summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--server/man/sssd.conf.5.xml4
-rw-r--r--server/providers/proxy.c29
2 files changed, 26 insertions, 7 deletions
diff --git a/server/man/sssd.conf.5.xml b/server/man/sssd.conf.5.xml
index 5fcfae83c..c34249924 100644
--- a/server/man/sssd.conf.5.xml
+++ b/server/man/sssd.conf.5.xml
@@ -570,7 +570,9 @@
The proxy target PAM proxies to.
</para>
<para>
- Default: sssd_pam_proxy_default
+ Default: not set by default, you have to take an
+ existing pam configuration or create a new one and
+ add the service name here.
</para>
</listitem>
</varlistentry>
diff --git a/server/providers/proxy.c b/server/providers/proxy.c
index aea2df307..0a3734484 100644
--- a/server/providers/proxy.c
+++ b/server/providers/proxy.c
@@ -129,9 +129,28 @@ static void proxy_pam_handler(struct be_req *req) {
struct proxy_auth_ctx *ctx;;
bool cache_auth_data = false;
- ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct proxy_auth_ctx);
pd = talloc_get_type(req->req_data, struct pam_data);
+ switch (pd->cmd) {
+ case SSS_PAM_AUTHENTICATE:
+ ctx = talloc_get_type(req->be_ctx->bet_info[BET_AUTH].pvt_bet_data,
+ struct proxy_auth_ctx);
+ break;
+ case SSS_PAM_CHAUTHTOK:
+ ctx = talloc_get_type(req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data,
+ struct proxy_auth_ctx);
+ break;
+ case SSS_PAM_ACCT_MGMT:
+ ctx = talloc_get_type(req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
+ struct proxy_auth_ctx);
+ break;
+ default:
+ DEBUG(1, ("Unsupported PAM task.\n"));
+ pd->pam_status = PAM_SUCCESS;
+ proxy_reply(req, DP_ERR_OK, PAM_SUCCESS, NULL);
+ return;
+ }
+
conv.conv=proxy_internal_conv;
auth_data = talloc_zero(req, struct authtok_conv);
conv.appdata_ptr=auth_data;
@@ -2355,11 +2374,9 @@ int sssm_proxy_auth_init(struct be_ctx *bectx,
&ctx->pam_target);
if (ret != EOK) goto done;
if (!ctx->pam_target) {
- ctx->pam_target = talloc_strdup(ctx, "sssd_pam_proxy_default");
- if (!ctx->pam_target) {
- ret = ENOMEM;
- goto done;
- }
+ DEBUG(1, ("Missing option proxy_pam_target.\n"));
+ ret = EINVAL;
+ goto done;
}
*ops = &proxy_auth_ops;