pam_ksu

Roland Dowdeswell Sun, 24 Apr 2011 11:54:02 -0700

Module Name:    src
Committed By:   elric
Date:           Sun Apr 24 18:53:55 UTC 2011


Modified Files:
        src/lib/libpam/modules/pam_ksu: pam_ksu.c

Log Message:
Stop using functions that are marked as deprecated in Heimdal.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/lib/libpam/modules/pam_ksu/pam_ksu.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c
diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.3 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4
--- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.3	Sun Mar  8 19:38:03 2009
+++ src/lib/libpam/modules/pam_ksu/pam_ksu.c	Sun Apr 24 18:53:55 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_ksu.c,v 1.3 2009/03/08 19:38:03 christos Exp $	*/
+/*	$NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $	*/
 
 /*-
  * Copyright (c) 2002 Jacques A. Vidrine <[email protected]>
@@ -29,7 +29,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_ksu.c,v 1.3 2009/03/08 19:38:03 christos Exp $");
+__RCSID("$NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $");
 #endif
 
 #include <sys/param.h>
@@ -51,6 +51,7 @@
 
 #define PASSWORD_PROMPT	"%s's password:"
 
+static void	log_krb5(krb5_context, const char *, krb5_error_code);
 static long	get_su_principal(krb5_context, const char *, const char *,
 		    char **, krb5_principal *);
 static int	auth_krb5(pam_handle_t *, krb5_context, const char *,
@@ -78,8 +79,7 @@
 	PAM_LOG("Got ruser: %s", (const char *)ruser);
 	rv = krb5_init_context(&context);
 	if (rv != 0) {
-		PAM_LOG("krb5_init_context failed: %s",
-			krb5_get_err_text(context, rv));
+		log_krb5(context, "krb5_init_context failed: %s", rv);
 		return (PAM_SERVICE_ERR);
 	}
 	rv = get_su_principal(context, user, ruser, &su_principal_name, &su_principal);
@@ -120,14 +120,18 @@
     krb5_principal su_principal)
 {
 	krb5_creds	 creds;
-	krb5_get_init_creds_opt gic_opt;
+	krb5_get_init_creds_opt *gic_opt;
 	krb5_verify_init_creds_opt vic_opt;
 	const char	*pass;
 	char		 prompt[80];
 	long		 rv;
 	int		 pamret;
 
-	krb5_get_init_creds_opt_init(&gic_opt);
+	rv = krb5_get_init_creds_opt_alloc(context, &gic_opt);
+	if (rv != 0) {
+		log_krb5(context, "krb5_get_init_creds_opt_alloc: %s", rv);
+		return (PAM_SERVICE_ERR);
+	}
 	krb5_verify_init_creds_opt_init(&vic_opt);
 	if (su_principal_name != NULL)
 		(void)snprintf(prompt, sizeof(prompt), PASSWORD_PROMPT,
@@ -141,10 +145,9 @@
 	if (pamret != PAM_SUCCESS)
 		return (pamret);
 	rv = krb5_get_init_creds_password(context, &creds, su_principal,
-	    pass, NULL, NULL, 0, NULL, &gic_opt);
+	    pass, NULL, NULL, 0, NULL, gic_opt);
 	if (rv != 0) {
-		PAM_LOG("krb5_get_init_creds_password: %s",
-			krb5_get_err_text(context, rv));
+		log_krb5(context, "krb5_get_init_creds_password: %s", rv);
 		return (PAM_AUTH_ERR);
 	}
 	krb5_verify_init_creds_opt_set_ap_req_nofail(&vic_opt, 1);
@@ -152,13 +155,26 @@
 	    &vic_opt);
 	krb5_free_cred_contents(context, &creds);
 	if (rv != 0) {
-		PAM_LOG("krb5_verify_init_creds: %s",
-		       krb5_get_err_text(context, rv));
+		log_krb5(context, "krb5_verify_init_creds: %s", rv);
 		return (PAM_AUTH_ERR);
 	}
 	return (PAM_SUCCESS);
 }
 
+static void
+log_krb5(krb5_context ctx, const char *fmt, krb5_error_code err)
+{
+	const char	*errtxt;
+ 
+        errtxt = krb5_get_error_message(ctx, err);
+	if (errtxt != NULL) {
+		PAM_LOG(fmt, errtxt);
+		krb5_free_error_message(ctx, errtxt);
+	} else {
+		PAM_LOG(fmt, "unknown");
+	}
+}
+
 /* Determine the target principal given the current user and the target user.
  *   context           -- An initialized krb5_context.
  *   target_user       -- The target username.
@@ -183,6 +199,7 @@
 	char		*principal_name, *ccname, *p;
 	long		 rv;
 	uid_t		 euid, ruid;
+	const char	*errtxt;
 
 	*su_principal = NULL;
 	default_principal = NULL;
@@ -227,8 +244,7 @@
 	rv = krb5_unparse_name(context, default_principal, &principal_name);
 	krb5_free_principal(context, default_principal);
 	if (rv != 0) {
-		PAM_LOG("krb5_unparse_name: %s",
-		    krb5_get_err_text(context, rv));
+		log_krb5(context, "krb5_unparse_name: %s", rv);
 		return (rv);
 	}
 	PAM_LOG("Default principal name: %s", principal_name);
@@ -250,8 +266,15 @@
 		return (errno);
 	rv = krb5_parse_name(context, *su_principal_name, &default_principal);
 	if (rv != 0) {
-		PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name,
-		    krb5_get_err_text(context, rv));
+		errtxt = krb5_get_error_message(context, rv);
+		if (errtxt != NULL) {
+			PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name,
+			    errtxt);
+			krb5_free_error_message(context, errtxt);
+		} else {
+			PAM_LOG("krb5_parse_name `%s': %ld", *su_principal_name,
+			    rv);
+		}
 		free(*su_principal_name);
 		return (rv);
 	}

CVS commit: src/lib/libpam/modules/pam_ksu

Reply via email to