Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport of configurable prompting to sssd-1-16 #799

Closed
wants to merge 4 commits into from

Conversation

Projects
None yet
2 participants
@jhrozek
Copy link
Contributor

commented Apr 1, 2019

The backport was not exactly trivial, so I'm opening a separate PR. The last patch with the test is missing completely at this point, we also would need to backport 657f3b8 at least partially.

sumit-bose added some commits Mar 27, 2019

pam: introduce prompt_config struct
prompt_config is the internal struct to control the prompting of
pam_sss. To make it easy to change internal details when more options
are added it should be opaque and only accessed by getters and setter.

Related to https://pagure.io/SSSD/sssd/issue/3264

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit fa8ef7c)
authtok: add dedicated type for 2fa with single string
Currently the password type is used to send two-factor authentication
credentials entered in a single string to the backend, This is
unreliable and only works properly if password authentication is not
available for the user as well.

To support 2FA credentials in a single string better a new authtok type
is added.

Related to https://pagure.io/SSSD/sssd/issue/3264

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit ac4b33f)
pam_sss: use configured prompting
If the responds of SSSD's PAM responder contains a prompt_config
structure use the content to prompt the user for credentials.

Related to https://pagure.io/SSSD/sssd/issue/3264

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit fc26b4a)
PAM: add initial prompting configuration
Add new section for sssd.conf to allow more flexible prompting during
authentication.

Related to https://pagure.io/SSSD/sssd/issue/3264

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit a4d1785)
@sumit-bose

This comment has been minimized.

Copy link
Contributor

commented Apr 3, 2019

Hi Jakub,

the backports are ok. Please find a backport of the integration test and a dependency in the last two commits in https://github.com/sumit-bose/sssd/commits/pam_sss_configurable_2fa_prompting-1-16.

bye,
Sumit

@jhrozek

This comment has been minimized.

Copy link
Contributor Author

commented Apr 3, 2019

Thanks for backporting the tests, I also added this small hunk to make integration tests work:

diff --git a/src/tests/intg/getsockopt_wrapper.c b/src/tests/intg/getsockopt_wrapper.c
index 387f1445c..eb8fa56dd 100644
--- a/src/tests/intg/getsockopt_wrapper.c
+++ b/src/tests/intg/getsockopt_wrapper.c
@@ -9,6 +9,7 @@
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <dlfcn.h>
+#include <stdlib.h>

 static bool is_dbus_socket(int fd)
 {
@jhrozek

This comment has been minimized.

Copy link
Contributor Author

commented Apr 3, 2019

@jhrozek jhrozek closed this Apr 3, 2019

@jhrozek jhrozek added the Pushed label Apr 3, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.