Lines 322-328
Link Here
|
322 |
* krb5_error_code. If successful, the credentials will be stored in creds. |
322 |
* krb5_error_code. If successful, the credentials will be stored in creds. |
323 |
*/ |
323 |
*/ |
324 |
static krb5_error_code |
324 |
static krb5_error_code |
325 |
pkinit_auth(struct pam_args *args, char *service, krb5_creds **creds) |
325 |
pkinit_auth(struct pam_args *args, const char *service, krb5_creds **creds) |
326 |
{ |
326 |
{ |
327 |
struct context *ctx = args->ctx; |
327 |
struct context *ctx = args->ctx; |
328 |
krb5_get_init_creds_opt *opts = NULL; |
328 |
krb5_get_init_creds_opt *opts = NULL; |
Lines 410-416
Link Here
|
410 |
{ |
410 |
{ |
411 |
krb5_verify_init_creds_opt opts; |
411 |
krb5_verify_init_creds_opt opts; |
412 |
krb5_keytab keytab = NULL; |
412 |
krb5_keytab keytab = NULL; |
413 |
krb5_kt_cursor cursor = NULL; |
413 |
krb5_kt_cursor cursor; |
|
|
414 |
int cursor_valid = 0; |
414 |
krb5_keytab_entry entry; |
415 |
krb5_keytab_entry entry; |
415 |
krb5_principal princ = NULL; |
416 |
krb5_principal princ = NULL; |
416 |
const char *message; |
417 |
const char *message; |
Lines 430-437
Link Here
|
430 |
} |
431 |
} |
431 |
if (retval == 0) |
432 |
if (retval == 0) |
432 |
retval = krb5_kt_start_seq_get(c, keytab, &cursor); |
433 |
retval = krb5_kt_start_seq_get(c, keytab, &cursor); |
433 |
if (retval == 0) |
434 |
if (retval == 0) { |
|
|
435 |
cursor_valid = 1; |
434 |
retval = krb5_kt_next_entry(c, keytab, &entry, &cursor); |
436 |
retval = krb5_kt_next_entry(c, keytab, &entry, &cursor); |
|
|
437 |
} |
435 |
if (retval == 0) |
438 |
if (retval == 0) |
436 |
retval = krb5_copy_principal(c, entry.principal, &princ); |
439 |
retval = krb5_copy_principal(c, entry.principal, &princ); |
437 |
if (retval != 0) { |
440 |
if (retval != 0) { |
Lines 442-448
Link Here
|
442 |
} |
445 |
} |
443 |
if (entry.principal != NULL) |
446 |
if (entry.principal != NULL) |
444 |
pamk5_compat_free_keytab_contents(c, &entry); |
447 |
pamk5_compat_free_keytab_contents(c, &entry); |
445 |
if (cursor != NULL) |
448 |
if (cursor_valid) |
446 |
krb5_kt_end_seq_get(c, keytab, &cursor); |
449 |
krb5_kt_end_seq_get(c, keytab, &cursor); |
447 |
} |
450 |
} |
448 |
retval = krb5_verify_init_creds(c, creds, princ, keytab, NULL, &opts); |
451 |
retval = krb5_verify_init_creds(c, creds, princ, keytab, NULL, &opts); |