nss-pam-ldapd commit: r1314 - nss-pam-ldapd/nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd commit: r1314 - nss-pam-ldapd/nslcd
Date: Wed, 17 Nov 2010 20:55:28 +0100 (CET)

Author: arthur
Date: Wed Nov 17 20:55:27 2010
New Revision: 1314
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1314

Log:
switch all internal functions to return an LDAP status code

Modified:
   nss-pam-ldapd/nslcd/pam.c

Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c   Wed Nov 17 20:41:42 2010        (r1313)
+++ nss-pam-ldapd/nslcd/pam.c   Wed Nov 17 20:55:27 2010        (r1314)
@@ -42,8 +42,8 @@
 #define HOST_NAME_MAX 255
 #endif /* not HOST_NAME_MAX */
 
-/* set up a connection and try to bind with the specified DN and password
-   returns a NSLCD_PAM_* error code */
+/* set up a connection and try to bind with the specified DN and password,
+   returns an LDAP result code */
 static int try_bind(const char *userdn,const char *password)
 {
   MYLDAP_SESSION *session;
@@ -52,24 +52,20 @@
   /* set up a new connection */
   session=myldap_create_session();
   if (session==NULL)
-    return NSLCD_PAM_AUTH_ERR;
+    return LDAP_UNAVAILABLE;
   /* set up credentials for the session */
   myldap_set_credentials(session,userdn,password);
   /* perform search for own object (just to do any kind of search) */
   if 
((lookup_dn2uid(session,userdn,&rc,buffer,sizeof(buffer))==NULL)&&(rc==LDAP_SUCCESS))
-    rc=LDAP_LOCAL_ERROR;
+    rc=LDAP_LOCAL_ERROR; /* fall back to any error in case function failed 
with success */
   /* close the session */
   myldap_session_close(session);
-  /* handle the results */
-  switch(rc)
-  {
-    case LDAP_SUCCESS:             return NSLCD_PAM_SUCCESS;
-    case LDAP_INVALID_CREDENTIALS: return NSLCD_PAM_AUTH_ERR;
-    default:                       return NSLCD_PAM_AUTH_ERR;
-  }
+  /* return results */
+  return rc;
 }
 
-/* ensure that both userdn and username are filled in from the entry */
+/* ensure that both userdn and username are filled in from the entry,
+   returns an LDAP result code */
 static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz,
                          char *username,size_t usernamesz)
 {
@@ -80,7 +76,7 @@
   if (!isvalidname(username))
   {
     log_log(LOG_WARNING,"\"%s\": invalid user name",username);
-    return -1;
+    return LDAP_INVALID_SYNTAX;
   }
   /* look up user DN if not known */
   if (userdn[0]=='\0')
@@ -90,14 +86,14 @@
     if (entry==NULL)
     {
       log_log(LOG_WARNING,"\"%s\": user not found",username);
-      return -1;
+      return LDAP_NO_SUCH_OBJECT;
     }
     /* get the DN */
     myldap_cpy_dn(entry,userdn,userdnsz);
     if (strcasecmp(userdn,"unknown")==0)
     {
       log_log(LOG_WARNING,"\"%s\": user has no DN",username);
-      return -1;
+      return LDAP_NO_SUCH_OBJECT;
     }
     /* get the "real" username */
     value=myldap_get_rdn_value(entry,attmap_passwd_uid);
@@ -114,7 +110,7 @@
     if ((value==NULL)||!isvalidname(value)||strlen(value)>=usernamesz)
     {
       log_log(LOG_WARNING,"\"%s\": DN %s has invalid 
username",username,userdn);
-      return -1;
+      return LDAP_INVALID_SYNTAX;
     }
     /* check if the username is different and update it if needed */
     if (strcmp(username,value)!=0)
@@ -124,7 +120,7 @@
     }
   }
   /* all check passed */
-  return 0;
+  return LDAP_SUCCESS;
 }
 
 /* check authentication credentials of the user */
@@ -169,15 +165,22 @@
       strcpy(password,nslcd_cfg->ldc_rootpwmodpw);
     }
   }
-  else if 
(validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))
+  else if 
(validate_user(session,userdn,sizeof(userdn),username,sizeof(username))!=LDAP_SUCCESS)
   {
     WRITE_INT32(fp,NSLCD_RESULT_END);
     return -1;
   }
   /* try authentication */
   rc=try_bind(userdn,password);
-  if (rc==NSLCD_PAM_SUCCESS)
+  if (rc==LDAP_SUCCESS)
     log_log(LOG_DEBUG,"bind successful");
+  /* map result code */
+  switch(rc)
+  {
+    case LDAP_SUCCESS:             rc=NSLCD_PAM_SUCCESS;
+    case LDAP_INVALID_CREDENTIALS: rc=NSLCD_PAM_AUTH_ERR;
+    default:                       rc=NSLCD_PAM_AUTH_ERR;
+  }
   /* write response */
   WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
   WRITE_STRING(fp,username);
@@ -238,6 +241,7 @@
            element in the dict) */
 }
 
+/* perform an authorisation search, returns an LDAP status code */
 static int try_autzsearch(MYLDAP_SESSION *session,DICT *dict,const char 
*searchfilter)
 {
   char filter_buffer[1024];
@@ -250,7 +254,7 @@
                  autzsearch_var_get,(void *)dict)==NULL)
   {
     log_log(LOG_ERR,"pam_authz_search \"%s\" is invalid",searchfilter);
-    return -1;
+    return LDAP_LOCAL_ERROR;
   }
   log_log(LOG_DEBUG,"trying pam_authz_search \"%s\"",filter_buffer);
   /* perform the search */
@@ -263,18 +267,18 @@
   {
     log_log(LOG_ERR,"pam_authz_search \"%s\" failed: %s",
             filter_buffer,ldap_err2string(rc));
-    return -1;
+    return rc;
   }
   /* try to get an entry */
-  entry=myldap_get_entry(search,NULL);
+  entry=myldap_get_entry(search,&rc);
   if (entry==NULL)
   {
     log_log(LOG_ERR,"pam_authz_search \"%s\" found no matches",filter_buffer);
-    return -1;
+    return rc;
   }
   log_log(LOG_DEBUG,"pam_authz_search found \"%s\"",myldap_get_dn(entry));
   /* we've found an entry so it's OK */
-  return 0;
+  return LDAP_SUCCESS;
 }
 
 /* check authorisation of the user */
@@ -302,7 +306,7 @@
   WRITE_INT32(fp,NSLCD_VERSION);
   WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHZ);
   /* validate request and fill in the blanks */
-  if (validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))
+  if 
(validate_user(session,userdn,sizeof(userdn),username,sizeof(username))!=LDAP_SUCCESS)
   {
     WRITE_INT32(fp,NSLCD_RESULT_END);
     return -1;
@@ -321,7 +325,7 @@
     /* TODO: fqdn */
     autzsearch_var_add(dict,"dn",userdn);
     autzsearch_var_add(dict,"uid",username);
-    if (try_autzsearch(session,dict,nslcd_cfg->ldc_pam_authz_search))
+    if 
(try_autzsearch(session,dict,nslcd_cfg->ldc_pam_authz_search)!=LDAP_SUCCESS)
     {
       WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
       WRITE_STRING(fp,username);
@@ -472,7 +476,7 @@
     }
   }
   /* validate request and fill in the blanks */
-  if (validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))
+  if 
(validate_user(session,userdn,sizeof(userdn),username,sizeof(username))!=LDAP_SUCCESS)
   {
     WRITE_INT32(fp,NSLCD_RESULT_END);
     return -1;
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits

nss-pam-ldapd commit: r1314 - nss-pam-ldapd/nslcd, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd commit: r1313 - nss-pam-ldapd/nslcd
Next by Date: nss-pam-ldapd commit: r1315 - nss-pam-ldapd/nslcd
Previous by thread: nss-pam-ldapd commit: r1313 - nss-pam-ldapd/nslcd
Next by thread: nss-pam-ldapd commit: r1315 - nss-pam-ldapd/nslcd