|
 |
71e593 |
From 3eb99a171f59454fc2ec130b3e5052b3de5569a2 Mon Sep 17 00:00:00 2001
|
|
|
71e593 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
71e593 |
Date: Thu, 7 Feb 2019 16:48:44 +0100
|
|
|
71e593 |
Subject: [PATCH] PAM: use user name hint if any domain has set it
|
|
|
71e593 |
|
|
|
71e593 |
When using multiple domains the user name hint should be shown even if
|
|
|
71e593 |
only one domain has set the flag to have a consistent user experience.
|
|
|
71e593 |
Currently this would only be related to logins with GDM and activated
|
|
|
71e593 |
GDM Smartcard plugin.
|
|
|
71e593 |
|
|
|
71e593 |
Related to https://pagure.io/SSSD/sssd/issue/3949
|
|
|
71e593 |
|
|
|
71e593 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
71e593 |
---
|
|
|
71e593 |
src/responder/pam/pamsrv_cmd.c | 22 ++++++++++++++++++----
|
|
|
71e593 |
1 file changed, 18 insertions(+), 4 deletions(-)
|
|
|
71e593 |
|
|
|
71e593 |
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
|
|
|
71e593 |
index 553bf8fbb..3b4869ece 100644
|
|
|
71e593 |
--- a/src/responder/pam/pamsrv_cmd.c
|
|
|
71e593 |
+++ b/src/responder/pam/pamsrv_cmd.c
|
|
|
71e593 |
@@ -1578,6 +1578,20 @@ done:
|
|
|
71e593 |
return ret;
|
|
|
71e593 |
}
|
|
|
71e593 |
|
|
|
71e593 |
+/* Return true if hint is set for at least one domain */
|
|
|
71e593 |
+static bool get_user_name_hint(struct sss_domain_info *domains)
|
|
|
71e593 |
+{
|
|
|
71e593 |
+ struct sss_domain_info *d;
|
|
|
71e593 |
+
|
|
|
71e593 |
+ DLIST_FOR_EACH(d, domains) {
|
|
|
71e593 |
+ if (d->user_name_hint == true) {
|
|
|
71e593 |
+ return true;
|
|
|
71e593 |
+ }
|
|
|
71e593 |
+ }
|
|
|
71e593 |
+
|
|
|
71e593 |
+ return false;
|
|
|
71e593 |
+}
|
|
|
71e593 |
+
|
|
|
71e593 |
static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req)
|
|
|
71e593 |
{
|
|
|
71e593 |
int ret;
|
|
|
71e593 |
@@ -1646,9 +1660,9 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req)
|
|
|
71e593 |
preq->current_cert = sss_cai_get_next(preq->current_cert)) {
|
|
|
71e593 |
|
|
|
71e593 |
ret = add_pam_cert_response(preq->pd,
|
|
|
71e593 |
- preq->cctx->rctx->domains, "",
|
|
|
71e593 |
- preq->current_cert,
|
|
|
71e593 |
- preq->cctx->rctx->domains->user_name_hint
|
|
|
71e593 |
+ preq->cctx->rctx->domains, "",
|
|
|
71e593 |
+ preq->current_cert,
|
|
|
71e593 |
+ get_user_name_hint(preq->cctx->rctx->domains)
|
|
|
71e593 |
? SSS_PAM_CERT_INFO_WITH_HINT
|
|
|
71e593 |
: SSS_PAM_CERT_INFO);
|
|
|
71e593 |
if (ret != EOK) {
|
|
|
71e593 |
@@ -1698,7 +1712,7 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req)
|
|
|
71e593 |
}
|
|
|
71e593 |
}
|
|
|
71e593 |
|
|
|
71e593 |
- if (preq->cctx->rctx->domains->user_name_hint
|
|
|
71e593 |
+ if (get_user_name_hint(preq->cctx->rctx->domains)
|
|
|
71e593 |
&& preq->pd->cmd == SSS_PAM_PREAUTH) {
|
|
|
71e593 |
ret = add_pam_cert_response(preq->pd,
|
|
|
71e593 |
preq->cctx->rctx->domains, cert_user,
|
|
|
71e593 |
--
|
|
|
71e593 |
2.19.2
|
|
|
71e593 |
|