105 	krb5_module_data_t	*kmd = NULL;
135 	err = pam_get_data(pamh, KRB5_DATA, (const void**)&kmd);
146 	if (kmd != NULL) {
147 		if (++(kmd->auth_calls) > 2) {
150 			 * stack.  Clear out the current kmd and proceed as if
156 				    " two times, clearing kmd");
158 			/* clear out/free current kmd */
161 				krb5_cleanup(pamh, kmd, err);
165 			kmd = NULL;
166 		} else if (kmd->auth_calls == 2 &&
167 		    kmd->auth_status == PAM_SUCCESS) {
211 	if (kmd == NULL) {
212 		kmd = calloc(1, sizeof (krb5_module_data_t));
213 		if (kmd == NULL) {
218 		err = pam_set_data(pamh, KRB5_DATA, kmd, &krb5_cleanup);
220 			free(kmd);
226 	if (!kmd->env) {
237 		kmd->env = strdup(buffer);
238 		if (!kmd->env) {
242 			if (putenv(kmd->env)) {
249 	if (kmd->user != NULL)
250 		free(kmd->user);
251 	if ((kmd->user = strdup(user)) == NULL) {
256 	kmd->auth_status = PAM_AUTH_ERR;
257 	kmd->debug = debug;
258 	kmd->warn = warn;
259 	kmd->err_on_exp = err_on_exp;
260 	kmd->ccache = NULL;
261 	kmd->kcontext = NULL;
262 	kmd->password = NULL;
263 	kmd->age_status = PAM_SUCCESS;
264 	(void) memset((char *)&kmd->initcreds, 0, sizeof (krb5_creds));
265 	kmd->auth_calls = 1;
266 	kmd->preauth_type = do_pkinit ? KRB_PKINIT : KRB_PASSWD;
270 	 * Now that we've created the kmd structure, we can
271 	 * return SUCCESS.  'kmd' may be needed later by other
298 				kmd->auth_status = PAM_SUCCESS;
323 	result = attempt_krb5_auth(pamh, kmd, user, &password, 1);
326 	if (kmd) {
332 			    result, kmd->env ? kmd->env : "<null>",
333 			    kmd->age_status, kmd->auth_status);
335 		if (kmd->env &&
336 		    !(kmd->age_status == PAM_NEW_AUTHTOK_REQD &&
337 		    kmd->auth_status == PAM_SUCCESS)) {
346 				if ((result = pam_putenv(pamh, kmd->env))
359 				free(kmd->env);
360 				kmd->env = NULL;
363 		kmd->auth_status = result;
502 	krb5_module_data_t	*kmd,
533 	if (kmd->debug)
539 	if (code = krb5_init_secure_context(&kmd->kcontext)) {
547 	if ((code = get_kmd_kuser(kmd->kcontext, (const char *)user, kuser,
553 	if ((code = krb5_parse_name(kmd->kcontext, kuser, &me)) != 0) {
554 		krb5_free_context(kmd->kcontext);
555 		kmd->kcontext = NULL;
560 	my_creds = &kmd->initcreds;
563 	    krb5_copy_principal(kmd->kcontext, me, &my_creds->client))) {
569 	if (code = krb5_build_principal_ext(kmd->kcontext, &server,
570 	    krb5_princ_realm(kmd->kcontext, me)->length,
571 	    krb5_princ_realm(kmd->kcontext, me)->data,
573 	    krb5_princ_realm(kmd->kcontext, me)->length,
574 	    krb5_princ_realm(kmd->kcontext, me)->data, 0)) {
583 	if (code = krb5_copy_principal(kmd->kcontext, server,
590 	if (code = krb5_timeofday(kmd->kcontext, &now)) {
612 	krb_realm = krb5_princ_realm(kmd->kcontext, me)->data;
613 	profile_get_options_boolean(kmd->kcontext->profile,
615 	profile_get_options_boolean(kmd->kcontext->profile,
617 	profile_get_options_string(kmd->kcontext->profile,
619 	profile_get_options_string(kmd->kcontext->profile,
653 	code = krb5_get_init_creds_opt_alloc(kmd->kcontext, &opts);
665 		if (kmd->debug)
672 		if (kmd->debug)
679 		if (kmd->debug)
686 		if (kmd->debug)
702 	if (kmd->preauth_type == KRB_PKINIT) {
722 				    kmd->kcontext, opts, "PIN", *krb5_pass);
727 				    kmd->kcontext,
767 			code = __krb5_get_init_creds_password(kmd->kcontext,
780 	if (kmd->debug)
798 			code = krb5_verify_init_creds(kmd->kcontext,
813 				if (krb5_sname_to_principal(kmd->kcontext, NULL,
819 				if (krb5_kt_default_name(kmd->kcontext, kt_name,
852 					krb5_free_principal(kmd->kcontext, sp);
857 			kmd->expiration = as_reply->enc_part2->key_exp;
868 		if (kmd->debug)
886 		if (!kmd->err_on_exp) {
896 				    kmd->debug);
897 				if (kmd->debug) {
908 					kmd->age_status = PAM_NEW_AUTHTOK_REQD;
917 		if (kmd->debug)
935 		    !(kmd->password = strdup(*krb5_pass))) {
949 	if (kmd->debug)
954 	krb5_free_cred_contents(kmd->kcontext, &kmd->initcreds);
955 	(void) memset((char *)&kmd->initcreds, 0, sizeof (krb5_creds));
959 		krb5_free_principal(kmd->kcontext, server);
961 		krb5_free_principal(kmd->kcontext, me);
963 		krb5_free_kdc_rep(kmd->kcontext, as_reply);
975 		krb5_free_principal(kmd->kcontext, clientp);
977 		krb5_free_principal(kmd->kcontext, serverp);
979 	if (kmd->kcontext) {
980 		krb5_free_context(kmd->kcontext);
981 		kmd->kcontext = NULL;
984 		krb5_get_init_creds_opt_free(kmd->kcontext, opts);
986 	if (kmd->debug)
991 	return (kmd->auth_status = result);
998 	krb5_module_data_t *kmd = (krb5_module_data_t *)data;
1000 	if (kmd == NULL)
1003 	if (kmd->debug) {
1006 		    kmd->auth_status);
1013 	if (kmd->ccache)
1014 		(void) krb5_cc_close(kmd->kcontext, kmd->ccache);
1016 	if (kmd->password) {
1017 		(void) memset(kmd->password, 0, strlen(kmd->password));
1018 		free(kmd->password);
1021 	if (kmd->user)
1022 		free(kmd->user);
1024 	if (kmd->env)
1025 		free(kmd->env);
1027 	krb5_free_cred_contents(kmd->kcontext, &kmd->initcreds);
1028 	(void) memset((char *)&kmd->initcreds, 0, sizeof (krb5_creds));
1030 	free(kmd);

Indexes created Tue Jul 24 14:28:13 CEST 2018