diff options
| author | Jan Pazdziora <jpazdziora@redhat.com> | 2017-03-31 12:16:00 +0200 |
|---|---|---|
| committer | Jan Pazdziora <jpazdziora@redhat.com> | 2017-04-04 08:51:00 +0200 |
| commit | d67645b0d1a8da6f788e3fa73d125fe3e85e56aa (patch) | |
| tree | 45b3f5912b3866e1d2b258a1766e7341ade300bb | |
| parent | 630c7f4818f5078027ee1619ac35830c7b104cc2 (diff) | |
| download | mod_lookup_identity-d67645b0d1a8da6f788e3fa73d125fe3e85e56aa.tar.gz mod_lookup_identity-d67645b0d1a8da6f788e3fa73d125fe3e85e56aa.tar.xz mod_lookup_identity-d67645b0d1a8da6f788e3fa73d125fe3e85e56aa.zip | |
Make LookupUserGECOS optional (no default) to support non-POSIX user identities.
| -rw-r--r-- | README | 9 | ||||
| -rw-r--r-- | mod_lookup_identity.c | 16 |
2 files changed, 13 insertions, 12 deletions
@@ -20,7 +20,7 @@ method org.freedesktop.sssd.infopipe.Users.FindByCertificate. It also allows retrieval of list of group names the user belongs to using org.freedesktop.sssd.infopipe.GetUserGroups call and any custom attributes configured in /etc/sssd/sssd.conf using with -org.freedesktop.sssd.infopipe.GetUserAttr call. It also retrieves +org.freedesktop.sssd.infopipe.GetUserAttr call. It can also retrieve the GECOS information using the getpwnam call. The retrieved values get stored in notes/environment variables. @@ -101,11 +101,14 @@ The default behaviour can be changed with the following directives: note/environment variable is not set yet, otherwise the value is overwritten. + Setting this option requires for the user identity to be + POSIX identity, retrievable with getpwnam. + Example: LookupUserGECOS REMOTE_USER_FULLNAME Example: LookupUserGECOS +REMOTE_USER_GECOS - Default is REMOTE_USER_GECOS. + Default is not set. LookupUserGroups name [separator] @@ -348,7 +351,7 @@ in and will not be available. License ------- -Copyright 2013--2016 Jan Pazdziora +Copyright 2013--2017 Jan Pazdziora Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/mod_lookup_identity.c b/mod_lookup_identity.c index 00c16b5..9f53054 100644 --- a/mod_lookup_identity.c +++ b/mod_lookup_identity.c @@ -1,6 +1,6 @@ /* - * Copyright 2013--2016 Jan Pazdziora + * Copyright 2013--2017 Jan Pazdziora * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -60,8 +60,6 @@ static const int LOOKUP_IDENTITY_OUTPUT_ENV = 2; static const int LOOKUP_IDENTITY_OUTPUT_HEADERS = 4; static const int LOOKUP_IDENTITY_OUTPUT_HEADERS_BASE64 = 8; -static char * LOOKUP_IDENTITY_OUTPUT_GECOS = "REMOTE_USER_GECOS"; - typedef struct lookup_identity_config { char * context; int output; @@ -446,12 +444,12 @@ static int lookup_identity_hook(request_rec * r) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "invoked for user %s", r->user); - struct passwd * pwd = getpwnam(r->user); - if (! pwd) { - return DECLINED; - } - if (the_config->output_gecos) { + struct passwd * pwd = getpwnam(r->user); + if (! pwd) { + return DECLINED; + } + apr_array_header_t * gecos_array = apr_array_make(r->pool, 1, sizeof(char *)); *(char **)apr_array_push(gecos_array) = pwd->pw_gecos; lookup_identity_output_data(r, the_output, @@ -685,7 +683,7 @@ static lookup_identity_config * create_common_conf(apr_pool_t * pool) { lookup_identity_config * cfg = apr_pcalloc(pool, sizeof(lookup_identity_config)); if (cfg) { cfg->output = LOOKUP_IDENTITY_OUTPUT_DEFAULT; - cfg->output_gecos = LOOKUP_IDENTITY_OUTPUT_GECOS; + cfg->output_gecos = NULL; #ifndef NO_USER_ATTR cfg->lookup_by_certificate = -1; #endif |