From 4f913c8472fe7c10fcaedddbb620774ff8838c2b Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 24 Mar 2015 17:24:50 +0100 Subject: [PATCH 104/114] Add pre-auth request MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Lukáš Slebodník (cherry picked from commit fb045f6e5a9a7f8936ad6f89c28862dcd035a4fe) --- src/providers/data_provider_be.c | 1 + src/providers/dp_pam_data_util.c | 2 ++ src/providers/ipa/ipa_auth.c | 1 + src/providers/krb5/krb5_auth.c | 2 ++ src/responder/pam/pamsrv_cmd.c | 7 +++++++ src/sss_client/sss_cli.h | 4 ++++ 6 files changed, 17 insertions(+) diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 9a752e31ed2d644fd590d9a556d5c4f9cc17c4f6..b44784724e2c4afb6cea3c5769dceab415027c6b 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -1373,6 +1373,7 @@ static int be_pam_handler(struct sbus_request *dbus_req, void *user_data) switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: + case SSS_PAM_PREAUTH: target = BET_AUTH; break; case SSS_PAM_ACCT_MGMT: diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c index 313948b369cf605c91eb608b9a394d32a1e128d1..8724bf936f3f46fb8393c8a3da57215a73b4191a 100644 --- a/src/providers/dp_pam_data_util.c +++ b/src/providers/dp_pam_data_util.c @@ -43,6 +43,8 @@ static const char *pamcmd2str(int cmd) { return "PAM_CHAUTHTOK"; case SSS_PAM_CHAUTHTOK_PRELIM: return "PAM_CHAUTHTOK_PRELIM"; + case SSS_PAM_PREAUTH: + return "SSS_PAM_PREAUTH"; default: return "UNKNOWN"; } diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index f9a0706be7c7fee2b8431cabad82e3c559795db4..f8badbdd16bfc4761ea177fdf5179ff2d4158080 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -208,6 +208,7 @@ void ipa_auth(struct be_req *be_req) switch (state->pd->cmd) { case SSS_PAM_AUTHENTICATE: + case SSS_PAM_PREAUTH: state->ipa_auth_ctx = talloc_get_type( be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct ipa_auth_ctx); diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 25caf7b788a3f373f47e9d8aad38a2ea6fc12621..5ce45b1579f93d618da455b7ab2687c078332067 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -441,6 +441,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, goto done; } break; + case SSS_PAM_PREAUTH: + break; default: DEBUG(SSSDBG_CONF_SETTINGS, "Unexpected pam task %d.\n", pd->cmd); state->pam_status = PAM_SYSTEM_ERR; diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 2ca5aa789ab98aea9005b891be1a36ea91ab40f4..c7eb697f29b6de9f7edaaf7715a58d2b7afdc733 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1454,6 +1454,12 @@ static int pam_cmd_chauthtok_prelim(struct cli_ctx *cctx) { return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK_PRELIM); } +static int pam_cmd_preauth(struct cli_ctx *cctx) +{ + DEBUG(SSSDBG_CONF_SETTINGS, "entering pam_cmd_preauth\n"); + return pam_forwarder(cctx, SSS_PAM_PREAUTH); +} + struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version pam_cli_protocol_version[] = { @@ -1477,6 +1483,7 @@ struct sss_cmd_table *get_pam_cmds(void) {SSS_PAM_CLOSE_SESSION, pam_cmd_close_session}, {SSS_PAM_CHAUTHTOK, pam_cmd_chauthtok}, {SSS_PAM_CHAUTHTOK_PRELIM, pam_cmd_chauthtok_prelim}, + {SSS_PAM_PREAUTH, pam_cmd_preauth}, {SSS_CLI_NULL, NULL} }; diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index 9a19d7d47d0a9d7dabeac36dc2c866c3420ef501..2895659b9c3ed4ab520ca90846379c22fd9567f7 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -220,6 +220,10 @@ enum sss_cli_command { SSS_CMD_RENEW = 0x00F8, /**< Renew a credential with a limited * lifetime, e.g. a Kerberos Ticket * Granting Ticket (TGT) */ + SSS_PAM_PREAUTH = 0x00F9, /**< Request which can be run before + * an authentication request to find + * out which authentication methods + * are available for the given user. */ /* PAC responder calls */ SSS_PAC_ADD_PAC_USER = 0x0101, -- 2.4.0