int gssapi_userok(void *app_data, char *username) { struct gssapi_data *data = app_data; /* Yes, this logic really is inverted. */ return !gss_userok(data->client_name, username); }
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { int status; gss_name_t canonUserName = GSS_C_NO_NAME; char *userName = NULL; status = pam_get_data(pamh, GSS_NAME_DATA, (const void **)&canonUserName); if (status != PAM_SUCCESS) return PAM_USER_UNKNOWN; status = pam_get_user(pamh, (void *)&userName, NULL); if (status != PAM_SUCCESS) return PAM_USER_UNKNOWN; return gss_userok(canonUserName, userName) ? PAM_SUCCESS : PAM_PERM_DENIED; }