Page MenuHomeFreeBSD
Files F137808902

D50808.id156897.diff
No OneTemporary
Actions

D50808.id156897.diff
View Options

Index: lib/libpam/modules/pam_ksu/Makefile
===================================================================
--- lib/libpam/modules/pam_ksu/Makefile
+++ lib/libpam/modules/pam_ksu/Makefile
@@ -25,10 +25,21 @@
PACKAGE= kerberos
+.include <src.opts.mk>
+
LIB= pam_ksu
SRCS= pam_ksu.c
MAN= pam_ksu.8
+WARNS?= 3
LIBADD+= krb5
+.if ${MK_MITKRB5} != "no"
+WARNS= 2
+CFLAGS+= -I${SRCTOP}/crypto/krb5/src/include
+CFLAGS+= -I${SRCTOP}/krb5/include
+CFLAGS+= -include ${SRCTOP}/crypto/krb5/src/include/k5-int.h
+CFLAGS+= -DMK_MITKRB5=yes
+.endif
+
.include <bsd.lib.mk>
Index: lib/libpam/modules/pam_ksu/pam_ksu.c
===================================================================
--- lib/libpam/modules/pam_ksu/pam_ksu.c
+++ lib/libpam/modules/pam_ksu/pam_ksu.c
@@ -48,6 +48,59 @@
static int auth_krb5(pam_handle_t *, krb5_context, const char *,
krb5_principal);
+#ifdef MK_MITKRB5
+/*
+ * XXX This entire module will need to be rewritten when heimdal
+ * XXX compatidibility is no longer needed.
+ */
+#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
+#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
+
+/*
+ * XXX We will replace krb5_build_principal_va() with
+ * XXX krb5_build_principal_alloc_va() when Heimdal is finally
+ * XXX removed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_build_principal_va(krb5_context context,
+ krb5_principal princ,
+ unsigned int rlen,
+ const char *realm,
+ va_list ap);
+typedef char *heim_general_string;
+typedef heim_general_string Realm;
+typedef Realm krb5_realm;
+typedef const char *krb5_const_realm;
+
+static krb5_error_code
+krb5_make_principal(krb5_context context, krb5_principal principal,
+ krb5_const_realm realm, ...)
+{
+ krb5_error_code rc;
+ va_list ap;
+ if (realm == NULL) {
+ krb5_realm temp_realm = NULL;
+ if ((rc = krb5_get_default_realm(context, &temp_realm)))
+ return (rc);
+ realm=temp_realm;
+ if (temp_realm)
+ free(temp_realm);
+ }
+ va_start(ap, realm);
+ /*
+ * XXX Ideally we should be using krb5_build_principal_alloc_va()
+ * XXX here because krb5_build_principal_va() is deprecated. But,
+ * XXX this would require changes elsewhere in the calling code
+ * XXX to call krb5_free_principal() elsewhere to free the
+ * XXX principal. We can do that after Heimdal is removed from
+ * XXX our tree.
+ */
+ rc = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
+ va_end(ap);
+ return (rc);
+}
+#endif
+
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc __unused, const char *argv[] __unused)
@@ -217,7 +270,11 @@
if (rv != 0)
return (errno);
if (default_principal == NULL) {
+#ifdef MK_MITKRB5
+ rv = krb5_make_principal(context, default_principal, NULL, current_user, NULL);
+#else
rv = krb5_make_principal(context, &default_principal, NULL, current_user, NULL);
+#endif
if (rv != 0) {
PAM_LOG("Could not determine default principal name.");
return (rv);

File Metadata

Mime Type
text/plain
Expires
Thu, Nov 27, 12:36 AM (14 m, 57 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
26236900
Default Alt Text
D50808.id156897.diff (2 KB)

Event Timeline