rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-07 18:54:20 +01:00
Code Issues Projects Releases Wiki Activity

adding yubi_prefix parameter, when looking for token_id in ldap

Browse Source
This commit is contained in:
Remi Mollon 2012-01-18 17:04:58 +01:00
parent d5978df794
commit b42307d169
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pam_yubico.c
View File

@ -109,6 +109,7 @@ struct cfg
char *ldapdn; char *ldapdn;
char *user_attr; char *user_attr;
char *yubi_attr; char *yubi_attr;
char *yubi_prefix;
int token_id_length; int token_id_length;
enum key_mode mode; enum key_mode mode;
char *chalresp_path; char *chalresp_path;
@ -278,6 +279,7 @@ authorize_user_token_ldap (struct cfg *cfg,
int retval = 0; int retval = 0;
int protocol; int protocol;
#ifdef HAVE_LIBLDAP #ifdef HAVE_LIBLDAP
int yubi_prefix_len = 0;
LDAP *ld = NULL; LDAP *ld = NULL;
LDAPMessage *result = NULL, *e; LDAPMessage *result = NULL, *e;
BerElement *ber; BerElement *ber;
@ -374,17 +376,22 @@ authorize_user_token_ldap (struct cfg *cfg,
{ {
if ((vals = ldap_get_values_len (ld, e, a)) != NULL) if ((vals = ldap_get_values_len (ld, e, a)) != NULL)
{ {
yubi_prefix_len = cfg->yubi_prefix ? strlen(cfg->yubi_prefix) : 0;
/* Compare each value for the attribute against the token id. */ /* Compare each value for the attribute against the token id. */
for (i = 0; vals[i] != NULL; i++) for (i = 0; vals[i] != NULL; i++)
{ {
if (!strncmp (token_id, vals[i]->bv_val, strlen (token_id))) if ((!cfg->yubi_prefix || !strncmp (cfg->yubi_prefix, vals[i]->bv_val, yubi_prefix_len)))
{ {
DBG (("Token Found :: %s", vals[i]->bv_val)); if(!strncmp (token_id, vals[i]->bv_val + yubi_prefix_len, strlen (token_id)))
{
DBG (("Token Found :: %s", vals[i]->bv_val + yubi_prefix_len));
retval = 1; retval = 1;
} }
else else
{ {
DBG (("No match : (%s) %s != %s", a, vals[i]->bv_val, token_id)); DBG (("No match : (%s) %s != %s", a, vals[i]->bv_val + yubi_prefix_len, token_id));
}
} }
} }
ldap_value_free_len (vals); ldap_value_free_len (vals);
@ -692,6 +699,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
cfg->user_attr = (char *) argv[i] + 10; cfg->user_attr = (char *) argv[i] + 10;
if (strncmp (argv[i], "yubi_attr=", 10) == 0) if (strncmp (argv[i], "yubi_attr=", 10) == 0)
cfg->yubi_attr = (char *) argv[i] + 10; cfg->yubi_attr = (char *) argv[i] + 10;
if (strncmp (argv[i], "yubi_prefix=", 12) == 0)
cfg->yubi_prefix = (char *) argv[i] + 12;
if (strncmp (argv[i], "token_id_length=", 16) == 0) if (strncmp (argv[i], "token_id_length=", 16) == 0)
sscanf (argv[i], "token_id_length=%d", &cfg->token_id_length); sscanf (argv[i], "token_id_length=%d", &cfg->token_id_length);
if (strcmp (argv[i], "mode=challenge-response") == 0) if (strcmp (argv[i], "mode=challenge-response") == 0)
@ -721,6 +730,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
D (("ldapdn=%s", cfg->ldapdn ? cfg->ldapdn : "(null)")); D (("ldapdn=%s", cfg->ldapdn ? cfg->ldapdn : "(null)"));
D (("user_attr=%s", cfg->user_attr ? cfg->user_attr : "(null)")); D (("user_attr=%s", cfg->user_attr ? cfg->user_attr : "(null)"));
D (("yubi_attr=%s", cfg->yubi_attr ? cfg->yubi_attr : "(null)")); D (("yubi_attr=%s", cfg->yubi_attr ? cfg->yubi_attr : "(null)"));
D (("yubi_prefix=%s", cfg->yubi_prefix ? cfg->yubi_prefix : "(null)"));
D (("url=%s", cfg->url ? cfg->url : "(null)")); D (("url=%s", cfg->url ? cfg->url : "(null)"));
D (("capath=%s", cfg->capath ? cfg->capath : "(null)")); D (("capath=%s", cfg->capath ? cfg->capath : "(null)"));
D (("token_id_length=%d", cfg->token_id_length)); D (("token_id_length=%d", cfg->token_id_length));