diff options
| -rw-r--r-- | sss_client/pam_sss.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 6fb76370..d03407c9 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -170,9 +170,18 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, struct pam_response *resp=NULL; int pam_status; char *newpwd[2]; + int forward_pass = 0; D(("Hello pam_sssd: %d", task)); + for (; argc-- > 0; ++argv) { + if (strcmp(*argv, "forward_pass") == 0) { + forward_pass = 1; + } else { + D(("unknown option: %s", *argv)); + } + } + /* TODO: add useful prelim check */ if (task == SSS_PAM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK)) { D(("ignoring PAM_PRELIM_CHECK")); @@ -226,6 +235,13 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; } pi.pam_authtok_size=strlen(pi.pam_authtok); + + if (forward_pass != 0) { + ret = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp); + if (ret != PAM_SUCCESS) { + D(("Failed to set PAM_AUTHTOK, authtok may not be available for other modules")); + } + } } if (task == SSS_PAM_CHAUTHTOK) { |