a simple pam user mapper module

2 files changed, 98 insertions, 15 deletions

diff --git a/plugin/auth_pam/mapper/pam_user_map.c b/plugin/auth_pam/mapper/pam_user_map.c
new file mode 100644
index 00000000000..e73ab6de544
--- /dev/null
+++ b/plugin/auth_pam/mapper/pam_user_map.c
@@ -0,0 +1,93 @@
+/*
+  Pam module to change user names arbitrarily in the pam stack.
+
+  Compile as
+  
+     gcc pam_user_map.c -shared -lpam -fPIC -o pam_user_map.so
+
+  Install as appropriate (for example, in /lib/security/).
+  Add to your /etc/pam.d/mysql (preferrably, at the end) this line:
+=========================================================
+auth            required        pam_user_map.so
+=========================================================
+
+  And create /etc/security/user_map.conf with the desired mapping
+  in the format:  orig_user_name: mapped_user_name
+=========================================================
+#comments and emty lines are ignored
+john: jack
+bob:  admin
+top:  accounting
+=========================================================
+
+*/
+
+#include <stdio.h>
+#include <syslog.h>
+#include <security/pam_modules.h>
+
+#define FILENAME "/etc/security/user_map.conf"
+#define skip(what) while (*s && (what)) s++
+
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+    int argc, const char *argv[])
+{
+  int pam_err, line= 0;
+  const char *username;
+  char buf[256];
+  FILE *f;
+
+  f= fopen(FILENAME, "r");
+  if (f == NULL)
+  {
+    pam_syslog(pamh, LOG_ERR, "Cannot open '%s'\n", FILENAME);
+    return PAM_SYSTEM_ERR;
+  }
+
+  pam_err = pam_get_item(pamh, PAM_USER, (const void**)&username);
+  if (pam_err != PAM_SUCCESS)
+    goto ret;
+
+  while (fgets(buf, sizeof(buf), f) != NULL)
+  {
+    char *s= buf, *from, *to, *end_from, *end_to;
+    line++;
+
+    skip(isspace(*s));
+    if (*s == '#' || *s == 0) continue;
+    from= s;
+    skip(isalnum(*s) || (*s == '_'));
+    end_from= s;
+    skip(isspace(*s));
+    if (end_from == from || *s++ != ':') goto syntax_error;
+    skip(isspace(*s));
+    to= s;
+    skip(isalnum(*s) || (*s == '_'));
+    end_to= s;
+    if (end_to == to) goto syntax_error;
+
+    *end_from= *end_to= 0;
+    if (strcmp(username, from) == 0)
+    {
+      pam_err= pam_set_item(pamh, PAM_USER, to);
+      goto ret;
+    }
+  }
+  pam_err= PAM_SUCCESS;
+  goto ret;
+
+syntax_error:
+  pam_syslog(pamh, LOG_ERR, "Syntax error at %s:%d", FILENAME, line);
+  pam_err= PAM_SYSTEM_ERR;
+ret:
+  fclose(f);
+  return pam_err;
+}
+
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+                   int argc, const char *argv[])
+{
+
+    return PAM_SUCCESS;
+}
+
diff --git a/plugin/auth_pam/testing/pam_mariadb_mtr.c b/plugin/auth_pam/testing/pam_mariadb_mtr.c
index 73defe30112..1078b88cf26 100644
--- a/plugin/auth_pam/testing/pam_mariadb_mtr.c
+++ b/plugin/auth_pam/testing/pam_mariadb_mtr.c
@@ -10,7 +10,7 @@
   Create /etc/pam.d/mariadb_mtr with
 =========================================================
 auth            required        pam_mariadb_mtr.so pam_test
-account         required        pam_mariadb_mtr.so
+account         required        pam_permit.so
 =========================================================
 */
 
@@ -21,9 +21,8 @@ account         required        pam_mariadb_mtr.so
 
 #define N 3
 
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags,
-    int argc, const char *argv[])
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+                        int argc, const char *argv[])
 {
   struct pam_conv *conv;
   struct pam_response *resp = 0;
@@ -69,17 +68,8 @@ ret:
   return retval;
 }
 
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags,
-    int argc, const char *argv[])
-{
-
-    return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
-    int argc, const char *argv[])
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+                   int argc, const char *argv[])
 {
 
     return PAM_SUCCESS;