From 91e670f9928fe489fbdb2403b5bbf59bcc4564a2 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 21 Dec 2009 14:51:32 +0100
Subject: Return an error for an unknown PAM request

---
 server/providers/krb5/krb5_auth.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

(limited to 'server/providers/krb5/krb5_auth.c')

diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index a124371ed..a9f577d7e 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -713,12 +713,24 @@ void krb5_pam_handler(struct be_req *be_req)
 
     pd = talloc_get_type(be_req->req_data, struct pam_data);
 
-    if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_PAM_CHAUTHTOK &&
-        pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
-        DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd));
-        pam_status = PAM_SUCCESS;
-        dp_err = DP_ERR_OK;
-        goto done;
+    switch (pd->cmd) {
+        case SSS_PAM_AUTHENTICATE:
+        case SSS_PAM_CHAUTHTOK:
+        case SSS_PAM_CHAUTHTOK_PRELIM:
+            break;
+        case SSS_PAM_ACCT_MGMT:
+        case SSS_PAM_SETCRED:
+        case SSS_PAM_OPEN_SESSION:
+        case SSS_PAM_CLOSE_SESSION:
+            pam_status = PAM_SUCCESS;
+            dp_err = DP_ERR_OK;
+            goto done;
+            break;
+        default:
+            DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd));
+            pam_status = PAM_MODULE_UNKNOWN;
+            dp_err = DP_ERR_OK;
+            goto done;
     }
 
     if (be_is_offline(be_req->be_ctx) &&
-- 
cgit