IPA: create preauth indicator file at startup

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2015-03-24 11:19:46 +0100
committer: Sumit Bose <sbose@redhat.com> 2015-05-08 09:14:07 +0200
commit: deb28a893c76f7c94b6cc8e596742665e23d97d5 (patch)
tree: e1774b9a50a12aa14b8e08d384695243e86a7b59 /src/providers/ipa/ipa_init.c
parent: 4b1b2e60d0764fed289eada9a7afbfd1993cadcd (diff)
download: sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.tar.gz
sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.tar.xz
sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.zip
1 files changed, 66 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 4b26e8baa..15ec2339d 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -371,6 +371,62 @@ done:
     return ret;
 }
 
+void cleanup_ipa_preauth_indicator(void)
+{
+    int ret;
+
+    ret = unlink(PAM_PREAUTH_INDICATOR);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Failed to remove preauth indicator file [%s].\n",
+              PAM_PREAUTH_INDICATOR);
+    }
+}
+
+static errno_t create_ipa_preauth_indicator(void)
+{
+    int ret;
+    TALLOC_CTX *tmp_ctx = NULL;
+    int fd;
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
+        return ENOMEM;
+    }
+
+    fd = open(PAM_PREAUTH_INDICATOR, O_CREAT | O_EXCL | O_WRONLY | O_NOFOLLOW,
+              0644);
+    if (fd < 0) {
+        if (errno != EEXIST) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "Failed to create preauth indicator file [%s].\n",
+                  PAM_PREAUTH_INDICATOR);
+            ret = EOK;
+            goto done;
+        }
+
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Preauth indicator file [%s] already exists. "
+              "Maybe it is left after an unplanned exit. Continuing.\n",
+              PAM_PREAUTH_INDICATOR);
+    } else {
+        close(fd);
+    }
+
+    ret = atexit(cleanup_ipa_preauth_indicator);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, "atexit failed. Continuing.\n");
+    }
+
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+
+    return ret;
+}
+
 int sssm_ipa_auth_init(struct be_ctx *bectx,
                        struct bet_ops **ops,
                        void **pvt_data)
@@ -469,6 +525,16 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
         goto done;
     }
 
+    ret = create_ipa_preauth_indicator();
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Failed to create preauth indicator file, special password "
+              "prompting might not be available.\n");
+        sss_log(SSSDBG_CRIT_FAILURE,
+                "Failed to create preauth indicator file, special password "
+                "prompting might not be available.\n");
+    }
+
     *ops = &ipa_auth_ops;
     *pvt_data = ipa_auth_ctx;
     ret = EOK;
author	Sumit Bose <sbose@redhat.com>	2015-03-24 11:19:46 +0100
committer	Sumit Bose <sbose@redhat.com>	2015-05-08 09:14:07 +0200
commit	deb28a893c76f7c94b6cc8e596742665e23d97d5 (patch)
tree	e1774b9a50a12aa14b8e08d384695243e86a7b59 /src/providers/ipa/ipa_init.c
parent	4b1b2e60d0764fed289eada9a7afbfd1993cadcd (diff)
download	sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.tar.gz sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.tar.xz sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.zip