X-Git-Url: http://dolda2000.com/gitweb/?p=utils.git;a=blobdiff_plain;f=pam_krb5auto.c;h=3ca6bf447b0b55b73f2850c2337467801617b0a0;hp=ac53d6674aa3ef35b3e8022bce72fcd80d77f4c1;hb=307f4e9308c8c11069f48e3bd88fbedddf4f6de3;hpb=eb2a40dee9e8b7a40a5ca6c6ee5a4690d01524ad diff --git a/pam_krb5auto.c b/pam_krb5auto.c index ac53d66..3ca6bf4 100644 --- a/pam_krb5auto.c +++ b/pam_krb5auto.c @@ -1,9 +1,28 @@ +/* + * pam_krb5auto - Gets initial credentials non-interactively + * Copyright (C) 2004 Fredrik Tolf (fredrik@dolda2000.com) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ #include #include #include #include #include #include +#include #include #include #include @@ -32,6 +51,7 @@ struct data krb5_creds initcreds; int hascreds; uid_t uid; + gid_t gid; }; static void log(int prio, char *format, ...) @@ -49,6 +69,8 @@ static struct options *parseopts(int argc, const char **argv) { int i; struct options *opts; + const char *p; + int unit; opts = malloc(sizeof(*opts)); memset(opts, 0, sizeof(*opts)); @@ -59,8 +81,21 @@ static struct options *parseopts(int argc, const char **argv) opts->instance = strdup(argv[i] + 9); if(!strncmp(argv[i], "keytab=", 7)) opts->keytab = strdup(argv[i] + 7); - if(!strncmp(argv[i], "renew=", 6)) - opts->renewable = atoi(argv[i] + 6); + if(!strncmp(argv[i], "renew=", 6)) { + p = argv[i] + strlen(argv[i]) - 1; + unit = 1; + if((*p >= 'a') && (*p <= 'z')) { + if(*p == 'm') + unit = 60; + else if(*p == 'h') + unit = 3600; + else if(*p == 'd') + unit = 86400; + else + unit = 1; + } + opts->renewable = atoi(argv[i] + 6) * unit; + } if(!strcmp(argv[i], "forwardable")) opts->forwardable = 1; if(!strcmp(argv[i], "debug")) @@ -126,6 +161,7 @@ static struct data *getdata(pam_handle_t *pamh, struct options *opts) return(NULL); } data->uid = pwent->pw_uid; + data->gid = pwent->pw_gid; if((ret = krb5_init_context(&data->ctx)) != 0) { log(LOG_CRIT, "could not create krb5 context: %s", error_message(ret)); freedata(data); @@ -183,8 +219,8 @@ static int savecreds(pam_handle_t *pamh, struct options *opts, struct data *data if(opts->debug) log(LOG_DEBUG, "got creds successfully"); snprintf(buf, sizeof(buf), "KRB5CCNAME=FILE:/tmp/krb5cc_%i_XXXXXX", data->uid); - ccname = buf + sizeof("KRB5CCNAME="); - filename = ccname + sizeof("FILE:"); + ccname = buf + sizeof("KRB5CCNAME=") - 1; + filename = ccname + sizeof("FILE:") - 1; if((fd = mkstemp(filename)) < 0) { log(LOG_ERR, "could not create tempfile for credentials cache: %s", strerror(errno)); ret = PAM_SERVICE_ERR; @@ -211,6 +247,7 @@ static int savecreds(pam_handle_t *pamh, struct options *opts, struct data *data ret = PAM_SERVICE_ERR; goto out; } + chown(filename, data->uid, data->gid); pam_putenv(pamh, strdup(buf)); if(opts->debug) log(LOG_DEBUG, "successfully initialized ccache"); @@ -259,6 +296,8 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const cha int ret; opts = parseopts(argc, argv); + if(opts->debug) + log(LOG_DEBUG, "pam_sm_setcred called"); data = getdata(pamh, opts); if(data == NULL) { log(LOG_ERR, "could not get data, erroring out");