From 7d71ac360bcc64b5112f5f1511d447a6c5aa5dab Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Mon, 20 Apr 2009 20:18:53 +0000 Subject: always read returned username in tmpluser, always send the username from PAM, also handle user renames in authentication and some minor cleanups git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@842 ef36b2f9-881f-0410-afb5-c4e39611909c --- pam/pam.c | 52 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 21 deletions(-) (limited to 'pam/pam.c') diff --git a/pam/pam.c b/pam/pam.c index dc6071c..5b37d4e 100644 --- a/pam/pam.c +++ b/pam/pam.c @@ -94,7 +94,7 @@ static void pam_clr_ctx( } static void pam_del_ctx( - pam_handle_t *pamh, void *data, int err) + pam_handle_t *UNUSED(pamh), void *data, int UNUSED(err)) { pld_ctx *ctx = data; pam_clr_ctx(ctx); @@ -196,12 +196,12 @@ static int pam_get_authtok( static enum nss_status pam_read_authc( TFILE *fp,pld_ctx *ctx,int *errnop) { - char *buffer = ctx->buf, *user; + char *buffer = ctx->buf; size_t buflen = sizeof(ctx->buf); size_t bufptr = 0; int32_t tmpint32; - READ_STRING_BUF(fp,user); + READ_STRING_BUF(fp,ctx->tmpluser); READ_STRING_BUF(fp,ctx->dn); READ_INT32(fp,ctx->authok); READ_INT32(fp,ctx->authz); @@ -210,11 +210,11 @@ static enum nss_status pam_read_authc( } static enum nss_status pam_do_authc( - pld_ctx *ctx, const char *user, const char *svc,const char *pwd,int *errnop) + pld_ctx *ctx, const char *username, const char *svc,const char *pwd,int *errnop) { NSS_BYGEN(NSLCD_ACTION_PAM_AUTHC, - WRITE_STRING(fp,user); - WRITE_STRING(fp,"" /* DN */); + WRITE_STRING(fp,username); + WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc); WRITE_STRING(fp,pwd), pam_read_authc(fp,ctx,errnop)); @@ -293,6 +293,12 @@ int pam_sm_authenticate( ctx->oldpw = strdup(p); } + /* update caller's idea of the user name */ + if ( (rc==PAM_SUCCESS) && ctx->tmpluser && ctx->tmpluser[0] && + (strcmp(ctx->tmpluser,username)!=0) ) { + rc = pam_set_item(pamh, PAM_USER, ctx->tmpluser); + } + return rc; } @@ -339,10 +345,10 @@ static enum nss_status pam_read_authz( } static enum nss_status pam_do_authz( - pld_ctx *ctx, const char *svc,int *errnop) + pld_ctx *ctx,const char *username,const char *svc,int *errnop) { NSS_BYGEN(NSLCD_ACTION_PAM_AUTHZ, - WRITE_STRING(fp,ctx->user); + WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc), pam_read_authz(fp,ctx,errnop)); @@ -400,7 +406,7 @@ int pam_sm_acct_mgmt( ctx2.dn = ctx->dn; ctx2.user = ctx->user; - rc = pam_do_authz(&ctx2, svc, &err); + rc = pam_do_authz(&ctx2, username, svc, &err); NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); if (rc != PAM_SUCCESS) { if (rc != PAM_IGNORE) @@ -414,17 +420,21 @@ int pam_sm_acct_mgmt( pam_warn(appconv, ctx->authzmsg, PAM_TEXT_INFO, no_warn); } } - if ( rc == PAM_SUCCESS && ctx->tmpluser && ctx->tmpluser[0] ) { + + /* update caller's idea of the user name */ + if ( (rc==PAM_SUCCESS) && ctx->tmpluser && ctx->tmpluser[0] && + (strcmp(ctx->tmpluser,username)!=0) ) { rc = pam_set_item(pamh, PAM_USER, ctx->tmpluser); } + return rc; } static enum nss_status pam_do_sess_o( - pld_ctx *ctx, const char *svc,int *errnop) + pld_ctx *ctx,const char *username,const char *svc,int *errnop) { NSS_BYGEN(NSLCD_ACTION_PAM_SESS_O, - WRITE_STRING(fp,ctx->user); + WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc), NSS_STATUS_SUCCESS); @@ -480,7 +490,7 @@ int pam_sm_open_session( if (rc != PAM_SUCCESS) return rc; - rc = pam_do_sess_o(ctx, svc, &err); + rc = pam_do_sess_o(ctx,username,svc,&err); NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); if (rc != PAM_SUCCESS && rc != PAM_IGNORE) pam_warn(appconv, "LDAP open_session failed", PAM_ERROR_MSG, no_warn); @@ -488,10 +498,10 @@ int pam_sm_open_session( } static enum nss_status pam_do_sess_c( - pld_ctx *ctx, const char *svc,int *errnop) + pld_ctx *ctx,const char *username,const char *svc,int *errnop) { NSS_BYGEN(NSLCD_ACTION_PAM_SESS_C, - WRITE_STRING(fp,ctx->user); + WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc), NSS_STATUS_SUCCESS); @@ -547,7 +557,7 @@ int pam_sm_close_session( if (rc != PAM_SUCCESS) return rc; - rc = pam_do_sess_c(ctx, svc, &err); + rc = pam_do_sess_c(ctx,username,svc,&err); NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); if (rc != PAM_SUCCESS && rc != PAM_IGNORE) pam_warn(appconv, "LDAP close_session failed", PAM_ERROR_MSG, no_warn); @@ -562,7 +572,7 @@ static enum nss_status pam_read_pwmod( size_t bufptr = 0; int32_t tmpint32; - READ_STRING_BUF(fp,user); + READ_STRING_BUF(fp,ctx->tmpluser); READ_STRING_BUF(fp,ctx->dn); READ_INT32(fp,ctx->authz); READ_STRING_BUF(fp,ctx->authzmsg); @@ -570,11 +580,11 @@ static enum nss_status pam_read_pwmod( } static enum nss_status pam_do_pwmod( - pld_ctx *ctx, const char *user, const char *svc, - const char *oldpw, const char *newpw, int *errnop) + pld_ctx *ctx,const char *username,const char *svc, + const char *oldpw,const char *newpw,int *errnop) { NSS_BYGEN(NSLCD_ACTION_PAM_PWMOD, - WRITE_STRING(fp,user); + WRITE_STRING(fp,username); WRITE_STRING(fp,ctx->dn); WRITE_STRING(fp,svc); WRITE_STRING(fp,oldpw); @@ -683,7 +693,7 @@ int pam_sm_chauthtok( if (rc != PAM_SUCCESS) return rc; } - rc = pam_do_pwmod(ctx, username, svc, p, q, &err); + rc = pam_do_pwmod(ctx,username,svc,p,q,&err); p = NULL; q = NULL; NSS2PAM_RC(rc, ignore_flags, PAM_SUCCESS); if (rc == PAM_SUCCESS) { -- cgit v1.2.3