pam_krb5/pam_krb5-2.3.1-log-choise.dif

Index: pam_krb5-2.4.4/src/acct.c
===================================================================
--- pam_krb5-2.4.4.orig/src/acct.c
+++ pam_krb5-2.4.4/src/acct.c
@@ -89,6 +89,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int
 		_pam_krb5_free_ctx(ctx);
 		return PAM_SERVICE_ERR;
 	}
+	if (options->debug) {
+		debug("pam_acct_mgmt called for '%s', realm '%s'", user,
+			  options->realm);
+	}
 
 	/* Get information about the user and the user's principal name. */
 	userinfo = _pam_krb5_user_info_init(ctx, user, options);
Index: pam_krb5-2.4.4/src/auth.c
===================================================================
--- pam_krb5-2.4.4.orig/src/auth.c
+++ pam_krb5-2.4.4/src/auth.c
@@ -108,9 +108,10 @@ pam_sm_authenticate(pam_handle_t *pamh,
 		return PAM_SERVICE_ERR;
 	}
 	if (options->debug) {
-		debug("called to authenticate '%s', realm '%s'", user,
-		      options->realm);
+		debug("pam_authenticate called for '%s', realm '%s'", user,
+			  options->realm);
 	}
+
 	_pam_krb5_set_init_opts(ctx, gic_options, options);
 
 	/* Prompt for the password, as we might need to. */
@@ -432,6 +433,11 @@ int
 pam_sm_setcred(pam_handle_t *pamh, int flags,
 	       int argc, PAM_KRB5_MAYBE_CONST char **argv)
 {
+	notice("pam_setcred (%s) called",
+		   (flags & PAM_ESTABLISH_CRED)?"establish credential":
+		   (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":
+		   (flags & PAM_REFRESH_CRED)?"refresh credential":
+		   (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");
 	if (flags & PAM_ESTABLISH_CRED) {
 		return _pam_krb5_open_session(pamh, flags, argc, argv,
 					      "pam_setcred(PAM_ESTABLISH_CRED)",
Index: pam_krb5-2.4.4/src/password.c
===================================================================
--- pam_krb5-2.4.4.orig/src/password.c
+++ pam_krb5-2.4.4/src/password.c
@@ -110,6 +110,16 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
 		_pam_krb5_free_ctx(ctx);
 		return PAM_SERVICE_ERR;
 	}
+	if (options->debug) {
+		debug("pam_chauthtok called (%s) for '%s', realm '%s'",
+			   (flags & PAM_PRELIM_CHECK) ?
+			   "preliminary check" :
+			   ((flags & PAM_UPDATE_AUTHTOK) ?
+				"updating authtok":
+				"unknown phase"),
+			   user,
+			   options->realm);
+	}
 	_pam_krb5_set_init_opts(ctx, gic_options, options);
 
 	/* Get information about the user and the user's principal name. */
Index: pam_krb5-2.4.4/src/session.c
===================================================================
--- pam_krb5-2.4.4.orig/src/session.c
+++ pam_krb5-2.4.4/src/session.c
@@ -97,6 +97,10 @@ _pam_krb5_open_session(pam_handle_t *pam
 		_pam_krb5_free_ctx(ctx);
 		return PAM_SERVICE_ERR;
 	}
+	if (options->debug) {
+		debug("pam_open_session called for '%s', realm '%s'", user,
+			  options->realm);
+	}
 
 	/* If we're in a no-cred-session situation, return. */
 	if ((!options->cred_session) &&
@@ -301,7 +305,10 @@ _pam_krb5_close_session(pam_handle_t *pa
 		_pam_krb5_free_ctx(ctx);
 		return PAM_SUCCESS;
 	}
-
+	if (options->debug) {
+		debug("pam_close_session called for '%s', realm '%s'", user,
+			  options->realm);
+	}
 	/* Get information about the user and the user's principal name. */
 	userinfo = _pam_krb5_user_info_init(ctx, user, options);
 	if (userinfo == NULL) {
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`Index: pam_krb5-2.4.4/src/acct.c`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`===================================================================`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`--- pam_krb5-2.4.4.orig/src/acct.c`
			`+++ pam_krb5-2.4.4/src/acct.c`
			`@@ -89,6 +89,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int`
			`_pam_krb5_free_ctx(ctx);`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`return PAM_SERVICE_ERR;`
			`}`
			`+ if (options->debug) {`
			`+ debug("pam_acct_mgmt called for '%s', realm '%s'", user,`
			`+ options->realm);`
			`+ }`

			`/* Get information about the user and the user's principal name. */`
Accepting request 25421 from Linux-PAM Copy from Linux-PAM/pam_krb5 based on submit request 25421 from user coolo OBS-URL: https://build.opensuse.org/request/show/25421 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=36 2009-12-04 12:45:41 +01:00			`userinfo = _pam_krb5_user_info_init(ctx, user, options);`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`Index: pam_krb5-2.4.4/src/auth.c`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`===================================================================`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`--- pam_krb5-2.4.4.orig/src/auth.c`
			`+++ pam_krb5-2.4.4/src/auth.c`
			`@@ -108,9 +108,10 @@ pam_sm_authenticate(pam_handle_t *pamh,`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`return PAM_SERVICE_ERR;`
			`}`
			`if (options->debug) {`
			`- debug("called to authenticate '%s', realm '%s'", user,`
			`- options->realm);`
			`+ debug("pam_authenticate called for '%s', realm '%s'", user,`
			`+ options->realm);`
			`}`
			`+`
			`_pam_krb5_set_init_opts(ctx, gic_options, options);`

Accepting request 25421 from Linux-PAM Copy from Linux-PAM/pam_krb5 based on submit request 25421 from user coolo OBS-URL: https://build.opensuse.org/request/show/25421 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=36 2009-12-04 12:45:41 +01:00			`/* Prompt for the password, as we might need to. */`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`@@ -432,6 +433,11 @@ int`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`pam_sm_setcred(pam_handle_t *pamh, int flags,`
			`int argc, PAM_KRB5_MAYBE_CONST char **argv)`
			`{`
			`+ notice("pam_setcred (%s) called",`
			`+ (flags & PAM_ESTABLISH_CRED)?"establish credential":`
			`+ (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":`
			`+ (flags & PAM_REFRESH_CRED)?"refresh credential":`
			`+ (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");`
			`if (flags & PAM_ESTABLISH_CRED) {`
Accepting request 79471 from home:mcalmer:branches:network - update to version 2.3.13 * don't bother creating a v5 ccache in "external" mode * add a "trace" option to enable libkrb5 tracing, if available * avoid trying to get password-change creds twice * use an in-memory ccache when obtaining tokens using v5 creds * turn off creds==session in "sshd" * add a "validate_user_user" option to control trying to perform user-to-user authentication to validate TGTs when a keytab is not available * add an "ignore_k5login" option to control whether or not the module will use the krb5_kuserok() function to perform additional authorization checks * turn on validation by default - verify_ap_req_nofail controls how we treat errors reading keytab files now * add an "always_allow_localname" option when we can use krb5_aname_to_localname() to second-guess the krb5_kuserok() check * prefer krb5_change_password() to krb5_set_password() OBS-URL: https://build.opensuse.org/request/show/79471 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=19 2011-08-22 10:25:27 +02:00			`return _pam_krb5_open_session(pamh, flags, argc, argv,`
			`"pam_setcred(PAM_ESTABLISH_CRED)",`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`Index: pam_krb5-2.4.4/src/password.c`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`===================================================================`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`--- pam_krb5-2.4.4.orig/src/password.c`
			`+++ pam_krb5-2.4.4/src/password.c`
			`@@ -110,6 +110,16 @@ pam_sm_chauthtok(pam_handle_t *pamh, int`
			`_pam_krb5_free_ctx(ctx);`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`return PAM_SERVICE_ERR;`
			`}`
			`+ if (options->debug) {`
			`+ debug("pam_chauthtok called (%s) for '%s', realm '%s'",`
			`+ (flags & PAM_PRELIM_CHECK) ?`
			`+ "preliminary check" :`
			`+ ((flags & PAM_UPDATE_AUTHTOK) ?`
			`+ "updating authtok":`
			`+ "unknown phase"),`
			`+ user,`
			`+ options->realm);`
			`+ }`
			`_pam_krb5_set_init_opts(ctx, gic_options, options);`

			`/* Get information about the user and the user's principal name. */`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`Index: pam_krb5-2.4.4/src/session.c`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`===================================================================`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`--- pam_krb5-2.4.4.orig/src/session.c`
			`+++ pam_krb5-2.4.4/src/session.c`
			`@@ -97,6 +97,10 @@ _pam_krb5_open_session(pam_handle_t *pam`
			`_pam_krb5_free_ctx(ctx);`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`return PAM_SERVICE_ERR;`
			`}`
			`+ if (options->debug) {`
			`+ debug("pam_open_session called for '%s', realm '%s'", user,`
			`+ options->realm);`
			`+ }`

Accepting request 79471 from home:mcalmer:branches:network - update to version 2.3.13 * don't bother creating a v5 ccache in "external" mode * add a "trace" option to enable libkrb5 tracing, if available * avoid trying to get password-change creds twice * use an in-memory ccache when obtaining tokens using v5 creds * turn off creds==session in "sshd" * add a "validate_user_user" option to control trying to perform user-to-user authentication to validate TGTs when a keytab is not available * add an "ignore_k5login" option to control whether or not the module will use the krb5_kuserok() function to perform additional authorization checks * turn on validation by default - verify_ap_req_nofail controls how we treat errors reading keytab files now * add an "always_allow_localname" option when we can use krb5_aname_to_localname() to second-guess the krb5_kuserok() check * prefer krb5_change_password() to krb5_set_password() OBS-URL: https://build.opensuse.org/request/show/79471 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=19 2011-08-22 10:25:27 +02:00			`/* If we're in a no-cred-session situation, return. */`
			`if ((!options->cred_session) &&`
- update to version 2.4.4 * drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26 2013-04-16 11:12:50 +02:00			`@@ -301,7 +305,10 @@ _pam_krb5_close_session(pam_handle_t *pa`
			`_pam_krb5_free_ctx(ctx);`
Accepting request 79471 from home:mcalmer:branches:network - update to version 2.3.13 * don't bother creating a v5 ccache in "external" mode * add a "trace" option to enable libkrb5 tracing, if available * avoid trying to get password-change creds twice * use an in-memory ccache when obtaining tokens using v5 creds * turn off creds==session in "sshd" * add a "validate_user_user" option to control trying to perform user-to-user authentication to validate TGTs when a keytab is not available * add an "ignore_k5login" option to control whether or not the module will use the krb5_kuserok() function to perform additional authorization checks * turn on validation by default - verify_ap_req_nofail controls how we treat errors reading keytab files now * add an "always_allow_localname" option when we can use krb5_aname_to_localname() to second-guess the krb5_kuserok() check * prefer krb5_change_password() to krb5_set_password() OBS-URL: https://build.opensuse.org/request/show/79471 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=19 2011-08-22 10:25:27 +02:00			`return PAM_SUCCESS;`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=18 2008-06-24 01:15:09 +02:00			`}`
			`-`
			`+ if (options->debug) {`
			`+ debug("pam_close_session called for '%s', realm '%s'", user,`
			`+ options->realm);`
			`+ }`
			`/* Get information about the user and the user's principal name. */`
Accepting request 25421 from Linux-PAM Copy from Linux-PAM/pam_krb5 based on submit request 25421 from user coolo OBS-URL: https://build.opensuse.org/request/show/25421 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_krb5?expand=0&rev=36 2009-12-04 12:45:41 +01:00			`userinfo = _pam_krb5_user_info_init(ctx, user, options);`
			`if (userinfo == NULL) {`