diff options
author | Sumit Bose <sbose@redhat.com> | 2009-04-23 13:39:11 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-04-23 09:06:26 -0400 |
commit | abc04a747aeb90b15c5a838811cec2241afe8319 (patch) | |
tree | da7bca82b6b5e2c3c546e4519f837490bedd39c8 | |
parent | 46e41c1b8cf6fc03c827ceea011833ba47b45db7 (diff) | |
download | sssd-abc04a747aeb90b15c5a838811cec2241afe8319.tar.gz sssd-abc04a747aeb90b15c5a838811cec2241afe8319.tar.bz2 sssd-abc04a747aeb90b15c5a838811cec2241afe8319.zip |
allow to forward the authtok to other pam modules
Other pam modules which are called after pam_sss might want to
reuse the given password so that the user is not bothered with
multiple password prompt. When pam_sss is configured with the
option 'forward_pass' it will use pam_set_item to safe the
password for other pam modules.
-rw-r--r-- | sss_client/pam_sss.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 6fb76370..d03407c9 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -170,9 +170,18 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, struct pam_response *resp=NULL; int pam_status; char *newpwd[2]; + int forward_pass = 0; D(("Hello pam_sssd: %d", task)); + for (; argc-- > 0; ++argv) { + if (strcmp(*argv, "forward_pass") == 0) { + forward_pass = 1; + } else { + D(("unknown option: %s", *argv)); + } + } + /* TODO: add useful prelim check */ if (task == SSS_PAM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK)) { D(("ignoring PAM_PRELIM_CHECK")); @@ -226,6 +235,13 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; } pi.pam_authtok_size=strlen(pi.pam_authtok); + + if (forward_pass != 0) { + ret = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp); + if (ret != PAM_SUCCESS) { + D(("Failed to set PAM_AUTHTOK, authtok may not be available for other modules")); + } + } } if (task == SSS_PAM_CHAUTHTOK) { |