From nobody Fri Aug 04 16:08:54 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RHVyG6C3yz4Tpg6; Fri, 4 Aug 2023 16:08:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RHVyG5qsTz3Yhm; Fri, 4 Aug 2023 16:08:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691165334; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OdGbDjX9vvN0FvOAGf0t0njzCMYHybcOQHsBhXKn8wk=; b=k7iLgGutbHTSge1SKrJGFPy79L4nH5VXuCq+FD1K+uVQKLRIzGB8ZfYbqocK+TD4Ut4iJr h9H3V7lZwjbjBwxZhw++Te1rO1Gzrmn1HhO3qLBsAa+jbsiCtOq8XAhTnTdjl3fLwl6zrI ryE/ZQOUeOG30BKpIXeYEP4NPEivUsoDCWQm9Qmk2E3jFY8wX6AR6YM+kUuwH82XkbvCEI pZiw76Z2kqZAd+oy2JChKARYob7mbsVlBpYkUwwU5pWhuvCClmVFESyi2IuyVSZSIAMI9L YwhxZpyZrkyKFpV1k7/P55LijLbQB2nuKQqVPPvagTv+E62b5zZ4ojfQCmnzJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691165334; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OdGbDjX9vvN0FvOAGf0t0njzCMYHybcOQHsBhXKn8wk=; b=JU8e4TLpCM9yEAtdkL6XE/vZPy9uqE3TSi8OhyacF8xRCQWRWN82jDg5URT63tfOpZTmVk znCUudc5q/54hwkXrDOMlvJxXRIoKaiyyJE107TlaHRF0+W/5+O0o6EUTkCCk43oIn9SzY FJVvd3/hdc0+lCPBF0qMZM2yVETppkHm/aZr4LLHakwJT93zf2dIR8WgdThvOkw7JzN+/N OwWLOolCyY9dYu4v0lpxTPgMNC2zGxBduHXeNZVRnDGtzYul1UKNRm5ZgnMB+nukmsaxXu 282jOTshxv5UJGGkhLib41tBNLWxiV1Ob8JDku1zDzv2Npbma8uaNIr87pMcMg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1691165334; a=rsa-sha256; cv=none; b=ue9WPbXpwrbSmEvOnit0AQCmrUK0SzmpRgC8zpslVAT8wrYyP9ehRmddaZsObVeXLAP48U Fctev0mTNYbjkT3Jm3ykn9RC2AzkcYivs/ag/CuTQABR3gT3Y1VyBbyve7eAY6ZGgJ47Z9 RGxUPzi7Xfl/TJH7qFDibwrtMkcc+XOcVK9xJnTO6HTn7xnb0TAn0kUfmPOveT+lFlOoxX UlqRiP29bGeExB2d+yhLUPemI+jJ4cmT7C2p3fv3+m+6NssDiO5DY1sVYuvAk9c1s8u/Ea 4ua30mmrybbVeyaQxFp5OkR79ZP5AXADC1owm0JXXBmPjXZc/40/8pm5lUF+Wg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RHVyG4xZqz180q; Fri, 4 Aug 2023 16:08:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 374G8sGF093996; Fri, 4 Aug 2023 16:08:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 374G8shS093995; Fri, 4 Aug 2023 16:08:54 GMT (envelope-from git) Date: Fri, 4 Aug 2023 16:08:54 GMT Message-Id: <202308041608.374G8shS093995@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: =?utf-8?Q?Dag-Erling=20Sm=C3=B8rgrav?= Subject: git: 9c2823bae92c - main - pam_krb5: Rename a variable. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9c2823bae92c09e5356623118da2777bc3ed521d Auto-Submitted: auto-generated The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=9c2823bae92c09e5356623118da2777bc3ed521d commit 9c2823bae92c09e5356623118da2777bc3ed521d Author: Dag-Erling Smørgrav AuthorDate: 2023-08-04 16:08:28 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2023-08-04 16:08:38 +0000 pam_krb5: Rename a variable. Reviewed by: cy Differential Revision: https://reviews.freebsd.org/D41300 --- lib/libpam/modules/pam_krb5/pam_krb5.c | 180 ++++++++++++++++----------------- 1 file changed, 90 insertions(+), 90 deletions(-) diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c index 378de46d769f..ef39fe8acb22 100644 --- a/lib/libpam/modules/pam_krb5/pam_krb5.c +++ b/lib/libpam/modules/pam_krb5/pam_krb5.c @@ -114,7 +114,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc __unused, const char *argv[] __unused) { krb5_error_code krbret; - krb5_context pam_context; + krb5_context krbctx; int debug; const char *auth_service; krb5_principal auth_princ; @@ -154,7 +154,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, goto cleanup6; } - krbret = krb5_init_context(&pam_context); + krbret = krb5_init_context(&krbctx); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; @@ -164,7 +164,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Context initialised"); debug = openpam_get_option(pamh, PAM_OPT_DEBUG) ? 1 : 0; - krbret = verify_krb_v5_tgt_begin(pam_context, srvdup, debug, + krbret = verify_krb_v5_tgt_begin(krbctx, srvdup, debug, &auth_service, &auth_princ, auth_phost); if (krbret != 0) { /* failed to find key */ /* Keytab or service key does not exist */ @@ -180,7 +180,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, } } - krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE); + krbret = krb5_cc_register(krbctx, &krb5_mcc_ops, FALSE); if (krbret != 0 && krbret != KRB5_CC_TYPE_EXISTS) { PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; @@ -197,10 +197,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Created principal: %s", principal); - krbret = krb5_parse_name(pam_context, principal, &princ); + krbret = krb5_parse_name(krbctx, principal, &princ); free(principal); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, "Error krb5_parse_name()"); + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_parse_name()"); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; goto cleanup3; @@ -210,9 +210,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, /* Now convert the principal name into something human readable */ princ_name = NULL; - krbret = krb5_unparse_name(pam_context, princ, &princ_name); + krbret = krb5_unparse_name(krbctx, princ, &princ_name); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_unparse_name()"); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; @@ -235,11 +235,11 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, /* Verify the local user exists (AFTER getting the password) */ if (strchr(user, '@')) { /* get a local account name for this principal */ - krbret = krb5_aname_to_localname(pam_context, princ, + krbret = krb5_aname_to_localname(krbctx, princ, sizeof(luser), luser); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_aname_to_localname()"); retval = PAM_USER_UNKNOWN; goto cleanup2; @@ -264,15 +264,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, } /* Initialize credentials request options. */ - krbret = krb5_get_init_creds_opt_alloc(pam_context, &opts); + krbret = krb5_get_init_creds_opt_alloc(krbctx, &opts); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_get_init_creds_opt_alloc()"); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; goto cleanup2; } - krb5_get_init_creds_opt_set_default_flags(pam_context, + krb5_get_init_creds_opt_set_default_flags(krbctx, service, NULL, opts); if (openpam_get_option(pamh, PAM_OPT_FORWARDABLE)) @@ -282,12 +282,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, /* Get a TGT */ memset(&creds, 0, sizeof(krb5_creds)); - krbret = krb5_get_init_creds_password(pam_context, &creds, princ, + krbret = krb5_get_init_creds_password(krbctx, &creds, princ, pass, NULL, pamh, 0, NULL, opts); - krb5_get_init_creds_opt_free(pam_context, opts); + krb5_get_init_creds_opt_free(krbctx, opts); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_get_init_creds_password()"); retval = PAM_AUTH_ERR; goto cleanup2; @@ -296,28 +296,28 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Got TGT"); /* Generate a temporary cache */ - krbret = krb5_cc_new_unique(pam_context, krb5_cc_type_memory, NULL, &ccache); + krbret = krb5_cc_new_unique(krbctx, krb5_cc_type_memory, NULL, &ccache); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_new_unique()"); retval = PAM_SERVICE_ERR; goto cleanup; } - krbret = krb5_cc_initialize(pam_context, ccache, princ); + krbret = krb5_cc_initialize(krbctx, ccache, princ); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_initialize()"); retval = PAM_SERVICE_ERR; goto cleanup; } - krbret = krb5_cc_store_cred(pam_context, ccache, &creds); + krbret = krb5_cc_store_cred(krbctx, ccache, &creds); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_store_cred()"); - krb5_cc_destroy(pam_context, ccache); + krb5_cc_destroy(krbctx, ccache); retval = PAM_SERVICE_ERR; goto cleanup; } @@ -325,14 +325,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Credentials stashed"); /* Verify them */ - krbret = verify_krb_v5_tgt(pam_context, ccache, srvdup, + krbret = verify_krb_v5_tgt(krbctx, ccache, srvdup, debug, auth_service, auth_princ, auth_phost); free(srvdup); srvdup = NULL; if (krbret == -1) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - krb5_cc_destroy(pam_context, ccache); + krb5_cc_destroy(krbctx, ccache); retval = PAM_AUTH_ERR; goto cleanup; } @@ -341,7 +341,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, retval = pam_get_data(pamh, "ccache", &ccache_data); if (retval == PAM_SUCCESS) { - krb5_cc_destroy(pam_context, ccache); + krb5_cc_destroy(krbctx, ccache); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_AUTH_ERR; goto cleanup; @@ -349,8 +349,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Credentials stash not pre-existing"); - asprintf(&ccache_name, "%s:%s", krb5_cc_get_type(pam_context, - ccache), krb5_cc_get_name(pam_context, ccache)); + asprintf(&ccache_name, "%s:%s", krb5_cc_get_type(krbctx, + ccache), krb5_cc_get_name(krbctx, ccache)); if (ccache_name == NULL) { PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_BUF_ERR; @@ -358,7 +358,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, } retval = pam_set_data(pamh, "ccache", ccache_name, cleanup_cache); if (retval != 0) { - krb5_cc_destroy(pam_context, ccache); + krb5_cc_destroy(krbctx, ccache); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; goto cleanup; @@ -367,21 +367,21 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Credentials stash saved"); cleanup: - krb5_free_cred_contents(pam_context, &creds); + krb5_free_cred_contents(krbctx, &creds); PAM_LOG("Done cleanup"); cleanup2: - krb5_free_principal(pam_context, princ); + krb5_free_principal(krbctx, princ); if (princ_name) free(princ_name); PAM_LOG("Done cleanup2"); cleanup3: - krb5_free_context(pam_context); + krb5_free_context(krbctx); PAM_LOG("Done cleanup3"); cleanup4: - verify_krb_v5_tgt_cleanup(pam_context, debug, + verify_krb_v5_tgt_cleanup(krbctx, debug, auth_service, auth_princ, auth_phost); PAM_LOG("Done cleanup4"); @@ -407,7 +407,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, #else krb5_error_code krbret; - krb5_context pam_context; + krb5_context krbctx; krb5_principal princ; krb5_creds creds; krb5_ccache ccache_temp, ccache_perm; @@ -448,7 +448,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Got user: %s", (const char *)user); - krbret = krb5_init_context(&pam_context); + krbret = krb5_init_context(&krbctx); if (krbret != 0) { PAM_LOG("Error krb5_init_context() failed"); return (PAM_SERVICE_ERR); @@ -467,9 +467,9 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, retval = PAM_CRED_UNAVAIL; goto cleanup3; } - krbret = krb5_cc_resolve(pam_context, cache_data, &ccache_temp); + krbret = krb5_cc_resolve(krbctx, cache_data, &ccache_temp); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_resolve(\"%s\")", (const char *)cache_data); retval = PAM_SERVICE_ERR; goto cleanup3; @@ -540,22 +540,22 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Got cache_name: %s", cache_name); /* Initialize the new ccache */ - krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ); + krbret = krb5_cc_get_principal(krbctx, ccache_temp, &princ); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_get_principal()"); retval = PAM_SERVICE_ERR; goto cleanup3; } - krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm); + krbret = krb5_cc_resolve(krbctx, cache_name, &ccache_perm); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, "Error krb5_cc_resolve()"); + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_resolve()"); retval = PAM_SERVICE_ERR; goto cleanup2; } - krbret = krb5_cc_initialize(pam_context, ccache_perm, princ); + krbret = krb5_cc_initialize(krbctx, ccache_perm, princ); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_initialize()"); retval = PAM_SERVICE_ERR; goto cleanup2; @@ -564,11 +564,11 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Cache initialised"); /* Prepare for iteration over creds */ - krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor); + krbret = krb5_cc_start_seq_get(krbctx, ccache_temp, &cursor); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_start_seq_get()"); - krb5_cc_destroy(pam_context, ccache_perm); + krb5_cc_destroy(krbctx, ccache_perm); retval = PAM_SERVICE_ERR; goto cleanup2; } @@ -576,27 +576,27 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Prepared for iteration"); /* Copy the creds (should be two of them) */ - while (krb5_cc_next_cred(pam_context, ccache_temp, &cursor, &creds) == 0) { - krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds); + while (krb5_cc_next_cred(krbctx, ccache_temp, &cursor, &creds) == 0) { + krbret = krb5_cc_store_cred(krbctx, ccache_perm, &creds); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_store_cred()"); - krb5_cc_destroy(pam_context, ccache_perm); - krb5_free_cred_contents(pam_context, &creds); + krb5_cc_destroy(krbctx, ccache_perm); + krb5_free_cred_contents(krbctx, &creds); retval = PAM_SERVICE_ERR; goto cleanup2; } - krb5_free_cred_contents(pam_context, &creds); + krb5_free_cred_contents(krbctx, &creds); PAM_LOG("Iteration"); } - krb5_cc_end_seq_get(pam_context, ccache_temp, &cursor); + krb5_cc_end_seq_get(krbctx, ccache_temp, &cursor); PAM_LOG("Done iterating"); if (strstr(cache_name, "FILE:") == cache_name) { if (chown(&cache_name[5], pwd->pw_uid, pwd->pw_gid) == -1) { PAM_LOG("Error chown(): %s", strerror(errno)); - krb5_cc_destroy(pam_context, ccache_perm); + krb5_cc_destroy(krbctx, ccache_perm); retval = PAM_SERVICE_ERR; goto cleanup2; } @@ -604,21 +604,21 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, if (chmod(&cache_name[5], (S_IRUSR | S_IWUSR)) == -1) { PAM_LOG("Error chmod(): %s", strerror(errno)); - krb5_cc_destroy(pam_context, ccache_perm); + krb5_cc_destroy(krbctx, ccache_perm); retval = PAM_SERVICE_ERR; goto cleanup2; } PAM_LOG("Done chmod()"); } - krb5_cc_close(pam_context, ccache_perm); + krb5_cc_close(krbctx, ccache_perm); PAM_LOG("Cache closed"); retval = pam_setenv(pamh, "KRB5CCNAME", cache_name, 1); if (retval != PAM_SUCCESS) { PAM_LOG("Error pam_setenv(): %s", pam_strerror(pamh, retval)); - krb5_cc_destroy(pam_context, ccache_perm); + krb5_cc_destroy(krbctx, ccache_perm); retval = PAM_SERVICE_ERR; goto cleanup2; } @@ -626,10 +626,10 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Environment done: KRB5CCNAME=%s", cache_name); cleanup2: - krb5_free_principal(pam_context, princ); + krb5_free_principal(krbctx, princ); PAM_LOG("Done cleanup2"); cleanup3: - krb5_free_context(pam_context); + krb5_free_context(krbctx); PAM_LOG("Done cleanup3"); seteuid(euid); @@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, int argc __unused, const char *argv[] __unused) { krb5_error_code krbret; - krb5_context pam_context; + krb5_context krbctx; krb5_ccache ccache; krb5_principal princ; int retval; @@ -671,7 +671,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_LOG("Got credentials"); - krbret = krb5_init_context(&pam_context); + krbret = krb5_init_context(&krbctx); if (krbret != 0) { PAM_LOG("Error krb5_init_context() failed"); return (PAM_PERM_DENIED); @@ -679,20 +679,20 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_LOG("Context initialised"); - krbret = krb5_cc_resolve(pam_context, (const char *)ccache_name, &ccache); + krbret = krb5_cc_resolve(krbctx, (const char *)ccache_name, &ccache); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_resolve(\"%s\")", (const char *)ccache_name); - krb5_free_context(pam_context); + krb5_free_context(krbctx); return (PAM_PERM_DENIED); } PAM_LOG("Got ccache %s", (const char *)ccache_name); - krbret = krb5_cc_get_principal(pam_context, ccache, &princ); + krbret = krb5_cc_get_principal(krbctx, ccache, &princ); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_get_principal()"); retval = PAM_PERM_DENIED; goto cleanup; @@ -700,16 +700,16 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_LOG("Got principal"); - if (krb5_kuserok(pam_context, princ, (const char *)user)) + if (krb5_kuserok(krbctx, princ, (const char *)user)) retval = PAM_SUCCESS; else retval = PAM_PERM_DENIED; - krb5_free_principal(pam_context, princ); + krb5_free_principal(krbctx, princ); PAM_LOG("Done kuserok()"); cleanup: - krb5_free_context(pam_context); + krb5_free_context(krbctx); PAM_LOG("Done cleanup"); return (retval); @@ -724,7 +724,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc __unused, const char *argv[] __unused) { krb5_error_code krbret; - krb5_context pam_context; + krb5_context krbctx; krb5_creds creds; krb5_principal princ; krb5_get_init_creds_opt *opts; @@ -743,7 +743,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("Got user: %s", (const char *)user); - krbret = krb5_init_context(&pam_context); + krbret = krb5_init_context(&krbctx); if (krbret != 0) { PAM_LOG("Error krb5_init_context() failed"); return (PAM_SERVICE_ERR); @@ -752,9 +752,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("Context initialised"); /* Get principal name */ - krbret = krb5_parse_name(pam_context, (const char *)user, &princ); + krbret = krb5_parse_name(krbctx, (const char *)user, &princ); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_parse_name()"); retval = PAM_USER_UNKNOWN; goto cleanup3; @@ -762,9 +762,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* Now convert the principal name into something human readable */ princ_name = NULL; - krbret = krb5_unparse_name(pam_context, princ, &princ_name); + krbret = krb5_unparse_name(krbctx, princ, &princ_name); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_unparse_name()"); retval = PAM_SERVICE_ERR; goto cleanup2; @@ -780,9 +780,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("Got password"); /* Initialize credentials request options. */ - krbret = krb5_get_init_creds_opt_alloc(pam_context, &opts); + krbret = krb5_get_init_creds_opt_alloc(krbctx, &opts); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_get_init_creds_opt_alloc()"); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; @@ -792,11 +792,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("Credentials options initialised"); memset(&creds, 0, sizeof(krb5_creds)); - krbret = krb5_get_init_creds_password(pam_context, &creds, princ, + krbret = krb5_get_init_creds_password(krbctx, &creds, princ, pass, NULL, pamh, 0, "kadmin/changepw", opts); - krb5_get_init_creds_opt_free(pam_context, opts); + krb5_get_init_creds_opt_free(krbctx, opts); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_get_init_creds_password()"); retval = PAM_AUTH_ERR; goto cleanup2; @@ -822,11 +822,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = PAM_BUF_ERR; goto cleanup; } - krbret = krb5_set_password(pam_context, &creds, passdup, NULL, + krbret = krb5_set_password(krbctx, &creds, passdup, NULL, &result_code, &result_code_string, &result_string); free(passdup); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_change_password()"); retval = PAM_AUTHTOK_ERR; goto cleanup; @@ -845,16 +845,16 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, free(result_code_string.data); cleanup: - krb5_free_cred_contents(pam_context, &creds); + krb5_free_cred_contents(krbctx, &creds); PAM_LOG("Done cleanup"); cleanup2: - krb5_free_principal(pam_context, princ); + krb5_free_principal(krbctx, princ); if (princ_name) free(princ_name); PAM_LOG("Done cleanup2"); cleanup3: - krb5_free_context(pam_context); + krb5_free_context(krbctx); PAM_LOG("Done cleanup3"); @@ -1018,17 +1018,17 @@ verify_krb_v5_tgt_cleanup(krb5_context context, int debug, static void cleanup_cache(pam_handle_t *pamh __unused, void *data, int pam_end_status __unused) { - krb5_context pam_context; + krb5_context krbctx; krb5_ccache ccache; krb5_error_code krbret; - if (krb5_init_context(&pam_context)) + if (krb5_init_context(&krbctx)) return; - krbret = krb5_cc_resolve(pam_context, data, &ccache); + krbret = krb5_cc_resolve(krbctx, data, &ccache); if (krbret == 0) - krb5_cc_destroy(pam_context, ccache); - krb5_free_context(pam_context); + krb5_cc_destroy(krbctx, ccache); + krb5_free_context(krbctx); free(data); }