summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/sss_client/pam_sss.c29
1 files changed, 14 insertions, 15 deletions
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index 3f88d689..8bd3c9eb 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -1330,6 +1330,7 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
int pam_flags, int argc, const char **argv)
{
int ret;
+ int pam_status;
struct pam_items pi;
uint32_t flags = 0;
int *exp_data;
@@ -1376,34 +1377,32 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
return PAM_SYSTEM_ERR;
}
- ret = send_and_receive(pamh, &pi, task);
+ pam_status = send_and_receive(pamh, &pi, task);
switch (task) {
case SSS_PAM_AUTHENTICATE:
/* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during
* authentication, see sss_cli.h for details */
- if (ret == PAM_NEW_AUTHTOK_REQD) {
+ if (pam_status == PAM_NEW_AUTHTOK_REQD) {
D(("Authtoken expired, trying to change it"));
exp_data = malloc(sizeof(int));
if (exp_data == NULL) {
D(("malloc failed."));
- ret = PAM_BUF_ERR;
+ pam_status = PAM_BUF_ERR;
break;
}
*exp_data = 1;
- ret = pam_set_data(pamh, PWEXP_FLAG, exp_data, free_exp_data);
- if (ret != PAM_SUCCESS) {
+
+ pam_status = pam_set_data(pamh, PWEXP_FLAG, exp_data,
+ free_exp_data);
+ if (pam_status != PAM_SUCCESS) {
D(("pam_set_data failed."));
- ret = ret;
- break;
}
-
- ret = PAM_SUCCESS;
}
break;
case SSS_PAM_ACCT_MGMT:
- if (ret == PAM_SUCCESS &&
+ if (pam_status == PAM_SUCCESS &&
pam_get_data(pamh, PWEXP_FLAG, (const void **) &exp_data) ==
PAM_SUCCESS) {
ret = do_pam_conversation(pamh, PAM_TEXT_INFO,
@@ -1412,11 +1411,11 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
if (ret != PAM_SUCCESS) {
D(("do_pam_conversation failed."));
}
- ret = PAM_NEW_AUTHTOK_REQD;
+ pam_status = PAM_NEW_AUTHTOK_REQD;
}
break;
case SSS_PAM_CHAUTHTOK:
- if (ret != PAM_SUCCESS && ret != PAM_USER_UNKNOWN) {
+ if (pam_status != PAM_SUCCESS && pam_status != PAM_USER_UNKNOWN) {
ret = pam_set_item(pamh, PAM_AUTHTOK, NULL);
if (ret != PAM_SUCCESS) {
D(("Failed to unset PAM_AUTHTOK [%s]",
@@ -1430,15 +1429,15 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
}
break;
case SSS_PAM_CHAUTHTOK_PRELIM:
- if (ret == PAM_PERM_DENIED && pi.pam_authtok_size == 0 &&
+ if (pam_status == PAM_PERM_DENIED && pi.pam_authtok_size == 0 &&
getuid() == 0 &&
pam_get_data(pamh, PWEXP_FLAG, (const void **) &exp_data) !=
PAM_SUCCESS) {
ret = select_pw_reset_message(pamh, &pi);
if (ret != 0) {
+ D(("select_pw_reset_message failed.\n"));
}
- ret = PAM_PERM_DENIED;
}
default:
/* nothing to do */
@@ -1449,7 +1448,7 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
overwrite_and_free_pam_items(&pi);
- return ret;
+ return pam_status;
}
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,