1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
From 9a3d9a05b2c8790c771c166b42f8b80e76b4b336 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 11/25] patch-src__providers__ldap__sdap_access.c
---
src/providers/ldap/sdap_access.c | 46 +++++++++++++++++++---------------------
1 file changed, 22 insertions(+), 24 deletions(-)
diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
index b198e04..1eaedf7 100644
--- src/providers/ldap/sdap_access.c
+++ src/providers/ldap/sdap_access.c
@@ -22,9 +22,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#define _XOPEN_SOURCE 500 /* for strptime() */
#include <time.h>
-#undef _XOPEN_SOURCE
#include <sys/param.h>
#include <security/pam_modules.h>
#include <talloc.h>
@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq)
pd);
if (req == NULL) {
DEBUG(1, ("Unable to start sdap_access request\n"));
- sdap_access_reply(breq, PAM_SYSTEM_ERR);
+ sdap_access_reply(breq, PAM_SERVICE_ERR);
return;
}
@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
state->be_req = be_req;
state->pd = pd;
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
state->ev = ev;
state->access_ctx = access_ctx;
state->current_rule = 0;
@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str)
return true;
}
+ tzset();
expire_time = mktime(&tm);
if (expire_time == -1) {
DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str));
return true;
}
- tzset();
- expire_time -= timezone;
now = time(NULL);
- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] "
- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0],
- tzname[1], timezone, daylight, now, expire_time));
+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] "
+ "now [%d] expire_time [%d].\n", tzname[0],
+ tzname[1], now, expire_time));
if (difftime(now, expire_time) > 0.0) {
DEBUG(4, ("NDS account expired.\n"));
@@ -662,7 +659,7 @@ static struct tevent_req *sdap_account_expired_send(TALLOC_CTX *mem_ctx,
return NULL;
}
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
SDAP_ACCOUNT_EXPIRE_POLICY);
@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(1, ("Error retrieving access check result.\n"));
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
tevent_req_error(req, ret);
return;
}
@@ -806,7 +803,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
state->filter = NULL;
state->be_req = be_req;
state->username = username;
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
state->sdap_ctx = access_ctx->id_ctx;
state->ev = ev;
state->access_ctx = access_ctx;
@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
false);
if (subreq == NULL) {
DEBUG(1, ("Could not start LDAP communication\n"));
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
tevent_req_error(req, EIO);
return;
}
@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
if (ret == EOK) {
return;
}
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
} else if (dp_error == DP_ERR_OFFLINE) {
sdap_access_filter_decide_offline(req);
} else {
DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n",
ret, strerror(ret)));
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
}
goto done;
@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
else if (results == NULL) {
DEBUG(1, ("num_results > 0, but results is NULL\n"));
ret = EIO;
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
goto done;
}
else if (num_results > 1) {
@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
*/
DEBUG(1, ("Received multiple replies\n"));
ret = EIO;
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
goto done;
}
else { /* Ok, we got a single reply */
@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(1, ("Error retrieving access check result.\n"));
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
tevent_req_error(req, ret);
return;
}
@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(1, ("Error retrieving access check result.\n"));
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
tevent_req_error(req, ret);
return;
}
@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send(
struct ldb_message_element *el;
unsigned int i;
char *host;
- char hostname[HOST_NAME_MAX+1];
+ char hostname[_POSIX_HOST_NAME_MAX + 1];
req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx);
if (!req) {
@@ -1285,11 +1282,12 @@ static struct tevent_req *sdap_access_host_send(
goto done;
}
- if (gethostname(hostname, sizeof(hostname)) == -1) {
+ if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {
DEBUG(1, ("Unable to get system hostname. Access denied\n"));
ret = EOK;
goto done;
}
+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
/* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname
* in some attempt to get aliases and/or FQDN for the machine.
@@ -1365,7 +1363,7 @@ static void sdap_access_host_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(1, ("Error retrieving access check result.\n"));
- state->pam_status = PAM_SYSTEM_ERR;
+ state->pam_status = PAM_SERVICE_ERR;
tevent_req_error(req, ret);
return;
}
@@ -1391,7 +1389,7 @@ sdap_access_recv(struct tevent_req *req, int *pam_status)
static void sdap_access_done(struct tevent_req *req)
{
errno_t ret;
- int pam_status = PAM_SYSTEM_ERR;
+ int pam_status = PAM_SERVICE_ERR;
struct be_req *breq =
tevent_req_callback_data(req, struct be_req);
@@ -1399,7 +1397,7 @@ static void sdap_access_done(struct tevent_req *req)
talloc_zfree(req);
if (ret != EOK) {
DEBUG(1, ("Error retrieving access check result.\n"));
- pam_status = PAM_SYSTEM_ERR;
+ pam_status = PAM_SERVICE_ERR;
}
sdap_access_reply(breq, pam_status);
--
1.8.0
|
