Subject: Re: PR/35968 CVS commit: src/lib/libpam/modules/pam_krb5
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Jukka Salmi <j+nbsd@2007.salmi.ch>
List: netbsd-bugs
Date: 03/10/2007 18:30:02
The following reply was made to PR lib/35968; it has been noted by GNATS.
From: Jukka Salmi <j+nbsd@2007.salmi.ch>
To: gnats-bugs@NetBSD.org
Cc: Christos Zoulas <christos@netbsd.org>
Subject: Re: PR/35968 CVS commit: src/lib/libpam/modules/pam_krb5
Date: Sat, 10 Mar 2007 19:27:18 +0100
--oC1+HKm2/end4ao3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Christos Zoulas wrote:
> The following reply was made to PR lib/35968; it has been noted by GNATS.
>
> From: Christos Zoulas <christos@netbsd.org>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: PR/35968 CVS commit: src/lib/libpam/modules/pam_krb5
> Date: Sat, 10 Mar 2007 17:47:21 +0000 (UTC)
>
> Module Name: src
> Committed By: christos
> Date: Sat Mar 10 17:47:21 UTC 2007
>
> Modified Files:
> src/lib/libpam/modules/pam_krb5: pam_krb5.8 pam_krb5.c
>
> Log Message:
> PR/35968: Jukka Salmi: add option to pam_krb5(8) to request renewable tickets
>
>
> To generate a diff of this commit:
> cvs rdiff -r1.6 -r1.7 src/lib/libpam/modules/pam_krb5/pam_krb5.8
> cvs rdiff -r1.18 -r1.19 src/lib/libpam/modules/pam_krb5/pam_krb5.c
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
Even better, thanks! But there's an off-by-one and a typo in your
commit (see attached patch). Furthermore it seems that a char[32] is
enough to store the time string (at least if kinit.c is right).
BTW, maybe pam_krb5(8) should honour renew_lifetime (and ticket_lifetime
etc.) from krb5.conf(5) instead of duplicating code...?
Regards, Jukka
--
It's an odd coincidence that all the men whose skulls have been opened
had a brain.
Ludwig Wittgenstein
--oC1+HKm2/end4ao3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=diff
Index: lib/libpam/modules/pam_krb5/pam_krb5.8
===================================================================
RCS file: /cvsroot/src/lib/libpam/modules/pam_krb5/pam_krb5.8,v
retrieving revision 1.7
diff -u -p -r1.7 pam_krb5.8
--- lib/libpam/modules/pam_krb5/pam_krb5.8 10 Mar 2007 17:47:21 -0000 1.7
+++ lib/libpam/modules/pam_krb5/pam_krb5.8 10 Mar 2007 18:21:48 -0000
@@ -81,7 +81,7 @@ This option is similar to the
option, except that if the previously obtained password fails, the
user is prompted for another password.
.It Cm renewable Ns = Ns Ar timeperiod
-Obtain renewanle Kerberos credentials for the user.
+Obtain renewable Kerberos credentials for the user.
The renewable time can be specified, or it defaults to one month.
Since spaces are not allowed in the pam configuration time, underscores
are used to form parseable times (eg. 1_month).
Index: lib/libpam/modules/pam_krb5/pam_krb5.c
===================================================================
RCS file: /cvsroot/src/lib/libpam/modules/pam_krb5/pam_krb5.c,v
retrieving revision 1.19
diff -u -p -r1.19 pam_krb5.c
--- lib/libpam/modules/pam_krb5/pam_krb5.c 10 Mar 2007 17:47:21 -0000 1.19
+++ lib/libpam/modules/pam_krb5/pam_krb5.c 10 Mar 2007 18:21:49 -0000
@@ -157,14 +157,14 @@ pam_sm_authenticate(pam_handle_t *pamh,
if ((rtime = openpam_get_option(pamh, PAM_OPT_RENEWABLE)) != NULL) {
krb5_deltat renew;
- char rbuf[80], *rp;
+ char rbuf[32], *rp;
if (*rtime) {
(void)strlcpy(rbuf, rtime, sizeof(rbuf));
rtime = rbuf;
for (rp = rbuf; *rp; rp++)
if (*rp == '_')
- rp[-1] = ' ';
+ *rp = ' ';
}
else
rtime = "1 month";
--oC1+HKm2/end4ao3--