krb5_creds initcreds;
int hascreds;
uid_t uid;
+ gid_t gid;
};
static void log(int prio, char *format, ...)
return(NULL);
}
data->uid = pwent->pw_uid;
+ data->gid = pwent->pw_gid;
if((ret = krb5_init_context(&data->ctx)) != 0) {
log(LOG_CRIT, "could not create krb5 context: %s", error_message(ret));
freedata(data);
if(opts->debug)
log(LOG_DEBUG, "got creds successfully");
snprintf(buf, sizeof(buf), "KRB5CCNAME=FILE:/tmp/krb5cc_%i_XXXXXX", data->uid);
- ccname = buf + sizeof("KRB5CCNAME=");
- filename = ccname + sizeof("FILE:");
+ ccname = buf + sizeof("KRB5CCNAME=") - 1;
+ filename = ccname + sizeof("FILE:") - 1;
if((fd = mkstemp(filename)) < 0) {
log(LOG_ERR, "could not create tempfile for credentials cache: %s", strerror(errno));
ret = PAM_SERVICE_ERR;
ret = PAM_SERVICE_ERR;
goto out;
}
+ chown(filename, data->uid, data->gid);
pam_putenv(pamh, strdup(buf));
if(opts->debug)
log(LOG_DEBUG, "successfully initialized ccache");
int ret;
opts = parseopts(argc, argv);
+ if(opts->debug)
+ log(LOG_DEBUG, "pam_sm_setcred called");
data = getdata(pamh, opts);
if(data == NULL) {
log(LOG_ERR, "could not get data, erroring out");