Отключено ожидание LDAP при аутентификации локального пользователя

Локальным пользователем считается пользователь, присутствующий в /etc/passwd и отсутствующий в кэше calculate-client.
9 years ago · ed01048c14
2 changed files with 40 additions and 3 deletions
--- a/3
+++ b/3
@ -1,6 +1,7 @@
 This is the README file for the library pam_client.
 Library pam_client designed to wait for client daemon before
-LDAP authorization and to wait for LDAP service.
+LDAP authorization and to wait for the LDAP service.
+The module should not wait the LDAP service if a user is local.

 Installation
 ----------
--- a/pam_client.c
+++ b/pam_client.c
@ -28,6 +28,8 @@
 #include <asm/unistd.h>

 #define PAM_LDAP_PATH_CONF "/etc/ldap.conf"
+#define PASSWD "/etc/passwd"
+#define CACHE_PASSWD "/var/lib/calculate/calculate-client/cache/passwd"
 #define PAM_SM_AUTH
 #define MAX_V 30
 #define WAITTIME 30
@ -205,7 +207,7 @@ _release_config (pam_config_t ** pconfig)
 static int
 _check_ldap (int retry_count)
 {
-  int result;
+  int result = PAM_SERVICE_ERR;
  int timelimit = 3;
  struct berval userpw;
  struct berval *servcred;
@ -239,7 +241,7 @@ _check_ldap (int retry_count)
    }
  }
  if(ld != NULL)
-    ldap_unbind(ld);
+    ldap_unbind_ext(ld,NULL,NULL);
  _release_config(&config);
  return result;
 }
@ -248,16 +250,50 @@ int file_exists(const char *fname) {
  return access(fname, 0) != -1;
 }

+// serach user in passwd type file
+int search_user(const char *username, char *filename) {
+    char buf[BUFSIZ];
+    FILE *fd = fopen(filename,"r");
+    if(fd != NULL) {
+        while( fgets(buf,BUFSIZ,fd) ) {
+            char *tail = buf;
+            char *token = strsep(&tail,":");
+            if(token != NULL && strcmp(token,username) == 0) {
+                fclose(fd);
+                return 1;
+            }
+        }
+        fclose(fd);
+    }
+    return 0;
+}
+
+// check: is local user?
+int local_user(const char *username) {
+    int pUser = search_user(username,PASSWD);
+    int cUser = search_user(username,CACHE_PASSWD);
+    // local user is user which found in /etc/passwd only
+    return (pUser && !cUser)?1:0;
+}
+
 // Authentication function
 PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
                                   ,int argc, const char **argv)
 {
 int i;
+ int retval;
 char *boot_client="/etc/runlevels/boot/client";
 char *default_client="/etc/runlevels/default/client";
 char *started_client="/run/openrc/started/client";
 char *started_local="/run/openrc/started/local";
 char *ldap_conf="/etc/ldap.conf";
+ const char *login;
+
+ // get username
+ retval = pam_get_user(pamh, &login, "login: ");
+ // don't wait ldap for authentificate local user
+ if(retval == PAM_SUCCESS && login && local_user(login))
+    return PAM_SUCCESS;

 // wait for client daemon
 if (file_exists(boot_client) || file_exists(default_client)) {