X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=contrib%2Fslapd-modules%2Fnssov%2Fnssov.c;h=e734e3b2b223b6dc6356cf6dc88659c1e4e1c39a;hb=2214e47a2cf7c7776191c7e19390863cba16da6b;hp=35062dca3a53328a4b6279ec03bc2988a95c149a;hpb=5dad37ff1eb89b7d9ee3f13a88c9992bbcfca049;p=openldap diff --git a/contrib/slapd-modules/nssov/nssov.c b/contrib/slapd-modules/nssov/nssov.c index 35062dca3a..e734e3b2b2 100644 --- a/contrib/slapd-modules/nssov/nssov.c +++ b/contrib/slapd-modules/nssov/nssov.c @@ -2,8 +2,9 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2008-2012 The OpenLDAP Foundation. + * Copyright 2008-2013 The OpenLDAP Foundation. * Portions Copyright 2008 by Howard Chu, Symas Corp. + * Portions Copyright 2013 by Ted C. Cheng, Symas Corp. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -250,13 +251,50 @@ static int read_header(TFILE *fp,int32_t *action) return 0; } +int nssov_config(nssov_info *ni,TFILE *fp,Operation *op) +{ + int opt; + int32_t tmpint32; + struct berval *msg = BER_BVC(""); + int rc = NSLCD_PAM_SUCCESS; + + READ_INT32(fp,opt); + + Debug(LDAP_DEBUG_TRACE, "nssov_config (%d)\n",opt,0,0); + + switch (opt) { + case NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE: + /* request for pam password_prothibit_message */ + /* nssov_pam prohibits password */ + if (!BER_BVISEMPTY(&ni->ni_pam_password_prohibit_message)) { + Debug(LDAP_DEBUG_TRACE,"nssov_config(): %s (%s)\n", + "password_prohibit_message", + ni->ni_pam_password_prohibit_message.bv_val,0); + msg = &ni->ni_pam_password_prohibit_message; + rc = NSLCD_PAM_PERM_DENIED; + } + /* fall through */ + default: + break; + } + +done:; + WRITE_INT32(fp,NSLCD_VERSION); + WRITE_INT32(fp,NSLCD_ACTION_CONFIG_GET); + WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_BERVAL(fp,msg); + WRITE_INT32(fp,NSLCD_RESULT_END); + return 0; +} + + /* read a request message, returns <0 in case of errors, this function closes the socket */ static void handleconnection(nssov_info *ni,int sock,Operation *op) { TFILE *fp; int32_t action; - struct timeval readtimeout,writetimeout; + int readtimeout,writetimeout; uid_t uid; gid_t gid; char authid[sizeof("gidNumber=4294967295+uidNumber=424967295,cn=peercred,cn=external,cn=auth")]; @@ -272,17 +310,19 @@ static void handleconnection(nssov_info *ni,int sock,Operation *op) /* Should do authid mapping too */ op->o_dn.bv_len = sprintf(authid,"gidNumber=%d+uidNumber=%d,cn=peercred,cn=external,cn=auth", - (int)uid, (int)gid ); + (int)gid, (int)uid ); op->o_dn.bv_val = authid; op->o_ndn = op->o_dn; - /* set the timeouts */ - readtimeout.tv_sec=0; /* clients should send their request quickly */ - readtimeout.tv_usec=500000; - writetimeout.tv_sec=5; /* clients could be taking some time to process the results */ - writetimeout.tv_usec=0; + /* set the timeouts: + * read timeout is half a second because clients should send their request + * quickly, write timeout is 60 seconds because clients could be taking some + * time to process the results + */ + readtimeout = 500; + writetimeout = 60000; /* create a stream object */ - if ((fp=tio_fdopen(sock,&readtimeout,&writetimeout, + if ((fp=tio_fdopen(sock,readtimeout,writetimeout, READBUFFER_MINSIZE,READBUFFER_MAXSIZE, WRITEBUFFER_MINSIZE,WRITEBUFFER_MAXSIZE))==NULL) { @@ -334,6 +374,7 @@ static void handleconnection(nssov_info *ni,int sock,Operation *op) case NSLCD_ACTION_PAM_SESS_O: if (uid==0) (void)pam_sess_o(ni,fp,op); break; case NSLCD_ACTION_PAM_SESS_C: if (uid==0) (void)pam_sess_c(ni,fp,op); break; case NSLCD_ACTION_PAM_PWMOD: (void)pam_pwmod(ni,fp,op); break; + case NSLCD_ACTION_CONFIG_GET: (void)nssov_config(ni,fp,op); break; default: Debug( LDAP_DEBUG_ANY,"nssov: invalid request id: %d",(int)action,0,0); break; @@ -492,11 +533,35 @@ static ConfigTable nsscfg[] = { "DESC 'Default template login name' " "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, - { "nssov-pam-session", "service", 2, 2, 0, ARG_MAGIC|ARG_BERVAL|NSS_PAMSESS, + { "nssov-pam-session", "service", 2, 2, 0, ARG_MAGIC|NSS_PAMSESS, nss_cf_gen, "(OLcfgCtAt:3.11 NAME 'olcNssPamSession' " "DESC 'Services for which sessions will be recorded' " "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString )", NULL, NULL }, + { "nssov-pam-password-prohibit-message", + "password_prohibit_message", 2, 2, 0, + ARG_OFFSET|ARG_BERVAL, + (void *)offsetof(struct nssov_info, ni_pam_password_prohibit_message), + "(OLcfgCtAt:3.12 NAME 'olcNssPamPwdProhibitMsg' " + "DESC 'Prohibit password modification message' " + "EQUALITY caseIgnoreMatch " + "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, + { "nssov-pam-pwdmgr-dn", + "pwdmgr_dn", 2, 2, 0, + ARG_OFFSET|ARG_BERVAL, + (void *)offsetof(struct nssov_info, ni_pam_pwdmgr_dn), + "(OLcfgCtAt:3.13 NAME 'olcPamPwdmgrDn' " + "DESC 'Password Manager DN' " + "EQUALITY distinguishedNameMatch " + "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, + { "nssov-pam-pwdmgr-pwd", + "pwdmgr_pwd", 2, 2, 0, + ARG_OFFSET|ARG_BERVAL, + (void *)offsetof(struct nssov_info, ni_pam_pwdmgr_pwd), + "(OLcfgCtAt:3.14 NAME 'olcPamPwdmgrPwd' " + "DESC 'Password Manager Pwd' " + "EQUALITY octetStringMatch " + "SYNTAX OMsOctetString SINGLE-VALUE )", NULL, NULL }, { NULL, NULL, 0,0,0, ARG_IGNORED } }; @@ -694,6 +759,7 @@ nss_cf_gen(ConfigArgs *c) ch_free( c->value_dn.bv_val ); break; case NSS_PAMSESS: + ber_str2bv( c->argv[1], 0, 1, &c->value_bv ); ber_bvarray_add( &ni->ni_pam_sessions, &c->value_bv ); break; }