mirrors/xrdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a35082e6c5
xrdp/sesman/verify_user_kerberos.c

246 lines
6.3 KiB
C
Raw Normal View History

o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
/**
* xrdp: A Remote Desktop Protocol server.
*
copyright year update
2013-06-08 21:51:53 +04:00
* Copyright (C) Jay Sorg 2004-2013
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
added kerberos auth
2005-11-16 07:32:21 +03:00
updated code documentation
2006-05-26 00:34:32 +04:00
/**
*
* @file verify_user_kerberos.c
* @brief Authenticate user using kerberos
* @author Jay Sorg
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
*
updated code documentation
2006-05-26 00:34:32 +04:00
*/
Include config_ac.h from all source files
2017-03-03 07:33:23 +03:00
#if defined(HAVE_CONFIG_H)
#include <config_ac.h>
#endif
added kerberos auth
2005-11-16 07:32:21 +03:00
#include "arch.h"
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
#include "auth.h"
added kerberos auth
2005-11-16 07:32:21 +03:00
#include "os_calls.h"
Fix regressions in auth modules
2020-12-29 12:48:01 +03:00
#include "string_calls.h"
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
#include "log.h"
added kerberos auth
2005-11-16 07:32:21 +03:00
#include <krb5.h>
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
struct auth_info
added kerberos auth
2005-11-16 07:32:21 +03:00
{
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
krb5_context ctx;
krb5_ccache cc;
krb5_principal me;
added kerberos auth
2005-11-16 07:32:21 +03:00
};
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
/******************************************************************************/
/* Logs a kerberos error code */
static void
log_kerberos_failure(krb5_context ctx, krb5_error_code code, const char *where)
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
const char *errstr = krb5_get_error_message(ctx, code);
LOG(LOG_LEVEL_ERROR, "Kerberos call to %s failed [%s]", where, errstr);
krb5_free_error_message(ctx, errstr);
}
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
added kerberos auth
2005-11-16 07:32:21 +03:00
/******************************************************************************/
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
int
auth_end(struct auth_info *auth_info)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
if (auth_info != NULL)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
if (auth_info->me)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
krb5_free_principal(auth_info->ctx, auth_info->me);
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
if (auth_info->cc)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
krb5_cc_close(auth_info->ctx, auth_info->cc);
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
if (auth_info->ctx)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
krb5_free_context(auth_info->ctx);
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
g_memset(auth_info, 0, sizeof(*auth_info));
g_free(auth_info);
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
return 0;
added kerberos auth
2005-11-16 07:32:21 +03:00
}
/******************************************************************************/
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
/* Checks Kerberos can be used
*
* If all is well, an auth_info struct is returned */
static struct auth_info *
k5_begin(const char *username)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
int ok = 0;
struct auth_info *auth_info = g_new0(struct auth_info, 1);
krb5_error_code code;
if (auth_info == NULL)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
LOG(LOG_LEVEL_ERROR, "Out of memory in k5_begin()");
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
else if ((code = krb5_init_context(&auth_info->ctx)) != 0)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
LOG(LOG_LEVEL_ERROR, "Can't init Kerberos context");
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
/* Determine the credentials cache to use */
else if ((code = krb5_cc_default(auth_info->ctx, &auth_info->cc)) != 0)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
log_kerberos_failure(auth_info->ctx, code, "krb5_cc_default");
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
/* Parse the username into a full principal */
else if ((code = krb5_parse_name(auth_info->ctx,
username, &auth_info->me)) != 0)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
log_kerberos_failure(auth_info->ctx, code, "krb5_parse_name");
}
else
{
ok = 1;
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
if (!ok)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
auth_end(auth_info);
auth_info = NULL;
added kerberos auth
2005-11-16 07:32:21 +03:00
}
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
return auth_info;
added kerberos auth
2005-11-16 07:32:21 +03:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
added kerberos auth
2005-11-16 07:32:21 +03:00
/******************************************************************************/
/* returns boolean */
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
static enum scp_login_status
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
k5_kinit(struct auth_info *auth_info, const char *password)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
enum scp_login_status status = E_SCP_LOGIN_GENERAL_ERROR;
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
krb5_creds my_creds;
krb5_error_code code = 0;
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
code = krb5_get_init_creds_password(auth_info->ctx,
&my_creds, auth_info->me,
password, NULL, NULL,
0,
NULL,
NULL);
if (code != 0)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
log_kerberos_failure(auth_info->ctx, code,
"krb5_get_init_creds_password");
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
status = E_SCP_LOGIN_NOT_AUTHENTICATED;
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
else
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
/*
* Try to store the creds in the credentials cache
*/
if ((code = krb5_cc_initialize(auth_info->ctx, auth_info->cc,
auth_info->me)) != 0)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
log_kerberos_failure(auth_info->ctx, code, "krb5_cc_initialize");
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
else if ((code = krb5_cc_store_cred(auth_info->ctx, auth_info->cc,
&my_creds)) != 0)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
log_kerberos_failure(auth_info->ctx, code, "krb5_cc_store_cred");
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
else
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
status = E_SCP_LOGIN_OK;
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
/* Prevent double-free of the client principal */
if (my_creds.client == auth_info->me)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
my_creds.client = NULL;
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
krb5_free_cred_contents(auth_info->ctx, &my_creds);
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
return status;
added kerberos auth
2005-11-16 07:32:21 +03:00
}
/******************************************************************************/
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
/* returns non-NULL for success */
struct auth_info *
Add PAM_RHOST support Supplies the IP address that an authentication event is received from as the PAM parameter PAM_RHOST for PAM-capable systems.
2022-04-12 14:37:30 +03:00
auth_userpass(const char *user, const char *pass,
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
const char *client_ip, enum scp_login_status *errorcode)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
enum scp_login_status status = E_SCP_LOGIN_GENERAL_ERROR;
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
struct auth_info *auth_info = k5_begin(user);
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
if (auth_info)
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
{
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
status = k5_kinit(auth_info, pass);
if (status != E_SCP_LOGIN_OK)
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
{
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
auth_end(auth_info);
auth_info = NULL;
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
}
Changes to verify_user_kerberos.c
2022-12-02 19:30:53 +03:00
}
if (errorcode != NULL)
{
Update other auth modules to use new interface The previous commit introduced a new interface for the auth modules. This commit simply updates the other auth modules to use the new interface. The basic auth module is also updated so that if a user has a shadow password entry indicated, but the shadow entry cannot be found, an error is logged rather than silently succeeding. The BSD authentication module is also updated to allow it to be compiled on a Linux system for basic testing.
2022-12-13 13:45:25 +03:00
*errorcode = status;
}
return auth_info;
}
/******************************************************************************/
/* returns non-NULL for success */
struct auth_info *
auth_uds(const char *user, enum scp_login_status *errorcode)
{
struct auth_info *auth_info = k5_begin(user);
if (errorcode != NULL)
{
*errorcode =
(auth_info != NULL) ? E_SCP_LOGIN_OK : E_SCP_LOGIN_GENERAL_ERROR;
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
}
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
return auth_info;
added kerberos auth
2005-11-16 07:32:21 +03:00
}
/******************************************************************************/
/* returns error */
Eliminate APP_CC and DEFAULT_CC
2017-03-12 19:35:00 +03:00
int
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
auth_start_session(struct auth_info *auth_info, int display_num)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
return 0;
added kerberos auth
2005-11-16 07:32:21 +03:00
}
sesman: Fedora bug 821569
2013-10-01 21:42:00 +04:00
/******************************************************************************/
/* returns error */
Eliminate APP_CC and DEFAULT_CC
2017-03-12 19:35:00 +03:00
int
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
auth_stop_session(struct auth_info *auth_info)
sesman: Fedora bug 821569
2013-10-01 21:42:00 +04:00
{
return 0;
}
added kerberos auth
2005-11-16 07:32:21 +03:00
/******************************************************************************/
Eliminate APP_CC and DEFAULT_CC
2017-03-12 19:35:00 +03:00
int
Replace various types used for auth_info The loadable sesman authentication modules use different types for the authentication handle returned from auth_userpass(). The PAM module uses a pointer, and the other modules use (effectively) a boolean. Within sesman itself, a long or tbus (intptr_t) is used. This PR replaces all of these types with a pointer to an incomplete type. Consequently:- - A single better-labelled type is used it all places within sesman so it's more obvious what's being handled. - There is no need to cast the authentication handle within the PAM module to a long and back again. - The compiler can check function signatures between auth.h and the various verify modules.
2022-09-11 15:18:53 +03:00
auth_set_env(struct auth_info *auth_info)
added kerberos auth
2005-11-16 07:32:21 +03:00
{
o moved from GNU General Public License to Apache License, Version 2.0 o applied new coding standards to all .c files o moved some files around
2012-09-20 07:51:34 +04:00
return 0;
added kerberos auth
2005-11-16 07:32:21 +03:00
}
Reference in New Issue Copy Permalink