Mercurial > illumos > illumos-gate
changeset 3924:4a2c8e3e6786
6531864 ktkt_warnd not warning after login
| author | gtb |
|---|---|
| date | Thu, 29 Mar 2007 14:09:44 -0700 |
| parents | ea8d153ef9ae |
| children | e4c224632211 |
| files | usr/src/lib/pam_modules/krb5/krb5_setcred.c |
| diffstat | 1 files changed, 33 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/pam_modules/krb5/krb5_setcred.c Thu Mar 29 09:50:09 2007 -0700 +++ b/usr/src/lib/pam_modules/krb5/krb5_setcred.c Thu Mar 29 14:09:44 2007 -0700 @@ -363,7 +363,7 @@ { krb5_error_code retval; krb5_creds creds; - krb5_creds *credsp = &creds; + krb5_creds *renewed_cred = NULL; char *client_name = NULL; typedef struct _cred_node { krb5_creds *creds; @@ -383,9 +383,9 @@ if ((retval = krb5_unparse_name(kmd->kcontext, me, &client_name)) != 0) return (retval); - (void) memset((char *)credsp, 0, sizeof (krb5_creds)); + (void) memset(&creds, 0, sizeof (krb5_creds)); if ((retval = krb5_copy_principal(kmd->kcontext, - server, &credsp->server))) { + server, &creds.server))) { if (kmd->debug) __pam_log(LOG_AUTH | LOG_DEBUG, "PAM-KRB5 (setcred): krb5_copy_principal " @@ -396,7 +396,7 @@ /* obtain ticket & session key */ retval = krb5_cc_get_principal(kmd->kcontext, - kmd->ccache, &credsp->client); + kmd->ccache, &creds.client); if (retval && (kmd->debug)) __pam_log(LOG_AUTH | LOG_DEBUG, "PAM-KRB5 (setcred): User not in cred " @@ -445,7 +445,7 @@ creds.times.endtime = my_creds.times.endtime; creds.times.renew_till = my_creds.times.renew_till; if ((retval = krb5_get_credentials_renew(kmd->kcontext, 0, - kmd->ccache, &creds, &credsp))) { + kmd->ccache, &creds, &renewed_cred))) { if (kmd->debug) __pam_log(LOG_AUTH | LOG_DEBUG, "PAM-KRB5 (setcred): krb5_get_credentials", @@ -543,7 +543,7 @@ */ if (found && (retval = krb5_get_credentials_renew(kmd->kcontext, - 0, kmd->ccache, &creds, &credsp))) { + 0, kmd->ccache, &creds, &renewed_cred))) { if (kmd->debug) __pam_log(LOG_AUTH | LOG_DEBUG, "PAM-KRB5 (setcred): krb5_get_credentials" @@ -626,7 +626,8 @@ "PAM-KRB5 (setcred): Unable to " "find matching uid/gid pair for user `%s'", username); - return (KRB5KRB_ERR_GENERIC); + retval = KRB5KRB_ERR_GENERIC; + goto error; } if (!(filepath = strchr(kmd->env, ':')) || !(filepath+1)) { @@ -634,7 +635,8 @@ "PAM-KRB5 (setcred): Invalid pathname " "for credential cache of user `%s'", username); - return (KRB5KRB_ERR_GENERIC); + retval = KRB5KRB_ERR_GENERIC; + goto error; } if (chown(filepath+1, uuid, ugid)) { if (kmd->debug) @@ -646,17 +648,32 @@ free(username); } + } - if (creds.times.endtime != 0) { - kwarn_del_warning(client_name); - if (kwarn_add_warning(client_name, - creds.times.endtime) != 0) { - __pam_log(LOG_AUTH | LOG_NOTICE, - "PAM-KRB5 (auth): kwarn_add_warning" - " failed: ktkt_warnd(1M) down?"); - } +error: + if (retval == 0) { + krb5_timestamp endtime; + + if (renewed_cred && renewed_cred->times.endtime != 0) + endtime = renewed_cred->times.endtime; + else + endtime = my_creds.times.endtime; + + if (kmd->debug) + __pam_log(LOG_AUTH | LOG_DEBUG, + "PAM-KRB5 (setcred): delete/add warning"); + + kwarn_del_warning(client_name); + if (kwarn_add_warning(client_name, endtime) != 0) { + __pam_log(LOG_AUTH | LOG_NOTICE, + "PAM-KRB5 (setcred): kwarn_add_warning" + " failed: ktkt_warnd(1M) down?"); } } + + if (renewed_cred != NULL) + krb5_free_creds(kmd->kcontext, renewed_cred); + if (client_name != NULL) free(client_name);