On Fri, Apr 08, 2016 at 07:31:59PM +0300, Nikolai Kondrashov wrote:
> On 04/06/2016 02:06 PM, Sumit Bose wrote:
> >On Wed, Apr 06, 2016 at 12:59:32PM +0300, Nikolai Kondrashov wrote:
> >>On 03/18/2016 07:56 PM, Nikolai Kondrashov wrote:
> >>>The attached patch adds exporting of the original (non-overridden) user
> >>>shell
> >>>to tlog-rec, during the PAM session opening. The shell is exported via
> >>>adding
> >>>variable "TLOG_REC_SHELL" to the user's environment.
> >>
> >>Bump, tlog still needs this!
> >
> >Hi Nikolai,
> >
> >sorry for the delay. The patch looks good in general and is working as
> >expected. Currently the environment variable is set unconditionally which
> >is good for testing but it might be irritating for some users that there
> >is a new environment variable they do not know about and might be useless
> >for them. Would it be possible to set the variable only if tloc is
> >enabled?
>
> Sure, it should be possible. However, we don't have any "tlog enabling" so far
> and my impression was that it's undesirable at this stage. Jakub, what are
> your thoughts on this?
>
> >I wonder if it would makes sense to add the cached user object to preq
> >in pam_check_user_search() to avoid the lookup in
> >pam_reply_export_shell(). The data is already allocated on preq and as
> >far as I can see never freed explicitly, so it wouldn't even cost more
> >memory.
>
> Sure, that would be nice. However it's really hard for me to tell where that
> would come from, where it's actually retrieved and what's the lifetime would
> be. I really miss documentation there.
>
> Could you suggest the change, perhaps?
sure, please have a look at attached (untested) patch. With this you start in
pam_reply_export_shell() with
+ shell = ldb_msg_find_attr_as_string(preq->user_obj, SYSDB_SHELL, NULL);
+ if (shell == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "user has no shell\n");
+ ret = ENOENT;
+ goto done;
+ }
....
HTH
bye,
Sumit
>
> Thank you!
>
> Nick
> _______________________________________________
> sssd-devel mailing list
> [email protected]
> https://lists.fedorahosted.org/admin/lists/[email protected]
From 6e73a56b7f43a5dc89848eca1321c979d5cd223f Mon Sep 17 00:00:00 2001
From: Sumit Bose <[email protected]>
Date: Mon, 11 Apr 2016 18:41:07 +0200
Subject: [PATCH] example
---
src/responder/pam/pamsrv.h | 1 +
src/responder/pam/pamsrv_cmd.c | 10 +++++-----
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
index
b44e1c3378817aa169fa1fe8995bdb223f593cb0..54d455c3566ec76bb29f9c8e37907e6addec5e84
100644
--- a/src/responder/pam/pamsrv.h
+++ b/src/responder/pam/pamsrv.h
@@ -72,6 +72,7 @@ struct pam_auth_req {
struct ldb_message *cert_user_obj;
char *token_name;
+ struct ldb_message *user_obj;
};
struct sss_cmd_table *get_pam_cmds(void);
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index
0c7b31ad325321f950c9ef2a020f63290775cf8b..6d7f796845555306e9a397e642ab6a009598d5da
100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1519,7 +1519,6 @@ static int pam_check_user_search(struct pam_auth_req
*preq)
struct pam_ctx *pctx =
talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
static const char *user_attrs[] = SYSDB_PW_ATTRS;
- struct ldb_message *msg;
struct ldb_result *res;
while (dom) {
@@ -1586,7 +1585,8 @@ static int pam_check_user_search(struct pam_auth_req
*preq)
}
if (preq->pd->name_is_upn) {
- ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs, &msg);
+ ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs,
+ &preq->user_obj);
} else {
ret = sysdb_getpwnam_with_views(preq, dom, name, &res);
if (res->count > 1) {
@@ -1600,7 +1600,7 @@ static int pam_check_user_search(struct pam_auth_req
*preq)
} else if (res->count == 0) {
ret = ENOENT;
} else {
- msg = res->msgs[0];
+ preq->user_obj = res->msgs[0];
}
}
if (ret != EOK && ret != ENOENT) {
@@ -1638,7 +1638,7 @@ static int pam_check_user_search(struct pam_auth_req
*preq)
/* if we need to check the remote account go on */
if (preq->check_provider) {
- cacheExpire = ldb_msg_find_attr_as_uint64(msg,
+ cacheExpire = ldb_msg_find_attr_as_uint64(preq->user_obj,
SYSDB_CACHE_EXPIRE, 0);
if (cacheExpire < time(NULL)) {
break;
@@ -1649,7 +1649,7 @@ static int pam_check_user_search(struct pam_auth_req
*preq)
"Returning info for user [%s@%s]\n", name, dom->name);
/* We might have searched by alias. Pass on the primary name */
- ret = pd_set_primary_name(msg, preq->pd);
+ ret = pd_set_primary_name(preq->user_obj, preq->pd);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Could not canonicalize username\n");
return ret;
--
2.1.0
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]