pam_ksu

Christos Zoulas Mon, 25 Apr 2011 15:01:16 -0700

Module Name:    src
Committed By:   christos
Date:           Mon Apr 25 22:01:04 UTC 2011


Modified Files:
        src/lib/libpam/modules/pam_ksu: pam_ksu.c

Log Message:
- make log_krb5 varyadic and merge the last error message.
- check for NULL context.
- print a more meaningful error when things go south


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/lib/libpam/modules/pam_ksu/pam_ksu.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libpam/modules/pam_ksu/pam_ksu.c
diff -u src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4 src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.5
--- src/lib/libpam/modules/pam_ksu/pam_ksu.c:1.4	Sun Apr 24 14:53:55 2011
+++ src/lib/libpam/modules/pam_ksu/pam_ksu.c	Mon Apr 25 18:01:04 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $	*/
+/*	$NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $	*/
 
 /*-
  * Copyright (c) 2002 Jacques A. Vidrine <[email protected]>
@@ -29,7 +29,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ksu/pam_ksu.c,v 1.5 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_ksu.c,v 1.4 2011/04/24 18:53:55 elric Exp $");
+__RCSID("$NetBSD: pam_ksu.c,v 1.5 2011/04/25 22:01:04 christos Exp $");
 #endif
 
 #include <sys/param.h>
@@ -51,7 +51,8 @@
 
 #define PASSWORD_PROMPT	"%s's password:"
 
-static void	log_krb5(krb5_context, const char *, krb5_error_code);
+static void	log_krb5(krb5_context, krb5_error_code, const char *, ...)
+    __printflike(3, 4);
 static long	get_su_principal(krb5_context, const char *, const char *,
 		    char **, krb5_principal *);
 static int	auth_krb5(pam_handle_t *, krb5_context, const char *,
@@ -79,7 +80,7 @@
 	PAM_LOG("Got ruser: %s", (const char *)ruser);
 	rv = krb5_init_context(&context);
 	if (rv != 0) {
-		log_krb5(context, "krb5_init_context failed: %s", rv);
+		log_krb5(context, rv, "krb5_init_context failed");
 		return (PAM_SERVICE_ERR);
 	}
 	rv = get_su_principal(context, user, ruser, &su_principal_name, &su_principal);
@@ -129,7 +130,7 @@
 
 	rv = krb5_get_init_creds_opt_alloc(context, &gic_opt);
 	if (rv != 0) {
-		log_krb5(context, "krb5_get_init_creds_opt_alloc: %s", rv);
+		log_krb5(context, rv, "krb5_get_init_creds_opt_alloc");
 		return (PAM_SERVICE_ERR);
 	}
 	krb5_verify_init_creds_opt_init(&vic_opt);
@@ -147,7 +148,7 @@
 	rv = krb5_get_init_creds_password(context, &creds, su_principal,
 	    pass, NULL, NULL, 0, NULL, gic_opt);
 	if (rv != 0) {
-		log_krb5(context, "krb5_get_init_creds_password: %s", rv);
+		log_krb5(context, rv, "krb5_get_init_creds_password");
 		return (PAM_AUTH_ERR);
 	}
 	krb5_verify_init_creds_opt_set_ap_req_nofail(&vic_opt, 1);
@@ -155,24 +156,33 @@
 	    &vic_opt);
 	krb5_free_cred_contents(context, &creds);
 	if (rv != 0) {
-		log_krb5(context, "krb5_verify_init_creds: %s", rv);
+		log_krb5(context, rv, "krb5_verify_init_creds");
 		return (PAM_AUTH_ERR);
 	}
 	return (PAM_SUCCESS);
 }
 
 static void
-log_krb5(krb5_context ctx, const char *fmt, krb5_error_code err)
+log_krb5(krb5_context ctx, krb5_error_code err, const char *fmt, ...)
 {
-	const char	*errtxt;
+	char b1[1024], b2[1024];
+	const char *errtxt;
+	va_list ap;
  
-        errtxt = krb5_get_error_message(ctx, err);
+	va_start(ap, fmt);
+	vsnprintf(b1, sizeof(b1), fmt, ap);
+	va_end(ap);
+	if (ctx)
+		errtxt = krb5_get_error_message(ctx, err);
+	else
+		errtxt = NULL;
 	if (errtxt != NULL) {
-		PAM_LOG(fmt, errtxt);
 		krb5_free_error_message(ctx, errtxt);
+		snprintf(b2, sizeof(b2), "%s (%s)", b1, errtxt);
 	} else {
-		PAM_LOG(fmt, "unknown");
+		snprintf(b2, sizeof(b1), "%s (unknown %d)", b1, (int)err);
 	}
+	PAM_LOG(b2);
 }
 
 /* Determine the target principal given the current user and the target user.
@@ -199,7 +209,6 @@
 	char		*principal_name, *ccname, *p;
 	long		 rv;
 	uid_t		 euid, ruid;
-	const char	*errtxt;
 
 	*su_principal = NULL;
 	default_principal = NULL;
@@ -244,7 +253,7 @@
 	rv = krb5_unparse_name(context, default_principal, &principal_name);
 	krb5_free_principal(context, default_principal);
 	if (rv != 0) {
-		log_krb5(context, "krb5_unparse_name: %s", rv);
+		log_krb5(context, rv, "krb5_unparse_name");
 		return (rv);
 	}
 	PAM_LOG("Default principal name: %s", principal_name);
@@ -266,16 +275,8 @@
 		return (errno);
 	rv = krb5_parse_name(context, *su_principal_name, &default_principal);
 	if (rv != 0) {
-		errtxt = krb5_get_error_message(context, rv);
-		if (errtxt != NULL) {
-			PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name,
-			    errtxt);
-			krb5_free_error_message(context, errtxt);
-		} else {
-			PAM_LOG("krb5_parse_name `%s': %ld", *su_principal_name,
-			    rv);
-		}
-		free(*su_principal_name);
+		log_krb5(context, rv, "krb5_parse_name `%s'",
+		    *su_principal_name);
 		return (rv);
 	}
 	PAM_LOG("Target principal name: %s", *su_principal_name);

CVS commit: src/lib/libpam/modules/pam_ksu

Reply via email to