HANDLE_PARAMS(db,fn,COMMA uid_t calleruid,readfn,logcall,action,mkfilter,writefn)
+#define NSLCD_HANDLE_PARAMS(db,fn,params,readfn,logcall,action,mkfilter,writefn) \
+  int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session params ) \
   { \
     /* define common variables */ \
     int32_t tmpint32; \
diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c
index d95c09f..3ad2d1f 100644
--- a/nslcd/nslcd.c
+++ b/nslcd/nslcd.c
@@ -398,9 +398,9 @@ static void handleconnection(int sock,MYLDAP_SESSION *session)
     case NSLCD_ACTION_NETWORK_BYNAME:   (void)nslcd_network_byname(fp,session); break;
     case NSLCD_ACTION_NETWORK_BYADDR:   (void)nslcd_network_byaddr(fp,session); break;
     case NSLCD_ACTION_NETWORK_ALL:      (void)nslcd_network_all(fp,session); break;
-    case NSLCD_ACTION_PASSWD_BYNAME:    (void)nslcd_passwd_byname(fp,session); break;
-    case NSLCD_ACTION_PASSWD_BYUID:     (void)nslcd_passwd_byuid(fp,session); break;
-    case NSLCD_ACTION_PASSWD_ALL:       (void)nslcd_passwd_all(fp,session); break;
+    case NSLCD_ACTION_PASSWD_BYNAME:    (void)nslcd_passwd_byname(fp,session,uid); break;
+    case NSLCD_ACTION_PASSWD_BYUID:     (void)nslcd_passwd_byuid(fp,session,uid); break;
+    case NSLCD_ACTION_PASSWD_ALL:       (void)nslcd_passwd_all(fp,session,uid); break;
     case NSLCD_ACTION_PROTOCOL_BYNAME:  (void)nslcd_protocol_byname(fp,session); break;
     case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp,session); break;
     case NSLCD_ACTION_PROTOCOL_ALL:     (void)nslcd_protocol_all(fp,session); break;
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index 5ee0921..fef1720 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -292,7 +292,7 @@ char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen)
 #define MAXUIDS_PER_ENTRY 5
 
 static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
-                        const uid_t *requid)
+                        const uid_t *requid,uid_t calleruid)
 {
   int32_t tmpint32;
   const char **tmpvalues;
@@ -323,7 +323,7 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
   else
   {
     passwd=get_userpassword(entry,attmap_passwd_userPassword);
-    if (passwd==NULL)
+    if ((passwd==NULL)||(calleruid!=0))
       passwd=default_passwd_userPassword;
   }
   /* get the uids for this entry */
@@ -451,7 +451,7 @@ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
   return 0;
 }
 
-NSLCD_HANDLE(
+NSLCD_HANDLE_UID(
   passwd,byname,
   char name[256];
   char filter[1024];
@@ -463,10 +463,10 @@ NSLCD_HANDLE(
   log_log(LOG_DEBUG,"nslcd_passwd_byname(%s)",name);,
   NSLCD_ACTION_PASSWD_BYNAME,
   mkfilter_passwd_byname(name,filter,sizeof(filter)),
-  write_passwd(fp,entry,name,NULL)
+  write_passwd(fp,entry,name,NULL,calleruid)
 )
 
-NSLCD_HANDLE(
+NSLCD_HANDLE_UID(
   passwd,byuid,
   uid_t uid;
   char filter[1024];
@@ -474,15 +474,15 @@ NSLCD_HANDLE(
   log_log(LOG_DEBUG,"nslcd_passwd_byuid(%d)",(int)uid);,
   NSLCD_ACTION_PASSWD_BYUID,
   mkfilter_passwd_byuid(uid,filter,sizeof(filter)),
-  write_passwd(fp,entry,NULL,&uid)
+  write_passwd(fp,entry,NULL,&uid,calleruid)
 )
 
-NSLCD_HANDLE(
+NSLCD_HANDLE_UID(
   passwd,all,
   const char *filter;
   /* no parameters to read */,
   log_log(LOG_DEBUG,"nslcd_passwd_all()");,
   NSLCD_ACTION_PASSWD_ALL,
   (filter=passwd_filter,0),
-  write_passwd(fp,entry,NULL,NULL)
+  write_passwd(fp,entry,NULL,NULL,calleruid)
 )
author	Arthur de Jong <arthur@arthurdejong.org>	2009-08-12 21:41:10 +0000
committer	Arthur de Jong <arthur@arthurdejong.org>	2009-08-12 21:41:10 +0000
commit	8974d0b9bf3326e3e4fae7719df0091231c8132f (patch)
tree	0584c6d3580c4b9b6a6e8e1be7be0d6e08cb3503
parent	6c9a27d1bfed99845b22d0784ffcf3cf24978489 (diff)