129 lines
4.3 KiB
Plaintext
129 lines
4.3 KiB
Plaintext
Index: src/v5.c
|
|
===================================================================
|
|
--- src/v5.c.orig
|
|
+++ src/v5.c
|
|
@@ -1,5 +1,5 @@
|
|
/*
|
|
- * Copyright 2003,2004,2005,2006,2007 Red Hat, Inc.
|
|
+ * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
@@ -889,11 +889,19 @@ v5_get_creds(krb5_context ctx,
|
|
tmpcreds.server = service_principal;
|
|
i = krb5_cc_retrieve_cred(ctx, ccache, 0,
|
|
&tmpcreds, creds);
|
|
- /* FIXME: check if the creds are expired?
|
|
- * What's the right error code if we check, and
|
|
- * they are? */
|
|
memset(&tmpcreds, 0, sizeof(tmpcreds));
|
|
krb5_cc_close(ctx, ccache);
|
|
+ switch (v5_validate(ctx, creds, options)) {
|
|
+ case 0:
|
|
+ /* we're fine */
|
|
+ break;
|
|
+ default:
|
|
+ /* something (anything) went wrong --
|
|
+ * discard them */
|
|
+ krb5_free_cred_contents(ctx, creds);
|
|
+ i = KRB5KRB_ERR_GENERIC;
|
|
+ break;
|
|
+ }
|
|
} else {
|
|
warn("error opening default ccache");
|
|
i = KRB5_CC_NOTFOUND;
|
|
Index: configure.ac
|
|
===================================================================
|
|
--- configure.ac.orig
|
|
+++ configure.ac
|
|
@@ -360,6 +360,18 @@ if test x$keyutils != xno ; then
|
|
AC_SUBST(KEYUTILS_LIBS)
|
|
fi
|
|
|
|
+AC_MSG_CHECKING(whether to link directly with libpam)
|
|
+AC_ARG_WITH(libpam,
|
|
+[AC_HELP_STRING(--without-libpam,[Refrain from linking directly with libpam.])],
|
|
+ [with_libpam=$withval],
|
|
+ [with_libpam=yes])
|
|
+if test "$with_libpam" != no ; then
|
|
+ AC_MSG_RESULT(yes)
|
|
+else
|
|
+ AC_MSG_RESULT(no)
|
|
+fi
|
|
+AM_CONDITIONAL(WITH_DIRECT_LIBPAM,test "$with_libpam" != no)
|
|
+
|
|
AC_ARG_ENABLE(default-realm,AC_HELP_STRING([--enable-default-realm=REALM],[last-ditch fallback realm (default is EXAMPLE.COM)]),default_realm=$enableval,default_realm=EXAMPLE.COM)
|
|
AC_DEFINE_UNQUOTED(DEFAULT_REALM,"$default_realm",[Define to the realm name which will be used if no realm is given as a parameter and none is given in krb5.conf.])
|
|
AC_MSG_RESULT([Using "$default_realm" as the default realm.])
|
|
Index: src/Makefile.am
|
|
===================================================================
|
|
--- src/Makefile.am.orig
|
|
+++ src/Makefile.am
|
|
@@ -21,6 +21,12 @@ man_MANS += afs5log.1
|
|
noinst_PROGRAMS += pagsh
|
|
endif
|
|
|
|
+if WITH_DIRECT_LIBPAM
|
|
+DIRECT_LIBPAM = -lpam
|
|
+else
|
|
+DIRECT_LIBPAM =
|
|
+endif
|
|
+
|
|
libpam_krb5_la_SOURCES = \
|
|
conv.c \
|
|
conv.h \
|
|
@@ -47,7 +53,7 @@ libpam_krb5_la_SOURCES = \
|
|
v5.h
|
|
|
|
pam_krb5_la_LDFLAGS = -avoid-version -export-dynamic -module -export-symbols-regex 'pam_sm.*' @SYMBOLIC_LINKER_FLAG@
|
|
-pam_krb5_la_LIBADD = libpam_krb5.la @KRB5_LIBS@ @KRB4_LIBS@ @KEYUTILS_LIBS@
|
|
+pam_krb5_la_LIBADD = libpam_krb5.la @KRB5_LIBS@ @KRB4_LIBS@ @KEYUTILS_LIBS@ $(DIRECT_LIBPAM)
|
|
pam_krb5_la_SOURCES = \
|
|
initopts.c \
|
|
initopts.h \
|
|
Index: src/options.c
|
|
===================================================================
|
|
--- src/options.c.orig
|
|
+++ src/options.c
|
|
@@ -105,7 +105,8 @@ option_b(int argc, PAM_KRB5_MAYBE_CONST
|
|
ret = -1;
|
|
|
|
/* configured service yes */
|
|
- if ((ret == -1) && (service != NULL) && (strlen(service) > 0)) {
|
|
+ if ((ret == -1) && (realm != NULL) &&
|
|
+ (service != NULL) && (strlen(service) > 0)) {
|
|
list = option_l(argc, argv, ctx, realm, s, "");
|
|
for (i = 0; ((list != NULL) && (list[i] != NULL)); i++) {
|
|
if (strcmp(list[i], service) == 0) {
|
|
@@ -116,7 +117,8 @@ option_b(int argc, PAM_KRB5_MAYBE_CONST
|
|
}
|
|
|
|
/* configured service no */
|
|
- if ((ret == -1) && (service != NULL) && (strlen(service) > 0)) {
|
|
+ if ((ret == -1) && (realm != NULL) &&
|
|
+ (service != NULL) && (strlen(service) > 0)) {
|
|
for (i = 0; i < (sizeof(prefix) / sizeof(prefix[0])); i++) {
|
|
nots = malloc(strlen(prefix[i]) + strlen(s) + 1);
|
|
if (nots != NULL) {
|
|
@@ -142,7 +144,7 @@ option_b(int argc, PAM_KRB5_MAYBE_CONST
|
|
}
|
|
|
|
/* configured boolean */
|
|
- if (ret == -1) {
|
|
+ if ((ret == -1) && (realm != NULL)) {
|
|
v5_appdefault_boolean(ctx, realm, s, -1, &ret);
|
|
}
|
|
|
|
@@ -331,6 +333,11 @@ _pam_krb5_options_init(pam_handle_t *pam
|
|
_pam_krb5_get_item_text(pamh, PAM_SERVICE, &service);
|
|
}
|
|
|
|
+ /* command-line option */
|
|
+ options->debug = option_b(argc, argv, ctx, NULL,
|
|
+ service, NULL, NULL,
|
|
+ "debug", 0);
|
|
+
|
|
for (i = 0; i < argc; i++) {
|
|
if (strncmp(argv[i], "realm=", 6) == 0) {
|
|
if (options->realm != NULL) {
|