lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1367 - in nss-pam-ldapd: man nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1367 - in nss-pam-ldapd: man nslcd



Author: arthur
Date: Sat Jan 29 21:15:56 2011
New Revision: 1367
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1367

Log:
implement a fqdn variable that can be used inside pam_authz_search filters

Modified:
   nss-pam-ldapd/man/nslcd.conf.5.xml
   nss-pam-ldapd/nslcd/cfg.c
   nss-pam-ldapd/nslcd/common.c
   nss-pam-ldapd/nslcd/common.h
   nss-pam-ldapd/nslcd/pam.c

Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml  Sun Jan 23 21:59:42 2011        (r1366)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml  Sat Jan 29 21:15:56 2011        (r1367)
@@ -685,6 +685,7 @@
          <literal>$username</literal>, <literal>$service</literal>,
          <literal>$ruser</literal>, <literal>$rhost</literal>,
          <literal>$tty</literal>, <literal>$hostname</literal>,
+         <literal>$fqdn</literal>,
          <literal>$dn</literal>, and <literal>$uid</literal>.
        These references are substituted in the search filter using the
        same syntax as described in the section on attribute mapping

Modified: nss-pam-ldapd/nslcd/cfg.c
==============================================================================
--- nss-pam-ldapd/nslcd/cfg.c   Sun Jan 23 21:59:42 2011        (r1366)
+++ nss-pam-ldapd/nslcd/cfg.c   Sat Jan 29 21:15:56 2011        (r1367)
@@ -160,60 +160,17 @@
   cfg->ldc_uris[i].uri=xstrdup(uri);
 }
 
-#ifndef HOST_NAME_MAX
-#define HOST_NAME_MAX 255
-#endif /* not HOST_NAME_MAX */
-
 #ifdef HAVE_LDAP_DOMAIN2HOSTLIST
 /* return the domain name of the current host
    the returned string must be freed by caller */
 static char *cfg_getdomainname(const char *filename,int lnr)
 {
-  char hostname[HOST_NAME_MAX+1],*domain;
-  int hostnamelen;
-  int i;
-  struct hostent *host=NULL;
-  /* get system hostname */
-  if (gethostname(hostname,sizeof(hostname))<0)
-  {
-    log_log(LOG_ERR,"%s:%d: gethostname() failed: 
%s",filename,lnr,strerror(errno));
-    exit (EXIT_FAILURE);
-  }
-  hostnamelen=strlen(hostname);
-  /* lookup hostent */
-  host=gethostbyname(hostname);
-  if (host==NULL)
-  {
-    log_log(LOG_ERR,"%s:%d: gethostbyname(%s): 
%s",filename,lnr,hostname,hstrerror(h_errno));
-    exit(EXIT_FAILURE);
-  }
-  /* check h_name for fqdn starting with our hostname */
-  if ((strncasecmp(hostname,host->h_name,hostnamelen)==0)&&
-      (host->h_name[hostnamelen]=='.')&&
-      (host->h_name[hostnamelen+1]!='\0'))
-    return strdup(host->h_name+hostnamelen+1);
-  /* also check h_aliases */
-  for (i=0;host->h_aliases[i]!=NULL;i++)
-  {
-    if ((strncasecmp(hostname,host->h_aliases[i],hostnamelen)==0)&&
-        (host->h_aliases[i][hostnamelen]=='.')&&
-        (host->h_aliases[i][hostnamelen+1]!='\0'))
-      return strdup(host->h_aliases[i]+hostnamelen+1);
-  }
-  /* fall back to any domain part in h_name */
-  if (((domain=strchr(host->h_name,'.'))!=NULL)&&
-      (domain[1]!='\0'))
-    return strdup(domain+1);
-  /* also check h_aliases */
-  for (i=0;host->h_aliases[i]!=NULL;i++)
-  {
-    if (((domain=strchr(host->h_aliases[i],'.'))!=NULL)&&
-        (domain[1]!='\0'))
-      return strdup(domain+1);
-  }
-  /* we've tried everything now */
-  log_log(LOG_ERR,"%s:%d: unable to determinate a domainname for hostname %s",
-          filename,lnr,hostname);
+  char *fqdn,*domain;
+  fqdn=getfqdn();
+  if ((fqdn!=NULL)&&((domain=strchr(fqdn,'.'))!=NULL)&&(domain[1]!='\0'))
+    return domain+1;
+  log_log(LOG_ERR,"%s:%d: unable to determinate a domain name",
+          filename,lnr);
   exit(EXIT_FAILURE);
 }
 
@@ -251,7 +208,6 @@
     /* get next entry from list */
     hostlist=nxt;
   }
-  free(domain);
 }
 #endif /* HAVE_LDAP_DOMAIN2HOSTLIST */
 

Modified: nss-pam-ldapd/nslcd/common.c
==============================================================================
--- nss-pam-ldapd/nslcd/common.c        Sun Jan 23 21:59:42 2011        (r1366)
+++ nss-pam-ldapd/nslcd/common.c        Sat Jan 29 21:15:56 2011        (r1367)
@@ -31,6 +31,8 @@
 #include <arpa/inet.h>
 #include <strings.h>
 #include <limits.h>
+#include <netdb.h>
+#include <string.h>
 
 #include "nslcd.h"
 #include "common.h"
@@ -52,6 +54,76 @@
   return ((res<0)||(((size_t)res)>=buflen));
 }
 
+#ifndef HOST_NAME_MAX
+#define HOST_NAME_MAX 255
+#endif /* not HOST_NAME_MAX */
+
+/* return the fully qualified domain name of the current host */
+const char *getfqdn(void)
+{
+  static char *fqdn=NULL;
+  char hostname[HOST_NAME_MAX+1];
+  int hostnamelen;
+  int i;
+  struct hostent *host=NULL;
+  /* if we already have a fqdn return that */
+  if (fqdn!=NULL)
+    return fqdn;
+  /* get system hostname */
+  if (gethostname(hostname,sizeof(hostname))<0)
+  {
+    log_log(LOG_ERR,"gethostname() failed: %s",strerror(errno));
+    return NULL;
+  }
+  hostnamelen=strlen(hostname);
+  /* lookup hostent */
+  host=gethostbyname(hostname);
+  if (host==NULL)
+  {
+    log_log(LOG_ERR,"gethostbyname(%s): %s",hostname,hstrerror(h_errno));
+    /* fall back to hostname */
+    fqdn=strdup(hostname);
+    return fqdn;
+  }
+  /* check h_name for fqdn starting with our hostname */
+  if ((strncasecmp(hostname,host->h_name,hostnamelen)==0)&&
+      (host->h_name[hostnamelen]=='.')&&
+      (host->h_name[hostnamelen+1]!='\0'))
+  {
+    fqdn=strdup(host->h_name);
+    return fqdn;
+  }
+  /* also check h_aliases */
+  for (i=0;host->h_aliases[i]!=NULL;i++)
+  {
+    if ((strncasecmp(hostname,host->h_aliases[i],hostnamelen)==0)&&
+        (host->h_aliases[i][hostnamelen]=='.')&&
+        (host->h_aliases[i][hostnamelen+1]!='\0'))
+    {
+      fqdn=host->h_aliases[i];
+      return fqdn;
+    }
+  }
+  /* fall back to h_name if it has a dot in it */
+  if (strchr(host->h_name,'.')!=NULL)
+  {
+    fqdn=strdup(host->h_name);
+    return fqdn;
+  }
+  /* also check h_aliases */
+  for (i=0;host->h_aliases[i]!=NULL;i++)
+  {
+    if (strchr(host->h_aliases[i],'.')!=NULL)
+    {
+      fqdn=strdup(host->h_aliases[i]);
+      return fqdn;
+    }
+  }
+  /* nothing found, fall back to hostname */
+  fqdn=strdup(hostname);
+  return fqdn;
+}
+
 const char *get_userpassword(MYLDAP_ENTRY *entry,const char *attr,char 
*buffer,size_t buflen)
 {
   const char *tmpvalue;

Modified: nss-pam-ldapd/nslcd/common.h
==============================================================================
--- nss-pam-ldapd/nslcd/common.h        Sun Jan 23 21:59:42 2011        (r1366)
+++ nss-pam-ldapd/nslcd/common.h        Sat Jan 29 21:15:56 2011        (r1367)
@@ -54,6 +54,11 @@
 int mysnprintf(char *buffer,size_t buflen,const char *format, ...)
   LIKE_PRINTF(3,4);
 
+/* return the fully qualified domain name of the current host
+   the returned value does not need to be freed but is re-used for every
+   call */
+MUST_USE const char *getfqdn(void);
+
 /* This tries to get the user password attribute from the entry.
    It will try to return an encrypted password as it is used in /etc/passwd,
    /etc/group or /etc/shadow depending upon what is in the directory.

Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c   Sun Jan 23 21:59:42 2011        (r1366)
+++ nss-pam-ldapd/nslcd/pam.c   Sat Jan 29 21:15:56 2011        (r1367)
@@ -318,7 +318,7 @@
   char userdn[256];
   char servicename[64];
   char ruser[256],rhost[HOST_NAME_MAX+1],tty[64];
-  char hostname[HOST_NAME_MAX+1];
+  char hostname[HOST_NAME_MAX+1],*fqdn;
   DICT *dict;
   /* read request parameters */
   READ_STRING(fp,username);
@@ -351,7 +351,8 @@
     autzsearch_var_add(dict,"tty",tty);
     if (gethostname(hostname,sizeof(hostname))==0)
       autzsearch_var_add(dict,"hostname",hostname);
-    /* TODO: fqdn */
+    if ((fqdn=getfqdn())!=NULL)
+      autzsearch_var_add(dict,"fqdn",fqdn);
     autzsearch_var_add(dict,"dn",userdn);
     autzsearch_var_add(dict,"uid",username);
     if 
(try_autzsearch(session,dict,nslcd_cfg->ldc_pam_authz_search)!=LDAP_SUCCESS)
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits