Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libpam/modules/pam_ksu Stop using functions that are mar...
details: https://anonhg.NetBSD.org/src/rev/1008385e21ff
branches: trunk
changeset: 764462:1008385e21ff
user: elric <elric%NetBSD.org@localhost>
date: Sun Apr 24 18:53:55 2011 +0000
description:
Stop using functions that are marked as deprecated in Heimdal.
diffstat:
lib/libpam/modules/pam_ksu/pam_ksu.c | 53 +++++++++++++++++++++++++----------
1 files changed, 38 insertions(+), 15 deletions(-)
diffs (135 lines):
diff -r 4ab861451701 -r 1008385e21ff lib/libpam/modules/pam_ksu/pam_ksu.c
--- a/lib/libpam/modules/pam_ksu/pam_ksu.c Sun Apr 24 18:53:02 2011 +0000
+++ b/lib/libpam/modules/pam_ksu/pam_ksu.c Sun Apr 24 18:53:55 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ksu.c,v 1.3 2009/03/08 19:38:03 christos Exp $ */
+/* $NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $ */
/*-
* Copyright (c) 2002 Jacques A. Vidrine <nectar%FreeBSD.org@localhost>
@@ -29,7 +29,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_ksu.c,v 1.3 2009/03/08 19:38:03 christos Exp $");
+__RCSID("$NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $");
#endif
#include <sys/param.h>
@@ -51,6 +51,7 @@
#define PASSWORD_PROMPT "%s's password:"
+static void log_krb5(krb5_context, const char *, krb5_error_code);
static long get_su_principal(krb5_context, const char *, const char *,
char **, krb5_principal *);
static int auth_krb5(pam_handle_t *, krb5_context, const char *,
@@ -78,8 +79,7 @@
PAM_LOG("Got ruser: %s", (const char *)ruser);
rv = krb5_init_context(&context);
if (rv != 0) {
- PAM_LOG("krb5_init_context failed: %s",
- krb5_get_err_text(context, rv));
+ log_krb5(context, "krb5_init_context failed: %s", rv);
return (PAM_SERVICE_ERR);
}
rv = get_su_principal(context, user, ruser, &su_principal_name, &su_principal);
@@ -120,14 +120,18 @@
krb5_principal su_principal)
{
krb5_creds creds;
- krb5_get_init_creds_opt gic_opt;
+ krb5_get_init_creds_opt *gic_opt;
krb5_verify_init_creds_opt vic_opt;
const char *pass;
char prompt[80];
long rv;
int pamret;
- krb5_get_init_creds_opt_init(&gic_opt);
+ rv = krb5_get_init_creds_opt_alloc(context, &gic_opt);
+ if (rv != 0) {
+ log_krb5(context, "krb5_get_init_creds_opt_alloc: %s", rv);
+ return (PAM_SERVICE_ERR);
+ }
krb5_verify_init_creds_opt_init(&vic_opt);
if (su_principal_name != NULL)
(void)snprintf(prompt, sizeof(prompt), PASSWORD_PROMPT,
@@ -141,10 +145,9 @@
if (pamret != PAM_SUCCESS)
return (pamret);
rv = krb5_get_init_creds_password(context, &creds, su_principal,
- pass, NULL, NULL, 0, NULL, &gic_opt);
+ pass, NULL, NULL, 0, NULL, gic_opt);
if (rv != 0) {
- PAM_LOG("krb5_get_init_creds_password: %s",
- krb5_get_err_text(context, rv));
+ log_krb5(context, "krb5_get_init_creds_password: %s", rv);
return (PAM_AUTH_ERR);
}
krb5_verify_init_creds_opt_set_ap_req_nofail(&vic_opt, 1);
@@ -152,13 +155,26 @@
&vic_opt);
krb5_free_cred_contents(context, &creds);
if (rv != 0) {
- PAM_LOG("krb5_verify_init_creds: %s",
- krb5_get_err_text(context, rv));
+ log_krb5(context, "krb5_verify_init_creds: %s", rv);
return (PAM_AUTH_ERR);
}
return (PAM_SUCCESS);
}
+static void
+log_krb5(krb5_context ctx, const char *fmt, krb5_error_code err)
+{
+ const char *errtxt;
+
+ errtxt = krb5_get_error_message(ctx, err);
+ if (errtxt != NULL) {
+ PAM_LOG(fmt, errtxt);
+ krb5_free_error_message(ctx, errtxt);
+ } else {
+ PAM_LOG(fmt, "unknown");
+ }
+}
+
/* Determine the target principal given the current user and the target user.
* context -- An initialized krb5_context.
* target_user -- The target username.
@@ -183,6 +199,7 @@
char *principal_name, *ccname, *p;
long rv;
uid_t euid, ruid;
+ const char *errtxt;
*su_principal = NULL;
default_principal = NULL;
@@ -227,8 +244,7 @@
rv = krb5_unparse_name(context, default_principal, &principal_name);
krb5_free_principal(context, default_principal);
if (rv != 0) {
- PAM_LOG("krb5_unparse_name: %s",
- krb5_get_err_text(context, rv));
+ log_krb5(context, "krb5_unparse_name: %s", rv);
return (rv);
}
PAM_LOG("Default principal name: %s", principal_name);
@@ -250,8 +266,15 @@
return (errno);
rv = krb5_parse_name(context, *su_principal_name, &default_principal);
if (rv != 0) {
- PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name,
- krb5_get_err_text(context, rv));
+ errtxt = krb5_get_error_message(context, rv);
+ if (errtxt != NULL) {
+ PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name,
+ errtxt);
+ krb5_free_error_message(context, errtxt);
+ } else {
+ PAM_LOG("krb5_parse_name `%s': %ld", *su_principal_name,
+ rv);
+ }
free(*su_principal_name);
return (rv);
}
Home |
Main Index |
Thread Index |
Old Index