summaryrefslogtreecommitdiffstats
path: root/src/responder/pam/pamsrv_cmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/responder/pam/pamsrv_cmd.c')
-rw-r--r--src/responder/pam/pamsrv_cmd.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 27dddcf43..2823f8133 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -957,11 +957,13 @@ static errno_t pam_forwarder_parse_data(struct cli_ctx *cctx, struct pam_data *p
} else {
/* Only SSS_PAM_PREAUTH request may have a missing name, e.g. if the
* name is determined with the help of a certificate */
- if (pd->cmd == SSS_PAM_PREAUTH) {
+ if (pd->cmd == SSS_PAM_PREAUTH
+ && may_do_cert_auth(talloc_get_type(cctx->rctx->pvt_ctx,
+ struct pam_ctx), pd)) {
ret = EOK;
} else {
DEBUG(SSSDBG_CRIT_FAILURE, "Missing logon name in PAM request.\n");
- ret = EINVAL;
+ ret = ERR_NO_CREDS;
goto done;
}
}
@@ -1104,7 +1106,6 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
}
goto done;
} else if (ret != EOK) {
- ret = EINVAL;
goto done;
}
@@ -1610,6 +1611,11 @@ static int pam_check_user_done(struct pam_auth_req *preq, int ret)
pam_reply(preq);
break;
+ case ERR_NO_CREDS:
+ preq->pd->pam_status = PAM_CRED_INSUFFICIENT;
+ pam_reply(preq);
+ break;
+
default:
preq->pd->pam_status = PAM_SYSTEM_ERR;
pam_reply(preq);
generated by cgit (git 2.34.1) at 2024-05-24 16:06:46 +0000