summaryrefslogtreecommitdiff
path: root/src/providers/krb5
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/krb5')
-rw-r--r--src/providers/krb5/krb5_child.c19
1 files changed, 13 insertions, 6 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index c434c97f..091538fb 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -751,6 +751,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr)
if (kerr != 0) {
DEBUG(1, ("internal error parsing principal name, "
"not verifying TGT.\n"));
+ KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
goto done;
}
@@ -867,6 +868,10 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
DEBUG(1, ("Failed to set expire callback, continue without.\n"));
}
+
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("Attempting kinit for realm [%s]\n",
+ kr->princ->realm.data));
kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ,
password, sss_krb5_prompter, kr, 0,
NULL, kr->options);
@@ -967,6 +972,9 @@ static errno_t changepw_child(int fd, struct krb5_req *kr)
prompter = NULL;
}
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("Attempting kinit for realm [%s]\n",
+ kr->princ->realm.data));
kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ,
pass_str, prompter, kr, 0,
changepw_princ,
@@ -1341,6 +1349,11 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
SAFEALIGN_COPY_UINT32_CHECK(&validate, buf + p, size, &p);
kr->validate = (validate == 0) ? false : true;
SAFEALIGN_COPY_UINT32_CHECK(offline, buf + p, size, &p);
+ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
+ if ((p + len ) > size) return EINVAL;
+ kr->upn = talloc_strndup(pd, (char *)(buf + p), len);
+ if (kr->upn == NULL) return ENOMEM;
+ p += len;
DEBUG(SSSDBG_CONF_SETTINGS,
("cmd [%d] uid [%llu] gid [%llu] validate [%s] offline [%s] "
@@ -1348,12 +1361,6 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
kr->validate ? "true" : "false", offline ? "true" : "false",
kr->upn ? kr->upn : "none"));
- SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
- if ((p + len ) > size) return EINVAL;
- kr->upn = talloc_strndup(pd, (char *)(buf + p), len);
- if (kr->upn == NULL) return ENOMEM;
- p += len;
-
if (pd->cmd == SSS_PAM_AUTHENTICATE ||
pd->cmd == SSS_CMD_RENEW ||
pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || pd->cmd == SSS_PAM_CHAUTHTOK) {