From d59dabba6a601b9946679c2ddeb06208ea16daf79564e4d65b71c55cbd9ff49a Mon Sep 17 00:00:00 2001
From: Michael Calmer <mc@suse.com>
Date: Tue, 1 Mar 2011 16:43:02 +0000
Subject: [PATCH] - make pam_sm_setcred less verbose (bnc#641008)

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=17
---
 bug-641008_pam_krb5-2.3.11-setcred-log.diff | 72 +++++++++++++++++++++
 pam_krb5.changes                            |  5 ++
 pam_krb5.spec                               |  4 +-
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 bug-641008_pam_krb5-2.3.11-setcred-log.diff

diff --git a/bug-641008_pam_krb5-2.3.11-setcred-log.diff b/bug-641008_pam_krb5-2.3.11-setcred-log.diff
new file mode 100644
index 0000000..b59a302
--- /dev/null
+++ b/bug-641008_pam_krb5-2.3.11-setcred-log.diff
@@ -0,0 +1,72 @@
+diff -ur pam_krb5-2.3.11-1.orig/src/auth.c pam_krb5-2.3.11-1/src/auth.c
+--- pam_krb5-2.3.11-1.orig/src/auth.c	2010-09-21 15:58:10.021370000 +0200
++++ pam_krb5-2.3.11-1/src/auth.c	2010-09-21 17:02:33.329265000 +0200
+@@ -522,13 +522,32 @@
+ pam_sm_setcred(pam_handle_t *pamh, int flags,
+ 	       int argc, PAM_KRB5_MAYBE_CONST char **argv)
+ {
++	krb5_context ctx;
++	struct _pam_krb5_options *options;
+ 	struct _pam_krb5_perms *saved_perms;
+-	notice("pam_setcred (%s) called",
+-		   (flags & PAM_ESTABLISH_CRED)?"establish credential":
+-		   (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":
+-		   (flags & PAM_REFRESH_CRED)?"refresh credential":
+-		   (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");
++
++	if (_pam_krb5_init_ctx(&ctx, argc, argv) != 0) {
++		warn("error initializing Kerberos");
++		return PAM_SERVICE_ERR;
++	}
++
++	options = _pam_krb5_options_init(pamh, argc, argv, ctx);
++	if (options == NULL) {
++		warn("error parsing options (shouldn't happen)");
++		krb5_free_context(ctx);
++		return PAM_SERVICE_ERR;
++	}
++
++	if (options->debug) {
++		debug("pam_setcred (%s) called",
++			   (flags & PAM_ESTABLISH_CRED)?"establish credential":
++			   (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":
++			   (flags & PAM_REFRESH_CRED)?"refresh credential":
++			   (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");
++  	}
+ 	if (flags & PAM_ESTABLISH_CRED) {
++		_pam_krb5_options_free(pamh, ctx, options);
++		krb5_free_context(ctx);
+ 		return pam_sm_open_session(pamh, flags, argc, argv);
+ 	}
+ 	if (flags & (PAM_REINITIALIZE_CRED | PAM_REFRESH_CRED)) {
+@@ -541,19 +560,29 @@
+ 			}
+ 			saved_perms = NULL;
+ 
++			_pam_krb5_options_free(pamh, ctx, options);
++			krb5_free_context(ctx);
+ 			return i;
+ 		} else {
+-			debug("looks unsafe - ignore refresh");
++			if (options->debug) {
++				debug("looks unsafe - ignore refresh");
++			}	
+ 			if (saved_perms != NULL) {
+ 				_pam_krb5_restore_perms_r2e(saved_perms);
+ 			}
+ 			saved_perms = NULL;
++			_pam_krb5_options_free(pamh, ctx, options);
++			krb5_free_context(ctx);
+ 			return PAM_IGNORE;
+ 		}
+ 	}
+ 	if (flags & PAM_DELETE_CRED) {
++		_pam_krb5_options_free(pamh, ctx, options);
++		krb5_free_context(ctx);
+ 		return pam_sm_close_session(pamh, flags, argc, argv);
+ 	}
+ 	warn("pam_setcred() called with no flags. Assume PAM_ESTABLISH_CRED");
++	_pam_krb5_options_free(pamh, ctx, options);
++	krb5_free_context(ctx);
+ 	return pam_sm_open_session(pamh, (flags | PAM_ESTABLISH_CRED), argc, argv);
+ }
diff --git a/pam_krb5.changes b/pam_krb5.changes
index dd7afc9..3786c1f 100644
--- a/pam_krb5.changes
+++ b/pam_krb5.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Mar  1 17:41:57 CET 2011 - mc@suse.de
+
+- make pam_sm_setcred less verbose (bnc#641008) 
+
 -------------------------------------------------------------------
 Fri Nov 19 10:44:35 UTC 2010 - coolo@novell.com
 
diff --git a/pam_krb5.spec b/pam_krb5.spec
index 5530e5b..682619d 100644
--- a/pam_krb5.spec
+++ b/pam_krb5.spec
@@ -31,7 +31,7 @@ Obsoletes:      pam_krb5-64bit
 %endif
 #
 Version:        2.3.11
-Release:        1
+Release:        4
 Summary:        PAM Module for Kerberos Authentication
 Url:            http://sourceforge.net/projects/pam-krb5/
 Source:         pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
@@ -42,6 +42,7 @@ Patch2:         pam_krb5-2.3.1-log-choise.dif
 Patch3:         pam_krb5-LINGUAS.dif
 Patch4:         pam_krb5-2.3.1-switch-perms-on-refresh.dif
 Patch5:         pam_krb5-2.2.3-1-setcred-assume-establish.dif
+Patch6:         bug-641008_pam_krb5-2.3.11-setcred-log.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -56,6 +57,7 @@ supports updating your Kerberos password.
 %patch3
 %patch4 -p1
 %patch5
+%patch6 -p1
 
 %build
 CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE "         \