|
|
@ -28,6 +28,8 @@
|
|
|
|
#include <asm/unistd.h>
|
|
|
|
#include <asm/unistd.h>
|
|
|
|
|
|
|
|
|
|
|
|
#define PAM_LDAP_PATH_CONF "/etc/ldap.conf"
|
|
|
|
#define PAM_LDAP_PATH_CONF "/etc/ldap.conf"
|
|
|
|
|
|
|
|
#define PASSWD "/etc/passwd"
|
|
|
|
|
|
|
|
#define CACHE_PASSWD "/var/lib/calculate/calculate-client/cache/passwd"
|
|
|
|
#define PAM_SM_AUTH
|
|
|
|
#define PAM_SM_AUTH
|
|
|
|
#define MAX_V 30
|
|
|
|
#define MAX_V 30
|
|
|
|
#define WAITTIME 30
|
|
|
|
#define WAITTIME 30
|
|
|
@ -205,7 +207,7 @@ _release_config (pam_config_t ** pconfig)
|
|
|
|
static int
|
|
|
|
static int
|
|
|
|
_check_ldap (int retry_count)
|
|
|
|
_check_ldap (int retry_count)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
int result;
|
|
|
|
int result = PAM_SERVICE_ERR;
|
|
|
|
int timelimit = 3;
|
|
|
|
int timelimit = 3;
|
|
|
|
struct berval userpw;
|
|
|
|
struct berval userpw;
|
|
|
|
struct berval *servcred;
|
|
|
|
struct berval *servcred;
|
|
|
@ -239,7 +241,7 @@ _check_ldap (int retry_count)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if(ld != NULL)
|
|
|
|
if(ld != NULL)
|
|
|
|
ldap_unbind(ld);
|
|
|
|
ldap_unbind_ext(ld,NULL,NULL);
|
|
|
|
_release_config(&config);
|
|
|
|
_release_config(&config);
|
|
|
|
return result;
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -248,16 +250,50 @@ int file_exists(const char *fname) {
|
|
|
|
return access(fname, 0) != -1;
|
|
|
|
return access(fname, 0) != -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// serach user in passwd type file
|
|
|
|
|
|
|
|
int search_user(const char *username, char *filename) {
|
|
|
|
|
|
|
|
char buf[BUFSIZ];
|
|
|
|
|
|
|
|
FILE *fd = fopen(filename,"r");
|
|
|
|
|
|
|
|
if(fd != NULL) {
|
|
|
|
|
|
|
|
while( fgets(buf,BUFSIZ,fd) ) {
|
|
|
|
|
|
|
|
char *tail = buf;
|
|
|
|
|
|
|
|
char *token = strsep(&tail,":");
|
|
|
|
|
|
|
|
if(token != NULL && strcmp(token,username) == 0) {
|
|
|
|
|
|
|
|
fclose(fd);
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
fclose(fd);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// check: is local user?
|
|
|
|
|
|
|
|
int local_user(const char *username) {
|
|
|
|
|
|
|
|
int pUser = search_user(username,PASSWD);
|
|
|
|
|
|
|
|
int cUser = search_user(username,CACHE_PASSWD);
|
|
|
|
|
|
|
|
// local user is user which found in /etc/passwd only
|
|
|
|
|
|
|
|
return (pUser && !cUser)?1:0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Authentication function
|
|
|
|
// Authentication function
|
|
|
|
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
|
|
|
|
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
|
|
|
|
,int argc, const char **argv)
|
|
|
|
,int argc, const char **argv)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
int retval;
|
|
|
|
char *boot_client="/etc/runlevels/boot/client";
|
|
|
|
char *boot_client="/etc/runlevels/boot/client";
|
|
|
|
char *default_client="/etc/runlevels/default/client";
|
|
|
|
char *default_client="/etc/runlevels/default/client";
|
|
|
|
char *started_client="/run/openrc/started/client";
|
|
|
|
char *started_client="/run/openrc/started/client";
|
|
|
|
char *started_local="/run/openrc/started/local";
|
|
|
|
char *started_local="/run/openrc/started/local";
|
|
|
|
char *ldap_conf="/etc/ldap.conf";
|
|
|
|
char *ldap_conf="/etc/ldap.conf";
|
|
|
|
|
|
|
|
const char *login;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// get username
|
|
|
|
|
|
|
|
retval = pam_get_user(pamh, &login, "login: ");
|
|
|
|
|
|
|
|
// don't wait ldap for authentificate local user
|
|
|
|
|
|
|
|
if(retval == PAM_SUCCESS && login && local_user(login))
|
|
|
|
|
|
|
|
return PAM_SUCCESS;
|
|
|
|
|
|
|
|
|
|
|
|
// wait for client daemon
|
|
|
|
// wait for client daemon
|
|
|
|
if (file_exists(boot_client) || file_exists(default_client)) {
|
|
|
|
if (file_exists(boot_client) || file_exists(default_client)) {
|
|
|
|