1 files changed, 33 insertions, 0 deletions

diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index ab3f45455..79470823d 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -166,6 +166,32 @@ done:
     return ret;
 }
 
+static errno_t get_app_services(struct pam_ctx *pctx)
+{
+    errno_t ret;
+
+    ret = confdb_get_string_as_list(pctx->rctx->cdb, pctx,
+                                    CONFDB_PAM_CONF_ENTRY,
+                                    CONFDB_PAM_APP_SERVICES,
+                                    &pctx->app_services);
+    if (ret == ENOENT) {
+        pctx->app_services = talloc_zero_array(pctx, char *, 1);
+        if (pctx->app_services == NULL) {
+            return ENOMEM;
+        }
+        /* Allocating an empty array makes it easier for the consumer
+         * to iterate over it
+         */
+    } else if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Cannot read "CONFDB_PAM_APP_SERVICES" [%d]: %s\n",
+              ret, sss_strerror(ret));
+        return ret;
+    }
+
+    return EOK;
+}
+
 static int pam_process_init(TALLOC_CTX *mem_ctx,
                             struct tevent_context *ev,
                             struct confdb_ctx *cdb,
@@ -219,6 +245,13 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    ret = get_app_services(pctx);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE, "get_app_services failed: %d:[%s].\n",
+              ret, sss_strerror(ret));
+        goto done;
+    }
+
     /* Enable automatic reconnection to the Data Provider */
 
     /* FIXME: "retries" is too generic, either get it from a global config