summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-08-08 19:26:35 +0200
committerJakub Hrozek <jhrozek@redhat.com>2012-08-09 17:35:39 +0200
commitffcf27b0b773b580289d596f796aaf86c45ba920 (patch)
tree80434f669b1d035d5a7fd92f132a6d62ed5e2577
parent499718cb04a534ba76ee9dfb055c2bfc96fdeeb3 (diff)
downloadsssd-ffcf27b0b773b580289d596f796aaf86c45ba920.tar.gz
sssd-ffcf27b0b773b580289d596f796aaf86c45ba920.tar.xz
sssd-ffcf27b0b773b580289d596f796aaf86c45ba920.zip
Abort PAM access phase if HBAC does not return PAM_SUCCESS
-rw-r--r--src/providers/data_provider_be.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 2e4ee0754..dcce69ca4 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -793,6 +793,7 @@ static void be_pam_handler_callback(struct be_req *req,
pd = talloc_get_type(req->req_data, struct pam_data);
if (pd->cmd == SSS_PAM_ACCT_MGMT &&
+ pd->pam_status == PAM_SUCCESS &&
req->phase == REQ_PHASE_ACCESS &&
dp_err_type == DP_ERR_OK) {
if (!becli->bectx->bet_info[BET_SELINUX].bet_ops) {