diff options
-rw-r--r-- | src/providers/ipa/ipa_init.c | 66 | ||||
-rw-r--r-- | src/sss_client/sss_cli.h | 2 |
2 files changed, 68 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 4b26e8baa..15ec2339d 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -371,6 +371,62 @@ done: return ret; } +void cleanup_ipa_preauth_indicator(void) +{ + int ret; + + ret = unlink(PAM_PREAUTH_INDICATOR); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to remove preauth indicator file [%s].\n", + PAM_PREAUTH_INDICATOR); + } +} + +static errno_t create_ipa_preauth_indicator(void) +{ + int ret; + TALLOC_CTX *tmp_ctx = NULL; + int fd; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + fd = open(PAM_PREAUTH_INDICATOR, O_CREAT | O_EXCL | O_WRONLY | O_NOFOLLOW, + 0644); + if (fd < 0) { + if (errno != EEXIST) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to create preauth indicator file [%s].\n", + PAM_PREAUTH_INDICATOR); + ret = EOK; + goto done; + } + + DEBUG(SSSDBG_CRIT_FAILURE, + "Preauth indicator file [%s] already exists. " + "Maybe it is left after an unplanned exit. Continuing.\n", + PAM_PREAUTH_INDICATOR); + } else { + close(fd); + } + + ret = atexit(cleanup_ipa_preauth_indicator); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "atexit failed. Continuing.\n"); + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + int sssm_ipa_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) @@ -469,6 +525,16 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, goto done; } + ret = create_ipa_preauth_indicator(); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to create preauth indicator file, special password " + "prompting might not be available.\n"); + sss_log(SSSDBG_CRIT_FAILURE, + "Failed to create preauth indicator file, special password " + "prompting might not be available.\n"); + } + *ops = &ipa_auth_ops; *pvt_data = ipa_auth_ctx; ret = EOK; diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index 1d7e8549c..317700ef8 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -317,6 +317,8 @@ enum sss_authtok_type { #define SSS_START_OF_PAM_REQUEST 0x4d415049 #define SSS_END_OF_PAM_REQUEST 0x4950414d +#define PAM_PREAUTH_INDICATOR PUBCONF_PATH"/pam_preauth_available" + enum pam_item_type { SSS_PAM_ITEM_EMPTY = 0x0000, SSS_PAM_ITEM_USER, |