diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2009-06-03 08:04:17 +0000 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2009-06-03 08:04:17 +0000 |
| commit | cc78257dcbf5d2bd46b49883a588459714377df0 (patch) | |
| tree | cb09de653812c59bac2b635adfe83ec8e7b35adb | |
| parent | 5480a01ddfb7aa98188365ebf890c127946ef3d9 (diff) | |
change authorisation request to also include ruser, rhost and tty (based on OpenLDAP cvs)
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@916 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | nslcd.h | 7 | ||||
| -rw-r--r-- | nslcd/pam.c | 9 | ||||
| -rw-r--r-- | pam/pam.c | 24 |
3 files changed, 33 insertions, 7 deletions
@@ -202,8 +202,11 @@ STRING authorisation error message */ #define NSLCD_ACTION_PAM_AUTHC 20001 -/* PAM authorisation check request. This request does not have any extra - request values. The result value ends with: +/* PAM authorisation check request. The extra request values are: + STRING ruser + STRING rhost + STRING tty + and the result value ends with: INT32 authz NSLCD_PAM_* result code STRING authorisation error message */ #define NSLCD_ACTION_PAM_AUTHZ 20002 diff --git a/nslcd/pam.c b/nslcd/pam.c index e251749..fc543ed 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -159,12 +159,19 @@ int nslcd_pam_authz(TFILE *fp,MYLDAP_SESSION *session) char username[256]; char userdn[256]; char servicename[64]; + char ruser[32]; + char rhost[256]; + char tty[256]; /* read request parameters */ READ_STRING(fp,username); READ_STRING(fp,userdn); READ_STRING(fp,servicename); + READ_STRING(fp,ruser); + READ_STRING(fp,rhost); + READ_STRING(fp,tty); /* log call */ - log_log(LOG_DEBUG,"nslcd_pam_authz(\"%s\",\"%s\",\"%s\")",username,userdn,servicename); + log_log(LOG_DEBUG,"nslcd_pam_authz(\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\")", + username,userdn,servicename,ruser,rhost,tty); /* write the response header */ WRITE_INT32(fp,NSLCD_VERSION); WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHZ); @@ -347,13 +347,17 @@ static int pam_warn( } /* perform an authorisation call over nslcd */ -static int nslcd_request_authz(pld_ctx *ctx,const char *username,const char *svc) +static int nslcd_request_authz(pld_ctx *ctx,const char *username, + const char *svc,const char *ruser,const char *rhost,const char *tty) { PAM_REQUEST(NSLCD_ACTION_PAM_AUTHZ, /* write the request parameters */ WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); - WRITE_STRING(fp,svc), + WRITE_STRING(fp,svc); + WRITE_STRING(fp,ruser); + WRITE_STRING(fp,rhost); + WRITE_STRING(fp,tty), /* read the result entry */ READ_BUF_STRING(fp,ctx->tmpluser); READ_BUF_STRING(fp,ctx->dn); @@ -364,7 +368,7 @@ static int nslcd_request_authz(pld_ctx *ctx,const char *username,const char *svc int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc,const char **argv) { int rc; - const char *username,*svc; + const char *username,*svc,*ruser,*rhost,*tty; int no_warn=0, ignore_flags=0; int i; struct pam_conv *appconv; @@ -410,9 +414,21 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc,const char **argv) if (rc!=PAM_SUCCESS) return rc; + rc=pam_get_item (pamh,PAM_RUSER,(const void **)&ruser); + if (rc!=PAM_SUCCESS) + return rc; + + rc=pam_get_item (pamh,PAM_RHOST,(const void **)&rhost); + if (rc!=PAM_SUCCESS) + return rc; + + rc=pam_get_item (pamh,PAM_TTY,(const void **)&tty); + if (rc!=PAM_SUCCESS) + return rc; + ctx2.dn=ctx->dn; ctx2.user=ctx->user; - rc=nslcd_request_authz(&ctx2,username,svc); + rc=nslcd_request_authz(&ctx2,username,svc,ruser,rhost,tty); if ((rc==PAM_AUTHINFO_UNAVAIL)&&(ignore_flags&IGNORE_UNAVAIL)) rc=PAM_IGNORE; else if ((rc==PAM_USER_UNKNOWN)&&(ignore_flags&IGNORE_UNKNOWN)) |