File pam_krb5-2.3.1-post.dif of Package pam_krb5
Index: src/v5.c
===================================================================
--- src/v5.c.orig
+++ src/v5.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2003,2004,2005,2006,2007 Red Hat, Inc.
+ * Copyright 2003,2004,2005,2006,2007,2008 Red Hat, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -889,11 +889,19 @@ v5_get_creds(krb5_context ctx,
tmpcreds.server = service_principal;
i = krb5_cc_retrieve_cred(ctx, ccache, 0,
&tmpcreds, creds);
- /* FIXME: check if the creds are expired?
- * What's the right error code if we check, and
- * they are? */
memset(&tmpcreds, 0, sizeof(tmpcreds));
krb5_cc_close(ctx, ccache);
+ switch (v5_validate(ctx, creds, options)) {
+ case 0:
+ /* we're fine */
+ break;
+ default:
+ /* something (anything) went wrong --
+ * discard them */
+ krb5_free_cred_contents(ctx, creds);
+ i = KRB5KRB_ERR_GENERIC;
+ break;
+ }
} else {
warn("error opening default ccache");
i = KRB5_CC_NOTFOUND;
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -360,6 +360,18 @@ if test x$keyutils != xno ; then
AC_SUBST(KEYUTILS_LIBS)
fi
+AC_MSG_CHECKING(whether to link directly with libpam)
+AC_ARG_WITH(libpam,
+[AC_HELP_STRING(--without-libpam,[Refrain from linking directly with libpam.])],
+ [with_libpam=$withval],
+ [with_libpam=yes])
+if test "$with_libpam" != no ; then
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+AM_CONDITIONAL(WITH_DIRECT_LIBPAM,test "$with_libpam" != no)
+
AC_ARG_ENABLE(default-realm,AC_HELP_STRING([--enable-default-realm=REALM],[last-ditch fallback realm (default is EXAMPLE.COM)]),default_realm=$enableval,default_realm=EXAMPLE.COM)
AC_DEFINE_UNQUOTED(DEFAULT_REALM,"$default_realm",[Define to the realm name which will be used if no realm is given as a parameter and none is given in krb5.conf.])
AC_MSG_RESULT([Using "$default_realm" as the default realm.])
Index: src/Makefile.am
===================================================================
--- src/Makefile.am.orig
+++ src/Makefile.am
@@ -21,6 +21,12 @@ man_MANS += afs5log.1
noinst_PROGRAMS += pagsh
endif
+if WITH_DIRECT_LIBPAM
+DIRECT_LIBPAM = -lpam
+else
+DIRECT_LIBPAM =
+endif
+
libpam_krb5_la_SOURCES = \
conv.c \
conv.h \
@@ -47,7 +53,7 @@ libpam_krb5_la_SOURCES = \
v5.h
pam_krb5_la_LDFLAGS = -avoid-version -export-dynamic -module -export-symbols-regex 'pam_sm.*' @SYMBOLIC_LINKER_FLAG@
-pam_krb5_la_LIBADD = libpam_krb5.la @KRB5_LIBS@ @KRB4_LIBS@ @KEYUTILS_LIBS@
+pam_krb5_la_LIBADD = libpam_krb5.la @KRB5_LIBS@ @KRB4_LIBS@ @KEYUTILS_LIBS@ $(DIRECT_LIBPAM)
pam_krb5_la_SOURCES = \
initopts.c \
initopts.h \
Index: src/options.c
===================================================================
--- src/options.c.orig
+++ src/options.c
@@ -105,7 +105,8 @@ option_b(int argc, PAM_KRB5_MAYBE_CONST
ret = -1;
/* configured service yes */
- if ((ret == -1) && (service != NULL) && (strlen(service) > 0)) {
+ if ((ret == -1) && (realm != NULL) &&
+ (service != NULL) && (strlen(service) > 0)) {
list = option_l(argc, argv, ctx, realm, s, "");
for (i = 0; ((list != NULL) && (list[i] != NULL)); i++) {
if (strcmp(list[i], service) == 0) {
@@ -116,7 +117,8 @@ option_b(int argc, PAM_KRB5_MAYBE_CONST
}
/* configured service no */
- if ((ret == -1) && (service != NULL) && (strlen(service) > 0)) {
+ if ((ret == -1) && (realm != NULL) &&
+ (service != NULL) && (strlen(service) > 0)) {
for (i = 0; i < (sizeof(prefix) / sizeof(prefix[0])); i++) {
nots = malloc(strlen(prefix[i]) + strlen(s) + 1);
if (nots != NULL) {
@@ -142,7 +144,7 @@ option_b(int argc, PAM_KRB5_MAYBE_CONST
}
/* configured boolean */
- if (ret == -1) {
+ if ((ret == -1) && (realm != NULL)) {
v5_appdefault_boolean(ctx, realm, s, -1, &ret);
}
@@ -331,6 +333,11 @@ _pam_krb5_options_init(pam_handle_t *pam
_pam_krb5_get_item_text(pamh, PAM_SERVICE, &service);
}
+ /* command-line option */
+ options->debug = option_b(argc, argv, ctx, NULL,
+ service, NULL, NULL,
+ "debug", 0);
+
for (i = 0; i < argc; i++) {
if (strncmp(argv[i], "realm=", 6) == 0) {
if (options->realm != NULL) {
