Date: Wed, 21 Oct 2009 05:53:35 -0400 From: Jacob Myers <jacob@whotookspaz.org> To: ports@freebsd.org Subject: [PATCH] Enable login class support via nss_ldap Message-ID: <4ADEDA1F.6080806@whotookspaz.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig0ED4365A31A10A389F7B0E8C Content-Type: multipart/mixed; boundary="------------070209030901040608060505" This is a multi-part message in MIME format. --------------070209030901040608060505 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hello, I have written a patch for net/nss_ldap to enable the use of login classes (which are used for resource control in FreeBSD). This patch applies cleanly against the latest version of the port. The reason I am submitting this here and not upstream is because this is a relatively FreeBSD-specific extension. To use this, all one has to do is set the loginClass attribute (or a mapping in nss_ldap.conf) for a user. The actual attribute can be implemented as an extension to the NIS schema standard (how we did it), or via a site-specific schema. Either way, it is trivial, and any competent LDAP administrator should be able to do this. I would like to solicit some review for this patch before I submit it to the PR system. Any questions and feedback are well appreciated :). --=20 Jacob Myers <Jacob@whotookspaz.org> | Website: http://whotookspaz.org Network Admin, Wilcox Technologies | Public key: 186A424A Answer a fool according to his folly, lest he be wise in his own conceit -- Proverbs, 26:5 --------------070209030901040608060505 Content-Type: text/plain; name="login_classes.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="login_classes.diff" --- ldap-pwd.c 2009-08-29 09:21:43.000000000 -0400 +++ ldap-pwd.c 2009-08-29 08:17:12.000000000 -0400 @@ -170,6 +170,12 @@ } =20 + stat =3D + _nss_ldap_assign_attrval (e, AT (loginClass), &pw->pw_class, &buffer= , + &buflen); + if (stat !=3D NSS_SUCCESS) + (void) _nss_ldap_assign_emptystring (&pw->pw_class, &buffer, &buflen= ); + stat =3D _nss_ldap_assign_attrval (e, AT (homeDirectory), &pw->pw_dir, &buffe= r, &buflen); if (stat !=3D NSS_SUCCESS) --- ldap-schema.c 2009-08-29 09:21:43.000000000 -0400 +++ ldap-schema.c 2009-08-28 12:09:52.000000000 -0400 @@ -334,6 +334,7 @@ #ifdef HAVE_PASSWD_PW_EXPIRE (*pwd_attrs)[i++] =3D AT (shadowExpire); #endif /* HAVE_PASSWD_PW_EXPIRE */ + (*pwd_attrs)[i++] =3D AT (loginClass); (*pwd_attrs)[i] =3D NULL; } =20 --- ldap-schema.h 2009-08-29 09:21:43.000000000 -0400 +++ ldap-schema.h 2009-08-29 06:37:18.000000000 -0400 @@ -24,7 +24,7 @@ #define _LDAP_NSS_LDAP_LDAP_SCHEMA_H =20 /* max number of attributes per object class */ -#define ATTRTAB_SIZE 15 +#define ATTRTAB_SIZE 16 =20 /** * function to initialize global lookup filters. @@ -153,6 +153,8 @@ #define AT_gecos "gecos" #define AT_homeDirectory "homeDirectory" =20 +/* FreeBSD extension -Jacob Myers <jacob@whotokspaz.org> */ +#define AT_loginClass "loginClass" /* * ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY * DESC 'Additional attributes for shadow passwords' =20 --------------070209030901040608060505-- --------------enig0ED4365A31A10A389F7B0E8C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJK3tolAAoJEA933foYakKkNkAQAJ8mf326FmszKHq35kRkIieS o+d2mqz64/roVB7qo+YW8CFixr1laW0ng4FsDLHWB2RwCH0pLA5fzXC96xykjSYa 5vFTY4xxZVxJe6Hh1TPgUYdNWsXNslrCOj1C2BqSBinBssuwUp0H/BIxBD8thMPC Whadc9FrzbzN73WZI8M8grOJhY7SuMhcgZ9lc/zKDI01LEapZsrtVm4WUzzAJTH9 4Wd5P09yXMu8QNZ4m+wHInuMuSWp6qrHhIJMgiAB7ouWRoJZKGKY99H+ayedJyIm YfQDGr2kbzYKRh9PZd2TPl7eYy1yQHCHnxk8zdJlbPhWvLu3RCbgyfFy0WaY+AC7 L+NJEXV60+/iYTquKAmwHStdBYd3HCmccOBHkyJLb/NAt5HRw9dMIRHArmQImuK7 sOc38qTnNRzIclmm/T4viW3VOnopS/u+DKDFK6jcik0QbSYAiAULgAyZE8mIlT+H 6bNMeg6kmonVTVgoavSfv4HLRzYWvKb/f02hwkObucUU03FEUZHJajtlUA5IIAxi 2NFR08UcJqENl9uhDE3pgDusV07QCaGJ8CBKXsGBzEVkf95WYa629jrHgfXWhmR+ 3rKTrIgkPbElLsO9LVdPq0fLXx00aybisOe7vDXHoI/iL9ZCUlQeC6fKQQ4nJVbZ yWJL4BljMUvNqtXldwYB =qOE/ -----END PGP SIGNATURE----- --------------enig0ED4365A31A10A389F7B0E8C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ADEDA1F.6080806>