Lines 178-184
auth_pam (
Link Here
|
178 |
const char *login, /* I: plaintext authenticator */ |
178 |
const char *login, /* I: plaintext authenticator */ |
179 |
const char *password, /* I: plaintext password */ |
179 |
const char *password, /* I: plaintext password */ |
180 |
const char *service, /* I: service name */ |
180 |
const char *service, /* I: service name */ |
181 |
const char *realm __attribute__((unused)) |
181 |
const char *realm |
182 |
/* END PARAMETERS */ |
182 |
/* END PARAMETERS */ |
183 |
) |
183 |
) |
184 |
{ |
184 |
{ |
Lines 187-205
auth_pam (
Link Here
|
187 |
struct pam_conv my_conv; /* pam conversion data */ |
187 |
struct pam_conv my_conv; /* pam conversion data */ |
188 |
pam_handle_t *pamh; /* pointer to PAM handle */ |
188 |
pam_handle_t *pamh; /* pointer to PAM handle */ |
189 |
int rc; /* return code holder */ |
189 |
int rc; /* return code holder */ |
|
|
190 |
|
191 |
/* Patched to revert auth pam behavior to 2.1.15, where login |
192 |
* includes the associated domain. |
193 |
* There's probably a _reason_ to cut off domains from logins, |
194 |
* but this PAM module does not seem to use realms at all, and |
195 |
* is actually breaking lots of virtual mailhosting setups. |
196 |
* |
197 |
* Alex Unleashed - <unleashed at users dot sourceforge dot net> |
198 |
*/ |
199 |
char *new_login; /* new login */ |
200 |
int must_free = 0; /* free the mallocs! */ |
190 |
/* END VARIABLES */ |
201 |
/* END VARIABLES */ |
191 |
|
202 |
|
192 |
my_appdata.login = login; |
203 |
/* Make sure realm is added to login */ |
|
|
204 |
if (realm && (strchr(login, '@') == NULL)) { |
205 |
/* allocate space for login plus realm plus '@' plus '\0' */ |
206 |
new_login = (char *) malloc((strlen(login) + strlen(realm) + 2) * sizeof(char)); |
207 |
if (new_login == NULL) { |
208 |
syslog(LOG_DEBUG, "DEBUG: auth_pam: out of memory"); |
209 |
RETURN("NO PAM not enough memory"); |
210 |
} |
211 |
must_free = 1; |
212 |
strcpy(new_login, login); |
213 |
strcat(new_login, "@"); |
214 |
strcat(new_login, realm); |
215 |
} |
216 |
else |
217 |
new_login = login; |
218 |
|
219 |
my_appdata.login = new_login; |
193 |
my_appdata.password = password; |
220 |
my_appdata.password = password; |
194 |
my_appdata.pamh = NULL; |
221 |
my_appdata.pamh = NULL; |
195 |
|
222 |
|
196 |
my_conv.conv = saslauthd_pam_conv; |
223 |
my_conv.conv = saslauthd_pam_conv; |
197 |
my_conv.appdata_ptr = &my_appdata; |
224 |
my_conv.appdata_ptr = &my_appdata; |
198 |
|
225 |
|
199 |
rc = pam_start(service, login, &my_conv, &pamh); |
226 |
rc = pam_start(service, new_login, &my_conv, &pamh); |
200 |
if (rc != PAM_SUCCESS) { |
227 |
if (rc != PAM_SUCCESS) { |
201 |
syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_start failed: %s", |
228 |
syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_start failed: %s", |
202 |
pam_strerror(pamh, rc)); |
229 |
pam_strerror(pamh, rc)); |
|
|
230 |
if (must_free) { |
231 |
my_appdata.login = login; |
232 |
free(new_login); |
233 |
} |
203 |
RETURN("NO PAM start error"); |
234 |
RETURN("NO PAM start error"); |
204 |
} |
235 |
} |
205 |
|
236 |
|
Lines 210-215
auth_pam (
Link Here
|
210 |
syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_authenticate failed: %s", |
241 |
syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_authenticate failed: %s", |
211 |
pam_strerror(pamh, rc)); |
242 |
pam_strerror(pamh, rc)); |
212 |
pam_end(pamh, rc); |
243 |
pam_end(pamh, rc); |
|
|
244 |
if (must_free) { |
245 |
my_appdata.login = login; |
246 |
free(new_login); |
247 |
} |
213 |
RETURN("NO PAM auth error"); |
248 |
RETURN("NO PAM auth error"); |
214 |
} |
249 |
} |
215 |
|
250 |
|
Lines 218-227
auth_pam (
Link Here
|
218 |
syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_acct_mgmt failed: %s", |
253 |
syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_acct_mgmt failed: %s", |
219 |
pam_strerror(pamh, rc)); |
254 |
pam_strerror(pamh, rc)); |
220 |
pam_end(pamh, rc); |
255 |
pam_end(pamh, rc); |
|
|
256 |
if (must_free) { |
257 |
my_appdata.login = login; |
258 |
free(new_login); |
259 |
} |
221 |
RETURN("NO PAM acct error"); |
260 |
RETURN("NO PAM acct error"); |
222 |
} |
261 |
} |
223 |
|
262 |
|
224 |
pam_end(pamh, PAM_SUCCESS); |
263 |
pam_end(pamh, PAM_SUCCESS); |
|
|
264 |
if (must_free) { |
265 |
my_appdata.login = login; |
266 |
free(new_login); |
267 |
} |
225 |
RETURN("OK"); |
268 |
RETURN("OK"); |
226 |
} |
269 |
} |
227 |
|
270 |
|