CVS commit: src/lib/libpam/modules/pam_ksu
Module Name:src Committed By: joerg Date: Thu Feb 27 18:09:38 UTC 2014 Modified Files: src/lib/libpam/modules/pam_ksu: pam_ksu.c Log Message: Remove tautological check. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/lib/libpam/modules/pam_ksu/pam_ksu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.8 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.9 --- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.8 Sun Dec 29 22:54:58 2013 +++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Thu Feb 27 18:09:38 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_ksu.c,v 1.8 2013/12/29 22:54:58 christos Exp $ */ +/* $NetBSD: pam_ksu.c,v 1.9 2014/02/27 18:09:38 joerg Exp $ */ /*- * Copyright (c) 2002 Jacques A. Vidrine nec...@freebsd.org @@ -29,7 +29,7 @@ #ifdef __FreeBSD__ __FBSDID($FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $); #else -__RCSID($NetBSD: pam_ksu.c,v 1.8 2013/12/29 22:54:58 christos Exp $); +__RCSID($NetBSD: pam_ksu.c,v 1.9 2014/02/27 18:09:38 joerg Exp $); #endif #include sys/param.h @@ -139,8 +139,6 @@ auth_krb5(pam_handle_t *pamh, krb5_conte su_principal_name); else (void)snprintf(prompt, sizeof(prompt), Password:); - if (prompt == NULL) - return (PAM_BUF_ERR); pass = NULL; pamret = pam_get_authtok(pamh, PAM_AUTHTOK, pass, prompt); if (pamret != PAM_SUCCESS)
CVS commit: src/lib/libpam/modules/pam_ksu
Module Name:src
Committed By: christos
Date: Mon Apr 25 22:01:04 UTC 2011
Modified Files:
src/lib/libpam/modules/pam_ksu: pam_ksu.c
Log Message:
- make log_krb5 varyadic and merge the last error message.
- check for NULL context.
- print a more meaningful error when things go south
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/lib/libpam/modules/pam_ksu/pam_ksu.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c
diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.5
--- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4 Sun Apr 24 14:53:55 2011
+++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Mon Apr 25 18:01:04 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $ */
+/* $NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $ */
/*-
* Copyright (c) 2002 Jacques A. Vidrine nec...@freebsd.org
@@ -29,7 +29,7 @@
#ifdef __FreeBSD__
__FBSDID($FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $);
#else
-__RCSID($NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $);
+__RCSID($NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $);
#endif
#include sys/param.h
@@ -51,7 +51,8 @@
#define PASSWORD_PROMPT %s's password:
-static void log_krb5(krb5_context, const char *, krb5_error_code);
+static void log_krb5(krb5_context, krb5_error_code, const char *, ...)
+__printflike(3, 4);
static long get_su_principal(krb5_context, const char *, const char *,
char **, krb5_principal *);
static int auth_krb5(pam_handle_t *, krb5_context, const char *,
@@ -79,7 +80,7 @@
PAM_LOG(Got ruser: %s, (const char *)ruser);
rv = krb5_init_context(context);
if (rv != 0) {
- log_krb5(context, krb5_init_context failed: %s, rv);
+ log_krb5(context, rv, krb5_init_context failed);
return (PAM_SERVICE_ERR);
}
rv = get_su_principal(context, user, ruser, su_principal_name, su_principal);
@@ -129,7 +130,7 @@
rv = krb5_get_init_creds_opt_alloc(context, gic_opt);
if (rv != 0) {
- log_krb5(context, krb5_get_init_creds_opt_alloc: %s, rv);
+ log_krb5(context, rv, krb5_get_init_creds_opt_alloc);
return (PAM_SERVICE_ERR);
}
krb5_verify_init_creds_opt_init(vic_opt);
@@ -147,7 +148,7 @@
rv = krb5_get_init_creds_password(context, creds, su_principal,
pass, NULL, NULL, 0, NULL, gic_opt);
if (rv != 0) {
- log_krb5(context, krb5_get_init_creds_password: %s, rv);
+ log_krb5(context, rv, krb5_get_init_creds_password);
return (PAM_AUTH_ERR);
}
krb5_verify_init_creds_opt_set_ap_req_nofail(vic_opt, 1);
@@ -155,24 +156,33 @@
vic_opt);
krb5_free_cred_contents(context, creds);
if (rv != 0) {
- log_krb5(context, krb5_verify_init_creds: %s, rv);
+ log_krb5(context, rv, krb5_verify_init_creds);
return (PAM_AUTH_ERR);
}
return (PAM_SUCCESS);
}
static void
-log_krb5(krb5_context ctx, const char *fmt, krb5_error_code err)
+log_krb5(krb5_context ctx, krb5_error_code err, const char *fmt, ...)
{
- const char *errtxt;
+ char b1[1024], b2[1024];
+ const char *errtxt;
+ va_list ap;
-errtxt = krb5_get_error_message(ctx, err);
+ va_start(ap, fmt);
+ vsnprintf(b1, sizeof(b1), fmt, ap);
+ va_end(ap);
+ if (ctx)
+ errtxt = krb5_get_error_message(ctx, err);
+ else
+ errtxt = NULL;
if (errtxt != NULL) {
- PAM_LOG(fmt, errtxt);
krb5_free_error_message(ctx, errtxt);
+ snprintf(b2, sizeof(b2), %s (%s), b1, errtxt);
} else {
- PAM_LOG(fmt, unknown);
+ snprintf(b2, sizeof(b1), %s (unknown %d), b1, (int)err);
}
+ PAM_LOG(b2);
}
/* Determine the target principal given the current user and the target user.
@@ -199,7 +209,6 @@
char *principal_name, *ccname, *p;
long rv;
uid_t euid, ruid;
- const char *errtxt;
*su_principal = NULL;
default_principal = NULL;
@@ -244,7 +253,7 @@
rv = krb5_unparse_name(context, default_principal, principal_name);
krb5_free_principal(context, default_principal);
if (rv != 0) {
- log_krb5(context, krb5_unparse_name: %s, rv);
+ log_krb5(context, rv, krb5_unparse_name);
return (rv);
}
PAM_LOG(Default principal name: %s, principal_name);
@@ -266,16 +275,8 @@
return (errno);
rv = krb5_parse_name(context, *su_principal_name, default_principal);
if (rv != 0) {
- errtxt = krb5_get_error_message(context, rv);
- if (errtxt != NULL) {
- PAM_LOG(krb5_parse_name `%s': %s, *su_principal_name,
- errtxt);
- krb5_free_error_message(context, errtxt);
- } else {
- PAM_LOG(krb5_parse_name `%s': %ld, *su_principal_name,
- rv);
- }
- free(*su_principal_name);
+ log_krb5(context, rv, krb5_parse_name `%s',
+ *su_principal_name);
return (rv);
}
PAM_LOG(Target principal name: %s, *su_principal_name);
CVS commit: src/lib/libpam/modules/pam_ksu
Module Name:src
Committed By: christos
Date: Mon Apr 25 22:03:20 UTC 2011
Modified Files:
src/lib/libpam/modules/pam_ksu: pam_ksu.c
Log Message:
fix pasto (of no consequence)
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/lib/libpam/modules/pam_ksu/pam_ksu.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c
diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.5 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.6
--- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.5 Mon Apr 25 18:01:04 2011
+++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Mon Apr 25 18:03:20 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $ */
+/* $NetBSD: pam_ksu.c,v 1.6 2011/04/25 22:03:20 christos Exp $ */
/*-
* Copyright (c) 2002 Jacques A. Vidrine nec...@freebsd.org
@@ -29,7 +29,7 @@
#ifdef __FreeBSD__
__FBSDID($FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $);
#else
-__RCSID($NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $);
+__RCSID($NetBSD: pam_ksu.c,v 1.6 2011/04/25 22:03:20 christos Exp $);
#endif
#include sys/param.h
@@ -180,7 +180,7 @@
krb5_free_error_message(ctx, errtxt);
snprintf(b2, sizeof(b2), %s (%s), b1, errtxt);
} else {
- snprintf(b2, sizeof(b1), %s (unknown %d), b1, (int)err);
+ snprintf(b2, sizeof(b2), %s (unknown %d), b1, (int)err);
}
PAM_LOG(b2);
}
CVS commit: src/lib/libpam/modules/pam_ksu
Module Name:src
Committed By: elric
Date: Sun Apr 24 18:53:55 UTC 2011
Modified Files:
src/lib/libpam/modules/pam_ksu: pam_ksu.c
Log Message:
Stop using functions that are marked as deprecated in Heimdal.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/lib/libpam/modules/pam_ksu/pam_ksu.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c
diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.3 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4
--- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.3 Sun Mar 8 19:38:03 2009
+++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Sun Apr 24 18:53:55 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ksu.c,v 1.3 2009/03/08 19:38:03 christos Exp $ */
+/* $NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $ */
/*-
* Copyright (c) 2002 Jacques A. Vidrine nec...@freebsd.org
@@ -29,7 +29,7 @@
#ifdef __FreeBSD__
__FBSDID($FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $);
#else
-__RCSID($NetBSD: pam_ksu.c,v 1.3 2009/03/08 19:38:03 christos Exp $);
+__RCSID($NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $);
#endif
#include sys/param.h
@@ -51,6 +51,7 @@
#define PASSWORD_PROMPT %s's password:
+static void log_krb5(krb5_context, const char *, krb5_error_code);
static long get_su_principal(krb5_context, const char *, const char *,
char **, krb5_principal *);
static int auth_krb5(pam_handle_t *, krb5_context, const char *,
@@ -78,8 +79,7 @@
PAM_LOG(Got ruser: %s, (const char *)ruser);
rv = krb5_init_context(context);
if (rv != 0) {
- PAM_LOG(krb5_init_context failed: %s,
- krb5_get_err_text(context, rv));
+ log_krb5(context, krb5_init_context failed: %s, rv);
return (PAM_SERVICE_ERR);
}
rv = get_su_principal(context, user, ruser, su_principal_name, su_principal);
@@ -120,14 +120,18 @@
krb5_principal su_principal)
{
krb5_creds creds;
- krb5_get_init_creds_opt gic_opt;
+ krb5_get_init_creds_opt *gic_opt;
krb5_verify_init_creds_opt vic_opt;
const char *pass;
char prompt[80];
long rv;
int pamret;
- krb5_get_init_creds_opt_init(gic_opt);
+ rv = krb5_get_init_creds_opt_alloc(context, gic_opt);
+ if (rv != 0) {
+ log_krb5(context, krb5_get_init_creds_opt_alloc: %s, rv);
+ return (PAM_SERVICE_ERR);
+ }
krb5_verify_init_creds_opt_init(vic_opt);
if (su_principal_name != NULL)
(void)snprintf(prompt, sizeof(prompt), PASSWORD_PROMPT,
@@ -141,10 +145,9 @@
if (pamret != PAM_SUCCESS)
return (pamret);
rv = krb5_get_init_creds_password(context, creds, su_principal,
- pass, NULL, NULL, 0, NULL, gic_opt);
+ pass, NULL, NULL, 0, NULL, gic_opt);
if (rv != 0) {
- PAM_LOG(krb5_get_init_creds_password: %s,
- krb5_get_err_text(context, rv));
+ log_krb5(context, krb5_get_init_creds_password: %s, rv);
return (PAM_AUTH_ERR);
}
krb5_verify_init_creds_opt_set_ap_req_nofail(vic_opt, 1);
@@ -152,13 +155,26 @@
vic_opt);
krb5_free_cred_contents(context, creds);
if (rv != 0) {
- PAM_LOG(krb5_verify_init_creds: %s,
- krb5_get_err_text(context, rv));
+ log_krb5(context, krb5_verify_init_creds: %s, rv);
return (PAM_AUTH_ERR);
}
return (PAM_SUCCESS);
}
+static void
+log_krb5(krb5_context ctx, const char *fmt, krb5_error_code err)
+{
+ const char *errtxt;
+
+errtxt = krb5_get_error_message(ctx, err);
+ if (errtxt != NULL) {
+ PAM_LOG(fmt, errtxt);
+ krb5_free_error_message(ctx, errtxt);
+ } else {
+ PAM_LOG(fmt, unknown);
+ }
+}
+
/* Determine the target principal given the current user and the target user.
* context -- An initialized krb5_context.
* target_user -- The target username.
@@ -183,6 +199,7 @@
char *principal_name, *ccname, *p;
long rv;
uid_t euid, ruid;
+ const char *errtxt;
*su_principal = NULL;
default_principal = NULL;
@@ -227,8 +244,7 @@
rv = krb5_unparse_name(context, default_principal, principal_name);
krb5_free_principal(context, default_principal);
if (rv != 0) {
- PAM_LOG(krb5_unparse_name: %s,
- krb5_get_err_text(context, rv));
+ log_krb5(context, krb5_unparse_name: %s, rv);
return (rv);
}
PAM_LOG(Default principal name: %s, principal_name);
@@ -250,8 +266,15 @@
return (errno);
rv = krb5_parse_name(context, *su_principal_name, default_principal);
if (rv != 0) {
- PAM_LOG(krb5_parse_name `%s': %s, *su_principal_name,
- krb5_get_err_text(context, rv));
+ errtxt = krb5_get_error_message(context, rv);
+ if (errtxt != NULL) {
+ PAM_LOG(krb5_parse_name `%s': %s, *su_principal_name,
+ errtxt);
+ krb5_free_error_message(context, errtxt);
+ } else {
+ PAM_LOG(krb5_parse_name `%s': %ld, *su_principal_name,
+ rv);
+ }
free(*su_principal_name);
return (rv);
}
