nss-pam-ldapd commit: r1315 - nss-pam-ldapd/nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd commit: r1315 - nss-pam-ldapd/nslcd
Date: Wed, 17 Nov 2010 21:08:10 +0100 (CET)

Author: arthur
Date: Wed Nov 17 21:08:09 2010
New Revision: 1315
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1315

Log:
return correct PAM status code for when LDAP server is unavailable (based on a 
patch by Pierre Gambarotto)

Modified:
   nss-pam-ldapd/nslcd/common.h
   nss-pam-ldapd/nslcd/pam.c
   nss-pam-ldapd/nslcd/passwd.c

Modified: nss-pam-ldapd/nslcd/common.h
==============================================================================
--- nss-pam-ldapd/nslcd/common.h        Wed Nov 17 20:55:27 2010        (r1314)
+++ nss-pam-ldapd/nslcd/common.h        Wed Nov 17 21:08:09 2010        (r1315)
@@ -89,7 +89,7 @@
 MUST_USE char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t 
buflen);
 
 /* use the user id to lookup an LDAP entry */
-MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid);
+MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp);
 
 /* transforms the uid into a DN by doing an LDAP lookup */
 MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t 
buflen);

Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c   Wed Nov 17 20:55:27 2010        (r1314)
+++ nss-pam-ldapd/nslcd/pam.c   Wed Nov 17 21:08:09 2010        (r1315)
@@ -69,6 +69,7 @@
 static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz,
                          char *username,size_t usernamesz)
 {
+  int rc;
   MYLDAP_ENTRY *entry=NULL;
   const char *value;
   const char **values;
@@ -76,17 +77,17 @@
   if (!isvalidname(username))
   {
     log_log(LOG_WARNING,"\"%s\": invalid user name",username);
-    return LDAP_INVALID_SYNTAX;
+    return LDAP_NO_SUCH_OBJECT;
   }
   /* look up user DN if not known */
   if (userdn[0]=='\0')
   {
     /* get the user entry based on the username */
-    entry=uid2entry(session,username);
+    entry=uid2entry(session,username,&rc);
     if (entry==NULL)
     {
-      log_log(LOG_WARNING,"\"%s\": user not found",username);
-      return LDAP_NO_SUCH_OBJECT;
+      log_log(LOG_WARNING,"\"%s\": user not found: 
%s",username,ldap_err2string(rc));
+      return rc;
     }
     /* get the DN */
     myldap_cpy_dn(entry,userdn,userdnsz);
@@ -165,8 +166,17 @@
       strcpy(password,nslcd_cfg->ldc_rootpwmodpw);
     }
   }
-  else if 
(validate_user(session,userdn,sizeof(userdn),username,sizeof(username))!=LDAP_SUCCESS)
+  else if 
((rc=validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))!=LDAP_SUCCESS)
   {
+    if (rc!=LDAP_NO_SUCH_OBJECT)
+    {
+      WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+      WRITE_STRING(fp,username);
+      WRITE_STRING(fp,"");
+      WRITE_INT32(fp,NSLCD_PAM_AUTHINFO_UNAVAIL);  /* authc */
+      WRITE_INT32(fp,NSLCD_PAM_AUTHINFO_UNAVAIL);  /* authz */
+      WRITE_STRING(fp,"LDAP server unavaiable"); /* authzmsg */
+    }
     WRITE_INT32(fp,NSLCD_RESULT_END);
     return -1;
   }

Modified: nss-pam-ldapd/nslcd/passwd.c
==============================================================================
--- nss-pam-ldapd/nslcd/passwd.c        Wed Nov 17 20:55:27 2010        (r1314)
+++ nss-pam-ldapd/nslcd/passwd.c        Wed Nov 17 21:08:09 2010        (r1315)
@@ -252,7 +252,7 @@
   return uid;
 }
 
-MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid)
+MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp)
 {
   MYLDAP_SEARCH *search=NULL;
   MYLDAP_ENTRY *entry=NULL;
@@ -270,7 +270,7 @@
   mkfilter_passwd_byname(uid,filter,sizeof(filter));
   for (i=0;(i<NSS_LDAP_CONFIG_MAX_BASES)&&((base=passwd_bases[i])!=NULL);i++)
   {
-    search=myldap_search(session,base,passwd_scope,filter,attrs,NULL);
+    search=myldap_search(session,base,passwd_scope,filter,attrs,rcp);
     if (search==NULL)
       return NULL;
     entry=myldap_get_entry(search,NULL);
@@ -284,7 +284,7 @@
 {
   MYLDAP_ENTRY *entry;
   /* look up the entry */
-  entry=uid2entry(session,uid);
+  entry=uid2entry(session,uid,NULL);
   if (entry==NULL)
     return NULL;
   /* get DN */
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits

nss-pam-ldapd commit: r1315 - nss-pam-ldapd/nslcd, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd commit: r1314 - nss-pam-ldapd/nslcd
Next by Date: nss-pam-ldapd commit: r1316 - nss-pam-ldapd/nslcd
Previous by thread: nss-pam-ldapd commit: r1314 - nss-pam-ldapd/nslcd
Next by thread: nss-pam-ldapd commit: r1316 - nss-pam-ldapd/nslcd