if(auth->text != NULL)
free(auth->text);
auth->text = icmbstowcs((char *)error_message(ret), NULL);
+ free(msg);
return(AUTH_DENIED);
}
free(msg);
authorized = 1;
if(authorized)
{
- flog(LOG_INFO, "krb5 principal %s successfully authorized as %s", data->cname, data->username);
+ flog(LOG_INFO, "krb5 principal %s successfully authorized as %s%s", data->cname, data->username, (data->creds == NULL)?"":" (with fwd creds)");
return(AUTH_SUCCESS);
} else {
flog(LOG_INFO, "krb5 principal %s not authorized as %s", data->cname, data->username);
if((ret = krb5_rd_cred(k5context, data->context, &k5d, &fwdcreds, NULL)) != 0)
{
flog(LOG_ERR, "krb5_rd_cred returned an error: %s", error_message(ret));
+ free(msg);
return(AUTH_ERR);
}
+ free(msg);
if(*fwdcreds == NULL)
{
flog(LOG_ERR, "forwarded credentials array was empty (from %s)", data->username);
krb5_free_tgt_creds(k5context, fwdcreds);
return(AUTH_ERR);
}
- flog(LOG_INFO, "received forwarded credentials for %s", data->username);
/* Copy only the first credential. (Change this if it becomes a problem) */
ret = krb5_copy_creds(k5context, *fwdcreds, &data->creds);
krb5_free_tgt_creds(k5context, fwdcreds);
flog(LOG_ERR, "could not get passwd entry for forwarded tickets (user %s): %s", data->username, strerror(errno));
return(AUTH_ERR);
}
- if(confgetint("auth-krb5", "usedefcc"))
+ if(!confgetint("auth-krb5", "usedefcc"))
{
buf = sprintf2("/tmp/krb5cc_dc_%i_XXXXXX", pwent->pw_uid);
if((fd = mkstemp(buf)) < 0)