aac3cde5be
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5 - backport important patches from upstream 1.13 prerelease
116 lines
3.4 KiB
Diff
116 lines
3.4 KiB
Diff
From badabcb4536794f376fbbefec21fd821654481c5 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Tue, 24 Mar 2015 11:19:46 +0100
|
|
Subject: [PATCH 22/30] IPA: create preauth indicator file at startup
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
(cherry picked from commit deb28a893c76f7c94b6cc8e596742665e23d97d5)
|
|
---
|
|
src/providers/ipa/ipa_init.c | 66 ++++++++++++++++++++++++++++++++++++++++++++
|
|
src/sss_client/sss_cli.h | 2 ++
|
|
2 files changed, 68 insertions(+)
|
|
|
|
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
|
|
index 4b26e8baad4d0592729aec9a0b188ae89973fa98..15ec2339d95754db2e54f383bf8e423e780e9838 100644
|
|
--- a/src/providers/ipa/ipa_init.c
|
|
+++ b/src/providers/ipa/ipa_init.c
|
|
@@ -371,6 +371,62 @@ done:
|
|
return ret;
|
|
}
|
|
|
|
+void cleanup_ipa_preauth_indicator(void)
|
|
+{
|
|
+ int ret;
|
|
+
|
|
+ ret = unlink(PAM_PREAUTH_INDICATOR);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
+ "Failed to remove preauth indicator file [%s].\n",
|
|
+ PAM_PREAUTH_INDICATOR);
|
|
+ }
|
|
+}
|
|
+
|
|
+static errno_t create_ipa_preauth_indicator(void)
|
|
+{
|
|
+ int ret;
|
|
+ TALLOC_CTX *tmp_ctx = NULL;
|
|
+ int fd;
|
|
+
|
|
+ tmp_ctx = talloc_new(NULL);
|
|
+ if (tmp_ctx == NULL) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
|
|
+ return ENOMEM;
|
|
+ }
|
|
+
|
|
+ fd = open(PAM_PREAUTH_INDICATOR, O_CREAT | O_EXCL | O_WRONLY | O_NOFOLLOW,
|
|
+ 0644);
|
|
+ if (fd < 0) {
|
|
+ if (errno != EEXIST) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
+ "Failed to create preauth indicator file [%s].\n",
|
|
+ PAM_PREAUTH_INDICATOR);
|
|
+ ret = EOK;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "Preauth indicator file [%s] already exists. "
|
|
+ "Maybe it is left after an unplanned exit. Continuing.\n",
|
|
+ PAM_PREAUTH_INDICATOR);
|
|
+ } else {
|
|
+ close(fd);
|
|
+ }
|
|
+
|
|
+ ret = atexit(cleanup_ipa_preauth_indicator);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "atexit failed. Continuing.\n");
|
|
+ }
|
|
+
|
|
+ ret = EOK;
|
|
+
|
|
+done:
|
|
+ talloc_free(tmp_ctx);
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
int sssm_ipa_auth_init(struct be_ctx *bectx,
|
|
struct bet_ops **ops,
|
|
void **pvt_data)
|
|
@@ -469,6 +525,16 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
|
|
goto done;
|
|
}
|
|
|
|
+ ret = create_ipa_preauth_indicator();
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "Failed to create preauth indicator file, special password "
|
|
+ "prompting might not be available.\n");
|
|
+ sss_log(SSSDBG_CRIT_FAILURE,
|
|
+ "Failed to create preauth indicator file, special password "
|
|
+ "prompting might not be available.\n");
|
|
+ }
|
|
+
|
|
*ops = &ipa_auth_ops;
|
|
*pvt_data = ipa_auth_ctx;
|
|
ret = EOK;
|
|
diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h
|
|
index 1d7e8549cd548b00eeedba95080f346439afc3dd..317700ef8cfcbb1b58e2a7d1ffcc7f00658fe815 100644
|
|
--- a/src/sss_client/sss_cli.h
|
|
+++ b/src/sss_client/sss_cli.h
|
|
@@ -317,6 +317,8 @@ enum sss_authtok_type {
|
|
#define SSS_START_OF_PAM_REQUEST 0x4d415049
|
|
#define SSS_END_OF_PAM_REQUEST 0x4950414d
|
|
|
|
+#define PAM_PREAUTH_INDICATOR PUBCONF_PATH"/pam_preauth_available"
|
|
+
|
|
enum pam_item_type {
|
|
SSS_PAM_ITEM_EMPTY = 0x0000,
|
|
SSS_PAM_ITEM_USER,
|
|
--
|
|
2.4.3
|
|
|