PAM: new options pam_trusted_users & pam_public_domains

pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Pavel Reichl <preichl@redhat.com> 2014-09-25 14:52:31 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-09-29 18:27:07 +0200
commit: 830ded27453015080a54d6ba85fd4999ee7e9af1 (patch)
tree: 2dcdecd4d211c25e7e1dd909e062e534348227db /src/responder/pam/pamsrv.h
parent: cb7644495e76ffa3e19ba10efb4a0f5f3817ba33 (diff)
download: sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.tar.gz
sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.tar.xz
sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
index 1e37a77a1..f92e7f7db 100644
--- a/src/responder/pam/pamsrv.h
+++ b/src/responder/pam/pamsrv.h
@@ -37,6 +37,13 @@ struct pam_ctx {
     int neg_timeout;
     time_t id_timeout;
     hash_table_t *id_table;
+    size_t trusted_uids_count;
+    uid_t *trusted_uids;
+    bool is_uid_trusted;
+
+    /* List of domains that are accessible even for untrusted users. */
+    char **public_domains;
+    int public_domains_count;
 };
 
 struct pam_auth_dp_req {
author	Pavel Reichl <preichl@redhat.com>	2014-09-25 14:52:31 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-09-29 18:27:07 +0200
commit	830ded27453015080a54d6ba85fd4999ee7e9af1 (patch)
tree	2dcdecd4d211c25e7e1dd909e062e534348227db /src/responder/pam/pamsrv.h
parent	cb7644495e76ffa3e19ba10efb4a0f5f3817ba33 (diff)
download	sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.tar.gz sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.tar.xz sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.zip