dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0015-PAM-use-better-PAM-error-code-for-failed-Smartcard-a.patch

71e593
From 8948c89c132d31c8cffd55d60e46a506eb00bbd2 Mon Sep 17 00:00:00 2001
71e593
From: Sumit Bose <sbose@redhat.com>
71e593
Date: Fri, 7 Sep 2018 22:16:50 +0200
71e593
Subject: [PATCH 15/19] PAM: use better PAM error code for failed Smartcard
71e593
 authentication
71e593
71e593
If the user enters a wrong PIN the PAM responder currently returns
71e593
PAM_USER_UNKNOWN better is PAM_AUTH_ERR.
71e593
71e593
Related to https://pagure.io/SSSD/sssd/issue/3500
71e593
71e593
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
71e593
(cherry picked from commit 442ae7b1d0704cdd667d4f1ba4c165ce3f3ffed4)
71e593
---
71e593
 src/responder/pam/pamsrv_cmd.c | 4 +++-
71e593
 1 file changed, 3 insertions(+), 1 deletion(-)
71e593
71e593
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
71e593
index ed9ad57bd6d8c4eda30d8e18f83aeea96474551f..817f3c5134ba4c7358ffb4fbf3c6008fa23ffe0e 100644
71e593
--- a/src/responder/pam/pamsrv_cmd.c
71e593
+++ b/src/responder/pam/pamsrv_cmd.c
71e593
@@ -1436,7 +1436,9 @@ static void pam_forwarder_cert_cb(struct tevent_req *req)
71e593
             if (pd->cmd == SSS_PAM_AUTHENTICATE) {
71e593
                 DEBUG(SSSDBG_CRIT_FAILURE,
71e593
                       "No certificate returned, authentication failed.\n");
71e593
-                ret = ENOENT;
71e593
+                preq->pd->pam_status = PAM_AUTH_ERR;
71e593
+                pam_reply(preq);
71e593
+                return;
71e593
             } else {
71e593
                 ret = pam_check_user_search(preq);
71e593
             }
71e593
-- 
71e593
2.14.4
71e593