diff options
Diffstat (limited to 'server/providers/krb5')
-rw-r--r-- | server/providers/krb5/krb5_auth.c | 3 | ||||
-rw-r--r-- | server/providers/krb5/krb5_auth.h | 10 | ||||
-rw-r--r-- | server/providers/krb5/krb5_child.c | 31 |
3 files changed, 37 insertions, 7 deletions
diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 03e79032..631f7086 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -22,10 +22,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ - #include <errno.h> #include <sys/time.h> -#include <krb5/krb5.h> + #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> diff --git a/server/providers/krb5/krb5_auth.h b/server/providers/krb5/krb5_auth.h index 4e65d9fc..9a7807e8 100644 --- a/server/providers/krb5/krb5_auth.h +++ b/server/providers/krb5/krb5_auth.h @@ -26,8 +26,15 @@ #ifndef __KRB5_AUTH_H__ #define __KRB5_AUTH_H__ +#include "config.h" + #include <stdbool.h> + +#ifdef HAVE_KRB5_KRB5_H #include <krb5/krb5.h> +#else +#include <krb5.h> +#endif #define MAX_CHILD_MSG_SIZE 255 #define CCACHE_ENV_NAME "KRB5CCNAME" @@ -79,9 +86,6 @@ struct krb5_ctx { action_type action; - int num_pa_opts; - krb5_gic_opt_pa_data *pa_opts; - char *kdcip; char *realm; bool try_simple_upn; diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index 3673c745..4f3a62c6 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -22,7 +22,6 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include <krb5/krb5.h> #include <sys/types.h> #include <unistd.h> #include <sys/stat.h> @@ -53,6 +52,7 @@ struct krb5_req { char *ccname; }; +#ifdef HAVE_KRB5_GET_ERROR_MESSAGE static krb5_context krb5_error_ctx; static const char *__krb5_error_msg; #define KRB5_DEBUG(level, krb5_error) do { \ @@ -60,6 +60,11 @@ static const char *__krb5_error_msg; DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ } while(0); +#else +#define KRB5_DEBUG(level, krb5_error) do { \ + DEBUG(level, ("%d: kerberos error [%d]\n", __LINE__, krb5_error)); \ +} while(0); +#endif struct response { size_t max_size; @@ -138,6 +143,7 @@ static struct response *prepare_response_message(struct krb5_req *kr, ret = pack_response_packet(resp, PAM_SUCCESS, PAM_ENV_ITEM, msg); talloc_zfree(msg); } else { +#ifdef HAVE_KRB5_GET_ERROR_MESSAGE krb5_msg = krb5_get_error_message(krb5_error_ctx, kerr); if (krb5_msg == NULL) { DEBUG(1, ("krb5_get_error_message failed.\n")); @@ -146,6 +152,11 @@ static struct response *prepare_response_message(struct krb5_req *kr, ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, krb5_msg); krb5_free_error_message(krb5_error_ctx, krb5_msg); +#else + msg = talloc_asprintf(kr, "Kerberos error [%d]", kerr); + ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, msg); + talloc_zfree(msg); +#endif } if (ret != EOK) { @@ -441,8 +452,14 @@ static int krb5_cleanup(void *ptr) struct krb5_req *kr = talloc_get_type(ptr, struct krb5_req); if (kr == NULL) return EOK; - if (kr->options != NULL) + if (kr->options != NULL) { +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC krb5_get_init_creds_opt_free(kr->ctx, kr->options); +#else + free(kr->options); +#endif + } + if (kr->creds != NULL) { krb5_free_cred_contents(kr->ctx, kr->creds); krb5_free_creds(kr->ctx, kr->creds); @@ -539,11 +556,21 @@ static int krb5_setup(struct pam_data *pd, const char *user_princ_str, goto failed; } +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC kerr = krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); if (kerr != 0) { KRB5_DEBUG(1, kerr); goto failed; } +#else + kr->options = calloc(1, sizeof(krb5_get_init_creds_opt)); + if (kr->options == NULL) { + DEBUG(1, ("calloc failed.\n")); + kerr = ENOMEM; + goto failed; + } + krb5_get_init_creds_opt_init(&kr->options); +#endif /* TODO: set options, e.g. * krb5_get_init_creds_opt_set_tkt_life |