diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-08-12 15:37:43 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-08-12 16:21:12 -0400 |
| commit | 517a056c6602b2fcc23b44f8b42afe73b65ac17c (patch) | |
| tree | 8145b2a831ab3bf7bb79f2c1f2a8ced66edd6071 /src | |
| parent | 9734a102db293b64ee52b2f0f80b60434595761d (diff) | |
| download | slapi-nis-517a056c6602b2fcc23b44f8b42afe73b65ac17c.tar.gz slapi-nis-517a056c6602b2fcc23b44f8b42afe73b65ac17c.tar.xz slapi-nis-517a056c6602b2fcc23b44f8b42afe73b65ac17c.zip | |
Finish PAM->LDAP mapping logging code
Diffstat (limited to 'src')
| -rw-r--r-- | src/back-sch-pam.c | 55 |
1 files changed, 40 insertions, 15 deletions
diff --git a/src/back-sch-pam.c b/src/back-sch-pam.c index 84f982b..62ffcb1 100644 --- a/src/back-sch-pam.c +++ b/src/back-sch-pam.c @@ -145,18 +145,36 @@ converse(int num_msg, const struct pam_message **msg, * controls to the given pblock if a control would be suited to the result * code. */ static void -map_pam_error(Slapi_PBlock *pb, const char *user, const char *binddn, +map_pam_error(Slapi_PBlock *pb, const char *fn, + const char *user, const char *binddn, int rc, int pw_response_requested, pam_handle_t *pamh, char **errmsg, int *retcode) { if (user != NULL) { - *errmsg = PR_smprintf("PAM error for user \"%s\" (bind DN \"%s\"): %s", - user, binddn, pam_strerror(pamh, rc)); + if (rc == PAM_SUCCESS) { + *errmsg = PR_smprintf("PAM %s succeeds for user \"%s\" " + "(bind DN \"%s\")", + fn, user, binddn); + } else { + *errmsg = PR_smprintf("PAM %s error for user \"%s\" " + "(bind DN \"%s\"): %s", + fn, user, binddn, pam_strerror(pamh, rc)); + } } else { - *errmsg = PR_smprintf("PAM error for invalid user (bind DN \"%s\"): %s", - binddn, pam_strerror(pamh, rc)); + if (rc == PAM_SUCCESS) { + *errmsg = PR_smprintf("PAM %s succeeds for user \"%s\" " + "(bind DN \"%s\")", + fn, user, binddn, pam_strerror(pamh, rc)); + } else { + *errmsg = PR_smprintf("PAM %s error for invalid user " + "(bind DN \"%s\"): %s", + fn, binddn, pam_strerror(pamh, rc)); + } } switch (rc) { + case PAM_SUCCESS: + *retcode = LDAP_SUCCESS; + break; case PAM_USER_UNKNOWN: *retcode = LDAP_NO_SUCH_OBJECT; break; @@ -233,20 +251,21 @@ backend_sch_do_pam_auth(Slapi_PBlock *pb, const char *username) if (rc == PAM_SUCCESS) { rc = pam_authenticate(pamh, PAM_SILENT); if (rc != PAM_SUCCESS) { - map_pam_error(pb, username, binddn, rc, - pw_response_requested != 0, - pamh, &errmsg, &retcode); - } - } - if (rc == PAM_SUCCESS) { - rc = pam_acct_mgmt(pamh, PAM_SILENT); - if (rc != PAM_SUCCESS) { - map_pam_error(pb, username, binddn, rc, + map_pam_error(pb, "authentication", + username, binddn, rc, pw_response_requested != 0, pamh, &errmsg, &retcode); + } else { + rc = pam_acct_mgmt(pamh, PAM_SILENT); + if (rc != PAM_SUCCESS) { + map_pam_error(pb, "account management", + username, binddn, rc, + pw_response_requested != 0, + pamh, &errmsg, &retcode); + } } + pam_end(pamh, rc); } - pam_end(pamh, rc); done: if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) { @@ -261,6 +280,12 @@ done: } retcode = LDAP_OPERATIONS_ERROR; } + if (rc == PAM_SUCCESS) { + map_pam_error(pb, "authentication and account management", + username, binddn, rc, + pw_response_requested != 0, + pamh, &errmsg, &retcode); + } /* Log the diagnostic information for the administrator. */ slapi_log_error(SLAPI_LOG_FATAL, state->plugin_desc->spd_id, |