From abc04a747aeb90b15c5a838811cec2241afe8319 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 23 Apr 2009 13:39:11 +0200 Subject: allow to forward the authtok to other pam modules Other pam modules which are called after pam_sss might want to reuse the given password so that the user is not bothered with multiple password prompt. When pam_sss is configured with the option 'forward_pass' it will use pam_set_item to safe the password for other pam modules. --- sss_client/pam_sss.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 6fb76370e..d03407c92 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -170,9 +170,18 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, struct pam_response *resp=NULL; int pam_status; char *newpwd[2]; + int forward_pass = 0; D(("Hello pam_sssd: %d", task)); + for (; argc-- > 0; ++argv) { + if (strcmp(*argv, "forward_pass") == 0) { + forward_pass = 1; + } else { + D(("unknown option: %s", *argv)); + } + } + /* TODO: add useful prelim check */ if (task == SSS_PAM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK)) { D(("ignoring PAM_PRELIM_CHECK")); @@ -226,6 +235,13 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; } pi.pam_authtok_size=strlen(pi.pam_authtok); + + if (forward_pass != 0) { + ret = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp); + if (ret != PAM_SUCCESS) { + D(("Failed to set PAM_AUTHTOK, authtok may not be available for other modules")); + } + } } if (task == SSS_PAM_CHAUTHTOK) { -- cgit