always read returned username in tmpluser, always send the username from PAM, also handle user renames in authentication and some minor cleanups

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@842 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2009-04-20 22:18:53 +0200
committer: Arthur de Jong <arthur@arthurdejong.org> 2009-04-20 22:18:53 +0200
commit: 7d71ac360bcc64b5112f5f1511d447a6c5aa5dab (patch)
tree: 380b0bbbc1e54f49e02a0934885192e6ac0df244 /pam/pam.c
parent: 09a40a7b5d0b0411fbfb6ea2cd5838097c70aea2 (diff)
1 files changed, 31 insertions, 21 deletions
diff --git a/pam/pam.c b/pam/pam.c
index dc6071c..5b37d4e 100644
--- a/pam/pam.c
+++ b/pam/pam.c
@@ -94,7 +94,7 @@ static void pam_clr_ctx(
 }
 
 static void pam_del_ctx(
-	pam_handle_t *pamh, void *data, int err)
+	pam_handle_t *UNUSED(pamh), void *data, int UNUSED(err))
 {
 	pld_ctx *ctx = data;
 	pam_clr_ctx(ctx);
@@ -196,12 +196,12 @@ static int pam_get_authtok(
 static enum nss_status pam_read_authc(
 	TFILE *fp,pld_ctx *ctx,int *errnop)
 {
-	char *buffer = ctx->buf, *user;
+	char *buffer = ctx->buf;
 	size_t buflen = sizeof(ctx->buf);
 	size_t bufptr = 0;
 	int32_t tmpint32;
 
-	READ_STRING_BUF(fp,user);
+	READ_STRING_BUF(fp,ctx->tmpluser);
 	READ_STRING_BUF(fp,ctx->dn);
 	READ_INT32(fp,ctx->authok);
 	READ_INT32(fp,ctx->authz);
@@ -210,11 +210,11 @@ static enum nss_status pam_read_authc(
 }
 
 static enum nss_status pam_do_authc(
-	pld_ctx *ctx, const char *user, const char *svc,const char *pwd,int *errnop)
+	pld_ctx *ctx, const char *username, const char *svc,const char *pwd,int *errnop)
 {
 	NSS_BYGEN(NSLCD_ACTION_PAM_AUTHC,
-		WRITE_STRING(fp,user);
-		WRITE_STRING(fp,"" /* DN */);
+		WRITE_STRING(fp,username);
+		WRITE_STRING(fp,ctx->dn);
 		WRITE_STRING(fp,svc);
 		WRITE_STRING(fp,pwd),
 		pam_read_authc(fp,ctx,errnop));
@@ -293,6 +293,12 @@ int pam_sm_authenticate(
 			ctx->oldpw = strdup(p);
 	}
 
+	/* update caller's idea of the user name */
+	if ( (rc==PAM_SUCCESS) && ctx->tmpluser && ctx->tmpluser[0] &&
+	     (strcmp(ctx->tmpluser,username)!=0) ) {
+		rc = pam_set_item(pamh, PAM_USER, ctx->tmpluser);
+	}
+
 	return rc;
 }
 
@@ -339,10 +345,10 @@ static enum nss_status pam_read_authz(
 }
 
 static enum nss_status pam_do_authz(
-	pld_ctx *ctx, const char *svc,int *errnop)
+	pld_ctx *ctx,const char *username,const char *svc,int *errnop)
 {
 	NSS_BYGEN(NSLCD_ACTION_PAM_AUTHZ,
-		WRITE_STRING(fp,ctx->user);
+		WRITE_STRING(fp,username);
 		WRITE_STRING(fp,ctx->dn);
 		WRITE_STRING(fp,svc),
 		pam_read_authz(fp,ctx,errnop));
@@ -400,7 +406,7 @@ int pam_sm_acct_mgmt(
 
 	ctx2.dn = ctx->dn;
 	ctx2.user = ctx->user;
-	rc = pam_do_authz(&ctx2, svc, &err);
+	rc = pam_do_authz(&ctx2, username, svc, &err);
 	NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
 	if (rc != PAM_SUCCESS) {
 		if (rc != PAM_IGNORE)
@@ -414,17 +420,21 @@ int pam_sm_acct_mgmt(
 				pam_warn(appconv, ctx->authzmsg, PAM_TEXT_INFO, no_warn);
 		}
 	}
-	if ( rc == PAM_SUCCESS && ctx->tmpluser && ctx->tmpluser[0] ) {
+
+	/* update caller's idea of the user name */
+	if ( (rc==PAM_SUCCESS) && ctx->tmpluser && ctx->tmpluser[0] &&
+	     (strcmp(ctx->tmpluser,username)!=0) ) {
 		rc = pam_set_item(pamh, PAM_USER, ctx->tmpluser);
 	}
+
 	return rc;
 }
 
 static enum nss_status pam_do_sess_o(
-	pld_ctx *ctx, const char *svc,int *errnop)
+	pld_ctx *ctx,const char *username,const char *svc,int *errnop)
 {
 	NSS_BYGEN(NSLCD_ACTION_PAM_SESS_O,
-		WRITE_STRING(fp,ctx->user);
+		WRITE_STRING(fp,username);
 		WRITE_STRING(fp,ctx->dn);
 		WRITE_STRING(fp,svc),
 		NSS_STATUS_SUCCESS);
@@ -480,7 +490,7 @@ int pam_sm_open_session(
 	if (rc != PAM_SUCCESS)
 		return rc;
 
-	rc = pam_do_sess_o(ctx, svc, &err);
+	rc = pam_do_sess_o(ctx,username,svc,&err);
 	NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
 	if (rc != PAM_SUCCESS && rc != PAM_IGNORE)
 		pam_warn(appconv, "LDAP open_session failed", PAM_ERROR_MSG, no_warn);
@@ -488,10 +498,10 @@ int pam_sm_open_session(
 }
 
 static enum nss_status pam_do_sess_c(
-	pld_ctx *ctx, const char *svc,int *errnop)
+	pld_ctx *ctx,const char *username,const char *svc,int *errnop)
 {
 	NSS_BYGEN(NSLCD_ACTION_PAM_SESS_C,
-		WRITE_STRING(fp,ctx->user);
+		WRITE_STRING(fp,username);
 		WRITE_STRING(fp,ctx->dn);
 		WRITE_STRING(fp,svc),
 		NSS_STATUS_SUCCESS);
@@ -547,7 +557,7 @@ int pam_sm_close_session(
 	if (rc != PAM_SUCCESS)
 		return rc;
 
-	rc = pam_do_sess_c(ctx, svc, &err);
+	rc = pam_do_sess_c(ctx,username,svc,&err);
 	NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
 	if (rc != PAM_SUCCESS && rc != PAM_IGNORE)
 		pam_warn(appconv, "LDAP close_session failed", PAM_ERROR_MSG, no_warn);
@@ -562,7 +572,7 @@ static enum nss_status pam_read_pwmod(
 	size_t bufptr = 0;
 	int32_t tmpint32;
 
-	READ_STRING_BUF(fp,user);
+	READ_STRING_BUF(fp,ctx->tmpluser);
 	READ_STRING_BUF(fp,ctx->dn);
 	READ_INT32(fp,ctx->authz);
 	READ_STRING_BUF(fp,ctx->authzmsg);
@@ -570,11 +580,11 @@ static enum nss_status pam_read_pwmod(
 }
 
 static enum nss_status pam_do_pwmod(
-	pld_ctx *ctx, const char *user, const char *svc,
-	const char *oldpw, const char *newpw, int *errnop)
+	pld_ctx *ctx,const char *username,const char *svc,
+	const char *oldpw,const char *newpw,int *errnop)
 {
 	NSS_BYGEN(NSLCD_ACTION_PAM_PWMOD,
-		WRITE_STRING(fp,user);
+		WRITE_STRING(fp,username);
 		WRITE_STRING(fp,ctx->dn);
 		WRITE_STRING(fp,svc);
 		WRITE_STRING(fp,oldpw);
@@ -683,7 +693,7 @@ int pam_sm_chauthtok(
 		if (rc != PAM_SUCCESS)
 			return rc;
 	}
-	rc = pam_do_pwmod(ctx, username, svc, p, q, &err);
+	rc = pam_do_pwmod(ctx,username,svc,p,q,&err);
 	p = NULL; q = NULL;
 	NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS);
 	if (rc == PAM_SUCCESS) {
author	Arthur de Jong <arthur@arthurdejong.org>	2009-04-20 22:18:53 +0200
committer	Arthur de Jong <arthur@arthurdejong.org>	2009-04-20 22:18:53 +0200
commit	7d71ac360bcc64b5112f5f1511d447a6c5aa5dab (patch)
tree	380b0bbbc1e54f49e02a0934885192e6ac0df244 /pam/pam.c
parent	09a40a7b5d0b0411fbfb6ea2cd5838097c70aea2 (diff)