From 3e1f5f6925dd9fd66aa128b4f8bfd04c59136102 Mon Sep 17 00:00:00 2001
From: Remi Mollon <remi.mollon@cern.ch>
Date: Wed, 1 Feb 2012 09:29:05 +0100
Subject: [PATCH] renaming yubi_prefix to yubi_Attr_prefix and changing debug

---
 pam_yubico.c | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/pam_yubico.c b/pam_yubico.c
index aa59d17..d8e8cdd 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -109,7 +109,7 @@ struct cfg
   char *ldapdn;
   char *user_attr;
   char *yubi_attr;
-  char *yubi_prefix;
+  char *yubi_attr_prefix;
   int token_id_length;
   enum key_mode mode;
   char *chalresp_path;
@@ -279,7 +279,7 @@ authorize_user_token_ldap (struct cfg *cfg,
   int retval = 0;
   int protocol;
 #ifdef HAVE_LIBLDAP
-  int yubi_prefix_len = 0;
+  int yubi_attr_prefix_len = 0;
   LDAP *ld = NULL;
   LDAPMessage *result = NULL, *e;
   BerElement *ber;
@@ -376,23 +376,24 @@ authorize_user_token_ldap (struct cfg *cfg,
 	{
 	  if ((vals = ldap_get_values_len (ld, e, a)) != NULL)
 	    {
-	      yubi_prefix_len = cfg->yubi_prefix ? strlen(cfg->yubi_prefix) : 0;
+	      DBG(("LDAP : Found %i values - checking if any of them match '%s%s'",
+		   ldap_count_values_len(vals),
+		   cfg->yubi_attr_prefix ? cfg->yubi_attr_prefix : "",
+		   token_id));
+
+	      yubi_attr_prefix_len = cfg->yubi_attr_prefix ? strlen(cfg->yubi_attr_prefix) : 0;
 
 	      /* Compare each value for the attribute against the token id. */
 	      for (i = 0; vals[i] != NULL; i++)
 		{
 		  /* Only values containing this prefix are considered. */
-		  if ((!cfg->yubi_prefix || !strncmp (cfg->yubi_prefix, vals[i]->bv_val, yubi_prefix_len)))
+		  if ((!cfg->yubi_attr_prefix || !strncmp (cfg->yubi_attr_prefix, vals[i]->bv_val, yubi_attr_prefix_len)))
 		    {
-		      if(!strncmp (token_id, vals[i]->bv_val + yubi_prefix_len, strlen (token_id)))
+		      if(!strncmp (token_id, vals[i]->bv_val + yubi_attr_prefix_len, strlen (token_id)))
 		        {
-		          DBG (("Token Found :: %s", vals[i]->bv_val + yubi_prefix_len));
+		          DBG (("Token Found :: %s", vals[i]->bv_val));
 		          retval = 1;
 		        }
-		      else
-		        {
-		          DBG (("No match : (%s) %s != %s", a, vals[i]->bv_val + yubi_prefix_len, token_id));
-		        }
 		    }
 		}
 	      ldap_value_free_len (vals);
@@ -700,8 +701,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
 	cfg->user_attr = (char *) argv[i] + 10;
       if (strncmp (argv[i], "yubi_attr=", 10) == 0)
 	cfg->yubi_attr = (char *) argv[i] + 10;
-      if (strncmp (argv[i], "yubi_prefix=", 12) == 0)
-	cfg->yubi_prefix = (char *) argv[i] + 12;
+      if (strncmp (argv[i], "yubi_attr_prefix=", 17) == 0)
+	cfg->yubi_attr_prefix = (char *) argv[i] + 17;
       if (strncmp (argv[i], "token_id_length=", 16) == 0)
 	sscanf (argv[i], "token_id_length=%d", &cfg->token_id_length);
       if (strcmp (argv[i], "mode=challenge-response") == 0)
@@ -731,7 +732,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
       D (("ldapdn=%s", cfg->ldapdn ? cfg->ldapdn : "(null)"));
       D (("user_attr=%s", cfg->user_attr ? cfg->user_attr : "(null)"));
       D (("yubi_attr=%s", cfg->yubi_attr ? cfg->yubi_attr : "(null)"));
-      D (("yubi_prefix=%s", cfg->yubi_prefix ? cfg->yubi_prefix : "(null)"));
+      D (("yubi_attr_prefix=%s", cfg->yubi_attr_prefix ? cfg->yubi_attr_prefix : "(null)"));
       D (("url=%s", cfg->url ? cfg->url : "(null)"));
       D (("capath=%s", cfg->capath ? cfg->capath : "(null)"));
       D (("token_id_length=%d", cfg->token_id_length));