- Add use_first_pass option to fix pam stack problems
This commit is contained in:
parent
3a21c0ede9
commit
6c244a6eda
|
@ -0,0 +1,70 @@
|
||||||
|
>From 98bb277b9271e5e9175180685d647909b89c06aa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Wed, 29 Apr 2009 21:11:05 +0200
|
||||||
|
Subject: [PATCH] reuse authtok which is already in the pam stack
|
||||||
|
|
||||||
|
---
|
||||||
|
sss_client/pam_sss.c | 20 ++++++++++++++++++--
|
||||||
|
1 files changed, 18 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
|
||||||
|
index d03407c..f2fdefe 100644
|
||||||
|
--- a/sss_client/pam_sss.c
|
||||||
|
+++ b/sss_client/pam_sss.c
|
||||||
|
@@ -149,8 +149,10 @@ static void print_pam_items(struct pam_items pi)
|
||||||
|
D(("Tty: %s", *pi.pam_tty!='\0' ? pi.pam_tty : "(not available)"));
|
||||||
|
D(("Ruser: %s", *pi.pam_ruser!='\0' ? pi.pam_ruser : "(not available)"));
|
||||||
|
D(("Rhost: %s", *pi.pam_rhost!='\0' ? pi.pam_rhost : "(not available)"));
|
||||||
|
- D(("Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)"));
|
||||||
|
- D(("Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)"));
|
||||||
|
+ D(("Pamstack_Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)"));
|
||||||
|
+ D(("Pamstack_Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)"));
|
||||||
|
+ D(("Authtok: %s", *pi.pam_authtok!='\0' ? pi.pam_authtok : "(not available)"));
|
||||||
|
+ D(("Newauthtok: %s", *pi.pam_newauthtok!='\0' ? pi.pam_newauthtok : "(not available)"));
|
||||||
|
}
|
||||||
|
|
||||||
|
static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
|
||||||
|
@@ -171,12 +173,15 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
|
||||||
|
int pam_status;
|
||||||
|
char *newpwd[2];
|
||||||
|
int forward_pass = 0;
|
||||||
|
+ int use_first_pass = 0;
|
||||||
|
|
||||||
|
D(("Hello pam_sssd: %d", task));
|
||||||
|
|
||||||
|
for (; argc-- > 0; ++argv) {
|
||||||
|
if (strcmp(*argv, "forward_pass") == 0) {
|
||||||
|
forward_pass = 1;
|
||||||
|
+ } else if (strcmp(*argv, "use_first_pass") == 0) {
|
||||||
|
+ use_first_pass = 1;
|
||||||
|
} else {
|
||||||
|
D(("unknown option: %s", *argv));
|
||||||
|
}
|
||||||
|
@@ -194,6 +199,16 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (use_first_pass != 0 &&
|
||||||
|
+ (*pi.pamstack_authtok != '\0' || *pi.pamstack_oldauthtok != '\0') &&
|
||||||
|
+ (task == SSS_PAM_AUTHENTICATE || task == SSS_PAM_CHAUTHTOK)) {
|
||||||
|
+ pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
|
||||||
|
+ pi.pam_authtok = strdup(pi.pamstack_authtok);
|
||||||
|
+ pi.pam_authtok_size = strlen(pi.pamstack_authtok);
|
||||||
|
+ pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
|
||||||
|
+ pi.pam_newauthtok = strdup(pi.pamstack_oldauthtok);
|
||||||
|
+ pi.pam_newauthtok_size = strlen(pi.pamstack_oldauthtok);
|
||||||
|
+ } else {
|
||||||
|
pi.pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
|
||||||
|
pi.pam_authtok = NULL;
|
||||||
|
pi.pam_authtok_size = 0;
|
||||||
|
@@ -297,6 +312,7 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
|
||||||
|
_pam_overwrite((void *)newpwd[1]);
|
||||||
|
free(newpwd[1]);
|
||||||
|
}
|
||||||
|
+ }
|
||||||
|
|
||||||
|
print_pam_items(pi);
|
||||||
|
|
||||||
|
--
|
||||||
|
1.6.0.6
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 0.3.3
|
Version: 0.3.3
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
|
|
||||||
|
@ -17,6 +17,7 @@ Patch1: 0001-Use-different-attribute-for-cached-passwords.patch
|
||||||
Patch2: 0001-Use-different-attribute-for-cached-passwords-change.patch
|
Patch2: 0001-Use-different-attribute-for-cached-passwords-change.patch
|
||||||
Patch3: 0001-enable-offline-handling-for-native-LDAP-backend.patch
|
Patch3: 0001-enable-offline-handling-for-native-LDAP-backend.patch
|
||||||
Patch4: 0001-handle-other-pam-calls-when-offline.patch
|
Patch4: 0001-handle-other-pam-calls-when-offline.patch
|
||||||
|
Patch5: 0001-reuse-authtok-which-is-already-in-the-pam-stack.patch
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
|
@ -59,6 +60,7 @@ services for projects like FreeIPA.
|
||||||
%patch2 -p 1 -b .pwd-cache-attr
|
%patch2 -p 1 -b .pwd-cache-attr
|
||||||
%patch3 -p 1 -b .ldap-offline
|
%patch3 -p 1 -b .ldap-offline
|
||||||
%patch4 -p 1 -b .pam-offline
|
%patch4 -p 1 -b .pam-offline
|
||||||
|
%patch5 -p 1 -b .use_first_pass
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
|
@ -147,6 +149,9 @@ if [ $1 -ge 1 ] ; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 29 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-2
|
||||||
|
- Add use_first_pass option to fix pam stack problems
|
||||||
|
|
||||||
* Tue Apr 28 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-1
|
* Tue Apr 28 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-1
|
||||||
- Add patches to fix password caches when offline
|
- Add patches to fix password caches when offline
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue