diff options
author | Sumit Bose <sbose@redhat.com> | 2015-03-24 11:19:46 +0100 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2015-05-08 09:14:07 +0200 |
commit | deb28a893c76f7c94b6cc8e596742665e23d97d5 (patch) | |
tree | e1774b9a50a12aa14b8e08d384695243e86a7b59 /src/providers | |
parent | 4b1b2e60d0764fed289eada9a7afbfd1993cadcd (diff) | |
download | sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.tar.gz sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.tar.xz sssd-deb28a893c76f7c94b6cc8e596742665e23d97d5.zip |
IPA: create preauth indicator file at startup
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ipa/ipa_init.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 4b26e8baa..15ec2339d 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -371,6 +371,62 @@ done: return ret; } +void cleanup_ipa_preauth_indicator(void) +{ + int ret; + + ret = unlink(PAM_PREAUTH_INDICATOR); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to remove preauth indicator file [%s].\n", + PAM_PREAUTH_INDICATOR); + } +} + +static errno_t create_ipa_preauth_indicator(void) +{ + int ret; + TALLOC_CTX *tmp_ctx = NULL; + int fd; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + fd = open(PAM_PREAUTH_INDICATOR, O_CREAT | O_EXCL | O_WRONLY | O_NOFOLLOW, + 0644); + if (fd < 0) { + if (errno != EEXIST) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to create preauth indicator file [%s].\n", + PAM_PREAUTH_INDICATOR); + ret = EOK; + goto done; + } + + DEBUG(SSSDBG_CRIT_FAILURE, + "Preauth indicator file [%s] already exists. " + "Maybe it is left after an unplanned exit. Continuing.\n", + PAM_PREAUTH_INDICATOR); + } else { + close(fd); + } + + ret = atexit(cleanup_ipa_preauth_indicator); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "atexit failed. Continuing.\n"); + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + int sssm_ipa_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) @@ -469,6 +525,16 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, goto done; } + ret = create_ipa_preauth_indicator(); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to create preauth indicator file, special password " + "prompting might not be available.\n"); + sss_log(SSSDBG_CRIT_FAILURE, + "Failed to create preauth indicator file, special password " + "prompting might not be available.\n"); + } + *ops = &ipa_auth_ops; *pvt_data = ipa_auth_ctx; ret = EOK; |