|
|
|
@ -31,6 +31,7 @@
|
|
|
|
|
#define PAM_SM_AUTH
|
|
|
|
|
#define MAX_V 30
|
|
|
|
|
#define WAITTIME 30
|
|
|
|
|
#define WAITTIMELDAP 60
|
|
|
|
|
|
|
|
|
|
typedef struct pam_config
|
|
|
|
|
{
|
|
|
|
@ -205,10 +206,11 @@ static int
|
|
|
|
|
_check_ldap (int retry_count)
|
|
|
|
|
{
|
|
|
|
|
int result;
|
|
|
|
|
int timelimit = 3;
|
|
|
|
|
struct berval userpw;
|
|
|
|
|
struct berval *servcred;
|
|
|
|
|
char buf[BUFSIZ];
|
|
|
|
|
LDAP *ld;
|
|
|
|
|
LDAP *ld=NULL;
|
|
|
|
|
pam_config_t * config= NULL;
|
|
|
|
|
if(_read_config(NULL,&config) != PAM_SUCCESS) {
|
|
|
|
|
if(config)
|
|
|
|
@ -219,7 +221,9 @@ _check_ldap (int retry_count)
|
|
|
|
|
snprintf(buf,BUFSIZ,"ldap://%s:%d",config->host,config->port);
|
|
|
|
|
if(ldap_initialize(&ld,buf) == LDAP_SUCCESS &&
|
|
|
|
|
ldap_set_option(ld,LDAP_OPT_PROTOCOL_VERSION,
|
|
|
|
|
&config->version) == LDAP_SUCCESS ) {
|
|
|
|
|
&config->version) == LDAP_SUCCESS &&
|
|
|
|
|
ldap_set_option(ld,LDAP_OPT_TIMELIMIT,
|
|
|
|
|
&timelimit) == LDAP_SUCCESS) {
|
|
|
|
|
userpw.bv_val = config->bindpw;
|
|
|
|
|
userpw.bv_len = (userpw.bv_val != 0) ? strlen (userpw.bv_val) : 0;
|
|
|
|
|
for(;retry_count;retry_count--) {
|
|
|
|
@ -234,6 +238,8 @@ _check_ldap (int retry_count)
|
|
|
|
|
sleep(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if(ld != NULL)
|
|
|
|
|
ldap_unbind(ld);
|
|
|
|
|
_release_config(&config);
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
@ -258,7 +264,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
|
|
|
|
|
for(i=0;i<WAITTIME;i++) {
|
|
|
|
|
if(file_exists(started_client) ||
|
|
|
|
|
file_exists(started_local)) {
|
|
|
|
|
if(_check_ldap(WAITTIME-i)==PAM_SUCCESS)
|
|
|
|
|
if(_check_ldap(WAITTIMELDAP-i)!=-1)
|
|
|
|
|
return PAM_SUCCESS;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|