is a Name Service Switch (NSS) module and Pluggable Authentication Module (PAM) that allows your LDAP server to provide user account, group, host name, alias, netgroup, and basically any other information that you would normally get from /etc flat files or NIS. It also allows you to do authentication to an LDAP server.
| myldap.c (nss-pam-ldapd-0.9.11) | : | myldap.c (nss-pam-ldapd-0.9.12) |
|---|
| /* | | /* |
| myldap.c - simple interface to do LDAP requests | | myldap.c - simple interface to do LDAP requests |
| Parts of this file were part of the nss_ldap library (as ldap-nss.c) | | Parts of this file were part of the nss_ldap library (as ldap-nss.c) |
| which has been forked into the nss-pam-ldapd library. | | which has been forked into the nss-pam-ldapd library. |
| | |
| Copyright (C) 1997-2006 Luke Howard | | Copyright (C) 1997-2006 Luke Howard |
| Copyright (C) 2006-2007 West Consulting | | Copyright (C) 2006-2007 West Consulting |
|
| Copyright (C) 2006-2017 Arthur de Jong | | Copyright (C) 2006-2020 Arthur de Jong |
| | |
| This library is free software; you can redistribute it and/or | | This library is free software; you can redistribute it and/or |
| modify it under the terms of the GNU Lesser General Public | | modify it under the terms of the GNU Lesser General Public |
| License as published by the Free Software Foundation; either | | License as published by the Free Software Foundation; either |
| version 2.1 of the License, or (at your option) any later version. | | version 2.1 of the License, or (at your option) any later version. |
| | |
| This library is distributed in the hope that it will be useful, | | This library is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. | | Lesser General Public License for more details. |
| | |
| skipping to change at line 635 | | skipping to change at line 635 |
|---|
| ldap_msgfree(result); | | ldap_msgfree(result); |
| return LDAP_LOCAL_ERROR; | | return LDAP_LOCAL_ERROR; |
| } | | } |
| if (rc == 0) /* the timeout expired */ | | if (rc == 0) /* the timeout expired */ |
| { | | { |
| log_log(LOG_ERR, "ldap_result() timed out"); | | log_log(LOG_ERR, "ldap_result() timed out"); |
| if (result != NULL) | | if (result != NULL) |
| ldap_msgfree(result); | | ldap_msgfree(result); |
| return LDAP_TIMEOUT; | | return LDAP_TIMEOUT; |
| } | | } |
|
| | /* parse the result from the bind operation (frees result, gets controls) */ |
| responsectrls = NULL; | | responsectrls = NULL; |
|
| /* ignore any response controls unless we're interested in ppolicy */ | | parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, &responsectrls, |
| if (nslcd_cfg->pam_authc_ppolicy) | | 1); |
| | if (parserc != LDAP_SUCCESS) |
| { | | { |
|
| /* parse the result from the bind operation (frees result, gets controls) */ | | myldap_err(LOG_ERR, ld, parserc, "ldap_parse_result() failed"); |
| parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, &responsectrl | | |
| s, 1); | | |
| if (parserc != LDAP_SUCCESS) | | |
| { | | |
| myldap_err(LOG_ERR, ld, parserc, "ldap_parse_result() failed"); | | |
| if (responsectrls != NULL) | | |
| ldap_controls_free(responsectrls); | | |
| return parserc; | | |
| } | | |
| /* handle any returned controls */ | | |
| if (responsectrls != NULL) | | if (responsectrls != NULL) |
|
| { | | |
| handle_ppolicy_controls(session, ld, responsectrls); | | |
| ldap_controls_free(responsectrls); | | ldap_controls_free(responsectrls); |
|
| } | | return parserc; |
| | } |
| | /* handle any returned controls */ |
| | if (responsectrls != NULL) |
| | { |
| | if (nslcd_cfg->pam_authc_ppolicy) |
| | handle_ppolicy_controls(session, ld, responsectrls); |
| | ldap_controls_free(responsectrls); |
| } | | } |
| /* return the result of the BIND operation */ | | /* return the result of the BIND operation */ |
| if (rc != LDAP_SUCCESS) | | if (rc != LDAP_SUCCESS) |
| { | | { |
| myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result"); | | myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result"); |
| return rc; | | return rc; |
| } | | } |
|
| /* check the returned controls */ | | |
| return LDAP_SUCCESS; | | return LDAP_SUCCESS; |
| } | | } |
| #endif /* no SASL, so no ppolicy */ | | #endif /* no SASL, so no ppolicy */ |
| | |
| /* This function performs the authentication phase of opening a connection. | | /* This function performs the authentication phase of opening a connection. |
| The binddn and bindpw parameters may be used to override the authentication | | The binddn and bindpw parameters may be used to override the authentication |
| mechanism defined in the configuration. This returns an LDAP result | | mechanism defined in the configuration. This returns an LDAP result |
| code. */ | | code. */ |
| static int do_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri) | | static int do_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri) |
| { | | { |
| | |
| skipping to change at line 914 | | skipping to change at line 910 |
|---|
| log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_DEREF,%d)", | | log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_DEREF,%d)", |
| nslcd_cfg->deref); | | nslcd_cfg->deref); |
| LDAP_SET_OPTION(session->ld, LDAP_OPT_DEREF, &nslcd_cfg->deref); | | LDAP_SET_OPTION(session->ld, LDAP_OPT_DEREF, &nslcd_cfg->deref); |
| log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_TIMELIMIT,%d)", | | log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_TIMELIMIT,%d)", |
| nslcd_cfg->timelimit); | | nslcd_cfg->timelimit); |
| LDAP_SET_OPTION(session->ld, LDAP_OPT_TIMELIMIT, &nslcd_cfg->timelimit); | | LDAP_SET_OPTION(session->ld, LDAP_OPT_TIMELIMIT, &nslcd_cfg->timelimit); |
| tv.tv_sec = nslcd_cfg->bind_timelimit; | | tv.tv_sec = nslcd_cfg->bind_timelimit; |
| tv.tv_usec = 0; | | tv.tv_usec = 0; |
| #ifdef LDAP_OPT_TIMEOUT | | #ifdef LDAP_OPT_TIMEOUT |
| log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_TIMEOUT,%d)", | | log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_TIMEOUT,%d)", |
|
| nslcd_cfg->timelimit); | | nslcd_cfg->bind_timelimit); |
| LDAP_SET_OPTION(session->ld, LDAP_OPT_TIMEOUT, &tv); | | LDAP_SET_OPTION(session->ld, LDAP_OPT_TIMEOUT, &tv); |
| #endif /* LDAP_OPT_TIMEOUT */ | | #endif /* LDAP_OPT_TIMEOUT */ |
| #ifdef LDAP_OPT_NETWORK_TIMEOUT | | #ifdef LDAP_OPT_NETWORK_TIMEOUT |
| log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,%d)", | | log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,%d)", |
|
| nslcd_cfg->timelimit); | | nslcd_cfg->bind_timelimit); |
| LDAP_SET_OPTION(session->ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); | | LDAP_SET_OPTION(session->ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); |
| #endif /* LDAP_OPT_NETWORK_TIMEOUT */ | | #endif /* LDAP_OPT_NETWORK_TIMEOUT */ |
| #ifdef LDAP_X_OPT_CONNECT_TIMEOUT | | #ifdef LDAP_X_OPT_CONNECT_TIMEOUT |
| log_log(LOG_DEBUG, "ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%d)", | | log_log(LOG_DEBUG, "ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%d)", |
|
| nslcd_cfg->timelimit); | | nslcd_cfg->bind_timelimit); |
| LDAP_SET_OPTION(session->ld, LDAP_X_OPT_CONNECT_TIMEOUT, &tv); | | LDAP_SET_OPTION(session->ld, LDAP_X_OPT_CONNECT_TIMEOUT, &tv); |
| #endif /* LDAP_X_OPT_CONNECT_TIMEOUT */ | | #endif /* LDAP_X_OPT_CONNECT_TIMEOUT */ |
| log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_REFERRALS,%s)", | | log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_REFERRALS,%s)", |
| nslcd_cfg->referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF"); | | nslcd_cfg->referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF"); |
| LDAP_SET_OPTION(session->ld, LDAP_OPT_REFERRALS, | | LDAP_SET_OPTION(session->ld, LDAP_OPT_REFERRALS, |
| nslcd_cfg->referrals ? LDAP_OPT_ON : LDAP_OPT_OFF); | | nslcd_cfg->referrals ? LDAP_OPT_ON : LDAP_OPT_OFF); |
| log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)"); | | log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)"); |
| LDAP_SET_OPTION(session->ld, LDAP_OPT_RESTART, LDAP_OPT_ON); | | LDAP_SET_OPTION(session->ld, LDAP_OPT_RESTART, LDAP_OPT_ON); |
| #ifdef LDAP_OPT_CONNECT_CB | | #ifdef LDAP_OPT_CONNECT_CB |
| /* register a connection callback */ | | /* register a connection callback */ |
| | |
| skipping to change at line 1069 | | skipping to change at line 1065 |
|---|
| /* if we have any running searches, don't time out */ | | /* if we have any running searches, don't time out */ |
| for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++) | | for (i = 0; i < MAX_SEARCHES_IN_SESSION; i++) |
| if ((session->searches[i] != NULL) && (session->searches[i]->valid)) | | if ((session->searches[i] != NULL) && (session->searches[i]->valid)) |
| return; | | return; |
| /* consider timeout (there are no running searches) */ | | /* consider timeout (there are no running searches) */ |
| time(¤t_time); | | time(¤t_time); |
| if ((session->lastactivity + nslcd_cfg->idle_timelimit) < current_time) | | if ((session->lastactivity + nslcd_cfg->idle_timelimit) < current_time) |
| { | | { |
| log_log(LOG_DEBUG, "myldap_session_check(): idle_timelimit reached"); | | log_log(LOG_DEBUG, "myldap_session_check(): idle_timelimit reached"); |
| do_close(session); | | do_close(session); |
|
| | /* try to use the first URI from the list again */ |
| | session->current_uri = 0; |
| } | | } |
| } | | } |
| } | | } |
| } | | } |
| | |
| /* This opens connection to an LDAP server, sets all connection options | | /* This opens connection to an LDAP server, sets all connection options |
| and binds to the server. This returns an LDAP status code. */ | | and binds to the server. This returns an LDAP status code. */ |
| static int do_open(MYLDAP_SESSION *session) | | static int do_open(MYLDAP_SESSION *session) |
| { | | { |
| int rc; | | int rc; |
| | | |
| End of changes. 11 change blocks. |
|---|
| 21 lines changed or deleted | | 19 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 