pam_krb5.c (207553) | pam_krb5.c (207555) |
---|---|
1/*- 2 * This pam_krb5 module contains code that is: 3 * Copyright (c) Derrick J. Brashear, 1996. All rights reserved. 4 * Copyright (c) Frank Cusack, 1999-2001. All rights reserved. 5 * Copyright (c) Jacques A. Vidrine, 2000-2001. All rights reserved. 6 * Copyright (c) Nicolas Williams, 2001. All rights reserved. 7 * Copyright (c) Perot Systems Corporation, 2001. All rights reserved. 8 * Copyright (c) Mark R V Murray, 2001. All rights reserved. --- 34 unchanged lines hidden (view full) --- 43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 * OF THE POSSIBILITY OF SUCH DAMAGE. 47 * 48 */ 49 50#include <sys/cdefs.h> | 1/*- 2 * This pam_krb5 module contains code that is: 3 * Copyright (c) Derrick J. Brashear, 1996. All rights reserved. 4 * Copyright (c) Frank Cusack, 1999-2001. All rights reserved. 5 * Copyright (c) Jacques A. Vidrine, 2000-2001. All rights reserved. 6 * Copyright (c) Nicolas Williams, 2001. All rights reserved. 7 * Copyright (c) Perot Systems Corporation, 2001. All rights reserved. 8 * Copyright (c) Mark R V Murray, 2001. All rights reserved. --- 34 unchanged lines hidden (view full) --- 43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 * OF THE POSSIBILITY OF SUCH DAMAGE. 47 * 48 */ 49 50#include <sys/cdefs.h> |
51__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_krb5/pam_krb5.c 207553 2010-05-03 07:32:24Z mm $"); | 51__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_krb5/pam_krb5.c 207555 2010-05-03 07:39:51Z mm $"); |
52 53#include <sys/types.h> 54#include <sys/stat.h> 55#include <errno.h> 56#include <limits.h> 57#include <pwd.h> 58#include <stdio.h> 59#include <stdlib.h> --- 134 unchanged lines hidden (view full) --- 194 goto cleanup2; 195 196 PAM_LOG("Got password"); 197 198 if (openpam_get_option(pamh, PAM_OPT_NO_USER_CHECK)) 199 PAM_LOG("Skipping local user check"); 200 else { 201 | 52 53#include <sys/types.h> 54#include <sys/stat.h> 55#include <errno.h> 56#include <limits.h> 57#include <pwd.h> 58#include <stdio.h> 59#include <stdlib.h> --- 134 unchanged lines hidden (view full) --- 194 goto cleanup2; 195 196 PAM_LOG("Got password"); 197 198 if (openpam_get_option(pamh, PAM_OPT_NO_USER_CHECK)) 199 PAM_LOG("Skipping local user check"); 200 else { 201 |
202 /* Verify the local user exists (AFTER getting the password) */ 203 if (strchr(user, '@')) { 204 /* get a local account name for this principal */ 205 krbret = krb5_aname_to_localname(pam_context, princ, 206 sizeof(luser), luser); 207 if (krbret != 0) { 208 PAM_VERBOSE_ERROR("Kerberos 5 error"); 209 PAM_LOG("Error krb5_aname_to_localname(): %s", 210 krb5_get_err_text(pam_context, krbret)); | 202 /* Verify the local user exists (AFTER getting the password) */ 203 if (strchr(user, '@')) { 204 /* get a local account name for this principal */ 205 krbret = krb5_aname_to_localname(pam_context, princ, 206 sizeof(luser), luser); 207 if (krbret != 0) { 208 PAM_VERBOSE_ERROR("Kerberos 5 error"); 209 PAM_LOG("Error krb5_aname_to_localname(): %s", 210 krb5_get_err_text(pam_context, krbret)); 211 retval = PAM_USER_UNKNOWN; 212 goto cleanup2; 213 } 214 215 retval = pam_set_item(pamh, PAM_USER, luser); 216 if (retval != PAM_SUCCESS) 217 goto cleanup2; 218 219 PAM_LOG("PAM_USER Redone"); 220 } 221 222 pwd = getpwnam(user); 223 if (pwd == NULL) { |
211 retval = PAM_USER_UNKNOWN; 212 goto cleanup2; 213 } 214 | 224 retval = PAM_USER_UNKNOWN; 225 goto cleanup2; 226 } 227 |
215 retval = pam_set_item(pamh, PAM_USER, luser); 216 if (retval != PAM_SUCCESS) 217 goto cleanup2; 218 219 PAM_LOG("PAM_USER Redone"); | 228 PAM_LOG("Done getpwnam()"); |
220 } 221 | 229 } 230 |
222 pwd = getpwnam(user); 223 if (pwd == NULL) { 224 retval = PAM_USER_UNKNOWN; 225 goto cleanup2; 226 } 227 228 PAM_LOG("Done getpwnam()"); 229 } 230 | |
231 /* Get a TGT */ 232 memset(&creds, 0, sizeof(krb5_creds)); 233 krbret = krb5_get_init_creds_password(pam_context, &creds, princ, 234 pass, NULL, pamh, 0, NULL, &opts); 235 if (krbret != 0) { 236 PAM_VERBOSE_ERROR("Kerberos 5 error"); 237 PAM_LOG("Error krb5_get_init_creds_password(): %s", 238 krb5_get_err_text(pam_context, krbret)); --- 740 unchanged lines hidden --- | 231 /* Get a TGT */ 232 memset(&creds, 0, sizeof(krb5_creds)); 233 krbret = krb5_get_init_creds_password(pam_context, &creds, princ, 234 pass, NULL, pamh, 0, NULL, &opts); 235 if (krbret != 0) { 236 PAM_VERBOSE_ERROR("Kerberos 5 error"); 237 PAM_LOG("Error krb5_get_init_creds_password(): %s", 238 krb5_get_err_text(pam_context, krbret)); --- 740 unchanged lines hidden --- |