Attachment 140080 Details for Bug 186545 – 0001-PAM-add-ignore_unknown_user-option.patch

[patch] 0001-PAM-add-ignore_unknown_user-option.patch

0001-PAM-add-ignore_unknown_user-option.patch (text/x-diff; charset=us-ascii), 5.10 KB, created by lukas.slebodnik on 2014-03-22 14:46:02 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: lukas.slebodnik

Created: 2014-03-22 14:46:02 UTC

Size: 5.10 KB

patch

obsolete

>From 163991b8a12d2e96b98258eefcfde12a7b581a19 Mon Sep 17 00:00:00 2001
>From: Lukas Slebodnik <lslebodn@redhat.com>
>Date: Sat, 22 Mar 2014 15:19:45 +0100
>Subject: [PATCH]  PAM: add ignore_unknown_user option
>
>---
> files/patch-src__man__pam_sss.8.xml    | 43 +++++++++++++++++++++++++++
> files/patch-src__sss_client__pam_sss.c | 53 +++++++++++++++++++++++++++++-----
> 2 files changed, 89 insertions(+), 7 deletions(-)
> create mode 100644 files/patch-src__man__pam_sss.8.xml
>
>diff --git a/files/patch-src__man__pam_sss.8.xml b/files/patch-src__man__pam_sss.8.xml
>new file mode 100644
>index 0000000000000000000000000000000000000000..9e59aa0200754b3b1d40a6f920f5e0a1fd59425f
>--- /dev/null
>+++ b/files/patch-src__man__pam_sss.8.xml
>@@ -0,0 +1,43 @@
>+From 1a7794d0e3c9fa47f7b0256518186ce214e93504 Mon Sep 17 00:00:00 2001
>+From: Lukas Slebodnik <lslebodn@redhat.com>
>+Date: Sat, 22 Mar 2014 15:09:34 +0100
>+Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml
>+
>+---
>+ src/man/pam_sss.8.xml | 13 +++++++++++++
>+ 1 file changed, 13 insertions(+)
>+
>+diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml
>+index 72b497ab34a520d21964824080c7f276b26706f4..5b4e456e2b0b7469a233d7bd98d296bec2d8e739 100644
>+--- src/man/pam_sss.8.xml
>++++ src/man/pam_sss.8.xml
>+@@ -37,6 +37,9 @@
>+             <arg choice='opt'>
>+                 <replaceable>retry=N</replaceable>
>+             </arg>
>++            <arg choice='opt'>
>++                <replaceable>ignore_unknown_user</replaceable>
>++            </arg>
>+         </cmdsynopsis>
>+     </refsynopsisdiv>
>+ 
>+@@ -103,6 +106,16 @@
>+                     <option>PasswordAuthentication</option>.</para>
>+                 </listitem>
>+             </varlistentry>
>++            <varlistentry>
>++                <term>
>++                    <option>ignore_unknown_user</option>
>++                </term>
>++                <listitem>
>++                    <para>If this option is specified and the user does not
>++                    exist, the PAM module will return PAM_IGNORE. This causes
>++                    the PAM framework to ignore this module.</para>
>++                </listitem>
>++            </varlistentry>
>+         </variablelist>
>+     </refsect1>
>+ 
>+-- 
>+1.8.5.3
>+
>diff --git a/files/patch-src__sss_client__pam_sss.c b/files/patch-src__sss_client__pam_sss.c
>index 45370623ca745c5bc0c48438083c8c32851e6da9..a1bf2821429d47ae775e54147790f51e5dc2a4c7 100644
>--- a/files/patch-src__sss_client__pam_sss.c
>+++ b/files/patch-src__sss_client__pam_sss.c
>@@ -1,17 +1,25 @@
>-From 86816db5982df0c1b0c5f5722e23111c62ff362e Mon Sep 17 00:00:00 2001
>+From 68fcd5f830b6451de5fd9d697fa6602dc3ca9972 Mon Sep 17 00:00:00 2001
> From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
> Date: Sat, 27 Jul 2013 15:02:31 +0200
>-Subject: [PATCH 31/34] patch-src__sss_client__pam_sss.c
>+Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c
> 
> ---
>- src/sss_client/pam_sss.c | 2 ++
>- 1 file changed, 2 insertions(+)
>+ src/sss_client/pam_sss.c | 13 +++++++++++++
>+ 1 file changed, 13 insertions(+)
> 
> diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
>-index 3734c8f..7110d38 100644
>+index 5fd276ccba15da1f689b1939a02288dda7a09d89..4cb976cf28eba5c14168a91eb23fe4101d2268f3 100644
> --- src/sss_client/pam_sss.c
> +++ src/sss_client/pam_sss.c
>-@@ -125,10 +125,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
>+@@ -52,6 +52,7 @@
>+ #define FLAGS_USE_FIRST_PASS (1 << 0)
>+ #define FLAGS_FORWARD_PASS   (1 << 1)
>+ #define FLAGS_USE_AUTHTOK    (1 << 2)
>++#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3)
>+ 
>+ #define PWEXP_FLAG "pam_sss:password_expired_flag"
>+ #define FD_DESTRUCTOR "pam_sss:fd_destructor"
>+@@ -125,10 +126,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
>  
>  static void close_fd(pam_handle_t *pamh, void *ptr, int err)
>  {
>@@ -24,6 +32,37 @@ index 3734c8f..7110d38 100644
>  
>      D(("Closing the fd"));
>      sss_pam_close_fd();
>+@@ -1292,6 +1295,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
>+             }
>+         } else if (strcmp(*argv, "quiet") == 0) {
>+             *quiet_mode = true;
>++        } else if (strcmp(*argv, "ignore_unknown_user") == 0) {
>++            *flags |= FLAGS_IGNORE_UNKNOWN_USER;
>+         } else {
>+             logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
>+         }
>+@@ -1429,6 +1434,9 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
>+     ret = get_pam_items(pamh, &pi);
>+     if (ret != PAM_SUCCESS) {
>+         D(("get items returned error: %s", pam_strerror(pamh,ret)));
>++        if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) {
>++            ret = PAM_IGNORE;
>++        }
>+         return ret;
>+     }
>+ 
>+@@ -1467,6 +1475,11 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
>+ 
>+         pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
>+ 
>++        if (flags & FLAGS_IGNORE_UNKNOWN_USER
>++                && pam_status == PAM_USER_UNKNOWN) {
>++            pam_status = PAM_IGNORE;
>++        }
>++
>+         switch (task) {
>+             case SSS_PAM_AUTHENTICATE:
>+                 /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during
> -- 
>-1.8.0
>+1.8.5.3
> 
>-- 
>1.8.5.3

Actions: View | Diff

Attachments on bug 186545: 140079 | 140080