Update pam_dc.py

Update #265
mar10 · Sep 14, 2022 · 6c04339 · 6c04339
1 parent 0a1c362
commit 6c04339
Showing 1 changed file with 12 additions and 11 deletions.
diff --git a/wsgidav/dc/pam_dc.py b/wsgidav/dc/pam_dc.py
@@ -25,6 +25,7 @@ def __init__(self, wsgidav_app, config):
         super().__init__(wsgidav_app, config)
 
         self.lock = threading.RLock()
+        self.pam = pam.pam()
 
         dc_conf = util.get_dict_value(config, "pam_dc", as_dict=True)
 
@@ -44,23 +45,23 @@ def require_authentication(self, realm, environ):
     def basic_auth_user(self, realm, user_name, password, environ):
         # Seems that python_pam is not threadsafe (#265)
         with self.lock:
-            is_ok = pam.authenticate(
+            is_ok = self.pam.authenticate(
                 user_name,
                 password,
                 service=self.pam_service,
                 resetcreds=self.pam_resetcreds,
                 encoding=self.pam_encoding,
             )
-        if is_ok:
-            _logger.debug(f"User '{user_name}' logged on.")
-            return True
-
-        _logger.warning(
-            "pam.authenticate('{}', '<redacted>', '{}') failed with code {}: {}".format(
-                user_name, self.pam_service, pam.code, pam.reason
-            )
-        )
-        return False
+            if not is_ok:
+                _logger.warning(
+                    "pam.authenticate('{}', '<redacted>', '{}') failed with code {}: {}".format(
+                        user_name, self.pam_service, self.pam.code, self.pam.reason
+                    )
+                )
+                return False
+
+        _logger.debug(f"User '{user_name}' logged on.")
+        return True
 
     def supports_http_digest_auth(self):
         # We don't have access to a plaintext password (or stored hash)