From a8b96b44307b45039428f3a1165051d63b5f3599 Mon Sep 17 00:00:00 2001
From: Aurélien Bompard <aurelien@bompard.org>
Date: Oct 29 2021 10:24:41 +0000
Subject: Support PAM logins with email addresses


Add a call to `getpwnam()` in the PAM auth module, because the actual
username may be different from the requested username. For example SSSd
allows logging in with the email address, but we want the actual
username to be used throughout the application.

Fixes: #358

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

---

diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py
index 1ab8615..867ff6b 100644
--- a/ipsilon/login/authpam.py
+++ b/ipsilon/login/authpam.py
@@ -1,5 +1,6 @@
 # Copyright (C) 2013 Ipsilon project Contributors, for license see COPYING
 
+from pwd import getpwnam
 from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
     LoginManagerInstaller
 from ipsilon.util.plugin import PluginObject
@@ -22,6 +23,10 @@ class Pam(LoginFormBase):
                 username, password, service=self.lm.service_name
             )
             if result:
+                # The actual username may be different from the requested
+                # username. For example SSSd allows logging in with the email
+                # address, but we want the actual username here.
+                username = getpwnam(username).pw_name
                 self.log("User %s successfully authenticated." % username)
                 return self.lm.auth_successful(
                     self.trans, username, 'password'