74 	krb5_module_data_t	*kmd = NULL;
109 	if (pam_get_data(pamh, KRB5_DATA, (const void**)&kmd) != PAM_SUCCESS) {
112 			    "PAM-KRB5 (setcred): kmd get failed, kmd=0x%p",
113 			    kmd);
122 			    "PAM-KRB5 (setcred): inst kmd structure");
124 			kmd = calloc(1, sizeof (krb5_module_data_t));
126 			if (kmd == NULL)
135 			kmd->auth_status = PAM_AUTHINFO_UNAVAIL;
138 			    kmd, &krb5_cleanup)) != PAM_SUCCESS) {
139 				free(kmd);
154 		if (kmd == NULL) {
157 				    "PAM-KRB5 (setcred): kmd structure"
166 			    "PAM-KRB5 (setcred): kmd auth_status: %s",
167 			    pam_strerror(pamh, kmd->auth_status));
172 		if (kmd->auth_status == PAM_IGNORE) {
178 	kmd->debug = debug;
185 	    (kmd->auth_status != PAM_SUCCESS)) {
186 		if (kmd->debug)
194 	 * We cannot assume that kmd->kcontext being non-NULL
200 	if (kmd->kcontext != NULL && kmd->debug)
208 	if (kmd->user != NULL)
209 		user = kmd->user;
246 		err = attempt_refresh_cred(kmd, user, PAM_REINITIALIZE_CRED);
248 		err = attempt_refresh_cred(kmd, user, PAM_REFRESH_CRED);
250 		err = attempt_delete_initcred(kmd);
255 		err = attempt_refresh_cred(kmd, user, PAM_ESTABLISH_CRED);
264 	if (kmd && kmd->kcontext) {
270 		krb5_free_context(kmd->kcontext);
271 		kmd->kcontext = NULL;
275 	 * 'kmd' is not freed here, it is handled in krb5_cleanup
286 	krb5_module_data_t	*kmd,
301 	if (krb5_init_secure_context(&kmd->kcontext) != 0) {
302 		if (kmd->debug)
309 	if (krb5_cc_default(kmd->kcontext, &kmd->ccache) != 0) {
313 	if ((code = get_kmd_kuser(kmd->kcontext, (const char *)user, kuser,
318 	if (krb5_parse_name(kmd->kcontext, kuser, &me) != 0) {
322 	if (code = krb5_build_principal_ext(kmd->kcontext, &server,
323 	    krb5_princ_realm(kmd->kcontext, me)->length,
324 	    krb5_princ_realm(kmd->kcontext, me)->data,
326 	    krb5_princ_realm(kmd->kcontext, me)->length,
327 	    krb5_princ_realm(kmd->kcontext, me)->data, 0)) {
328 		krb5_free_principal(kmd->kcontext, me);
332 	code = krb5_renew_tgt(kmd, me, server, flag);
334 	krb5_free_principal(kmd->kcontext, server);
335 	krb5_free_principal(kmd->kcontext, me);
338 		if (kmd->debug)
362 	krb5_module_data_t *kmd,
373 #define	my_creds	(kmd->initcreds)
381 	if ((retval = krb5_unparse_name(kmd->kcontext, me, &client_name)) != 0)
385 	if ((retval = krb5_copy_principal(kmd->kcontext,
387 		if (kmd->debug)
396 	retval = krb5_cc_get_principal(kmd->kcontext,
397 	    kmd->ccache, &creds.client);
398 	if (retval && (kmd->debug))
418 	if (kmd->auth_status == PAM_SUCCESS) {
423 		if ((retval = krb5_cc_initialize(kmd->kcontext,
424 		    kmd->ccache, me)) != 0) {
429 		} else if ((retval = krb5_cc_store_cred(kmd->kcontext,
430 		    kmd->ccache, &my_creds)) != 0) {
442 		if (retval = krb5_get_credentials_renew(kmd->kcontext,
443 		    0, kmd->ccache, &creds, &renewed_cred)) {
444 			if (kmd->debug) {
474 		if (!kmd->env || strstr(kmd->env, "FILE:")) {
500 			if (!kmd->env) {
514 				kmd->env = strdup(buffer);
515 				if (!kmd->env) {
519 					if (putenv(kmd->env)) {
527 			 * We know at this point that kmd->env must start
532 			filepath = strchr(kmd->env, ':');
546 				if (kmd->debug)
564 		if (kmd->debug)
582 		krb5_free_creds(kmd->kcontext, renewed_cred);
590 	krb5_free_cred_contents(kmd->kcontext, &creds);
599 attempt_delete_initcred(krb5_module_data_t *kmd)
601 	if (kmd == NULL)
604 	if (kmd->debug) {
609 	krb5_free_cred_contents(kmd->kcontext, &kmd->initcreds);
610 	(void) memset((char *)&kmd->initcreds, 0, sizeof (krb5_creds));
611 	kmd->auth_status = PAM_AUTHINFO_UNAVAIL;

Indexes created Wed Jul 03 21:38:27 MDT 2024