diff options
author | Sumit Bose <sbose@redhat.com> | 2015-03-24 17:24:50 +0100 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2015-05-08 09:13:23 +0200 |
commit | fb045f6e5a9a7f8936ad6f89c28862dcd035a4fe (patch) | |
tree | e76b6449cdfaa4b07ad71f2569034efa1cfb8b01 /src | |
parent | ea98a7af0584d7667b6c07c19a4b22942c94ca5d (diff) | |
download | sssd-fb045f6e5a9a7f8936ad6f89c28862dcd035a4fe.tar.gz sssd-fb045f6e5a9a7f8936ad6f89c28862dcd035a4fe.tar.xz sssd-fb045f6e5a9a7f8936ad6f89c28862dcd035a4fe.zip |
Add pre-auth request
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/data_provider_be.c | 1 | ||||
-rw-r--r-- | src/providers/dp_pam_data_util.c | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_auth.c | 1 | ||||
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 2 | ||||
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 7 | ||||
-rw-r--r-- | src/sss_client/sss_cli.h | 4 |
6 files changed, 17 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index a48a42878..a37fbbc8d 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -1374,6 +1374,7 @@ static int be_pam_handler(struct sbus_request *dbus_req, void *user_data) switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: + case SSS_PAM_PREAUTH: target = BET_AUTH; break; case SSS_PAM_ACCT_MGMT: diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c index 313948b36..8724bf936 100644 --- a/src/providers/dp_pam_data_util.c +++ b/src/providers/dp_pam_data_util.c @@ -43,6 +43,8 @@ static const char *pamcmd2str(int cmd) { return "PAM_CHAUTHTOK"; case SSS_PAM_CHAUTHTOK_PRELIM: return "PAM_CHAUTHTOK_PRELIM"; + case SSS_PAM_PREAUTH: + return "SSS_PAM_PREAUTH"; default: return "UNKNOWN"; } diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 223448338..79e891b77 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -208,6 +208,7 @@ void ipa_auth(struct be_req *be_req) switch (state->pd->cmd) { case SSS_PAM_AUTHENTICATE: + case SSS_PAM_PREAUTH: state->ipa_auth_ctx = talloc_get_type( be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct ipa_auth_ctx); diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 25caf7b78..5ce45b157 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -441,6 +441,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, goto done; } break; + case SSS_PAM_PREAUTH: + break; default: DEBUG(SSSDBG_CONF_SETTINGS, "Unexpected pam task %d.\n", pd->cmd); state->pam_status = PAM_SYSTEM_ERR; diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index dd6574db7..eeaa42ce7 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1455,6 +1455,12 @@ static int pam_cmd_chauthtok_prelim(struct cli_ctx *cctx) { return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK_PRELIM); } +static int pam_cmd_preauth(struct cli_ctx *cctx) +{ + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_preauth\n"); + return pam_forwarder(cctx, SSS_PAM_PREAUTH); +} + struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version pam_cli_protocol_version[] = { @@ -1478,6 +1484,7 @@ struct sss_cmd_table *get_pam_cmds(void) {SSS_PAM_CLOSE_SESSION, pam_cmd_close_session}, {SSS_PAM_CHAUTHTOK, pam_cmd_chauthtok}, {SSS_PAM_CHAUTHTOK_PRELIM, pam_cmd_chauthtok_prelim}, + {SSS_PAM_PREAUTH, pam_cmd_preauth}, {SSS_CLI_NULL, NULL} }; diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index 9a19d7d47..2895659b9 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -220,6 +220,10 @@ enum sss_cli_command { SSS_CMD_RENEW = 0x00F8, /**< Renew a credential with a limited * lifetime, e.g. a Kerberos Ticket * Granting Ticket (TGT) */ + SSS_PAM_PREAUTH = 0x00F9, /**< Request which can be run before + * an authentication request to find + * out which authentication methods + * are available for the given user. */ /* PAC responder calls */ SSS_PAC_ADD_PAC_USER = 0x0101, |