On (02/10/15 10:21), Sumit Bose wrote: >On Thu, Oct 01, 2015 at 03:12:06PM +0200, Pavel Reichl wrote: >> >> >>diff --git a/src/responder/pam/pamsrv_cmd.c >> >>b/src/responder/pam/pamsrv_cmd.c >> >>index >> >>27dddcf43c1ff6eb465e1cb58d6dddf21413dcc4..978c637e22b03d3be1e07e8dc713aa01c4bb22e5 >> >> 100644 >> >>--- a/src/responder/pam/pamsrv_cmd.c >> >>+++ b/src/responder/pam/pamsrv_cmd.c >> >>@@ -957,11 +957,13 @@ static errno_t pam_forwarder_parse_data(struct >> >>cli_ctx *cctx, struct pam_data *p >> >> } else { >> >> /* Only SSS_PAM_PREAUTH request may have a missing name, e.g. if >> >> the >> >> * name is determined with the help of a certificate */ >> >>- if (pd->cmd == SSS_PAM_PREAUTH) { >> >>+ if (pd->cmd == SSS_PAM_PREAUTH >> >>+ && may_do_cert_auth(talloc_get_type(cctx->rctx->pvt_ctx, >> >>+ struct pam_ctx),pd)) { >> >> Since you might be touching the code again could you please fix this super >> minor nitpick (missing space after comma)? Thanks! > >Lukas, Pavel, thank you for the comments, I included all of them, new >version attached. > >bye, >Sumit >
>From 4ac4a4d504575491c05390c37be2bf78c437e185 Mon Sep 17 00:00:00 2001 >From: Sumit Bose <sb...@redhat.com> >Date: Thu, 1 Oct 2015 10:10:22 +0200 >Subject: [PATCH] PAM: only allow missing user name for certificate > authentication > >Resolves https://fedorahosted.org/sssd/ticket/2811 >--- > src/responder/pam/pamsrv_cmd.c | 12 +++++++++--- > src/tests/cmocka/test_pam_srv.c | 38 ++++++++++++++++++++++++++++++++++++++ > 2 files changed, 47 insertions(+), 3 deletions(-) > ACK LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel