From 68196d85dbd09220f91421101f651d8e8d7322c3 Mon Sep 17 00:00:00 2001 From: Thomas Mueller Date: Mon, 5 Nov 2001 18:40:02 +0000 Subject: [PATCH] pam-update-for-correct-krb-aware-module-20011102 the krb version of the module should be built completely in AFS_KERBEROS_ENV ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== clean up spacing --- src/pam/Makefile.in | 44 +++++++++++++++++++++++++++++++------------ src/pam/afs_auth.c | 3 +++ src/pam/afs_setcred.c | 9 +++++---- 3 files changed, 40 insertions(+), 16 deletions(-) diff --git a/src/pam/Makefile.in b/src/pam/Makefile.in index 6405be3a1..7263376fc 100644 --- a/src/pam/Makefile.in +++ b/src/pam/Makefile.in @@ -21,8 +21,8 @@ LDFLAGS = ${SHLIB_LDFLAGS} ${AFSLIBS} ${PAM_LIBS} @LIB_AFSDB@ KLIBS = ${TOP_LIBDIR}/libkauth.krb.a ${LIBSA} ${TOP_LIBDIR}/libauth.krb.a \ ${AFSLIBS} ${PAM_LIBS} @LIB_AFSDB@ - SHOBJS = afs_auth.o afs_account.o afs_session.o afs_password.o \ - afs_pam_msg.o afs_message.o afs_util.o AFS_component_version_number.o + SHOBJS = afs_account.o afs_session.o afs_password.o \ + afs_pam_msg.o afs_message.o AFS_component_version_number.o OBJS = $(SHOBJS) test_pam.o INCLUDES=-I${TOP_OBJDIR}/src/config -I${TOP_INCDIR} \ -I/usr/include -I/usr/include/sys @@ -36,36 +36,56 @@ afs_setcred.o: afs_setcred.c afs_pam_msg.h afs_message.h afs_util.h afs_setcred_krb.o: afs_setcred.c afs_pam_msg.h afs_message.h afs_util.h ${CC} ${CFLAGS} -DAFS_KERBEROS_ENV -c ${srcdir}/afs_setcred.c -o afs_setcred_krb.o -pam_afs.so.1: $(SHOBJS) afs_setcred.o +afs_auth.o: afs_auth.c afs_pam_msg.h afs_message.h afs_util.h + ${CC} ${CFLAGS} -c ${srcdir}/afs_auth.c -o afs_auth.o + +afs_auth_krb.o: afs_auth.c afs_pam_msg.h afs_message.h afs_util.h + ${CC} ${CFLAGS} -DAFS_KERBEROS_ENV -c ${srcdir}/afs_auth.c -o afs_auth_krb.o + +afs_util.o: afs_util.c afs_pam_msg.h afs_message.h afs_util.h + ${CC} ${CFLAGS} -c ${srcdir}/afs_util.c -o afs_util.o + +afs_util_krb.o: afs_util.c afs_pam_msg.h afs_message.h afs_util.h + ${CC} ${CFLAGS} -DAFS_KERBEROS_ENV -c ${srcdir}/afs_util.c -o afs_util_krb.o + +pam_afs.so.1: $(SHOBJS) afs_setcred.o afs_auth.o afs_util.o set -x; \ case "$(SYS_NAME)" in \ hp_ux*) \ - $(LD) $(LDFLAGS) -c ${srcdir}/mapfile.hp -o $@ afs_setcred.o \ + $(LD) $(LDFLAGS) -c ${srcdir}/mapfile.hp -o $@ \ + afs_setcred.o afs_auth.o afs_util.o \ $(SHOBJS) $(LIBS) ;; \ sun*_5*) \ - $(LD) $(LDFLAGS) -M ${srcdir}/mapfile -o $@ afs_setcred.o \ + $(LD) $(LDFLAGS) -M ${srcdir}/mapfile -o $@ \ + afs_setcred.o afs_auth.o afs_util.o \ $(SHOBJS) $(LIBS) ;; \ *linux*) \ - $(CC) $(LDFLAGS) -o $@ afs_setcred.o $(SHOBJS) $(LIBS) ;;\ + $(CC) $(LDFLAGS) -o $@ afs_setcred.o \ + afs_auth.o afs_util.o $(SHOBJS) $(LIBS) ;;\ *fbsd*) \ - $(CC) $(LDFLAGS) -o $@ afs_setcred.o $(SHOBJS) $(LIBS) ;;\ + $(CC) $(LDFLAGS) -o $@ afs_setcred.o \ + afs_auth.o afs_util.o $(SHOBJS) $(LIBS) ;;\ * ) \ echo No link line for system $(SYS_NAME). ;; \ esac -pam_afs.krb.so.1: $(SHOBJS) afs_setcred_krb.o +pam_afs.krb.so.1: $(SHOBJS) afs_setcred_krb.o afs_auth_krb.o afs_util_krb.o set -x; \ case "$(SYS_NAME)" in \ hp_ux*) \ $(LD) $(LDFLAGS) -c ${srcdir}/mapfile.hp -o $@ \ - afs_setcred_krb.o $(SHOBJS) $(LDFLAGS) $(KLIBS) ;; \ + afs_setcred_krb.o afs_auth_krb.o afs_util_krb.o \ + $(SHOBJS) $(LDFLAGS) $(KLIBS) ;; \ sun*_5*) \ $(LD) $(LDFLAGS) -M ${srcdir}/mapfile -o $@ \ - afs_setcred_krb.o $(SHOBJS) $(LDFLAGS) $(KLIBS) ;; \ + afs_setcred_krb.o afs_auth_krb.o afs_util_krb.o \ + $(SHOBJS) $(LDFLAGS) $(KLIBS) ;; \ *linux*) \ - $(CC) $(LDFLAGS) -o $@ afs_setcred_krb.o $(SHOBJS) $(KLIBS) ;;\ + $(CC) $(LDFLAGS) -o $@ afs_setcred_krb.o \ + afs_auth_krb.o afs_util_krb.o $(SHOBJS) $(KLIBS) ;;\ *fbsd*) \ - $(CC) $(LDFLAGS) -o $@ afs_setcred_krb.o $(SHOBJS) $(KLIBS) ;;\ + $(CC) $(LDFLAGS) -o $@ afs_setcred_krb.o \ + afs_auth_krb.o afs_util_krb.o $(SHOBJS) $(KLIBS) ;;\ * ) \ echo No link line for system $(SYS_NAME). ;; \ esac diff --git a/src/pam/afs_auth.c b/src/pam/afs_auth.c index 5ce0eefb1..d1c7c14e1 100644 --- a/src/pam/afs_auth.c +++ b/src/pam/afs_auth.c @@ -256,6 +256,9 @@ try_auth: */ if (!refresh_token) { setpag(); +#ifdef AFS_KERBEROS_ENV + ktc_newpag(); +#endif if (logmask && LOG_MASK(LOG_DEBUG)) syslog(LOG_DEBUG, "New PAG created in pam_authenticate()"); } diff --git a/src/pam/afs_setcred.c b/src/pam/afs_setcred.c index d8dc51621..05e9eb8c9 100644 --- a/src/pam/afs_setcred.c +++ b/src/pam/afs_setcred.c @@ -262,11 +262,14 @@ pam_sm_setcred( if (logmask && LOG_MASK(LOG_DEBUG)) syslog(LOG_DEBUG, "New PAG created in pam_setcred()"); setpag(); +#ifdef AFS_KERBEROS_ENV + ktc_newpag(); +#endif } if ( flags & PAM_REFRESH_CRED ) { if (use_klog) { - auth_ok = do_klog(user, password, "00:00:01"); + auth_ok = ! do_klog(user, password, "00:00:01"); ktc_ForgetAllTokens(); } else { if ( ka_VerifyUserPassword( @@ -286,7 +289,7 @@ pam_sm_setcred( } if ( flags & PAM_ESTABLISH_CRED ) { - if (use_klog) auth_ok = do_klog(user, password, NULL); + if (use_klog) auth_ok = ! do_klog(user, password, NULL); else { if ( ka_UserAuthenticateGeneral( KA_USERAUTH_VERSION, @@ -327,7 +330,6 @@ pam_sm_setcred( pam_afs_syslog(LOG_ERR, PAMAFS_PASSEXPFAIL, user); } #if defined(AFS_KERBEROS_ENV) - if (!use_klog) { if (upwd) { if ( chown(ktc_tkt_string(), upwd->pw_uid, upwd->pw_gid) < 0 ) pam_afs_syslog(LOG_ERR, PAMAFS_CHOWNKRB, user); @@ -336,7 +338,6 @@ pam_sm_setcred( if ( errcode != PAM_SUCCESS ) pam_afs_syslog(LOG_ERR, PAMAFS_KRBFAIL, user); } - } #endif RET(PAM_SUCCESS); -- 2.39.5