Codebase list libpam-krb5 / f0293f1
Import upstream 2.3 release. Russ Allbery 17 years ago
16 changed file(s) with 159 addition(s) and 41 deletion(s). Raw diff Collapse all Expand all
+25
-0
CHANGES less more
0 85 Russ Allbery 2006-09-03
1 Release 2.3.
2
3 84 Russ Allbery 2006-09-03
4 Fix the interface between the Kerberos prompting function and the
5 PAM conversation function on Linux. Prior to this fix, the PAM module
6 would only work on Solaris if Kerberos passed multiple prompts, which
7 happens when an account requires a password change. Solaris and Linux
8 PAM implementations expect a different structure of pam_message
9 structs in the conversation function; use a workaround to cater to
10 both of them. Based on a patch by Joachim Keltsch.
11
12 83 Russ Allbery 2006-08-29
13 Minor comment fixes.
14
15 82 Russ Allbery 2006-08-29
16 Implement retain_after_close, which specifies that the PAM module
17 should never destroy the user's ticket cache, even on session end.
18
19 81 Russ Allbery 2006-08-29
20 Adjust for the differences in Solaris's PAM libraries: Include
21 pam_appl.h everywhere for structure and type definitions, and add
22 portability workarounds for the return statuses missing from the
23 Solaris implementation.
24
025 80 Russ Allbery 2006-08-28
126 Release 2.2.
227
+18
-0
NEWS less more
00 User-Visible pam-krb5 Changes
1
2 pam-krb5 2.3 (2006-09-03)
3
4 Fix the interface between the Kerberos prompting function and the
5 PAM conversation function on Linux. Prior to this fix, the PAM module
6 would only work on Solaris if Kerberos passed multiple prompts, which
7 happens when an account requires a password change. Solaris and Linux
8 PAM implementations expect a different structure of pam_message
9 structs in the conversation function; use a workaround to cater to
10 both of them. Based on a patch by Joachim Keltsch.
11
12 Implement retain_after_close, which specifies that the PAM module
13 should never destroy the user's ticket cache, even on session end.
14
15 Adjust for the differences in Solaris's PAM libraries: Include
16 pam_appl.h everywhere for structure and type definitions, and add
17 portability workarounds for the return statuses missing from the
18 Solaris implementation.
119
220 pam-krb5 2.2 (2006-08-28)
321
+1
-1
README less more
0 pam-krb5 2.2
0 pam-krb5 2.3
11 (PAM module for Kerberos v5 authentication)
22
33 Originally written by Frank Cusack
+0
-4
TODO less more
1111 the user is authenticating to.
1212
1313 * Diagnose unknown options to the PAM module. Currently, they're ignored.
14
15 * Try to support Solaris as well. I don't know how close the module is
16 to just working and how much the Solaris PAM setup differs from Linux.
17 (HP-UX is probably not worth the effort.)
+9
-9
configure less more
00 #! /bin/sh
11 # Guess values for system-dependent variables and create Makefiles.
2 # Generated by GNU Autoconf 2.60 for pam-krb5 2.2.
2 # Generated by GNU Autoconf 2.60 for pam-krb5 2.3.
33 #
44 # Report bugs to <rra@stanford.edu>.
55 #
558558 # Identity of this package.
559559 PACKAGE_NAME='pam-krb5'
560560 PACKAGE_TARNAME='pam-krb5'
561 PACKAGE_VERSION='2.2'
562 PACKAGE_STRING='pam-krb5 2.2'
561 PACKAGE_VERSION='2.3'
562 PACKAGE_STRING='pam-krb5 2.3'
563563 PACKAGE_BUGREPORT='rra@stanford.edu'
564564
565565 # Factoring default headers for most tests.
11721172 # Omit some internal or obsolete options to make the list less imposing.
11731173 # This message is too long to be a string in the A/UX 3.1 sh.
11741174 cat <<_ACEOF
1175 \`configure' configures pam-krb5 2.2 to adapt to many kinds of systems.
1175 \`configure' configures pam-krb5 2.3 to adapt to many kinds of systems.
11761176
11771177 Usage: $0 [OPTION]... [VAR=VALUE]...
11781178
12371237
12381238 if test -n "$ac_init_help"; then
12391239 case $ac_init_help in
1240 short | recursive ) echo "Configuration of pam-krb5 2.2:";;
1240 short | recursive ) echo "Configuration of pam-krb5 2.3:";;
12411241 esac
12421242 cat <<\_ACEOF
12431243
13261326 test -n "$ac_init_help" && exit $ac_status
13271327 if $ac_init_version; then
13281328 cat <<\_ACEOF
1329 pam-krb5 configure 2.2
1329 pam-krb5 configure 2.3
13301330 generated by GNU Autoconf 2.60
13311331
13321332 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
13401340 This file contains any messages produced by compilers while
13411341 running configure, to aid debugging if configure makes a mistake.
13421342
1343 It was created by pam-krb5 $as_me 2.2, which was
1343 It was created by pam-krb5 $as_me 2.3, which was
13441344 generated by GNU Autoconf 2.60. Invocation command line was
13451345
13461346 $ $0 $@
57315731 # report actual input values of CONFIG_FILES etc. instead of their
57325732 # values after options handling.
57335733 ac_log="
5734 This file was extended by pam-krb5 $as_me 2.2, which was
5734 This file was extended by pam-krb5 $as_me 2.3, which was
57355735 generated by GNU Autoconf 2.60. Invocation command line was
57365736
57375737 CONFIG_FILES = $CONFIG_FILES
57805780 _ACEOF
57815781 cat >>$CONFIG_STATUS <<_ACEOF
57825782 ac_cs_version="\\
5783 pam-krb5 config.status 2.2
5783 pam-krb5 config.status 2.3
57845784 configured by $0, generated by GNU Autoconf 2.60,
57855785 with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
57865786
+1
-1
configure.ac less more
00 dnl Process this file with Autoconf to produce a configure script.
11
22 AC_PREREQ(2.57)
3 AC_INIT([pam-krb5], [2.2], [rra@stanford.edu])
3 AC_INIT([pam-krb5], [2.3], [rra@stanford.edu])
44
55 m4_include([m4/krb5.m4])
66
+7
-0
context.c less more
88
99 #include "config.h"
1010
11 #include <security/pam_appl.h>
1112 #include <security/pam_modules.h>
1213 #include <stdlib.h>
1314 #include <string.h>
1415
1516 #include "pam_krb5.h"
17
18 /* Solaris doesn't have these. */
19 #ifndef PAM_CONV_AGAIN
20 # define PAM_CONV_AGAIN 0
21 # define PAM_INCOMPLETE PAM_SERVICE_ERR
22 #endif
1623
1724 /*
1825 * Create a new context and populate it with the user and service from PAM and
+4
-0
options.c less more
9999 free(args->renew_lifetime);
100100 args->renew_lifetime = NULL;
101101 }
102 krb5_appdefault_boolean(c, "pam", args->realm_data,
103 "retain_after_close", 0, &args->retain);
102104 krb5_appdefault_boolean(c, "pam", args->realm_data, "search_k5login",
103105 0, &args->search_k5login);
104106 if (local_context)
141143 free(args->renew_lifetime);
142144 args->renew_lifetime = strdup(&argv[i][strlen("renew_lifetime=")]);
143145 }
146 else if (strcmp(argv[i], "retain_after_close") == 0)
147 args->retain = 1;
144148 else if (strcmp(argv[i], "search_k5login") == 0)
145149 args->search_k5login = 1;
146150 else if (strcmp(argv[i], "try_first_pass") == 0)
+16
-1
pam_krb5.5 less more
128128 .\" ========================================================================
129129 .\"
130130 .IX Title "PAM_KRB5 5"
131 .TH PAM_KRB5 5 "2006-08-28" "2.2" "PAM Modules"
131 .TH PAM_KRB5 5 "2006-09-03" "2.3" "PAM Modules"
132132 .SH "NAME"
133133 pam_krb5 \- Kerberos v5 PAM module
134134 .SH "SYNOPSIS"
395395 .Sp
396396 This option can be set in \fIkrb5.conf\fR and is only applicable to the auth
397397 group.
398 .IP "retain_after_close" 4
399 .IX Item "retain_after_close"
400 Normally, the user's ticket cache is destroyed when either \fIpam_end()\fR or
401 \&\fIpam_close_session()\fR is called by the authenticating application so that
402 ticket caches aren't left behind after the user logs out. In some cases,
403 however, this isn't desireable. (On Solaris 8, for instance, the default
404 behavior means login will destroy the ticket cache before running the
405 user's shell.) If this option is set, the \s-1PAM\s0 module will never destroy
406 the user's ticket cache. If you set this, you may want to call
407 \&\fBkdestroy\fR in the shell's logout configuration or run a temporary file
408 removal program to avoid accumulating hundreds of ticket caches in
409 \&\fI/tmp\fR.
410 .Sp
411 This option can be set in \fIkrb5.conf\fR and is only applicable to the auth
412 and session groups.
398413 .IP "search_k5login" 4
399414 .IX Item "search_k5login"
400415 Normally, the Kerberos implementation of pam_authenticate attempts to
+2
-0
pam_krb5.h less more
99 #include "config.h"
1010
1111 #include <krb5.h>
12 #include <security/pam_appl.h>
1213 #include <security/pam_modules.h>
1314 #include <stdarg.h>
1415
2728 int no_ccache; /* Don't create a ticket cache. */
2829 char *realm; /* Default realm. */
2930 char *renew_lifetime; /* Renewable lifetime of credentials. */
31 int retain; /* Don't destroy the cache on session end. */
3032 int search_k5login; /* Try password with each line of .k5login. */
3133 int try_first_pass; /* Try the previously entered password. */
3234 int use_authtok; /* Require a previous password be used. */
+16
-0
pam_krb5.pod less more
283283
284284 This option can be set in F<krb5.conf> and is only applicable to the auth
285285 group.
286
287 =item retain_after_close
288
289 Normally, the user's ticket cache is destroyed when either pam_end() or
290 pam_close_session() is called by the authenticating application so that
291 ticket caches aren't left behind after the user logs out. In some cases,
292 however, this isn't desireable. (On Solaris 8, for instance, the default
293 behavior means login will destroy the ticket cache before running the
294 user's shell.) If this option is set, the PAM module will never destroy
295 the user's ticket cache. If you set this, you may want to call
296 B<kdestroy> in the shell's logout configuration or run a temporary file
297 removal program to avoid accumulating hundreds of ticket caches in
298 F</tmp>.
299
300 This option can be set in F<krb5.conf> and is only applicable to the auth
301 and session groups.
286302
287303 =item search_k5login
288304
+1
-0
pam_krb5_acct.c less more
99
1010 #include "config.h"
1111
12 #include <security/pam_appl.h>
1213 #include <security/pam_modules.h>
1314
1415 #include "pam_krb5.h"
+4
-5
pam_krb5_auth.c less more
119119 if (pamret != PAM_SUCCESS)
120120 goto done;
121121
122 /*
123 * Check .k5login, and if everything is fine, tell pam_sm_setcred where
124 * the ticket cache is.
125 */
122 /* Check .k5login. */
126123 pamret = pamk5_validate_auth(ctx, args);
127124 if (pamret != PAM_SUCCESS)
128125 goto done;
230227
231228 /*
232229 * Create a new context for a session if we've lost the context created during
233 * authentication (such as when running under OpenSSH.
230 * authentication (such as when running under OpenSSH).
234231 */
235232 static int
236233 create_session_context(struct pam_args *args, pam_handle_t *pamh,
507504 ctx->cache = cache;
508505 cache = NULL;
509506 ctx->initialized = 1;
507 if (args->retain)
508 ctx->dont_destroy_cache = 1;
510509
511510 done:
512511 if (cache != NULL)
+4
-0
pam_krb5_pass.c less more
2626 #include <string.h>
2727
2828 #include "pam_krb5.h"
29
30 #ifndef PAM_AUTHTOK_RECOVER_ERR
31 # define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_ERR
32 #endif
2933
3034
3135 /*
+1
-0
pam_krb5_sess.c less more
1717
1818 #include "config.h"
1919
20 #include <security/pam_appl.h>
2021 #include <security/pam_modules.h>
2122
2223 #include "pam_krb5.h"
+50
-20
prompting.c less more
77
88 #include <errno.h>
99 #include <krb5.h>
10 #include <security/pam_appl.h>
1011 #include <security/pam_modules.h>
1112 #include <stdio.h>
1213 #include <stdlib.h>
5051 int pam_prompts = num_prompts;
5152 int pamret, i;
5253 int retval = KRB5KRB_ERR_GENERIC;
53 struct pam_message *msg;
54 struct pam_message **msg;
5455 struct pam_response *resp = NULL;
5556 struct pam_conv *conv;
5657 pam_handle_t *pamh = (pam_handle_t *) data;
6667 if (banner != NULL)
6768 pam_prompts++;
6869
69 /* Allocate memory to copy all of the prompts into a pam_message. */
70 msg = calloc(sizeof(struct pam_message) * pam_prompts, 1);
70 /*
71 * Allocate memory to copy all of the prompts into a pam_message.
72 *
73 * Linux PAM and Solaris PAM expect different things here. Solaris PAM
74 * expects to receive a pointer to a pointer to an array of pam_message
75 * structs. Linux PAM expects to receive a pointer to an array of
76 * pointers to pam_message structs. In order for the module to work with
77 * either PAM implementation, we need to set up a structure that is valid
78 * either way you look at it.
79 *
80 * We do this by making msg point to the array of struct pam_message
81 * pointers (what Linux PAM expects), and then make the first one of those
82 * pointers point to the array of pam_message structs. Solaris will then
83 * be happy, looking at only the first element of the outer array and
84 * finding it pointing to the inner array. Then, for Linux, we point the
85 * other elements of the outer array to the storage allocated in the inner
86 * array.
87 *
88 * All this also means we have to be careful how we free the resulting
89 * structure since it's double-linked in a subtle way. Thankfully, we get
90 * to free it ourselves.
91 */
92 msg = calloc(pam_prompts, sizeof(struct pam_message *));
7193 if (msg == NULL)
7294 return ENOMEM;
95 *msg = calloc(pam_prompts, sizeof(struct pam_message));
96 if (*msg == NULL) {
97 free(msg);
98 return ENOMEM;
99 }
100 for (i = 1; i < pam_prompts; i++)
101 msg[i] = msg[0] + i;
73102
74103 /* From this point on, pam_prompts is an index into msg. */
75104 pam_prompts = 0;
76105 if (name != NULL) {
77 msg[pam_prompts].msg = malloc(strlen(name) + 1);
78 if (msg[pam_prompts].msg == NULL)
106 msg[pam_prompts]->msg = malloc(strlen(name) + 1);
107 if (msg[pam_prompts]->msg == NULL)
79108 goto cleanup;
80 strcpy((char *) msg[pam_prompts].msg, name);
81 msg[pam_prompts].msg_style = PAM_TEXT_INFO;
109 strcpy((char *) msg[pam_prompts]->msg, name);
110 msg[pam_prompts]->msg_style = PAM_TEXT_INFO;
82111 pam_prompts++;
83112 }
84113 if (banner != NULL) {
85 msg[pam_prompts].msg = malloc(strlen(banner) + 1);
86 if (msg[pam_prompts].msg == NULL)
114 msg[pam_prompts]->msg = malloc(strlen(banner) + 1);
115 if (msg[pam_prompts]->msg == NULL)
87116 goto cleanup;
88 strcpy((char *) msg[pam_prompts].msg, banner);
89 msg[pam_prompts].msg_style = PAM_TEXT_INFO;
117 strcpy((char *) msg[pam_prompts]->msg, banner);
118 msg[pam_prompts]->msg_style = PAM_TEXT_INFO;
90119 pam_prompts++;
91120 }
92121 for (i = 0; i < num_prompts; i++) {
93 msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
94 if (msg[pam_prompts].msg == NULL)
122 msg[pam_prompts]->msg = malloc(strlen(prompts[i].prompt) + 3);
123 if (msg[pam_prompts]->msg == NULL)
95124 goto cleanup;
96 sprintf((char *) msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
97 msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
98 : PAM_PROMPT_ECHO_ON;
125 sprintf((char *) msg[pam_prompts]->msg, "%s: ", prompts[i].prompt);
126 msg[pam_prompts]->msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
127 : PAM_PROMPT_ECHO_ON;
99128 pam_prompts++;
100129 }
101130
102131 /* Call into the application conversation function. */
103 pamret = conv->conv(pam_prompts, (const struct pam_message **) &msg,
132 pamret = conv->conv(pam_prompts, (const struct pam_message **) msg,
104133 &resp, conv->appdata_ptr);
105134 if (pamret != 0)
106135 goto cleanup;
138167
139168 cleanup:
140169 for (i = 0; i < pam_prompts; i++) {
141 if (msg[i].msg != NULL)
142 free((char *) msg[i].msg);
170 if (msg[i]->msg != NULL)
171 free((char *) msg[i]->msg);
143172 }
173 free(*msg);
144174 free(msg);
145175
146176 /*
148178 * It's not clear if I should free it, or if the application has to.
149179 * Therefore most (all?) apps won't free it, and I can't either, as I am
150180 * not sure it was malloced. All PAM implementations I've seen leak
151 * memory here. Not so bad, IFF you fork/exec for each PAM authentication
181 * memory here. Not so bad iff you fork/exec for each PAM authentication
152182 * (as is typical).
153183 */
154184 if (resp != NULL)