Received: (at submit) by bugs.debian.org; 26 Jun 2001 10:20:47 +0000 From herbert@gondor.apana.org.au Tue Jun 26 05:20:47 2001 Return-path: Received: from eriador.apana.org.au [::ffff:203.14.152.116] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 15EpxZ-00029e-00; Tue, 26 Jun 2001 05:20:42 -0500 Received: from gondolin.me.apana.org.au ([192.168.0.6] ident=mail) by eriador.apana.org.au with esmtp (Exim 3.12 #1 (Debian)) id 15EpxT-0006AP-00 for ; Tue, 26 Jun 2001 20:20:35 +1000 Received: from herbert by gondolin.me.apana.org.au with local (Exim 3.22 #1 (Debian)) id 15EpxS-0000iP-00 for ; Tue, 26 Jun 2001 20:20:34 +1000 From: Subject: libpam-ldap: [PATCH] New option ext= To: submit@bugs.debian.org X-Mailer: bug 3.3.9 Message-Id: Date: Tue, 26 Jun 2001 20:20:34 +1000 Delivered-To: submit@bugs.debian.org Package: libpam-ldap Version: N/A Severity: wishlist As it is you can't call pam_ldap twice in the same file with different config files that refer to different LDAP servers. This is because pam_ldap shares session details between successive calls. The following patch adds an ext= option so that only calls to pam_ldap with the same ext specification shares the seesion. For example, you can have auth sufficient pam_ldap.so auth sufficient pam_ldap.so config=foo.conf ext=foo use_first_pass auth sufficient pam_ldap.so config=bar.conf ext=bar use_first_pass -- System Information Debian Release: testing/unstable Kernel Version: Linux gondolin 2.4.5-686-smp #9 SMP Tue Jun 5 19:14:11 EST 2001 i686 unknown -- --- pam_ldap.c.orig Tue Jun 26 15:34:11 2001 +++ pam_ldap.c Tue Jun 26 17:06:09 2001 @@ -1861,13 +1861,25 @@ static int _pam_ldap_get_session (pam_handle_t * pamh, const char *username, const char *configFile, const char *extraFilter, - pam_ldap_session_t ** psession) + const char *ext, pam_ldap_session_t ** psession) { pam_ldap_session_t *session; - int rc; + int rc = PAM_SUCCESS; + char *session_name; + const char *padl_ldap_session_data = PADL_LDAP_SESSION_DATA; + + if (ext) + { + session_name = malloc(strlen(PADL_LDAP_SESSION_DATA) + strlen(ext) + 1); + if (!session_name) { + return PAM_BUF_ERR; + } + sprintf(session_name, "%s%s", PADL_LDAP_SESSION_DATA, ext); + padl_ldap_session_data = session_name; + } if (pam_get_data - (pamh, PADL_LDAP_SESSION_DATA, (const void **) &session) == PAM_SUCCESS) + (pamh, padl_ldap_session_data, (const void **) &session) == PAM_SUCCESS) { /* * we cache the information retrieved from the LDAP server, however @@ -1884,7 +1896,7 @@ #if LDAP_SET_REBIND_PROC_ARGS < 3 global_session = *psession; #endif - return PAM_SUCCESS; + goto out; } *psession = NULL; @@ -1895,7 +1907,8 @@ #endif if (session == NULL) { - return PAM_BUF_ERR; + rc = PAM_BUF_ERR; + goto out; } session->ld = NULL; @@ -1913,25 +1926,30 @@ { _release_config (&session->conf); free (session); - return rc; + goto out; } #ifdef YPLDAPD } #endif /* YPLDAPD */ rc = - pam_set_data (pamh, PADL_LDAP_SESSION_DATA, (void *) session, + pam_set_data (pamh, padl_ldap_session_data, (void *) session, _pam_ldap_cleanup_session); if (rc != PAM_SUCCESS) { _release_config (&session->conf); free (session); - return rc; + goto out; } *psession = session; - return PAM_SUCCESS; +out: + if (ext) + { + free(session_name); + } + return rc; } static int @@ -2363,6 +2381,7 @@ pam_ldap_session_t *session = NULL; const char *configFile = NULL; const char *extraFilter = NULL; + const char *ext = NULL; for (i = 0; i < argc; i++) { @@ -2374,6 +2393,8 @@ configFile = argv[i] + 7; else if (!strncmp (argv[i], "filter=", 7)) extraFilter = argv[i] + 7; + else if (!strncmp (argv[i], "ext=", 4)) + ext = argv[i] + 4; else if (!strcmp (argv[i], "no_warn")) ; else if (!strcmp (argv[i], "debug")) @@ -2386,7 +2407,7 @@ if (rc != PAM_SUCCESS) return rc; - rc = _pam_ldap_get_session (pamh, username, configFile, extraFilter, &session); + rc = _pam_ldap_get_session (pamh, username, configFile, extraFilter, ext, &session); if (rc != PAM_SUCCESS) return rc; @@ -2466,6 +2487,7 @@ LDAPMod *mods[2], mod; const char *configFile = NULL; const char *extraFilter = NULL; + const char *ext = NULL; for (i = 0; i < argc; i++) { @@ -2477,6 +2499,8 @@ configFile = argv[i] + 7; else if (!strncmp (argv[i], "filter=", 7)) extraFilter = argv[i] + 7; + else if (!strncmp (argv[i], "ext=", 4)) + ext = argv[i] + 4; else if (!strcmp (argv[i], "no_warn")) no_warn = 1; else if (!strcmp (argv[i], "debug")) @@ -2514,7 +2538,7 @@ if (rc == PAM_SUCCESS && expuser != NULL) canabort = (strcmp (username, expuser) == 0) ? 0 : 1; - rc = _pam_ldap_get_session (pamh, username, configFile, extraFilter, &session); + rc = _pam_ldap_get_session (pamh, username, configFile, extraFilter, ext, &session); if (rc != PAM_SUCCESS) return rc; @@ -2839,6 +2863,7 @@ long int expirein = 0; /* seconds until password expires */ const char *configFile = NULL; const char *extraFilter = NULL; + const char *ext = NULL; for (i = 0; i < argc; i++) { @@ -2850,6 +2875,8 @@ configFile = argv[i] + 7; else if (!strncmp (argv[i], "filter=", 7)) extraFilter = argv[i] + 7; + else if (!strncmp (argv[i], "ext=", 4)) + ext = argv[i] + 4; else if (!strcmp (argv[i], "no_warn")) no_warn = 1; else if (!strcmp (argv[i], "debug")) @@ -2882,7 +2909,7 @@ if (username == NULL) return PAM_USER_UNKNOWN; - rc = _pam_ldap_get_session (pamh, username, configFile, extraFilter, &session); + rc = _pam_ldap_get_session (pamh, username, configFile, extraFilter, ext, &session); if (rc != PAM_SUCCESS) { return rc;