int ignore_uid = 0;
uid_t ignore_uid_id = 0;
char my_password_buf[256];
+ char *cell_ptr=NULL;
/*
* these options are added to handle stupid apps, which won't call
* pam_set_cred()
pam_afs_syslog(LOG_ERR, PAMAFS_IGNOREUID, argv[i]);
}
}
+ } else if (strcasecmp(argv[i], "cell") == 0) {
+ i++;
+ if (i == argc) {
+ pam_afs_syslog(LOG_ERR, PAMAFS_OTHERCELL, "cell missing argument");
+ } else {
+ cell_ptr=argv[i];
+ pam_afs_syslog(LOG_INFO, PAMAFS_OTHERCELL, cell_ptr);
+ }
} else if (strcasecmp(argv[i], "refresh_token" ) == 0) {
refresh_token = 1;
} else if (strcasecmp(argv[i], "set_token" ) == 0) {
*/
if (use_klog) { /* used by kdm 2.x */
if (refresh_token || set_token) {
- i = do_klog(user, password, NULL);
+ i = do_klog(user, password, NULL, cell_ptr);
} else {
- i = do_klog(user, password, "00:00:01");
+ i = do_klog(user, password, "00:00:01", cell_ptr);
ktc_ForgetAllTokens();
}
if (logmask && LOG_MASK(LOG_DEBUG))
code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION,
user, /* kerberos name */
(char *)0, /* instance */
- (char *)0, /* realm */
+ cell_ptr, /* realm */
password, /* password */
0, /* default lifetime */
&password_expires,
code = ka_VerifyUserPassword(KA_USERAUTH_VERSION,
user, /* kerberos name */
(char *)0, /* instance */
- (char *)0, /* realm */
+ cell_ptr, /* realm */
password, /* password */
0, /* spare 2 */
&reason /* error string */ );
code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION,
user, /* kerberos name */
(char *)0, /* instance */
- (char *)0, /* realm */
+ cell_ptr, /* realm */
password, /* password */
0, /* default lifetime */
&password_expires,
code = ka_VerifyUserPassword(KA_USERAUTH_VERSION,
user, /* kerberos name */
(char *)0, /* instance */
- (char *)0, /* realm */
+ cell_ptr, /* realm */
password, /* password */
0, /* spare 2 */
&reason /* error string */ );
"ka error, code=%d", /* 44: KAERROR */
"Passwords are not equal", /* 45: NE_PASSWORD */
"AFS ignoring unregistered user %s\n" /* 46: IGNORE_UNREG */
+ "Alternate cell name: %s\n", /* 47: OTHERCELL */
};
static int num_fallbacks = sizeof(fallback_messages)/sizeof(char *);
#define PAMAFS_KAERROR 44 /* "ka error, code=%d" */
#define PAMAFS_NE_PASSWORD 45 /* "Passwords are not equal" */
#define PAMAFS_IGNORE_UNREG 46 /* "AFS ignoring unregistered user" */
-
+#define PAMAFS_OTHERCELL 47 /* "Alternate cell name" */
char *pam_afs_message(int msgnum, int *freeit);
void pam_afs_syslog(int priority, int msgid, ...);
int i;
struct pam_conv *pam_convp = NULL;
char my_password_buf[256];
+ char *cell_ptr=NULL;
char sbuffer[100];
char *password = NULL;
int torch_password = 1;
pam_afs_syslog(LOG_ERR, PAMAFS_IGNOREUID, argv[i]);
}
}
+ } else if (strcasecmp(argv[i], "cell") == 0) {
+ i++;
+ if (i == argc) {
+ pam_afs_syslog(LOG_ERR, PAMAFS_OTHERCELL, "cell missing argument");
+ } else {
+ cell_ptr = argv[i];
+ pam_afs_syslog(LOG_INFO, PAMAFS_OTHERCELL, cell_ptr);
+ }
} else if (strcasecmp(argv[i], "no_unlog") == 0) {
no_unlog = 1;
} else if (strcasecmp(argv[i], "refresh_token" ) == 0) {
if ( flags & PAM_REFRESH_CRED ) {
if (use_klog) {
- auth_ok = ! do_klog(user, password, "00:00:01");
+ auth_ok = ! do_klog(user, password, "00:00:01", cell_ptr);
ktc_ForgetAllTokens();
} else {
if ( ka_VerifyUserPassword(
KA_USERAUTH_VERSION,
user, /* kerberos name */
(char *)0, /* instance */
- (char *)0, /* realm */
+ cell_ptr, /* realm */
password, /* password */
0, /* spare 2 */
&reason /* error string */
}
if ( flags & PAM_ESTABLISH_CRED ) {
- if (use_klog) auth_ok = ! do_klog(user, password, NULL);
+ if (use_klog) auth_ok = ! do_klog(user, password, NULL, cell_ptr);
else {
if ( ka_UserAuthenticateGeneral(
KA_USERAUTH_VERSION,
user, /* kerberos name */
(char *)0, /* instance */
- (char *)0, /* realm */
+ cell_ptr, /* realm */
password, /* password */
0, /* default lifetime */
&password_expires,
return tp;
}
-int do_klog(const char* user, const char* password, const char* lifetime)
+int do_klog(const char* user, const char* password, const char* lifetime, const char* cell_name)
{
pid_t pid;
int pipedes[2];
argv[argc++] = "klog";
#endif
argv[argc++] = (char*)user;
+ if (cell_name) {
+ argv[argc++] = "-cell";
+ argv[argc++] = (char*)cell_name;
+ }
argv[argc++] = "-silent";
argv[argc++] = "-pipe";
if (lifetime != NULL) {
projects / packages / o / openafs.git / commitdiff