From 9ed4394fb569d64a61e27784a73e2068393e7fa0 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 24 Apr 2009 11:08:35 +0200 Subject: handle pam acct_mgmt, setcred and open/close_session before user bind in ldap backend --- server/providers/ldap_be.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'server') diff --git a/server/providers/ldap_be.c b/server/providers/ldap_be.c index 2c075bd0..e6547025 100644 --- a/server/providers/ldap_be.c +++ b/server/providers/ldap_be.c @@ -456,6 +456,23 @@ static void sdap_pam_loop(struct tevent_context *ev, struct tevent_fd *te, } } while( (msg=ldap_next_message(lr->ldap, msg)) != NULL ); + switch (lr->pd->cmd) { + case SSS_PAM_AUTHENTICATE: + case SSS_PAM_CHAUTHTOK: + break; + case SSS_PAM_ACCT_MGMT: + case SSS_PAM_SETCRED: + case SSS_PAM_OPEN_SESSION: + case SSS_PAM_CLOSE_SESSION: + pam_status = PAM_SUCCESS; + goto done; + break; + default: + DEBUG(1, ("Unknown pam command %d.\n", lr->pd->cmd)); + pam_status = PAM_SYSTEM_ERR; + goto done; + } + ret = sdap_bind(lr); if (ret != LDAP_SUCCESS) { DEBUG(1, ("sdap_bind failed.\n")); -- cgit