Add domain variable for use in pam_authz_search

This adds a domain variable (if it can be determined on the system) that can be used in pam_authz_search and pam_authc_search filters to build search filters that search on the domain name (the FQDN without the starting host name). Closes #8
arthurdejong · Jul 21, 2018 · 84676ab · 84676ab
1 parent 9fbcdd1
commit 84676ab
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
@@ -900,6 +900,7 @@
          <literal>$ruser</literal>, <literal>$rhost</literal>,
          <literal>$tty</literal>, <literal>$hostname</literal>,
          <literal>$fqdn</literal>, <!-- since 0.8.1 -->
+         <literal>$domain</literal>, <!-- since 0.9.10 -->
          <literal>$dn</literal>, and <literal>$uid</literal>.
        These references are substituted in the search filter using the
        same syntax as described in the section on attribute mapping

diff --git a/nslcd/cfg.c b/nslcd/cfg.c
@@ -1012,6 +1012,7 @@ static void check_search_variables(
         (strcmp(list[i], "tty") != 0) &&
         (strcmp(list[i], "hostname") != 0) &&
         (strcmp(list[i], "fqdn") != 0) &&
+        (strcmp(list[i], "domain") != 0) &&
         (strcmp(list[i], "dn") != 0) &&
         (strcmp(list[i], "uid") != 0))
     {

diff --git a/nslcd/pam.c b/nslcd/pam.c
@@ -2,7 +2,7 @@
    pam.c - pam processing routines
 
    Copyright (C) 2009 Howard Chu
-   Copyright (C) 2009-2017 Arthur de Jong
+   Copyright (C) 2009-2018 Arthur de Jong
    Copyright (C) 2015 Nokia Solutions and Networks
 
    This library is free software; you can redistribute it and/or
@@ -71,7 +71,7 @@ static DICT *search_vars_new(const char *dn, const char *username,
   char hostname[BUFLEN_HOSTNAME];
   /* allocating this on the stack is OK because search_var_add()
      will allocate new memory for the value */
-  const char *fqdn;
+  const char *fqdn, *found;
   DICT *dict;
   dict = dict_new();
   if (dict == NULL)
@@ -89,7 +89,11 @@ static DICT *search_vars_new(const char *dn, const char *username,
   if (gethostname(hostname, sizeof(hostname)) == 0)
     search_var_add(dict, "hostname", hostname);
   if ((fqdn = getfqdn()) != NULL)
+  {
     search_var_add(dict, "fqdn", fqdn);
+    if (((found = strchr(fqdn, '.'))) != NULL && (found[1] != '\0'))
+      search_var_add(dict, "domain", found + 1);
+  }
   search_var_add(dict, "dn", dn);
   search_var_add(dict, "uid", username);
   return dict;