diff options
author | Sumit Bose <sbose@redhat.com> | 2009-11-11 15:12:28 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-11-12 11:00:49 -0500 |
commit | f87584a07661e1501904d6fb842c47888757f223 (patch) | |
tree | 39e62cf33e2e90221c2c061f5e6ba6c1c764889e /server | |
parent | d1ee6b6cecfbbcf4eb84f0c9a7875a6f18d80fee (diff) | |
download | sssd-f87584a07661e1501904d6fb842c47888757f223.tar.gz sssd-f87584a07661e1501904d6fb842c47888757f223.tar.bz2 sssd-f87584a07661e1501904d6fb842c47888757f223.zip |
Fixes for proxy provider
- use the correct private data for each PAM task
- make proxy_pam_target a mandatory option for auth, chpass and access
Diffstat (limited to 'server')
-rw-r--r-- | server/man/sssd.conf.5.xml | 4 | ||||
-rw-r--r-- | server/providers/proxy.c | 29 |
2 files changed, 26 insertions, 7 deletions
diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml index 5fcfae83..c3424992 100644 --- a/server/man/sssd.conf.5.xml +++ b/server/man/sssd.conf.5.xml @@ -570,7 +570,9 @@ The proxy target PAM proxies to. </para> <para> - Default: sssd_pam_proxy_default + Default: not set by default, you have to take an + existing pam configuration or create a new one and + add the service name here. </para> </listitem> </varlistentry> diff --git a/server/providers/proxy.c b/server/providers/proxy.c index aea2df30..0a373448 100644 --- a/server/providers/proxy.c +++ b/server/providers/proxy.c @@ -129,9 +129,28 @@ static void proxy_pam_handler(struct be_req *req) { struct proxy_auth_ctx *ctx;; bool cache_auth_data = false; - ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct proxy_auth_ctx); pd = talloc_get_type(req->req_data, struct pam_data); + switch (pd->cmd) { + case SSS_PAM_AUTHENTICATE: + ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, + struct proxy_auth_ctx); + break; + case SSS_PAM_CHAUTHTOK: + ctx = talloc_get_type(req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data, + struct proxy_auth_ctx); + break; + case SSS_PAM_ACCT_MGMT: + ctx = talloc_get_type(req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data, + struct proxy_auth_ctx); + break; + default: + DEBUG(1, ("Unsupported PAM task.\n")); + pd->pam_status = PAM_SUCCESS; + proxy_reply(req, DP_ERR_OK, PAM_SUCCESS, NULL); + return; + } + conv.conv=proxy_internal_conv; auth_data = talloc_zero(req, struct authtok_conv); conv.appdata_ptr=auth_data; @@ -2355,11 +2374,9 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, &ctx->pam_target); if (ret != EOK) goto done; if (!ctx->pam_target) { - ctx->pam_target = talloc_strdup(ctx, "sssd_pam_proxy_default"); - if (!ctx->pam_target) { - ret = ENOMEM; - goto done; - } + DEBUG(1, ("Missing option proxy_pam_target.\n")); + ret = EINVAL; + goto done; } *ops = &proxy_auth_ops; |