lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r1474 - nss-pam-ldapd/nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r1474 - nss-pam-ldapd/nslcd



Author: arthur
Date: Sun Jun  5 22:18:11 2011
New Revision: 1474
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1474

Log:
check all variables in pam_authz_search to see if they exist

Modified:
   nss-pam-ldapd/nslcd/cfg.c
   nss-pam-ldapd/nslcd/pam.c

Modified: nss-pam-ldapd/nslcd/cfg.c
==============================================================================
--- nss-pam-ldapd/nslcd/cfg.c   Sun Jun  5 22:15:19 2011        (r1473)
+++ nss-pam-ldapd/nslcd/cfg.c   Sun Jun  5 22:18:11 2011        (r1474)
@@ -57,6 +57,7 @@
 #include "log.h"
 #include "cfg.h"
 #include "attmap.h"
+#include "common/expr.h"
 
 struct ldap_config *nslcd_cfg=NULL;
 
@@ -756,6 +757,39 @@
   }
 }
 
+static void parse_pam_authz_search_statement(
+              const char *filename,int lnr,const char *keyword,
+              char *line,struct ldap_config *cfg)
+{
+  SET *set;
+  const char **list;
+  int i;
+  check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0'));
+  cfg->ldc_pam_authz_search=xstrdup(line);
+  /* check the variables used in the expression */
+  set=expr_vars(cfg->ldc_pam_authz_search,NULL);
+  list=set_tolist(set);
+  for (i=0;list[i]!=NULL;i++)
+  {
+    if ((strcmp(list[i],"username")!=0)&&
+        (strcmp(list[i],"service")!=0)&&
+        (strcmp(list[i],"ruser")!=0)&&
+        (strcmp(list[i],"rhost")!=0)&&
+        (strcmp(list[i],"tty")!=0)&&
+        (strcmp(list[i],"hostname")!=0)&&
+        (strcmp(list[i],"fqdn")!=0)&&
+        (strcmp(list[i],"dn")!=0)&&
+        (strcmp(list[i],"uid")!=0))
+    {
+      log_log(LOG_ERR,"%s:%d: unknown variable $%s",filename,lnr,list[i]);
+      exit(EXIT_FAILURE);
+    }
+  }
+  /* free memory */
+  set_free(set);
+  free(list);
+}
+
 static void cfg_read(const char *filename,struct ldap_config *cfg)
 {
   FILE *fp;
@@ -1057,8 +1091,7 @@
     }
     else if (strcasecmp(keyword,"pam_authz_search")==0)
     {
-      check_argumentcount(filename,lnr,keyword,(line!=NULL)&&(*line!='\0'));
-      cfg->ldc_pam_authz_search=xstrdup(line);
+      parse_pam_authz_search_statement(filename,lnr,keyword,line,cfg);
     }
     else if (strcasecmp(keyword,"nss_min_uid")==0)
     {

Modified: nss-pam-ldapd/nslcd/pam.c
==============================================================================
--- nss-pam-ldapd/nslcd/pam.c   Sun Jun  5 22:15:19 2011        (r1473)
+++ nss-pam-ldapd/nslcd/pam.c   Sun Jun  5 22:18:11 2011        (r1474)
@@ -244,7 +244,7 @@
   authzmsg[0]='\0';
   /* read request parameters */
   READ_STRING(fp,username);
-  SKIP_STRING(fp);
+  SKIP_STRING(fp); /* DN */
   READ_STRING(fp,servicename);
   READ_STRING(fp,password);
   /* log call */
@@ -377,7 +377,9 @@
   /* check whether the search filter is configured at all */
   if (!nslcd_cfg->ldc_pam_authz_search)
     return LDAP_SUCCESS;
-  /* build the dictionary with variables */
+  /* build the dictionary with variables
+     NOTE: any variables added here also need to be added to
+           cfg.c:parse_pam_authz_search_statement() */
   dict=dict_new();
   autzsearch_var_add(dict,"username",username);
   autzsearch_var_add(dict,"service",servicename);
@@ -441,7 +443,7 @@
   authzmsg[0]='\0';
   /* read request parameters */
   READ_STRING(fp,username);
-  SKIP_STRING(fp);
+  SKIP_STRING(fp); /* DN */
   READ_STRING(fp,servicename);
   READ_STRING(fp,ruser);
   READ_STRING(fp,rhost);
@@ -497,7 +499,7 @@
   int32_t sessionid;
   /* read request parameters */
   READ_STRING(fp,username);
-  SKIP_STRING(fp);
+  SKIP_STRING(fp); /* DN */
   READ_STRING(fp,servicename);
   READ_STRING(fp,tty);
   READ_STRING(fp,rhost);
@@ -526,7 +528,7 @@
   int32_t sessionid;
   /* read request parameters */
   READ_STRING(fp,username);
-  SKIP_STRING(fp);
+  SKIP_STRING(fp); /* DN */
   READ_STRING(fp,servicename);
   READ_STRING(fp,tty);
   READ_STRING(fp,rhost);
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits