EGA-archive · silverdaz · May 6, 2026 · May 22, 2026
diff --git a/src/Makefile b/src/Makefile
@@ -2,6 +2,7 @@
 # Makefile for the NSS and PAM modules used in Local EGA
 #
 # Blowfish code from http://www.openwall.com/crypt/
+# JSON parser code from https://github.com/zserge/jsmn
 #
 
 NSS_LD_SONAME=-Wl,-soname,libnss_ega.so.2
@@ -25,6 +26,10 @@ EGA_LIBDIR=/usr/local/lib/ega
 EGA_BINDIR=/usr/local/bin
 EGA_PAMDIR=/lib/security
 
+ifdef NSS_CFGFILE
+CFLAGS += -DCFGFILE=\"$(NSS_CFGFILE)\"
+endif
+
 HEADERS = utils.h config.h cache.h json.h cega.h $(wildcard jsmn/*.h) $(wildcard blowfish/*.h)
 
 NSS_SOURCES = nss.c config.c cache.c json.c cega.c $(wildcard jsmn/*.c)
@@ -87,7 +92,7 @@ blowfish/x86.o: blowfish/x86.S
 	@echo "Compiling $<"
 	@$(CC) $(CFLAGS) -c -o $@ $<
 
-install-nss: $(NSS_LIBRARY)
+install-nss: $(NSS_LIBRARY) | $(EGA_LIBDIR)
 	@echo "Installing $< into $(EGA_LIBDIR)"
 	@install $< $(EGA_LIBDIR)
 
@@ -110,7 +115,7 @@ install-keys: $(KEYS_EXEC) | $(EGA_BINDIR)
 	@install -m 700 $< $(EGA_BINDIR)
 
 install: install-nss install-pam install-keys
-	@echo "Do not forget to run ldconfig and create/configure the file /etc/ega/auth.conf"
+	@echo "Do not forget to run ldconfig and create/configure the file $(NSS_CFGFILE)"
 	@echo "Look at the auth.conf.sample here, for example"
 
 clean:

diff --git a/src/cega.c b/src/cega.c
@@ -37,8 +37,9 @@ curl_callback (void* contents, size_t size, size_t nmemb, void* userdata) {
   return realsize;
 }
 
+
 int
-cega_resolve(const char *endpoint, int (*cb)(struct fega_user *user))
+cega_resolve(const char *endpoint, struct cb_ctx *ctx)
 {
   int rc = 1; /* error */
   struct curl_res_s* cres = NULL;
@@ -116,14 +117,15 @@ cega_resolve(const char *endpoint, int (*cb)(struct fega_user *user))
   if( !user.pwdh && !user.pubkeys ) rc++;
   if( user.uid <= 0 ) rc++;
   /* if( !user.gecos ) rc++; */
-  if( !user.gecos ) user.gecos = strdup("FEGA User");
+  if( !user.gecos ) user.gecos = strdup("FEGA User"); // care about ENOMEM ?
 
   if(rc) { D1("We found %d errors", rc); goto BAILOUT; }
 
+  D1("Shift %d to %d", user.uid, user.uid + options->uid_shift);
   user.uid += options->uid_shift;
 
   /* Callback: What to do with the data */
-  rc = cb(&user);
+  rc = ctx->fn(ctx, &user);
 
 BAILOUT:
   if(cres->body)free(cres->body);

diff --git a/src/cega.h b/src/cega.h
@@ -5,6 +5,25 @@
 
 #include "json.h"
 
-int cega_resolve(const char *endpoint, int (*cb)(struct fega_user *));
+#define CEGA_CALLBACK_UID    (1 << 0)
+#define CEGA_CALLBACK_NAME   (1 << 1)
+#define CEGA_CALLBACK_PASSWD (1 << 2)
+#define CEGA_CALLBACK_SHADOW (1 << 3)
+#define CEGA_CALLBACK_KEYS   (1 << 4)
+
+struct cb_ctx {
+  int flags;
+  int (*fn)(struct cb_ctx *, struct fega_user *);
+  uid_t uid;
+  const char* username;
+  struct passwd *passwd;
+  struct spwd *shadow;
+  char *buffer;
+  size_t buflen;
+  int use_cache;
+};
+
+int cega_resolve(const char *endpoint, struct cb_ctx *);
 
 #endif /* !__FEGA_CENTRAL_H_INCLUDED__ */
+
diff --git a/src/config.c b/src/config.c
@@ -8,7 +8,9 @@
 #include "utils.h"
 #include "config.h"
 
+#ifndef CFGFILE
 #define CFGFILE "/etc/ega/auth.conf"
+#endif
 
 #define CACHE_TTL 3600 // 1h in seconds.
 #define EGA_UID_SHIFT 10000
@@ -129,15 +131,15 @@ readconfig(FILE* fp, char* buffer, size_t buflen)
 
     } else val = NULL; /* could not find the '=' sign */
 
-    if(!strcmp(key, "ega_uid_shift" )) { if( !sscanf(val, "%u" , &(options->uid_shift) )) options->uid_shift = -1; }
-    if(!strcmp(key, "cache_ttl"     )) { if( !sscanf(val, "%u" , &(options->cache_ttl) )) options->cache_ttl = -1; }
-    if(!strcmp(key, "gid"           )) { if( !sscanf(val, "%u" , &(options->gid)   )) options->gid = -1; }
-
-    if(!strcmp(key, "shadow_min"       )) { if( !sscanf(val, "%ld" , &(options->sp_min)   )) options->sp_min = 0; }
-    if(!strcmp(key, "shadow_max"       )) { if( !sscanf(val, "%ld" , &(options->sp_max)   )) options->sp_max = 0; }
-    if(!strcmp(key, "shadow_warn"       )) { if( !sscanf(val, "%ld" , &(options->sp_warn)   )) options->sp_warn = -1l; }
-    if(!strcmp(key, "shadow_inact"       )) { if( !sscanf(val, "%ld" , &(options->sp_inact)   )) options->sp_inact = -1l; }
-    if(!strcmp(key, "shadow_expire"       )) { if( !sscanf(val, "%ld" , &(options->sp_expire)   )) options->sp_expire = -1l; }
+    if(!strcmp(key, "uid_shift")) { if( !sscanf(val, "%u" , &(options->uid_shift) )) options->uid_shift = -1; }
+    if(!strcmp(key, "cache_ttl")) { if( !sscanf(val, "%u" , &(options->cache_ttl) )) options->cache_ttl = -1; }
+    if(!strcmp(key, "gid"      )) { if( !sscanf(val, "%u" , &(options->gid)   )) options->gid = -1; }
+
+    if(!strcmp(key, "shadow_min"   )) { if( !sscanf(val, "%ld" , &(options->sp_min)   )) options->sp_min = 0; }
+    if(!strcmp(key, "shadow_max"   )) { if( !sscanf(val, "%ld" , &(options->sp_max)   )) options->sp_max = 0; }
+    if(!strcmp(key, "shadow_warn"  )) { if( !sscanf(val, "%ld" , &(options->sp_warn)   )) options->sp_warn = -1l; }
+    if(!strcmp(key, "shadow_inact" )) { if( !sscanf(val, "%ld" , &(options->sp_inact)   )) options->sp_inact = -1l; }
+    if(!strcmp(key, "shadow_expire")) { if( !sscanf(val, "%ld" , &(options->sp_expire)   )) options->sp_expire = -1l; }
 
     INJECT_OPTION(key, "db_path"           , val, &(options->db_path)          );
     INJECT_OPTION(key, "homedir_prefix"    , val, &(options->homedir_prefix)   );

diff --git a/src/keys.c b/src/keys.c
@@ -5,6 +5,34 @@
 #include "cache.h"
 #include "cega.h"
 
+/* Defining the CentralEGA callback */
+int print_pubkey(struct cb_ctx *ctx, struct fega_user *user){
+
+
+  /* assert( (flags & CEGA_CALLBACK_KEYS) */
+  /* 	  && */
+  /* 	  (flags & CEGA_CALLBACK_NAME) ); */
+
+  if( strcmp(ctx->username, user->username) ){
+    REPORT("Requested username %s not matching username response %s", ctx->username, user->username);
+    return 1;
+  }
+
+  if(ctx->use_cache) cache_add_user(user); // ignore result
+
+  if(user->pubkeys){
+    struct pbk *current = user->pubkeys;
+    while( current ){
+      printf("%s\n", current->pbk);
+      current = current->next;
+    }
+  } else {
+    REPORT("No ssh key found for user '%s'", ctx->username);
+  }
+
+  return 0;
+}
+
 int
 main(int argc, const char **argv)
 {
@@ -18,29 +46,6 @@ main(int argc, const char **argv)
   bool use_cache = options->use_cache && cache_open();
   if(use_cache && cache_print_pubkeys(username)) return rc;
 
-  REPORT("Fetching the public keys from CentralEGA");
-
-  /* Defining the CentralEGA callback */
-  int print_pubkey(struct fega_user *user){
-
-    /* assert same name */
-    if( strcmp(username, user->username) ){
-      REPORT("Requested username %s not matching username response %s", username, user->username);
-      return 1;
-    }
-    if(user->pubkeys){
-      struct pbk *current = user->pubkeys;
-      while( current ){
-	printf("%s\n", current->pbk);
-	current = current->next;
-      }
-    } else {
-      REPORT("No ssh key found for user '%s'", username);
-    }
-    if(use_cache) cache_add_user(user); // ignore result
-    return 0;
-  }
-
   char* endpoint = (char*)malloc((options->cega_endpoint_username_len + strlen(username)) * sizeof(char));
   if(!endpoint){ D1("Memory allocation error"); return 1; }
 
@@ -49,8 +54,17 @@ main(int argc, const char **argv)
     free(endpoint);
     return 2;
   }
+  struct cb_ctx ctx = { .flags = CEGA_CALLBACK_KEYS | CEGA_CALLBACK_NAME,
+			.fn = &print_pubkey,
+			.uid = -1,
+			.username = username,
+			.passwd = NULL,
+			.shadow = NULL,
+			.buffer = NULL,
+			.buflen = 0,
+			.use_cache = use_cache };
 
-  rc = cega_resolve(endpoint, print_pubkey);
+  rc = cega_resolve(endpoint, &ctx);
   free(endpoint);
   return rc;
 }