diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2009-11-09 18:38:09 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-11-18 17:35:10 -0500 |
commit | 15dc6329c159e3f03e25cc18a49681e0f4be9c51 (patch) | |
tree | 713d3ea741aecb386413ad151b07de7f801b412a | |
parent | 8f1d08367255e5be9db8718da5d4ee9444911b57 (diff) | |
download | sssd-15dc6329c159e3f03e25cc18a49681e0f4be9c51.tar.gz sssd-15dc6329c159e3f03e25cc18a49681e0f4be9c51.tar.bz2 sssd-15dc6329c159e3f03e25cc18a49681e0f4be9c51.zip |
Make the password field configurable in NSS
Per the discussion on sssd-devel list, nss_sss should not return a
hardcoded value but this should rather be configurable to allow whatever
the OS or distribution thinks is the best for the particular case.
Fixes: #266
-rw-r--r-- | server/confdb/confdb.h | 1 | ||||
-rw-r--r-- | server/config/SSSDConfig.py | 1 | ||||
-rw-r--r-- | server/config/etc/sssd.api.conf | 1 | ||||
-rw-r--r-- | server/responder/nss/nsssrv.c | 7 | ||||
-rw-r--r-- | server/responder/nss/nsssrv.h | 2 | ||||
-rw-r--r-- | server/responder/nss/nsssrv_cmd.c | 9 |
6 files changed, 17 insertions, 4 deletions
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h index a564b176..7f6c63b0 100644 --- a/server/confdb/confdb.h +++ b/server/confdb/confdb.h @@ -60,6 +60,7 @@ #define CONFDB_NSS_FILTER_USERS_IN_GROUPS "filter_users_in_groups" #define CONFDB_NSS_FILTER_USERS "filter_users" #define CONFDB_NSS_FILTER_GROUPS "filter_groups" +#define CONFDB_NSS_PWFIELD "pwfield" /* PAM */ #define CONFDB_PAM_CONF_ENTRY "config/pam" diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py index 1fa6d4c5..162354b1 100644 --- a/server/config/SSSDConfig.py +++ b/server/config/SSSDConfig.py @@ -56,6 +56,7 @@ option_strings = { 'filter_users' : _('Users that SSSD should explicitly ignore'), 'filter_groups' : _('Groups that SSSD should explicitly ignore'), 'filter_users_in_groups' : _('Should filtered users appear in groups'), + 'pwfield' : _('The value of the password field the NSS provider should return'), # [pam] 'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'), diff --git a/server/config/etc/sssd.api.conf b/server/config/etc/sssd.api.conf index e8b266bd..91b38b63 100644 --- a/server/config/etc/sssd.api.conf +++ b/server/config/etc/sssd.api.conf @@ -26,6 +26,7 @@ entry_negative_timeout = int, None filter_users = list, str, root filter_groups = list, str, root filter_users_in_groups = bool, None, true +pwfield = str, None, * [pam] # Authentication service diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c index dad1c7c1..7de346f0 100644 --- a/server/responder/nss/nsssrv.c +++ b/server/responder/nss/nsssrv.c @@ -45,6 +45,8 @@ #define SSS_NSS_PIPE_NAME "nss" +#define DEFAULT_PWFIELD "*" + static int service_reload(DBusMessage *message, struct sbus_connection *conn); struct sbus_method monitor_nss_methods[] = { @@ -201,6 +203,11 @@ static int nss_get_config(struct nss_ctx *nctx, } } + ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, + CONFDB_NSS_PWFIELD, DEFAULT_PWFIELD, + &nctx->pwfield); + if (ret != EOK) goto done; + ret = 0; done: talloc_free(tmpctx); diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h index 464481d7..a6c66183 100644 --- a/server/responder/nss/nsssrv.h +++ b/server/responder/nss/nsssrv.h @@ -57,6 +57,8 @@ struct nss_ctx { struct getent_ctx *gctx; bool filter_users_in_groups; + + char *pwfield; }; struct nss_packet; diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index a029baf4..e4b08cb3 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -135,7 +135,7 @@ static int fill_pwent(struct sss_packet *packet, uint32_t uid; uint32_t gid; size_t rsize, rp, blen; - size_t s1, s2, s3, s4; + size_t s1, s2, s3, s4, s5; size_t dom_len = 0; int delim = 1; int i, ret, num, t; @@ -201,9 +201,10 @@ static int fill_pwent(struct sss_packet *packet, s2 = strlen(gecos) + 1; s3 = strlen(homedir) + 1; s4 = strlen(shell) + 1; + s5 = strlen(nctx->pwfield) + 1; if (add_domain) s1 += delim + dom_len; - rsize = 2*sizeof(uint32_t) +s1 + 2 + s2 + s3 +s4; + rsize = 2*sizeof(uint32_t) +s1 + s2 + s3 + s4 + s5; ret = sss_packet_grow(packet, rsize); if (ret != EOK) { @@ -244,8 +245,8 @@ static int fill_pwent(struct sss_packet *packet, } rp += s1; - memcpy(&body[rp], "x", 2); - rp += 2; + memcpy(&body[rp], nctx->pwfield, s5); + rp += s5; memcpy(&body[rp], gecos, s2); rp += s2; memcpy(&body[rp], homedir, s3); |