Attachment #4474 for bug #27727

View | Details | Raw Unified | Return to bug 27727
Collapse All | Expand All

(-)a/branches/ucs-3.0/ucs/base/pam-univentionmailcyrus/Makefile (-1 / +1 lines)

Lines 34-40 TITLE=pam_univentionmailcyrus	Link Here

DYNAMIC_LIBPAM=yes

DYNAMIC_LIBPAM=yes

MKDIR=mkdir -p

MKDIR=mkdir -p

CFLAGS=-O2 -D_GNU_SOURCE -D_REENTRANT -DLINUX_PAM  -Wall -fPIC -Dlinux

CFLAGS=-O2 -D_GNU_SOURCE -D_REENTRANT -DLINUX_PAM  -Wall -fPIC -Dlinux -Werror

DYNAMIC=-DPAM_DYNAMIC

DYNAMIC=-DPAM_DYNAMIC

CPPFLAGS=

CPPFLAGS=

TARGET_ARCH=-Di386

TARGET_ARCH=-Di386




pam-univentionmailcyrus (4.0.4-1) unstable; urgency=low

  * mapuser(): (Bug #27727)
    - Fix memory leak by calling univention_ldap_close()
    - Fix formatstring for printing filter
    - Replace deprecated ldap_*() functions with ldap_*_ext()
  * pam_univentionmailcyrus.c: Reformat for consistency.
  * Makefile: Add -Werror for fail on warning.

 -- Philipp Hahn <hahn@univention.de>  Fri, 22 Jun 2012 16:52:07 +0200

pam-univentionmailcyrus (4.0.3-1) unstable; urgency=low

  * close filescriptor after reading machine.secret (Bug #27723)

(-)a/branches/ucs-3.0/ucs/base/pam-univentionmailcyrus/pam_univentionmailcyrus.c (-47 / +53 lines)

Lines 2-8	Link Here

 * PAM Univention Mail Cyrus

 * PAM Univention Mail Cyrus

 *  PAM Module to change username from email@address.com to username

 *  PAM Module to change username from email@address.com to username

 * Copyright 2005-2011 Univention GmbH

 * Copyright 2005-2012 Univention GmbH

 * http://www.univention.de/

 * http://www.univention.de/

Lines 65-70 static char bindpw[BUFSIZ];	Link Here

/* some syslogging */

/* some syslogging */

static void _log_err(int err, const char *format, ...)

static void _log_err(int err, const char *format, ...)

    __attribute__ ((format (printf, 2, 3)));

static void _log_err(int err, const char *format, ...)

   va_list args;

   va_list args;

Lines 89-113 static int _pam_parse(int flags, int argc, const char **argv)	Link Here

   /* step through arguments */

   /* step through arguments */

   for (; argc-- > 0; ++argv)

   for (; argc-- > 0; ++argv)

      if (!strcmp(*argv, "silent")) {

      if (!strcmp(*argv, "silent"))

	 ctrl |= UNIVENTIONMAILCYRUS_QUIET;

          ctrl |= UNIVENTIONMAILCYRUS_QUIET;

      } else if (!strncmp(*argv,"ldap_host=",10))

      else if (!strncmp(*argv, "ldap_host=", 10))

	strncpy(ldap_host,*argv+10,BUFSIZ);

          strncpy(ldap_host, *argv + 10, BUFSIZ);

      else if (!strncmp(*argv,"ldap_port=",10))

      else if (!strncmp(*argv, "ldap_port=", 10))

	ldap_port=atoi(*argv+10);

          ldap_port=atoi(*argv + 10);

      else if (!strncmp(*argv,"ldap_base=",10))

100

      else if (!strncmp(*argv, "ldap_base=", 10))

	strncpy(ldap_base,*argv+10,BUFSIZ);

101

          strncpy(ldap_base, *argv + 10, BUFSIZ);

100

      else if (!strncmp(*argv,"from_attr=",10))

102

      else if (!strncmp(*argv, "from_attr=", 10))

101

	strncpy(fromattr,*argv+10,BUFSIZ);

103

          strncpy(fromattr, *argv + 10, BUFSIZ);

102

      else if (!strncmp(*argv,"to_attr=",8))

104

      else if (!strncmp(*argv, "to_attr=", 8))

103

	strncpy(toattr,*argv+8,BUFSIZ);

105

          strncpy(toattr, *argv + 8, BUFSIZ);

104

      else if (!strncmp(*argv,"binddn=",7))

106

      else if (!strncmp(*argv, "binddn=", 7))

105

	strncpy(binddn,*argv+7,BUFSIZ);

107

          strncpy(binddn, *argv + 7, BUFSIZ);

106

      else if (!strncmp(*argv,"pwfile=",7))

108

      else if (!strncmp(*argv, "pwfile=", 7))

107

	strncpy(pwfile,*argv+7,BUFSIZ);

109

          strncpy(pwfile, *argv + 7, BUFSIZ);

108

      else {

110

      else

109

	 _log_err(LOG_ERR, "unknown option; %s", *argv);

111

          _log_err(LOG_ERR, "unknown option: %s", *argv);

110

111

112

113

   /* read password from file */

114

   /* read password from file */

Lines 117-137 static int _pam_parse(int flags, int argc, const char **argv)	Link Here

117

       if (bindpw[len-1] == '\n')

118

       if (bindpw[len-1] == '\n')

118

         bindpw[len-1] = '\0';

119

         bindpw[len-1] = '\0';

119

120

	 fclose(fp);

121

     fclose(fp);

121

122

123

   return ctrl;

124

   return ctrl;

124

125

126

int mapuser(const char *fromuser, char *touser)

127

static int mapuser(const char *fromuser, char *touser)

127

128

   int msgid;

129

   int msgid;

130

   int scope = LDAP_SCOPE_SUBTREE;

129

   char filter[BUFSIZ];

131

   char filter[BUFSIZ];

130

   char *attrs[] = {toattr, NULL};

132

   char *attrs[] = {toattr, NULL};

133

   int attrsonly = 0;

134

   LDAPControl **serverctrls = NULL;

135

   LDAPControl **clientctrls = NULL;

136

   struct timeval timeout = {.tv_sec=10, .tv_usec=0};

137

   int sizelimit = 0;

131

   LDAPMessage *res = NULL, *entry;

138

   LDAPMessage *res = NULL, *entry;

132

   char **values = NULL;

139

   struct berval **values = NULL;

133

   int ret = PAM_SUCCESS;

140

   int ret = PAM_USER_UNKNOWN;

134

   univention_ldap_parameters_t *lp;

141

   univention_ldap_parameters_t *lp;

142

135

   lp = univention_ldap_new();

143

   lp = univention_ldap_new();

136

   lp->host = strdup(ldap_host);

144

   lp->host = strdup(ldap_host);

137

   lp->port = ldap_port;

145

   lp->port = ldap_port;

Lines 144-189 int mapuser(const char fromuser, char touser)	Link Here

144

152

145

   if (univention_ldap_open(lp) != 0) {

153

   if (univention_ldap_open(lp) != 0) {

146

       _log_err(LOG_NOTICE, "Failed to connect to LDAP server %s:%d", ldap_host, ldap_port);

154

       _log_err(LOG_NOTICE, "Failed to connect to LDAP server %s:%d", ldap_host, ldap_port);

147

       ret = PAM_USER_UNKNOWN;

155

       goto cleanup;

148

	   goto cleanup;

149

156

150

   if ((msgid = ldap_search_s(lp->ld, ldap_base, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &res)) != LDAP_SUCCESS) {

157

   if ((msgid = ldap_search_ext_s(lp->ld, ldap_base, scope, filter, attrs,

151

       _log_err(LOG_NOTICE, "Failed to query LDAP server: ", filter);

158

                   attrsonly, serverctrls, clientctrls, &timeout, sizelimit, &res)) != LDAP_SUCCESS) {

152

       ret = PAM_USER_UNKNOWN;

159

       _log_err(LOG_NOTICE, "Failed to query LDAP server: %s", filter);

153

	   goto cleanup;

160

       goto cleanup;

154

161

155

   if (ldap_count_entries(lp->ld, res) != 1) {

162

   if (ldap_count_entries(lp->ld, res) != 1) {

156

       _log_err(LOG_NOTICE, "No or ambigous result, found %d entries.", ldap_count_entries(lp->ld, res));

163

       _log_err(LOG_NOTICE, "No or ambigous result, found %d entries.", ldap_count_entries(lp->ld, res));

157

       ret = PAM_USER_UNKNOWN;

164

       goto cleanup_msg;

158

	   goto cleanup;

159

165

160

   if ((entry = ldap_first_entry(lp->ld, res)) == NULL) {

166

   if ((entry = ldap_first_entry(lp->ld, res)) == NULL) {

161

       _log_err(LOG_NOTICE, "LDAP search returned no entries.");

167

       _log_err(LOG_NOTICE, "LDAP search returned no entries.");

162

       ret = PAM_USER_UNKNOWN;

168

       goto cleanup_msg;

163

	   goto cleanup;

164

169

165

   if ((values = ldap_get_values(lp->ld, entry, toattr)) == NULL) {

170

   if ((values = ldap_get_values_len(lp->ld, entry, toattr)) == NULL) {

166

       _log_err(LOG_NOTICE, "LDAP search returned no values: %s", filter);

171

       _log_err(LOG_NOTICE, "LDAP search returned no values: %s", filter);

167

       ret = PAM_USER_UNKNOWN;

172

       goto cleanup_msg;

168

	   goto cleanup;

169

173

170

   if (ldap_count_values(values) != 1) {

174

   if (ldap_count_values_len(values) != 1) {

171

       _log_err(LOG_NOTICE, "No or ambigous result, found %d values.", ldap_count_values(values));

175

       _log_err(LOG_NOTICE, "No or ambigous result, found %d values.", ldap_count_values_len(values));

172

       ret = PAM_USER_UNKNOWN;

176

       goto cleanup_values;

173

	   goto cleanup;

174

177

175

   strncpy(touser, values[0], BUFSIZ);

178

   strncpy(touser, values[0]->bv_val, BUFSIZ);

179

   ret = PAM_SUCCESS;

176

180

181

cleanup_values:

182

   ldap_value_free_len(values);

183

cleanup_msg:

184

   ldap_msgfree(res);

177

cleanup:

185

cleanup:

178

   if ( values ) ldap_value_free(values);

186

   univention_ldap_close(lp);

179

   if ( res ) ldap_msgfree(res);

180

   if ( lp->ld ) ldap_unbind(lp->ld);

181

   return ret;

187

   return ret;

182

188

183

189

184

PAM_EXTERN

190

PAM_EXTERN

185

int pam_sm_authenticate(pam_handle_t *pamh, int flags,

191

int pam_sm_authenticate(pam_handle_t *pamh, int flags,

186

			int argc, const char **argv)

192

                        int argc, const char **argv)

187

193

188

   int retval, ctrl;

194

   int retval, ctrl;

189

   const char* auth_user;

195

   const char* auth_user;

Lines 214-220 int pam_sm_authenticate(pam_handle_t *pamh, int flags,	Link Here

214

220

215

/* Ignore */

221

/* Ignore */

216

int pam_sm_setcred(pam_handle_t *pamh, int flags, int

222

int pam_sm_setcred(pam_handle_t *pamh, int flags, int

217

		     argc, const char **argv)

223

                   argc, const char **argv)

218

224

219

   return PAM_IGNORE;

225

   return PAM_IGNORE;

220

226

Return to bug 27727