|
 |
ecf709 |
From 6edf41eba3cec8aa40dffaf639cd5c7756db310e Mon Sep 17 00:00:00 2001
|
|
|
ecf709 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
ecf709 |
Date: Wed, 10 May 2017 17:13:48 +0200
|
|
|
ecf709 |
Subject: [PATCH 160/160] sssctl: show user name used for authentication in
|
|
|
ecf709 |
user-checks
|
|
|
ecf709 |
MIME-Version: 1.0
|
|
|
ecf709 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ecf709 |
Content-Transfer-Encoding: 8bit
|
|
|
ecf709 |
|
|
|
ecf709 |
Since there are cases where the user name is not entered directly but
|
|
|
ecf709 |
determined by other means the user-checks should show the name of the
|
|
|
ecf709 |
user used for authentication.
|
|
|
ecf709 |
|
|
|
ecf709 |
Related to https://pagure.io/SSSD/sssd/issue/3395
|
|
|
ecf709 |
|
|
|
ecf709 |
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
|
|
|
ecf709 |
(cherry picked from commit b130adaa3934d0531aca0f32961ab8b4cc720820)
|
|
|
ecf709 |
---
|
|
|
ecf709 |
src/tools/sssctl/sssctl_user_checks.c | 11 ++++++++++-
|
|
|
ecf709 |
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
|
ecf709 |
|
|
|
ecf709 |
diff --git a/src/tools/sssctl/sssctl_user_checks.c b/src/tools/sssctl/sssctl_user_checks.c
|
|
|
ecf709 |
index 7c7b564bd29100382c9bbef7a3131c379e9aa97e..d5cd8a1b42e84aa96df95ed39905c864a38212b7 100644
|
|
|
ecf709 |
--- a/src/tools/sssctl/sssctl_user_checks.c
|
|
|
ecf709 |
+++ b/src/tools/sssctl/sssctl_user_checks.c
|
|
|
ecf709 |
@@ -200,6 +200,8 @@ errno_t sssctl_user_checks(struct sss_cmdline *cmdline,
|
|
|
ecf709 |
const char *action = DEFAULT_ACTION;
|
|
|
ecf709 |
const char *service = DEFAULT_SERVICE;
|
|
|
ecf709 |
int ret;
|
|
|
ecf709 |
+ int pret;
|
|
|
ecf709 |
+ const char *pam_user = NULL;
|
|
|
ecf709 |
size_t c;
|
|
|
ecf709 |
char **pam_env;
|
|
|
ecf709 |
|
|
|
ecf709 |
@@ -246,7 +248,14 @@ errno_t sssctl_user_checks(struct sss_cmdline *cmdline,
|
|
|
ecf709 |
if ( strncmp(action, "auth", 4)== 0 ) {
|
|
|
ecf709 |
fprintf(stdout, _("testing pam_authenticate\n\n"));
|
|
|
ecf709 |
ret = pam_authenticate(pamh, 0);
|
|
|
ecf709 |
- fprintf(stderr, _("pam_authenticate: %s\n\n"), pam_strerror(pamh, ret));
|
|
|
ecf709 |
+ pret = pam_get_item(pamh, PAM_USER, (const void **) &pam_user);
|
|
|
ecf709 |
+ if (pret != PAM_SUCCESS) {
|
|
|
ecf709 |
+ fprintf(stderr, _("pam_get_item failed: %s\n"), pam_strerror(pamh,
|
|
|
ecf709 |
+ pret));
|
|
|
ecf709 |
+ pam_user = "- not available -";
|
|
|
ecf709 |
+ }
|
|
|
ecf709 |
+ fprintf(stderr, _("pam_authenticate for user [%s]: %s\n\n"), pam_user,
|
|
|
ecf709 |
+ pam_strerror(pamh, ret));
|
|
|
ecf709 |
} else if ( strncmp(action, "chau", 4)== 0 ) {
|
|
|
ecf709 |
fprintf(stdout, _("testing pam_chauthtok\n\n"));
|
|
|
ecf709 |
ret = pam_chauthtok(pamh, 0);
|
|
|
ecf709 |
--
|
|
|
ecf709 |
2.9.4
|
|
|
ecf709 |
|