From nobody Thu Sep 07 17:30:49 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RhR951ZNjz4sJ6y; Thu, 7 Sep 2023 17:30:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RhR951Drrz4PGs; Thu, 7 Sep 2023 17:30:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694107849; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nx2onlVXiNkwzRw1iEJ078U18PnInbsUDc8ySxs9NjQ=; b=nnzamIPJPyLsSTmxNJA0KbBILhrmijdvy+3Yfxvb4XWumntdT/HJTtFdTFhgTVIX9KUoJC UnlkCM+QExUA9MCyoS+ysmIMFFmPtLY+nes1XopCsVzqehgkOdm4kgDnlV1m16oaUMS6cQ WFpzGe+dkuH0TkOZAHPYvejQvZFWlVJVgstZMi86vzyCRPHvtnlileUu1RSV6uw/u66sVU xjnPEjhs3fLP3779vUaJfmC1AHYVNeX8C5wZXkUvmf9MbGwFf2ob0VxykcQu4LusEH/3e7 jtEos4ZW7qkvpY5wFBR/vXp8BEwDUbkm/pA3Y2rVV1BWdcNvASnn2eQQH+hrxg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694107849; a=rsa-sha256; cv=none; b=AUbT79WTH8uvyWY5kFrFIab2oqYZgGzng7DefQ033Ghg+mZisOfCYQMwRGGYC8f4PrcrYW Hc4MIlm7/Is32LBMtZQ6AJaRCs3pVVFFgU7Vf/MTavRr3SoeGUdTA43+zsijHnvnXmEBha C3YVXZ4VrSM8KmGNnzh1DFC4vpUtG6m1rWmpH6Zk4Tzz3cMaY9xJek9+cAgfneLSfpRFSa ruvsHc8Aj64YBm7rzEWNif9Sp8viQj3CMzJAMeUZGr2FjuIYedi7g3kH4u9sWMyKFm9hVE YjTMmMre3Eab/ekvRK1GvMgzg50o7oCZYZutTfY2PguoVfW3P53ywYEBhzKToA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694107849; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nx2onlVXiNkwzRw1iEJ078U18PnInbsUDc8ySxs9NjQ=; b=lj7i7+Zi4XMdxzswpEbYcOR3GDH9xv1EYNeHX6NzAZH4WUjZwkq9wiULkdWOzKwFU9iap6 dKmHjEZoTAOUXhq2QzemeJirBTq22GcCAI/JYFcLMuBk7JqSlztrccCoMIJN6MGC0jWdcO zKQ0tEFumZ4CuDs5Cz6ACYNx7SNukQxQGO14XUQ7HzSQo+F8Hm3FDbbmstMWcx9BcbYbgi b+Ix6I38quJDeyc90QzsIW5Lf5mOe/N9V1Lz4Kvk0DA/kThhCBDOGmOmzJRZEtc6r8nQ0B 0MFgMerFIYA2ucRj9kLnHMVQ/sG1bFhzeU+4LOrYqDOiWs4Z2vZ7CEjnzfMmbA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RhR950GBwz17BR; Thu, 7 Sep 2023 17:30:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 387HUn76077455; Thu, 7 Sep 2023 17:30:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 387HUn7T077452; Thu, 7 Sep 2023 17:30:49 GMT (envelope-from git) Date: Thu, 7 Sep 2023 17:30:49 GMT Message-Id: <202309071730.387HUn7T077452@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= Subject: git: 27968aa02206 - stable/13 - pam_krb5: Clarify a loop condition. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 27968aa02206baf85314305116fd63d55a3bebf4 Auto-Submitted: auto-generated The branch stable/13 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=27968aa02206baf85314305116fd63d55a3bebf4 commit 27968aa02206baf85314305116fd63d55a3bebf4 Author: Dag-Erling Smørgrav AuthorDate: 2023-08-04 16:08:21 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2023-09-07 17:27:55 +0000 pam_krb5: Clarify a loop condition. The closing parenthesis was in the wrong location, so instead of assigning the return value to krbret and then comparing it to zero, we were assigning the result of the comparison to krbret and then comparing that to zero. This has no practical significance since the value is not used after the loop terminates. PR: 229719 Reviewed by: cy Differential Revision: https://reviews.freebsd.org/D41299 (cherry picked from commit acc7cf8641dcedad295ff0e569c3f3a28939ada0) pam_krb5: Rename a variable. Reviewed by: cy Differential Revision: https://reviews.freebsd.org/D41300 (cherry picked from commit 9c2823bae92c09e5356623118da2777bc3ed521d) --- lib/libpam/modules/pam_krb5/pam_krb5.c | 181 ++++++++++++++++----------------- 1 file changed, 90 insertions(+), 91 deletions(-) diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c index 66eb8b7f29c4..34f457d07a40 100644 --- a/lib/libpam/modules/pam_krb5/pam_krb5.c +++ b/lib/libpam/modules/pam_krb5/pam_krb5.c @@ -112,7 +112,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc __unused, const char *argv[] __unused) { krb5_error_code krbret; - krb5_context pam_context; + krb5_context krbctx; int debug; const char *auth_service; krb5_principal auth_princ; @@ -152,7 +152,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, goto cleanup6; } - krbret = krb5_init_context(&pam_context); + krbret = krb5_init_context(&krbctx); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; @@ -162,7 +162,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Context initialised"); debug = openpam_get_option(pamh, PAM_OPT_DEBUG) ? 1 : 0; - krbret = verify_krb_v5_tgt_begin(pam_context, srvdup, debug, + krbret = verify_krb_v5_tgt_begin(krbctx, srvdup, debug, &auth_service, &auth_princ, auth_phost); if (krbret != 0) { /* failed to find key */ /* Keytab or service key does not exist */ @@ -178,7 +178,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, } } - krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE); + krbret = krb5_cc_register(krbctx, &krb5_mcc_ops, FALSE); if (krbret != 0 && krbret != KRB5_CC_TYPE_EXISTS) { PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; @@ -195,10 +195,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Created principal: %s", principal); - krbret = krb5_parse_name(pam_context, principal, &princ); + krbret = krb5_parse_name(krbctx, principal, &princ); free(principal); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, "Error krb5_parse_name()"); + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_parse_name()"); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; goto cleanup3; @@ -208,9 +208,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, /* Now convert the principal name into something human readable */ princ_name = NULL; - krbret = krb5_unparse_name(pam_context, princ, &princ_name); + krbret = krb5_unparse_name(krbctx, princ, &princ_name); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_unparse_name()"); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; @@ -233,11 +233,11 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, /* Verify the local user exists (AFTER getting the password) */ if (strchr(user, '@')) { /* get a local account name for this principal */ - krbret = krb5_aname_to_localname(pam_context, princ, + krbret = krb5_aname_to_localname(krbctx, princ, sizeof(luser), luser); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_aname_to_localname()"); retval = PAM_USER_UNKNOWN; goto cleanup2; @@ -262,15 +262,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, } /* Initialize credentials request options. */ - krbret = krb5_get_init_creds_opt_alloc(pam_context, &opts); + krbret = krb5_get_init_creds_opt_alloc(krbctx, &opts); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_get_init_creds_opt_alloc()"); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; goto cleanup2; } - krb5_get_init_creds_opt_set_default_flags(pam_context, + krb5_get_init_creds_opt_set_default_flags(krbctx, service, NULL, opts); if (openpam_get_option(pamh, PAM_OPT_FORWARDABLE)) @@ -280,12 +280,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, /* Get a TGT */ memset(&creds, 0, sizeof(krb5_creds)); - krbret = krb5_get_init_creds_password(pam_context, &creds, princ, + krbret = krb5_get_init_creds_password(krbctx, &creds, princ, pass, NULL, pamh, 0, NULL, opts); - krb5_get_init_creds_opt_free(pam_context, opts); + krb5_get_init_creds_opt_free(krbctx, opts); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_get_init_creds_password()"); retval = PAM_AUTH_ERR; goto cleanup2; @@ -294,28 +294,28 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Got TGT"); /* Generate a temporary cache */ - krbret = krb5_cc_new_unique(pam_context, krb5_cc_type_memory, NULL, &ccache); + krbret = krb5_cc_new_unique(krbctx, krb5_cc_type_memory, NULL, &ccache); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_new_unique()"); retval = PAM_SERVICE_ERR; goto cleanup; } - krbret = krb5_cc_initialize(pam_context, ccache, princ); + krbret = krb5_cc_initialize(krbctx, ccache, princ); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_initialize()"); retval = PAM_SERVICE_ERR; goto cleanup; } - krbret = krb5_cc_store_cred(pam_context, ccache, &creds); + krbret = krb5_cc_store_cred(krbctx, ccache, &creds); if (krbret != 0) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_store_cred()"); - krb5_cc_destroy(pam_context, ccache); + krb5_cc_destroy(krbctx, ccache); retval = PAM_SERVICE_ERR; goto cleanup; } @@ -323,14 +323,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Credentials stashed"); /* Verify them */ - krbret = verify_krb_v5_tgt(pam_context, ccache, srvdup, + krbret = verify_krb_v5_tgt(krbctx, ccache, srvdup, debug, auth_service, auth_princ, auth_phost); free(srvdup); srvdup = NULL; if (krbret == -1) { PAM_VERBOSE_ERROR("Kerberos 5 error"); - krb5_cc_destroy(pam_context, ccache); + krb5_cc_destroy(krbctx, ccache); retval = PAM_AUTH_ERR; goto cleanup; } @@ -339,7 +339,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, retval = pam_get_data(pamh, "ccache", &ccache_data); if (retval == PAM_SUCCESS) { - krb5_cc_destroy(pam_context, ccache); + krb5_cc_destroy(krbctx, ccache); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_AUTH_ERR; goto cleanup; @@ -347,8 +347,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Credentials stash not pre-existing"); - asprintf(&ccache_name, "%s:%s", krb5_cc_get_type(pam_context, - ccache), krb5_cc_get_name(pam_context, ccache)); + asprintf(&ccache_name, "%s:%s", krb5_cc_get_type(krbctx, + ccache), krb5_cc_get_name(krbctx, ccache)); if (ccache_name == NULL) { PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_BUF_ERR; @@ -356,7 +356,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, } retval = pam_set_data(pamh, "ccache", ccache_name, cleanup_cache); if (retval != 0) { - krb5_cc_destroy(pam_context, ccache); + krb5_cc_destroy(krbctx, ccache); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; goto cleanup; @@ -365,21 +365,21 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Credentials stash saved"); cleanup: - krb5_free_cred_contents(pam_context, &creds); + krb5_free_cred_contents(krbctx, &creds); PAM_LOG("Done cleanup"); cleanup2: - krb5_free_principal(pam_context, princ); + krb5_free_principal(krbctx, princ); if (princ_name) free(princ_name); PAM_LOG("Done cleanup2"); cleanup3: - krb5_free_context(pam_context); + krb5_free_context(krbctx); PAM_LOG("Done cleanup3"); cleanup4: - verify_krb_v5_tgt_cleanup(pam_context, debug, + verify_krb_v5_tgt_cleanup(krbctx, debug, auth_service, auth_princ, auth_phost); PAM_LOG("Done cleanup4"); @@ -405,7 +405,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, #else krb5_error_code krbret; - krb5_context pam_context; + krb5_context krbctx; krb5_principal princ; krb5_creds creds; krb5_ccache ccache_temp, ccache_perm; @@ -446,7 +446,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Got user: %s", (const char *)user); - krbret = krb5_init_context(&pam_context); + krbret = krb5_init_context(&krbctx); if (krbret != 0) { PAM_LOG("Error krb5_init_context() failed"); return (PAM_SERVICE_ERR); @@ -465,9 +465,9 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, retval = PAM_CRED_UNAVAIL; goto cleanup3; } - krbret = krb5_cc_resolve(pam_context, cache_data, &ccache_temp); + krbret = krb5_cc_resolve(krbctx, cache_data, &ccache_temp); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_resolve(\"%s\")", (const char *)cache_data); retval = PAM_SERVICE_ERR; goto cleanup3; @@ -538,22 +538,22 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Got cache_name: %s", cache_name); /* Initialize the new ccache */ - krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ); + krbret = krb5_cc_get_principal(krbctx, ccache_temp, &princ); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_get_principal()"); retval = PAM_SERVICE_ERR; goto cleanup3; } - krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm); + krbret = krb5_cc_resolve(krbctx, cache_name, &ccache_perm); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, "Error krb5_cc_resolve()"); + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_resolve()"); retval = PAM_SERVICE_ERR; goto cleanup2; } - krbret = krb5_cc_initialize(pam_context, ccache_perm, princ); + krbret = krb5_cc_initialize(krbctx, ccache_perm, princ); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_initialize()"); retval = PAM_SERVICE_ERR; goto cleanup2; @@ -562,11 +562,11 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Cache initialised"); /* Prepare for iteration over creds */ - krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor); + krbret = krb5_cc_start_seq_get(krbctx, ccache_temp, &cursor); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_start_seq_get()"); - krb5_cc_destroy(pam_context, ccache_perm); + krb5_cc_destroy(krbctx, ccache_perm); retval = PAM_SERVICE_ERR; goto cleanup2; } @@ -574,28 +574,27 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Prepared for iteration"); /* Copy the creds (should be two of them) */ - while ((krbret = krb5_cc_next_cred(pam_context, ccache_temp, - &cursor, &creds) == 0)) { - krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds); + while (krb5_cc_next_cred(krbctx, ccache_temp, &cursor, &creds) == 0) { + krbret = krb5_cc_store_cred(krbctx, ccache_perm, &creds); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_store_cred()"); - krb5_cc_destroy(pam_context, ccache_perm); - krb5_free_cred_contents(pam_context, &creds); + krb5_cc_destroy(krbctx, ccache_perm); + krb5_free_cred_contents(krbctx, &creds); retval = PAM_SERVICE_ERR; goto cleanup2; } - krb5_free_cred_contents(pam_context, &creds); + krb5_free_cred_contents(krbctx, &creds); PAM_LOG("Iteration"); } - krb5_cc_end_seq_get(pam_context, ccache_temp, &cursor); + krb5_cc_end_seq_get(krbctx, ccache_temp, &cursor); PAM_LOG("Done iterating"); if (strstr(cache_name, "FILE:") == cache_name) { if (chown(&cache_name[5], pwd->pw_uid, pwd->pw_gid) == -1) { PAM_LOG("Error chown(): %s", strerror(errno)); - krb5_cc_destroy(pam_context, ccache_perm); + krb5_cc_destroy(krbctx, ccache_perm); retval = PAM_SERVICE_ERR; goto cleanup2; } @@ -603,21 +602,21 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, if (chmod(&cache_name[5], (S_IRUSR | S_IWUSR)) == -1) { PAM_LOG("Error chmod(): %s", strerror(errno)); - krb5_cc_destroy(pam_context, ccache_perm); + krb5_cc_destroy(krbctx, ccache_perm); retval = PAM_SERVICE_ERR; goto cleanup2; } PAM_LOG("Done chmod()"); } - krb5_cc_close(pam_context, ccache_perm); + krb5_cc_close(krbctx, ccache_perm); PAM_LOG("Cache closed"); retval = pam_setenv(pamh, "KRB5CCNAME", cache_name, 1); if (retval != PAM_SUCCESS) { PAM_LOG("Error pam_setenv(): %s", pam_strerror(pamh, retval)); - krb5_cc_destroy(pam_context, ccache_perm); + krb5_cc_destroy(krbctx, ccache_perm); retval = PAM_SERVICE_ERR; goto cleanup2; } @@ -625,10 +624,10 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, PAM_LOG("Environment done: KRB5CCNAME=%s", cache_name); cleanup2: - krb5_free_principal(pam_context, princ); + krb5_free_principal(krbctx, princ); PAM_LOG("Done cleanup2"); cleanup3: - krb5_free_context(pam_context); + krb5_free_context(krbctx); PAM_LOG("Done cleanup3"); seteuid(euid); @@ -651,7 +650,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, int argc __unused, const char *argv[] __unused) { krb5_error_code krbret; - krb5_context pam_context; + krb5_context krbctx; krb5_ccache ccache; krb5_principal princ; int retval; @@ -670,7 +669,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_LOG("Got credentials"); - krbret = krb5_init_context(&pam_context); + krbret = krb5_init_context(&krbctx); if (krbret != 0) { PAM_LOG("Error krb5_init_context() failed"); return (PAM_PERM_DENIED); @@ -678,20 +677,20 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_LOG("Context initialised"); - krbret = krb5_cc_resolve(pam_context, (const char *)ccache_name, &ccache); + krbret = krb5_cc_resolve(krbctx, (const char *)ccache_name, &ccache); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_resolve(\"%s\")", (const char *)ccache_name); - krb5_free_context(pam_context); + krb5_free_context(krbctx); return (PAM_PERM_DENIED); } PAM_LOG("Got ccache %s", (const char *)ccache_name); - krbret = krb5_cc_get_principal(pam_context, ccache, &princ); + krbret = krb5_cc_get_principal(krbctx, ccache, &princ); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_get_principal()"); retval = PAM_PERM_DENIED; goto cleanup; @@ -699,16 +698,16 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, PAM_LOG("Got principal"); - if (krb5_kuserok(pam_context, princ, (const char *)user)) + if (krb5_kuserok(krbctx, princ, (const char *)user)) retval = PAM_SUCCESS; else retval = PAM_PERM_DENIED; - krb5_free_principal(pam_context, princ); + krb5_free_principal(krbctx, princ); PAM_LOG("Done kuserok()"); cleanup: - krb5_free_context(pam_context); + krb5_free_context(krbctx); PAM_LOG("Done cleanup"); return (retval); @@ -723,7 +722,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc __unused, const char *argv[] __unused) { krb5_error_code krbret; - krb5_context pam_context; + krb5_context krbctx; krb5_creds creds; krb5_principal princ; krb5_get_init_creds_opt *opts; @@ -742,7 +741,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("Got user: %s", (const char *)user); - krbret = krb5_init_context(&pam_context); + krbret = krb5_init_context(&krbctx); if (krbret != 0) { PAM_LOG("Error krb5_init_context() failed"); return (PAM_SERVICE_ERR); @@ -751,9 +750,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("Context initialised"); /* Get principal name */ - krbret = krb5_parse_name(pam_context, (const char *)user, &princ); + krbret = krb5_parse_name(krbctx, (const char *)user, &princ); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_parse_name()"); retval = PAM_USER_UNKNOWN; goto cleanup3; @@ -761,9 +760,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* Now convert the principal name into something human readable */ princ_name = NULL; - krbret = krb5_unparse_name(pam_context, princ, &princ_name); + krbret = krb5_unparse_name(krbctx, princ, &princ_name); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_unparse_name()"); retval = PAM_SERVICE_ERR; goto cleanup2; @@ -779,9 +778,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("Got password"); /* Initialize credentials request options. */ - krbret = krb5_get_init_creds_opt_alloc(pam_context, &opts); + krbret = krb5_get_init_creds_opt_alloc(krbctx, &opts); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_get_init_creds_opt_alloc()"); PAM_VERBOSE_ERROR("Kerberos 5 error"); retval = PAM_SERVICE_ERR; @@ -791,11 +790,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, PAM_LOG("Credentials options initialised"); memset(&creds, 0, sizeof(krb5_creds)); - krbret = krb5_get_init_creds_password(pam_context, &creds, princ, + krbret = krb5_get_init_creds_password(krbctx, &creds, princ, pass, NULL, pamh, 0, "kadmin/changepw", opts); - krb5_get_init_creds_opt_free(pam_context, opts); + krb5_get_init_creds_opt_free(krbctx, opts); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_get_init_creds_password()"); retval = PAM_AUTH_ERR; goto cleanup2; @@ -821,11 +820,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = PAM_BUF_ERR; goto cleanup; } - krbret = krb5_set_password(pam_context, &creds, passdup, NULL, + krbret = krb5_set_password(krbctx, &creds, passdup, NULL, &result_code, &result_code_string, &result_string); free(passdup); if (krbret != 0) { - PAM_LOG_KRB5_ERR(pam_context, krbret, + PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_change_password()"); retval = PAM_AUTHTOK_ERR; goto cleanup; @@ -844,16 +843,16 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, free(result_code_string.data); cleanup: - krb5_free_cred_contents(pam_context, &creds); + krb5_free_cred_contents(krbctx, &creds); PAM_LOG("Done cleanup"); cleanup2: - krb5_free_principal(pam_context, princ); + krb5_free_principal(krbctx, princ); if (princ_name) free(princ_name); PAM_LOG("Done cleanup2"); cleanup3: - krb5_free_context(pam_context); + krb5_free_context(krbctx); PAM_LOG("Done cleanup3"); @@ -1017,17 +1016,17 @@ verify_krb_v5_tgt_cleanup(krb5_context context, int debug, static void cleanup_cache(pam_handle_t *pamh __unused, void *data, int pam_end_status __unused) { - krb5_context pam_context; + krb5_context krbctx; krb5_ccache ccache; krb5_error_code krbret; - if (krb5_init_context(&pam_context)) + if (krb5_init_context(&krbctx)) return; - krbret = krb5_cc_resolve(pam_context, data, &ccache); + krbret = krb5_cc_resolve(krbctx, data, &ccache); if (krbret == 0) - krb5_cc_destroy(pam_context, ccache); - krb5_free_context(pam_context); + krb5_cc_destroy(krbctx, ccache); + krb5_free_context(krbctx); free(data); }