From 517a056c6602b2fcc23b44f8b42afe73b65ac17c Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mon, 12 Aug 2013 15:37:43 -0400
Subject: Finish PAM->LDAP mapping logging code

---
 src/back-sch-pam.c | 55 +++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 40 insertions(+), 15 deletions(-)

diff --git a/src/back-sch-pam.c b/src/back-sch-pam.c
index 84f982b..62ffcb1 100644
--- a/src/back-sch-pam.c
+++ b/src/back-sch-pam.c
@@ -145,18 +145,36 @@ converse(int num_msg, const struct pam_message **msg,
  * controls to the given pblock if a control would be suited to the result
  * code. */
 static void
-map_pam_error(Slapi_PBlock *pb, const char *user, const char *binddn,
+map_pam_error(Slapi_PBlock *pb, const char *fn,
+	      const char *user, const char *binddn,
 	      int rc, int pw_response_requested, pam_handle_t *pamh,
 	      char **errmsg, int *retcode)
 {
 	if (user != NULL) {
-		*errmsg = PR_smprintf("PAM error for user \"%s\" (bind DN \"%s\"): %s",
-				      user, binddn, pam_strerror(pamh, rc));
+		if (rc == PAM_SUCCESS) {
+			*errmsg = PR_smprintf("PAM %s succeeds for user \"%s\" "
+					      "(bind DN \"%s\")",
+					      fn, user, binddn);
+		} else {
+			*errmsg = PR_smprintf("PAM %s error for user \"%s\" "
+					      "(bind DN \"%s\"): %s",
+					      fn, user, binddn, pam_strerror(pamh, rc));
+		}
 	} else {
-		*errmsg = PR_smprintf("PAM error for invalid user (bind DN \"%s\"): %s",
-				      binddn, pam_strerror(pamh, rc));
+		if (rc == PAM_SUCCESS) {
+			*errmsg = PR_smprintf("PAM %s succeeds for user \"%s\" "
+					      "(bind DN \"%s\")",
+					      fn, user, binddn, pam_strerror(pamh, rc));
+		} else {
+			*errmsg = PR_smprintf("PAM %s error for invalid user "
+					      "(bind DN \"%s\"): %s",
+					      fn, binddn, pam_strerror(pamh, rc));
+		}
 	}
 	switch (rc) {
+	case PAM_SUCCESS:
+		*retcode = LDAP_SUCCESS;
+		break;
 	case PAM_USER_UNKNOWN:
 		*retcode = LDAP_NO_SUCH_OBJECT;
 		break;
@@ -233,20 +251,21 @@ backend_sch_do_pam_auth(Slapi_PBlock *pb, const char *username)
 	if (rc == PAM_SUCCESS) {
 		rc = pam_authenticate(pamh, PAM_SILENT);
 		if (rc != PAM_SUCCESS) {
-			map_pam_error(pb, username, binddn, rc,
-				      pw_response_requested != 0,
-				      pamh, &errmsg, &retcode);
-		}
-	}
-	if (rc == PAM_SUCCESS) {
-		rc = pam_acct_mgmt(pamh, PAM_SILENT);
-		if (rc != PAM_SUCCESS) {
-			map_pam_error(pb, username, binddn, rc,
+			map_pam_error(pb, "authentication",
+				      username, binddn, rc,
 				      pw_response_requested != 0,
 				      pamh, &errmsg, &retcode);
+		} else {
+			rc = pam_acct_mgmt(pamh, PAM_SILENT);
+			if (rc != PAM_SUCCESS) {
+				map_pam_error(pb, "account management",
+					      username, binddn, rc,
+					      pw_response_requested != 0,
+					      pamh, &errmsg, &retcode);
+			}
 		}
+		pam_end(pamh, rc);
 	}
-	pam_end(pamh, rc);
 
 done:
 	if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) {
@@ -261,6 +280,12 @@ done:
 		}
 		retcode = LDAP_OPERATIONS_ERROR;
 	}
+	if (rc == PAM_SUCCESS) {
+		map_pam_error(pb, "authentication and account management",
+			      username, binddn, rc,
+			      pw_response_requested != 0,
+			      pamh, &errmsg, &retcode);
+	}
 
 	/* Log the diagnostic information for the administrator. */
 	slapi_log_error(SLAPI_LOG_FATAL, state->plugin_desc->spd_id,
-- 
cgit