diff options
-rw-r--r-- | server/man/sssd.conf.5.xml | 4 | ||||
-rw-r--r-- | server/providers/proxy.c | 29 |
2 files changed, 26 insertions, 7 deletions
diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml index 5fcfae83..c3424992 100644 --- a/server/man/sssd.conf.5.xml +++ b/server/man/sssd.conf.5.xml @@ -570,7 +570,9 @@ The proxy target PAM proxies to. </para> <para> - Default: sssd_pam_proxy_default + Default: not set by default, you have to take an + existing pam configuration or create a new one and + add the service name here. </para> </listitem> </varlistentry> diff --git a/server/providers/proxy.c b/server/providers/proxy.c index aea2df30..0a373448 100644 --- a/server/providers/proxy.c +++ b/server/providers/proxy.c @@ -129,9 +129,28 @@ static void proxy_pam_handler(struct be_req *req) { struct proxy_auth_ctx *ctx;; bool cache_auth_data = false; - ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct proxy_auth_ctx); pd = talloc_get_type(req->req_data, struct pam_data); + switch (pd->cmd) { + case SSS_PAM_AUTHENTICATE: + ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, + struct proxy_auth_ctx); + break; + case SSS_PAM_CHAUTHTOK: + ctx = talloc_get_type(req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data, + struct proxy_auth_ctx); + break; + case SSS_PAM_ACCT_MGMT: + ctx = talloc_get_type(req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data, + struct proxy_auth_ctx); + break; + default: + DEBUG(1, ("Unsupported PAM task.\n")); + pd->pam_status = PAM_SUCCESS; + proxy_reply(req, DP_ERR_OK, PAM_SUCCESS, NULL); + return; + } + conv.conv=proxy_internal_conv; auth_data = talloc_zero(req, struct authtok_conv); conv.appdata_ptr=auth_data; @@ -2355,11 +2374,9 @@ int sssm_proxy_auth_init(struct be_ctx *bectx, &ctx->pam_target); if (ret != EOK) goto done; if (!ctx->pam_target) { - ctx->pam_target = talloc_strdup(ctx, "sssd_pam_proxy_default"); - if (!ctx->pam_target) { - ret = ENOMEM; - goto done; - } + DEBUG(1, ("Missing option proxy_pam_target.\n")); + ret = EINVAL; + goto done; } *ops = &proxy_auth_ops; |