lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1394 - nss-pam-ldapd/pam

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1394 - nss-pam-ldapd/pam



Author: arthur
Date: Mon Mar 14 22:42:59 2011
New Revision: 1394
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1394

Log:
check for user existence before trying password change

Modified:
   nss-pam-ldapd/pam/pam.c

Modified: nss-pam-ldapd/pam/pam.c
==============================================================================
--- nss-pam-ldapd/pam/pam.c     Mon Mar 14 21:19:16 2011        (r1393)
+++ nss-pam-ldapd/pam/pam.c     Mon Mar 14 22:42:59 2011        (r1394)
@@ -246,6 +246,28 @@
   }
 }
 
+/* check whether the specified user is handled by nslcd */
+static int nslcd_request_exists(pam_handle_t *pamh,struct pld_ctx *ctx,struct 
pld_cfg *cfg,
+                                const char *username)
+{
+  uid_t dummy_uid;
+  gid_t dummy_gid;
+  PAM_REQUEST(NSLCD_ACTION_PASSWD_BYNAME,
+    /* log debug message */
+    pam_syslog(pamh,LOG_DEBUG,"nslcd authentication; user=%s",username),
+    /* write the request parameters */
+    WRITE_STRING(fp,username),
+    /* read the result entry */
+    SKIP_STRING(fp); /* user name */
+    SKIP_STRING(fp); /* passwd entry */
+    READ_TYPE(fp,dummy_uid,uid_t);
+    READ_TYPE(fp,dummy_gid,gid_t);
+    SKIP_STRING(fp); /* gecos */
+    SKIP_STRING(fp); /* home dir */
+    SKIP_STRING(fp); /* shell */
+  )
+}
+
 /* perform an authentication call over nslcd */
 static int nslcd_request_authc(pam_handle_t *pamh,struct pld_ctx *ctx,struct 
pld_cfg *cfg,
                                const char *username,const char *service,
@@ -523,6 +545,13 @@
   rc=init(pamh,flags,argc,argv,&cfg,&ctx,&username,&service);
   if (rc!=PAM_SUCCESS)
     return rc;
+  /* see if we are dealing with an LDAP user first */
+  if (ctx->dn==NULL)
+  {
+    rc=nslcd_request_exists(pamh,ctx,&cfg,username);
+    if (rc!=PAM_SUCCESS)
+      return remap_pam_rc(rc,&cfg);
+  }
   /* prelimenary check, just see if we can connect to the LDAP server
      and authenticate with the current password */
   if (flags&PAM_PRELIM_CHECK)
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits