From: Howard Chu Date: Wed, 3 Jun 2009 01:40:03 +0000 (+0000) Subject: Added ruser and rhost to authz params X-Git-Tag: ACLCHECK_0~524 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6cc1cf81c1211f74219d43e36f91ab82642c027f;p=openldap Added ruser and rhost to authz params --- diff --git a/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c b/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c index 2d9c8d1bda..77d00a134f 100644 --- a/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c +++ b/contrib/slapd-modules/nssov/nss-ldapd/nss/pam.c @@ -358,12 +358,15 @@ static enum nss_status pam_read_authz( } static enum nss_status pam_do_authz( - pld_ctx *ctx, const char *svc,int *errnop) + pld_ctx *ctx, const char *svc, const char *ruser, const char *rhost, + int *errnop) { NSS_BYGEN(NSLCD_ACTION_PAM_AUTHZ, WRITE_STRING(fp,ctx->user); WRITE_STRING(fp,ctx->dn); - WRITE_STRING(fp,svc), + WRITE_STRING(fp,svc); + WRITE_STRING(fp,ruser); + WRITE_STRING(fp,rhost), pam_read_authz(fp,ctx,errnop)); } @@ -371,7 +374,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, int argc, const char **argv) { int rc, err; - const char *username, *svc; + const char *username, *svc, *ruser, *rhost; int no_warn = 0, ignore_flags = 0; int i; struct pam_conv *appconv; @@ -417,9 +420,16 @@ int pam_sm_acct_mgmt( if (rc != PAM_SUCCESS) return rc; + rc = pam_get_item (pamh, PAM_RUSER, (CONST_ARG void **) &ruser); + if (rc != PAM_SUCCESS) + return rc; + + rc = pam_get_item (pamh, PAM_RHOST, (CONST_ARG void **) &rhost); + if (rc != PAM_SUCCESS) + return rc; ctx2.dn = ctx->dn; ctx2.user = ctx->user; - rc = pam_do_authz(&ctx2, svc, &err); + rc = pam_do_authz(&ctx2, svc, ruser, rhost, &err); NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); if (rc != PAM_SUCCESS) { if (rc != PAM_IGNORE) diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c index 1578075e93..a87d6c444a 100644 --- a/contrib/slapd-modules/nssov/pam.c +++ b/contrib/slapd-modules/nssov/pam.c @@ -255,12 +255,14 @@ static struct berval uidmsg = int pam_authz(nssov_info *ni,TFILE *fp,Operation *op) { - struct berval dn, uid, svc; + struct berval dn, uid, svc, ruser, rhost; struct berval authzmsg = BER_BVNULL; int32_t tmpint32; char dnc[1024]; char uidc[32]; char svcc[256]; + char ruserc[32]; + char rhostc[256]; int rc = NSLCD_PAM_SUCCESS; Entry *e = NULL; Attribute *a; @@ -276,6 +278,12 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op) READ_STRING_BUF2(fp,svcc,sizeof(svcc)); svc.bv_val = svcc; svc.bv_len = tmpint32; + READ_STRING_BUF2(fp,svcc,sizeof(ruserc)); + ruser.bv_val = ruserc; + ruser.bv_len = tmpint32; + READ_STRING_BUF2(fp,svcc,sizeof(rhostc)); + rhost.bv_val = rhostc; + rhost.bv_len = tmpint32; Debug(LDAP_DEBUG_TRACE,"nssov_pam_authz(%s)\n",dn.bv_val,0,0);