pam_krb5.c (174837) | pam_krb5.c (207553) |
---|---|
1/*- 2 * This pam_krb5 module contains code that is: 3 * Copyright (c) Derrick J. Brashear, 1996. All rights reserved. 4 * Copyright (c) Frank Cusack, 1999-2001. All rights reserved. 5 * Copyright (c) Jacques A. Vidrine, 2000-2001. All rights reserved. 6 * Copyright (c) Nicolas Williams, 2001. All rights reserved. 7 * Copyright (c) Perot Systems Corporation, 2001. All rights reserved. 8 * Copyright (c) Mark R V Murray, 2001. All rights reserved. --- 34 unchanged lines hidden (view full) --- 43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 * OF THE POSSIBILITY OF SUCH DAMAGE. 47 * 48 */ 49 50#include <sys/cdefs.h> | 1/*- 2 * This pam_krb5 module contains code that is: 3 * Copyright (c) Derrick J. Brashear, 1996. All rights reserved. 4 * Copyright (c) Frank Cusack, 1999-2001. All rights reserved. 5 * Copyright (c) Jacques A. Vidrine, 2000-2001. All rights reserved. 6 * Copyright (c) Nicolas Williams, 2001. All rights reserved. 7 * Copyright (c) Perot Systems Corporation, 2001. All rights reserved. 8 * Copyright (c) Mark R V Murray, 2001. All rights reserved. --- 34 unchanged lines hidden (view full) --- 43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 * OF THE POSSIBILITY OF SUCH DAMAGE. 47 * 48 */ 49 50#include <sys/cdefs.h> |
51__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_krb5/pam_krb5.c 174837 2007-12-21 12:00:16Z des $"); | 51__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_krb5/pam_krb5.c 207553 2010-05-03 07:32:24Z mm $"); |
52 53#include <sys/types.h> 54#include <sys/stat.h> 55#include <errno.h> 56#include <limits.h> 57#include <pwd.h> 58#include <stdio.h> 59#include <stdlib.h> --- 24 unchanged lines hidden (view full) --- 84#define USER_PROMPT "Username: " 85#define PASSWORD_PROMPT "Password:" 86#define NEW_PASSWORD_PROMPT "New Password:" 87 88#define PAM_OPT_CCACHE "ccache" 89#define PAM_OPT_DEBUG "debug" 90#define PAM_OPT_FORWARDABLE "forwardable" 91#define PAM_OPT_NO_CCACHE "no_ccache" | 52 53#include <sys/types.h> 54#include <sys/stat.h> 55#include <errno.h> 56#include <limits.h> 57#include <pwd.h> 58#include <stdio.h> 59#include <stdlib.h> --- 24 unchanged lines hidden (view full) --- 84#define USER_PROMPT "Username: " 85#define PASSWORD_PROMPT "Password:" 86#define NEW_PASSWORD_PROMPT "New Password:" 87 88#define PAM_OPT_CCACHE "ccache" 89#define PAM_OPT_DEBUG "debug" 90#define PAM_OPT_FORWARDABLE "forwardable" 91#define PAM_OPT_NO_CCACHE "no_ccache" |
92#define PAM_OPT_NO_USER_CHECK "no_user_check" |
|
92#define PAM_OPT_REUSE_CCACHE "reuse_ccache" 93 94/* 95 * authentication management 96 */ 97PAM_EXTERN int 98pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, 99 int argc __unused, const char *argv[] __unused) --- 89 unchanged lines hidden (view full) --- 189 190 /* Get password */ 191 retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, PASSWORD_PROMPT); 192 if (retval != PAM_SUCCESS) 193 goto cleanup2; 194 195 PAM_LOG("Got password"); 196 | 93#define PAM_OPT_REUSE_CCACHE "reuse_ccache" 94 95/* 96 * authentication management 97 */ 98PAM_EXTERN int 99pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, 100 int argc __unused, const char *argv[] __unused) --- 89 unchanged lines hidden (view full) --- 190 191 /* Get password */ 192 retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, PASSWORD_PROMPT); 193 if (retval != PAM_SUCCESS) 194 goto cleanup2; 195 196 PAM_LOG("Got password"); 197 |
198 if (openpam_get_option(pamh, PAM_OPT_NO_USER_CHECK)) 199 PAM_LOG("Skipping local user check"); 200 else { 201 |
|
197 /* Verify the local user exists (AFTER getting the password) */ 198 if (strchr(user, '@')) { 199 /* get a local account name for this principal */ 200 krbret = krb5_aname_to_localname(pam_context, princ, 201 sizeof(luser), luser); 202 if (krbret != 0) { 203 PAM_VERBOSE_ERROR("Kerberos 5 error"); 204 PAM_LOG("Error krb5_aname_to_localname(): %s", --- 11 unchanged lines hidden (view full) --- 216 217 pwd = getpwnam(user); 218 if (pwd == NULL) { 219 retval = PAM_USER_UNKNOWN; 220 goto cleanup2; 221 } 222 223 PAM_LOG("Done getpwnam()"); | 202 /* Verify the local user exists (AFTER getting the password) */ 203 if (strchr(user, '@')) { 204 /* get a local account name for this principal */ 205 krbret = krb5_aname_to_localname(pam_context, princ, 206 sizeof(luser), luser); 207 if (krbret != 0) { 208 PAM_VERBOSE_ERROR("Kerberos 5 error"); 209 PAM_LOG("Error krb5_aname_to_localname(): %s", --- 11 unchanged lines hidden (view full) --- 221 222 pwd = getpwnam(user); 223 if (pwd == NULL) { 224 retval = PAM_USER_UNKNOWN; 225 goto cleanup2; 226 } 227 228 PAM_LOG("Done getpwnam()"); |
229 } |
|
224 225 /* Get a TGT */ 226 memset(&creds, 0, sizeof(krb5_creds)); 227 krbret = krb5_get_init_creds_password(pam_context, &creds, princ, 228 pass, NULL, pamh, 0, NULL, &opts); 229 if (krbret != 0) { 230 PAM_VERBOSE_ERROR("Kerberos 5 error"); 231 PAM_LOG("Error krb5_get_init_creds_password(): %s", --- 129 unchanged lines hidden (view full) --- 361 362 if (flags & PAM_REINITIALIZE_CRED) 363 return (PAM_SUCCESS); 364 365 if (!(flags & PAM_ESTABLISH_CRED)) 366 return (PAM_SERVICE_ERR); 367 368 /* If a persistent cache isn't desired, stop now. */ | 230 231 /* Get a TGT */ 232 memset(&creds, 0, sizeof(krb5_creds)); 233 krbret = krb5_get_init_creds_password(pam_context, &creds, princ, 234 pass, NULL, pamh, 0, NULL, &opts); 235 if (krbret != 0) { 236 PAM_VERBOSE_ERROR("Kerberos 5 error"); 237 PAM_LOG("Error krb5_get_init_creds_password(): %s", --- 129 unchanged lines hidden (view full) --- 367 368 if (flags & PAM_REINITIALIZE_CRED) 369 return (PAM_SUCCESS); 370 371 if (!(flags & PAM_ESTABLISH_CRED)) 372 return (PAM_SERVICE_ERR); 373 374 /* If a persistent cache isn't desired, stop now. */ |
369 if (openpam_get_option(pamh, PAM_OPT_NO_CCACHE)) | 375 if (openpam_get_option(pamh, PAM_OPT_NO_CCACHE) || 376 openpam_get_option(pamh, PAM_OPT_NO_USER_CHECK)) |
370 return (PAM_SUCCESS); 371 372 PAM_LOG("Establishing credentials"); 373 374 /* Get username */ 375 retval = pam_get_item(pamh, PAM_USER, &user); 376 if (retval != PAM_SUCCESS) 377 return (retval); --- 594 unchanged lines hidden --- | 377 return (PAM_SUCCESS); 378 379 PAM_LOG("Establishing credentials"); 380 381 /* Get username */ 382 retval = pam_get_item(pamh, PAM_USER, &user); 383 if (retval != PAM_SUCCESS) 384 return (retval); --- 594 unchanged lines hidden --- |