diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2013-03-01 16:04:23 +0100 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2013-03-01 17:37:33 +0100 |
commit | 31f9098856d99a04cf96be8683fbf99b72ac6983 (patch) | |
tree | a7bd180be44d495c60c12d89f982b8d90db31396 | |
parent | 1a1bb07bfa1c63bb70410b749452581b423e7297 (diff) |
move update_lastchange() function from shadow to pam code
-rw-r--r-- | nslcd/common.h | 3 | ||||
-rw-r--r-- | nslcd/pam.c | 68 | ||||
-rw-r--r-- | nslcd/shadow.c | 66 |
3 files changed, 68 insertions, 69 deletions
diff --git a/nslcd/common.h b/nslcd/common.h index 5167b95..e1a2037 100644 --- a/nslcd/common.h +++ b/nslcd/common.h @@ -118,9 +118,6 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session, const char *uid, int *rcp); MUST_USE char *uid2dn(MYLDAP_SESSION *session, const char *uid, char *buf, size_t buflen); -/* try to update the shadowLastChange attribute of the entry if possible */ -int update_lastchange(MYLDAP_SESSION *session, const char *userdn); - /* use the user id to lookup an LDAP entry with the shadow attributes requested */ MYLDAP_ENTRY *shadow_uid2entry(MYLDAP_SESSION *session, const char *username, diff --git a/nslcd/pam.c b/nslcd/pam.c index 6108159..2e09584 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -589,6 +589,74 @@ int nslcd_pam_sess_c(TFILE *fp, MYLDAP_SESSION *session) return 0; } +extern const char *shadow_filter; + +/* try to update the shadowLastChange attribute of the entry if possible */ +static int update_lastchange(MYLDAP_SESSION *session, const char *userdn) +{ + MYLDAP_SEARCH *search; + MYLDAP_ENTRY *entry; + static const char *attrs[3]; + const char *attr; + int rc; + const char **values; + LDAPMod mod, *mods[2]; + char buffer[64], *strvals[2]; + /* find the name of the attribute to use */ + if ((attmap_shadow_shadowLastChange == NULL) || (attmap_shadow_shadowLastChange[0] == '\0')) + return LDAP_LOCAL_ERROR; /* attribute not mapped at all */ + else if (strcmp(attmap_shadow_shadowLastChange, "\"${shadowLastChange:--1}\"") == 0) + attr = "shadowLastChange"; + else if (attmap_shadow_shadowLastChange[0] == '\"') + return LDAP_LOCAL_ERROR; /* other expressions not supported for now */ + else + attr = attmap_shadow_shadowLastChange; + /* set up the attributes we need */ + attrs[0] = attmap_shadow_uid; + attrs[1] = attr; + attrs[2] = NULL; + /* find the entry to see if the attribute is present */ + search = myldap_search(session, userdn, LDAP_SCOPE_BASE, shadow_filter, attrs, &rc); + if (search == NULL) + return rc; + entry = myldap_get_entry(search, &rc); + if (entry == NULL) + return rc; + values = myldap_get_values(entry, attr); + if ((values == NULL) || (values[0] == NULL) || (values[0][0] == '\0')) + return LDAP_NO_SUCH_ATTRIBUTE; + /* build the value for the new attribute */ + if (strcasecmp(attr, "pwdLastSet") == 0) + { + /* for AD we use another timestamp */ + if (mysnprintf(buffer, sizeof(buffer), "%ld000000000", + ((long int)time(NULL) / 100L + (134774L * 864L)))) + return LDAP_LOCAL_ERROR; + } + else + { + /* time in days since Jan 1, 1970 */ + if (mysnprintf(buffer, sizeof(buffer), "%ld", + ((long int)(time(NULL) / (long int)(60 * 60 * 24))))) + return LDAP_LOCAL_ERROR; + } + /* update the shadowLastChange attribute */ + strvals[0] = buffer; + strvals[1] = NULL; + mod.mod_op = LDAP_MOD_REPLACE; + mod.mod_type = (char *)attr; + mod.mod_values = strvals; + mods[0] = &mod; + mods[1] = NULL; + rc = myldap_modify(session, userdn, mods); + if (rc != LDAP_SUCCESS) + log_log(LOG_WARNING, "%s: %s: modification failed: %s", + userdn, attr, ldap_err2string(rc)); + else + log_log(LOG_DEBUG, "%s: %s: modification succeeded", userdn, attr); + return rc; +} + /* perform an LDAP password modification, returns an LDAP status code */ static int try_pwmod(MYLDAP_SESSION *oldsession, const char *binddn, const char *userdn, diff --git a/nslcd/shadow.c b/nslcd/shadow.c index 9a4f928..6e84d36 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -216,72 +216,6 @@ void get_shadow_properties(MYLDAP_ENTRY *entry, long *lastchangedate, } } -/* try to update the shadowLastChange attribute of the entry if possible */ -int update_lastchange(MYLDAP_SESSION *session, const char *userdn) -{ - MYLDAP_SEARCH *search; - MYLDAP_ENTRY *entry; - static const char *attrs[3]; - const char *attr; - int rc; - const char **values; - LDAPMod mod, *mods[2]; - char buffer[64], *strvals[2]; - /* find the name of the attribute to use */ - if ((attmap_shadow_shadowLastChange == NULL) || (attmap_shadow_shadowLastChange[0] == '\0')) - return LDAP_LOCAL_ERROR; /* attribute not mapped at all */ - else if (strcmp(attmap_shadow_shadowLastChange, "\"${shadowLastChange:--1}\"") == 0) - attr = "shadowLastChange"; - else if (attmap_shadow_shadowLastChange[0] == '\"') - return LDAP_LOCAL_ERROR; /* other expressions not supported for now */ - else - attr = attmap_shadow_shadowLastChange; - /* set up the attributes we need */ - attrs[0] = attmap_shadow_uid; - attrs[1] = attr; - attrs[2] = NULL; - /* find the entry to see if the attribute is present */ - search = myldap_search(session, userdn, LDAP_SCOPE_BASE, shadow_filter, attrs, &rc); - if (search == NULL) - return rc; - entry = myldap_get_entry(search, &rc); - if (entry == NULL) - return rc; - values = myldap_get_values(entry, attr); - if ((values == NULL) || (values[0] == NULL) || (values[0][0] == '\0')) - return LDAP_NO_SUCH_ATTRIBUTE; - /* build the value for the new attribute */ - if (strcasecmp(attr, "pwdLastSet") == 0) - { - /* for AD we use another timestamp */ - if (mysnprintf(buffer, sizeof(buffer), "%ld000000000", - ((long int)time(NULL) / 100L + (134774L * 864L)))) - return LDAP_LOCAL_ERROR; - } - else - { - /* time in days since Jan 1, 1970 */ - if (mysnprintf(buffer, sizeof(buffer), "%ld", - ((long int)(time(NULL) / (long int)(60 * 60 * 24))))) - return LDAP_LOCAL_ERROR; - } - /* update the shadowLastChange attribute */ - strvals[0] = buffer; - strvals[1] = NULL; - mod.mod_op = LDAP_MOD_REPLACE; - mod.mod_type = (char *)attr; - mod.mod_values = strvals; - mods[0] = &mod; - mods[1] = NULL; - rc = myldap_modify(session, userdn, mods); - if (rc != LDAP_SUCCESS) - log_log(LOG_WARNING, "%s: %s: modification failed: %s", - userdn, attr, ldap_err2string(rc)); - else - log_log(LOG_DEBUG, "%s: %s: modification succeeded", userdn, attr); - return rc; -} - static int write_shadow(TFILE *fp, MYLDAP_ENTRY *entry, const char *requser) { int32_t tmpint32; |