summaryrefslogtreecommitdiff
path: root/server/providers/krb5
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-10-09 15:45:49 +0200
committerSimo Sorce <ssorce@redhat.com>2009-10-09 16:25:45 -0400
commit0e303315978600c21ad7f9d141d7f4314d5bb035 (patch)
tree8fb99d96f2aa8140b2e05521f80040cd4213d823 /server/providers/krb5
parentb0c4751808040afdc15ca801619c43fe192c6a35 (diff)
downloadsssd-0e303315978600c21ad7f9d141d7f4314d5bb035.tar.gz
sssd-0e303315978600c21ad7f9d141d7f4314d5bb035.tar.bz2
sssd-0e303315978600c21ad7f9d141d7f4314d5bb035.zip
use the correct kerberos context for each target
- when the kerberos provider was used as a chpass_provider but not as auth_provider the backend died
Diffstat (limited to 'server/providers/krb5')
-rw-r--r--server/providers/krb5/krb5_auth.c37
1 files changed, 33 insertions, 4 deletions
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index 58f4edda..582d0138 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -141,6 +141,26 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf)
return EOK;
}
+static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req) {
+ struct pam_data *pd;
+
+ pd = talloc_get_type(be_req->req_data, struct pam_data);
+
+ switch (pd->cmd) {
+ case SSS_PAM_AUTHENTICATE:
+ return talloc_get_type(be_req->be_ctx->bet_info[BET_AUTH].pvt_bet_data,
+ struct krb5_ctx);
+ break;
+ case SSS_PAM_CHAUTHTOK:
+ return talloc_get_type(be_req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data,
+ struct krb5_ctx);
+ break;
+ default:
+ DEBUG(1, ("Unsupported PAM task.\n"));
+ return NULL;
+ }
+}
+
static void fd_nonblocking(int fd) {
int flags;
@@ -236,8 +256,12 @@ static errno_t krb5_setup(struct be_req *req, struct krb5child_req **krb5_req,
pd = talloc_get_type(req->req_data, struct pam_data);
- krb5_ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data,
- struct krb5_ctx);
+ krb5_ctx = get_krb5_ctx(req);
+ if (krb5_ctx == NULL) {
+ DEBUG(1, ("Kerberos context not available.\n"));
+ err = EINVAL;
+ goto failed;
+ }
kr = talloc_zero(req, struct krb5child_req);
if (kr == NULL) {
@@ -629,8 +653,13 @@ static void get_user_upn_done(void *pvt, int err, struct ldb_result *res)
const char *homedir = NULL;
pd = talloc_get_type(be_req->req_data, struct pam_data);
- krb5_ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_AUTH].pvt_bet_data,
- struct krb5_ctx);
+ krb5_ctx = get_krb5_ctx(be_req);
+ if (krb5_ctx == NULL) {
+ DEBUG(1, ("Kerberos context not available.\n"));
+ err = EINVAL;
+ goto failed;
+ }
+
if (err != LDB_SUCCESS) {
DEBUG(5, ("sysdb search for upn of user [%s] failed.\n", pd->user));