nss-pam-ldapd commit: r1367 - in nss-pam-ldapd: man nslcd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd commit: r1367 - in nss-pam-ldapd: man nslcd
- From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
- To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd commit: r1367 - in nss-pam-ldapd: man nslcd
- Date: Sat, 29 Jan 2011 21:15:57 +0100 (CET)
Author: arthur
Date: Sat Jan 29 21:15:56 2011
New Revision: 1367
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1367
Log:
implement a fqdn variable that can be used inside pam_authz_search filters
Modified:
nss-pam-ldapd/man/nslcd.conf.5.xml
nss-pam-ldapd/nslcd/cfg.c
nss-pam-ldapd/nslcd/common.c
nss-pam-ldapd/nslcd/common.h
nss-pam-ldapd/nslcd/pam.c
Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml Sun Jan 23 21:59:42 2011 (r1366)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml Sat Jan 29 21:15:56 2011 (r1367)
@@ -685,6 +685,7 @@
<literal>$username</literal>, <literal>$service</literal>,
<literal>$ruser</literal>, <literal>$rhost</literal>,
<literal>$tty</literal>, <literal>$hostname</literal>,
+ <literal>$fqdn</literal>,
<literal>$dn</literal>, and <literal>$uid</literal>.
These references are substituted in the search filter using the
same syntax as described in the section on attribute mapping
Modified: nss-pam-ldapd/nslcd/cfg.c
==============================================================================
--- nss-pam-ldapd/nslcd/cfg.c Sun Jan 23 21:59:42 2011 (r1366)
+++ nss-pam-ldapd/nslcd/cfg.c Sat Jan 29 21:15:56 2011 (r1367)
@@ -160,60 +160,17 @@
cfg->ldc_uris[i].uri=xstrdup(uri);
}
-#ifndef HOST_NAME_MAX
-#define HOST_NAME_MAX 255
-#endif /* not HOST_NAME_MAX */
-
#ifdef HAVE_LDAP_DOMAIN2HOSTLIST
/* return the domain name of the current host
the returned string must be freed by caller */
static char *cfg_getdomainname(const char *filename,int lnr)
{
- char hostname[HOST_NAME_MAX+1],*domain;
- int hostnamelen;
- int i;
- struct hostent *host=NULL;
- /* get system hostname */
- if (gethostname(hostname,sizeof(hostname))<0)
- {
- log_log(LOG_ERR,"%s:%d: gethostname() failed:
%s",filename,lnr,strerror(errno));
- exit (EXIT_FAILURE);
- }
- hostnamelen=strlen(hostname);
- /* lookup hostent */
- host=gethostbyname(hostname);
- if (host==NULL)
- {
- log_log(LOG_ERR,"%s:%d: gethostbyname(%s):
%s",filename,lnr,hostname,hstrerror(h_errno));
- exit(EXIT_FAILURE);
- }
- /* check h_name for fqdn starting with our hostname */
- if ((strncasecmp(hostname,host->h_name,hostnamelen)==0)&&
- (host->h_name[hostnamelen]=='.')&&
- (host->h_name[hostnamelen+1]!='\0'))
- return strdup(host->h_name+hostnamelen+1);
- /* also check h_aliases */
- for (i=0;host->h_aliases[i]!=NULL;i++)
- {
- if ((strncasecmp(hostname,host->h_aliases[i],hostnamelen)==0)&&
- (host->h_aliases[i][hostnamelen]=='.')&&
- (host->h_aliases[i][hostnamelen+1]!='\0'))
- return strdup(host->h_aliases[i]+hostnamelen+1);
- }
- /* fall back to any domain part in h_name */
- if (((domain=strchr(host->h_name,'.'))!=NULL)&&
- (domain[1]!='\0'))
- return strdup(domain+1);
- /* also check h_aliases */
- for (i=0;host->h_aliases[i]!=NULL;i++)
- {
- if (((domain=strchr(host->h_aliases[i],'.'))!=NULL)&&
- (domain[1]!='\0'))
- return strdup(domain+1);
- }
- /* we've tried everything now */
- log_log(LOG_ERR,"%s:%d: unable to determinate a domainname for hostname %s",
- filename,lnr,hostname);
+ char *fqdn,*domain;
+ fqdn=getfqdn();
+ if ((fqdn!=NULL)&&((domain=strchr(fqdn,'.'))!=NULL)&&(domain[1]!='\0'))
+ return domain+1;
+ log_log(LOG_ERR,"%s:%d: unable to determinate a domain name",
+ filename,lnr);
exit(EXIT_FAILURE);
}
@@ -251,7 +208,6 @@
/* get next entry from list */
hostlist=nxt;
}
- free(domain);
}
#endif /* HAVE_LDAP_DOMAIN2HOSTLIST */
Modified: nss-pam-ldapd/nslcd/common.c
==============================================================================
--- nss-pam-ldapd/nslcd/common.c Sun Jan 23 21:59:42 2011 (r1366)
+++ nss-pam-ldapd/nslcd/common.c Sat Jan 29 21:15:56 2011 (r1367)
@@ -31,6 +31,8 @@
#include <arpa/inet.h>
#include <strings.h>
#include <limits.h>
+#include <netdb.h>
+#include <string.h>
#include "nslcd.h"
#include "common.h"
@@ -52,6 +54,76 @@
return ((res<0)||(((size_t)res)>=buflen));
}
+#ifndef HOST_NAME_MAX
+#define HOST_NAME_MAX 255
+#endif /* not HOST_NAME_MAX */
+
+/* return the fully qualified domain name of the current host */
+const char *getfqdn(void)
+{
+ static char *fqdn=NULL;
+ char hostname[HOST_NAME_MAX+1];
+ int hostnamelen;
+ int i;
+ struct hostent *host=NULL;
+ /* if we already have a fqdn return that */
+ if (fqdn!=NULL)
+ return fqdn;
+ /* get system hostname */
+ if (gethostname(hostname,sizeof(hostname))<0)
+ {
+ log_log(LOG_ERR,"gethostname() failed: %s",strerror(errno));
+ return NULL;
+ }
+ hostnamelen=strlen(hostname);
+ /* lookup hostent */
+ host=gethostbyname(hostname);
+ if (host==NULL)
+ {
+ log_log(LOG_ERR,"gethostbyname(%s): %s",hostname,hstrerror(h_errno));
+ /* fall back to hostname */
+ fqdn=strdup(hostname);
+ return fqdn;
+ }
+ /* check h_name for fqdn starting with our hostname */
+ if ((strncasecmp(hostname,host->h_name,hostnamelen)==0)&&
+ (host->h_name[hostnamelen]=='.')&&
+ (host->h_name[hostnamelen+1]!='\0'))
+ {
+ fqdn=strdup(host->h_name);
+ return fqdn;
+ }
+ /* also check h_aliases */
+ for (i=0;host->h_aliases[i]!=NULL;i++)
+ {
+ if ((strncasecmp(hostname,host->h_aliases[i],hostnamelen)==0)&&
+ (host->h_aliases[i][hostnamelen]=='.')&&
+ (host->h_aliases[i][hostnamelen+1]!='\0'))
+ {
+ fqdn=host->h_aliases[i];
+ return fqdn;
+ }
+ }
+ /* fall back to h_name if it has a dot in it */
+ if (strchr(host->h_name,'.')!=NULL)
+ {
+ fqdn=strdup(host->h_name);
+ return fqdn;
+ }
+ /* also check h_aliases */
+ for (i=0;host->h_aliases[i]!=NULL;i++)
+ {
+ if (strchr(host->h_aliases[i],'.')!=NULL)
+ {
+ fqdn=strdup(host->h_aliases[i]);
+ return fqdn;
+ }
+ }
+ /* nothing found, fall back to hostname */
+ fqdn=strdup(hostname);
+ return fqdn;
+}
+
const char *get_userpassword(MYLDAP_ENTRY *entry,const char *attr,char
*buffer,size_t buflen)
{
const char *tmpvalue;
Modified: nss-pam-ldapd/nslcd/common.h
==============================================================================
--- nss-pam-ldapd/nslcd/common.h Sun Jan 23 21:59:42 2011 (r1366)
+++ nss-pam-ldapd/nslcd/common.h Sat Jan 29 21:15:56 2011 (r1367)
@@ -54,6 +54,11 @@
int mysnprintf(char *buffer,size_t buflen,const char *format, ...)
LIKE_PRINTF(3,4);
+/* return the fully qualified domain name of the current host
+ the returned value does not need to be freed but is re-used for every
+ call */
+MUST_USE const char *getfqdn(void);
+
/* This tries to get the user password attribute from the entry.
It will try to return an encrypted password as it is used in /etc/passwd,
/etc/group or /etc/shadow depending upon what is in the directory.
Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c Sun Jan 23 21:59:42 2011 (r1366)
+++ nss-pam-ldapd/nslcd/pam.c Sat Jan 29 21:15:56 2011 (r1367)
@@ -318,7 +318,7 @@
char userdn[256];
char servicename[64];
char ruser[256],rhost[HOST_NAME_MAX+1],tty[64];
- char hostname[HOST_NAME_MAX+1];
+ char hostname[HOST_NAME_MAX+1],*fqdn;
DICT *dict;
/* read request parameters */
READ_STRING(fp,username);
@@ -351,7 +351,8 @@
autzsearch_var_add(dict,"tty",tty);
if (gethostname(hostname,sizeof(hostname))==0)
autzsearch_var_add(dict,"hostname",hostname);
- /* TODO: fqdn */
+ if ((fqdn=getfqdn())!=NULL)
+ autzsearch_var_add(dict,"fqdn",fqdn);
autzsearch_var_add(dict,"dn",userdn);
autzsearch_var_add(dict,"uid",username);
if
(try_autzsearch(session,dict,nslcd_cfg->ldc_pam_authz_search)!=LDAP_SUCCESS)
--
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits
- nss-pam-ldapd commit: r1367 - in nss-pam-ldapd: man nslcd,
Commits of the nss-pam-ldapd project
