Module Name: src
Committed By: martin
Date: Wed Jun 21 22:07:07 UTC 2023
Modified Files:
src/lib/libpam/modules/pam_ksu [netbsd-9]: pam_ksu.c
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1653):
lib/libpam/modules/pam_ksu/pam_ksu.c: revision 1.10
pam_ksu: No need for homedir access.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.28.1 src/lib/libpam/modules/pam_ksu/pam_ksu.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c
diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.9 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.9.28.1
--- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.9 Thu Feb 27 18:09:38 2014
+++ src/lib/libpam/modules/pam_ksu/pam_ksu.c Wed Jun 21 22:07:06 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ksu.c,v 1.9 2014/02/27 18:09:38 joerg Exp $ */
+/* $NetBSD: pam_ksu.c,v 1.9.28.1 2023/06/21 22:07:06 martin Exp $ */
/*-
* Copyright (c) 2002 Jacques A. Vidrine <[email protected]>
@@ -29,7 +29,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_ksu.c,v 1.9 2014/02/27 18:09:38 joerg Exp $");
+__RCSID("$NetBSD: pam_ksu.c,v 1.9.28.1 2023/06/21 22:07:06 martin Exp $");
#endif
#include <sys/param.h>
@@ -62,6 +62,7 @@ PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
+ krb5_boolean allow_homedir;
krb5_context context;
krb5_principal su_principal;
const char *user;
@@ -78,20 +79,25 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pamret != PAM_SUCCESS)
return (pamret);
PAM_LOG("Got ruser: %s", (const char *)ruser);
+ allow_homedir = krb5_set_home_dir_access(NULL, FALSE);
rv = krb5_init_context(&context);
if (rv != 0) {
log_krb5(context, rv, "krb5_init_context failed");
- return (PAM_SERVICE_ERR);
+ pamret = PAM_SERVICE_ERR;
+ goto out;
}
rv = get_su_principal(context, user, ruser, &su_principal_name, &su_principal);
- if (rv != 0)
- return (PAM_AUTH_ERR);
+ if (rv != 0) {
+ pamret = PAM_AUTH_ERR;
+ goto out;
+ }
PAM_LOG("kuserok: %s -> %s", su_principal_name, user);
rv = krb5_kuserok(context, su_principal, user);
pamret = rv ? auth_krb5(pamh, context, su_principal_name, su_principal) : PAM_AUTH_ERR;
free(su_principal_name);
krb5_free_principal(context, su_principal);
krb5_free_context(context);
+out: (void)krb5_set_home_dir_access(NULL, allow_homedir);
return (pamret);
}
