On Fri, Aug 28, 2009 at 12:16:51PM +0200, Sumit Bose wrote:
> Hi,
>
> the environment variable which are send back by this patch are currently
> needed in the user session of the client. When the DNS helper is
> available and used by the kerberos locator plugin they can be removed.
>
> bye,
> Sumit
sorry, the previous version depended on another not submitted patch.
This on will work with the current master.
bye,
Sumit
>From f839a11fe0ced617fdae84d29228393aa0bc212f Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 26 Aug 2009 11:08:55 +0200
Subject: [PATCH] send SSSD_REALM and SSSD_KDCIP environment to the client
Currently the kerberos locator plugin needs these two variables to
be set to find a KDC which is configured in sssd but not in
/etc/krb5.conf.
---
server/providers/krb5/krb5_auth.c | 33 +++++++++++++++++++++++++++++++--
1 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/server/providers/krb5/krb5_auth.c
b/server/providers/krb5/krb5_auth.c
index 39bc170..b1fe47a 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -74,7 +74,9 @@ static void krb5_cleanup(struct krb5_req *kr)
if (kr->ctx != NULL)
krb5_free_context(kr->ctx);
- talloc_free(kr);
+ memset(kr, 0, sizeof(struct krb5_req));
+
+ talloc_zfree(kr);
}
static int krb5_setup(struct be_req *req, const char *user_princ_str,
@@ -98,6 +100,7 @@ static int krb5_setup(struct be_req *req, const char
*user_princ_str,
kr->pd = pd;
kr->req = req;
+ kr->krb5_ctx = krb5_ctx;
kerr = krb5_init_context(&kr->ctx);
if (kerr != 0) {
@@ -484,6 +487,7 @@ static void krb5_pam_handler_done(struct tevent_req *req)
struct krb5_req *kr = tevent_req_callback_data(req, struct krb5_req);
struct pam_data *pd = kr->pd;
struct be_req *be_req = kr->req;
+ struct krb5_ctx *krb5_ctx = kr->krb5_ctx;
struct tgt_req_state *state = tevent_req_data(req, struct tgt_req_state);
int ret;
uint8_t *buf;
@@ -495,6 +499,7 @@ static void krb5_pam_handler_done(struct tevent_req *req)
int32_t *msg_len;
struct tevent_req *subreq = NULL;
char *password = NULL;
+ char *env = NULL;
pd->pam_status = PAM_SYSTEM_ERR;
krb5_cleanup(kr);
@@ -529,7 +534,7 @@ static void krb5_pam_handler_done(struct tevent_req *req)
goto done;
}
- ret=pam_add_response(kr->pd, *msg_type, *msg_len, &buf[p]);
+ ret=pam_add_response(pd, *msg_type, *msg_len, &buf[p]);
if (ret != EOK) {
DEBUG(1, ("pam_add_response failed.\n"));
goto done;
@@ -537,6 +542,30 @@ static void krb5_pam_handler_done(struct tevent_req *req)
pd->pam_status = *msg_status;
+ if (pd->pam_status == PAM_SUCCESS && pd->cmd == SSS_PAM_AUTHENTICATE) {
+ env = talloc_asprintf(pd, "%s=%s", SSSD_REALM, krb5_ctx->realm);
+ if (env == NULL) {
+ DEBUG(1, ("talloc_asprintf failed.\n"));
+ goto done;
+ }
+ ret=pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env);
+ if (ret != EOK) {
+ DEBUG(1, ("pam_add_response failed.\n"));
+ goto done;
+ }
+
+ env = talloc_asprintf(pd, "%s=%s", SSSD_KDC, krb5_ctx->kdcip);
+ if (env == NULL) {
+ DEBUG(1, ("talloc_asprintf failed.\n"));
+ goto done;
+ }
+ ret=pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env);
+ if (ret != EOK) {
+ DEBUG(1, ("pam_add_response failed.\n"));
+ goto done;
+ }
+ }
+
if (pd->pam_status == PAM_SUCCESS &&
be_req->be_ctx->domain->cache_credentials == TRUE) {
password = talloc_size(be_req, pd->authtok_size + 1);
--
1.6.2.5
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
