diff options
author | Sumit Bose <sbose@redhat.com> | 2009-10-09 15:45:49 +0200 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2009-10-09 16:25:45 -0400 |
commit | 0e303315978600c21ad7f9d141d7f4314d5bb035 (patch) | |
tree | 8fb99d96f2aa8140b2e05521f80040cd4213d823 /server/providers/krb5 | |
parent | b0c4751808040afdc15ca801619c43fe192c6a35 (diff) | |
download | sssd-0e303315978600c21ad7f9d141d7f4314d5bb035.tar.gz sssd-0e303315978600c21ad7f9d141d7f4314d5bb035.tar.bz2 sssd-0e303315978600c21ad7f9d141d7f4314d5bb035.zip |
use the correct kerberos context for each target
- when the kerberos provider was used as a chpass_provider but
not as auth_provider the backend died
Diffstat (limited to 'server/providers/krb5')
-rw-r--r-- | server/providers/krb5/krb5_auth.c | 37 |
1 files changed, 33 insertions, 4 deletions
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 58f4edda..582d0138 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -141,6 +141,26 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf) return EOK; } +static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req) { + struct pam_data *pd; + + pd = talloc_get_type(be_req->req_data, struct pam_data); + + switch (pd->cmd) { + case SSS_PAM_AUTHENTICATE: + return talloc_get_type(be_req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, + struct krb5_ctx); + break; + case SSS_PAM_CHAUTHTOK: + return talloc_get_type(be_req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data, + struct krb5_ctx); + break; + default: + DEBUG(1, ("Unsupported PAM task.\n")); + return NULL; + } +} + static void fd_nonblocking(int fd) { int flags; @@ -236,8 +256,12 @@ static errno_t krb5_setup(struct be_req *req, struct krb5child_req **krb5_req, pd = talloc_get_type(req->req_data, struct pam_data); - krb5_ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, - struct krb5_ctx); + krb5_ctx = get_krb5_ctx(req); + if (krb5_ctx == NULL) { + DEBUG(1, ("Kerberos context not available.\n")); + err = EINVAL; + goto failed; + } kr = talloc_zero(req, struct krb5child_req); if (kr == NULL) { @@ -629,8 +653,13 @@ static void get_user_upn_done(void *pvt, int err, struct ldb_result *res) const char *homedir = NULL; pd = talloc_get_type(be_req->req_data, struct pam_data); - krb5_ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, - struct krb5_ctx); + krb5_ctx = get_krb5_ctx(be_req); + if (krb5_ctx == NULL) { + DEBUG(1, ("Kerberos context not available.\n")); + err = EINVAL; + goto failed; + } + if (err != LDB_SUCCESS) { DEBUG(5, ("sysdb search for upn of user [%s] failed.\n", pd->user)); |