DP: successful authentication sets explicitly PAM_SUCCESSS

Set PAM_SYSTEM_ERR as default pam_status to ensure that we always must set PAM_SUCCESSS explicitly for a successful authentication and will really return an error in all other cases. Reviewed-by: Pavel Reichl <preichl@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2015-10-19 13:10:51 -0400
committer: Lukas Slebodnik <lslebodn@redhat.com> 2015-11-03 09:29:09 +0100
commit: d0d79b53a5a16831169a3d854fd59402a99a1dd6 (patch)
tree: cfe0a028ce633d23586b582253ea098ef4b5e83f
parent: e307c269fe1dc94a1771b459c5925e449ba7668b (diff)
download: sssd-d0d79b53a5a16831169a3d854fd59402a99a1dd6.tar.gz
sssd-d0d79b53a5a16831169a3d854fd59402a99a1dd6.tar.xz
sssd-d0d79b53a5a16831169a3d854fd59402a99a1dd6.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c
index 10e91f5f7..bed5db872 100644
--- a/src/providers/dp_pam_data_util.c
+++ b/src/providers/dp_pam_data_util.c
@@ -22,6 +22,8 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+#include <security/pam_modules.h>
+
 #include "providers/data_provider.h"
 #include "util/sss_cli_cmd.h"
 
@@ -48,6 +50,8 @@ struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx)
         goto failed;
     }
 
+    pd->pam_status = PAM_SYSTEM_ERR;
+
     pd->authtok = sss_authtok_new(pd);
     if (pd->authtok == NULL) {
         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
author	Sumit Bose <sbose@redhat.com>	2015-10-19 13:10:51 -0400
committer	Lukas Slebodnik <lslebodn@redhat.com>	2015-11-03 09:29:09 +0100
commit	d0d79b53a5a16831169a3d854fd59402a99a1dd6 (patch)
tree	cfe0a028ce633d23586b582253ea098ef4b5e83f
parent	e307c269fe1dc94a1771b459c5925e449ba7668b (diff)
download	sssd-d0d79b53a5a16831169a3d854fd59402a99a1dd6.tar.gz sssd-d0d79b53a5a16831169a3d854fd59402a99a1dd6.tar.xz sssd-d0d79b53a5a16831169a3d854fd59402a99a1dd6.zip