summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-04-23 13:39:11 +0200
committerStephen Gallagher <sgallagh@redhat.com>2009-04-23 09:06:26 -0400
commitabc04a747aeb90b15c5a838811cec2241afe8319 (patch)
treeda7bca82b6b5e2c3c546e4519f837490bedd39c8
parent46e41c1b8cf6fc03c827ceea011833ba47b45db7 (diff)
downloadsssd-abc04a747aeb90b15c5a838811cec2241afe8319.tar.gz
sssd-abc04a747aeb90b15c5a838811cec2241afe8319.tar.bz2
sssd-abc04a747aeb90b15c5a838811cec2241afe8319.zip
allow to forward the authtok to other pam modules
Other pam modules which are called after pam_sss might want to reuse the given password so that the user is not bothered with multiple password prompt. When pam_sss is configured with the option 'forward_pass' it will use pam_set_item to safe the password for other pam modules.
-rw-r--r--sss_client/pam_sss.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 6fb76370..d03407c9 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -170,9 +170,18 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
struct pam_response *resp=NULL;
int pam_status;
char *newpwd[2];
+ int forward_pass = 0;
D(("Hello pam_sssd: %d", task));
+ for (; argc-- > 0; ++argv) {
+ if (strcmp(*argv, "forward_pass") == 0) {
+ forward_pass = 1;
+ } else {
+ D(("unknown option: %s", *argv));
+ }
+ }
+
/* TODO: add useful prelim check */
if (task == SSS_PAM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK)) {
D(("ignoring PAM_PRELIM_CHECK"));
@@ -226,6 +235,13 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
}
pi.pam_authtok_size=strlen(pi.pam_authtok);
+
+ if (forward_pass != 0) {
+ ret = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp);
+ if (ret != PAM_SUCCESS) {
+ D(("Failed to set PAM_AUTHTOK, authtok may not be available for other modules"));
+ }
+ }
}
if (task == SSS_PAM_CHAUTHTOK) {