diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2010-09-05 11:30:44 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2010-09-05 11:30:44 +0200 |
| commit | 5d0bed9421744105d9f99b12257921ac076cc264 (patch) | |
| tree | 8609be021b35f423d42dab6d883eb95c8365a9d4 /nslcd/cfg.c | |
| parent | 9a9a18ee35a48980510da613c9caa460f6da7e30 (diff) | |
implement a rootpwmodpw option that allows root users to change user passwords without a password prompt
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1206 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'nslcd/cfg.c')
| -rw-r--r-- | nslcd/cfg.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/nslcd/cfg.c b/nslcd/cfg.c index 52a10b8..364e726 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -97,6 +97,7 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->ldc_binddn=NULL; cfg->ldc_bindpw=NULL; cfg->ldc_rootpwmoddn=NULL; + cfg->ldc_rootpwmodpw=NULL; cfg->ldc_sasl_mech=NULL; cfg->ldc_sasl_realm=NULL; cfg->ldc_sasl_authcid=NULL; @@ -377,6 +378,28 @@ static inline void check_argumentcount(const char *filename,int lnr, } } +/* check that the file is not world readable */ +static void check_permissions(const char *filename,const char *keyword) +{ + struct stat sb; + /* get file status */ + if (stat(filename,&sb)) + { + log_log(LOG_ERR,"cannot stat() %s: %s",filename,strerror(errno)); + exit(EXIT_FAILURE); + } + /* check permissions */ + if ((sb.st_mode&0007)!=0) + { + if (keyword!=NULL) + log_log(LOG_ERR,"%s: file should not be world readable if %s is set", + filename, keyword); + else + log_log(LOG_ERR,"%s: file should not be world readable",filename); + exit(EXIT_FAILURE); + } +} + static void get_int(const char *filename,int lnr, const char *keyword,char **line, int *var) @@ -811,12 +834,18 @@ static void cfg_read(const char *filename,struct ldap_config *cfg) } else if (strcasecmp(keyword,"bindpw")==0) { + check_permissions(filename,keyword); get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); } else if (strcasecmp(keyword,"rootpwmoddn")==0) { get_restdup(filename,lnr,keyword,&line,&cfg->ldc_rootpwmoddn); } + else if (strcasecmp(keyword,"rootpwmodpw")==0) + { + check_permissions(filename,keyword); + get_restdup(filename,lnr,keyword,&line,&cfg->ldc_rootpwmodpw); + } /* SASL authentication options */ else if (strcasecmp(keyword,"use_sasl")==0) { @@ -1055,6 +1084,8 @@ static void bindpw_read(const char *filename,struct ldap_config *cfg) exit(EXIT_FAILURE); } } + /* check permissions */ + check_permissions(filename,NULL); /* read the first line */ if (fgets(linebuf,sizeof(linebuf),fp)==NULL) { @@ -1062,8 +1093,6 @@ static void bindpw_read(const char *filename,struct ldap_config *cfg) exit(EXIT_FAILURE); } /* chop the last char off and save the rest as bindpw */ - i=strlen(linebuf); - i=(int)strlen(linebuf); if ((i<=0)||(linebuf[i-1]!='\n')) { |