From 8da06617a7eb0f44c98bdc2bbeed6365b7affc78 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 29 Apr 2009 00:29:11 +0000
Subject: [PATCH] Add nssov-pam-session keyword to select which services will
 be recorded in session management

---
 contrib/slapd-modules/nssov/nssov.c | 18 +++++++++++++++++-
 contrib/slapd-modules/nssov/nssov.h |  1 +
 contrib/slapd-modules/nssov/pam.c   | 15 ++++++++++++++-
 3 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/contrib/slapd-modules/nssov/nssov.c b/contrib/slapd-modules/nssov/nssov.c
index 5a5878ad96..60d41291c3 100644
--- a/contrib/slapd-modules/nssov/nssov.c
+++ b/contrib/slapd-modules/nssov/nssov.c
@@ -426,6 +426,7 @@ enum {
 	NSS_MAP,
 	NSS_PAM,
 	NSS_PAMGROUP,
+	NSS_PAMSESS
 };
 
 static ConfigDriver nss_cf_gen;
@@ -487,6 +488,11 @@ static ConfigTable nsscfg[] = {
 			"DESC 'Default template login name' "
 			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-session", "service", 2, 2, 0, ARG_MAGIC|ARG_BERVAL|NSS_PAMSESS,
+		nss_cf_gen, "(OLcfgCtAt:3.11 NAME 'olcNssPamSession' "
+			"DESC 'Services for which sessions will be recorded' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ NULL, NULL, 0,0,0, ARG_IGNORED }
 };
 
@@ -497,7 +503,7 @@ static ConfigOCs nssocs[] = {
 		"SUP olcOverlayConfig "
 		"MAY ( olcNssSsd $ olcNssMap $ olcNssPam $ olcNssPamDefHost $ "
 			"olcNssPamGroupDN $ olcNssPamGroupAD $ "
-			"olcNssPamMinUid $ olcNssPamMaxUid $ "
+			"olcNssPamMinUid $ olcNssPamMaxUid $ olcNssPamSession $ "
 			"olcNssPamTemplateAD $ olcNssPamTemplate ) )",
 		Cft_Overlay, nsscfg },
 	{ NULL, 0, NULL }
@@ -577,6 +583,13 @@ nss_cf_gen(ConfigArgs *c)
 				rc = 1;
 			}
 			break;
+		case NSS_PAMSESS:
+			if (ni->ni_pam_sessions) {
+				ber_bvarray_dup_x( &c->rvalue_vals, ni->ni_pam_sessions, NULL );
+			} else {
+				rc = 1;
+			}
+			break;
 		}
 		return rc;
 	} else if ( c->op == LDAP_MOD_DELETE ) {
@@ -676,6 +689,9 @@ nss_cf_gen(ConfigArgs *c)
 		ni->ni_pam_group_dn = c->value_ndn;
 		ch_free( c->value_dn.bv_val );
 		break;
+	case NSS_PAMSESS:
+		ber_bvarray_add( &ni->ni_pam_sessions, &c->value_bv );
+		break;
 	}
 	return rc;
 }
diff --git a/contrib/slapd-modules/nssov/nssov.h b/contrib/slapd-modules/nssov/nssov.h
index 54f8fa91d3..54b2f55e5f 100644
--- a/contrib/slapd-modules/nssov/nssov.h
+++ b/contrib/slapd-modules/nssov/nssov.h
@@ -74,6 +74,7 @@ typedef struct nssov_info
 	AttributeDescription *ni_pam_template_ad;
 	struct berval ni_pam_template;
 	struct berval ni_pam_defhost;
+	struct berval *ni_pam_sessions;
 } nssov_info;
 
 #define NI_PAM_USERHOST		1	/* old style host checking */
diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c
index 0401c8d7e8..1578075e93 100644
--- a/contrib/slapd-modules/nssov/pam.c
+++ b/contrib/slapd-modules/nssov/pam.c
@@ -494,7 +494,20 @@ static int pam_sess(nssov_info *ni,TFILE *fp,Operation *op,int action)
 	Debug(LDAP_DEBUG_TRACE,"nssov_pam_sess_%c(%s)\n",
 		action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c', dn.bv_val,0);
 
-	if (!dn.bv_len) return 0;
+	if (!dn.bv_len || !ni->ni_pam_sessions) return 0;
+
+	{
+		int i, found=0;
+		for (i=0; !BER_BVISNULL(&ni->ni_pam_sessions[i]); i++) {
+			if (ni->ni_pam_sessions[i].bv_len != svc.bv_len)
+				continue;
+			if (!strcasecmp(ni->ni_pam_sessions[i].bv_val, svc.bv_val)) {
+				found = 1;
+				break;
+			}
+		}
+		if (!found) return 0;
+	}
 
 	slap_op_time( &op->o_time, &op->o_tincr );
 	timestamp.bv_len = sizeof(timebuf);
-- 
2.39.5