2  * Option handling for pam-krb5.
6  * parses the PAM configuration.
8  * Copyright 2005-2010, 2014, 2020 Russ Allbery <eagle@eyrie.org>
9  * Copyright 2011-2012
12  * Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
14  * SPDX-License-Identifier: BSD-3-clause or GPL-1+
24 #include <pam-util/args.h>
25 #include <pam-util/logging.h>
26 #include <pam-util/options.h>
27 #include <pam-util/vector.h>
31 /* clang-format off */
76 /* clang-format on */
100     args->config = config;  in pamk5_init()
107      * We will then ignore args->config->realm, set later by option parsing,  in pamk5_init()
108      * in favor of using args->realm extracted here.  However, the latter must  in pamk5_init()
114         free(args->realm);  in pamk5_init()
115         args->realm = strdup(&argv[i][strlen("realm=")]);  in pamk5_init()
116         if (args->realm == NULL)  in pamk5_init()
125     if (!putil_args_krb5(args, "pam", options, optlen)) {  in pamk5_init()
131     if (config->debug) {  in pamk5_init()
132         args->debug = true;  in pamk5_init()
134     if (config->silent) {  in pamk5_init()
135         args->silent = true;  in pamk5_init()
139     if (config->banner != NULL && config->banner[0] == '\0') {  in pamk5_init()
140         free(config->banner);  in pamk5_init()
141         config->banner = NULL;  in pamk5_init()
144     /* Sanity-check try_first_pass, use_first_pass, and force_first_pass. */  in pamk5_init()
145     if (config->force_first_pass && config->try_first_pass) {  in pamk5_init()
147         config->try_first_pass = 0;  in pamk5_init()
149     if (config->force_first_pass && config->use_first_pass) {  in pamk5_init()
151         config->use_first_pass = 0;  in pamk5_init()
153     if (config->use_first_pass && config->try_first_pass) {  in pamk5_init()
155         config->try_first_pass = 0;  in pamk5_init()
164     if (config->search_k5login) {  in pamk5_init()
165         config->expose_account = 0;  in pamk5_init()
169     if (config->minimum_uid < 0) {  in pamk5_init()
170         config->minimum_uid = 0;  in pamk5_init()
179     if (config->try_pkinit) {  in pamk5_init()
181     } else if (config->use_pkinit) {  in pamk5_init()
186     if (config->use_pkinit) {  in pamk5_init()
194     if (config->fast_ccache || config->anon_fast) {  in pamk5_init()
202     if (config->trace != NULL) {  in pamk5_init()
205         retval = krb5_set_trace_filename(args->ctx, config->trace);  in pamk5_init()
207             putil_debug(args, "enabled trace logging to %s", config->trace);  in pamk5_init()
210                            config->trace);  in pamk5_init()
213     if (config->trace != NULL) {  in pamk5_init()
242     config = args->config;  in pamk5_free()
244         free(config->alt_auth_map);  in pamk5_free()
245         free(config->banner);  in pamk5_free()
246         free(config->ccache);  in pamk5_free()
247         free(config->ccache_dir);  in pamk5_free()
248         free(config->fast_ccache);  in pamk5_free()
249         free(config->keytab);  in pamk5_free()
250         free(config->pkinit_anchors);  in pamk5_free()
251         free(config->pkinit_user);  in pamk5_free()
252         vector_free(config->preauth_opt);  in pamk5_free()
253         free(config->realm);  in pamk5_free()
254         free(config->trace);  in pamk5_free()
255         free(config->user_realm);  in pamk5_free()
256         free(args->config);  in pamk5_free()
257         args->config = NULL;  in pamk5_free()