From 0cfd1b96346880cf48d74e8352e959cf67b86c4c Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 29 Apr 2009 21:11:05 +0200
Subject: reuse authtok which is already in the pam stack

---
 sss_client/pam_sss.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index d03407c92..b7588cabc 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -149,8 +149,14 @@ static void print_pam_items(struct pam_items pi)
     D(("Tty: %s", *pi.pam_tty!='\0' ? pi.pam_tty : "(not available)"));
     D(("Ruser: %s", *pi.pam_ruser!='\0' ? pi.pam_ruser : "(not available)"));
     D(("Rhost: %s", *pi.pam_rhost!='\0' ? pi.pam_rhost : "(not available)"));
-    D(("Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)"));
-    D(("Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)"));
+    D(("Pamstack_Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)"));
+    D(("Pamstack_Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)"));
+    if (pi.pam_authtok != NULL) {
+        D(("Authtok: %s", *pi.pam_authtok!='\0' ? pi.pam_authtok : "(not available)"));
+    }
+    if (pi.pam_newauthtok != NULL) {
+        D(("Newauthtok: %s", *pi.pam_newauthtok!='\0' ? pi.pam_newauthtok : "(not available)"));
+    }
 }
 
 static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
@@ -171,12 +177,15 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
     int pam_status;
     char *newpwd[2];
     int forward_pass = 0;
+    int use_first_pass = 0;
 
     D(("Hello pam_sssd: %d", task));
 
     for (; argc-- > 0; ++argv) {
         if (strcmp(*argv, "forward_pass") == 0) {
             forward_pass = 1;
+        } else if (strcmp(*argv, "use_first_pass") == 0) {
+            use_first_pass = 1;
         } else {
             D(("unknown option: %s", *argv));
         }
@@ -194,6 +203,16 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
         return ret;
     }
 
+    if (use_first_pass != 0 &&
+        (*pi.pamstack_authtok != '\0' || *pi.pamstack_oldauthtok != '\0') &&
+        (task == SSS_PAM_AUTHENTICATE || task == SSS_PAM_CHAUTHTOK)) {
+        pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
+        pi.pam_authtok = strdup(pi.pamstack_authtok);
+        pi.pam_authtok_size = strlen(pi.pamstack_authtok);
+        pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
+        pi.pam_newauthtok =  strdup(pi.pamstack_oldauthtok);
+        pi.pam_newauthtok_size = strlen(pi.pamstack_oldauthtok);
+    } else {
     pi.pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
     pi.pam_authtok = NULL;
     pi.pam_authtok_size = 0;
@@ -297,6 +316,7 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
         _pam_overwrite((void *)newpwd[1]);
         free(newpwd[1]);
     }
+    }
 
     print_pam_items(pi);
 
-- 
cgit