[PATCH] template_user for pam_radius_auth.so

[Thaddeus Ternes]

After much googling, I was unable to find a solution for Linux like
BSD has for it's PAM-Radius module for specifying a system username to
use upon a successful authentication.

Included is my attempt at adding the "template_user" functionality
from the BSD version of to pam_radius_auth.  Here's what I've used in
my /etc/pam.conf file:

login  auth  required  /lib/security/pam_radius_auth.so template_user=myname

I haven't been able to do much testing with it yet (as I'm currently
involved in other PAM integration efforts), but would definitely
appreciate any feedback on this.  I'm still rather new to Linux
hacking, so all (positive) criticism is most welcomed.

Thanks!

-Thaddeus

diff -Naur pam_radius-1.3.16/pam_radius_auth.c
pam_radius-1.3.16-patched/pam_radius_auth.c
--- pam_radius-1.3.16/pam_radius_auth.c 2003-02-27 18:01:07.000000000 +0000
+++ pam_radius-1.3.16-patched/pam_radius_auth.c 2006-09-28
19:16:42.000000000 +0000
@@ -67,7 +67,7 @@
 /* internal data */
 static CONST char *pam_module_name = "pam_radius_auth";
 static char conf_file[BUFFER_SIZE]; /* configuration file */
-
+static char template_user[BUFFER_SIZE];
 /* we need to save these from open_session to close_session, since
  * when close_session will be called we won't be root anymore and
  * won't be able to access again the radius server configuration file
@@ -137,7 +137,11 @@
     } else if (!strcmp(*argv, "debug")) {
       ctrl |= PAM_DEBUG_ARG;
       conf->debug = 1;
-
+
+    } else if (!strncmp(*argv, "template_user=", 14)) {
+      ctrl |= PAM_TEMPLATE_USER;
+      strcpy(template_user, (*argv)+14);
+
     } else {
       _pam_log(LOG_WARNING, "unrecognized option '%s'", *argv);
     }
@@ -1223,6 +1227,8 @@
     *pret = retval;
     pam_set_data( pamh, "rad_setcred_return", (void *) pret, _int_free );
   }
+  if(retval == PAM_SUCCESS && (ctrl & PAM_TEMPLATE_USER))
+         pam_set_item(pamh, PAM_USER, template_user);
   return retval;
 }

diff -Naur pam_radius-1.3.16/pam_radius_auth.h
pam_radius-1.3.16-patched/pam_radius_auth.h
--- pam_radius-1.3.16/pam_radius_auth.h 2003-09-19 14:41:32.000000000 +0000
+++ pam_radius-1.3.16-patched/pam_radius_auth.h 2006-09-28
19:14:02.000000000 +0000
@@ -82,6 +82,7 @@
 #define PAM_SKIP_PASSWD    2
 #define PAM_USE_FIRST_PASS 4
 #define PAM_TRY_FIRST_PASS 8
+#define PAM_TEMPLATE_USER  16

 #define PAM_RETRY          0x30
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_radius-1.3.16-template_user.patch
Type: application/octet-stream
Size: 1691 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20060929/e0ab706d/attachment.obj>