Attachment #25832 for bug #39508

View | Details | Raw Unified | Return to bug 39508
Collapse All | Expand All

Lines 178-184 auth_pam ( Link Here

(-)cyrus-sasl-2.1.17/saslauthd/auth_pam.c (-3 / +46 lines)
178	const char login, / I: plaintext authenticator */	178	const char login, / I: plaintext authenticator */
179	const char password, / I: plaintext password */	179	const char password, / I: plaintext password */
180	const char service, / I: service name */	180	const char service, / I: service name */
181	const char *realm __attribute__((unused))	181	const char *realm
182	/* END PARAMETERS */	182	/* END PARAMETERS */
183	)	183	)
184	{	184	{
Lines 187-205 auth_pam ( Link Here
187	struct pam_conv my_conv; /* pam conversion data */	187	struct pam_conv my_conv; /* pam conversion data */
188	pam_handle_t pamh; / pointer to PAM handle */	188	pam_handle_t pamh; / pointer to PAM handle */
189	int rc; /* return code holder */	189	int rc; /* return code holder */
		190
		191	/* Patched to revert auth pam behavior to 2.1.15, where login
		192	* includes the associated domain.
		193	* There's probably a _reason_ to cut off domains from logins,
		194	* but this PAM module does not seem to use realms at all, and
		195	* is actually breaking lots of virtual mailhosting setups.
		196	*
		197	* Alex Unleashed - <unleashed at users dot sourceforge dot net>
		198	*/
		199	char new_login; / new login */
		200	int must_free = 0; /* free the mallocs! */
190	/* END VARIABLES */	201	/* END VARIABLES */
191		202
192	my_appdata.login = login;	203	/* Make sure realm is added to login */
		204	if (realm && (strchr(login, '@') == NULL)) {
		205	/* allocate space for login plus realm plus '@' plus '\0' */
		206	new_login = (char ) malloc((strlen(login) + strlen(realm) + 2) sizeof(char));
		207	if (new_login == NULL) {
		208	syslog(LOG_DEBUG, "DEBUG: auth_pam: out of memory");
		209	RETURN("NO PAM not enough memory");
		210	}
		211	must_free = 1;
		212	strcpy(new_login, login);
		213	strcat(new_login, "@");
		214	strcat(new_login, realm);
		215	}
		216	else
		217	new_login = login;
		218
		219	my_appdata.login = new_login;
193	my_appdata.password = password;	220	my_appdata.password = password;
194	my_appdata.pamh = NULL;	221	my_appdata.pamh = NULL;
195		222
196	my_conv.conv = saslauthd_pam_conv;	223	my_conv.conv = saslauthd_pam_conv;
197	my_conv.appdata_ptr = &my_appdata;	224	my_conv.appdata_ptr = &my_appdata;
198		225
199	rc = pam_start(service, login, &my_conv, &pamh);	226	rc = pam_start(service, new_login, &my_conv, &pamh);
200	if (rc != PAM_SUCCESS) {	227	if (rc != PAM_SUCCESS) {
201	syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_start failed: %s",	228	syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_start failed: %s",
202	pam_strerror(pamh, rc));	229	pam_strerror(pamh, rc));
		230	if (must_free) {
		231	my_appdata.login = login;
		232	free(new_login);
		233	}
203	RETURN("NO PAM start error");	234	RETURN("NO PAM start error");
204	}	235	}
205		236
Lines 210-215 auth_pam ( Link Here
210	syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_authenticate failed: %s",	241	syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_authenticate failed: %s",
211	pam_strerror(pamh, rc));	242	pam_strerror(pamh, rc));
212	pam_end(pamh, rc);	243	pam_end(pamh, rc);
		244	if (must_free) {
		245	my_appdata.login = login;
		246	free(new_login);
		247	}
213	RETURN("NO PAM auth error");	248	RETURN("NO PAM auth error");
214	}	249	}
215		250
Lines 218-227 auth_pam ( Link Here
218	syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_acct_mgmt failed: %s",	253	syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_acct_mgmt failed: %s",
219	pam_strerror(pamh, rc));	254	pam_strerror(pamh, rc));
220	pam_end(pamh, rc);	255	pam_end(pamh, rc);
		256	if (must_free) {
		257	my_appdata.login = login;
		258	free(new_login);
		259	}
221	RETURN("NO PAM acct error");	260	RETURN("NO PAM acct error");
222	}	261	}
223		262
224	pam_end(pamh, PAM_SUCCESS);	263	pam_end(pamh, PAM_SUCCESS);
		264	if (must_free) {
		265	my_appdata.login = login;
		266	free(new_login);
		267	}
225	RETURN("OK");	268	RETURN("OK");
226	}	269	}
227		270

Return to bug 39508