--- ./pam_radius_auth.c 2007-03-12 10:18:18.000000000 -0600 +++ ./libpam-radius-auth-1.3.16/pam_radius_auth.c 2007-03-15 13:43:45.000000000 -0600 @@ -134,6 +134,9 @@ } else if (!strcmp(*argv, "accounting_bug")) { conf->accounting_bug = TRUE; + } else if (!strcmp(*argv, "ruser")) { + ctrl |= PAM_RUSER_ARG; + conf->ruser = 1; } else if (!strcmp(*argv, "debug")) { ctrl |= PAM_DEBUG_ARG; conf->debug = 1; @@ -1051,6 +1054,7 @@ pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,CONST char **argv) { CONST char *user; + CONST char **userinfo; char *password = NULL; CONST char *rhost; char *resp2challenge = NULL; @@ -1084,6 +1088,24 @@ DPRINT(LOG_DEBUG, "Got user name %s", user); + + retval = pam_get_item(pamh, PAM_USER, (CONST void **) &userinfo); + PAM_FAIL_CHECK; + DPRINT(LOG_DEBUG, "Got PAM_USER name %s", userinfo); + retval = pam_get_item(pamh, PAM_RUSER, (CONST void **) &userinfo); + PAM_FAIL_CHECK; + DPRINT(LOG_DEBUG, "Got PAM_RUSER name %s", userinfo); + if (ctrl & PAM_RUSER_ARG) { + if (!strncmp("root",user,5)) { + user = userinfo; + DPRINT(LOG_DEBUG, "Username now %s from ruser", user); + } else { + DPRINT(LOG_DEBUG, "Skipping ruser for non-root auth"); + }; + }; + + + /* * Get the IP address of the authentication server * Then, open a socket, and bind it to a port @@ -1176,6 +1198,9 @@ goto error; } + if (a_reply->length < 2 || a_state->length < 2) + goto error; + memcpy(challenge, a_reply->data, a_reply->length - 2); challenge[a_reply->length - 2] = 0; --- ./pam_radius_auth.h 2007-03-12 10:18:11.000000000 -0600 +++ ./libpam-radius-auth-1.3.16/pam_radius_auth.h 2007-03-13 13:44:09.000000000 -0600 @@ -51,6 +51,7 @@ int accounting_bug; int sockfd; int debug; + int ruser; } radius_conf_t; @@ -82,6 +83,7 @@ #define PAM_SKIP_PASSWD 2 #define PAM_USE_FIRST_PASS 4 #define PAM_TRY_FIRST_PASS 8 +#define PAM_RUSER_ARG 16 #define PAM_RETRY 0x30