int
gssapi_userok(void *app_data, char *username)
{
struct gssapi_data *data = app_data;
/* Yes, this logic really is inverted. */
return !gss_userok(data->client_name, username);
}
PAM_EXTERN int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
int status;
gss_name_t canonUserName = GSS_C_NO_NAME;
char *userName = NULL;
status = pam_get_data(pamh, GSS_NAME_DATA, (const void **)&canonUserName);
if (status != PAM_SUCCESS)
return PAM_USER_UNKNOWN;
status = pam_get_user(pamh, (void *)&userName, NULL);
if (status != PAM_SUCCESS)
return PAM_USER_UNKNOWN;
return gss_userok(canonUserName, userName) ? PAM_SUCCESS : PAM_PERM_DENIED;
}
