From e5a47d1f9a51bef0627fb6ea781ab9d8eabff605 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sun, 7 Nov 2010 13:13:57 +0000 Subject: log the request with any logged messages git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1301 ef36b2f9-881f-0410-afb5-c4e39611909c --- nslcd/common.h | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'nslcd/common.h') diff --git a/nslcd/common.h b/nslcd/common.h index a7cc18a..83bb451 100644 --- a/nslcd/common.h +++ b/nslcd/common.h @@ -147,13 +147,13 @@ int nslcd_pam_sess_c(TFILE *fp,MYLDAP_SESSION *session); int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); /* macros for generating service handling code */ -#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn) \ +#define NSLCD_HANDLE(db,fn,readfn,action,mkfilter,writefn) \ int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session) \ - NSLCD_HANDLE_BODY(db,fn,readfn,logcall,action,mkfilter,writefn) -#define NSLCD_HANDLE_UID(db,fn,readfn,logcall,action,mkfilter,writefn) \ + NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) +#define NSLCD_HANDLE_UID(db,fn,readfn,action,mkfilter,writefn) \ int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) \ - NSLCD_HANDLE_BODY(db,fn,readfn,logcall,action,mkfilter,writefn) -#define NSLCD_HANDLE_BODY(db,fn,readfn,logcall,action,mkfilter,writefn) \ + NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) +#define NSLCD_HANDLE_BODY(db,fn,readfn,action,mkfilter,writefn) \ { \ /* define common variables */ \ int32_t tmpint32; \ @@ -163,8 +163,6 @@ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid); int rc,i; \ /* read request parameters */ \ readfn; \ - /* log call */ \ - logcall; \ /* write the response header */ \ WRITE_INT32(fp,NSLCD_VERSION); \ WRITE_INT32(fp,action); \ -- cgit v1.2.3 From fea0ff28c0ab0a68fae5dafd780829cbf1965d89 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Wed, 17 Nov 2010 20:08:09 +0000 Subject: return correct PAM status code for when LDAP server is unavailable (based on a patch by Pierre Gambarotto) git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1315 ef36b2f9-881f-0410-afb5-c4e39611909c --- nslcd/common.h | 2 +- nslcd/pam.c | 20 +++++++++++++++----- nslcd/passwd.c | 6 +++--- 3 files changed, 19 insertions(+), 9 deletions(-) (limited to 'nslcd/common.h') diff --git a/nslcd/common.h b/nslcd/common.h index 83bb451..90e9b10 100644 --- a/nslcd/common.h +++ b/nslcd/common.h @@ -89,7 +89,7 @@ MUST_USE char *lookup_dn2uid(MYLDAP_SESSION *session,const char *dn,int *rcp,cha MUST_USE char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen); /* use the user id to lookup an LDAP entry */ -MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid); +MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp); /* transforms the uid into a DN by doing an LDAP lookup */ MUST_USE char *uid2dn(MYLDAP_SESSION *session,const char *uid,char *buf,size_t buflen); diff --git a/nslcd/pam.c b/nslcd/pam.c index c4bc4f0..d8e9bab 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -69,6 +69,7 @@ static int try_bind(const char *userdn,const char *password) static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz, char *username,size_t usernamesz) { + int rc; MYLDAP_ENTRY *entry=NULL; const char *value; const char **values; @@ -76,17 +77,17 @@ static int validate_user(MYLDAP_SESSION *session,char *userdn,size_t userdnsz, if (!isvalidname(username)) { log_log(LOG_WARNING,"\"%s\": invalid user name",username); - return LDAP_INVALID_SYNTAX; + return LDAP_NO_SUCH_OBJECT; } /* look up user DN if not known */ if (userdn[0]=='\0') { /* get the user entry based on the username */ - entry=uid2entry(session,username); + entry=uid2entry(session,username,&rc); if (entry==NULL) { - log_log(LOG_WARNING,"\"%s\": user not found",username); - return LDAP_NO_SUCH_OBJECT; + log_log(LOG_WARNING,"\"%s\": user not found: %s",username,ldap_err2string(rc)); + return rc; } /* get the DN */ myldap_cpy_dn(entry,userdn,userdnsz); @@ -165,8 +166,17 @@ int nslcd_pam_authc(TFILE *fp,MYLDAP_SESSION *session,uid_t calleruid) strcpy(password,nslcd_cfg->ldc_rootpwmodpw); } } - else if (validate_user(session,userdn,sizeof(userdn),username,sizeof(username))!=LDAP_SUCCESS) + else if ((rc=validate_user(session,userdn,sizeof(userdn),username,sizeof(username)))!=LDAP_SUCCESS) { + if (rc!=LDAP_NO_SUCH_OBJECT) + { + WRITE_INT32(fp,NSLCD_RESULT_BEGIN); + WRITE_STRING(fp,username); + WRITE_STRING(fp,""); + WRITE_INT32(fp,NSLCD_PAM_AUTHINFO_UNAVAIL); /* authc */ + WRITE_INT32(fp,NSLCD_PAM_AUTHINFO_UNAVAIL); /* authz */ + WRITE_STRING(fp,"LDAP server unavaiable"); /* authzmsg */ + } WRITE_INT32(fp,NSLCD_RESULT_END); return -1; } diff --git a/nslcd/passwd.c b/nslcd/passwd.c index e24fdcf..f0dceb0 100644 --- a/nslcd/passwd.c +++ b/nslcd/passwd.c @@ -252,7 +252,7 @@ char *dn2uid(MYLDAP_SESSION *session,const char *dn,char *buf,size_t buflen) return uid; } -MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid) +MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid,int *rcp) { MYLDAP_SEARCH *search=NULL; MYLDAP_ENTRY *entry=NULL; @@ -270,7 +270,7 @@ MYLDAP_ENTRY *uid2entry(MYLDAP_SESSION *session,const char *uid) mkfilter_passwd_byname(uid,filter,sizeof(filter)); for (i=0;(i