c4c1d3c115
* drop configuration settings that duplicated library settings * drop the existing_ticket option * drop krb4 support * add support for preserving configuration information in ccaches * add support for creating and cleaning up DIR: ccaches * finish cleaning up KEYRING: ccaches * add experimental "armor" and "armor_strategy" options * handle creation of /run/user/XXX for FILE: and DIR: caches * handle different function signatures for krb5_trace_callback * avoid overriding the primary when updating DIR: caches - obsolets patches (upstream): * pam_krb5-2.2.0-0.5-configure_ac.dif * use-urandom-for-tests.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam_krb5?expand=0&rev=26
76 lines
2.5 KiB
Diff
76 lines
2.5 KiB
Diff
Index: pam_krb5-2.4.4/src/auth.c
|
|
===================================================================
|
|
--- pam_krb5-2.4.4.orig/src/auth.c
|
|
+++ pam_krb5-2.4.4/src/auth.c
|
|
@@ -434,13 +434,32 @@ int
|
|
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
|
int argc, PAM_KRB5_MAYBE_CONST char **argv)
|
|
{
|
|
+ krb5_context ctx;
|
|
+ struct _pam_krb5_options *options;
|
|
struct _pam_krb5_perms *saved_perms;
|
|
- notice("pam_setcred (%s) called",
|
|
- (flags & PAM_ESTABLISH_CRED)?"establish credential":
|
|
- (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":
|
|
- (flags & PAM_REFRESH_CRED)?"refresh credential":
|
|
- (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");
|
|
+
|
|
+ if (_pam_krb5_init_ctx(&ctx, argc, argv) != 0) {
|
|
+ warn("error initializing Kerberos");
|
|
+ return PAM_SERVICE_ERR;
|
|
+ }
|
|
+
|
|
+ options = _pam_krb5_options_init(pamh, argc, argv, ctx);
|
|
+ if (options == NULL) {
|
|
+ warn("error parsing options (shouldn't happen)");
|
|
+ krb5_free_context(ctx);
|
|
+ return PAM_SERVICE_ERR;
|
|
+ }
|
|
+
|
|
+ if (options->debug) {
|
|
+ debug("pam_setcred (%s) called",
|
|
+ (flags & PAM_ESTABLISH_CRED)?"establish credential":
|
|
+ (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":
|
|
+ (flags & PAM_REFRESH_CRED)?"refresh credential":
|
|
+ (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");
|
|
+ }
|
|
if (flags & PAM_ESTABLISH_CRED) {
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return _pam_krb5_open_session(pamh, flags, argc, argv,
|
|
"pam_setcred(PAM_ESTABLISH_CRED)",
|
|
_pam_krb5_session_caller_setcred);
|
|
@@ -455,21 +474,31 @@ pam_sm_setcred(pam_handle_t *pamh, int f
|
|
}
|
|
saved_perms = NULL;
|
|
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return i;
|
|
} else {
|
|
- debug("looks unsafe - ignore refresh");
|
|
+ if (options->debug) {
|
|
+ debug("looks unsafe - ignore refresh");
|
|
+ }
|
|
if (saved_perms != NULL) {
|
|
_pam_krb5_restore_perms_r2e(saved_perms);
|
|
}
|
|
saved_perms = NULL;
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return PAM_IGNORE;
|
|
}
|
|
}
|
|
if (flags & PAM_DELETE_CRED) {
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return _pam_krb5_close_session(pamh, flags, argc, argv,
|
|
"pam_setcred(PAM_DELETE_CRED)",
|
|
_pam_krb5_session_caller_setcred);
|
|
}
|
|
warn("pam_setcred() called with no flags. Assume PAM_ESTABLISH_CRED");
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return pam_sm_open_session(pamh, (flags | PAM_ESTABLISH_CRED), argc, argv);
|
|
}
|