mirror of
https://github.com/Yubico/yubico-pam.git
synced 2025-02-26 21:54:15 +01:00
Merge branch 'feature/ldap_refactor'
Conflicts: pam_yubico.c
This commit is contained in:
Klas Lindfors
commit
8241cd0423
22
README
22
README
@ -338,3 +338,25 @@ logins, add the following to the top of `/etc/pam.d/login`:
|
||||
|
||||
auth sufficient pam_yubico.so id=16 debug
|
||||
|
||||
OpenVPN and ActiveDirectory
|
||||
---------------------------
|
||||
|
||||
create file '/etc/pam.d/openvpn':
|
||||
|
||||
auth required pam_yubico.so ldap_uri=ldap://ldap-srv debug id=19 yubi_attr=pager
|
||||
ldapdn=dc=ad,dc=next-audience,dc=net
|
||||
ldap_filter=(&(sAMAccountName=%u)(memberOf=CN=mygroup,OU=DefaultUser,DC=adivser,DC=net))
|
||||
ldap_bind_user=bind_user ldap_bind_password=bind_password try_first_pass
|
||||
account required pam_yubico.so
|
||||
|
||||
create file 'openvpn.conf'
|
||||
|
||||
plugin openvpn-plugin-auth-pam.so openvpn
|
||||
|
||||
|
||||
Feedback
|
||||
--------
|
||||
|
||||
If you want to discuss anything related to the Yubico PAM module,
|
||||
please e-mail the mailing list yubico-devel@googlegroups.com.
|
||||
|
||||
|
||||
@ -57,10 +57,10 @@ This argument is used to show the OTP (One Time Password) when it is entered, i.
|
||||
Specify the LDAP server URI (e.g. ldap://localhost).
|
||||
|
||||
*ldap_server*=_server_::
|
||||
Specify the LDAP server host (default LDAP port is used). *Deprecated. Use "ldap_uri" instead.*
|
||||
Specify the LDAP server host (default LDAP port is used). *Deprecated. Use 'ldap_uri' instead.*
|
||||
|
||||
*ldapdn*=_dn_::
|
||||
The dn where the users are stored (eg: ou=users,dc=domain,dc=com).
|
||||
The dn where the users are stored (eg: ou=users,dc=domain,dc=com). If 'ldap_filter' is used this is the base from which the subtree search will be performed.
|
||||
|
||||
*user_attr*=_attr_::
|
||||
The LDAP attribute used to store user names (eg:cn).
|
||||
@ -74,12 +74,26 @@ The prefix of the LDAP attribute's value, in case of a generic attribute, used t
|
||||
*token_id_length*=_length_::
|
||||
Length of ID prefixing the OTP (this is 12 if using the YubiCloud).
|
||||
|
||||
*ldap_bind_user*=_user_::
|
||||
The user to attempt a LDAP bind as.
|
||||
|
||||
*ldap_bind_password*=_password_::
|
||||
The password to use on LDAP bind.
|
||||
|
||||
*ldap_filter*=_filter_::
|
||||
An ldap filter to use for attempting to find the correct object in LDAP. In this string %u will be replaced with the username.
|
||||
|
||||
*ldap_cacertfile*=_cacertfile_::
|
||||
Ca certfile for the LDAP connection.
|
||||
|
||||
== EXAMPLES
|
||||
|
||||
auth sufficient pam_yubico.so id=16 debug
|
||||
|
||||
auth required pam_yubico.so mode=challenge-response
|
||||
|
||||
auth required pam_yubico.so id=16 ldap_uri=ldaps://ldap.example.com ldap_filter=(uid=%u) yubi_attr=yubiKeyId
|
||||
|
||||
== BUGS
|
||||
Report yubico-pam bugs in the issue tracker: https://github.com/Yubico/yubico-pam/issues
|
||||
|
||||
|
||||
134
pam_yubico.c
134
pam_yubico.c
@ -113,6 +113,10 @@ struct cfg
|
||||
const char *urllist;
|
||||
const char *ldapserver;
|
||||
const char *ldap_uri;
|
||||
const char *ldap_bind_user;
|
||||
const char *ldap_bind_password;
|
||||
const char *ldap_filter;
|
||||
const char *ldap_cacertfile;
|
||||
const char *ldapdn;
|
||||
const char *user_attr;
|
||||
const char *yubi_attr;
|
||||
@ -193,8 +197,10 @@ free_out:
|
||||
* This function will look in ldap id the token correspond to the
|
||||
* requested user. It will returns 0 for failure and 1 for success.
|
||||
*
|
||||
* For the moment ldaps is not supported. ldap serve can be on a
|
||||
* remote host.
|
||||
* ldaps is only supported for ldap_uri based connections.
|
||||
* ldap_cacertfile usually needs to be set for this to work.
|
||||
*
|
||||
* ldap serve can be on a remote host.
|
||||
*
|
||||
* You need the following parameters in you pam config:
|
||||
* ldapserver= OR ldap_uri=
|
||||
@ -202,6 +208,9 @@ free_out:
|
||||
* user_attr=
|
||||
* yubi_attr=
|
||||
*
|
||||
* If using ldap_uri, you can specify multiple failover hosts
|
||||
* eg.
|
||||
* ldap_uri=ldaps://host1.fqdn.example.com,ldaps://host2.fqdn.example.com
|
||||
*/
|
||||
static int
|
||||
authorize_user_token_ldap (struct cfg *cfg,
|
||||
@ -222,21 +231,18 @@ authorize_user_token_ldap (struct cfg *cfg,
|
||||
struct berval **vals;
|
||||
int i, rc;
|
||||
|
||||
char *filter = NULL;
|
||||
char *find = NULL;
|
||||
int scope = LDAP_SCOPE_BASE;
|
||||
#endif
|
||||
DBG(("called"));
|
||||
#ifdef HAVE_LIBLDAP
|
||||
|
||||
if (cfg->user_attr == NULL) {
|
||||
DBG (("Trying to look up user to YubiKey mapping in LDAP, but user_attr not set!"));
|
||||
return 0;
|
||||
}
|
||||
if (cfg->yubi_attr == NULL) {
|
||||
DBG (("Trying to look up user to YubiKey mapping in LDAP, but yubi_attr not set!"));
|
||||
return 0;
|
||||
}
|
||||
if (cfg->ldapdn == NULL) {
|
||||
DBG (("Trying to look up user to YubiKey mapping in LDAP, but ldapdn not set!"));
|
||||
if (cfg->user_attr && cfg->ldapdn == NULL) {
|
||||
DBG (("Trying to look up user to YubiKey mapping in LDAP, user_attr set but ldapdn not set!"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -246,7 +252,7 @@ authorize_user_token_ldap (struct cfg *cfg,
|
||||
rc = ldap_initialize (&ld, cfg->ldap_uri);
|
||||
if (rc != LDAP_SUCCESS)
|
||||
{
|
||||
DBG (("ldap_init: %s", ldap_err2string (rc)));
|
||||
DBG (("ldap_initialize: %s", ldap_err2string (rc)));
|
||||
retval = 0;
|
||||
goto done;
|
||||
}
|
||||
@ -261,10 +267,21 @@ authorize_user_token_ldap (struct cfg *cfg,
|
||||
}
|
||||
}
|
||||
|
||||
ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
|
||||
ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &protocol);
|
||||
|
||||
if (cfg->ldap_uri && cfg->ldap_cacertfile) {
|
||||
/* Set CA CERTFILE. This makes ldaps work when using ldap_uri */
|
||||
ldap_set_option (0, LDAP_OPT_X_TLS_CACERTFILE, cfg->ldap_cacertfile);
|
||||
}
|
||||
/* Bind anonymously to the LDAP server. */
|
||||
if (cfg->ldap_bind_user && cfg->ldap_bind_password) {
|
||||
DBG (("try bind with: %s:[%s]", cfg->ldap_bind_user, cfg->ldap_bind_password));
|
||||
rc = ldap_simple_bind_s (ld, cfg->ldap_bind_user, cfg->ldap_bind_password);
|
||||
} else {
|
||||
DBG (("try bind anonymous"));
|
||||
rc = ldap_simple_bind_s (ld, NULL, NULL);
|
||||
}
|
||||
if (rc != LDAP_SUCCESS)
|
||||
{
|
||||
DBG (("ldap_simple_bind_s: %s", ldap_err2string (rc)));
|
||||
@ -273,22 +290,30 @@ authorize_user_token_ldap (struct cfg *cfg,
|
||||
}
|
||||
|
||||
/* Allocation of memory for search strings depending on input size */
|
||||
if (cfg->user_attr && cfg->yubi_attr && cfg->ldapdn) {
|
||||
i = (strlen(cfg->user_attr) + strlen(cfg->ldapdn) + strlen(user) + 3) * sizeof(char);
|
||||
if ((find = malloc(i)) == NULL) {
|
||||
DBG (("Failed allocating %i bytes", i));
|
||||
retval = 0;
|
||||
goto done;
|
||||
}
|
||||
|
||||
sprintf (find, "%s=%s,%s", cfg->user_attr, user, cfg->ldapdn);
|
||||
|
||||
filter = NULL;
|
||||
} else if (cfg->ldapdn) {
|
||||
find = strdup(cfg->ldapdn); /* allow free later */
|
||||
}
|
||||
if (cfg->ldap_filter) {
|
||||
filter = filter_printf(cfg->ldap_filter, user);
|
||||
scope = LDAP_SCOPE_SUBTREE;
|
||||
}
|
||||
attrs[0] = (char *) cfg->yubi_attr;
|
||||
|
||||
DBG(("LDAP : look up object '%s', ask for attribute '%s'", find, cfg->yubi_attr));
|
||||
DBG(("LDAP : look up object base='%s' filter='%s', ask for attribute '%s'", find,
|
||||
filter ? filter:"(null)", cfg->yubi_attr));
|
||||
|
||||
/* Search for the entry. */
|
||||
if ((rc = ldap_search_ext_s (ld, find, LDAP_SCOPE_BASE,
|
||||
NULL, attrs, 0, NULL, NULL, LDAP_NO_LIMIT,
|
||||
if ((rc = ldap_search_ext_s (ld, find, scope,
|
||||
filter, attrs, 0, NULL, NULL, LDAP_NO_LIMIT,
|
||||
LDAP_NO_LIMIT, &result)) != LDAP_SUCCESS)
|
||||
{
|
||||
DBG (("ldap_search_ext_s: %s", ldap_err2string (rc)));
|
||||
@ -312,16 +337,16 @@ authorize_user_token_ldap (struct cfg *cfg,
|
||||
{
|
||||
if ((vals = ldap_get_values_len (ld, e, a)) != NULL)
|
||||
{
|
||||
DBG(("LDAP : Found %i values - checking if any of them match '%s%s'",
|
||||
ldap_count_values_len(vals),
|
||||
cfg->yubi_attr_prefix ? cfg->yubi_attr_prefix : "",
|
||||
token_id));
|
||||
|
||||
yubi_attr_prefix_len = cfg->yubi_attr_prefix ? strlen(cfg->yubi_attr_prefix) : 0;
|
||||
|
||||
/* Compare each value for the attribute against the token id. */
|
||||
for (i = 0; vals[i] != NULL; i++)
|
||||
{
|
||||
DBG(("LDAP : Found %i values - checking if any of them match '%s:%s:%s'",
|
||||
ldap_count_values_len(vals),
|
||||
vals[i]->bv_val,
|
||||
cfg->yubi_attr_prefix ? cfg->yubi_attr_prefix : "", token_id));
|
||||
|
||||
/* Only values containing this prefix are considered. */
|
||||
if ((!cfg->yubi_attr_prefix || !strncmp (cfg->yubi_attr_prefix, vals[i]->bv_val, yubi_attr_prefix_len)))
|
||||
{
|
||||
@ -349,6 +374,8 @@ authorize_user_token_ldap (struct cfg *cfg,
|
||||
/* free memory allocated for search strings */
|
||||
if (find != NULL)
|
||||
free(find);
|
||||
if (filter != NULL)
|
||||
free(filter);
|
||||
|
||||
#else
|
||||
DBG (("Trying to use LDAP, but this function is not compiled in pam_yubico!!"));
|
||||
@ -671,6 +698,14 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
|
||||
cfg->ldapserver = argv[i] + 11;
|
||||
if (strncmp (argv[i], "ldap_uri=", 9) == 0)
|
||||
cfg->ldap_uri = argv[i] + 9;
|
||||
if (strncmp (argv[i], "ldap_bind_user=", 15) == 0)
|
||||
cfg->ldap_bind_user = argv[i] + 15;
|
||||
if (strncmp (argv[i], "ldap_bind_password=", 19) == 0)
|
||||
cfg->ldap_bind_password = argv[i] + 19;
|
||||
if (strncmp (argv[i], "ldap_filter=", 12) == 0)
|
||||
cfg->ldap_filter = argv[i] + 12;
|
||||
if (strncmp (argv[i], "ldap_cacertfile=", 16) == 0)
|
||||
cfg->ldap_cacertfile = argv[i] + 16;
|
||||
if (strncmp (argv[i], "ldapdn=", 7) == 0)
|
||||
cfg->ldapdn = argv[i] + 7;
|
||||
if (strncmp (argv[i], "user_attr=", 10) == 0)
|
||||
@ -705,6 +740,10 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
|
||||
D (("authfile=%s", cfg->auth_file ? cfg->auth_file : "(null)"));
|
||||
D (("ldapserver=%s", cfg->ldapserver ? cfg->ldapserver : "(null)"));
|
||||
D (("ldap_uri=%s", cfg->ldap_uri ? cfg->ldap_uri : "(null)"));
|
||||
D (("ldap_bind_user=%s", cfg->ldap_bind_user ? cfg->ldap_bind_user : "(null)"));
|
||||
D (("ldap_bind_password=%s", cfg->ldap_bind_password ? cfg->ldap_bind_password : "(null)"));
|
||||
D (("ldap_filter=%s", cfg->ldap_filter ? cfg->ldap_filter : "(null)"));
|
||||
D (("ldap_cacertfile=%s", cfg->ldap_cacertfile ? cfg->ldap_cacertfile : "(null)"));
|
||||
D (("ldapdn=%s", cfg->ldapdn ? cfg->ldapdn : "(null)"));
|
||||
D (("user_attr=%s", cfg->user_attr ? cfg->user_attr : "(null)"));
|
||||
D (("yubi_attr=%s", cfg->yubi_attr ? cfg->yubi_attr : "(null)"));
|
||||
@ -741,6 +780,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
||||
size_t templates = 0;
|
||||
char *urls[10];
|
||||
char *tmpurl = NULL;
|
||||
char *onlypasswd = NULL;
|
||||
|
||||
parse_cfg (flags, argc, argv, cfg);
|
||||
|
||||
@ -936,7 +976,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
||||
/* user entered their system password followed by generated OTP? */
|
||||
if (password_len > TOKEN_OTP_LEN + cfg->token_id_length)
|
||||
{
|
||||
char *onlypasswd = strdup (password);
|
||||
onlypasswd = strdup (password);
|
||||
|
||||
if (! onlypasswd) {
|
||||
retval = PAM_BUF_ERR;
|
||||
@ -949,7 +989,6 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
||||
"setting item PAM_AUTHTOK"));
|
||||
|
||||
retval = pam_set_item (pamh, PAM_AUTHTOK, onlypasswd);
|
||||
free (onlypasswd);
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
DBG (("set_item returned error: %s", pam_strerror (pamh, retval)));
|
||||
@ -1008,6 +1047,8 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
||||
}
|
||||
|
||||
done:
|
||||
if (onlypasswd)
|
||||
free(onlypasswd);
|
||||
if (templates > 0)
|
||||
{
|
||||
size_t i;
|
||||
@ -1029,7 +1070,7 @@ done:
|
||||
retval = PAM_SUCCESS;
|
||||
}
|
||||
DBG (("done. [%s]", pam_strerror (pamh, retval)));
|
||||
pam_set_data (pamh, "yubico_setcred_return", (void*) (intptr_t) retval, NULL);
|
||||
pam_set_data (pamh, "yubico_setcred_return", (void*)(intptr_t)retval, NULL);
|
||||
|
||||
if (resp)
|
||||
{
|
||||
@ -1047,16 +1088,55 @@ pam_sm_setcred (pam_handle_t * pamh, int flags, int argc, const char **argv)
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
||||
{
|
||||
int retval;
|
||||
int rc = pam_get_data(pamh, "yubico_setcred_return", (const void**)&retval);
|
||||
if (rc == PAM_SUCCESS && retval == PAM_SUCCESS) {
|
||||
D (("pam_sm_acct_mgmt returing PAM_SUCCESS"));
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
D (("pam_sm_acct_mgmt returing PAM_AUTH_ERR:%d", rc));
|
||||
return PAM_AUTH_ERR;
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_open_session(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
|
||||
D(("pam_sm_open_session"));
|
||||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_close_session(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
D(("pam_sm_close_session"));
|
||||
return (PAM_SUCCESS);
|
||||
}
|
||||
|
||||
PAM_EXTERN int
|
||||
pam_sm_chauthtok(pam_handle_t *pamh, int flags,
|
||||
int argc, const char *argv[])
|
||||
{
|
||||
D(("pam_sm_chauthtok"));
|
||||
return (PAM_SERVICE_ERR);
|
||||
}
|
||||
|
||||
|
||||
#ifdef PAM_STATIC
|
||||
|
||||
struct pam_module _pam_yubico_modstruct = {
|
||||
"pam_yubico",
|
||||
pam_sm_authenticate,
|
||||
pam_sm_setcred,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL
|
||||
pam_sm_acct_mgmt,
|
||||
pam_sm_open_session,
|
||||
pam_sm_close_session,
|
||||
pam_sm_chauthtok
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
@ -43,8 +43,9 @@ use constant RESULT_OK => {
|
||||
};
|
||||
|
||||
my %objects = (
|
||||
'uid=foo,ou=users,dc=example,dc=com' => ['vvincredible'],
|
||||
'uid=test,ou=users,dc=example,dc=com' =>['cccccccfhcbe', 'ccccccbchvth'],
|
||||
'base=uid=foo,ou=users,dc=example,dc=com' => {keys => ['vvincredible']},
|
||||
'base=uid=test,ou=users,dc=example,dc=com' => {keys => ['cccccccfhcbe', 'ccccccbchvth']},
|
||||
'sub:base=:(uid=test)' => {keys => ['cccccccfhcbe', 'ccccccbchvth'], dn => 'uid=test,out=users,dc=example,dc=com'},
|
||||
);
|
||||
|
||||
sub bind {
|
||||
@ -56,14 +57,22 @@ sub bind {
|
||||
sub search {
|
||||
my $self = shift;
|
||||
my $reqData = shift;
|
||||
my $base = $reqData->{'baseObject'};
|
||||
my $id = $objects{$base};
|
||||
my $id;
|
||||
my $base;
|
||||
if($reqData->{'scope'} == 0) {
|
||||
$base = $reqData->{'baseObject'};
|
||||
$id = $objects{'base=' . $base};
|
||||
} elsif($reqData->{'scope'} == 2) {
|
||||
my $match = $reqData->{'filter'}->{'equalityMatch'};
|
||||
$id = $objects{'sub:base=' . $reqData->{'baseObject'} . ':(' . $match->{'attributeDesc'} . '=' . $match->{'assertionValue'} . ')'};
|
||||
$base = $id->{'dn'};
|
||||
}
|
||||
my @entries;
|
||||
if($id) {
|
||||
my $entry = Net::LDAP::Entry->new;
|
||||
$entry->dn($base);
|
||||
$entry->add(objectClass => [ "person" ]);
|
||||
$entry->add(yubiKeyId => $id);
|
||||
$entry->add(yubiKeyId => $id->{'keys'});
|
||||
push @entries, $entry;
|
||||
}
|
||||
return RESULT_OK, @entries;
|
||||
|
||||
@ -63,7 +63,6 @@ static struct data {
|
||||
static const char *ldap_cfg[] = {
|
||||
"id=1",
|
||||
"urllist=http://localhost:"YKVAL_PORT2"/wsapi/2/verify;http://localhost:"YKVAL_PORT1"/wsapi/2/verify",
|
||||
"authfile="AUTHFILE,
|
||||
"ldap_uri=ldap://localhost:"LDAP_PORT,
|
||||
"ldapdn=ou=users,dc=example,dc=com",
|
||||
"user_attr=uid",
|
||||
@ -71,6 +70,15 @@ static const char *ldap_cfg[] = {
|
||||
"debug"
|
||||
};
|
||||
|
||||
static const char *ldap_cfg2[] = {
|
||||
"id=1",
|
||||
"urllist=http://localhost:"YKVAL_PORT1"/wsapi/2/verify;http://localhost:"YKVAL_PORT2"/wsapi/2/verify",
|
||||
"ldap_uri=ldap://localhost:"LDAP_PORT,
|
||||
"ldap_filter=(uid=%u)",
|
||||
"yubi_attr=yubiKeyId",
|
||||
"debug"
|
||||
};
|
||||
|
||||
static const struct data *test_get_data(void *id) {
|
||||
return &_data[(long)id];
|
||||
}
|
||||
@ -212,6 +220,10 @@ static int test_authenticate_ldap2(void) {
|
||||
return pam_sm_authenticate(4, 0, sizeof(ldap_cfg) / sizeof(char*), ldap_cfg);
|
||||
}
|
||||
|
||||
static int test_authenticate_ldap3(void) {
|
||||
return pam_sm_authenticate(4, 0, sizeof(ldap_cfg2) / sizeof(char*), ldap_cfg2);
|
||||
}
|
||||
|
||||
static pid_t run_mock(const char *port, const char *type) {
|
||||
pid_t pid = fork();
|
||||
if(pid == 0) {
|
||||
@ -251,28 +263,32 @@ int main(void) {
|
||||
ret = 5;
|
||||
goto out;
|
||||
}
|
||||
#ifdef HAVE_LIBLDAP
|
||||
if(test_authenticate_ldap1() != PAM_SUCCESS) {
|
||||
if(test_authenticate3() != PAM_SUCCESS) {
|
||||
ret = 6;
|
||||
goto out;
|
||||
}
|
||||
#ifdef HAVE_LIBLDAP
|
||||
if(test_authenticate_ldap1() != PAM_SUCCESS) {
|
||||
ret = 1001;
|
||||
goto out;
|
||||
}
|
||||
if(test_authenticate_ldap_fail1() != PAM_USER_UNKNOWN) {
|
||||
ret = 7;
|
||||
ret = 1002;
|
||||
goto out;
|
||||
}
|
||||
if(test_authenticate_ldap_fail2() != PAM_AUTH_ERR) {
|
||||
ret = 8;
|
||||
ret = 1003;
|
||||
goto out;
|
||||
}
|
||||
if(test_authenticate_ldap2() != PAM_SUCCESS) {
|
||||
ret = 9;
|
||||
ret = 1004;
|
||||
goto out;
|
||||
}
|
||||
if(test_authenticate_ldap3() != PAM_SUCCESS) {
|
||||
ret = 1005;
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
if(test_authenticate3() != PAM_SUCCESS) {
|
||||
ret = 10;
|
||||
goto out;
|
||||
}
|
||||
|
||||
out:
|
||||
kill(child, 9);
|
||||
|
||||
@ -125,7 +125,27 @@ static void test_load_chalresp_state(void) {
|
||||
|
||||
#endif /* HAVE_CR */
|
||||
|
||||
static void test_filter_printf(void) {
|
||||
assert(filter_result_len("meno %u", "doof", NULL) == 10);
|
||||
assert(filter_result_len("meno %u %u", "doof", NULL) == 15);
|
||||
assert(filter_result_len("%u meno %u", "doof", NULL) == 15);
|
||||
assert(filter_result_len("%u me %u no %u", "doof", NULL) == 21);
|
||||
assert(filter_result_len("meno %w %%u", "doof", NULL) == 14);
|
||||
assert(filter_result_len("meno %w %%u meno", "doof", NULL) == 19);
|
||||
assert(filter_result_len("meno ", "doof", NULL) == 6);
|
||||
|
||||
assert(!strcmp(filter_printf("meno %u", "doof"), "meno doof"));
|
||||
assert(!strcmp(filter_printf("meno %u %u", "doof"), "meno doof doof"));
|
||||
assert(!strcmp(filter_printf("%u meno %u", "doof"), "doof meno doof"));
|
||||
assert(!strcmp(filter_printf("%u me %u no %u", "doof"), "doof me doof no doof"));
|
||||
assert(!strcmp(filter_printf("meno %w %%u", "doof"), "meno %w %doof"));
|
||||
assert(!strcmp(filter_printf("meno %w %%u meno", "doof"), "meno %w %doof meno"));
|
||||
assert(!strcmp(filter_printf("meno ", "doof"), "meno "));
|
||||
printf("test_filter_printf OK\n");
|
||||
}
|
||||
|
||||
int main (void) {
|
||||
test_filter_printf();
|
||||
test_get_user_cfgfile_path();
|
||||
test_check_user_token();
|
||||
#if HAVE_CR
|
||||
|
||||
44
util.c
44
util.c
@ -35,6 +35,9 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <pwd.h>
|
||||
#include <unistd.h>
|
||||
|
||||
@ -461,3 +464,44 @@ write_chalresp_state(FILE *f, CR_STATE *state)
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_CR */
|
||||
|
||||
size_t filter_result_len(const char *filter, const char *user, char *output) {
|
||||
const char *part = NULL;
|
||||
size_t result = 0;
|
||||
do
|
||||
{
|
||||
size_t len;
|
||||
part = strstr(filter, "%u");
|
||||
if(part)
|
||||
len = part - filter;
|
||||
else
|
||||
len = strlen(filter);
|
||||
if (output)
|
||||
{
|
||||
strncpy(output, filter, len);
|
||||
output += len;
|
||||
}
|
||||
result += len;
|
||||
filter += len + 2;
|
||||
if(part)
|
||||
{
|
||||
if(output)
|
||||
{
|
||||
strncpy(output, user, strlen(user));
|
||||
output += strlen(user);
|
||||
}
|
||||
result += strlen(user);
|
||||
}
|
||||
}
|
||||
while(part);
|
||||
|
||||
if(output)
|
||||
*output = '\0';
|
||||
return(result + 1);
|
||||
}
|
||||
|
||||
char *filter_printf(const char *filter, const char *user) {
|
||||
char *result = malloc(filter_result_len(filter, user, NULL));
|
||||
filter_result_len(filter, user, result);
|
||||
return result;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user