180                    struct pam_data *pd,
204     kr->pd = pd;
209                           pd->user, dom->case_sensitive, &mapped_name);
221         DEBUG(SSSDBG_TRACE_ALL, "No mapping for: %s\n", pd->user);
222         kr->user = pd->user;
250                                   struct pam_data *pd, uid_t uid,
256     ret = sss_authtok_get_password(pd->authtok, &password, NULL);
267     ret = sysdb_cache_auth(domain, pd->user,
276     ret = add_user_to_delayed_online_authentication(krb5_ctx, domain, pd, uid);
311                     "No ccache file for user [%s] found.\n", kr->pd->user);
338                                   struct pam_data *pd)
346     switch(pd->cmd) {
359             if (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_2FA) {
360                 ret = sss_authtok_get_2fa(pd->authtok, &password, &password_len,
370             } else if (sss_authtok_get_type(pd->authtok) ==
372                 ret = sss_authtok_get_password(pd->authtok, &password, NULL);
375                       sss_authtok_get_type(pd->authtok));
380             ret = sss_authtok_get_password(pd->newauthtok, &password, NULL);
384                   "unsupported PAM command [%d].\n", pd->cmd);
395         if (pd->cmd != SSS_CMD_RENEW && pd->cmd != SSS_PAM_PREAUTH) {
403     ret = sysdb_cache_password_ex(domain, pd->user, password,
404                                   sss_authtok_get_type(pd->authtok), fa2_len);
437     struct pam_data *pd;
455                                   struct pam_data *pd,
477     state->pd = pd;
483     ret = get_domain_or_subdomain(be_ctx, pd->domain, &state->domain);
491     authtok_type = sss_authtok_get_type(pd->authtok);
493     switch (pd->cmd) {
504                            pd->user);
513                        "Expected [%d], got [%d]\n", pd->user,
523             if (pd->priv == 1 &&
537                        "Expected [%d], got [%d]\n", pd->user,
549             DEBUG(SSSDBG_CONF_SETTINGS, "Unexpected pam task %d.\n", pd->cmd);
557         (pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ||
558          pd->cmd == SSS_CMD_RENEW)) {
583     ret = krb5_setup(state, pd, state->domain, krb5_ctx,
591     ret = sysdb_get_user_attr_with_views(state, state->domain, state->pd->user,
595               "sysdb search for upn of user [%s] failed.\n", pd->user);
611               "No attributes for user [%s] found.\n", pd->user);
618                                 kr->user, pd->domain, &kr->upn);
637                   "Home directory for user [%s] not known.\n", pd->user);
645                   "UID for user [%s] not known.\n", pd->user);
655                   "GID for user [%s] not known.\n", pd->user);
669               "User search for (%s) returned > 1 results!\n", pd->user);
676     if (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM && otp == true) {
728             (kr->pd->cmd == SSS_PAM_CHAUTHTOK ||
729              kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) {
748             if (kr->pd->cmd == SSS_PAM_CHAUTHTOK ||
749                 kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) {
817     struct pam_data *pd = state->pd;
829     ret = handle_child_recv(subreq, pd, &buf, &len);
835         switch (pd->cmd) {
885     ret = parse_krb5_child_response(state, buf, len, pd,
926                                                    pd->user, res->correct_upn);
948         if (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) {
958             (pd->cmd == SSS_PAM_CHAUTHTOK ||
959              pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) {
999                 pd->user, kr->old_ccname);
1011         if (pd->cmd == SSS_PAM_AUTHENTICATE && !kr->active_ccache) {
1014                                          pd->user, kr->old_ccname);
1079         (pd->cmd == SSS_PAM_CHAUTHTOK ||
1080          pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) {
1102                            pd->user, kr->ccname);
1119         (pd->cmd == SSS_PAM_AUTHENTICATE ||
1120          pd->cmd == SSS_CMD_RENEW ||
1121          pd->cmd == SSS_PAM_CHAUTHTOK) &&
1127                                      pd, kr->upn);
1137                 && sss_authtok_get_type(pd->authtok)
1142                                   state->pd, state->kr->uid,
1156                 || (res->otp && sss_authtok_get_type(pd->authtok) ==
1158         krb5_auth_store_creds(state->domain, pd);
1165     if (res->otp == true && pd->cmd == SSS_PAM_AUTHENTICATE
1166             && sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_2FA) {
1168         ret = pam_add_response(pd, SSS_OTP, sizeof(uint32_t),
1205     struct pam_data *pd;
1214                       struct pam_data *pd,
1228     state->pd = pd;
1230     switch (pd->cmd) {
1237                                           pd, krb5_ctx);
1240                 pd->pam_status = PAM_SYSTEM_ERR;
1248                                       pd, krb5_ctx);
1251                 pd->pam_status = PAM_SYSTEM_ERR;
1260             pd->pam_status = PAM_SUCCESS;
1265                   "krb5 does not handles pam task %d.\n", pd->cmd);
1266             pd->pam_status = PAM_MODULE_UNKNOWN;
1289     ret = krb5_auth_queue_recv(subreq, &state->pd->pam_status, NULL);
1292         state->pd->pam_status = PAM_SYSTEM_ERR;
1312         state->pd->pam_status = PAM_SYSTEM_ERR;
1317           access_allowed ? "allowed" : "denied", state->pd->user);
1318     state->pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED;
1335     *_data = talloc_steal(mem_ctx, state->pd);

Indexes created Tue Jul 24 14:28:13 CEST 2018