73 lines
2.4 KiB
Diff
73 lines
2.4 KiB
Diff
diff -ur pam_krb5-2.3.11-1.orig/src/auth.c pam_krb5-2.3.11-1/src/auth.c
|
|
--- pam_krb5-2.3.11-1.orig/src/auth.c 2010-09-21 15:58:10.021370000 +0200
|
|
+++ pam_krb5-2.3.11-1/src/auth.c 2010-09-21 17:02:33.329265000 +0200
|
|
@@ -522,13 +522,32 @@
|
|
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
|
int argc, PAM_KRB5_MAYBE_CONST char **argv)
|
|
{
|
|
+ krb5_context ctx;
|
|
+ struct _pam_krb5_options *options;
|
|
struct _pam_krb5_perms *saved_perms;
|
|
- notice("pam_setcred (%s) called",
|
|
- (flags & PAM_ESTABLISH_CRED)?"establish credential":
|
|
- (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":
|
|
- (flags & PAM_REFRESH_CRED)?"refresh credential":
|
|
- (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");
|
|
+
|
|
+ if (_pam_krb5_init_ctx(&ctx, argc, argv) != 0) {
|
|
+ warn("error initializing Kerberos");
|
|
+ return PAM_SERVICE_ERR;
|
|
+ }
|
|
+
|
|
+ options = _pam_krb5_options_init(pamh, argc, argv, ctx);
|
|
+ if (options == NULL) {
|
|
+ warn("error parsing options (shouldn't happen)");
|
|
+ krb5_free_context(ctx);
|
|
+ return PAM_SERVICE_ERR;
|
|
+ }
|
|
+
|
|
+ if (options->debug) {
|
|
+ debug("pam_setcred (%s) called",
|
|
+ (flags & PAM_ESTABLISH_CRED)?"establish credential":
|
|
+ (flags & PAM_REINITIALIZE_CRED)?"reinitialize credential":
|
|
+ (flags & PAM_REFRESH_CRED)?"refresh credential":
|
|
+ (flags & PAM_DELETE_CRED)?"delete credential":"unknown flag");
|
|
+ }
|
|
if (flags & PAM_ESTABLISH_CRED) {
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return pam_sm_open_session(pamh, flags, argc, argv);
|
|
}
|
|
if (flags & (PAM_REINITIALIZE_CRED | PAM_REFRESH_CRED)) {
|
|
@@ -541,19 +560,29 @@
|
|
}
|
|
saved_perms = NULL;
|
|
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return i;
|
|
} else {
|
|
- debug("looks unsafe - ignore refresh");
|
|
+ if (options->debug) {
|
|
+ debug("looks unsafe - ignore refresh");
|
|
+ }
|
|
if (saved_perms != NULL) {
|
|
_pam_krb5_restore_perms_r2e(saved_perms);
|
|
}
|
|
saved_perms = NULL;
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return PAM_IGNORE;
|
|
}
|
|
}
|
|
if (flags & PAM_DELETE_CRED) {
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return pam_sm_close_session(pamh, flags, argc, argv);
|
|
}
|
|
warn("pam_setcred() called with no flags. Assume PAM_ESTABLISH_CRED");
|
|
+ _pam_krb5_options_free(pamh, ctx, options);
|
|
+ krb5_free_context(ctx);
|
|
return pam_sm_open_session(pamh, (flags | PAM_ESTABLISH_CRED), argc, argv);
|
|
}
|