Browse Source

Отключено ожидание LDAP при аутентификации локального пользователя

Локальным пользователем считается пользователь, присутствующий в
/etc/passwd и отсутствующий в кэше calculate-client.
master 0.2.1
Mike khiretskiy 9 years ago
parent
commit
ed01048c14
  1. 3
      README
  2. 40
      pam_client.c

3
README

@ -1,6 +1,7 @@
This is the README file for the library pam_client.
Library pam_client designed to wait for client daemon before
LDAP authorization and to wait for LDAP service.
LDAP authorization and to wait for the LDAP service.
The module should not wait the LDAP service if a user is local.
Installation
----------

40
pam_client.c

@ -28,6 +28,8 @@
#include <asm/unistd.h>
#define PAM_LDAP_PATH_CONF "/etc/ldap.conf"
#define PASSWD "/etc/passwd"
#define CACHE_PASSWD "/var/lib/calculate/calculate-client/cache/passwd"
#define PAM_SM_AUTH
#define MAX_V 30
#define WAITTIME 30
@ -205,7 +207,7 @@ _release_config (pam_config_t ** pconfig)
static int
_check_ldap (int retry_count)
{
int result;
int result = PAM_SERVICE_ERR;
int timelimit = 3;
struct berval userpw;
struct berval *servcred;
@ -239,7 +241,7 @@ _check_ldap (int retry_count)
}
}
if(ld != NULL)
ldap_unbind(ld);
ldap_unbind_ext(ld,NULL,NULL);
_release_config(&config);
return result;
}
@ -248,16 +250,50 @@ int file_exists(const char *fname) {
return access(fname, 0) != -1;
}
// serach user in passwd type file
int search_user(const char *username, char *filename) {
char buf[BUFSIZ];
FILE *fd = fopen(filename,"r");
if(fd != NULL) {
while( fgets(buf,BUFSIZ,fd) ) {
char *tail = buf;
char *token = strsep(&tail,":");
if(token != NULL && strcmp(token,username) == 0) {
fclose(fd);
return 1;
}
}
fclose(fd);
}
return 0;
}
// check: is local user?
int local_user(const char *username) {
int pUser = search_user(username,PASSWD);
int cUser = search_user(username,CACHE_PASSWD);
// local user is user which found in /etc/passwd only
return (pUser && !cUser)?1:0;
}
// Authentication function
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
,int argc, const char **argv)
{
int i;
int retval;
char *boot_client="/etc/runlevels/boot/client";
char *default_client="/etc/runlevels/default/client";
char *started_client="/run/openrc/started/client";
char *started_local="/run/openrc/started/local";
char *ldap_conf="/etc/ldap.conf";
const char *login;
// get username
retval = pam_get_user(pamh, &login, "login: ");
// don't wait ldap for authentificate local user
if(retval == PAM_SUCCESS && login && local_user(login))
return PAM_SUCCESS;
// wait for client daemon
if (file_exists(boot_client) || file_exists(default_client)) {

Loading…
Cancel
Save