CVS commit: src/lib/libpam/modules/pam_ksu
Module Name:src Committed By: joerg Date: Thu Feb 27 18:09:38 UTC 2014 Modified Files: src/lib/libpam/modules/pam_ksu: pam_ksu.c Log Message: Remove tautological check. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/lib/libpam/modules/pam_ksu/pam_ksu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.8 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.9 --- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.8 Sun Dec 29 22:54:58 2013 +++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Thu Feb 27 18:09:38 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_ksu.c,v 1.8 2013/12/29 22:54:58 christos Exp $ */ +/* $NetBSD: pam_ksu.c,v 1.9 2014/02/27 18:09:38 joerg Exp $ */ /*- * Copyright (c) 2002 Jacques A. Vidrine nec...@freebsd.org @@ -29,7 +29,7 @@ #ifdef __FreeBSD__ __FBSDID($FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $); #else -__RCSID($NetBSD: pam_ksu.c,v 1.8 2013/12/29 22:54:58 christos Exp $); +__RCSID($NetBSD: pam_ksu.c,v 1.9 2014/02/27 18:09:38 joerg Exp $); #endif #include sys/param.h @@ -139,8 +139,6 @@ auth_krb5(pam_handle_t *pamh, krb5_conte su_principal_name); else (void)snprintf(prompt, sizeof(prompt), Password:); - if (prompt == NULL) - return (PAM_BUF_ERR); pass = NULL; pamret = pam_get_authtok(pamh, PAM_AUTHTOK, pass, prompt); if (pamret != PAM_SUCCESS)
CVS commit: src/lib/libpam/modules/pam_ksu
Module Name:src Committed By: christos Date: Mon Apr 25 22:01:04 UTC 2011 Modified Files: src/lib/libpam/modules/pam_ksu: pam_ksu.c Log Message: - make log_krb5 varyadic and merge the last error message. - check for NULL context. - print a more meaningful error when things go south To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/lib/libpam/modules/pam_ksu/pam_ksu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.5 --- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4 Sun Apr 24 14:53:55 2011 +++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Mon Apr 25 18:01:04 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $ */ +/* $NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $ */ /*- * Copyright (c) 2002 Jacques A. Vidrine nec...@freebsd.org @@ -29,7 +29,7 @@ #ifdef __FreeBSD__ __FBSDID($FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $); #else -__RCSID($NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $); +__RCSID($NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $); #endif #include sys/param.h @@ -51,7 +51,8 @@ #define PASSWORD_PROMPT %s's password: -static void log_krb5(krb5_context, const char *, krb5_error_code); +static void log_krb5(krb5_context, krb5_error_code, const char *, ...) +__printflike(3, 4); static long get_su_principal(krb5_context, const char *, const char *, char **, krb5_principal *); static int auth_krb5(pam_handle_t *, krb5_context, const char *, @@ -79,7 +80,7 @@ PAM_LOG(Got ruser: %s, (const char *)ruser); rv = krb5_init_context(context); if (rv != 0) { - log_krb5(context, krb5_init_context failed: %s, rv); + log_krb5(context, rv, krb5_init_context failed); return (PAM_SERVICE_ERR); } rv = get_su_principal(context, user, ruser, su_principal_name, su_principal); @@ -129,7 +130,7 @@ rv = krb5_get_init_creds_opt_alloc(context, gic_opt); if (rv != 0) { - log_krb5(context, krb5_get_init_creds_opt_alloc: %s, rv); + log_krb5(context, rv, krb5_get_init_creds_opt_alloc); return (PAM_SERVICE_ERR); } krb5_verify_init_creds_opt_init(vic_opt); @@ -147,7 +148,7 @@ rv = krb5_get_init_creds_password(context, creds, su_principal, pass, NULL, NULL, 0, NULL, gic_opt); if (rv != 0) { - log_krb5(context, krb5_get_init_creds_password: %s, rv); + log_krb5(context, rv, krb5_get_init_creds_password); return (PAM_AUTH_ERR); } krb5_verify_init_creds_opt_set_ap_req_nofail(vic_opt, 1); @@ -155,24 +156,33 @@ vic_opt); krb5_free_cred_contents(context, creds); if (rv != 0) { - log_krb5(context, krb5_verify_init_creds: %s, rv); + log_krb5(context, rv, krb5_verify_init_creds); return (PAM_AUTH_ERR); } return (PAM_SUCCESS); } static void -log_krb5(krb5_context ctx, const char *fmt, krb5_error_code err) +log_krb5(krb5_context ctx, krb5_error_code err, const char *fmt, ...) { - const char *errtxt; + char b1[1024], b2[1024]; + const char *errtxt; + va_list ap; -errtxt = krb5_get_error_message(ctx, err); + va_start(ap, fmt); + vsnprintf(b1, sizeof(b1), fmt, ap); + va_end(ap); + if (ctx) + errtxt = krb5_get_error_message(ctx, err); + else + errtxt = NULL; if (errtxt != NULL) { - PAM_LOG(fmt, errtxt); krb5_free_error_message(ctx, errtxt); + snprintf(b2, sizeof(b2), %s (%s), b1, errtxt); } else { - PAM_LOG(fmt, unknown); + snprintf(b2, sizeof(b1), %s (unknown %d), b1, (int)err); } + PAM_LOG(b2); } /* Determine the target principal given the current user and the target user. @@ -199,7 +209,6 @@ char *principal_name, *ccname, *p; long rv; uid_t euid, ruid; - const char *errtxt; *su_principal = NULL; default_principal = NULL; @@ -244,7 +253,7 @@ rv = krb5_unparse_name(context, default_principal, principal_name); krb5_free_principal(context, default_principal); if (rv != 0) { - log_krb5(context, krb5_unparse_name: %s, rv); + log_krb5(context, rv, krb5_unparse_name); return (rv); } PAM_LOG(Default principal name: %s, principal_name); @@ -266,16 +275,8 @@ return (errno); rv = krb5_parse_name(context, *su_principal_name, default_principal); if (rv != 0) { - errtxt = krb5_get_error_message(context, rv); - if (errtxt != NULL) { - PAM_LOG(krb5_parse_name `%s': %s, *su_principal_name, - errtxt); - krb5_free_error_message(context, errtxt); - } else { - PAM_LOG(krb5_parse_name `%s': %ld, *su_principal_name, - rv); - } - free(*su_principal_name); + log_krb5(context, rv, krb5_parse_name `%s', + *su_principal_name); return (rv); } PAM_LOG(Target principal name: %s, *su_principal_name);
CVS commit: src/lib/libpam/modules/pam_ksu
Module Name:src Committed By: christos Date: Mon Apr 25 22:03:20 UTC 2011 Modified Files: src/lib/libpam/modules/pam_ksu: pam_ksu.c Log Message: fix pasto (of no consequence) To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/lib/libpam/modules/pam_ksu/pam_ksu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.5 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.6 --- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.5 Mon Apr 25 18:01:04 2011 +++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Mon Apr 25 18:03:20 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $ */ +/* $NetBSD: pam_ksu.c,v 1.6 2011/04/25 22:03:20 christos Exp $ */ /*- * Copyright (c) 2002 Jacques A. Vidrine nec...@freebsd.org @@ -29,7 +29,7 @@ #ifdef __FreeBSD__ __FBSDID($FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $); #else -__RCSID($NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $); +__RCSID($NetBSD: pam_ksu.c,v 1.6 2011/04/25 22:03:20 christos Exp $); #endif #include sys/param.h @@ -180,7 +180,7 @@ krb5_free_error_message(ctx, errtxt); snprintf(b2, sizeof(b2), %s (%s), b1, errtxt); } else { - snprintf(b2, sizeof(b1), %s (unknown %d), b1, (int)err); + snprintf(b2, sizeof(b2), %s (unknown %d), b1, (int)err); } PAM_LOG(b2); }
CVS commit: src/lib/libpam/modules/pam_ksu
Module Name:src Committed By: elric Date: Sun Apr 24 18:53:55 UTC 2011 Modified Files: src/lib/libpam/modules/pam_ksu: pam_ksu.c Log Message: Stop using functions that are marked as deprecated in Heimdal. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/lib/libpam/modules/pam_ksu/pam_ksu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.3 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4 --- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.3 Sun Mar 8 19:38:03 2009 +++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Sun Apr 24 18:53:55 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_ksu.c,v 1.3 2009/03/08 19:38:03 christos Exp $ */ +/* $NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $ */ /*- * Copyright (c) 2002 Jacques A. Vidrine nec...@freebsd.org @@ -29,7 +29,7 @@ #ifdef __FreeBSD__ __FBSDID($FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $); #else -__RCSID($NetBSD: pam_ksu.c,v 1.3 2009/03/08 19:38:03 christos Exp $); +__RCSID($NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $); #endif #include sys/param.h @@ -51,6 +51,7 @@ #define PASSWORD_PROMPT %s's password: +static void log_krb5(krb5_context, const char *, krb5_error_code); static long get_su_principal(krb5_context, const char *, const char *, char **, krb5_principal *); static int auth_krb5(pam_handle_t *, krb5_context, const char *, @@ -78,8 +79,7 @@ PAM_LOG(Got ruser: %s, (const char *)ruser); rv = krb5_init_context(context); if (rv != 0) { - PAM_LOG(krb5_init_context failed: %s, - krb5_get_err_text(context, rv)); + log_krb5(context, krb5_init_context failed: %s, rv); return (PAM_SERVICE_ERR); } rv = get_su_principal(context, user, ruser, su_principal_name, su_principal); @@ -120,14 +120,18 @@ krb5_principal su_principal) { krb5_creds creds; - krb5_get_init_creds_opt gic_opt; + krb5_get_init_creds_opt *gic_opt; krb5_verify_init_creds_opt vic_opt; const char *pass; char prompt[80]; long rv; int pamret; - krb5_get_init_creds_opt_init(gic_opt); + rv = krb5_get_init_creds_opt_alloc(context, gic_opt); + if (rv != 0) { + log_krb5(context, krb5_get_init_creds_opt_alloc: %s, rv); + return (PAM_SERVICE_ERR); + } krb5_verify_init_creds_opt_init(vic_opt); if (su_principal_name != NULL) (void)snprintf(prompt, sizeof(prompt), PASSWORD_PROMPT, @@ -141,10 +145,9 @@ if (pamret != PAM_SUCCESS) return (pamret); rv = krb5_get_init_creds_password(context, creds, su_principal, - pass, NULL, NULL, 0, NULL, gic_opt); + pass, NULL, NULL, 0, NULL, gic_opt); if (rv != 0) { - PAM_LOG(krb5_get_init_creds_password: %s, - krb5_get_err_text(context, rv)); + log_krb5(context, krb5_get_init_creds_password: %s, rv); return (PAM_AUTH_ERR); } krb5_verify_init_creds_opt_set_ap_req_nofail(vic_opt, 1); @@ -152,13 +155,26 @@ vic_opt); krb5_free_cred_contents(context, creds); if (rv != 0) { - PAM_LOG(krb5_verify_init_creds: %s, - krb5_get_err_text(context, rv)); + log_krb5(context, krb5_verify_init_creds: %s, rv); return (PAM_AUTH_ERR); } return (PAM_SUCCESS); } +static void +log_krb5(krb5_context ctx, const char *fmt, krb5_error_code err) +{ + const char *errtxt; + +errtxt = krb5_get_error_message(ctx, err); + if (errtxt != NULL) { + PAM_LOG(fmt, errtxt); + krb5_free_error_message(ctx, errtxt); + } else { + PAM_LOG(fmt, unknown); + } +} + /* Determine the target principal given the current user and the target user. * context -- An initialized krb5_context. * target_user -- The target username. @@ -183,6 +199,7 @@ char *principal_name, *ccname, *p; long rv; uid_t euid, ruid; + const char *errtxt; *su_principal = NULL; default_principal = NULL; @@ -227,8 +244,7 @@ rv = krb5_unparse_name(context, default_principal, principal_name); krb5_free_principal(context, default_principal); if (rv != 0) { - PAM_LOG(krb5_unparse_name: %s, - krb5_get_err_text(context, rv)); + log_krb5(context, krb5_unparse_name: %s, rv); return (rv); } PAM_LOG(Default principal name: %s, principal_name); @@ -250,8 +266,15 @@ return (errno); rv = krb5_parse_name(context, *su_principal_name, default_principal); if (rv != 0) { - PAM_LOG(krb5_parse_name `%s': %s, *su_principal_name, - krb5_get_err_text(context, rv)); + errtxt = krb5_get_error_message(context, rv); + if (errtxt != NULL) { + PAM_LOG(krb5_parse_name `%s': %s, *su_principal_name, + errtxt); + krb5_free_error_message(context, errtxt); + } else { + PAM_LOG(krb5_parse_name `%s': %ld, *su_principal_name, + rv); + } free(*su_principal_name); return (rv); }