Module Name: src Committed By: christos Date: Mon Apr 23 20:57:04 UTC 2012
Modified Files: src/usr.bin/login: k5login.c login.c Log Message: make kerberos work again: 1. make notickets external 2. don't use the tty as part of the credential cache, since pts/1 will not work. 3. Attempt to use the newer functions, but punt for now since it does not work yet. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/usr.bin/login/k5login.c cvs rdiff -u -r1.100 -r1.101 src/usr.bin/login/login.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.bin/login/k5login.c diff -u src/usr.bin/login/k5login.c:1.29 src/usr.bin/login/k5login.c:1.30 --- src/usr.bin/login/k5login.c:1.29 Mon Apr 23 11:07:02 2012 +++ src/usr.bin/login/k5login.c Mon Apr 23 16:57:04 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $ */ +/* $NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -51,7 +51,7 @@ #if 0 static char sccsid[] = "@(#)klogin.c 5.11 (Berkeley) 7/12/92"; #endif -__RCSID("$NetBSD: k5login.c,v 1.29 2012/04/23 15:07:02 christos Exp $"); +__RCSID("$NetBSD: k5login.c,v 1.30 2012/04/23 20:57:04 christos Exp $"); #endif /* not lint */ #ifdef KERBEROS5 @@ -71,7 +71,7 @@ __RCSID("$NetBSD: k5login.c,v 1.29 2012/ krb5_context kcontext; -int notickets; +extern int notickets; int krb5_configured; char *krb5tkfile_env; extern char *tty; @@ -335,14 +335,11 @@ k5login(struct passwd *pw, char *instanc krb5_timestamp now; krb5_ccache ccache = NULL; long lifetime = KRB5_DEFAULT_LIFE; - int options = KRB5_DEFAULT_OPTIONS; char *realm, *client_name; char *principal; krb5_configured = 1; - if (login_krb5_forwardable_tgt) - options |= KDC_OPT_FORWARDABLE; /* * Root logins don't use Kerberos. @@ -366,10 +363,10 @@ k5login(struct passwd *pw, char *instanc if (strcmp(instance, "root") != 0) (void)snprintf(tkt_location, sizeof tkt_location, - "FILE:/tmp/krb5cc_%d.%s", pw->pw_uid, tty); + "FILE:/tmp/krb5cc_%d", pw->pw_uid); else (void)snprintf(tkt_location, sizeof tkt_location, - "FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty); + "FILE:/tmp/krb5cc_root_%d", pw->pw_uid); krb5tkfile_env = tkt_location; has_ccache = 1; @@ -433,8 +430,30 @@ k5login(struct passwd *pw, char *instanc my_creds.times.endtime = now + lifetime; my_creds.times.renew_till = 0; +#if 1 + int options = KRB5_DEFAULT_OPTIONS; + + if (login_krb5_forwardable_tgt) + options |= KDC_OPT_FORWARDABLE; + kerror = krb5_get_in_tkt_with_password(kcontext, options, NULL, NULL, NULL, password, ccache, &my_creds, 0); +#else + /* This does not work yet */ + krb5_get_init_creds_opt *opt; + + if ((kerror = krb5_get_init_creds_opt_alloc(kcontext, &opt)) != 0) { + k5_log(kcontext, kerror, "while getting options"); + return (1); + } + if (login_krb5_forwardable_tgt) + krb5_get_init_creds_opt_set_forwardable(opt, 1); + + kerror = krb5_get_init_creds_password(kcontext, &my_creds, me, password, + NULL, NULL, 0, NULL, opt); + + krb5_get_init_creds_opt_free(kcontext, opt); +#endif if (my_creds.server != NULL) krb5_free_principal(kcontext, my_creds.server); Index: src/usr.bin/login/login.c diff -u src/usr.bin/login/login.c:1.100 src/usr.bin/login/login.c:1.101 --- src/usr.bin/login/login.c:1.100 Mon Apr 23 14:27:15 2012 +++ src/usr.bin/login/login.c Mon Apr 23 16:57:04 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $ */ +/* $NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $ */ /*- * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 @@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1980, 19 #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif -__RCSID("$NetBSD: login.c,v 1.100 2012/04/23 18:27:15 christos Exp $"); +__RCSID("$NetBSD: login.c,v 1.101 2012/04/23 20:57:04 christos Exp $"); #endif /* not lint */ /* @@ -118,7 +118,7 @@ static void usage(void); #if defined(KERBEROS5) int has_ccache = 0; -static int notickets = 1; +int notickets = 1; extern krb5_context kcontext; extern int have_forward; extern char *krb5tkfile_env;