Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-10]: src/lib/libpam/modules/pam_ksu Pull up following revision(s)...



details:   https://anonhg.NetBSD.org/src/rev/e607c4ded1f1
branches:  netbsd-10
changeset: 376529:e607c4ded1f1
user:      martin <martin%NetBSD.org@localhost>
date:      Wed Jun 21 22:05:30 2023 +0000

description:
Pull up following revision(s) (requested by riastradh in ticket #207):

        lib/libpam/modules/pam_ksu/pam_ksu.c: revision 1.10

pam_ksu: No need for homedir access.

diffstat:

 lib/libpam/modules/pam_ksu/pam_ksu.c |  16 +++++++++++-----
 1 files changed, 11 insertions(+), 5 deletions(-)

diffs (55 lines):

diff -r 78a1d123f545 -r e607c4ded1f1 lib/libpam/modules/pam_ksu/pam_ksu.c
--- a/lib/libpam/modules/pam_ksu/pam_ksu.c      Wed Jun 21 21:54:12 2023 +0000
+++ b/lib/libpam/modules/pam_ksu/pam_ksu.c      Wed Jun 21 22:05:30 2023 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pam_ksu.c,v 1.9 2014/02/27 18:09:38 joerg Exp $        */
+/*     $NetBSD: pam_ksu.c,v 1.9.36.1 2023/06/21 22:05:30 martin Exp $  */
 
 /*-
  * Copyright (c) 2002 Jacques A. Vidrine <nectar%FreeBSD.org@localhost>
@@ -29,7 +29,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_ksu.c,v 1.9 2014/02/27 18:09:38 joerg Exp $");
+__RCSID("$NetBSD: pam_ksu.c,v 1.9.36.1 2023/06/21 22:05:30 martin Exp $");
 #endif
 
 #include <sys/param.h>
@@ -62,6 +62,7 @@ PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
+       krb5_boolean     allow_homedir;
        krb5_context     context;
        krb5_principal   su_principal;
        const char      *user;
@@ -78,20 +79,25 @@ pam_sm_authenticate(pam_handle_t *pamh, 
        if (pamret != PAM_SUCCESS)
                return (pamret);
        PAM_LOG("Got ruser: %s", (const char *)ruser);
+       allow_homedir = krb5_set_home_dir_access(NULL, FALSE);
        rv = krb5_init_context(&context);
        if (rv != 0) {
                log_krb5(context, rv, "krb5_init_context failed");
-               return (PAM_SERVICE_ERR);
+               pamret = PAM_SERVICE_ERR;
+               goto out;
        }
        rv = get_su_principal(context, user, ruser, &su_principal_name, &su_principal);
-       if (rv != 0)
-               return (PAM_AUTH_ERR);
+       if (rv != 0) {
+               pamret = PAM_AUTH_ERR;
+               goto out;
+       }
        PAM_LOG("kuserok: %s -> %s", su_principal_name, user);
        rv = krb5_kuserok(context, su_principal, user);
        pamret = rv ? auth_krb5(pamh, context, su_principal_name, su_principal) : PAM_AUTH_ERR;
        free(su_principal_name);
        krb5_free_principal(context, su_principal);
        krb5_free_context(context);
+out:   (void)krb5_set_home_dir_access(NULL, allow_homedir);
        return (pamret);
 }
 



Home | Main Index | Thread Index | Old Index