@@ -60,13 +60,13 @@ int impl::authenticate (const pam_request &request)

 {

     conversation_result input (conversation_.initiate (request));

-    sessions_.user_name (request);

+    std::string requester = sessions_.user_name (request);

     auto requester_user_name = sessions_.user_name (request);

-    int auth_result = validator_.validate ("anyone", input.user_name,

+    int auth_result = validator_.validate (requester, input.user_name,

                                            input.token) ? PAM_SUCCESS : PAM_AUTH_ERR;

-    logger_.log (auth_result, input.user_name, input.token);

+    logger_.log (auth_result, requester_user_name, input.user_name, input.token);

     return auth_result;

 }

 }

@@ -18,6 +18,7 @@

 #include "conversation.h"

 #include "logger.h"

 #include "test_util.h"

+#include "session.h"

 template<class T>

 std::shared_ptr<T> share (T *t)

@@ -42,27 +43,49 @@ void use_logger (dual_control_configuration &config, logger_ifc *value)

     config.logger = logger (logger::delegate (value));

 }

+void use_sessions (dual_control_configuration &config, sessions_ifc *value)

+{

+    config.sessions = sessions (sessions::delegate (value));

+}

+

+class fake_sessions : public sessions_ifc {

+    private:

+        std::string user_;

+    public:

+        fake_sessions(const std::string &user) : user_(user) {}

+    std::string user_name (const pam_request &request)  const {

+        return user_;

+    }

+

+};

+

 class mock_logger : public logger_ifc

 {

 private:

     int result_;

-    std::string user_name_;

+    std::string requester_user_name_;

+    std::string authorizer_user_name_;

     std::string token_;

 public:

-    void log (int result, const std::string &user_name,

+    void log (int result, const std::string &requester_user_name, const std::string &authorizer_user_name,

               const std::string &token)

     {

         result_ = result;

-        user_name_ = user_name;

+        requester_user_name_ = requester_user_name;

+        authorizer_user_name_ = authorizer_user_name;

         token_ = token;

     }

     int logged_result()

     {

         return result_;

     }

-    std::string logged_user_name()

+    std::string logged_requester()

+    {

+        return requester_user_name_;

+    }

+    std::string logged_authorizer()

     {

-        return user_name_;

+        return authorizer_user_name_;

     }

     std::string logged_token()

     {

@@ -87,15 +110,16 @@ public:

 class fake_validator : public validator_ifc

 {

 private:

-    std::string user_;

+    std::string requester_;

+    std::string authorizer_;

     std::string token_;

 public:

-    fake_validator (const std::string &user,

-                    const std::string &token): user_ (user), token_ (token) {}

-    bool validate (const std::string &requester, const std::string &user,

+    fake_validator (const std::string &requester, const std::string &authorizer,

+                    const std::string &token): requester_(requester), authorizer_(authorizer), token_ (token) {}

+    bool validate (const std::string &requester, const std::string &authorizer,

                    const std::string &token)

     {

-        return user_ == user && token_ == token;

+        return requester_ == requester && authorizer_ == authorizer && token_ == token;

     }

 };

@@ -123,10 +147,12 @@ int authenticate_validates_with_received_token()

 {

     // given

     dual_control_configuration configuration;

-    std::string user ("user");

-    std::string token ("token");

-    use_validator (configuration, new fake_validator (user, token));

-    use_conversation (configuration, new fake_conversation (user, token));

+    std::string requester("requester");

+    std::string authorizer("authorizer");

+    std::string token("token");

+    use_validator (configuration, new fake_validator (requester, authorizer, token));

+    use_conversation (configuration, new fake_conversation (authorizer, token));

+    use_sessions(configuration, new fake_sessions(requester));

     dual_control dc (dual_control::create (configuration));

     pam_handle_t *handle (0);

     std::vector<std::string> arguments;

@@ -144,7 +170,7 @@ int authenticate_fails_with_wrong_user()

     // given

     dual_control_configuration configuration;

     std::string token ("token");

-    use_validator (configuration, new fake_validator ("user", token));

+    use_validator (configuration, new fake_validator ("requester", "user", token));

     use_conversation (configuration, new fake_conversation ("wrong user",

                       token));

     dual_control dc (dual_control::create (configuration));

@@ -161,9 +187,10 @@ int authenticate_fails_with_wrong_token()

 {

     // given

     dual_control_configuration configuration;

-    std::string user ("user");

-    use_validator (configuration, new fake_validator (user, "token"));

-    use_conversation (configuration, new fake_conversation (user,

+    std::string requester("requester");

+    std::string authorizer("authorizer");

+    use_validator (configuration, new fake_validator (requester, authorizer, "token"));

+    use_conversation (configuration, new fake_conversation (authorizer,

                       "wrong token"));

     dual_control dc (dual_control::create (configuration));

@@ -179,10 +206,12 @@ int logs_authentication()

 {

     //given

     dual_control_configuration configuration;

-    std::string user ("user");

+    std::string requester("requester");

+    std::string authorizer("authorizer");

     std::string token ("token");

-    use_validator (configuration, new fake_validator (user, token));

-    use_conversation (configuration, new fake_conversation (user, token));

+    use_validator (configuration, new fake_validator (requester, authorizer, token));

+    use_conversation (configuration, new fake_conversation (authorizer, token));

+    use_sessions(configuration, new fake_sessions(requester));

     mock_logger *test_logger;

     use_logger (configuration, test_logger = new mock_logger);

     dual_control dc (dual_control::create (configuration));

@@ -193,7 +222,9 @@ int logs_authentication()

     //then

     check (test_logger->logged_result() == PAM_SUCCESS,

            "logged result should be success");

-    check (test_logger->logged_user_name() == user,

+    check (test_logger->logged_requester() == requester,

+           "logged user name should be user");

+    check (test_logger->logged_authorizer() == authorizer,

            "logged user name should be user");

     check (test_logger->logged_token() == token,

            "logged token should be token");

@@ -204,11 +235,13 @@ int logs_authentication_failure()

 {

     //given

     dual_control_configuration configuration;

-    std::string user ("user");

-    std::string token ("token");

-    use_validator (configuration, new fake_validator (user,

+    std::string requester("requester");

+    std::string authorizer("authorizer");

+    std::string token("token");

+    use_validator (configuration, new fake_validator (requester, authorizer,

                    "not the received token"));

-    use_conversation (configuration, new fake_conversation (user, token));

+    use_conversation (configuration, new fake_conversation (authorizer, token));

+    use_sessions(configuration, new fake_sessions(requester));

     mock_logger *test_logger;

     use_logger (configuration, test_logger = new mock_logger);

     dual_control dc (dual_control::create (configuration));

@@ -219,7 +252,9 @@ int logs_authentication_failure()

     //then

     check (test_logger->logged_result() == PAM_AUTH_ERR,

            "logged result should be success");

-    check (test_logger->logged_user_name() == user,

+    check (test_logger->logged_requester() == requester,

+           "logged user name should be user");

+    check (test_logger->logged_authorizer() == authorizer,

            "logged user name should be user");

     check (test_logger->logged_token() == token,

            "logged token should be token");

@@ -23,7 +23,7 @@ private:

     sys_syslog syslog_;

 public:

     impl (const sys_syslog &sys_syslog) : syslog_ (sys_syslog) {}

-    void log (int result, const std::string &user_name,

+    void log (int result, const std::string &requester_user_name, const std::string &authorizer_user_name,

               const std::string &token)

     {

         std::string message;

@@ -34,19 +34,19 @@ public:

         case PAM_SUCCESS:

             facility = LOG_AUTHPRIV;

             priority = LOG_NOTICE;

-            message = user_name + " " + token + " " + "success";

+            message = requester_user_name + " " + authorizer_user_name + " " + token + " " + "success";

             break;

         case PAM_AUTH_ERR:

             facility = LOG_AUTHPRIV;

             priority = LOG_NOTICE;

-            message = user_name + " " + token + " " + "fail";

+            message = authorizer_user_name + " " + token + " " + "fail";

             break;

         default:

             facility = LOG_AUTH;

             priority = LOG_ERR;

-            message = user_name + " pam returned error";

+            message = authorizer_user_name + " pam returned error";

             break;

         }

@@ -21,7 +21,7 @@ class logger_ifc

 {

 public:

     virtual ~logger_ifc() {}

-    virtual void log (int result, const std::string &user_name,

+    virtual void log (int result, const std::string &requester_user_name, const std::string &authorizer_user_name,

                       const std::string &token) {};

 };

@@ -35,10 +35,10 @@ public:

     logger (const delegate &delegate) : delegate_

         (delegate) {}

     logger() : logger (delegate (new logger_ifc)) {}

-    void log (int result, const std::string &user_name,

+    void log (int result, const std::string &requester_user_name, const std::string &authorizer_user_name,

               const std::string &token)

     {

-        delegate_->log (result, user_name, token);

+        delegate_->log (result, requester_user_name, authorizer_user_name, token);

     }

     static logger create (const sys_syslog &sys_syslog);

 };

@@ -51,15 +51,16 @@ int logs_success()

     sys_syslog::delegate test_delegate (capture);

     sys_syslog test_syslog (test_delegate);

     logger logger = logger::create (test_syslog);

-    std::string user ("user");

+    std::string requester_user ("requester_user");

+    std::string authorizer_user ("authorizer_user");

     std::string token ("token");

     //when

-    logger.log (PAM_SUCCESS, user, token);

+    logger.log (PAM_SUCCESS, requester_user, authorizer_user, token);

     //then

     check (capture->facility == LOG_AUTHPRIV, "facility does not match");

-    check (capture->message == user + " " + token + " " + "success",

+    check (capture->message == requester_user + " " + authorizer_user + " " + token + " " + "success",

            "message does not match");

     check (capture->priority == LOG_NOTICE, "priority does not match");

     check (capture->closed, "syslog not closed");

@@ -74,15 +75,16 @@ int logs_failure()

     sys_syslog::delegate test_delegate (capture);

     sys_syslog test_syslog (test_delegate);

     logger logger = logger::create (test_syslog);

-    std::string user ("user");

+    std::string requester ("requestuser");

+    std::string authorizer ("authuser");

     std::string token ("token");

     //when

-    logger.log (PAM_AUTH_ERR, user, token);

+    logger.log (PAM_AUTH_ERR, requester, authorizer, token);

     //then

     check (capture->facility == LOG_AUTHPRIV, "facility does not match");

-    check (capture->message == user + " " + token + " " + "fail",

+    check (capture->message == authorizer + " " + token + " " + "fail",

            "message does not match");

     check (capture->priority == LOG_NOTICE, "priority does not match");

     check (capture->closed, "syslog not closed");

@@ -97,15 +99,16 @@ int logs_pam_service_error()

     sys_syslog::delegate test_delegate (capture);

     sys_syslog test_syslog (test_delegate);

     logger logger = logger::create (test_syslog);

-    std::string user ("user");

+    std::string requester ("user");

+    std::string authorizer ("user");

     std::string token ("token");

     //when

-    logger.log (PAM_SERVICE_ERR, user, token);

+    logger.log (PAM_SERVICE_ERR, requester, authorizer, token);

     //then

     check (capture->facility == LOG_AUTH, "facility does not match");

-    check (capture->message == user + " pam returned error",

+    check (capture->message == authorizer + " pam returned error",

            "message does not match");

     check (capture->priority == LOG_ERR, "priority does not match");

     check (capture->closed, "syslog not closed");

@@ -29,10 +29,12 @@ public:

 class sessions

 {

+    public:

+        typedef std::shared_ptr<sessions_ifc> delegate;

 private:

-    std::shared_ptr<sessions_ifc> delegate_;

+    delegate delegate_;

 public:

-    sessions (std::shared_ptr<sessions_ifc> delegate =

+    sessions (delegate delegate =

                   std::make_shared<sessions_ifc>()) : delegate_ (delegate) {}

     std::string user_name (const pam_request &request) const

     {