Last active
June 27, 2018 11:18
-
-
Save ekollof/934b7a3a5ceadd2d3b24b9e528209a53 to your computer and use it in GitHub Desktop.
Proxy support for linotp-pam
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/src/pam_linotp.c b/src/pam_linotp.c | |
| index 48e77c2..23f6cb9 100644 | |
| --- a/src/pam_linotp.c | |
| +++ b/src/pam_linotp.c | |
| @@ -120,6 +120,7 @@ int debugflag = 0; | |
| /* | |
| config options which could be set in the pam configuration: | |
| url=http://localhost:5001/validate/simplecheck | |
| + proxy=http://proxy.location:3128/ | |
| nosslhostnameverify | |
| nosslcertverify | |
| realm | |
| @@ -130,6 +131,7 @@ int debugflag = 0; | |
| typedef struct { | |
| char * url; | |
| + char *proxy; | |
| int nosslhostnameverify; | |
| int nosslcertverify; | |
| char * realm; | |
| @@ -420,7 +422,7 @@ char * linotp_create_url_params(CURL *curl_handle, int number_of_pairs, ...) | |
| } | |
| -int linotp_send_request(CURL *curl_handle, char * url, char * params, | |
| +int linotp_send_request(CURL *curl_handle, char * url, char * proxy, char * params, | |
| struct MemoryStruct * chunk, | |
| int nosslhostnameverify, int nosslcertverify, | |
| char * ca_file, char * ca_path) { | |
| @@ -437,6 +439,16 @@ int linotp_send_request(CURL *curl_handle, char * url, char * params, | |
| * :return: success status | |
| */ | |
| int status = 0; | |
| + | |
| + /* If set, set up proxy request */ | |
| + if (proxy) { | |
| + status = curl_easy_setopt(curl_handle, CURLOPT_PROXY, proxy); | |
| + if(CURLE_OK != status) { | |
| + log_error("curl_easy_setopt CURLOPT_PROXY from linotp_send_request failed"); | |
| + goto cleanup; | |
| + } | |
| + } | |
| + | |
| /* Setup the base url */ | |
| status = curl_easy_setopt(curl_handle, CURLOPT_URL, url); | |
| if(CURLE_OK != status) { | |
| @@ -566,9 +578,13 @@ int linotp_auth(char *user, char *password, | |
| } | |
| if (config->debug) { | |
| - log_debug("connecting to url:%s with parameters %s", config->url, param); | |
| + if (config->proxy) { | |
| + log_debug("connecting to url:%s via proxy: %s with parameters %s", config->url, config->proxy, param); | |
| + } else { | |
| + log_debug("connecting to url:%s with parameters %s", config->url, param); | |
| + } | |
| } | |
| - all_status = linotp_send_request(curl_handle, config->url, param, (void *) &chunk, | |
| + all_status = linotp_send_request(curl_handle, config->url, config->proxy, param, (void *) &chunk, | |
| config->nosslhostnameverify, config->nosslcertverify, ca_file, ca_path); | |
| if (config->debug) { | |
| @@ -697,6 +713,7 @@ int pam_linotp_get_config(int argc, const char *argv[], LinOTPConfig * config, i | |
| /*'use_first_pass', we will try to get the password from the pam stack."*/ | |
| config->use_first_pass = 0; | |
| config->url = NULL; | |
| + config->proxy = NULL; | |
| config->realm = NULL; | |
| config->resConf = NULL; | |
| config->use_first_pass = 0; | |
| @@ -732,6 +749,18 @@ int pam_linotp_get_config(int argc, const char *argv[], LinOTPConfig * config, i | |
| } | |
| } | |
| + /* check for proxy */ | |
| + else if (check_prefix(argv[i], "proxy=", &temp) > 0) { | |
| + // this is the validateurl | |
| + if (strlen(temp) > URLMAXLEN) { | |
| + log_error("Your proxy url is to long: %s (max %d)", argv[i], | |
| + URLMAXLEN); | |
| + return (PAM_AUTH_ERR); | |
| + } else { | |
| + config->proxy = temp; | |
| + } | |
| + } | |
| + | |
| /* check for realm */ | |
| else if (check_prefix(argv[i], "realm=", &temp) > 0) { | |
| if (strlen(temp) > REALMMAXLEN) { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment