Skip to content

pam: add curl timeouts #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

pam: add curl timeouts #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2401d79
pam: add curl timeouts
Feb 15, 2018
e285e1c
pam: fixed variable name
tinx Feb 16, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ Config options to be set in the pam configuration:
nosslcertverify
realm=<yourRealm>
resConf=<specialResolverConfig>
connect_timeout=<curlConnectTimeout>
request_timeout=<curlRequestTimeout>


Have fun.
2 changes: 2 additions & 0 deletions README.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ Config options to be set in the pam configuration:
nosslcertverify
realm=<yourRealm>
resConf=<specialResolverConfig>
connect_timeout=<curlConnectTimeout>
request_timeout=<curlRequestTimeout>


Have fun.
41 changes: 39 additions & 2 deletions src/pam_linotp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@ typedef struct {
char * tokenlength;
char * ca_file;
char * ca_path;
long connection_timeout;
long request_timeout;
} LinOTPConfig ;

int pam_linotp_get_authtok(pam_handle_t *pamh, char **password, char ** cleanpassword,
Expand Down Expand Up @@ -423,7 +425,8 @@ char * linotp_create_url_params(CURL *curl_handle, int number_of_pairs, ...)
int linotp_send_request(CURL *curl_handle, char * url, char * params,
struct MemoryStruct * chunk,
int nosslhostnameverify, int nosslcertverify,
char * ca_file, char * ca_path) {
char * ca_file, char * ca_path,
int connection_timeout, int request_timeout) {
/**
* submit an http request using curl to linotp
*
Expand All @@ -444,6 +447,20 @@ int linotp_send_request(CURL *curl_handle, char * url, char * params,
goto cleanup;
}

/* Setup the timeout */
status = curl_easy_setopt(curl_handle, CURLOPT_CONNECTTIMEOUT, connection_timeout);
if(CURLE_OK != status) {
log_error("curl_easy_setopt CURLOPT_CONNECTTIMEOUT from linotp_send_request failed");
goto cleanup;
}

/* Setup the timeout */
status = curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT, request_timeout);
if(CURLE_OK != status) {
log_error("curl_easy_setopt CURLOPT_TIMEOUT from linotp_send_request failed");
goto cleanup;
}

/* Now specify the POST data */
status = curl_easy_setopt(curl_handle, CURLOPT_POSTFIELDS, params);
if(CURLE_OK != status) {
Expand Down Expand Up @@ -569,7 +586,8 @@ int linotp_auth(char *user, char *password,
log_debug("connecting to url:%s with parameters %s", config->url, param);
}
all_status = linotp_send_request(curl_handle, config->url, param, (void *) &chunk,
config->nosslhostnameverify, config->nosslcertverify, ca_file, ca_path);
config->nosslhostnameverify, config->nosslcertverify, ca_file, ca_path,
config->connection_timeout, config->request_timeout);

if (config->debug) {
log_debug("result %s", chunk.memory);
Expand Down Expand Up @@ -690,6 +708,7 @@ int pam_linotp_get_config(int argc, const char *argv[], LinOTPConfig * config, i
*/

int ret = PAM_SUCCESS;
char *endptr;

/* reset configuration */
config->nosslhostnameverify = 0;
Expand All @@ -710,6 +729,8 @@ int pam_linotp_get_config(int argc, const char *argv[], LinOTPConfig * config, i
config->tokenlength=0;
config->ca_file=NULL;
config->ca_path=NULL;
config->connection_timeout=10;
config->request_timeout=15;
unsigned int i = 0;

for ( i = 0; i < argc; i++ ) {
Expand Down Expand Up @@ -787,6 +808,22 @@ int pam_linotp_get_config(int argc, const char *argv[], LinOTPConfig * config, i
config->prompt = temp;
}
}
/* connection_timeout */
else if (check_prefix(argv[i], "connection_timeout=", &temp) > 0) {
config->connection_timeout = strtol(temp, &endptr, 10);
if (*temp == '\0' || *endptr != '\0') {
log_error("Connection timeout parameter is not an integer: %s", temp);
return (PAM_AUTH_ERR);
}
}
/* request_timeout */
else if (check_prefix(argv[i], "request_timeout=", &temp) > 0) {
config->request_timeout = strtol(temp, &endptr, 10);
if (*temp == '\0' || *endptr != '\0') {
log_error("Request timeout parameter is not an integer: %s", temp);
return (PAM_AUTH_ERR);
}
}
else {
log_debug("unkown configuration prameter %s", argv[i]);
}
Expand Down