summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-11-11 15:12:28 +0100
committerStephen Gallagher <sgallagh@redhat.com>2009-11-12 11:00:49 -0500
commitf87584a07661e1501904d6fb842c47888757f223 (patch)
tree39e62cf33e2e90221c2c061f5e6ba6c1c764889e /server
parentd1ee6b6cecfbbcf4eb84f0c9a7875a6f18d80fee (diff)
downloadsssd-f87584a07661e1501904d6fb842c47888757f223.tar.gz
sssd-f87584a07661e1501904d6fb842c47888757f223.tar.bz2
sssd-f87584a07661e1501904d6fb842c47888757f223.zip
Fixes for proxy provider
- use the correct private data for each PAM task - make proxy_pam_target a mandatory option for auth, chpass and access
Diffstat (limited to 'server')
-rw-r--r--server/man/sssd.conf.5.xml4
-rw-r--r--server/providers/proxy.c29
2 files changed, 26 insertions, 7 deletions
diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index 5fcfae83..c3424992 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -570,7 +570,9 @@
The proxy target PAM proxies to.
</para>
<para>
- Default: sssd_pam_proxy_default
+ Default: not set by default, you have to take an
+ existing pam configuration or create a new one and
+ add the service name here.
</para>
</listitem>
</varlistentry>
diff --git a/server/providers/proxy.c b/server/providers/proxy.c
index aea2df30..0a373448 100644
--- a/server/providers/proxy.c
+++ b/server/providers/proxy.c
@@ -129,9 +129,28 @@ static void proxy_pam_handler(struct be_req *req) {
struct proxy_auth_ctx *ctx;;
bool cache_auth_data = false;
- ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct proxy_auth_ctx);
pd = talloc_get_type(req->req_data, struct pam_data);
+ switch (pd->cmd) {
+ case SSS_PAM_AUTHENTICATE:
+ ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data,
+ struct proxy_auth_ctx);
+ break;
+ case SSS_PAM_CHAUTHTOK:
+ ctx = talloc_get_type(req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data,
+ struct proxy_auth_ctx);
+ break;
+ case SSS_PAM_ACCT_MGMT:
+ ctx = talloc_get_type(req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
+ struct proxy_auth_ctx);
+ break;
+ default:
+ DEBUG(1, ("Unsupported PAM task.\n"));
+ pd->pam_status = PAM_SUCCESS;
+ proxy_reply(req, DP_ERR_OK, PAM_SUCCESS, NULL);
+ return;
+ }
+
conv.conv=proxy_internal_conv;
auth_data = talloc_zero(req, struct authtok_conv);
conv.appdata_ptr=auth_data;
@@ -2355,11 +2374,9 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
&ctx->pam_target);
if (ret != EOK) goto done;
if (!ctx->pam_target) {
- ctx->pam_target = talloc_strdup(ctx, "sssd_pam_proxy_default");
- if (!ctx->pam_target) {
- ret = ENOMEM;
- goto done;
- }
+ DEBUG(1, ("Missing option proxy_pam_target.\n"));
+ ret = EINVAL;
+ goto done;
}
*ops = &proxy_auth_ops;