Отключено ожидание LDAP при аутентификации локального пользователя

Локальным пользователем считается пользователь, присутствующий в
/etc/passwd и отсутствующий в кэше calculate-client.
master 0.2.1
Mike khiretskiy 11 years ago
parent 40eff245f0
commit ed01048c14

@ -1,6 +1,7 @@
This is the README file for the library pam_client. This is the README file for the library pam_client.
Library pam_client designed to wait for client daemon before Library pam_client designed to wait for client daemon before
LDAP authorization and to wait for LDAP service. LDAP authorization and to wait for the LDAP service.
The module should not wait the LDAP service if a user is local.
Installation Installation
---------- ----------

@ -28,6 +28,8 @@
#include <asm/unistd.h> #include <asm/unistd.h>
#define PAM_LDAP_PATH_CONF "/etc/ldap.conf" #define PAM_LDAP_PATH_CONF "/etc/ldap.conf"
#define PASSWD "/etc/passwd"
#define CACHE_PASSWD "/var/lib/calculate/calculate-client/cache/passwd"
#define PAM_SM_AUTH #define PAM_SM_AUTH
#define MAX_V 30 #define MAX_V 30
#define WAITTIME 30 #define WAITTIME 30
@ -205,7 +207,7 @@ _release_config (pam_config_t ** pconfig)
static int static int
_check_ldap (int retry_count) _check_ldap (int retry_count)
{ {
int result; int result = PAM_SERVICE_ERR;
int timelimit = 3; int timelimit = 3;
struct berval userpw; struct berval userpw;
struct berval *servcred; struct berval *servcred;
@ -239,7 +241,7 @@ _check_ldap (int retry_count)
} }
} }
if(ld != NULL) if(ld != NULL)
ldap_unbind(ld); ldap_unbind_ext(ld,NULL,NULL);
_release_config(&config); _release_config(&config);
return result; return result;
} }
@ -248,16 +250,50 @@ int file_exists(const char *fname) {
return access(fname, 0) != -1; return access(fname, 0) != -1;
} }
// serach user in passwd type file
int search_user(const char *username, char *filename) {
char buf[BUFSIZ];
FILE *fd = fopen(filename,"r");
if(fd != NULL) {
while( fgets(buf,BUFSIZ,fd) ) {
char *tail = buf;
char *token = strsep(&tail,":");
if(token != NULL && strcmp(token,username) == 0) {
fclose(fd);
return 1;
}
}
fclose(fd);
}
return 0;
}
// check: is local user?
int local_user(const char *username) {
int pUser = search_user(username,PASSWD);
int cUser = search_user(username,CACHE_PASSWD);
// local user is user which found in /etc/passwd only
return (pUser && !cUser)?1:0;
}
// Authentication function // Authentication function
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
,int argc, const char **argv) ,int argc, const char **argv)
{ {
int i; int i;
int retval;
char *boot_client="/etc/runlevels/boot/client"; char *boot_client="/etc/runlevels/boot/client";
char *default_client="/etc/runlevels/default/client"; char *default_client="/etc/runlevels/default/client";
char *started_client="/run/openrc/started/client"; char *started_client="/run/openrc/started/client";
char *started_local="/run/openrc/started/local"; char *started_local="/run/openrc/started/local";
char *ldap_conf="/etc/ldap.conf"; char *ldap_conf="/etc/ldap.conf";
const char *login;
// get username
retval = pam_get_user(pamh, &login, "login: ");
// don't wait ldap for authentificate local user
if(retval == PAM_SUCCESS && login && local_user(login))
return PAM_SUCCESS;
// wait for client daemon // wait for client daemon
if (file_exists(boot_client) || file_exists(default_client)) { if (file_exists(boot_client) || file_exists(default_client)) {

Loading…
Cancel
Save