Skip to content

Instantly share code, notes, and snippets.

@ekollof
Last active June 27, 2018 11:18
Show Gist options
  • Save ekollof/934b7a3a5ceadd2d3b24b9e528209a53 to your computer and use it in GitHub Desktop.
Save ekollof/934b7a3a5ceadd2d3b24b9e528209a53 to your computer and use it in GitHub Desktop.
Proxy support for linotp-pam
diff --git a/src/pam_linotp.c b/src/pam_linotp.c
index 48e77c2..23f6cb9 100644
--- a/src/pam_linotp.c
+++ b/src/pam_linotp.c
@@ -120,6 +120,7 @@ int debugflag = 0;
/*
config options which could be set in the pam configuration:
url=http://localhost:5001/validate/simplecheck
+ proxy=http://proxy.location:3128/
nosslhostnameverify
nosslcertverify
realm
@@ -130,6 +131,7 @@ int debugflag = 0;
typedef struct {
char * url;
+ char *proxy;
int nosslhostnameverify;
int nosslcertverify;
char * realm;
@@ -420,7 +422,7 @@ char * linotp_create_url_params(CURL *curl_handle, int number_of_pairs, ...)
}
-int linotp_send_request(CURL *curl_handle, char * url, char * params,
+int linotp_send_request(CURL *curl_handle, char * url, char * proxy, char * params,
struct MemoryStruct * chunk,
int nosslhostnameverify, int nosslcertverify,
char * ca_file, char * ca_path) {
@@ -437,6 +439,16 @@ int linotp_send_request(CURL *curl_handle, char * url, char * params,
* :return: success status
*/
int status = 0;
+
+ /* If set, set up proxy request */
+ if (proxy) {
+ status = curl_easy_setopt(curl_handle, CURLOPT_PROXY, proxy);
+ if(CURLE_OK != status) {
+ log_error("curl_easy_setopt CURLOPT_PROXY from linotp_send_request failed");
+ goto cleanup;
+ }
+ }
+
/* Setup the base url */
status = curl_easy_setopt(curl_handle, CURLOPT_URL, url);
if(CURLE_OK != status) {
@@ -566,9 +578,13 @@ int linotp_auth(char *user, char *password,
}
if (config->debug) {
- log_debug("connecting to url:%s with parameters %s", config->url, param);
+ if (config->proxy) {
+ log_debug("connecting to url:%s via proxy: %s with parameters %s", config->url, config->proxy, param);
+ } else {
+ log_debug("connecting to url:%s with parameters %s", config->url, param);
+ }
}
- all_status = linotp_send_request(curl_handle, config->url, param, (void *) &chunk,
+ all_status = linotp_send_request(curl_handle, config->url, config->proxy, param, (void *) &chunk,
config->nosslhostnameverify, config->nosslcertverify, ca_file, ca_path);
if (config->debug) {
@@ -697,6 +713,7 @@ int pam_linotp_get_config(int argc, const char *argv[], LinOTPConfig * config, i
/*'use_first_pass', we will try to get the password from the pam stack."*/
config->use_first_pass = 0;
config->url = NULL;
+ config->proxy = NULL;
config->realm = NULL;
config->resConf = NULL;
config->use_first_pass = 0;
@@ -732,6 +749,18 @@ int pam_linotp_get_config(int argc, const char *argv[], LinOTPConfig * config, i
}
}
+ /* check for proxy */
+ else if (check_prefix(argv[i], "proxy=", &temp) > 0) {
+ // this is the validateurl
+ if (strlen(temp) > URLMAXLEN) {
+ log_error("Your proxy url is to long: %s (max %d)", argv[i],
+ URLMAXLEN);
+ return (PAM_AUTH_ERR);
+ } else {
+ config->proxy = temp;
+ }
+ }
+
/* check for realm */
else if (check_prefix(argv[i], "realm=", &temp) > 0) {
if (strlen(temp) > REALMMAXLEN) {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment