103 	krb5_module_data_t *kmd = NULL;  in pam_sm_authenticate()  local
133 	err = pam_get_data(pamh, KRB5_DATA, (const void **)&kmd);  in pam_sm_authenticate()
144 	if (kmd != NULL) {  in pam_sm_authenticate()
145 		if (++(kmd->auth_calls) > 2) {  in pam_sm_authenticate()
159 				krb5_cleanup(pamh, kmd, err);  in pam_sm_authenticate()
163 			kmd = NULL;  in pam_sm_authenticate()
164 		} else if (kmd->auth_calls == 2 &&  in pam_sm_authenticate()
165 		    kmd->auth_status == PAM_SUCCESS) {  in pam_sm_authenticate()
209 	if (kmd == NULL) {  in pam_sm_authenticate()
210 		kmd = calloc(1, sizeof (krb5_module_data_t));  in pam_sm_authenticate()
211 		if (kmd == NULL) {  in pam_sm_authenticate()
216 		err = pam_set_data(pamh, KRB5_DATA, kmd, &krb5_cleanup);  in pam_sm_authenticate()
218 			free(kmd);  in pam_sm_authenticate()
224 	if (!kmd->env) {  in pam_sm_authenticate()
235 		kmd->env = strdup(buffer);  in pam_sm_authenticate()
236 		if (!kmd->env) {  in pam_sm_authenticate()
240 			if (putenv(kmd->env)) {  in pam_sm_authenticate()
247 	if (kmd->user != NULL)  in pam_sm_authenticate()
248 		free(kmd->user);  in pam_sm_authenticate()
249 	if ((kmd->user = strdup(user)) == NULL) {  in pam_sm_authenticate()
254 	kmd->auth_status = PAM_AUTH_ERR;  in pam_sm_authenticate()
255 	kmd->debug = debug;  in pam_sm_authenticate()
256 	kmd->warn = warn;  in pam_sm_authenticate()
257 	kmd->err_on_exp = err_on_exp;  in pam_sm_authenticate()
258 	kmd->ccache = NULL;  in pam_sm_authenticate()
259 	kmd->kcontext = NULL;  in pam_sm_authenticate()
260 	kmd->password = NULL;  in pam_sm_authenticate()
261 	kmd->age_status = PAM_SUCCESS;  in pam_sm_authenticate()
262 	(void) memset((char *)&kmd->initcreds, 0, sizeof (krb5_creds));  in pam_sm_authenticate()
263 	kmd->auth_calls = 1;  in pam_sm_authenticate()
264 	kmd->preauth_type = do_pkinit ? KRB_PKINIT : KRB_PASSWD;  in pam_sm_authenticate()
296 				kmd->auth_status = PAM_SUCCESS;  in pam_sm_authenticate()
321 	result = attempt_krb5_auth(pamh, kmd, user, &password, 1);  in pam_sm_authenticate()
324 	if (kmd) {  in pam_sm_authenticate()
330 			    result, kmd->env ? kmd->env : "<null>",  in pam_sm_authenticate()
331 			    kmd->age_status, kmd->auth_status);  in pam_sm_authenticate()
333 		if (kmd->env &&  in pam_sm_authenticate()
334 		    !(kmd->age_status == PAM_NEW_AUTHTOK_REQD &&  in pam_sm_authenticate()
335 		    kmd->auth_status == PAM_SUCCESS)) {  in pam_sm_authenticate()
344 				if ((result = pam_putenv(pamh, kmd->env))  in pam_sm_authenticate()
357 				free(kmd->env);  in pam_sm_authenticate()
358 				kmd->env = NULL;  in pam_sm_authenticate()
361 		kmd->auth_status = result;  in pam_sm_authenticate()
495 	krb5_module_data_t	*kmd,  in attempt_krb5_auth()  argument
526 	if (kmd->debug)  in attempt_krb5_auth()
532 	if (code = krb5_init_secure_context(&kmd->kcontext)) {  in attempt_krb5_auth()
540 	if ((code = get_kmd_kuser(kmd->kcontext, user, kuser,  in attempt_krb5_auth()
546 	if ((code = krb5_parse_name(kmd->kcontext, kuser, &me)) != 0) {  in attempt_krb5_auth()
547 		krb5_free_context(kmd->kcontext);  in attempt_krb5_auth()
548 		kmd->kcontext = NULL;  in attempt_krb5_auth()
553 	my_creds = &kmd->initcreds;  in attempt_krb5_auth()
556 	    krb5_copy_principal(kmd->kcontext, me, &my_creds->client))) {  in attempt_krb5_auth()
562 	if (code = krb5_build_principal_ext(kmd->kcontext, &server,  in attempt_krb5_auth()
563 	    krb5_princ_realm(kmd->kcontext, me)->length,  in attempt_krb5_auth()
564 	    krb5_princ_realm(kmd->kcontext, me)->data,  in attempt_krb5_auth()
566 	    krb5_princ_realm(kmd->kcontext, me)->length,  in attempt_krb5_auth()
567 	    krb5_princ_realm(kmd->kcontext, me)->data, 0)) {  in attempt_krb5_auth()
576 	if (code = krb5_copy_principal(kmd->kcontext, server,  in attempt_krb5_auth()
583 	if (code = krb5_timeofday(kmd->kcontext, &now)) {  in attempt_krb5_auth()
605 	krb_realm = krb5_princ_realm(kmd->kcontext, me)->data;  in attempt_krb5_auth()
606 	profile_get_options_boolean(kmd->kcontext->profile,  in attempt_krb5_auth()
608 	profile_get_options_boolean(kmd->kcontext->profile,  in attempt_krb5_auth()
610 	profile_get_options_string(kmd->kcontext->profile,  in attempt_krb5_auth()
612 	profile_get_options_string(kmd->kcontext->profile,  in attempt_krb5_auth()
646 	code = krb5_get_init_creds_opt_alloc(kmd->kcontext, &opts);  in attempt_krb5_auth()
658 		if (kmd->debug)  in attempt_krb5_auth()
665 		if (kmd->debug)  in attempt_krb5_auth()
672 		if (kmd->debug)  in attempt_krb5_auth()
679 		if (kmd->debug)  in attempt_krb5_auth()
695 	if (kmd->preauth_type == KRB_PKINIT) {  in attempt_krb5_auth()
715 				    kmd->kcontext, opts, "PIN", *krb5_pass);  in attempt_krb5_auth()
720 				    kmd->kcontext,  in attempt_krb5_auth()
760 			code = __krb5_get_init_creds_password(kmd->kcontext,  in attempt_krb5_auth()
773 	if (kmd->debug)  in attempt_krb5_auth()
791 			code = krb5_verify_init_creds(kmd->kcontext,  in attempt_krb5_auth()
806 				if (krb5_sname_to_principal(kmd->kcontext, NULL,  in attempt_krb5_auth()
812 				if (krb5_kt_default_name(kmd->kcontext, kt_name,  in attempt_krb5_auth()
845 					krb5_free_principal(kmd->kcontext, sp);  in attempt_krb5_auth()
850 			kmd->expiration = as_reply->enc_part2->key_exp;  in attempt_krb5_auth()
861 		if (kmd->debug)  in attempt_krb5_auth()
879 		if (!kmd->err_on_exp) {  in attempt_krb5_auth()
889 				    kmd->debug);  in attempt_krb5_auth()
890 				if (kmd->debug) {  in attempt_krb5_auth()
901 					kmd->age_status = PAM_NEW_AUTHTOK_REQD;  in attempt_krb5_auth()
910 		if (kmd->debug)  in attempt_krb5_auth()
928 		    !(kmd->password = strdup(*krb5_pass))) {  in attempt_krb5_auth()
942 	if (kmd->debug)  in attempt_krb5_auth()
947 	krb5_free_cred_contents(kmd->kcontext, &kmd->initcreds);  in attempt_krb5_auth()
948 	(void) memset((char *)&kmd->initcreds, 0, sizeof (krb5_creds));  in attempt_krb5_auth()
952 		krb5_free_principal(kmd->kcontext, server);  in attempt_krb5_auth()
954 		krb5_free_principal(kmd->kcontext, me);  in attempt_krb5_auth()
956 		krb5_free_kdc_rep(kmd->kcontext, as_reply);  in attempt_krb5_auth()
968 		krb5_free_principal(kmd->kcontext, clientp);  in attempt_krb5_auth()
970 		krb5_free_principal(kmd->kcontext, serverp);  in attempt_krb5_auth()
972 	if (kmd->kcontext) {  in attempt_krb5_auth()
973 		krb5_free_context(kmd->kcontext);  in attempt_krb5_auth()
974 		kmd->kcontext = NULL;  in attempt_krb5_auth()
977 		krb5_get_init_creds_opt_free(kmd->kcontext, opts);  in attempt_krb5_auth()
979 	if (kmd->debug)  in attempt_krb5_auth()
984 	return (kmd->auth_status = result);  in attempt_krb5_auth()
991 	krb5_module_data_t *kmd = (krb5_module_data_t *)data;  in krb5_cleanup()  local
993 	if (kmd == NULL)  in krb5_cleanup()
996 	if (kmd->debug) {  in krb5_cleanup()
999 		    kmd->auth_status);  in krb5_cleanup()
1006 	if (kmd->ccache)  in krb5_cleanup()
1007 		(void) krb5_cc_close(kmd->kcontext, kmd->ccache);  in krb5_cleanup()
1009 	if (kmd->password) {  in krb5_cleanup()
1010 		(void) memset(kmd->password, 0, strlen(kmd->password));  in krb5_cleanup()
1011 		free(kmd->password);  in krb5_cleanup()
1014 	if (kmd->user)  in krb5_cleanup()
1015 		free(kmd->user);  in krb5_cleanup()
1017 	if (kmd->env)  in krb5_cleanup()
1018 		free(kmd->env);  in krb5_cleanup()
1020 	krb5_free_cred_contents(kmd->kcontext, &kmd->initcreds);  in krb5_cleanup()
1021 	(void) memset((char *)&kmd->initcreds, 0, sizeof (krb5_creds));  in krb5_cleanup()
1023 	free(kmd);  in krb5_cleanup()