diff options
author | Sumit Bose <sbose@redhat.com> | 2009-12-21 14:51:32 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-01-05 10:01:46 -0500 |
commit | 91e670f9928fe489fbdb2403b5bbf59bcc4564a2 (patch) | |
tree | 5b61c9b9a58e533bb5dbe42a77b5ab3449070506 /server | |
parent | 60d37b178ec248764abdc58ff486fc661d0ff77a (diff) | |
download | sssd-91e670f9928fe489fbdb2403b5bbf59bcc4564a2.tar.gz sssd-91e670f9928fe489fbdb2403b5bbf59bcc4564a2.tar.bz2 sssd-91e670f9928fe489fbdb2403b5bbf59bcc4564a2.zip |
Return an error for an unknown PAM request
Diffstat (limited to 'server')
-rw-r--r-- | server/providers/data_provider_be.c | 9 | ||||
-rw-r--r-- | server/providers/krb5/krb5_auth.c | 24 | ||||
-rw-r--r-- | server/providers/ldap/ldap_auth.c | 10 | ||||
-rw-r--r-- | server/providers/proxy.c | 10 |
4 files changed, 41 insertions, 12 deletions
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c index 05f3eaff..e59f64a6 100644 --- a/server/providers/data_provider_be.c +++ b/server/providers/data_provider_be.c @@ -568,10 +568,15 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) case SSS_PAM_CHAUTHTOK_PRELIM: target = BET_CHPASS; break; + case SSS_PAM_SETCRED: + case SSS_PAM_OPEN_SESSION: + case SSS_PAM_CLOSE_SESSION: + pd->pam_status = PAM_SUCCESS; + goto done; + break; default: DEBUG(7, ("Unsupported PAM command [%d].\n", pd->cmd)); - pd->pam_status = PAM_SUCCESS; - ret = EOK; + pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index a124371e..a9f577d7 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -713,12 +713,24 @@ void krb5_pam_handler(struct be_req *be_req) pd = talloc_get_type(be_req->req_data, struct pam_data); - if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_PAM_CHAUTHTOK && - pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { - DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd)); - pam_status = PAM_SUCCESS; - dp_err = DP_ERR_OK; - goto done; + switch (pd->cmd) { + case SSS_PAM_AUTHENTICATE: + case SSS_PAM_CHAUTHTOK: + case SSS_PAM_CHAUTHTOK_PRELIM: + break; + case SSS_PAM_ACCT_MGMT: + case SSS_PAM_SETCRED: + case SSS_PAM_OPEN_SESSION: + case SSS_PAM_CLOSE_SESSION: + pam_status = PAM_SUCCESS; + dp_err = DP_ERR_OK; + goto done; + break; + default: + DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd)); + pam_status = PAM_MODULE_UNKNOWN; + dp_err = DP_ERR_OK; + goto done; } if (be_is_offline(be_req->be_ctx) && diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c index 28b3240b..fbb4e53b 100644 --- a/server/providers/ldap/ldap_auth.c +++ b/server/providers/ldap/ldap_auth.c @@ -880,13 +880,19 @@ void sdap_pam_auth_handler(struct be_req *breq) tevent_req_set_callback(subreq, sdap_pam_auth_done, state); return; -/* FIXME: handle other cases */ case SSS_PAM_CHAUTHTOK: break; - default: + case SSS_PAM_ACCT_MGMT: + case SSS_PAM_SETCRED: + case SSS_PAM_OPEN_SESSION: + case SSS_PAM_CLOSE_SESSION: pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; + break; + default: + pd->pam_status = PAM_MODULE_UNKNOWN; + dp_err = DP_ERR_OK; } done: diff --git a/server/providers/proxy.c b/server/providers/proxy.c index 080479c4..12bb25ec 100644 --- a/server/providers/proxy.c +++ b/server/providers/proxy.c @@ -145,10 +145,16 @@ static void proxy_pam_handler(struct be_req *req) { ctx = talloc_get_type(req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct proxy_auth_ctx); break; + case SSS_PAM_SETCRED: + case SSS_PAM_OPEN_SESSION: + case SSS_PAM_CLOSE_SESSION: + pd->pam_status = PAM_SUCCESS; + proxy_reply(req, DP_ERR_OK, EOK, NULL); + return; default: DEBUG(1, ("Unsupported PAM task.\n")); - pd->pam_status = PAM_SUCCESS; - proxy_reply(req, DP_ERR_OK, PAM_SUCCESS, NULL); + pd->pam_status = PAM_MODULE_UNKNOWN; + proxy_reply(req, DP_ERR_OK, EINVAL, "Unsupported PAM task"); return; } |