Hi, the environment variable which are send back by this patch are currently needed in the user session of the client. When the DNS helper is available and used by the kerberos locator plugin they can be removed.
bye, Sumit
>From 8cc4ea16832b5997bb74d20f12ef5d8505c05e73 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 26 Aug 2009 11:08:55 +0200 Subject: [PATCH] send SSSD_REALM and SSSD_KDCIP environment to the client Currently the kerberos locator plugin needs these two variables to be set to find a KDC which is configured in sssd but not in /etc/krb5.conf. --- server/providers/krb5/krb5_auth.c | 32 ++++++++++++++++++++++++++++++-- 1 files changed, 30 insertions(+), 2 deletions(-) diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 39bc170..a03d566 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -74,7 +74,9 @@ static void krb5_cleanup(struct krb5_req *kr) if (kr->ctx != NULL) krb5_free_context(kr->ctx); - talloc_free(kr); + memset(kr, 0, sizeof(struct krb5_req)); + + talloc_zfree(kr); } static int krb5_setup(struct be_req *req, const char *user_princ_str, @@ -484,6 +486,7 @@ static void krb5_pam_handler_done(struct tevent_req *req) struct krb5_req *kr = tevent_req_callback_data(req, struct krb5_req); struct pam_data *pd = kr->pd; struct be_req *be_req = kr->req; + struct krb5_ctx *krb5_ctx = kr->krb5_ctx; struct tgt_req_state *state = tevent_req_data(req, struct tgt_req_state); int ret; uint8_t *buf; @@ -495,6 +498,7 @@ static void krb5_pam_handler_done(struct tevent_req *req) int32_t *msg_len; struct tevent_req *subreq = NULL; char *password = NULL; + char *env = NULL; pd->pam_status = PAM_SYSTEM_ERR; krb5_cleanup(kr); @@ -529,7 +533,7 @@ static void krb5_pam_handler_done(struct tevent_req *req) goto done; } - ret=pam_add_response(kr->pd, *msg_type, *msg_len, &buf[p]); + ret=pam_add_response(pd, *msg_type, *msg_len, &buf[p]); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); goto done; @@ -537,6 +541,30 @@ static void krb5_pam_handler_done(struct tevent_req *req) pd->pam_status = *msg_status; + if (pd->pam_status == PAM_SUCCESS && pd->cmd == SSS_PAM_AUTHENTICATE) { + env = talloc_asprintf(pd, "%s=%s", SSSD_REALM, krb5_ctx->realm); + if (env == NULL) { + DEBUG(1, ("talloc_asprintf failed.\n")); + goto done; + } + ret=pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); + if (ret != EOK) { + DEBUG(1, ("pam_add_response failed.\n")); + goto done; + } + + env = talloc_asprintf(pd, "%s=%s", SSSD_KDC, krb5_ctx->kdcip); + if (env == NULL) { + DEBUG(1, ("talloc_asprintf failed.\n")); + goto done; + } + ret=pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); + if (ret != EOK) { + DEBUG(1, ("pam_add_response failed.\n")); + goto done; + } + } + if (pd->pam_status == PAM_SUCCESS && be_req->be_ctx->domain->cache_credentials == TRUE) { password = talloc_size(be_req, pd->authtok_size + 1); -- 1.6.2.5
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel