summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/providers/ipa/ipa_init.c66
-rw-r--r--src/sss_client/sss_cli.h2
2 files changed, 68 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 4b26e8baa..15ec2339d 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -371,6 +371,62 @@ done:
return ret;
}
+void cleanup_ipa_preauth_indicator(void)
+{
+ int ret;
+
+ ret = unlink(PAM_PREAUTH_INDICATOR);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to remove preauth indicator file [%s].\n",
+ PAM_PREAUTH_INDICATOR);
+ }
+}
+
+static errno_t create_ipa_preauth_indicator(void)
+{
+ int ret;
+ TALLOC_CTX *tmp_ctx = NULL;
+ int fd;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
+ return ENOMEM;
+ }
+
+ fd = open(PAM_PREAUTH_INDICATOR, O_CREAT | O_EXCL | O_WRONLY | O_NOFOLLOW,
+ 0644);
+ if (fd < 0) {
+ if (errno != EEXIST) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to create preauth indicator file [%s].\n",
+ PAM_PREAUTH_INDICATOR);
+ ret = EOK;
+ goto done;
+ }
+
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Preauth indicator file [%s] already exists. "
+ "Maybe it is left after an unplanned exit. Continuing.\n",
+ PAM_PREAUTH_INDICATOR);
+ } else {
+ close(fd);
+ }
+
+ ret = atexit(cleanup_ipa_preauth_indicator);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "atexit failed. Continuing.\n");
+ }
+
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
+
+ return ret;
+}
+
int sssm_ipa_auth_init(struct be_ctx *bectx,
struct bet_ops **ops,
void **pvt_data)
@@ -469,6 +525,16 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
goto done;
}
+ ret = create_ipa_preauth_indicator();
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to create preauth indicator file, special password "
+ "prompting might not be available.\n");
+ sss_log(SSSDBG_CRIT_FAILURE,
+ "Failed to create preauth indicator file, special password "
+ "prompting might not be available.\n");
+ }
+
*ops = &ipa_auth_ops;
*pvt_data = ipa_auth_ctx;
ret = EOK;
diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h
index 1d7e8549c..317700ef8 100644
--- a/src/sss_client/sss_cli.h
+++ b/src/sss_client/sss_cli.h
@@ -317,6 +317,8 @@ enum sss_authtok_type {
#define SSS_START_OF_PAM_REQUEST 0x4d415049
#define SSS_END_OF_PAM_REQUEST 0x4950414d
+#define PAM_PREAUTH_INDICATOR PUBCONF_PATH"/pam_preauth_available"
+
enum pam_item_type {
SSS_PAM_ITEM_EMPTY = 0x0000,
SSS_PAM_ITEM_USER,