diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-10-14 19:17:57 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-10-15 07:44:46 -0400 |
commit | ac120f0b3613aedae9c2f3e3314514da98a9393c (patch) | |
tree | 5d0037c9066fa492e0b3cd0565b0c39c073b0a04 /server/providers/krb5/krb5_auth.c | |
parent | b4ae1f2b47f16b7f497493d8cbead04070ce1af0 (diff) | |
download | sssd-ac120f0b3613aedae9c2f3e3314514da98a9393c.tar.gz sssd-ac120f0b3613aedae9c2f3e3314514da98a9393c.tar.bz2 sssd-ac120f0b3613aedae9c2f3e3314514da98a9393c.zip |
Return the dp error from the providers
Diffstat (limited to 'server/providers/krb5/krb5_auth.c')
-rw-r--r-- | server/providers/krb5/krb5_auth.c | 46 |
1 files changed, 30 insertions, 16 deletions
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 582d0138..91f91969 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -177,6 +177,8 @@ static void fd_nonblocking(int fd) { return; } +static void krb_reply(struct be_req *req, int dp_err, int result); + static void krb5_child_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) @@ -202,7 +204,7 @@ static void krb5_child_timeout(struct tevent_context *ev, pd->pam_status = PAM_AUTHINFO_UNAVAIL; be_mark_offline(be_req->be_ctx); - be_req->fn(be_req, pd->pam_status, NULL); + krb_reply(be_req, DP_ERR_OFFLINE, pd->pam_status); } static errno_t activate_child_timeout_handler(struct krb5child_req *kr) @@ -597,22 +599,25 @@ static void krb5_pam_handler_cache_done(struct tevent_req *treq); static void krb5_pam_handler(struct be_req *be_req) { - int ret; struct pam_data *pd; - int pam_status=PAM_SYSTEM_ERR; const char **attrs; + int pam_status = PAM_SYSTEM_ERR; + int dp_err = DP_ERR_FATAL; + int ret; pd = talloc_get_type(be_req->req_data, struct pam_data); if (be_is_offline(be_req->be_ctx)) { DEBUG(4, ("Backend is marked offline, retry later!\n")); pam_status = PAM_AUTHINFO_UNAVAIL; + dp_err = DP_ERR_OFFLINE; goto done; } if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_PAM_CHAUTHTOK) { DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd)); pam_status = PAM_SUCCESS; + dp_err = DP_ERR_OK; goto done; } @@ -638,7 +643,7 @@ static void krb5_pam_handler(struct be_req *be_req) done: pd->pam_status = pam_status; - be_req->fn(be_req, pam_status, NULL); + krb_reply(be_req, dp_err, pd->pam_status); } static void get_user_upn_done(void *pvt, int err, struct ldb_result *res) @@ -722,8 +727,7 @@ failed: talloc_free(kr); pd->pam_status = pam_status; - - be_req->fn(be_req, pam_status, NULL); + krb_reply(be_req, DP_ERR_FATAL, pd->pam_status); } static void krb5_pam_handler_done(struct tevent_req *req) @@ -744,6 +748,7 @@ static void krb5_pam_handler_done(struct tevent_req *req) struct tevent_req *subreq = NULL; char *password = NULL; char *env = NULL; + int dp_err = DP_ERR_FATAL; pd->pam_status = PAM_SYSTEM_ERR; talloc_free(kr); @@ -778,26 +783,26 @@ static void krb5_pam_handler_done(struct tevent_req *req) goto done; } - ret=pam_add_response(pd, *msg_type, *msg_len, &buf[p]); + ret = pam_add_response(pd, *msg_type, *msg_len, &buf[p]); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); goto done; } - pd->pam_status = *msg_status; - - if (pd->pam_status == PAM_AUTHINFO_UNAVAIL) { + if (*msg_status == PAM_AUTHINFO_UNAVAIL) { be_mark_offline(be_req->be_ctx); + pd->pam_status = *msg_status; + dp_err = DP_ERR_OFFLINE; goto done; } - if (pd->pam_status == PAM_SUCCESS && pd->cmd == SSS_PAM_AUTHENTICATE) { + if (*msg_status == PAM_SUCCESS && pd->cmd == SSS_PAM_AUTHENTICATE) { env = talloc_asprintf(pd, "%s=%s", SSSD_KRB5_REALM, krb5_ctx->realm); if (env == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); goto done; } - ret=pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); + ret = pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); goto done; @@ -808,13 +813,16 @@ static void krb5_pam_handler_done(struct tevent_req *req) DEBUG(1, ("talloc_asprintf failed.\n")); goto done; } - ret=pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); + ret = pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); goto done; } } + pd->pam_status = *msg_status; + dp_err = DP_ERR_OK; + if (pd->pam_status == PAM_SUCCESS && be_req->be_ctx->domain->cache_credentials == TRUE) { @@ -853,11 +861,11 @@ static void krb5_pam_handler_done(struct tevent_req *req) goto done; } tevent_req_set_callback(subreq, krb5_pam_handler_cache_done, be_req); - return; } + done: - be_req->fn(be_req, pd->pam_status, NULL); + krb_reply(be_req, dp_err, pd->pam_status); } static void krb5_pam_handler_cache_done(struct tevent_req *subreq) @@ -875,9 +883,15 @@ static void krb5_pam_handler_cache_done(struct tevent_req *subreq) ret, strerror(ret))); } - be_req->fn(be_req, PAM_SUCCESS, NULL); + krb_reply(be_req, DP_ERR_OK, PAM_SUCCESS); } +static void krb_reply(struct be_req *req, int dp_err, int result) +{ + req->fn(req, dp_err, result, NULL); +} + + struct bet_ops krb5_auth_ops = { .handler = krb5_pam_handler, .finalize = NULL, |