rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-01 01:52:17 +01:00
Code Issues Projects Releases Wiki Activity

Indent code. Add FIXME note. Handle NULL values in debug strings.

Browse Source
This commit is contained in:
Simon Josefsson 2009-02-11 16:50:04 +00:00
parent 3abd8adc95
commit 32e76effae
1 changed files with 102 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
pam_yubico.c
View File

@ -69,7 +69,7 @@
#ifdef HAVE_LIBLDAP #ifdef HAVE_LIBLDAP
#include <ldap.h> #include <ldap.h>
#define PORT_NUMBER LDAP_PORT #define PORT_NUMBER LDAP_PORT
#endif #endif
@ -200,87 +200,98 @@ validate_user_token (const char *authfile,
* yubi_attr= * yubi_attr=
* *
*/ */
static int validate_user_token_ldap (const char * ldapserver, static int
const char * ldapdn, const char * user_attr, validate_user_token_ldap (const char *ldapserver,
const char * yubi_attr, const char * user, const char *ldapdn, const char *user_attr,
const char * token_id) const char *yubi_attr, const char *user,
const char *token_id)
{ {
int retval = 0; int retval = 0;
#ifdef HAVE_LIBLDAP #ifdef HAVE_LIBLDAP
LDAP *ld; LDAP *ld;
LDAPMessage *result, *e; LDAPMessage *result, *e;
BerElement *ber; BerElement *ber;
char *a; char *a;
char **vals; char **vals;
int i, rc; int i, rc;
char find[256]=""; /* FIXME: dont' use hard coded buffers here. */
char sr[128]="("; char find[256] = "";
char sep[2]=","; char sr[128] = "(";
char eq[2]="="; char sep[2] = ",";
char sren[4]="=*)"; char eq[2] = "=";
char sren[4] = "=*)";
strcat(find,user_attr);
strcat(find,eq);
strcat(find,user);
strcat(find,sep);
strcat(find,ldapdn);
strcat(sr,yubi_attr);
strcat(sr,sren);
/* Get a handle to an LDAP connection. */
if ( (ld = ldap_init( ldapserver, PORT_NUMBER )) == NULL ) {
D(( "ldap_init" ));
return( 0 );
}
/* Bind anonymously to the LDAP server. */
rc = ldap_simple_bind_s( ld, NULL, NULL );
if ( rc != LDAP_SUCCESS ) {
D(( "ldap_simple_bind_s: %s", ldap_err2string(rc)));
return( 0 );
}
/* Search for the entry. */
D (( "ldap-dn: %s", find ));
D (( "ldap-filter: %s", sr));
if ( ( rc = ldap_search_ext_s( ld, find, LDAP_SCOPE_BASE,
sr, NULL, 0, NULL, NULL, LDAP_NO_LIMIT,
LDAP_NO_LIMIT, &result ) ) != LDAP_SUCCESS ) {
D(( "ldap_search_ext_s: %s", ldap_err2string(rc)));
return( 0 );
}
e = ldap_first_entry( ld, result ); strcat (find, user_attr);
if ( e != NULL ) { strcat (find, eq);
strcat (find, user);
/* Iterate through each attribute in the entry. */ strcat (find, sep);
for ( a = ldap_first_attribute( ld, e, &ber ); strcat (find, ldapdn);
a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
if ((vals = ldap_get_values( ld, e, a)) != NULL ) { strcat (sr, yubi_attr);
for ( i = 0; vals[i] != NULL; i++ ) { strcat (sr, sren);
if (!strncmp (token_id, vals[i], strlen (token_id))) {
D (("Token Found :: %s",vals[i] )); /* Get a handle to an LDAP connection. */
retval = 1; if ((ld = ldap_init (ldapserver, PORT_NUMBER)) == NULL)
} {
} D (("ldap_init"));
ldap_value_free( vals ); return (0);
}
ldap_memfree( a );
}
if ( ber != NULL ) {
ber_free( ber, 0 );
} }
} /* Bind anonymously to the LDAP server. */
rc = ldap_simple_bind_s (ld, NULL, NULL);
if (rc != LDAP_SUCCESS)
{
D (("ldap_simple_bind_s: %s", ldap_err2string (rc)));
return (0);
}
ldap_msgfree( result ); /* Search for the entry. */
ldap_unbind( ld ); D (("ldap-dn: %s", find));
D (("ldap-filter: %s", sr));
if ((rc = ldap_search_ext_s (ld, find, LDAP_SCOPE_BASE,
sr, NULL, 0, NULL, NULL, LDAP_NO_LIMIT,
LDAP_NO_LIMIT, &result)) != LDAP_SUCCESS)
{
D (("ldap_search_ext_s: %s", ldap_err2string (rc)));
return (0);
}
e = ldap_first_entry (ld, result);
if (e != NULL)
{
/* Iterate through each attribute in the entry. */
for (a = ldap_first_attribute (ld, e, &ber);
a != NULL; a = ldap_next_attribute (ld, e, ber))
{
if ((vals = ldap_get_values (ld, e, a)) != NULL)
{
for (i = 0; vals[i] != NULL; i++)
{
if (!strncmp (token_id, vals[i], strlen (token_id)))
{
D (("Token Found :: %s", vals[i]));
retval = 1;
}
}
ldap_value_free (vals);
}
ldap_memfree (a);
}
if (ber != NULL)
{
ber_free (ber, 0);
}
}
ldap_msgfree (result);
ldap_unbind (ld);
#else #else
D (("Trying to use LDAP, but this function is not compiled in pam_yubico!!")); D (("Trying to use LDAP, but this function is not compiled in pam_yubico!!"));
D (("Install libldap-dev and then recompile pam_yubico.")); D (("Install libldap-dev and then recompile pam_yubico."));
@ -349,10 +360,10 @@ pam_sm_authenticate (pam_handle_t * pamh,
D (("debug=%d", debug)); D (("debug=%d", debug));
D (("alwaysok=%d", alwaysok)); D (("alwaysok=%d", alwaysok));
D (("authfile=%s", auth_file ? auth_file : "(null)")); D (("authfile=%s", auth_file ? auth_file : "(null)"));
D (("ldapserver=%s", ldapserver)); D (("ldapserver=%s", ldapserver ? ldapserver : "(null")));
D (("ldapdn=%s", ldapdn)); D (("ldapdn=%s", ldapdn ? ldapdn : "(null")));
D (("user_attr=%s", user_attr)); D (("user_attr=%s", user_attr ? user_attr : "(null)"));
D (("yubi_attr=%s", yubi_attr)); D (("yubi_attr=%s", yubi_attr ? yubi_attr : "(null)"));
} }
retval = pam_get_user (pamh, &user, NULL); retval = pam_get_user (pamh, &user, NULL);
@ -475,15 +486,20 @@ pam_sm_authenticate (pam_handle_t * pamh,
} }
/* validate the user with supplied token id */ /* validate the user with supplied token id */
if(ldapserver!=NULL) { if (ldapserver != NULL)
valid_token = validate_user_token_ldap ((const char *) ldapserver, {
(const char *) ldapdn, (const char *) user_attr, valid_token = validate_user_token_ldap ((const char *) ldapserver,
(const char *) yubi_attr, (const char *) user, (const char *) ldapdn,
(const char *) token_id); (const char *) user_attr,
} else { (const char *) yubi_attr,
valid_token = validate_user_token (auth_file, (const char *) user, (const char *) user,
(const char *) token_id); (const char *) token_id);
} }
else
{
valid_token = validate_user_token (auth_file, (const char *) user,
(const char *) token_id);
}
if (password != NULL) if (password != NULL)
{ {
retval = pam_set_item (pamh, PAM_AUTHTOK, password); retval = pam_set_item (pamh, PAM_AUTHTOK, password);