diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-20 15:22:34 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-20 15:22:34 +0000 |
| commit | ed95a928eb095f8585bf216a05182a3e30cc9886 (patch) | |
| tree | e5039e4c6176a9a4e91f31942e6d2329ff7cc40e /src/sss_client | |
| parent | Adding upstream version 2.9.4. (diff) | |
| download | sssd-upstream/2.9.5.tar.xz sssd-upstream/2.9.5.zip | |
Adding upstream version 2.9.5.upstream/2.9.5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/sss_client')
| -rw-r--r-- | src/sss_client/common.c | 16 | ||||
| -rw-r--r-- | src/sss_client/pam_sss.c | 22 |
2 files changed, 26 insertions, 12 deletions
diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 702d059..32555ed 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -93,8 +93,22 @@ void sss_cli_close_socket(void) #ifdef HAVE_PTHREAD_EXT static void sss_at_thread_exit(void *v) { - sss_cli_close_socket(); + /* At this point the key value is already set to NULL and the only way to + * access the data from the value is via the argument passed to the + * destructor (sss_at_thread_exit). See e.g. + * https://www.man7.org/linux/man-pages/man3/pthread_key_create.3p.html + * for details. */ + + struct sss_socket_descriptor_t *descriptor = (struct sss_socket_descriptor_t *) v; + + if (descriptor->sd != -1) { + close(descriptor->sd); + descriptor->sd = -1; + } + free(v); + + /* Most probably redudant, but better safe than sorry. */ pthread_setspecific(sss_sd_key, NULL); } diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index a1c3536..41a528d 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -2544,17 +2544,7 @@ static int get_authtok_for_authentication(pam_handle_t *pamh, } else if (pi->pc != NULL) { ret = prompt_by_config(pamh, pi); } else { - if (flags & PAM_CLI_FLAGS_USE_2FA - || (pi->otp_vendor != NULL && pi->otp_token_id != NULL - && pi->otp_challenge != NULL)) { - if (pi->password_prompting) { - ret = prompt_2fa(pamh, pi, _("First Factor: "), - _("Second Factor (optional): ")); - } else { - ret = prompt_2fa(pamh, pi, _("First Factor: "), - _("Second Factor: ")); - } - } else if (pi->cert_list != NULL) { + if (pi->cert_list != NULL) { if (pi->cert_list->next == NULL) { /* Only one certificate */ pi->selected_cert = pi->cert_list; @@ -2570,6 +2560,16 @@ static int get_authtok_for_authentication(pam_handle_t *pamh, || (pi->flags & PAM_CLI_FLAGS_REQUIRE_CERT_AUTH)) { /* Use pin prompt as fallback for gdm-smartcard */ ret = prompt_sc_pin(pamh, pi); + } else if (flags & PAM_CLI_FLAGS_USE_2FA + || (pi->otp_vendor != NULL && pi->otp_token_id != NULL + && pi->otp_challenge != NULL)) { + if (pi->password_prompting) { + ret = prompt_2fa(pamh, pi, _("First Factor: "), + _("Second Factor (optional): ")); + } else { + ret = prompt_2fa(pamh, pi, _("First Factor: "), + _("Second Factor: ")); + } } else if (pi->passkey_prompt_pin) { ret = prompt_passkey(pamh, pi, _("Insert your passkey device, then press ENTER."), |