4 * PAM account management functions for pam_krb5
6 * $FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5_acct.c,v 1.1.2.1 2001/06/07 09:37:07 markm Exp $
7 * $DragonFly: src/lib/libpam/modules/pam_krb5/Attic/pam_krb5_acct.c,v 1.2 2003/06/17 04:26:50 dillon Exp $
10 static const char rcsid[] = "$Id: pam_krb5_acct.c,v 1.3 1999/01/19 21:26:44 fcusack Exp $";
12 #include <syslog.h> /* syslog */
13 #include <security/pam_appl.h>
14 #include <security/pam_modules.h>
19 /* A useful logging macro */
20 #define DLOG(error_func, error_msg) \
22 syslog(LOG_DEBUG, "pam_krb5: pam_sm_acct_mgmt(%s %s): %s: %s", \
23 service, name, error_func, error_msg)
25 /* Check authorization of user */
27 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
29 krb5_error_code krbret;
30 krb5_context pam_context;
38 for (i = 0; i < argc; i++) {
39 if (strcmp(argv[i], "debug") == 0)
44 if (pam_get_item(pamh, PAM_USER, (const void **) &name)) {
45 return PAM_PERM_DENIED;;
48 /* Get service name */
49 (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
55 if (pam_get_data(pamh, "ccache", (const void **) &ccache)) {
56 /* User did not use krb5 to login */
57 DLOG("ccache", "not found");
61 if ((krbret = krb5_init_context(&pam_context)) != 0) {
62 DLOG("krb5_init_context()", error_message(krbret));
63 return PAM_PERM_DENIED;;
66 if ((krbret = krb5_cc_get_principal(pam_context, ccache, &princ)) != 0) {
67 DLOG("krb5_cc_get_principal()", error_message(krbret));
68 pamret = PAM_PERM_DENIED;;
72 if (krb5_kuserok(pam_context, princ, name))
75 pamret = PAM_PERM_DENIED;
76 krb5_free_principal(pam_context, princ);
79 krb5_free_context(pam_context);
80 DLOG("exit", pamret ? "failure" : "success");