summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-12-21 14:51:32 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-01-05 10:01:46 -0500
commit91e670f9928fe489fbdb2403b5bbf59bcc4564a2 (patch)
tree5b61c9b9a58e533bb5dbe42a77b5ab3449070506 /server
parent60d37b178ec248764abdc58ff486fc661d0ff77a (diff)
downloadsssd-91e670f9928fe489fbdb2403b5bbf59bcc4564a2.tar.gz
sssd-91e670f9928fe489fbdb2403b5bbf59bcc4564a2.tar.bz2
sssd-91e670f9928fe489fbdb2403b5bbf59bcc4564a2.zip
Return an error for an unknown PAM request
Diffstat (limited to 'server')
-rw-r--r--server/providers/data_provider_be.c9
-rw-r--r--server/providers/krb5/krb5_auth.c24
-rw-r--r--server/providers/ldap/ldap_auth.c10
-rw-r--r--server/providers/proxy.c10
4 files changed, 41 insertions, 12 deletions
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c
index 05f3eaff..e59f64a6 100644
--- a/server/providers/data_provider_be.c
+++ b/server/providers/data_provider_be.c
@@ -568,10 +568,15 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
case SSS_PAM_CHAUTHTOK_PRELIM:
target = BET_CHPASS;
break;
+ case SSS_PAM_SETCRED:
+ case SSS_PAM_OPEN_SESSION:
+ case SSS_PAM_CLOSE_SESSION:
+ pd->pam_status = PAM_SUCCESS;
+ goto done;
+ break;
default:
DEBUG(7, ("Unsupported PAM command [%d].\n", pd->cmd));
- pd->pam_status = PAM_SUCCESS;
- ret = EOK;
+ pd->pam_status = PAM_MODULE_UNKNOWN;
goto done;
}
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index a124371e..a9f577d7 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -713,12 +713,24 @@ void krb5_pam_handler(struct be_req *be_req)
pd = talloc_get_type(be_req->req_data, struct pam_data);
- if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_PAM_CHAUTHTOK &&
- pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
- DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd));
- pam_status = PAM_SUCCESS;
- dp_err = DP_ERR_OK;
- goto done;
+ switch (pd->cmd) {
+ case SSS_PAM_AUTHENTICATE:
+ case SSS_PAM_CHAUTHTOK:
+ case SSS_PAM_CHAUTHTOK_PRELIM:
+ break;
+ case SSS_PAM_ACCT_MGMT:
+ case SSS_PAM_SETCRED:
+ case SSS_PAM_OPEN_SESSION:
+ case SSS_PAM_CLOSE_SESSION:
+ pam_status = PAM_SUCCESS;
+ dp_err = DP_ERR_OK;
+ goto done;
+ break;
+ default:
+ DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd));
+ pam_status = PAM_MODULE_UNKNOWN;
+ dp_err = DP_ERR_OK;
+ goto done;
}
if (be_is_offline(be_req->be_ctx) &&
diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c
index 28b3240b..fbb4e53b 100644
--- a/server/providers/ldap/ldap_auth.c
+++ b/server/providers/ldap/ldap_auth.c
@@ -880,13 +880,19 @@ void sdap_pam_auth_handler(struct be_req *breq)
tevent_req_set_callback(subreq, sdap_pam_auth_done, state);
return;
-/* FIXME: handle other cases */
case SSS_PAM_CHAUTHTOK:
break;
- default:
+ case SSS_PAM_ACCT_MGMT:
+ case SSS_PAM_SETCRED:
+ case SSS_PAM_OPEN_SESSION:
+ case SSS_PAM_CLOSE_SESSION:
pd->pam_status = PAM_SUCCESS;
dp_err = DP_ERR_OK;
+ break;
+ default:
+ pd->pam_status = PAM_MODULE_UNKNOWN;
+ dp_err = DP_ERR_OK;
}
done:
diff --git a/server/providers/proxy.c b/server/providers/proxy.c
index 080479c4..12bb25ec 100644
--- a/server/providers/proxy.c
+++ b/server/providers/proxy.c
@@ -145,10 +145,16 @@ static void proxy_pam_handler(struct be_req *req) {
ctx = talloc_get_type(req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
struct proxy_auth_ctx);
break;
+ case SSS_PAM_SETCRED:
+ case SSS_PAM_OPEN_SESSION:
+ case SSS_PAM_CLOSE_SESSION:
+ pd->pam_status = PAM_SUCCESS;
+ proxy_reply(req, DP_ERR_OK, EOK, NULL);
+ return;
default:
DEBUG(1, ("Unsupported PAM task.\n"));
- pd->pam_status = PAM_SUCCESS;
- proxy_reply(req, DP_ERR_OK, PAM_SUCCESS, NULL);
+ pd->pam_status = PAM_MODULE_UNKNOWN;
+ proxy_reply(req, DP_ERR_OK, EINVAL, "Unsupported PAM task");
return;
}