pam_afslog.c revision 1.1
1 /* $NetBSD: pam_afslog.c,v 1.1 2005/09/21 14:19:08 tsarna Exp $ */ 2 3 /*- 4 * Copyright 2005 Tyler C. Sarna <tsarna (at) netbsd.org> 5 * 6 * This code is derived from software contributed to The NetBSD Foundation 7 * by Tyler C. Sarna 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Neither the name of The NetBSD Foundation nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 33 __RCSID("$NetBSD: pam_afslog.c,v 1.1 2005/09/21 14:19:08 tsarna Exp $"); 34 35 #include <krb5/krb5.h> 36 #include <krb5/kafs.h> 37 38 #include <security/pam_appl.h> 39 #include <security/pam_modules.h> 40 #include <security/pam_mod_misc.h> 41 42 PAM_EXTERN int 43 pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, 44 int argc __unused, const char *argv[] __unused) 45 { 46 return PAM_IGNORE; 47 } 48 49 PAM_EXTERN int 50 pam_sm_setcred(pam_handle_t *pamh, int flags, 51 int argc __unused, const char *argv[] __unused) 52 { 53 krb5_context ctx; 54 krb5_ccache ccache; 55 krb5_principal principal; 56 krb5_error_code kret; 57 const void *service = NULL; 58 const char *ccname = NULL; 59 int do_afslog = 0, ret = PAM_SUCCESS; 60 61 pam_get_item(pamh, PAM_SERVICE, &service); 62 if (service == NULL) 63 service = "pam_afslog"; 64 65 kret = krb5_init_context(&ctx); 66 if (kret != 0) { 67 PAM_LOG("Error: krb5_init_context() failed"); 68 ret = PAM_SERVICE_ERR; 69 } else { 70 ccname = pam_getenv(pamh, "KRB5CCNAME"); 71 if (ccname) 72 kret = krb5_cc_resolve(ctx, ccname, &ccache); 73 else 74 kret = krb5_cc_default(ctx, &ccache); 75 if (kret != 0) { 76 PAM_LOG("Error: failed to open ccache"); 77 ret = PAM_SERVICE_ERR; 78 } else { 79 kret = krb5_cc_get_principal(ctx, ccache, &principal); 80 if (kret != 0) { 81 PAM_LOG("Error: krb5_cc_get_principal() failed"); 82 ret = PAM_SERVICE_ERR; 83 } else { 84 krb5_appdefault_boolean(ctx, 85 (const char *)service, 86 krb5_principal_get_realm( 87 ctx, principal), 88 "afslog", FALSE, &do_afslog); 89 90 /* silently bail if not enabled */ 91 92 if (do_afslog && k_hasafs()) { 93 switch (flags & ~PAM_SILENT) { 94 case 0: 95 case PAM_ESTABLISH_CRED: 96 k_setpag(); 97 98 /* FALLTHROUGH */ 99 100 case PAM_REINITIALIZE_CRED: 101 case PAM_REFRESH_CRED: 102 krb5_afslog(ctx, ccache, 103 NULL, NULL); 104 break; 105 106 case PAM_DELETE_CRED: 107 k_unlog(); 108 break; 109 } 110 } 111 112 krb5_free_principal(ctx, principal); 113 } 114 115 krb5_cc_close(ctx, ccache); 116 } 117 118 krb5_free_context(ctx); 119 } 120 121 return ret; 122 } 123 124 PAM_MODULE_ENTRY("pam_afslog"); 125
Indexes created Tue Sep 23 13:09:54 GMT 2025