|
2 |
* PAM Univention Mail Cyrus |
2 |
* PAM Univention Mail Cyrus |
3 |
* PAM Module to change username from email@address.com to username |
3 |
* PAM Module to change username from email@address.com to username |
4 |
* |
4 |
* |
5 |
* Copyright 2005-2011 Univention GmbH |
5 |
* Copyright 2005-2012 Univention GmbH |
6 |
* |
6 |
* |
7 |
* http://www.univention.de/ |
7 |
* http://www.univention.de/ |
8 |
* |
8 |
* |
Lines 65-70
static char bindpw[BUFSIZ];
|
Link Here
|
---|
|
65 |
|
65 |
|
66 |
/* some syslogging */ |
66 |
/* some syslogging */ |
67 |
static void _log_err(int err, const char *format, ...) |
67 |
static void _log_err(int err, const char *format, ...) |
|
|
68 |
__attribute__ ((format (printf, 2, 3))); |
69 |
static void _log_err(int err, const char *format, ...) |
68 |
{ |
70 |
{ |
69 |
va_list args; |
71 |
va_list args; |
70 |
|
72 |
|
Lines 89-113
static int _pam_parse(int flags, int argc, const char **argv)
|
Link Here
|
---|
|
89 |
/* step through arguments */ |
91 |
/* step through arguments */ |
90 |
for (; argc-- > 0; ++argv) |
92 |
for (; argc-- > 0; ++argv) |
91 |
{ |
93 |
{ |
92 |
if (!strcmp(*argv, "silent")) { |
94 |
if (!strcmp(*argv, "silent")) |
93 |
ctrl |= UNIVENTIONMAILCYRUS_QUIET; |
95 |
ctrl |= UNIVENTIONMAILCYRUS_QUIET; |
94 |
} else if (!strncmp(*argv,"ldap_host=",10)) |
96 |
else if (!strncmp(*argv, "ldap_host=", 10)) |
95 |
strncpy(ldap_host,*argv+10,BUFSIZ); |
97 |
strncpy(ldap_host, *argv + 10, BUFSIZ); |
96 |
else if (!strncmp(*argv,"ldap_port=",10)) |
98 |
else if (!strncmp(*argv, "ldap_port=", 10)) |
97 |
ldap_port=atoi(*argv+10); |
99 |
ldap_port=atoi(*argv + 10); |
98 |
else if (!strncmp(*argv,"ldap_base=",10)) |
100 |
else if (!strncmp(*argv, "ldap_base=", 10)) |
99 |
strncpy(ldap_base,*argv+10,BUFSIZ); |
101 |
strncpy(ldap_base, *argv + 10, BUFSIZ); |
100 |
else if (!strncmp(*argv,"from_attr=",10)) |
102 |
else if (!strncmp(*argv, "from_attr=", 10)) |
101 |
strncpy(fromattr,*argv+10,BUFSIZ); |
103 |
strncpy(fromattr, *argv + 10, BUFSIZ); |
102 |
else if (!strncmp(*argv,"to_attr=",8)) |
104 |
else if (!strncmp(*argv, "to_attr=", 8)) |
103 |
strncpy(toattr,*argv+8,BUFSIZ); |
105 |
strncpy(toattr, *argv + 8, BUFSIZ); |
104 |
else if (!strncmp(*argv,"binddn=",7)) |
106 |
else if (!strncmp(*argv, "binddn=", 7)) |
105 |
strncpy(binddn,*argv+7,BUFSIZ); |
107 |
strncpy(binddn, *argv + 7, BUFSIZ); |
106 |
else if (!strncmp(*argv,"pwfile=",7)) |
108 |
else if (!strncmp(*argv, "pwfile=", 7)) |
107 |
strncpy(pwfile,*argv+7,BUFSIZ); |
109 |
strncpy(pwfile, *argv + 7, BUFSIZ); |
108 |
else { |
110 |
else |
109 |
_log_err(LOG_ERR, "unknown option; %s", *argv); |
111 |
_log_err(LOG_ERR, "unknown option: %s", *argv); |
110 |
} |
|
|
111 |
} |
112 |
} |
112 |
|
113 |
|
113 |
/* read password from file */ |
114 |
/* read password from file */ |
Lines 117-137
static int _pam_parse(int flags, int argc, const char **argv)
|
Link Here
|
---|
|
117 |
if (bindpw[len-1] == '\n') |
118 |
if (bindpw[len-1] == '\n') |
118 |
bindpw[len-1] = '\0'; |
119 |
bindpw[len-1] = '\0'; |
119 |
} |
120 |
} |
120 |
fclose(fp); |
121 |
fclose(fp); |
121 |
} |
122 |
} |
122 |
|
123 |
|
123 |
return ctrl; |
124 |
return ctrl; |
124 |
} |
125 |
} |
125 |
|
126 |
|
126 |
int mapuser(const char *fromuser, char *touser) |
127 |
static int mapuser(const char *fromuser, char *touser) |
127 |
{ |
128 |
{ |
128 |
int msgid; |
129 |
int msgid; |
|
|
130 |
int scope = LDAP_SCOPE_SUBTREE; |
129 |
char filter[BUFSIZ]; |
131 |
char filter[BUFSIZ]; |
130 |
char *attrs[] = {toattr, NULL}; |
132 |
char *attrs[] = {toattr, NULL}; |
|
|
133 |
int attrsonly = 0; |
134 |
LDAPControl **serverctrls = NULL; |
135 |
LDAPControl **clientctrls = NULL; |
136 |
struct timeval timeout = {.tv_sec=10, .tv_usec=0}; |
137 |
int sizelimit = 0; |
131 |
LDAPMessage *res = NULL, *entry; |
138 |
LDAPMessage *res = NULL, *entry; |
132 |
char **values = NULL; |
139 |
struct berval **values = NULL; |
133 |
int ret = PAM_SUCCESS; |
140 |
int ret = PAM_USER_UNKNOWN; |
134 |
univention_ldap_parameters_t *lp; |
141 |
univention_ldap_parameters_t *lp; |
|
|
142 |
|
135 |
lp = univention_ldap_new(); |
143 |
lp = univention_ldap_new(); |
136 |
lp->host = strdup(ldap_host); |
144 |
lp->host = strdup(ldap_host); |
137 |
lp->port = ldap_port; |
145 |
lp->port = ldap_port; |
Lines 144-189
int mapuser(const char *fromuser, char *touser)
|
Link Here
|
---|
|
144 |
|
152 |
|
145 |
if (univention_ldap_open(lp) != 0) { |
153 |
if (univention_ldap_open(lp) != 0) { |
146 |
_log_err(LOG_NOTICE, "Failed to connect to LDAP server %s:%d", ldap_host, ldap_port); |
154 |
_log_err(LOG_NOTICE, "Failed to connect to LDAP server %s:%d", ldap_host, ldap_port); |
147 |
ret = PAM_USER_UNKNOWN; |
155 |
goto cleanup; |
148 |
goto cleanup; |
|
|
149 |
} |
156 |
} |
150 |
if ((msgid = ldap_search_s(lp->ld, ldap_base, LDAP_SCOPE_SUBTREE, filter, attrs, 0, &res)) != LDAP_SUCCESS) { |
157 |
if ((msgid = ldap_search_ext_s(lp->ld, ldap_base, scope, filter, attrs, |
151 |
_log_err(LOG_NOTICE, "Failed to query LDAP server: ", filter); |
158 |
attrsonly, serverctrls, clientctrls, &timeout, sizelimit, &res)) != LDAP_SUCCESS) { |
152 |
ret = PAM_USER_UNKNOWN; |
159 |
_log_err(LOG_NOTICE, "Failed to query LDAP server: %s", filter); |
153 |
goto cleanup; |
160 |
goto cleanup; |
154 |
} |
161 |
} |
155 |
if (ldap_count_entries(lp->ld, res) != 1) { |
162 |
if (ldap_count_entries(lp->ld, res) != 1) { |
156 |
_log_err(LOG_NOTICE, "No or ambigous result, found %d entries.", ldap_count_entries(lp->ld, res)); |
163 |
_log_err(LOG_NOTICE, "No or ambigous result, found %d entries.", ldap_count_entries(lp->ld, res)); |
157 |
ret = PAM_USER_UNKNOWN; |
164 |
goto cleanup_msg; |
158 |
goto cleanup; |
|
|
159 |
} |
165 |
} |
160 |
if ((entry = ldap_first_entry(lp->ld, res)) == NULL) { |
166 |
if ((entry = ldap_first_entry(lp->ld, res)) == NULL) { |
161 |
_log_err(LOG_NOTICE, "LDAP search returned no entries."); |
167 |
_log_err(LOG_NOTICE, "LDAP search returned no entries."); |
162 |
ret = PAM_USER_UNKNOWN; |
168 |
goto cleanup_msg; |
163 |
goto cleanup; |
|
|
164 |
} |
169 |
} |
165 |
if ((values = ldap_get_values(lp->ld, entry, toattr)) == NULL) { |
170 |
if ((values = ldap_get_values_len(lp->ld, entry, toattr)) == NULL) { |
166 |
_log_err(LOG_NOTICE, "LDAP search returned no values: %s", filter); |
171 |
_log_err(LOG_NOTICE, "LDAP search returned no values: %s", filter); |
167 |
ret = PAM_USER_UNKNOWN; |
172 |
goto cleanup_msg; |
168 |
goto cleanup; |
|
|
169 |
} |
173 |
} |
170 |
if (ldap_count_values(values) != 1) { |
174 |
if (ldap_count_values_len(values) != 1) { |
171 |
_log_err(LOG_NOTICE, "No or ambigous result, found %d values.", ldap_count_values(values)); |
175 |
_log_err(LOG_NOTICE, "No or ambigous result, found %d values.", ldap_count_values_len(values)); |
172 |
ret = PAM_USER_UNKNOWN; |
176 |
goto cleanup_values; |
173 |
goto cleanup; |
|
|
174 |
} |
177 |
} |
175 |
strncpy(touser, values[0], BUFSIZ); |
178 |
strncpy(touser, values[0]->bv_val, BUFSIZ); |
|
|
179 |
ret = PAM_SUCCESS; |
176 |
|
180 |
|
|
|
181 |
cleanup_values: |
182 |
ldap_value_free_len(values); |
183 |
cleanup_msg: |
184 |
ldap_msgfree(res); |
177 |
cleanup: |
185 |
cleanup: |
178 |
if ( values ) ldap_value_free(values); |
186 |
univention_ldap_close(lp); |
179 |
if ( res ) ldap_msgfree(res); |
|
|
180 |
if ( lp->ld ) ldap_unbind(lp->ld); |
181 |
return ret; |
187 |
return ret; |
182 |
} |
188 |
} |
183 |
|
189 |
|
184 |
PAM_EXTERN |
190 |
PAM_EXTERN |
185 |
int pam_sm_authenticate(pam_handle_t *pamh, int flags, |
191 |
int pam_sm_authenticate(pam_handle_t *pamh, int flags, |
186 |
int argc, const char **argv) |
192 |
int argc, const char **argv) |
187 |
{ |
193 |
{ |
188 |
int retval, ctrl; |
194 |
int retval, ctrl; |
189 |
const char* auth_user; |
195 |
const char* auth_user; |
Lines 214-220
int pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
Link Here
|
---|
|
214 |
|
220 |
|
215 |
/* Ignore */ |
221 |
/* Ignore */ |
216 |
int pam_sm_setcred(pam_handle_t *pamh, int flags, int |
222 |
int pam_sm_setcred(pam_handle_t *pamh, int flags, int |
217 |
argc, const char **argv) |
223 |
argc, const char **argv) |
218 |
{ |
224 |
{ |
219 |
return PAM_IGNORE; |
225 |
return PAM_IGNORE; |
220 |
} |
226 |
} |