diff options
Diffstat (limited to 'src/responder/pam/pamsrv.c')
-rw-r--r-- | src/responder/pam/pamsrv.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index aa0d2796b..3fe467c3c 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -50,6 +50,8 @@ #define ALL_DOMAIMS_ARE_PUBLIC "all" #define NO_DOMAIMS_ARE_PUBLIC "none" #define DEFAULT_ALLOWED_UIDS ALL_UIDS_ALLOWED +#define DEFAULT_PAM_CERT_AUTH false +#define DEFAULT_PAM_CERT_DB_PATH SYSCONFDIR"/pki/nssdb" struct mon_cli_iface monitor_pam_methods = { { &mon_cli_iface_meta, 0 }, @@ -302,6 +304,38 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, goto done; } + /* Check if certificate based authentication is enabled */ + ret = confdb_get_bool(pctx->rctx->cdb, + CONFDB_PAM_CONF_ENTRY, + CONFDB_PAM_CERT_AUTH, + DEFAULT_PAM_CERT_AUTH, + &pctx->cert_auth); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to determine get cert db path.\n"); + goto done; + } + + pctx->p11_child_debug_fd = -1; + if (pctx->cert_auth) { + ret = p11_child_init(pctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "p11_child_init failed.\n"); + goto done; + } + + ret = confdb_get_string(pctx->rctx->cdb, pctx, + CONFDB_PAM_CONF_ENTRY, + CONFDB_PAM_CERT_DB_PATH, + DEFAULT_PAM_CERT_DB_PATH, + &pctx->nss_db); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to determine if certificate based authentication is " \ + "enabled or not.\n"); + goto done; + } + } + ret = EOK; done: |