diff options
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/data_provider_be.c | 25 | ||||
| -rw-r--r-- | src/providers/dp_backend.h | 8 |
2 files changed, 33 insertions, 0 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 114fde52..9571d095 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -753,10 +753,12 @@ static void be_pam_handler_callback(struct be_req *req, int errnum, const char *errstr) { + struct be_client *becli = req->becli; struct pam_data *pd; DBusMessage *reply; DBusConnection *dbus_conn; dbus_bool_t dbret; + errno_t ret; DEBUG(4, ("Backend returned: (%d, %d, %s) [%s]\n", dp_err_type, errnum, errstr?errstr:"<NULL>", @@ -764,6 +766,28 @@ static void be_pam_handler_callback(struct be_req *req, pd = talloc_get_type(req->req_data, struct pam_data); + if (pd->cmd == SSS_PAM_ACCT_MGMT && + req->phase == REQ_PHASE_ACCESS && + dp_err_type == DP_ERR_OK) { + if (!becli->bectx->bet_info[BET_SELINUX].bet_ops) { + DEBUG(SSSDBG_TRACE_FUNC, + ("SELinux provider doesn't exist, " + "not sending the request to it.\n")); + } else { + req->phase = REQ_PHASE_SELINUX; + + /* Now is the time to call SELinux provider */ + ret = be_file_request(becli->bectx->bet_info[BET_SELINUX].pvt_bet_data, + req, + becli->bectx->bet_info[BET_SELINUX].bet_ops->handler); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("be_file_request failed.\n")); + goto done; + } + return; + } + } + DEBUG(4, ("Sending result [%d][%s]\n", pd->pam_status, pd->domain)); reply = (DBusMessage *)req->pvt; dbret = dp_pack_pam_response(reply, pd); @@ -852,6 +876,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) break; case SSS_PAM_ACCT_MGMT: target = BET_ACCESS; + be_req->phase = REQ_PHASE_ACCESS; break; case SSS_PAM_CHAUTHTOK: case SSS_PAM_CHAUTHTOK_PRELIM: diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h index 4c703326..53a382ac 100644 --- a/src/providers/dp_backend.h +++ b/src/providers/dp_backend.h @@ -132,6 +132,8 @@ struct bet_ops { }; #define MAX_BE_REQ_RESTARTS 2 +#define REQ_PHASE_ACCESS 0 +#define REQ_PHASE_SELINUX 1 struct be_req { struct be_client *becli; @@ -143,6 +145,12 @@ struct be_req { int restarts; + /* This is utilized in access provider + * request handling to indicate if access or + * selinux provider is calling the callback. + */ + int phase; + struct sss_domain_info *domain; struct sysdb_ctx *sysdb; }; |